« back to all changes in this revision
Viewing changes to serverguide/po/sr.po
- browse files at revision 246
- compare with another revision
- download diff
- download tarball
- view history from revision 246
- Committer: Peter Matulis
- Date: 2015-03-22 23:02:24 UTC
- Revision ID: peter.matulis@canonical.com-20150322230224-zu4rs9j8jjf4zzwj
Updated the PO files; by Peter Matulis
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/sr.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2014-09-22 11:47-0700\n"
11
"PO-Revision-Date: 2014-03-20 22:00+0000\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Serbian <sr@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2014-10-11 02:52+0000\n"
18
"X-Generator: Launchpad (build 17196)\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:32+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
86
86
"for the development and deployment of Web-based applications."
87
87
msgstr ""
88
88
89
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:703(title) serverguide/C/web-servers.xml:846(title) serverguide/C/web-servers.xml:969(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:813(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:87(title) serverguide/C/vcs.xml:211(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:119(title) serverguide/C/network-auth.xml:2771(title) serverguide/C/network-auth.xml:3243(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/lamp-applications.xml:512(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1221(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
89
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
90
90
msgid "Installation"
91
91
msgstr "Инсталација"
92
92
104
104
msgid "sudo apt-get install apache2"
105
105
msgstr ""
106
106
107
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:756(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:996(title) serverguide/C/web-servers.xml:1099(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:96(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2858(title) serverguide/C/network-auth.xml:3264(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/lamp-applications.xml:533(title) serverguide/C/installation.xml:1237(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
107
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
108
108
msgid "Configuration"
109
109
msgstr "Подешавање"
110
110
146
146
"<application>apache2</application> is restarted."
147
147
msgstr ""
148
148
149
#: serverguide/C/web-servers.xml:108(para)
149
#: serverguide/C/web-servers.xml:93(para)
150
150
msgid ""
151
151
"<emphasis>envvars:</emphasis> file where Apache2 "
152
152
"<emphasis>environment</emphasis> variables are set."
153
153
msgstr ""
154
154
155
#: serverguide/C/web-servers.xml:113(para)
155
#: serverguide/C/web-servers.xml:106(para)
156
156
msgid ""
157
157
"<emphasis>mods-available:</emphasis> this directory contains configuration "
158
158
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
159
159
"modules will have specific configuration files, however."
160
160
msgstr ""
161
161
162
#: serverguide/C/web-servers.xml:119(para)
162
#: serverguide/C/web-servers.xml:112(para)
163
163
msgid ""
164
164
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
165
165
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
167
167
"<application>apache2</application> is restarted."
168
168
msgstr ""
169
169
170
#: serverguide/C/web-servers.xml:126(para)
170
#: serverguide/C/web-servers.xml:119(para)
171
171
msgid ""
172
172
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
173
173
"TCP ports Apache2 is listening on."
174
174
msgstr ""
175
175
176
#: serverguide/C/web-servers.xml:131(para)
176
#: serverguide/C/web-servers.xml:124(para)
177
177
msgid ""
178
178
"<emphasis>sites-available:</emphasis> this directory has configuration files "
179
179
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
180
180
"to be configured for multiple sites that have separate configurations."
181
181
msgstr ""
182
182
183
#: serverguide/C/web-servers.xml:138(para)
183
#: serverguide/C/web-servers.xml:130(para)
184
184
msgid ""
185
185
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
186
186
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
195
195
"the first few bytes of a file."
196
196
msgstr ""
197
197
198
#: serverguide/C/web-servers.xml:151(para)
198
#: serverguide/C/web-servers.xml:138(para)
199
199
msgid ""
200
200
"In addition, other configuration files may be added using the "
201
201
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
204
204
"recognized by Apache2 when it is started or restarted."
205
205
msgstr ""
206
206
207
#: serverguide/C/web-servers.xml:160(para)
207
#: serverguide/C/web-servers.xml:147(para)
208
208
msgid ""
209
209
"The server also reads a file containing mime document types; the filename is "
210
210
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
213
213
"by default."
214
214
msgstr ""
215
215
216
#: serverguide/C/web-servers.xml:168(title)
216
#: serverguide/C/web-servers.xml:155(title)
217
217
msgid "Basic Settings"
218
218
msgstr ""
219
219
228
228
msgid ""
229
229
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
230
230
"it is configured with a single default virtual host (using the "
231
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
232
"if you have a single site, or used as a template for additional virtual "
231
"<emphasis>VirtualHost</emphasis> directive) which can be modified or used as-"
232
"is if you have a single site, or used as a template for additional virtual "
233
233
"hosts if you have multiple sites. If left alone, the default virtual host "
234
234
"will serve as your default site, or the site users will see if the URL they "
235
235
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
237
237
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
238
238
msgstr ""
239
239
240
#: serverguide/C/web-servers.xml:190(para)
240
#: serverguide/C/web-servers.xml:177(para)
241
241
msgid ""
242
242
"The directives set for a virtual host only apply to that particular virtual "
243
243
"host. If a directive is set server-wide and not defined within the virtual "
246
246
"virtual host."
247
247
msgstr ""
248
248
249
#: serverguide/C/web-servers.xml:198(para)
249
#: serverguide/C/web-servers.xml:185(para)
250
250
msgid ""
251
251
"If you wish to configure a new virtual host or site, copy that file into the "
252
252
"same directory with a name you choose. For example:"
258
258
"available/mynewsite.conf"
259
259
msgstr ""
260
260
261
#: serverguide/C/web-servers.xml:207(para)
261
#: serverguide/C/web-servers.xml:194(para)
262
262
msgid ""
263
263
"Edit the new file to configure the new site using some of the directives "
264
264
"described below."
265
265
msgstr ""
266
266
267
#: serverguide/C/web-servers.xml:214(para)
267
#: serverguide/C/web-servers.xml:201(para)
268
268
msgid ""
269
269
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
270
270
"to be advertised for the server's administrator. The default value is "
275
275
"configuration file in /etc/apache2/sites-available."
276
276
msgstr ""
277
277
278
#: serverguide/C/web-servers.xml:225(para)
278
#: serverguide/C/web-servers.xml:212(para)
279
279
msgid ""
280
280
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
281
281
"the IP address, Apache2 should listen on. If the IP address is not "
301
301
"available/mynewsite.conf</filename>)."
302
302
msgstr ""
303
303
304
#: serverguide/C/web-servers.xml:250(para)
304
#: serverguide/C/web-servers.xml:237(para)
305
305
msgid ""
306
306
"You may also want your site to respond to www.ubunturocks.com, since many "
307
307
"users will assume the www prefix is appropriate. Use the "
309
309
"wildcards in the ServerAlias directive."
310
310
msgstr ""
311
311
312
#: serverguide/C/web-servers.xml:257(para)
312
#: serverguide/C/web-servers.xml:244(para)
313
313
msgid ""
314
314
"For example, the following configuration will cause your site to respond to "
315
315
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
316
316
msgstr ""
317
317
318
#: serverguide/C/web-servers.xml:263(programlisting)
318
#: serverguide/C/web-servers.xml:250(programlisting)
319
319
#, no-wrap
320
320
msgid ""
321
321
"\n"
331
331
"virtual host file, and remember to create that directory if necessary!"
332
332
msgstr ""
333
333
334
#: serverguide/C/web-servers.xml:278(para)
334
#: serverguide/C/web-servers.xml:265(para)
335
335
msgid ""
336
336
"Enable the new <emphasis>VirtualHost</emphasis> using the "
337
337
"<application>a2ensite</application> utility and restart Apache2:"
338
338
msgstr ""
339
339
340
#: serverguide/C/web-servers.xml:284(command)
340
#: serverguide/C/web-servers.xml:271(command)
341
341
msgid "sudo a2ensite mynewsite"
342
342
msgstr ""
343
343
344
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:222(command) serverguide/C/lamp-applications.xml:573(command)
344
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
345
345
msgid "sudo service apache2 restart"
346
346
msgstr ""
347
347
348
#: serverguide/C/web-servers.xml:289(para)
348
#: serverguide/C/web-servers.xml:276(para)
349
349
msgid ""
350
350
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
351
351
"name for the VirtualHost. One method is to name the file after the "
352
352
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
353
353
msgstr ""
354
354
355
#: serverguide/C/web-servers.xml:296(para)
355
#: serverguide/C/web-servers.xml:283(para)
356
356
msgid ""
357
357
"Similarly, use the <application>a2dissite</application> utility to disable "
358
358
"sites. This is can be useful when troubleshooting configuration problems "
359
359
"with multiple VirtualHosts:"
360
360
msgstr ""
361
361
362
#: serverguide/C/web-servers.xml:302(command)
362
#: serverguide/C/web-servers.xml:289(command)
363
363
msgid "sudo a2dissite mynewsite"
364
364
msgstr ""
365
365
366
#: serverguide/C/web-servers.xml:308(title)
366
#: serverguide/C/web-servers.xml:295(title)
367
367
msgid "Default Settings"
368
368
msgstr ""
369
369
370
#: serverguide/C/web-servers.xml:310(para)
370
#: serverguide/C/web-servers.xml:297(para)
371
371
msgid ""
372
372
"This section explains configuration of the Apache2 server default settings. "
373
373
"For example, if you add a virtual host, the settings you configure for the "
375
375
"defined within the virtual host settings, the default value is used."
376
376
msgstr ""
377
377
378
#: serverguide/C/web-servers.xml:322(para)
378
#: serverguide/C/web-servers.xml:309(para)
379
379
msgid ""
380
380
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
381
381
"server when a user requests an index of a directory by specifying a forward "
382
382
"slash (/) at the end of the directory name."
383
383
msgstr ""
384
384
385
#: serverguide/C/web-servers.xml:329(para)
385
#: serverguide/C/web-servers.xml:316(para)
386
386
msgid ""
387
387
"For example, when a user requests the page "
388
388
"http://www.example.com/this_directory/, he or she will get either the "
405
405
"file for Apache2 to use for specific error events. For example, if a user "
406
406
"requests a resource that does not exist, a 404 error will occur. By default, "
407
407
"Apache2 will simply return a HTTP 404 Return code. Read "
408
"<filename>/etc/apache2/conf.d/localized-error-pages</filename> for detailed "
409
"instructions for using ErrorDocument, including locations of example files."
408
"<filename>/etc/apache2/conf-available/localized-error-pages.conf</filename> "
409
"for detailed instructions for using ErrorDocument, including locations of "
410
"example files."
410
411
msgstr ""
411
412
412
#: serverguide/C/web-servers.xml:360(para)
413
#: serverguide/C/web-servers.xml:347(para)
413
414
msgid ""
414
415
"By default, the server writes the transfer log to the file "
415
416
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
425
426
"/etc/apache2/apache2.conf</filename> for the default value)."
426
427
msgstr ""
427
428
428
#: serverguide/C/web-servers.xml:375(para)
429
#: serverguide/C/web-servers.xml:362(para)
429
430
msgid ""
430
431
"Some options are specified on a per-directory basis rather than per-server. "
431
432
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
441
442
"</Directory>\n"
442
443
msgstr ""
443
444
444
#: serverguide/C/web-servers.xml:387(para)
445
#: serverguide/C/web-servers.xml:374(para)
445
446
msgid ""
446
447
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
447
448
"one or more of the following values (among others), separated by spaces:"
448
449
msgstr ""
449
450
450
#: serverguide/C/web-servers.xml:399(para)
451
#: serverguide/C/web-servers.xml:386(para)
451
452
msgid ""
452
453
"Most files should not be executed as CGI scripts. This would be very "
453
454
"dangerous. CGI scripts should kept in a directory separate from and outside "
456
457
"<filename>/usr/lib/cgi-bin</filename>."
457
458
msgstr ""
458
459
459
#: serverguide/C/web-servers.xml:394(para)
460
#: serverguide/C/web-servers.xml:381(para)
460
461
msgid ""
461
462
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
462
463
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
463
464
msgstr ""
464
465
465
#: serverguide/C/web-servers.xml:410(para)
466
#: serverguide/C/web-servers.xml:397(para)
466
467
msgid ""
467
468
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
468
469
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
471
472
"documentation (Ubuntu community)</ulink> for more information."
472
473
msgstr ""
473
474
474
#: serverguide/C/web-servers.xml:419(para)
475
#: serverguide/C/web-servers.xml:406(para)
475
476
msgid ""
476
477
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
477
478
"includes, but disable the <emphasis>#exec</emphasis> and "
478
479
"<emphasis>#include</emphasis> commands in CGI scripts."
479
480
msgstr ""
480
481
481
#: serverguide/C/web-servers.xml:431(para)
482
#: serverguide/C/web-servers.xml:418(para)
482
483
msgid ""
483
484
"For security reasons, this should usually not be set, and certainly should "
484
485
"not be set on your DocumentRoot directory. Enable this option carefully on a "
486
487
"contents of the directory."
487
488
msgstr ""
488
489
489
#: serverguide/C/web-servers.xml:426(para)
490
#: serverguide/C/web-servers.xml:413(para)
490
491
msgid ""
491
492
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
492
493
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
502
503
"Apache2 documentation on this option</ulink>."
503
504
msgstr ""
504
505
505
#: serverguide/C/web-servers.xml:449(para)
506
#: serverguide/C/web-servers.xml:436(para)
506
507
msgid ""
507
508
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
508
509
"symbolic links if the target file or directory has the same owner as the "
509
510
"link."
510
511
msgstr ""
511
512
512
#: serverguide/C/web-servers.xml:461(title)
513
#: serverguide/C/web-servers.xml:448(title)
513
514
msgid "httpd Settings"
514
515
msgstr ""
515
516
516
#: serverguide/C/web-servers.xml:463(para)
517
#: serverguide/C/web-servers.xml:450(para)
517
518
msgid ""
518
519
"This section explains some basic <application>httpd</application> daemon "
519
520
"configuration settings."
520
521
msgstr ""
521
522
522
#: serverguide/C/web-servers.xml:467(para)
523
#: serverguide/C/web-servers.xml:454(para)
523
524
msgid ""
524
525
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
525
526
"the path to the lockfile used when the server is compiled with either "
530
531
"that is readable only by root."
531
532
msgstr ""
532
533
533
#: serverguide/C/web-servers.xml:476(para)
534
#: serverguide/C/web-servers.xml:463(para)
534
535
msgid ""
535
536
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
536
537
"file in which the server records its process ID (pid). This file should only "
537
538
"be readable by root. In most cases, it should be left to the default value."
538
539
msgstr ""
539
540
540
#: serverguide/C/web-servers.xml:482(para)
541
#: serverguide/C/web-servers.xml:469(para)
541
542
msgid ""
542
543
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
543
544
"used by the server to answer requests. This setting determines the server's "
545
546
"your website's visitors. The default value for User is \"www-data\"."
546
547
msgstr ""
547
548
548
#: serverguide/C/web-servers.xml:489(para)
549
#: serverguide/C/web-servers.xml:476(para)
549
550
msgid ""
550
551
"Unless you know exactly what you are doing, do not set the User directive to "
551
552
"root. Using root as the User will create large security holes for your Web "
552
553
"server."
553
554
msgstr ""
554
555
555
#: serverguide/C/web-servers.xml:495(para)
556
#: serverguide/C/web-servers.xml:482(para)
556
557
msgid ""
557
558
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
558
559
"the User directive. Group sets the group under which the server will answer "
559
560
"requests. The default group is also \"www-data\"."
560
561
msgstr ""
561
562
562
#: serverguide/C/web-servers.xml:502(title)
563
#: serverguide/C/web-servers.xml:489(title)
563
564
msgid "Apache2 Modules"
564
565
msgstr ""
565
566
566
#: serverguide/C/web-servers.xml:504(para)
567
#: serverguide/C/web-servers.xml:491(para)
567
568
msgid ""
568
569
"Apache2 is a modular server. This implies that only the most basic "
569
570
"functionality is included in the core server. Extended features are "
574
575
"Apache2 must be recompiled to add or remove modules."
575
576
msgstr ""
576
577
577
#: serverguide/C/web-servers.xml:516(para)
578
#: serverguide/C/web-servers.xml:503(para)
578
579
msgid ""
579
580
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
580
581
"Configuration directives may be conditionally included on the presence of a "
582
583
"<emphasis><IfModule></emphasis> block."
583
584
msgstr ""
584
585
585
#: serverguide/C/web-servers.xml:523(para)
586
#: serverguide/C/web-servers.xml:510(para)
586
587
msgid ""
587
588
"You can install additional Apache2 modules and use them with your Web "
588
589
"server. For example, run the following command from a terminal prompt to "
589
590
"install the <emphasis>MySQL Authentication</emphasis> module:"
590
591
msgstr ""
591
592
592
#: serverguide/C/web-servers.xml:530(command)
593
#: serverguide/C/web-servers.xml:517(command)
593
594
msgid "sudo apt-get install libapache2-mod-auth-mysql"
594
595
msgstr ""
595
596
596
#: serverguide/C/web-servers.xml:533(para)
597
#: serverguide/C/web-servers.xml:520(para)
597
598
msgid ""
598
599
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
599
600
"additional modules."
600
601
msgstr ""
601
602
602
#: serverguide/C/web-servers.xml:537(para)
603
#: serverguide/C/web-servers.xml:524(para)
603
604
msgid ""
604
605
"Use the <application>a2enmod</application> utility to enable a module:"
605
606
msgstr ""
606
607
607
#: serverguide/C/web-servers.xml:543(command)
608
#: serverguide/C/web-servers.xml:530(command)
608
609
msgid "sudo a2enmod auth_mysql"
609
610
msgstr ""
610
611
611
#: serverguide/C/web-servers.xml:547(para)
612
#: serverguide/C/web-servers.xml:534(para)
612
613
msgid "Similarly, <application>a2dismod</application> will disable a module:"
613
614
msgstr ""
614
615
615
#: serverguide/C/web-servers.xml:552(command)
616
#: serverguide/C/web-servers.xml:539(command)
616
617
msgid "sudo a2dismod auth_mysql"
617
618
msgstr ""
618
619
619
#: serverguide/C/web-servers.xml:559(title)
620
#: serverguide/C/web-servers.xml:546(title)
620
621
msgid "HTTPS Configuration"
621
622
msgstr ""
622
623
623
#: serverguide/C/web-servers.xml:561(para)
624
#: serverguide/C/web-servers.xml:548(para)
624
625
msgid ""
625
626
"The <application>mod_ssl</application> module adds an important feature to "
626
627
"the Apache2 server - the ability to encrypt communications. Thus, when your "
629
630
"bar."
630
631
msgstr ""
631
632
632
#: serverguide/C/web-servers.xml:570(para)
633
#: serverguide/C/web-servers.xml:557(para)
633
634
msgid ""
634
635
"The <application>mod_ssl</application> module is available in "
635
636
"<application>apache2-common</application> package. Execute the following "
637
638
"<application>mod_ssl</application> module:"
638
639
msgstr ""
639
640
640
#: serverguide/C/web-servers.xml:577(command)
641
#: serverguide/C/web-servers.xml:564(command)
641
642
msgid "sudo a2enmod ssl"
642
643
msgstr ""
643
644
655
656
"linkend=\"certificates-and-security\"/>"
656
657
msgstr ""
657
658
658
#: serverguide/C/web-servers.xml:590(para)
659
#: serverguide/C/web-servers.xml:577(para)
659
660
msgid ""
660
661
"To configure <application>Apache2</application> for HTTPS, enter the "
661
662
"following:"
662
663
msgstr ""
663
664
664
#: serverguide/C/web-servers.xml:595(command)
665
#: serverguide/C/web-servers.xml:582(command)
665
666
msgid "sudo a2ensite default-ssl"
666
667
msgstr ""
667
668
668
#: serverguide/C/web-servers.xml:599(para)
669
#: serverguide/C/web-servers.xml:586(para)
669
670
msgid ""
670
671
"The directories <filename>/etc/ssl/certs</filename> and "
671
672
"<filename>/etc/ssl/private</filename> are the default locations. If you "
674
675
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
675
676
msgstr ""
676
677
677
#: serverguide/C/web-servers.xml:606(para)
678
#: serverguide/C/web-servers.xml:593(para)
678
679
msgid ""
679
680
"With Apache2 now configured for HTTPS, restart the service to enable the new "
680
681
"settings:"
681
682
msgstr ""
682
683
683
#: serverguide/C/web-servers.xml:617(para)
684
#: serverguide/C/web-servers.xml:604(para)
684
685
msgid ""
685
686
"Depending on how you obtained your certificate you may need to enter a "
686
687
"passphrase when <application>Apache2</application> starts."
687
688
msgstr ""
688
689
689
#: serverguide/C/web-servers.xml:623(para)
690
#: serverguide/C/web-servers.xml:610(para)
690
691
msgid ""
691
692
"You can access the secure server pages by typing https://your_hostname/url/ "
692
693
"in your browser address bar."
693
694
msgstr ""
694
695
695
#: serverguide/C/web-servers.xml:630(title)
696
#: serverguide/C/web-servers.xml:617(title)
696
697
msgid "Sharing Write Permission"
697
698
msgstr ""
698
699
716
717
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
717
718
msgstr ""
718
719
719
#: serverguide/C/web-servers.xml:645(para)
720
#: serverguide/C/web-servers.xml:632(para)
720
721
msgid ""
721
722
"If access must be granted to more than one group per directory, enable "
722
723
"Access Control Lists (ACLs)."
723
724
msgstr ""
724
725
725
#: serverguide/C/web-servers.xml:652(title) serverguide/C/web-servers.xml:802(title) serverguide/C/web-servers.xml:951(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/web-servers.xml:1271(title) serverguide/C/vpn.xml:830(title) serverguide/C/vcs.xml:531(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1625(title) serverguide/C/security.xml:1811(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/other-apps.xml:345(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1750(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/lamp-applications.xml:636(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
726
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
726
727
msgid "References"
727
728
msgstr ""
728
729
734
735
"the official Apache2 docs."
735
736
msgstr ""
736
737
737
#: serverguide/C/web-servers.xml:663(para)
738
#: serverguide/C/web-servers.xml:650(para)
738
739
msgid ""
739
740
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
740
741
"Documentation</ulink> site for more SSL related information."
741
742
msgstr ""
742
743
743
#: serverguide/C/web-servers.xml:669(para)
744
#: serverguide/C/web-servers.xml:656(para)
744
745
msgid ""
745
746
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
746
747
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
747
748
"configurations."
748
749
msgstr ""
749
750
750
#: serverguide/C/web-servers.xml:675(para)
751
#: serverguide/C/web-servers.xml:662(para)
751
752
msgid ""
752
753
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
753
754
"server</emphasis> IRC channel on <ulink "
754
755
"url=\"http://freenode.net/\">freenode.net</ulink>."
755
756
msgstr ""
756
757
757
#: serverguide/C/web-servers.xml:681(para)
758
#: serverguide/C/web-servers.xml:668(para)
758
759
msgid ""
759
760
"Usually integrated with PHP and MySQL the <ulink "
760
761
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
761
762
"Ubuntu Wiki </ulink> page is a good resource."
762
763
msgstr ""
763
764
764
#: serverguide/C/web-servers.xml:692(title)
765
#: serverguide/C/web-servers.xml:679(title)
765
766
msgid "PHP5 - Scripting Language"
766
767
msgstr ""
767
768
768
#: serverguide/C/web-servers.xml:693(para)
769
#: serverguide/C/web-servers.xml:680(para)
769
770
msgid ""
770
771
"PHP is a general-purpose scripting language suited for Web development. The "
771
772
"PHP script can be embedded into HTML. This section explains how to install "
772
773
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
773
774
msgstr ""
774
775
775
#: serverguide/C/web-servers.xml:697(para)
776
#: serverguide/C/web-servers.xml:684(para)
776
777
msgid ""
777
778
"This section assumes you have installed and configured Apache2 Web Server "
778
779
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
780
781
"respectively."
781
782
msgstr ""
782
783
783
#: serverguide/C/web-servers.xml:704(para)
784
#: serverguide/C/web-servers.xml:691(para)
784
785
msgid ""
785
786
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
786
787
"installed in the base system, PHP must be added."
787
788
msgstr ""
788
789
789
#: serverguide/C/web-servers.xml:708(para)
790
#: serverguide/C/web-servers.xml:695(para)
790
791
msgid ""
791
792
"To install PHP5 you can enter the following command in the terminal prompt: "
792
793
"<screen>\n"
794
795
"</screen>"
795
796
msgstr ""
796
797
797
#: serverguide/C/web-servers.xml:717(para)
798
#: serverguide/C/web-servers.xml:704(para)
798
799
msgid ""
799
800
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
800
801
"line you should install <application>php5-cli</application> package. To "
804
805
"</screen>"
805
806
msgstr ""
806
807
807
#: serverguide/C/web-servers.xml:726(para)
808
#: serverguide/C/web-servers.xml:713(para)
808
809
msgid ""
809
810
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
810
811
"accomplish this, you should install <application>php5-cgi</application> "
814
815
"</screen>"
815
816
msgstr ""
816
817
817
#: serverguide/C/web-servers.xml:736(para)
818
#: serverguide/C/web-servers.xml:723(para)
818
819
msgid ""
819
820
"To use <application>MySQL</application> with PHP5 you should install "
820
821
"<application>php5-mysql</application> package. To install <application>php5-"
824
825
"</screen>"
825
826
msgstr ""
826
827
827
#: serverguide/C/web-servers.xml:744(para)
828
#: serverguide/C/web-servers.xml:731(para)
828
829
msgid ""
829
830
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
830
831
"install <application>php5-pgsql</application> package. To install "
834
835
"</screen>"
835
836
msgstr ""
836
837
837
#: serverguide/C/web-servers.xml:757(para)
838
#: serverguide/C/web-servers.xml:744(para)
838
839
msgid ""
839
840
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
840
841
"you have installed <application>php5-cli</application> package, you can run "
841
842
"PHP5 scripts from your command prompt."
842
843
msgstr ""
843
844
844
#: serverguide/C/web-servers.xml:764(para)
845
#: serverguide/C/web-servers.xml:751(para)
845
846
msgid ""
846
847
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
847
848
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
852
853
"command."
853
854
msgstr ""
854
855
855
#: serverguide/C/web-servers.xml:775(para)
856
#: serverguide/C/web-servers.xml:762(para)
856
857
msgid ""
857
858
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
858
859
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
860
861
"<screen><command>sudo service apache2 restart</command> </screen>"
861
862
msgstr ""
862
863
863
#: serverguide/C/web-servers.xml:783(title) serverguide/C/network-auth.xml:1048(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1673(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
864
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
864
865
msgid "Testing"
865
866
msgstr ""
866
867
867
#: serverguide/C/web-servers.xml:784(para)
868
#: serverguide/C/web-servers.xml:771(para)
868
869
msgid ""
869
870
"To verify your installation, you can run following PHP5 phpinfo script:"
870
871
msgstr ""
871
872
872
#: serverguide/C/web-servers.xml:787(programlisting)
873
#: serverguide/C/web-servers.xml:774(programlisting)
873
874
#, no-wrap
874
875
msgid ""
875
876
"\n"
878
879
"?>\n"
879
880
msgstr ""
880
881
881
#: serverguide/C/web-servers.xml:792(para)
882
#: serverguide/C/web-servers.xml:779(para)
882
883
msgid ""
883
884
"You can save the content in a file <filename>phpinfo.php</filename> and "
884
885
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
887
888
"various PHP5 configuration parameters."
888
889
msgstr ""
889
890
890
#: serverguide/C/web-servers.xml:806(para)
891
#: serverguide/C/web-servers.xml:793(para)
891
892
msgid ""
892
893
"For more in depth information see <ulink "
893
894
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
894
895
msgstr ""
895
896
896
#: serverguide/C/web-servers.xml:811(para)
897
#: serverguide/C/web-servers.xml:798(para)
897
898
msgid ""
898
899
"There are a plethora of books on PHP. Two good books from O'Reilly are "
899
900
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
901
902
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
902
903
msgstr ""
903
904
904
#: serverguide/C/web-servers.xml:818(para)
905
#: serverguide/C/web-servers.xml:805(para)
905
906
msgid ""
906
907
"Also, see the <ulink "
907
908
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
908
909
"Ubuntu Wiki</ulink> page for more information."
909
910
msgstr ""
910
911
911
#: serverguide/C/web-servers.xml:829(title)
912
#: serverguide/C/web-servers.xml:816(title)
912
913
msgid "Squid - Proxy Server"
913
914
msgstr ""
914
915
937
938
"for increased performance."
938
939
msgstr ""
939
940
940
#: serverguide/C/web-servers.xml:847(para)
941
#: serverguide/C/web-servers.xml:834(para)
941
942
msgid ""
942
943
"At a terminal prompt, enter the following command to install the Squid "
943
944
"server:"
972
973
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
973
974
msgstr ""
974
975
975
#: serverguide/C/web-servers.xml:878(para)
976
#: serverguide/C/web-servers.xml:866(para)
976
977
msgid ""
977
978
"To set your Squid server to listen on TCP port 8888 instead of the default "
978
979
"TCP port 3128, change the http_port directive as such:"
979
980
msgstr ""
980
981
981
#: serverguide/C/web-servers.xml:882(programlisting)
982
#: serverguide/C/web-servers.xml:870(programlisting)
982
983
#, no-wrap
983
984
msgid ""
984
985
"\n"
985
986
"http_port 8888\n"
986
987
msgstr ""
987
988
988
#: serverguide/C/web-servers.xml:887(para)
989
#: serverguide/C/web-servers.xml:875(para)
989
990
msgid ""
990
991
"Change the visible_hostname directive in order to give the Squid server a "
991
992
"specific hostname. This hostname does not necessarily need to be the "
992
993
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
993
994
msgstr ""
994
995
995
#: serverguide/C/web-servers.xml:891(programlisting)
996
#: serverguide/C/web-servers.xml:879(programlisting)
996
997
#, no-wrap
997
998
msgid ""
998
999
"\n"
999
1000
"visible_hostname weezie\n"
1000
1001
msgstr ""
1001
1002
1002
#: serverguide/C/web-servers.xml:896(para)
1003
#: serverguide/C/web-servers.xml:884(para)
1003
1004
msgid ""
1004
1005
"Using Squid's access control, you may configure use of Internet services "
1005
1006
"proxied by Squid to be available only users with certain Internet Protocol "
1013
1014
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1014
1015
msgstr ""
1015
1016
1016
#: serverguide/C/web-servers.xml:904(programlisting)
1017
#: serverguide/C/web-servers.xml:892(programlisting)
1017
1018
#, no-wrap
1018
1019
msgid ""
1019
1020
"\n"
1026
1027
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1027
1028
msgstr ""
1028
1029
1029
#: serverguide/C/web-servers.xml:911(programlisting)
1030
#: serverguide/C/web-servers.xml:899(programlisting)
1030
1031
#, no-wrap
1031
1032
msgid ""
1032
1033
"\n"
1042
1043
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1043
1044
msgstr ""
1044
1045
1045
#: serverguide/C/web-servers.xml:924(programlisting)
1046
#: serverguide/C/web-servers.xml:912(programlisting)
1046
1047
#, no-wrap
1047
1048
msgid ""
1048
1049
"\n"
1050
1051
"acl biz_hours time M T W T F 9:00-17:00\n"
1051
1052
msgstr ""
1052
1053
1053
#: serverguide/C/web-servers.xml:932(programlisting)
1054
#: serverguide/C/web-servers.xml:920(programlisting)
1054
1055
#, no-wrap
1055
1056
msgid ""
1056
1057
"\n"
1069
1070
msgid "sudo service squid3 restart"
1070
1071
msgstr ""
1071
1072
1072
#: serverguide/C/web-servers.xml:953(ulink)
1073
#: serverguide/C/web-servers.xml:941(ulink)
1073
1074
msgid "Squid Website"
1074
1075
msgstr ""
1075
1076
1076
#: serverguide/C/web-servers.xml:955(para)
1077
#: serverguide/C/web-servers.xml:943(para)
1077
1078
msgid ""
1078
1079
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1079
1080
"Squid</ulink> page."
1080
1081
msgstr ""
1081
1082
1082
#: serverguide/C/web-servers.xml:962(title)
1083
#: serverguide/C/web-servers.xml:950(title)
1083
1084
msgid "Ruby on Rails"
1084
1085
msgstr ""
1085
1086
1086
#: serverguide/C/web-servers.xml:963(para)
1087
#: serverguide/C/web-servers.xml:951(para)
1087
1088
msgid ""
1088
1089
"Ruby on Rails is an open source web framework for developing database backed "
1089
1090
"web applications. It is optimized for sustainable productivity of the "
1091
1092
"convention over configuration."
1092
1093
msgstr ""
1093
1094
1094
#: serverguide/C/web-servers.xml:970(para)
1095
#: serverguide/C/web-servers.xml:958(para)
1095
1096
msgid ""
1096
1097
"Before installing <application>Rails</application> you should install "
1097
1098
"<application>Apache</application> and <application>MySQL</application>. To "
1100
1101
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1101
1102
msgstr ""
1102
1103
1103
#: serverguide/C/web-servers.xml:978(para)
1104
#: serverguide/C/web-servers.xml:966(para)
1104
1105
msgid ""
1105
1106
"Once you have <application>Apache</application> and "
1106
1107
"<application>MySQL</application> packages installed, you are ready to "
1107
1108
"install <application>Ruby on Rails</application> package."
1108
1109
msgstr ""
1109
1110
1110
#: serverguide/C/web-servers.xml:985(para)
1111
#: serverguide/C/web-servers.xml:973(para)
1111
1112
msgid ""
1112
1113
"To install the <application>Ruby</application> base packages and "
1113
1114
"<application>Ruby on Rails</application>, you can enter the following "
1114
1115
"command in the terminal prompt:"
1115
1116
msgstr ""
1116
1117
1117
#: serverguide/C/web-servers.xml:991(command)
1118
#: serverguide/C/web-servers.xml:979(command)
1118
1119
msgid "sudo apt-get install rails"
1119
1120
msgstr ""
1120
1121
1124
1125
"default.conf</filename> configuration file to setup your domains."
1125
1126
msgstr ""
1126
1127
1127
#: serverguide/C/web-servers.xml:1001(para)
1128
#: serverguide/C/web-servers.xml:989(para)
1128
1129
msgid ""
1129
1130
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1130
1131
msgstr ""
1131
1132
1132
#: serverguide/C/web-servers.xml:1005(programlisting)
1133
#: serverguide/C/web-servers.xml:993(programlisting)
1133
1134
#, no-wrap
1134
1135
msgid ""
1135
1136
"\n"
1136
1137
"DocumentRoot /path/to/rails/application/public\n"
1137
1138
msgstr ""
1138
1139
1139
#: serverguide/C/web-servers.xml:1008(para)
1140
#: serverguide/C/web-servers.xml:996(para)
1140
1141
msgid ""
1141
1142
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1142
1143
"directive:"
1143
1144
msgstr ""
1144
1145
1145
#: serverguide/C/web-servers.xml:1012(programlisting)
1146
#: serverguide/C/web-servers.xml:1000(programlisting)
1146
1147
#, no-wrap
1147
1148
msgid ""
1148
1149
"\n"
1155
1156
"</Directory>\n"
1156
1157
msgstr ""
1157
1158
1158
#: serverguide/C/web-servers.xml:1022(para)
1159
#: serverguide/C/web-servers.xml:1010(para)
1159
1160
msgid ""
1160
1161
"You should also enable the <application>mod_rewrite</application> module for "
1161
1162
"Apache. To enable <application>mod_rewrite</application> module, please "
1162
1163
"enter the following command in a terminal prompt:"
1163
1164
msgstr ""
1164
1165
1165
#: serverguide/C/web-servers.xml:1028(command)
1166
#: serverguide/C/web-servers.xml:1016(command)
1166
1167
msgid "sudo a2enmod rewrite"
1167
1168
msgstr ""
1168
1169
1169
#: serverguide/C/web-servers.xml:1031(para)
1170
#: serverguide/C/web-servers.xml:1019(para)
1170
1171
msgid ""
1171
1172
"Finally you will need to change the ownership of the "
1172
1173
"<filename>/path/to/rails/application/public</filename> and "
1174
1175
"used to run the <application>Apache</application> process:"
1175
1176
msgstr ""
1176
1177
1177
#: serverguide/C/web-servers.xml:1037(command)
1178
#: serverguide/C/web-servers.xml:1025(command)
1178
1179
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1179
1180
msgstr ""
1180
1181
1181
#: serverguide/C/web-servers.xml:1038(command)
1182
#: serverguide/C/web-servers.xml:1026(command)
1182
1183
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1183
1184
msgstr ""
1184
1185
1185
#: serverguide/C/web-servers.xml:1041(para)
1186
#: serverguide/C/web-servers.xml:1029(para)
1186
1187
msgid ""
1187
1188
"That's it! Now you have your Server ready for your <application>Ruby on "
1188
1189
"Rails</application> applications."
1189
1190
msgstr ""
1190
1191
1191
#: serverguide/C/web-servers.xml:1050(para)
1192
#: serverguide/C/web-servers.xml:1038(para)
1192
1193
msgid ""
1193
1194
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1194
1195
"for more information."
1195
1196
msgstr ""
1196
1197
1197
#: serverguide/C/web-servers.xml:1055(para)
1198
#: serverguide/C/web-servers.xml:1043(para)
1198
1199
msgid ""
1199
1200
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1200
1201
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1201
1202
"resource."
1202
1203
msgstr ""
1203
1204
1204
#: serverguide/C/web-servers.xml:1061(para)
1205
#: serverguide/C/web-servers.xml:1049(para)
1205
1206
msgid ""
1206
1207
"Another place for more information is the <ulink "
1207
1208
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1208
1209
"Wiki</ulink> page."
1209
1210
msgstr ""
1210
1211
1211
#: serverguide/C/web-servers.xml:1072(title)
1212
#: serverguide/C/web-servers.xml:1060(title)
1212
1213
msgid "Apache Tomcat"
1213
1214
msgstr ""
1214
1215
1215
#: serverguide/C/web-servers.xml:1073(para)
1216
#: serverguide/C/web-servers.xml:1061(para)
1216
1217
msgid ""
1217
1218
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1218
1219
"JSP (Java Server Pages) web applications."
1237
1238
"need to test on their own private Tomcat instances."
1238
1239
msgstr ""
1239
1240
1240
#: serverguide/C/web-servers.xml:1088(title)
1241
#: serverguide/C/web-servers.xml:1073(title)
1241
1242
msgid "System-wide installation"
1242
1243
msgstr ""
1243
1244
1244
#: serverguide/C/web-servers.xml:1089(para)
1245
#: serverguide/C/web-servers.xml:1074(para)
1245
1246
msgid ""
1246
1247
"To install the Tomcat server, you can enter the following command in the "
1247
1248
"terminal prompt:"
1251
1252
msgid "sudo apt-get install tomcat7"
1252
1253
msgstr ""
1253
1254
1254
#: serverguide/C/web-servers.xml:1094(para)
1255
#: serverguide/C/web-servers.xml:1079(para)
1255
1256
msgid ""
1256
1257
"This will install a Tomcat server with just a default ROOT webapp that "
1257
1258
"displays a minimal \"It works\" page by default."
1266
1267
"documentation</ulink> for more."
1267
1268
msgstr ""
1268
1269
1269
#: serverguide/C/web-servers.xml:1106(title)
1270
#: serverguide/C/web-servers.xml:1091(title)
1270
1271
msgid "Changing default ports"
1271
1272
msgstr ""
1272
1273
1278
1279
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1279
1280
msgstr ""
1280
1281
1281
#: serverguide/C/web-servers.xml:1112(programlisting)
1282
#: serverguide/C/web-servers.xml:1097(programlisting)
1282
1283
#, no-wrap
1283
1284
msgid ""
1284
1285
"\n"
1290
1291
"/>\n"
1291
1292
msgstr ""
1292
1293
1293
#: serverguide/C/web-servers.xml:1121(title)
1294
#: serverguide/C/web-servers.xml:1106(title)
1294
1295
msgid "Changing JVM used"
1295
1296
msgstr ""
1296
1297
1301
1302
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1302
1303
msgstr ""
1303
1304
1304
#: serverguide/C/web-servers.xml:1126(programlisting)
1305
#: serverguide/C/web-servers.xml:1111(programlisting)
1305
1306
#, no-wrap
1306
1307
msgid ""
1307
1308
"\n"
1308
1309
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1309
1310
msgstr ""
1310
1311
1311
#: serverguide/C/web-servers.xml:1131(title)
1312
#: serverguide/C/web-servers.xml:1116(title)
1312
1313
msgid "Declaring users and roles"
1313
1314
msgstr ""
1314
1315
1319
1320
"users.xml</filename> file:"
1320
1321
msgstr ""
1321
1322
1322
#: serverguide/C/web-servers.xml:1135(programlisting)
1323
#: serverguide/C/web-servers.xml:1120(programlisting)
1323
1324
#, no-wrap
1324
1325
msgid ""
1325
1326
"\n"
1327
1328
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1328
1329
msgstr ""
1329
1330
1330
#: serverguide/C/web-servers.xml:1143(title)
1331
#: serverguide/C/web-servers.xml:1128(title)
1331
1332
msgid "Using Tomcat standard webapps"
1332
1333
msgstr ""
1333
1334
1334
#: serverguide/C/web-servers.xml:1144(para)
1335
#: serverguide/C/web-servers.xml:1129(para)
1335
1336
msgid ""
1336
1337
"Tomcat is shipped with webapps that you can install for documentation, "
1337
1338
"administration or demo purposes."
1338
1339
msgstr ""
1339
1340
1340
#: serverguide/C/web-servers.xml:1147(title)
1341
#: serverguide/C/web-servers.xml:1132(title)
1341
1342
msgid "Tomcat documentation"
1342
1343
msgstr ""
1343
1344
1353
1354
msgid "sudo apt-get install tomcat7-docs"
1354
1355
msgstr ""
1355
1356
1356
#: serverguide/C/web-servers.xml:1157(title)
1357
#: serverguide/C/web-servers.xml:1142(title)
1357
1358
msgid "Tomcat administration webapps"
1358
1359
msgstr ""
1359
1360
1368
1369
msgid "sudo apt-get install tomcat7-admin"
1369
1370
msgstr ""
1370
1371
1371
#: serverguide/C/web-servers.xml:1165(para)
1372
#: serverguide/C/web-servers.xml:1150(para)
1372
1373
msgid ""
1373
1374
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1374
1375
"access by default at http://yourserver:8080/manager/html. It is primarily "
1382
1383
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1383
1384
msgstr ""
1384
1385
1385
#: serverguide/C/web-servers.xml:1172(para)
1386
#: serverguide/C/web-servers.xml:1157(para)
1386
1387
msgid ""
1387
1388
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1388
1389
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1414
1415
msgid "sudo chmod -R g+w /etc/tomcat7"
1415
1416
msgstr ""
1416
1417
1417
#: serverguide/C/web-servers.xml:1194(title)
1418
#: serverguide/C/web-servers.xml:1179(title)
1418
1419
msgid "Tomcat examples webapps"
1419
1420
msgstr ""
1420
1421
1430
1431
msgid "sudo apt-get install tomcat7-examples"
1431
1432
msgstr ""
1432
1433
1433
#: serverguide/C/web-servers.xml:1207(title)
1434
#: serverguide/C/web-servers.xml:1192(title)
1434
1435
msgid "Using private instances"
1435
1436
msgstr ""
1436
1437
1444
1445
"system-installed libraries."
1445
1446
msgstr ""
1446
1447
1447
#: serverguide/C/web-servers.xml:1215(para)
1448
#: serverguide/C/web-servers.xml:1200(para)
1448
1449
msgid ""
1449
1450
"It is possible to run the system-wide instance and the private instances in "
1450
1451
"parallel, as long as they do not use the same TCP ports."
1451
1452
msgstr ""
1452
1453
1453
#: serverguide/C/web-servers.xml:1219(title)
1454
#: serverguide/C/web-servers.xml:1204(title)
1454
1455
msgid "Installing private instance support"
1455
1456
msgstr ""
1456
1457
1457
#: serverguide/C/web-servers.xml:1220(para)
1458
#: serverguide/C/web-servers.xml:1205(para)
1458
1459
msgid ""
1459
1460
"You can install everything necessary to run private instances by entering "
1460
1461
"the following command in the terminal prompt:"
1464
1465
msgid "sudo apt-get install tomcat7-user"
1465
1466
msgstr ""
1466
1467
1467
#: serverguide/C/web-servers.xml:1227(title)
1468
#: serverguide/C/web-servers.xml:1212(title)
1468
1469
msgid "Creating a private instance"
1469
1470
msgstr ""
1470
1471
1471
#: serverguide/C/web-servers.xml:1228(para)
1472
#: serverguide/C/web-servers.xml:1213(para)
1472
1473
msgid ""
1473
1474
"You can create a private instance directory by entering the following "
1474
1475
"command in the terminal prompt:"
1478
1479
msgid "tomcat7-instance-create my-instance"
1479
1480
msgstr ""
1480
1481
1481
#: serverguide/C/web-servers.xml:1233(para)
1482
#: serverguide/C/web-servers.xml:1218(para)
1482
1483
msgid ""
1483
1484
"This will create a new <filename>my-instance</filename> directory with all "
1484
1485
"the necessary subdirectories and scripts. You can for example install your "
1487
1488
"are deployed by default."
1488
1489
msgstr ""
1489
1490
1490
#: serverguide/C/web-servers.xml:1241(title)
1491
#: serverguide/C/web-servers.xml:1226(title)
1491
1492
msgid "Configuring your private instance"
1492
1493
msgstr ""
1493
1494
1494
#: serverguide/C/web-servers.xml:1242(para)
1495
#: serverguide/C/web-servers.xml:1227(para)
1495
1496
msgid ""
1496
1497
"You will find the classic Tomcat configuration files for your private "
1497
1498
"instance in the <filename>conf/</filename> subdirectory. You should for "
1500
1501
"conflict with other instances that might be running."
1501
1502
msgstr ""
1502
1503
1503
#: serverguide/C/web-servers.xml:1250(title)
1504
#: serverguide/C/web-servers.xml:1235(title)
1504
1505
msgid "Starting/stopping your private instance"
1505
1506
msgstr ""
1506
1507
1507
#: serverguide/C/web-servers.xml:1251(para)
1508
#: serverguide/C/web-servers.xml:1236(para)
1508
1509
msgid ""
1509
1510
"You can start your private instance by entering the following command in the "
1510
1511
"terminal prompt (supposing your instance is located in the <filename>my-"
1511
1512
"instance</filename> directory):"
1512
1513
msgstr ""
1513
1514
1514
#: serverguide/C/web-servers.xml:1255(command)
1515
#: serverguide/C/web-servers.xml:1240(command)
1515
1516
msgid "my-instance/bin/startup.sh"
1516
1517
msgstr ""
1517
1518
1518
#: serverguide/C/web-servers.xml:1257(para)
1519
#: serverguide/C/web-servers.xml:1242(para)
1519
1520
msgid ""
1520
1521
"You should check the <filename>logs/</filename> subdirectory for any error. "
1521
1522
"If you have a <emphasis>java.net.BindException: Address already in "
1523
1524
"is already taken and that you should change it."
1524
1525
msgstr ""
1525
1526
1526
#: serverguide/C/web-servers.xml:1262(para)
1527
#: serverguide/C/web-servers.xml:1247(para)
1527
1528
msgid ""
1528
1529
"You can stop your instance by entering the following command in the terminal "
1529
1530
"prompt (supposing your instance is located in the <filename>my-"
1530
1531
"instance</filename> directory):"
1531
1532
msgstr ""
1532
1533
1533
#: serverguide/C/web-servers.xml:1266(command)
1534
#: serverguide/C/web-servers.xml:1251(command)
1534
1535
msgid "my-instance/bin/shutdown.sh"
1535
1536
msgstr ""
1536
1537
1537
#: serverguide/C/web-servers.xml:1275(para)
1538
#: serverguide/C/web-servers.xml:1260(para)
1538
1539
msgid ""
1539
1540
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1540
1541
"website for more information."
1547
1548
"with Tomcat."
1548
1549
msgstr ""
1549
1550
1550
#: serverguide/C/web-servers.xml:1286(para)
1551
#: serverguide/C/web-servers.xml:1271(para)
1551
1552
msgid ""
1552
1553
"For additional books see the <ulink "
1553
1554
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1678
1679
"\n"
1679
1680
msgstr ""
1680
1681
1681
#: serverguide/C/vpn.xml:94(para)
1682
#: serverguide/C/vpn.xml:90(para)
1682
1683
msgid ""
1683
1684
"Enter the following to generate the master Certificate Authority (CA) "
1684
1685
"certificate and key:"
1685
1686
msgstr ""
1686
1687
1687
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1688
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1688
1689
msgid "cd /etc/openvpn/easy-rsa/"
1689
1690
msgstr ""
1690
1691
1691
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1692
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1692
1693
msgid "source vars"
1693
1694
msgstr ""
1694
1695
1695
#: serverguide/C/vpn.xml:101(command)
1696
#: serverguide/C/vpn.xml:97(command)
1696
1697
msgid "./clean-all"
1697
1698
msgstr ""
1698
1699
1699
#: serverguide/C/vpn.xml:102(command)
1700
#: serverguide/C/vpn.xml:98(command)
1700
1701
msgid "./build-ca"
1701
1702
msgstr ""
1702
1703
1703
#: serverguide/C/vpn.xml:107(title)
1704
#: serverguide/C/vpn.xml:103(title)
1704
1705
msgid "Server Certificates"
1705
1706
msgstr ""
1706
1707
1707
#: serverguide/C/vpn.xml:109(para)
1708
#: serverguide/C/vpn.xml:105(para)
1708
1709
msgid "Next, we will generate a certificate and private key for the server:"
1709
1710
msgstr ""
1710
1711
1711
#: serverguide/C/vpn.xml:114(command)
1712
#: serverguide/C/vpn.xml:110(command)
1712
1713
msgid "./build-key-server myservername"
1713
1714
msgstr ""
1714
1715
1715
#: serverguide/C/vpn.xml:117(para)
1716
#: serverguide/C/vpn.xml:113(para)
1716
1717
msgid ""
1717
1718
"As in the previous step, most parameters can be defaulted. Two other queries "
1718
1719
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1719
1720
"certificate requests certified, commit? [y/n]\"."
1720
1721
msgstr ""
1721
1722
1722
#: serverguide/C/vpn.xml:121(para)
1723
#: serverguide/C/vpn.xml:117(para)
1723
1724
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1724
1725
msgstr ""
1725
1726
1726
#: serverguide/C/vpn.xml:126(command)
1727
#: serverguide/C/vpn.xml:122(command)
1727
1728
msgid "./build-dh"
1728
1729
msgstr ""
1729
1730
1730
#: serverguide/C/vpn.xml:129(para)
1731
#: serverguide/C/vpn.xml:125(para)
1731
1732
msgid ""
1732
1733
"All certificates and keys have been generated in the subdirectory keys/. "
1733
1734
"Common practice is to copy them to /etc/openvpn/:"
1734
1735
msgstr ""
1735
1736
1736
#: serverguide/C/vpn.xml:133(command)
1737
#: serverguide/C/vpn.xml:129(command)
1737
1738
msgid "cd keys/"
1738
1739
msgstr ""
1739
1740
1741
1742
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1742
1743
msgstr ""
1743
1744
1744
#: serverguide/C/vpn.xml:139(title)
1745
#: serverguide/C/vpn.xml:135(title)
1745
1746
msgid "Client Certificates"
1746
1747
msgstr ""
1747
1748
1748
#: serverguide/C/vpn.xml:141(para)
1749
#: serverguide/C/vpn.xml:137(para)
1749
1750
msgid ""
1750
1751
"The VPN client will also need a certificate to authenticate itself to the "
1751
1752
"server. Usually you create a different certificate for each client. To "
1753
1754
"root:"
1754
1755
msgstr ""
1755
1756
1756
#: serverguide/C/vpn.xml:149(command)
1757
#: serverguide/C/vpn.xml:145(command)
1757
1758
msgid "./build-key client1"
1758
1759
msgstr ""
1759
1760
1760
#: serverguide/C/vpn.xml:152(para)
1761
#: serverguide/C/vpn.xml:148(para)
1761
1762
msgid "Copy the following files to the client using a secure method:"
1762
1763
msgstr ""
1763
1764
1764
#: serverguide/C/vpn.xml:157(para)
1765
#: serverguide/C/vpn.xml:153(para)
1765
1766
msgid "/etc/openvpn/ca.crt"
1766
1767
msgstr ""
1767
1768
1768
#: serverguide/C/vpn.xml:158(para)
1769
#: serverguide/C/vpn.xml:154(para)
1769
1770
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1770
1771
msgstr ""
1771
1772
1772
#: serverguide/C/vpn.xml:159(para)
1773
#: serverguide/C/vpn.xml:155(para)
1773
1774
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1774
1775
msgstr ""
1775
1776
1776
#: serverguide/C/vpn.xml:162(para)
1777
#: serverguide/C/vpn.xml:158(para)
1777
1778
msgid ""
1778
1779
"As the client certificates and keys are only required on the client machine, "
1779
1780
"you should remove them from the server."
1780
1781
msgstr ""
1781
1782
1782
#: serverguide/C/vpn.xml:170(title)
1783
#: serverguide/C/vpn.xml:166(title)
1783
1784
msgid "Simple Server Configuration"
1784
1785
msgstr ""
1785
1786
1786
#: serverguide/C/vpn.xml:172(para)
1787
#: serverguide/C/vpn.xml:168(para)
1787
1788
msgid ""
1788
1789
"Along with your <application>OpenVPN</application> installation you got "
1789
1790
"these sample config files (and many more if if you check):"
1790
1791
msgstr ""
1791
1792
1792
#: serverguide/C/vpn.xml:176(programlisting)
1793
#: serverguide/C/vpn.xml:172(programlisting)
1793
1794
#, no-wrap
1794
1795
msgid ""
1795
1796
"\n"
1799
1800
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1800
1801
msgstr ""
1801
1802
1802
#: serverguide/C/vpn.xml:183(para)
1803
#: serverguide/C/vpn.xml:179(para)
1803
1804
msgid ""
1804
1805
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1805
1806
msgstr ""
1806
1807
1807
#: serverguide/C/vpn.xml:187(command)
1808
#: serverguide/C/vpn.xml:183(command)
1808
1809
msgid ""
1809
1810
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1810
1811
"/etc/openvpn/"
1811
1812
msgstr ""
1812
1813
1813
#: serverguide/C/vpn.xml:188(command)
1814
#: serverguide/C/vpn.xml:184(command)
1814
1815
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1815
1816
msgstr ""
1816
1817
1817
#: serverguide/C/vpn.xml:191(para)
1818
#: serverguide/C/vpn.xml:187(para)
1818
1819
msgid ""
1819
1820
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1820
1821
"following lines are pointing to the certificates and keys you created in the "
1833
1834
1834
1835
#: serverguide/C/vpn.xml:201(para)
1835
1836
msgid ""
1837
"Edit <filename>/etc/sysctl.conf</filename> and uncomment the following line "
1838
"to enable IP forwarding."
1839
msgstr ""
1840
1841
#: serverguide/C/vpn.xml:204(programlisting)
1842
#, no-wrap
1843
msgid ""
1844
"\n"
1845
"#net.ipv4.ip_forward=1\n"
1846
msgstr ""
1847
1848
#: serverguide/C/vpn.xml:207(para)
1849
msgid "Then reload sysctl."
1850
msgstr ""
1851
1852
#: serverguide/C/vpn.xml:211(command)
1853
msgid "sudo sysctl -p /etc/sysctl.conf"
1854
msgstr ""
1855
1856
#: serverguide/C/vpn.xml:197(para)
1857
msgid ""
1836
1858
"That is the minimum you have to configure to get a working OpenVPN server. "
1837
1859
"You can use all the default settings in the sample server.conf file. Now "
1838
1860
"start the server. You will find logging and error messages in your syslog."
1839
1861
msgstr ""
1840
1862
1841
#: serverguide/C/vpn.xml:206(programlisting)
1863
#: serverguide/C/vpn.xml:219(programlisting)
1842
1864
#, no-wrap
1843
1865
msgid ""
1844
1866
"\n"
1847
1869
" * Autostarting VPN 'server' [ OK ]\n"
1848
1870
msgstr ""
1849
1871
1850
#: serverguide/C/vpn.xml:212(para)
1872
#: serverguide/C/vpn.xml:208(para)
1851
1873
msgid "Now check if OpenVPN created a tun0 interface:"
1852
1874
msgstr ""
1853
1875
1854
#: serverguide/C/vpn.xml:216(programlisting)
1876
#: serverguide/C/vpn.xml:212(programlisting)
1855
1877
#, no-wrap
1856
1878
msgid ""
1857
1879
"\n"
1863
1885
"[...]\n"
1864
1886
msgstr ""
1865
1887
1866
#: serverguide/C/vpn.xml:226(title)
1888
#: serverguide/C/vpn.xml:222(title)
1867
1889
msgid "Simple Client Configuration"
1868
1890
msgstr ""
1869
1891
1870
#: serverguide/C/vpn.xml:228(para)
1892
#: serverguide/C/vpn.xml:224(para)
1871
1893
msgid ""
1872
1894
"There are various different <application>OpenVPN</application> client "
1873
1895
"implementations with and without GUIs. You can read more about clients in a "
1876
1898
"install the openvpn package again on the client machine:"
1877
1899
msgstr ""
1878
1900
1879
#: serverguide/C/vpn.xml:235(command) serverguide/C/vpn.xml:603(command)
1901
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1880
1902
msgid "sudo apt-get install openvpn"
1881
1903
msgstr ""
1882
1904
1883
#: serverguide/C/vpn.xml:238(para)
1905
#: serverguide/C/vpn.xml:234(para)
1884
1906
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1885
1907
msgstr ""
1886
1908
1887
#: serverguide/C/vpn.xml:242(command)
1909
#: serverguide/C/vpn.xml:238(command)
1888
1910
msgid ""
1889
1911
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1890
1912
"/etc/openvpn/"
1891
1913
msgstr ""
1892
1914
1893
#: serverguide/C/vpn.xml:245(para)
1915
#: serverguide/C/vpn.xml:241(para)
1894
1916
msgid ""
1895
1917
"Copy the client keys and the certificate of the CA you created in the "
1896
1918
"section above to e.g. /etc/openvpn/ and edit "
1899
1921
"you can omit the path."
1900
1922
msgstr ""
1901
1923
1902
#: serverguide/C/vpn.xml:248(programlisting) serverguide/C/vpn.xml:268(programlisting)
1924
#: serverguide/C/vpn.xml:244(programlisting)
1903
1925
#, no-wrap
1904
1926
msgid ""
1905
1927
"\n"
1908
1930
"key client1.key\n"
1909
1931
msgstr ""
1910
1932
1911
#: serverguide/C/vpn.xml:254(para)
1933
#: serverguide/C/vpn.xml:250(para)
1912
1934
msgid ""
1913
1935
"And you have to at least specify the OpenVPN server name or address. Make "
1914
1936
"sure the keyword client is in the config. That's what enables client mode."
1915
1937
msgstr ""
1916
1938
1917
#: serverguide/C/vpn.xml:260(programlisting)
1939
#: serverguide/C/vpn.xml:256(programlisting)
1918
1940
#, no-wrap
1919
1941
msgid ""
1920
1942
"\n"
1922
1944
"remote vpnserver.example.com 1194\n"
1923
1945
msgstr ""
1924
1946
1925
#: serverguide/C/vpn.xml:265(para)
1947
#: serverguide/C/vpn.xml:278(para)
1926
1948
msgid ""
1927
1949
"Also, make sure you specify the keyfile names you copied from the server"
1928
1950
msgstr ""
1929
1951
1930
#: serverguide/C/vpn.xml:273(para)
1952
#: serverguide/C/vpn.xml:261(para)
1931
1953
msgid "Now start the OpenVPN client:"
1932
1954
msgstr ""
1933
1955
1934
#: serverguide/C/vpn.xml:277(programlisting)
1956
#: serverguide/C/vpn.xml:290(programlisting)
1935
1957
#, no-wrap
1936
1958
msgid ""
1937
1959
"\n"
1940
1962
" * Autostarting VPN 'client' [ OK ] \n"
1941
1963
msgstr ""
1942
1964
1943
#: serverguide/C/vpn.xml:283(para)
1965
#: serverguide/C/vpn.xml:271(para)
1944
1966
msgid "Check if it created a tun0 interface:"
1945
1967
msgstr ""
1946
1968
1947
#: serverguide/C/vpn.xml:287(programlisting)
1969
#: serverguide/C/vpn.xml:275(programlisting)
1948
1970
#, no-wrap
1949
1971
msgid ""
1950
1972
"\n"
1955
1977
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
1956
1978
msgstr ""
1957
1979
1958
#: serverguide/C/vpn.xml:294(para)
1980
#: serverguide/C/vpn.xml:282(para)
1959
1981
msgid "Check if you can ping the OpenVPN server:"
1960
1982
msgstr ""
1961
1983
1962
#: serverguide/C/vpn.xml:297(programlisting)
1984
#: serverguide/C/vpn.xml:285(programlisting)
1963
1985
#, no-wrap
1964
1986
msgid ""
1965
1987
"\n"
1968
1990
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
1969
1991
msgstr ""
1970
1992
1971
#: serverguide/C/vpn.xml:304(para)
1993
#: serverguide/C/vpn.xml:292(para)
1972
1994
msgid ""
1973
1995
"The OpenVPN server always uses the first usable IP address in the client "
1974
1996
"network and only that IP is pingable. E.g. if you configured a /24 for the "
1976
1998
"in the ifconfig output above is usually not answering ping requests."
1977
1999
msgstr ""
1978
2000
1979
#: serverguide/C/vpn.xml:309(para)
2001
#: serverguide/C/vpn.xml:297(para)
1980
2002
msgid "Check out your routes:"
1981
2003
msgstr ""
1982
2004
1983
#: serverguide/C/vpn.xml:312(programlisting)
2005
#: serverguide/C/vpn.xml:300(programlisting)
1984
2006
#, no-wrap
1985
2007
msgid ""
1986
2008
"\n"
1998
2020
"eth0\n"
1999
2021
msgstr ""
2000
2022
2001
#: serverguide/C/vpn.xml:324(title)
2023
#: serverguide/C/vpn.xml:312(title)
2002
2024
msgid "First trouble shooting"
2003
2025
msgstr ""
2004
2026
2005
#: serverguide/C/vpn.xml:326(para)
2027
#: serverguide/C/vpn.xml:314(para)
2006
2028
msgid "If the above didn't work for you, check this:"
2007
2029
msgstr ""
2008
2030
2009
#: serverguide/C/vpn.xml:331(para)
2031
#: serverguide/C/vpn.xml:319(para)
2010
2032
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2011
2033
msgstr ""
2012
2034
2013
#: serverguide/C/vpn.xml:334(para)
2035
#: serverguide/C/vpn.xml:347(para)
2014
2036
msgid ""
2015
2037
"Check that you have specified the keyfile names correctly in client.conf and "
2016
2038
"server.conf."
2017
2039
msgstr ""
2018
2040
2019
#: serverguide/C/vpn.xml:337(para)
2041
#: serverguide/C/vpn.xml:322(para)
2020
2042
msgid ""
2021
2043
"Can the client connect to the server machine? Maybe a firewall is blocking "
2022
2044
"access? Check syslog on server."
2023
2045
msgstr ""
2024
2046
2025
#: serverguide/C/vpn.xml:340(para)
2047
#: serverguide/C/vpn.xml:325(para)
2026
2048
msgid ""
2027
2049
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2028
2050
"port and proto config option"
2029
2051
msgstr ""
2030
2052
2031
#: serverguide/C/vpn.xml:343(para)
2053
#: serverguide/C/vpn.xml:328(para)
2032
2054
msgid ""
2033
2055
"Client and server must use same config regarding compression, see comp-lzo "
2034
2056
"config option"
2035
2057
msgstr ""
2036
2058
2037
#: serverguide/C/vpn.xml:346(para)
2059
#: serverguide/C/vpn.xml:331(para)
2038
2060
msgid ""
2039
2061
"Client and server must use same config regarding bridged vs routed mode, see "
2040
2062
"server vs server-bridge config option"
2041
2063
msgstr ""
2042
2064
2043
#: serverguide/C/vpn.xml:353(title) serverguide/C/databases.xml:161(title)
2065
#: serverguide/C/databases.xml:168(title)
2044
2066
msgid "Advanced configuration"
2045
2067
msgstr ""
2046
2068
2047
#: serverguide/C/vpn.xml:356(title)
2069
#: serverguide/C/vpn.xml:342(title)
2048
2070
msgid "Advanced routed VPN configuration on server"
2049
2071
msgstr ""
2050
2072
2051
#: serverguide/C/vpn.xml:358(para)
2073
#: serverguide/C/vpn.xml:344(para)
2052
2074
msgid ""
2053
2075
"The above is a very simple working VPN. The client can access services on "
2054
2076
"the VPN server machine through an encrypted tunnel. If you want to reach "
2059
2081
"route to the VPN client-network."
2060
2082
msgstr ""
2061
2083
2062
#: serverguide/C/vpn.xml:362(para)
2084
#: serverguide/C/vpn.xml:348(para)
2063
2085
msgid ""
2064
2086
"Or you might push a default gateway to all the clients to send all their "
2065
2087
"internet traffic to the VPN gateway first and from there via the company "
2066
2088
"firewall into the internet. This section shows you some possible options."
2067
2089
msgstr ""
2068
2090
2069
#: serverguide/C/vpn.xml:366(para)
2091
#: serverguide/C/vpn.xml:352(para)
2070
2092
msgid ""
2071
2093
"Push routes to the client to allow it to reach other private subnets behind "
2072
2094
"the server. Remember that these private subnets will also need to know to "
2074
2096
"server."
2075
2097
msgstr ""
2076
2098
2077
#: serverguide/C/vpn.xml:375(programlisting)
2099
#: serverguide/C/vpn.xml:361(programlisting)
2078
2100
#, no-wrap
2079
2101
msgid ""
2080
2102
"\n"
2081
2103
"push \"route 10.0.0.0 255.0.0.0\"\n"
2082
2104
msgstr ""
2083
2105
2084
#: serverguide/C/vpn.xml:379(para)
2106
#: serverguide/C/vpn.xml:392(para)
2085
2107
msgid ""
2086
2108
"If enabled, this directive will configure all clients to redirect their "
2087
2109
"default network gateway through the VPN, causing all IP traffic such as web "
2090
2112
"internet in order for this to work properly)."
2091
2113
msgstr ""
2092
2114
2093
#: serverguide/C/vpn.xml:388(programlisting)
2115
#: serverguide/C/vpn.xml:374(programlisting)
2094
2116
#, no-wrap
2095
2117
msgid ""
2096
2118
"\n"
2097
2119
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2098
2120
msgstr ""
2099
2121
2100
#: serverguide/C/vpn.xml:392(para)
2122
#: serverguide/C/vpn.xml:378(para)
2101
2123
msgid ""
2102
2124
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2103
2125
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2105
2127
"10.8.0.1. Comment this line out if you are ethernet bridging."
2106
2128
msgstr ""
2107
2129
2108
#: serverguide/C/vpn.xml:401(programlisting)
2130
#: serverguide/C/vpn.xml:387(programlisting)
2109
2131
#, no-wrap
2110
2132
msgid ""
2111
2133
"\n"
2112
2134
"server 10.8.0.0 255.255.255.0\n"
2113
2135
msgstr ""
2114
2136
2115
#: serverguide/C/vpn.xml:405(para)
2137
#: serverguide/C/vpn.xml:391(para)
2116
2138
msgid ""
2117
2139
"Maintain a record of client to virtual IP address associations in this file. "
2118
2140
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2119
2141
"the same virtual IP address from the pool that was previously assigned."
2120
2142
msgstr ""
2121
2143
2122
#: serverguide/C/vpn.xml:412(programlisting)
2144
#: serverguide/C/vpn.xml:398(programlisting)
2123
2145
#, no-wrap
2124
2146
msgid ""
2125
2147
"\n"
2126
2148
"ifconfig-pool-persist ipp.txt\n"
2127
2149
msgstr ""
2128
2150
2129
#: serverguide/C/vpn.xml:416(para)
2151
#: serverguide/C/vpn.xml:402(para)
2130
2152
msgid "Push DNS servers to the client."
2131
2153
msgstr ""
2132
2154
2133
#: serverguide/C/vpn.xml:419(programlisting)
2155
#: serverguide/C/vpn.xml:405(programlisting)
2134
2156
#, no-wrap
2135
2157
msgid ""
2136
2158
"\n"
2138
2160
"push \"dhcp-option DNS 10.1.0.2\"\n"
2139
2161
msgstr ""
2140
2162
2141
#: serverguide/C/vpn.xml:424(para)
2163
#: serverguide/C/vpn.xml:410(para)
2142
2164
msgid "Allow client to client communication."
2143
2165
msgstr ""
2144
2166
2145
#: serverguide/C/vpn.xml:427(programlisting)
2167
#: serverguide/C/vpn.xml:413(programlisting)
2146
2168
#, no-wrap
2147
2169
msgid ""
2148
2170
"\n"
2149
2171
"client-to-client\n"
2150
2172
msgstr ""
2151
2173
2152
#: serverguide/C/vpn.xml:431(para)
2174
#: serverguide/C/vpn.xml:417(para)
2153
2175
msgid "Enable compression on the VPN link."
2154
2176
msgstr ""
2155
2177
2156
#: serverguide/C/vpn.xml:434(programlisting)
2178
#: serverguide/C/vpn.xml:420(programlisting)
2157
2179
#, no-wrap
2158
2180
msgid ""
2159
2181
"\n"
2160
2182
"comp-lzo\n"
2161
2183
msgstr ""
2162
2184
2163
#: serverguide/C/vpn.xml:438(para)
2185
#: serverguide/C/vpn.xml:424(para)
2164
2186
msgid ""
2165
2187
"The keepalive directive causes ping-like messages to be sent back and forth "
2166
2188
"over the link so that each side knows when the other side has gone down. "
2168
2190
"during a 3 second time period."
2169
2191
msgstr ""
2170
2192
2171
#: serverguide/C/vpn.xml:447(programlisting)
2193
#: serverguide/C/vpn.xml:433(programlisting)
2172
2194
#, no-wrap
2173
2195
msgid ""
2174
2196
"\n"
2175
2197
"keepalive 1 3\n"
2176
2198
msgstr ""
2177
2199
2178
#: serverguide/C/vpn.xml:451(para)
2200
#: serverguide/C/vpn.xml:437(para)
2179
2201
msgid ""
2180
2202
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2181
2203
"initialization."
2182
2204
msgstr ""
2183
2205
2184
#: serverguide/C/vpn.xml:454(programlisting)
2206
#: serverguide/C/vpn.xml:440(programlisting)
2185
2207
#, no-wrap
2186
2208
msgid ""
2187
2209
"\n"
2189
2211
"group nogroup\n"
2190
2212
msgstr ""
2191
2213
2192
#: serverguide/C/vpn.xml:459(para)
2214
#: serverguide/C/vpn.xml:445(para)
2193
2215
msgid ""
2194
2216
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2195
2217
"obtain a username and password from a connecting client, and to use that "
2199
2221
"username/password, passing it on to the server over the secure TLS channel."
2200
2222
msgstr ""
2201
2223
2202
#: serverguide/C/vpn.xml:463(programlisting)
2224
#: serverguide/C/vpn.xml:449(programlisting)
2203
2225
#, no-wrap
2204
2226
msgid ""
2205
2227
"\n"
2207
2229
"auth-user-pass\n"
2208
2230
msgstr ""
2209
2231
2210
#: serverguide/C/vpn.xml:468(para)
2232
#: serverguide/C/vpn.xml:454(para)
2211
2233
msgid ""
2212
2234
"This will tell the OpenVPN server to validate the username/password entered "
2213
2235
"by clients using the login PAM module. Useful if you have centralized "
2214
2236
"authentication with e.g. Kerberos."
2215
2237
msgstr ""
2216
2238
2217
#: serverguide/C/vpn.xml:473(programlisting)
2239
#: serverguide/C/vpn.xml:486(programlisting)
2218
2240
#, no-wrap
2219
2241
msgid ""
2220
2242
"\n"
2221
2243
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2222
2244
msgstr ""
2223
2245
2224
#: serverguide/C/vpn.xml:477(para)
2246
#: serverguide/C/vpn.xml:463(para)
2225
2247
msgid ""
2226
2248
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2227
2249
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2228
2250
"for further security advice."
2229
2251
msgstr ""
2230
2252
2231
#: serverguide/C/vpn.xml:483(title)
2253
#: serverguide/C/vpn.xml:469(title)
2232
2254
msgid "Advanced bridged VPN configuration on server"
2233
2255
msgstr ""
2234
2256
2235
#: serverguide/C/vpn.xml:485(para)
2257
#: serverguide/C/vpn.xml:471(para)
2236
2258
msgid ""
2237
2259
"<application>OpenVPN</application> can be setup for either a routed or a "
2238
2260
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2244
2266
"be filtered."
2245
2267
msgstr ""
2246
2268
2247
#: serverguide/C/vpn.xml:491(title)
2269
#: serverguide/C/vpn.xml:477(title)
2248
2270
msgid "Prepare interface config for bridging on server"
2249
2271
msgstr ""
2250
2272
2251
#: serverguide/C/vpn.xml:493(para)
2273
#: serverguide/C/vpn.xml:479(para)
2252
2274
msgid "Make sure you have the bridge-utils package installed:"
2253
2275
msgstr ""
2254
2276
2255
#: serverguide/C/vpn.xml:497(command) serverguide/C/network-config.xml:542(command)
2277
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2256
2278
msgid "sudo apt-get install bridge-utils"
2257
2279
msgstr ""
2258
2280
2259
#: serverguide/C/vpn.xml:500(para)
2281
#: serverguide/C/vpn.xml:486(para)
2260
2282
msgid ""
2261
2283
"Before you setup OpenVPN in bridged mode you need to change your interface "
2262
2284
"configuration. Let's assume your server has an interface eth0 connected to "
2264
2286
"Your /etc/network/interfaces would like this:"
2265
2287
msgstr ""
2266
2288
2267
#: serverguide/C/vpn.xml:504(programlisting)
2289
#: serverguide/C/vpn.xml:490(programlisting)
2268
2290
#, no-wrap
2269
2291
msgid ""
2270
2292
"\n"
2280
2302
" netmask 255.255.255.0\n"
2281
2303
msgstr ""
2282
2304
2283
#: serverguide/C/vpn.xml:517(para)
2305
#: serverguide/C/vpn.xml:503(para)
2284
2306
msgid ""
2285
2307
"This straight forward interface config needs to be changed into a bridged "
2286
2308
"mode like where the config of interface eth1 moves to the new br0 interface. "
2289
2311
"interface to forward all ethernet frames to the IP stack."
2290
2312
msgstr ""
2291
2313
2292
#: serverguide/C/vpn.xml:521(programlisting)
2314
#: serverguide/C/vpn.xml:507(programlisting)
2293
2315
#, no-wrap
2294
2316
msgid ""
2295
2317
"\n"
2310
2332
" bridge_ports eth1\n"
2311
2333
msgstr ""
2312
2334
2313
#: serverguide/C/vpn.xml:539(para)
2335
#: serverguide/C/vpn.xml:552(para)
2314
2336
msgid ""
2315
2337
"At this point you need to bring up the bridge. Be prepared that this might "
2316
2338
"not work as expected and that you will lose remote connectivity. Make sure "
2317
2339
"you can solve problems having local access."
2318
2340
msgstr ""
2319
2341
2320
#: serverguide/C/vpn.xml:543(command)
2342
#: serverguide/C/vpn.xml:556(command)
2321
2343
msgid "sudo ifdown eth1 && sudo ifup -a"
2322
2344
msgstr ""
2323
2345
2324
#: serverguide/C/vpn.xml:548(title)
2346
#: serverguide/C/vpn.xml:534(title)
2325
2347
msgid "Prepare server config for bridging"
2326
2348
msgstr ""
2327
2349
2328
#: serverguide/C/vpn.xml:550(para)
2350
#: serverguide/C/vpn.xml:536(para)
2329
2351
msgid ""
2330
2352
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2331
2353
"options to:"
2332
2354
msgstr ""
2333
2355
2334
#: serverguide/C/vpn.xml:554(programlisting)
2356
#: serverguide/C/vpn.xml:540(programlisting)
2335
2357
#, no-wrap
2336
2358
msgid ""
2337
2359
"\n"
2342
2364
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2343
2365
msgstr ""
2344
2366
2345
#: serverguide/C/vpn.xml:562(para)
2367
#: serverguide/C/vpn.xml:548(para)
2346
2368
msgid ""
2347
2369
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2348
2370
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2349
2371
"<filename>/etc/openvpn/up.sh</filename>:"
2350
2372
msgstr ""
2351
2373
2352
#: serverguide/C/vpn.xml:566(programlisting)
2374
#: serverguide/C/vpn.xml:552(programlisting)
2353
2375
#, no-wrap
2354
2376
msgid ""
2355
2377
"\n"
2364
2386
"/sbin/brctl addif $BR $TAPDEV\n"
2365
2387
msgstr ""
2366
2388
2367
#: serverguide/C/vpn.xml:578(para)
2389
#: serverguide/C/vpn.xml:564(para)
2368
2390
msgid "Then make it executable:"
2369
2391
msgstr ""
2370
2392
2371
#: serverguide/C/vpn.xml:583(command)
2393
#: serverguide/C/vpn.xml:569(command)
2372
2394
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2373
2395
msgstr ""
2374
2396
2375
#: serverguide/C/vpn.xml:586(para)
2397
#: serverguide/C/vpn.xml:572(para)
2376
2398
msgid ""
2377
2399
"After configuring the server, restart <application>openvpn</application> by "
2378
2400
"entering:"
2379
2401
msgstr ""
2380
2402
2381
#: serverguide/C/vpn.xml:591(command) serverguide/C/vpn.xml:632(command)
2403
#: serverguide/C/vpn.xml:604(command) serverguide/C/vpn.xml:645(command)
2382
2404
msgid "sudo service openvpn restart"
2383
2405
msgstr ""
2384
2406
2385
#: serverguide/C/vpn.xml:596(title)
2407
#: serverguide/C/vpn.xml:582(title)
2386
2408
msgid "Client Configuration"
2387
2409
msgstr ""
2388
2410
2389
#: serverguide/C/vpn.xml:598(para)
2411
#: serverguide/C/vpn.xml:584(para)
2390
2412
msgid "First, install <application>openvpn</application> on the client:"
2391
2413
msgstr ""
2392
2414
2393
#: serverguide/C/vpn.xml:606(para)
2415
#: serverguide/C/vpn.xml:592(para)
2394
2416
msgid ""
2395
2417
"Then with the server configured and the client certificates copied to the "
2396
2418
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2397
2419
"file by copying the example. In a terminal on the client machine enter:"
2398
2420
msgstr ""
2399
2421
2400
#: serverguide/C/vpn.xml:612(command)
2422
#: serverguide/C/vpn.xml:598(command)
2401
2423
msgid ""
2402
2424
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2403
2425
"/etc/openvpn"
2404
2426
msgstr ""
2405
2427
2406
#: serverguide/C/vpn.xml:615(para)
2428
#: serverguide/C/vpn.xml:601(para)
2407
2429
msgid ""
2408
2430
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2409
2431
"following options:"
2410
2432
msgstr ""
2411
2433
2412
#: serverguide/C/vpn.xml:619(programlisting)
2434
#: serverguide/C/vpn.xml:632(programlisting)
2413
2435
#, no-wrap
2414
2436
msgid ""
2415
2437
"\n"
2420
2442
"key client1.key\n"
2421
2443
msgstr ""
2422
2444
2423
#: serverguide/C/vpn.xml:627(para)
2445
#: serverguide/C/vpn.xml:610(para)
2424
2446
msgid "Finally, restart <application>openvpn</application>:"
2425
2447
msgstr ""
2426
2448
2427
#: serverguide/C/vpn.xml:635(para)
2449
#: serverguide/C/vpn.xml:618(para)
2428
2450
msgid "You should now be able to connect to the remote LAN through the VPN."
2429
2451
msgstr ""
2430
2452
2431
#: serverguide/C/vpn.xml:644(title)
2453
#: serverguide/C/vpn.xml:627(title)
2432
2454
msgid "Client software implementations"
2433
2455
msgstr ""
2434
2456
2435
#: serverguide/C/vpn.xml:647(title)
2457
#: serverguide/C/vpn.xml:630(title)
2436
2458
msgid "Linux Network-Manager GUI for OpenVPN"
2437
2459
msgstr ""
2438
2460
2439
#: serverguide/C/vpn.xml:649(para)
2461
#: serverguide/C/vpn.xml:632(para)
2440
2462
msgid ""
2441
2463
"Many Linux distributions including Ubuntu desktop variants come with Network "
2442
2464
"Manager, a nice GUI to configure your network settings. It also can manage "
2445
2467
"packages as well:"
2446
2468
msgstr ""
2447
2469
2448
#: serverguide/C/vpn.xml:654(programlisting)
2470
#: serverguide/C/vpn.xml:637(programlisting)
2449
2471
#, no-wrap
2450
2472
msgid ""
2451
2473
"\n"
2466
2488
"Do you want to continue [Y/n]? \n"
2467
2489
msgstr ""
2468
2490
2469
#: serverguide/C/vpn.xml:672(para)
2491
#: serverguide/C/vpn.xml:655(para)
2470
2492
msgid ""
2471
2493
"To inform network-manager about the new installed packages you will have to "
2472
2494
"restart it:"
2473
2495
msgstr ""
2474
2496
2475
#: serverguide/C/vpn.xml:676(programlisting)
2497
#: serverguide/C/vpn.xml:659(programlisting)
2476
2498
#, no-wrap
2477
2499
msgid ""
2478
2500
"\n"
2480
2502
"network-manager start/running, process 3078\n"
2481
2503
msgstr ""
2482
2504
2483
#: serverguide/C/vpn.xml:681(para)
2505
#: serverguide/C/vpn.xml:694(para)
2484
2506
msgid ""
2485
2507
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
2486
2508
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
2492
2514
"to establish your VPN."
2493
2515
msgstr ""
2494
2516
2495
#: serverguide/C/vpn.xml:693(title)
2517
#: serverguide/C/vpn.xml:676(title)
2496
2518
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2497
2519
msgstr ""
2498
2520
2499
#: serverguide/C/vpn.xml:695(para)
2521
#: serverguide/C/vpn.xml:678(para)
2500
2522
msgid ""
2501
2523
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2502
2524
"OpenVPN for OS X. The project's homepage is at <ulink "
2508
2530
"Application folder."
2509
2531
msgstr ""
2510
2532
2511
#: serverguide/C/vpn.xml:701(programlisting)
2533
#: serverguide/C/vpn.xml:684(programlisting)
2512
2534
#, no-wrap
2513
2535
msgid ""
2514
2536
"\n"
2531
2553
"key client.key\n"
2532
2554
msgstr ""
2533
2555
2534
#: serverguide/C/vpn.xml:723(title)
2556
#: serverguide/C/vpn.xml:706(title)
2535
2557
msgid "OpenVPN with GUI for Win 7"
2536
2558
msgstr ""
2537
2559
2538
#: serverguide/C/vpn.xml:725(para)
2560
#: serverguide/C/vpn.xml:738(para)
2539
2561
msgid ""
2540
2562
"First download and install the latest <ulink "
2541
2563
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
2544
2566
"binary installer."
2545
2567
msgstr ""
2546
2568
2547
#: serverguide/C/vpn.xml:730(para)
2569
#: serverguide/C/vpn.xml:714(para)
2548
2570
msgid ""
2549
2571
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2550
2572
"> Services and Applications > Services. Find the OpenVPN service and "
2553
2575
"click on it and you will see that option."
2554
2576
msgstr ""
2555
2577
2556
#: serverguide/C/vpn.xml:734(para)
2578
#: serverguide/C/vpn.xml:718(para)
2557
2579
msgid ""
2558
2580
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2559
2581
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2561
2583
"follwing example."
2562
2584
msgstr ""
2563
2585
2564
#: serverguide/C/vpn.xml:738(programlisting)
2586
#: serverguide/C/vpn.xml:751(programlisting)
2565
2587
#, no-wrap
2566
2588
msgid ""
2567
2589
"\n"
2590
2612
"\n"
2591
2613
msgstr ""
2592
2614
2593
#: serverguide/C/vpn.xml:763(para)
2615
#: serverguide/C/vpn.xml:776(para)
2594
2616
msgid ""
2595
2617
"Note: If you are not using user authentication and/or you want to run the "
2596
2618
"service without user interaction, comment out the following options:"
2597
2619
msgstr ""
2598
2620
2599
#: serverguide/C/vpn.xml:766(programlisting)
2621
#: serverguide/C/vpn.xml:779(programlisting)
2600
2622
#, no-wrap
2601
2623
msgid ""
2602
2624
"\n"
2607
2629
"management-query-passwords\n"
2608
2630
msgstr ""
2609
2631
2610
#: serverguide/C/vpn.xml:773(para)
2632
#: serverguide/C/vpn.xml:786(para)
2611
2633
msgid "You may want to set the Windows service to \"automatic\"."
2612
2634
msgstr ""
2613
2635
2614
#: serverguide/C/vpn.xml:777(title)
2636
#: serverguide/C/vpn.xml:747(title)
2615
2637
msgid "OpenVPN for OpenWRT"
2616
2638
msgstr ""
2617
2639
2618
#: serverguide/C/vpn.xml:779(para)
2640
#: serverguide/C/vpn.xml:749(para)
2619
2641
msgid ""
2620
2642
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2621
2643
"router. There are certain types of WLAN routers who can be flashed to run "
2628
2650
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2629
2651
msgstr ""
2630
2652
2631
#: serverguide/C/vpn.xml:788(para)
2653
#: serverguide/C/vpn.xml:758(para)
2632
2654
msgid "Log into your OpenWRT router and install OpenVPN:"
2633
2655
msgstr ""
2634
2656
2635
#: serverguide/C/vpn.xml:793(command)
2657
#: serverguide/C/vpn.xml:763(command)
2636
2658
msgid "opkg update"
2637
2659
msgstr ""
2638
2660
2639
#: serverguide/C/vpn.xml:794(command)
2661
#: serverguide/C/vpn.xml:764(command)
2640
2662
msgid "opkg install openvpn"
2641
2663
msgstr ""
2642
2664
2643
#: serverguide/C/vpn.xml:797(para)
2665
#: serverguide/C/vpn.xml:810(para)
2644
2666
msgid ""
2645
2667
"Check out /etc/config/openvpn and put your client config in there. Copy "
2646
2668
"certificates and keys to /etc/openvpn/"
2647
2669
msgstr ""
2648
2670
2649
#: serverguide/C/vpn.xml:802(programlisting)
2671
#: serverguide/C/vpn.xml:772(programlisting)
2650
2672
#, no-wrap
2651
2673
msgid ""
2652
2674
"\n"
2662
2684
" option comp_lzo 1 \n"
2663
2685
msgstr ""
2664
2686
2665
#: serverguide/C/vpn.xml:815(para)
2687
#: serverguide/C/vpn.xml:785(para)
2666
2688
msgid "Restart OpenVPN:"
2667
2689
msgstr ""
2668
2690
2669
#: serverguide/C/vpn.xml:820(command)
2691
#: serverguide/C/vpn.xml:833(command)
2670
2692
msgid "service openvpn restart"
2671
2693
msgstr ""
2672
2694
2673
#: serverguide/C/vpn.xml:823(para)
2695
#: serverguide/C/vpn.xml:793(para)
2674
2696
msgid ""
2675
2697
"You will have to see if you need to adjust your router's routing and "
2676
2698
"firewall rules."
2677
2699
msgstr ""
2678
2700
2679
#: serverguide/C/vpn.xml:833(para)
2701
#: serverguide/C/vpn.xml:803(para)
2680
2702
msgid ""
2681
2703
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2682
2704
"additional information."
2683
2705
msgstr ""
2684
2706
2685
#: serverguide/C/vpn.xml:839(ulink)
2707
#: serverguide/C/vpn.xml:809(ulink)
2686
2708
msgid "OpenVPN hardening security guide"
2687
2709
msgstr ""
2688
2710
2689
#: serverguide/C/vpn.xml:843(para)
2711
#: serverguide/C/vpn.xml:813(para)
2690
2712
msgid ""
2691
2713
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2692
2714
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2696
2718
msgid "Virtualization"
2697
2719
msgstr ""
2698
2720
2699
#: serverguide/C/virtualization.xml:13(para)
2721
#: serverguide/C/virtualization.xml:12(para)
2700
2722
msgid ""
2701
2723
"Virtualization is being adopted in many different environments and "
2702
2724
"situations. If you are a developer, virtualization can provide you with a "
2706
2728
"services and move them around based on demand."
2707
2729
msgstr ""
2708
2730
2709
#: serverguide/C/virtualization.xml:20(para)
2731
#: serverguide/C/virtualization.xml:18(para)
2710
2732
msgid ""
2711
2733
"The default virtualization technology supported in Ubuntu is "
2712
2734
"<application>KVM</application>. KVM requires virtualization extensions built "
2717
2739
"hardware without virtualization extensions."
2718
2740
msgstr ""
2719
2741
2720
#: serverguide/C/virtualization.xml:29(title)
2742
#: serverguide/C/virtualization.xml:26(title)
2721
2743
msgid "libvirt"
2722
2744
msgstr ""
2723
2745
2724
#: serverguide/C/virtualization.xml:31(para)
2746
#: serverguide/C/virtualization.xml:27(para)
2725
2747
msgid ""
2726
2748
"The <application>libvirt</application> library is used to interface with "
2727
2749
"different virtualization technologies. Before getting started with "
2730
2752
"<application>KVM</application>. Enter the following from a terminal prompt:"
2731
2753
msgstr ""
2732
2754
2733
#: serverguide/C/virtualization.xml:39(command)
2755
#: serverguide/C/virtualization.xml:34(command)
2734
2756
msgid "kvm-ok"
2735
2757
msgstr ""
2736
2758
2737
#: serverguide/C/virtualization.xml:42(para)
2759
#: serverguide/C/virtualization.xml:36(para)
2738
2760
msgid ""
2739
2761
"A message will be printed informing you if your CPU "
2740
2762
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2748
2770
"it."
2749
2771
msgstr ""
2750
2772
2751
#: serverguide/C/virtualization.xml:53(title)
2773
#: serverguide/C/virtualization.xml:46(title)
2752
2774
msgid "Virtual Networking"
2753
2775
msgstr ""
2754
2776
2770
2792
"to the rest of the network."
2771
2793
msgstr ""
2772
2794
2773
#: serverguide/C/virtualization.xml:72(para)
2795
#: serverguide/C/virtualization.xml:62(para)
2774
2796
msgid "To install the necessary packages, from a terminal prompt enter:"
2775
2797
msgstr ""
2776
2798
2778
2800
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2779
2801
msgstr ""
2780
2802
2781
#: serverguide/C/virtualization.xml:79(para)
2803
#: serverguide/C/virtualization.xml:68(para)
2782
2804
msgid ""
2783
2805
"After installing <application>libvirt-bin</application>, the user used to "
2784
2806
"manage virtual machines will need to be added to the "
2786
2808
"the advanced networking options."
2787
2809
msgstr ""
2788
2810
2789
#: serverguide/C/virtualization.xml:84(para)
2811
#: serverguide/C/virtualization.xml:72(para)
2790
2812
msgid "In a terminal enter:"
2791
2813
msgstr ""
2792
2814
2793
#: serverguide/C/virtualization.xml:87(command)
2815
#: serverguide/C/virtualization.xml:76(command)
2794
2816
msgid "sudo adduser $USER libvirtd"
2795
2817
msgstr ""
2796
2818
2797
#: serverguide/C/virtualization.xml:91(para)
2819
#: serverguide/C/virtualization.xml:79(para)
2798
2820
msgid ""
2799
2821
"If the user chosen is the current user, you will need to log out and back in "
2800
2822
"for the new group membership to take effect."
2801
2823
msgstr ""
2802
2824
2803
#: serverguide/C/virtualization.xml:95(para)
2825
#: serverguide/C/virtualization.xml:83(para)
2804
2826
msgid ""
2805
2827
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2806
2828
"Installing a virtual machine follows the same process as installing the "
2809
2831
"physical machine."
2810
2832
msgstr ""
2811
2833
2812
#: serverguide/C/virtualization.xml:101(para)
2834
#: serverguide/C/virtualization.xml:88(para)
2813
2835
msgid ""
2814
2836
"In the case of virtual machines a Graphical User Interface (GUI) is "
2815
2837
"analogous to using a physical keyboard and mouse. Instead of installing a "
2834
2856
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2835
2857
msgstr ""
2836
2858
2837
#: serverguide/C/virtualization.xml:119(para)
2859
#: serverguide/C/virtualization.xml:101(para)
2838
2860
msgid ""
2839
2861
"Libvirt can also be configured work with <application>Xen</application>. For "
2840
2862
"details, see the Xen Ubuntu community page referenced below."
2841
2863
msgstr ""
2842
2864
2843
#: serverguide/C/virtualization.xml:125(title)
2865
#: serverguide/C/virtualization.xml:106(title)
2844
2866
msgid "virt-install"
2845
2867
msgstr ""
2846
2868
2847
#: serverguide/C/virtualization.xml:127(para)
2869
#: serverguide/C/virtualization.xml:107(para)
2848
2870
msgid ""
2849
2871
"<application>virt-install</application> is part of the "
2850
2872
"<application>virtinst</application> package. To install it, from a terminal "
2851
2873
"prompt enter:"
2852
2874
msgstr ""
2853
2875
2854
#: serverguide/C/virtualization.xml:132(command)
2876
#: serverguide/C/virtualization.xml:111(command)
2855
2877
msgid "sudo apt-get install virtinst"
2856
2878
msgstr ""
2857
2879
2858
#: serverguide/C/virtualization.xml:135(para)
2880
#: serverguide/C/virtualization.xml:113(para)
2859
2881
msgid ""
2860
2882
"There are several options available when using <application>virt-"
2861
2883
"install</application>. For example:"
2869
2891
"vnc,listen=0.0.0.0 --noautoconsole -v"
2870
2892
msgstr ""
2871
2893
2872
#: serverguide/C/virtualization.xml:147(para)
2894
#: serverguide/C/virtualization.xml:124(para)
2873
2895
msgid ""
2874
2896
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2875
2897
"be <emphasis>web_devel</emphasis> in this example."
2876
2898
msgstr ""
2877
2899
2878
#: serverguide/C/virtualization.xml:153(para)
2900
#: serverguide/C/virtualization.xml:129(para)
2879
2901
msgid ""
2880
2902
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2881
2903
"machine will use in megabytes."
2882
2904
msgstr ""
2883
2905
2884
#: serverguide/C/virtualization.xml:158(para)
2906
#: serverguide/C/virtualization.xml:134(para)
2885
2907
msgid ""
2886
2908
"<emphasis>--disk "
2887
2909
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2898
2920
"CDROM device."
2899
2921
msgstr ""
2900
2922
2901
#: serverguide/C/virtualization.xml:174(para)
2923
#: serverguide/C/virtualization.xml:152(para)
2902
2924
msgid ""
2903
2925
"<emphasis>--network</emphasis> provides details related to the VM's network "
2904
2926
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2913
2935
"connect via VNC to complete the installation."
2914
2936
msgstr ""
2915
2937
2916
#: serverguide/C/virtualization.xml:189(para)
2938
#: serverguide/C/virtualization.xml:163(para)
2917
2939
msgid ""
2918
2940
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2919
2941
"virtual machine's console."
2920
2942
msgstr ""
2921
2943
2922
#: serverguide/C/virtualization.xml:194(para)
2944
#: serverguide/C/virtualization.xml:168(para)
2923
2945
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2924
2946
msgstr ""
2925
2947
2930
2952
"a GUI), or via a remote VNC client from a GUI based computer."
2931
2953
msgstr ""
2932
2954
2933
#: serverguide/C/virtualization.xml:206(title)
2955
#: serverguide/C/virtualization.xml:179(title)
2934
2956
msgid "virt-clone"
2935
2957
msgstr ""
2936
2958
2937
#: serverguide/C/virtualization.xml:208(para)
2959
#: serverguide/C/virtualization.xml:180(para)
2938
2960
msgid ""
2939
2961
"The <application>virt-clone</application> application can be used to copy "
2940
2962
"one virtual machine to another. For example:"
2941
2963
msgstr ""
2942
2964
2943
#: serverguide/C/virtualization.xml:212(command)
2965
#: serverguide/C/virtualization.xml:184(command)
2944
2966
msgid ""
2945
2967
"sudo virt-clone -o web_devel -n database_devel -f "
2946
2968
"/path/to/database_devel.img \\ --connect=qemu:///system"
2947
2969
msgstr ""
2948
2970
2949
#: serverguide/C/virtualization.xml:218(para)
2971
#: serverguide/C/virtualization.xml:189(para)
2950
2972
msgid "<emphasis>-o:</emphasis> original virtual machine."
2951
2973
msgstr ""
2952
2974
2953
#: serverguide/C/virtualization.xml:222(para)
2975
#: serverguide/C/virtualization.xml:194(para)
2954
2976
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2955
2977
msgstr ""
2956
2978
2957
#: serverguide/C/virtualization.xml:227(para)
2979
#: serverguide/C/virtualization.xml:199(para)
2958
2980
msgid ""
2959
2981
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2960
2982
"be used by the new virtual machine."
2961
2983
msgstr ""
2962
2984
2963
#: serverguide/C/virtualization.xml:232(para)
2985
#: serverguide/C/virtualization.xml:204(para)
2964
2986
msgid ""
2965
2987
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2966
2988
msgstr ""
2967
2989
2968
#: serverguide/C/virtualization.xml:237(para)
2990
#: serverguide/C/virtualization.xml:209(para)
2969
2991
msgid ""
2970
2992
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2971
2993
"help troubleshoot problems with <application>virt-clone</application>."
2972
2994
msgstr ""
2973
2995
2974
#: serverguide/C/virtualization.xml:242(para)
2996
#: serverguide/C/virtualization.xml:214(para)
2975
2997
msgid ""
2976
2998
"Replace <emphasis>web_devel</emphasis> and "
2977
2999
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2978
3000
msgstr ""
2979
3001
2980
#: serverguide/C/virtualization.xml:249(title)
3002
#: serverguide/C/virtualization.xml:220(title)
2981
3003
msgid "Virtual Machine Management"
2982
3004
msgstr ""
2983
3005
2984
#: serverguide/C/virtualization.xml:252(title)
3006
#: serverguide/C/virtualization.xml:222(title)
2985
3007
msgid "virsh"
2986
3008
msgstr ""
2987
3009
2988
#: serverguide/C/virtualization.xml:254(para)
3010
#: serverguide/C/virtualization.xml:223(para)
2989
3011
msgid ""
2990
3012
"There are several utilities available to manage virtual machines and "
2991
3013
"<application>libvirt</application>. The <application>virsh</application> "
2992
3014
"utility can be used from the command line. Some examples:"
2993
3015
msgstr ""
2994
3016
2995
#: serverguide/C/virtualization.xml:261(para)
3017
#: serverguide/C/virtualization.xml:229(para)
2996
3018
msgid "To list running virtual machines:"
2997
3019
msgstr ""
2998
3020
2999
#: serverguide/C/virtualization.xml:264(command)
3021
#: serverguide/C/virtualization.xml:233(command)
3000
3022
msgid "virsh -c qemu:///system list"
3001
3023
msgstr ""
3002
3024
3003
#: serverguide/C/virtualization.xml:269(para)
3025
#: serverguide/C/virtualization.xml:237(para)
3004
3026
msgid "To start a virtual machine:"
3005
3027
msgstr ""
3006
3028
3007
#: serverguide/C/virtualization.xml:272(command)
3029
#: serverguide/C/virtualization.xml:241(command)
3008
3030
msgid "virsh -c qemu:///system start web_devel"
3009
3031
msgstr ""
3010
3032
3011
#: serverguide/C/virtualization.xml:277(para)
3033
#: serverguide/C/virtualization.xml:245(para)
3012
3034
msgid "Similarly, to start a virtual machine at boot:"
3013
3035
msgstr ""
3014
3036
3015
#: serverguide/C/virtualization.xml:280(command)
3037
#: serverguide/C/virtualization.xml:249(command)
3016
3038
msgid "virsh -c qemu:///system autostart web_devel"
3017
3039
msgstr ""
3018
3040
3019
#: serverguide/C/virtualization.xml:285(para)
3041
#: serverguide/C/virtualization.xml:253(para)
3020
3042
msgid "Reboot a virtual machine with:"
3021
3043
msgstr ""
3022
3044
3023
#: serverguide/C/virtualization.xml:288(command)
3045
#: serverguide/C/virtualization.xml:257(command)
3024
3046
msgid "virsh -c qemu:///system reboot web_devel"
3025
3047
msgstr ""
3026
3048
3027
#: serverguide/C/virtualization.xml:293(para)
3049
#: serverguide/C/virtualization.xml:261(para)
3028
3050
msgid ""
3029
3051
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3030
3052
"order to be restored later. The following will save the virtual machine "
3031
3053
"state into a file named according to the date:"
3032
3054
msgstr ""
3033
3055
3034
#: serverguide/C/virtualization.xml:299(command)
3056
#: serverguide/C/virtualization.xml:266(command)
3035
3057
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3036
3058
msgstr ""
3037
3059
3038
#: serverguide/C/virtualization.xml:302(para)
3060
#: serverguide/C/virtualization.xml:268(para)
3039
3061
msgid "Once saved the virtual machine will no longer be running."
3040
3062
msgstr ""
3041
3063
3042
#: serverguide/C/virtualization.xml:307(para)
3064
#: serverguide/C/virtualization.xml:273(para)
3043
3065
msgid "A saved virtual machine can be restored using:"
3044
3066
msgstr ""
3045
3067
3046
#: serverguide/C/virtualization.xml:310(command)
3068
#: serverguide/C/virtualization.xml:277(command)
3047
3069
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3048
3070
msgstr ""
3049
3071
3050
#: serverguide/C/virtualization.xml:315(para)
3072
#: serverguide/C/virtualization.xml:281(para)
3051
3073
msgid "To shutdown a virtual machine do:"
3052
3074
msgstr ""
3053
3075
3054
#: serverguide/C/virtualization.xml:318(command)
3076
#: serverguide/C/virtualization.xml:285(command)
3055
3077
msgid "virsh -c qemu:///system shutdown web_devel"
3056
3078
msgstr ""
3057
3079
3058
#: serverguide/C/virtualization.xml:323(para)
3080
#: serverguide/C/virtualization.xml:289(para)
3059
3081
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3060
3082
msgstr ""
3061
3083
3062
#: serverguide/C/virtualization.xml:327(command)
3084
#: serverguide/C/virtualization.xml:293(command)
3063
3085
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3064
3086
msgstr ""
3065
3087
3066
#: serverguide/C/virtualization.xml:333(para)
3088
#: serverguide/C/virtualization.xml:298(para)
3067
3089
msgid ""
3068
3090
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3069
3091
"appropriate virtual machine name, and <filename>web_devel-"
3070
3092
"022708.state</filename> with a descriptive file name."
3071
3093
msgstr ""
3072
3094
3073
#: serverguide/C/virtualization.xml:341(title)
3095
#: serverguide/C/virtualization.xml:305(title)
3074
3096
msgid "Virtual Machine Manager"
3075
3097
msgstr ""
3076
3098
3077
#: serverguide/C/virtualization.xml:343(para)
3099
#: serverguide/C/virtualization.xml:306(para)
3078
3100
msgid ""
3079
3101
"The <application>virt-manager</application> package contains a graphical "
3080
3102
"utility to manage local and remote virtual machines. To install virt-manager "
3081
3103
"enter:"
3082
3104
msgstr ""
3083
3105
3084
#: serverguide/C/virtualization.xml:348(command)
3106
#: serverguide/C/virtualization.xml:311(command)
3085
3107
msgid "sudo apt-get install virt-manager"
3086
3108
msgstr ""
3087
3109
3088
#: serverguide/C/virtualization.xml:351(para)
3110
#: serverguide/C/virtualization.xml:313(para)
3089
3111
msgid ""
3090
3112
"Since <application>virt-manager</application> requires a Graphical User "
3091
3113
"Interface (GUI) environment it is recommended to be installed on a "
3093
3115
"the local <application>libvirt</application> service enter:"
3094
3116
msgstr ""
3095
3117
3096
#: serverguide/C/virtualization.xml:358(command)
3118
#: serverguide/C/virtualization.xml:319(command)
3097
3119
msgid "virt-manager -c qemu:///system"
3098
3120
msgstr ""
3099
3121
3100
#: serverguide/C/virtualization.xml:361(para)
3122
#: serverguide/C/virtualization.xml:321(para)
3101
3123
msgid ""
3102
3124
"You can connect to the <application>libvirt</application> service running on "
3103
3125
"another host by entering the following in a terminal prompt:"
3104
3126
msgstr ""
3105
3127
3106
#: serverguide/C/virtualization.xml:366(command)
3128
#: serverguide/C/virtualization.xml:325(command)
3107
3129
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3108
3130
msgstr ""
3109
3131
3110
#: serverguide/C/virtualization.xml:370(para)
3132
#: serverguide/C/virtualization.xml:328(para)
3111
3133
msgid ""
3112
3134
"The above example assumes that <application>SSH</application> connectivity "
3113
3135
"between the management system and virtnode1.mydomain.com has already been "
3118
3140
"linkend=\"openssh-server\"/>"
3119
3141
msgstr ""
3120
3142
3121
#: serverguide/C/virtualization.xml:383(title)
3143
#: serverguide/C/virtualization.xml:338(title)
3122
3144
msgid "Virtual Machine Viewer"
3123
3145
msgstr ""
3124
3146
3125
#: serverguide/C/virtualization.xml:385(para)
3147
#: serverguide/C/virtualization.xml:339(para)
3126
3148
msgid ""
3127
3149
"The <application>virt-viewer</application> application allows you to connect "
3128
3150
"to a virtual machine's console. <application>virt-viewer</application> does "
3130
3152
"machine."
3131
3153
msgstr ""
3132
3154
3133
#: serverguide/C/virtualization.xml:390(para)
3155
#: serverguide/C/virtualization.xml:343(para)
3134
3156
msgid ""
3135
3157
"To install <application>virt-viewer</application> from a terminal enter:"
3136
3158
msgstr ""
3137
3159
3138
#: serverguide/C/virtualization.xml:394(command)
3160
#: serverguide/C/virtualization.xml:347(command)
3139
3161
msgid "sudo apt-get install virt-viewer"
3140
3162
msgstr ""
3141
3163
3142
#: serverguide/C/virtualization.xml:397(para)
3164
#: serverguide/C/virtualization.xml:349(para)
3143
3165
msgid ""
3144
3166
"Once a virtual machine is installed and running you can connect to the "
3145
3167
"virtual machine's console by using:"
3146
3168
msgstr ""
3147
3169
3148
#: serverguide/C/virtualization.xml:401(command)
3170
#: serverguide/C/virtualization.xml:353(command)
3149
3171
msgid "virt-viewer -c qemu:///system web_devel"
3150
3172
msgstr ""
3151
3173
3152
#: serverguide/C/virtualization.xml:404(para)
3174
#: serverguide/C/virtualization.xml:355(para)
3153
3175
msgid ""
3154
3176
"Similar to <application>virt-manager</application>, <application>virt-"
3155
3177
"viewer</application> can connect to a remote host using "
3156
3178
"<emphasis>SSH</emphasis> with key authentication, as well:"
3157
3179
msgstr ""
3158
3180
3159
#: serverguide/C/virtualization.xml:409(command)
3181
#: serverguide/C/virtualization.xml:360(command)
3160
3182
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3161
3183
msgstr ""
3162
3184
3163
#: serverguide/C/virtualization.xml:412(para)
3185
#: serverguide/C/virtualization.xml:362(para)
3164
3186
msgid ""
3165
3187
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3166
3188
"appropriate virtual machine name."
3172
3194
"can also setup <application>SSH</application> access to the virtual machine."
3173
3195
msgstr ""
3174
3196
3175
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:667(title) serverguide/C/virtualization.xml:738(title) serverguide/C/virtualization.xml:1792(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2112(title) serverguide/C/network-auth.xml:2646(title) serverguide/C/network-auth.xml:3362(title) serverguide/C/network-auth.xml:3915(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1160(title) serverguide/C/installation.xml:1365(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:864(title)
3197
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3176
3198
msgid "Resources"
3177
3199
msgstr "Извори"
3178
3200
3182
3204
"more details."
3183
3205
msgstr ""
3184
3206
3185
#: serverguide/C/virtualization.xml:430(para)
3207
#: serverguide/C/virtualization.xml:379(para)
3186
3208
msgid ""
3187
3209
"For more information on <application>libvirt</application> see the <ulink "
3188
3210
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3189
3211
msgstr ""
3190
3212
3191
#: serverguide/C/virtualization.xml:436(para)
3213
#: serverguide/C/virtualization.xml:384(para)
3192
3214
msgid ""
3193
3215
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3194
3216
"Manager</ulink> site has more information on <application>virt-"
3195
3217
"manager</application> development."
3196
3218
msgstr ""
3197
3219
3198
#: serverguide/C/virtualization.xml:442(para)
3220
#: serverguide/C/virtualization.xml:390(para)
3199
3221
msgid ""
3200
3222
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3201
3223
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3202
3224
"technology in Ubuntu."
3203
3225
msgstr ""
3204
3226
3205
#: serverguide/C/virtualization.xml:448(para)
3227
#: serverguide/C/virtualization.xml:396(para)
3206
3228
msgid ""
3207
3229
"Another good resource is the <ulink "
3208
3230
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3209
3231
msgstr ""
3210
3232
3211
#: serverguide/C/virtualization.xml:454(para)
3233
#: serverguide/C/virtualization.xml:401(para)
3212
3234
msgid ""
3213
3235
"For information on Xen, including using Xen with libvirt, please see the "
3214
3236
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3219
3241
msgid "Cloud images and uvtool"
3220
3242
msgstr ""
3221
3243
3222
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1194(title)
3244
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3223
3245
msgid "Introduction"
3224
3246
msgstr "Увод"
3225
3247
3534
3556
3535
3557
#: serverguide/C/virtualization.xml:658(para)
3536
3558
msgid ""
3537
"--run-script-one script_file : Run script_file as root on the VM the first "
3559
"--run-script-once script_file : Run script_file as root on the VM the first "
3538
3560
"time it is booted, but never again."
3539
3561
msgstr ""
3540
3562
3550
3572
"manpage of uvt-kvm"
3551
3573
msgstr ""
3552
3574
3553
#: serverguide/C/virtualization.xml:669(para)
3575
#: serverguide/C/virtualization.xml:1073(para)
3554
3576
msgid ""
3555
3577
"If you are interested in learning more, have questions or suggestions, "
3556
3578
"please contact the Ubuntu Server Team at:"
3557
3579
msgstr ""
3558
3580
3559
#: serverguide/C/virtualization.xml:674(para)
3581
#: serverguide/C/virtualization.xml:1078(para)
3560
3582
msgid "IRC: #ubuntu-server on freenode"
3561
3583
msgstr ""
3562
3584
3563
#: serverguide/C/virtualization.xml:678(para)
3585
#: serverguide/C/virtualization.xml:1083(para)
3564
3586
msgid ""
3565
3587
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3566
3588
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3567
3589
msgstr ""
3568
3590
3569
#: serverguide/C/virtualization.xml:687(title)
3591
#: serverguide/C/virtualization.xml:2121(title)
3570
3592
msgid "Ubuntu Cloud"
3571
3593
msgstr ""
3572
3594
3573
#: serverguide/C/virtualization.xml:689(para)
3595
#: serverguide/C/virtualization.xml:2122(para)
3574
3596
msgid ""
3575
3597
"<application>Cloud computing</application> is a computing model that allows "
3576
3598
"vast pools of resources to be allocated on-demand. These resources such as "
3594
3616
"concerning installation and configuration."
3595
3617
msgstr ""
3596
3618
3597
#: serverguide/C/virtualization.xml:711(title)
3619
#: serverguide/C/virtualization.xml:2452(title)
3598
3620
msgid "Support and Troubleshooting"
3599
3621
msgstr ""
3600
3622
3601
#: serverguide/C/virtualization.xml:713(para)
3623
#: serverguide/C/virtualization.xml:2453(para)
3602
3624
msgid "Community Support"
3603
3625
msgstr ""
3604
3626
3605
#: serverguide/C/virtualization.xml:717(ulink)
3627
#: serverguide/C/virtualization.xml:2457(ulink)
3606
3628
msgid "OpenStack Mailing list"
3607
3629
msgstr ""
3608
3630
3609
#: serverguide/C/virtualization.xml:722(ulink)
3631
#: serverguide/C/virtualization.xml:2462(ulink)
3610
3632
msgid "The OpenStack Wiki search"
3611
3633
msgstr ""
3612
3634
3613
#: serverguide/C/virtualization.xml:727(ulink)
3635
#: serverguide/C/virtualization.xml:2468(ulink)
3614
3636
msgid "Launchpad bugs area"
3615
3637
msgstr ""
3616
3638
3617
#: serverguide/C/virtualization.xml:732(para)
3639
#: serverguide/C/virtualization.xml:2472(para)
3618
3640
msgid "Join the IRC channel #openstack on freenode."
3619
3641
msgstr ""
3620
3642
3621
#: serverguide/C/virtualization.xml:743(ulink)
3643
#: serverguide/C/virtualization.xml:2486(ulink)
3622
3644
msgid "Cloud Computing - Service models"
3623
3645
msgstr ""
3624
3646
3625
#: serverguide/C/virtualization.xml:749(ulink)
3647
#: serverguide/C/virtualization.xml:2491(ulink)
3626
3648
msgid "OpenStack Compute"
3627
3649
msgstr ""
3628
3650
3629
#: serverguide/C/virtualization.xml:755(ulink)
3651
#: serverguide/C/virtualization.xml:2496(ulink)
3630
3652
msgid "OpenStack Image Service"
3631
3653
msgstr ""
3632
3654
3633
#: serverguide/C/virtualization.xml:761(ulink)
3655
#: serverguide/C/virtualization.xml:2501(ulink)
3634
3656
msgid "OpenStack Object Storage Administration Guide"
3635
3657
msgstr ""
3636
3658
3637
#: serverguide/C/virtualization.xml:767(ulink)
3659
#: serverguide/C/virtualization.xml:2506(ulink)
3638
3660
msgid "Installing OpenStack Object Storage on Ubuntu"
3639
3661
msgstr ""
3640
3662
3641
#: serverguide/C/virtualization.xml:773(ulink)
3663
#: serverguide/C/virtualization.xml:2511(ulink)
3642
3664
msgid "http://cloudglossary.com/"
3643
3665
msgstr ""
3644
3666
3645
#: serverguide/C/virtualization.xml:783(title)
3667
#: serverguide/C/virtualization.xml:2586(title)
3646
3668
msgid "LXC"
3647
3669
msgstr ""
3648
3670
3651
3673
"Containers are a lightweight virtualization technology. They are more akin "
3652
3674
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3653
3675
"because they do not emulate hardware and because containers share the same "
3654
"operating system as the host. Therefore containers are better compared to "
3655
"Solaris zones or BSD jails. Linux-vserver and OpenVZ are two pre-existing, "
3656
"independently developed implementations of containers-like functionality for "
3657
"Linux. In fact, containers came about as a result of the work to upstream "
3658
"the vserver and OpenVZ functionality."
3676
"operating system as the host. Containers are similar to Solaris zones or BSD "
3677
"jails. Linux-vserver and OpenVZ are two pre-existing, independently "
3678
"developed implementations of containers-like functionality for Linux. In "
3679
"fact, containers came about as a result of the work to upstream the vserver "
3680
"and OpenVZ functionality."
3659
3681
msgstr ""
3660
3682
3661
#: serverguide/C/virtualization.xml:795(para)
3683
#: serverguide/C/virtualization.xml:2602(para)
3662
3684
msgid ""
3663
3685
"There are two user-space implementations of containers, each exploiting the "
3664
3686
"same kernel features. Libvirt allows the use of containers through the LXC "
3676
3698
"Apparmor protection for libvirt-lxc containers."
3677
3699
msgstr ""
3678
3700
3679
#: serverguide/C/virtualization.xml:809(para)
3701
#: serverguide/C/virtualization.xml:2618(para)
3680
3702
msgid "In this document, a container name will be shown as CN, C1, or C2."
3681
3703
msgstr ""
3682
3704
3683
#: serverguide/C/virtualization.xml:815(para)
3705
#: serverguide/C/virtualization.xml:2624(para)
3684
3706
msgid "The <application>lxc</application> package can be installed using"
3685
3707
msgstr ""
3686
3708
3687
#: serverguide/C/virtualization.xml:819(command)
3709
#: serverguide/C/virtualization.xml:2629(command)
3688
3710
msgid "sudo apt-get install lxc"
3689
3711
msgstr ""
3690
3712
3925
3947
"commands using the \"-P|--lxcpath\" argument."
3926
3948
msgstr ""
3927
3949
3928
#: serverguide/C/virtualization.xml:1042(title) serverguide/C/network-config.xml:11(title)
3950
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3929
3951
msgid "Networking"
3930
3952
msgstr ""
3931
3953
4035
4057
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4036
4058
msgstr ""
4037
4059
4038
#: serverguide/C/virtualization.xml:1142(title)
4060
#: serverguide/C/virtualization.xml:3232(title)
4039
4061
msgid "Backing Stores"
4040
4062
msgstr ""
4041
4063
4162
4184
"lxc.container.conf for more information."
4163
4185
msgstr ""
4164
4186
4165
#: serverguide/C/virtualization.xml:1256(title)
4187
#: serverguide/C/virtualization.xml:2859(title)
4166
4188
msgid "Apparmor"
4167
4189
msgstr ""
4168
4190
4174
4196
"trigger</filename> or to most <filename>/sys</filename> files."
4175
4197
msgstr ""
4176
4198
4177
#: serverguide/C/virtualization.xml:1264(para)
4199
#: serverguide/C/virtualization.xml:2867(para)
4178
4200
msgid ""
4179
4201
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4180
4202
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4194
4216
"to enter the MySQL profile (to protect the container)."
4195
4217
msgstr ""
4196
4218
4197
#: serverguide/C/virtualization.xml:1280(para)
4219
#: serverguide/C/virtualization.xml:2926(para)
4198
4220
msgid ""
4199
4221
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4200
4222
"container it spawns will be confined."
4204
4226
msgid "Customizing container policies"
4205
4227
msgstr ""
4206
4228
4207
#: serverguide/C/virtualization.xml:1284(para)
4229
#: serverguide/C/virtualization.xml:2879(para)
4208
4230
msgid ""
4209
4231
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4210
4232
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4211
4233
"start profile by doing:"
4212
4234
msgstr ""
4213
4235
4214
#: serverguide/C/virtualization.xml:1288(screen)
4236
#: serverguide/C/virtualization.xml:2885(screen)
4215
4237
#, no-wrap
4216
4238
msgid ""
4217
4239
"\n"
4219
4241
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4220
4242
msgstr ""
4221
4243
4222
#: serverguide/C/virtualization.xml:1293(para)
4244
#: serverguide/C/virtualization.xml:2890(para)
4223
4245
msgid ""
4224
4246
"This will make <command>lxc-start</command> run unconfined, but continue to "
4225
4247
"confine the container itself. If you also wish to disable confinement of the "
4227
4249
"start</filename> profile, you must add:"
4228
4250
msgstr ""
4229
4251
4230
#: serverguide/C/virtualization.xml:1298(screen)
4252
#: serverguide/C/virtualization.xml:2897(screen)
4231
4253
#, no-wrap
4232
4254
msgid ""
4233
4255
"\n"
4286
4308
msgid "After creating the policy, load it using:"
4287
4309
msgstr ""
4288
4310
4289
#: serverguide/C/virtualization.xml:1348(screen)
4311
#: serverguide/C/virtualization.xml:2910(screen)
4290
4312
#, no-wrap
4291
4313
msgid ""
4292
4314
"\n"
4293
4315
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4294
4316
msgstr ""
4295
4317
4296
#: serverguide/C/virtualization.xml:1352(para)
4318
#: serverguide/C/virtualization.xml:2914(para)
4297
4319
msgid ""
4298
4320
"The profile will automatically be loaded after a reboot, because it is "
4299
4321
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4302
4324
"configuration file:"
4303
4325
msgstr ""
4304
4326
4305
#: serverguide/C/virtualization.xml:1359(screen)
4327
#: serverguide/C/virtualization.xml:2922(screen)
4306
4328
#, no-wrap
4307
4329
msgid ""
4308
4330
"\n"
4309
4331
"lxc.aa_profile = lxc-CN-profile\n"
4310
4332
msgstr ""
4311
4333
4312
#: serverguide/C/virtualization.xml:1367(title) serverguide/C/cgroups.xml:11(title)
4334
#: serverguide/C/virtualization.xml:2934(title)
4313
4335
msgid "Control Groups"
4314
4336
msgstr ""
4315
4337
4360
4382
"requests for which they are not authorized."
4361
4383
msgstr ""
4362
4384
4363
#: serverguide/C/virtualization.xml:1414(title)
4385
#: serverguide/C/virtualization.xml:3262(title)
4364
4386
msgid "Cloning"
4365
4387
msgstr ""
4366
4388
4403
4425
msgid "Given an existing container called C1, a copy can be created using:"
4404
4426
msgstr ""
4405
4427
4406
#: serverguide/C/virtualization.xml:1450(command)
4428
#: serverguide/C/virtualization.xml:3274(command)
4407
4429
msgid "sudo lxc-clone -o C1 -n C2"
4408
4430
msgstr ""
4409
4431
4411
4433
msgid "A snapshot can be created using"
4412
4434
msgstr ""
4413
4435
4414
#: serverguide/C/virtualization.xml:1457(command)
4436
#: serverguide/C/virtualization.xml:3288(command)
4415
4437
msgid "sudo lxc-clone -s -o C1 -n C2"
4416
4438
msgstr ""
4417
4439
4537
4559
"lxc package to serve as an example of how to write and use such hooks."
4538
4560
msgstr ""
4539
4561
4540
#: serverguide/C/virtualization.xml:1579(title)
4562
#: serverguide/C/virtualization.xml:3452(title)
4541
4563
msgid "Consoles"
4542
4564
msgstr ""
4543
4565
4555
4577
"3 from the host, use"
4556
4578
msgstr ""
4557
4579
4558
#: serverguide/C/virtualization.xml:1594(command)
4580
#: serverguide/C/virtualization.xml:3467(command)
4559
4581
msgid "sudo lxc-console -n container -t 3"
4560
4582
msgstr ""
4561
4583
4562
#: serverguide/C/virtualization.xml:1599(para)
4584
#: serverguide/C/virtualization.xml:3472(para)
4563
4585
msgid ""
4564
4586
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4565
4587
"console will be automatically chosen. To exit the console, use the escape "
4568
4590
"d</emphasis> option."
4569
4591
msgstr ""
4570
4592
4571
#: serverguide/C/virtualization.xml:1605(para)
4593
#: serverguide/C/virtualization.xml:3480(para)
4572
4594
msgid ""
4573
4595
"Each container console is actually a Unix98 pty in the host's (not the "
4574
4596
"guest's) pty mount, bind-mounted over the guest's "
4581
4603
"<filename>/dev</filename>."
4582
4604
msgstr ""
4583
4605
4584
#: serverguide/C/virtualization.xml:1617(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1702(title) serverguide/C/dns.xml:375(title)
4606
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4585
4607
msgid "Troubleshooting"
4586
4608
msgstr ""
4587
4609
4588
#: serverguide/C/virtualization.xml:1619(title) serverguide/C/network-auth.xml:765(title) serverguide/C/dns.xml:517(title)
4610
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4589
4611
msgid "Logging"
4590
4612
msgstr ""
4591
4613
4602
4624
"new log information will be appended."
4603
4625
msgstr ""
4604
4626
4605
#: serverguide/C/virtualization.xml:1635(title)
4627
#: serverguide/C/virtualization.xml:3414(title)
4606
4628
msgid "Monitoring container status"
4607
4629
msgstr ""
4608
4630
4609
#: serverguide/C/virtualization.xml:1637(para)
4631
#: serverguide/C/virtualization.xml:3416(para)
4610
4632
msgid ""
4611
4633
"Two commands are available to monitor container state changes. <command>lxc-"
4612
4634
"monitor</command> monitors one or more containers for any state changes. It "
4618
4640
"instance,"
4619
4641
msgstr ""
4620
4642
4621
#: serverguide/C/virtualization.xml:1647(command)
4643
#: serverguide/C/virtualization.xml:3429(command)
4622
4644
msgid "sudo lxc-monitor -n cont[0-5]*"
4623
4645
msgstr ""
4624
4646
4625
#: serverguide/C/virtualization.xml:1652(para)
4647
#: serverguide/C/virtualization.xml:3434(para)
4626
4648
msgid ""
4627
4649
"would print all state changes to any containers matching the listed regular "
4628
4650
"expression, whereas"
4629
4651
msgstr ""
4630
4652
4631
#: serverguide/C/virtualization.xml:1656(command)
4653
#: serverguide/C/virtualization.xml:3440(command)
4632
4654
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4633
4655
msgstr ""
4634
4656
4635
#: serverguide/C/virtualization.xml:1661(para)
4657
#: serverguide/C/virtualization.xml:3445(para)
4636
4658
msgid ""
4637
4659
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4638
4660
"then exit."
4718
4740
"True\n"
4719
4741
msgstr ""
4720
4742
4721
#: serverguide/C/virtualization.xml:1740(title) serverguide/C/security.xml:11(title)
4743
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4722
4744
msgid "Security"
4723
4745
msgstr ""
4724
4746
4725
#: serverguide/C/virtualization.xml:1742(para)
4747
#: serverguide/C/virtualization.xml:4351(para)
4726
4748
msgid ""
4727
4749
"A namespace maps ids to resources. By not providing a container any id with "
4728
4750
"which to reference a resource, the resource can be protected. This is the "
4744
4766
"host."
4745
4767
msgstr ""
4746
4768
4747
#: serverguide/C/virtualization.xml:1762(title)
4769
#: serverguide/C/virtualization.xml:4375(title)
4748
4770
msgid "Exploitable system calls"
4749
4771
msgstr ""
4750
4772
4780
4802
"loaded."
4781
4803
msgstr ""
4782
4804
4783
#: serverguide/C/virtualization.xml:1796(para)
4805
#: serverguide/C/virtualization.xml:4392(para)
4784
4806
msgid ""
4785
4807
"The DeveloperWorks article <ulink "
4786
4808
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4788
4810
"to the use of containers."
4789
4811
msgstr ""
4790
4812
4791
#: serverguide/C/virtualization.xml:1803(para)
4813
#: serverguide/C/virtualization.xml:4398(para)
4792
4814
msgid ""
4793
4815
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4794
4816
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4799
4821
msgid "Manual pages referenced above can be found at:"
4800
4822
msgstr ""
4801
4823
4802
#: serverguide/C/virtualization.xml:1812(ulink)
4824
#: serverguide/C/virtualization.xml:4407(ulink)
4803
4825
msgid "capabilities"
4804
4826
msgstr ""
4805
4827
4806
#: serverguide/C/virtualization.xml:1813(ulink)
4828
#: serverguide/C/virtualization.xml:4408(ulink)
4807
4829
msgid "lxc.conf"
4808
4830
msgstr ""
4809
4831
4813
4835
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4814
4836
msgstr ""
4815
4837
4816
#: serverguide/C/virtualization.xml:1823(para)
4838
#: serverguide/C/virtualization.xml:4420(para)
4817
4839
msgid ""
4818
4840
"LXC security issues are listed and discussed at <ulink "
4819
4841
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4926
4948
msgstr ""
4927
4949
4928
4950
#: serverguide/C/vcs.xml:92(command)
4929
msgid "sudo apt-get install git-core"
4951
msgid "sudo apt-get install git"
4930
4952
msgstr ""
4931
4953
4932
4954
#: serverguide/C/vcs.xml:97(para)
5039
5061
#: serverguide/C/vcs.xml:151(para)
5040
5062
msgid ""
5041
5063
"Now we want to let gitolite know about the repository administrator's public "
5042
"SSH key. This assumes that the current user is the repository administrator."
5064
"SSH key. This assumes that the current user is the repository administrator. "
5065
"If you have not yet configured an SSH key, refer to <xref linkend=\"openssh-"
5066
"keys\"/>"
5043
5067
msgstr ""
5044
5068
5045
#: serverguide/C/vcs.xml:155(command)
5069
#: serverguide/C/vcs.xml:156(command)
5046
5070
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5047
5071
msgstr ""
5048
5072
5049
#: serverguide/C/vcs.xml:157(para)
5073
#: serverguide/C/vcs.xml:158(para)
5050
5074
msgid ""
5051
5075
"Let's switch to the git user and import the administrator's key into "
5052
5076
"gitolite."
5053
5077
msgstr ""
5054
5078
5055
#: serverguide/C/vcs.xml:161(command)
5079
#: serverguide/C/vcs.xml:162(command)
5056
5080
msgid "sudo su - git"
5057
5081
msgstr ""
5058
5082
5059
#: serverguide/C/vcs.xml:162(command)
5083
#: serverguide/C/vcs.xml:163(command)
5060
5084
msgid "gl-setup /tmp/*.pub"
5061
5085
msgstr ""
5062
5086
5063
#: serverguide/C/vcs.xml:164(para)
5087
#: serverguide/C/vcs.xml:165(para)
5064
5088
msgid ""
5065
5089
"Gitolite will allow you to make initial changes to its configuration file "
5066
5090
"during the setup process. You can now clone and modify the gitolite "
5069
5093
"configuration repository:"
5070
5094
msgstr ""
5071
5095
5072
#: serverguide/C/vcs.xml:168(command)
5096
#: serverguide/C/vcs.xml:169(command)
5073
5097
msgid "exit"
5074
5098
msgstr ""
5075
5099
5076
#: serverguide/C/vcs.xml:169(command)
5100
#: serverguide/C/vcs.xml:170(command)
5077
5101
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5078
5102
msgstr ""
5079
5103
5080
#: serverguide/C/vcs.xml:170(command)
5104
#: serverguide/C/vcs.xml:171(command)
5081
5105
msgid "cd gitolite-admin"
5082
5106
msgstr ""
5083
5107
5084
#: serverguide/C/vcs.xml:172(para)
5108
#: serverguide/C/vcs.xml:173(para)
5085
5109
msgid ""
5086
5110
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5087
5111
"configuration files are in the conf dir, and the keydir directory contains "
5088
5112
"the list of user's public SSH keys."
5089
5113
msgstr ""
5090
5114
5091
#: serverguide/C/vcs.xml:175(title)
5115
#: serverguide/C/vcs.xml:176(title)
5092
5116
msgid "Managing gitolite users and repositories"
5093
5117
msgstr ""
5094
5118
5095
#: serverguide/C/vcs.xml:176(para)
5119
#: serverguide/C/vcs.xml:177(para)
5096
5120
msgid ""
5097
5121
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5098
5122
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5103
5127
"server with"
5104
5128
msgstr ""
5105
5129
5106
#: serverguide/C/vcs.xml:178(command)
5130
#: serverguide/C/vcs.xml:179(command)
5107
5131
msgid "git commit -a"
5108
5132
msgstr ""
5109
5133
5110
#: serverguide/C/vcs.xml:179(command)
5134
#: serverguide/C/vcs.xml:180(command)
5111
5135
msgid "git push origin master"
5112
5136
msgstr ""
5113
5137
5114
#: serverguide/C/vcs.xml:181(para)
5138
#: serverguide/C/vcs.xml:182(para)
5115
5139
msgid ""
5116
5140
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5117
5141
"is space separated, and simply specifies the list of repositories followed "
5118
5142
"by some access rules. The following is a default example"
5119
5143
msgstr ""
5120
5144
5121
#: serverguide/C/vcs.xml:182(programlisting)
5145
#: serverguide/C/vcs.xml:183(programlisting)
5122
5146
#, no-wrap
5123
5147
msgid ""
5124
5148
"\n"
5132
5156
" R = denise\n"
5133
5157
msgstr ""
5134
5158
5135
#: serverguide/C/vcs.xml:194(title)
5159
#: serverguide/C/vcs.xml:195(title)
5136
5160
msgid "Using your server"
5137
5161
msgstr ""
5138
5162
5139
#: serverguide/C/vcs.xml:195(para)
5163
#: serverguide/C/vcs.xml:196(para)
5140
5164
msgid ""
5141
5165
"To use the newly created server, users have to have the gitolite admin "
5142
5166
"import their public key into the gitolite configuration repository, they can "
5143
5167
"then access any project they have access to with the following command:"
5144
5168
msgstr ""
5145
5169
5146
#: serverguide/C/vcs.xml:197(command)
5170
#: serverguide/C/vcs.xml:198(command)
5147
5171
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5148
5172
msgstr ""
5149
5173
5150
#: serverguide/C/vcs.xml:199(para)
5174
#: serverguide/C/vcs.xml:200(para)
5151
5175
msgid ""
5152
5176
"Or add the server's project as a remote for an existing git repository:"
5153
5177
msgstr ""
5154
5178
5155
#: serverguide/C/vcs.xml:201(command)
5179
#: serverguide/C/vcs.xml:202(command)
5156
5180
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5157
5181
msgstr ""
5158
5182
5159
#: serverguide/C/vcs.xml:206(title)
5183
#: serverguide/C/vcs.xml:79(title)
5160
5184
msgid "Subversion"
5161
5185
msgstr ""
5162
5186
5163
#: serverguide/C/vcs.xml:207(para)
5187
#: serverguide/C/vcs.xml:80(para)
5164
5188
msgid ""
5165
5189
"Subversion is an open source version control system. Using Subversion, you "
5166
5190
"can record the history of source files and documents. It manages files and "
5169
5193
"remembers every change ever made to files and directories."
5170
5194
msgstr ""
5171
5195
5172
#: serverguide/C/vcs.xml:212(para)
5196
#: serverguide/C/vcs.xml:85(para)
5173
5197
msgid ""
5174
5198
"To access Subversion repository using the HTTP protocol, you must install "
5175
5199
"and configure a web server. Apache2 is proven to work with Subversion. "
5180
5204
"section to install and configure the digital certificate."
5181
5205
msgstr ""
5182
5206
5183
#: serverguide/C/vcs.xml:221(para)
5207
#: serverguide/C/vcs.xml:94(para)
5184
5208
msgid ""
5185
5209
"To install Subversion, run the following command from a terminal prompt:"
5186
5210
msgstr ""
5187
5211
5188
#: serverguide/C/vcs.xml:226(command)
5212
#: serverguide/C/vcs.xml:227(command)
5189
5213
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5190
5214
msgstr ""
5191
5215
5192
#: serverguide/C/vcs.xml:232(title)
5216
#: serverguide/C/vcs.xml:105(title)
5193
5217
msgid "Server Configuration"
5194
5218
msgstr ""
5195
5219
5196
#: serverguide/C/vcs.xml:233(para)
5220
#: serverguide/C/vcs.xml:106(para)
5197
5221
msgid ""
5198
5222
"This step assumes you have installed above mentioned packages on your "
5199
5223
"system. This section explains how to create a Subversion repository and "
5200
5224
"access the project."
5201
5225
msgstr ""
5202
5226
5203
#: serverguide/C/vcs.xml:236(title)
5227
#: serverguide/C/vcs.xml:109(title)
5204
5228
msgid "Create Subversion Repository"
5205
5229
msgstr ""
5206
5230
5207
#: serverguide/C/vcs.xml:237(para)
5231
#: serverguide/C/vcs.xml:110(para)
5208
5232
msgid ""
5209
5233
"The Subversion repository can be created using the following command from a "
5210
5234
"terminal prompt:"
5211
5235
msgstr ""
5212
5236
5213
#: serverguide/C/vcs.xml:241(command)
5237
#: serverguide/C/vcs.xml:114(command)
5214
5238
msgid "svnadmin create /path/to/repos/project"
5215
5239
msgstr ""
5216
5240
5217
#: serverguide/C/vcs.xml:246(title)
5241
#: serverguide/C/vcs.xml:119(title)
5218
5242
msgid "Importing Files"
5219
5243
msgstr ""
5220
5244
5221
#: serverguide/C/vcs.xml:247(para)
5245
#: serverguide/C/vcs.xml:120(para)
5222
5246
msgid ""
5223
5247
"Once you create the repository you can <emphasis>import</emphasis> files "
5224
5248
"into the repository. To import a directory, enter the following from a "
5228
5252
"</screen>"
5229
5253
msgstr ""
5230
5254
5231
#: serverguide/C/vcs.xml:259(title) serverguide/C/vcs.xml:264(title)
5255
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5232
5256
msgid "Access Methods"
5233
5257
msgstr ""
5234
5258
5235
#: serverguide/C/vcs.xml:260(para)
5259
#: serverguide/C/vcs.xml:133(para)
5236
5260
msgid ""
5237
5261
"Subversion repositories can be accessed (checked out) through many different "
5238
5262
"methods --on local disk, or through various network protocols. A repository "
5240
5264
"schemes map to the available access methods."
5241
5265
msgstr ""
5242
5266
5243
#: serverguide/C/vcs.xml:271(para)
5267
#: serverguide/C/vcs.xml:144(para)
5244
5268
msgid "Schema"
5245
5269
msgstr ""
5246
5270
5247
#: serverguide/C/vcs.xml:272(para)
5271
#: serverguide/C/vcs.xml:145(para)
5248
5272
msgid "Access Method"
5249
5273
msgstr ""
5250
5274
5251
#: serverguide/C/vcs.xml:277(para)
5275
#: serverguide/C/vcs.xml:150(para)
5252
5276
msgid "file://"
5253
5277
msgstr ""
5254
5278
5255
#: serverguide/C/vcs.xml:278(para)
5279
#: serverguide/C/vcs.xml:151(para)
5256
5280
msgid "direct repository access (on local disk)"
5257
5281
msgstr ""
5258
5282
5259
#: serverguide/C/vcs.xml:281(para)
5283
#: serverguide/C/vcs.xml:154(para)
5260
5284
msgid "http://"
5261
5285
msgstr ""
5262
5286
5263
#: serverguide/C/vcs.xml:282(para)
5287
#: serverguide/C/vcs.xml:155(para)
5264
5288
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5265
5289
msgstr ""
5266
5290
5267
#: serverguide/C/vcs.xml:285(para)
5291
#: serverguide/C/vcs.xml:158(para)
5268
5292
msgid "https://"
5269
5293
msgstr ""
5270
5294
5271
#: serverguide/C/vcs.xml:286(para)
5295
#: serverguide/C/vcs.xml:159(para)
5272
5296
msgid "Same as http://, but with SSL encryption"
5273
5297
msgstr ""
5274
5298
5275
#: serverguide/C/vcs.xml:289(para)
5299
#: serverguide/C/vcs.xml:162(para)
5276
5300
msgid "svn://"
5277
5301
msgstr ""
5278
5302
5279
#: serverguide/C/vcs.xml:290(para)
5303
#: serverguide/C/vcs.xml:163(para)
5280
5304
msgid "Access via custom protocol to an svnserve server"
5281
5305
msgstr ""
5282
5306
5283
#: serverguide/C/vcs.xml:293(para)
5307
#: serverguide/C/vcs.xml:166(para)
5284
5308
msgid "svn+ssh://"
5285
5309
msgstr ""
5286
5310
5287
#: serverguide/C/vcs.xml:294(para)
5311
#: serverguide/C/vcs.xml:167(para)
5288
5312
msgid "Same as svn://, but through an SSH tunnel"
5289
5313
msgstr ""
5290
5314
5291
#: serverguide/C/vcs.xml:300(para)
5315
#: serverguide/C/vcs.xml:173(para)
5292
5316
msgid ""
5293
5317
"In this section, we will see how to configure Subversion for all these "
5294
5318
"access methods. Here, we cover the basics. For more advanced usage details, "
5295
5319
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5296
5320
msgstr ""
5297
5321
5298
#: serverguide/C/vcs.xml:307(title)
5322
#: serverguide/C/vcs.xml:180(title)
5299
5323
msgid "Direct repository access (file://)"
5300
5324
msgstr ""
5301
5325
5302
#: serverguide/C/vcs.xml:308(para)
5326
#: serverguide/C/vcs.xml:181(para)
5303
5327
msgid ""
5304
5328
"This is the simplest of all access methods. It does not require any "
5305
5329
"Subversion server process to be running. This access method is used to "
5307
5331
"at a terminal prompt, is as follows:"
5308
5332
msgstr ""
5309
5333
5310
#: serverguide/C/vcs.xml:315(command)
5334
#: serverguide/C/vcs.xml:188(command)
5311
5335
msgid "svn co file:///path/to/repos/project"
5312
5336
msgstr ""
5313
5337
5314
#: serverguide/C/vcs.xml:318(para)
5338
#: serverguide/C/vcs.xml:191(para)
5315
5339
msgid "or"
5316
5340
msgstr ""
5317
5341
5318
#: serverguide/C/vcs.xml:321(command)
5342
#: serverguide/C/vcs.xml:194(command)
5319
5343
msgid "svn co file://localhost/path/to/repos/project"
5320
5344
msgstr ""
5321
5345
5322
#: serverguide/C/vcs.xml:325(para)
5346
#: serverguide/C/vcs.xml:198(para)
5323
5347
msgid ""
5324
5348
"If you do not specify the hostname, there are three forward slashes (///) -- "
5325
5349
"two for the protocol (file, in this case) plus the leading slash in the "
5326
5350
"path. If you specify the hostname, you must use two forward slashes (//)."
5327
5351
msgstr ""
5328
5352
5329
#: serverguide/C/vcs.xml:327(para)
5353
#: serverguide/C/vcs.xml:200(para)
5330
5354
msgid ""
5331
5355
"The repository permissions depend on filesystem permissions. If the user has "
5332
5356
"read/write permission, he can checkout from and commit to the repository."
5333
5357
msgstr ""
5334
5358
5335
#: serverguide/C/vcs.xml:330(title)
5359
#: serverguide/C/vcs.xml:203(title)
5336
5360
msgid "Access via WebDAV protocol (http://)"
5337
5361
msgstr ""
5338
5362
5339
#: serverguide/C/vcs.xml:331(para)
5363
#: serverguide/C/vcs.xml:332(para)
5340
5364
msgid ""
5341
5365
"To access the Subversion repository via WebDAV protocol, you must configure "
5342
5366
"your Apache 2 web server. Add the following snippet between the "
5346
5370
"another VirtualHost file:"
5347
5371
msgstr ""
5348
5372
5349
#: serverguide/C/vcs.xml:337(programlisting)
5373
#: serverguide/C/vcs.xml:338(programlisting)
5350
5374
#, no-wrap
5351
5375
msgid ""
5352
5376
"\n"
5360
5384
" </Location> \n"
5361
5385
msgstr ""
5362
5386
5363
#: serverguide/C/vcs.xml:348(para)
5387
#: serverguide/C/vcs.xml:349(para)
5364
5388
msgid ""
5365
5389
"The above configuration snippet assumes that Subversion repositories are "
5366
5390
"created under <filename>/path/to/repos</filename> directory using "
5369
5393
"<command>http://hostname/svn/repos_name</command> url."
5370
5394
msgstr ""
5371
5395
5372
#: serverguide/C/vcs.xml:354(para)
5396
#: serverguide/C/vcs.xml:355(para)
5373
5397
msgid ""
5374
5398
"Changing the apache configuration like the above requires to reload the "
5375
5399
"service with the following command"
5376
5400
msgstr ""
5377
5401
5378
#: serverguide/C/vcs.xml:359(command)
5402
#: serverguide/C/vcs.xml:360(command)
5379
5403
msgid "sudo service apache2 reload"
5380
5404
msgstr ""
5381
5405
5382
#: serverguide/C/vcs.xml:361(para)
5406
#: serverguide/C/vcs.xml:362(para)
5383
5407
msgid ""
5384
5408
"To import or commit files to your Subversion repository over HTTP, the "
5385
5409
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5387
5411
"repository files enter the following command from terminal prompt:"
5388
5412
msgstr ""
5389
5413
5390
#: serverguide/C/vcs.xml:370(command)
5414
#: serverguide/C/vcs.xml:236(command)
5391
5415
msgid "sudo chown -R www-data:www-data /path/to/repos"
5392
5416
msgstr ""
5393
5417
5394
#: serverguide/C/vcs.xml:373(para)
5418
#: serverguide/C/vcs.xml:239(para)
5395
5419
msgid ""
5396
5420
"By changing the ownership of repository as <command>www-data</command> you "
5397
5421
"will not be able to import or commit files into the repository by running "
5399
5423
"<command>www-data</command>."
5400
5424
msgstr ""
5401
5425
5402
#: serverguide/C/vcs.xml:382(para)
5426
#: serverguide/C/vcs.xml:248(para)
5403
5427
msgid ""
5404
5428
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5405
5429
"that will contain user authentication details. To create a file issue the "
5407
5431
"the first user):"
5408
5432
msgstr ""
5409
5433
5410
#: serverguide/C/vcs.xml:388(command)
5434
#: serverguide/C/vcs.xml:254(command)
5411
5435
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5412
5436
msgstr ""
5413
5437
5414
#: serverguide/C/vcs.xml:391(para)
5438
#: serverguide/C/vcs.xml:257(para)
5415
5439
msgid ""
5416
5440
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5417
5441
"option replaces the old file. Instead use this form:"
5418
5442
msgstr ""
5419
5443
5420
#: serverguide/C/vcs.xml:396(command)
5444
#: serverguide/C/vcs.xml:262(command)
5421
5445
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5422
5446
msgstr ""
5423
5447
5424
#: serverguide/C/vcs.xml:400(para)
5448
#: serverguide/C/vcs.xml:266(para)
5425
5449
msgid ""
5426
5450
"This command will prompt you to enter the password. Once you enter the "
5427
5451
"password, the user is added. Now, to access the repository you can run the "
5428
5452
"following command:"
5429
5453
msgstr ""
5430
5454
5431
#: serverguide/C/vcs.xml:401(command)
5455
#: serverguide/C/vcs.xml:267(command)
5432
5456
msgid "svn co http://servername/svn"
5433
5457
msgstr ""
5434
5458
5435
#: serverguide/C/vcs.xml:403(para)
5459
#: serverguide/C/vcs.xml:269(para)
5436
5460
msgid ""
5437
5461
"The password is transmitted as plain text. If you are worried about password "
5438
5462
"snooping, you are advised to use SSL encryption. For details, please refer "
5439
5463
"next section."
5440
5464
msgstr ""
5441
5465
5442
#: serverguide/C/vcs.xml:409(title)
5466
#: serverguide/C/vcs.xml:275(title)
5443
5467
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5444
5468
msgstr ""
5445
5469
5446
#: serverguide/C/vcs.xml:410(para)
5470
#: serverguide/C/vcs.xml:411(para)
5447
5471
msgid ""
5448
5472
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5449
5473
"(https://) is similar to http:// except that you must install and configure "
5454
5478
"configuration\"/>."
5455
5479
msgstr ""
5456
5480
5457
#: serverguide/C/vcs.xml:419(para)
5481
#: serverguide/C/vcs.xml:285(para)
5458
5482
msgid ""
5459
5483
"You can install a digital certificate issued by a signing authority. "
5460
5484
"Alternatively, you can install your own self-signed certificate."
5461
5485
msgstr ""
5462
5486
5463
#: serverguide/C/vcs.xml:424(para)
5487
#: serverguide/C/vcs.xml:290(para)
5464
5488
msgid ""
5465
5489
"This step assumes you have installed and configured a digital certificate in "
5466
5490
"your Apache 2 web server. Now, to access the Subversion repository, please "
5468
5492
"the protocol. You must use https:// to access the Subversion repository."
5469
5493
msgstr ""
5470
5494
5471
#: serverguide/C/vcs.xml:434(title)
5495
#: serverguide/C/vcs.xml:300(title)
5472
5496
msgid "Access via custom protocol (svn://)"
5473
5497
msgstr ""
5474
5498
5475
#: serverguide/C/vcs.xml:435(para)
5499
#: serverguide/C/vcs.xml:301(para)
5476
5500
msgid ""
5477
5501
"Once the Subversion repository is created, you can configure the access "
5478
5502
"control. You can edit the <filename> "
5481
5505
"following lines in the configuration file:"
5482
5506
msgstr ""
5483
5507
5484
#: serverguide/C/vcs.xml:442(programlisting)
5508
#: serverguide/C/vcs.xml:308(programlisting)
5485
5509
#, no-wrap
5486
5510
msgid ""
5487
5511
"# [general]\n"
5488
5512
"# password-db = passwd"
5489
5513
msgstr ""
5490
5514
5491
#: serverguide/C/vcs.xml:445(para)
5515
#: serverguide/C/vcs.xml:311(para)
5492
5516
msgid ""
5493
5517
"After uncommenting the above lines, you can maintain the user list in the "
5494
5518
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5495
5519
"directory and add the new user. The syntax is as follows:"
5496
5520
msgstr ""
5497
5521
5498
#: serverguide/C/vcs.xml:451(programlisting)
5522
#: serverguide/C/vcs.xml:317(programlisting)
5499
5523
#, no-wrap
5500
5524
msgid "username = password"
5501
5525
msgstr ""
5502
5526
5503
#: serverguide/C/vcs.xml:452(para)
5527
#: serverguide/C/vcs.xml:318(para)
5504
5528
msgid "For more details, please refer to the file."
5505
5529
msgstr ""
5506
5530
5507
#: serverguide/C/vcs.xml:456(para)
5531
#: serverguide/C/vcs.xml:322(para)
5508
5532
msgid ""
5509
5533
"Now, to access Subversion via the svn:// custom protocol, either from the "
5510
5534
"same machine or a different machine, you can run svnserver using svnserve "
5511
5535
"command. The syntax is as follows:"
5512
5536
msgstr ""
5513
5537
5514
#: serverguide/C/vcs.xml:461(programlisting)
5538
#: serverguide/C/vcs.xml:327(programlisting)
5515
5539
#, no-wrap
5516
5540
msgid ""
5517
5541
"$ svnserve -d --foreground -r /path/to/repos\n"
5523
5547
"$ svnserve --help"
5524
5548
msgstr ""
5525
5549
5526
#: serverguide/C/vcs.xml:469(para)
5550
#: serverguide/C/vcs.xml:335(para)
5527
5551
msgid ""
5528
5552
"Once you run this command, Subversion starts listening on default port "
5529
5553
"(3690). To access the project repository, you must run the following command "
5530
5554
"from a terminal prompt:"
5531
5555
msgstr ""
5532
5556
5533
#: serverguide/C/vcs.xml:472(command)
5557
#: serverguide/C/vcs.xml:338(command)
5534
5558
msgid "svn co svn://hostname/project project --username user_name"
5535
5559
msgstr ""
5536
5560
5537
#: serverguide/C/vcs.xml:475(para)
5561
#: serverguide/C/vcs.xml:341(para)
5538
5562
msgid ""
5539
5563
"Based on server configuration, it prompts for password. Once you are "
5540
5564
"authenticated, it checks out the code from Subversion repository. To "
5543
5567
"a terminal prompt, is as follows:"
5544
5568
msgstr ""
5545
5569
5546
#: serverguide/C/vcs.xml:483(command)
5570
#: serverguide/C/vcs.xml:349(command)
5547
5571
msgid "cd project_dir ; svn update"
5548
5572
msgstr ""
5549
5573
5550
#: serverguide/C/vcs.xml:486(para)
5574
#: serverguide/C/vcs.xml:352(para)
5551
5575
msgid ""
5552
5576
"For more details about using each Subversion sub-command, you can refer to "
5553
5577
"the manual. For example, to learn more about the co (checkout) command, "
5554
5578
"please run the following command from a terminal prompt:"
5555
5579
msgstr ""
5556
5580
5557
#: serverguide/C/vcs.xml:490(command)
5581
#: serverguide/C/vcs.xml:356(command)
5558
5582
msgid "svn co help"
5559
5583
msgstr ""
5560
5584
5561
#: serverguide/C/vcs.xml:494(title)
5585
#: serverguide/C/vcs.xml:495(title)
5562
5586
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5563
5587
msgstr ""
5564
5588
5565
#: serverguide/C/vcs.xml:495(para)
5589
#: serverguide/C/vcs.xml:361(para)
5566
5590
msgid ""
5567
5591
"The configuration and server process is same as in the svn:// method. For "
5568
5592
"details, please refer to the above section. This step assumes you have "
5570
5594
"<application>svnserve</application> command."
5571
5595
msgstr ""
5572
5596
5573
#: serverguide/C/vcs.xml:501(para)
5597
#: serverguide/C/vcs.xml:367(para)
5574
5598
msgid ""
5575
5599
"It is also assumed that the ssh server is running on that machine and that "
5576
5600
"it is allowing incoming connections. To confirm, please try to login to that "
5578
5602
"login, please address it before continuing further."
5579
5603
msgstr ""
5580
5604
5581
#: serverguide/C/vcs.xml:507(para)
5605
#: serverguide/C/vcs.xml:373(para)
5582
5606
msgid ""
5583
5607
"The svn+ssh:// protocol is used to access the Subversion repository using "
5584
5608
"SSL encryption. The data transfer is encrypted using this method. To access "
5586
5610
"following command syntax:"
5587
5611
msgstr ""
5588
5612
5589
#: serverguide/C/vcs.xml:514(command)
5613
#: serverguide/C/vcs.xml:515(command)
5590
5614
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5591
5615
msgstr ""
5592
5616
5593
#: serverguide/C/vcs.xml:518(para)
5617
#: serverguide/C/vcs.xml:384(para)
5594
5618
msgid ""
5595
5619
"You must use the full path (/path/to/repos/project) to access the Subversion "
5596
5620
"repository using this access method."
5597
5621
msgstr ""
5598
5622
5599
#: serverguide/C/vcs.xml:521(para)
5623
#: serverguide/C/vcs.xml:387(para)
5600
5624
msgid ""
5601
5625
"Based on server configuration, it prompts for password. You must enter the "
5602
5626
"password you use to login via ssh. Once you are authenticated, it checks out "
5603
5627
"the code from the Subversion repository."
5604
5628
msgstr ""
5605
5629
5606
#: serverguide/C/vcs.xml:536(ulink)
5630
#: serverguide/C/vcs.xml:539(ulink)
5607
5631
msgid "Bazaar Home Page"
5608
5632
msgstr ""
5609
5633
5610
#: serverguide/C/vcs.xml:541(ulink)
5634
#: serverguide/C/vcs.xml:540(ulink)
5611
5635
msgid "Launchpad"
5612
5636
msgstr ""
5613
5637
5614
#: serverguide/C/vcs.xml:546(ulink)
5638
#: serverguide/C/vcs.xml:547(ulink)
5615
5639
msgid "Git homepage"
5616
5640
msgstr ""
5617
5641
5618
#: serverguide/C/vcs.xml:551(ulink)
5642
#: serverguide/C/vcs.xml:552(ulink)
5619
5643
msgid "Gitolite"
5620
5644
msgstr ""
5621
5645
5622
#: serverguide/C/vcs.xml:556(ulink)
5646
#: serverguide/C/vcs.xml:541(ulink)
5623
5647
msgid "Subversion Home Page"
5624
5648
msgstr ""
5625
5649
5626
#: serverguide/C/vcs.xml:561(ulink)
5650
#: serverguide/C/vcs.xml:542(ulink)
5627
5651
msgid "Subversion Book"
5628
5652
msgstr ""
5629
5653
5630
#: serverguide/C/vcs.xml:566(ulink)
5654
#: serverguide/C/vcs.xml:545(ulink)
5631
5655
msgid "Easy Bazaar Ubuntu Wiki page"
5632
5656
msgstr ""
5633
5657
5634
#: serverguide/C/vcs.xml:571(ulink)
5658
#: serverguide/C/vcs.xml:546(ulink)
5635
5659
msgid "Ubuntu Wiki Subversion page"
5636
5660
msgstr ""
5637
5661
5697
5721
#: serverguide/C/serverguide.xml:17(para)
5698
5722
msgid ""
5699
5723
"Other contributors can be found in the revision history of the <ulink "
5700
"url=\"https://code.launchpad.net/serverguide\">serverguide</ulink> and "
5701
"<ulink url=\"https://code.launchpad.net/ubuntu-docs\">ubuntu-docs</ulink> "
5702
"bzr branches available on Launchpad."
5724
"url=\"https://bazaar.launchpad.net/~ubuntu-core-"
5725
"doc/serverguide/trunk/changes\">serverguide</ulink> and <ulink "
5726
"url=\"https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-"
5727
"docs/trunk/changes\">ubuntu-docs</ulink> bzr branches available on Launchpad."
5703
5728
msgstr ""
5704
5729
5705
5730
#: serverguide/C/serverguide.xml:12(para)
5791
5816
msgid "Configurations with root passwords are not supported."
5792
5817
msgstr ""
5793
5818
5794
#: serverguide/C/security.xml:42(command)
5819
#: serverguide/C/security.xml:37(command)
5795
5820
msgid "sudo passwd"
5796
5821
msgstr ""
5797
5822
5798
#: serverguide/C/security.xml:44(para)
5823
#: serverguide/C/security.xml:39(para)
5799
5824
msgid ""
5800
5825
"Sudo will prompt you for your password, and then ask you to supply a new "
5801
5826
"password for root as shown below:"
5802
5827
msgstr ""
5803
5828
5804
#: serverguide/C/security.xml:47(computeroutput)
5829
#: serverguide/C/security.xml:42(computeroutput)
5805
5830
#, no-wrap
5806
5831
msgid "[sudo] password for username:"
5807
5832
msgstr ""
5808
5833
5809
#: serverguide/C/security.xml:47(userinput)
5834
#: serverguide/C/security.xml:42(userinput)
5810
5835
#, no-wrap
5811
5836
msgid "(enter your own password)"
5812
5837
msgstr ""
5813
5838
5814
#: serverguide/C/security.xml:48(computeroutput)
5839
#: serverguide/C/security.xml:43(computeroutput)
5815
5840
#, no-wrap
5816
5841
msgid "Enter new UNIX password:"
5817
5842
msgstr ""
5818
5843
5819
#: serverguide/C/security.xml:48(userinput)
5844
#: serverguide/C/security.xml:43(userinput)
5820
5845
#, no-wrap
5821
5846
msgid "(enter a new password for root)"
5822
5847
msgstr ""
5823
5848
5824
#: serverguide/C/security.xml:49(computeroutput)
5849
#: serverguide/C/security.xml:44(computeroutput)
5825
5850
#, no-wrap
5826
5851
msgid "Retype new UNIX password:"
5827
5852
msgstr ""
5828
5853
5829
#: serverguide/C/security.xml:49(userinput)
5854
#: serverguide/C/security.xml:44(userinput)
5830
5855
#, no-wrap
5831
5856
msgid "(repeat new password for root)"
5832
5857
msgstr ""
5833
5858
5834
#: serverguide/C/security.xml:50(computeroutput)
5859
#: serverguide/C/security.xml:45(computeroutput)
5835
5860
#, no-wrap
5836
5861
msgid "passwd: password updated successfully"
5837
5862
msgstr ""
5841
5866
"To disable the root account password, use the following passwd syntax:"
5842
5867
msgstr ""
5843
5868
5844
#: serverguide/C/security.xml:58(command)
5869
#: serverguide/C/security.xml:53(command)
5845
5870
msgid "sudo passwd -l root"
5846
5871
msgstr ""
5847
5872
5854
5879
msgid "usermod --expiredate 1"
5855
5880
msgstr ""
5856
5881
5857
#: serverguide/C/security.xml:68(para)
5882
#: serverguide/C/security.xml:57(para)
5858
5883
msgid ""
5859
5884
"You should read more on <application>Sudo</application> by checking out it's "
5860
5885
"man page:"
5861
5886
msgstr ""
5862
5887
5863
#: serverguide/C/security.xml:72(command)
5888
#: serverguide/C/security.xml:61(command)
5864
5889
msgid "man sudo"
5865
5890
msgstr ""
5866
5891
5874
5899
"<emphasis>sudo</emphasis> group."
5875
5900
msgstr ""
5876
5901
5877
#: serverguide/C/security.xml:82(title)
5902
#: serverguide/C/security.xml:71(title)
5878
5903
msgid "Adding and Deleting Users"
5879
5904
msgstr ""
5880
5905
5881
#: serverguide/C/security.xml:83(para)
5906
#: serverguide/C/security.xml:72(para)
5882
5907
msgid ""
5883
5908
"The process for managing local users and groups is straight forward and "
5884
5909
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5886
5911
"package for account management."
5887
5912
msgstr ""
5888
5913
5889
#: serverguide/C/security.xml:88(para)
5914
#: serverguide/C/security.xml:77(para)
5890
5915
msgid ""
5891
5916
"To add a user account, use the following syntax, and follow the prompts to "
5892
5917
"give the account a password and identifiable characteristics such as a full "
5893
5918
"name, phone number, etc."
5894
5919
msgstr ""
5895
5920
5896
#: serverguide/C/security.xml:92(command)
5921
#: serverguide/C/security.xml:81(command)
5897
5922
msgid "sudo adduser username"
5898
5923
msgstr ""
5899
5924
5900
#: serverguide/C/security.xml:96(para)
5925
#: serverguide/C/security.xml:85(para)
5901
5926
msgid ""
5902
5927
"To delete a user account and its primary group, use the following syntax:"
5903
5928
msgstr ""
5904
5929
5905
#: serverguide/C/security.xml:100(command)
5930
#: serverguide/C/security.xml:89(command)
5906
5931
msgid "sudo deluser username"
5907
5932
msgstr ""
5908
5933
5909
#: serverguide/C/security.xml:102(para)
5934
#: serverguide/C/security.xml:91(para)
5910
5935
msgid ""
5911
5936
"Deleting an account does not remove their respective home folder. It is up "
5912
5937
"to you whether or not you wish to delete the folder manually or keep it "
5913
5938
"according to your desired retention policies."
5914
5939
msgstr ""
5915
5940
5916
#: serverguide/C/security.xml:105(para)
5941
#: serverguide/C/security.xml:94(para)
5917
5942
msgid ""
5918
5943
"Remember, any user added later on with the same UID/GID as the previous "
5919
5944
"owner will now have access to this folder if you have not taken the "
5920
5945
"necessary precautions."
5921
5946
msgstr ""
5922
5947
5923
#: serverguide/C/security.xml:108(para)
5948
#: serverguide/C/security.xml:97(para)
5924
5949
msgid ""
5925
5950
"You may want to change these UID/GID values to something more appropriate, "
5926
5951
"such as the root account, and perhaps even relocate the folder to avoid "
5927
5952
"future conflicts:"
5928
5953
msgstr ""
5929
5954
5930
#: serverguide/C/security.xml:112(command)
5955
#: serverguide/C/security.xml:101(command)
5931
5956
msgid "sudo chown -R root:root /home/username/"
5932
5957
msgstr ""
5933
5958
5934
#: serverguide/C/security.xml:113(command)
5959
#: serverguide/C/security.xml:102(command)
5935
5960
msgid "sudo mkdir /home/archived_users/"
5936
5961
msgstr ""
5937
5962
5938
#: serverguide/C/security.xml:114(command)
5963
#: serverguide/C/security.xml:103(command)
5939
5964
msgid "sudo mv /home/username /home/archived_users/"
5940
5965
msgstr ""
5941
5966
5942
#: serverguide/C/security.xml:118(para)
5967
#: serverguide/C/security.xml:107(para)
5943
5968
msgid ""
5944
5969
"To temporarily lock or unlock a user account, use the following syntax, "
5945
5970
"respectively:"
5946
5971
msgstr ""
5947
5972
5948
#: serverguide/C/security.xml:122(command)
5973
#: serverguide/C/security.xml:111(command)
5949
5974
msgid "sudo passwd -l username"
5950
5975
msgstr ""
5951
5976
5952
#: serverguide/C/security.xml:123(command)
5977
#: serverguide/C/security.xml:112(command)
5953
5978
msgid "sudo passwd -u username"
5954
5979
msgstr ""
5955
5980
5956
#: serverguide/C/security.xml:127(para)
5981
#: serverguide/C/security.xml:116(para)
5957
5982
msgid ""
5958
5983
"To add or delete a personalized group, use the following syntax, "
5959
5984
"respectively:"
5960
5985
msgstr ""
5961
5986
5962
#: serverguide/C/security.xml:131(command)
5987
#: serverguide/C/security.xml:120(command)
5963
5988
msgid "sudo addgroup groupname"
5964
5989
msgstr ""
5965
5990
5966
#: serverguide/C/security.xml:132(command)
5991
#: serverguide/C/security.xml:121(command)
5967
5992
msgid "sudo delgroup groupname"
5968
5993
msgstr ""
5969
5994
5970
#: serverguide/C/security.xml:136(para)
5995
#: serverguide/C/security.xml:125(para)
5971
5996
msgid "To add a user to a group, use the following syntax:"
5972
5997
msgstr ""
5973
5998
5974
#: serverguide/C/security.xml:140(command)
5999
#: serverguide/C/security.xml:129(command)
5975
6000
msgid "sudo adduser username groupname"
5976
6001
msgstr ""
5977
6002
5978
#: serverguide/C/security.xml:147(title)
6003
#: serverguide/C/security.xml:136(title)
5979
6004
msgid "User Profile Security"
5980
6005
msgstr ""
5981
6006
5982
#: serverguide/C/security.xml:148(para)
6007
#: serverguide/C/security.xml:137(para)
5983
6008
msgid ""
5984
6009
"When a new user is created, the adduser utility creates a brand new home "
5985
6010
"directory named <filename class=\"directory\">/home/username</filename>, "
5988
6013
"includes all profile basics."
5989
6014
msgstr ""
5990
6015
5991
#: serverguide/C/security.xml:151(para)
6016
#: serverguide/C/security.xml:140(para)
5992
6017
msgid ""
5993
6018
"If your server will be home to multiple users, you should pay close "
5994
6019
"attention to the user home directory permissions to ensure confidentiality. "
5998
6023
"your environment."
5999
6024
msgstr ""
6000
6025
6001
#: serverguide/C/security.xml:156(para)
6026
#: serverguide/C/security.xml:145(para)
6002
6027
msgid ""
6003
6028
"To verify your current users home directory permissions, use the following "
6004
6029
"syntax:"
6005
6030
msgstr ""
6006
6031
6007
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6032
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6008
6033
msgid "ls -ld /home/username"
6009
6034
msgstr ""
6010
6035
6011
#: serverguide/C/security.xml:162(para)
6036
#: serverguide/C/security.xml:151(para)
6012
6037
msgid ""
6013
6038
"The following output shows that the directory <filename "
6014
6039
"class=\"directory\">/home/username</filename> has world readable permissions:"
6015
6040
msgstr ""
6016
6041
6017
#: serverguide/C/security.xml:165(computeroutput)
6042
#: serverguide/C/security.xml:154(computeroutput)
6018
6043
#, no-wrap
6019
6044
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6020
6045
msgstr ""
6021
6046
6022
#: serverguide/C/security.xml:169(para)
6047
#: serverguide/C/security.xml:158(para)
6023
6048
msgid ""
6024
6049
"You can remove the world readable permissions using the following syntax:"
6025
6050
msgstr ""
6026
6051
6027
#: serverguide/C/security.xml:173(command)
6052
#: serverguide/C/security.xml:162(command)
6028
6053
msgid "sudo chmod 0750 /home/username"
6029
6054
msgstr ""
6030
6055
6031
#: serverguide/C/security.xml:176(para)
6056
#: serverguide/C/security.xml:165(para)
6032
6057
msgid ""
6033
6058
"Some people tend to use the recursive option (-R) indiscriminately which "
6034
6059
"modifies all child folders and files, but this is not necessary, and may "
6036
6061
"for preventing unauthorized access to anything below the parent."
6037
6062
msgstr ""
6038
6063
6039
#: serverguide/C/security.xml:180(para)
6064
#: serverguide/C/security.xml:169(para)
6040
6065
msgid ""
6041
6066
"A much more efficient approach to the matter would be to modify the "
6042
6067
"<application>adduser</application> global default permissions when creating "
6046
6071
"new home directories will receive the correct permissions."
6047
6072
msgstr ""
6048
6073
6049
#: serverguide/C/security.xml:183(programlisting)
6074
#: serverguide/C/security.xml:172(programlisting)
6050
6075
#, no-wrap
6051
6076
msgid ""
6052
6077
"\n"
6053
6078
"DIR_MODE=0750\n"
6054
6079
msgstr ""
6055
6080
6056
#: serverguide/C/security.xml:188(para)
6081
#: serverguide/C/security.xml:177(para)
6057
6082
msgid ""
6058
6083
"After correcting the directory permissions using any of the previously "
6059
6084
"mentioned techniques, verify the results using the following syntax:"
6060
6085
msgstr ""
6061
6086
6062
#: serverguide/C/security.xml:194(para)
6087
#: serverguide/C/security.xml:183(para)
6063
6088
msgid ""
6064
6089
"The results below show that world readable permissions have been removed:"
6065
6090
msgstr ""
6066
6091
6067
#: serverguide/C/security.xml:197(computeroutput)
6092
#: serverguide/C/security.xml:186(computeroutput)
6068
6093
#, no-wrap
6069
6094
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6070
6095
msgstr ""
6071
6096
6072
#: serverguide/C/security.xml:204(title)
6097
#: serverguide/C/security.xml:193(title)
6073
6098
msgid "Password Policy"
6074
6099
msgstr ""
6075
6100
6076
#: serverguide/C/security.xml:205(para)
6101
#: serverguide/C/security.xml:194(para)
6077
6102
msgid ""
6078
6103
"A strong password policy is one of the most important aspects of your "
6079
6104
"security posture. Many successful security breaches involve simple brute "
6083
6108
"password lifetimes, and frequent audits of your authentication systems."
6084
6109
msgstr ""
6085
6110
6086
#: serverguide/C/security.xml:209(title)
6111
#: serverguide/C/security.xml:198(title)
6087
6112
msgid "Minimum Password Length"
6088
6113
msgstr ""
6089
6114
6090
#: serverguide/C/security.xml:210(para)
6115
#: serverguide/C/security.xml:199(para)
6091
6116
msgid ""
6092
6117
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6093
6118
"well as some basic entropy checks. These values are controlled in the file "
6101
6126
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6102
6127
msgstr ""
6103
6128
6104
#: serverguide/C/security.xml:216(para)
6129
#: serverguide/C/security.xml:205(para)
6105
6130
msgid ""
6106
6131
"If you would like to adjust the minimum length to 8 characters, change the "
6107
6132
"appropriate variable to min=8. The modification is outlined below."
6115
6140
"minlen=8\n"
6116
6141
msgstr ""
6117
6142
6118
#: serverguide/C/security.xml:223(para)
6143
#: serverguide/C/security.xml:212(para)
6119
6144
msgid ""
6120
6145
"Basic password entropy checks and minimum length rules do not apply to the "
6121
6146
"administrator using sudo level commands to setup a new user."
6122
6147
msgstr ""
6123
6148
6124
#: serverguide/C/security.xml:229(title)
6149
#: serverguide/C/security.xml:218(title)
6125
6150
msgid "Password Expiration"
6126
6151
msgstr ""
6127
6152
6128
#: serverguide/C/security.xml:230(para)
6153
#: serverguide/C/security.xml:219(para)
6129
6154
msgid ""
6130
6155
"When creating user accounts, you should make it a policy to have a minimum "
6131
6156
"and maximum password age forcing users to change their passwords when they "
6132
6157
"expire."
6133
6158
msgstr ""
6134
6159
6135
#: serverguide/C/security.xml:235(para)
6160
#: serverguide/C/security.xml:224(para)
6136
6161
msgid ""
6137
6162
"To easily view the current status of a user account, use the following "
6138
6163
"syntax:"
6139
6164
msgstr ""
6140
6165
6141
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6166
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6142
6167
msgid "sudo chage -l username"
6143
6168
msgstr ""
6144
6169
6145
#: serverguide/C/security.xml:241(para)
6170
#: serverguide/C/security.xml:230(para)
6146
6171
msgid ""
6147
6172
"The output below shows interesting facts about the user account, namely that "
6148
6173
"there are no policies applied:"
6149
6174
msgstr ""
6150
6175
6151
#: serverguide/C/security.xml:244(computeroutput)
6176
#: serverguide/C/security.xml:233(computeroutput)
6152
6177
#, no-wrap
6153
6178
msgid ""
6154
6179
"Last password change : Jan 20, 2008\n"
6160
6185
"Number of days of warning before password expires : 7"
6161
6186
msgstr ""
6162
6187
6163
#: serverguide/C/security.xml:254(para)
6188
#: serverguide/C/security.xml:243(para)
6164
6189
msgid ""
6165
6190
"To set any of these values, simply use the following syntax, and follow the "
6166
6191
"interactive prompts:"
6167
6192
msgstr ""
6168
6193
6169
#: serverguide/C/security.xml:258(command)
6194
#: serverguide/C/security.xml:247(command)
6170
6195
msgid "sudo chage username"
6171
6196
msgstr ""
6172
6197
6173
#: serverguide/C/security.xml:260(para)
6198
#: serverguide/C/security.xml:249(para)
6174
6199
msgid ""
6175
6200
"The following is also an example of how you can manually change the explicit "
6176
6201
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6179
6204
"password expiration."
6180
6205
msgstr ""
6181
6206
6182
#: serverguide/C/security.xml:264(command)
6207
#: serverguide/C/security.xml:253(command)
6183
6208
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6184
6209
msgstr ""
6185
6210
6186
#: serverguide/C/security.xml:268(para)
6211
#: serverguide/C/security.xml:257(para)
6187
6212
msgid "To verify changes, use the same syntax as mentioned previously:"
6188
6213
msgstr ""
6189
6214
6190
#: serverguide/C/security.xml:274(para)
6215
#: serverguide/C/security.xml:263(para)
6191
6216
msgid ""
6192
6217
"The output below shows the new policies that have been established for the "
6193
6218
"account:"
6194
6219
msgstr ""
6195
6220
6196
#: serverguide/C/security.xml:277(computeroutput)
6221
#: serverguide/C/security.xml:266(computeroutput)
6197
6222
#, no-wrap
6198
6223
msgid ""
6199
6224
"Last password change : Jan 20, 2008\n"
6205
6230
"Number of days of warning before password expires : 14"
6206
6231
msgstr ""
6207
6232
6208
#: serverguide/C/security.xml:293(title)
6233
#: serverguide/C/security.xml:282(title)
6209
6234
msgid "Other Security Considerations"
6210
6235
msgstr ""
6211
6236
6212
#: serverguide/C/security.xml:294(para)
6237
#: serverguide/C/security.xml:283(para)
6213
6238
msgid ""
6214
6239
"Many applications use alternate authentication mechanisms that can be easily "
6215
6240
"overlooked by even experienced system administrators. Therefore, it is "
6217
6242
"to services and applications on your server."
6218
6243
msgstr ""
6219
6244
6220
#: serverguide/C/security.xml:299(title)
6245
#: serverguide/C/security.xml:288(title)
6221
6246
msgid "SSH Access by Disabled Users"
6222
6247
msgstr ""
6223
6248
6224
#: serverguide/C/security.xml:300(para)
6249
#: serverguide/C/security.xml:289(para)
6225
6250
msgid ""
6226
6251
"Simply disabling/locking a user account will not prevent a user from logging "
6227
6252
"into your server remotely if they have previously set up RSA public key "
6231
6256
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6232
6257
msgstr ""
6233
6258
6234
#: serverguide/C/security.xml:303(para)
6259
#: serverguide/C/security.xml:292(para)
6235
6260
msgid ""
6236
6261
"Remove or rename the directory <filename "
6237
6262
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6238
6263
"further SSH authentication capabilities."
6239
6264
msgstr ""
6240
6265
6241
#: serverguide/C/security.xml:306(para)
6266
#: serverguide/C/security.xml:295(para)
6242
6267
msgid ""
6243
6268
"Be sure to check for any established SSH connections by the disabled user, "
6244
6269
"as it is possible they may have existing inbound or outbound connections. "
6261
6286
"<placeholder-2/>\n"
6262
6287
msgstr ""
6263
6288
6264
#: serverguide/C/security.xml:313(para)
6289
#: serverguide/C/security.xml:298(para)
6265
6290
msgid ""
6266
6291
"Restrict SSH access to only user accounts that should have it. For example, "
6267
6292
"you may create a group called \"sshlogin\" and add the group name as the "
6269
6294
"the file <filename>/etc/ssh/sshd_config</filename>."
6270
6295
msgstr ""
6271
6296
6272
#: serverguide/C/security.xml:316(programlisting)
6297
#: serverguide/C/security.xml:301(programlisting)
6273
6298
#, no-wrap
6274
6299
msgid ""
6275
6300
"\n"
6276
6301
"AllowGroups sshlogin\n"
6277
6302
msgstr ""
6278
6303
6279
#: serverguide/C/security.xml:319(para)
6304
#: serverguide/C/security.xml:304(para)
6280
6305
msgid ""
6281
6306
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6282
6307
"SSH service."
6283
6308
msgstr ""
6284
6309
6285
#: serverguide/C/security.xml:323(command)
6310
#: serverguide/C/security.xml:308(command)
6286
6311
msgid "sudo adduser username sshlogin"
6287
6312
msgstr ""
6288
6313
6289
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6314
#: serverguide/C/security.xml:309(command)
6290
6315
msgid "sudo service ssh restart"
6291
6316
msgstr ""
6292
6317
6293
#: serverguide/C/security.xml:328(title)
6318
#: serverguide/C/security.xml:313(title)
6294
6319
msgid "External User Database Authentication"
6295
6320
msgstr ""
6296
6321
6297
#: serverguide/C/security.xml:329(para)
6322
#: serverguide/C/security.xml:314(para)
6298
6323
msgid ""
6299
6324
"Most enterprise networks require centralized authentication and access "
6300
6325
"controls for all system resources. If you have configured your server to "
6303
6328
"fallback authentication is not possible."
6304
6329
msgstr ""
6305
6330
6306
#: serverguide/C/security.xml:338(title)
6331
#: serverguide/C/security.xml:323(title)
6307
6332
msgid "Console Security"
6308
6333
msgstr ""
6309
6334
6310
#: serverguide/C/security.xml:339(para)
6335
#: serverguide/C/security.xml:324(para)
6311
6336
msgid ""
6312
6337
"As with any other security barrier you put in place to protect your server, "
6313
6338
"it is pretty tough to defend against untold damage caused by someone with "
6319
6344
"basic precautions with regard to console security."
6320
6345
msgstr ""
6321
6346
6322
#: serverguide/C/security.xml:342(para)
6347
#: serverguide/C/security.xml:327(para)
6323
6348
msgid ""
6324
6349
"The following instructions will help defend your server against issues that "
6325
6350
"could otherwise yield very serious consequences."
6326
6351
msgstr ""
6327
6352
6328
#: serverguide/C/security.xml:347(title)
6353
#: serverguide/C/security.xml:332(title)
6329
6354
msgid "Disable Ctrl+Alt+Delete"
6330
6355
msgstr ""
6331
6356
6332
#: serverguide/C/security.xml:348(para)
6357
#: serverguide/C/security.xml:333(para)
6333
6358
msgid ""
6334
6359
"First and foremost, anyone that has physical access to the keyboard can "
6335
6360
"simply use the "
6341
6366
"prevent accidental reboots at the same time."
6342
6367
msgstr ""
6343
6368
6344
#: serverguide/C/security.xml:353(para)
6369
#: serverguide/C/security.xml:338(para)
6345
6370
msgid ""
6346
6371
"To disable the reboot action taken by pressing the "
6347
6372
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6349
6374
"<filename>/etc/init/control-alt-delete.conf</filename>."
6350
6375
msgstr ""
6351
6376
6352
#: serverguide/C/security.xml:356(programlisting)
6377
#: serverguide/C/security.xml:341(programlisting)
6353
6378
#, no-wrap
6354
6379
msgid ""
6355
6380
"\n"
6356
6381
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6357
6382
msgstr ""
6358
6383
6359
#: serverguide/C/security.xml:365(title)
6384
#: serverguide/C/security.xml:350(title)
6360
6385
msgid "Firewall"
6361
6386
msgstr ""
6362
6387
6363
#: serverguide/C/security.xml:368(para)
6388
#: serverguide/C/security.xml:353(para)
6364
6389
msgid ""
6365
6390
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6366
6391
"which is used to manipulate or decide the fate of network traffic headed "
6368
6393
"system for packet filtering."
6369
6394
msgstr ""
6370
6395
6371
#: serverguide/C/security.xml:373(para)
6396
#: serverguide/C/security.xml:358(para)
6372
6397
msgid ""
6373
6398
"The kernel's packet filtering system would be of little use to "
6374
6399
"administrators without a userspace interface to manage it. This is the "
6379
6404
"but many frontends are available to simplify the task."
6380
6405
msgstr ""
6381
6406
6382
#: serverguide/C/security.xml:383(title)
6407
#: serverguide/C/security.xml:368(title)
6383
6408
msgid "ufw - Uncomplicated Firewall"
6384
6409
msgstr ""
6385
6410
6386
#: serverguide/C/security.xml:384(para)
6411
#: serverguide/C/security.xml:369(para)
6387
6412
msgid ""
6388
6413
"The default firewall configuration tool for Ubuntu is "
6389
6414
"<application>ufw</application>. Developed to ease iptables firewall "
6391
6416
"to create an IPv4 or IPv6 host-based firewall."
6392
6417
msgstr ""
6393
6418
6394
#: serverguide/C/security.xml:388(para)
6419
#: serverguide/C/security.xml:373(para)
6395
6420
msgid ""
6396
6421
"<application>ufw</application> by default is initially disabled. From the "
6397
6422
"<application>ufw</application> man page:"
6398
6423
msgstr ""
6399
6424
6400
#: serverguide/C/security.xml:392(quote)
6425
#: serverguide/C/security.xml:377(quote)
6401
6426
msgid ""
6402
6427
"ufw is not intended to provide complete firewall functionality via its "
6403
6428
"command interface, but instead provides an easy way to add or remove simple "
6404
6429
"rules. It is currently mainly used for host-based firewalls."
6405
6430
msgstr ""
6406
6431
6407
#: serverguide/C/security.xml:396(para)
6432
#: serverguide/C/security.xml:381(para)
6408
6433
msgid ""
6409
6434
"The following are some examples of how to use <application>ufw</application>:"
6410
6435
msgstr ""
6411
6436
6412
#: serverguide/C/security.xml:401(para)
6437
#: serverguide/C/security.xml:386(para)
6413
6438
msgid ""
6414
6439
"First, <application>ufw</application> needs to be enabled. From a terminal "
6415
6440
"prompt enter:"
6416
6441
msgstr ""
6417
6442
6418
#: serverguide/C/security.xml:405(command)
6443
#: serverguide/C/security.xml:390(command)
6419
6444
msgid "sudo ufw enable"
6420
6445
msgstr ""
6421
6446
6422
#: serverguide/C/security.xml:409(para)
6447
#: serverguide/C/security.xml:394(para)
6423
6448
msgid "To open a port (ssh in this example):"
6424
6449
msgstr ""
6425
6450
6426
#: serverguide/C/security.xml:413(command)
6451
#: serverguide/C/security.xml:398(command)
6427
6452
msgid "sudo ufw allow 22"
6428
6453
msgstr ""
6429
6454
6430
#: serverguide/C/security.xml:417(para)
6455
#: serverguide/C/security.xml:402(para)
6431
6456
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6432
6457
msgstr ""
6433
6458
6434
#: serverguide/C/security.xml:421(command)
6459
#: serverguide/C/security.xml:406(command)
6435
6460
msgid "sudo ufw insert 1 allow 80"
6436
6461
msgstr ""
6437
6462
6438
#: serverguide/C/security.xml:425(para)
6463
#: serverguide/C/security.xml:410(para)
6439
6464
msgid "Similarly, to close an opened port:"
6440
6465
msgstr ""
6441
6466
6442
#: serverguide/C/security.xml:429(command)
6467
#: serverguide/C/security.xml:414(command)
6443
6468
msgid "sudo ufw deny 22"
6444
6469
msgstr ""
6445
6470
6446
#: serverguide/C/security.xml:433(para)
6471
#: serverguide/C/security.xml:418(para)
6447
6472
msgid "To remove a rule, use delete followed by the rule:"
6448
6473
msgstr ""
6449
6474
6450
#: serverguide/C/security.xml:437(command)
6475
#: serverguide/C/security.xml:422(command)
6451
6476
msgid "sudo ufw delete deny 22"
6452
6477
msgstr ""
6453
6478
6454
#: serverguide/C/security.xml:441(para)
6479
#: serverguide/C/security.xml:426(para)
6455
6480
msgid ""
6456
6481
"It is also possible to allow access from specific hosts or networks to a "
6457
6482
"port. The following example allows ssh access from host 192.168.0.2 to any "
6458
6483
"ip address on this host:"
6459
6484
msgstr ""
6460
6485
6461
#: serverguide/C/security.xml:446(command)
6486
#: serverguide/C/security.xml:431(command)
6462
6487
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6463
6488
msgstr ""
6464
6489
6465
#: serverguide/C/security.xml:448(para)
6490
#: serverguide/C/security.xml:433(para)
6466
6491
msgid ""
6467
6492
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6468
6493
"subnet."
6469
6494
msgstr ""
6470
6495
6471
#: serverguide/C/security.xml:454(para)
6496
#: serverguide/C/security.xml:439(para)
6472
6497
msgid ""
6473
6498
"Adding the <emphasis>--dry-run</emphasis> option to a "
6474
6499
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6476
6501
"the HTTP port:"
6477
6502
msgstr ""
6478
6503
6479
#: serverguide/C/security.xml:460(command)
6504
#: serverguide/C/security.xml:445(command)
6480
6505
msgid "sudo ufw --dry-run allow http"
6481
6506
msgstr ""
6482
6507
6483
#: serverguide/C/security.xml:464(computeroutput)
6508
#: serverguide/C/security.xml:449(computeroutput)
6484
6509
#, no-wrap
6485
6510
msgid ""
6486
6511
"*filter\n"
6506
6531
"Rules updated"
6507
6532
msgstr ""
6508
6533
6509
#: serverguide/C/security.xml:488(para)
6534
#: serverguide/C/security.xml:473(para)
6510
6535
msgid "<application>ufw</application> can be disabled by:"
6511
6536
msgstr ""
6512
6537
6513
#: serverguide/C/security.xml:492(command)
6538
#: serverguide/C/security.xml:477(command)
6514
6539
msgid "sudo ufw disable"
6515
6540
msgstr ""
6516
6541
6517
#: serverguide/C/security.xml:496(para)
6542
#: serverguide/C/security.xml:481(para)
6518
6543
msgid "To see the firewall status, enter:"
6519
6544
msgstr ""
6520
6545
6521
#: serverguide/C/security.xml:500(command)
6546
#: serverguide/C/security.xml:485(command)
6522
6547
msgid "sudo ufw status"
6523
6548
msgstr ""
6524
6549
6525
#: serverguide/C/security.xml:504(para)
6550
#: serverguide/C/security.xml:489(para)
6526
6551
msgid "And for more verbose status information use:"
6527
6552
msgstr ""
6528
6553
6529
#: serverguide/C/security.xml:508(command)
6554
#: serverguide/C/security.xml:493(command)
6530
6555
msgid "sudo ufw status verbose"
6531
6556
msgstr ""
6532
6557
6533
#: serverguide/C/security.xml:512(para)
6558
#: serverguide/C/security.xml:497(para)
6534
6559
msgid "To view the <emphasis>numbered</emphasis> format:"
6535
6560
msgstr ""
6536
6561
6537
#: serverguide/C/security.xml:516(command)
6562
#: serverguide/C/security.xml:501(command)
6538
6563
msgid "sudo ufw status numbered"
6539
6564
msgstr ""
6540
6565
6541
#: serverguide/C/security.xml:521(para)
6566
#: serverguide/C/security.xml:506(para)
6542
6567
msgid ""
6543
6568
"If the port you want to open or close is defined in "
6544
6569
"<filename>/etc/services</filename>, you can use the port name instead of the "
6546
6571
"<emphasis>ssh</emphasis>."
6547
6572
msgstr ""
6548
6573
6549
#: serverguide/C/security.xml:527(para)
6574
#: serverguide/C/security.xml:512(para)
6550
6575
msgid ""
6551
6576
"This is a quick introduction to using <application>ufw</application>. Please "
6552
6577
"refer to the <application>ufw</application> man page for more information."
6553
6578
msgstr ""
6554
6579
6555
#: serverguide/C/security.xml:533(title)
6580
#: serverguide/C/security.xml:518(title)
6556
6581
msgid "ufw Application Integration"
6557
6582
msgstr ""
6558
6583
6559
#: serverguide/C/security.xml:535(para)
6584
#: serverguide/C/security.xml:520(para)
6560
6585
msgid ""
6561
6586
"Applications that open ports can include an <application>ufw</application> "
6562
6587
"profile, which details the ports needed for the application to function "
6565
6590
"the default ports have been changed."
6566
6591
msgstr ""
6567
6592
6568
#: serverguide/C/security.xml:544(para)
6593
#: serverguide/C/security.xml:529(para)
6569
6594
msgid ""
6570
6595
"To view which applications have installed a profile, enter the following in "
6571
6596
"a terminal:"
6572
6597
msgstr ""
6573
6598
6574
#: serverguide/C/security.xml:549(command)
6599
#: serverguide/C/security.xml:534(command)
6575
6600
msgid "sudo ufw app list"
6576
6601
msgstr ""
6577
6602
6578
#: serverguide/C/security.xml:555(para)
6603
#: serverguide/C/security.xml:540(para)
6579
6604
msgid ""
6580
6605
"Similar to allowing traffic to a port, using an application profile is "
6581
6606
"accomplished by entering:"
6582
6607
msgstr ""
6583
6608
6584
#: serverguide/C/security.xml:560(command)
6609
#: serverguide/C/security.xml:545(command)
6585
6610
msgid "sudo ufw allow Samba"
6586
6611
msgstr ""
6587
6612
6588
#: serverguide/C/security.xml:566(para)
6613
#: serverguide/C/security.xml:551(para)
6589
6614
msgid "An extended syntax is available as well:"
6590
6615
msgstr ""
6591
6616
6592
#: serverguide/C/security.xml:571(command)
6617
#: serverguide/C/security.xml:556(command)
6593
6618
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6594
6619
msgstr ""
6595
6620
6596
#: serverguide/C/security.xml:574(para)
6621
#: serverguide/C/security.xml:559(para)
6597
6622
msgid ""
6598
6623
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6599
6624
"with the application profile you are using and the IP range for your network."
6600
6625
msgstr ""
6601
6626
6602
#: serverguide/C/security.xml:580(para)
6627
#: serverguide/C/security.xml:565(para)
6603
6628
msgid ""
6604
6629
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6605
6630
"application, because that information is detailed in the profile. Also, note "
6607
6632
"<emphasis>port</emphasis> number."
6608
6633
msgstr ""
6609
6634
6610
#: serverguide/C/security.xml:589(para)
6635
#: serverguide/C/security.xml:574(para)
6611
6636
msgid ""
6612
6637
"To view details about which ports, protocols, etc are defined for an "
6613
6638
"application, enter:"
6614
6639
msgstr ""
6615
6640
6616
#: serverguide/C/security.xml:594(command)
6641
#: serverguide/C/security.xml:579(command)
6617
6642
msgid "sudo ufw app info Samba"
6618
6643
msgstr ""
6619
6644
6620
#: serverguide/C/security.xml:600(para)
6645
#: serverguide/C/security.xml:585(para)
6621
6646
msgid ""
6622
6647
"Not all applications that require opening a network port come with "
6623
6648
"<application>ufw</application> profiles, but if you have profiled an "
6625
6650
"bug against the package in Launchpad."
6626
6651
msgstr ""
6627
6652
6628
#: serverguide/C/security.xml:606(command)
6653
#: serverguide/C/security.xml:591(command)
6629
6654
msgid "ubuntu-bug nameofpackage"
6630
6655
msgstr ""
6631
6656
6632
#: serverguide/C/security.xml:612(title)
6657
#: serverguide/C/security.xml:597(title)
6633
6658
msgid "IP Masquerading"
6634
6659
msgstr ""
6635
6660
6636
#: serverguide/C/security.xml:613(para)
6661
#: serverguide/C/security.xml:598(para)
6637
6662
msgid ""
6638
6663
"The purpose of IP Masquerading is to allow machines with private, non-"
6639
6664
"routable IP addresses on your network to access the Internet through the "
6650
6675
"to in Microsoft documentation as Internet Connection Sharing."
6651
6676
msgstr ""
6652
6677
6653
#: serverguide/C/security.xml:629(title)
6678
#: serverguide/C/security.xml:614(title)
6654
6679
msgid "ufw Masquerading"
6655
6680
msgstr ""
6656
6681
6657
#: serverguide/C/security.xml:630(para)
6682
#: serverguide/C/security.xml:615(para)
6658
6683
msgid ""
6659
6684
"IP Masquerading can be achieved using custom <application>ufw</application> "
6660
6685
"rules. This is possible because the current back-end for "
6665
6690
"that are more network gateway or bridge related."
6666
6691
msgstr ""
6667
6692
6668
#: serverguide/C/security.xml:636(para)
6693
#: serverguide/C/security.xml:621(para)
6669
6694
msgid ""
6670
6695
"The rules are split into two different files, rules that should be executed "
6671
6696
"before <application>ufw</application> command line rules, and rules that are "
6672
6697
"executed after <application>ufw</application> command line rules."
6673
6698
msgstr ""
6674
6699
6675
#: serverguide/C/security.xml:642(para)
6700
#: serverguide/C/security.xml:627(para)
6676
6701
msgid ""
6677
6702
"First, packet forwarding needs to be enabled in "
6678
6703
"<application>ufw</application>. Two configuration files will need to be "
6680
6705
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6681
6706
msgstr ""
6682
6707
6683
#: serverguide/C/security.xml:646(programlisting)
6708
#: serverguide/C/security.xml:631(programlisting)
6684
6709
#, no-wrap
6685
6710
msgid ""
6686
6711
"\n"
6687
6712
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6688
6713
msgstr ""
6689
6714
6690
#: serverguide/C/security.xml:649(para)
6715
#: serverguide/C/security.xml:634(para)
6691
6716
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6692
6717
msgstr ""
6693
6718
6694
#: serverguide/C/security.xml:652(programlisting)
6719
#: serverguide/C/security.xml:637(programlisting)
6695
6720
#, no-wrap
6696
6721
msgid ""
6697
6722
"\n"
6698
6723
"net/ipv4/ip_forward=1\n"
6699
6724
msgstr ""
6700
6725
6701
#: serverguide/C/security.xml:655(para)
6726
#: serverguide/C/security.xml:640(para)
6702
6727
msgid "Similarly, for IPv6 forwarding uncomment:"
6703
6728
msgstr ""
6704
6729
6705
#: serverguide/C/security.xml:658(programlisting)
6730
#: serverguide/C/security.xml:643(programlisting)
6706
6731
#, no-wrap
6707
6732
msgid ""
6708
6733
"\n"
6709
6734
"net/ipv6/conf/default/forwarding=1\n"
6710
6735
msgstr ""
6711
6736
6712
#: serverguide/C/security.xml:663(para)
6737
#: serverguide/C/security.xml:648(para)
6713
6738
msgid ""
6714
6739
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6715
6740
"file. The default rules only configure the <emphasis>filter</emphasis> "
6718
6743
"the header comments:"
6719
6744
msgstr ""
6720
6745
6721
#: serverguide/C/security.xml:668(programlisting)
6746
#: serverguide/C/security.xml:653(programlisting)
6722
6747
#, no-wrap
6723
6748
msgid ""
6724
6749
"\n"
6734
6759
"COMMIT\n"
6735
6760
msgstr ""
6736
6761
6737
#: serverguide/C/security.xml:679(para)
6762
#: serverguide/C/security.xml:664(para)
6738
6763
msgid ""
6739
6764
"The comments are not strictly necessary, but it is considered good practice "
6740
6765
"to document your configuration. Also, when modifying any of the "
6743
6768
"line for each table modified:"
6744
6769
msgstr ""
6745
6770
6746
#: serverguide/C/security.xml:685(programlisting)
6771
#: serverguide/C/security.xml:670(programlisting)
6747
6772
#, no-wrap
6748
6773
msgid ""
6749
6774
"\n"
6751
6776
"COMMIT\n"
6752
6777
msgstr ""
6753
6778
6754
#: serverguide/C/security.xml:690(para)
6779
#: serverguide/C/security.xml:675(para)
6755
6780
msgid ""
6756
6781
"For each <emphasis>Table</emphasis> a corresponding "
6757
6782
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6760
6785
"<emphasis>mangle</emphasis> tables."
6761
6786
msgstr ""
6762
6787
6763
#: serverguide/C/security.xml:697(para)
6788
#: serverguide/C/security.xml:682(para)
6764
6789
msgid ""
6765
6790
"In the above example replace <emphasis>eth0</emphasis>, "
6766
6791
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6767
6792
"appropriate interfaces and IP range for your network."
6768
6793
msgstr ""
6769
6794
6770
#: serverguide/C/security.xml:705(para)
6795
#: serverguide/C/security.xml:690(para)
6771
6796
msgid ""
6772
6797
"Finally, disable and re-enable <application>ufw</application> to apply the "
6773
6798
"changes:"
6774
6799
msgstr ""
6775
6800
6776
#: serverguide/C/security.xml:709(command)
6801
#: serverguide/C/security.xml:694(command)
6777
6802
msgid "sudo ufw disable && sudo ufw enable"
6778
6803
msgstr ""
6779
6804
6780
#: serverguide/C/security.xml:713(para)
6805
#: serverguide/C/security.xml:698(para)
6781
6806
msgid ""
6782
6807
"IP Masquerading should now be enabled. You can also add any additional "
6783
6808
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6785
6810
"forward</emphasis> chain."
6786
6811
msgstr ""
6787
6812
6788
#: serverguide/C/security.xml:720(title)
6813
#: serverguide/C/security.xml:705(title)
6789
6814
msgid "iptables Masquerading"
6790
6815
msgstr ""
6791
6816
6792
#: serverguide/C/security.xml:721(para)
6817
#: serverguide/C/security.xml:706(para)
6793
6818
msgid ""
6794
6819
"<application>iptables</application> can also be used to enable Masquerading."
6795
6820
msgstr ""
6796
6821
6797
#: serverguide/C/security.xml:726(para)
6822
#: serverguide/C/security.xml:711(para)
6798
6823
msgid ""
6799
6824
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6800
6825
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6801
6826
"uncomment the following line"
6802
6827
msgstr ""
6803
6828
6804
#: serverguide/C/security.xml:730(programlisting)
6829
#: serverguide/C/security.xml:715(programlisting)
6805
6830
#, no-wrap
6806
6831
msgid ""
6807
6832
"\n"
6808
6833
"net.ipv4.ip_forward=1\n"
6809
6834
msgstr ""
6810
6835
6811
#: serverguide/C/security.xml:733(para)
6836
#: serverguide/C/security.xml:718(para)
6812
6837
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6813
6838
msgstr ""
6814
6839
6815
#: serverguide/C/security.xml:736(programlisting)
6840
#: serverguide/C/security.xml:721(programlisting)
6816
6841
#, no-wrap
6817
6842
msgid ""
6818
6843
"\n"
6819
6844
"net.ipv6.conf.default.forwarding=1\n"
6820
6845
msgstr ""
6821
6846
6822
#: serverguide/C/security.xml:741(para)
6847
#: serverguide/C/security.xml:726(para)
6823
6848
msgid ""
6824
6849
"Next, execute the <application>sysctl</application> command to enable the "
6825
6850
"new settings in the configuration file:"
6826
6851
msgstr ""
6827
6852
6828
#: serverguide/C/security.xml:745(command)
6853
#: serverguide/C/security.xml:730(command)
6829
6854
msgid "sudo sysctl -p"
6830
6855
msgstr ""
6831
6856
6832
#: serverguide/C/security.xml:749(para)
6857
#: serverguide/C/security.xml:734(para)
6833
6858
msgid ""
6834
6859
"IP Masquerading can now be accomplished with a single iptables rule, which "
6835
6860
"may differ slightly based on your network configuration:"
6836
6861
msgstr ""
6837
6862
6838
#: serverguide/C/security.xml:752(screen)
6863
#: serverguide/C/security.xml:737(screen)
6839
6864
#, no-wrap
6840
6865
msgid ""
6841
6866
"\n"
6842
6867
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6843
6868
msgstr ""
6844
6869
6845
#: serverguide/C/security.xml:755(para)
6870
#: serverguide/C/security.xml:740(para)
6846
6871
msgid ""
6847
6872
"The above command assumes that your private address space is 192.168.0.0/16 "
6848
6873
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6849
6874
"follows:"
6850
6875
msgstr ""
6851
6876
6852
#: serverguide/C/security.xml:760(para)
6877
#: serverguide/C/security.xml:745(para)
6853
6878
msgid "-t nat -- the rule is to go into the nat table"
6854
6879
msgstr ""
6855
6880
6856
#: serverguide/C/security.xml:761(para)
6881
#: serverguide/C/security.xml:746(para)
6857
6882
msgid ""
6858
6883
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6859
6884
msgstr ""
6860
6885
6861
#: serverguide/C/security.xml:762(para)
6886
#: serverguide/C/security.xml:747(para)
6862
6887
msgid ""
6863
6888
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6864
6889
"specified address space"
6865
6890
msgstr ""
6866
6891
6867
#: serverguide/C/security.xml:763(para)
6892
#: serverguide/C/security.xml:748(para)
6868
6893
msgid ""
6869
6894
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6870
6895
"specified network device"
6871
6896
msgstr ""
6872
6897
6873
#: serverguide/C/security.xml:765(para)
6898
#: serverguide/C/security.xml:750(para)
6874
6899
msgid ""
6875
6900
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6876
6901
"MASQUERADE target to be manipulated as described above"
6877
6902
msgstr ""
6878
6903
6879
#: serverguide/C/security.xml:773(para)
6904
#: serverguide/C/security.xml:758(para)
6880
6905
msgid ""
6881
6906
"Also, each chain in the filter table (the default table, and where most or "
6882
6907
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6886
6911
"above rule to work:"
6887
6912
msgstr ""
6888
6913
6889
#: serverguide/C/security.xml:780(screen)
6914
#: serverguide/C/security.xml:765(screen)
6890
6915
#, no-wrap
6891
6916
msgid ""
6892
6917
"\n"
6895
6920
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6896
6921
msgstr ""
6897
6922
6898
#: serverguide/C/security.xml:785(para)
6923
#: serverguide/C/security.xml:770(para)
6899
6924
msgid ""
6900
6925
"The above commands will allow all connections from your local network to the "
6901
6926
"Internet and all traffic related to those connections to return to the "
6902
6927
"machine that initiated them."
6903
6928
msgstr ""
6904
6929
6905
#: serverguide/C/security.xml:792(para)
6930
#: serverguide/C/security.xml:777(para)
6906
6931
msgid ""
6907
6932
"If you want masquerading to be enabled on reboot, which you probably do, "
6908
6933
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6909
6934
"example add the first command with no filtering:"
6910
6935
msgstr ""
6911
6936
6912
#: serverguide/C/security.xml:796(screen)
6937
#: serverguide/C/security.xml:781(screen)
6913
6938
#, no-wrap
6914
6939
msgid ""
6915
6940
"\n"
6916
6941
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6917
6942
msgstr ""
6918
6943
6919
#: serverguide/C/security.xml:804(title)
6944
#: serverguide/C/security.xml:789(title)
6920
6945
msgid "Logs"
6921
6946
msgstr ""
6922
6947
6923
#: serverguide/C/security.xml:805(para)
6948
#: serverguide/C/security.xml:790(para)
6924
6949
msgid ""
6925
6950
"Firewall logs are essential for recognizing attacks, troubleshooting your "
6926
6951
"firewall rules, and noticing unusual activity on your network. You must "
6930
6955
"REJECT)."
6931
6956
msgstr ""
6932
6957
6933
#: serverguide/C/security.xml:812(para)
6958
#: serverguide/C/security.xml:797(para)
6934
6959
msgid ""
6935
6960
"If you are using <application>ufw</application>, you can turn on logging by "
6936
6961
"entering the following in a terminal:"
6937
6962
msgstr ""
6938
6963
6939
#: serverguide/C/security.xml:816(command)
6964
#: serverguide/C/security.xml:801(command)
6940
6965
msgid "sudo ufw logging on"
6941
6966
msgstr ""
6942
6967
6943
#: serverguide/C/security.xml:818(para)
6968
#: serverguide/C/security.xml:803(para)
6944
6969
msgid ""
6945
6970
"To turn logging off in <application>ufw</application>, simply replace "
6946
6971
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
6947
6972
"role=\"italic\">off</emphasis> in the above command."
6948
6973
msgstr ""
6949
6974
6950
#: serverguide/C/security.xml:821(para)
6975
#: serverguide/C/security.xml:806(para)
6951
6976
msgid ""
6952
6977
"If using <application>iptables</application> instead of "
6953
6978
"<application>ufw</application>, enter:"
6954
6979
msgstr ""
6955
6980
6956
#: serverguide/C/security.xml:824(screen)
6981
#: serverguide/C/security.xml:809(screen)
6957
6982
#, no-wrap
6958
6983
msgid ""
6959
6984
"\n"
6961
6986
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
6962
6987
msgstr ""
6963
6988
6964
#: serverguide/C/security.xml:828(para)
6989
#: serverguide/C/security.xml:813(para)
6965
6990
msgid ""
6966
6991
"A request on port 80 from the local machine, then, would generate a log in "
6967
6992
"dmesg that looks like this (single line split into 3 to fit this document):"
6977
7002
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
6978
7003
msgstr ""
6979
7004
6980
#: serverguide/C/security.xml:836(para)
7005
#: serverguide/C/security.xml:822(para)
6981
7006
msgid ""
6982
7007
"The above log will also appear in <filename>/var/log/messages</filename>, "
6983
7008
"<filename>/var/log/syslog</filename>, and "
6994
7019
"or <application>lire</application>."
6995
7020
msgstr ""
6996
7021
6997
#: serverguide/C/security.xml:851(title)
7022
#: serverguide/C/security.xml:837(title)
6998
7023
msgid "Other Tools"
6999
7024
msgstr ""
7000
7025
7001
#: serverguide/C/security.xml:852(para)
7026
#: serverguide/C/security.xml:838(para)
7002
7027
msgid ""
7003
7028
"There are many tools available to help you construct a complete firewall "
7004
7029
"without intimate knowledge of iptables. For the GUI-inclined:"
7005
7030
msgstr ""
7006
7031
7007
#: serverguide/C/security.xml:858(para)
7032
#: serverguide/C/security.xml:844(para)
7008
7033
msgid ""
7009
7034
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7010
7035
"and will look familiar to an administrator who has used a commercial "
7011
7036
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7012
7037
msgstr ""
7013
7038
7014
#: serverguide/C/security.xml:864(para)
7039
#: serverguide/C/security.xml:850(para)
7015
7040
msgid ""
7016
7041
"If you prefer a command-line tool with plain-text configuration files:"
7017
7042
msgstr ""
7018
7043
7019
#: serverguide/C/security.xml:869(para)
7044
#: serverguide/C/security.xml:855(para)
7020
7045
msgid ""
7021
7046
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7022
7047
"powerful solution to help you configure an advanced firewall for any network."
7023
7048
msgstr ""
7024
7049
7025
#: serverguide/C/security.xml:880(para)
7050
#: serverguide/C/security.xml:866(para)
7026
7051
msgid ""
7027
7052
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7028
7053
"Firewall</ulink> wiki page contains information on the development of "
7029
7054
"<application>ufw</application>."
7030
7055
msgstr ""
7031
7056
7032
#: serverguide/C/security.xml:886(para)
7057
#: serverguide/C/security.xml:872(para)
7033
7058
msgid ""
7034
7059
"Also, the <application>ufw</application> manual page contains some very "
7035
7060
"useful information: <command>man ufw</command>."
7036
7061
msgstr ""
7037
7062
7038
#: serverguide/C/security.xml:891(para)
7063
#: serverguide/C/security.xml:877(para)
7039
7064
msgid ""
7040
7065
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7041
7066
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7042
7067
"on using <application>iptables</application>."
7043
7068
msgstr ""
7044
7069
7045
#: serverguide/C/security.xml:897(para)
7070
#: serverguide/C/security.xml:883(para)
7046
7071
msgid ""
7047
7072
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7048
7073
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7049
7074
msgstr ""
7050
7075
7051
#: serverguide/C/security.xml:903(para)
7076
#: serverguide/C/security.xml:889(para)
7052
7077
msgid ""
7053
7078
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7054
7079
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7055
7080
msgstr ""
7056
7081
7057
#: serverguide/C/security.xml:911(title)
7082
#: serverguide/C/security.xml:897(title)
7058
7083
msgid "AppArmor"
7059
7084
msgstr ""
7060
7085
7061
#: serverguide/C/security.xml:912(para)
7086
#: serverguide/C/security.xml:898(para)
7062
7087
msgid ""
7063
7088
"<application>AppArmor</application> is a Linux Security Module "
7064
7089
"implementation of name-based mandatory access controls. AppArmor confines "
7066
7091
"capabilities."
7067
7092
msgstr ""
7068
7093
7069
#: serverguide/C/security.xml:916(para)
7094
#: serverguide/C/security.xml:902(para)
7070
7095
msgid ""
7071
7096
"<application>AppArmor</application> is installed and loaded by default. It "
7072
7097
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7075
7100
"<application>apparmor-profiles</application> package."
7076
7101
msgstr ""
7077
7102
7078
#: serverguide/C/security.xml:921(para)
7103
#: serverguide/C/security.xml:907(para)
7079
7104
msgid ""
7080
7105
"To install the <application>apparmor-profiles</application> package from a "
7081
7106
"terminal prompt:"
7082
7107
msgstr ""
7083
7108
7084
#: serverguide/C/security.xml:925(command)
7109
#: serverguide/C/security.xml:911(command)
7085
7110
msgid "sudo apt-get install apparmor-profiles"
7086
7111
msgstr ""
7087
7112
7088
#: serverguide/C/security.xml:927(para)
7113
#: serverguide/C/security.xml:913(para)
7089
7114
msgid "AppArmor profiles have two modes of execution:"
7090
7115
msgstr ""
7091
7116
7092
#: serverguide/C/security.xml:932(para)
7117
#: serverguide/C/security.xml:918(para)
7093
7118
msgid ""
7094
7119
"Complaining/Learning: profile violations are permitted and logged. Useful "
7095
7120
"for testing and developing new profiles."
7096
7121
msgstr ""
7097
7122
7098
#: serverguide/C/security.xml:937(para)
7123
#: serverguide/C/security.xml:923(para)
7099
7124
msgid ""
7100
7125
"Enforced/Confined: enforces profile policy as well as logging the violation."
7101
7126
msgstr ""
7102
7127
7103
#: serverguide/C/security.xml:943(title)
7128
#: serverguide/C/security.xml:929(title)
7104
7129
msgid "Using AppArmor"
7105
7130
msgstr ""
7106
7131
7107
#: serverguide/C/security.xml:944(para)
7132
#: serverguide/C/security.xml:945(para)
7133
msgid ""
7134
"This section is plagued by a bug (<ulink "
7135
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7136
"#1304134</ulink>) and instructions will not work as advertised."
7137
msgstr ""
7138
7139
#: serverguide/C/security.xml:930(para)
7108
7140
msgid ""
7109
7141
"The <application>apparmor-utils</application> package contains command line "
7110
7142
"utilities that you can use to change the <application>AppArmor</application> "
7111
7143
"execution mode, find the status of a profile, create new profiles, etc."
7112
7144
msgstr ""
7113
7145
7114
#: serverguide/C/security.xml:950(para)
7146
#: serverguide/C/security.xml:936(para)
7115
7147
msgid ""
7116
7148
"<application>apparmor_status</application> is used to view the current "
7117
7149
"status of AppArmor profiles."
7118
7150
msgstr ""
7119
7151
7120
#: serverguide/C/security.xml:954(command)
7152
#: serverguide/C/security.xml:940(command)
7121
7153
msgid "sudo apparmor_status"
7122
7154
msgstr ""
7123
7155
7124
#: serverguide/C/security.xml:958(para)
7156
#: serverguide/C/security.xml:944(para)
7125
7157
msgid ""
7126
7158
"<application>aa-complain</application> places a profile into "
7127
7159
"<emphasis>complain</emphasis> mode."
7128
7160
msgstr ""
7129
7161
7130
#: serverguide/C/security.xml:962(command)
7162
#: serverguide/C/security.xml:948(command)
7131
7163
msgid "sudo aa-complain /path/to/bin"
7132
7164
msgstr ""
7133
7165
7134
#: serverguide/C/security.xml:966(para)
7166
#: serverguide/C/security.xml:952(para)
7135
7167
msgid ""
7136
7168
"<application>aa-enforce</application> places a profile into "
7137
7169
"<emphasis>enforce</emphasis> mode."
7138
7170
msgstr ""
7139
7171
7140
#: serverguide/C/security.xml:970(command)
7172
#: serverguide/C/security.xml:956(command)
7141
7173
msgid "sudo aa-enforce /path/to/bin"
7142
7174
msgstr ""
7143
7175
7144
#: serverguide/C/security.xml:974(para)
7176
#: serverguide/C/security.xml:960(para)
7145
7177
msgid ""
7146
7178
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7147
7179
"profiles are located. It can be used to manipulate the "
7148
7180
"<emphasis>mode</emphasis> of all profiles."
7149
7181
msgstr ""
7150
7182
7151
#: serverguide/C/security.xml:978(para)
7183
#: serverguide/C/security.xml:964(para)
7152
7184
msgid "Enter the following to place all profiles into complain mode:"
7153
7185
msgstr ""
7154
7186
7155
#: serverguide/C/security.xml:982(command)
7187
#: serverguide/C/security.xml:968(command)
7156
7188
msgid "sudo aa-complain /etc/apparmor.d/*"
7157
7189
msgstr ""
7158
7190
7159
#: serverguide/C/security.xml:984(para)
7191
#: serverguide/C/security.xml:970(para)
7160
7192
msgid "To place all profiles in enforce mode:"
7161
7193
msgstr ""
7162
7194
7163
#: serverguide/C/security.xml:988(command)
7195
#: serverguide/C/security.xml:974(command)
7164
7196
msgid "sudo aa-enforce /etc/apparmor.d/*"
7165
7197
msgstr ""
7166
7198
7167
#: serverguide/C/security.xml:992(para)
7199
#: serverguide/C/security.xml:978(para)
7168
7200
msgid ""
7169
7201
"<application>apparmor_parser</application> is used to load a profile into "
7170
7202
"the kernel. It can also be used to reload a currently loaded profile using "
7171
7203
"the <emphasis>-r</emphasis> option. To load a profile:"
7172
7204
msgstr ""
7173
7205
7174
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7206
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7175
7207
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7176
7208
msgstr ""
7177
7209
7178
#: serverguide/C/security.xml:999(para)
7210
#: serverguide/C/security.xml:985(para)
7179
7211
msgid "To reload a profile:"
7180
7212
msgstr ""
7181
7213
7182
#: serverguide/C/security.xml:1003(command)
7214
#: serverguide/C/security.xml:989(command)
7183
7215
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7184
7216
msgstr ""
7185
7217
7186
#: serverguide/C/security.xml:1007(para)
7218
#: serverguide/C/security.xml:1013(para)
7187
7219
msgid ""
7188
7220
"<filename>service apparmor</filename> can be used to "
7189
7221
"<emphasis>reload</emphasis> all profiles:"
7190
7222
msgstr ""
7191
7223
7192
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7224
#: serverguide/C/network-auth.xml:964(command)
7193
7225
msgid "sudo service apparmor reload"
7194
7226
msgstr ""
7195
7227
7196
#: serverguide/C/security.xml:1015(para)
7228
#: serverguide/C/security.xml:1001(para)
7197
7229
msgid ""
7198
7230
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7199
7231
"with the <application>apparmor_parser -R</application> option to "
7200
7232
"<emphasis>disable</emphasis> a profile."
7201
7233
msgstr ""
7202
7234
7203
#: serverguide/C/security.xml:1020(command)
7235
#: serverguide/C/security.xml:1006(command)
7204
7236
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7205
7237
msgstr ""
7206
7238
7207
#: serverguide/C/security.xml:1021(command)
7239
#: serverguide/C/security.xml:1007(command)
7208
7240
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7209
7241
msgstr ""
7210
7242
7211
#: serverguide/C/security.xml:1023(para)
7243
#: serverguide/C/security.xml:1009(para)
7212
7244
msgid ""
7213
7245
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7214
7246
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7215
7247
"load the profile using the <emphasis>-a</emphasis> option."
7216
7248
msgstr ""
7217
7249
7218
#: serverguide/C/security.xml:1028(command)
7250
#: serverguide/C/security.xml:1014(command)
7219
7251
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7220
7252
msgstr ""
7221
7253
7222
#: serverguide/C/security.xml:1033(para)
7254
#: serverguide/C/security.xml:1019(para)
7223
7255
msgid ""
7224
7256
"<application>AppArmor</application> can be disabled, and the kernel module "
7225
7257
"unloaded by entering the following:"
7226
7258
msgstr ""
7227
7259
7228
#: serverguide/C/security.xml:1037(command)
7260
#: serverguide/C/security.xml:1043(command)
7229
7261
msgid "sudo service apparmor stop"
7230
7262
msgstr ""
7231
7263
7232
#: serverguide/C/security.xml:1038(command)
7264
#: serverguide/C/security.xml:1024(command)
7233
7265
msgid "sudo update-rc.d -f apparmor remove"
7234
7266
msgstr ""
7235
7267
7236
#: serverguide/C/security.xml:1042(para)
7268
#: serverguide/C/security.xml:1028(para)
7237
7269
msgid "To re-enable <application>AppArmor</application> enter:"
7238
7270
msgstr ""
7239
7271
7240
#: serverguide/C/security.xml:1046(command)
7272
#: serverguide/C/security.xml:1052(command)
7241
7273
msgid "sudo service apparmor start"
7242
7274
msgstr ""
7243
7275
7244
#: serverguide/C/security.xml:1047(command)
7276
#: serverguide/C/security.xml:1033(command)
7245
7277
msgid "sudo update-rc.d apparmor defaults"
7246
7278
msgstr ""
7247
7279
7248
#: serverguide/C/security.xml:1052(para)
7280
#: serverguide/C/security.xml:1038(para)
7249
7281
msgid ""
7250
7282
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7251
7283
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7253
7285
"<application>ping</application> command use <filename>/bin/ping</filename>"
7254
7286
msgstr ""
7255
7287
7256
#: serverguide/C/security.xml:1060(title)
7288
#: serverguide/C/security.xml:1046(title)
7257
7289
msgid "Profiles"
7258
7290
msgstr ""
7259
7291
7260
#: serverguide/C/security.xml:1061(para)
7292
#: serverguide/C/security.xml:1047(para)
7261
7293
msgid ""
7262
7294
"<application>AppArmor</application> profiles are simple text files located "
7263
7295
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7266
7298
"profile for the <filename>/bin/ping</filename> command."
7267
7299
msgstr ""
7268
7300
7269
#: serverguide/C/security.xml:1067(para)
7301
#: serverguide/C/security.xml:1053(para)
7270
7302
msgid "There are two main type of rules used in profiles:"
7271
7303
msgstr ""
7272
7304
7273
#: serverguide/C/security.xml:1072(para)
7305
#: serverguide/C/security.xml:1058(para)
7274
7306
msgid ""
7275
7307
"<emphasis>Path entries:</emphasis> which detail which files an application "
7276
7308
"can access in the file system."
7277
7309
msgstr ""
7278
7310
7279
#: serverguide/C/security.xml:1077(para)
7311
#: serverguide/C/security.xml:1063(para)
7280
7312
msgid ""
7281
7313
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7282
7314
"confined process is allowed to use."
7283
7315
msgstr ""
7284
7316
7285
#: serverguide/C/security.xml:1082(para)
7317
#: serverguide/C/security.xml:1068(para)
7286
7318
msgid ""
7287
7319
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7288
7320
msgstr ""
7289
7321
7290
#: serverguide/C/security.xml:1085(programlisting)
7322
#: serverguide/C/security.xml:1071(programlisting)
7291
7323
#, no-wrap
7292
7324
msgid ""
7293
7325
"\n"
7306
7338
"}\n"
7307
7339
msgstr ""
7308
7340
7309
#: serverguide/C/security.xml:1102(para)
7341
#: serverguide/C/security.xml:1088(para)
7310
7342
msgid ""
7311
7343
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7312
7344
"from other files. This allows statements pertaining to multiple applications "
7313
7345
"to be placed in a common file."
7314
7346
msgstr ""
7315
7347
7316
#: serverguide/C/security.xml:1108(para)
7348
#: serverguide/C/security.xml:1094(para)
7317
7349
msgid ""
7318
7350
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7319
7351
"program, also setting the mode to <emphasis>complain</emphasis>."
7320
7352
msgstr ""
7321
7353
7322
#: serverguide/C/security.xml:1114(para)
7354
#: serverguide/C/security.xml:1100(para)
7323
7355
msgid ""
7324
7356
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7325
7357
"the CAP_NET_RAW Posix.1e capability."
7326
7358
msgstr ""
7327
7359
7328
#: serverguide/C/security.xml:1119(para)
7360
#: serverguide/C/security.xml:1105(para)
7329
7361
msgid ""
7330
7362
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7331
7363
"execute access to the file."
7332
7364
msgstr ""
7333
7365
7334
#: serverguide/C/security.xml:1125(para)
7366
#: serverguide/C/security.xml:1111(para)
7335
7367
msgid ""
7336
7368
"After editing a profile file the profile must be reloaded. See <xref "
7337
7369
"linkend=\"apparmor-usage\"/> for details."
7338
7370
msgstr ""
7339
7371
7340
#: serverguide/C/security.xml:1130(title)
7372
#: serverguide/C/security.xml:1116(title)
7341
7373
msgid "Creating a Profile"
7342
7374
msgstr ""
7343
7375
7344
#: serverguide/C/security.xml:1133(para)
7376
#: serverguide/C/security.xml:1119(para)
7345
7377
msgid ""
7346
7378
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7347
7379
"application should be exercised. The test plan should be divided into small "
7349
7381
"steps to follow."
7350
7382
msgstr ""
7351
7383
7352
#: serverguide/C/security.xml:1137(para)
7384
#: serverguide/C/security.xml:1123(para)
7353
7385
msgid "Some standard test cases are:"
7354
7386
msgstr ""
7355
7387
7356
#: serverguide/C/security.xml:1142(para)
7388
#: serverguide/C/security.xml:1128(para)
7357
7389
msgid "Starting the program."
7358
7390
msgstr ""
7359
7391
7360
#: serverguide/C/security.xml:1147(para)
7392
#: serverguide/C/security.xml:1133(para)
7361
7393
msgid "Stopping the program."
7362
7394
msgstr ""
7363
7395
7364
#: serverguide/C/security.xml:1152(para)
7396
#: serverguide/C/security.xml:1138(para)
7365
7397
msgid "Reloading the program."
7366
7398
msgstr ""
7367
7399
7368
#: serverguide/C/security.xml:1157(para)
7400
#: serverguide/C/security.xml:1143(para)
7369
7401
msgid "Testing all the commands supported by the init script."
7370
7402
msgstr ""
7371
7403
7372
#: serverguide/C/security.xml:1164(para)
7404
#: serverguide/C/security.xml:1150(para)
7373
7405
msgid ""
7374
7406
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7375
7407
"genprof</application> to generate a new profile. From a terminal:"
7376
7408
msgstr ""
7377
7409
7378
#: serverguide/C/security.xml:1169(command)
7410
#: serverguide/C/security.xml:1155(command)
7379
7411
msgid "sudo aa-genprof executable"
7380
7412
msgstr ""
7381
7413
7382
#: serverguide/C/security.xml:1171(para)
7414
#: serverguide/C/security.xml:1157(para)
7383
7415
msgid "For example:"
7384
7416
msgstr ""
7385
7417
7386
#: serverguide/C/security.xml:1175(command)
7418
#: serverguide/C/security.xml:1161(command)
7387
7419
msgid "sudo aa-genprof slapd"
7388
7420
msgstr ""
7389
7421
7390
#: serverguide/C/security.xml:1179(para)
7422
#: serverguide/C/security.xml:1165(para)
7391
7423
msgid ""
7392
7424
"To get your new profile included in the <application>apparmor-"
7393
7425
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7396
7428
"/ulink> package:"
7397
7429
msgstr ""
7398
7430
7399
#: serverguide/C/security.xml:1186(para)
7431
#: serverguide/C/security.xml:1172(para)
7400
7432
msgid "Include your test plan and test cases."
7401
7433
msgstr ""
7402
7434
7403
#: serverguide/C/security.xml:1191(para)
7435
#: serverguide/C/security.xml:1177(para)
7404
7436
msgid "Attach your new profile to the bug."
7405
7437
msgstr ""
7406
7438
7407
#: serverguide/C/security.xml:1200(title)
7439
#: serverguide/C/security.xml:1186(title)
7408
7440
msgid "Updating Profiles"
7409
7441
msgstr ""
7410
7442
7411
#: serverguide/C/security.xml:1201(para)
7443
#: serverguide/C/security.xml:1187(para)
7412
7444
msgid ""
7413
7445
"When the program is misbehaving, audit messages are sent to the log files. "
7414
7446
"The program <application>aa-logprof</application> can be used to scan log "
7416
7448
"and update the profiles. From a terminal:"
7417
7449
msgstr ""
7418
7450
7419
#: serverguide/C/security.xml:1206(command)
7451
#: serverguide/C/security.xml:1192(command)
7420
7452
msgid "sudo aa-logprof"
7421
7453
msgstr ""
7422
7454
7423
#: serverguide/C/security.xml:1214(para)
7455
#: serverguide/C/security.xml:1200(para)
7424
7456
msgid ""
7425
7457
"See the <ulink "
7426
7458
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7429
7461
"configuration options."
7430
7462
msgstr ""
7431
7463
7432
#: serverguide/C/security.xml:1221(para)
7464
#: serverguide/C/security.xml:1207(para)
7433
7465
msgid ""
7434
7466
"For details using AppArmor with other Ubuntu releases see the <ulink "
7435
7467
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7436
7468
"Wiki</ulink> page."
7437
7469
msgstr ""
7438
7470
7439
#: serverguide/C/security.xml:1229(para)
7471
#: serverguide/C/security.xml:1215(para)
7440
7472
msgid ""
7441
7473
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7442
7474
"AppArmor</ulink> page is another introduction to AppArmor."
7443
7475
msgstr ""
7444
7476
7445
#: serverguide/C/security.xml:1236(para)
7477
#: serverguide/C/security.xml:1222(para)
7446
7478
msgid ""
7447
7479
"A great place to ask for <application>AppArmor</application> assistance, and "
7448
7480
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7450
7482
"url=\"http://freenode.net\">freenode</ulink>."
7451
7483
msgstr ""
7452
7484
7453
#: serverguide/C/security.xml:1246(title)
7485
#: serverguide/C/security.xml:1232(title)
7454
7486
msgid "Certificates"
7455
7487
msgstr ""
7456
7488
7457
#: serverguide/C/security.xml:1247(para)
7489
#: serverguide/C/security.xml:1233(para)
7458
7490
msgid ""
7459
7491
"One of the most common forms of cryptography today is <emphasis>public-"
7460
7492
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7464
7496
"the private key."
7465
7497
msgstr ""
7466
7498
7467
#: serverguide/C/security.xml:1253(para)
7499
#: serverguide/C/security.xml:1239(para)
7468
7500
msgid ""
7469
7501
"A common use for public-key cryptography is encrypting application traffic "
7470
7502
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7473
7505
"encrypt traffic using a protocol that does not itself provide encryption."
7474
7506
msgstr ""
7475
7507
7476
#: serverguide/C/security.xml:1258(para)
7508
#: serverguide/C/security.xml:1244(para)
7477
7509
msgid ""
7478
7510
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7479
7511
"<emphasis>public key</emphasis> and other information about a server and the "
7483
7515
"certificate is accurate."
7484
7516
msgstr ""
7485
7517
7486
#: serverguide/C/security.xml:1265(title)
7518
#: serverguide/C/security.xml:1251(title)
7487
7519
msgid "Types of Certificates"
7488
7520
msgstr ""
7489
7521
7490
#: serverguide/C/security.xml:1266(para)
7522
#: serverguide/C/security.xml:1252(para)
7491
7523
msgid ""
7492
7524
"To set up a secure server using public-key cryptography, in most cases, you "
7493
7525
"send your certificate request (including your public key), proof of your "
7497
7529
"signed</emphasis> certificate."
7498
7530
msgstr ""
7499
7531
7500
#: serverguide/C/security.xml:1276(para)
7532
#: serverguide/C/security.xml:1262(para)
7501
7533
msgid ""
7502
7534
"Note, that self-signed certificates should not be used in most production "
7503
7535
"environments."
7504
7536
msgstr ""
7505
7537
7506
#: serverguide/C/security.xml:1280(para)
7538
#: serverguide/C/security.xml:1266(para)
7507
7539
msgid ""
7508
7540
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7509
7541
"capabilities that a self-signed certificate does not:"
7510
7542
msgstr ""
7511
7543
7512
#: serverguide/C/security.xml:1287(para)
7544
#: serverguide/C/security.xml:1273(para)
7513
7545
msgid ""
7514
7546
"Browsers (usually) automatically recognize the certificate and allow a "
7515
7547
"secure connection to be made without prompting the user."
7516
7548
msgstr ""
7517
7549
7518
#: serverguide/C/security.xml:1294(para)
7550
#: serverguide/C/security.xml:1280(para)
7519
7551
msgid ""
7520
7552
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7521
7553
"the organization that is providing the web pages to the browser."
7522
7554
msgstr ""
7523
7555
7524
#: serverguide/C/security.xml:1302(para)
7556
#: serverguide/C/security.xml:1308(para)
7525
7557
msgid ""
7526
7558
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
7527
7559
"certificates they automatically accept. If a browser encounters a "
7530
7562
"may generate an error message when using a self-signed certificate."
7531
7563
msgstr ""
7532
7564
7533
#: serverguide/C/security.xml:1310(para)
7565
#: serverguide/C/security.xml:1296(para)
7534
7566
msgid ""
7535
7567
"The process of getting a certificate from a CA is fairly easy. A quick "
7536
7568
"overview is as follows:"
7537
7569
msgstr ""
7538
7570
7539
#: serverguide/C/security.xml:1317(para)
7571
#: serverguide/C/security.xml:1303(para)
7540
7572
msgid "Create a private and public encryption key pair."
7541
7573
msgstr ""
7542
7574
7543
#: serverguide/C/security.xml:1320(para)
7575
#: serverguide/C/security.xml:1306(para)
7544
7576
msgid ""
7545
7577
"Create a certificate request based on the public key. The certificate "
7546
7578
"request contains information about your server and the company hosting it."
7547
7579
msgstr ""
7548
7580
7549
#: serverguide/C/security.xml:1325(para)
7581
#: serverguide/C/security.xml:1311(para)
7550
7582
msgid ""
7551
7583
"Send the certificate request, along with documents proving your identity, to "
7552
7584
"a CA. We cannot tell you which certificate authority to choose. Your "
7554
7586
"your friends or colleagues, or purely on monetary factors."
7555
7587
msgstr ""
7556
7588
7557
#: serverguide/C/security.xml:1331(para)
7589
#: serverguide/C/security.xml:1317(para)
7558
7590
msgid ""
7559
7591
"Once you have decided upon a CA, you need to follow the instructions they "
7560
7592
"provide on how to obtain a certificate from them."
7561
7593
msgstr ""
7562
7594
7563
#: serverguide/C/security.xml:1336(para)
7595
#: serverguide/C/security.xml:1322(para)
7564
7596
msgid ""
7565
7597
"When the CA is satisfied that you are indeed who you claim to be, they send "
7566
7598
"you a digital certificate."
7567
7599
msgstr ""
7568
7600
7569
#: serverguide/C/security.xml:1340(para)
7601
#: serverguide/C/security.xml:1326(para)
7570
7602
msgid ""
7571
7603
"Install this certificate on your secure server, and configure the "
7572
7604
"appropriate applications to use the certificate."
7573
7605
msgstr ""
7574
7606
7575
#: serverguide/C/security.xml:1349(title)
7607
#: serverguide/C/security.xml:1335(title)
7576
7608
msgid "Generating a Certificate Signing Request (CSR)"
7577
7609
msgstr ""
7578
7610
7579
#: serverguide/C/security.xml:1351(para)
7611
#: serverguide/C/security.xml:1337(para)
7580
7612
msgid ""
7581
7613
"Whether you are getting a certificate from a CA or generating your own self-"
7582
7614
"signed certificate, the first step is to generate a key."
7583
7615
msgstr ""
7584
7616
7585
#: serverguide/C/security.xml:1356(para)
7617
#: serverguide/C/security.xml:1342(para)
7586
7618
msgid ""
7587
7619
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7588
7620
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7590
7622
"the preferred way to start a daemon."
7591
7623
msgstr ""
7592
7624
7593
#: serverguide/C/security.xml:1362(para)
7625
#: serverguide/C/security.xml:1348(para)
7594
7626
msgid ""
7595
7627
"This section will cover generating a key with a passphrase, and one without. "
7596
7628
"The non-passphrase key will then be used to generate a certificate that can "
7597
7629
"be used with various service daemons."
7598
7630
msgstr ""
7599
7631
7600
#: serverguide/C/security.xml:1368(para)
7632
#: serverguide/C/security.xml:1354(para)
7601
7633
msgid ""
7602
7634
"Running your secure service without a passphrase is convenient because you "
7603
7635
"will not need to enter the passphrase every time you start your secure "
7605
7637
"of the server as well."
7606
7638
msgstr ""
7607
7639
7608
#: serverguide/C/security.xml:1375(para)
7640
#: serverguide/C/security.xml:1361(para)
7609
7641
msgid ""
7610
7642
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7611
7643
"Request (CSR) run the following command from a terminal prompt:"
7612
7644
msgstr ""
7613
7645
7614
#: serverguide/C/security.xml:1381(command)
7646
#: serverguide/C/security.xml:1367(command)
7615
7647
msgid "openssl genrsa -des3 -out server.key 2048"
7616
7648
msgstr ""
7617
7649
7618
#: serverguide/C/security.xml:1384(programlisting)
7650
#: serverguide/C/security.xml:1370(programlisting)
7619
7651
#, no-wrap
7620
7652
msgid ""
7621
7653
"\n"
7626
7658
"Enter pass phrase for server.key:\n"
7627
7659
msgstr ""
7628
7660
7629
#: serverguide/C/security.xml:1392(para)
7661
#: serverguide/C/security.xml:1378(para)
7630
7662
msgid ""
7631
7663
"You can now enter your passphrase. For best security, it should at least "
7632
7664
"contain eight characters. The minimum length when specifying -des3 is four "
7634
7666
"in a dictionary. Also remember that your passphrase is case-sensitive."
7635
7667
msgstr ""
7636
7668
7637
#: serverguide/C/security.xml:1400(para)
7669
#: serverguide/C/security.xml:1386(para)
7638
7670
msgid ""
7639
7671
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7640
7672
"server key is generated and stored in the <filename>server.key</filename> "
7641
7673
"file."
7642
7674
msgstr ""
7643
7675
7644
#: serverguide/C/security.xml:1406(para)
7676
#: serverguide/C/security.xml:1392(para)
7645
7677
msgid ""
7646
7678
"Now create the insecure key, the one without a passphrase, and shuffle the "
7647
7679
"key names:"
7648
7680
msgstr ""
7649
7681
7650
#: serverguide/C/security.xml:1412(command)
7682
#: serverguide/C/security.xml:1398(command)
7651
7683
msgid "openssl rsa -in server.key -out server.key.insecure"
7652
7684
msgstr ""
7653
7685
7654
#: serverguide/C/security.xml:1413(command)
7686
#: serverguide/C/security.xml:1399(command)
7655
7687
msgid "mv server.key server.key.secure"
7656
7688
msgstr ""
7657
7689
7658
#: serverguide/C/security.xml:1414(command)
7690
#: serverguide/C/security.xml:1400(command)
7659
7691
msgid "mv server.key.insecure server.key"
7660
7692
msgstr ""
7661
7693
7662
#: serverguide/C/security.xml:1417(para)
7694
#: serverguide/C/security.xml:1403(para)
7663
7695
msgid ""
7664
7696
"The insecure key is now named <filename>server.key</filename>, and you can "
7665
7697
"use this file to generate the CSR without passphrase."
7666
7698
msgstr ""
7667
7699
7668
#: serverguide/C/security.xml:1422(para)
7700
#: serverguide/C/security.xml:1408(para)
7669
7701
msgid "To create the CSR, run the following command at a terminal prompt:"
7670
7702
msgstr ""
7671
7703
7672
#: serverguide/C/security.xml:1427(command)
7704
#: serverguide/C/security.xml:1413(command)
7673
7705
msgid "openssl req -new -key server.key -out server.csr"
7674
7706
msgstr ""
7675
7707
7676
#: serverguide/C/security.xml:1430(para)
7708
#: serverguide/C/security.xml:1416(para)
7677
7709
msgid ""
7678
7710
"It will prompt you enter the passphrase. If you enter the correct "
7679
7711
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7681
7713
"be stored in the <filename>server.csr</filename> file."
7682
7714
msgstr ""
7683
7715
7684
#: serverguide/C/security.xml:1438(para)
7716
#: serverguide/C/security.xml:1424(para)
7685
7717
msgid ""
7686
7718
"You can now submit this CSR file to a CA for processing. The CA will use "
7687
7719
"this CSR file and issue the certificate. On the other hand, you can create "
7688
7720
"self-signed certificate using this CSR."
7689
7721
msgstr ""
7690
7722
7691
#: serverguide/C/security.xml:1446(title)
7723
#: serverguide/C/security.xml:1432(title)
7692
7724
msgid "Creating a Self-Signed Certificate"
7693
7725
msgstr ""
7694
7726
7695
#: serverguide/C/security.xml:1447(para)
7727
#: serverguide/C/security.xml:1433(para)
7696
7728
msgid ""
7697
7729
"To create the self-signed certificate, run the following command at a "
7698
7730
"terminal prompt:"
7699
7731
msgstr ""
7700
7732
7701
#: serverguide/C/security.xml:1452(command)
7733
#: serverguide/C/security.xml:1438(command)
7702
7734
msgid ""
7703
7735
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7704
7736
"server.crt"
7705
7737
msgstr ""
7706
7738
7707
#: serverguide/C/security.xml:1455(para)
7739
#: serverguide/C/security.xml:1441(para)
7708
7740
msgid ""
7709
7741
"The above command will prompt you to enter the passphrase. Once you enter "
7710
7742
"the correct passphrase, your certificate will be created and it will be "
7711
7743
"stored in the <filename>server.crt</filename> file."
7712
7744
msgstr ""
7713
7745
7714
#: serverguide/C/security.xml:1460(para)
7746
#: serverguide/C/security.xml:1446(para)
7715
7747
msgid ""
7716
7748
"If your secure server is to be used in a production environment, you "
7717
7749
"probably need a CA-signed certificate. It is not recommended to use self-"
7718
7750
"signed certificate."
7719
7751
msgstr ""
7720
7752
7721
#: serverguide/C/security.xml:1468(title)
7753
#: serverguide/C/security.xml:1454(title)
7722
7754
msgid "Installing the Certificate"
7723
7755
msgstr ""
7724
7756
7725
#: serverguide/C/security.xml:1470(para)
7757
#: serverguide/C/security.xml:1456(para)
7726
7758
msgid ""
7727
7759
"You can install the key file <filename>server.key</filename> and certificate "
7728
7760
"file <filename>server.crt</filename>, or the certificate file issued by your "
7729
7761
"CA, by running following commands at a terminal prompt:"
7730
7762
msgstr ""
7731
7763
7732
#: serverguide/C/security.xml:1476(command)
7764
#: serverguide/C/security.xml:1462(command)
7733
7765
msgid "sudo cp server.crt /etc/ssl/certs"
7734
7766
msgstr ""
7735
7767
7736
#: serverguide/C/security.xml:1477(command)
7768
#: serverguide/C/security.xml:1463(command)
7737
7769
msgid "sudo cp server.key /etc/ssl/private"
7738
7770
msgstr ""
7739
7771
7740
#: serverguide/C/security.xml:1479(para)
7772
#: serverguide/C/security.xml:1465(para)
7741
7773
msgid ""
7742
7774
"Now simply configure any applications, with the ability to use public-key "
7743
7775
"cryptography, to use the <emphasis>certificate</emphasis> and "
7746
7778
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7747
7779
msgstr ""
7748
7780
7749
#: serverguide/C/security.xml:1486(title)
7781
#: serverguide/C/security.xml:1472(title)
7750
7782
msgid "Certification Authority"
7751
7783
msgstr ""
7752
7784
7753
#: serverguide/C/security.xml:1488(para)
7785
#: serverguide/C/security.xml:1474(para)
7754
7786
msgid ""
7755
7787
"If the services on your network require more than a few self-signed "
7756
7788
"certificates it may be worth the additional effort to setup your own "
7760
7792
"the same CA."
7761
7793
msgstr ""
7762
7794
7763
#: serverguide/C/security.xml:1498(para)
7795
#: serverguide/C/security.xml:1484(para)
7764
7796
msgid ""
7765
7797
"First, create the directories to hold the CA certificate and related files:"
7766
7798
msgstr ""
7767
7799
7768
#: serverguide/C/security.xml:1503(command)
7800
#: serverguide/C/security.xml:1489(command)
7769
7801
msgid "sudo mkdir /etc/ssl/CA"
7770
7802
msgstr ""
7771
7803
7772
#: serverguide/C/security.xml:1504(command)
7804
#: serverguide/C/security.xml:1490(command)
7773
7805
msgid "sudo mkdir /etc/ssl/newcerts"
7774
7806
msgstr ""
7775
7807
7776
#: serverguide/C/security.xml:1510(para)
7808
#: serverguide/C/security.xml:1496(para)
7777
7809
msgid ""
7778
7810
"The CA needs a few additional files to operate, one to keep track of the "
7779
7811
"last serial number used by the CA, each certificate must have a unique "
7781
7813
"issued:"
7782
7814
msgstr ""
7783
7815
7784
#: serverguide/C/security.xml:1517(command)
7816
#: serverguide/C/security.xml:1503(command)
7785
7817
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7786
7818
msgstr ""
7787
7819
7788
#: serverguide/C/security.xml:1518(command)
7820
#: serverguide/C/security.xml:1504(command)
7789
7821
msgid "sudo touch /etc/ssl/CA/index.txt"
7790
7822
msgstr ""
7791
7823
7792
#: serverguide/C/security.xml:1524(para)
7824
#: serverguide/C/security.xml:1510(para)
7793
7825
msgid ""
7794
7826
"The third file is a CA configuration file. Though not strictly necessary, it "
7795
7827
"is very convenient when issuing multiple certificates. Edit "
7797
7829
"]</emphasis> change:"
7798
7830
msgstr ""
7799
7831
7800
#: serverguide/C/security.xml:1530(programlisting)
7832
#: serverguide/C/security.xml:1516(programlisting)
7801
7833
#, no-wrap
7802
7834
msgid ""
7803
7835
"\n"
7808
7840
"private_key = $dir/private/cakey.pem# The private key\n"
7809
7841
msgstr ""
7810
7842
7811
#: serverguide/C/security.xml:1541(para)
7843
#: serverguide/C/security.xml:1547(para)
7812
7844
msgid "Next, create the self-signed root certificate:"
7813
7845
msgstr ""
7814
7846
7815
#: serverguide/C/security.xml:1546(command)
7847
#: serverguide/C/security.xml:1532(command)
7816
7848
msgid ""
7817
7849
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7818
7850
"days 3650"
7819
7851
msgstr ""
7820
7852
7821
#: serverguide/C/security.xml:1549(para)
7853
#: serverguide/C/security.xml:1535(para)
7822
7854
msgid "You will then be asked to enter the details about the certificate."
7823
7855
msgstr ""
7824
7856
7825
#: serverguide/C/security.xml:1556(para)
7857
#: serverguide/C/security.xml:1542(para)
7826
7858
msgid "Now install the root certificate and key:"
7827
7859
msgstr ""
7828
7860
7829
#: serverguide/C/security.xml:1561(command)
7861
#: serverguide/C/security.xml:1547(command)
7830
7862
msgid "sudo mv cakey.pem /etc/ssl/private/"
7831
7863
msgstr ""
7832
7864
7833
#: serverguide/C/security.xml:1562(command)
7865
#: serverguide/C/security.xml:1548(command)
7834
7866
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7835
7867
msgstr ""
7836
7868
7837
#: serverguide/C/security.xml:1568(para)
7869
#: serverguide/C/security.xml:1554(para)
7838
7870
msgid ""
7839
7871
"You are now ready to start signing certificates. The first item needed is a "
7840
7872
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7842
7874
"certificate signed by the CA:"
7843
7875
msgstr ""
7844
7876
7845
#: serverguide/C/security.xml:1575(command)
7877
#: serverguide/C/security.xml:1561(command)
7846
7878
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7847
7879
msgstr ""
7848
7880
7849
#: serverguide/C/security.xml:1578(para)
7881
#: serverguide/C/security.xml:1564(para)
7850
7882
msgid ""
7851
7883
"After entering the password for the CA key, you will be prompted to sign the "
7852
7884
"certificate, and again to commit the new certificate. You should then see a "
7853
7885
"somewhat large amount of output related to the certificate creation."
7854
7886
msgstr ""
7855
7887
7856
#: serverguide/C/security.xml:1587(para)
7888
#: serverguide/C/security.xml:1573(para)
7857
7889
msgid ""
7858
7890
"There should now be a new file, "
7859
7891
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7864
7896
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7865
7897
msgstr ""
7866
7898
7867
#: serverguide/C/security.xml:1595(para)
7899
#: serverguide/C/security.xml:1581(para)
7868
7900
msgid ""
7869
7901
"Subsequent certificates will be named <filename>02.pem</filename>, "
7870
7902
"<filename>03.pem</filename>, etc."
7871
7903
msgstr ""
7872
7904
7873
#: serverguide/C/security.xml:1600(para)
7905
#: serverguide/C/security.xml:1586(para)
7874
7906
msgid ""
7875
7907
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7876
7908
"name."
7877
7909
msgstr ""
7878
7910
7879
#: serverguide/C/security.xml:1608(para)
7911
#: serverguide/C/security.xml:1594(para)
7880
7912
msgid ""
7881
7913
"Finally, copy the new certificate to the host that needs it, and configure "
7882
7914
"the appropriate applications to use it. The default location to install "
7885
7917
"complicated file permissions."
7886
7918
msgstr ""
7887
7919
7888
#: serverguide/C/security.xml:1614(para)
7920
#: serverguide/C/security.xml:1600(para)
7889
7921
msgid ""
7890
7922
"For applications that can be configured to use a CA certificate, you should "
7891
7923
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7893
7925
"server."
7894
7926
msgstr ""
7895
7927
7896
#: serverguide/C/security.xml:1628(para)
7928
#: serverguide/C/security.xml:1614(para)
7897
7929
msgid ""
7898
7930
"For more detailed instructions on using cryptography see the <ulink "
7899
7931
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7900
"Certificates HOWTO</ulink> by tlpd.org"
7932
"Certificates HOWTO</ulink> by tldp.org"
7901
7933
msgstr ""
7902
7934
7903
#: serverguide/C/security.xml:1634(para)
7935
#: serverguide/C/security.xml:1620(para)
7904
7936
msgid ""
7905
7937
"The Wikipedia <ulink "
7906
7938
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7907
7939
"information regarding HTTPS."
7908
7940
msgstr ""
7909
7941
7910
#: serverguide/C/security.xml:1639(para)
7942
#: serverguide/C/security.xml:1625(para)
7911
7943
msgid ""
7912
7944
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7913
7945
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7914
7946
msgstr ""
7915
7947
7916
#: serverguide/C/security.xml:1644(para)
7948
#: serverguide/C/security.xml:1630(para)
7917
7949
msgid ""
7918
7950
"Also, O'Reilly's <ulink "
7919
7951
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7920
7952
"OpenSSL</ulink> is a good in depth reference."
7921
7953
msgstr ""
7922
7954
7923
#: serverguide/C/security.xml:1653(title)
7955
#: serverguide/C/security.xml:1639(title)
7924
7956
msgid "eCryptfs"
7925
7957
msgstr ""
7926
7958
7927
#: serverguide/C/security.xml:1655(para)
7959
#: serverguide/C/security.xml:1661(para)
7928
7960
msgid ""
7929
7961
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
7930
7962
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
7932
7964
"filesystem, partition type, etc."
7933
7965
msgstr ""
7934
7966
7935
#: serverguide/C/security.xml:1661(para)
7967
#: serverguide/C/security.xml:1647(para)
7936
7968
msgid ""
7937
7969
"During installation there is an option to encrypt the <filename "
7938
7970
"role=\"directory\">/home</filename> partition. This will automatically "
7939
7971
"configure everything needed to encrypt and mount the partition."
7940
7972
msgstr ""
7941
7973
7942
#: serverguide/C/security.xml:1666(para)
7974
#: serverguide/C/security.xml:1652(para)
7943
7975
msgid ""
7944
7976
"As an example, this section will cover configuring <filename "
7945
7977
"role=\"directory\">/srv</filename> to be encrypted using "
7946
7978
"<emphasis>eCryptfs</emphasis>."
7947
7979
msgstr ""
7948
7980
7949
#: serverguide/C/security.xml:1671(title)
7981
#: serverguide/C/security.xml:1657(title)
7950
7982
msgid "Using eCryptfs"
7951
7983
msgstr ""
7952
7984
7953
#: serverguide/C/security.xml:1673(para)
7985
#: serverguide/C/security.xml:1659(para)
7954
7986
msgid "First, install the necessary packages. From a terminal prompt enter:"
7955
7987
msgstr ""
7956
7988
7957
#: serverguide/C/security.xml:1678(command)
7989
#: serverguide/C/security.xml:1664(command)
7958
7990
msgid "sudo apt-get install ecryptfs-utils"
7959
7991
msgstr ""
7960
7992
7961
#: serverguide/C/security.xml:1681(para)
7993
#: serverguide/C/security.xml:1667(para)
7962
7994
msgid "Now mount the partition to be encrypted:"
7963
7995
msgstr ""
7964
7996
7965
#: serverguide/C/security.xml:1686(command)
7997
#: serverguide/C/security.xml:1672(command)
7966
7998
msgid "sudo mount -t ecryptfs /srv /srv"
7967
7999
msgstr ""
7968
8000
7969
#: serverguide/C/security.xml:1689(para)
8001
#: serverguide/C/security.xml:1675(para)
7970
8002
msgid ""
7971
8003
"You will then be prompted for some details on how "
7972
8004
"<application>ecryptfs</application> should encrypt the data."
7973
8005
msgstr ""
7974
8006
7975
#: serverguide/C/security.xml:1693(para)
8007
#: serverguide/C/security.xml:1679(para)
7976
8008
msgid ""
7977
8009
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
7978
8010
"copy the <filename>/etc/default</filename> folder to "
7979
8011
"<filename>/srv</filename>:"
7980
8012
msgstr ""
7981
8013
7982
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8014
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
7983
8015
msgid "sudo cp -r /etc/default /srv"
7984
8016
msgstr ""
7985
8017
7986
#: serverguide/C/security.xml:1702(para)
8018
#: serverguide/C/security.xml:1688(para)
7987
8019
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
7988
8020
msgstr ""
7989
8021
7990
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8022
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
7991
8023
msgid "sudo umount /srv"
7992
8024
msgstr ""
7993
8025
7994
#: serverguide/C/security.xml:1708(command)
8026
#: serverguide/C/security.xml:1694(command)
7995
8027
msgid "cat /srv/default/cron"
7996
8028
msgstr ""
7997
8029
7998
#: serverguide/C/security.xml:1711(para)
8030
#: serverguide/C/security.xml:1697(para)
7999
8031
msgid ""
8000
8032
"Remounting <filename>/srv</filename> using "
8001
8033
"<application>ecryptfs</application> will make the data viewable once again."
8002
8034
msgstr ""
8003
8035
8004
#: serverguide/C/security.xml:1717(title)
8036
#: serverguide/C/security.xml:1703(title)
8005
8037
msgid "Automatically Mounting Encrypted Partitions"
8006
8038
msgstr ""
8007
8039
8008
#: serverguide/C/security.xml:1719(para)
8040
#: serverguide/C/security.xml:1705(para)
8009
8041
msgid ""
8010
8042
"There are a couple of ways to automatically mount an "
8011
8043
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8013
8045
"mount options, along with a passphrase file residing on a USB key."
8014
8046
msgstr ""
8015
8047
8016
#: serverguide/C/security.xml:1725(para)
8048
#: serverguide/C/security.xml:1711(para)
8017
8049
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8018
8050
msgstr ""
8019
8051
8020
#: serverguide/C/security.xml:1729(programlisting)
8052
#: serverguide/C/security.xml:1715(programlisting)
8021
8053
#, no-wrap
8022
8054
msgid ""
8023
8055
"\n"
8029
8061
"ecryptfs_enable_filename_crypto=n\n"
8030
8062
msgstr ""
8031
8063
8032
#: serverguide/C/security.xml:1739(para)
8064
#: serverguide/C/security.xml:1725(para)
8033
8065
msgid ""
8034
8066
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8035
8067
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8036
8068
msgstr ""
8037
8069
8038
#: serverguide/C/security.xml:1744(para)
8070
#: serverguide/C/security.xml:1730(para)
8039
8071
msgid ""
8040
8072
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8041
8073
"file:"
8042
8074
msgstr ""
8043
8075
8044
#: serverguide/C/security.xml:1748(programlisting)
8076
#: serverguide/C/security.xml:1734(programlisting)
8045
8077
#, no-wrap
8046
8078
msgid ""
8047
8079
"\n"
8048
8080
"passphrase_passwd=[secrets]\n"
8049
8081
msgstr ""
8050
8082
8051
#: serverguide/C/security.xml:1752(para)
8083
#: serverguide/C/security.xml:1738(para)
8052
8084
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8053
8085
msgstr ""
8054
8086
8055
#: serverguide/C/security.xml:1756(programlisting)
8087
#: serverguide/C/security.xml:1742(programlisting)
8056
8088
#, no-wrap
8057
8089
msgid ""
8058
8090
"\n"
8060
8092
"/srv /srv ecryptfs defaults 0 0\n"
8061
8093
msgstr ""
8062
8094
8063
#: serverguide/C/security.xml:1761(para)
8095
#: serverguide/C/security.xml:1747(para)
8064
8096
msgid "Make sure the USB drive is mounted before the encrypted partition."
8065
8097
msgstr ""
8066
8098
8067
#: serverguide/C/security.xml:1765(para)
8099
#: serverguide/C/security.xml:1751(para)
8068
8100
msgid ""
8069
8101
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8070
8102
"<emphasis>eCryptfs</emphasis>."
8071
8103
msgstr ""
8072
8104
8073
#: serverguide/C/security.xml:1771(title)
8105
#: serverguide/C/security.xml:1757(title)
8074
8106
msgid "Other Utilities"
8075
8107
msgstr ""
8076
8108
8077
#: serverguide/C/security.xml:1773(para)
8109
#: serverguide/C/security.xml:1759(para)
8078
8110
msgid ""
8079
8111
"The <application>ecryptfs-utils</application> package includes several other "
8080
8112
"useful utilities:"
8081
8113
msgstr ""
8082
8114
8083
#: serverguide/C/security.xml:1779(para)
8115
#: serverguide/C/security.xml:1765(para)
8084
8116
msgid ""
8085
8117
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8086
8118
"<filename>~/Private</filename> directory to contain encrypted information. "
8088
8120
"other users on the system."
8089
8121
msgstr ""
8090
8122
8091
#: serverguide/C/security.xml:1786(para)
8123
#: serverguide/C/security.xml:1772(para)
8092
8124
msgid ""
8093
8125
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8094
8126
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8095
8127
"directory."
8096
8128
msgstr ""
8097
8129
8098
#: serverguide/C/security.xml:1792(para)
8130
#: serverguide/C/security.xml:1778(para)
8099
8131
msgid ""
8100
8132
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8101
8133
"kernel keyring."
8102
8134
msgstr ""
8103
8135
8104
#: serverguide/C/security.xml:1797(para)
8136
#: serverguide/C/security.xml:1783(para)
8105
8137
msgid ""
8106
8138
"<emphasis>ecryptfs-manager:</emphasis> manages "
8107
8139
"<application>eCryptfs</application> objects such as keys."
8108
8140
msgstr ""
8109
8141
8110
#: serverguide/C/security.xml:1802(para)
8142
#: serverguide/C/security.xml:1788(para)
8111
8143
msgid ""
8112
8144
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8113
8145
"<application>ecryptfs</application> meta information for a file."
8114
8146
msgstr ""
8115
8147
8116
#: serverguide/C/security.xml:1815(para)
8148
#: serverguide/C/security.xml:1801(para)
8117
8149
msgid ""
8118
8150
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8119
8151
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8120
8152
msgstr ""
8121
8153
8122
#: serverguide/C/security.xml:1820(para)
8154
#: serverguide/C/security.xml:1806(para)
8123
8155
msgid ""
8124
8156
"There is also a <ulink "
8125
8157
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8126
8158
"article covering <emphasis>eCryptfs</emphasis>."
8127
8159
msgstr ""
8128
8160
8129
#: serverguide/C/security.xml:1825(para)
8161
#: serverguide/C/security.xml:1831(para)
8130
8162
msgid ""
8131
"Also, for more <application>ecryptfs</application> options see the <ulink "
8163
"Also, for more <application>ecryptfs</application> options and details see "
8164
"the <ulink "
8132
8165
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man7/ecryptfs.7.html\">ec"
8133
8166
"ryptfs man page</ulink>."
8134
8167
msgstr ""
8135
8168
8136
#: serverguide/C/security.xml:1831(para)
8137
msgid ""
8138
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
8139
"Ubuntu Wiki</ulink> page also has more details."
8140
msgstr ""
8141
8142
8169
#: serverguide/C/samba.xml:11(title)
8143
8170
msgid "Samba"
8144
8171
msgstr ""
8145
8172
8146
#: serverguide/C/samba.xml:13(para)
8173
#: serverguide/C/windows-networking.xml:13(para)
8147
8174
msgid ""
8148
8175
"Computer networks are often comprised of diverse systems, and while "
8149
8176
"operating a network made up entirely of Ubuntu desktop and server computers "
8155
8182
"network resources with Windows computers."
8156
8183
msgstr ""
8157
8184
8158
#: serverguide/C/samba.xml:25(para)
8185
#: serverguide/C/windows-networking.xml:25(para)
8159
8186
msgid ""
8160
8187
"Successfully networking your Ubuntu system with Windows clients involves "
8161
8188
"providing and integrating with services common to Windows environments. Such "
8168
8195
"помажу дељењу података и информација о рачунарима и корисницима укљученим у "
8169
8196
"мрежу, и могу се поделити по функционалности у три главне категорије:"
8170
8197
8171
#: serverguide/C/samba.xml:33(para)
8198
#: serverguide/C/windows-networking.xml:33(para)
8172
8199
msgid ""
8173
8200
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8174
8201
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8175
8202
"folders, volumes, and the sharing of printers throughout the network."
8176
8203
msgstr ""
8177
8204
8178
#: serverguide/C/samba.xml:39(para)
8205
#: serverguide/C/windows-networking.xml:39(para)
8179
8206
msgid ""
8180
8207
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8181
8208
"information about the computers and users of the network with such "
8183
8210
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
8184
8211
msgstr ""
8185
8212
8186
#: serverguide/C/samba.xml:46(para)
8213
#: serverguide/C/windows-networking.xml:46(para)
8187
8214
msgid ""
8188
8215
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8189
8216
"the identity of a computer or user of the network and determining the "
8192
8219
"Kerberos authentication service."
8193
8220
msgstr ""
8194
8221
8195
#: serverguide/C/samba.xml:54(para)
8222
#: serverguide/C/windows-networking.xml:54(para)
8196
8223
msgid ""
8197
8224
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8198
8225
"clients and share network resources among them. One of the principal pieces "
8200
8227
"suite of SMB server applications and tools."
8201
8228
msgstr ""
8202
8229
8203
#: serverguide/C/samba.xml:60(para)
8230
#: serverguide/C/windows-networking.xml:60(para)
8204
8231
msgid ""
8205
8232
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8206
8233
"of the common Samba use cases, and how to install and configure the "
8213
8240
msgid "File Server"
8214
8241
msgstr ""
8215
8242
8216
#: serverguide/C/samba.xml:70(para)
8243
#: serverguide/C/windows-networking.xml:70(para)
8217
8244
msgid ""
8218
8245
"One of the most common ways to network Ubuntu and Windows computers is to "
8219
8246
"configure Samba as a File Server. This section covers setting up a "
8220
8247
"<application>Samba</application> server to share files with Windows clients."
8221
8248
msgstr ""
8222
8249
8223
#: serverguide/C/samba.xml:75(para)
8250
#: serverguide/C/windows-networking.xml:75(para)
8224
8251
msgid ""
8225
8252
"The server will be configured to share files with any client on the network "
8226
8253
"without prompting for a password. If your environment requires stricter "
8227
8254
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
8228
8255
msgstr ""
8229
8256
8230
#: serverguide/C/samba.xml:83(para)
8257
#: serverguide/C/windows-networking.xml:83(para)
8231
8258
msgid ""
8232
8259
"The first step is to install the <application>samba</application> package. "
8233
8260
"From a terminal prompt enter:"
8234
8261
msgstr ""
8235
8262
8236
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8263
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8237
8264
msgid "sudo apt-get install samba"
8238
8265
msgstr "sudo apt-get install samba"
8239
8266
8240
#: serverguide/C/samba.xml:91(para)
8267
#: serverguide/C/windows-networking.xml:91(para)
8241
8268
msgid ""
8242
8269
"That's all there is to it; you are now ready to configure Samba to share "
8243
8270
"files."
8244
8271
msgstr ""
8245
8272
8246
#: serverguide/C/samba.xml:99(para)
8273
#: serverguide/C/windows-networking.xml:99(para)
8247
8274
msgid ""
8248
8275
"The main Samba configuration file is located in "
8249
8276
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8251
8278
"directives."
8252
8279
msgstr ""
8253
8280
8254
#: serverguide/C/samba.xml:104(para)
8281
#: serverguide/C/windows-networking.xml:104(para)
8255
8282
msgid ""
8256
8283
"Not all the available options are included in the default configuration "
8257
8284
"file. See the <filename>smb.conf</filename><application>man</application> "
8259
8286
"Collection/\">Samba HOWTO Collection</ulink> for more details."
8260
8287
msgstr ""
8261
8288
8262
#: serverguide/C/samba.xml:113(para)
8289
#: serverguide/C/windows-networking.xml:113(para)
8263
8290
msgid ""
8264
8291
"First, edit the following key/value pairs in the "
8265
8292
"<emphasis>[global]</emphasis> section of "
8266
8293
"<filename>/etc/samba/smb.conf</filename>:"
8267
8294
msgstr ""
8268
8295
8269
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8296
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8270
8297
#, no-wrap
8271
8298
msgid ""
8272
8299
"\n"
8279
8306
" ...\n"
8280
8307
" безбедност = корисник\n"
8281
8308
8282
#: serverguide/C/samba.xml:124(para)
8309
#: serverguide/C/windows-networking.xml:124(para)
8283
8310
msgid ""
8284
8311
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8285
8312
"section, and is commented by default. Also, change "
8286
8313
"<emphasis>EXAMPLE</emphasis> to better match your environment."
8287
8314
msgstr ""
8288
8315
8289
#: serverguide/C/samba.xml:132(para)
8316
#: serverguide/C/windows-networking.xml:132(para)
8290
8317
msgid ""
8291
8318
"Create a new section at the bottom of the file, or uncomment one of the "
8292
8319
"examples, for the directory to be shared:"
8293
8320
msgstr ""
8294
8321
8295
#: serverguide/C/samba.xml:136(programlisting)
8322
#: serverguide/C/windows-networking.xml:136(programlisting)
8296
8323
#, no-wrap
8297
8324
msgid ""
8298
8325
"\n"
8305
8332
" create mask = 0755\n"
8306
8333
msgstr ""
8307
8334
8308
#: serverguide/C/samba.xml:148(para)
8335
#: serverguide/C/windows-networking.xml:148(para)
8309
8336
msgid ""
8310
8337
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8311
8338
"fit your needs."
8312
8339
msgstr ""
8313
8340
8314
#: serverguide/C/samba.xml:153(para)
8341
#: serverguide/C/windows-networking.xml:153(para)
8315
8342
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8316
8343
msgstr ""
8317
8344
8318
#: serverguide/C/samba.xml:156(para)
8345
#: serverguide/C/windows-networking.xml:156(para)
8319
8346
msgid ""
8320
8347
"This example uses <filename>/srv/samba/sharename</filename> because, "
8321
8348
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8326
8353
"adhering to standards is recommended."
8327
8354
msgstr ""
8328
8355
8329
#: serverguide/C/samba.xml:165(para)
8356
#: serverguide/C/windows-networking.xml:165(para)
8330
8357
msgid ""
8331
8358
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8332
8359
"directory using <application>Windows Explorer</application>."
8333
8360
msgstr ""
8334
8361
8335
#: serverguide/C/samba.xml:171(para)
8362
#: serverguide/C/windows-networking.xml:171(para)
8336
8363
msgid ""
8337
8364
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8338
8365
"without supplying a password."
8339
8366
msgstr ""
8340
8367
8341
#: serverguide/C/samba.xml:176(para)
8368
#: serverguide/C/windows-networking.xml:176(para)
8342
8369
msgid ""
8343
8370
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8344
8371
"write privileges are granted. Write privileges are allowed only when the "
8346
8373
"is <emphasis>yes</emphasis>, then access to the share is read only."
8347
8374
msgstr ""
8348
8375
8349
#: serverguide/C/samba.xml:181(para)
8376
#: serverguide/C/windows-networking.xml:181(para)
8350
8377
msgid ""
8351
8378
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8352
8379
"have when created."
8353
8380
msgstr ""
8354
8381
8355
#: serverguide/C/samba.xml:190(para)
8382
#: serverguide/C/windows-networking.xml:190(para)
8356
8383
msgid ""
8357
8384
"Now that <application>Samba</application> is configured, the directory needs "
8358
8385
"to be created and the permissions changed. From a terminal enter:"
8359
8386
msgstr ""
8360
8387
8361
#: serverguide/C/samba.xml:196(command)
8388
#: serverguide/C/windows-networking.xml:196(command)
8362
8389
msgid "sudo mkdir -p /srv/samba/share"
8363
8390
msgstr "sudo mkdir -p /srv/samba/share"
8364
8391
8365
#: serverguide/C/samba.xml:197(command)
8366
msgid "sudo chown nobody.nogroup /srv/samba/share/"
8367
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
8392
#: serverguide/C/windows-networking.xml:197(command)
8393
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8394
msgstr ""
8368
8395
8369
#: serverguide/C/samba.xml:201(para)
8396
#: serverguide/C/windows-networking.xml:201(para)
8370
8397
msgid ""
8371
8398
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8372
8399
"directory tree if it doesn't exist."
8373
8400
msgstr ""
8374
8401
8375
#: serverguide/C/samba.xml:209(para)
8402
#: serverguide/C/windows-networking.xml:209(para)
8376
8403
msgid ""
8377
8404
"Finally, restart the <application>samba</application> services to enable the "
8378
8405
"new configuration:"
8379
8406
msgstr ""
8380
8407
8381
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2504(command)
8408
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8382
8409
msgid "sudo restart smbd"
8383
8410
msgstr "sudo restart smbd"
8384
8411
8385
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2505(command)
8412
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8386
8413
msgid "sudo restart nmbd"
8387
8414
msgstr "sudo restart nmbd"
8388
8415
8389
#: serverguide/C/samba.xml:222(para)
8416
#: serverguide/C/windows-networking.xml:222(para)
8390
8417
msgid ""
8391
8418
"Once again, the above configuration gives all access to any client on the "
8392
8419
"local network. For a more secure configuration see <xref linkend=\"samba-"
8393
8420
"fileprint-security\"/>."
8394
8421
msgstr ""
8395
8422
8396
#: serverguide/C/samba.xml:228(para)
8423
#: serverguide/C/windows-networking.xml:228(para)
8397
8424
msgid ""
8398
8425
"From a Windows client you should now be able to browse to the Ubuntu file "
8399
8426
"server and see the shared directory. If your client doesn't show your share "
8402
8429
"working try creating a directory from Windows."
8403
8430
msgstr ""
8404
8431
8405
#: serverguide/C/samba.xml:232(para)
8432
#: serverguide/C/windows-networking.xml:232(para)
8406
8433
msgid ""
8407
8434
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8408
8435
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8410
8437
"share actually exists and the permissions are correct."
8411
8438
msgstr ""
8412
8439
8413
#: serverguide/C/samba.xml:239(para)
8440
#: serverguide/C/windows-networking.xml:239(para)
8414
8441
msgid ""
8415
8442
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8416
8443
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8420
8447
"<filename>/srv/samba/qa</filename>."
8421
8448
msgstr ""
8422
8449
8423
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8450
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8424
8451
msgid ""
8425
8452
"For in depth Samba configurations see the <ulink "
8426
8453
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8427
8454
"Collection</ulink>"
8428
8455
msgstr ""
8429
8456
8430
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8457
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8431
8458
msgid ""
8432
8459
"The guide is also available in <ulink "
8433
8460
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8434
8461
"format</ulink>."
8435
8462
msgstr ""
8436
8463
8437
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8464
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8438
8465
msgid ""
8439
8466
"O'Reilly's <ulink "
8440
8467
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8441
8468
"another good reference."
8442
8469
msgstr ""
8443
8470
8444
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8471
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8445
8472
msgid ""
8446
8473
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8447
8474
"</ulink> page."
8448
8475
msgstr ""
8449
8476
8450
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8477
#: serverguide/C/network-config.xml:908(para)
8451
8478
msgid "Print Server"
8452
8479
msgstr ""
8453
8480
8454
#: serverguide/C/samba.xml:281(para)
8481
#: serverguide/C/windows-networking.xml:281(para)
8455
8482
msgid ""
8456
8483
"Another common use of Samba is to configure it to share printers installed, "
8457
8484
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8460
8487
"prompting for a username and password."
8461
8488
msgstr ""
8462
8489
8463
#: serverguide/C/samba.xml:287(para)
8490
#: serverguide/C/windows-networking.xml:287(para)
8464
8491
msgid ""
8465
8492
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8466
8493
"security\"/>."
8467
8494
msgstr ""
8468
8495
8469
#: serverguide/C/samba.xml:294(para)
8496
#: serverguide/C/windows-networking.xml:294(para)
8470
8497
msgid ""
8471
8498
"Before installing and configuring Samba it is best to already have a working "
8472
8499
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8473
8500
"for details."
8474
8501
msgstr ""
8475
8502
8476
#: serverguide/C/samba.xml:299(para)
8503
#: serverguide/C/windows-networking.xml:299(para)
8477
8504
msgid ""
8478
8505
"To install the <application>samba</application> package, from a terminal "
8479
8506
"enter:"
8480
8507
msgstr ""
8481
8508
8482
#: serverguide/C/samba.xml:310(para)
8509
#: serverguide/C/windows-networking.xml:310(para)
8483
8510
msgid ""
8484
8511
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8485
8512
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8487
8514
"role=\"italic\">user</emphasis>:"
8488
8515
msgstr ""
8489
8516
8490
#: serverguide/C/samba.xml:322(para)
8517
#: serverguide/C/windows-networking.xml:322(para)
8491
8518
msgid ""
8492
8519
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8493
8520
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8494
8521
msgstr ""
8495
8522
8496
#: serverguide/C/samba.xml:326(programlisting)
8523
#: serverguide/C/windows-networking.xml:326(programlisting)
8497
8524
#, no-wrap
8498
8525
msgid ""
8499
8526
"\n"
8501
8528
" guest ok = yes\n"
8502
8529
msgstr ""
8503
8530
8504
#: serverguide/C/samba.xml:331(para)
8531
#: serverguide/C/windows-networking.xml:331(para)
8505
8532
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8506
8533
msgstr ""
8507
8534
8508
#: serverguide/C/samba.xml:340(para)
8535
#: serverguide/C/windows-networking.xml:340(para)
8509
8536
msgid ""
8510
8537
"The default Samba configuration will automatically share any printers "
8511
8538
"installed. Simply install the printer locally on your Windows clients."
8512
8539
msgstr ""
8513
8540
8514
#: serverguide/C/samba.xml:369(para)
8541
#: serverguide/C/windows-networking.xml:369(para)
8515
8542
msgid ""
8516
8543
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8517
8544
"more information on configuring CUPS."
8521
8548
msgid "Securing File and Print Server"
8522
8549
msgstr ""
8523
8550
8524
#: serverguide/C/samba.xml:386(title)
8551
#: serverguide/C/windows-networking.xml:386(title)
8525
8552
msgid "Samba Security Modes"
8526
8553
msgstr ""
8527
8554
8528
#: serverguide/C/samba.xml:388(para)
8555
#: serverguide/C/windows-networking.xml:388(para)
8529
8556
msgid ""
8530
8557
"There are two security levels available to the Common Internet Filesystem "
8531
8558
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8534
8561
"security and one way to implement share-level:"
8535
8562
msgstr ""
8536
8563
8537
#: serverguide/C/samba.xml:397(para)
8564
#: serverguide/C/windows-networking.xml:397(para)
8538
8565
msgid ""
8539
8566
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8540
8567
"and password to connect to shares. Samba user accounts are separate from "
8542
8569
"will sync system users and passwords with the Samba user database."
8543
8570
msgstr ""
8544
8571
8545
#: serverguide/C/samba.xml:404(para)
8572
#: serverguide/C/windows-networking.xml:404(para)
8546
8573
msgid ""
8547
8574
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8548
8575
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8550
8577
"linkend=\"samba-dc\"/> for further information."
8551
8578
msgstr ""
8552
8579
8553
#: serverguide/C/samba.xml:411(para)
8580
#: serverguide/C/windows-networking.xml:411(para)
8554
8581
msgid ""
8555
8582
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8556
8583
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8557
8584
"integration\"/> for details."
8558
8585
msgstr ""
8559
8586
8560
#: serverguide/C/samba.xml:417(para)
8587
#: serverguide/C/windows-networking.xml:417(para)
8561
8588
msgid ""
8562
8589
"<emphasis>security = server:</emphasis> this mode is left over from before "
8563
8590
"Samba could become a member server, and due to some security issues should "
8566
8593
"of the Samba guide for more details."
8567
8594
msgstr ""
8568
8595
8569
#: serverguide/C/samba.xml:425(para)
8596
#: serverguide/C/windows-networking.xml:425(para)
8570
8597
msgid ""
8571
8598
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8572
8599
"without supplying a username and password."
8573
8600
msgstr ""
8574
8601
8575
#: serverguide/C/samba.xml:432(para)
8602
#: serverguide/C/windows-networking.xml:432(para)
8576
8603
msgid ""
8577
8604
"The security mode you choose will depend on your environment and what you "
8578
8605
"need the Samba server to accomplish."
8579
8606
msgstr ""
8580
8607
8581
#: serverguide/C/samba.xml:438(title)
8608
#: serverguide/C/windows-networking.xml:438(title)
8582
8609
msgid "Security = User"
8583
8610
msgstr "Безбедност = Корисник"
8584
8611
8585
#: serverguide/C/samba.xml:440(para)
8612
#: serverguide/C/windows-networking.xml:440(para)
8586
8613
msgid ""
8587
8614
"This section will reconfigure the Samba file and print server, from <xref "
8588
8615
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8589
8616
"require authentication."
8590
8617
msgstr ""
8591
8618
8592
#: serverguide/C/samba.xml:445(para)
8619
#: serverguide/C/windows-networking.xml:445(para)
8593
8620
msgid ""
8594
8621
"First, install the <application>libpam-smbpass</application> package which "
8595
8622
"will sync the system users to the Samba user database:"
8596
8623
msgstr ""
8597
8624
8598
#: serverguide/C/samba.xml:451(command)
8625
#: serverguide/C/windows-networking.xml:451(command)
8599
8626
msgid "sudo apt-get install libpam-smbpass"
8600
8627
msgstr ""
8601
8628
8602
#: serverguide/C/samba.xml:455(para)
8629
#: serverguide/C/windows-networking.xml:455(para)
8603
8630
msgid ""
8604
8631
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8605
8632
"<application>libpam-smbpass</application> is already installed."
8606
8633
msgstr ""
8607
8634
8608
#: serverguide/C/samba.xml:461(para)
8635
#: serverguide/C/windows-networking.xml:461(para)
8609
8636
msgid ""
8610
8637
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8611
8638
"<emphasis>[share]</emphasis> section change:"
8612
8639
msgstr ""
8613
8640
8614
#: serverguide/C/samba.xml:465(programlisting)
8641
#: serverguide/C/windows-networking.xml:465(programlisting)
8615
8642
#, no-wrap
8616
8643
msgid ""
8617
8644
"\n"
8618
8645
" guest ok = no\n"
8619
8646
msgstr ""
8620
8647
8621
#: serverguide/C/samba.xml:469(para)
8648
#: serverguide/C/windows-networking.xml:469(para)
8622
8649
msgid "Finally, restart Samba for the new settings to take effect:"
8623
8650
msgstr ""
8624
8651
8625
#: serverguide/C/samba.xml:478(para)
8652
#: serverguide/C/windows-networking.xml:478(para)
8626
8653
msgid ""
8627
8654
"Now when connecting to the shared directories or printers you should be "
8628
8655
"prompted for a username and password."
8629
8656
msgstr ""
8630
8657
8631
#: serverguide/C/samba.xml:483(para)
8658
#: serverguide/C/windows-networking.xml:483(para)
8632
8659
msgid ""
8633
8660
"If you choose to map a network drive to the share you can check the "
8634
8661
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8635
8662
"enter the username and password once, at least until the password changes."
8636
8663
msgstr ""
8637
8664
8638
#: serverguide/C/samba.xml:491(title)
8665
#: serverguide/C/windows-networking.xml:491(title)
8639
8666
msgid "Share Security"
8640
8667
msgstr ""
8641
8668
8642
#: serverguide/C/samba.xml:493(para)
8669
#: serverguide/C/windows-networking.xml:493(para)
8643
8670
msgid ""
8644
8671
"There are several options available to increase the security for each "
8645
8672
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8646
8673
"this section will cover some common options."
8647
8674
msgstr ""
8648
8675
8649
#: serverguide/C/samba.xml:499(title)
8676
#: serverguide/C/windows-networking.xml:499(title)
8650
8677
msgid "Groups"
8651
8678
msgstr ""
8652
8679
8653
#: serverguide/C/samba.xml:501(para)
8680
#: serverguide/C/windows-networking.xml:501(para)
8654
8681
msgid ""
8655
8682
"Groups define a collection of computers or users which have a common level "
8656
8683
"of access to particular network resources and offer a level of granularity "
8672
8699
"have only access to resources explicitly allowing the group they are part of."
8673
8700
msgstr ""
8674
8701
8675
#: serverguide/C/samba.xml:515(para)
8702
#: serverguide/C/windows-networking.xml:515(para)
8676
8703
msgid ""
8677
8704
"By default Samba looks for the local system groups defined in "
8678
8705
"<filename>/etc/group</filename> to determine which users belong to which "
8680
8707
"<xref linkend=\"adding-deleting-users\"/>."
8681
8708
msgstr ""
8682
8709
8683
#: serverguide/C/samba.xml:521(para)
8710
#: serverguide/C/windows-networking.xml:521(para)
8684
8711
msgid ""
8685
8712
"When defining groups in the Samba configuration file, "
8686
8713
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8691
8718
"role=\"bold\">@sysadmin</emphasis>."
8692
8719
msgstr ""
8693
8720
8694
#: serverguide/C/samba.xml:530(title)
8721
#: serverguide/C/windows-networking.xml:530(title)
8695
8722
msgid "File Permissions"
8696
8723
msgstr ""
8697
8724
8698
#: serverguide/C/samba.xml:532(para)
8725
#: serverguide/C/windows-networking.xml:532(para)
8699
8726
msgid ""
8700
8727
"File Permissions define the explicit rights a computer or user has to a "
8701
8728
"particular directory, file, or set of files. Such permissions may be defined "
8703
8730
"the explicit permissions of a defined file share."
8704
8731
msgstr ""
8705
8732
8706
#: serverguide/C/samba.xml:538(para)
8733
#: serverguide/C/windows-networking.xml:538(para)
8707
8734
msgid ""
8708
8735
"For example, if you have defined a Samba share called "
8709
8736
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8715
8742
"under the <emphasis>[share]</emphasis> entry:"
8716
8743
msgstr ""
8717
8744
8718
#: serverguide/C/samba.xml:547(programlisting)
8745
#: serverguide/C/windows-networking.xml:547(programlisting)
8719
8746
#, no-wrap
8720
8747
msgid ""
8721
8748
"\n"
8723
8750
" write list = @sysadmin, vincent\n"
8724
8751
msgstr ""
8725
8752
8726
#: serverguide/C/samba.xml:552(para)
8753
#: serverguide/C/windows-networking.xml:552(para)
8727
8754
msgid ""
8728
8755
"Another possible Samba permission is to declare "
8729
8756
"<emphasis>administrative</emphasis> permissions to a particular shared "
8732
8759
"administrative permissions to."
8733
8760
msgstr ""
8734
8761
8735
#: serverguide/C/samba.xml:558(para)
8762
#: serverguide/C/windows-networking.xml:558(para)
8736
8763
msgid ""
8737
8764
"For example, if you wanted to give the user <emphasis "
8738
8765
"role=\"italic\">melissa</emphasis> administrative permissions to the "
8741
8768
"under the <emphasis>[share]</emphasis> entry:"
8742
8769
msgstr ""
8743
8770
8744
#: serverguide/C/samba.xml:565(programlisting)
8771
#: serverguide/C/windows-networking.xml:565(programlisting)
8745
8772
#, no-wrap
8746
8773
msgid ""
8747
8774
"\n"
8748
8775
" admin users = melissa\n"
8749
8776
msgstr ""
8750
8777
8751
#: serverguide/C/samba.xml:569(para)
8778
#: serverguide/C/windows-networking.xml:569(para)
8752
8779
msgid ""
8753
8780
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
8754
8781
"the changes to take effect:"
8755
8782
msgstr ""
8756
8783
8757
#: serverguide/C/samba.xml:579(para)
8784
#: serverguide/C/windows-networking.xml:579(para)
8758
8785
msgid ""
8759
8786
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
8760
8787
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
8761
8788
"<emphasis role=\"italic\">security = share</emphasis>"
8762
8789
msgstr ""
8763
8790
8764
#: serverguide/C/samba.xml:585(para)
8791
#: serverguide/C/windows-networking.xml:585(para)
8765
8792
msgid ""
8766
8793
"Now that Samba has been configured to limit which groups have access to the "
8767
8794
"shared directory, the filesystem permissions need to be updated."
8768
8795
msgstr ""
8769
8796
8770
#: serverguide/C/samba.xml:590(para)
8797
#: serverguide/C/windows-networking.xml:590(para)
8771
8798
msgid ""
8772
8799
"Traditional Linux file permissions do not map well to Windows NT Access "
8773
8800
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
8776
8803
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
8777
8804
msgstr ""
8778
8805
8779
#: serverguide/C/samba.xml:597(programlisting)
8806
#: serverguide/C/windows-networking.xml:597(programlisting)
8780
8807
#, no-wrap
8781
8808
msgid ""
8782
8809
"\n"
8784
8811
"0 1\n"
8785
8812
msgstr ""
8786
8813
8787
#: serverguide/C/samba.xml:601(para)
8814
#: serverguide/C/windows-networking.xml:601(para)
8788
8815
msgid "Then remount the partition:"
8789
8816
msgstr ""
8790
8817
8791
#: serverguide/C/samba.xml:606(command)
8818
#: serverguide/C/windows-networking.xml:606(command)
8792
8819
msgid "sudo mount -v -o remount /srv"
8793
8820
msgstr ""
8794
8821
8795
#: serverguide/C/samba.xml:610(para)
8822
#: serverguide/C/windows-networking.xml:610(para)
8796
8823
msgid ""
8797
8824
"The above example assumes <filename>/srv</filename> on a separate partition. "
8798
8825
"If <filename>/srv</filename>, or wherever you have configured your share "
8800
8827
"required."
8801
8828
msgstr ""
8802
8829
8803
#: serverguide/C/samba.xml:617(para)
8830
#: serverguide/C/windows-networking.xml:617(para)
8804
8831
msgid ""
8805
8832
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
8806
8833
"group will be given read, write, and execute permissions to "
8809
8836
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
8810
8837
msgstr ""
8811
8838
8812
#: serverguide/C/samba.xml:625(command)
8839
#: serverguide/C/windows-networking.xml:625(command)
8813
8840
msgid "sudo chown -R melissa /srv/samba/share/"
8814
8841
msgstr ""
8815
8842
8816
#: serverguide/C/samba.xml:626(command)
8843
#: serverguide/C/windows-networking.xml:626(command)
8817
8844
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
8818
8845
msgstr ""
8819
8846
8820
#: serverguide/C/samba.xml:627(command)
8847
#: serverguide/C/windows-networking.xml:627(command)
8821
8848
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
8822
8849
msgstr ""
8823
8850
8824
#: serverguide/C/samba.xml:631(para)
8851
#: serverguide/C/windows-networking.xml:631(para)
8825
8852
msgid ""
8826
8853
"The <application>setfacl</application> command above gives "
8827
8854
"<emphasis>execute</emphasis> permissions to all files in the "
8829
8856
"want."
8830
8857
msgstr ""
8831
8858
8832
#: serverguide/C/samba.xml:637(para)
8859
#: serverguide/C/windows-networking.xml:637(para)
8833
8860
msgid ""
8834
8861
"Now from a Windows client you should notice the new file permissions are "
8835
8862
"implemented. See the <application>acl</application> and "
8837
8864
"ACLs."
8838
8865
msgstr ""
8839
8866
8840
#: serverguide/C/samba.xml:645(title)
8867
#: serverguide/C/windows-networking.xml:645(title)
8841
8868
msgid "Samba AppArmor Profile"
8842
8869
msgstr ""
8843
8870
8844
#: serverguide/C/samba.xml:647(para)
8871
#: serverguide/C/windows-networking.xml:647(para)
8845
8872
msgid ""
8846
8873
"Ubuntu comes with the <application>AppArmor</application> security module, "
8847
8874
"which provides mandatory access controls. The default AppArmor profile for "
8849
8876
"using AppArmor see <xref linkend=\"apparmor\"/>."
8850
8877
msgstr ""
8851
8878
8852
#: serverguide/C/samba.xml:653(para)
8879
#: serverguide/C/windows-networking.xml:653(para)
8853
8880
msgid ""
8854
8881
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
8855
8882
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
8857
8884
"package, from a terminal prompt enter:"
8858
8885
msgstr ""
8859
8886
8860
#: serverguide/C/samba.xml:660(command)
8887
#: serverguide/C/windows-networking.xml:660(command)
8861
8888
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
8862
8889
msgstr ""
8863
8890
8864
#: serverguide/C/samba.xml:664(para)
8891
#: serverguide/C/windows-networking.xml:664(para)
8865
8892
msgid "This package contains profiles for several other binaries."
8866
8893
msgstr ""
8867
8894
8868
#: serverguide/C/samba.xml:669(para)
8895
#: serverguide/C/windows-networking.xml:669(para)
8869
8896
msgid ""
8870
8897
"By default the profiles for <application>smbd</application> and "
8871
8898
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
8875
8902
"profile will need to be modified to reflect any directories that are shared."
8876
8903
msgstr ""
8877
8904
8878
#: serverguide/C/samba.xml:676(para)
8905
#: serverguide/C/windows-networking.xml:676(para)
8879
8906
msgid ""
8880
8907
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
8881
8908
"for <emphasis>[share]</emphasis> from the file server example:"
8882
8909
msgstr ""
8883
8910
8884
#: serverguide/C/samba.xml:681(programlisting)
8911
#: serverguide/C/windows-networking.xml:681(programlisting)
8885
8912
#, no-wrap
8886
8913
msgid ""
8887
8914
"\n"
8889
8916
" /srv/samba/share/** rwkix,\n"
8890
8917
msgstr ""
8891
8918
8892
#: serverguide/C/samba.xml:686(para)
8919
#: serverguide/C/windows-networking.xml:686(para)
8893
8920
msgid ""
8894
8921
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
8895
8922
msgstr ""
8896
8923
8897
#: serverguide/C/samba.xml:691(command)
8924
#: serverguide/C/windows-networking.xml:691(command)
8898
8925
msgid "sudo aa-enforce /usr/sbin/smbd"
8899
8926
msgstr ""
8900
8927
8901
#: serverguide/C/samba.xml:692(command)
8928
#: serverguide/C/windows-networking.xml:692(command)
8902
8929
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
8903
8930
msgstr ""
8904
8931
8905
#: serverguide/C/samba.xml:695(para)
8932
#: serverguide/C/windows-networking.xml:695(para)
8906
8933
msgid ""
8907
8934
"You should now be able to read, write, and execute files in the shared "
8908
8935
"directory as normal, and the <application>smbd</application> binary will "
8911
8938
"will be logged to <filename>/var/log/syslog</filename>."
8912
8939
msgstr ""
8913
8940
8914
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
8941
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
8915
8942
msgid ""
8916
8943
"O'Reilly's <ulink "
8917
8944
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8918
8945
"also a good reference."
8919
8946
msgstr ""
8920
8947
8921
#: serverguide/C/samba.xml:726(para)
8948
#: serverguide/C/windows-networking.xml:726(para)
8922
8949
msgid ""
8923
8950
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
8924
8951
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
8925
8952
"security."
8926
8953
msgstr ""
8927
8954
8928
#: serverguide/C/samba.xml:732(para)
8955
#: serverguide/C/windows-networking.xml:732(para)
8929
8956
msgid ""
8930
8957
"For more information on Samba and ACLs see the <ulink "
8931
8958
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
8936
8963
msgid "As a Domain Controller"
8937
8964
msgstr ""
8938
8965
8939
#: serverguide/C/samba.xml:750(para)
8966
#: serverguide/C/windows-networking.xml:750(para)
8940
8967
msgid ""
8941
8968
"Although it cannot act as an Active Directory Primary Domain Controller "
8942
8969
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
8945
8972
"backends to store the user information."
8946
8973
msgstr ""
8947
8974
8948
#: serverguide/C/samba.xml:757(title)
8975
#: serverguide/C/windows-networking.xml:757(title)
8949
8976
msgid "Primary Domain Controller"
8950
8977
msgstr ""
8951
8978
8952
#: serverguide/C/samba.xml:759(para)
8979
#: serverguide/C/windows-networking.xml:759(para)
8953
8980
msgid ""
8954
8981
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
8955
8982
"using the default smbpasswd backend."
8956
8983
msgstr ""
8957
8984
8958
#: serverguide/C/samba.xml:766(para)
8985
#: serverguide/C/windows-networking.xml:766(para)
8959
8986
msgid ""
8960
8987
"First, install Samba, and <application>libpam-smbpass</application> to sync "
8961
8988
"the user accounts, by entering the following in a terminal prompt:"
8962
8989
msgstr ""
8963
8990
8964
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
8991
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
8965
8992
msgid "sudo apt-get install samba libpam-smbpass"
8966
8993
msgstr ""
8967
8994
8968
#: serverguide/C/samba.xml:778(para)
8995
#: serverguide/C/windows-networking.xml:778(para)
8969
8996
msgid ""
8970
8997
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
8971
8998
"The <emphasis>security</emphasis> mode should be set to <emphasis "
8973
9000
"should relate to your organization:"
8974
9001
msgstr ""
8975
9002
8976
#: serverguide/C/samba.xml:793(para)
9003
#: serverguide/C/windows-networking.xml:793(para)
8977
9004
msgid ""
8978
9005
"In the commented <quote>Domains</quote> section add or uncomment the "
8979
9006
"following (the last line has been split to fit the format of this document):"
8980
9007
msgstr ""
8981
9008
8982
#: serverguide/C/samba.xml:797(programlisting)
9009
#: serverguide/C/windows-networking.xml:797(programlisting)
8983
9010
#, no-wrap
8984
9011
msgid ""
8985
9012
"\n"
8992
9019
" /var/lib/samba -s /bin/false %u\n"
8993
9020
msgstr ""
8994
9021
8995
#: serverguide/C/samba.xml:808(para)
9022
#: serverguide/C/windows-networking.xml:808(para)
8996
9023
msgid ""
8997
9024
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
8998
9025
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
8999
9026
"commented."
9000
9027
msgstr ""
9001
9028
9002
#: serverguide/C/samba.xml:816(para)
9029
#: serverguide/C/windows-networking.xml:816(para)
9003
9030
msgid ""
9004
9031
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
9005
9032
"Samba to act as a domain controller."
9006
9033
msgstr ""
9007
9034
9008
#: serverguide/C/samba.xml:821(para)
9035
#: serverguide/C/windows-networking.xml:821(para)
9009
9036
msgid ""
9010
9037
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9011
9038
"their home directory. It is also possible to configure a "
9013
9040
"directory."
9014
9041
msgstr ""
9015
9042
9016
#: serverguide/C/samba.xml:827(para)
9043
#: serverguide/C/windows-networking.xml:827(para)
9017
9044
msgid ""
9018
9045
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9019
9046
msgstr ""
9020
9047
9021
#: serverguide/C/samba.xml:832(para)
9048
#: serverguide/C/windows-networking.xml:832(para)
9022
9049
msgid ""
9023
9050
"<emphasis>logon home:</emphasis> specifies the home directory location."
9024
9051
msgstr ""
9025
9052
9026
#: serverguide/C/samba.xml:837(para)
9053
#: serverguide/C/windows-networking.xml:837(para)
9027
9054
msgid ""
9028
9055
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9029
9056
"once a user has logged in. The script needs to be placed in the "
9030
9057
"<emphasis>[netlogon]</emphasis> share."
9031
9058
msgstr ""
9032
9059
9033
#: serverguide/C/samba.xml:843(para)
9060
#: serverguide/C/windows-networking.xml:843(para)
9034
9061
msgid ""
9035
9062
"<emphasis>add machine script:</emphasis> a script that will automatically "
9036
9063
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9037
9064
"workstation to join the domain."
9038
9065
msgstr ""
9039
9066
9040
#: serverguide/C/samba.xml:847(para)
9067
#: serverguide/C/windows-networking.xml:847(para)
9041
9068
msgid ""
9042
9069
"In this example the <emphasis>machines</emphasis> group will need to be "
9043
9070
"created using the <application>addgroup</application> utility see <xref "
9044
9071
"linkend=\"adding-deleting-users\"/> for details."
9045
9072
msgstr ""
9046
9073
9047
#: serverguide/C/samba.xml:858(para)
9074
#: serverguide/C/windows-networking.xml:858(para)
9048
9075
msgid ""
9049
9076
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9050
9077
"role=\"italic\">logon home</emphasis> to be mapped:"
9051
9078
msgstr ""
9052
9079
9053
#: serverguide/C/samba.xml:863(programlisting)
9080
#: serverguide/C/windows-networking.xml:863(programlisting)
9054
9081
#, no-wrap
9055
9082
msgid ""
9056
9083
"\n"
9063
9090
" valid users = %S\n"
9064
9091
msgstr ""
9065
9092
9066
#: serverguide/C/samba.xml:876(para)
9093
#: serverguide/C/windows-networking.xml:876(para)
9067
9094
msgid ""
9068
9095
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9069
9096
"share needs to be configured. To enable the share, uncomment:"
9070
9097
msgstr ""
9071
9098
9072
#: serverguide/C/samba.xml:881(programlisting)
9099
#: serverguide/C/windows-networking.xml:881(programlisting)
9073
9100
#, no-wrap
9074
9101
msgid ""
9075
9102
"\n"
9081
9108
" share modes = no\n"
9082
9109
msgstr ""
9083
9110
9084
#: serverguide/C/samba.xml:891(para)
9111
#: serverguide/C/windows-networking.xml:891(para)
9085
9112
msgid ""
9086
9113
"The original <emphasis>netlogon</emphasis> share path is "
9087
9114
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9090
9117
"location for site-specific data provided by the system."
9091
9118
msgstr ""
9092
9119
9093
#: serverguide/C/samba.xml:902(para)
9120
#: serverguide/C/windows-networking.xml:902(para)
9094
9121
msgid ""
9095
9122
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9096
9123
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9097
9124
msgstr ""
9098
9125
9099
#: serverguide/C/samba.xml:908(command)
9126
#: serverguide/C/windows-networking.xml:908(command)
9100
9127
msgid "sudo mkdir -p /srv/samba/netlogon"
9101
9128
msgstr ""
9102
9129
9103
#: serverguide/C/samba.xml:909(command)
9130
#: serverguide/C/windows-networking.xml:909(command)
9104
9131
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9105
9132
msgstr ""
9106
9133
9107
#: serverguide/C/samba.xml:912(para)
9134
#: serverguide/C/windows-networking.xml:912(para)
9108
9135
msgid ""
9109
9136
"You can enter any normal Windows logon script commands in "
9110
9137
"<filename>logon.cmd</filename> to customize the client's environment."
9111
9138
msgstr ""
9112
9139
9113
#: serverguide/C/samba.xml:920(para)
9140
#: serverguide/C/windows-networking.xml:920(para)
9114
9141
msgid "Restart Samba to enable the new domain controller:"
9115
9142
msgstr ""
9116
9143
9117
#: serverguide/C/samba.xml:932(para)
9144
#: serverguide/C/windows-networking.xml:932(para)
9118
9145
msgid ""
9119
9146
"Lastly, there are a few additional commands needed to setup the appropriate "
9120
9147
"rights."
9121
9148
msgstr ""
9122
9149
9123
#: serverguide/C/samba.xml:936(para)
9150
#: serverguide/C/windows-networking.xml:936(para)
9124
9151
msgid ""
9125
9152
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9126
9153
"workstation to the domain, a system group needs to be mapped to the Windows "
9128
9155
"<application>net</application> utility, from a terminal enter:"
9129
9156
msgstr ""
9130
9157
9131
#: serverguide/C/samba.xml:943(command)
9158
#: serverguide/C/windows-networking.xml:943(command)
9132
9159
msgid ""
9133
9160
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9134
9161
"type=d"
9135
9162
msgstr ""
9136
9163
9137
#: serverguide/C/samba.xml:947(para)
9164
#: serverguide/C/windows-networking.xml:947(para)
9138
9165
msgid ""
9139
9166
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9140
9167
"prefer. Also, the user used to join the domain needs to be a member of the "
9143
9170
"allows <application>sudo</application> use."
9144
9171
msgstr ""
9145
9172
9146
#: serverguide/C/samba.xml:953(para)
9173
#: serverguide/C/windows-networking.xml:953(para)
9147
9174
msgid ""
9148
9175
"If the user does not have Samba credentials yet, you can add them with the "
9149
9176
"<application>smbpasswd</application> utility, change the "
9152
9179
"</screen>"
9153
9180
msgstr ""
9154
9181
9155
#: serverguide/C/samba.xml:963(para)
9182
#: serverguide/C/windows-networking.xml:963(para)
9156
9183
msgid ""
9157
9184
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9158
9185
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9159
9186
"(and other admin functions) to work. This is achieved by executing:"
9160
9187
msgstr ""
9161
9188
9162
#: serverguide/C/samba.xml:968(command)
9189
#: serverguide/C/windows-networking.xml:968(command)
9163
9190
msgid ""
9164
9191
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9165
9192
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9166
9193
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9167
9194
msgstr ""
9168
9195
9169
#: serverguide/C/samba.xml:976(para)
9196
#: serverguide/C/windows-networking.xml:976(para)
9170
9197
msgid ""
9171
9198
"You should now be able to join Windows clients to the Domain in the same "
9172
9199
"manner as joining them to an NT4 domain running on a Windows server."
9173
9200
msgstr ""
9174
9201
9175
#: serverguide/C/samba.xml:986(title)
9202
#: serverguide/C/windows-networking.xml:986(title)
9176
9203
msgid "Backup Domain Controller"
9177
9204
msgstr ""
9178
9205
9179
#: serverguide/C/samba.xml:988(para)
9206
#: serverguide/C/windows-networking.xml:988(para)
9180
9207
msgid ""
9181
9208
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9182
9209
"Backup Domain Controller (BDC) as well. This will allow clients to "
9183
9210
"authenticate in case the PDC becomes unavailable."
9184
9211
msgstr ""
9185
9212
9186
#: serverguide/C/samba.xml:993(para)
9213
#: serverguide/C/windows-networking.xml:993(para)
9187
9214
msgid ""
9188
9215
"When configuring Samba as a BDC you need a way to sync account information "
9189
9216
"with the PDC. There are multiple ways of accomplishing this "
9192
9219
"backend</emphasis>."
9193
9220
msgstr ""
9194
9221
9195
#: serverguide/C/samba.xml:999(para)
9222
#: serverguide/C/windows-networking.xml:999(para)
9196
9223
msgid ""
9197
9224
"Using LDAP is the most robust way to sync account information, because both "
9198
9225
"domain controllers can use the same information in real time. However, "
9200
9227
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9201
9228
msgstr ""
9202
9229
9203
#: serverguide/C/samba.xml:1008(para)
9230
#: serverguide/C/windows-networking.xml:1008(para)
9204
9231
msgid ""
9205
9232
"First, install <application>samba</application> and <application>libpam-"
9206
9233
"smbpass</application>. From a terminal enter:"
9207
9234
msgstr ""
9208
9235
9209
#: serverguide/C/samba.xml:1019(para)
9236
#: serverguide/C/windows-networking.xml:1019(para)
9210
9237
msgid ""
9211
9238
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9212
9239
"following in the <emphasis>[global]</emphasis>:"
9213
9240
msgstr ""
9214
9241
9215
#: serverguide/C/samba.xml:1032(para)
9242
#: serverguide/C/windows-networking.xml:1032(para)
9216
9243
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9217
9244
msgstr ""
9218
9245
9219
#: serverguide/C/samba.xml:1036(programlisting)
9246
#: serverguide/C/windows-networking.xml:1036(programlisting)
9220
9247
#, no-wrap
9221
9248
msgid ""
9222
9249
"\n"
9224
9251
" domain master = no\n"
9225
9252
msgstr ""
9226
9253
9227
#: serverguide/C/samba.xml:1044(para)
9254
#: serverguide/C/windows-networking.xml:1044(para)
9228
9255
msgid ""
9229
9256
"Make sure a user has rights to read the files in "
9230
9257
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9232
9259
"files, enter:"
9233
9260
msgstr ""
9234
9261
9235
#: serverguide/C/samba.xml:1050(command)
9262
#: serverguide/C/windows-networking.xml:1050(command)
9236
9263
msgid "sudo chgrp -R admin /var/lib/samba"
9237
9264
msgstr ""
9238
9265
9239
#: serverguide/C/samba.xml:1056(para)
9266
#: serverguide/C/windows-networking.xml:1056(para)
9240
9267
msgid ""
9241
9268
"Next, sync the user accounts, using <application>scp</application> to copy "
9242
9269
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9243
9270
msgstr ""
9244
9271
9245
#: serverguide/C/samba.xml:1062(command)
9272
#: serverguide/C/windows-networking.xml:1062(command)
9246
9273
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9247
9274
msgstr ""
9248
9275
9249
#: serverguide/C/samba.xml:1066(para)
9276
#: serverguide/C/windows-networking.xml:1066(para)
9250
9277
msgid ""
9251
9278
"Replace <emphasis>username</emphasis> with a valid username and "
9252
9279
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9253
9280
msgstr ""
9254
9281
9255
#: serverguide/C/samba.xml:1075(para)
9282
#: serverguide/C/windows-networking.xml:1075(para)
9256
9283
msgid "Finally, restart <application>samba</application>:"
9257
9284
msgstr ""
9258
9285
9259
#: serverguide/C/samba.xml:1087(para)
9286
#: serverguide/C/windows-networking.xml:1087(para)
9260
9287
msgid ""
9261
9288
"You can test that your Backup Domain controller is working by stopping the "
9262
9289
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9263
9290
"the domain."
9264
9291
msgstr ""
9265
9292
9266
#: serverguide/C/samba.xml:1092(para)
9293
#: serverguide/C/windows-networking.xml:1092(para)
9267
9294
msgid ""
9268
9295
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9269
9296
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9272
9299
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9273
9300
msgstr ""
9274
9301
9275
#: serverguide/C/samba.xml:1122(para)
9302
#: serverguide/C/windows-networking.xml:1122(para)
9276
9303
msgid ""
9277
9304
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9278
9305
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9279
9306
"up a Primary Domain Controller."
9280
9307
msgstr ""
9281
9308
9282
#: serverguide/C/samba.xml:1128(para)
9309
#: serverguide/C/windows-networking.xml:1128(para)
9283
9310
msgid ""
9284
9311
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9285
9312
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9290
9317
msgid "Active Directory Integration"
9291
9318
msgstr ""
9292
9319
9293
#: serverguide/C/samba.xml:1146(title)
9320
#: serverguide/C/windows-networking.xml:1146(title)
9294
9321
msgid "Accessing a Samba Share"
9295
9322
msgstr ""
9296
9323
9297
#: serverguide/C/samba.xml:1148(para)
9324
#: serverguide/C/windows-networking.xml:1148(para)
9298
9325
msgid ""
9299
9326
"Another, use for Samba is to integrate into an existing Windows network. "
9300
9327
"Once part of an Active Directory domain, Samba can provide file and print "
9310
9337
"Likewise Open documentation</ulink>."
9311
9338
msgstr ""
9312
9339
9313
#: serverguide/C/samba.xml:1159(para)
9340
#: serverguide/C/windows-networking.xml:1159(para)
9314
9341
msgid ""
9315
9342
"Once part of the Active Directory domain, enter the following command in the "
9316
9343
"terminal prompt:"
9317
9344
msgstr ""
9318
9345
9319
#: serverguide/C/samba.xml:1164(command)
9346
#: serverguide/C/windows-networking.xml:1164(command)
9320
9347
msgid "sudo apt-get install samba smbfs smbclient"
9321
9348
msgstr ""
9322
9349
9323
#: serverguide/C/samba.xml:1167(para)
9350
#: serverguide/C/windows-networking.xml:1167(para)
9324
9351
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9325
9352
msgstr ""
9326
9353
9327
#: serverguide/C/samba.xml:1171(programlisting)
9354
#: serverguide/C/windows-networking.xml:1171(programlisting)
9328
9355
#, no-wrap
9329
9356
msgid ""
9330
9357
"\n"
9338
9365
" idmap gid = 50-9999999999\n"
9339
9366
msgstr ""
9340
9367
9341
#: serverguide/C/samba.xml:1182(para)
9368
#: serverguide/C/windows-networking.xml:1182(para)
9342
9369
msgid ""
9343
9370
"Restart <application>samba</application> for the new settings to take effect:"
9344
9371
msgstr ""
9345
9372
9346
#: serverguide/C/samba.xml:1191(para)
9373
#: serverguide/C/windows-networking.xml:1191(para)
9347
9374
msgid ""
9348
9375
"You should now be able to access any <application>Samba</application> shares "
9349
9376
"from a Windows client. However, be sure to give the appropriate AD users or "
9351
9378
"security\"/> for more details."
9352
9379
msgstr ""
9353
9380
9354
#: serverguide/C/samba.xml:1199(title)
9381
#: serverguide/C/windows-networking.xml:1199(title)
9355
9382
msgid "Accessing a Windows Share"
9356
9383
msgstr ""
9357
9384
9358
#: serverguide/C/samba.xml:1201(para)
9385
#: serverguide/C/windows-networking.xml:1201(para)
9359
9386
msgid ""
9360
9387
"Now that the Samba server is part of the Active Directory domain you can "
9361
9388
"access any Windows server shares:"
9362
9389
msgstr ""
9363
9390
9364
#: serverguide/C/samba.xml:1208(para)
9391
#: serverguide/C/windows-networking.xml:1208(para)
9365
9392
msgid ""
9366
9393
"To mount a Windows file share enter the following in a terminal prompt:"
9367
9394
msgstr ""
9368
9395
9369
#: serverguide/C/samba.xml:1212(command)
9396
#: serverguide/C/windows-networking.xml:1212(command)
9370
9397
msgid "mount.cifs //fs01.example.com/share mount_point"
9371
9398
msgstr ""
9372
9399
9373
#: serverguide/C/samba.xml:1215(para)
9400
#: serverguide/C/windows-networking.xml:1215(para)
9374
9401
msgid ""
9375
9402
"It is also possible to access shares on computers not part of an AD domain, "
9376
9403
"but a username and password will need to be provided."
9377
9404
msgstr ""
9378
9405
9379
#: serverguide/C/samba.xml:1223(para)
9406
#: serverguide/C/windows-networking.xml:1223(para)
9380
9407
msgid ""
9381
9408
"To mount the share during boot place an entry in "
9382
9409
"<filename>/etc/fstab</filename>, for example:"
9383
9410
msgstr ""
9384
9411
9385
#: serverguide/C/samba.xml:1227(programlisting)
9412
#: serverguide/C/windows-networking.xml:1227(programlisting)
9386
9413
#, no-wrap
9387
9414
msgid ""
9388
9415
"\n"
9390
9417
"0 0\n"
9391
9418
msgstr ""
9392
9419
9393
#: serverguide/C/samba.xml:1234(para)
9420
#: serverguide/C/windows-networking.xml:1234(para)
9394
9421
msgid ""
9395
9422
"Another way to copy files from a Windows server is to use the "
9396
9423
"<application>smbclient</application> utility. To list the files in a Windows "
9397
9424
"share:"
9398
9425
msgstr ""
9399
9426
9400
#: serverguide/C/samba.xml:1240(command)
9427
#: serverguide/C/windows-networking.xml:1240(command)
9401
9428
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9402
9429
msgstr ""
9403
9430
9404
#: serverguide/C/samba.xml:1246(para)
9431
#: serverguide/C/windows-networking.xml:1246(para)
9405
9432
msgid "To copy a file from the share, enter:"
9406
9433
msgstr ""
9407
9434
9408
#: serverguide/C/samba.xml:1251(command)
9435
#: serverguide/C/windows-networking.xml:1251(command)
9409
9436
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9410
9437
msgstr ""
9411
9438
9412
#: serverguide/C/samba.xml:1254(para)
9439
#: serverguide/C/windows-networking.xml:1254(para)
9413
9440
msgid ""
9414
9441
"This will copy the <filename>file.txt</filename> into the current directory."
9415
9442
msgstr ""
9416
9443
9417
#: serverguide/C/samba.xml:1261(para)
9444
#: serverguide/C/windows-networking.xml:1261(para)
9418
9445
msgid "And to copy a file to the share:"
9419
9446
msgstr ""
9420
9447
9421
#: serverguide/C/samba.xml:1266(command)
9448
#: serverguide/C/windows-networking.xml:1266(command)
9422
9449
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9423
9450
msgstr ""
9424
9451
9425
#: serverguide/C/samba.xml:1269(para)
9452
#: serverguide/C/windows-networking.xml:1269(para)
9426
9453
msgid ""
9427
9454
"This will copy the <filename>/etc/hosts</filename> to "
9428
9455
"<filename>//fs01.example.com/share/hosts</filename>."
9429
9456
msgstr ""
9430
9457
9431
#: serverguide/C/samba.xml:1276(para)
9458
#: serverguide/C/windows-networking.xml:1276(para)
9432
9459
msgid ""
9433
9460
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9434
9461
"<application>smbclient</application> command all at once. This is useful for "
9437
9464
"and directory commands, simply execute:"
9438
9465
msgstr ""
9439
9466
9440
#: serverguide/C/samba.xml:1283(command)
9467
#: serverguide/C/windows-networking.xml:1283(command)
9441
9468
msgid "smbclient //fs01.example.com/share -k"
9442
9469
msgstr ""
9443
9470
9444
#: serverguide/C/samba.xml:1290(para)
9471
#: serverguide/C/windows-networking.xml:1290(para)
9445
9472
msgid ""
9446
9473
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9447
9474
"<emphasis>//192.168.0.5/share</emphasis>, "
9788
9815
"<application>Zentyal</application>."
9789
9816
msgstr ""
9790
9817
9791
#: serverguide/C/remote-administration.xml:16(title)
9818
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
9792
9819
msgid "OpenSSH Server"
9793
9820
msgstr ""
9794
9821
9980
10007
msgstr ""
9981
10008
9982
10009
#: serverguide/C/remote-administration.xml:170(command)
9983
msgid "ssh-keygen -t dsa"
10010
msgid "ssh-keygen -t rsa"
9984
10011
msgstr ""
9985
10012
9986
10013
#: serverguide/C/remote-administration.xml:172(para)
9987
10014
msgid ""
9988
"This will generate the keys using the <emphasis>Digital Signature Algorithm "
9989
"(DSA)</emphasis> method. During the process you will be prompted for a "
9990
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
9991
"key."
10015
"This will generate the keys using the <emphasis>RSA Algorithm</emphasis>. "
10016
"During the process you will be prompted for a password. Simply hit "
10017
"<emphasis>Enter</emphasis> when prompted to create the key."
9992
10018
msgstr ""
9993
10019
9994
10020
#: serverguide/C/remote-administration.xml:176(para)
9995
10021
msgid ""
9996
10022
"By default the <emphasis>public</emphasis> key is saved in the file "
9997
"<filename>~/.ssh/id_dsa.pub</filename>, while "
9998
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
9999
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10023
"<filename>~/.ssh/id_rsa.pub</filename>, while "
10024
"<filename>~/.ssh/id_rsa</filename> is the <emphasis>private</emphasis> key. "
10025
"Now copy the <filename>id_rsa.pub</filename> file to the remote host and "
10000
10026
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10001
10027
msgstr ""
10002
10028
10064
10090
msgid "Preconfiguration"
10065
10091
msgstr ""
10066
10092
10067
#: serverguide/C/remote-administration.xml:236(para)
10093
#: serverguide/C/remote-administration.xml:256(para)
10068
10094
msgid ""
10069
10095
"Prior to configuring <application>puppet</application> you may want to add a "
10070
10096
"DNS <emphasis>CNAME</emphasis> record for "
10075
10101
"linkend=\"dns\"/> for more DNS details."
10076
10102
msgstr ""
10077
10103
10078
#: serverguide/C/remote-administration.xml:243(para)
10104
#: serverguide/C/remote-administration.xml:263(para)
10079
10105
msgid ""
10080
10106
"If you do not wish to use DNS, you can add entries to the server and client "
10081
10107
"<filename>/etc/hosts</filename> file. For example, in the "
10091
10117
"192.168.1.17 puppetclient.example.com puppetclient\n"
10092
10118
msgstr ""
10093
10119
10094
#: serverguide/C/remote-administration.xml:253(para)
10120
#: serverguide/C/remote-administration.xml:273(para)
10095
10121
msgid ""
10096
10122
"On each <application>Puppet</application> client, add an entry for the "
10097
10123
"server:"
10104
10130
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10105
10131
msgstr ""
10106
10132
10107
#: serverguide/C/remote-administration.xml:262(para)
10133
#: serverguide/C/remote-administration.xml:282(para)
10108
10134
msgid ""
10109
10135
"Replace the example IP addresses and domain names above with your actual "
10110
10136
"server and client addresses and domain names."
10111
10137
msgstr ""
10112
10138
10113
#: serverguide/C/remote-administration.xml:271(para)
10139
#: serverguide/C/remote-administration.xml:236(para)
10114
10140
msgid ""
10115
10141
"To install <application>Puppet</application>, in a terminal on the "
10116
10142
"<emphasis>server</emphasis> enter:"
10117
10143
msgstr ""
10118
10144
10119
#: serverguide/C/remote-administration.xml:276(command)
10145
#: serverguide/C/remote-administration.xml:241(command)
10120
10146
msgid "sudo apt-get install puppetmaster"
10121
10147
msgstr ""
10122
10148
10123
#: serverguide/C/remote-administration.xml:279(para)
10149
#: serverguide/C/remote-administration.xml:244(para)
10124
10150
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10125
10151
msgstr ""
10126
10152
10127
#: serverguide/C/remote-administration.xml:284(command)
10153
#: serverguide/C/remote-administration.xml:249(command)
10128
10154
msgid "sudo apt-get install puppet"
10129
10155
msgstr ""
10130
10156
10181
10207
"<application>Puppet</application> client's host name."
10182
10208
msgstr ""
10183
10209
10184
#: serverguide/C/remote-administration.xml:337(para)
10210
#: serverguide/C/remote-administration.xml:323(para)
10185
10211
msgid ""
10186
10212
"The final step for this simple <application>Puppet</application> server is "
10187
10213
"to restart the daemon:"
10191
10217
msgid "sudo service puppetmaster restart"
10192
10218
msgstr ""
10193
10219
10194
#: serverguide/C/remote-administration.xml:345(para)
10220
#: serverguide/C/remote-administration.xml:331(para)
10195
10221
msgid ""
10196
10222
"Now everything is configured on the <application>Puppet</application> "
10197
10223
"server, it is time to configure the client."
10204
10230
"<emphasis>START</emphasis> to yes:"
10205
10231
msgstr ""
10206
10232
10207
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10233
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10208
10234
#, no-wrap
10209
10235
msgid ""
10210
10236
"\n"
10211
10237
"START=yes\n"
10212
10238
msgstr ""
10213
10239
10214
#: serverguide/C/remote-administration.xml:358(para)
10240
#: serverguide/C/remote-administration.xml:344(para)
10215
10241
msgid "Then start the service:"
10216
10242
msgstr ""
10217
10243
10266
10292
"<application>Puppet</application> client."
10267
10293
msgstr ""
10268
10294
10269
#: serverguide/C/remote-administration.xml:406(para)
10295
#: serverguide/C/remote-administration.xml:366(para)
10270
10296
msgid ""
10271
10297
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10272
10298
"many of <application>Puppet</application>'s features and benefits. For more "
10273
10299
"information see <xref linkend=\"puppet-resources\"/>."
10274
10300
msgstr ""
10275
10301
10276
#: serverguide/C/remote-administration.xml:418(para)
10302
#: serverguide/C/remote-administration.xml:378(para)
10277
10303
msgid ""
10278
10304
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10279
10305
"Documentation</ulink> web site."
10285
10311
"online repository of puppet modules."
10286
10312
msgstr ""
10287
10313
10288
#: serverguide/C/remote-administration.xml:428(para)
10314
#: serverguide/C/remote-administration.xml:383(para)
10289
10315
msgid ""
10290
10316
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10291
10317
"Puppet</ulink>."
10292
10318
msgstr ""
10293
10319
10294
#: serverguide/C/remote-administration.xml:437(title)
10320
#: serverguide/C/remote-administration.xml:397(title)
10295
10321
msgid "Zentyal"
10296
10322
msgstr ""
10297
10323
10298
#: serverguide/C/remote-administration.xml:439(para)
10324
#: serverguide/C/remote-administration.xml:399(para)
10299
10325
msgid ""
10300
10326
"<application>Zentyal</application> is a Linux small business server, that "
10301
10327
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10322
10348
"them."
10323
10349
msgstr ""
10324
10350
10325
#: serverguide/C/remote-administration.xml:467(para)
10351
#: serverguide/C/remote-administration.xml:427(para)
10326
10352
msgid ""
10327
10353
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10328
10354
"available are:"
10329
10355
msgstr ""
10330
10356
10331
#: serverguide/C/remote-administration.xml:474(para)
10357
#: serverguide/C/remote-administration.xml:434(para)
10332
10358
msgid ""
10333
10359
"zentyal-core & zentyal-common: the core of the "
10334
10360
"<application>Zentyal</application> interface and the common libraries of the "
10336
10362
"administrator an interface to view the logs and generate events from them."
10337
10363
msgstr ""
10338
10364
10339
#: serverguide/C/remote-administration.xml:483(para)
10365
#: serverguide/C/remote-administration.xml:443(para)
10340
10366
msgid ""
10341
10367
"zentyal-network: manages the configuration of the network. From the "
10342
10368
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10351
10377
"services (e.g. HTTP instead of 80/TCP)."
10352
10378
msgstr ""
10353
10379
10354
#: serverguide/C/remote-administration.xml:498(para)
10380
#: serverguide/C/remote-administration.xml:458(para)
10355
10381
msgid ""
10356
10382
"zentyal-firewall: configures the <application>iptables</application> rules "
10357
10383
"to block forbiden connections, NAT and port redirections."
10358
10384
msgstr ""
10359
10385
10360
#: serverguide/C/remote-administration.xml:504(para)
10386
#: serverguide/C/remote-administration.xml:464(para)
10361
10387
msgid ""
10362
10388
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10363
10389
"network clients to synchronize their clocks against the server."
10364
10390
msgstr ""
10365
10391
10366
#: serverguide/C/remote-administration.xml:510(para)
10392
#: serverguide/C/remote-administration.xml:470(para)
10367
10393
msgid ""
10368
10394
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10369
10395
"supporting network ranges, static leases and other advanced options like "
10370
10396
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10371
10397
msgstr ""
10372
10398
10373
#: serverguide/C/remote-administration.xml:517(para)
10399
#: serverguide/C/remote-administration.xml:477(para)
10374
10400
msgid ""
10375
10401
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10376
10402
"your server for caching local queries as a forwarder or as an authoritative "
10378
10404
"and SRV records."
10379
10405
msgstr ""
10380
10406
10381
#: serverguide/C/remote-administration.xml:525(para)
10407
#: serverguide/C/remote-administration.xml:485(para)
10382
10408
msgid ""
10383
10409
"zentyal-ca: integrates the management of a Certification Authority within "
10384
10410
"Zentyal so users can use certificates to authenticate against the services, "
10385
10411
"like with <application>OpenVPN</application>."
10386
10412
msgstr ""
10387
10413
10388
#: serverguide/C/remote-administration.xml:532(para)
10414
#: serverguide/C/remote-administration.xml:492(para)
10389
10415
msgid ""
10390
10416
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10391
10417
"<application>OpenVPN</application> with dynamic routing configuration using "
10392
10418
"<application>Quagga</application>."
10393
10419
msgstr ""
10394
10420
10395
#: serverguide/C/remote-administration.xml:539(para)
10421
#: serverguide/C/remote-administration.xml:499(para)
10396
10422
msgid ""
10397
10423
"zentyal-users: provides an interface to configure and manage users and "
10398
10424
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10401
10427
"<application>Microsoft Active Directory</application> domain."
10402
10428
msgstr ""
10403
10429
10404
#: serverguide/C/remote-administration.xml:549(para)
10430
#: serverguide/C/remote-administration.xml:509(para)
10405
10431
msgid ""
10406
10432
"zentyal-squid: configures <application>Squid</application> and "
10407
10433
"<application>Dansguardian</application> for speeding up browsing thanks to "
10408
10434
"the caching capabilities and content filtering."
10409
10435
msgstr ""
10410
10436
10411
#: serverguide/C/remote-administration.xml:556(para)
10437
#: serverguide/C/remote-administration.xml:516(para)
10412
10438
msgid ""
10413
10439
"zentyal-samba: allows <application>Samba</application> configuration and "
10414
10440
"integration with existing LDAP. From the same interface you can define "
10415
10441
"password policies, create shared resources and assign permissions."
10416
10442
msgstr ""
10417
10443
10418
#: serverguide/C/remote-administration.xml:564(para)
10444
#: serverguide/C/remote-administration.xml:524(para)
10419
10445
msgid ""
10420
10446
"zentyal-printers: integrates <application>CUPS</application> with "
10421
10447
"<application>Samba</application> and allows not only to configure the "
10422
10448
"printers but also give them permissions based on LDAP users and groups."
10423
10449
msgstr ""
10424
10450
10425
#: serverguide/C/remote-administration.xml:573(para)
10451
#: serverguide/C/remote-administration.xml:533(para)
10426
10452
msgid ""
10427
10453
"To install <application>Zentyal</application>, in a terminal on the "
10428
10454
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10429
10455
"the modules from the previous list):"
10430
10456
msgstr ""
10431
10457
10432
#: serverguide/C/remote-administration.xml:580(command)
10458
#: serverguide/C/remote-administration.xml:540(command)
10433
10459
msgid "sudo apt-get install <zentyal-module>"
10434
10460
msgstr ""
10435
10461
10436
#: serverguide/C/remote-administration.xml:584(para)
10462
#: serverguide/C/remote-administration.xml:544(para)
10437
10463
msgid ""
10438
10464
"<application>Zentyal</application> publishes one major stable release once a "
10439
10465
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10453
10479
"Personal Package Archive (PPA)</ulink>."
10454
10480
msgstr ""
10455
10481
10456
#: serverguide/C/remote-administration.xml:606(para)
10482
#: serverguide/C/remote-administration.xml:566(para)
10457
10483
msgid ""
10458
10484
"Not present on Ubuntu Universe repositories, but on <ulink "
10459
10485
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10460
10486
"find these other modules:"
10461
10487
msgstr ""
10462
10488
10463
#: serverguide/C/remote-administration.xml:613(para)
10489
#: serverguide/C/remote-administration.xml:573(para)
10464
10490
msgid ""
10465
10491
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10466
10492
"with other modules like the proxy, file sharing or mailfilter."
10467
10493
msgstr ""
10468
10494
10469
#: serverguide/C/remote-administration.xml:620(para)
10495
#: serverguide/C/remote-administration.xml:580(para)
10470
10496
msgid ""
10471
10497
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10472
10498
"a simple PBX with LDAP based authentication."
10473
10499
msgstr ""
10474
10500
10475
#: serverguide/C/remote-administration.xml:626(para)
10501
#: serverguide/C/remote-administration.xml:586(para)
10476
10502
msgid ""
10477
10503
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10478
10504
msgstr ""
10479
10505
10480
#: serverguide/C/remote-administration.xml:632(para)
10506
#: serverguide/C/remote-administration.xml:592(para)
10481
10507
msgid ""
10482
10508
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10483
10509
"LDAP users and groups."
10484
10510
msgstr ""
10485
10511
10486
#: serverguide/C/remote-administration.xml:638(para)
10512
#: serverguide/C/remote-administration.xml:598(para)
10487
10513
msgid ""
10488
10514
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10489
10515
"popular <application>duplicity</application> backup tool."
10490
10516
msgstr ""
10491
10517
10492
#: serverguide/C/remote-administration.xml:644(para)
10518
#: serverguide/C/remote-administration.xml:604(para)
10493
10519
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10494
10520
msgstr ""
10495
10521
10496
#: serverguide/C/remote-administration.xml:649(para)
10522
#: serverguide/C/remote-administration.xml:609(para)
10497
10523
msgid "zentyal-ids: integrates a network intrusion detection system."
10498
10524
msgstr ""
10499
10525
10500
#: serverguide/C/remote-administration.xml:654(para)
10526
#: serverguide/C/remote-administration.xml:614(para)
10501
10527
msgid ""
10502
10528
"zentyal-ipsec: allows to configure IPsec tunnels using "
10503
10529
"<application>OpenSwan</application>."
10504
10530
msgstr ""
10505
10531
10506
#: serverguide/C/remote-administration.xml:660(para)
10532
#: serverguide/C/remote-administration.xml:620(para)
10507
10533
msgid ""
10508
10534
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10509
10535
"with LDAP users and groups."
10510
10536
msgstr ""
10511
10537
10512
#: serverguide/C/remote-administration.xml:666(para)
10538
#: serverguide/C/remote-administration.xml:626(para)
10513
10539
msgid ""
10514
10540
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10515
10541
"solution."
10516
10542
msgstr ""
10517
10543
10518
#: serverguide/C/remote-administration.xml:672(para)
10544
#: serverguide/C/remote-administration.xml:632(para)
10519
10545
msgid ""
10520
10546
"zentyal-mail: a full mail stack including <application>Postfix "
10521
10547
"</application> and <application>Dovecot</application> with LDAP backend."
10522
10548
msgstr ""
10523
10549
10524
#: serverguide/C/remote-administration.xml:679(para)
10550
#: serverguide/C/remote-administration.xml:639(para)
10525
10551
msgid ""
10526
10552
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10527
10553
"stack to filter spam and attached virus."
10528
10554
msgstr ""
10529
10555
10530
#: serverguide/C/remote-administration.xml:685(para)
10556
#: serverguide/C/remote-administration.xml:645(para)
10531
10557
msgid ""
10532
10558
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10533
10559
"server performance and running services."
10534
10560
msgstr ""
10535
10561
10536
#: serverguide/C/remote-administration.xml:691(para)
10562
#: serverguide/C/remote-administration.xml:651(para)
10537
10563
msgid ""
10538
10564
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10539
10565
msgstr ""
10540
10566
10541
#: serverguide/C/remote-administration.xml:696(para)
10567
#: serverguide/C/remote-administration.xml:656(para)
10542
10568
msgid ""
10543
10569
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10544
10570
"users and groups."
10545
10571
msgstr ""
10546
10572
10547
#: serverguide/C/remote-administration.xml:702(para)
10573
#: serverguide/C/remote-administration.xml:662(para)
10548
10574
msgid ""
10549
10575
"zentyal-software: simple interface to manage installed "
10550
10576
"<application>Zentyal</application> modules and system updates."
10551
10577
msgstr ""
10552
10578
10553
#: serverguide/C/remote-administration.xml:708(para)
10579
#: serverguide/C/remote-administration.xml:668(para)
10554
10580
msgid ""
10555
10581
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10556
10582
"throttling and improve latency."
10557
10583
msgstr ""
10558
10584
10559
#: serverguide/C/remote-administration.xml:714(para)
10585
#: serverguide/C/remote-administration.xml:674(para)
10560
10586
msgid ""
10561
10587
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10562
10588
"web browser."
10563
10589
msgstr ""
10564
10590
10565
#: serverguide/C/remote-administration.xml:720(para)
10591
#: serverguide/C/remote-administration.xml:680(para)
10566
10592
msgid ""
10567
10593
"zentyal-virt: simple interface to create and manage virtual machines based "
10568
10594
"on <application>libvirt</application>."
10569
10595
msgstr ""
10570
10596
10571
#: serverguide/C/remote-administration.xml:726(para)
10597
#: serverguide/C/remote-administration.xml:686(para)
10572
10598
msgid ""
10573
10599
"zentyal-webmail: allows to access your mail using the popular "
10574
10600
"<application>Roundcube</application> webmail."
10575
10601
msgstr ""
10576
10602
10577
#: serverguide/C/remote-administration.xml:732(para)
10603
#: serverguide/C/remote-administration.xml:692(para)
10578
10604
msgid ""
10579
10605
"zentyal-webserver: configures <application>Apache</application> webserver to "
10580
10606
"host different sites on your machine."
10581
10607
msgstr ""
10582
10608
10583
#: serverguide/C/remote-administration.xml:738(para)
10609
#: serverguide/C/remote-administration.xml:698(para)
10584
10610
msgid ""
10585
10611
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10586
10612
"with <application>Zentyal</application> mail stack and LDAP."
10587
10613
msgstr ""
10588
10614
10589
#: serverguide/C/remote-administration.xml:750(title)
10615
#: serverguide/C/remote-administration.xml:710(title)
10590
10616
msgid "First steps"
10591
10617
msgstr ""
10592
10618
10593
#: serverguide/C/remote-administration.xml:752(para)
10619
#: serverguide/C/remote-administration.xml:712(para)
10594
10620
msgid ""
10595
10621
"Any system account belonging to the sudo group is allowed to log into "
10596
10622
"<application>Zentyal</application> web interface. If you are using the user "
10597
10623
"created during the installation, this should be in the sudo group by default."
10598
10624
msgstr ""
10599
10625
10600
#: serverguide/C/remote-administration.xml:760(para)
10626
#: serverguide/C/remote-administration.xml:720(para)
10601
10627
msgid "If you need to add another user to the sudo group, just execute:"
10602
10628
msgstr ""
10603
10629
10604
#: serverguide/C/remote-administration.xml:765(command)
10630
#: serverguide/C/remote-administration.xml:725(command)
10605
10631
msgid "sudo adduser username sudo"
10606
10632
msgstr ""
10607
10633
10608
#: serverguide/C/remote-administration.xml:769(para)
10634
#: serverguide/C/remote-administration.xml:729(para)
10609
10635
msgid ""
10610
10636
"To access <application>Zentyal</application> web interface, browse into "
10611
10637
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10613
10639
"exception on your browser."
10614
10640
msgstr ""
10615
10641
10616
#: serverguide/C/remote-administration.xml:776(para)
10642
#: serverguide/C/remote-administration.xml:736(para)
10617
10643
msgid ""
10618
10644
"Once logged in you will see the dashboard with an overview of your server. "
10619
10645
"To configure any of the features of your installed modules, go to the "
10627
10653
"files."
10628
10654
msgstr ""
10629
10655
10630
#: serverguide/C/remote-administration.xml:790(para)
10656
#: serverguide/C/remote-administration.xml:750(para)
10631
10657
msgid ""
10632
10658
"If you need to customize any configuration file or run certain actions "
10633
10659
"(scripts or commands) to configure features not available on "
10636
10662
"/etc/zentyal/hooks/<module>.<action>."
10637
10663
msgstr ""
10638
10664
10639
#: serverguide/C/remote-administration.xml:803(para)
10665
#: serverguide/C/remote-administration.xml:763(para)
10640
10666
msgid ""
10641
10667
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10642
10668
"</ulink> page."
10643
10669
msgstr ""
10644
10670
10645
#: serverguide/C/remote-administration.xml:807(para)
10671
#: serverguide/C/remote-administration.xml:767(para)
10646
10672
msgid ""
10647
10673
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10648
10674
"Community Documentation</ulink> page."
10649
10675
msgstr ""
10650
10676
10651
#: serverguide/C/remote-administration.xml:811(para)
10677
#: serverguide/C/remote-administration.xml:771(para)
10652
10678
msgid ""
10653
10679
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10654
10680
"</ulink> for community support, feedback, feature requests, etc."
11016
11042
"menu."
11017
11043
msgstr ""
11018
11044
11019
#: serverguide/C/package-management.xml:263(para)
11045
#: serverguide/C/package-management.xml:246(para)
11020
11046
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11021
11047
msgstr ""
11022
11048
11023
#: serverguide/C/package-management.xml:268(para)
11049
#: serverguide/C/package-management.xml:251(para)
11024
11050
msgid ""
11025
11051
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11026
11052
"configuration remains on system"
11027
11053
msgstr ""
11028
11054
11029
#: serverguide/C/package-management.xml:272(para)
11055
#: serverguide/C/package-management.xml:255(para)
11030
11056
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11031
11057
msgstr ""
11032
11058
11033
#: serverguide/C/package-management.xml:276(para)
11059
#: serverguide/C/package-management.xml:259(para)
11034
11060
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11035
11061
msgstr ""
11036
11062
11037
#: serverguide/C/package-management.xml:280(para)
11063
#: serverguide/C/package-management.xml:263(para)
11038
11064
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11039
11065
msgstr ""
11040
11066
11041
#: serverguide/C/package-management.xml:284(para)
11067
#: serverguide/C/package-management.xml:267(para)
11042
11068
msgid ""
11043
11069
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11044
11070
"configured"
11045
11071
msgstr ""
11046
11072
11047
#: serverguide/C/package-management.xml:288(para)
11073
#: serverguide/C/package-management.xml:271(para)
11048
11074
msgid ""
11049
11075
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11050
11076
"and requires fix"
11051
11077
msgstr ""
11052
11078
11053
#: serverguide/C/package-management.xml:292(para)
11079
#: serverguide/C/package-management.xml:275(para)
11054
11080
msgid ""
11055
11081
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11056
11082
"requires fix"
11057
11083
msgstr ""
11058
11084
11059
#: serverguide/C/package-management.xml:260(para)
11085
#: serverguide/C/package-management.xml:243(para)
11060
11086
msgid ""
11061
11087
"The first column of information displayed in the package list in the top "
11062
11088
"pane, when actually viewing packages lists the current state of the package, "
11064
11090
"<placeholder-1/>"
11065
11091
msgstr ""
11066
11092
11067
#: serverguide/C/package-management.xml:298(para)
11093
#: serverguide/C/package-management.xml:281(para)
11068
11094
msgid ""
11069
11095
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11070
11096
"wish to exit. Many other functions are available from the Aptitude menu by "
11071
11097
"pressing the <keycap>F10</keycap> key."
11072
11098
msgstr ""
11073
11099
11074
#: serverguide/C/package-management.xml:301(title)
11100
#: serverguide/C/package-management.xml:284(title)
11075
11101
msgid "Command Line Aptitude"
11076
11102
msgstr ""
11077
11103
11078
#: serverguide/C/package-management.xml:302(para)
11104
#: serverguide/C/package-management.xml:285(para)
11079
11105
msgid ""
11080
11106
"You can also use <application>Aptitude</application> as a command-line tool, "
11081
11107
"similar to <application>apt-get</application>. To install the "
11089
11115
"of command line options for <application>Aptitude</application>."
11090
11116
msgstr ""
11091
11117
11092
#: serverguide/C/package-management.xml:315(title)
11118
#: serverguide/C/package-management.xml:298(title)
11093
11119
msgid "Automatic Updates"
11094
11120
msgstr ""
11095
11121
11096
#: serverguide/C/package-management.xml:317(para)
11122
#: serverguide/C/package-management.xml:300(para)
11097
11123
msgid ""
11098
11124
"The <application>unattended-upgrades</application> package can be used to "
11099
11125
"automatically install updated packages, and can be configured to update all "
11101
11127
"entering the following in a terminal:"
11102
11128
msgstr ""
11103
11129
11104
#: serverguide/C/package-management.xml:323(command)
11130
#: serverguide/C/package-management.xml:306(command)
11105
11131
msgid "sudo apt-get install unattended-upgrades"
11106
11132
msgstr ""
11107
11133
11108
#: serverguide/C/package-management.xml:326(para)
11134
#: serverguide/C/package-management.xml:309(para)
11109
11135
msgid ""
11110
11136
"To configure <application>unattended-upgrades</application>, edit "
11111
11137
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11122
11148
"};\n"
11123
11149
msgstr ""
11124
11150
11125
#: serverguide/C/package-management.xml:338(para)
11151
#: serverguide/C/package-management.xml:321(para)
11126
11152
msgid ""
11127
11153
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11128
11154
"will not be automatically updated. To blacklist a package, add it to the "
11129
11155
"list:"
11130
11156
msgstr ""
11131
11157
11132
#: serverguide/C/package-management.xml:343(programlisting)
11158
#: serverguide/C/package-management.xml:326(programlisting)
11133
11159
#, no-wrap
11134
11160
msgid ""
11135
11161
"\n"
11141
11167
"};\n"
11142
11168
msgstr ""
11143
11169
11144
#: serverguide/C/package-management.xml:353(para)
11170
#: serverguide/C/package-management.xml:336(para)
11145
11171
msgid ""
11146
11172
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11147
11173
"whatever follows \"//\" will not be evaluated."
11148
11174
msgstr ""
11149
11175
11150
#: serverguide/C/package-management.xml:358(para)
11176
#: serverguide/C/package-management.xml:341(para)
11151
11177
msgid ""
11152
11178
"To enable automatic updates, edit "
11153
11179
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11154
11180
"<application>apt</application> configuration options:"
11155
11181
msgstr ""
11156
11182
11157
#: serverguide/C/package-management.xml:362(programlisting)
11183
#: serverguide/C/package-management.xml:345(programlisting)
11158
11184
#, no-wrap
11159
11185
msgid ""
11160
11186
"\n"
11164
11190
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11165
11191
msgstr ""
11166
11192
11167
#: serverguide/C/package-management.xml:369(para)
11193
#: serverguide/C/package-management.xml:352(para)
11168
11194
msgid ""
11169
11195
"The above configuration updates the package list, downloads, and installs "
11170
11196
"available upgrades every day. The local download archive is cleaned every "
11171
11197
"week."
11172
11198
msgstr ""
11173
11199
11174
#: serverguide/C/package-management.xml:375(para)
11200
#: serverguide/C/package-management.xml:358(para)
11175
11201
msgid ""
11176
11202
"You can read more about <application>apt</application> Periodic "
11177
11203
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11178
11204
"header."
11179
11205
msgstr ""
11180
11206
11181
#: serverguide/C/package-management.xml:380(para)
11207
#: serverguide/C/package-management.xml:363(para)
11182
11208
msgid ""
11183
11209
"The results of <application>unattended-upgrades</application> will be logged "
11184
11210
"to <filename>/var/log/unattended-upgrades</filename>."
11185
11211
msgstr ""
11186
11212
11187
#: serverguide/C/package-management.xml:385(title)
11213
#: serverguide/C/package-management.xml:368(title)
11188
11214
msgid "Notifications"
11189
11215
msgstr ""
11190
11216
11191
#: serverguide/C/package-management.xml:387(para)
11217
#: serverguide/C/package-management.xml:370(para)
11192
11218
msgid ""
11193
11219
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11194
11220
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11196
11222
"detailing any packages that need upgrading or have problems."
11197
11223
msgstr ""
11198
11224
11199
#: serverguide/C/package-management.xml:392(para)
11225
#: serverguide/C/package-management.xml:375(para)
11200
11226
msgid ""
11201
11227
"Another useful package is <application>apticron</application>. "
11202
11228
"<application>apticron</application> will configure a "
11205
11231
"summary of changes in each package."
11206
11232
msgstr ""
11207
11233
11208
#: serverguide/C/package-management.xml:398(para)
11234
#: serverguide/C/package-management.xml:381(para)
11209
11235
msgid ""
11210
11236
"To install the <application>apticron</application> package, in a terminal "
11211
11237
"enter:"
11212
11238
msgstr ""
11213
11239
11214
#: serverguide/C/package-management.xml:403(command)
11240
#: serverguide/C/package-management.xml:386(command)
11215
11241
msgid "sudo apt-get install apticron"
11216
11242
msgstr ""
11217
11243
11218
#: serverguide/C/package-management.xml:406(para)
11244
#: serverguide/C/package-management.xml:389(para)
11219
11245
msgid ""
11220
11246
"Once the package is installed edit "
11221
11247
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11222
11248
"and other options:"
11223
11249
msgstr ""
11224
11250
11225
#: serverguide/C/package-management.xml:410(programlisting)
11251
#: serverguide/C/package-management.xml:393(programlisting)
11226
11252
#, no-wrap
11227
11253
msgid ""
11228
11254
"\n"
11229
11255
"EMAIL=\"root@example.com\"\n"
11230
11256
msgstr ""
11231
11257
11232
#: serverguide/C/package-management.xml:419(para)
11258
#: serverguide/C/package-management.xml:402(para)
11233
11259
msgid ""
11234
11260
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11235
11261
"system repositories is stored in the "
11239
11265
"repository references from the file."
11240
11266
msgstr ""
11241
11267
11242
#: serverguide/C/package-management.xml:424(para)
11268
#: serverguide/C/package-management.xml:411(para)
11243
11269
msgid ""
11244
11270
"You may edit the file to enable repositories or disable them. For example, "
11245
11271
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11256
11282
"main restricted\n"
11257
11283
msgstr ""
11258
11284
11259
#: serverguide/C/package-management.xml:435(title)
11285
#: serverguide/C/package-management.xml:422(title)
11260
11286
msgid "Extra Repositories"
11261
11287
msgstr ""
11262
11288
11263
#: serverguide/C/package-management.xml:436(para)
11289
#: serverguide/C/package-management.xml:423(para)
11264
11290
msgid ""
11265
11291
"In addition to the officially supported package repositories available for "
11266
11292
"Ubuntu, there exist additional community-maintained repositories which add "
11271
11297
"which are safe for use with your Ubuntu computer."
11272
11298
msgstr ""
11273
11299
11274
#: serverguide/C/package-management.xml:439(para)
11300
#: serverguide/C/package-management.xml:426(para)
11275
11301
msgid ""
11276
11302
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11277
11303
"licensing issues that prevent them from being distributed with a free "
11278
11304
"operating system, and they may be illegal in your locality."
11279
11305
msgstr ""
11280
11306
11281
#: serverguide/C/package-management.xml:441(para)
11307
#: serverguide/C/package-management.xml:428(para)
11282
11308
msgid ""
11283
11309
"Be advised that neither the <emphasis>Universe</emphasis> or "
11284
11310
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11286
11312
"packages."
11287
11313
msgstr ""
11288
11314
11289
#: serverguide/C/package-management.xml:445(para)
11315
#: serverguide/C/package-management.xml:432(para)
11290
11316
msgid ""
11291
11317
"Many other package sources are available, sometimes even offering only one "
11292
11318
"package, as in the case of package sources provided by the developer of a "
11297
11323
"functional in some respects."
11298
11324
msgstr ""
11299
11325
11300
#: serverguide/C/package-management.xml:448(para)
11326
#: serverguide/C/package-management.xml:435(para)
11301
11327
msgid ""
11302
11328
"By default, the <emphasis>Universe</emphasis> and "
11303
11329
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11328
11354
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11329
11355
msgstr ""
11330
11356
11331
#: serverguide/C/package-management.xml:481(para)
11357
#: serverguide/C/package-management.xml:468(para)
11332
11358
msgid ""
11333
11359
"Most of the material covered in this chapter is available in "
11334
11360
"<application>man</application> pages, many of which are available online."
11335
11361
msgstr ""
11336
11362
11337
#: serverguide/C/package-management.xml:488(para)
11363
#: serverguide/C/package-management.xml:475(para)
11338
11364
msgid ""
11339
11365
"The <ulink "
11340
11366
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11364
11390
"ude man page</ulink> for more <application>aptitude</application> options."
11365
11391
msgstr ""
11366
11392
11367
#: serverguide/C/package-management.xml:512(para)
11393
#: serverguide/C/package-management.xml:499(para)
11368
11394
msgid ""
11369
11395
"The <ulink "
11370
11396
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11431
11457
"reboots (e.g.: after a kernel upgrade)."
11432
11458
msgstr ""
11433
11459
11434
#: serverguide/C/other-apps.xml:61(para)
11460
#: serverguide/C/other-apps.xml:44(para)
11435
11461
msgid ""
11436
11462
"<application>pam_motd</application> executes the scripts in "
11437
11463
"<filename>/etc/update-motd.d</filename> in order based on the number "
11440
11466
"concatenated with <filename>/etc/motd.tail</filename>."
11441
11467
msgstr ""
11442
11468
11443
#: serverguide/C/other-apps.xml:67(para)
11469
#: serverguide/C/other-apps.xml:50(para)
11444
11470
msgid ""
11445
11471
"You can add your own dynamic information to the MOTD. For example, to add "
11446
11472
"local weather information:"
11447
11473
msgstr ""
11448
11474
11449
#: serverguide/C/other-apps.xml:73(para)
11475
#: serverguide/C/other-apps.xml:56(para)
11450
11476
msgid "First, install the <application>weather-util</application> package:"
11451
11477
msgstr ""
11452
11478
11453
#: serverguide/C/other-apps.xml:78(command)
11479
#: serverguide/C/other-apps.xml:61(command)
11454
11480
msgid "sudo apt-get install weather-util"
11455
11481
msgstr ""
11456
11482
11457
#: serverguide/C/other-apps.xml:83(para)
11483
#: serverguide/C/other-apps.xml:66(para)
11458
11484
msgid ""
11459
11485
"The <application>weather</application> utility uses METAR data from the "
11460
11486
"National Oceanic and Atmospheric Administration and forecasts from the "
11464
11490
"Weather Service</ulink> site."
11465
11491
msgstr ""
11466
11492
11467
#: serverguide/C/other-apps.xml:90(para)
11493
#: serverguide/C/other-apps.xml:73(para)
11468
11494
msgid ""
11469
11495
"Although the National Weather Service is a United States government agency "
11470
11496
"there are weather stations available world wide. However, local weather "
11471
11497
"information for all locations outside the U.S. may not be available."
11472
11498
msgstr ""
11473
11499
11474
#: serverguide/C/other-apps.xml:96(para)
11500
#: serverguide/C/other-apps.xml:79(para)
11475
11501
msgid ""
11476
11502
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11477
11503
"script to use <application>weather</application> with your local ICAO "
11478
11504
"indicator:"
11479
11505
msgstr ""
11480
11506
11481
#: serverguide/C/other-apps.xml:101(programlisting)
11507
#: serverguide/C/other-apps.xml:84(programlisting)
11482
11508
#, no-wrap
11483
11509
msgid ""
11484
11510
"\n"
11498
11524
"\n"
11499
11525
msgstr ""
11500
11526
11501
#: serverguide/C/other-apps.xml:119(para)
11527
#: serverguide/C/other-apps.xml:102(para)
11502
11528
msgid "Make the script executable:"
11503
11529
msgstr ""
11504
11530
11505
#: serverguide/C/other-apps.xml:124(command)
11531
#: serverguide/C/other-apps.xml:107(command)
11506
11532
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11507
11533
msgstr ""
11508
11534
11509
#: serverguide/C/other-apps.xml:128(para)
11535
#: serverguide/C/other-apps.xml:111(para)
11510
11536
msgid ""
11511
11537
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11512
11538
"weather</filename>:"
11513
11539
msgstr ""
11514
11540
11515
#: serverguide/C/other-apps.xml:133(command)
11541
#: serverguide/C/other-apps.xml:116(command)
11516
11542
msgid ""
11517
11543
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11518
11544
msgstr ""
11519
11545
11520
#: serverguide/C/other-apps.xml:137(para)
11546
#: serverguide/C/other-apps.xml:120(para)
11521
11547
msgid "Finally, exit the server and re-login to view the new MOTD."
11522
11548
msgstr ""
11523
11549
11524
#: serverguide/C/other-apps.xml:143(para)
11550
#: serverguide/C/other-apps.xml:126(para)
11525
11551
msgid ""
11526
11552
"You should now be greeted with some useful information, and some information "
11527
11553
"about the local weather that may not be quite so useful. Hopefully the "
11529
11555
"flexibility of <application>pam_motd</application>."
11530
11556
msgstr ""
11531
11557
11532
#: serverguide/C/other-apps.xml:151(title)
11558
#: serverguide/C/other-apps.xml:156(para)
11559
msgid ""
11560
"See the <ulink "
11561
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11562
"motd.5.html\">update-motd man page</ulink> for more options available to "
11563
"<application>update-motd</application>."
11564
msgstr ""
11565
11566
#: serverguide/C/other-apps.xml:338(para)
11567
msgid ""
11568
"The Debian Package of the Day <ulink "
11569
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11570
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11571
"details about using the <application>weather</application>utility."
11572
msgstr ""
11573
11574
#: serverguide/C/other-apps.xml:134(title)
11533
11575
msgid "etckeeper"
11534
11576
msgstr ""
11535
11577
11536
#: serverguide/C/other-apps.xml:153(para)
11578
#: serverguide/C/other-apps.xml:180(para)
11537
11579
msgid ""
11538
11580
"<application>etckeeper</application> allows the contents of <filename "
11539
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11540
"System (VCS) repository. It hooks into <application>apt</application> to "
11541
"automatically commit changes to <filename>/etc</filename> when packages are "
11581
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
11582
"(VCS) repository. It integrates with <application>APT</application> and "
11583
"automatically commits changes to <filename>/etc</filename> when packages are "
11542
11584
"installed or upgraded. Placing <filename>/etc</filename> under version "
11543
11585
"control is considered an industry best practice, and the goal of "
11544
11586
"<application>etckeeper</application> is to make this process as painless as "
11545
11587
"possible."
11546
11588
msgstr ""
11547
11589
11548
#: serverguide/C/other-apps.xml:161(para)
11590
#: serverguide/C/other-apps.xml:144(para)
11549
11591
msgid ""
11550
11592
"Install <application>etckeeper</application> by entering the following in a "
11551
11593
"terminal:"
11552
11594
msgstr ""
11553
11595
11554
#: serverguide/C/other-apps.xml:166(command)
11596
#: serverguide/C/other-apps.xml:149(command)
11555
11597
msgid "sudo apt-get install etckeeper"
11556
11598
msgstr ""
11557
11599
11558
#: serverguide/C/other-apps.xml:169(para)
11600
#: serverguide/C/other-apps.xml:196(para)
11559
11601
msgid ""
11560
11602
"The main configuration file, "
11561
11603
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11562
"main option is which VCS to use. By default "
11604
"main option is which VCS to use and by default "
11563
11605
"<application>etckeeper</application> is configured to use "
11564
"<application>bzr</application> for version control. The repository is "
11565
"automatically initialized (and committed for the first time) during package "
11566
"installation. It is possible to undo this by entering the following command:"
11606
"<application>Bazaar</application>. The repository is automatically "
11607
"initialized (and committed for the first time) during package installation. "
11608
"It is possible to undo this by entering the following command:"
11567
11609
msgstr ""
11568
11610
11569
#: serverguide/C/other-apps.xml:179(command)
11611
#: serverguide/C/other-apps.xml:162(command)
11570
11612
msgid "sudo etckeeper uninit"
11571
11613
msgstr ""
11572
11614
11573
#: serverguide/C/other-apps.xml:182(para)
11615
#: serverguide/C/other-apps.xml:165(para)
11574
11616
msgid ""
11575
11617
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11576
11618
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11579
11621
"commit your changes manually, together with a commit message, using:"
11580
11622
msgstr ""
11581
11623
11582
#: serverguide/C/other-apps.xml:191(command)
11624
#: serverguide/C/other-apps.xml:174(command)
11583
11625
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11584
11626
msgstr ""
11585
11627
11586
#: serverguide/C/other-apps.xml:194(para)
11587
msgid ""
11588
"Using the VCS commands you can view log information about files in "
11589
"<filename>/etc</filename>:"
11628
#: serverguide/C/other-apps.xml:217(para)
11629
msgid "Using bzr's VCS commands you can view log information:"
11590
11630
msgstr ""
11591
11631
11592
#: serverguide/C/other-apps.xml:199(command)
11632
#: serverguide/C/other-apps.xml:182(command)
11593
11633
msgid "sudo bzr log /etc/passwd"
11594
11634
msgstr ""
11595
11635
11596
#: serverguide/C/other-apps.xml:202(para)
11636
#: serverguide/C/other-apps.xml:225(para)
11597
11637
msgid ""
11598
"To demonstrate the integration with the package management system, install "
11599
"<application>postfix</application>:"
11638
"To demonstrate the integration with the package management system (APT), "
11639
"install <application>postfix</application>:"
11600
11640
msgstr ""
11601
11641
11602
#: serverguide/C/other-apps.xml:207(command) serverguide/C/mail.xml:43(command)
11642
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11603
11643
msgid "sudo apt-get install postfix"
11604
11644
msgstr ""
11605
11645
11606
#: serverguide/C/other-apps.xml:210(para)
11646
#: serverguide/C/other-apps.xml:193(para)
11607
11647
msgid ""
11608
11648
"When the installation is finished, all the "
11609
11649
"<application>postfix</application> configuration files should be committed "
11610
11650
"to the repository:"
11611
11651
msgstr ""
11612
11652
11613
#: serverguide/C/other-apps.xml:216(computeroutput)
11653
#: serverguide/C/other-apps.xml:199(computeroutput)
11614
11654
#, no-wrap
11615
11655
msgid ""
11616
11656
"Committing to: /etc/\n"
11653
11693
"Committed revision 2."
11654
11694
msgstr ""
11655
11695
11656
#: serverguide/C/other-apps.xml:256(para)
11696
#: serverguide/C/other-apps.xml:239(para)
11657
11697
msgid ""
11658
11698
"For an example of how <application>etckeeper</application> tracks manual "
11659
11699
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11660
11700
"<application>bzr</application> you can see which files have been modified:"
11661
11701
msgstr ""
11662
11702
11663
#: serverguide/C/other-apps.xml:262(command)
11703
#: serverguide/C/other-apps.xml:245(command)
11664
11704
msgid "sudo bzr status /etc/"
11665
11705
msgstr ""
11666
11706
11667
#: serverguide/C/other-apps.xml:263(computeroutput)
11707
#: serverguide/C/other-apps.xml:246(computeroutput)
11668
11708
#, no-wrap
11669
11709
msgid ""
11670
11710
"modified:\n"
11671
11711
" hosts"
11672
11712
msgstr ""
11673
11713
11674
#: serverguide/C/other-apps.xml:267(para)
11714
#: serverguide/C/other-apps.xml:250(para)
11675
11715
msgid "Now commit the changes:"
11676
11716
msgstr ""
11677
11717
11678
#: serverguide/C/other-apps.xml:272(command)
11679
msgid "sudo etckeeper commit \"new host\""
11718
#: serverguide/C/other-apps.xml:295(command)
11719
msgid "sudo etckeeper commit \"added new host\""
11680
11720
msgstr ""
11681
11721
11682
#: serverguide/C/other-apps.xml:275(para)
11722
#: serverguide/C/other-apps.xml:258(para)
11683
11723
msgid ""
11684
11724
"For more information on <application>bzr</application> see <xref "
11685
11725
"linkend=\"bazaar\"/>."
11686
11726
msgstr ""
11687
11727
11688
#: serverguide/C/other-apps.xml:281(title)
11728
#: serverguide/C/other-apps.xml:345(para)
11729
msgid ""
11730
"See the <ulink "
11731
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11732
"more details on using <application>etckeeper</application>."
11733
msgstr ""
11734
11735
#: serverguide/C/other-apps.xml:351(para)
11736
msgid ""
11737
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11738
"Ubuntu Wiki</ulink> page."
11739
msgstr ""
11740
11741
#: serverguide/C/other-apps.xml:356(para)
11742
msgid ""
11743
"For the latest news and information about <application>bzr</application> see "
11744
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11745
msgstr ""
11746
11747
#: serverguide/C/other-apps.xml:264(title)
11689
11748
msgid "Byobu"
11690
11749
msgstr ""
11691
11750
11692
#: serverguide/C/other-apps.xml:283(para)
11693
msgid ""
11694
"One of the most useful applications for any system administrator is "
11695
"<application>screen</application>. It allows the execution of multiple "
11696
"shells in one terminal. To make some of the advanced "
11697
"<application>screen</application> features more user friendly, and provide "
11698
"some useful information about the system, the "
11699
"<application>byobu</application> package was created."
11700
msgstr ""
11701
11702
#: serverguide/C/other-apps.xml:290(para)
11703
msgid ""
11704
"When executing <application>byobu</application> pressing the "
11705
"<emphasis>F9</emphasis> key will bring up the "
11706
"<application>Configuration</application> menu. This menu will allow you to:"
11707
msgstr ""
11708
11709
#: serverguide/C/other-apps.xml:296(para)
11751
#: serverguide/C/other-apps.xml:337(para)
11752
msgid ""
11753
"One of the most useful applications for any system administrator is an xterm "
11754
"multiplexor such as <application>screen</application> or "
11755
"<application>tmux</application>. It allows for the execution of multiple "
11756
"shells in one terminal. To make some of the advanced multiplexor features "
11757
"more user-friendly and provide some useful information about the system, the "
11758
"<application>byobu</application> package was created. It acts as a wrapper "
11759
"to these programs. By default Byobu uses tmux (if installed) but this can be "
11760
"changed by the user."
11761
msgstr ""
11762
11763
#: serverguide/C/other-apps.xml:344(para)
11764
msgid "Invoke it simply with:"
11765
msgstr ""
11766
11767
#: serverguide/C/other-apps.xml:349(command)
11768
msgid "byobu"
11769
msgstr ""
11770
11771
#: serverguide/C/other-apps.xml:352(para)
11772
msgid ""
11773
"Now bring up the configuration menu. By default this is done by pressing the "
11774
"<emphasis>F9</emphasis> key. This will allow you to:"
11775
msgstr ""
11776
11777
#: serverguide/C/other-apps.xml:279(para)
11710
11778
msgid "View the Help menu"
11711
11779
msgstr ""
11712
11780
11713
#: serverguide/C/other-apps.xml:297(para)
11781
#: serverguide/C/other-apps.xml:280(para)
11714
11782
msgid "Change Byobu's background color"
11715
11783
msgstr ""
11716
11784
11717
#: serverguide/C/other-apps.xml:298(para)
11785
#: serverguide/C/other-apps.xml:281(para)
11718
11786
msgid "Change Byobu's foreground color"
11719
11787
msgstr ""
11720
11788
11721
#: serverguide/C/other-apps.xml:299(para)
11789
#: serverguide/C/other-apps.xml:282(para)
11722
11790
msgid "Toggle status notifications"
11723
11791
msgstr ""
11724
11792
11725
#: serverguide/C/other-apps.xml:300(para)
11793
#: serverguide/C/other-apps.xml:283(para)
11726
11794
msgid "Change the key binding set"
11727
11795
msgstr ""
11728
11796
11729
#: serverguide/C/other-apps.xml:301(para)
11797
#: serverguide/C/other-apps.xml:284(para)
11730
11798
msgid "Change the escape sequence"
11731
11799
msgstr ""
11732
11800
11733
#: serverguide/C/other-apps.xml:302(para)
11801
#: serverguide/C/other-apps.xml:285(para)
11734
11802
msgid "Create new windows"
11735
11803
msgstr ""
11736
11804
11737
#: serverguide/C/other-apps.xml:303(para)
11805
#: serverguide/C/other-apps.xml:286(para)
11738
11806
msgid "Manage the default windows"
11739
11807
msgstr ""
11740
11808
11741
#: serverguide/C/other-apps.xml:304(para)
11809
#: serverguide/C/other-apps.xml:287(para)
11742
11810
msgid "Byobu currently does not launch at login (toggle on)"
11743
11811
msgstr ""
11744
11812
11745
#: serverguide/C/other-apps.xml:307(para)
11813
#: serverguide/C/other-apps.xml:290(para)
11746
11814
msgid ""
11747
11815
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11748
11816
"sequence, new window, change window, etc. There are two key binding sets to "
11751
11819
"<emphasis>none</emphasis> set."
11752
11820
msgstr ""
11753
11821
11754
#: serverguide/C/other-apps.xml:313(para)
11822
#: serverguide/C/other-apps.xml:296(para)
11755
11823
msgid ""
11756
11824
"<application>byobu</application> provides a menu which displays the Ubuntu "
11757
11825
"release, processor information, memory information, and the time and date. "
11758
11826
"The effect is similar to a desktop menu."
11759
11827
msgstr ""
11760
11828
11761
#: serverguide/C/other-apps.xml:318(para)
11829
#: serverguide/C/other-apps.xml:301(para)
11762
11830
msgid ""
11763
11831
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11764
11832
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11767
11835
"affect other users on the system."
11768
11836
msgstr ""
11769
11837
11770
#: serverguide/C/other-apps.xml:324(para)
11838
#: serverguide/C/other-apps.xml:307(para)
11771
11839
msgid ""
11772
11840
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11773
11841
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11775
11843
"commands. Here is a quick list of movement commands:"
11776
11844
msgstr ""
11777
11845
11778
#: serverguide/C/other-apps.xml:331(para)
11846
#: serverguide/C/other-apps.xml:314(para)
11779
11847
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11780
11848
msgstr ""
11781
11849
11782
#: serverguide/C/other-apps.xml:332(para)
11850
#: serverguide/C/other-apps.xml:315(para)
11783
11851
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11784
11852
msgstr ""
11785
11853
11786
#: serverguide/C/other-apps.xml:333(para)
11854
#: serverguide/C/other-apps.xml:316(para)
11787
11855
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11788
11856
msgstr ""
11789
11857
11790
#: serverguide/C/other-apps.xml:334(para)
11858
#: serverguide/C/other-apps.xml:317(para)
11791
11859
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11792
11860
msgstr ""
11793
11861
11794
#: serverguide/C/other-apps.xml:335(para)
11862
#: serverguide/C/other-apps.xml:318(para)
11795
11863
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11796
11864
msgstr ""
11797
11865
11798
#: serverguide/C/other-apps.xml:336(para)
11866
#: serverguide/C/other-apps.xml:319(para)
11799
11867
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11800
11868
msgstr ""
11801
11869
11802
#: serverguide/C/other-apps.xml:337(para)
11870
#: serverguide/C/other-apps.xml:320(para)
11803
11871
msgid ""
11804
11872
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11805
11873
"the buffer)"
11806
11874
msgstr ""
11807
11875
11808
#: serverguide/C/other-apps.xml:338(para)
11876
#: serverguide/C/other-apps.xml:321(para)
11809
11877
msgid "<emphasis>/</emphasis> - Search forward"
11810
11878
msgstr ""
11811
11879
11812
#: serverguide/C/other-apps.xml:339(para)
11880
#: serverguide/C/other-apps.xml:322(para)
11813
11881
msgid "<emphasis>?</emphasis> - Search backward"
11814
11882
msgstr ""
11815
11883
11816
#: serverguide/C/other-apps.xml:340(para)
11884
#: serverguide/C/other-apps.xml:401(para)
11817
11885
msgid ""
11818
11886
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11819
11887
msgstr ""
11820
11888
11821
#: serverguide/C/other-apps.xml:349(para)
11822
msgid ""
11823
"See the <ulink "
11824
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11825
"motd.5.html\">update-motd man page</ulink> for more options available to "
11826
"<application>update-motd</application>."
11827
msgstr ""
11828
11829
#: serverguide/C/other-apps.xml:355(para)
11830
msgid ""
11831
"The Debian Package of the Day <ulink "
11832
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11833
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11834
"details about using the <application>weather</application>utility."
11835
msgstr ""
11836
11837
#: serverguide/C/other-apps.xml:362(para)
11838
msgid ""
11839
"See the <ulink "
11840
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11841
"more details on using <application>etckeeper</application>."
11842
msgstr ""
11843
11844
#: serverguide/C/other-apps.xml:368(para)
11845
msgid ""
11846
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11847
"Ubuntu Wiki</ulink> page."
11848
msgstr ""
11849
11850
#: serverguide/C/other-apps.xml:373(para)
11851
msgid ""
11852
"For the latest news and information about <application>bzr</application> see "
11853
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11854
msgstr ""
11855
11856
#: serverguide/C/other-apps.xml:378(para)
11889
#: serverguide/C/other-apps.xml:361(para)
11857
11890
msgid ""
11858
11891
"For more information on <application>screen</application> see the <ulink "
11859
11892
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11860
11893
msgstr ""
11861
11894
11862
#: serverguide/C/other-apps.xml:383(para)
11895
#: serverguide/C/other-apps.xml:366(para)
11863
11896
msgid ""
11864
11897
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11865
11898
"screen</ulink> page."
11866
11899
msgstr ""
11867
11900
11868
#: serverguide/C/other-apps.xml:388(para)
11901
#: serverguide/C/other-apps.xml:371(para)
11869
11902
msgid ""
11870
11903
"Also, see the <application>byobu</application><ulink "
11871
11904
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11887
11920
"discussion of popular network protocols."
11888
11921
msgstr ""
11889
11922
11890
#: serverguide/C/network-config.xml:25(title)
11923
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
11891
11924
msgid "Network Configuration"
11892
11925
msgstr ""
11893
11926
12170
12203
"persistent way to do DNS client configuration is in a following section."
12171
12204
msgstr ""
12172
12205
12173
#: serverguide/C/network-config.xml:226(programlisting)
12206
#: serverguide/C/network-config.xml:224(programlisting)
12174
12207
#, no-wrap
12175
12208
msgid ""
12176
12209
"\n"
12178
12211
"nameserver 8.8.4.4\n"
12179
12212
msgstr ""
12180
12213
12181
#: serverguide/C/network-config.xml:230(para)
12214
#: serverguide/C/network-config.xml:228(para)
12182
12215
msgid ""
12183
12216
"If you no longer need this configuration and wish to purge all IP "
12184
12217
"configuration from an interface, you can use the "
12185
12218
"<application>ip</application> command with the flush option as shown below."
12186
12219
msgstr ""
12187
12220
12188
#: serverguide/C/network-config.xml:236(command)
12221
#: serverguide/C/network-config.xml:234(command)
12189
12222
msgid "ip addr flush eth0"
12190
12223
msgstr ""
12191
12224
12199
12232
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12200
12233
msgstr ""
12201
12234
12202
#: serverguide/C/network-config.xml:249(title)
12235
#: serverguide/C/network-config.xml:245(title)
12203
12236
msgid "Dynamic IP Address Assignment (DHCP Client)"
12204
12237
msgstr ""
12205
12238
12206
#: serverguide/C/network-config.xml:250(para)
12239
#: serverguide/C/network-config.xml:246(para)
12207
12240
msgid ""
12208
12241
"To configure your server to use DHCP for dynamic address assignment, add the "
12209
12242
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12213
12246
"role=\"italic\">eth0</emphasis>."
12214
12247
msgstr ""
12215
12248
12216
#: serverguide/C/network-config.xml:257(programlisting)
12249
#: serverguide/C/network-config.xml:253(programlisting)
12217
12250
#, no-wrap
12218
12251
msgid ""
12219
12252
"\n"
12221
12254
"iface eth0 inet dhcp\n"
12222
12255
msgstr ""
12223
12256
12224
#: serverguide/C/network-config.xml:261(para)
12257
#: serverguide/C/network-config.xml:257(para)
12225
12258
msgid ""
12226
12259
"By adding an interface configuration as shown above, you can manually enable "
12227
12260
"the interface through the <application>ifup</application> command which "
12228
12261
"initiates the DHCP process via <application>dhclient</application>."
12229
12262
msgstr ""
12230
12263
12231
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12264
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12232
12265
msgid "sudo ifup eth0"
12233
12266
msgstr ""
12234
12267
12235
#: serverguide/C/network-config.xml:269(para)
12268
#: serverguide/C/network-config.xml:265(para)
12236
12269
msgid ""
12237
12270
"To manually disable the interface, you can use the "
12238
12271
"<application>ifdown</application> command, which in turn will initiate the "
12239
12272
"DHCP release process and shut down the interface."
12240
12273
msgstr ""
12241
12274
12242
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12275
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12243
12276
msgid "sudo ifdown eth0"
12244
12277
msgstr ""
12245
12278
12246
#: serverguide/C/network-config.xml:280(title)
12279
#: serverguide/C/network-config.xml:276(title)
12247
12280
msgid "Static IP Address Assignment"
12248
12281
msgstr ""
12249
12282
12250
#: serverguide/C/network-config.xml:281(para)
12283
#: serverguide/C/network-config.xml:277(para)
12251
12284
msgid ""
12252
12285
"To configure your system to use a static IP address assignment, add the "
12253
12286
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12261
12294
"network."
12262
12295
msgstr ""
12263
12296
12264
#: serverguide/C/network-config.xml:290(programlisting)
12297
#: serverguide/C/network-config.xml:286(programlisting)
12265
12298
#, no-wrap
12266
12299
msgid ""
12267
12300
"\n"
12272
12305
"gateway 10.0.0.1\n"
12273
12306
msgstr ""
12274
12307
12275
#: serverguide/C/network-config.xml:297(para)
12308
#: serverguide/C/network-config.xml:293(para)
12276
12309
msgid ""
12277
12310
"By adding an interface configuration as shown above, you can manually enable "
12278
12311
"the interface through the <application>ifup</application> command."
12279
12312
msgstr ""
12280
12313
12281
#: serverguide/C/network-config.xml:304(para)
12314
#: serverguide/C/network-config.xml:300(para)
12282
12315
msgid ""
12283
12316
"To manually disable the interface, you can use the "
12284
12317
"<application>ifdown</application> command."
12285
12318
msgstr ""
12286
12319
12287
#: serverguide/C/network-config.xml:314(title)
12320
#: serverguide/C/network-config.xml:310(title)
12288
12321
msgid "Loopback Interface"
12289
12322
msgstr ""
12290
12323
12291
#: serverguide/C/network-config.xml:315(para)
12324
#: serverguide/C/network-config.xml:311(para)
12292
12325
msgid ""
12293
12326
"The loopback interface is identified by the system as <emphasis "
12294
12327
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12295
12328
"can be viewed using the ifconfig command."
12296
12329
msgstr ""
12297
12330
12298
#: serverguide/C/network-config.xml:320(command)
12331
#: serverguide/C/network-config.xml:316(command)
12299
12332
msgid "ifconfig lo"
12300
12333
msgstr ""
12301
12334
12302
#: serverguide/C/network-config.xml:321(computeroutput)
12335
#: serverguide/C/network-config.xml:317(computeroutput)
12303
12336
#, no-wrap
12304
12337
msgid ""
12305
12338
"lo Link encap:Local Loopback \n"
12312
12345
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12313
12346
msgstr ""
12314
12347
12315
#: serverguide/C/network-config.xml:330(para)
12348
#: serverguide/C/network-config.xml:326(para)
12316
12349
msgid ""
12317
12350
"By default, there should be two lines in "
12318
12351
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12321
12354
"example of the two default lines are shown below."
12322
12355
msgstr ""
12323
12356
12324
#: serverguide/C/network-config.xml:336(programlisting)
12357
#: serverguide/C/network-config.xml:332(programlisting)
12325
12358
#, no-wrap
12326
12359
msgid ""
12327
12360
"\n"
12329
12362
"iface lo inet loopback\n"
12330
12363
msgstr ""
12331
12364
12332
#: serverguide/C/network-config.xml:345(title)
12365
#: serverguide/C/network-config.xml:341(title)
12333
12366
msgid "Name Resolution"
12334
12367
msgstr ""
12335
12368
12336
#: serverguide/C/network-config.xml:346(para)
12369
#: serverguide/C/network-config.xml:342(para)
12337
12370
msgid ""
12338
12371
"Name resolution as it relates to IP networking is the process of mapping IP "
12339
12372
"addresses to hostnames, making it easier to identify resources on a network. "
12341
12374
"name resolution using DNS and static hostname records."
12342
12375
msgstr ""
12343
12376
12344
#: serverguide/C/network-config.xml:354(title)
12377
#: serverguide/C/network-config.xml:350(title)
12345
12378
msgid "DNS Client Configuration"
12346
12379
msgstr ""
12347
12380
12348
#: serverguide/C/network-config.xml:366(programlisting)
12381
#: serverguide/C/network-config.xml:362(programlisting)
12349
12382
#, no-wrap
12350
12383
msgid ""
12351
12384
"\n"
12378
12411
"following:"
12379
12412
msgstr ""
12380
12413
12381
#: serverguide/C/network-config.xml:377(programlisting)
12414
#: serverguide/C/network-config.xml:373(programlisting)
12382
12415
#, no-wrap
12383
12416
msgid ""
12384
12417
"\n"
12390
12423
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12391
12424
msgstr ""
12392
12425
12393
#: serverguide/C/network-config.xml:386(para)
12426
#: serverguide/C/network-config.xml:382(para)
12394
12427
msgid ""
12395
12428
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12396
12429
"multiple domain names so that DNS queries will be appended in the order in "
12401
12434
"role=\"italic\">dev.example.com</emphasis>."
12402
12435
msgstr ""
12403
12436
12404
#: serverguide/C/network-config.xml:393(para)
12437
#: serverguide/C/network-config.xml:389(para)
12405
12438
msgid ""
12406
12439
"If you have multiple domains you wish to search, your configuration might "
12407
12440
"look like the following:"
12408
12441
msgstr ""
12409
12442
12410
#: serverguide/C/network-config.xml:397(programlisting)
12443
#: serverguide/C/network-config.xml:393(programlisting)
12411
12444
#, no-wrap
12412
12445
msgid ""
12413
12446
"\n"
12419
12452
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12420
12453
msgstr ""
12421
12454
12422
#: serverguide/C/network-config.xml:406(para)
12455
#: serverguide/C/network-config.xml:402(para)
12423
12456
msgid ""
12424
12457
"If you try to ping a host with the name of <emphasis "
12425
12458
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12426
12459
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12427
12460
msgstr ""
12428
12461
12429
#: serverguide/C/network-config.xml:413(para)
12462
#: serverguide/C/network-config.xml:409(para)
12430
12463
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12431
12464
msgstr ""
12432
12465
12433
#: serverguide/C/network-config.xml:418(para)
12466
#: serverguide/C/network-config.xml:414(para)
12434
12467
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12435
12468
msgstr ""
12436
12469
12437
#: serverguide/C/network-config.xml:423(para)
12470
#: serverguide/C/network-config.xml:419(para)
12438
12471
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12439
12472
msgstr ""
12440
12473
12441
#: serverguide/C/network-config.xml:428(para)
12474
#: serverguide/C/network-config.xml:424(para)
12442
12475
msgid ""
12443
12476
"If no matches are found, the DNS server will provide a result of <emphasis "
12444
12477
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12445
12478
msgstr ""
12446
12479
12447
#: serverguide/C/network-config.xml:435(title)
12480
#: serverguide/C/network-config.xml:431(title)
12448
12481
msgid "Static Hostnames"
12449
12482
msgstr ""
12450
12483
12451
#: serverguide/C/network-config.xml:436(para)
12484
#: serverguide/C/network-config.xml:432(para)
12452
12485
msgid ""
12453
12486
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12454
12487
"file <filename>/etc/hosts</filename>. Entries in the "
12460
12493
"conveniently set to use static hostnames instead of DNS."
12461
12494
msgstr ""
12462
12495
12463
#: serverguide/C/network-config.xml:443(para)
12496
#: serverguide/C/network-config.xml:439(para)
12464
12497
msgid ""
12465
12498
"The following is an example of a <filename>hosts</filename> file where a "
12466
12499
"number of local servers have been identified by simple hostnames, aliases "
12467
12500
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12468
12501
msgstr ""
12469
12502
12470
#: serverguide/C/network-config.xml:447(programlisting)
12503
#: serverguide/C/network-config.xml:443(programlisting)
12471
12504
#, no-wrap
12472
12505
msgid ""
12473
12506
"\n"
12479
12512
"10.0.0.14\tserver4 server4.example.com file\n"
12480
12513
msgstr ""
12481
12514
12482
#: serverguide/C/network-config.xml:456(para)
12515
#: serverguide/C/network-config.xml:452(para)
12483
12516
msgid ""
12484
12517
"In the above example, notice that each of the servers have been given "
12485
12518
"aliases in addition to their proper names and FQDN's. <emphasis "
12492
12525
"role=\"italic\">file</emphasis>."
12493
12526
msgstr ""
12494
12527
12495
#: serverguide/C/network-config.xml:468(title)
12528
#: serverguide/C/network-config.xml:464(title)
12496
12529
msgid "Name Service Switch Configuration"
12497
12530
msgstr ""
12498
12531
12499
#: serverguide/C/network-config.xml:469(para)
12532
#: serverguide/C/network-config.xml:465(para)
12500
12533
msgid ""
12501
12534
"The order in which your system selects a method of resolving hostnames to IP "
12502
12535
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12507
12540
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12508
12541
msgstr ""
12509
12542
12510
#: serverguide/C/network-config.xml:477(programlisting)
12543
#: serverguide/C/network-config.xml:473(programlisting)
12511
12544
#, no-wrap
12512
12545
msgid ""
12513
12546
"\n"
12514
12547
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12515
12548
msgstr ""
12516
12549
12517
#: serverguide/C/network-config.xml:483(para)
12550
#: serverguide/C/network-config.xml:479(para)
12518
12551
msgid ""
12519
12552
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12520
12553
"hostnames located in <filename>/etc/hosts</filename>."
12521
12554
msgstr ""
12522
12555
12523
#: serverguide/C/network-config.xml:489(para)
12556
#: serverguide/C/network-config.xml:485(para)
12524
12557
msgid ""
12525
12558
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12526
12559
"name using Multicast DNS."
12527
12560
msgstr ""
12528
12561
12529
#: serverguide/C/network-config.xml:494(para)
12562
#: serverguide/C/network-config.xml:490(para)
12530
12563
msgid ""
12531
12564
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12532
12565
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12535
12568
"answer."
12536
12569
msgstr ""
12537
12570
12538
#: serverguide/C/network-config.xml:502(para)
12571
#: serverguide/C/network-config.xml:498(para)
12539
12572
msgid ""
12540
12573
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12541
12574
msgstr ""
12542
12575
12543
#: serverguide/C/network-config.xml:507(para)
12576
#: serverguide/C/network-config.xml:503(para)
12544
12577
msgid ""
12545
12578
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12546
12579
msgstr ""
12547
12580
12548
#: serverguide/C/network-config.xml:513(para)
12581
#: serverguide/C/network-config.xml:509(para)
12549
12582
msgid ""
12550
12583
"To modify the order of the above mentioned name resolution methods, you can "
12551
12584
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12554
12587
"<filename>/etc/nsswitch.conf</filename> as shown below."
12555
12588
msgstr ""
12556
12589
12557
#: serverguide/C/network-config.xml:520(programlisting)
12590
#: serverguide/C/network-config.xml:516(programlisting)
12558
12591
#, no-wrap
12559
12592
msgid ""
12560
12593
"\n"
12561
12594
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12562
12595
msgstr ""
12563
12596
12564
#: serverguide/C/network-config.xml:527(title)
12597
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12565
12598
msgid "Bridging"
12566
12599
msgstr ""
12567
12600
12568
#: serverguide/C/network-config.xml:529(para)
12601
#: serverguide/C/network-config.xml:525(para)
12569
12602
msgid ""
12570
12603
"Bridging multiple interfaces is a more advanced configuration, but is very "
12571
12604
"useful in multiple scenarios. One scenario is setting up a bridge with "
12575
12608
"The following example covers the latter scenario."
12576
12609
msgstr ""
12577
12610
12578
#: serverguide/C/network-config.xml:536(para)
12611
#: serverguide/C/network-config.xml:532(para)
12579
12612
msgid ""
12580
12613
"Before configuring a bridge you will need to install the <application>bridge-"
12581
12614
"utils</application> package. To install the package, in a terminal enter:"
12582
12615
msgstr ""
12583
12616
12584
#: serverguide/C/network-config.xml:545(para)
12617
#: serverguide/C/network-config.xml:541(para)
12585
12618
msgid ""
12586
12619
"Next, configure the bridge by editing "
12587
12620
"<filename>/etc/network/interfaces</filename>:"
12588
12621
msgstr ""
12589
12622
12590
#: serverguide/C/network-config.xml:549(programlisting)
12623
#: serverguide/C/network-config.xml:545(programlisting)
12591
12624
#, no-wrap
12592
12625
msgid ""
12593
12626
"\n"
12608
12641
" bridge_stp off\n"
12609
12642
msgstr ""
12610
12643
12611
#: serverguide/C/network-config.xml:568(para)
12644
#: serverguide/C/network-config.xml:564(para)
12612
12645
msgid "Enter the appropriate values for your physical interface and network."
12613
12646
msgstr ""
12614
12647
12620
12653
msgid "sudo ifup br0"
12621
12654
msgstr ""
12622
12655
12623
#: serverguide/C/network-config.xml:580(para)
12656
#: serverguide/C/network-config.xml:576(para)
12624
12657
msgid ""
12625
12658
"The new bridge interface should now be up and running. The "
12626
12659
"<application>brctl</application> provides useful information about the state "
12628
12661
"<command>man brctl</command> for more information."
12629
12662
msgstr ""
12630
12663
12631
#: serverguide/C/network-config.xml:596(para)
12664
#: serverguide/C/network-config.xml:592(para)
12632
12665
msgid ""
12633
12666
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12634
12667
"Network page</ulink> has links to articles covering more advanced network "
12635
12668
"configuration."
12636
12669
msgstr ""
12637
12670
12638
#: serverguide/C/network-config.xml:602(para)
12671
#: serverguide/C/network-config.xml:598(para)
12639
12672
msgid ""
12640
12673
"The <ulink "
12641
12674
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12642
12675
" man page</ulink> has more information on resolvconf."
12643
12676
msgstr ""
12644
12677
12645
#: serverguide/C/network-config.xml:608(para)
12678
#: serverguide/C/network-config.xml:604(para)
12646
12679
msgid ""
12647
12680
"The <ulink "
12648
12681
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12650
12683
"<filename>/etc/network/interfaces</filename>."
12651
12684
msgstr ""
12652
12685
12653
#: serverguide/C/network-config.xml:614(para)
12686
#: serverguide/C/network-config.xml:610(para)
12654
12687
msgid ""
12655
12688
"The <ulink "
12656
12689
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
12658
12691
"settings."
12659
12692
msgstr ""
12660
12693
12661
#: serverguide/C/network-config.xml:620(para)
12694
#: serverguide/C/network-config.xml:616(para)
12662
12695
msgid ""
12663
12696
"For more information on DNS client configuration see the <ulink "
12664
12697
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
12677
12710
"\">Networking-Bridge</ulink> page."
12678
12711
msgstr ""
12679
12712
12680
#: serverguide/C/network-config.xml:639(title)
12713
#: serverguide/C/network-config.xml:635(title)
12681
12714
msgid "TCP/IP"
12682
12715
msgstr ""
12683
12716
12684
#: serverguide/C/network-config.xml:640(para)
12717
#: serverguide/C/network-config.xml:636(para)
12685
12718
msgid ""
12686
12719
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12687
12720
"standard set of protocols developed in the late 1970s by the Defense "
12691
12724
"network protocols on Earth."
12692
12725
msgstr ""
12693
12726
12694
#: serverguide/C/network-config.xml:648(title)
12727
#: serverguide/C/network-config.xml:644(title)
12695
12728
msgid "TCP/IP Introduction"
12696
12729
msgstr ""
12697
12730
12698
#: serverguide/C/network-config.xml:649(para)
12731
#: serverguide/C/network-config.xml:645(para)
12699
12732
msgid ""
12700
12733
"The two protocol components of TCP/IP deal with different aspects of "
12701
12734
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12710
12743
"host."
12711
12744
msgstr ""
12712
12745
12713
#: serverguide/C/network-config.xml:662(title)
12746
#: serverguide/C/network-config.xml:658(title)
12714
12747
msgid "TCP/IP Configuration"
12715
12748
msgstr ""
12716
12749
12717
#: serverguide/C/network-config.xml:663(para)
12750
#: serverguide/C/network-config.xml:659(para)
12718
12751
msgid ""
12719
12752
"The TCP/IP protocol configuration consists of several elements which must be "
12720
12753
"set by editing the appropriate configuration files, or deploying solutions "
12725
12758
"system."
12726
12759
msgstr ""
12727
12760
12728
#: serverguide/C/network-config.xml:675(para)
12761
#: serverguide/C/network-config.xml:671(para)
12729
12762
msgid ""
12730
12763
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12731
12764
"identifying string expressed as four decimal numbers ranging from zero (0) "
12735
12768
"<emphasis>dotted quad notation</emphasis>."
12736
12769
msgstr ""
12737
12770
12738
#: serverguide/C/network-config.xml:685(para)
12771
#: serverguide/C/network-config.xml:681(para)
12739
12772
msgid ""
12740
12773
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12741
12774
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12746
12779
"remain available for specifying hosts on the subnetwork."
12747
12780
msgstr ""
12748
12781
12749
#: serverguide/C/network-config.xml:696(para)
12782
#: serverguide/C/network-config.xml:692(para)
12750
12783
msgid ""
12751
12784
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12752
12785
"represents the bytes comprising the network portion of an IP address. For "
12759
12792
"network and a zero (0) for all the possible hosts on the network."
12760
12793
msgstr ""
12761
12794
12762
#: serverguide/C/network-config.xml:709(para)
12795
#: serverguide/C/network-config.xml:705(para)
12763
12796
msgid ""
12764
12797
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12765
12798
"is an IP address which allows network data to be sent simultaneously to all "
12773
12806
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12774
12807
msgstr ""
12775
12808
12776
#: serverguide/C/network-config.xml:722(para)
12809
#: serverguide/C/network-config.xml:718(para)
12777
12810
msgid ""
12778
12811
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12779
12812
"IP address through which a particular network, or host on a network, may be "
12786
12819
"not be able to reach any hosts beyond those on the same network."
12787
12820
msgstr ""
12788
12821
12789
#: serverguide/C/network-config.xml:733(para)
12822
#: serverguide/C/network-config.xml:729(para)
12790
12823
msgid ""
12791
12824
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12792
12825
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12812
12845
"command typed at a terminal prompt:"
12813
12846
msgstr ""
12814
12847
12815
#: serverguide/C/network-config.xml:754(para)
12848
#: serverguide/C/network-config.xml:750(para)
12816
12849
msgid ""
12817
12850
"Access the system manual page for <filename>interfaces</filename> with the "
12818
12851
"following command:"
12819
12852
msgstr ""
12820
12853
12821
#: serverguide/C/network-config.xml:759(command)
12854
#: serverguide/C/network-config.xml:755(command)
12822
12855
msgid "man interfaces"
12823
12856
msgstr ""
12824
12857
12825
#: serverguide/C/network-config.xml:671(para)
12858
#: serverguide/C/network-config.xml:667(para)
12826
12859
msgid ""
12827
12860
"The common configuration elements of TCP/IP and their purposes are as "
12828
12861
"follows: <placeholder-1/>"
12829
12862
msgstr ""
12830
12863
12831
#: serverguide/C/network-config.xml:767(title)
12864
#: serverguide/C/network-config.xml:771(title)
12832
12865
msgid "IP Routing"
12833
12866
msgstr ""
12834
12867
12835
#: serverguide/C/network-config.xml:768(para)
12868
#: serverguide/C/network-config.xml:772(para)
12836
12869
msgid ""
12837
12870
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12838
12871
"network along which network data may be sent. Routing uses a set of "
12843
12876
"<emphasis>Dynamic Routing.</emphasis>"
12844
12877
msgstr ""
12845
12878
12846
#: serverguide/C/network-config.xml:777(para)
12879
#: serverguide/C/network-config.xml:781(para)
12847
12880
msgid ""
12848
12881
"Static routing involves manually adding IP routes to the system's routing "
12849
12882
"table, and this is usually done by manipulating the routing table with the "
12858
12891
"and failures along the route due to the fixed nature of the route."
12859
12892
msgstr ""
12860
12893
12861
#: serverguide/C/network-config.xml:787(para)
12894
#: serverguide/C/network-config.xml:791(para)
12862
12895
msgid ""
12863
12896
"Dynamic routing depends on large networks with multiple possible IP routes "
12864
12897
"from a source to a destination and makes use of special routing protocols, "
12875
12908
"immediately benefit the end users, but still consumes network bandwidth."
12876
12909
msgstr ""
12877
12910
12878
#: serverguide/C/network-config.xml:801(title)
12911
#: serverguide/C/network-config.xml:805(title)
12879
12912
msgid "TCP and UDP"
12880
12913
msgstr ""
12881
12914
12882
#: serverguide/C/network-config.xml:802(para)
12915
#: serverguide/C/network-config.xml:806(para)
12883
12916
msgid ""
12884
12917
"TCP is a connection-based protocol, offering error correction and guaranteed "
12885
12918
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12890
12923
"important information such as database transactions."
12891
12924
msgstr ""
12892
12925
12893
#: serverguide/C/network-config.xml:810(para)
12926
#: serverguide/C/network-config.xml:814(para)
12894
12927
msgid ""
12895
12928
"The User Datagram Protocol (UDP), on the other hand, is a "
12896
12929
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12901
12934
"loss of a few packets is not generally catastrophic."
12902
12935
msgstr ""
12903
12936
12904
#: serverguide/C/network-config.xml:820(title)
12937
#: serverguide/C/network-config.xml:824(title)
12905
12938
msgid "ICMP"
12906
12939
msgstr ""
12907
12940
12908
#: serverguide/C/network-config.xml:821(para)
12941
#: serverguide/C/network-config.xml:825(para)
12909
12942
msgid ""
12910
12943
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12911
12944
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12918
12951
"<emphasis>Time Exceeded</emphasis>."
12919
12952
msgstr ""
12920
12953
12921
#: serverguide/C/network-config.xml:831(title)
12954
#: serverguide/C/network-config.xml:835(title)
12922
12955
msgid "Daemons"
12923
12956
msgstr ""
12924
12957
12925
#: serverguide/C/network-config.xml:832(para)
12958
#: serverguide/C/network-config.xml:836(para)
12926
12959
msgid ""
12927
12960
"Daemons are special system applications which typically execute continuously "
12928
12961
"in the background and await requests for the functions they provide from "
12945
12978
"that contain more useful information."
12946
12979
msgstr ""
12947
12980
12948
#: serverguide/C/network-config.xml:853(para)
12981
#: serverguide/C/network-config.xml:857(para)
12949
12982
msgid ""
12950
12983
"Also, see the <ulink "
12951
12984
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12952
12985
"and Technical Overview</ulink> IBM Redbook."
12953
12986
msgstr ""
12954
12987
12955
#: serverguide/C/network-config.xml:859(para)
12988
#: serverguide/C/network-config.xml:863(para)
12956
12989
msgid ""
12957
12990
"Another resource is O'Reilly's <ulink "
12958
12991
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12959
12992
"Administration</ulink>."
12960
12993
msgstr ""
12961
12994
12962
#: serverguide/C/network-config.xml:868(title)
12995
#: serverguide/C/network-config.xml:872(title)
12963
12996
msgid "Dynamic Host Configuration Protocol (DHCP)"
12964
12997
msgstr ""
12965
12998
12966
#: serverguide/C/network-config.xml:869(para)
12999
#: serverguide/C/network-config.xml:873(para)
12967
13000
msgid ""
12968
13001
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12969
13002
"enables host computers to be automatically assigned settings from a server "
12972
13005
"DHCP server, and the configuration is transparent to the computer's user."
12973
13006
msgstr ""
12974
13007
12975
#: serverguide/C/network-config.xml:876(para)
13008
#: serverguide/C/network-config.xml:880(para)
12976
13009
msgid ""
12977
13010
"The most common settings provided by a DHCP server to DHCP clients include:"
12978
13011
msgstr ""
12979
13012
12980
#: serverguide/C/network-config.xml:881(para)
13013
#: serverguide/C/network-config.xml:885(para)
12981
13014
msgid "IP address and netmask"
12982
13015
msgstr ""
12983
13016
12984
#: serverguide/C/network-config.xml:884(para)
13017
#: serverguide/C/network-config.xml:888(para)
12985
13018
msgid "IP address of the default-gateway to use"
12986
13019
msgstr ""
12987
13020
12988
#: serverguide/C/network-config.xml:887(para)
13021
#: serverguide/C/network-config.xml:891(para)
12989
13022
msgid "IP adresses of the DNS servers to use"
12990
13023
msgstr ""
12991
13024
12992
#: serverguide/C/network-config.xml:890(para)
13025
#: serverguide/C/network-config.xml:894(para)
12993
13026
msgid ""
12994
13027
"However, a DHCP server can also supply configuration properties such as:"
12995
13028
msgstr ""
12996
13029
12997
#: serverguide/C/network-config.xml:895(para)
13030
#: serverguide/C/network-config.xml:899(para)
12998
13031
msgid "Host Name"
12999
13032
msgstr ""
13000
13033
13001
#: serverguide/C/network-config.xml:898(para)
13034
#: serverguide/C/network-config.xml:902(para)
13002
13035
msgid "Domain Name"
13003
13036
msgstr ""
13004
13037
13005
#: serverguide/C/network-config.xml:901(para)
13038
#: serverguide/C/network-config.xml:905(para)
13006
13039
msgid "Time Server"
13007
13040
msgstr ""
13008
13041
13009
#: serverguide/C/network-config.xml:907(para)
13042
#: serverguide/C/network-config.xml:911(para)
13010
13043
msgid ""
13011
13044
"The advantage of using DHCP is that changes to the network, for example a "
13012
13045
"change in the address of the DNS server, need only be changed at the DHCP "
13017
13050
"also reduced."
13018
13051
msgstr ""
13019
13052
13020
#: serverguide/C/network-config.xml:915(para)
13053
#: serverguide/C/network-config.xml:919(para)
13021
13054
msgid ""
13022
13055
"A DHCP server can provide configuration settings using the following methods:"
13023
13056
msgstr ""
13024
13057
13025
#: serverguide/C/network-config.xml:920(term)
13058
#: serverguide/C/network-config.xml:924(term)
13026
13059
msgid "Manual allocation (MAC address)"
13027
13060
msgstr ""
13028
13061
13029
#: serverguide/C/network-config.xml:922(para)
13062
#: serverguide/C/network-config.xml:926(para)
13030
13063
msgid ""
13031
13064
"This method entails using DHCP to identify the unique hardware address of "
13032
13065
"each network card connected to the network and then continually supplying a "
13035
13068
"assigned automatically to that network card, based on it's MAC address."
13036
13069
msgstr ""
13037
13070
13038
#: serverguide/C/network-config.xml:933(term)
13071
#: serverguide/C/network-config.xml:937(term)
13039
13072
msgid "Dynamic allocation (address pool)"
13040
13073
msgstr ""
13041
13074
13053
13086
"renegociate the lease with the server to maintain use of the address."
13054
13087
msgstr ""
13055
13088
13056
#: serverguide/C/network-config.xml:949(term)
13089
#: serverguide/C/network-config.xml:952(term)
13057
13090
msgid "Automatic allocation"
13058
13091
msgstr ""
13059
13092
13060
#: serverguide/C/network-config.xml:951(para)
13093
#: serverguide/C/network-config.xml:954(para)
13061
13094
msgid ""
13062
13095
"Using this method, the DHCP automatically assigns an IP address permanently "
13063
13096
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13079
13112
"and configure and will be automatically started at system boot."
13080
13113
msgstr ""
13081
13114
13082
#: serverguide/C/network-config.xml:974(para)
13115
#: serverguide/C/network-config.xml:976(para)
13083
13116
msgid ""
13084
13117
"At a terminal prompt, enter the following command to install "
13085
13118
"<application>dhcpd</application>:"
13086
13119
msgstr ""
13087
13120
13088
#: serverguide/C/network-config.xml:979(command)
13121
#: serverguide/C/network-config.xml:981(command)
13089
13122
msgid "sudo apt-get install isc-dhcp-server"
13090
13123
msgstr ""
13091
13124
13092
#: serverguide/C/network-config.xml:981(para)
13125
#: serverguide/C/network-config.xml:983(para)
13093
13126
msgid ""
13094
13127
"You will probably need to change the default configuration by editing "
13095
13128
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13096
13129
msgstr ""
13097
13130
13098
#: serverguide/C/network-config.xml:985(para)
13131
#: serverguide/C/network-config.xml:987(para)
13099
13132
msgid ""
13100
13133
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13101
13134
"interfaces dhcpd should listen to."
13102
13135
msgstr ""
13103
13136
13104
#: serverguide/C/network-config.xml:989(para)
13137
#: serverguide/C/network-config.xml:991(para)
13105
13138
msgid ""
13106
13139
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13107
13140
"messages."
13108
13141
msgstr ""
13109
13142
13110
#: serverguide/C/network-config.xml:996(para)
13143
#: serverguide/C/network-config.xml:998(para)
13111
13144
msgid ""
13112
13145
"The error message the installation ends with might be a little confusing, "
13113
13146
"but the following steps will help you configure the service:"
13114
13147
msgstr ""
13115
13148
13116
#: serverguide/C/network-config.xml:1000(para)
13149
#: serverguide/C/network-config.xml:1002(para)
13117
13150
msgid ""
13118
13151
"Most commonly, what you want to do is assign an IP address randomly. This "
13119
13152
"can be done with settings as follows:"
13120
13153
msgstr ""
13121
13154
13122
#: serverguide/C/network-config.xml:1004(programlisting)
13155
#: serverguide/C/network-config.xml:1006(programlisting)
13123
13156
#, no-wrap
13124
13157
msgid ""
13125
13158
"\n"
13135
13168
"} \n"
13136
13169
msgstr ""
13137
13170
13138
#: serverguide/C/network-config.xml:1016(para)
13171
#: serverguide/C/network-config.xml:1018(para)
13139
13172
msgid ""
13140
13173
"This will result in the DHCP server giving clients an IP address from the "
13141
13174
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13145
13178
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13146
13179
msgstr ""
13147
13180
13148
#: serverguide/C/network-config.xml:1024(para)
13181
#: serverguide/C/network-config.xml:1026(para)
13149
13182
msgid ""
13150
13183
"After changing the config file you have to restart the "
13151
13184
"<application>dhcpd</application>:"
13155
13188
msgid "sudo service isc-dhcp-server restart"
13156
13189
msgstr ""
13157
13190
13158
#: serverguide/C/network-config.xml:1037(para)
13191
#: serverguide/C/network-config.xml:1039(para)
13159
13192
msgid ""
13160
13193
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13161
13194
"server Ubuntu Wiki</ulink> page has more information."
13168
13201
"dhcpd.conf man page</ulink>."
13169
13202
msgstr ""
13170
13203
13171
#: serverguide/C/network-config.xml:1049(ulink)
13204
#: serverguide/C/network-config.xml:1051(ulink)
13172
13205
msgid "ISC dhcp-server"
13173
13206
msgstr ""
13174
13207
13175
#: serverguide/C/network-config.xml:1058(title)
13208
#: serverguide/C/network-config.xml:1060(title)
13176
13209
msgid "Time Synchronisation with NTP"
13177
13210
msgstr ""
13178
13211
13179
#: serverguide/C/network-config.xml:1059(para)
13212
#: serverguide/C/network-config.xml:1061(para)
13180
13213
msgid ""
13181
13214
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13182
13215
"client requests the current time from a server, and uses it to set its own "
13183
13216
"clock."
13184
13217
msgstr ""
13185
13218
13186
#: serverguide/C/network-config.xml:1062(para)
13219
#: serverguide/C/network-config.xml:1064(para)
13187
13220
msgid ""
13188
13221
"Behind this simple description, there is a lot of complexity - there are "
13189
13222
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13195
13228
"from you!"
13196
13229
msgstr ""
13197
13230
13198
#: serverguide/C/network-config.xml:1065(para)
13231
#: serverguide/C/network-config.xml:1067(para)
13199
13232
msgid "Ubuntu uses ntpdate and ntpd."
13200
13233
msgstr ""
13201
13234
13202
#: serverguide/C/network-config.xml:1070(title)
13235
#: serverguide/C/network-config.xml:1072(title)
13203
13236
msgid "ntpdate"
13204
13237
msgstr ""
13205
13238
13206
#: serverguide/C/network-config.xml:1071(para)
13239
#: serverguide/C/network-config.xml:1073(para)
13207
13240
msgid ""
13208
13241
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13209
13242
"set up your time according to Ubuntu's NTP server."
13210
13243
msgstr ""
13211
13244
13212
#: serverguide/C/network-config.xml:1074(programlisting)
13245
#: serverguide/C/network-config.xml:1076(programlisting)
13213
13246
#, no-wrap
13214
13247
msgid ""
13215
13248
"\n"
13216
13249
"ntpdate -s ntp.ubuntu.com\n"
13217
13250
msgstr ""
13218
13251
13219
#: serverguide/C/network-config.xml:1080(title)
13252
#: serverguide/C/network-config.xml:1082(title)
13220
13253
msgid "ntpd"
13221
13254
msgstr ""
13222
13255
13223
#: serverguide/C/network-config.xml:1081(para)
13256
#: serverguide/C/network-config.xml:1083(para)
13224
13257
msgid ""
13225
13258
"The ntp daemon ntpd calculates the drift of your system clock and "
13226
13259
"continuously adjusts it, so there are no large corrections that could lead "
13228
13261
"memory, but for a modern server this is negligible."
13229
13262
msgstr ""
13230
13263
13231
#: serverguide/C/network-config.xml:1088(para)
13264
#: serverguide/C/network-config.xml:1090(para)
13232
13265
msgid "To install ntpd, from a terminal prompt enter:"
13233
13266
msgstr ""
13234
13267
13235
#: serverguide/C/network-config.xml:1093(command)
13268
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13236
13269
msgid "sudo apt-get install ntp"
13237
13270
msgstr ""
13238
13271
13239
#: serverguide/C/network-config.xml:1100(para)
13272
#: serverguide/C/network-config.xml:1102(para)
13240
13273
msgid ""
13241
13274
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13242
13275
"default these servers are configured:"
13243
13276
msgstr ""
13244
13277
13245
#: serverguide/C/network-config.xml:1105(programlisting)
13278
#: serverguide/C/network-config.xml:1107(programlisting)
13246
13279
#, no-wrap
13247
13280
msgid ""
13248
13281
"\n"
13255
13288
"server 3.ubuntu.pool.ntp.org\n"
13256
13289
msgstr ""
13257
13290
13258
#: serverguide/C/network-config.xml:1115(para)
13291
#: serverguide/C/network-config.xml:1117(para)
13259
13292
msgid ""
13260
13293
"After changing the config file you have to reload the "
13261
13294
"<application>ntpd</application>:"
13265
13298
msgid "sudo service ntp reload"
13266
13299
msgstr ""
13267
13300
13268
#: serverguide/C/network-config.xml:1124(title)
13301
#: serverguide/C/network-config.xml:1126(title)
13269
13302
msgid "View status"
13270
13303
msgstr ""
13271
13304
13273
13306
msgid "Use ntpq to see more info:"
13274
13307
msgstr ""
13275
13308
13276
#: serverguide/C/network-config.xml:1129(command)
13309
#: serverguide/C/network-config.xml:1131(command)
13277
13310
msgid "# sudo ntpq -p"
13278
13311
msgstr ""
13279
13312
13280
#: serverguide/C/network-config.xml:1130(computeroutput)
13313
#: serverguide/C/network-config.xml:1132(computeroutput)
13281
13314
#, no-wrap
13282
13315
msgid ""
13283
13316
" remote refid st t when poll reach delay offset "
13296
13329
"92.792"
13297
13330
msgstr ""
13298
13331
13299
#: serverguide/C/network-config.xml:1145(para)
13332
#: serverguide/C/network-config.xml:1147(para)
13300
13333
msgid ""
13301
13334
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13302
13335
"Time</ulink> wiki page for more information."
13303
13336
msgstr ""
13304
13337
13305
#: serverguide/C/network-config.xml:1151(ulink)
13338
#: serverguide/C/network-config.xml:1153(ulink)
13306
13339
msgid "ntp.org, home of the Network Time Protocol project"
13307
13340
msgstr ""
13308
13341
13324
13357
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13325
13358
"querying and modifying a X.500-based directory service running over TCP/IP. "
13326
13359
"The current LDAP version is LDAPv3, as defined in <ulink "
13327
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the LDAP "
13328
"implementation used in Ubuntu is OpenLDAP, currently at version 2.4.25 "
13329
"(Oneiric)."
13360
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13361
"implementation used in Ubuntu is from OpenLDAP."
13330
13362
msgstr ""
13331
13363
13332
13364
#: serverguide/C/network-auth.xml:27(para)
13333
13365
msgid ""
13334
"So this protocol accesses LDAP directories. Here are some key concepts and "
13335
"terms:"
13366
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13367
"and terms:"
13336
13368
msgstr ""
13337
13369
13338
13370
#: serverguide/C/network-auth.xml:34(para)
13365
13397
13366
13398
#: serverguide/C/network-auth.xml:66(para)
13367
13399
msgid ""
13368
"Each entry has a unique identifier: it's <emphasis>Distinguished "
13369
"Name</emphasis> (DN or dn). This consists of it's <emphasis>Relative "
13400
"Each entry has a unique identifier: its <emphasis>Distinguished "
13401
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13370
13402
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13371
13403
msgstr ""
13372
13404
13386
13418
13387
13419
#: serverguide/C/network-auth.xml:87(para)
13388
13420
msgid ""
13389
"For example, below we have a single entry consisting of 11 attributes. It's "
13390
"DN is \"cn=John Doe,dc=example,dc=com\"; it's RDN is \"cn=John Doe\"; and "
13391
"it's parent DN is \"dc=example,dc=com\"."
13392
msgstr ""
13393
13394
#: serverguide/C/network-auth.xml:92(programlisting)
13421
"For example, below we have a single entry consisting of 11 attributes where "
13422
"the following is true:"
13423
msgstr ""
13424
13425
#: serverguide/C/network-auth.xml:94(para)
13426
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13427
msgstr ""
13428
13429
#: serverguide/C/network-auth.xml:100(para)
13430
msgid "RDN is \"cn=John Doe\""
13431
msgstr ""
13432
13433
#: serverguide/C/network-auth.xml:106(para)
13434
msgid "parent DN is \"dc=example,dc=com\""
13435
msgstr ""
13436
13437
#: serverguide/C/network-auth.xml:113(programlisting)
13395
13438
#, no-wrap
13396
13439
msgid ""
13397
13440
"\n"
13409
13452
" objectClass: top\n"
13410
13453
msgstr ""
13411
13454
13412
#: serverguide/C/network-auth.xml:107(para)
13455
#: serverguide/C/network-auth.xml:128(para)
13413
13456
msgid ""
13414
13457
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13415
13458
"Interchange Format). Any information that you feed into your DIT must also "
13417
13460
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13418
13461
msgstr ""
13419
13462
13420
#: serverguide/C/network-auth.xml:112(para)
13463
#: serverguide/C/network-auth.xml:133(para)
13421
13464
msgid ""
13422
13465
"Although this guide will describe how to use it for central authentication, "
13423
13466
"LDAP is good for anything that involves a large number of access requests to "
13425
13468
"address book, a list of email addresses, and a mail server's configuration."
13426
13469
msgstr ""
13427
13470
13428
#: serverguide/C/network-auth.xml:121(para)
13471
#: serverguide/C/network-auth.xml:142(para)
13429
13472
msgid ""
13430
13473
"Install the OpenLDAP server daemon and the traditional LDAP management "
13431
13474
"utilities. These are found in packages <application>slapd</application> and "
13432
13475
"<application>ldap-utils</application> respectively."
13433
13476
msgstr ""
13434
13477
13435
#: serverguide/C/network-auth.xml:126(para)
13478
#: serverguide/C/network-auth.xml:147(para)
13436
13479
msgid ""
13437
13480
"The installation of slapd will create a working configuration. In "
13438
13481
"particular, it will create a database instance that you can use to store "
13444
13487
"a line similar to this:"
13445
13488
msgstr ""
13446
13489
13447
#: serverguide/C/network-auth.xml:134(programlisting)
13490
#: serverguide/C/network-auth.xml:155(programlisting)
13448
13491
#, no-wrap
13449
13492
msgid ""
13450
13493
"\n"
13451
13494
"127.0.1.1 hostname.example.com\thostname\n"
13452
13495
msgstr ""
13453
13496
13454
#: serverguide/C/network-auth.xml:138(para)
13497
#: serverguide/C/network-auth.xml:159(para)
13455
13498
msgid "You can revert the change after package installation."
13456
13499
msgstr ""
13457
13500
13458
#: serverguide/C/network-auth.xml:143(para)
13501
#: serverguide/C/network-auth.xml:164(para)
13459
13502
msgid ""
13460
13503
"This guide will use a database suffix of "
13461
13504
"<emphasis>dc=example,dc=com</emphasis>."
13462
13505
msgstr ""
13463
13506
13464
#: serverguide/C/network-auth.xml:148(para)
13507
#: serverguide/C/network-auth.xml:169(para)
13465
13508
msgid "Proceed with the install:"
13466
13509
msgstr ""
13467
13510
13468
#: serverguide/C/network-auth.xml:153(command)
13511
#: serverguide/C/network-auth.xml:174(command)
13469
13512
msgid "sudo apt-get install slapd ldap-utils"
13470
13513
msgstr ""
13471
13514
13472
#: serverguide/C/network-auth.xml:156(para)
13515
#: serverguide/C/network-auth.xml:177(para)
13473
13516
msgid ""
13474
13517
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13475
13518
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13482
13525
"will be eventually phased out."
13483
13526
msgstr ""
13484
13527
13485
#: serverguide/C/network-auth.xml:165(para)
13528
#: serverguide/C/network-auth.xml:186(para)
13486
13529
msgid ""
13487
13530
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13488
13531
"configuration and this guide reflects that."
13489
13532
msgstr ""
13490
13533
13491
#: serverguide/C/network-auth.xml:171(para)
13534
#: serverguide/C/network-auth.xml:192(para)
13492
13535
msgid ""
13493
13536
"During the install you were prompted to define administrative credentials. "
13494
13537
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13499
13542
"will see how to do this later on."
13500
13543
msgstr ""
13501
13544
13502
#: serverguide/C/network-auth.xml:178(para)
13545
#: serverguide/C/network-auth.xml:199(para)
13503
13546
msgid ""
13504
13547
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13505
13548
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13506
13549
"schema to work."
13507
13550
msgstr ""
13508
13551
13509
#: serverguide/C/network-auth.xml:186(title)
13552
#: serverguide/C/network-auth.xml:207(title)
13510
13553
msgid "Post-install Inspection"
13511
13554
msgstr ""
13512
13555
13513
#: serverguide/C/network-auth.xml:188(para)
13556
#: serverguide/C/network-auth.xml:209(para)
13514
13557
msgid ""
13515
13558
"The installation process set up 2 DITs. One for slapd-config and one for "
13516
13559
"your own data (dc=example,dc=com). Let's take a look."
13517
13560
msgstr ""
13518
13561
13519
#: serverguide/C/network-auth.xml:195(para)
13562
#: serverguide/C/network-auth.xml:216(para)
13520
13563
msgid ""
13521
13564
"This is what the slapd-config database/DIT looks like. Recall that this "
13522
13565
"database is LDIF-based and lives under "
13523
13566
"<filename>/etc/ldap/slapd.d</filename>:"
13524
13567
msgstr ""
13525
13568
13526
#: serverguide/C/network-auth.xml:201(computeroutput)
13569
#: serverguide/C/network-auth.xml:222(computeroutput)
13527
13570
#, no-wrap
13528
13571
msgid ""
13529
13572
"\n"
13543
13586
" /etc/ldap/slapd.d/cn=config.ldif\n"
13544
13587
msgstr ""
13545
13588
13546
#: serverguide/C/network-auth.xml:220(para)
13589
#: serverguide/C/network-auth.xml:242(para)
13547
13590
msgid ""
13548
13591
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13549
13592
"protocol (utilities)."
13550
13593
msgstr ""
13551
13594
13552
#: serverguide/C/network-auth.xml:228(para)
13595
#: serverguide/C/network-auth.xml:250(para)
13553
13596
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13554
13597
msgstr ""
13555
13598
13556
#: serverguide/C/network-auth.xml:233(command)
13599
#: serverguide/C/network-auth.xml:254(para)
13600
msgid ""
13601
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13602
"work due to a <ulink "
13603
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1392018\">bug</"
13604
"ulink>"
13605
msgstr ""
13606
13607
#: serverguide/C/network-auth.xml:255(command)
13557
13608
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13558
13609
msgstr ""
13559
13610
13560
#: serverguide/C/network-auth.xml:234(computeroutput)
13611
#: serverguide/C/network-auth.xml:256(computeroutput)
13561
13612
#, no-wrap
13562
13613
msgid ""
13563
13614
"\n"
13584
13635
"dn: olcDatabase={1}hdb,cn=config\n"
13585
13636
msgstr ""
13586
13637
13587
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
13638
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13588
13639
msgid "Explanation of entries:"
13589
13640
msgstr ""
13590
13641
13591
#: serverguide/C/network-auth.xml:266(para)
13642
#: serverguide/C/network-auth.xml:288(para)
13592
13643
msgid "<emphasis>cn=config</emphasis>: global settings"
13593
13644
msgstr ""
13594
13645
13595
#: serverguide/C/network-auth.xml:272(para)
13646
#: serverguide/C/network-auth.xml:294(para)
13596
13647
msgid ""
13597
13648
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13598
13649
msgstr ""
13599
13650
13600
#: serverguide/C/network-auth.xml:278(para)
13651
#: serverguide/C/network-auth.xml:300(para)
13601
13652
msgid ""
13602
13653
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13603
13654
"schema"
13604
13655
msgstr ""
13605
13656
13606
#: serverguide/C/network-auth.xml:284(para)
13657
#: serverguide/C/network-auth.xml:306(para)
13607
13658
msgid ""
13608
13659
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13609
13660
"schema"
13610
13661
msgstr ""
13611
13662
13612
#: serverguide/C/network-auth.xml:290(para)
13663
#: serverguide/C/network-auth.xml:312(para)
13613
13664
msgid ""
13614
13665
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13615
13666
msgstr ""
13616
13667
13617
#: serverguide/C/network-auth.xml:296(para)
13668
#: serverguide/C/network-auth.xml:318(para)
13618
13669
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13619
13670
msgstr ""
13620
13671
13621
#: serverguide/C/network-auth.xml:302(para)
13672
#: serverguide/C/network-auth.xml:324(para)
13622
13673
msgid ""
13623
13674
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13624
13675
"inetorgperson schema"
13625
13676
msgstr ""
13626
13677
13627
#: serverguide/C/network-auth.xml:308(para)
13678
#: serverguide/C/network-auth.xml:330(para)
13628
13679
msgid ""
13629
13680
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13630
13681
"type"
13631
13682
msgstr ""
13632
13683
13633
#: serverguide/C/network-auth.xml:314(para)
13684
#: serverguide/C/network-auth.xml:336(para)
13634
13685
msgid ""
13635
13686
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13636
13687
"default settings for other databases"
13637
13688
msgstr ""
13638
13689
13639
#: serverguide/C/network-auth.xml:320(para)
13690
#: serverguide/C/network-auth.xml:342(para)
13640
13691
msgid ""
13641
13692
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13642
13693
"database (cn=config)"
13643
13694
msgstr ""
13644
13695
13645
#: serverguide/C/network-auth.xml:326(para)
13696
#: serverguide/C/network-auth.xml:348(para)
13646
13697
msgid ""
13647
13698
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13648
13699
"(dc=examle,dc=com)"
13649
13700
msgstr ""
13650
13701
13651
#: serverguide/C/network-auth.xml:337(para)
13702
#: serverguide/C/network-auth.xml:359(para)
13652
13703
msgid "This is what the dc=example,dc=com DIT looks like:"
13653
13704
msgstr ""
13654
13705
13655
#: serverguide/C/network-auth.xml:342(command)
13706
#: serverguide/C/network-auth.xml:364(command)
13656
13707
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13657
13708
msgstr ""
13658
13709
13659
#: serverguide/C/network-auth.xml:343(computeroutput)
13710
#: serverguide/C/network-auth.xml:365(computeroutput)
13660
13711
#, no-wrap
13661
13712
msgid ""
13662
13713
"\n"
13665
13716
"dn: cn=admin,dc=example,dc=com\n"
13666
13717
msgstr ""
13667
13718
13668
#: serverguide/C/network-auth.xml:357(para)
13719
#: serverguide/C/network-auth.xml:379(para)
13669
13720
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13670
13721
msgstr ""
13671
13722
13672
#: serverguide/C/network-auth.xml:363(para)
13723
#: serverguide/C/network-auth.xml:385(para)
13673
13724
msgid ""
13674
13725
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13675
13726
"this DIT (set up during package install)"
13676
13727
msgstr ""
13677
13728
13678
#: serverguide/C/network-auth.xml:377(title)
13729
#: serverguide/C/network-auth.xml:399(title)
13679
13730
msgid "Modifying/Populating your Database"
13680
13731
msgstr ""
13681
13732
13682
#: serverguide/C/network-auth.xml:379(para)
13733
#: serverguide/C/network-auth.xml:401(para)
13683
13734
msgid ""
13684
13735
"Let's introduce some content to our database. We will add the following:"
13685
13736
msgstr ""
13686
13737
13687
#: serverguide/C/network-auth.xml:386(para)
13738
#: serverguide/C/network-auth.xml:408(para)
13688
13739
msgid "a node called <emphasis>People</emphasis> (to store users)"
13689
13740
msgstr ""
13690
13741
13691
#: serverguide/C/network-auth.xml:392(para)
13742
#: serverguide/C/network-auth.xml:414(para)
13692
13743
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13693
13744
msgstr ""
13694
13745
13695
#: serverguide/C/network-auth.xml:398(para)
13746
#: serverguide/C/network-auth.xml:420(para)
13696
13747
msgid "a group called <emphasis>miners</emphasis>"
13697
13748
msgstr ""
13698
13749
13699
#: serverguide/C/network-auth.xml:404(para)
13750
#: serverguide/C/network-auth.xml:426(para)
13700
13751
msgid "a user called <emphasis>john</emphasis>"
13701
13752
msgstr ""
13702
13753
13703
#: serverguide/C/network-auth.xml:411(para)
13754
#: serverguide/C/network-auth.xml:433(para)
13704
13755
msgid ""
13705
13756
"Create the following LDIF file and call it "
13706
13757
"<filename>add_content.ldif</filename>:"
13707
13758
msgstr ""
13708
13759
13709
#: serverguide/C/network-auth.xml:415(programlisting)
13760
#: serverguide/C/network-auth.xml:437(programlisting)
13710
13761
#, no-wrap
13711
13762
msgid ""
13712
13763
"\n"
13740
13791
"homeDirectory: /home/john\n"
13741
13792
msgstr ""
13742
13793
13743
#: serverguide/C/network-auth.xml:447(para)
13794
#: serverguide/C/network-auth.xml:469(para)
13744
13795
msgid ""
13745
13796
"It's important that uid and gid values in your directory do not collide with "
13746
13797
"local values. Use high number ranges, such as starting at 5000. By setting "
13748
13799
"what can be done with a local user vs a ldap one. More on that later."
13749
13800
msgstr ""
13750
13801
13751
#: serverguide/C/network-auth.xml:455(para)
13802
#: serverguide/C/network-auth.xml:477(para)
13752
13803
msgid "Add the content:"
13753
13804
msgstr ""
13754
13805
13755
#: serverguide/C/network-auth.xml:460(command)
13806
#: serverguide/C/network-auth.xml:482(command)
13756
13807
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
13757
13808
msgstr ""
13758
13809
13759
#: serverguide/C/network-auth.xml:462(application)
13810
#: serverguide/C/network-auth.xml:484(application)
13760
13811
msgid "********"
13761
13812
msgstr ""
13762
13813
13763
#: serverguide/C/network-auth.xml:461(computeroutput)
13814
#: serverguide/C/network-auth.xml:483(computeroutput)
13764
13815
#, no-wrap
13765
13816
msgid ""
13766
13817
"\n"
13774
13825
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
13775
13826
msgstr ""
13776
13827
13777
#: serverguide/C/network-auth.xml:473(para)
13828
#: serverguide/C/network-auth.xml:495(para)
13778
13829
msgid ""
13779
13830
"We can check that the information has been correctly added with the "
13780
13831
"<application>ldapsearch</application> utility:"
13781
13832
msgstr ""
13782
13833
13783
#: serverguide/C/network-auth.xml:478(command)
13834
#: serverguide/C/network-auth.xml:500(command)
13784
13835
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
13785
13836
msgstr ""
13786
13837
13787
#: serverguide/C/network-auth.xml:479(computeroutput)
13838
#: serverguide/C/network-auth.xml:501(computeroutput)
13788
13839
#, no-wrap
13789
13840
msgid ""
13790
13841
"\n"
13793
13844
"gidNumber: 5000\n"
13794
13845
msgstr ""
13795
13846
13796
#: serverguide/C/network-auth.xml:486(para)
13847
#: serverguide/C/network-auth.xml:508(para)
13797
13848
msgid "Explanation of switches:"
13798
13849
msgstr ""
13799
13850
13800
#: serverguide/C/network-auth.xml:493(para)
13851
#: serverguide/C/network-auth.xml:515(para)
13801
13852
msgid ""
13802
13853
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
13803
13854
"method"
13804
13855
msgstr ""
13805
13856
13806
#: serverguide/C/network-auth.xml:499(para)
13857
#: serverguide/C/network-auth.xml:521(para)
13807
13858
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
13808
13859
msgstr ""
13809
13860
13810
#: serverguide/C/network-auth.xml:505(para)
13861
#: serverguide/C/network-auth.xml:527(para)
13811
13862
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
13812
13863
msgstr ""
13813
13864
13814
#: serverguide/C/network-auth.xml:511(para)
13865
#: serverguide/C/network-auth.xml:533(para)
13815
13866
msgid ""
13816
13867
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
13817
13868
"displayed (the default is to show all attributes)"
13818
13869
msgstr ""
13819
13870
13820
#: serverguide/C/network-auth.xml:521(title)
13871
#: serverguide/C/network-auth.xml:543(title)
13821
13872
msgid "Modifying the slapd Configuration Database"
13822
13873
msgstr ""
13823
13874
13824
#: serverguide/C/network-auth.xml:523(para)
13875
#: serverguide/C/network-auth.xml:545(para)
13825
13876
msgid ""
13826
13877
"The slapd-config DIT can also be queried and modified. Here are a few "
13827
13878
"examples."
13828
13879
msgstr ""
13829
13880
13830
#: serverguide/C/network-auth.xml:530(para)
13881
#: serverguide/C/network-auth.xml:552(para)
13831
13882
msgid ""
13832
13883
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
13833
13884
"attribute) to your <application>{1}hdb,cn=config</application> database "
13835
13886
"<filename>uid_index.ldif</filename>, with the following contents:"
13836
13887
msgstr ""
13837
13888
13838
#: serverguide/C/network-auth.xml:535(programlisting)
13889
#: serverguide/C/network-auth.xml:557(programlisting)
13839
13890
#, no-wrap
13840
13891
msgid ""
13841
13892
"\n"
13844
13895
"olcDbIndex: uid eq,pres,sub\n"
13845
13896
msgstr ""
13846
13897
13847
#: serverguide/C/network-auth.xml:541(para)
13898
#: serverguide/C/network-auth.xml:563(para)
13848
13899
msgid "Then issue the command:"
13849
13900
msgstr ""
13850
13901
13851
#: serverguide/C/network-auth.xml:546(command)
13902
#: serverguide/C/network-auth.xml:568(command)
13852
13903
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13853
13904
msgstr ""
13854
13905
13855
#: serverguide/C/network-auth.xml:547(computeroutput)
13906
#: serverguide/C/network-auth.xml:569(computeroutput)
13856
13907
#, no-wrap
13857
13908
msgid ""
13858
13909
"\n"
13859
13910
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13860
13911
msgstr ""
13861
13912
13862
#: serverguide/C/network-auth.xml:552(para)
13913
#: serverguide/C/network-auth.xml:574(para)
13863
13914
msgid "You can confirm the change in this way:"
13864
13915
msgstr ""
13865
13916
13866
#: serverguide/C/network-auth.xml:557(command)
13917
#: serverguide/C/network-auth.xml:579(command)
13867
13918
msgid ""
13868
13919
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
13869
13920
"'(olcDatabase={1}hdb)' olcDbIndex"
13870
13921
msgstr ""
13871
13922
13872
#: serverguide/C/network-auth.xml:559(computeroutput)
13923
#: serverguide/C/network-auth.xml:581(computeroutput)
13873
13924
#, no-wrap
13874
13925
msgid ""
13875
13926
"\n"
13878
13929
"olcDbIndex: uid eq,pres,sub\n"
13879
13930
msgstr ""
13880
13931
13881
#: serverguide/C/network-auth.xml:569(para)
13932
#: serverguide/C/network-auth.xml:591(para)
13882
13933
msgid ""
13883
13934
"Let's add a schema. It will first need to be converted to LDIF format. You "
13884
13935
"can find unconverted schemas in addition to converted ones in the <filename "
13885
13936
"role=\"directory\">/etc/ldap/schema</filename> directory."
13886
13937
msgstr ""
13887
13938
13888
#: serverguide/C/network-auth.xml:577(para)
13939
#: serverguide/C/network-auth.xml:599(para)
13889
13940
msgid ""
13890
13941
"It is not trivial to remove a schema from the slapd-config database. "
13891
13942
"Practice adding schemas on a test system."
13892
13943
msgstr ""
13893
13944
13894
#: serverguide/C/network-auth.xml:583(para)
13945
#: serverguide/C/network-auth.xml:605(para)
13895
13946
msgid ""
13896
13947
"Before adding any schema, you should check which schemas are already "
13897
13948
"installed (shown is a default, out-of-the-box output):"
13898
13949
msgstr ""
13899
13950
13900
#: serverguide/C/network-auth.xml:589(command)
13951
#: serverguide/C/network-auth.xml:611(command)
13901
13952
msgid ""
13902
13953
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
13903
13954
msgstr ""
13904
13955
13905
#: serverguide/C/network-auth.xml:591(computeroutput)
13956
#: serverguide/C/network-auth.xml:613(computeroutput)
13906
13957
#, no-wrap
13907
13958
msgid ""
13908
13959
"\n"
13917
13968
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13918
13969
msgstr ""
13919
13970
13920
#: serverguide/C/network-auth.xml:608(para)
13971
#: serverguide/C/network-auth.xml:630(para)
13921
13972
msgid "In the following example we'll add the CORBA schema."
13922
13973
msgstr ""
13923
13974
13924
#: serverguide/C/network-auth.xml:615(para)
13975
#: serverguide/C/network-auth.xml:637(para)
13925
13976
msgid ""
13926
13977
"Create the conversion configuration file "
13927
13978
"<filename>schema_convert.conf</filename> containing the following lines:"
13928
13979
msgstr ""
13929
13980
13930
#: serverguide/C/network-auth.xml:620(programlisting)
13981
#: serverguide/C/network-auth.xml:642(programlisting)
13931
13982
#, no-wrap
13932
13983
msgid ""
13933
13984
"\n"
13947
13998
"include /etc/ldap/schema/pmi.schema\n"
13948
13999
msgstr ""
13949
14000
13950
#: serverguide/C/network-auth.xml:640(para)
14001
#: serverguide/C/network-auth.xml:662(para)
13951
14002
msgid "Create the output directory <filename>ldif_output</filename>."
13952
14003
msgstr ""
13953
14004
13954
#: serverguide/C/network-auth.xml:646(para) serverguide/C/network-auth.xml:2296(para)
14005
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
13955
14006
msgid "Determine the index of the schema:"
13956
14007
msgstr ""
13957
14008
13958
#: serverguide/C/network-auth.xml:651(command)
14009
#: serverguide/C/network-auth.xml:673(command)
13959
14010
msgid ""
13960
14011
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
13961
14012
msgstr ""
13962
14013
13963
#: serverguide/C/network-auth.xml:652(computeroutput)
14014
#: serverguide/C/network-auth.xml:674(computeroutput)
13964
14015
#, no-wrap
13965
14016
msgid ""
13966
14017
"\n"
13967
14018
"cn={1}corba,cn=schema,cn=config\n"
13968
14019
msgstr ""
13969
14020
13970
#: serverguide/C/network-auth.xml:658(para)
14021
#: serverguide/C/network-auth.xml:685(para)
13971
14022
msgid ""
13972
14023
"When slapd ingests objects with the same parent DN it will create an "
13973
14024
"<emphasis>index</emphasis> for that object. An index is contained within "
13974
14025
"braces: <application>{X}</application>."
13975
14026
msgstr ""
13976
14027
13977
#: serverguide/C/network-auth.xml:667(para)
14028
#: serverguide/C/network-auth.xml:689(para)
13978
14029
msgid "Use <application>slapcat</application> to perform the conversion:"
13979
14030
msgstr ""
13980
14031
13981
#: serverguide/C/network-auth.xml:672(command)
14032
#: serverguide/C/network-auth.xml:694(command)
13982
14033
msgid ""
13983
14034
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
13984
14035
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
13985
14036
msgstr ""
13986
14037
13987
#: serverguide/C/network-auth.xml:676(para)
14038
#: serverguide/C/network-auth.xml:698(para)
13988
14039
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
13989
14040
msgstr ""
13990
14041
13991
#: serverguide/C/network-auth.xml:682(para)
14042
#: serverguide/C/network-auth.xml:704(para)
13992
14043
msgid ""
13993
14044
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
13994
14045
"attributes:"
13995
14046
msgstr ""
13996
14047
13997
#: serverguide/C/network-auth.xml:686(programlisting)
14048
#: serverguide/C/network-auth.xml:708(programlisting)
13998
14049
#, no-wrap
13999
14050
msgid ""
14000
14051
"\n"
14003
14054
"cn: corba\n"
14004
14055
msgstr ""
14005
14056
14006
#: serverguide/C/network-auth.xml:692(para)
14057
#: serverguide/C/network-auth.xml:714(para)
14007
14058
msgid "Also remove the following lines from the bottom:"
14008
14059
msgstr ""
14009
14060
14010
#: serverguide/C/network-auth.xml:696(programlisting)
14061
#: serverguide/C/network-auth.xml:718(programlisting)
14011
14062
#, no-wrap
14012
14063
msgid ""
14013
14064
"\n"
14020
14071
"modifyTimestamp: 20110829165435Z\n"
14021
14072
msgstr ""
14022
14073
14023
#: serverguide/C/network-auth.xml:706(para) serverguide/C/network-auth.xml:2346(para)
14074
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14024
14075
msgid "Your attribute values will vary."
14025
14076
msgstr ""
14026
14077
14027
#: serverguide/C/network-auth.xml:712(para)
14078
#: serverguide/C/network-auth.xml:734(para)
14028
14079
msgid ""
14029
14080
"Finally, use <application>ldapadd</application> to add the new schema to the "
14030
14081
"slapd-config DIT:"
14031
14082
msgstr ""
14032
14083
14033
#: serverguide/C/network-auth.xml:717(command)
14084
#: serverguide/C/network-auth.xml:739(command)
14034
14085
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14035
14086
msgstr ""
14036
14087
14037
#: serverguide/C/network-auth.xml:718(computeroutput)
14088
#: serverguide/C/network-auth.xml:740(computeroutput)
14038
14089
#, no-wrap
14039
14090
msgid ""
14040
14091
"\n"
14041
14092
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14042
14093
msgstr ""
14043
14094
14044
#: serverguide/C/network-auth.xml:726(para)
14095
#: serverguide/C/network-auth.xml:748(para)
14045
14096
msgid "Confirm currently loaded schemas:"
14046
14097
msgstr ""
14047
14098
14048
#: serverguide/C/network-auth.xml:731(command)
14099
#: serverguide/C/network-auth.xml:753(command)
14049
14100
msgid ""
14050
14101
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14051
14102
msgstr ""
14052
14103
14053
#: serverguide/C/network-auth.xml:732(computeroutput)
14104
#: serverguide/C/network-auth.xml:754(computeroutput)
14054
14105
#, no-wrap
14055
14106
msgid ""
14056
14107
"\n"
14067
14118
"dn: cn={4}corba,cn=schema,cn=config\n"
14068
14119
msgstr ""
14069
14120
14070
#: serverguide/C/network-auth.xml:756(para)
14121
#: serverguide/C/network-auth.xml:778(para)
14071
14122
msgid ""
14072
14123
"For external applications and clients to authenticate using LDAP they will "
14073
14124
"each need to be specifically configured to do so. Refer to the appropriate "
14074
14125
"client-side documentation for details."
14075
14126
msgstr ""
14076
14127
14077
#: serverguide/C/network-auth.xml:767(para)
14128
#: serverguide/C/network-auth.xml:789(para)
14078
14129
msgid ""
14079
14130
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14080
14131
"based solution yet it must be manually enabled after software installation. "
14082
14133
"any other slapd configuration, is enabled via the slapd-config database."
14083
14134
msgstr ""
14084
14135
14085
#: serverguide/C/network-auth.xml:773(para)
14136
#: serverguide/C/network-auth.xml:795(para)
14086
14137
msgid ""
14087
14138
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14088
14139
"containing the lower one (additive). A good level to try is "
14092
14143
"different subsystems."
14093
14144
msgstr ""
14094
14145
14095
#: serverguide/C/network-auth.xml:779(para)
14146
#: serverguide/C/network-auth.xml:801(para)
14096
14147
msgid ""
14097
14148
"Create the file <filename>logging.ldif</filename> with the following "
14098
14149
"contents:"
14099
14150
msgstr ""
14100
14151
14101
#: serverguide/C/network-auth.xml:783(programlisting)
14152
#: serverguide/C/network-auth.xml:805(programlisting)
14102
14153
#, no-wrap
14103
14154
msgid ""
14104
14155
"\n"
14105
14156
"dn: cn=config\n"
14106
14157
"changetype: modify\n"
14107
"add: olcLogLevel\n"
14158
"replace: olcLogLevel\n"
14108
14159
"olcLogLevel: stats\n"
14109
14160
msgstr ""
14110
14161
14111
#: serverguide/C/network-auth.xml:790(para)
14162
#: serverguide/C/network-auth.xml:812(para)
14112
14163
msgid "Implement the change:"
14113
14164
msgstr ""
14114
14165
14115
#: serverguide/C/network-auth.xml:795(command)
14166
#: serverguide/C/network-auth.xml:817(command)
14116
14167
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14117
14168
msgstr ""
14118
14169
14119
#: serverguide/C/network-auth.xml:798(para)
14170
#: serverguide/C/network-auth.xml:820(para)
14120
14171
msgid ""
14121
14172
"This will produce a significant amount of logging and you will want to "
14122
14173
"throttle back to a less verbose level once your system is in production. "
14124
14175
"hard time keeping up and may drop messages:"
14125
14176
msgstr ""
14126
14177
14127
#: serverguide/C/network-auth.xml:804(programlisting)
14178
#: serverguide/C/network-auth.xml:826(programlisting)
14128
14179
#, no-wrap
14129
14180
msgid ""
14130
14181
"\n"
14132
14183
"limiting\n"
14133
14184
msgstr ""
14134
14185
14135
#: serverguide/C/network-auth.xml:808(para)
14186
#: serverguide/C/network-auth.xml:830(para)
14136
14187
msgid ""
14137
14188
"You may consider a change to rsyslog's configuration. In "
14138
14189
"<filename>/etc/rsyslog.conf</filename>, put:"
14139
14190
msgstr ""
14140
14191
14141
#: serverguide/C/network-auth.xml:812(programlisting)
14192
#: serverguide/C/network-auth.xml:834(programlisting)
14142
14193
#, no-wrap
14143
14194
msgid ""
14144
14195
"\n"
14147
14198
"$SystemLogRateLimitInterval 0\n"
14148
14199
msgstr ""
14149
14200
14150
#: serverguide/C/network-auth.xml:818(para)
14201
#: serverguide/C/network-auth.xml:840(para)
14151
14202
msgid "And then restart the rsyslog daemon:"
14152
14203
msgstr ""
14153
14204
14154
#: serverguide/C/network-auth.xml:823(command)
14205
#: serverguide/C/network-auth.xml:845(command)
14155
14206
msgid "sudo service rsyslog restart"
14156
14207
msgstr ""
14157
14208
14158
#: serverguide/C/network-auth.xml:829(title)
14209
#: serverguide/C/network-auth.xml:851(title)
14159
14210
msgid "Replication"
14160
14211
msgstr ""
14161
14212
14162
#: serverguide/C/network-auth.xml:831(para)
14213
#: serverguide/C/network-auth.xml:853(para)
14163
14214
msgid ""
14164
14215
"The LDAP service becomes increasingly important as more networked systems "
14165
14216
"begin to depend on it. In such an environment, it is standard practice to "
14168
14219
"replication</emphasis>."
14169
14220
msgstr ""
14170
14221
14171
#: serverguide/C/network-auth.xml:837(para)
14222
#: serverguide/C/network-auth.xml:859(para)
14172
14223
msgid ""
14173
14224
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14174
14225
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14180
14231
"be sent, not entire entries."
14181
14232
msgstr ""
14182
14233
14183
#: serverguide/C/network-auth.xml:846(title)
14234
#: serverguide/C/network-auth.xml:868(title)
14184
14235
msgid "Provider Configuration"
14185
14236
msgstr ""
14186
14237
14187
#: serverguide/C/network-auth.xml:848(para)
14238
#: serverguide/C/network-auth.xml:870(para)
14188
14239
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14189
14240
msgstr ""
14190
14241
14191
#: serverguide/C/network-auth.xml:855(para)
14242
#: serverguide/C/network-auth.xml:877(para)
14192
14243
msgid ""
14193
14244
"Create an LDIF file with the following contents and name it "
14194
14245
"<filename>provider_sync.ldif</filename>:"
14195
14246
msgstr ""
14196
14247
14197
#: serverguide/C/network-auth.xml:859(programlisting)
14248
#: serverguide/C/network-auth.xml:881(programlisting)
14198
14249
#, no-wrap
14199
14250
msgid ""
14200
14251
"\n"
14256
14307
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14257
14308
msgstr ""
14258
14309
14259
#: serverguide/C/network-auth.xml:918(para)
14310
#: serverguide/C/network-auth.xml:940(para)
14260
14311
msgid ""
14261
14312
"Change the rootDN in the LDIF file to match the one you have for your "
14262
14313
"directory."
14263
14314
msgstr ""
14264
14315
14265
#: serverguide/C/network-auth.xml:925(para)
14316
#: serverguide/C/network-auth.xml:947(para)
14266
14317
msgid ""
14267
"The <application>apparmor</application> profile for slapd will need to be "
14268
"adjusted for the accesslog database location. Edit "
14269
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
14270
"following:"
14318
"The <application>apparmor</application> profile for slapd will not need to "
14319
"be adjusted for the accesslog database location since "
14320
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14271
14321
msgstr ""
14272
14322
14273
#: serverguide/C/network-auth.xml:931(programlisting)
14323
#: serverguide/C/network-auth.xml:952(programlisting)
14274
14324
#, no-wrap
14275
14325
msgid ""
14276
14326
"\n"
14277
"/var/lib/ldap/accesslog/ r,\n"
14278
"/var/lib/ldap/accesslog/** rwk,\n"
14327
"/var/lib/ldap/ r,\n"
14328
"/var/lib/ldap/** rwk,\n"
14279
14329
msgstr ""
14280
14330
14281
#: serverguide/C/network-auth.xml:936(para)
14331
#: serverguide/C/network-auth.xml:957(para)
14282
14332
msgid ""
14283
14333
"Create a directory, set up a databse config file, and reload the apparmor "
14284
14334
"profile:"
14285
14335
msgstr ""
14286
14336
14287
#: serverguide/C/network-auth.xml:941(command)
14337
#: serverguide/C/network-auth.xml:962(command)
14288
14338
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14289
14339
msgstr ""
14290
14340
14291
#: serverguide/C/network-auth.xml:942(command)
14341
#: serverguide/C/network-auth.xml:963(command)
14292
14342
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14293
14343
msgstr ""
14294
14344
14295
#: serverguide/C/network-auth.xml:949(para)
14345
#: serverguide/C/network-auth.xml:970(para)
14296
14346
msgid ""
14297
14347
"Add the new content and, due to the apparmor change, restart the daemon:"
14298
14348
msgstr ""
14299
14349
14300
#: serverguide/C/network-auth.xml:954(command)
14350
#: serverguide/C/network-auth.xml:975(command)
14301
14351
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14302
14352
msgstr ""
14303
14353
14304
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
14354
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14305
14355
msgid "sudo service slapd restart"
14306
14356
msgstr ""
14307
14357
14308
#: serverguide/C/network-auth.xml:962(para)
14358
#: serverguide/C/network-auth.xml:983(para)
14309
14359
msgid "The Provider is now configured."
14310
14360
msgstr ""
14311
14361
14312
#: serverguide/C/network-auth.xml:969(title)
14362
#: serverguide/C/network-auth.xml:990(title)
14313
14363
msgid "Consumer Configuration"
14314
14364
msgstr ""
14315
14365
14316
#: serverguide/C/network-auth.xml:971(para)
14366
#: serverguide/C/network-auth.xml:992(para)
14317
14367
msgid "And now configure the <emphasis>Consumer</emphasis>."
14318
14368
msgstr ""
14319
14369
14320
#: serverguide/C/network-auth.xml:978(para)
14370
#: serverguide/C/network-auth.xml:999(para)
14321
14371
msgid ""
14322
14372
"Install the software by going through <xref linkend=\"openldap-server-"
14323
14373
"installation\"/>. Make sure the slapd-config databse is identical to the "
14325
14375
"same."
14326
14376
msgstr ""
14327
14377
14328
#: serverguide/C/network-auth.xml:985(para)
14378
#: serverguide/C/network-auth.xml:1006(para)
14329
14379
msgid ""
14330
14380
"Create an LDIF file with the following contents and name it "
14331
14381
"<filename>consumer_sync.ldif</filename>:"
14332
14382
msgstr ""
14333
14383
14334
#: serverguide/C/network-auth.xml:989(programlisting)
14384
#: serverguide/C/network-auth.xml:1010(programlisting)
14335
14385
#, no-wrap
14336
14386
msgid ""
14337
14387
"\n"
14358
14408
"olcUpdateRef: ldap://ldap01.example.com\n"
14359
14409
msgstr ""
14360
14410
14361
#: serverguide/C/network-auth.xml:1010(para)
14411
#: serverguide/C/network-auth.xml:1031(para)
14362
14412
msgid "Ensure the following attributes have the correct values:"
14363
14413
msgstr ""
14364
14414
14365
#: serverguide/C/network-auth.xml:1015(para)
14415
#: serverguide/C/network-auth.xml:1036(para)
14366
14416
msgid ""
14367
14417
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14368
14418
"ldap01.example.com in this example -- or IP address)"
14369
14419
msgstr ""
14370
14420
14371
#: serverguide/C/network-auth.xml:1016(para)
14421
#: serverguide/C/network-auth.xml:1037(para)
14372
14422
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14373
14423
msgstr ""
14374
14424
14375
#: serverguide/C/network-auth.xml:1017(para)
14425
#: serverguide/C/network-auth.xml:1038(para)
14376
14426
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14377
14427
msgstr ""
14378
14428
14379
#: serverguide/C/network-auth.xml:1018(para)
14429
#: serverguide/C/network-auth.xml:1039(para)
14380
14430
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14381
14431
msgstr ""
14382
14432
14383
#: serverguide/C/network-auth.xml:1019(para)
14433
#: serverguide/C/network-auth.xml:1040(para)
14384
14434
msgid ""
14385
14435
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14386
14436
msgstr ""
14387
14437
14388
#: serverguide/C/network-auth.xml:1020(para)
14438
#: serverguide/C/network-auth.xml:1041(para)
14389
14439
msgid ""
14390
14440
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14391
14441
"replica. Each consumer should have at least one rid)"
14392
14442
msgstr ""
14393
14443
14394
#: serverguide/C/network-auth.xml:1029(para)
14444
#: serverguide/C/network-auth.xml:1050(para)
14395
14445
msgid "Add the new content:"
14396
14446
msgstr ""
14397
14447
14398
#: serverguide/C/network-auth.xml:1034(command)
14448
#: serverguide/C/network-auth.xml:1055(command)
14399
14449
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14400
14450
msgstr ""
14401
14451
14402
#: serverguide/C/network-auth.xml:1041(para)
14452
#: serverguide/C/network-auth.xml:1062(para)
14403
14453
msgid ""
14404
14454
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14405
14455
"synchronizing."
14406
14456
msgstr ""
14407
14457
14408
#: serverguide/C/network-auth.xml:1050(para)
14458
#: serverguide/C/network-auth.xml:1071(para)
14409
14459
msgid "Once replication starts, you can monitor it by running"
14410
14460
msgstr ""
14411
14461
14412
#: serverguide/C/network-auth.xml:1055(command)
14462
#: serverguide/C/network-auth.xml:1081(command)
14413
14463
msgid ""
14414
14464
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14415
14465
"contextCSN"
14416
14466
msgstr ""
14417
14467
14418
#: serverguide/C/network-auth.xml:1056(computeroutput)
14468
#: serverguide/C/network-auth.xml:1077(computeroutput)
14419
14469
#, no-wrap
14420
14470
msgid ""
14421
14471
"\n"
14423
14473
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14424
14474
msgstr ""
14425
14475
14426
#: serverguide/C/network-auth.xml:1062(para)
14476
#: serverguide/C/network-auth.xml:1083(para)
14427
14477
msgid ""
14428
14478
"on both the provider and the consumer. Once the output "
14429
14479
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14432
14482
"the one in the consumer(s)."
14433
14483
msgstr ""
14434
14484
14435
#: serverguide/C/network-auth.xml:1071(para)
14485
#: serverguide/C/network-auth.xml:1092(para)
14436
14486
msgid ""
14437
14487
"If your connection is slow and/or your ldap database large, it might take a "
14438
14488
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14440
14490
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14441
14491
msgstr ""
14442
14492
14443
#: serverguide/C/network-auth.xml:1079(para)
14493
#: serverguide/C/network-auth.xml:1100(para)
14444
14494
msgid ""
14445
14495
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14446
14496
"match the provider, you should stop and figure out the issue before "
14450
14500
"statements) return no errors."
14451
14501
msgstr ""
14452
14502
14453
#: serverguide/C/network-auth.xml:1088(para)
14503
#: serverguide/C/network-auth.xml:1109(para)
14454
14504
msgid ""
14455
14505
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14456
14506
msgstr ""
14457
14507
14458
#: serverguide/C/network-auth.xml:1093(command)
14508
#: serverguide/C/network-auth.xml:1114(command)
14459
14509
msgid ""
14460
14510
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14461
14511
msgstr ""
14462
14512
14463
#: serverguide/C/network-auth.xml:1096(para)
14513
#: serverguide/C/network-auth.xml:1117(para)
14464
14514
msgid ""
14465
14515
"You should see the user 'john' and the group 'miners' as well as the nodes "
14466
14516
"'People' and 'Groups'."
14467
14517
msgstr ""
14468
14518
14469
#: serverguide/C/network-auth.xml:1105(title)
14519
#: serverguide/C/network-auth.xml:1126(title)
14470
14520
msgid "Access Control"
14471
14521
msgstr ""
14472
14522
14473
#: serverguide/C/network-auth.xml:1107(para)
14523
#: serverguide/C/network-auth.xml:1128(para)
14474
14524
msgid ""
14475
14525
"The management of what type of access (read, write, etc) users should be "
14476
14526
"granted to resources is known as <emphasis>access control</emphasis>. The "
14478
14528
"lists</emphasis> or ACL."
14479
14529
msgstr ""
14480
14530
14481
#: serverguide/C/network-auth.xml:1112(para)
14531
#: serverguide/C/network-auth.xml:1133(para)
14482
14532
msgid ""
14483
14533
"When we installed the slapd package various ACL were set up automatically. "
14484
14534
"We will look at a few important consequences of those defaults and, in so "
14485
14535
"doing, we'll get an idea of how ACLs work and how they're configured."
14486
14536
msgstr ""
14487
14537
14488
#: serverguide/C/network-auth.xml:1117(para)
14538
#: serverguide/C/network-auth.xml:1138(para)
14489
14539
msgid ""
14490
14540
"To get the effective ACL for an LDAP query we need to look at the ACL "
14491
14541
"entries of the database being queried as well as those of the special "
14497
14547
"(\"dc=example,dc=com\") and those of the frontend database:"
14498
14548
msgstr ""
14499
14549
14500
#: serverguide/C/network-auth.xml:1126(command)
14550
#: serverguide/C/network-auth.xml:1147(command)
14501
14551
msgid ""
14502
14552
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14503
14553
"'(olcDatabase={1}hdb)' olcAccess"
14504
14554
msgstr ""
14505
14555
14506
#: serverguide/C/network-auth.xml:1128(computeroutput)
14556
#: serverguide/C/network-auth.xml:1149(computeroutput)
14507
14557
#, no-wrap
14508
14558
msgid ""
14509
14559
"\n"
14517
14567
" read\n"
14518
14568
msgstr ""
14519
14569
14520
#: serverguide/C/network-auth.xml:1139(para)
14570
#: serverguide/C/network-auth.xml:1160(para)
14521
14571
msgid ""
14522
"The rootDN always has full rights to it's database. Including it in an ACL "
14572
"The rootDN always has full rights to its database. Including it in an ACL "
14523
14573
"does provide an explicit configuration but it also causes slapd to incur a "
14524
14574
"performance penalty."
14525
14575
msgstr ""
14526
14576
14527
#: serverguide/C/network-auth.xml:1146(command)
14577
#: serverguide/C/network-auth.xml:1167(command)
14528
14578
msgid ""
14529
14579
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14530
14580
"'(olcDatabase={-1}frontend)' olcAccess"
14531
14581
msgstr ""
14532
14582
14533
#: serverguide/C/network-auth.xml:1148(computeroutput)
14583
#: serverguide/C/network-auth.xml:1169(computeroutput)
14534
14584
#, no-wrap
14535
14585
msgid ""
14536
14586
"\n"
14541
14591
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14542
14592
msgstr ""
14543
14593
14544
#: serverguide/C/network-auth.xml:1157(para)
14594
#: serverguide/C/network-auth.xml:1178(para)
14545
14595
msgid "The very first ACL is crucial:"
14546
14596
msgstr ""
14547
14597
14548
#: serverguide/C/network-auth.xml:1161(programlisting)
14598
#: serverguide/C/network-auth.xml:1182(programlisting)
14549
14599
#, no-wrap
14550
14600
msgid ""
14551
14601
"\n"
14554
14604
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14555
14605
msgstr ""
14556
14606
14557
#: serverguide/C/network-auth.xml:1166(para)
14607
#: serverguide/C/network-auth.xml:1187(para)
14558
14608
msgid "This can be represented differently for easier digestion:"
14559
14609
msgstr ""
14560
14610
14561
#: serverguide/C/network-auth.xml:1170(programlisting)
14611
#: serverguide/C/network-auth.xml:1191(programlisting)
14562
14612
#, no-wrap
14563
14613
msgid ""
14564
14614
"\n"
14575
14625
"\tby * none\n"
14576
14626
msgstr ""
14577
14627
14578
#: serverguide/C/network-auth.xml:1184(para)
14628
#: serverguide/C/network-auth.xml:1205(para)
14579
14629
msgid "This compound ACL (there are 2) enforces the following:"
14580
14630
msgstr ""
14581
14631
14582
#: serverguide/C/network-auth.xml:1191(para)
14632
#: serverguide/C/network-auth.xml:1212(para)
14583
14633
msgid ""
14584
14634
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14585
14635
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14588
14638
"occur (see next point)."
14589
14639
msgstr ""
14590
14640
14591
#: serverguide/C/network-auth.xml:1199(para)
14641
#: serverguide/C/network-auth.xml:1220(para)
14592
14642
msgid ""
14593
14643
"Authentication can happen because all users have 'read' (due to 'by self "
14594
14644
"write') access to the <emphasis>userPassword</emphasis> attribute."
14595
14645
msgstr ""
14596
14646
14597
#: serverguide/C/network-auth.xml:1205(para)
14647
#: serverguide/C/network-auth.xml:1226(para)
14598
14648
msgid ""
14599
14649
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14600
14650
"all other users, with the exception of the rootDN, who has complete access "
14601
14651
"to it."
14602
14652
msgstr ""
14603
14653
14604
#: serverguide/C/network-auth.xml:1212(para)
14654
#: serverguide/C/network-auth.xml:1233(para)
14605
14655
msgid ""
14606
14656
"In order for users to change their own password, using "
14607
14657
"<command>passwd</command> or other utilities, the "
14609
14659
"a user has authenticated."
14610
14660
msgstr ""
14611
14661
14612
#: serverguide/C/network-auth.xml:1220(para)
14662
#: serverguide/C/network-auth.xml:1241(para)
14613
14663
msgid ""
14614
14664
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14615
14665
msgstr ""
14616
14666
14617
#: serverguide/C/network-auth.xml:1224(programlisting)
14667
#: serverguide/C/network-auth.xml:1245(programlisting)
14618
14668
#, no-wrap
14619
14669
msgid ""
14620
14670
"\n"
14624
14674
"\tby * read\n"
14625
14675
msgstr ""
14626
14676
14627
#: serverguide/C/network-auth.xml:1231(para)
14677
#: serverguide/C/network-auth.xml:1252(para)
14628
14678
msgid ""
14629
14679
"If this is unwanted then you need to change the ACLs. To force "
14630
14680
"authentication during a bind request you can alternatively (or in "
14631
14681
"combination with the modified ACL) use the 'olcRequire: authc' directive."
14632
14682
msgstr ""
14633
14683
14634
#: serverguide/C/network-auth.xml:1236(para)
14684
#: serverguide/C/network-auth.xml:1257(para)
14635
14685
msgid ""
14636
14686
"As previously mentioned, there is no administrative account created for the "
14637
14687
"slapd-config database. There is, however, a SASL identity that is granted "
14639
14689
"it is:"
14640
14690
msgstr ""
14641
14691
14642
#: serverguide/C/network-auth.xml:1241(programlisting)
14692
#: serverguide/C/network-auth.xml:1262(programlisting)
14643
14693
#, no-wrap
14644
14694
msgid ""
14645
14695
"\n"
14646
14696
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
14647
14697
msgstr ""
14648
14698
14649
#: serverguide/C/network-auth.xml:1245(para)
14699
#: serverguide/C/network-auth.xml:1266(para)
14650
14700
msgid ""
14651
14701
"The following command will display the ACLs of the slapd-config database:"
14652
14702
msgstr ""
14653
14703
14654
#: serverguide/C/network-auth.xml:1250(command)
14704
#: serverguide/C/network-auth.xml:1271(command)
14655
14705
msgid ""
14656
14706
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14657
14707
"'(olcDatabase={0}config)' olcAccess"
14658
14708
msgstr ""
14659
14709
14660
#: serverguide/C/network-auth.xml:1252(computeroutput)
14710
#: serverguide/C/network-auth.xml:1273(computeroutput)
14661
14711
#, no-wrap
14662
14712
msgid ""
14663
14713
"\n"
14666
14716
" cn=external,cn=auth manage by * break\n"
14667
14717
msgstr ""
14668
14718
14669
#: serverguide/C/network-auth.xml:1259(para)
14719
#: serverguide/C/network-auth.xml:1285(para)
14670
14720
msgid ""
14671
14721
"Since this is a SASL identity we need to use a SASL "
14672
14722
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
14674
14724
"mechanism. See the previous command for an example. Note that:"
14675
14725
msgstr ""
14676
14726
14677
#: serverguide/C/network-auth.xml:1267(para)
14727
#: serverguide/C/network-auth.xml:1288(para)
14678
14728
msgid ""
14679
14729
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
14680
14730
"for the ACL to match."
14681
14731
msgstr ""
14682
14732
14683
#: serverguide/C/network-auth.xml:1273(para)
14733
#: serverguide/C/network-auth.xml:1294(para)
14684
14734
msgid ""
14685
14735
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
14686
14736
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
14687
14737
msgstr ""
14688
14738
14689
#: serverguide/C/network-auth.xml:1281(para)
14739
#: serverguide/C/network-auth.xml:1302(para)
14690
14740
msgid "A succinct way to get all the ACLs is like this:"
14691
14741
msgstr ""
14692
14742
14693
#: serverguide/C/network-auth.xml:1286(command)
14743
#: serverguide/C/network-auth.xml:1307(command)
14694
14744
msgid ""
14695
14745
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14696
14746
"'(olcAccess=*)' olcAccess olcSuffix"
14697
14747
msgstr ""
14698
14748
14699
#: serverguide/C/network-auth.xml:1290(para)
14749
#: serverguide/C/network-auth.xml:1311(para)
14700
14750
msgid ""
14701
14751
"There is much to say on the topic of access control. See the man page for "
14702
14752
"<ulink "
14704
14754
".access</ulink>."
14705
14755
msgstr ""
14706
14756
14707
#: serverguide/C/network-auth.xml:1298(title)
14757
#: serverguide/C/network-auth.xml:1319(title)
14708
14758
msgid "TLS"
14709
14759
msgstr ""
14710
14760
14711
#: serverguide/C/network-auth.xml:1300(para)
14761
#: serverguide/C/network-auth.xml:1321(para)
14712
14762
msgid ""
14713
14763
"When authenticating to an OpenLDAP server it is best to do so using an "
14714
14764
"encrypted session. This can be accomplished using Transport Layer Security "
14715
14765
"(TLS)."
14716
14766
msgstr ""
14717
14767
14718
#: serverguide/C/network-auth.xml:1305(para)
14768
#: serverguide/C/network-auth.xml:1326(para)
14719
14769
msgid ""
14720
14770
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
14721
14771
"create and sign our LDAP server certificate as that CA. Since "
14724
14774
"<application>certtool</application> utility to complete these tasks."
14725
14775
msgstr ""
14726
14776
14727
#: serverguide/C/network-auth.xml:1314(para)
14777
#: serverguide/C/network-auth.xml:1335(para)
14728
14778
msgid ""
14729
14779
"Install the <application>gnutls-bin</application> and <application>ssl-"
14730
14780
"cert</application> packages:"
14731
14781
msgstr ""
14732
14782
14733
#: serverguide/C/network-auth.xml:1319(command)
14783
#: serverguide/C/network-auth.xml:1340(command)
14734
14784
msgid "sudo apt-get install gnutls-bin ssl-cert"
14735
14785
msgstr ""
14736
14786
14737
#: serverguide/C/network-auth.xml:1325(para)
14787
#: serverguide/C/network-auth.xml:1346(para)
14738
14788
msgid "Create a private key for the Certificate Authority:"
14739
14789
msgstr ""
14740
14790
14741
#: serverguide/C/network-auth.xml:1330(command)
14791
#: serverguide/C/network-auth.xml:1351(command)
14742
14792
msgid ""
14743
14793
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14744
14794
msgstr ""
14745
14795
14746
#: serverguide/C/network-auth.xml:1336(para)
14796
#: serverguide/C/network-auth.xml:1357(para)
14747
14797
msgid ""
14748
14798
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
14749
14799
"CA:"
14750
14800
msgstr ""
14751
14801
14752
#: serverguide/C/network-auth.xml:1340(programlisting)
14802
#: serverguide/C/network-auth.xml:1361(programlisting)
14753
14803
#, no-wrap
14754
14804
msgid ""
14755
14805
"\n"
14758
14808
"cert_signing_key\n"
14759
14809
msgstr ""
14760
14810
14761
#: serverguide/C/network-auth.xml:1349(para)
14811
#: serverguide/C/network-auth.xml:1370(para)
14762
14812
msgid "Create the self-signed CA certificate:"
14763
14813
msgstr ""
14764
14814
14765
#: serverguide/C/network-auth.xml:1354(command)
14815
#: serverguide/C/network-auth.xml:1375(command)
14766
14816
msgid ""
14767
14817
"sudo certtool --generate-self-signed \\ --load-privkey "
14768
14818
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14769
14819
"/etc/ssl/certs/cacert.pem"
14770
14820
msgstr ""
14771
14821
14772
#: serverguide/C/network-auth.xml:1363(para)
14822
#: serverguide/C/network-auth.xml:1384(para)
14773
14823
msgid "Make a private key for the server:"
14774
14824
msgstr ""
14775
14825
14776
#: serverguide/C/network-auth.xml:1368(command)
14826
#: serverguide/C/network-auth.xml:1389(command)
14777
14827
msgid ""
14778
14828
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14779
14829
"/etc/ssl/private/ldap01_slapd_key.pem"
14780
14830
msgstr ""
14781
14831
14782
#: serverguide/C/network-auth.xml:1374(para)
14832
#: serverguide/C/network-auth.xml:1395(para)
14783
14833
msgid ""
14784
14834
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14785
14835
"hostname. Naming the certificate and key for the host and service that will "
14786
14836
"be using them will help keep things clear."
14787
14837
msgstr ""
14788
14838
14789
#: serverguide/C/network-auth.xml:1383(para)
14839
#: serverguide/C/network-auth.xml:1404(para)
14790
14840
msgid ""
14791
14841
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14792
14842
msgstr ""
14793
14843
14794
#: serverguide/C/network-auth.xml:1387(programlisting)
14844
#: serverguide/C/network-auth.xml:1408(programlisting)
14795
14845
#, no-wrap
14796
14846
msgid ""
14797
14847
"\n"
14803
14853
"expiration_days = 3650\n"
14804
14854
msgstr ""
14805
14855
14806
#: serverguide/C/network-auth.xml:1396(para)
14856
#: serverguide/C/network-auth.xml:1417(para)
14807
14857
msgid "The above certificate is good for 10 years. Adjust accordingly."
14808
14858
msgstr ""
14809
14859
14810
#: serverguide/C/network-auth.xml:1402(para)
14860
#: serverguide/C/network-auth.xml:1423(para)
14811
14861
msgid "Create the server's certificate:"
14812
14862
msgstr ""
14813
14863
14814
#: serverguide/C/network-auth.xml:1407(command)
14864
#: serverguide/C/network-auth.xml:1428(command)
14815
14865
msgid ""
14816
14866
"sudo certtool --generate-certificate \\ --load-privkey "
14817
14867
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
14820
14870
"/etc/ssl/certs/ldap01_slapd_cert.pem"
14821
14871
msgstr ""
14822
14872
14823
#: serverguide/C/network-auth.xml:1419(para)
14873
#: serverguide/C/network-auth.xml:1440(para)
14824
14874
msgid ""
14825
14875
"Create the file <filename>certinfo.ldif</filename> with the following "
14826
14876
"contents (adjust accordingly, our example assumes we created certs using "
14827
14877
"https://www.cacert.org):"
14828
14878
msgstr ""
14829
14879
14830
#: serverguide/C/network-auth.xml:1423(programlisting)
14880
#: serverguide/C/network-auth.xml:1444(programlisting)
14831
14881
#, no-wrap
14832
14882
msgid ""
14833
14883
"\n"
14842
14892
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
14843
14893
msgstr ""
14844
14894
14845
#: serverguide/C/network-auth.xml:1435(para)
14895
#: serverguide/C/network-auth.xml:1456(para)
14846
14896
msgid ""
14847
14897
"Use the <application>ldapmodify</application> command to tell slapd about "
14848
14898
"our TLS work via the slapd-config database:"
14849
14899
msgstr ""
14850
14900
14851
#: serverguide/C/network-auth.xml:1440(command)
14901
#: serverguide/C/network-auth.xml:1461(command)
14852
14902
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
14853
14903
msgstr ""
14854
14904
14855
#: serverguide/C/network-auth.xml:1443(para)
14905
#: serverguide/C/network-auth.xml:1464(para)
14856
14906
msgid ""
14857
14907
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
14858
14908
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
14859
14909
"should have just:"
14860
14910
msgstr ""
14861
14911
14862
#: serverguide/C/network-auth.xml:1448(programlisting)
14912
#: serverguide/C/network-auth.xml:1469(programlisting)
14863
14913
#, no-wrap
14864
14914
msgid ""
14865
14915
"\n"
14866
14916
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
14867
14917
msgstr ""
14868
14918
14869
#: serverguide/C/network-auth.xml:1453(para)
14919
#: serverguide/C/network-auth.xml:1474(para)
14870
14920
msgid ""
14871
14921
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
14872
14922
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
14875
14925
"over TCP port 636."
14876
14926
msgstr ""
14877
14927
14878
#: serverguide/C/network-auth.xml:1461(para)
14928
#: serverguide/C/network-auth.xml:1482(para)
14879
14929
msgid "Tighten up ownership and permissions:"
14880
14930
msgstr ""
14881
14931
14882
#: serverguide/C/network-auth.xml:1466(command) serverguide/C/network-auth.xml:1583(command)
14932
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
14883
14933
msgid "sudo adduser openldap ssl-cert"
14884
14934
msgstr ""
14885
14935
14886
#: serverguide/C/network-auth.xml:1467(command)
14936
#: serverguide/C/network-auth.xml:1488(command)
14887
14937
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14888
14938
msgstr ""
14889
14939
14890
#: serverguide/C/network-auth.xml:1468(command)
14940
#: serverguide/C/network-auth.xml:1489(command)
14891
14941
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14892
14942
msgstr ""
14893
14943
14894
#: serverguide/C/network-auth.xml:1469(command)
14944
#: serverguide/C/network-auth.xml:1490(command)
14895
14945
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
14896
14946
msgstr ""
14897
14947
14898
#: serverguide/C/network-auth.xml:1472(para)
14948
#: serverguide/C/network-auth.xml:1493(para)
14899
14949
msgid "Restart OpenLDAP:"
14900
14950
msgstr ""
14901
14951
14902
#: serverguide/C/network-auth.xml:1480(para)
14952
#: serverguide/C/network-auth.xml:1501(para)
14903
14953
msgid ""
14904
14954
"Check your host's logs (/var/log/syslog) to see if the server has started "
14905
14955
"properly."
14906
14956
msgstr ""
14907
14957
14908
#: serverguide/C/network-auth.xml:1487(title)
14958
#: serverguide/C/network-auth.xml:1508(title)
14909
14959
msgid "Replication and TLS"
14910
14960
msgstr ""
14911
14961
14912
#: serverguide/C/network-auth.xml:1489(para)
14962
#: serverguide/C/network-auth.xml:1510(para)
14913
14963
msgid ""
14914
14964
"If you have set up replication between servers, it is common practice to "
14915
14965
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
14917
14967
"section we will build on that TLS-authentication work."
14918
14968
msgstr ""
14919
14969
14920
#: serverguide/C/network-auth.xml:1495(para)
14970
#: serverguide/C/network-auth.xml:1516(para)
14921
14971
msgid ""
14922
14972
"The assumption here is that you have set up replication between Provider and "
14923
14973
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
14925
14975
"linkend=\"openldap-tls\"/>."
14926
14976
msgstr ""
14927
14977
14928
#: serverguide/C/network-auth.xml:1500(para)
14978
#: serverguide/C/network-auth.xml:1521(para)
14929
14979
msgid ""
14930
14980
"As previously stated, the objective (for us) with replication is high "
14931
14981
"availablity for the LDAP service. Since we have TLS for authentication on "
14937
14987
"material over to the Consumer."
14938
14988
msgstr ""
14939
14989
14940
#: serverguide/C/network-auth.xml:1511(para) serverguide/C/network-auth.xml:1668(para)
14990
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
14941
14991
msgid "On the Provider,"
14942
14992
msgstr ""
14943
14993
14944
#: serverguide/C/network-auth.xml:1515(para)
14994
#: serverguide/C/network-auth.xml:1536(para)
14945
14995
msgid ""
14946
14996
"Create a holding directory (which will be used for the eventual transfer) "
14947
14997
"and then the Consumer's private key:"
14948
14998
msgstr ""
14949
14999
14950
#: serverguide/C/network-auth.xml:1520(command)
15000
#: serverguide/C/network-auth.xml:1541(command)
14951
15001
msgid "mkdir ldap02-ssl"
14952
15002
msgstr ""
14953
15003
14954
#: serverguide/C/network-auth.xml:1521(command)
15004
#: serverguide/C/network-auth.xml:1542(command)
14955
15005
msgid "cd ldap02-ssl"
14956
15006
msgstr ""
14957
15007
14958
#: serverguide/C/network-auth.xml:1522(command)
15008
#: serverguide/C/network-auth.xml:1543(command)
14959
15009
msgid ""
14960
15010
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14961
15011
"ldap02_slapd_key.pem"
14962
15012
msgstr ""
14963
15013
14964
#: serverguide/C/network-auth.xml:1527(para)
15014
#: serverguide/C/network-auth.xml:1548(para)
14965
15015
msgid ""
14966
15016
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
14967
"server, adjusting it's values accordingly:"
15017
"server, adjusting its values accordingly:"
14968
15018
msgstr ""
14969
15019
14970
#: serverguide/C/network-auth.xml:1531(programlisting)
15020
#: serverguide/C/network-auth.xml:1552(programlisting)
14971
15021
#, no-wrap
14972
15022
msgid ""
14973
15023
"\n"
14979
15029
"expiration_days = 3650\n"
14980
15030
msgstr ""
14981
15031
14982
#: serverguide/C/network-auth.xml:1540(para)
15032
#: serverguide/C/network-auth.xml:1561(para)
14983
15033
msgid "Create the Consumer's certificate:"
14984
15034
msgstr ""
14985
15035
14986
#: serverguide/C/network-auth.xml:1545(command)
15036
#: serverguide/C/network-auth.xml:1566(command)
14987
15037
msgid ""
14988
15038
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
14989
15039
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
14991
15041
"ldap02_slapd_cert.pem"
14992
15042
msgstr ""
14993
15043
14994
#: serverguide/C/network-auth.xml:1553(para)
15044
#: serverguide/C/network-auth.xml:1574(para)
14995
15045
msgid "Get a copy of the CA certificate:"
14996
15046
msgstr ""
14997
15047
14998
#: serverguide/C/network-auth.xml:1558(command)
15048
#: serverguide/C/network-auth.xml:1579(command)
14999
15049
msgid "cp /etc/ssl/certs/cacert.pem ."
15000
15050
msgstr ""
15001
15051
15002
#: serverguide/C/network-auth.xml:1561(para)
15052
#: serverguide/C/network-auth.xml:1582(para)
15003
15053
msgid ""
15004
15054
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15005
15055
"the Consumer. Here we use scp (adjust accordingly):"
15006
15056
msgstr ""
15007
15057
15008
#: serverguide/C/network-auth.xml:1566(command)
15058
#: serverguide/C/network-auth.xml:1587(command)
15009
15059
msgid "cd .."
15010
15060
msgstr ""
15011
15061
15012
#: serverguide/C/network-auth.xml:1567(command)
15062
#: serverguide/C/network-auth.xml:1588(command)
15013
15063
msgid "scp -r ldap02-ssl user@consumer:"
15014
15064
msgstr ""
15015
15065
15016
#: serverguide/C/network-auth.xml:1573(para) serverguide/C/network-auth.xml:1621(para)
15066
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15017
15067
msgid "On the Consumer,"
15018
15068
msgstr ""
15019
15069
15020
#: serverguide/C/network-auth.xml:1577(para)
15070
#: serverguide/C/network-auth.xml:1598(para)
15021
15071
msgid "Configure TLS authentication:"
15022
15072
msgstr ""
15023
15073
15024
#: serverguide/C/network-auth.xml:1582(command)
15074
#: serverguide/C/network-auth.xml:1603(command)
15025
15075
msgid "sudo apt-get install ssl-cert"
15026
15076
msgstr ""
15027
15077
15028
#: serverguide/C/network-auth.xml:1584(command)
15078
#: serverguide/C/network-auth.xml:1605(command)
15029
15079
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15030
15080
msgstr ""
15031
15081
15032
#: serverguide/C/network-auth.xml:1585(command)
15082
#: serverguide/C/network-auth.xml:1606(command)
15033
15083
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15034
15084
msgstr ""
15035
15085
15036
#: serverguide/C/network-auth.xml:1586(command)
15086
#: serverguide/C/network-auth.xml:1607(command)
15037
15087
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15038
15088
msgstr ""
15039
15089
15040
#: serverguide/C/network-auth.xml:1587(command)
15090
#: serverguide/C/network-auth.xml:1608(command)
15041
15091
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15042
15092
msgstr ""
15043
15093
15044
#: serverguide/C/network-auth.xml:1588(command)
15094
#: serverguide/C/network-auth.xml:1609(command)
15045
15095
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15046
15096
msgstr ""
15047
15097
15048
#: serverguide/C/network-auth.xml:1591(para)
15098
#: serverguide/C/network-auth.xml:1612(para)
15049
15099
msgid ""
15050
15100
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15051
15101
"following contents (adjust accordingly):"
15052
15102
msgstr ""
15053
15103
15054
#: serverguide/C/network-auth.xml:1595(programlisting)
15104
#: serverguide/C/network-auth.xml:1616(programlisting)
15055
15105
#, no-wrap
15056
15106
msgid ""
15057
15107
"\n"
15066
15116
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15067
15117
msgstr ""
15068
15118
15069
#: serverguide/C/network-auth.xml:1607(para)
15119
#: serverguide/C/network-auth.xml:1628(para)
15070
15120
msgid "Configure the slapd-config database:"
15071
15121
msgstr ""
15072
15122
15073
#: serverguide/C/network-auth.xml:1612(command)
15123
#: serverguide/C/network-auth.xml:1633(command)
15074
15124
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15075
15125
msgstr ""
15076
15126
15077
#: serverguide/C/network-auth.xml:1615(para)
15127
#: serverguide/C/network-auth.xml:1636(para)
15078
15128
msgid ""
15079
15129
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15080
15130
"(SLAPD_SERVICES)."
15081
15131
msgstr ""
15082
15132
15083
#: serverguide/C/network-auth.xml:1625(para)
15133
#: serverguide/C/network-auth.xml:1646(para)
15084
15134
msgid ""
15085
15135
"Configure TLS for Consumer-side replication. Modify the existing "
15086
15136
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15088
15138
"value(s)."
15089
15139
msgstr ""
15090
15140
15091
#: serverguide/C/network-auth.xml:1630(para)
15141
#: serverguide/C/network-auth.xml:1651(para)
15092
15142
msgid ""
15093
15143
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15094
15144
"following contents:"
15095
15145
msgstr ""
15096
15146
15097
#: serverguide/C/network-auth.xml:1634(programlisting)
15147
#: serverguide/C/network-auth.xml:1660(programlisting)
15098
15148
#, no-wrap
15099
15149
msgid ""
15100
15150
"\n"
15109
15159
" starttls=critical tls_reqcert=demand\n"
15110
15160
msgstr ""
15111
15161
15112
#: serverguide/C/network-auth.xml:1644(para)
15162
#: serverguide/C/network-auth.xml:1665(para)
15113
15163
msgid ""
15114
15164
"The extra options specify, respectively, that the consumer must use StartTLS "
15115
15165
"and that the CA certificate is required to verify the Provider's identity. "
15117
15167
"('replace')."
15118
15168
msgstr ""
15119
15169
15120
#: serverguide/C/network-auth.xml:1649(para)
15170
#: serverguide/C/network-auth.xml:1670(para)
15121
15171
msgid "Implement these changes:"
15122
15172
msgstr ""
15123
15173
15124
#: serverguide/C/network-auth.xml:1654(command)
15174
#: serverguide/C/network-auth.xml:1675(command)
15125
15175
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15126
15176
msgstr ""
15127
15177
15128
#: serverguide/C/network-auth.xml:1657(para)
15178
#: serverguide/C/network-auth.xml:1678(para)
15129
15179
msgid "And restart slapd:"
15130
15180
msgstr ""
15131
15181
15132
#: serverguide/C/network-auth.xml:1672(para)
15182
#: serverguide/C/network-auth.xml:1693(para)
15133
15183
msgid ""
15134
15184
"Check to see that a TLS session has been established. In "
15135
15185
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15136
15186
"logging set up, you should see messages similar to:"
15137
15187
msgstr ""
15138
15188
15139
#: serverguide/C/network-auth.xml:1677(programlisting)
15189
#: serverguide/C/network-auth.xml:1698(programlisting)
15140
15190
#, no-wrap
15141
15191
msgid ""
15142
15192
"\n"
15153
15203
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15154
15204
msgstr ""
15155
15205
15156
#: serverguide/C/network-auth.xml:1695(title)
15206
#: serverguide/C/network-auth.xml:1716(title)
15157
15207
msgid "LDAP Authentication"
15158
15208
msgstr ""
15159
15209
15160
#: serverguide/C/network-auth.xml:1697(para)
15210
#: serverguide/C/network-auth.xml:1723(para)
15161
15211
msgid ""
15162
15212
"Once you have a working LDAP server, you will need to install libraries on "
15163
15213
"the client that will know how and when to contact it. On Ubuntu, this has "
15166
15216
"assist you in the configuration step. Install this package now:"
15167
15217
msgstr ""
15168
15218
15169
#: serverguide/C/network-auth.xml:1704(command)
15219
#: serverguide/C/network-auth.xml:1725(command)
15170
15220
msgid "sudo apt-get install libnss-ldap"
15171
15221
msgstr ""
15172
15222
15173
#: serverguide/C/network-auth.xml:1707(para)
15223
#: serverguide/C/network-auth.xml:1728(para)
15174
15224
msgid ""
15175
15225
"You will be prompted for details of your LDAP server. If you make a mistake "
15176
15226
"you can try again using:"
15177
15227
msgstr ""
15178
15228
15179
#: serverguide/C/network-auth.xml:1712(command)
15229
#: serverguide/C/network-auth.xml:1733(command)
15180
15230
msgid "sudo dpkg-reconfigure ldap-auth-config"
15181
15231
msgstr ""
15182
15232
15183
#: serverguide/C/network-auth.xml:1715(para)
15233
#: serverguide/C/network-auth.xml:1736(para)
15184
15234
msgid ""
15185
15235
"The results of the dialog can be seen in "
15186
15236
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15187
15237
"covered in the menu edit this file accordingly."
15188
15238
msgstr ""
15189
15239
15190
#: serverguide/C/network-auth.xml:1720(para)
15240
#: serverguide/C/network-auth.xml:1741(para)
15191
15241
msgid "Now configure the LDAP profile for NSS:"
15192
15242
msgstr ""
15193
15243
15194
#: serverguide/C/network-auth.xml:1725(command)
15244
#: serverguide/C/network-auth.xml:1746(command)
15195
15245
msgid "sudo auth-client-config -t nss -p lac_ldap"
15196
15246
msgstr ""
15197
15247
15198
#: serverguide/C/network-auth.xml:1728(para)
15248
#: serverguide/C/network-auth.xml:1749(para)
15199
15249
msgid "Configure the system to use LDAP for authentication:"
15200
15250
msgstr ""
15201
15251
15202
#: serverguide/C/network-auth.xml:1733(command)
15252
#: serverguide/C/network-auth.xml:1754(command)
15203
15253
msgid "sudo pam-auth-update"
15204
15254
msgstr ""
15205
15255
15206
#: serverguide/C/network-auth.xml:1736(para)
15256
#: serverguide/C/network-auth.xml:1757(para)
15207
15257
msgid ""
15208
15258
"From the menu, choose LDAP and any other authentication mechanisms you need."
15209
15259
msgstr ""
15210
15260
15211
#: serverguide/C/network-auth.xml:1740(para)
15261
#: serverguide/C/network-auth.xml:1761(para)
15212
15262
msgid "You should now be able to log in using LDAP-based credentials."
15213
15263
msgstr ""
15214
15264
15215
#: serverguide/C/network-auth.xml:1744(para)
15265
#: serverguide/C/network-auth.xml:1765(para)
15216
15266
msgid ""
15217
15267
"LDAP clients will need to refer to multiple servers if replication is in "
15218
15268
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15219
15269
msgstr ""
15220
15270
15221
#: serverguide/C/network-auth.xml:1749(programlisting)
15271
#: serverguide/C/network-auth.xml:1770(programlisting)
15222
15272
#, no-wrap
15223
15273
msgid ""
15224
15274
"\n"
15225
15275
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15226
15276
msgstr ""
15227
15277
15228
#: serverguide/C/network-auth.xml:1753(para)
15278
#: serverguide/C/network-auth.xml:1774(para)
15229
15279
msgid ""
15230
15280
"The request will time out and the Consumer (ldap02) will attempt to be "
15231
15281
"reached if the Provider (ldap01) becomes unresponsive."
15232
15282
msgstr ""
15233
15283
15234
#: serverguide/C/network-auth.xml:1757(para)
15284
#: serverguide/C/network-auth.xml:1778(para)
15235
15285
msgid ""
15236
15286
"If you are going to use LDAP to store Samba users you will need to configure "
15237
15287
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15238
15288
"ldap\"/> for details."
15239
15289
msgstr ""
15240
15290
15241
#: serverguide/C/network-auth.xml:1763(para)
15291
#: serverguide/C/network-auth.xml:1784(para)
15242
15292
msgid ""
15243
15293
"An alternative to the <application>libnss-ldap</application> package is the "
15244
15294
"<application>libnss-ldapd</application> package. This, however, will bring "
15246
15296
"wanted. Simply remove it afterwards."
15247
15297
msgstr ""
15248
15298
15249
#: serverguide/C/network-auth.xml:1773(title)
15299
#: serverguide/C/network-auth.xml:1794(title)
15250
15300
msgid "User and Group Management"
15251
15301
msgstr ""
15252
15302
15253
#: serverguide/C/network-auth.xml:1775(para)
15303
#: serverguide/C/network-auth.xml:1796(para)
15254
15304
msgid ""
15255
15305
"The <application>ldap-utils</application> package comes with enough "
15256
15306
"utilities to manage the directory but the long string of options needed can "
15259
15309
"easier to use."
15260
15310
msgstr ""
15261
15311
15262
#: serverguide/C/network-auth.xml:1781(para)
15312
#: serverguide/C/network-auth.xml:1802(para)
15263
15313
msgid "Install the package:"
15264
15314
msgstr ""
15265
15315
15266
#: serverguide/C/network-auth.xml:1786(command)
15316
#: serverguide/C/network-auth.xml:1807(command)
15267
15317
msgid "sudo apt-get install ldapscripts"
15268
15318
msgstr ""
15269
15319
15270
#: serverguide/C/network-auth.xml:1789(para)
15320
#: serverguide/C/network-auth.xml:1810(para)
15271
15321
msgid ""
15272
15322
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15273
15323
"arrive at something similar to the following:"
15274
15324
msgstr ""
15275
15325
15276
#: serverguide/C/network-auth.xml:1793(programlisting)
15326
#: serverguide/C/network-auth.xml:1814(programlisting)
15277
15327
#, no-wrap
15278
15328
msgid ""
15279
15329
"\n"
15289
15339
"MIDSTART=10000\n"
15290
15340
msgstr ""
15291
15341
15292
#: serverguide/C/network-auth.xml:1806(para)
15342
#: serverguide/C/network-auth.xml:1827(para)
15293
15343
msgid ""
15294
15344
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15295
15345
"access to the directory:"
15296
15346
msgstr ""
15297
15347
15298
#: serverguide/C/network-auth.xml:1811(command)
15348
#: serverguide/C/network-auth.xml:1832(command)
15299
15349
msgid ""
15300
15350
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15301
15351
msgstr ""
15302
15352
15303
#: serverguide/C/network-auth.xml:1812(command)
15353
#: serverguide/C/network-auth.xml:1833(command)
15304
15354
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15305
15355
msgstr ""
15306
15356
15307
#: serverguide/C/network-auth.xml:1816(para)
15357
#: serverguide/C/network-auth.xml:1837(para)
15308
15358
msgid ""
15309
15359
"Replace <quote>secret</quote> with the actual password for your database's "
15310
15360
"rootDN user."
15311
15361
msgstr ""
15312
15362
15313
#: serverguide/C/network-auth.xml:1821(para)
15363
#: serverguide/C/network-auth.xml:1842(para)
15314
15364
msgid ""
15315
15365
"The scripts are now ready to help manage your directory. Here are some "
15316
15366
"examples of how to use them:"
15317
15367
msgstr ""
15318
15368
15319
#: serverguide/C/network-auth.xml:1828(para)
15369
#: serverguide/C/network-auth.xml:1849(para)
15320
15370
msgid "Create a new user:"
15321
15371
msgstr ""
15322
15372
15323
#: serverguide/C/network-auth.xml:1833(command)
15373
#: serverguide/C/network-auth.xml:1854(command)
15324
15374
msgid "sudo ldapadduser george example"
15325
15375
msgstr ""
15326
15376
15327
#: serverguide/C/network-auth.xml:1836(para)
15377
#: serverguide/C/network-auth.xml:1857(para)
15328
15378
msgid ""
15329
15379
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15330
15380
"and set the user's primary group (gid) to <emphasis "
15331
15381
"role=\"italic\">example</emphasis>"
15332
15382
msgstr ""
15333
15383
15334
#: serverguide/C/network-auth.xml:1843(para)
15384
#: serverguide/C/network-auth.xml:1864(para)
15335
15385
msgid "Change a user's password:"
15336
15386
msgstr ""
15337
15387
15338
#: serverguide/C/network-auth.xml:1848(command)
15388
#: serverguide/C/network-auth.xml:1869(command)
15339
15389
msgid "sudo ldapsetpasswd george"
15340
15390
msgstr ""
15341
15391
15342
#: serverguide/C/network-auth.xml:1849(computeroutput)
15392
#: serverguide/C/network-auth.xml:1870(computeroutput)
15343
15393
#, no-wrap
15344
15394
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15345
15395
msgstr ""
15346
15396
15347
#: serverguide/C/network-auth.xml:1850(userinput)
15397
#: serverguide/C/network-auth.xml:1871(userinput)
15348
15398
#, no-wrap
15349
15399
msgid "New Password: "
15350
15400
msgstr ""
15351
15401
15352
#: serverguide/C/network-auth.xml:1851(userinput)
15402
#: serverguide/C/network-auth.xml:1872(userinput)
15353
15403
#, no-wrap
15354
15404
msgid "New Password (verify): "
15355
15405
msgstr ""
15356
15406
15357
#: serverguide/C/network-auth.xml:1857(para)
15407
#: serverguide/C/network-auth.xml:1878(para)
15358
15408
msgid "Delete a user:"
15359
15409
msgstr ""
15360
15410
15361
#: serverguide/C/network-auth.xml:1862(command)
15411
#: serverguide/C/network-auth.xml:1883(command)
15362
15412
msgid "sudo ldapdeleteuser george"
15363
15413
msgstr ""
15364
15414
15365
#: serverguide/C/network-auth.xml:1868(para)
15415
#: serverguide/C/network-auth.xml:1889(para)
15366
15416
msgid "Add a group:"
15367
15417
msgstr ""
15368
15418
15369
#: serverguide/C/network-auth.xml:1873(command)
15419
#: serverguide/C/network-auth.xml:1894(command)
15370
15420
msgid "sudo ldapaddgroup qa"
15371
15421
msgstr ""
15372
15422
15373
#: serverguide/C/network-auth.xml:1879(para)
15423
#: serverguide/C/network-auth.xml:1900(para)
15374
15424
msgid "Delete a group:"
15375
15425
msgstr ""
15376
15426
15377
#: serverguide/C/network-auth.xml:1884(command)
15427
#: serverguide/C/network-auth.xml:1905(command)
15378
15428
msgid "sudo ldapdeletegroup qa"
15379
15429
msgstr ""
15380
15430
15381
#: serverguide/C/network-auth.xml:1890(para)
15431
#: serverguide/C/network-auth.xml:1911(para)
15382
15432
msgid "Add a user to a group:"
15383
15433
msgstr ""
15384
15434
15385
#: serverguide/C/network-auth.xml:1895(command)
15435
#: serverguide/C/network-auth.xml:1916(command)
15386
15436
msgid "sudo ldapaddusertogroup george qa"
15387
15437
msgstr ""
15388
15438
15389
#: serverguide/C/network-auth.xml:1898(para)
15439
#: serverguide/C/network-auth.xml:1919(para)
15390
15440
msgid ""
15391
15441
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15392
15442
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15393
15443
"role=\"italic\">george</emphasis>."
15394
15444
msgstr ""
15395
15445
15396
#: serverguide/C/network-auth.xml:1905(para)
15446
#: serverguide/C/network-auth.xml:1926(para)
15397
15447
msgid "Remove a user from a group:"
15398
15448
msgstr ""
15399
15449
15400
#: serverguide/C/network-auth.xml:1910(command)
15450
#: serverguide/C/network-auth.xml:1931(command)
15401
15451
msgid "sudo ldapdeleteuserfromgroup george qa"
15402
15452
msgstr ""
15403
15453
15404
#: serverguide/C/network-auth.xml:1913(para)
15454
#: serverguide/C/network-auth.xml:1934(para)
15405
15455
msgid ""
15406
15456
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15407
15457
"<emphasis role=\"italic\">qa</emphasis> group."
15408
15458
msgstr ""
15409
15459
15410
#: serverguide/C/network-auth.xml:1920(para)
15460
#: serverguide/C/network-auth.xml:1941(para)
15411
15461
msgid ""
15412
15462
"The <application>ldapmodifyuser</application> script allows you to add, "
15413
15463
"remove, or replace a user's attributes. The script uses the same syntax as "
15414
15464
"the <application>ldapmodify</application> utility. For example:"
15415
15465
msgstr ""
15416
15466
15417
#: serverguide/C/network-auth.xml:1926(command)
15467
#: serverguide/C/network-auth.xml:1947(command)
15418
15468
msgid "sudo ldapmodifyuser george"
15419
15469
msgstr ""
15420
15470
15421
#: serverguide/C/network-auth.xml:1927(computeroutput)
15471
#: serverguide/C/network-auth.xml:1948(computeroutput)
15422
15472
#, no-wrap
15423
15473
msgid ""
15424
15474
"# About to modify the following entry :\n"
15439
15489
"dn: uid=george,ou=People,dc=example,dc=com"
15440
15490
msgstr ""
15441
15491
15442
#: serverguide/C/network-auth.xml:1943(userinput)
15492
#: serverguide/C/network-auth.xml:1964(userinput)
15443
15493
#, no-wrap
15444
15494
msgid ""
15445
15495
"replace: gecos\n"
15446
15496
"gecos: George Carlin"
15447
15497
msgstr ""
15448
15498
15449
#: serverguide/C/network-auth.xml:1947(para)
15499
#: serverguide/C/network-auth.xml:1968(para)
15450
15500
msgid ""
15451
15501
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15452
15502
"Carlin</quote>."
15453
15503
msgstr ""
15454
15504
15455
#: serverguide/C/network-auth.xml:1953(para)
15505
#: serverguide/C/network-auth.xml:1979(para)
15456
15506
msgid ""
15457
15507
"A nice feature of <application>ldapscripts</application> is the template "
15458
15508
"system. Templates allow you to customize the attributes of user, group, and "
15461
15511
"changing:"
15462
15512
msgstr ""
15463
15513
15464
#: serverguide/C/network-auth.xml:1959(programlisting)
15514
#: serverguide/C/network-auth.xml:1980(programlisting)
15465
15515
#, no-wrap
15466
15516
msgid ""
15467
15517
"\n"
15468
15518
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15469
15519
msgstr ""
15470
15520
15471
#: serverguide/C/network-auth.xml:1963(para)
15521
#: serverguide/C/network-auth.xml:1984(para)
15472
15522
msgid ""
15473
15523
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15474
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15475
"<filename>ldapadduser.template.sample</filename> file to "
15524
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15525
"rename the <filename>ldapadduser.template.sample</filename> file to "
15476
15526
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15477
15527
msgstr ""
15478
15528
15479
#: serverguide/C/network-auth.xml:1970(command)
15529
#: serverguide/C/network-auth.xml:1991(command)
15480
15530
msgid ""
15481
15531
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15482
15532
"/etc/ldapscripts/ldapadduser.template"
15483
15533
msgstr ""
15484
15534
15485
#: serverguide/C/network-auth.xml:1974(para)
15535
#: serverguide/C/network-auth.xml:1995(para)
15486
15536
msgid ""
15487
15537
"Edit the new template to add the desired attributes. The following will "
15488
15538
"create new users with an objectClass of inetOrgPerson:"
15489
15539
msgstr ""
15490
15540
15491
#: serverguide/C/network-auth.xml:1979(programlisting)
15541
#: serverguide/C/network-auth.xml:2000(programlisting)
15492
15542
#, no-wrap
15493
15543
msgid ""
15494
15544
"\n"
15507
15557
"title: Employee\n"
15508
15558
msgstr ""
15509
15559
15510
#: serverguide/C/network-auth.xml:1995(para)
15560
#: serverguide/C/network-auth.xml:2016(para)
15511
15561
msgid ""
15512
15562
"Notice the <emphasis><ask></emphasis> option used for the "
15513
15563
"<emphasis>sn</emphasis> attribute. This will make "
15514
"<application>ldapadduser</application> prompt you for it's value."
15564
"<application>ldapadduser</application> prompt you for its value."
15515
15565
msgstr ""
15516
15566
15517
#: serverguide/C/network-auth.xml:2003(para)
15567
#: serverguide/C/network-auth.xml:2024(para)
15518
15568
msgid ""
15519
15569
"There are utilities in the package that were not covered here. Here is a "
15520
15570
"complete list:"
15521
15571
msgstr ""
15522
15572
15523
#: serverguide/C/network-auth.xml:2008(ulink)
15573
#: serverguide/C/network-auth.xml:2029(ulink)
15524
15574
msgid "ldaprenamemachine"
15525
15575
msgstr ""
15526
15576
15527
#: serverguide/C/network-auth.xml:2009(ulink)
15577
#: serverguide/C/network-auth.xml:2030(ulink)
15528
15578
msgid "ldapadduser"
15529
15579
msgstr ""
15530
15580
15531
#: serverguide/C/network-auth.xml:2010(ulink)
15581
#: serverguide/C/network-auth.xml:2031(ulink)
15532
15582
msgid "ldapdeleteuserfromgroup"
15533
15583
msgstr ""
15534
15584
15535
#: serverguide/C/network-auth.xml:2011(ulink)
15585
#: serverguide/C/network-auth.xml:2032(ulink)
15536
15586
msgid "ldapfinger"
15537
15587
msgstr ""
15538
15588
15539
#: serverguide/C/network-auth.xml:2012(ulink)
15589
#: serverguide/C/network-auth.xml:2033(ulink)
15540
15590
msgid "ldapid"
15541
15591
msgstr ""
15542
15592
15543
#: serverguide/C/network-auth.xml:2013(ulink)
15593
#: serverguide/C/network-auth.xml:2034(ulink)
15544
15594
msgid "ldapgid"
15545
15595
msgstr ""
15546
15596
15547
#: serverguide/C/network-auth.xml:2014(ulink)
15597
#: serverguide/C/network-auth.xml:2035(ulink)
15548
15598
msgid "ldapmodifyuser"
15549
15599
msgstr ""
15550
15600
15551
#: serverguide/C/network-auth.xml:2015(ulink)
15601
#: serverguide/C/network-auth.xml:2036(ulink)
15552
15602
msgid "ldaprenameuser"
15553
15603
msgstr ""
15554
15604
15555
#: serverguide/C/network-auth.xml:2016(ulink)
15605
#: serverguide/C/network-auth.xml:2037(ulink)
15556
15606
msgid "lsldap"
15557
15607
msgstr ""
15558
15608
15559
#: serverguide/C/network-auth.xml:2017(ulink)
15609
#: serverguide/C/network-auth.xml:2038(ulink)
15560
15610
msgid "ldapaddusertogroup"
15561
15611
msgstr ""
15562
15612
15563
#: serverguide/C/network-auth.xml:2018(ulink)
15613
#: serverguide/C/network-auth.xml:2039(ulink)
15564
15614
msgid "ldapsetpasswd"
15565
15615
msgstr ""
15566
15616
15567
#: serverguide/C/network-auth.xml:2019(ulink)
15617
#: serverguide/C/network-auth.xml:2040(ulink)
15568
15618
msgid "ldapinit"
15569
15619
msgstr ""
15570
15620
15571
#: serverguide/C/network-auth.xml:2020(ulink)
15621
#: serverguide/C/network-auth.xml:2041(ulink)
15572
15622
msgid "ldapaddgroup"
15573
15623
msgstr ""
15574
15624
15575
#: serverguide/C/network-auth.xml:2021(ulink)
15625
#: serverguide/C/network-auth.xml:2042(ulink)
15576
15626
msgid "ldapdeletegroup"
15577
15627
msgstr ""
15578
15628
15579
#: serverguide/C/network-auth.xml:2022(ulink)
15629
#: serverguide/C/network-auth.xml:2043(ulink)
15580
15630
msgid "ldapmodifygroup"
15581
15631
msgstr ""
15582
15632
15583
#: serverguide/C/network-auth.xml:2023(ulink)
15633
#: serverguide/C/network-auth.xml:2044(ulink)
15584
15634
msgid "ldapdeletemachine"
15585
15635
msgstr ""
15586
15636
15587
#: serverguide/C/network-auth.xml:2024(ulink)
15637
#: serverguide/C/network-auth.xml:2045(ulink)
15588
15638
msgid "ldaprenamegroup"
15589
15639
msgstr ""
15590
15640
15591
#: serverguide/C/network-auth.xml:2025(ulink)
15641
#: serverguide/C/network-auth.xml:2046(ulink)
15592
15642
msgid "ldapaddmachine"
15593
15643
msgstr ""
15594
15644
15595
#: serverguide/C/network-auth.xml:2026(ulink)
15645
#: serverguide/C/network-auth.xml:2047(ulink)
15596
15646
msgid "ldapmodifymachine"
15597
15647
msgstr ""
15598
15648
15599
#: serverguide/C/network-auth.xml:2027(ulink)
15649
#: serverguide/C/network-auth.xml:2048(ulink)
15600
15650
msgid "ldapsetprimarygroup"
15601
15651
msgstr ""
15602
15652
15603
#: serverguide/C/network-auth.xml:2028(ulink)
15653
#: serverguide/C/network-auth.xml:2049(ulink)
15604
15654
msgid "ldapdeleteuser"
15605
15655
msgstr ""
15606
15656
15607
#: serverguide/C/network-auth.xml:2034(title)
15657
#: serverguide/C/network-auth.xml:2055(title)
15608
15658
msgid "Backup and Restore"
15609
15659
msgstr ""
15610
15660
15611
#: serverguide/C/network-auth.xml:2036(para)
15661
#: serverguide/C/network-auth.xml:2057(para)
15612
15662
msgid ""
15613
15663
"Now we have ldap running just the way we want, it is time to ensure we can "
15614
15664
"save all of our work and restore it as needed."
15615
15665
msgstr ""
15616
15666
15617
#: serverguide/C/network-auth.xml:2041(para)
15667
#: serverguide/C/network-auth.xml:2062(para)
15618
15668
msgid ""
15619
15669
"What we need is a way to backup the ldap database(s), specifically the "
15620
15670
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15623
15673
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15624
15674
msgstr ""
15625
15675
15626
#: serverguide/C/network-auth.xml:2051(programlisting)
15676
#: serverguide/C/network-auth.xml:2072(programlisting)
15627
15677
#, no-wrap
15628
15678
msgid ""
15629
15679
"\n"
15638
15688
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
15639
15689
msgstr ""
15640
15690
15641
#: serverguide/C/network-auth.xml:2064(para)
15691
#: serverguide/C/network-auth.xml:2085(para)
15642
15692
msgid ""
15643
15693
"These files are uncompressed text files containing everything in your ldap "
15644
15694
"databases including the tree layout, usernames, and every password. So, you "
15648
15698
"requirements."
15649
15699
msgstr ""
15650
15700
15651
#: serverguide/C/network-auth.xml:2075(para)
15701
#: serverguide/C/network-auth.xml:2096(para)
15652
15702
msgid ""
15653
15703
"Then, it is just a matter of having a cron script to run this program as "
15654
15704
"often as we feel comfortable with. For many, once a day suffices. For "
15657
15707
"22:45h:"
15658
15708
msgstr ""
15659
15709
15660
#: serverguide/C/network-auth.xml:2083(programlisting)
15710
#: serverguide/C/network-auth.xml:2104(programlisting)
15661
15711
#, no-wrap
15662
15712
msgid ""
15663
15713
"\n"
15665
15715
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15666
15716
msgstr ""
15667
15717
15668
#: serverguide/C/network-auth.xml:2088(para)
15718
#: serverguide/C/network-auth.xml:2109(para)
15669
15719
msgid "Now the files are created, they should be copied to a backup server."
15670
15720
msgstr ""
15671
15721
15672
#: serverguide/C/network-auth.xml:2093(para)
15722
#: serverguide/C/network-auth.xml:2114(para)
15673
15723
msgid ""
15674
15724
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15675
15725
"something like this:"
15676
15726
msgstr ""
15677
15727
15678
#: serverguide/C/network-auth.xml:2099(command)
15728
#: serverguide/C/network-auth.xml:2120(command)
15679
15729
msgid "sudo service slapd stop"
15680
15730
msgstr ""
15681
15731
15682
#: serverguide/C/network-auth.xml:2100(command)
15732
#: serverguide/C/network-auth.xml:2121(command)
15683
15733
msgid "sudo mkdir /var/lib/ldap/accesslog"
15684
15734
msgstr ""
15685
15735
15686
#: serverguide/C/network-auth.xml:2101(command)
15736
#: serverguide/C/network-auth.xml:2122(command)
15687
15737
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15688
15738
msgstr ""
15689
15739
15690
#: serverguide/C/network-auth.xml:2102(command)
15740
#: serverguide/C/network-auth.xml:2123(command)
15691
15741
msgid ""
15692
15742
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15693
15743
msgstr ""
15694
15744
15695
#: serverguide/C/network-auth.xml:2103(command)
15745
#: serverguide/C/network-auth.xml:2124(command)
15696
15746
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15697
15747
msgstr ""
15698
15748
15699
#: serverguide/C/network-auth.xml:2104(command)
15749
#: serverguide/C/network-auth.xml:2125(command)
15700
15750
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15701
15751
msgstr ""
15702
15752
15703
#: serverguide/C/network-auth.xml:2105(command)
15753
#: serverguide/C/network-auth.xml:2126(command)
15704
15754
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15705
15755
msgstr ""
15706
15756
15707
#: serverguide/C/network-auth.xml:2106(command)
15757
#: serverguide/C/network-auth.xml:2127(command)
15708
15758
msgid "sudo service slapd start"
15709
15759
msgstr ""
15710
15760
15711
#: serverguide/C/network-auth.xml:2117(para)
15761
#: serverguide/C/network-auth.xml:2138(para)
15712
15762
msgid ""
15713
15763
"The primary resource is the upstream documentation: <ulink "
15714
15764
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15715
15765
msgstr ""
15716
15766
15717
#: serverguide/C/network-auth.xml:2123(para)
15767
#: serverguide/C/network-auth.xml:2144(para)
15718
15768
msgid ""
15719
15769
"There are many man pages that come with the slapd package. Here are some "
15720
15770
"important ones, especially considering the material presented in this guide:"
15721
15771
msgstr ""
15722
15772
15723
#: serverguide/C/network-auth.xml:2129(ulink)
15773
#: serverguide/C/network-auth.xml:2150(ulink)
15724
15774
msgid "slapd"
15725
15775
msgstr ""
15726
15776
15727
#: serverguide/C/network-auth.xml:2130(ulink)
15777
#: serverguide/C/network-auth.xml:2151(ulink)
15728
15778
msgid "slapd-config"
15729
15779
msgstr ""
15730
15780
15731
#: serverguide/C/network-auth.xml:2131(ulink)
15781
#: serverguide/C/network-auth.xml:2152(ulink)
15732
15782
msgid "slapd.access"
15733
15783
msgstr ""
15734
15784
15735
#: serverguide/C/network-auth.xml:2132(ulink)
15785
#: serverguide/C/network-auth.xml:2153(ulink)
15736
15786
msgid "slapo-syncprov"
15737
15787
msgstr ""
15738
15788
15739
#: serverguide/C/network-auth.xml:2138(para)
15789
#: serverguide/C/network-auth.xml:2159(para)
15740
15790
msgid "Other man pages:"
15741
15791
msgstr ""
15742
15792
15743
#: serverguide/C/network-auth.xml:2143(ulink)
15793
#: serverguide/C/network-auth.xml:2164(ulink)
15744
15794
msgid "auth-client-config"
15745
15795
msgstr ""
15746
15796
15747
#: serverguide/C/network-auth.xml:2144(ulink)
15797
#: serverguide/C/network-auth.xml:2165(ulink)
15748
15798
msgid "pam-auth-update"
15749
15799
msgstr ""
15750
15800
15751
#: serverguide/C/network-auth.xml:2150(para)
15801
#: serverguide/C/network-auth.xml:2171(para)
15752
15802
msgid ""
15753
15803
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15754
15804
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15755
15805
msgstr ""
15756
15806
15757
#: serverguide/C/network-auth.xml:2156(para)
15807
#: serverguide/C/network-auth.xml:2177(para)
15758
15808
msgid ""
15759
15809
"A Ubuntu community <ulink "
15760
15810
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15761
15811
"wiki</ulink> page has a collection of notes"
15762
15812
msgstr ""
15763
15813
15764
#: serverguide/C/network-auth.xml:2162(para)
15814
#: serverguide/C/network-auth.xml:2183(para)
15765
15815
msgid ""
15766
15816
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15767
15817
"Administration</ulink> (textbook; 2003)"
15768
15818
msgstr ""
15769
15819
15770
#: serverguide/C/network-auth.xml:2168(para)
15820
#: serverguide/C/network-auth.xml:2189(para)
15771
15821
msgid ""
15772
15822
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15773
15823
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15774
15824
msgstr ""
15775
15825
15776
#: serverguide/C/network-auth.xml:2179(title)
15826
#: serverguide/C/network-auth.xml:2200(title)
15777
15827
msgid "Samba and LDAP"
15778
15828
msgstr ""
15779
15829
15780
#: serverguide/C/network-auth.xml:2181(para)
15830
#: serverguide/C/network-auth.xml:2202(para)
15781
15831
msgid ""
15782
15832
"This section covers the integration of Samba with LDAP. The Samba server's "
15783
15833
"role will be that of a \"standalone\" server and the LDAP directory will "
15784
15834
"provide the authentication layer in addition to containing the user, group, "
15785
15835
"and machine account information that Samba requires in order to function (in "
15786
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
15836
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
15787
15837
"configured with a directory that can accept authentication requests. See "
15788
15838
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
15789
15839
"requirement. Once this section is completed, you will need to decide what "
15790
15840
"specifically you want Samba to do for you and then configure it accordingly."
15791
15841
msgstr ""
15792
15842
15793
#: serverguide/C/network-auth.xml:2190(title)
15843
#: serverguide/C/network-auth.xml:2211(title)
15794
15844
msgid "Software Installation"
15795
15845
msgstr ""
15796
15846
15797
#: serverguide/C/network-auth.xml:2192(para)
15847
#: serverguide/C/network-auth.xml:2213(para)
15798
15848
msgid ""
15799
15849
"There are three packages needed when integrating Samba with LDAP: "
15800
15850
"<application>samba</application>, <application>samba-doc</application>, and "
15801
15851
"<application>smbldap-tools</application> packages."
15802
15852
msgstr ""
15803
15853
15804
#: serverguide/C/network-auth.xml:2197(para)
15854
#: serverguide/C/network-auth.xml:2223(para)
15805
15855
msgid ""
15806
15856
"Strictly speaking, the <application>smbldap-tools</application> package "
15807
15857
"isn't needed, but unless you have some other way to manage the various Samba "
15809
15859
"install it."
15810
15860
msgstr ""
15811
15861
15812
#: serverguide/C/network-auth.xml:2202(para)
15862
#: serverguide/C/network-auth.xml:2223(para)
15813
15863
msgid "Install these packages now:"
15814
15864
msgstr ""
15815
15865
15816
#: serverguide/C/network-auth.xml:2207(command)
15866
#: serverguide/C/network-auth.xml:2228(command)
15817
15867
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15818
15868
msgstr ""
15819
15869
15820
#: serverguide/C/network-auth.xml:2213(title)
15870
#: serverguide/C/network-auth.xml:2234(title)
15821
15871
msgid "LDAP Configuration"
15822
15872
msgstr ""
15823
15873
15824
#: serverguide/C/network-auth.xml:2215(para)
15874
#: serverguide/C/network-auth.xml:2236(para)
15825
15875
msgid ""
15826
15876
"We will now configure the LDAP server so that it can accomodate Samba data. "
15827
15877
"We will perform three tasks in this section:"
15828
15878
msgstr ""
15829
15879
15830
#: serverguide/C/network-auth.xml:2222(para)
15880
#: serverguide/C/network-auth.xml:2243(para)
15831
15881
msgid "Import a schema"
15832
15882
msgstr ""
15833
15883
15834
#: serverguide/C/network-auth.xml:2226(para)
15884
#: serverguide/C/network-auth.xml:2247(para)
15835
15885
msgid "Index some entries"
15836
15886
msgstr ""
15837
15887
15838
#: serverguide/C/network-auth.xml:2230(para)
15888
#: serverguide/C/network-auth.xml:2251(para)
15839
15889
msgid "Add objects"
15840
15890
msgstr ""
15841
15891
15842
#: serverguide/C/network-auth.xml:2236(title)
15892
#: serverguide/C/network-auth.xml:2257(title)
15843
15893
msgid "Samba schema"
15844
15894
msgstr ""
15845
15895
15846
#: serverguide/C/network-auth.xml:2238(para)
15896
#: serverguide/C/network-auth.xml:2259(para)
15847
15897
msgid ""
15848
15898
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
15849
15899
"will need to use attributes that can properly describe Samba data. Such "
15851
15901
"now."
15852
15902
msgstr ""
15853
15903
15854
#: serverguide/C/network-auth.xml:2244(para)
15904
#: serverguide/C/network-auth.xml:2265(para)
15855
15905
msgid ""
15856
15906
"For more information on schemas and their installation see <xref "
15857
15907
"linkend=\"openldap-configuration\"/>."
15858
15908
msgstr ""
15859
15909
15860
#: serverguide/C/network-auth.xml:2252(para)
15910
#: serverguide/C/network-auth.xml:2273(para)
15861
15911
msgid ""
15862
15912
"The schema is found in the now-installed <application>samba-"
15863
15913
"doc</application> package. It needs to be unzipped and copied to the "
15864
15914
"<filename>/etc/ldap/schema</filename> directory:"
15865
15915
msgstr ""
15866
15916
15867
#: serverguide/C/network-auth.xml:2258(command)
15917
#: serverguide/C/network-auth.xml:2279(command)
15868
15918
msgid ""
15869
15919
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15870
15920
"/etc/ldap/schema"
15871
15921
msgstr ""
15872
15922
15873
#: serverguide/C/network-auth.xml:2259(command)
15923
#: serverguide/C/network-auth.xml:2280(command)
15874
15924
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15875
15925
msgstr ""
15876
15926
15877
#: serverguide/C/network-auth.xml:2265(para)
15927
#: serverguide/C/network-auth.xml:2286(para)
15878
15928
msgid ""
15879
15929
"Have the configuration file <filename>schema_convert.conf</filename> that "
15880
15930
"contains the following lines:"
15881
15931
msgstr ""
15882
15932
15883
#: serverguide/C/network-auth.xml:2269(programlisting)
15933
#: serverguide/C/network-auth.xml:2290(programlisting)
15884
15934
#, no-wrap
15885
15935
msgid ""
15886
15936
"\n"
15901
15951
"include /etc/ldap/schema/samba.schema\n"
15902
15952
msgstr ""
15903
15953
15904
#: serverguide/C/network-auth.xml:2290(para)
15954
#: serverguide/C/network-auth.xml:2311(para)
15905
15955
msgid "Have the directory <filename>ldif_output</filename> hold output."
15906
15956
msgstr ""
15907
15957
15908
#: serverguide/C/network-auth.xml:2301(command)
15958
#: serverguide/C/network-auth.xml:2322(command)
15909
15959
msgid ""
15910
15960
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
15911
15961
msgstr ""
15912
15962
15913
#: serverguide/C/network-auth.xml:2302(computeroutput)
15963
#: serverguide/C/network-auth.xml:2323(computeroutput)
15914
15964
#, no-wrap
15915
15965
msgid ""
15916
15966
"\n"
15917
15967
"dn: cn={14}samba,cn=schema,cn=config\n"
15918
15968
msgstr ""
15919
15969
15920
#: serverguide/C/network-auth.xml:2310(para)
15970
#: serverguide/C/network-auth.xml:2331(para)
15921
15971
msgid "Convert the schema to LDIF format:"
15922
15972
msgstr ""
15923
15973
15924
#: serverguide/C/network-auth.xml:2315(command)
15974
#: serverguide/C/network-auth.xml:2336(command)
15925
15975
msgid ""
15926
15976
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
15927
15977
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
15928
15978
msgstr ""
15929
15979
15930
#: serverguide/C/network-auth.xml:2322(para)
15980
#: serverguide/C/network-auth.xml:2343(para)
15931
15981
msgid ""
15932
15982
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
15933
15983
"information to arrive at:"
15934
15984
msgstr ""
15935
15985
15936
#: serverguide/C/network-auth.xml:2326(programlisting)
15986
#: serverguide/C/network-auth.xml:2347(programlisting)
15937
15987
#, no-wrap
15938
15988
msgid ""
15939
15989
"\n"
15942
15992
"cn: samba\n"
15943
15993
msgstr ""
15944
15994
15945
#: serverguide/C/network-auth.xml:2332(para)
15995
#: serverguide/C/network-auth.xml:2353(para)
15946
15996
msgid "Remove the bottom lines:"
15947
15997
msgstr ""
15948
15998
15949
#: serverguide/C/network-auth.xml:2336(programlisting)
15999
#: serverguide/C/network-auth.xml:2357(programlisting)
15950
16000
#, no-wrap
15951
16001
msgid ""
15952
16002
"\n"
15959
16009
"modifyTimestamp: 20080827045234Z\n"
15960
16010
msgstr ""
15961
16011
15962
#: serverguide/C/network-auth.xml:2352(para)
16012
#: serverguide/C/network-auth.xml:2373(para)
15963
16013
msgid "Add the new schema:"
15964
16014
msgstr ""
15965
16015
15966
#: serverguide/C/network-auth.xml:2357(command)
16016
#: serverguide/C/network-auth.xml:2378(command)
15967
16017
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
15968
16018
msgstr ""
15969
16019
15970
#: serverguide/C/network-auth.xml:2360(para)
16020
#: serverguide/C/network-auth.xml:2381(para)
15971
16021
msgid "To query and view this new schema:"
15972
16022
msgstr ""
15973
16023
15974
#: serverguide/C/network-auth.xml:2365(command)
16024
#: serverguide/C/network-auth.xml:2386(command)
15975
16025
msgid ""
15976
16026
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
15977
16027
"'cn=*samba*'"
15978
16028
msgstr ""
15979
16029
15980
#: serverguide/C/network-auth.xml:2375(title)
16030
#: serverguide/C/network-auth.xml:2396(title)
15981
16031
msgid "Samba indices"
15982
16032
msgstr ""
15983
16033
15984
#: serverguide/C/network-auth.xml:2377(para)
16034
#: serverguide/C/network-auth.xml:2398(para)
15985
16035
msgid ""
15986
16036
"Now that slapd knows about the Samba attributes, we can set up some indices "
15987
16037
"based on them. Indexing entries is a way to improve performance when a "
15988
16038
"client performs a filtered search on the DIT."
15989
16039
msgstr ""
15990
16040
15991
#: serverguide/C/network-auth.xml:2382(para)
16041
#: serverguide/C/network-auth.xml:2403(para)
15992
16042
msgid ""
15993
16043
"Create the file <filename>samba_indices.ldif</filename> with the following "
15994
16044
"contents:"
15995
16045
msgstr ""
15996
16046
15997
#: serverguide/C/network-auth.xml:2386(programlisting)
16047
#: serverguide/C/network-auth.xml:2407(programlisting)
15998
16048
#, no-wrap
15999
16049
msgid ""
16000
16050
"\n"
16015
16065
"olcDbIndex: default sub\n"
16016
16066
msgstr ""
16017
16067
16018
#: serverguide/C/network-auth.xml:2404(para)
16068
#: serverguide/C/network-auth.xml:2425(para)
16019
16069
msgid ""
16020
16070
"Using the <application>ldapmodify</application> utility load the new indices:"
16021
16071
msgstr ""
16022
16072
16023
#: serverguide/C/network-auth.xml:2409(command)
16073
#: serverguide/C/network-auth.xml:2430(command)
16024
16074
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16025
16075
msgstr ""
16026
16076
16027
#: serverguide/C/network-auth.xml:2412(para)
16077
#: serverguide/C/network-auth.xml:2433(para)
16028
16078
msgid ""
16029
16079
"If all went well you should see the new indices using "
16030
16080
"<application>ldapsearch</application>:"
16031
16081
msgstr ""
16032
16082
16033
#: serverguide/C/network-auth.xml:2417(command)
16083
#: serverguide/C/network-auth.xml:2438(command)
16034
16084
msgid ""
16035
16085
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16036
16086
"olcDatabase={1}hdb olcDbIndex"
16037
16087
msgstr ""
16038
16088
16039
#: serverguide/C/network-auth.xml:2424(title)
16089
#: serverguide/C/network-auth.xml:2445(title)
16040
16090
msgid "Adding Samba LDAP objects"
16041
16091
msgstr ""
16042
16092
16043
#: serverguide/C/network-auth.xml:2426(para)
16093
#: serverguide/C/network-auth.xml:2452(para)
16044
16094
msgid ""
16045
16095
"Next, configure the <application>smbldap-tools</application> package to "
16046
16096
"match your environment. The package is supposed to come with a configuration "
16051
16101
"smbldap-tools')."
16052
16102
msgstr ""
16053
16103
16054
#: serverguide/C/network-auth.xml:2433(para)
16104
#: serverguide/C/network-auth.xml:2459(para)
16055
16105
msgid ""
16056
16106
"To manually configure the package, you need to create and edit the files "
16057
16107
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16058
16108
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16059
16109
msgstr ""
16060
16110
16061
#: serverguide/C/network-auth.xml:2438(para)
16111
#: serverguide/C/network-auth.xml:2464(para)
16062
16112
msgid ""
16063
16113
"The <application>smbldap-populate</application> script will then add the "
16064
16114
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16065
16115
"your DIT using <application>slapcat</application>:"
16066
16116
msgstr ""
16067
16117
16068
#: serverguide/C/network-auth.xml:2444(command)
16118
#: serverguide/C/network-auth.xml:2473(command)
16069
16119
msgid "sudo slapcat -l backup.ldif"
16070
16120
msgstr ""
16071
16121
16072
#: serverguide/C/network-auth.xml:2447(para)
16122
#: serverguide/C/network-auth.xml:2476(para)
16073
16123
msgid "Once you have a backup proceed to populate your directory:"
16074
16124
msgstr ""
16075
16125
16076
#: serverguide/C/network-auth.xml:2452(command)
16126
#: serverguide/C/network-auth.xml:2481(command)
16077
16127
msgid "sudo smbldap-populate"
16078
16128
msgstr ""
16079
16129
16080
#: serverguide/C/network-auth.xml:2455(para)
16130
#: serverguide/C/network-auth.xml:2484(para)
16081
16131
msgid ""
16082
16132
"You can create a LDIF file containing the new Samba objects by executing "
16083
16133
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16084
16134
"look over the changes making sure everything is correct. If it is, rerun the "
16085
16135
"script without the '-e' switch. Alternatively, you can take the LDIF file "
16086
"and import it's data per usual."
16136
"and import its data per usual."
16087
16137
msgstr ""
16088
16138
16089
#: serverguide/C/network-auth.xml:2461(para)
16139
#: serverguide/C/network-auth.xml:2490(para)
16090
16140
msgid ""
16091
16141
"Your LDAP directory now has the necessary information to authenticate Samba "
16092
16142
"users."
16093
16143
msgstr ""
16094
16144
16095
#: serverguide/C/network-auth.xml:2470(title)
16145
#: serverguide/C/network-auth.xml:2499(title)
16096
16146
msgid "Samba Configuration"
16097
16147
msgstr ""
16098
16148
16099
#: serverguide/C/network-auth.xml:2472(para)
16149
#: serverguide/C/network-auth.xml:2498(para)
16100
16150
msgid ""
16101
16151
"There are multiple ways to configure Samba. For details on some common "
16102
16152
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16103
"LDAP, edit it's configuration file <filename>/etc/samba/smb.conf</filename> "
16153
"LDAP, edit its configuration file <filename>/etc/samba/smb.conf</filename> "
16104
16154
"commenting out the default <emphasis>passdb backend</emphasis> parameter and "
16105
16155
"adding some ldap-related ones:"
16106
16156
msgstr ""
16107
16157
16108
#: serverguide/C/network-auth.xml:2478(programlisting)
16158
#: serverguide/C/network-auth.xml:2507(programlisting)
16109
16159
#, no-wrap
16110
16160
msgid ""
16111
16161
"\n"
16125
16175
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16126
16176
msgstr ""
16127
16177
16128
#: serverguide/C/network-auth.xml:2495(para)
16178
#: serverguide/C/network-auth.xml:2524(para)
16129
16179
msgid "Change the values to match your environment."
16130
16180
msgstr ""
16131
16181
16132
#: serverguide/C/network-auth.xml:2499(para)
16182
#: serverguide/C/network-auth.xml:2528(para)
16133
16183
msgid "Restart <application>samba</application> to enable the new settings:"
16134
16184
msgstr ""
16135
16185
16136
#: serverguide/C/network-auth.xml:2508(para)
16186
#: serverguide/C/network-auth.xml:2537(para)
16137
16187
msgid ""
16138
16188
"Now inform Samba about the rootDN user's password (the one set during the "
16139
16189
"installation of the slapd package):"
16140
16190
msgstr ""
16141
16191
16142
#: serverguide/C/network-auth.xml:2513(command)
16192
#: serverguide/C/network-auth.xml:2542(command)
16143
16193
msgid "sudo smbpasswd -w password"
16144
16194
msgstr ""
16145
16195
16146
#: serverguide/C/network-auth.xml:2516(para)
16196
#: serverguide/C/network-auth.xml:2545(para)
16147
16197
msgid ""
16148
16198
"If you have existing LDAP users that you want to include in your new LDAP-"
16149
16199
"backed Samba they will, of course, also need to be given some of the extra "
16153
16203
"<application>libnss-ldap</application>):"
16154
16204
msgstr ""
16155
16205
16156
#: serverguide/C/network-auth.xml:2524(command)
16206
#: serverguide/C/network-auth.xml:2553(command)
16157
16207
msgid "sudo smbpasswd -a username"
16158
16208
msgstr ""
16159
16209
16160
#: serverguide/C/network-auth.xml:2527(para)
16210
#: serverguide/C/network-auth.xml:2556(para)
16161
16211
msgid ""
16162
16212
"You will prompted to enter a password. It will be considered as the new "
16163
16213
"password for that user. Making it the same as before is reasonable."
16164
16214
msgstr ""
16165
16215
16166
#: serverguide/C/network-auth.xml:2531(para)
16216
#: serverguide/C/network-auth.xml:2560(para)
16167
16217
msgid ""
16168
16218
"To manage user, group, and machine accounts use the utilities provided by "
16169
16219
"the <application>smbldap-tools</application> package. Here are some examples:"
16170
16220
msgstr ""
16171
16221
16172
#: serverguide/C/network-auth.xml:2539(para)
16222
#: serverguide/C/network-auth.xml:2568(para)
16173
16223
msgid "To add a new user:"
16174
16224
msgstr ""
16175
16225
16176
#: serverguide/C/network-auth.xml:2544(command)
16226
#: serverguide/C/network-auth.xml:2573(command)
16177
16227
msgid "sudo smbldap-useradd -a -P username"
16178
16228
msgstr ""
16179
16229
16180
#: serverguide/C/network-auth.xml:2547(para)
16230
#: serverguide/C/network-auth.xml:2576(para)
16181
16231
msgid ""
16182
16232
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16183
16233
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16185
16235
"a password for the user."
16186
16236
msgstr ""
16187
16237
16188
#: serverguide/C/network-auth.xml:2554(para)
16238
#: serverguide/C/network-auth.xml:2583(para)
16189
16239
msgid "To remove a user:"
16190
16240
msgstr ""
16191
16241
16192
#: serverguide/C/network-auth.xml:2559(command)
16242
#: serverguide/C/network-auth.xml:2588(command)
16193
16243
msgid "sudo smbldap-userdel username"
16194
16244
msgstr ""
16195
16245
16196
#: serverguide/C/network-auth.xml:2562(para)
16246
#: serverguide/C/network-auth.xml:2591(para)
16197
16247
msgid ""
16198
16248
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16199
16249
"user's home directory."
16200
16250
msgstr ""
16201
16251
16202
#: serverguide/C/network-auth.xml:2568(para)
16252
#: serverguide/C/network-auth.xml:2597(para)
16203
16253
msgid "To add a group:"
16204
16254
msgstr ""
16205
16255
16206
#: serverguide/C/network-auth.xml:2573(command)
16256
#: serverguide/C/network-auth.xml:2602(command)
16207
16257
msgid "sudo smbldap-groupadd -a groupname"
16208
16258
msgstr ""
16209
16259
16210
#: serverguide/C/network-auth.xml:2576(para)
16260
#: serverguide/C/network-auth.xml:2605(para)
16211
16261
msgid ""
16212
16262
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16213
16263
"a</emphasis> adds the Samba attributes."
16214
16264
msgstr ""
16215
16265
16216
#: serverguide/C/network-auth.xml:2582(para)
16266
#: serverguide/C/network-auth.xml:2611(para)
16217
16267
msgid "To make an existing user a member of a group:"
16218
16268
msgstr ""
16219
16269
16220
#: serverguide/C/network-auth.xml:2587(command)
16270
#: serverguide/C/network-auth.xml:2616(command)
16221
16271
msgid "sudo smbldap-groupmod -m username groupname"
16222
16272
msgstr ""
16223
16273
16224
#: serverguide/C/network-auth.xml:2590(para)
16274
#: serverguide/C/network-auth.xml:2619(para)
16225
16275
msgid ""
16226
16276
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16227
16277
"listing them in comma-separated format."
16228
16278
msgstr ""
16229
16279
16230
#: serverguide/C/network-auth.xml:2596(para)
16280
#: serverguide/C/network-auth.xml:2625(para)
16231
16281
msgid "To remove a user from a group:"
16232
16282
msgstr ""
16233
16283
16234
#: serverguide/C/network-auth.xml:2601(command)
16284
#: serverguide/C/network-auth.xml:2630(command)
16235
16285
msgid "sudo smbldap-groupmod -x username groupname"
16236
16286
msgstr ""
16237
16287
16238
#: serverguide/C/network-auth.xml:2607(para)
16288
#: serverguide/C/network-auth.xml:2636(para)
16239
16289
msgid "To add a Samba machine account:"
16240
16290
msgstr ""
16241
16291
16242
#: serverguide/C/network-auth.xml:2612(command)
16292
#: serverguide/C/network-auth.xml:2641(command)
16243
16293
msgid "sudo smbldap-useradd -t 0 -w username"
16244
16294
msgstr ""
16245
16295
16246
#: serverguide/C/network-auth.xml:2615(para)
16296
#: serverguide/C/network-auth.xml:2644(para)
16247
16297
msgid ""
16248
16298
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16249
16299
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16253
16303
"<application>smbldap-useradd</application>."
16254
16304
msgstr ""
16255
16305
16256
#: serverguide/C/network-auth.xml:2624(para)
16306
#: serverguide/C/network-auth.xml:2653(para)
16257
16307
msgid ""
16258
16308
"There are utilities in the <application>smbldap-tools</application> package "
16259
16309
"that were not covered here. Here is a complete list:"
16260
16310
msgstr ""
16261
16311
16262
#: serverguide/C/network-auth.xml:2629(ulink)
16312
#: serverguide/C/network-auth.xml:2658(ulink)
16263
16313
msgid "smbldap-groupadd"
16264
16314
msgstr ""
16265
16315
16266
#: serverguide/C/network-auth.xml:2630(ulink)
16316
#: serverguide/C/network-auth.xml:2659(ulink)
16267
16317
msgid "smbldap-groupdel"
16268
16318
msgstr ""
16269
16319
16270
#: serverguide/C/network-auth.xml:2631(ulink)
16320
#: serverguide/C/network-auth.xml:2660(ulink)
16271
16321
msgid "smbldap-groupmod"
16272
16322
msgstr ""
16273
16323
16274
#: serverguide/C/network-auth.xml:2632(ulink)
16324
#: serverguide/C/network-auth.xml:2661(ulink)
16275
16325
msgid "smbldap-groupshow"
16276
16326
msgstr ""
16277
16327
16278
#: serverguide/C/network-auth.xml:2633(ulink)
16328
#: serverguide/C/network-auth.xml:2662(ulink)
16279
16329
msgid "smbldap-passwd"
16280
16330
msgstr ""
16281
16331
16282
#: serverguide/C/network-auth.xml:2634(ulink)
16332
#: serverguide/C/network-auth.xml:2663(ulink)
16283
16333
msgid "smbldap-populate"
16284
16334
msgstr ""
16285
16335
16286
#: serverguide/C/network-auth.xml:2635(ulink)
16336
#: serverguide/C/network-auth.xml:2664(ulink)
16287
16337
msgid "smbldap-useradd"
16288
16338
msgstr ""
16289
16339
16290
#: serverguide/C/network-auth.xml:2636(ulink)
16340
#: serverguide/C/network-auth.xml:2665(ulink)
16291
16341
msgid "smbldap-userdel"
16292
16342
msgstr ""
16293
16343
16294
#: serverguide/C/network-auth.xml:2637(ulink)
16344
#: serverguide/C/network-auth.xml:2666(ulink)
16295
16345
msgid "smbldap-userinfo"
16296
16346
msgstr ""
16297
16347
16298
#: serverguide/C/network-auth.xml:2638(ulink)
16348
#: serverguide/C/network-auth.xml:2667(ulink)
16299
16349
msgid "smbldap-userlist"
16300
16350
msgstr ""
16301
16351
16302
#: serverguide/C/network-auth.xml:2639(ulink)
16352
#: serverguide/C/network-auth.xml:2668(ulink)
16303
16353
msgid "smbldap-usermod"
16304
16354
msgstr ""
16305
16355
16306
#: serverguide/C/network-auth.xml:2640(ulink)
16356
#: serverguide/C/network-auth.xml:2669(ulink)
16307
16357
msgid "smbldap-usershow"
16308
16358
msgstr ""
16309
16359
16310
#: serverguide/C/network-auth.xml:2651(para)
16360
#: serverguide/C/network-auth.xml:2677(para)
16311
16361
msgid ""
16312
16362
"For more information on installing and configuring Samba see <xref "
16313
16363
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16314
16364
msgstr ""
16315
16365
16316
#: serverguide/C/network-auth.xml:2657(para)
16366
#: serverguide/C/network-auth.xml:2686(para)
16317
16367
msgid ""
16318
16368
"There are multiple places where LDAP and Samba is documented in the upstream "
16319
16369
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16320
16370
"HOWTO Collection</ulink>."
16321
16371
msgstr ""
16322
16372
16323
#: serverguide/C/network-auth.xml:2664(para)
16373
#: serverguide/C/network-auth.xml:2693(para)
16324
16374
msgid ""
16325
16375
"Regarding the above, see specifically the <ulink "
16326
16376
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16327
16377
"Collection/passdb.html\">passdb section</ulink>."
16328
16378
msgstr ""
16329
16379
16330
#: serverguide/C/network-auth.xml:2670(para)
16380
#: serverguide/C/network-auth.xml:2699(para)
16331
16381
msgid ""
16332
16382
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16333
16383
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16334
16384
"valuable notes."
16335
16385
msgstr ""
16336
16386
16337
#: serverguide/C/network-auth.xml:2676(para)
16387
#: serverguide/C/network-auth.xml:2705(para)
16338
16388
msgid ""
16339
16389
"The main page of the <ulink "
16340
16390
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16342
16392
"prove useful."
16343
16393
msgstr ""
16344
16394
16345
#: serverguide/C/network-auth.xml:2689(title)
16395
#: serverguide/C/network-auth.xml:2718(title)
16346
16396
msgid "Kerberos"
16347
16397
msgstr ""
16348
16398
16349
#: serverguide/C/network-auth.xml:2691(para)
16399
#: serverguide/C/network-auth.xml:2720(para)
16350
16400
msgid ""
16351
16401
"<application>Kerberos</application> is a network authentication system based "
16352
16402
"on the principal of a trusted third party. The other two parties being the "
16355
16405
"network environment one step closer to being Single Sign On (SSO)."
16356
16406
msgstr ""
16357
16407
16358
#: serverguide/C/network-auth.xml:2697(para)
16408
#: serverguide/C/network-auth.xml:2726(para)
16359
16409
msgid ""
16360
16410
"This section covers installation and configuration of a Kerberos server, and "
16361
16411
"some example client configurations."
16362
16412
msgstr ""
16363
16413
16364
#: serverguide/C/network-auth.xml:2702(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:545(title)
16414
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16365
16415
msgid "Overview"
16366
16416
msgstr ""
16367
16417
16368
#: serverguide/C/network-auth.xml:2704(para)
16418
#: serverguide/C/network-auth.xml:2733(para)
16369
16419
msgid ""
16370
16420
"If you are new to Kerberos there are a few terms that are good to understand "
16371
16421
"before setting up a Kerberos server. Most of the terms will relate to things "
16372
16422
"you may be familiar with in other environments:"
16373
16423
msgstr ""
16374
16424
16375
#: serverguide/C/network-auth.xml:2711(para)
16425
#: serverguide/C/network-auth.xml:2740(para)
16376
16426
msgid ""
16377
16427
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16378
16428
"by servers need to be defined as Kerberos Principals."
16379
16429
msgstr ""
16380
16430
16381
#: serverguide/C/network-auth.xml:2716(para)
16431
#: serverguide/C/network-auth.xml:2745(para)
16382
16432
msgid ""
16383
16433
"<emphasis>Instances:</emphasis> are used for service principals and special "
16384
16434
"administrative principals."
16385
16435
msgstr ""
16386
16436
16387
#: serverguide/C/network-auth.xml:2721(para)
16437
#: serverguide/C/network-auth.xml:2750(para)
16388
16438
msgid ""
16389
16439
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16390
16440
"Kerberos installation. Think of it as the domain or group your hosts and "
16393
16443
"as the realm."
16394
16444
msgstr ""
16395
16445
16396
#: serverguide/C/network-auth.xml:2730(para)
16446
#: serverguide/C/network-auth.xml:2759(para)
16397
16447
msgid ""
16398
16448
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16399
16449
"a database of all principals, the authentication server, and the ticket "
16400
16450
"granting server. For each realm there must be at least one KDC."
16401
16451
msgstr ""
16402
16452
16403
#: serverguide/C/network-auth.xml:2736(para)
16453
#: serverguide/C/network-auth.xml:2765(para)
16404
16454
msgid ""
16405
16455
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16406
16456
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16407
16457
"password which is known only to the user and the KDC."
16408
16458
msgstr ""
16409
16459
16410
#: serverguide/C/network-auth.xml:2742(para)
16460
#: serverguide/C/network-auth.xml:2771(para)
16411
16461
msgid ""
16412
16462
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16413
16463
"clients upon request."
16414
16464
msgstr ""
16415
16465
16416
#: serverguide/C/network-auth.xml:2747(para)
16466
#: serverguide/C/network-auth.xml:2776(para)
16417
16467
msgid ""
16418
16468
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16419
16469
"One principal being a user and the other a service requested by the user. "
16421
16471
"authenticated session."
16422
16472
msgstr ""
16423
16473
16424
#: serverguide/C/network-auth.xml:2753(para)
16474
#: serverguide/C/network-auth.xml:2782(para)
16425
16475
msgid ""
16426
16476
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16427
16477
"principal database and contain the encryption key for a service or host."
16428
16478
msgstr ""
16429
16479
16430
#: serverguide/C/network-auth.xml:2760(para)
16480
#: serverguide/C/network-auth.xml:2789(para)
16431
16481
msgid ""
16432
16482
"To put the pieces together, a Realm has at least one KDC, preferably more "
16433
16483
"for redundancy, which contains a database of Principals. When a user "
16439
16489
"entering another username and password."
16440
16490
msgstr ""
16441
16491
16442
#: serverguide/C/network-auth.xml:2769(title)
16492
#: serverguide/C/network-auth.xml:2798(title)
16443
16493
msgid "Kerberos Server"
16444
16494
msgstr ""
16445
16495
16446
#: serverguide/C/network-auth.xml:2773(para)
16496
#: serverguide/C/network-auth.xml:2802(para)
16447
16497
msgid ""
16448
16498
"For this discussion, we will create a MIT Kerberos domain with the following "
16449
16499
"features (edit them to fit your needs):"
16450
16500
msgstr ""
16451
16501
16452
#: serverguide/C/network-auth.xml:2780(para)
16502
#: serverguide/C/network-auth.xml:2809(para)
16453
16503
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16454
16504
msgstr ""
16455
16505
16456
#: serverguide/C/network-auth.xml:2785(para)
16506
#: serverguide/C/network-auth.xml:2814(para)
16457
16507
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16458
16508
msgstr ""
16459
16509
16460
#: serverguide/C/network-auth.xml:2790(para)
16510
#: serverguide/C/network-auth.xml:2819(para)
16461
16511
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16462
16512
msgstr ""
16463
16513
16464
#: serverguide/C/network-auth.xml:2795(para)
16514
#: serverguide/C/network-auth.xml:2824(para)
16465
16515
msgid "<emphasis>User principal:</emphasis> steve"
16466
16516
msgstr ""
16467
16517
16468
#: serverguide/C/network-auth.xml:2800(para)
16518
#: serverguide/C/network-auth.xml:2829(para)
16469
16519
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16470
16520
msgstr ""
16471
16521
16472
#: serverguide/C/network-auth.xml:2807(para)
16522
#: serverguide/C/network-auth.xml:2836(para)
16473
16523
msgid ""
16474
16524
"It is <emphasis>strongly</emphasis> recommended that your network-"
16475
16525
"authenticated users have their uid in a different range (say, starting at "
16476
16526
"5000) than that of your local users."
16477
16527
msgstr ""
16478
16528
16479
#: serverguide/C/network-auth.xml:2813(para)
16529
#: serverguide/C/network-auth.xml:2842(para)
16480
16530
msgid ""
16481
16531
"Before installing the Kerberos server a properly configured DNS server is "
16482
16532
"needed for your domain. Since the Kerberos Realm by convention matches the "
16485
16535
"documentation."
16486
16536
msgstr ""
16487
16537
16488
#: serverguide/C/network-auth.xml:2819(para)
16538
#: serverguide/C/network-auth.xml:2848(para)
16489
16539
msgid ""
16490
16540
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16491
16541
"between a client machine and the server differs by more than five minutes "
16495
16545
"setting up NTP see <xref linkend=\"NTP\"/>."
16496
16546
msgstr ""
16497
16547
16498
#: serverguide/C/network-auth.xml:2827(para)
16548
#: serverguide/C/network-auth.xml:2856(para)
16499
16549
msgid ""
16500
16550
"The first step in creating a Kerberos Realm is to install the "
16501
16551
"<application>krb5-kdc</application> and <application>krb5-admin-"
16502
16552
"server</application> packages. From a terminal enter:"
16503
16553
msgstr ""
16504
16554
16505
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:3040(command)
16555
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16506
16556
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16507
16557
msgstr ""
16508
16558
16509
#: serverguide/C/network-auth.xml:2836(para)
16559
#: serverguide/C/network-auth.xml:2865(para)
16510
16560
msgid ""
16511
16561
"You will be asked at the end of the install to supply the hostname for the "
16512
16562
"Kerberos and Admin servers, which may or may not be the same server, for the "
16513
16563
"realm."
16514
16564
msgstr ""
16515
16565
16516
#: serverguide/C/network-auth.xml:2843(para)
16566
#: serverguide/C/network-auth.xml:2872(para)
16517
16567
msgid "By default the realm is created from the KDC's domain name."
16518
16568
msgstr ""
16519
16569
16520
#: serverguide/C/network-auth.xml:2848(para)
16570
#: serverguide/C/network-auth.xml:2877(para)
16521
16571
msgid ""
16522
16572
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16523
16573
"utility:"
16524
16574
msgstr ""
16525
16575
16526
#: serverguide/C/network-auth.xml:2853(command)
16576
#: serverguide/C/network-auth.xml:2882(command)
16527
16577
msgid "sudo krb5_newrealm"
16528
16578
msgstr ""
16529
16579
16530
#: serverguide/C/network-auth.xml:2860(para)
16580
#: serverguide/C/network-auth.xml:2889(para)
16531
16581
msgid ""
16532
16582
"The questions asked during installation are used to configure the "
16533
16583
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16537
16587
"typing"
16538
16588
msgstr ""
16539
16589
16540
#: serverguide/C/network-auth.xml:2867(command)
16590
#: serverguide/C/network-auth.xml:2896(command)
16541
16591
msgid "sudo dpkg-reconfigure krb5-kdc"
16542
16592
msgstr ""
16543
16593
16544
#: serverguide/C/network-auth.xml:2873(para)
16594
#: serverguide/C/network-auth.xml:2902(para)
16545
16595
msgid ""
16546
16596
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16547
16597
"principal</emphasis> -- is needed. It is recommended to use a different "
16549
16599
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16550
16600
msgstr ""
16551
16601
16552
#: serverguide/C/network-auth.xml:2881(command) serverguide/C/network-auth.xml:3751(command)
16602
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16553
16603
msgid "sudo kadmin.local"
16554
16604
msgstr ""
16555
16605
16556
#: serverguide/C/network-auth.xml:2882(computeroutput)
16606
#: serverguide/C/network-auth.xml:2911(computeroutput)
16557
16607
#, no-wrap
16558
16608
msgid ""
16559
16609
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16560
16610
"kadmin.local:"
16561
16611
msgstr ""
16562
16612
16563
#: serverguide/C/network-auth.xml:2883(userinput)
16613
#: serverguide/C/network-auth.xml:2912(userinput)
16564
16614
#, no-wrap
16565
16615
msgid " addprinc steve/admin"
16566
16616
msgstr ""
16567
16617
16568
#: serverguide/C/network-auth.xml:2884(computeroutput)
16618
#: serverguide/C/network-auth.xml:2913(computeroutput)
16569
16619
#, no-wrap
16570
16620
msgid ""
16571
16621
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16576
16626
"kadmin.local:"
16577
16627
msgstr ""
16578
16628
16579
#: serverguide/C/network-auth.xml:2888(userinput)
16629
#: serverguide/C/network-auth.xml:2917(userinput)
16580
16630
#, no-wrap
16581
16631
msgid " quit"
16582
16632
msgstr ""
16583
16633
16584
#: serverguide/C/network-auth.xml:2891(para)
16634
#: serverguide/C/network-auth.xml:2920(para)
16585
16635
msgid ""
16586
16636
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16587
16637
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16593
16643
"rights."
16594
16644
msgstr ""
16595
16645
16596
#: serverguide/C/network-auth.xml:2901(para)
16646
#: serverguide/C/network-auth.xml:2930(para)
16597
16647
msgid ""
16598
16648
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16599
16649
"your Realm and admin username."
16600
16650
msgstr ""
16601
16651
16602
#: serverguide/C/network-auth.xml:2909(para)
16652
#: serverguide/C/network-auth.xml:2938(para)
16603
16653
msgid ""
16604
16654
"Next, the new admin user needs to have the appropriate Access Control List "
16605
16655
"(ACL) permissions. The permissions are configured in the "
16606
16656
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16607
16657
msgstr ""
16608
16658
16609
#: serverguide/C/network-auth.xml:2914(programlisting)
16659
#: serverguide/C/network-auth.xml:2943(programlisting)
16610
16660
#, no-wrap
16611
16661
msgid ""
16612
16662
"\n"
16613
16663
"steve/admin@EXAMPLE.COM *\n"
16614
16664
msgstr ""
16615
16665
16616
#: serverguide/C/network-auth.xml:2918(para)
16666
#: serverguide/C/network-auth.xml:2947(para)
16617
16667
msgid ""
16618
16668
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16619
16669
"any operation on all principals in the realm. You can configure principals "
16622
16672
"<emphasis>kadm5.acl</emphasis> man page for details."
16623
16673
msgstr ""
16624
16674
16625
#: serverguide/C/network-auth.xml:2930(para)
16675
#: serverguide/C/network-auth.xml:2959(para)
16626
16676
msgid ""
16627
16677
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16628
16678
"to take affect:"
16629
16679
msgstr ""
16630
16680
16631
#: serverguide/C/network-auth.xml:2935(command)
16681
#: serverguide/C/network-auth.xml:2961(command)
16632
16682
msgid "sudo service krb5-admin-server restart"
16633
16683
msgstr ""
16634
16684
16635
#: serverguide/C/network-auth.xml:2941(para)
16685
#: serverguide/C/network-auth.xml:2970(para)
16636
16686
msgid ""
16637
16687
"The new user principal can be tested using the <application>kinit "
16638
16688
"utility</application>:"
16639
16689
msgstr ""
16640
16690
16641
#: serverguide/C/network-auth.xml:2946(command)
16691
#: serverguide/C/network-auth.xml:2975(command)
16642
16692
msgid "kinit steve/admin"
16643
16693
msgstr ""
16644
16694
16645
#: serverguide/C/network-auth.xml:2947(computeroutput)
16695
#: serverguide/C/network-auth.xml:2976(computeroutput)
16646
16696
#, no-wrap
16647
16697
msgid "steve/admin@EXAMPLE.COM's Password:"
16648
16698
msgstr ""
16649
16699
16650
#: serverguide/C/network-auth.xml:2950(para)
16700
#: serverguide/C/network-auth.xml:2979(para)
16651
16701
msgid ""
16652
16702
"After entering the password, use the <application>klist</application> "
16653
16703
"utility to view information about the Ticket Granting Ticket (TGT):"
16654
16704
msgstr ""
16655
16705
16656
#: serverguide/C/network-auth.xml:2956(command) serverguide/C/network-auth.xml:3333(command)
16706
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16657
16707
msgid "klist"
16658
16708
msgstr ""
16659
16709
16660
#: serverguide/C/network-auth.xml:2957(computeroutput)
16710
#: serverguide/C/network-auth.xml:2986(computeroutput)
16661
16711
#, no-wrap
16662
16712
msgid ""
16663
16713
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16667
16717
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16668
16718
msgstr ""
16669
16719
16670
#: serverguide/C/network-auth.xml:2964(para)
16720
#: serverguide/C/network-auth.xml:2993(para)
16671
16721
msgid ""
16672
16722
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
16673
16723
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
16676
16726
"For example:"
16677
16727
msgstr ""
16678
16728
16679
#: serverguide/C/network-auth.xml:2973(programlisting)
16729
#: serverguide/C/network-auth.xml:3002(programlisting)
16680
16730
#, no-wrap
16681
16731
msgid ""
16682
16732
"\n"
16683
16733
"192.168.0.1 kdc01.example.com kdc01\n"
16684
16734
msgstr ""
16685
16735
16686
#: serverguide/C/network-auth.xml:2977(para)
16736
#: serverguide/C/network-auth.xml:3006(para)
16687
16737
msgid ""
16688
16738
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
16689
16739
"This usually happens when you have a Kerberos realm encompassing different "
16690
16740
"networks separated by routers."
16691
16741
msgstr ""
16692
16742
16693
#: serverguide/C/network-auth.xml:2986(para)
16743
#: serverguide/C/network-auth.xml:3015(para)
16694
16744
msgid ""
16695
16745
"The best way to allow clients to automatically determine the KDC for the "
16696
16746
"Realm is using DNS SRV records. Add the following to "
16697
16747
"<filename>/etc/named/db.example.com</filename>:"
16698
16748
msgstr ""
16699
16749
16700
#: serverguide/C/network-auth.xml:2992(programlisting)
16750
#: serverguide/C/network-auth.xml:3021(programlisting)
16701
16751
#, no-wrap
16702
16752
msgid ""
16703
16753
"\n"
16709
16759
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16710
16760
msgstr ""
16711
16761
16712
#: serverguide/C/network-auth.xml:3002(para)
16762
#: serverguide/C/network-auth.xml:3031(para)
16713
16763
msgid ""
16714
16764
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16715
16765
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16716
16766
"KDC."
16717
16767
msgstr ""
16718
16768
16719
#: serverguide/C/network-auth.xml:3008(para)
16769
#: serverguide/C/network-auth.xml:3037(para)
16720
16770
msgid ""
16721
16771
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16722
16772
msgstr ""
16723
16773
16724
#: serverguide/C/network-auth.xml:3015(para)
16774
#: serverguide/C/network-auth.xml:3044(para)
16725
16775
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16726
16776
msgstr ""
16727
16777
16728
#: serverguide/C/network-auth.xml:3022(title)
16778
#: serverguide/C/network-auth.xml:3051(title)
16729
16779
msgid "Secondary KDC"
16730
16780
msgstr ""
16731
16781
16732
#: serverguide/C/network-auth.xml:3024(para)
16782
#: serverguide/C/network-auth.xml:3053(para)
16733
16783
msgid ""
16734
16784
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16735
16785
"practice to have a Secondary KDC in case the primary becomes unavailable. "
16738
16788
"of those networks."
16739
16789
msgstr ""
16740
16790
16741
#: serverguide/C/network-auth.xml:3035(para)
16791
#: serverguide/C/network-auth.xml:3064(para)
16742
16792
msgid ""
16743
16793
"First, install the packages, and when asked for the Kerberos and Admin "
16744
16794
"server names enter the name of the Primary KDC:"
16745
16795
msgstr ""
16746
16796
16747
#: serverguide/C/network-auth.xml:3046(para)
16797
#: serverguide/C/network-auth.xml:3075(para)
16748
16798
msgid ""
16749
16799
"Once you have the packages installed, create the Secondary KDC's host "
16750
16800
"principal. From a terminal prompt, enter:"
16751
16801
msgstr ""
16752
16802
16753
#: serverguide/C/network-auth.xml:3051(command)
16803
#: serverguide/C/network-auth.xml:3080(command)
16754
16804
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16755
16805
msgstr ""
16756
16806
16757
#: serverguide/C/network-auth.xml:3055(para)
16807
#: serverguide/C/network-auth.xml:3084(para)
16758
16808
msgid ""
16759
16809
"After, issuing any <application>kadmin</application> commands you will be "
16760
16810
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16761
16811
"password."
16762
16812
msgstr ""
16763
16813
16764
#: serverguide/C/network-auth.xml:3064(para)
16814
#: serverguide/C/network-auth.xml:3093(para)
16765
16815
msgid "Extract the <emphasis>keytab</emphasis> file:"
16766
16816
msgstr ""
16767
16817
16768
#: serverguide/C/network-auth.xml:3069(command)
16818
#: serverguide/C/network-auth.xml:3098(command)
16769
16819
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16770
16820
msgstr ""
16771
16821
16772
#: serverguide/C/network-auth.xml:3075(para)
16822
#: serverguide/C/network-auth.xml:3104(para)
16773
16823
msgid ""
16774
16824
"There should now be a <filename>keytab.kdc02</filename> in the current "
16775
16825
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16776
16826
msgstr ""
16777
16827
16778
#: serverguide/C/network-auth.xml:3081(command)
16828
#: serverguide/C/network-auth.xml:3110(command)
16779
16829
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16780
16830
msgstr ""
16781
16831
16782
#: serverguide/C/network-auth.xml:3085(para)
16832
#: serverguide/C/network-auth.xml:3114(para)
16783
16833
msgid ""
16784
16834
"If the path to the <filename>keytab.kdc02</filename> file is different "
16785
16835
"adjust accordingly."
16786
16836
msgstr ""
16787
16837
16788
#: serverguide/C/network-auth.xml:3090(para)
16838
#: serverguide/C/network-auth.xml:3119(para)
16789
16839
msgid ""
16790
16840
"Also, you can list the principals in a Keytab file, which can be useful when "
16791
16841
"troubleshooting, using the <application>klist</application> utility:"
16792
16842
msgstr ""
16793
16843
16794
#: serverguide/C/network-auth.xml:3096(command)
16844
#: serverguide/C/network-auth.xml:3125(command)
16795
16845
msgid "sudo klist -k /etc/krb5.keytab"
16796
16846
msgstr ""
16797
16847
16798
#: serverguide/C/network-auth.xml:3099(para)
16848
#: serverguide/C/network-auth.xml:3128(para)
16799
16849
msgid ""
16800
16850
"The <application>-k</application> option indicates the file is a keytab file."
16801
16851
msgstr ""
16802
16852
16803
#: serverguide/C/network-auth.xml:3106(para)
16853
#: serverguide/C/network-auth.xml:3135(para)
16804
16854
msgid ""
16805
16855
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16806
16856
"that lists all KDCs for the Realm. For example, on both primary and "
16807
16857
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16808
16858
msgstr ""
16809
16859
16810
#: serverguide/C/network-auth.xml:3111(programlisting)
16860
#: serverguide/C/network-auth.xml:3140(programlisting)
16811
16861
#, no-wrap
16812
16862
msgid ""
16813
16863
"\n"
16815
16865
"host/kdc02.example.com@EXAMPLE.COM\n"
16816
16866
msgstr ""
16817
16867
16818
#: serverguide/C/network-auth.xml:3119(para)
16868
#: serverguide/C/network-auth.xml:3148(para)
16819
16869
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16820
16870
msgstr ""
16821
16871
16822
#: serverguide/C/network-auth.xml:3124(command)
16872
#: serverguide/C/network-auth.xml:3153(command)
16823
16873
msgid "sudo kdb5_util -s create"
16824
16874
msgstr ""
16825
16875
16826
#: serverguide/C/network-auth.xml:3130(para)
16876
#: serverguide/C/network-auth.xml:3159(para)
16827
16877
msgid ""
16828
16878
"Now start the <application>kpropd</application> daemon, which listens for "
16829
16879
"connections from the <application>kprop</application> utility. "
16830
16880
"<application>kprop</application> is used to transfer dump files:"
16831
16881
msgstr ""
16832
16882
16833
#: serverguide/C/network-auth.xml:3137(command)
16883
#: serverguide/C/network-auth.xml:3166(command)
16834
16884
msgid "sudo kpropd -S"
16835
16885
msgstr ""
16836
16886
16837
#: serverguide/C/network-auth.xml:3143(para)
16887
#: serverguide/C/network-auth.xml:3172(para)
16838
16888
msgid ""
16839
16889
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16840
16890
"of the principal database:"
16841
16891
msgstr ""
16842
16892
16843
#: serverguide/C/network-auth.xml:3148(command)
16893
#: serverguide/C/network-auth.xml:3177(command)
16844
16894
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16845
16895
msgstr ""
16846
16896
16847
#: serverguide/C/network-auth.xml:3154(para)
16897
#: serverguide/C/network-auth.xml:3183(para)
16848
16898
msgid ""
16849
16899
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16850
16900
"<filename>/etc/krb5.keytab</filename>:"
16851
16901
msgstr ""
16852
16902
16853
#: serverguide/C/network-auth.xml:3159(command)
16903
#: serverguide/C/network-auth.xml:3188(command)
16854
16904
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16855
16905
msgstr ""
16856
16906
16857
#: serverguide/C/network-auth.xml:3160(command)
16907
#: serverguide/C/network-auth.xml:3189(command)
16858
16908
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16859
16909
msgstr ""
16860
16910
16861
#: serverguide/C/network-auth.xml:3164(para)
16911
#: serverguide/C/network-auth.xml:3193(para)
16862
16912
msgid ""
16863
16913
"Make sure there is a <emphasis>host</emphasis> for "
16864
16914
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16865
16915
msgstr ""
16866
16916
16867
#: serverguide/C/network-auth.xml:3172(para)
16917
#: serverguide/C/network-auth.xml:3201(para)
16868
16918
msgid ""
16869
16919
"Using the <application>kprop</application> utility push the database to the "
16870
16920
"Secondary KDC:"
16871
16921
msgstr ""
16872
16922
16873
#: serverguide/C/network-auth.xml:3177(command)
16923
#: serverguide/C/network-auth.xml:3206(command)
16874
16924
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16875
16925
msgstr ""
16876
16926
16877
#: serverguide/C/network-auth.xml:3181(para)
16927
#: serverguide/C/network-auth.xml:3210(para)
16878
16928
msgid ""
16879
16929
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16880
16930
"worked. If there is an error message check "
16882
16932
"information."
16883
16933
msgstr ""
16884
16934
16885
#: serverguide/C/network-auth.xml:3187(para)
16935
#: serverguide/C/network-auth.xml:3216(para)
16886
16936
msgid ""
16887
16937
"You may also want to create a <application>cron</application> job to "
16888
16938
"periodically update the database on the Secondary KDC. For example, the "
16890
16940
"split to fit the format of this document):"
16891
16941
msgstr ""
16892
16942
16893
#: serverguide/C/network-auth.xml:3192(programlisting)
16943
#: serverguide/C/network-auth.xml:3221(programlisting)
16894
16944
#, no-wrap
16895
16945
msgid ""
16896
16946
"\n"
16899
16949
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16900
16950
msgstr ""
16901
16951
16902
#: serverguide/C/network-auth.xml:3201(para)
16952
#: serverguide/C/network-auth.xml:3230(para)
16903
16953
msgid ""
16904
16954
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16905
16955
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16906
16956
msgstr ""
16907
16957
16908
#: serverguide/C/network-auth.xml:3207(command)
16958
#: serverguide/C/network-auth.xml:3236(command)
16909
16959
msgid "sudo kdb5_util stash"
16910
16960
msgstr ""
16911
16961
16912
#: serverguide/C/network-auth.xml:3213(para)
16962
#: serverguide/C/network-auth.xml:3242(para)
16913
16963
msgid ""
16914
16964
"Finally, start the <application>krb5-kdc</application> daemon on the "
16915
16965
"Secondary KDC:"
16916
16966
msgstr ""
16917
16967
16918
#: serverguide/C/network-auth.xml:3218(command) serverguide/C/network-auth.xml:3894(command)
16968
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
16919
16969
msgid "sudo service krb5-kdc start"
16920
16970
msgstr ""
16921
16971
16922
#: serverguide/C/network-auth.xml:3224(para)
16972
#: serverguide/C/network-auth.xml:3253(para)
16923
16973
msgid ""
16924
16974
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16925
16975
"for the Realm. You can test this by stopping the <application>krb5-"
16930
16980
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
16931
16981
msgstr ""
16932
16982
16933
#: serverguide/C/network-auth.xml:3235(title)
16983
#: serverguide/C/network-auth.xml:3264(title)
16934
16984
msgid "Kerberos Linux Client"
16935
16985
msgstr ""
16936
16986
16937
#: serverguide/C/network-auth.xml:3237(para)
16987
#: serverguide/C/network-auth.xml:3266(para)
16938
16988
msgid ""
16939
16989
"This section covers configuring a Linux system as a "
16940
16990
"<application>Kerberos</application> client. This will allow access to any "
16941
16991
"kerberized services once a user has successfully logged into the system."
16942
16992
msgstr ""
16943
16993
16944
#: serverguide/C/network-auth.xml:3245(para)
16994
#: serverguide/C/network-auth.xml:3274(para)
16945
16995
msgid ""
16946
16996
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16947
16997
"user</application> and <application>libpam-krb5</application> packages are "
16950
17000
"prompt:"
16951
17001
msgstr ""
16952
17002
16953
#: serverguide/C/network-auth.xml:3252(command)
17003
#: serverguide/C/network-auth.xml:3281(command)
16954
17004
msgid ""
16955
17005
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16956
17006
msgstr ""
16957
17007
16958
#: serverguide/C/network-auth.xml:3255(para)
17008
#: serverguide/C/network-auth.xml:3284(para)
16959
17009
msgid ""
16960
17010
"The <application>auth-client-config</application> package allows simple "
16961
17011
"configuration of PAM for authentication from multiple sources, and the "
16966
17016
"be accessed off the network as well."
16967
17017
msgstr ""
16968
17018
16969
#: serverguide/C/network-auth.xml:3266(para)
17019
#: serverguide/C/network-auth.xml:3295(para)
16970
17020
msgid "To configure the client in a terminal enter:"
16971
17021
msgstr ""
16972
17022
16973
#: serverguide/C/network-auth.xml:3271(command)
17023
#: serverguide/C/network-auth.xml:3300(command)
16974
17024
msgid "sudo dpkg-reconfigure krb5-config"
16975
17025
msgstr ""
16976
17026
16977
#: serverguide/C/network-auth.xml:3274(para)
17027
#: serverguide/C/network-auth.xml:3303(para)
16978
17028
msgid ""
16979
17029
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16980
17030
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16982
17032
"Center (KDC) and Realm Administration server."
16983
17033
msgstr ""
16984
17034
16985
#: serverguide/C/network-auth.xml:3280(para)
17035
#: serverguide/C/network-auth.xml:3309(para)
16986
17036
msgid ""
16987
17037
"The <application>dpkg-reconfigure</application> adds entries to the "
16988
17038
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16989
17039
"entries similar to the following:"
16990
17040
msgstr ""
16991
17041
16992
#: serverguide/C/network-auth.xml:3285(programlisting)
17042
#: serverguide/C/network-auth.xml:3311(programlisting)
16993
17043
#, no-wrap
16994
17044
msgid ""
16995
17045
"\n"
17003
17053
" }\n"
17004
17054
msgstr ""
17005
17055
17006
#: serverguide/C/network-auth.xml:3297(para)
17056
#: serverguide/C/network-auth.xml:3326(para)
17007
17057
msgid ""
17008
17058
"If you set the uid of each of your network-authenticated users to start at "
17009
17059
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17011
17061
"> 5000:"
17012
17062
msgstr ""
17013
17063
17014
#: serverguide/C/network-auth.xml:3305(command)
17064
#: serverguide/C/network-auth.xml:3334(command)
17015
17065
msgid ""
17016
17066
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17017
17067
"for i in common-auth common-session common-account common-password; do sudo "
17019
17069
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17020
17070
msgstr ""
17021
17071
17022
#: serverguide/C/network-auth.xml:3312(para)
17072
#: serverguide/C/network-auth.xml:3341(para)
17023
17073
msgid ""
17024
17074
"This will avoid being asked for the (non-existent) Kerberos password of a "
17025
17075
"locally authenticated user when changing its password using "
17026
17076
"<command>passwd</command>."
17027
17077
msgstr ""
17028
17078
17029
#: serverguide/C/network-auth.xml:3319(para)
17079
#: serverguide/C/network-auth.xml:3348(para)
17030
17080
msgid ""
17031
17081
"You can test the configuration by requesting a ticket using the "
17032
17082
"<application>kinit</application> utility. For example:"
17033
17083
msgstr ""
17034
17084
17035
#: serverguide/C/network-auth.xml:3324(command)
17085
#: serverguide/C/network-auth.xml:3353(command)
17036
17086
msgid "kinit steve@EXAMPLE.COM"
17037
17087
msgstr ""
17038
17088
17039
#: serverguide/C/network-auth.xml:3325(computeroutput)
17089
#: serverguide/C/network-auth.xml:3354(computeroutput)
17040
17090
#, no-wrap
17041
17091
msgid "Password for steve@EXAMPLE.COM:"
17042
17092
msgstr ""
17043
17093
17044
#: serverguide/C/network-auth.xml:3328(para)
17094
#: serverguide/C/network-auth.xml:3357(para)
17045
17095
msgid ""
17046
17096
"When a ticket has been granted, the details can be viewed using "
17047
17097
"<application>klist</application>:"
17048
17098
msgstr ""
17049
17099
17050
#: serverguide/C/network-auth.xml:3334(computeroutput)
17100
#: serverguide/C/network-auth.xml:3363(computeroutput)
17051
17101
#, no-wrap
17052
17102
msgid ""
17053
17103
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17062
17112
"klist: You have no tickets cached"
17063
17113
msgstr ""
17064
17114
17065
#: serverguide/C/network-auth.xml:3346(para)
17115
#: serverguide/C/network-auth.xml:3375(para)
17066
17116
msgid ""
17067
17117
"Next, use the <application>auth-client-config</application> to configure the "
17068
17118
"<application>libpam-krb5</application> module to request a ticket during "
17069
17119
"login:"
17070
17120
msgstr ""
17071
17121
17072
#: serverguide/C/network-auth.xml:3352(command)
17122
#: serverguide/C/network-auth.xml:3381(command)
17073
17123
msgid "sudo auth-client-config -a -p kerberos_example"
17074
17124
msgstr ""
17075
17125
17076
#: serverguide/C/network-auth.xml:3355(para)
17126
#: serverguide/C/network-auth.xml:3384(para)
17077
17127
msgid ""
17078
17128
"You will should now receive a ticket upon successful login authentication."
17079
17129
msgstr ""
17080
17130
17081
#: serverguide/C/network-auth.xml:3366(para)
17131
#: serverguide/C/network-auth.xml:3395(para)
17082
17132
msgid ""
17083
17133
"For more information on MIT's version of Kerberos, see the <ulink "
17084
17134
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17085
17135
msgstr ""
17086
17136
17087
#: serverguide/C/network-auth.xml:3371(para)
17137
#: serverguide/C/network-auth.xml:3400(para)
17088
17138
msgid ""
17089
17139
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17090
17140
"Kerberos</ulink> page has more details."
17091
17141
msgstr ""
17092
17142
17093
#: serverguide/C/network-auth.xml:3376(para)
17143
#: serverguide/C/network-auth.xml:3405(para)
17094
17144
msgid ""
17095
17145
"O'Reilly's <ulink "
17096
17146
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17097
17147
"Guide</ulink> is a great reference when setting up Kerberos."
17098
17148
msgstr ""
17099
17149
17100
#: serverguide/C/network-auth.xml:3382(para)
17150
#: serverguide/C/network-auth.xml:3411(para)
17101
17151
msgid ""
17102
17152
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17103
17153
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17104
17154
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17105
17155
msgstr ""
17106
17156
17107
#: serverguide/C/network-auth.xml:3394(title)
17157
#: serverguide/C/network-auth.xml:3423(title)
17108
17158
msgid "Kerberos and LDAP"
17109
17159
msgstr ""
17110
17160
17111
#: serverguide/C/network-auth.xml:3396(para)
17161
#: serverguide/C/network-auth.xml:3425(para)
17112
17162
msgid ""
17113
17163
"Most people will not use Kerberos by itself; once an user is authenticated "
17114
17164
"(Kerberos), we need to figure out what this user can do (authorization). And "
17115
17165
"that would be the job of programs such as <application>LDAP</application>."
17116
17166
msgstr ""
17117
17167
17118
#: serverguide/C/network-auth.xml:3403(para)
17168
#: serverguide/C/network-auth.xml:3432(para)
17119
17169
msgid ""
17120
17170
"Replicating a Kerberos principal database between two servers can be "
17121
17171
"complicated, and adds an additional user database to your network. "
17125
17175
"<application>OpenLDAP</application> for the principal database."
17126
17176
msgstr ""
17127
17177
17128
#: serverguide/C/network-auth.xml:3411(para)
17178
#: serverguide/C/network-auth.xml:3440(para)
17129
17179
msgid ""
17130
17180
"The examples presented here assume <application>MIT Kerberos</application> "
17131
17181
"and <application>OpenLDAP</application>."
17132
17182
msgstr ""
17133
17183
17134
#: serverguide/C/network-auth.xml:3419(title)
17184
#: serverguide/C/network-auth.xml:3448(title)
17135
17185
msgid "Configuring OpenLDAP"
17136
17186
msgstr ""
17137
17187
17138
#: serverguide/C/network-auth.xml:3421(para)
17188
#: serverguide/C/network-auth.xml:3450(para)
17139
17189
msgid ""
17140
17190
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17141
17191
"<application>OpenLDAP</application> server that has network connectivity to "
17144
17194
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17145
17195
msgstr ""
17146
17196
17147
#: serverguide/C/network-auth.xml:3427(para)
17197
#: serverguide/C/network-auth.xml:3456(para)
17148
17198
msgid ""
17149
17199
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17150
17200
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17151
17201
"linkend=\"openldap-tls\"/> for details."
17152
17202
msgstr ""
17153
17203
17154
#: serverguide/C/network-auth.xml:3433(para)
17204
#: serverguide/C/network-auth.xml:3462(para)
17155
17205
msgid ""
17156
17206
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17157
17207
"edit the ldap database. Many times it is the RootDN. Change its value to "
17158
17208
"reflect your setup."
17159
17209
msgstr ""
17160
17210
17161
#: serverguide/C/network-auth.xml:3442(para)
17211
#: serverguide/C/network-auth.xml:3471(para)
17162
17212
msgid ""
17163
17213
"To load the schema into LDAP, on the LDAP server install the "
17164
17214
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17165
17215
msgstr ""
17166
17216
17167
#: serverguide/C/network-auth.xml:3448(command)
17217
#: serverguide/C/network-auth.xml:3477(command)
17168
17218
msgid "sudo apt-get install krb5-kdc-ldap"
17169
17219
msgstr ""
17170
17220
17171
#: serverguide/C/network-auth.xml:3453(para)
17221
#: serverguide/C/network-auth.xml:3482(para)
17172
17222
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17173
17223
msgstr ""
17174
17224
17175
#: serverguide/C/network-auth.xml:3458(command)
17225
#: serverguide/C/network-auth.xml:3487(command)
17176
17226
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17177
17227
msgstr ""
17178
17228
17179
#: serverguide/C/network-auth.xml:3459(command)
17229
#: serverguide/C/network-auth.xml:3488(command)
17180
17230
msgid ""
17181
17231
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17182
17232
msgstr ""
17183
17233
17184
#: serverguide/C/network-auth.xml:3465(para)
17234
#: serverguide/C/network-auth.xml:3494(para)
17185
17235
msgid ""
17186
17236
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17187
17237
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17189
17239
"linkend=\"openldap-configuration\"/>."
17190
17240
msgstr ""
17191
17241
17192
#: serverguide/C/network-auth.xml:3473(para)
17242
#: serverguide/C/network-auth.xml:3502(para)
17193
17243
msgid ""
17194
17244
"First, create a configuration file named "
17195
17245
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17196
17246
"containing the following lines:"
17197
17247
msgstr ""
17198
17248
17199
#: serverguide/C/network-auth.xml:3478(programlisting)
17249
#: serverguide/C/network-auth.xml:3507(programlisting)
17200
17250
#, no-wrap
17201
17251
msgid ""
17202
17252
"\n"
17215
17265
"include /etc/ldap/schema/kerberos.schema\n"
17216
17266
msgstr ""
17217
17267
17218
#: serverguide/C/network-auth.xml:3498(para)
17268
#: serverguide/C/network-auth.xml:3527(para)
17219
17269
msgid "Create a temporary directory to hold the LDIF files:"
17220
17270
msgstr ""
17221
17271
17222
#: serverguide/C/network-auth.xml:3502(command)
17272
#: serverguide/C/network-auth.xml:3531(command)
17223
17273
msgid "mkdir /tmp/ldif_output"
17224
17274
msgstr ""
17225
17275
17226
#: serverguide/C/network-auth.xml:3508(para)
17276
#: serverguide/C/network-auth.xml:3537(para)
17227
17277
msgid ""
17228
17278
"Now use <application>slapcat</application> to convert the schema files:"
17229
17279
msgstr ""
17230
17280
17231
#: serverguide/C/network-auth.xml:3513(command)
17281
#: serverguide/C/network-auth.xml:3542(command)
17232
17282
msgid ""
17233
17283
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17234
17284
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17235
17285
msgstr ""
17236
17286
17237
#: serverguide/C/network-auth.xml:3517(para)
17287
#: serverguide/C/network-auth.xml:3546(para)
17238
17288
msgid ""
17239
17289
"Change the above file and path names to match your own if they are different."
17240
17290
msgstr ""
17241
17291
17242
#: serverguide/C/network-auth.xml:3524(para)
17292
#: serverguide/C/network-auth.xml:3553(para)
17243
17293
msgid ""
17244
17294
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17245
17295
"changing the following attributes:"
17246
17296
msgstr ""
17247
17297
17248
#: serverguide/C/network-auth.xml:3528(programlisting)
17298
#: serverguide/C/network-auth.xml:3557(programlisting)
17249
17299
#, no-wrap
17250
17300
msgid ""
17251
17301
"\n"
17254
17304
"cn: kerberos\n"
17255
17305
msgstr ""
17256
17306
17257
#: serverguide/C/network-auth.xml:3534(para)
17307
#: serverguide/C/network-auth.xml:3563(para)
17258
17308
msgid "And remove the following lines from the end of the file:"
17259
17309
msgstr ""
17260
17310
17261
#: serverguide/C/network-auth.xml:3538(programlisting)
17311
#: serverguide/C/network-auth.xml:3567(programlisting)
17262
17312
#, no-wrap
17263
17313
msgid ""
17264
17314
"\n"
17271
17321
"modifyTimestamp: 20090111203515Z\n"
17272
17322
msgstr ""
17273
17323
17274
#: serverguide/C/network-auth.xml:3548(para)
17324
#: serverguide/C/network-auth.xml:3577(para)
17275
17325
msgid ""
17276
17326
"The attribute values will vary, just be sure the attributes are removed."
17277
17327
msgstr ""
17278
17328
17279
#: serverguide/C/network-auth.xml:3555(para)
17329
#: serverguide/C/network-auth.xml:3584(para)
17280
17330
msgid "Load the new schema with <application>ldapadd</application>:"
17281
17331
msgstr ""
17282
17332
17283
#: serverguide/C/network-auth.xml:3560(command)
17333
#: serverguide/C/network-auth.xml:3589(command)
17284
17334
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17285
17335
msgstr ""
17286
17336
17287
#: serverguide/C/network-auth.xml:3566(para)
17337
#: serverguide/C/network-auth.xml:3595(para)
17288
17338
msgid ""
17289
17339
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17290
17340
msgstr ""
17291
17341
17292
#: serverguide/C/network-auth.xml:3571(command) serverguide/C/network-auth.xml:3588(command)
17342
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17293
17343
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17294
17344
msgstr ""
17295
17345
17296
#: serverguide/C/network-auth.xml:3573(userinput)
17346
#: serverguide/C/network-auth.xml:3602(userinput)
17297
17347
#, no-wrap
17298
17348
msgid ""
17299
17349
"dn: olcDatabase={1}hdb,cn=config\n"
17301
17351
"olcDbIndex: krbPrincipalName eq,pres,sub"
17302
17352
msgstr ""
17303
17353
17304
#: serverguide/C/network-auth.xml:3572(computeroutput)
17354
#: serverguide/C/network-auth.xml:3601(computeroutput)
17305
17355
#, no-wrap
17306
17356
msgid ""
17307
17357
"Enter LDAP Password:\n"
17310
17360
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17311
17361
msgstr ""
17312
17362
17313
#: serverguide/C/network-auth.xml:3583(para)
17363
#: serverguide/C/network-auth.xml:3612(para)
17314
17364
msgid "Finally, update the Access Control Lists (ACL):"
17315
17365
msgstr ""
17316
17366
17317
#: serverguide/C/network-auth.xml:3590(userinput)
17367
#: serverguide/C/network-auth.xml:3619(userinput)
17318
17368
#, no-wrap
17319
17369
msgid ""
17320
17370
"dn: olcDatabase={1}hdb,cn=config\n"
17330
17380
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17331
17381
msgstr ""
17332
17382
17333
#: serverguide/C/network-auth.xml:3589(computeroutput)
17383
#: serverguide/C/network-auth.xml:3618(computeroutput)
17334
17384
#, no-wrap
17335
17385
msgid ""
17336
17386
"Enter LDAP Password: \n"
17339
17389
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17340
17390
msgstr ""
17341
17391
17342
#: serverguide/C/network-auth.xml:3610(para)
17392
#: serverguide/C/network-auth.xml:3639(para)
17343
17393
msgid ""
17344
17394
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17345
17395
"database."
17346
17396
msgstr ""
17347
17397
17348
#: serverguide/C/network-auth.xml:3616(title)
17398
#: serverguide/C/network-auth.xml:3645(title)
17349
17399
msgid "Primary KDC Configuration"
17350
17400
msgstr ""
17351
17401
17352
#: serverguide/C/network-auth.xml:3618(para)
17402
#: serverguide/C/network-auth.xml:3647(para)
17353
17403
msgid ""
17354
17404
"With <application>OpenLDAP</application> configured it is time to configure "
17355
17405
"the KDC."
17356
17406
msgstr ""
17357
17407
17358
#: serverguide/C/network-auth.xml:3624(para)
17408
#: serverguide/C/network-auth.xml:3653(para)
17359
17409
msgid "First, install the necessary packages, from a terminal enter:"
17360
17410
msgstr ""
17361
17411
17362
#: serverguide/C/network-auth.xml:3629(command) serverguide/C/network-auth.xml:3788(command)
17412
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17363
17413
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17364
17414
msgstr ""
17365
17415
17366
#: serverguide/C/network-auth.xml:3635(para)
17416
#: serverguide/C/network-auth.xml:3664(para)
17367
17417
msgid ""
17368
17418
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17369
17419
"under the appropriate sections:"
17370
17420
msgstr ""
17371
17421
17372
#: serverguide/C/network-auth.xml:3639(programlisting)
17422
#: serverguide/C/network-auth.xml:3668(programlisting)
17373
17423
#, no-wrap
17374
17424
msgid ""
17375
17425
"\n"
17419
17469
" }\n"
17420
17470
msgstr ""
17421
17471
17422
#: serverguide/C/network-auth.xml:3684(para)
17472
#: serverguide/C/network-auth.xml:3713(para)
17423
17473
msgid ""
17424
17474
"Change <emphasis>example.com</emphasis>, "
17425
17475
"<emphasis>dc=example,dc=com</emphasis>, "
17428
17478
"object, and LDAP server for your network."
17429
17479
msgstr ""
17430
17480
17431
#: serverguide/C/network-auth.xml:3693(para)
17481
#: serverguide/C/network-auth.xml:3722(para)
17432
17482
msgid ""
17433
17483
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17434
17484
"the realm:"
17435
17485
msgstr ""
17436
17486
17437
#: serverguide/C/network-auth.xml:3698(command)
17487
#: serverguide/C/network-auth.xml:3727(command)
17438
17488
msgid ""
17439
17489
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17440
17490
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17441
17491
msgstr ""
17442
17492
17443
#: serverguide/C/network-auth.xml:3705(para)
17493
#: serverguide/C/network-auth.xml:3734(para)
17444
17494
msgid ""
17445
17495
"Create a stash of the password used to bind to the LDAP server. This "
17446
17496
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17448
17498
"<filename>/etc/krb5.conf</filename>:"
17449
17499
msgstr ""
17450
17500
17451
#: serverguide/C/network-auth.xml:3711(command) serverguide/C/network-auth.xml:3850(command)
17501
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17452
17502
msgid ""
17453
17503
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17454
17504
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17455
17505
msgstr ""
17456
17506
17457
#: serverguide/C/network-auth.xml:3718(para)
17507
#: serverguide/C/network-auth.xml:3747(para)
17458
17508
msgid "Copy the CA certificate from the LDAP server:"
17459
17509
msgstr ""
17460
17510
17461
#: serverguide/C/network-auth.xml:3723(command)
17511
#: serverguide/C/network-auth.xml:3752(command)
17462
17512
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17463
17513
msgstr ""
17464
17514
17465
#: serverguide/C/network-auth.xml:3724(command)
17515
#: serverguide/C/network-auth.xml:3753(command)
17466
17516
msgid "sudo cp cacert.pem /etc/ssl/certs"
17467
17517
msgstr ""
17468
17518
17469
#: serverguide/C/network-auth.xml:3727(para)
17519
#: serverguide/C/network-auth.xml:3756(para)
17470
17520
msgid ""
17471
17521
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17472
17522
msgstr ""
17473
17523
17474
#: serverguide/C/network-auth.xml:3731(programlisting)
17524
#: serverguide/C/network-auth.xml:3760(programlisting)
17475
17525
#, no-wrap
17476
17526
msgid ""
17477
17527
"\n"
17478
17528
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17479
17529
msgstr ""
17480
17530
17481
#: serverguide/C/network-auth.xml:3736(para)
17531
#: serverguide/C/network-auth.xml:3765(para)
17482
17532
msgid ""
17483
17533
"The certificate will also need to be copied to the Secondary KDC, to allow "
17484
17534
"the connection to the LDAP servers using LDAPS."
17485
17535
msgstr ""
17486
17536
17487
#: serverguide/C/network-auth.xml:3745(para)
17537
#: serverguide/C/network-auth.xml:3774(para)
17488
17538
msgid ""
17489
17539
"You can now add Kerberos principals to the LDAP database, and they will be "
17490
17540
"copied to any other LDAP servers configured for replication. To add a "
17491
17541
"principal using the <application>kadmin.local</application> utility enter:"
17492
17542
msgstr ""
17493
17543
17494
#: serverguide/C/network-auth.xml:3753(userinput)
17544
#: serverguide/C/network-auth.xml:3782(userinput)
17495
17545
#, no-wrap
17496
17546
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17497
17547
msgstr ""
17498
17548
17499
#: serverguide/C/network-auth.xml:3752(computeroutput)
17549
#: serverguide/C/network-auth.xml:3781(computeroutput)
17500
17550
#, no-wrap
17501
17551
msgid ""
17502
17552
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17507
17557
"Principal \"steve@EXAMPLE.COM\" created."
17508
17558
msgstr ""
17509
17559
17510
#: serverguide/C/network-auth.xml:3760(para)
17560
#: serverguide/C/network-auth.xml:3789(para)
17511
17561
msgid ""
17512
17562
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17513
17563
"krbExtraData attributes added to the "
17516
17566
"utilities to test that the user is indeed issued a ticket."
17517
17567
msgstr ""
17518
17568
17519
#: serverguide/C/network-auth.xml:3767(para)
17569
#: serverguide/C/network-auth.xml:3796(para)
17520
17570
msgid ""
17521
17571
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17522
17572
"option is needed to add the Kerberos attributes. Otherwise a new "
17523
17573
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17524
17574
msgstr ""
17525
17575
17526
#: serverguide/C/network-auth.xml:3775(title)
17576
#: serverguide/C/network-auth.xml:3804(title)
17527
17577
msgid "Secondary KDC Configuration"
17528
17578
msgstr ""
17529
17579
17530
#: serverguide/C/network-auth.xml:3777(para)
17580
#: serverguide/C/network-auth.xml:3806(para)
17531
17581
msgid ""
17532
17582
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17533
17583
"one using the normal Kerberos database."
17534
17584
msgstr ""
17535
17585
17536
#: serverguide/C/network-auth.xml:3783(para)
17586
#: serverguide/C/network-auth.xml:3812(para)
17537
17587
msgid "First, install the necessary packages. In a terminal enter:"
17538
17588
msgstr ""
17539
17589
17540
#: serverguide/C/network-auth.xml:3794(para)
17590
#: serverguide/C/network-auth.xml:3823(para)
17541
17591
msgid ""
17542
17592
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17543
17593
msgstr ""
17544
17594
17545
#: serverguide/C/network-auth.xml:3798(programlisting)
17595
#: serverguide/C/network-auth.xml:3827(programlisting)
17546
17596
#, no-wrap
17547
17597
msgid ""
17548
17598
"\n"
17591
17641
" }\n"
17592
17642
msgstr ""
17593
17643
17594
#: serverguide/C/network-auth.xml:3845(para)
17644
#: serverguide/C/network-auth.xml:3874(para)
17595
17645
msgid "Create the stash for the LDAP bind password:"
17596
17646
msgstr ""
17597
17647
17598
#: serverguide/C/network-auth.xml:3857(para)
17648
#: serverguide/C/network-auth.xml:3886(para)
17599
17649
msgid ""
17600
17650
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17601
17651
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17604
17654
"media."
17605
17655
msgstr ""
17606
17656
17607
#: serverguide/C/network-auth.xml:3864(command)
17657
#: serverguide/C/network-auth.xml:3893(command)
17608
17658
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17609
17659
msgstr ""
17610
17660
17611
#: serverguide/C/network-auth.xml:3865(command)
17661
#: serverguide/C/network-auth.xml:3894(command)
17612
17662
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17613
17663
msgstr ""
17614
17664
17615
#: serverguide/C/network-auth.xml:3869(para)
17665
#: serverguide/C/network-auth.xml:3898(para)
17616
17666
msgid ""
17617
17667
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17618
17668
msgstr ""
17619
17669
17620
#: serverguide/C/network-auth.xml:3877(para)
17670
#: serverguide/C/network-auth.xml:3906(para)
17621
17671
msgid ""
17622
17672
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17623
17673
"only,"
17624
17674
msgstr ""
17625
17675
17626
#: serverguide/C/network-auth.xml:3889(para)
17676
#: serverguide/C/network-auth.xml:3918(para)
17627
17677
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17628
17678
msgstr ""
17629
17679
17630
#: serverguide/C/network-auth.xml:3900(para)
17680
#: serverguide/C/network-auth.xml:3929(para)
17631
17681
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17632
17682
msgstr ""
17633
17683
17634
#: serverguide/C/network-auth.xml:3907(para)
17684
#: serverguide/C/network-auth.xml:3936(para)
17635
17685
msgid ""
17636
17686
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17637
17687
"you should be able to continue to authenticate users if one LDAP server, one "
17638
17688
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17639
17689
msgstr ""
17640
17690
17641
#: serverguide/C/network-auth.xml:3919(para)
17691
#: serverguide/C/network-auth.xml:3948(para)
17642
17692
msgid ""
17643
17693
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17644
17694
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17645
17695
"Guide</ulink> has some additional details."
17646
17696
msgstr ""
17647
17697
17648
#: serverguide/C/network-auth.xml:3925(para)
17698
#: serverguide/C/network-auth.xml:3951(para)
17649
17699
msgid ""
17650
17700
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17651
17701
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17655
17705
"l\">kdb5_ldap_util man page</ulink>."
17656
17706
msgstr ""
17657
17707
17658
#: serverguide/C/network-auth.xml:3933(para)
17708
#: serverguide/C/network-auth.xml:3959(para)
17659
17709
msgid ""
17660
17710
"Another useful link is the <ulink "
17661
17711
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17662
17712
"rb5.conf man page</ulink>."
17663
17713
msgstr ""
17664
17714
17665
#: serverguide/C/network-auth.xml:3938(para)
17715
#: serverguide/C/network-auth.xml:3967(para)
17666
17716
msgid ""
17667
17717
"Also, see the <ulink "
17668
17718
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17669
17719
"and LDAP</ulink> Ubuntu wiki page."
17670
17720
msgstr ""
17671
17721
17722
#: serverguide/C/network-auth.xml:3973(title)
17723
msgid "SSSD and Active Directory"
17724
msgstr ""
17725
17726
#: serverguide/C/network-auth.xml:3974(para)
17727
msgid ""
17728
"This section describes the use of sssd to authenticate user logins against "
17729
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17730
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
17731
"However, when authenticating against a Microsoft Windows AD Domain "
17732
"Controller, it was generally necessary to install the POSIX AD extensions on "
17733
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
17734
"requires no modifications to the AD structure."
17735
msgstr ""
17736
17737
#: serverguide/C/network-auth.xml:3978(title)
17738
msgid "Prerequisites, Assumptions, and Requirements"
17739
msgstr ""
17740
17741
#: serverguide/C/network-auth.xml:3981(para)
17742
msgid ""
17743
"This guide does not explain Active Directory, how it works, how to set one "
17744
"up, or how to maintain it. It may not provide “best practices” for your "
17745
"environment."
17746
msgstr ""
17747
17748
#: serverguide/C/network-auth.xml:3983(para)
17749
msgid ""
17750
"This guide assumes that a working Active Directory domain is already "
17751
"configured."
17752
msgstr ""
17753
17754
#: serverguide/C/network-auth.xml:3985(para)
17755
msgid ""
17756
"The domain controller is acting as an authoritative DNS server for the "
17757
"domain."
17758
msgstr ""
17759
17760
#: serverguide/C/network-auth.xml:3987(para)
17761
msgid ""
17762
"The domain controller is the primary DNS resolver as specified in "
17763
"<filename>/etc/resolv.conf</filename>."
17764
msgstr ""
17765
17766
#: serverguide/C/network-auth.xml:3990(para)
17767
msgid ""
17768
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17769
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17770
"(see Resources section for external links)."
17771
msgstr ""
17772
17773
#: serverguide/C/network-auth.xml:3992(para)
17774
msgid ""
17775
"System time is synchronized on the domain controller (necessary for "
17776
"Kerberos)."
17777
msgstr ""
17778
17779
#: serverguide/C/network-auth.xml:3994(para)
17780
msgid ""
17781
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17782
"."
17783
msgstr ""
17784
17785
#: serverguide/C/network-auth.xml:3999(para)
17786
msgid ""
17787
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17788
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17789
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
17790
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
17791
"controllers are needed for this step."
17792
msgstr ""
17793
17794
#: serverguide/C/network-auth.xml:4000(para)
17795
msgid "Install these packages now."
17796
msgstr ""
17797
17798
#: serverguide/C/network-auth.xml:4002(command)
17799
msgid "sudo apt-get install krb5-user samba sssd ntp"
17800
msgstr ""
17801
17802
#: serverguide/C/network-auth.xml:4003(para)
17803
msgid ""
17804
"See the next section for the answers to the questions asked by the "
17805
"<emphasis>krb5-user</emphasis> postinstall script."
17806
msgstr ""
17807
17808
#: serverguide/C/network-auth.xml:4006(title)
17809
msgid "Kerberos Configuration"
17810
msgstr ""
17811
17812
#: serverguide/C/network-auth.xml:4007(para)
17813
msgid ""
17814
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17815
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17816
"server (also the domain controller in this example.) This will write the "
17817
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
17818
"These sections may not be necessary if domain autodiscovery is working. If "
17819
"not, then both are needed."
17820
msgstr ""
17821
17822
#: serverguide/C/network-auth.xml:4008(para)
17823
msgid ""
17824
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17825
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17826
msgstr ""
17827
17828
#: serverguide/C/network-auth.xml:4011(para)
17829
msgid ""
17830
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17831
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17832
"as defaults):"
17833
msgstr ""
17834
17835
#: serverguide/C/network-auth.xml:4012(programlisting)
17836
#, no-wrap
17837
msgid ""
17838
"\n"
17839
"[libdefaults]\n"
17840
"\n"
17841
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
17842
"ticket_lifetime = 24h #\n"
17843
"renew_lifetime = 7d\n"
17844
"\t\t"
17845
msgstr ""
17846
17847
#: serverguide/C/network-auth.xml:4020(para)
17848
msgid ""
17849
"If default_realm is not specified, it may be necessary to log in with "
17850
"“username@domain” instead of “username”."
17851
msgstr ""
17852
17853
#: serverguide/C/network-auth.xml:4022(para)
17854
msgid ""
17855
"The system time on the Active Directory member needs to be consistent with "
17856
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17857
"the domain controller server itself will provide the NTP service. Edit "
17858
"<filename>/etc/ntp.conf</filename>:"
17859
msgstr ""
17860
17861
#: serverguide/C/network-auth.xml:4024(programlisting)
17862
#, no-wrap
17863
msgid ""
17864
"\n"
17865
"server dc.myubuntu.example.com\n"
17866
msgstr ""
17867
17868
#: serverguide/C/network-auth.xml:4031(para)
17869
msgid ""
17870
"Samba will be used to perform netbios/nmbd services related to Active "
17871
"Directory authentication, even if no file shares are exported. Edit the file "
17872
"/etc/samba/smb.conf and add the following to the "
17873
"<emphasis>[global]</emphasis> section:"
17874
msgstr ""
17875
17876
#: serverguide/C/network-auth.xml:4033(programlisting)
17877
#, no-wrap
17878
msgid ""
17879
"\n"
17880
"[global]\n"
17881
"\n"
17882
"workgroup = MYUBUNTU\n"
17883
"client signing = yes\n"
17884
"client use spnego = yes\n"
17885
"kerberos method = secrets and keytab\n"
17886
"realm = MYUBUNTU.EXAMPLE.COM\n"
17887
"security = ads\n"
17888
msgstr ""
17889
17890
#: serverguide/C/network-auth.xml:4044(para)
17891
msgid ""
17892
"Some guides specify that \"password server\" should be specified and pointed "
17893
"to the domain controller. This is only necessary if DNS is not properly set "
17894
"up to find the DC. By default, Samba will display a warning if \"password "
17895
"server\" is specified with \"security = ads\"."
17896
msgstr ""
17897
17898
#: serverguide/C/network-auth.xml:4049(title)
17899
msgid "SSSD Configuration"
17900
msgstr ""
17901
17902
#: serverguide/C/network-auth.xml:4051(para)
17903
msgid ""
17904
"There is no default/example config file for "
17905
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17906
"necessary to create one. This is a minimal working config file:"
17907
msgstr ""
17908
17909
#: serverguide/C/network-auth.xml:4053(programlisting)
17910
#, no-wrap
17911
msgid ""
17912
"\n"
17913
"[sssd]\n"
17914
"services = nss, pam\n"
17915
"config_file_version = 2\n"
17916
"domains = MYUBUNTU.EXAMPLE.COM\n"
17917
"\n"
17918
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
17919
"id_provider = ad\n"
17920
"access_provider = ad\n"
17921
"\n"
17922
"# Use this if users are being logged in at /.\n"
17923
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
17924
"pam_mkhomedir.so\n"
17925
"override_homedir = /home/%d/%u\n"
17926
"\n"
17927
"# Uncomment if the client machine hostname doesn't match the computer object "
17928
"on the DC.\n"
17929
"# ad_hostname = mymachine.myubuntu.example.com\n"
17930
"\n"
17931
"# Uncomment if DNS SRV resolution is not working\n"
17932
"# ad_server = dc.mydomain.example.com\n"
17933
"\n"
17934
"# Uncomment if the AD domain is named differently than the Samba domain\n"
17935
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
17936
"\n"
17937
"# Enumeration is discouraged for performance reasons.\n"
17938
"# enumerate = true\n"
17939
msgstr ""
17940
17941
#: serverguide/C/network-auth.xml:4080(para)
17942
msgid ""
17943
"After saving this file, set the ownership to root and the file permissions "
17944
"to 600:"
17945
msgstr ""
17946
17947
#: serverguide/C/network-auth.xml:4081(command)
17948
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17949
msgstr ""
17950
17951
#: serverguide/C/network-auth.xml:4082(command)
17952
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17953
msgstr ""
17954
17955
#: serverguide/C/network-auth.xml:4084(para)
17956
msgid ""
17957
"If the ownership or permissions are not correct, sssd will refuse to start."
17958
msgstr ""
17959
17960
#: serverguide/C/network-auth.xml:4088(title)
17961
msgid "Verify nsswitch.conf Configuration"
17962
msgstr ""
17963
17964
#: serverguide/C/network-auth.xml:4089(para)
17965
msgid ""
17966
"The post-install script for the sssd package makes some modifications to "
17967
"/etc/nsswitch.conf automatically. It should look something like this:"
17968
msgstr ""
17969
17970
#: serverguide/C/network-auth.xml:4091(programlisting)
17971
#, no-wrap
17972
msgid ""
17973
"\n"
17974
"passwd: compat sss\n"
17975
"group: compat sss\n"
17976
"...\n"
17977
"netgroup: nis sss\n"
17978
"sudoers: files sss\n"
17979
msgstr ""
17980
17981
#: serverguide/C/network-auth.xml:4101(title)
17982
msgid "Modify /etc/hosts"
17983
msgstr ""
17984
17985
#: serverguide/C/network-auth.xml:4102(para)
17986
msgid ""
17987
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17988
"example:"
17989
msgstr ""
17990
17991
#: serverguide/C/network-auth.xml:4103(programlisting)
17992
#, no-wrap
17993
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
17994
msgstr ""
17995
17996
#: serverguide/C/network-auth.xml:4105(para)
17997
msgid "This is useful in conjunction with dynamic DNS updates."
17998
msgstr ""
17999
18000
#: serverguide/C/network-auth.xml:4109(title)
18001
msgid "Join the Active Directory"
18002
msgstr ""
18003
18004
#: serverguide/C/network-auth.xml:4110(para)
18005
msgid "Now, restart ntp and samba and start sssd."
18006
msgstr ""
18007
18008
#: serverguide/C/virtualization.xml:2208(command)
18009
msgid "sudo service ntp restart"
18010
msgstr ""
18011
18012
#: serverguide/C/network-auth.xml:4114(command)
18013
msgid "sudo start sssd"
18014
msgstr ""
18015
18016
#: serverguide/C/network-auth.xml:4116(para)
18017
msgid "Test the configuration by obtaining a Kerberos ticket:"
18018
msgstr ""
18019
18020
#: serverguide/C/network-auth.xml:4118(command)
18021
msgid "sudo kinit Administrator"
18022
msgstr ""
18023
18024
#: serverguide/C/network-auth.xml:4120(para)
18025
msgid "Verify the ticket with:"
18026
msgstr ""
18027
18028
#: serverguide/C/network-auth.xml:4121(command)
18029
msgid "sudo klist"
18030
msgstr ""
18031
18032
#: serverguide/C/network-auth.xml:4123(para)
18033
msgid ""
18034
"If there is a ticket with an expiration date listed, then it is time to join "
18035
"the domain:"
18036
msgstr ""
18037
18038
#: serverguide/C/network-auth.xml:4125(command)
18039
msgid "sudo net ads join -k"
18040
msgstr ""
18041
18042
#: serverguide/C/network-auth.xml:4127(para)
18043
msgid ""
18044
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18045
"probably means that there is no (correct) alias in "
18046
"<filename>/etc/hosts</filename>, and the system could not provide its own "
18047
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
18048
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
18049
"\"Modify /etc/hosts\" above."
18050
msgstr ""
18051
18052
#: serverguide/C/network-auth.xml:4129(para)
18053
msgid ""
18054
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18055
"something is incorrect. Review the prior steps before proceeding)."
18056
msgstr ""
18057
18058
#: serverguide/C/network-auth.xml:4131(para)
18059
msgid ""
18060
"Here are a couple of (optional) checks to verify that the domain join was "
18061
"successful. Note that if the domain was successfully joined but one or both "
18062
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
18063
"Some of the changes appear to be asynchronous."
18064
msgstr ""
18065
18066
#: serverguide/C/network-auth.xml:4133(para)
18067
msgid "Verification option #1:"
18068
msgstr ""
18069
18070
#: serverguide/C/network-auth.xml:4134(para)
18071
msgid ""
18072
"Check the default Organizational Unit for computer accounts in the Active "
18073
"Directory to verify that the computer account was created. (Organizational "
18074
"Units in Active Directory is a topic outside the scope of this guide)."
18075
msgstr ""
18076
18077
#: serverguide/C/network-auth.xml:4136(para)
18078
msgid "Verification option #2"
18079
msgstr ""
18080
18081
#: serverguide/C/network-auth.xml:4137(para)
18082
msgid "Execute this command for a specific AD user (e.g. administrator)"
18083
msgstr ""
18084
18085
#: serverguide/C/network-auth.xml:4138(command)
18086
msgid "getent passwd username"
18087
msgstr ""
18088
18089
#: serverguide/C/network-auth.xml:4140(para)
18090
msgid ""
18091
"If <emphasis>enumerate = true</emphasis> is set in "
18092
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18093
"username argument will list all domain users. This may be useful for "
18094
"testing, but is slow and not recommended for production."
18095
msgstr ""
18096
18097
#: serverguide/C/network-auth.xml:4144(title)
18098
msgid "Test Authentication"
18099
msgstr ""
18100
18101
#: serverguide/C/network-auth.xml:4145(para)
18102
msgid ""
18103
"It should now be possible to authenticate using an Active Directory User's "
18104
"credentials:"
18105
msgstr ""
18106
18107
#: serverguide/C/network-auth.xml:4147(command)
18108
msgid "su - username"
18109
msgstr ""
18110
18111
#: serverguide/C/network-auth.xml:4149(para)
18112
msgid ""
18113
"If this works, then other login methods (getty, ssh) should also work."
18114
msgstr ""
18115
18116
#: serverguide/C/network-auth.xml:4151(para)
18117
msgid ""
18118
"If the computer account was created, indicating that the system was "
18119
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18120
"helpful to review <filename>/etc/pam.d</filename> and "
18121
"<filename>nssswitch.conf</filename> as well as the file changes described "
18122
"earlier in this guide."
18123
msgstr ""
18124
18125
#: serverguide/C/network-auth.xml:4155(title)
18126
msgid "Home directories with pam_mkhomedir (optional)"
18127
msgstr ""
18128
18129
#: serverguide/C/network-auth.xml:4156(para)
18130
msgid ""
18131
"When logging in using an Active Directory user account, it is likely that "
18132
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18133
"will create the user’s home directory on login. Edit "
18134
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
18135
"after <emphasis>session required pam_unix.so:</emphasis>"
18136
msgstr ""
18137
18138
#: serverguide/C/network-auth.xml:4157(programlisting)
18139
#, no-wrap
18140
msgid ""
18141
"\n"
18142
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18143
msgstr ""
18144
18145
#: serverguide/C/network-auth.xml:4161(para)
18146
msgid ""
18147
"This may also need <emphasis>override_homedir</emphasis> in "
18148
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18149
"set."
18150
msgstr ""
18151
18152
#: serverguide/C/network-auth.xml:4165(title)
18153
msgid "Desktop Ubuntu Authentication"
18154
msgstr ""
18155
18156
#: serverguide/C/network-auth.xml:4166(para)
18157
msgid ""
18158
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18159
"Directory accounts. The AD accounts will not show up in the pick list with "
18160
"local users, so lightdm will need to be modified. Edit the file "
18161
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
18162
"append the following two lines:"
18163
msgstr ""
18164
18165
#: serverguide/C/network-auth.xml:4168(programlisting)
18166
#, no-wrap
18167
msgid ""
18168
"\n"
18169
"greeter-show-manual-login=true\n"
18170
"greeter-hide-users=true\n"
18171
msgstr ""
18172
18173
#: serverguide/C/network-auth.xml:4173(para)
18174
msgid ""
18175
"Reboot to restart lightdm. It should now be possible to log in using a "
18176
"domain account using either <emphasis>username</emphasis> or "
18177
"<emphasis>username/username@domain</emphasis> format."
18178
msgstr ""
18179
18180
#: serverguide/C/network-auth.xml:4179(ulink)
18181
msgid "SSSD Project"
18182
msgstr ""
18183
18184
#: serverguide/C/network-auth.xml:4180(ulink)
18185
msgid "DNS Server Configuration guidelines"
18186
msgstr ""
18187
18188
#: serverguide/C/network-auth.xml:4181(ulink)
18189
msgid "Active Directory DNS Zone Entries"
18190
msgstr ""
18191
18192
#: serverguide/C/network-auth.xml:4182(ulink)
18193
msgid "Kerberos config options"
18194
msgstr ""
18195
17672
18196
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
17673
18197
msgid "Device Attributes"
17674
18198
msgstr ""
17677
18201
msgid "Attribute"
17678
18202
msgstr ""
17679
18203
17680
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18204
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
17681
18205
msgid "Description"
17682
18206
msgstr ""
17683
18207
17811
18335
"levels are between 0 and 6. The default value is 2."
17812
18336
msgstr ""
17813
18337
17814
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18338
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
17815
18339
msgid "path_selector"
17816
18340
msgstr ""
17817
18341
17846
18370
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
17847
18371
msgstr ""
17848
18372
17849
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18373
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
17850
18374
msgid "path_grouping_policy"
17851
18375
msgstr ""
17852
18376
17889
18413
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
17890
18414
msgstr ""
17891
18415
17892
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18416
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
17893
18417
msgid "getuid_callout"
17894
18418
msgstr ""
17895
18419
17905
18429
"path identifier. An absolute path is required. <placeholder-1/>"
17906
18430
msgstr ""
17907
18431
17908
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18432
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
17909
18433
msgid "prio"
17910
18434
msgstr ""
17911
18435
17961
18485
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
17962
18486
msgstr ""
17963
18487
17964
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18488
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
17965
18489
msgid "prio_args"
17966
18490
msgstr ""
17967
18491
17973
18497
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
17974
18498
msgstr ""
17975
18499
17976
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18500
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
17977
18501
msgid "features"
17978
18502
msgstr ""
17979
18503
17981
18505
msgid "queue_if_no_path"
17982
18506
msgstr ""
17983
18507
17984
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18508
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
17985
18509
msgid "no_path_retry"
17986
18510
msgstr ""
17987
18511
18001
18525
"feature, see Section, <placeholder-4/>."
18002
18526
msgstr ""
18003
18527
18004
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18528
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
18005
18529
msgid "path_checker"
18006
18530
msgstr ""
18007
18531
18051
18575
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18052
18576
msgstr ""
18053
18577
18054
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18578
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18055
18579
msgid "failback"
18056
18580
msgstr ""
18057
18581
18082
18606
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18083
18607
msgstr ""
18084
18608
18085
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18609
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18086
18610
msgid "rr_min_io"
18087
18611
msgstr ""
18088
18612
18096
18620
"the next path in the current path group.<placeholder-1/>"
18097
18621
msgstr ""
18098
18622
18099
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18623
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18100
18624
msgid "rr_weight"
18101
18625
msgstr ""
18102
18626
18150
18674
msgid "alias"
18151
18675
msgstr ""
18152
18676
18153
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
18677
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
18154
18678
msgid "multipath"
18155
18679
msgstr ""
18156
18680
18187
18711
"devices when it is shut down. <placeholder-2/>"
18188
18712
msgstr ""
18189
18713
18190
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
18714
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
18191
18715
msgid "flush_on_last_del"
18192
18716
msgstr ""
18193
18717
18233
18757
"explicit timeout, in seconds. <placeholder-1/>"
18234
18758
msgstr ""
18235
18759
18236
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
18760
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
18237
18761
msgid "fast_io_fail_tmo"
18238
18762
msgstr ""
18239
18763
18249
18773
"this to off will disable the timeout. <placeholder-1/>"
18250
18774
msgstr ""
18251
18775
18252
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
18776
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
18253
18777
msgid "dev_loss_tmo"
18254
18778
msgstr ""
18255
18779
18931
19455
"IMAP server."
18932
19456
msgstr ""
18933
19457
18934
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1581(title)
19458
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
18935
19459
msgid "Postfix"
18936
19460
msgstr ""
18937
19461
19054
19578
"your Mail Delivery Agent (MDA) to use the same path."
19055
19579
msgstr ""
19056
19580
19057
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19581
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19058
19582
msgid "SMTP Authentication"
19059
19583
msgstr ""
19060
19584
19205
19729
"tls_random_source = dev:/dev/urandom\n"
19206
19730
msgstr ""
19207
19731
19208
#: serverguide/C/mail.xml:229(para)
19732
#: serverguide/C/mail.xml:188(para)
19209
19733
msgid ""
19210
19734
"The postfix initial configuration is complete. Run the following command to "
19211
19735
"restart the postfix daemon:"
19212
19736
msgstr ""
19213
19737
19214
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1632(command)
19738
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1628(command)
19215
19739
msgid "sudo service postfix restart"
19216
19740
msgstr ""
19217
19741
19218
#: serverguide/C/mail.xml:238(para)
19742
#: serverguide/C/mail.xml:197(para)
19219
19743
msgid ""
19220
19744
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
19221
19745
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
19224
19748
"AUTH."
19225
19749
msgstr ""
19226
19750
19227
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
19751
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
19228
19752
msgid "Configuring SASL"
19229
19753
msgstr ""
19230
19754
19231
#: serverguide/C/mail.xml:249(para)
19755
#: serverguide/C/mail.xml:208(para)
19232
19756
msgid ""
19233
19757
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
19234
19758
"enable Dovecot SASL the <application>dovecot-common</application> package "
19235
19759
"will need to be installed. From a terminal prompt enter the following:"
19236
19760
msgstr ""
19237
19761
19238
#: serverguide/C/mail.xml:255(command)
19762
#: serverguide/C/mail.xml:214(command)
19239
19763
msgid "sudo apt-get install dovecot-common"
19240
19764
msgstr ""
19241
19765
19297
19821
"auth_mechanisms = plain login\n"
19298
19822
msgstr ""
19299
19823
19300
#: serverguide/C/mail.xml:298(para)
19824
#: serverguide/C/mail.xml:253(para)
19301
19825
msgid ""
19302
19826
"Once you have <application>Dovecot</application> configured restart it with:"
19303
19827
msgstr ""
19306
19830
msgid "sudo service dovecot restart"
19307
19831
msgstr ""
19308
19832
19309
#: serverguide/C/mail.xml:307(title)
19833
#: serverguide/C/mail.xml:262(title)
19310
19834
msgid "Mail-Stack Delivery"
19311
19835
msgstr ""
19312
19836
19313
#: serverguide/C/mail.xml:309(para)
19837
#: serverguide/C/mail.xml:264(para)
19314
19838
msgid ""
19315
19839
"Another option for configuring <application>Postfix</application> for SMTP-"
19316
19840
"AUTH is using the <application>mail-stack-delivery</application> package "
19321
19845
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
19322
19846
msgstr ""
19323
19847
19324
#: serverguide/C/mail.xml:319(para)
19848
#: serverguide/C/mail.xml:274(para)
19325
19849
msgid ""
19326
19850
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
19327
19851
"server. For example, if you are configuring your server to be a mail "
19329
19853
"the above commands to configure Postfix for SMTP-AUTH."
19330
19854
msgstr ""
19331
19855
19332
#: serverguide/C/mail.xml:326(para)
19856
#: serverguide/C/mail.xml:281(para)
19333
19857
msgid "To install the package, from a terminal prompt enter:"
19334
19858
msgstr ""
19335
19859
19336
#: serverguide/C/mail.xml:331(command)
19860
#: serverguide/C/mail.xml:286(command)
19337
19861
msgid "sudo apt-get install mail-stack-delivery"
19338
19862
msgstr ""
19339
19863
19340
#: serverguide/C/mail.xml:334(para)
19864
#: serverguide/C/mail.xml:289(para)
19341
19865
msgid ""
19342
19866
"You should now have a working mail server, but there are a few options that "
19343
19867
"you may wish to further customize. For example, the package uses the "
19347
19871
"for more details."
19348
19872
msgstr ""
19349
19873
19350
#: serverguide/C/mail.xml:340(para)
19874
#: serverguide/C/mail.xml:295(para)
19351
19875
msgid ""
19352
19876
"Once you have a customized certificate and key for the host, change the "
19353
19877
"following options in <filename>/etc/postfix/main.cf</filename>:"
19354
19878
msgstr ""
19355
19879
19356
#: serverguide/C/mail.xml:344(programlisting)
19880
#: serverguide/C/mail.xml:299(programlisting)
19357
19881
#, no-wrap
19358
19882
msgid ""
19359
19883
"\n"
19361
19885
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
19362
19886
msgstr ""
19363
19887
19364
#: serverguide/C/mail.xml:349(para)
19888
#: serverguide/C/mail.xml:304(para)
19365
19889
msgid "Then restart Postfix:"
19366
19890
msgstr ""
19367
19891
19368
#: serverguide/C/mail.xml:360(para)
19892
#: serverguide/C/mail.xml:315(para)
19369
19893
msgid ""
19370
19894
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
19371
19895
msgstr ""
19372
19896
19373
#: serverguide/C/mail.xml:363(para)
19897
#: serverguide/C/mail.xml:318(para)
19374
19898
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
19375
19899
msgstr ""
19376
19900
19377
#: serverguide/C/mail.xml:368(command)
19901
#: serverguide/C/mail.xml:323(command)
19378
19902
msgid "telnet mail.example.com 25"
19379
19903
msgstr ""
19380
19904
19381
#: serverguide/C/mail.xml:370(para)
19905
#: serverguide/C/mail.xml:325(para)
19382
19906
msgid ""
19383
19907
"After you have established the connection to the postfix mail server, type:"
19384
19908
msgstr ""
19385
19909
19386
#: serverguide/C/mail.xml:374(screen)
19910
#: serverguide/C/mail.xml:329(screen)
19387
19911
#, no-wrap
19388
19912
msgid ""
19389
19913
"\n"
19390
19914
"ehlo mail.example.com\n"
19391
19915
msgstr ""
19392
19916
19393
#: serverguide/C/mail.xml:377(para)
19917
#: serverguide/C/mail.xml:332(para)
19394
19918
msgid ""
19395
19919
"If you see the following lines among others, then everything is working "
19396
19920
"perfectly. Type <command>quit</command> to exit."
19397
19921
msgstr ""
19398
19922
19399
#: serverguide/C/mail.xml:381(programlisting)
19923
#: serverguide/C/mail.xml:336(programlisting)
19400
19924
#, no-wrap
19401
19925
msgid ""
19402
19926
"\n"
19406
19930
"250 8BITMIME\n"
19407
19931
msgstr ""
19408
19932
19409
#: serverguide/C/mail.xml:391(para)
19933
#: serverguide/C/mail.xml:346(para)
19410
19934
msgid ""
19411
19935
"This section introduces some common ways to determine the cause if problems "
19412
19936
"arise."
19413
19937
msgstr ""
19414
19938
19415
#: serverguide/C/mail.xml:395(title)
19939
#: serverguide/C/mail.xml:350(title)
19416
19940
msgid "Escaping chroot"
19417
19941
msgstr ""
19418
19942
19419
#: serverguide/C/mail.xml:396(para)
19943
#: serverguide/C/mail.xml:351(para)
19420
19944
msgid ""
19421
19945
"The Ubuntu <application>postfix</application> package will by default "
19422
19946
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
19423
19947
"This can add greater complexity when troubleshooting problems."
19424
19948
msgstr ""
19425
19949
19426
#: serverguide/C/mail.xml:400(para)
19950
#: serverguide/C/mail.xml:355(para)
19427
19951
msgid ""
19428
19952
"To turn off the chroot operation locate for the following line in the "
19429
19953
"<filename>/etc/postfix/master.cf</filename> configuration file:"
19430
19954
msgstr ""
19431
19955
19432
#: serverguide/C/mail.xml:404(screen)
19956
#: serverguide/C/mail.xml:359(screen)
19433
19957
#, no-wrap
19434
19958
msgid ""
19435
19959
"\n"
19436
19960
"smtp inet n - - - - smtpd\n"
19437
19961
msgstr ""
19438
19962
19439
#: serverguide/C/mail.xml:407(para)
19963
#: serverguide/C/mail.xml:362(para)
19440
19964
msgid "and modify it as follows:"
19441
19965
msgstr ""
19442
19966
19443
#: serverguide/C/mail.xml:410(screen)
19967
#: serverguide/C/mail.xml:365(screen)
19444
19968
#, no-wrap
19445
19969
msgid ""
19446
19970
"\n"
19447
19971
"smtp inet n - n - - smtpd\n"
19448
19972
msgstr ""
19449
19973
19450
#: serverguide/C/mail.xml:413(para)
19974
#: serverguide/C/mail.xml:368(para)
19451
19975
msgid ""
19452
19976
"You will then need to restart Postfix to use the new configuration. From a "
19453
19977
"terminal prompt enter:"
19475
19999
"\t "
19476
20000
msgstr ""
19477
20001
19478
#: serverguide/C/mail.xml:434(title)
20002
#: serverguide/C/mail.xml:376(title)
19479
20003
msgid "Log Files"
19480
20004
msgstr ""
19481
20005
19482
#: serverguide/C/mail.xml:435(para)
20006
#: serverguide/C/mail.xml:377(para)
19483
20007
msgid ""
19484
20008
"<application>Postfix</application> sends all log messages to "
19485
20009
"<filename>/var/log/mail.log</filename>. However error and warning messages "
19488
20012
"<filename>/var/log/mail.warn</filename> respectively."
19489
20013
msgstr ""
19490
20014
19491
#: serverguide/C/mail.xml:440(para)
20015
#: serverguide/C/mail.xml:382(para)
19492
20016
msgid ""
19493
20017
"To see messages entered into the logs in real time you can use the "
19494
20018
"<application>tail -f</application> command:"
19495
20019
msgstr ""
19496
20020
19497
#: serverguide/C/mail.xml:445(command)
20021
#: serverguide/C/mail.xml:387(command)
19498
20022
msgid "tail -f /var/log/mail.err"
19499
20023
msgstr ""
19500
20024
19501
#: serverguide/C/mail.xml:447(para)
20025
#: serverguide/C/mail.xml:389(para)
19502
20026
msgid ""
19503
20027
"The amount of detail that is recorded in the logs can be increased. Below "
19504
20028
"are some configuration options for increasing the log level for some of the "
19505
20029
"areas covered above."
19506
20030
msgstr ""
19507
20031
19508
#: serverguide/C/mail.xml:453(para)
20032
#: serverguide/C/mail.xml:395(para)
19509
20033
msgid ""
19510
20034
"To increase <emphasis>TLS</emphasis> activity logging set the "
19511
20035
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
19512
20036
msgstr ""
19513
20037
19514
#: serverguide/C/mail.xml:457(command)
20038
#: serverguide/C/mail.xml:399(command)
19515
20039
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
19516
20040
msgstr ""
19517
20041
19518
#: serverguide/C/mail.xml:461(para)
20042
#: serverguide/C/mail.xml:403(para)
19519
20043
msgid ""
19520
20044
"If you are having trouble sending or receiving mail from a specific domain "
19521
20045
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
19522
20046
msgstr ""
19523
20047
19524
#: serverguide/C/mail.xml:466(command)
20048
#: serverguide/C/mail.xml:408(command)
19525
20049
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
19526
20050
msgstr ""
19527
20051
19528
#: serverguide/C/mail.xml:470(para)
20052
#: serverguide/C/mail.xml:412(para)
19529
20053
msgid ""
19530
20054
"You can increase the verbosity of any <application>Postfix</application> "
19531
20055
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
19533
20057
"<emphasis>smtp</emphasis> entry:"
19534
20058
msgstr ""
19535
20059
19536
#: serverguide/C/mail.xml:474(programlisting)
20060
#: serverguide/C/mail.xml:416(programlisting)
19537
20061
#, no-wrap
19538
20062
msgid ""
19539
20063
"\n"
19555
20079
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
19556
20080
msgstr ""
19557
20081
19558
#: serverguide/C/mail.xml:491(programlisting)
20082
#: serverguide/C/mail.xml:433(programlisting)
19559
20083
#, no-wrap
19560
20084
msgid ""
19561
20085
"\n"
19570
20094
"reloaded: <command>sudo service dovecot reload</command>."
19571
20095
msgstr ""
19572
20096
19573
#: serverguide/C/mail.xml:504(para)
20097
#: serverguide/C/mail.xml:446(para)
19574
20098
msgid ""
19575
20099
"Some of the options above can drastically increase the amount of information "
19576
20100
"sent to the log files. Remember to return the log level back to normal after "
19578
20102
"new configuration to take affect."
19579
20103
msgstr ""
19580
20104
19581
#: serverguide/C/mail.xml:512(para)
20105
#: serverguide/C/mail.xml:454(para)
19582
20106
msgid ""
19583
20107
"Administering a <application>Postfix</application> server can be a very "
19584
20108
"complicated task. At some point you may need to turn to the Ubuntu community "
19585
20109
"for more experienced help."
19586
20110
msgstr ""
19587
20111
19588
#: serverguide/C/mail.xml:516(para)
20112
#: serverguide/C/mail.xml:458(para)
19589
20113
msgid ""
19590
20114
"A great place to ask for <application>Postfix</application> assistance, and "
19591
20115
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
19595
20119
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
19596
20120
msgstr ""
19597
20121
19598
#: serverguide/C/mail.xml:521(para)
20122
#: serverguide/C/mail.xml:463(para)
19599
20123
msgid ""
19600
20124
"For in depth <application>Postfix</application> information Ubuntu "
19601
20125
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
19602
20126
"Book of Postfix</ulink>."
19603
20127
msgstr ""
19604
20128
19605
#: serverguide/C/mail.xml:525(para)
20129
#: serverguide/C/mail.xml:467(para)
19606
20130
msgid ""
19607
20131
"Finally, the <ulink "
19608
20132
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
19616
20140
"Wiki Postfix</ulink> page has more information."
19617
20141
msgstr ""
19618
20142
19619
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20143
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
19620
20144
msgid "Exim4"
19621
20145
msgstr ""
19622
20146
19623
#: serverguide/C/mail.xml:538(para)
20147
#: serverguide/C/mail.xml:480(para)
19624
20148
msgid ""
19625
20149
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
19626
20150
"developed at the University of Cambridge for use on Unix systems connected "
19630
20154
"<application>sendmail</application>."
19631
20155
msgstr ""
19632
20156
19633
#: serverguide/C/mail.xml:549(para)
20157
#: serverguide/C/mail.xml:491(para)
19634
20158
msgid ""
19635
20159
"To install <application>exim4</application>, run the following command: "
19636
20160
"<screen>\n"
19638
20162
"</screen>"
19639
20163
msgstr ""
19640
20164
19641
#: serverguide/C/mail.xml:558(para)
20165
#: serverguide/C/mail.xml:500(para)
19642
20166
msgid ""
19643
20167
"To configure <application>Exim4</application>, run the following command:"
19644
20168
msgstr ""
19645
20169
19646
#: serverguide/C/mail.xml:562(command)
20170
#: serverguide/C/mail.xml:504(command)
19647
20171
msgid "sudo dpkg-reconfigure exim4-config"
19648
20172
msgstr ""
19649
20173
19650
#: serverguide/C/mail.xml:564(para)
20174
#: serverguide/C/mail.xml:506(para)
19651
20175
msgid ""
19652
20176
"The user interface will be displayed. The user interface lets you configure "
19653
20177
"many parameters. For example, In <application>Exim4</application> the "
19655
20179
"in one file you can configure accordingly in this user interface."
19656
20180
msgstr ""
19657
20181
19658
#: serverguide/C/mail.xml:572(para)
20182
#: serverguide/C/mail.xml:514(para)
19659
20183
msgid ""
19660
20184
"All the parameters you configure in the user interface are stored in "
19661
20185
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
19664
20188
"following command to generate the master configuration file:"
19665
20189
msgstr ""
19666
20190
19667
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20191
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
19668
20192
msgid "sudo update-exim4.conf"
19669
20193
msgstr ""
19670
20194
19671
#: serverguide/C/mail.xml:585(para)
20195
#: serverguide/C/mail.xml:527(para)
19672
20196
msgid ""
19673
20197
"The master configuration file, is generated and it is stored in "
19674
20198
"<filename>/var/lib/exim4/config.autogenerated</filename>."
19675
20199
msgstr ""
19676
20200
19677
#: serverguide/C/mail.xml:591(para)
20201
#: serverguide/C/mail.xml:533(para)
19678
20202
msgid ""
19679
20203
"At any time, you should not edit the master configuration file, "
19680
20204
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
19681
20205
"updated automatically every time you run <command>update-exim4.conf</command>"
19682
20206
msgstr ""
19683
20207
19684
#: serverguide/C/mail.xml:599(para)
20208
#: serverguide/C/mail.xml:541(para)
19685
20209
msgid ""
19686
20210
"You can run the following command to start <application>Exim4</application> "
19687
20211
"daemon."
19691
20215
msgid "sudo service exim4 start"
19692
20216
msgstr ""
19693
20217
19694
#: serverguide/C/mail.xml:609(para)
20218
#: serverguide/C/mail.xml:551(para)
19695
20219
msgid ""
19696
20220
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
19697
20221
msgstr ""
19698
20222
19699
#: serverguide/C/mail.xml:612(para)
20223
#: serverguide/C/mail.xml:554(para)
19700
20224
msgid ""
19701
20225
"The first step is to create a certificate for use with TLS. Enter the "
19702
20226
"following into a terminal prompt:"
19703
20227
msgstr ""
19704
20228
19705
#: serverguide/C/mail.xml:616(command)
20229
#: serverguide/C/mail.xml:558(command)
19706
20230
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19707
20231
msgstr ""
19708
20232
19709
#: serverguide/C/mail.xml:618(para)
20233
#: serverguide/C/mail.xml:560(para)
19710
20234
msgid ""
19711
20235
"Now Exim4 needs to be configured for TLS by editing "
19712
20236
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
19713
20237
"the following:"
19714
20238
msgstr ""
19715
20239
19716
#: serverguide/C/mail.xml:622(programlisting)
20240
#: serverguide/C/mail.xml:564(programlisting)
19717
20241
#, no-wrap
19718
20242
msgid ""
19719
20243
"\n"
19720
20244
"MAIN_TLS_ENABLE = yes\n"
19721
20245
msgstr ""
19722
20246
19723
#: serverguide/C/mail.xml:625(para)
20247
#: serverguide/C/mail.xml:567(para)
19724
20248
msgid ""
19725
20249
"Next you need to configure <application>Exim4</application> to use the "
19726
20250
"<application>saslauthd</application> for authentication. Edit "
19729
20253
"<emphasis>login_saslauthd_server</emphasis> sections:"
19730
20254
msgstr ""
19731
20255
19732
#: serverguide/C/mail.xml:630(programlisting)
20256
#: serverguide/C/mail.xml:572(programlisting)
19733
20257
#, no-wrap
19734
20258
msgid ""
19735
20259
"\n"
19755
20279
" .endif\n"
19756
20280
msgstr ""
19757
20281
19758
#: serverguide/C/mail.xml:652(para)
20282
#: serverguide/C/mail.xml:594(para)
19759
20283
msgid ""
19760
20284
"Additionally, in order for outside mail client to be able to connect to new "
19761
20285
"exim server, new user needs to be added into exim by using the following "
19766
20290
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
19767
20291
msgstr ""
19768
20292
19769
#: serverguide/C/mail.xml:658(para)
20293
#: serverguide/C/mail.xml:600(para)
19770
20294
msgid ""
19771
20295
"Users should protect the new exim password files with the following commands."
19772
20296
msgstr ""
19773
20297
19774
#: serverguide/C/mail.xml:660(command)
20298
#: serverguide/C/mail.xml:602(command)
19775
20299
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
19776
20300
msgstr ""
19777
20301
19778
#: serverguide/C/mail.xml:661(command)
20302
#: serverguide/C/mail.xml:603(command)
19779
20303
msgid "sudo chmod 640 /etc/exim4/passwd"
19780
20304
msgstr ""
19781
20305
19782
#: serverguide/C/mail.xml:663(para)
20306
#: serverguide/C/mail.xml:605(para)
19783
20307
msgid "Finally, update the Exim4 configuration and restart the service:"
19784
20308
msgstr ""
19785
20309
19787
20311
msgid "sudo service exim4 restart"
19788
20312
msgstr ""
19789
20313
19790
#: serverguide/C/mail.xml:673(para)
20314
#: serverguide/C/mail.xml:615(para)
19791
20315
msgid ""
19792
20316
"This section provides details on configuring the saslauthd to provide "
19793
20317
"authentication for <application>Exim4</application>."
19794
20318
msgstr ""
19795
20319
19796
#: serverguide/C/mail.xml:676(para)
20320
#: serverguide/C/mail.xml:618(para)
19797
20321
msgid ""
19798
20322
"The first step is to install the sasl2-bin package. From a terminal prompt "
19799
20323
"enter the following:"
19800
20324
msgstr ""
19801
20325
19802
#: serverguide/C/mail.xml:680(command)
20326
#: serverguide/C/mail.xml:622(command)
19803
20327
msgid "sudo apt-get install sasl2-bin"
19804
20328
msgstr ""
19805
20329
19806
#: serverguide/C/mail.xml:682(para)
20330
#: serverguide/C/mail.xml:624(para)
19807
20331
msgid ""
19808
20332
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
19809
20333
"and set START=no to:"
19810
20334
msgstr ""
19811
20335
19812
#: serverguide/C/mail.xml:688(para)
20336
#: serverguide/C/mail.xml:630(para)
19813
20337
msgid ""
19814
20338
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
19815
20339
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
19816
20340
"service:"
19817
20341
msgstr ""
19818
20342
19819
#: serverguide/C/mail.xml:693(command)
20343
#: serverguide/C/mail.xml:635(command)
19820
20344
msgid "sudo adduser Debian-exim sasl"
19821
20345
msgstr ""
19822
20346
19823
#: serverguide/C/mail.xml:695(para)
20347
#: serverguide/C/mail.xml:637(para)
19824
20348
msgid "Now start the <application>saslauthd</application> service:"
19825
20349
msgstr ""
19826
20350
19828
20352
msgid "sudo service saslauthd start"
19829
20353
msgstr ""
19830
20354
19831
#: serverguide/C/mail.xml:701(para)
20355
#: serverguide/C/mail.xml:643(para)
19832
20356
msgid ""
19833
20357
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
19834
20358
"and SASL authentication."
19835
20359
msgstr ""
19836
20360
19837
#: serverguide/C/mail.xml:710(para)
20361
#: serverguide/C/mail.xml:652(para)
19838
20362
msgid ""
19839
20363
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
19840
20364
"information."
19841
20365
msgstr ""
19842
20366
19843
#: serverguide/C/mail.xml:715(para)
20367
#: serverguide/C/mail.xml:657(para)
19844
20368
msgid ""
19845
20369
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
19846
20370
"server\">Exim4 Book</ulink> available."
19847
20371
msgstr ""
19848
20372
19849
#: serverguide/C/mail.xml:720(para)
20373
#: serverguide/C/mail.xml:662(para)
19850
20374
msgid ""
19851
20375
"Another resource is the <ulink "
19852
20376
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
19853
20377
"page."
19854
20378
msgstr ""
19855
20379
19856
#: serverguide/C/mail.xml:729(title)
20380
#: serverguide/C/mail.xml:671(title)
19857
20381
msgid "Dovecot Server"
19858
20382
msgstr ""
19859
20383
19860
#: serverguide/C/mail.xml:730(para)
20384
#: serverguide/C/mail.xml:672(para)
19861
20385
msgid ""
19862
20386
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
19863
20387
"security primarily in mind. It supports the major mailbox formats: mbox or "
19864
20388
"Maildir. This section explain how to set it up as an imap or pop3 server."
19865
20389
msgstr ""
19866
20390
19867
#: serverguide/C/mail.xml:738(para)
20391
#: serverguide/C/mail.xml:680(para)
19868
20392
msgid ""
19869
20393
"To install <application>dovecot</application>, run the following command in "
19870
20394
"the command prompt:"
19871
20395
msgstr ""
19872
20396
19873
#: serverguide/C/mail.xml:743(command)
20397
#: serverguide/C/mail.xml:685(command)
19874
20398
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
19875
20399
msgstr ""
19876
20400
19877
#: serverguide/C/mail.xml:748(para)
20401
#: serverguide/C/mail.xml:690(para)
19878
20402
msgid ""
19879
20403
"To configure <application>dovecot</application>, you can edit the file "
19880
20404
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
19886
20410
"link>."
19887
20411
msgstr ""
19888
20412
19889
#: serverguide/C/mail.xml:758(para)
20413
#: serverguide/C/mail.xml:700(para)
19890
20414
msgid ""
19891
20415
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
19892
20416
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
19893
20417
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
19894
20418
msgstr ""
19895
20419
19896
#: serverguide/C/mail.xml:764(programlisting)
20420
#: serverguide/C/mail.xml:706(programlisting)
19897
20421
#, no-wrap
19898
20422
msgid ""
19899
20423
"\n"
19918
20442
"following line:"
19919
20443
msgstr ""
19920
20444
19921
#: serverguide/C/mail.xml:780(programlisting)
20445
#: serverguide/C/mail.xml:722(programlisting)
19922
20446
#, no-wrap
19923
20447
msgid ""
19924
20448
"\n"
19927
20451
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
19928
20452
msgstr ""
19929
20453
19930
#: serverguide/C/mail.xml:786(para)
20454
#: serverguide/C/mail.xml:728(para)
19931
20455
msgid ""
19932
20456
"You should configure your Mail Transport Agent (MTA) to transfer the "
19933
20457
"incoming mail to this type of mailbox if it is different from the one you "
19934
20458
"have configured."
19935
20459
msgstr ""
19936
20460
19937
#: serverguide/C/mail.xml:792(para)
20461
#: serverguide/C/mail.xml:734(para)
19938
20462
msgid ""
19939
20463
"Once you have configured dovecot, restart the "
19940
20464
"<application>dovecot</application> daemon in order to test your setup:"
19941
20465
msgstr ""
19942
20466
19943
#: serverguide/C/mail.xml:801(para)
20467
#: serverguide/C/mail.xml:743(para)
19944
20468
msgid ""
19945
20469
"If you have enabled imap, or pop3, you can also try to log in with the "
19946
20470
"commands <command>telnet localhost pop3</command> or <command>telnet "
19948
20472
"installation has been successful:"
19949
20473
msgstr ""
19950
20474
19951
#: serverguide/C/mail.xml:808(programlisting)
20475
#: serverguide/C/mail.xml:750(programlisting)
19952
20476
#, no-wrap
19953
20477
msgid ""
19954
20478
"\n"
19959
20483
"+OK Dovecot ready.\n"
19960
20484
msgstr ""
19961
20485
19962
#: serverguide/C/mail.xml:817(title)
20486
#: serverguide/C/mail.xml:759(title)
19963
20487
msgid "Dovecot SSL Configuration"
19964
20488
msgstr ""
19965
20489
19982
20506
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
19983
20507
msgstr ""
19984
20508
19985
#: serverguide/C/mail.xml:845(title)
20509
#: serverguide/C/mail.xml:786(title)
19986
20510
msgid "Firewall Configuration for an Email Server"
19987
20511
msgstr ""
19988
20512
19989
#: serverguide/C/mail.xml:851(para)
20513
#: serverguide/C/mail.xml:792(para)
19990
20514
msgid "IMAP - 143"
19991
20515
msgstr ""
19992
20516
19993
#: serverguide/C/mail.xml:852(para)
20517
#: serverguide/C/mail.xml:793(para)
19994
20518
msgid "IMAPS - 993"
19995
20519
msgstr ""
19996
20520
19997
#: serverguide/C/mail.xml:853(para)
20521
#: serverguide/C/mail.xml:794(para)
19998
20522
msgid "POP3 - 110"
19999
20523
msgstr ""
20000
20524
20001
#: serverguide/C/mail.xml:854(para)
20525
#: serverguide/C/mail.xml:795(para)
20002
20526
msgid "POP3S - 995"
20003
20527
msgstr ""
20004
20528
20005
#: serverguide/C/mail.xml:846(para)
20529
#: serverguide/C/mail.xml:787(para)
20006
20530
msgid ""
20007
20531
"To access your mail server from another computer, you must configure your "
20008
20532
"firewall to allow connections to the server on the necessary ports. "
20009
20533
"<placeholder-1/>"
20010
20534
msgstr ""
20011
20535
20012
#: serverguide/C/mail.xml:863(para)
20536
#: serverguide/C/mail.xml:804(para)
20013
20537
msgid ""
20014
20538
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20015
20539
"more information."
20016
20540
msgstr ""
20017
20541
20018
#: serverguide/C/mail.xml:868(para)
20542
#: serverguide/C/mail.xml:809(para)
20019
20543
msgid ""
20020
20544
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20021
20545
"Ubuntu Wiki</ulink> page has more details."
20022
20546
msgstr ""
20023
20547
20024
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20548
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20025
20549
msgid "Mailman"
20026
20550
msgstr ""
20027
20551
20028
#: serverguide/C/mail.xml:878(para)
20552
#: serverguide/C/mail.xml:819(para)
20029
20553
msgid ""
20030
20554
"Mailman is an open source program for managing electronic mail discussions "
20031
20555
"and e-newsletter lists. Many open source mailing lists (including all the "
20034
20558
"and maintain."
20035
20559
msgstr ""
20036
20560
20037
#: serverguide/C/mail.xml:888(para)
20561
#: serverguide/C/mail.xml:829(para)
20038
20562
msgid ""
20039
20563
"Mailman provides a web interface for the administrators and users, using an "
20040
20564
"external mail server to send and receive emails. It works perfectly with the "
20041
20565
"following mail servers:"
20042
20566
msgstr ""
20043
20567
20044
#: serverguide/C/mail.xml:899(application)
20568
#: serverguide/C/mail.xml:840(application)
20045
20569
msgid "Exim"
20046
20570
msgstr ""
20047
20571
20048
#: serverguide/C/mail.xml:902(application)
20572
#: serverguide/C/mail.xml:843(application)
20049
20573
msgid "Sendmail"
20050
20574
msgstr ""
20051
20575
20052
#: serverguide/C/mail.xml:905(application)
20576
#: serverguide/C/mail.xml:846(application)
20053
20577
msgid "Qmail"
20054
20578
msgstr ""
20055
20579
20056
#: serverguide/C/mail.xml:910(para)
20580
#: serverguide/C/mail.xml:851(para)
20057
20581
msgid ""
20058
20582
"We will see how to install and configure Mailman with, the Apache web "
20059
20583
"server, and either the Postfix or Exim mail server. If you wish to install "
20060
20584
"Mailman with a different mail server, please refer to the references section."
20061
20585
msgstr ""
20062
20586
20063
#: serverguide/C/mail.xml:917(para)
20587
#: serverguide/C/mail.xml:858(para)
20064
20588
msgid ""
20065
20589
"You only need to install one mail server and "
20066
20590
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20067
20591
msgstr ""
20068
20592
20069
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20593
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20070
20594
msgid "Apache2"
20071
20595
msgstr ""
20072
20596
20073
#: serverguide/C/mail.xml:923(para)
20597
#: serverguide/C/mail.xml:864(para)
20074
20598
msgid ""
20075
20599
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20076
20600
"details."
20077
20601
msgstr ""
20078
20602
20079
#: serverguide/C/mail.xml:929(para)
20603
#: serverguide/C/mail.xml:870(para)
20080
20604
msgid ""
20081
20605
"For instructions on installing and configuring Postfix refer to <xref "
20082
20606
"linkend=\"postfix\"/>"
20083
20607
msgstr ""
20084
20608
20085
#: serverguide/C/mail.xml:935(para)
20609
#: serverguide/C/mail.xml:876(para)
20086
20610
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20087
20611
msgstr ""
20088
20612
20089
#: serverguide/C/mail.xml:938(para)
20613
#: serverguide/C/mail.xml:879(para)
20090
20614
msgid ""
20091
20615
"Once exim4 is installed, the configuration files are stored in the "
20092
20616
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20095
20619
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20096
20620
msgstr ""
20097
20621
20098
#: serverguide/C/mail.xml:945(programlisting)
20622
#: serverguide/C/mail.xml:886(programlisting)
20099
20623
#, no-wrap
20100
20624
msgid ""
20101
20625
"\n"
20102
20626
"dc_use_split_config='true'\n"
20103
20627
msgstr ""
20104
20628
20105
#: serverguide/C/mail.xml:953(para)
20629
#: serverguide/C/mail.xml:894(para)
20106
20630
msgid ""
20107
20631
"To install <application>Mailman</application>, run following command at a "
20108
20632
"terminal prompt:"
20109
20633
msgstr ""
20110
20634
20111
#: serverguide/C/mail.xml:957(command)
20635
#: serverguide/C/mail.xml:898(command)
20112
20636
msgid "sudo apt-get install mailman"
20113
20637
msgstr ""
20114
20638
20115
#: serverguide/C/mail.xml:959(para)
20639
#: serverguide/C/mail.xml:900(para)
20116
20640
msgid ""
20117
20641
"It copies the installation files in "
20118
20642
"<application>/var/lib/mailman</application> directory. It installs the CGI "
20122
20646
"this user."
20123
20647
msgstr ""
20124
20648
20125
#: serverguide/C/mail.xml:971(para)
20649
#: serverguide/C/mail.xml:912(para)
20126
20650
msgid ""
20127
20651
"This section assumes you have successfully installed "
20128
20652
"<application>mailman</application>, <application>apache2</application>, and "
20130
20654
"you just need to configure them."
20131
20655
msgstr ""
20132
20656
20133
#: serverguide/C/mail.xml:980(para)
20657
#: serverguide/C/mail.xml:921(para)
20134
20658
msgid ""
20135
20659
"An example Apache configuration file comes with "
20136
20660
"<application>Mailman</application> and is placed in "
20139
20663
"available</filename>:"
20140
20664
msgstr ""
20141
20665
20142
#: serverguide/C/mail.xml:986(command)
20666
#: serverguide/C/mail.xml:927(command)
20143
20667
msgid ""
20144
20668
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20145
20669
msgstr ""
20146
20670
20147
#: serverguide/C/mail.xml:988(para)
20671
#: serverguide/C/mail.xml:929(para)
20148
20672
msgid ""
20149
20673
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
20150
20674
"Mailman administration site. Now enable the new configuration and restart "
20151
20675
"Apache:"
20152
20676
msgstr ""
20153
20677
20154
#: serverguide/C/mail.xml:993(command)
20678
#: serverguide/C/mail.xml:934(command)
20155
20679
msgid "sudo a2ensite mailman.conf"
20156
20680
msgstr ""
20157
20681
20158
#: serverguide/C/mail.xml:996(para)
20682
#: serverguide/C/mail.xml:937(para)
20159
20683
msgid ""
20160
20684
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
20161
20685
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
20164
20688
"available/mailman.conf</filename> file if you wish to change this behavior."
20165
20689
msgstr ""
20166
20690
20167
#: serverguide/C/mail.xml:1007(para)
20691
#: serverguide/C/mail.xml:948(para)
20168
20692
msgid ""
20169
20693
"For <application>Postfix</application> integration, we will associate the "
20170
20694
"domain lists.example.com with the mailing lists. Please replace "
20171
20695
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20172
20696
msgstr ""
20173
20697
20174
#: serverguide/C/mail.xml:1011(para)
20698
#: serverguide/C/mail.xml:952(para)
20175
20699
msgid ""
20176
20700
"You can use the postconf command to add the necessary configuration to "
20177
20701
"<filename>/etc/postfix/main.cf</filename>:"
20178
20702
msgstr ""
20179
20703
20180
#: serverguide/C/mail.xml:1015(command)
20704
#: serverguide/C/mail.xml:956(command)
20181
20705
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20182
20706
msgstr ""
20183
20707
20184
#: serverguide/C/mail.xml:1016(command)
20708
#: serverguide/C/mail.xml:957(command)
20185
20709
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20186
20710
msgstr ""
20187
20711
20188
#: serverguide/C/mail.xml:1017(command)
20712
#: serverguide/C/mail.xml:958(command)
20189
20713
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20190
20714
msgstr ""
20191
20715
20192
#: serverguide/C/mail.xml:1019(para)
20716
#: serverguide/C/mail.xml:960(para)
20193
20717
msgid ""
20194
20718
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20195
20719
"the following transport:"
20196
20720
msgstr ""
20197
20721
20198
#: serverguide/C/mail.xml:1022(programlisting)
20722
#: serverguide/C/mail.xml:963(programlisting)
20199
20723
#, no-wrap
20200
20724
msgid ""
20201
20725
"\n"
20204
20728
" ${nexthop} ${user}\n"
20205
20729
msgstr ""
20206
20730
20207
#: serverguide/C/mail.xml:1027(para)
20731
#: serverguide/C/mail.xml:968(para)
20208
20732
msgid ""
20209
20733
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20210
20734
"is delivered to a list."
20211
20735
msgstr ""
20212
20736
20213
#: serverguide/C/mail.xml:1030(para)
20737
#: serverguide/C/mail.xml:971(para)
20214
20738
msgid ""
20215
20739
"Associate the domain lists.example.com to the Mailman transport with the "
20216
20740
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20217
20741
msgstr ""
20218
20742
20219
#: serverguide/C/mail.xml:1033(programlisting)
20743
#: serverguide/C/mail.xml:974(programlisting)
20220
20744
#, no-wrap
20221
20745
msgid ""
20222
20746
"\n"
20223
20747
"lists.example.com mailman:\n"
20224
20748
msgstr ""
20225
20749
20226
#: serverguide/C/mail.xml:1036(para)
20750
#: serverguide/C/mail.xml:977(para)
20227
20751
msgid ""
20228
20752
"Now have <application>Postfix</application> build the transport map by "
20229
20753
"entering the following from a terminal prompt:"
20230
20754
msgstr ""
20231
20755
20232
#: serverguide/C/mail.xml:1040(command)
20756
#: serverguide/C/mail.xml:981(command)
20233
20757
msgid "sudo postmap -v /etc/postfix/transport"
20234
20758
msgstr ""
20235
20759
20236
#: serverguide/C/mail.xml:1042(para)
20760
#: serverguide/C/mail.xml:983(para)
20237
20761
msgid "Then restart Postfix to enable the new configurations:"
20238
20762
msgstr ""
20239
20763
20240
#: serverguide/C/mail.xml:1051(para)
20764
#: serverguide/C/mail.xml:992(para)
20241
20765
msgid ""
20242
20766
"Once Exim4 is installed, you can start the Exim server using the following "
20243
20767
"command from a terminal prompt:"
20244
20768
msgstr ""
20245
20769
20246
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
20770
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
20247
20771
msgid "Main"
20248
20772
msgstr ""
20249
20773
20250
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
20774
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
20251
20775
msgid "Transport"
20252
20776
msgstr ""
20253
20777
20254
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
20778
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
20255
20779
msgid "Router"
20256
20780
msgstr ""
20257
20781
20258
#: serverguide/C/mail.xml:1058(para)
20782
#: serverguide/C/mail.xml:999(para)
20259
20783
msgid ""
20260
20784
"In order to make mailman work with Exim4, you need to configure Exim4. As "
20261
20785
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
20267
20791
"is very important."
20268
20792
msgstr ""
20269
20793
20270
#: serverguide/C/mail.xml:1089(programlisting)
20794
#: serverguide/C/mail.xml:1030(programlisting)
20271
20795
#, no-wrap
20272
20796
msgid ""
20273
20797
"\n"
20301
20825
"# end\n"
20302
20826
msgstr ""
20303
20827
20304
#: serverguide/C/mail.xml:1083(para)
20828
#: serverguide/C/mail.xml:1024(para)
20305
20829
msgid ""
20306
20830
"All the configuration files belonging to the main type are stored in the "
20307
20831
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
20309
20833
"config_mailman</filename>: <placeholder-1/>"
20310
20834
msgstr ""
20311
20835
20312
#: serverguide/C/mail.xml:1129(programlisting)
20836
#: serverguide/C/mail.xml:1070(programlisting)
20313
20837
#, no-wrap
20314
20838
msgid ""
20315
20839
"\n"
20327
20851
" group = MM_GID\n"
20328
20852
msgstr ""
20329
20853
20330
#: serverguide/C/mail.xml:1123(para)
20854
#: serverguide/C/mail.xml:1064(para)
20331
20855
msgid ""
20332
20856
"All the configuration files belonging to transport type are stored in the "
20333
20857
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
20335
20859
"config_mailman</filename>: <placeholder-1/>"
20336
20860
msgstr ""
20337
20861
20338
#: serverguide/C/mail.xml:1150(programlisting)
20862
#: serverguide/C/mail.xml:1091(programlisting)
20339
20863
#, no-wrap
20340
20864
msgid ""
20341
20865
"\n"
20349
20873
" transport = mailman_transport\n"
20350
20874
msgstr ""
20351
20875
20352
#: serverguide/C/mail.xml:1146(para)
20876
#: serverguide/C/mail.xml:1087(para)
20353
20877
msgid ""
20354
20878
"All the configuration files belonging to router type are stored in the "
20355
20879
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
20357
20881
"config_mailman</filename>: <placeholder-1/>"
20358
20882
msgstr ""
20359
20883
20360
#: serverguide/C/mail.xml:1163(para)
20884
#: serverguide/C/mail.xml:1104(para)
20361
20885
msgid ""
20362
20886
"The order of main and transport configuration files can be in any order. "
20363
20887
"But, the order of router configuration files must be the same. This "
20367
20891
"details, please refer to the references section."
20368
20892
msgstr ""
20369
20893
20370
#: serverguide/C/mail.xml:1176(para)
20894
#: serverguide/C/mail.xml:1117(para)
20371
20895
msgid ""
20372
20896
"Once mailman is installed, you can run it using the following command:"
20373
20897
msgstr ""
20376
20900
msgid "sudo service mailman start"
20377
20901
msgstr ""
20378
20902
20379
#: serverguide/C/mail.xml:1182(para)
20903
#: serverguide/C/mail.xml:1123(para)
20380
20904
msgid ""
20381
20905
"Once mailman is installed, you should create the default mailing list. Run "
20382
20906
"the following command to create the mailing list:"
20383
20907
msgstr ""
20384
20908
20385
#: serverguide/C/mail.xml:1188(command)
20909
#: serverguide/C/mail.xml:1129(command)
20386
20910
msgid "sudo /usr/sbin/newlist mailman"
20387
20911
msgstr ""
20388
20912
20389
#: serverguide/C/mail.xml:1191(programlisting)
20913
#: serverguide/C/mail.xml:1132(programlisting)
20390
20914
#, no-wrap
20391
20915
msgid ""
20392
20916
"\n"
20417
20941
" # \n"
20418
20942
msgstr ""
20419
20943
20420
#: serverguide/C/mail.xml:1214(para)
20944
#: serverguide/C/mail.xml:1155(para)
20421
20945
msgid ""
20422
20946
"We have configured either Postfix or Exim4 to recognize all emails from "
20423
20947
"mailman. So, it is not mandatory to make any new entries in "
20426
20950
"continuing to next section."
20427
20951
msgstr ""
20428
20952
20429
#: serverguide/C/mail.xml:1222(para)
20953
#: serverguide/C/mail.xml:1163(para)
20430
20954
msgid ""
20431
20955
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
20432
20956
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
20434
20958
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
20435
20959
msgstr ""
20436
20960
20437
#: serverguide/C/mail.xml:1233(title)
20961
#: serverguide/C/mail.xml:1174(title)
20438
20962
msgid "Administration"
20439
20963
msgstr ""
20440
20964
20441
#: serverguide/C/mail.xml:1234(para)
20965
#: serverguide/C/mail.xml:1175(para)
20442
20966
msgid ""
20443
20967
"We assume you have a default installation. The mailman cgi scripts are still "
20444
20968
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
20446
20970
"point your browser to the following url:"
20447
20971
msgstr ""
20448
20972
20449
#: serverguide/C/mail.xml:1242(para)
20973
#: serverguide/C/mail.xml:1183(para)
20450
20974
msgid "http://hostname/cgi-bin/mailman/admin"
20451
20975
msgstr ""
20452
20976
20453
#: serverguide/C/mail.xml:1246(para)
20977
#: serverguide/C/mail.xml:1187(para)
20454
20978
msgid ""
20455
20979
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20456
20980
"screen. If you click the mailing list name, it will ask for your "
20461
20985
"mailing list using the web interface."
20462
20986
msgstr ""
20463
20987
20464
#: serverguide/C/mail.xml:1259(title)
20988
#: serverguide/C/mail.xml:1200(title)
20465
20989
msgid "Users"
20466
20990
msgstr ""
20467
20991
20468
#: serverguide/C/mail.xml:1260(para)
20992
#: serverguide/C/mail.xml:1201(para)
20469
20993
msgid ""
20470
20994
"Mailman provides a web based interface for users. To access this page, point "
20471
20995
"your browser to the following url:"
20472
20996
msgstr ""
20473
20997
20474
#: serverguide/C/mail.xml:1265(para)
20998
#: serverguide/C/mail.xml:1206(para)
20475
20999
msgid "http://hostname/cgi-bin/mailman/listinfo"
20476
21000
msgstr ""
20477
21001
20478
#: serverguide/C/mail.xml:1269(para)
21002
#: serverguide/C/mail.xml:1210(para)
20479
21003
msgid ""
20480
21004
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20481
21005
"screen. If you click the mailing list name, it will display the subscription "
20484
21008
"instructions in the email to subscribe."
20485
21009
msgstr ""
20486
21010
20487
#: serverguide/C/mail.xml:1281(ulink)
21011
#: serverguide/C/mail.xml:1222(ulink)
20488
21012
msgid "GNU Mailman - Installation Manual"
20489
21013
msgstr ""
20490
21014
20491
#: serverguide/C/mail.xml:1285(ulink)
21015
#: serverguide/C/mail.xml:1226(ulink)
20492
21016
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
20493
21017
msgstr ""
20494
21018
20495
#: serverguide/C/mail.xml:1288(para)
21019
#: serverguide/C/mail.xml:1229(para)
20496
21020
msgid ""
20497
21021
"Also, see the <ulink "
20498
21022
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
20499
21023
"Wiki</ulink> page."
20500
21024
msgstr ""
20501
21025
20502
#: serverguide/C/mail.xml:1294(title)
21026
#: serverguide/C/mail.xml:1235(title)
20503
21027
msgid "Mail Filtering"
20504
21028
msgstr ""
20505
21029
20506
#: serverguide/C/mail.xml:1295(para)
21030
#: serverguide/C/mail.xml:1236(para)
20507
21031
msgid ""
20508
21032
"One of the largest issues with email today is the problem of Unsolicited "
20509
21033
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
20511
21035
"the bulk of all email traffic on the Internet."
20512
21036
msgstr ""
20513
21037
20514
#: serverguide/C/mail.xml:1300(para)
21038
#: serverguide/C/mail.xml:1241(para)
20515
21039
msgid ""
20516
21040
"This section will cover integrating <application>Amavisd-new</application>, "
20517
21041
"<application>Spamassassin</application>, and "
20525
21049
"spf</application>."
20526
21050
msgstr ""
20527
21051
20528
#: serverguide/C/mail.xml:1310(para)
21052
#: serverguide/C/mail.xml:1251(para)
20529
21053
msgid ""
20530
21054
"<application>Amavisd-new</application> is a wrapper program that can call "
20531
21055
"any number of content filtering programs for spam detection, antivirus, etc."
20532
21056
msgstr ""
20533
21057
20534
#: serverguide/C/mail.xml:1316(para)
21058
#: serverguide/C/mail.xml:1257(para)
20535
21059
msgid ""
20536
21060
"<application>Spamassassin</application> uses a variety of mechanisms to "
20537
21061
"filter email based on the message content."
20538
21062
msgstr ""
20539
21063
20540
#: serverguide/C/mail.xml:1321(para)
21064
#: serverguide/C/mail.xml:1262(para)
20541
21065
msgid ""
20542
21066
"<application>ClamAV</application> is an open source antivirus application."
20543
21067
msgstr ""
20544
21068
20545
#: serverguide/C/mail.xml:1326(para)
21069
#: serverguide/C/mail.xml:1267(para)
20546
21070
msgid ""
20547
21071
"<application>opendkim</application> implements a Sendmail Mail Filter "
20548
21072
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
20549
21073
msgstr ""
20550
21074
20551
#: serverguide/C/mail.xml:1332(para)
21075
#: serverguide/C/mail.xml:1273(para)
20552
21076
msgid ""
20553
21077
"<application>python-policyd-spf</application> enables Sender Policy "
20554
21078
"Framework (SPF) checking with <application>Postfix</application>."
20555
21079
msgstr ""
20556
21080
20557
#: serverguide/C/mail.xml:1337(para)
21081
#: serverguide/C/mail.xml:1278(para)
20558
21082
msgid "This is how the pieces fit together:"
20559
21083
msgstr ""
20560
21084
20561
#: serverguide/C/mail.xml:1342(para)
21085
#: serverguide/C/mail.xml:1283(para)
20562
21086
msgid "An email message is accepted by <application>Postfix</application>."
20563
21087
msgstr ""
20564
21088
20565
#: serverguide/C/mail.xml:1347(para)
21089
#: serverguide/C/mail.xml:1288(para)
20566
21090
msgid ""
20567
21091
"The message is passed through any external filters "
20568
21092
"<application>opendkim</application> and <application>python-policyd-"
20569
21093
"spf</application> in this case."
20570
21094
msgstr ""
20571
21095
20572
#: serverguide/C/mail.xml:1353(para)
21096
#: serverguide/C/mail.xml:1294(para)
20573
21097
msgid "<application>Amavisd-new</application> then processes the message."
20574
21098
msgstr ""
20575
21099
20576
#: serverguide/C/mail.xml:1358(para)
21100
#: serverguide/C/mail.xml:1299(para)
20577
21101
msgid ""
20578
21102
"<application>ClamAV</application> is used to scan the message. If the "
20579
21103
"message contains a virus <application>Postfix</application> will reject the "
20580
21104
"message."
20581
21105
msgstr ""
20582
21106
20583
#: serverguide/C/mail.xml:1364(para)
21107
#: serverguide/C/mail.xml:1305(para)
20584
21108
msgid ""
20585
21109
"Clean messages will then be analyzed by "
20586
21110
"<application>Spamassassin</application> to find out if the message is spam. "
20589
21113
"message."
20590
21114
msgstr ""
20591
21115
20592
#: serverguide/C/mail.xml:1371(para)
21116
#: serverguide/C/mail.xml:1312(para)
20593
21117
msgid ""
20594
21118
"For example, if a message has a Spam score of over fifty the message could "
20595
21119
"be automatically dropped from the queue without the recipient ever having to "
20598
21122
"see fit."
20599
21123
msgstr ""
20600
21124
20601
#: serverguide/C/mail.xml:1378(para)
21125
#: serverguide/C/mail.xml:1319(para)
20602
21126
msgid ""
20603
21127
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20604
21128
"configuring Postfix."
20605
21129
msgstr ""
20606
21130
20607
#: serverguide/C/mail.xml:1381(para)
21131
#: serverguide/C/mail.xml:1322(para)
20608
21132
msgid ""
20609
21133
"To install the rest of the applications enter the following from a terminal "
20610
21134
"prompt:"
20611
21135
msgstr ""
20612
21136
20613
#: serverguide/C/mail.xml:1385(command)
21137
#: serverguide/C/mail.xml:1326(command)
20614
21138
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20615
21139
msgstr ""
20616
21140
20617
#: serverguide/C/mail.xml:1386(command)
21141
#: serverguide/C/mail.xml:1327(command)
20618
21142
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
20619
21143
msgstr ""
20620
21144
20621
#: serverguide/C/mail.xml:1388(para)
21145
#: serverguide/C/mail.xml:1329(para)
20622
21146
msgid ""
20623
21147
"There are some optional packages that integrate with "
20624
21148
"<application>Spamassassin</application> for better spam detection:"
20625
21149
msgstr ""
20626
21150
20627
#: serverguide/C/mail.xml:1392(command)
21151
#: serverguide/C/mail.xml:1333(command)
20628
21152
msgid "sudo apt-get install pyzor razor"
20629
21153
msgstr ""
20630
21154
20631
#: serverguide/C/mail.xml:1394(para)
21155
#: serverguide/C/mail.xml:1335(para)
20632
21156
msgid ""
20633
21157
"Along with the main filtering applications compression utilities are needed "
20634
21158
"to process some email attachments:"
20635
21159
msgstr ""
20636
21160
20637
#: serverguide/C/mail.xml:1398(command)
21161
#: serverguide/C/mail.xml:1339(command)
20638
21162
msgid ""
20639
21163
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20640
21164
msgstr ""
20641
21165
20642
#: serverguide/C/mail.xml:1401(para)
21166
#: serverguide/C/mail.xml:1342(para)
20643
21167
msgid ""
20644
21168
"If some packages are not found, check that the "
20645
21169
"<emphasis>multiverse</emphasis> repository is enabled in "
20646
21170
"<filename>/etc/apt/sources.list</filename>"
20647
21171
msgstr ""
20648
21172
20649
#: serverguide/C/mail.xml:1402(para)
21173
#: serverguide/C/mail.xml:1343(para)
20650
21174
msgid ""
20651
21175
"If you make changes to the file, be sure to run <command>sudo apt-get "
20652
21176
"update</command> before trying to install again."
20653
21177
msgstr ""
20654
21178
20655
#: serverguide/C/mail.xml:1407(para)
21179
#: serverguide/C/mail.xml:1348(para)
20656
21180
msgid "Now configure everything to work together and filter email."
20657
21181
msgstr ""
20658
21182
20659
#: serverguide/C/mail.xml:1411(title)
21183
#: serverguide/C/mail.xml:1352(title)
20660
21184
msgid "ClamAV"
20661
21185
msgstr ""
20662
21186
20663
#: serverguide/C/mail.xml:1412(para)
21187
#: serverguide/C/mail.xml:1353(para)
20664
21188
msgid ""
20665
21189
"The default behaviour of <application>ClamAV</application> will fit our "
20666
21190
"needs. For more ClamAV configuration options, check the configuration files "
20667
21191
"in <filename>/etc/clamav</filename>."
20668
21192
msgstr ""
20669
21193
20670
#: serverguide/C/mail.xml:1417(para)
21194
#: serverguide/C/mail.xml:1358(para)
20671
21195
msgid ""
20672
21196
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20673
21197
"group in order for <application>Amavisd-new</application> to have the "
20674
21198
"appropriate access to scan files:"
20675
21199
msgstr ""
20676
21200
20677
#: serverguide/C/mail.xml:1422(command)
21201
#: serverguide/C/mail.xml:1363(command)
20678
21202
msgid "sudo adduser clamav amavis"
20679
21203
msgstr ""
20680
21204
20681
#: serverguide/C/mail.xml:1423(command)
21205
#: serverguide/C/mail.xml:1364(command)
20682
21206
msgid "sudo adduser amavis clamav"
20683
21207
msgstr ""
20684
21208
20685
#: serverguide/C/mail.xml:1427(title)
21209
#: serverguide/C/mail.xml:1368(title)
20686
21210
msgid "Spamassassin"
20687
21211
msgstr ""
20688
21212
20689
#: serverguide/C/mail.xml:1428(para)
21213
#: serverguide/C/mail.xml:1369(para)
20690
21214
msgid ""
20691
21215
"Spamassassin automatically detects optional components and will use them if "
20692
21216
"they are present. This means that there is no need to configure "
20693
21217
"<application>pyzor</application> and <application>razor</application>."
20694
21218
msgstr ""
20695
21219
20696
#: serverguide/C/mail.xml:1432(para)
21220
#: serverguide/C/mail.xml:1373(para)
20697
21221
msgid ""
20698
21222
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20699
21223
"<application>Spamassassin</application> daemon. Change "
20700
21224
"<emphasis>ENABLED=0</emphasis> to:"
20701
21225
msgstr ""
20702
21226
20703
#: serverguide/C/mail.xml:1436(programlisting)
21227
#: serverguide/C/mail.xml:1377(programlisting)
20704
21228
#, no-wrap
20705
21229
msgid ""
20706
21230
"\n"
20707
21231
"ENABLED=1\n"
20708
21232
msgstr ""
20709
21233
20710
#: serverguide/C/mail.xml:1439(para)
21234
#: serverguide/C/mail.xml:1380(para)
20711
21235
msgid "Now start the daemon:"
20712
21236
msgstr ""
20713
21237
20715
21239
msgid "sudo service spamassassin start"
20716
21240
msgstr ""
20717
21241
20718
#: serverguide/C/mail.xml:1447(title)
21242
#: serverguide/C/mail.xml:1388(title)
20719
21243
msgid "Amavisd-new"
20720
21244
msgstr ""
20721
21245
20722
#: serverguide/C/mail.xml:1448(para)
21246
#: serverguide/C/mail.xml:1389(para)
20723
21247
msgid ""
20724
21248
"First activate spam and antivirus detection in <application>Amavisd-"
20725
21249
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
20726
21250
"content_filter_mode</filename>:"
20727
21251
msgstr ""
20728
21252
20729
#: serverguide/C/mail.xml:1452(programlisting)
21253
#: serverguide/C/mail.xml:1393(programlisting)
20730
21254
#, no-wrap
20731
21255
msgid ""
20732
21256
"\n"
20757
21281
"1; # insure a defined return\n"
20758
21282
msgstr ""
20759
21283
20760
#: serverguide/C/mail.xml:1477(para)
20761
msgid ""
20762
"Bouncing spam can be a bad idea as the return address is often faked. "
20763
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
20764
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
20765
"D_BOUNCE, as follows:"
20766
msgstr ""
20767
20768
#: serverguide/C/mail.xml:1483(programlisting)
20769
#, no-wrap
20770
msgid ""
20771
"\n"
20772
"$final_spam_destiny = D_DISCARD;\n"
20773
msgstr ""
20774
20775
#: serverguide/C/mail.xml:1487(para)
21284
#: serverguide/C/mail.xml:1419(para)
21285
msgid ""
21286
"Bouncing spam can be a bad idea as the return address is often faked. The "
21287
"default behaviour is to instead discard. This is configured in "
21288
"<filename>/etc/amavis/conf.d/21-debian_defaults</filename> where "
21289
"<emphasis>$final_spam_destiny</emphasis> is set to D_DISCARD rather than "
21290
"D_BOUNCE."
21291
msgstr ""
21292
21293
#: serverguide/C/mail.xml:1425(para)
20776
21294
msgid ""
20777
21295
"Additionally, you may want to adjust the following options to flag more "
20778
21296
"messages as spam:"
20779
21297
msgstr ""
20780
21298
20781
#: serverguide/C/mail.xml:1491(programlisting)
21299
#: serverguide/C/mail.xml:1429(programlisting)
20782
21300
#, no-wrap
20783
21301
msgid ""
20784
21302
"\n"
20789
21307
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
20790
21308
msgstr ""
20791
21309
20792
#: serverguide/C/mail.xml:1498(para)
21310
#: serverguide/C/mail.xml:1436(para)
20793
21311
msgid ""
20794
21312
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
20795
21313
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
20798
21316
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
20799
21317
msgstr ""
20800
21318
20801
#: serverguide/C/mail.xml:1505(programlisting)
21319
#: serverguide/C/mail.xml:1443(programlisting)
20802
21320
#, no-wrap
20803
21321
msgid ""
20804
21322
"\n"
20806
21324
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
20807
21325
msgstr ""
20808
21326
20809
#: serverguide/C/mail.xml:1510(para)
21327
#: serverguide/C/mail.xml:1448(para)
20810
21328
msgid ""
20811
21329
"If you want to cover multiple domains you can use the following in "
20812
21330
"the<filename>/etc/amavis/conf.d/50-user</filename>"
20813
21331
msgstr ""
20814
21332
20815
#: serverguide/C/mail.xml:1513(programlisting)
21333
#: serverguide/C/mail.xml:1451(programlisting)
20816
21334
#, no-wrap
20817
21335
msgid ""
20818
21336
"\n"
20819
21337
"@local_domains_acl = qw(.);\n"
20820
21338
msgstr ""
20821
21339
20822
#: serverguide/C/mail.xml:1517(para)
21340
#: serverguide/C/mail.xml:1455(para)
20823
21341
msgid ""
20824
21342
"After configuration <application>Amavisd-new</application> needs to be "
20825
21343
"restarted:"
20826
21344
msgstr ""
20827
21345
20828
#: serverguide/C/mail.xml:1521(command) serverguide/C/mail.xml:1568(command)
21346
#: serverguide/C/mail.xml:1517(command) serverguide/C/mail.xml:1564(command)
20829
21347
msgid "sudo service amavis restart"
20830
21348
msgstr ""
20831
21349
20832
#: serverguide/C/mail.xml:1524(title)
21350
#: serverguide/C/mail.xml:1462(title)
20833
21351
msgid "DKIM Whitelist"
20834
21352
msgstr ""
20835
21353
20836
#: serverguide/C/mail.xml:1526(para)
21354
#: serverguide/C/mail.xml:1464(para)
20837
21355
msgid ""
20838
21356
"<application>Amavisd-new</application> can be configured to automatically "
20839
21357
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
20841
21359
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
20842
21360
msgstr ""
20843
21361
20844
#: serverguide/C/mail.xml:1532(para)
21362
#: serverguide/C/mail.xml:1470(para)
20845
21363
msgid "There are multiple ways to configure the Whitelist for a domain:"
20846
21364
msgstr ""
20847
21365
20848
#: serverguide/C/mail.xml:1538(para)
21366
#: serverguide/C/mail.xml:1476(para)
20849
21367
msgid ""
20850
21368
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20851
21369
"address from the \"example.com\" domain."
20852
21370
msgstr ""
20853
21371
20854
#: serverguide/C/mail.xml:1543(para)
21372
#: serverguide/C/mail.xml:1481(para)
20855
21373
msgid ""
20856
21374
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20857
21375
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
20858
21376
"have a valid signature."
20859
21377
msgstr ""
20860
21378
20861
#: serverguide/C/mail.xml:1549(para)
21379
#: serverguide/C/mail.xml:1487(para)
20862
21380
msgid ""
20863
21381
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
20864
21382
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
20865
21383
"role=\"italic\">example.com</emphasis> the parent domain."
20866
21384
msgstr ""
20867
21385
20868
#: serverguide/C/mail.xml:1555(para)
21386
#: serverguide/C/mail.xml:1493(para)
20869
21387
msgid ""
20870
21388
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
20871
21389
"that have a valid signature from \"example.com\". This is usually used for "
20872
21390
"discussion groups that sign their messages."
20873
21391
msgstr ""
20874
21392
20875
#: serverguide/C/mail.xml:1562(para)
21393
#: serverguide/C/mail.xml:1500(para)
20876
21394
msgid ""
20877
21395
"A domain can also have multiple Whitelist configurations. After editing the "
20878
21396
"file, restart <application>amavisd-new</application>:"
20879
21397
msgstr ""
20880
21398
20881
#: serverguide/C/mail.xml:1572(para)
21399
#: serverguide/C/mail.xml:1510(para)
20882
21400
msgid ""
20883
21401
"In this context, once a domain has been added to the Whitelist the message "
20884
21402
"will not receive any anti-virus or spam filtering. This may or may not be "
20885
21403
"the intended behavior you wish for a domain."
20886
21404
msgstr ""
20887
21405
20888
#: serverguide/C/mail.xml:1582(para)
21406
#: serverguide/C/mail.xml:1520(para)
20889
21407
msgid ""
20890
21408
"For <application>Postfix</application> integration, enter the following from "
20891
21409
"a terminal prompt:"
20892
21410
msgstr ""
20893
21411
20894
#: serverguide/C/mail.xml:1586(command)
21412
#: serverguide/C/mail.xml:1524(command)
20895
21413
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20896
21414
msgstr ""
20897
21415
20898
#: serverguide/C/mail.xml:1588(para)
21416
#: serverguide/C/mail.xml:1526(para)
20899
21417
msgid ""
20900
21418
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
20901
21419
"to the end of the file:"
20902
21420
msgstr ""
20903
21421
20904
#: serverguide/C/mail.xml:1591(programlisting)
21422
#: serverguide/C/mail.xml:1587(programlisting)
20905
21423
#, no-wrap
20906
21424
msgid ""
20907
21425
"\n"
20934
21452
"_milters\n"
20935
21453
msgstr ""
20936
21454
20937
#: serverguide/C/mail.xml:1618(para)
21455
#: serverguide/C/mail.xml:1556(para)
20938
21456
msgid ""
20939
21457
"Also add the following two lines immediately below the "
20940
21458
"<emphasis>\"pickup\"</emphasis> transport service:"
20941
21459
msgstr ""
20942
21460
20943
#: serverguide/C/mail.xml:1621(programlisting)
21461
#: serverguide/C/mail.xml:1559(programlisting)
20944
21462
#, no-wrap
20945
21463
msgid ""
20946
21464
"\n"
20948
21466
" -o receive_override_options=no_header_body_checks\n"
20949
21467
msgstr ""
20950
21468
20951
#: serverguide/C/mail.xml:1625(para)
21469
#: serverguide/C/mail.xml:1563(para)
20952
21470
msgid ""
20953
21471
"This will prevent messages that are generated to report on spam from being "
20954
21472
"classified as spam."
20955
21473
msgstr ""
20956
21474
20957
#: serverguide/C/mail.xml:1628(para)
21475
#: serverguide/C/mail.xml:1566(para)
20958
21476
msgid "Now restart <application>Postfix</application>:"
20959
21477
msgstr ""
20960
21478
20961
#: serverguide/C/mail.xml:1634(para)
21479
#: serverguide/C/mail.xml:1572(para)
20962
21480
msgid "Content filtering with spam and virus detection is now enabled."
20963
21481
msgstr ""
20964
21482
20965
#: serverguide/C/mail.xml:1640(title)
21483
#: serverguide/C/mail.xml:1578(title)
20966
21484
msgid "Amavisd-new and Spamassassin"
20967
21485
msgstr ""
20968
21486
20969
#: serverguide/C/mail.xml:1642(para)
21487
#: serverguide/C/mail.xml:1580(para)
20970
21488
msgid ""
20971
21489
"When integrating <application>Amavisd-new</application> with "
20972
21490
"<application>Spamassassin</application>, if you choose to disable the bayes "
20977
21495
"<application>cron</application> job."
20978
21496
msgstr ""
20979
21497
20980
#: serverguide/C/mail.xml:1649(para)
21498
#: serverguide/C/mail.xml:1587(para)
20981
21499
msgid "There are several ways to handle this situation:"
20982
21500
msgstr ""
20983
21501
20984
#: serverguide/C/mail.xml:1655(para)
21502
#: serverguide/C/mail.xml:1593(para)
20985
21503
msgid "Configure your MDA to filter messages you do not wish to see."
20986
21504
msgstr ""
20987
21505
20988
#: serverguide/C/mail.xml:1660(para)
21506
#: serverguide/C/mail.xml:1598(para)
20989
21507
msgid ""
20990
21508
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
20991
21509
"<emphasis>use_bayes 0</emphasis>. For example, edit "
20993
21511
"the top before the <emphasis>test</emphasis> statements:"
20994
21512
msgstr ""
20995
21513
20996
#: serverguide/C/mail.xml:1664(programlisting)
21514
#: serverguide/C/mail.xml:1602(programlisting)
20997
21515
#, no-wrap
20998
21516
msgid ""
20999
21517
"\n"
21001
21519
"exit 0\n"
21002
21520
msgstr ""
21003
21521
21004
#: serverguide/C/mail.xml:1674(para)
21522
#: serverguide/C/mail.xml:1612(para)
21005
21523
msgid ""
21006
21524
"First, test that the <application>Amavisd-new</application> SMTP is "
21007
21525
"listening:"
21008
21526
msgstr ""
21009
21527
21010
#: serverguide/C/mail.xml:1677(programlisting)
21528
#: serverguide/C/mail.xml:1615(programlisting)
21011
21529
#, no-wrap
21012
21530
msgid ""
21013
21531
"\n"
21019
21537
"^]\n"
21020
21538
msgstr ""
21021
21539
21022
#: serverguide/C/mail.xml:1685(para)
21540
#: serverguide/C/mail.xml:1623(para)
21023
21541
msgid ""
21024
21542
"In the Header of messages that go through the content filter you should see:"
21025
21543
msgstr ""
21026
21544
21027
#: serverguide/C/mail.xml:1688(programlisting)
21545
#: serverguide/C/mail.xml:1626(programlisting)
21028
21546
#, no-wrap
21029
21547
msgid ""
21030
21548
"\n"
21035
21553
"X-Spam-Level: \n"
21036
21554
msgstr ""
21037
21555
21038
#: serverguide/C/mail.xml:1695(para)
21556
#: serverguide/C/mail.xml:1633(para)
21039
21557
msgid ""
21040
21558
"Your output will vary, but the important thing is that there are <emphasis>X-"
21041
21559
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21042
21560
msgstr ""
21043
21561
21044
#: serverguide/C/mail.xml:1703(para)
21562
#: serverguide/C/mail.xml:1641(para)
21045
21563
msgid ""
21046
21564
"The best way to figure out why something is going wrong is to check the log "
21047
21565
"files."
21048
21566
msgstr ""
21049
21567
21050
#: serverguide/C/mail.xml:1708(para)
21568
#: serverguide/C/mail.xml:1646(para)
21051
21569
msgid ""
21052
21570
"For instructions on <application>Postfix</application> logging see the <xref "
21053
21571
"linkend=\"postfix-troubleshooting\"/> section."
21054
21572
msgstr ""
21055
21573
21056
#: serverguide/C/mail.xml:1714(para)
21574
#: serverguide/C/mail.xml:1652(para)
21057
21575
msgid ""
21058
21576
"<application>Amavisd-new</application> uses "
21059
21577
"<application>Syslog</application> to send messages to "
21063
21581
"1 to 5."
21064
21582
msgstr ""
21065
21583
21066
#: serverguide/C/mail.xml:1719(programlisting)
21584
#: serverguide/C/mail.xml:1657(programlisting)
21067
21585
#, no-wrap
21068
21586
msgid ""
21069
21587
"\n"
21070
21588
"$log_level = 2;\n"
21071
21589
msgstr ""
21072
21590
21073
#: serverguide/C/mail.xml:1723(para)
21591
#: serverguide/C/mail.xml:1661(para)
21074
21592
msgid ""
21075
21593
"When the <application>Amavisd-new</application> log output is increased "
21076
21594
"<application>Spamassassin</application> log output is also increased."
21077
21595
msgstr ""
21078
21596
21079
#: serverguide/C/mail.xml:1730(para)
21597
#: serverguide/C/mail.xml:1668(para)
21080
21598
msgid ""
21081
21599
"The <application>ClamAV</application> log level can be increased by editing "
21082
21600
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
21083
21601
msgstr ""
21084
21602
21085
#: serverguide/C/mail.xml:1734(programlisting)
21603
#: serverguide/C/mail.xml:1672(programlisting)
21086
21604
#, no-wrap
21087
21605
msgid ""
21088
21606
"\n"
21089
21607
"LogVerbose true\n"
21090
21608
msgstr ""
21091
21609
21092
#: serverguide/C/mail.xml:1737(para)
21610
#: serverguide/C/mail.xml:1675(para)
21093
21611
msgid ""
21094
21612
"By default <application>ClamAV</application> will send log messages to "
21095
21613
"<filename>/var/log/clamav/clamav.log</filename>."
21096
21614
msgstr ""
21097
21615
21098
#: serverguide/C/mail.xml:1743(para)
21616
#: serverguide/C/mail.xml:1681(para)
21099
21617
msgid ""
21100
21618
"After changing an applications log settings remember to restart the service "
21101
21619
"for the new settings to take affect. Also, once the issue you are "
21103
21621
"back to normal."
21104
21622
msgstr ""
21105
21623
21106
#: serverguide/C/mail.xml:1751(para)
21624
#: serverguide/C/mail.xml:1689(para)
21107
21625
msgid "For more information on filtering mail see the following links:"
21108
21626
msgstr ""
21109
21627
21110
#: serverguide/C/mail.xml:1757(ulink)
21628
#: serverguide/C/mail.xml:1695(ulink)
21111
21629
msgid "Amavisd-new Documentation"
21112
21630
msgstr ""
21113
21631
21114
#: serverguide/C/mail.xml:1761(para)
21632
#: serverguide/C/mail.xml:1699(para)
21115
21633
msgid ""
21116
21634
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21117
21635
"Documentation</ulink> and <ulink "
21118
21636
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21119
21637
msgstr ""
21120
21638
21121
#: serverguide/C/mail.xml:1768(ulink)
21639
#: serverguide/C/mail.xml:1706(ulink)
21122
21640
msgid "Spamassassin Wiki"
21123
21641
msgstr ""
21124
21642
21125
#: serverguide/C/mail.xml:1773(ulink)
21643
#: serverguide/C/mail.xml:1711(ulink)
21126
21644
msgid "Pyzor Homepage"
21127
21645
msgstr ""
21128
21646
21129
#: serverguide/C/mail.xml:1778(ulink)
21647
#: serverguide/C/mail.xml:1716(ulink)
21130
21648
msgid "Razor Homepage"
21131
21649
msgstr ""
21132
21650
21133
#: serverguide/C/mail.xml:1783(ulink)
21651
#: serverguide/C/mail.xml:1721(ulink)
21134
21652
msgid "DKIM.org"
21135
21653
msgstr ""
21136
21654
21137
#: serverguide/C/mail.xml:1788(ulink)
21655
#: serverguide/C/mail.xml:1726(ulink)
21138
21656
msgid "Postfix Amavis New"
21139
21657
msgstr ""
21140
21658
21141
#: serverguide/C/mail.xml:1792(para)
21659
#: serverguide/C/mail.xml:1730(para)
21142
21660
msgid ""
21143
21661
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21144
21662
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
21293
21811
msgstr ""
21294
21812
21295
21813
#: serverguide/C/lamp-applications.xml:144(command)
21296
msgid "sudo chown -R www-data.www-data mywiki"
21814
msgid "sudo chown -R www-data:www-data mywiki"
21297
21815
msgstr ""
21298
21816
21299
21817
#: serverguide/C/lamp-applications.xml:145(command)
21392
21910
"server:"
21393
21911
msgstr ""
21394
21912
21395
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1246(title)
21913
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
21396
21914
msgid "Verification"
21397
21915
msgstr ""
21398
21916
21469
21987
#: serverguide/C/lamp-applications.xml:301(para)
21470
21988
msgid ""
21471
21989
"The Apache configuration file <filename>mediawiki.conf</filename> for "
21472
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
21473
"directory. You should uncomment the following line in this file to access "
21474
"MediaWiki application."
21990
"<application>MediaWiki</application> is installed in "
21991
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
21992
"<application>MediaWiki</application>, uncomment the following line in the "
21993
"file."
21475
21994
msgstr ""
21476
21995
21477
21996
#: serverguide/C/lamp-applications.xml:309(screen)
21481
22000
"# Alias /mediawiki /var/lib/mediawiki\n"
21482
22001
msgstr ""
21483
22002
21484
#: serverguide/C/lamp-applications.xml:313(para)
21485
msgid ""
21486
"After you uncomment the above line, restart Apache server and access "
21487
"MediaWiki using the following url:"
21488
msgstr ""
21489
21490
#: serverguide/C/lamp-applications.xml:318(programlisting)
21491
#, no-wrap
21492
msgid ""
21493
"\n"
21494
"http://localhost/mediawiki/config/index.php\n"
21495
msgstr ""
21496
21497
#: serverguide/C/lamp-applications.xml:323(para)
21498
msgid ""
21499
"Please read the <quote>Checking environment...</quote> section in this page. "
21500
"You should be able to fix many issues by carefully reading this section."
22003
#: serverguide/C/lamp-applications.xml:312(para)
22004
msgid ""
22005
"The <application>MediaWiki</application> configuration also needs to be "
22006
"enabled."
22007
msgstr ""
22008
22009
#: serverguide/C/lamp-applications.xml:316(command)
22010
msgid "sudo a2enconf mediawiki.conf"
22011
msgstr ""
22012
22013
#: serverguide/C/lamp-applications.xml:319(para)
22014
msgid "Restart Apache server."
22015
msgstr ""
22016
22017
#: serverguide/C/lamp-applications.xml:326(para)
22018
msgid ""
22019
"Access <application>MediaWiki</application> by visiting <ulink "
22020
"url=\"http://localhost/mediawiki/mw-"
22021
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
22022
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
22023
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
22024
"config/index.php</ulink> if your server has no GUI.)"
22025
msgstr ""
22026
22027
#: serverguide/C/lamp-applications.xml:334(para)
22028
msgid ""
22029
"Please read the <quote>Environmental checks</quote> section of the "
22030
"configuration page. You should be able to fix many issues by carefully "
22031
"reading this section."
21501
22032
msgstr ""
21502
22033
21503
22034
#: serverguide/C/lamp-applications.xml:330(para)
21558
22089
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
21559
22090
msgstr ""
21560
22091
21561
#: serverguide/C/lamp-applications.xml:383(para)
22092
#: serverguide/C/lamp-applications.xml:394(para)
21562
22093
msgid ""
21563
22094
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
21564
22095
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
21603
22134
"<application>Apache2</application> for the web server."
21604
22135
msgstr ""
21605
22136
21606
#: serverguide/C/lamp-applications.xml:425(para)
22137
#: serverguide/C/lamp-applications.xml:436(para)
21607
22138
msgid ""
21608
22139
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
21609
22140
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
21697
22228
"Wiki</ulink> page."
21698
22229
msgstr ""
21699
22230
21700
#: serverguide/C/lamp-applications.xml:506(title)
22231
#: serverguide/C/lamp-applications.xml:517(title)
21701
22232
msgid "WordPress"
21702
22233
msgstr ""
21703
22234
21704
#: serverguide/C/lamp-applications.xml:507(para)
22235
#: serverguide/C/lamp-applications.xml:518(para)
21705
22236
msgid ""
21706
22237
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
21707
22238
"licensed under the GNU GPLv2."
21708
22239
msgstr ""
21709
22240
21710
#: serverguide/C/lamp-applications.xml:513(para)
22241
#: serverguide/C/lamp-applications.xml:524(para)
21711
22242
msgid ""
21712
22243
"To install <application>WordPress</application>, run the following comand in "
21713
22244
"the command prompt:"
21714
22245
msgstr ""
21715
22246
21716
#: serverguide/C/lamp-applications.xml:518(command)
22247
#: serverguide/C/lamp-applications.xml:529(command)
21717
22248
msgid "sudo apt-get install wordpress"
21718
22249
msgstr ""
21719
22250
21720
#: serverguide/C/lamp-applications.xml:521(para)
22251
#: serverguide/C/lamp-applications.xml:532(para)
21721
22252
msgid ""
21722
22253
"You should also install <application>apache2</application> web server and "
21723
22254
"<application>mysql</application> server. For installing "
21728
22259
"linkend=\"mysql\"/> section."
21729
22260
msgstr ""
21730
22261
21731
#: serverguide/C/lamp-applications.xml:535(para)
22262
#: serverguide/C/lamp-applications.xml:546(para)
21732
22263
msgid ""
21733
22264
"For configuring your first <application>WordPress</application> application, "
21734
22265
"configure an apache site. Open <filename>/etc/apache2/sites-"
21735
22266
"available/wordpress.conf</filename> and write the following lines:"
21736
22267
msgstr ""
21737
22268
21738
#: serverguide/C/lamp-applications.xml:542(programlisting)
22269
#: serverguide/C/lamp-applications.xml:553(programlisting)
21739
22270
#, no-wrap
21740
22271
msgid ""
21741
22272
"\n"
21755
22286
" "
21756
22287
msgstr ""
21757
22288
21758
#: serverguide/C/lamp-applications.xml:558(para)
22289
#: serverguide/C/lamp-applications.xml:569(para)
21759
22290
msgid "Enable this new <application>WordPress</application> site"
21760
22291
msgstr ""
21761
22292
21762
#: serverguide/C/lamp-applications.xml:561(command)
22293
#: serverguide/C/lamp-applications.xml:572(command)
21763
22294
msgid "sudo a2ensite wordpress"
21764
22295
msgstr ""
21765
22296
21766
#: serverguide/C/lamp-applications.xml:564(para)
22297
#: serverguide/C/lamp-applications.xml:575(para)
21767
22298
msgid ""
21768
22299
"Once you configure the <application>apache2</application> web server and "
21769
22300
"make it ready for your <application>WordPress</application> application, you "
21771
22302
"<application>apache2</application> web server:"
21772
22303
msgstr ""
21773
22304
21774
#: serverguide/C/lamp-applications.xml:576(para)
22305
#: serverguide/C/lamp-applications.xml:587(para)
21775
22306
msgid ""
21776
22307
"To facilitate multiple <application>WordPress</application> installations, "
21777
22308
"the name of this configuration file is based on the Host header of the HTTP "
21784
22315
"NAME_OF_YOUR_VIRTUAL_HOST.php."
21785
22316
msgstr ""
21786
22317
21787
#: serverguide/C/lamp-applications.xml:587(para)
22318
#: serverguide/C/lamp-applications.xml:598(para)
21788
22319
msgid ""
21789
22320
"Once the configuration file is written, it is up to you to choose a "
21790
22321
"convention for username and password to mysql for each "
21792
22323
"shows only one, localhost, example."
21793
22324
msgstr ""
21794
22325
21795
#: serverguide/C/lamp-applications.xml:594(para)
22326
#: serverguide/C/lamp-applications.xml:605(para)
21796
22327
msgid ""
21797
22328
"Now configure <application>WordPress</application> to use a mysql database. "
21798
22329
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
21799
22330
"the following lines:"
21800
22331
msgstr ""
21801
22332
21802
#: serverguide/C/lamp-applications.xml:600(programlisting)
22333
#: serverguide/C/lamp-applications.xml:611(programlisting)
21803
22334
#, no-wrap
21804
22335
msgid ""
21805
22336
"\n"
21812
22343
"?>\n"
21813
22344
msgstr ""
21814
22345
21815
#: serverguide/C/lamp-applications.xml:609(para)
22346
#: serverguide/C/lamp-applications.xml:620(para)
21816
22347
msgid ""
21817
22348
"Now create this mysql database. Open a temporary file with mysql commands "
21818
22349
"<filename>wordpress.sql</filename> and write the following lines:"
21819
22350
msgstr ""
21820
22351
21821
#: serverguide/C/lamp-applications.xml:612(programlisting)
22352
#: serverguide/C/lamp-applications.xml:623(programlisting)
21822
22353
#, no-wrap
21823
22354
msgid ""
21824
22355
"\n"
21830
22361
"FLUSH PRIVILEGES;\n"
21831
22362
msgstr ""
21832
22363
21833
#: serverguide/C/lamp-applications.xml:620(para)
22364
#: serverguide/C/lamp-applications.xml:631(para)
21834
22365
msgid "Execute these commands."
21835
22366
msgstr ""
21836
22367
21837
#: serverguide/C/lamp-applications.xml:622(command)
22368
#: serverguide/C/lamp-applications.xml:633(command)
21838
22369
msgid ""
21839
22370
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
21840
22371
msgstr ""
21841
22372
21842
#: serverguide/C/lamp-applications.xml:624(para)
22373
#: serverguide/C/lamp-applications.xml:635(para)
21843
22374
msgid ""
21844
22375
"Your new <application>WordPress</application> can now be configured by "
21845
22376
"visiting <ulink url=\"http://localhost/blog/wp-"
21852
22383
"mail and click Install WordPress."
21853
22384
msgstr ""
21854
22385
21855
#: serverguide/C/lamp-applications.xml:631(para)
22386
#: serverguide/C/lamp-applications.xml:642(para)
21856
22387
msgid ""
21857
22388
"Note the generated password (if applicable) and click the login password. "
21858
22389
"Your <application>WordPress</application> is now ready for use."
21859
22390
msgstr ""
21860
22391
21861
#: serverguide/C/lamp-applications.xml:641(ulink)
22392
#: serverguide/C/lamp-applications.xml:652(ulink)
21862
22393
msgid "WordPress.org Codex"
21863
22394
msgstr ""
21864
22395
21865
#: serverguide/C/lamp-applications.xml:646(ulink)
22396
#: serverguide/C/lamp-applications.xml:657(ulink)
21866
22397
msgid "Ubuntu Wiki WordPress"
21867
22398
msgstr ""
21868
22399
21957
22488
msgid "Install Type"
21958
22489
msgstr ""
21959
22490
21960
#: serverguide/C/installation.xml:36(para)
22491
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
21961
22492
msgid "CPU"
21962
22493
msgstr ""
21963
22494
21989
22520
msgid "512 megabytes"
21990
22521
msgstr ""
21991
22522
21992
#: serverguide/C/installation.xml:50(para)
22523
#: serverguide/C/installation.xml:51(para)
21993
22524
msgid "1 gigabyte"
21994
22525
msgstr ""
21995
22526
22001
22532
msgid "Server (Minimal)"
22002
22533
msgstr ""
22003
22534
22004
#: serverguide/C/installation.xml:55(para)
22535
#: serverguide/C/installation.xml:48(para)
22005
22536
msgid "300 megahertz"
22006
22537
msgstr ""
22007
22538
22017
22548
msgid "1.4 gigabytes"
22018
22549
msgstr ""
22019
22550
22020
#: serverguide/C/installation.xml:64(para)
22551
#: serverguide/C/installation.xml:56(para)
22021
22552
msgid ""
22022
22553
"The Server Edition provides a common base for all sorts of server "
22023
22554
"applications. It is a minimalist design providing a platform for the desired "
22024
22555
"services, such as file/print services, web hosting, email hosting, etc."
22025
22556
msgstr ""
22026
22557
22027
#: serverguide/C/installation.xml:72(title)
22558
#: serverguide/C/installation.xml:70(title)
22028
22559
msgid "Server and Desktop Differences"
22029
22560
msgstr ""
22030
22561
22031
#: serverguide/C/installation.xml:73(para)
22562
#: serverguide/C/installation.xml:71(para)
22032
22563
msgid ""
22033
22564
"There are a few differences between the <emphasis>Ubuntu Server "
22034
22565
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
22044
22575
"environment in the Server Edition and the installation process."
22045
22576
msgstr ""
22046
22577
22047
#: serverguide/C/installation.xml:86(title)
22578
#: serverguide/C/installation.xml:84(title)
22048
22579
msgid "Kernel Differences:"
22049
22580
msgstr ""
22050
22581
22051
#: serverguide/C/installation.xml:87(para)
22582
#: serverguide/C/installation.xml:85(para)
22052
22583
msgid ""
22053
22584
"Ubuntu version 10.10 and prior, actually had different kernels for the "
22054
22585
"server and desktop editions. Ubuntu no longer has separate -server and -"
22056
22587
"flavor to help reduce the maintenance burden over the life of the release."
22057
22588
msgstr ""
22058
22589
22059
#: serverguide/C/installation.xml:92(para)
22590
#: serverguide/C/installation.xml:90(para)
22060
22591
msgid ""
22061
22592
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
22062
22593
"limited by memory addressing space."
22070
22601
"great resource on the options available."
22071
22602
msgstr ""
22072
22603
22073
#: serverguide/C/installation.xml:106(title)
22604
#: serverguide/C/installation.xml:104(title)
22074
22605
msgid "Backing Up"
22075
22606
msgstr ""
22076
22607
22077
#: serverguide/C/installation.xml:109(para)
22608
#: serverguide/C/installation.xml:107(para)
22078
22609
msgid ""
22079
22610
"Before installing <application>Ubuntu Server Edition</application> you "
22080
22611
"should make sure all data on the system is backed up. See <xref "
22081
22612
"linkend=\"backups\"/> for backup options."
22082
22613
msgstr ""
22083
22614
22084
#: serverguide/C/installation.xml:113(para)
22615
#: serverguide/C/installation.xml:111(para)
22085
22616
msgid ""
22086
22617
"If this is not the first time an operating system has been installed on your "
22087
22618
"computer, it is likely you will need to re-partition your disk to make room "
22088
22619
"for Ubuntu."
22089
22620
msgstr ""
22090
22621
22091
#: serverguide/C/installation.xml:117(para)
22622
#: serverguide/C/installation.xml:115(para)
22092
22623
msgid ""
22093
22624
"Any time you partition your disk, you should be prepared to lose everything "
22094
22625
"on the disk should you make a mistake or something goes wrong during "
22096
22627
"have seen years of use, but they also perform destructive actions."
22097
22628
msgstr ""
22098
22629
22099
#: serverguide/C/installation.xml:129(title)
22630
#: serverguide/C/installation.xml:127(title)
22100
22631
msgid "Installing from CD"
22101
22632
msgstr ""
22102
22633
22103
#: serverguide/C/installation.xml:130(para)
22634
#: serverguide/C/installation.xml:128(para)
22104
22635
msgid ""
22105
22636
"The basic steps to install Ubuntu Server Edition from CD are the same as "
22106
22637
"those for installing any operating system from CD. Unlike the "
22109
22640
"Server Edition uses a console menu based process instead."
22110
22641
msgstr ""
22111
22642
22112
#: serverguide/C/installation.xml:137(para)
22643
#: serverguide/C/installation.xml:135(para)
22113
22644
msgid ""
22114
22645
"First, download and burn the appropriate ISO file from the <ulink "
22115
22646
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
22116
22647
"site</ulink>."
22117
22648
msgstr ""
22118
22649
22119
#: serverguide/C/installation.xml:143(para)
22650
#: serverguide/C/installation.xml:141(para)
22120
22651
msgid "Boot the system from the CD-ROM drive."
22121
22652
msgstr ""
22122
22653
22123
#: serverguide/C/installation.xml:148(para)
22654
#: serverguide/C/installation.xml:146(para)
22124
22655
msgid "At the boot prompt you will be asked to select a language."
22125
22656
msgstr ""
22126
22657
22127
#: serverguide/C/installation.xml:153(para)
22658
#: serverguide/C/installation.xml:151(para)
22128
22659
msgid ""
22129
22660
"From the main boot menu there are some additional options to install Ubuntu "
22130
22661
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
22133
22664
"install."
22134
22665
msgstr ""
22135
22666
22136
#: serverguide/C/installation.xml:160(para)
22667
#: serverguide/C/installation.xml:158(para)
22137
22668
msgid ""
22138
22669
"The installer asks for which language it should use. Afterwards, you are "
22139
22670
"asked to select your location."
22140
22671
msgstr ""
22141
22672
22142
#: serverguide/C/installation.xml:166(para)
22673
#: serverguide/C/installation.xml:164(para)
22143
22674
msgid ""
22144
22675
"Next, the installation process begins by asking for your keyboard layout. "
22145
22676
"You can ask the installer to attempt auto-detecting it, or you can select it "
22146
22677
"manually from a list."
22147
22678
msgstr ""
22148
22679
22149
#: serverguide/C/installation.xml:172(para)
22680
#: serverguide/C/installation.xml:170(para)
22150
22681
msgid ""
22151
22682
"The installer then discovers your hardware configuration, and configures the "
22152
22683
"network settings using DHCP. If you do not wish to use DHCP at the next "
22158
22689
msgid "Next, the installer asks for the system's hostname."
22159
22690
msgstr ""
22160
22691
22161
#: serverguide/C/installation.xml:184(para)
22692
#: serverguide/C/installation.xml:195(para)
22162
22693
msgid ""
22163
22694
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22164
22695
"through the <application>sudo</application> utility."
22165
22696
msgstr ""
22166
22697
22167
#: serverguide/C/installation.xml:190(para)
22698
#: serverguide/C/installation.xml:201(para)
22168
22699
msgid ""
22169
22700
"After the user settings have been completed, you will be asked to encrypt "
22170
22701
"your <filename role=\"directory\">home</filename> directory."
22174
22705
msgid "Next, the installer asks for the system's Time Zone."
22175
22706
msgstr ""
22176
22707
22177
#: serverguide/C/installation.xml:201(para)
22708
#: serverguide/C/installation.xml:182(para)
22178
22709
msgid ""
22179
22710
"You can then choose from several options to configure the hard drive layout. "
22180
22711
"Afterwards you are asked for which disk to install to. You may get "
22184
22715
"linkend=\"advanced-installation\"/>."
22185
22716
msgstr ""
22186
22717
22187
#: serverguide/C/installation.xml:209(para)
22718
#: serverguide/C/installation.xml:190(para)
22188
22719
msgid "The Ubuntu base system is then installed."
22189
22720
msgstr ""
22190
22721
22191
#: serverguide/C/installation.xml:214(para)
22722
#: serverguide/C/installation.xml:207(para)
22192
22723
msgid ""
22193
22724
"The next step in the installation process is to decide how you want to "
22194
22725
"update the system. There are three options:"
22195
22726
msgstr ""
22196
22727
22197
#: serverguide/C/installation.xml:220(para)
22728
#: serverguide/C/installation.xml:213(para)
22198
22729
msgid ""
22199
22730
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
22200
22731
"log into the machine and manually install updates."
22201
22732
msgstr ""
22202
22733
22203
#: serverguide/C/installation.xml:226(para)
22734
#: serverguide/C/installation.xml:219(para)
22204
22735
msgid ""
22205
22736
"<emphasis>Install security updates automatically</emphasis>: this will "
22206
22737
"install the <application>unattended-upgrades</application> package, which "
22208
22739
"For more details see <xref linkend=\"automatic-updates\"/>."
22209
22740
msgstr ""
22210
22741
22211
#: serverguide/C/installation.xml:233(para)
22742
#: serverguide/C/installation.xml:226(para)
22212
22743
msgid ""
22213
22744
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
22214
22745
"service provided by Canonical to help manage your Ubuntu machines. See the "
22216
22747
"site for details."
22217
22748
msgstr ""
22218
22749
22219
#: serverguide/C/installation.xml:242(para)
22750
#: serverguide/C/installation.xml:235(para)
22220
22751
msgid ""
22221
22752
"You now have the option to install, or not install, several package tasks. "
22222
22753
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
22224
22755
"install. For more information see <xref linkend=\"aptitude\"/>."
22225
22756
msgstr ""
22226
22757
22227
#: serverguide/C/installation.xml:250(para)
22758
#: serverguide/C/installation.xml:243(para)
22228
22759
msgid "Finally, the last step before rebooting is to set the clock to UTC."
22229
22760
msgstr ""
22230
22761
22231
#: serverguide/C/installation.xml:256(para)
22762
#: serverguide/C/installation.xml:249(para)
22232
22763
msgid ""
22233
22764
"If at any point during installation you are not satisfied by the default "
22234
22765
"setting, use the \"Go Back\" function at any prompt to be brought to a "
22236
22767
"settings."
22237
22768
msgstr ""
22238
22769
22239
#: serverguide/C/installation.xml:261(para)
22770
#: serverguide/C/installation.xml:254(para)
22240
22771
msgid ""
22241
22772
"At some point during the installation process you may want to read the help "
22242
22773
"screen provided by the installation system. To do this, press F1."
22249
22780
"Installation Guide</ulink>."
22250
22781
msgstr ""
22251
22782
22252
#: serverguide/C/installation.xml:272(title)
22783
#: serverguide/C/installation.xml:265(title)
22253
22784
msgid "Package Tasks"
22254
22785
msgstr ""
22255
22786
22256
#: serverguide/C/installation.xml:273(para)
22787
#: serverguide/C/installation.xml:266(para)
22257
22788
msgid ""
22258
22789
"During the Server Edition installation you have the option of installing "
22259
22790
"additional packages from the CD. The packages are grouped by the type of "
22260
22791
"service they provide."
22261
22792
msgstr ""
22262
22793
22263
#: serverguide/C/installation.xml:279(para)
22794
#: serverguide/C/installation.xml:272(para)
22264
22795
msgid "DNS server: Selects the BIND DNS server and its documentation."
22265
22796
msgstr ""
22266
22797
22267
#: serverguide/C/installation.xml:284(para)
22798
#: serverguide/C/installation.xml:277(para)
22268
22799
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
22269
22800
msgstr ""
22270
22801
22271
#: serverguide/C/installation.xml:289(para)
22802
#: serverguide/C/installation.xml:282(para)
22272
22803
msgid ""
22273
22804
"Mail server: This task selects a variety of packages useful for a general "
22274
22805
"purpose mail server system."
22275
22806
msgstr ""
22276
22807
22277
#: serverguide/C/installation.xml:294(para)
22808
#: serverguide/C/installation.xml:287(para)
22278
22809
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
22279
22810
msgstr ""
22280
22811
22281
#: serverguide/C/installation.xml:299(para)
22812
#: serverguide/C/installation.xml:292(para)
22282
22813
msgid ""
22283
22814
"PostgreSQL database: This task selects client and server packages for the "
22284
22815
"PostgreSQL database."
22285
22816
msgstr ""
22286
22817
22287
#: serverguide/C/installation.xml:304(para)
22818
#: serverguide/C/installation.xml:297(para)
22288
22819
msgid "Print server: This task sets up your system to be a print server."
22289
22820
msgstr ""
22290
22821
22291
#: serverguide/C/installation.xml:309(para)
22822
#: serverguide/C/installation.xml:302(para)
22292
22823
msgid ""
22293
22824
"Samba File server: This task sets up your system to be a Samba file server, "
22294
22825
"which is especially suitable in networks with both Windows and Linux systems."
22295
22826
msgstr ""
22296
22827
22297
#: serverguide/C/installation.xml:315(para)
22828
#: serverguide/C/installation.xml:308(para)
22298
22829
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
22299
22830
msgstr ""
22300
22831
22301
#: serverguide/C/installation.xml:320(para)
22832
#: serverguide/C/installation.xml:313(para)
22302
22833
msgid ""
22303
22834
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
22304
22835
msgstr ""
22305
22836
22306
#: serverguide/C/installation.xml:325(para)
22837
#: serverguide/C/installation.xml:318(para)
22307
22838
msgid ""
22308
22839
"Manually select packages: Executes <application>aptitude</application> "
22309
22840
"allowing you to individually select packages."
22310
22841
msgstr ""
22311
22842
22312
#: serverguide/C/installation.xml:330(para)
22843
#: serverguide/C/installation.xml:323(para)
22313
22844
msgid ""
22314
22845
"Installing the package groups is accomplished using the "
22315
22846
"<application>tasksel</application> utility. One of the important differences "
22320
22851
"a fully integrated service."
22321
22852
msgstr ""
22322
22853
22323
#: serverguide/C/installation.xml:337(para)
22854
#: serverguide/C/installation.xml:330(para)
22324
22855
msgid ""
22325
22856
"Once the installation process has finished you can view a list of available "
22326
22857
"tasks by entering the following from a terminal prompt:"
22327
22858
msgstr ""
22328
22859
22329
#: serverguide/C/installation.xml:342(command)
22860
#: serverguide/C/installation.xml:335(command)
22330
22861
msgid "tasksel --list-tasks"
22331
22862
msgstr ""
22332
22863
22333
#: serverguide/C/installation.xml:345(para)
22864
#: serverguide/C/installation.xml:338(para)
22334
22865
msgid ""
22335
22866
"The output will list tasks from other Ubuntu based distributions such as "
22336
22867
"Kubuntu and Edubuntu. Note that you can also invoke the "
22338
22869
"the different tasks available."
22339
22870
msgstr ""
22340
22871
22341
#: serverguide/C/installation.xml:351(para)
22872
#: serverguide/C/installation.xml:344(para)
22342
22873
msgid ""
22343
22874
"You can view a list of which packages are installed with each task using the "
22344
22875
"<emphasis>--task-packages</emphasis> option. For example, to list the "
22346
22877
"following:"
22347
22878
msgstr ""
22348
22879
22349
#: serverguide/C/installation.xml:356(command)
22880
#: serverguide/C/installation.xml:349(command)
22350
22881
msgid "tasksel --task-packages dns-server"
22351
22882
msgstr ""
22352
22883
22353
#: serverguide/C/installation.xml:358(para)
22884
#: serverguide/C/installation.xml:351(para)
22354
22885
msgid "The output of the command should list:"
22355
22886
msgstr ""
22356
22887
22357
#: serverguide/C/installation.xml:361(programlisting)
22888
#: serverguide/C/installation.xml:354(programlisting)
22358
22889
#, no-wrap
22359
22890
msgid ""
22360
22891
"\n"
22363
22894
"bind9\n"
22364
22895
msgstr ""
22365
22896
22366
#: serverguide/C/installation.xml:366(para)
22897
#: serverguide/C/installation.xml:359(para)
22367
22898
msgid ""
22368
22899
"If you did not install one of the tasks during the installation process, but "
22369
22900
"for example you decide to make your new LAMP server a DNS server as well, "
22370
22901
"simply insert the installation CD and from a terminal:"
22371
22902
msgstr ""
22372
22903
22373
#: serverguide/C/installation.xml:371(command)
22904
#: serverguide/C/installation.xml:364(command)
22374
22905
msgid "sudo tasksel install dns-server"
22375
22906
msgstr ""
22376
22907
22377
#: serverguide/C/installation.xml:376(title)
22908
#: serverguide/C/installation.xml:369(title)
22378
22909
msgid "Upgrading"
22379
22910
msgstr ""
22380
22911
22381
#: serverguide/C/installation.xml:377(para)
22912
#: serverguide/C/installation.xml:370(para)
22382
22913
msgid ""
22383
22914
"There are several ways to upgrade from one Ubuntu release to another. This "
22384
22915
"section gives an overview of the recommended upgrade method."
22385
22916
msgstr ""
22386
22917
22387
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
22918
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
22388
22919
msgid "do-release-upgrade"
22389
22920
msgstr ""
22390
22921
22391
#: serverguide/C/installation.xml:382(para)
22922
#: serverguide/C/installation.xml:375(para)
22392
22923
msgid ""
22393
22924
"The recommended way to upgrade a Server Edition installation is to use the "
22394
22925
"<application>do-release-upgrade</application> utility. Part of the "
22396
22927
"graphical dependencies and is installed by default."
22397
22928
msgstr ""
22398
22929
22399
#: serverguide/C/installation.xml:387(para)
22930
#: serverguide/C/installation.xml:380(para)
22400
22931
msgid ""
22401
22932
"Debian based systems can also be upgraded by using <command>apt-get dist-"
22402
22933
"upgrade</command>. However, using <application>do-release-"
22404
22935
"system configuration changes sometimes needed between releases."
22405
22936
msgstr ""
22406
22937
22407
#: serverguide/C/installation.xml:392(para)
22938
#: serverguide/C/installation.xml:385(para)
22408
22939
msgid "To upgrade to a newer release, from a terminal prompt enter:"
22409
22940
msgstr ""
22410
22941
22411
#: serverguide/C/installation.xml:398(para)
22942
#: serverguide/C/installation.xml:391(para)
22412
22943
msgid ""
22413
22944
"It is also possible to use <application>do-release-upgrade</application> to "
22414
22945
"upgrade to a development version of Ubuntu. To accomplish this use the "
22415
22946
"<emphasis>-d</emphasis> switch:"
22416
22947
msgstr ""
22417
22948
22418
#: serverguide/C/installation.xml:403(command)
22949
#: serverguide/C/installation.xml:396(command)
22419
22950
msgid "do-release-upgrade -d"
22420
22951
msgstr ""
22421
22952
22422
#: serverguide/C/installation.xml:406(para)
22953
#: serverguide/C/installation.xml:399(para)
22423
22954
msgid ""
22424
22955
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
22425
22956
"for production environments."
22426
22957
msgstr ""
22427
22958
22428
#: serverguide/C/installation.xml:413(title)
22959
#: serverguide/C/installation.xml:406(title)
22429
22960
msgid "Advanced Installation"
22430
22961
msgstr ""
22431
22962
22432
#: serverguide/C/installation.xml:416(title)
22963
#: serverguide/C/installation.xml:409(title)
22433
22964
msgid "Software RAID"
22434
22965
msgstr ""
22435
22966
22436
#: serverguide/C/installation.xml:418(para)
22967
#: serverguide/C/installation.xml:411(para)
22437
22968
msgid ""
22438
22969
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
22439
22970
"disks to provide different balances of increasing data reliability and/or "
22444
22975
"the drives 'invisibly')."
22445
22976
msgstr ""
22446
22977
22447
#: serverguide/C/installation.xml:426(para)
22978
#: serverguide/C/installation.xml:419(para)
22448
22979
msgid ""
22449
22980
"The RAID software included with current versions of Linux (and Ubuntu) is "
22450
22981
"based on the <application>'mdadm'</application> driver and works very well, "
22454
22985
"another for <emphasis>swap</emphasis>."
22455
22986
msgstr ""
22456
22987
22457
#: serverguide/C/installation.xml:434(title)
22988
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
22458
22989
msgid "Partitioning"
22459
22990
msgstr ""
22460
22991
22461
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
22992
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
22462
22993
msgid ""
22463
22994
"Follow the installation steps until you get to the <emphasis>Partition "
22464
22995
"disks</emphasis> step, then:"
22465
22996
msgstr ""
22466
22997
22998
#: serverguide/C/installation.xml:436(para)
22999
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23000
msgstr ""
23001
22467
23002
#: serverguide/C/installation.xml:443(para)
22468
msgid "Select <emphasis>Manual</emphasis> as the partition method."
22469
msgstr ""
22470
22471
#: serverguide/C/installation.xml:450(para)
22472
23003
msgid ""
22473
23004
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
22474
23005
"partition table on this device?\"</emphasis>."
22475
23006
msgstr ""
22476
23007
23008
#: serverguide/C/installation.xml:447(para)
23009
msgid ""
23010
"Repeat this step for each drive you wish to be part of the RAID array."
23011
msgstr ""
23012
22477
23013
#: serverguide/C/installation.xml:454(para)
22478
23014
msgid ""
22479
"Repeat this step for each drive you wish to be part of the RAID array."
22480
msgstr ""
22481
22482
#: serverguide/C/installation.xml:461(para)
22483
msgid ""
22484
23015
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
22485
23016
"select <emphasis>\"Create a new partition\"</emphasis>."
22486
23017
msgstr ""
22487
23018
22488
#: serverguide/C/installation.xml:468(para)
23019
#: serverguide/C/installation.xml:461(para)
22489
23020
msgid ""
22490
23021
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
22491
23022
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
22493
23024
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
22494
23025
msgstr ""
22495
23026
22496
#: serverguide/C/installation.xml:475(para)
23027
#: serverguide/C/installation.xml:468(para)
22497
23028
msgid ""
22498
23029
"A swap partition size of twice the available RAM capacity may not always be "
22499
23030
"desirable, especially on systems with large amounts of RAM. Calculating the "
22501
23032
"going to be used."
22502
23033
msgstr ""
22503
23034
22504
#: serverguide/C/installation.xml:484(para)
23035
#: serverguide/C/installation.xml:477(para)
22505
23036
msgid ""
22506
23037
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
22507
23038
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
22509
23040
"<emphasis>\"Done setting up partition\"</emphasis>."
22510
23041
msgstr ""
22511
23042
22512
#: serverguide/C/installation.xml:493(para)
23043
#: serverguide/C/installation.xml:486(para)
22513
23044
msgid ""
22514
23045
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
22515
23046
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
22516
23047
"partition\"</emphasis>."
22517
23048
msgstr ""
22518
23049
22519
#: serverguide/C/installation.xml:501(para)
23050
#: serverguide/C/installation.xml:494(para)
22520
23051
msgid ""
22521
23052
"Use the rest of the free space on the drive and choose "
22522
23053
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
22523
23054
msgstr ""
22524
23055
22525
#: serverguide/C/installation.xml:508(para)
23056
#: serverguide/C/installation.xml:501(para)
22526
23057
msgid ""
22527
23058
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
22528
23059
"at the top, changing it to <emphasis>\"physical volume for "
22531
23062
"<emphasis>\"Done setting up partition\"</emphasis>."
22532
23063
msgstr ""
22533
23064
22534
#: serverguide/C/installation.xml:518(para)
23065
#: serverguide/C/installation.xml:511(para)
22535
23066
msgid "Repeat steps three through eight for the other disk and partitions."
22536
23067
msgstr ""
22537
23068
22538
#: serverguide/C/installation.xml:527(title)
23069
#: serverguide/C/installation.xml:520(title)
22539
23070
msgid "RAID Configuration"
22540
23071
msgstr ""
22541
23072
23073
#: serverguide/C/installation.xml:522(para)
23074
msgid "With the partitions setup the arrays are ready to be configured:"
23075
msgstr ""
23076
22542
23077
#: serverguide/C/installation.xml:529(para)
22543
msgid "With the partitions setup the arrays are ready to be configured:"
22544
msgstr ""
22545
22546
#: serverguide/C/installation.xml:536(para)
22547
23078
msgid ""
22548
23079
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
22549
23080
"Software RAID\"</emphasis> at the top."
22550
23081
msgstr ""
22551
23082
23083
#: serverguide/C/installation.xml:536(para)
23084
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23085
msgstr ""
23086
22552
23087
#: serverguide/C/installation.xml:543(para)
22553
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23088
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22554
23089
msgstr ""
22555
23090
22556
23091
#: serverguide/C/installation.xml:550(para)
22557
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22558
msgstr ""
22559
22560
#: serverguide/C/installation.xml:557(para)
22561
23092
msgid ""
22562
23093
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
22563
23094
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
22564
23095
msgstr ""
22565
23096
22566
#: serverguide/C/installation.xml:563(para)
23097
#: serverguide/C/installation.xml:556(para)
22567
23098
msgid ""
22568
23099
"In order to use <emphasis>RAID5</emphasis> you need at least "
22569
23100
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
22570
23101
"<emphasis>two</emphasis> drives are required."
22571
23102
msgstr ""
22572
23103
22573
#: serverguide/C/installation.xml:572(para)
23104
#: serverguide/C/installation.xml:565(para)
22574
23105
msgid ""
22575
23106
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
22576
23107
"of hard drives you have, for the array. Then select "
22577
23108
"<emphasis>\"Continue\"</emphasis>."
22578
23109
msgstr ""
22579
23110
22580
#: serverguide/C/installation.xml:580(para)
23111
#: serverguide/C/installation.xml:573(para)
22581
23112
msgid ""
22582
23113
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
22583
23114
"default, then choose <emphasis>\"Continue\"</emphasis>."
22584
23115
msgstr ""
22585
23116
22586
#: serverguide/C/installation.xml:587(para)
23117
#: serverguide/C/installation.xml:580(para)
22587
23118
msgid ""
22588
23119
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22589
23120
"etc. The numbers will usually match and the different letters correspond to "
22590
23121
"different hard drives."
22591
23122
msgstr ""
22592
23123
22593
#: serverguide/C/installation.xml:592(para)
23124
#: serverguide/C/installation.xml:585(para)
22594
23125
msgid ""
22595
23126
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22596
23127
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22597
23128
"go to the next step."
22598
23129
msgstr ""
22599
23130
22600
#: serverguide/C/installation.xml:600(para)
23131
#: serverguide/C/installation.xml:593(para)
22601
23132
msgid ""
22602
23133
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22603
23134
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22604
23135
"and <emphasis>sdb2</emphasis>."
22605
23136
msgstr ""
22606
23137
22607
#: serverguide/C/installation.xml:608(para)
23138
#: serverguide/C/installation.xml:601(para)
22608
23139
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22609
23140
msgstr ""
22610
23141
22611
#: serverguide/C/installation.xml:618(title)
23142
#: serverguide/C/installation.xml:611(title)
22612
23143
msgid "Formatting"
22613
23144
msgstr ""
22614
23145
22615
#: serverguide/C/installation.xml:620(para)
23146
#: serverguide/C/installation.xml:613(para)
22616
23147
msgid ""
22617
23148
"There should now be a list of hard drives and RAID devices. The next step is "
22618
23149
"to format and set the mount point for the RAID devices. Treat the RAID "
22619
23150
"device as a local hard drive, format and mount accordingly."
22620
23151
msgstr ""
22621
23152
22622
#: serverguide/C/installation.xml:628(para)
23153
#: serverguide/C/installation.xml:621(para)
22623
23154
msgid ""
22624
23155
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22625
23156
"#0\"</emphasis> partition."
22626
23157
msgstr ""
22627
23158
22628
#: serverguide/C/installation.xml:635(para)
23159
#: serverguide/C/installation.xml:628(para)
22629
23160
msgid ""
22630
23161
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22631
23162
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22632
23163
msgstr ""
22633
23164
22634
#: serverguide/C/installation.xml:643(para)
23165
#: serverguide/C/installation.xml:636(para)
22635
23166
msgid ""
22636
23167
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22637
23168
"#1\"</emphasis> partition."
22638
23169
msgstr ""
22639
23170
22640
#: serverguide/C/installation.xml:650(para)
23171
#: serverguide/C/installation.xml:643(para)
22641
23172
msgid ""
22642
23173
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22643
23174
"journaling file system\"</emphasis>."
22644
23175
msgstr ""
22645
23176
22646
#: serverguide/C/installation.xml:657(para)
23177
#: serverguide/C/installation.xml:650(para)
22647
23178
msgid ""
22648
23179
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22649
23180
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22651
23182
"partition\"</emphasis>."
22652
23183
msgstr ""
22653
23184
23185
#: serverguide/C/installation.xml:658(para)
23186
msgid ""
23187
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23188
"disk\"</emphasis>."
23189
msgstr ""
23190
22654
23191
#: serverguide/C/installation.xml:665(para)
22655
23192
msgid ""
22656
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22657
"disk\"</emphasis>."
22658
msgstr ""
22659
22660
#: serverguide/C/installation.xml:672(para)
22661
msgid ""
22662
23193
"If you choose to place the root partition on a RAID array, the installer "
22663
23194
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
22664
23195
"state. See <xref linkend=\"raid-degraded\"/> for further details."
22665
23196
msgstr ""
22666
23197
22667
#: serverguide/C/installation.xml:677(para)
23198
#: serverguide/C/installation.xml:670(para)
22668
23199
msgid "The installation process will then continue normally."
22669
23200
msgstr ""
22670
23201
22671
#: serverguide/C/installation.xml:683(title)
23202
#: serverguide/C/installation.xml:676(title)
22672
23203
msgid "Degraded RAID"
22673
23204
msgstr ""
22674
23205
22675
#: serverguide/C/installation.xml:685(para)
23206
#: serverguide/C/installation.xml:678(para)
22676
23207
msgid ""
22677
23208
"At some point in the life of the computer a disk failure event may occur. "
22678
23209
"When this happens, using Software RAID, the operating system will place the "
22679
23210
"array into what is known as a <emphasis>degraded</emphasis> state."
22680
23211
msgstr ""
22681
23212
22682
#: serverguide/C/installation.xml:690(para)
23213
#: serverguide/C/installation.xml:683(para)
22683
23214
msgid ""
22684
23215
"If the array has become degraded, due to the chance of data corruption, by "
22685
23216
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
22690
23221
"Booting to a degraded array can be configured several ways:"
22691
23222
msgstr ""
22692
23223
22693
#: serverguide/C/installation.xml:701(para)
23224
#: serverguide/C/installation.xml:694(para)
22694
23225
msgid ""
22695
23226
"The <application>dpkg-reconfigure</application> utility can be used to "
22696
23227
"configure the default behavior, and during the process you will be queried "
22699
23230
"following:"
22700
23231
msgstr ""
22701
23232
22702
#: serverguide/C/installation.xml:708(command)
23233
#: serverguide/C/installation.xml:701(command)
22703
23234
msgid "sudo dpkg-reconfigure mdadm"
22704
23235
msgstr ""
22705
23236
22706
#: serverguide/C/installation.xml:714(para)
23237
#: serverguide/C/installation.xml:707(para)
22707
23238
msgid ""
22708
23239
"The <command>dpkg-reconfigure mdadm</command> process will change the "
22709
23240
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
22711
23242
"behavior, and can also be manually edited:"
22712
23243
msgstr ""
22713
23244
22714
#: serverguide/C/installation.xml:720(programlisting)
23245
#: serverguide/C/installation.xml:713(programlisting)
22715
23246
#, no-wrap
22716
23247
msgid ""
22717
23248
"\n"
22718
23249
"BOOT_DEGRADED=true\n"
22719
23250
msgstr ""
22720
23251
22721
#: serverguide/C/installation.xml:725(para)
23252
#: serverguide/C/installation.xml:718(para)
22722
23253
msgid "The configuration file can be overridden by using a Kernel argument."
22723
23254
msgstr ""
22724
23255
22725
#: serverguide/C/installation.xml:733(para)
23256
#: serverguide/C/installation.xml:726(para)
22726
23257
msgid ""
22727
23258
"Using a Kernel argument will allow the system to boot to a degraded array as "
22728
23259
"well:"
22729
23260
msgstr ""
22730
23261
22731
#: serverguide/C/installation.xml:739(para)
23262
#: serverguide/C/installation.xml:732(para)
22732
23263
msgid ""
22733
23264
"When the server is booting press <keycap>Shift</keycap> to open the "
22734
23265
"<application>Grub</application> menu."
22735
23266
msgstr ""
22736
23267
22737
#: serverguide/C/installation.xml:744(para)
23268
#: serverguide/C/installation.xml:737(para)
22738
23269
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22739
23270
msgstr ""
22740
23271
22741
#: serverguide/C/installation.xml:749(para)
23272
#: serverguide/C/installation.xml:742(para)
22742
23273
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22743
23274
msgstr ""
22744
23275
22745
#: serverguide/C/installation.xml:754(para)
23276
#: serverguide/C/installation.xml:747(para)
22746
23277
msgid ""
22747
23278
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22748
23279
"end of the line."
22749
23280
msgstr ""
22750
23281
22751
#: serverguide/C/installation.xml:759(para)
23282
#: serverguide/C/installation.xml:752(para)
22752
23283
msgid ""
22753
23284
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22754
23285
"the system."
22755
23286
msgstr ""
22756
23287
22757
#: serverguide/C/installation.xml:768(para)
23288
#: serverguide/C/installation.xml:761(para)
22758
23289
msgid ""
22759
23290
"Once the system has booted you can either repair the array see <xref "
22760
23291
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22761
23292
"another machine due to major hardware failure."
22762
23293
msgstr ""
22763
23294
22764
#: serverguide/C/installation.xml:775(title)
23295
#: serverguide/C/installation.xml:768(title)
22765
23296
msgid "RAID Maintenance"
22766
23297
msgstr ""
22767
23298
22768
#: serverguide/C/installation.xml:777(para)
23299
#: serverguide/C/installation.xml:770(para)
22769
23300
msgid ""
22770
23301
"The <application>mdadm</application> utility can be used to view the status "
22771
23302
"of an array, add disks to an array, remove disks, etc:"
22772
23303
msgstr ""
22773
23304
22774
#: serverguide/C/installation.xml:784(para)
23305
#: serverguide/C/installation.xml:777(para)
22775
23306
msgid "To view the status of an array, from a terminal prompt enter:"
22776
23307
msgstr ""
22777
23308
22778
#: serverguide/C/installation.xml:788(command)
23309
#: serverguide/C/installation.xml:781(command)
22779
23310
msgid "sudo mdadm -D /dev/md0"
22780
23311
msgstr ""
22781
23312
22782
#: serverguide/C/installation.xml:791(para)
23313
#: serverguide/C/installation.xml:784(para)
22783
23314
msgid ""
22784
23315
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22785
23316
"display <emphasis>detailed</emphasis> information about the "
22787
23318
"with the appropriate RAID device."
22788
23319
msgstr ""
22789
23320
22790
#: serverguide/C/installation.xml:797(para)
23321
#: serverguide/C/installation.xml:790(para)
22791
23322
msgid "To view the status of a disk in an array:"
22792
23323
msgstr ""
22793
23324
22794
#: serverguide/C/installation.xml:801(command)
23325
#: serverguide/C/installation.xml:794(command)
22795
23326
msgid "sudo mdadm -E /dev/sda1"
22796
23327
msgstr ""
22797
23328
22798
#: serverguide/C/installation.xml:803(para)
23329
#: serverguide/C/installation.xml:796(para)
22799
23330
msgid ""
22800
23331
"The output if very similar to the <command>mdadm -D</command> command, "
22801
23332
"adjust <filename>/dev/sda1</filename> for each disk."
22802
23333
msgstr ""
22803
23334
22804
#: serverguide/C/installation.xml:808(para)
23335
#: serverguide/C/installation.xml:801(para)
22805
23336
msgid "If a disk fails and needs to be removed from an array enter:"
22806
23337
msgstr ""
22807
23338
22808
#: serverguide/C/installation.xml:812(command)
23339
#: serverguide/C/installation.xml:805(command)
22809
23340
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
22810
23341
msgstr ""
22811
23342
22812
#: serverguide/C/installation.xml:814(para)
23343
#: serverguide/C/installation.xml:807(para)
22813
23344
msgid ""
22814
23345
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
22815
23346
"the appropriate RAID device and disk."
22816
23347
msgstr ""
22817
23348
22818
#: serverguide/C/installation.xml:819(para)
23349
#: serverguide/C/installation.xml:812(para)
22819
23350
msgid "Similarly, to add a new disk:"
22820
23351
msgstr ""
22821
23352
22822
#: serverguide/C/installation.xml:823(command)
23353
#: serverguide/C/installation.xml:816(command)
22823
23354
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
22824
23355
msgstr ""
22825
23356
22826
#: serverguide/C/installation.xml:828(para)
23357
#: serverguide/C/installation.xml:821(para)
22827
23358
msgid ""
22828
23359
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
22829
23360
"though there is nothing physically wrong with the drive. It is usually "
22832
23363
"the array, it is a good indication of hardware failure."
22833
23364
msgstr ""
22834
23365
22835
#: serverguide/C/installation.xml:834(para)
23366
#: serverguide/C/installation.xml:827(para)
22836
23367
msgid ""
22837
23368
"The <filename>/proc/mdstat</filename> file also contains useful information "
22838
23369
"about the system's RAID devices:"
22839
23370
msgstr ""
22840
23371
22841
#: serverguide/C/installation.xml:839(command)
23372
#: serverguide/C/installation.xml:832(command)
22842
23373
msgid "cat /proc/mdstat"
22843
23374
msgstr ""
22844
23375
22845
#: serverguide/C/installation.xml:840(computeroutput)
23376
#: serverguide/C/installation.xml:833(computeroutput)
22846
23377
#, no-wrap
22847
23378
msgid ""
22848
23379
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
22853
23384
"unused devices: <none>"
22854
23385
msgstr ""
22855
23386
22856
#: serverguide/C/installation.xml:847(para)
23387
#: serverguide/C/installation.xml:840(para)
22857
23388
msgid ""
22858
23389
"The following command is great for watching the status of a syncing drive:"
22859
23390
msgstr ""
22860
23391
22861
#: serverguide/C/installation.xml:852(command)
23392
#: serverguide/C/installation.xml:845(command)
22862
23393
msgid "watch -n1 cat /proc/mdstat"
22863
23394
msgstr ""
22864
23395
22865
#: serverguide/C/installation.xml:855(para)
23396
#: serverguide/C/installation.xml:848(para)
22866
23397
msgid ""
22867
23398
"Press <emphasis>Ctrl+c</emphasis> to stop the "
22868
23399
"<application>watch</application> command."
22869
23400
msgstr ""
22870
23401
22871
#: serverguide/C/installation.xml:859(para)
23402
#: serverguide/C/installation.xml:852(para)
22872
23403
msgid ""
22873
23404
"If you do need to replace a faulty drive, after the drive has been replaced "
22874
23405
"and synced, <application>grub</application> will need to be installed. To "
22876
23407
"following:"
22877
23408
msgstr ""
22878
23409
22879
#: serverguide/C/installation.xml:865(command)
23410
#: serverguide/C/installation.xml:858(command)
22880
23411
msgid "sudo grub-install /dev/md0"
22881
23412
msgstr ""
22882
23413
22883
#: serverguide/C/installation.xml:868(para)
23414
#: serverguide/C/installation.xml:861(para)
22884
23415
msgid ""
22885
23416
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
22886
23417
msgstr ""
22887
23418
22888
#: serverguide/C/installation.xml:876(para)
23419
#: serverguide/C/installation.xml:869(para)
22889
23420
msgid ""
22890
23421
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
22891
23422
"can be configured. Please see the following links for more information:"
22892
23423
msgstr ""
22893
23424
22894
#: serverguide/C/installation.xml:883(para)
23425
#: serverguide/C/installation.xml:876(para)
22895
23426
msgid ""
22896
23427
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
22897
23428
"Wiki Articles on RAID</ulink>."
22898
23429
msgstr ""
22899
23430
22900
#: serverguide/C/installation.xml:889(ulink)
23431
#: serverguide/C/installation.xml:882(ulink)
22901
23432
msgid "Software RAID HOWTO"
22902
23433
msgstr ""
22903
23434
22904
#: serverguide/C/installation.xml:894(ulink)
23435
#: serverguide/C/installation.xml:887(ulink)
22905
23436
msgid "Managing RAID on Linux"
22906
23437
msgstr ""
22907
23438
22908
#: serverguide/C/installation.xml:901(title)
23439
#: serverguide/C/installation.xml:894(title)
22909
23440
msgid "Logical Volume Manager (LVM)"
22910
23441
msgstr ""
22911
23442
22912
#: serverguide/C/installation.xml:903(para)
23443
#: serverguide/C/installation.xml:896(para)
22913
23444
msgid ""
22914
23445
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
22915
23446
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
22918
23449
"giving greater flexibility to systems as requirements change."
22919
23450
msgstr ""
22920
23451
22921
#: serverguide/C/installation.xml:912(para)
23452
#: serverguide/C/installation.xml:905(para)
22922
23453
msgid ""
22923
23454
"A side effect of LVM's power and flexibility is a greater degree of "
22924
23455
"complication. Before diving into the LVM installation process, it is best to "
22925
23456
"get familiar with some terms."
22926
23457
msgstr ""
22927
23458
22928
#: serverguide/C/installation.xml:919(para)
23459
#: serverguide/C/installation.xml:912(para)
22929
23460
msgid ""
22930
23461
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
22931
23462
"partition or software RAID partition formatted as LVM PV."
22932
23463
msgstr ""
22933
23464
22934
#: serverguide/C/installation.xml:925(para)
23465
#: serverguide/C/installation.xml:918(para)
22935
23466
msgid ""
22936
23467
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
22937
23468
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
22938
23469
"disk drive, from which one or more logical volumes are carved."
22939
23470
msgstr ""
22940
23471
22941
#: serverguide/C/installation.xml:931(para)
23472
#: serverguide/C/installation.xml:924(para)
22942
23473
msgid ""
22943
23474
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
22944
23475
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
22945
23476
"etc), it is then available for mounting and data storage."
22946
23477
msgstr ""
22947
23478
22948
#: serverguide/C/installation.xml:942(para)
23479
#: serverguide/C/installation.xml:935(para)
22949
23480
msgid ""
22950
23481
"As an example this section covers installing Ubuntu Server Edition with "
22951
23482
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
22954
23485
"can be extended."
22955
23486
msgstr ""
22956
23487
22957
#: serverguide/C/installation.xml:948(para)
23488
#: serverguide/C/installation.xml:941(para)
22958
23489
msgid ""
22959
23490
"There are several installation options for LVM, <emphasis>\"Guided - use the "
22960
23491
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
22965
23496
"the Manual approach."
22966
23497
msgstr ""
22967
23498
22968
#: serverguide/C/installation.xml:965(para)
23499
#: serverguide/C/installation.xml:958(para)
22969
23500
msgid ""
22970
23501
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
22971
23502
"<emphasis>\"Manual\"</emphasis>."
22972
23503
msgstr ""
22973
23504
22974
#: serverguide/C/installation.xml:972(para)
23505
#: serverguide/C/installation.xml:965(para)
22975
23506
msgid ""
22976
23507
"Select the hard disk and on the next screen choose \"yes\" to "
22977
23508
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
22978
23509
msgstr ""
22979
23510
22980
#: serverguide/C/installation.xml:979(para)
23511
#: serverguide/C/installation.xml:972(para)
22981
23512
msgid ""
22982
23513
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
22983
23514
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
22984
23515
msgstr ""
22985
23516
22986
#: serverguide/C/installation.xml:987(para)
23517
#: serverguide/C/installation.xml:980(para)
22987
23518
msgid ""
22988
23519
"For the LVM <emphasis>/srv</emphasis>, create a new "
22989
23520
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
22991
23522
"<emphasis>\"Done setting up the partition\"</emphasis>."
22992
23523
msgstr ""
22993
23524
22994
#: serverguide/C/installation.xml:995(para)
23525
#: serverguide/C/installation.xml:988(para)
22995
23526
msgid ""
22996
23527
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
22997
23528
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
22998
23529
"disk."
22999
23530
msgstr ""
23000
23531
23001
#: serverguide/C/installation.xml:1003(para)
23532
#: serverguide/C/installation.xml:996(para)
23002
23533
msgid ""
23003
23534
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
23004
23535
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
23007
23538
"<emphasis>\"Continue\"</emphasis>."
23008
23539
msgstr ""
23009
23540
23010
#: serverguide/C/installation.xml:1012(para)
23541
#: serverguide/C/installation.xml:1005(para)
23011
23542
msgid ""
23012
23543
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
23013
23544
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
23018
23549
"main <emphasis>\"Partition Disks\"</emphasis> screen."
23019
23550
msgstr ""
23020
23551
23021
#: serverguide/C/installation.xml:1022(para)
23552
#: serverguide/C/installation.xml:1015(para)
23022
23553
msgid ""
23023
23554
"Now add a filesystem to the new LVM. Select the partition under "
23024
23555
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
23027
23558
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23028
23559
msgstr ""
23029
23560
23030
#: serverguide/C/installation.xml:1031(para)
23561
#: serverguide/C/installation.xml:1024(para)
23031
23562
msgid ""
23032
23563
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23033
23564
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23034
23565
"the installation."
23035
23566
msgstr ""
23036
23567
23037
#: serverguide/C/installation.xml:1039(para)
23568
#: serverguide/C/installation.xml:1032(para)
23038
23569
msgid "There are some useful utilities to view information about LVM:"
23039
23570
msgstr ""
23040
23571
23041
#: serverguide/C/installation.xml:1044(para)
23572
#: serverguide/C/installation.xml:1037(para)
23042
23573
msgid ""
23043
23574
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23044
23575
msgstr ""
23045
23576
23046
#: serverguide/C/installation.xml:1045(para)
23577
#: serverguide/C/installation.xml:1038(para)
23047
23578
msgid ""
23048
23579
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23049
23580
msgstr ""
23050
23581
23051
#: serverguide/C/installation.xml:1046(para)
23582
#: serverguide/C/installation.xml:1039(para)
23052
23583
msgid ""
23053
23584
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23054
23585
msgstr ""
23055
23586
23056
#: serverguide/C/installation.xml:1051(title)
23587
#: serverguide/C/installation.xml:1044(title)
23057
23588
msgid "Extending Volume Groups"
23058
23589
msgstr ""
23059
23590
23060
#: serverguide/C/installation.xml:1053(para)
23591
#: serverguide/C/installation.xml:1046(para)
23061
23592
msgid ""
23062
23593
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23063
23594
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23069
23600
"partitions and use them as different physical volumes)"
23070
23601
msgstr ""
23071
23602
23072
#: serverguide/C/installation.xml:1061(para)
23603
#: serverguide/C/installation.xml:1054(para)
23073
23604
msgid ""
23074
23605
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23075
23606
"before issuing the commands below. You could lose some data if you issue "
23076
23607
"those commands on a non-empty disk."
23077
23608
msgstr ""
23078
23609
23079
#: serverguide/C/installation.xml:1069(para)
23610
#: serverguide/C/installation.xml:1062(para)
23080
23611
msgid "First, create the physical volume, in a terminal execute:"
23081
23612
msgstr ""
23082
23613
23083
#: serverguide/C/installation.xml:1074(command)
23614
#: serverguide/C/installation.xml:1067(command)
23084
23615
msgid "sudo pvcreate /dev/sdb"
23085
23616
msgstr ""
23086
23617
23087
#: serverguide/C/installation.xml:1080(para)
23618
#: serverguide/C/installation.xml:1073(para)
23088
23619
msgid "Now extend the Volume Group (VG):"
23089
23620
msgstr ""
23090
23621
23091
#: serverguide/C/installation.xml:1085(command)
23622
#: serverguide/C/installation.xml:1078(command)
23092
23623
msgid "sudo vgextend vg01 /dev/sdb"
23093
23624
msgstr ""
23094
23625
23095
#: serverguide/C/installation.xml:1091(para)
23626
#: serverguide/C/installation.xml:1084(para)
23096
23627
msgid ""
23097
23628
"Use <application>vgdisplay</application> to find out the free physical "
23098
23629
"extents - Free PE / size (the size you can allocate). We will assume a free "
23100
23631
"whole free space available. Use your own PE and/or free space."
23101
23632
msgstr ""
23102
23633
23103
#: serverguide/C/installation.xml:1097(para)
23634
#: serverguide/C/installation.xml:1090(para)
23104
23635
msgid ""
23105
23636
"The Logical Volume (LV) can now be extended by different methods, we will "
23106
23637
"only see how to use the PE to extend the LV:"
23107
23638
msgstr ""
23108
23639
23109
#: serverguide/C/installation.xml:1102(command)
23640
#: serverguide/C/installation.xml:1095(command)
23110
23641
msgid "sudo lvextend /dev/vg01/srv -l +511"
23111
23642
msgstr ""
23112
23643
23113
#: serverguide/C/installation.xml:1105(para)
23644
#: serverguide/C/installation.xml:1098(para)
23114
23645
msgid ""
23115
23646
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
23116
23647
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
23117
23648
"Gig, Tera, etc bytes."
23118
23649
msgstr ""
23119
23650
23120
#: serverguide/C/installation.xml:1113(para)
23651
#: serverguide/C/installation.xml:1106(para)
23121
23652
msgid ""
23122
23653
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
23123
23654
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
23126
23657
"first is compulsory)."
23127
23658
msgstr ""
23128
23659
23129
#: serverguide/C/installation.xml:1119(para)
23660
#: serverguide/C/installation.xml:1112(para)
23130
23661
msgid ""
23131
23662
"The following commands are for an <emphasis>EXT3</emphasis> or "
23132
23663
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23133
23664
"there may be other utilities available."
23134
23665
msgstr ""
23135
23666
23136
#: serverguide/C/installation.xml:1126(command)
23667
#: serverguide/C/installation.xml:1119(command)
23137
23668
msgid "sudo e2fsck -f /dev/vg01/srv"
23138
23669
msgstr ""
23139
23670
23140
#: serverguide/C/installation.xml:1129(para)
23671
#: serverguide/C/installation.xml:1122(para)
23141
23672
msgid ""
23142
23673
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23143
23674
"forces checking even if the system seems clean."
23144
23675
msgstr ""
23145
23676
23146
#: serverguide/C/installation.xml:1136(para)
23677
#: serverguide/C/installation.xml:1129(para)
23147
23678
msgid "Finally, resize the filesystem:"
23148
23679
msgstr ""
23149
23680
23150
#: serverguide/C/installation.xml:1141(command)
23681
#: serverguide/C/installation.xml:1134(command)
23151
23682
msgid "sudo resize2fs /dev/vg01/srv"
23152
23683
msgstr ""
23153
23684
23154
#: serverguide/C/installation.xml:1147(para)
23685
#: serverguide/C/installation.xml:1140(para)
23155
23686
msgid "Now mount the partition and check its size."
23156
23687
msgstr ""
23157
23688
23158
#: serverguide/C/installation.xml:1152(command)
23689
#: serverguide/C/installation.xml:1145(command)
23159
23690
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23160
23691
msgstr ""
23161
23692
23162
#: serverguide/C/installation.xml:1164(para)
23693
#: serverguide/C/installation.xml:1157(para)
23163
23694
msgid ""
23164
23695
"See the <ulink "
23165
23696
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23166
23697
"Articles</ulink>."
23167
23698
msgstr ""
23168
23699
23169
#: serverguide/C/installation.xml:1169(para)
23700
#: serverguide/C/installation.xml:1162(para)
23170
23701
msgid ""
23171
23702
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
23172
23703
"HOWTO</ulink> for more information."
23173
23704
msgstr ""
23174
23705
23175
#: serverguide/C/installation.xml:1174(para)
23706
#: serverguide/C/installation.xml:1167(para)
23176
23707
msgid ""
23177
23708
"Another good article is <ulink "
23178
23709
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
23187
23718
" man page</ulink>."
23188
23719
msgstr ""
23189
23720
23190
#: serverguide/C/installation.xml:1192(title)
23721
#: serverguide/C/installation.xml:1185(title)
23191
23722
msgid "Kernel Crash Dump"
23192
23723
msgstr ""
23193
23724
23194
#: serverguide/C/installation.xml:1199(para)
23725
#: serverguide/C/installation.xml:1192(para)
23195
23726
msgid "Kernel Panic"
23196
23727
msgstr ""
23197
23728
23198
#: serverguide/C/installation.xml:1200(para)
23729
#: serverguide/C/installation.xml:1193(para)
23199
23730
msgid "Non Maskable Interrupts (NMI)"
23200
23731
msgstr ""
23201
23732
23202
#: serverguide/C/installation.xml:1201(para)
23733
#: serverguide/C/installation.xml:1194(para)
23203
23734
msgid "Machine Check Exceptions (MCE)"
23204
23735
msgstr ""
23205
23736
23206
#: serverguide/C/installation.xml:1202(para)
23737
#: serverguide/C/installation.xml:1195(para)
23207
23738
msgid "Hardware failure"
23208
23739
msgstr ""
23209
23740
23210
#: serverguide/C/installation.xml:1203(para)
23741
#: serverguide/C/installation.xml:1196(para)
23211
23742
msgid "Manual intervention"
23212
23743
msgstr ""
23213
23744
23214
#: serverguide/C/installation.xml:1195(para)
23745
#: serverguide/C/installation.xml:1188(para)
23215
23746
msgid ""
23216
23747
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
23217
23748
"(RAM) that is copied to disk whenever the execution of the kernel is "
23225
23756
"memory contents."
23226
23757
msgstr ""
23227
23758
23228
#: serverguide/C/installation.xml:1212(title)
23759
#: serverguide/C/installation.xml:1205(title)
23229
23760
msgid "Kernel Crash Dump Mechanism"
23230
23761
msgstr ""
23231
23762
23232
#: serverguide/C/installation.xml:1214(para)
23763
#: serverguide/C/installation.xml:1207(para)
23233
23764
msgid ""
23234
23765
"When a kernel panic occurs, the kernel relies on the "
23235
23766
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
23238
23769
"untouched in order to safely copy its contents to storage."
23239
23770
msgstr ""
23240
23771
23241
#: serverguide/C/installation.xml:1223(para)
23772
#: serverguide/C/installation.xml:1216(para)
23242
23773
msgid ""
23243
23774
"The kernel crash dump utility is installed with the following command:"
23244
23775
msgstr ""
23245
23776
23246
#: serverguide/C/installation.xml:1228(command)
23777
#: serverguide/C/installation.xml:1221(command)
23247
23778
msgid "sudo apt-get install linux-crashdump"
23248
23779
msgstr ""
23249
23780
23250
#: serverguide/C/installation.xml:1231(para)
23781
#: serverguide/C/installation.xml:1230(programlisting)
23782
#, no-wrap
23783
msgid ""
23784
"\n"
23785
"USE_KDUMP=1\n"
23786
msgstr ""
23787
23788
#: serverguide/C/installation.xml:1228(para)
23789
msgid ""
23790
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
23791
"line: <placeholder-1/>"
23792
msgstr ""
23793
23794
#: serverguide/C/installation.xml:1235(para)
23251
23795
msgid "A reboot is then needed."
23252
23796
msgstr ""
23253
23797
23254
#: serverguide/C/installation.xml:1239(para)
23255
msgid ""
23256
"No further configuration is required in order to have the kernel dump "
23257
"mechanism enabled."
23258
msgstr ""
23259
23260
#: serverguide/C/installation.xml:1248(para)
23798
#: serverguide/C/installation.xml:1244(para)
23261
23799
msgid ""
23262
23800
"To confirm that the kernel dump mechanism is enabled, there are a few things "
23263
23801
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
23265
23803
"fit the format of this document:"
23266
23804
msgstr ""
23267
23805
23268
#: serverguide/C/installation.xml:1255(command)
23806
#: serverguide/C/installation.xml:1251(command)
23269
23807
msgid "cat /proc/cmdline"
23270
23808
msgstr ""
23271
23809
23272
#: serverguide/C/installation.xml:1256(computeroutput)
23810
#: serverguide/C/installation.xml:1252(computeroutput)
23273
23811
#, no-wrap
23274
23812
msgid ""
23275
23813
"\n"
23277
23815
" crashkernel=384M-2G:64M,2G-:128M\n"
23278
23816
msgstr ""
23279
23817
23280
#: serverguide/C/installation.xml:1264(programlisting)
23818
#: serverguide/C/installation.xml:1260(programlisting)
23281
23819
#, no-wrap
23282
23820
msgid ""
23283
23821
"\n"
23287
23825
" "
23288
23826
msgstr ""
23289
23827
23290
#: serverguide/C/installation.xml:1262(para)
23828
#: serverguide/C/installation.xml:1258(para)
23291
23829
msgid ""
23292
23830
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
23293
23831
"<placeholder-1/>"
23294
23832
msgstr ""
23295
23833
23296
#: serverguide/C/installation.xml:1272(programlisting)
23834
#: serverguide/C/installation.xml:1268(programlisting)
23297
23835
#, no-wrap
23298
23836
msgid ""
23299
23837
"\n"
23300
23838
"crashkernel=384M-2G:64M,2G-:128M\n"
23301
23839
msgstr ""
23302
23840
23303
#: serverguide/C/installation.xml:1270(para)
23841
#: serverguide/C/installation.xml:1266(para)
23304
23842
msgid ""
23305
23843
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
23306
23844
"we would have : <placeholder-1/>"
23307
23845
msgstr ""
23308
23846
23309
#: serverguide/C/installation.xml:1277(para)
23847
#: serverguide/C/installation.xml:1273(para)
23310
23848
msgid "The above value means:"
23311
23849
msgstr ""
23312
23850
23313
#: serverguide/C/installation.xml:1279(para)
23851
#: serverguide/C/installation.xml:1275(para)
23314
23852
msgid ""
23315
23853
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
23316
23854
"\"rescue\" case)"
23317
23855
msgstr ""
23318
23856
23319
#: serverguide/C/installation.xml:1281(para)
23857
#: serverguide/C/installation.xml:1277(para)
23320
23858
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
23321
23859
msgstr ""
23322
23860
23323
#: serverguide/C/installation.xml:1282(para)
23861
#: serverguide/C/installation.xml:1278(para)
23324
23862
msgid "if the RAM size is larger than 2G, then reserve 128M"
23325
23863
msgstr ""
23326
23864
23327
#: serverguide/C/installation.xml:1285(para)
23865
#: serverguide/C/installation.xml:1281(para)
23328
23866
msgid ""
23329
23867
"Second, verify that the kernel has reserved the requested memory area for "
23330
23868
"the kdump kernel by doing:"
23331
23869
msgstr ""
23332
23870
23333
#: serverguide/C/installation.xml:1290(command)
23871
#: serverguide/C/installation.xml:1286(command)
23334
23872
msgid "dmesg | grep -i crash"
23335
23873
msgstr ""
23336
23874
23337
#: serverguide/C/installation.xml:1291(computeroutput)
23875
#: serverguide/C/installation.xml:1287(computeroutput)
23338
23876
#, no-wrap
23339
23877
msgid ""
23340
23878
"\n"
23343
23881
"RAM: 1023MB)\n"
23344
23882
msgstr ""
23345
23883
23346
#: serverguide/C/installation.xml:1300(title)
23884
#: serverguide/C/installation.xml:1296(title)
23347
23885
msgid "Testing the Crash Dump Mechanism"
23348
23886
msgstr ""
23349
23887
23350
#: serverguide/C/installation.xml:1303(para)
23888
#: serverguide/C/installation.xml:1299(para)
23351
23889
msgid ""
23352
23890
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
23353
23891
"reboot.</emphasis> In certain situations, this can cause data loss if the "
23355
23893
"that the system is idle or under very light load."
23356
23894
msgstr ""
23357
23895
23358
#: serverguide/C/installation.xml:1310(para)
23896
#: serverguide/C/installation.xml:1306(para)
23359
23897
msgid ""
23360
23898
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
23361
23899
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
23362
23900
"parameter :"
23363
23901
msgstr ""
23364
23902
23365
#: serverguide/C/installation.xml:1316(command)
23903
#: serverguide/C/installation.xml:1312(command)
23366
23904
msgid "cat /proc/sys/kernel/sysrq"
23367
23905
msgstr ""
23368
23906
23369
#: serverguide/C/installation.xml:1319(para)
23907
#: serverguide/C/installation.xml:1315(para)
23370
23908
msgid ""
23371
23909
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
23372
23910
"Enable it with the following command :"
23373
23911
msgstr ""
23374
23912
23375
#: serverguide/C/installation.xml:1324(command)
23913
#: serverguide/C/installation.xml:1320(command)
23376
23914
msgid "sudo sysctl -w kernel.sysrq=1"
23377
23915
msgstr ""
23378
23916
23379
#: serverguide/C/installation.xml:1327(para)
23917
#: serverguide/C/installation.xml:1323(para)
23380
23918
msgid ""
23381
23919
"Once this is done, you must become root, as just using "
23382
23920
"<command>sudo</command> will not be sufficient. As the "
23387
23925
"the advantage of making the kernel dump process visible."
23388
23926
msgstr ""
23389
23927
23390
#: serverguide/C/installation.xml:1334(para)
23928
#: serverguide/C/installation.xml:1330(para)
23391
23929
msgid "A typical test output should look like the following :"
23392
23930
msgstr ""
23393
23931
23394
#: serverguide/C/installation.xml:1339(command)
23932
#: serverguide/C/installation.xml:1335(command)
23395
23933
msgid "sudo -s"
23396
23934
msgstr ""
23397
23935
23398
#: serverguide/C/installation.xml:1341(command)
23936
#: serverguide/C/installation.xml:1337(command)
23399
23937
msgid "echo c > /proc/sysrq-trigger"
23400
23938
msgstr ""
23401
23939
23402
#: serverguide/C/installation.xml:1338(screen)
23940
#: serverguide/C/installation.xml:1334(screen)
23403
23941
#, no-wrap
23404
23942
msgid ""
23405
23943
"\n"
23416
23954
"....\n"
23417
23955
msgstr ""
23418
23956
23419
#: serverguide/C/installation.xml:1351(para)
23957
#: serverguide/C/installation.xml:1347(para)
23420
23958
msgid ""
23421
23959
"The rest of the output is truncated, but you should see the system rebooting "
23422
23960
"and somewhere in the log, you will see the following line : <screen>Begin: "
23425
23963
"file in the <filename>/var/crash</filename> directory :"
23426
23964
msgstr ""
23427
23965
23428
#: serverguide/C/installation.xml:1358(command)
23966
#: serverguide/C/installation.xml:1354(command)
23429
23967
msgid "ls /var/crash"
23430
23968
msgstr ""
23431
23969
23432
#: serverguide/C/installation.xml:1357(screen)
23970
#: serverguide/C/installation.xml:1353(screen)
23433
23971
#, no-wrap
23434
23972
msgid ""
23435
23973
"\n"
23437
23975
"linux-image-3.0.0-12-server.0.crash\n"
23438
23976
msgstr ""
23439
23977
23440
#: serverguide/C/installation.xml:1367(para)
23978
#: serverguide/C/installation.xml:1363(para)
23441
23979
msgid ""
23442
23980
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
23443
23981
"kernel. You can find more information on the topic here :"
23444
23982
msgstr ""
23445
23983
23446
#: serverguide/C/installation.xml:1373(para)
23984
#: serverguide/C/installation.xml:1369(para)
23447
23985
msgid ""
23448
23986
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
23449
23987
"kernel documentation</ulink>."
23450
23988
msgstr ""
23451
23989
23452
#: serverguide/C/installation.xml:1379(ulink)
23990
#: serverguide/C/installation.xml:1375(ulink)
23453
23991
msgid "The crash tool"
23454
23992
msgstr ""
23455
23993
23456
#: serverguide/C/installation.xml:1383(para)
23994
#: serverguide/C/installation.xml:1379(para)
23457
23995
msgid ""
23458
23996
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
23459
23997
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
23927
24465
"as follows:"
23928
24466
msgstr ""
23929
24467
23930
#: serverguide/C/file-server.xml:429(programlisting)
24468
#: serverguide/C/file-server.xml:430(programlisting)
23931
24469
#, no-wrap
23932
24470
msgid ""
23933
24471
"\n"
23935
24473
"rsize=8192,wsize=8192,timeo=14,intr\n"
23936
24474
msgstr ""
23937
24475
23938
#: serverguide/C/file-server.xml:433(para)
24476
#: serverguide/C/file-server.xml:434(para)
23939
24477
msgid ""
23940
24478
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
23941
24479
"common</application> package is installed on your client. To install "
23945
24483
"</screen>"
23946
24484
msgstr ""
23947
24485
23948
#: serverguide/C/file-server.xml:446(ulink)
24486
#: serverguide/C/file-server.xml:447(ulink)
23949
24487
msgid "Linux NFS faq"
23950
24488
msgstr ""
23951
24489
23952
#: serverguide/C/file-server.xml:448(ulink)
24490
#: serverguide/C/file-server.xml:449(ulink)
23953
24491
msgid "Ubuntu Wiki NFS Howto"
23954
24492
msgstr ""
23955
24493
23956
#: serverguide/C/file-server.xml:454(title)
24494
#: serverguide/C/file-server.xml:455(title)
23957
24495
msgid "iSCSI Initiator"
23958
24496
msgstr ""
23959
24497
23960
#: serverguide/C/file-server.xml:456(para)
24498
#: serverguide/C/file-server.xml:457(para)
23961
24499
msgid ""
23962
24500
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
23963
24501
"protocol that allows SCSI commands to be transmitted over a network. "
23977
24515
"your vendor documentation to configure your specific iSCSI target."
23978
24516
msgstr ""
23979
24517
23980
#: serverguide/C/file-server.xml:470(title)
24518
#: serverguide/C/file-server.xml:471(title)
23981
24519
msgid "iSCSI Initiator Install"
23982
24520
msgstr ""
23983
24521
23984
#: serverguide/C/file-server.xml:472(para)
24522
#: serverguide/C/file-server.xml:473(para)
23985
24523
msgid ""
23986
24524
"To configure Ubuntu Server as an iSCSI initiator install the "
23987
24525
"<application>open-iscsi</application> package. In a terminal enter:"
23988
24526
msgstr ""
23989
24527
23990
#: serverguide/C/file-server.xml:477(command)
24528
#: serverguide/C/file-server.xml:478(command)
23991
24529
msgid "sudo apt-get install open-iscsi"
23992
24530
msgstr ""
23993
24531
23994
#: serverguide/C/file-server.xml:482(title)
24532
#: serverguide/C/file-server.xml:483(title)
23995
24533
msgid "iSCSI Initiator Configuration"
23996
24534
msgstr ""
23997
24535
23998
#: serverguide/C/file-server.xml:484(para)
24536
#: serverguide/C/file-server.xml:485(para)
23999
24537
msgid ""
24000
24538
"Once the <application>open-iscsi</application> package is installed, edit "
24001
24539
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24002
24540
msgstr ""
24003
24541
24004
#: serverguide/C/file-server.xml:488(programlisting)
24542
#: serverguide/C/file-server.xml:489(programlisting)
24005
24543
#, no-wrap
24006
24544
msgid ""
24007
24545
"\n"
24008
24546
"node.startup = automatic\n"
24009
24547
msgstr ""
24010
24548
24011
#: serverguide/C/file-server.xml:492(para)
24549
#: serverguide/C/file-server.xml:493(para)
24012
24550
msgid ""
24013
24551
"You can check which targets are available by using the "
24014
24552
"<application>iscsiadm</application> utility. Enter the following in a "
24015
24553
"terminal:"
24016
24554
msgstr ""
24017
24555
24018
#: serverguide/C/file-server.xml:497(command)
24556
#: serverguide/C/file-server.xml:498(command)
24019
24557
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24020
24558
msgstr ""
24021
24559
24022
#: serverguide/C/file-server.xml:501(para)
24560
#: serverguide/C/file-server.xml:502(para)
24023
24561
msgid ""
24024
24562
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24025
24563
msgstr ""
24026
24564
24027
#: serverguide/C/file-server.xml:502(para)
24565
#: serverguide/C/file-server.xml:503(para)
24028
24566
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24029
24567
msgstr ""
24030
24568
24031
#: serverguide/C/file-server.xml:503(para)
24569
#: serverguide/C/file-server.xml:504(para)
24032
24570
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24033
24571
msgstr ""
24034
24572
24035
#: serverguide/C/file-server.xml:507(para)
24573
#: serverguide/C/file-server.xml:508(para)
24036
24574
msgid ""
24037
24575
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24038
24576
"your network."
24039
24577
msgstr ""
24040
24578
24041
#: serverguide/C/file-server.xml:512(para)
24579
#: serverguide/C/file-server.xml:513(para)
24042
24580
msgid ""
24043
24581
"If the target is available you should see output similar to the following:"
24044
24582
msgstr ""
24045
24583
24046
#: serverguide/C/file-server.xml:517(computeroutput)
24584
#: serverguide/C/file-server.xml:518(computeroutput)
24047
24585
#, no-wrap
24048
24586
msgid ""
24049
24587
"\n"
24050
24588
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24051
24589
msgstr ""
24052
24590
24053
#: serverguide/C/file-server.xml:523(para)
24591
#: serverguide/C/file-server.xml:524(para)
24054
24592
msgid ""
24055
24593
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24056
24594
"on your hardware."
24057
24595
msgstr ""
24058
24596
24059
#: serverguide/C/file-server.xml:528(para)
24597
#: serverguide/C/file-server.xml:529(para)
24060
24598
msgid ""
24061
24599
"You should now be able to connect to the iSCSI target, and depending on your "
24062
24600
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24063
24601
msgstr ""
24064
24602
24065
#: serverguide/C/file-server.xml:534(command)
24603
#: serverguide/C/file-server.xml:535(command)
24066
24604
msgid "sudo iscsiadm -m node --login"
24067
24605
msgstr ""
24068
24606
24069
#: serverguide/C/file-server.xml:537(para)
24607
#: serverguide/C/file-server.xml:538(para)
24070
24608
msgid ""
24071
24609
"Check to make sure that the new disk has been detected using "
24072
24610
"<application>dmesg</application>:"
24073
24611
msgstr ""
24074
24612
24075
#: serverguide/C/file-server.xml:542(command)
24613
#: serverguide/C/file-server.xml:543(command)
24076
24614
msgid "dmesg | grep sd"
24077
24615
msgstr ""
24078
24616
24079
#: serverguide/C/file-server.xml:543(computeroutput)
24617
#: serverguide/C/file-server.xml:544(computeroutput)
24080
24618
#, no-wrap
24081
24619
msgid ""
24082
24620
"\n"
24105
24643
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
24106
24644
msgstr ""
24107
24645
24108
#: serverguide/C/file-server.xml:567(para)
24646
#: serverguide/C/file-server.xml:568(para)
24109
24647
msgid ""
24110
24648
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
24111
24649
"this is just an example; the output you see on your screen will vary."
24112
24650
msgstr ""
24113
24651
24114
#: serverguide/C/file-server.xml:572(para)
24652
#: serverguide/C/file-server.xml:573(para)
24115
24653
msgid ""
24116
24654
"Next, create a partition, format the file system, and mount the new iSCSI "
24117
24655
"disk. In a terminal enter:"
24118
24656
msgstr ""
24119
24657
24120
#: serverguide/C/file-server.xml:577(command)
24658
#: serverguide/C/file-server.xml:578(command)
24121
24659
msgid "sudo fdisk /dev/sdb"
24122
24660
msgstr ""
24123
24661
24124
#: serverguide/C/file-server.xml:578(command)
24662
#: serverguide/C/file-server.xml:579(command)
24125
24663
msgid "n"
24126
24664
msgstr ""
24127
24665
24128
#: serverguide/C/file-server.xml:579(command)
24666
#: serverguide/C/file-server.xml:580(command)
24129
24667
msgid "p"
24130
24668
msgstr ""
24131
24669
24132
#: serverguide/C/file-server.xml:580(command)
24670
#: serverguide/C/file-server.xml:581(command)
24133
24671
msgid "enter"
24134
24672
msgstr ""
24135
24673
24136
#: serverguide/C/file-server.xml:581(command)
24674
#: serverguide/C/file-server.xml:582(command)
24137
24675
msgid "w"
24138
24676
msgstr ""
24139
24677
24140
#: serverguide/C/file-server.xml:585(para)
24678
#: serverguide/C/file-server.xml:586(para)
24141
24679
msgid ""
24142
24680
"The above commands are from inside the <application>fdisk</application> "
24143
24681
"utility; see <command>man fdisk</command> for more detailed instructions. "
24145
24683
"friendly."
24146
24684
msgstr ""
24147
24685
24148
#: serverguide/C/file-server.xml:591(para)
24686
#: serverguide/C/file-server.xml:592(para)
24149
24687
msgid ""
24150
24688
"Now format the file system and mount it to <filename>/srv</filename> as an "
24151
24689
"example:"
24152
24690
msgstr ""
24153
24691
24154
#: serverguide/C/file-server.xml:596(command)
24692
#: serverguide/C/file-server.xml:597(command)
24155
24693
msgid "sudo mkfs.ext4 /dev/sdb1"
24156
24694
msgstr ""
24157
24695
24158
#: serverguide/C/file-server.xml:597(command)
24696
#: serverguide/C/file-server.xml:598(command)
24159
24697
msgid "sudo mount /dev/sdb1 /srv"
24160
24698
msgstr ""
24161
24699
24162
#: serverguide/C/file-server.xml:601(para)
24700
#: serverguide/C/file-server.xml:602(para)
24163
24701
msgid ""
24164
24702
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
24165
24703
"drive during boot:"
24166
24704
msgstr ""
24167
24705
24168
#: serverguide/C/file-server.xml:605(programlisting)
24706
#: serverguide/C/file-server.xml:606(programlisting)
24169
24707
#, no-wrap
24170
24708
msgid ""
24171
24709
"\n"
24172
24710
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
24173
24711
msgstr ""
24174
24712
24175
#: serverguide/C/file-server.xml:609(para)
24713
#: serverguide/C/file-server.xml:610(para)
24176
24714
msgid ""
24177
24715
"It is a good idea to make sure everything is working as expected by "
24178
24716
"rebooting the server."
24179
24717
msgstr ""
24180
24718
24181
#: serverguide/C/file-server.xml:618(ulink)
24719
#: serverguide/C/file-server.xml:619(ulink)
24182
24720
msgid "Open-iSCSI Website"
24183
24721
msgstr ""
24184
24722
24185
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
24723
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
24186
24724
msgid "Debian Open-iSCSI page"
24187
24725
msgstr ""
24188
24726
24189
#: serverguide/C/file-server.xml:628(title)
24727
#: serverguide/C/file-server.xml:629(title)
24190
24728
msgid "CUPS - Print Server"
24191
24729
msgstr ""
24192
24730
24193
#: serverguide/C/file-server.xml:629(para)
24731
#: serverguide/C/file-server.xml:630(para)
24194
24732
msgid ""
24195
24733
"The primary mechanism for Ubuntu printing and print services is the "
24196
24734
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
24198
24736
"become the new standard for printing in most Linux distributions."
24199
24737
msgstr ""
24200
24738
24201
#: serverguide/C/file-server.xml:636(para)
24739
#: serverguide/C/file-server.xml:637(para)
24202
24740
msgid ""
24203
24741
"CUPS manages print jobs and queues and provides network printing using the "
24204
24742
"standard Internet Printing Protocol (IPP), while offering support for a very "
24208
24746
"administration tool."
24209
24747
msgstr ""
24210
24748
24211
#: serverguide/C/file-server.xml:646(para)
24749
#: serverguide/C/file-server.xml:647(para)
24212
24750
msgid ""
24213
24751
"To install CUPS on your Ubuntu computer, simply use "
24214
24752
"<application>sudo</application> with the <application>apt-get</application> "
24218
24756
"CUPS:"
24219
24757
msgstr ""
24220
24758
24221
#: serverguide/C/file-server.xml:651(command)
24759
#: serverguide/C/file-server.xml:652(command)
24222
24760
msgid "sudo apt-get install cups"
24223
24761
msgstr ""
24224
24762
24225
#: serverguide/C/file-server.xml:654(para)
24763
#: serverguide/C/file-server.xml:655(para)
24226
24764
msgid ""
24227
24765
"Upon authenticating with your user password, the packages should be "
24228
24766
"downloaded and installed without error. Upon the conclusion of installation, "
24229
24767
"the CUPS server will be started automatically."
24230
24768
msgstr ""
24231
24769
24232
#: serverguide/C/file-server.xml:659(para)
24770
#: serverguide/C/file-server.xml:660(para)
24233
24771
msgid ""
24234
24772
"For troubleshooting purposes, you can access CUPS server errors via the "
24235
24773
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
24242
24780
"from becoming overly large."
24243
24781
msgstr ""
24244
24782
24245
#: serverguide/C/file-server.xml:672(para)
24783
#: serverguide/C/file-server.xml:673(para)
24246
24784
msgid ""
24247
24785
"The Common UNIX Printing System server's behavior is configured through the "
24248
24786
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
24253
24791
"initially will be presented here."
24254
24792
msgstr ""
24255
24793
24256
#: serverguide/C/file-server.xml:682(para)
24794
#: serverguide/C/file-server.xml:683(para)
24257
24795
msgid ""
24258
24796
"Prior to editing the configuration file, you should make a copy of the "
24259
24797
"original file and protect it from writing, so you will have the original "
24260
24798
"settings as a reference, and to reuse as necessary."
24261
24799
msgstr ""
24262
24800
24263
#: serverguide/C/file-server.xml:686(para)
24801
#: serverguide/C/file-server.xml:687(para)
24264
24802
msgid ""
24265
24803
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
24266
24804
"writing with the following commands, issued at a terminal prompt:"
24267
24805
msgstr ""
24268
24806
24269
#: serverguide/C/file-server.xml:692(command)
24807
#: serverguide/C/file-server.xml:693(command)
24270
24808
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
24271
24809
msgstr ""
24272
24810
24273
#: serverguide/C/file-server.xml:693(command)
24811
#: serverguide/C/file-server.xml:694(command)
24274
24812
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
24275
24813
msgstr ""
24276
24814
24277
#: serverguide/C/file-server.xml:698(para)
24815
#: serverguide/C/file-server.xml:699(para)
24278
24816
msgid ""
24279
24817
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
24280
24818
"address of the designated administrator of the CUPS server, simply edit the "
24286
24824
"as such:"
24287
24825
msgstr ""
24288
24826
24289
#: serverguide/C/file-server.xml:709(screen)
24827
#: serverguide/C/file-server.xml:710(screen)
24290
24828
#, no-wrap
24291
24829
msgid ""
24292
24830
"\n"
24293
24831
"ServerAdmin bjoy@somebigco.com\n"
24294
24832
msgstr ""
24295
24833
24296
#: serverguide/C/file-server.xml:715(para)
24834
#: serverguide/C/file-server.xml:716(para)
24297
24835
msgid ""
24298
24836
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
24299
24837
"server installation listens only on the loopback interface at IP address "
24308
24846
"such:"
24309
24847
msgstr ""
24310
24848
24311
#: serverguide/C/file-server.xml:729(screen)
24849
#: serverguide/C/file-server.xml:730(screen)
24312
24850
#, no-wrap
24313
24851
msgid ""
24314
24852
"\n"
24318
24856
"(IPP)\n"
24319
24857
msgstr ""
24320
24858
24321
#: serverguide/C/file-server.xml:735(para)
24859
#: serverguide/C/file-server.xml:736(para)
24322
24860
msgid ""
24323
24861
"In the example above, you may comment out or remove the reference to the "
24324
24862
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
24329
24867
"<emphasis>socrates</emphasis> as such:"
24330
24868
msgstr ""
24331
24869
24332
#: serverguide/C/file-server.xml:745(screen)
24870
#: serverguide/C/file-server.xml:746(screen)
24333
24871
#, no-wrap
24334
24872
msgid ""
24335
24873
"\n"
24336
24874
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
24337
24875
msgstr ""
24338
24876
24339
#: serverguide/C/file-server.xml:749(para)
24877
#: serverguide/C/file-server.xml:750(para)
24340
24878
msgid ""
24341
24879
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
24342
24880
"instead, as in:"
24343
24881
msgstr ""
24344
24882
24345
#: serverguide/C/file-server.xml:751(screen)
24883
#: serverguide/C/file-server.xml:752(screen)
24346
24884
#, no-wrap
24347
24885
msgid ""
24348
24886
"\n"
24349
24887
"Port 631 # Listen on port 631 on all interfaces\n"
24350
24888
msgstr ""
24351
24889
24352
#: serverguide/C/file-server.xml:758(para)
24890
#: serverguide/C/file-server.xml:759(para)
24353
24891
msgid ""
24354
24892
"For more examples of configuration directives in the CUPS server "
24355
24893
"configuration file, view the associated system manual page by entering the "
24356
24894
"following command at a terminal prompt:"
24357
24895
msgstr ""
24358
24896
24359
#: serverguide/C/file-server.xml:765(command)
24897
#: serverguide/C/file-server.xml:766(command)
24360
24898
msgid "man cupsd.conf"
24361
24899
msgstr ""
24362
24900
24363
#: serverguide/C/file-server.xml:769(para)
24901
#: serverguide/C/file-server.xml:770(para)
24364
24902
msgid ""
24365
24903
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
24366
24904
"configuration file, you'll need to restart the CUPS server by typing the "
24371
24909
msgid "sudo service cups restart"
24372
24910
msgstr ""
24373
24911
24374
#: serverguide/C/file-server.xml:781(title)
24912
#: serverguide/C/file-server.xml:782(title)
24375
24913
msgid "Web Interface"
24376
24914
msgstr ""
24377
24915
24378
#: serverguide/C/file-server.xml:783(para)
24916
#: serverguide/C/file-server.xml:784(para)
24379
24917
msgid ""
24380
24918
"CUPS can be configured and monitored using a web interface, which by default "
24381
24919
"is available at <ulink "
24383
24921
"web interface can be used to perform all printer management tasks."
24384
24922
msgstr ""
24385
24923
24386
#: serverguide/C/file-server.xml:787(para)
24924
#: serverguide/C/file-server.xml:788(para)
24387
24925
msgid ""
24388
24926
"In order to perform administrative tasks via the web interface, you must "
24389
24927
"either have the root account enabled on your server, or authenticate as a "
24391
24929
"reasons, CUPS won't authenticate a user that doesn't have a password."
24392
24930
msgstr ""
24393
24931
24394
#: serverguide/C/file-server.xml:790(para)
24932
#: serverguide/C/file-server.xml:791(para)
24395
24933
msgid ""
24396
24934
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
24397
24935
"at the terminal prompt: <screen>\n"
24399
24937
"</screen>"
24400
24938
msgstr ""
24401
24939
24402
#: serverguide/C/file-server.xml:796(para)
24940
#: serverguide/C/file-server.xml:797(para)
24403
24941
msgid ""
24404
24942
"Further documentation is available in the <emphasis "
24405
24943
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
24406
24944
msgstr ""
24407
24945
24408
#: serverguide/C/file-server.xml:804(ulink)
24946
#: serverguide/C/file-server.xml:805(ulink)
24409
24947
msgid "CUPS Website"
24410
24948
msgstr ""
24411
24949
24536
25074
"prompt:"
24537
25075
msgstr ""
24538
25076
24539
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25077
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
24540
25078
msgid "sudo service bind9 restart"
24541
25079
msgstr ""
24542
25080
24586
25124
"command below.)"
24587
25125
msgstr ""
24588
25126
24589
#: serverguide/C/dns.xml:145(para)
25127
#: serverguide/C/dns.xml:141(para)
24590
25128
msgid ""
24591
25129
"Now use an existing zone file as a template to create the "
24592
25130
"<filename>/etc/bind/db.example.com</filename> file:"
24593
25131
msgstr ""
24594
25132
24595
#: serverguide/C/dns.xml:149(command)
25133
#: serverguide/C/dns.xml:145(command)
24596
25134
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
24597
25135
msgstr ""
24598
25136
24599
#: serverguide/C/dns.xml:151(para)
25137
#: serverguide/C/dns.xml:147(para)
24600
25138
msgid ""
24601
25139
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
24602
25140
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
24607
25145
"this file is for."
24608
25146
msgstr ""
24609
25147
24610
#: serverguide/C/dns.xml:158(para)
25148
#: serverguide/C/dns.xml:154(para)
24611
25149
msgid ""
24612
25150
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
24613
25151
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
24615
25153
"the name server in this example:"
24616
25154
msgstr ""
24617
25155
24618
#: serverguide/C/dns.xml:163(programlisting)
25156
#: serverguide/C/dns.xml:159(programlisting)
24619
25157
#, no-wrap
24620
25158
msgid ""
24621
25159
"\n"
24637
25175
"ns IN A 192.168.1.10\n"
24638
25176
msgstr ""
24639
25177
24640
#: serverguide/C/dns.xml:181(para)
25178
#: serverguide/C/dns.xml:177(para)
24641
25179
msgid ""
24642
25180
"You must increment the <emphasis>Serial Number</emphasis> every time you "
24643
25181
"make changes to the zone file. If you make multiple changes before "
24644
25182
"restarting BIND9, simply increment the Serial once."
24645
25183
msgstr ""
24646
25184
24647
#: serverguide/C/dns.xml:185(para)
25185
#: serverguide/C/dns.xml:181(para)
24648
25186
msgid ""
24649
25187
"Now, you can add DNS records to the bottom of the zone file. See <xref "
24650
25188
"linkend=\"dns-record-types\"/> for details."
24651
25189
msgstr ""
24652
25190
24653
#: serverguide/C/dns.xml:189(para)
25191
#: serverguide/C/dns.xml:185(para)
24654
25192
msgid ""
24655
25193
"Many admins like to use the last date edited as the serial of a zone, such "
24656
25194
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
24657
25195
"<emphasis>ss</emphasis> is the Serial Number)"
24658
25196
msgstr ""
24659
25197
24660
#: serverguide/C/dns.xml:194(para)
25198
#: serverguide/C/dns.xml:190(para)
24661
25199
msgid ""
24662
25200
"Once you have made changes to the zone file <application>BIND9</application> "
24663
25201
"needs to be restarted for the changes to take effect:"
24664
25202
msgstr ""
24665
25203
24666
#: serverguide/C/dns.xml:203(title)
25204
#: serverguide/C/dns.xml:199(title)
24667
25205
msgid "Reverse Zone File"
24668
25206
msgstr ""
24669
25207
24670
#: serverguide/C/dns.xml:204(para)
25208
#: serverguide/C/dns.xml:200(para)
24671
25209
msgid ""
24672
25210
"Now that the zone is setup and resolving names to IP Adresses a "
24673
25211
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
24674
25212
"DNS to resolve an address to a name."
24675
25213
msgstr ""
24676
25214
24677
#: serverguide/C/dns.xml:208(para)
25215
#: serverguide/C/dns.xml:204(para)
24678
25216
msgid "Edit /etc/bind/named.conf.local and add the following:"
24679
25217
msgstr ""
24680
25218
24681
#: serverguide/C/dns.xml:211(programlisting)
25219
#: serverguide/C/dns.xml:207(programlisting)
24682
25220
#, no-wrap
24683
25221
msgid ""
24684
25222
"\n"
24688
25226
"};\n"
24689
25227
msgstr ""
24690
25228
24691
#: serverguide/C/dns.xml:218(para)
25229
#: serverguide/C/dns.xml:214(para)
24692
25230
msgid ""
24693
25231
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
24694
25232
"whatever network you are using. Also, name the zone file "
24696
25234
"first octet of your network."
24697
25235
msgstr ""
24698
25236
24699
#: serverguide/C/dns.xml:223(para)
25237
#: serverguide/C/dns.xml:219(para)
24700
25238
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
24701
25239
msgstr ""
24702
25240
24703
#: serverguide/C/dns.xml:227(command)
25241
#: serverguide/C/dns.xml:223(command)
24704
25242
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
24705
25243
msgstr ""
24706
25244
24707
#: serverguide/C/dns.xml:229(para)
25245
#: serverguide/C/dns.xml:225(para)
24708
25246
msgid ""
24709
25247
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
24710
25248
"same options as <filename>/etc/bind/db.example.com</filename>:"
24711
25249
msgstr ""
24712
25250
24713
#: serverguide/C/dns.xml:233(programlisting)
25251
#: serverguide/C/dns.xml:229(programlisting)
24714
25252
#, no-wrap
24715
25253
msgid ""
24716
25254
"\n"
24729
25267
"10 IN PTR ns.example.com.\n"
24730
25268
msgstr ""
24731
25269
24732
#: serverguide/C/dns.xml:248(para)
25270
#: serverguide/C/dns.xml:244(para)
24733
25271
msgid ""
24734
25272
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
24735
25273
"incremented on each change as well. For each <emphasis>A record</emphasis> "
24738
25276
"<filename>/etc/bind/db.192</filename>."
24739
25277
msgstr ""
24740
25278
24741
#: serverguide/C/dns.xml:253(para)
25279
#: serverguide/C/dns.xml:249(para)
24742
25280
msgid ""
24743
25281
"After creating the reverse zone file restart "
24744
25282
"<application>BIND9</application>:"
24745
25283
msgstr ""
24746
25284
24747
#: serverguide/C/dns.xml:262(title)
25285
#: serverguide/C/dns.xml:258(title)
24748
25286
msgid "Secondary Master"
24749
25287
msgstr ""
24750
25288
24751
#: serverguide/C/dns.xml:263(para)
25289
#: serverguide/C/dns.xml:259(para)
24752
25290
msgid ""
24753
25291
"Once a <emphasis>Primary Master</emphasis> has been configured a "
24754
25292
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
24755
25293
"availability of the domain should the Primary become unavailable."
24756
25294
msgstr ""
24757
25295
24758
#: serverguide/C/dns.xml:267(para)
25296
#: serverguide/C/dns.xml:263(para)
24759
25297
msgid ""
24760
25298
"First, on the Primary Master server, the zone transfer needs to be allowed. "
24761
25299
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
24763
25301
"<filename>/etc/bind/named.conf.local</filename>:"
24764
25302
msgstr ""
24765
25303
24766
#: serverguide/C/dns.xml:271(programlisting)
25304
#: serverguide/C/dns.xml:267(programlisting)
24767
25305
#, no-wrap
24768
25306
msgid ""
24769
25307
"\n"
24780
25318
"};\n"
24781
25319
msgstr ""
24782
25320
24783
#: serverguide/C/dns.xml:285(para)
25321
#: serverguide/C/dns.xml:281(para)
24784
25322
msgid ""
24785
25323
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
24786
25324
"Secondary nameserver."
24787
25325
msgstr ""
24788
25326
24789
#: serverguide/C/dns.xml:289(para)
25327
#: serverguide/C/dns.xml:285(para)
24790
25328
msgid "Restart <application>BIND9</application> on the Primary Master:"
24791
25329
msgstr ""
24792
25330
24793
#: serverguide/C/dns.xml:295(para)
25331
#: serverguide/C/dns.xml:291(para)
24794
25332
msgid ""
24795
25333
"Next, on the Secondary Master, install the <application>bind9</application> "
24796
25334
"package the same way as on the Primary. Then edit the "
24798
25336
"declarations for the Forward and Reverse zones:"
24799
25337
msgstr ""
24800
25338
24801
#: serverguide/C/dns.xml:299(programlisting)
25339
#: serverguide/C/dns.xml:295(programlisting)
24802
25340
#, no-wrap
24803
25341
msgid ""
24804
25342
"\n"
24815
25353
"};\n"
24816
25354
msgstr ""
24817
25355
24818
#: serverguide/C/dns.xml:313(para)
25356
#: serverguide/C/dns.xml:309(para)
24819
25357
msgid ""
24820
25358
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
24821
25359
"Primary nameserver."
24822
25360
msgstr ""
24823
25361
24824
#: serverguide/C/dns.xml:317(para)
25362
#: serverguide/C/dns.xml:313(para)
24825
25363
msgid "Restart <application>BIND9</application> on the Secondary Master:"
24826
25364
msgstr ""
24827
25365
24828
#: serverguide/C/dns.xml:323(para)
25366
#: serverguide/C/dns.xml:319(para)
24829
25367
msgid ""
24830
25368
"In <filename>/var/log/syslog</filename> you should see something similar to "
24831
25369
"(some lines have been split to fit the format of this document):"
24832
25370
msgstr ""
24833
25371
24834
#: serverguide/C/dns.xml:326(programlisting)
25372
#: serverguide/C/dns.xml:322(programlisting)
24835
25373
#, no-wrap
24836
25374
msgid ""
24837
25375
"\n"
24856
25394
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
24857
25395
msgstr ""
24858
25396
24859
#: serverguide/C/dns.xml:345(para)
25397
#: serverguide/C/dns.xml:341(para)
24860
25398
msgid ""
24861
25399
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
24862
25400
"on the Primary is larger than the one on the Secondary. If you want to have "
24866
25404
"below:"
24867
25405
msgstr ""
24868
25406
24869
#: serverguide/C/dns.xml:349(programlisting)
25407
#: serverguide/C/dns.xml:345(programlisting)
24870
25408
#, no-wrap
24871
25409
msgid ""
24872
25410
"\n"
24886
25424
"\t"
24887
25425
msgstr ""
24888
25426
24889
#: serverguide/C/dns.xml:365(para)
25427
#: serverguide/C/dns.xml:361(para)
24890
25428
msgid ""
24891
25429
"The default directory for non-authoritative zone files is "
24892
25430
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
24895
25433
"on AppArmor see <xref linkend=\"apparmor\"/>."
24896
25434
msgstr ""
24897
25435
24898
#: serverguide/C/dns.xml:376(para)
25436
#: serverguide/C/dns.xml:372(para)
24899
25437
msgid ""
24900
25438
"This section covers ways to help determine the cause when problems happen "
24901
25439
"with DNS and <application>BIND9</application>."
24902
25440
msgstr ""
24903
25441
24904
#: serverguide/C/dns.xml:382(title)
25442
#: serverguide/C/dns.xml:378(title)
24905
25443
msgid "resolv.conf"
24906
25444
msgstr ""
24907
25445
24915
25453
"<filename>/etc/resolv.conf</filename> contains (for this example):"
24916
25454
msgstr ""
24917
25455
24918
#: serverguide/C/dns.xml:389(programlisting)
25456
#: serverguide/C/dns.xml:384(programlisting)
24919
25457
#, no-wrap
24920
25458
msgid ""
24921
25459
"\n"
24931
25469
"to RESOLVCONF=yes."
24932
25470
msgstr ""
24933
25471
24934
#: serverguide/C/dns.xml:398(para)
25472
#: serverguide/C/dns.xml:389(para)
24935
25473
msgid ""
24936
25474
"You should also add the IP Address of the Secondary nameserver in case the "
24937
25475
"Primary becomes unavailable."
24938
25476
msgstr ""
24939
25477
24940
#: serverguide/C/dns.xml:404(title)
25478
#: serverguide/C/dns.xml:395(title)
24941
25479
msgid "dig"
24942
25480
msgstr ""
24943
25481
24944
#: serverguide/C/dns.xml:405(para)
25482
#: serverguide/C/dns.xml:396(para)
24945
25483
msgid ""
24946
25484
"If you installed the <application>dnsutils</application> package you can "
24947
25485
"test your setup using the DNS lookup utility <application>dig</application>:"
24948
25486
msgstr ""
24949
25487
24950
#: serverguide/C/dns.xml:411(para)
25488
#: serverguide/C/dns.xml:402(para)
24951
25489
msgid ""
24952
25490
"After installing <application>BIND9</application> use "
24953
25491
"<application>dig</application> against the loopback interface to make sure "
24954
25492
"it is listening on port 53. From a terminal prompt:"
24955
25493
msgstr ""
24956
25494
24957
#: serverguide/C/dns.xml:416(command)
25495
#: serverguide/C/dns.xml:407(command)
24958
25496
msgid "dig -x 127.0.0.1"
24959
25497
msgstr ""
24960
25498
24961
#: serverguide/C/dns.xml:418(para)
25499
#: serverguide/C/dns.xml:409(para)
24962
25500
msgid "You should see lines similar to the following in the command output:"
24963
25501
msgstr ""
24964
25502
24965
#: serverguide/C/dns.xml:421(programlisting)
25503
#: serverguide/C/dns.xml:412(programlisting)
24966
25504
#, no-wrap
24967
25505
msgid ""
24968
25506
"\n"
24970
25508
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
24971
25509
msgstr ""
24972
25510
24973
#: serverguide/C/dns.xml:427(para)
25511
#: serverguide/C/dns.xml:418(para)
24974
25512
msgid ""
24975
25513
"If you have configured <application>BIND9</application> as a "
24976
25514
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
24977
25515
"the query time:"
24978
25516
msgstr ""
24979
25517
24980
#: serverguide/C/dns.xml:432(command)
25518
#: serverguide/C/dns.xml:423(command)
24981
25519
msgid "dig ubuntu.com"
24982
25520
msgstr ""
24983
25521
24984
#: serverguide/C/dns.xml:434(para)
25522
#: serverguide/C/dns.xml:425(para)
24985
25523
msgid "Note the query time toward the end of the command output:"
24986
25524
msgstr ""
24987
25525
24988
#: serverguide/C/dns.xml:437(programlisting)
25526
#: serverguide/C/dns.xml:428(programlisting)
24989
25527
#, no-wrap
24990
25528
msgid ""
24991
25529
"\n"
24992
25530
";; Query time: 49 msec\n"
24993
25531
msgstr ""
24994
25532
24995
#: serverguide/C/dns.xml:440(para)
25533
#: serverguide/C/dns.xml:431(para)
24996
25534
msgid "After a second dig there should be improvement:"
24997
25535
msgstr ""
24998
25536
24999
#: serverguide/C/dns.xml:443(programlisting)
25537
#: serverguide/C/dns.xml:434(programlisting)
25000
25538
#, no-wrap
25001
25539
msgid ""
25002
25540
"\n"
25003
25541
";; Query time: 1 msec\n"
25004
25542
msgstr ""
25005
25543
25006
#: serverguide/C/dns.xml:450(title)
25544
#: serverguide/C/dns.xml:441(title)
25007
25545
msgid "ping"
25008
25546
msgstr ""
25009
25547
25010
#: serverguide/C/dns.xml:452(para)
25548
#: serverguide/C/dns.xml:443(para)
25011
25549
msgid ""
25012
25550
"Now to demonstrate how applications make use of DNS to resolve a host name "
25013
25551
"use the <application>ping</application> utility to send an ICMP echo "
25014
25552
"request. From a terminal prompt enter:"
25015
25553
msgstr ""
25016
25554
25017
#: serverguide/C/dns.xml:458(command)
25555
#: serverguide/C/dns.xml:449(command)
25018
25556
msgid "ping example.com"
25019
25557
msgstr ""
25020
25558
25021
#: serverguide/C/dns.xml:460(para)
25559
#: serverguide/C/dns.xml:451(para)
25022
25560
msgid ""
25023
25561
"This tests if the nameserver can resolve the name "
25024
25562
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25025
25563
"should resemble:"
25026
25564
msgstr ""
25027
25565
25028
#: serverguide/C/dns.xml:464(programlisting)
25566
#: serverguide/C/dns.xml:455(programlisting)
25029
25567
#, no-wrap
25030
25568
msgid ""
25031
25569
"\n"
25034
25572
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
25035
25573
msgstr ""
25036
25574
25037
#: serverguide/C/dns.xml:471(title)
25575
#: serverguide/C/dns.xml:462(title)
25038
25576
msgid "named-checkzone"
25039
25577
msgstr ""
25040
25578
25041
#: serverguide/C/dns.xml:472(para)
25579
#: serverguide/C/dns.xml:463(para)
25042
25580
msgid ""
25043
25581
"A great way to test your zone files is by using the <application>named-"
25044
25582
"checkzone</application> utility installed with the "
25047
25585
"<application>BIND9</application> and making the changes live."
25048
25586
msgstr ""
25049
25587
25050
#: serverguide/C/dns.xml:479(para)
25588
#: serverguide/C/dns.xml:470(para)
25051
25589
msgid ""
25052
25590
"To test our example Forward zone file enter the following from a command "
25053
25591
"prompt:"
25054
25592
msgstr ""
25055
25593
25056
#: serverguide/C/dns.xml:483(command)
25594
#: serverguide/C/dns.xml:474(command)
25057
25595
msgid "named-checkzone example.com /etc/bind/db.example.com"
25058
25596
msgstr ""
25059
25597
25060
#: serverguide/C/dns.xml:485(para)
25598
#: serverguide/C/dns.xml:476(para)
25061
25599
msgid ""
25062
25600
"If everything is configured correctly you should see output similar to:"
25063
25601
msgstr ""
25064
25602
25065
#: serverguide/C/dns.xml:488(programlisting)
25603
#: serverguide/C/dns.xml:479(programlisting)
25066
25604
#, no-wrap
25067
25605
msgid ""
25068
25606
"\n"
25070
25608
"OK\n"
25071
25609
msgstr ""
25072
25610
25073
#: serverguide/C/dns.xml:494(para)
25611
#: serverguide/C/dns.xml:485(para)
25074
25612
msgid "Similarly, to test the Reverse zone file enter the following:"
25075
25613
msgstr ""
25076
25614
25077
#: serverguide/C/dns.xml:498(command)
25615
#: serverguide/C/dns.xml:489(command)
25078
25616
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
25079
25617
msgstr ""
25080
25618
25081
#: serverguide/C/dns.xml:500(para)
25619
#: serverguide/C/dns.xml:491(para)
25082
25620
msgid "The output should be similar to:"
25083
25621
msgstr ""
25084
25622
25085
#: serverguide/C/dns.xml:503(programlisting)
25623
#: serverguide/C/dns.xml:494(programlisting)
25086
25624
#, no-wrap
25087
25625
msgid ""
25088
25626
"\n"
25090
25628
"OK\n"
25091
25629
msgstr ""
25092
25630
25093
#: serverguide/C/dns.xml:510(para)
25631
#: serverguide/C/dns.xml:501(para)
25094
25632
msgid ""
25095
25633
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
25096
25634
"different."
25097
25635
msgstr ""
25098
25636
25099
#: serverguide/C/dns.xml:518(para)
25637
#: serverguide/C/dns.xml:509(para)
25100
25638
msgid ""
25101
25639
"<application>BIND9</application> has a wide variety of logging configuration "
25102
25640
"options available. There are two main options. The "
25104
25642
"<emphasis>category</emphasis> option determines what information to log."
25105
25643
msgstr ""
25106
25644
25107
#: serverguide/C/dns.xml:522(para)
25645
#: serverguide/C/dns.xml:513(para)
25108
25646
msgid "If no logging option is configured the default option is:"
25109
25647
msgstr ""
25110
25648
25111
#: serverguide/C/dns.xml:525(programlisting)
25649
#: serverguide/C/dns.xml:516(programlisting)
25112
25650
#, no-wrap
25113
25651
msgid ""
25114
25652
"\n"
25118
25656
"};\n"
25119
25657
msgstr ""
25120
25658
25121
#: serverguide/C/dns.xml:531(para)
25659
#: serverguide/C/dns.xml:522(para)
25122
25660
msgid ""
25123
25661
"This section covers configuring <application>BIND9</application> to send "
25124
25662
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
25125
25663
"file."
25126
25664
msgstr ""
25127
25665
25128
#: serverguide/C/dns.xml:536(para)
25666
#: serverguide/C/dns.xml:527(para)
25129
25667
msgid ""
25130
25668
"First, we need to configure a channel to specify which file to send the "
25131
25669
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
25132
25670
"the following:"
25133
25671
msgstr ""
25134
25672
25135
#: serverguide/C/dns.xml:540(programlisting)
25673
#: serverguide/C/dns.xml:531(programlisting)
25136
25674
#, no-wrap
25137
25675
msgid ""
25138
25676
"\n"
25144
25682
"};\n"
25145
25683
msgstr ""
25146
25684
25147
#: serverguide/C/dns.xml:550(para)
25685
#: serverguide/C/dns.xml:541(para)
25148
25686
msgid "Next, configure a category to send all DNS queries to the query file:"
25149
25687
msgstr ""
25150
25688
25151
#: serverguide/C/dns.xml:553(programlisting)
25689
#: serverguide/C/dns.xml:544(programlisting)
25152
25690
#, no-wrap
25153
25691
msgid ""
25154
25692
"\n"
25161
25699
"};\n"
25162
25700
msgstr ""
25163
25701
25164
#: serverguide/C/dns.xml:565(para)
25702
#: serverguide/C/dns.xml:556(para)
25165
25703
msgid ""
25166
25704
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
25167
25705
"level isn't specified level 1 is the default."
25168
25706
msgstr ""
25169
25707
25170
#: serverguide/C/dns.xml:571(para)
25708
#: serverguide/C/dns.xml:562(para)
25171
25709
msgid ""
25172
25710
"Since the <emphasis>named daemon</emphasis> runs as the "
25173
25711
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
25174
25712
"file must be created and the ownership changed:"
25175
25713
msgstr ""
25176
25714
25177
#: serverguide/C/dns.xml:576(command)
25715
#: serverguide/C/dns.xml:567(command)
25178
25716
msgid "sudo touch /var/log/query.log"
25179
25717
msgstr ""
25180
25718
25181
#: serverguide/C/dns.xml:577(command)
25719
#: serverguide/C/dns.xml:568(command)
25182
25720
msgid "sudo chown bind /var/log/query.log"
25183
25721
msgstr ""
25184
25722
25185
#: serverguide/C/dns.xml:581(para)
25723
#: serverguide/C/dns.xml:572(para)
25186
25724
msgid ""
25187
25725
"Before <application>named</application> daemon can write to the new log file "
25188
25726
"the <application>AppArmor</application> profile must be updated. First, edit "
25189
25727
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
25190
25728
msgstr ""
25191
25729
25192
#: serverguide/C/dns.xml:585(programlisting)
25730
#: serverguide/C/dns.xml:576(programlisting)
25193
25731
#, no-wrap
25194
25732
msgid ""
25195
25733
"\n"
25196
25734
"/var/log/query.log w,\n"
25197
25735
msgstr ""
25198
25736
25199
#: serverguide/C/dns.xml:588(para)
25737
#: serverguide/C/dns.xml:579(para)
25200
25738
msgid "Next, reload the profile:"
25201
25739
msgstr ""
25202
25740
25203
#: serverguide/C/dns.xml:592(command)
25741
#: serverguide/C/dns.xml:583(command)
25204
25742
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
25205
25743
msgstr ""
25206
25744
25207
#: serverguide/C/dns.xml:594(para)
25745
#: serverguide/C/dns.xml:585(para)
25208
25746
msgid ""
25209
25747
"For more information on <application>AppArmor</application> see <xref "
25210
25748
"linkend=\"apparmor\"/>"
25211
25749
msgstr ""
25212
25750
25213
#: serverguide/C/dns.xml:599(para)
25751
#: serverguide/C/dns.xml:590(para)
25214
25752
msgid ""
25215
25753
"Now restart <application>BIND9</application> for the changes to take effect:"
25216
25754
msgstr ""
25217
25755
25218
#: serverguide/C/dns.xml:607(para)
25756
#: serverguide/C/dns.xml:598(para)
25219
25757
msgid ""
25220
25758
"You should see the file <filename>/var/log/query.log</filename> fill with "
25221
25759
"query information. This is a simple example of the "
25223
25761
"options see <xref linkend=\"dns-more-info\"/>."
25224
25762
msgstr ""
25225
25763
25226
#: serverguide/C/dns.xml:616(title)
25764
#: serverguide/C/dns.xml:607(title)
25227
25765
msgid "Common Record Types"
25228
25766
msgstr ""
25229
25767
25230
#: serverguide/C/dns.xml:617(para)
25768
#: serverguide/C/dns.xml:608(para)
25231
25769
msgid "This section covers some of the most common DNS record types."
25232
25770
msgstr ""
25233
25771
25234
#: serverguide/C/dns.xml:622(para)
25772
#: serverguide/C/dns.xml:613(para)
25235
25773
msgid ""
25236
25774
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
25237
25775
msgstr ""
25238
25776
25239
#: serverguide/C/dns.xml:625(programlisting)
25777
#: serverguide/C/dns.xml:616(programlisting)
25240
25778
#, no-wrap
25241
25779
msgid ""
25242
25780
"\n"
25243
25781
"www IN A 192.168.1.12\n"
25244
25782
msgstr ""
25245
25783
25246
#: serverguide/C/dns.xml:630(para)
25784
#: serverguide/C/dns.xml:621(para)
25247
25785
msgid ""
25248
25786
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
25249
25787
"record. You cannot create a CNAME record pointing to another CNAME record."
25250
25788
msgstr ""
25251
25789
25252
#: serverguide/C/dns.xml:633(programlisting)
25790
#: serverguide/C/dns.xml:624(programlisting)
25253
25791
#, no-wrap
25254
25792
msgid ""
25255
25793
"\n"
25256
25794
"web IN CNAME www\n"
25257
25795
msgstr ""
25258
25796
25259
#: serverguide/C/dns.xml:638(para)
25797
#: serverguide/C/dns.xml:629(para)
25260
25798
msgid ""
25261
25799
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
25262
25800
"to. Must point to an A record, not a CNAME."
25263
25801
msgstr ""
25264
25802
25265
#: serverguide/C/dns.xml:641(programlisting)
25803
#: serverguide/C/dns.xml:632(programlisting)
25266
25804
#, no-wrap
25267
25805
msgid ""
25268
25806
"\n"
25270
25808
"mail IN A 192.168.1.13\n"
25271
25809
msgstr ""
25272
25810
25273
#: serverguide/C/dns.xml:647(para)
25811
#: serverguide/C/dns.xml:638(para)
25274
25812
msgid ""
25275
25813
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
25276
25814
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
25277
25815
"Secondary servers are defined."
25278
25816
msgstr ""
25279
25817
25280
#: serverguide/C/dns.xml:651(programlisting)
25818
#: serverguide/C/dns.xml:642(programlisting)
25281
25819
#, no-wrap
25282
25820
msgid ""
25283
25821
"\n"
25287
25825
"ns2 IN A 192.168.1.11\n"
25288
25826
msgstr ""
25289
25827
25290
#: serverguide/C/dns.xml:661(title)
25828
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
25291
25829
msgid "More Information"
25292
25830
msgstr ""
25293
25831
25318
25856
"BIND on IPv6</ulink> book."
25319
25857
msgstr ""
25320
25858
25321
#: serverguide/C/dns.xml:684(para)
25859
#: serverguide/C/dns.xml:670(para)
25322
25860
msgid ""
25323
25861
"A great place to ask for <application>BIND9</application> assistance, and "
25324
25862
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
25501
26039
"Components</link> describes the components of the DM-Multipath package."
25502
26040
msgstr ""
25503
26041
25504
#: serverguide/C/dm-multipath.xml:183(title)
26042
#: serverguide/C/dm-multipath.xml:184(title)
25505
26043
msgid "DM-Multipath Setup Overview"
25506
26044
msgstr ""
25507
26045
25508
#: serverguide/C/dm-multipath.xml:190(para)
26046
#: serverguide/C/dm-multipath.xml:191(para)
25509
26047
msgid ""
25510
26048
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
25511
26049
"role=\"bold\">multipath-tools-boot</emphasis> packages"
25512
26050
msgstr ""
25513
26051
25514
#: serverguide/C/dm-multipath.xml:196(para)
26052
#: serverguide/C/dm-multipath.xml:197(para)
25515
26053
msgid ""
25516
26054
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
25517
26055
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
25518
26056
msgstr ""
25519
26057
25520
#: serverguide/C/dm-multipath.xml:202(para)
26058
#: serverguide/C/dm-multipath.xml:203(para)
25521
26059
msgid ""
25522
26060
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
25523
26061
"configuration file to modify default values and save the updated file."
25524
26062
msgstr ""
25525
26063
25526
#: serverguide/C/dm-multipath.xml:208(para)
26064
#: serverguide/C/dm-multipath.xml:209(para)
25527
26065
msgid "Start the multipath daemon"
25528
26066
msgstr ""
25529
26067
25530
#: serverguide/C/dm-multipath.xml:212(para)
26068
#: serverguide/C/dm-multipath.xml:213(para)
25531
26069
msgid "Update initial ramdisk"
25532
26070
msgstr ""
25533
26071
25534
#: serverguide/C/dm-multipath.xml:185(para)
26072
#: serverguide/C/dm-multipath.xml:186(para)
25535
26073
msgid ""
25536
26074
"DM-Multipath includes compiled-in default settings that are suitable for "
25537
26075
"common multipath configurations. Setting up DM-multipath is often a simple "
25541
26079
"overview\">Setting Up DM-Multipath</link>."
25542
26080
msgstr ""
25543
26081
25544
#: serverguide/C/dm-multipath.xml:222(title)
26082
#: serverguide/C/dm-multipath.xml:223(title)
25545
26083
msgid "Multipath Devices"
25546
26084
msgstr ""
25547
26085
25548
#: serverguide/C/dm-multipath.xml:224(para)
26086
#: serverguide/C/dm-multipath.xml:225(para)
25549
26087
msgid ""
25550
26088
"Without DM-Multipath, each path from a server node to a storage controller "
25551
26089
"is treated by the system as a separate device, even when the I/O path "
25554
26092
"multipath device on top of the underlying devices."
25555
26093
msgstr ""
25556
26094
25557
#: serverguide/C/dm-multipath.xml:232(title)
26095
#: serverguide/C/dm-multipath.xml:233(title)
25558
26096
msgid "Multipath Device Identifiers"
25559
26097
msgstr ""
25560
26098
25561
#: serverguide/C/dm-multipath.xml:260(para)
26099
#: serverguide/C/dm-multipath.xml:261(para)
25562
26100
msgid ""
25563
26101
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
25564
26102
"early in the boot process. Use these devices to access the multipathed "
25565
26103
"devices, for example when creating logical volumes."
25566
26104
msgstr ""
25567
26105
25568
#: serverguide/C/dm-multipath.xml:267(para)
26106
#: serverguide/C/dm-multipath.xml:268(para)
25569
26107
msgid ""
25570
26108
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
25571
26109
"internal use only and should never be used."
25611
26149
"Device Configuration Attributes</link>."
25612
26150
msgstr ""
25613
26151
25614
#: serverguide/C/dm-multipath.xml:288(title)
26152
#: serverguide/C/dm-multipath.xml:289(title)
25615
26153
msgid "Consistent Multipath Device Names in a Cluster"
25616
26154
msgstr ""
25617
26155
25618
#: serverguide/C/dm-multipath.xml:290(para)
26156
#: serverguide/C/dm-multipath.xml:291(para)
25619
26157
msgid ""
25620
26158
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
25621
26159
"configuration option is set to yes, the name of the multipath device is "
25638
26176
"procedure:"
25639
26177
msgstr ""
25640
26178
25641
#: serverguide/C/dm-multipath.xml:312(para)
26179
#: serverguide/C/dm-multipath.xml:313(para)
25642
26180
msgid "Set up all of the multipath devices on one machine."
25643
26181
msgstr ""
25644
26182
25645
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26183
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
25646
26184
msgid ""
25647
26185
"Disable all of your multipath devices on your other machines by running the "
25648
26186
"following commands:"
25649
26187
msgstr ""
25650
26188
25651
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26189
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
25652
26190
#, no-wrap
25653
26191
msgid ""
25654
26192
"# service multipath-tools stop\n"
25655
26193
"# multipath -F\n"
25656
26194
msgstr ""
25657
26195
25658
#: serverguide/C/dm-multipath.xml:325(para)
26196
#: serverguide/C/dm-multipath.xml:326(para)
25659
26197
msgid ""
25660
26198
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
25661
26199
"machine to all the other machines in the cluster."
25662
26200
msgstr ""
25663
26201
25664
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26202
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
25665
26203
msgid ""
25666
26204
"Re-enable the multipathd daemon on all the other machines in the cluster by "
25667
26205
"running the following command:"
25668
26206
msgstr ""
25669
26207
25670
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26208
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
25671
26209
#, no-wrap
25672
26210
msgid "# service multipath-tools start"
25673
26211
msgstr ""
25674
26212
25675
#: serverguide/C/dm-multipath.xml:338(para)
26213
#: serverguide/C/dm-multipath.xml:339(para)
25676
26214
msgid "If you add a new device, you will need to repeat this process."
25677
26215
msgstr ""
25678
26216
25679
#: serverguide/C/dm-multipath.xml:341(para)
26217
#: serverguide/C/dm-multipath.xml:342(para)
25680
26218
msgid ""
25681
26219
"Similarly, if you configure an alias for a device that you would like to be "
25682
26220
"consistent across the nodes in the cluster, you should ensure that the "
25684
26222
"the cluster by following the same procedure:"
25685
26223
msgstr ""
25686
26224
25687
#: serverguide/C/dm-multipath.xml:348(para)
26225
#: serverguide/C/dm-multipath.xml:349(para)
25688
26226
msgid ""
25689
26227
"Configure the aliases for the multipath devices in the in the "
25690
26228
"<filename>multipath.conf</filename> file on one machine."
25691
26229
msgstr ""
25692
26230
25693
#: serverguide/C/dm-multipath.xml:362(para)
26231
#: serverguide/C/dm-multipath.xml:363(para)
25694
26232
msgid ""
25695
26233
"Copy the <filename>multipath.conf</filename> file from the first machine to "
25696
26234
"all the other machines in the cluster."
25697
26235
msgstr ""
25698
26236
25699
#: serverguide/C/dm-multipath.xml:374(para)
26237
#: serverguide/C/dm-multipath.xml:375(para)
25700
26238
msgid "When you add a new device you will need to repeat this process."
25701
26239
msgstr ""
25702
26240
25703
#: serverguide/C/dm-multipath.xml:379(title)
26241
#: serverguide/C/dm-multipath.xml:380(title)
25704
26242
msgid "Multipath Device attributes"
25705
26243
msgstr ""
25706
26244
25707
#: serverguide/C/dm-multipath.xml:381(para)
26245
#: serverguide/C/dm-multipath.xml:382(para)
25708
26246
msgid ""
25709
26247
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
25710
26248
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
25717
26255
"linkend=\"multipath-config-multipath\"/>\"."
25718
26256
msgstr ""
25719
26257
25720
#: serverguide/C/dm-multipath.xml:394(title)
26258
#: serverguide/C/dm-multipath.xml:395(title)
25721
26259
msgid "Multipath Devices in Logical Volumes"
25722
26260
msgstr ""
25723
26261
25724
#: serverguide/C/dm-multipath.xml:396(para)
26262
#: serverguide/C/dm-multipath.xml:397(para)
25725
26263
msgid ""
25726
26264
"After creating multipath devices, you can use the multipath device names "
25727
26265
"just as you would use a physical device name when creating an LVM physical "
25732
26270
"you would use any other LVM physical device."
25733
26271
msgstr ""
25734
26272
25735
#: serverguide/C/dm-multipath.xml:405(para)
26273
#: serverguide/C/dm-multipath.xml:406(para)
25736
26274
msgid ""
25737
26275
"If you attempt to create an LVM physical volume on a whole device on which "
25738
26276
"you have configured partitions, the pvcreate command will fail."
25739
26277
msgstr ""
25740
26278
25741
#: serverguide/C/dm-multipath.xml:425(para)
26279
#: serverguide/C/dm-multipath.xml:426(para)
25742
26280
msgid ""
25743
26281
"Every time either <filename>/etc/lvm.conf</filename> or "
25744
26282
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
25746
26284
"filters are necessary to maintain a stable storage configuration."
25747
26285
msgstr ""
25748
26286
25749
#: serverguide/C/dm-multipath.xml:410(para)
26287
#: serverguide/C/dm-multipath.xml:411(para)
25750
26288
msgid ""
25751
26289
"When you create an LVM logical volume that uses active/passive multipath "
25752
26290
"arrays as the underlying physical devices, you should include filters in the "
25765
26303
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
25766
26304
msgstr ""
25767
26305
25768
#: serverguide/C/dm-multipath.xml:435(title)
26306
#: serverguide/C/dm-multipath.xml:436(title)
25769
26307
msgid "Setting up DM-Multipath Overview"
25770
26308
msgstr ""
25771
26309
25772
#: serverguide/C/dm-multipath.xml:437(para)
26310
#: serverguide/C/dm-multipath.xml:438(para)
25773
26311
msgid ""
25774
26312
"This section provides step-by-step example procedures for configuring DM-"
25775
26313
"Multipath. It includes the following procedures:"
25776
26314
msgstr ""
25777
26315
25778
#: serverguide/C/dm-multipath.xml:442(para)
26316
#: serverguide/C/dm-multipath.xml:443(para)
25779
26317
msgid "Basic DM-Multipath setup"
25780
26318
msgstr ""
25781
26319
25782
#: serverguide/C/dm-multipath.xml:446(para)
26320
#: serverguide/C/dm-multipath.xml:447(para)
25783
26321
msgid "Ignoring local disks"
25784
26322
msgstr ""
25785
26323
25786
#: serverguide/C/dm-multipath.xml:450(para)
26324
#: serverguide/C/dm-multipath.xml:451(para)
25787
26325
msgid "Adding more devices to the configuration file"
25788
26326
msgstr ""
25789
26327
25790
#: serverguide/C/dm-multipath.xml:455(title)
26328
#: serverguide/C/dm-multipath.xml:456(title)
25791
26329
msgid "Setting Up DM-Multipath"
25792
26330
msgstr ""
25793
26331
25794
#: serverguide/C/dm-multipath.xml:457(para)
26332
#: serverguide/C/dm-multipath.xml:458(para)
25795
26333
msgid ""
25796
26334
"Before setting up DM-Multipath on your system, ensure that your system has "
25797
26335
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
25800
26338
"boot</application></emphasis> package is also required."
25801
26339
msgstr ""
25802
26340
25803
#: serverguide/C/dm-multipath.xml:475(para)
26341
#: serverguide/C/dm-multipath.xml:476(para)
25804
26342
msgid ""
25805
26343
"To work around a quirk in multipathd, when an "
25806
26344
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
25817
26355
"database."
25818
26356
msgstr ""
25819
26357
25820
#: serverguide/C/dm-multipath.xml:464(para)
26358
#: serverguide/C/dm-multipath.xml:465(para)
25821
26359
msgid ""
25822
26360
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
25823
26361
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
25833
26371
"multipath.conf-live</screen><placeholder-1/>"
25834
26372
msgstr ""
25835
26373
25836
#: serverguide/C/dm-multipath.xml:492(title)
26374
#: serverguide/C/dm-multipath.xml:493(title)
25837
26375
msgid "Installing with Multipath Support"
25838
26376
msgstr ""
25839
26377
25840
#: serverguide/C/dm-multipath.xml:494(para)
26378
#: serverguide/C/dm-multipath.xml:495(para)
25841
26379
msgid ""
25842
26380
"To enable <ulink "
25843
26381
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
25847
26385
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
25848
26386
msgstr ""
25849
26387
25850
#: serverguide/C/dm-multipath.xml:503(title)
26388
#: serverguide/C/dm-multipath.xml:504(title)
25851
26389
msgid "Ignoring Local Disks When Generating Multipath Devices"
25852
26390
msgstr ""
25853
26391
25854
#: serverguide/C/dm-multipath.xml:505(para)
26392
#: serverguide/C/dm-multipath.xml:506(para)
25855
26393
msgid ""
25856
26394
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
25857
26395
"is not recommended for these devices. The following procedure shows how to "
25872
26410
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
25873
26411
msgstr ""
25874
26412
25875
#: serverguide/C/dm-multipath.xml:524(screen)
26413
#: serverguide/C/dm-multipath.xml:525(screen)
25876
26414
#, no-wrap
25877
26415
msgid ""
25878
26416
"\n"
25909
26447
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
25910
26448
msgstr ""
25911
26449
25912
#: serverguide/C/dm-multipath.xml:560(para)
26450
#: serverguide/C/dm-multipath.xml:561(para)
25913
26451
msgid ""
25914
26452
"In order to prevent the device mapper from mapping <emphasis "
25915
26453
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
25926
26464
"the following in the <filename>/etc/multipath.conf</filename> file."
25927
26465
msgstr ""
25928
26466
25929
#: serverguide/C/dm-multipath.xml:575(screen)
26467
#: serverguide/C/dm-multipath.xml:576(screen)
25930
26468
#, no-wrap
25931
26469
msgid ""
25932
26470
"\n"
25935
26473
"}\n"
25936
26474
msgstr ""
25937
26475
25938
#: serverguide/C/dm-multipath.xml:583(para)
26476
#: serverguide/C/dm-multipath.xml:584(para)
25939
26477
msgid ""
25940
26478
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
25941
26479
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
25943
26481
"<filename>/etc/multipath.conf</filename> file."
25944
26482
msgstr ""
25945
26483
25946
#: serverguide/C/dm-multipath.xml:588(screen)
26484
#: serverguide/C/dm-multipath.xml:589(screen)
25947
26485
#, no-wrap
25948
26486
msgid "# service multipath-tools reload"
25949
26487
msgstr ""
25950
26488
25951
#: serverguide/C/dm-multipath.xml:592(para)
26489
#: serverguide/C/dm-multipath.xml:593(para)
25952
26490
msgid "Run the following command to remove the multipath device:"
25953
26491
msgstr ""
25954
26492
25955
#: serverguide/C/dm-multipath.xml:595(screen)
26493
#: serverguide/C/dm-multipath.xml:596(screen)
25956
26494
#, no-wrap
25957
26495
msgid ""
25958
26496
"\n"
25972
26510
"specify a <emphasis role=\"bold\">-v</emphasis> option."
25973
26511
msgstr ""
25974
26512
25975
#: serverguide/C/dm-multipath.xml:612(screen)
26513
#: serverguide/C/dm-multipath.xml:613(screen)
25976
26514
#, no-wrap
25977
26515
msgid ""
25978
26516
"\n"
26003
26541
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26004
26542
msgstr ""
26005
26543
26006
#: serverguide/C/dm-multipath.xml:644(title)
26544
#: serverguide/C/dm-multipath.xml:645(title)
26007
26545
msgid "Configuring Storage Devices"
26008
26546
msgstr ""
26009
26547
26010
#: serverguide/C/dm-multipath.xml:646(para)
26548
#: serverguide/C/dm-multipath.xml:647(para)
26011
26549
msgid ""
26012
26550
"By default, DM-Multipath includes support for the most common storage arrays "
26013
26551
"that support DM-Multipath. The default configuration values, including "
26015
26553
"<filename>multipath.conf.defaults</filename> file."
26016
26554
msgstr ""
26017
26555
26018
#: serverguide/C/dm-multipath.xml:651(para)
26556
#: serverguide/C/dm-multipath.xml:652(para)
26019
26557
msgid ""
26020
26558
"If you need to add a storage device that is not supported by default as a "
26021
26559
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
26022
26560
"file and insert the appropriate device information."
26023
26561
msgstr ""
26024
26562
26025
#: serverguide/C/dm-multipath.xml:655(para)
26563
#: serverguide/C/dm-multipath.xml:656(para)
26026
26564
msgid ""
26027
26565
"For example, to add information about the HP Open-V series the entry looks "
26028
26566
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
26029
26567
msgstr ""
26030
26568
26031
#: serverguide/C/dm-multipath.xml:659(screen)
26569
#: serverguide/C/dm-multipath.xml:660(screen)
26032
26570
#, no-wrap
26033
26571
msgid ""
26034
26572
"devices {\n"
26041
26579
"}\n"
26042
26580
msgstr ""
26043
26581
26044
#: serverguide/C/dm-multipath.xml:668(para)
26582
#: serverguide/C/dm-multipath.xml:669(para)
26045
26583
msgid ""
26046
26584
"For more information on the devices section of the configuration file, see "
26047
26585
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
26048
26586
"device\"/>."
26049
26587
msgstr ""
26050
26588
26051
#: serverguide/C/dm-multipath.xml:675(title)
26589
#: serverguide/C/dm-multipath.xml:676(title)
26052
26590
msgid "The DM-Multipath Configuration File"
26053
26591
msgstr ""
26054
26592
26055
#: serverguide/C/dm-multipath.xml:677(para)
26593
#: serverguide/C/dm-multipath.xml:678(para)
26056
26594
msgid ""
26057
26595
"By default, DM-Multipath provides configuration values for the most common "
26058
26596
"uses of multipathing. In addition, DM-Multipath includes support for the "
26061
26599
"<filename>multipath.conf.defaults</filename> file."
26062
26600
msgstr ""
26063
26601
26064
#: serverguide/C/dm-multipath.xml:683(para)
26602
#: serverguide/C/dm-multipath.xml:684(para)
26065
26603
msgid ""
26066
26604
"You can override the default configuration values for DM-Multipath by "
26067
26605
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
26071
26609
"on the following topics: <placeholder-1/>"
26072
26610
msgstr ""
26073
26611
26074
#: serverguide/C/dm-multipath.xml:715(para)
26612
#: serverguide/C/dm-multipath.xml:716(para)
26075
26613
msgid ""
26076
26614
"In the multipath configuration file, you need to specify only the sections "
26077
26615
"that you need for your configuration, or that you wish to change from the "
26081
26619
"can leave them commented out, as they are in the initial file."
26082
26620
msgstr ""
26083
26621
26084
#: serverguide/C/dm-multipath.xml:723(para)
26622
#: serverguide/C/dm-multipath.xml:724(para)
26085
26623
msgid "The configuration file allows regular expression description syntax."
26086
26624
msgstr ""
26087
26625
26088
#: serverguide/C/dm-multipath.xml:726(para)
26626
#: serverguide/C/dm-multipath.xml:727(para)
26089
26627
msgid ""
26090
26628
"An annotated version of the configuration file can be found in "
26091
26629
"<filename><filename>/usr/share/doc/multipath-"
26092
26630
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26093
26631
msgstr ""
26094
26632
26095
#: serverguide/C/dm-multipath.xml:730(title)
26633
#: serverguide/C/dm-multipath.xml:731(title)
26096
26634
msgid "Configuration File Overview"
26097
26635
msgstr ""
26098
26636
26099
#: serverguide/C/dm-multipath.xml:732(para)
26637
#: serverguide/C/dm-multipath.xml:733(para)
26100
26638
msgid ""
26101
26639
"The multipath configuration file is divided into the following sections:"
26102
26640
msgstr ""
26103
26641
26104
#: serverguide/C/dm-multipath.xml:737(emphasis)
26642
#: serverguide/C/dm-multipath.xml:738(emphasis)
26105
26643
msgid "blacklist"
26106
26644
msgstr ""
26107
26645
26108
#: serverguide/C/dm-multipath.xml:740(para)
26646
#: serverguide/C/dm-multipath.xml:741(para)
26109
26647
msgid ""
26110
26648
"Listing of specific devices that will not be considered for multipath."
26111
26649
msgstr ""
26112
26650
26113
#: serverguide/C/dm-multipath.xml:746(emphasis)
26651
#: serverguide/C/dm-multipath.xml:747(emphasis)
26114
26652
msgid "blacklist_exceptions"
26115
26653
msgstr ""
26116
26654
26117
#: serverguide/C/dm-multipath.xml:749(para)
26655
#: serverguide/C/dm-multipath.xml:750(para)
26118
26656
msgid ""
26119
26657
"Listing of multipath candidates that would otherwise be blacklisted "
26120
26658
"according to the parameters of the blacklist section."
26121
26659
msgstr ""
26122
26660
26123
#: serverguide/C/dm-multipath.xml:756(emphasis)
26661
#: serverguide/C/dm-multipath.xml:757(emphasis)
26124
26662
msgid "defaults"
26125
26663
msgstr ""
26126
26664
26127
#: serverguide/C/dm-multipath.xml:759(para)
26665
#: serverguide/C/dm-multipath.xml:760(para)
26128
26666
msgid "General default settings for DM-Multipath."
26129
26667
msgstr ""
26130
26668
26131
#: serverguide/C/dm-multipath.xml:767(para)
26669
#: serverguide/C/dm-multipath.xml:768(para)
26132
26670
msgid ""
26133
26671
"Settings for the characteristics of individual multipath devices. These "
26134
26672
"values overwrite what is specified in the <emphasis "
26136
26674
"role=\"bold\">devices</emphasis> sections of the configuration file."
26137
26675
msgstr ""
26138
26676
26139
#: serverguide/C/dm-multipath.xml:776(emphasis)
26677
#: serverguide/C/dm-multipath.xml:777(emphasis)
26140
26678
msgid "devices"
26141
26679
msgstr ""
26142
26680
26143
#: serverguide/C/dm-multipath.xml:779(para)
26681
#: serverguide/C/dm-multipath.xml:780(para)
26144
26682
msgid ""
26145
26683
"Settings for the individual storage controllers. These values overwrite what "
26146
26684
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
26149
26687
"array."
26150
26688
msgstr ""
26151
26689
26152
#: serverguide/C/dm-multipath.xml:788(para)
26690
#: serverguide/C/dm-multipath.xml:789(para)
26153
26691
msgid ""
26154
26692
"When the system determines the attributes of a multipath device, first it "
26155
26693
"checks the multipath settings, then the per devices settings, then the "
26156
26694
"multipath system defaults."
26157
26695
msgstr ""
26158
26696
26159
#: serverguide/C/dm-multipath.xml:794(title)
26697
#: serverguide/C/dm-multipath.xml:795(title)
26160
26698
msgid "Configuration File Blacklist"
26161
26699
msgstr ""
26162
26700
26163
#: serverguide/C/dm-multipath.xml:796(para)
26701
#: serverguide/C/dm-multipath.xml:797(para)
26164
26702
msgid ""
26165
26703
"The blacklist section of the multipath configuration file specifies the "
26166
26704
"devices that will not be used when the system configures multipath devices. "
26167
26705
"Devices that are blacklisted will not be grouped into a multipath device."
26168
26706
msgstr ""
26169
26707
26170
#: serverguide/C/dm-multipath.xml:803(para)
26708
#: serverguide/C/dm-multipath.xml:804(para)
26171
26709
msgid ""
26172
26710
"If you do need to blacklist devices, you can do so according to the "
26173
26711
"following criteria:"
26174
26712
msgstr ""
26175
26713
26176
#: serverguide/C/dm-multipath.xml:808(para)
26714
#: serverguide/C/dm-multipath.xml:809(para)
26177
26715
msgid ""
26178
26716
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
26179
26717
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
26180
26718
msgstr ""
26181
26719
26182
#: serverguide/C/dm-multipath.xml:814(para)
26720
#: serverguide/C/dm-multipath.xml:815(para)
26183
26721
msgid ""
26184
26722
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
26185
26723
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
26186
26724
msgstr ""
26187
26725
26188
#: serverguide/C/dm-multipath.xml:820(para)
26726
#: serverguide/C/dm-multipath.xml:821(para)
26189
26727
msgid ""
26190
26728
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
26191
26729
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
26192
26730
msgstr ""
26193
26731
26194
#: serverguide/C/dm-multipath.xml:826(para)
26732
#: serverguide/C/dm-multipath.xml:827(para)
26195
26733
msgid ""
26196
26734
"By default, a variety of device types are blacklisted, even after you "
26197
26735
"comment out the initial blacklist section of the configuration file. For "
26199
26737
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
26200
26738
msgstr ""
26201
26739
26202
#: serverguide/C/dm-multipath.xml:835(title)
26740
#: serverguide/C/dm-multipath.xml:836(title)
26203
26741
msgid "Blacklisting By WWID"
26204
26742
msgstr ""
26205
26743
26206
#: serverguide/C/dm-multipath.xml:838(para)
26744
#: serverguide/C/dm-multipath.xml:839(para)
26207
26745
msgid ""
26208
26746
"You can specify individual devices to blacklist by their World-Wide "
26209
26747
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
26211
26749
"file."
26212
26750
msgstr ""
26213
26751
26214
#: serverguide/C/dm-multipath.xml:843(para)
26752
#: serverguide/C/dm-multipath.xml:844(para)
26215
26753
msgid ""
26216
26754
"The following example shows the lines in the configuration file that would "
26217
26755
"blacklist a device with a WWID of 26353900f02796769."
26218
26756
msgstr ""
26219
26757
26220
#: serverguide/C/dm-multipath.xml:846(screen)
26758
#: serverguide/C/dm-multipath.xml:847(screen)
26221
26759
#, no-wrap
26222
26760
msgid ""
26223
26761
"\n"
26226
26764
"}\n"
26227
26765
msgstr ""
26228
26766
26229
#: serverguide/C/dm-multipath.xml:854(title)
26767
#: serverguide/C/dm-multipath.xml:855(title)
26230
26768
msgid "Blacklisting By Device Name"
26231
26769
msgstr ""
26232
26770
26233
#: serverguide/C/dm-multipath.xml:857(para)
26771
#: serverguide/C/dm-multipath.xml:858(para)
26234
26772
msgid ""
26235
26773
"You can blacklist device types by device name so that they will not be "
26236
26774
"grouped into a multipath device by specifying a <emphasis "
26238
26776
"role=\"bold\">blacklist</emphasis> section of the configuration file."
26239
26777
msgstr ""
26240
26778
26241
#: serverguide/C/dm-multipath.xml:863(para)
26779
#: serverguide/C/dm-multipath.xml:864(para)
26242
26780
msgid ""
26243
26781
"The following example shows the lines in the configuration file that would "
26244
26782
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
26247
26785
"}</screen>"
26248
26786
msgstr ""
26249
26787
26250
#: serverguide/C/dm-multipath.xml:870(para)
26788
#: serverguide/C/dm-multipath.xml:871(para)
26251
26789
msgid ""
26252
26790
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
26253
26791
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
26259
26797
"on reboot."
26260
26798
msgstr ""
26261
26799
26262
#: serverguide/C/dm-multipath.xml:880(para)
26800
#: serverguide/C/dm-multipath.xml:881(para)
26263
26801
msgid ""
26264
26802
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
26265
26803
"are compiled in the default blacklist; the devices that these entries "
26275
26813
"</screen>"
26276
26814
msgstr ""
26277
26815
26278
#: serverguide/C/dm-multipath.xml:897(title)
26816
#: serverguide/C/dm-multipath.xml:898(title)
26279
26817
msgid "Blacklisting By Device Type"
26280
26818
msgstr ""
26281
26819
26282
#: serverguide/C/dm-multipath.xml:900(para)
26820
#: serverguide/C/dm-multipath.xml:901(para)
26283
26821
msgid ""
26284
26822
"You can specify specific device types in the <emphasis "
26285
26823
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
26298
26836
"</screen>"
26299
26837
msgstr ""
26300
26838
26301
#: serverguide/C/dm-multipath.xml:918(title)
26839
#: serverguide/C/dm-multipath.xml:919(title)
26302
26840
msgid "Blacklist Exceptions"
26303
26841
msgstr ""
26304
26842
26305
#: serverguide/C/dm-multipath.xml:921(para)
26843
#: serverguide/C/dm-multipath.xml:922(para)
26306
26844
msgid ""
26307
26845
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
26308
26846
"section of the configuration file to enable multipathing on devices that "
26309
26847
"have been blacklisted by default."
26310
26848
msgstr ""
26311
26849
26312
#: serverguide/C/dm-multipath.xml:926(para)
26850
#: serverguide/C/dm-multipath.xml:927(para)
26313
26851
msgid ""
26314
26852
"For example, if you have a large number of devices and want to multipath "
26315
26853
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
26327
26865
"</screen>"
26328
26866
msgstr ""
26329
26867
26330
#: serverguide/C/dm-multipath.xml:941(para)
26868
#: serverguide/C/dm-multipath.xml:942(para)
26331
26869
msgid ""
26332
26870
"When specifying devices in the <emphasis "
26333
26871
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
26339
26877
"only to devnode entries, and device exceptions apply only to device entries."
26340
26878
msgstr ""
26341
26879
26342
#: serverguide/C/dm-multipath.xml:954(title)
26880
#: serverguide/C/dm-multipath.xml:955(title)
26343
26881
msgid "Configuration File Defaults"
26344
26882
msgstr ""
26345
26883
26346
#: serverguide/C/dm-multipath.xml:956(para)
26884
#: serverguide/C/dm-multipath.xml:957(para)
26347
26885
msgid ""
26348
26886
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
26349
26887
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
26351
26889
"role=\"bold\">yes</emphasis>, as follows."
26352
26890
msgstr ""
26353
26891
26354
#: serverguide/C/dm-multipath.xml:961(screen)
26892
#: serverguide/C/dm-multipath.xml:962(screen)
26355
26893
#, no-wrap
26356
26894
msgid ""
26357
26895
"\n"
26360
26898
"}\n"
26361
26899
msgstr ""
26362
26900
26363
#: serverguide/C/dm-multipath.xml:967(para)
26901
#: serverguide/C/dm-multipath.xml:968(para)
26364
26902
msgid ""
26365
26903
"This overwrites the default value of the <emphasis "
26366
26904
"role=\"bold\">user_friendly_names</emphasis> parameter."
26367
26905
msgstr ""
26368
26906
26369
#: serverguide/C/dm-multipath.xml:970(para)
26907
#: serverguide/C/dm-multipath.xml:971(para)
26370
26908
msgid ""
26371
26909
"The configuration file includes a template of configuration defaults. This "
26372
26910
"section is commented out, as follows."
26373
26911
msgstr ""
26374
26912
26375
#: serverguide/C/dm-multipath.xml:973(screen)
26913
#: serverguide/C/dm-multipath.xml:974(screen)
26376
26914
#, no-wrap
26377
26915
msgid ""
26378
26916
"\n"
26393
26931
"#}\n"
26394
26932
msgstr ""
26395
26933
26396
#: serverguide/C/dm-multipath.xml:990(para)
26934
#: serverguide/C/dm-multipath.xml:991(para)
26397
26935
msgid ""
26398
26936
"To overwrite the default value for any of the configuration parameters, you "
26399
26937
"can copy the relevant line from this template into the <emphasis "
26406
26944
"uncomment it, as follows."
26407
26945
msgstr ""
26408
26946
26409
#: serverguide/C/dm-multipath.xml:1001(screen)
26947
#: serverguide/C/dm-multipath.xml:1002(screen)
26410
26948
#, no-wrap
26411
26949
msgid ""
26412
26950
"\n"
26416
26954
"}\n"
26417
26955
msgstr ""
26418
26956
26419
#: serverguide/C/dm-multipath.xml:1008(para)
26957
#: serverguide/C/dm-multipath.xml:1009(para)
26420
26958
msgid ""
26421
26959
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
26422
26960
"config-defaults-table\"/> describes the attributes that are set in the "
26428
26966
"<filename>multipath.conf</filename> file."
26429
26967
msgstr ""
26430
26968
26431
#: serverguide/C/dm-multipath.xml:1022(title)
26969
#: serverguide/C/dm-multipath.xml:1023(title)
26432
26970
msgid "Configuration File Multipath Attributes"
26433
26971
msgstr ""
26434
26972
26435
#: serverguide/C/dm-multipath.xml:1025(para)
26973
#: serverguide/C/dm-multipath.xml:1026(para)
26436
26974
msgid ""
26437
26975
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
26438
26976
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
26444
26982
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
26445
26983
msgstr ""
26446
26984
26447
#: serverguide/C/dm-multipath.xml:1038(para)
26985
#: serverguide/C/dm-multipath.xml:1039(para)
26448
26986
msgid ""
26449
26987
"In addition, the following parameters may be overridden in this <emphasis "
26450
26988
"role=\"bold\">multipath</emphasis> section"
26451
26989
msgstr ""
26452
26990
26453
#: serverguide/C/dm-multipath.xml:1087(para)
26991
#: serverguide/C/dm-multipath.xml:1088(para)
26454
26992
msgid ""
26455
26993
"The following example shows multipath attributes specified in the "
26456
26994
"configuration file for two specific multipath devices. The first device has "
26465
27003
"are set to priorities."
26466
27004
msgstr ""
26467
27005
26468
#: serverguide/C/dm-multipath.xml:1097(screen)
27006
#: serverguide/C/dm-multipath.xml:1098(screen)
26469
27007
#, no-wrap
26470
27008
msgid ""
26471
27009
"\n"
26487
27025
"}\n"
26488
27026
msgstr ""
26489
27027
26490
#: serverguide/C/dm-multipath.xml:1118(title)
27028
#: serverguide/C/dm-multipath.xml:1119(title)
26491
27029
msgid "Configuration File Devices"
26492
27030
msgstr ""
26493
27031
26494
#: serverguide/C/dm-multipath.xml:1120(para)
27032
#: serverguide/C/dm-multipath.xml:1121(para)
26495
27033
msgid ""
26496
27034
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
26497
27035
"device-attributes-table\"/> shows the attributes that you can set for each "
26505
27043
"<filename>multipath.conf</filename> file."
26506
27044
msgstr ""
26507
27045
26508
#: serverguide/C/dm-multipath.xml:1131(para)
27046
#: serverguide/C/dm-multipath.xml:1132(para)
26509
27047
msgid ""
26510
27048
"Many devices that support multipathing are included by default in a "
26511
27049
"multipath configuration. The values for the devices that are supported by "
26519
27057
"the device and override the values that you want to change."
26520
27058
msgstr ""
26521
27059
26522
#: serverguide/C/dm-multipath.xml:1143(para)
27060
#: serverguide/C/dm-multipath.xml:1144(para)
26523
27061
msgid ""
26524
27062
"To add a device to this section of the configuration file that is not "
26525
27063
"configured automatically by default, you must set the <emphasis "
26531
27069
"device_name is the device to be multipathed, as in the following example:"
26532
27070
msgstr ""
26533
27071
26534
#: serverguide/C/dm-multipath.xml:1153(screen)
27072
#: serverguide/C/dm-multipath.xml:1154(screen)
26535
27073
#, no-wrap
26536
27074
msgid ""
26537
27075
"\n"
26541
27079
"SF2372\n"
26542
27080
msgstr ""
26543
27081
26544
#: serverguide/C/dm-multipath.xml:1160(para)
27082
#: serverguide/C/dm-multipath.xml:1161(para)
26545
27083
msgid ""
26546
27084
"The additional parameters to specify depend on your specific device. If the "
26547
27085
"device is active/active, you will usually not need to set additional "
26554
27092
"table\"/>."
26555
27093
msgstr ""
26556
27094
26557
#: serverguide/C/dm-multipath.xml:1170(para)
27095
#: serverguide/C/dm-multipath.xml:1171(para)
26558
27096
msgid ""
26559
27097
"If the device is active/passive, but it automatically switches paths with "
26560
27098
"I/O to the passive path, you need to change the checker function to one that "
26565
27103
"the Test Unit Ready command, which most do."
26566
27104
msgstr ""
26567
27105
26568
#: serverguide/C/dm-multipath.xml:1179(para)
27106
#: serverguide/C/dm-multipath.xml:1180(para)
26569
27107
msgid ""
26570
27108
"If the device needs a special command to switch paths, then configuring this "
26571
27109
"device for multipath requires a hardware handler kernel module. The current "
26573
27111
"device, you may not be able to configure the device for multipath."
26574
27112
msgstr ""
26575
27113
26576
#: serverguide/C/dm-multipath.xml:1188(para)
27114
#: serverguide/C/dm-multipath.xml:1189(para)
26577
27115
msgid ""
26578
27116
"In addition, the following parameters may be overridden in this <emphasis "
26579
27117
"role=\"bold\">device</emphasis> section"
26580
27118
msgstr ""
26581
27119
26582
#: serverguide/C/dm-multipath.xml:1263(para)
27120
#: serverguide/C/dm-multipath.xml:1264(para)
26583
27121
msgid ""
26584
27122
"Whenever a hardware_handler is specified, it is your responsibility to "
26585
27123
"ensure that the appropriate kernel module is loaded to support the specified "
26593
27131
"# update-initramfs -u -k all</screen>"
26594
27132
msgstr ""
26595
27133
26596
#: serverguide/C/dm-multipath.xml:1274(para)
27134
#: serverguide/C/dm-multipath.xml:1275(para)
26597
27135
msgid ""
26598
27136
"The following example shows a device entry in the multipath configuration "
26599
27137
"file."
26600
27138
msgstr ""
26601
27139
26602
#: serverguide/C/dm-multipath.xml:1277(screen)
27140
#: serverguide/C/dm-multipath.xml:1278(screen)
26603
27141
#, no-wrap
26604
27142
msgid ""
26605
27143
"\n"
26614
27152
"#}\n"
26615
27153
msgstr ""
26616
27154
26617
#: serverguide/C/dm-multipath.xml:1289(para)
27155
#: serverguide/C/dm-multipath.xml:1290(para)
26618
27156
msgid ""
26619
27157
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
26620
27158
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
26631
27169
"characters or spaces, as seen in the example above"
26632
27170
msgstr ""
26633
27171
26634
#: serverguide/C/dm-multipath.xml:1306(para)
27172
#: serverguide/C/dm-multipath.xml:1307(para)
26635
27173
msgid "vendor: 8 characters"
26636
27174
msgstr ""
26637
27175
26638
#: serverguide/C/dm-multipath.xml:1310(para)
27176
#: serverguide/C/dm-multipath.xml:1311(para)
26639
27177
msgid "product: 16 characters"
26640
27178
msgstr ""
26641
27179
26642
#: serverguide/C/dm-multipath.xml:1314(para)
27180
#: serverguide/C/dm-multipath.xml:1315(para)
26643
27181
msgid "revision: 4 characters"
26644
27182
msgstr ""
26645
27183
26646
#: serverguide/C/dm-multipath.xml:1318(para)
27184
#: serverguide/C/dm-multipath.xml:1319(para)
26647
27185
msgid ""
26648
27186
"To create a more robust configuration file, regular expressions can also be "
26649
27187
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
26652
27190
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
26653
27191
msgstr ""
26654
27192
26655
#: serverguide/C/dm-multipath.xml:1325(screen)
27193
#: serverguide/C/dm-multipath.xml:1326(screen)
26656
27194
#, no-wrap
26657
27195
msgid "# echo 'show config' | multipathd -k"
26658
27196
msgstr ""
26659
27197
26660
#: serverguide/C/dm-multipath.xml:1330(title)
27198
#: serverguide/C/dm-multipath.xml:1331(title)
26661
27199
msgid "DM-Multipath Administration and Troubleshooting"
26662
27200
msgstr ""
26663
27201
26664
#: serverguide/C/dm-multipath.xml:1333(title)
27202
#: serverguide/C/dm-multipath.xml:1334(title)
26665
27203
msgid "Resizing an Online Multipath Device"
26666
27204
msgstr ""
26667
27205
26668
#: serverguide/C/dm-multipath.xml:1335(para)
27206
#: serverguide/C/dm-multipath.xml:1336(para)
26669
27207
msgid ""
26670
27208
"If you need to resize an online multipath device, use the following procedure"
26671
27209
msgstr ""
26672
27210
26673
#: serverguide/C/dm-multipath.xml:1340(para)
27211
#: serverguide/C/dm-multipath.xml:1341(para)
26674
27212
msgid "Resize your physical device. This is storage platform specific."
26675
27213
msgstr ""
26676
27214
26677
#: serverguide/C/dm-multipath.xml:1345(para)
27215
#: serverguide/C/dm-multipath.xml:1346(para)
26678
27216
msgid "Use the following command to find the paths to the LUN:"
26679
27217
msgstr ""
26680
27218
26681
#: serverguide/C/dm-multipath.xml:1347(screen)
27219
#: serverguide/C/dm-multipath.xml:1348(screen)
26682
27220
#, no-wrap
26683
27221
msgid "# multipath -l"
26684
27222
msgstr ""
26685
27223
26686
#: serverguide/C/dm-multipath.xml:1351(para)
27224
#: serverguide/C/dm-multipath.xml:1352(para)
26687
27225
msgid ""
26688
27226
"Resize your paths. For SCSI devices, writing 1 to the "
26689
27227
"<filename>rescan</filename> file for the device causes the SCSI driver to "
26690
27228
"rescan, as in the following command:"
26691
27229
msgstr ""
26692
27230
26693
#: serverguide/C/dm-multipath.xml:1355(screen)
27231
#: serverguide/C/dm-multipath.xml:1356(screen)
26694
27232
#, no-wrap
26695
27233
msgid "# echo 1 > /sys/block/device_name/device/rescan"
26696
27234
msgstr ""
26697
27235
26698
#: serverguide/C/dm-multipath.xml:1359(para)
27236
#: serverguide/C/dm-multipath.xml:1360(para)
26699
27237
msgid ""
26700
27238
"Resize your multipath device by running the multipathd resize command:"
26701
27239
msgstr ""
26702
27240
26703
#: serverguide/C/dm-multipath.xml:1362(screen)
27241
#: serverguide/C/dm-multipath.xml:1363(screen)
26704
27242
#, no-wrap
26705
27243
msgid "# multipathd -k 'resize map mpatha'"
26706
27244
msgstr ""
26707
27245
26708
#: serverguide/C/dm-multipath.xml:1366(para)
27246
#: serverguide/C/dm-multipath.xml:1367(para)
26709
27247
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
26710
27248
msgstr ""
26711
27249
26712
#: serverguide/C/dm-multipath.xml:1369(screen)
27250
#: serverguide/C/dm-multipath.xml:1370(screen)
26713
27251
#, no-wrap
26714
27252
msgid "# resize2fs /dev/mapper/mpatha"
26715
27253
msgstr ""
26716
27254
26717
#: serverguide/C/dm-multipath.xml:1375(title)
27255
#: serverguide/C/dm-multipath.xml:1376(title)
26718
27256
msgid ""
26719
27257
"Moving root File Systems from a Single Path Device to a Multipath Device"
26720
27258
msgstr ""
26721
27259
26722
#: serverguide/C/dm-multipath.xml:1378(para)
27260
#: serverguide/C/dm-multipath.xml:1379(para)
26723
27261
msgid ""
26724
27262
"This is dramatically simplified by the use of UUIDs to identify devices as "
26725
27263
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
26728
27266
"mounted by UUID."
26729
27267
msgstr ""
26730
27268
26731
#: serverguide/C/dm-multipath.xml:1385(para)
27269
#: serverguide/C/dm-multipath.xml:1386(para)
26732
27270
msgid ""
26733
27271
"Whenever <filename>multipath.conf</filename> is updated, so should the "
26734
27272
"initrd by executing <command>update-initramfs -u -k all</command>. The "
26737
27275
"blacklist and device sections."
26738
27276
msgstr ""
26739
27277
26740
#: serverguide/C/dm-multipath.xml:1394(title)
27278
#: serverguide/C/dm-multipath.xml:1395(title)
26741
27279
msgid ""
26742
27280
"Moving swap File Systems from a Single Path Device to a Multipath Device"
26743
27281
msgstr ""
26744
27282
26745
#: serverguide/C/dm-multipath.xml:1397(para)
27283
#: serverguide/C/dm-multipath.xml:1398(para)
26746
27284
msgid ""
26747
27285
"The procedure is exactly the same as illustrated in the previous section "
26748
27286
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
26750
27288
"Device</link>."
26751
27289
msgstr ""
26752
27290
26753
#: serverguide/C/dm-multipath.xml:1405(title)
27291
#: serverguide/C/dm-multipath.xml:1406(title)
26754
27292
msgid "The Multipath Daemon"
26755
27293
msgstr ""
26756
27294
26757
#: serverguide/C/dm-multipath.xml:1407(para)
27295
#: serverguide/C/dm-multipath.xml:1408(para)
26758
27296
msgid ""
26759
27297
"If you find you have trouble implementing a multipath configuration, you "
26760
27298
"should ensure the multipath daemon is running as described in <link "
26766
27304
"<command>multipathd</command> as a debugging aid."
26767
27305
msgstr ""
26768
27306
26769
#: serverguide/C/dm-multipath.xml:1447(title)
27307
#: serverguide/C/dm-multipath.xml:1448(title)
26770
27308
msgid "Issues with queue_if_no_path"
26771
27309
msgstr ""
26772
27310
26773
#: serverguide/C/dm-multipath.xml:1449(para)
27311
#: serverguide/C/dm-multipath.xml:1450(para)
26774
27312
msgid ""
26775
27313
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
26776
27314
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
26780
27318
"<filename>/etc/multipath.conf</filename>."
26781
27319
msgstr ""
26782
27320
26783
#: serverguide/C/dm-multipath.xml:1456(para)
27321
#: serverguide/C/dm-multipath.xml:1457(para)
26784
27322
msgid ""
26785
27323
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
26786
27324
"remove the <emphasis role=\"bold\">features \"1 "
26796
27334
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
26797
27335
msgstr ""
26798
27336
26799
#: serverguide/C/dm-multipath.xml:1470(para)
27337
#: serverguide/C/dm-multipath.xml:1471(para)
26800
27338
msgid ""
26801
27339
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
26802
27340
"option and you experience the issue noted here, use the "
26807
27345
"<option> \"fail_if_no_path\"</option>, execute the following command."
26808
27346
msgstr ""
26809
27347
26810
#: serverguide/C/dm-multipath.xml:1479(screen)
27348
#: serverguide/C/dm-multipath.xml:1480(screen)
26811
27349
#, no-wrap
26812
27350
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
26813
27351
msgstr ""
26814
27352
26815
#: serverguide/C/dm-multipath.xml:1482(para)
27353
#: serverguide/C/dm-multipath.xml:1483(para)
26816
27354
msgid ""
26817
27355
"You must specify the <filename>mpathN</filename> alias rather than the path"
26818
27356
msgstr ""
26819
27357
26820
#: serverguide/C/dm-multipath.xml:1488(title)
27358
#: serverguide/C/dm-multipath.xml:1489(title)
26821
27359
msgid "Multipath Command Output"
26822
27360
msgstr ""
26823
27361
26824
#: serverguide/C/dm-multipath.xml:1490(para)
27362
#: serverguide/C/dm-multipath.xml:1491(para)
26825
27363
msgid ""
26826
27364
"When you create, modify, or list a multipath device, you get a printout of "
26827
27365
"the current device setup. The format is as follows. For each multipath "
26828
27366
"device:"
26829
27367
msgstr ""
26830
27368
26831
#: serverguide/C/dm-multipath.xml:1494(screen)
27369
#: serverguide/C/dm-multipath.xml:1495(screen)
26832
27370
#, no-wrap
26833
27371
msgid ""
26834
27372
" action_if_any: alias (wwid_if_different_from_alias) "
26837
27375
"wp=write_permission_if_known"
26838
27376
msgstr ""
26839
27377
26840
#: serverguide/C/dm-multipath.xml:1497(para)
27378
#: serverguide/C/dm-multipath.xml:1498(para)
26841
27379
msgid "For each path group:"
26842
27380
msgstr ""
26843
27381
26844
#: serverguide/C/dm-multipath.xml:1499(screen)
27382
#: serverguide/C/dm-multipath.xml:1500(screen)
26845
27383
#, no-wrap
26846
27384
msgid ""
26847
27385
" -+- policy='scheduling_policy' prio=prio_if_known\n"
26848
27386
" status=path_group_status_if_known"
26849
27387
msgstr ""
26850
27388
26851
#: serverguide/C/dm-multipath.xml:1502(para)
27389
#: serverguide/C/dm-multipath.xml:1503(para)
26852
27390
msgid "For each path:"
26853
27391
msgstr ""
26854
27392
26855
#: serverguide/C/dm-multipath.xml:1504(screen)
27393
#: serverguide/C/dm-multipath.xml:1505(screen)
26856
27394
#, no-wrap
26857
27395
msgid ""
26858
27396
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
26860
27398
" online_status"
26861
27399
msgstr ""
26862
27400
26863
#: serverguide/C/dm-multipath.xml:1507(para)
27401
#: serverguide/C/dm-multipath.xml:1508(para)
26864
27402
msgid ""
26865
27403
"For example, the output of a multipath command might appear as follows:"
26866
27404
msgstr ""
26867
27405
26868
#: serverguide/C/dm-multipath.xml:1510(screen)
27406
#: serverguide/C/dm-multipath.xml:1511(screen)
26869
27407
#, no-wrap
26870
27408
msgid ""
26871
27409
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
26876
27414
" `- 7:0:0:0 sdf 8:80 active ready running"
26877
27415
msgstr ""
26878
27416
26879
#: serverguide/C/dm-multipath.xml:1517(para)
27417
#: serverguide/C/dm-multipath.xml:1518(para)
26880
27418
msgid ""
26881
27419
"If the path is up and ready for I/O, the status of the path is <emphasis "
26882
27420
"role=\"bold\">ready</emphasis> or <emphasis "
26887
27425
"defined in the <filename>/etc/multipath.conf</filename> file."
26888
27426
msgstr ""
26889
27427
26890
#: serverguide/C/dm-multipath.xml:1525(para)
27428
#: serverguide/C/dm-multipath.xml:1526(para)
26891
27429
msgid ""
26892
27430
"The dm status is similar to the path status, but from the kernel's point of "
26893
27431
"view. The dm status has two states: <emphasis "
26898
27436
"not agree."
26899
27437
msgstr ""
26900
27438
26901
#: serverguide/C/dm-multipath.xml:1533(para)
27439
#: serverguide/C/dm-multipath.xml:1534(para)
26902
27440
msgid ""
26903
27441
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
26904
27442
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
26907
27445
"disabled."
26908
27446
msgstr ""
26909
27447
26910
#: serverguide/C/dm-multipath.xml:1541(para)
27448
#: serverguide/C/dm-multipath.xml:1542(para)
26911
27449
msgid ""
26912
27450
"When a multipath device is being created or modified , the path group "
26913
27451
"status, the dm device name, the write permissions, and the dm status are not "
26914
27452
"known. Also, the features are not always correct"
26915
27453
msgstr ""
26916
27454
26917
#: serverguide/C/dm-multipath.xml:1548(title)
27455
#: serverguide/C/dm-multipath.xml:1549(title)
26918
27456
msgid "Multipath Queries with multipath Command"
26919
27457
msgstr ""
26920
27458
26921
#: serverguide/C/dm-multipath.xml:1550(para)
27459
#: serverguide/C/dm-multipath.xml:1551(para)
26922
27460
msgid ""
26923
27461
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
26924
27462
"role=\"bold\">-ll</emphasis> options of the <emphasis "
26930
27468
"available components of the system."
26931
27469
msgstr ""
26932
27470
26933
#: serverguide/C/dm-multipath.xml:1559(para)
27471
#: serverguide/C/dm-multipath.xml:1560(para)
26934
27472
msgid ""
26935
27473
"When displaying the multipath configuration, there are three verbosity "
26936
27474
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
26941
27479
"v2</emphasis> prints all detected paths, multipaths, and device maps."
26942
27480
msgstr ""
26943
27481
26944
#: serverguide/C/dm-multipath.xml:1569(para)
27482
#: serverguide/C/dm-multipath.xml:1570(para)
26945
27483
msgid ""
26946
27484
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
26947
27485
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
26950
27488
"of <filename>multipath.conf</filename>."
26951
27489
msgstr ""
26952
27490
26953
#: serverguide/C/dm-multipath.xml:1576(para)
27491
#: serverguide/C/dm-multipath.xml:1577(para)
26954
27492
msgid ""
26955
27493
"The following example shows the output of a <emphasis "
26956
27494
"role=\"bold\">multipath -l</emphasis> command."
26957
27495
msgstr ""
26958
27496
26959
#: serverguide/C/dm-multipath.xml:1579(screen)
27497
#: serverguide/C/dm-multipath.xml:1580(screen)
26960
27498
#, no-wrap
26961
27499
msgid ""
26962
27500
"# multipath -l\n"
26968
27506
" `- 7:0:0:0 sdf 8:80 active ready running"
26969
27507
msgstr ""
26970
27508
26971
#: serverguide/C/dm-multipath.xml:1587(para)
27509
#: serverguide/C/dm-multipath.xml:1588(para)
26972
27510
msgid ""
26973
27511
"The following example shows the output of a <emphasis "
26974
27512
"role=\"bold\">multipath -ll</emphasis> command."
26975
27513
msgstr ""
26976
27514
26977
#: serverguide/C/dm-multipath.xml:1590(screen)
27515
#: serverguide/C/dm-multipath.xml:1591(screen)
26978
27516
#, no-wrap
26979
27517
msgid ""
26980
27518
"# multipath -ll\n"
26991
27529
" `- 18:0:0:3 sdj 8:144 active ready running"
26992
27530
msgstr ""
26993
27531
26994
#: serverguide/C/dm-multipath.xml:1605(title)
27532
#: serverguide/C/dm-multipath.xml:1606(title)
26995
27533
msgid "Multipath Command Options"
26996
27534
msgstr ""
26997
27535
26998
#: serverguide/C/dm-multipath.xml:1607(para)
27536
#: serverguide/C/dm-multipath.xml:1608(para)
26999
27537
msgid ""
27000
27538
"Table <xref endterm=\"useful-multipath-command-options-title\" "
27001
27539
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
27003
27541
"useful."
27004
27542
msgstr ""
27005
27543
27006
#: serverguide/C/dm-multipath.xml:1613(title)
27544
#: serverguide/C/dm-multipath.xml:1614(title)
27007
27545
msgid "Useful multipath Command Options"
27008
27546
msgstr ""
27009
27547
27010
#: serverguide/C/dm-multipath.xml:1622(entry)
27548
#: serverguide/C/dm-multipath.xml:1623(entry)
27011
27549
msgid "Option"
27012
27550
msgstr ""
27013
27551
27014
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27552
#: serverguide/C/dm-multipath.xml:1630(emphasis)
27015
27553
msgid "-l"
27016
27554
msgstr ""
27017
27555
27018
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27556
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
27019
27557
msgid "sysfs"
27020
27558
msgstr ""
27021
27559
27022
#: serverguide/C/dm-multipath.xml:1630(entry)
27560
#: serverguide/C/dm-multipath.xml:1631(entry)
27023
27561
msgid ""
27024
27562
"Display the current multipath configuration gathered from <placeholder-1/> "
27025
27563
"and the device mapper."
27026
27564
msgstr ""
27027
27565
27028
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27566
#: serverguide/C/dm-multipath.xml:1637(emphasis)
27029
27567
msgid "-ll"
27030
27568
msgstr ""
27031
27569
27032
#: serverguide/C/dm-multipath.xml:1637(entry)
27570
#: serverguide/C/dm-multipath.xml:1638(entry)
27033
27571
msgid ""
27034
27572
"Display the current multipath configuration gathered from <placeholder-1/>, "
27035
27573
"the device mapper, and all other available components on the system."
27036
27574
msgstr ""
27037
27575
27038
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27576
#: serverguide/C/dm-multipath.xml:1644(emphasis)
27039
27577
msgid "-f device"
27040
27578
msgstr ""
27041
27579
27042
#: serverguide/C/dm-multipath.xml:1644(entry)
27580
#: serverguide/C/dm-multipath.xml:1645(entry)
27043
27581
msgid "Remove the named multipath device."
27044
27582
msgstr ""
27045
27583
27046
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27584
#: serverguide/C/dm-multipath.xml:1649(emphasis)
27047
27585
msgid "-F"
27048
27586
msgstr ""
27049
27587
27050
#: serverguide/C/dm-multipath.xml:1649(entry)
27588
#: serverguide/C/dm-multipath.xml:1650(entry)
27051
27589
msgid "Remove all unused multipath devices."
27052
27590
msgstr ""
27053
27591
27054
#: serverguide/C/dm-multipath.xml:1657(title)
27592
#: serverguide/C/dm-multipath.xml:1658(title)
27055
27593
msgid "Determining Device Mapper Entries with dmsetup Command"
27056
27594
msgstr ""
27057
27595
27058
#: serverguide/C/dm-multipath.xml:1659(para)
27596
#: serverguide/C/dm-multipath.xml:1660(para)
27059
27597
msgid ""
27060
27598
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27061
27599
"out which device mapper entries match the <emphasis "
27062
27600
"role=\"bold\">multipathed</emphasis> devices."
27063
27601
msgstr ""
27064
27602
27065
#: serverguide/C/dm-multipath.xml:1663(para)
27603
#: serverguide/C/dm-multipath.xml:1664(para)
27066
27604
msgid ""
27067
27605
"The following command displays all the device mapper devices and their major "
27068
27606
"and minor numbers. The minor numbers determine the name of the dm device. "
27071
27609
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
27072
27610
msgstr ""
27073
27611
27074
#: serverguide/C/dm-multipath.xml:1669(screen)
27612
#: serverguide/C/dm-multipath.xml:1670(screen)
27075
27613
#, no-wrap
27076
27614
msgid ""
27077
27615
"\n"
27094
27632
" "
27095
27633
msgstr ""
27096
27634
27097
#: serverguide/C/dm-multipath.xml:1690(title)
27635
#: serverguide/C/dm-multipath.xml:1691(title)
27098
27636
msgid "Troubleshooting with the multipathd interactive console"
27099
27637
msgstr ""
27100
27638
27101
#: serverguide/C/dm-multipath.xml:1692(para)
27639
#: serverguide/C/dm-multipath.xml:1693(para)
27102
27640
msgid ""
27103
27641
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
27104
27642
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
27108
27646
"role=\"bold\">CTRL-D</emphasis> to quit."
27109
27647
msgstr ""
27110
27648
27111
#: serverguide/C/dm-multipath.xml:1699(para)
27649
#: serverguide/C/dm-multipath.xml:1700(para)
27112
27650
msgid ""
27113
27651
"The multipathd interactive console can be used to troubleshoot problems you "
27114
27652
"may be having with your system. For example, the following command sequence "
27118
27656
"Multipathd\"</ulink> for more examples."
27119
27657
msgstr ""
27120
27658
27121
#: serverguide/C/dm-multipath.xml:1706(screen)
27659
#: serverguide/C/dm-multipath.xml:1707(screen)
27122
27660
#, no-wrap
27123
27661
msgid ""
27124
27662
"# multipathd -k\n"
27126
27664
" > > CTRL-D"
27127
27665
msgstr ""
27128
27666
27129
#: serverguide/C/dm-multipath.xml:1710(para)
27667
#: serverguide/C/dm-multipath.xml:1711(para)
27130
27668
msgid ""
27131
27669
"The following command sequence ensures that multipath has picked up any "
27132
27670
"changes to the multipath.conf,"
27133
27671
msgstr ""
27134
27672
27135
#: serverguide/C/dm-multipath.xml:1713(screen)
27673
#: serverguide/C/dm-multipath.xml:1714(screen)
27136
27674
#, no-wrap
27137
27675
msgid ""
27138
27676
"\n"
27141
27679
"> > CTRL-D\n"
27142
27680
msgstr ""
27143
27681
27144
#: serverguide/C/dm-multipath.xml:1719(para)
27682
#: serverguide/C/dm-multipath.xml:1720(para)
27145
27683
msgid ""
27146
27684
"Use the following command sequence to ensure that the path checker is "
27147
27685
"working properly."
27148
27686
msgstr ""
27149
27687
27150
#: serverguide/C/dm-multipath.xml:1722(screen)
27688
#: serverguide/C/dm-multipath.xml:1723(screen)
27151
27689
#, no-wrap
27152
27690
msgid ""
27153
27691
"\n"
27156
27694
"> > CTRL-D\n"
27157
27695
msgstr ""
27158
27696
27159
#: serverguide/C/dm-multipath.xml:1728(para)
27697
#: serverguide/C/dm-multipath.xml:1729(para)
27160
27698
msgid ""
27161
27699
"Commands can also be streamed into multipathd using stdin like so:<screen># "
27162
27700
"echo 'show config' | multipathd -k</screen>"
27170
27708
msgid "Ubuntu provides two popular database servers. They are:"
27171
27709
msgstr ""
27172
27710
27173
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27711
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27174
27712
msgid "MySQL"
27175
27713
msgstr ""
27176
27714
27177
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
27715
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
27178
27716
msgid "PostgreSQL"
27179
27717
msgstr ""
27180
27718
27195
27733
msgid "To install MySQL, run the following command from a terminal prompt:"
27196
27734
msgstr ""
27197
27735
27198
#: serverguide/C/databases.xml:42(command)
27736
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
27199
27737
msgid "sudo apt-get install mysql-server"
27200
27738
msgstr ""
27201
27739
27202
#: serverguide/C/databases.xml:44(para)
27740
#: serverguide/C/databases.xml:51(para)
27203
27741
msgid ""
27204
27742
"During the installation process you will be prompted to enter a password for "
27205
27743
"the MySQL root user."
27206
27744
msgstr ""
27207
27745
27208
#: serverguide/C/databases.xml:48(para)
27746
#: serverguide/C/databases.xml:55(para)
27209
27747
msgid ""
27210
27748
"Once the installation is complete, the MySQL server should be started "
27211
27749
"automatically. You can run the following command from a terminal prompt to "
27212
27750
"check whether the MySQL server is running:"
27213
27751
msgstr ""
27214
27752
27215
#: serverguide/C/databases.xml:55(command)
27753
#: serverguide/C/databases.xml:62(command)
27216
27754
msgid "sudo netstat -tap | grep mysql"
27217
27755
msgstr ""
27218
27756
27219
#: serverguide/C/databases.xml:58(para)
27757
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
27220
27758
msgid ""
27221
27759
"When you run this command, you should see the following line or something "
27222
27760
"similar:"
27223
27761
msgstr ""
27224
27762
27225
#: serverguide/C/databases.xml:62(programlisting)
27763
#: serverguide/C/databases.xml:69(programlisting)
27226
27764
#, no-wrap
27227
27765
msgid ""
27228
27766
"\n"
27230
27768
"2556/mysqld\n"
27231
27769
msgstr ""
27232
27770
27233
#: serverguide/C/databases.xml:65(para)
27771
#: serverguide/C/databases.xml:72(para)
27234
27772
msgid ""
27235
27773
"If the server is not running correctly, you can type the following command "
27236
27774
"to start it:"
27237
27775
msgstr ""
27238
27776
27239
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
27777
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
27240
27778
msgid "sudo service mysql restart"
27241
27779
msgstr ""
27242
27780
27243
#: serverguide/C/databases.xml:74(para)
27781
#: serverguide/C/databases.xml:81(para)
27244
27782
msgid ""
27245
27783
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
27246
27784
"the basic settings -- log file, port number, etc. For example, to configure "
27248
27786
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
27249
27787
msgstr ""
27250
27788
27251
#: serverguide/C/databases.xml:80(programlisting)
27789
#: serverguide/C/databases.xml:87(programlisting)
27252
27790
#, no-wrap
27253
27791
msgid ""
27254
27792
"\n"
27255
27793
"bind-address = 192.168.0.5\n"
27256
27794
msgstr ""
27257
27795
27258
#: serverguide/C/databases.xml:84(para)
27796
#: serverguide/C/databases.xml:91(para)
27259
27797
msgid "Replace 192.168.0.5 with the appropriate address."
27260
27798
msgstr ""
27261
27799
27262
#: serverguide/C/databases.xml:88(para)
27800
#: serverguide/C/databases.xml:95(para)
27263
27801
msgid ""
27264
27802
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
27265
27803
"daemon will need to be restarted:"
27266
27804
msgstr ""
27267
27805
27268
#: serverguide/C/databases.xml:95(para)
27806
#: serverguide/C/databases.xml:102(para)
27269
27807
msgid ""
27270
27808
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
27271
27809
"a terminal enter:"
27272
27810
msgstr ""
27273
27811
27274
#: serverguide/C/databases.xml:100(command)
27812
#: serverguide/C/databases.xml:107(command)
27275
27813
msgid "sudo dpkg-reconfigure mysql-server-5.5"
27276
27814
msgstr ""
27277
27815
27278
#: serverguide/C/databases.xml:102(para)
27816
#: serverguide/C/databases.xml:109(para)
27279
27817
msgid ""
27280
27818
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
27281
27819
"password."
27282
27820
msgstr ""
27283
27821
27284
#: serverguide/C/databases.xml:107(title)
27822
#: serverguide/C/databases.xml:114(title)
27285
27823
msgid "Database Engines"
27286
27824
msgstr ""
27287
27825
27288
#: serverguide/C/databases.xml:108(para)
27826
#: serverguide/C/databases.xml:115(para)
27289
27827
msgid ""
27290
27828
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
27291
27829
"perfectly functional and performs well there are things you may wish to "
27292
27830
"consider before you proceed."
27293
27831
msgstr ""
27294
27832
27295
#: serverguide/C/databases.xml:112(para)
27833
#: serverguide/C/databases.xml:119(para)
27296
27834
msgid ""
27297
27835
"MySQL is designed to allow data to be stored in different ways. These "
27298
27836
"methods are referred to as either database or storage engines. There are two "
27302
27840
"use, you will interact with the database in the same way."
27303
27841
msgstr ""
27304
27842
27305
#: serverguide/C/databases.xml:119(para)
27843
#: serverguide/C/databases.xml:126(para)
27306
27844
msgid "Each engine has its own advantages and disadvantages."
27307
27845
msgstr ""
27308
27846
27309
#: serverguide/C/databases.xml:122(para)
27847
#: serverguide/C/databases.xml:129(para)
27310
27848
msgid ""
27311
27849
"While it is possible, and may be advantageous to mix and match database "
27312
27850
"engines on a table level, doing so reduces the effectiveness of the "
27314
27852
"two engines instead of dedicating them to one."
27315
27853
msgstr ""
27316
27854
27317
#: serverguide/C/databases.xml:129(para)
27855
#: serverguide/C/databases.xml:136(para)
27318
27856
msgid ""
27319
27857
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
27320
27858
"circumstances and favours a read only workload. Some web applications have "
27330
27868
"production/\">MyISAM on a production database</ulink>."
27331
27869
msgstr ""
27332
27870
27333
#: serverguide/C/databases.xml:143(para)
27871
#: serverguide/C/databases.xml:150(para)
27334
27872
msgid ""
27335
27873
"InnoDB is a more modern database engine, designed to be <ulink "
27336
27874
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
27343
27881
"reliable data recovery as data consistency can be checked."
27344
27882
msgstr ""
27345
27883
27346
#: serverguide/C/databases.xml:156(para)
27884
#: serverguide/C/databases.xml:163(para)
27347
27885
msgid ""
27348
27886
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
27349
27887
"MyISAM unless you have specific need for features unique to the engine."
27350
27888
msgstr ""
27351
27889
27352
#: serverguide/C/databases.xml:163(title)
27890
#: serverguide/C/databases.xml:170(title)
27353
27891
msgid "Creating a tuned my.cnf file"
27354
27892
msgstr ""
27355
27893
27356
#: serverguide/C/databases.xml:164(para)
27894
#: serverguide/C/databases.xml:171(para)
27357
27895
msgid ""
27358
27896
"There are a number of parameters that can be adjusted within MySQL's "
27359
27897
"configuration file that will allow you to improve the performance of the "
27406
27944
"</screen> Once that is complete all is good to go!"
27407
27945
msgstr ""
27408
27946
27409
#: serverguide/C/databases.xml:206(para)
27947
#: serverguide/C/databases.xml:213(para)
27410
27948
msgid ""
27411
27949
"This is not necessary for all my.cnf changes. Most of the variables you may "
27412
27950
"wish to change to improve performance are adjustable even whilst the server "
27414
27952
"files and data before making changes."
27415
27953
msgstr ""
27416
27954
27417
#: serverguide/C/databases.xml:215(title)
27955
#: serverguide/C/databases.xml:222(title)
27418
27956
msgid "MySQL Tuner"
27419
27957
msgstr ""
27420
27958
27421
#: serverguide/C/databases.xml:216(para)
27959
#: serverguide/C/databases.xml:223(para)
27422
27960
msgid ""
27423
27961
"<application>MySQL Tuner</application> is a useful tool that will connect to "
27424
27962
"a running MySQL instance and offer suggestions for how it can be best "
27450
27988
"</screen>"
27451
27989
msgstr ""
27452
27990
27453
#: serverguide/C/databases.xml:250(para)
27991
#: serverguide/C/databases.xml:257(para)
27454
27992
msgid ""
27455
27993
"One final comment on tuning databases: Whilst we can broadly say that "
27456
27994
"certain settings are the best, performance can vary from application to "
27465
28003
"either using more powerful hardware or by adding slave servers."
27466
28004
msgstr ""
27467
28005
27468
#: serverguide/C/databases.xml:267(para)
28006
#: serverguide/C/databases.xml:274(para)
27469
28007
msgid ""
27470
28008
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
27471
28009
"more information."
27472
28010
msgstr ""
27473
28011
27474
#: serverguide/C/databases.xml:272(para)
28012
#: serverguide/C/databases.xml:279(para)
27475
28013
msgid ""
27476
28014
"Full documentation is available in both online and offline formats from the "
27477
28015
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
27478
28016
msgstr ""
27479
28017
27480
#: serverguide/C/databases.xml:278(para)
28018
#: serverguide/C/databases.xml:285(para)
27481
28019
msgid ""
27482
28020
"For general SQL information see <ulink "
27483
28021
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
27484
28022
"SQL Special Edition</ulink> by Rafe Colburn."
27485
28023
msgstr ""
27486
28024
27487
#: serverguide/C/databases.xml:284(para)
28025
#: serverguide/C/databases.xml:291(para)
27488
28026
msgid ""
27489
28027
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
27490
28028
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
27503
28041
"in the command prompt:"
27504
28042
msgstr ""
27505
28043
27506
#: serverguide/C/databases.xml:307(command)
28044
#: serverguide/C/databases.xml:314(command)
27507
28045
msgid "sudo apt-get install postgresql"
27508
28046
msgstr ""
27509
28047
27550
28088
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
27551
28089
msgstr ""
27552
28090
27553
#: serverguide/C/databases.xml:339(para)
28091
#: serverguide/C/databases.xml:346(para)
27554
28092
msgid ""
27555
28093
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
27556
28094
"change it to:"
27582
28120
"default <application>PostgreSQL</application> template database:"
27583
28121
msgstr ""
27584
28122
27585
#: serverguide/C/databases.xml:362(command)
28123
#: serverguide/C/databases.xml:370(command)
27586
28124
msgid "sudo -u postgres psql template1"
27587
28125
msgstr ""
27588
28126
27596
28134
"user <emphasis role=\"italics\">postgres</emphasis>."
27597
28135
msgstr ""
27598
28136
27599
#: serverguide/C/databases.xml:372(command)
28137
#: serverguide/C/databases.xml:380(command)
27600
28138
msgid "ALTER USER postgres with encrypted password 'your_password';"
27601
28139
msgstr ""
27602
28140
27608
28146
"<emphasis>postgres</emphasis> user:"
27609
28147
msgstr ""
27610
28148
27611
#: serverguide/C/databases.xml:380(programlisting)
28149
#: serverguide/C/databases.xml:388(programlisting)
27612
28150
#, no-wrap
27613
28151
msgid ""
27614
28152
"\n"
27615
28153
"local all postgres md5\n"
27616
28154
msgstr ""
27617
28155
27618
#: serverguide/C/databases.xml:384(para)
28156
#: serverguide/C/databases.xml:392(para)
27619
28157
msgid ""
27620
28158
"Finally, you should restart the <application>PostgreSQL</application> "
27621
28159
"service to initialize the new configuration. From a terminal prompt enter "
27651
28189
msgid "Replace the domain name with your actual server domain name."
27652
28190
msgstr ""
27653
28191
27654
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28192
#: serverguide/C/backups.xml:11(title)
27655
28193
msgid "Backups"
27656
28194
msgstr ""
27657
28195
27682
28220
"9.1/html/index.html</command> into the address bar of your browser."
27683
28221
msgstr ""
27684
28222
27685
#: serverguide/C/databases.xml:436(para)
28223
#: serverguide/C/databases.xml:426(para)
27686
28224
msgid ""
27687
28225
"For general SQL information see <ulink "
27688
28226
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
27689
28227
"Special Edition</ulink> by Rafe Colburn."
27690
28228
msgstr ""
27691
28229
27692
#: serverguide/C/databases.xml:442(para)
28230
#: serverguide/C/databases.xml:432(para)
27693
28231
msgid ""
27694
28232
"Also, see the <ulink "
27695
28233
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
29555
30093
"Launchpad Contributions:\n"
29556
30094
" Launchpad Translations Administrators https://launchpad.net/~rosetta\n"
29557
30095
" Мирослав Николић https://launchpad.net/~lipek"
30096
30097
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
30098
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1