« back to all changes in this revision
Viewing changes to serverguide/po/lv.po
- browse files at revision 246
- compare with another revision
- download diff
- download tarball
- view history from revision 246
- Committer: Peter Matulis
- Date: 2015-03-22 23:02:24 UTC
- Revision ID: peter.matulis@canonical.com-20150322230224-zu4rs9j8jjf4zzwj
Updated the PO files; by Peter Matulis
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/lv.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2014-09-22 11:47-0700\n"
11
"PO-Revision-Date: 2014-03-20 22:00+0000\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Latvian <lv@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2014-10-11 02:51+0000\n"
18
"X-Generator: Launchpad (build 17196)\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:34+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
86
86
"for the development and deployment of Web-based applications."
87
87
msgstr ""
88
88
89
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:703(title) serverguide/C/web-servers.xml:846(title) serverguide/C/web-servers.xml:969(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:813(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:87(title) serverguide/C/vcs.xml:211(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:119(title) serverguide/C/network-auth.xml:2771(title) serverguide/C/network-auth.xml:3243(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/lamp-applications.xml:512(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1221(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
89
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
90
90
msgid "Installation"
91
91
msgstr "Instalācija"
92
92
106
106
msgid "sudo apt-get install apache2"
107
107
msgstr "sudo apt-get install apache2"
108
108
109
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:756(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:996(title) serverguide/C/web-servers.xml:1099(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:96(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2858(title) serverguide/C/network-auth.xml:3264(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/lamp-applications.xml:533(title) serverguide/C/installation.xml:1237(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
109
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
110
110
msgid "Configuration"
111
111
msgstr "Iestatījumi"
112
112
148
148
"<application>apache2</application> is restarted."
149
149
msgstr ""
150
150
151
#: serverguide/C/web-servers.xml:108(para)
151
#: serverguide/C/web-servers.xml:93(para)
152
152
msgid ""
153
153
"<emphasis>envvars:</emphasis> file where Apache2 "
154
154
"<emphasis>environment</emphasis> variables are set."
155
155
msgstr ""
156
156
157
#: serverguide/C/web-servers.xml:113(para)
157
#: serverguide/C/web-servers.xml:106(para)
158
158
msgid ""
159
159
"<emphasis>mods-available:</emphasis> this directory contains configuration "
160
160
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
161
161
"modules will have specific configuration files, however."
162
162
msgstr ""
163
163
164
#: serverguide/C/web-servers.xml:119(para)
164
#: serverguide/C/web-servers.xml:112(para)
165
165
msgid ""
166
166
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
167
167
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
169
169
"<application>apache2</application> is restarted."
170
170
msgstr ""
171
171
172
#: serverguide/C/web-servers.xml:126(para)
172
#: serverguide/C/web-servers.xml:119(para)
173
173
msgid ""
174
174
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
175
175
"TCP ports Apache2 is listening on."
176
176
msgstr ""
177
177
178
#: serverguide/C/web-servers.xml:131(para)
178
#: serverguide/C/web-servers.xml:124(para)
179
179
msgid ""
180
180
"<emphasis>sites-available:</emphasis> this directory has configuration files "
181
181
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
182
182
"to be configured for multiple sites that have separate configurations."
183
183
msgstr ""
184
184
185
#: serverguide/C/web-servers.xml:138(para)
185
#: serverguide/C/web-servers.xml:130(para)
186
186
msgid ""
187
187
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
188
188
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
197
197
"the first few bytes of a file."
198
198
msgstr ""
199
199
200
#: serverguide/C/web-servers.xml:151(para)
200
#: serverguide/C/web-servers.xml:138(para)
201
201
msgid ""
202
202
"In addition, other configuration files may be added using the "
203
203
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
206
206
"recognized by Apache2 when it is started or restarted."
207
207
msgstr ""
208
208
209
#: serverguide/C/web-servers.xml:160(para)
209
#: serverguide/C/web-servers.xml:147(para)
210
210
msgid ""
211
211
"The server also reads a file containing mime document types; the filename is "
212
212
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
215
215
"by default."
216
216
msgstr ""
217
217
218
#: serverguide/C/web-servers.xml:168(title)
218
#: serverguide/C/web-servers.xml:155(title)
219
219
msgid "Basic Settings"
220
220
msgstr ""
221
221
230
230
msgid ""
231
231
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
232
232
"it is configured with a single default virtual host (using the "
233
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
234
"if you have a single site, or used as a template for additional virtual "
233
"<emphasis>VirtualHost</emphasis> directive) which can be modified or used as-"
234
"is if you have a single site, or used as a template for additional virtual "
235
235
"hosts if you have multiple sites. If left alone, the default virtual host "
236
236
"will serve as your default site, or the site users will see if the URL they "
237
237
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
239
239
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
240
240
msgstr ""
241
241
242
#: serverguide/C/web-servers.xml:190(para)
242
#: serverguide/C/web-servers.xml:177(para)
243
243
msgid ""
244
244
"The directives set for a virtual host only apply to that particular virtual "
245
245
"host. If a directive is set server-wide and not defined within the virtual "
248
248
"virtual host."
249
249
msgstr ""
250
250
251
#: serverguide/C/web-servers.xml:198(para)
251
#: serverguide/C/web-servers.xml:185(para)
252
252
msgid ""
253
253
"If you wish to configure a new virtual host or site, copy that file into the "
254
254
"same directory with a name you choose. For example:"
260
260
"available/mynewsite.conf"
261
261
msgstr ""
262
262
263
#: serverguide/C/web-servers.xml:207(para)
263
#: serverguide/C/web-servers.xml:194(para)
264
264
msgid ""
265
265
"Edit the new file to configure the new site using some of the directives "
266
266
"described below."
267
267
msgstr ""
268
268
269
#: serverguide/C/web-servers.xml:214(para)
269
#: serverguide/C/web-servers.xml:201(para)
270
270
msgid ""
271
271
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
272
272
"to be advertised for the server's administrator. The default value is "
277
277
"configuration file in /etc/apache2/sites-available."
278
278
msgstr ""
279
279
280
#: serverguide/C/web-servers.xml:225(para)
280
#: serverguide/C/web-servers.xml:212(para)
281
281
msgid ""
282
282
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
283
283
"the IP address, Apache2 should listen on. If the IP address is not "
303
303
"available/mynewsite.conf</filename>)."
304
304
msgstr ""
305
305
306
#: serverguide/C/web-servers.xml:250(para)
306
#: serverguide/C/web-servers.xml:237(para)
307
307
msgid ""
308
308
"You may also want your site to respond to www.ubunturocks.com, since many "
309
309
"users will assume the www prefix is appropriate. Use the "
311
311
"wildcards in the ServerAlias directive."
312
312
msgstr ""
313
313
314
#: serverguide/C/web-servers.xml:257(para)
314
#: serverguide/C/web-servers.xml:244(para)
315
315
msgid ""
316
316
"For example, the following configuration will cause your site to respond to "
317
317
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
318
318
msgstr ""
319
319
320
#: serverguide/C/web-servers.xml:263(programlisting)
320
#: serverguide/C/web-servers.xml:250(programlisting)
321
321
#, no-wrap
322
322
msgid ""
323
323
"\n"
333
333
"virtual host file, and remember to create that directory if necessary!"
334
334
msgstr ""
335
335
336
#: serverguide/C/web-servers.xml:278(para)
336
#: serverguide/C/web-servers.xml:265(para)
337
337
msgid ""
338
338
"Enable the new <emphasis>VirtualHost</emphasis> using the "
339
339
"<application>a2ensite</application> utility and restart Apache2:"
340
340
msgstr ""
341
341
342
#: serverguide/C/web-servers.xml:284(command)
342
#: serverguide/C/web-servers.xml:271(command)
343
343
msgid "sudo a2ensite mynewsite"
344
344
msgstr ""
345
345
346
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:222(command) serverguide/C/lamp-applications.xml:573(command)
346
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
347
347
msgid "sudo service apache2 restart"
348
348
msgstr ""
349
349
350
#: serverguide/C/web-servers.xml:289(para)
350
#: serverguide/C/web-servers.xml:276(para)
351
351
msgid ""
352
352
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
353
353
"name for the VirtualHost. One method is to name the file after the "
354
354
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
355
355
msgstr ""
356
356
357
#: serverguide/C/web-servers.xml:296(para)
357
#: serverguide/C/web-servers.xml:283(para)
358
358
msgid ""
359
359
"Similarly, use the <application>a2dissite</application> utility to disable "
360
360
"sites. This is can be useful when troubleshooting configuration problems "
361
361
"with multiple VirtualHosts:"
362
362
msgstr ""
363
363
364
#: serverguide/C/web-servers.xml:302(command)
364
#: serverguide/C/web-servers.xml:289(command)
365
365
msgid "sudo a2dissite mynewsite"
366
366
msgstr ""
367
367
368
#: serverguide/C/web-servers.xml:308(title)
368
#: serverguide/C/web-servers.xml:295(title)
369
369
msgid "Default Settings"
370
370
msgstr ""
371
371
372
#: serverguide/C/web-servers.xml:310(para)
372
#: serverguide/C/web-servers.xml:297(para)
373
373
msgid ""
374
374
"This section explains configuration of the Apache2 server default settings. "
375
375
"For example, if you add a virtual host, the settings you configure for the "
377
377
"defined within the virtual host settings, the default value is used."
378
378
msgstr ""
379
379
380
#: serverguide/C/web-servers.xml:322(para)
380
#: serverguide/C/web-servers.xml:309(para)
381
381
msgid ""
382
382
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
383
383
"server when a user requests an index of a directory by specifying a forward "
384
384
"slash (/) at the end of the directory name."
385
385
msgstr ""
386
386
387
#: serverguide/C/web-servers.xml:329(para)
387
#: serverguide/C/web-servers.xml:316(para)
388
388
msgid ""
389
389
"For example, when a user requests the page "
390
390
"http://www.example.com/this_directory/, he or she will get either the "
407
407
"file for Apache2 to use for specific error events. For example, if a user "
408
408
"requests a resource that does not exist, a 404 error will occur. By default, "
409
409
"Apache2 will simply return a HTTP 404 Return code. Read "
410
"<filename>/etc/apache2/conf.d/localized-error-pages</filename> for detailed "
411
"instructions for using ErrorDocument, including locations of example files."
410
"<filename>/etc/apache2/conf-available/localized-error-pages.conf</filename> "
411
"for detailed instructions for using ErrorDocument, including locations of "
412
"example files."
412
413
msgstr ""
413
414
414
#: serverguide/C/web-servers.xml:360(para)
415
#: serverguide/C/web-servers.xml:347(para)
415
416
msgid ""
416
417
"By default, the server writes the transfer log to the file "
417
418
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
427
428
"/etc/apache2/apache2.conf</filename> for the default value)."
428
429
msgstr ""
429
430
430
#: serverguide/C/web-servers.xml:375(para)
431
#: serverguide/C/web-servers.xml:362(para)
431
432
msgid ""
432
433
"Some options are specified on a per-directory basis rather than per-server. "
433
434
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
443
444
"</Directory>\n"
444
445
msgstr ""
445
446
446
#: serverguide/C/web-servers.xml:387(para)
447
#: serverguide/C/web-servers.xml:374(para)
447
448
msgid ""
448
449
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
449
450
"one or more of the following values (among others), separated by spaces:"
450
451
msgstr ""
451
452
452
#: serverguide/C/web-servers.xml:399(para)
453
#: serverguide/C/web-servers.xml:386(para)
453
454
msgid ""
454
455
"Most files should not be executed as CGI scripts. This would be very "
455
456
"dangerous. CGI scripts should kept in a directory separate from and outside "
458
459
"<filename>/usr/lib/cgi-bin</filename>."
459
460
msgstr ""
460
461
461
#: serverguide/C/web-servers.xml:394(para)
462
#: serverguide/C/web-servers.xml:381(para)
462
463
msgid ""
463
464
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
464
465
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
465
466
msgstr ""
466
467
467
#: serverguide/C/web-servers.xml:410(para)
468
#: serverguide/C/web-servers.xml:397(para)
468
469
msgid ""
469
470
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
470
471
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
473
474
"documentation (Ubuntu community)</ulink> for more information."
474
475
msgstr ""
475
476
476
#: serverguide/C/web-servers.xml:419(para)
477
#: serverguide/C/web-servers.xml:406(para)
477
478
msgid ""
478
479
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
479
480
"includes, but disable the <emphasis>#exec</emphasis> and "
480
481
"<emphasis>#include</emphasis> commands in CGI scripts."
481
482
msgstr ""
482
483
483
#: serverguide/C/web-servers.xml:431(para)
484
#: serverguide/C/web-servers.xml:418(para)
484
485
msgid ""
485
486
"For security reasons, this should usually not be set, and certainly should "
486
487
"not be set on your DocumentRoot directory. Enable this option carefully on a "
488
489
"contents of the directory."
489
490
msgstr ""
490
491
491
#: serverguide/C/web-servers.xml:426(para)
492
#: serverguide/C/web-servers.xml:413(para)
492
493
msgid ""
493
494
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
494
495
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
504
505
"Apache2 documentation on this option</ulink>."
505
506
msgstr ""
506
507
507
#: serverguide/C/web-servers.xml:449(para)
508
#: serverguide/C/web-servers.xml:436(para)
508
509
msgid ""
509
510
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
510
511
"symbolic links if the target file or directory has the same owner as the "
511
512
"link."
512
513
msgstr ""
513
514
514
#: serverguide/C/web-servers.xml:461(title)
515
#: serverguide/C/web-servers.xml:448(title)
515
516
msgid "httpd Settings"
516
517
msgstr ""
517
518
518
#: serverguide/C/web-servers.xml:463(para)
519
#: serverguide/C/web-servers.xml:450(para)
519
520
msgid ""
520
521
"This section explains some basic <application>httpd</application> daemon "
521
522
"configuration settings."
522
523
msgstr ""
523
524
524
#: serverguide/C/web-servers.xml:467(para)
525
#: serverguide/C/web-servers.xml:454(para)
525
526
msgid ""
526
527
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
527
528
"the path to the lockfile used when the server is compiled with either "
532
533
"that is readable only by root."
533
534
msgstr ""
534
535
535
#: serverguide/C/web-servers.xml:476(para)
536
#: serverguide/C/web-servers.xml:463(para)
536
537
msgid ""
537
538
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
538
539
"file in which the server records its process ID (pid). This file should only "
539
540
"be readable by root. In most cases, it should be left to the default value."
540
541
msgstr ""
541
542
542
#: serverguide/C/web-servers.xml:482(para)
543
#: serverguide/C/web-servers.xml:469(para)
543
544
msgid ""
544
545
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
545
546
"used by the server to answer requests. This setting determines the server's "
547
548
"your website's visitors. The default value for User is \"www-data\"."
548
549
msgstr ""
549
550
550
#: serverguide/C/web-servers.xml:489(para)
551
#: serverguide/C/web-servers.xml:476(para)
551
552
msgid ""
552
553
"Unless you know exactly what you are doing, do not set the User directive to "
553
554
"root. Using root as the User will create large security holes for your Web "
554
555
"server."
555
556
msgstr ""
556
557
557
#: serverguide/C/web-servers.xml:495(para)
558
#: serverguide/C/web-servers.xml:482(para)
558
559
msgid ""
559
560
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
560
561
"the User directive. Group sets the group under which the server will answer "
561
562
"requests. The default group is also \"www-data\"."
562
563
msgstr ""
563
564
564
#: serverguide/C/web-servers.xml:502(title)
565
#: serverguide/C/web-servers.xml:489(title)
565
566
msgid "Apache2 Modules"
566
567
msgstr ""
567
568
568
#: serverguide/C/web-servers.xml:504(para)
569
#: serverguide/C/web-servers.xml:491(para)
569
570
msgid ""
570
571
"Apache2 is a modular server. This implies that only the most basic "
571
572
"functionality is included in the core server. Extended features are "
576
577
"Apache2 must be recompiled to add or remove modules."
577
578
msgstr ""
578
579
579
#: serverguide/C/web-servers.xml:516(para)
580
#: serverguide/C/web-servers.xml:503(para)
580
581
msgid ""
581
582
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
582
583
"Configuration directives may be conditionally included on the presence of a "
584
585
"<emphasis><IfModule></emphasis> block."
585
586
msgstr ""
586
587
587
#: serverguide/C/web-servers.xml:523(para)
588
#: serverguide/C/web-servers.xml:510(para)
588
589
msgid ""
589
590
"You can install additional Apache2 modules and use them with your Web "
590
591
"server. For example, run the following command from a terminal prompt to "
591
592
"install the <emphasis>MySQL Authentication</emphasis> module:"
592
593
msgstr ""
593
594
594
#: serverguide/C/web-servers.xml:530(command)
595
#: serverguide/C/web-servers.xml:517(command)
595
596
msgid "sudo apt-get install libapache2-mod-auth-mysql"
596
597
msgstr ""
597
598
598
#: serverguide/C/web-servers.xml:533(para)
599
#: serverguide/C/web-servers.xml:520(para)
599
600
msgid ""
600
601
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
601
602
"additional modules."
602
603
msgstr ""
603
604
604
#: serverguide/C/web-servers.xml:537(para)
605
#: serverguide/C/web-servers.xml:524(para)
605
606
msgid ""
606
607
"Use the <application>a2enmod</application> utility to enable a module:"
607
608
msgstr ""
608
609
609
#: serverguide/C/web-servers.xml:543(command)
610
#: serverguide/C/web-servers.xml:530(command)
610
611
msgid "sudo a2enmod auth_mysql"
611
612
msgstr ""
612
613
613
#: serverguide/C/web-servers.xml:547(para)
614
#: serverguide/C/web-servers.xml:534(para)
614
615
msgid "Similarly, <application>a2dismod</application> will disable a module:"
615
616
msgstr ""
616
617
617
#: serverguide/C/web-servers.xml:552(command)
618
#: serverguide/C/web-servers.xml:539(command)
618
619
msgid "sudo a2dismod auth_mysql"
619
620
msgstr ""
620
621
621
#: serverguide/C/web-servers.xml:559(title)
622
#: serverguide/C/web-servers.xml:546(title)
622
623
msgid "HTTPS Configuration"
623
624
msgstr ""
624
625
625
#: serverguide/C/web-servers.xml:561(para)
626
#: serverguide/C/web-servers.xml:548(para)
626
627
msgid ""
627
628
"The <application>mod_ssl</application> module adds an important feature to "
628
629
"the Apache2 server - the ability to encrypt communications. Thus, when your "
631
632
"bar."
632
633
msgstr ""
633
634
634
#: serverguide/C/web-servers.xml:570(para)
635
#: serverguide/C/web-servers.xml:557(para)
635
636
msgid ""
636
637
"The <application>mod_ssl</application> module is available in "
637
638
"<application>apache2-common</application> package. Execute the following "
639
640
"<application>mod_ssl</application> module:"
640
641
msgstr ""
641
642
642
#: serverguide/C/web-servers.xml:577(command)
643
#: serverguide/C/web-servers.xml:564(command)
643
644
msgid "sudo a2enmod ssl"
644
645
msgstr ""
645
646
657
658
"linkend=\"certificates-and-security\"/>"
658
659
msgstr ""
659
660
660
#: serverguide/C/web-servers.xml:590(para)
661
#: serverguide/C/web-servers.xml:577(para)
661
662
msgid ""
662
663
"To configure <application>Apache2</application> for HTTPS, enter the "
663
664
"following:"
664
665
msgstr ""
665
666
666
#: serverguide/C/web-servers.xml:595(command)
667
#: serverguide/C/web-servers.xml:582(command)
667
668
msgid "sudo a2ensite default-ssl"
668
669
msgstr ""
669
670
670
#: serverguide/C/web-servers.xml:599(para)
671
#: serverguide/C/web-servers.xml:586(para)
671
672
msgid ""
672
673
"The directories <filename>/etc/ssl/certs</filename> and "
673
674
"<filename>/etc/ssl/private</filename> are the default locations. If you "
676
677
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
677
678
msgstr ""
678
679
679
#: serverguide/C/web-servers.xml:606(para)
680
#: serverguide/C/web-servers.xml:593(para)
680
681
msgid ""
681
682
"With Apache2 now configured for HTTPS, restart the service to enable the new "
682
683
"settings:"
683
684
msgstr ""
684
685
685
#: serverguide/C/web-servers.xml:617(para)
686
#: serverguide/C/web-servers.xml:604(para)
686
687
msgid ""
687
688
"Depending on how you obtained your certificate you may need to enter a "
688
689
"passphrase when <application>Apache2</application> starts."
689
690
msgstr ""
690
691
691
#: serverguide/C/web-servers.xml:623(para)
692
#: serverguide/C/web-servers.xml:610(para)
692
693
msgid ""
693
694
"You can access the secure server pages by typing https://your_hostname/url/ "
694
695
"in your browser address bar."
695
696
msgstr ""
696
697
697
#: serverguide/C/web-servers.xml:630(title)
698
#: serverguide/C/web-servers.xml:617(title)
698
699
msgid "Sharing Write Permission"
699
700
msgstr ""
700
701
718
719
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
719
720
msgstr ""
720
721
721
#: serverguide/C/web-servers.xml:645(para)
722
#: serverguide/C/web-servers.xml:632(para)
722
723
msgid ""
723
724
"If access must be granted to more than one group per directory, enable "
724
725
"Access Control Lists (ACLs)."
725
726
msgstr ""
726
727
727
#: serverguide/C/web-servers.xml:652(title) serverguide/C/web-servers.xml:802(title) serverguide/C/web-servers.xml:951(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/web-servers.xml:1271(title) serverguide/C/vpn.xml:830(title) serverguide/C/vcs.xml:531(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1625(title) serverguide/C/security.xml:1811(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/other-apps.xml:345(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1750(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/lamp-applications.xml:636(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
728
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
728
729
msgid "References"
729
730
msgstr ""
730
731
736
737
"the official Apache2 docs."
737
738
msgstr ""
738
739
739
#: serverguide/C/web-servers.xml:663(para)
740
#: serverguide/C/web-servers.xml:650(para)
740
741
msgid ""
741
742
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
742
743
"Documentation</ulink> site for more SSL related information."
743
744
msgstr ""
744
745
745
#: serverguide/C/web-servers.xml:669(para)
746
#: serverguide/C/web-servers.xml:656(para)
746
747
msgid ""
747
748
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
748
749
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
749
750
"configurations."
750
751
msgstr ""
751
752
752
#: serverguide/C/web-servers.xml:675(para)
753
#: serverguide/C/web-servers.xml:662(para)
753
754
msgid ""
754
755
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
755
756
"server</emphasis> IRC channel on <ulink "
756
757
"url=\"http://freenode.net/\">freenode.net</ulink>."
757
758
msgstr ""
758
759
759
#: serverguide/C/web-servers.xml:681(para)
760
#: serverguide/C/web-servers.xml:668(para)
760
761
msgid ""
761
762
"Usually integrated with PHP and MySQL the <ulink "
762
763
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
763
764
"Ubuntu Wiki </ulink> page is a good resource."
764
765
msgstr ""
765
766
766
#: serverguide/C/web-servers.xml:692(title)
767
#: serverguide/C/web-servers.xml:679(title)
767
768
msgid "PHP5 - Scripting Language"
768
769
msgstr ""
769
770
770
#: serverguide/C/web-servers.xml:693(para)
771
#: serverguide/C/web-servers.xml:680(para)
771
772
msgid ""
772
773
"PHP is a general-purpose scripting language suited for Web development. The "
773
774
"PHP script can be embedded into HTML. This section explains how to install "
774
775
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
775
776
msgstr ""
776
777
777
#: serverguide/C/web-servers.xml:697(para)
778
#: serverguide/C/web-servers.xml:684(para)
778
779
msgid ""
779
780
"This section assumes you have installed and configured Apache2 Web Server "
780
781
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
782
783
"respectively."
783
784
msgstr ""
784
785
785
#: serverguide/C/web-servers.xml:704(para)
786
#: serverguide/C/web-servers.xml:691(para)
786
787
msgid ""
787
788
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
788
789
"installed in the base system, PHP must be added."
789
790
msgstr ""
790
791
791
#: serverguide/C/web-servers.xml:708(para)
792
#: serverguide/C/web-servers.xml:695(para)
792
793
msgid ""
793
794
"To install PHP5 you can enter the following command in the terminal prompt: "
794
795
"<screen>\n"
796
797
"</screen>"
797
798
msgstr ""
798
799
799
#: serverguide/C/web-servers.xml:717(para)
800
#: serverguide/C/web-servers.xml:704(para)
800
801
msgid ""
801
802
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
802
803
"line you should install <application>php5-cli</application> package. To "
806
807
"</screen>"
807
808
msgstr ""
808
809
809
#: serverguide/C/web-servers.xml:726(para)
810
#: serverguide/C/web-servers.xml:713(para)
810
811
msgid ""
811
812
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
812
813
"accomplish this, you should install <application>php5-cgi</application> "
816
817
"</screen>"
817
818
msgstr ""
818
819
819
#: serverguide/C/web-servers.xml:736(para)
820
#: serverguide/C/web-servers.xml:723(para)
820
821
msgid ""
821
822
"To use <application>MySQL</application> with PHP5 you should install "
822
823
"<application>php5-mysql</application> package. To install <application>php5-"
826
827
"</screen>"
827
828
msgstr ""
828
829
829
#: serverguide/C/web-servers.xml:744(para)
830
#: serverguide/C/web-servers.xml:731(para)
830
831
msgid ""
831
832
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
832
833
"install <application>php5-pgsql</application> package. To install "
836
837
"</screen>"
837
838
msgstr ""
838
839
839
#: serverguide/C/web-servers.xml:757(para)
840
#: serverguide/C/web-servers.xml:744(para)
840
841
msgid ""
841
842
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
842
843
"you have installed <application>php5-cli</application> package, you can run "
843
844
"PHP5 scripts from your command prompt."
844
845
msgstr ""
845
846
846
#: serverguide/C/web-servers.xml:764(para)
847
#: serverguide/C/web-servers.xml:751(para)
847
848
msgid ""
848
849
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
849
850
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
854
855
"command."
855
856
msgstr ""
856
857
857
#: serverguide/C/web-servers.xml:775(para)
858
#: serverguide/C/web-servers.xml:762(para)
858
859
msgid ""
859
860
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
860
861
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
862
863
"<screen><command>sudo service apache2 restart</command> </screen>"
863
864
msgstr ""
864
865
865
#: serverguide/C/web-servers.xml:783(title) serverguide/C/network-auth.xml:1048(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1673(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
866
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
866
867
msgid "Testing"
867
868
msgstr ""
868
869
869
#: serverguide/C/web-servers.xml:784(para)
870
#: serverguide/C/web-servers.xml:771(para)
870
871
msgid ""
871
872
"To verify your installation, you can run following PHP5 phpinfo script:"
872
873
msgstr ""
873
874
874
#: serverguide/C/web-servers.xml:787(programlisting)
875
#: serverguide/C/web-servers.xml:774(programlisting)
875
876
#, no-wrap
876
877
msgid ""
877
878
"\n"
880
881
"?>\n"
881
882
msgstr ""
882
883
883
#: serverguide/C/web-servers.xml:792(para)
884
#: serverguide/C/web-servers.xml:779(para)
884
885
msgid ""
885
886
"You can save the content in a file <filename>phpinfo.php</filename> and "
886
887
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
889
890
"various PHP5 configuration parameters."
890
891
msgstr ""
891
892
892
#: serverguide/C/web-servers.xml:806(para)
893
#: serverguide/C/web-servers.xml:793(para)
893
894
msgid ""
894
895
"For more in depth information see <ulink "
895
896
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
896
897
msgstr ""
897
898
898
#: serverguide/C/web-servers.xml:811(para)
899
#: serverguide/C/web-servers.xml:798(para)
899
900
msgid ""
900
901
"There are a plethora of books on PHP. Two good books from O'Reilly are "
901
902
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
903
904
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
904
905
msgstr ""
905
906
906
#: serverguide/C/web-servers.xml:818(para)
907
#: serverguide/C/web-servers.xml:805(para)
907
908
msgid ""
908
909
"Also, see the <ulink "
909
910
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
910
911
"Ubuntu Wiki</ulink> page for more information."
911
912
msgstr ""
912
913
913
#: serverguide/C/web-servers.xml:829(title)
914
#: serverguide/C/web-servers.xml:816(title)
914
915
msgid "Squid - Proxy Server"
915
916
msgstr ""
916
917
939
940
"for increased performance."
940
941
msgstr ""
941
942
942
#: serverguide/C/web-servers.xml:847(para)
943
#: serverguide/C/web-servers.xml:834(para)
943
944
msgid ""
944
945
"At a terminal prompt, enter the following command to install the Squid "
945
946
"server:"
974
975
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
975
976
msgstr ""
976
977
977
#: serverguide/C/web-servers.xml:878(para)
978
#: serverguide/C/web-servers.xml:866(para)
978
979
msgid ""
979
980
"To set your Squid server to listen on TCP port 8888 instead of the default "
980
981
"TCP port 3128, change the http_port directive as such:"
981
982
msgstr ""
982
983
983
#: serverguide/C/web-servers.xml:882(programlisting)
984
#: serverguide/C/web-servers.xml:870(programlisting)
984
985
#, no-wrap
985
986
msgid ""
986
987
"\n"
987
988
"http_port 8888\n"
988
989
msgstr ""
989
990
990
#: serverguide/C/web-servers.xml:887(para)
991
#: serverguide/C/web-servers.xml:875(para)
991
992
msgid ""
992
993
"Change the visible_hostname directive in order to give the Squid server a "
993
994
"specific hostname. This hostname does not necessarily need to be the "
994
995
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
995
996
msgstr ""
996
997
997
#: serverguide/C/web-servers.xml:891(programlisting)
998
#: serverguide/C/web-servers.xml:879(programlisting)
998
999
#, no-wrap
999
1000
msgid ""
1000
1001
"\n"
1001
1002
"visible_hostname weezie\n"
1002
1003
msgstr ""
1003
1004
1004
#: serverguide/C/web-servers.xml:896(para)
1005
#: serverguide/C/web-servers.xml:884(para)
1005
1006
msgid ""
1006
1007
"Using Squid's access control, you may configure use of Internet services "
1007
1008
"proxied by Squid to be available only users with certain Internet Protocol "
1015
1016
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1016
1017
msgstr ""
1017
1018
1018
#: serverguide/C/web-servers.xml:904(programlisting)
1019
#: serverguide/C/web-servers.xml:892(programlisting)
1019
1020
#, no-wrap
1020
1021
msgid ""
1021
1022
"\n"
1028
1029
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1029
1030
msgstr ""
1030
1031
1031
#: serverguide/C/web-servers.xml:911(programlisting)
1032
#: serverguide/C/web-servers.xml:899(programlisting)
1032
1033
#, no-wrap
1033
1034
msgid ""
1034
1035
"\n"
1044
1045
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1045
1046
msgstr ""
1046
1047
1047
#: serverguide/C/web-servers.xml:924(programlisting)
1048
#: serverguide/C/web-servers.xml:912(programlisting)
1048
1049
#, no-wrap
1049
1050
msgid ""
1050
1051
"\n"
1052
1053
"acl biz_hours time M T W T F 9:00-17:00\n"
1053
1054
msgstr ""
1054
1055
1055
#: serverguide/C/web-servers.xml:932(programlisting)
1056
#: serverguide/C/web-servers.xml:920(programlisting)
1056
1057
#, no-wrap
1057
1058
msgid ""
1058
1059
"\n"
1071
1072
msgid "sudo service squid3 restart"
1072
1073
msgstr ""
1073
1074
1074
#: serverguide/C/web-servers.xml:953(ulink)
1075
#: serverguide/C/web-servers.xml:941(ulink)
1075
1076
msgid "Squid Website"
1076
1077
msgstr ""
1077
1078
1078
#: serverguide/C/web-servers.xml:955(para)
1079
#: serverguide/C/web-servers.xml:943(para)
1079
1080
msgid ""
1080
1081
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1081
1082
"Squid</ulink> page."
1082
1083
msgstr ""
1083
1084
1084
#: serverguide/C/web-servers.xml:962(title)
1085
#: serverguide/C/web-servers.xml:950(title)
1085
1086
msgid "Ruby on Rails"
1086
1087
msgstr ""
1087
1088
1088
#: serverguide/C/web-servers.xml:963(para)
1089
#: serverguide/C/web-servers.xml:951(para)
1089
1090
msgid ""
1090
1091
"Ruby on Rails is an open source web framework for developing database backed "
1091
1092
"web applications. It is optimized for sustainable productivity of the "
1093
1094
"convention over configuration."
1094
1095
msgstr ""
1095
1096
1096
#: serverguide/C/web-servers.xml:970(para)
1097
#: serverguide/C/web-servers.xml:958(para)
1097
1098
msgid ""
1098
1099
"Before installing <application>Rails</application> you should install "
1099
1100
"<application>Apache</application> and <application>MySQL</application>. To "
1102
1103
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1103
1104
msgstr ""
1104
1105
1105
#: serverguide/C/web-servers.xml:978(para)
1106
#: serverguide/C/web-servers.xml:966(para)
1106
1107
msgid ""
1107
1108
"Once you have <application>Apache</application> and "
1108
1109
"<application>MySQL</application> packages installed, you are ready to "
1109
1110
"install <application>Ruby on Rails</application> package."
1110
1111
msgstr ""
1111
1112
1112
#: serverguide/C/web-servers.xml:985(para)
1113
#: serverguide/C/web-servers.xml:973(para)
1113
1114
msgid ""
1114
1115
"To install the <application>Ruby</application> base packages and "
1115
1116
"<application>Ruby on Rails</application>, you can enter the following "
1116
1117
"command in the terminal prompt:"
1117
1118
msgstr ""
1118
1119
1119
#: serverguide/C/web-servers.xml:991(command)
1120
#: serverguide/C/web-servers.xml:979(command)
1120
1121
msgid "sudo apt-get install rails"
1121
1122
msgstr ""
1122
1123
1126
1127
"default.conf</filename> configuration file to setup your domains."
1127
1128
msgstr ""
1128
1129
1129
#: serverguide/C/web-servers.xml:1001(para)
1130
#: serverguide/C/web-servers.xml:989(para)
1130
1131
msgid ""
1131
1132
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1132
1133
msgstr ""
1133
1134
1134
#: serverguide/C/web-servers.xml:1005(programlisting)
1135
#: serverguide/C/web-servers.xml:993(programlisting)
1135
1136
#, no-wrap
1136
1137
msgid ""
1137
1138
"\n"
1138
1139
"DocumentRoot /path/to/rails/application/public\n"
1139
1140
msgstr ""
1140
1141
1141
#: serverguide/C/web-servers.xml:1008(para)
1142
#: serverguide/C/web-servers.xml:996(para)
1142
1143
msgid ""
1143
1144
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1144
1145
"directive:"
1145
1146
msgstr ""
1146
1147
1147
#: serverguide/C/web-servers.xml:1012(programlisting)
1148
#: serverguide/C/web-servers.xml:1000(programlisting)
1148
1149
#, no-wrap
1149
1150
msgid ""
1150
1151
"\n"
1157
1158
"</Directory>\n"
1158
1159
msgstr ""
1159
1160
1160
#: serverguide/C/web-servers.xml:1022(para)
1161
#: serverguide/C/web-servers.xml:1010(para)
1161
1162
msgid ""
1162
1163
"You should also enable the <application>mod_rewrite</application> module for "
1163
1164
"Apache. To enable <application>mod_rewrite</application> module, please "
1164
1165
"enter the following command in a terminal prompt:"
1165
1166
msgstr ""
1166
1167
1167
#: serverguide/C/web-servers.xml:1028(command)
1168
#: serverguide/C/web-servers.xml:1016(command)
1168
1169
msgid "sudo a2enmod rewrite"
1169
1170
msgstr ""
1170
1171
1171
#: serverguide/C/web-servers.xml:1031(para)
1172
#: serverguide/C/web-servers.xml:1019(para)
1172
1173
msgid ""
1173
1174
"Finally you will need to change the ownership of the "
1174
1175
"<filename>/path/to/rails/application/public</filename> and "
1176
1177
"used to run the <application>Apache</application> process:"
1177
1178
msgstr ""
1178
1179
1179
#: serverguide/C/web-servers.xml:1037(command)
1180
#: serverguide/C/web-servers.xml:1025(command)
1180
1181
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1181
1182
msgstr ""
1182
1183
1183
#: serverguide/C/web-servers.xml:1038(command)
1184
#: serverguide/C/web-servers.xml:1026(command)
1184
1185
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1185
1186
msgstr ""
1186
1187
1187
#: serverguide/C/web-servers.xml:1041(para)
1188
#: serverguide/C/web-servers.xml:1029(para)
1188
1189
msgid ""
1189
1190
"That's it! Now you have your Server ready for your <application>Ruby on "
1190
1191
"Rails</application> applications."
1191
1192
msgstr ""
1192
1193
1193
#: serverguide/C/web-servers.xml:1050(para)
1194
#: serverguide/C/web-servers.xml:1038(para)
1194
1195
msgid ""
1195
1196
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1196
1197
"for more information."
1197
1198
msgstr ""
1198
1199
1199
#: serverguide/C/web-servers.xml:1055(para)
1200
#: serverguide/C/web-servers.xml:1043(para)
1200
1201
msgid ""
1201
1202
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1202
1203
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1203
1204
"resource."
1204
1205
msgstr ""
1205
1206
1206
#: serverguide/C/web-servers.xml:1061(para)
1207
#: serverguide/C/web-servers.xml:1049(para)
1207
1208
msgid ""
1208
1209
"Another place for more information is the <ulink "
1209
1210
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1210
1211
"Wiki</ulink> page."
1211
1212
msgstr ""
1212
1213
1213
#: serverguide/C/web-servers.xml:1072(title)
1214
#: serverguide/C/web-servers.xml:1060(title)
1214
1215
msgid "Apache Tomcat"
1215
1216
msgstr ""
1216
1217
1217
#: serverguide/C/web-servers.xml:1073(para)
1218
#: serverguide/C/web-servers.xml:1061(para)
1218
1219
msgid ""
1219
1220
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1220
1221
"JSP (Java Server Pages) web applications."
1239
1240
"need to test on their own private Tomcat instances."
1240
1241
msgstr ""
1241
1242
1242
#: serverguide/C/web-servers.xml:1088(title)
1243
#: serverguide/C/web-servers.xml:1073(title)
1243
1244
msgid "System-wide installation"
1244
1245
msgstr ""
1245
1246
1246
#: serverguide/C/web-servers.xml:1089(para)
1247
#: serverguide/C/web-servers.xml:1074(para)
1247
1248
msgid ""
1248
1249
"To install the Tomcat server, you can enter the following command in the "
1249
1250
"terminal prompt:"
1253
1254
msgid "sudo apt-get install tomcat7"
1254
1255
msgstr ""
1255
1256
1256
#: serverguide/C/web-servers.xml:1094(para)
1257
#: serverguide/C/web-servers.xml:1079(para)
1257
1258
msgid ""
1258
1259
"This will install a Tomcat server with just a default ROOT webapp that "
1259
1260
"displays a minimal \"It works\" page by default."
1268
1269
"documentation</ulink> for more."
1269
1270
msgstr ""
1270
1271
1271
#: serverguide/C/web-servers.xml:1106(title)
1272
#: serverguide/C/web-servers.xml:1091(title)
1272
1273
msgid "Changing default ports"
1273
1274
msgstr ""
1274
1275
1280
1281
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1281
1282
msgstr ""
1282
1283
1283
#: serverguide/C/web-servers.xml:1112(programlisting)
1284
#: serverguide/C/web-servers.xml:1097(programlisting)
1284
1285
#, no-wrap
1285
1286
msgid ""
1286
1287
"\n"
1292
1293
"/>\n"
1293
1294
msgstr ""
1294
1295
1295
#: serverguide/C/web-servers.xml:1121(title)
1296
#: serverguide/C/web-servers.xml:1106(title)
1296
1297
msgid "Changing JVM used"
1297
1298
msgstr ""
1298
1299
1303
1304
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1304
1305
msgstr ""
1305
1306
1306
#: serverguide/C/web-servers.xml:1126(programlisting)
1307
#: serverguide/C/web-servers.xml:1111(programlisting)
1307
1308
#, no-wrap
1308
1309
msgid ""
1309
1310
"\n"
1310
1311
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1311
1312
msgstr ""
1312
1313
1313
#: serverguide/C/web-servers.xml:1131(title)
1314
#: serverguide/C/web-servers.xml:1116(title)
1314
1315
msgid "Declaring users and roles"
1315
1316
msgstr ""
1316
1317
1321
1322
"users.xml</filename> file:"
1322
1323
msgstr ""
1323
1324
1324
#: serverguide/C/web-servers.xml:1135(programlisting)
1325
#: serverguide/C/web-servers.xml:1120(programlisting)
1325
1326
#, no-wrap
1326
1327
msgid ""
1327
1328
"\n"
1329
1330
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1330
1331
msgstr ""
1331
1332
1332
#: serverguide/C/web-servers.xml:1143(title)
1333
#: serverguide/C/web-servers.xml:1128(title)
1333
1334
msgid "Using Tomcat standard webapps"
1334
1335
msgstr ""
1335
1336
1336
#: serverguide/C/web-servers.xml:1144(para)
1337
#: serverguide/C/web-servers.xml:1129(para)
1337
1338
msgid ""
1338
1339
"Tomcat is shipped with webapps that you can install for documentation, "
1339
1340
"administration or demo purposes."
1340
1341
msgstr ""
1341
1342
1342
#: serverguide/C/web-servers.xml:1147(title)
1343
#: serverguide/C/web-servers.xml:1132(title)
1343
1344
msgid "Tomcat documentation"
1344
1345
msgstr ""
1345
1346
1355
1356
msgid "sudo apt-get install tomcat7-docs"
1356
1357
msgstr ""
1357
1358
1358
#: serverguide/C/web-servers.xml:1157(title)
1359
#: serverguide/C/web-servers.xml:1142(title)
1359
1360
msgid "Tomcat administration webapps"
1360
1361
msgstr ""
1361
1362
1370
1371
msgid "sudo apt-get install tomcat7-admin"
1371
1372
msgstr ""
1372
1373
1373
#: serverguide/C/web-servers.xml:1165(para)
1374
#: serverguide/C/web-servers.xml:1150(para)
1374
1375
msgid ""
1375
1376
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1376
1377
"access by default at http://yourserver:8080/manager/html. It is primarily "
1384
1385
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1385
1386
msgstr ""
1386
1387
1387
#: serverguide/C/web-servers.xml:1172(para)
1388
#: serverguide/C/web-servers.xml:1157(para)
1388
1389
msgid ""
1389
1390
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1390
1391
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1416
1417
msgid "sudo chmod -R g+w /etc/tomcat7"
1417
1418
msgstr ""
1418
1419
1419
#: serverguide/C/web-servers.xml:1194(title)
1420
#: serverguide/C/web-servers.xml:1179(title)
1420
1421
msgid "Tomcat examples webapps"
1421
1422
msgstr ""
1422
1423
1432
1433
msgid "sudo apt-get install tomcat7-examples"
1433
1434
msgstr ""
1434
1435
1435
#: serverguide/C/web-servers.xml:1207(title)
1436
#: serverguide/C/web-servers.xml:1192(title)
1436
1437
msgid "Using private instances"
1437
1438
msgstr ""
1438
1439
1446
1447
"system-installed libraries."
1447
1448
msgstr ""
1448
1449
1449
#: serverguide/C/web-servers.xml:1215(para)
1450
#: serverguide/C/web-servers.xml:1200(para)
1450
1451
msgid ""
1451
1452
"It is possible to run the system-wide instance and the private instances in "
1452
1453
"parallel, as long as they do not use the same TCP ports."
1453
1454
msgstr ""
1454
1455
1455
#: serverguide/C/web-servers.xml:1219(title)
1456
#: serverguide/C/web-servers.xml:1204(title)
1456
1457
msgid "Installing private instance support"
1457
1458
msgstr ""
1458
1459
1459
#: serverguide/C/web-servers.xml:1220(para)
1460
#: serverguide/C/web-servers.xml:1205(para)
1460
1461
msgid ""
1461
1462
"You can install everything necessary to run private instances by entering "
1462
1463
"the following command in the terminal prompt:"
1466
1467
msgid "sudo apt-get install tomcat7-user"
1467
1468
msgstr ""
1468
1469
1469
#: serverguide/C/web-servers.xml:1227(title)
1470
#: serverguide/C/web-servers.xml:1212(title)
1470
1471
msgid "Creating a private instance"
1471
1472
msgstr ""
1472
1473
1473
#: serverguide/C/web-servers.xml:1228(para)
1474
#: serverguide/C/web-servers.xml:1213(para)
1474
1475
msgid ""
1475
1476
"You can create a private instance directory by entering the following "
1476
1477
"command in the terminal prompt:"
1480
1481
msgid "tomcat7-instance-create my-instance"
1481
1482
msgstr ""
1482
1483
1483
#: serverguide/C/web-servers.xml:1233(para)
1484
#: serverguide/C/web-servers.xml:1218(para)
1484
1485
msgid ""
1485
1486
"This will create a new <filename>my-instance</filename> directory with all "
1486
1487
"the necessary subdirectories and scripts. You can for example install your "
1489
1490
"are deployed by default."
1490
1491
msgstr ""
1491
1492
1492
#: serverguide/C/web-servers.xml:1241(title)
1493
#: serverguide/C/web-servers.xml:1226(title)
1493
1494
msgid "Configuring your private instance"
1494
1495
msgstr ""
1495
1496
1496
#: serverguide/C/web-servers.xml:1242(para)
1497
#: serverguide/C/web-servers.xml:1227(para)
1497
1498
msgid ""
1498
1499
"You will find the classic Tomcat configuration files for your private "
1499
1500
"instance in the <filename>conf/</filename> subdirectory. You should for "
1502
1503
"conflict with other instances that might be running."
1503
1504
msgstr ""
1504
1505
1505
#: serverguide/C/web-servers.xml:1250(title)
1506
#: serverguide/C/web-servers.xml:1235(title)
1506
1507
msgid "Starting/stopping your private instance"
1507
1508
msgstr ""
1508
1509
1509
#: serverguide/C/web-servers.xml:1251(para)
1510
#: serverguide/C/web-servers.xml:1236(para)
1510
1511
msgid ""
1511
1512
"You can start your private instance by entering the following command in the "
1512
1513
"terminal prompt (supposing your instance is located in the <filename>my-"
1513
1514
"instance</filename> directory):"
1514
1515
msgstr ""
1515
1516
1516
#: serverguide/C/web-servers.xml:1255(command)
1517
#: serverguide/C/web-servers.xml:1240(command)
1517
1518
msgid "my-instance/bin/startup.sh"
1518
1519
msgstr ""
1519
1520
1520
#: serverguide/C/web-servers.xml:1257(para)
1521
#: serverguide/C/web-servers.xml:1242(para)
1521
1522
msgid ""
1522
1523
"You should check the <filename>logs/</filename> subdirectory for any error. "
1523
1524
"If you have a <emphasis>java.net.BindException: Address already in "
1525
1526
"is already taken and that you should change it."
1526
1527
msgstr ""
1527
1528
1528
#: serverguide/C/web-servers.xml:1262(para)
1529
#: serverguide/C/web-servers.xml:1247(para)
1529
1530
msgid ""
1530
1531
"You can stop your instance by entering the following command in the terminal "
1531
1532
"prompt (supposing your instance is located in the <filename>my-"
1532
1533
"instance</filename> directory):"
1533
1534
msgstr ""
1534
1535
1535
#: serverguide/C/web-servers.xml:1266(command)
1536
#: serverguide/C/web-servers.xml:1251(command)
1536
1537
msgid "my-instance/bin/shutdown.sh"
1537
1538
msgstr ""
1538
1539
1539
#: serverguide/C/web-servers.xml:1275(para)
1540
#: serverguide/C/web-servers.xml:1260(para)
1540
1541
msgid ""
1541
1542
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1542
1543
"website for more information."
1549
1550
"with Tomcat."
1550
1551
msgstr ""
1551
1552
1552
#: serverguide/C/web-servers.xml:1286(para)
1553
#: serverguide/C/web-servers.xml:1271(para)
1553
1554
msgid ""
1554
1555
"For additional books see the <ulink "
1555
1556
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1680
1681
"\n"
1681
1682
msgstr ""
1682
1683
1683
#: serverguide/C/vpn.xml:94(para)
1684
#: serverguide/C/vpn.xml:90(para)
1684
1685
msgid ""
1685
1686
"Enter the following to generate the master Certificate Authority (CA) "
1686
1687
"certificate and key:"
1687
1688
msgstr ""
1688
1689
1689
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1690
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1690
1691
msgid "cd /etc/openvpn/easy-rsa/"
1691
1692
msgstr ""
1692
1693
1693
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1694
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1694
1695
msgid "source vars"
1695
1696
msgstr ""
1696
1697
1697
#: serverguide/C/vpn.xml:101(command)
1698
#: serverguide/C/vpn.xml:97(command)
1698
1699
msgid "./clean-all"
1699
1700
msgstr ""
1700
1701
1701
#: serverguide/C/vpn.xml:102(command)
1702
#: serverguide/C/vpn.xml:98(command)
1702
1703
msgid "./build-ca"
1703
1704
msgstr ""
1704
1705
1705
#: serverguide/C/vpn.xml:107(title)
1706
#: serverguide/C/vpn.xml:103(title)
1706
1707
msgid "Server Certificates"
1707
1708
msgstr ""
1708
1709
1709
#: serverguide/C/vpn.xml:109(para)
1710
#: serverguide/C/vpn.xml:105(para)
1710
1711
msgid "Next, we will generate a certificate and private key for the server:"
1711
1712
msgstr ""
1712
1713
1713
#: serverguide/C/vpn.xml:114(command)
1714
#: serverguide/C/vpn.xml:110(command)
1714
1715
msgid "./build-key-server myservername"
1715
1716
msgstr ""
1716
1717
1717
#: serverguide/C/vpn.xml:117(para)
1718
#: serverguide/C/vpn.xml:113(para)
1718
1719
msgid ""
1719
1720
"As in the previous step, most parameters can be defaulted. Two other queries "
1720
1721
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1721
1722
"certificate requests certified, commit? [y/n]\"."
1722
1723
msgstr ""
1723
1724
1724
#: serverguide/C/vpn.xml:121(para)
1725
#: serverguide/C/vpn.xml:117(para)
1725
1726
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1726
1727
msgstr ""
1727
1728
1728
#: serverguide/C/vpn.xml:126(command)
1729
#: serverguide/C/vpn.xml:122(command)
1729
1730
msgid "./build-dh"
1730
1731
msgstr ""
1731
1732
1732
#: serverguide/C/vpn.xml:129(para)
1733
#: serverguide/C/vpn.xml:125(para)
1733
1734
msgid ""
1734
1735
"All certificates and keys have been generated in the subdirectory keys/. "
1735
1736
"Common practice is to copy them to /etc/openvpn/:"
1736
1737
msgstr ""
1737
1738
1738
#: serverguide/C/vpn.xml:133(command)
1739
#: serverguide/C/vpn.xml:129(command)
1739
1740
msgid "cd keys/"
1740
1741
msgstr ""
1741
1742
1743
1744
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1744
1745
msgstr ""
1745
1746
1746
#: serverguide/C/vpn.xml:139(title)
1747
#: serverguide/C/vpn.xml:135(title)
1747
1748
msgid "Client Certificates"
1748
1749
msgstr ""
1749
1750
1750
#: serverguide/C/vpn.xml:141(para)
1751
#: serverguide/C/vpn.xml:137(para)
1751
1752
msgid ""
1752
1753
"The VPN client will also need a certificate to authenticate itself to the "
1753
1754
"server. Usually you create a different certificate for each client. To "
1755
1756
"root:"
1756
1757
msgstr ""
1757
1758
1758
#: serverguide/C/vpn.xml:149(command)
1759
#: serverguide/C/vpn.xml:145(command)
1759
1760
msgid "./build-key client1"
1760
1761
msgstr ""
1761
1762
1762
#: serverguide/C/vpn.xml:152(para)
1763
#: serverguide/C/vpn.xml:148(para)
1763
1764
msgid "Copy the following files to the client using a secure method:"
1764
1765
msgstr ""
1765
1766
1766
#: serverguide/C/vpn.xml:157(para)
1767
#: serverguide/C/vpn.xml:153(para)
1767
1768
msgid "/etc/openvpn/ca.crt"
1768
1769
msgstr ""
1769
1770
1770
#: serverguide/C/vpn.xml:158(para)
1771
#: serverguide/C/vpn.xml:154(para)
1771
1772
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1772
1773
msgstr ""
1773
1774
1774
#: serverguide/C/vpn.xml:159(para)
1775
#: serverguide/C/vpn.xml:155(para)
1775
1776
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1776
1777
msgstr ""
1777
1778
1778
#: serverguide/C/vpn.xml:162(para)
1779
#: serverguide/C/vpn.xml:158(para)
1779
1780
msgid ""
1780
1781
"As the client certificates and keys are only required on the client machine, "
1781
1782
"you should remove them from the server."
1782
1783
msgstr ""
1783
1784
1784
#: serverguide/C/vpn.xml:170(title)
1785
#: serverguide/C/vpn.xml:166(title)
1785
1786
msgid "Simple Server Configuration"
1786
1787
msgstr ""
1787
1788
1788
#: serverguide/C/vpn.xml:172(para)
1789
#: serverguide/C/vpn.xml:168(para)
1789
1790
msgid ""
1790
1791
"Along with your <application>OpenVPN</application> installation you got "
1791
1792
"these sample config files (and many more if if you check):"
1792
1793
msgstr ""
1793
1794
1794
#: serverguide/C/vpn.xml:176(programlisting)
1795
#: serverguide/C/vpn.xml:172(programlisting)
1795
1796
#, no-wrap
1796
1797
msgid ""
1797
1798
"\n"
1801
1802
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1802
1803
msgstr ""
1803
1804
1804
#: serverguide/C/vpn.xml:183(para)
1805
#: serverguide/C/vpn.xml:179(para)
1805
1806
msgid ""
1806
1807
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1807
1808
msgstr ""
1808
1809
1809
#: serverguide/C/vpn.xml:187(command)
1810
#: serverguide/C/vpn.xml:183(command)
1810
1811
msgid ""
1811
1812
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1812
1813
"/etc/openvpn/"
1813
1814
msgstr ""
1814
1815
1815
#: serverguide/C/vpn.xml:188(command)
1816
#: serverguide/C/vpn.xml:184(command)
1816
1817
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1817
1818
msgstr ""
1818
1819
1819
#: serverguide/C/vpn.xml:191(para)
1820
#: serverguide/C/vpn.xml:187(para)
1820
1821
msgid ""
1821
1822
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1822
1823
"following lines are pointing to the certificates and keys you created in the "
1835
1836
1836
1837
#: serverguide/C/vpn.xml:201(para)
1837
1838
msgid ""
1839
"Edit <filename>/etc/sysctl.conf</filename> and uncomment the following line "
1840
"to enable IP forwarding."
1841
msgstr ""
1842
1843
#: serverguide/C/vpn.xml:204(programlisting)
1844
#, no-wrap
1845
msgid ""
1846
"\n"
1847
"#net.ipv4.ip_forward=1\n"
1848
msgstr ""
1849
1850
#: serverguide/C/vpn.xml:207(para)
1851
msgid "Then reload sysctl."
1852
msgstr ""
1853
1854
#: serverguide/C/vpn.xml:211(command)
1855
msgid "sudo sysctl -p /etc/sysctl.conf"
1856
msgstr ""
1857
1858
#: serverguide/C/vpn.xml:197(para)
1859
msgid ""
1838
1860
"That is the minimum you have to configure to get a working OpenVPN server. "
1839
1861
"You can use all the default settings in the sample server.conf file. Now "
1840
1862
"start the server. You will find logging and error messages in your syslog."
1841
1863
msgstr ""
1842
1864
1843
#: serverguide/C/vpn.xml:206(programlisting)
1865
#: serverguide/C/vpn.xml:219(programlisting)
1844
1866
#, no-wrap
1845
1867
msgid ""
1846
1868
"\n"
1849
1871
" * Autostarting VPN 'server' [ OK ]\n"
1850
1872
msgstr ""
1851
1873
1852
#: serverguide/C/vpn.xml:212(para)
1874
#: serverguide/C/vpn.xml:208(para)
1853
1875
msgid "Now check if OpenVPN created a tun0 interface:"
1854
1876
msgstr ""
1855
1877
1856
#: serverguide/C/vpn.xml:216(programlisting)
1878
#: serverguide/C/vpn.xml:212(programlisting)
1857
1879
#, no-wrap
1858
1880
msgid ""
1859
1881
"\n"
1865
1887
"[...]\n"
1866
1888
msgstr ""
1867
1889
1868
#: serverguide/C/vpn.xml:226(title)
1890
#: serverguide/C/vpn.xml:222(title)
1869
1891
msgid "Simple Client Configuration"
1870
1892
msgstr ""
1871
1893
1872
#: serverguide/C/vpn.xml:228(para)
1894
#: serverguide/C/vpn.xml:224(para)
1873
1895
msgid ""
1874
1896
"There are various different <application>OpenVPN</application> client "
1875
1897
"implementations with and without GUIs. You can read more about clients in a "
1878
1900
"install the openvpn package again on the client machine:"
1879
1901
msgstr ""
1880
1902
1881
#: serverguide/C/vpn.xml:235(command) serverguide/C/vpn.xml:603(command)
1903
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1882
1904
msgid "sudo apt-get install openvpn"
1883
1905
msgstr ""
1884
1906
1885
#: serverguide/C/vpn.xml:238(para)
1907
#: serverguide/C/vpn.xml:234(para)
1886
1908
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1887
1909
msgstr ""
1888
1910
1889
#: serverguide/C/vpn.xml:242(command)
1911
#: serverguide/C/vpn.xml:238(command)
1890
1912
msgid ""
1891
1913
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1892
1914
"/etc/openvpn/"
1893
1915
msgstr ""
1894
1916
1895
#: serverguide/C/vpn.xml:245(para)
1917
#: serverguide/C/vpn.xml:241(para)
1896
1918
msgid ""
1897
1919
"Copy the client keys and the certificate of the CA you created in the "
1898
1920
"section above to e.g. /etc/openvpn/ and edit "
1901
1923
"you can omit the path."
1902
1924
msgstr ""
1903
1925
1904
#: serverguide/C/vpn.xml:248(programlisting) serverguide/C/vpn.xml:268(programlisting)
1926
#: serverguide/C/vpn.xml:244(programlisting)
1905
1927
#, no-wrap
1906
1928
msgid ""
1907
1929
"\n"
1910
1932
"key client1.key\n"
1911
1933
msgstr ""
1912
1934
1913
#: serverguide/C/vpn.xml:254(para)
1935
#: serverguide/C/vpn.xml:250(para)
1914
1936
msgid ""
1915
1937
"And you have to at least specify the OpenVPN server name or address. Make "
1916
1938
"sure the keyword client is in the config. That's what enables client mode."
1917
1939
msgstr ""
1918
1940
1919
#: serverguide/C/vpn.xml:260(programlisting)
1941
#: serverguide/C/vpn.xml:256(programlisting)
1920
1942
#, no-wrap
1921
1943
msgid ""
1922
1944
"\n"
1924
1946
"remote vpnserver.example.com 1194\n"
1925
1947
msgstr ""
1926
1948
1927
#: serverguide/C/vpn.xml:265(para)
1949
#: serverguide/C/vpn.xml:278(para)
1928
1950
msgid ""
1929
1951
"Also, make sure you specify the keyfile names you copied from the server"
1930
1952
msgstr ""
1931
1953
1932
#: serverguide/C/vpn.xml:273(para)
1954
#: serverguide/C/vpn.xml:261(para)
1933
1955
msgid "Now start the OpenVPN client:"
1934
1956
msgstr ""
1935
1957
1936
#: serverguide/C/vpn.xml:277(programlisting)
1958
#: serverguide/C/vpn.xml:290(programlisting)
1937
1959
#, no-wrap
1938
1960
msgid ""
1939
1961
"\n"
1942
1964
" * Autostarting VPN 'client' [ OK ] \n"
1943
1965
msgstr ""
1944
1966
1945
#: serverguide/C/vpn.xml:283(para)
1967
#: serverguide/C/vpn.xml:271(para)
1946
1968
msgid "Check if it created a tun0 interface:"
1947
1969
msgstr ""
1948
1970
1949
#: serverguide/C/vpn.xml:287(programlisting)
1971
#: serverguide/C/vpn.xml:275(programlisting)
1950
1972
#, no-wrap
1951
1973
msgid ""
1952
1974
"\n"
1957
1979
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
1958
1980
msgstr ""
1959
1981
1960
#: serverguide/C/vpn.xml:294(para)
1982
#: serverguide/C/vpn.xml:282(para)
1961
1983
msgid "Check if you can ping the OpenVPN server:"
1962
1984
msgstr ""
1963
1985
1964
#: serverguide/C/vpn.xml:297(programlisting)
1986
#: serverguide/C/vpn.xml:285(programlisting)
1965
1987
#, no-wrap
1966
1988
msgid ""
1967
1989
"\n"
1970
1992
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
1971
1993
msgstr ""
1972
1994
1973
#: serverguide/C/vpn.xml:304(para)
1995
#: serverguide/C/vpn.xml:292(para)
1974
1996
msgid ""
1975
1997
"The OpenVPN server always uses the first usable IP address in the client "
1976
1998
"network and only that IP is pingable. E.g. if you configured a /24 for the "
1978
2000
"in the ifconfig output above is usually not answering ping requests."
1979
2001
msgstr ""
1980
2002
1981
#: serverguide/C/vpn.xml:309(para)
2003
#: serverguide/C/vpn.xml:297(para)
1982
2004
msgid "Check out your routes:"
1983
2005
msgstr ""
1984
2006
1985
#: serverguide/C/vpn.xml:312(programlisting)
2007
#: serverguide/C/vpn.xml:300(programlisting)
1986
2008
#, no-wrap
1987
2009
msgid ""
1988
2010
"\n"
2000
2022
"eth0\n"
2001
2023
msgstr ""
2002
2024
2003
#: serverguide/C/vpn.xml:324(title)
2025
#: serverguide/C/vpn.xml:312(title)
2004
2026
msgid "First trouble shooting"
2005
2027
msgstr ""
2006
2028
2007
#: serverguide/C/vpn.xml:326(para)
2029
#: serverguide/C/vpn.xml:314(para)
2008
2030
msgid "If the above didn't work for you, check this:"
2009
2031
msgstr ""
2010
2032
2011
#: serverguide/C/vpn.xml:331(para)
2033
#: serverguide/C/vpn.xml:319(para)
2012
2034
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2013
2035
msgstr ""
2014
2036
2015
#: serverguide/C/vpn.xml:334(para)
2037
#: serverguide/C/vpn.xml:347(para)
2016
2038
msgid ""
2017
2039
"Check that you have specified the keyfile names correctly in client.conf and "
2018
2040
"server.conf."
2019
2041
msgstr ""
2020
2042
2021
#: serverguide/C/vpn.xml:337(para)
2043
#: serverguide/C/vpn.xml:322(para)
2022
2044
msgid ""
2023
2045
"Can the client connect to the server machine? Maybe a firewall is blocking "
2024
2046
"access? Check syslog on server."
2025
2047
msgstr ""
2026
2048
2027
#: serverguide/C/vpn.xml:340(para)
2049
#: serverguide/C/vpn.xml:325(para)
2028
2050
msgid ""
2029
2051
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2030
2052
"port and proto config option"
2031
2053
msgstr ""
2032
2054
2033
#: serverguide/C/vpn.xml:343(para)
2055
#: serverguide/C/vpn.xml:328(para)
2034
2056
msgid ""
2035
2057
"Client and server must use same config regarding compression, see comp-lzo "
2036
2058
"config option"
2037
2059
msgstr ""
2038
2060
2039
#: serverguide/C/vpn.xml:346(para)
2061
#: serverguide/C/vpn.xml:331(para)
2040
2062
msgid ""
2041
2063
"Client and server must use same config regarding bridged vs routed mode, see "
2042
2064
"server vs server-bridge config option"
2043
2065
msgstr ""
2044
2066
2045
#: serverguide/C/vpn.xml:353(title) serverguide/C/databases.xml:161(title)
2067
#: serverguide/C/databases.xml:168(title)
2046
2068
msgid "Advanced configuration"
2047
2069
msgstr ""
2048
2070
2049
#: serverguide/C/vpn.xml:356(title)
2071
#: serverguide/C/vpn.xml:342(title)
2050
2072
msgid "Advanced routed VPN configuration on server"
2051
2073
msgstr ""
2052
2074
2053
#: serverguide/C/vpn.xml:358(para)
2075
#: serverguide/C/vpn.xml:344(para)
2054
2076
msgid ""
2055
2077
"The above is a very simple working VPN. The client can access services on "
2056
2078
"the VPN server machine through an encrypted tunnel. If you want to reach "
2061
2083
"route to the VPN client-network."
2062
2084
msgstr ""
2063
2085
2064
#: serverguide/C/vpn.xml:362(para)
2086
#: serverguide/C/vpn.xml:348(para)
2065
2087
msgid ""
2066
2088
"Or you might push a default gateway to all the clients to send all their "
2067
2089
"internet traffic to the VPN gateway first and from there via the company "
2068
2090
"firewall into the internet. This section shows you some possible options."
2069
2091
msgstr ""
2070
2092
2071
#: serverguide/C/vpn.xml:366(para)
2093
#: serverguide/C/vpn.xml:352(para)
2072
2094
msgid ""
2073
2095
"Push routes to the client to allow it to reach other private subnets behind "
2074
2096
"the server. Remember that these private subnets will also need to know to "
2076
2098
"server."
2077
2099
msgstr ""
2078
2100
2079
#: serverguide/C/vpn.xml:375(programlisting)
2101
#: serverguide/C/vpn.xml:361(programlisting)
2080
2102
#, no-wrap
2081
2103
msgid ""
2082
2104
"\n"
2083
2105
"push \"route 10.0.0.0 255.0.0.0\"\n"
2084
2106
msgstr ""
2085
2107
2086
#: serverguide/C/vpn.xml:379(para)
2108
#: serverguide/C/vpn.xml:392(para)
2087
2109
msgid ""
2088
2110
"If enabled, this directive will configure all clients to redirect their "
2089
2111
"default network gateway through the VPN, causing all IP traffic such as web "
2092
2114
"internet in order for this to work properly)."
2093
2115
msgstr ""
2094
2116
2095
#: serverguide/C/vpn.xml:388(programlisting)
2117
#: serverguide/C/vpn.xml:374(programlisting)
2096
2118
#, no-wrap
2097
2119
msgid ""
2098
2120
"\n"
2099
2121
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2100
2122
msgstr ""
2101
2123
2102
#: serverguide/C/vpn.xml:392(para)
2124
#: serverguide/C/vpn.xml:378(para)
2103
2125
msgid ""
2104
2126
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2105
2127
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2107
2129
"10.8.0.1. Comment this line out if you are ethernet bridging."
2108
2130
msgstr ""
2109
2131
2110
#: serverguide/C/vpn.xml:401(programlisting)
2132
#: serverguide/C/vpn.xml:387(programlisting)
2111
2133
#, no-wrap
2112
2134
msgid ""
2113
2135
"\n"
2114
2136
"server 10.8.0.0 255.255.255.0\n"
2115
2137
msgstr ""
2116
2138
2117
#: serverguide/C/vpn.xml:405(para)
2139
#: serverguide/C/vpn.xml:391(para)
2118
2140
msgid ""
2119
2141
"Maintain a record of client to virtual IP address associations in this file. "
2120
2142
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2121
2143
"the same virtual IP address from the pool that was previously assigned."
2122
2144
msgstr ""
2123
2145
2124
#: serverguide/C/vpn.xml:412(programlisting)
2146
#: serverguide/C/vpn.xml:398(programlisting)
2125
2147
#, no-wrap
2126
2148
msgid ""
2127
2149
"\n"
2128
2150
"ifconfig-pool-persist ipp.txt\n"
2129
2151
msgstr ""
2130
2152
2131
#: serverguide/C/vpn.xml:416(para)
2153
#: serverguide/C/vpn.xml:402(para)
2132
2154
msgid "Push DNS servers to the client."
2133
2155
msgstr ""
2134
2156
2135
#: serverguide/C/vpn.xml:419(programlisting)
2157
#: serverguide/C/vpn.xml:405(programlisting)
2136
2158
#, no-wrap
2137
2159
msgid ""
2138
2160
"\n"
2140
2162
"push \"dhcp-option DNS 10.1.0.2\"\n"
2141
2163
msgstr ""
2142
2164
2143
#: serverguide/C/vpn.xml:424(para)
2165
#: serverguide/C/vpn.xml:410(para)
2144
2166
msgid "Allow client to client communication."
2145
2167
msgstr ""
2146
2168
2147
#: serverguide/C/vpn.xml:427(programlisting)
2169
#: serverguide/C/vpn.xml:413(programlisting)
2148
2170
#, no-wrap
2149
2171
msgid ""
2150
2172
"\n"
2151
2173
"client-to-client\n"
2152
2174
msgstr ""
2153
2175
2154
#: serverguide/C/vpn.xml:431(para)
2176
#: serverguide/C/vpn.xml:417(para)
2155
2177
msgid "Enable compression on the VPN link."
2156
2178
msgstr ""
2157
2179
2158
#: serverguide/C/vpn.xml:434(programlisting)
2180
#: serverguide/C/vpn.xml:420(programlisting)
2159
2181
#, no-wrap
2160
2182
msgid ""
2161
2183
"\n"
2162
2184
"comp-lzo\n"
2163
2185
msgstr ""
2164
2186
2165
#: serverguide/C/vpn.xml:438(para)
2187
#: serverguide/C/vpn.xml:424(para)
2166
2188
msgid ""
2167
2189
"The keepalive directive causes ping-like messages to be sent back and forth "
2168
2190
"over the link so that each side knows when the other side has gone down. "
2170
2192
"during a 3 second time period."
2171
2193
msgstr ""
2172
2194
2173
#: serverguide/C/vpn.xml:447(programlisting)
2195
#: serverguide/C/vpn.xml:433(programlisting)
2174
2196
#, no-wrap
2175
2197
msgid ""
2176
2198
"\n"
2177
2199
"keepalive 1 3\n"
2178
2200
msgstr ""
2179
2201
2180
#: serverguide/C/vpn.xml:451(para)
2202
#: serverguide/C/vpn.xml:437(para)
2181
2203
msgid ""
2182
2204
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2183
2205
"initialization."
2184
2206
msgstr ""
2185
2207
2186
#: serverguide/C/vpn.xml:454(programlisting)
2208
#: serverguide/C/vpn.xml:440(programlisting)
2187
2209
#, no-wrap
2188
2210
msgid ""
2189
2211
"\n"
2191
2213
"group nogroup\n"
2192
2214
msgstr ""
2193
2215
2194
#: serverguide/C/vpn.xml:459(para)
2216
#: serverguide/C/vpn.xml:445(para)
2195
2217
msgid ""
2196
2218
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2197
2219
"obtain a username and password from a connecting client, and to use that "
2201
2223
"username/password, passing it on to the server over the secure TLS channel."
2202
2224
msgstr ""
2203
2225
2204
#: serverguide/C/vpn.xml:463(programlisting)
2226
#: serverguide/C/vpn.xml:449(programlisting)
2205
2227
#, no-wrap
2206
2228
msgid ""
2207
2229
"\n"
2209
2231
"auth-user-pass\n"
2210
2232
msgstr ""
2211
2233
2212
#: serverguide/C/vpn.xml:468(para)
2234
#: serverguide/C/vpn.xml:454(para)
2213
2235
msgid ""
2214
2236
"This will tell the OpenVPN server to validate the username/password entered "
2215
2237
"by clients using the login PAM module. Useful if you have centralized "
2216
2238
"authentication with e.g. Kerberos."
2217
2239
msgstr ""
2218
2240
2219
#: serverguide/C/vpn.xml:473(programlisting)
2241
#: serverguide/C/vpn.xml:486(programlisting)
2220
2242
#, no-wrap
2221
2243
msgid ""
2222
2244
"\n"
2223
2245
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2224
2246
msgstr ""
2225
2247
2226
#: serverguide/C/vpn.xml:477(para)
2248
#: serverguide/C/vpn.xml:463(para)
2227
2249
msgid ""
2228
2250
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2229
2251
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2230
2252
"for further security advice."
2231
2253
msgstr ""
2232
2254
2233
#: serverguide/C/vpn.xml:483(title)
2255
#: serverguide/C/vpn.xml:469(title)
2234
2256
msgid "Advanced bridged VPN configuration on server"
2235
2257
msgstr ""
2236
2258
2237
#: serverguide/C/vpn.xml:485(para)
2259
#: serverguide/C/vpn.xml:471(para)
2238
2260
msgid ""
2239
2261
"<application>OpenVPN</application> can be setup for either a routed or a "
2240
2262
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2246
2268
"be filtered."
2247
2269
msgstr ""
2248
2270
2249
#: serverguide/C/vpn.xml:491(title)
2271
#: serverguide/C/vpn.xml:477(title)
2250
2272
msgid "Prepare interface config for bridging on server"
2251
2273
msgstr ""
2252
2274
2253
#: serverguide/C/vpn.xml:493(para)
2275
#: serverguide/C/vpn.xml:479(para)
2254
2276
msgid "Make sure you have the bridge-utils package installed:"
2255
2277
msgstr ""
2256
2278
2257
#: serverguide/C/vpn.xml:497(command) serverguide/C/network-config.xml:542(command)
2279
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2258
2280
msgid "sudo apt-get install bridge-utils"
2259
2281
msgstr ""
2260
2282
2261
#: serverguide/C/vpn.xml:500(para)
2283
#: serverguide/C/vpn.xml:486(para)
2262
2284
msgid ""
2263
2285
"Before you setup OpenVPN in bridged mode you need to change your interface "
2264
2286
"configuration. Let's assume your server has an interface eth0 connected to "
2266
2288
"Your /etc/network/interfaces would like this:"
2267
2289
msgstr ""
2268
2290
2269
#: serverguide/C/vpn.xml:504(programlisting)
2291
#: serverguide/C/vpn.xml:490(programlisting)
2270
2292
#, no-wrap
2271
2293
msgid ""
2272
2294
"\n"
2282
2304
" netmask 255.255.255.0\n"
2283
2305
msgstr ""
2284
2306
2285
#: serverguide/C/vpn.xml:517(para)
2307
#: serverguide/C/vpn.xml:503(para)
2286
2308
msgid ""
2287
2309
"This straight forward interface config needs to be changed into a bridged "
2288
2310
"mode like where the config of interface eth1 moves to the new br0 interface. "
2291
2313
"interface to forward all ethernet frames to the IP stack."
2292
2314
msgstr ""
2293
2315
2294
#: serverguide/C/vpn.xml:521(programlisting)
2316
#: serverguide/C/vpn.xml:507(programlisting)
2295
2317
#, no-wrap
2296
2318
msgid ""
2297
2319
"\n"
2312
2334
" bridge_ports eth1\n"
2313
2335
msgstr ""
2314
2336
2315
#: serverguide/C/vpn.xml:539(para)
2337
#: serverguide/C/vpn.xml:552(para)
2316
2338
msgid ""
2317
2339
"At this point you need to bring up the bridge. Be prepared that this might "
2318
2340
"not work as expected and that you will lose remote connectivity. Make sure "
2319
2341
"you can solve problems having local access."
2320
2342
msgstr ""
2321
2343
2322
#: serverguide/C/vpn.xml:543(command)
2344
#: serverguide/C/vpn.xml:556(command)
2323
2345
msgid "sudo ifdown eth1 && sudo ifup -a"
2324
2346
msgstr ""
2325
2347
2326
#: serverguide/C/vpn.xml:548(title)
2348
#: serverguide/C/vpn.xml:534(title)
2327
2349
msgid "Prepare server config for bridging"
2328
2350
msgstr ""
2329
2351
2330
#: serverguide/C/vpn.xml:550(para)
2352
#: serverguide/C/vpn.xml:536(para)
2331
2353
msgid ""
2332
2354
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2333
2355
"options to:"
2334
2356
msgstr ""
2335
2357
2336
#: serverguide/C/vpn.xml:554(programlisting)
2358
#: serverguide/C/vpn.xml:540(programlisting)
2337
2359
#, no-wrap
2338
2360
msgid ""
2339
2361
"\n"
2344
2366
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2345
2367
msgstr ""
2346
2368
2347
#: serverguide/C/vpn.xml:562(para)
2369
#: serverguide/C/vpn.xml:548(para)
2348
2370
msgid ""
2349
2371
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2350
2372
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2351
2373
"<filename>/etc/openvpn/up.sh</filename>:"
2352
2374
msgstr ""
2353
2375
2354
#: serverguide/C/vpn.xml:566(programlisting)
2376
#: serverguide/C/vpn.xml:552(programlisting)
2355
2377
#, no-wrap
2356
2378
msgid ""
2357
2379
"\n"
2366
2388
"/sbin/brctl addif $BR $TAPDEV\n"
2367
2389
msgstr ""
2368
2390
2369
#: serverguide/C/vpn.xml:578(para)
2391
#: serverguide/C/vpn.xml:564(para)
2370
2392
msgid "Then make it executable:"
2371
2393
msgstr ""
2372
2394
2373
#: serverguide/C/vpn.xml:583(command)
2395
#: serverguide/C/vpn.xml:569(command)
2374
2396
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2375
2397
msgstr ""
2376
2398
2377
#: serverguide/C/vpn.xml:586(para)
2399
#: serverguide/C/vpn.xml:572(para)
2378
2400
msgid ""
2379
2401
"After configuring the server, restart <application>openvpn</application> by "
2380
2402
"entering:"
2381
2403
msgstr ""
2382
2404
2383
#: serverguide/C/vpn.xml:591(command) serverguide/C/vpn.xml:632(command)
2405
#: serverguide/C/vpn.xml:604(command) serverguide/C/vpn.xml:645(command)
2384
2406
msgid "sudo service openvpn restart"
2385
2407
msgstr ""
2386
2408
2387
#: serverguide/C/vpn.xml:596(title)
2409
#: serverguide/C/vpn.xml:582(title)
2388
2410
msgid "Client Configuration"
2389
2411
msgstr ""
2390
2412
2391
#: serverguide/C/vpn.xml:598(para)
2413
#: serverguide/C/vpn.xml:584(para)
2392
2414
msgid "First, install <application>openvpn</application> on the client:"
2393
2415
msgstr ""
2394
2416
2395
#: serverguide/C/vpn.xml:606(para)
2417
#: serverguide/C/vpn.xml:592(para)
2396
2418
msgid ""
2397
2419
"Then with the server configured and the client certificates copied to the "
2398
2420
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2399
2421
"file by copying the example. In a terminal on the client machine enter:"
2400
2422
msgstr ""
2401
2423
2402
#: serverguide/C/vpn.xml:612(command)
2424
#: serverguide/C/vpn.xml:598(command)
2403
2425
msgid ""
2404
2426
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2405
2427
"/etc/openvpn"
2406
2428
msgstr ""
2407
2429
2408
#: serverguide/C/vpn.xml:615(para)
2430
#: serverguide/C/vpn.xml:601(para)
2409
2431
msgid ""
2410
2432
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2411
2433
"following options:"
2412
2434
msgstr ""
2413
2435
2414
#: serverguide/C/vpn.xml:619(programlisting)
2436
#: serverguide/C/vpn.xml:632(programlisting)
2415
2437
#, no-wrap
2416
2438
msgid ""
2417
2439
"\n"
2422
2444
"key client1.key\n"
2423
2445
msgstr ""
2424
2446
2425
#: serverguide/C/vpn.xml:627(para)
2447
#: serverguide/C/vpn.xml:610(para)
2426
2448
msgid "Finally, restart <application>openvpn</application>:"
2427
2449
msgstr ""
2428
2450
2429
#: serverguide/C/vpn.xml:635(para)
2451
#: serverguide/C/vpn.xml:618(para)
2430
2452
msgid "You should now be able to connect to the remote LAN through the VPN."
2431
2453
msgstr ""
2432
2454
2433
#: serverguide/C/vpn.xml:644(title)
2455
#: serverguide/C/vpn.xml:627(title)
2434
2456
msgid "Client software implementations"
2435
2457
msgstr ""
2436
2458
2437
#: serverguide/C/vpn.xml:647(title)
2459
#: serverguide/C/vpn.xml:630(title)
2438
2460
msgid "Linux Network-Manager GUI for OpenVPN"
2439
2461
msgstr ""
2440
2462
2441
#: serverguide/C/vpn.xml:649(para)
2463
#: serverguide/C/vpn.xml:632(para)
2442
2464
msgid ""
2443
2465
"Many Linux distributions including Ubuntu desktop variants come with Network "
2444
2466
"Manager, a nice GUI to configure your network settings. It also can manage "
2447
2469
"packages as well:"
2448
2470
msgstr ""
2449
2471
2450
#: serverguide/C/vpn.xml:654(programlisting)
2472
#: serverguide/C/vpn.xml:637(programlisting)
2451
2473
#, no-wrap
2452
2474
msgid ""
2453
2475
"\n"
2468
2490
"Do you want to continue [Y/n]? \n"
2469
2491
msgstr ""
2470
2492
2471
#: serverguide/C/vpn.xml:672(para)
2493
#: serverguide/C/vpn.xml:655(para)
2472
2494
msgid ""
2473
2495
"To inform network-manager about the new installed packages you will have to "
2474
2496
"restart it:"
2475
2497
msgstr ""
2476
2498
2477
#: serverguide/C/vpn.xml:676(programlisting)
2499
#: serverguide/C/vpn.xml:659(programlisting)
2478
2500
#, no-wrap
2479
2501
msgid ""
2480
2502
"\n"
2482
2504
"network-manager start/running, process 3078\n"
2483
2505
msgstr ""
2484
2506
2485
#: serverguide/C/vpn.xml:681(para)
2507
#: serverguide/C/vpn.xml:694(para)
2486
2508
msgid ""
2487
2509
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
2488
2510
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
2494
2516
"to establish your VPN."
2495
2517
msgstr ""
2496
2518
2497
#: serverguide/C/vpn.xml:693(title)
2519
#: serverguide/C/vpn.xml:676(title)
2498
2520
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2499
2521
msgstr ""
2500
2522
2501
#: serverguide/C/vpn.xml:695(para)
2523
#: serverguide/C/vpn.xml:678(para)
2502
2524
msgid ""
2503
2525
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2504
2526
"OpenVPN for OS X. The project's homepage is at <ulink "
2510
2532
"Application folder."
2511
2533
msgstr ""
2512
2534
2513
#: serverguide/C/vpn.xml:701(programlisting)
2535
#: serverguide/C/vpn.xml:684(programlisting)
2514
2536
#, no-wrap
2515
2537
msgid ""
2516
2538
"\n"
2533
2555
"key client.key\n"
2534
2556
msgstr ""
2535
2557
2536
#: serverguide/C/vpn.xml:723(title)
2558
#: serverguide/C/vpn.xml:706(title)
2537
2559
msgid "OpenVPN with GUI for Win 7"
2538
2560
msgstr ""
2539
2561
2540
#: serverguide/C/vpn.xml:725(para)
2562
#: serverguide/C/vpn.xml:738(para)
2541
2563
msgid ""
2542
2564
"First download and install the latest <ulink "
2543
2565
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
2546
2568
"binary installer."
2547
2569
msgstr ""
2548
2570
2549
#: serverguide/C/vpn.xml:730(para)
2571
#: serverguide/C/vpn.xml:714(para)
2550
2572
msgid ""
2551
2573
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2552
2574
"> Services and Applications > Services. Find the OpenVPN service and "
2555
2577
"click on it and you will see that option."
2556
2578
msgstr ""
2557
2579
2558
#: serverguide/C/vpn.xml:734(para)
2580
#: serverguide/C/vpn.xml:718(para)
2559
2581
msgid ""
2560
2582
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2561
2583
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2563
2585
"follwing example."
2564
2586
msgstr ""
2565
2587
2566
#: serverguide/C/vpn.xml:738(programlisting)
2588
#: serverguide/C/vpn.xml:751(programlisting)
2567
2589
#, no-wrap
2568
2590
msgid ""
2569
2591
"\n"
2592
2614
"\n"
2593
2615
msgstr ""
2594
2616
2595
#: serverguide/C/vpn.xml:763(para)
2617
#: serverguide/C/vpn.xml:776(para)
2596
2618
msgid ""
2597
2619
"Note: If you are not using user authentication and/or you want to run the "
2598
2620
"service without user interaction, comment out the following options:"
2599
2621
msgstr ""
2600
2622
2601
#: serverguide/C/vpn.xml:766(programlisting)
2623
#: serverguide/C/vpn.xml:779(programlisting)
2602
2624
#, no-wrap
2603
2625
msgid ""
2604
2626
"\n"
2609
2631
"management-query-passwords\n"
2610
2632
msgstr ""
2611
2633
2612
#: serverguide/C/vpn.xml:773(para)
2634
#: serverguide/C/vpn.xml:786(para)
2613
2635
msgid "You may want to set the Windows service to \"automatic\"."
2614
2636
msgstr ""
2615
2637
2616
#: serverguide/C/vpn.xml:777(title)
2638
#: serverguide/C/vpn.xml:747(title)
2617
2639
msgid "OpenVPN for OpenWRT"
2618
2640
msgstr ""
2619
2641
2620
#: serverguide/C/vpn.xml:779(para)
2642
#: serverguide/C/vpn.xml:749(para)
2621
2643
msgid ""
2622
2644
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2623
2645
"router. There are certain types of WLAN routers who can be flashed to run "
2630
2652
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2631
2653
msgstr ""
2632
2654
2633
#: serverguide/C/vpn.xml:788(para)
2655
#: serverguide/C/vpn.xml:758(para)
2634
2656
msgid "Log into your OpenWRT router and install OpenVPN:"
2635
2657
msgstr ""
2636
2658
2637
#: serverguide/C/vpn.xml:793(command)
2659
#: serverguide/C/vpn.xml:763(command)
2638
2660
msgid "opkg update"
2639
2661
msgstr ""
2640
2662
2641
#: serverguide/C/vpn.xml:794(command)
2663
#: serverguide/C/vpn.xml:764(command)
2642
2664
msgid "opkg install openvpn"
2643
2665
msgstr ""
2644
2666
2645
#: serverguide/C/vpn.xml:797(para)
2667
#: serverguide/C/vpn.xml:810(para)
2646
2668
msgid ""
2647
2669
"Check out /etc/config/openvpn and put your client config in there. Copy "
2648
2670
"certificates and keys to /etc/openvpn/"
2649
2671
msgstr ""
2650
2672
2651
#: serverguide/C/vpn.xml:802(programlisting)
2673
#: serverguide/C/vpn.xml:772(programlisting)
2652
2674
#, no-wrap
2653
2675
msgid ""
2654
2676
"\n"
2664
2686
" option comp_lzo 1 \n"
2665
2687
msgstr ""
2666
2688
2667
#: serverguide/C/vpn.xml:815(para)
2689
#: serverguide/C/vpn.xml:785(para)
2668
2690
msgid "Restart OpenVPN:"
2669
2691
msgstr ""
2670
2692
2671
#: serverguide/C/vpn.xml:820(command)
2693
#: serverguide/C/vpn.xml:833(command)
2672
2694
msgid "service openvpn restart"
2673
2695
msgstr ""
2674
2696
2675
#: serverguide/C/vpn.xml:823(para)
2697
#: serverguide/C/vpn.xml:793(para)
2676
2698
msgid ""
2677
2699
"You will have to see if you need to adjust your router's routing and "
2678
2700
"firewall rules."
2679
2701
msgstr ""
2680
2702
2681
#: serverguide/C/vpn.xml:833(para)
2703
#: serverguide/C/vpn.xml:803(para)
2682
2704
msgid ""
2683
2705
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2684
2706
"additional information."
2685
2707
msgstr ""
2686
2708
2687
#: serverguide/C/vpn.xml:839(ulink)
2709
#: serverguide/C/vpn.xml:809(ulink)
2688
2710
msgid "OpenVPN hardening security guide"
2689
2711
msgstr ""
2690
2712
2691
#: serverguide/C/vpn.xml:843(para)
2713
#: serverguide/C/vpn.xml:813(para)
2692
2714
msgid ""
2693
2715
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2694
2716
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2698
2720
msgid "Virtualization"
2699
2721
msgstr ""
2700
2722
2701
#: serverguide/C/virtualization.xml:13(para)
2723
#: serverguide/C/virtualization.xml:12(para)
2702
2724
msgid ""
2703
2725
"Virtualization is being adopted in many different environments and "
2704
2726
"situations. If you are a developer, virtualization can provide you with a "
2708
2730
"services and move them around based on demand."
2709
2731
msgstr ""
2710
2732
2711
#: serverguide/C/virtualization.xml:20(para)
2733
#: serverguide/C/virtualization.xml:18(para)
2712
2734
msgid ""
2713
2735
"The default virtualization technology supported in Ubuntu is "
2714
2736
"<application>KVM</application>. KVM requires virtualization extensions built "
2719
2741
"hardware without virtualization extensions."
2720
2742
msgstr ""
2721
2743
2722
#: serverguide/C/virtualization.xml:29(title)
2744
#: serverguide/C/virtualization.xml:26(title)
2723
2745
msgid "libvirt"
2724
2746
msgstr ""
2725
2747
2726
#: serverguide/C/virtualization.xml:31(para)
2748
#: serverguide/C/virtualization.xml:27(para)
2727
2749
msgid ""
2728
2750
"The <application>libvirt</application> library is used to interface with "
2729
2751
"different virtualization technologies. Before getting started with "
2732
2754
"<application>KVM</application>. Enter the following from a terminal prompt:"
2733
2755
msgstr ""
2734
2756
2735
#: serverguide/C/virtualization.xml:39(command)
2757
#: serverguide/C/virtualization.xml:34(command)
2736
2758
msgid "kvm-ok"
2737
2759
msgstr ""
2738
2760
2739
#: serverguide/C/virtualization.xml:42(para)
2761
#: serverguide/C/virtualization.xml:36(para)
2740
2762
msgid ""
2741
2763
"A message will be printed informing you if your CPU "
2742
2764
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2750
2772
"it."
2751
2773
msgstr ""
2752
2774
2753
#: serverguide/C/virtualization.xml:53(title)
2775
#: serverguide/C/virtualization.xml:46(title)
2754
2776
msgid "Virtual Networking"
2755
2777
msgstr ""
2756
2778
2772
2794
"to the rest of the network."
2773
2795
msgstr ""
2774
2796
2775
#: serverguide/C/virtualization.xml:72(para)
2797
#: serverguide/C/virtualization.xml:62(para)
2776
2798
msgid "To install the necessary packages, from a terminal prompt enter:"
2777
2799
msgstr ""
2778
2800
2780
2802
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2781
2803
msgstr ""
2782
2804
2783
#: serverguide/C/virtualization.xml:79(para)
2805
#: serverguide/C/virtualization.xml:68(para)
2784
2806
msgid ""
2785
2807
"After installing <application>libvirt-bin</application>, the user used to "
2786
2808
"manage virtual machines will need to be added to the "
2788
2810
"the advanced networking options."
2789
2811
msgstr ""
2790
2812
2791
#: serverguide/C/virtualization.xml:84(para)
2813
#: serverguide/C/virtualization.xml:72(para)
2792
2814
msgid "In a terminal enter:"
2793
2815
msgstr ""
2794
2816
2795
#: serverguide/C/virtualization.xml:87(command)
2817
#: serverguide/C/virtualization.xml:76(command)
2796
2818
msgid "sudo adduser $USER libvirtd"
2797
2819
msgstr ""
2798
2820
2799
#: serverguide/C/virtualization.xml:91(para)
2821
#: serverguide/C/virtualization.xml:79(para)
2800
2822
msgid ""
2801
2823
"If the user chosen is the current user, you will need to log out and back in "
2802
2824
"for the new group membership to take effect."
2803
2825
msgstr ""
2804
2826
2805
#: serverguide/C/virtualization.xml:95(para)
2827
#: serverguide/C/virtualization.xml:83(para)
2806
2828
msgid ""
2807
2829
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2808
2830
"Installing a virtual machine follows the same process as installing the "
2811
2833
"physical machine."
2812
2834
msgstr ""
2813
2835
2814
#: serverguide/C/virtualization.xml:101(para)
2836
#: serverguide/C/virtualization.xml:88(para)
2815
2837
msgid ""
2816
2838
"In the case of virtual machines a Graphical User Interface (GUI) is "
2817
2839
"analogous to using a physical keyboard and mouse. Instead of installing a "
2836
2858
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2837
2859
msgstr ""
2838
2860
2839
#: serverguide/C/virtualization.xml:119(para)
2861
#: serverguide/C/virtualization.xml:101(para)
2840
2862
msgid ""
2841
2863
"Libvirt can also be configured work with <application>Xen</application>. For "
2842
2864
"details, see the Xen Ubuntu community page referenced below."
2843
2865
msgstr ""
2844
2866
2845
#: serverguide/C/virtualization.xml:125(title)
2867
#: serverguide/C/virtualization.xml:106(title)
2846
2868
msgid "virt-install"
2847
2869
msgstr ""
2848
2870
2849
#: serverguide/C/virtualization.xml:127(para)
2871
#: serverguide/C/virtualization.xml:107(para)
2850
2872
msgid ""
2851
2873
"<application>virt-install</application> is part of the "
2852
2874
"<application>virtinst</application> package. To install it, from a terminal "
2853
2875
"prompt enter:"
2854
2876
msgstr ""
2855
2877
2856
#: serverguide/C/virtualization.xml:132(command)
2878
#: serverguide/C/virtualization.xml:111(command)
2857
2879
msgid "sudo apt-get install virtinst"
2858
2880
msgstr ""
2859
2881
2860
#: serverguide/C/virtualization.xml:135(para)
2882
#: serverguide/C/virtualization.xml:113(para)
2861
2883
msgid ""
2862
2884
"There are several options available when using <application>virt-"
2863
2885
"install</application>. For example:"
2871
2893
"vnc,listen=0.0.0.0 --noautoconsole -v"
2872
2894
msgstr ""
2873
2895
2874
#: serverguide/C/virtualization.xml:147(para)
2896
#: serverguide/C/virtualization.xml:124(para)
2875
2897
msgid ""
2876
2898
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2877
2899
"be <emphasis>web_devel</emphasis> in this example."
2878
2900
msgstr ""
2879
2901
2880
#: serverguide/C/virtualization.xml:153(para)
2902
#: serverguide/C/virtualization.xml:129(para)
2881
2903
msgid ""
2882
2904
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2883
2905
"machine will use in megabytes."
2884
2906
msgstr ""
2885
2907
2886
#: serverguide/C/virtualization.xml:158(para)
2908
#: serverguide/C/virtualization.xml:134(para)
2887
2909
msgid ""
2888
2910
"<emphasis>--disk "
2889
2911
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2900
2922
"CDROM device."
2901
2923
msgstr ""
2902
2924
2903
#: serverguide/C/virtualization.xml:174(para)
2925
#: serverguide/C/virtualization.xml:152(para)
2904
2926
msgid ""
2905
2927
"<emphasis>--network</emphasis> provides details related to the VM's network "
2906
2928
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2915
2937
"connect via VNC to complete the installation."
2916
2938
msgstr ""
2917
2939
2918
#: serverguide/C/virtualization.xml:189(para)
2940
#: serverguide/C/virtualization.xml:163(para)
2919
2941
msgid ""
2920
2942
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2921
2943
"virtual machine's console."
2922
2944
msgstr ""
2923
2945
2924
#: serverguide/C/virtualization.xml:194(para)
2946
#: serverguide/C/virtualization.xml:168(para)
2925
2947
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2926
2948
msgstr ""
2927
2949
2932
2954
"a GUI), or via a remote VNC client from a GUI based computer."
2933
2955
msgstr ""
2934
2956
2935
#: serverguide/C/virtualization.xml:206(title)
2957
#: serverguide/C/virtualization.xml:179(title)
2936
2958
msgid "virt-clone"
2937
2959
msgstr ""
2938
2960
2939
#: serverguide/C/virtualization.xml:208(para)
2961
#: serverguide/C/virtualization.xml:180(para)
2940
2962
msgid ""
2941
2963
"The <application>virt-clone</application> application can be used to copy "
2942
2964
"one virtual machine to another. For example:"
2943
2965
msgstr ""
2944
2966
2945
#: serverguide/C/virtualization.xml:212(command)
2967
#: serverguide/C/virtualization.xml:184(command)
2946
2968
msgid ""
2947
2969
"sudo virt-clone -o web_devel -n database_devel -f "
2948
2970
"/path/to/database_devel.img \\ --connect=qemu:///system"
2949
2971
msgstr ""
2950
2972
2951
#: serverguide/C/virtualization.xml:218(para)
2973
#: serverguide/C/virtualization.xml:189(para)
2952
2974
msgid "<emphasis>-o:</emphasis> original virtual machine."
2953
2975
msgstr ""
2954
2976
2955
#: serverguide/C/virtualization.xml:222(para)
2977
#: serverguide/C/virtualization.xml:194(para)
2956
2978
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2957
2979
msgstr ""
2958
2980
2959
#: serverguide/C/virtualization.xml:227(para)
2981
#: serverguide/C/virtualization.xml:199(para)
2960
2982
msgid ""
2961
2983
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2962
2984
"be used by the new virtual machine."
2963
2985
msgstr ""
2964
2986
2965
#: serverguide/C/virtualization.xml:232(para)
2987
#: serverguide/C/virtualization.xml:204(para)
2966
2988
msgid ""
2967
2989
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2968
2990
msgstr ""
2969
2991
2970
#: serverguide/C/virtualization.xml:237(para)
2992
#: serverguide/C/virtualization.xml:209(para)
2971
2993
msgid ""
2972
2994
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2973
2995
"help troubleshoot problems with <application>virt-clone</application>."
2974
2996
msgstr ""
2975
2997
2976
#: serverguide/C/virtualization.xml:242(para)
2998
#: serverguide/C/virtualization.xml:214(para)
2977
2999
msgid ""
2978
3000
"Replace <emphasis>web_devel</emphasis> and "
2979
3001
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2980
3002
msgstr ""
2981
3003
2982
#: serverguide/C/virtualization.xml:249(title)
3004
#: serverguide/C/virtualization.xml:220(title)
2983
3005
msgid "Virtual Machine Management"
2984
3006
msgstr ""
2985
3007
2986
#: serverguide/C/virtualization.xml:252(title)
3008
#: serverguide/C/virtualization.xml:222(title)
2987
3009
msgid "virsh"
2988
3010
msgstr ""
2989
3011
2990
#: serverguide/C/virtualization.xml:254(para)
3012
#: serverguide/C/virtualization.xml:223(para)
2991
3013
msgid ""
2992
3014
"There are several utilities available to manage virtual machines and "
2993
3015
"<application>libvirt</application>. The <application>virsh</application> "
2994
3016
"utility can be used from the command line. Some examples:"
2995
3017
msgstr ""
2996
3018
2997
#: serverguide/C/virtualization.xml:261(para)
3019
#: serverguide/C/virtualization.xml:229(para)
2998
3020
msgid "To list running virtual machines:"
2999
3021
msgstr ""
3000
3022
3001
#: serverguide/C/virtualization.xml:264(command)
3023
#: serverguide/C/virtualization.xml:233(command)
3002
3024
msgid "virsh -c qemu:///system list"
3003
3025
msgstr ""
3004
3026
3005
#: serverguide/C/virtualization.xml:269(para)
3027
#: serverguide/C/virtualization.xml:237(para)
3006
3028
msgid "To start a virtual machine:"
3007
3029
msgstr ""
3008
3030
3009
#: serverguide/C/virtualization.xml:272(command)
3031
#: serverguide/C/virtualization.xml:241(command)
3010
3032
msgid "virsh -c qemu:///system start web_devel"
3011
3033
msgstr ""
3012
3034
3013
#: serverguide/C/virtualization.xml:277(para)
3035
#: serverguide/C/virtualization.xml:245(para)
3014
3036
msgid "Similarly, to start a virtual machine at boot:"
3015
3037
msgstr ""
3016
3038
3017
#: serverguide/C/virtualization.xml:280(command)
3039
#: serverguide/C/virtualization.xml:249(command)
3018
3040
msgid "virsh -c qemu:///system autostart web_devel"
3019
3041
msgstr ""
3020
3042
3021
#: serverguide/C/virtualization.xml:285(para)
3043
#: serverguide/C/virtualization.xml:253(para)
3022
3044
msgid "Reboot a virtual machine with:"
3023
3045
msgstr ""
3024
3046
3025
#: serverguide/C/virtualization.xml:288(command)
3047
#: serverguide/C/virtualization.xml:257(command)
3026
3048
msgid "virsh -c qemu:///system reboot web_devel"
3027
3049
msgstr ""
3028
3050
3029
#: serverguide/C/virtualization.xml:293(para)
3051
#: serverguide/C/virtualization.xml:261(para)
3030
3052
msgid ""
3031
3053
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3032
3054
"order to be restored later. The following will save the virtual machine "
3033
3055
"state into a file named according to the date:"
3034
3056
msgstr ""
3035
3057
3036
#: serverguide/C/virtualization.xml:299(command)
3058
#: serverguide/C/virtualization.xml:266(command)
3037
3059
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3038
3060
msgstr ""
3039
3061
3040
#: serverguide/C/virtualization.xml:302(para)
3062
#: serverguide/C/virtualization.xml:268(para)
3041
3063
msgid "Once saved the virtual machine will no longer be running."
3042
3064
msgstr ""
3043
3065
3044
#: serverguide/C/virtualization.xml:307(para)
3066
#: serverguide/C/virtualization.xml:273(para)
3045
3067
msgid "A saved virtual machine can be restored using:"
3046
3068
msgstr ""
3047
3069
3048
#: serverguide/C/virtualization.xml:310(command)
3070
#: serverguide/C/virtualization.xml:277(command)
3049
3071
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3050
3072
msgstr ""
3051
3073
3052
#: serverguide/C/virtualization.xml:315(para)
3074
#: serverguide/C/virtualization.xml:281(para)
3053
3075
msgid "To shutdown a virtual machine do:"
3054
3076
msgstr ""
3055
3077
3056
#: serverguide/C/virtualization.xml:318(command)
3078
#: serverguide/C/virtualization.xml:285(command)
3057
3079
msgid "virsh -c qemu:///system shutdown web_devel"
3058
3080
msgstr ""
3059
3081
3060
#: serverguide/C/virtualization.xml:323(para)
3082
#: serverguide/C/virtualization.xml:289(para)
3061
3083
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3062
3084
msgstr ""
3063
3085
3064
#: serverguide/C/virtualization.xml:327(command)
3086
#: serverguide/C/virtualization.xml:293(command)
3065
3087
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3066
3088
msgstr ""
3067
3089
3068
#: serverguide/C/virtualization.xml:333(para)
3090
#: serverguide/C/virtualization.xml:298(para)
3069
3091
msgid ""
3070
3092
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3071
3093
"appropriate virtual machine name, and <filename>web_devel-"
3072
3094
"022708.state</filename> with a descriptive file name."
3073
3095
msgstr ""
3074
3096
3075
#: serverguide/C/virtualization.xml:341(title)
3097
#: serverguide/C/virtualization.xml:305(title)
3076
3098
msgid "Virtual Machine Manager"
3077
3099
msgstr ""
3078
3100
3079
#: serverguide/C/virtualization.xml:343(para)
3101
#: serverguide/C/virtualization.xml:306(para)
3080
3102
msgid ""
3081
3103
"The <application>virt-manager</application> package contains a graphical "
3082
3104
"utility to manage local and remote virtual machines. To install virt-manager "
3083
3105
"enter:"
3084
3106
msgstr ""
3085
3107
3086
#: serverguide/C/virtualization.xml:348(command)
3108
#: serverguide/C/virtualization.xml:311(command)
3087
3109
msgid "sudo apt-get install virt-manager"
3088
3110
msgstr ""
3089
3111
3090
#: serverguide/C/virtualization.xml:351(para)
3112
#: serverguide/C/virtualization.xml:313(para)
3091
3113
msgid ""
3092
3114
"Since <application>virt-manager</application> requires a Graphical User "
3093
3115
"Interface (GUI) environment it is recommended to be installed on a "
3095
3117
"the local <application>libvirt</application> service enter:"
3096
3118
msgstr ""
3097
3119
3098
#: serverguide/C/virtualization.xml:358(command)
3120
#: serverguide/C/virtualization.xml:319(command)
3099
3121
msgid "virt-manager -c qemu:///system"
3100
3122
msgstr ""
3101
3123
3102
#: serverguide/C/virtualization.xml:361(para)
3124
#: serverguide/C/virtualization.xml:321(para)
3103
3125
msgid ""
3104
3126
"You can connect to the <application>libvirt</application> service running on "
3105
3127
"another host by entering the following in a terminal prompt:"
3106
3128
msgstr ""
3107
3129
3108
#: serverguide/C/virtualization.xml:366(command)
3130
#: serverguide/C/virtualization.xml:325(command)
3109
3131
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3110
3132
msgstr ""
3111
3133
3112
#: serverguide/C/virtualization.xml:370(para)
3134
#: serverguide/C/virtualization.xml:328(para)
3113
3135
msgid ""
3114
3136
"The above example assumes that <application>SSH</application> connectivity "
3115
3137
"between the management system and virtnode1.mydomain.com has already been "
3120
3142
"linkend=\"openssh-server\"/>"
3121
3143
msgstr ""
3122
3144
3123
#: serverguide/C/virtualization.xml:383(title)
3145
#: serverguide/C/virtualization.xml:338(title)
3124
3146
msgid "Virtual Machine Viewer"
3125
3147
msgstr ""
3126
3148
3127
#: serverguide/C/virtualization.xml:385(para)
3149
#: serverguide/C/virtualization.xml:339(para)
3128
3150
msgid ""
3129
3151
"The <application>virt-viewer</application> application allows you to connect "
3130
3152
"to a virtual machine's console. <application>virt-viewer</application> does "
3132
3154
"machine."
3133
3155
msgstr ""
3134
3156
3135
#: serverguide/C/virtualization.xml:390(para)
3157
#: serverguide/C/virtualization.xml:343(para)
3136
3158
msgid ""
3137
3159
"To install <application>virt-viewer</application> from a terminal enter:"
3138
3160
msgstr ""
3139
3161
3140
#: serverguide/C/virtualization.xml:394(command)
3162
#: serverguide/C/virtualization.xml:347(command)
3141
3163
msgid "sudo apt-get install virt-viewer"
3142
3164
msgstr ""
3143
3165
3144
#: serverguide/C/virtualization.xml:397(para)
3166
#: serverguide/C/virtualization.xml:349(para)
3145
3167
msgid ""
3146
3168
"Once a virtual machine is installed and running you can connect to the "
3147
3169
"virtual machine's console by using:"
3148
3170
msgstr ""
3149
3171
3150
#: serverguide/C/virtualization.xml:401(command)
3172
#: serverguide/C/virtualization.xml:353(command)
3151
3173
msgid "virt-viewer -c qemu:///system web_devel"
3152
3174
msgstr ""
3153
3175
3154
#: serverguide/C/virtualization.xml:404(para)
3176
#: serverguide/C/virtualization.xml:355(para)
3155
3177
msgid ""
3156
3178
"Similar to <application>virt-manager</application>, <application>virt-"
3157
3179
"viewer</application> can connect to a remote host using "
3158
3180
"<emphasis>SSH</emphasis> with key authentication, as well:"
3159
3181
msgstr ""
3160
3182
3161
#: serverguide/C/virtualization.xml:409(command)
3183
#: serverguide/C/virtualization.xml:360(command)
3162
3184
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3163
3185
msgstr ""
3164
3186
3165
#: serverguide/C/virtualization.xml:412(para)
3187
#: serverguide/C/virtualization.xml:362(para)
3166
3188
msgid ""
3167
3189
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3168
3190
"appropriate virtual machine name."
3174
3196
"can also setup <application>SSH</application> access to the virtual machine."
3175
3197
msgstr ""
3176
3198
3177
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:667(title) serverguide/C/virtualization.xml:738(title) serverguide/C/virtualization.xml:1792(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2112(title) serverguide/C/network-auth.xml:2646(title) serverguide/C/network-auth.xml:3362(title) serverguide/C/network-auth.xml:3915(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1160(title) serverguide/C/installation.xml:1365(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:864(title)
3199
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3178
3200
msgid "Resources"
3179
3201
msgstr ""
3180
3202
3184
3206
"more details."
3185
3207
msgstr ""
3186
3208
3187
#: serverguide/C/virtualization.xml:430(para)
3209
#: serverguide/C/virtualization.xml:379(para)
3188
3210
msgid ""
3189
3211
"For more information on <application>libvirt</application> see the <ulink "
3190
3212
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3191
3213
msgstr ""
3192
3214
3193
#: serverguide/C/virtualization.xml:436(para)
3215
#: serverguide/C/virtualization.xml:384(para)
3194
3216
msgid ""
3195
3217
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3196
3218
"Manager</ulink> site has more information on <application>virt-"
3197
3219
"manager</application> development."
3198
3220
msgstr ""
3199
3221
3200
#: serverguide/C/virtualization.xml:442(para)
3222
#: serverguide/C/virtualization.xml:390(para)
3201
3223
msgid ""
3202
3224
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3203
3225
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3204
3226
"technology in Ubuntu."
3205
3227
msgstr ""
3206
3228
3207
#: serverguide/C/virtualization.xml:448(para)
3229
#: serverguide/C/virtualization.xml:396(para)
3208
3230
msgid ""
3209
3231
"Another good resource is the <ulink "
3210
3232
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3211
3233
msgstr ""
3212
3234
3213
#: serverguide/C/virtualization.xml:454(para)
3235
#: serverguide/C/virtualization.xml:401(para)
3214
3236
msgid ""
3215
3237
"For information on Xen, including using Xen with libvirt, please see the "
3216
3238
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3221
3243
msgid "Cloud images and uvtool"
3222
3244
msgstr ""
3223
3245
3224
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1194(title)
3246
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3225
3247
msgid "Introduction"
3226
3248
msgstr ""
3227
3249
3536
3558
3537
3559
#: serverguide/C/virtualization.xml:658(para)
3538
3560
msgid ""
3539
"--run-script-one script_file : Run script_file as root on the VM the first "
3561
"--run-script-once script_file : Run script_file as root on the VM the first "
3540
3562
"time it is booted, but never again."
3541
3563
msgstr ""
3542
3564
3552
3574
"manpage of uvt-kvm"
3553
3575
msgstr ""
3554
3576
3555
#: serverguide/C/virtualization.xml:669(para)
3577
#: serverguide/C/virtualization.xml:1073(para)
3556
3578
msgid ""
3557
3579
"If you are interested in learning more, have questions or suggestions, "
3558
3580
"please contact the Ubuntu Server Team at:"
3559
3581
msgstr ""
3560
3582
3561
#: serverguide/C/virtualization.xml:674(para)
3583
#: serverguide/C/virtualization.xml:1078(para)
3562
3584
msgid "IRC: #ubuntu-server on freenode"
3563
3585
msgstr ""
3564
3586
3565
#: serverguide/C/virtualization.xml:678(para)
3587
#: serverguide/C/virtualization.xml:1083(para)
3566
3588
msgid ""
3567
3589
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3568
3590
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3569
3591
msgstr ""
3570
3592
3571
#: serverguide/C/virtualization.xml:687(title)
3593
#: serverguide/C/virtualization.xml:2121(title)
3572
3594
msgid "Ubuntu Cloud"
3573
3595
msgstr ""
3574
3596
3575
#: serverguide/C/virtualization.xml:689(para)
3597
#: serverguide/C/virtualization.xml:2122(para)
3576
3598
msgid ""
3577
3599
"<application>Cloud computing</application> is a computing model that allows "
3578
3600
"vast pools of resources to be allocated on-demand. These resources such as "
3596
3618
"concerning installation and configuration."
3597
3619
msgstr ""
3598
3620
3599
#: serverguide/C/virtualization.xml:711(title)
3621
#: serverguide/C/virtualization.xml:2452(title)
3600
3622
msgid "Support and Troubleshooting"
3601
3623
msgstr ""
3602
3624
3603
#: serverguide/C/virtualization.xml:713(para)
3625
#: serverguide/C/virtualization.xml:2453(para)
3604
3626
msgid "Community Support"
3605
3627
msgstr ""
3606
3628
3607
#: serverguide/C/virtualization.xml:717(ulink)
3629
#: serverguide/C/virtualization.xml:2457(ulink)
3608
3630
msgid "OpenStack Mailing list"
3609
3631
msgstr ""
3610
3632
3611
#: serverguide/C/virtualization.xml:722(ulink)
3633
#: serverguide/C/virtualization.xml:2462(ulink)
3612
3634
msgid "The OpenStack Wiki search"
3613
3635
msgstr ""
3614
3636
3615
#: serverguide/C/virtualization.xml:727(ulink)
3637
#: serverguide/C/virtualization.xml:2468(ulink)
3616
3638
msgid "Launchpad bugs area"
3617
3639
msgstr ""
3618
3640
3619
#: serverguide/C/virtualization.xml:732(para)
3641
#: serverguide/C/virtualization.xml:2472(para)
3620
3642
msgid "Join the IRC channel #openstack on freenode."
3621
3643
msgstr ""
3622
3644
3623
#: serverguide/C/virtualization.xml:743(ulink)
3645
#: serverguide/C/virtualization.xml:2486(ulink)
3624
3646
msgid "Cloud Computing - Service models"
3625
3647
msgstr ""
3626
3648
3627
#: serverguide/C/virtualization.xml:749(ulink)
3649
#: serverguide/C/virtualization.xml:2491(ulink)
3628
3650
msgid "OpenStack Compute"
3629
3651
msgstr ""
3630
3652
3631
#: serverguide/C/virtualization.xml:755(ulink)
3653
#: serverguide/C/virtualization.xml:2496(ulink)
3632
3654
msgid "OpenStack Image Service"
3633
3655
msgstr ""
3634
3656
3635
#: serverguide/C/virtualization.xml:761(ulink)
3657
#: serverguide/C/virtualization.xml:2501(ulink)
3636
3658
msgid "OpenStack Object Storage Administration Guide"
3637
3659
msgstr ""
3638
3660
3639
#: serverguide/C/virtualization.xml:767(ulink)
3661
#: serverguide/C/virtualization.xml:2506(ulink)
3640
3662
msgid "Installing OpenStack Object Storage on Ubuntu"
3641
3663
msgstr ""
3642
3664
3643
#: serverguide/C/virtualization.xml:773(ulink)
3665
#: serverguide/C/virtualization.xml:2511(ulink)
3644
3666
msgid "http://cloudglossary.com/"
3645
3667
msgstr ""
3646
3668
3647
#: serverguide/C/virtualization.xml:783(title)
3669
#: serverguide/C/virtualization.xml:2586(title)
3648
3670
msgid "LXC"
3649
3671
msgstr ""
3650
3672
3653
3675
"Containers are a lightweight virtualization technology. They are more akin "
3654
3676
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3655
3677
"because they do not emulate hardware and because containers share the same "
3656
"operating system as the host. Therefore containers are better compared to "
3657
"Solaris zones or BSD jails. Linux-vserver and OpenVZ are two pre-existing, "
3658
"independently developed implementations of containers-like functionality for "
3659
"Linux. In fact, containers came about as a result of the work to upstream "
3660
"the vserver and OpenVZ functionality."
3678
"operating system as the host. Containers are similar to Solaris zones or BSD "
3679
"jails. Linux-vserver and OpenVZ are two pre-existing, independently "
3680
"developed implementations of containers-like functionality for Linux. In "
3681
"fact, containers came about as a result of the work to upstream the vserver "
3682
"and OpenVZ functionality."
3661
3683
msgstr ""
3662
3684
3663
#: serverguide/C/virtualization.xml:795(para)
3685
#: serverguide/C/virtualization.xml:2602(para)
3664
3686
msgid ""
3665
3687
"There are two user-space implementations of containers, each exploiting the "
3666
3688
"same kernel features. Libvirt allows the use of containers through the LXC "
3678
3700
"Apparmor protection for libvirt-lxc containers."
3679
3701
msgstr ""
3680
3702
3681
#: serverguide/C/virtualization.xml:809(para)
3703
#: serverguide/C/virtualization.xml:2618(para)
3682
3704
msgid "In this document, a container name will be shown as CN, C1, or C2."
3683
3705
msgstr ""
3684
3706
3685
#: serverguide/C/virtualization.xml:815(para)
3707
#: serverguide/C/virtualization.xml:2624(para)
3686
3708
msgid "The <application>lxc</application> package can be installed using"
3687
3709
msgstr ""
3688
3710
3689
#: serverguide/C/virtualization.xml:819(command)
3711
#: serverguide/C/virtualization.xml:2629(command)
3690
3712
msgid "sudo apt-get install lxc"
3691
3713
msgstr ""
3692
3714
3927
3949
"commands using the \"-P|--lxcpath\" argument."
3928
3950
msgstr ""
3929
3951
3930
#: serverguide/C/virtualization.xml:1042(title) serverguide/C/network-config.xml:11(title)
3952
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3931
3953
msgid "Networking"
3932
3954
msgstr ""
3933
3955
4037
4059
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4038
4060
msgstr ""
4039
4061
4040
#: serverguide/C/virtualization.xml:1142(title)
4062
#: serverguide/C/virtualization.xml:3232(title)
4041
4063
msgid "Backing Stores"
4042
4064
msgstr ""
4043
4065
4164
4186
"lxc.container.conf for more information."
4165
4187
msgstr ""
4166
4188
4167
#: serverguide/C/virtualization.xml:1256(title)
4189
#: serverguide/C/virtualization.xml:2859(title)
4168
4190
msgid "Apparmor"
4169
4191
msgstr ""
4170
4192
4176
4198
"trigger</filename> or to most <filename>/sys</filename> files."
4177
4199
msgstr ""
4178
4200
4179
#: serverguide/C/virtualization.xml:1264(para)
4201
#: serverguide/C/virtualization.xml:2867(para)
4180
4202
msgid ""
4181
4203
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4182
4204
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4196
4218
"to enter the MySQL profile (to protect the container)."
4197
4219
msgstr ""
4198
4220
4199
#: serverguide/C/virtualization.xml:1280(para)
4221
#: serverguide/C/virtualization.xml:2926(para)
4200
4222
msgid ""
4201
4223
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4202
4224
"container it spawns will be confined."
4206
4228
msgid "Customizing container policies"
4207
4229
msgstr ""
4208
4230
4209
#: serverguide/C/virtualization.xml:1284(para)
4231
#: serverguide/C/virtualization.xml:2879(para)
4210
4232
msgid ""
4211
4233
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4212
4234
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4213
4235
"start profile by doing:"
4214
4236
msgstr ""
4215
4237
4216
#: serverguide/C/virtualization.xml:1288(screen)
4238
#: serverguide/C/virtualization.xml:2885(screen)
4217
4239
#, no-wrap
4218
4240
msgid ""
4219
4241
"\n"
4221
4243
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4222
4244
msgstr ""
4223
4245
4224
#: serverguide/C/virtualization.xml:1293(para)
4246
#: serverguide/C/virtualization.xml:2890(para)
4225
4247
msgid ""
4226
4248
"This will make <command>lxc-start</command> run unconfined, but continue to "
4227
4249
"confine the container itself. If you also wish to disable confinement of the "
4229
4251
"start</filename> profile, you must add:"
4230
4252
msgstr ""
4231
4253
4232
#: serverguide/C/virtualization.xml:1298(screen)
4254
#: serverguide/C/virtualization.xml:2897(screen)
4233
4255
#, no-wrap
4234
4256
msgid ""
4235
4257
"\n"
4288
4310
msgid "After creating the policy, load it using:"
4289
4311
msgstr ""
4290
4312
4291
#: serverguide/C/virtualization.xml:1348(screen)
4313
#: serverguide/C/virtualization.xml:2910(screen)
4292
4314
#, no-wrap
4293
4315
msgid ""
4294
4316
"\n"
4295
4317
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4296
4318
msgstr ""
4297
4319
4298
#: serverguide/C/virtualization.xml:1352(para)
4320
#: serverguide/C/virtualization.xml:2914(para)
4299
4321
msgid ""
4300
4322
"The profile will automatically be loaded after a reboot, because it is "
4301
4323
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4304
4326
"configuration file:"
4305
4327
msgstr ""
4306
4328
4307
#: serverguide/C/virtualization.xml:1359(screen)
4329
#: serverguide/C/virtualization.xml:2922(screen)
4308
4330
#, no-wrap
4309
4331
msgid ""
4310
4332
"\n"
4311
4333
"lxc.aa_profile = lxc-CN-profile\n"
4312
4334
msgstr ""
4313
4335
4314
#: serverguide/C/virtualization.xml:1367(title) serverguide/C/cgroups.xml:11(title)
4336
#: serverguide/C/virtualization.xml:2934(title)
4315
4337
msgid "Control Groups"
4316
4338
msgstr ""
4317
4339
4362
4384
"requests for which they are not authorized."
4363
4385
msgstr ""
4364
4386
4365
#: serverguide/C/virtualization.xml:1414(title)
4387
#: serverguide/C/virtualization.xml:3262(title)
4366
4388
msgid "Cloning"
4367
4389
msgstr ""
4368
4390
4405
4427
msgid "Given an existing container called C1, a copy can be created using:"
4406
4428
msgstr ""
4407
4429
4408
#: serverguide/C/virtualization.xml:1450(command)
4430
#: serverguide/C/virtualization.xml:3274(command)
4409
4431
msgid "sudo lxc-clone -o C1 -n C2"
4410
4432
msgstr ""
4411
4433
4413
4435
msgid "A snapshot can be created using"
4414
4436
msgstr ""
4415
4437
4416
#: serverguide/C/virtualization.xml:1457(command)
4438
#: serverguide/C/virtualization.xml:3288(command)
4417
4439
msgid "sudo lxc-clone -s -o C1 -n C2"
4418
4440
msgstr ""
4419
4441
4539
4561
"lxc package to serve as an example of how to write and use such hooks."
4540
4562
msgstr ""
4541
4563
4542
#: serverguide/C/virtualization.xml:1579(title)
4564
#: serverguide/C/virtualization.xml:3452(title)
4543
4565
msgid "Consoles"
4544
4566
msgstr ""
4545
4567
4557
4579
"3 from the host, use"
4558
4580
msgstr ""
4559
4581
4560
#: serverguide/C/virtualization.xml:1594(command)
4582
#: serverguide/C/virtualization.xml:3467(command)
4561
4583
msgid "sudo lxc-console -n container -t 3"
4562
4584
msgstr ""
4563
4585
4564
#: serverguide/C/virtualization.xml:1599(para)
4586
#: serverguide/C/virtualization.xml:3472(para)
4565
4587
msgid ""
4566
4588
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4567
4589
"console will be automatically chosen. To exit the console, use the escape "
4570
4592
"d</emphasis> option."
4571
4593
msgstr ""
4572
4594
4573
#: serverguide/C/virtualization.xml:1605(para)
4595
#: serverguide/C/virtualization.xml:3480(para)
4574
4596
msgid ""
4575
4597
"Each container console is actually a Unix98 pty in the host's (not the "
4576
4598
"guest's) pty mount, bind-mounted over the guest's "
4583
4605
"<filename>/dev</filename>."
4584
4606
msgstr ""
4585
4607
4586
#: serverguide/C/virtualization.xml:1617(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1702(title) serverguide/C/dns.xml:375(title)
4608
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4587
4609
msgid "Troubleshooting"
4588
4610
msgstr ""
4589
4611
4590
#: serverguide/C/virtualization.xml:1619(title) serverguide/C/network-auth.xml:765(title) serverguide/C/dns.xml:517(title)
4612
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4591
4613
msgid "Logging"
4592
4614
msgstr ""
4593
4615
4604
4626
"new log information will be appended."
4605
4627
msgstr ""
4606
4628
4607
#: serverguide/C/virtualization.xml:1635(title)
4629
#: serverguide/C/virtualization.xml:3414(title)
4608
4630
msgid "Monitoring container status"
4609
4631
msgstr ""
4610
4632
4611
#: serverguide/C/virtualization.xml:1637(para)
4633
#: serverguide/C/virtualization.xml:3416(para)
4612
4634
msgid ""
4613
4635
"Two commands are available to monitor container state changes. <command>lxc-"
4614
4636
"monitor</command> monitors one or more containers for any state changes. It "
4620
4642
"instance,"
4621
4643
msgstr ""
4622
4644
4623
#: serverguide/C/virtualization.xml:1647(command)
4645
#: serverguide/C/virtualization.xml:3429(command)
4624
4646
msgid "sudo lxc-monitor -n cont[0-5]*"
4625
4647
msgstr ""
4626
4648
4627
#: serverguide/C/virtualization.xml:1652(para)
4649
#: serverguide/C/virtualization.xml:3434(para)
4628
4650
msgid ""
4629
4651
"would print all state changes to any containers matching the listed regular "
4630
4652
"expression, whereas"
4631
4653
msgstr ""
4632
4654
4633
#: serverguide/C/virtualization.xml:1656(command)
4655
#: serverguide/C/virtualization.xml:3440(command)
4634
4656
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4635
4657
msgstr ""
4636
4658
4637
#: serverguide/C/virtualization.xml:1661(para)
4659
#: serverguide/C/virtualization.xml:3445(para)
4638
4660
msgid ""
4639
4661
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4640
4662
"then exit."
4720
4742
"True\n"
4721
4743
msgstr ""
4722
4744
4723
#: serverguide/C/virtualization.xml:1740(title) serverguide/C/security.xml:11(title)
4745
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4724
4746
msgid "Security"
4725
4747
msgstr ""
4726
4748
4727
#: serverguide/C/virtualization.xml:1742(para)
4749
#: serverguide/C/virtualization.xml:4351(para)
4728
4750
msgid ""
4729
4751
"A namespace maps ids to resources. By not providing a container any id with "
4730
4752
"which to reference a resource, the resource can be protected. This is the "
4746
4768
"host."
4747
4769
msgstr ""
4748
4770
4749
#: serverguide/C/virtualization.xml:1762(title)
4771
#: serverguide/C/virtualization.xml:4375(title)
4750
4772
msgid "Exploitable system calls"
4751
4773
msgstr ""
4752
4774
4782
4804
"loaded."
4783
4805
msgstr ""
4784
4806
4785
#: serverguide/C/virtualization.xml:1796(para)
4807
#: serverguide/C/virtualization.xml:4392(para)
4786
4808
msgid ""
4787
4809
"The DeveloperWorks article <ulink "
4788
4810
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4790
4812
"to the use of containers."
4791
4813
msgstr ""
4792
4814
4793
#: serverguide/C/virtualization.xml:1803(para)
4815
#: serverguide/C/virtualization.xml:4398(para)
4794
4816
msgid ""
4795
4817
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4796
4818
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4801
4823
msgid "Manual pages referenced above can be found at:"
4802
4824
msgstr ""
4803
4825
4804
#: serverguide/C/virtualization.xml:1812(ulink)
4826
#: serverguide/C/virtualization.xml:4407(ulink)
4805
4827
msgid "capabilities"
4806
4828
msgstr ""
4807
4829
4808
#: serverguide/C/virtualization.xml:1813(ulink)
4830
#: serverguide/C/virtualization.xml:4408(ulink)
4809
4831
msgid "lxc.conf"
4810
4832
msgstr ""
4811
4833
4815
4837
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4816
4838
msgstr ""
4817
4839
4818
#: serverguide/C/virtualization.xml:1823(para)
4840
#: serverguide/C/virtualization.xml:4420(para)
4819
4841
msgid ""
4820
4842
"LXC security issues are listed and discussed at <ulink "
4821
4843
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4928
4950
msgstr ""
4929
4951
4930
4952
#: serverguide/C/vcs.xml:92(command)
4931
msgid "sudo apt-get install git-core"
4953
msgid "sudo apt-get install git"
4932
4954
msgstr ""
4933
4955
4934
4956
#: serverguide/C/vcs.xml:97(para)
5041
5063
#: serverguide/C/vcs.xml:151(para)
5042
5064
msgid ""
5043
5065
"Now we want to let gitolite know about the repository administrator's public "
5044
"SSH key. This assumes that the current user is the repository administrator."
5066
"SSH key. This assumes that the current user is the repository administrator. "
5067
"If you have not yet configured an SSH key, refer to <xref linkend=\"openssh-"
5068
"keys\"/>"
5045
5069
msgstr ""
5046
5070
5047
#: serverguide/C/vcs.xml:155(command)
5071
#: serverguide/C/vcs.xml:156(command)
5048
5072
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5049
5073
msgstr ""
5050
5074
5051
#: serverguide/C/vcs.xml:157(para)
5075
#: serverguide/C/vcs.xml:158(para)
5052
5076
msgid ""
5053
5077
"Let's switch to the git user and import the administrator's key into "
5054
5078
"gitolite."
5055
5079
msgstr ""
5056
5080
5057
#: serverguide/C/vcs.xml:161(command)
5081
#: serverguide/C/vcs.xml:162(command)
5058
5082
msgid "sudo su - git"
5059
5083
msgstr ""
5060
5084
5061
#: serverguide/C/vcs.xml:162(command)
5085
#: serverguide/C/vcs.xml:163(command)
5062
5086
msgid "gl-setup /tmp/*.pub"
5063
5087
msgstr ""
5064
5088
5065
#: serverguide/C/vcs.xml:164(para)
5089
#: serverguide/C/vcs.xml:165(para)
5066
5090
msgid ""
5067
5091
"Gitolite will allow you to make initial changes to its configuration file "
5068
5092
"during the setup process. You can now clone and modify the gitolite "
5071
5095
"configuration repository:"
5072
5096
msgstr ""
5073
5097
5074
#: serverguide/C/vcs.xml:168(command)
5098
#: serverguide/C/vcs.xml:169(command)
5075
5099
msgid "exit"
5076
5100
msgstr ""
5077
5101
5078
#: serverguide/C/vcs.xml:169(command)
5102
#: serverguide/C/vcs.xml:170(command)
5079
5103
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5080
5104
msgstr ""
5081
5105
5082
#: serverguide/C/vcs.xml:170(command)
5106
#: serverguide/C/vcs.xml:171(command)
5083
5107
msgid "cd gitolite-admin"
5084
5108
msgstr ""
5085
5109
5086
#: serverguide/C/vcs.xml:172(para)
5110
#: serverguide/C/vcs.xml:173(para)
5087
5111
msgid ""
5088
5112
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5089
5113
"configuration files are in the conf dir, and the keydir directory contains "
5090
5114
"the list of user's public SSH keys."
5091
5115
msgstr ""
5092
5116
5093
#: serverguide/C/vcs.xml:175(title)
5117
#: serverguide/C/vcs.xml:176(title)
5094
5118
msgid "Managing gitolite users and repositories"
5095
5119
msgstr ""
5096
5120
5097
#: serverguide/C/vcs.xml:176(para)
5121
#: serverguide/C/vcs.xml:177(para)
5098
5122
msgid ""
5099
5123
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5100
5124
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5105
5129
"server with"
5106
5130
msgstr ""
5107
5131
5108
#: serverguide/C/vcs.xml:178(command)
5132
#: serverguide/C/vcs.xml:179(command)
5109
5133
msgid "git commit -a"
5110
5134
msgstr ""
5111
5135
5112
#: serverguide/C/vcs.xml:179(command)
5136
#: serverguide/C/vcs.xml:180(command)
5113
5137
msgid "git push origin master"
5114
5138
msgstr ""
5115
5139
5116
#: serverguide/C/vcs.xml:181(para)
5140
#: serverguide/C/vcs.xml:182(para)
5117
5141
msgid ""
5118
5142
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5119
5143
"is space separated, and simply specifies the list of repositories followed "
5120
5144
"by some access rules. The following is a default example"
5121
5145
msgstr ""
5122
5146
5123
#: serverguide/C/vcs.xml:182(programlisting)
5147
#: serverguide/C/vcs.xml:183(programlisting)
5124
5148
#, no-wrap
5125
5149
msgid ""
5126
5150
"\n"
5134
5158
" R = denise\n"
5135
5159
msgstr ""
5136
5160
5137
#: serverguide/C/vcs.xml:194(title)
5161
#: serverguide/C/vcs.xml:195(title)
5138
5162
msgid "Using your server"
5139
5163
msgstr ""
5140
5164
5141
#: serverguide/C/vcs.xml:195(para)
5165
#: serverguide/C/vcs.xml:196(para)
5142
5166
msgid ""
5143
5167
"To use the newly created server, users have to have the gitolite admin "
5144
5168
"import their public key into the gitolite configuration repository, they can "
5145
5169
"then access any project they have access to with the following command:"
5146
5170
msgstr ""
5147
5171
5148
#: serverguide/C/vcs.xml:197(command)
5172
#: serverguide/C/vcs.xml:198(command)
5149
5173
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5150
5174
msgstr ""
5151
5175
5152
#: serverguide/C/vcs.xml:199(para)
5176
#: serverguide/C/vcs.xml:200(para)
5153
5177
msgid ""
5154
5178
"Or add the server's project as a remote for an existing git repository:"
5155
5179
msgstr ""
5156
5180
5157
#: serverguide/C/vcs.xml:201(command)
5181
#: serverguide/C/vcs.xml:202(command)
5158
5182
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5159
5183
msgstr ""
5160
5184
5161
#: serverguide/C/vcs.xml:206(title)
5185
#: serverguide/C/vcs.xml:79(title)
5162
5186
msgid "Subversion"
5163
5187
msgstr ""
5164
5188
5165
#: serverguide/C/vcs.xml:207(para)
5189
#: serverguide/C/vcs.xml:80(para)
5166
5190
msgid ""
5167
5191
"Subversion is an open source version control system. Using Subversion, you "
5168
5192
"can record the history of source files and documents. It manages files and "
5171
5195
"remembers every change ever made to files and directories."
5172
5196
msgstr ""
5173
5197
5174
#: serverguide/C/vcs.xml:212(para)
5198
#: serverguide/C/vcs.xml:85(para)
5175
5199
msgid ""
5176
5200
"To access Subversion repository using the HTTP protocol, you must install "
5177
5201
"and configure a web server. Apache2 is proven to work with Subversion. "
5182
5206
"section to install and configure the digital certificate."
5183
5207
msgstr ""
5184
5208
5185
#: serverguide/C/vcs.xml:221(para)
5209
#: serverguide/C/vcs.xml:94(para)
5186
5210
msgid ""
5187
5211
"To install Subversion, run the following command from a terminal prompt:"
5188
5212
msgstr ""
5189
5213
5190
#: serverguide/C/vcs.xml:226(command)
5214
#: serverguide/C/vcs.xml:227(command)
5191
5215
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5192
5216
msgstr ""
5193
5217
5194
#: serverguide/C/vcs.xml:232(title)
5218
#: serverguide/C/vcs.xml:105(title)
5195
5219
msgid "Server Configuration"
5196
5220
msgstr ""
5197
5221
5198
#: serverguide/C/vcs.xml:233(para)
5222
#: serverguide/C/vcs.xml:106(para)
5199
5223
msgid ""
5200
5224
"This step assumes you have installed above mentioned packages on your "
5201
5225
"system. This section explains how to create a Subversion repository and "
5202
5226
"access the project."
5203
5227
msgstr ""
5204
5228
5205
#: serverguide/C/vcs.xml:236(title)
5229
#: serverguide/C/vcs.xml:109(title)
5206
5230
msgid "Create Subversion Repository"
5207
5231
msgstr ""
5208
5232
5209
#: serverguide/C/vcs.xml:237(para)
5233
#: serverguide/C/vcs.xml:110(para)
5210
5234
msgid ""
5211
5235
"The Subversion repository can be created using the following command from a "
5212
5236
"terminal prompt:"
5213
5237
msgstr ""
5214
5238
5215
#: serverguide/C/vcs.xml:241(command)
5239
#: serverguide/C/vcs.xml:114(command)
5216
5240
msgid "svnadmin create /path/to/repos/project"
5217
5241
msgstr ""
5218
5242
5219
#: serverguide/C/vcs.xml:246(title)
5243
#: serverguide/C/vcs.xml:119(title)
5220
5244
msgid "Importing Files"
5221
5245
msgstr ""
5222
5246
5223
#: serverguide/C/vcs.xml:247(para)
5247
#: serverguide/C/vcs.xml:120(para)
5224
5248
msgid ""
5225
5249
"Once you create the repository you can <emphasis>import</emphasis> files "
5226
5250
"into the repository. To import a directory, enter the following from a "
5230
5254
"</screen>"
5231
5255
msgstr ""
5232
5256
5233
#: serverguide/C/vcs.xml:259(title) serverguide/C/vcs.xml:264(title)
5257
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5234
5258
msgid "Access Methods"
5235
5259
msgstr ""
5236
5260
5237
#: serverguide/C/vcs.xml:260(para)
5261
#: serverguide/C/vcs.xml:133(para)
5238
5262
msgid ""
5239
5263
"Subversion repositories can be accessed (checked out) through many different "
5240
5264
"methods --on local disk, or through various network protocols. A repository "
5242
5266
"schemes map to the available access methods."
5243
5267
msgstr ""
5244
5268
5245
#: serverguide/C/vcs.xml:271(para)
5269
#: serverguide/C/vcs.xml:144(para)
5246
5270
msgid "Schema"
5247
5271
msgstr ""
5248
5272
5249
#: serverguide/C/vcs.xml:272(para)
5273
#: serverguide/C/vcs.xml:145(para)
5250
5274
msgid "Access Method"
5251
5275
msgstr ""
5252
5276
5253
#: serverguide/C/vcs.xml:277(para)
5277
#: serverguide/C/vcs.xml:150(para)
5254
5278
msgid "file://"
5255
5279
msgstr ""
5256
5280
5257
#: serverguide/C/vcs.xml:278(para)
5281
#: serverguide/C/vcs.xml:151(para)
5258
5282
msgid "direct repository access (on local disk)"
5259
5283
msgstr ""
5260
5284
5261
#: serverguide/C/vcs.xml:281(para)
5285
#: serverguide/C/vcs.xml:154(para)
5262
5286
msgid "http://"
5263
5287
msgstr ""
5264
5288
5265
#: serverguide/C/vcs.xml:282(para)
5289
#: serverguide/C/vcs.xml:155(para)
5266
5290
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5267
5291
msgstr ""
5268
5292
5269
#: serverguide/C/vcs.xml:285(para)
5293
#: serverguide/C/vcs.xml:158(para)
5270
5294
msgid "https://"
5271
5295
msgstr ""
5272
5296
5273
#: serverguide/C/vcs.xml:286(para)
5297
#: serverguide/C/vcs.xml:159(para)
5274
5298
msgid "Same as http://, but with SSL encryption"
5275
5299
msgstr ""
5276
5300
5277
#: serverguide/C/vcs.xml:289(para)
5301
#: serverguide/C/vcs.xml:162(para)
5278
5302
msgid "svn://"
5279
5303
msgstr ""
5280
5304
5281
#: serverguide/C/vcs.xml:290(para)
5305
#: serverguide/C/vcs.xml:163(para)
5282
5306
msgid "Access via custom protocol to an svnserve server"
5283
5307
msgstr ""
5284
5308
5285
#: serverguide/C/vcs.xml:293(para)
5309
#: serverguide/C/vcs.xml:166(para)
5286
5310
msgid "svn+ssh://"
5287
5311
msgstr ""
5288
5312
5289
#: serverguide/C/vcs.xml:294(para)
5313
#: serverguide/C/vcs.xml:167(para)
5290
5314
msgid "Same as svn://, but through an SSH tunnel"
5291
5315
msgstr ""
5292
5316
5293
#: serverguide/C/vcs.xml:300(para)
5317
#: serverguide/C/vcs.xml:173(para)
5294
5318
msgid ""
5295
5319
"In this section, we will see how to configure Subversion for all these "
5296
5320
"access methods. Here, we cover the basics. For more advanced usage details, "
5297
5321
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5298
5322
msgstr ""
5299
5323
5300
#: serverguide/C/vcs.xml:307(title)
5324
#: serverguide/C/vcs.xml:180(title)
5301
5325
msgid "Direct repository access (file://)"
5302
5326
msgstr ""
5303
5327
5304
#: serverguide/C/vcs.xml:308(para)
5328
#: serverguide/C/vcs.xml:181(para)
5305
5329
msgid ""
5306
5330
"This is the simplest of all access methods. It does not require any "
5307
5331
"Subversion server process to be running. This access method is used to "
5309
5333
"at a terminal prompt, is as follows:"
5310
5334
msgstr ""
5311
5335
5312
#: serverguide/C/vcs.xml:315(command)
5336
#: serverguide/C/vcs.xml:188(command)
5313
5337
msgid "svn co file:///path/to/repos/project"
5314
5338
msgstr ""
5315
5339
5316
#: serverguide/C/vcs.xml:318(para)
5340
#: serverguide/C/vcs.xml:191(para)
5317
5341
msgid "or"
5318
5342
msgstr ""
5319
5343
5320
#: serverguide/C/vcs.xml:321(command)
5344
#: serverguide/C/vcs.xml:194(command)
5321
5345
msgid "svn co file://localhost/path/to/repos/project"
5322
5346
msgstr ""
5323
5347
5324
#: serverguide/C/vcs.xml:325(para)
5348
#: serverguide/C/vcs.xml:198(para)
5325
5349
msgid ""
5326
5350
"If you do not specify the hostname, there are three forward slashes (///) -- "
5327
5351
"two for the protocol (file, in this case) plus the leading slash in the "
5328
5352
"path. If you specify the hostname, you must use two forward slashes (//)."
5329
5353
msgstr ""
5330
5354
5331
#: serverguide/C/vcs.xml:327(para)
5355
#: serverguide/C/vcs.xml:200(para)
5332
5356
msgid ""
5333
5357
"The repository permissions depend on filesystem permissions. If the user has "
5334
5358
"read/write permission, he can checkout from and commit to the repository."
5335
5359
msgstr ""
5336
5360
5337
#: serverguide/C/vcs.xml:330(title)
5361
#: serverguide/C/vcs.xml:203(title)
5338
5362
msgid "Access via WebDAV protocol (http://)"
5339
5363
msgstr ""
5340
5364
5341
#: serverguide/C/vcs.xml:331(para)
5365
#: serverguide/C/vcs.xml:332(para)
5342
5366
msgid ""
5343
5367
"To access the Subversion repository via WebDAV protocol, you must configure "
5344
5368
"your Apache 2 web server. Add the following snippet between the "
5348
5372
"another VirtualHost file:"
5349
5373
msgstr ""
5350
5374
5351
#: serverguide/C/vcs.xml:337(programlisting)
5375
#: serverguide/C/vcs.xml:338(programlisting)
5352
5376
#, no-wrap
5353
5377
msgid ""
5354
5378
"\n"
5362
5386
" </Location> \n"
5363
5387
msgstr ""
5364
5388
5365
#: serverguide/C/vcs.xml:348(para)
5389
#: serverguide/C/vcs.xml:349(para)
5366
5390
msgid ""
5367
5391
"The above configuration snippet assumes that Subversion repositories are "
5368
5392
"created under <filename>/path/to/repos</filename> directory using "
5371
5395
"<command>http://hostname/svn/repos_name</command> url."
5372
5396
msgstr ""
5373
5397
5374
#: serverguide/C/vcs.xml:354(para)
5398
#: serverguide/C/vcs.xml:355(para)
5375
5399
msgid ""
5376
5400
"Changing the apache configuration like the above requires to reload the "
5377
5401
"service with the following command"
5378
5402
msgstr ""
5379
5403
5380
#: serverguide/C/vcs.xml:359(command)
5404
#: serverguide/C/vcs.xml:360(command)
5381
5405
msgid "sudo service apache2 reload"
5382
5406
msgstr ""
5383
5407
5384
#: serverguide/C/vcs.xml:361(para)
5408
#: serverguide/C/vcs.xml:362(para)
5385
5409
msgid ""
5386
5410
"To import or commit files to your Subversion repository over HTTP, the "
5387
5411
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5389
5413
"repository files enter the following command from terminal prompt:"
5390
5414
msgstr ""
5391
5415
5392
#: serverguide/C/vcs.xml:370(command)
5416
#: serverguide/C/vcs.xml:236(command)
5393
5417
msgid "sudo chown -R www-data:www-data /path/to/repos"
5394
5418
msgstr ""
5395
5419
5396
#: serverguide/C/vcs.xml:373(para)
5420
#: serverguide/C/vcs.xml:239(para)
5397
5421
msgid ""
5398
5422
"By changing the ownership of repository as <command>www-data</command> you "
5399
5423
"will not be able to import or commit files into the repository by running "
5401
5425
"<command>www-data</command>."
5402
5426
msgstr ""
5403
5427
5404
#: serverguide/C/vcs.xml:382(para)
5428
#: serverguide/C/vcs.xml:248(para)
5405
5429
msgid ""
5406
5430
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5407
5431
"that will contain user authentication details. To create a file issue the "
5409
5433
"the first user):"
5410
5434
msgstr ""
5411
5435
5412
#: serverguide/C/vcs.xml:388(command)
5436
#: serverguide/C/vcs.xml:254(command)
5413
5437
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5414
5438
msgstr ""
5415
5439
5416
#: serverguide/C/vcs.xml:391(para)
5440
#: serverguide/C/vcs.xml:257(para)
5417
5441
msgid ""
5418
5442
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5419
5443
"option replaces the old file. Instead use this form:"
5420
5444
msgstr ""
5421
5445
5422
#: serverguide/C/vcs.xml:396(command)
5446
#: serverguide/C/vcs.xml:262(command)
5423
5447
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5424
5448
msgstr ""
5425
5449
5426
#: serverguide/C/vcs.xml:400(para)
5450
#: serverguide/C/vcs.xml:266(para)
5427
5451
msgid ""
5428
5452
"This command will prompt you to enter the password. Once you enter the "
5429
5453
"password, the user is added. Now, to access the repository you can run the "
5430
5454
"following command:"
5431
5455
msgstr ""
5432
5456
5433
#: serverguide/C/vcs.xml:401(command)
5457
#: serverguide/C/vcs.xml:267(command)
5434
5458
msgid "svn co http://servername/svn"
5435
5459
msgstr ""
5436
5460
5437
#: serverguide/C/vcs.xml:403(para)
5461
#: serverguide/C/vcs.xml:269(para)
5438
5462
msgid ""
5439
5463
"The password is transmitted as plain text. If you are worried about password "
5440
5464
"snooping, you are advised to use SSL encryption. For details, please refer "
5441
5465
"next section."
5442
5466
msgstr ""
5443
5467
5444
#: serverguide/C/vcs.xml:409(title)
5468
#: serverguide/C/vcs.xml:275(title)
5445
5469
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5446
5470
msgstr ""
5447
5471
5448
#: serverguide/C/vcs.xml:410(para)
5472
#: serverguide/C/vcs.xml:411(para)
5449
5473
msgid ""
5450
5474
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5451
5475
"(https://) is similar to http:// except that you must install and configure "
5456
5480
"configuration\"/>."
5457
5481
msgstr ""
5458
5482
5459
#: serverguide/C/vcs.xml:419(para)
5483
#: serverguide/C/vcs.xml:285(para)
5460
5484
msgid ""
5461
5485
"You can install a digital certificate issued by a signing authority. "
5462
5486
"Alternatively, you can install your own self-signed certificate."
5463
5487
msgstr ""
5464
5488
5465
#: serverguide/C/vcs.xml:424(para)
5489
#: serverguide/C/vcs.xml:290(para)
5466
5490
msgid ""
5467
5491
"This step assumes you have installed and configured a digital certificate in "
5468
5492
"your Apache 2 web server. Now, to access the Subversion repository, please "
5470
5494
"the protocol. You must use https:// to access the Subversion repository."
5471
5495
msgstr ""
5472
5496
5473
#: serverguide/C/vcs.xml:434(title)
5497
#: serverguide/C/vcs.xml:300(title)
5474
5498
msgid "Access via custom protocol (svn://)"
5475
5499
msgstr ""
5476
5500
5477
#: serverguide/C/vcs.xml:435(para)
5501
#: serverguide/C/vcs.xml:301(para)
5478
5502
msgid ""
5479
5503
"Once the Subversion repository is created, you can configure the access "
5480
5504
"control. You can edit the <filename> "
5483
5507
"following lines in the configuration file:"
5484
5508
msgstr ""
5485
5509
5486
#: serverguide/C/vcs.xml:442(programlisting)
5510
#: serverguide/C/vcs.xml:308(programlisting)
5487
5511
#, no-wrap
5488
5512
msgid ""
5489
5513
"# [general]\n"
5490
5514
"# password-db = passwd"
5491
5515
msgstr ""
5492
5516
5493
#: serverguide/C/vcs.xml:445(para)
5517
#: serverguide/C/vcs.xml:311(para)
5494
5518
msgid ""
5495
5519
"After uncommenting the above lines, you can maintain the user list in the "
5496
5520
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5497
5521
"directory and add the new user. The syntax is as follows:"
5498
5522
msgstr ""
5499
5523
5500
#: serverguide/C/vcs.xml:451(programlisting)
5524
#: serverguide/C/vcs.xml:317(programlisting)
5501
5525
#, no-wrap
5502
5526
msgid "username = password"
5503
5527
msgstr ""
5504
5528
5505
#: serverguide/C/vcs.xml:452(para)
5529
#: serverguide/C/vcs.xml:318(para)
5506
5530
msgid "For more details, please refer to the file."
5507
5531
msgstr ""
5508
5532
5509
#: serverguide/C/vcs.xml:456(para)
5533
#: serverguide/C/vcs.xml:322(para)
5510
5534
msgid ""
5511
5535
"Now, to access Subversion via the svn:// custom protocol, either from the "
5512
5536
"same machine or a different machine, you can run svnserver using svnserve "
5513
5537
"command. The syntax is as follows:"
5514
5538
msgstr ""
5515
5539
5516
#: serverguide/C/vcs.xml:461(programlisting)
5540
#: serverguide/C/vcs.xml:327(programlisting)
5517
5541
#, no-wrap
5518
5542
msgid ""
5519
5543
"$ svnserve -d --foreground -r /path/to/repos\n"
5525
5549
"$ svnserve --help"
5526
5550
msgstr ""
5527
5551
5528
#: serverguide/C/vcs.xml:469(para)
5552
#: serverguide/C/vcs.xml:335(para)
5529
5553
msgid ""
5530
5554
"Once you run this command, Subversion starts listening on default port "
5531
5555
"(3690). To access the project repository, you must run the following command "
5532
5556
"from a terminal prompt:"
5533
5557
msgstr ""
5534
5558
5535
#: serverguide/C/vcs.xml:472(command)
5559
#: serverguide/C/vcs.xml:338(command)
5536
5560
msgid "svn co svn://hostname/project project --username user_name"
5537
5561
msgstr ""
5538
5562
5539
#: serverguide/C/vcs.xml:475(para)
5563
#: serverguide/C/vcs.xml:341(para)
5540
5564
msgid ""
5541
5565
"Based on server configuration, it prompts for password. Once you are "
5542
5566
"authenticated, it checks out the code from Subversion repository. To "
5545
5569
"a terminal prompt, is as follows:"
5546
5570
msgstr ""
5547
5571
5548
#: serverguide/C/vcs.xml:483(command)
5572
#: serverguide/C/vcs.xml:349(command)
5549
5573
msgid "cd project_dir ; svn update"
5550
5574
msgstr ""
5551
5575
5552
#: serverguide/C/vcs.xml:486(para)
5576
#: serverguide/C/vcs.xml:352(para)
5553
5577
msgid ""
5554
5578
"For more details about using each Subversion sub-command, you can refer to "
5555
5579
"the manual. For example, to learn more about the co (checkout) command, "
5556
5580
"please run the following command from a terminal prompt:"
5557
5581
msgstr ""
5558
5582
5559
#: serverguide/C/vcs.xml:490(command)
5583
#: serverguide/C/vcs.xml:356(command)
5560
5584
msgid "svn co help"
5561
5585
msgstr ""
5562
5586
5563
#: serverguide/C/vcs.xml:494(title)
5587
#: serverguide/C/vcs.xml:495(title)
5564
5588
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5565
5589
msgstr ""
5566
5590
5567
#: serverguide/C/vcs.xml:495(para)
5591
#: serverguide/C/vcs.xml:361(para)
5568
5592
msgid ""
5569
5593
"The configuration and server process is same as in the svn:// method. For "
5570
5594
"details, please refer to the above section. This step assumes you have "
5572
5596
"<application>svnserve</application> command."
5573
5597
msgstr ""
5574
5598
5575
#: serverguide/C/vcs.xml:501(para)
5599
#: serverguide/C/vcs.xml:367(para)
5576
5600
msgid ""
5577
5601
"It is also assumed that the ssh server is running on that machine and that "
5578
5602
"it is allowing incoming connections. To confirm, please try to login to that "
5580
5604
"login, please address it before continuing further."
5581
5605
msgstr ""
5582
5606
5583
#: serverguide/C/vcs.xml:507(para)
5607
#: serverguide/C/vcs.xml:373(para)
5584
5608
msgid ""
5585
5609
"The svn+ssh:// protocol is used to access the Subversion repository using "
5586
5610
"SSL encryption. The data transfer is encrypted using this method. To access "
5588
5612
"following command syntax:"
5589
5613
msgstr ""
5590
5614
5591
#: serverguide/C/vcs.xml:514(command)
5615
#: serverguide/C/vcs.xml:515(command)
5592
5616
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5593
5617
msgstr ""
5594
5618
5595
#: serverguide/C/vcs.xml:518(para)
5619
#: serverguide/C/vcs.xml:384(para)
5596
5620
msgid ""
5597
5621
"You must use the full path (/path/to/repos/project) to access the Subversion "
5598
5622
"repository using this access method."
5599
5623
msgstr ""
5600
5624
5601
#: serverguide/C/vcs.xml:521(para)
5625
#: serverguide/C/vcs.xml:387(para)
5602
5626
msgid ""
5603
5627
"Based on server configuration, it prompts for password. You must enter the "
5604
5628
"password you use to login via ssh. Once you are authenticated, it checks out "
5605
5629
"the code from the Subversion repository."
5606
5630
msgstr ""
5607
5631
5608
#: serverguide/C/vcs.xml:536(ulink)
5632
#: serverguide/C/vcs.xml:539(ulink)
5609
5633
msgid "Bazaar Home Page"
5610
5634
msgstr ""
5611
5635
5612
#: serverguide/C/vcs.xml:541(ulink)
5636
#: serverguide/C/vcs.xml:540(ulink)
5613
5637
msgid "Launchpad"
5614
5638
msgstr ""
5615
5639
5616
#: serverguide/C/vcs.xml:546(ulink)
5640
#: serverguide/C/vcs.xml:547(ulink)
5617
5641
msgid "Git homepage"
5618
5642
msgstr ""
5619
5643
5620
#: serverguide/C/vcs.xml:551(ulink)
5644
#: serverguide/C/vcs.xml:552(ulink)
5621
5645
msgid "Gitolite"
5622
5646
msgstr ""
5623
5647
5624
#: serverguide/C/vcs.xml:556(ulink)
5648
#: serverguide/C/vcs.xml:541(ulink)
5625
5649
msgid "Subversion Home Page"
5626
5650
msgstr ""
5627
5651
5628
#: serverguide/C/vcs.xml:561(ulink)
5652
#: serverguide/C/vcs.xml:542(ulink)
5629
5653
msgid "Subversion Book"
5630
5654
msgstr ""
5631
5655
5632
#: serverguide/C/vcs.xml:566(ulink)
5656
#: serverguide/C/vcs.xml:545(ulink)
5633
5657
msgid "Easy Bazaar Ubuntu Wiki page"
5634
5658
msgstr ""
5635
5659
5636
#: serverguide/C/vcs.xml:571(ulink)
5660
#: serverguide/C/vcs.xml:546(ulink)
5637
5661
msgid "Ubuntu Wiki Subversion page"
5638
5662
msgstr ""
5639
5663
5699
5723
#: serverguide/C/serverguide.xml:17(para)
5700
5724
msgid ""
5701
5725
"Other contributors can be found in the revision history of the <ulink "
5702
"url=\"https://code.launchpad.net/serverguide\">serverguide</ulink> and "
5703
"<ulink url=\"https://code.launchpad.net/ubuntu-docs\">ubuntu-docs</ulink> "
5704
"bzr branches available on Launchpad."
5726
"url=\"https://bazaar.launchpad.net/~ubuntu-core-"
5727
"doc/serverguide/trunk/changes\">serverguide</ulink> and <ulink "
5728
"url=\"https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-"
5729
"docs/trunk/changes\">ubuntu-docs</ulink> bzr branches available on Launchpad."
5705
5730
msgstr ""
5706
5731
5707
5732
#: serverguide/C/serverguide.xml:12(para)
5793
5818
msgid "Configurations with root passwords are not supported."
5794
5819
msgstr ""
5795
5820
5796
#: serverguide/C/security.xml:42(command)
5821
#: serverguide/C/security.xml:37(command)
5797
5822
msgid "sudo passwd"
5798
5823
msgstr ""
5799
5824
5800
#: serverguide/C/security.xml:44(para)
5825
#: serverguide/C/security.xml:39(para)
5801
5826
msgid ""
5802
5827
"Sudo will prompt you for your password, and then ask you to supply a new "
5803
5828
"password for root as shown below:"
5804
5829
msgstr ""
5805
5830
5806
#: serverguide/C/security.xml:47(computeroutput)
5831
#: serverguide/C/security.xml:42(computeroutput)
5807
5832
#, no-wrap
5808
5833
msgid "[sudo] password for username:"
5809
5834
msgstr ""
5810
5835
5811
#: serverguide/C/security.xml:47(userinput)
5836
#: serverguide/C/security.xml:42(userinput)
5812
5837
#, no-wrap
5813
5838
msgid "(enter your own password)"
5814
5839
msgstr ""
5815
5840
5816
#: serverguide/C/security.xml:48(computeroutput)
5841
#: serverguide/C/security.xml:43(computeroutput)
5817
5842
#, no-wrap
5818
5843
msgid "Enter new UNIX password:"
5819
5844
msgstr ""
5820
5845
5821
#: serverguide/C/security.xml:48(userinput)
5846
#: serverguide/C/security.xml:43(userinput)
5822
5847
#, no-wrap
5823
5848
msgid "(enter a new password for root)"
5824
5849
msgstr ""
5825
5850
5826
#: serverguide/C/security.xml:49(computeroutput)
5851
#: serverguide/C/security.xml:44(computeroutput)
5827
5852
#, no-wrap
5828
5853
msgid "Retype new UNIX password:"
5829
5854
msgstr ""
5830
5855
5831
#: serverguide/C/security.xml:49(userinput)
5856
#: serverguide/C/security.xml:44(userinput)
5832
5857
#, no-wrap
5833
5858
msgid "(repeat new password for root)"
5834
5859
msgstr ""
5835
5860
5836
#: serverguide/C/security.xml:50(computeroutput)
5861
#: serverguide/C/security.xml:45(computeroutput)
5837
5862
#, no-wrap
5838
5863
msgid "passwd: password updated successfully"
5839
5864
msgstr ""
5843
5868
"To disable the root account password, use the following passwd syntax:"
5844
5869
msgstr ""
5845
5870
5846
#: serverguide/C/security.xml:58(command)
5871
#: serverguide/C/security.xml:53(command)
5847
5872
msgid "sudo passwd -l root"
5848
5873
msgstr ""
5849
5874
5856
5881
msgid "usermod --expiredate 1"
5857
5882
msgstr ""
5858
5883
5859
#: serverguide/C/security.xml:68(para)
5884
#: serverguide/C/security.xml:57(para)
5860
5885
msgid ""
5861
5886
"You should read more on <application>Sudo</application> by checking out it's "
5862
5887
"man page:"
5863
5888
msgstr ""
5864
5889
5865
#: serverguide/C/security.xml:72(command)
5890
#: serverguide/C/security.xml:61(command)
5866
5891
msgid "man sudo"
5867
5892
msgstr ""
5868
5893
5876
5901
"<emphasis>sudo</emphasis> group."
5877
5902
msgstr ""
5878
5903
5879
#: serverguide/C/security.xml:82(title)
5904
#: serverguide/C/security.xml:71(title)
5880
5905
msgid "Adding and Deleting Users"
5881
5906
msgstr ""
5882
5907
5883
#: serverguide/C/security.xml:83(para)
5908
#: serverguide/C/security.xml:72(para)
5884
5909
msgid ""
5885
5910
"The process for managing local users and groups is straight forward and "
5886
5911
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5888
5913
"package for account management."
5889
5914
msgstr ""
5890
5915
5891
#: serverguide/C/security.xml:88(para)
5916
#: serverguide/C/security.xml:77(para)
5892
5917
msgid ""
5893
5918
"To add a user account, use the following syntax, and follow the prompts to "
5894
5919
"give the account a password and identifiable characteristics such as a full "
5895
5920
"name, phone number, etc."
5896
5921
msgstr ""
5897
5922
5898
#: serverguide/C/security.xml:92(command)
5923
#: serverguide/C/security.xml:81(command)
5899
5924
msgid "sudo adduser username"
5900
5925
msgstr ""
5901
5926
5902
#: serverguide/C/security.xml:96(para)
5927
#: serverguide/C/security.xml:85(para)
5903
5928
msgid ""
5904
5929
"To delete a user account and its primary group, use the following syntax:"
5905
5930
msgstr ""
5906
5931
5907
#: serverguide/C/security.xml:100(command)
5932
#: serverguide/C/security.xml:89(command)
5908
5933
msgid "sudo deluser username"
5909
5934
msgstr ""
5910
5935
5911
#: serverguide/C/security.xml:102(para)
5936
#: serverguide/C/security.xml:91(para)
5912
5937
msgid ""
5913
5938
"Deleting an account does not remove their respective home folder. It is up "
5914
5939
"to you whether or not you wish to delete the folder manually or keep it "
5915
5940
"according to your desired retention policies."
5916
5941
msgstr ""
5917
5942
5918
#: serverguide/C/security.xml:105(para)
5943
#: serverguide/C/security.xml:94(para)
5919
5944
msgid ""
5920
5945
"Remember, any user added later on with the same UID/GID as the previous "
5921
5946
"owner will now have access to this folder if you have not taken the "
5922
5947
"necessary precautions."
5923
5948
msgstr ""
5924
5949
5925
#: serverguide/C/security.xml:108(para)
5950
#: serverguide/C/security.xml:97(para)
5926
5951
msgid ""
5927
5952
"You may want to change these UID/GID values to something more appropriate, "
5928
5953
"such as the root account, and perhaps even relocate the folder to avoid "
5929
5954
"future conflicts:"
5930
5955
msgstr ""
5931
5956
5932
#: serverguide/C/security.xml:112(command)
5957
#: serverguide/C/security.xml:101(command)
5933
5958
msgid "sudo chown -R root:root /home/username/"
5934
5959
msgstr ""
5935
5960
5936
#: serverguide/C/security.xml:113(command)
5961
#: serverguide/C/security.xml:102(command)
5937
5962
msgid "sudo mkdir /home/archived_users/"
5938
5963
msgstr ""
5939
5964
5940
#: serverguide/C/security.xml:114(command)
5965
#: serverguide/C/security.xml:103(command)
5941
5966
msgid "sudo mv /home/username /home/archived_users/"
5942
5967
msgstr ""
5943
5968
5944
#: serverguide/C/security.xml:118(para)
5969
#: serverguide/C/security.xml:107(para)
5945
5970
msgid ""
5946
5971
"To temporarily lock or unlock a user account, use the following syntax, "
5947
5972
"respectively:"
5948
5973
msgstr ""
5949
5974
5950
#: serverguide/C/security.xml:122(command)
5975
#: serverguide/C/security.xml:111(command)
5951
5976
msgid "sudo passwd -l username"
5952
5977
msgstr ""
5953
5978
5954
#: serverguide/C/security.xml:123(command)
5979
#: serverguide/C/security.xml:112(command)
5955
5980
msgid "sudo passwd -u username"
5956
5981
msgstr ""
5957
5982
5958
#: serverguide/C/security.xml:127(para)
5983
#: serverguide/C/security.xml:116(para)
5959
5984
msgid ""
5960
5985
"To add or delete a personalized group, use the following syntax, "
5961
5986
"respectively:"
5962
5987
msgstr ""
5963
5988
5964
#: serverguide/C/security.xml:131(command)
5989
#: serverguide/C/security.xml:120(command)
5965
5990
msgid "sudo addgroup groupname"
5966
5991
msgstr ""
5967
5992
5968
#: serverguide/C/security.xml:132(command)
5993
#: serverguide/C/security.xml:121(command)
5969
5994
msgid "sudo delgroup groupname"
5970
5995
msgstr ""
5971
5996
5972
#: serverguide/C/security.xml:136(para)
5997
#: serverguide/C/security.xml:125(para)
5973
5998
msgid "To add a user to a group, use the following syntax:"
5974
5999
msgstr ""
5975
6000
5976
#: serverguide/C/security.xml:140(command)
6001
#: serverguide/C/security.xml:129(command)
5977
6002
msgid "sudo adduser username groupname"
5978
6003
msgstr ""
5979
6004
5980
#: serverguide/C/security.xml:147(title)
6005
#: serverguide/C/security.xml:136(title)
5981
6006
msgid "User Profile Security"
5982
6007
msgstr ""
5983
6008
5984
#: serverguide/C/security.xml:148(para)
6009
#: serverguide/C/security.xml:137(para)
5985
6010
msgid ""
5986
6011
"When a new user is created, the adduser utility creates a brand new home "
5987
6012
"directory named <filename class=\"directory\">/home/username</filename>, "
5990
6015
"includes all profile basics."
5991
6016
msgstr ""
5992
6017
5993
#: serverguide/C/security.xml:151(para)
6018
#: serverguide/C/security.xml:140(para)
5994
6019
msgid ""
5995
6020
"If your server will be home to multiple users, you should pay close "
5996
6021
"attention to the user home directory permissions to ensure confidentiality. "
6000
6025
"your environment."
6001
6026
msgstr ""
6002
6027
6003
#: serverguide/C/security.xml:156(para)
6028
#: serverguide/C/security.xml:145(para)
6004
6029
msgid ""
6005
6030
"To verify your current users home directory permissions, use the following "
6006
6031
"syntax:"
6007
6032
msgstr ""
6008
6033
6009
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6034
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6010
6035
msgid "ls -ld /home/username"
6011
6036
msgstr ""
6012
6037
6013
#: serverguide/C/security.xml:162(para)
6038
#: serverguide/C/security.xml:151(para)
6014
6039
msgid ""
6015
6040
"The following output shows that the directory <filename "
6016
6041
"class=\"directory\">/home/username</filename> has world readable permissions:"
6017
6042
msgstr ""
6018
6043
6019
#: serverguide/C/security.xml:165(computeroutput)
6044
#: serverguide/C/security.xml:154(computeroutput)
6020
6045
#, no-wrap
6021
6046
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6022
6047
msgstr ""
6023
6048
6024
#: serverguide/C/security.xml:169(para)
6049
#: serverguide/C/security.xml:158(para)
6025
6050
msgid ""
6026
6051
"You can remove the world readable permissions using the following syntax:"
6027
6052
msgstr ""
6028
6053
6029
#: serverguide/C/security.xml:173(command)
6054
#: serverguide/C/security.xml:162(command)
6030
6055
msgid "sudo chmod 0750 /home/username"
6031
6056
msgstr ""
6032
6057
6033
#: serverguide/C/security.xml:176(para)
6058
#: serverguide/C/security.xml:165(para)
6034
6059
msgid ""
6035
6060
"Some people tend to use the recursive option (-R) indiscriminately which "
6036
6061
"modifies all child folders and files, but this is not necessary, and may "
6038
6063
"for preventing unauthorized access to anything below the parent."
6039
6064
msgstr ""
6040
6065
6041
#: serverguide/C/security.xml:180(para)
6066
#: serverguide/C/security.xml:169(para)
6042
6067
msgid ""
6043
6068
"A much more efficient approach to the matter would be to modify the "
6044
6069
"<application>adduser</application> global default permissions when creating "
6048
6073
"new home directories will receive the correct permissions."
6049
6074
msgstr ""
6050
6075
6051
#: serverguide/C/security.xml:183(programlisting)
6076
#: serverguide/C/security.xml:172(programlisting)
6052
6077
#, no-wrap
6053
6078
msgid ""
6054
6079
"\n"
6055
6080
"DIR_MODE=0750\n"
6056
6081
msgstr ""
6057
6082
6058
#: serverguide/C/security.xml:188(para)
6083
#: serverguide/C/security.xml:177(para)
6059
6084
msgid ""
6060
6085
"After correcting the directory permissions using any of the previously "
6061
6086
"mentioned techniques, verify the results using the following syntax:"
6062
6087
msgstr ""
6063
6088
6064
#: serverguide/C/security.xml:194(para)
6089
#: serverguide/C/security.xml:183(para)
6065
6090
msgid ""
6066
6091
"The results below show that world readable permissions have been removed:"
6067
6092
msgstr ""
6068
6093
6069
#: serverguide/C/security.xml:197(computeroutput)
6094
#: serverguide/C/security.xml:186(computeroutput)
6070
6095
#, no-wrap
6071
6096
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6072
6097
msgstr ""
6073
6098
6074
#: serverguide/C/security.xml:204(title)
6099
#: serverguide/C/security.xml:193(title)
6075
6100
msgid "Password Policy"
6076
6101
msgstr ""
6077
6102
6078
#: serverguide/C/security.xml:205(para)
6103
#: serverguide/C/security.xml:194(para)
6079
6104
msgid ""
6080
6105
"A strong password policy is one of the most important aspects of your "
6081
6106
"security posture. Many successful security breaches involve simple brute "
6085
6110
"password lifetimes, and frequent audits of your authentication systems."
6086
6111
msgstr ""
6087
6112
6088
#: serverguide/C/security.xml:209(title)
6113
#: serverguide/C/security.xml:198(title)
6089
6114
msgid "Minimum Password Length"
6090
6115
msgstr ""
6091
6116
6092
#: serverguide/C/security.xml:210(para)
6117
#: serverguide/C/security.xml:199(para)
6093
6118
msgid ""
6094
6119
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6095
6120
"well as some basic entropy checks. These values are controlled in the file "
6103
6128
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6104
6129
msgstr ""
6105
6130
6106
#: serverguide/C/security.xml:216(para)
6131
#: serverguide/C/security.xml:205(para)
6107
6132
msgid ""
6108
6133
"If you would like to adjust the minimum length to 8 characters, change the "
6109
6134
"appropriate variable to min=8. The modification is outlined below."
6117
6142
"minlen=8\n"
6118
6143
msgstr ""
6119
6144
6120
#: serverguide/C/security.xml:223(para)
6145
#: serverguide/C/security.xml:212(para)
6121
6146
msgid ""
6122
6147
"Basic password entropy checks and minimum length rules do not apply to the "
6123
6148
"administrator using sudo level commands to setup a new user."
6124
6149
msgstr ""
6125
6150
6126
#: serverguide/C/security.xml:229(title)
6151
#: serverguide/C/security.xml:218(title)
6127
6152
msgid "Password Expiration"
6128
6153
msgstr ""
6129
6154
6130
#: serverguide/C/security.xml:230(para)
6155
#: serverguide/C/security.xml:219(para)
6131
6156
msgid ""
6132
6157
"When creating user accounts, you should make it a policy to have a minimum "
6133
6158
"and maximum password age forcing users to change their passwords when they "
6134
6159
"expire."
6135
6160
msgstr ""
6136
6161
6137
#: serverguide/C/security.xml:235(para)
6162
#: serverguide/C/security.xml:224(para)
6138
6163
msgid ""
6139
6164
"To easily view the current status of a user account, use the following "
6140
6165
"syntax:"
6141
6166
msgstr ""
6142
6167
6143
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6168
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6144
6169
msgid "sudo chage -l username"
6145
6170
msgstr ""
6146
6171
6147
#: serverguide/C/security.xml:241(para)
6172
#: serverguide/C/security.xml:230(para)
6148
6173
msgid ""
6149
6174
"The output below shows interesting facts about the user account, namely that "
6150
6175
"there are no policies applied:"
6151
6176
msgstr ""
6152
6177
6153
#: serverguide/C/security.xml:244(computeroutput)
6178
#: serverguide/C/security.xml:233(computeroutput)
6154
6179
#, no-wrap
6155
6180
msgid ""
6156
6181
"Last password change : Jan 20, 2008\n"
6162
6187
"Number of days of warning before password expires : 7"
6163
6188
msgstr ""
6164
6189
6165
#: serverguide/C/security.xml:254(para)
6190
#: serverguide/C/security.xml:243(para)
6166
6191
msgid ""
6167
6192
"To set any of these values, simply use the following syntax, and follow the "
6168
6193
"interactive prompts:"
6169
6194
msgstr ""
6170
6195
6171
#: serverguide/C/security.xml:258(command)
6196
#: serverguide/C/security.xml:247(command)
6172
6197
msgid "sudo chage username"
6173
6198
msgstr ""
6174
6199
6175
#: serverguide/C/security.xml:260(para)
6200
#: serverguide/C/security.xml:249(para)
6176
6201
msgid ""
6177
6202
"The following is also an example of how you can manually change the explicit "
6178
6203
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6181
6206
"password expiration."
6182
6207
msgstr ""
6183
6208
6184
#: serverguide/C/security.xml:264(command)
6209
#: serverguide/C/security.xml:253(command)
6185
6210
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6186
6211
msgstr ""
6187
6212
6188
#: serverguide/C/security.xml:268(para)
6213
#: serverguide/C/security.xml:257(para)
6189
6214
msgid "To verify changes, use the same syntax as mentioned previously:"
6190
6215
msgstr ""
6191
6216
6192
#: serverguide/C/security.xml:274(para)
6217
#: serverguide/C/security.xml:263(para)
6193
6218
msgid ""
6194
6219
"The output below shows the new policies that have been established for the "
6195
6220
"account:"
6196
6221
msgstr ""
6197
6222
6198
#: serverguide/C/security.xml:277(computeroutput)
6223
#: serverguide/C/security.xml:266(computeroutput)
6199
6224
#, no-wrap
6200
6225
msgid ""
6201
6226
"Last password change : Jan 20, 2008\n"
6207
6232
"Number of days of warning before password expires : 14"
6208
6233
msgstr ""
6209
6234
6210
#: serverguide/C/security.xml:293(title)
6235
#: serverguide/C/security.xml:282(title)
6211
6236
msgid "Other Security Considerations"
6212
6237
msgstr ""
6213
6238
6214
#: serverguide/C/security.xml:294(para)
6239
#: serverguide/C/security.xml:283(para)
6215
6240
msgid ""
6216
6241
"Many applications use alternate authentication mechanisms that can be easily "
6217
6242
"overlooked by even experienced system administrators. Therefore, it is "
6219
6244
"to services and applications on your server."
6220
6245
msgstr ""
6221
6246
6222
#: serverguide/C/security.xml:299(title)
6247
#: serverguide/C/security.xml:288(title)
6223
6248
msgid "SSH Access by Disabled Users"
6224
6249
msgstr ""
6225
6250
6226
#: serverguide/C/security.xml:300(para)
6251
#: serverguide/C/security.xml:289(para)
6227
6252
msgid ""
6228
6253
"Simply disabling/locking a user account will not prevent a user from logging "
6229
6254
"into your server remotely if they have previously set up RSA public key "
6233
6258
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6234
6259
msgstr ""
6235
6260
6236
#: serverguide/C/security.xml:303(para)
6261
#: serverguide/C/security.xml:292(para)
6237
6262
msgid ""
6238
6263
"Remove or rename the directory <filename "
6239
6264
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6240
6265
"further SSH authentication capabilities."
6241
6266
msgstr ""
6242
6267
6243
#: serverguide/C/security.xml:306(para)
6268
#: serverguide/C/security.xml:295(para)
6244
6269
msgid ""
6245
6270
"Be sure to check for any established SSH connections by the disabled user, "
6246
6271
"as it is possible they may have existing inbound or outbound connections. "
6263
6288
"<placeholder-2/>\n"
6264
6289
msgstr ""
6265
6290
6266
#: serverguide/C/security.xml:313(para)
6291
#: serverguide/C/security.xml:298(para)
6267
6292
msgid ""
6268
6293
"Restrict SSH access to only user accounts that should have it. For example, "
6269
6294
"you may create a group called \"sshlogin\" and add the group name as the "
6271
6296
"the file <filename>/etc/ssh/sshd_config</filename>."
6272
6297
msgstr ""
6273
6298
6274
#: serverguide/C/security.xml:316(programlisting)
6299
#: serverguide/C/security.xml:301(programlisting)
6275
6300
#, no-wrap
6276
6301
msgid ""
6277
6302
"\n"
6278
6303
"AllowGroups sshlogin\n"
6279
6304
msgstr ""
6280
6305
6281
#: serverguide/C/security.xml:319(para)
6306
#: serverguide/C/security.xml:304(para)
6282
6307
msgid ""
6283
6308
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6284
6309
"SSH service."
6285
6310
msgstr ""
6286
6311
6287
#: serverguide/C/security.xml:323(command)
6312
#: serverguide/C/security.xml:308(command)
6288
6313
msgid "sudo adduser username sshlogin"
6289
6314
msgstr ""
6290
6315
6291
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6316
#: serverguide/C/security.xml:309(command)
6292
6317
msgid "sudo service ssh restart"
6293
6318
msgstr ""
6294
6319
6295
#: serverguide/C/security.xml:328(title)
6320
#: serverguide/C/security.xml:313(title)
6296
6321
msgid "External User Database Authentication"
6297
6322
msgstr ""
6298
6323
6299
#: serverguide/C/security.xml:329(para)
6324
#: serverguide/C/security.xml:314(para)
6300
6325
msgid ""
6301
6326
"Most enterprise networks require centralized authentication and access "
6302
6327
"controls for all system resources. If you have configured your server to "
6305
6330
"fallback authentication is not possible."
6306
6331
msgstr ""
6307
6332
6308
#: serverguide/C/security.xml:338(title)
6333
#: serverguide/C/security.xml:323(title)
6309
6334
msgid "Console Security"
6310
6335
msgstr ""
6311
6336
6312
#: serverguide/C/security.xml:339(para)
6337
#: serverguide/C/security.xml:324(para)
6313
6338
msgid ""
6314
6339
"As with any other security barrier you put in place to protect your server, "
6315
6340
"it is pretty tough to defend against untold damage caused by someone with "
6321
6346
"basic precautions with regard to console security."
6322
6347
msgstr ""
6323
6348
6324
#: serverguide/C/security.xml:342(para)
6349
#: serverguide/C/security.xml:327(para)
6325
6350
msgid ""
6326
6351
"The following instructions will help defend your server against issues that "
6327
6352
"could otherwise yield very serious consequences."
6328
6353
msgstr ""
6329
6354
6330
#: serverguide/C/security.xml:347(title)
6355
#: serverguide/C/security.xml:332(title)
6331
6356
msgid "Disable Ctrl+Alt+Delete"
6332
6357
msgstr ""
6333
6358
6334
#: serverguide/C/security.xml:348(para)
6359
#: serverguide/C/security.xml:333(para)
6335
6360
msgid ""
6336
6361
"First and foremost, anyone that has physical access to the keyboard can "
6337
6362
"simply use the "
6343
6368
"prevent accidental reboots at the same time."
6344
6369
msgstr ""
6345
6370
6346
#: serverguide/C/security.xml:353(para)
6371
#: serverguide/C/security.xml:338(para)
6347
6372
msgid ""
6348
6373
"To disable the reboot action taken by pressing the "
6349
6374
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6351
6376
"<filename>/etc/init/control-alt-delete.conf</filename>."
6352
6377
msgstr ""
6353
6378
6354
#: serverguide/C/security.xml:356(programlisting)
6379
#: serverguide/C/security.xml:341(programlisting)
6355
6380
#, no-wrap
6356
6381
msgid ""
6357
6382
"\n"
6358
6383
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6359
6384
msgstr ""
6360
6385
6361
#: serverguide/C/security.xml:365(title)
6386
#: serverguide/C/security.xml:350(title)
6362
6387
msgid "Firewall"
6363
6388
msgstr ""
6364
6389
6365
#: serverguide/C/security.xml:368(para)
6390
#: serverguide/C/security.xml:353(para)
6366
6391
msgid ""
6367
6392
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6368
6393
"which is used to manipulate or decide the fate of network traffic headed "
6370
6395
"system for packet filtering."
6371
6396
msgstr ""
6372
6397
6373
#: serverguide/C/security.xml:373(para)
6398
#: serverguide/C/security.xml:358(para)
6374
6399
msgid ""
6375
6400
"The kernel's packet filtering system would be of little use to "
6376
6401
"administrators without a userspace interface to manage it. This is the "
6381
6406
"but many frontends are available to simplify the task."
6382
6407
msgstr ""
6383
6408
6384
#: serverguide/C/security.xml:383(title)
6409
#: serverguide/C/security.xml:368(title)
6385
6410
msgid "ufw - Uncomplicated Firewall"
6386
6411
msgstr ""
6387
6412
6388
#: serverguide/C/security.xml:384(para)
6413
#: serverguide/C/security.xml:369(para)
6389
6414
msgid ""
6390
6415
"The default firewall configuration tool for Ubuntu is "
6391
6416
"<application>ufw</application>. Developed to ease iptables firewall "
6393
6418
"to create an IPv4 or IPv6 host-based firewall."
6394
6419
msgstr ""
6395
6420
6396
#: serverguide/C/security.xml:388(para)
6421
#: serverguide/C/security.xml:373(para)
6397
6422
msgid ""
6398
6423
"<application>ufw</application> by default is initially disabled. From the "
6399
6424
"<application>ufw</application> man page:"
6400
6425
msgstr ""
6401
6426
6402
#: serverguide/C/security.xml:392(quote)
6427
#: serverguide/C/security.xml:377(quote)
6403
6428
msgid ""
6404
6429
"ufw is not intended to provide complete firewall functionality via its "
6405
6430
"command interface, but instead provides an easy way to add or remove simple "
6406
6431
"rules. It is currently mainly used for host-based firewalls."
6407
6432
msgstr ""
6408
6433
6409
#: serverguide/C/security.xml:396(para)
6434
#: serverguide/C/security.xml:381(para)
6410
6435
msgid ""
6411
6436
"The following are some examples of how to use <application>ufw</application>:"
6412
6437
msgstr ""
6413
6438
6414
#: serverguide/C/security.xml:401(para)
6439
#: serverguide/C/security.xml:386(para)
6415
6440
msgid ""
6416
6441
"First, <application>ufw</application> needs to be enabled. From a terminal "
6417
6442
"prompt enter:"
6418
6443
msgstr ""
6419
6444
6420
#: serverguide/C/security.xml:405(command)
6445
#: serverguide/C/security.xml:390(command)
6421
6446
msgid "sudo ufw enable"
6422
6447
msgstr ""
6423
6448
6424
#: serverguide/C/security.xml:409(para)
6449
#: serverguide/C/security.xml:394(para)
6425
6450
msgid "To open a port (ssh in this example):"
6426
6451
msgstr ""
6427
6452
6428
#: serverguide/C/security.xml:413(command)
6453
#: serverguide/C/security.xml:398(command)
6429
6454
msgid "sudo ufw allow 22"
6430
6455
msgstr ""
6431
6456
6432
#: serverguide/C/security.xml:417(para)
6457
#: serverguide/C/security.xml:402(para)
6433
6458
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6434
6459
msgstr ""
6435
6460
6436
#: serverguide/C/security.xml:421(command)
6461
#: serverguide/C/security.xml:406(command)
6437
6462
msgid "sudo ufw insert 1 allow 80"
6438
6463
msgstr ""
6439
6464
6440
#: serverguide/C/security.xml:425(para)
6465
#: serverguide/C/security.xml:410(para)
6441
6466
msgid "Similarly, to close an opened port:"
6442
6467
msgstr ""
6443
6468
6444
#: serverguide/C/security.xml:429(command)
6469
#: serverguide/C/security.xml:414(command)
6445
6470
msgid "sudo ufw deny 22"
6446
6471
msgstr ""
6447
6472
6448
#: serverguide/C/security.xml:433(para)
6473
#: serverguide/C/security.xml:418(para)
6449
6474
msgid "To remove a rule, use delete followed by the rule:"
6450
6475
msgstr ""
6451
6476
6452
#: serverguide/C/security.xml:437(command)
6477
#: serverguide/C/security.xml:422(command)
6453
6478
msgid "sudo ufw delete deny 22"
6454
6479
msgstr ""
6455
6480
6456
#: serverguide/C/security.xml:441(para)
6481
#: serverguide/C/security.xml:426(para)
6457
6482
msgid ""
6458
6483
"It is also possible to allow access from specific hosts or networks to a "
6459
6484
"port. The following example allows ssh access from host 192.168.0.2 to any "
6460
6485
"ip address on this host:"
6461
6486
msgstr ""
6462
6487
6463
#: serverguide/C/security.xml:446(command)
6488
#: serverguide/C/security.xml:431(command)
6464
6489
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6465
6490
msgstr ""
6466
6491
6467
#: serverguide/C/security.xml:448(para)
6492
#: serverguide/C/security.xml:433(para)
6468
6493
msgid ""
6469
6494
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6470
6495
"subnet."
6471
6496
msgstr ""
6472
6497
6473
#: serverguide/C/security.xml:454(para)
6498
#: serverguide/C/security.xml:439(para)
6474
6499
msgid ""
6475
6500
"Adding the <emphasis>--dry-run</emphasis> option to a "
6476
6501
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6478
6503
"the HTTP port:"
6479
6504
msgstr ""
6480
6505
6481
#: serverguide/C/security.xml:460(command)
6506
#: serverguide/C/security.xml:445(command)
6482
6507
msgid "sudo ufw --dry-run allow http"
6483
6508
msgstr ""
6484
6509
6485
#: serverguide/C/security.xml:464(computeroutput)
6510
#: serverguide/C/security.xml:449(computeroutput)
6486
6511
#, no-wrap
6487
6512
msgid ""
6488
6513
"*filter\n"
6508
6533
"Rules updated"
6509
6534
msgstr ""
6510
6535
6511
#: serverguide/C/security.xml:488(para)
6536
#: serverguide/C/security.xml:473(para)
6512
6537
msgid "<application>ufw</application> can be disabled by:"
6513
6538
msgstr ""
6514
6539
6515
#: serverguide/C/security.xml:492(command)
6540
#: serverguide/C/security.xml:477(command)
6516
6541
msgid "sudo ufw disable"
6517
6542
msgstr ""
6518
6543
6519
#: serverguide/C/security.xml:496(para)
6544
#: serverguide/C/security.xml:481(para)
6520
6545
msgid "To see the firewall status, enter:"
6521
6546
msgstr ""
6522
6547
6523
#: serverguide/C/security.xml:500(command)
6548
#: serverguide/C/security.xml:485(command)
6524
6549
msgid "sudo ufw status"
6525
6550
msgstr ""
6526
6551
6527
#: serverguide/C/security.xml:504(para)
6552
#: serverguide/C/security.xml:489(para)
6528
6553
msgid "And for more verbose status information use:"
6529
6554
msgstr ""
6530
6555
6531
#: serverguide/C/security.xml:508(command)
6556
#: serverguide/C/security.xml:493(command)
6532
6557
msgid "sudo ufw status verbose"
6533
6558
msgstr ""
6534
6559
6535
#: serverguide/C/security.xml:512(para)
6560
#: serverguide/C/security.xml:497(para)
6536
6561
msgid "To view the <emphasis>numbered</emphasis> format:"
6537
6562
msgstr ""
6538
6563
6539
#: serverguide/C/security.xml:516(command)
6564
#: serverguide/C/security.xml:501(command)
6540
6565
msgid "sudo ufw status numbered"
6541
6566
msgstr ""
6542
6567
6543
#: serverguide/C/security.xml:521(para)
6568
#: serverguide/C/security.xml:506(para)
6544
6569
msgid ""
6545
6570
"If the port you want to open or close is defined in "
6546
6571
"<filename>/etc/services</filename>, you can use the port name instead of the "
6548
6573
"<emphasis>ssh</emphasis>."
6549
6574
msgstr ""
6550
6575
6551
#: serverguide/C/security.xml:527(para)
6576
#: serverguide/C/security.xml:512(para)
6552
6577
msgid ""
6553
6578
"This is a quick introduction to using <application>ufw</application>. Please "
6554
6579
"refer to the <application>ufw</application> man page for more information."
6555
6580
msgstr ""
6556
6581
6557
#: serverguide/C/security.xml:533(title)
6582
#: serverguide/C/security.xml:518(title)
6558
6583
msgid "ufw Application Integration"
6559
6584
msgstr ""
6560
6585
6561
#: serverguide/C/security.xml:535(para)
6586
#: serverguide/C/security.xml:520(para)
6562
6587
msgid ""
6563
6588
"Applications that open ports can include an <application>ufw</application> "
6564
6589
"profile, which details the ports needed for the application to function "
6567
6592
"the default ports have been changed."
6568
6593
msgstr ""
6569
6594
6570
#: serverguide/C/security.xml:544(para)
6595
#: serverguide/C/security.xml:529(para)
6571
6596
msgid ""
6572
6597
"To view which applications have installed a profile, enter the following in "
6573
6598
"a terminal:"
6574
6599
msgstr ""
6575
6600
6576
#: serverguide/C/security.xml:549(command)
6601
#: serverguide/C/security.xml:534(command)
6577
6602
msgid "sudo ufw app list"
6578
6603
msgstr ""
6579
6604
6580
#: serverguide/C/security.xml:555(para)
6605
#: serverguide/C/security.xml:540(para)
6581
6606
msgid ""
6582
6607
"Similar to allowing traffic to a port, using an application profile is "
6583
6608
"accomplished by entering:"
6584
6609
msgstr ""
6585
6610
6586
#: serverguide/C/security.xml:560(command)
6611
#: serverguide/C/security.xml:545(command)
6587
6612
msgid "sudo ufw allow Samba"
6588
6613
msgstr ""
6589
6614
6590
#: serverguide/C/security.xml:566(para)
6615
#: serverguide/C/security.xml:551(para)
6591
6616
msgid "An extended syntax is available as well:"
6592
6617
msgstr ""
6593
6618
6594
#: serverguide/C/security.xml:571(command)
6619
#: serverguide/C/security.xml:556(command)
6595
6620
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6596
6621
msgstr ""
6597
6622
6598
#: serverguide/C/security.xml:574(para)
6623
#: serverguide/C/security.xml:559(para)
6599
6624
msgid ""
6600
6625
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6601
6626
"with the application profile you are using and the IP range for your network."
6602
6627
msgstr ""
6603
6628
6604
#: serverguide/C/security.xml:580(para)
6629
#: serverguide/C/security.xml:565(para)
6605
6630
msgid ""
6606
6631
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6607
6632
"application, because that information is detailed in the profile. Also, note "
6609
6634
"<emphasis>port</emphasis> number."
6610
6635
msgstr ""
6611
6636
6612
#: serverguide/C/security.xml:589(para)
6637
#: serverguide/C/security.xml:574(para)
6613
6638
msgid ""
6614
6639
"To view details about which ports, protocols, etc are defined for an "
6615
6640
"application, enter:"
6616
6641
msgstr ""
6617
6642
6618
#: serverguide/C/security.xml:594(command)
6643
#: serverguide/C/security.xml:579(command)
6619
6644
msgid "sudo ufw app info Samba"
6620
6645
msgstr ""
6621
6646
6622
#: serverguide/C/security.xml:600(para)
6647
#: serverguide/C/security.xml:585(para)
6623
6648
msgid ""
6624
6649
"Not all applications that require opening a network port come with "
6625
6650
"<application>ufw</application> profiles, but if you have profiled an "
6627
6652
"bug against the package in Launchpad."
6628
6653
msgstr ""
6629
6654
6630
#: serverguide/C/security.xml:606(command)
6655
#: serverguide/C/security.xml:591(command)
6631
6656
msgid "ubuntu-bug nameofpackage"
6632
6657
msgstr ""
6633
6658
6634
#: serverguide/C/security.xml:612(title)
6659
#: serverguide/C/security.xml:597(title)
6635
6660
msgid "IP Masquerading"
6636
6661
msgstr ""
6637
6662
6638
#: serverguide/C/security.xml:613(para)
6663
#: serverguide/C/security.xml:598(para)
6639
6664
msgid ""
6640
6665
"The purpose of IP Masquerading is to allow machines with private, non-"
6641
6666
"routable IP addresses on your network to access the Internet through the "
6652
6677
"to in Microsoft documentation as Internet Connection Sharing."
6653
6678
msgstr ""
6654
6679
6655
#: serverguide/C/security.xml:629(title)
6680
#: serverguide/C/security.xml:614(title)
6656
6681
msgid "ufw Masquerading"
6657
6682
msgstr ""
6658
6683
6659
#: serverguide/C/security.xml:630(para)
6684
#: serverguide/C/security.xml:615(para)
6660
6685
msgid ""
6661
6686
"IP Masquerading can be achieved using custom <application>ufw</application> "
6662
6687
"rules. This is possible because the current back-end for "
6667
6692
"that are more network gateway or bridge related."
6668
6693
msgstr ""
6669
6694
6670
#: serverguide/C/security.xml:636(para)
6695
#: serverguide/C/security.xml:621(para)
6671
6696
msgid ""
6672
6697
"The rules are split into two different files, rules that should be executed "
6673
6698
"before <application>ufw</application> command line rules, and rules that are "
6674
6699
"executed after <application>ufw</application> command line rules."
6675
6700
msgstr ""
6676
6701
6677
#: serverguide/C/security.xml:642(para)
6702
#: serverguide/C/security.xml:627(para)
6678
6703
msgid ""
6679
6704
"First, packet forwarding needs to be enabled in "
6680
6705
"<application>ufw</application>. Two configuration files will need to be "
6682
6707
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6683
6708
msgstr ""
6684
6709
6685
#: serverguide/C/security.xml:646(programlisting)
6710
#: serverguide/C/security.xml:631(programlisting)
6686
6711
#, no-wrap
6687
6712
msgid ""
6688
6713
"\n"
6689
6714
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6690
6715
msgstr ""
6691
6716
6692
#: serverguide/C/security.xml:649(para)
6717
#: serverguide/C/security.xml:634(para)
6693
6718
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6694
6719
msgstr ""
6695
6720
6696
#: serverguide/C/security.xml:652(programlisting)
6721
#: serverguide/C/security.xml:637(programlisting)
6697
6722
#, no-wrap
6698
6723
msgid ""
6699
6724
"\n"
6700
6725
"net/ipv4/ip_forward=1\n"
6701
6726
msgstr ""
6702
6727
6703
#: serverguide/C/security.xml:655(para)
6728
#: serverguide/C/security.xml:640(para)
6704
6729
msgid "Similarly, for IPv6 forwarding uncomment:"
6705
6730
msgstr ""
6706
6731
6707
#: serverguide/C/security.xml:658(programlisting)
6732
#: serverguide/C/security.xml:643(programlisting)
6708
6733
#, no-wrap
6709
6734
msgid ""
6710
6735
"\n"
6711
6736
"net/ipv6/conf/default/forwarding=1\n"
6712
6737
msgstr ""
6713
6738
6714
#: serverguide/C/security.xml:663(para)
6739
#: serverguide/C/security.xml:648(para)
6715
6740
msgid ""
6716
6741
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6717
6742
"file. The default rules only configure the <emphasis>filter</emphasis> "
6720
6745
"the header comments:"
6721
6746
msgstr ""
6722
6747
6723
#: serverguide/C/security.xml:668(programlisting)
6748
#: serverguide/C/security.xml:653(programlisting)
6724
6749
#, no-wrap
6725
6750
msgid ""
6726
6751
"\n"
6736
6761
"COMMIT\n"
6737
6762
msgstr ""
6738
6763
6739
#: serverguide/C/security.xml:679(para)
6764
#: serverguide/C/security.xml:664(para)
6740
6765
msgid ""
6741
6766
"The comments are not strictly necessary, but it is considered good practice "
6742
6767
"to document your configuration. Also, when modifying any of the "
6745
6770
"line for each table modified:"
6746
6771
msgstr ""
6747
6772
6748
#: serverguide/C/security.xml:685(programlisting)
6773
#: serverguide/C/security.xml:670(programlisting)
6749
6774
#, no-wrap
6750
6775
msgid ""
6751
6776
"\n"
6753
6778
"COMMIT\n"
6754
6779
msgstr ""
6755
6780
6756
#: serverguide/C/security.xml:690(para)
6781
#: serverguide/C/security.xml:675(para)
6757
6782
msgid ""
6758
6783
"For each <emphasis>Table</emphasis> a corresponding "
6759
6784
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6762
6787
"<emphasis>mangle</emphasis> tables."
6763
6788
msgstr ""
6764
6789
6765
#: serverguide/C/security.xml:697(para)
6790
#: serverguide/C/security.xml:682(para)
6766
6791
msgid ""
6767
6792
"In the above example replace <emphasis>eth0</emphasis>, "
6768
6793
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6769
6794
"appropriate interfaces and IP range for your network."
6770
6795
msgstr ""
6771
6796
6772
#: serverguide/C/security.xml:705(para)
6797
#: serverguide/C/security.xml:690(para)
6773
6798
msgid ""
6774
6799
"Finally, disable and re-enable <application>ufw</application> to apply the "
6775
6800
"changes:"
6776
6801
msgstr ""
6777
6802
6778
#: serverguide/C/security.xml:709(command)
6803
#: serverguide/C/security.xml:694(command)
6779
6804
msgid "sudo ufw disable && sudo ufw enable"
6780
6805
msgstr ""
6781
6806
6782
#: serverguide/C/security.xml:713(para)
6807
#: serverguide/C/security.xml:698(para)
6783
6808
msgid ""
6784
6809
"IP Masquerading should now be enabled. You can also add any additional "
6785
6810
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6787
6812
"forward</emphasis> chain."
6788
6813
msgstr ""
6789
6814
6790
#: serverguide/C/security.xml:720(title)
6815
#: serverguide/C/security.xml:705(title)
6791
6816
msgid "iptables Masquerading"
6792
6817
msgstr ""
6793
6818
6794
#: serverguide/C/security.xml:721(para)
6819
#: serverguide/C/security.xml:706(para)
6795
6820
msgid ""
6796
6821
"<application>iptables</application> can also be used to enable Masquerading."
6797
6822
msgstr ""
6798
6823
6799
#: serverguide/C/security.xml:726(para)
6824
#: serverguide/C/security.xml:711(para)
6800
6825
msgid ""
6801
6826
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6802
6827
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6803
6828
"uncomment the following line"
6804
6829
msgstr ""
6805
6830
6806
#: serverguide/C/security.xml:730(programlisting)
6831
#: serverguide/C/security.xml:715(programlisting)
6807
6832
#, no-wrap
6808
6833
msgid ""
6809
6834
"\n"
6810
6835
"net.ipv4.ip_forward=1\n"
6811
6836
msgstr ""
6812
6837
6813
#: serverguide/C/security.xml:733(para)
6838
#: serverguide/C/security.xml:718(para)
6814
6839
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6815
6840
msgstr ""
6816
6841
6817
#: serverguide/C/security.xml:736(programlisting)
6842
#: serverguide/C/security.xml:721(programlisting)
6818
6843
#, no-wrap
6819
6844
msgid ""
6820
6845
"\n"
6821
6846
"net.ipv6.conf.default.forwarding=1\n"
6822
6847
msgstr ""
6823
6848
6824
#: serverguide/C/security.xml:741(para)
6849
#: serverguide/C/security.xml:726(para)
6825
6850
msgid ""
6826
6851
"Next, execute the <application>sysctl</application> command to enable the "
6827
6852
"new settings in the configuration file:"
6828
6853
msgstr ""
6829
6854
6830
#: serverguide/C/security.xml:745(command)
6855
#: serverguide/C/security.xml:730(command)
6831
6856
msgid "sudo sysctl -p"
6832
6857
msgstr ""
6833
6858
6834
#: serverguide/C/security.xml:749(para)
6859
#: serverguide/C/security.xml:734(para)
6835
6860
msgid ""
6836
6861
"IP Masquerading can now be accomplished with a single iptables rule, which "
6837
6862
"may differ slightly based on your network configuration:"
6838
6863
msgstr ""
6839
6864
6840
#: serverguide/C/security.xml:752(screen)
6865
#: serverguide/C/security.xml:737(screen)
6841
6866
#, no-wrap
6842
6867
msgid ""
6843
6868
"\n"
6844
6869
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6845
6870
msgstr ""
6846
6871
6847
#: serverguide/C/security.xml:755(para)
6872
#: serverguide/C/security.xml:740(para)
6848
6873
msgid ""
6849
6874
"The above command assumes that your private address space is 192.168.0.0/16 "
6850
6875
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6851
6876
"follows:"
6852
6877
msgstr ""
6853
6878
6854
#: serverguide/C/security.xml:760(para)
6879
#: serverguide/C/security.xml:745(para)
6855
6880
msgid "-t nat -- the rule is to go into the nat table"
6856
6881
msgstr ""
6857
6882
6858
#: serverguide/C/security.xml:761(para)
6883
#: serverguide/C/security.xml:746(para)
6859
6884
msgid ""
6860
6885
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6861
6886
msgstr ""
6862
6887
6863
#: serverguide/C/security.xml:762(para)
6888
#: serverguide/C/security.xml:747(para)
6864
6889
msgid ""
6865
6890
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6866
6891
"specified address space"
6867
6892
msgstr ""
6868
6893
6869
#: serverguide/C/security.xml:763(para)
6894
#: serverguide/C/security.xml:748(para)
6870
6895
msgid ""
6871
6896
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6872
6897
"specified network device"
6873
6898
msgstr ""
6874
6899
6875
#: serverguide/C/security.xml:765(para)
6900
#: serverguide/C/security.xml:750(para)
6876
6901
msgid ""
6877
6902
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6878
6903
"MASQUERADE target to be manipulated as described above"
6879
6904
msgstr ""
6880
6905
6881
#: serverguide/C/security.xml:773(para)
6906
#: serverguide/C/security.xml:758(para)
6882
6907
msgid ""
6883
6908
"Also, each chain in the filter table (the default table, and where most or "
6884
6909
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6888
6913
"above rule to work:"
6889
6914
msgstr ""
6890
6915
6891
#: serverguide/C/security.xml:780(screen)
6916
#: serverguide/C/security.xml:765(screen)
6892
6917
#, no-wrap
6893
6918
msgid ""
6894
6919
"\n"
6897
6922
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6898
6923
msgstr ""
6899
6924
6900
#: serverguide/C/security.xml:785(para)
6925
#: serverguide/C/security.xml:770(para)
6901
6926
msgid ""
6902
6927
"The above commands will allow all connections from your local network to the "
6903
6928
"Internet and all traffic related to those connections to return to the "
6904
6929
"machine that initiated them."
6905
6930
msgstr ""
6906
6931
6907
#: serverguide/C/security.xml:792(para)
6932
#: serverguide/C/security.xml:777(para)
6908
6933
msgid ""
6909
6934
"If you want masquerading to be enabled on reboot, which you probably do, "
6910
6935
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6911
6936
"example add the first command with no filtering:"
6912
6937
msgstr ""
6913
6938
6914
#: serverguide/C/security.xml:796(screen)
6939
#: serverguide/C/security.xml:781(screen)
6915
6940
#, no-wrap
6916
6941
msgid ""
6917
6942
"\n"
6918
6943
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6919
6944
msgstr ""
6920
6945
6921
#: serverguide/C/security.xml:804(title)
6946
#: serverguide/C/security.xml:789(title)
6922
6947
msgid "Logs"
6923
6948
msgstr ""
6924
6949
6925
#: serverguide/C/security.xml:805(para)
6950
#: serverguide/C/security.xml:790(para)
6926
6951
msgid ""
6927
6952
"Firewall logs are essential for recognizing attacks, troubleshooting your "
6928
6953
"firewall rules, and noticing unusual activity on your network. You must "
6932
6957
"REJECT)."
6933
6958
msgstr ""
6934
6959
6935
#: serverguide/C/security.xml:812(para)
6960
#: serverguide/C/security.xml:797(para)
6936
6961
msgid ""
6937
6962
"If you are using <application>ufw</application>, you can turn on logging by "
6938
6963
"entering the following in a terminal:"
6939
6964
msgstr ""
6940
6965
6941
#: serverguide/C/security.xml:816(command)
6966
#: serverguide/C/security.xml:801(command)
6942
6967
msgid "sudo ufw logging on"
6943
6968
msgstr ""
6944
6969
6945
#: serverguide/C/security.xml:818(para)
6970
#: serverguide/C/security.xml:803(para)
6946
6971
msgid ""
6947
6972
"To turn logging off in <application>ufw</application>, simply replace "
6948
6973
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
6949
6974
"role=\"italic\">off</emphasis> in the above command."
6950
6975
msgstr ""
6951
6976
6952
#: serverguide/C/security.xml:821(para)
6977
#: serverguide/C/security.xml:806(para)
6953
6978
msgid ""
6954
6979
"If using <application>iptables</application> instead of "
6955
6980
"<application>ufw</application>, enter:"
6956
6981
msgstr ""
6957
6982
6958
#: serverguide/C/security.xml:824(screen)
6983
#: serverguide/C/security.xml:809(screen)
6959
6984
#, no-wrap
6960
6985
msgid ""
6961
6986
"\n"
6963
6988
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
6964
6989
msgstr ""
6965
6990
6966
#: serverguide/C/security.xml:828(para)
6991
#: serverguide/C/security.xml:813(para)
6967
6992
msgid ""
6968
6993
"A request on port 80 from the local machine, then, would generate a log in "
6969
6994
"dmesg that looks like this (single line split into 3 to fit this document):"
6979
7004
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
6980
7005
msgstr ""
6981
7006
6982
#: serverguide/C/security.xml:836(para)
7007
#: serverguide/C/security.xml:822(para)
6983
7008
msgid ""
6984
7009
"The above log will also appear in <filename>/var/log/messages</filename>, "
6985
7010
"<filename>/var/log/syslog</filename>, and "
6996
7021
"or <application>lire</application>."
6997
7022
msgstr ""
6998
7023
6999
#: serverguide/C/security.xml:851(title)
7024
#: serverguide/C/security.xml:837(title)
7000
7025
msgid "Other Tools"
7001
7026
msgstr ""
7002
7027
7003
#: serverguide/C/security.xml:852(para)
7028
#: serverguide/C/security.xml:838(para)
7004
7029
msgid ""
7005
7030
"There are many tools available to help you construct a complete firewall "
7006
7031
"without intimate knowledge of iptables. For the GUI-inclined:"
7007
7032
msgstr ""
7008
7033
7009
#: serverguide/C/security.xml:858(para)
7034
#: serverguide/C/security.xml:844(para)
7010
7035
msgid ""
7011
7036
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7012
7037
"and will look familiar to an administrator who has used a commercial "
7013
7038
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7014
7039
msgstr ""
7015
7040
7016
#: serverguide/C/security.xml:864(para)
7041
#: serverguide/C/security.xml:850(para)
7017
7042
msgid ""
7018
7043
"If you prefer a command-line tool with plain-text configuration files:"
7019
7044
msgstr ""
7020
7045
7021
#: serverguide/C/security.xml:869(para)
7046
#: serverguide/C/security.xml:855(para)
7022
7047
msgid ""
7023
7048
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7024
7049
"powerful solution to help you configure an advanced firewall for any network."
7025
7050
msgstr ""
7026
7051
7027
#: serverguide/C/security.xml:880(para)
7052
#: serverguide/C/security.xml:866(para)
7028
7053
msgid ""
7029
7054
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7030
7055
"Firewall</ulink> wiki page contains information on the development of "
7031
7056
"<application>ufw</application>."
7032
7057
msgstr ""
7033
7058
7034
#: serverguide/C/security.xml:886(para)
7059
#: serverguide/C/security.xml:872(para)
7035
7060
msgid ""
7036
7061
"Also, the <application>ufw</application> manual page contains some very "
7037
7062
"useful information: <command>man ufw</command>."
7038
7063
msgstr ""
7039
7064
7040
#: serverguide/C/security.xml:891(para)
7065
#: serverguide/C/security.xml:877(para)
7041
7066
msgid ""
7042
7067
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7043
7068
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7044
7069
"on using <application>iptables</application>."
7045
7070
msgstr ""
7046
7071
7047
#: serverguide/C/security.xml:897(para)
7072
#: serverguide/C/security.xml:883(para)
7048
7073
msgid ""
7049
7074
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7050
7075
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7051
7076
msgstr ""
7052
7077
7053
#: serverguide/C/security.xml:903(para)
7078
#: serverguide/C/security.xml:889(para)
7054
7079
msgid ""
7055
7080
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7056
7081
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7057
7082
msgstr ""
7058
7083
7059
#: serverguide/C/security.xml:911(title)
7084
#: serverguide/C/security.xml:897(title)
7060
7085
msgid "AppArmor"
7061
7086
msgstr ""
7062
7087
7063
#: serverguide/C/security.xml:912(para)
7088
#: serverguide/C/security.xml:898(para)
7064
7089
msgid ""
7065
7090
"<application>AppArmor</application> is a Linux Security Module "
7066
7091
"implementation of name-based mandatory access controls. AppArmor confines "
7068
7093
"capabilities."
7069
7094
msgstr ""
7070
7095
7071
#: serverguide/C/security.xml:916(para)
7096
#: serverguide/C/security.xml:902(para)
7072
7097
msgid ""
7073
7098
"<application>AppArmor</application> is installed and loaded by default. It "
7074
7099
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7077
7102
"<application>apparmor-profiles</application> package."
7078
7103
msgstr ""
7079
7104
7080
#: serverguide/C/security.xml:921(para)
7105
#: serverguide/C/security.xml:907(para)
7081
7106
msgid ""
7082
7107
"To install the <application>apparmor-profiles</application> package from a "
7083
7108
"terminal prompt:"
7084
7109
msgstr ""
7085
7110
7086
#: serverguide/C/security.xml:925(command)
7111
#: serverguide/C/security.xml:911(command)
7087
7112
msgid "sudo apt-get install apparmor-profiles"
7088
7113
msgstr ""
7089
7114
7090
#: serverguide/C/security.xml:927(para)
7115
#: serverguide/C/security.xml:913(para)
7091
7116
msgid "AppArmor profiles have two modes of execution:"
7092
7117
msgstr ""
7093
7118
7094
#: serverguide/C/security.xml:932(para)
7119
#: serverguide/C/security.xml:918(para)
7095
7120
msgid ""
7096
7121
"Complaining/Learning: profile violations are permitted and logged. Useful "
7097
7122
"for testing and developing new profiles."
7098
7123
msgstr ""
7099
7124
7100
#: serverguide/C/security.xml:937(para)
7125
#: serverguide/C/security.xml:923(para)
7101
7126
msgid ""
7102
7127
"Enforced/Confined: enforces profile policy as well as logging the violation."
7103
7128
msgstr ""
7104
7129
7105
#: serverguide/C/security.xml:943(title)
7130
#: serverguide/C/security.xml:929(title)
7106
7131
msgid "Using AppArmor"
7107
7132
msgstr ""
7108
7133
7109
#: serverguide/C/security.xml:944(para)
7134
#: serverguide/C/security.xml:945(para)
7135
msgid ""
7136
"This section is plagued by a bug (<ulink "
7137
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7138
"#1304134</ulink>) and instructions will not work as advertised."
7139
msgstr ""
7140
7141
#: serverguide/C/security.xml:930(para)
7110
7142
msgid ""
7111
7143
"The <application>apparmor-utils</application> package contains command line "
7112
7144
"utilities that you can use to change the <application>AppArmor</application> "
7113
7145
"execution mode, find the status of a profile, create new profiles, etc."
7114
7146
msgstr ""
7115
7147
7116
#: serverguide/C/security.xml:950(para)
7148
#: serverguide/C/security.xml:936(para)
7117
7149
msgid ""
7118
7150
"<application>apparmor_status</application> is used to view the current "
7119
7151
"status of AppArmor profiles."
7120
7152
msgstr ""
7121
7153
7122
#: serverguide/C/security.xml:954(command)
7154
#: serverguide/C/security.xml:940(command)
7123
7155
msgid "sudo apparmor_status"
7124
7156
msgstr ""
7125
7157
7126
#: serverguide/C/security.xml:958(para)
7158
#: serverguide/C/security.xml:944(para)
7127
7159
msgid ""
7128
7160
"<application>aa-complain</application> places a profile into "
7129
7161
"<emphasis>complain</emphasis> mode."
7130
7162
msgstr ""
7131
7163
7132
#: serverguide/C/security.xml:962(command)
7164
#: serverguide/C/security.xml:948(command)
7133
7165
msgid "sudo aa-complain /path/to/bin"
7134
7166
msgstr ""
7135
7167
7136
#: serverguide/C/security.xml:966(para)
7168
#: serverguide/C/security.xml:952(para)
7137
7169
msgid ""
7138
7170
"<application>aa-enforce</application> places a profile into "
7139
7171
"<emphasis>enforce</emphasis> mode."
7140
7172
msgstr ""
7141
7173
7142
#: serverguide/C/security.xml:970(command)
7174
#: serverguide/C/security.xml:956(command)
7143
7175
msgid "sudo aa-enforce /path/to/bin"
7144
7176
msgstr ""
7145
7177
7146
#: serverguide/C/security.xml:974(para)
7178
#: serverguide/C/security.xml:960(para)
7147
7179
msgid ""
7148
7180
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7149
7181
"profiles are located. It can be used to manipulate the "
7150
7182
"<emphasis>mode</emphasis> of all profiles."
7151
7183
msgstr ""
7152
7184
7153
#: serverguide/C/security.xml:978(para)
7185
#: serverguide/C/security.xml:964(para)
7154
7186
msgid "Enter the following to place all profiles into complain mode:"
7155
7187
msgstr ""
7156
7188
7157
#: serverguide/C/security.xml:982(command)
7189
#: serverguide/C/security.xml:968(command)
7158
7190
msgid "sudo aa-complain /etc/apparmor.d/*"
7159
7191
msgstr ""
7160
7192
7161
#: serverguide/C/security.xml:984(para)
7193
#: serverguide/C/security.xml:970(para)
7162
7194
msgid "To place all profiles in enforce mode:"
7163
7195
msgstr ""
7164
7196
7165
#: serverguide/C/security.xml:988(command)
7197
#: serverguide/C/security.xml:974(command)
7166
7198
msgid "sudo aa-enforce /etc/apparmor.d/*"
7167
7199
msgstr ""
7168
7200
7169
#: serverguide/C/security.xml:992(para)
7201
#: serverguide/C/security.xml:978(para)
7170
7202
msgid ""
7171
7203
"<application>apparmor_parser</application> is used to load a profile into "
7172
7204
"the kernel. It can also be used to reload a currently loaded profile using "
7173
7205
"the <emphasis>-r</emphasis> option. To load a profile:"
7174
7206
msgstr ""
7175
7207
7176
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7208
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7177
7209
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7178
7210
msgstr ""
7179
7211
7180
#: serverguide/C/security.xml:999(para)
7212
#: serverguide/C/security.xml:985(para)
7181
7213
msgid "To reload a profile:"
7182
7214
msgstr ""
7183
7215
7184
#: serverguide/C/security.xml:1003(command)
7216
#: serverguide/C/security.xml:989(command)
7185
7217
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7186
7218
msgstr ""
7187
7219
7188
#: serverguide/C/security.xml:1007(para)
7220
#: serverguide/C/security.xml:1013(para)
7189
7221
msgid ""
7190
7222
"<filename>service apparmor</filename> can be used to "
7191
7223
"<emphasis>reload</emphasis> all profiles:"
7192
7224
msgstr ""
7193
7225
7194
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7226
#: serverguide/C/network-auth.xml:964(command)
7195
7227
msgid "sudo service apparmor reload"
7196
7228
msgstr ""
7197
7229
7198
#: serverguide/C/security.xml:1015(para)
7230
#: serverguide/C/security.xml:1001(para)
7199
7231
msgid ""
7200
7232
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7201
7233
"with the <application>apparmor_parser -R</application> option to "
7202
7234
"<emphasis>disable</emphasis> a profile."
7203
7235
msgstr ""
7204
7236
7205
#: serverguide/C/security.xml:1020(command)
7237
#: serverguide/C/security.xml:1006(command)
7206
7238
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7207
7239
msgstr ""
7208
7240
7209
#: serverguide/C/security.xml:1021(command)
7241
#: serverguide/C/security.xml:1007(command)
7210
7242
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7211
7243
msgstr ""
7212
7244
7213
#: serverguide/C/security.xml:1023(para)
7245
#: serverguide/C/security.xml:1009(para)
7214
7246
msgid ""
7215
7247
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7216
7248
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7217
7249
"load the profile using the <emphasis>-a</emphasis> option."
7218
7250
msgstr ""
7219
7251
7220
#: serverguide/C/security.xml:1028(command)
7252
#: serverguide/C/security.xml:1014(command)
7221
7253
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7222
7254
msgstr ""
7223
7255
7224
#: serverguide/C/security.xml:1033(para)
7256
#: serverguide/C/security.xml:1019(para)
7225
7257
msgid ""
7226
7258
"<application>AppArmor</application> can be disabled, and the kernel module "
7227
7259
"unloaded by entering the following:"
7228
7260
msgstr ""
7229
7261
7230
#: serverguide/C/security.xml:1037(command)
7262
#: serverguide/C/security.xml:1043(command)
7231
7263
msgid "sudo service apparmor stop"
7232
7264
msgstr ""
7233
7265
7234
#: serverguide/C/security.xml:1038(command)
7266
#: serverguide/C/security.xml:1024(command)
7235
7267
msgid "sudo update-rc.d -f apparmor remove"
7236
7268
msgstr ""
7237
7269
7238
#: serverguide/C/security.xml:1042(para)
7270
#: serverguide/C/security.xml:1028(para)
7239
7271
msgid "To re-enable <application>AppArmor</application> enter:"
7240
7272
msgstr ""
7241
7273
7242
#: serverguide/C/security.xml:1046(command)
7274
#: serverguide/C/security.xml:1052(command)
7243
7275
msgid "sudo service apparmor start"
7244
7276
msgstr ""
7245
7277
7246
#: serverguide/C/security.xml:1047(command)
7278
#: serverguide/C/security.xml:1033(command)
7247
7279
msgid "sudo update-rc.d apparmor defaults"
7248
7280
msgstr ""
7249
7281
7250
#: serverguide/C/security.xml:1052(para)
7282
#: serverguide/C/security.xml:1038(para)
7251
7283
msgid ""
7252
7284
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7253
7285
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7255
7287
"<application>ping</application> command use <filename>/bin/ping</filename>"
7256
7288
msgstr ""
7257
7289
7258
#: serverguide/C/security.xml:1060(title)
7290
#: serverguide/C/security.xml:1046(title)
7259
7291
msgid "Profiles"
7260
7292
msgstr ""
7261
7293
7262
#: serverguide/C/security.xml:1061(para)
7294
#: serverguide/C/security.xml:1047(para)
7263
7295
msgid ""
7264
7296
"<application>AppArmor</application> profiles are simple text files located "
7265
7297
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7268
7300
"profile for the <filename>/bin/ping</filename> command."
7269
7301
msgstr ""
7270
7302
7271
#: serverguide/C/security.xml:1067(para)
7303
#: serverguide/C/security.xml:1053(para)
7272
7304
msgid "There are two main type of rules used in profiles:"
7273
7305
msgstr ""
7274
7306
7275
#: serverguide/C/security.xml:1072(para)
7307
#: serverguide/C/security.xml:1058(para)
7276
7308
msgid ""
7277
7309
"<emphasis>Path entries:</emphasis> which detail which files an application "
7278
7310
"can access in the file system."
7279
7311
msgstr ""
7280
7312
7281
#: serverguide/C/security.xml:1077(para)
7313
#: serverguide/C/security.xml:1063(para)
7282
7314
msgid ""
7283
7315
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7284
7316
"confined process is allowed to use."
7285
7317
msgstr ""
7286
7318
7287
#: serverguide/C/security.xml:1082(para)
7319
#: serverguide/C/security.xml:1068(para)
7288
7320
msgid ""
7289
7321
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7290
7322
msgstr ""
7291
7323
7292
#: serverguide/C/security.xml:1085(programlisting)
7324
#: serverguide/C/security.xml:1071(programlisting)
7293
7325
#, no-wrap
7294
7326
msgid ""
7295
7327
"\n"
7308
7340
"}\n"
7309
7341
msgstr ""
7310
7342
7311
#: serverguide/C/security.xml:1102(para)
7343
#: serverguide/C/security.xml:1088(para)
7312
7344
msgid ""
7313
7345
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7314
7346
"from other files. This allows statements pertaining to multiple applications "
7315
7347
"to be placed in a common file."
7316
7348
msgstr ""
7317
7349
7318
#: serverguide/C/security.xml:1108(para)
7350
#: serverguide/C/security.xml:1094(para)
7319
7351
msgid ""
7320
7352
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7321
7353
"program, also setting the mode to <emphasis>complain</emphasis>."
7322
7354
msgstr ""
7323
7355
7324
#: serverguide/C/security.xml:1114(para)
7356
#: serverguide/C/security.xml:1100(para)
7325
7357
msgid ""
7326
7358
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7327
7359
"the CAP_NET_RAW Posix.1e capability."
7328
7360
msgstr ""
7329
7361
7330
#: serverguide/C/security.xml:1119(para)
7362
#: serverguide/C/security.xml:1105(para)
7331
7363
msgid ""
7332
7364
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7333
7365
"execute access to the file."
7334
7366
msgstr ""
7335
7367
7336
#: serverguide/C/security.xml:1125(para)
7368
#: serverguide/C/security.xml:1111(para)
7337
7369
msgid ""
7338
7370
"After editing a profile file the profile must be reloaded. See <xref "
7339
7371
"linkend=\"apparmor-usage\"/> for details."
7340
7372
msgstr ""
7341
7373
7342
#: serverguide/C/security.xml:1130(title)
7374
#: serverguide/C/security.xml:1116(title)
7343
7375
msgid "Creating a Profile"
7344
7376
msgstr ""
7345
7377
7346
#: serverguide/C/security.xml:1133(para)
7378
#: serverguide/C/security.xml:1119(para)
7347
7379
msgid ""
7348
7380
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7349
7381
"application should be exercised. The test plan should be divided into small "
7351
7383
"steps to follow."
7352
7384
msgstr ""
7353
7385
7354
#: serverguide/C/security.xml:1137(para)
7386
#: serverguide/C/security.xml:1123(para)
7355
7387
msgid "Some standard test cases are:"
7356
7388
msgstr ""
7357
7389
7358
#: serverguide/C/security.xml:1142(para)
7390
#: serverguide/C/security.xml:1128(para)
7359
7391
msgid "Starting the program."
7360
7392
msgstr ""
7361
7393
7362
#: serverguide/C/security.xml:1147(para)
7394
#: serverguide/C/security.xml:1133(para)
7363
7395
msgid "Stopping the program."
7364
7396
msgstr ""
7365
7397
7366
#: serverguide/C/security.xml:1152(para)
7398
#: serverguide/C/security.xml:1138(para)
7367
7399
msgid "Reloading the program."
7368
7400
msgstr ""
7369
7401
7370
#: serverguide/C/security.xml:1157(para)
7402
#: serverguide/C/security.xml:1143(para)
7371
7403
msgid "Testing all the commands supported by the init script."
7372
7404
msgstr ""
7373
7405
7374
#: serverguide/C/security.xml:1164(para)
7406
#: serverguide/C/security.xml:1150(para)
7375
7407
msgid ""
7376
7408
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7377
7409
"genprof</application> to generate a new profile. From a terminal:"
7378
7410
msgstr ""
7379
7411
7380
#: serverguide/C/security.xml:1169(command)
7412
#: serverguide/C/security.xml:1155(command)
7381
7413
msgid "sudo aa-genprof executable"
7382
7414
msgstr ""
7383
7415
7384
#: serverguide/C/security.xml:1171(para)
7416
#: serverguide/C/security.xml:1157(para)
7385
7417
msgid "For example:"
7386
7418
msgstr ""
7387
7419
7388
#: serverguide/C/security.xml:1175(command)
7420
#: serverguide/C/security.xml:1161(command)
7389
7421
msgid "sudo aa-genprof slapd"
7390
7422
msgstr ""
7391
7423
7392
#: serverguide/C/security.xml:1179(para)
7424
#: serverguide/C/security.xml:1165(para)
7393
7425
msgid ""
7394
7426
"To get your new profile included in the <application>apparmor-"
7395
7427
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7398
7430
"/ulink> package:"
7399
7431
msgstr ""
7400
7432
7401
#: serverguide/C/security.xml:1186(para)
7433
#: serverguide/C/security.xml:1172(para)
7402
7434
msgid "Include your test plan and test cases."
7403
7435
msgstr ""
7404
7436
7405
#: serverguide/C/security.xml:1191(para)
7437
#: serverguide/C/security.xml:1177(para)
7406
7438
msgid "Attach your new profile to the bug."
7407
7439
msgstr ""
7408
7440
7409
#: serverguide/C/security.xml:1200(title)
7441
#: serverguide/C/security.xml:1186(title)
7410
7442
msgid "Updating Profiles"
7411
7443
msgstr ""
7412
7444
7413
#: serverguide/C/security.xml:1201(para)
7445
#: serverguide/C/security.xml:1187(para)
7414
7446
msgid ""
7415
7447
"When the program is misbehaving, audit messages are sent to the log files. "
7416
7448
"The program <application>aa-logprof</application> can be used to scan log "
7418
7450
"and update the profiles. From a terminal:"
7419
7451
msgstr ""
7420
7452
7421
#: serverguide/C/security.xml:1206(command)
7453
#: serverguide/C/security.xml:1192(command)
7422
7454
msgid "sudo aa-logprof"
7423
7455
msgstr ""
7424
7456
7425
#: serverguide/C/security.xml:1214(para)
7457
#: serverguide/C/security.xml:1200(para)
7426
7458
msgid ""
7427
7459
"See the <ulink "
7428
7460
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7431
7463
"configuration options."
7432
7464
msgstr ""
7433
7465
7434
#: serverguide/C/security.xml:1221(para)
7466
#: serverguide/C/security.xml:1207(para)
7435
7467
msgid ""
7436
7468
"For details using AppArmor with other Ubuntu releases see the <ulink "
7437
7469
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7438
7470
"Wiki</ulink> page."
7439
7471
msgstr ""
7440
7472
7441
#: serverguide/C/security.xml:1229(para)
7473
#: serverguide/C/security.xml:1215(para)
7442
7474
msgid ""
7443
7475
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7444
7476
"AppArmor</ulink> page is another introduction to AppArmor."
7445
7477
msgstr ""
7446
7478
7447
#: serverguide/C/security.xml:1236(para)
7479
#: serverguide/C/security.xml:1222(para)
7448
7480
msgid ""
7449
7481
"A great place to ask for <application>AppArmor</application> assistance, and "
7450
7482
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7452
7484
"url=\"http://freenode.net\">freenode</ulink>."
7453
7485
msgstr ""
7454
7486
7455
#: serverguide/C/security.xml:1246(title)
7487
#: serverguide/C/security.xml:1232(title)
7456
7488
msgid "Certificates"
7457
7489
msgstr ""
7458
7490
7459
#: serverguide/C/security.xml:1247(para)
7491
#: serverguide/C/security.xml:1233(para)
7460
7492
msgid ""
7461
7493
"One of the most common forms of cryptography today is <emphasis>public-"
7462
7494
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7466
7498
"the private key."
7467
7499
msgstr ""
7468
7500
7469
#: serverguide/C/security.xml:1253(para)
7501
#: serverguide/C/security.xml:1239(para)
7470
7502
msgid ""
7471
7503
"A common use for public-key cryptography is encrypting application traffic "
7472
7504
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7475
7507
"encrypt traffic using a protocol that does not itself provide encryption."
7476
7508
msgstr ""
7477
7509
7478
#: serverguide/C/security.xml:1258(para)
7510
#: serverguide/C/security.xml:1244(para)
7479
7511
msgid ""
7480
7512
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7481
7513
"<emphasis>public key</emphasis> and other information about a server and the "
7485
7517
"certificate is accurate."
7486
7518
msgstr ""
7487
7519
7488
#: serverguide/C/security.xml:1265(title)
7520
#: serverguide/C/security.xml:1251(title)
7489
7521
msgid "Types of Certificates"
7490
7522
msgstr ""
7491
7523
7492
#: serverguide/C/security.xml:1266(para)
7524
#: serverguide/C/security.xml:1252(para)
7493
7525
msgid ""
7494
7526
"To set up a secure server using public-key cryptography, in most cases, you "
7495
7527
"send your certificate request (including your public key), proof of your "
7499
7531
"signed</emphasis> certificate."
7500
7532
msgstr ""
7501
7533
7502
#: serverguide/C/security.xml:1276(para)
7534
#: serverguide/C/security.xml:1262(para)
7503
7535
msgid ""
7504
7536
"Note, that self-signed certificates should not be used in most production "
7505
7537
"environments."
7506
7538
msgstr ""
7507
7539
7508
#: serverguide/C/security.xml:1280(para)
7540
#: serverguide/C/security.xml:1266(para)
7509
7541
msgid ""
7510
7542
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7511
7543
"capabilities that a self-signed certificate does not:"
7512
7544
msgstr ""
7513
7545
7514
#: serverguide/C/security.xml:1287(para)
7546
#: serverguide/C/security.xml:1273(para)
7515
7547
msgid ""
7516
7548
"Browsers (usually) automatically recognize the certificate and allow a "
7517
7549
"secure connection to be made without prompting the user."
7518
7550
msgstr ""
7519
7551
7520
#: serverguide/C/security.xml:1294(para)
7552
#: serverguide/C/security.xml:1280(para)
7521
7553
msgid ""
7522
7554
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7523
7555
"the organization that is providing the web pages to the browser."
7524
7556
msgstr ""
7525
7557
7526
#: serverguide/C/security.xml:1302(para)
7558
#: serverguide/C/security.xml:1308(para)
7527
7559
msgid ""
7528
7560
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
7529
7561
"certificates they automatically accept. If a browser encounters a "
7532
7564
"may generate an error message when using a self-signed certificate."
7533
7565
msgstr ""
7534
7566
7535
#: serverguide/C/security.xml:1310(para)
7567
#: serverguide/C/security.xml:1296(para)
7536
7568
msgid ""
7537
7569
"The process of getting a certificate from a CA is fairly easy. A quick "
7538
7570
"overview is as follows:"
7539
7571
msgstr ""
7540
7572
7541
#: serverguide/C/security.xml:1317(para)
7573
#: serverguide/C/security.xml:1303(para)
7542
7574
msgid "Create a private and public encryption key pair."
7543
7575
msgstr ""
7544
7576
7545
#: serverguide/C/security.xml:1320(para)
7577
#: serverguide/C/security.xml:1306(para)
7546
7578
msgid ""
7547
7579
"Create a certificate request based on the public key. The certificate "
7548
7580
"request contains information about your server and the company hosting it."
7549
7581
msgstr ""
7550
7582
7551
#: serverguide/C/security.xml:1325(para)
7583
#: serverguide/C/security.xml:1311(para)
7552
7584
msgid ""
7553
7585
"Send the certificate request, along with documents proving your identity, to "
7554
7586
"a CA. We cannot tell you which certificate authority to choose. Your "
7556
7588
"your friends or colleagues, or purely on monetary factors."
7557
7589
msgstr ""
7558
7590
7559
#: serverguide/C/security.xml:1331(para)
7591
#: serverguide/C/security.xml:1317(para)
7560
7592
msgid ""
7561
7593
"Once you have decided upon a CA, you need to follow the instructions they "
7562
7594
"provide on how to obtain a certificate from them."
7563
7595
msgstr ""
7564
7596
7565
#: serverguide/C/security.xml:1336(para)
7597
#: serverguide/C/security.xml:1322(para)
7566
7598
msgid ""
7567
7599
"When the CA is satisfied that you are indeed who you claim to be, they send "
7568
7600
"you a digital certificate."
7569
7601
msgstr ""
7570
7602
7571
#: serverguide/C/security.xml:1340(para)
7603
#: serverguide/C/security.xml:1326(para)
7572
7604
msgid ""
7573
7605
"Install this certificate on your secure server, and configure the "
7574
7606
"appropriate applications to use the certificate."
7575
7607
msgstr ""
7576
7608
7577
#: serverguide/C/security.xml:1349(title)
7609
#: serverguide/C/security.xml:1335(title)
7578
7610
msgid "Generating a Certificate Signing Request (CSR)"
7579
7611
msgstr ""
7580
7612
7581
#: serverguide/C/security.xml:1351(para)
7613
#: serverguide/C/security.xml:1337(para)
7582
7614
msgid ""
7583
7615
"Whether you are getting a certificate from a CA or generating your own self-"
7584
7616
"signed certificate, the first step is to generate a key."
7585
7617
msgstr ""
7586
7618
7587
#: serverguide/C/security.xml:1356(para)
7619
#: serverguide/C/security.xml:1342(para)
7588
7620
msgid ""
7589
7621
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7590
7622
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7592
7624
"the preferred way to start a daemon."
7593
7625
msgstr ""
7594
7626
7595
#: serverguide/C/security.xml:1362(para)
7627
#: serverguide/C/security.xml:1348(para)
7596
7628
msgid ""
7597
7629
"This section will cover generating a key with a passphrase, and one without. "
7598
7630
"The non-passphrase key will then be used to generate a certificate that can "
7599
7631
"be used with various service daemons."
7600
7632
msgstr ""
7601
7633
7602
#: serverguide/C/security.xml:1368(para)
7634
#: serverguide/C/security.xml:1354(para)
7603
7635
msgid ""
7604
7636
"Running your secure service without a passphrase is convenient because you "
7605
7637
"will not need to enter the passphrase every time you start your secure "
7607
7639
"of the server as well."
7608
7640
msgstr ""
7609
7641
7610
#: serverguide/C/security.xml:1375(para)
7642
#: serverguide/C/security.xml:1361(para)
7611
7643
msgid ""
7612
7644
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7613
7645
"Request (CSR) run the following command from a terminal prompt:"
7614
7646
msgstr ""
7615
7647
7616
#: serverguide/C/security.xml:1381(command)
7648
#: serverguide/C/security.xml:1367(command)
7617
7649
msgid "openssl genrsa -des3 -out server.key 2048"
7618
7650
msgstr ""
7619
7651
7620
#: serverguide/C/security.xml:1384(programlisting)
7652
#: serverguide/C/security.xml:1370(programlisting)
7621
7653
#, no-wrap
7622
7654
msgid ""
7623
7655
"\n"
7628
7660
"Enter pass phrase for server.key:\n"
7629
7661
msgstr ""
7630
7662
7631
#: serverguide/C/security.xml:1392(para)
7663
#: serverguide/C/security.xml:1378(para)
7632
7664
msgid ""
7633
7665
"You can now enter your passphrase. For best security, it should at least "
7634
7666
"contain eight characters. The minimum length when specifying -des3 is four "
7636
7668
"in a dictionary. Also remember that your passphrase is case-sensitive."
7637
7669
msgstr ""
7638
7670
7639
#: serverguide/C/security.xml:1400(para)
7671
#: serverguide/C/security.xml:1386(para)
7640
7672
msgid ""
7641
7673
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7642
7674
"server key is generated and stored in the <filename>server.key</filename> "
7643
7675
"file."
7644
7676
msgstr ""
7645
7677
7646
#: serverguide/C/security.xml:1406(para)
7678
#: serverguide/C/security.xml:1392(para)
7647
7679
msgid ""
7648
7680
"Now create the insecure key, the one without a passphrase, and shuffle the "
7649
7681
"key names:"
7650
7682
msgstr ""
7651
7683
7652
#: serverguide/C/security.xml:1412(command)
7684
#: serverguide/C/security.xml:1398(command)
7653
7685
msgid "openssl rsa -in server.key -out server.key.insecure"
7654
7686
msgstr ""
7655
7687
7656
#: serverguide/C/security.xml:1413(command)
7688
#: serverguide/C/security.xml:1399(command)
7657
7689
msgid "mv server.key server.key.secure"
7658
7690
msgstr ""
7659
7691
7660
#: serverguide/C/security.xml:1414(command)
7692
#: serverguide/C/security.xml:1400(command)
7661
7693
msgid "mv server.key.insecure server.key"
7662
7694
msgstr ""
7663
7695
7664
#: serverguide/C/security.xml:1417(para)
7696
#: serverguide/C/security.xml:1403(para)
7665
7697
msgid ""
7666
7698
"The insecure key is now named <filename>server.key</filename>, and you can "
7667
7699
"use this file to generate the CSR without passphrase."
7668
7700
msgstr ""
7669
7701
7670
#: serverguide/C/security.xml:1422(para)
7702
#: serverguide/C/security.xml:1408(para)
7671
7703
msgid "To create the CSR, run the following command at a terminal prompt:"
7672
7704
msgstr ""
7673
7705
7674
#: serverguide/C/security.xml:1427(command)
7706
#: serverguide/C/security.xml:1413(command)
7675
7707
msgid "openssl req -new -key server.key -out server.csr"
7676
7708
msgstr ""
7677
7709
7678
#: serverguide/C/security.xml:1430(para)
7710
#: serverguide/C/security.xml:1416(para)
7679
7711
msgid ""
7680
7712
"It will prompt you enter the passphrase. If you enter the correct "
7681
7713
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7683
7715
"be stored in the <filename>server.csr</filename> file."
7684
7716
msgstr ""
7685
7717
7686
#: serverguide/C/security.xml:1438(para)
7718
#: serverguide/C/security.xml:1424(para)
7687
7719
msgid ""
7688
7720
"You can now submit this CSR file to a CA for processing. The CA will use "
7689
7721
"this CSR file and issue the certificate. On the other hand, you can create "
7690
7722
"self-signed certificate using this CSR."
7691
7723
msgstr ""
7692
7724
7693
#: serverguide/C/security.xml:1446(title)
7725
#: serverguide/C/security.xml:1432(title)
7694
7726
msgid "Creating a Self-Signed Certificate"
7695
7727
msgstr ""
7696
7728
7697
#: serverguide/C/security.xml:1447(para)
7729
#: serverguide/C/security.xml:1433(para)
7698
7730
msgid ""
7699
7731
"To create the self-signed certificate, run the following command at a "
7700
7732
"terminal prompt:"
7701
7733
msgstr ""
7702
7734
7703
#: serverguide/C/security.xml:1452(command)
7735
#: serverguide/C/security.xml:1438(command)
7704
7736
msgid ""
7705
7737
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7706
7738
"server.crt"
7707
7739
msgstr ""
7708
7740
7709
#: serverguide/C/security.xml:1455(para)
7741
#: serverguide/C/security.xml:1441(para)
7710
7742
msgid ""
7711
7743
"The above command will prompt you to enter the passphrase. Once you enter "
7712
7744
"the correct passphrase, your certificate will be created and it will be "
7713
7745
"stored in the <filename>server.crt</filename> file."
7714
7746
msgstr ""
7715
7747
7716
#: serverguide/C/security.xml:1460(para)
7748
#: serverguide/C/security.xml:1446(para)
7717
7749
msgid ""
7718
7750
"If your secure server is to be used in a production environment, you "
7719
7751
"probably need a CA-signed certificate. It is not recommended to use self-"
7720
7752
"signed certificate."
7721
7753
msgstr ""
7722
7754
7723
#: serverguide/C/security.xml:1468(title)
7755
#: serverguide/C/security.xml:1454(title)
7724
7756
msgid "Installing the Certificate"
7725
7757
msgstr ""
7726
7758
7727
#: serverguide/C/security.xml:1470(para)
7759
#: serverguide/C/security.xml:1456(para)
7728
7760
msgid ""
7729
7761
"You can install the key file <filename>server.key</filename> and certificate "
7730
7762
"file <filename>server.crt</filename>, or the certificate file issued by your "
7731
7763
"CA, by running following commands at a terminal prompt:"
7732
7764
msgstr ""
7733
7765
7734
#: serverguide/C/security.xml:1476(command)
7766
#: serverguide/C/security.xml:1462(command)
7735
7767
msgid "sudo cp server.crt /etc/ssl/certs"
7736
7768
msgstr ""
7737
7769
7738
#: serverguide/C/security.xml:1477(command)
7770
#: serverguide/C/security.xml:1463(command)
7739
7771
msgid "sudo cp server.key /etc/ssl/private"
7740
7772
msgstr ""
7741
7773
7742
#: serverguide/C/security.xml:1479(para)
7774
#: serverguide/C/security.xml:1465(para)
7743
7775
msgid ""
7744
7776
"Now simply configure any applications, with the ability to use public-key "
7745
7777
"cryptography, to use the <emphasis>certificate</emphasis> and "
7748
7780
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7749
7781
msgstr ""
7750
7782
7751
#: serverguide/C/security.xml:1486(title)
7783
#: serverguide/C/security.xml:1472(title)
7752
7784
msgid "Certification Authority"
7753
7785
msgstr ""
7754
7786
7755
#: serverguide/C/security.xml:1488(para)
7787
#: serverguide/C/security.xml:1474(para)
7756
7788
msgid ""
7757
7789
"If the services on your network require more than a few self-signed "
7758
7790
"certificates it may be worth the additional effort to setup your own "
7762
7794
"the same CA."
7763
7795
msgstr ""
7764
7796
7765
#: serverguide/C/security.xml:1498(para)
7797
#: serverguide/C/security.xml:1484(para)
7766
7798
msgid ""
7767
7799
"First, create the directories to hold the CA certificate and related files:"
7768
7800
msgstr ""
7769
7801
7770
#: serverguide/C/security.xml:1503(command)
7802
#: serverguide/C/security.xml:1489(command)
7771
7803
msgid "sudo mkdir /etc/ssl/CA"
7772
7804
msgstr ""
7773
7805
7774
#: serverguide/C/security.xml:1504(command)
7806
#: serverguide/C/security.xml:1490(command)
7775
7807
msgid "sudo mkdir /etc/ssl/newcerts"
7776
7808
msgstr ""
7777
7809
7778
#: serverguide/C/security.xml:1510(para)
7810
#: serverguide/C/security.xml:1496(para)
7779
7811
msgid ""
7780
7812
"The CA needs a few additional files to operate, one to keep track of the "
7781
7813
"last serial number used by the CA, each certificate must have a unique "
7783
7815
"issued:"
7784
7816
msgstr ""
7785
7817
7786
#: serverguide/C/security.xml:1517(command)
7818
#: serverguide/C/security.xml:1503(command)
7787
7819
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7788
7820
msgstr ""
7789
7821
7790
#: serverguide/C/security.xml:1518(command)
7822
#: serverguide/C/security.xml:1504(command)
7791
7823
msgid "sudo touch /etc/ssl/CA/index.txt"
7792
7824
msgstr ""
7793
7825
7794
#: serverguide/C/security.xml:1524(para)
7826
#: serverguide/C/security.xml:1510(para)
7795
7827
msgid ""
7796
7828
"The third file is a CA configuration file. Though not strictly necessary, it "
7797
7829
"is very convenient when issuing multiple certificates. Edit "
7799
7831
"]</emphasis> change:"
7800
7832
msgstr ""
7801
7833
7802
#: serverguide/C/security.xml:1530(programlisting)
7834
#: serverguide/C/security.xml:1516(programlisting)
7803
7835
#, no-wrap
7804
7836
msgid ""
7805
7837
"\n"
7810
7842
"private_key = $dir/private/cakey.pem# The private key\n"
7811
7843
msgstr ""
7812
7844
7813
#: serverguide/C/security.xml:1541(para)
7845
#: serverguide/C/security.xml:1547(para)
7814
7846
msgid "Next, create the self-signed root certificate:"
7815
7847
msgstr ""
7816
7848
7817
#: serverguide/C/security.xml:1546(command)
7849
#: serverguide/C/security.xml:1532(command)
7818
7850
msgid ""
7819
7851
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7820
7852
"days 3650"
7821
7853
msgstr ""
7822
7854
7823
#: serverguide/C/security.xml:1549(para)
7855
#: serverguide/C/security.xml:1535(para)
7824
7856
msgid "You will then be asked to enter the details about the certificate."
7825
7857
msgstr ""
7826
7858
7827
#: serverguide/C/security.xml:1556(para)
7859
#: serverguide/C/security.xml:1542(para)
7828
7860
msgid "Now install the root certificate and key:"
7829
7861
msgstr ""
7830
7862
7831
#: serverguide/C/security.xml:1561(command)
7863
#: serverguide/C/security.xml:1547(command)
7832
7864
msgid "sudo mv cakey.pem /etc/ssl/private/"
7833
7865
msgstr ""
7834
7866
7835
#: serverguide/C/security.xml:1562(command)
7867
#: serverguide/C/security.xml:1548(command)
7836
7868
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7837
7869
msgstr ""
7838
7870
7839
#: serverguide/C/security.xml:1568(para)
7871
#: serverguide/C/security.xml:1554(para)
7840
7872
msgid ""
7841
7873
"You are now ready to start signing certificates. The first item needed is a "
7842
7874
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7844
7876
"certificate signed by the CA:"
7845
7877
msgstr ""
7846
7878
7847
#: serverguide/C/security.xml:1575(command)
7879
#: serverguide/C/security.xml:1561(command)
7848
7880
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7849
7881
msgstr ""
7850
7882
7851
#: serverguide/C/security.xml:1578(para)
7883
#: serverguide/C/security.xml:1564(para)
7852
7884
msgid ""
7853
7885
"After entering the password for the CA key, you will be prompted to sign the "
7854
7886
"certificate, and again to commit the new certificate. You should then see a "
7855
7887
"somewhat large amount of output related to the certificate creation."
7856
7888
msgstr ""
7857
7889
7858
#: serverguide/C/security.xml:1587(para)
7890
#: serverguide/C/security.xml:1573(para)
7859
7891
msgid ""
7860
7892
"There should now be a new file, "
7861
7893
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7866
7898
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7867
7899
msgstr ""
7868
7900
7869
#: serverguide/C/security.xml:1595(para)
7901
#: serverguide/C/security.xml:1581(para)
7870
7902
msgid ""
7871
7903
"Subsequent certificates will be named <filename>02.pem</filename>, "
7872
7904
"<filename>03.pem</filename>, etc."
7873
7905
msgstr ""
7874
7906
7875
#: serverguide/C/security.xml:1600(para)
7907
#: serverguide/C/security.xml:1586(para)
7876
7908
msgid ""
7877
7909
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7878
7910
"name."
7879
7911
msgstr ""
7880
7912
7881
#: serverguide/C/security.xml:1608(para)
7913
#: serverguide/C/security.xml:1594(para)
7882
7914
msgid ""
7883
7915
"Finally, copy the new certificate to the host that needs it, and configure "
7884
7916
"the appropriate applications to use it. The default location to install "
7887
7919
"complicated file permissions."
7888
7920
msgstr ""
7889
7921
7890
#: serverguide/C/security.xml:1614(para)
7922
#: serverguide/C/security.xml:1600(para)
7891
7923
msgid ""
7892
7924
"For applications that can be configured to use a CA certificate, you should "
7893
7925
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7895
7927
"server."
7896
7928
msgstr ""
7897
7929
7898
#: serverguide/C/security.xml:1628(para)
7930
#: serverguide/C/security.xml:1614(para)
7899
7931
msgid ""
7900
7932
"For more detailed instructions on using cryptography see the <ulink "
7901
7933
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7902
"Certificates HOWTO</ulink> by tlpd.org"
7934
"Certificates HOWTO</ulink> by tldp.org"
7903
7935
msgstr ""
7904
7936
7905
#: serverguide/C/security.xml:1634(para)
7937
#: serverguide/C/security.xml:1620(para)
7906
7938
msgid ""
7907
7939
"The Wikipedia <ulink "
7908
7940
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7909
7941
"information regarding HTTPS."
7910
7942
msgstr ""
7911
7943
7912
#: serverguide/C/security.xml:1639(para)
7944
#: serverguide/C/security.xml:1625(para)
7913
7945
msgid ""
7914
7946
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7915
7947
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7916
7948
msgstr ""
7917
7949
7918
#: serverguide/C/security.xml:1644(para)
7950
#: serverguide/C/security.xml:1630(para)
7919
7951
msgid ""
7920
7952
"Also, O'Reilly's <ulink "
7921
7953
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7922
7954
"OpenSSL</ulink> is a good in depth reference."
7923
7955
msgstr ""
7924
7956
7925
#: serverguide/C/security.xml:1653(title)
7957
#: serverguide/C/security.xml:1639(title)
7926
7958
msgid "eCryptfs"
7927
7959
msgstr ""
7928
7960
7929
#: serverguide/C/security.xml:1655(para)
7961
#: serverguide/C/security.xml:1661(para)
7930
7962
msgid ""
7931
7963
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
7932
7964
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
7934
7966
"filesystem, partition type, etc."
7935
7967
msgstr ""
7936
7968
7937
#: serverguide/C/security.xml:1661(para)
7969
#: serverguide/C/security.xml:1647(para)
7938
7970
msgid ""
7939
7971
"During installation there is an option to encrypt the <filename "
7940
7972
"role=\"directory\">/home</filename> partition. This will automatically "
7941
7973
"configure everything needed to encrypt and mount the partition."
7942
7974
msgstr ""
7943
7975
7944
#: serverguide/C/security.xml:1666(para)
7976
#: serverguide/C/security.xml:1652(para)
7945
7977
msgid ""
7946
7978
"As an example, this section will cover configuring <filename "
7947
7979
"role=\"directory\">/srv</filename> to be encrypted using "
7948
7980
"<emphasis>eCryptfs</emphasis>."
7949
7981
msgstr ""
7950
7982
7951
#: serverguide/C/security.xml:1671(title)
7983
#: serverguide/C/security.xml:1657(title)
7952
7984
msgid "Using eCryptfs"
7953
7985
msgstr ""
7954
7986
7955
#: serverguide/C/security.xml:1673(para)
7987
#: serverguide/C/security.xml:1659(para)
7956
7988
msgid "First, install the necessary packages. From a terminal prompt enter:"
7957
7989
msgstr ""
7958
7990
7959
#: serverguide/C/security.xml:1678(command)
7991
#: serverguide/C/security.xml:1664(command)
7960
7992
msgid "sudo apt-get install ecryptfs-utils"
7961
7993
msgstr ""
7962
7994
7963
#: serverguide/C/security.xml:1681(para)
7995
#: serverguide/C/security.xml:1667(para)
7964
7996
msgid "Now mount the partition to be encrypted:"
7965
7997
msgstr ""
7966
7998
7967
#: serverguide/C/security.xml:1686(command)
7999
#: serverguide/C/security.xml:1672(command)
7968
8000
msgid "sudo mount -t ecryptfs /srv /srv"
7969
8001
msgstr ""
7970
8002
7971
#: serverguide/C/security.xml:1689(para)
8003
#: serverguide/C/security.xml:1675(para)
7972
8004
msgid ""
7973
8005
"You will then be prompted for some details on how "
7974
8006
"<application>ecryptfs</application> should encrypt the data."
7975
8007
msgstr ""
7976
8008
7977
#: serverguide/C/security.xml:1693(para)
8009
#: serverguide/C/security.xml:1679(para)
7978
8010
msgid ""
7979
8011
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
7980
8012
"copy the <filename>/etc/default</filename> folder to "
7981
8013
"<filename>/srv</filename>:"
7982
8014
msgstr ""
7983
8015
7984
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8016
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
7985
8017
msgid "sudo cp -r /etc/default /srv"
7986
8018
msgstr ""
7987
8019
7988
#: serverguide/C/security.xml:1702(para)
8020
#: serverguide/C/security.xml:1688(para)
7989
8021
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
7990
8022
msgstr ""
7991
8023
7992
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8024
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
7993
8025
msgid "sudo umount /srv"
7994
8026
msgstr ""
7995
8027
7996
#: serverguide/C/security.xml:1708(command)
8028
#: serverguide/C/security.xml:1694(command)
7997
8029
msgid "cat /srv/default/cron"
7998
8030
msgstr ""
7999
8031
8000
#: serverguide/C/security.xml:1711(para)
8032
#: serverguide/C/security.xml:1697(para)
8001
8033
msgid ""
8002
8034
"Remounting <filename>/srv</filename> using "
8003
8035
"<application>ecryptfs</application> will make the data viewable once again."
8004
8036
msgstr ""
8005
8037
8006
#: serverguide/C/security.xml:1717(title)
8038
#: serverguide/C/security.xml:1703(title)
8007
8039
msgid "Automatically Mounting Encrypted Partitions"
8008
8040
msgstr ""
8009
8041
8010
#: serverguide/C/security.xml:1719(para)
8042
#: serverguide/C/security.xml:1705(para)
8011
8043
msgid ""
8012
8044
"There are a couple of ways to automatically mount an "
8013
8045
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8015
8047
"mount options, along with a passphrase file residing on a USB key."
8016
8048
msgstr ""
8017
8049
8018
#: serverguide/C/security.xml:1725(para)
8050
#: serverguide/C/security.xml:1711(para)
8019
8051
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8020
8052
msgstr ""
8021
8053
8022
#: serverguide/C/security.xml:1729(programlisting)
8054
#: serverguide/C/security.xml:1715(programlisting)
8023
8055
#, no-wrap
8024
8056
msgid ""
8025
8057
"\n"
8031
8063
"ecryptfs_enable_filename_crypto=n\n"
8032
8064
msgstr ""
8033
8065
8034
#: serverguide/C/security.xml:1739(para)
8066
#: serverguide/C/security.xml:1725(para)
8035
8067
msgid ""
8036
8068
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8037
8069
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8038
8070
msgstr ""
8039
8071
8040
#: serverguide/C/security.xml:1744(para)
8072
#: serverguide/C/security.xml:1730(para)
8041
8073
msgid ""
8042
8074
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8043
8075
"file:"
8044
8076
msgstr ""
8045
8077
8046
#: serverguide/C/security.xml:1748(programlisting)
8078
#: serverguide/C/security.xml:1734(programlisting)
8047
8079
#, no-wrap
8048
8080
msgid ""
8049
8081
"\n"
8050
8082
"passphrase_passwd=[secrets]\n"
8051
8083
msgstr ""
8052
8084
8053
#: serverguide/C/security.xml:1752(para)
8085
#: serverguide/C/security.xml:1738(para)
8054
8086
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8055
8087
msgstr ""
8056
8088
8057
#: serverguide/C/security.xml:1756(programlisting)
8089
#: serverguide/C/security.xml:1742(programlisting)
8058
8090
#, no-wrap
8059
8091
msgid ""
8060
8092
"\n"
8062
8094
"/srv /srv ecryptfs defaults 0 0\n"
8063
8095
msgstr ""
8064
8096
8065
#: serverguide/C/security.xml:1761(para)
8097
#: serverguide/C/security.xml:1747(para)
8066
8098
msgid "Make sure the USB drive is mounted before the encrypted partition."
8067
8099
msgstr ""
8068
8100
8069
#: serverguide/C/security.xml:1765(para)
8101
#: serverguide/C/security.xml:1751(para)
8070
8102
msgid ""
8071
8103
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8072
8104
"<emphasis>eCryptfs</emphasis>."
8073
8105
msgstr ""
8074
8106
8075
#: serverguide/C/security.xml:1771(title)
8107
#: serverguide/C/security.xml:1757(title)
8076
8108
msgid "Other Utilities"
8077
8109
msgstr ""
8078
8110
8079
#: serverguide/C/security.xml:1773(para)
8111
#: serverguide/C/security.xml:1759(para)
8080
8112
msgid ""
8081
8113
"The <application>ecryptfs-utils</application> package includes several other "
8082
8114
"useful utilities:"
8083
8115
msgstr ""
8084
8116
8085
#: serverguide/C/security.xml:1779(para)
8117
#: serverguide/C/security.xml:1765(para)
8086
8118
msgid ""
8087
8119
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8088
8120
"<filename>~/Private</filename> directory to contain encrypted information. "
8090
8122
"other users on the system."
8091
8123
msgstr ""
8092
8124
8093
#: serverguide/C/security.xml:1786(para)
8125
#: serverguide/C/security.xml:1772(para)
8094
8126
msgid ""
8095
8127
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8096
8128
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8097
8129
"directory."
8098
8130
msgstr ""
8099
8131
8100
#: serverguide/C/security.xml:1792(para)
8132
#: serverguide/C/security.xml:1778(para)
8101
8133
msgid ""
8102
8134
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8103
8135
"kernel keyring."
8104
8136
msgstr ""
8105
8137
8106
#: serverguide/C/security.xml:1797(para)
8138
#: serverguide/C/security.xml:1783(para)
8107
8139
msgid ""
8108
8140
"<emphasis>ecryptfs-manager:</emphasis> manages "
8109
8141
"<application>eCryptfs</application> objects such as keys."
8110
8142
msgstr ""
8111
8143
8112
#: serverguide/C/security.xml:1802(para)
8144
#: serverguide/C/security.xml:1788(para)
8113
8145
msgid ""
8114
8146
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8115
8147
"<application>ecryptfs</application> meta information for a file."
8116
8148
msgstr ""
8117
8149
8118
#: serverguide/C/security.xml:1815(para)
8150
#: serverguide/C/security.xml:1801(para)
8119
8151
msgid ""
8120
8152
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8121
8153
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8122
8154
msgstr ""
8123
8155
8124
#: serverguide/C/security.xml:1820(para)
8156
#: serverguide/C/security.xml:1806(para)
8125
8157
msgid ""
8126
8158
"There is also a <ulink "
8127
8159
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8128
8160
"article covering <emphasis>eCryptfs</emphasis>."
8129
8161
msgstr ""
8130
8162
8131
#: serverguide/C/security.xml:1825(para)
8163
#: serverguide/C/security.xml:1831(para)
8132
8164
msgid ""
8133
"Also, for more <application>ecryptfs</application> options see the <ulink "
8165
"Also, for more <application>ecryptfs</application> options and details see "
8166
"the <ulink "
8134
8167
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man7/ecryptfs.7.html\">ec"
8135
8168
"ryptfs man page</ulink>."
8136
8169
msgstr ""
8137
8170
8138
#: serverguide/C/security.xml:1831(para)
8139
msgid ""
8140
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
8141
"Ubuntu Wiki</ulink> page also has more details."
8142
msgstr ""
8143
8144
8171
#: serverguide/C/samba.xml:11(title)
8145
8172
msgid "Samba"
8146
8173
msgstr ""
8147
8174
8148
#: serverguide/C/samba.xml:13(para)
8175
#: serverguide/C/windows-networking.xml:13(para)
8149
8176
msgid ""
8150
8177
"Computer networks are often comprised of diverse systems, and while "
8151
8178
"operating a network made up entirely of Ubuntu desktop and server computers "
8157
8184
"network resources with Windows computers."
8158
8185
msgstr ""
8159
8186
8160
#: serverguide/C/samba.xml:25(para)
8187
#: serverguide/C/windows-networking.xml:25(para)
8161
8188
msgid ""
8162
8189
"Successfully networking your Ubuntu system with Windows clients involves "
8163
8190
"providing and integrating with services common to Windows environments. Such "
8166
8193
"categories of functionality:"
8167
8194
msgstr ""
8168
8195
8169
#: serverguide/C/samba.xml:33(para)
8196
#: serverguide/C/windows-networking.xml:33(para)
8170
8197
msgid ""
8171
8198
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8172
8199
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8173
8200
"folders, volumes, and the sharing of printers throughout the network."
8174
8201
msgstr ""
8175
8202
8176
#: serverguide/C/samba.xml:39(para)
8203
#: serverguide/C/windows-networking.xml:39(para)
8177
8204
msgid ""
8178
8205
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8179
8206
"information about the computers and users of the network with such "
8181
8208
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
8182
8209
msgstr ""
8183
8210
8184
#: serverguide/C/samba.xml:46(para)
8211
#: serverguide/C/windows-networking.xml:46(para)
8185
8212
msgid ""
8186
8213
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8187
8214
"the identity of a computer or user of the network and determining the "
8190
8217
"Kerberos authentication service."
8191
8218
msgstr ""
8192
8219
8193
#: serverguide/C/samba.xml:54(para)
8220
#: serverguide/C/windows-networking.xml:54(para)
8194
8221
msgid ""
8195
8222
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8196
8223
"clients and share network resources among them. One of the principal pieces "
8198
8225
"suite of SMB server applications and tools."
8199
8226
msgstr ""
8200
8227
8201
#: serverguide/C/samba.xml:60(para)
8228
#: serverguide/C/windows-networking.xml:60(para)
8202
8229
msgid ""
8203
8230
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8204
8231
"of the common Samba use cases, and how to install and configure the "
8211
8238
msgid "File Server"
8212
8239
msgstr ""
8213
8240
8214
#: serverguide/C/samba.xml:70(para)
8241
#: serverguide/C/windows-networking.xml:70(para)
8215
8242
msgid ""
8216
8243
"One of the most common ways to network Ubuntu and Windows computers is to "
8217
8244
"configure Samba as a File Server. This section covers setting up a "
8218
8245
"<application>Samba</application> server to share files with Windows clients."
8219
8246
msgstr ""
8220
8247
8221
#: serverguide/C/samba.xml:75(para)
8248
#: serverguide/C/windows-networking.xml:75(para)
8222
8249
msgid ""
8223
8250
"The server will be configured to share files with any client on the network "
8224
8251
"without prompting for a password. If your environment requires stricter "
8225
8252
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
8226
8253
msgstr ""
8227
8254
8228
#: serverguide/C/samba.xml:83(para)
8255
#: serverguide/C/windows-networking.xml:83(para)
8229
8256
msgid ""
8230
8257
"The first step is to install the <application>samba</application> package. "
8231
8258
"From a terminal prompt enter:"
8232
8259
msgstr ""
8233
8260
8234
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8261
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8235
8262
msgid "sudo apt-get install samba"
8236
8263
msgstr ""
8237
8264
8238
#: serverguide/C/samba.xml:91(para)
8265
#: serverguide/C/windows-networking.xml:91(para)
8239
8266
msgid ""
8240
8267
"That's all there is to it; you are now ready to configure Samba to share "
8241
8268
"files."
8242
8269
msgstr ""
8243
8270
8244
#: serverguide/C/samba.xml:99(para)
8271
#: serverguide/C/windows-networking.xml:99(para)
8245
8272
msgid ""
8246
8273
"The main Samba configuration file is located in "
8247
8274
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8249
8276
"directives."
8250
8277
msgstr ""
8251
8278
8252
#: serverguide/C/samba.xml:104(para)
8279
#: serverguide/C/windows-networking.xml:104(para)
8253
8280
msgid ""
8254
8281
"Not all the available options are included in the default configuration "
8255
8282
"file. See the <filename>smb.conf</filename><application>man</application> "
8257
8284
"Collection/\">Samba HOWTO Collection</ulink> for more details."
8258
8285
msgstr ""
8259
8286
8260
#: serverguide/C/samba.xml:113(para)
8287
#: serverguide/C/windows-networking.xml:113(para)
8261
8288
msgid ""
8262
8289
"First, edit the following key/value pairs in the "
8263
8290
"<emphasis>[global]</emphasis> section of "
8264
8291
"<filename>/etc/samba/smb.conf</filename>:"
8265
8292
msgstr ""
8266
8293
8267
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8294
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8268
8295
#, no-wrap
8269
8296
msgid ""
8270
8297
"\n"
8273
8300
" security = user\n"
8274
8301
msgstr ""
8275
8302
8276
#: serverguide/C/samba.xml:124(para)
8303
#: serverguide/C/windows-networking.xml:124(para)
8277
8304
msgid ""
8278
8305
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8279
8306
"section, and is commented by default. Also, change "
8280
8307
"<emphasis>EXAMPLE</emphasis> to better match your environment."
8281
8308
msgstr ""
8282
8309
8283
#: serverguide/C/samba.xml:132(para)
8310
#: serverguide/C/windows-networking.xml:132(para)
8284
8311
msgid ""
8285
8312
"Create a new section at the bottom of the file, or uncomment one of the "
8286
8313
"examples, for the directory to be shared:"
8287
8314
msgstr ""
8288
8315
8289
#: serverguide/C/samba.xml:136(programlisting)
8316
#: serverguide/C/windows-networking.xml:136(programlisting)
8290
8317
#, no-wrap
8291
8318
msgid ""
8292
8319
"\n"
8299
8326
" create mask = 0755\n"
8300
8327
msgstr ""
8301
8328
8302
#: serverguide/C/samba.xml:148(para)
8329
#: serverguide/C/windows-networking.xml:148(para)
8303
8330
msgid ""
8304
8331
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8305
8332
"fit your needs."
8306
8333
msgstr ""
8307
8334
8308
#: serverguide/C/samba.xml:153(para)
8335
#: serverguide/C/windows-networking.xml:153(para)
8309
8336
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8310
8337
msgstr ""
8311
8338
8312
#: serverguide/C/samba.xml:156(para)
8339
#: serverguide/C/windows-networking.xml:156(para)
8313
8340
msgid ""
8314
8341
"This example uses <filename>/srv/samba/sharename</filename> because, "
8315
8342
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8320
8347
"adhering to standards is recommended."
8321
8348
msgstr ""
8322
8349
8323
#: serverguide/C/samba.xml:165(para)
8350
#: serverguide/C/windows-networking.xml:165(para)
8324
8351
msgid ""
8325
8352
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8326
8353
"directory using <application>Windows Explorer</application>."
8327
8354
msgstr ""
8328
8355
8329
#: serverguide/C/samba.xml:171(para)
8356
#: serverguide/C/windows-networking.xml:171(para)
8330
8357
msgid ""
8331
8358
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8332
8359
"without supplying a password."
8333
8360
msgstr ""
8334
8361
8335
#: serverguide/C/samba.xml:176(para)
8362
#: serverguide/C/windows-networking.xml:176(para)
8336
8363
msgid ""
8337
8364
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8338
8365
"write privileges are granted. Write privileges are allowed only when the "
8340
8367
"is <emphasis>yes</emphasis>, then access to the share is read only."
8341
8368
msgstr ""
8342
8369
8343
#: serverguide/C/samba.xml:181(para)
8370
#: serverguide/C/windows-networking.xml:181(para)
8344
8371
msgid ""
8345
8372
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8346
8373
"have when created."
8347
8374
msgstr ""
8348
8375
8349
#: serverguide/C/samba.xml:190(para)
8376
#: serverguide/C/windows-networking.xml:190(para)
8350
8377
msgid ""
8351
8378
"Now that <application>Samba</application> is configured, the directory needs "
8352
8379
"to be created and the permissions changed. From a terminal enter:"
8353
8380
msgstr ""
8354
8381
8355
#: serverguide/C/samba.xml:196(command)
8382
#: serverguide/C/windows-networking.xml:196(command)
8356
8383
msgid "sudo mkdir -p /srv/samba/share"
8357
8384
msgstr ""
8358
8385
8359
#: serverguide/C/samba.xml:197(command)
8360
msgid "sudo chown nobody.nogroup /srv/samba/share/"
8386
#: serverguide/C/windows-networking.xml:197(command)
8387
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8361
8388
msgstr ""
8362
8389
8363
#: serverguide/C/samba.xml:201(para)
8390
#: serverguide/C/windows-networking.xml:201(para)
8364
8391
msgid ""
8365
8392
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8366
8393
"directory tree if it doesn't exist."
8367
8394
msgstr ""
8368
8395
8369
#: serverguide/C/samba.xml:209(para)
8396
#: serverguide/C/windows-networking.xml:209(para)
8370
8397
msgid ""
8371
8398
"Finally, restart the <application>samba</application> services to enable the "
8372
8399
"new configuration:"
8373
8400
msgstr ""
8374
8401
8375
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2504(command)
8402
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8376
8403
msgid "sudo restart smbd"
8377
8404
msgstr ""
8378
8405
8379
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2505(command)
8406
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8380
8407
msgid "sudo restart nmbd"
8381
8408
msgstr ""
8382
8409
8383
#: serverguide/C/samba.xml:222(para)
8410
#: serverguide/C/windows-networking.xml:222(para)
8384
8411
msgid ""
8385
8412
"Once again, the above configuration gives all access to any client on the "
8386
8413
"local network. For a more secure configuration see <xref linkend=\"samba-"
8387
8414
"fileprint-security\"/>."
8388
8415
msgstr ""
8389
8416
8390
#: serverguide/C/samba.xml:228(para)
8417
#: serverguide/C/windows-networking.xml:228(para)
8391
8418
msgid ""
8392
8419
"From a Windows client you should now be able to browse to the Ubuntu file "
8393
8420
"server and see the shared directory. If your client doesn't show your share "
8396
8423
"working try creating a directory from Windows."
8397
8424
msgstr ""
8398
8425
8399
#: serverguide/C/samba.xml:232(para)
8426
#: serverguide/C/windows-networking.xml:232(para)
8400
8427
msgid ""
8401
8428
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8402
8429
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8404
8431
"share actually exists and the permissions are correct."
8405
8432
msgstr ""
8406
8433
8407
#: serverguide/C/samba.xml:239(para)
8434
#: serverguide/C/windows-networking.xml:239(para)
8408
8435
msgid ""
8409
8436
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8410
8437
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8414
8441
"<filename>/srv/samba/qa</filename>."
8415
8442
msgstr ""
8416
8443
8417
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8444
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8418
8445
msgid ""
8419
8446
"For in depth Samba configurations see the <ulink "
8420
8447
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8421
8448
"Collection</ulink>"
8422
8449
msgstr ""
8423
8450
8424
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8451
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8425
8452
msgid ""
8426
8453
"The guide is also available in <ulink "
8427
8454
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8428
8455
"format</ulink>."
8429
8456
msgstr ""
8430
8457
8431
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8458
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8432
8459
msgid ""
8433
8460
"O'Reilly's <ulink "
8434
8461
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8435
8462
"another good reference."
8436
8463
msgstr ""
8437
8464
8438
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8465
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8439
8466
msgid ""
8440
8467
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8441
8468
"</ulink> page."
8442
8469
msgstr ""
8443
8470
8444
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8471
#: serverguide/C/network-config.xml:908(para)
8445
8472
msgid "Print Server"
8446
8473
msgstr ""
8447
8474
8448
#: serverguide/C/samba.xml:281(para)
8475
#: serverguide/C/windows-networking.xml:281(para)
8449
8476
msgid ""
8450
8477
"Another common use of Samba is to configure it to share printers installed, "
8451
8478
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8454
8481
"prompting for a username and password."
8455
8482
msgstr ""
8456
8483
8457
#: serverguide/C/samba.xml:287(para)
8484
#: serverguide/C/windows-networking.xml:287(para)
8458
8485
msgid ""
8459
8486
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8460
8487
"security\"/>."
8461
8488
msgstr ""
8462
8489
8463
#: serverguide/C/samba.xml:294(para)
8490
#: serverguide/C/windows-networking.xml:294(para)
8464
8491
msgid ""
8465
8492
"Before installing and configuring Samba it is best to already have a working "
8466
8493
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8467
8494
"for details."
8468
8495
msgstr ""
8469
8496
8470
#: serverguide/C/samba.xml:299(para)
8497
#: serverguide/C/windows-networking.xml:299(para)
8471
8498
msgid ""
8472
8499
"To install the <application>samba</application> package, from a terminal "
8473
8500
"enter:"
8474
8501
msgstr ""
8475
8502
8476
#: serverguide/C/samba.xml:310(para)
8503
#: serverguide/C/windows-networking.xml:310(para)
8477
8504
msgid ""
8478
8505
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8479
8506
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8481
8508
"role=\"italic\">user</emphasis>:"
8482
8509
msgstr ""
8483
8510
8484
#: serverguide/C/samba.xml:322(para)
8511
#: serverguide/C/windows-networking.xml:322(para)
8485
8512
msgid ""
8486
8513
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8487
8514
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8488
8515
msgstr ""
8489
8516
8490
#: serverguide/C/samba.xml:326(programlisting)
8517
#: serverguide/C/windows-networking.xml:326(programlisting)
8491
8518
#, no-wrap
8492
8519
msgid ""
8493
8520
"\n"
8495
8522
" guest ok = yes\n"
8496
8523
msgstr ""
8497
8524
8498
#: serverguide/C/samba.xml:331(para)
8525
#: serverguide/C/windows-networking.xml:331(para)
8499
8526
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8500
8527
msgstr ""
8501
8528
8502
#: serverguide/C/samba.xml:340(para)
8529
#: serverguide/C/windows-networking.xml:340(para)
8503
8530
msgid ""
8504
8531
"The default Samba configuration will automatically share any printers "
8505
8532
"installed. Simply install the printer locally on your Windows clients."
8506
8533
msgstr ""
8507
8534
8508
#: serverguide/C/samba.xml:369(para)
8535
#: serverguide/C/windows-networking.xml:369(para)
8509
8536
msgid ""
8510
8537
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8511
8538
"more information on configuring CUPS."
8515
8542
msgid "Securing File and Print Server"
8516
8543
msgstr ""
8517
8544
8518
#: serverguide/C/samba.xml:386(title)
8545
#: serverguide/C/windows-networking.xml:386(title)
8519
8546
msgid "Samba Security Modes"
8520
8547
msgstr ""
8521
8548
8522
#: serverguide/C/samba.xml:388(para)
8549
#: serverguide/C/windows-networking.xml:388(para)
8523
8550
msgid ""
8524
8551
"There are two security levels available to the Common Internet Filesystem "
8525
8552
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8528
8555
"security and one way to implement share-level:"
8529
8556
msgstr ""
8530
8557
8531
#: serverguide/C/samba.xml:397(para)
8558
#: serverguide/C/windows-networking.xml:397(para)
8532
8559
msgid ""
8533
8560
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8534
8561
"and password to connect to shares. Samba user accounts are separate from "
8536
8563
"will sync system users and passwords with the Samba user database."
8537
8564
msgstr ""
8538
8565
8539
#: serverguide/C/samba.xml:404(para)
8566
#: serverguide/C/windows-networking.xml:404(para)
8540
8567
msgid ""
8541
8568
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8542
8569
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8544
8571
"linkend=\"samba-dc\"/> for further information."
8545
8572
msgstr ""
8546
8573
8547
#: serverguide/C/samba.xml:411(para)
8574
#: serverguide/C/windows-networking.xml:411(para)
8548
8575
msgid ""
8549
8576
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8550
8577
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8551
8578
"integration\"/> for details."
8552
8579
msgstr ""
8553
8580
8554
#: serverguide/C/samba.xml:417(para)
8581
#: serverguide/C/windows-networking.xml:417(para)
8555
8582
msgid ""
8556
8583
"<emphasis>security = server:</emphasis> this mode is left over from before "
8557
8584
"Samba could become a member server, and due to some security issues should "
8560
8587
"of the Samba guide for more details."
8561
8588
msgstr ""
8562
8589
8563
#: serverguide/C/samba.xml:425(para)
8590
#: serverguide/C/windows-networking.xml:425(para)
8564
8591
msgid ""
8565
8592
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8566
8593
"without supplying a username and password."
8567
8594
msgstr ""
8568
8595
8569
#: serverguide/C/samba.xml:432(para)
8596
#: serverguide/C/windows-networking.xml:432(para)
8570
8597
msgid ""
8571
8598
"The security mode you choose will depend on your environment and what you "
8572
8599
"need the Samba server to accomplish."
8573
8600
msgstr ""
8574
8601
8575
#: serverguide/C/samba.xml:438(title)
8602
#: serverguide/C/windows-networking.xml:438(title)
8576
8603
msgid "Security = User"
8577
8604
msgstr ""
8578
8605
8579
#: serverguide/C/samba.xml:440(para)
8606
#: serverguide/C/windows-networking.xml:440(para)
8580
8607
msgid ""
8581
8608
"This section will reconfigure the Samba file and print server, from <xref "
8582
8609
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8583
8610
"require authentication."
8584
8611
msgstr ""
8585
8612
8586
#: serverguide/C/samba.xml:445(para)
8613
#: serverguide/C/windows-networking.xml:445(para)
8587
8614
msgid ""
8588
8615
"First, install the <application>libpam-smbpass</application> package which "
8589
8616
"will sync the system users to the Samba user database:"
8590
8617
msgstr ""
8591
8618
8592
#: serverguide/C/samba.xml:451(command)
8619
#: serverguide/C/windows-networking.xml:451(command)
8593
8620
msgid "sudo apt-get install libpam-smbpass"
8594
8621
msgstr ""
8595
8622
8596
#: serverguide/C/samba.xml:455(para)
8623
#: serverguide/C/windows-networking.xml:455(para)
8597
8624
msgid ""
8598
8625
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8599
8626
"<application>libpam-smbpass</application> is already installed."
8600
8627
msgstr ""
8601
8628
8602
#: serverguide/C/samba.xml:461(para)
8629
#: serverguide/C/windows-networking.xml:461(para)
8603
8630
msgid ""
8604
8631
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8605
8632
"<emphasis>[share]</emphasis> section change:"
8606
8633
msgstr ""
8607
8634
8608
#: serverguide/C/samba.xml:465(programlisting)
8635
#: serverguide/C/windows-networking.xml:465(programlisting)
8609
8636
#, no-wrap
8610
8637
msgid ""
8611
8638
"\n"
8612
8639
" guest ok = no\n"
8613
8640
msgstr ""
8614
8641
8615
#: serverguide/C/samba.xml:469(para)
8642
#: serverguide/C/windows-networking.xml:469(para)
8616
8643
msgid "Finally, restart Samba for the new settings to take effect:"
8617
8644
msgstr ""
8618
8645
8619
#: serverguide/C/samba.xml:478(para)
8646
#: serverguide/C/windows-networking.xml:478(para)
8620
8647
msgid ""
8621
8648
"Now when connecting to the shared directories or printers you should be "
8622
8649
"prompted for a username and password."
8623
8650
msgstr ""
8624
8651
8625
#: serverguide/C/samba.xml:483(para)
8652
#: serverguide/C/windows-networking.xml:483(para)
8626
8653
msgid ""
8627
8654
"If you choose to map a network drive to the share you can check the "
8628
8655
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8629
8656
"enter the username and password once, at least until the password changes."
8630
8657
msgstr ""
8631
8658
8632
#: serverguide/C/samba.xml:491(title)
8659
#: serverguide/C/windows-networking.xml:491(title)
8633
8660
msgid "Share Security"
8634
8661
msgstr ""
8635
8662
8636
#: serverguide/C/samba.xml:493(para)
8663
#: serverguide/C/windows-networking.xml:493(para)
8637
8664
msgid ""
8638
8665
"There are several options available to increase the security for each "
8639
8666
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8640
8667
"this section will cover some common options."
8641
8668
msgstr ""
8642
8669
8643
#: serverguide/C/samba.xml:499(title)
8670
#: serverguide/C/windows-networking.xml:499(title)
8644
8671
msgid "Groups"
8645
8672
msgstr ""
8646
8673
8647
#: serverguide/C/samba.xml:501(para)
8674
#: serverguide/C/windows-networking.xml:501(para)
8648
8675
msgid ""
8649
8676
"Groups define a collection of computers or users which have a common level "
8650
8677
"of access to particular network resources and offer a level of granularity "
8666
8693
"have only access to resources explicitly allowing the group they are part of."
8667
8694
msgstr ""
8668
8695
8669
#: serverguide/C/samba.xml:515(para)
8696
#: serverguide/C/windows-networking.xml:515(para)
8670
8697
msgid ""
8671
8698
"By default Samba looks for the local system groups defined in "
8672
8699
"<filename>/etc/group</filename> to determine which users belong to which "
8674
8701
"<xref linkend=\"adding-deleting-users\"/>."
8675
8702
msgstr ""
8676
8703
8677
#: serverguide/C/samba.xml:521(para)
8704
#: serverguide/C/windows-networking.xml:521(para)
8678
8705
msgid ""
8679
8706
"When defining groups in the Samba configuration file, "
8680
8707
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8685
8712
"role=\"bold\">@sysadmin</emphasis>."
8686
8713
msgstr ""
8687
8714
8688
#: serverguide/C/samba.xml:530(title)
8715
#: serverguide/C/windows-networking.xml:530(title)
8689
8716
msgid "File Permissions"
8690
8717
msgstr ""
8691
8718
8692
#: serverguide/C/samba.xml:532(para)
8719
#: serverguide/C/windows-networking.xml:532(para)
8693
8720
msgid ""
8694
8721
"File Permissions define the explicit rights a computer or user has to a "
8695
8722
"particular directory, file, or set of files. Such permissions may be defined "
8697
8724
"the explicit permissions of a defined file share."
8698
8725
msgstr ""
8699
8726
8700
#: serverguide/C/samba.xml:538(para)
8727
#: serverguide/C/windows-networking.xml:538(para)
8701
8728
msgid ""
8702
8729
"For example, if you have defined a Samba share called "
8703
8730
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8709
8736
"under the <emphasis>[share]</emphasis> entry:"
8710
8737
msgstr ""
8711
8738
8712
#: serverguide/C/samba.xml:547(programlisting)
8739
#: serverguide/C/windows-networking.xml:547(programlisting)
8713
8740
#, no-wrap
8714
8741
msgid ""
8715
8742
"\n"
8717
8744
" write list = @sysadmin, vincent\n"
8718
8745
msgstr ""
8719
8746
8720
#: serverguide/C/samba.xml:552(para)
8747
#: serverguide/C/windows-networking.xml:552(para)
8721
8748
msgid ""
8722
8749
"Another possible Samba permission is to declare "
8723
8750
"<emphasis>administrative</emphasis> permissions to a particular shared "
8726
8753
"administrative permissions to."
8727
8754
msgstr ""
8728
8755
8729
#: serverguide/C/samba.xml:558(para)
8756
#: serverguide/C/windows-networking.xml:558(para)
8730
8757
msgid ""
8731
8758
"For example, if you wanted to give the user <emphasis "
8732
8759
"role=\"italic\">melissa</emphasis> administrative permissions to the "
8735
8762
"under the <emphasis>[share]</emphasis> entry:"
8736
8763
msgstr ""
8737
8764
8738
#: serverguide/C/samba.xml:565(programlisting)
8765
#: serverguide/C/windows-networking.xml:565(programlisting)
8739
8766
#, no-wrap
8740
8767
msgid ""
8741
8768
"\n"
8742
8769
" admin users = melissa\n"
8743
8770
msgstr ""
8744
8771
8745
#: serverguide/C/samba.xml:569(para)
8772
#: serverguide/C/windows-networking.xml:569(para)
8746
8773
msgid ""
8747
8774
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
8748
8775
"the changes to take effect:"
8749
8776
msgstr ""
8750
8777
8751
#: serverguide/C/samba.xml:579(para)
8778
#: serverguide/C/windows-networking.xml:579(para)
8752
8779
msgid ""
8753
8780
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
8754
8781
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
8755
8782
"<emphasis role=\"italic\">security = share</emphasis>"
8756
8783
msgstr ""
8757
8784
8758
#: serverguide/C/samba.xml:585(para)
8785
#: serverguide/C/windows-networking.xml:585(para)
8759
8786
msgid ""
8760
8787
"Now that Samba has been configured to limit which groups have access to the "
8761
8788
"shared directory, the filesystem permissions need to be updated."
8762
8789
msgstr ""
8763
8790
8764
#: serverguide/C/samba.xml:590(para)
8791
#: serverguide/C/windows-networking.xml:590(para)
8765
8792
msgid ""
8766
8793
"Traditional Linux file permissions do not map well to Windows NT Access "
8767
8794
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
8770
8797
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
8771
8798
msgstr ""
8772
8799
8773
#: serverguide/C/samba.xml:597(programlisting)
8800
#: serverguide/C/windows-networking.xml:597(programlisting)
8774
8801
#, no-wrap
8775
8802
msgid ""
8776
8803
"\n"
8778
8805
"0 1\n"
8779
8806
msgstr ""
8780
8807
8781
#: serverguide/C/samba.xml:601(para)
8808
#: serverguide/C/windows-networking.xml:601(para)
8782
8809
msgid "Then remount the partition:"
8783
8810
msgstr ""
8784
8811
8785
#: serverguide/C/samba.xml:606(command)
8812
#: serverguide/C/windows-networking.xml:606(command)
8786
8813
msgid "sudo mount -v -o remount /srv"
8787
8814
msgstr ""
8788
8815
8789
#: serverguide/C/samba.xml:610(para)
8816
#: serverguide/C/windows-networking.xml:610(para)
8790
8817
msgid ""
8791
8818
"The above example assumes <filename>/srv</filename> on a separate partition. "
8792
8819
"If <filename>/srv</filename>, or wherever you have configured your share "
8794
8821
"required."
8795
8822
msgstr ""
8796
8823
8797
#: serverguide/C/samba.xml:617(para)
8824
#: serverguide/C/windows-networking.xml:617(para)
8798
8825
msgid ""
8799
8826
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
8800
8827
"group will be given read, write, and execute permissions to "
8803
8830
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
8804
8831
msgstr ""
8805
8832
8806
#: serverguide/C/samba.xml:625(command)
8833
#: serverguide/C/windows-networking.xml:625(command)
8807
8834
msgid "sudo chown -R melissa /srv/samba/share/"
8808
8835
msgstr ""
8809
8836
8810
#: serverguide/C/samba.xml:626(command)
8837
#: serverguide/C/windows-networking.xml:626(command)
8811
8838
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
8812
8839
msgstr ""
8813
8840
8814
#: serverguide/C/samba.xml:627(command)
8841
#: serverguide/C/windows-networking.xml:627(command)
8815
8842
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
8816
8843
msgstr ""
8817
8844
8818
#: serverguide/C/samba.xml:631(para)
8845
#: serverguide/C/windows-networking.xml:631(para)
8819
8846
msgid ""
8820
8847
"The <application>setfacl</application> command above gives "
8821
8848
"<emphasis>execute</emphasis> permissions to all files in the "
8823
8850
"want."
8824
8851
msgstr ""
8825
8852
8826
#: serverguide/C/samba.xml:637(para)
8853
#: serverguide/C/windows-networking.xml:637(para)
8827
8854
msgid ""
8828
8855
"Now from a Windows client you should notice the new file permissions are "
8829
8856
"implemented. See the <application>acl</application> and "
8831
8858
"ACLs."
8832
8859
msgstr ""
8833
8860
8834
#: serverguide/C/samba.xml:645(title)
8861
#: serverguide/C/windows-networking.xml:645(title)
8835
8862
msgid "Samba AppArmor Profile"
8836
8863
msgstr ""
8837
8864
8838
#: serverguide/C/samba.xml:647(para)
8865
#: serverguide/C/windows-networking.xml:647(para)
8839
8866
msgid ""
8840
8867
"Ubuntu comes with the <application>AppArmor</application> security module, "
8841
8868
"which provides mandatory access controls. The default AppArmor profile for "
8843
8870
"using AppArmor see <xref linkend=\"apparmor\"/>."
8844
8871
msgstr ""
8845
8872
8846
#: serverguide/C/samba.xml:653(para)
8873
#: serverguide/C/windows-networking.xml:653(para)
8847
8874
msgid ""
8848
8875
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
8849
8876
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
8851
8878
"package, from a terminal prompt enter:"
8852
8879
msgstr ""
8853
8880
8854
#: serverguide/C/samba.xml:660(command)
8881
#: serverguide/C/windows-networking.xml:660(command)
8855
8882
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
8856
8883
msgstr ""
8857
8884
8858
#: serverguide/C/samba.xml:664(para)
8885
#: serverguide/C/windows-networking.xml:664(para)
8859
8886
msgid "This package contains profiles for several other binaries."
8860
8887
msgstr ""
8861
8888
8862
#: serverguide/C/samba.xml:669(para)
8889
#: serverguide/C/windows-networking.xml:669(para)
8863
8890
msgid ""
8864
8891
"By default the profiles for <application>smbd</application> and "
8865
8892
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
8869
8896
"profile will need to be modified to reflect any directories that are shared."
8870
8897
msgstr ""
8871
8898
8872
#: serverguide/C/samba.xml:676(para)
8899
#: serverguide/C/windows-networking.xml:676(para)
8873
8900
msgid ""
8874
8901
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
8875
8902
"for <emphasis>[share]</emphasis> from the file server example:"
8876
8903
msgstr ""
8877
8904
8878
#: serverguide/C/samba.xml:681(programlisting)
8905
#: serverguide/C/windows-networking.xml:681(programlisting)
8879
8906
#, no-wrap
8880
8907
msgid ""
8881
8908
"\n"
8883
8910
" /srv/samba/share/** rwkix,\n"
8884
8911
msgstr ""
8885
8912
8886
#: serverguide/C/samba.xml:686(para)
8913
#: serverguide/C/windows-networking.xml:686(para)
8887
8914
msgid ""
8888
8915
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
8889
8916
msgstr ""
8890
8917
8891
#: serverguide/C/samba.xml:691(command)
8918
#: serverguide/C/windows-networking.xml:691(command)
8892
8919
msgid "sudo aa-enforce /usr/sbin/smbd"
8893
8920
msgstr ""
8894
8921
8895
#: serverguide/C/samba.xml:692(command)
8922
#: serverguide/C/windows-networking.xml:692(command)
8896
8923
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
8897
8924
msgstr ""
8898
8925
8899
#: serverguide/C/samba.xml:695(para)
8926
#: serverguide/C/windows-networking.xml:695(para)
8900
8927
msgid ""
8901
8928
"You should now be able to read, write, and execute files in the shared "
8902
8929
"directory as normal, and the <application>smbd</application> binary will "
8905
8932
"will be logged to <filename>/var/log/syslog</filename>."
8906
8933
msgstr ""
8907
8934
8908
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
8935
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
8909
8936
msgid ""
8910
8937
"O'Reilly's <ulink "
8911
8938
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8912
8939
"also a good reference."
8913
8940
msgstr ""
8914
8941
8915
#: serverguide/C/samba.xml:726(para)
8942
#: serverguide/C/windows-networking.xml:726(para)
8916
8943
msgid ""
8917
8944
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
8918
8945
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
8919
8946
"security."
8920
8947
msgstr ""
8921
8948
8922
#: serverguide/C/samba.xml:732(para)
8949
#: serverguide/C/windows-networking.xml:732(para)
8923
8950
msgid ""
8924
8951
"For more information on Samba and ACLs see the <ulink "
8925
8952
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
8930
8957
msgid "As a Domain Controller"
8931
8958
msgstr ""
8932
8959
8933
#: serverguide/C/samba.xml:750(para)
8960
#: serverguide/C/windows-networking.xml:750(para)
8934
8961
msgid ""
8935
8962
"Although it cannot act as an Active Directory Primary Domain Controller "
8936
8963
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
8939
8966
"backends to store the user information."
8940
8967
msgstr ""
8941
8968
8942
#: serverguide/C/samba.xml:757(title)
8969
#: serverguide/C/windows-networking.xml:757(title)
8943
8970
msgid "Primary Domain Controller"
8944
8971
msgstr ""
8945
8972
8946
#: serverguide/C/samba.xml:759(para)
8973
#: serverguide/C/windows-networking.xml:759(para)
8947
8974
msgid ""
8948
8975
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
8949
8976
"using the default smbpasswd backend."
8950
8977
msgstr ""
8951
8978
8952
#: serverguide/C/samba.xml:766(para)
8979
#: serverguide/C/windows-networking.xml:766(para)
8953
8980
msgid ""
8954
8981
"First, install Samba, and <application>libpam-smbpass</application> to sync "
8955
8982
"the user accounts, by entering the following in a terminal prompt:"
8956
8983
msgstr ""
8957
8984
8958
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
8985
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
8959
8986
msgid "sudo apt-get install samba libpam-smbpass"
8960
8987
msgstr ""
8961
8988
8962
#: serverguide/C/samba.xml:778(para)
8989
#: serverguide/C/windows-networking.xml:778(para)
8963
8990
msgid ""
8964
8991
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
8965
8992
"The <emphasis>security</emphasis> mode should be set to <emphasis "
8967
8994
"should relate to your organization:"
8968
8995
msgstr ""
8969
8996
8970
#: serverguide/C/samba.xml:793(para)
8997
#: serverguide/C/windows-networking.xml:793(para)
8971
8998
msgid ""
8972
8999
"In the commented <quote>Domains</quote> section add or uncomment the "
8973
9000
"following (the last line has been split to fit the format of this document):"
8974
9001
msgstr ""
8975
9002
8976
#: serverguide/C/samba.xml:797(programlisting)
9003
#: serverguide/C/windows-networking.xml:797(programlisting)
8977
9004
#, no-wrap
8978
9005
msgid ""
8979
9006
"\n"
8986
9013
" /var/lib/samba -s /bin/false %u\n"
8987
9014
msgstr ""
8988
9015
8989
#: serverguide/C/samba.xml:808(para)
9016
#: serverguide/C/windows-networking.xml:808(para)
8990
9017
msgid ""
8991
9018
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
8992
9019
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
8993
9020
"commented."
8994
9021
msgstr ""
8995
9022
8996
#: serverguide/C/samba.xml:816(para)
9023
#: serverguide/C/windows-networking.xml:816(para)
8997
9024
msgid ""
8998
9025
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
8999
9026
"Samba to act as a domain controller."
9000
9027
msgstr ""
9001
9028
9002
#: serverguide/C/samba.xml:821(para)
9029
#: serverguide/C/windows-networking.xml:821(para)
9003
9030
msgid ""
9004
9031
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9005
9032
"their home directory. It is also possible to configure a "
9007
9034
"directory."
9008
9035
msgstr ""
9009
9036
9010
#: serverguide/C/samba.xml:827(para)
9037
#: serverguide/C/windows-networking.xml:827(para)
9011
9038
msgid ""
9012
9039
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9013
9040
msgstr ""
9014
9041
9015
#: serverguide/C/samba.xml:832(para)
9042
#: serverguide/C/windows-networking.xml:832(para)
9016
9043
msgid ""
9017
9044
"<emphasis>logon home:</emphasis> specifies the home directory location."
9018
9045
msgstr ""
9019
9046
9020
#: serverguide/C/samba.xml:837(para)
9047
#: serverguide/C/windows-networking.xml:837(para)
9021
9048
msgid ""
9022
9049
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9023
9050
"once a user has logged in. The script needs to be placed in the "
9024
9051
"<emphasis>[netlogon]</emphasis> share."
9025
9052
msgstr ""
9026
9053
9027
#: serverguide/C/samba.xml:843(para)
9054
#: serverguide/C/windows-networking.xml:843(para)
9028
9055
msgid ""
9029
9056
"<emphasis>add machine script:</emphasis> a script that will automatically "
9030
9057
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9031
9058
"workstation to join the domain."
9032
9059
msgstr ""
9033
9060
9034
#: serverguide/C/samba.xml:847(para)
9061
#: serverguide/C/windows-networking.xml:847(para)
9035
9062
msgid ""
9036
9063
"In this example the <emphasis>machines</emphasis> group will need to be "
9037
9064
"created using the <application>addgroup</application> utility see <xref "
9038
9065
"linkend=\"adding-deleting-users\"/> for details."
9039
9066
msgstr ""
9040
9067
9041
#: serverguide/C/samba.xml:858(para)
9068
#: serverguide/C/windows-networking.xml:858(para)
9042
9069
msgid ""
9043
9070
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9044
9071
"role=\"italic\">logon home</emphasis> to be mapped:"
9045
9072
msgstr ""
9046
9073
9047
#: serverguide/C/samba.xml:863(programlisting)
9074
#: serverguide/C/windows-networking.xml:863(programlisting)
9048
9075
#, no-wrap
9049
9076
msgid ""
9050
9077
"\n"
9057
9084
" valid users = %S\n"
9058
9085
msgstr ""
9059
9086
9060
#: serverguide/C/samba.xml:876(para)
9087
#: serverguide/C/windows-networking.xml:876(para)
9061
9088
msgid ""
9062
9089
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9063
9090
"share needs to be configured. To enable the share, uncomment:"
9064
9091
msgstr ""
9065
9092
9066
#: serverguide/C/samba.xml:881(programlisting)
9093
#: serverguide/C/windows-networking.xml:881(programlisting)
9067
9094
#, no-wrap
9068
9095
msgid ""
9069
9096
"\n"
9075
9102
" share modes = no\n"
9076
9103
msgstr ""
9077
9104
9078
#: serverguide/C/samba.xml:891(para)
9105
#: serverguide/C/windows-networking.xml:891(para)
9079
9106
msgid ""
9080
9107
"The original <emphasis>netlogon</emphasis> share path is "
9081
9108
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9084
9111
"location for site-specific data provided by the system."
9085
9112
msgstr ""
9086
9113
9087
#: serverguide/C/samba.xml:902(para)
9114
#: serverguide/C/windows-networking.xml:902(para)
9088
9115
msgid ""
9089
9116
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9090
9117
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9091
9118
msgstr ""
9092
9119
9093
#: serverguide/C/samba.xml:908(command)
9120
#: serverguide/C/windows-networking.xml:908(command)
9094
9121
msgid "sudo mkdir -p /srv/samba/netlogon"
9095
9122
msgstr ""
9096
9123
9097
#: serverguide/C/samba.xml:909(command)
9124
#: serverguide/C/windows-networking.xml:909(command)
9098
9125
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9099
9126
msgstr ""
9100
9127
9101
#: serverguide/C/samba.xml:912(para)
9128
#: serverguide/C/windows-networking.xml:912(para)
9102
9129
msgid ""
9103
9130
"You can enter any normal Windows logon script commands in "
9104
9131
"<filename>logon.cmd</filename> to customize the client's environment."
9105
9132
msgstr ""
9106
9133
9107
#: serverguide/C/samba.xml:920(para)
9134
#: serverguide/C/windows-networking.xml:920(para)
9108
9135
msgid "Restart Samba to enable the new domain controller:"
9109
9136
msgstr ""
9110
9137
9111
#: serverguide/C/samba.xml:932(para)
9138
#: serverguide/C/windows-networking.xml:932(para)
9112
9139
msgid ""
9113
9140
"Lastly, there are a few additional commands needed to setup the appropriate "
9114
9141
"rights."
9115
9142
msgstr ""
9116
9143
9117
#: serverguide/C/samba.xml:936(para)
9144
#: serverguide/C/windows-networking.xml:936(para)
9118
9145
msgid ""
9119
9146
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9120
9147
"workstation to the domain, a system group needs to be mapped to the Windows "
9122
9149
"<application>net</application> utility, from a terminal enter:"
9123
9150
msgstr ""
9124
9151
9125
#: serverguide/C/samba.xml:943(command)
9152
#: serverguide/C/windows-networking.xml:943(command)
9126
9153
msgid ""
9127
9154
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9128
9155
"type=d"
9129
9156
msgstr ""
9130
9157
9131
#: serverguide/C/samba.xml:947(para)
9158
#: serverguide/C/windows-networking.xml:947(para)
9132
9159
msgid ""
9133
9160
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9134
9161
"prefer. Also, the user used to join the domain needs to be a member of the "
9137
9164
"allows <application>sudo</application> use."
9138
9165
msgstr ""
9139
9166
9140
#: serverguide/C/samba.xml:953(para)
9167
#: serverguide/C/windows-networking.xml:953(para)
9141
9168
msgid ""
9142
9169
"If the user does not have Samba credentials yet, you can add them with the "
9143
9170
"<application>smbpasswd</application> utility, change the "
9146
9173
"</screen>"
9147
9174
msgstr ""
9148
9175
9149
#: serverguide/C/samba.xml:963(para)
9176
#: serverguide/C/windows-networking.xml:963(para)
9150
9177
msgid ""
9151
9178
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9152
9179
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9153
9180
"(and other admin functions) to work. This is achieved by executing:"
9154
9181
msgstr ""
9155
9182
9156
#: serverguide/C/samba.xml:968(command)
9183
#: serverguide/C/windows-networking.xml:968(command)
9157
9184
msgid ""
9158
9185
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9159
9186
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9160
9187
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9161
9188
msgstr ""
9162
9189
9163
#: serverguide/C/samba.xml:976(para)
9190
#: serverguide/C/windows-networking.xml:976(para)
9164
9191
msgid ""
9165
9192
"You should now be able to join Windows clients to the Domain in the same "
9166
9193
"manner as joining them to an NT4 domain running on a Windows server."
9167
9194
msgstr ""
9168
9195
9169
#: serverguide/C/samba.xml:986(title)
9196
#: serverguide/C/windows-networking.xml:986(title)
9170
9197
msgid "Backup Domain Controller"
9171
9198
msgstr ""
9172
9199
9173
#: serverguide/C/samba.xml:988(para)
9200
#: serverguide/C/windows-networking.xml:988(para)
9174
9201
msgid ""
9175
9202
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9176
9203
"Backup Domain Controller (BDC) as well. This will allow clients to "
9177
9204
"authenticate in case the PDC becomes unavailable."
9178
9205
msgstr ""
9179
9206
9180
#: serverguide/C/samba.xml:993(para)
9207
#: serverguide/C/windows-networking.xml:993(para)
9181
9208
msgid ""
9182
9209
"When configuring Samba as a BDC you need a way to sync account information "
9183
9210
"with the PDC. There are multiple ways of accomplishing this "
9186
9213
"backend</emphasis>."
9187
9214
msgstr ""
9188
9215
9189
#: serverguide/C/samba.xml:999(para)
9216
#: serverguide/C/windows-networking.xml:999(para)
9190
9217
msgid ""
9191
9218
"Using LDAP is the most robust way to sync account information, because both "
9192
9219
"domain controllers can use the same information in real time. However, "
9194
9221
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9195
9222
msgstr ""
9196
9223
9197
#: serverguide/C/samba.xml:1008(para)
9224
#: serverguide/C/windows-networking.xml:1008(para)
9198
9225
msgid ""
9199
9226
"First, install <application>samba</application> and <application>libpam-"
9200
9227
"smbpass</application>. From a terminal enter:"
9201
9228
msgstr ""
9202
9229
9203
#: serverguide/C/samba.xml:1019(para)
9230
#: serverguide/C/windows-networking.xml:1019(para)
9204
9231
msgid ""
9205
9232
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9206
9233
"following in the <emphasis>[global]</emphasis>:"
9207
9234
msgstr ""
9208
9235
9209
#: serverguide/C/samba.xml:1032(para)
9236
#: serverguide/C/windows-networking.xml:1032(para)
9210
9237
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9211
9238
msgstr ""
9212
9239
9213
#: serverguide/C/samba.xml:1036(programlisting)
9240
#: serverguide/C/windows-networking.xml:1036(programlisting)
9214
9241
#, no-wrap
9215
9242
msgid ""
9216
9243
"\n"
9218
9245
" domain master = no\n"
9219
9246
msgstr ""
9220
9247
9221
#: serverguide/C/samba.xml:1044(para)
9248
#: serverguide/C/windows-networking.xml:1044(para)
9222
9249
msgid ""
9223
9250
"Make sure a user has rights to read the files in "
9224
9251
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9226
9253
"files, enter:"
9227
9254
msgstr ""
9228
9255
9229
#: serverguide/C/samba.xml:1050(command)
9256
#: serverguide/C/windows-networking.xml:1050(command)
9230
9257
msgid "sudo chgrp -R admin /var/lib/samba"
9231
9258
msgstr ""
9232
9259
9233
#: serverguide/C/samba.xml:1056(para)
9260
#: serverguide/C/windows-networking.xml:1056(para)
9234
9261
msgid ""
9235
9262
"Next, sync the user accounts, using <application>scp</application> to copy "
9236
9263
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9237
9264
msgstr ""
9238
9265
9239
#: serverguide/C/samba.xml:1062(command)
9266
#: serverguide/C/windows-networking.xml:1062(command)
9240
9267
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9241
9268
msgstr ""
9242
9269
9243
#: serverguide/C/samba.xml:1066(para)
9270
#: serverguide/C/windows-networking.xml:1066(para)
9244
9271
msgid ""
9245
9272
"Replace <emphasis>username</emphasis> with a valid username and "
9246
9273
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9247
9274
msgstr ""
9248
9275
9249
#: serverguide/C/samba.xml:1075(para)
9276
#: serverguide/C/windows-networking.xml:1075(para)
9250
9277
msgid "Finally, restart <application>samba</application>:"
9251
9278
msgstr ""
9252
9279
9253
#: serverguide/C/samba.xml:1087(para)
9280
#: serverguide/C/windows-networking.xml:1087(para)
9254
9281
msgid ""
9255
9282
"You can test that your Backup Domain controller is working by stopping the "
9256
9283
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9257
9284
"the domain."
9258
9285
msgstr ""
9259
9286
9260
#: serverguide/C/samba.xml:1092(para)
9287
#: serverguide/C/windows-networking.xml:1092(para)
9261
9288
msgid ""
9262
9289
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9263
9290
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9266
9293
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9267
9294
msgstr ""
9268
9295
9269
#: serverguide/C/samba.xml:1122(para)
9296
#: serverguide/C/windows-networking.xml:1122(para)
9270
9297
msgid ""
9271
9298
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9272
9299
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9273
9300
"up a Primary Domain Controller."
9274
9301
msgstr ""
9275
9302
9276
#: serverguide/C/samba.xml:1128(para)
9303
#: serverguide/C/windows-networking.xml:1128(para)
9277
9304
msgid ""
9278
9305
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9279
9306
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9284
9311
msgid "Active Directory Integration"
9285
9312
msgstr ""
9286
9313
9287
#: serverguide/C/samba.xml:1146(title)
9314
#: serverguide/C/windows-networking.xml:1146(title)
9288
9315
msgid "Accessing a Samba Share"
9289
9316
msgstr ""
9290
9317
9291
#: serverguide/C/samba.xml:1148(para)
9318
#: serverguide/C/windows-networking.xml:1148(para)
9292
9319
msgid ""
9293
9320
"Another, use for Samba is to integrate into an existing Windows network. "
9294
9321
"Once part of an Active Directory domain, Samba can provide file and print "
9304
9331
"Likewise Open documentation</ulink>."
9305
9332
msgstr ""
9306
9333
9307
#: serverguide/C/samba.xml:1159(para)
9334
#: serverguide/C/windows-networking.xml:1159(para)
9308
9335
msgid ""
9309
9336
"Once part of the Active Directory domain, enter the following command in the "
9310
9337
"terminal prompt:"
9311
9338
msgstr ""
9312
9339
9313
#: serverguide/C/samba.xml:1164(command)
9340
#: serverguide/C/windows-networking.xml:1164(command)
9314
9341
msgid "sudo apt-get install samba smbfs smbclient"
9315
9342
msgstr ""
9316
9343
9317
#: serverguide/C/samba.xml:1167(para)
9344
#: serverguide/C/windows-networking.xml:1167(para)
9318
9345
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9319
9346
msgstr ""
9320
9347
9321
#: serverguide/C/samba.xml:1171(programlisting)
9348
#: serverguide/C/windows-networking.xml:1171(programlisting)
9322
9349
#, no-wrap
9323
9350
msgid ""
9324
9351
"\n"
9332
9359
" idmap gid = 50-9999999999\n"
9333
9360
msgstr ""
9334
9361
9335
#: serverguide/C/samba.xml:1182(para)
9362
#: serverguide/C/windows-networking.xml:1182(para)
9336
9363
msgid ""
9337
9364
"Restart <application>samba</application> for the new settings to take effect:"
9338
9365
msgstr ""
9339
9366
9340
#: serverguide/C/samba.xml:1191(para)
9367
#: serverguide/C/windows-networking.xml:1191(para)
9341
9368
msgid ""
9342
9369
"You should now be able to access any <application>Samba</application> shares "
9343
9370
"from a Windows client. However, be sure to give the appropriate AD users or "
9345
9372
"security\"/> for more details."
9346
9373
msgstr ""
9347
9374
9348
#: serverguide/C/samba.xml:1199(title)
9375
#: serverguide/C/windows-networking.xml:1199(title)
9349
9376
msgid "Accessing a Windows Share"
9350
9377
msgstr ""
9351
9378
9352
#: serverguide/C/samba.xml:1201(para)
9379
#: serverguide/C/windows-networking.xml:1201(para)
9353
9380
msgid ""
9354
9381
"Now that the Samba server is part of the Active Directory domain you can "
9355
9382
"access any Windows server shares:"
9356
9383
msgstr ""
9357
9384
9358
#: serverguide/C/samba.xml:1208(para)
9385
#: serverguide/C/windows-networking.xml:1208(para)
9359
9386
msgid ""
9360
9387
"To mount a Windows file share enter the following in a terminal prompt:"
9361
9388
msgstr ""
9362
9389
9363
#: serverguide/C/samba.xml:1212(command)
9390
#: serverguide/C/windows-networking.xml:1212(command)
9364
9391
msgid "mount.cifs //fs01.example.com/share mount_point"
9365
9392
msgstr ""
9366
9393
9367
#: serverguide/C/samba.xml:1215(para)
9394
#: serverguide/C/windows-networking.xml:1215(para)
9368
9395
msgid ""
9369
9396
"It is also possible to access shares on computers not part of an AD domain, "
9370
9397
"but a username and password will need to be provided."
9371
9398
msgstr ""
9372
9399
9373
#: serverguide/C/samba.xml:1223(para)
9400
#: serverguide/C/windows-networking.xml:1223(para)
9374
9401
msgid ""
9375
9402
"To mount the share during boot place an entry in "
9376
9403
"<filename>/etc/fstab</filename>, for example:"
9377
9404
msgstr ""
9378
9405
9379
#: serverguide/C/samba.xml:1227(programlisting)
9406
#: serverguide/C/windows-networking.xml:1227(programlisting)
9380
9407
#, no-wrap
9381
9408
msgid ""
9382
9409
"\n"
9384
9411
"0 0\n"
9385
9412
msgstr ""
9386
9413
9387
#: serverguide/C/samba.xml:1234(para)
9414
#: serverguide/C/windows-networking.xml:1234(para)
9388
9415
msgid ""
9389
9416
"Another way to copy files from a Windows server is to use the "
9390
9417
"<application>smbclient</application> utility. To list the files in a Windows "
9391
9418
"share:"
9392
9419
msgstr ""
9393
9420
9394
#: serverguide/C/samba.xml:1240(command)
9421
#: serverguide/C/windows-networking.xml:1240(command)
9395
9422
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9396
9423
msgstr ""
9397
9424
9398
#: serverguide/C/samba.xml:1246(para)
9425
#: serverguide/C/windows-networking.xml:1246(para)
9399
9426
msgid "To copy a file from the share, enter:"
9400
9427
msgstr ""
9401
9428
9402
#: serverguide/C/samba.xml:1251(command)
9429
#: serverguide/C/windows-networking.xml:1251(command)
9403
9430
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9404
9431
msgstr ""
9405
9432
9406
#: serverguide/C/samba.xml:1254(para)
9433
#: serverguide/C/windows-networking.xml:1254(para)
9407
9434
msgid ""
9408
9435
"This will copy the <filename>file.txt</filename> into the current directory."
9409
9436
msgstr ""
9410
9437
9411
#: serverguide/C/samba.xml:1261(para)
9438
#: serverguide/C/windows-networking.xml:1261(para)
9412
9439
msgid "And to copy a file to the share:"
9413
9440
msgstr ""
9414
9441
9415
#: serverguide/C/samba.xml:1266(command)
9442
#: serverguide/C/windows-networking.xml:1266(command)
9416
9443
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9417
9444
msgstr ""
9418
9445
9419
#: serverguide/C/samba.xml:1269(para)
9446
#: serverguide/C/windows-networking.xml:1269(para)
9420
9447
msgid ""
9421
9448
"This will copy the <filename>/etc/hosts</filename> to "
9422
9449
"<filename>//fs01.example.com/share/hosts</filename>."
9423
9450
msgstr ""
9424
9451
9425
#: serverguide/C/samba.xml:1276(para)
9452
#: serverguide/C/windows-networking.xml:1276(para)
9426
9453
msgid ""
9427
9454
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9428
9455
"<application>smbclient</application> command all at once. This is useful for "
9431
9458
"and directory commands, simply execute:"
9432
9459
msgstr ""
9433
9460
9434
#: serverguide/C/samba.xml:1283(command)
9461
#: serverguide/C/windows-networking.xml:1283(command)
9435
9462
msgid "smbclient //fs01.example.com/share -k"
9436
9463
msgstr ""
9437
9464
9438
#: serverguide/C/samba.xml:1290(para)
9465
#: serverguide/C/windows-networking.xml:1290(para)
9439
9466
msgid ""
9440
9467
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9441
9468
"<emphasis>//192.168.0.5/share</emphasis>, "
9782
9809
"<application>Zentyal</application>."
9783
9810
msgstr ""
9784
9811
9785
#: serverguide/C/remote-administration.xml:16(title)
9812
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
9786
9813
msgid "OpenSSH Server"
9787
9814
msgstr ""
9788
9815
9974
10001
msgstr ""
9975
10002
9976
10003
#: serverguide/C/remote-administration.xml:170(command)
9977
msgid "ssh-keygen -t dsa"
10004
msgid "ssh-keygen -t rsa"
9978
10005
msgstr ""
9979
10006
9980
10007
#: serverguide/C/remote-administration.xml:172(para)
9981
10008
msgid ""
9982
"This will generate the keys using the <emphasis>Digital Signature Algorithm "
9983
"(DSA)</emphasis> method. During the process you will be prompted for a "
9984
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
9985
"key."
10009
"This will generate the keys using the <emphasis>RSA Algorithm</emphasis>. "
10010
"During the process you will be prompted for a password. Simply hit "
10011
"<emphasis>Enter</emphasis> when prompted to create the key."
9986
10012
msgstr ""
9987
10013
9988
10014
#: serverguide/C/remote-administration.xml:176(para)
9989
10015
msgid ""
9990
10016
"By default the <emphasis>public</emphasis> key is saved in the file "
9991
"<filename>~/.ssh/id_dsa.pub</filename>, while "
9992
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
9993
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10017
"<filename>~/.ssh/id_rsa.pub</filename>, while "
10018
"<filename>~/.ssh/id_rsa</filename> is the <emphasis>private</emphasis> key. "
10019
"Now copy the <filename>id_rsa.pub</filename> file to the remote host and "
9994
10020
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
9995
10021
msgstr ""
9996
10022
10058
10084
msgid "Preconfiguration"
10059
10085
msgstr ""
10060
10086
10061
#: serverguide/C/remote-administration.xml:236(para)
10087
#: serverguide/C/remote-administration.xml:256(para)
10062
10088
msgid ""
10063
10089
"Prior to configuring <application>puppet</application> you may want to add a "
10064
10090
"DNS <emphasis>CNAME</emphasis> record for "
10069
10095
"linkend=\"dns\"/> for more DNS details."
10070
10096
msgstr ""
10071
10097
10072
#: serverguide/C/remote-administration.xml:243(para)
10098
#: serverguide/C/remote-administration.xml:263(para)
10073
10099
msgid ""
10074
10100
"If you do not wish to use DNS, you can add entries to the server and client "
10075
10101
"<filename>/etc/hosts</filename> file. For example, in the "
10085
10111
"192.168.1.17 puppetclient.example.com puppetclient\n"
10086
10112
msgstr ""
10087
10113
10088
#: serverguide/C/remote-administration.xml:253(para)
10114
#: serverguide/C/remote-administration.xml:273(para)
10089
10115
msgid ""
10090
10116
"On each <application>Puppet</application> client, add an entry for the "
10091
10117
"server:"
10098
10124
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10099
10125
msgstr ""
10100
10126
10101
#: serverguide/C/remote-administration.xml:262(para)
10127
#: serverguide/C/remote-administration.xml:282(para)
10102
10128
msgid ""
10103
10129
"Replace the example IP addresses and domain names above with your actual "
10104
10130
"server and client addresses and domain names."
10105
10131
msgstr ""
10106
10132
10107
#: serverguide/C/remote-administration.xml:271(para)
10133
#: serverguide/C/remote-administration.xml:236(para)
10108
10134
msgid ""
10109
10135
"To install <application>Puppet</application>, in a terminal on the "
10110
10136
"<emphasis>server</emphasis> enter:"
10111
10137
msgstr ""
10112
10138
10113
#: serverguide/C/remote-administration.xml:276(command)
10139
#: serverguide/C/remote-administration.xml:241(command)
10114
10140
msgid "sudo apt-get install puppetmaster"
10115
10141
msgstr ""
10116
10142
10117
#: serverguide/C/remote-administration.xml:279(para)
10143
#: serverguide/C/remote-administration.xml:244(para)
10118
10144
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10119
10145
msgstr ""
10120
10146
10121
#: serverguide/C/remote-administration.xml:284(command)
10147
#: serverguide/C/remote-administration.xml:249(command)
10122
10148
msgid "sudo apt-get install puppet"
10123
10149
msgstr ""
10124
10150
10175
10201
"<application>Puppet</application> client's host name."
10176
10202
msgstr ""
10177
10203
10178
#: serverguide/C/remote-administration.xml:337(para)
10204
#: serverguide/C/remote-administration.xml:323(para)
10179
10205
msgid ""
10180
10206
"The final step for this simple <application>Puppet</application> server is "
10181
10207
"to restart the daemon:"
10185
10211
msgid "sudo service puppetmaster restart"
10186
10212
msgstr ""
10187
10213
10188
#: serverguide/C/remote-administration.xml:345(para)
10214
#: serverguide/C/remote-administration.xml:331(para)
10189
10215
msgid ""
10190
10216
"Now everything is configured on the <application>Puppet</application> "
10191
10217
"server, it is time to configure the client."
10198
10224
"<emphasis>START</emphasis> to yes:"
10199
10225
msgstr ""
10200
10226
10201
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10227
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10202
10228
#, no-wrap
10203
10229
msgid ""
10204
10230
"\n"
10205
10231
"START=yes\n"
10206
10232
msgstr ""
10207
10233
10208
#: serverguide/C/remote-administration.xml:358(para)
10234
#: serverguide/C/remote-administration.xml:344(para)
10209
10235
msgid "Then start the service:"
10210
10236
msgstr ""
10211
10237
10260
10286
"<application>Puppet</application> client."
10261
10287
msgstr ""
10262
10288
10263
#: serverguide/C/remote-administration.xml:406(para)
10289
#: serverguide/C/remote-administration.xml:366(para)
10264
10290
msgid ""
10265
10291
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10266
10292
"many of <application>Puppet</application>'s features and benefits. For more "
10267
10293
"information see <xref linkend=\"puppet-resources\"/>."
10268
10294
msgstr ""
10269
10295
10270
#: serverguide/C/remote-administration.xml:418(para)
10296
#: serverguide/C/remote-administration.xml:378(para)
10271
10297
msgid ""
10272
10298
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10273
10299
"Documentation</ulink> web site."
10279
10305
"online repository of puppet modules."
10280
10306
msgstr ""
10281
10307
10282
#: serverguide/C/remote-administration.xml:428(para)
10308
#: serverguide/C/remote-administration.xml:383(para)
10283
10309
msgid ""
10284
10310
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10285
10311
"Puppet</ulink>."
10286
10312
msgstr ""
10287
10313
10288
#: serverguide/C/remote-administration.xml:437(title)
10314
#: serverguide/C/remote-administration.xml:397(title)
10289
10315
msgid "Zentyal"
10290
10316
msgstr ""
10291
10317
10292
#: serverguide/C/remote-administration.xml:439(para)
10318
#: serverguide/C/remote-administration.xml:399(para)
10293
10319
msgid ""
10294
10320
"<application>Zentyal</application> is a Linux small business server, that "
10295
10321
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10316
10342
"them."
10317
10343
msgstr ""
10318
10344
10319
#: serverguide/C/remote-administration.xml:467(para)
10345
#: serverguide/C/remote-administration.xml:427(para)
10320
10346
msgid ""
10321
10347
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10322
10348
"available are:"
10323
10349
msgstr ""
10324
10350
10325
#: serverguide/C/remote-administration.xml:474(para)
10351
#: serverguide/C/remote-administration.xml:434(para)
10326
10352
msgid ""
10327
10353
"zentyal-core & zentyal-common: the core of the "
10328
10354
"<application>Zentyal</application> interface and the common libraries of the "
10330
10356
"administrator an interface to view the logs and generate events from them."
10331
10357
msgstr ""
10332
10358
10333
#: serverguide/C/remote-administration.xml:483(para)
10359
#: serverguide/C/remote-administration.xml:443(para)
10334
10360
msgid ""
10335
10361
"zentyal-network: manages the configuration of the network. From the "
10336
10362
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10345
10371
"services (e.g. HTTP instead of 80/TCP)."
10346
10372
msgstr ""
10347
10373
10348
#: serverguide/C/remote-administration.xml:498(para)
10374
#: serverguide/C/remote-administration.xml:458(para)
10349
10375
msgid ""
10350
10376
"zentyal-firewall: configures the <application>iptables</application> rules "
10351
10377
"to block forbiden connections, NAT and port redirections."
10352
10378
msgstr ""
10353
10379
10354
#: serverguide/C/remote-administration.xml:504(para)
10380
#: serverguide/C/remote-administration.xml:464(para)
10355
10381
msgid ""
10356
10382
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10357
10383
"network clients to synchronize their clocks against the server."
10358
10384
msgstr ""
10359
10385
10360
#: serverguide/C/remote-administration.xml:510(para)
10386
#: serverguide/C/remote-administration.xml:470(para)
10361
10387
msgid ""
10362
10388
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10363
10389
"supporting network ranges, static leases and other advanced options like "
10364
10390
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10365
10391
msgstr ""
10366
10392
10367
#: serverguide/C/remote-administration.xml:517(para)
10393
#: serverguide/C/remote-administration.xml:477(para)
10368
10394
msgid ""
10369
10395
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10370
10396
"your server for caching local queries as a forwarder or as an authoritative "
10372
10398
"and SRV records."
10373
10399
msgstr ""
10374
10400
10375
#: serverguide/C/remote-administration.xml:525(para)
10401
#: serverguide/C/remote-administration.xml:485(para)
10376
10402
msgid ""
10377
10403
"zentyal-ca: integrates the management of a Certification Authority within "
10378
10404
"Zentyal so users can use certificates to authenticate against the services, "
10379
10405
"like with <application>OpenVPN</application>."
10380
10406
msgstr ""
10381
10407
10382
#: serverguide/C/remote-administration.xml:532(para)
10408
#: serverguide/C/remote-administration.xml:492(para)
10383
10409
msgid ""
10384
10410
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10385
10411
"<application>OpenVPN</application> with dynamic routing configuration using "
10386
10412
"<application>Quagga</application>."
10387
10413
msgstr ""
10388
10414
10389
#: serverguide/C/remote-administration.xml:539(para)
10415
#: serverguide/C/remote-administration.xml:499(para)
10390
10416
msgid ""
10391
10417
"zentyal-users: provides an interface to configure and manage users and "
10392
10418
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10395
10421
"<application>Microsoft Active Directory</application> domain."
10396
10422
msgstr ""
10397
10423
10398
#: serverguide/C/remote-administration.xml:549(para)
10424
#: serverguide/C/remote-administration.xml:509(para)
10399
10425
msgid ""
10400
10426
"zentyal-squid: configures <application>Squid</application> and "
10401
10427
"<application>Dansguardian</application> for speeding up browsing thanks to "
10402
10428
"the caching capabilities and content filtering."
10403
10429
msgstr ""
10404
10430
10405
#: serverguide/C/remote-administration.xml:556(para)
10431
#: serverguide/C/remote-administration.xml:516(para)
10406
10432
msgid ""
10407
10433
"zentyal-samba: allows <application>Samba</application> configuration and "
10408
10434
"integration with existing LDAP. From the same interface you can define "
10409
10435
"password policies, create shared resources and assign permissions."
10410
10436
msgstr ""
10411
10437
10412
#: serverguide/C/remote-administration.xml:564(para)
10438
#: serverguide/C/remote-administration.xml:524(para)
10413
10439
msgid ""
10414
10440
"zentyal-printers: integrates <application>CUPS</application> with "
10415
10441
"<application>Samba</application> and allows not only to configure the "
10416
10442
"printers but also give them permissions based on LDAP users and groups."
10417
10443
msgstr ""
10418
10444
10419
#: serverguide/C/remote-administration.xml:573(para)
10445
#: serverguide/C/remote-administration.xml:533(para)
10420
10446
msgid ""
10421
10447
"To install <application>Zentyal</application>, in a terminal on the "
10422
10448
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10423
10449
"the modules from the previous list):"
10424
10450
msgstr ""
10425
10451
10426
#: serverguide/C/remote-administration.xml:580(command)
10452
#: serverguide/C/remote-administration.xml:540(command)
10427
10453
msgid "sudo apt-get install <zentyal-module>"
10428
10454
msgstr ""
10429
10455
10430
#: serverguide/C/remote-administration.xml:584(para)
10456
#: serverguide/C/remote-administration.xml:544(para)
10431
10457
msgid ""
10432
10458
"<application>Zentyal</application> publishes one major stable release once a "
10433
10459
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10447
10473
"Personal Package Archive (PPA)</ulink>."
10448
10474
msgstr ""
10449
10475
10450
#: serverguide/C/remote-administration.xml:606(para)
10476
#: serverguide/C/remote-administration.xml:566(para)
10451
10477
msgid ""
10452
10478
"Not present on Ubuntu Universe repositories, but on <ulink "
10453
10479
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10454
10480
"find these other modules:"
10455
10481
msgstr ""
10456
10482
10457
#: serverguide/C/remote-administration.xml:613(para)
10483
#: serverguide/C/remote-administration.xml:573(para)
10458
10484
msgid ""
10459
10485
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10460
10486
"with other modules like the proxy, file sharing or mailfilter."
10461
10487
msgstr ""
10462
10488
10463
#: serverguide/C/remote-administration.xml:620(para)
10489
#: serverguide/C/remote-administration.xml:580(para)
10464
10490
msgid ""
10465
10491
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10466
10492
"a simple PBX with LDAP based authentication."
10467
10493
msgstr ""
10468
10494
10469
#: serverguide/C/remote-administration.xml:626(para)
10495
#: serverguide/C/remote-administration.xml:586(para)
10470
10496
msgid ""
10471
10497
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10472
10498
msgstr ""
10473
10499
10474
#: serverguide/C/remote-administration.xml:632(para)
10500
#: serverguide/C/remote-administration.xml:592(para)
10475
10501
msgid ""
10476
10502
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10477
10503
"LDAP users and groups."
10478
10504
msgstr ""
10479
10505
10480
#: serverguide/C/remote-administration.xml:638(para)
10506
#: serverguide/C/remote-administration.xml:598(para)
10481
10507
msgid ""
10482
10508
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10483
10509
"popular <application>duplicity</application> backup tool."
10484
10510
msgstr ""
10485
10511
10486
#: serverguide/C/remote-administration.xml:644(para)
10512
#: serverguide/C/remote-administration.xml:604(para)
10487
10513
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10488
10514
msgstr ""
10489
10515
10490
#: serverguide/C/remote-administration.xml:649(para)
10516
#: serverguide/C/remote-administration.xml:609(para)
10491
10517
msgid "zentyal-ids: integrates a network intrusion detection system."
10492
10518
msgstr ""
10493
10519
10494
#: serverguide/C/remote-administration.xml:654(para)
10520
#: serverguide/C/remote-administration.xml:614(para)
10495
10521
msgid ""
10496
10522
"zentyal-ipsec: allows to configure IPsec tunnels using "
10497
10523
"<application>OpenSwan</application>."
10498
10524
msgstr ""
10499
10525
10500
#: serverguide/C/remote-administration.xml:660(para)
10526
#: serverguide/C/remote-administration.xml:620(para)
10501
10527
msgid ""
10502
10528
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10503
10529
"with LDAP users and groups."
10504
10530
msgstr ""
10505
10531
10506
#: serverguide/C/remote-administration.xml:666(para)
10532
#: serverguide/C/remote-administration.xml:626(para)
10507
10533
msgid ""
10508
10534
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10509
10535
"solution."
10510
10536
msgstr ""
10511
10537
10512
#: serverguide/C/remote-administration.xml:672(para)
10538
#: serverguide/C/remote-administration.xml:632(para)
10513
10539
msgid ""
10514
10540
"zentyal-mail: a full mail stack including <application>Postfix "
10515
10541
"</application> and <application>Dovecot</application> with LDAP backend."
10516
10542
msgstr ""
10517
10543
10518
#: serverguide/C/remote-administration.xml:679(para)
10544
#: serverguide/C/remote-administration.xml:639(para)
10519
10545
msgid ""
10520
10546
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10521
10547
"stack to filter spam and attached virus."
10522
10548
msgstr ""
10523
10549
10524
#: serverguide/C/remote-administration.xml:685(para)
10550
#: serverguide/C/remote-administration.xml:645(para)
10525
10551
msgid ""
10526
10552
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10527
10553
"server performance and running services."
10528
10554
msgstr ""
10529
10555
10530
#: serverguide/C/remote-administration.xml:691(para)
10556
#: serverguide/C/remote-administration.xml:651(para)
10531
10557
msgid ""
10532
10558
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10533
10559
msgstr ""
10534
10560
10535
#: serverguide/C/remote-administration.xml:696(para)
10561
#: serverguide/C/remote-administration.xml:656(para)
10536
10562
msgid ""
10537
10563
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10538
10564
"users and groups."
10539
10565
msgstr ""
10540
10566
10541
#: serverguide/C/remote-administration.xml:702(para)
10567
#: serverguide/C/remote-administration.xml:662(para)
10542
10568
msgid ""
10543
10569
"zentyal-software: simple interface to manage installed "
10544
10570
"<application>Zentyal</application> modules and system updates."
10545
10571
msgstr ""
10546
10572
10547
#: serverguide/C/remote-administration.xml:708(para)
10573
#: serverguide/C/remote-administration.xml:668(para)
10548
10574
msgid ""
10549
10575
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10550
10576
"throttling and improve latency."
10551
10577
msgstr ""
10552
10578
10553
#: serverguide/C/remote-administration.xml:714(para)
10579
#: serverguide/C/remote-administration.xml:674(para)
10554
10580
msgid ""
10555
10581
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10556
10582
"web browser."
10557
10583
msgstr ""
10558
10584
10559
#: serverguide/C/remote-administration.xml:720(para)
10585
#: serverguide/C/remote-administration.xml:680(para)
10560
10586
msgid ""
10561
10587
"zentyal-virt: simple interface to create and manage virtual machines based "
10562
10588
"on <application>libvirt</application>."
10563
10589
msgstr ""
10564
10590
10565
#: serverguide/C/remote-administration.xml:726(para)
10591
#: serverguide/C/remote-administration.xml:686(para)
10566
10592
msgid ""
10567
10593
"zentyal-webmail: allows to access your mail using the popular "
10568
10594
"<application>Roundcube</application> webmail."
10569
10595
msgstr ""
10570
10596
10571
#: serverguide/C/remote-administration.xml:732(para)
10597
#: serverguide/C/remote-administration.xml:692(para)
10572
10598
msgid ""
10573
10599
"zentyal-webserver: configures <application>Apache</application> webserver to "
10574
10600
"host different sites on your machine."
10575
10601
msgstr ""
10576
10602
10577
#: serverguide/C/remote-administration.xml:738(para)
10603
#: serverguide/C/remote-administration.xml:698(para)
10578
10604
msgid ""
10579
10605
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10580
10606
"with <application>Zentyal</application> mail stack and LDAP."
10581
10607
msgstr ""
10582
10608
10583
#: serverguide/C/remote-administration.xml:750(title)
10609
#: serverguide/C/remote-administration.xml:710(title)
10584
10610
msgid "First steps"
10585
10611
msgstr ""
10586
10612
10587
#: serverguide/C/remote-administration.xml:752(para)
10613
#: serverguide/C/remote-administration.xml:712(para)
10588
10614
msgid ""
10589
10615
"Any system account belonging to the sudo group is allowed to log into "
10590
10616
"<application>Zentyal</application> web interface. If you are using the user "
10591
10617
"created during the installation, this should be in the sudo group by default."
10592
10618
msgstr ""
10593
10619
10594
#: serverguide/C/remote-administration.xml:760(para)
10620
#: serverguide/C/remote-administration.xml:720(para)
10595
10621
msgid "If you need to add another user to the sudo group, just execute:"
10596
10622
msgstr ""
10597
10623
10598
#: serverguide/C/remote-administration.xml:765(command)
10624
#: serverguide/C/remote-administration.xml:725(command)
10599
10625
msgid "sudo adduser username sudo"
10600
10626
msgstr ""
10601
10627
10602
#: serverguide/C/remote-administration.xml:769(para)
10628
#: serverguide/C/remote-administration.xml:729(para)
10603
10629
msgid ""
10604
10630
"To access <application>Zentyal</application> web interface, browse into "
10605
10631
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10607
10633
"exception on your browser."
10608
10634
msgstr ""
10609
10635
10610
#: serverguide/C/remote-administration.xml:776(para)
10636
#: serverguide/C/remote-administration.xml:736(para)
10611
10637
msgid ""
10612
10638
"Once logged in you will see the dashboard with an overview of your server. "
10613
10639
"To configure any of the features of your installed modules, go to the "
10621
10647
"files."
10622
10648
msgstr ""
10623
10649
10624
#: serverguide/C/remote-administration.xml:790(para)
10650
#: serverguide/C/remote-administration.xml:750(para)
10625
10651
msgid ""
10626
10652
"If you need to customize any configuration file or run certain actions "
10627
10653
"(scripts or commands) to configure features not available on "
10630
10656
"/etc/zentyal/hooks/<module>.<action>."
10631
10657
msgstr ""
10632
10658
10633
#: serverguide/C/remote-administration.xml:803(para)
10659
#: serverguide/C/remote-administration.xml:763(para)
10634
10660
msgid ""
10635
10661
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10636
10662
"</ulink> page."
10637
10663
msgstr ""
10638
10664
10639
#: serverguide/C/remote-administration.xml:807(para)
10665
#: serverguide/C/remote-administration.xml:767(para)
10640
10666
msgid ""
10641
10667
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10642
10668
"Community Documentation</ulink> page."
10643
10669
msgstr ""
10644
10670
10645
#: serverguide/C/remote-administration.xml:811(para)
10671
#: serverguide/C/remote-administration.xml:771(para)
10646
10672
msgid ""
10647
10673
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10648
10674
"</ulink> for community support, feedback, feature requests, etc."
11010
11036
"menu."
11011
11037
msgstr ""
11012
11038
11013
#: serverguide/C/package-management.xml:263(para)
11039
#: serverguide/C/package-management.xml:246(para)
11014
11040
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11015
11041
msgstr ""
11016
11042
11017
#: serverguide/C/package-management.xml:268(para)
11043
#: serverguide/C/package-management.xml:251(para)
11018
11044
msgid ""
11019
11045
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11020
11046
"configuration remains on system"
11021
11047
msgstr ""
11022
11048
11023
#: serverguide/C/package-management.xml:272(para)
11049
#: serverguide/C/package-management.xml:255(para)
11024
11050
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11025
11051
msgstr ""
11026
11052
11027
#: serverguide/C/package-management.xml:276(para)
11053
#: serverguide/C/package-management.xml:259(para)
11028
11054
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11029
11055
msgstr ""
11030
11056
11031
#: serverguide/C/package-management.xml:280(para)
11057
#: serverguide/C/package-management.xml:263(para)
11032
11058
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11033
11059
msgstr ""
11034
11060
11035
#: serverguide/C/package-management.xml:284(para)
11061
#: serverguide/C/package-management.xml:267(para)
11036
11062
msgid ""
11037
11063
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11038
11064
"configured"
11039
11065
msgstr ""
11040
11066
11041
#: serverguide/C/package-management.xml:288(para)
11067
#: serverguide/C/package-management.xml:271(para)
11042
11068
msgid ""
11043
11069
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11044
11070
"and requires fix"
11045
11071
msgstr ""
11046
11072
11047
#: serverguide/C/package-management.xml:292(para)
11073
#: serverguide/C/package-management.xml:275(para)
11048
11074
msgid ""
11049
11075
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11050
11076
"requires fix"
11051
11077
msgstr ""
11052
11078
11053
#: serverguide/C/package-management.xml:260(para)
11079
#: serverguide/C/package-management.xml:243(para)
11054
11080
msgid ""
11055
11081
"The first column of information displayed in the package list in the top "
11056
11082
"pane, when actually viewing packages lists the current state of the package, "
11058
11084
"<placeholder-1/>"
11059
11085
msgstr ""
11060
11086
11061
#: serverguide/C/package-management.xml:298(para)
11087
#: serverguide/C/package-management.xml:281(para)
11062
11088
msgid ""
11063
11089
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11064
11090
"wish to exit. Many other functions are available from the Aptitude menu by "
11065
11091
"pressing the <keycap>F10</keycap> key."
11066
11092
msgstr ""
11067
11093
11068
#: serverguide/C/package-management.xml:301(title)
11094
#: serverguide/C/package-management.xml:284(title)
11069
11095
msgid "Command Line Aptitude"
11070
11096
msgstr ""
11071
11097
11072
#: serverguide/C/package-management.xml:302(para)
11098
#: serverguide/C/package-management.xml:285(para)
11073
11099
msgid ""
11074
11100
"You can also use <application>Aptitude</application> as a command-line tool, "
11075
11101
"similar to <application>apt-get</application>. To install the "
11083
11109
"of command line options for <application>Aptitude</application>."
11084
11110
msgstr ""
11085
11111
11086
#: serverguide/C/package-management.xml:315(title)
11112
#: serverguide/C/package-management.xml:298(title)
11087
11113
msgid "Automatic Updates"
11088
11114
msgstr ""
11089
11115
11090
#: serverguide/C/package-management.xml:317(para)
11116
#: serverguide/C/package-management.xml:300(para)
11091
11117
msgid ""
11092
11118
"The <application>unattended-upgrades</application> package can be used to "
11093
11119
"automatically install updated packages, and can be configured to update all "
11095
11121
"entering the following in a terminal:"
11096
11122
msgstr ""
11097
11123
11098
#: serverguide/C/package-management.xml:323(command)
11124
#: serverguide/C/package-management.xml:306(command)
11099
11125
msgid "sudo apt-get install unattended-upgrades"
11100
11126
msgstr ""
11101
11127
11102
#: serverguide/C/package-management.xml:326(para)
11128
#: serverguide/C/package-management.xml:309(para)
11103
11129
msgid ""
11104
11130
"To configure <application>unattended-upgrades</application>, edit "
11105
11131
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11116
11142
"};\n"
11117
11143
msgstr ""
11118
11144
11119
#: serverguide/C/package-management.xml:338(para)
11145
#: serverguide/C/package-management.xml:321(para)
11120
11146
msgid ""
11121
11147
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11122
11148
"will not be automatically updated. To blacklist a package, add it to the "
11123
11149
"list:"
11124
11150
msgstr ""
11125
11151
11126
#: serverguide/C/package-management.xml:343(programlisting)
11152
#: serverguide/C/package-management.xml:326(programlisting)
11127
11153
#, no-wrap
11128
11154
msgid ""
11129
11155
"\n"
11135
11161
"};\n"
11136
11162
msgstr ""
11137
11163
11138
#: serverguide/C/package-management.xml:353(para)
11164
#: serverguide/C/package-management.xml:336(para)
11139
11165
msgid ""
11140
11166
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11141
11167
"whatever follows \"//\" will not be evaluated."
11142
11168
msgstr ""
11143
11169
11144
#: serverguide/C/package-management.xml:358(para)
11170
#: serverguide/C/package-management.xml:341(para)
11145
11171
msgid ""
11146
11172
"To enable automatic updates, edit "
11147
11173
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11148
11174
"<application>apt</application> configuration options:"
11149
11175
msgstr ""
11150
11176
11151
#: serverguide/C/package-management.xml:362(programlisting)
11177
#: serverguide/C/package-management.xml:345(programlisting)
11152
11178
#, no-wrap
11153
11179
msgid ""
11154
11180
"\n"
11158
11184
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11159
11185
msgstr ""
11160
11186
11161
#: serverguide/C/package-management.xml:369(para)
11187
#: serverguide/C/package-management.xml:352(para)
11162
11188
msgid ""
11163
11189
"The above configuration updates the package list, downloads, and installs "
11164
11190
"available upgrades every day. The local download archive is cleaned every "
11165
11191
"week."
11166
11192
msgstr ""
11167
11193
11168
#: serverguide/C/package-management.xml:375(para)
11194
#: serverguide/C/package-management.xml:358(para)
11169
11195
msgid ""
11170
11196
"You can read more about <application>apt</application> Periodic "
11171
11197
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11172
11198
"header."
11173
11199
msgstr ""
11174
11200
11175
#: serverguide/C/package-management.xml:380(para)
11201
#: serverguide/C/package-management.xml:363(para)
11176
11202
msgid ""
11177
11203
"The results of <application>unattended-upgrades</application> will be logged "
11178
11204
"to <filename>/var/log/unattended-upgrades</filename>."
11179
11205
msgstr ""
11180
11206
11181
#: serverguide/C/package-management.xml:385(title)
11207
#: serverguide/C/package-management.xml:368(title)
11182
11208
msgid "Notifications"
11183
11209
msgstr ""
11184
11210
11185
#: serverguide/C/package-management.xml:387(para)
11211
#: serverguide/C/package-management.xml:370(para)
11186
11212
msgid ""
11187
11213
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11188
11214
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11190
11216
"detailing any packages that need upgrading or have problems."
11191
11217
msgstr ""
11192
11218
11193
#: serverguide/C/package-management.xml:392(para)
11219
#: serverguide/C/package-management.xml:375(para)
11194
11220
msgid ""
11195
11221
"Another useful package is <application>apticron</application>. "
11196
11222
"<application>apticron</application> will configure a "
11199
11225
"summary of changes in each package."
11200
11226
msgstr ""
11201
11227
11202
#: serverguide/C/package-management.xml:398(para)
11228
#: serverguide/C/package-management.xml:381(para)
11203
11229
msgid ""
11204
11230
"To install the <application>apticron</application> package, in a terminal "
11205
11231
"enter:"
11206
11232
msgstr ""
11207
11233
11208
#: serverguide/C/package-management.xml:403(command)
11234
#: serverguide/C/package-management.xml:386(command)
11209
11235
msgid "sudo apt-get install apticron"
11210
11236
msgstr ""
11211
11237
11212
#: serverguide/C/package-management.xml:406(para)
11238
#: serverguide/C/package-management.xml:389(para)
11213
11239
msgid ""
11214
11240
"Once the package is installed edit "
11215
11241
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11216
11242
"and other options:"
11217
11243
msgstr ""
11218
11244
11219
#: serverguide/C/package-management.xml:410(programlisting)
11245
#: serverguide/C/package-management.xml:393(programlisting)
11220
11246
#, no-wrap
11221
11247
msgid ""
11222
11248
"\n"
11223
11249
"EMAIL=\"root@example.com\"\n"
11224
11250
msgstr ""
11225
11251
11226
#: serverguide/C/package-management.xml:419(para)
11252
#: serverguide/C/package-management.xml:402(para)
11227
11253
msgid ""
11228
11254
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11229
11255
"system repositories is stored in the "
11233
11259
"repository references from the file."
11234
11260
msgstr ""
11235
11261
11236
#: serverguide/C/package-management.xml:424(para)
11262
#: serverguide/C/package-management.xml:411(para)
11237
11263
msgid ""
11238
11264
"You may edit the file to enable repositories or disable them. For example, "
11239
11265
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11250
11276
"main restricted\n"
11251
11277
msgstr ""
11252
11278
11253
#: serverguide/C/package-management.xml:435(title)
11279
#: serverguide/C/package-management.xml:422(title)
11254
11280
msgid "Extra Repositories"
11255
11281
msgstr ""
11256
11282
11257
#: serverguide/C/package-management.xml:436(para)
11283
#: serverguide/C/package-management.xml:423(para)
11258
11284
msgid ""
11259
11285
"In addition to the officially supported package repositories available for "
11260
11286
"Ubuntu, there exist additional community-maintained repositories which add "
11265
11291
"which are safe for use with your Ubuntu computer."
11266
11292
msgstr ""
11267
11293
11268
#: serverguide/C/package-management.xml:439(para)
11294
#: serverguide/C/package-management.xml:426(para)
11269
11295
msgid ""
11270
11296
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11271
11297
"licensing issues that prevent them from being distributed with a free "
11272
11298
"operating system, and they may be illegal in your locality."
11273
11299
msgstr ""
11274
11300
11275
#: serverguide/C/package-management.xml:441(para)
11301
#: serverguide/C/package-management.xml:428(para)
11276
11302
msgid ""
11277
11303
"Be advised that neither the <emphasis>Universe</emphasis> or "
11278
11304
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11280
11306
"packages."
11281
11307
msgstr ""
11282
11308
11283
#: serverguide/C/package-management.xml:445(para)
11309
#: serverguide/C/package-management.xml:432(para)
11284
11310
msgid ""
11285
11311
"Many other package sources are available, sometimes even offering only one "
11286
11312
"package, as in the case of package sources provided by the developer of a "
11291
11317
"functional in some respects."
11292
11318
msgstr ""
11293
11319
11294
#: serverguide/C/package-management.xml:448(para)
11320
#: serverguide/C/package-management.xml:435(para)
11295
11321
msgid ""
11296
11322
"By default, the <emphasis>Universe</emphasis> and "
11297
11323
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11322
11348
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11323
11349
msgstr ""
11324
11350
11325
#: serverguide/C/package-management.xml:481(para)
11351
#: serverguide/C/package-management.xml:468(para)
11326
11352
msgid ""
11327
11353
"Most of the material covered in this chapter is available in "
11328
11354
"<application>man</application> pages, many of which are available online."
11329
11355
msgstr ""
11330
11356
11331
#: serverguide/C/package-management.xml:488(para)
11357
#: serverguide/C/package-management.xml:475(para)
11332
11358
msgid ""
11333
11359
"The <ulink "
11334
11360
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11358
11384
"ude man page</ulink> for more <application>aptitude</application> options."
11359
11385
msgstr ""
11360
11386
11361
#: serverguide/C/package-management.xml:512(para)
11387
#: serverguide/C/package-management.xml:499(para)
11362
11388
msgid ""
11363
11389
"The <ulink "
11364
11390
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11425
11451
"reboots (e.g.: after a kernel upgrade)."
11426
11452
msgstr ""
11427
11453
11428
#: serverguide/C/other-apps.xml:61(para)
11454
#: serverguide/C/other-apps.xml:44(para)
11429
11455
msgid ""
11430
11456
"<application>pam_motd</application> executes the scripts in "
11431
11457
"<filename>/etc/update-motd.d</filename> in order based on the number "
11434
11460
"concatenated with <filename>/etc/motd.tail</filename>."
11435
11461
msgstr ""
11436
11462
11437
#: serverguide/C/other-apps.xml:67(para)
11463
#: serverguide/C/other-apps.xml:50(para)
11438
11464
msgid ""
11439
11465
"You can add your own dynamic information to the MOTD. For example, to add "
11440
11466
"local weather information:"
11441
11467
msgstr ""
11442
11468
11443
#: serverguide/C/other-apps.xml:73(para)
11469
#: serverguide/C/other-apps.xml:56(para)
11444
11470
msgid "First, install the <application>weather-util</application> package:"
11445
11471
msgstr ""
11446
11472
11447
#: serverguide/C/other-apps.xml:78(command)
11473
#: serverguide/C/other-apps.xml:61(command)
11448
11474
msgid "sudo apt-get install weather-util"
11449
11475
msgstr ""
11450
11476
11451
#: serverguide/C/other-apps.xml:83(para)
11477
#: serverguide/C/other-apps.xml:66(para)
11452
11478
msgid ""
11453
11479
"The <application>weather</application> utility uses METAR data from the "
11454
11480
"National Oceanic and Atmospheric Administration and forecasts from the "
11458
11484
"Weather Service</ulink> site."
11459
11485
msgstr ""
11460
11486
11461
#: serverguide/C/other-apps.xml:90(para)
11487
#: serverguide/C/other-apps.xml:73(para)
11462
11488
msgid ""
11463
11489
"Although the National Weather Service is a United States government agency "
11464
11490
"there are weather stations available world wide. However, local weather "
11465
11491
"information for all locations outside the U.S. may not be available."
11466
11492
msgstr ""
11467
11493
11468
#: serverguide/C/other-apps.xml:96(para)
11494
#: serverguide/C/other-apps.xml:79(para)
11469
11495
msgid ""
11470
11496
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11471
11497
"script to use <application>weather</application> with your local ICAO "
11472
11498
"indicator:"
11473
11499
msgstr ""
11474
11500
11475
#: serverguide/C/other-apps.xml:101(programlisting)
11501
#: serverguide/C/other-apps.xml:84(programlisting)
11476
11502
#, no-wrap
11477
11503
msgid ""
11478
11504
"\n"
11492
11518
"\n"
11493
11519
msgstr ""
11494
11520
11495
#: serverguide/C/other-apps.xml:119(para)
11521
#: serverguide/C/other-apps.xml:102(para)
11496
11522
msgid "Make the script executable:"
11497
11523
msgstr ""
11498
11524
11499
#: serverguide/C/other-apps.xml:124(command)
11525
#: serverguide/C/other-apps.xml:107(command)
11500
11526
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11501
11527
msgstr ""
11502
11528
11503
#: serverguide/C/other-apps.xml:128(para)
11529
#: serverguide/C/other-apps.xml:111(para)
11504
11530
msgid ""
11505
11531
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11506
11532
"weather</filename>:"
11507
11533
msgstr ""
11508
11534
11509
#: serverguide/C/other-apps.xml:133(command)
11535
#: serverguide/C/other-apps.xml:116(command)
11510
11536
msgid ""
11511
11537
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11512
11538
msgstr ""
11513
11539
11514
#: serverguide/C/other-apps.xml:137(para)
11540
#: serverguide/C/other-apps.xml:120(para)
11515
11541
msgid "Finally, exit the server and re-login to view the new MOTD."
11516
11542
msgstr ""
11517
11543
11518
#: serverguide/C/other-apps.xml:143(para)
11544
#: serverguide/C/other-apps.xml:126(para)
11519
11545
msgid ""
11520
11546
"You should now be greeted with some useful information, and some information "
11521
11547
"about the local weather that may not be quite so useful. Hopefully the "
11523
11549
"flexibility of <application>pam_motd</application>."
11524
11550
msgstr ""
11525
11551
11526
#: serverguide/C/other-apps.xml:151(title)
11552
#: serverguide/C/other-apps.xml:156(para)
11553
msgid ""
11554
"See the <ulink "
11555
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11556
"motd.5.html\">update-motd man page</ulink> for more options available to "
11557
"<application>update-motd</application>."
11558
msgstr ""
11559
11560
#: serverguide/C/other-apps.xml:338(para)
11561
msgid ""
11562
"The Debian Package of the Day <ulink "
11563
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11564
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11565
"details about using the <application>weather</application>utility."
11566
msgstr ""
11567
11568
#: serverguide/C/other-apps.xml:134(title)
11527
11569
msgid "etckeeper"
11528
11570
msgstr ""
11529
11571
11530
#: serverguide/C/other-apps.xml:153(para)
11572
#: serverguide/C/other-apps.xml:180(para)
11531
11573
msgid ""
11532
11574
"<application>etckeeper</application> allows the contents of <filename "
11533
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11534
"System (VCS) repository. It hooks into <application>apt</application> to "
11535
"automatically commit changes to <filename>/etc</filename> when packages are "
11575
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
11576
"(VCS) repository. It integrates with <application>APT</application> and "
11577
"automatically commits changes to <filename>/etc</filename> when packages are "
11536
11578
"installed or upgraded. Placing <filename>/etc</filename> under version "
11537
11579
"control is considered an industry best practice, and the goal of "
11538
11580
"<application>etckeeper</application> is to make this process as painless as "
11539
11581
"possible."
11540
11582
msgstr ""
11541
11583
11542
#: serverguide/C/other-apps.xml:161(para)
11584
#: serverguide/C/other-apps.xml:144(para)
11543
11585
msgid ""
11544
11586
"Install <application>etckeeper</application> by entering the following in a "
11545
11587
"terminal:"
11546
11588
msgstr ""
11547
11589
11548
#: serverguide/C/other-apps.xml:166(command)
11590
#: serverguide/C/other-apps.xml:149(command)
11549
11591
msgid "sudo apt-get install etckeeper"
11550
11592
msgstr ""
11551
11593
11552
#: serverguide/C/other-apps.xml:169(para)
11594
#: serverguide/C/other-apps.xml:196(para)
11553
11595
msgid ""
11554
11596
"The main configuration file, "
11555
11597
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11556
"main option is which VCS to use. By default "
11598
"main option is which VCS to use and by default "
11557
11599
"<application>etckeeper</application> is configured to use "
11558
"<application>bzr</application> for version control. The repository is "
11559
"automatically initialized (and committed for the first time) during package "
11560
"installation. It is possible to undo this by entering the following command:"
11600
"<application>Bazaar</application>. The repository is automatically "
11601
"initialized (and committed for the first time) during package installation. "
11602
"It is possible to undo this by entering the following command:"
11561
11603
msgstr ""
11562
11604
11563
#: serverguide/C/other-apps.xml:179(command)
11605
#: serverguide/C/other-apps.xml:162(command)
11564
11606
msgid "sudo etckeeper uninit"
11565
11607
msgstr ""
11566
11608
11567
#: serverguide/C/other-apps.xml:182(para)
11609
#: serverguide/C/other-apps.xml:165(para)
11568
11610
msgid ""
11569
11611
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11570
11612
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11573
11615
"commit your changes manually, together with a commit message, using:"
11574
11616
msgstr ""
11575
11617
11576
#: serverguide/C/other-apps.xml:191(command)
11618
#: serverguide/C/other-apps.xml:174(command)
11577
11619
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11578
11620
msgstr ""
11579
11621
11580
#: serverguide/C/other-apps.xml:194(para)
11581
msgid ""
11582
"Using the VCS commands you can view log information about files in "
11583
"<filename>/etc</filename>:"
11622
#: serverguide/C/other-apps.xml:217(para)
11623
msgid "Using bzr's VCS commands you can view log information:"
11584
11624
msgstr ""
11585
11625
11586
#: serverguide/C/other-apps.xml:199(command)
11626
#: serverguide/C/other-apps.xml:182(command)
11587
11627
msgid "sudo bzr log /etc/passwd"
11588
11628
msgstr ""
11589
11629
11590
#: serverguide/C/other-apps.xml:202(para)
11630
#: serverguide/C/other-apps.xml:225(para)
11591
11631
msgid ""
11592
"To demonstrate the integration with the package management system, install "
11593
"<application>postfix</application>:"
11632
"To demonstrate the integration with the package management system (APT), "
11633
"install <application>postfix</application>:"
11594
11634
msgstr ""
11595
11635
11596
#: serverguide/C/other-apps.xml:207(command) serverguide/C/mail.xml:43(command)
11636
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11597
11637
msgid "sudo apt-get install postfix"
11598
11638
msgstr ""
11599
11639
11600
#: serverguide/C/other-apps.xml:210(para)
11640
#: serverguide/C/other-apps.xml:193(para)
11601
11641
msgid ""
11602
11642
"When the installation is finished, all the "
11603
11643
"<application>postfix</application> configuration files should be committed "
11604
11644
"to the repository:"
11605
11645
msgstr ""
11606
11646
11607
#: serverguide/C/other-apps.xml:216(computeroutput)
11647
#: serverguide/C/other-apps.xml:199(computeroutput)
11608
11648
#, no-wrap
11609
11649
msgid ""
11610
11650
"Committing to: /etc/\n"
11647
11687
"Committed revision 2."
11648
11688
msgstr ""
11649
11689
11650
#: serverguide/C/other-apps.xml:256(para)
11690
#: serverguide/C/other-apps.xml:239(para)
11651
11691
msgid ""
11652
11692
"For an example of how <application>etckeeper</application> tracks manual "
11653
11693
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11654
11694
"<application>bzr</application> you can see which files have been modified:"
11655
11695
msgstr ""
11656
11696
11657
#: serverguide/C/other-apps.xml:262(command)
11697
#: serverguide/C/other-apps.xml:245(command)
11658
11698
msgid "sudo bzr status /etc/"
11659
11699
msgstr ""
11660
11700
11661
#: serverguide/C/other-apps.xml:263(computeroutput)
11701
#: serverguide/C/other-apps.xml:246(computeroutput)
11662
11702
#, no-wrap
11663
11703
msgid ""
11664
11704
"modified:\n"
11665
11705
" hosts"
11666
11706
msgstr ""
11667
11707
11668
#: serverguide/C/other-apps.xml:267(para)
11708
#: serverguide/C/other-apps.xml:250(para)
11669
11709
msgid "Now commit the changes:"
11670
11710
msgstr ""
11671
11711
11672
#: serverguide/C/other-apps.xml:272(command)
11673
msgid "sudo etckeeper commit \"new host\""
11712
#: serverguide/C/other-apps.xml:295(command)
11713
msgid "sudo etckeeper commit \"added new host\""
11674
11714
msgstr ""
11675
11715
11676
#: serverguide/C/other-apps.xml:275(para)
11716
#: serverguide/C/other-apps.xml:258(para)
11677
11717
msgid ""
11678
11718
"For more information on <application>bzr</application> see <xref "
11679
11719
"linkend=\"bazaar\"/>."
11680
11720
msgstr ""
11681
11721
11682
#: serverguide/C/other-apps.xml:281(title)
11722
#: serverguide/C/other-apps.xml:345(para)
11723
msgid ""
11724
"See the <ulink "
11725
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11726
"more details on using <application>etckeeper</application>."
11727
msgstr ""
11728
11729
#: serverguide/C/other-apps.xml:351(para)
11730
msgid ""
11731
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11732
"Ubuntu Wiki</ulink> page."
11733
msgstr ""
11734
11735
#: serverguide/C/other-apps.xml:356(para)
11736
msgid ""
11737
"For the latest news and information about <application>bzr</application> see "
11738
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11739
msgstr ""
11740
11741
#: serverguide/C/other-apps.xml:264(title)
11683
11742
msgid "Byobu"
11684
11743
msgstr ""
11685
11744
11686
#: serverguide/C/other-apps.xml:283(para)
11687
msgid ""
11688
"One of the most useful applications for any system administrator is "
11689
"<application>screen</application>. It allows the execution of multiple "
11690
"shells in one terminal. To make some of the advanced "
11691
"<application>screen</application> features more user friendly, and provide "
11692
"some useful information about the system, the "
11693
"<application>byobu</application> package was created."
11694
msgstr ""
11695
11696
#: serverguide/C/other-apps.xml:290(para)
11697
msgid ""
11698
"When executing <application>byobu</application> pressing the "
11699
"<emphasis>F9</emphasis> key will bring up the "
11700
"<application>Configuration</application> menu. This menu will allow you to:"
11701
msgstr ""
11702
11703
#: serverguide/C/other-apps.xml:296(para)
11745
#: serverguide/C/other-apps.xml:337(para)
11746
msgid ""
11747
"One of the most useful applications for any system administrator is an xterm "
11748
"multiplexor such as <application>screen</application> or "
11749
"<application>tmux</application>. It allows for the execution of multiple "
11750
"shells in one terminal. To make some of the advanced multiplexor features "
11751
"more user-friendly and provide some useful information about the system, the "
11752
"<application>byobu</application> package was created. It acts as a wrapper "
11753
"to these programs. By default Byobu uses tmux (if installed) but this can be "
11754
"changed by the user."
11755
msgstr ""
11756
11757
#: serverguide/C/other-apps.xml:344(para)
11758
msgid "Invoke it simply with:"
11759
msgstr ""
11760
11761
#: serverguide/C/other-apps.xml:349(command)
11762
msgid "byobu"
11763
msgstr ""
11764
11765
#: serverguide/C/other-apps.xml:352(para)
11766
msgid ""
11767
"Now bring up the configuration menu. By default this is done by pressing the "
11768
"<emphasis>F9</emphasis> key. This will allow you to:"
11769
msgstr ""
11770
11771
#: serverguide/C/other-apps.xml:279(para)
11704
11772
msgid "View the Help menu"
11705
11773
msgstr ""
11706
11774
11707
#: serverguide/C/other-apps.xml:297(para)
11775
#: serverguide/C/other-apps.xml:280(para)
11708
11776
msgid "Change Byobu's background color"
11709
11777
msgstr ""
11710
11778
11711
#: serverguide/C/other-apps.xml:298(para)
11779
#: serverguide/C/other-apps.xml:281(para)
11712
11780
msgid "Change Byobu's foreground color"
11713
11781
msgstr ""
11714
11782
11715
#: serverguide/C/other-apps.xml:299(para)
11783
#: serverguide/C/other-apps.xml:282(para)
11716
11784
msgid "Toggle status notifications"
11717
11785
msgstr ""
11718
11786
11719
#: serverguide/C/other-apps.xml:300(para)
11787
#: serverguide/C/other-apps.xml:283(para)
11720
11788
msgid "Change the key binding set"
11721
11789
msgstr ""
11722
11790
11723
#: serverguide/C/other-apps.xml:301(para)
11791
#: serverguide/C/other-apps.xml:284(para)
11724
11792
msgid "Change the escape sequence"
11725
11793
msgstr ""
11726
11794
11727
#: serverguide/C/other-apps.xml:302(para)
11795
#: serverguide/C/other-apps.xml:285(para)
11728
11796
msgid "Create new windows"
11729
11797
msgstr ""
11730
11798
11731
#: serverguide/C/other-apps.xml:303(para)
11799
#: serverguide/C/other-apps.xml:286(para)
11732
11800
msgid "Manage the default windows"
11733
11801
msgstr ""
11734
11802
11735
#: serverguide/C/other-apps.xml:304(para)
11803
#: serverguide/C/other-apps.xml:287(para)
11736
11804
msgid "Byobu currently does not launch at login (toggle on)"
11737
11805
msgstr ""
11738
11806
11739
#: serverguide/C/other-apps.xml:307(para)
11807
#: serverguide/C/other-apps.xml:290(para)
11740
11808
msgid ""
11741
11809
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11742
11810
"sequence, new window, change window, etc. There are two key binding sets to "
11745
11813
"<emphasis>none</emphasis> set."
11746
11814
msgstr ""
11747
11815
11748
#: serverguide/C/other-apps.xml:313(para)
11816
#: serverguide/C/other-apps.xml:296(para)
11749
11817
msgid ""
11750
11818
"<application>byobu</application> provides a menu which displays the Ubuntu "
11751
11819
"release, processor information, memory information, and the time and date. "
11752
11820
"The effect is similar to a desktop menu."
11753
11821
msgstr ""
11754
11822
11755
#: serverguide/C/other-apps.xml:318(para)
11823
#: serverguide/C/other-apps.xml:301(para)
11756
11824
msgid ""
11757
11825
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11758
11826
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11761
11829
"affect other users on the system."
11762
11830
msgstr ""
11763
11831
11764
#: serverguide/C/other-apps.xml:324(para)
11832
#: serverguide/C/other-apps.xml:307(para)
11765
11833
msgid ""
11766
11834
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11767
11835
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11769
11837
"commands. Here is a quick list of movement commands:"
11770
11838
msgstr ""
11771
11839
11772
#: serverguide/C/other-apps.xml:331(para)
11840
#: serverguide/C/other-apps.xml:314(para)
11773
11841
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11774
11842
msgstr ""
11775
11843
11776
#: serverguide/C/other-apps.xml:332(para)
11844
#: serverguide/C/other-apps.xml:315(para)
11777
11845
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11778
11846
msgstr ""
11779
11847
11780
#: serverguide/C/other-apps.xml:333(para)
11848
#: serverguide/C/other-apps.xml:316(para)
11781
11849
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11782
11850
msgstr ""
11783
11851
11784
#: serverguide/C/other-apps.xml:334(para)
11852
#: serverguide/C/other-apps.xml:317(para)
11785
11853
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11786
11854
msgstr ""
11787
11855
11788
#: serverguide/C/other-apps.xml:335(para)
11856
#: serverguide/C/other-apps.xml:318(para)
11789
11857
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11790
11858
msgstr ""
11791
11859
11792
#: serverguide/C/other-apps.xml:336(para)
11860
#: serverguide/C/other-apps.xml:319(para)
11793
11861
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11794
11862
msgstr ""
11795
11863
11796
#: serverguide/C/other-apps.xml:337(para)
11864
#: serverguide/C/other-apps.xml:320(para)
11797
11865
msgid ""
11798
11866
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11799
11867
"the buffer)"
11800
11868
msgstr ""
11801
11869
11802
#: serverguide/C/other-apps.xml:338(para)
11870
#: serverguide/C/other-apps.xml:321(para)
11803
11871
msgid "<emphasis>/</emphasis> - Search forward"
11804
11872
msgstr ""
11805
11873
11806
#: serverguide/C/other-apps.xml:339(para)
11874
#: serverguide/C/other-apps.xml:322(para)
11807
11875
msgid "<emphasis>?</emphasis> - Search backward"
11808
11876
msgstr ""
11809
11877
11810
#: serverguide/C/other-apps.xml:340(para)
11878
#: serverguide/C/other-apps.xml:401(para)
11811
11879
msgid ""
11812
11880
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11813
11881
msgstr ""
11814
11882
11815
#: serverguide/C/other-apps.xml:349(para)
11816
msgid ""
11817
"See the <ulink "
11818
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11819
"motd.5.html\">update-motd man page</ulink> for more options available to "
11820
"<application>update-motd</application>."
11821
msgstr ""
11822
11823
#: serverguide/C/other-apps.xml:355(para)
11824
msgid ""
11825
"The Debian Package of the Day <ulink "
11826
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11827
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11828
"details about using the <application>weather</application>utility."
11829
msgstr ""
11830
11831
#: serverguide/C/other-apps.xml:362(para)
11832
msgid ""
11833
"See the <ulink "
11834
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11835
"more details on using <application>etckeeper</application>."
11836
msgstr ""
11837
11838
#: serverguide/C/other-apps.xml:368(para)
11839
msgid ""
11840
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11841
"Ubuntu Wiki</ulink> page."
11842
msgstr ""
11843
11844
#: serverguide/C/other-apps.xml:373(para)
11845
msgid ""
11846
"For the latest news and information about <application>bzr</application> see "
11847
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11848
msgstr ""
11849
11850
#: serverguide/C/other-apps.xml:378(para)
11883
#: serverguide/C/other-apps.xml:361(para)
11851
11884
msgid ""
11852
11885
"For more information on <application>screen</application> see the <ulink "
11853
11886
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11854
11887
msgstr ""
11855
11888
11856
#: serverguide/C/other-apps.xml:383(para)
11889
#: serverguide/C/other-apps.xml:366(para)
11857
11890
msgid ""
11858
11891
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11859
11892
"screen</ulink> page."
11860
11893
msgstr ""
11861
11894
11862
#: serverguide/C/other-apps.xml:388(para)
11895
#: serverguide/C/other-apps.xml:371(para)
11863
11896
msgid ""
11864
11897
"Also, see the <application>byobu</application><ulink "
11865
11898
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11881
11914
"discussion of popular network protocols."
11882
11915
msgstr ""
11883
11916
11884
#: serverguide/C/network-config.xml:25(title)
11917
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
11885
11918
msgid "Network Configuration"
11886
11919
msgstr ""
11887
11920
12164
12197
"persistent way to do DNS client configuration is in a following section."
12165
12198
msgstr ""
12166
12199
12167
#: serverguide/C/network-config.xml:226(programlisting)
12200
#: serverguide/C/network-config.xml:224(programlisting)
12168
12201
#, no-wrap
12169
12202
msgid ""
12170
12203
"\n"
12172
12205
"nameserver 8.8.4.4\n"
12173
12206
msgstr ""
12174
12207
12175
#: serverguide/C/network-config.xml:230(para)
12208
#: serverguide/C/network-config.xml:228(para)
12176
12209
msgid ""
12177
12210
"If you no longer need this configuration and wish to purge all IP "
12178
12211
"configuration from an interface, you can use the "
12179
12212
"<application>ip</application> command with the flush option as shown below."
12180
12213
msgstr ""
12181
12214
12182
#: serverguide/C/network-config.xml:236(command)
12215
#: serverguide/C/network-config.xml:234(command)
12183
12216
msgid "ip addr flush eth0"
12184
12217
msgstr ""
12185
12218
12193
12226
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12194
12227
msgstr ""
12195
12228
12196
#: serverguide/C/network-config.xml:249(title)
12229
#: serverguide/C/network-config.xml:245(title)
12197
12230
msgid "Dynamic IP Address Assignment (DHCP Client)"
12198
12231
msgstr ""
12199
12232
12200
#: serverguide/C/network-config.xml:250(para)
12233
#: serverguide/C/network-config.xml:246(para)
12201
12234
msgid ""
12202
12235
"To configure your server to use DHCP for dynamic address assignment, add the "
12203
12236
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12207
12240
"role=\"italic\">eth0</emphasis>."
12208
12241
msgstr ""
12209
12242
12210
#: serverguide/C/network-config.xml:257(programlisting)
12243
#: serverguide/C/network-config.xml:253(programlisting)
12211
12244
#, no-wrap
12212
12245
msgid ""
12213
12246
"\n"
12215
12248
"iface eth0 inet dhcp\n"
12216
12249
msgstr ""
12217
12250
12218
#: serverguide/C/network-config.xml:261(para)
12251
#: serverguide/C/network-config.xml:257(para)
12219
12252
msgid ""
12220
12253
"By adding an interface configuration as shown above, you can manually enable "
12221
12254
"the interface through the <application>ifup</application> command which "
12222
12255
"initiates the DHCP process via <application>dhclient</application>."
12223
12256
msgstr ""
12224
12257
12225
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12258
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12226
12259
msgid "sudo ifup eth0"
12227
12260
msgstr ""
12228
12261
12229
#: serverguide/C/network-config.xml:269(para)
12262
#: serverguide/C/network-config.xml:265(para)
12230
12263
msgid ""
12231
12264
"To manually disable the interface, you can use the "
12232
12265
"<application>ifdown</application> command, which in turn will initiate the "
12233
12266
"DHCP release process and shut down the interface."
12234
12267
msgstr ""
12235
12268
12236
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12269
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12237
12270
msgid "sudo ifdown eth0"
12238
12271
msgstr ""
12239
12272
12240
#: serverguide/C/network-config.xml:280(title)
12273
#: serverguide/C/network-config.xml:276(title)
12241
12274
msgid "Static IP Address Assignment"
12242
12275
msgstr ""
12243
12276
12244
#: serverguide/C/network-config.xml:281(para)
12277
#: serverguide/C/network-config.xml:277(para)
12245
12278
msgid ""
12246
12279
"To configure your system to use a static IP address assignment, add the "
12247
12280
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12255
12288
"network."
12256
12289
msgstr ""
12257
12290
12258
#: serverguide/C/network-config.xml:290(programlisting)
12291
#: serverguide/C/network-config.xml:286(programlisting)
12259
12292
#, no-wrap
12260
12293
msgid ""
12261
12294
"\n"
12266
12299
"gateway 10.0.0.1\n"
12267
12300
msgstr ""
12268
12301
12269
#: serverguide/C/network-config.xml:297(para)
12302
#: serverguide/C/network-config.xml:293(para)
12270
12303
msgid ""
12271
12304
"By adding an interface configuration as shown above, you can manually enable "
12272
12305
"the interface through the <application>ifup</application> command."
12273
12306
msgstr ""
12274
12307
12275
#: serverguide/C/network-config.xml:304(para)
12308
#: serverguide/C/network-config.xml:300(para)
12276
12309
msgid ""
12277
12310
"To manually disable the interface, you can use the "
12278
12311
"<application>ifdown</application> command."
12279
12312
msgstr ""
12280
12313
12281
#: serverguide/C/network-config.xml:314(title)
12314
#: serverguide/C/network-config.xml:310(title)
12282
12315
msgid "Loopback Interface"
12283
12316
msgstr ""
12284
12317
12285
#: serverguide/C/network-config.xml:315(para)
12318
#: serverguide/C/network-config.xml:311(para)
12286
12319
msgid ""
12287
12320
"The loopback interface is identified by the system as <emphasis "
12288
12321
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12289
12322
"can be viewed using the ifconfig command."
12290
12323
msgstr ""
12291
12324
12292
#: serverguide/C/network-config.xml:320(command)
12325
#: serverguide/C/network-config.xml:316(command)
12293
12326
msgid "ifconfig lo"
12294
12327
msgstr ""
12295
12328
12296
#: serverguide/C/network-config.xml:321(computeroutput)
12329
#: serverguide/C/network-config.xml:317(computeroutput)
12297
12330
#, no-wrap
12298
12331
msgid ""
12299
12332
"lo Link encap:Local Loopback \n"
12306
12339
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12307
12340
msgstr ""
12308
12341
12309
#: serverguide/C/network-config.xml:330(para)
12342
#: serverguide/C/network-config.xml:326(para)
12310
12343
msgid ""
12311
12344
"By default, there should be two lines in "
12312
12345
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12315
12348
"example of the two default lines are shown below."
12316
12349
msgstr ""
12317
12350
12318
#: serverguide/C/network-config.xml:336(programlisting)
12351
#: serverguide/C/network-config.xml:332(programlisting)
12319
12352
#, no-wrap
12320
12353
msgid ""
12321
12354
"\n"
12323
12356
"iface lo inet loopback\n"
12324
12357
msgstr ""
12325
12358
12326
#: serverguide/C/network-config.xml:345(title)
12359
#: serverguide/C/network-config.xml:341(title)
12327
12360
msgid "Name Resolution"
12328
12361
msgstr ""
12329
12362
12330
#: serverguide/C/network-config.xml:346(para)
12363
#: serverguide/C/network-config.xml:342(para)
12331
12364
msgid ""
12332
12365
"Name resolution as it relates to IP networking is the process of mapping IP "
12333
12366
"addresses to hostnames, making it easier to identify resources on a network. "
12335
12368
"name resolution using DNS and static hostname records."
12336
12369
msgstr ""
12337
12370
12338
#: serverguide/C/network-config.xml:354(title)
12371
#: serverguide/C/network-config.xml:350(title)
12339
12372
msgid "DNS Client Configuration"
12340
12373
msgstr ""
12341
12374
12342
#: serverguide/C/network-config.xml:366(programlisting)
12375
#: serverguide/C/network-config.xml:362(programlisting)
12343
12376
#, no-wrap
12344
12377
msgid ""
12345
12378
"\n"
12372
12405
"following:"
12373
12406
msgstr ""
12374
12407
12375
#: serverguide/C/network-config.xml:377(programlisting)
12408
#: serverguide/C/network-config.xml:373(programlisting)
12376
12409
#, no-wrap
12377
12410
msgid ""
12378
12411
"\n"
12384
12417
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12385
12418
msgstr ""
12386
12419
12387
#: serverguide/C/network-config.xml:386(para)
12420
#: serverguide/C/network-config.xml:382(para)
12388
12421
msgid ""
12389
12422
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12390
12423
"multiple domain names so that DNS queries will be appended in the order in "
12395
12428
"role=\"italic\">dev.example.com</emphasis>."
12396
12429
msgstr ""
12397
12430
12398
#: serverguide/C/network-config.xml:393(para)
12431
#: serverguide/C/network-config.xml:389(para)
12399
12432
msgid ""
12400
12433
"If you have multiple domains you wish to search, your configuration might "
12401
12434
"look like the following:"
12402
12435
msgstr ""
12403
12436
12404
#: serverguide/C/network-config.xml:397(programlisting)
12437
#: serverguide/C/network-config.xml:393(programlisting)
12405
12438
#, no-wrap
12406
12439
msgid ""
12407
12440
"\n"
12413
12446
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12414
12447
msgstr ""
12415
12448
12416
#: serverguide/C/network-config.xml:406(para)
12449
#: serverguide/C/network-config.xml:402(para)
12417
12450
msgid ""
12418
12451
"If you try to ping a host with the name of <emphasis "
12419
12452
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12420
12453
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12421
12454
msgstr ""
12422
12455
12423
#: serverguide/C/network-config.xml:413(para)
12456
#: serverguide/C/network-config.xml:409(para)
12424
12457
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12425
12458
msgstr ""
12426
12459
12427
#: serverguide/C/network-config.xml:418(para)
12460
#: serverguide/C/network-config.xml:414(para)
12428
12461
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12429
12462
msgstr ""
12430
12463
12431
#: serverguide/C/network-config.xml:423(para)
12464
#: serverguide/C/network-config.xml:419(para)
12432
12465
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12433
12466
msgstr ""
12434
12467
12435
#: serverguide/C/network-config.xml:428(para)
12468
#: serverguide/C/network-config.xml:424(para)
12436
12469
msgid ""
12437
12470
"If no matches are found, the DNS server will provide a result of <emphasis "
12438
12471
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12439
12472
msgstr ""
12440
12473
12441
#: serverguide/C/network-config.xml:435(title)
12474
#: serverguide/C/network-config.xml:431(title)
12442
12475
msgid "Static Hostnames"
12443
12476
msgstr ""
12444
12477
12445
#: serverguide/C/network-config.xml:436(para)
12478
#: serverguide/C/network-config.xml:432(para)
12446
12479
msgid ""
12447
12480
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12448
12481
"file <filename>/etc/hosts</filename>. Entries in the "
12454
12487
"conveniently set to use static hostnames instead of DNS."
12455
12488
msgstr ""
12456
12489
12457
#: serverguide/C/network-config.xml:443(para)
12490
#: serverguide/C/network-config.xml:439(para)
12458
12491
msgid ""
12459
12492
"The following is an example of a <filename>hosts</filename> file where a "
12460
12493
"number of local servers have been identified by simple hostnames, aliases "
12461
12494
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12462
12495
msgstr ""
12463
12496
12464
#: serverguide/C/network-config.xml:447(programlisting)
12497
#: serverguide/C/network-config.xml:443(programlisting)
12465
12498
#, no-wrap
12466
12499
msgid ""
12467
12500
"\n"
12473
12506
"10.0.0.14\tserver4 server4.example.com file\n"
12474
12507
msgstr ""
12475
12508
12476
#: serverguide/C/network-config.xml:456(para)
12509
#: serverguide/C/network-config.xml:452(para)
12477
12510
msgid ""
12478
12511
"In the above example, notice that each of the servers have been given "
12479
12512
"aliases in addition to their proper names and FQDN's. <emphasis "
12486
12519
"role=\"italic\">file</emphasis>."
12487
12520
msgstr ""
12488
12521
12489
#: serverguide/C/network-config.xml:468(title)
12522
#: serverguide/C/network-config.xml:464(title)
12490
12523
msgid "Name Service Switch Configuration"
12491
12524
msgstr ""
12492
12525
12493
#: serverguide/C/network-config.xml:469(para)
12526
#: serverguide/C/network-config.xml:465(para)
12494
12527
msgid ""
12495
12528
"The order in which your system selects a method of resolving hostnames to IP "
12496
12529
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12501
12534
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12502
12535
msgstr ""
12503
12536
12504
#: serverguide/C/network-config.xml:477(programlisting)
12537
#: serverguide/C/network-config.xml:473(programlisting)
12505
12538
#, no-wrap
12506
12539
msgid ""
12507
12540
"\n"
12508
12541
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12509
12542
msgstr ""
12510
12543
12511
#: serverguide/C/network-config.xml:483(para)
12544
#: serverguide/C/network-config.xml:479(para)
12512
12545
msgid ""
12513
12546
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12514
12547
"hostnames located in <filename>/etc/hosts</filename>."
12515
12548
msgstr ""
12516
12549
12517
#: serverguide/C/network-config.xml:489(para)
12550
#: serverguide/C/network-config.xml:485(para)
12518
12551
msgid ""
12519
12552
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12520
12553
"name using Multicast DNS."
12521
12554
msgstr ""
12522
12555
12523
#: serverguide/C/network-config.xml:494(para)
12556
#: serverguide/C/network-config.xml:490(para)
12524
12557
msgid ""
12525
12558
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12526
12559
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12529
12562
"answer."
12530
12563
msgstr ""
12531
12564
12532
#: serverguide/C/network-config.xml:502(para)
12565
#: serverguide/C/network-config.xml:498(para)
12533
12566
msgid ""
12534
12567
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12535
12568
msgstr ""
12536
12569
12537
#: serverguide/C/network-config.xml:507(para)
12570
#: serverguide/C/network-config.xml:503(para)
12538
12571
msgid ""
12539
12572
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12540
12573
msgstr ""
12541
12574
12542
#: serverguide/C/network-config.xml:513(para)
12575
#: serverguide/C/network-config.xml:509(para)
12543
12576
msgid ""
12544
12577
"To modify the order of the above mentioned name resolution methods, you can "
12545
12578
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12548
12581
"<filename>/etc/nsswitch.conf</filename> as shown below."
12549
12582
msgstr ""
12550
12583
12551
#: serverguide/C/network-config.xml:520(programlisting)
12584
#: serverguide/C/network-config.xml:516(programlisting)
12552
12585
#, no-wrap
12553
12586
msgid ""
12554
12587
"\n"
12555
12588
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12556
12589
msgstr ""
12557
12590
12558
#: serverguide/C/network-config.xml:527(title)
12591
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12559
12592
msgid "Bridging"
12560
12593
msgstr ""
12561
12594
12562
#: serverguide/C/network-config.xml:529(para)
12595
#: serverguide/C/network-config.xml:525(para)
12563
12596
msgid ""
12564
12597
"Bridging multiple interfaces is a more advanced configuration, but is very "
12565
12598
"useful in multiple scenarios. One scenario is setting up a bridge with "
12569
12602
"The following example covers the latter scenario."
12570
12603
msgstr ""
12571
12604
12572
#: serverguide/C/network-config.xml:536(para)
12605
#: serverguide/C/network-config.xml:532(para)
12573
12606
msgid ""
12574
12607
"Before configuring a bridge you will need to install the <application>bridge-"
12575
12608
"utils</application> package. To install the package, in a terminal enter:"
12576
12609
msgstr ""
12577
12610
12578
#: serverguide/C/network-config.xml:545(para)
12611
#: serverguide/C/network-config.xml:541(para)
12579
12612
msgid ""
12580
12613
"Next, configure the bridge by editing "
12581
12614
"<filename>/etc/network/interfaces</filename>:"
12582
12615
msgstr ""
12583
12616
12584
#: serverguide/C/network-config.xml:549(programlisting)
12617
#: serverguide/C/network-config.xml:545(programlisting)
12585
12618
#, no-wrap
12586
12619
msgid ""
12587
12620
"\n"
12602
12635
" bridge_stp off\n"
12603
12636
msgstr ""
12604
12637
12605
#: serverguide/C/network-config.xml:568(para)
12638
#: serverguide/C/network-config.xml:564(para)
12606
12639
msgid "Enter the appropriate values for your physical interface and network."
12607
12640
msgstr ""
12608
12641
12614
12647
msgid "sudo ifup br0"
12615
12648
msgstr ""
12616
12649
12617
#: serverguide/C/network-config.xml:580(para)
12650
#: serverguide/C/network-config.xml:576(para)
12618
12651
msgid ""
12619
12652
"The new bridge interface should now be up and running. The "
12620
12653
"<application>brctl</application> provides useful information about the state "
12622
12655
"<command>man brctl</command> for more information."
12623
12656
msgstr ""
12624
12657
12625
#: serverguide/C/network-config.xml:596(para)
12658
#: serverguide/C/network-config.xml:592(para)
12626
12659
msgid ""
12627
12660
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12628
12661
"Network page</ulink> has links to articles covering more advanced network "
12629
12662
"configuration."
12630
12663
msgstr ""
12631
12664
12632
#: serverguide/C/network-config.xml:602(para)
12665
#: serverguide/C/network-config.xml:598(para)
12633
12666
msgid ""
12634
12667
"The <ulink "
12635
12668
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12636
12669
" man page</ulink> has more information on resolvconf."
12637
12670
msgstr ""
12638
12671
12639
#: serverguide/C/network-config.xml:608(para)
12672
#: serverguide/C/network-config.xml:604(para)
12640
12673
msgid ""
12641
12674
"The <ulink "
12642
12675
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12644
12677
"<filename>/etc/network/interfaces</filename>."
12645
12678
msgstr ""
12646
12679
12647
#: serverguide/C/network-config.xml:614(para)
12680
#: serverguide/C/network-config.xml:610(para)
12648
12681
msgid ""
12649
12682
"The <ulink "
12650
12683
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
12652
12685
"settings."
12653
12686
msgstr ""
12654
12687
12655
#: serverguide/C/network-config.xml:620(para)
12688
#: serverguide/C/network-config.xml:616(para)
12656
12689
msgid ""
12657
12690
"For more information on DNS client configuration see the <ulink "
12658
12691
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
12671
12704
"\">Networking-Bridge</ulink> page."
12672
12705
msgstr ""
12673
12706
12674
#: serverguide/C/network-config.xml:639(title)
12707
#: serverguide/C/network-config.xml:635(title)
12675
12708
msgid "TCP/IP"
12676
12709
msgstr ""
12677
12710
12678
#: serverguide/C/network-config.xml:640(para)
12711
#: serverguide/C/network-config.xml:636(para)
12679
12712
msgid ""
12680
12713
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12681
12714
"standard set of protocols developed in the late 1970s by the Defense "
12685
12718
"network protocols on Earth."
12686
12719
msgstr ""
12687
12720
12688
#: serverguide/C/network-config.xml:648(title)
12721
#: serverguide/C/network-config.xml:644(title)
12689
12722
msgid "TCP/IP Introduction"
12690
12723
msgstr ""
12691
12724
12692
#: serverguide/C/network-config.xml:649(para)
12725
#: serverguide/C/network-config.xml:645(para)
12693
12726
msgid ""
12694
12727
"The two protocol components of TCP/IP deal with different aspects of "
12695
12728
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12704
12737
"host."
12705
12738
msgstr ""
12706
12739
12707
#: serverguide/C/network-config.xml:662(title)
12740
#: serverguide/C/network-config.xml:658(title)
12708
12741
msgid "TCP/IP Configuration"
12709
12742
msgstr ""
12710
12743
12711
#: serverguide/C/network-config.xml:663(para)
12744
#: serverguide/C/network-config.xml:659(para)
12712
12745
msgid ""
12713
12746
"The TCP/IP protocol configuration consists of several elements which must be "
12714
12747
"set by editing the appropriate configuration files, or deploying solutions "
12719
12752
"system."
12720
12753
msgstr ""
12721
12754
12722
#: serverguide/C/network-config.xml:675(para)
12755
#: serverguide/C/network-config.xml:671(para)
12723
12756
msgid ""
12724
12757
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12725
12758
"identifying string expressed as four decimal numbers ranging from zero (0) "
12729
12762
"<emphasis>dotted quad notation</emphasis>."
12730
12763
msgstr ""
12731
12764
12732
#: serverguide/C/network-config.xml:685(para)
12765
#: serverguide/C/network-config.xml:681(para)
12733
12766
msgid ""
12734
12767
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12735
12768
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12740
12773
"remain available for specifying hosts on the subnetwork."
12741
12774
msgstr ""
12742
12775
12743
#: serverguide/C/network-config.xml:696(para)
12776
#: serverguide/C/network-config.xml:692(para)
12744
12777
msgid ""
12745
12778
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12746
12779
"represents the bytes comprising the network portion of an IP address. For "
12753
12786
"network and a zero (0) for all the possible hosts on the network."
12754
12787
msgstr ""
12755
12788
12756
#: serverguide/C/network-config.xml:709(para)
12789
#: serverguide/C/network-config.xml:705(para)
12757
12790
msgid ""
12758
12791
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12759
12792
"is an IP address which allows network data to be sent simultaneously to all "
12767
12800
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12768
12801
msgstr ""
12769
12802
12770
#: serverguide/C/network-config.xml:722(para)
12803
#: serverguide/C/network-config.xml:718(para)
12771
12804
msgid ""
12772
12805
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12773
12806
"IP address through which a particular network, or host on a network, may be "
12780
12813
"not be able to reach any hosts beyond those on the same network."
12781
12814
msgstr ""
12782
12815
12783
#: serverguide/C/network-config.xml:733(para)
12816
#: serverguide/C/network-config.xml:729(para)
12784
12817
msgid ""
12785
12818
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12786
12819
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12806
12839
"command typed at a terminal prompt:"
12807
12840
msgstr ""
12808
12841
12809
#: serverguide/C/network-config.xml:754(para)
12842
#: serverguide/C/network-config.xml:750(para)
12810
12843
msgid ""
12811
12844
"Access the system manual page for <filename>interfaces</filename> with the "
12812
12845
"following command:"
12813
12846
msgstr ""
12814
12847
12815
#: serverguide/C/network-config.xml:759(command)
12848
#: serverguide/C/network-config.xml:755(command)
12816
12849
msgid "man interfaces"
12817
12850
msgstr ""
12818
12851
12819
#: serverguide/C/network-config.xml:671(para)
12852
#: serverguide/C/network-config.xml:667(para)
12820
12853
msgid ""
12821
12854
"The common configuration elements of TCP/IP and their purposes are as "
12822
12855
"follows: <placeholder-1/>"
12823
12856
msgstr ""
12824
12857
12825
#: serverguide/C/network-config.xml:767(title)
12858
#: serverguide/C/network-config.xml:771(title)
12826
12859
msgid "IP Routing"
12827
12860
msgstr ""
12828
12861
12829
#: serverguide/C/network-config.xml:768(para)
12862
#: serverguide/C/network-config.xml:772(para)
12830
12863
msgid ""
12831
12864
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12832
12865
"network along which network data may be sent. Routing uses a set of "
12837
12870
"<emphasis>Dynamic Routing.</emphasis>"
12838
12871
msgstr ""
12839
12872
12840
#: serverguide/C/network-config.xml:777(para)
12873
#: serverguide/C/network-config.xml:781(para)
12841
12874
msgid ""
12842
12875
"Static routing involves manually adding IP routes to the system's routing "
12843
12876
"table, and this is usually done by manipulating the routing table with the "
12852
12885
"and failures along the route due to the fixed nature of the route."
12853
12886
msgstr ""
12854
12887
12855
#: serverguide/C/network-config.xml:787(para)
12888
#: serverguide/C/network-config.xml:791(para)
12856
12889
msgid ""
12857
12890
"Dynamic routing depends on large networks with multiple possible IP routes "
12858
12891
"from a source to a destination and makes use of special routing protocols, "
12869
12902
"immediately benefit the end users, but still consumes network bandwidth."
12870
12903
msgstr ""
12871
12904
12872
#: serverguide/C/network-config.xml:801(title)
12905
#: serverguide/C/network-config.xml:805(title)
12873
12906
msgid "TCP and UDP"
12874
12907
msgstr ""
12875
12908
12876
#: serverguide/C/network-config.xml:802(para)
12909
#: serverguide/C/network-config.xml:806(para)
12877
12910
msgid ""
12878
12911
"TCP is a connection-based protocol, offering error correction and guaranteed "
12879
12912
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12884
12917
"important information such as database transactions."
12885
12918
msgstr ""
12886
12919
12887
#: serverguide/C/network-config.xml:810(para)
12920
#: serverguide/C/network-config.xml:814(para)
12888
12921
msgid ""
12889
12922
"The User Datagram Protocol (UDP), on the other hand, is a "
12890
12923
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12895
12928
"loss of a few packets is not generally catastrophic."
12896
12929
msgstr ""
12897
12930
12898
#: serverguide/C/network-config.xml:820(title)
12931
#: serverguide/C/network-config.xml:824(title)
12899
12932
msgid "ICMP"
12900
12933
msgstr ""
12901
12934
12902
#: serverguide/C/network-config.xml:821(para)
12935
#: serverguide/C/network-config.xml:825(para)
12903
12936
msgid ""
12904
12937
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12905
12938
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12912
12945
"<emphasis>Time Exceeded</emphasis>."
12913
12946
msgstr ""
12914
12947
12915
#: serverguide/C/network-config.xml:831(title)
12948
#: serverguide/C/network-config.xml:835(title)
12916
12949
msgid "Daemons"
12917
12950
msgstr ""
12918
12951
12919
#: serverguide/C/network-config.xml:832(para)
12952
#: serverguide/C/network-config.xml:836(para)
12920
12953
msgid ""
12921
12954
"Daemons are special system applications which typically execute continuously "
12922
12955
"in the background and await requests for the functions they provide from "
12939
12972
"that contain more useful information."
12940
12973
msgstr ""
12941
12974
12942
#: serverguide/C/network-config.xml:853(para)
12975
#: serverguide/C/network-config.xml:857(para)
12943
12976
msgid ""
12944
12977
"Also, see the <ulink "
12945
12978
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12946
12979
"and Technical Overview</ulink> IBM Redbook."
12947
12980
msgstr ""
12948
12981
12949
#: serverguide/C/network-config.xml:859(para)
12982
#: serverguide/C/network-config.xml:863(para)
12950
12983
msgid ""
12951
12984
"Another resource is O'Reilly's <ulink "
12952
12985
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12953
12986
"Administration</ulink>."
12954
12987
msgstr ""
12955
12988
12956
#: serverguide/C/network-config.xml:868(title)
12989
#: serverguide/C/network-config.xml:872(title)
12957
12990
msgid "Dynamic Host Configuration Protocol (DHCP)"
12958
12991
msgstr ""
12959
12992
12960
#: serverguide/C/network-config.xml:869(para)
12993
#: serverguide/C/network-config.xml:873(para)
12961
12994
msgid ""
12962
12995
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12963
12996
"enables host computers to be automatically assigned settings from a server "
12966
12999
"DHCP server, and the configuration is transparent to the computer's user."
12967
13000
msgstr ""
12968
13001
12969
#: serverguide/C/network-config.xml:876(para)
13002
#: serverguide/C/network-config.xml:880(para)
12970
13003
msgid ""
12971
13004
"The most common settings provided by a DHCP server to DHCP clients include:"
12972
13005
msgstr ""
12973
13006
12974
#: serverguide/C/network-config.xml:881(para)
13007
#: serverguide/C/network-config.xml:885(para)
12975
13008
msgid "IP address and netmask"
12976
13009
msgstr ""
12977
13010
12978
#: serverguide/C/network-config.xml:884(para)
13011
#: serverguide/C/network-config.xml:888(para)
12979
13012
msgid "IP address of the default-gateway to use"
12980
13013
msgstr ""
12981
13014
12982
#: serverguide/C/network-config.xml:887(para)
13015
#: serverguide/C/network-config.xml:891(para)
12983
13016
msgid "IP adresses of the DNS servers to use"
12984
13017
msgstr ""
12985
13018
12986
#: serverguide/C/network-config.xml:890(para)
13019
#: serverguide/C/network-config.xml:894(para)
12987
13020
msgid ""
12988
13021
"However, a DHCP server can also supply configuration properties such as:"
12989
13022
msgstr ""
12990
13023
12991
#: serverguide/C/network-config.xml:895(para)
13024
#: serverguide/C/network-config.xml:899(para)
12992
13025
msgid "Host Name"
12993
13026
msgstr ""
12994
13027
12995
#: serverguide/C/network-config.xml:898(para)
13028
#: serverguide/C/network-config.xml:902(para)
12996
13029
msgid "Domain Name"
12997
13030
msgstr ""
12998
13031
12999
#: serverguide/C/network-config.xml:901(para)
13032
#: serverguide/C/network-config.xml:905(para)
13000
13033
msgid "Time Server"
13001
13034
msgstr ""
13002
13035
13003
#: serverguide/C/network-config.xml:907(para)
13036
#: serverguide/C/network-config.xml:911(para)
13004
13037
msgid ""
13005
13038
"The advantage of using DHCP is that changes to the network, for example a "
13006
13039
"change in the address of the DNS server, need only be changed at the DHCP "
13011
13044
"also reduced."
13012
13045
msgstr ""
13013
13046
13014
#: serverguide/C/network-config.xml:915(para)
13047
#: serverguide/C/network-config.xml:919(para)
13015
13048
msgid ""
13016
13049
"A DHCP server can provide configuration settings using the following methods:"
13017
13050
msgstr ""
13018
13051
13019
#: serverguide/C/network-config.xml:920(term)
13052
#: serverguide/C/network-config.xml:924(term)
13020
13053
msgid "Manual allocation (MAC address)"
13021
13054
msgstr ""
13022
13055
13023
#: serverguide/C/network-config.xml:922(para)
13056
#: serverguide/C/network-config.xml:926(para)
13024
13057
msgid ""
13025
13058
"This method entails using DHCP to identify the unique hardware address of "
13026
13059
"each network card connected to the network and then continually supplying a "
13029
13062
"assigned automatically to that network card, based on it's MAC address."
13030
13063
msgstr ""
13031
13064
13032
#: serverguide/C/network-config.xml:933(term)
13065
#: serverguide/C/network-config.xml:937(term)
13033
13066
msgid "Dynamic allocation (address pool)"
13034
13067
msgstr ""
13035
13068
13047
13080
"renegociate the lease with the server to maintain use of the address."
13048
13081
msgstr ""
13049
13082
13050
#: serverguide/C/network-config.xml:949(term)
13083
#: serverguide/C/network-config.xml:952(term)
13051
13084
msgid "Automatic allocation"
13052
13085
msgstr ""
13053
13086
13054
#: serverguide/C/network-config.xml:951(para)
13087
#: serverguide/C/network-config.xml:954(para)
13055
13088
msgid ""
13056
13089
"Using this method, the DHCP automatically assigns an IP address permanently "
13057
13090
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13073
13106
"and configure and will be automatically started at system boot."
13074
13107
msgstr ""
13075
13108
13076
#: serverguide/C/network-config.xml:974(para)
13109
#: serverguide/C/network-config.xml:976(para)
13077
13110
msgid ""
13078
13111
"At a terminal prompt, enter the following command to install "
13079
13112
"<application>dhcpd</application>:"
13080
13113
msgstr ""
13081
13114
13082
#: serverguide/C/network-config.xml:979(command)
13115
#: serverguide/C/network-config.xml:981(command)
13083
13116
msgid "sudo apt-get install isc-dhcp-server"
13084
13117
msgstr ""
13085
13118
13086
#: serverguide/C/network-config.xml:981(para)
13119
#: serverguide/C/network-config.xml:983(para)
13087
13120
msgid ""
13088
13121
"You will probably need to change the default configuration by editing "
13089
13122
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13090
13123
msgstr ""
13091
13124
13092
#: serverguide/C/network-config.xml:985(para)
13125
#: serverguide/C/network-config.xml:987(para)
13093
13126
msgid ""
13094
13127
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13095
13128
"interfaces dhcpd should listen to."
13096
13129
msgstr ""
13097
13130
13098
#: serverguide/C/network-config.xml:989(para)
13131
#: serverguide/C/network-config.xml:991(para)
13099
13132
msgid ""
13100
13133
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13101
13134
"messages."
13102
13135
msgstr ""
13103
13136
13104
#: serverguide/C/network-config.xml:996(para)
13137
#: serverguide/C/network-config.xml:998(para)
13105
13138
msgid ""
13106
13139
"The error message the installation ends with might be a little confusing, "
13107
13140
"but the following steps will help you configure the service:"
13108
13141
msgstr ""
13109
13142
13110
#: serverguide/C/network-config.xml:1000(para)
13143
#: serverguide/C/network-config.xml:1002(para)
13111
13144
msgid ""
13112
13145
"Most commonly, what you want to do is assign an IP address randomly. This "
13113
13146
"can be done with settings as follows:"
13114
13147
msgstr ""
13115
13148
13116
#: serverguide/C/network-config.xml:1004(programlisting)
13149
#: serverguide/C/network-config.xml:1006(programlisting)
13117
13150
#, no-wrap
13118
13151
msgid ""
13119
13152
"\n"
13129
13162
"} \n"
13130
13163
msgstr ""
13131
13164
13132
#: serverguide/C/network-config.xml:1016(para)
13165
#: serverguide/C/network-config.xml:1018(para)
13133
13166
msgid ""
13134
13167
"This will result in the DHCP server giving clients an IP address from the "
13135
13168
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13139
13172
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13140
13173
msgstr ""
13141
13174
13142
#: serverguide/C/network-config.xml:1024(para)
13175
#: serverguide/C/network-config.xml:1026(para)
13143
13176
msgid ""
13144
13177
"After changing the config file you have to restart the "
13145
13178
"<application>dhcpd</application>:"
13149
13182
msgid "sudo service isc-dhcp-server restart"
13150
13183
msgstr ""
13151
13184
13152
#: serverguide/C/network-config.xml:1037(para)
13185
#: serverguide/C/network-config.xml:1039(para)
13153
13186
msgid ""
13154
13187
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13155
13188
"server Ubuntu Wiki</ulink> page has more information."
13162
13195
"dhcpd.conf man page</ulink>."
13163
13196
msgstr ""
13164
13197
13165
#: serverguide/C/network-config.xml:1049(ulink)
13198
#: serverguide/C/network-config.xml:1051(ulink)
13166
13199
msgid "ISC dhcp-server"
13167
13200
msgstr ""
13168
13201
13169
#: serverguide/C/network-config.xml:1058(title)
13202
#: serverguide/C/network-config.xml:1060(title)
13170
13203
msgid "Time Synchronisation with NTP"
13171
13204
msgstr ""
13172
13205
13173
#: serverguide/C/network-config.xml:1059(para)
13206
#: serverguide/C/network-config.xml:1061(para)
13174
13207
msgid ""
13175
13208
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13176
13209
"client requests the current time from a server, and uses it to set its own "
13177
13210
"clock."
13178
13211
msgstr ""
13179
13212
13180
#: serverguide/C/network-config.xml:1062(para)
13213
#: serverguide/C/network-config.xml:1064(para)
13181
13214
msgid ""
13182
13215
"Behind this simple description, there is a lot of complexity - there are "
13183
13216
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13189
13222
"from you!"
13190
13223
msgstr ""
13191
13224
13192
#: serverguide/C/network-config.xml:1065(para)
13225
#: serverguide/C/network-config.xml:1067(para)
13193
13226
msgid "Ubuntu uses ntpdate and ntpd."
13194
13227
msgstr ""
13195
13228
13196
#: serverguide/C/network-config.xml:1070(title)
13229
#: serverguide/C/network-config.xml:1072(title)
13197
13230
msgid "ntpdate"
13198
13231
msgstr ""
13199
13232
13200
#: serverguide/C/network-config.xml:1071(para)
13233
#: serverguide/C/network-config.xml:1073(para)
13201
13234
msgid ""
13202
13235
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13203
13236
"set up your time according to Ubuntu's NTP server."
13204
13237
msgstr ""
13205
13238
13206
#: serverguide/C/network-config.xml:1074(programlisting)
13239
#: serverguide/C/network-config.xml:1076(programlisting)
13207
13240
#, no-wrap
13208
13241
msgid ""
13209
13242
"\n"
13210
13243
"ntpdate -s ntp.ubuntu.com\n"
13211
13244
msgstr ""
13212
13245
13213
#: serverguide/C/network-config.xml:1080(title)
13246
#: serverguide/C/network-config.xml:1082(title)
13214
13247
msgid "ntpd"
13215
13248
msgstr ""
13216
13249
13217
#: serverguide/C/network-config.xml:1081(para)
13250
#: serverguide/C/network-config.xml:1083(para)
13218
13251
msgid ""
13219
13252
"The ntp daemon ntpd calculates the drift of your system clock and "
13220
13253
"continuously adjusts it, so there are no large corrections that could lead "
13222
13255
"memory, but for a modern server this is negligible."
13223
13256
msgstr ""
13224
13257
13225
#: serverguide/C/network-config.xml:1088(para)
13258
#: serverguide/C/network-config.xml:1090(para)
13226
13259
msgid "To install ntpd, from a terminal prompt enter:"
13227
13260
msgstr ""
13228
13261
13229
#: serverguide/C/network-config.xml:1093(command)
13262
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13230
13263
msgid "sudo apt-get install ntp"
13231
13264
msgstr ""
13232
13265
13233
#: serverguide/C/network-config.xml:1100(para)
13266
#: serverguide/C/network-config.xml:1102(para)
13234
13267
msgid ""
13235
13268
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13236
13269
"default these servers are configured:"
13237
13270
msgstr ""
13238
13271
13239
#: serverguide/C/network-config.xml:1105(programlisting)
13272
#: serverguide/C/network-config.xml:1107(programlisting)
13240
13273
#, no-wrap
13241
13274
msgid ""
13242
13275
"\n"
13249
13282
"server 3.ubuntu.pool.ntp.org\n"
13250
13283
msgstr ""
13251
13284
13252
#: serverguide/C/network-config.xml:1115(para)
13285
#: serverguide/C/network-config.xml:1117(para)
13253
13286
msgid ""
13254
13287
"After changing the config file you have to reload the "
13255
13288
"<application>ntpd</application>:"
13259
13292
msgid "sudo service ntp reload"
13260
13293
msgstr ""
13261
13294
13262
#: serverguide/C/network-config.xml:1124(title)
13295
#: serverguide/C/network-config.xml:1126(title)
13263
13296
msgid "View status"
13264
13297
msgstr ""
13265
13298
13267
13300
msgid "Use ntpq to see more info:"
13268
13301
msgstr ""
13269
13302
13270
#: serverguide/C/network-config.xml:1129(command)
13303
#: serverguide/C/network-config.xml:1131(command)
13271
13304
msgid "# sudo ntpq -p"
13272
13305
msgstr ""
13273
13306
13274
#: serverguide/C/network-config.xml:1130(computeroutput)
13307
#: serverguide/C/network-config.xml:1132(computeroutput)
13275
13308
#, no-wrap
13276
13309
msgid ""
13277
13310
" remote refid st t when poll reach delay offset "
13290
13323
"92.792"
13291
13324
msgstr ""
13292
13325
13293
#: serverguide/C/network-config.xml:1145(para)
13326
#: serverguide/C/network-config.xml:1147(para)
13294
13327
msgid ""
13295
13328
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13296
13329
"Time</ulink> wiki page for more information."
13297
13330
msgstr ""
13298
13331
13299
#: serverguide/C/network-config.xml:1151(ulink)
13332
#: serverguide/C/network-config.xml:1153(ulink)
13300
13333
msgid "ntp.org, home of the Network Time Protocol project"
13301
13334
msgstr ""
13302
13335
13318
13351
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13319
13352
"querying and modifying a X.500-based directory service running over TCP/IP. "
13320
13353
"The current LDAP version is LDAPv3, as defined in <ulink "
13321
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the LDAP "
13322
"implementation used in Ubuntu is OpenLDAP, currently at version 2.4.25 "
13323
"(Oneiric)."
13354
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13355
"implementation used in Ubuntu is from OpenLDAP."
13324
13356
msgstr ""
13325
13357
13326
13358
#: serverguide/C/network-auth.xml:27(para)
13327
13359
msgid ""
13328
"So this protocol accesses LDAP directories. Here are some key concepts and "
13329
"terms:"
13360
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13361
"and terms:"
13330
13362
msgstr ""
13331
13363
13332
13364
#: serverguide/C/network-auth.xml:34(para)
13359
13391
13360
13392
#: serverguide/C/network-auth.xml:66(para)
13361
13393
msgid ""
13362
"Each entry has a unique identifier: it's <emphasis>Distinguished "
13363
"Name</emphasis> (DN or dn). This consists of it's <emphasis>Relative "
13394
"Each entry has a unique identifier: its <emphasis>Distinguished "
13395
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13364
13396
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13365
13397
msgstr ""
13366
13398
13380
13412
13381
13413
#: serverguide/C/network-auth.xml:87(para)
13382
13414
msgid ""
13383
"For example, below we have a single entry consisting of 11 attributes. It's "
13384
"DN is \"cn=John Doe,dc=example,dc=com\"; it's RDN is \"cn=John Doe\"; and "
13385
"it's parent DN is \"dc=example,dc=com\"."
13386
msgstr ""
13387
13388
#: serverguide/C/network-auth.xml:92(programlisting)
13415
"For example, below we have a single entry consisting of 11 attributes where "
13416
"the following is true:"
13417
msgstr ""
13418
13419
#: serverguide/C/network-auth.xml:94(para)
13420
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13421
msgstr ""
13422
13423
#: serverguide/C/network-auth.xml:100(para)
13424
msgid "RDN is \"cn=John Doe\""
13425
msgstr ""
13426
13427
#: serverguide/C/network-auth.xml:106(para)
13428
msgid "parent DN is \"dc=example,dc=com\""
13429
msgstr ""
13430
13431
#: serverguide/C/network-auth.xml:113(programlisting)
13389
13432
#, no-wrap
13390
13433
msgid ""
13391
13434
"\n"
13403
13446
" objectClass: top\n"
13404
13447
msgstr ""
13405
13448
13406
#: serverguide/C/network-auth.xml:107(para)
13449
#: serverguide/C/network-auth.xml:128(para)
13407
13450
msgid ""
13408
13451
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13409
13452
"Interchange Format). Any information that you feed into your DIT must also "
13411
13454
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13412
13455
msgstr ""
13413
13456
13414
#: serverguide/C/network-auth.xml:112(para)
13457
#: serverguide/C/network-auth.xml:133(para)
13415
13458
msgid ""
13416
13459
"Although this guide will describe how to use it for central authentication, "
13417
13460
"LDAP is good for anything that involves a large number of access requests to "
13419
13462
"address book, a list of email addresses, and a mail server's configuration."
13420
13463
msgstr ""
13421
13464
13422
#: serverguide/C/network-auth.xml:121(para)
13465
#: serverguide/C/network-auth.xml:142(para)
13423
13466
msgid ""
13424
13467
"Install the OpenLDAP server daemon and the traditional LDAP management "
13425
13468
"utilities. These are found in packages <application>slapd</application> and "
13426
13469
"<application>ldap-utils</application> respectively."
13427
13470
msgstr ""
13428
13471
13429
#: serverguide/C/network-auth.xml:126(para)
13472
#: serverguide/C/network-auth.xml:147(para)
13430
13473
msgid ""
13431
13474
"The installation of slapd will create a working configuration. In "
13432
13475
"particular, it will create a database instance that you can use to store "
13438
13481
"a line similar to this:"
13439
13482
msgstr ""
13440
13483
13441
#: serverguide/C/network-auth.xml:134(programlisting)
13484
#: serverguide/C/network-auth.xml:155(programlisting)
13442
13485
#, no-wrap
13443
13486
msgid ""
13444
13487
"\n"
13445
13488
"127.0.1.1 hostname.example.com\thostname\n"
13446
13489
msgstr ""
13447
13490
13448
#: serverguide/C/network-auth.xml:138(para)
13491
#: serverguide/C/network-auth.xml:159(para)
13449
13492
msgid "You can revert the change after package installation."
13450
13493
msgstr ""
13451
13494
13452
#: serverguide/C/network-auth.xml:143(para)
13495
#: serverguide/C/network-auth.xml:164(para)
13453
13496
msgid ""
13454
13497
"This guide will use a database suffix of "
13455
13498
"<emphasis>dc=example,dc=com</emphasis>."
13456
13499
msgstr ""
13457
13500
13458
#: serverguide/C/network-auth.xml:148(para)
13501
#: serverguide/C/network-auth.xml:169(para)
13459
13502
msgid "Proceed with the install:"
13460
13503
msgstr ""
13461
13504
13462
#: serverguide/C/network-auth.xml:153(command)
13505
#: serverguide/C/network-auth.xml:174(command)
13463
13506
msgid "sudo apt-get install slapd ldap-utils"
13464
13507
msgstr ""
13465
13508
13466
#: serverguide/C/network-auth.xml:156(para)
13509
#: serverguide/C/network-auth.xml:177(para)
13467
13510
msgid ""
13468
13511
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13469
13512
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13476
13519
"will be eventually phased out."
13477
13520
msgstr ""
13478
13521
13479
#: serverguide/C/network-auth.xml:165(para)
13522
#: serverguide/C/network-auth.xml:186(para)
13480
13523
msgid ""
13481
13524
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13482
13525
"configuration and this guide reflects that."
13483
13526
msgstr ""
13484
13527
13485
#: serverguide/C/network-auth.xml:171(para)
13528
#: serverguide/C/network-auth.xml:192(para)
13486
13529
msgid ""
13487
13530
"During the install you were prompted to define administrative credentials. "
13488
13531
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13493
13536
"will see how to do this later on."
13494
13537
msgstr ""
13495
13538
13496
#: serverguide/C/network-auth.xml:178(para)
13539
#: serverguide/C/network-auth.xml:199(para)
13497
13540
msgid ""
13498
13541
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13499
13542
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13500
13543
"schema to work."
13501
13544
msgstr ""
13502
13545
13503
#: serverguide/C/network-auth.xml:186(title)
13546
#: serverguide/C/network-auth.xml:207(title)
13504
13547
msgid "Post-install Inspection"
13505
13548
msgstr ""
13506
13549
13507
#: serverguide/C/network-auth.xml:188(para)
13550
#: serverguide/C/network-auth.xml:209(para)
13508
13551
msgid ""
13509
13552
"The installation process set up 2 DITs. One for slapd-config and one for "
13510
13553
"your own data (dc=example,dc=com). Let's take a look."
13511
13554
msgstr ""
13512
13555
13513
#: serverguide/C/network-auth.xml:195(para)
13556
#: serverguide/C/network-auth.xml:216(para)
13514
13557
msgid ""
13515
13558
"This is what the slapd-config database/DIT looks like. Recall that this "
13516
13559
"database is LDIF-based and lives under "
13517
13560
"<filename>/etc/ldap/slapd.d</filename>:"
13518
13561
msgstr ""
13519
13562
13520
#: serverguide/C/network-auth.xml:201(computeroutput)
13563
#: serverguide/C/network-auth.xml:222(computeroutput)
13521
13564
#, no-wrap
13522
13565
msgid ""
13523
13566
"\n"
13537
13580
" /etc/ldap/slapd.d/cn=config.ldif\n"
13538
13581
msgstr ""
13539
13582
13540
#: serverguide/C/network-auth.xml:220(para)
13583
#: serverguide/C/network-auth.xml:242(para)
13541
13584
msgid ""
13542
13585
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13543
13586
"protocol (utilities)."
13544
13587
msgstr ""
13545
13588
13546
#: serverguide/C/network-auth.xml:228(para)
13589
#: serverguide/C/network-auth.xml:250(para)
13547
13590
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13548
13591
msgstr ""
13549
13592
13550
#: serverguide/C/network-auth.xml:233(command)
13593
#: serverguide/C/network-auth.xml:254(para)
13594
msgid ""
13595
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13596
"work due to a <ulink "
13597
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1392018\">bug</"
13598
"ulink>"
13599
msgstr ""
13600
13601
#: serverguide/C/network-auth.xml:255(command)
13551
13602
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13552
13603
msgstr ""
13553
13604
13554
#: serverguide/C/network-auth.xml:234(computeroutput)
13605
#: serverguide/C/network-auth.xml:256(computeroutput)
13555
13606
#, no-wrap
13556
13607
msgid ""
13557
13608
"\n"
13578
13629
"dn: olcDatabase={1}hdb,cn=config\n"
13579
13630
msgstr ""
13580
13631
13581
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
13632
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13582
13633
msgid "Explanation of entries:"
13583
13634
msgstr ""
13584
13635
13585
#: serverguide/C/network-auth.xml:266(para)
13636
#: serverguide/C/network-auth.xml:288(para)
13586
13637
msgid "<emphasis>cn=config</emphasis>: global settings"
13587
13638
msgstr ""
13588
13639
13589
#: serverguide/C/network-auth.xml:272(para)
13640
#: serverguide/C/network-auth.xml:294(para)
13590
13641
msgid ""
13591
13642
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13592
13643
msgstr ""
13593
13644
13594
#: serverguide/C/network-auth.xml:278(para)
13645
#: serverguide/C/network-auth.xml:300(para)
13595
13646
msgid ""
13596
13647
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13597
13648
"schema"
13598
13649
msgstr ""
13599
13650
13600
#: serverguide/C/network-auth.xml:284(para)
13651
#: serverguide/C/network-auth.xml:306(para)
13601
13652
msgid ""
13602
13653
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13603
13654
"schema"
13604
13655
msgstr ""
13605
13656
13606
#: serverguide/C/network-auth.xml:290(para)
13657
#: serverguide/C/network-auth.xml:312(para)
13607
13658
msgid ""
13608
13659
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13609
13660
msgstr ""
13610
13661
13611
#: serverguide/C/network-auth.xml:296(para)
13662
#: serverguide/C/network-auth.xml:318(para)
13612
13663
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13613
13664
msgstr ""
13614
13665
13615
#: serverguide/C/network-auth.xml:302(para)
13666
#: serverguide/C/network-auth.xml:324(para)
13616
13667
msgid ""
13617
13668
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13618
13669
"inetorgperson schema"
13619
13670
msgstr ""
13620
13671
13621
#: serverguide/C/network-auth.xml:308(para)
13672
#: serverguide/C/network-auth.xml:330(para)
13622
13673
msgid ""
13623
13674
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13624
13675
"type"
13625
13676
msgstr ""
13626
13677
13627
#: serverguide/C/network-auth.xml:314(para)
13678
#: serverguide/C/network-auth.xml:336(para)
13628
13679
msgid ""
13629
13680
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13630
13681
"default settings for other databases"
13631
13682
msgstr ""
13632
13683
13633
#: serverguide/C/network-auth.xml:320(para)
13684
#: serverguide/C/network-auth.xml:342(para)
13634
13685
msgid ""
13635
13686
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13636
13687
"database (cn=config)"
13637
13688
msgstr ""
13638
13689
13639
#: serverguide/C/network-auth.xml:326(para)
13690
#: serverguide/C/network-auth.xml:348(para)
13640
13691
msgid ""
13641
13692
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13642
13693
"(dc=examle,dc=com)"
13643
13694
msgstr ""
13644
13695
13645
#: serverguide/C/network-auth.xml:337(para)
13696
#: serverguide/C/network-auth.xml:359(para)
13646
13697
msgid "This is what the dc=example,dc=com DIT looks like:"
13647
13698
msgstr ""
13648
13699
13649
#: serverguide/C/network-auth.xml:342(command)
13700
#: serverguide/C/network-auth.xml:364(command)
13650
13701
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13651
13702
msgstr ""
13652
13703
13653
#: serverguide/C/network-auth.xml:343(computeroutput)
13704
#: serverguide/C/network-auth.xml:365(computeroutput)
13654
13705
#, no-wrap
13655
13706
msgid ""
13656
13707
"\n"
13659
13710
"dn: cn=admin,dc=example,dc=com\n"
13660
13711
msgstr ""
13661
13712
13662
#: serverguide/C/network-auth.xml:357(para)
13713
#: serverguide/C/network-auth.xml:379(para)
13663
13714
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13664
13715
msgstr ""
13665
13716
13666
#: serverguide/C/network-auth.xml:363(para)
13717
#: serverguide/C/network-auth.xml:385(para)
13667
13718
msgid ""
13668
13719
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13669
13720
"this DIT (set up during package install)"
13670
13721
msgstr ""
13671
13722
13672
#: serverguide/C/network-auth.xml:377(title)
13723
#: serverguide/C/network-auth.xml:399(title)
13673
13724
msgid "Modifying/Populating your Database"
13674
13725
msgstr ""
13675
13726
13676
#: serverguide/C/network-auth.xml:379(para)
13727
#: serverguide/C/network-auth.xml:401(para)
13677
13728
msgid ""
13678
13729
"Let's introduce some content to our database. We will add the following:"
13679
13730
msgstr ""
13680
13731
13681
#: serverguide/C/network-auth.xml:386(para)
13732
#: serverguide/C/network-auth.xml:408(para)
13682
13733
msgid "a node called <emphasis>People</emphasis> (to store users)"
13683
13734
msgstr ""
13684
13735
13685
#: serverguide/C/network-auth.xml:392(para)
13736
#: serverguide/C/network-auth.xml:414(para)
13686
13737
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13687
13738
msgstr ""
13688
13739
13689
#: serverguide/C/network-auth.xml:398(para)
13740
#: serverguide/C/network-auth.xml:420(para)
13690
13741
msgid "a group called <emphasis>miners</emphasis>"
13691
13742
msgstr ""
13692
13743
13693
#: serverguide/C/network-auth.xml:404(para)
13744
#: serverguide/C/network-auth.xml:426(para)
13694
13745
msgid "a user called <emphasis>john</emphasis>"
13695
13746
msgstr ""
13696
13747
13697
#: serverguide/C/network-auth.xml:411(para)
13748
#: serverguide/C/network-auth.xml:433(para)
13698
13749
msgid ""
13699
13750
"Create the following LDIF file and call it "
13700
13751
"<filename>add_content.ldif</filename>:"
13701
13752
msgstr ""
13702
13753
13703
#: serverguide/C/network-auth.xml:415(programlisting)
13754
#: serverguide/C/network-auth.xml:437(programlisting)
13704
13755
#, no-wrap
13705
13756
msgid ""
13706
13757
"\n"
13734
13785
"homeDirectory: /home/john\n"
13735
13786
msgstr ""
13736
13787
13737
#: serverguide/C/network-auth.xml:447(para)
13788
#: serverguide/C/network-auth.xml:469(para)
13738
13789
msgid ""
13739
13790
"It's important that uid and gid values in your directory do not collide with "
13740
13791
"local values. Use high number ranges, such as starting at 5000. By setting "
13742
13793
"what can be done with a local user vs a ldap one. More on that later."
13743
13794
msgstr ""
13744
13795
13745
#: serverguide/C/network-auth.xml:455(para)
13796
#: serverguide/C/network-auth.xml:477(para)
13746
13797
msgid "Add the content:"
13747
13798
msgstr ""
13748
13799
13749
#: serverguide/C/network-auth.xml:460(command)
13800
#: serverguide/C/network-auth.xml:482(command)
13750
13801
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
13751
13802
msgstr ""
13752
13803
13753
#: serverguide/C/network-auth.xml:462(application)
13804
#: serverguide/C/network-auth.xml:484(application)
13754
13805
msgid "********"
13755
13806
msgstr ""
13756
13807
13757
#: serverguide/C/network-auth.xml:461(computeroutput)
13808
#: serverguide/C/network-auth.xml:483(computeroutput)
13758
13809
#, no-wrap
13759
13810
msgid ""
13760
13811
"\n"
13768
13819
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
13769
13820
msgstr ""
13770
13821
13771
#: serverguide/C/network-auth.xml:473(para)
13822
#: serverguide/C/network-auth.xml:495(para)
13772
13823
msgid ""
13773
13824
"We can check that the information has been correctly added with the "
13774
13825
"<application>ldapsearch</application> utility:"
13775
13826
msgstr ""
13776
13827
13777
#: serverguide/C/network-auth.xml:478(command)
13828
#: serverguide/C/network-auth.xml:500(command)
13778
13829
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
13779
13830
msgstr ""
13780
13831
13781
#: serverguide/C/network-auth.xml:479(computeroutput)
13832
#: serverguide/C/network-auth.xml:501(computeroutput)
13782
13833
#, no-wrap
13783
13834
msgid ""
13784
13835
"\n"
13787
13838
"gidNumber: 5000\n"
13788
13839
msgstr ""
13789
13840
13790
#: serverguide/C/network-auth.xml:486(para)
13841
#: serverguide/C/network-auth.xml:508(para)
13791
13842
msgid "Explanation of switches:"
13792
13843
msgstr ""
13793
13844
13794
#: serverguide/C/network-auth.xml:493(para)
13845
#: serverguide/C/network-auth.xml:515(para)
13795
13846
msgid ""
13796
13847
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
13797
13848
"method"
13798
13849
msgstr ""
13799
13850
13800
#: serverguide/C/network-auth.xml:499(para)
13851
#: serverguide/C/network-auth.xml:521(para)
13801
13852
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
13802
13853
msgstr ""
13803
13854
13804
#: serverguide/C/network-auth.xml:505(para)
13855
#: serverguide/C/network-auth.xml:527(para)
13805
13856
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
13806
13857
msgstr ""
13807
13858
13808
#: serverguide/C/network-auth.xml:511(para)
13859
#: serverguide/C/network-auth.xml:533(para)
13809
13860
msgid ""
13810
13861
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
13811
13862
"displayed (the default is to show all attributes)"
13812
13863
msgstr ""
13813
13864
13814
#: serverguide/C/network-auth.xml:521(title)
13865
#: serverguide/C/network-auth.xml:543(title)
13815
13866
msgid "Modifying the slapd Configuration Database"
13816
13867
msgstr ""
13817
13868
13818
#: serverguide/C/network-auth.xml:523(para)
13869
#: serverguide/C/network-auth.xml:545(para)
13819
13870
msgid ""
13820
13871
"The slapd-config DIT can also be queried and modified. Here are a few "
13821
13872
"examples."
13822
13873
msgstr ""
13823
13874
13824
#: serverguide/C/network-auth.xml:530(para)
13875
#: serverguide/C/network-auth.xml:552(para)
13825
13876
msgid ""
13826
13877
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
13827
13878
"attribute) to your <application>{1}hdb,cn=config</application> database "
13829
13880
"<filename>uid_index.ldif</filename>, with the following contents:"
13830
13881
msgstr ""
13831
13882
13832
#: serverguide/C/network-auth.xml:535(programlisting)
13883
#: serverguide/C/network-auth.xml:557(programlisting)
13833
13884
#, no-wrap
13834
13885
msgid ""
13835
13886
"\n"
13838
13889
"olcDbIndex: uid eq,pres,sub\n"
13839
13890
msgstr ""
13840
13891
13841
#: serverguide/C/network-auth.xml:541(para)
13892
#: serverguide/C/network-auth.xml:563(para)
13842
13893
msgid "Then issue the command:"
13843
13894
msgstr ""
13844
13895
13845
#: serverguide/C/network-auth.xml:546(command)
13896
#: serverguide/C/network-auth.xml:568(command)
13846
13897
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13847
13898
msgstr ""
13848
13899
13849
#: serverguide/C/network-auth.xml:547(computeroutput)
13900
#: serverguide/C/network-auth.xml:569(computeroutput)
13850
13901
#, no-wrap
13851
13902
msgid ""
13852
13903
"\n"
13853
13904
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13854
13905
msgstr ""
13855
13906
13856
#: serverguide/C/network-auth.xml:552(para)
13907
#: serverguide/C/network-auth.xml:574(para)
13857
13908
msgid "You can confirm the change in this way:"
13858
13909
msgstr ""
13859
13910
13860
#: serverguide/C/network-auth.xml:557(command)
13911
#: serverguide/C/network-auth.xml:579(command)
13861
13912
msgid ""
13862
13913
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
13863
13914
"'(olcDatabase={1}hdb)' olcDbIndex"
13864
13915
msgstr ""
13865
13916
13866
#: serverguide/C/network-auth.xml:559(computeroutput)
13917
#: serverguide/C/network-auth.xml:581(computeroutput)
13867
13918
#, no-wrap
13868
13919
msgid ""
13869
13920
"\n"
13872
13923
"olcDbIndex: uid eq,pres,sub\n"
13873
13924
msgstr ""
13874
13925
13875
#: serverguide/C/network-auth.xml:569(para)
13926
#: serverguide/C/network-auth.xml:591(para)
13876
13927
msgid ""
13877
13928
"Let's add a schema. It will first need to be converted to LDIF format. You "
13878
13929
"can find unconverted schemas in addition to converted ones in the <filename "
13879
13930
"role=\"directory\">/etc/ldap/schema</filename> directory."
13880
13931
msgstr ""
13881
13932
13882
#: serverguide/C/network-auth.xml:577(para)
13933
#: serverguide/C/network-auth.xml:599(para)
13883
13934
msgid ""
13884
13935
"It is not trivial to remove a schema from the slapd-config database. "
13885
13936
"Practice adding schemas on a test system."
13886
13937
msgstr ""
13887
13938
13888
#: serverguide/C/network-auth.xml:583(para)
13939
#: serverguide/C/network-auth.xml:605(para)
13889
13940
msgid ""
13890
13941
"Before adding any schema, you should check which schemas are already "
13891
13942
"installed (shown is a default, out-of-the-box output):"
13892
13943
msgstr ""
13893
13944
13894
#: serverguide/C/network-auth.xml:589(command)
13945
#: serverguide/C/network-auth.xml:611(command)
13895
13946
msgid ""
13896
13947
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
13897
13948
msgstr ""
13898
13949
13899
#: serverguide/C/network-auth.xml:591(computeroutput)
13950
#: serverguide/C/network-auth.xml:613(computeroutput)
13900
13951
#, no-wrap
13901
13952
msgid ""
13902
13953
"\n"
13911
13962
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13912
13963
msgstr ""
13913
13964
13914
#: serverguide/C/network-auth.xml:608(para)
13965
#: serverguide/C/network-auth.xml:630(para)
13915
13966
msgid "In the following example we'll add the CORBA schema."
13916
13967
msgstr ""
13917
13968
13918
#: serverguide/C/network-auth.xml:615(para)
13969
#: serverguide/C/network-auth.xml:637(para)
13919
13970
msgid ""
13920
13971
"Create the conversion configuration file "
13921
13972
"<filename>schema_convert.conf</filename> containing the following lines:"
13922
13973
msgstr ""
13923
13974
13924
#: serverguide/C/network-auth.xml:620(programlisting)
13975
#: serverguide/C/network-auth.xml:642(programlisting)
13925
13976
#, no-wrap
13926
13977
msgid ""
13927
13978
"\n"
13941
13992
"include /etc/ldap/schema/pmi.schema\n"
13942
13993
msgstr ""
13943
13994
13944
#: serverguide/C/network-auth.xml:640(para)
13995
#: serverguide/C/network-auth.xml:662(para)
13945
13996
msgid "Create the output directory <filename>ldif_output</filename>."
13946
13997
msgstr ""
13947
13998
13948
#: serverguide/C/network-auth.xml:646(para) serverguide/C/network-auth.xml:2296(para)
13999
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
13949
14000
msgid "Determine the index of the schema:"
13950
14001
msgstr ""
13951
14002
13952
#: serverguide/C/network-auth.xml:651(command)
14003
#: serverguide/C/network-auth.xml:673(command)
13953
14004
msgid ""
13954
14005
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
13955
14006
msgstr ""
13956
14007
13957
#: serverguide/C/network-auth.xml:652(computeroutput)
14008
#: serverguide/C/network-auth.xml:674(computeroutput)
13958
14009
#, no-wrap
13959
14010
msgid ""
13960
14011
"\n"
13961
14012
"cn={1}corba,cn=schema,cn=config\n"
13962
14013
msgstr ""
13963
14014
13964
#: serverguide/C/network-auth.xml:658(para)
14015
#: serverguide/C/network-auth.xml:685(para)
13965
14016
msgid ""
13966
14017
"When slapd ingests objects with the same parent DN it will create an "
13967
14018
"<emphasis>index</emphasis> for that object. An index is contained within "
13968
14019
"braces: <application>{X}</application>."
13969
14020
msgstr ""
13970
14021
13971
#: serverguide/C/network-auth.xml:667(para)
14022
#: serverguide/C/network-auth.xml:689(para)
13972
14023
msgid "Use <application>slapcat</application> to perform the conversion:"
13973
14024
msgstr ""
13974
14025
13975
#: serverguide/C/network-auth.xml:672(command)
14026
#: serverguide/C/network-auth.xml:694(command)
13976
14027
msgid ""
13977
14028
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
13978
14029
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
13979
14030
msgstr ""
13980
14031
13981
#: serverguide/C/network-auth.xml:676(para)
14032
#: serverguide/C/network-auth.xml:698(para)
13982
14033
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
13983
14034
msgstr ""
13984
14035
13985
#: serverguide/C/network-auth.xml:682(para)
14036
#: serverguide/C/network-auth.xml:704(para)
13986
14037
msgid ""
13987
14038
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
13988
14039
"attributes:"
13989
14040
msgstr ""
13990
14041
13991
#: serverguide/C/network-auth.xml:686(programlisting)
14042
#: serverguide/C/network-auth.xml:708(programlisting)
13992
14043
#, no-wrap
13993
14044
msgid ""
13994
14045
"\n"
13997
14048
"cn: corba\n"
13998
14049
msgstr ""
13999
14050
14000
#: serverguide/C/network-auth.xml:692(para)
14051
#: serverguide/C/network-auth.xml:714(para)
14001
14052
msgid "Also remove the following lines from the bottom:"
14002
14053
msgstr ""
14003
14054
14004
#: serverguide/C/network-auth.xml:696(programlisting)
14055
#: serverguide/C/network-auth.xml:718(programlisting)
14005
14056
#, no-wrap
14006
14057
msgid ""
14007
14058
"\n"
14014
14065
"modifyTimestamp: 20110829165435Z\n"
14015
14066
msgstr ""
14016
14067
14017
#: serverguide/C/network-auth.xml:706(para) serverguide/C/network-auth.xml:2346(para)
14068
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14018
14069
msgid "Your attribute values will vary."
14019
14070
msgstr ""
14020
14071
14021
#: serverguide/C/network-auth.xml:712(para)
14072
#: serverguide/C/network-auth.xml:734(para)
14022
14073
msgid ""
14023
14074
"Finally, use <application>ldapadd</application> to add the new schema to the "
14024
14075
"slapd-config DIT:"
14025
14076
msgstr ""
14026
14077
14027
#: serverguide/C/network-auth.xml:717(command)
14078
#: serverguide/C/network-auth.xml:739(command)
14028
14079
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14029
14080
msgstr ""
14030
14081
14031
#: serverguide/C/network-auth.xml:718(computeroutput)
14082
#: serverguide/C/network-auth.xml:740(computeroutput)
14032
14083
#, no-wrap
14033
14084
msgid ""
14034
14085
"\n"
14035
14086
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14036
14087
msgstr ""
14037
14088
14038
#: serverguide/C/network-auth.xml:726(para)
14089
#: serverguide/C/network-auth.xml:748(para)
14039
14090
msgid "Confirm currently loaded schemas:"
14040
14091
msgstr ""
14041
14092
14042
#: serverguide/C/network-auth.xml:731(command)
14093
#: serverguide/C/network-auth.xml:753(command)
14043
14094
msgid ""
14044
14095
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14045
14096
msgstr ""
14046
14097
14047
#: serverguide/C/network-auth.xml:732(computeroutput)
14098
#: serverguide/C/network-auth.xml:754(computeroutput)
14048
14099
#, no-wrap
14049
14100
msgid ""
14050
14101
"\n"
14061
14112
"dn: cn={4}corba,cn=schema,cn=config\n"
14062
14113
msgstr ""
14063
14114
14064
#: serverguide/C/network-auth.xml:756(para)
14115
#: serverguide/C/network-auth.xml:778(para)
14065
14116
msgid ""
14066
14117
"For external applications and clients to authenticate using LDAP they will "
14067
14118
"each need to be specifically configured to do so. Refer to the appropriate "
14068
14119
"client-side documentation for details."
14069
14120
msgstr ""
14070
14121
14071
#: serverguide/C/network-auth.xml:767(para)
14122
#: serverguide/C/network-auth.xml:789(para)
14072
14123
msgid ""
14073
14124
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14074
14125
"based solution yet it must be manually enabled after software installation. "
14076
14127
"any other slapd configuration, is enabled via the slapd-config database."
14077
14128
msgstr ""
14078
14129
14079
#: serverguide/C/network-auth.xml:773(para)
14130
#: serverguide/C/network-auth.xml:795(para)
14080
14131
msgid ""
14081
14132
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14082
14133
"containing the lower one (additive). A good level to try is "
14086
14137
"different subsystems."
14087
14138
msgstr ""
14088
14139
14089
#: serverguide/C/network-auth.xml:779(para)
14140
#: serverguide/C/network-auth.xml:801(para)
14090
14141
msgid ""
14091
14142
"Create the file <filename>logging.ldif</filename> with the following "
14092
14143
"contents:"
14093
14144
msgstr ""
14094
14145
14095
#: serverguide/C/network-auth.xml:783(programlisting)
14146
#: serverguide/C/network-auth.xml:805(programlisting)
14096
14147
#, no-wrap
14097
14148
msgid ""
14098
14149
"\n"
14099
14150
"dn: cn=config\n"
14100
14151
"changetype: modify\n"
14101
"add: olcLogLevel\n"
14152
"replace: olcLogLevel\n"
14102
14153
"olcLogLevel: stats\n"
14103
14154
msgstr ""
14104
14155
14105
#: serverguide/C/network-auth.xml:790(para)
14156
#: serverguide/C/network-auth.xml:812(para)
14106
14157
msgid "Implement the change:"
14107
14158
msgstr ""
14108
14159
14109
#: serverguide/C/network-auth.xml:795(command)
14160
#: serverguide/C/network-auth.xml:817(command)
14110
14161
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14111
14162
msgstr ""
14112
14163
14113
#: serverguide/C/network-auth.xml:798(para)
14164
#: serverguide/C/network-auth.xml:820(para)
14114
14165
msgid ""
14115
14166
"This will produce a significant amount of logging and you will want to "
14116
14167
"throttle back to a less verbose level once your system is in production. "
14118
14169
"hard time keeping up and may drop messages:"
14119
14170
msgstr ""
14120
14171
14121
#: serverguide/C/network-auth.xml:804(programlisting)
14172
#: serverguide/C/network-auth.xml:826(programlisting)
14122
14173
#, no-wrap
14123
14174
msgid ""
14124
14175
"\n"
14126
14177
"limiting\n"
14127
14178
msgstr ""
14128
14179
14129
#: serverguide/C/network-auth.xml:808(para)
14180
#: serverguide/C/network-auth.xml:830(para)
14130
14181
msgid ""
14131
14182
"You may consider a change to rsyslog's configuration. In "
14132
14183
"<filename>/etc/rsyslog.conf</filename>, put:"
14133
14184
msgstr ""
14134
14185
14135
#: serverguide/C/network-auth.xml:812(programlisting)
14186
#: serverguide/C/network-auth.xml:834(programlisting)
14136
14187
#, no-wrap
14137
14188
msgid ""
14138
14189
"\n"
14141
14192
"$SystemLogRateLimitInterval 0\n"
14142
14193
msgstr ""
14143
14194
14144
#: serverguide/C/network-auth.xml:818(para)
14195
#: serverguide/C/network-auth.xml:840(para)
14145
14196
msgid "And then restart the rsyslog daemon:"
14146
14197
msgstr ""
14147
14198
14148
#: serverguide/C/network-auth.xml:823(command)
14199
#: serverguide/C/network-auth.xml:845(command)
14149
14200
msgid "sudo service rsyslog restart"
14150
14201
msgstr ""
14151
14202
14152
#: serverguide/C/network-auth.xml:829(title)
14203
#: serverguide/C/network-auth.xml:851(title)
14153
14204
msgid "Replication"
14154
14205
msgstr ""
14155
14206
14156
#: serverguide/C/network-auth.xml:831(para)
14207
#: serverguide/C/network-auth.xml:853(para)
14157
14208
msgid ""
14158
14209
"The LDAP service becomes increasingly important as more networked systems "
14159
14210
"begin to depend on it. In such an environment, it is standard practice to "
14162
14213
"replication</emphasis>."
14163
14214
msgstr ""
14164
14215
14165
#: serverguide/C/network-auth.xml:837(para)
14216
#: serverguide/C/network-auth.xml:859(para)
14166
14217
msgid ""
14167
14218
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14168
14219
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14174
14225
"be sent, not entire entries."
14175
14226
msgstr ""
14176
14227
14177
#: serverguide/C/network-auth.xml:846(title)
14228
#: serverguide/C/network-auth.xml:868(title)
14178
14229
msgid "Provider Configuration"
14179
14230
msgstr ""
14180
14231
14181
#: serverguide/C/network-auth.xml:848(para)
14232
#: serverguide/C/network-auth.xml:870(para)
14182
14233
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14183
14234
msgstr ""
14184
14235
14185
#: serverguide/C/network-auth.xml:855(para)
14236
#: serverguide/C/network-auth.xml:877(para)
14186
14237
msgid ""
14187
14238
"Create an LDIF file with the following contents and name it "
14188
14239
"<filename>provider_sync.ldif</filename>:"
14189
14240
msgstr ""
14190
14241
14191
#: serverguide/C/network-auth.xml:859(programlisting)
14242
#: serverguide/C/network-auth.xml:881(programlisting)
14192
14243
#, no-wrap
14193
14244
msgid ""
14194
14245
"\n"
14250
14301
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14251
14302
msgstr ""
14252
14303
14253
#: serverguide/C/network-auth.xml:918(para)
14304
#: serverguide/C/network-auth.xml:940(para)
14254
14305
msgid ""
14255
14306
"Change the rootDN in the LDIF file to match the one you have for your "
14256
14307
"directory."
14257
14308
msgstr ""
14258
14309
14259
#: serverguide/C/network-auth.xml:925(para)
14310
#: serverguide/C/network-auth.xml:947(para)
14260
14311
msgid ""
14261
"The <application>apparmor</application> profile for slapd will need to be "
14262
"adjusted for the accesslog database location. Edit "
14263
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
14264
"following:"
14312
"The <application>apparmor</application> profile for slapd will not need to "
14313
"be adjusted for the accesslog database location since "
14314
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14265
14315
msgstr ""
14266
14316
14267
#: serverguide/C/network-auth.xml:931(programlisting)
14317
#: serverguide/C/network-auth.xml:952(programlisting)
14268
14318
#, no-wrap
14269
14319
msgid ""
14270
14320
"\n"
14271
"/var/lib/ldap/accesslog/ r,\n"
14272
"/var/lib/ldap/accesslog/** rwk,\n"
14321
"/var/lib/ldap/ r,\n"
14322
"/var/lib/ldap/** rwk,\n"
14273
14323
msgstr ""
14274
14324
14275
#: serverguide/C/network-auth.xml:936(para)
14325
#: serverguide/C/network-auth.xml:957(para)
14276
14326
msgid ""
14277
14327
"Create a directory, set up a databse config file, and reload the apparmor "
14278
14328
"profile:"
14279
14329
msgstr ""
14280
14330
14281
#: serverguide/C/network-auth.xml:941(command)
14331
#: serverguide/C/network-auth.xml:962(command)
14282
14332
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14283
14333
msgstr ""
14284
14334
14285
#: serverguide/C/network-auth.xml:942(command)
14335
#: serverguide/C/network-auth.xml:963(command)
14286
14336
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14287
14337
msgstr ""
14288
14338
14289
#: serverguide/C/network-auth.xml:949(para)
14339
#: serverguide/C/network-auth.xml:970(para)
14290
14340
msgid ""
14291
14341
"Add the new content and, due to the apparmor change, restart the daemon:"
14292
14342
msgstr ""
14293
14343
14294
#: serverguide/C/network-auth.xml:954(command)
14344
#: serverguide/C/network-auth.xml:975(command)
14295
14345
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14296
14346
msgstr ""
14297
14347
14298
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
14348
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14299
14349
msgid "sudo service slapd restart"
14300
14350
msgstr ""
14301
14351
14302
#: serverguide/C/network-auth.xml:962(para)
14352
#: serverguide/C/network-auth.xml:983(para)
14303
14353
msgid "The Provider is now configured."
14304
14354
msgstr ""
14305
14355
14306
#: serverguide/C/network-auth.xml:969(title)
14356
#: serverguide/C/network-auth.xml:990(title)
14307
14357
msgid "Consumer Configuration"
14308
14358
msgstr ""
14309
14359
14310
#: serverguide/C/network-auth.xml:971(para)
14360
#: serverguide/C/network-auth.xml:992(para)
14311
14361
msgid "And now configure the <emphasis>Consumer</emphasis>."
14312
14362
msgstr ""
14313
14363
14314
#: serverguide/C/network-auth.xml:978(para)
14364
#: serverguide/C/network-auth.xml:999(para)
14315
14365
msgid ""
14316
14366
"Install the software by going through <xref linkend=\"openldap-server-"
14317
14367
"installation\"/>. Make sure the slapd-config databse is identical to the "
14319
14369
"same."
14320
14370
msgstr ""
14321
14371
14322
#: serverguide/C/network-auth.xml:985(para)
14372
#: serverguide/C/network-auth.xml:1006(para)
14323
14373
msgid ""
14324
14374
"Create an LDIF file with the following contents and name it "
14325
14375
"<filename>consumer_sync.ldif</filename>:"
14326
14376
msgstr ""
14327
14377
14328
#: serverguide/C/network-auth.xml:989(programlisting)
14378
#: serverguide/C/network-auth.xml:1010(programlisting)
14329
14379
#, no-wrap
14330
14380
msgid ""
14331
14381
"\n"
14352
14402
"olcUpdateRef: ldap://ldap01.example.com\n"
14353
14403
msgstr ""
14354
14404
14355
#: serverguide/C/network-auth.xml:1010(para)
14405
#: serverguide/C/network-auth.xml:1031(para)
14356
14406
msgid "Ensure the following attributes have the correct values:"
14357
14407
msgstr ""
14358
14408
14359
#: serverguide/C/network-auth.xml:1015(para)
14409
#: serverguide/C/network-auth.xml:1036(para)
14360
14410
msgid ""
14361
14411
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14362
14412
"ldap01.example.com in this example -- or IP address)"
14363
14413
msgstr ""
14364
14414
14365
#: serverguide/C/network-auth.xml:1016(para)
14415
#: serverguide/C/network-auth.xml:1037(para)
14366
14416
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14367
14417
msgstr ""
14368
14418
14369
#: serverguide/C/network-auth.xml:1017(para)
14419
#: serverguide/C/network-auth.xml:1038(para)
14370
14420
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14371
14421
msgstr ""
14372
14422
14373
#: serverguide/C/network-auth.xml:1018(para)
14423
#: serverguide/C/network-auth.xml:1039(para)
14374
14424
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14375
14425
msgstr ""
14376
14426
14377
#: serverguide/C/network-auth.xml:1019(para)
14427
#: serverguide/C/network-auth.xml:1040(para)
14378
14428
msgid ""
14379
14429
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14380
14430
msgstr ""
14381
14431
14382
#: serverguide/C/network-auth.xml:1020(para)
14432
#: serverguide/C/network-auth.xml:1041(para)
14383
14433
msgid ""
14384
14434
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14385
14435
"replica. Each consumer should have at least one rid)"
14386
14436
msgstr ""
14387
14437
14388
#: serverguide/C/network-auth.xml:1029(para)
14438
#: serverguide/C/network-auth.xml:1050(para)
14389
14439
msgid "Add the new content:"
14390
14440
msgstr ""
14391
14441
14392
#: serverguide/C/network-auth.xml:1034(command)
14442
#: serverguide/C/network-auth.xml:1055(command)
14393
14443
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14394
14444
msgstr ""
14395
14445
14396
#: serverguide/C/network-auth.xml:1041(para)
14446
#: serverguide/C/network-auth.xml:1062(para)
14397
14447
msgid ""
14398
14448
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14399
14449
"synchronizing."
14400
14450
msgstr ""
14401
14451
14402
#: serverguide/C/network-auth.xml:1050(para)
14452
#: serverguide/C/network-auth.xml:1071(para)
14403
14453
msgid "Once replication starts, you can monitor it by running"
14404
14454
msgstr ""
14405
14455
14406
#: serverguide/C/network-auth.xml:1055(command)
14456
#: serverguide/C/network-auth.xml:1081(command)
14407
14457
msgid ""
14408
14458
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14409
14459
"contextCSN"
14410
14460
msgstr ""
14411
14461
14412
#: serverguide/C/network-auth.xml:1056(computeroutput)
14462
#: serverguide/C/network-auth.xml:1077(computeroutput)
14413
14463
#, no-wrap
14414
14464
msgid ""
14415
14465
"\n"
14417
14467
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14418
14468
msgstr ""
14419
14469
14420
#: serverguide/C/network-auth.xml:1062(para)
14470
#: serverguide/C/network-auth.xml:1083(para)
14421
14471
msgid ""
14422
14472
"on both the provider and the consumer. Once the output "
14423
14473
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14426
14476
"the one in the consumer(s)."
14427
14477
msgstr ""
14428
14478
14429
#: serverguide/C/network-auth.xml:1071(para)
14479
#: serverguide/C/network-auth.xml:1092(para)
14430
14480
msgid ""
14431
14481
"If your connection is slow and/or your ldap database large, it might take a "
14432
14482
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14434
14484
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14435
14485
msgstr ""
14436
14486
14437
#: serverguide/C/network-auth.xml:1079(para)
14487
#: serverguide/C/network-auth.xml:1100(para)
14438
14488
msgid ""
14439
14489
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14440
14490
"match the provider, you should stop and figure out the issue before "
14444
14494
"statements) return no errors."
14445
14495
msgstr ""
14446
14496
14447
#: serverguide/C/network-auth.xml:1088(para)
14497
#: serverguide/C/network-auth.xml:1109(para)
14448
14498
msgid ""
14449
14499
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14450
14500
msgstr ""
14451
14501
14452
#: serverguide/C/network-auth.xml:1093(command)
14502
#: serverguide/C/network-auth.xml:1114(command)
14453
14503
msgid ""
14454
14504
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14455
14505
msgstr ""
14456
14506
14457
#: serverguide/C/network-auth.xml:1096(para)
14507
#: serverguide/C/network-auth.xml:1117(para)
14458
14508
msgid ""
14459
14509
"You should see the user 'john' and the group 'miners' as well as the nodes "
14460
14510
"'People' and 'Groups'."
14461
14511
msgstr ""
14462
14512
14463
#: serverguide/C/network-auth.xml:1105(title)
14513
#: serverguide/C/network-auth.xml:1126(title)
14464
14514
msgid "Access Control"
14465
14515
msgstr ""
14466
14516
14467
#: serverguide/C/network-auth.xml:1107(para)
14517
#: serverguide/C/network-auth.xml:1128(para)
14468
14518
msgid ""
14469
14519
"The management of what type of access (read, write, etc) users should be "
14470
14520
"granted to resources is known as <emphasis>access control</emphasis>. The "
14472
14522
"lists</emphasis> or ACL."
14473
14523
msgstr ""
14474
14524
14475
#: serverguide/C/network-auth.xml:1112(para)
14525
#: serverguide/C/network-auth.xml:1133(para)
14476
14526
msgid ""
14477
14527
"When we installed the slapd package various ACL were set up automatically. "
14478
14528
"We will look at a few important consequences of those defaults and, in so "
14479
14529
"doing, we'll get an idea of how ACLs work and how they're configured."
14480
14530
msgstr ""
14481
14531
14482
#: serverguide/C/network-auth.xml:1117(para)
14532
#: serverguide/C/network-auth.xml:1138(para)
14483
14533
msgid ""
14484
14534
"To get the effective ACL for an LDAP query we need to look at the ACL "
14485
14535
"entries of the database being queried as well as those of the special "
14491
14541
"(\"dc=example,dc=com\") and those of the frontend database:"
14492
14542
msgstr ""
14493
14543
14494
#: serverguide/C/network-auth.xml:1126(command)
14544
#: serverguide/C/network-auth.xml:1147(command)
14495
14545
msgid ""
14496
14546
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14497
14547
"'(olcDatabase={1}hdb)' olcAccess"
14498
14548
msgstr ""
14499
14549
14500
#: serverguide/C/network-auth.xml:1128(computeroutput)
14550
#: serverguide/C/network-auth.xml:1149(computeroutput)
14501
14551
#, no-wrap
14502
14552
msgid ""
14503
14553
"\n"
14511
14561
" read\n"
14512
14562
msgstr ""
14513
14563
14514
#: serverguide/C/network-auth.xml:1139(para)
14564
#: serverguide/C/network-auth.xml:1160(para)
14515
14565
msgid ""
14516
"The rootDN always has full rights to it's database. Including it in an ACL "
14566
"The rootDN always has full rights to its database. Including it in an ACL "
14517
14567
"does provide an explicit configuration but it also causes slapd to incur a "
14518
14568
"performance penalty."
14519
14569
msgstr ""
14520
14570
14521
#: serverguide/C/network-auth.xml:1146(command)
14571
#: serverguide/C/network-auth.xml:1167(command)
14522
14572
msgid ""
14523
14573
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14524
14574
"'(olcDatabase={-1}frontend)' olcAccess"
14525
14575
msgstr ""
14526
14576
14527
#: serverguide/C/network-auth.xml:1148(computeroutput)
14577
#: serverguide/C/network-auth.xml:1169(computeroutput)
14528
14578
#, no-wrap
14529
14579
msgid ""
14530
14580
"\n"
14535
14585
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14536
14586
msgstr ""
14537
14587
14538
#: serverguide/C/network-auth.xml:1157(para)
14588
#: serverguide/C/network-auth.xml:1178(para)
14539
14589
msgid "The very first ACL is crucial:"
14540
14590
msgstr ""
14541
14591
14542
#: serverguide/C/network-auth.xml:1161(programlisting)
14592
#: serverguide/C/network-auth.xml:1182(programlisting)
14543
14593
#, no-wrap
14544
14594
msgid ""
14545
14595
"\n"
14548
14598
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14549
14599
msgstr ""
14550
14600
14551
#: serverguide/C/network-auth.xml:1166(para)
14601
#: serverguide/C/network-auth.xml:1187(para)
14552
14602
msgid "This can be represented differently for easier digestion:"
14553
14603
msgstr ""
14554
14604
14555
#: serverguide/C/network-auth.xml:1170(programlisting)
14605
#: serverguide/C/network-auth.xml:1191(programlisting)
14556
14606
#, no-wrap
14557
14607
msgid ""
14558
14608
"\n"
14569
14619
"\tby * none\n"
14570
14620
msgstr ""
14571
14621
14572
#: serverguide/C/network-auth.xml:1184(para)
14622
#: serverguide/C/network-auth.xml:1205(para)
14573
14623
msgid "This compound ACL (there are 2) enforces the following:"
14574
14624
msgstr ""
14575
14625
14576
#: serverguide/C/network-auth.xml:1191(para)
14626
#: serverguide/C/network-auth.xml:1212(para)
14577
14627
msgid ""
14578
14628
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14579
14629
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14582
14632
"occur (see next point)."
14583
14633
msgstr ""
14584
14634
14585
#: serverguide/C/network-auth.xml:1199(para)
14635
#: serverguide/C/network-auth.xml:1220(para)
14586
14636
msgid ""
14587
14637
"Authentication can happen because all users have 'read' (due to 'by self "
14588
14638
"write') access to the <emphasis>userPassword</emphasis> attribute."
14589
14639
msgstr ""
14590
14640
14591
#: serverguide/C/network-auth.xml:1205(para)
14641
#: serverguide/C/network-auth.xml:1226(para)
14592
14642
msgid ""
14593
14643
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14594
14644
"all other users, with the exception of the rootDN, who has complete access "
14595
14645
"to it."
14596
14646
msgstr ""
14597
14647
14598
#: serverguide/C/network-auth.xml:1212(para)
14648
#: serverguide/C/network-auth.xml:1233(para)
14599
14649
msgid ""
14600
14650
"In order for users to change their own password, using "
14601
14651
"<command>passwd</command> or other utilities, the "
14603
14653
"a user has authenticated."
14604
14654
msgstr ""
14605
14655
14606
#: serverguide/C/network-auth.xml:1220(para)
14656
#: serverguide/C/network-auth.xml:1241(para)
14607
14657
msgid ""
14608
14658
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14609
14659
msgstr ""
14610
14660
14611
#: serverguide/C/network-auth.xml:1224(programlisting)
14661
#: serverguide/C/network-auth.xml:1245(programlisting)
14612
14662
#, no-wrap
14613
14663
msgid ""
14614
14664
"\n"
14618
14668
"\tby * read\n"
14619
14669
msgstr ""
14620
14670
14621
#: serverguide/C/network-auth.xml:1231(para)
14671
#: serverguide/C/network-auth.xml:1252(para)
14622
14672
msgid ""
14623
14673
"If this is unwanted then you need to change the ACLs. To force "
14624
14674
"authentication during a bind request you can alternatively (or in "
14625
14675
"combination with the modified ACL) use the 'olcRequire: authc' directive."
14626
14676
msgstr ""
14627
14677
14628
#: serverguide/C/network-auth.xml:1236(para)
14678
#: serverguide/C/network-auth.xml:1257(para)
14629
14679
msgid ""
14630
14680
"As previously mentioned, there is no administrative account created for the "
14631
14681
"slapd-config database. There is, however, a SASL identity that is granted "
14633
14683
"it is:"
14634
14684
msgstr ""
14635
14685
14636
#: serverguide/C/network-auth.xml:1241(programlisting)
14686
#: serverguide/C/network-auth.xml:1262(programlisting)
14637
14687
#, no-wrap
14638
14688
msgid ""
14639
14689
"\n"
14640
14690
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
14641
14691
msgstr ""
14642
14692
14643
#: serverguide/C/network-auth.xml:1245(para)
14693
#: serverguide/C/network-auth.xml:1266(para)
14644
14694
msgid ""
14645
14695
"The following command will display the ACLs of the slapd-config database:"
14646
14696
msgstr ""
14647
14697
14648
#: serverguide/C/network-auth.xml:1250(command)
14698
#: serverguide/C/network-auth.xml:1271(command)
14649
14699
msgid ""
14650
14700
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14651
14701
"'(olcDatabase={0}config)' olcAccess"
14652
14702
msgstr ""
14653
14703
14654
#: serverguide/C/network-auth.xml:1252(computeroutput)
14704
#: serverguide/C/network-auth.xml:1273(computeroutput)
14655
14705
#, no-wrap
14656
14706
msgid ""
14657
14707
"\n"
14660
14710
" cn=external,cn=auth manage by * break\n"
14661
14711
msgstr ""
14662
14712
14663
#: serverguide/C/network-auth.xml:1259(para)
14713
#: serverguide/C/network-auth.xml:1285(para)
14664
14714
msgid ""
14665
14715
"Since this is a SASL identity we need to use a SASL "
14666
14716
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
14668
14718
"mechanism. See the previous command for an example. Note that:"
14669
14719
msgstr ""
14670
14720
14671
#: serverguide/C/network-auth.xml:1267(para)
14721
#: serverguide/C/network-auth.xml:1288(para)
14672
14722
msgid ""
14673
14723
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
14674
14724
"for the ACL to match."
14675
14725
msgstr ""
14676
14726
14677
#: serverguide/C/network-auth.xml:1273(para)
14727
#: serverguide/C/network-auth.xml:1294(para)
14678
14728
msgid ""
14679
14729
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
14680
14730
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
14681
14731
msgstr ""
14682
14732
14683
#: serverguide/C/network-auth.xml:1281(para)
14733
#: serverguide/C/network-auth.xml:1302(para)
14684
14734
msgid "A succinct way to get all the ACLs is like this:"
14685
14735
msgstr ""
14686
14736
14687
#: serverguide/C/network-auth.xml:1286(command)
14737
#: serverguide/C/network-auth.xml:1307(command)
14688
14738
msgid ""
14689
14739
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14690
14740
"'(olcAccess=*)' olcAccess olcSuffix"
14691
14741
msgstr ""
14692
14742
14693
#: serverguide/C/network-auth.xml:1290(para)
14743
#: serverguide/C/network-auth.xml:1311(para)
14694
14744
msgid ""
14695
14745
"There is much to say on the topic of access control. See the man page for "
14696
14746
"<ulink "
14698
14748
".access</ulink>."
14699
14749
msgstr ""
14700
14750
14701
#: serverguide/C/network-auth.xml:1298(title)
14751
#: serverguide/C/network-auth.xml:1319(title)
14702
14752
msgid "TLS"
14703
14753
msgstr ""
14704
14754
14705
#: serverguide/C/network-auth.xml:1300(para)
14755
#: serverguide/C/network-auth.xml:1321(para)
14706
14756
msgid ""
14707
14757
"When authenticating to an OpenLDAP server it is best to do so using an "
14708
14758
"encrypted session. This can be accomplished using Transport Layer Security "
14709
14759
"(TLS)."
14710
14760
msgstr ""
14711
14761
14712
#: serverguide/C/network-auth.xml:1305(para)
14762
#: serverguide/C/network-auth.xml:1326(para)
14713
14763
msgid ""
14714
14764
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
14715
14765
"create and sign our LDAP server certificate as that CA. Since "
14718
14768
"<application>certtool</application> utility to complete these tasks."
14719
14769
msgstr ""
14720
14770
14721
#: serverguide/C/network-auth.xml:1314(para)
14771
#: serverguide/C/network-auth.xml:1335(para)
14722
14772
msgid ""
14723
14773
"Install the <application>gnutls-bin</application> and <application>ssl-"
14724
14774
"cert</application> packages:"
14725
14775
msgstr ""
14726
14776
14727
#: serverguide/C/network-auth.xml:1319(command)
14777
#: serverguide/C/network-auth.xml:1340(command)
14728
14778
msgid "sudo apt-get install gnutls-bin ssl-cert"
14729
14779
msgstr ""
14730
14780
14731
#: serverguide/C/network-auth.xml:1325(para)
14781
#: serverguide/C/network-auth.xml:1346(para)
14732
14782
msgid "Create a private key for the Certificate Authority:"
14733
14783
msgstr ""
14734
14784
14735
#: serverguide/C/network-auth.xml:1330(command)
14785
#: serverguide/C/network-auth.xml:1351(command)
14736
14786
msgid ""
14737
14787
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14738
14788
msgstr ""
14739
14789
14740
#: serverguide/C/network-auth.xml:1336(para)
14790
#: serverguide/C/network-auth.xml:1357(para)
14741
14791
msgid ""
14742
14792
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
14743
14793
"CA:"
14744
14794
msgstr ""
14745
14795
14746
#: serverguide/C/network-auth.xml:1340(programlisting)
14796
#: serverguide/C/network-auth.xml:1361(programlisting)
14747
14797
#, no-wrap
14748
14798
msgid ""
14749
14799
"\n"
14752
14802
"cert_signing_key\n"
14753
14803
msgstr ""
14754
14804
14755
#: serverguide/C/network-auth.xml:1349(para)
14805
#: serverguide/C/network-auth.xml:1370(para)
14756
14806
msgid "Create the self-signed CA certificate:"
14757
14807
msgstr ""
14758
14808
14759
#: serverguide/C/network-auth.xml:1354(command)
14809
#: serverguide/C/network-auth.xml:1375(command)
14760
14810
msgid ""
14761
14811
"sudo certtool --generate-self-signed \\ --load-privkey "
14762
14812
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14763
14813
"/etc/ssl/certs/cacert.pem"
14764
14814
msgstr ""
14765
14815
14766
#: serverguide/C/network-auth.xml:1363(para)
14816
#: serverguide/C/network-auth.xml:1384(para)
14767
14817
msgid "Make a private key for the server:"
14768
14818
msgstr ""
14769
14819
14770
#: serverguide/C/network-auth.xml:1368(command)
14820
#: serverguide/C/network-auth.xml:1389(command)
14771
14821
msgid ""
14772
14822
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14773
14823
"/etc/ssl/private/ldap01_slapd_key.pem"
14774
14824
msgstr ""
14775
14825
14776
#: serverguide/C/network-auth.xml:1374(para)
14826
#: serverguide/C/network-auth.xml:1395(para)
14777
14827
msgid ""
14778
14828
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14779
14829
"hostname. Naming the certificate and key for the host and service that will "
14780
14830
"be using them will help keep things clear."
14781
14831
msgstr ""
14782
14832
14783
#: serverguide/C/network-auth.xml:1383(para)
14833
#: serverguide/C/network-auth.xml:1404(para)
14784
14834
msgid ""
14785
14835
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14786
14836
msgstr ""
14787
14837
14788
#: serverguide/C/network-auth.xml:1387(programlisting)
14838
#: serverguide/C/network-auth.xml:1408(programlisting)
14789
14839
#, no-wrap
14790
14840
msgid ""
14791
14841
"\n"
14797
14847
"expiration_days = 3650\n"
14798
14848
msgstr ""
14799
14849
14800
#: serverguide/C/network-auth.xml:1396(para)
14850
#: serverguide/C/network-auth.xml:1417(para)
14801
14851
msgid "The above certificate is good for 10 years. Adjust accordingly."
14802
14852
msgstr ""
14803
14853
14804
#: serverguide/C/network-auth.xml:1402(para)
14854
#: serverguide/C/network-auth.xml:1423(para)
14805
14855
msgid "Create the server's certificate:"
14806
14856
msgstr ""
14807
14857
14808
#: serverguide/C/network-auth.xml:1407(command)
14858
#: serverguide/C/network-auth.xml:1428(command)
14809
14859
msgid ""
14810
14860
"sudo certtool --generate-certificate \\ --load-privkey "
14811
14861
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
14814
14864
"/etc/ssl/certs/ldap01_slapd_cert.pem"
14815
14865
msgstr ""
14816
14866
14817
#: serverguide/C/network-auth.xml:1419(para)
14867
#: serverguide/C/network-auth.xml:1440(para)
14818
14868
msgid ""
14819
14869
"Create the file <filename>certinfo.ldif</filename> with the following "
14820
14870
"contents (adjust accordingly, our example assumes we created certs using "
14821
14871
"https://www.cacert.org):"
14822
14872
msgstr ""
14823
14873
14824
#: serverguide/C/network-auth.xml:1423(programlisting)
14874
#: serverguide/C/network-auth.xml:1444(programlisting)
14825
14875
#, no-wrap
14826
14876
msgid ""
14827
14877
"\n"
14836
14886
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
14837
14887
msgstr ""
14838
14888
14839
#: serverguide/C/network-auth.xml:1435(para)
14889
#: serverguide/C/network-auth.xml:1456(para)
14840
14890
msgid ""
14841
14891
"Use the <application>ldapmodify</application> command to tell slapd about "
14842
14892
"our TLS work via the slapd-config database:"
14843
14893
msgstr ""
14844
14894
14845
#: serverguide/C/network-auth.xml:1440(command)
14895
#: serverguide/C/network-auth.xml:1461(command)
14846
14896
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
14847
14897
msgstr ""
14848
14898
14849
#: serverguide/C/network-auth.xml:1443(para)
14899
#: serverguide/C/network-auth.xml:1464(para)
14850
14900
msgid ""
14851
14901
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
14852
14902
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
14853
14903
"should have just:"
14854
14904
msgstr ""
14855
14905
14856
#: serverguide/C/network-auth.xml:1448(programlisting)
14906
#: serverguide/C/network-auth.xml:1469(programlisting)
14857
14907
#, no-wrap
14858
14908
msgid ""
14859
14909
"\n"
14860
14910
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
14861
14911
msgstr ""
14862
14912
14863
#: serverguide/C/network-auth.xml:1453(para)
14913
#: serverguide/C/network-auth.xml:1474(para)
14864
14914
msgid ""
14865
14915
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
14866
14916
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
14869
14919
"over TCP port 636."
14870
14920
msgstr ""
14871
14921
14872
#: serverguide/C/network-auth.xml:1461(para)
14922
#: serverguide/C/network-auth.xml:1482(para)
14873
14923
msgid "Tighten up ownership and permissions:"
14874
14924
msgstr ""
14875
14925
14876
#: serverguide/C/network-auth.xml:1466(command) serverguide/C/network-auth.xml:1583(command)
14926
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
14877
14927
msgid "sudo adduser openldap ssl-cert"
14878
14928
msgstr ""
14879
14929
14880
#: serverguide/C/network-auth.xml:1467(command)
14930
#: serverguide/C/network-auth.xml:1488(command)
14881
14931
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14882
14932
msgstr ""
14883
14933
14884
#: serverguide/C/network-auth.xml:1468(command)
14934
#: serverguide/C/network-auth.xml:1489(command)
14885
14935
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14886
14936
msgstr ""
14887
14937
14888
#: serverguide/C/network-auth.xml:1469(command)
14938
#: serverguide/C/network-auth.xml:1490(command)
14889
14939
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
14890
14940
msgstr ""
14891
14941
14892
#: serverguide/C/network-auth.xml:1472(para)
14942
#: serverguide/C/network-auth.xml:1493(para)
14893
14943
msgid "Restart OpenLDAP:"
14894
14944
msgstr ""
14895
14945
14896
#: serverguide/C/network-auth.xml:1480(para)
14946
#: serverguide/C/network-auth.xml:1501(para)
14897
14947
msgid ""
14898
14948
"Check your host's logs (/var/log/syslog) to see if the server has started "
14899
14949
"properly."
14900
14950
msgstr ""
14901
14951
14902
#: serverguide/C/network-auth.xml:1487(title)
14952
#: serverguide/C/network-auth.xml:1508(title)
14903
14953
msgid "Replication and TLS"
14904
14954
msgstr ""
14905
14955
14906
#: serverguide/C/network-auth.xml:1489(para)
14956
#: serverguide/C/network-auth.xml:1510(para)
14907
14957
msgid ""
14908
14958
"If you have set up replication between servers, it is common practice to "
14909
14959
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
14911
14961
"section we will build on that TLS-authentication work."
14912
14962
msgstr ""
14913
14963
14914
#: serverguide/C/network-auth.xml:1495(para)
14964
#: serverguide/C/network-auth.xml:1516(para)
14915
14965
msgid ""
14916
14966
"The assumption here is that you have set up replication between Provider and "
14917
14967
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
14919
14969
"linkend=\"openldap-tls\"/>."
14920
14970
msgstr ""
14921
14971
14922
#: serverguide/C/network-auth.xml:1500(para)
14972
#: serverguide/C/network-auth.xml:1521(para)
14923
14973
msgid ""
14924
14974
"As previously stated, the objective (for us) with replication is high "
14925
14975
"availablity for the LDAP service. Since we have TLS for authentication on "
14931
14981
"material over to the Consumer."
14932
14982
msgstr ""
14933
14983
14934
#: serverguide/C/network-auth.xml:1511(para) serverguide/C/network-auth.xml:1668(para)
14984
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
14935
14985
msgid "On the Provider,"
14936
14986
msgstr ""
14937
14987
14938
#: serverguide/C/network-auth.xml:1515(para)
14988
#: serverguide/C/network-auth.xml:1536(para)
14939
14989
msgid ""
14940
14990
"Create a holding directory (which will be used for the eventual transfer) "
14941
14991
"and then the Consumer's private key:"
14942
14992
msgstr ""
14943
14993
14944
#: serverguide/C/network-auth.xml:1520(command)
14994
#: serverguide/C/network-auth.xml:1541(command)
14945
14995
msgid "mkdir ldap02-ssl"
14946
14996
msgstr ""
14947
14997
14948
#: serverguide/C/network-auth.xml:1521(command)
14998
#: serverguide/C/network-auth.xml:1542(command)
14949
14999
msgid "cd ldap02-ssl"
14950
15000
msgstr ""
14951
15001
14952
#: serverguide/C/network-auth.xml:1522(command)
15002
#: serverguide/C/network-auth.xml:1543(command)
14953
15003
msgid ""
14954
15004
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14955
15005
"ldap02_slapd_key.pem"
14956
15006
msgstr ""
14957
15007
14958
#: serverguide/C/network-auth.xml:1527(para)
15008
#: serverguide/C/network-auth.xml:1548(para)
14959
15009
msgid ""
14960
15010
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
14961
"server, adjusting it's values accordingly:"
15011
"server, adjusting its values accordingly:"
14962
15012
msgstr ""
14963
15013
14964
#: serverguide/C/network-auth.xml:1531(programlisting)
15014
#: serverguide/C/network-auth.xml:1552(programlisting)
14965
15015
#, no-wrap
14966
15016
msgid ""
14967
15017
"\n"
14973
15023
"expiration_days = 3650\n"
14974
15024
msgstr ""
14975
15025
14976
#: serverguide/C/network-auth.xml:1540(para)
15026
#: serverguide/C/network-auth.xml:1561(para)
14977
15027
msgid "Create the Consumer's certificate:"
14978
15028
msgstr ""
14979
15029
14980
#: serverguide/C/network-auth.xml:1545(command)
15030
#: serverguide/C/network-auth.xml:1566(command)
14981
15031
msgid ""
14982
15032
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
14983
15033
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
14985
15035
"ldap02_slapd_cert.pem"
14986
15036
msgstr ""
14987
15037
14988
#: serverguide/C/network-auth.xml:1553(para)
15038
#: serverguide/C/network-auth.xml:1574(para)
14989
15039
msgid "Get a copy of the CA certificate:"
14990
15040
msgstr ""
14991
15041
14992
#: serverguide/C/network-auth.xml:1558(command)
15042
#: serverguide/C/network-auth.xml:1579(command)
14993
15043
msgid "cp /etc/ssl/certs/cacert.pem ."
14994
15044
msgstr ""
14995
15045
14996
#: serverguide/C/network-auth.xml:1561(para)
15046
#: serverguide/C/network-auth.xml:1582(para)
14997
15047
msgid ""
14998
15048
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
14999
15049
"the Consumer. Here we use scp (adjust accordingly):"
15000
15050
msgstr ""
15001
15051
15002
#: serverguide/C/network-auth.xml:1566(command)
15052
#: serverguide/C/network-auth.xml:1587(command)
15003
15053
msgid "cd .."
15004
15054
msgstr ""
15005
15055
15006
#: serverguide/C/network-auth.xml:1567(command)
15056
#: serverguide/C/network-auth.xml:1588(command)
15007
15057
msgid "scp -r ldap02-ssl user@consumer:"
15008
15058
msgstr ""
15009
15059
15010
#: serverguide/C/network-auth.xml:1573(para) serverguide/C/network-auth.xml:1621(para)
15060
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15011
15061
msgid "On the Consumer,"
15012
15062
msgstr ""
15013
15063
15014
#: serverguide/C/network-auth.xml:1577(para)
15064
#: serverguide/C/network-auth.xml:1598(para)
15015
15065
msgid "Configure TLS authentication:"
15016
15066
msgstr ""
15017
15067
15018
#: serverguide/C/network-auth.xml:1582(command)
15068
#: serverguide/C/network-auth.xml:1603(command)
15019
15069
msgid "sudo apt-get install ssl-cert"
15020
15070
msgstr ""
15021
15071
15022
#: serverguide/C/network-auth.xml:1584(command)
15072
#: serverguide/C/network-auth.xml:1605(command)
15023
15073
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15024
15074
msgstr ""
15025
15075
15026
#: serverguide/C/network-auth.xml:1585(command)
15076
#: serverguide/C/network-auth.xml:1606(command)
15027
15077
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15028
15078
msgstr ""
15029
15079
15030
#: serverguide/C/network-auth.xml:1586(command)
15080
#: serverguide/C/network-auth.xml:1607(command)
15031
15081
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15032
15082
msgstr ""
15033
15083
15034
#: serverguide/C/network-auth.xml:1587(command)
15084
#: serverguide/C/network-auth.xml:1608(command)
15035
15085
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15036
15086
msgstr ""
15037
15087
15038
#: serverguide/C/network-auth.xml:1588(command)
15088
#: serverguide/C/network-auth.xml:1609(command)
15039
15089
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15040
15090
msgstr ""
15041
15091
15042
#: serverguide/C/network-auth.xml:1591(para)
15092
#: serverguide/C/network-auth.xml:1612(para)
15043
15093
msgid ""
15044
15094
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15045
15095
"following contents (adjust accordingly):"
15046
15096
msgstr ""
15047
15097
15048
#: serverguide/C/network-auth.xml:1595(programlisting)
15098
#: serverguide/C/network-auth.xml:1616(programlisting)
15049
15099
#, no-wrap
15050
15100
msgid ""
15051
15101
"\n"
15060
15110
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15061
15111
msgstr ""
15062
15112
15063
#: serverguide/C/network-auth.xml:1607(para)
15113
#: serverguide/C/network-auth.xml:1628(para)
15064
15114
msgid "Configure the slapd-config database:"
15065
15115
msgstr ""
15066
15116
15067
#: serverguide/C/network-auth.xml:1612(command)
15117
#: serverguide/C/network-auth.xml:1633(command)
15068
15118
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15069
15119
msgstr ""
15070
15120
15071
#: serverguide/C/network-auth.xml:1615(para)
15121
#: serverguide/C/network-auth.xml:1636(para)
15072
15122
msgid ""
15073
15123
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15074
15124
"(SLAPD_SERVICES)."
15075
15125
msgstr ""
15076
15126
15077
#: serverguide/C/network-auth.xml:1625(para)
15127
#: serverguide/C/network-auth.xml:1646(para)
15078
15128
msgid ""
15079
15129
"Configure TLS for Consumer-side replication. Modify the existing "
15080
15130
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15082
15132
"value(s)."
15083
15133
msgstr ""
15084
15134
15085
#: serverguide/C/network-auth.xml:1630(para)
15135
#: serverguide/C/network-auth.xml:1651(para)
15086
15136
msgid ""
15087
15137
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15088
15138
"following contents:"
15089
15139
msgstr ""
15090
15140
15091
#: serverguide/C/network-auth.xml:1634(programlisting)
15141
#: serverguide/C/network-auth.xml:1660(programlisting)
15092
15142
#, no-wrap
15093
15143
msgid ""
15094
15144
"\n"
15103
15153
" starttls=critical tls_reqcert=demand\n"
15104
15154
msgstr ""
15105
15155
15106
#: serverguide/C/network-auth.xml:1644(para)
15156
#: serverguide/C/network-auth.xml:1665(para)
15107
15157
msgid ""
15108
15158
"The extra options specify, respectively, that the consumer must use StartTLS "
15109
15159
"and that the CA certificate is required to verify the Provider's identity. "
15111
15161
"('replace')."
15112
15162
msgstr ""
15113
15163
15114
#: serverguide/C/network-auth.xml:1649(para)
15164
#: serverguide/C/network-auth.xml:1670(para)
15115
15165
msgid "Implement these changes:"
15116
15166
msgstr ""
15117
15167
15118
#: serverguide/C/network-auth.xml:1654(command)
15168
#: serverguide/C/network-auth.xml:1675(command)
15119
15169
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15120
15170
msgstr ""
15121
15171
15122
#: serverguide/C/network-auth.xml:1657(para)
15172
#: serverguide/C/network-auth.xml:1678(para)
15123
15173
msgid "And restart slapd:"
15124
15174
msgstr ""
15125
15175
15126
#: serverguide/C/network-auth.xml:1672(para)
15176
#: serverguide/C/network-auth.xml:1693(para)
15127
15177
msgid ""
15128
15178
"Check to see that a TLS session has been established. In "
15129
15179
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15130
15180
"logging set up, you should see messages similar to:"
15131
15181
msgstr ""
15132
15182
15133
#: serverguide/C/network-auth.xml:1677(programlisting)
15183
#: serverguide/C/network-auth.xml:1698(programlisting)
15134
15184
#, no-wrap
15135
15185
msgid ""
15136
15186
"\n"
15147
15197
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15148
15198
msgstr ""
15149
15199
15150
#: serverguide/C/network-auth.xml:1695(title)
15200
#: serverguide/C/network-auth.xml:1716(title)
15151
15201
msgid "LDAP Authentication"
15152
15202
msgstr ""
15153
15203
15154
#: serverguide/C/network-auth.xml:1697(para)
15204
#: serverguide/C/network-auth.xml:1723(para)
15155
15205
msgid ""
15156
15206
"Once you have a working LDAP server, you will need to install libraries on "
15157
15207
"the client that will know how and when to contact it. On Ubuntu, this has "
15160
15210
"assist you in the configuration step. Install this package now:"
15161
15211
msgstr ""
15162
15212
15163
#: serverguide/C/network-auth.xml:1704(command)
15213
#: serverguide/C/network-auth.xml:1725(command)
15164
15214
msgid "sudo apt-get install libnss-ldap"
15165
15215
msgstr ""
15166
15216
15167
#: serverguide/C/network-auth.xml:1707(para)
15217
#: serverguide/C/network-auth.xml:1728(para)
15168
15218
msgid ""
15169
15219
"You will be prompted for details of your LDAP server. If you make a mistake "
15170
15220
"you can try again using:"
15171
15221
msgstr ""
15172
15222
15173
#: serverguide/C/network-auth.xml:1712(command)
15223
#: serverguide/C/network-auth.xml:1733(command)
15174
15224
msgid "sudo dpkg-reconfigure ldap-auth-config"
15175
15225
msgstr ""
15176
15226
15177
#: serverguide/C/network-auth.xml:1715(para)
15227
#: serverguide/C/network-auth.xml:1736(para)
15178
15228
msgid ""
15179
15229
"The results of the dialog can be seen in "
15180
15230
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15181
15231
"covered in the menu edit this file accordingly."
15182
15232
msgstr ""
15183
15233
15184
#: serverguide/C/network-auth.xml:1720(para)
15234
#: serverguide/C/network-auth.xml:1741(para)
15185
15235
msgid "Now configure the LDAP profile for NSS:"
15186
15236
msgstr ""
15187
15237
15188
#: serverguide/C/network-auth.xml:1725(command)
15238
#: serverguide/C/network-auth.xml:1746(command)
15189
15239
msgid "sudo auth-client-config -t nss -p lac_ldap"
15190
15240
msgstr ""
15191
15241
15192
#: serverguide/C/network-auth.xml:1728(para)
15242
#: serverguide/C/network-auth.xml:1749(para)
15193
15243
msgid "Configure the system to use LDAP for authentication:"
15194
15244
msgstr ""
15195
15245
15196
#: serverguide/C/network-auth.xml:1733(command)
15246
#: serverguide/C/network-auth.xml:1754(command)
15197
15247
msgid "sudo pam-auth-update"
15198
15248
msgstr ""
15199
15249
15200
#: serverguide/C/network-auth.xml:1736(para)
15250
#: serverguide/C/network-auth.xml:1757(para)
15201
15251
msgid ""
15202
15252
"From the menu, choose LDAP and any other authentication mechanisms you need."
15203
15253
msgstr ""
15204
15254
15205
#: serverguide/C/network-auth.xml:1740(para)
15255
#: serverguide/C/network-auth.xml:1761(para)
15206
15256
msgid "You should now be able to log in using LDAP-based credentials."
15207
15257
msgstr ""
15208
15258
15209
#: serverguide/C/network-auth.xml:1744(para)
15259
#: serverguide/C/network-auth.xml:1765(para)
15210
15260
msgid ""
15211
15261
"LDAP clients will need to refer to multiple servers if replication is in "
15212
15262
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15213
15263
msgstr ""
15214
15264
15215
#: serverguide/C/network-auth.xml:1749(programlisting)
15265
#: serverguide/C/network-auth.xml:1770(programlisting)
15216
15266
#, no-wrap
15217
15267
msgid ""
15218
15268
"\n"
15219
15269
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15220
15270
msgstr ""
15221
15271
15222
#: serverguide/C/network-auth.xml:1753(para)
15272
#: serverguide/C/network-auth.xml:1774(para)
15223
15273
msgid ""
15224
15274
"The request will time out and the Consumer (ldap02) will attempt to be "
15225
15275
"reached if the Provider (ldap01) becomes unresponsive."
15226
15276
msgstr ""
15227
15277
15228
#: serverguide/C/network-auth.xml:1757(para)
15278
#: serverguide/C/network-auth.xml:1778(para)
15229
15279
msgid ""
15230
15280
"If you are going to use LDAP to store Samba users you will need to configure "
15231
15281
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15232
15282
"ldap\"/> for details."
15233
15283
msgstr ""
15234
15284
15235
#: serverguide/C/network-auth.xml:1763(para)
15285
#: serverguide/C/network-auth.xml:1784(para)
15236
15286
msgid ""
15237
15287
"An alternative to the <application>libnss-ldap</application> package is the "
15238
15288
"<application>libnss-ldapd</application> package. This, however, will bring "
15240
15290
"wanted. Simply remove it afterwards."
15241
15291
msgstr ""
15242
15292
15243
#: serverguide/C/network-auth.xml:1773(title)
15293
#: serverguide/C/network-auth.xml:1794(title)
15244
15294
msgid "User and Group Management"
15245
15295
msgstr ""
15246
15296
15247
#: serverguide/C/network-auth.xml:1775(para)
15297
#: serverguide/C/network-auth.xml:1796(para)
15248
15298
msgid ""
15249
15299
"The <application>ldap-utils</application> package comes with enough "
15250
15300
"utilities to manage the directory but the long string of options needed can "
15253
15303
"easier to use."
15254
15304
msgstr ""
15255
15305
15256
#: serverguide/C/network-auth.xml:1781(para)
15306
#: serverguide/C/network-auth.xml:1802(para)
15257
15307
msgid "Install the package:"
15258
15308
msgstr ""
15259
15309
15260
#: serverguide/C/network-auth.xml:1786(command)
15310
#: serverguide/C/network-auth.xml:1807(command)
15261
15311
msgid "sudo apt-get install ldapscripts"
15262
15312
msgstr ""
15263
15313
15264
#: serverguide/C/network-auth.xml:1789(para)
15314
#: serverguide/C/network-auth.xml:1810(para)
15265
15315
msgid ""
15266
15316
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15267
15317
"arrive at something similar to the following:"
15268
15318
msgstr ""
15269
15319
15270
#: serverguide/C/network-auth.xml:1793(programlisting)
15320
#: serverguide/C/network-auth.xml:1814(programlisting)
15271
15321
#, no-wrap
15272
15322
msgid ""
15273
15323
"\n"
15283
15333
"MIDSTART=10000\n"
15284
15334
msgstr ""
15285
15335
15286
#: serverguide/C/network-auth.xml:1806(para)
15336
#: serverguide/C/network-auth.xml:1827(para)
15287
15337
msgid ""
15288
15338
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15289
15339
"access to the directory:"
15290
15340
msgstr ""
15291
15341
15292
#: serverguide/C/network-auth.xml:1811(command)
15342
#: serverguide/C/network-auth.xml:1832(command)
15293
15343
msgid ""
15294
15344
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15295
15345
msgstr ""
15296
15346
15297
#: serverguide/C/network-auth.xml:1812(command)
15347
#: serverguide/C/network-auth.xml:1833(command)
15298
15348
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15299
15349
msgstr ""
15300
15350
15301
#: serverguide/C/network-auth.xml:1816(para)
15351
#: serverguide/C/network-auth.xml:1837(para)
15302
15352
msgid ""
15303
15353
"Replace <quote>secret</quote> with the actual password for your database's "
15304
15354
"rootDN user."
15305
15355
msgstr ""
15306
15356
15307
#: serverguide/C/network-auth.xml:1821(para)
15357
#: serverguide/C/network-auth.xml:1842(para)
15308
15358
msgid ""
15309
15359
"The scripts are now ready to help manage your directory. Here are some "
15310
15360
"examples of how to use them:"
15311
15361
msgstr ""
15312
15362
15313
#: serverguide/C/network-auth.xml:1828(para)
15363
#: serverguide/C/network-auth.xml:1849(para)
15314
15364
msgid "Create a new user:"
15315
15365
msgstr ""
15316
15366
15317
#: serverguide/C/network-auth.xml:1833(command)
15367
#: serverguide/C/network-auth.xml:1854(command)
15318
15368
msgid "sudo ldapadduser george example"
15319
15369
msgstr ""
15320
15370
15321
#: serverguide/C/network-auth.xml:1836(para)
15371
#: serverguide/C/network-auth.xml:1857(para)
15322
15372
msgid ""
15323
15373
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15324
15374
"and set the user's primary group (gid) to <emphasis "
15325
15375
"role=\"italic\">example</emphasis>"
15326
15376
msgstr ""
15327
15377
15328
#: serverguide/C/network-auth.xml:1843(para)
15378
#: serverguide/C/network-auth.xml:1864(para)
15329
15379
msgid "Change a user's password:"
15330
15380
msgstr ""
15331
15381
15332
#: serverguide/C/network-auth.xml:1848(command)
15382
#: serverguide/C/network-auth.xml:1869(command)
15333
15383
msgid "sudo ldapsetpasswd george"
15334
15384
msgstr ""
15335
15385
15336
#: serverguide/C/network-auth.xml:1849(computeroutput)
15386
#: serverguide/C/network-auth.xml:1870(computeroutput)
15337
15387
#, no-wrap
15338
15388
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15339
15389
msgstr ""
15340
15390
15341
#: serverguide/C/network-auth.xml:1850(userinput)
15391
#: serverguide/C/network-auth.xml:1871(userinput)
15342
15392
#, no-wrap
15343
15393
msgid "New Password: "
15344
15394
msgstr ""
15345
15395
15346
#: serverguide/C/network-auth.xml:1851(userinput)
15396
#: serverguide/C/network-auth.xml:1872(userinput)
15347
15397
#, no-wrap
15348
15398
msgid "New Password (verify): "
15349
15399
msgstr ""
15350
15400
15351
#: serverguide/C/network-auth.xml:1857(para)
15401
#: serverguide/C/network-auth.xml:1878(para)
15352
15402
msgid "Delete a user:"
15353
15403
msgstr ""
15354
15404
15355
#: serverguide/C/network-auth.xml:1862(command)
15405
#: serverguide/C/network-auth.xml:1883(command)
15356
15406
msgid "sudo ldapdeleteuser george"
15357
15407
msgstr ""
15358
15408
15359
#: serverguide/C/network-auth.xml:1868(para)
15409
#: serverguide/C/network-auth.xml:1889(para)
15360
15410
msgid "Add a group:"
15361
15411
msgstr ""
15362
15412
15363
#: serverguide/C/network-auth.xml:1873(command)
15413
#: serverguide/C/network-auth.xml:1894(command)
15364
15414
msgid "sudo ldapaddgroup qa"
15365
15415
msgstr ""
15366
15416
15367
#: serverguide/C/network-auth.xml:1879(para)
15417
#: serverguide/C/network-auth.xml:1900(para)
15368
15418
msgid "Delete a group:"
15369
15419
msgstr ""
15370
15420
15371
#: serverguide/C/network-auth.xml:1884(command)
15421
#: serverguide/C/network-auth.xml:1905(command)
15372
15422
msgid "sudo ldapdeletegroup qa"
15373
15423
msgstr ""
15374
15424
15375
#: serverguide/C/network-auth.xml:1890(para)
15425
#: serverguide/C/network-auth.xml:1911(para)
15376
15426
msgid "Add a user to a group:"
15377
15427
msgstr ""
15378
15428
15379
#: serverguide/C/network-auth.xml:1895(command)
15429
#: serverguide/C/network-auth.xml:1916(command)
15380
15430
msgid "sudo ldapaddusertogroup george qa"
15381
15431
msgstr ""
15382
15432
15383
#: serverguide/C/network-auth.xml:1898(para)
15433
#: serverguide/C/network-auth.xml:1919(para)
15384
15434
msgid ""
15385
15435
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15386
15436
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15387
15437
"role=\"italic\">george</emphasis>."
15388
15438
msgstr ""
15389
15439
15390
#: serverguide/C/network-auth.xml:1905(para)
15440
#: serverguide/C/network-auth.xml:1926(para)
15391
15441
msgid "Remove a user from a group:"
15392
15442
msgstr ""
15393
15443
15394
#: serverguide/C/network-auth.xml:1910(command)
15444
#: serverguide/C/network-auth.xml:1931(command)
15395
15445
msgid "sudo ldapdeleteuserfromgroup george qa"
15396
15446
msgstr ""
15397
15447
15398
#: serverguide/C/network-auth.xml:1913(para)
15448
#: serverguide/C/network-auth.xml:1934(para)
15399
15449
msgid ""
15400
15450
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15401
15451
"<emphasis role=\"italic\">qa</emphasis> group."
15402
15452
msgstr ""
15403
15453
15404
#: serverguide/C/network-auth.xml:1920(para)
15454
#: serverguide/C/network-auth.xml:1941(para)
15405
15455
msgid ""
15406
15456
"The <application>ldapmodifyuser</application> script allows you to add, "
15407
15457
"remove, or replace a user's attributes. The script uses the same syntax as "
15408
15458
"the <application>ldapmodify</application> utility. For example:"
15409
15459
msgstr ""
15410
15460
15411
#: serverguide/C/network-auth.xml:1926(command)
15461
#: serverguide/C/network-auth.xml:1947(command)
15412
15462
msgid "sudo ldapmodifyuser george"
15413
15463
msgstr ""
15414
15464
15415
#: serverguide/C/network-auth.xml:1927(computeroutput)
15465
#: serverguide/C/network-auth.xml:1948(computeroutput)
15416
15466
#, no-wrap
15417
15467
msgid ""
15418
15468
"# About to modify the following entry :\n"
15433
15483
"dn: uid=george,ou=People,dc=example,dc=com"
15434
15484
msgstr ""
15435
15485
15436
#: serverguide/C/network-auth.xml:1943(userinput)
15486
#: serverguide/C/network-auth.xml:1964(userinput)
15437
15487
#, no-wrap
15438
15488
msgid ""
15439
15489
"replace: gecos\n"
15440
15490
"gecos: George Carlin"
15441
15491
msgstr ""
15442
15492
15443
#: serverguide/C/network-auth.xml:1947(para)
15493
#: serverguide/C/network-auth.xml:1968(para)
15444
15494
msgid ""
15445
15495
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15446
15496
"Carlin</quote>."
15447
15497
msgstr ""
15448
15498
15449
#: serverguide/C/network-auth.xml:1953(para)
15499
#: serverguide/C/network-auth.xml:1979(para)
15450
15500
msgid ""
15451
15501
"A nice feature of <application>ldapscripts</application> is the template "
15452
15502
"system. Templates allow you to customize the attributes of user, group, and "
15455
15505
"changing:"
15456
15506
msgstr ""
15457
15507
15458
#: serverguide/C/network-auth.xml:1959(programlisting)
15508
#: serverguide/C/network-auth.xml:1980(programlisting)
15459
15509
#, no-wrap
15460
15510
msgid ""
15461
15511
"\n"
15462
15512
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15463
15513
msgstr ""
15464
15514
15465
#: serverguide/C/network-auth.xml:1963(para)
15515
#: serverguide/C/network-auth.xml:1984(para)
15466
15516
msgid ""
15467
15517
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15468
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15469
"<filename>ldapadduser.template.sample</filename> file to "
15518
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15519
"rename the <filename>ldapadduser.template.sample</filename> file to "
15470
15520
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15471
15521
msgstr ""
15472
15522
15473
#: serverguide/C/network-auth.xml:1970(command)
15523
#: serverguide/C/network-auth.xml:1991(command)
15474
15524
msgid ""
15475
15525
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15476
15526
"/etc/ldapscripts/ldapadduser.template"
15477
15527
msgstr ""
15478
15528
15479
#: serverguide/C/network-auth.xml:1974(para)
15529
#: serverguide/C/network-auth.xml:1995(para)
15480
15530
msgid ""
15481
15531
"Edit the new template to add the desired attributes. The following will "
15482
15532
"create new users with an objectClass of inetOrgPerson:"
15483
15533
msgstr ""
15484
15534
15485
#: serverguide/C/network-auth.xml:1979(programlisting)
15535
#: serverguide/C/network-auth.xml:2000(programlisting)
15486
15536
#, no-wrap
15487
15537
msgid ""
15488
15538
"\n"
15501
15551
"title: Employee\n"
15502
15552
msgstr ""
15503
15553
15504
#: serverguide/C/network-auth.xml:1995(para)
15554
#: serverguide/C/network-auth.xml:2016(para)
15505
15555
msgid ""
15506
15556
"Notice the <emphasis><ask></emphasis> option used for the "
15507
15557
"<emphasis>sn</emphasis> attribute. This will make "
15508
"<application>ldapadduser</application> prompt you for it's value."
15558
"<application>ldapadduser</application> prompt you for its value."
15509
15559
msgstr ""
15510
15560
15511
#: serverguide/C/network-auth.xml:2003(para)
15561
#: serverguide/C/network-auth.xml:2024(para)
15512
15562
msgid ""
15513
15563
"There are utilities in the package that were not covered here. Here is a "
15514
15564
"complete list:"
15515
15565
msgstr ""
15516
15566
15517
#: serverguide/C/network-auth.xml:2008(ulink)
15567
#: serverguide/C/network-auth.xml:2029(ulink)
15518
15568
msgid "ldaprenamemachine"
15519
15569
msgstr ""
15520
15570
15521
#: serverguide/C/network-auth.xml:2009(ulink)
15571
#: serverguide/C/network-auth.xml:2030(ulink)
15522
15572
msgid "ldapadduser"
15523
15573
msgstr ""
15524
15574
15525
#: serverguide/C/network-auth.xml:2010(ulink)
15575
#: serverguide/C/network-auth.xml:2031(ulink)
15526
15576
msgid "ldapdeleteuserfromgroup"
15527
15577
msgstr ""
15528
15578
15529
#: serverguide/C/network-auth.xml:2011(ulink)
15579
#: serverguide/C/network-auth.xml:2032(ulink)
15530
15580
msgid "ldapfinger"
15531
15581
msgstr ""
15532
15582
15533
#: serverguide/C/network-auth.xml:2012(ulink)
15583
#: serverguide/C/network-auth.xml:2033(ulink)
15534
15584
msgid "ldapid"
15535
15585
msgstr ""
15536
15586
15537
#: serverguide/C/network-auth.xml:2013(ulink)
15587
#: serverguide/C/network-auth.xml:2034(ulink)
15538
15588
msgid "ldapgid"
15539
15589
msgstr ""
15540
15590
15541
#: serverguide/C/network-auth.xml:2014(ulink)
15591
#: serverguide/C/network-auth.xml:2035(ulink)
15542
15592
msgid "ldapmodifyuser"
15543
15593
msgstr ""
15544
15594
15545
#: serverguide/C/network-auth.xml:2015(ulink)
15595
#: serverguide/C/network-auth.xml:2036(ulink)
15546
15596
msgid "ldaprenameuser"
15547
15597
msgstr ""
15548
15598
15549
#: serverguide/C/network-auth.xml:2016(ulink)
15599
#: serverguide/C/network-auth.xml:2037(ulink)
15550
15600
msgid "lsldap"
15551
15601
msgstr ""
15552
15602
15553
#: serverguide/C/network-auth.xml:2017(ulink)
15603
#: serverguide/C/network-auth.xml:2038(ulink)
15554
15604
msgid "ldapaddusertogroup"
15555
15605
msgstr ""
15556
15606
15557
#: serverguide/C/network-auth.xml:2018(ulink)
15607
#: serverguide/C/network-auth.xml:2039(ulink)
15558
15608
msgid "ldapsetpasswd"
15559
15609
msgstr ""
15560
15610
15561
#: serverguide/C/network-auth.xml:2019(ulink)
15611
#: serverguide/C/network-auth.xml:2040(ulink)
15562
15612
msgid "ldapinit"
15563
15613
msgstr ""
15564
15614
15565
#: serverguide/C/network-auth.xml:2020(ulink)
15615
#: serverguide/C/network-auth.xml:2041(ulink)
15566
15616
msgid "ldapaddgroup"
15567
15617
msgstr ""
15568
15618
15569
#: serverguide/C/network-auth.xml:2021(ulink)
15619
#: serverguide/C/network-auth.xml:2042(ulink)
15570
15620
msgid "ldapdeletegroup"
15571
15621
msgstr ""
15572
15622
15573
#: serverguide/C/network-auth.xml:2022(ulink)
15623
#: serverguide/C/network-auth.xml:2043(ulink)
15574
15624
msgid "ldapmodifygroup"
15575
15625
msgstr ""
15576
15626
15577
#: serverguide/C/network-auth.xml:2023(ulink)
15627
#: serverguide/C/network-auth.xml:2044(ulink)
15578
15628
msgid "ldapdeletemachine"
15579
15629
msgstr ""
15580
15630
15581
#: serverguide/C/network-auth.xml:2024(ulink)
15631
#: serverguide/C/network-auth.xml:2045(ulink)
15582
15632
msgid "ldaprenamegroup"
15583
15633
msgstr ""
15584
15634
15585
#: serverguide/C/network-auth.xml:2025(ulink)
15635
#: serverguide/C/network-auth.xml:2046(ulink)
15586
15636
msgid "ldapaddmachine"
15587
15637
msgstr ""
15588
15638
15589
#: serverguide/C/network-auth.xml:2026(ulink)
15639
#: serverguide/C/network-auth.xml:2047(ulink)
15590
15640
msgid "ldapmodifymachine"
15591
15641
msgstr ""
15592
15642
15593
#: serverguide/C/network-auth.xml:2027(ulink)
15643
#: serverguide/C/network-auth.xml:2048(ulink)
15594
15644
msgid "ldapsetprimarygroup"
15595
15645
msgstr ""
15596
15646
15597
#: serverguide/C/network-auth.xml:2028(ulink)
15647
#: serverguide/C/network-auth.xml:2049(ulink)
15598
15648
msgid "ldapdeleteuser"
15599
15649
msgstr ""
15600
15650
15601
#: serverguide/C/network-auth.xml:2034(title)
15651
#: serverguide/C/network-auth.xml:2055(title)
15602
15652
msgid "Backup and Restore"
15603
15653
msgstr ""
15604
15654
15605
#: serverguide/C/network-auth.xml:2036(para)
15655
#: serverguide/C/network-auth.xml:2057(para)
15606
15656
msgid ""
15607
15657
"Now we have ldap running just the way we want, it is time to ensure we can "
15608
15658
"save all of our work and restore it as needed."
15609
15659
msgstr ""
15610
15660
15611
#: serverguide/C/network-auth.xml:2041(para)
15661
#: serverguide/C/network-auth.xml:2062(para)
15612
15662
msgid ""
15613
15663
"What we need is a way to backup the ldap database(s), specifically the "
15614
15664
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15617
15667
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15618
15668
msgstr ""
15619
15669
15620
#: serverguide/C/network-auth.xml:2051(programlisting)
15670
#: serverguide/C/network-auth.xml:2072(programlisting)
15621
15671
#, no-wrap
15622
15672
msgid ""
15623
15673
"\n"
15632
15682
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
15633
15683
msgstr ""
15634
15684
15635
#: serverguide/C/network-auth.xml:2064(para)
15685
#: serverguide/C/network-auth.xml:2085(para)
15636
15686
msgid ""
15637
15687
"These files are uncompressed text files containing everything in your ldap "
15638
15688
"databases including the tree layout, usernames, and every password. So, you "
15642
15692
"requirements."
15643
15693
msgstr ""
15644
15694
15645
#: serverguide/C/network-auth.xml:2075(para)
15695
#: serverguide/C/network-auth.xml:2096(para)
15646
15696
msgid ""
15647
15697
"Then, it is just a matter of having a cron script to run this program as "
15648
15698
"often as we feel comfortable with. For many, once a day suffices. For "
15651
15701
"22:45h:"
15652
15702
msgstr ""
15653
15703
15654
#: serverguide/C/network-auth.xml:2083(programlisting)
15704
#: serverguide/C/network-auth.xml:2104(programlisting)
15655
15705
#, no-wrap
15656
15706
msgid ""
15657
15707
"\n"
15659
15709
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15660
15710
msgstr ""
15661
15711
15662
#: serverguide/C/network-auth.xml:2088(para)
15712
#: serverguide/C/network-auth.xml:2109(para)
15663
15713
msgid "Now the files are created, they should be copied to a backup server."
15664
15714
msgstr ""
15665
15715
15666
#: serverguide/C/network-auth.xml:2093(para)
15716
#: serverguide/C/network-auth.xml:2114(para)
15667
15717
msgid ""
15668
15718
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15669
15719
"something like this:"
15670
15720
msgstr ""
15671
15721
15672
#: serverguide/C/network-auth.xml:2099(command)
15722
#: serverguide/C/network-auth.xml:2120(command)
15673
15723
msgid "sudo service slapd stop"
15674
15724
msgstr ""
15675
15725
15676
#: serverguide/C/network-auth.xml:2100(command)
15726
#: serverguide/C/network-auth.xml:2121(command)
15677
15727
msgid "sudo mkdir /var/lib/ldap/accesslog"
15678
15728
msgstr ""
15679
15729
15680
#: serverguide/C/network-auth.xml:2101(command)
15730
#: serverguide/C/network-auth.xml:2122(command)
15681
15731
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15682
15732
msgstr ""
15683
15733
15684
#: serverguide/C/network-auth.xml:2102(command)
15734
#: serverguide/C/network-auth.xml:2123(command)
15685
15735
msgid ""
15686
15736
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15687
15737
msgstr ""
15688
15738
15689
#: serverguide/C/network-auth.xml:2103(command)
15739
#: serverguide/C/network-auth.xml:2124(command)
15690
15740
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15691
15741
msgstr ""
15692
15742
15693
#: serverguide/C/network-auth.xml:2104(command)
15743
#: serverguide/C/network-auth.xml:2125(command)
15694
15744
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15695
15745
msgstr ""
15696
15746
15697
#: serverguide/C/network-auth.xml:2105(command)
15747
#: serverguide/C/network-auth.xml:2126(command)
15698
15748
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15699
15749
msgstr ""
15700
15750
15701
#: serverguide/C/network-auth.xml:2106(command)
15751
#: serverguide/C/network-auth.xml:2127(command)
15702
15752
msgid "sudo service slapd start"
15703
15753
msgstr ""
15704
15754
15705
#: serverguide/C/network-auth.xml:2117(para)
15755
#: serverguide/C/network-auth.xml:2138(para)
15706
15756
msgid ""
15707
15757
"The primary resource is the upstream documentation: <ulink "
15708
15758
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15709
15759
msgstr ""
15710
15760
15711
#: serverguide/C/network-auth.xml:2123(para)
15761
#: serverguide/C/network-auth.xml:2144(para)
15712
15762
msgid ""
15713
15763
"There are many man pages that come with the slapd package. Here are some "
15714
15764
"important ones, especially considering the material presented in this guide:"
15715
15765
msgstr ""
15716
15766
15717
#: serverguide/C/network-auth.xml:2129(ulink)
15767
#: serverguide/C/network-auth.xml:2150(ulink)
15718
15768
msgid "slapd"
15719
15769
msgstr ""
15720
15770
15721
#: serverguide/C/network-auth.xml:2130(ulink)
15771
#: serverguide/C/network-auth.xml:2151(ulink)
15722
15772
msgid "slapd-config"
15723
15773
msgstr ""
15724
15774
15725
#: serverguide/C/network-auth.xml:2131(ulink)
15775
#: serverguide/C/network-auth.xml:2152(ulink)
15726
15776
msgid "slapd.access"
15727
15777
msgstr ""
15728
15778
15729
#: serverguide/C/network-auth.xml:2132(ulink)
15779
#: serverguide/C/network-auth.xml:2153(ulink)
15730
15780
msgid "slapo-syncprov"
15731
15781
msgstr ""
15732
15782
15733
#: serverguide/C/network-auth.xml:2138(para)
15783
#: serverguide/C/network-auth.xml:2159(para)
15734
15784
msgid "Other man pages:"
15735
15785
msgstr ""
15736
15786
15737
#: serverguide/C/network-auth.xml:2143(ulink)
15787
#: serverguide/C/network-auth.xml:2164(ulink)
15738
15788
msgid "auth-client-config"
15739
15789
msgstr ""
15740
15790
15741
#: serverguide/C/network-auth.xml:2144(ulink)
15791
#: serverguide/C/network-auth.xml:2165(ulink)
15742
15792
msgid "pam-auth-update"
15743
15793
msgstr ""
15744
15794
15745
#: serverguide/C/network-auth.xml:2150(para)
15795
#: serverguide/C/network-auth.xml:2171(para)
15746
15796
msgid ""
15747
15797
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15748
15798
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15749
15799
msgstr ""
15750
15800
15751
#: serverguide/C/network-auth.xml:2156(para)
15801
#: serverguide/C/network-auth.xml:2177(para)
15752
15802
msgid ""
15753
15803
"A Ubuntu community <ulink "
15754
15804
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15755
15805
"wiki</ulink> page has a collection of notes"
15756
15806
msgstr ""
15757
15807
15758
#: serverguide/C/network-auth.xml:2162(para)
15808
#: serverguide/C/network-auth.xml:2183(para)
15759
15809
msgid ""
15760
15810
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15761
15811
"Administration</ulink> (textbook; 2003)"
15762
15812
msgstr ""
15763
15813
15764
#: serverguide/C/network-auth.xml:2168(para)
15814
#: serverguide/C/network-auth.xml:2189(para)
15765
15815
msgid ""
15766
15816
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15767
15817
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15768
15818
msgstr ""
15769
15819
15770
#: serverguide/C/network-auth.xml:2179(title)
15820
#: serverguide/C/network-auth.xml:2200(title)
15771
15821
msgid "Samba and LDAP"
15772
15822
msgstr ""
15773
15823
15774
#: serverguide/C/network-auth.xml:2181(para)
15824
#: serverguide/C/network-auth.xml:2202(para)
15775
15825
msgid ""
15776
15826
"This section covers the integration of Samba with LDAP. The Samba server's "
15777
15827
"role will be that of a \"standalone\" server and the LDAP directory will "
15778
15828
"provide the authentication layer in addition to containing the user, group, "
15779
15829
"and machine account information that Samba requires in order to function (in "
15780
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
15830
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
15781
15831
"configured with a directory that can accept authentication requests. See "
15782
15832
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
15783
15833
"requirement. Once this section is completed, you will need to decide what "
15784
15834
"specifically you want Samba to do for you and then configure it accordingly."
15785
15835
msgstr ""
15786
15836
15787
#: serverguide/C/network-auth.xml:2190(title)
15837
#: serverguide/C/network-auth.xml:2211(title)
15788
15838
msgid "Software Installation"
15789
15839
msgstr ""
15790
15840
15791
#: serverguide/C/network-auth.xml:2192(para)
15841
#: serverguide/C/network-auth.xml:2213(para)
15792
15842
msgid ""
15793
15843
"There are three packages needed when integrating Samba with LDAP: "
15794
15844
"<application>samba</application>, <application>samba-doc</application>, and "
15795
15845
"<application>smbldap-tools</application> packages."
15796
15846
msgstr ""
15797
15847
15798
#: serverguide/C/network-auth.xml:2197(para)
15848
#: serverguide/C/network-auth.xml:2223(para)
15799
15849
msgid ""
15800
15850
"Strictly speaking, the <application>smbldap-tools</application> package "
15801
15851
"isn't needed, but unless you have some other way to manage the various Samba "
15803
15853
"install it."
15804
15854
msgstr ""
15805
15855
15806
#: serverguide/C/network-auth.xml:2202(para)
15856
#: serverguide/C/network-auth.xml:2223(para)
15807
15857
msgid "Install these packages now:"
15808
15858
msgstr ""
15809
15859
15810
#: serverguide/C/network-auth.xml:2207(command)
15860
#: serverguide/C/network-auth.xml:2228(command)
15811
15861
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15812
15862
msgstr ""
15813
15863
15814
#: serverguide/C/network-auth.xml:2213(title)
15864
#: serverguide/C/network-auth.xml:2234(title)
15815
15865
msgid "LDAP Configuration"
15816
15866
msgstr ""
15817
15867
15818
#: serverguide/C/network-auth.xml:2215(para)
15868
#: serverguide/C/network-auth.xml:2236(para)
15819
15869
msgid ""
15820
15870
"We will now configure the LDAP server so that it can accomodate Samba data. "
15821
15871
"We will perform three tasks in this section:"
15822
15872
msgstr ""
15823
15873
15824
#: serverguide/C/network-auth.xml:2222(para)
15874
#: serverguide/C/network-auth.xml:2243(para)
15825
15875
msgid "Import a schema"
15826
15876
msgstr ""
15827
15877
15828
#: serverguide/C/network-auth.xml:2226(para)
15878
#: serverguide/C/network-auth.xml:2247(para)
15829
15879
msgid "Index some entries"
15830
15880
msgstr ""
15831
15881
15832
#: serverguide/C/network-auth.xml:2230(para)
15882
#: serverguide/C/network-auth.xml:2251(para)
15833
15883
msgid "Add objects"
15834
15884
msgstr ""
15835
15885
15836
#: serverguide/C/network-auth.xml:2236(title)
15886
#: serverguide/C/network-auth.xml:2257(title)
15837
15887
msgid "Samba schema"
15838
15888
msgstr ""
15839
15889
15840
#: serverguide/C/network-auth.xml:2238(para)
15890
#: serverguide/C/network-auth.xml:2259(para)
15841
15891
msgid ""
15842
15892
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
15843
15893
"will need to use attributes that can properly describe Samba data. Such "
15845
15895
"now."
15846
15896
msgstr ""
15847
15897
15848
#: serverguide/C/network-auth.xml:2244(para)
15898
#: serverguide/C/network-auth.xml:2265(para)
15849
15899
msgid ""
15850
15900
"For more information on schemas and their installation see <xref "
15851
15901
"linkend=\"openldap-configuration\"/>."
15852
15902
msgstr ""
15853
15903
15854
#: serverguide/C/network-auth.xml:2252(para)
15904
#: serverguide/C/network-auth.xml:2273(para)
15855
15905
msgid ""
15856
15906
"The schema is found in the now-installed <application>samba-"
15857
15907
"doc</application> package. It needs to be unzipped and copied to the "
15858
15908
"<filename>/etc/ldap/schema</filename> directory:"
15859
15909
msgstr ""
15860
15910
15861
#: serverguide/C/network-auth.xml:2258(command)
15911
#: serverguide/C/network-auth.xml:2279(command)
15862
15912
msgid ""
15863
15913
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15864
15914
"/etc/ldap/schema"
15865
15915
msgstr ""
15866
15916
15867
#: serverguide/C/network-auth.xml:2259(command)
15917
#: serverguide/C/network-auth.xml:2280(command)
15868
15918
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15869
15919
msgstr ""
15870
15920
15871
#: serverguide/C/network-auth.xml:2265(para)
15921
#: serverguide/C/network-auth.xml:2286(para)
15872
15922
msgid ""
15873
15923
"Have the configuration file <filename>schema_convert.conf</filename> that "
15874
15924
"contains the following lines:"
15875
15925
msgstr ""
15876
15926
15877
#: serverguide/C/network-auth.xml:2269(programlisting)
15927
#: serverguide/C/network-auth.xml:2290(programlisting)
15878
15928
#, no-wrap
15879
15929
msgid ""
15880
15930
"\n"
15895
15945
"include /etc/ldap/schema/samba.schema\n"
15896
15946
msgstr ""
15897
15947
15898
#: serverguide/C/network-auth.xml:2290(para)
15948
#: serverguide/C/network-auth.xml:2311(para)
15899
15949
msgid "Have the directory <filename>ldif_output</filename> hold output."
15900
15950
msgstr ""
15901
15951
15902
#: serverguide/C/network-auth.xml:2301(command)
15952
#: serverguide/C/network-auth.xml:2322(command)
15903
15953
msgid ""
15904
15954
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
15905
15955
msgstr ""
15906
15956
15907
#: serverguide/C/network-auth.xml:2302(computeroutput)
15957
#: serverguide/C/network-auth.xml:2323(computeroutput)
15908
15958
#, no-wrap
15909
15959
msgid ""
15910
15960
"\n"
15911
15961
"dn: cn={14}samba,cn=schema,cn=config\n"
15912
15962
msgstr ""
15913
15963
15914
#: serverguide/C/network-auth.xml:2310(para)
15964
#: serverguide/C/network-auth.xml:2331(para)
15915
15965
msgid "Convert the schema to LDIF format:"
15916
15966
msgstr ""
15917
15967
15918
#: serverguide/C/network-auth.xml:2315(command)
15968
#: serverguide/C/network-auth.xml:2336(command)
15919
15969
msgid ""
15920
15970
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
15921
15971
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
15922
15972
msgstr ""
15923
15973
15924
#: serverguide/C/network-auth.xml:2322(para)
15974
#: serverguide/C/network-auth.xml:2343(para)
15925
15975
msgid ""
15926
15976
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
15927
15977
"information to arrive at:"
15928
15978
msgstr ""
15929
15979
15930
#: serverguide/C/network-auth.xml:2326(programlisting)
15980
#: serverguide/C/network-auth.xml:2347(programlisting)
15931
15981
#, no-wrap
15932
15982
msgid ""
15933
15983
"\n"
15936
15986
"cn: samba\n"
15937
15987
msgstr ""
15938
15988
15939
#: serverguide/C/network-auth.xml:2332(para)
15989
#: serverguide/C/network-auth.xml:2353(para)
15940
15990
msgid "Remove the bottom lines:"
15941
15991
msgstr ""
15942
15992
15943
#: serverguide/C/network-auth.xml:2336(programlisting)
15993
#: serverguide/C/network-auth.xml:2357(programlisting)
15944
15994
#, no-wrap
15945
15995
msgid ""
15946
15996
"\n"
15953
16003
"modifyTimestamp: 20080827045234Z\n"
15954
16004
msgstr ""
15955
16005
15956
#: serverguide/C/network-auth.xml:2352(para)
16006
#: serverguide/C/network-auth.xml:2373(para)
15957
16007
msgid "Add the new schema:"
15958
16008
msgstr ""
15959
16009
15960
#: serverguide/C/network-auth.xml:2357(command)
16010
#: serverguide/C/network-auth.xml:2378(command)
15961
16011
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
15962
16012
msgstr ""
15963
16013
15964
#: serverguide/C/network-auth.xml:2360(para)
16014
#: serverguide/C/network-auth.xml:2381(para)
15965
16015
msgid "To query and view this new schema:"
15966
16016
msgstr ""
15967
16017
15968
#: serverguide/C/network-auth.xml:2365(command)
16018
#: serverguide/C/network-auth.xml:2386(command)
15969
16019
msgid ""
15970
16020
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
15971
16021
"'cn=*samba*'"
15972
16022
msgstr ""
15973
16023
15974
#: serverguide/C/network-auth.xml:2375(title)
16024
#: serverguide/C/network-auth.xml:2396(title)
15975
16025
msgid "Samba indices"
15976
16026
msgstr ""
15977
16027
15978
#: serverguide/C/network-auth.xml:2377(para)
16028
#: serverguide/C/network-auth.xml:2398(para)
15979
16029
msgid ""
15980
16030
"Now that slapd knows about the Samba attributes, we can set up some indices "
15981
16031
"based on them. Indexing entries is a way to improve performance when a "
15982
16032
"client performs a filtered search on the DIT."
15983
16033
msgstr ""
15984
16034
15985
#: serverguide/C/network-auth.xml:2382(para)
16035
#: serverguide/C/network-auth.xml:2403(para)
15986
16036
msgid ""
15987
16037
"Create the file <filename>samba_indices.ldif</filename> with the following "
15988
16038
"contents:"
15989
16039
msgstr ""
15990
16040
15991
#: serverguide/C/network-auth.xml:2386(programlisting)
16041
#: serverguide/C/network-auth.xml:2407(programlisting)
15992
16042
#, no-wrap
15993
16043
msgid ""
15994
16044
"\n"
16009
16059
"olcDbIndex: default sub\n"
16010
16060
msgstr ""
16011
16061
16012
#: serverguide/C/network-auth.xml:2404(para)
16062
#: serverguide/C/network-auth.xml:2425(para)
16013
16063
msgid ""
16014
16064
"Using the <application>ldapmodify</application> utility load the new indices:"
16015
16065
msgstr ""
16016
16066
16017
#: serverguide/C/network-auth.xml:2409(command)
16067
#: serverguide/C/network-auth.xml:2430(command)
16018
16068
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16019
16069
msgstr ""
16020
16070
16021
#: serverguide/C/network-auth.xml:2412(para)
16071
#: serverguide/C/network-auth.xml:2433(para)
16022
16072
msgid ""
16023
16073
"If all went well you should see the new indices using "
16024
16074
"<application>ldapsearch</application>:"
16025
16075
msgstr ""
16026
16076
16027
#: serverguide/C/network-auth.xml:2417(command)
16077
#: serverguide/C/network-auth.xml:2438(command)
16028
16078
msgid ""
16029
16079
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16030
16080
"olcDatabase={1}hdb olcDbIndex"
16031
16081
msgstr ""
16032
16082
16033
#: serverguide/C/network-auth.xml:2424(title)
16083
#: serverguide/C/network-auth.xml:2445(title)
16034
16084
msgid "Adding Samba LDAP objects"
16035
16085
msgstr ""
16036
16086
16037
#: serverguide/C/network-auth.xml:2426(para)
16087
#: serverguide/C/network-auth.xml:2452(para)
16038
16088
msgid ""
16039
16089
"Next, configure the <application>smbldap-tools</application> package to "
16040
16090
"match your environment. The package is supposed to come with a configuration "
16045
16095
"smbldap-tools')."
16046
16096
msgstr ""
16047
16097
16048
#: serverguide/C/network-auth.xml:2433(para)
16098
#: serverguide/C/network-auth.xml:2459(para)
16049
16099
msgid ""
16050
16100
"To manually configure the package, you need to create and edit the files "
16051
16101
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16052
16102
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16053
16103
msgstr ""
16054
16104
16055
#: serverguide/C/network-auth.xml:2438(para)
16105
#: serverguide/C/network-auth.xml:2464(para)
16056
16106
msgid ""
16057
16107
"The <application>smbldap-populate</application> script will then add the "
16058
16108
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16059
16109
"your DIT using <application>slapcat</application>:"
16060
16110
msgstr ""
16061
16111
16062
#: serverguide/C/network-auth.xml:2444(command)
16112
#: serverguide/C/network-auth.xml:2473(command)
16063
16113
msgid "sudo slapcat -l backup.ldif"
16064
16114
msgstr ""
16065
16115
16066
#: serverguide/C/network-auth.xml:2447(para)
16116
#: serverguide/C/network-auth.xml:2476(para)
16067
16117
msgid "Once you have a backup proceed to populate your directory:"
16068
16118
msgstr ""
16069
16119
16070
#: serverguide/C/network-auth.xml:2452(command)
16120
#: serverguide/C/network-auth.xml:2481(command)
16071
16121
msgid "sudo smbldap-populate"
16072
16122
msgstr ""
16073
16123
16074
#: serverguide/C/network-auth.xml:2455(para)
16124
#: serverguide/C/network-auth.xml:2484(para)
16075
16125
msgid ""
16076
16126
"You can create a LDIF file containing the new Samba objects by executing "
16077
16127
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16078
16128
"look over the changes making sure everything is correct. If it is, rerun the "
16079
16129
"script without the '-e' switch. Alternatively, you can take the LDIF file "
16080
"and import it's data per usual."
16130
"and import its data per usual."
16081
16131
msgstr ""
16082
16132
16083
#: serverguide/C/network-auth.xml:2461(para)
16133
#: serverguide/C/network-auth.xml:2490(para)
16084
16134
msgid ""
16085
16135
"Your LDAP directory now has the necessary information to authenticate Samba "
16086
16136
"users."
16087
16137
msgstr ""
16088
16138
16089
#: serverguide/C/network-auth.xml:2470(title)
16139
#: serverguide/C/network-auth.xml:2499(title)
16090
16140
msgid "Samba Configuration"
16091
16141
msgstr ""
16092
16142
16093
#: serverguide/C/network-auth.xml:2472(para)
16143
#: serverguide/C/network-auth.xml:2498(para)
16094
16144
msgid ""
16095
16145
"There are multiple ways to configure Samba. For details on some common "
16096
16146
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16097
"LDAP, edit it's configuration file <filename>/etc/samba/smb.conf</filename> "
16147
"LDAP, edit its configuration file <filename>/etc/samba/smb.conf</filename> "
16098
16148
"commenting out the default <emphasis>passdb backend</emphasis> parameter and "
16099
16149
"adding some ldap-related ones:"
16100
16150
msgstr ""
16101
16151
16102
#: serverguide/C/network-auth.xml:2478(programlisting)
16152
#: serverguide/C/network-auth.xml:2507(programlisting)
16103
16153
#, no-wrap
16104
16154
msgid ""
16105
16155
"\n"
16119
16169
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16120
16170
msgstr ""
16121
16171
16122
#: serverguide/C/network-auth.xml:2495(para)
16172
#: serverguide/C/network-auth.xml:2524(para)
16123
16173
msgid "Change the values to match your environment."
16124
16174
msgstr ""
16125
16175
16126
#: serverguide/C/network-auth.xml:2499(para)
16176
#: serverguide/C/network-auth.xml:2528(para)
16127
16177
msgid "Restart <application>samba</application> to enable the new settings:"
16128
16178
msgstr ""
16129
16179
16130
#: serverguide/C/network-auth.xml:2508(para)
16180
#: serverguide/C/network-auth.xml:2537(para)
16131
16181
msgid ""
16132
16182
"Now inform Samba about the rootDN user's password (the one set during the "
16133
16183
"installation of the slapd package):"
16134
16184
msgstr ""
16135
16185
16136
#: serverguide/C/network-auth.xml:2513(command)
16186
#: serverguide/C/network-auth.xml:2542(command)
16137
16187
msgid "sudo smbpasswd -w password"
16138
16188
msgstr ""
16139
16189
16140
#: serverguide/C/network-auth.xml:2516(para)
16190
#: serverguide/C/network-auth.xml:2545(para)
16141
16191
msgid ""
16142
16192
"If you have existing LDAP users that you want to include in your new LDAP-"
16143
16193
"backed Samba they will, of course, also need to be given some of the extra "
16147
16197
"<application>libnss-ldap</application>):"
16148
16198
msgstr ""
16149
16199
16150
#: serverguide/C/network-auth.xml:2524(command)
16200
#: serverguide/C/network-auth.xml:2553(command)
16151
16201
msgid "sudo smbpasswd -a username"
16152
16202
msgstr ""
16153
16203
16154
#: serverguide/C/network-auth.xml:2527(para)
16204
#: serverguide/C/network-auth.xml:2556(para)
16155
16205
msgid ""
16156
16206
"You will prompted to enter a password. It will be considered as the new "
16157
16207
"password for that user. Making it the same as before is reasonable."
16158
16208
msgstr ""
16159
16209
16160
#: serverguide/C/network-auth.xml:2531(para)
16210
#: serverguide/C/network-auth.xml:2560(para)
16161
16211
msgid ""
16162
16212
"To manage user, group, and machine accounts use the utilities provided by "
16163
16213
"the <application>smbldap-tools</application> package. Here are some examples:"
16164
16214
msgstr ""
16165
16215
16166
#: serverguide/C/network-auth.xml:2539(para)
16216
#: serverguide/C/network-auth.xml:2568(para)
16167
16217
msgid "To add a new user:"
16168
16218
msgstr ""
16169
16219
16170
#: serverguide/C/network-auth.xml:2544(command)
16220
#: serverguide/C/network-auth.xml:2573(command)
16171
16221
msgid "sudo smbldap-useradd -a -P username"
16172
16222
msgstr ""
16173
16223
16174
#: serverguide/C/network-auth.xml:2547(para)
16224
#: serverguide/C/network-auth.xml:2576(para)
16175
16225
msgid ""
16176
16226
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16177
16227
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16179
16229
"a password for the user."
16180
16230
msgstr ""
16181
16231
16182
#: serverguide/C/network-auth.xml:2554(para)
16232
#: serverguide/C/network-auth.xml:2583(para)
16183
16233
msgid "To remove a user:"
16184
16234
msgstr ""
16185
16235
16186
#: serverguide/C/network-auth.xml:2559(command)
16236
#: serverguide/C/network-auth.xml:2588(command)
16187
16237
msgid "sudo smbldap-userdel username"
16188
16238
msgstr ""
16189
16239
16190
#: serverguide/C/network-auth.xml:2562(para)
16240
#: serverguide/C/network-auth.xml:2591(para)
16191
16241
msgid ""
16192
16242
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16193
16243
"user's home directory."
16194
16244
msgstr ""
16195
16245
16196
#: serverguide/C/network-auth.xml:2568(para)
16246
#: serverguide/C/network-auth.xml:2597(para)
16197
16247
msgid "To add a group:"
16198
16248
msgstr ""
16199
16249
16200
#: serverguide/C/network-auth.xml:2573(command)
16250
#: serverguide/C/network-auth.xml:2602(command)
16201
16251
msgid "sudo smbldap-groupadd -a groupname"
16202
16252
msgstr ""
16203
16253
16204
#: serverguide/C/network-auth.xml:2576(para)
16254
#: serverguide/C/network-auth.xml:2605(para)
16205
16255
msgid ""
16206
16256
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16207
16257
"a</emphasis> adds the Samba attributes."
16208
16258
msgstr ""
16209
16259
16210
#: serverguide/C/network-auth.xml:2582(para)
16260
#: serverguide/C/network-auth.xml:2611(para)
16211
16261
msgid "To make an existing user a member of a group:"
16212
16262
msgstr ""
16213
16263
16214
#: serverguide/C/network-auth.xml:2587(command)
16264
#: serverguide/C/network-auth.xml:2616(command)
16215
16265
msgid "sudo smbldap-groupmod -m username groupname"
16216
16266
msgstr ""
16217
16267
16218
#: serverguide/C/network-auth.xml:2590(para)
16268
#: serverguide/C/network-auth.xml:2619(para)
16219
16269
msgid ""
16220
16270
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16221
16271
"listing them in comma-separated format."
16222
16272
msgstr ""
16223
16273
16224
#: serverguide/C/network-auth.xml:2596(para)
16274
#: serverguide/C/network-auth.xml:2625(para)
16225
16275
msgid "To remove a user from a group:"
16226
16276
msgstr ""
16227
16277
16228
#: serverguide/C/network-auth.xml:2601(command)
16278
#: serverguide/C/network-auth.xml:2630(command)
16229
16279
msgid "sudo smbldap-groupmod -x username groupname"
16230
16280
msgstr ""
16231
16281
16232
#: serverguide/C/network-auth.xml:2607(para)
16282
#: serverguide/C/network-auth.xml:2636(para)
16233
16283
msgid "To add a Samba machine account:"
16234
16284
msgstr ""
16235
16285
16236
#: serverguide/C/network-auth.xml:2612(command)
16286
#: serverguide/C/network-auth.xml:2641(command)
16237
16287
msgid "sudo smbldap-useradd -t 0 -w username"
16238
16288
msgstr ""
16239
16289
16240
#: serverguide/C/network-auth.xml:2615(para)
16290
#: serverguide/C/network-auth.xml:2644(para)
16241
16291
msgid ""
16242
16292
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16243
16293
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16247
16297
"<application>smbldap-useradd</application>."
16248
16298
msgstr ""
16249
16299
16250
#: serverguide/C/network-auth.xml:2624(para)
16300
#: serverguide/C/network-auth.xml:2653(para)
16251
16301
msgid ""
16252
16302
"There are utilities in the <application>smbldap-tools</application> package "
16253
16303
"that were not covered here. Here is a complete list:"
16254
16304
msgstr ""
16255
16305
16256
#: serverguide/C/network-auth.xml:2629(ulink)
16306
#: serverguide/C/network-auth.xml:2658(ulink)
16257
16307
msgid "smbldap-groupadd"
16258
16308
msgstr ""
16259
16309
16260
#: serverguide/C/network-auth.xml:2630(ulink)
16310
#: serverguide/C/network-auth.xml:2659(ulink)
16261
16311
msgid "smbldap-groupdel"
16262
16312
msgstr ""
16263
16313
16264
#: serverguide/C/network-auth.xml:2631(ulink)
16314
#: serverguide/C/network-auth.xml:2660(ulink)
16265
16315
msgid "smbldap-groupmod"
16266
16316
msgstr ""
16267
16317
16268
#: serverguide/C/network-auth.xml:2632(ulink)
16318
#: serverguide/C/network-auth.xml:2661(ulink)
16269
16319
msgid "smbldap-groupshow"
16270
16320
msgstr ""
16271
16321
16272
#: serverguide/C/network-auth.xml:2633(ulink)
16322
#: serverguide/C/network-auth.xml:2662(ulink)
16273
16323
msgid "smbldap-passwd"
16274
16324
msgstr ""
16275
16325
16276
#: serverguide/C/network-auth.xml:2634(ulink)
16326
#: serverguide/C/network-auth.xml:2663(ulink)
16277
16327
msgid "smbldap-populate"
16278
16328
msgstr ""
16279
16329
16280
#: serverguide/C/network-auth.xml:2635(ulink)
16330
#: serverguide/C/network-auth.xml:2664(ulink)
16281
16331
msgid "smbldap-useradd"
16282
16332
msgstr ""
16283
16333
16284
#: serverguide/C/network-auth.xml:2636(ulink)
16334
#: serverguide/C/network-auth.xml:2665(ulink)
16285
16335
msgid "smbldap-userdel"
16286
16336
msgstr ""
16287
16337
16288
#: serverguide/C/network-auth.xml:2637(ulink)
16338
#: serverguide/C/network-auth.xml:2666(ulink)
16289
16339
msgid "smbldap-userinfo"
16290
16340
msgstr ""
16291
16341
16292
#: serverguide/C/network-auth.xml:2638(ulink)
16342
#: serverguide/C/network-auth.xml:2667(ulink)
16293
16343
msgid "smbldap-userlist"
16294
16344
msgstr ""
16295
16345
16296
#: serverguide/C/network-auth.xml:2639(ulink)
16346
#: serverguide/C/network-auth.xml:2668(ulink)
16297
16347
msgid "smbldap-usermod"
16298
16348
msgstr ""
16299
16349
16300
#: serverguide/C/network-auth.xml:2640(ulink)
16350
#: serverguide/C/network-auth.xml:2669(ulink)
16301
16351
msgid "smbldap-usershow"
16302
16352
msgstr ""
16303
16353
16304
#: serverguide/C/network-auth.xml:2651(para)
16354
#: serverguide/C/network-auth.xml:2677(para)
16305
16355
msgid ""
16306
16356
"For more information on installing and configuring Samba see <xref "
16307
16357
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16308
16358
msgstr ""
16309
16359
16310
#: serverguide/C/network-auth.xml:2657(para)
16360
#: serverguide/C/network-auth.xml:2686(para)
16311
16361
msgid ""
16312
16362
"There are multiple places where LDAP and Samba is documented in the upstream "
16313
16363
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16314
16364
"HOWTO Collection</ulink>."
16315
16365
msgstr ""
16316
16366
16317
#: serverguide/C/network-auth.xml:2664(para)
16367
#: serverguide/C/network-auth.xml:2693(para)
16318
16368
msgid ""
16319
16369
"Regarding the above, see specifically the <ulink "
16320
16370
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16321
16371
"Collection/passdb.html\">passdb section</ulink>."
16322
16372
msgstr ""
16323
16373
16324
#: serverguide/C/network-auth.xml:2670(para)
16374
#: serverguide/C/network-auth.xml:2699(para)
16325
16375
msgid ""
16326
16376
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16327
16377
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16328
16378
"valuable notes."
16329
16379
msgstr ""
16330
16380
16331
#: serverguide/C/network-auth.xml:2676(para)
16381
#: serverguide/C/network-auth.xml:2705(para)
16332
16382
msgid ""
16333
16383
"The main page of the <ulink "
16334
16384
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16336
16386
"prove useful."
16337
16387
msgstr ""
16338
16388
16339
#: serverguide/C/network-auth.xml:2689(title)
16389
#: serverguide/C/network-auth.xml:2718(title)
16340
16390
msgid "Kerberos"
16341
16391
msgstr ""
16342
16392
16343
#: serverguide/C/network-auth.xml:2691(para)
16393
#: serverguide/C/network-auth.xml:2720(para)
16344
16394
msgid ""
16345
16395
"<application>Kerberos</application> is a network authentication system based "
16346
16396
"on the principal of a trusted third party. The other two parties being the "
16349
16399
"network environment one step closer to being Single Sign On (SSO)."
16350
16400
msgstr ""
16351
16401
16352
#: serverguide/C/network-auth.xml:2697(para)
16402
#: serverguide/C/network-auth.xml:2726(para)
16353
16403
msgid ""
16354
16404
"This section covers installation and configuration of a Kerberos server, and "
16355
16405
"some example client configurations."
16356
16406
msgstr ""
16357
16407
16358
#: serverguide/C/network-auth.xml:2702(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:545(title)
16408
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16359
16409
msgid "Overview"
16360
16410
msgstr ""
16361
16411
16362
#: serverguide/C/network-auth.xml:2704(para)
16412
#: serverguide/C/network-auth.xml:2733(para)
16363
16413
msgid ""
16364
16414
"If you are new to Kerberos there are a few terms that are good to understand "
16365
16415
"before setting up a Kerberos server. Most of the terms will relate to things "
16366
16416
"you may be familiar with in other environments:"
16367
16417
msgstr ""
16368
16418
16369
#: serverguide/C/network-auth.xml:2711(para)
16419
#: serverguide/C/network-auth.xml:2740(para)
16370
16420
msgid ""
16371
16421
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16372
16422
"by servers need to be defined as Kerberos Principals."
16373
16423
msgstr ""
16374
16424
16375
#: serverguide/C/network-auth.xml:2716(para)
16425
#: serverguide/C/network-auth.xml:2745(para)
16376
16426
msgid ""
16377
16427
"<emphasis>Instances:</emphasis> are used for service principals and special "
16378
16428
"administrative principals."
16379
16429
msgstr ""
16380
16430
16381
#: serverguide/C/network-auth.xml:2721(para)
16431
#: serverguide/C/network-auth.xml:2750(para)
16382
16432
msgid ""
16383
16433
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16384
16434
"Kerberos installation. Think of it as the domain or group your hosts and "
16387
16437
"as the realm."
16388
16438
msgstr ""
16389
16439
16390
#: serverguide/C/network-auth.xml:2730(para)
16440
#: serverguide/C/network-auth.xml:2759(para)
16391
16441
msgid ""
16392
16442
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16393
16443
"a database of all principals, the authentication server, and the ticket "
16394
16444
"granting server. For each realm there must be at least one KDC."
16395
16445
msgstr ""
16396
16446
16397
#: serverguide/C/network-auth.xml:2736(para)
16447
#: serverguide/C/network-auth.xml:2765(para)
16398
16448
msgid ""
16399
16449
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16400
16450
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16401
16451
"password which is known only to the user and the KDC."
16402
16452
msgstr ""
16403
16453
16404
#: serverguide/C/network-auth.xml:2742(para)
16454
#: serverguide/C/network-auth.xml:2771(para)
16405
16455
msgid ""
16406
16456
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16407
16457
"clients upon request."
16408
16458
msgstr ""
16409
16459
16410
#: serverguide/C/network-auth.xml:2747(para)
16460
#: serverguide/C/network-auth.xml:2776(para)
16411
16461
msgid ""
16412
16462
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16413
16463
"One principal being a user and the other a service requested by the user. "
16415
16465
"authenticated session."
16416
16466
msgstr ""
16417
16467
16418
#: serverguide/C/network-auth.xml:2753(para)
16468
#: serverguide/C/network-auth.xml:2782(para)
16419
16469
msgid ""
16420
16470
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16421
16471
"principal database and contain the encryption key for a service or host."
16422
16472
msgstr ""
16423
16473
16424
#: serverguide/C/network-auth.xml:2760(para)
16474
#: serverguide/C/network-auth.xml:2789(para)
16425
16475
msgid ""
16426
16476
"To put the pieces together, a Realm has at least one KDC, preferably more "
16427
16477
"for redundancy, which contains a database of Principals. When a user "
16433
16483
"entering another username and password."
16434
16484
msgstr ""
16435
16485
16436
#: serverguide/C/network-auth.xml:2769(title)
16486
#: serverguide/C/network-auth.xml:2798(title)
16437
16487
msgid "Kerberos Server"
16438
16488
msgstr ""
16439
16489
16440
#: serverguide/C/network-auth.xml:2773(para)
16490
#: serverguide/C/network-auth.xml:2802(para)
16441
16491
msgid ""
16442
16492
"For this discussion, we will create a MIT Kerberos domain with the following "
16443
16493
"features (edit them to fit your needs):"
16444
16494
msgstr ""
16445
16495
16446
#: serverguide/C/network-auth.xml:2780(para)
16496
#: serverguide/C/network-auth.xml:2809(para)
16447
16497
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16448
16498
msgstr ""
16449
16499
16450
#: serverguide/C/network-auth.xml:2785(para)
16500
#: serverguide/C/network-auth.xml:2814(para)
16451
16501
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16452
16502
msgstr ""
16453
16503
16454
#: serverguide/C/network-auth.xml:2790(para)
16504
#: serverguide/C/network-auth.xml:2819(para)
16455
16505
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16456
16506
msgstr ""
16457
16507
16458
#: serverguide/C/network-auth.xml:2795(para)
16508
#: serverguide/C/network-auth.xml:2824(para)
16459
16509
msgid "<emphasis>User principal:</emphasis> steve"
16460
16510
msgstr ""
16461
16511
16462
#: serverguide/C/network-auth.xml:2800(para)
16512
#: serverguide/C/network-auth.xml:2829(para)
16463
16513
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16464
16514
msgstr ""
16465
16515
16466
#: serverguide/C/network-auth.xml:2807(para)
16516
#: serverguide/C/network-auth.xml:2836(para)
16467
16517
msgid ""
16468
16518
"It is <emphasis>strongly</emphasis> recommended that your network-"
16469
16519
"authenticated users have their uid in a different range (say, starting at "
16470
16520
"5000) than that of your local users."
16471
16521
msgstr ""
16472
16522
16473
#: serverguide/C/network-auth.xml:2813(para)
16523
#: serverguide/C/network-auth.xml:2842(para)
16474
16524
msgid ""
16475
16525
"Before installing the Kerberos server a properly configured DNS server is "
16476
16526
"needed for your domain. Since the Kerberos Realm by convention matches the "
16479
16529
"documentation."
16480
16530
msgstr ""
16481
16531
16482
#: serverguide/C/network-auth.xml:2819(para)
16532
#: serverguide/C/network-auth.xml:2848(para)
16483
16533
msgid ""
16484
16534
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16485
16535
"between a client machine and the server differs by more than five minutes "
16489
16539
"setting up NTP see <xref linkend=\"NTP\"/>."
16490
16540
msgstr ""
16491
16541
16492
#: serverguide/C/network-auth.xml:2827(para)
16542
#: serverguide/C/network-auth.xml:2856(para)
16493
16543
msgid ""
16494
16544
"The first step in creating a Kerberos Realm is to install the "
16495
16545
"<application>krb5-kdc</application> and <application>krb5-admin-"
16496
16546
"server</application> packages. From a terminal enter:"
16497
16547
msgstr ""
16498
16548
16499
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:3040(command)
16549
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16500
16550
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16501
16551
msgstr ""
16502
16552
16503
#: serverguide/C/network-auth.xml:2836(para)
16553
#: serverguide/C/network-auth.xml:2865(para)
16504
16554
msgid ""
16505
16555
"You will be asked at the end of the install to supply the hostname for the "
16506
16556
"Kerberos and Admin servers, which may or may not be the same server, for the "
16507
16557
"realm."
16508
16558
msgstr ""
16509
16559
16510
#: serverguide/C/network-auth.xml:2843(para)
16560
#: serverguide/C/network-auth.xml:2872(para)
16511
16561
msgid "By default the realm is created from the KDC's domain name."
16512
16562
msgstr ""
16513
16563
16514
#: serverguide/C/network-auth.xml:2848(para)
16564
#: serverguide/C/network-auth.xml:2877(para)
16515
16565
msgid ""
16516
16566
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16517
16567
"utility:"
16518
16568
msgstr ""
16519
16569
16520
#: serverguide/C/network-auth.xml:2853(command)
16570
#: serverguide/C/network-auth.xml:2882(command)
16521
16571
msgid "sudo krb5_newrealm"
16522
16572
msgstr ""
16523
16573
16524
#: serverguide/C/network-auth.xml:2860(para)
16574
#: serverguide/C/network-auth.xml:2889(para)
16525
16575
msgid ""
16526
16576
"The questions asked during installation are used to configure the "
16527
16577
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16531
16581
"typing"
16532
16582
msgstr ""
16533
16583
16534
#: serverguide/C/network-auth.xml:2867(command)
16584
#: serverguide/C/network-auth.xml:2896(command)
16535
16585
msgid "sudo dpkg-reconfigure krb5-kdc"
16536
16586
msgstr ""
16537
16587
16538
#: serverguide/C/network-auth.xml:2873(para)
16588
#: serverguide/C/network-auth.xml:2902(para)
16539
16589
msgid ""
16540
16590
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16541
16591
"principal</emphasis> -- is needed. It is recommended to use a different "
16543
16593
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16544
16594
msgstr ""
16545
16595
16546
#: serverguide/C/network-auth.xml:2881(command) serverguide/C/network-auth.xml:3751(command)
16596
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16547
16597
msgid "sudo kadmin.local"
16548
16598
msgstr ""
16549
16599
16550
#: serverguide/C/network-auth.xml:2882(computeroutput)
16600
#: serverguide/C/network-auth.xml:2911(computeroutput)
16551
16601
#, no-wrap
16552
16602
msgid ""
16553
16603
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16554
16604
"kadmin.local:"
16555
16605
msgstr ""
16556
16606
16557
#: serverguide/C/network-auth.xml:2883(userinput)
16607
#: serverguide/C/network-auth.xml:2912(userinput)
16558
16608
#, no-wrap
16559
16609
msgid " addprinc steve/admin"
16560
16610
msgstr ""
16561
16611
16562
#: serverguide/C/network-auth.xml:2884(computeroutput)
16612
#: serverguide/C/network-auth.xml:2913(computeroutput)
16563
16613
#, no-wrap
16564
16614
msgid ""
16565
16615
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16570
16620
"kadmin.local:"
16571
16621
msgstr ""
16572
16622
16573
#: serverguide/C/network-auth.xml:2888(userinput)
16623
#: serverguide/C/network-auth.xml:2917(userinput)
16574
16624
#, no-wrap
16575
16625
msgid " quit"
16576
16626
msgstr ""
16577
16627
16578
#: serverguide/C/network-auth.xml:2891(para)
16628
#: serverguide/C/network-auth.xml:2920(para)
16579
16629
msgid ""
16580
16630
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16581
16631
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16587
16637
"rights."
16588
16638
msgstr ""
16589
16639
16590
#: serverguide/C/network-auth.xml:2901(para)
16640
#: serverguide/C/network-auth.xml:2930(para)
16591
16641
msgid ""
16592
16642
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16593
16643
"your Realm and admin username."
16594
16644
msgstr ""
16595
16645
16596
#: serverguide/C/network-auth.xml:2909(para)
16646
#: serverguide/C/network-auth.xml:2938(para)
16597
16647
msgid ""
16598
16648
"Next, the new admin user needs to have the appropriate Access Control List "
16599
16649
"(ACL) permissions. The permissions are configured in the "
16600
16650
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16601
16651
msgstr ""
16602
16652
16603
#: serverguide/C/network-auth.xml:2914(programlisting)
16653
#: serverguide/C/network-auth.xml:2943(programlisting)
16604
16654
#, no-wrap
16605
16655
msgid ""
16606
16656
"\n"
16607
16657
"steve/admin@EXAMPLE.COM *\n"
16608
16658
msgstr ""
16609
16659
16610
#: serverguide/C/network-auth.xml:2918(para)
16660
#: serverguide/C/network-auth.xml:2947(para)
16611
16661
msgid ""
16612
16662
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16613
16663
"any operation on all principals in the realm. You can configure principals "
16616
16666
"<emphasis>kadm5.acl</emphasis> man page for details."
16617
16667
msgstr ""
16618
16668
16619
#: serverguide/C/network-auth.xml:2930(para)
16669
#: serverguide/C/network-auth.xml:2959(para)
16620
16670
msgid ""
16621
16671
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16622
16672
"to take affect:"
16623
16673
msgstr ""
16624
16674
16625
#: serverguide/C/network-auth.xml:2935(command)
16675
#: serverguide/C/network-auth.xml:2961(command)
16626
16676
msgid "sudo service krb5-admin-server restart"
16627
16677
msgstr ""
16628
16678
16629
#: serverguide/C/network-auth.xml:2941(para)
16679
#: serverguide/C/network-auth.xml:2970(para)
16630
16680
msgid ""
16631
16681
"The new user principal can be tested using the <application>kinit "
16632
16682
"utility</application>:"
16633
16683
msgstr ""
16634
16684
16635
#: serverguide/C/network-auth.xml:2946(command)
16685
#: serverguide/C/network-auth.xml:2975(command)
16636
16686
msgid "kinit steve/admin"
16637
16687
msgstr ""
16638
16688
16639
#: serverguide/C/network-auth.xml:2947(computeroutput)
16689
#: serverguide/C/network-auth.xml:2976(computeroutput)
16640
16690
#, no-wrap
16641
16691
msgid "steve/admin@EXAMPLE.COM's Password:"
16642
16692
msgstr ""
16643
16693
16644
#: serverguide/C/network-auth.xml:2950(para)
16694
#: serverguide/C/network-auth.xml:2979(para)
16645
16695
msgid ""
16646
16696
"After entering the password, use the <application>klist</application> "
16647
16697
"utility to view information about the Ticket Granting Ticket (TGT):"
16648
16698
msgstr ""
16649
16699
16650
#: serverguide/C/network-auth.xml:2956(command) serverguide/C/network-auth.xml:3333(command)
16700
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16651
16701
msgid "klist"
16652
16702
msgstr ""
16653
16703
16654
#: serverguide/C/network-auth.xml:2957(computeroutput)
16704
#: serverguide/C/network-auth.xml:2986(computeroutput)
16655
16705
#, no-wrap
16656
16706
msgid ""
16657
16707
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16661
16711
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16662
16712
msgstr ""
16663
16713
16664
#: serverguide/C/network-auth.xml:2964(para)
16714
#: serverguide/C/network-auth.xml:2993(para)
16665
16715
msgid ""
16666
16716
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
16667
16717
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
16670
16720
"For example:"
16671
16721
msgstr ""
16672
16722
16673
#: serverguide/C/network-auth.xml:2973(programlisting)
16723
#: serverguide/C/network-auth.xml:3002(programlisting)
16674
16724
#, no-wrap
16675
16725
msgid ""
16676
16726
"\n"
16677
16727
"192.168.0.1 kdc01.example.com kdc01\n"
16678
16728
msgstr ""
16679
16729
16680
#: serverguide/C/network-auth.xml:2977(para)
16730
#: serverguide/C/network-auth.xml:3006(para)
16681
16731
msgid ""
16682
16732
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
16683
16733
"This usually happens when you have a Kerberos realm encompassing different "
16684
16734
"networks separated by routers."
16685
16735
msgstr ""
16686
16736
16687
#: serverguide/C/network-auth.xml:2986(para)
16737
#: serverguide/C/network-auth.xml:3015(para)
16688
16738
msgid ""
16689
16739
"The best way to allow clients to automatically determine the KDC for the "
16690
16740
"Realm is using DNS SRV records. Add the following to "
16691
16741
"<filename>/etc/named/db.example.com</filename>:"
16692
16742
msgstr ""
16693
16743
16694
#: serverguide/C/network-auth.xml:2992(programlisting)
16744
#: serverguide/C/network-auth.xml:3021(programlisting)
16695
16745
#, no-wrap
16696
16746
msgid ""
16697
16747
"\n"
16703
16753
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16704
16754
msgstr ""
16705
16755
16706
#: serverguide/C/network-auth.xml:3002(para)
16756
#: serverguide/C/network-auth.xml:3031(para)
16707
16757
msgid ""
16708
16758
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16709
16759
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16710
16760
"KDC."
16711
16761
msgstr ""
16712
16762
16713
#: serverguide/C/network-auth.xml:3008(para)
16763
#: serverguide/C/network-auth.xml:3037(para)
16714
16764
msgid ""
16715
16765
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16716
16766
msgstr ""
16717
16767
16718
#: serverguide/C/network-auth.xml:3015(para)
16768
#: serverguide/C/network-auth.xml:3044(para)
16719
16769
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16720
16770
msgstr ""
16721
16771
16722
#: serverguide/C/network-auth.xml:3022(title)
16772
#: serverguide/C/network-auth.xml:3051(title)
16723
16773
msgid "Secondary KDC"
16724
16774
msgstr ""
16725
16775
16726
#: serverguide/C/network-auth.xml:3024(para)
16776
#: serverguide/C/network-auth.xml:3053(para)
16727
16777
msgid ""
16728
16778
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16729
16779
"practice to have a Secondary KDC in case the primary becomes unavailable. "
16732
16782
"of those networks."
16733
16783
msgstr ""
16734
16784
16735
#: serverguide/C/network-auth.xml:3035(para)
16785
#: serverguide/C/network-auth.xml:3064(para)
16736
16786
msgid ""
16737
16787
"First, install the packages, and when asked for the Kerberos and Admin "
16738
16788
"server names enter the name of the Primary KDC:"
16739
16789
msgstr ""
16740
16790
16741
#: serverguide/C/network-auth.xml:3046(para)
16791
#: serverguide/C/network-auth.xml:3075(para)
16742
16792
msgid ""
16743
16793
"Once you have the packages installed, create the Secondary KDC's host "
16744
16794
"principal. From a terminal prompt, enter:"
16745
16795
msgstr ""
16746
16796
16747
#: serverguide/C/network-auth.xml:3051(command)
16797
#: serverguide/C/network-auth.xml:3080(command)
16748
16798
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16749
16799
msgstr ""
16750
16800
16751
#: serverguide/C/network-auth.xml:3055(para)
16801
#: serverguide/C/network-auth.xml:3084(para)
16752
16802
msgid ""
16753
16803
"After, issuing any <application>kadmin</application> commands you will be "
16754
16804
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16755
16805
"password."
16756
16806
msgstr ""
16757
16807
16758
#: serverguide/C/network-auth.xml:3064(para)
16808
#: serverguide/C/network-auth.xml:3093(para)
16759
16809
msgid "Extract the <emphasis>keytab</emphasis> file:"
16760
16810
msgstr ""
16761
16811
16762
#: serverguide/C/network-auth.xml:3069(command)
16812
#: serverguide/C/network-auth.xml:3098(command)
16763
16813
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16764
16814
msgstr ""
16765
16815
16766
#: serverguide/C/network-auth.xml:3075(para)
16816
#: serverguide/C/network-auth.xml:3104(para)
16767
16817
msgid ""
16768
16818
"There should now be a <filename>keytab.kdc02</filename> in the current "
16769
16819
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16770
16820
msgstr ""
16771
16821
16772
#: serverguide/C/network-auth.xml:3081(command)
16822
#: serverguide/C/network-auth.xml:3110(command)
16773
16823
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16774
16824
msgstr ""
16775
16825
16776
#: serverguide/C/network-auth.xml:3085(para)
16826
#: serverguide/C/network-auth.xml:3114(para)
16777
16827
msgid ""
16778
16828
"If the path to the <filename>keytab.kdc02</filename> file is different "
16779
16829
"adjust accordingly."
16780
16830
msgstr ""
16781
16831
16782
#: serverguide/C/network-auth.xml:3090(para)
16832
#: serverguide/C/network-auth.xml:3119(para)
16783
16833
msgid ""
16784
16834
"Also, you can list the principals in a Keytab file, which can be useful when "
16785
16835
"troubleshooting, using the <application>klist</application> utility:"
16786
16836
msgstr ""
16787
16837
16788
#: serverguide/C/network-auth.xml:3096(command)
16838
#: serverguide/C/network-auth.xml:3125(command)
16789
16839
msgid "sudo klist -k /etc/krb5.keytab"
16790
16840
msgstr ""
16791
16841
16792
#: serverguide/C/network-auth.xml:3099(para)
16842
#: serverguide/C/network-auth.xml:3128(para)
16793
16843
msgid ""
16794
16844
"The <application>-k</application> option indicates the file is a keytab file."
16795
16845
msgstr ""
16796
16846
16797
#: serverguide/C/network-auth.xml:3106(para)
16847
#: serverguide/C/network-auth.xml:3135(para)
16798
16848
msgid ""
16799
16849
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16800
16850
"that lists all KDCs for the Realm. For example, on both primary and "
16801
16851
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16802
16852
msgstr ""
16803
16853
16804
#: serverguide/C/network-auth.xml:3111(programlisting)
16854
#: serverguide/C/network-auth.xml:3140(programlisting)
16805
16855
#, no-wrap
16806
16856
msgid ""
16807
16857
"\n"
16809
16859
"host/kdc02.example.com@EXAMPLE.COM\n"
16810
16860
msgstr ""
16811
16861
16812
#: serverguide/C/network-auth.xml:3119(para)
16862
#: serverguide/C/network-auth.xml:3148(para)
16813
16863
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16814
16864
msgstr ""
16815
16865
16816
#: serverguide/C/network-auth.xml:3124(command)
16866
#: serverguide/C/network-auth.xml:3153(command)
16817
16867
msgid "sudo kdb5_util -s create"
16818
16868
msgstr ""
16819
16869
16820
#: serverguide/C/network-auth.xml:3130(para)
16870
#: serverguide/C/network-auth.xml:3159(para)
16821
16871
msgid ""
16822
16872
"Now start the <application>kpropd</application> daemon, which listens for "
16823
16873
"connections from the <application>kprop</application> utility. "
16824
16874
"<application>kprop</application> is used to transfer dump files:"
16825
16875
msgstr ""
16826
16876
16827
#: serverguide/C/network-auth.xml:3137(command)
16877
#: serverguide/C/network-auth.xml:3166(command)
16828
16878
msgid "sudo kpropd -S"
16829
16879
msgstr ""
16830
16880
16831
#: serverguide/C/network-auth.xml:3143(para)
16881
#: serverguide/C/network-auth.xml:3172(para)
16832
16882
msgid ""
16833
16883
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16834
16884
"of the principal database:"
16835
16885
msgstr ""
16836
16886
16837
#: serverguide/C/network-auth.xml:3148(command)
16887
#: serverguide/C/network-auth.xml:3177(command)
16838
16888
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16839
16889
msgstr ""
16840
16890
16841
#: serverguide/C/network-auth.xml:3154(para)
16891
#: serverguide/C/network-auth.xml:3183(para)
16842
16892
msgid ""
16843
16893
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16844
16894
"<filename>/etc/krb5.keytab</filename>:"
16845
16895
msgstr ""
16846
16896
16847
#: serverguide/C/network-auth.xml:3159(command)
16897
#: serverguide/C/network-auth.xml:3188(command)
16848
16898
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16849
16899
msgstr ""
16850
16900
16851
#: serverguide/C/network-auth.xml:3160(command)
16901
#: serverguide/C/network-auth.xml:3189(command)
16852
16902
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16853
16903
msgstr ""
16854
16904
16855
#: serverguide/C/network-auth.xml:3164(para)
16905
#: serverguide/C/network-auth.xml:3193(para)
16856
16906
msgid ""
16857
16907
"Make sure there is a <emphasis>host</emphasis> for "
16858
16908
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16859
16909
msgstr ""
16860
16910
16861
#: serverguide/C/network-auth.xml:3172(para)
16911
#: serverguide/C/network-auth.xml:3201(para)
16862
16912
msgid ""
16863
16913
"Using the <application>kprop</application> utility push the database to the "
16864
16914
"Secondary KDC:"
16865
16915
msgstr ""
16866
16916
16867
#: serverguide/C/network-auth.xml:3177(command)
16917
#: serverguide/C/network-auth.xml:3206(command)
16868
16918
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16869
16919
msgstr ""
16870
16920
16871
#: serverguide/C/network-auth.xml:3181(para)
16921
#: serverguide/C/network-auth.xml:3210(para)
16872
16922
msgid ""
16873
16923
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16874
16924
"worked. If there is an error message check "
16876
16926
"information."
16877
16927
msgstr ""
16878
16928
16879
#: serverguide/C/network-auth.xml:3187(para)
16929
#: serverguide/C/network-auth.xml:3216(para)
16880
16930
msgid ""
16881
16931
"You may also want to create a <application>cron</application> job to "
16882
16932
"periodically update the database on the Secondary KDC. For example, the "
16884
16934
"split to fit the format of this document):"
16885
16935
msgstr ""
16886
16936
16887
#: serverguide/C/network-auth.xml:3192(programlisting)
16937
#: serverguide/C/network-auth.xml:3221(programlisting)
16888
16938
#, no-wrap
16889
16939
msgid ""
16890
16940
"\n"
16893
16943
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16894
16944
msgstr ""
16895
16945
16896
#: serverguide/C/network-auth.xml:3201(para)
16946
#: serverguide/C/network-auth.xml:3230(para)
16897
16947
msgid ""
16898
16948
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16899
16949
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16900
16950
msgstr ""
16901
16951
16902
#: serverguide/C/network-auth.xml:3207(command)
16952
#: serverguide/C/network-auth.xml:3236(command)
16903
16953
msgid "sudo kdb5_util stash"
16904
16954
msgstr ""
16905
16955
16906
#: serverguide/C/network-auth.xml:3213(para)
16956
#: serverguide/C/network-auth.xml:3242(para)
16907
16957
msgid ""
16908
16958
"Finally, start the <application>krb5-kdc</application> daemon on the "
16909
16959
"Secondary KDC:"
16910
16960
msgstr ""
16911
16961
16912
#: serverguide/C/network-auth.xml:3218(command) serverguide/C/network-auth.xml:3894(command)
16962
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
16913
16963
msgid "sudo service krb5-kdc start"
16914
16964
msgstr ""
16915
16965
16916
#: serverguide/C/network-auth.xml:3224(para)
16966
#: serverguide/C/network-auth.xml:3253(para)
16917
16967
msgid ""
16918
16968
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16919
16969
"for the Realm. You can test this by stopping the <application>krb5-"
16924
16974
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
16925
16975
msgstr ""
16926
16976
16927
#: serverguide/C/network-auth.xml:3235(title)
16977
#: serverguide/C/network-auth.xml:3264(title)
16928
16978
msgid "Kerberos Linux Client"
16929
16979
msgstr ""
16930
16980
16931
#: serverguide/C/network-auth.xml:3237(para)
16981
#: serverguide/C/network-auth.xml:3266(para)
16932
16982
msgid ""
16933
16983
"This section covers configuring a Linux system as a "
16934
16984
"<application>Kerberos</application> client. This will allow access to any "
16935
16985
"kerberized services once a user has successfully logged into the system."
16936
16986
msgstr ""
16937
16987
16938
#: serverguide/C/network-auth.xml:3245(para)
16988
#: serverguide/C/network-auth.xml:3274(para)
16939
16989
msgid ""
16940
16990
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16941
16991
"user</application> and <application>libpam-krb5</application> packages are "
16944
16994
"prompt:"
16945
16995
msgstr ""
16946
16996
16947
#: serverguide/C/network-auth.xml:3252(command)
16997
#: serverguide/C/network-auth.xml:3281(command)
16948
16998
msgid ""
16949
16999
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16950
17000
msgstr ""
16951
17001
16952
#: serverguide/C/network-auth.xml:3255(para)
17002
#: serverguide/C/network-auth.xml:3284(para)
16953
17003
msgid ""
16954
17004
"The <application>auth-client-config</application> package allows simple "
16955
17005
"configuration of PAM for authentication from multiple sources, and the "
16960
17010
"be accessed off the network as well."
16961
17011
msgstr ""
16962
17012
16963
#: serverguide/C/network-auth.xml:3266(para)
17013
#: serverguide/C/network-auth.xml:3295(para)
16964
17014
msgid "To configure the client in a terminal enter:"
16965
17015
msgstr ""
16966
17016
16967
#: serverguide/C/network-auth.xml:3271(command)
17017
#: serverguide/C/network-auth.xml:3300(command)
16968
17018
msgid "sudo dpkg-reconfigure krb5-config"
16969
17019
msgstr ""
16970
17020
16971
#: serverguide/C/network-auth.xml:3274(para)
17021
#: serverguide/C/network-auth.xml:3303(para)
16972
17022
msgid ""
16973
17023
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16974
17024
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16976
17026
"Center (KDC) and Realm Administration server."
16977
17027
msgstr ""
16978
17028
16979
#: serverguide/C/network-auth.xml:3280(para)
17029
#: serverguide/C/network-auth.xml:3309(para)
16980
17030
msgid ""
16981
17031
"The <application>dpkg-reconfigure</application> adds entries to the "
16982
17032
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16983
17033
"entries similar to the following:"
16984
17034
msgstr ""
16985
17035
16986
#: serverguide/C/network-auth.xml:3285(programlisting)
17036
#: serverguide/C/network-auth.xml:3311(programlisting)
16987
17037
#, no-wrap
16988
17038
msgid ""
16989
17039
"\n"
16997
17047
" }\n"
16998
17048
msgstr ""
16999
17049
17000
#: serverguide/C/network-auth.xml:3297(para)
17050
#: serverguide/C/network-auth.xml:3326(para)
17001
17051
msgid ""
17002
17052
"If you set the uid of each of your network-authenticated users to start at "
17003
17053
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17005
17055
"> 5000:"
17006
17056
msgstr ""
17007
17057
17008
#: serverguide/C/network-auth.xml:3305(command)
17058
#: serverguide/C/network-auth.xml:3334(command)
17009
17059
msgid ""
17010
17060
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17011
17061
"for i in common-auth common-session common-account common-password; do sudo "
17013
17063
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17014
17064
msgstr ""
17015
17065
17016
#: serverguide/C/network-auth.xml:3312(para)
17066
#: serverguide/C/network-auth.xml:3341(para)
17017
17067
msgid ""
17018
17068
"This will avoid being asked for the (non-existent) Kerberos password of a "
17019
17069
"locally authenticated user when changing its password using "
17020
17070
"<command>passwd</command>."
17021
17071
msgstr ""
17022
17072
17023
#: serverguide/C/network-auth.xml:3319(para)
17073
#: serverguide/C/network-auth.xml:3348(para)
17024
17074
msgid ""
17025
17075
"You can test the configuration by requesting a ticket using the "
17026
17076
"<application>kinit</application> utility. For example:"
17027
17077
msgstr ""
17028
17078
17029
#: serverguide/C/network-auth.xml:3324(command)
17079
#: serverguide/C/network-auth.xml:3353(command)
17030
17080
msgid "kinit steve@EXAMPLE.COM"
17031
17081
msgstr ""
17032
17082
17033
#: serverguide/C/network-auth.xml:3325(computeroutput)
17083
#: serverguide/C/network-auth.xml:3354(computeroutput)
17034
17084
#, no-wrap
17035
17085
msgid "Password for steve@EXAMPLE.COM:"
17036
17086
msgstr ""
17037
17087
17038
#: serverguide/C/network-auth.xml:3328(para)
17088
#: serverguide/C/network-auth.xml:3357(para)
17039
17089
msgid ""
17040
17090
"When a ticket has been granted, the details can be viewed using "
17041
17091
"<application>klist</application>:"
17042
17092
msgstr ""
17043
17093
17044
#: serverguide/C/network-auth.xml:3334(computeroutput)
17094
#: serverguide/C/network-auth.xml:3363(computeroutput)
17045
17095
#, no-wrap
17046
17096
msgid ""
17047
17097
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17056
17106
"klist: You have no tickets cached"
17057
17107
msgstr ""
17058
17108
17059
#: serverguide/C/network-auth.xml:3346(para)
17109
#: serverguide/C/network-auth.xml:3375(para)
17060
17110
msgid ""
17061
17111
"Next, use the <application>auth-client-config</application> to configure the "
17062
17112
"<application>libpam-krb5</application> module to request a ticket during "
17063
17113
"login:"
17064
17114
msgstr ""
17065
17115
17066
#: serverguide/C/network-auth.xml:3352(command)
17116
#: serverguide/C/network-auth.xml:3381(command)
17067
17117
msgid "sudo auth-client-config -a -p kerberos_example"
17068
17118
msgstr ""
17069
17119
17070
#: serverguide/C/network-auth.xml:3355(para)
17120
#: serverguide/C/network-auth.xml:3384(para)
17071
17121
msgid ""
17072
17122
"You will should now receive a ticket upon successful login authentication."
17073
17123
msgstr ""
17074
17124
17075
#: serverguide/C/network-auth.xml:3366(para)
17125
#: serverguide/C/network-auth.xml:3395(para)
17076
17126
msgid ""
17077
17127
"For more information on MIT's version of Kerberos, see the <ulink "
17078
17128
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17079
17129
msgstr ""
17080
17130
17081
#: serverguide/C/network-auth.xml:3371(para)
17131
#: serverguide/C/network-auth.xml:3400(para)
17082
17132
msgid ""
17083
17133
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17084
17134
"Kerberos</ulink> page has more details."
17085
17135
msgstr ""
17086
17136
17087
#: serverguide/C/network-auth.xml:3376(para)
17137
#: serverguide/C/network-auth.xml:3405(para)
17088
17138
msgid ""
17089
17139
"O'Reilly's <ulink "
17090
17140
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17091
17141
"Guide</ulink> is a great reference when setting up Kerberos."
17092
17142
msgstr ""
17093
17143
17094
#: serverguide/C/network-auth.xml:3382(para)
17144
#: serverguide/C/network-auth.xml:3411(para)
17095
17145
msgid ""
17096
17146
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17097
17147
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17098
17148
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17099
17149
msgstr ""
17100
17150
17101
#: serverguide/C/network-auth.xml:3394(title)
17151
#: serverguide/C/network-auth.xml:3423(title)
17102
17152
msgid "Kerberos and LDAP"
17103
17153
msgstr ""
17104
17154
17105
#: serverguide/C/network-auth.xml:3396(para)
17155
#: serverguide/C/network-auth.xml:3425(para)
17106
17156
msgid ""
17107
17157
"Most people will not use Kerberos by itself; once an user is authenticated "
17108
17158
"(Kerberos), we need to figure out what this user can do (authorization). And "
17109
17159
"that would be the job of programs such as <application>LDAP</application>."
17110
17160
msgstr ""
17111
17161
17112
#: serverguide/C/network-auth.xml:3403(para)
17162
#: serverguide/C/network-auth.xml:3432(para)
17113
17163
msgid ""
17114
17164
"Replicating a Kerberos principal database between two servers can be "
17115
17165
"complicated, and adds an additional user database to your network. "
17119
17169
"<application>OpenLDAP</application> for the principal database."
17120
17170
msgstr ""
17121
17171
17122
#: serverguide/C/network-auth.xml:3411(para)
17172
#: serverguide/C/network-auth.xml:3440(para)
17123
17173
msgid ""
17124
17174
"The examples presented here assume <application>MIT Kerberos</application> "
17125
17175
"and <application>OpenLDAP</application>."
17126
17176
msgstr ""
17127
17177
17128
#: serverguide/C/network-auth.xml:3419(title)
17178
#: serverguide/C/network-auth.xml:3448(title)
17129
17179
msgid "Configuring OpenLDAP"
17130
17180
msgstr ""
17131
17181
17132
#: serverguide/C/network-auth.xml:3421(para)
17182
#: serverguide/C/network-auth.xml:3450(para)
17133
17183
msgid ""
17134
17184
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17135
17185
"<application>OpenLDAP</application> server that has network connectivity to "
17138
17188
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17139
17189
msgstr ""
17140
17190
17141
#: serverguide/C/network-auth.xml:3427(para)
17191
#: serverguide/C/network-auth.xml:3456(para)
17142
17192
msgid ""
17143
17193
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17144
17194
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17145
17195
"linkend=\"openldap-tls\"/> for details."
17146
17196
msgstr ""
17147
17197
17148
#: serverguide/C/network-auth.xml:3433(para)
17198
#: serverguide/C/network-auth.xml:3462(para)
17149
17199
msgid ""
17150
17200
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17151
17201
"edit the ldap database. Many times it is the RootDN. Change its value to "
17152
17202
"reflect your setup."
17153
17203
msgstr ""
17154
17204
17155
#: serverguide/C/network-auth.xml:3442(para)
17205
#: serverguide/C/network-auth.xml:3471(para)
17156
17206
msgid ""
17157
17207
"To load the schema into LDAP, on the LDAP server install the "
17158
17208
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17159
17209
msgstr ""
17160
17210
17161
#: serverguide/C/network-auth.xml:3448(command)
17211
#: serverguide/C/network-auth.xml:3477(command)
17162
17212
msgid "sudo apt-get install krb5-kdc-ldap"
17163
17213
msgstr ""
17164
17214
17165
#: serverguide/C/network-auth.xml:3453(para)
17215
#: serverguide/C/network-auth.xml:3482(para)
17166
17216
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17167
17217
msgstr ""
17168
17218
17169
#: serverguide/C/network-auth.xml:3458(command)
17219
#: serverguide/C/network-auth.xml:3487(command)
17170
17220
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17171
17221
msgstr ""
17172
17222
17173
#: serverguide/C/network-auth.xml:3459(command)
17223
#: serverguide/C/network-auth.xml:3488(command)
17174
17224
msgid ""
17175
17225
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17176
17226
msgstr ""
17177
17227
17178
#: serverguide/C/network-auth.xml:3465(para)
17228
#: serverguide/C/network-auth.xml:3494(para)
17179
17229
msgid ""
17180
17230
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17181
17231
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17183
17233
"linkend=\"openldap-configuration\"/>."
17184
17234
msgstr ""
17185
17235
17186
#: serverguide/C/network-auth.xml:3473(para)
17236
#: serverguide/C/network-auth.xml:3502(para)
17187
17237
msgid ""
17188
17238
"First, create a configuration file named "
17189
17239
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17190
17240
"containing the following lines:"
17191
17241
msgstr ""
17192
17242
17193
#: serverguide/C/network-auth.xml:3478(programlisting)
17243
#: serverguide/C/network-auth.xml:3507(programlisting)
17194
17244
#, no-wrap
17195
17245
msgid ""
17196
17246
"\n"
17209
17259
"include /etc/ldap/schema/kerberos.schema\n"
17210
17260
msgstr ""
17211
17261
17212
#: serverguide/C/network-auth.xml:3498(para)
17262
#: serverguide/C/network-auth.xml:3527(para)
17213
17263
msgid "Create a temporary directory to hold the LDIF files:"
17214
17264
msgstr ""
17215
17265
17216
#: serverguide/C/network-auth.xml:3502(command)
17266
#: serverguide/C/network-auth.xml:3531(command)
17217
17267
msgid "mkdir /tmp/ldif_output"
17218
17268
msgstr ""
17219
17269
17220
#: serverguide/C/network-auth.xml:3508(para)
17270
#: serverguide/C/network-auth.xml:3537(para)
17221
17271
msgid ""
17222
17272
"Now use <application>slapcat</application> to convert the schema files:"
17223
17273
msgstr ""
17224
17274
17225
#: serverguide/C/network-auth.xml:3513(command)
17275
#: serverguide/C/network-auth.xml:3542(command)
17226
17276
msgid ""
17227
17277
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17228
17278
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17229
17279
msgstr ""
17230
17280
17231
#: serverguide/C/network-auth.xml:3517(para)
17281
#: serverguide/C/network-auth.xml:3546(para)
17232
17282
msgid ""
17233
17283
"Change the above file and path names to match your own if they are different."
17234
17284
msgstr ""
17235
17285
17236
#: serverguide/C/network-auth.xml:3524(para)
17286
#: serverguide/C/network-auth.xml:3553(para)
17237
17287
msgid ""
17238
17288
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17239
17289
"changing the following attributes:"
17240
17290
msgstr ""
17241
17291
17242
#: serverguide/C/network-auth.xml:3528(programlisting)
17292
#: serverguide/C/network-auth.xml:3557(programlisting)
17243
17293
#, no-wrap
17244
17294
msgid ""
17245
17295
"\n"
17248
17298
"cn: kerberos\n"
17249
17299
msgstr ""
17250
17300
17251
#: serverguide/C/network-auth.xml:3534(para)
17301
#: serverguide/C/network-auth.xml:3563(para)
17252
17302
msgid "And remove the following lines from the end of the file:"
17253
17303
msgstr ""
17254
17304
17255
#: serverguide/C/network-auth.xml:3538(programlisting)
17305
#: serverguide/C/network-auth.xml:3567(programlisting)
17256
17306
#, no-wrap
17257
17307
msgid ""
17258
17308
"\n"
17265
17315
"modifyTimestamp: 20090111203515Z\n"
17266
17316
msgstr ""
17267
17317
17268
#: serverguide/C/network-auth.xml:3548(para)
17318
#: serverguide/C/network-auth.xml:3577(para)
17269
17319
msgid ""
17270
17320
"The attribute values will vary, just be sure the attributes are removed."
17271
17321
msgstr ""
17272
17322
17273
#: serverguide/C/network-auth.xml:3555(para)
17323
#: serverguide/C/network-auth.xml:3584(para)
17274
17324
msgid "Load the new schema with <application>ldapadd</application>:"
17275
17325
msgstr ""
17276
17326
17277
#: serverguide/C/network-auth.xml:3560(command)
17327
#: serverguide/C/network-auth.xml:3589(command)
17278
17328
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17279
17329
msgstr ""
17280
17330
17281
#: serverguide/C/network-auth.xml:3566(para)
17331
#: serverguide/C/network-auth.xml:3595(para)
17282
17332
msgid ""
17283
17333
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17284
17334
msgstr ""
17285
17335
17286
#: serverguide/C/network-auth.xml:3571(command) serverguide/C/network-auth.xml:3588(command)
17336
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17287
17337
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17288
17338
msgstr ""
17289
17339
17290
#: serverguide/C/network-auth.xml:3573(userinput)
17340
#: serverguide/C/network-auth.xml:3602(userinput)
17291
17341
#, no-wrap
17292
17342
msgid ""
17293
17343
"dn: olcDatabase={1}hdb,cn=config\n"
17295
17345
"olcDbIndex: krbPrincipalName eq,pres,sub"
17296
17346
msgstr ""
17297
17347
17298
#: serverguide/C/network-auth.xml:3572(computeroutput)
17348
#: serverguide/C/network-auth.xml:3601(computeroutput)
17299
17349
#, no-wrap
17300
17350
msgid ""
17301
17351
"Enter LDAP Password:\n"
17304
17354
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17305
17355
msgstr ""
17306
17356
17307
#: serverguide/C/network-auth.xml:3583(para)
17357
#: serverguide/C/network-auth.xml:3612(para)
17308
17358
msgid "Finally, update the Access Control Lists (ACL):"
17309
17359
msgstr ""
17310
17360
17311
#: serverguide/C/network-auth.xml:3590(userinput)
17361
#: serverguide/C/network-auth.xml:3619(userinput)
17312
17362
#, no-wrap
17313
17363
msgid ""
17314
17364
"dn: olcDatabase={1}hdb,cn=config\n"
17324
17374
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17325
17375
msgstr ""
17326
17376
17327
#: serverguide/C/network-auth.xml:3589(computeroutput)
17377
#: serverguide/C/network-auth.xml:3618(computeroutput)
17328
17378
#, no-wrap
17329
17379
msgid ""
17330
17380
"Enter LDAP Password: \n"
17333
17383
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17334
17384
msgstr ""
17335
17385
17336
#: serverguide/C/network-auth.xml:3610(para)
17386
#: serverguide/C/network-auth.xml:3639(para)
17337
17387
msgid ""
17338
17388
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17339
17389
"database."
17340
17390
msgstr ""
17341
17391
17342
#: serverguide/C/network-auth.xml:3616(title)
17392
#: serverguide/C/network-auth.xml:3645(title)
17343
17393
msgid "Primary KDC Configuration"
17344
17394
msgstr ""
17345
17395
17346
#: serverguide/C/network-auth.xml:3618(para)
17396
#: serverguide/C/network-auth.xml:3647(para)
17347
17397
msgid ""
17348
17398
"With <application>OpenLDAP</application> configured it is time to configure "
17349
17399
"the KDC."
17350
17400
msgstr ""
17351
17401
17352
#: serverguide/C/network-auth.xml:3624(para)
17402
#: serverguide/C/network-auth.xml:3653(para)
17353
17403
msgid "First, install the necessary packages, from a terminal enter:"
17354
17404
msgstr ""
17355
17405
17356
#: serverguide/C/network-auth.xml:3629(command) serverguide/C/network-auth.xml:3788(command)
17406
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17357
17407
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17358
17408
msgstr ""
17359
17409
17360
#: serverguide/C/network-auth.xml:3635(para)
17410
#: serverguide/C/network-auth.xml:3664(para)
17361
17411
msgid ""
17362
17412
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17363
17413
"under the appropriate sections:"
17364
17414
msgstr ""
17365
17415
17366
#: serverguide/C/network-auth.xml:3639(programlisting)
17416
#: serverguide/C/network-auth.xml:3668(programlisting)
17367
17417
#, no-wrap
17368
17418
msgid ""
17369
17419
"\n"
17413
17463
" }\n"
17414
17464
msgstr ""
17415
17465
17416
#: serverguide/C/network-auth.xml:3684(para)
17466
#: serverguide/C/network-auth.xml:3713(para)
17417
17467
msgid ""
17418
17468
"Change <emphasis>example.com</emphasis>, "
17419
17469
"<emphasis>dc=example,dc=com</emphasis>, "
17422
17472
"object, and LDAP server for your network."
17423
17473
msgstr ""
17424
17474
17425
#: serverguide/C/network-auth.xml:3693(para)
17475
#: serverguide/C/network-auth.xml:3722(para)
17426
17476
msgid ""
17427
17477
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17428
17478
"the realm:"
17429
17479
msgstr ""
17430
17480
17431
#: serverguide/C/network-auth.xml:3698(command)
17481
#: serverguide/C/network-auth.xml:3727(command)
17432
17482
msgid ""
17433
17483
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17434
17484
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17435
17485
msgstr ""
17436
17486
17437
#: serverguide/C/network-auth.xml:3705(para)
17487
#: serverguide/C/network-auth.xml:3734(para)
17438
17488
msgid ""
17439
17489
"Create a stash of the password used to bind to the LDAP server. This "
17440
17490
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17442
17492
"<filename>/etc/krb5.conf</filename>:"
17443
17493
msgstr ""
17444
17494
17445
#: serverguide/C/network-auth.xml:3711(command) serverguide/C/network-auth.xml:3850(command)
17495
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17446
17496
msgid ""
17447
17497
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17448
17498
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17449
17499
msgstr ""
17450
17500
17451
#: serverguide/C/network-auth.xml:3718(para)
17501
#: serverguide/C/network-auth.xml:3747(para)
17452
17502
msgid "Copy the CA certificate from the LDAP server:"
17453
17503
msgstr ""
17454
17504
17455
#: serverguide/C/network-auth.xml:3723(command)
17505
#: serverguide/C/network-auth.xml:3752(command)
17456
17506
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17457
17507
msgstr ""
17458
17508
17459
#: serverguide/C/network-auth.xml:3724(command)
17509
#: serverguide/C/network-auth.xml:3753(command)
17460
17510
msgid "sudo cp cacert.pem /etc/ssl/certs"
17461
17511
msgstr ""
17462
17512
17463
#: serverguide/C/network-auth.xml:3727(para)
17513
#: serverguide/C/network-auth.xml:3756(para)
17464
17514
msgid ""
17465
17515
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17466
17516
msgstr ""
17467
17517
17468
#: serverguide/C/network-auth.xml:3731(programlisting)
17518
#: serverguide/C/network-auth.xml:3760(programlisting)
17469
17519
#, no-wrap
17470
17520
msgid ""
17471
17521
"\n"
17472
17522
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17473
17523
msgstr ""
17474
17524
17475
#: serverguide/C/network-auth.xml:3736(para)
17525
#: serverguide/C/network-auth.xml:3765(para)
17476
17526
msgid ""
17477
17527
"The certificate will also need to be copied to the Secondary KDC, to allow "
17478
17528
"the connection to the LDAP servers using LDAPS."
17479
17529
msgstr ""
17480
17530
17481
#: serverguide/C/network-auth.xml:3745(para)
17531
#: serverguide/C/network-auth.xml:3774(para)
17482
17532
msgid ""
17483
17533
"You can now add Kerberos principals to the LDAP database, and they will be "
17484
17534
"copied to any other LDAP servers configured for replication. To add a "
17485
17535
"principal using the <application>kadmin.local</application> utility enter:"
17486
17536
msgstr ""
17487
17537
17488
#: serverguide/C/network-auth.xml:3753(userinput)
17538
#: serverguide/C/network-auth.xml:3782(userinput)
17489
17539
#, no-wrap
17490
17540
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17491
17541
msgstr ""
17492
17542
17493
#: serverguide/C/network-auth.xml:3752(computeroutput)
17543
#: serverguide/C/network-auth.xml:3781(computeroutput)
17494
17544
#, no-wrap
17495
17545
msgid ""
17496
17546
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17501
17551
"Principal \"steve@EXAMPLE.COM\" created."
17502
17552
msgstr ""
17503
17553
17504
#: serverguide/C/network-auth.xml:3760(para)
17554
#: serverguide/C/network-auth.xml:3789(para)
17505
17555
msgid ""
17506
17556
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17507
17557
"krbExtraData attributes added to the "
17510
17560
"utilities to test that the user is indeed issued a ticket."
17511
17561
msgstr ""
17512
17562
17513
#: serverguide/C/network-auth.xml:3767(para)
17563
#: serverguide/C/network-auth.xml:3796(para)
17514
17564
msgid ""
17515
17565
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17516
17566
"option is needed to add the Kerberos attributes. Otherwise a new "
17517
17567
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17518
17568
msgstr ""
17519
17569
17520
#: serverguide/C/network-auth.xml:3775(title)
17570
#: serverguide/C/network-auth.xml:3804(title)
17521
17571
msgid "Secondary KDC Configuration"
17522
17572
msgstr ""
17523
17573
17524
#: serverguide/C/network-auth.xml:3777(para)
17574
#: serverguide/C/network-auth.xml:3806(para)
17525
17575
msgid ""
17526
17576
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17527
17577
"one using the normal Kerberos database."
17528
17578
msgstr ""
17529
17579
17530
#: serverguide/C/network-auth.xml:3783(para)
17580
#: serverguide/C/network-auth.xml:3812(para)
17531
17581
msgid "First, install the necessary packages. In a terminal enter:"
17532
17582
msgstr ""
17533
17583
17534
#: serverguide/C/network-auth.xml:3794(para)
17584
#: serverguide/C/network-auth.xml:3823(para)
17535
17585
msgid ""
17536
17586
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17537
17587
msgstr ""
17538
17588
17539
#: serverguide/C/network-auth.xml:3798(programlisting)
17589
#: serverguide/C/network-auth.xml:3827(programlisting)
17540
17590
#, no-wrap
17541
17591
msgid ""
17542
17592
"\n"
17585
17635
" }\n"
17586
17636
msgstr ""
17587
17637
17588
#: serverguide/C/network-auth.xml:3845(para)
17638
#: serverguide/C/network-auth.xml:3874(para)
17589
17639
msgid "Create the stash for the LDAP bind password:"
17590
17640
msgstr ""
17591
17641
17592
#: serverguide/C/network-auth.xml:3857(para)
17642
#: serverguide/C/network-auth.xml:3886(para)
17593
17643
msgid ""
17594
17644
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17595
17645
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17598
17648
"media."
17599
17649
msgstr ""
17600
17650
17601
#: serverguide/C/network-auth.xml:3864(command)
17651
#: serverguide/C/network-auth.xml:3893(command)
17602
17652
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17603
17653
msgstr ""
17604
17654
17605
#: serverguide/C/network-auth.xml:3865(command)
17655
#: serverguide/C/network-auth.xml:3894(command)
17606
17656
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17607
17657
msgstr ""
17608
17658
17609
#: serverguide/C/network-auth.xml:3869(para)
17659
#: serverguide/C/network-auth.xml:3898(para)
17610
17660
msgid ""
17611
17661
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17612
17662
msgstr ""
17613
17663
17614
#: serverguide/C/network-auth.xml:3877(para)
17664
#: serverguide/C/network-auth.xml:3906(para)
17615
17665
msgid ""
17616
17666
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17617
17667
"only,"
17618
17668
msgstr ""
17619
17669
17620
#: serverguide/C/network-auth.xml:3889(para)
17670
#: serverguide/C/network-auth.xml:3918(para)
17621
17671
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17622
17672
msgstr ""
17623
17673
17624
#: serverguide/C/network-auth.xml:3900(para)
17674
#: serverguide/C/network-auth.xml:3929(para)
17625
17675
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17626
17676
msgstr ""
17627
17677
17628
#: serverguide/C/network-auth.xml:3907(para)
17678
#: serverguide/C/network-auth.xml:3936(para)
17629
17679
msgid ""
17630
17680
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17631
17681
"you should be able to continue to authenticate users if one LDAP server, one "
17632
17682
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17633
17683
msgstr ""
17634
17684
17635
#: serverguide/C/network-auth.xml:3919(para)
17685
#: serverguide/C/network-auth.xml:3948(para)
17636
17686
msgid ""
17637
17687
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17638
17688
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17639
17689
"Guide</ulink> has some additional details."
17640
17690
msgstr ""
17641
17691
17642
#: serverguide/C/network-auth.xml:3925(para)
17692
#: serverguide/C/network-auth.xml:3951(para)
17643
17693
msgid ""
17644
17694
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17645
17695
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17649
17699
"l\">kdb5_ldap_util man page</ulink>."
17650
17700
msgstr ""
17651
17701
17652
#: serverguide/C/network-auth.xml:3933(para)
17702
#: serverguide/C/network-auth.xml:3959(para)
17653
17703
msgid ""
17654
17704
"Another useful link is the <ulink "
17655
17705
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17656
17706
"rb5.conf man page</ulink>."
17657
17707
msgstr ""
17658
17708
17659
#: serverguide/C/network-auth.xml:3938(para)
17709
#: serverguide/C/network-auth.xml:3967(para)
17660
17710
msgid ""
17661
17711
"Also, see the <ulink "
17662
17712
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17663
17713
"and LDAP</ulink> Ubuntu wiki page."
17664
17714
msgstr ""
17665
17715
17716
#: serverguide/C/network-auth.xml:3973(title)
17717
msgid "SSSD and Active Directory"
17718
msgstr ""
17719
17720
#: serverguide/C/network-auth.xml:3974(para)
17721
msgid ""
17722
"This section describes the use of sssd to authenticate user logins against "
17723
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17724
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
17725
"However, when authenticating against a Microsoft Windows AD Domain "
17726
"Controller, it was generally necessary to install the POSIX AD extensions on "
17727
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
17728
"requires no modifications to the AD structure."
17729
msgstr ""
17730
17731
#: serverguide/C/network-auth.xml:3978(title)
17732
msgid "Prerequisites, Assumptions, and Requirements"
17733
msgstr ""
17734
17735
#: serverguide/C/network-auth.xml:3981(para)
17736
msgid ""
17737
"This guide does not explain Active Directory, how it works, how to set one "
17738
"up, or how to maintain it. It may not provide “best practices” for your "
17739
"environment."
17740
msgstr ""
17741
17742
#: serverguide/C/network-auth.xml:3983(para)
17743
msgid ""
17744
"This guide assumes that a working Active Directory domain is already "
17745
"configured."
17746
msgstr ""
17747
17748
#: serverguide/C/network-auth.xml:3985(para)
17749
msgid ""
17750
"The domain controller is acting as an authoritative DNS server for the "
17751
"domain."
17752
msgstr ""
17753
17754
#: serverguide/C/network-auth.xml:3987(para)
17755
msgid ""
17756
"The domain controller is the primary DNS resolver as specified in "
17757
"<filename>/etc/resolv.conf</filename>."
17758
msgstr ""
17759
17760
#: serverguide/C/network-auth.xml:3990(para)
17761
msgid ""
17762
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17763
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17764
"(see Resources section for external links)."
17765
msgstr ""
17766
17767
#: serverguide/C/network-auth.xml:3992(para)
17768
msgid ""
17769
"System time is synchronized on the domain controller (necessary for "
17770
"Kerberos)."
17771
msgstr ""
17772
17773
#: serverguide/C/network-auth.xml:3994(para)
17774
msgid ""
17775
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17776
"."
17777
msgstr ""
17778
17779
#: serverguide/C/network-auth.xml:3999(para)
17780
msgid ""
17781
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17782
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17783
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
17784
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
17785
"controllers are needed for this step."
17786
msgstr ""
17787
17788
#: serverguide/C/network-auth.xml:4000(para)
17789
msgid "Install these packages now."
17790
msgstr ""
17791
17792
#: serverguide/C/network-auth.xml:4002(command)
17793
msgid "sudo apt-get install krb5-user samba sssd ntp"
17794
msgstr ""
17795
17796
#: serverguide/C/network-auth.xml:4003(para)
17797
msgid ""
17798
"See the next section for the answers to the questions asked by the "
17799
"<emphasis>krb5-user</emphasis> postinstall script."
17800
msgstr ""
17801
17802
#: serverguide/C/network-auth.xml:4006(title)
17803
msgid "Kerberos Configuration"
17804
msgstr ""
17805
17806
#: serverguide/C/network-auth.xml:4007(para)
17807
msgid ""
17808
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17809
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17810
"server (also the domain controller in this example.) This will write the "
17811
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
17812
"These sections may not be necessary if domain autodiscovery is working. If "
17813
"not, then both are needed."
17814
msgstr ""
17815
17816
#: serverguide/C/network-auth.xml:4008(para)
17817
msgid ""
17818
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17819
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17820
msgstr ""
17821
17822
#: serverguide/C/network-auth.xml:4011(para)
17823
msgid ""
17824
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17825
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17826
"as defaults):"
17827
msgstr ""
17828
17829
#: serverguide/C/network-auth.xml:4012(programlisting)
17830
#, no-wrap
17831
msgid ""
17832
"\n"
17833
"[libdefaults]\n"
17834
"\n"
17835
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
17836
"ticket_lifetime = 24h #\n"
17837
"renew_lifetime = 7d\n"
17838
"\t\t"
17839
msgstr ""
17840
17841
#: serverguide/C/network-auth.xml:4020(para)
17842
msgid ""
17843
"If default_realm is not specified, it may be necessary to log in with "
17844
"“username@domain” instead of “username”."
17845
msgstr ""
17846
17847
#: serverguide/C/network-auth.xml:4022(para)
17848
msgid ""
17849
"The system time on the Active Directory member needs to be consistent with "
17850
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17851
"the domain controller server itself will provide the NTP service. Edit "
17852
"<filename>/etc/ntp.conf</filename>:"
17853
msgstr ""
17854
17855
#: serverguide/C/network-auth.xml:4024(programlisting)
17856
#, no-wrap
17857
msgid ""
17858
"\n"
17859
"server dc.myubuntu.example.com\n"
17860
msgstr ""
17861
17862
#: serverguide/C/network-auth.xml:4031(para)
17863
msgid ""
17864
"Samba will be used to perform netbios/nmbd services related to Active "
17865
"Directory authentication, even if no file shares are exported. Edit the file "
17866
"/etc/samba/smb.conf and add the following to the "
17867
"<emphasis>[global]</emphasis> section:"
17868
msgstr ""
17869
17870
#: serverguide/C/network-auth.xml:4033(programlisting)
17871
#, no-wrap
17872
msgid ""
17873
"\n"
17874
"[global]\n"
17875
"\n"
17876
"workgroup = MYUBUNTU\n"
17877
"client signing = yes\n"
17878
"client use spnego = yes\n"
17879
"kerberos method = secrets and keytab\n"
17880
"realm = MYUBUNTU.EXAMPLE.COM\n"
17881
"security = ads\n"
17882
msgstr ""
17883
17884
#: serverguide/C/network-auth.xml:4044(para)
17885
msgid ""
17886
"Some guides specify that \"password server\" should be specified and pointed "
17887
"to the domain controller. This is only necessary if DNS is not properly set "
17888
"up to find the DC. By default, Samba will display a warning if \"password "
17889
"server\" is specified with \"security = ads\"."
17890
msgstr ""
17891
17892
#: serverguide/C/network-auth.xml:4049(title)
17893
msgid "SSSD Configuration"
17894
msgstr ""
17895
17896
#: serverguide/C/network-auth.xml:4051(para)
17897
msgid ""
17898
"There is no default/example config file for "
17899
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17900
"necessary to create one. This is a minimal working config file:"
17901
msgstr ""
17902
17903
#: serverguide/C/network-auth.xml:4053(programlisting)
17904
#, no-wrap
17905
msgid ""
17906
"\n"
17907
"[sssd]\n"
17908
"services = nss, pam\n"
17909
"config_file_version = 2\n"
17910
"domains = MYUBUNTU.EXAMPLE.COM\n"
17911
"\n"
17912
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
17913
"id_provider = ad\n"
17914
"access_provider = ad\n"
17915
"\n"
17916
"# Use this if users are being logged in at /.\n"
17917
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
17918
"pam_mkhomedir.so\n"
17919
"override_homedir = /home/%d/%u\n"
17920
"\n"
17921
"# Uncomment if the client machine hostname doesn't match the computer object "
17922
"on the DC.\n"
17923
"# ad_hostname = mymachine.myubuntu.example.com\n"
17924
"\n"
17925
"# Uncomment if DNS SRV resolution is not working\n"
17926
"# ad_server = dc.mydomain.example.com\n"
17927
"\n"
17928
"# Uncomment if the AD domain is named differently than the Samba domain\n"
17929
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
17930
"\n"
17931
"# Enumeration is discouraged for performance reasons.\n"
17932
"# enumerate = true\n"
17933
msgstr ""
17934
17935
#: serverguide/C/network-auth.xml:4080(para)
17936
msgid ""
17937
"After saving this file, set the ownership to root and the file permissions "
17938
"to 600:"
17939
msgstr ""
17940
17941
#: serverguide/C/network-auth.xml:4081(command)
17942
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17943
msgstr ""
17944
17945
#: serverguide/C/network-auth.xml:4082(command)
17946
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17947
msgstr ""
17948
17949
#: serverguide/C/network-auth.xml:4084(para)
17950
msgid ""
17951
"If the ownership or permissions are not correct, sssd will refuse to start."
17952
msgstr ""
17953
17954
#: serverguide/C/network-auth.xml:4088(title)
17955
msgid "Verify nsswitch.conf Configuration"
17956
msgstr ""
17957
17958
#: serverguide/C/network-auth.xml:4089(para)
17959
msgid ""
17960
"The post-install script for the sssd package makes some modifications to "
17961
"/etc/nsswitch.conf automatically. It should look something like this:"
17962
msgstr ""
17963
17964
#: serverguide/C/network-auth.xml:4091(programlisting)
17965
#, no-wrap
17966
msgid ""
17967
"\n"
17968
"passwd: compat sss\n"
17969
"group: compat sss\n"
17970
"...\n"
17971
"netgroup: nis sss\n"
17972
"sudoers: files sss\n"
17973
msgstr ""
17974
17975
#: serverguide/C/network-auth.xml:4101(title)
17976
msgid "Modify /etc/hosts"
17977
msgstr ""
17978
17979
#: serverguide/C/network-auth.xml:4102(para)
17980
msgid ""
17981
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17982
"example:"
17983
msgstr ""
17984
17985
#: serverguide/C/network-auth.xml:4103(programlisting)
17986
#, no-wrap
17987
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
17988
msgstr ""
17989
17990
#: serverguide/C/network-auth.xml:4105(para)
17991
msgid "This is useful in conjunction with dynamic DNS updates."
17992
msgstr ""
17993
17994
#: serverguide/C/network-auth.xml:4109(title)
17995
msgid "Join the Active Directory"
17996
msgstr ""
17997
17998
#: serverguide/C/network-auth.xml:4110(para)
17999
msgid "Now, restart ntp and samba and start sssd."
18000
msgstr ""
18001
18002
#: serverguide/C/virtualization.xml:2208(command)
18003
msgid "sudo service ntp restart"
18004
msgstr ""
18005
18006
#: serverguide/C/network-auth.xml:4114(command)
18007
msgid "sudo start sssd"
18008
msgstr ""
18009
18010
#: serverguide/C/network-auth.xml:4116(para)
18011
msgid "Test the configuration by obtaining a Kerberos ticket:"
18012
msgstr ""
18013
18014
#: serverguide/C/network-auth.xml:4118(command)
18015
msgid "sudo kinit Administrator"
18016
msgstr ""
18017
18018
#: serverguide/C/network-auth.xml:4120(para)
18019
msgid "Verify the ticket with:"
18020
msgstr ""
18021
18022
#: serverguide/C/network-auth.xml:4121(command)
18023
msgid "sudo klist"
18024
msgstr ""
18025
18026
#: serverguide/C/network-auth.xml:4123(para)
18027
msgid ""
18028
"If there is a ticket with an expiration date listed, then it is time to join "
18029
"the domain:"
18030
msgstr ""
18031
18032
#: serverguide/C/network-auth.xml:4125(command)
18033
msgid "sudo net ads join -k"
18034
msgstr ""
18035
18036
#: serverguide/C/network-auth.xml:4127(para)
18037
msgid ""
18038
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18039
"probably means that there is no (correct) alias in "
18040
"<filename>/etc/hosts</filename>, and the system could not provide its own "
18041
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
18042
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
18043
"\"Modify /etc/hosts\" above."
18044
msgstr ""
18045
18046
#: serverguide/C/network-auth.xml:4129(para)
18047
msgid ""
18048
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18049
"something is incorrect. Review the prior steps before proceeding)."
18050
msgstr ""
18051
18052
#: serverguide/C/network-auth.xml:4131(para)
18053
msgid ""
18054
"Here are a couple of (optional) checks to verify that the domain join was "
18055
"successful. Note that if the domain was successfully joined but one or both "
18056
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
18057
"Some of the changes appear to be asynchronous."
18058
msgstr ""
18059
18060
#: serverguide/C/network-auth.xml:4133(para)
18061
msgid "Verification option #1:"
18062
msgstr ""
18063
18064
#: serverguide/C/network-auth.xml:4134(para)
18065
msgid ""
18066
"Check the default Organizational Unit for computer accounts in the Active "
18067
"Directory to verify that the computer account was created. (Organizational "
18068
"Units in Active Directory is a topic outside the scope of this guide)."
18069
msgstr ""
18070
18071
#: serverguide/C/network-auth.xml:4136(para)
18072
msgid "Verification option #2"
18073
msgstr ""
18074
18075
#: serverguide/C/network-auth.xml:4137(para)
18076
msgid "Execute this command for a specific AD user (e.g. administrator)"
18077
msgstr ""
18078
18079
#: serverguide/C/network-auth.xml:4138(command)
18080
msgid "getent passwd username"
18081
msgstr ""
18082
18083
#: serverguide/C/network-auth.xml:4140(para)
18084
msgid ""
18085
"If <emphasis>enumerate = true</emphasis> is set in "
18086
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18087
"username argument will list all domain users. This may be useful for "
18088
"testing, but is slow and not recommended for production."
18089
msgstr ""
18090
18091
#: serverguide/C/network-auth.xml:4144(title)
18092
msgid "Test Authentication"
18093
msgstr ""
18094
18095
#: serverguide/C/network-auth.xml:4145(para)
18096
msgid ""
18097
"It should now be possible to authenticate using an Active Directory User's "
18098
"credentials:"
18099
msgstr ""
18100
18101
#: serverguide/C/network-auth.xml:4147(command)
18102
msgid "su - username"
18103
msgstr ""
18104
18105
#: serverguide/C/network-auth.xml:4149(para)
18106
msgid ""
18107
"If this works, then other login methods (getty, ssh) should also work."
18108
msgstr ""
18109
18110
#: serverguide/C/network-auth.xml:4151(para)
18111
msgid ""
18112
"If the computer account was created, indicating that the system was "
18113
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18114
"helpful to review <filename>/etc/pam.d</filename> and "
18115
"<filename>nssswitch.conf</filename> as well as the file changes described "
18116
"earlier in this guide."
18117
msgstr ""
18118
18119
#: serverguide/C/network-auth.xml:4155(title)
18120
msgid "Home directories with pam_mkhomedir (optional)"
18121
msgstr ""
18122
18123
#: serverguide/C/network-auth.xml:4156(para)
18124
msgid ""
18125
"When logging in using an Active Directory user account, it is likely that "
18126
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18127
"will create the user’s home directory on login. Edit "
18128
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
18129
"after <emphasis>session required pam_unix.so:</emphasis>"
18130
msgstr ""
18131
18132
#: serverguide/C/network-auth.xml:4157(programlisting)
18133
#, no-wrap
18134
msgid ""
18135
"\n"
18136
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18137
msgstr ""
18138
18139
#: serverguide/C/network-auth.xml:4161(para)
18140
msgid ""
18141
"This may also need <emphasis>override_homedir</emphasis> in "
18142
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18143
"set."
18144
msgstr ""
18145
18146
#: serverguide/C/network-auth.xml:4165(title)
18147
msgid "Desktop Ubuntu Authentication"
18148
msgstr ""
18149
18150
#: serverguide/C/network-auth.xml:4166(para)
18151
msgid ""
18152
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18153
"Directory accounts. The AD accounts will not show up in the pick list with "
18154
"local users, so lightdm will need to be modified. Edit the file "
18155
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
18156
"append the following two lines:"
18157
msgstr ""
18158
18159
#: serverguide/C/network-auth.xml:4168(programlisting)
18160
#, no-wrap
18161
msgid ""
18162
"\n"
18163
"greeter-show-manual-login=true\n"
18164
"greeter-hide-users=true\n"
18165
msgstr ""
18166
18167
#: serverguide/C/network-auth.xml:4173(para)
18168
msgid ""
18169
"Reboot to restart lightdm. It should now be possible to log in using a "
18170
"domain account using either <emphasis>username</emphasis> or "
18171
"<emphasis>username/username@domain</emphasis> format."
18172
msgstr ""
18173
18174
#: serverguide/C/network-auth.xml:4179(ulink)
18175
msgid "SSSD Project"
18176
msgstr ""
18177
18178
#: serverguide/C/network-auth.xml:4180(ulink)
18179
msgid "DNS Server Configuration guidelines"
18180
msgstr ""
18181
18182
#: serverguide/C/network-auth.xml:4181(ulink)
18183
msgid "Active Directory DNS Zone Entries"
18184
msgstr ""
18185
18186
#: serverguide/C/network-auth.xml:4182(ulink)
18187
msgid "Kerberos config options"
18188
msgstr ""
18189
17666
18190
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
17667
18191
msgid "Device Attributes"
17668
18192
msgstr ""
17671
18195
msgid "Attribute"
17672
18196
msgstr ""
17673
18197
17674
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18198
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
17675
18199
msgid "Description"
17676
18200
msgstr ""
17677
18201
17805
18329
"levels are between 0 and 6. The default value is 2."
17806
18330
msgstr ""
17807
18331
17808
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18332
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
17809
18333
msgid "path_selector"
17810
18334
msgstr ""
17811
18335
17840
18364
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
17841
18365
msgstr ""
17842
18366
17843
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18367
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
17844
18368
msgid "path_grouping_policy"
17845
18369
msgstr ""
17846
18370
17883
18407
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
17884
18408
msgstr ""
17885
18409
17886
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18410
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
17887
18411
msgid "getuid_callout"
17888
18412
msgstr ""
17889
18413
17899
18423
"path identifier. An absolute path is required. <placeholder-1/>"
17900
18424
msgstr ""
17901
18425
17902
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18426
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
17903
18427
msgid "prio"
17904
18428
msgstr ""
17905
18429
17955
18479
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
17956
18480
msgstr ""
17957
18481
17958
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18482
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
17959
18483
msgid "prio_args"
17960
18484
msgstr ""
17961
18485
17967
18491
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
17968
18492
msgstr ""
17969
18493
17970
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18494
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
17971
18495
msgid "features"
17972
18496
msgstr ""
17973
18497
17975
18499
msgid "queue_if_no_path"
17976
18500
msgstr ""
17977
18501
17978
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18502
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
17979
18503
msgid "no_path_retry"
17980
18504
msgstr ""
17981
18505
17995
18519
"feature, see Section, <placeholder-4/>."
17996
18520
msgstr ""
17997
18521
17998
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18522
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
17999
18523
msgid "path_checker"
18000
18524
msgstr ""
18001
18525
18045
18569
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18046
18570
msgstr ""
18047
18571
18048
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18572
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18049
18573
msgid "failback"
18050
18574
msgstr ""
18051
18575
18076
18600
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18077
18601
msgstr ""
18078
18602
18079
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18603
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18080
18604
msgid "rr_min_io"
18081
18605
msgstr ""
18082
18606
18090
18614
"the next path in the current path group.<placeholder-1/>"
18091
18615
msgstr ""
18092
18616
18093
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18617
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18094
18618
msgid "rr_weight"
18095
18619
msgstr ""
18096
18620
18144
18668
msgid "alias"
18145
18669
msgstr ""
18146
18670
18147
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
18671
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
18148
18672
msgid "multipath"
18149
18673
msgstr ""
18150
18674
18181
18705
"devices when it is shut down. <placeholder-2/>"
18182
18706
msgstr ""
18183
18707
18184
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
18708
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
18185
18709
msgid "flush_on_last_del"
18186
18710
msgstr ""
18187
18711
18227
18751
"explicit timeout, in seconds. <placeholder-1/>"
18228
18752
msgstr ""
18229
18753
18230
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
18754
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
18231
18755
msgid "fast_io_fail_tmo"
18232
18756
msgstr ""
18233
18757
18243
18767
"this to off will disable the timeout. <placeholder-1/>"
18244
18768
msgstr ""
18245
18769
18246
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
18770
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
18247
18771
msgid "dev_loss_tmo"
18248
18772
msgstr ""
18249
18773
18925
19449
"IMAP server."
18926
19450
msgstr ""
18927
19451
18928
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1581(title)
19452
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
18929
19453
msgid "Postfix"
18930
19454
msgstr ""
18931
19455
19048
19572
"your Mail Delivery Agent (MDA) to use the same path."
19049
19573
msgstr ""
19050
19574
19051
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19575
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19052
19576
msgid "SMTP Authentication"
19053
19577
msgstr ""
19054
19578
19199
19723
"tls_random_source = dev:/dev/urandom\n"
19200
19724
msgstr ""
19201
19725
19202
#: serverguide/C/mail.xml:229(para)
19726
#: serverguide/C/mail.xml:188(para)
19203
19727
msgid ""
19204
19728
"The postfix initial configuration is complete. Run the following command to "
19205
19729
"restart the postfix daemon:"
19206
19730
msgstr ""
19207
19731
19208
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1632(command)
19732
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1628(command)
19209
19733
msgid "sudo service postfix restart"
19210
19734
msgstr ""
19211
19735
19212
#: serverguide/C/mail.xml:238(para)
19736
#: serverguide/C/mail.xml:197(para)
19213
19737
msgid ""
19214
19738
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
19215
19739
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
19218
19742
"AUTH."
19219
19743
msgstr ""
19220
19744
19221
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
19745
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
19222
19746
msgid "Configuring SASL"
19223
19747
msgstr ""
19224
19748
19225
#: serverguide/C/mail.xml:249(para)
19749
#: serverguide/C/mail.xml:208(para)
19226
19750
msgid ""
19227
19751
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
19228
19752
"enable Dovecot SASL the <application>dovecot-common</application> package "
19229
19753
"will need to be installed. From a terminal prompt enter the following:"
19230
19754
msgstr ""
19231
19755
19232
#: serverguide/C/mail.xml:255(command)
19756
#: serverguide/C/mail.xml:214(command)
19233
19757
msgid "sudo apt-get install dovecot-common"
19234
19758
msgstr ""
19235
19759
19291
19815
"auth_mechanisms = plain login\n"
19292
19816
msgstr ""
19293
19817
19294
#: serverguide/C/mail.xml:298(para)
19818
#: serverguide/C/mail.xml:253(para)
19295
19819
msgid ""
19296
19820
"Once you have <application>Dovecot</application> configured restart it with:"
19297
19821
msgstr ""
19300
19824
msgid "sudo service dovecot restart"
19301
19825
msgstr ""
19302
19826
19303
#: serverguide/C/mail.xml:307(title)
19827
#: serverguide/C/mail.xml:262(title)
19304
19828
msgid "Mail-Stack Delivery"
19305
19829
msgstr ""
19306
19830
19307
#: serverguide/C/mail.xml:309(para)
19831
#: serverguide/C/mail.xml:264(para)
19308
19832
msgid ""
19309
19833
"Another option for configuring <application>Postfix</application> for SMTP-"
19310
19834
"AUTH is using the <application>mail-stack-delivery</application> package "
19315
19839
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
19316
19840
msgstr ""
19317
19841
19318
#: serverguide/C/mail.xml:319(para)
19842
#: serverguide/C/mail.xml:274(para)
19319
19843
msgid ""
19320
19844
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
19321
19845
"server. For example, if you are configuring your server to be a mail "
19323
19847
"the above commands to configure Postfix for SMTP-AUTH."
19324
19848
msgstr ""
19325
19849
19326
#: serverguide/C/mail.xml:326(para)
19850
#: serverguide/C/mail.xml:281(para)
19327
19851
msgid "To install the package, from a terminal prompt enter:"
19328
19852
msgstr ""
19329
19853
19330
#: serverguide/C/mail.xml:331(command)
19854
#: serverguide/C/mail.xml:286(command)
19331
19855
msgid "sudo apt-get install mail-stack-delivery"
19332
19856
msgstr ""
19333
19857
19334
#: serverguide/C/mail.xml:334(para)
19858
#: serverguide/C/mail.xml:289(para)
19335
19859
msgid ""
19336
19860
"You should now have a working mail server, but there are a few options that "
19337
19861
"you may wish to further customize. For example, the package uses the "
19341
19865
"for more details."
19342
19866
msgstr ""
19343
19867
19344
#: serverguide/C/mail.xml:340(para)
19868
#: serverguide/C/mail.xml:295(para)
19345
19869
msgid ""
19346
19870
"Once you have a customized certificate and key for the host, change the "
19347
19871
"following options in <filename>/etc/postfix/main.cf</filename>:"
19348
19872
msgstr ""
19349
19873
19350
#: serverguide/C/mail.xml:344(programlisting)
19874
#: serverguide/C/mail.xml:299(programlisting)
19351
19875
#, no-wrap
19352
19876
msgid ""
19353
19877
"\n"
19355
19879
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
19356
19880
msgstr ""
19357
19881
19358
#: serverguide/C/mail.xml:349(para)
19882
#: serverguide/C/mail.xml:304(para)
19359
19883
msgid "Then restart Postfix:"
19360
19884
msgstr ""
19361
19885
19362
#: serverguide/C/mail.xml:360(para)
19886
#: serverguide/C/mail.xml:315(para)
19363
19887
msgid ""
19364
19888
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
19365
19889
msgstr ""
19366
19890
19367
#: serverguide/C/mail.xml:363(para)
19891
#: serverguide/C/mail.xml:318(para)
19368
19892
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
19369
19893
msgstr ""
19370
19894
19371
#: serverguide/C/mail.xml:368(command)
19895
#: serverguide/C/mail.xml:323(command)
19372
19896
msgid "telnet mail.example.com 25"
19373
19897
msgstr ""
19374
19898
19375
#: serverguide/C/mail.xml:370(para)
19899
#: serverguide/C/mail.xml:325(para)
19376
19900
msgid ""
19377
19901
"After you have established the connection to the postfix mail server, type:"
19378
19902
msgstr ""
19379
19903
19380
#: serverguide/C/mail.xml:374(screen)
19904
#: serverguide/C/mail.xml:329(screen)
19381
19905
#, no-wrap
19382
19906
msgid ""
19383
19907
"\n"
19384
19908
"ehlo mail.example.com\n"
19385
19909
msgstr ""
19386
19910
19387
#: serverguide/C/mail.xml:377(para)
19911
#: serverguide/C/mail.xml:332(para)
19388
19912
msgid ""
19389
19913
"If you see the following lines among others, then everything is working "
19390
19914
"perfectly. Type <command>quit</command> to exit."
19391
19915
msgstr ""
19392
19916
19393
#: serverguide/C/mail.xml:381(programlisting)
19917
#: serverguide/C/mail.xml:336(programlisting)
19394
19918
#, no-wrap
19395
19919
msgid ""
19396
19920
"\n"
19400
19924
"250 8BITMIME\n"
19401
19925
msgstr ""
19402
19926
19403
#: serverguide/C/mail.xml:391(para)
19927
#: serverguide/C/mail.xml:346(para)
19404
19928
msgid ""
19405
19929
"This section introduces some common ways to determine the cause if problems "
19406
19930
"arise."
19407
19931
msgstr ""
19408
19932
19409
#: serverguide/C/mail.xml:395(title)
19933
#: serverguide/C/mail.xml:350(title)
19410
19934
msgid "Escaping chroot"
19411
19935
msgstr ""
19412
19936
19413
#: serverguide/C/mail.xml:396(para)
19937
#: serverguide/C/mail.xml:351(para)
19414
19938
msgid ""
19415
19939
"The Ubuntu <application>postfix</application> package will by default "
19416
19940
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
19417
19941
"This can add greater complexity when troubleshooting problems."
19418
19942
msgstr ""
19419
19943
19420
#: serverguide/C/mail.xml:400(para)
19944
#: serverguide/C/mail.xml:355(para)
19421
19945
msgid ""
19422
19946
"To turn off the chroot operation locate for the following line in the "
19423
19947
"<filename>/etc/postfix/master.cf</filename> configuration file:"
19424
19948
msgstr ""
19425
19949
19426
#: serverguide/C/mail.xml:404(screen)
19950
#: serverguide/C/mail.xml:359(screen)
19427
19951
#, no-wrap
19428
19952
msgid ""
19429
19953
"\n"
19430
19954
"smtp inet n - - - - smtpd\n"
19431
19955
msgstr ""
19432
19956
19433
#: serverguide/C/mail.xml:407(para)
19957
#: serverguide/C/mail.xml:362(para)
19434
19958
msgid "and modify it as follows:"
19435
19959
msgstr ""
19436
19960
19437
#: serverguide/C/mail.xml:410(screen)
19961
#: serverguide/C/mail.xml:365(screen)
19438
19962
#, no-wrap
19439
19963
msgid ""
19440
19964
"\n"
19441
19965
"smtp inet n - n - - smtpd\n"
19442
19966
msgstr ""
19443
19967
19444
#: serverguide/C/mail.xml:413(para)
19968
#: serverguide/C/mail.xml:368(para)
19445
19969
msgid ""
19446
19970
"You will then need to restart Postfix to use the new configuration. From a "
19447
19971
"terminal prompt enter:"
19469
19993
"\t "
19470
19994
msgstr ""
19471
19995
19472
#: serverguide/C/mail.xml:434(title)
19996
#: serverguide/C/mail.xml:376(title)
19473
19997
msgid "Log Files"
19474
19998
msgstr ""
19475
19999
19476
#: serverguide/C/mail.xml:435(para)
20000
#: serverguide/C/mail.xml:377(para)
19477
20001
msgid ""
19478
20002
"<application>Postfix</application> sends all log messages to "
19479
20003
"<filename>/var/log/mail.log</filename>. However error and warning messages "
19482
20006
"<filename>/var/log/mail.warn</filename> respectively."
19483
20007
msgstr ""
19484
20008
19485
#: serverguide/C/mail.xml:440(para)
20009
#: serverguide/C/mail.xml:382(para)
19486
20010
msgid ""
19487
20011
"To see messages entered into the logs in real time you can use the "
19488
20012
"<application>tail -f</application> command:"
19489
20013
msgstr ""
19490
20014
19491
#: serverguide/C/mail.xml:445(command)
20015
#: serverguide/C/mail.xml:387(command)
19492
20016
msgid "tail -f /var/log/mail.err"
19493
20017
msgstr ""
19494
20018
19495
#: serverguide/C/mail.xml:447(para)
20019
#: serverguide/C/mail.xml:389(para)
19496
20020
msgid ""
19497
20021
"The amount of detail that is recorded in the logs can be increased. Below "
19498
20022
"are some configuration options for increasing the log level for some of the "
19499
20023
"areas covered above."
19500
20024
msgstr ""
19501
20025
19502
#: serverguide/C/mail.xml:453(para)
20026
#: serverguide/C/mail.xml:395(para)
19503
20027
msgid ""
19504
20028
"To increase <emphasis>TLS</emphasis> activity logging set the "
19505
20029
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
19506
20030
msgstr ""
19507
20031
19508
#: serverguide/C/mail.xml:457(command)
20032
#: serverguide/C/mail.xml:399(command)
19509
20033
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
19510
20034
msgstr ""
19511
20035
19512
#: serverguide/C/mail.xml:461(para)
20036
#: serverguide/C/mail.xml:403(para)
19513
20037
msgid ""
19514
20038
"If you are having trouble sending or receiving mail from a specific domain "
19515
20039
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
19516
20040
msgstr ""
19517
20041
19518
#: serverguide/C/mail.xml:466(command)
20042
#: serverguide/C/mail.xml:408(command)
19519
20043
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
19520
20044
msgstr ""
19521
20045
19522
#: serverguide/C/mail.xml:470(para)
20046
#: serverguide/C/mail.xml:412(para)
19523
20047
msgid ""
19524
20048
"You can increase the verbosity of any <application>Postfix</application> "
19525
20049
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
19527
20051
"<emphasis>smtp</emphasis> entry:"
19528
20052
msgstr ""
19529
20053
19530
#: serverguide/C/mail.xml:474(programlisting)
20054
#: serverguide/C/mail.xml:416(programlisting)
19531
20055
#, no-wrap
19532
20056
msgid ""
19533
20057
"\n"
19549
20073
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
19550
20074
msgstr ""
19551
20075
19552
#: serverguide/C/mail.xml:491(programlisting)
20076
#: serverguide/C/mail.xml:433(programlisting)
19553
20077
#, no-wrap
19554
20078
msgid ""
19555
20079
"\n"
19564
20088
"reloaded: <command>sudo service dovecot reload</command>."
19565
20089
msgstr ""
19566
20090
19567
#: serverguide/C/mail.xml:504(para)
20091
#: serverguide/C/mail.xml:446(para)
19568
20092
msgid ""
19569
20093
"Some of the options above can drastically increase the amount of information "
19570
20094
"sent to the log files. Remember to return the log level back to normal after "
19572
20096
"new configuration to take affect."
19573
20097
msgstr ""
19574
20098
19575
#: serverguide/C/mail.xml:512(para)
20099
#: serverguide/C/mail.xml:454(para)
19576
20100
msgid ""
19577
20101
"Administering a <application>Postfix</application> server can be a very "
19578
20102
"complicated task. At some point you may need to turn to the Ubuntu community "
19579
20103
"for more experienced help."
19580
20104
msgstr ""
19581
20105
19582
#: serverguide/C/mail.xml:516(para)
20106
#: serverguide/C/mail.xml:458(para)
19583
20107
msgid ""
19584
20108
"A great place to ask for <application>Postfix</application> assistance, and "
19585
20109
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
19589
20113
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
19590
20114
msgstr ""
19591
20115
19592
#: serverguide/C/mail.xml:521(para)
20116
#: serverguide/C/mail.xml:463(para)
19593
20117
msgid ""
19594
20118
"For in depth <application>Postfix</application> information Ubuntu "
19595
20119
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
19596
20120
"Book of Postfix</ulink>."
19597
20121
msgstr ""
19598
20122
19599
#: serverguide/C/mail.xml:525(para)
20123
#: serverguide/C/mail.xml:467(para)
19600
20124
msgid ""
19601
20125
"Finally, the <ulink "
19602
20126
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
19610
20134
"Wiki Postfix</ulink> page has more information."
19611
20135
msgstr ""
19612
20136
19613
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20137
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
19614
20138
msgid "Exim4"
19615
20139
msgstr ""
19616
20140
19617
#: serverguide/C/mail.xml:538(para)
20141
#: serverguide/C/mail.xml:480(para)
19618
20142
msgid ""
19619
20143
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
19620
20144
"developed at the University of Cambridge for use on Unix systems connected "
19624
20148
"<application>sendmail</application>."
19625
20149
msgstr ""
19626
20150
19627
#: serverguide/C/mail.xml:549(para)
20151
#: serverguide/C/mail.xml:491(para)
19628
20152
msgid ""
19629
20153
"To install <application>exim4</application>, run the following command: "
19630
20154
"<screen>\n"
19632
20156
"</screen>"
19633
20157
msgstr ""
19634
20158
19635
#: serverguide/C/mail.xml:558(para)
20159
#: serverguide/C/mail.xml:500(para)
19636
20160
msgid ""
19637
20161
"To configure <application>Exim4</application>, run the following command:"
19638
20162
msgstr ""
19639
20163
19640
#: serverguide/C/mail.xml:562(command)
20164
#: serverguide/C/mail.xml:504(command)
19641
20165
msgid "sudo dpkg-reconfigure exim4-config"
19642
20166
msgstr ""
19643
20167
19644
#: serverguide/C/mail.xml:564(para)
20168
#: serverguide/C/mail.xml:506(para)
19645
20169
msgid ""
19646
20170
"The user interface will be displayed. The user interface lets you configure "
19647
20171
"many parameters. For example, In <application>Exim4</application> the "
19649
20173
"in one file you can configure accordingly in this user interface."
19650
20174
msgstr ""
19651
20175
19652
#: serverguide/C/mail.xml:572(para)
20176
#: serverguide/C/mail.xml:514(para)
19653
20177
msgid ""
19654
20178
"All the parameters you configure in the user interface are stored in "
19655
20179
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
19658
20182
"following command to generate the master configuration file:"
19659
20183
msgstr ""
19660
20184
19661
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20185
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
19662
20186
msgid "sudo update-exim4.conf"
19663
20187
msgstr ""
19664
20188
19665
#: serverguide/C/mail.xml:585(para)
20189
#: serverguide/C/mail.xml:527(para)
19666
20190
msgid ""
19667
20191
"The master configuration file, is generated and it is stored in "
19668
20192
"<filename>/var/lib/exim4/config.autogenerated</filename>."
19669
20193
msgstr ""
19670
20194
19671
#: serverguide/C/mail.xml:591(para)
20195
#: serverguide/C/mail.xml:533(para)
19672
20196
msgid ""
19673
20197
"At any time, you should not edit the master configuration file, "
19674
20198
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
19675
20199
"updated automatically every time you run <command>update-exim4.conf</command>"
19676
20200
msgstr ""
19677
20201
19678
#: serverguide/C/mail.xml:599(para)
20202
#: serverguide/C/mail.xml:541(para)
19679
20203
msgid ""
19680
20204
"You can run the following command to start <application>Exim4</application> "
19681
20205
"daemon."
19685
20209
msgid "sudo service exim4 start"
19686
20210
msgstr ""
19687
20211
19688
#: serverguide/C/mail.xml:609(para)
20212
#: serverguide/C/mail.xml:551(para)
19689
20213
msgid ""
19690
20214
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
19691
20215
msgstr ""
19692
20216
19693
#: serverguide/C/mail.xml:612(para)
20217
#: serverguide/C/mail.xml:554(para)
19694
20218
msgid ""
19695
20219
"The first step is to create a certificate for use with TLS. Enter the "
19696
20220
"following into a terminal prompt:"
19697
20221
msgstr ""
19698
20222
19699
#: serverguide/C/mail.xml:616(command)
20223
#: serverguide/C/mail.xml:558(command)
19700
20224
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19701
20225
msgstr ""
19702
20226
19703
#: serverguide/C/mail.xml:618(para)
20227
#: serverguide/C/mail.xml:560(para)
19704
20228
msgid ""
19705
20229
"Now Exim4 needs to be configured for TLS by editing "
19706
20230
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
19707
20231
"the following:"
19708
20232
msgstr ""
19709
20233
19710
#: serverguide/C/mail.xml:622(programlisting)
20234
#: serverguide/C/mail.xml:564(programlisting)
19711
20235
#, no-wrap
19712
20236
msgid ""
19713
20237
"\n"
19714
20238
"MAIN_TLS_ENABLE = yes\n"
19715
20239
msgstr ""
19716
20240
19717
#: serverguide/C/mail.xml:625(para)
20241
#: serverguide/C/mail.xml:567(para)
19718
20242
msgid ""
19719
20243
"Next you need to configure <application>Exim4</application> to use the "
19720
20244
"<application>saslauthd</application> for authentication. Edit "
19723
20247
"<emphasis>login_saslauthd_server</emphasis> sections:"
19724
20248
msgstr ""
19725
20249
19726
#: serverguide/C/mail.xml:630(programlisting)
20250
#: serverguide/C/mail.xml:572(programlisting)
19727
20251
#, no-wrap
19728
20252
msgid ""
19729
20253
"\n"
19749
20273
" .endif\n"
19750
20274
msgstr ""
19751
20275
19752
#: serverguide/C/mail.xml:652(para)
20276
#: serverguide/C/mail.xml:594(para)
19753
20277
msgid ""
19754
20278
"Additionally, in order for outside mail client to be able to connect to new "
19755
20279
"exim server, new user needs to be added into exim by using the following "
19760
20284
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
19761
20285
msgstr ""
19762
20286
19763
#: serverguide/C/mail.xml:658(para)
20287
#: serverguide/C/mail.xml:600(para)
19764
20288
msgid ""
19765
20289
"Users should protect the new exim password files with the following commands."
19766
20290
msgstr ""
19767
20291
19768
#: serverguide/C/mail.xml:660(command)
20292
#: serverguide/C/mail.xml:602(command)
19769
20293
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
19770
20294
msgstr ""
19771
20295
19772
#: serverguide/C/mail.xml:661(command)
20296
#: serverguide/C/mail.xml:603(command)
19773
20297
msgid "sudo chmod 640 /etc/exim4/passwd"
19774
20298
msgstr ""
19775
20299
19776
#: serverguide/C/mail.xml:663(para)
20300
#: serverguide/C/mail.xml:605(para)
19777
20301
msgid "Finally, update the Exim4 configuration and restart the service:"
19778
20302
msgstr ""
19779
20303
19781
20305
msgid "sudo service exim4 restart"
19782
20306
msgstr ""
19783
20307
19784
#: serverguide/C/mail.xml:673(para)
20308
#: serverguide/C/mail.xml:615(para)
19785
20309
msgid ""
19786
20310
"This section provides details on configuring the saslauthd to provide "
19787
20311
"authentication for <application>Exim4</application>."
19788
20312
msgstr ""
19789
20313
19790
#: serverguide/C/mail.xml:676(para)
20314
#: serverguide/C/mail.xml:618(para)
19791
20315
msgid ""
19792
20316
"The first step is to install the sasl2-bin package. From a terminal prompt "
19793
20317
"enter the following:"
19794
20318
msgstr ""
19795
20319
19796
#: serverguide/C/mail.xml:680(command)
20320
#: serverguide/C/mail.xml:622(command)
19797
20321
msgid "sudo apt-get install sasl2-bin"
19798
20322
msgstr ""
19799
20323
19800
#: serverguide/C/mail.xml:682(para)
20324
#: serverguide/C/mail.xml:624(para)
19801
20325
msgid ""
19802
20326
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
19803
20327
"and set START=no to:"
19804
20328
msgstr ""
19805
20329
19806
#: serverguide/C/mail.xml:688(para)
20330
#: serverguide/C/mail.xml:630(para)
19807
20331
msgid ""
19808
20332
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
19809
20333
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
19810
20334
"service:"
19811
20335
msgstr ""
19812
20336
19813
#: serverguide/C/mail.xml:693(command)
20337
#: serverguide/C/mail.xml:635(command)
19814
20338
msgid "sudo adduser Debian-exim sasl"
19815
20339
msgstr ""
19816
20340
19817
#: serverguide/C/mail.xml:695(para)
20341
#: serverguide/C/mail.xml:637(para)
19818
20342
msgid "Now start the <application>saslauthd</application> service:"
19819
20343
msgstr ""
19820
20344
19822
20346
msgid "sudo service saslauthd start"
19823
20347
msgstr ""
19824
20348
19825
#: serverguide/C/mail.xml:701(para)
20349
#: serverguide/C/mail.xml:643(para)
19826
20350
msgid ""
19827
20351
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
19828
20352
"and SASL authentication."
19829
20353
msgstr ""
19830
20354
19831
#: serverguide/C/mail.xml:710(para)
20355
#: serverguide/C/mail.xml:652(para)
19832
20356
msgid ""
19833
20357
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
19834
20358
"information."
19835
20359
msgstr ""
19836
20360
19837
#: serverguide/C/mail.xml:715(para)
20361
#: serverguide/C/mail.xml:657(para)
19838
20362
msgid ""
19839
20363
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
19840
20364
"server\">Exim4 Book</ulink> available."
19841
20365
msgstr ""
19842
20366
19843
#: serverguide/C/mail.xml:720(para)
20367
#: serverguide/C/mail.xml:662(para)
19844
20368
msgid ""
19845
20369
"Another resource is the <ulink "
19846
20370
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
19847
20371
"page."
19848
20372
msgstr ""
19849
20373
19850
#: serverguide/C/mail.xml:729(title)
20374
#: serverguide/C/mail.xml:671(title)
19851
20375
msgid "Dovecot Server"
19852
20376
msgstr ""
19853
20377
19854
#: serverguide/C/mail.xml:730(para)
20378
#: serverguide/C/mail.xml:672(para)
19855
20379
msgid ""
19856
20380
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
19857
20381
"security primarily in mind. It supports the major mailbox formats: mbox or "
19858
20382
"Maildir. This section explain how to set it up as an imap or pop3 server."
19859
20383
msgstr ""
19860
20384
19861
#: serverguide/C/mail.xml:738(para)
20385
#: serverguide/C/mail.xml:680(para)
19862
20386
msgid ""
19863
20387
"To install <application>dovecot</application>, run the following command in "
19864
20388
"the command prompt:"
19865
20389
msgstr ""
19866
20390
19867
#: serverguide/C/mail.xml:743(command)
20391
#: serverguide/C/mail.xml:685(command)
19868
20392
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
19869
20393
msgstr ""
19870
20394
19871
#: serverguide/C/mail.xml:748(para)
20395
#: serverguide/C/mail.xml:690(para)
19872
20396
msgid ""
19873
20397
"To configure <application>dovecot</application>, you can edit the file "
19874
20398
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
19880
20404
"link>."
19881
20405
msgstr ""
19882
20406
19883
#: serverguide/C/mail.xml:758(para)
20407
#: serverguide/C/mail.xml:700(para)
19884
20408
msgid ""
19885
20409
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
19886
20410
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
19887
20411
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
19888
20412
msgstr ""
19889
20413
19890
#: serverguide/C/mail.xml:764(programlisting)
20414
#: serverguide/C/mail.xml:706(programlisting)
19891
20415
#, no-wrap
19892
20416
msgid ""
19893
20417
"\n"
19912
20436
"following line:"
19913
20437
msgstr ""
19914
20438
19915
#: serverguide/C/mail.xml:780(programlisting)
20439
#: serverguide/C/mail.xml:722(programlisting)
19916
20440
#, no-wrap
19917
20441
msgid ""
19918
20442
"\n"
19921
20445
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
19922
20446
msgstr ""
19923
20447
19924
#: serverguide/C/mail.xml:786(para)
20448
#: serverguide/C/mail.xml:728(para)
19925
20449
msgid ""
19926
20450
"You should configure your Mail Transport Agent (MTA) to transfer the "
19927
20451
"incoming mail to this type of mailbox if it is different from the one you "
19928
20452
"have configured."
19929
20453
msgstr ""
19930
20454
19931
#: serverguide/C/mail.xml:792(para)
20455
#: serverguide/C/mail.xml:734(para)
19932
20456
msgid ""
19933
20457
"Once you have configured dovecot, restart the "
19934
20458
"<application>dovecot</application> daemon in order to test your setup:"
19935
20459
msgstr ""
19936
20460
19937
#: serverguide/C/mail.xml:801(para)
20461
#: serverguide/C/mail.xml:743(para)
19938
20462
msgid ""
19939
20463
"If you have enabled imap, or pop3, you can also try to log in with the "
19940
20464
"commands <command>telnet localhost pop3</command> or <command>telnet "
19942
20466
"installation has been successful:"
19943
20467
msgstr ""
19944
20468
19945
#: serverguide/C/mail.xml:808(programlisting)
20469
#: serverguide/C/mail.xml:750(programlisting)
19946
20470
#, no-wrap
19947
20471
msgid ""
19948
20472
"\n"
19953
20477
"+OK Dovecot ready.\n"
19954
20478
msgstr ""
19955
20479
19956
#: serverguide/C/mail.xml:817(title)
20480
#: serverguide/C/mail.xml:759(title)
19957
20481
msgid "Dovecot SSL Configuration"
19958
20482
msgstr ""
19959
20483
19976
20500
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
19977
20501
msgstr ""
19978
20502
19979
#: serverguide/C/mail.xml:845(title)
20503
#: serverguide/C/mail.xml:786(title)
19980
20504
msgid "Firewall Configuration for an Email Server"
19981
20505
msgstr ""
19982
20506
19983
#: serverguide/C/mail.xml:851(para)
20507
#: serverguide/C/mail.xml:792(para)
19984
20508
msgid "IMAP - 143"
19985
20509
msgstr ""
19986
20510
19987
#: serverguide/C/mail.xml:852(para)
20511
#: serverguide/C/mail.xml:793(para)
19988
20512
msgid "IMAPS - 993"
19989
20513
msgstr ""
19990
20514
19991
#: serverguide/C/mail.xml:853(para)
20515
#: serverguide/C/mail.xml:794(para)
19992
20516
msgid "POP3 - 110"
19993
20517
msgstr ""
19994
20518
19995
#: serverguide/C/mail.xml:854(para)
20519
#: serverguide/C/mail.xml:795(para)
19996
20520
msgid "POP3S - 995"
19997
20521
msgstr ""
19998
20522
19999
#: serverguide/C/mail.xml:846(para)
20523
#: serverguide/C/mail.xml:787(para)
20000
20524
msgid ""
20001
20525
"To access your mail server from another computer, you must configure your "
20002
20526
"firewall to allow connections to the server on the necessary ports. "
20003
20527
"<placeholder-1/>"
20004
20528
msgstr ""
20005
20529
20006
#: serverguide/C/mail.xml:863(para)
20530
#: serverguide/C/mail.xml:804(para)
20007
20531
msgid ""
20008
20532
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20009
20533
"more information."
20010
20534
msgstr ""
20011
20535
20012
#: serverguide/C/mail.xml:868(para)
20536
#: serverguide/C/mail.xml:809(para)
20013
20537
msgid ""
20014
20538
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20015
20539
"Ubuntu Wiki</ulink> page has more details."
20016
20540
msgstr ""
20017
20541
20018
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20542
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20019
20543
msgid "Mailman"
20020
20544
msgstr ""
20021
20545
20022
#: serverguide/C/mail.xml:878(para)
20546
#: serverguide/C/mail.xml:819(para)
20023
20547
msgid ""
20024
20548
"Mailman is an open source program for managing electronic mail discussions "
20025
20549
"and e-newsletter lists. Many open source mailing lists (including all the "
20028
20552
"and maintain."
20029
20553
msgstr ""
20030
20554
20031
#: serverguide/C/mail.xml:888(para)
20555
#: serverguide/C/mail.xml:829(para)
20032
20556
msgid ""
20033
20557
"Mailman provides a web interface for the administrators and users, using an "
20034
20558
"external mail server to send and receive emails. It works perfectly with the "
20035
20559
"following mail servers:"
20036
20560
msgstr ""
20037
20561
20038
#: serverguide/C/mail.xml:899(application)
20562
#: serverguide/C/mail.xml:840(application)
20039
20563
msgid "Exim"
20040
20564
msgstr ""
20041
20565
20042
#: serverguide/C/mail.xml:902(application)
20566
#: serverguide/C/mail.xml:843(application)
20043
20567
msgid "Sendmail"
20044
20568
msgstr ""
20045
20569
20046
#: serverguide/C/mail.xml:905(application)
20570
#: serverguide/C/mail.xml:846(application)
20047
20571
msgid "Qmail"
20048
20572
msgstr ""
20049
20573
20050
#: serverguide/C/mail.xml:910(para)
20574
#: serverguide/C/mail.xml:851(para)
20051
20575
msgid ""
20052
20576
"We will see how to install and configure Mailman with, the Apache web "
20053
20577
"server, and either the Postfix or Exim mail server. If you wish to install "
20054
20578
"Mailman with a different mail server, please refer to the references section."
20055
20579
msgstr ""
20056
20580
20057
#: serverguide/C/mail.xml:917(para)
20581
#: serverguide/C/mail.xml:858(para)
20058
20582
msgid ""
20059
20583
"You only need to install one mail server and "
20060
20584
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20061
20585
msgstr ""
20062
20586
20063
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20587
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20064
20588
msgid "Apache2"
20065
20589
msgstr ""
20066
20590
20067
#: serverguide/C/mail.xml:923(para)
20591
#: serverguide/C/mail.xml:864(para)
20068
20592
msgid ""
20069
20593
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20070
20594
"details."
20071
20595
msgstr ""
20072
20596
20073
#: serverguide/C/mail.xml:929(para)
20597
#: serverguide/C/mail.xml:870(para)
20074
20598
msgid ""
20075
20599
"For instructions on installing and configuring Postfix refer to <xref "
20076
20600
"linkend=\"postfix\"/>"
20077
20601
msgstr ""
20078
20602
20079
#: serverguide/C/mail.xml:935(para)
20603
#: serverguide/C/mail.xml:876(para)
20080
20604
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20081
20605
msgstr ""
20082
20606
20083
#: serverguide/C/mail.xml:938(para)
20607
#: serverguide/C/mail.xml:879(para)
20084
20608
msgid ""
20085
20609
"Once exim4 is installed, the configuration files are stored in the "
20086
20610
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20089
20613
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20090
20614
msgstr ""
20091
20615
20092
#: serverguide/C/mail.xml:945(programlisting)
20616
#: serverguide/C/mail.xml:886(programlisting)
20093
20617
#, no-wrap
20094
20618
msgid ""
20095
20619
"\n"
20096
20620
"dc_use_split_config='true'\n"
20097
20621
msgstr ""
20098
20622
20099
#: serverguide/C/mail.xml:953(para)
20623
#: serverguide/C/mail.xml:894(para)
20100
20624
msgid ""
20101
20625
"To install <application>Mailman</application>, run following command at a "
20102
20626
"terminal prompt:"
20103
20627
msgstr ""
20104
20628
20105
#: serverguide/C/mail.xml:957(command)
20629
#: serverguide/C/mail.xml:898(command)
20106
20630
msgid "sudo apt-get install mailman"
20107
20631
msgstr ""
20108
20632
20109
#: serverguide/C/mail.xml:959(para)
20633
#: serverguide/C/mail.xml:900(para)
20110
20634
msgid ""
20111
20635
"It copies the installation files in "
20112
20636
"<application>/var/lib/mailman</application> directory. It installs the CGI "
20116
20640
"this user."
20117
20641
msgstr ""
20118
20642
20119
#: serverguide/C/mail.xml:971(para)
20643
#: serverguide/C/mail.xml:912(para)
20120
20644
msgid ""
20121
20645
"This section assumes you have successfully installed "
20122
20646
"<application>mailman</application>, <application>apache2</application>, and "
20124
20648
"you just need to configure them."
20125
20649
msgstr ""
20126
20650
20127
#: serverguide/C/mail.xml:980(para)
20651
#: serverguide/C/mail.xml:921(para)
20128
20652
msgid ""
20129
20653
"An example Apache configuration file comes with "
20130
20654
"<application>Mailman</application> and is placed in "
20133
20657
"available</filename>:"
20134
20658
msgstr ""
20135
20659
20136
#: serverguide/C/mail.xml:986(command)
20660
#: serverguide/C/mail.xml:927(command)
20137
20661
msgid ""
20138
20662
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20139
20663
msgstr ""
20140
20664
20141
#: serverguide/C/mail.xml:988(para)
20665
#: serverguide/C/mail.xml:929(para)
20142
20666
msgid ""
20143
20667
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
20144
20668
"Mailman administration site. Now enable the new configuration and restart "
20145
20669
"Apache:"
20146
20670
msgstr ""
20147
20671
20148
#: serverguide/C/mail.xml:993(command)
20672
#: serverguide/C/mail.xml:934(command)
20149
20673
msgid "sudo a2ensite mailman.conf"
20150
20674
msgstr ""
20151
20675
20152
#: serverguide/C/mail.xml:996(para)
20676
#: serverguide/C/mail.xml:937(para)
20153
20677
msgid ""
20154
20678
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
20155
20679
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
20158
20682
"available/mailman.conf</filename> file if you wish to change this behavior."
20159
20683
msgstr ""
20160
20684
20161
#: serverguide/C/mail.xml:1007(para)
20685
#: serverguide/C/mail.xml:948(para)
20162
20686
msgid ""
20163
20687
"For <application>Postfix</application> integration, we will associate the "
20164
20688
"domain lists.example.com with the mailing lists. Please replace "
20165
20689
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20166
20690
msgstr ""
20167
20691
20168
#: serverguide/C/mail.xml:1011(para)
20692
#: serverguide/C/mail.xml:952(para)
20169
20693
msgid ""
20170
20694
"You can use the postconf command to add the necessary configuration to "
20171
20695
"<filename>/etc/postfix/main.cf</filename>:"
20172
20696
msgstr ""
20173
20697
20174
#: serverguide/C/mail.xml:1015(command)
20698
#: serverguide/C/mail.xml:956(command)
20175
20699
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20176
20700
msgstr ""
20177
20701
20178
#: serverguide/C/mail.xml:1016(command)
20702
#: serverguide/C/mail.xml:957(command)
20179
20703
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20180
20704
msgstr ""
20181
20705
20182
#: serverguide/C/mail.xml:1017(command)
20706
#: serverguide/C/mail.xml:958(command)
20183
20707
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20184
20708
msgstr ""
20185
20709
20186
#: serverguide/C/mail.xml:1019(para)
20710
#: serverguide/C/mail.xml:960(para)
20187
20711
msgid ""
20188
20712
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20189
20713
"the following transport:"
20190
20714
msgstr ""
20191
20715
20192
#: serverguide/C/mail.xml:1022(programlisting)
20716
#: serverguide/C/mail.xml:963(programlisting)
20193
20717
#, no-wrap
20194
20718
msgid ""
20195
20719
"\n"
20198
20722
" ${nexthop} ${user}\n"
20199
20723
msgstr ""
20200
20724
20201
#: serverguide/C/mail.xml:1027(para)
20725
#: serverguide/C/mail.xml:968(para)
20202
20726
msgid ""
20203
20727
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20204
20728
"is delivered to a list."
20205
20729
msgstr ""
20206
20730
20207
#: serverguide/C/mail.xml:1030(para)
20731
#: serverguide/C/mail.xml:971(para)
20208
20732
msgid ""
20209
20733
"Associate the domain lists.example.com to the Mailman transport with the "
20210
20734
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20211
20735
msgstr ""
20212
20736
20213
#: serverguide/C/mail.xml:1033(programlisting)
20737
#: serverguide/C/mail.xml:974(programlisting)
20214
20738
#, no-wrap
20215
20739
msgid ""
20216
20740
"\n"
20217
20741
"lists.example.com mailman:\n"
20218
20742
msgstr ""
20219
20743
20220
#: serverguide/C/mail.xml:1036(para)
20744
#: serverguide/C/mail.xml:977(para)
20221
20745
msgid ""
20222
20746
"Now have <application>Postfix</application> build the transport map by "
20223
20747
"entering the following from a terminal prompt:"
20224
20748
msgstr ""
20225
20749
20226
#: serverguide/C/mail.xml:1040(command)
20750
#: serverguide/C/mail.xml:981(command)
20227
20751
msgid "sudo postmap -v /etc/postfix/transport"
20228
20752
msgstr ""
20229
20753
20230
#: serverguide/C/mail.xml:1042(para)
20754
#: serverguide/C/mail.xml:983(para)
20231
20755
msgid "Then restart Postfix to enable the new configurations:"
20232
20756
msgstr ""
20233
20757
20234
#: serverguide/C/mail.xml:1051(para)
20758
#: serverguide/C/mail.xml:992(para)
20235
20759
msgid ""
20236
20760
"Once Exim4 is installed, you can start the Exim server using the following "
20237
20761
"command from a terminal prompt:"
20238
20762
msgstr ""
20239
20763
20240
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
20764
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
20241
20765
msgid "Main"
20242
20766
msgstr ""
20243
20767
20244
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
20768
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
20245
20769
msgid "Transport"
20246
20770
msgstr ""
20247
20771
20248
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
20772
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
20249
20773
msgid "Router"
20250
20774
msgstr ""
20251
20775
20252
#: serverguide/C/mail.xml:1058(para)
20776
#: serverguide/C/mail.xml:999(para)
20253
20777
msgid ""
20254
20778
"In order to make mailman work with Exim4, you need to configure Exim4. As "
20255
20779
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
20261
20785
"is very important."
20262
20786
msgstr ""
20263
20787
20264
#: serverguide/C/mail.xml:1089(programlisting)
20788
#: serverguide/C/mail.xml:1030(programlisting)
20265
20789
#, no-wrap
20266
20790
msgid ""
20267
20791
"\n"
20295
20819
"# end\n"
20296
20820
msgstr ""
20297
20821
20298
#: serverguide/C/mail.xml:1083(para)
20822
#: serverguide/C/mail.xml:1024(para)
20299
20823
msgid ""
20300
20824
"All the configuration files belonging to the main type are stored in the "
20301
20825
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
20303
20827
"config_mailman</filename>: <placeholder-1/>"
20304
20828
msgstr ""
20305
20829
20306
#: serverguide/C/mail.xml:1129(programlisting)
20830
#: serverguide/C/mail.xml:1070(programlisting)
20307
20831
#, no-wrap
20308
20832
msgid ""
20309
20833
"\n"
20321
20845
" group = MM_GID\n"
20322
20846
msgstr ""
20323
20847
20324
#: serverguide/C/mail.xml:1123(para)
20848
#: serverguide/C/mail.xml:1064(para)
20325
20849
msgid ""
20326
20850
"All the configuration files belonging to transport type are stored in the "
20327
20851
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
20329
20853
"config_mailman</filename>: <placeholder-1/>"
20330
20854
msgstr ""
20331
20855
20332
#: serverguide/C/mail.xml:1150(programlisting)
20856
#: serverguide/C/mail.xml:1091(programlisting)
20333
20857
#, no-wrap
20334
20858
msgid ""
20335
20859
"\n"
20343
20867
" transport = mailman_transport\n"
20344
20868
msgstr ""
20345
20869
20346
#: serverguide/C/mail.xml:1146(para)
20870
#: serverguide/C/mail.xml:1087(para)
20347
20871
msgid ""
20348
20872
"All the configuration files belonging to router type are stored in the "
20349
20873
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
20351
20875
"config_mailman</filename>: <placeholder-1/>"
20352
20876
msgstr ""
20353
20877
20354
#: serverguide/C/mail.xml:1163(para)
20878
#: serverguide/C/mail.xml:1104(para)
20355
20879
msgid ""
20356
20880
"The order of main and transport configuration files can be in any order. "
20357
20881
"But, the order of router configuration files must be the same. This "
20361
20885
"details, please refer to the references section."
20362
20886
msgstr ""
20363
20887
20364
#: serverguide/C/mail.xml:1176(para)
20888
#: serverguide/C/mail.xml:1117(para)
20365
20889
msgid ""
20366
20890
"Once mailman is installed, you can run it using the following command:"
20367
20891
msgstr ""
20370
20894
msgid "sudo service mailman start"
20371
20895
msgstr ""
20372
20896
20373
#: serverguide/C/mail.xml:1182(para)
20897
#: serverguide/C/mail.xml:1123(para)
20374
20898
msgid ""
20375
20899
"Once mailman is installed, you should create the default mailing list. Run "
20376
20900
"the following command to create the mailing list:"
20377
20901
msgstr ""
20378
20902
20379
#: serverguide/C/mail.xml:1188(command)
20903
#: serverguide/C/mail.xml:1129(command)
20380
20904
msgid "sudo /usr/sbin/newlist mailman"
20381
20905
msgstr ""
20382
20906
20383
#: serverguide/C/mail.xml:1191(programlisting)
20907
#: serverguide/C/mail.xml:1132(programlisting)
20384
20908
#, no-wrap
20385
20909
msgid ""
20386
20910
"\n"
20411
20935
" # \n"
20412
20936
msgstr ""
20413
20937
20414
#: serverguide/C/mail.xml:1214(para)
20938
#: serverguide/C/mail.xml:1155(para)
20415
20939
msgid ""
20416
20940
"We have configured either Postfix or Exim4 to recognize all emails from "
20417
20941
"mailman. So, it is not mandatory to make any new entries in "
20420
20944
"continuing to next section."
20421
20945
msgstr ""
20422
20946
20423
#: serverguide/C/mail.xml:1222(para)
20947
#: serverguide/C/mail.xml:1163(para)
20424
20948
msgid ""
20425
20949
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
20426
20950
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
20428
20952
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
20429
20953
msgstr ""
20430
20954
20431
#: serverguide/C/mail.xml:1233(title)
20955
#: serverguide/C/mail.xml:1174(title)
20432
20956
msgid "Administration"
20433
20957
msgstr ""
20434
20958
20435
#: serverguide/C/mail.xml:1234(para)
20959
#: serverguide/C/mail.xml:1175(para)
20436
20960
msgid ""
20437
20961
"We assume you have a default installation. The mailman cgi scripts are still "
20438
20962
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
20440
20964
"point your browser to the following url:"
20441
20965
msgstr ""
20442
20966
20443
#: serverguide/C/mail.xml:1242(para)
20967
#: serverguide/C/mail.xml:1183(para)
20444
20968
msgid "http://hostname/cgi-bin/mailman/admin"
20445
20969
msgstr ""
20446
20970
20447
#: serverguide/C/mail.xml:1246(para)
20971
#: serverguide/C/mail.xml:1187(para)
20448
20972
msgid ""
20449
20973
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20450
20974
"screen. If you click the mailing list name, it will ask for your "
20455
20979
"mailing list using the web interface."
20456
20980
msgstr ""
20457
20981
20458
#: serverguide/C/mail.xml:1259(title)
20982
#: serverguide/C/mail.xml:1200(title)
20459
20983
msgid "Users"
20460
20984
msgstr ""
20461
20985
20462
#: serverguide/C/mail.xml:1260(para)
20986
#: serverguide/C/mail.xml:1201(para)
20463
20987
msgid ""
20464
20988
"Mailman provides a web based interface for users. To access this page, point "
20465
20989
"your browser to the following url:"
20466
20990
msgstr ""
20467
20991
20468
#: serverguide/C/mail.xml:1265(para)
20992
#: serverguide/C/mail.xml:1206(para)
20469
20993
msgid "http://hostname/cgi-bin/mailman/listinfo"
20470
20994
msgstr ""
20471
20995
20472
#: serverguide/C/mail.xml:1269(para)
20996
#: serverguide/C/mail.xml:1210(para)
20473
20997
msgid ""
20474
20998
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20475
20999
"screen. If you click the mailing list name, it will display the subscription "
20478
21002
"instructions in the email to subscribe."
20479
21003
msgstr ""
20480
21004
20481
#: serverguide/C/mail.xml:1281(ulink)
21005
#: serverguide/C/mail.xml:1222(ulink)
20482
21006
msgid "GNU Mailman - Installation Manual"
20483
21007
msgstr ""
20484
21008
20485
#: serverguide/C/mail.xml:1285(ulink)
21009
#: serverguide/C/mail.xml:1226(ulink)
20486
21010
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
20487
21011
msgstr ""
20488
21012
20489
#: serverguide/C/mail.xml:1288(para)
21013
#: serverguide/C/mail.xml:1229(para)
20490
21014
msgid ""
20491
21015
"Also, see the <ulink "
20492
21016
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
20493
21017
"Wiki</ulink> page."
20494
21018
msgstr ""
20495
21019
20496
#: serverguide/C/mail.xml:1294(title)
21020
#: serverguide/C/mail.xml:1235(title)
20497
21021
msgid "Mail Filtering"
20498
21022
msgstr ""
20499
21023
20500
#: serverguide/C/mail.xml:1295(para)
21024
#: serverguide/C/mail.xml:1236(para)
20501
21025
msgid ""
20502
21026
"One of the largest issues with email today is the problem of Unsolicited "
20503
21027
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
20505
21029
"the bulk of all email traffic on the Internet."
20506
21030
msgstr ""
20507
21031
20508
#: serverguide/C/mail.xml:1300(para)
21032
#: serverguide/C/mail.xml:1241(para)
20509
21033
msgid ""
20510
21034
"This section will cover integrating <application>Amavisd-new</application>, "
20511
21035
"<application>Spamassassin</application>, and "
20519
21043
"spf</application>."
20520
21044
msgstr ""
20521
21045
20522
#: serverguide/C/mail.xml:1310(para)
21046
#: serverguide/C/mail.xml:1251(para)
20523
21047
msgid ""
20524
21048
"<application>Amavisd-new</application> is a wrapper program that can call "
20525
21049
"any number of content filtering programs for spam detection, antivirus, etc."
20526
21050
msgstr ""
20527
21051
20528
#: serverguide/C/mail.xml:1316(para)
21052
#: serverguide/C/mail.xml:1257(para)
20529
21053
msgid ""
20530
21054
"<application>Spamassassin</application> uses a variety of mechanisms to "
20531
21055
"filter email based on the message content."
20532
21056
msgstr ""
20533
21057
20534
#: serverguide/C/mail.xml:1321(para)
21058
#: serverguide/C/mail.xml:1262(para)
20535
21059
msgid ""
20536
21060
"<application>ClamAV</application> is an open source antivirus application."
20537
21061
msgstr ""
20538
21062
20539
#: serverguide/C/mail.xml:1326(para)
21063
#: serverguide/C/mail.xml:1267(para)
20540
21064
msgid ""
20541
21065
"<application>opendkim</application> implements a Sendmail Mail Filter "
20542
21066
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
20543
21067
msgstr ""
20544
21068
20545
#: serverguide/C/mail.xml:1332(para)
21069
#: serverguide/C/mail.xml:1273(para)
20546
21070
msgid ""
20547
21071
"<application>python-policyd-spf</application> enables Sender Policy "
20548
21072
"Framework (SPF) checking with <application>Postfix</application>."
20549
21073
msgstr ""
20550
21074
20551
#: serverguide/C/mail.xml:1337(para)
21075
#: serverguide/C/mail.xml:1278(para)
20552
21076
msgid "This is how the pieces fit together:"
20553
21077
msgstr ""
20554
21078
20555
#: serverguide/C/mail.xml:1342(para)
21079
#: serverguide/C/mail.xml:1283(para)
20556
21080
msgid "An email message is accepted by <application>Postfix</application>."
20557
21081
msgstr ""
20558
21082
20559
#: serverguide/C/mail.xml:1347(para)
21083
#: serverguide/C/mail.xml:1288(para)
20560
21084
msgid ""
20561
21085
"The message is passed through any external filters "
20562
21086
"<application>opendkim</application> and <application>python-policyd-"
20563
21087
"spf</application> in this case."
20564
21088
msgstr ""
20565
21089
20566
#: serverguide/C/mail.xml:1353(para)
21090
#: serverguide/C/mail.xml:1294(para)
20567
21091
msgid "<application>Amavisd-new</application> then processes the message."
20568
21092
msgstr ""
20569
21093
20570
#: serverguide/C/mail.xml:1358(para)
21094
#: serverguide/C/mail.xml:1299(para)
20571
21095
msgid ""
20572
21096
"<application>ClamAV</application> is used to scan the message. If the "
20573
21097
"message contains a virus <application>Postfix</application> will reject the "
20574
21098
"message."
20575
21099
msgstr ""
20576
21100
20577
#: serverguide/C/mail.xml:1364(para)
21101
#: serverguide/C/mail.xml:1305(para)
20578
21102
msgid ""
20579
21103
"Clean messages will then be analyzed by "
20580
21104
"<application>Spamassassin</application> to find out if the message is spam. "
20583
21107
"message."
20584
21108
msgstr ""
20585
21109
20586
#: serverguide/C/mail.xml:1371(para)
21110
#: serverguide/C/mail.xml:1312(para)
20587
21111
msgid ""
20588
21112
"For example, if a message has a Spam score of over fifty the message could "
20589
21113
"be automatically dropped from the queue without the recipient ever having to "
20592
21116
"see fit."
20593
21117
msgstr ""
20594
21118
20595
#: serverguide/C/mail.xml:1378(para)
21119
#: serverguide/C/mail.xml:1319(para)
20596
21120
msgid ""
20597
21121
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20598
21122
"configuring Postfix."
20599
21123
msgstr ""
20600
21124
20601
#: serverguide/C/mail.xml:1381(para)
21125
#: serverguide/C/mail.xml:1322(para)
20602
21126
msgid ""
20603
21127
"To install the rest of the applications enter the following from a terminal "
20604
21128
"prompt:"
20605
21129
msgstr ""
20606
21130
20607
#: serverguide/C/mail.xml:1385(command)
21131
#: serverguide/C/mail.xml:1326(command)
20608
21132
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20609
21133
msgstr ""
20610
21134
20611
#: serverguide/C/mail.xml:1386(command)
21135
#: serverguide/C/mail.xml:1327(command)
20612
21136
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
20613
21137
msgstr ""
20614
21138
20615
#: serverguide/C/mail.xml:1388(para)
21139
#: serverguide/C/mail.xml:1329(para)
20616
21140
msgid ""
20617
21141
"There are some optional packages that integrate with "
20618
21142
"<application>Spamassassin</application> for better spam detection:"
20619
21143
msgstr ""
20620
21144
20621
#: serverguide/C/mail.xml:1392(command)
21145
#: serverguide/C/mail.xml:1333(command)
20622
21146
msgid "sudo apt-get install pyzor razor"
20623
21147
msgstr ""
20624
21148
20625
#: serverguide/C/mail.xml:1394(para)
21149
#: serverguide/C/mail.xml:1335(para)
20626
21150
msgid ""
20627
21151
"Along with the main filtering applications compression utilities are needed "
20628
21152
"to process some email attachments:"
20629
21153
msgstr ""
20630
21154
20631
#: serverguide/C/mail.xml:1398(command)
21155
#: serverguide/C/mail.xml:1339(command)
20632
21156
msgid ""
20633
21157
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20634
21158
msgstr ""
20635
21159
20636
#: serverguide/C/mail.xml:1401(para)
21160
#: serverguide/C/mail.xml:1342(para)
20637
21161
msgid ""
20638
21162
"If some packages are not found, check that the "
20639
21163
"<emphasis>multiverse</emphasis> repository is enabled in "
20640
21164
"<filename>/etc/apt/sources.list</filename>"
20641
21165
msgstr ""
20642
21166
20643
#: serverguide/C/mail.xml:1402(para)
21167
#: serverguide/C/mail.xml:1343(para)
20644
21168
msgid ""
20645
21169
"If you make changes to the file, be sure to run <command>sudo apt-get "
20646
21170
"update</command> before trying to install again."
20647
21171
msgstr ""
20648
21172
20649
#: serverguide/C/mail.xml:1407(para)
21173
#: serverguide/C/mail.xml:1348(para)
20650
21174
msgid "Now configure everything to work together and filter email."
20651
21175
msgstr ""
20652
21176
20653
#: serverguide/C/mail.xml:1411(title)
21177
#: serverguide/C/mail.xml:1352(title)
20654
21178
msgid "ClamAV"
20655
21179
msgstr ""
20656
21180
20657
#: serverguide/C/mail.xml:1412(para)
21181
#: serverguide/C/mail.xml:1353(para)
20658
21182
msgid ""
20659
21183
"The default behaviour of <application>ClamAV</application> will fit our "
20660
21184
"needs. For more ClamAV configuration options, check the configuration files "
20661
21185
"in <filename>/etc/clamav</filename>."
20662
21186
msgstr ""
20663
21187
20664
#: serverguide/C/mail.xml:1417(para)
21188
#: serverguide/C/mail.xml:1358(para)
20665
21189
msgid ""
20666
21190
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20667
21191
"group in order for <application>Amavisd-new</application> to have the "
20668
21192
"appropriate access to scan files:"
20669
21193
msgstr ""
20670
21194
20671
#: serverguide/C/mail.xml:1422(command)
21195
#: serverguide/C/mail.xml:1363(command)
20672
21196
msgid "sudo adduser clamav amavis"
20673
21197
msgstr ""
20674
21198
20675
#: serverguide/C/mail.xml:1423(command)
21199
#: serverguide/C/mail.xml:1364(command)
20676
21200
msgid "sudo adduser amavis clamav"
20677
21201
msgstr ""
20678
21202
20679
#: serverguide/C/mail.xml:1427(title)
21203
#: serverguide/C/mail.xml:1368(title)
20680
21204
msgid "Spamassassin"
20681
21205
msgstr ""
20682
21206
20683
#: serverguide/C/mail.xml:1428(para)
21207
#: serverguide/C/mail.xml:1369(para)
20684
21208
msgid ""
20685
21209
"Spamassassin automatically detects optional components and will use them if "
20686
21210
"they are present. This means that there is no need to configure "
20687
21211
"<application>pyzor</application> and <application>razor</application>."
20688
21212
msgstr ""
20689
21213
20690
#: serverguide/C/mail.xml:1432(para)
21214
#: serverguide/C/mail.xml:1373(para)
20691
21215
msgid ""
20692
21216
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20693
21217
"<application>Spamassassin</application> daemon. Change "
20694
21218
"<emphasis>ENABLED=0</emphasis> to:"
20695
21219
msgstr ""
20696
21220
20697
#: serverguide/C/mail.xml:1436(programlisting)
21221
#: serverguide/C/mail.xml:1377(programlisting)
20698
21222
#, no-wrap
20699
21223
msgid ""
20700
21224
"\n"
20701
21225
"ENABLED=1\n"
20702
21226
msgstr ""
20703
21227
20704
#: serverguide/C/mail.xml:1439(para)
21228
#: serverguide/C/mail.xml:1380(para)
20705
21229
msgid "Now start the daemon:"
20706
21230
msgstr ""
20707
21231
20709
21233
msgid "sudo service spamassassin start"
20710
21234
msgstr ""
20711
21235
20712
#: serverguide/C/mail.xml:1447(title)
21236
#: serverguide/C/mail.xml:1388(title)
20713
21237
msgid "Amavisd-new"
20714
21238
msgstr ""
20715
21239
20716
#: serverguide/C/mail.xml:1448(para)
21240
#: serverguide/C/mail.xml:1389(para)
20717
21241
msgid ""
20718
21242
"First activate spam and antivirus detection in <application>Amavisd-"
20719
21243
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
20720
21244
"content_filter_mode</filename>:"
20721
21245
msgstr ""
20722
21246
20723
#: serverguide/C/mail.xml:1452(programlisting)
21247
#: serverguide/C/mail.xml:1393(programlisting)
20724
21248
#, no-wrap
20725
21249
msgid ""
20726
21250
"\n"
20751
21275
"1; # insure a defined return\n"
20752
21276
msgstr ""
20753
21277
20754
#: serverguide/C/mail.xml:1477(para)
20755
msgid ""
20756
"Bouncing spam can be a bad idea as the return address is often faked. "
20757
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
20758
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
20759
"D_BOUNCE, as follows:"
20760
msgstr ""
20761
20762
#: serverguide/C/mail.xml:1483(programlisting)
20763
#, no-wrap
20764
msgid ""
20765
"\n"
20766
"$final_spam_destiny = D_DISCARD;\n"
20767
msgstr ""
20768
20769
#: serverguide/C/mail.xml:1487(para)
21278
#: serverguide/C/mail.xml:1419(para)
21279
msgid ""
21280
"Bouncing spam can be a bad idea as the return address is often faked. The "
21281
"default behaviour is to instead discard. This is configured in "
21282
"<filename>/etc/amavis/conf.d/21-debian_defaults</filename> where "
21283
"<emphasis>$final_spam_destiny</emphasis> is set to D_DISCARD rather than "
21284
"D_BOUNCE."
21285
msgstr ""
21286
21287
#: serverguide/C/mail.xml:1425(para)
20770
21288
msgid ""
20771
21289
"Additionally, you may want to adjust the following options to flag more "
20772
21290
"messages as spam:"
20773
21291
msgstr ""
20774
21292
20775
#: serverguide/C/mail.xml:1491(programlisting)
21293
#: serverguide/C/mail.xml:1429(programlisting)
20776
21294
#, no-wrap
20777
21295
msgid ""
20778
21296
"\n"
20783
21301
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
20784
21302
msgstr ""
20785
21303
20786
#: serverguide/C/mail.xml:1498(para)
21304
#: serverguide/C/mail.xml:1436(para)
20787
21305
msgid ""
20788
21306
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
20789
21307
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
20792
21310
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
20793
21311
msgstr ""
20794
21312
20795
#: serverguide/C/mail.xml:1505(programlisting)
21313
#: serverguide/C/mail.xml:1443(programlisting)
20796
21314
#, no-wrap
20797
21315
msgid ""
20798
21316
"\n"
20800
21318
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
20801
21319
msgstr ""
20802
21320
20803
#: serverguide/C/mail.xml:1510(para)
21321
#: serverguide/C/mail.xml:1448(para)
20804
21322
msgid ""
20805
21323
"If you want to cover multiple domains you can use the following in "
20806
21324
"the<filename>/etc/amavis/conf.d/50-user</filename>"
20807
21325
msgstr ""
20808
21326
20809
#: serverguide/C/mail.xml:1513(programlisting)
21327
#: serverguide/C/mail.xml:1451(programlisting)
20810
21328
#, no-wrap
20811
21329
msgid ""
20812
21330
"\n"
20813
21331
"@local_domains_acl = qw(.);\n"
20814
21332
msgstr ""
20815
21333
20816
#: serverguide/C/mail.xml:1517(para)
21334
#: serverguide/C/mail.xml:1455(para)
20817
21335
msgid ""
20818
21336
"After configuration <application>Amavisd-new</application> needs to be "
20819
21337
"restarted:"
20820
21338
msgstr ""
20821
21339
20822
#: serverguide/C/mail.xml:1521(command) serverguide/C/mail.xml:1568(command)
21340
#: serverguide/C/mail.xml:1517(command) serverguide/C/mail.xml:1564(command)
20823
21341
msgid "sudo service amavis restart"
20824
21342
msgstr ""
20825
21343
20826
#: serverguide/C/mail.xml:1524(title)
21344
#: serverguide/C/mail.xml:1462(title)
20827
21345
msgid "DKIM Whitelist"
20828
21346
msgstr ""
20829
21347
20830
#: serverguide/C/mail.xml:1526(para)
21348
#: serverguide/C/mail.xml:1464(para)
20831
21349
msgid ""
20832
21350
"<application>Amavisd-new</application> can be configured to automatically "
20833
21351
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
20835
21353
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
20836
21354
msgstr ""
20837
21355
20838
#: serverguide/C/mail.xml:1532(para)
21356
#: serverguide/C/mail.xml:1470(para)
20839
21357
msgid "There are multiple ways to configure the Whitelist for a domain:"
20840
21358
msgstr ""
20841
21359
20842
#: serverguide/C/mail.xml:1538(para)
21360
#: serverguide/C/mail.xml:1476(para)
20843
21361
msgid ""
20844
21362
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20845
21363
"address from the \"example.com\" domain."
20846
21364
msgstr ""
20847
21365
20848
#: serverguide/C/mail.xml:1543(para)
21366
#: serverguide/C/mail.xml:1481(para)
20849
21367
msgid ""
20850
21368
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20851
21369
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
20852
21370
"have a valid signature."
20853
21371
msgstr ""
20854
21372
20855
#: serverguide/C/mail.xml:1549(para)
21373
#: serverguide/C/mail.xml:1487(para)
20856
21374
msgid ""
20857
21375
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
20858
21376
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
20859
21377
"role=\"italic\">example.com</emphasis> the parent domain."
20860
21378
msgstr ""
20861
21379
20862
#: serverguide/C/mail.xml:1555(para)
21380
#: serverguide/C/mail.xml:1493(para)
20863
21381
msgid ""
20864
21382
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
20865
21383
"that have a valid signature from \"example.com\". This is usually used for "
20866
21384
"discussion groups that sign their messages."
20867
21385
msgstr ""
20868
21386
20869
#: serverguide/C/mail.xml:1562(para)
21387
#: serverguide/C/mail.xml:1500(para)
20870
21388
msgid ""
20871
21389
"A domain can also have multiple Whitelist configurations. After editing the "
20872
21390
"file, restart <application>amavisd-new</application>:"
20873
21391
msgstr ""
20874
21392
20875
#: serverguide/C/mail.xml:1572(para)
21393
#: serverguide/C/mail.xml:1510(para)
20876
21394
msgid ""
20877
21395
"In this context, once a domain has been added to the Whitelist the message "
20878
21396
"will not receive any anti-virus or spam filtering. This may or may not be "
20879
21397
"the intended behavior you wish for a domain."
20880
21398
msgstr ""
20881
21399
20882
#: serverguide/C/mail.xml:1582(para)
21400
#: serverguide/C/mail.xml:1520(para)
20883
21401
msgid ""
20884
21402
"For <application>Postfix</application> integration, enter the following from "
20885
21403
"a terminal prompt:"
20886
21404
msgstr ""
20887
21405
20888
#: serverguide/C/mail.xml:1586(command)
21406
#: serverguide/C/mail.xml:1524(command)
20889
21407
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20890
21408
msgstr ""
20891
21409
20892
#: serverguide/C/mail.xml:1588(para)
21410
#: serverguide/C/mail.xml:1526(para)
20893
21411
msgid ""
20894
21412
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
20895
21413
"to the end of the file:"
20896
21414
msgstr ""
20897
21415
20898
#: serverguide/C/mail.xml:1591(programlisting)
21416
#: serverguide/C/mail.xml:1587(programlisting)
20899
21417
#, no-wrap
20900
21418
msgid ""
20901
21419
"\n"
20928
21446
"_milters\n"
20929
21447
msgstr ""
20930
21448
20931
#: serverguide/C/mail.xml:1618(para)
21449
#: serverguide/C/mail.xml:1556(para)
20932
21450
msgid ""
20933
21451
"Also add the following two lines immediately below the "
20934
21452
"<emphasis>\"pickup\"</emphasis> transport service:"
20935
21453
msgstr ""
20936
21454
20937
#: serverguide/C/mail.xml:1621(programlisting)
21455
#: serverguide/C/mail.xml:1559(programlisting)
20938
21456
#, no-wrap
20939
21457
msgid ""
20940
21458
"\n"
20942
21460
" -o receive_override_options=no_header_body_checks\n"
20943
21461
msgstr ""
20944
21462
20945
#: serverguide/C/mail.xml:1625(para)
21463
#: serverguide/C/mail.xml:1563(para)
20946
21464
msgid ""
20947
21465
"This will prevent messages that are generated to report on spam from being "
20948
21466
"classified as spam."
20949
21467
msgstr ""
20950
21468
20951
#: serverguide/C/mail.xml:1628(para)
21469
#: serverguide/C/mail.xml:1566(para)
20952
21470
msgid "Now restart <application>Postfix</application>:"
20953
21471
msgstr ""
20954
21472
20955
#: serverguide/C/mail.xml:1634(para)
21473
#: serverguide/C/mail.xml:1572(para)
20956
21474
msgid "Content filtering with spam and virus detection is now enabled."
20957
21475
msgstr ""
20958
21476
20959
#: serverguide/C/mail.xml:1640(title)
21477
#: serverguide/C/mail.xml:1578(title)
20960
21478
msgid "Amavisd-new and Spamassassin"
20961
21479
msgstr ""
20962
21480
20963
#: serverguide/C/mail.xml:1642(para)
21481
#: serverguide/C/mail.xml:1580(para)
20964
21482
msgid ""
20965
21483
"When integrating <application>Amavisd-new</application> with "
20966
21484
"<application>Spamassassin</application>, if you choose to disable the bayes "
20971
21489
"<application>cron</application> job."
20972
21490
msgstr ""
20973
21491
20974
#: serverguide/C/mail.xml:1649(para)
21492
#: serverguide/C/mail.xml:1587(para)
20975
21493
msgid "There are several ways to handle this situation:"
20976
21494
msgstr ""
20977
21495
20978
#: serverguide/C/mail.xml:1655(para)
21496
#: serverguide/C/mail.xml:1593(para)
20979
21497
msgid "Configure your MDA to filter messages you do not wish to see."
20980
21498
msgstr ""
20981
21499
20982
#: serverguide/C/mail.xml:1660(para)
21500
#: serverguide/C/mail.xml:1598(para)
20983
21501
msgid ""
20984
21502
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
20985
21503
"<emphasis>use_bayes 0</emphasis>. For example, edit "
20987
21505
"the top before the <emphasis>test</emphasis> statements:"
20988
21506
msgstr ""
20989
21507
20990
#: serverguide/C/mail.xml:1664(programlisting)
21508
#: serverguide/C/mail.xml:1602(programlisting)
20991
21509
#, no-wrap
20992
21510
msgid ""
20993
21511
"\n"
20995
21513
"exit 0\n"
20996
21514
msgstr ""
20997
21515
20998
#: serverguide/C/mail.xml:1674(para)
21516
#: serverguide/C/mail.xml:1612(para)
20999
21517
msgid ""
21000
21518
"First, test that the <application>Amavisd-new</application> SMTP is "
21001
21519
"listening:"
21002
21520
msgstr ""
21003
21521
21004
#: serverguide/C/mail.xml:1677(programlisting)
21522
#: serverguide/C/mail.xml:1615(programlisting)
21005
21523
#, no-wrap
21006
21524
msgid ""
21007
21525
"\n"
21013
21531
"^]\n"
21014
21532
msgstr ""
21015
21533
21016
#: serverguide/C/mail.xml:1685(para)
21534
#: serverguide/C/mail.xml:1623(para)
21017
21535
msgid ""
21018
21536
"In the Header of messages that go through the content filter you should see:"
21019
21537
msgstr ""
21020
21538
21021
#: serverguide/C/mail.xml:1688(programlisting)
21539
#: serverguide/C/mail.xml:1626(programlisting)
21022
21540
#, no-wrap
21023
21541
msgid ""
21024
21542
"\n"
21029
21547
"X-Spam-Level: \n"
21030
21548
msgstr ""
21031
21549
21032
#: serverguide/C/mail.xml:1695(para)
21550
#: serverguide/C/mail.xml:1633(para)
21033
21551
msgid ""
21034
21552
"Your output will vary, but the important thing is that there are <emphasis>X-"
21035
21553
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21036
21554
msgstr ""
21037
21555
21038
#: serverguide/C/mail.xml:1703(para)
21556
#: serverguide/C/mail.xml:1641(para)
21039
21557
msgid ""
21040
21558
"The best way to figure out why something is going wrong is to check the log "
21041
21559
"files."
21042
21560
msgstr ""
21043
21561
21044
#: serverguide/C/mail.xml:1708(para)
21562
#: serverguide/C/mail.xml:1646(para)
21045
21563
msgid ""
21046
21564
"For instructions on <application>Postfix</application> logging see the <xref "
21047
21565
"linkend=\"postfix-troubleshooting\"/> section."
21048
21566
msgstr ""
21049
21567
21050
#: serverguide/C/mail.xml:1714(para)
21568
#: serverguide/C/mail.xml:1652(para)
21051
21569
msgid ""
21052
21570
"<application>Amavisd-new</application> uses "
21053
21571
"<application>Syslog</application> to send messages to "
21057
21575
"1 to 5."
21058
21576
msgstr ""
21059
21577
21060
#: serverguide/C/mail.xml:1719(programlisting)
21578
#: serverguide/C/mail.xml:1657(programlisting)
21061
21579
#, no-wrap
21062
21580
msgid ""
21063
21581
"\n"
21064
21582
"$log_level = 2;\n"
21065
21583
msgstr ""
21066
21584
21067
#: serverguide/C/mail.xml:1723(para)
21585
#: serverguide/C/mail.xml:1661(para)
21068
21586
msgid ""
21069
21587
"When the <application>Amavisd-new</application> log output is increased "
21070
21588
"<application>Spamassassin</application> log output is also increased."
21071
21589
msgstr ""
21072
21590
21073
#: serverguide/C/mail.xml:1730(para)
21591
#: serverguide/C/mail.xml:1668(para)
21074
21592
msgid ""
21075
21593
"The <application>ClamAV</application> log level can be increased by editing "
21076
21594
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
21077
21595
msgstr ""
21078
21596
21079
#: serverguide/C/mail.xml:1734(programlisting)
21597
#: serverguide/C/mail.xml:1672(programlisting)
21080
21598
#, no-wrap
21081
21599
msgid ""
21082
21600
"\n"
21083
21601
"LogVerbose true\n"
21084
21602
msgstr ""
21085
21603
21086
#: serverguide/C/mail.xml:1737(para)
21604
#: serverguide/C/mail.xml:1675(para)
21087
21605
msgid ""
21088
21606
"By default <application>ClamAV</application> will send log messages to "
21089
21607
"<filename>/var/log/clamav/clamav.log</filename>."
21090
21608
msgstr ""
21091
21609
21092
#: serverguide/C/mail.xml:1743(para)
21610
#: serverguide/C/mail.xml:1681(para)
21093
21611
msgid ""
21094
21612
"After changing an applications log settings remember to restart the service "
21095
21613
"for the new settings to take affect. Also, once the issue you are "
21097
21615
"back to normal."
21098
21616
msgstr ""
21099
21617
21100
#: serverguide/C/mail.xml:1751(para)
21618
#: serverguide/C/mail.xml:1689(para)
21101
21619
msgid "For more information on filtering mail see the following links:"
21102
21620
msgstr ""
21103
21621
21104
#: serverguide/C/mail.xml:1757(ulink)
21622
#: serverguide/C/mail.xml:1695(ulink)
21105
21623
msgid "Amavisd-new Documentation"
21106
21624
msgstr ""
21107
21625
21108
#: serverguide/C/mail.xml:1761(para)
21626
#: serverguide/C/mail.xml:1699(para)
21109
21627
msgid ""
21110
21628
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21111
21629
"Documentation</ulink> and <ulink "
21112
21630
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21113
21631
msgstr ""
21114
21632
21115
#: serverguide/C/mail.xml:1768(ulink)
21633
#: serverguide/C/mail.xml:1706(ulink)
21116
21634
msgid "Spamassassin Wiki"
21117
21635
msgstr ""
21118
21636
21119
#: serverguide/C/mail.xml:1773(ulink)
21637
#: serverguide/C/mail.xml:1711(ulink)
21120
21638
msgid "Pyzor Homepage"
21121
21639
msgstr ""
21122
21640
21123
#: serverguide/C/mail.xml:1778(ulink)
21641
#: serverguide/C/mail.xml:1716(ulink)
21124
21642
msgid "Razor Homepage"
21125
21643
msgstr ""
21126
21644
21127
#: serverguide/C/mail.xml:1783(ulink)
21645
#: serverguide/C/mail.xml:1721(ulink)
21128
21646
msgid "DKIM.org"
21129
21647
msgstr ""
21130
21648
21131
#: serverguide/C/mail.xml:1788(ulink)
21649
#: serverguide/C/mail.xml:1726(ulink)
21132
21650
msgid "Postfix Amavis New"
21133
21651
msgstr ""
21134
21652
21135
#: serverguide/C/mail.xml:1792(para)
21653
#: serverguide/C/mail.xml:1730(para)
21136
21654
msgid ""
21137
21655
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21138
21656
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
21287
21805
msgstr ""
21288
21806
21289
21807
#: serverguide/C/lamp-applications.xml:144(command)
21290
msgid "sudo chown -R www-data.www-data mywiki"
21808
msgid "sudo chown -R www-data:www-data mywiki"
21291
21809
msgstr ""
21292
21810
21293
21811
#: serverguide/C/lamp-applications.xml:145(command)
21386
21904
"server:"
21387
21905
msgstr ""
21388
21906
21389
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1246(title)
21907
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
21390
21908
msgid "Verification"
21391
21909
msgstr ""
21392
21910
21463
21981
#: serverguide/C/lamp-applications.xml:301(para)
21464
21982
msgid ""
21465
21983
"The Apache configuration file <filename>mediawiki.conf</filename> for "
21466
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
21467
"directory. You should uncomment the following line in this file to access "
21468
"MediaWiki application."
21984
"<application>MediaWiki</application> is installed in "
21985
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
21986
"<application>MediaWiki</application>, uncomment the following line in the "
21987
"file."
21469
21988
msgstr ""
21470
21989
21471
21990
#: serverguide/C/lamp-applications.xml:309(screen)
21475
21994
"# Alias /mediawiki /var/lib/mediawiki\n"
21476
21995
msgstr ""
21477
21996
21478
#: serverguide/C/lamp-applications.xml:313(para)
21479
msgid ""
21480
"After you uncomment the above line, restart Apache server and access "
21481
"MediaWiki using the following url:"
21482
msgstr ""
21483
21484
#: serverguide/C/lamp-applications.xml:318(programlisting)
21485
#, no-wrap
21486
msgid ""
21487
"\n"
21488
"http://localhost/mediawiki/config/index.php\n"
21489
msgstr ""
21490
21491
#: serverguide/C/lamp-applications.xml:323(para)
21492
msgid ""
21493
"Please read the <quote>Checking environment...</quote> section in this page. "
21494
"You should be able to fix many issues by carefully reading this section."
21997
#: serverguide/C/lamp-applications.xml:312(para)
21998
msgid ""
21999
"The <application>MediaWiki</application> configuration also needs to be "
22000
"enabled."
22001
msgstr ""
22002
22003
#: serverguide/C/lamp-applications.xml:316(command)
22004
msgid "sudo a2enconf mediawiki.conf"
22005
msgstr ""
22006
22007
#: serverguide/C/lamp-applications.xml:319(para)
22008
msgid "Restart Apache server."
22009
msgstr ""
22010
22011
#: serverguide/C/lamp-applications.xml:326(para)
22012
msgid ""
22013
"Access <application>MediaWiki</application> by visiting <ulink "
22014
"url=\"http://localhost/mediawiki/mw-"
22015
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
22016
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
22017
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
22018
"config/index.php</ulink> if your server has no GUI.)"
22019
msgstr ""
22020
22021
#: serverguide/C/lamp-applications.xml:334(para)
22022
msgid ""
22023
"Please read the <quote>Environmental checks</quote> section of the "
22024
"configuration page. You should be able to fix many issues by carefully "
22025
"reading this section."
21495
22026
msgstr ""
21496
22027
21497
22028
#: serverguide/C/lamp-applications.xml:330(para)
21552
22083
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
21553
22084
msgstr ""
21554
22085
21555
#: serverguide/C/lamp-applications.xml:383(para)
22086
#: serverguide/C/lamp-applications.xml:394(para)
21556
22087
msgid ""
21557
22088
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
21558
22089
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
21597
22128
"<application>Apache2</application> for the web server."
21598
22129
msgstr ""
21599
22130
21600
#: serverguide/C/lamp-applications.xml:425(para)
22131
#: serverguide/C/lamp-applications.xml:436(para)
21601
22132
msgid ""
21602
22133
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
21603
22134
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
21691
22222
"Wiki</ulink> page."
21692
22223
msgstr ""
21693
22224
21694
#: serverguide/C/lamp-applications.xml:506(title)
22225
#: serverguide/C/lamp-applications.xml:517(title)
21695
22226
msgid "WordPress"
21696
22227
msgstr ""
21697
22228
21698
#: serverguide/C/lamp-applications.xml:507(para)
22229
#: serverguide/C/lamp-applications.xml:518(para)
21699
22230
msgid ""
21700
22231
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
21701
22232
"licensed under the GNU GPLv2."
21702
22233
msgstr ""
21703
22234
21704
#: serverguide/C/lamp-applications.xml:513(para)
22235
#: serverguide/C/lamp-applications.xml:524(para)
21705
22236
msgid ""
21706
22237
"To install <application>WordPress</application>, run the following comand in "
21707
22238
"the command prompt:"
21708
22239
msgstr ""
21709
22240
21710
#: serverguide/C/lamp-applications.xml:518(command)
22241
#: serverguide/C/lamp-applications.xml:529(command)
21711
22242
msgid "sudo apt-get install wordpress"
21712
22243
msgstr ""
21713
22244
21714
#: serverguide/C/lamp-applications.xml:521(para)
22245
#: serverguide/C/lamp-applications.xml:532(para)
21715
22246
msgid ""
21716
22247
"You should also install <application>apache2</application> web server and "
21717
22248
"<application>mysql</application> server. For installing "
21722
22253
"linkend=\"mysql\"/> section."
21723
22254
msgstr ""
21724
22255
21725
#: serverguide/C/lamp-applications.xml:535(para)
22256
#: serverguide/C/lamp-applications.xml:546(para)
21726
22257
msgid ""
21727
22258
"For configuring your first <application>WordPress</application> application, "
21728
22259
"configure an apache site. Open <filename>/etc/apache2/sites-"
21729
22260
"available/wordpress.conf</filename> and write the following lines:"
21730
22261
msgstr ""
21731
22262
21732
#: serverguide/C/lamp-applications.xml:542(programlisting)
22263
#: serverguide/C/lamp-applications.xml:553(programlisting)
21733
22264
#, no-wrap
21734
22265
msgid ""
21735
22266
"\n"
21749
22280
" "
21750
22281
msgstr ""
21751
22282
21752
#: serverguide/C/lamp-applications.xml:558(para)
22283
#: serverguide/C/lamp-applications.xml:569(para)
21753
22284
msgid "Enable this new <application>WordPress</application> site"
21754
22285
msgstr ""
21755
22286
21756
#: serverguide/C/lamp-applications.xml:561(command)
22287
#: serverguide/C/lamp-applications.xml:572(command)
21757
22288
msgid "sudo a2ensite wordpress"
21758
22289
msgstr ""
21759
22290
21760
#: serverguide/C/lamp-applications.xml:564(para)
22291
#: serverguide/C/lamp-applications.xml:575(para)
21761
22292
msgid ""
21762
22293
"Once you configure the <application>apache2</application> web server and "
21763
22294
"make it ready for your <application>WordPress</application> application, you "
21765
22296
"<application>apache2</application> web server:"
21766
22297
msgstr ""
21767
22298
21768
#: serverguide/C/lamp-applications.xml:576(para)
22299
#: serverguide/C/lamp-applications.xml:587(para)
21769
22300
msgid ""
21770
22301
"To facilitate multiple <application>WordPress</application> installations, "
21771
22302
"the name of this configuration file is based on the Host header of the HTTP "
21778
22309
"NAME_OF_YOUR_VIRTUAL_HOST.php."
21779
22310
msgstr ""
21780
22311
21781
#: serverguide/C/lamp-applications.xml:587(para)
22312
#: serverguide/C/lamp-applications.xml:598(para)
21782
22313
msgid ""
21783
22314
"Once the configuration file is written, it is up to you to choose a "
21784
22315
"convention for username and password to mysql for each "
21786
22317
"shows only one, localhost, example."
21787
22318
msgstr ""
21788
22319
21789
#: serverguide/C/lamp-applications.xml:594(para)
22320
#: serverguide/C/lamp-applications.xml:605(para)
21790
22321
msgid ""
21791
22322
"Now configure <application>WordPress</application> to use a mysql database. "
21792
22323
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
21793
22324
"the following lines:"
21794
22325
msgstr ""
21795
22326
21796
#: serverguide/C/lamp-applications.xml:600(programlisting)
22327
#: serverguide/C/lamp-applications.xml:611(programlisting)
21797
22328
#, no-wrap
21798
22329
msgid ""
21799
22330
"\n"
21806
22337
"?>\n"
21807
22338
msgstr ""
21808
22339
21809
#: serverguide/C/lamp-applications.xml:609(para)
22340
#: serverguide/C/lamp-applications.xml:620(para)
21810
22341
msgid ""
21811
22342
"Now create this mysql database. Open a temporary file with mysql commands "
21812
22343
"<filename>wordpress.sql</filename> and write the following lines:"
21813
22344
msgstr ""
21814
22345
21815
#: serverguide/C/lamp-applications.xml:612(programlisting)
22346
#: serverguide/C/lamp-applications.xml:623(programlisting)
21816
22347
#, no-wrap
21817
22348
msgid ""
21818
22349
"\n"
21824
22355
"FLUSH PRIVILEGES;\n"
21825
22356
msgstr ""
21826
22357
21827
#: serverguide/C/lamp-applications.xml:620(para)
22358
#: serverguide/C/lamp-applications.xml:631(para)
21828
22359
msgid "Execute these commands."
21829
22360
msgstr ""
21830
22361
21831
#: serverguide/C/lamp-applications.xml:622(command)
22362
#: serverguide/C/lamp-applications.xml:633(command)
21832
22363
msgid ""
21833
22364
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
21834
22365
msgstr ""
21835
22366
21836
#: serverguide/C/lamp-applications.xml:624(para)
22367
#: serverguide/C/lamp-applications.xml:635(para)
21837
22368
msgid ""
21838
22369
"Your new <application>WordPress</application> can now be configured by "
21839
22370
"visiting <ulink url=\"http://localhost/blog/wp-"
21846
22377
"mail and click Install WordPress."
21847
22378
msgstr ""
21848
22379
21849
#: serverguide/C/lamp-applications.xml:631(para)
22380
#: serverguide/C/lamp-applications.xml:642(para)
21850
22381
msgid ""
21851
22382
"Note the generated password (if applicable) and click the login password. "
21852
22383
"Your <application>WordPress</application> is now ready for use."
21853
22384
msgstr ""
21854
22385
21855
#: serverguide/C/lamp-applications.xml:641(ulink)
22386
#: serverguide/C/lamp-applications.xml:652(ulink)
21856
22387
msgid "WordPress.org Codex"
21857
22388
msgstr ""
21858
22389
21859
#: serverguide/C/lamp-applications.xml:646(ulink)
22390
#: serverguide/C/lamp-applications.xml:657(ulink)
21860
22391
msgid "Ubuntu Wiki WordPress"
21861
22392
msgstr ""
21862
22393
21951
22482
msgid "Install Type"
21952
22483
msgstr ""
21953
22484
21954
#: serverguide/C/installation.xml:36(para)
22485
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
21955
22486
msgid "CPU"
21956
22487
msgstr ""
21957
22488
21983
22514
msgid "512 megabytes"
21984
22515
msgstr ""
21985
22516
21986
#: serverguide/C/installation.xml:50(para)
22517
#: serverguide/C/installation.xml:51(para)
21987
22518
msgid "1 gigabyte"
21988
22519
msgstr ""
21989
22520
21995
22526
msgid "Server (Minimal)"
21996
22527
msgstr ""
21997
22528
21998
#: serverguide/C/installation.xml:55(para)
22529
#: serverguide/C/installation.xml:48(para)
21999
22530
msgid "300 megahertz"
22000
22531
msgstr ""
22001
22532
22011
22542
msgid "1.4 gigabytes"
22012
22543
msgstr ""
22013
22544
22014
#: serverguide/C/installation.xml:64(para)
22545
#: serverguide/C/installation.xml:56(para)
22015
22546
msgid ""
22016
22547
"The Server Edition provides a common base for all sorts of server "
22017
22548
"applications. It is a minimalist design providing a platform for the desired "
22018
22549
"services, such as file/print services, web hosting, email hosting, etc."
22019
22550
msgstr ""
22020
22551
22021
#: serverguide/C/installation.xml:72(title)
22552
#: serverguide/C/installation.xml:70(title)
22022
22553
msgid "Server and Desktop Differences"
22023
22554
msgstr ""
22024
22555
22025
#: serverguide/C/installation.xml:73(para)
22556
#: serverguide/C/installation.xml:71(para)
22026
22557
msgid ""
22027
22558
"There are a few differences between the <emphasis>Ubuntu Server "
22028
22559
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
22038
22569
"environment in the Server Edition and the installation process."
22039
22570
msgstr ""
22040
22571
22041
#: serverguide/C/installation.xml:86(title)
22572
#: serverguide/C/installation.xml:84(title)
22042
22573
msgid "Kernel Differences:"
22043
22574
msgstr ""
22044
22575
22045
#: serverguide/C/installation.xml:87(para)
22576
#: serverguide/C/installation.xml:85(para)
22046
22577
msgid ""
22047
22578
"Ubuntu version 10.10 and prior, actually had different kernels for the "
22048
22579
"server and desktop editions. Ubuntu no longer has separate -server and -"
22050
22581
"flavor to help reduce the maintenance burden over the life of the release."
22051
22582
msgstr ""
22052
22583
22053
#: serverguide/C/installation.xml:92(para)
22584
#: serverguide/C/installation.xml:90(para)
22054
22585
msgid ""
22055
22586
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
22056
22587
"limited by memory addressing space."
22064
22595
"great resource on the options available."
22065
22596
msgstr ""
22066
22597
22067
#: serverguide/C/installation.xml:106(title)
22598
#: serverguide/C/installation.xml:104(title)
22068
22599
msgid "Backing Up"
22069
22600
msgstr ""
22070
22601
22071
#: serverguide/C/installation.xml:109(para)
22602
#: serverguide/C/installation.xml:107(para)
22072
22603
msgid ""
22073
22604
"Before installing <application>Ubuntu Server Edition</application> you "
22074
22605
"should make sure all data on the system is backed up. See <xref "
22075
22606
"linkend=\"backups\"/> for backup options."
22076
22607
msgstr ""
22077
22608
22078
#: serverguide/C/installation.xml:113(para)
22609
#: serverguide/C/installation.xml:111(para)
22079
22610
msgid ""
22080
22611
"If this is not the first time an operating system has been installed on your "
22081
22612
"computer, it is likely you will need to re-partition your disk to make room "
22082
22613
"for Ubuntu."
22083
22614
msgstr ""
22084
22615
22085
#: serverguide/C/installation.xml:117(para)
22616
#: serverguide/C/installation.xml:115(para)
22086
22617
msgid ""
22087
22618
"Any time you partition your disk, you should be prepared to lose everything "
22088
22619
"on the disk should you make a mistake or something goes wrong during "
22090
22621
"have seen years of use, but they also perform destructive actions."
22091
22622
msgstr ""
22092
22623
22093
#: serverguide/C/installation.xml:129(title)
22624
#: serverguide/C/installation.xml:127(title)
22094
22625
msgid "Installing from CD"
22095
22626
msgstr ""
22096
22627
22097
#: serverguide/C/installation.xml:130(para)
22628
#: serverguide/C/installation.xml:128(para)
22098
22629
msgid ""
22099
22630
"The basic steps to install Ubuntu Server Edition from CD are the same as "
22100
22631
"those for installing any operating system from CD. Unlike the "
22103
22634
"Server Edition uses a console menu based process instead."
22104
22635
msgstr ""
22105
22636
22106
#: serverguide/C/installation.xml:137(para)
22637
#: serverguide/C/installation.xml:135(para)
22107
22638
msgid ""
22108
22639
"First, download and burn the appropriate ISO file from the <ulink "
22109
22640
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
22110
22641
"site</ulink>."
22111
22642
msgstr ""
22112
22643
22113
#: serverguide/C/installation.xml:143(para)
22644
#: serverguide/C/installation.xml:141(para)
22114
22645
msgid "Boot the system from the CD-ROM drive."
22115
22646
msgstr ""
22116
22647
22117
#: serverguide/C/installation.xml:148(para)
22648
#: serverguide/C/installation.xml:146(para)
22118
22649
msgid "At the boot prompt you will be asked to select a language."
22119
22650
msgstr ""
22120
22651
22121
#: serverguide/C/installation.xml:153(para)
22652
#: serverguide/C/installation.xml:151(para)
22122
22653
msgid ""
22123
22654
"From the main boot menu there are some additional options to install Ubuntu "
22124
22655
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
22127
22658
"install."
22128
22659
msgstr ""
22129
22660
22130
#: serverguide/C/installation.xml:160(para)
22661
#: serverguide/C/installation.xml:158(para)
22131
22662
msgid ""
22132
22663
"The installer asks for which language it should use. Afterwards, you are "
22133
22664
"asked to select your location."
22134
22665
msgstr ""
22135
22666
22136
#: serverguide/C/installation.xml:166(para)
22667
#: serverguide/C/installation.xml:164(para)
22137
22668
msgid ""
22138
22669
"Next, the installation process begins by asking for your keyboard layout. "
22139
22670
"You can ask the installer to attempt auto-detecting it, or you can select it "
22140
22671
"manually from a list."
22141
22672
msgstr ""
22142
22673
22143
#: serverguide/C/installation.xml:172(para)
22674
#: serverguide/C/installation.xml:170(para)
22144
22675
msgid ""
22145
22676
"The installer then discovers your hardware configuration, and configures the "
22146
22677
"network settings using DHCP. If you do not wish to use DHCP at the next "
22152
22683
msgid "Next, the installer asks for the system's hostname."
22153
22684
msgstr ""
22154
22685
22155
#: serverguide/C/installation.xml:184(para)
22686
#: serverguide/C/installation.xml:195(para)
22156
22687
msgid ""
22157
22688
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22158
22689
"through the <application>sudo</application> utility."
22159
22690
msgstr ""
22160
22691
22161
#: serverguide/C/installation.xml:190(para)
22692
#: serverguide/C/installation.xml:201(para)
22162
22693
msgid ""
22163
22694
"After the user settings have been completed, you will be asked to encrypt "
22164
22695
"your <filename role=\"directory\">home</filename> directory."
22168
22699
msgid "Next, the installer asks for the system's Time Zone."
22169
22700
msgstr ""
22170
22701
22171
#: serverguide/C/installation.xml:201(para)
22702
#: serverguide/C/installation.xml:182(para)
22172
22703
msgid ""
22173
22704
"You can then choose from several options to configure the hard drive layout. "
22174
22705
"Afterwards you are asked for which disk to install to. You may get "
22178
22709
"linkend=\"advanced-installation\"/>."
22179
22710
msgstr ""
22180
22711
22181
#: serverguide/C/installation.xml:209(para)
22712
#: serverguide/C/installation.xml:190(para)
22182
22713
msgid "The Ubuntu base system is then installed."
22183
22714
msgstr ""
22184
22715
22185
#: serverguide/C/installation.xml:214(para)
22716
#: serverguide/C/installation.xml:207(para)
22186
22717
msgid ""
22187
22718
"The next step in the installation process is to decide how you want to "
22188
22719
"update the system. There are three options:"
22189
22720
msgstr ""
22190
22721
22191
#: serverguide/C/installation.xml:220(para)
22722
#: serverguide/C/installation.xml:213(para)
22192
22723
msgid ""
22193
22724
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
22194
22725
"log into the machine and manually install updates."
22195
22726
msgstr ""
22196
22727
22197
#: serverguide/C/installation.xml:226(para)
22728
#: serverguide/C/installation.xml:219(para)
22198
22729
msgid ""
22199
22730
"<emphasis>Install security updates automatically</emphasis>: this will "
22200
22731
"install the <application>unattended-upgrades</application> package, which "
22202
22733
"For more details see <xref linkend=\"automatic-updates\"/>."
22203
22734
msgstr ""
22204
22735
22205
#: serverguide/C/installation.xml:233(para)
22736
#: serverguide/C/installation.xml:226(para)
22206
22737
msgid ""
22207
22738
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
22208
22739
"service provided by Canonical to help manage your Ubuntu machines. See the "
22210
22741
"site for details."
22211
22742
msgstr ""
22212
22743
22213
#: serverguide/C/installation.xml:242(para)
22744
#: serverguide/C/installation.xml:235(para)
22214
22745
msgid ""
22215
22746
"You now have the option to install, or not install, several package tasks. "
22216
22747
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
22218
22749
"install. For more information see <xref linkend=\"aptitude\"/>."
22219
22750
msgstr ""
22220
22751
22221
#: serverguide/C/installation.xml:250(para)
22752
#: serverguide/C/installation.xml:243(para)
22222
22753
msgid "Finally, the last step before rebooting is to set the clock to UTC."
22223
22754
msgstr ""
22224
22755
22225
#: serverguide/C/installation.xml:256(para)
22756
#: serverguide/C/installation.xml:249(para)
22226
22757
msgid ""
22227
22758
"If at any point during installation you are not satisfied by the default "
22228
22759
"setting, use the \"Go Back\" function at any prompt to be brought to a "
22230
22761
"settings."
22231
22762
msgstr ""
22232
22763
22233
#: serverguide/C/installation.xml:261(para)
22764
#: serverguide/C/installation.xml:254(para)
22234
22765
msgid ""
22235
22766
"At some point during the installation process you may want to read the help "
22236
22767
"screen provided by the installation system. To do this, press F1."
22243
22774
"Installation Guide</ulink>."
22244
22775
msgstr ""
22245
22776
22246
#: serverguide/C/installation.xml:272(title)
22777
#: serverguide/C/installation.xml:265(title)
22247
22778
msgid "Package Tasks"
22248
22779
msgstr ""
22249
22780
22250
#: serverguide/C/installation.xml:273(para)
22781
#: serverguide/C/installation.xml:266(para)
22251
22782
msgid ""
22252
22783
"During the Server Edition installation you have the option of installing "
22253
22784
"additional packages from the CD. The packages are grouped by the type of "
22254
22785
"service they provide."
22255
22786
msgstr ""
22256
22787
22257
#: serverguide/C/installation.xml:279(para)
22788
#: serverguide/C/installation.xml:272(para)
22258
22789
msgid "DNS server: Selects the BIND DNS server and its documentation."
22259
22790
msgstr ""
22260
22791
22261
#: serverguide/C/installation.xml:284(para)
22792
#: serverguide/C/installation.xml:277(para)
22262
22793
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
22263
22794
msgstr ""
22264
22795
22265
#: serverguide/C/installation.xml:289(para)
22796
#: serverguide/C/installation.xml:282(para)
22266
22797
msgid ""
22267
22798
"Mail server: This task selects a variety of packages useful for a general "
22268
22799
"purpose mail server system."
22269
22800
msgstr ""
22270
22801
22271
#: serverguide/C/installation.xml:294(para)
22802
#: serverguide/C/installation.xml:287(para)
22272
22803
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
22273
22804
msgstr ""
22274
22805
22275
#: serverguide/C/installation.xml:299(para)
22806
#: serverguide/C/installation.xml:292(para)
22276
22807
msgid ""
22277
22808
"PostgreSQL database: This task selects client and server packages for the "
22278
22809
"PostgreSQL database."
22279
22810
msgstr ""
22280
22811
22281
#: serverguide/C/installation.xml:304(para)
22812
#: serverguide/C/installation.xml:297(para)
22282
22813
msgid "Print server: This task sets up your system to be a print server."
22283
22814
msgstr ""
22284
22815
22285
#: serverguide/C/installation.xml:309(para)
22816
#: serverguide/C/installation.xml:302(para)
22286
22817
msgid ""
22287
22818
"Samba File server: This task sets up your system to be a Samba file server, "
22288
22819
"which is especially suitable in networks with both Windows and Linux systems."
22289
22820
msgstr ""
22290
22821
22291
#: serverguide/C/installation.xml:315(para)
22822
#: serverguide/C/installation.xml:308(para)
22292
22823
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
22293
22824
msgstr ""
22294
22825
22295
#: serverguide/C/installation.xml:320(para)
22826
#: serverguide/C/installation.xml:313(para)
22296
22827
msgid ""
22297
22828
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
22298
22829
msgstr ""
22299
22830
22300
#: serverguide/C/installation.xml:325(para)
22831
#: serverguide/C/installation.xml:318(para)
22301
22832
msgid ""
22302
22833
"Manually select packages: Executes <application>aptitude</application> "
22303
22834
"allowing you to individually select packages."
22304
22835
msgstr ""
22305
22836
22306
#: serverguide/C/installation.xml:330(para)
22837
#: serverguide/C/installation.xml:323(para)
22307
22838
msgid ""
22308
22839
"Installing the package groups is accomplished using the "
22309
22840
"<application>tasksel</application> utility. One of the important differences "
22314
22845
"a fully integrated service."
22315
22846
msgstr ""
22316
22847
22317
#: serverguide/C/installation.xml:337(para)
22848
#: serverguide/C/installation.xml:330(para)
22318
22849
msgid ""
22319
22850
"Once the installation process has finished you can view a list of available "
22320
22851
"tasks by entering the following from a terminal prompt:"
22321
22852
msgstr ""
22322
22853
22323
#: serverguide/C/installation.xml:342(command)
22854
#: serverguide/C/installation.xml:335(command)
22324
22855
msgid "tasksel --list-tasks"
22325
22856
msgstr ""
22326
22857
22327
#: serverguide/C/installation.xml:345(para)
22858
#: serverguide/C/installation.xml:338(para)
22328
22859
msgid ""
22329
22860
"The output will list tasks from other Ubuntu based distributions such as "
22330
22861
"Kubuntu and Edubuntu. Note that you can also invoke the "
22332
22863
"the different tasks available."
22333
22864
msgstr ""
22334
22865
22335
#: serverguide/C/installation.xml:351(para)
22866
#: serverguide/C/installation.xml:344(para)
22336
22867
msgid ""
22337
22868
"You can view a list of which packages are installed with each task using the "
22338
22869
"<emphasis>--task-packages</emphasis> option. For example, to list the "
22340
22871
"following:"
22341
22872
msgstr ""
22342
22873
22343
#: serverguide/C/installation.xml:356(command)
22874
#: serverguide/C/installation.xml:349(command)
22344
22875
msgid "tasksel --task-packages dns-server"
22345
22876
msgstr ""
22346
22877
22347
#: serverguide/C/installation.xml:358(para)
22878
#: serverguide/C/installation.xml:351(para)
22348
22879
msgid "The output of the command should list:"
22349
22880
msgstr ""
22350
22881
22351
#: serverguide/C/installation.xml:361(programlisting)
22882
#: serverguide/C/installation.xml:354(programlisting)
22352
22883
#, no-wrap
22353
22884
msgid ""
22354
22885
"\n"
22357
22888
"bind9\n"
22358
22889
msgstr ""
22359
22890
22360
#: serverguide/C/installation.xml:366(para)
22891
#: serverguide/C/installation.xml:359(para)
22361
22892
msgid ""
22362
22893
"If you did not install one of the tasks during the installation process, but "
22363
22894
"for example you decide to make your new LAMP server a DNS server as well, "
22364
22895
"simply insert the installation CD and from a terminal:"
22365
22896
msgstr ""
22366
22897
22367
#: serverguide/C/installation.xml:371(command)
22898
#: serverguide/C/installation.xml:364(command)
22368
22899
msgid "sudo tasksel install dns-server"
22369
22900
msgstr ""
22370
22901
22371
#: serverguide/C/installation.xml:376(title)
22902
#: serverguide/C/installation.xml:369(title)
22372
22903
msgid "Upgrading"
22373
22904
msgstr ""
22374
22905
22375
#: serverguide/C/installation.xml:377(para)
22906
#: serverguide/C/installation.xml:370(para)
22376
22907
msgid ""
22377
22908
"There are several ways to upgrade from one Ubuntu release to another. This "
22378
22909
"section gives an overview of the recommended upgrade method."
22379
22910
msgstr ""
22380
22911
22381
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
22912
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
22382
22913
msgid "do-release-upgrade"
22383
22914
msgstr ""
22384
22915
22385
#: serverguide/C/installation.xml:382(para)
22916
#: serverguide/C/installation.xml:375(para)
22386
22917
msgid ""
22387
22918
"The recommended way to upgrade a Server Edition installation is to use the "
22388
22919
"<application>do-release-upgrade</application> utility. Part of the "
22390
22921
"graphical dependencies and is installed by default."
22391
22922
msgstr ""
22392
22923
22393
#: serverguide/C/installation.xml:387(para)
22924
#: serverguide/C/installation.xml:380(para)
22394
22925
msgid ""
22395
22926
"Debian based systems can also be upgraded by using <command>apt-get dist-"
22396
22927
"upgrade</command>. However, using <application>do-release-"
22398
22929
"system configuration changes sometimes needed between releases."
22399
22930
msgstr ""
22400
22931
22401
#: serverguide/C/installation.xml:392(para)
22932
#: serverguide/C/installation.xml:385(para)
22402
22933
msgid "To upgrade to a newer release, from a terminal prompt enter:"
22403
22934
msgstr ""
22404
22935
22405
#: serverguide/C/installation.xml:398(para)
22936
#: serverguide/C/installation.xml:391(para)
22406
22937
msgid ""
22407
22938
"It is also possible to use <application>do-release-upgrade</application> to "
22408
22939
"upgrade to a development version of Ubuntu. To accomplish this use the "
22409
22940
"<emphasis>-d</emphasis> switch:"
22410
22941
msgstr ""
22411
22942
22412
#: serverguide/C/installation.xml:403(command)
22943
#: serverguide/C/installation.xml:396(command)
22413
22944
msgid "do-release-upgrade -d"
22414
22945
msgstr ""
22415
22946
22416
#: serverguide/C/installation.xml:406(para)
22947
#: serverguide/C/installation.xml:399(para)
22417
22948
msgid ""
22418
22949
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
22419
22950
"for production environments."
22420
22951
msgstr ""
22421
22952
22422
#: serverguide/C/installation.xml:413(title)
22953
#: serverguide/C/installation.xml:406(title)
22423
22954
msgid "Advanced Installation"
22424
22955
msgstr ""
22425
22956
22426
#: serverguide/C/installation.xml:416(title)
22957
#: serverguide/C/installation.xml:409(title)
22427
22958
msgid "Software RAID"
22428
22959
msgstr ""
22429
22960
22430
#: serverguide/C/installation.xml:418(para)
22961
#: serverguide/C/installation.xml:411(para)
22431
22962
msgid ""
22432
22963
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
22433
22964
"disks to provide different balances of increasing data reliability and/or "
22438
22969
"the drives 'invisibly')."
22439
22970
msgstr ""
22440
22971
22441
#: serverguide/C/installation.xml:426(para)
22972
#: serverguide/C/installation.xml:419(para)
22442
22973
msgid ""
22443
22974
"The RAID software included with current versions of Linux (and Ubuntu) is "
22444
22975
"based on the <application>'mdadm'</application> driver and works very well, "
22448
22979
"another for <emphasis>swap</emphasis>."
22449
22980
msgstr ""
22450
22981
22451
#: serverguide/C/installation.xml:434(title)
22982
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
22452
22983
msgid "Partitioning"
22453
22984
msgstr ""
22454
22985
22455
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
22986
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
22456
22987
msgid ""
22457
22988
"Follow the installation steps until you get to the <emphasis>Partition "
22458
22989
"disks</emphasis> step, then:"
22459
22990
msgstr ""
22460
22991
22992
#: serverguide/C/installation.xml:436(para)
22993
msgid "Select <emphasis>Manual</emphasis> as the partition method."
22994
msgstr ""
22995
22461
22996
#: serverguide/C/installation.xml:443(para)
22462
msgid "Select <emphasis>Manual</emphasis> as the partition method."
22463
msgstr ""
22464
22465
#: serverguide/C/installation.xml:450(para)
22466
22997
msgid ""
22467
22998
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
22468
22999
"partition table on this device?\"</emphasis>."
22469
23000
msgstr ""
22470
23001
23002
#: serverguide/C/installation.xml:447(para)
23003
msgid ""
23004
"Repeat this step for each drive you wish to be part of the RAID array."
23005
msgstr ""
23006
22471
23007
#: serverguide/C/installation.xml:454(para)
22472
23008
msgid ""
22473
"Repeat this step for each drive you wish to be part of the RAID array."
22474
msgstr ""
22475
22476
#: serverguide/C/installation.xml:461(para)
22477
msgid ""
22478
23009
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
22479
23010
"select <emphasis>\"Create a new partition\"</emphasis>."
22480
23011
msgstr ""
22481
23012
22482
#: serverguide/C/installation.xml:468(para)
23013
#: serverguide/C/installation.xml:461(para)
22483
23014
msgid ""
22484
23015
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
22485
23016
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
22487
23018
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
22488
23019
msgstr ""
22489
23020
22490
#: serverguide/C/installation.xml:475(para)
23021
#: serverguide/C/installation.xml:468(para)
22491
23022
msgid ""
22492
23023
"A swap partition size of twice the available RAM capacity may not always be "
22493
23024
"desirable, especially on systems with large amounts of RAM. Calculating the "
22495
23026
"going to be used."
22496
23027
msgstr ""
22497
23028
22498
#: serverguide/C/installation.xml:484(para)
23029
#: serverguide/C/installation.xml:477(para)
22499
23030
msgid ""
22500
23031
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
22501
23032
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
22503
23034
"<emphasis>\"Done setting up partition\"</emphasis>."
22504
23035
msgstr ""
22505
23036
22506
#: serverguide/C/installation.xml:493(para)
23037
#: serverguide/C/installation.xml:486(para)
22507
23038
msgid ""
22508
23039
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
22509
23040
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
22510
23041
"partition\"</emphasis>."
22511
23042
msgstr ""
22512
23043
22513
#: serverguide/C/installation.xml:501(para)
23044
#: serverguide/C/installation.xml:494(para)
22514
23045
msgid ""
22515
23046
"Use the rest of the free space on the drive and choose "
22516
23047
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
22517
23048
msgstr ""
22518
23049
22519
#: serverguide/C/installation.xml:508(para)
23050
#: serverguide/C/installation.xml:501(para)
22520
23051
msgid ""
22521
23052
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
22522
23053
"at the top, changing it to <emphasis>\"physical volume for "
22525
23056
"<emphasis>\"Done setting up partition\"</emphasis>."
22526
23057
msgstr ""
22527
23058
22528
#: serverguide/C/installation.xml:518(para)
23059
#: serverguide/C/installation.xml:511(para)
22529
23060
msgid "Repeat steps three through eight for the other disk and partitions."
22530
23061
msgstr ""
22531
23062
22532
#: serverguide/C/installation.xml:527(title)
23063
#: serverguide/C/installation.xml:520(title)
22533
23064
msgid "RAID Configuration"
22534
23065
msgstr ""
22535
23066
23067
#: serverguide/C/installation.xml:522(para)
23068
msgid "With the partitions setup the arrays are ready to be configured:"
23069
msgstr ""
23070
22536
23071
#: serverguide/C/installation.xml:529(para)
22537
msgid "With the partitions setup the arrays are ready to be configured:"
22538
msgstr ""
22539
22540
#: serverguide/C/installation.xml:536(para)
22541
23072
msgid ""
22542
23073
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
22543
23074
"Software RAID\"</emphasis> at the top."
22544
23075
msgstr ""
22545
23076
23077
#: serverguide/C/installation.xml:536(para)
23078
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23079
msgstr ""
23080
22546
23081
#: serverguide/C/installation.xml:543(para)
22547
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23082
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22548
23083
msgstr ""
22549
23084
22550
23085
#: serverguide/C/installation.xml:550(para)
22551
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22552
msgstr ""
22553
22554
#: serverguide/C/installation.xml:557(para)
22555
23086
msgid ""
22556
23087
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
22557
23088
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
22558
23089
msgstr ""
22559
23090
22560
#: serverguide/C/installation.xml:563(para)
23091
#: serverguide/C/installation.xml:556(para)
22561
23092
msgid ""
22562
23093
"In order to use <emphasis>RAID5</emphasis> you need at least "
22563
23094
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
22564
23095
"<emphasis>two</emphasis> drives are required."
22565
23096
msgstr ""
22566
23097
22567
#: serverguide/C/installation.xml:572(para)
23098
#: serverguide/C/installation.xml:565(para)
22568
23099
msgid ""
22569
23100
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
22570
23101
"of hard drives you have, for the array. Then select "
22571
23102
"<emphasis>\"Continue\"</emphasis>."
22572
23103
msgstr ""
22573
23104
22574
#: serverguide/C/installation.xml:580(para)
23105
#: serverguide/C/installation.xml:573(para)
22575
23106
msgid ""
22576
23107
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
22577
23108
"default, then choose <emphasis>\"Continue\"</emphasis>."
22578
23109
msgstr ""
22579
23110
22580
#: serverguide/C/installation.xml:587(para)
23111
#: serverguide/C/installation.xml:580(para)
22581
23112
msgid ""
22582
23113
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22583
23114
"etc. The numbers will usually match and the different letters correspond to "
22584
23115
"different hard drives."
22585
23116
msgstr ""
22586
23117
22587
#: serverguide/C/installation.xml:592(para)
23118
#: serverguide/C/installation.xml:585(para)
22588
23119
msgid ""
22589
23120
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22590
23121
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22591
23122
"go to the next step."
22592
23123
msgstr ""
22593
23124
22594
#: serverguide/C/installation.xml:600(para)
23125
#: serverguide/C/installation.xml:593(para)
22595
23126
msgid ""
22596
23127
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22597
23128
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22598
23129
"and <emphasis>sdb2</emphasis>."
22599
23130
msgstr ""
22600
23131
22601
#: serverguide/C/installation.xml:608(para)
23132
#: serverguide/C/installation.xml:601(para)
22602
23133
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22603
23134
msgstr ""
22604
23135
22605
#: serverguide/C/installation.xml:618(title)
23136
#: serverguide/C/installation.xml:611(title)
22606
23137
msgid "Formatting"
22607
23138
msgstr ""
22608
23139
22609
#: serverguide/C/installation.xml:620(para)
23140
#: serverguide/C/installation.xml:613(para)
22610
23141
msgid ""
22611
23142
"There should now be a list of hard drives and RAID devices. The next step is "
22612
23143
"to format and set the mount point for the RAID devices. Treat the RAID "
22613
23144
"device as a local hard drive, format and mount accordingly."
22614
23145
msgstr ""
22615
23146
22616
#: serverguide/C/installation.xml:628(para)
23147
#: serverguide/C/installation.xml:621(para)
22617
23148
msgid ""
22618
23149
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22619
23150
"#0\"</emphasis> partition."
22620
23151
msgstr ""
22621
23152
22622
#: serverguide/C/installation.xml:635(para)
23153
#: serverguide/C/installation.xml:628(para)
22623
23154
msgid ""
22624
23155
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22625
23156
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22626
23157
msgstr ""
22627
23158
22628
#: serverguide/C/installation.xml:643(para)
23159
#: serverguide/C/installation.xml:636(para)
22629
23160
msgid ""
22630
23161
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22631
23162
"#1\"</emphasis> partition."
22632
23163
msgstr ""
22633
23164
22634
#: serverguide/C/installation.xml:650(para)
23165
#: serverguide/C/installation.xml:643(para)
22635
23166
msgid ""
22636
23167
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22637
23168
"journaling file system\"</emphasis>."
22638
23169
msgstr ""
22639
23170
22640
#: serverguide/C/installation.xml:657(para)
23171
#: serverguide/C/installation.xml:650(para)
22641
23172
msgid ""
22642
23173
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22643
23174
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22645
23176
"partition\"</emphasis>."
22646
23177
msgstr ""
22647
23178
23179
#: serverguide/C/installation.xml:658(para)
23180
msgid ""
23181
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23182
"disk\"</emphasis>."
23183
msgstr ""
23184
22648
23185
#: serverguide/C/installation.xml:665(para)
22649
23186
msgid ""
22650
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22651
"disk\"</emphasis>."
22652
msgstr ""
22653
22654
#: serverguide/C/installation.xml:672(para)
22655
msgid ""
22656
23187
"If you choose to place the root partition on a RAID array, the installer "
22657
23188
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
22658
23189
"state. See <xref linkend=\"raid-degraded\"/> for further details."
22659
23190
msgstr ""
22660
23191
22661
#: serverguide/C/installation.xml:677(para)
23192
#: serverguide/C/installation.xml:670(para)
22662
23193
msgid "The installation process will then continue normally."
22663
23194
msgstr ""
22664
23195
22665
#: serverguide/C/installation.xml:683(title)
23196
#: serverguide/C/installation.xml:676(title)
22666
23197
msgid "Degraded RAID"
22667
23198
msgstr ""
22668
23199
22669
#: serverguide/C/installation.xml:685(para)
23200
#: serverguide/C/installation.xml:678(para)
22670
23201
msgid ""
22671
23202
"At some point in the life of the computer a disk failure event may occur. "
22672
23203
"When this happens, using Software RAID, the operating system will place the "
22673
23204
"array into what is known as a <emphasis>degraded</emphasis> state."
22674
23205
msgstr ""
22675
23206
22676
#: serverguide/C/installation.xml:690(para)
23207
#: serverguide/C/installation.xml:683(para)
22677
23208
msgid ""
22678
23209
"If the array has become degraded, due to the chance of data corruption, by "
22679
23210
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
22684
23215
"Booting to a degraded array can be configured several ways:"
22685
23216
msgstr ""
22686
23217
22687
#: serverguide/C/installation.xml:701(para)
23218
#: serverguide/C/installation.xml:694(para)
22688
23219
msgid ""
22689
23220
"The <application>dpkg-reconfigure</application> utility can be used to "
22690
23221
"configure the default behavior, and during the process you will be queried "
22693
23224
"following:"
22694
23225
msgstr ""
22695
23226
22696
#: serverguide/C/installation.xml:708(command)
23227
#: serverguide/C/installation.xml:701(command)
22697
23228
msgid "sudo dpkg-reconfigure mdadm"
22698
23229
msgstr ""
22699
23230
22700
#: serverguide/C/installation.xml:714(para)
23231
#: serverguide/C/installation.xml:707(para)
22701
23232
msgid ""
22702
23233
"The <command>dpkg-reconfigure mdadm</command> process will change the "
22703
23234
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
22705
23236
"behavior, and can also be manually edited:"
22706
23237
msgstr ""
22707
23238
22708
#: serverguide/C/installation.xml:720(programlisting)
23239
#: serverguide/C/installation.xml:713(programlisting)
22709
23240
#, no-wrap
22710
23241
msgid ""
22711
23242
"\n"
22712
23243
"BOOT_DEGRADED=true\n"
22713
23244
msgstr ""
22714
23245
22715
#: serverguide/C/installation.xml:725(para)
23246
#: serverguide/C/installation.xml:718(para)
22716
23247
msgid "The configuration file can be overridden by using a Kernel argument."
22717
23248
msgstr ""
22718
23249
22719
#: serverguide/C/installation.xml:733(para)
23250
#: serverguide/C/installation.xml:726(para)
22720
23251
msgid ""
22721
23252
"Using a Kernel argument will allow the system to boot to a degraded array as "
22722
23253
"well:"
22723
23254
msgstr ""
22724
23255
22725
#: serverguide/C/installation.xml:739(para)
23256
#: serverguide/C/installation.xml:732(para)
22726
23257
msgid ""
22727
23258
"When the server is booting press <keycap>Shift</keycap> to open the "
22728
23259
"<application>Grub</application> menu."
22729
23260
msgstr ""
22730
23261
22731
#: serverguide/C/installation.xml:744(para)
23262
#: serverguide/C/installation.xml:737(para)
22732
23263
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22733
23264
msgstr ""
22734
23265
22735
#: serverguide/C/installation.xml:749(para)
23266
#: serverguide/C/installation.xml:742(para)
22736
23267
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22737
23268
msgstr ""
22738
23269
22739
#: serverguide/C/installation.xml:754(para)
23270
#: serverguide/C/installation.xml:747(para)
22740
23271
msgid ""
22741
23272
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22742
23273
"end of the line."
22743
23274
msgstr ""
22744
23275
22745
#: serverguide/C/installation.xml:759(para)
23276
#: serverguide/C/installation.xml:752(para)
22746
23277
msgid ""
22747
23278
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22748
23279
"the system."
22749
23280
msgstr ""
22750
23281
22751
#: serverguide/C/installation.xml:768(para)
23282
#: serverguide/C/installation.xml:761(para)
22752
23283
msgid ""
22753
23284
"Once the system has booted you can either repair the array see <xref "
22754
23285
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22755
23286
"another machine due to major hardware failure."
22756
23287
msgstr ""
22757
23288
22758
#: serverguide/C/installation.xml:775(title)
23289
#: serverguide/C/installation.xml:768(title)
22759
23290
msgid "RAID Maintenance"
22760
23291
msgstr ""
22761
23292
22762
#: serverguide/C/installation.xml:777(para)
23293
#: serverguide/C/installation.xml:770(para)
22763
23294
msgid ""
22764
23295
"The <application>mdadm</application> utility can be used to view the status "
22765
23296
"of an array, add disks to an array, remove disks, etc:"
22766
23297
msgstr ""
22767
23298
22768
#: serverguide/C/installation.xml:784(para)
23299
#: serverguide/C/installation.xml:777(para)
22769
23300
msgid "To view the status of an array, from a terminal prompt enter:"
22770
23301
msgstr ""
22771
23302
22772
#: serverguide/C/installation.xml:788(command)
23303
#: serverguide/C/installation.xml:781(command)
22773
23304
msgid "sudo mdadm -D /dev/md0"
22774
23305
msgstr ""
22775
23306
22776
#: serverguide/C/installation.xml:791(para)
23307
#: serverguide/C/installation.xml:784(para)
22777
23308
msgid ""
22778
23309
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22779
23310
"display <emphasis>detailed</emphasis> information about the "
22781
23312
"with the appropriate RAID device."
22782
23313
msgstr ""
22783
23314
22784
#: serverguide/C/installation.xml:797(para)
23315
#: serverguide/C/installation.xml:790(para)
22785
23316
msgid "To view the status of a disk in an array:"
22786
23317
msgstr ""
22787
23318
22788
#: serverguide/C/installation.xml:801(command)
23319
#: serverguide/C/installation.xml:794(command)
22789
23320
msgid "sudo mdadm -E /dev/sda1"
22790
23321
msgstr ""
22791
23322
22792
#: serverguide/C/installation.xml:803(para)
23323
#: serverguide/C/installation.xml:796(para)
22793
23324
msgid ""
22794
23325
"The output if very similar to the <command>mdadm -D</command> command, "
22795
23326
"adjust <filename>/dev/sda1</filename> for each disk."
22796
23327
msgstr ""
22797
23328
22798
#: serverguide/C/installation.xml:808(para)
23329
#: serverguide/C/installation.xml:801(para)
22799
23330
msgid "If a disk fails and needs to be removed from an array enter:"
22800
23331
msgstr ""
22801
23332
22802
#: serverguide/C/installation.xml:812(command)
23333
#: serverguide/C/installation.xml:805(command)
22803
23334
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
22804
23335
msgstr ""
22805
23336
22806
#: serverguide/C/installation.xml:814(para)
23337
#: serverguide/C/installation.xml:807(para)
22807
23338
msgid ""
22808
23339
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
22809
23340
"the appropriate RAID device and disk."
22810
23341
msgstr ""
22811
23342
22812
#: serverguide/C/installation.xml:819(para)
23343
#: serverguide/C/installation.xml:812(para)
22813
23344
msgid "Similarly, to add a new disk:"
22814
23345
msgstr ""
22815
23346
22816
#: serverguide/C/installation.xml:823(command)
23347
#: serverguide/C/installation.xml:816(command)
22817
23348
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
22818
23349
msgstr ""
22819
23350
22820
#: serverguide/C/installation.xml:828(para)
23351
#: serverguide/C/installation.xml:821(para)
22821
23352
msgid ""
22822
23353
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
22823
23354
"though there is nothing physically wrong with the drive. It is usually "
22826
23357
"the array, it is a good indication of hardware failure."
22827
23358
msgstr ""
22828
23359
22829
#: serverguide/C/installation.xml:834(para)
23360
#: serverguide/C/installation.xml:827(para)
22830
23361
msgid ""
22831
23362
"The <filename>/proc/mdstat</filename> file also contains useful information "
22832
23363
"about the system's RAID devices:"
22833
23364
msgstr ""
22834
23365
22835
#: serverguide/C/installation.xml:839(command)
23366
#: serverguide/C/installation.xml:832(command)
22836
23367
msgid "cat /proc/mdstat"
22837
23368
msgstr ""
22838
23369
22839
#: serverguide/C/installation.xml:840(computeroutput)
23370
#: serverguide/C/installation.xml:833(computeroutput)
22840
23371
#, no-wrap
22841
23372
msgid ""
22842
23373
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
22847
23378
"unused devices: <none>"
22848
23379
msgstr ""
22849
23380
22850
#: serverguide/C/installation.xml:847(para)
23381
#: serverguide/C/installation.xml:840(para)
22851
23382
msgid ""
22852
23383
"The following command is great for watching the status of a syncing drive:"
22853
23384
msgstr ""
22854
23385
22855
#: serverguide/C/installation.xml:852(command)
23386
#: serverguide/C/installation.xml:845(command)
22856
23387
msgid "watch -n1 cat /proc/mdstat"
22857
23388
msgstr ""
22858
23389
22859
#: serverguide/C/installation.xml:855(para)
23390
#: serverguide/C/installation.xml:848(para)
22860
23391
msgid ""
22861
23392
"Press <emphasis>Ctrl+c</emphasis> to stop the "
22862
23393
"<application>watch</application> command."
22863
23394
msgstr ""
22864
23395
22865
#: serverguide/C/installation.xml:859(para)
23396
#: serverguide/C/installation.xml:852(para)
22866
23397
msgid ""
22867
23398
"If you do need to replace a faulty drive, after the drive has been replaced "
22868
23399
"and synced, <application>grub</application> will need to be installed. To "
22870
23401
"following:"
22871
23402
msgstr ""
22872
23403
22873
#: serverguide/C/installation.xml:865(command)
23404
#: serverguide/C/installation.xml:858(command)
22874
23405
msgid "sudo grub-install /dev/md0"
22875
23406
msgstr ""
22876
23407
22877
#: serverguide/C/installation.xml:868(para)
23408
#: serverguide/C/installation.xml:861(para)
22878
23409
msgid ""
22879
23410
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
22880
23411
msgstr ""
22881
23412
22882
#: serverguide/C/installation.xml:876(para)
23413
#: serverguide/C/installation.xml:869(para)
22883
23414
msgid ""
22884
23415
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
22885
23416
"can be configured. Please see the following links for more information:"
22886
23417
msgstr ""
22887
23418
22888
#: serverguide/C/installation.xml:883(para)
23419
#: serverguide/C/installation.xml:876(para)
22889
23420
msgid ""
22890
23421
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
22891
23422
"Wiki Articles on RAID</ulink>."
22892
23423
msgstr ""
22893
23424
22894
#: serverguide/C/installation.xml:889(ulink)
23425
#: serverguide/C/installation.xml:882(ulink)
22895
23426
msgid "Software RAID HOWTO"
22896
23427
msgstr ""
22897
23428
22898
#: serverguide/C/installation.xml:894(ulink)
23429
#: serverguide/C/installation.xml:887(ulink)
22899
23430
msgid "Managing RAID on Linux"
22900
23431
msgstr ""
22901
23432
22902
#: serverguide/C/installation.xml:901(title)
23433
#: serverguide/C/installation.xml:894(title)
22903
23434
msgid "Logical Volume Manager (LVM)"
22904
23435
msgstr ""
22905
23436
22906
#: serverguide/C/installation.xml:903(para)
23437
#: serverguide/C/installation.xml:896(para)
22907
23438
msgid ""
22908
23439
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
22909
23440
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
22912
23443
"giving greater flexibility to systems as requirements change."
22913
23444
msgstr ""
22914
23445
22915
#: serverguide/C/installation.xml:912(para)
23446
#: serverguide/C/installation.xml:905(para)
22916
23447
msgid ""
22917
23448
"A side effect of LVM's power and flexibility is a greater degree of "
22918
23449
"complication. Before diving into the LVM installation process, it is best to "
22919
23450
"get familiar with some terms."
22920
23451
msgstr ""
22921
23452
22922
#: serverguide/C/installation.xml:919(para)
23453
#: serverguide/C/installation.xml:912(para)
22923
23454
msgid ""
22924
23455
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
22925
23456
"partition or software RAID partition formatted as LVM PV."
22926
23457
msgstr ""
22927
23458
22928
#: serverguide/C/installation.xml:925(para)
23459
#: serverguide/C/installation.xml:918(para)
22929
23460
msgid ""
22930
23461
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
22931
23462
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
22932
23463
"disk drive, from which one or more logical volumes are carved."
22933
23464
msgstr ""
22934
23465
22935
#: serverguide/C/installation.xml:931(para)
23466
#: serverguide/C/installation.xml:924(para)
22936
23467
msgid ""
22937
23468
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
22938
23469
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
22939
23470
"etc), it is then available for mounting and data storage."
22940
23471
msgstr ""
22941
23472
22942
#: serverguide/C/installation.xml:942(para)
23473
#: serverguide/C/installation.xml:935(para)
22943
23474
msgid ""
22944
23475
"As an example this section covers installing Ubuntu Server Edition with "
22945
23476
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
22948
23479
"can be extended."
22949
23480
msgstr ""
22950
23481
22951
#: serverguide/C/installation.xml:948(para)
23482
#: serverguide/C/installation.xml:941(para)
22952
23483
msgid ""
22953
23484
"There are several installation options for LVM, <emphasis>\"Guided - use the "
22954
23485
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
22959
23490
"the Manual approach."
22960
23491
msgstr ""
22961
23492
22962
#: serverguide/C/installation.xml:965(para)
23493
#: serverguide/C/installation.xml:958(para)
22963
23494
msgid ""
22964
23495
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
22965
23496
"<emphasis>\"Manual\"</emphasis>."
22966
23497
msgstr ""
22967
23498
22968
#: serverguide/C/installation.xml:972(para)
23499
#: serverguide/C/installation.xml:965(para)
22969
23500
msgid ""
22970
23501
"Select the hard disk and on the next screen choose \"yes\" to "
22971
23502
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
22972
23503
msgstr ""
22973
23504
22974
#: serverguide/C/installation.xml:979(para)
23505
#: serverguide/C/installation.xml:972(para)
22975
23506
msgid ""
22976
23507
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
22977
23508
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
22978
23509
msgstr ""
22979
23510
22980
#: serverguide/C/installation.xml:987(para)
23511
#: serverguide/C/installation.xml:980(para)
22981
23512
msgid ""
22982
23513
"For the LVM <emphasis>/srv</emphasis>, create a new "
22983
23514
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
22985
23516
"<emphasis>\"Done setting up the partition\"</emphasis>."
22986
23517
msgstr ""
22987
23518
22988
#: serverguide/C/installation.xml:995(para)
23519
#: serverguide/C/installation.xml:988(para)
22989
23520
msgid ""
22990
23521
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
22991
23522
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
22992
23523
"disk."
22993
23524
msgstr ""
22994
23525
22995
#: serverguide/C/installation.xml:1003(para)
23526
#: serverguide/C/installation.xml:996(para)
22996
23527
msgid ""
22997
23528
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
22998
23529
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
23001
23532
"<emphasis>\"Continue\"</emphasis>."
23002
23533
msgstr ""
23003
23534
23004
#: serverguide/C/installation.xml:1012(para)
23535
#: serverguide/C/installation.xml:1005(para)
23005
23536
msgid ""
23006
23537
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
23007
23538
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
23012
23543
"main <emphasis>\"Partition Disks\"</emphasis> screen."
23013
23544
msgstr ""
23014
23545
23015
#: serverguide/C/installation.xml:1022(para)
23546
#: serverguide/C/installation.xml:1015(para)
23016
23547
msgid ""
23017
23548
"Now add a filesystem to the new LVM. Select the partition under "
23018
23549
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
23021
23552
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23022
23553
msgstr ""
23023
23554
23024
#: serverguide/C/installation.xml:1031(para)
23555
#: serverguide/C/installation.xml:1024(para)
23025
23556
msgid ""
23026
23557
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23027
23558
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23028
23559
"the installation."
23029
23560
msgstr ""
23030
23561
23031
#: serverguide/C/installation.xml:1039(para)
23562
#: serverguide/C/installation.xml:1032(para)
23032
23563
msgid "There are some useful utilities to view information about LVM:"
23033
23564
msgstr ""
23034
23565
23035
#: serverguide/C/installation.xml:1044(para)
23566
#: serverguide/C/installation.xml:1037(para)
23036
23567
msgid ""
23037
23568
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23038
23569
msgstr ""
23039
23570
23040
#: serverguide/C/installation.xml:1045(para)
23571
#: serverguide/C/installation.xml:1038(para)
23041
23572
msgid ""
23042
23573
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23043
23574
msgstr ""
23044
23575
23045
#: serverguide/C/installation.xml:1046(para)
23576
#: serverguide/C/installation.xml:1039(para)
23046
23577
msgid ""
23047
23578
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23048
23579
msgstr ""
23049
23580
23050
#: serverguide/C/installation.xml:1051(title)
23581
#: serverguide/C/installation.xml:1044(title)
23051
23582
msgid "Extending Volume Groups"
23052
23583
msgstr ""
23053
23584
23054
#: serverguide/C/installation.xml:1053(para)
23585
#: serverguide/C/installation.xml:1046(para)
23055
23586
msgid ""
23056
23587
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23057
23588
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23063
23594
"partitions and use them as different physical volumes)"
23064
23595
msgstr ""
23065
23596
23066
#: serverguide/C/installation.xml:1061(para)
23597
#: serverguide/C/installation.xml:1054(para)
23067
23598
msgid ""
23068
23599
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23069
23600
"before issuing the commands below. You could lose some data if you issue "
23070
23601
"those commands on a non-empty disk."
23071
23602
msgstr ""
23072
23603
23073
#: serverguide/C/installation.xml:1069(para)
23604
#: serverguide/C/installation.xml:1062(para)
23074
23605
msgid "First, create the physical volume, in a terminal execute:"
23075
23606
msgstr ""
23076
23607
23077
#: serverguide/C/installation.xml:1074(command)
23608
#: serverguide/C/installation.xml:1067(command)
23078
23609
msgid "sudo pvcreate /dev/sdb"
23079
23610
msgstr ""
23080
23611
23081
#: serverguide/C/installation.xml:1080(para)
23612
#: serverguide/C/installation.xml:1073(para)
23082
23613
msgid "Now extend the Volume Group (VG):"
23083
23614
msgstr ""
23084
23615
23085
#: serverguide/C/installation.xml:1085(command)
23616
#: serverguide/C/installation.xml:1078(command)
23086
23617
msgid "sudo vgextend vg01 /dev/sdb"
23087
23618
msgstr ""
23088
23619
23089
#: serverguide/C/installation.xml:1091(para)
23620
#: serverguide/C/installation.xml:1084(para)
23090
23621
msgid ""
23091
23622
"Use <application>vgdisplay</application> to find out the free physical "
23092
23623
"extents - Free PE / size (the size you can allocate). We will assume a free "
23094
23625
"whole free space available. Use your own PE and/or free space."
23095
23626
msgstr ""
23096
23627
23097
#: serverguide/C/installation.xml:1097(para)
23628
#: serverguide/C/installation.xml:1090(para)
23098
23629
msgid ""
23099
23630
"The Logical Volume (LV) can now be extended by different methods, we will "
23100
23631
"only see how to use the PE to extend the LV:"
23101
23632
msgstr ""
23102
23633
23103
#: serverguide/C/installation.xml:1102(command)
23634
#: serverguide/C/installation.xml:1095(command)
23104
23635
msgid "sudo lvextend /dev/vg01/srv -l +511"
23105
23636
msgstr ""
23106
23637
23107
#: serverguide/C/installation.xml:1105(para)
23638
#: serverguide/C/installation.xml:1098(para)
23108
23639
msgid ""
23109
23640
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
23110
23641
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
23111
23642
"Gig, Tera, etc bytes."
23112
23643
msgstr ""
23113
23644
23114
#: serverguide/C/installation.xml:1113(para)
23645
#: serverguide/C/installation.xml:1106(para)
23115
23646
msgid ""
23116
23647
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
23117
23648
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
23120
23651
"first is compulsory)."
23121
23652
msgstr ""
23122
23653
23123
#: serverguide/C/installation.xml:1119(para)
23654
#: serverguide/C/installation.xml:1112(para)
23124
23655
msgid ""
23125
23656
"The following commands are for an <emphasis>EXT3</emphasis> or "
23126
23657
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23127
23658
"there may be other utilities available."
23128
23659
msgstr ""
23129
23660
23130
#: serverguide/C/installation.xml:1126(command)
23661
#: serverguide/C/installation.xml:1119(command)
23131
23662
msgid "sudo e2fsck -f /dev/vg01/srv"
23132
23663
msgstr ""
23133
23664
23134
#: serverguide/C/installation.xml:1129(para)
23665
#: serverguide/C/installation.xml:1122(para)
23135
23666
msgid ""
23136
23667
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23137
23668
"forces checking even if the system seems clean."
23138
23669
msgstr ""
23139
23670
23140
#: serverguide/C/installation.xml:1136(para)
23671
#: serverguide/C/installation.xml:1129(para)
23141
23672
msgid "Finally, resize the filesystem:"
23142
23673
msgstr ""
23143
23674
23144
#: serverguide/C/installation.xml:1141(command)
23675
#: serverguide/C/installation.xml:1134(command)
23145
23676
msgid "sudo resize2fs /dev/vg01/srv"
23146
23677
msgstr ""
23147
23678
23148
#: serverguide/C/installation.xml:1147(para)
23679
#: serverguide/C/installation.xml:1140(para)
23149
23680
msgid "Now mount the partition and check its size."
23150
23681
msgstr ""
23151
23682
23152
#: serverguide/C/installation.xml:1152(command)
23683
#: serverguide/C/installation.xml:1145(command)
23153
23684
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23154
23685
msgstr ""
23155
23686
23156
#: serverguide/C/installation.xml:1164(para)
23687
#: serverguide/C/installation.xml:1157(para)
23157
23688
msgid ""
23158
23689
"See the <ulink "
23159
23690
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23160
23691
"Articles</ulink>."
23161
23692
msgstr ""
23162
23693
23163
#: serverguide/C/installation.xml:1169(para)
23694
#: serverguide/C/installation.xml:1162(para)
23164
23695
msgid ""
23165
23696
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
23166
23697
"HOWTO</ulink> for more information."
23167
23698
msgstr ""
23168
23699
23169
#: serverguide/C/installation.xml:1174(para)
23700
#: serverguide/C/installation.xml:1167(para)
23170
23701
msgid ""
23171
23702
"Another good article is <ulink "
23172
23703
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
23181
23712
" man page</ulink>."
23182
23713
msgstr ""
23183
23714
23184
#: serverguide/C/installation.xml:1192(title)
23715
#: serverguide/C/installation.xml:1185(title)
23185
23716
msgid "Kernel Crash Dump"
23186
23717
msgstr ""
23187
23718
23188
#: serverguide/C/installation.xml:1199(para)
23719
#: serverguide/C/installation.xml:1192(para)
23189
23720
msgid "Kernel Panic"
23190
23721
msgstr ""
23191
23722
23192
#: serverguide/C/installation.xml:1200(para)
23723
#: serverguide/C/installation.xml:1193(para)
23193
23724
msgid "Non Maskable Interrupts (NMI)"
23194
23725
msgstr ""
23195
23726
23196
#: serverguide/C/installation.xml:1201(para)
23727
#: serverguide/C/installation.xml:1194(para)
23197
23728
msgid "Machine Check Exceptions (MCE)"
23198
23729
msgstr ""
23199
23730
23200
#: serverguide/C/installation.xml:1202(para)
23731
#: serverguide/C/installation.xml:1195(para)
23201
23732
msgid "Hardware failure"
23202
23733
msgstr ""
23203
23734
23204
#: serverguide/C/installation.xml:1203(para)
23735
#: serverguide/C/installation.xml:1196(para)
23205
23736
msgid "Manual intervention"
23206
23737
msgstr ""
23207
23738
23208
#: serverguide/C/installation.xml:1195(para)
23739
#: serverguide/C/installation.xml:1188(para)
23209
23740
msgid ""
23210
23741
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
23211
23742
"(RAM) that is copied to disk whenever the execution of the kernel is "
23219
23750
"memory contents."
23220
23751
msgstr ""
23221
23752
23222
#: serverguide/C/installation.xml:1212(title)
23753
#: serverguide/C/installation.xml:1205(title)
23223
23754
msgid "Kernel Crash Dump Mechanism"
23224
23755
msgstr ""
23225
23756
23226
#: serverguide/C/installation.xml:1214(para)
23757
#: serverguide/C/installation.xml:1207(para)
23227
23758
msgid ""
23228
23759
"When a kernel panic occurs, the kernel relies on the "
23229
23760
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
23232
23763
"untouched in order to safely copy its contents to storage."
23233
23764
msgstr ""
23234
23765
23235
#: serverguide/C/installation.xml:1223(para)
23766
#: serverguide/C/installation.xml:1216(para)
23236
23767
msgid ""
23237
23768
"The kernel crash dump utility is installed with the following command:"
23238
23769
msgstr ""
23239
23770
23240
#: serverguide/C/installation.xml:1228(command)
23771
#: serverguide/C/installation.xml:1221(command)
23241
23772
msgid "sudo apt-get install linux-crashdump"
23242
23773
msgstr ""
23243
23774
23244
#: serverguide/C/installation.xml:1231(para)
23775
#: serverguide/C/installation.xml:1230(programlisting)
23776
#, no-wrap
23777
msgid ""
23778
"\n"
23779
"USE_KDUMP=1\n"
23780
msgstr ""
23781
23782
#: serverguide/C/installation.xml:1228(para)
23783
msgid ""
23784
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
23785
"line: <placeholder-1/>"
23786
msgstr ""
23787
23788
#: serverguide/C/installation.xml:1235(para)
23245
23789
msgid "A reboot is then needed."
23246
23790
msgstr ""
23247
23791
23248
#: serverguide/C/installation.xml:1239(para)
23249
msgid ""
23250
"No further configuration is required in order to have the kernel dump "
23251
"mechanism enabled."
23252
msgstr ""
23253
23254
#: serverguide/C/installation.xml:1248(para)
23792
#: serverguide/C/installation.xml:1244(para)
23255
23793
msgid ""
23256
23794
"To confirm that the kernel dump mechanism is enabled, there are a few things "
23257
23795
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
23259
23797
"fit the format of this document:"
23260
23798
msgstr ""
23261
23799
23262
#: serverguide/C/installation.xml:1255(command)
23800
#: serverguide/C/installation.xml:1251(command)
23263
23801
msgid "cat /proc/cmdline"
23264
23802
msgstr ""
23265
23803
23266
#: serverguide/C/installation.xml:1256(computeroutput)
23804
#: serverguide/C/installation.xml:1252(computeroutput)
23267
23805
#, no-wrap
23268
23806
msgid ""
23269
23807
"\n"
23271
23809
" crashkernel=384M-2G:64M,2G-:128M\n"
23272
23810
msgstr ""
23273
23811
23274
#: serverguide/C/installation.xml:1264(programlisting)
23812
#: serverguide/C/installation.xml:1260(programlisting)
23275
23813
#, no-wrap
23276
23814
msgid ""
23277
23815
"\n"
23281
23819
" "
23282
23820
msgstr ""
23283
23821
23284
#: serverguide/C/installation.xml:1262(para)
23822
#: serverguide/C/installation.xml:1258(para)
23285
23823
msgid ""
23286
23824
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
23287
23825
"<placeholder-1/>"
23288
23826
msgstr ""
23289
23827
23290
#: serverguide/C/installation.xml:1272(programlisting)
23828
#: serverguide/C/installation.xml:1268(programlisting)
23291
23829
#, no-wrap
23292
23830
msgid ""
23293
23831
"\n"
23294
23832
"crashkernel=384M-2G:64M,2G-:128M\n"
23295
23833
msgstr ""
23296
23834
23297
#: serverguide/C/installation.xml:1270(para)
23835
#: serverguide/C/installation.xml:1266(para)
23298
23836
msgid ""
23299
23837
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
23300
23838
"we would have : <placeholder-1/>"
23301
23839
msgstr ""
23302
23840
23303
#: serverguide/C/installation.xml:1277(para)
23841
#: serverguide/C/installation.xml:1273(para)
23304
23842
msgid "The above value means:"
23305
23843
msgstr ""
23306
23844
23307
#: serverguide/C/installation.xml:1279(para)
23845
#: serverguide/C/installation.xml:1275(para)
23308
23846
msgid ""
23309
23847
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
23310
23848
"\"rescue\" case)"
23311
23849
msgstr ""
23312
23850
23313
#: serverguide/C/installation.xml:1281(para)
23851
#: serverguide/C/installation.xml:1277(para)
23314
23852
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
23315
23853
msgstr ""
23316
23854
23317
#: serverguide/C/installation.xml:1282(para)
23855
#: serverguide/C/installation.xml:1278(para)
23318
23856
msgid "if the RAM size is larger than 2G, then reserve 128M"
23319
23857
msgstr ""
23320
23858
23321
#: serverguide/C/installation.xml:1285(para)
23859
#: serverguide/C/installation.xml:1281(para)
23322
23860
msgid ""
23323
23861
"Second, verify that the kernel has reserved the requested memory area for "
23324
23862
"the kdump kernel by doing:"
23325
23863
msgstr ""
23326
23864
23327
#: serverguide/C/installation.xml:1290(command)
23865
#: serverguide/C/installation.xml:1286(command)
23328
23866
msgid "dmesg | grep -i crash"
23329
23867
msgstr ""
23330
23868
23331
#: serverguide/C/installation.xml:1291(computeroutput)
23869
#: serverguide/C/installation.xml:1287(computeroutput)
23332
23870
#, no-wrap
23333
23871
msgid ""
23334
23872
"\n"
23337
23875
"RAM: 1023MB)\n"
23338
23876
msgstr ""
23339
23877
23340
#: serverguide/C/installation.xml:1300(title)
23878
#: serverguide/C/installation.xml:1296(title)
23341
23879
msgid "Testing the Crash Dump Mechanism"
23342
23880
msgstr ""
23343
23881
23344
#: serverguide/C/installation.xml:1303(para)
23882
#: serverguide/C/installation.xml:1299(para)
23345
23883
msgid ""
23346
23884
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
23347
23885
"reboot.</emphasis> In certain situations, this can cause data loss if the "
23349
23887
"that the system is idle or under very light load."
23350
23888
msgstr ""
23351
23889
23352
#: serverguide/C/installation.xml:1310(para)
23890
#: serverguide/C/installation.xml:1306(para)
23353
23891
msgid ""
23354
23892
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
23355
23893
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
23356
23894
"parameter :"
23357
23895
msgstr ""
23358
23896
23359
#: serverguide/C/installation.xml:1316(command)
23897
#: serverguide/C/installation.xml:1312(command)
23360
23898
msgid "cat /proc/sys/kernel/sysrq"
23361
23899
msgstr ""
23362
23900
23363
#: serverguide/C/installation.xml:1319(para)
23901
#: serverguide/C/installation.xml:1315(para)
23364
23902
msgid ""
23365
23903
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
23366
23904
"Enable it with the following command :"
23367
23905
msgstr ""
23368
23906
23369
#: serverguide/C/installation.xml:1324(command)
23907
#: serverguide/C/installation.xml:1320(command)
23370
23908
msgid "sudo sysctl -w kernel.sysrq=1"
23371
23909
msgstr ""
23372
23910
23373
#: serverguide/C/installation.xml:1327(para)
23911
#: serverguide/C/installation.xml:1323(para)
23374
23912
msgid ""
23375
23913
"Once this is done, you must become root, as just using "
23376
23914
"<command>sudo</command> will not be sufficient. As the "
23381
23919
"the advantage of making the kernel dump process visible."
23382
23920
msgstr ""
23383
23921
23384
#: serverguide/C/installation.xml:1334(para)
23922
#: serverguide/C/installation.xml:1330(para)
23385
23923
msgid "A typical test output should look like the following :"
23386
23924
msgstr ""
23387
23925
23388
#: serverguide/C/installation.xml:1339(command)
23926
#: serverguide/C/installation.xml:1335(command)
23389
23927
msgid "sudo -s"
23390
23928
msgstr ""
23391
23929
23392
#: serverguide/C/installation.xml:1341(command)
23930
#: serverguide/C/installation.xml:1337(command)
23393
23931
msgid "echo c > /proc/sysrq-trigger"
23394
23932
msgstr ""
23395
23933
23396
#: serverguide/C/installation.xml:1338(screen)
23934
#: serverguide/C/installation.xml:1334(screen)
23397
23935
#, no-wrap
23398
23936
msgid ""
23399
23937
"\n"
23410
23948
"....\n"
23411
23949
msgstr ""
23412
23950
23413
#: serverguide/C/installation.xml:1351(para)
23951
#: serverguide/C/installation.xml:1347(para)
23414
23952
msgid ""
23415
23953
"The rest of the output is truncated, but you should see the system rebooting "
23416
23954
"and somewhere in the log, you will see the following line : <screen>Begin: "
23419
23957
"file in the <filename>/var/crash</filename> directory :"
23420
23958
msgstr ""
23421
23959
23422
#: serverguide/C/installation.xml:1358(command)
23960
#: serverguide/C/installation.xml:1354(command)
23423
23961
msgid "ls /var/crash"
23424
23962
msgstr ""
23425
23963
23426
#: serverguide/C/installation.xml:1357(screen)
23964
#: serverguide/C/installation.xml:1353(screen)
23427
23965
#, no-wrap
23428
23966
msgid ""
23429
23967
"\n"
23431
23969
"linux-image-3.0.0-12-server.0.crash\n"
23432
23970
msgstr ""
23433
23971
23434
#: serverguide/C/installation.xml:1367(para)
23972
#: serverguide/C/installation.xml:1363(para)
23435
23973
msgid ""
23436
23974
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
23437
23975
"kernel. You can find more information on the topic here :"
23438
23976
msgstr ""
23439
23977
23440
#: serverguide/C/installation.xml:1373(para)
23978
#: serverguide/C/installation.xml:1369(para)
23441
23979
msgid ""
23442
23980
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
23443
23981
"kernel documentation</ulink>."
23444
23982
msgstr ""
23445
23983
23446
#: serverguide/C/installation.xml:1379(ulink)
23984
#: serverguide/C/installation.xml:1375(ulink)
23447
23985
msgid "The crash tool"
23448
23986
msgstr ""
23449
23987
23450
#: serverguide/C/installation.xml:1383(para)
23988
#: serverguide/C/installation.xml:1379(para)
23451
23989
msgid ""
23452
23990
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
23453
23991
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
23921
24459
"as follows:"
23922
24460
msgstr ""
23923
24461
23924
#: serverguide/C/file-server.xml:429(programlisting)
24462
#: serverguide/C/file-server.xml:430(programlisting)
23925
24463
#, no-wrap
23926
24464
msgid ""
23927
24465
"\n"
23929
24467
"rsize=8192,wsize=8192,timeo=14,intr\n"
23930
24468
msgstr ""
23931
24469
23932
#: serverguide/C/file-server.xml:433(para)
24470
#: serverguide/C/file-server.xml:434(para)
23933
24471
msgid ""
23934
24472
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
23935
24473
"common</application> package is installed on your client. To install "
23939
24477
"</screen>"
23940
24478
msgstr ""
23941
24479
23942
#: serverguide/C/file-server.xml:446(ulink)
24480
#: serverguide/C/file-server.xml:447(ulink)
23943
24481
msgid "Linux NFS faq"
23944
24482
msgstr ""
23945
24483
23946
#: serverguide/C/file-server.xml:448(ulink)
24484
#: serverguide/C/file-server.xml:449(ulink)
23947
24485
msgid "Ubuntu Wiki NFS Howto"
23948
24486
msgstr ""
23949
24487
23950
#: serverguide/C/file-server.xml:454(title)
24488
#: serverguide/C/file-server.xml:455(title)
23951
24489
msgid "iSCSI Initiator"
23952
24490
msgstr ""
23953
24491
23954
#: serverguide/C/file-server.xml:456(para)
24492
#: serverguide/C/file-server.xml:457(para)
23955
24493
msgid ""
23956
24494
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
23957
24495
"protocol that allows SCSI commands to be transmitted over a network. "
23971
24509
"your vendor documentation to configure your specific iSCSI target."
23972
24510
msgstr ""
23973
24511
23974
#: serverguide/C/file-server.xml:470(title)
24512
#: serverguide/C/file-server.xml:471(title)
23975
24513
msgid "iSCSI Initiator Install"
23976
24514
msgstr ""
23977
24515
23978
#: serverguide/C/file-server.xml:472(para)
24516
#: serverguide/C/file-server.xml:473(para)
23979
24517
msgid ""
23980
24518
"To configure Ubuntu Server as an iSCSI initiator install the "
23981
24519
"<application>open-iscsi</application> package. In a terminal enter:"
23982
24520
msgstr ""
23983
24521
23984
#: serverguide/C/file-server.xml:477(command)
24522
#: serverguide/C/file-server.xml:478(command)
23985
24523
msgid "sudo apt-get install open-iscsi"
23986
24524
msgstr ""
23987
24525
23988
#: serverguide/C/file-server.xml:482(title)
24526
#: serverguide/C/file-server.xml:483(title)
23989
24527
msgid "iSCSI Initiator Configuration"
23990
24528
msgstr ""
23991
24529
23992
#: serverguide/C/file-server.xml:484(para)
24530
#: serverguide/C/file-server.xml:485(para)
23993
24531
msgid ""
23994
24532
"Once the <application>open-iscsi</application> package is installed, edit "
23995
24533
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
23996
24534
msgstr ""
23997
24535
23998
#: serverguide/C/file-server.xml:488(programlisting)
24536
#: serverguide/C/file-server.xml:489(programlisting)
23999
24537
#, no-wrap
24000
24538
msgid ""
24001
24539
"\n"
24002
24540
"node.startup = automatic\n"
24003
24541
msgstr ""
24004
24542
24005
#: serverguide/C/file-server.xml:492(para)
24543
#: serverguide/C/file-server.xml:493(para)
24006
24544
msgid ""
24007
24545
"You can check which targets are available by using the "
24008
24546
"<application>iscsiadm</application> utility. Enter the following in a "
24009
24547
"terminal:"
24010
24548
msgstr ""
24011
24549
24012
#: serverguide/C/file-server.xml:497(command)
24550
#: serverguide/C/file-server.xml:498(command)
24013
24551
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24014
24552
msgstr ""
24015
24553
24016
#: serverguide/C/file-server.xml:501(para)
24554
#: serverguide/C/file-server.xml:502(para)
24017
24555
msgid ""
24018
24556
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24019
24557
msgstr ""
24020
24558
24021
#: serverguide/C/file-server.xml:502(para)
24559
#: serverguide/C/file-server.xml:503(para)
24022
24560
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24023
24561
msgstr ""
24024
24562
24025
#: serverguide/C/file-server.xml:503(para)
24563
#: serverguide/C/file-server.xml:504(para)
24026
24564
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24027
24565
msgstr ""
24028
24566
24029
#: serverguide/C/file-server.xml:507(para)
24567
#: serverguide/C/file-server.xml:508(para)
24030
24568
msgid ""
24031
24569
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24032
24570
"your network."
24033
24571
msgstr ""
24034
24572
24035
#: serverguide/C/file-server.xml:512(para)
24573
#: serverguide/C/file-server.xml:513(para)
24036
24574
msgid ""
24037
24575
"If the target is available you should see output similar to the following:"
24038
24576
msgstr ""
24039
24577
24040
#: serverguide/C/file-server.xml:517(computeroutput)
24578
#: serverguide/C/file-server.xml:518(computeroutput)
24041
24579
#, no-wrap
24042
24580
msgid ""
24043
24581
"\n"
24044
24582
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24045
24583
msgstr ""
24046
24584
24047
#: serverguide/C/file-server.xml:523(para)
24585
#: serverguide/C/file-server.xml:524(para)
24048
24586
msgid ""
24049
24587
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24050
24588
"on your hardware."
24051
24589
msgstr ""
24052
24590
24053
#: serverguide/C/file-server.xml:528(para)
24591
#: serverguide/C/file-server.xml:529(para)
24054
24592
msgid ""
24055
24593
"You should now be able to connect to the iSCSI target, and depending on your "
24056
24594
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24057
24595
msgstr ""
24058
24596
24059
#: serverguide/C/file-server.xml:534(command)
24597
#: serverguide/C/file-server.xml:535(command)
24060
24598
msgid "sudo iscsiadm -m node --login"
24061
24599
msgstr ""
24062
24600
24063
#: serverguide/C/file-server.xml:537(para)
24601
#: serverguide/C/file-server.xml:538(para)
24064
24602
msgid ""
24065
24603
"Check to make sure that the new disk has been detected using "
24066
24604
"<application>dmesg</application>:"
24067
24605
msgstr ""
24068
24606
24069
#: serverguide/C/file-server.xml:542(command)
24607
#: serverguide/C/file-server.xml:543(command)
24070
24608
msgid "dmesg | grep sd"
24071
24609
msgstr ""
24072
24610
24073
#: serverguide/C/file-server.xml:543(computeroutput)
24611
#: serverguide/C/file-server.xml:544(computeroutput)
24074
24612
#, no-wrap
24075
24613
msgid ""
24076
24614
"\n"
24099
24637
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
24100
24638
msgstr ""
24101
24639
24102
#: serverguide/C/file-server.xml:567(para)
24640
#: serverguide/C/file-server.xml:568(para)
24103
24641
msgid ""
24104
24642
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
24105
24643
"this is just an example; the output you see on your screen will vary."
24106
24644
msgstr ""
24107
24645
24108
#: serverguide/C/file-server.xml:572(para)
24646
#: serverguide/C/file-server.xml:573(para)
24109
24647
msgid ""
24110
24648
"Next, create a partition, format the file system, and mount the new iSCSI "
24111
24649
"disk. In a terminal enter:"
24112
24650
msgstr ""
24113
24651
24114
#: serverguide/C/file-server.xml:577(command)
24652
#: serverguide/C/file-server.xml:578(command)
24115
24653
msgid "sudo fdisk /dev/sdb"
24116
24654
msgstr ""
24117
24655
24118
#: serverguide/C/file-server.xml:578(command)
24656
#: serverguide/C/file-server.xml:579(command)
24119
24657
msgid "n"
24120
24658
msgstr ""
24121
24659
24122
#: serverguide/C/file-server.xml:579(command)
24660
#: serverguide/C/file-server.xml:580(command)
24123
24661
msgid "p"
24124
24662
msgstr ""
24125
24663
24126
#: serverguide/C/file-server.xml:580(command)
24664
#: serverguide/C/file-server.xml:581(command)
24127
24665
msgid "enter"
24128
24666
msgstr ""
24129
24667
24130
#: serverguide/C/file-server.xml:581(command)
24668
#: serverguide/C/file-server.xml:582(command)
24131
24669
msgid "w"
24132
24670
msgstr ""
24133
24671
24134
#: serverguide/C/file-server.xml:585(para)
24672
#: serverguide/C/file-server.xml:586(para)
24135
24673
msgid ""
24136
24674
"The above commands are from inside the <application>fdisk</application> "
24137
24675
"utility; see <command>man fdisk</command> for more detailed instructions. "
24139
24677
"friendly."
24140
24678
msgstr ""
24141
24679
24142
#: serverguide/C/file-server.xml:591(para)
24680
#: serverguide/C/file-server.xml:592(para)
24143
24681
msgid ""
24144
24682
"Now format the file system and mount it to <filename>/srv</filename> as an "
24145
24683
"example:"
24146
24684
msgstr ""
24147
24685
24148
#: serverguide/C/file-server.xml:596(command)
24686
#: serverguide/C/file-server.xml:597(command)
24149
24687
msgid "sudo mkfs.ext4 /dev/sdb1"
24150
24688
msgstr ""
24151
24689
24152
#: serverguide/C/file-server.xml:597(command)
24690
#: serverguide/C/file-server.xml:598(command)
24153
24691
msgid "sudo mount /dev/sdb1 /srv"
24154
24692
msgstr ""
24155
24693
24156
#: serverguide/C/file-server.xml:601(para)
24694
#: serverguide/C/file-server.xml:602(para)
24157
24695
msgid ""
24158
24696
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
24159
24697
"drive during boot:"
24160
24698
msgstr ""
24161
24699
24162
#: serverguide/C/file-server.xml:605(programlisting)
24700
#: serverguide/C/file-server.xml:606(programlisting)
24163
24701
#, no-wrap
24164
24702
msgid ""
24165
24703
"\n"
24166
24704
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
24167
24705
msgstr ""
24168
24706
24169
#: serverguide/C/file-server.xml:609(para)
24707
#: serverguide/C/file-server.xml:610(para)
24170
24708
msgid ""
24171
24709
"It is a good idea to make sure everything is working as expected by "
24172
24710
"rebooting the server."
24173
24711
msgstr ""
24174
24712
24175
#: serverguide/C/file-server.xml:618(ulink)
24713
#: serverguide/C/file-server.xml:619(ulink)
24176
24714
msgid "Open-iSCSI Website"
24177
24715
msgstr ""
24178
24716
24179
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
24717
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
24180
24718
msgid "Debian Open-iSCSI page"
24181
24719
msgstr ""
24182
24720
24183
#: serverguide/C/file-server.xml:628(title)
24721
#: serverguide/C/file-server.xml:629(title)
24184
24722
msgid "CUPS - Print Server"
24185
24723
msgstr ""
24186
24724
24187
#: serverguide/C/file-server.xml:629(para)
24725
#: serverguide/C/file-server.xml:630(para)
24188
24726
msgid ""
24189
24727
"The primary mechanism for Ubuntu printing and print services is the "
24190
24728
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
24192
24730
"become the new standard for printing in most Linux distributions."
24193
24731
msgstr ""
24194
24732
24195
#: serverguide/C/file-server.xml:636(para)
24733
#: serverguide/C/file-server.xml:637(para)
24196
24734
msgid ""
24197
24735
"CUPS manages print jobs and queues and provides network printing using the "
24198
24736
"standard Internet Printing Protocol (IPP), while offering support for a very "
24202
24740
"administration tool."
24203
24741
msgstr ""
24204
24742
24205
#: serverguide/C/file-server.xml:646(para)
24743
#: serverguide/C/file-server.xml:647(para)
24206
24744
msgid ""
24207
24745
"To install CUPS on your Ubuntu computer, simply use "
24208
24746
"<application>sudo</application> with the <application>apt-get</application> "
24212
24750
"CUPS:"
24213
24751
msgstr ""
24214
24752
24215
#: serverguide/C/file-server.xml:651(command)
24753
#: serverguide/C/file-server.xml:652(command)
24216
24754
msgid "sudo apt-get install cups"
24217
24755
msgstr ""
24218
24756
24219
#: serverguide/C/file-server.xml:654(para)
24757
#: serverguide/C/file-server.xml:655(para)
24220
24758
msgid ""
24221
24759
"Upon authenticating with your user password, the packages should be "
24222
24760
"downloaded and installed without error. Upon the conclusion of installation, "
24223
24761
"the CUPS server will be started automatically."
24224
24762
msgstr ""
24225
24763
24226
#: serverguide/C/file-server.xml:659(para)
24764
#: serverguide/C/file-server.xml:660(para)
24227
24765
msgid ""
24228
24766
"For troubleshooting purposes, you can access CUPS server errors via the "
24229
24767
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
24236
24774
"from becoming overly large."
24237
24775
msgstr ""
24238
24776
24239
#: serverguide/C/file-server.xml:672(para)
24777
#: serverguide/C/file-server.xml:673(para)
24240
24778
msgid ""
24241
24779
"The Common UNIX Printing System server's behavior is configured through the "
24242
24780
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
24247
24785
"initially will be presented here."
24248
24786
msgstr ""
24249
24787
24250
#: serverguide/C/file-server.xml:682(para)
24788
#: serverguide/C/file-server.xml:683(para)
24251
24789
msgid ""
24252
24790
"Prior to editing the configuration file, you should make a copy of the "
24253
24791
"original file and protect it from writing, so you will have the original "
24254
24792
"settings as a reference, and to reuse as necessary."
24255
24793
msgstr ""
24256
24794
24257
#: serverguide/C/file-server.xml:686(para)
24795
#: serverguide/C/file-server.xml:687(para)
24258
24796
msgid ""
24259
24797
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
24260
24798
"writing with the following commands, issued at a terminal prompt:"
24261
24799
msgstr ""
24262
24800
24263
#: serverguide/C/file-server.xml:692(command)
24801
#: serverguide/C/file-server.xml:693(command)
24264
24802
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
24265
24803
msgstr ""
24266
24804
24267
#: serverguide/C/file-server.xml:693(command)
24805
#: serverguide/C/file-server.xml:694(command)
24268
24806
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
24269
24807
msgstr ""
24270
24808
24271
#: serverguide/C/file-server.xml:698(para)
24809
#: serverguide/C/file-server.xml:699(para)
24272
24810
msgid ""
24273
24811
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
24274
24812
"address of the designated administrator of the CUPS server, simply edit the "
24280
24818
"as such:"
24281
24819
msgstr ""
24282
24820
24283
#: serverguide/C/file-server.xml:709(screen)
24821
#: serverguide/C/file-server.xml:710(screen)
24284
24822
#, no-wrap
24285
24823
msgid ""
24286
24824
"\n"
24287
24825
"ServerAdmin bjoy@somebigco.com\n"
24288
24826
msgstr ""
24289
24827
24290
#: serverguide/C/file-server.xml:715(para)
24828
#: serverguide/C/file-server.xml:716(para)
24291
24829
msgid ""
24292
24830
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
24293
24831
"server installation listens only on the loopback interface at IP address "
24302
24840
"such:"
24303
24841
msgstr ""
24304
24842
24305
#: serverguide/C/file-server.xml:729(screen)
24843
#: serverguide/C/file-server.xml:730(screen)
24306
24844
#, no-wrap
24307
24845
msgid ""
24308
24846
"\n"
24312
24850
"(IPP)\n"
24313
24851
msgstr ""
24314
24852
24315
#: serverguide/C/file-server.xml:735(para)
24853
#: serverguide/C/file-server.xml:736(para)
24316
24854
msgid ""
24317
24855
"In the example above, you may comment out or remove the reference to the "
24318
24856
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
24323
24861
"<emphasis>socrates</emphasis> as such:"
24324
24862
msgstr ""
24325
24863
24326
#: serverguide/C/file-server.xml:745(screen)
24864
#: serverguide/C/file-server.xml:746(screen)
24327
24865
#, no-wrap
24328
24866
msgid ""
24329
24867
"\n"
24330
24868
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
24331
24869
msgstr ""
24332
24870
24333
#: serverguide/C/file-server.xml:749(para)
24871
#: serverguide/C/file-server.xml:750(para)
24334
24872
msgid ""
24335
24873
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
24336
24874
"instead, as in:"
24337
24875
msgstr ""
24338
24876
24339
#: serverguide/C/file-server.xml:751(screen)
24877
#: serverguide/C/file-server.xml:752(screen)
24340
24878
#, no-wrap
24341
24879
msgid ""
24342
24880
"\n"
24343
24881
"Port 631 # Listen on port 631 on all interfaces\n"
24344
24882
msgstr ""
24345
24883
24346
#: serverguide/C/file-server.xml:758(para)
24884
#: serverguide/C/file-server.xml:759(para)
24347
24885
msgid ""
24348
24886
"For more examples of configuration directives in the CUPS server "
24349
24887
"configuration file, view the associated system manual page by entering the "
24350
24888
"following command at a terminal prompt:"
24351
24889
msgstr ""
24352
24890
24353
#: serverguide/C/file-server.xml:765(command)
24891
#: serverguide/C/file-server.xml:766(command)
24354
24892
msgid "man cupsd.conf"
24355
24893
msgstr ""
24356
24894
24357
#: serverguide/C/file-server.xml:769(para)
24895
#: serverguide/C/file-server.xml:770(para)
24358
24896
msgid ""
24359
24897
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
24360
24898
"configuration file, you'll need to restart the CUPS server by typing the "
24365
24903
msgid "sudo service cups restart"
24366
24904
msgstr ""
24367
24905
24368
#: serverguide/C/file-server.xml:781(title)
24906
#: serverguide/C/file-server.xml:782(title)
24369
24907
msgid "Web Interface"
24370
24908
msgstr ""
24371
24909
24372
#: serverguide/C/file-server.xml:783(para)
24910
#: serverguide/C/file-server.xml:784(para)
24373
24911
msgid ""
24374
24912
"CUPS can be configured and monitored using a web interface, which by default "
24375
24913
"is available at <ulink "
24377
24915
"web interface can be used to perform all printer management tasks."
24378
24916
msgstr ""
24379
24917
24380
#: serverguide/C/file-server.xml:787(para)
24918
#: serverguide/C/file-server.xml:788(para)
24381
24919
msgid ""
24382
24920
"In order to perform administrative tasks via the web interface, you must "
24383
24921
"either have the root account enabled on your server, or authenticate as a "
24385
24923
"reasons, CUPS won't authenticate a user that doesn't have a password."
24386
24924
msgstr ""
24387
24925
24388
#: serverguide/C/file-server.xml:790(para)
24926
#: serverguide/C/file-server.xml:791(para)
24389
24927
msgid ""
24390
24928
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
24391
24929
"at the terminal prompt: <screen>\n"
24393
24931
"</screen>"
24394
24932
msgstr ""
24395
24933
24396
#: serverguide/C/file-server.xml:796(para)
24934
#: serverguide/C/file-server.xml:797(para)
24397
24935
msgid ""
24398
24936
"Further documentation is available in the <emphasis "
24399
24937
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
24400
24938
msgstr ""
24401
24939
24402
#: serverguide/C/file-server.xml:804(ulink)
24940
#: serverguide/C/file-server.xml:805(ulink)
24403
24941
msgid "CUPS Website"
24404
24942
msgstr ""
24405
24943
24530
25068
"prompt:"
24531
25069
msgstr ""
24532
25070
24533
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25071
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
24534
25072
msgid "sudo service bind9 restart"
24535
25073
msgstr ""
24536
25074
24580
25118
"command below.)"
24581
25119
msgstr ""
24582
25120
24583
#: serverguide/C/dns.xml:145(para)
25121
#: serverguide/C/dns.xml:141(para)
24584
25122
msgid ""
24585
25123
"Now use an existing zone file as a template to create the "
24586
25124
"<filename>/etc/bind/db.example.com</filename> file:"
24587
25125
msgstr ""
24588
25126
24589
#: serverguide/C/dns.xml:149(command)
25127
#: serverguide/C/dns.xml:145(command)
24590
25128
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
24591
25129
msgstr ""
24592
25130
24593
#: serverguide/C/dns.xml:151(para)
25131
#: serverguide/C/dns.xml:147(para)
24594
25132
msgid ""
24595
25133
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
24596
25134
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
24601
25139
"this file is for."
24602
25140
msgstr ""
24603
25141
24604
#: serverguide/C/dns.xml:158(para)
25142
#: serverguide/C/dns.xml:154(para)
24605
25143
msgid ""
24606
25144
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
24607
25145
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
24609
25147
"the name server in this example:"
24610
25148
msgstr ""
24611
25149
24612
#: serverguide/C/dns.xml:163(programlisting)
25150
#: serverguide/C/dns.xml:159(programlisting)
24613
25151
#, no-wrap
24614
25152
msgid ""
24615
25153
"\n"
24631
25169
"ns IN A 192.168.1.10\n"
24632
25170
msgstr ""
24633
25171
24634
#: serverguide/C/dns.xml:181(para)
25172
#: serverguide/C/dns.xml:177(para)
24635
25173
msgid ""
24636
25174
"You must increment the <emphasis>Serial Number</emphasis> every time you "
24637
25175
"make changes to the zone file. If you make multiple changes before "
24638
25176
"restarting BIND9, simply increment the Serial once."
24639
25177
msgstr ""
24640
25178
24641
#: serverguide/C/dns.xml:185(para)
25179
#: serverguide/C/dns.xml:181(para)
24642
25180
msgid ""
24643
25181
"Now, you can add DNS records to the bottom of the zone file. See <xref "
24644
25182
"linkend=\"dns-record-types\"/> for details."
24645
25183
msgstr ""
24646
25184
24647
#: serverguide/C/dns.xml:189(para)
25185
#: serverguide/C/dns.xml:185(para)
24648
25186
msgid ""
24649
25187
"Many admins like to use the last date edited as the serial of a zone, such "
24650
25188
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
24651
25189
"<emphasis>ss</emphasis> is the Serial Number)"
24652
25190
msgstr ""
24653
25191
24654
#: serverguide/C/dns.xml:194(para)
25192
#: serverguide/C/dns.xml:190(para)
24655
25193
msgid ""
24656
25194
"Once you have made changes to the zone file <application>BIND9</application> "
24657
25195
"needs to be restarted for the changes to take effect:"
24658
25196
msgstr ""
24659
25197
24660
#: serverguide/C/dns.xml:203(title)
25198
#: serverguide/C/dns.xml:199(title)
24661
25199
msgid "Reverse Zone File"
24662
25200
msgstr ""
24663
25201
24664
#: serverguide/C/dns.xml:204(para)
25202
#: serverguide/C/dns.xml:200(para)
24665
25203
msgid ""
24666
25204
"Now that the zone is setup and resolving names to IP Adresses a "
24667
25205
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
24668
25206
"DNS to resolve an address to a name."
24669
25207
msgstr ""
24670
25208
24671
#: serverguide/C/dns.xml:208(para)
25209
#: serverguide/C/dns.xml:204(para)
24672
25210
msgid "Edit /etc/bind/named.conf.local and add the following:"
24673
25211
msgstr ""
24674
25212
24675
#: serverguide/C/dns.xml:211(programlisting)
25213
#: serverguide/C/dns.xml:207(programlisting)
24676
25214
#, no-wrap
24677
25215
msgid ""
24678
25216
"\n"
24682
25220
"};\n"
24683
25221
msgstr ""
24684
25222
24685
#: serverguide/C/dns.xml:218(para)
25223
#: serverguide/C/dns.xml:214(para)
24686
25224
msgid ""
24687
25225
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
24688
25226
"whatever network you are using. Also, name the zone file "
24690
25228
"first octet of your network."
24691
25229
msgstr ""
24692
25230
24693
#: serverguide/C/dns.xml:223(para)
25231
#: serverguide/C/dns.xml:219(para)
24694
25232
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
24695
25233
msgstr ""
24696
25234
24697
#: serverguide/C/dns.xml:227(command)
25235
#: serverguide/C/dns.xml:223(command)
24698
25236
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
24699
25237
msgstr ""
24700
25238
24701
#: serverguide/C/dns.xml:229(para)
25239
#: serverguide/C/dns.xml:225(para)
24702
25240
msgid ""
24703
25241
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
24704
25242
"same options as <filename>/etc/bind/db.example.com</filename>:"
24705
25243
msgstr ""
24706
25244
24707
#: serverguide/C/dns.xml:233(programlisting)
25245
#: serverguide/C/dns.xml:229(programlisting)
24708
25246
#, no-wrap
24709
25247
msgid ""
24710
25248
"\n"
24723
25261
"10 IN PTR ns.example.com.\n"
24724
25262
msgstr ""
24725
25263
24726
#: serverguide/C/dns.xml:248(para)
25264
#: serverguide/C/dns.xml:244(para)
24727
25265
msgid ""
24728
25266
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
24729
25267
"incremented on each change as well. For each <emphasis>A record</emphasis> "
24732
25270
"<filename>/etc/bind/db.192</filename>."
24733
25271
msgstr ""
24734
25272
24735
#: serverguide/C/dns.xml:253(para)
25273
#: serverguide/C/dns.xml:249(para)
24736
25274
msgid ""
24737
25275
"After creating the reverse zone file restart "
24738
25276
"<application>BIND9</application>:"
24739
25277
msgstr ""
24740
25278
24741
#: serverguide/C/dns.xml:262(title)
25279
#: serverguide/C/dns.xml:258(title)
24742
25280
msgid "Secondary Master"
24743
25281
msgstr ""
24744
25282
24745
#: serverguide/C/dns.xml:263(para)
25283
#: serverguide/C/dns.xml:259(para)
24746
25284
msgid ""
24747
25285
"Once a <emphasis>Primary Master</emphasis> has been configured a "
24748
25286
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
24749
25287
"availability of the domain should the Primary become unavailable."
24750
25288
msgstr ""
24751
25289
24752
#: serverguide/C/dns.xml:267(para)
25290
#: serverguide/C/dns.xml:263(para)
24753
25291
msgid ""
24754
25292
"First, on the Primary Master server, the zone transfer needs to be allowed. "
24755
25293
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
24757
25295
"<filename>/etc/bind/named.conf.local</filename>:"
24758
25296
msgstr ""
24759
25297
24760
#: serverguide/C/dns.xml:271(programlisting)
25298
#: serverguide/C/dns.xml:267(programlisting)
24761
25299
#, no-wrap
24762
25300
msgid ""
24763
25301
"\n"
24774
25312
"};\n"
24775
25313
msgstr ""
24776
25314
24777
#: serverguide/C/dns.xml:285(para)
25315
#: serverguide/C/dns.xml:281(para)
24778
25316
msgid ""
24779
25317
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
24780
25318
"Secondary nameserver."
24781
25319
msgstr ""
24782
25320
24783
#: serverguide/C/dns.xml:289(para)
25321
#: serverguide/C/dns.xml:285(para)
24784
25322
msgid "Restart <application>BIND9</application> on the Primary Master:"
24785
25323
msgstr ""
24786
25324
24787
#: serverguide/C/dns.xml:295(para)
25325
#: serverguide/C/dns.xml:291(para)
24788
25326
msgid ""
24789
25327
"Next, on the Secondary Master, install the <application>bind9</application> "
24790
25328
"package the same way as on the Primary. Then edit the "
24792
25330
"declarations for the Forward and Reverse zones:"
24793
25331
msgstr ""
24794
25332
24795
#: serverguide/C/dns.xml:299(programlisting)
25333
#: serverguide/C/dns.xml:295(programlisting)
24796
25334
#, no-wrap
24797
25335
msgid ""
24798
25336
"\n"
24809
25347
"};\n"
24810
25348
msgstr ""
24811
25349
24812
#: serverguide/C/dns.xml:313(para)
25350
#: serverguide/C/dns.xml:309(para)
24813
25351
msgid ""
24814
25352
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
24815
25353
"Primary nameserver."
24816
25354
msgstr ""
24817
25355
24818
#: serverguide/C/dns.xml:317(para)
25356
#: serverguide/C/dns.xml:313(para)
24819
25357
msgid "Restart <application>BIND9</application> on the Secondary Master:"
24820
25358
msgstr ""
24821
25359
24822
#: serverguide/C/dns.xml:323(para)
25360
#: serverguide/C/dns.xml:319(para)
24823
25361
msgid ""
24824
25362
"In <filename>/var/log/syslog</filename> you should see something similar to "
24825
25363
"(some lines have been split to fit the format of this document):"
24826
25364
msgstr ""
24827
25365
24828
#: serverguide/C/dns.xml:326(programlisting)
25366
#: serverguide/C/dns.xml:322(programlisting)
24829
25367
#, no-wrap
24830
25368
msgid ""
24831
25369
"\n"
24850
25388
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
24851
25389
msgstr ""
24852
25390
24853
#: serverguide/C/dns.xml:345(para)
25391
#: serverguide/C/dns.xml:341(para)
24854
25392
msgid ""
24855
25393
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
24856
25394
"on the Primary is larger than the one on the Secondary. If you want to have "
24860
25398
"below:"
24861
25399
msgstr ""
24862
25400
24863
#: serverguide/C/dns.xml:349(programlisting)
25401
#: serverguide/C/dns.xml:345(programlisting)
24864
25402
#, no-wrap
24865
25403
msgid ""
24866
25404
"\n"
24880
25418
"\t"
24881
25419
msgstr ""
24882
25420
24883
#: serverguide/C/dns.xml:365(para)
25421
#: serverguide/C/dns.xml:361(para)
24884
25422
msgid ""
24885
25423
"The default directory for non-authoritative zone files is "
24886
25424
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
24889
25427
"on AppArmor see <xref linkend=\"apparmor\"/>."
24890
25428
msgstr ""
24891
25429
24892
#: serverguide/C/dns.xml:376(para)
25430
#: serverguide/C/dns.xml:372(para)
24893
25431
msgid ""
24894
25432
"This section covers ways to help determine the cause when problems happen "
24895
25433
"with DNS and <application>BIND9</application>."
24896
25434
msgstr ""
24897
25435
24898
#: serverguide/C/dns.xml:382(title)
25436
#: serverguide/C/dns.xml:378(title)
24899
25437
msgid "resolv.conf"
24900
25438
msgstr ""
24901
25439
24909
25447
"<filename>/etc/resolv.conf</filename> contains (for this example):"
24910
25448
msgstr ""
24911
25449
24912
#: serverguide/C/dns.xml:389(programlisting)
25450
#: serverguide/C/dns.xml:384(programlisting)
24913
25451
#, no-wrap
24914
25452
msgid ""
24915
25453
"\n"
24925
25463
"to RESOLVCONF=yes."
24926
25464
msgstr ""
24927
25465
24928
#: serverguide/C/dns.xml:398(para)
25466
#: serverguide/C/dns.xml:389(para)
24929
25467
msgid ""
24930
25468
"You should also add the IP Address of the Secondary nameserver in case the "
24931
25469
"Primary becomes unavailable."
24932
25470
msgstr ""
24933
25471
24934
#: serverguide/C/dns.xml:404(title)
25472
#: serverguide/C/dns.xml:395(title)
24935
25473
msgid "dig"
24936
25474
msgstr ""
24937
25475
24938
#: serverguide/C/dns.xml:405(para)
25476
#: serverguide/C/dns.xml:396(para)
24939
25477
msgid ""
24940
25478
"If you installed the <application>dnsutils</application> package you can "
24941
25479
"test your setup using the DNS lookup utility <application>dig</application>:"
24942
25480
msgstr ""
24943
25481
24944
#: serverguide/C/dns.xml:411(para)
25482
#: serverguide/C/dns.xml:402(para)
24945
25483
msgid ""
24946
25484
"After installing <application>BIND9</application> use "
24947
25485
"<application>dig</application> against the loopback interface to make sure "
24948
25486
"it is listening on port 53. From a terminal prompt:"
24949
25487
msgstr ""
24950
25488
24951
#: serverguide/C/dns.xml:416(command)
25489
#: serverguide/C/dns.xml:407(command)
24952
25490
msgid "dig -x 127.0.0.1"
24953
25491
msgstr ""
24954
25492
24955
#: serverguide/C/dns.xml:418(para)
25493
#: serverguide/C/dns.xml:409(para)
24956
25494
msgid "You should see lines similar to the following in the command output:"
24957
25495
msgstr ""
24958
25496
24959
#: serverguide/C/dns.xml:421(programlisting)
25497
#: serverguide/C/dns.xml:412(programlisting)
24960
25498
#, no-wrap
24961
25499
msgid ""
24962
25500
"\n"
24964
25502
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
24965
25503
msgstr ""
24966
25504
24967
#: serverguide/C/dns.xml:427(para)
25505
#: serverguide/C/dns.xml:418(para)
24968
25506
msgid ""
24969
25507
"If you have configured <application>BIND9</application> as a "
24970
25508
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
24971
25509
"the query time:"
24972
25510
msgstr ""
24973
25511
24974
#: serverguide/C/dns.xml:432(command)
25512
#: serverguide/C/dns.xml:423(command)
24975
25513
msgid "dig ubuntu.com"
24976
25514
msgstr ""
24977
25515
24978
#: serverguide/C/dns.xml:434(para)
25516
#: serverguide/C/dns.xml:425(para)
24979
25517
msgid "Note the query time toward the end of the command output:"
24980
25518
msgstr ""
24981
25519
24982
#: serverguide/C/dns.xml:437(programlisting)
25520
#: serverguide/C/dns.xml:428(programlisting)
24983
25521
#, no-wrap
24984
25522
msgid ""
24985
25523
"\n"
24986
25524
";; Query time: 49 msec\n"
24987
25525
msgstr ""
24988
25526
24989
#: serverguide/C/dns.xml:440(para)
25527
#: serverguide/C/dns.xml:431(para)
24990
25528
msgid "After a second dig there should be improvement:"
24991
25529
msgstr ""
24992
25530
24993
#: serverguide/C/dns.xml:443(programlisting)
25531
#: serverguide/C/dns.xml:434(programlisting)
24994
25532
#, no-wrap
24995
25533
msgid ""
24996
25534
"\n"
24997
25535
";; Query time: 1 msec\n"
24998
25536
msgstr ""
24999
25537
25000
#: serverguide/C/dns.xml:450(title)
25538
#: serverguide/C/dns.xml:441(title)
25001
25539
msgid "ping"
25002
25540
msgstr ""
25003
25541
25004
#: serverguide/C/dns.xml:452(para)
25542
#: serverguide/C/dns.xml:443(para)
25005
25543
msgid ""
25006
25544
"Now to demonstrate how applications make use of DNS to resolve a host name "
25007
25545
"use the <application>ping</application> utility to send an ICMP echo "
25008
25546
"request. From a terminal prompt enter:"
25009
25547
msgstr ""
25010
25548
25011
#: serverguide/C/dns.xml:458(command)
25549
#: serverguide/C/dns.xml:449(command)
25012
25550
msgid "ping example.com"
25013
25551
msgstr ""
25014
25552
25015
#: serverguide/C/dns.xml:460(para)
25553
#: serverguide/C/dns.xml:451(para)
25016
25554
msgid ""
25017
25555
"This tests if the nameserver can resolve the name "
25018
25556
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25019
25557
"should resemble:"
25020
25558
msgstr ""
25021
25559
25022
#: serverguide/C/dns.xml:464(programlisting)
25560
#: serverguide/C/dns.xml:455(programlisting)
25023
25561
#, no-wrap
25024
25562
msgid ""
25025
25563
"\n"
25028
25566
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
25029
25567
msgstr ""
25030
25568
25031
#: serverguide/C/dns.xml:471(title)
25569
#: serverguide/C/dns.xml:462(title)
25032
25570
msgid "named-checkzone"
25033
25571
msgstr ""
25034
25572
25035
#: serverguide/C/dns.xml:472(para)
25573
#: serverguide/C/dns.xml:463(para)
25036
25574
msgid ""
25037
25575
"A great way to test your zone files is by using the <application>named-"
25038
25576
"checkzone</application> utility installed with the "
25041
25579
"<application>BIND9</application> and making the changes live."
25042
25580
msgstr ""
25043
25581
25044
#: serverguide/C/dns.xml:479(para)
25582
#: serverguide/C/dns.xml:470(para)
25045
25583
msgid ""
25046
25584
"To test our example Forward zone file enter the following from a command "
25047
25585
"prompt:"
25048
25586
msgstr ""
25049
25587
25050
#: serverguide/C/dns.xml:483(command)
25588
#: serverguide/C/dns.xml:474(command)
25051
25589
msgid "named-checkzone example.com /etc/bind/db.example.com"
25052
25590
msgstr ""
25053
25591
25054
#: serverguide/C/dns.xml:485(para)
25592
#: serverguide/C/dns.xml:476(para)
25055
25593
msgid ""
25056
25594
"If everything is configured correctly you should see output similar to:"
25057
25595
msgstr ""
25058
25596
25059
#: serverguide/C/dns.xml:488(programlisting)
25597
#: serverguide/C/dns.xml:479(programlisting)
25060
25598
#, no-wrap
25061
25599
msgid ""
25062
25600
"\n"
25064
25602
"OK\n"
25065
25603
msgstr ""
25066
25604
25067
#: serverguide/C/dns.xml:494(para)
25605
#: serverguide/C/dns.xml:485(para)
25068
25606
msgid "Similarly, to test the Reverse zone file enter the following:"
25069
25607
msgstr ""
25070
25608
25071
#: serverguide/C/dns.xml:498(command)
25609
#: serverguide/C/dns.xml:489(command)
25072
25610
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
25073
25611
msgstr ""
25074
25612
25075
#: serverguide/C/dns.xml:500(para)
25613
#: serverguide/C/dns.xml:491(para)
25076
25614
msgid "The output should be similar to:"
25077
25615
msgstr ""
25078
25616
25079
#: serverguide/C/dns.xml:503(programlisting)
25617
#: serverguide/C/dns.xml:494(programlisting)
25080
25618
#, no-wrap
25081
25619
msgid ""
25082
25620
"\n"
25084
25622
"OK\n"
25085
25623
msgstr ""
25086
25624
25087
#: serverguide/C/dns.xml:510(para)
25625
#: serverguide/C/dns.xml:501(para)
25088
25626
msgid ""
25089
25627
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
25090
25628
"different."
25091
25629
msgstr ""
25092
25630
25093
#: serverguide/C/dns.xml:518(para)
25631
#: serverguide/C/dns.xml:509(para)
25094
25632
msgid ""
25095
25633
"<application>BIND9</application> has a wide variety of logging configuration "
25096
25634
"options available. There are two main options. The "
25098
25636
"<emphasis>category</emphasis> option determines what information to log."
25099
25637
msgstr ""
25100
25638
25101
#: serverguide/C/dns.xml:522(para)
25639
#: serverguide/C/dns.xml:513(para)
25102
25640
msgid "If no logging option is configured the default option is:"
25103
25641
msgstr ""
25104
25642
25105
#: serverguide/C/dns.xml:525(programlisting)
25643
#: serverguide/C/dns.xml:516(programlisting)
25106
25644
#, no-wrap
25107
25645
msgid ""
25108
25646
"\n"
25112
25650
"};\n"
25113
25651
msgstr ""
25114
25652
25115
#: serverguide/C/dns.xml:531(para)
25653
#: serverguide/C/dns.xml:522(para)
25116
25654
msgid ""
25117
25655
"This section covers configuring <application>BIND9</application> to send "
25118
25656
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
25119
25657
"file."
25120
25658
msgstr ""
25121
25659
25122
#: serverguide/C/dns.xml:536(para)
25660
#: serverguide/C/dns.xml:527(para)
25123
25661
msgid ""
25124
25662
"First, we need to configure a channel to specify which file to send the "
25125
25663
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
25126
25664
"the following:"
25127
25665
msgstr ""
25128
25666
25129
#: serverguide/C/dns.xml:540(programlisting)
25667
#: serverguide/C/dns.xml:531(programlisting)
25130
25668
#, no-wrap
25131
25669
msgid ""
25132
25670
"\n"
25138
25676
"};\n"
25139
25677
msgstr ""
25140
25678
25141
#: serverguide/C/dns.xml:550(para)
25679
#: serverguide/C/dns.xml:541(para)
25142
25680
msgid "Next, configure a category to send all DNS queries to the query file:"
25143
25681
msgstr ""
25144
25682
25145
#: serverguide/C/dns.xml:553(programlisting)
25683
#: serverguide/C/dns.xml:544(programlisting)
25146
25684
#, no-wrap
25147
25685
msgid ""
25148
25686
"\n"
25155
25693
"};\n"
25156
25694
msgstr ""
25157
25695
25158
#: serverguide/C/dns.xml:565(para)
25696
#: serverguide/C/dns.xml:556(para)
25159
25697
msgid ""
25160
25698
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
25161
25699
"level isn't specified level 1 is the default."
25162
25700
msgstr ""
25163
25701
25164
#: serverguide/C/dns.xml:571(para)
25702
#: serverguide/C/dns.xml:562(para)
25165
25703
msgid ""
25166
25704
"Since the <emphasis>named daemon</emphasis> runs as the "
25167
25705
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
25168
25706
"file must be created and the ownership changed:"
25169
25707
msgstr ""
25170
25708
25171
#: serverguide/C/dns.xml:576(command)
25709
#: serverguide/C/dns.xml:567(command)
25172
25710
msgid "sudo touch /var/log/query.log"
25173
25711
msgstr ""
25174
25712
25175
#: serverguide/C/dns.xml:577(command)
25713
#: serverguide/C/dns.xml:568(command)
25176
25714
msgid "sudo chown bind /var/log/query.log"
25177
25715
msgstr ""
25178
25716
25179
#: serverguide/C/dns.xml:581(para)
25717
#: serverguide/C/dns.xml:572(para)
25180
25718
msgid ""
25181
25719
"Before <application>named</application> daemon can write to the new log file "
25182
25720
"the <application>AppArmor</application> profile must be updated. First, edit "
25183
25721
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
25184
25722
msgstr ""
25185
25723
25186
#: serverguide/C/dns.xml:585(programlisting)
25724
#: serverguide/C/dns.xml:576(programlisting)
25187
25725
#, no-wrap
25188
25726
msgid ""
25189
25727
"\n"
25190
25728
"/var/log/query.log w,\n"
25191
25729
msgstr ""
25192
25730
25193
#: serverguide/C/dns.xml:588(para)
25731
#: serverguide/C/dns.xml:579(para)
25194
25732
msgid "Next, reload the profile:"
25195
25733
msgstr ""
25196
25734
25197
#: serverguide/C/dns.xml:592(command)
25735
#: serverguide/C/dns.xml:583(command)
25198
25736
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
25199
25737
msgstr ""
25200
25738
25201
#: serverguide/C/dns.xml:594(para)
25739
#: serverguide/C/dns.xml:585(para)
25202
25740
msgid ""
25203
25741
"For more information on <application>AppArmor</application> see <xref "
25204
25742
"linkend=\"apparmor\"/>"
25205
25743
msgstr ""
25206
25744
25207
#: serverguide/C/dns.xml:599(para)
25745
#: serverguide/C/dns.xml:590(para)
25208
25746
msgid ""
25209
25747
"Now restart <application>BIND9</application> for the changes to take effect:"
25210
25748
msgstr ""
25211
25749
25212
#: serverguide/C/dns.xml:607(para)
25750
#: serverguide/C/dns.xml:598(para)
25213
25751
msgid ""
25214
25752
"You should see the file <filename>/var/log/query.log</filename> fill with "
25215
25753
"query information. This is a simple example of the "
25217
25755
"options see <xref linkend=\"dns-more-info\"/>."
25218
25756
msgstr ""
25219
25757
25220
#: serverguide/C/dns.xml:616(title)
25758
#: serverguide/C/dns.xml:607(title)
25221
25759
msgid "Common Record Types"
25222
25760
msgstr ""
25223
25761
25224
#: serverguide/C/dns.xml:617(para)
25762
#: serverguide/C/dns.xml:608(para)
25225
25763
msgid "This section covers some of the most common DNS record types."
25226
25764
msgstr ""
25227
25765
25228
#: serverguide/C/dns.xml:622(para)
25766
#: serverguide/C/dns.xml:613(para)
25229
25767
msgid ""
25230
25768
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
25231
25769
msgstr ""
25232
25770
25233
#: serverguide/C/dns.xml:625(programlisting)
25771
#: serverguide/C/dns.xml:616(programlisting)
25234
25772
#, no-wrap
25235
25773
msgid ""
25236
25774
"\n"
25237
25775
"www IN A 192.168.1.12\n"
25238
25776
msgstr ""
25239
25777
25240
#: serverguide/C/dns.xml:630(para)
25778
#: serverguide/C/dns.xml:621(para)
25241
25779
msgid ""
25242
25780
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
25243
25781
"record. You cannot create a CNAME record pointing to another CNAME record."
25244
25782
msgstr ""
25245
25783
25246
#: serverguide/C/dns.xml:633(programlisting)
25784
#: serverguide/C/dns.xml:624(programlisting)
25247
25785
#, no-wrap
25248
25786
msgid ""
25249
25787
"\n"
25250
25788
"web IN CNAME www\n"
25251
25789
msgstr ""
25252
25790
25253
#: serverguide/C/dns.xml:638(para)
25791
#: serverguide/C/dns.xml:629(para)
25254
25792
msgid ""
25255
25793
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
25256
25794
"to. Must point to an A record, not a CNAME."
25257
25795
msgstr ""
25258
25796
25259
#: serverguide/C/dns.xml:641(programlisting)
25797
#: serverguide/C/dns.xml:632(programlisting)
25260
25798
#, no-wrap
25261
25799
msgid ""
25262
25800
"\n"
25264
25802
"mail IN A 192.168.1.13\n"
25265
25803
msgstr ""
25266
25804
25267
#: serverguide/C/dns.xml:647(para)
25805
#: serverguide/C/dns.xml:638(para)
25268
25806
msgid ""
25269
25807
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
25270
25808
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
25271
25809
"Secondary servers are defined."
25272
25810
msgstr ""
25273
25811
25274
#: serverguide/C/dns.xml:651(programlisting)
25812
#: serverguide/C/dns.xml:642(programlisting)
25275
25813
#, no-wrap
25276
25814
msgid ""
25277
25815
"\n"
25281
25819
"ns2 IN A 192.168.1.11\n"
25282
25820
msgstr ""
25283
25821
25284
#: serverguide/C/dns.xml:661(title)
25822
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
25285
25823
msgid "More Information"
25286
25824
msgstr ""
25287
25825
25312
25850
"BIND on IPv6</ulink> book."
25313
25851
msgstr ""
25314
25852
25315
#: serverguide/C/dns.xml:684(para)
25853
#: serverguide/C/dns.xml:670(para)
25316
25854
msgid ""
25317
25855
"A great place to ask for <application>BIND9</application> assistance, and "
25318
25856
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
25495
26033
"Components</link> describes the components of the DM-Multipath package."
25496
26034
msgstr ""
25497
26035
25498
#: serverguide/C/dm-multipath.xml:183(title)
26036
#: serverguide/C/dm-multipath.xml:184(title)
25499
26037
msgid "DM-Multipath Setup Overview"
25500
26038
msgstr ""
25501
26039
25502
#: serverguide/C/dm-multipath.xml:190(para)
26040
#: serverguide/C/dm-multipath.xml:191(para)
25503
26041
msgid ""
25504
26042
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
25505
26043
"role=\"bold\">multipath-tools-boot</emphasis> packages"
25506
26044
msgstr ""
25507
26045
25508
#: serverguide/C/dm-multipath.xml:196(para)
26046
#: serverguide/C/dm-multipath.xml:197(para)
25509
26047
msgid ""
25510
26048
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
25511
26049
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
25512
26050
msgstr ""
25513
26051
25514
#: serverguide/C/dm-multipath.xml:202(para)
26052
#: serverguide/C/dm-multipath.xml:203(para)
25515
26053
msgid ""
25516
26054
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
25517
26055
"configuration file to modify default values and save the updated file."
25518
26056
msgstr ""
25519
26057
25520
#: serverguide/C/dm-multipath.xml:208(para)
26058
#: serverguide/C/dm-multipath.xml:209(para)
25521
26059
msgid "Start the multipath daemon"
25522
26060
msgstr ""
25523
26061
25524
#: serverguide/C/dm-multipath.xml:212(para)
26062
#: serverguide/C/dm-multipath.xml:213(para)
25525
26063
msgid "Update initial ramdisk"
25526
26064
msgstr ""
25527
26065
25528
#: serverguide/C/dm-multipath.xml:185(para)
26066
#: serverguide/C/dm-multipath.xml:186(para)
25529
26067
msgid ""
25530
26068
"DM-Multipath includes compiled-in default settings that are suitable for "
25531
26069
"common multipath configurations. Setting up DM-multipath is often a simple "
25535
26073
"overview\">Setting Up DM-Multipath</link>."
25536
26074
msgstr ""
25537
26075
25538
#: serverguide/C/dm-multipath.xml:222(title)
26076
#: serverguide/C/dm-multipath.xml:223(title)
25539
26077
msgid "Multipath Devices"
25540
26078
msgstr ""
25541
26079
25542
#: serverguide/C/dm-multipath.xml:224(para)
26080
#: serverguide/C/dm-multipath.xml:225(para)
25543
26081
msgid ""
25544
26082
"Without DM-Multipath, each path from a server node to a storage controller "
25545
26083
"is treated by the system as a separate device, even when the I/O path "
25548
26086
"multipath device on top of the underlying devices."
25549
26087
msgstr ""
25550
26088
25551
#: serverguide/C/dm-multipath.xml:232(title)
26089
#: serverguide/C/dm-multipath.xml:233(title)
25552
26090
msgid "Multipath Device Identifiers"
25553
26091
msgstr ""
25554
26092
25555
#: serverguide/C/dm-multipath.xml:260(para)
26093
#: serverguide/C/dm-multipath.xml:261(para)
25556
26094
msgid ""
25557
26095
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
25558
26096
"early in the boot process. Use these devices to access the multipathed "
25559
26097
"devices, for example when creating logical volumes."
25560
26098
msgstr ""
25561
26099
25562
#: serverguide/C/dm-multipath.xml:267(para)
26100
#: serverguide/C/dm-multipath.xml:268(para)
25563
26101
msgid ""
25564
26102
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
25565
26103
"internal use only and should never be used."
25605
26143
"Device Configuration Attributes</link>."
25606
26144
msgstr ""
25607
26145
25608
#: serverguide/C/dm-multipath.xml:288(title)
26146
#: serverguide/C/dm-multipath.xml:289(title)
25609
26147
msgid "Consistent Multipath Device Names in a Cluster"
25610
26148
msgstr ""
25611
26149
25612
#: serverguide/C/dm-multipath.xml:290(para)
26150
#: serverguide/C/dm-multipath.xml:291(para)
25613
26151
msgid ""
25614
26152
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
25615
26153
"configuration option is set to yes, the name of the multipath device is "
25632
26170
"procedure:"
25633
26171
msgstr ""
25634
26172
25635
#: serverguide/C/dm-multipath.xml:312(para)
26173
#: serverguide/C/dm-multipath.xml:313(para)
25636
26174
msgid "Set up all of the multipath devices on one machine."
25637
26175
msgstr ""
25638
26176
25639
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26177
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
25640
26178
msgid ""
25641
26179
"Disable all of your multipath devices on your other machines by running the "
25642
26180
"following commands:"
25643
26181
msgstr ""
25644
26182
25645
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26183
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
25646
26184
#, no-wrap
25647
26185
msgid ""
25648
26186
"# service multipath-tools stop\n"
25649
26187
"# multipath -F\n"
25650
26188
msgstr ""
25651
26189
25652
#: serverguide/C/dm-multipath.xml:325(para)
26190
#: serverguide/C/dm-multipath.xml:326(para)
25653
26191
msgid ""
25654
26192
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
25655
26193
"machine to all the other machines in the cluster."
25656
26194
msgstr ""
25657
26195
25658
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26196
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
25659
26197
msgid ""
25660
26198
"Re-enable the multipathd daemon on all the other machines in the cluster by "
25661
26199
"running the following command:"
25662
26200
msgstr ""
25663
26201
25664
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26202
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
25665
26203
#, no-wrap
25666
26204
msgid "# service multipath-tools start"
25667
26205
msgstr ""
25668
26206
25669
#: serverguide/C/dm-multipath.xml:338(para)
26207
#: serverguide/C/dm-multipath.xml:339(para)
25670
26208
msgid "If you add a new device, you will need to repeat this process."
25671
26209
msgstr ""
25672
26210
25673
#: serverguide/C/dm-multipath.xml:341(para)
26211
#: serverguide/C/dm-multipath.xml:342(para)
25674
26212
msgid ""
25675
26213
"Similarly, if you configure an alias for a device that you would like to be "
25676
26214
"consistent across the nodes in the cluster, you should ensure that the "
25678
26216
"the cluster by following the same procedure:"
25679
26217
msgstr ""
25680
26218
25681
#: serverguide/C/dm-multipath.xml:348(para)
26219
#: serverguide/C/dm-multipath.xml:349(para)
25682
26220
msgid ""
25683
26221
"Configure the aliases for the multipath devices in the in the "
25684
26222
"<filename>multipath.conf</filename> file on one machine."
25685
26223
msgstr ""
25686
26224
25687
#: serverguide/C/dm-multipath.xml:362(para)
26225
#: serverguide/C/dm-multipath.xml:363(para)
25688
26226
msgid ""
25689
26227
"Copy the <filename>multipath.conf</filename> file from the first machine to "
25690
26228
"all the other machines in the cluster."
25691
26229
msgstr ""
25692
26230
25693
#: serverguide/C/dm-multipath.xml:374(para)
26231
#: serverguide/C/dm-multipath.xml:375(para)
25694
26232
msgid "When you add a new device you will need to repeat this process."
25695
26233
msgstr ""
25696
26234
25697
#: serverguide/C/dm-multipath.xml:379(title)
26235
#: serverguide/C/dm-multipath.xml:380(title)
25698
26236
msgid "Multipath Device attributes"
25699
26237
msgstr ""
25700
26238
25701
#: serverguide/C/dm-multipath.xml:381(para)
26239
#: serverguide/C/dm-multipath.xml:382(para)
25702
26240
msgid ""
25703
26241
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
25704
26242
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
25711
26249
"linkend=\"multipath-config-multipath\"/>\"."
25712
26250
msgstr ""
25713
26251
25714
#: serverguide/C/dm-multipath.xml:394(title)
26252
#: serverguide/C/dm-multipath.xml:395(title)
25715
26253
msgid "Multipath Devices in Logical Volumes"
25716
26254
msgstr ""
25717
26255
25718
#: serverguide/C/dm-multipath.xml:396(para)
26256
#: serverguide/C/dm-multipath.xml:397(para)
25719
26257
msgid ""
25720
26258
"After creating multipath devices, you can use the multipath device names "
25721
26259
"just as you would use a physical device name when creating an LVM physical "
25726
26264
"you would use any other LVM physical device."
25727
26265
msgstr ""
25728
26266
25729
#: serverguide/C/dm-multipath.xml:405(para)
26267
#: serverguide/C/dm-multipath.xml:406(para)
25730
26268
msgid ""
25731
26269
"If you attempt to create an LVM physical volume on a whole device on which "
25732
26270
"you have configured partitions, the pvcreate command will fail."
25733
26271
msgstr ""
25734
26272
25735
#: serverguide/C/dm-multipath.xml:425(para)
26273
#: serverguide/C/dm-multipath.xml:426(para)
25736
26274
msgid ""
25737
26275
"Every time either <filename>/etc/lvm.conf</filename> or "
25738
26276
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
25740
26278
"filters are necessary to maintain a stable storage configuration."
25741
26279
msgstr ""
25742
26280
25743
#: serverguide/C/dm-multipath.xml:410(para)
26281
#: serverguide/C/dm-multipath.xml:411(para)
25744
26282
msgid ""
25745
26283
"When you create an LVM logical volume that uses active/passive multipath "
25746
26284
"arrays as the underlying physical devices, you should include filters in the "
25759
26297
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
25760
26298
msgstr ""
25761
26299
25762
#: serverguide/C/dm-multipath.xml:435(title)
26300
#: serverguide/C/dm-multipath.xml:436(title)
25763
26301
msgid "Setting up DM-Multipath Overview"
25764
26302
msgstr ""
25765
26303
25766
#: serverguide/C/dm-multipath.xml:437(para)
26304
#: serverguide/C/dm-multipath.xml:438(para)
25767
26305
msgid ""
25768
26306
"This section provides step-by-step example procedures for configuring DM-"
25769
26307
"Multipath. It includes the following procedures:"
25770
26308
msgstr ""
25771
26309
25772
#: serverguide/C/dm-multipath.xml:442(para)
26310
#: serverguide/C/dm-multipath.xml:443(para)
25773
26311
msgid "Basic DM-Multipath setup"
25774
26312
msgstr ""
25775
26313
25776
#: serverguide/C/dm-multipath.xml:446(para)
26314
#: serverguide/C/dm-multipath.xml:447(para)
25777
26315
msgid "Ignoring local disks"
25778
26316
msgstr ""
25779
26317
25780
#: serverguide/C/dm-multipath.xml:450(para)
26318
#: serverguide/C/dm-multipath.xml:451(para)
25781
26319
msgid "Adding more devices to the configuration file"
25782
26320
msgstr ""
25783
26321
25784
#: serverguide/C/dm-multipath.xml:455(title)
26322
#: serverguide/C/dm-multipath.xml:456(title)
25785
26323
msgid "Setting Up DM-Multipath"
25786
26324
msgstr ""
25787
26325
25788
#: serverguide/C/dm-multipath.xml:457(para)
26326
#: serverguide/C/dm-multipath.xml:458(para)
25789
26327
msgid ""
25790
26328
"Before setting up DM-Multipath on your system, ensure that your system has "
25791
26329
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
25794
26332
"boot</application></emphasis> package is also required."
25795
26333
msgstr ""
25796
26334
25797
#: serverguide/C/dm-multipath.xml:475(para)
26335
#: serverguide/C/dm-multipath.xml:476(para)
25798
26336
msgid ""
25799
26337
"To work around a quirk in multipathd, when an "
25800
26338
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
25811
26349
"database."
25812
26350
msgstr ""
25813
26351
25814
#: serverguide/C/dm-multipath.xml:464(para)
26352
#: serverguide/C/dm-multipath.xml:465(para)
25815
26353
msgid ""
25816
26354
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
25817
26355
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
25827
26365
"multipath.conf-live</screen><placeholder-1/>"
25828
26366
msgstr ""
25829
26367
25830
#: serverguide/C/dm-multipath.xml:492(title)
26368
#: serverguide/C/dm-multipath.xml:493(title)
25831
26369
msgid "Installing with Multipath Support"
25832
26370
msgstr ""
25833
26371
25834
#: serverguide/C/dm-multipath.xml:494(para)
26372
#: serverguide/C/dm-multipath.xml:495(para)
25835
26373
msgid ""
25836
26374
"To enable <ulink "
25837
26375
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
25841
26379
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
25842
26380
msgstr ""
25843
26381
25844
#: serverguide/C/dm-multipath.xml:503(title)
26382
#: serverguide/C/dm-multipath.xml:504(title)
25845
26383
msgid "Ignoring Local Disks When Generating Multipath Devices"
25846
26384
msgstr ""
25847
26385
25848
#: serverguide/C/dm-multipath.xml:505(para)
26386
#: serverguide/C/dm-multipath.xml:506(para)
25849
26387
msgid ""
25850
26388
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
25851
26389
"is not recommended for these devices. The following procedure shows how to "
25866
26404
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
25867
26405
msgstr ""
25868
26406
25869
#: serverguide/C/dm-multipath.xml:524(screen)
26407
#: serverguide/C/dm-multipath.xml:525(screen)
25870
26408
#, no-wrap
25871
26409
msgid ""
25872
26410
"\n"
25903
26441
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
25904
26442
msgstr ""
25905
26443
25906
#: serverguide/C/dm-multipath.xml:560(para)
26444
#: serverguide/C/dm-multipath.xml:561(para)
25907
26445
msgid ""
25908
26446
"In order to prevent the device mapper from mapping <emphasis "
25909
26447
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
25920
26458
"the following in the <filename>/etc/multipath.conf</filename> file."
25921
26459
msgstr ""
25922
26460
25923
#: serverguide/C/dm-multipath.xml:575(screen)
26461
#: serverguide/C/dm-multipath.xml:576(screen)
25924
26462
#, no-wrap
25925
26463
msgid ""
25926
26464
"\n"
25929
26467
"}\n"
25930
26468
msgstr ""
25931
26469
25932
#: serverguide/C/dm-multipath.xml:583(para)
26470
#: serverguide/C/dm-multipath.xml:584(para)
25933
26471
msgid ""
25934
26472
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
25935
26473
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
25937
26475
"<filename>/etc/multipath.conf</filename> file."
25938
26476
msgstr ""
25939
26477
25940
#: serverguide/C/dm-multipath.xml:588(screen)
26478
#: serverguide/C/dm-multipath.xml:589(screen)
25941
26479
#, no-wrap
25942
26480
msgid "# service multipath-tools reload"
25943
26481
msgstr ""
25944
26482
25945
#: serverguide/C/dm-multipath.xml:592(para)
26483
#: serverguide/C/dm-multipath.xml:593(para)
25946
26484
msgid "Run the following command to remove the multipath device:"
25947
26485
msgstr ""
25948
26486
25949
#: serverguide/C/dm-multipath.xml:595(screen)
26487
#: serverguide/C/dm-multipath.xml:596(screen)
25950
26488
#, no-wrap
25951
26489
msgid ""
25952
26490
"\n"
25966
26504
"specify a <emphasis role=\"bold\">-v</emphasis> option."
25967
26505
msgstr ""
25968
26506
25969
#: serverguide/C/dm-multipath.xml:612(screen)
26507
#: serverguide/C/dm-multipath.xml:613(screen)
25970
26508
#, no-wrap
25971
26509
msgid ""
25972
26510
"\n"
25997
26535
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
25998
26536
msgstr ""
25999
26537
26000
#: serverguide/C/dm-multipath.xml:644(title)
26538
#: serverguide/C/dm-multipath.xml:645(title)
26001
26539
msgid "Configuring Storage Devices"
26002
26540
msgstr ""
26003
26541
26004
#: serverguide/C/dm-multipath.xml:646(para)
26542
#: serverguide/C/dm-multipath.xml:647(para)
26005
26543
msgid ""
26006
26544
"By default, DM-Multipath includes support for the most common storage arrays "
26007
26545
"that support DM-Multipath. The default configuration values, including "
26009
26547
"<filename>multipath.conf.defaults</filename> file."
26010
26548
msgstr ""
26011
26549
26012
#: serverguide/C/dm-multipath.xml:651(para)
26550
#: serverguide/C/dm-multipath.xml:652(para)
26013
26551
msgid ""
26014
26552
"If you need to add a storage device that is not supported by default as a "
26015
26553
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
26016
26554
"file and insert the appropriate device information."
26017
26555
msgstr ""
26018
26556
26019
#: serverguide/C/dm-multipath.xml:655(para)
26557
#: serverguide/C/dm-multipath.xml:656(para)
26020
26558
msgid ""
26021
26559
"For example, to add information about the HP Open-V series the entry looks "
26022
26560
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
26023
26561
msgstr ""
26024
26562
26025
#: serverguide/C/dm-multipath.xml:659(screen)
26563
#: serverguide/C/dm-multipath.xml:660(screen)
26026
26564
#, no-wrap
26027
26565
msgid ""
26028
26566
"devices {\n"
26035
26573
"}\n"
26036
26574
msgstr ""
26037
26575
26038
#: serverguide/C/dm-multipath.xml:668(para)
26576
#: serverguide/C/dm-multipath.xml:669(para)
26039
26577
msgid ""
26040
26578
"For more information on the devices section of the configuration file, see "
26041
26579
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
26042
26580
"device\"/>."
26043
26581
msgstr ""
26044
26582
26045
#: serverguide/C/dm-multipath.xml:675(title)
26583
#: serverguide/C/dm-multipath.xml:676(title)
26046
26584
msgid "The DM-Multipath Configuration File"
26047
26585
msgstr ""
26048
26586
26049
#: serverguide/C/dm-multipath.xml:677(para)
26587
#: serverguide/C/dm-multipath.xml:678(para)
26050
26588
msgid ""
26051
26589
"By default, DM-Multipath provides configuration values for the most common "
26052
26590
"uses of multipathing. In addition, DM-Multipath includes support for the "
26055
26593
"<filename>multipath.conf.defaults</filename> file."
26056
26594
msgstr ""
26057
26595
26058
#: serverguide/C/dm-multipath.xml:683(para)
26596
#: serverguide/C/dm-multipath.xml:684(para)
26059
26597
msgid ""
26060
26598
"You can override the default configuration values for DM-Multipath by "
26061
26599
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
26065
26603
"on the following topics: <placeholder-1/>"
26066
26604
msgstr ""
26067
26605
26068
#: serverguide/C/dm-multipath.xml:715(para)
26606
#: serverguide/C/dm-multipath.xml:716(para)
26069
26607
msgid ""
26070
26608
"In the multipath configuration file, you need to specify only the sections "
26071
26609
"that you need for your configuration, or that you wish to change from the "
26075
26613
"can leave them commented out, as they are in the initial file."
26076
26614
msgstr ""
26077
26615
26078
#: serverguide/C/dm-multipath.xml:723(para)
26616
#: serverguide/C/dm-multipath.xml:724(para)
26079
26617
msgid "The configuration file allows regular expression description syntax."
26080
26618
msgstr ""
26081
26619
26082
#: serverguide/C/dm-multipath.xml:726(para)
26620
#: serverguide/C/dm-multipath.xml:727(para)
26083
26621
msgid ""
26084
26622
"An annotated version of the configuration file can be found in "
26085
26623
"<filename><filename>/usr/share/doc/multipath-"
26086
26624
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26087
26625
msgstr ""
26088
26626
26089
#: serverguide/C/dm-multipath.xml:730(title)
26627
#: serverguide/C/dm-multipath.xml:731(title)
26090
26628
msgid "Configuration File Overview"
26091
26629
msgstr ""
26092
26630
26093
#: serverguide/C/dm-multipath.xml:732(para)
26631
#: serverguide/C/dm-multipath.xml:733(para)
26094
26632
msgid ""
26095
26633
"The multipath configuration file is divided into the following sections:"
26096
26634
msgstr ""
26097
26635
26098
#: serverguide/C/dm-multipath.xml:737(emphasis)
26636
#: serverguide/C/dm-multipath.xml:738(emphasis)
26099
26637
msgid "blacklist"
26100
26638
msgstr ""
26101
26639
26102
#: serverguide/C/dm-multipath.xml:740(para)
26640
#: serverguide/C/dm-multipath.xml:741(para)
26103
26641
msgid ""
26104
26642
"Listing of specific devices that will not be considered for multipath."
26105
26643
msgstr ""
26106
26644
26107
#: serverguide/C/dm-multipath.xml:746(emphasis)
26645
#: serverguide/C/dm-multipath.xml:747(emphasis)
26108
26646
msgid "blacklist_exceptions"
26109
26647
msgstr ""
26110
26648
26111
#: serverguide/C/dm-multipath.xml:749(para)
26649
#: serverguide/C/dm-multipath.xml:750(para)
26112
26650
msgid ""
26113
26651
"Listing of multipath candidates that would otherwise be blacklisted "
26114
26652
"according to the parameters of the blacklist section."
26115
26653
msgstr ""
26116
26654
26117
#: serverguide/C/dm-multipath.xml:756(emphasis)
26655
#: serverguide/C/dm-multipath.xml:757(emphasis)
26118
26656
msgid "defaults"
26119
26657
msgstr ""
26120
26658
26121
#: serverguide/C/dm-multipath.xml:759(para)
26659
#: serverguide/C/dm-multipath.xml:760(para)
26122
26660
msgid "General default settings for DM-Multipath."
26123
26661
msgstr ""
26124
26662
26125
#: serverguide/C/dm-multipath.xml:767(para)
26663
#: serverguide/C/dm-multipath.xml:768(para)
26126
26664
msgid ""
26127
26665
"Settings for the characteristics of individual multipath devices. These "
26128
26666
"values overwrite what is specified in the <emphasis "
26130
26668
"role=\"bold\">devices</emphasis> sections of the configuration file."
26131
26669
msgstr ""
26132
26670
26133
#: serverguide/C/dm-multipath.xml:776(emphasis)
26671
#: serverguide/C/dm-multipath.xml:777(emphasis)
26134
26672
msgid "devices"
26135
26673
msgstr ""
26136
26674
26137
#: serverguide/C/dm-multipath.xml:779(para)
26675
#: serverguide/C/dm-multipath.xml:780(para)
26138
26676
msgid ""
26139
26677
"Settings for the individual storage controllers. These values overwrite what "
26140
26678
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
26143
26681
"array."
26144
26682
msgstr ""
26145
26683
26146
#: serverguide/C/dm-multipath.xml:788(para)
26684
#: serverguide/C/dm-multipath.xml:789(para)
26147
26685
msgid ""
26148
26686
"When the system determines the attributes of a multipath device, first it "
26149
26687
"checks the multipath settings, then the per devices settings, then the "
26150
26688
"multipath system defaults."
26151
26689
msgstr ""
26152
26690
26153
#: serverguide/C/dm-multipath.xml:794(title)
26691
#: serverguide/C/dm-multipath.xml:795(title)
26154
26692
msgid "Configuration File Blacklist"
26155
26693
msgstr ""
26156
26694
26157
#: serverguide/C/dm-multipath.xml:796(para)
26695
#: serverguide/C/dm-multipath.xml:797(para)
26158
26696
msgid ""
26159
26697
"The blacklist section of the multipath configuration file specifies the "
26160
26698
"devices that will not be used when the system configures multipath devices. "
26161
26699
"Devices that are blacklisted will not be grouped into a multipath device."
26162
26700
msgstr ""
26163
26701
26164
#: serverguide/C/dm-multipath.xml:803(para)
26702
#: serverguide/C/dm-multipath.xml:804(para)
26165
26703
msgid ""
26166
26704
"If you do need to blacklist devices, you can do so according to the "
26167
26705
"following criteria:"
26168
26706
msgstr ""
26169
26707
26170
#: serverguide/C/dm-multipath.xml:808(para)
26708
#: serverguide/C/dm-multipath.xml:809(para)
26171
26709
msgid ""
26172
26710
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
26173
26711
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
26174
26712
msgstr ""
26175
26713
26176
#: serverguide/C/dm-multipath.xml:814(para)
26714
#: serverguide/C/dm-multipath.xml:815(para)
26177
26715
msgid ""
26178
26716
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
26179
26717
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
26180
26718
msgstr ""
26181
26719
26182
#: serverguide/C/dm-multipath.xml:820(para)
26720
#: serverguide/C/dm-multipath.xml:821(para)
26183
26721
msgid ""
26184
26722
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
26185
26723
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
26186
26724
msgstr ""
26187
26725
26188
#: serverguide/C/dm-multipath.xml:826(para)
26726
#: serverguide/C/dm-multipath.xml:827(para)
26189
26727
msgid ""
26190
26728
"By default, a variety of device types are blacklisted, even after you "
26191
26729
"comment out the initial blacklist section of the configuration file. For "
26193
26731
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
26194
26732
msgstr ""
26195
26733
26196
#: serverguide/C/dm-multipath.xml:835(title)
26734
#: serverguide/C/dm-multipath.xml:836(title)
26197
26735
msgid "Blacklisting By WWID"
26198
26736
msgstr ""
26199
26737
26200
#: serverguide/C/dm-multipath.xml:838(para)
26738
#: serverguide/C/dm-multipath.xml:839(para)
26201
26739
msgid ""
26202
26740
"You can specify individual devices to blacklist by their World-Wide "
26203
26741
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
26205
26743
"file."
26206
26744
msgstr ""
26207
26745
26208
#: serverguide/C/dm-multipath.xml:843(para)
26746
#: serverguide/C/dm-multipath.xml:844(para)
26209
26747
msgid ""
26210
26748
"The following example shows the lines in the configuration file that would "
26211
26749
"blacklist a device with a WWID of 26353900f02796769."
26212
26750
msgstr ""
26213
26751
26214
#: serverguide/C/dm-multipath.xml:846(screen)
26752
#: serverguide/C/dm-multipath.xml:847(screen)
26215
26753
#, no-wrap
26216
26754
msgid ""
26217
26755
"\n"
26220
26758
"}\n"
26221
26759
msgstr ""
26222
26760
26223
#: serverguide/C/dm-multipath.xml:854(title)
26761
#: serverguide/C/dm-multipath.xml:855(title)
26224
26762
msgid "Blacklisting By Device Name"
26225
26763
msgstr ""
26226
26764
26227
#: serverguide/C/dm-multipath.xml:857(para)
26765
#: serverguide/C/dm-multipath.xml:858(para)
26228
26766
msgid ""
26229
26767
"You can blacklist device types by device name so that they will not be "
26230
26768
"grouped into a multipath device by specifying a <emphasis "
26232
26770
"role=\"bold\">blacklist</emphasis> section of the configuration file."
26233
26771
msgstr ""
26234
26772
26235
#: serverguide/C/dm-multipath.xml:863(para)
26773
#: serverguide/C/dm-multipath.xml:864(para)
26236
26774
msgid ""
26237
26775
"The following example shows the lines in the configuration file that would "
26238
26776
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
26241
26779
"}</screen>"
26242
26780
msgstr ""
26243
26781
26244
#: serverguide/C/dm-multipath.xml:870(para)
26782
#: serverguide/C/dm-multipath.xml:871(para)
26245
26783
msgid ""
26246
26784
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
26247
26785
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
26253
26791
"on reboot."
26254
26792
msgstr ""
26255
26793
26256
#: serverguide/C/dm-multipath.xml:880(para)
26794
#: serverguide/C/dm-multipath.xml:881(para)
26257
26795
msgid ""
26258
26796
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
26259
26797
"are compiled in the default blacklist; the devices that these entries "
26269
26807
"</screen>"
26270
26808
msgstr ""
26271
26809
26272
#: serverguide/C/dm-multipath.xml:897(title)
26810
#: serverguide/C/dm-multipath.xml:898(title)
26273
26811
msgid "Blacklisting By Device Type"
26274
26812
msgstr ""
26275
26813
26276
#: serverguide/C/dm-multipath.xml:900(para)
26814
#: serverguide/C/dm-multipath.xml:901(para)
26277
26815
msgid ""
26278
26816
"You can specify specific device types in the <emphasis "
26279
26817
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
26292
26830
"</screen>"
26293
26831
msgstr ""
26294
26832
26295
#: serverguide/C/dm-multipath.xml:918(title)
26833
#: serverguide/C/dm-multipath.xml:919(title)
26296
26834
msgid "Blacklist Exceptions"
26297
26835
msgstr ""
26298
26836
26299
#: serverguide/C/dm-multipath.xml:921(para)
26837
#: serverguide/C/dm-multipath.xml:922(para)
26300
26838
msgid ""
26301
26839
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
26302
26840
"section of the configuration file to enable multipathing on devices that "
26303
26841
"have been blacklisted by default."
26304
26842
msgstr ""
26305
26843
26306
#: serverguide/C/dm-multipath.xml:926(para)
26844
#: serverguide/C/dm-multipath.xml:927(para)
26307
26845
msgid ""
26308
26846
"For example, if you have a large number of devices and want to multipath "
26309
26847
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
26321
26859
"</screen>"
26322
26860
msgstr ""
26323
26861
26324
#: serverguide/C/dm-multipath.xml:941(para)
26862
#: serverguide/C/dm-multipath.xml:942(para)
26325
26863
msgid ""
26326
26864
"When specifying devices in the <emphasis "
26327
26865
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
26333
26871
"only to devnode entries, and device exceptions apply only to device entries."
26334
26872
msgstr ""
26335
26873
26336
#: serverguide/C/dm-multipath.xml:954(title)
26874
#: serverguide/C/dm-multipath.xml:955(title)
26337
26875
msgid "Configuration File Defaults"
26338
26876
msgstr ""
26339
26877
26340
#: serverguide/C/dm-multipath.xml:956(para)
26878
#: serverguide/C/dm-multipath.xml:957(para)
26341
26879
msgid ""
26342
26880
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
26343
26881
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
26345
26883
"role=\"bold\">yes</emphasis>, as follows."
26346
26884
msgstr ""
26347
26885
26348
#: serverguide/C/dm-multipath.xml:961(screen)
26886
#: serverguide/C/dm-multipath.xml:962(screen)
26349
26887
#, no-wrap
26350
26888
msgid ""
26351
26889
"\n"
26354
26892
"}\n"
26355
26893
msgstr ""
26356
26894
26357
#: serverguide/C/dm-multipath.xml:967(para)
26895
#: serverguide/C/dm-multipath.xml:968(para)
26358
26896
msgid ""
26359
26897
"This overwrites the default value of the <emphasis "
26360
26898
"role=\"bold\">user_friendly_names</emphasis> parameter."
26361
26899
msgstr ""
26362
26900
26363
#: serverguide/C/dm-multipath.xml:970(para)
26901
#: serverguide/C/dm-multipath.xml:971(para)
26364
26902
msgid ""
26365
26903
"The configuration file includes a template of configuration defaults. This "
26366
26904
"section is commented out, as follows."
26367
26905
msgstr ""
26368
26906
26369
#: serverguide/C/dm-multipath.xml:973(screen)
26907
#: serverguide/C/dm-multipath.xml:974(screen)
26370
26908
#, no-wrap
26371
26909
msgid ""
26372
26910
"\n"
26387
26925
"#}\n"
26388
26926
msgstr ""
26389
26927
26390
#: serverguide/C/dm-multipath.xml:990(para)
26928
#: serverguide/C/dm-multipath.xml:991(para)
26391
26929
msgid ""
26392
26930
"To overwrite the default value for any of the configuration parameters, you "
26393
26931
"can copy the relevant line from this template into the <emphasis "
26400
26938
"uncomment it, as follows."
26401
26939
msgstr ""
26402
26940
26403
#: serverguide/C/dm-multipath.xml:1001(screen)
26941
#: serverguide/C/dm-multipath.xml:1002(screen)
26404
26942
#, no-wrap
26405
26943
msgid ""
26406
26944
"\n"
26410
26948
"}\n"
26411
26949
msgstr ""
26412
26950
26413
#: serverguide/C/dm-multipath.xml:1008(para)
26951
#: serverguide/C/dm-multipath.xml:1009(para)
26414
26952
msgid ""
26415
26953
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
26416
26954
"config-defaults-table\"/> describes the attributes that are set in the "
26422
26960
"<filename>multipath.conf</filename> file."
26423
26961
msgstr ""
26424
26962
26425
#: serverguide/C/dm-multipath.xml:1022(title)
26963
#: serverguide/C/dm-multipath.xml:1023(title)
26426
26964
msgid "Configuration File Multipath Attributes"
26427
26965
msgstr ""
26428
26966
26429
#: serverguide/C/dm-multipath.xml:1025(para)
26967
#: serverguide/C/dm-multipath.xml:1026(para)
26430
26968
msgid ""
26431
26969
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
26432
26970
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
26438
26976
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
26439
26977
msgstr ""
26440
26978
26441
#: serverguide/C/dm-multipath.xml:1038(para)
26979
#: serverguide/C/dm-multipath.xml:1039(para)
26442
26980
msgid ""
26443
26981
"In addition, the following parameters may be overridden in this <emphasis "
26444
26982
"role=\"bold\">multipath</emphasis> section"
26445
26983
msgstr ""
26446
26984
26447
#: serverguide/C/dm-multipath.xml:1087(para)
26985
#: serverguide/C/dm-multipath.xml:1088(para)
26448
26986
msgid ""
26449
26987
"The following example shows multipath attributes specified in the "
26450
26988
"configuration file for two specific multipath devices. The first device has "
26459
26997
"are set to priorities."
26460
26998
msgstr ""
26461
26999
26462
#: serverguide/C/dm-multipath.xml:1097(screen)
27000
#: serverguide/C/dm-multipath.xml:1098(screen)
26463
27001
#, no-wrap
26464
27002
msgid ""
26465
27003
"\n"
26481
27019
"}\n"
26482
27020
msgstr ""
26483
27021
26484
#: serverguide/C/dm-multipath.xml:1118(title)
27022
#: serverguide/C/dm-multipath.xml:1119(title)
26485
27023
msgid "Configuration File Devices"
26486
27024
msgstr ""
26487
27025
26488
#: serverguide/C/dm-multipath.xml:1120(para)
27026
#: serverguide/C/dm-multipath.xml:1121(para)
26489
27027
msgid ""
26490
27028
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
26491
27029
"device-attributes-table\"/> shows the attributes that you can set for each "
26499
27037
"<filename>multipath.conf</filename> file."
26500
27038
msgstr ""
26501
27039
26502
#: serverguide/C/dm-multipath.xml:1131(para)
27040
#: serverguide/C/dm-multipath.xml:1132(para)
26503
27041
msgid ""
26504
27042
"Many devices that support multipathing are included by default in a "
26505
27043
"multipath configuration. The values for the devices that are supported by "
26513
27051
"the device and override the values that you want to change."
26514
27052
msgstr ""
26515
27053
26516
#: serverguide/C/dm-multipath.xml:1143(para)
27054
#: serverguide/C/dm-multipath.xml:1144(para)
26517
27055
msgid ""
26518
27056
"To add a device to this section of the configuration file that is not "
26519
27057
"configured automatically by default, you must set the <emphasis "
26525
27063
"device_name is the device to be multipathed, as in the following example:"
26526
27064
msgstr ""
26527
27065
26528
#: serverguide/C/dm-multipath.xml:1153(screen)
27066
#: serverguide/C/dm-multipath.xml:1154(screen)
26529
27067
#, no-wrap
26530
27068
msgid ""
26531
27069
"\n"
26535
27073
"SF2372\n"
26536
27074
msgstr ""
26537
27075
26538
#: serverguide/C/dm-multipath.xml:1160(para)
27076
#: serverguide/C/dm-multipath.xml:1161(para)
26539
27077
msgid ""
26540
27078
"The additional parameters to specify depend on your specific device. If the "
26541
27079
"device is active/active, you will usually not need to set additional "
26548
27086
"table\"/>."
26549
27087
msgstr ""
26550
27088
26551
#: serverguide/C/dm-multipath.xml:1170(para)
27089
#: serverguide/C/dm-multipath.xml:1171(para)
26552
27090
msgid ""
26553
27091
"If the device is active/passive, but it automatically switches paths with "
26554
27092
"I/O to the passive path, you need to change the checker function to one that "
26559
27097
"the Test Unit Ready command, which most do."
26560
27098
msgstr ""
26561
27099
26562
#: serverguide/C/dm-multipath.xml:1179(para)
27100
#: serverguide/C/dm-multipath.xml:1180(para)
26563
27101
msgid ""
26564
27102
"If the device needs a special command to switch paths, then configuring this "
26565
27103
"device for multipath requires a hardware handler kernel module. The current "
26567
27105
"device, you may not be able to configure the device for multipath."
26568
27106
msgstr ""
26569
27107
26570
#: serverguide/C/dm-multipath.xml:1188(para)
27108
#: serverguide/C/dm-multipath.xml:1189(para)
26571
27109
msgid ""
26572
27110
"In addition, the following parameters may be overridden in this <emphasis "
26573
27111
"role=\"bold\">device</emphasis> section"
26574
27112
msgstr ""
26575
27113
26576
#: serverguide/C/dm-multipath.xml:1263(para)
27114
#: serverguide/C/dm-multipath.xml:1264(para)
26577
27115
msgid ""
26578
27116
"Whenever a hardware_handler is specified, it is your responsibility to "
26579
27117
"ensure that the appropriate kernel module is loaded to support the specified "
26587
27125
"# update-initramfs -u -k all</screen>"
26588
27126
msgstr ""
26589
27127
26590
#: serverguide/C/dm-multipath.xml:1274(para)
27128
#: serverguide/C/dm-multipath.xml:1275(para)
26591
27129
msgid ""
26592
27130
"The following example shows a device entry in the multipath configuration "
26593
27131
"file."
26594
27132
msgstr ""
26595
27133
26596
#: serverguide/C/dm-multipath.xml:1277(screen)
27134
#: serverguide/C/dm-multipath.xml:1278(screen)
26597
27135
#, no-wrap
26598
27136
msgid ""
26599
27137
"\n"
26608
27146
"#}\n"
26609
27147
msgstr ""
26610
27148
26611
#: serverguide/C/dm-multipath.xml:1289(para)
27149
#: serverguide/C/dm-multipath.xml:1290(para)
26612
27150
msgid ""
26613
27151
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
26614
27152
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
26625
27163
"characters or spaces, as seen in the example above"
26626
27164
msgstr ""
26627
27165
26628
#: serverguide/C/dm-multipath.xml:1306(para)
27166
#: serverguide/C/dm-multipath.xml:1307(para)
26629
27167
msgid "vendor: 8 characters"
26630
27168
msgstr ""
26631
27169
26632
#: serverguide/C/dm-multipath.xml:1310(para)
27170
#: serverguide/C/dm-multipath.xml:1311(para)
26633
27171
msgid "product: 16 characters"
26634
27172
msgstr ""
26635
27173
26636
#: serverguide/C/dm-multipath.xml:1314(para)
27174
#: serverguide/C/dm-multipath.xml:1315(para)
26637
27175
msgid "revision: 4 characters"
26638
27176
msgstr ""
26639
27177
26640
#: serverguide/C/dm-multipath.xml:1318(para)
27178
#: serverguide/C/dm-multipath.xml:1319(para)
26641
27179
msgid ""
26642
27180
"To create a more robust configuration file, regular expressions can also be "
26643
27181
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
26646
27184
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
26647
27185
msgstr ""
26648
27186
26649
#: serverguide/C/dm-multipath.xml:1325(screen)
27187
#: serverguide/C/dm-multipath.xml:1326(screen)
26650
27188
#, no-wrap
26651
27189
msgid "# echo 'show config' | multipathd -k"
26652
27190
msgstr ""
26653
27191
26654
#: serverguide/C/dm-multipath.xml:1330(title)
27192
#: serverguide/C/dm-multipath.xml:1331(title)
26655
27193
msgid "DM-Multipath Administration and Troubleshooting"
26656
27194
msgstr ""
26657
27195
26658
#: serverguide/C/dm-multipath.xml:1333(title)
27196
#: serverguide/C/dm-multipath.xml:1334(title)
26659
27197
msgid "Resizing an Online Multipath Device"
26660
27198
msgstr ""
26661
27199
26662
#: serverguide/C/dm-multipath.xml:1335(para)
27200
#: serverguide/C/dm-multipath.xml:1336(para)
26663
27201
msgid ""
26664
27202
"If you need to resize an online multipath device, use the following procedure"
26665
27203
msgstr ""
26666
27204
26667
#: serverguide/C/dm-multipath.xml:1340(para)
27205
#: serverguide/C/dm-multipath.xml:1341(para)
26668
27206
msgid "Resize your physical device. This is storage platform specific."
26669
27207
msgstr ""
26670
27208
26671
#: serverguide/C/dm-multipath.xml:1345(para)
27209
#: serverguide/C/dm-multipath.xml:1346(para)
26672
27210
msgid "Use the following command to find the paths to the LUN:"
26673
27211
msgstr ""
26674
27212
26675
#: serverguide/C/dm-multipath.xml:1347(screen)
27213
#: serverguide/C/dm-multipath.xml:1348(screen)
26676
27214
#, no-wrap
26677
27215
msgid "# multipath -l"
26678
27216
msgstr ""
26679
27217
26680
#: serverguide/C/dm-multipath.xml:1351(para)
27218
#: serverguide/C/dm-multipath.xml:1352(para)
26681
27219
msgid ""
26682
27220
"Resize your paths. For SCSI devices, writing 1 to the "
26683
27221
"<filename>rescan</filename> file for the device causes the SCSI driver to "
26684
27222
"rescan, as in the following command:"
26685
27223
msgstr ""
26686
27224
26687
#: serverguide/C/dm-multipath.xml:1355(screen)
27225
#: serverguide/C/dm-multipath.xml:1356(screen)
26688
27226
#, no-wrap
26689
27227
msgid "# echo 1 > /sys/block/device_name/device/rescan"
26690
27228
msgstr ""
26691
27229
26692
#: serverguide/C/dm-multipath.xml:1359(para)
27230
#: serverguide/C/dm-multipath.xml:1360(para)
26693
27231
msgid ""
26694
27232
"Resize your multipath device by running the multipathd resize command:"
26695
27233
msgstr ""
26696
27234
26697
#: serverguide/C/dm-multipath.xml:1362(screen)
27235
#: serverguide/C/dm-multipath.xml:1363(screen)
26698
27236
#, no-wrap
26699
27237
msgid "# multipathd -k 'resize map mpatha'"
26700
27238
msgstr ""
26701
27239
26702
#: serverguide/C/dm-multipath.xml:1366(para)
27240
#: serverguide/C/dm-multipath.xml:1367(para)
26703
27241
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
26704
27242
msgstr ""
26705
27243
26706
#: serverguide/C/dm-multipath.xml:1369(screen)
27244
#: serverguide/C/dm-multipath.xml:1370(screen)
26707
27245
#, no-wrap
26708
27246
msgid "# resize2fs /dev/mapper/mpatha"
26709
27247
msgstr ""
26710
27248
26711
#: serverguide/C/dm-multipath.xml:1375(title)
27249
#: serverguide/C/dm-multipath.xml:1376(title)
26712
27250
msgid ""
26713
27251
"Moving root File Systems from a Single Path Device to a Multipath Device"
26714
27252
msgstr ""
26715
27253
26716
#: serverguide/C/dm-multipath.xml:1378(para)
27254
#: serverguide/C/dm-multipath.xml:1379(para)
26717
27255
msgid ""
26718
27256
"This is dramatically simplified by the use of UUIDs to identify devices as "
26719
27257
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
26722
27260
"mounted by UUID."
26723
27261
msgstr ""
26724
27262
26725
#: serverguide/C/dm-multipath.xml:1385(para)
27263
#: serverguide/C/dm-multipath.xml:1386(para)
26726
27264
msgid ""
26727
27265
"Whenever <filename>multipath.conf</filename> is updated, so should the "
26728
27266
"initrd by executing <command>update-initramfs -u -k all</command>. The "
26731
27269
"blacklist and device sections."
26732
27270
msgstr ""
26733
27271
26734
#: serverguide/C/dm-multipath.xml:1394(title)
27272
#: serverguide/C/dm-multipath.xml:1395(title)
26735
27273
msgid ""
26736
27274
"Moving swap File Systems from a Single Path Device to a Multipath Device"
26737
27275
msgstr ""
26738
27276
26739
#: serverguide/C/dm-multipath.xml:1397(para)
27277
#: serverguide/C/dm-multipath.xml:1398(para)
26740
27278
msgid ""
26741
27279
"The procedure is exactly the same as illustrated in the previous section "
26742
27280
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
26744
27282
"Device</link>."
26745
27283
msgstr ""
26746
27284
26747
#: serverguide/C/dm-multipath.xml:1405(title)
27285
#: serverguide/C/dm-multipath.xml:1406(title)
26748
27286
msgid "The Multipath Daemon"
26749
27287
msgstr ""
26750
27288
26751
#: serverguide/C/dm-multipath.xml:1407(para)
27289
#: serverguide/C/dm-multipath.xml:1408(para)
26752
27290
msgid ""
26753
27291
"If you find you have trouble implementing a multipath configuration, you "
26754
27292
"should ensure the multipath daemon is running as described in <link "
26760
27298
"<command>multipathd</command> as a debugging aid."
26761
27299
msgstr ""
26762
27300
26763
#: serverguide/C/dm-multipath.xml:1447(title)
27301
#: serverguide/C/dm-multipath.xml:1448(title)
26764
27302
msgid "Issues with queue_if_no_path"
26765
27303
msgstr ""
26766
27304
26767
#: serverguide/C/dm-multipath.xml:1449(para)
27305
#: serverguide/C/dm-multipath.xml:1450(para)
26768
27306
msgid ""
26769
27307
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
26770
27308
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
26774
27312
"<filename>/etc/multipath.conf</filename>."
26775
27313
msgstr ""
26776
27314
26777
#: serverguide/C/dm-multipath.xml:1456(para)
27315
#: serverguide/C/dm-multipath.xml:1457(para)
26778
27316
msgid ""
26779
27317
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
26780
27318
"remove the <emphasis role=\"bold\">features \"1 "
26790
27328
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
26791
27329
msgstr ""
26792
27330
26793
#: serverguide/C/dm-multipath.xml:1470(para)
27331
#: serverguide/C/dm-multipath.xml:1471(para)
26794
27332
msgid ""
26795
27333
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
26796
27334
"option and you experience the issue noted here, use the "
26801
27339
"<option> \"fail_if_no_path\"</option>, execute the following command."
26802
27340
msgstr ""
26803
27341
26804
#: serverguide/C/dm-multipath.xml:1479(screen)
27342
#: serverguide/C/dm-multipath.xml:1480(screen)
26805
27343
#, no-wrap
26806
27344
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
26807
27345
msgstr ""
26808
27346
26809
#: serverguide/C/dm-multipath.xml:1482(para)
27347
#: serverguide/C/dm-multipath.xml:1483(para)
26810
27348
msgid ""
26811
27349
"You must specify the <filename>mpathN</filename> alias rather than the path"
26812
27350
msgstr ""
26813
27351
26814
#: serverguide/C/dm-multipath.xml:1488(title)
27352
#: serverguide/C/dm-multipath.xml:1489(title)
26815
27353
msgid "Multipath Command Output"
26816
27354
msgstr ""
26817
27355
26818
#: serverguide/C/dm-multipath.xml:1490(para)
27356
#: serverguide/C/dm-multipath.xml:1491(para)
26819
27357
msgid ""
26820
27358
"When you create, modify, or list a multipath device, you get a printout of "
26821
27359
"the current device setup. The format is as follows. For each multipath "
26822
27360
"device:"
26823
27361
msgstr ""
26824
27362
26825
#: serverguide/C/dm-multipath.xml:1494(screen)
27363
#: serverguide/C/dm-multipath.xml:1495(screen)
26826
27364
#, no-wrap
26827
27365
msgid ""
26828
27366
" action_if_any: alias (wwid_if_different_from_alias) "
26831
27369
"wp=write_permission_if_known"
26832
27370
msgstr ""
26833
27371
26834
#: serverguide/C/dm-multipath.xml:1497(para)
27372
#: serverguide/C/dm-multipath.xml:1498(para)
26835
27373
msgid "For each path group:"
26836
27374
msgstr ""
26837
27375
26838
#: serverguide/C/dm-multipath.xml:1499(screen)
27376
#: serverguide/C/dm-multipath.xml:1500(screen)
26839
27377
#, no-wrap
26840
27378
msgid ""
26841
27379
" -+- policy='scheduling_policy' prio=prio_if_known\n"
26842
27380
" status=path_group_status_if_known"
26843
27381
msgstr ""
26844
27382
26845
#: serverguide/C/dm-multipath.xml:1502(para)
27383
#: serverguide/C/dm-multipath.xml:1503(para)
26846
27384
msgid "For each path:"
26847
27385
msgstr ""
26848
27386
26849
#: serverguide/C/dm-multipath.xml:1504(screen)
27387
#: serverguide/C/dm-multipath.xml:1505(screen)
26850
27388
#, no-wrap
26851
27389
msgid ""
26852
27390
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
26854
27392
" online_status"
26855
27393
msgstr ""
26856
27394
26857
#: serverguide/C/dm-multipath.xml:1507(para)
27395
#: serverguide/C/dm-multipath.xml:1508(para)
26858
27396
msgid ""
26859
27397
"For example, the output of a multipath command might appear as follows:"
26860
27398
msgstr ""
26861
27399
26862
#: serverguide/C/dm-multipath.xml:1510(screen)
27400
#: serverguide/C/dm-multipath.xml:1511(screen)
26863
27401
#, no-wrap
26864
27402
msgid ""
26865
27403
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
26870
27408
" `- 7:0:0:0 sdf 8:80 active ready running"
26871
27409
msgstr ""
26872
27410
26873
#: serverguide/C/dm-multipath.xml:1517(para)
27411
#: serverguide/C/dm-multipath.xml:1518(para)
26874
27412
msgid ""
26875
27413
"If the path is up and ready for I/O, the status of the path is <emphasis "
26876
27414
"role=\"bold\">ready</emphasis> or <emphasis "
26881
27419
"defined in the <filename>/etc/multipath.conf</filename> file."
26882
27420
msgstr ""
26883
27421
26884
#: serverguide/C/dm-multipath.xml:1525(para)
27422
#: serverguide/C/dm-multipath.xml:1526(para)
26885
27423
msgid ""
26886
27424
"The dm status is similar to the path status, but from the kernel's point of "
26887
27425
"view. The dm status has two states: <emphasis "
26892
27430
"not agree."
26893
27431
msgstr ""
26894
27432
26895
#: serverguide/C/dm-multipath.xml:1533(para)
27433
#: serverguide/C/dm-multipath.xml:1534(para)
26896
27434
msgid ""
26897
27435
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
26898
27436
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
26901
27439
"disabled."
26902
27440
msgstr ""
26903
27441
26904
#: serverguide/C/dm-multipath.xml:1541(para)
27442
#: serverguide/C/dm-multipath.xml:1542(para)
26905
27443
msgid ""
26906
27444
"When a multipath device is being created or modified , the path group "
26907
27445
"status, the dm device name, the write permissions, and the dm status are not "
26908
27446
"known. Also, the features are not always correct"
26909
27447
msgstr ""
26910
27448
26911
#: serverguide/C/dm-multipath.xml:1548(title)
27449
#: serverguide/C/dm-multipath.xml:1549(title)
26912
27450
msgid "Multipath Queries with multipath Command"
26913
27451
msgstr ""
26914
27452
26915
#: serverguide/C/dm-multipath.xml:1550(para)
27453
#: serverguide/C/dm-multipath.xml:1551(para)
26916
27454
msgid ""
26917
27455
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
26918
27456
"role=\"bold\">-ll</emphasis> options of the <emphasis "
26924
27462
"available components of the system."
26925
27463
msgstr ""
26926
27464
26927
#: serverguide/C/dm-multipath.xml:1559(para)
27465
#: serverguide/C/dm-multipath.xml:1560(para)
26928
27466
msgid ""
26929
27467
"When displaying the multipath configuration, there are three verbosity "
26930
27468
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
26935
27473
"v2</emphasis> prints all detected paths, multipaths, and device maps."
26936
27474
msgstr ""
26937
27475
26938
#: serverguide/C/dm-multipath.xml:1569(para)
27476
#: serverguide/C/dm-multipath.xml:1570(para)
26939
27477
msgid ""
26940
27478
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
26941
27479
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
26944
27482
"of <filename>multipath.conf</filename>."
26945
27483
msgstr ""
26946
27484
26947
#: serverguide/C/dm-multipath.xml:1576(para)
27485
#: serverguide/C/dm-multipath.xml:1577(para)
26948
27486
msgid ""
26949
27487
"The following example shows the output of a <emphasis "
26950
27488
"role=\"bold\">multipath -l</emphasis> command."
26951
27489
msgstr ""
26952
27490
26953
#: serverguide/C/dm-multipath.xml:1579(screen)
27491
#: serverguide/C/dm-multipath.xml:1580(screen)
26954
27492
#, no-wrap
26955
27493
msgid ""
26956
27494
"# multipath -l\n"
26962
27500
" `- 7:0:0:0 sdf 8:80 active ready running"
26963
27501
msgstr ""
26964
27502
26965
#: serverguide/C/dm-multipath.xml:1587(para)
27503
#: serverguide/C/dm-multipath.xml:1588(para)
26966
27504
msgid ""
26967
27505
"The following example shows the output of a <emphasis "
26968
27506
"role=\"bold\">multipath -ll</emphasis> command."
26969
27507
msgstr ""
26970
27508
26971
#: serverguide/C/dm-multipath.xml:1590(screen)
27509
#: serverguide/C/dm-multipath.xml:1591(screen)
26972
27510
#, no-wrap
26973
27511
msgid ""
26974
27512
"# multipath -ll\n"
26985
27523
" `- 18:0:0:3 sdj 8:144 active ready running"
26986
27524
msgstr ""
26987
27525
26988
#: serverguide/C/dm-multipath.xml:1605(title)
27526
#: serverguide/C/dm-multipath.xml:1606(title)
26989
27527
msgid "Multipath Command Options"
26990
27528
msgstr ""
26991
27529
26992
#: serverguide/C/dm-multipath.xml:1607(para)
27530
#: serverguide/C/dm-multipath.xml:1608(para)
26993
27531
msgid ""
26994
27532
"Table <xref endterm=\"useful-multipath-command-options-title\" "
26995
27533
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
26997
27535
"useful."
26998
27536
msgstr ""
26999
27537
27000
#: serverguide/C/dm-multipath.xml:1613(title)
27538
#: serverguide/C/dm-multipath.xml:1614(title)
27001
27539
msgid "Useful multipath Command Options"
27002
27540
msgstr ""
27003
27541
27004
#: serverguide/C/dm-multipath.xml:1622(entry)
27542
#: serverguide/C/dm-multipath.xml:1623(entry)
27005
27543
msgid "Option"
27006
27544
msgstr ""
27007
27545
27008
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27546
#: serverguide/C/dm-multipath.xml:1630(emphasis)
27009
27547
msgid "-l"
27010
27548
msgstr ""
27011
27549
27012
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27550
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
27013
27551
msgid "sysfs"
27014
27552
msgstr ""
27015
27553
27016
#: serverguide/C/dm-multipath.xml:1630(entry)
27554
#: serverguide/C/dm-multipath.xml:1631(entry)
27017
27555
msgid ""
27018
27556
"Display the current multipath configuration gathered from <placeholder-1/> "
27019
27557
"and the device mapper."
27020
27558
msgstr ""
27021
27559
27022
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27560
#: serverguide/C/dm-multipath.xml:1637(emphasis)
27023
27561
msgid "-ll"
27024
27562
msgstr ""
27025
27563
27026
#: serverguide/C/dm-multipath.xml:1637(entry)
27564
#: serverguide/C/dm-multipath.xml:1638(entry)
27027
27565
msgid ""
27028
27566
"Display the current multipath configuration gathered from <placeholder-1/>, "
27029
27567
"the device mapper, and all other available components on the system."
27030
27568
msgstr ""
27031
27569
27032
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27570
#: serverguide/C/dm-multipath.xml:1644(emphasis)
27033
27571
msgid "-f device"
27034
27572
msgstr ""
27035
27573
27036
#: serverguide/C/dm-multipath.xml:1644(entry)
27574
#: serverguide/C/dm-multipath.xml:1645(entry)
27037
27575
msgid "Remove the named multipath device."
27038
27576
msgstr ""
27039
27577
27040
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27578
#: serverguide/C/dm-multipath.xml:1649(emphasis)
27041
27579
msgid "-F"
27042
27580
msgstr ""
27043
27581
27044
#: serverguide/C/dm-multipath.xml:1649(entry)
27582
#: serverguide/C/dm-multipath.xml:1650(entry)
27045
27583
msgid "Remove all unused multipath devices."
27046
27584
msgstr ""
27047
27585
27048
#: serverguide/C/dm-multipath.xml:1657(title)
27586
#: serverguide/C/dm-multipath.xml:1658(title)
27049
27587
msgid "Determining Device Mapper Entries with dmsetup Command"
27050
27588
msgstr ""
27051
27589
27052
#: serverguide/C/dm-multipath.xml:1659(para)
27590
#: serverguide/C/dm-multipath.xml:1660(para)
27053
27591
msgid ""
27054
27592
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27055
27593
"out which device mapper entries match the <emphasis "
27056
27594
"role=\"bold\">multipathed</emphasis> devices."
27057
27595
msgstr ""
27058
27596
27059
#: serverguide/C/dm-multipath.xml:1663(para)
27597
#: serverguide/C/dm-multipath.xml:1664(para)
27060
27598
msgid ""
27061
27599
"The following command displays all the device mapper devices and their major "
27062
27600
"and minor numbers. The minor numbers determine the name of the dm device. "
27065
27603
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
27066
27604
msgstr ""
27067
27605
27068
#: serverguide/C/dm-multipath.xml:1669(screen)
27606
#: serverguide/C/dm-multipath.xml:1670(screen)
27069
27607
#, no-wrap
27070
27608
msgid ""
27071
27609
"\n"
27088
27626
" "
27089
27627
msgstr ""
27090
27628
27091
#: serverguide/C/dm-multipath.xml:1690(title)
27629
#: serverguide/C/dm-multipath.xml:1691(title)
27092
27630
msgid "Troubleshooting with the multipathd interactive console"
27093
27631
msgstr ""
27094
27632
27095
#: serverguide/C/dm-multipath.xml:1692(para)
27633
#: serverguide/C/dm-multipath.xml:1693(para)
27096
27634
msgid ""
27097
27635
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
27098
27636
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
27102
27640
"role=\"bold\">CTRL-D</emphasis> to quit."
27103
27641
msgstr ""
27104
27642
27105
#: serverguide/C/dm-multipath.xml:1699(para)
27643
#: serverguide/C/dm-multipath.xml:1700(para)
27106
27644
msgid ""
27107
27645
"The multipathd interactive console can be used to troubleshoot problems you "
27108
27646
"may be having with your system. For example, the following command sequence "
27112
27650
"Multipathd\"</ulink> for more examples."
27113
27651
msgstr ""
27114
27652
27115
#: serverguide/C/dm-multipath.xml:1706(screen)
27653
#: serverguide/C/dm-multipath.xml:1707(screen)
27116
27654
#, no-wrap
27117
27655
msgid ""
27118
27656
"# multipathd -k\n"
27120
27658
" > > CTRL-D"
27121
27659
msgstr ""
27122
27660
27123
#: serverguide/C/dm-multipath.xml:1710(para)
27661
#: serverguide/C/dm-multipath.xml:1711(para)
27124
27662
msgid ""
27125
27663
"The following command sequence ensures that multipath has picked up any "
27126
27664
"changes to the multipath.conf,"
27127
27665
msgstr ""
27128
27666
27129
#: serverguide/C/dm-multipath.xml:1713(screen)
27667
#: serverguide/C/dm-multipath.xml:1714(screen)
27130
27668
#, no-wrap
27131
27669
msgid ""
27132
27670
"\n"
27135
27673
"> > CTRL-D\n"
27136
27674
msgstr ""
27137
27675
27138
#: serverguide/C/dm-multipath.xml:1719(para)
27676
#: serverguide/C/dm-multipath.xml:1720(para)
27139
27677
msgid ""
27140
27678
"Use the following command sequence to ensure that the path checker is "
27141
27679
"working properly."
27142
27680
msgstr ""
27143
27681
27144
#: serverguide/C/dm-multipath.xml:1722(screen)
27682
#: serverguide/C/dm-multipath.xml:1723(screen)
27145
27683
#, no-wrap
27146
27684
msgid ""
27147
27685
"\n"
27150
27688
"> > CTRL-D\n"
27151
27689
msgstr ""
27152
27690
27153
#: serverguide/C/dm-multipath.xml:1728(para)
27691
#: serverguide/C/dm-multipath.xml:1729(para)
27154
27692
msgid ""
27155
27693
"Commands can also be streamed into multipathd using stdin like so:<screen># "
27156
27694
"echo 'show config' | multipathd -k</screen>"
27164
27702
msgid "Ubuntu provides two popular database servers. They are:"
27165
27703
msgstr ""
27166
27704
27167
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27705
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27168
27706
msgid "MySQL"
27169
27707
msgstr ""
27170
27708
27171
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
27709
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
27172
27710
msgid "PostgreSQL"
27173
27711
msgstr ""
27174
27712
27189
27727
msgid "To install MySQL, run the following command from a terminal prompt:"
27190
27728
msgstr ""
27191
27729
27192
#: serverguide/C/databases.xml:42(command)
27730
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
27193
27731
msgid "sudo apt-get install mysql-server"
27194
27732
msgstr ""
27195
27733
27196
#: serverguide/C/databases.xml:44(para)
27734
#: serverguide/C/databases.xml:51(para)
27197
27735
msgid ""
27198
27736
"During the installation process you will be prompted to enter a password for "
27199
27737
"the MySQL root user."
27200
27738
msgstr ""
27201
27739
27202
#: serverguide/C/databases.xml:48(para)
27740
#: serverguide/C/databases.xml:55(para)
27203
27741
msgid ""
27204
27742
"Once the installation is complete, the MySQL server should be started "
27205
27743
"automatically. You can run the following command from a terminal prompt to "
27206
27744
"check whether the MySQL server is running:"
27207
27745
msgstr ""
27208
27746
27209
#: serverguide/C/databases.xml:55(command)
27747
#: serverguide/C/databases.xml:62(command)
27210
27748
msgid "sudo netstat -tap | grep mysql"
27211
27749
msgstr ""
27212
27750
27213
#: serverguide/C/databases.xml:58(para)
27751
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
27214
27752
msgid ""
27215
27753
"When you run this command, you should see the following line or something "
27216
27754
"similar:"
27217
27755
msgstr ""
27218
27756
27219
#: serverguide/C/databases.xml:62(programlisting)
27757
#: serverguide/C/databases.xml:69(programlisting)
27220
27758
#, no-wrap
27221
27759
msgid ""
27222
27760
"\n"
27224
27762
"2556/mysqld\n"
27225
27763
msgstr ""
27226
27764
27227
#: serverguide/C/databases.xml:65(para)
27765
#: serverguide/C/databases.xml:72(para)
27228
27766
msgid ""
27229
27767
"If the server is not running correctly, you can type the following command "
27230
27768
"to start it:"
27231
27769
msgstr ""
27232
27770
27233
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
27771
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
27234
27772
msgid "sudo service mysql restart"
27235
27773
msgstr ""
27236
27774
27237
#: serverguide/C/databases.xml:74(para)
27775
#: serverguide/C/databases.xml:81(para)
27238
27776
msgid ""
27239
27777
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
27240
27778
"the basic settings -- log file, port number, etc. For example, to configure "
27242
27780
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
27243
27781
msgstr ""
27244
27782
27245
#: serverguide/C/databases.xml:80(programlisting)
27783
#: serverguide/C/databases.xml:87(programlisting)
27246
27784
#, no-wrap
27247
27785
msgid ""
27248
27786
"\n"
27249
27787
"bind-address = 192.168.0.5\n"
27250
27788
msgstr ""
27251
27789
27252
#: serverguide/C/databases.xml:84(para)
27790
#: serverguide/C/databases.xml:91(para)
27253
27791
msgid "Replace 192.168.0.5 with the appropriate address."
27254
27792
msgstr ""
27255
27793
27256
#: serverguide/C/databases.xml:88(para)
27794
#: serverguide/C/databases.xml:95(para)
27257
27795
msgid ""
27258
27796
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
27259
27797
"daemon will need to be restarted:"
27260
27798
msgstr ""
27261
27799
27262
#: serverguide/C/databases.xml:95(para)
27800
#: serverguide/C/databases.xml:102(para)
27263
27801
msgid ""
27264
27802
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
27265
27803
"a terminal enter:"
27266
27804
msgstr ""
27267
27805
27268
#: serverguide/C/databases.xml:100(command)
27806
#: serverguide/C/databases.xml:107(command)
27269
27807
msgid "sudo dpkg-reconfigure mysql-server-5.5"
27270
27808
msgstr ""
27271
27809
27272
#: serverguide/C/databases.xml:102(para)
27810
#: serverguide/C/databases.xml:109(para)
27273
27811
msgid ""
27274
27812
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
27275
27813
"password."
27276
27814
msgstr ""
27277
27815
27278
#: serverguide/C/databases.xml:107(title)
27816
#: serverguide/C/databases.xml:114(title)
27279
27817
msgid "Database Engines"
27280
27818
msgstr ""
27281
27819
27282
#: serverguide/C/databases.xml:108(para)
27820
#: serverguide/C/databases.xml:115(para)
27283
27821
msgid ""
27284
27822
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
27285
27823
"perfectly functional and performs well there are things you may wish to "
27286
27824
"consider before you proceed."
27287
27825
msgstr ""
27288
27826
27289
#: serverguide/C/databases.xml:112(para)
27827
#: serverguide/C/databases.xml:119(para)
27290
27828
msgid ""
27291
27829
"MySQL is designed to allow data to be stored in different ways. These "
27292
27830
"methods are referred to as either database or storage engines. There are two "
27296
27834
"use, you will interact with the database in the same way."
27297
27835
msgstr ""
27298
27836
27299
#: serverguide/C/databases.xml:119(para)
27837
#: serverguide/C/databases.xml:126(para)
27300
27838
msgid "Each engine has its own advantages and disadvantages."
27301
27839
msgstr ""
27302
27840
27303
#: serverguide/C/databases.xml:122(para)
27841
#: serverguide/C/databases.xml:129(para)
27304
27842
msgid ""
27305
27843
"While it is possible, and may be advantageous to mix and match database "
27306
27844
"engines on a table level, doing so reduces the effectiveness of the "
27308
27846
"two engines instead of dedicating them to one."
27309
27847
msgstr ""
27310
27848
27311
#: serverguide/C/databases.xml:129(para)
27849
#: serverguide/C/databases.xml:136(para)
27312
27850
msgid ""
27313
27851
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
27314
27852
"circumstances and favours a read only workload. Some web applications have "
27324
27862
"production/\">MyISAM on a production database</ulink>."
27325
27863
msgstr ""
27326
27864
27327
#: serverguide/C/databases.xml:143(para)
27865
#: serverguide/C/databases.xml:150(para)
27328
27866
msgid ""
27329
27867
"InnoDB is a more modern database engine, designed to be <ulink "
27330
27868
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
27337
27875
"reliable data recovery as data consistency can be checked."
27338
27876
msgstr ""
27339
27877
27340
#: serverguide/C/databases.xml:156(para)
27878
#: serverguide/C/databases.xml:163(para)
27341
27879
msgid ""
27342
27880
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
27343
27881
"MyISAM unless you have specific need for features unique to the engine."
27344
27882
msgstr ""
27345
27883
27346
#: serverguide/C/databases.xml:163(title)
27884
#: serverguide/C/databases.xml:170(title)
27347
27885
msgid "Creating a tuned my.cnf file"
27348
27886
msgstr ""
27349
27887
27350
#: serverguide/C/databases.xml:164(para)
27888
#: serverguide/C/databases.xml:171(para)
27351
27889
msgid ""
27352
27890
"There are a number of parameters that can be adjusted within MySQL's "
27353
27891
"configuration file that will allow you to improve the performance of the "
27400
27938
"</screen> Once that is complete all is good to go!"
27401
27939
msgstr ""
27402
27940
27403
#: serverguide/C/databases.xml:206(para)
27941
#: serverguide/C/databases.xml:213(para)
27404
27942
msgid ""
27405
27943
"This is not necessary for all my.cnf changes. Most of the variables you may "
27406
27944
"wish to change to improve performance are adjustable even whilst the server "
27408
27946
"files and data before making changes."
27409
27947
msgstr ""
27410
27948
27411
#: serverguide/C/databases.xml:215(title)
27949
#: serverguide/C/databases.xml:222(title)
27412
27950
msgid "MySQL Tuner"
27413
27951
msgstr ""
27414
27952
27415
#: serverguide/C/databases.xml:216(para)
27953
#: serverguide/C/databases.xml:223(para)
27416
27954
msgid ""
27417
27955
"<application>MySQL Tuner</application> is a useful tool that will connect to "
27418
27956
"a running MySQL instance and offer suggestions for how it can be best "
27444
27982
"</screen>"
27445
27983
msgstr ""
27446
27984
27447
#: serverguide/C/databases.xml:250(para)
27985
#: serverguide/C/databases.xml:257(para)
27448
27986
msgid ""
27449
27987
"One final comment on tuning databases: Whilst we can broadly say that "
27450
27988
"certain settings are the best, performance can vary from application to "
27459
27997
"either using more powerful hardware or by adding slave servers."
27460
27998
msgstr ""
27461
27999
27462
#: serverguide/C/databases.xml:267(para)
28000
#: serverguide/C/databases.xml:274(para)
27463
28001
msgid ""
27464
28002
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
27465
28003
"more information."
27466
28004
msgstr ""
27467
28005
27468
#: serverguide/C/databases.xml:272(para)
28006
#: serverguide/C/databases.xml:279(para)
27469
28007
msgid ""
27470
28008
"Full documentation is available in both online and offline formats from the "
27471
28009
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
27472
28010
msgstr ""
27473
28011
27474
#: serverguide/C/databases.xml:278(para)
28012
#: serverguide/C/databases.xml:285(para)
27475
28013
msgid ""
27476
28014
"For general SQL information see <ulink "
27477
28015
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
27478
28016
"SQL Special Edition</ulink> by Rafe Colburn."
27479
28017
msgstr ""
27480
28018
27481
#: serverguide/C/databases.xml:284(para)
28019
#: serverguide/C/databases.xml:291(para)
27482
28020
msgid ""
27483
28021
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
27484
28022
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
27497
28035
"in the command prompt:"
27498
28036
msgstr ""
27499
28037
27500
#: serverguide/C/databases.xml:307(command)
28038
#: serverguide/C/databases.xml:314(command)
27501
28039
msgid "sudo apt-get install postgresql"
27502
28040
msgstr ""
27503
28041
27544
28082
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
27545
28083
msgstr ""
27546
28084
27547
#: serverguide/C/databases.xml:339(para)
28085
#: serverguide/C/databases.xml:346(para)
27548
28086
msgid ""
27549
28087
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
27550
28088
"change it to:"
27576
28114
"default <application>PostgreSQL</application> template database:"
27577
28115
msgstr ""
27578
28116
27579
#: serverguide/C/databases.xml:362(command)
28117
#: serverguide/C/databases.xml:370(command)
27580
28118
msgid "sudo -u postgres psql template1"
27581
28119
msgstr ""
27582
28120
27590
28128
"user <emphasis role=\"italics\">postgres</emphasis>."
27591
28129
msgstr ""
27592
28130
27593
#: serverguide/C/databases.xml:372(command)
28131
#: serverguide/C/databases.xml:380(command)
27594
28132
msgid "ALTER USER postgres with encrypted password 'your_password';"
27595
28133
msgstr ""
27596
28134
27602
28140
"<emphasis>postgres</emphasis> user:"
27603
28141
msgstr ""
27604
28142
27605
#: serverguide/C/databases.xml:380(programlisting)
28143
#: serverguide/C/databases.xml:388(programlisting)
27606
28144
#, no-wrap
27607
28145
msgid ""
27608
28146
"\n"
27609
28147
"local all postgres md5\n"
27610
28148
msgstr ""
27611
28149
27612
#: serverguide/C/databases.xml:384(para)
28150
#: serverguide/C/databases.xml:392(para)
27613
28151
msgid ""
27614
28152
"Finally, you should restart the <application>PostgreSQL</application> "
27615
28153
"service to initialize the new configuration. From a terminal prompt enter "
27645
28183
msgid "Replace the domain name with your actual server domain name."
27646
28184
msgstr ""
27647
28185
27648
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28186
#: serverguide/C/backups.xml:11(title)
27649
28187
msgid "Backups"
27650
28188
msgstr ""
27651
28189
27676
28214
"9.1/html/index.html</command> into the address bar of your browser."
27677
28215
msgstr ""
27678
28216
27679
#: serverguide/C/databases.xml:436(para)
28217
#: serverguide/C/databases.xml:426(para)
27680
28218
msgid ""
27681
28219
"For general SQL information see <ulink "
27682
28220
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
27683
28221
"Special Edition</ulink> by Rafe Colburn."
27684
28222
msgstr ""
27685
28223
27686
#: serverguide/C/databases.xml:442(para)
28224
#: serverguide/C/databases.xml:432(para)
27687
28225
msgid ""
27688
28226
"Also, see the <ulink "
27689
28227
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
29547
30085
msgid "translator-credits"
29548
30086
msgstr ""
29549
30087
"Launchpad Contributions:\n"
29550
" Jānis-Marks Gailis https://launchpad.net/~jeanmarc-gailis"
30088
" Jānis Marks Gailis https://launchpad.net/~jeanmarc-gailis"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1