2930
2952
"a GUI), or via a remote VNC client from a GUI based computer."
2933
#: serverguide/C/virtualization.xml:206(title)
2955
#: serverguide/C/virtualization.xml:179(title)
2934
2956
msgid "virt-clone"
2937
#: serverguide/C/virtualization.xml:208(para)
2959
#: serverguide/C/virtualization.xml:180(para)
2939
2961
"The <application>virt-clone</application> application can be used to copy "
2940
2962
"one virtual machine to another. For example:"
2943
#: serverguide/C/virtualization.xml:212(command)
2965
#: serverguide/C/virtualization.xml:184(command)
2945
2967
"sudo virt-clone -o web_devel -n database_devel -f "
2946
2968
"/path/to/database_devel.img \\ --connect=qemu:///system"
2949
#: serverguide/C/virtualization.xml:218(para)
2971
#: serverguide/C/virtualization.xml:189(para)
2950
2972
msgid "<emphasis>-o:</emphasis> original virtual machine."
2953
#: serverguide/C/virtualization.xml:222(para)
2975
#: serverguide/C/virtualization.xml:194(para)
2954
2976
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2957
#: serverguide/C/virtualization.xml:227(para)
2979
#: serverguide/C/virtualization.xml:199(para)
2959
2981
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2960
2982
"be used by the new virtual machine."
2963
#: serverguide/C/virtualization.xml:232(para)
2985
#: serverguide/C/virtualization.xml:204(para)
2965
2987
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2968
#: serverguide/C/virtualization.xml:237(para)
2990
#: serverguide/C/virtualization.xml:209(para)
2970
2992
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2971
2993
"help troubleshoot problems with <application>virt-clone</application>."
2974
#: serverguide/C/virtualization.xml:242(para)
2996
#: serverguide/C/virtualization.xml:214(para)
2976
2998
"Replace <emphasis>web_devel</emphasis> and "
2977
2999
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2980
#: serverguide/C/virtualization.xml:249(title)
3002
#: serverguide/C/virtualization.xml:220(title)
2981
3003
msgid "Virtual Machine Management"
2984
#: serverguide/C/virtualization.xml:252(title)
3006
#: serverguide/C/virtualization.xml:222(title)
2988
#: serverguide/C/virtualization.xml:254(para)
3010
#: serverguide/C/virtualization.xml:223(para)
2990
3012
"There are several utilities available to manage virtual machines and "
2991
3013
"<application>libvirt</application>. The <application>virsh</application> "
2992
3014
"utility can be used from the command line. Some examples:"
2995
#: serverguide/C/virtualization.xml:261(para)
3017
#: serverguide/C/virtualization.xml:229(para)
2996
3018
msgid "To list running virtual machines:"
2999
#: serverguide/C/virtualization.xml:264(command)
3021
#: serverguide/C/virtualization.xml:233(command)
3000
3022
msgid "virsh -c qemu:///system list"
3003
#: serverguide/C/virtualization.xml:269(para)
3025
#: serverguide/C/virtualization.xml:237(para)
3004
3026
msgid "To start a virtual machine:"
3007
#: serverguide/C/virtualization.xml:272(command)
3029
#: serverguide/C/virtualization.xml:241(command)
3008
3030
msgid "virsh -c qemu:///system start web_devel"
3011
#: serverguide/C/virtualization.xml:277(para)
3033
#: serverguide/C/virtualization.xml:245(para)
3012
3034
msgid "Similarly, to start a virtual machine at boot:"
3015
#: serverguide/C/virtualization.xml:280(command)
3037
#: serverguide/C/virtualization.xml:249(command)
3016
3038
msgid "virsh -c qemu:///system autostart web_devel"
3019
#: serverguide/C/virtualization.xml:285(para)
3041
#: serverguide/C/virtualization.xml:253(para)
3020
3042
msgid "Reboot a virtual machine with:"
3023
#: serverguide/C/virtualization.xml:288(command)
3045
#: serverguide/C/virtualization.xml:257(command)
3024
3046
msgid "virsh -c qemu:///system reboot web_devel"
3027
#: serverguide/C/virtualization.xml:293(para)
3049
#: serverguide/C/virtualization.xml:261(para)
3029
3051
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3030
3052
"order to be restored later. The following will save the virtual machine "
3031
3053
"state into a file named according to the date:"
3034
#: serverguide/C/virtualization.xml:299(command)
3056
#: serverguide/C/virtualization.xml:266(command)
3035
3057
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3038
#: serverguide/C/virtualization.xml:302(para)
3060
#: serverguide/C/virtualization.xml:268(para)
3039
3061
msgid "Once saved the virtual machine will no longer be running."
3042
#: serverguide/C/virtualization.xml:307(para)
3064
#: serverguide/C/virtualization.xml:273(para)
3043
3065
msgid "A saved virtual machine can be restored using:"
3046
#: serverguide/C/virtualization.xml:310(command)
3068
#: serverguide/C/virtualization.xml:277(command)
3047
3069
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3050
#: serverguide/C/virtualization.xml:315(para)
3072
#: serverguide/C/virtualization.xml:281(para)
3051
3073
msgid "To shutdown a virtual machine do:"
3054
#: serverguide/C/virtualization.xml:318(command)
3076
#: serverguide/C/virtualization.xml:285(command)
3055
3077
msgid "virsh -c qemu:///system shutdown web_devel"
3058
#: serverguide/C/virtualization.xml:323(para)
3080
#: serverguide/C/virtualization.xml:289(para)
3059
3081
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3062
#: serverguide/C/virtualization.xml:327(command)
3084
#: serverguide/C/virtualization.xml:293(command)
3063
3085
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3066
#: serverguide/C/virtualization.xml:333(para)
3088
#: serverguide/C/virtualization.xml:298(para)
3068
3090
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3069
3091
"appropriate virtual machine name, and <filename>web_devel-"
3070
3092
"022708.state</filename> with a descriptive file name."
3073
#: serverguide/C/virtualization.xml:341(title)
3095
#: serverguide/C/virtualization.xml:305(title)
3074
3096
msgid "Virtual Machine Manager"
3077
#: serverguide/C/virtualization.xml:343(para)
3099
#: serverguide/C/virtualization.xml:306(para)
3079
3101
"The <application>virt-manager</application> package contains a graphical "
3080
3102
"utility to manage local and remote virtual machines. To install virt-manager "
3084
#: serverguide/C/virtualization.xml:348(command)
3106
#: serverguide/C/virtualization.xml:311(command)
3085
3107
msgid "sudo apt-get install virt-manager"
3088
#: serverguide/C/virtualization.xml:351(para)
3110
#: serverguide/C/virtualization.xml:313(para)
3090
3112
"Since <application>virt-manager</application> requires a Graphical User "
3091
3113
"Interface (GUI) environment it is recommended to be installed on a "
5886
5911
"package for account management."
5889
#: serverguide/C/security.xml:88(para)
5914
#: serverguide/C/security.xml:77(para)
5891
5916
"To add a user account, use the following syntax, and follow the prompts to "
5892
5917
"give the account a password and identifiable characteristics such as a full "
5893
5918
"name, phone number, etc."
5896
#: serverguide/C/security.xml:92(command)
5921
#: serverguide/C/security.xml:81(command)
5897
5922
msgid "sudo adduser username"
5900
#: serverguide/C/security.xml:96(para)
5925
#: serverguide/C/security.xml:85(para)
5902
5927
"To delete a user account and its primary group, use the following syntax:"
5905
#: serverguide/C/security.xml:100(command)
5930
#: serverguide/C/security.xml:89(command)
5906
5931
msgid "sudo deluser username"
5909
#: serverguide/C/security.xml:102(para)
5934
#: serverguide/C/security.xml:91(para)
5911
5936
"Deleting an account does not remove their respective home folder. It is up "
5912
5937
"to you whether or not you wish to delete the folder manually or keep it "
5913
5938
"according to your desired retention policies."
5916
#: serverguide/C/security.xml:105(para)
5941
#: serverguide/C/security.xml:94(para)
5918
5943
"Remember, any user added later on with the same UID/GID as the previous "
5919
5944
"owner will now have access to this folder if you have not taken the "
5920
5945
"necessary precautions."
5923
#: serverguide/C/security.xml:108(para)
5948
#: serverguide/C/security.xml:97(para)
5925
5950
"You may want to change these UID/GID values to something more appropriate, "
5926
5951
"such as the root account, and perhaps even relocate the folder to avoid "
5927
5952
"future conflicts:"
5930
#: serverguide/C/security.xml:112(command)
5955
#: serverguide/C/security.xml:101(command)
5931
5956
msgid "sudo chown -R root:root /home/username/"
5934
#: serverguide/C/security.xml:113(command)
5959
#: serverguide/C/security.xml:102(command)
5935
5960
msgid "sudo mkdir /home/archived_users/"
5938
#: serverguide/C/security.xml:114(command)
5963
#: serverguide/C/security.xml:103(command)
5939
5964
msgid "sudo mv /home/username /home/archived_users/"
5942
#: serverguide/C/security.xml:118(para)
5967
#: serverguide/C/security.xml:107(para)
5944
5969
"To temporarily lock or unlock a user account, use the following syntax, "
5945
5970
"respectively:"
5948
#: serverguide/C/security.xml:122(command)
5973
#: serverguide/C/security.xml:111(command)
5949
5974
msgid "sudo passwd -l username"
5952
#: serverguide/C/security.xml:123(command)
5977
#: serverguide/C/security.xml:112(command)
5953
5978
msgid "sudo passwd -u username"
5956
#: serverguide/C/security.xml:127(para)
5981
#: serverguide/C/security.xml:116(para)
5958
5983
"To add or delete a personalized group, use the following syntax, "
5959
5984
"respectively:"
5962
#: serverguide/C/security.xml:131(command)
5987
#: serverguide/C/security.xml:120(command)
5963
5988
msgid "sudo addgroup groupname"
5966
#: serverguide/C/security.xml:132(command)
5991
#: serverguide/C/security.xml:121(command)
5967
5992
msgid "sudo delgroup groupname"
5970
#: serverguide/C/security.xml:136(para)
5995
#: serverguide/C/security.xml:125(para)
5971
5996
msgid "To add a user to a group, use the following syntax:"
5974
#: serverguide/C/security.xml:140(command)
5999
#: serverguide/C/security.xml:129(command)
5975
6000
msgid "sudo adduser username groupname"
5978
#: serverguide/C/security.xml:147(title)
6003
#: serverguide/C/security.xml:136(title)
5979
6004
msgid "User Profile Security"
5982
#: serverguide/C/security.xml:148(para)
6007
#: serverguide/C/security.xml:137(para)
5984
6009
"When a new user is created, the adduser utility creates a brand new home "
5985
6010
"directory named <filename class=\"directory\">/home/username</filename>, "
6391
6416
"to create an IPv4 or IPv6 host-based firewall."
6394
#: serverguide/C/security.xml:388(para)
6419
#: serverguide/C/security.xml:373(para)
6396
6421
"<application>ufw</application> by default is initially disabled. From the "
6397
6422
"<application>ufw</application> man page:"
6400
#: serverguide/C/security.xml:392(quote)
6425
#: serverguide/C/security.xml:377(quote)
6402
6427
"ufw is not intended to provide complete firewall functionality via its "
6403
6428
"command interface, but instead provides an easy way to add or remove simple "
6404
6429
"rules. It is currently mainly used for host-based firewalls."
6407
#: serverguide/C/security.xml:396(para)
6432
#: serverguide/C/security.xml:381(para)
6409
6434
"The following are some examples of how to use <application>ufw</application>:"
6412
#: serverguide/C/security.xml:401(para)
6437
#: serverguide/C/security.xml:386(para)
6414
6439
"First, <application>ufw</application> needs to be enabled. From a terminal "
6415
6440
"prompt enter:"
6418
#: serverguide/C/security.xml:405(command)
6443
#: serverguide/C/security.xml:390(command)
6419
6444
msgid "sudo ufw enable"
6422
#: serverguide/C/security.xml:409(para)
6447
#: serverguide/C/security.xml:394(para)
6423
6448
msgid "To open a port (ssh in this example):"
6426
#: serverguide/C/security.xml:413(command)
6451
#: serverguide/C/security.xml:398(command)
6427
6452
msgid "sudo ufw allow 22"
6430
#: serverguide/C/security.xml:417(para)
6455
#: serverguide/C/security.xml:402(para)
6431
6456
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6434
#: serverguide/C/security.xml:421(command)
6459
#: serverguide/C/security.xml:406(command)
6435
6460
msgid "sudo ufw insert 1 allow 80"
6438
#: serverguide/C/security.xml:425(para)
6463
#: serverguide/C/security.xml:410(para)
6439
6464
msgid "Similarly, to close an opened port:"
6442
#: serverguide/C/security.xml:429(command)
6467
#: serverguide/C/security.xml:414(command)
6443
6468
msgid "sudo ufw deny 22"
6446
#: serverguide/C/security.xml:433(para)
6471
#: serverguide/C/security.xml:418(para)
6447
6472
msgid "To remove a rule, use delete followed by the rule:"
6450
#: serverguide/C/security.xml:437(command)
6475
#: serverguide/C/security.xml:422(command)
6451
6476
msgid "sudo ufw delete deny 22"
6454
#: serverguide/C/security.xml:441(para)
6479
#: serverguide/C/security.xml:426(para)
6456
6481
"It is also possible to allow access from specific hosts or networks to a "
6457
6482
"port. The following example allows ssh access from host 192.168.0.2 to any "
6458
6483
"ip address on this host:"
6461
#: serverguide/C/security.xml:446(command)
6486
#: serverguide/C/security.xml:431(command)
6462
6487
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6465
#: serverguide/C/security.xml:448(para)
6490
#: serverguide/C/security.xml:433(para)
6467
6492
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6471
#: serverguide/C/security.xml:454(para)
6496
#: serverguide/C/security.xml:439(para)
6473
6498
"Adding the <emphasis>--dry-run</emphasis> option to a "
6474
6499
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6785
6810
"forward</emphasis> chain."
6788
#: serverguide/C/security.xml:720(title)
6813
#: serverguide/C/security.xml:705(title)
6789
6814
msgid "iptables Masquerading"
6792
#: serverguide/C/security.xml:721(para)
6817
#: serverguide/C/security.xml:706(para)
6794
6819
"<application>iptables</application> can also be used to enable Masquerading."
6797
#: serverguide/C/security.xml:726(para)
6822
#: serverguide/C/security.xml:711(para)
6799
6824
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6800
6825
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6801
6826
"uncomment the following line"
6804
#: serverguide/C/security.xml:730(programlisting)
6829
#: serverguide/C/security.xml:715(programlisting)
6808
6833
"net.ipv4.ip_forward=1\n"
6811
#: serverguide/C/security.xml:733(para)
6836
#: serverguide/C/security.xml:718(para)
6812
6837
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6815
#: serverguide/C/security.xml:736(programlisting)
6840
#: serverguide/C/security.xml:721(programlisting)
6819
6844
"net.ipv6.conf.default.forwarding=1\n"
6822
#: serverguide/C/security.xml:741(para)
6847
#: serverguide/C/security.xml:726(para)
6824
6849
"Next, execute the <application>sysctl</application> command to enable the "
6825
6850
"new settings in the configuration file:"
6828
#: serverguide/C/security.xml:745(command)
6853
#: serverguide/C/security.xml:730(command)
6829
6854
msgid "sudo sysctl -p"
6832
#: serverguide/C/security.xml:749(para)
6857
#: serverguide/C/security.xml:734(para)
6834
6859
"IP Masquerading can now be accomplished with a single iptables rule, which "
6835
6860
"may differ slightly based on your network configuration:"
6838
#: serverguide/C/security.xml:752(screen)
6863
#: serverguide/C/security.xml:737(screen)
6842
6867
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6845
#: serverguide/C/security.xml:755(para)
6870
#: serverguide/C/security.xml:740(para)
6847
6872
"The above command assumes that your private address space is 192.168.0.0/16 "
6848
6873
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6852
#: serverguide/C/security.xml:760(para)
6877
#: serverguide/C/security.xml:745(para)
6853
6878
msgid "-t nat -- the rule is to go into the nat table"
6856
#: serverguide/C/security.xml:761(para)
6881
#: serverguide/C/security.xml:746(para)
6858
6883
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6861
#: serverguide/C/security.xml:762(para)
6886
#: serverguide/C/security.xml:747(para)
6863
6888
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6864
6889
"specified address space"
6867
#: serverguide/C/security.xml:763(para)
6892
#: serverguide/C/security.xml:748(para)
6869
6894
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6870
6895
"specified network device"
6873
#: serverguide/C/security.xml:765(para)
6898
#: serverguide/C/security.xml:750(para)
6875
6900
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6876
6901
"MASQUERADE target to be manipulated as described above"
6879
#: serverguide/C/security.xml:773(para)
6904
#: serverguide/C/security.xml:758(para)
6881
6906
"Also, each chain in the filter table (the default table, and where most or "
6882
6907
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7075
7100
"<application>apparmor-profiles</application> package."
7078
#: serverguide/C/security.xml:921(para)
7103
#: serverguide/C/security.xml:907(para)
7080
7105
"To install the <application>apparmor-profiles</application> package from a "
7081
7106
"terminal prompt:"
7084
#: serverguide/C/security.xml:925(command)
7109
#: serverguide/C/security.xml:911(command)
7085
7110
msgid "sudo apt-get install apparmor-profiles"
7088
#: serverguide/C/security.xml:927(para)
7113
#: serverguide/C/security.xml:913(para)
7089
7114
msgid "AppArmor profiles have two modes of execution:"
7092
#: serverguide/C/security.xml:932(para)
7117
#: serverguide/C/security.xml:918(para)
7094
7119
"Complaining/Learning: profile violations are permitted and logged. Useful "
7095
7120
"for testing and developing new profiles."
7098
#: serverguide/C/security.xml:937(para)
7123
#: serverguide/C/security.xml:923(para)
7100
7125
"Enforced/Confined: enforces profile policy as well as logging the violation."
7103
#: serverguide/C/security.xml:943(title)
7128
#: serverguide/C/security.xml:929(title)
7104
7129
msgid "Using AppArmor"
7107
#: serverguide/C/security.xml:944(para)
7132
#: serverguide/C/security.xml:945(para)
7134
"This section is plagued by a bug (<ulink "
7135
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7136
"#1304134</ulink>) and instructions will not work as advertised."
7139
#: serverguide/C/security.xml:930(para)
7109
7141
"The <application>apparmor-utils</application> package contains command line "
7110
7142
"utilities that you can use to change the <application>AppArmor</application> "
7111
7143
"execution mode, find the status of a profile, create new profiles, etc."
7114
#: serverguide/C/security.xml:950(para)
7146
#: serverguide/C/security.xml:936(para)
7116
7148
"<application>apparmor_status</application> is used to view the current "
7117
7149
"status of AppArmor profiles."
7120
#: serverguide/C/security.xml:954(command)
7152
#: serverguide/C/security.xml:940(command)
7121
7153
msgid "sudo apparmor_status"
7124
#: serverguide/C/security.xml:958(para)
7156
#: serverguide/C/security.xml:944(para)
7126
7158
"<application>aa-complain</application> places a profile into "
7127
7159
"<emphasis>complain</emphasis> mode."
7130
#: serverguide/C/security.xml:962(command)
7162
#: serverguide/C/security.xml:948(command)
7131
7163
msgid "sudo aa-complain /path/to/bin"
7134
#: serverguide/C/security.xml:966(para)
7166
#: serverguide/C/security.xml:952(para)
7136
7168
"<application>aa-enforce</application> places a profile into "
7137
7169
"<emphasis>enforce</emphasis> mode."
7140
#: serverguide/C/security.xml:970(command)
7172
#: serverguide/C/security.xml:956(command)
7141
7173
msgid "sudo aa-enforce /path/to/bin"
7144
#: serverguide/C/security.xml:974(para)
7176
#: serverguide/C/security.xml:960(para)
7146
7178
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7147
7179
"profiles are located. It can be used to manipulate the "
7148
7180
"<emphasis>mode</emphasis> of all profiles."
7151
#: serverguide/C/security.xml:978(para)
7183
#: serverguide/C/security.xml:964(para)
7152
7184
msgid "Enter the following to place all profiles into complain mode:"
7155
#: serverguide/C/security.xml:982(command)
7187
#: serverguide/C/security.xml:968(command)
7156
7188
msgid "sudo aa-complain /etc/apparmor.d/*"
7159
#: serverguide/C/security.xml:984(para)
7191
#: serverguide/C/security.xml:970(para)
7160
7192
msgid "To place all profiles in enforce mode:"
7163
#: serverguide/C/security.xml:988(command)
7195
#: serverguide/C/security.xml:974(command)
7164
7196
msgid "sudo aa-enforce /etc/apparmor.d/*"
7167
#: serverguide/C/security.xml:992(para)
7199
#: serverguide/C/security.xml:978(para)
7169
7201
"<application>apparmor_parser</application> is used to load a profile into "
7170
7202
"the kernel. It can also be used to reload a currently loaded profile using "
7171
7203
"the <emphasis>-r</emphasis> option. To load a profile:"
7174
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7206
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7175
7207
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7178
#: serverguide/C/security.xml:999(para)
7210
#: serverguide/C/security.xml:985(para)
7179
7211
msgid "To reload a profile:"
7182
#: serverguide/C/security.xml:1003(command)
7214
#: serverguide/C/security.xml:989(command)
7183
7215
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7186
#: serverguide/C/security.xml:1007(para)
7218
#: serverguide/C/security.xml:1013(para)
7188
7220
"<filename>service apparmor</filename> can be used to "
7189
7221
"<emphasis>reload</emphasis> all profiles:"
7192
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7224
#: serverguide/C/network-auth.xml:964(command)
7193
7225
msgid "sudo service apparmor reload"
7196
#: serverguide/C/security.xml:1015(para)
7228
#: serverguide/C/security.xml:1001(para)
7198
7230
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7199
7231
"with the <application>apparmor_parser -R</application> option to "
7200
7232
"<emphasis>disable</emphasis> a profile."
7203
#: serverguide/C/security.xml:1020(command)
7235
#: serverguide/C/security.xml:1006(command)
7204
7236
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7207
#: serverguide/C/security.xml:1021(command)
7239
#: serverguide/C/security.xml:1007(command)
7208
7240
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7211
#: serverguide/C/security.xml:1023(para)
7243
#: serverguide/C/security.xml:1009(para)
7213
7245
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7214
7246
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7215
7247
"load the profile using the <emphasis>-a</emphasis> option."
7218
#: serverguide/C/security.xml:1028(command)
7250
#: serverguide/C/security.xml:1014(command)
7219
7251
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7222
#: serverguide/C/security.xml:1033(para)
7254
#: serverguide/C/security.xml:1019(para)
7224
7256
"<application>AppArmor</application> can be disabled, and the kernel module "
7225
7257
"unloaded by entering the following:"
7228
#: serverguide/C/security.xml:1037(command)
7260
#: serverguide/C/security.xml:1043(command)
7229
7261
msgid "sudo service apparmor stop"
7232
#: serverguide/C/security.xml:1038(command)
7264
#: serverguide/C/security.xml:1024(command)
7233
7265
msgid "sudo update-rc.d -f apparmor remove"
7236
#: serverguide/C/security.xml:1042(para)
7268
#: serverguide/C/security.xml:1028(para)
7237
7269
msgid "To re-enable <application>AppArmor</application> enter:"
7240
#: serverguide/C/security.xml:1046(command)
7272
#: serverguide/C/security.xml:1052(command)
7241
7273
msgid "sudo service apparmor start"
7244
#: serverguide/C/security.xml:1047(command)
7276
#: serverguide/C/security.xml:1033(command)
7245
7277
msgid "sudo update-rc.d apparmor defaults"
7248
#: serverguide/C/security.xml:1052(para)
7280
#: serverguide/C/security.xml:1038(para)
7250
7282
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7251
7283
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7932
7964
"filesystem, partition type, etc."
7935
#: serverguide/C/security.xml:1661(para)
7967
#: serverguide/C/security.xml:1647(para)
7937
7969
"During installation there is an option to encrypt the <filename "
7938
7970
"role=\"directory\">/home</filename> partition. This will automatically "
7939
7971
"configure everything needed to encrypt and mount the partition."
7942
#: serverguide/C/security.xml:1666(para)
7974
#: serverguide/C/security.xml:1652(para)
7944
7976
"As an example, this section will cover configuring <filename "
7945
7977
"role=\"directory\">/srv</filename> to be encrypted using "
7946
7978
"<emphasis>eCryptfs</emphasis>."
7949
#: serverguide/C/security.xml:1671(title)
7981
#: serverguide/C/security.xml:1657(title)
7950
7982
msgid "Using eCryptfs"
7953
#: serverguide/C/security.xml:1673(para)
7985
#: serverguide/C/security.xml:1659(para)
7954
7986
msgid "First, install the necessary packages. From a terminal prompt enter:"
7957
#: serverguide/C/security.xml:1678(command)
7989
#: serverguide/C/security.xml:1664(command)
7958
7990
msgid "sudo apt-get install ecryptfs-utils"
7961
#: serverguide/C/security.xml:1681(para)
7993
#: serverguide/C/security.xml:1667(para)
7962
7994
msgid "Now mount the partition to be encrypted:"
7965
#: serverguide/C/security.xml:1686(command)
7997
#: serverguide/C/security.xml:1672(command)
7966
7998
msgid "sudo mount -t ecryptfs /srv /srv"
7969
#: serverguide/C/security.xml:1689(para)
8001
#: serverguide/C/security.xml:1675(para)
7971
8003
"You will then be prompted for some details on how "
7972
8004
"<application>ecryptfs</application> should encrypt the data."
7975
#: serverguide/C/security.xml:1693(para)
8007
#: serverguide/C/security.xml:1679(para)
7977
8009
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
7978
8010
"copy the <filename>/etc/default</filename> folder to "
7979
8011
"<filename>/srv</filename>:"
7982
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8014
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
7983
8015
msgid "sudo cp -r /etc/default /srv"
7986
#: serverguide/C/security.xml:1702(para)
8018
#: serverguide/C/security.xml:1688(para)
7987
8019
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
7990
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8022
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
7991
8023
msgid "sudo umount /srv"
7994
#: serverguide/C/security.xml:1708(command)
8026
#: serverguide/C/security.xml:1694(command)
7995
8027
msgid "cat /srv/default/cron"
7998
#: serverguide/C/security.xml:1711(para)
8030
#: serverguide/C/security.xml:1697(para)
8000
8032
"Remounting <filename>/srv</filename> using "
8001
8033
"<application>ecryptfs</application> will make the data viewable once again."
8004
#: serverguide/C/security.xml:1717(title)
8036
#: serverguide/C/security.xml:1703(title)
8005
8037
msgid "Automatically Mounting Encrypted Partitions"
8008
#: serverguide/C/security.xml:1719(para)
8040
#: serverguide/C/security.xml:1705(para)
8010
8042
"There are a couple of ways to automatically mount an "
8011
8043
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8566
8593
"of the Samba guide for more details."
8569
#: serverguide/C/samba.xml:425(para)
8596
#: serverguide/C/windows-networking.xml:425(para)
8571
8598
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8572
8599
"without supplying a username and password."
8575
#: serverguide/C/samba.xml:432(para)
8602
#: serverguide/C/windows-networking.xml:432(para)
8577
8604
"The security mode you choose will depend on your environment and what you "
8578
8605
"need the Samba server to accomplish."
8581
#: serverguide/C/samba.xml:438(title)
8608
#: serverguide/C/windows-networking.xml:438(title)
8582
8609
msgid "Security = User"
8583
8610
msgstr "Безбедност = Корисник"
8585
#: serverguide/C/samba.xml:440(para)
8612
#: serverguide/C/windows-networking.xml:440(para)
8587
8614
"This section will reconfigure the Samba file and print server, from <xref "
8588
8615
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8589
8616
"require authentication."
8592
#: serverguide/C/samba.xml:445(para)
8619
#: serverguide/C/windows-networking.xml:445(para)
8594
8621
"First, install the <application>libpam-smbpass</application> package which "
8595
8622
"will sync the system users to the Samba user database:"
8598
#: serverguide/C/samba.xml:451(command)
8625
#: serverguide/C/windows-networking.xml:451(command)
8599
8626
msgid "sudo apt-get install libpam-smbpass"
8602
#: serverguide/C/samba.xml:455(para)
8629
#: serverguide/C/windows-networking.xml:455(para)
8604
8631
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8605
8632
"<application>libpam-smbpass</application> is already installed."
8608
#: serverguide/C/samba.xml:461(para)
8635
#: serverguide/C/windows-networking.xml:461(para)
8610
8637
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8611
8638
"<emphasis>[share]</emphasis> section change:"
8614
#: serverguide/C/samba.xml:465(programlisting)
8641
#: serverguide/C/windows-networking.xml:465(programlisting)
8618
8645
" guest ok = no\n"
8621
#: serverguide/C/samba.xml:469(para)
8648
#: serverguide/C/windows-networking.xml:469(para)
8622
8649
msgid "Finally, restart Samba for the new settings to take effect:"
8625
#: serverguide/C/samba.xml:478(para)
8652
#: serverguide/C/windows-networking.xml:478(para)
8627
8654
"Now when connecting to the shared directories or printers you should be "
8628
8655
"prompted for a username and password."
8631
#: serverguide/C/samba.xml:483(para)
8658
#: serverguide/C/windows-networking.xml:483(para)
8633
8660
"If you choose to map a network drive to the share you can check the "
8634
8661
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8635
8662
"enter the username and password once, at least until the password changes."
8638
#: serverguide/C/samba.xml:491(title)
8665
#: serverguide/C/windows-networking.xml:491(title)
8639
8666
msgid "Share Security"
8642
#: serverguide/C/samba.xml:493(para)
8669
#: serverguide/C/windows-networking.xml:493(para)
8644
8671
"There are several options available to increase the security for each "
8645
8672
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8646
8673
"this section will cover some common options."
8649
#: serverguide/C/samba.xml:499(title)
8676
#: serverguide/C/windows-networking.xml:499(title)
8653
#: serverguide/C/samba.xml:501(para)
8680
#: serverguide/C/windows-networking.xml:501(para)
8655
8682
"Groups define a collection of computers or users which have a common level "
8656
8683
"of access to particular network resources and offer a level of granularity "
10453
10479
"Personal Package Archive (PPA)</ulink>."
10456
#: serverguide/C/remote-administration.xml:606(para)
10482
#: serverguide/C/remote-administration.xml:566(para)
10458
10484
"Not present on Ubuntu Universe repositories, but on <ulink "
10459
10485
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10460
10486
"find these other modules:"
10463
#: serverguide/C/remote-administration.xml:613(para)
10489
#: serverguide/C/remote-administration.xml:573(para)
10465
10491
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10466
10492
"with other modules like the proxy, file sharing or mailfilter."
10469
#: serverguide/C/remote-administration.xml:620(para)
10495
#: serverguide/C/remote-administration.xml:580(para)
10471
10497
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10472
10498
"a simple PBX with LDAP based authentication."
10475
#: serverguide/C/remote-administration.xml:626(para)
10501
#: serverguide/C/remote-administration.xml:586(para)
10477
10503
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10480
#: serverguide/C/remote-administration.xml:632(para)
10506
#: serverguide/C/remote-administration.xml:592(para)
10482
10508
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10483
10509
"LDAP users and groups."
10486
#: serverguide/C/remote-administration.xml:638(para)
10512
#: serverguide/C/remote-administration.xml:598(para)
10488
10514
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10489
10515
"popular <application>duplicity</application> backup tool."
10492
#: serverguide/C/remote-administration.xml:644(para)
10518
#: serverguide/C/remote-administration.xml:604(para)
10493
10519
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10496
#: serverguide/C/remote-administration.xml:649(para)
10522
#: serverguide/C/remote-administration.xml:609(para)
10497
10523
msgid "zentyal-ids: integrates a network intrusion detection system."
10500
#: serverguide/C/remote-administration.xml:654(para)
10526
#: serverguide/C/remote-administration.xml:614(para)
10502
10528
"zentyal-ipsec: allows to configure IPsec tunnels using "
10503
10529
"<application>OpenSwan</application>."
10506
#: serverguide/C/remote-administration.xml:660(para)
10532
#: serverguide/C/remote-administration.xml:620(para)
10508
10534
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10509
10535
"with LDAP users and groups."
10512
#: serverguide/C/remote-administration.xml:666(para)
10538
#: serverguide/C/remote-administration.xml:626(para)
10514
10540
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10518
#: serverguide/C/remote-administration.xml:672(para)
10544
#: serverguide/C/remote-administration.xml:632(para)
10520
10546
"zentyal-mail: a full mail stack including <application>Postfix "
10521
10547
"</application> and <application>Dovecot</application> with LDAP backend."
10524
#: serverguide/C/remote-administration.xml:679(para)
10550
#: serverguide/C/remote-administration.xml:639(para)
10526
10552
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10527
10553
"stack to filter spam and attached virus."
10530
#: serverguide/C/remote-administration.xml:685(para)
10556
#: serverguide/C/remote-administration.xml:645(para)
10532
10558
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10533
10559
"server performance and running services."
10536
#: serverguide/C/remote-administration.xml:691(para)
10562
#: serverguide/C/remote-administration.xml:651(para)
10538
10564
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10541
#: serverguide/C/remote-administration.xml:696(para)
10567
#: serverguide/C/remote-administration.xml:656(para)
10543
10569
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10544
10570
"users and groups."
10547
#: serverguide/C/remote-administration.xml:702(para)
10573
#: serverguide/C/remote-administration.xml:662(para)
10549
10575
"zentyal-software: simple interface to manage installed "
10550
10576
"<application>Zentyal</application> modules and system updates."
10553
#: serverguide/C/remote-administration.xml:708(para)
10579
#: serverguide/C/remote-administration.xml:668(para)
10555
10581
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10556
10582
"throttling and improve latency."
10559
#: serverguide/C/remote-administration.xml:714(para)
10585
#: serverguide/C/remote-administration.xml:674(para)
10561
10587
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10562
10588
"web browser."
10565
#: serverguide/C/remote-administration.xml:720(para)
10591
#: serverguide/C/remote-administration.xml:680(para)
10567
10593
"zentyal-virt: simple interface to create and manage virtual machines based "
10568
10594
"on <application>libvirt</application>."
10571
#: serverguide/C/remote-administration.xml:726(para)
10597
#: serverguide/C/remote-administration.xml:686(para)
10573
10599
"zentyal-webmail: allows to access your mail using the popular "
10574
10600
"<application>Roundcube</application> webmail."
10577
#: serverguide/C/remote-administration.xml:732(para)
10603
#: serverguide/C/remote-administration.xml:692(para)
10579
10605
"zentyal-webserver: configures <application>Apache</application> webserver to "
10580
10606
"host different sites on your machine."
10583
#: serverguide/C/remote-administration.xml:738(para)
10609
#: serverguide/C/remote-administration.xml:698(para)
10585
10611
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10586
10612
"with <application>Zentyal</application> mail stack and LDAP."
10589
#: serverguide/C/remote-administration.xml:750(title)
10615
#: serverguide/C/remote-administration.xml:710(title)
10590
10616
msgid "First steps"
10593
#: serverguide/C/remote-administration.xml:752(para)
10619
#: serverguide/C/remote-administration.xml:712(para)
10595
10621
"Any system account belonging to the sudo group is allowed to log into "
10596
10622
"<application>Zentyal</application> web interface. If you are using the user "
10597
10623
"created during the installation, this should be in the sudo group by default."
10600
#: serverguide/C/remote-administration.xml:760(para)
10626
#: serverguide/C/remote-administration.xml:720(para)
10601
10627
msgid "If you need to add another user to the sudo group, just execute:"
10604
#: serverguide/C/remote-administration.xml:765(command)
10630
#: serverguide/C/remote-administration.xml:725(command)
10605
10631
msgid "sudo adduser username sudo"
10608
#: serverguide/C/remote-administration.xml:769(para)
10634
#: serverguide/C/remote-administration.xml:729(para)
10610
10636
"To access <application>Zentyal</application> web interface, browse into "
10611
10637
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11529
11555
"flexibility of <application>pam_motd</application>."
11532
#: serverguide/C/other-apps.xml:151(title)
11558
#: serverguide/C/other-apps.xml:156(para)
11561
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11562
"motd.5.html\">update-motd man page</ulink> for more options available to "
11563
"<application>update-motd</application>."
11566
#: serverguide/C/other-apps.xml:338(para)
11568
"The Debian Package of the Day <ulink "
11569
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11570
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11571
"details about using the <application>weather</application>utility."
11574
#: serverguide/C/other-apps.xml:134(title)
11533
11575
msgid "etckeeper"
11536
#: serverguide/C/other-apps.xml:153(para)
11578
#: serverguide/C/other-apps.xml:180(para)
11538
11580
"<application>etckeeper</application> allows the contents of <filename "
11539
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11540
"System (VCS) repository. It hooks into <application>apt</application> to "
11541
"automatically commit changes to <filename>/etc</filename> when packages are "
11581
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
11582
"(VCS) repository. It integrates with <application>APT</application> and "
11583
"automatically commits changes to <filename>/etc</filename> when packages are "
11542
11584
"installed or upgraded. Placing <filename>/etc</filename> under version "
11543
11585
"control is considered an industry best practice, and the goal of "
11544
11586
"<application>etckeeper</application> is to make this process as painless as "
11548
#: serverguide/C/other-apps.xml:161(para)
11590
#: serverguide/C/other-apps.xml:144(para)
11550
11592
"Install <application>etckeeper</application> by entering the following in a "
11554
#: serverguide/C/other-apps.xml:166(command)
11596
#: serverguide/C/other-apps.xml:149(command)
11555
11597
msgid "sudo apt-get install etckeeper"
11558
#: serverguide/C/other-apps.xml:169(para)
11600
#: serverguide/C/other-apps.xml:196(para)
11560
11602
"The main configuration file, "
11561
11603
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11562
"main option is which VCS to use. By default "
11604
"main option is which VCS to use and by default "
11563
11605
"<application>etckeeper</application> is configured to use "
11564
"<application>bzr</application> for version control. The repository is "
11565
"automatically initialized (and committed for the first time) during package "
11566
"installation. It is possible to undo this by entering the following command:"
11606
"<application>Bazaar</application>. The repository is automatically "
11607
"initialized (and committed for the first time) during package installation. "
11608
"It is possible to undo this by entering the following command:"
11569
#: serverguide/C/other-apps.xml:179(command)
11611
#: serverguide/C/other-apps.xml:162(command)
11570
11612
msgid "sudo etckeeper uninit"
11573
#: serverguide/C/other-apps.xml:182(para)
11615
#: serverguide/C/other-apps.xml:165(para)
11575
11617
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11576
11618
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11653
11693
"Committed revision 2."
11656
#: serverguide/C/other-apps.xml:256(para)
11696
#: serverguide/C/other-apps.xml:239(para)
11658
11698
"For an example of how <application>etckeeper</application> tracks manual "
11659
11699
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11660
11700
"<application>bzr</application> you can see which files have been modified:"
11663
#: serverguide/C/other-apps.xml:262(command)
11703
#: serverguide/C/other-apps.xml:245(command)
11664
11704
msgid "sudo bzr status /etc/"
11667
#: serverguide/C/other-apps.xml:263(computeroutput)
11707
#: serverguide/C/other-apps.xml:246(computeroutput)
11670
11710
"modified:\n"
11674
#: serverguide/C/other-apps.xml:267(para)
11714
#: serverguide/C/other-apps.xml:250(para)
11675
11715
msgid "Now commit the changes:"
11678
#: serverguide/C/other-apps.xml:272(command)
11679
msgid "sudo etckeeper commit \"new host\""
11718
#: serverguide/C/other-apps.xml:295(command)
11719
msgid "sudo etckeeper commit \"added new host\""
11682
#: serverguide/C/other-apps.xml:275(para)
11722
#: serverguide/C/other-apps.xml:258(para)
11684
11724
"For more information on <application>bzr</application> see <xref "
11685
11725
"linkend=\"bazaar\"/>."
11688
#: serverguide/C/other-apps.xml:281(title)
11728
#: serverguide/C/other-apps.xml:345(para)
11731
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11732
"more details on using <application>etckeeper</application>."
11735
#: serverguide/C/other-apps.xml:351(para)
11737
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11738
"Ubuntu Wiki</ulink> page."
11741
#: serverguide/C/other-apps.xml:356(para)
11743
"For the latest news and information about <application>bzr</application> see "
11744
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11747
#: serverguide/C/other-apps.xml:264(title)
11689
11748
msgid "Byobu"
11692
#: serverguide/C/other-apps.xml:283(para)
11694
"One of the most useful applications for any system administrator is "
11695
"<application>screen</application>. It allows the execution of multiple "
11696
"shells in one terminal. To make some of the advanced "
11697
"<application>screen</application> features more user friendly, and provide "
11698
"some useful information about the system, the "
11699
"<application>byobu</application> package was created."
11702
#: serverguide/C/other-apps.xml:290(para)
11704
"When executing <application>byobu</application> pressing the "
11705
"<emphasis>F9</emphasis> key will bring up the "
11706
"<application>Configuration</application> menu. This menu will allow you to:"
11709
#: serverguide/C/other-apps.xml:296(para)
11751
#: serverguide/C/other-apps.xml:337(para)
11753
"One of the most useful applications for any system administrator is an xterm "
11754
"multiplexor such as <application>screen</application> or "
11755
"<application>tmux</application>. It allows for the execution of multiple "
11756
"shells in one terminal. To make some of the advanced multiplexor features "
11757
"more user-friendly and provide some useful information about the system, the "
11758
"<application>byobu</application> package was created. It acts as a wrapper "
11759
"to these programs. By default Byobu uses tmux (if installed) but this can be "
11760
"changed by the user."
11763
#: serverguide/C/other-apps.xml:344(para)
11764
msgid "Invoke it simply with:"
11767
#: serverguide/C/other-apps.xml:349(command)
11771
#: serverguide/C/other-apps.xml:352(para)
11773
"Now bring up the configuration menu. By default this is done by pressing the "
11774
"<emphasis>F9</emphasis> key. This will allow you to:"
11777
#: serverguide/C/other-apps.xml:279(para)
11710
11778
msgid "View the Help menu"
11713
#: serverguide/C/other-apps.xml:297(para)
11781
#: serverguide/C/other-apps.xml:280(para)
11714
11782
msgid "Change Byobu's background color"
11717
#: serverguide/C/other-apps.xml:298(para)
11785
#: serverguide/C/other-apps.xml:281(para)
11718
11786
msgid "Change Byobu's foreground color"
11721
#: serverguide/C/other-apps.xml:299(para)
11789
#: serverguide/C/other-apps.xml:282(para)
11722
11790
msgid "Toggle status notifications"
11725
#: serverguide/C/other-apps.xml:300(para)
11793
#: serverguide/C/other-apps.xml:283(para)
11726
11794
msgid "Change the key binding set"
11729
#: serverguide/C/other-apps.xml:301(para)
11797
#: serverguide/C/other-apps.xml:284(para)
11730
11798
msgid "Change the escape sequence"
11733
#: serverguide/C/other-apps.xml:302(para)
11801
#: serverguide/C/other-apps.xml:285(para)
11734
11802
msgid "Create new windows"
11737
#: serverguide/C/other-apps.xml:303(para)
11805
#: serverguide/C/other-apps.xml:286(para)
11738
11806
msgid "Manage the default windows"
11741
#: serverguide/C/other-apps.xml:304(para)
11809
#: serverguide/C/other-apps.xml:287(para)
11742
11810
msgid "Byobu currently does not launch at login (toggle on)"
11745
#: serverguide/C/other-apps.xml:307(para)
11813
#: serverguide/C/other-apps.xml:290(para)
11747
11815
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11748
11816
"sequence, new window, change window, etc. There are two key binding sets to "
11775
11843
"commands. Here is a quick list of movement commands:"
11778
#: serverguide/C/other-apps.xml:331(para)
11846
#: serverguide/C/other-apps.xml:314(para)
11779
11847
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11782
#: serverguide/C/other-apps.xml:332(para)
11850
#: serverguide/C/other-apps.xml:315(para)
11783
11851
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11786
#: serverguide/C/other-apps.xml:333(para)
11854
#: serverguide/C/other-apps.xml:316(para)
11787
11855
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11790
#: serverguide/C/other-apps.xml:334(para)
11858
#: serverguide/C/other-apps.xml:317(para)
11791
11859
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11794
#: serverguide/C/other-apps.xml:335(para)
11862
#: serverguide/C/other-apps.xml:318(para)
11795
11863
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11798
#: serverguide/C/other-apps.xml:336(para)
11866
#: serverguide/C/other-apps.xml:319(para)
11799
11867
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11802
#: serverguide/C/other-apps.xml:337(para)
11870
#: serverguide/C/other-apps.xml:320(para)
11804
11872
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11805
11873
"the buffer)"
11808
#: serverguide/C/other-apps.xml:338(para)
11876
#: serverguide/C/other-apps.xml:321(para)
11809
11877
msgid "<emphasis>/</emphasis> - Search forward"
11812
#: serverguide/C/other-apps.xml:339(para)
11880
#: serverguide/C/other-apps.xml:322(para)
11813
11881
msgid "<emphasis>?</emphasis> - Search backward"
11816
#: serverguide/C/other-apps.xml:340(para)
11884
#: serverguide/C/other-apps.xml:401(para)
11818
11886
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11821
#: serverguide/C/other-apps.xml:349(para)
11824
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11825
"motd.5.html\">update-motd man page</ulink> for more options available to "
11826
"<application>update-motd</application>."
11829
#: serverguide/C/other-apps.xml:355(para)
11831
"The Debian Package of the Day <ulink "
11832
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11833
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11834
"details about using the <application>weather</application>utility."
11837
#: serverguide/C/other-apps.xml:362(para)
11840
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11841
"more details on using <application>etckeeper</application>."
11844
#: serverguide/C/other-apps.xml:368(para)
11846
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11847
"Ubuntu Wiki</ulink> page."
11850
#: serverguide/C/other-apps.xml:373(para)
11852
"For the latest news and information about <application>bzr</application> see "
11853
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11856
#: serverguide/C/other-apps.xml:378(para)
11889
#: serverguide/C/other-apps.xml:361(para)
11858
11891
"For more information on <application>screen</application> see the <ulink "
11859
11892
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11862
#: serverguide/C/other-apps.xml:383(para)
11895
#: serverguide/C/other-apps.xml:366(para)
11864
11897
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11865
11898
"screen</ulink> page."
11868
#: serverguide/C/other-apps.xml:388(para)
11901
#: serverguide/C/other-apps.xml:371(para)
11870
11903
"Also, see the <application>byobu</application><ulink "
11871
11904
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
13584
13635
"dn: olcDatabase={1}hdb,cn=config\n"
13587
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
13638
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13588
13639
msgid "Explanation of entries:"
13591
#: serverguide/C/network-auth.xml:266(para)
13642
#: serverguide/C/network-auth.xml:288(para)
13592
13643
msgid "<emphasis>cn=config</emphasis>: global settings"
13595
#: serverguide/C/network-auth.xml:272(para)
13646
#: serverguide/C/network-auth.xml:294(para)
13597
13648
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13600
#: serverguide/C/network-auth.xml:278(para)
13651
#: serverguide/C/network-auth.xml:300(para)
13602
13653
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13606
#: serverguide/C/network-auth.xml:284(para)
13657
#: serverguide/C/network-auth.xml:306(para)
13608
13659
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13612
#: serverguide/C/network-auth.xml:290(para)
13663
#: serverguide/C/network-auth.xml:312(para)
13614
13665
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13617
#: serverguide/C/network-auth.xml:296(para)
13668
#: serverguide/C/network-auth.xml:318(para)
13618
13669
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13621
#: serverguide/C/network-auth.xml:302(para)
13672
#: serverguide/C/network-auth.xml:324(para)
13623
13674
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13624
13675
"inetorgperson schema"
13627
#: serverguide/C/network-auth.xml:308(para)
13678
#: serverguide/C/network-auth.xml:330(para)
13629
13680
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13633
#: serverguide/C/network-auth.xml:314(para)
13684
#: serverguide/C/network-auth.xml:336(para)
13635
13686
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13636
13687
"default settings for other databases"
13639
#: serverguide/C/network-auth.xml:320(para)
13690
#: serverguide/C/network-auth.xml:342(para)
13641
13692
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13642
13693
"database (cn=config)"
13645
#: serverguide/C/network-auth.xml:326(para)
13696
#: serverguide/C/network-auth.xml:348(para)
13647
13698
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13648
13699
"(dc=examle,dc=com)"
13651
#: serverguide/C/network-auth.xml:337(para)
13702
#: serverguide/C/network-auth.xml:359(para)
13652
13703
msgid "This is what the dc=example,dc=com DIT looks like:"
13655
#: serverguide/C/network-auth.xml:342(command)
13706
#: serverguide/C/network-auth.xml:364(command)
13656
13707
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13659
#: serverguide/C/network-auth.xml:343(computeroutput)
13710
#: serverguide/C/network-auth.xml:365(computeroutput)
14256
14307
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14259
#: serverguide/C/network-auth.xml:918(para)
14310
#: serverguide/C/network-auth.xml:940(para)
14261
14312
"Change the rootDN in the LDIF file to match the one you have for your "
14265
#: serverguide/C/network-auth.xml:925(para)
14316
#: serverguide/C/network-auth.xml:947(para)
14267
"The <application>apparmor</application> profile for slapd will need to be "
14268
"adjusted for the accesslog database location. Edit "
14269
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
14318
"The <application>apparmor</application> profile for slapd will not need to "
14319
"be adjusted for the accesslog database location since "
14320
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14273
#: serverguide/C/network-auth.xml:931(programlisting)
14323
#: serverguide/C/network-auth.xml:952(programlisting)
14277
"/var/lib/ldap/accesslog/ r,\n"
14278
"/var/lib/ldap/accesslog/** rwk,\n"
14327
"/var/lib/ldap/ r,\n"
14328
"/var/lib/ldap/** rwk,\n"
14281
#: serverguide/C/network-auth.xml:936(para)
14331
#: serverguide/C/network-auth.xml:957(para)
14283
14333
"Create a directory, set up a databse config file, and reload the apparmor "
14287
#: serverguide/C/network-auth.xml:941(command)
14337
#: serverguide/C/network-auth.xml:962(command)
14288
14338
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14291
#: serverguide/C/network-auth.xml:942(command)
14341
#: serverguide/C/network-auth.xml:963(command)
14292
14342
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14295
#: serverguide/C/network-auth.xml:949(para)
14345
#: serverguide/C/network-auth.xml:970(para)
14297
14347
"Add the new content and, due to the apparmor change, restart the daemon:"
14300
#: serverguide/C/network-auth.xml:954(command)
14350
#: serverguide/C/network-auth.xml:975(command)
14301
14351
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14304
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
14354
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14305
14355
msgid "sudo service slapd restart"
14308
#: serverguide/C/network-auth.xml:962(para)
14358
#: serverguide/C/network-auth.xml:983(para)
14309
14359
msgid "The Provider is now configured."
14312
#: serverguide/C/network-auth.xml:969(title)
14362
#: serverguide/C/network-auth.xml:990(title)
14313
14363
msgid "Consumer Configuration"
14316
#: serverguide/C/network-auth.xml:971(para)
14366
#: serverguide/C/network-auth.xml:992(para)
14317
14367
msgid "And now configure the <emphasis>Consumer</emphasis>."
14320
#: serverguide/C/network-auth.xml:978(para)
14370
#: serverguide/C/network-auth.xml:999(para)
14322
14372
"Install the software by going through <xref linkend=\"openldap-server-"
14323
14373
"installation\"/>. Make sure the slapd-config databse is identical to the "
15166
15216
"assist you in the configuration step. Install this package now:"
15169
#: serverguide/C/network-auth.xml:1704(command)
15219
#: serverguide/C/network-auth.xml:1725(command)
15170
15220
msgid "sudo apt-get install libnss-ldap"
15173
#: serverguide/C/network-auth.xml:1707(para)
15223
#: serverguide/C/network-auth.xml:1728(para)
15175
15225
"You will be prompted for details of your LDAP server. If you make a mistake "
15176
15226
"you can try again using:"
15179
#: serverguide/C/network-auth.xml:1712(command)
15229
#: serverguide/C/network-auth.xml:1733(command)
15180
15230
msgid "sudo dpkg-reconfigure ldap-auth-config"
15183
#: serverguide/C/network-auth.xml:1715(para)
15233
#: serverguide/C/network-auth.xml:1736(para)
15185
15235
"The results of the dialog can be seen in "
15186
15236
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15187
15237
"covered in the menu edit this file accordingly."
15190
#: serverguide/C/network-auth.xml:1720(para)
15240
#: serverguide/C/network-auth.xml:1741(para)
15191
15241
msgid "Now configure the LDAP profile for NSS:"
15194
#: serverguide/C/network-auth.xml:1725(command)
15244
#: serverguide/C/network-auth.xml:1746(command)
15195
15245
msgid "sudo auth-client-config -t nss -p lac_ldap"
15198
#: serverguide/C/network-auth.xml:1728(para)
15248
#: serverguide/C/network-auth.xml:1749(para)
15199
15249
msgid "Configure the system to use LDAP for authentication:"
15202
#: serverguide/C/network-auth.xml:1733(command)
15252
#: serverguide/C/network-auth.xml:1754(command)
15203
15253
msgid "sudo pam-auth-update"
15206
#: serverguide/C/network-auth.xml:1736(para)
15256
#: serverguide/C/network-auth.xml:1757(para)
15208
15258
"From the menu, choose LDAP and any other authentication mechanisms you need."
15211
#: serverguide/C/network-auth.xml:1740(para)
15261
#: serverguide/C/network-auth.xml:1761(para)
15212
15262
msgid "You should now be able to log in using LDAP-based credentials."
15215
#: serverguide/C/network-auth.xml:1744(para)
15265
#: serverguide/C/network-auth.xml:1765(para)
15217
15267
"LDAP clients will need to refer to multiple servers if replication is in "
15218
15268
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15221
#: serverguide/C/network-auth.xml:1749(programlisting)
15271
#: serverguide/C/network-auth.xml:1770(programlisting)
15225
15275
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15228
#: serverguide/C/network-auth.xml:1753(para)
15278
#: serverguide/C/network-auth.xml:1774(para)
15230
15280
"The request will time out and the Consumer (ldap02) will attempt to be "
15231
15281
"reached if the Provider (ldap01) becomes unresponsive."
15234
#: serverguide/C/network-auth.xml:1757(para)
15284
#: serverguide/C/network-auth.xml:1778(para)
15236
15286
"If you are going to use LDAP to store Samba users you will need to configure "
15237
15287
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15238
15288
"ldap\"/> for details."
15241
#: serverguide/C/network-auth.xml:1763(para)
15291
#: serverguide/C/network-auth.xml:1784(para)
15243
15293
"An alternative to the <application>libnss-ldap</application> package is the "
15244
15294
"<application>libnss-ldapd</application> package. This, however, will bring "
15289
15339
"MIDSTART=10000\n"
15292
#: serverguide/C/network-auth.xml:1806(para)
15342
#: serverguide/C/network-auth.xml:1827(para)
15294
15344
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15295
15345
"access to the directory:"
15298
#: serverguide/C/network-auth.xml:1811(command)
15348
#: serverguide/C/network-auth.xml:1832(command)
15300
15350
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15303
#: serverguide/C/network-auth.xml:1812(command)
15353
#: serverguide/C/network-auth.xml:1833(command)
15304
15354
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15307
#: serverguide/C/network-auth.xml:1816(para)
15357
#: serverguide/C/network-auth.xml:1837(para)
15309
15359
"Replace <quote>secret</quote> with the actual password for your database's "
15310
15360
"rootDN user."
15313
#: serverguide/C/network-auth.xml:1821(para)
15363
#: serverguide/C/network-auth.xml:1842(para)
15315
15365
"The scripts are now ready to help manage your directory. Here are some "
15316
15366
"examples of how to use them:"
15319
#: serverguide/C/network-auth.xml:1828(para)
15369
#: serverguide/C/network-auth.xml:1849(para)
15320
15370
msgid "Create a new user:"
15323
#: serverguide/C/network-auth.xml:1833(command)
15373
#: serverguide/C/network-auth.xml:1854(command)
15324
15374
msgid "sudo ldapadduser george example"
15327
#: serverguide/C/network-auth.xml:1836(para)
15377
#: serverguide/C/network-auth.xml:1857(para)
15329
15379
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15330
15380
"and set the user's primary group (gid) to <emphasis "
15331
15381
"role=\"italic\">example</emphasis>"
15334
#: serverguide/C/network-auth.xml:1843(para)
15384
#: serverguide/C/network-auth.xml:1864(para)
15335
15385
msgid "Change a user's password:"
15338
#: serverguide/C/network-auth.xml:1848(command)
15388
#: serverguide/C/network-auth.xml:1869(command)
15339
15389
msgid "sudo ldapsetpasswd george"
15342
#: serverguide/C/network-auth.xml:1849(computeroutput)
15392
#: serverguide/C/network-auth.xml:1870(computeroutput)
15344
15394
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15347
#: serverguide/C/network-auth.xml:1850(userinput)
15397
#: serverguide/C/network-auth.xml:1871(userinput)
15349
15399
msgid "New Password: "
15352
#: serverguide/C/network-auth.xml:1851(userinput)
15402
#: serverguide/C/network-auth.xml:1872(userinput)
15354
15404
msgid "New Password (verify): "
15357
#: serverguide/C/network-auth.xml:1857(para)
15407
#: serverguide/C/network-auth.xml:1878(para)
15358
15408
msgid "Delete a user:"
15361
#: serverguide/C/network-auth.xml:1862(command)
15411
#: serverguide/C/network-auth.xml:1883(command)
15362
15412
msgid "sudo ldapdeleteuser george"
15365
#: serverguide/C/network-auth.xml:1868(para)
15415
#: serverguide/C/network-auth.xml:1889(para)
15366
15416
msgid "Add a group:"
15369
#: serverguide/C/network-auth.xml:1873(command)
15419
#: serverguide/C/network-auth.xml:1894(command)
15370
15420
msgid "sudo ldapaddgroup qa"
15373
#: serverguide/C/network-auth.xml:1879(para)
15423
#: serverguide/C/network-auth.xml:1900(para)
15374
15424
msgid "Delete a group:"
15377
#: serverguide/C/network-auth.xml:1884(command)
15427
#: serverguide/C/network-auth.xml:1905(command)
15378
15428
msgid "sudo ldapdeletegroup qa"
15381
#: serverguide/C/network-auth.xml:1890(para)
15431
#: serverguide/C/network-auth.xml:1911(para)
15382
15432
msgid "Add a user to a group:"
15385
#: serverguide/C/network-auth.xml:1895(command)
15435
#: serverguide/C/network-auth.xml:1916(command)
15386
15436
msgid "sudo ldapaddusertogroup george qa"
15389
#: serverguide/C/network-auth.xml:1898(para)
15439
#: serverguide/C/network-auth.xml:1919(para)
15391
15441
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15392
15442
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15393
15443
"role=\"italic\">george</emphasis>."
15396
#: serverguide/C/network-auth.xml:1905(para)
15446
#: serverguide/C/network-auth.xml:1926(para)
15397
15447
msgid "Remove a user from a group:"
15400
#: serverguide/C/network-auth.xml:1910(command)
15450
#: serverguide/C/network-auth.xml:1931(command)
15401
15451
msgid "sudo ldapdeleteuserfromgroup george qa"
15404
#: serverguide/C/network-auth.xml:1913(para)
15454
#: serverguide/C/network-auth.xml:1934(para)
15406
15456
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15407
15457
"<emphasis role=\"italic\">qa</emphasis> group."
15410
#: serverguide/C/network-auth.xml:1920(para)
15460
#: serverguide/C/network-auth.xml:1941(para)
15412
15462
"The <application>ldapmodifyuser</application> script allows you to add, "
15413
15463
"remove, or replace a user's attributes. The script uses the same syntax as "
15414
15464
"the <application>ldapmodify</application> utility. For example:"
15417
#: serverguide/C/network-auth.xml:1926(command)
15467
#: serverguide/C/network-auth.xml:1947(command)
15418
15468
msgid "sudo ldapmodifyuser george"
15421
#: serverguide/C/network-auth.xml:1927(computeroutput)
15471
#: serverguide/C/network-auth.xml:1948(computeroutput)
15424
15474
"# About to modify the following entry :\n"
15507
15557
"title: Employee\n"
15510
#: serverguide/C/network-auth.xml:1995(para)
15560
#: serverguide/C/network-auth.xml:2016(para)
15512
15562
"Notice the <emphasis><ask></emphasis> option used for the "
15513
15563
"<emphasis>sn</emphasis> attribute. This will make "
15514
"<application>ldapadduser</application> prompt you for it's value."
15564
"<application>ldapadduser</application> prompt you for its value."
15517
#: serverguide/C/network-auth.xml:2003(para)
15567
#: serverguide/C/network-auth.xml:2024(para)
15519
15569
"There are utilities in the package that were not covered here. Here is a "
15520
15570
"complete list:"
15523
#: serverguide/C/network-auth.xml:2008(ulink)
15573
#: serverguide/C/network-auth.xml:2029(ulink)
15524
15574
msgid "ldaprenamemachine"
15527
#: serverguide/C/network-auth.xml:2009(ulink)
15577
#: serverguide/C/network-auth.xml:2030(ulink)
15528
15578
msgid "ldapadduser"
15531
#: serverguide/C/network-auth.xml:2010(ulink)
15581
#: serverguide/C/network-auth.xml:2031(ulink)
15532
15582
msgid "ldapdeleteuserfromgroup"
15535
#: serverguide/C/network-auth.xml:2011(ulink)
15585
#: serverguide/C/network-auth.xml:2032(ulink)
15536
15586
msgid "ldapfinger"
15539
#: serverguide/C/network-auth.xml:2012(ulink)
15589
#: serverguide/C/network-auth.xml:2033(ulink)
15540
15590
msgid "ldapid"
15543
#: serverguide/C/network-auth.xml:2013(ulink)
15593
#: serverguide/C/network-auth.xml:2034(ulink)
15544
15594
msgid "ldapgid"
15547
#: serverguide/C/network-auth.xml:2014(ulink)
15597
#: serverguide/C/network-auth.xml:2035(ulink)
15548
15598
msgid "ldapmodifyuser"
15551
#: serverguide/C/network-auth.xml:2015(ulink)
15601
#: serverguide/C/network-auth.xml:2036(ulink)
15552
15602
msgid "ldaprenameuser"
15555
#: serverguide/C/network-auth.xml:2016(ulink)
15605
#: serverguide/C/network-auth.xml:2037(ulink)
15556
15606
msgid "lsldap"
15559
#: serverguide/C/network-auth.xml:2017(ulink)
15609
#: serverguide/C/network-auth.xml:2038(ulink)
15560
15610
msgid "ldapaddusertogroup"
15563
#: serverguide/C/network-auth.xml:2018(ulink)
15613
#: serverguide/C/network-auth.xml:2039(ulink)
15564
15614
msgid "ldapsetpasswd"
15567
#: serverguide/C/network-auth.xml:2019(ulink)
15617
#: serverguide/C/network-auth.xml:2040(ulink)
15568
15618
msgid "ldapinit"
15571
#: serverguide/C/network-auth.xml:2020(ulink)
15621
#: serverguide/C/network-auth.xml:2041(ulink)
15572
15622
msgid "ldapaddgroup"
15575
#: serverguide/C/network-auth.xml:2021(ulink)
15625
#: serverguide/C/network-auth.xml:2042(ulink)
15576
15626
msgid "ldapdeletegroup"
15579
#: serverguide/C/network-auth.xml:2022(ulink)
15629
#: serverguide/C/network-auth.xml:2043(ulink)
15580
15630
msgid "ldapmodifygroup"
15583
#: serverguide/C/network-auth.xml:2023(ulink)
15633
#: serverguide/C/network-auth.xml:2044(ulink)
15584
15634
msgid "ldapdeletemachine"
15587
#: serverguide/C/network-auth.xml:2024(ulink)
15637
#: serverguide/C/network-auth.xml:2045(ulink)
15588
15638
msgid "ldaprenamegroup"
15591
#: serverguide/C/network-auth.xml:2025(ulink)
15641
#: serverguide/C/network-auth.xml:2046(ulink)
15592
15642
msgid "ldapaddmachine"
15595
#: serverguide/C/network-auth.xml:2026(ulink)
15645
#: serverguide/C/network-auth.xml:2047(ulink)
15596
15646
msgid "ldapmodifymachine"
15599
#: serverguide/C/network-auth.xml:2027(ulink)
15649
#: serverguide/C/network-auth.xml:2048(ulink)
15600
15650
msgid "ldapsetprimarygroup"
15603
#: serverguide/C/network-auth.xml:2028(ulink)
15653
#: serverguide/C/network-auth.xml:2049(ulink)
15604
15654
msgid "ldapdeleteuser"
15607
#: serverguide/C/network-auth.xml:2034(title)
15657
#: serverguide/C/network-auth.xml:2055(title)
15608
15658
msgid "Backup and Restore"
15611
#: serverguide/C/network-auth.xml:2036(para)
15661
#: serverguide/C/network-auth.xml:2057(para)
15613
15663
"Now we have ldap running just the way we want, it is time to ensure we can "
15614
15664
"save all of our work and restore it as needed."
15617
#: serverguide/C/network-auth.xml:2041(para)
15667
#: serverguide/C/network-auth.xml:2062(para)
15619
15669
"What we need is a way to backup the ldap database(s), specifically the "
15620
15670
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15665
15715
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15668
#: serverguide/C/network-auth.xml:2088(para)
15718
#: serverguide/C/network-auth.xml:2109(para)
15669
15719
msgid "Now the files are created, they should be copied to a backup server."
15672
#: serverguide/C/network-auth.xml:2093(para)
15722
#: serverguide/C/network-auth.xml:2114(para)
15674
15724
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15675
15725
"something like this:"
15678
#: serverguide/C/network-auth.xml:2099(command)
15728
#: serverguide/C/network-auth.xml:2120(command)
15679
15729
msgid "sudo service slapd stop"
15682
#: serverguide/C/network-auth.xml:2100(command)
15732
#: serverguide/C/network-auth.xml:2121(command)
15683
15733
msgid "sudo mkdir /var/lib/ldap/accesslog"
15686
#: serverguide/C/network-auth.xml:2101(command)
15736
#: serverguide/C/network-auth.xml:2122(command)
15687
15737
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15690
#: serverguide/C/network-auth.xml:2102(command)
15740
#: serverguide/C/network-auth.xml:2123(command)
15692
15742
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15695
#: serverguide/C/network-auth.xml:2103(command)
15745
#: serverguide/C/network-auth.xml:2124(command)
15696
15746
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15699
#: serverguide/C/network-auth.xml:2104(command)
15749
#: serverguide/C/network-auth.xml:2125(command)
15700
15750
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15703
#: serverguide/C/network-auth.xml:2105(command)
15753
#: serverguide/C/network-auth.xml:2126(command)
15704
15754
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15707
#: serverguide/C/network-auth.xml:2106(command)
15757
#: serverguide/C/network-auth.xml:2127(command)
15708
15758
msgid "sudo service slapd start"
15711
#: serverguide/C/network-auth.xml:2117(para)
15761
#: serverguide/C/network-auth.xml:2138(para)
15713
15763
"The primary resource is the upstream documentation: <ulink "
15714
15764
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15717
#: serverguide/C/network-auth.xml:2123(para)
15767
#: serverguide/C/network-auth.xml:2144(para)
15719
15769
"There are many man pages that come with the slapd package. Here are some "
15720
15770
"important ones, especially considering the material presented in this guide:"
15723
#: serverguide/C/network-auth.xml:2129(ulink)
15773
#: serverguide/C/network-auth.xml:2150(ulink)
15724
15774
msgid "slapd"
15727
#: serverguide/C/network-auth.xml:2130(ulink)
15777
#: serverguide/C/network-auth.xml:2151(ulink)
15728
15778
msgid "slapd-config"
15731
#: serverguide/C/network-auth.xml:2131(ulink)
15781
#: serverguide/C/network-auth.xml:2152(ulink)
15732
15782
msgid "slapd.access"
15735
#: serverguide/C/network-auth.xml:2132(ulink)
15785
#: serverguide/C/network-auth.xml:2153(ulink)
15736
15786
msgid "slapo-syncprov"
15739
#: serverguide/C/network-auth.xml:2138(para)
15789
#: serverguide/C/network-auth.xml:2159(para)
15740
15790
msgid "Other man pages:"
15743
#: serverguide/C/network-auth.xml:2143(ulink)
15793
#: serverguide/C/network-auth.xml:2164(ulink)
15744
15794
msgid "auth-client-config"
15747
#: serverguide/C/network-auth.xml:2144(ulink)
15797
#: serverguide/C/network-auth.xml:2165(ulink)
15748
15798
msgid "pam-auth-update"
15751
#: serverguide/C/network-auth.xml:2150(para)
15801
#: serverguide/C/network-auth.xml:2171(para)
15753
15803
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15754
15804
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15757
#: serverguide/C/network-auth.xml:2156(para)
15807
#: serverguide/C/network-auth.xml:2177(para)
15759
15809
"A Ubuntu community <ulink "
15760
15810
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15761
15811
"wiki</ulink> page has a collection of notes"
15764
#: serverguide/C/network-auth.xml:2162(para)
15814
#: serverguide/C/network-auth.xml:2183(para)
15766
15816
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15767
15817
"Administration</ulink> (textbook; 2003)"
15770
#: serverguide/C/network-auth.xml:2168(para)
15820
#: serverguide/C/network-auth.xml:2189(para)
15772
15822
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15773
15823
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15776
#: serverguide/C/network-auth.xml:2179(title)
15826
#: serverguide/C/network-auth.xml:2200(title)
15777
15827
msgid "Samba and LDAP"
15780
#: serverguide/C/network-auth.xml:2181(para)
15830
#: serverguide/C/network-auth.xml:2202(para)
15782
15832
"This section covers the integration of Samba with LDAP. The Samba server's "
15783
15833
"role will be that of a \"standalone\" server and the LDAP directory will "
15784
15834
"provide the authentication layer in addition to containing the user, group, "
15785
15835
"and machine account information that Samba requires in order to function (in "
15786
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
15836
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
15787
15837
"configured with a directory that can accept authentication requests. See "
15788
15838
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
15789
15839
"requirement. Once this section is completed, you will need to decide what "
15790
15840
"specifically you want Samba to do for you and then configure it accordingly."
15793
#: serverguide/C/network-auth.xml:2190(title)
15843
#: serverguide/C/network-auth.xml:2211(title)
15794
15844
msgid "Software Installation"
15797
#: serverguide/C/network-auth.xml:2192(para)
15847
#: serverguide/C/network-auth.xml:2213(para)
15799
15849
"There are three packages needed when integrating Samba with LDAP: "
15800
15850
"<application>samba</application>, <application>samba-doc</application>, and "
15801
15851
"<application>smbldap-tools</application> packages."
15804
#: serverguide/C/network-auth.xml:2197(para)
15854
#: serverguide/C/network-auth.xml:2223(para)
15806
15856
"Strictly speaking, the <application>smbldap-tools</application> package "
15807
15857
"isn't needed, but unless you have some other way to manage the various Samba "
16253
16303
"<application>smbldap-useradd</application>."
16256
#: serverguide/C/network-auth.xml:2624(para)
16306
#: serverguide/C/network-auth.xml:2653(para)
16258
16308
"There are utilities in the <application>smbldap-tools</application> package "
16259
16309
"that were not covered here. Here is a complete list:"
16262
#: serverguide/C/network-auth.xml:2629(ulink)
16312
#: serverguide/C/network-auth.xml:2658(ulink)
16263
16313
msgid "smbldap-groupadd"
16266
#: serverguide/C/network-auth.xml:2630(ulink)
16316
#: serverguide/C/network-auth.xml:2659(ulink)
16267
16317
msgid "smbldap-groupdel"
16270
#: serverguide/C/network-auth.xml:2631(ulink)
16320
#: serverguide/C/network-auth.xml:2660(ulink)
16271
16321
msgid "smbldap-groupmod"
16274
#: serverguide/C/network-auth.xml:2632(ulink)
16324
#: serverguide/C/network-auth.xml:2661(ulink)
16275
16325
msgid "smbldap-groupshow"
16278
#: serverguide/C/network-auth.xml:2633(ulink)
16328
#: serverguide/C/network-auth.xml:2662(ulink)
16279
16329
msgid "smbldap-passwd"
16282
#: serverguide/C/network-auth.xml:2634(ulink)
16332
#: serverguide/C/network-auth.xml:2663(ulink)
16283
16333
msgid "smbldap-populate"
16286
#: serverguide/C/network-auth.xml:2635(ulink)
16336
#: serverguide/C/network-auth.xml:2664(ulink)
16287
16337
msgid "smbldap-useradd"
16290
#: serverguide/C/network-auth.xml:2636(ulink)
16340
#: serverguide/C/network-auth.xml:2665(ulink)
16291
16341
msgid "smbldap-userdel"
16294
#: serverguide/C/network-auth.xml:2637(ulink)
16344
#: serverguide/C/network-auth.xml:2666(ulink)
16295
16345
msgid "smbldap-userinfo"
16298
#: serverguide/C/network-auth.xml:2638(ulink)
16348
#: serverguide/C/network-auth.xml:2667(ulink)
16299
16349
msgid "smbldap-userlist"
16302
#: serverguide/C/network-auth.xml:2639(ulink)
16352
#: serverguide/C/network-auth.xml:2668(ulink)
16303
16353
msgid "smbldap-usermod"
16306
#: serverguide/C/network-auth.xml:2640(ulink)
16356
#: serverguide/C/network-auth.xml:2669(ulink)
16307
16357
msgid "smbldap-usershow"
16310
#: serverguide/C/network-auth.xml:2651(para)
16360
#: serverguide/C/network-auth.xml:2677(para)
16312
16362
"For more information on installing and configuring Samba see <xref "
16313
16363
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16316
#: serverguide/C/network-auth.xml:2657(para)
16366
#: serverguide/C/network-auth.xml:2686(para)
16318
16368
"There are multiple places where LDAP and Samba is documented in the upstream "
16319
16369
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16320
16370
"HOWTO Collection</ulink>."
16323
#: serverguide/C/network-auth.xml:2664(para)
16373
#: serverguide/C/network-auth.xml:2693(para)
16325
16375
"Regarding the above, see specifically the <ulink "
16326
16376
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16327
16377
"Collection/passdb.html\">passdb section</ulink>."
16330
#: serverguide/C/network-auth.xml:2670(para)
16380
#: serverguide/C/network-auth.xml:2699(para)
16332
16382
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16333
16383
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16334
16384
"valuable notes."
16337
#: serverguide/C/network-auth.xml:2676(para)
16387
#: serverguide/C/network-auth.xml:2705(para)
16339
16389
"The main page of the <ulink "
16340
16390
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16738
16788
"of those networks."
16741
#: serverguide/C/network-auth.xml:3035(para)
16791
#: serverguide/C/network-auth.xml:3064(para)
16743
16793
"First, install the packages, and when asked for the Kerberos and Admin "
16744
16794
"server names enter the name of the Primary KDC:"
16747
#: serverguide/C/network-auth.xml:3046(para)
16797
#: serverguide/C/network-auth.xml:3075(para)
16749
16799
"Once you have the packages installed, create the Secondary KDC's host "
16750
16800
"principal. From a terminal prompt, enter:"
16753
#: serverguide/C/network-auth.xml:3051(command)
16803
#: serverguide/C/network-auth.xml:3080(command)
16754
16804
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16757
#: serverguide/C/network-auth.xml:3055(para)
16807
#: serverguide/C/network-auth.xml:3084(para)
16759
16809
"After, issuing any <application>kadmin</application> commands you will be "
16760
16810
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16764
#: serverguide/C/network-auth.xml:3064(para)
16814
#: serverguide/C/network-auth.xml:3093(para)
16765
16815
msgid "Extract the <emphasis>keytab</emphasis> file:"
16768
#: serverguide/C/network-auth.xml:3069(command)
16818
#: serverguide/C/network-auth.xml:3098(command)
16769
16819
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16772
#: serverguide/C/network-auth.xml:3075(para)
16822
#: serverguide/C/network-auth.xml:3104(para)
16774
16824
"There should now be a <filename>keytab.kdc02</filename> in the current "
16775
16825
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16778
#: serverguide/C/network-auth.xml:3081(command)
16828
#: serverguide/C/network-auth.xml:3110(command)
16779
16829
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16782
#: serverguide/C/network-auth.xml:3085(para)
16832
#: serverguide/C/network-auth.xml:3114(para)
16784
16834
"If the path to the <filename>keytab.kdc02</filename> file is different "
16785
16835
"adjust accordingly."
16788
#: serverguide/C/network-auth.xml:3090(para)
16838
#: serverguide/C/network-auth.xml:3119(para)
16790
16840
"Also, you can list the principals in a Keytab file, which can be useful when "
16791
16841
"troubleshooting, using the <application>klist</application> utility:"
16794
#: serverguide/C/network-auth.xml:3096(command)
16844
#: serverguide/C/network-auth.xml:3125(command)
16795
16845
msgid "sudo klist -k /etc/krb5.keytab"
16798
#: serverguide/C/network-auth.xml:3099(para)
16848
#: serverguide/C/network-auth.xml:3128(para)
16800
16850
"The <application>-k</application> option indicates the file is a keytab file."
16803
#: serverguide/C/network-auth.xml:3106(para)
16853
#: serverguide/C/network-auth.xml:3135(para)
16805
16855
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16806
16856
"that lists all KDCs for the Realm. For example, on both primary and "
16807
16857
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16810
#: serverguide/C/network-auth.xml:3111(programlisting)
16860
#: serverguide/C/network-auth.xml:3140(programlisting)
17655
17705
"l\">kdb5_ldap_util man page</ulink>."
17658
#: serverguide/C/network-auth.xml:3933(para)
17708
#: serverguide/C/network-auth.xml:3959(para)
17660
17710
"Another useful link is the <ulink "
17661
17711
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17662
17712
"rb5.conf man page</ulink>."
17665
#: serverguide/C/network-auth.xml:3938(para)
17715
#: serverguide/C/network-auth.xml:3967(para)
17667
17717
"Also, see the <ulink "
17668
17718
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17669
17719
"and LDAP</ulink> Ubuntu wiki page."
17722
#: serverguide/C/network-auth.xml:3973(title)
17723
msgid "SSSD and Active Directory"
17726
#: serverguide/C/network-auth.xml:3974(para)
17728
"This section describes the use of sssd to authenticate user logins against "
17729
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17730
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
17731
"However, when authenticating against a Microsoft Windows AD Domain "
17732
"Controller, it was generally necessary to install the POSIX AD extensions on "
17733
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
17734
"requires no modifications to the AD structure."
17737
#: serverguide/C/network-auth.xml:3978(title)
17738
msgid "Prerequisites, Assumptions, and Requirements"
17741
#: serverguide/C/network-auth.xml:3981(para)
17743
"This guide does not explain Active Directory, how it works, how to set one "
17744
"up, or how to maintain it. It may not provide “best practices” for your "
17748
#: serverguide/C/network-auth.xml:3983(para)
17750
"This guide assumes that a working Active Directory domain is already "
17754
#: serverguide/C/network-auth.xml:3985(para)
17756
"The domain controller is acting as an authoritative DNS server for the "
17760
#: serverguide/C/network-auth.xml:3987(para)
17762
"The domain controller is the primary DNS resolver as specified in "
17763
"<filename>/etc/resolv.conf</filename>."
17766
#: serverguide/C/network-auth.xml:3990(para)
17768
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17769
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17770
"(see Resources section for external links)."
17773
#: serverguide/C/network-auth.xml:3992(para)
17775
"System time is synchronized on the domain controller (necessary for "
17779
#: serverguide/C/network-auth.xml:3994(para)
17781
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17785
#: serverguide/C/network-auth.xml:3999(para)
17787
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17788
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17789
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
17790
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
17791
"controllers are needed for this step."
17794
#: serverguide/C/network-auth.xml:4000(para)
17795
msgid "Install these packages now."
17798
#: serverguide/C/network-auth.xml:4002(command)
17799
msgid "sudo apt-get install krb5-user samba sssd ntp"
17802
#: serverguide/C/network-auth.xml:4003(para)
17804
"See the next section for the answers to the questions asked by the "
17805
"<emphasis>krb5-user</emphasis> postinstall script."
17808
#: serverguide/C/network-auth.xml:4006(title)
17809
msgid "Kerberos Configuration"
17812
#: serverguide/C/network-auth.xml:4007(para)
17814
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17815
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17816
"server (also the domain controller in this example.) This will write the "
17817
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
17818
"These sections may not be necessary if domain autodiscovery is working. If "
17819
"not, then both are needed."
17822
#: serverguide/C/network-auth.xml:4008(para)
17824
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17825
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17828
#: serverguide/C/network-auth.xml:4011(para)
17830
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17831
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17835
#: serverguide/C/network-auth.xml:4012(programlisting)
17841
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
17842
"ticket_lifetime = 24h #\n"
17843
"renew_lifetime = 7d\n"
17847
#: serverguide/C/network-auth.xml:4020(para)
17849
"If default_realm is not specified, it may be necessary to log in with "
17850
"“username@domain” instead of “username”."
17853
#: serverguide/C/network-auth.xml:4022(para)
17855
"The system time on the Active Directory member needs to be consistent with "
17856
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17857
"the domain controller server itself will provide the NTP service. Edit "
17858
"<filename>/etc/ntp.conf</filename>:"
17861
#: serverguide/C/network-auth.xml:4024(programlisting)
17865
"server dc.myubuntu.example.com\n"
17868
#: serverguide/C/network-auth.xml:4031(para)
17870
"Samba will be used to perform netbios/nmbd services related to Active "
17871
"Directory authentication, even if no file shares are exported. Edit the file "
17872
"/etc/samba/smb.conf and add the following to the "
17873
"<emphasis>[global]</emphasis> section:"
17876
#: serverguide/C/network-auth.xml:4033(programlisting)
17882
"workgroup = MYUBUNTU\n"
17883
"client signing = yes\n"
17884
"client use spnego = yes\n"
17885
"kerberos method = secrets and keytab\n"
17886
"realm = MYUBUNTU.EXAMPLE.COM\n"
17890
#: serverguide/C/network-auth.xml:4044(para)
17892
"Some guides specify that \"password server\" should be specified and pointed "
17893
"to the domain controller. This is only necessary if DNS is not properly set "
17894
"up to find the DC. By default, Samba will display a warning if \"password "
17895
"server\" is specified with \"security = ads\"."
17898
#: serverguide/C/network-auth.xml:4049(title)
17899
msgid "SSSD Configuration"
17902
#: serverguide/C/network-auth.xml:4051(para)
17904
"There is no default/example config file for "
17905
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17906
"necessary to create one. This is a minimal working config file:"
17909
#: serverguide/C/network-auth.xml:4053(programlisting)
17914
"services = nss, pam\n"
17915
"config_file_version = 2\n"
17916
"domains = MYUBUNTU.EXAMPLE.COM\n"
17918
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
17919
"id_provider = ad\n"
17920
"access_provider = ad\n"
17922
"# Use this if users are being logged in at /.\n"
17923
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
17924
"pam_mkhomedir.so\n"
17925
"override_homedir = /home/%d/%u\n"
17927
"# Uncomment if the client machine hostname doesn't match the computer object "
17929
"# ad_hostname = mymachine.myubuntu.example.com\n"
17931
"# Uncomment if DNS SRV resolution is not working\n"
17932
"# ad_server = dc.mydomain.example.com\n"
17934
"# Uncomment if the AD domain is named differently than the Samba domain\n"
17935
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
17937
"# Enumeration is discouraged for performance reasons.\n"
17938
"# enumerate = true\n"
17941
#: serverguide/C/network-auth.xml:4080(para)
17943
"After saving this file, set the ownership to root and the file permissions "
17947
#: serverguide/C/network-auth.xml:4081(command)
17948
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17951
#: serverguide/C/network-auth.xml:4082(command)
17952
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17955
#: serverguide/C/network-auth.xml:4084(para)
17957
"If the ownership or permissions are not correct, sssd will refuse to start."
17960
#: serverguide/C/network-auth.xml:4088(title)
17961
msgid "Verify nsswitch.conf Configuration"
17964
#: serverguide/C/network-auth.xml:4089(para)
17966
"The post-install script for the sssd package makes some modifications to "
17967
"/etc/nsswitch.conf automatically. It should look something like this:"
17970
#: serverguide/C/network-auth.xml:4091(programlisting)
17974
"passwd: compat sss\n"
17975
"group: compat sss\n"
17977
"netgroup: nis sss\n"
17978
"sudoers: files sss\n"
17981
#: serverguide/C/network-auth.xml:4101(title)
17982
msgid "Modify /etc/hosts"
17985
#: serverguide/C/network-auth.xml:4102(para)
17987
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17991
#: serverguide/C/network-auth.xml:4103(programlisting)
17993
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
17996
#: serverguide/C/network-auth.xml:4105(para)
17997
msgid "This is useful in conjunction with dynamic DNS updates."
18000
#: serverguide/C/network-auth.xml:4109(title)
18001
msgid "Join the Active Directory"
18004
#: serverguide/C/network-auth.xml:4110(para)
18005
msgid "Now, restart ntp and samba and start sssd."
18008
#: serverguide/C/virtualization.xml:2208(command)
18009
msgid "sudo service ntp restart"
18012
#: serverguide/C/network-auth.xml:4114(command)
18013
msgid "sudo start sssd"
18016
#: serverguide/C/network-auth.xml:4116(para)
18017
msgid "Test the configuration by obtaining a Kerberos ticket:"
18020
#: serverguide/C/network-auth.xml:4118(command)
18021
msgid "sudo kinit Administrator"
18024
#: serverguide/C/network-auth.xml:4120(para)
18025
msgid "Verify the ticket with:"
18028
#: serverguide/C/network-auth.xml:4121(command)
18032
#: serverguide/C/network-auth.xml:4123(para)
18034
"If there is a ticket with an expiration date listed, then it is time to join "
18038
#: serverguide/C/network-auth.xml:4125(command)
18039
msgid "sudo net ads join -k"
18042
#: serverguide/C/network-auth.xml:4127(para)
18044
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18045
"probably means that there is no (correct) alias in "
18046
"<filename>/etc/hosts</filename>, and the system could not provide its own "
18047
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
18048
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
18049
"\"Modify /etc/hosts\" above."
18052
#: serverguide/C/network-auth.xml:4129(para)
18054
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18055
"something is incorrect. Review the prior steps before proceeding)."
18058
#: serverguide/C/network-auth.xml:4131(para)
18060
"Here are a couple of (optional) checks to verify that the domain join was "
18061
"successful. Note that if the domain was successfully joined but one or both "
18062
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
18063
"Some of the changes appear to be asynchronous."
18066
#: serverguide/C/network-auth.xml:4133(para)
18067
msgid "Verification option #1:"
18070
#: serverguide/C/network-auth.xml:4134(para)
18072
"Check the default Organizational Unit for computer accounts in the Active "
18073
"Directory to verify that the computer account was created. (Organizational "
18074
"Units in Active Directory is a topic outside the scope of this guide)."
18077
#: serverguide/C/network-auth.xml:4136(para)
18078
msgid "Verification option #2"
18081
#: serverguide/C/network-auth.xml:4137(para)
18082
msgid "Execute this command for a specific AD user (e.g. administrator)"
18085
#: serverguide/C/network-auth.xml:4138(command)
18086
msgid "getent passwd username"
18089
#: serverguide/C/network-auth.xml:4140(para)
18091
"If <emphasis>enumerate = true</emphasis> is set in "
18092
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18093
"username argument will list all domain users. This may be useful for "
18094
"testing, but is slow and not recommended for production."
18097
#: serverguide/C/network-auth.xml:4144(title)
18098
msgid "Test Authentication"
18101
#: serverguide/C/network-auth.xml:4145(para)
18103
"It should now be possible to authenticate using an Active Directory User's "
18107
#: serverguide/C/network-auth.xml:4147(command)
18108
msgid "su - username"
18111
#: serverguide/C/network-auth.xml:4149(para)
18113
"If this works, then other login methods (getty, ssh) should also work."
18116
#: serverguide/C/network-auth.xml:4151(para)
18118
"If the computer account was created, indicating that the system was "
18119
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18120
"helpful to review <filename>/etc/pam.d</filename> and "
18121
"<filename>nssswitch.conf</filename> as well as the file changes described "
18122
"earlier in this guide."
18125
#: serverguide/C/network-auth.xml:4155(title)
18126
msgid "Home directories with pam_mkhomedir (optional)"
18129
#: serverguide/C/network-auth.xml:4156(para)
18131
"When logging in using an Active Directory user account, it is likely that "
18132
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18133
"will create the user’s home directory on login. Edit "
18134
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
18135
"after <emphasis>session required pam_unix.so:</emphasis>"
18138
#: serverguide/C/network-auth.xml:4157(programlisting)
18142
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18145
#: serverguide/C/network-auth.xml:4161(para)
18147
"This may also need <emphasis>override_homedir</emphasis> in "
18148
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18152
#: serverguide/C/network-auth.xml:4165(title)
18153
msgid "Desktop Ubuntu Authentication"
18156
#: serverguide/C/network-auth.xml:4166(para)
18158
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18159
"Directory accounts. The AD accounts will not show up in the pick list with "
18160
"local users, so lightdm will need to be modified. Edit the file "
18161
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
18162
"append the following two lines:"
18165
#: serverguide/C/network-auth.xml:4168(programlisting)
18169
"greeter-show-manual-login=true\n"
18170
"greeter-hide-users=true\n"
18173
#: serverguide/C/network-auth.xml:4173(para)
18175
"Reboot to restart lightdm. It should now be possible to log in using a "
18176
"domain account using either <emphasis>username</emphasis> or "
18177
"<emphasis>username/username@domain</emphasis> format."
18180
#: serverguide/C/network-auth.xml:4179(ulink)
18181
msgid "SSSD Project"
18184
#: serverguide/C/network-auth.xml:4180(ulink)
18185
msgid "DNS Server Configuration guidelines"
18188
#: serverguide/C/network-auth.xml:4181(ulink)
18189
msgid "Active Directory DNS Zone Entries"
18192
#: serverguide/C/network-auth.xml:4182(ulink)
18193
msgid "Kerberos config options"
17672
18196
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
17673
18197
msgid "Device Attributes"
20601
#: serverguide/C/mail.xml:1378(para)
21125
#: serverguide/C/mail.xml:1319(para)
20603
21127
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20604
21128
"configuring Postfix."
20607
#: serverguide/C/mail.xml:1381(para)
21131
#: serverguide/C/mail.xml:1322(para)
20609
21133
"To install the rest of the applications enter the following from a terminal "
20613
#: serverguide/C/mail.xml:1385(command)
21137
#: serverguide/C/mail.xml:1326(command)
20614
21138
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20617
#: serverguide/C/mail.xml:1386(command)
21141
#: serverguide/C/mail.xml:1327(command)
20618
21142
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
20621
#: serverguide/C/mail.xml:1388(para)
21145
#: serverguide/C/mail.xml:1329(para)
20623
21147
"There are some optional packages that integrate with "
20624
21148
"<application>Spamassassin</application> for better spam detection:"
20627
#: serverguide/C/mail.xml:1392(command)
21151
#: serverguide/C/mail.xml:1333(command)
20628
21152
msgid "sudo apt-get install pyzor razor"
20631
#: serverguide/C/mail.xml:1394(para)
21155
#: serverguide/C/mail.xml:1335(para)
20633
21157
"Along with the main filtering applications compression utilities are needed "
20634
21158
"to process some email attachments:"
20637
#: serverguide/C/mail.xml:1398(command)
21161
#: serverguide/C/mail.xml:1339(command)
20639
21163
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20642
#: serverguide/C/mail.xml:1401(para)
21166
#: serverguide/C/mail.xml:1342(para)
20644
21168
"If some packages are not found, check that the "
20645
21169
"<emphasis>multiverse</emphasis> repository is enabled in "
20646
21170
"<filename>/etc/apt/sources.list</filename>"
20649
#: serverguide/C/mail.xml:1402(para)
21173
#: serverguide/C/mail.xml:1343(para)
20651
21175
"If you make changes to the file, be sure to run <command>sudo apt-get "
20652
21176
"update</command> before trying to install again."
20655
#: serverguide/C/mail.xml:1407(para)
21179
#: serverguide/C/mail.xml:1348(para)
20656
21180
msgid "Now configure everything to work together and filter email."
20659
#: serverguide/C/mail.xml:1411(title)
21183
#: serverguide/C/mail.xml:1352(title)
20660
21184
msgid "ClamAV"
20663
#: serverguide/C/mail.xml:1412(para)
21187
#: serverguide/C/mail.xml:1353(para)
20665
21189
"The default behaviour of <application>ClamAV</application> will fit our "
20666
21190
"needs. For more ClamAV configuration options, check the configuration files "
20667
21191
"in <filename>/etc/clamav</filename>."
20670
#: serverguide/C/mail.xml:1417(para)
21194
#: serverguide/C/mail.xml:1358(para)
20672
21196
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20673
21197
"group in order for <application>Amavisd-new</application> to have the "
20674
21198
"appropriate access to scan files:"
20677
#: serverguide/C/mail.xml:1422(command)
21201
#: serverguide/C/mail.xml:1363(command)
20678
21202
msgid "sudo adduser clamav amavis"
20681
#: serverguide/C/mail.xml:1423(command)
21205
#: serverguide/C/mail.xml:1364(command)
20682
21206
msgid "sudo adduser amavis clamav"
20685
#: serverguide/C/mail.xml:1427(title)
21209
#: serverguide/C/mail.xml:1368(title)
20686
21210
msgid "Spamassassin"
20689
#: serverguide/C/mail.xml:1428(para)
21213
#: serverguide/C/mail.xml:1369(para)
20691
21215
"Spamassassin automatically detects optional components and will use them if "
20692
21216
"they are present. This means that there is no need to configure "
20693
21217
"<application>pyzor</application> and <application>razor</application>."
20696
#: serverguide/C/mail.xml:1432(para)
21220
#: serverguide/C/mail.xml:1373(para)
20698
21222
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20699
21223
"<application>Spamassassin</application> daemon. Change "
20700
21224
"<emphasis>ENABLED=0</emphasis> to:"
20703
#: serverguide/C/mail.xml:1436(programlisting)
21227
#: serverguide/C/mail.xml:1377(programlisting)
20707
21231
"ENABLED=1\n"
20710
#: serverguide/C/mail.xml:1439(para)
21234
#: serverguide/C/mail.xml:1380(para)
20711
21235
msgid "Now start the daemon:"
22531
23062
"<emphasis>\"Done setting up partition\"</emphasis>."
22534
#: serverguide/C/installation.xml:518(para)
23065
#: serverguide/C/installation.xml:511(para)
22535
23066
msgid "Repeat steps three through eight for the other disk and partitions."
22538
#: serverguide/C/installation.xml:527(title)
23069
#: serverguide/C/installation.xml:520(title)
22539
23070
msgid "RAID Configuration"
23073
#: serverguide/C/installation.xml:522(para)
23074
msgid "With the partitions setup the arrays are ready to be configured:"
22542
23077
#: serverguide/C/installation.xml:529(para)
22543
msgid "With the partitions setup the arrays are ready to be configured:"
22546
#: serverguide/C/installation.xml:536(para)
22548
23079
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
22549
23080
"Software RAID\"</emphasis> at the top."
23083
#: serverguide/C/installation.xml:536(para)
23084
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
22552
23087
#: serverguide/C/installation.xml:543(para)
22553
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23088
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22556
23091
#: serverguide/C/installation.xml:550(para)
22557
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22560
#: serverguide/C/installation.xml:557(para)
22562
23093
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
22563
23094
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
22566
#: serverguide/C/installation.xml:563(para)
23097
#: serverguide/C/installation.xml:556(para)
22568
23099
"In order to use <emphasis>RAID5</emphasis> you need at least "
22569
23100
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
22570
23101
"<emphasis>two</emphasis> drives are required."
22573
#: serverguide/C/installation.xml:572(para)
23104
#: serverguide/C/installation.xml:565(para)
22575
23106
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
22576
23107
"of hard drives you have, for the array. Then select "
22577
23108
"<emphasis>\"Continue\"</emphasis>."
22580
#: serverguide/C/installation.xml:580(para)
23111
#: serverguide/C/installation.xml:573(para)
22582
23113
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
22583
23114
"default, then choose <emphasis>\"Continue\"</emphasis>."
22586
#: serverguide/C/installation.xml:587(para)
23117
#: serverguide/C/installation.xml:580(para)
22588
23119
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22589
23120
"etc. The numbers will usually match and the different letters correspond to "
22590
23121
"different hard drives."
22593
#: serverguide/C/installation.xml:592(para)
23124
#: serverguide/C/installation.xml:585(para)
22595
23126
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22596
23127
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22597
23128
"go to the next step."
22600
#: serverguide/C/installation.xml:600(para)
23131
#: serverguide/C/installation.xml:593(para)
22602
23133
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22603
23134
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22604
23135
"and <emphasis>sdb2</emphasis>."
22607
#: serverguide/C/installation.xml:608(para)
23138
#: serverguide/C/installation.xml:601(para)
22608
23139
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22611
#: serverguide/C/installation.xml:618(title)
23142
#: serverguide/C/installation.xml:611(title)
22612
23143
msgid "Formatting"
22615
#: serverguide/C/installation.xml:620(para)
23146
#: serverguide/C/installation.xml:613(para)
22617
23148
"There should now be a list of hard drives and RAID devices. The next step is "
22618
23149
"to format and set the mount point for the RAID devices. Treat the RAID "
22619
23150
"device as a local hard drive, format and mount accordingly."
22622
#: serverguide/C/installation.xml:628(para)
23153
#: serverguide/C/installation.xml:621(para)
22624
23155
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22625
23156
"#0\"</emphasis> partition."
22628
#: serverguide/C/installation.xml:635(para)
23159
#: serverguide/C/installation.xml:628(para)
22630
23161
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22631
23162
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22634
#: serverguide/C/installation.xml:643(para)
23165
#: serverguide/C/installation.xml:636(para)
22636
23167
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22637
23168
"#1\"</emphasis> partition."
22640
#: serverguide/C/installation.xml:650(para)
23171
#: serverguide/C/installation.xml:643(para)
22642
23173
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22643
23174
"journaling file system\"</emphasis>."
22646
#: serverguide/C/installation.xml:657(para)
23177
#: serverguide/C/installation.xml:650(para)
22648
23179
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22649
23180
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22711
23242
"behavior, and can also be manually edited:"
22714
#: serverguide/C/installation.xml:720(programlisting)
23245
#: serverguide/C/installation.xml:713(programlisting)
22718
23249
"BOOT_DEGRADED=true\n"
22721
#: serverguide/C/installation.xml:725(para)
23252
#: serverguide/C/installation.xml:718(para)
22722
23253
msgid "The configuration file can be overridden by using a Kernel argument."
22725
#: serverguide/C/installation.xml:733(para)
23256
#: serverguide/C/installation.xml:726(para)
22727
23258
"Using a Kernel argument will allow the system to boot to a degraded array as "
22731
#: serverguide/C/installation.xml:739(para)
23262
#: serverguide/C/installation.xml:732(para)
22733
23264
"When the server is booting press <keycap>Shift</keycap> to open the "
22734
23265
"<application>Grub</application> menu."
22737
#: serverguide/C/installation.xml:744(para)
23268
#: serverguide/C/installation.xml:737(para)
22738
23269
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22741
#: serverguide/C/installation.xml:749(para)
23272
#: serverguide/C/installation.xml:742(para)
22742
23273
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22745
#: serverguide/C/installation.xml:754(para)
23276
#: serverguide/C/installation.xml:747(para)
22747
23278
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22748
23279
"end of the line."
22751
#: serverguide/C/installation.xml:759(para)
23282
#: serverguide/C/installation.xml:752(para)
22753
23284
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22754
23285
"the system."
22757
#: serverguide/C/installation.xml:768(para)
23288
#: serverguide/C/installation.xml:761(para)
22759
23290
"Once the system has booted you can either repair the array see <xref "
22760
23291
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22761
23292
"another machine due to major hardware failure."
22764
#: serverguide/C/installation.xml:775(title)
23295
#: serverguide/C/installation.xml:768(title)
22765
23296
msgid "RAID Maintenance"
22768
#: serverguide/C/installation.xml:777(para)
23299
#: serverguide/C/installation.xml:770(para)
22770
23301
"The <application>mdadm</application> utility can be used to view the status "
22771
23302
"of an array, add disks to an array, remove disks, etc:"
22774
#: serverguide/C/installation.xml:784(para)
23305
#: serverguide/C/installation.xml:777(para)
22775
23306
msgid "To view the status of an array, from a terminal prompt enter:"
22778
#: serverguide/C/installation.xml:788(command)
23309
#: serverguide/C/installation.xml:781(command)
22779
23310
msgid "sudo mdadm -D /dev/md0"
22782
#: serverguide/C/installation.xml:791(para)
23313
#: serverguide/C/installation.xml:784(para)
22784
23315
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22785
23316
"display <emphasis>detailed</emphasis> information about the "
23977
24515
"your vendor documentation to configure your specific iSCSI target."
23980
#: serverguide/C/file-server.xml:470(title)
24518
#: serverguide/C/file-server.xml:471(title)
23981
24519
msgid "iSCSI Initiator Install"
23984
#: serverguide/C/file-server.xml:472(para)
24522
#: serverguide/C/file-server.xml:473(para)
23986
24524
"To configure Ubuntu Server as an iSCSI initiator install the "
23987
24525
"<application>open-iscsi</application> package. In a terminal enter:"
23990
#: serverguide/C/file-server.xml:477(command)
24528
#: serverguide/C/file-server.xml:478(command)
23991
24529
msgid "sudo apt-get install open-iscsi"
23994
#: serverguide/C/file-server.xml:482(title)
24532
#: serverguide/C/file-server.xml:483(title)
23995
24533
msgid "iSCSI Initiator Configuration"
23998
#: serverguide/C/file-server.xml:484(para)
24536
#: serverguide/C/file-server.xml:485(para)
24000
24538
"Once the <application>open-iscsi</application> package is installed, edit "
24001
24539
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24004
#: serverguide/C/file-server.xml:488(programlisting)
24542
#: serverguide/C/file-server.xml:489(programlisting)
24008
24546
"node.startup = automatic\n"
24011
#: serverguide/C/file-server.xml:492(para)
24549
#: serverguide/C/file-server.xml:493(para)
24013
24551
"You can check which targets are available by using the "
24014
24552
"<application>iscsiadm</application> utility. Enter the following in a "
24018
#: serverguide/C/file-server.xml:497(command)
24556
#: serverguide/C/file-server.xml:498(command)
24019
24557
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24022
#: serverguide/C/file-server.xml:501(para)
24560
#: serverguide/C/file-server.xml:502(para)
24024
24562
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24027
#: serverguide/C/file-server.xml:502(para)
24565
#: serverguide/C/file-server.xml:503(para)
24028
24566
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24031
#: serverguide/C/file-server.xml:503(para)
24569
#: serverguide/C/file-server.xml:504(para)
24032
24570
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24035
#: serverguide/C/file-server.xml:507(para)
24573
#: serverguide/C/file-server.xml:508(para)
24037
24575
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24038
24576
"your network."
24041
#: serverguide/C/file-server.xml:512(para)
24579
#: serverguide/C/file-server.xml:513(para)
24043
24581
"If the target is available you should see output similar to the following:"
24046
#: serverguide/C/file-server.xml:517(computeroutput)
24584
#: serverguide/C/file-server.xml:518(computeroutput)
24050
24588
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24053
#: serverguide/C/file-server.xml:523(para)
24591
#: serverguide/C/file-server.xml:524(para)
24055
24593
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24056
24594
"on your hardware."
24059
#: serverguide/C/file-server.xml:528(para)
24597
#: serverguide/C/file-server.xml:529(para)
24061
24599
"You should now be able to connect to the iSCSI target, and depending on your "
24062
24600
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24065
#: serverguide/C/file-server.xml:534(command)
24603
#: serverguide/C/file-server.xml:535(command)
24066
24604
msgid "sudo iscsiadm -m node --login"
24069
#: serverguide/C/file-server.xml:537(para)
24607
#: serverguide/C/file-server.xml:538(para)
24071
24609
"Check to make sure that the new disk has been detected using "
24072
24610
"<application>dmesg</application>:"
24075
#: serverguide/C/file-server.xml:542(command)
24613
#: serverguide/C/file-server.xml:543(command)
24076
24614
msgid "dmesg | grep sd"
24079
#: serverguide/C/file-server.xml:543(computeroutput)
24617
#: serverguide/C/file-server.xml:544(computeroutput)
26652
27190
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
26655
#: serverguide/C/dm-multipath.xml:1325(screen)
27193
#: serverguide/C/dm-multipath.xml:1326(screen)
26657
27195
msgid "# echo 'show config' | multipathd -k"
26660
#: serverguide/C/dm-multipath.xml:1330(title)
27198
#: serverguide/C/dm-multipath.xml:1331(title)
26661
27199
msgid "DM-Multipath Administration and Troubleshooting"
26664
#: serverguide/C/dm-multipath.xml:1333(title)
27202
#: serverguide/C/dm-multipath.xml:1334(title)
26665
27203
msgid "Resizing an Online Multipath Device"
26668
#: serverguide/C/dm-multipath.xml:1335(para)
27206
#: serverguide/C/dm-multipath.xml:1336(para)
26670
27208
"If you need to resize an online multipath device, use the following procedure"
26673
#: serverguide/C/dm-multipath.xml:1340(para)
27211
#: serverguide/C/dm-multipath.xml:1341(para)
26674
27212
msgid "Resize your physical device. This is storage platform specific."
26677
#: serverguide/C/dm-multipath.xml:1345(para)
27215
#: serverguide/C/dm-multipath.xml:1346(para)
26678
27216
msgid "Use the following command to find the paths to the LUN:"
26681
#: serverguide/C/dm-multipath.xml:1347(screen)
27219
#: serverguide/C/dm-multipath.xml:1348(screen)
26683
27221
msgid "# multipath -l"
26686
#: serverguide/C/dm-multipath.xml:1351(para)
27224
#: serverguide/C/dm-multipath.xml:1352(para)
26688
27226
"Resize your paths. For SCSI devices, writing 1 to the "
26689
27227
"<filename>rescan</filename> file for the device causes the SCSI driver to "
26690
27228
"rescan, as in the following command:"
26693
#: serverguide/C/dm-multipath.xml:1355(screen)
27231
#: serverguide/C/dm-multipath.xml:1356(screen)
26695
27233
msgid "# echo 1 > /sys/block/device_name/device/rescan"
26698
#: serverguide/C/dm-multipath.xml:1359(para)
27236
#: serverguide/C/dm-multipath.xml:1360(para)
26700
27238
"Resize your multipath device by running the multipathd resize command:"
26703
#: serverguide/C/dm-multipath.xml:1362(screen)
27241
#: serverguide/C/dm-multipath.xml:1363(screen)
26705
27243
msgid "# multipathd -k 'resize map mpatha'"
26708
#: serverguide/C/dm-multipath.xml:1366(para)
27246
#: serverguide/C/dm-multipath.xml:1367(para)
26709
27247
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
26712
#: serverguide/C/dm-multipath.xml:1369(screen)
27250
#: serverguide/C/dm-multipath.xml:1370(screen)
26714
27252
msgid "# resize2fs /dev/mapper/mpatha"
26717
#: serverguide/C/dm-multipath.xml:1375(title)
27255
#: serverguide/C/dm-multipath.xml:1376(title)
26719
27257
"Moving root File Systems from a Single Path Device to a Multipath Device"
26722
#: serverguide/C/dm-multipath.xml:1378(para)
27260
#: serverguide/C/dm-multipath.xml:1379(para)
26724
27262
"This is dramatically simplified by the use of UUIDs to identify devices as "
26725
27263
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"