« back to all changes in this revision
Viewing changes to serverguide/po/ur.po
- browse files at revision 246
- compare with another revision
- download diff
- download tarball
- view history from revision 246
- Committer: Peter Matulis
- Date: 2015-03-22 23:02:24 UTC
- Revision ID: peter.matulis@canonical.com-20150322230224-zu4rs9j8jjf4zzwj
Updated the PO files; by Peter Matulis
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/ur.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2014-09-22 11:47-0700\n"
11
"PO-Revision-Date: 2014-03-20 22:00+0000\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Urdu <ur@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2014-10-11 02:52+0000\n"
18
"X-Generator: Launchpad (build 17196)\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:34+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
86
86
"for the development and deployment of Web-based applications."
87
87
msgstr ""
88
88
89
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:703(title) serverguide/C/web-servers.xml:846(title) serverguide/C/web-servers.xml:969(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:813(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:87(title) serverguide/C/vcs.xml:211(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:119(title) serverguide/C/network-auth.xml:2771(title) serverguide/C/network-auth.xml:3243(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/lamp-applications.xml:512(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1221(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
89
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
90
90
msgid "Installation"
91
91
msgstr ""
92
92
104
104
msgid "sudo apt-get install apache2"
105
105
msgstr ""
106
106
107
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:756(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:996(title) serverguide/C/web-servers.xml:1099(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:96(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2858(title) serverguide/C/network-auth.xml:3264(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/lamp-applications.xml:533(title) serverguide/C/installation.xml:1237(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
107
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
108
108
msgid "Configuration"
109
109
msgstr ""
110
110
146
146
"<application>apache2</application> is restarted."
147
147
msgstr ""
148
148
149
#: serverguide/C/web-servers.xml:108(para)
149
#: serverguide/C/web-servers.xml:93(para)
150
150
msgid ""
151
151
"<emphasis>envvars:</emphasis> file where Apache2 "
152
152
"<emphasis>environment</emphasis> variables are set."
153
153
msgstr ""
154
154
155
#: serverguide/C/web-servers.xml:113(para)
155
#: serverguide/C/web-servers.xml:106(para)
156
156
msgid ""
157
157
"<emphasis>mods-available:</emphasis> this directory contains configuration "
158
158
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
159
159
"modules will have specific configuration files, however."
160
160
msgstr ""
161
161
162
#: serverguide/C/web-servers.xml:119(para)
162
#: serverguide/C/web-servers.xml:112(para)
163
163
msgid ""
164
164
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
165
165
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
167
167
"<application>apache2</application> is restarted."
168
168
msgstr ""
169
169
170
#: serverguide/C/web-servers.xml:126(para)
170
#: serverguide/C/web-servers.xml:119(para)
171
171
msgid ""
172
172
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
173
173
"TCP ports Apache2 is listening on."
174
174
msgstr ""
175
175
176
#: serverguide/C/web-servers.xml:131(para)
176
#: serverguide/C/web-servers.xml:124(para)
177
177
msgid ""
178
178
"<emphasis>sites-available:</emphasis> this directory has configuration files "
179
179
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
180
180
"to be configured for multiple sites that have separate configurations."
181
181
msgstr ""
182
182
183
#: serverguide/C/web-servers.xml:138(para)
183
#: serverguide/C/web-servers.xml:130(para)
184
184
msgid ""
185
185
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
186
186
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
195
195
"the first few bytes of a file."
196
196
msgstr ""
197
197
198
#: serverguide/C/web-servers.xml:151(para)
198
#: serverguide/C/web-servers.xml:138(para)
199
199
msgid ""
200
200
"In addition, other configuration files may be added using the "
201
201
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
204
204
"recognized by Apache2 when it is started or restarted."
205
205
msgstr ""
206
206
207
#: serverguide/C/web-servers.xml:160(para)
207
#: serverguide/C/web-servers.xml:147(para)
208
208
msgid ""
209
209
"The server also reads a file containing mime document types; the filename is "
210
210
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
213
213
"by default."
214
214
msgstr ""
215
215
216
#: serverguide/C/web-servers.xml:168(title)
216
#: serverguide/C/web-servers.xml:155(title)
217
217
msgid "Basic Settings"
218
218
msgstr ""
219
219
228
228
msgid ""
229
229
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
230
230
"it is configured with a single default virtual host (using the "
231
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
232
"if you have a single site, or used as a template for additional virtual "
231
"<emphasis>VirtualHost</emphasis> directive) which can be modified or used as-"
232
"is if you have a single site, or used as a template for additional virtual "
233
233
"hosts if you have multiple sites. If left alone, the default virtual host "
234
234
"will serve as your default site, or the site users will see if the URL they "
235
235
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
237
237
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
238
238
msgstr ""
239
239
240
#: serverguide/C/web-servers.xml:190(para)
240
#: serverguide/C/web-servers.xml:177(para)
241
241
msgid ""
242
242
"The directives set for a virtual host only apply to that particular virtual "
243
243
"host. If a directive is set server-wide and not defined within the virtual "
246
246
"virtual host."
247
247
msgstr ""
248
248
249
#: serverguide/C/web-servers.xml:198(para)
249
#: serverguide/C/web-servers.xml:185(para)
250
250
msgid ""
251
251
"If you wish to configure a new virtual host or site, copy that file into the "
252
252
"same directory with a name you choose. For example:"
258
258
"available/mynewsite.conf"
259
259
msgstr ""
260
260
261
#: serverguide/C/web-servers.xml:207(para)
261
#: serverguide/C/web-servers.xml:194(para)
262
262
msgid ""
263
263
"Edit the new file to configure the new site using some of the directives "
264
264
"described below."
265
265
msgstr ""
266
266
267
#: serverguide/C/web-servers.xml:214(para)
267
#: serverguide/C/web-servers.xml:201(para)
268
268
msgid ""
269
269
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
270
270
"to be advertised for the server's administrator. The default value is "
275
275
"configuration file in /etc/apache2/sites-available."
276
276
msgstr ""
277
277
278
#: serverguide/C/web-servers.xml:225(para)
278
#: serverguide/C/web-servers.xml:212(para)
279
279
msgid ""
280
280
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
281
281
"the IP address, Apache2 should listen on. If the IP address is not "
301
301
"available/mynewsite.conf</filename>)."
302
302
msgstr ""
303
303
304
#: serverguide/C/web-servers.xml:250(para)
304
#: serverguide/C/web-servers.xml:237(para)
305
305
msgid ""
306
306
"You may also want your site to respond to www.ubunturocks.com, since many "
307
307
"users will assume the www prefix is appropriate. Use the "
309
309
"wildcards in the ServerAlias directive."
310
310
msgstr ""
311
311
312
#: serverguide/C/web-servers.xml:257(para)
312
#: serverguide/C/web-servers.xml:244(para)
313
313
msgid ""
314
314
"For example, the following configuration will cause your site to respond to "
315
315
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
316
316
msgstr ""
317
317
318
#: serverguide/C/web-servers.xml:263(programlisting)
318
#: serverguide/C/web-servers.xml:250(programlisting)
319
319
#, no-wrap
320
320
msgid ""
321
321
"\n"
331
331
"virtual host file, and remember to create that directory if necessary!"
332
332
msgstr ""
333
333
334
#: serverguide/C/web-servers.xml:278(para)
334
#: serverguide/C/web-servers.xml:265(para)
335
335
msgid ""
336
336
"Enable the new <emphasis>VirtualHost</emphasis> using the "
337
337
"<application>a2ensite</application> utility and restart Apache2:"
338
338
msgstr ""
339
339
340
#: serverguide/C/web-servers.xml:284(command)
340
#: serverguide/C/web-servers.xml:271(command)
341
341
msgid "sudo a2ensite mynewsite"
342
342
msgstr ""
343
343
344
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:222(command) serverguide/C/lamp-applications.xml:573(command)
344
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
345
345
msgid "sudo service apache2 restart"
346
346
msgstr ""
347
347
348
#: serverguide/C/web-servers.xml:289(para)
348
#: serverguide/C/web-servers.xml:276(para)
349
349
msgid ""
350
350
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
351
351
"name for the VirtualHost. One method is to name the file after the "
352
352
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
353
353
msgstr ""
354
354
355
#: serverguide/C/web-servers.xml:296(para)
355
#: serverguide/C/web-servers.xml:283(para)
356
356
msgid ""
357
357
"Similarly, use the <application>a2dissite</application> utility to disable "
358
358
"sites. This is can be useful when troubleshooting configuration problems "
359
359
"with multiple VirtualHosts:"
360
360
msgstr ""
361
361
362
#: serverguide/C/web-servers.xml:302(command)
362
#: serverguide/C/web-servers.xml:289(command)
363
363
msgid "sudo a2dissite mynewsite"
364
364
msgstr ""
365
365
366
#: serverguide/C/web-servers.xml:308(title)
366
#: serverguide/C/web-servers.xml:295(title)
367
367
msgid "Default Settings"
368
368
msgstr ""
369
369
370
#: serverguide/C/web-servers.xml:310(para)
370
#: serverguide/C/web-servers.xml:297(para)
371
371
msgid ""
372
372
"This section explains configuration of the Apache2 server default settings. "
373
373
"For example, if you add a virtual host, the settings you configure for the "
375
375
"defined within the virtual host settings, the default value is used."
376
376
msgstr ""
377
377
378
#: serverguide/C/web-servers.xml:322(para)
378
#: serverguide/C/web-servers.xml:309(para)
379
379
msgid ""
380
380
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
381
381
"server when a user requests an index of a directory by specifying a forward "
382
382
"slash (/) at the end of the directory name."
383
383
msgstr ""
384
384
385
#: serverguide/C/web-servers.xml:329(para)
385
#: serverguide/C/web-servers.xml:316(para)
386
386
msgid ""
387
387
"For example, when a user requests the page "
388
388
"http://www.example.com/this_directory/, he or she will get either the "
405
405
"file for Apache2 to use for specific error events. For example, if a user "
406
406
"requests a resource that does not exist, a 404 error will occur. By default, "
407
407
"Apache2 will simply return a HTTP 404 Return code. Read "
408
"<filename>/etc/apache2/conf.d/localized-error-pages</filename> for detailed "
409
"instructions for using ErrorDocument, including locations of example files."
408
"<filename>/etc/apache2/conf-available/localized-error-pages.conf</filename> "
409
"for detailed instructions for using ErrorDocument, including locations of "
410
"example files."
410
411
msgstr ""
411
412
412
#: serverguide/C/web-servers.xml:360(para)
413
#: serverguide/C/web-servers.xml:347(para)
413
414
msgid ""
414
415
"By default, the server writes the transfer log to the file "
415
416
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
425
426
"/etc/apache2/apache2.conf</filename> for the default value)."
426
427
msgstr ""
427
428
428
#: serverguide/C/web-servers.xml:375(para)
429
#: serverguide/C/web-servers.xml:362(para)
429
430
msgid ""
430
431
"Some options are specified on a per-directory basis rather than per-server. "
431
432
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
441
442
"</Directory>\n"
442
443
msgstr ""
443
444
444
#: serverguide/C/web-servers.xml:387(para)
445
#: serverguide/C/web-servers.xml:374(para)
445
446
msgid ""
446
447
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
447
448
"one or more of the following values (among others), separated by spaces:"
448
449
msgstr ""
449
450
450
#: serverguide/C/web-servers.xml:399(para)
451
#: serverguide/C/web-servers.xml:386(para)
451
452
msgid ""
452
453
"Most files should not be executed as CGI scripts. This would be very "
453
454
"dangerous. CGI scripts should kept in a directory separate from and outside "
456
457
"<filename>/usr/lib/cgi-bin</filename>."
457
458
msgstr ""
458
459
459
#: serverguide/C/web-servers.xml:394(para)
460
#: serverguide/C/web-servers.xml:381(para)
460
461
msgid ""
461
462
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
462
463
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
463
464
msgstr ""
464
465
465
#: serverguide/C/web-servers.xml:410(para)
466
#: serverguide/C/web-servers.xml:397(para)
466
467
msgid ""
467
468
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
468
469
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
471
472
"documentation (Ubuntu community)</ulink> for more information."
472
473
msgstr ""
473
474
474
#: serverguide/C/web-servers.xml:419(para)
475
#: serverguide/C/web-servers.xml:406(para)
475
476
msgid ""
476
477
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
477
478
"includes, but disable the <emphasis>#exec</emphasis> and "
478
479
"<emphasis>#include</emphasis> commands in CGI scripts."
479
480
msgstr ""
480
481
481
#: serverguide/C/web-servers.xml:431(para)
482
#: serverguide/C/web-servers.xml:418(para)
482
483
msgid ""
483
484
"For security reasons, this should usually not be set, and certainly should "
484
485
"not be set on your DocumentRoot directory. Enable this option carefully on a "
486
487
"contents of the directory."
487
488
msgstr ""
488
489
489
#: serverguide/C/web-servers.xml:426(para)
490
#: serverguide/C/web-servers.xml:413(para)
490
491
msgid ""
491
492
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
492
493
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
502
503
"Apache2 documentation on this option</ulink>."
503
504
msgstr ""
504
505
505
#: serverguide/C/web-servers.xml:449(para)
506
#: serverguide/C/web-servers.xml:436(para)
506
507
msgid ""
507
508
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
508
509
"symbolic links if the target file or directory has the same owner as the "
509
510
"link."
510
511
msgstr ""
511
512
512
#: serverguide/C/web-servers.xml:461(title)
513
#: serverguide/C/web-servers.xml:448(title)
513
514
msgid "httpd Settings"
514
515
msgstr ""
515
516
516
#: serverguide/C/web-servers.xml:463(para)
517
#: serverguide/C/web-servers.xml:450(para)
517
518
msgid ""
518
519
"This section explains some basic <application>httpd</application> daemon "
519
520
"configuration settings."
520
521
msgstr ""
521
522
522
#: serverguide/C/web-servers.xml:467(para)
523
#: serverguide/C/web-servers.xml:454(para)
523
524
msgid ""
524
525
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
525
526
"the path to the lockfile used when the server is compiled with either "
530
531
"that is readable only by root."
531
532
msgstr ""
532
533
533
#: serverguide/C/web-servers.xml:476(para)
534
#: serverguide/C/web-servers.xml:463(para)
534
535
msgid ""
535
536
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
536
537
"file in which the server records its process ID (pid). This file should only "
537
538
"be readable by root. In most cases, it should be left to the default value."
538
539
msgstr ""
539
540
540
#: serverguide/C/web-servers.xml:482(para)
541
#: serverguide/C/web-servers.xml:469(para)
541
542
msgid ""
542
543
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
543
544
"used by the server to answer requests. This setting determines the server's "
545
546
"your website's visitors. The default value for User is \"www-data\"."
546
547
msgstr ""
547
548
548
#: serverguide/C/web-servers.xml:489(para)
549
#: serverguide/C/web-servers.xml:476(para)
549
550
msgid ""
550
551
"Unless you know exactly what you are doing, do not set the User directive to "
551
552
"root. Using root as the User will create large security holes for your Web "
552
553
"server."
553
554
msgstr ""
554
555
555
#: serverguide/C/web-servers.xml:495(para)
556
#: serverguide/C/web-servers.xml:482(para)
556
557
msgid ""
557
558
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
558
559
"the User directive. Group sets the group under which the server will answer "
559
560
"requests. The default group is also \"www-data\"."
560
561
msgstr ""
561
562
562
#: serverguide/C/web-servers.xml:502(title)
563
#: serverguide/C/web-servers.xml:489(title)
563
564
msgid "Apache2 Modules"
564
565
msgstr ""
565
566
566
#: serverguide/C/web-servers.xml:504(para)
567
#: serverguide/C/web-servers.xml:491(para)
567
568
msgid ""
568
569
"Apache2 is a modular server. This implies that only the most basic "
569
570
"functionality is included in the core server. Extended features are "
574
575
"Apache2 must be recompiled to add or remove modules."
575
576
msgstr ""
576
577
577
#: serverguide/C/web-servers.xml:516(para)
578
#: serverguide/C/web-servers.xml:503(para)
578
579
msgid ""
579
580
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
580
581
"Configuration directives may be conditionally included on the presence of a "
582
583
"<emphasis><IfModule></emphasis> block."
583
584
msgstr ""
584
585
585
#: serverguide/C/web-servers.xml:523(para)
586
#: serverguide/C/web-servers.xml:510(para)
586
587
msgid ""
587
588
"You can install additional Apache2 modules and use them with your Web "
588
589
"server. For example, run the following command from a terminal prompt to "
589
590
"install the <emphasis>MySQL Authentication</emphasis> module:"
590
591
msgstr ""
591
592
592
#: serverguide/C/web-servers.xml:530(command)
593
#: serverguide/C/web-servers.xml:517(command)
593
594
msgid "sudo apt-get install libapache2-mod-auth-mysql"
594
595
msgstr ""
595
596
596
#: serverguide/C/web-servers.xml:533(para)
597
#: serverguide/C/web-servers.xml:520(para)
597
598
msgid ""
598
599
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
599
600
"additional modules."
600
601
msgstr ""
601
602
602
#: serverguide/C/web-servers.xml:537(para)
603
#: serverguide/C/web-servers.xml:524(para)
603
604
msgid ""
604
605
"Use the <application>a2enmod</application> utility to enable a module:"
605
606
msgstr ""
606
607
607
#: serverguide/C/web-servers.xml:543(command)
608
#: serverguide/C/web-servers.xml:530(command)
608
609
msgid "sudo a2enmod auth_mysql"
609
610
msgstr ""
610
611
611
#: serverguide/C/web-servers.xml:547(para)
612
#: serverguide/C/web-servers.xml:534(para)
612
613
msgid "Similarly, <application>a2dismod</application> will disable a module:"
613
614
msgstr ""
614
615
615
#: serverguide/C/web-servers.xml:552(command)
616
#: serverguide/C/web-servers.xml:539(command)
616
617
msgid "sudo a2dismod auth_mysql"
617
618
msgstr ""
618
619
619
#: serverguide/C/web-servers.xml:559(title)
620
#: serverguide/C/web-servers.xml:546(title)
620
621
msgid "HTTPS Configuration"
621
622
msgstr ""
622
623
623
#: serverguide/C/web-servers.xml:561(para)
624
#: serverguide/C/web-servers.xml:548(para)
624
625
msgid ""
625
626
"The <application>mod_ssl</application> module adds an important feature to "
626
627
"the Apache2 server - the ability to encrypt communications. Thus, when your "
629
630
"bar."
630
631
msgstr ""
631
632
632
#: serverguide/C/web-servers.xml:570(para)
633
#: serverguide/C/web-servers.xml:557(para)
633
634
msgid ""
634
635
"The <application>mod_ssl</application> module is available in "
635
636
"<application>apache2-common</application> package. Execute the following "
637
638
"<application>mod_ssl</application> module:"
638
639
msgstr ""
639
640
640
#: serverguide/C/web-servers.xml:577(command)
641
#: serverguide/C/web-servers.xml:564(command)
641
642
msgid "sudo a2enmod ssl"
642
643
msgstr ""
643
644
655
656
"linkend=\"certificates-and-security\"/>"
656
657
msgstr ""
657
658
658
#: serverguide/C/web-servers.xml:590(para)
659
#: serverguide/C/web-servers.xml:577(para)
659
660
msgid ""
660
661
"To configure <application>Apache2</application> for HTTPS, enter the "
661
662
"following:"
662
663
msgstr ""
663
664
664
#: serverguide/C/web-servers.xml:595(command)
665
#: serverguide/C/web-servers.xml:582(command)
665
666
msgid "sudo a2ensite default-ssl"
666
667
msgstr ""
667
668
668
#: serverguide/C/web-servers.xml:599(para)
669
#: serverguide/C/web-servers.xml:586(para)
669
670
msgid ""
670
671
"The directories <filename>/etc/ssl/certs</filename> and "
671
672
"<filename>/etc/ssl/private</filename> are the default locations. If you "
674
675
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
675
676
msgstr ""
676
677
677
#: serverguide/C/web-servers.xml:606(para)
678
#: serverguide/C/web-servers.xml:593(para)
678
679
msgid ""
679
680
"With Apache2 now configured for HTTPS, restart the service to enable the new "
680
681
"settings:"
681
682
msgstr ""
682
683
683
#: serverguide/C/web-servers.xml:617(para)
684
#: serverguide/C/web-servers.xml:604(para)
684
685
msgid ""
685
686
"Depending on how you obtained your certificate you may need to enter a "
686
687
"passphrase when <application>Apache2</application> starts."
687
688
msgstr ""
688
689
689
#: serverguide/C/web-servers.xml:623(para)
690
#: serverguide/C/web-servers.xml:610(para)
690
691
msgid ""
691
692
"You can access the secure server pages by typing https://your_hostname/url/ "
692
693
"in your browser address bar."
693
694
msgstr ""
694
695
695
#: serverguide/C/web-servers.xml:630(title)
696
#: serverguide/C/web-servers.xml:617(title)
696
697
msgid "Sharing Write Permission"
697
698
msgstr ""
698
699
716
717
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
717
718
msgstr ""
718
719
719
#: serverguide/C/web-servers.xml:645(para)
720
#: serverguide/C/web-servers.xml:632(para)
720
721
msgid ""
721
722
"If access must be granted to more than one group per directory, enable "
722
723
"Access Control Lists (ACLs)."
723
724
msgstr ""
724
725
725
#: serverguide/C/web-servers.xml:652(title) serverguide/C/web-servers.xml:802(title) serverguide/C/web-servers.xml:951(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/web-servers.xml:1271(title) serverguide/C/vpn.xml:830(title) serverguide/C/vcs.xml:531(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1625(title) serverguide/C/security.xml:1811(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/other-apps.xml:345(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1750(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/lamp-applications.xml:636(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
726
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
726
727
msgid "References"
727
728
msgstr ""
728
729
734
735
"the official Apache2 docs."
735
736
msgstr ""
736
737
737
#: serverguide/C/web-servers.xml:663(para)
738
#: serverguide/C/web-servers.xml:650(para)
738
739
msgid ""
739
740
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
740
741
"Documentation</ulink> site for more SSL related information."
741
742
msgstr ""
742
743
743
#: serverguide/C/web-servers.xml:669(para)
744
#: serverguide/C/web-servers.xml:656(para)
744
745
msgid ""
745
746
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
746
747
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
747
748
"configurations."
748
749
msgstr ""
749
750
750
#: serverguide/C/web-servers.xml:675(para)
751
#: serverguide/C/web-servers.xml:662(para)
751
752
msgid ""
752
753
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
753
754
"server</emphasis> IRC channel on <ulink "
754
755
"url=\"http://freenode.net/\">freenode.net</ulink>."
755
756
msgstr ""
756
757
757
#: serverguide/C/web-servers.xml:681(para)
758
#: serverguide/C/web-servers.xml:668(para)
758
759
msgid ""
759
760
"Usually integrated with PHP and MySQL the <ulink "
760
761
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
761
762
"Ubuntu Wiki </ulink> page is a good resource."
762
763
msgstr ""
763
764
764
#: serverguide/C/web-servers.xml:692(title)
765
#: serverguide/C/web-servers.xml:679(title)
765
766
msgid "PHP5 - Scripting Language"
766
767
msgstr ""
767
768
768
#: serverguide/C/web-servers.xml:693(para)
769
#: serverguide/C/web-servers.xml:680(para)
769
770
msgid ""
770
771
"PHP is a general-purpose scripting language suited for Web development. The "
771
772
"PHP script can be embedded into HTML. This section explains how to install "
772
773
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
773
774
msgstr ""
774
775
775
#: serverguide/C/web-servers.xml:697(para)
776
#: serverguide/C/web-servers.xml:684(para)
776
777
msgid ""
777
778
"This section assumes you have installed and configured Apache2 Web Server "
778
779
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
780
781
"respectively."
781
782
msgstr ""
782
783
783
#: serverguide/C/web-servers.xml:704(para)
784
#: serverguide/C/web-servers.xml:691(para)
784
785
msgid ""
785
786
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
786
787
"installed in the base system, PHP must be added."
787
788
msgstr ""
788
789
789
#: serverguide/C/web-servers.xml:708(para)
790
#: serverguide/C/web-servers.xml:695(para)
790
791
msgid ""
791
792
"To install PHP5 you can enter the following command in the terminal prompt: "
792
793
"<screen>\n"
794
795
"</screen>"
795
796
msgstr ""
796
797
797
#: serverguide/C/web-servers.xml:717(para)
798
#: serverguide/C/web-servers.xml:704(para)
798
799
msgid ""
799
800
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
800
801
"line you should install <application>php5-cli</application> package. To "
804
805
"</screen>"
805
806
msgstr ""
806
807
807
#: serverguide/C/web-servers.xml:726(para)
808
#: serverguide/C/web-servers.xml:713(para)
808
809
msgid ""
809
810
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
810
811
"accomplish this, you should install <application>php5-cgi</application> "
814
815
"</screen>"
815
816
msgstr ""
816
817
817
#: serverguide/C/web-servers.xml:736(para)
818
#: serverguide/C/web-servers.xml:723(para)
818
819
msgid ""
819
820
"To use <application>MySQL</application> with PHP5 you should install "
820
821
"<application>php5-mysql</application> package. To install <application>php5-"
824
825
"</screen>"
825
826
msgstr ""
826
827
827
#: serverguide/C/web-servers.xml:744(para)
828
#: serverguide/C/web-servers.xml:731(para)
828
829
msgid ""
829
830
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
830
831
"install <application>php5-pgsql</application> package. To install "
834
835
"</screen>"
835
836
msgstr ""
836
837
837
#: serverguide/C/web-servers.xml:757(para)
838
#: serverguide/C/web-servers.xml:744(para)
838
839
msgid ""
839
840
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
840
841
"you have installed <application>php5-cli</application> package, you can run "
841
842
"PHP5 scripts from your command prompt."
842
843
msgstr ""
843
844
844
#: serverguide/C/web-servers.xml:764(para)
845
#: serverguide/C/web-servers.xml:751(para)
845
846
msgid ""
846
847
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
847
848
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
852
853
"command."
853
854
msgstr ""
854
855
855
#: serverguide/C/web-servers.xml:775(para)
856
#: serverguide/C/web-servers.xml:762(para)
856
857
msgid ""
857
858
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
858
859
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
860
861
"<screen><command>sudo service apache2 restart</command> </screen>"
861
862
msgstr ""
862
863
863
#: serverguide/C/web-servers.xml:783(title) serverguide/C/network-auth.xml:1048(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1673(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
864
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
864
865
msgid "Testing"
865
866
msgstr ""
866
867
867
#: serverguide/C/web-servers.xml:784(para)
868
#: serverguide/C/web-servers.xml:771(para)
868
869
msgid ""
869
870
"To verify your installation, you can run following PHP5 phpinfo script:"
870
871
msgstr ""
871
872
872
#: serverguide/C/web-servers.xml:787(programlisting)
873
#: serverguide/C/web-servers.xml:774(programlisting)
873
874
#, no-wrap
874
875
msgid ""
875
876
"\n"
878
879
"?>\n"
879
880
msgstr ""
880
881
881
#: serverguide/C/web-servers.xml:792(para)
882
#: serverguide/C/web-servers.xml:779(para)
882
883
msgid ""
883
884
"You can save the content in a file <filename>phpinfo.php</filename> and "
884
885
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
887
888
"various PHP5 configuration parameters."
888
889
msgstr ""
889
890
890
#: serverguide/C/web-servers.xml:806(para)
891
#: serverguide/C/web-servers.xml:793(para)
891
892
msgid ""
892
893
"For more in depth information see <ulink "
893
894
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
894
895
msgstr ""
895
896
896
#: serverguide/C/web-servers.xml:811(para)
897
#: serverguide/C/web-servers.xml:798(para)
897
898
msgid ""
898
899
"There are a plethora of books on PHP. Two good books from O'Reilly are "
899
900
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
901
902
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
902
903
msgstr ""
903
904
904
#: serverguide/C/web-servers.xml:818(para)
905
#: serverguide/C/web-servers.xml:805(para)
905
906
msgid ""
906
907
"Also, see the <ulink "
907
908
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
908
909
"Ubuntu Wiki</ulink> page for more information."
909
910
msgstr ""
910
911
911
#: serverguide/C/web-servers.xml:829(title)
912
#: serverguide/C/web-servers.xml:816(title)
912
913
msgid "Squid - Proxy Server"
913
914
msgstr ""
914
915
937
938
"for increased performance."
938
939
msgstr ""
939
940
940
#: serverguide/C/web-servers.xml:847(para)
941
#: serverguide/C/web-servers.xml:834(para)
941
942
msgid ""
942
943
"At a terminal prompt, enter the following command to install the Squid "
943
944
"server:"
972
973
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
973
974
msgstr ""
974
975
975
#: serverguide/C/web-servers.xml:878(para)
976
#: serverguide/C/web-servers.xml:866(para)
976
977
msgid ""
977
978
"To set your Squid server to listen on TCP port 8888 instead of the default "
978
979
"TCP port 3128, change the http_port directive as such:"
979
980
msgstr ""
980
981
981
#: serverguide/C/web-servers.xml:882(programlisting)
982
#: serverguide/C/web-servers.xml:870(programlisting)
982
983
#, no-wrap
983
984
msgid ""
984
985
"\n"
985
986
"http_port 8888\n"
986
987
msgstr ""
987
988
988
#: serverguide/C/web-servers.xml:887(para)
989
#: serverguide/C/web-servers.xml:875(para)
989
990
msgid ""
990
991
"Change the visible_hostname directive in order to give the Squid server a "
991
992
"specific hostname. This hostname does not necessarily need to be the "
992
993
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
993
994
msgstr ""
994
995
995
#: serverguide/C/web-servers.xml:891(programlisting)
996
#: serverguide/C/web-servers.xml:879(programlisting)
996
997
#, no-wrap
997
998
msgid ""
998
999
"\n"
999
1000
"visible_hostname weezie\n"
1000
1001
msgstr ""
1001
1002
1002
#: serverguide/C/web-servers.xml:896(para)
1003
#: serverguide/C/web-servers.xml:884(para)
1003
1004
msgid ""
1004
1005
"Using Squid's access control, you may configure use of Internet services "
1005
1006
"proxied by Squid to be available only users with certain Internet Protocol "
1013
1014
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1014
1015
msgstr ""
1015
1016
1016
#: serverguide/C/web-servers.xml:904(programlisting)
1017
#: serverguide/C/web-servers.xml:892(programlisting)
1017
1018
#, no-wrap
1018
1019
msgid ""
1019
1020
"\n"
1026
1027
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1027
1028
msgstr ""
1028
1029
1029
#: serverguide/C/web-servers.xml:911(programlisting)
1030
#: serverguide/C/web-servers.xml:899(programlisting)
1030
1031
#, no-wrap
1031
1032
msgid ""
1032
1033
"\n"
1042
1043
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1043
1044
msgstr ""
1044
1045
1045
#: serverguide/C/web-servers.xml:924(programlisting)
1046
#: serverguide/C/web-servers.xml:912(programlisting)
1046
1047
#, no-wrap
1047
1048
msgid ""
1048
1049
"\n"
1050
1051
"acl biz_hours time M T W T F 9:00-17:00\n"
1051
1052
msgstr ""
1052
1053
1053
#: serverguide/C/web-servers.xml:932(programlisting)
1054
#: serverguide/C/web-servers.xml:920(programlisting)
1054
1055
#, no-wrap
1055
1056
msgid ""
1056
1057
"\n"
1069
1070
msgid "sudo service squid3 restart"
1070
1071
msgstr ""
1071
1072
1072
#: serverguide/C/web-servers.xml:953(ulink)
1073
#: serverguide/C/web-servers.xml:941(ulink)
1073
1074
msgid "Squid Website"
1074
1075
msgstr ""
1075
1076
1076
#: serverguide/C/web-servers.xml:955(para)
1077
#: serverguide/C/web-servers.xml:943(para)
1077
1078
msgid ""
1078
1079
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1079
1080
"Squid</ulink> page."
1080
1081
msgstr ""
1081
1082
1082
#: serverguide/C/web-servers.xml:962(title)
1083
#: serverguide/C/web-servers.xml:950(title)
1083
1084
msgid "Ruby on Rails"
1084
1085
msgstr ""
1085
1086
1086
#: serverguide/C/web-servers.xml:963(para)
1087
#: serverguide/C/web-servers.xml:951(para)
1087
1088
msgid ""
1088
1089
"Ruby on Rails is an open source web framework for developing database backed "
1089
1090
"web applications. It is optimized for sustainable productivity of the "
1091
1092
"convention over configuration."
1092
1093
msgstr ""
1093
1094
1094
#: serverguide/C/web-servers.xml:970(para)
1095
#: serverguide/C/web-servers.xml:958(para)
1095
1096
msgid ""
1096
1097
"Before installing <application>Rails</application> you should install "
1097
1098
"<application>Apache</application> and <application>MySQL</application>. To "
1100
1101
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1101
1102
msgstr ""
1102
1103
1103
#: serverguide/C/web-servers.xml:978(para)
1104
#: serverguide/C/web-servers.xml:966(para)
1104
1105
msgid ""
1105
1106
"Once you have <application>Apache</application> and "
1106
1107
"<application>MySQL</application> packages installed, you are ready to "
1107
1108
"install <application>Ruby on Rails</application> package."
1108
1109
msgstr ""
1109
1110
1110
#: serverguide/C/web-servers.xml:985(para)
1111
#: serverguide/C/web-servers.xml:973(para)
1111
1112
msgid ""
1112
1113
"To install the <application>Ruby</application> base packages and "
1113
1114
"<application>Ruby on Rails</application>, you can enter the following "
1114
1115
"command in the terminal prompt:"
1115
1116
msgstr ""
1116
1117
1117
#: serverguide/C/web-servers.xml:991(command)
1118
#: serverguide/C/web-servers.xml:979(command)
1118
1119
msgid "sudo apt-get install rails"
1119
1120
msgstr ""
1120
1121
1124
1125
"default.conf</filename> configuration file to setup your domains."
1125
1126
msgstr ""
1126
1127
1127
#: serverguide/C/web-servers.xml:1001(para)
1128
#: serverguide/C/web-servers.xml:989(para)
1128
1129
msgid ""
1129
1130
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1130
1131
msgstr ""
1131
1132
1132
#: serverguide/C/web-servers.xml:1005(programlisting)
1133
#: serverguide/C/web-servers.xml:993(programlisting)
1133
1134
#, no-wrap
1134
1135
msgid ""
1135
1136
"\n"
1136
1137
"DocumentRoot /path/to/rails/application/public\n"
1137
1138
msgstr ""
1138
1139
1139
#: serverguide/C/web-servers.xml:1008(para)
1140
#: serverguide/C/web-servers.xml:996(para)
1140
1141
msgid ""
1141
1142
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1142
1143
"directive:"
1143
1144
msgstr ""
1144
1145
1145
#: serverguide/C/web-servers.xml:1012(programlisting)
1146
#: serverguide/C/web-servers.xml:1000(programlisting)
1146
1147
#, no-wrap
1147
1148
msgid ""
1148
1149
"\n"
1155
1156
"</Directory>\n"
1156
1157
msgstr ""
1157
1158
1158
#: serverguide/C/web-servers.xml:1022(para)
1159
#: serverguide/C/web-servers.xml:1010(para)
1159
1160
msgid ""
1160
1161
"You should also enable the <application>mod_rewrite</application> module for "
1161
1162
"Apache. To enable <application>mod_rewrite</application> module, please "
1162
1163
"enter the following command in a terminal prompt:"
1163
1164
msgstr ""
1164
1165
1165
#: serverguide/C/web-servers.xml:1028(command)
1166
#: serverguide/C/web-servers.xml:1016(command)
1166
1167
msgid "sudo a2enmod rewrite"
1167
1168
msgstr ""
1168
1169
1169
#: serverguide/C/web-servers.xml:1031(para)
1170
#: serverguide/C/web-servers.xml:1019(para)
1170
1171
msgid ""
1171
1172
"Finally you will need to change the ownership of the "
1172
1173
"<filename>/path/to/rails/application/public</filename> and "
1174
1175
"used to run the <application>Apache</application> process:"
1175
1176
msgstr ""
1176
1177
1177
#: serverguide/C/web-servers.xml:1037(command)
1178
#: serverguide/C/web-servers.xml:1025(command)
1178
1179
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1179
1180
msgstr ""
1180
1181
1181
#: serverguide/C/web-servers.xml:1038(command)
1182
#: serverguide/C/web-servers.xml:1026(command)
1182
1183
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1183
1184
msgstr ""
1184
1185
1185
#: serverguide/C/web-servers.xml:1041(para)
1186
#: serverguide/C/web-servers.xml:1029(para)
1186
1187
msgid ""
1187
1188
"That's it! Now you have your Server ready for your <application>Ruby on "
1188
1189
"Rails</application> applications."
1189
1190
msgstr ""
1190
1191
1191
#: serverguide/C/web-servers.xml:1050(para)
1192
#: serverguide/C/web-servers.xml:1038(para)
1192
1193
msgid ""
1193
1194
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1194
1195
"for more information."
1195
1196
msgstr ""
1196
1197
1197
#: serverguide/C/web-servers.xml:1055(para)
1198
#: serverguide/C/web-servers.xml:1043(para)
1198
1199
msgid ""
1199
1200
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1200
1201
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1201
1202
"resource."
1202
1203
msgstr ""
1203
1204
1204
#: serverguide/C/web-servers.xml:1061(para)
1205
#: serverguide/C/web-servers.xml:1049(para)
1205
1206
msgid ""
1206
1207
"Another place for more information is the <ulink "
1207
1208
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1208
1209
"Wiki</ulink> page."
1209
1210
msgstr ""
1210
1211
1211
#: serverguide/C/web-servers.xml:1072(title)
1212
#: serverguide/C/web-servers.xml:1060(title)
1212
1213
msgid "Apache Tomcat"
1213
1214
msgstr ""
1214
1215
1215
#: serverguide/C/web-servers.xml:1073(para)
1216
#: serverguide/C/web-servers.xml:1061(para)
1216
1217
msgid ""
1217
1218
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1218
1219
"JSP (Java Server Pages) web applications."
1237
1238
"need to test on their own private Tomcat instances."
1238
1239
msgstr ""
1239
1240
1240
#: serverguide/C/web-servers.xml:1088(title)
1241
#: serverguide/C/web-servers.xml:1073(title)
1241
1242
msgid "System-wide installation"
1242
1243
msgstr ""
1243
1244
1244
#: serverguide/C/web-servers.xml:1089(para)
1245
#: serverguide/C/web-servers.xml:1074(para)
1245
1246
msgid ""
1246
1247
"To install the Tomcat server, you can enter the following command in the "
1247
1248
"terminal prompt:"
1251
1252
msgid "sudo apt-get install tomcat7"
1252
1253
msgstr ""
1253
1254
1254
#: serverguide/C/web-servers.xml:1094(para)
1255
#: serverguide/C/web-servers.xml:1079(para)
1255
1256
msgid ""
1256
1257
"This will install a Tomcat server with just a default ROOT webapp that "
1257
1258
"displays a minimal \"It works\" page by default."
1266
1267
"documentation</ulink> for more."
1267
1268
msgstr ""
1268
1269
1269
#: serverguide/C/web-servers.xml:1106(title)
1270
#: serverguide/C/web-servers.xml:1091(title)
1270
1271
msgid "Changing default ports"
1271
1272
msgstr ""
1272
1273
1278
1279
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1279
1280
msgstr ""
1280
1281
1281
#: serverguide/C/web-servers.xml:1112(programlisting)
1282
#: serverguide/C/web-servers.xml:1097(programlisting)
1282
1283
#, no-wrap
1283
1284
msgid ""
1284
1285
"\n"
1290
1291
"/>\n"
1291
1292
msgstr ""
1292
1293
1293
#: serverguide/C/web-servers.xml:1121(title)
1294
#: serverguide/C/web-servers.xml:1106(title)
1294
1295
msgid "Changing JVM used"
1295
1296
msgstr ""
1296
1297
1301
1302
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1302
1303
msgstr ""
1303
1304
1304
#: serverguide/C/web-servers.xml:1126(programlisting)
1305
#: serverguide/C/web-servers.xml:1111(programlisting)
1305
1306
#, no-wrap
1306
1307
msgid ""
1307
1308
"\n"
1308
1309
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1309
1310
msgstr ""
1310
1311
1311
#: serverguide/C/web-servers.xml:1131(title)
1312
#: serverguide/C/web-servers.xml:1116(title)
1312
1313
msgid "Declaring users and roles"
1313
1314
msgstr ""
1314
1315
1319
1320
"users.xml</filename> file:"
1320
1321
msgstr ""
1321
1322
1322
#: serverguide/C/web-servers.xml:1135(programlisting)
1323
#: serverguide/C/web-servers.xml:1120(programlisting)
1323
1324
#, no-wrap
1324
1325
msgid ""
1325
1326
"\n"
1327
1328
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1328
1329
msgstr ""
1329
1330
1330
#: serverguide/C/web-servers.xml:1143(title)
1331
#: serverguide/C/web-servers.xml:1128(title)
1331
1332
msgid "Using Tomcat standard webapps"
1332
1333
msgstr ""
1333
1334
1334
#: serverguide/C/web-servers.xml:1144(para)
1335
#: serverguide/C/web-servers.xml:1129(para)
1335
1336
msgid ""
1336
1337
"Tomcat is shipped with webapps that you can install for documentation, "
1337
1338
"administration or demo purposes."
1338
1339
msgstr ""
1339
1340
1340
#: serverguide/C/web-servers.xml:1147(title)
1341
#: serverguide/C/web-servers.xml:1132(title)
1341
1342
msgid "Tomcat documentation"
1342
1343
msgstr ""
1343
1344
1353
1354
msgid "sudo apt-get install tomcat7-docs"
1354
1355
msgstr ""
1355
1356
1356
#: serverguide/C/web-servers.xml:1157(title)
1357
#: serverguide/C/web-servers.xml:1142(title)
1357
1358
msgid "Tomcat administration webapps"
1358
1359
msgstr ""
1359
1360
1368
1369
msgid "sudo apt-get install tomcat7-admin"
1369
1370
msgstr ""
1370
1371
1371
#: serverguide/C/web-servers.xml:1165(para)
1372
#: serverguide/C/web-servers.xml:1150(para)
1372
1373
msgid ""
1373
1374
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1374
1375
"access by default at http://yourserver:8080/manager/html. It is primarily "
1382
1383
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1383
1384
msgstr ""
1384
1385
1385
#: serverguide/C/web-servers.xml:1172(para)
1386
#: serverguide/C/web-servers.xml:1157(para)
1386
1387
msgid ""
1387
1388
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1388
1389
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1414
1415
msgid "sudo chmod -R g+w /etc/tomcat7"
1415
1416
msgstr ""
1416
1417
1417
#: serverguide/C/web-servers.xml:1194(title)
1418
#: serverguide/C/web-servers.xml:1179(title)
1418
1419
msgid "Tomcat examples webapps"
1419
1420
msgstr ""
1420
1421
1430
1431
msgid "sudo apt-get install tomcat7-examples"
1431
1432
msgstr ""
1432
1433
1433
#: serverguide/C/web-servers.xml:1207(title)
1434
#: serverguide/C/web-servers.xml:1192(title)
1434
1435
msgid "Using private instances"
1435
1436
msgstr ""
1436
1437
1444
1445
"system-installed libraries."
1445
1446
msgstr ""
1446
1447
1447
#: serverguide/C/web-servers.xml:1215(para)
1448
#: serverguide/C/web-servers.xml:1200(para)
1448
1449
msgid ""
1449
1450
"It is possible to run the system-wide instance and the private instances in "
1450
1451
"parallel, as long as they do not use the same TCP ports."
1451
1452
msgstr ""
1452
1453
1453
#: serverguide/C/web-servers.xml:1219(title)
1454
#: serverguide/C/web-servers.xml:1204(title)
1454
1455
msgid "Installing private instance support"
1455
1456
msgstr ""
1456
1457
1457
#: serverguide/C/web-servers.xml:1220(para)
1458
#: serverguide/C/web-servers.xml:1205(para)
1458
1459
msgid ""
1459
1460
"You can install everything necessary to run private instances by entering "
1460
1461
"the following command in the terminal prompt:"
1464
1465
msgid "sudo apt-get install tomcat7-user"
1465
1466
msgstr ""
1466
1467
1467
#: serverguide/C/web-servers.xml:1227(title)
1468
#: serverguide/C/web-servers.xml:1212(title)
1468
1469
msgid "Creating a private instance"
1469
1470
msgstr ""
1470
1471
1471
#: serverguide/C/web-servers.xml:1228(para)
1472
#: serverguide/C/web-servers.xml:1213(para)
1472
1473
msgid ""
1473
1474
"You can create a private instance directory by entering the following "
1474
1475
"command in the terminal prompt:"
1478
1479
msgid "tomcat7-instance-create my-instance"
1479
1480
msgstr ""
1480
1481
1481
#: serverguide/C/web-servers.xml:1233(para)
1482
#: serverguide/C/web-servers.xml:1218(para)
1482
1483
msgid ""
1483
1484
"This will create a new <filename>my-instance</filename> directory with all "
1484
1485
"the necessary subdirectories and scripts. You can for example install your "
1487
1488
"are deployed by default."
1488
1489
msgstr ""
1489
1490
1490
#: serverguide/C/web-servers.xml:1241(title)
1491
#: serverguide/C/web-servers.xml:1226(title)
1491
1492
msgid "Configuring your private instance"
1492
1493
msgstr ""
1493
1494
1494
#: serverguide/C/web-servers.xml:1242(para)
1495
#: serverguide/C/web-servers.xml:1227(para)
1495
1496
msgid ""
1496
1497
"You will find the classic Tomcat configuration files for your private "
1497
1498
"instance in the <filename>conf/</filename> subdirectory. You should for "
1500
1501
"conflict with other instances that might be running."
1501
1502
msgstr ""
1502
1503
1503
#: serverguide/C/web-servers.xml:1250(title)
1504
#: serverguide/C/web-servers.xml:1235(title)
1504
1505
msgid "Starting/stopping your private instance"
1505
1506
msgstr ""
1506
1507
1507
#: serverguide/C/web-servers.xml:1251(para)
1508
#: serverguide/C/web-servers.xml:1236(para)
1508
1509
msgid ""
1509
1510
"You can start your private instance by entering the following command in the "
1510
1511
"terminal prompt (supposing your instance is located in the <filename>my-"
1511
1512
"instance</filename> directory):"
1512
1513
msgstr ""
1513
1514
1514
#: serverguide/C/web-servers.xml:1255(command)
1515
#: serverguide/C/web-servers.xml:1240(command)
1515
1516
msgid "my-instance/bin/startup.sh"
1516
1517
msgstr ""
1517
1518
1518
#: serverguide/C/web-servers.xml:1257(para)
1519
#: serverguide/C/web-servers.xml:1242(para)
1519
1520
msgid ""
1520
1521
"You should check the <filename>logs/</filename> subdirectory for any error. "
1521
1522
"If you have a <emphasis>java.net.BindException: Address already in "
1523
1524
"is already taken and that you should change it."
1524
1525
msgstr ""
1525
1526
1526
#: serverguide/C/web-servers.xml:1262(para)
1527
#: serverguide/C/web-servers.xml:1247(para)
1527
1528
msgid ""
1528
1529
"You can stop your instance by entering the following command in the terminal "
1529
1530
"prompt (supposing your instance is located in the <filename>my-"
1530
1531
"instance</filename> directory):"
1531
1532
msgstr ""
1532
1533
1533
#: serverguide/C/web-servers.xml:1266(command)
1534
#: serverguide/C/web-servers.xml:1251(command)
1534
1535
msgid "my-instance/bin/shutdown.sh"
1535
1536
msgstr ""
1536
1537
1537
#: serverguide/C/web-servers.xml:1275(para)
1538
#: serverguide/C/web-servers.xml:1260(para)
1538
1539
msgid ""
1539
1540
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1540
1541
"website for more information."
1547
1548
"with Tomcat."
1548
1549
msgstr ""
1549
1550
1550
#: serverguide/C/web-servers.xml:1286(para)
1551
#: serverguide/C/web-servers.xml:1271(para)
1551
1552
msgid ""
1552
1553
"For additional books see the <ulink "
1553
1554
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1678
1679
"\n"
1679
1680
msgstr ""
1680
1681
1681
#: serverguide/C/vpn.xml:94(para)
1682
#: serverguide/C/vpn.xml:90(para)
1682
1683
msgid ""
1683
1684
"Enter the following to generate the master Certificate Authority (CA) "
1684
1685
"certificate and key:"
1685
1686
msgstr ""
1686
1687
1687
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1688
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1688
1689
msgid "cd /etc/openvpn/easy-rsa/"
1689
1690
msgstr ""
1690
1691
1691
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1692
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1692
1693
msgid "source vars"
1693
1694
msgstr ""
1694
1695
1695
#: serverguide/C/vpn.xml:101(command)
1696
#: serverguide/C/vpn.xml:97(command)
1696
1697
msgid "./clean-all"
1697
1698
msgstr ""
1698
1699
1699
#: serverguide/C/vpn.xml:102(command)
1700
#: serverguide/C/vpn.xml:98(command)
1700
1701
msgid "./build-ca"
1701
1702
msgstr ""
1702
1703
1703
#: serverguide/C/vpn.xml:107(title)
1704
#: serverguide/C/vpn.xml:103(title)
1704
1705
msgid "Server Certificates"
1705
1706
msgstr ""
1706
1707
1707
#: serverguide/C/vpn.xml:109(para)
1708
#: serverguide/C/vpn.xml:105(para)
1708
1709
msgid "Next, we will generate a certificate and private key for the server:"
1709
1710
msgstr ""
1710
1711
1711
#: serverguide/C/vpn.xml:114(command)
1712
#: serverguide/C/vpn.xml:110(command)
1712
1713
msgid "./build-key-server myservername"
1713
1714
msgstr ""
1714
1715
1715
#: serverguide/C/vpn.xml:117(para)
1716
#: serverguide/C/vpn.xml:113(para)
1716
1717
msgid ""
1717
1718
"As in the previous step, most parameters can be defaulted. Two other queries "
1718
1719
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1719
1720
"certificate requests certified, commit? [y/n]\"."
1720
1721
msgstr ""
1721
1722
1722
#: serverguide/C/vpn.xml:121(para)
1723
#: serverguide/C/vpn.xml:117(para)
1723
1724
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1724
1725
msgstr ""
1725
1726
1726
#: serverguide/C/vpn.xml:126(command)
1727
#: serverguide/C/vpn.xml:122(command)
1727
1728
msgid "./build-dh"
1728
1729
msgstr ""
1729
1730
1730
#: serverguide/C/vpn.xml:129(para)
1731
#: serverguide/C/vpn.xml:125(para)
1731
1732
msgid ""
1732
1733
"All certificates and keys have been generated in the subdirectory keys/. "
1733
1734
"Common practice is to copy them to /etc/openvpn/:"
1734
1735
msgstr ""
1735
1736
1736
#: serverguide/C/vpn.xml:133(command)
1737
#: serverguide/C/vpn.xml:129(command)
1737
1738
msgid "cd keys/"
1738
1739
msgstr ""
1739
1740
1741
1742
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1742
1743
msgstr ""
1743
1744
1744
#: serverguide/C/vpn.xml:139(title)
1745
#: serverguide/C/vpn.xml:135(title)
1745
1746
msgid "Client Certificates"
1746
1747
msgstr ""
1747
1748
1748
#: serverguide/C/vpn.xml:141(para)
1749
#: serverguide/C/vpn.xml:137(para)
1749
1750
msgid ""
1750
1751
"The VPN client will also need a certificate to authenticate itself to the "
1751
1752
"server. Usually you create a different certificate for each client. To "
1753
1754
"root:"
1754
1755
msgstr ""
1755
1756
1756
#: serverguide/C/vpn.xml:149(command)
1757
#: serverguide/C/vpn.xml:145(command)
1757
1758
msgid "./build-key client1"
1758
1759
msgstr ""
1759
1760
1760
#: serverguide/C/vpn.xml:152(para)
1761
#: serverguide/C/vpn.xml:148(para)
1761
1762
msgid "Copy the following files to the client using a secure method:"
1762
1763
msgstr ""
1763
1764
1764
#: serverguide/C/vpn.xml:157(para)
1765
#: serverguide/C/vpn.xml:153(para)
1765
1766
msgid "/etc/openvpn/ca.crt"
1766
1767
msgstr ""
1767
1768
1768
#: serverguide/C/vpn.xml:158(para)
1769
#: serverguide/C/vpn.xml:154(para)
1769
1770
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1770
1771
msgstr ""
1771
1772
1772
#: serverguide/C/vpn.xml:159(para)
1773
#: serverguide/C/vpn.xml:155(para)
1773
1774
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1774
1775
msgstr ""
1775
1776
1776
#: serverguide/C/vpn.xml:162(para)
1777
#: serverguide/C/vpn.xml:158(para)
1777
1778
msgid ""
1778
1779
"As the client certificates and keys are only required on the client machine, "
1779
1780
"you should remove them from the server."
1780
1781
msgstr ""
1781
1782
1782
#: serverguide/C/vpn.xml:170(title)
1783
#: serverguide/C/vpn.xml:166(title)
1783
1784
msgid "Simple Server Configuration"
1784
1785
msgstr ""
1785
1786
1786
#: serverguide/C/vpn.xml:172(para)
1787
#: serverguide/C/vpn.xml:168(para)
1787
1788
msgid ""
1788
1789
"Along with your <application>OpenVPN</application> installation you got "
1789
1790
"these sample config files (and many more if if you check):"
1790
1791
msgstr ""
1791
1792
1792
#: serverguide/C/vpn.xml:176(programlisting)
1793
#: serverguide/C/vpn.xml:172(programlisting)
1793
1794
#, no-wrap
1794
1795
msgid ""
1795
1796
"\n"
1799
1800
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1800
1801
msgstr ""
1801
1802
1802
#: serverguide/C/vpn.xml:183(para)
1803
#: serverguide/C/vpn.xml:179(para)
1803
1804
msgid ""
1804
1805
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1805
1806
msgstr ""
1806
1807
1807
#: serverguide/C/vpn.xml:187(command)
1808
#: serverguide/C/vpn.xml:183(command)
1808
1809
msgid ""
1809
1810
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1810
1811
"/etc/openvpn/"
1811
1812
msgstr ""
1812
1813
1813
#: serverguide/C/vpn.xml:188(command)
1814
#: serverguide/C/vpn.xml:184(command)
1814
1815
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1815
1816
msgstr ""
1816
1817
1817
#: serverguide/C/vpn.xml:191(para)
1818
#: serverguide/C/vpn.xml:187(para)
1818
1819
msgid ""
1819
1820
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1820
1821
"following lines are pointing to the certificates and keys you created in the "
1833
1834
1834
1835
#: serverguide/C/vpn.xml:201(para)
1835
1836
msgid ""
1837
"Edit <filename>/etc/sysctl.conf</filename> and uncomment the following line "
1838
"to enable IP forwarding."
1839
msgstr ""
1840
1841
#: serverguide/C/vpn.xml:204(programlisting)
1842
#, no-wrap
1843
msgid ""
1844
"\n"
1845
"#net.ipv4.ip_forward=1\n"
1846
msgstr ""
1847
1848
#: serverguide/C/vpn.xml:207(para)
1849
msgid "Then reload sysctl."
1850
msgstr ""
1851
1852
#: serverguide/C/vpn.xml:211(command)
1853
msgid "sudo sysctl -p /etc/sysctl.conf"
1854
msgstr ""
1855
1856
#: serverguide/C/vpn.xml:197(para)
1857
msgid ""
1836
1858
"That is the minimum you have to configure to get a working OpenVPN server. "
1837
1859
"You can use all the default settings in the sample server.conf file. Now "
1838
1860
"start the server. You will find logging and error messages in your syslog."
1839
1861
msgstr ""
1840
1862
1841
#: serverguide/C/vpn.xml:206(programlisting)
1863
#: serverguide/C/vpn.xml:219(programlisting)
1842
1864
#, no-wrap
1843
1865
msgid ""
1844
1866
"\n"
1847
1869
" * Autostarting VPN 'server' [ OK ]\n"
1848
1870
msgstr ""
1849
1871
1850
#: serverguide/C/vpn.xml:212(para)
1872
#: serverguide/C/vpn.xml:208(para)
1851
1873
msgid "Now check if OpenVPN created a tun0 interface:"
1852
1874
msgstr ""
1853
1875
1854
#: serverguide/C/vpn.xml:216(programlisting)
1876
#: serverguide/C/vpn.xml:212(programlisting)
1855
1877
#, no-wrap
1856
1878
msgid ""
1857
1879
"\n"
1863
1885
"[...]\n"
1864
1886
msgstr ""
1865
1887
1866
#: serverguide/C/vpn.xml:226(title)
1888
#: serverguide/C/vpn.xml:222(title)
1867
1889
msgid "Simple Client Configuration"
1868
1890
msgstr ""
1869
1891
1870
#: serverguide/C/vpn.xml:228(para)
1892
#: serverguide/C/vpn.xml:224(para)
1871
1893
msgid ""
1872
1894
"There are various different <application>OpenVPN</application> client "
1873
1895
"implementations with and without GUIs. You can read more about clients in a "
1876
1898
"install the openvpn package again on the client machine:"
1877
1899
msgstr ""
1878
1900
1879
#: serverguide/C/vpn.xml:235(command) serverguide/C/vpn.xml:603(command)
1901
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1880
1902
msgid "sudo apt-get install openvpn"
1881
1903
msgstr ""
1882
1904
1883
#: serverguide/C/vpn.xml:238(para)
1905
#: serverguide/C/vpn.xml:234(para)
1884
1906
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1885
1907
msgstr ""
1886
1908
1887
#: serverguide/C/vpn.xml:242(command)
1909
#: serverguide/C/vpn.xml:238(command)
1888
1910
msgid ""
1889
1911
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1890
1912
"/etc/openvpn/"
1891
1913
msgstr ""
1892
1914
1893
#: serverguide/C/vpn.xml:245(para)
1915
#: serverguide/C/vpn.xml:241(para)
1894
1916
msgid ""
1895
1917
"Copy the client keys and the certificate of the CA you created in the "
1896
1918
"section above to e.g. /etc/openvpn/ and edit "
1899
1921
"you can omit the path."
1900
1922
msgstr ""
1901
1923
1902
#: serverguide/C/vpn.xml:248(programlisting) serverguide/C/vpn.xml:268(programlisting)
1924
#: serverguide/C/vpn.xml:244(programlisting)
1903
1925
#, no-wrap
1904
1926
msgid ""
1905
1927
"\n"
1908
1930
"key client1.key\n"
1909
1931
msgstr ""
1910
1932
1911
#: serverguide/C/vpn.xml:254(para)
1933
#: serverguide/C/vpn.xml:250(para)
1912
1934
msgid ""
1913
1935
"And you have to at least specify the OpenVPN server name or address. Make "
1914
1936
"sure the keyword client is in the config. That's what enables client mode."
1915
1937
msgstr ""
1916
1938
1917
#: serverguide/C/vpn.xml:260(programlisting)
1939
#: serverguide/C/vpn.xml:256(programlisting)
1918
1940
#, no-wrap
1919
1941
msgid ""
1920
1942
"\n"
1922
1944
"remote vpnserver.example.com 1194\n"
1923
1945
msgstr ""
1924
1946
1925
#: serverguide/C/vpn.xml:265(para)
1947
#: serverguide/C/vpn.xml:278(para)
1926
1948
msgid ""
1927
1949
"Also, make sure you specify the keyfile names you copied from the server"
1928
1950
msgstr ""
1929
1951
1930
#: serverguide/C/vpn.xml:273(para)
1952
#: serverguide/C/vpn.xml:261(para)
1931
1953
msgid "Now start the OpenVPN client:"
1932
1954
msgstr ""
1933
1955
1934
#: serverguide/C/vpn.xml:277(programlisting)
1956
#: serverguide/C/vpn.xml:290(programlisting)
1935
1957
#, no-wrap
1936
1958
msgid ""
1937
1959
"\n"
1940
1962
" * Autostarting VPN 'client' [ OK ] \n"
1941
1963
msgstr ""
1942
1964
1943
#: serverguide/C/vpn.xml:283(para)
1965
#: serverguide/C/vpn.xml:271(para)
1944
1966
msgid "Check if it created a tun0 interface:"
1945
1967
msgstr ""
1946
1968
1947
#: serverguide/C/vpn.xml:287(programlisting)
1969
#: serverguide/C/vpn.xml:275(programlisting)
1948
1970
#, no-wrap
1949
1971
msgid ""
1950
1972
"\n"
1955
1977
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
1956
1978
msgstr ""
1957
1979
1958
#: serverguide/C/vpn.xml:294(para)
1980
#: serverguide/C/vpn.xml:282(para)
1959
1981
msgid "Check if you can ping the OpenVPN server:"
1960
1982
msgstr ""
1961
1983
1962
#: serverguide/C/vpn.xml:297(programlisting)
1984
#: serverguide/C/vpn.xml:285(programlisting)
1963
1985
#, no-wrap
1964
1986
msgid ""
1965
1987
"\n"
1968
1990
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
1969
1991
msgstr ""
1970
1992
1971
#: serverguide/C/vpn.xml:304(para)
1993
#: serverguide/C/vpn.xml:292(para)
1972
1994
msgid ""
1973
1995
"The OpenVPN server always uses the first usable IP address in the client "
1974
1996
"network and only that IP is pingable. E.g. if you configured a /24 for the "
1976
1998
"in the ifconfig output above is usually not answering ping requests."
1977
1999
msgstr ""
1978
2000
1979
#: serverguide/C/vpn.xml:309(para)
2001
#: serverguide/C/vpn.xml:297(para)
1980
2002
msgid "Check out your routes:"
1981
2003
msgstr ""
1982
2004
1983
#: serverguide/C/vpn.xml:312(programlisting)
2005
#: serverguide/C/vpn.xml:300(programlisting)
1984
2006
#, no-wrap
1985
2007
msgid ""
1986
2008
"\n"
1998
2020
"eth0\n"
1999
2021
msgstr ""
2000
2022
2001
#: serverguide/C/vpn.xml:324(title)
2023
#: serverguide/C/vpn.xml:312(title)
2002
2024
msgid "First trouble shooting"
2003
2025
msgstr ""
2004
2026
2005
#: serverguide/C/vpn.xml:326(para)
2027
#: serverguide/C/vpn.xml:314(para)
2006
2028
msgid "If the above didn't work for you, check this:"
2007
2029
msgstr ""
2008
2030
2009
#: serverguide/C/vpn.xml:331(para)
2031
#: serverguide/C/vpn.xml:319(para)
2010
2032
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2011
2033
msgstr ""
2012
2034
2013
#: serverguide/C/vpn.xml:334(para)
2035
#: serverguide/C/vpn.xml:347(para)
2014
2036
msgid ""
2015
2037
"Check that you have specified the keyfile names correctly in client.conf and "
2016
2038
"server.conf."
2017
2039
msgstr ""
2018
2040
2019
#: serverguide/C/vpn.xml:337(para)
2041
#: serverguide/C/vpn.xml:322(para)
2020
2042
msgid ""
2021
2043
"Can the client connect to the server machine? Maybe a firewall is blocking "
2022
2044
"access? Check syslog on server."
2023
2045
msgstr ""
2024
2046
2025
#: serverguide/C/vpn.xml:340(para)
2047
#: serverguide/C/vpn.xml:325(para)
2026
2048
msgid ""
2027
2049
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2028
2050
"port and proto config option"
2029
2051
msgstr ""
2030
2052
2031
#: serverguide/C/vpn.xml:343(para)
2053
#: serverguide/C/vpn.xml:328(para)
2032
2054
msgid ""
2033
2055
"Client and server must use same config regarding compression, see comp-lzo "
2034
2056
"config option"
2035
2057
msgstr ""
2036
2058
2037
#: serverguide/C/vpn.xml:346(para)
2059
#: serverguide/C/vpn.xml:331(para)
2038
2060
msgid ""
2039
2061
"Client and server must use same config regarding bridged vs routed mode, see "
2040
2062
"server vs server-bridge config option"
2041
2063
msgstr ""
2042
2064
2043
#: serverguide/C/vpn.xml:353(title) serverguide/C/databases.xml:161(title)
2065
#: serverguide/C/databases.xml:168(title)
2044
2066
msgid "Advanced configuration"
2045
2067
msgstr ""
2046
2068
2047
#: serverguide/C/vpn.xml:356(title)
2069
#: serverguide/C/vpn.xml:342(title)
2048
2070
msgid "Advanced routed VPN configuration on server"
2049
2071
msgstr ""
2050
2072
2051
#: serverguide/C/vpn.xml:358(para)
2073
#: serverguide/C/vpn.xml:344(para)
2052
2074
msgid ""
2053
2075
"The above is a very simple working VPN. The client can access services on "
2054
2076
"the VPN server machine through an encrypted tunnel. If you want to reach "
2059
2081
"route to the VPN client-network."
2060
2082
msgstr ""
2061
2083
2062
#: serverguide/C/vpn.xml:362(para)
2084
#: serverguide/C/vpn.xml:348(para)
2063
2085
msgid ""
2064
2086
"Or you might push a default gateway to all the clients to send all their "
2065
2087
"internet traffic to the VPN gateway first and from there via the company "
2066
2088
"firewall into the internet. This section shows you some possible options."
2067
2089
msgstr ""
2068
2090
2069
#: serverguide/C/vpn.xml:366(para)
2091
#: serverguide/C/vpn.xml:352(para)
2070
2092
msgid ""
2071
2093
"Push routes to the client to allow it to reach other private subnets behind "
2072
2094
"the server. Remember that these private subnets will also need to know to "
2074
2096
"server."
2075
2097
msgstr ""
2076
2098
2077
#: serverguide/C/vpn.xml:375(programlisting)
2099
#: serverguide/C/vpn.xml:361(programlisting)
2078
2100
#, no-wrap
2079
2101
msgid ""
2080
2102
"\n"
2081
2103
"push \"route 10.0.0.0 255.0.0.0\"\n"
2082
2104
msgstr ""
2083
2105
2084
#: serverguide/C/vpn.xml:379(para)
2106
#: serverguide/C/vpn.xml:392(para)
2085
2107
msgid ""
2086
2108
"If enabled, this directive will configure all clients to redirect their "
2087
2109
"default network gateway through the VPN, causing all IP traffic such as web "
2090
2112
"internet in order for this to work properly)."
2091
2113
msgstr ""
2092
2114
2093
#: serverguide/C/vpn.xml:388(programlisting)
2115
#: serverguide/C/vpn.xml:374(programlisting)
2094
2116
#, no-wrap
2095
2117
msgid ""
2096
2118
"\n"
2097
2119
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2098
2120
msgstr ""
2099
2121
2100
#: serverguide/C/vpn.xml:392(para)
2122
#: serverguide/C/vpn.xml:378(para)
2101
2123
msgid ""
2102
2124
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2103
2125
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2105
2127
"10.8.0.1. Comment this line out if you are ethernet bridging."
2106
2128
msgstr ""
2107
2129
2108
#: serverguide/C/vpn.xml:401(programlisting)
2130
#: serverguide/C/vpn.xml:387(programlisting)
2109
2131
#, no-wrap
2110
2132
msgid ""
2111
2133
"\n"
2112
2134
"server 10.8.0.0 255.255.255.0\n"
2113
2135
msgstr ""
2114
2136
2115
#: serverguide/C/vpn.xml:405(para)
2137
#: serverguide/C/vpn.xml:391(para)
2116
2138
msgid ""
2117
2139
"Maintain a record of client to virtual IP address associations in this file. "
2118
2140
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2119
2141
"the same virtual IP address from the pool that was previously assigned."
2120
2142
msgstr ""
2121
2143
2122
#: serverguide/C/vpn.xml:412(programlisting)
2144
#: serverguide/C/vpn.xml:398(programlisting)
2123
2145
#, no-wrap
2124
2146
msgid ""
2125
2147
"\n"
2126
2148
"ifconfig-pool-persist ipp.txt\n"
2127
2149
msgstr ""
2128
2150
2129
#: serverguide/C/vpn.xml:416(para)
2151
#: serverguide/C/vpn.xml:402(para)
2130
2152
msgid "Push DNS servers to the client."
2131
2153
msgstr ""
2132
2154
2133
#: serverguide/C/vpn.xml:419(programlisting)
2155
#: serverguide/C/vpn.xml:405(programlisting)
2134
2156
#, no-wrap
2135
2157
msgid ""
2136
2158
"\n"
2138
2160
"push \"dhcp-option DNS 10.1.0.2\"\n"
2139
2161
msgstr ""
2140
2162
2141
#: serverguide/C/vpn.xml:424(para)
2163
#: serverguide/C/vpn.xml:410(para)
2142
2164
msgid "Allow client to client communication."
2143
2165
msgstr ""
2144
2166
2145
#: serverguide/C/vpn.xml:427(programlisting)
2167
#: serverguide/C/vpn.xml:413(programlisting)
2146
2168
#, no-wrap
2147
2169
msgid ""
2148
2170
"\n"
2149
2171
"client-to-client\n"
2150
2172
msgstr ""
2151
2173
2152
#: serverguide/C/vpn.xml:431(para)
2174
#: serverguide/C/vpn.xml:417(para)
2153
2175
msgid "Enable compression on the VPN link."
2154
2176
msgstr ""
2155
2177
2156
#: serverguide/C/vpn.xml:434(programlisting)
2178
#: serverguide/C/vpn.xml:420(programlisting)
2157
2179
#, no-wrap
2158
2180
msgid ""
2159
2181
"\n"
2160
2182
"comp-lzo\n"
2161
2183
msgstr ""
2162
2184
2163
#: serverguide/C/vpn.xml:438(para)
2185
#: serverguide/C/vpn.xml:424(para)
2164
2186
msgid ""
2165
2187
"The keepalive directive causes ping-like messages to be sent back and forth "
2166
2188
"over the link so that each side knows when the other side has gone down. "
2168
2190
"during a 3 second time period."
2169
2191
msgstr ""
2170
2192
2171
#: serverguide/C/vpn.xml:447(programlisting)
2193
#: serverguide/C/vpn.xml:433(programlisting)
2172
2194
#, no-wrap
2173
2195
msgid ""
2174
2196
"\n"
2175
2197
"keepalive 1 3\n"
2176
2198
msgstr ""
2177
2199
2178
#: serverguide/C/vpn.xml:451(para)
2200
#: serverguide/C/vpn.xml:437(para)
2179
2201
msgid ""
2180
2202
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2181
2203
"initialization."
2182
2204
msgstr ""
2183
2205
2184
#: serverguide/C/vpn.xml:454(programlisting)
2206
#: serverguide/C/vpn.xml:440(programlisting)
2185
2207
#, no-wrap
2186
2208
msgid ""
2187
2209
"\n"
2189
2211
"group nogroup\n"
2190
2212
msgstr ""
2191
2213
2192
#: serverguide/C/vpn.xml:459(para)
2214
#: serverguide/C/vpn.xml:445(para)
2193
2215
msgid ""
2194
2216
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2195
2217
"obtain a username and password from a connecting client, and to use that "
2199
2221
"username/password, passing it on to the server over the secure TLS channel."
2200
2222
msgstr ""
2201
2223
2202
#: serverguide/C/vpn.xml:463(programlisting)
2224
#: serverguide/C/vpn.xml:449(programlisting)
2203
2225
#, no-wrap
2204
2226
msgid ""
2205
2227
"\n"
2207
2229
"auth-user-pass\n"
2208
2230
msgstr ""
2209
2231
2210
#: serverguide/C/vpn.xml:468(para)
2232
#: serverguide/C/vpn.xml:454(para)
2211
2233
msgid ""
2212
2234
"This will tell the OpenVPN server to validate the username/password entered "
2213
2235
"by clients using the login PAM module. Useful if you have centralized "
2214
2236
"authentication with e.g. Kerberos."
2215
2237
msgstr ""
2216
2238
2217
#: serverguide/C/vpn.xml:473(programlisting)
2239
#: serverguide/C/vpn.xml:486(programlisting)
2218
2240
#, no-wrap
2219
2241
msgid ""
2220
2242
"\n"
2221
2243
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2222
2244
msgstr ""
2223
2245
2224
#: serverguide/C/vpn.xml:477(para)
2246
#: serverguide/C/vpn.xml:463(para)
2225
2247
msgid ""
2226
2248
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2227
2249
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2228
2250
"for further security advice."
2229
2251
msgstr ""
2230
2252
2231
#: serverguide/C/vpn.xml:483(title)
2253
#: serverguide/C/vpn.xml:469(title)
2232
2254
msgid "Advanced bridged VPN configuration on server"
2233
2255
msgstr ""
2234
2256
2235
#: serverguide/C/vpn.xml:485(para)
2257
#: serverguide/C/vpn.xml:471(para)
2236
2258
msgid ""
2237
2259
"<application>OpenVPN</application> can be setup for either a routed or a "
2238
2260
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2244
2266
"be filtered."
2245
2267
msgstr ""
2246
2268
2247
#: serverguide/C/vpn.xml:491(title)
2269
#: serverguide/C/vpn.xml:477(title)
2248
2270
msgid "Prepare interface config for bridging on server"
2249
2271
msgstr ""
2250
2272
2251
#: serverguide/C/vpn.xml:493(para)
2273
#: serverguide/C/vpn.xml:479(para)
2252
2274
msgid "Make sure you have the bridge-utils package installed:"
2253
2275
msgstr ""
2254
2276
2255
#: serverguide/C/vpn.xml:497(command) serverguide/C/network-config.xml:542(command)
2277
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2256
2278
msgid "sudo apt-get install bridge-utils"
2257
2279
msgstr ""
2258
2280
2259
#: serverguide/C/vpn.xml:500(para)
2281
#: serverguide/C/vpn.xml:486(para)
2260
2282
msgid ""
2261
2283
"Before you setup OpenVPN in bridged mode you need to change your interface "
2262
2284
"configuration. Let's assume your server has an interface eth0 connected to "
2264
2286
"Your /etc/network/interfaces would like this:"
2265
2287
msgstr ""
2266
2288
2267
#: serverguide/C/vpn.xml:504(programlisting)
2289
#: serverguide/C/vpn.xml:490(programlisting)
2268
2290
#, no-wrap
2269
2291
msgid ""
2270
2292
"\n"
2280
2302
" netmask 255.255.255.0\n"
2281
2303
msgstr ""
2282
2304
2283
#: serverguide/C/vpn.xml:517(para)
2305
#: serverguide/C/vpn.xml:503(para)
2284
2306
msgid ""
2285
2307
"This straight forward interface config needs to be changed into a bridged "
2286
2308
"mode like where the config of interface eth1 moves to the new br0 interface. "
2289
2311
"interface to forward all ethernet frames to the IP stack."
2290
2312
msgstr ""
2291
2313
2292
#: serverguide/C/vpn.xml:521(programlisting)
2314
#: serverguide/C/vpn.xml:507(programlisting)
2293
2315
#, no-wrap
2294
2316
msgid ""
2295
2317
"\n"
2310
2332
" bridge_ports eth1\n"
2311
2333
msgstr ""
2312
2334
2313
#: serverguide/C/vpn.xml:539(para)
2335
#: serverguide/C/vpn.xml:552(para)
2314
2336
msgid ""
2315
2337
"At this point you need to bring up the bridge. Be prepared that this might "
2316
2338
"not work as expected and that you will lose remote connectivity. Make sure "
2317
2339
"you can solve problems having local access."
2318
2340
msgstr ""
2319
2341
2320
#: serverguide/C/vpn.xml:543(command)
2342
#: serverguide/C/vpn.xml:556(command)
2321
2343
msgid "sudo ifdown eth1 && sudo ifup -a"
2322
2344
msgstr ""
2323
2345
2324
#: serverguide/C/vpn.xml:548(title)
2346
#: serverguide/C/vpn.xml:534(title)
2325
2347
msgid "Prepare server config for bridging"
2326
2348
msgstr ""
2327
2349
2328
#: serverguide/C/vpn.xml:550(para)
2350
#: serverguide/C/vpn.xml:536(para)
2329
2351
msgid ""
2330
2352
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2331
2353
"options to:"
2332
2354
msgstr ""
2333
2355
2334
#: serverguide/C/vpn.xml:554(programlisting)
2356
#: serverguide/C/vpn.xml:540(programlisting)
2335
2357
#, no-wrap
2336
2358
msgid ""
2337
2359
"\n"
2342
2364
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2343
2365
msgstr ""
2344
2366
2345
#: serverguide/C/vpn.xml:562(para)
2367
#: serverguide/C/vpn.xml:548(para)
2346
2368
msgid ""
2347
2369
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2348
2370
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2349
2371
"<filename>/etc/openvpn/up.sh</filename>:"
2350
2372
msgstr ""
2351
2373
2352
#: serverguide/C/vpn.xml:566(programlisting)
2374
#: serverguide/C/vpn.xml:552(programlisting)
2353
2375
#, no-wrap
2354
2376
msgid ""
2355
2377
"\n"
2364
2386
"/sbin/brctl addif $BR $TAPDEV\n"
2365
2387
msgstr ""
2366
2388
2367
#: serverguide/C/vpn.xml:578(para)
2389
#: serverguide/C/vpn.xml:564(para)
2368
2390
msgid "Then make it executable:"
2369
2391
msgstr ""
2370
2392
2371
#: serverguide/C/vpn.xml:583(command)
2393
#: serverguide/C/vpn.xml:569(command)
2372
2394
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2373
2395
msgstr ""
2374
2396
2375
#: serverguide/C/vpn.xml:586(para)
2397
#: serverguide/C/vpn.xml:572(para)
2376
2398
msgid ""
2377
2399
"After configuring the server, restart <application>openvpn</application> by "
2378
2400
"entering:"
2379
2401
msgstr ""
2380
2402
2381
#: serverguide/C/vpn.xml:591(command) serverguide/C/vpn.xml:632(command)
2403
#: serverguide/C/vpn.xml:604(command) serverguide/C/vpn.xml:645(command)
2382
2404
msgid "sudo service openvpn restart"
2383
2405
msgstr ""
2384
2406
2385
#: serverguide/C/vpn.xml:596(title)
2407
#: serverguide/C/vpn.xml:582(title)
2386
2408
msgid "Client Configuration"
2387
2409
msgstr ""
2388
2410
2389
#: serverguide/C/vpn.xml:598(para)
2411
#: serverguide/C/vpn.xml:584(para)
2390
2412
msgid "First, install <application>openvpn</application> on the client:"
2391
2413
msgstr ""
2392
2414
2393
#: serverguide/C/vpn.xml:606(para)
2415
#: serverguide/C/vpn.xml:592(para)
2394
2416
msgid ""
2395
2417
"Then with the server configured and the client certificates copied to the "
2396
2418
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2397
2419
"file by copying the example. In a terminal on the client machine enter:"
2398
2420
msgstr ""
2399
2421
2400
#: serverguide/C/vpn.xml:612(command)
2422
#: serverguide/C/vpn.xml:598(command)
2401
2423
msgid ""
2402
2424
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2403
2425
"/etc/openvpn"
2404
2426
msgstr ""
2405
2427
2406
#: serverguide/C/vpn.xml:615(para)
2428
#: serverguide/C/vpn.xml:601(para)
2407
2429
msgid ""
2408
2430
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2409
2431
"following options:"
2410
2432
msgstr ""
2411
2433
2412
#: serverguide/C/vpn.xml:619(programlisting)
2434
#: serverguide/C/vpn.xml:632(programlisting)
2413
2435
#, no-wrap
2414
2436
msgid ""
2415
2437
"\n"
2420
2442
"key client1.key\n"
2421
2443
msgstr ""
2422
2444
2423
#: serverguide/C/vpn.xml:627(para)
2445
#: serverguide/C/vpn.xml:610(para)
2424
2446
msgid "Finally, restart <application>openvpn</application>:"
2425
2447
msgstr ""
2426
2448
2427
#: serverguide/C/vpn.xml:635(para)
2449
#: serverguide/C/vpn.xml:618(para)
2428
2450
msgid "You should now be able to connect to the remote LAN through the VPN."
2429
2451
msgstr ""
2430
2452
2431
#: serverguide/C/vpn.xml:644(title)
2453
#: serverguide/C/vpn.xml:627(title)
2432
2454
msgid "Client software implementations"
2433
2455
msgstr ""
2434
2456
2435
#: serverguide/C/vpn.xml:647(title)
2457
#: serverguide/C/vpn.xml:630(title)
2436
2458
msgid "Linux Network-Manager GUI for OpenVPN"
2437
2459
msgstr ""
2438
2460
2439
#: serverguide/C/vpn.xml:649(para)
2461
#: serverguide/C/vpn.xml:632(para)
2440
2462
msgid ""
2441
2463
"Many Linux distributions including Ubuntu desktop variants come with Network "
2442
2464
"Manager, a nice GUI to configure your network settings. It also can manage "
2445
2467
"packages as well:"
2446
2468
msgstr ""
2447
2469
2448
#: serverguide/C/vpn.xml:654(programlisting)
2470
#: serverguide/C/vpn.xml:637(programlisting)
2449
2471
#, no-wrap
2450
2472
msgid ""
2451
2473
"\n"
2466
2488
"Do you want to continue [Y/n]? \n"
2467
2489
msgstr ""
2468
2490
2469
#: serverguide/C/vpn.xml:672(para)
2491
#: serverguide/C/vpn.xml:655(para)
2470
2492
msgid ""
2471
2493
"To inform network-manager about the new installed packages you will have to "
2472
2494
"restart it:"
2473
2495
msgstr ""
2474
2496
2475
#: serverguide/C/vpn.xml:676(programlisting)
2497
#: serverguide/C/vpn.xml:659(programlisting)
2476
2498
#, no-wrap
2477
2499
msgid ""
2478
2500
"\n"
2480
2502
"network-manager start/running, process 3078\n"
2481
2503
msgstr ""
2482
2504
2483
#: serverguide/C/vpn.xml:681(para)
2505
#: serverguide/C/vpn.xml:694(para)
2484
2506
msgid ""
2485
2507
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
2486
2508
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
2492
2514
"to establish your VPN."
2493
2515
msgstr ""
2494
2516
2495
#: serverguide/C/vpn.xml:693(title)
2517
#: serverguide/C/vpn.xml:676(title)
2496
2518
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2497
2519
msgstr ""
2498
2520
2499
#: serverguide/C/vpn.xml:695(para)
2521
#: serverguide/C/vpn.xml:678(para)
2500
2522
msgid ""
2501
2523
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2502
2524
"OpenVPN for OS X. The project's homepage is at <ulink "
2508
2530
"Application folder."
2509
2531
msgstr ""
2510
2532
2511
#: serverguide/C/vpn.xml:701(programlisting)
2533
#: serverguide/C/vpn.xml:684(programlisting)
2512
2534
#, no-wrap
2513
2535
msgid ""
2514
2536
"\n"
2531
2553
"key client.key\n"
2532
2554
msgstr ""
2533
2555
2534
#: serverguide/C/vpn.xml:723(title)
2556
#: serverguide/C/vpn.xml:706(title)
2535
2557
msgid "OpenVPN with GUI for Win 7"
2536
2558
msgstr ""
2537
2559
2538
#: serverguide/C/vpn.xml:725(para)
2560
#: serverguide/C/vpn.xml:738(para)
2539
2561
msgid ""
2540
2562
"First download and install the latest <ulink "
2541
2563
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
2544
2566
"binary installer."
2545
2567
msgstr ""
2546
2568
2547
#: serverguide/C/vpn.xml:730(para)
2569
#: serverguide/C/vpn.xml:714(para)
2548
2570
msgid ""
2549
2571
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2550
2572
"> Services and Applications > Services. Find the OpenVPN service and "
2553
2575
"click on it and you will see that option."
2554
2576
msgstr ""
2555
2577
2556
#: serverguide/C/vpn.xml:734(para)
2578
#: serverguide/C/vpn.xml:718(para)
2557
2579
msgid ""
2558
2580
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2559
2581
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2561
2583
"follwing example."
2562
2584
msgstr ""
2563
2585
2564
#: serverguide/C/vpn.xml:738(programlisting)
2586
#: serverguide/C/vpn.xml:751(programlisting)
2565
2587
#, no-wrap
2566
2588
msgid ""
2567
2589
"\n"
2590
2612
"\n"
2591
2613
msgstr ""
2592
2614
2593
#: serverguide/C/vpn.xml:763(para)
2615
#: serverguide/C/vpn.xml:776(para)
2594
2616
msgid ""
2595
2617
"Note: If you are not using user authentication and/or you want to run the "
2596
2618
"service without user interaction, comment out the following options:"
2597
2619
msgstr ""
2598
2620
2599
#: serverguide/C/vpn.xml:766(programlisting)
2621
#: serverguide/C/vpn.xml:779(programlisting)
2600
2622
#, no-wrap
2601
2623
msgid ""
2602
2624
"\n"
2607
2629
"management-query-passwords\n"
2608
2630
msgstr ""
2609
2631
2610
#: serverguide/C/vpn.xml:773(para)
2632
#: serverguide/C/vpn.xml:786(para)
2611
2633
msgid "You may want to set the Windows service to \"automatic\"."
2612
2634
msgstr ""
2613
2635
2614
#: serverguide/C/vpn.xml:777(title)
2636
#: serverguide/C/vpn.xml:747(title)
2615
2637
msgid "OpenVPN for OpenWRT"
2616
2638
msgstr ""
2617
2639
2618
#: serverguide/C/vpn.xml:779(para)
2640
#: serverguide/C/vpn.xml:749(para)
2619
2641
msgid ""
2620
2642
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2621
2643
"router. There are certain types of WLAN routers who can be flashed to run "
2628
2650
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2629
2651
msgstr ""
2630
2652
2631
#: serverguide/C/vpn.xml:788(para)
2653
#: serverguide/C/vpn.xml:758(para)
2632
2654
msgid "Log into your OpenWRT router and install OpenVPN:"
2633
2655
msgstr ""
2634
2656
2635
#: serverguide/C/vpn.xml:793(command)
2657
#: serverguide/C/vpn.xml:763(command)
2636
2658
msgid "opkg update"
2637
2659
msgstr ""
2638
2660
2639
#: serverguide/C/vpn.xml:794(command)
2661
#: serverguide/C/vpn.xml:764(command)
2640
2662
msgid "opkg install openvpn"
2641
2663
msgstr ""
2642
2664
2643
#: serverguide/C/vpn.xml:797(para)
2665
#: serverguide/C/vpn.xml:810(para)
2644
2666
msgid ""
2645
2667
"Check out /etc/config/openvpn and put your client config in there. Copy "
2646
2668
"certificates and keys to /etc/openvpn/"
2647
2669
msgstr ""
2648
2670
2649
#: serverguide/C/vpn.xml:802(programlisting)
2671
#: serverguide/C/vpn.xml:772(programlisting)
2650
2672
#, no-wrap
2651
2673
msgid ""
2652
2674
"\n"
2662
2684
" option comp_lzo 1 \n"
2663
2685
msgstr ""
2664
2686
2665
#: serverguide/C/vpn.xml:815(para)
2687
#: serverguide/C/vpn.xml:785(para)
2666
2688
msgid "Restart OpenVPN:"
2667
2689
msgstr ""
2668
2690
2669
#: serverguide/C/vpn.xml:820(command)
2691
#: serverguide/C/vpn.xml:833(command)
2670
2692
msgid "service openvpn restart"
2671
2693
msgstr ""
2672
2694
2673
#: serverguide/C/vpn.xml:823(para)
2695
#: serverguide/C/vpn.xml:793(para)
2674
2696
msgid ""
2675
2697
"You will have to see if you need to adjust your router's routing and "
2676
2698
"firewall rules."
2677
2699
msgstr ""
2678
2700
2679
#: serverguide/C/vpn.xml:833(para)
2701
#: serverguide/C/vpn.xml:803(para)
2680
2702
msgid ""
2681
2703
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2682
2704
"additional information."
2683
2705
msgstr ""
2684
2706
2685
#: serverguide/C/vpn.xml:839(ulink)
2707
#: serverguide/C/vpn.xml:809(ulink)
2686
2708
msgid "OpenVPN hardening security guide"
2687
2709
msgstr ""
2688
2710
2689
#: serverguide/C/vpn.xml:843(para)
2711
#: serverguide/C/vpn.xml:813(para)
2690
2712
msgid ""
2691
2713
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2692
2714
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2696
2718
msgid "Virtualization"
2697
2719
msgstr ""
2698
2720
2699
#: serverguide/C/virtualization.xml:13(para)
2721
#: serverguide/C/virtualization.xml:12(para)
2700
2722
msgid ""
2701
2723
"Virtualization is being adopted in many different environments and "
2702
2724
"situations. If you are a developer, virtualization can provide you with a "
2706
2728
"services and move them around based on demand."
2707
2729
msgstr ""
2708
2730
2709
#: serverguide/C/virtualization.xml:20(para)
2731
#: serverguide/C/virtualization.xml:18(para)
2710
2732
msgid ""
2711
2733
"The default virtualization technology supported in Ubuntu is "
2712
2734
"<application>KVM</application>. KVM requires virtualization extensions built "
2717
2739
"hardware without virtualization extensions."
2718
2740
msgstr ""
2719
2741
2720
#: serverguide/C/virtualization.xml:29(title)
2742
#: serverguide/C/virtualization.xml:26(title)
2721
2743
msgid "libvirt"
2722
2744
msgstr ""
2723
2745
2724
#: serverguide/C/virtualization.xml:31(para)
2746
#: serverguide/C/virtualization.xml:27(para)
2725
2747
msgid ""
2726
2748
"The <application>libvirt</application> library is used to interface with "
2727
2749
"different virtualization technologies. Before getting started with "
2730
2752
"<application>KVM</application>. Enter the following from a terminal prompt:"
2731
2753
msgstr ""
2732
2754
2733
#: serverguide/C/virtualization.xml:39(command)
2755
#: serverguide/C/virtualization.xml:34(command)
2734
2756
msgid "kvm-ok"
2735
2757
msgstr ""
2736
2758
2737
#: serverguide/C/virtualization.xml:42(para)
2759
#: serverguide/C/virtualization.xml:36(para)
2738
2760
msgid ""
2739
2761
"A message will be printed informing you if your CPU "
2740
2762
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2748
2770
"it."
2749
2771
msgstr ""
2750
2772
2751
#: serverguide/C/virtualization.xml:53(title)
2773
#: serverguide/C/virtualization.xml:46(title)
2752
2774
msgid "Virtual Networking"
2753
2775
msgstr ""
2754
2776
2770
2792
"to the rest of the network."
2771
2793
msgstr ""
2772
2794
2773
#: serverguide/C/virtualization.xml:72(para)
2795
#: serverguide/C/virtualization.xml:62(para)
2774
2796
msgid "To install the necessary packages, from a terminal prompt enter:"
2775
2797
msgstr ""
2776
2798
2778
2800
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2779
2801
msgstr ""
2780
2802
2781
#: serverguide/C/virtualization.xml:79(para)
2803
#: serverguide/C/virtualization.xml:68(para)
2782
2804
msgid ""
2783
2805
"After installing <application>libvirt-bin</application>, the user used to "
2784
2806
"manage virtual machines will need to be added to the "
2786
2808
"the advanced networking options."
2787
2809
msgstr ""
2788
2810
2789
#: serverguide/C/virtualization.xml:84(para)
2811
#: serverguide/C/virtualization.xml:72(para)
2790
2812
msgid "In a terminal enter:"
2791
2813
msgstr ""
2792
2814
2793
#: serverguide/C/virtualization.xml:87(command)
2815
#: serverguide/C/virtualization.xml:76(command)
2794
2816
msgid "sudo adduser $USER libvirtd"
2795
2817
msgstr ""
2796
2818
2797
#: serverguide/C/virtualization.xml:91(para)
2819
#: serverguide/C/virtualization.xml:79(para)
2798
2820
msgid ""
2799
2821
"If the user chosen is the current user, you will need to log out and back in "
2800
2822
"for the new group membership to take effect."
2801
2823
msgstr ""
2802
2824
2803
#: serverguide/C/virtualization.xml:95(para)
2825
#: serverguide/C/virtualization.xml:83(para)
2804
2826
msgid ""
2805
2827
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2806
2828
"Installing a virtual machine follows the same process as installing the "
2809
2831
"physical machine."
2810
2832
msgstr ""
2811
2833
2812
#: serverguide/C/virtualization.xml:101(para)
2834
#: serverguide/C/virtualization.xml:88(para)
2813
2835
msgid ""
2814
2836
"In the case of virtual machines a Graphical User Interface (GUI) is "
2815
2837
"analogous to using a physical keyboard and mouse. Instead of installing a "
2834
2856
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2835
2857
msgstr ""
2836
2858
2837
#: serverguide/C/virtualization.xml:119(para)
2859
#: serverguide/C/virtualization.xml:101(para)
2838
2860
msgid ""
2839
2861
"Libvirt can also be configured work with <application>Xen</application>. For "
2840
2862
"details, see the Xen Ubuntu community page referenced below."
2841
2863
msgstr ""
2842
2864
2843
#: serverguide/C/virtualization.xml:125(title)
2865
#: serverguide/C/virtualization.xml:106(title)
2844
2866
msgid "virt-install"
2845
2867
msgstr ""
2846
2868
2847
#: serverguide/C/virtualization.xml:127(para)
2869
#: serverguide/C/virtualization.xml:107(para)
2848
2870
msgid ""
2849
2871
"<application>virt-install</application> is part of the "
2850
2872
"<application>virtinst</application> package. To install it, from a terminal "
2851
2873
"prompt enter:"
2852
2874
msgstr ""
2853
2875
2854
#: serverguide/C/virtualization.xml:132(command)
2876
#: serverguide/C/virtualization.xml:111(command)
2855
2877
msgid "sudo apt-get install virtinst"
2856
2878
msgstr ""
2857
2879
2858
#: serverguide/C/virtualization.xml:135(para)
2880
#: serverguide/C/virtualization.xml:113(para)
2859
2881
msgid ""
2860
2882
"There are several options available when using <application>virt-"
2861
2883
"install</application>. For example:"
2869
2891
"vnc,listen=0.0.0.0 --noautoconsole -v"
2870
2892
msgstr ""
2871
2893
2872
#: serverguide/C/virtualization.xml:147(para)
2894
#: serverguide/C/virtualization.xml:124(para)
2873
2895
msgid ""
2874
2896
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2875
2897
"be <emphasis>web_devel</emphasis> in this example."
2876
2898
msgstr ""
2877
2899
2878
#: serverguide/C/virtualization.xml:153(para)
2900
#: serverguide/C/virtualization.xml:129(para)
2879
2901
msgid ""
2880
2902
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2881
2903
"machine will use in megabytes."
2882
2904
msgstr ""
2883
2905
2884
#: serverguide/C/virtualization.xml:158(para)
2906
#: serverguide/C/virtualization.xml:134(para)
2885
2907
msgid ""
2886
2908
"<emphasis>--disk "
2887
2909
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2898
2920
"CDROM device."
2899
2921
msgstr ""
2900
2922
2901
#: serverguide/C/virtualization.xml:174(para)
2923
#: serverguide/C/virtualization.xml:152(para)
2902
2924
msgid ""
2903
2925
"<emphasis>--network</emphasis> provides details related to the VM's network "
2904
2926
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2913
2935
"connect via VNC to complete the installation."
2914
2936
msgstr ""
2915
2937
2916
#: serverguide/C/virtualization.xml:189(para)
2938
#: serverguide/C/virtualization.xml:163(para)
2917
2939
msgid ""
2918
2940
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2919
2941
"virtual machine's console."
2920
2942
msgstr ""
2921
2943
2922
#: serverguide/C/virtualization.xml:194(para)
2944
#: serverguide/C/virtualization.xml:168(para)
2923
2945
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2924
2946
msgstr ""
2925
2947
2930
2952
"a GUI), or via a remote VNC client from a GUI based computer."
2931
2953
msgstr ""
2932
2954
2933
#: serverguide/C/virtualization.xml:206(title)
2955
#: serverguide/C/virtualization.xml:179(title)
2934
2956
msgid "virt-clone"
2935
2957
msgstr ""
2936
2958
2937
#: serverguide/C/virtualization.xml:208(para)
2959
#: serverguide/C/virtualization.xml:180(para)
2938
2960
msgid ""
2939
2961
"The <application>virt-clone</application> application can be used to copy "
2940
2962
"one virtual machine to another. For example:"
2941
2963
msgstr ""
2942
2964
2943
#: serverguide/C/virtualization.xml:212(command)
2965
#: serverguide/C/virtualization.xml:184(command)
2944
2966
msgid ""
2945
2967
"sudo virt-clone -o web_devel -n database_devel -f "
2946
2968
"/path/to/database_devel.img \\ --connect=qemu:///system"
2947
2969
msgstr ""
2948
2970
2949
#: serverguide/C/virtualization.xml:218(para)
2971
#: serverguide/C/virtualization.xml:189(para)
2950
2972
msgid "<emphasis>-o:</emphasis> original virtual machine."
2951
2973
msgstr ""
2952
2974
2953
#: serverguide/C/virtualization.xml:222(para)
2975
#: serverguide/C/virtualization.xml:194(para)
2954
2976
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2955
2977
msgstr ""
2956
2978
2957
#: serverguide/C/virtualization.xml:227(para)
2979
#: serverguide/C/virtualization.xml:199(para)
2958
2980
msgid ""
2959
2981
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2960
2982
"be used by the new virtual machine."
2961
2983
msgstr ""
2962
2984
2963
#: serverguide/C/virtualization.xml:232(para)
2985
#: serverguide/C/virtualization.xml:204(para)
2964
2986
msgid ""
2965
2987
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2966
2988
msgstr ""
2967
2989
2968
#: serverguide/C/virtualization.xml:237(para)
2990
#: serverguide/C/virtualization.xml:209(para)
2969
2991
msgid ""
2970
2992
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2971
2993
"help troubleshoot problems with <application>virt-clone</application>."
2972
2994
msgstr ""
2973
2995
2974
#: serverguide/C/virtualization.xml:242(para)
2996
#: serverguide/C/virtualization.xml:214(para)
2975
2997
msgid ""
2976
2998
"Replace <emphasis>web_devel</emphasis> and "
2977
2999
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2978
3000
msgstr ""
2979
3001
2980
#: serverguide/C/virtualization.xml:249(title)
3002
#: serverguide/C/virtualization.xml:220(title)
2981
3003
msgid "Virtual Machine Management"
2982
3004
msgstr ""
2983
3005
2984
#: serverguide/C/virtualization.xml:252(title)
3006
#: serverguide/C/virtualization.xml:222(title)
2985
3007
msgid "virsh"
2986
3008
msgstr ""
2987
3009
2988
#: serverguide/C/virtualization.xml:254(para)
3010
#: serverguide/C/virtualization.xml:223(para)
2989
3011
msgid ""
2990
3012
"There are several utilities available to manage virtual machines and "
2991
3013
"<application>libvirt</application>. The <application>virsh</application> "
2992
3014
"utility can be used from the command line. Some examples:"
2993
3015
msgstr ""
2994
3016
2995
#: serverguide/C/virtualization.xml:261(para)
3017
#: serverguide/C/virtualization.xml:229(para)
2996
3018
msgid "To list running virtual machines:"
2997
3019
msgstr ""
2998
3020
2999
#: serverguide/C/virtualization.xml:264(command)
3021
#: serverguide/C/virtualization.xml:233(command)
3000
3022
msgid "virsh -c qemu:///system list"
3001
3023
msgstr ""
3002
3024
3003
#: serverguide/C/virtualization.xml:269(para)
3025
#: serverguide/C/virtualization.xml:237(para)
3004
3026
msgid "To start a virtual machine:"
3005
3027
msgstr ""
3006
3028
3007
#: serverguide/C/virtualization.xml:272(command)
3029
#: serverguide/C/virtualization.xml:241(command)
3008
3030
msgid "virsh -c qemu:///system start web_devel"
3009
3031
msgstr ""
3010
3032
3011
#: serverguide/C/virtualization.xml:277(para)
3033
#: serverguide/C/virtualization.xml:245(para)
3012
3034
msgid "Similarly, to start a virtual machine at boot:"
3013
3035
msgstr ""
3014
3036
3015
#: serverguide/C/virtualization.xml:280(command)
3037
#: serverguide/C/virtualization.xml:249(command)
3016
3038
msgid "virsh -c qemu:///system autostart web_devel"
3017
3039
msgstr ""
3018
3040
3019
#: serverguide/C/virtualization.xml:285(para)
3041
#: serverguide/C/virtualization.xml:253(para)
3020
3042
msgid "Reboot a virtual machine with:"
3021
3043
msgstr ""
3022
3044
3023
#: serverguide/C/virtualization.xml:288(command)
3045
#: serverguide/C/virtualization.xml:257(command)
3024
3046
msgid "virsh -c qemu:///system reboot web_devel"
3025
3047
msgstr ""
3026
3048
3027
#: serverguide/C/virtualization.xml:293(para)
3049
#: serverguide/C/virtualization.xml:261(para)
3028
3050
msgid ""
3029
3051
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3030
3052
"order to be restored later. The following will save the virtual machine "
3031
3053
"state into a file named according to the date:"
3032
3054
msgstr ""
3033
3055
3034
#: serverguide/C/virtualization.xml:299(command)
3056
#: serverguide/C/virtualization.xml:266(command)
3035
3057
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3036
3058
msgstr ""
3037
3059
3038
#: serverguide/C/virtualization.xml:302(para)
3060
#: serverguide/C/virtualization.xml:268(para)
3039
3061
msgid "Once saved the virtual machine will no longer be running."
3040
3062
msgstr ""
3041
3063
3042
#: serverguide/C/virtualization.xml:307(para)
3064
#: serverguide/C/virtualization.xml:273(para)
3043
3065
msgid "A saved virtual machine can be restored using:"
3044
3066
msgstr ""
3045
3067
3046
#: serverguide/C/virtualization.xml:310(command)
3068
#: serverguide/C/virtualization.xml:277(command)
3047
3069
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3048
3070
msgstr ""
3049
3071
3050
#: serverguide/C/virtualization.xml:315(para)
3072
#: serverguide/C/virtualization.xml:281(para)
3051
3073
msgid "To shutdown a virtual machine do:"
3052
3074
msgstr ""
3053
3075
3054
#: serverguide/C/virtualization.xml:318(command)
3076
#: serverguide/C/virtualization.xml:285(command)
3055
3077
msgid "virsh -c qemu:///system shutdown web_devel"
3056
3078
msgstr ""
3057
3079
3058
#: serverguide/C/virtualization.xml:323(para)
3080
#: serverguide/C/virtualization.xml:289(para)
3059
3081
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3060
3082
msgstr ""
3061
3083
3062
#: serverguide/C/virtualization.xml:327(command)
3084
#: serverguide/C/virtualization.xml:293(command)
3063
3085
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3064
3086
msgstr ""
3065
3087
3066
#: serverguide/C/virtualization.xml:333(para)
3088
#: serverguide/C/virtualization.xml:298(para)
3067
3089
msgid ""
3068
3090
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3069
3091
"appropriate virtual machine name, and <filename>web_devel-"
3070
3092
"022708.state</filename> with a descriptive file name."
3071
3093
msgstr ""
3072
3094
3073
#: serverguide/C/virtualization.xml:341(title)
3095
#: serverguide/C/virtualization.xml:305(title)
3074
3096
msgid "Virtual Machine Manager"
3075
3097
msgstr ""
3076
3098
3077
#: serverguide/C/virtualization.xml:343(para)
3099
#: serverguide/C/virtualization.xml:306(para)
3078
3100
msgid ""
3079
3101
"The <application>virt-manager</application> package contains a graphical "
3080
3102
"utility to manage local and remote virtual machines. To install virt-manager "
3081
3103
"enter:"
3082
3104
msgstr ""
3083
3105
3084
#: serverguide/C/virtualization.xml:348(command)
3106
#: serverguide/C/virtualization.xml:311(command)
3085
3107
msgid "sudo apt-get install virt-manager"
3086
3108
msgstr ""
3087
3109
3088
#: serverguide/C/virtualization.xml:351(para)
3110
#: serverguide/C/virtualization.xml:313(para)
3089
3111
msgid ""
3090
3112
"Since <application>virt-manager</application> requires a Graphical User "
3091
3113
"Interface (GUI) environment it is recommended to be installed on a "
3093
3115
"the local <application>libvirt</application> service enter:"
3094
3116
msgstr ""
3095
3117
3096
#: serverguide/C/virtualization.xml:358(command)
3118
#: serverguide/C/virtualization.xml:319(command)
3097
3119
msgid "virt-manager -c qemu:///system"
3098
3120
msgstr ""
3099
3121
3100
#: serverguide/C/virtualization.xml:361(para)
3122
#: serverguide/C/virtualization.xml:321(para)
3101
3123
msgid ""
3102
3124
"You can connect to the <application>libvirt</application> service running on "
3103
3125
"another host by entering the following in a terminal prompt:"
3104
3126
msgstr ""
3105
3127
3106
#: serverguide/C/virtualization.xml:366(command)
3128
#: serverguide/C/virtualization.xml:325(command)
3107
3129
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3108
3130
msgstr ""
3109
3131
3110
#: serverguide/C/virtualization.xml:370(para)
3132
#: serverguide/C/virtualization.xml:328(para)
3111
3133
msgid ""
3112
3134
"The above example assumes that <application>SSH</application> connectivity "
3113
3135
"between the management system and virtnode1.mydomain.com has already been "
3118
3140
"linkend=\"openssh-server\"/>"
3119
3141
msgstr ""
3120
3142
3121
#: serverguide/C/virtualization.xml:383(title)
3143
#: serverguide/C/virtualization.xml:338(title)
3122
3144
msgid "Virtual Machine Viewer"
3123
3145
msgstr ""
3124
3146
3125
#: serverguide/C/virtualization.xml:385(para)
3147
#: serverguide/C/virtualization.xml:339(para)
3126
3148
msgid ""
3127
3149
"The <application>virt-viewer</application> application allows you to connect "
3128
3150
"to a virtual machine's console. <application>virt-viewer</application> does "
3130
3152
"machine."
3131
3153
msgstr ""
3132
3154
3133
#: serverguide/C/virtualization.xml:390(para)
3155
#: serverguide/C/virtualization.xml:343(para)
3134
3156
msgid ""
3135
3157
"To install <application>virt-viewer</application> from a terminal enter:"
3136
3158
msgstr ""
3137
3159
3138
#: serverguide/C/virtualization.xml:394(command)
3160
#: serverguide/C/virtualization.xml:347(command)
3139
3161
msgid "sudo apt-get install virt-viewer"
3140
3162
msgstr ""
3141
3163
3142
#: serverguide/C/virtualization.xml:397(para)
3164
#: serverguide/C/virtualization.xml:349(para)
3143
3165
msgid ""
3144
3166
"Once a virtual machine is installed and running you can connect to the "
3145
3167
"virtual machine's console by using:"
3146
3168
msgstr ""
3147
3169
3148
#: serverguide/C/virtualization.xml:401(command)
3170
#: serverguide/C/virtualization.xml:353(command)
3149
3171
msgid "virt-viewer -c qemu:///system web_devel"
3150
3172
msgstr ""
3151
3173
3152
#: serverguide/C/virtualization.xml:404(para)
3174
#: serverguide/C/virtualization.xml:355(para)
3153
3175
msgid ""
3154
3176
"Similar to <application>virt-manager</application>, <application>virt-"
3155
3177
"viewer</application> can connect to a remote host using "
3156
3178
"<emphasis>SSH</emphasis> with key authentication, as well:"
3157
3179
msgstr ""
3158
3180
3159
#: serverguide/C/virtualization.xml:409(command)
3181
#: serverguide/C/virtualization.xml:360(command)
3160
3182
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3161
3183
msgstr ""
3162
3184
3163
#: serverguide/C/virtualization.xml:412(para)
3185
#: serverguide/C/virtualization.xml:362(para)
3164
3186
msgid ""
3165
3187
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3166
3188
"appropriate virtual machine name."
3172
3194
"can also setup <application>SSH</application> access to the virtual machine."
3173
3195
msgstr ""
3174
3196
3175
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:667(title) serverguide/C/virtualization.xml:738(title) serverguide/C/virtualization.xml:1792(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2112(title) serverguide/C/network-auth.xml:2646(title) serverguide/C/network-auth.xml:3362(title) serverguide/C/network-auth.xml:3915(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1160(title) serverguide/C/installation.xml:1365(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:864(title)
3197
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3176
3198
msgid "Resources"
3177
3199
msgstr ""
3178
3200
3182
3204
"more details."
3183
3205
msgstr ""
3184
3206
3185
#: serverguide/C/virtualization.xml:430(para)
3207
#: serverguide/C/virtualization.xml:379(para)
3186
3208
msgid ""
3187
3209
"For more information on <application>libvirt</application> see the <ulink "
3188
3210
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3189
3211
msgstr ""
3190
3212
3191
#: serverguide/C/virtualization.xml:436(para)
3213
#: serverguide/C/virtualization.xml:384(para)
3192
3214
msgid ""
3193
3215
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3194
3216
"Manager</ulink> site has more information on <application>virt-"
3195
3217
"manager</application> development."
3196
3218
msgstr ""
3197
3219
3198
#: serverguide/C/virtualization.xml:442(para)
3220
#: serverguide/C/virtualization.xml:390(para)
3199
3221
msgid ""
3200
3222
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3201
3223
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3202
3224
"technology in Ubuntu."
3203
3225
msgstr ""
3204
3226
3205
#: serverguide/C/virtualization.xml:448(para)
3227
#: serverguide/C/virtualization.xml:396(para)
3206
3228
msgid ""
3207
3229
"Another good resource is the <ulink "
3208
3230
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3209
3231
msgstr ""
3210
3232
3211
#: serverguide/C/virtualization.xml:454(para)
3233
#: serverguide/C/virtualization.xml:401(para)
3212
3234
msgid ""
3213
3235
"For information on Xen, including using Xen with libvirt, please see the "
3214
3236
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3219
3241
msgid "Cloud images and uvtool"
3220
3242
msgstr ""
3221
3243
3222
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1194(title)
3244
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3223
3245
msgid "Introduction"
3224
3246
msgstr "تعارف"
3225
3247
3534
3556
3535
3557
#: serverguide/C/virtualization.xml:658(para)
3536
3558
msgid ""
3537
"--run-script-one script_file : Run script_file as root on the VM the first "
3559
"--run-script-once script_file : Run script_file as root on the VM the first "
3538
3560
"time it is booted, but never again."
3539
3561
msgstr ""
3540
3562
3550
3572
"manpage of uvt-kvm"
3551
3573
msgstr ""
3552
3574
3553
#: serverguide/C/virtualization.xml:669(para)
3575
#: serverguide/C/virtualization.xml:1073(para)
3554
3576
msgid ""
3555
3577
"If you are interested in learning more, have questions or suggestions, "
3556
3578
"please contact the Ubuntu Server Team at:"
3557
3579
msgstr ""
3558
3580
3559
#: serverguide/C/virtualization.xml:674(para)
3581
#: serverguide/C/virtualization.xml:1078(para)
3560
3582
msgid "IRC: #ubuntu-server on freenode"
3561
3583
msgstr ""
3562
3584
3563
#: serverguide/C/virtualization.xml:678(para)
3585
#: serverguide/C/virtualization.xml:1083(para)
3564
3586
msgid ""
3565
3587
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3566
3588
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3567
3589
msgstr ""
3568
3590
3569
#: serverguide/C/virtualization.xml:687(title)
3591
#: serverguide/C/virtualization.xml:2121(title)
3570
3592
msgid "Ubuntu Cloud"
3571
3593
msgstr ""
3572
3594
3573
#: serverguide/C/virtualization.xml:689(para)
3595
#: serverguide/C/virtualization.xml:2122(para)
3574
3596
msgid ""
3575
3597
"<application>Cloud computing</application> is a computing model that allows "
3576
3598
"vast pools of resources to be allocated on-demand. These resources such as "
3594
3616
"concerning installation and configuration."
3595
3617
msgstr ""
3596
3618
3597
#: serverguide/C/virtualization.xml:711(title)
3619
#: serverguide/C/virtualization.xml:2452(title)
3598
3620
msgid "Support and Troubleshooting"
3599
3621
msgstr ""
3600
3622
3601
#: serverguide/C/virtualization.xml:713(para)
3623
#: serverguide/C/virtualization.xml:2453(para)
3602
3624
msgid "Community Support"
3603
3625
msgstr ""
3604
3626
3605
#: serverguide/C/virtualization.xml:717(ulink)
3627
#: serverguide/C/virtualization.xml:2457(ulink)
3606
3628
msgid "OpenStack Mailing list"
3607
3629
msgstr ""
3608
3630
3609
#: serverguide/C/virtualization.xml:722(ulink)
3631
#: serverguide/C/virtualization.xml:2462(ulink)
3610
3632
msgid "The OpenStack Wiki search"
3611
3633
msgstr ""
3612
3634
3613
#: serverguide/C/virtualization.xml:727(ulink)
3635
#: serverguide/C/virtualization.xml:2468(ulink)
3614
3636
msgid "Launchpad bugs area"
3615
3637
msgstr ""
3616
3638
3617
#: serverguide/C/virtualization.xml:732(para)
3639
#: serverguide/C/virtualization.xml:2472(para)
3618
3640
msgid "Join the IRC channel #openstack on freenode."
3619
3641
msgstr ""
3620
3642
3621
#: serverguide/C/virtualization.xml:743(ulink)
3643
#: serverguide/C/virtualization.xml:2486(ulink)
3622
3644
msgid "Cloud Computing - Service models"
3623
3645
msgstr ""
3624
3646
3625
#: serverguide/C/virtualization.xml:749(ulink)
3647
#: serverguide/C/virtualization.xml:2491(ulink)
3626
3648
msgid "OpenStack Compute"
3627
3649
msgstr ""
3628
3650
3629
#: serverguide/C/virtualization.xml:755(ulink)
3651
#: serverguide/C/virtualization.xml:2496(ulink)
3630
3652
msgid "OpenStack Image Service"
3631
3653
msgstr ""
3632
3654
3633
#: serverguide/C/virtualization.xml:761(ulink)
3655
#: serverguide/C/virtualization.xml:2501(ulink)
3634
3656
msgid "OpenStack Object Storage Administration Guide"
3635
3657
msgstr ""
3636
3658
3637
#: serverguide/C/virtualization.xml:767(ulink)
3659
#: serverguide/C/virtualization.xml:2506(ulink)
3638
3660
msgid "Installing OpenStack Object Storage on Ubuntu"
3639
3661
msgstr ""
3640
3662
3641
#: serverguide/C/virtualization.xml:773(ulink)
3663
#: serverguide/C/virtualization.xml:2511(ulink)
3642
3664
msgid "http://cloudglossary.com/"
3643
3665
msgstr ""
3644
3666
3645
#: serverguide/C/virtualization.xml:783(title)
3667
#: serverguide/C/virtualization.xml:2586(title)
3646
3668
msgid "LXC"
3647
3669
msgstr ""
3648
3670
3651
3673
"Containers are a lightweight virtualization technology. They are more akin "
3652
3674
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3653
3675
"because they do not emulate hardware and because containers share the same "
3654
"operating system as the host. Therefore containers are better compared to "
3655
"Solaris zones or BSD jails. Linux-vserver and OpenVZ are two pre-existing, "
3656
"independently developed implementations of containers-like functionality for "
3657
"Linux. In fact, containers came about as a result of the work to upstream "
3658
"the vserver and OpenVZ functionality."
3676
"operating system as the host. Containers are similar to Solaris zones or BSD "
3677
"jails. Linux-vserver and OpenVZ are two pre-existing, independently "
3678
"developed implementations of containers-like functionality for Linux. In "
3679
"fact, containers came about as a result of the work to upstream the vserver "
3680
"and OpenVZ functionality."
3659
3681
msgstr ""
3660
3682
3661
#: serverguide/C/virtualization.xml:795(para)
3683
#: serverguide/C/virtualization.xml:2602(para)
3662
3684
msgid ""
3663
3685
"There are two user-space implementations of containers, each exploiting the "
3664
3686
"same kernel features. Libvirt allows the use of containers through the LXC "
3676
3698
"Apparmor protection for libvirt-lxc containers."
3677
3699
msgstr ""
3678
3700
3679
#: serverguide/C/virtualization.xml:809(para)
3701
#: serverguide/C/virtualization.xml:2618(para)
3680
3702
msgid "In this document, a container name will be shown as CN, C1, or C2."
3681
3703
msgstr ""
3682
3704
3683
#: serverguide/C/virtualization.xml:815(para)
3705
#: serverguide/C/virtualization.xml:2624(para)
3684
3706
msgid "The <application>lxc</application> package can be installed using"
3685
3707
msgstr ""
3686
3708
3687
#: serverguide/C/virtualization.xml:819(command)
3709
#: serverguide/C/virtualization.xml:2629(command)
3688
3710
msgid "sudo apt-get install lxc"
3689
3711
msgstr ""
3690
3712
3925
3947
"commands using the \"-P|--lxcpath\" argument."
3926
3948
msgstr ""
3927
3949
3928
#: serverguide/C/virtualization.xml:1042(title) serverguide/C/network-config.xml:11(title)
3950
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3929
3951
msgid "Networking"
3930
3952
msgstr ""
3931
3953
4035
4057
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4036
4058
msgstr ""
4037
4059
4038
#: serverguide/C/virtualization.xml:1142(title)
4060
#: serverguide/C/virtualization.xml:3232(title)
4039
4061
msgid "Backing Stores"
4040
4062
msgstr ""
4041
4063
4162
4184
"lxc.container.conf for more information."
4163
4185
msgstr ""
4164
4186
4165
#: serverguide/C/virtualization.xml:1256(title)
4187
#: serverguide/C/virtualization.xml:2859(title)
4166
4188
msgid "Apparmor"
4167
4189
msgstr ""
4168
4190
4174
4196
"trigger</filename> or to most <filename>/sys</filename> files."
4175
4197
msgstr ""
4176
4198
4177
#: serverguide/C/virtualization.xml:1264(para)
4199
#: serverguide/C/virtualization.xml:2867(para)
4178
4200
msgid ""
4179
4201
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4180
4202
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4194
4216
"to enter the MySQL profile (to protect the container)."
4195
4217
msgstr ""
4196
4218
4197
#: serverguide/C/virtualization.xml:1280(para)
4219
#: serverguide/C/virtualization.xml:2926(para)
4198
4220
msgid ""
4199
4221
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4200
4222
"container it spawns will be confined."
4204
4226
msgid "Customizing container policies"
4205
4227
msgstr ""
4206
4228
4207
#: serverguide/C/virtualization.xml:1284(para)
4229
#: serverguide/C/virtualization.xml:2879(para)
4208
4230
msgid ""
4209
4231
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4210
4232
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4211
4233
"start profile by doing:"
4212
4234
msgstr ""
4213
4235
4214
#: serverguide/C/virtualization.xml:1288(screen)
4236
#: serverguide/C/virtualization.xml:2885(screen)
4215
4237
#, no-wrap
4216
4238
msgid ""
4217
4239
"\n"
4219
4241
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4220
4242
msgstr ""
4221
4243
4222
#: serverguide/C/virtualization.xml:1293(para)
4244
#: serverguide/C/virtualization.xml:2890(para)
4223
4245
msgid ""
4224
4246
"This will make <command>lxc-start</command> run unconfined, but continue to "
4225
4247
"confine the container itself. If you also wish to disable confinement of the "
4227
4249
"start</filename> profile, you must add:"
4228
4250
msgstr ""
4229
4251
4230
#: serverguide/C/virtualization.xml:1298(screen)
4252
#: serverguide/C/virtualization.xml:2897(screen)
4231
4253
#, no-wrap
4232
4254
msgid ""
4233
4255
"\n"
4286
4308
msgid "After creating the policy, load it using:"
4287
4309
msgstr ""
4288
4310
4289
#: serverguide/C/virtualization.xml:1348(screen)
4311
#: serverguide/C/virtualization.xml:2910(screen)
4290
4312
#, no-wrap
4291
4313
msgid ""
4292
4314
"\n"
4293
4315
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4294
4316
msgstr ""
4295
4317
4296
#: serverguide/C/virtualization.xml:1352(para)
4318
#: serverguide/C/virtualization.xml:2914(para)
4297
4319
msgid ""
4298
4320
"The profile will automatically be loaded after a reboot, because it is "
4299
4321
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4302
4324
"configuration file:"
4303
4325
msgstr ""
4304
4326
4305
#: serverguide/C/virtualization.xml:1359(screen)
4327
#: serverguide/C/virtualization.xml:2922(screen)
4306
4328
#, no-wrap
4307
4329
msgid ""
4308
4330
"\n"
4309
4331
"lxc.aa_profile = lxc-CN-profile\n"
4310
4332
msgstr ""
4311
4333
4312
#: serverguide/C/virtualization.xml:1367(title) serverguide/C/cgroups.xml:11(title)
4334
#: serverguide/C/virtualization.xml:2934(title)
4313
4335
msgid "Control Groups"
4314
4336
msgstr ""
4315
4337
4360
4382
"requests for which they are not authorized."
4361
4383
msgstr ""
4362
4384
4363
#: serverguide/C/virtualization.xml:1414(title)
4385
#: serverguide/C/virtualization.xml:3262(title)
4364
4386
msgid "Cloning"
4365
4387
msgstr ""
4366
4388
4403
4425
msgid "Given an existing container called C1, a copy can be created using:"
4404
4426
msgstr ""
4405
4427
4406
#: serverguide/C/virtualization.xml:1450(command)
4428
#: serverguide/C/virtualization.xml:3274(command)
4407
4429
msgid "sudo lxc-clone -o C1 -n C2"
4408
4430
msgstr ""
4409
4431
4411
4433
msgid "A snapshot can be created using"
4412
4434
msgstr ""
4413
4435
4414
#: serverguide/C/virtualization.xml:1457(command)
4436
#: serverguide/C/virtualization.xml:3288(command)
4415
4437
msgid "sudo lxc-clone -s -o C1 -n C2"
4416
4438
msgstr ""
4417
4439
4537
4559
"lxc package to serve as an example of how to write and use such hooks."
4538
4560
msgstr ""
4539
4561
4540
#: serverguide/C/virtualization.xml:1579(title)
4562
#: serverguide/C/virtualization.xml:3452(title)
4541
4563
msgid "Consoles"
4542
4564
msgstr ""
4543
4565
4555
4577
"3 from the host, use"
4556
4578
msgstr ""
4557
4579
4558
#: serverguide/C/virtualization.xml:1594(command)
4580
#: serverguide/C/virtualization.xml:3467(command)
4559
4581
msgid "sudo lxc-console -n container -t 3"
4560
4582
msgstr ""
4561
4583
4562
#: serverguide/C/virtualization.xml:1599(para)
4584
#: serverguide/C/virtualization.xml:3472(para)
4563
4585
msgid ""
4564
4586
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4565
4587
"console will be automatically chosen. To exit the console, use the escape "
4568
4590
"d</emphasis> option."
4569
4591
msgstr ""
4570
4592
4571
#: serverguide/C/virtualization.xml:1605(para)
4593
#: serverguide/C/virtualization.xml:3480(para)
4572
4594
msgid ""
4573
4595
"Each container console is actually a Unix98 pty in the host's (not the "
4574
4596
"guest's) pty mount, bind-mounted over the guest's "
4581
4603
"<filename>/dev</filename>."
4582
4604
msgstr ""
4583
4605
4584
#: serverguide/C/virtualization.xml:1617(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1702(title) serverguide/C/dns.xml:375(title)
4606
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4585
4607
msgid "Troubleshooting"
4586
4608
msgstr ""
4587
4609
4588
#: serverguide/C/virtualization.xml:1619(title) serverguide/C/network-auth.xml:765(title) serverguide/C/dns.xml:517(title)
4610
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4589
4611
msgid "Logging"
4590
4612
msgstr ""
4591
4613
4602
4624
"new log information will be appended."
4603
4625
msgstr ""
4604
4626
4605
#: serverguide/C/virtualization.xml:1635(title)
4627
#: serverguide/C/virtualization.xml:3414(title)
4606
4628
msgid "Monitoring container status"
4607
4629
msgstr ""
4608
4630
4609
#: serverguide/C/virtualization.xml:1637(para)
4631
#: serverguide/C/virtualization.xml:3416(para)
4610
4632
msgid ""
4611
4633
"Two commands are available to monitor container state changes. <command>lxc-"
4612
4634
"monitor</command> monitors one or more containers for any state changes. It "
4618
4640
"instance,"
4619
4641
msgstr ""
4620
4642
4621
#: serverguide/C/virtualization.xml:1647(command)
4643
#: serverguide/C/virtualization.xml:3429(command)
4622
4644
msgid "sudo lxc-monitor -n cont[0-5]*"
4623
4645
msgstr ""
4624
4646
4625
#: serverguide/C/virtualization.xml:1652(para)
4647
#: serverguide/C/virtualization.xml:3434(para)
4626
4648
msgid ""
4627
4649
"would print all state changes to any containers matching the listed regular "
4628
4650
"expression, whereas"
4629
4651
msgstr ""
4630
4652
4631
#: serverguide/C/virtualization.xml:1656(command)
4653
#: serverguide/C/virtualization.xml:3440(command)
4632
4654
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4633
4655
msgstr ""
4634
4656
4635
#: serverguide/C/virtualization.xml:1661(para)
4657
#: serverguide/C/virtualization.xml:3445(para)
4636
4658
msgid ""
4637
4659
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4638
4660
"then exit."
4718
4740
"True\n"
4719
4741
msgstr ""
4720
4742
4721
#: serverguide/C/virtualization.xml:1740(title) serverguide/C/security.xml:11(title)
4743
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4722
4744
msgid "Security"
4723
4745
msgstr ""
4724
4746
4725
#: serverguide/C/virtualization.xml:1742(para)
4747
#: serverguide/C/virtualization.xml:4351(para)
4726
4748
msgid ""
4727
4749
"A namespace maps ids to resources. By not providing a container any id with "
4728
4750
"which to reference a resource, the resource can be protected. This is the "
4744
4766
"host."
4745
4767
msgstr ""
4746
4768
4747
#: serverguide/C/virtualization.xml:1762(title)
4769
#: serverguide/C/virtualization.xml:4375(title)
4748
4770
msgid "Exploitable system calls"
4749
4771
msgstr ""
4750
4772
4780
4802
"loaded."
4781
4803
msgstr ""
4782
4804
4783
#: serverguide/C/virtualization.xml:1796(para)
4805
#: serverguide/C/virtualization.xml:4392(para)
4784
4806
msgid ""
4785
4807
"The DeveloperWorks article <ulink "
4786
4808
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4788
4810
"to the use of containers."
4789
4811
msgstr ""
4790
4812
4791
#: serverguide/C/virtualization.xml:1803(para)
4813
#: serverguide/C/virtualization.xml:4398(para)
4792
4814
msgid ""
4793
4815
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4794
4816
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4799
4821
msgid "Manual pages referenced above can be found at:"
4800
4822
msgstr ""
4801
4823
4802
#: serverguide/C/virtualization.xml:1812(ulink)
4824
#: serverguide/C/virtualization.xml:4407(ulink)
4803
4825
msgid "capabilities"
4804
4826
msgstr ""
4805
4827
4806
#: serverguide/C/virtualization.xml:1813(ulink)
4828
#: serverguide/C/virtualization.xml:4408(ulink)
4807
4829
msgid "lxc.conf"
4808
4830
msgstr ""
4809
4831
4813
4835
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4814
4836
msgstr ""
4815
4837
4816
#: serverguide/C/virtualization.xml:1823(para)
4838
#: serverguide/C/virtualization.xml:4420(para)
4817
4839
msgid ""
4818
4840
"LXC security issues are listed and discussed at <ulink "
4819
4841
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4926
4948
msgstr ""
4927
4949
4928
4950
#: serverguide/C/vcs.xml:92(command)
4929
msgid "sudo apt-get install git-core"
4951
msgid "sudo apt-get install git"
4930
4952
msgstr ""
4931
4953
4932
4954
#: serverguide/C/vcs.xml:97(para)
5039
5061
#: serverguide/C/vcs.xml:151(para)
5040
5062
msgid ""
5041
5063
"Now we want to let gitolite know about the repository administrator's public "
5042
"SSH key. This assumes that the current user is the repository administrator."
5064
"SSH key. This assumes that the current user is the repository administrator. "
5065
"If you have not yet configured an SSH key, refer to <xref linkend=\"openssh-"
5066
"keys\"/>"
5043
5067
msgstr ""
5044
5068
5045
#: serverguide/C/vcs.xml:155(command)
5069
#: serverguide/C/vcs.xml:156(command)
5046
5070
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5047
5071
msgstr ""
5048
5072
5049
#: serverguide/C/vcs.xml:157(para)
5073
#: serverguide/C/vcs.xml:158(para)
5050
5074
msgid ""
5051
5075
"Let's switch to the git user and import the administrator's key into "
5052
5076
"gitolite."
5053
5077
msgstr ""
5054
5078
5055
#: serverguide/C/vcs.xml:161(command)
5079
#: serverguide/C/vcs.xml:162(command)
5056
5080
msgid "sudo su - git"
5057
5081
msgstr ""
5058
5082
5059
#: serverguide/C/vcs.xml:162(command)
5083
#: serverguide/C/vcs.xml:163(command)
5060
5084
msgid "gl-setup /tmp/*.pub"
5061
5085
msgstr ""
5062
5086
5063
#: serverguide/C/vcs.xml:164(para)
5087
#: serverguide/C/vcs.xml:165(para)
5064
5088
msgid ""
5065
5089
"Gitolite will allow you to make initial changes to its configuration file "
5066
5090
"during the setup process. You can now clone and modify the gitolite "
5069
5093
"configuration repository:"
5070
5094
msgstr ""
5071
5095
5072
#: serverguide/C/vcs.xml:168(command)
5096
#: serverguide/C/vcs.xml:169(command)
5073
5097
msgid "exit"
5074
5098
msgstr ""
5075
5099
5076
#: serverguide/C/vcs.xml:169(command)
5100
#: serverguide/C/vcs.xml:170(command)
5077
5101
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5078
5102
msgstr ""
5079
5103
5080
#: serverguide/C/vcs.xml:170(command)
5104
#: serverguide/C/vcs.xml:171(command)
5081
5105
msgid "cd gitolite-admin"
5082
5106
msgstr ""
5083
5107
5084
#: serverguide/C/vcs.xml:172(para)
5108
#: serverguide/C/vcs.xml:173(para)
5085
5109
msgid ""
5086
5110
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5087
5111
"configuration files are in the conf dir, and the keydir directory contains "
5088
5112
"the list of user's public SSH keys."
5089
5113
msgstr ""
5090
5114
5091
#: serverguide/C/vcs.xml:175(title)
5115
#: serverguide/C/vcs.xml:176(title)
5092
5116
msgid "Managing gitolite users and repositories"
5093
5117
msgstr ""
5094
5118
5095
#: serverguide/C/vcs.xml:176(para)
5119
#: serverguide/C/vcs.xml:177(para)
5096
5120
msgid ""
5097
5121
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5098
5122
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5103
5127
"server with"
5104
5128
msgstr ""
5105
5129
5106
#: serverguide/C/vcs.xml:178(command)
5130
#: serverguide/C/vcs.xml:179(command)
5107
5131
msgid "git commit -a"
5108
5132
msgstr ""
5109
5133
5110
#: serverguide/C/vcs.xml:179(command)
5134
#: serverguide/C/vcs.xml:180(command)
5111
5135
msgid "git push origin master"
5112
5136
msgstr ""
5113
5137
5114
#: serverguide/C/vcs.xml:181(para)
5138
#: serverguide/C/vcs.xml:182(para)
5115
5139
msgid ""
5116
5140
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5117
5141
"is space separated, and simply specifies the list of repositories followed "
5118
5142
"by some access rules. The following is a default example"
5119
5143
msgstr ""
5120
5144
5121
#: serverguide/C/vcs.xml:182(programlisting)
5145
#: serverguide/C/vcs.xml:183(programlisting)
5122
5146
#, no-wrap
5123
5147
msgid ""
5124
5148
"\n"
5132
5156
" R = denise\n"
5133
5157
msgstr ""
5134
5158
5135
#: serverguide/C/vcs.xml:194(title)
5159
#: serverguide/C/vcs.xml:195(title)
5136
5160
msgid "Using your server"
5137
5161
msgstr ""
5138
5162
5139
#: serverguide/C/vcs.xml:195(para)
5163
#: serverguide/C/vcs.xml:196(para)
5140
5164
msgid ""
5141
5165
"To use the newly created server, users have to have the gitolite admin "
5142
5166
"import their public key into the gitolite configuration repository, they can "
5143
5167
"then access any project they have access to with the following command:"
5144
5168
msgstr ""
5145
5169
5146
#: serverguide/C/vcs.xml:197(command)
5170
#: serverguide/C/vcs.xml:198(command)
5147
5171
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5148
5172
msgstr ""
5149
5173
5150
#: serverguide/C/vcs.xml:199(para)
5174
#: serverguide/C/vcs.xml:200(para)
5151
5175
msgid ""
5152
5176
"Or add the server's project as a remote for an existing git repository:"
5153
5177
msgstr ""
5154
5178
5155
#: serverguide/C/vcs.xml:201(command)
5179
#: serverguide/C/vcs.xml:202(command)
5156
5180
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5157
5181
msgstr ""
5158
5182
5159
#: serverguide/C/vcs.xml:206(title)
5183
#: serverguide/C/vcs.xml:79(title)
5160
5184
msgid "Subversion"
5161
5185
msgstr ""
5162
5186
5163
#: serverguide/C/vcs.xml:207(para)
5187
#: serverguide/C/vcs.xml:80(para)
5164
5188
msgid ""
5165
5189
"Subversion is an open source version control system. Using Subversion, you "
5166
5190
"can record the history of source files and documents. It manages files and "
5169
5193
"remembers every change ever made to files and directories."
5170
5194
msgstr ""
5171
5195
5172
#: serverguide/C/vcs.xml:212(para)
5196
#: serverguide/C/vcs.xml:85(para)
5173
5197
msgid ""
5174
5198
"To access Subversion repository using the HTTP protocol, you must install "
5175
5199
"and configure a web server. Apache2 is proven to work with Subversion. "
5180
5204
"section to install and configure the digital certificate."
5181
5205
msgstr ""
5182
5206
5183
#: serverguide/C/vcs.xml:221(para)
5207
#: serverguide/C/vcs.xml:94(para)
5184
5208
msgid ""
5185
5209
"To install Subversion, run the following command from a terminal prompt:"
5186
5210
msgstr ""
5187
5211
5188
#: serverguide/C/vcs.xml:226(command)
5212
#: serverguide/C/vcs.xml:227(command)
5189
5213
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5190
5214
msgstr ""
5191
5215
5192
#: serverguide/C/vcs.xml:232(title)
5216
#: serverguide/C/vcs.xml:105(title)
5193
5217
msgid "Server Configuration"
5194
5218
msgstr ""
5195
5219
5196
#: serverguide/C/vcs.xml:233(para)
5220
#: serverguide/C/vcs.xml:106(para)
5197
5221
msgid ""
5198
5222
"This step assumes you have installed above mentioned packages on your "
5199
5223
"system. This section explains how to create a Subversion repository and "
5200
5224
"access the project."
5201
5225
msgstr ""
5202
5226
5203
#: serverguide/C/vcs.xml:236(title)
5227
#: serverguide/C/vcs.xml:109(title)
5204
5228
msgid "Create Subversion Repository"
5205
5229
msgstr ""
5206
5230
5207
#: serverguide/C/vcs.xml:237(para)
5231
#: serverguide/C/vcs.xml:110(para)
5208
5232
msgid ""
5209
5233
"The Subversion repository can be created using the following command from a "
5210
5234
"terminal prompt:"
5211
5235
msgstr ""
5212
5236
5213
#: serverguide/C/vcs.xml:241(command)
5237
#: serverguide/C/vcs.xml:114(command)
5214
5238
msgid "svnadmin create /path/to/repos/project"
5215
5239
msgstr ""
5216
5240
5217
#: serverguide/C/vcs.xml:246(title)
5241
#: serverguide/C/vcs.xml:119(title)
5218
5242
msgid "Importing Files"
5219
5243
msgstr ""
5220
5244
5221
#: serverguide/C/vcs.xml:247(para)
5245
#: serverguide/C/vcs.xml:120(para)
5222
5246
msgid ""
5223
5247
"Once you create the repository you can <emphasis>import</emphasis> files "
5224
5248
"into the repository. To import a directory, enter the following from a "
5228
5252
"</screen>"
5229
5253
msgstr ""
5230
5254
5231
#: serverguide/C/vcs.xml:259(title) serverguide/C/vcs.xml:264(title)
5255
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5232
5256
msgid "Access Methods"
5233
5257
msgstr ""
5234
5258
5235
#: serverguide/C/vcs.xml:260(para)
5259
#: serverguide/C/vcs.xml:133(para)
5236
5260
msgid ""
5237
5261
"Subversion repositories can be accessed (checked out) through many different "
5238
5262
"methods --on local disk, or through various network protocols. A repository "
5240
5264
"schemes map to the available access methods."
5241
5265
msgstr ""
5242
5266
5243
#: serverguide/C/vcs.xml:271(para)
5267
#: serverguide/C/vcs.xml:144(para)
5244
5268
msgid "Schema"
5245
5269
msgstr ""
5246
5270
5247
#: serverguide/C/vcs.xml:272(para)
5271
#: serverguide/C/vcs.xml:145(para)
5248
5272
msgid "Access Method"
5249
5273
msgstr ""
5250
5274
5251
#: serverguide/C/vcs.xml:277(para)
5275
#: serverguide/C/vcs.xml:150(para)
5252
5276
msgid "file://"
5253
5277
msgstr ""
5254
5278
5255
#: serverguide/C/vcs.xml:278(para)
5279
#: serverguide/C/vcs.xml:151(para)
5256
5280
msgid "direct repository access (on local disk)"
5257
5281
msgstr ""
5258
5282
5259
#: serverguide/C/vcs.xml:281(para)
5283
#: serverguide/C/vcs.xml:154(para)
5260
5284
msgid "http://"
5261
5285
msgstr ""
5262
5286
5263
#: serverguide/C/vcs.xml:282(para)
5287
#: serverguide/C/vcs.xml:155(para)
5264
5288
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5265
5289
msgstr ""
5266
5290
5267
#: serverguide/C/vcs.xml:285(para)
5291
#: serverguide/C/vcs.xml:158(para)
5268
5292
msgid "https://"
5269
5293
msgstr ""
5270
5294
5271
#: serverguide/C/vcs.xml:286(para)
5295
#: serverguide/C/vcs.xml:159(para)
5272
5296
msgid "Same as http://, but with SSL encryption"
5273
5297
msgstr ""
5274
5298
5275
#: serverguide/C/vcs.xml:289(para)
5299
#: serverguide/C/vcs.xml:162(para)
5276
5300
msgid "svn://"
5277
5301
msgstr ""
5278
5302
5279
#: serverguide/C/vcs.xml:290(para)
5303
#: serverguide/C/vcs.xml:163(para)
5280
5304
msgid "Access via custom protocol to an svnserve server"
5281
5305
msgstr ""
5282
5306
5283
#: serverguide/C/vcs.xml:293(para)
5307
#: serverguide/C/vcs.xml:166(para)
5284
5308
msgid "svn+ssh://"
5285
5309
msgstr ""
5286
5310
5287
#: serverguide/C/vcs.xml:294(para)
5311
#: serverguide/C/vcs.xml:167(para)
5288
5312
msgid "Same as svn://, but through an SSH tunnel"
5289
5313
msgstr ""
5290
5314
5291
#: serverguide/C/vcs.xml:300(para)
5315
#: serverguide/C/vcs.xml:173(para)
5292
5316
msgid ""
5293
5317
"In this section, we will see how to configure Subversion for all these "
5294
5318
"access methods. Here, we cover the basics. For more advanced usage details, "
5295
5319
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5296
5320
msgstr ""
5297
5321
5298
#: serverguide/C/vcs.xml:307(title)
5322
#: serverguide/C/vcs.xml:180(title)
5299
5323
msgid "Direct repository access (file://)"
5300
5324
msgstr ""
5301
5325
5302
#: serverguide/C/vcs.xml:308(para)
5326
#: serverguide/C/vcs.xml:181(para)
5303
5327
msgid ""
5304
5328
"This is the simplest of all access methods. It does not require any "
5305
5329
"Subversion server process to be running. This access method is used to "
5307
5331
"at a terminal prompt, is as follows:"
5308
5332
msgstr ""
5309
5333
5310
#: serverguide/C/vcs.xml:315(command)
5334
#: serverguide/C/vcs.xml:188(command)
5311
5335
msgid "svn co file:///path/to/repos/project"
5312
5336
msgstr ""
5313
5337
5314
#: serverguide/C/vcs.xml:318(para)
5338
#: serverguide/C/vcs.xml:191(para)
5315
5339
msgid "or"
5316
5340
msgstr ""
5317
5341
5318
#: serverguide/C/vcs.xml:321(command)
5342
#: serverguide/C/vcs.xml:194(command)
5319
5343
msgid "svn co file://localhost/path/to/repos/project"
5320
5344
msgstr ""
5321
5345
5322
#: serverguide/C/vcs.xml:325(para)
5346
#: serverguide/C/vcs.xml:198(para)
5323
5347
msgid ""
5324
5348
"If you do not specify the hostname, there are three forward slashes (///) -- "
5325
5349
"two for the protocol (file, in this case) plus the leading slash in the "
5326
5350
"path. If you specify the hostname, you must use two forward slashes (//)."
5327
5351
msgstr ""
5328
5352
5329
#: serverguide/C/vcs.xml:327(para)
5353
#: serverguide/C/vcs.xml:200(para)
5330
5354
msgid ""
5331
5355
"The repository permissions depend on filesystem permissions. If the user has "
5332
5356
"read/write permission, he can checkout from and commit to the repository."
5333
5357
msgstr ""
5334
5358
5335
#: serverguide/C/vcs.xml:330(title)
5359
#: serverguide/C/vcs.xml:203(title)
5336
5360
msgid "Access via WebDAV protocol (http://)"
5337
5361
msgstr ""
5338
5362
5339
#: serverguide/C/vcs.xml:331(para)
5363
#: serverguide/C/vcs.xml:332(para)
5340
5364
msgid ""
5341
5365
"To access the Subversion repository via WebDAV protocol, you must configure "
5342
5366
"your Apache 2 web server. Add the following snippet between the "
5346
5370
"another VirtualHost file:"
5347
5371
msgstr ""
5348
5372
5349
#: serverguide/C/vcs.xml:337(programlisting)
5373
#: serverguide/C/vcs.xml:338(programlisting)
5350
5374
#, no-wrap
5351
5375
msgid ""
5352
5376
"\n"
5360
5384
" </Location> \n"
5361
5385
msgstr ""
5362
5386
5363
#: serverguide/C/vcs.xml:348(para)
5387
#: serverguide/C/vcs.xml:349(para)
5364
5388
msgid ""
5365
5389
"The above configuration snippet assumes that Subversion repositories are "
5366
5390
"created under <filename>/path/to/repos</filename> directory using "
5369
5393
"<command>http://hostname/svn/repos_name</command> url."
5370
5394
msgstr ""
5371
5395
5372
#: serverguide/C/vcs.xml:354(para)
5396
#: serverguide/C/vcs.xml:355(para)
5373
5397
msgid ""
5374
5398
"Changing the apache configuration like the above requires to reload the "
5375
5399
"service with the following command"
5376
5400
msgstr ""
5377
5401
5378
#: serverguide/C/vcs.xml:359(command)
5402
#: serverguide/C/vcs.xml:360(command)
5379
5403
msgid "sudo service apache2 reload"
5380
5404
msgstr ""
5381
5405
5382
#: serverguide/C/vcs.xml:361(para)
5406
#: serverguide/C/vcs.xml:362(para)
5383
5407
msgid ""
5384
5408
"To import or commit files to your Subversion repository over HTTP, the "
5385
5409
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5387
5411
"repository files enter the following command from terminal prompt:"
5388
5412
msgstr ""
5389
5413
5390
#: serverguide/C/vcs.xml:370(command)
5414
#: serverguide/C/vcs.xml:236(command)
5391
5415
msgid "sudo chown -R www-data:www-data /path/to/repos"
5392
5416
msgstr ""
5393
5417
5394
#: serverguide/C/vcs.xml:373(para)
5418
#: serverguide/C/vcs.xml:239(para)
5395
5419
msgid ""
5396
5420
"By changing the ownership of repository as <command>www-data</command> you "
5397
5421
"will not be able to import or commit files into the repository by running "
5399
5423
"<command>www-data</command>."
5400
5424
msgstr ""
5401
5425
5402
#: serverguide/C/vcs.xml:382(para)
5426
#: serverguide/C/vcs.xml:248(para)
5403
5427
msgid ""
5404
5428
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5405
5429
"that will contain user authentication details. To create a file issue the "
5407
5431
"the first user):"
5408
5432
msgstr ""
5409
5433
5410
#: serverguide/C/vcs.xml:388(command)
5434
#: serverguide/C/vcs.xml:254(command)
5411
5435
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5412
5436
msgstr ""
5413
5437
5414
#: serverguide/C/vcs.xml:391(para)
5438
#: serverguide/C/vcs.xml:257(para)
5415
5439
msgid ""
5416
5440
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5417
5441
"option replaces the old file. Instead use this form:"
5418
5442
msgstr ""
5419
5443
5420
#: serverguide/C/vcs.xml:396(command)
5444
#: serverguide/C/vcs.xml:262(command)
5421
5445
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5422
5446
msgstr ""
5423
5447
5424
#: serverguide/C/vcs.xml:400(para)
5448
#: serverguide/C/vcs.xml:266(para)
5425
5449
msgid ""
5426
5450
"This command will prompt you to enter the password. Once you enter the "
5427
5451
"password, the user is added. Now, to access the repository you can run the "
5428
5452
"following command:"
5429
5453
msgstr ""
5430
5454
5431
#: serverguide/C/vcs.xml:401(command)
5455
#: serverguide/C/vcs.xml:267(command)
5432
5456
msgid "svn co http://servername/svn"
5433
5457
msgstr ""
5434
5458
5435
#: serverguide/C/vcs.xml:403(para)
5459
#: serverguide/C/vcs.xml:269(para)
5436
5460
msgid ""
5437
5461
"The password is transmitted as plain text. If you are worried about password "
5438
5462
"snooping, you are advised to use SSL encryption. For details, please refer "
5439
5463
"next section."
5440
5464
msgstr ""
5441
5465
5442
#: serverguide/C/vcs.xml:409(title)
5466
#: serverguide/C/vcs.xml:275(title)
5443
5467
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5444
5468
msgstr ""
5445
5469
5446
#: serverguide/C/vcs.xml:410(para)
5470
#: serverguide/C/vcs.xml:411(para)
5447
5471
msgid ""
5448
5472
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5449
5473
"(https://) is similar to http:// except that you must install and configure "
5454
5478
"configuration\"/>."
5455
5479
msgstr ""
5456
5480
5457
#: serverguide/C/vcs.xml:419(para)
5481
#: serverguide/C/vcs.xml:285(para)
5458
5482
msgid ""
5459
5483
"You can install a digital certificate issued by a signing authority. "
5460
5484
"Alternatively, you can install your own self-signed certificate."
5461
5485
msgstr ""
5462
5486
5463
#: serverguide/C/vcs.xml:424(para)
5487
#: serverguide/C/vcs.xml:290(para)
5464
5488
msgid ""
5465
5489
"This step assumes you have installed and configured a digital certificate in "
5466
5490
"your Apache 2 web server. Now, to access the Subversion repository, please "
5468
5492
"the protocol. You must use https:// to access the Subversion repository."
5469
5493
msgstr ""
5470
5494
5471
#: serverguide/C/vcs.xml:434(title)
5495
#: serverguide/C/vcs.xml:300(title)
5472
5496
msgid "Access via custom protocol (svn://)"
5473
5497
msgstr ""
5474
5498
5475
#: serverguide/C/vcs.xml:435(para)
5499
#: serverguide/C/vcs.xml:301(para)
5476
5500
msgid ""
5477
5501
"Once the Subversion repository is created, you can configure the access "
5478
5502
"control. You can edit the <filename> "
5481
5505
"following lines in the configuration file:"
5482
5506
msgstr ""
5483
5507
5484
#: serverguide/C/vcs.xml:442(programlisting)
5508
#: serverguide/C/vcs.xml:308(programlisting)
5485
5509
#, no-wrap
5486
5510
msgid ""
5487
5511
"# [general]\n"
5488
5512
"# password-db = passwd"
5489
5513
msgstr ""
5490
5514
5491
#: serverguide/C/vcs.xml:445(para)
5515
#: serverguide/C/vcs.xml:311(para)
5492
5516
msgid ""
5493
5517
"After uncommenting the above lines, you can maintain the user list in the "
5494
5518
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5495
5519
"directory and add the new user. The syntax is as follows:"
5496
5520
msgstr ""
5497
5521
5498
#: serverguide/C/vcs.xml:451(programlisting)
5522
#: serverguide/C/vcs.xml:317(programlisting)
5499
5523
#, no-wrap
5500
5524
msgid "username = password"
5501
5525
msgstr ""
5502
5526
5503
#: serverguide/C/vcs.xml:452(para)
5527
#: serverguide/C/vcs.xml:318(para)
5504
5528
msgid "For more details, please refer to the file."
5505
5529
msgstr ""
5506
5530
5507
#: serverguide/C/vcs.xml:456(para)
5531
#: serverguide/C/vcs.xml:322(para)
5508
5532
msgid ""
5509
5533
"Now, to access Subversion via the svn:// custom protocol, either from the "
5510
5534
"same machine or a different machine, you can run svnserver using svnserve "
5511
5535
"command. The syntax is as follows:"
5512
5536
msgstr ""
5513
5537
5514
#: serverguide/C/vcs.xml:461(programlisting)
5538
#: serverguide/C/vcs.xml:327(programlisting)
5515
5539
#, no-wrap
5516
5540
msgid ""
5517
5541
"$ svnserve -d --foreground -r /path/to/repos\n"
5523
5547
"$ svnserve --help"
5524
5548
msgstr ""
5525
5549
5526
#: serverguide/C/vcs.xml:469(para)
5550
#: serverguide/C/vcs.xml:335(para)
5527
5551
msgid ""
5528
5552
"Once you run this command, Subversion starts listening on default port "
5529
5553
"(3690). To access the project repository, you must run the following command "
5530
5554
"from a terminal prompt:"
5531
5555
msgstr ""
5532
5556
5533
#: serverguide/C/vcs.xml:472(command)
5557
#: serverguide/C/vcs.xml:338(command)
5534
5558
msgid "svn co svn://hostname/project project --username user_name"
5535
5559
msgstr ""
5536
5560
5537
#: serverguide/C/vcs.xml:475(para)
5561
#: serverguide/C/vcs.xml:341(para)
5538
5562
msgid ""
5539
5563
"Based on server configuration, it prompts for password. Once you are "
5540
5564
"authenticated, it checks out the code from Subversion repository. To "
5543
5567
"a terminal prompt, is as follows:"
5544
5568
msgstr ""
5545
5569
5546
#: serverguide/C/vcs.xml:483(command)
5570
#: serverguide/C/vcs.xml:349(command)
5547
5571
msgid "cd project_dir ; svn update"
5548
5572
msgstr ""
5549
5573
5550
#: serverguide/C/vcs.xml:486(para)
5574
#: serverguide/C/vcs.xml:352(para)
5551
5575
msgid ""
5552
5576
"For more details about using each Subversion sub-command, you can refer to "
5553
5577
"the manual. For example, to learn more about the co (checkout) command, "
5554
5578
"please run the following command from a terminal prompt:"
5555
5579
msgstr ""
5556
5580
5557
#: serverguide/C/vcs.xml:490(command)
5581
#: serverguide/C/vcs.xml:356(command)
5558
5582
msgid "svn co help"
5559
5583
msgstr ""
5560
5584
5561
#: serverguide/C/vcs.xml:494(title)
5585
#: serverguide/C/vcs.xml:495(title)
5562
5586
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5563
5587
msgstr ""
5564
5588
5565
#: serverguide/C/vcs.xml:495(para)
5589
#: serverguide/C/vcs.xml:361(para)
5566
5590
msgid ""
5567
5591
"The configuration and server process is same as in the svn:// method. For "
5568
5592
"details, please refer to the above section. This step assumes you have "
5570
5594
"<application>svnserve</application> command."
5571
5595
msgstr ""
5572
5596
5573
#: serverguide/C/vcs.xml:501(para)
5597
#: serverguide/C/vcs.xml:367(para)
5574
5598
msgid ""
5575
5599
"It is also assumed that the ssh server is running on that machine and that "
5576
5600
"it is allowing incoming connections. To confirm, please try to login to that "
5578
5602
"login, please address it before continuing further."
5579
5603
msgstr ""
5580
5604
5581
#: serverguide/C/vcs.xml:507(para)
5605
#: serverguide/C/vcs.xml:373(para)
5582
5606
msgid ""
5583
5607
"The svn+ssh:// protocol is used to access the Subversion repository using "
5584
5608
"SSL encryption. The data transfer is encrypted using this method. To access "
5586
5610
"following command syntax:"
5587
5611
msgstr ""
5588
5612
5589
#: serverguide/C/vcs.xml:514(command)
5613
#: serverguide/C/vcs.xml:515(command)
5590
5614
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5591
5615
msgstr ""
5592
5616
5593
#: serverguide/C/vcs.xml:518(para)
5617
#: serverguide/C/vcs.xml:384(para)
5594
5618
msgid ""
5595
5619
"You must use the full path (/path/to/repos/project) to access the Subversion "
5596
5620
"repository using this access method."
5597
5621
msgstr ""
5598
5622
5599
#: serverguide/C/vcs.xml:521(para)
5623
#: serverguide/C/vcs.xml:387(para)
5600
5624
msgid ""
5601
5625
"Based on server configuration, it prompts for password. You must enter the "
5602
5626
"password you use to login via ssh. Once you are authenticated, it checks out "
5603
5627
"the code from the Subversion repository."
5604
5628
msgstr ""
5605
5629
5606
#: serverguide/C/vcs.xml:536(ulink)
5630
#: serverguide/C/vcs.xml:539(ulink)
5607
5631
msgid "Bazaar Home Page"
5608
5632
msgstr ""
5609
5633
5610
#: serverguide/C/vcs.xml:541(ulink)
5634
#: serverguide/C/vcs.xml:540(ulink)
5611
5635
msgid "Launchpad"
5612
5636
msgstr ""
5613
5637
5614
#: serverguide/C/vcs.xml:546(ulink)
5638
#: serverguide/C/vcs.xml:547(ulink)
5615
5639
msgid "Git homepage"
5616
5640
msgstr ""
5617
5641
5618
#: serverguide/C/vcs.xml:551(ulink)
5642
#: serverguide/C/vcs.xml:552(ulink)
5619
5643
msgid "Gitolite"
5620
5644
msgstr ""
5621
5645
5622
#: serverguide/C/vcs.xml:556(ulink)
5646
#: serverguide/C/vcs.xml:541(ulink)
5623
5647
msgid "Subversion Home Page"
5624
5648
msgstr ""
5625
5649
5626
#: serverguide/C/vcs.xml:561(ulink)
5650
#: serverguide/C/vcs.xml:542(ulink)
5627
5651
msgid "Subversion Book"
5628
5652
msgstr ""
5629
5653
5630
#: serverguide/C/vcs.xml:566(ulink)
5654
#: serverguide/C/vcs.xml:545(ulink)
5631
5655
msgid "Easy Bazaar Ubuntu Wiki page"
5632
5656
msgstr ""
5633
5657
5634
#: serverguide/C/vcs.xml:571(ulink)
5658
#: serverguide/C/vcs.xml:546(ulink)
5635
5659
msgid "Ubuntu Wiki Subversion page"
5636
5660
msgstr ""
5637
5661
5697
5721
#: serverguide/C/serverguide.xml:17(para)
5698
5722
msgid ""
5699
5723
"Other contributors can be found in the revision history of the <ulink "
5700
"url=\"https://code.launchpad.net/serverguide\">serverguide</ulink> and "
5701
"<ulink url=\"https://code.launchpad.net/ubuntu-docs\">ubuntu-docs</ulink> "
5702
"bzr branches available on Launchpad."
5724
"url=\"https://bazaar.launchpad.net/~ubuntu-core-"
5725
"doc/serverguide/trunk/changes\">serverguide</ulink> and <ulink "
5726
"url=\"https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-"
5727
"docs/trunk/changes\">ubuntu-docs</ulink> bzr branches available on Launchpad."
5703
5728
msgstr ""
5704
5729
5705
5730
#: serverguide/C/serverguide.xml:12(para)
5791
5816
msgid "Configurations with root passwords are not supported."
5792
5817
msgstr ""
5793
5818
5794
#: serverguide/C/security.xml:42(command)
5819
#: serverguide/C/security.xml:37(command)
5795
5820
msgid "sudo passwd"
5796
5821
msgstr ""
5797
5822
5798
#: serverguide/C/security.xml:44(para)
5823
#: serverguide/C/security.xml:39(para)
5799
5824
msgid ""
5800
5825
"Sudo will prompt you for your password, and then ask you to supply a new "
5801
5826
"password for root as shown below:"
5802
5827
msgstr ""
5803
5828
5804
#: serverguide/C/security.xml:47(computeroutput)
5829
#: serverguide/C/security.xml:42(computeroutput)
5805
5830
#, no-wrap
5806
5831
msgid "[sudo] password for username:"
5807
5832
msgstr ""
5808
5833
5809
#: serverguide/C/security.xml:47(userinput)
5834
#: serverguide/C/security.xml:42(userinput)
5810
5835
#, no-wrap
5811
5836
msgid "(enter your own password)"
5812
5837
msgstr ""
5813
5838
5814
#: serverguide/C/security.xml:48(computeroutput)
5839
#: serverguide/C/security.xml:43(computeroutput)
5815
5840
#, no-wrap
5816
5841
msgid "Enter new UNIX password:"
5817
5842
msgstr ""
5818
5843
5819
#: serverguide/C/security.xml:48(userinput)
5844
#: serverguide/C/security.xml:43(userinput)
5820
5845
#, no-wrap
5821
5846
msgid "(enter a new password for root)"
5822
5847
msgstr ""
5823
5848
5824
#: serverguide/C/security.xml:49(computeroutput)
5849
#: serverguide/C/security.xml:44(computeroutput)
5825
5850
#, no-wrap
5826
5851
msgid "Retype new UNIX password:"
5827
5852
msgstr ""
5828
5853
5829
#: serverguide/C/security.xml:49(userinput)
5854
#: serverguide/C/security.xml:44(userinput)
5830
5855
#, no-wrap
5831
5856
msgid "(repeat new password for root)"
5832
5857
msgstr ""
5833
5858
5834
#: serverguide/C/security.xml:50(computeroutput)
5859
#: serverguide/C/security.xml:45(computeroutput)
5835
5860
#, no-wrap
5836
5861
msgid "passwd: password updated successfully"
5837
5862
msgstr ""
5841
5866
"To disable the root account password, use the following passwd syntax:"
5842
5867
msgstr ""
5843
5868
5844
#: serverguide/C/security.xml:58(command)
5869
#: serverguide/C/security.xml:53(command)
5845
5870
msgid "sudo passwd -l root"
5846
5871
msgstr ""
5847
5872
5854
5879
msgid "usermod --expiredate 1"
5855
5880
msgstr ""
5856
5881
5857
#: serverguide/C/security.xml:68(para)
5882
#: serverguide/C/security.xml:57(para)
5858
5883
msgid ""
5859
5884
"You should read more on <application>Sudo</application> by checking out it's "
5860
5885
"man page:"
5861
5886
msgstr ""
5862
5887
5863
#: serverguide/C/security.xml:72(command)
5888
#: serverguide/C/security.xml:61(command)
5864
5889
msgid "man sudo"
5865
5890
msgstr ""
5866
5891
5874
5899
"<emphasis>sudo</emphasis> group."
5875
5900
msgstr ""
5876
5901
5877
#: serverguide/C/security.xml:82(title)
5902
#: serverguide/C/security.xml:71(title)
5878
5903
msgid "Adding and Deleting Users"
5879
5904
msgstr ""
5880
5905
5881
#: serverguide/C/security.xml:83(para)
5906
#: serverguide/C/security.xml:72(para)
5882
5907
msgid ""
5883
5908
"The process for managing local users and groups is straight forward and "
5884
5909
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5886
5911
"package for account management."
5887
5912
msgstr ""
5888
5913
5889
#: serverguide/C/security.xml:88(para)
5914
#: serverguide/C/security.xml:77(para)
5890
5915
msgid ""
5891
5916
"To add a user account, use the following syntax, and follow the prompts to "
5892
5917
"give the account a password and identifiable characteristics such as a full "
5893
5918
"name, phone number, etc."
5894
5919
msgstr ""
5895
5920
5896
#: serverguide/C/security.xml:92(command)
5921
#: serverguide/C/security.xml:81(command)
5897
5922
msgid "sudo adduser username"
5898
5923
msgstr ""
5899
5924
5900
#: serverguide/C/security.xml:96(para)
5925
#: serverguide/C/security.xml:85(para)
5901
5926
msgid ""
5902
5927
"To delete a user account and its primary group, use the following syntax:"
5903
5928
msgstr ""
5904
5929
5905
#: serverguide/C/security.xml:100(command)
5930
#: serverguide/C/security.xml:89(command)
5906
5931
msgid "sudo deluser username"
5907
5932
msgstr ""
5908
5933
5909
#: serverguide/C/security.xml:102(para)
5934
#: serverguide/C/security.xml:91(para)
5910
5935
msgid ""
5911
5936
"Deleting an account does not remove their respective home folder. It is up "
5912
5937
"to you whether or not you wish to delete the folder manually or keep it "
5913
5938
"according to your desired retention policies."
5914
5939
msgstr ""
5915
5940
5916
#: serverguide/C/security.xml:105(para)
5941
#: serverguide/C/security.xml:94(para)
5917
5942
msgid ""
5918
5943
"Remember, any user added later on with the same UID/GID as the previous "
5919
5944
"owner will now have access to this folder if you have not taken the "
5920
5945
"necessary precautions."
5921
5946
msgstr ""
5922
5947
5923
#: serverguide/C/security.xml:108(para)
5948
#: serverguide/C/security.xml:97(para)
5924
5949
msgid ""
5925
5950
"You may want to change these UID/GID values to something more appropriate, "
5926
5951
"such as the root account, and perhaps even relocate the folder to avoid "
5927
5952
"future conflicts:"
5928
5953
msgstr ""
5929
5954
5930
#: serverguide/C/security.xml:112(command)
5955
#: serverguide/C/security.xml:101(command)
5931
5956
msgid "sudo chown -R root:root /home/username/"
5932
5957
msgstr ""
5933
5958
5934
#: serverguide/C/security.xml:113(command)
5959
#: serverguide/C/security.xml:102(command)
5935
5960
msgid "sudo mkdir /home/archived_users/"
5936
5961
msgstr ""
5937
5962
5938
#: serverguide/C/security.xml:114(command)
5963
#: serverguide/C/security.xml:103(command)
5939
5964
msgid "sudo mv /home/username /home/archived_users/"
5940
5965
msgstr ""
5941
5966
5942
#: serverguide/C/security.xml:118(para)
5967
#: serverguide/C/security.xml:107(para)
5943
5968
msgid ""
5944
5969
"To temporarily lock or unlock a user account, use the following syntax, "
5945
5970
"respectively:"
5946
5971
msgstr ""
5947
5972
5948
#: serverguide/C/security.xml:122(command)
5973
#: serverguide/C/security.xml:111(command)
5949
5974
msgid "sudo passwd -l username"
5950
5975
msgstr ""
5951
5976
5952
#: serverguide/C/security.xml:123(command)
5977
#: serverguide/C/security.xml:112(command)
5953
5978
msgid "sudo passwd -u username"
5954
5979
msgstr ""
5955
5980
5956
#: serverguide/C/security.xml:127(para)
5981
#: serverguide/C/security.xml:116(para)
5957
5982
msgid ""
5958
5983
"To add or delete a personalized group, use the following syntax, "
5959
5984
"respectively:"
5960
5985
msgstr ""
5961
5986
5962
#: serverguide/C/security.xml:131(command)
5987
#: serverguide/C/security.xml:120(command)
5963
5988
msgid "sudo addgroup groupname"
5964
5989
msgstr ""
5965
5990
5966
#: serverguide/C/security.xml:132(command)
5991
#: serverguide/C/security.xml:121(command)
5967
5992
msgid "sudo delgroup groupname"
5968
5993
msgstr ""
5969
5994
5970
#: serverguide/C/security.xml:136(para)
5995
#: serverguide/C/security.xml:125(para)
5971
5996
msgid "To add a user to a group, use the following syntax:"
5972
5997
msgstr ""
5973
5998
5974
#: serverguide/C/security.xml:140(command)
5999
#: serverguide/C/security.xml:129(command)
5975
6000
msgid "sudo adduser username groupname"
5976
6001
msgstr ""
5977
6002
5978
#: serverguide/C/security.xml:147(title)
6003
#: serverguide/C/security.xml:136(title)
5979
6004
msgid "User Profile Security"
5980
6005
msgstr ""
5981
6006
5982
#: serverguide/C/security.xml:148(para)
6007
#: serverguide/C/security.xml:137(para)
5983
6008
msgid ""
5984
6009
"When a new user is created, the adduser utility creates a brand new home "
5985
6010
"directory named <filename class=\"directory\">/home/username</filename>, "
5988
6013
"includes all profile basics."
5989
6014
msgstr ""
5990
6015
5991
#: serverguide/C/security.xml:151(para)
6016
#: serverguide/C/security.xml:140(para)
5992
6017
msgid ""
5993
6018
"If your server will be home to multiple users, you should pay close "
5994
6019
"attention to the user home directory permissions to ensure confidentiality. "
5998
6023
"your environment."
5999
6024
msgstr ""
6000
6025
6001
#: serverguide/C/security.xml:156(para)
6026
#: serverguide/C/security.xml:145(para)
6002
6027
msgid ""
6003
6028
"To verify your current users home directory permissions, use the following "
6004
6029
"syntax:"
6005
6030
msgstr ""
6006
6031
6007
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6032
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6008
6033
msgid "ls -ld /home/username"
6009
6034
msgstr ""
6010
6035
6011
#: serverguide/C/security.xml:162(para)
6036
#: serverguide/C/security.xml:151(para)
6012
6037
msgid ""
6013
6038
"The following output shows that the directory <filename "
6014
6039
"class=\"directory\">/home/username</filename> has world readable permissions:"
6015
6040
msgstr ""
6016
6041
6017
#: serverguide/C/security.xml:165(computeroutput)
6042
#: serverguide/C/security.xml:154(computeroutput)
6018
6043
#, no-wrap
6019
6044
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6020
6045
msgstr ""
6021
6046
6022
#: serverguide/C/security.xml:169(para)
6047
#: serverguide/C/security.xml:158(para)
6023
6048
msgid ""
6024
6049
"You can remove the world readable permissions using the following syntax:"
6025
6050
msgstr ""
6026
6051
6027
#: serverguide/C/security.xml:173(command)
6052
#: serverguide/C/security.xml:162(command)
6028
6053
msgid "sudo chmod 0750 /home/username"
6029
6054
msgstr ""
6030
6055
6031
#: serverguide/C/security.xml:176(para)
6056
#: serverguide/C/security.xml:165(para)
6032
6057
msgid ""
6033
6058
"Some people tend to use the recursive option (-R) indiscriminately which "
6034
6059
"modifies all child folders and files, but this is not necessary, and may "
6036
6061
"for preventing unauthorized access to anything below the parent."
6037
6062
msgstr ""
6038
6063
6039
#: serverguide/C/security.xml:180(para)
6064
#: serverguide/C/security.xml:169(para)
6040
6065
msgid ""
6041
6066
"A much more efficient approach to the matter would be to modify the "
6042
6067
"<application>adduser</application> global default permissions when creating "
6046
6071
"new home directories will receive the correct permissions."
6047
6072
msgstr ""
6048
6073
6049
#: serverguide/C/security.xml:183(programlisting)
6074
#: serverguide/C/security.xml:172(programlisting)
6050
6075
#, no-wrap
6051
6076
msgid ""
6052
6077
"\n"
6053
6078
"DIR_MODE=0750\n"
6054
6079
msgstr ""
6055
6080
6056
#: serverguide/C/security.xml:188(para)
6081
#: serverguide/C/security.xml:177(para)
6057
6082
msgid ""
6058
6083
"After correcting the directory permissions using any of the previously "
6059
6084
"mentioned techniques, verify the results using the following syntax:"
6060
6085
msgstr ""
6061
6086
6062
#: serverguide/C/security.xml:194(para)
6087
#: serverguide/C/security.xml:183(para)
6063
6088
msgid ""
6064
6089
"The results below show that world readable permissions have been removed:"
6065
6090
msgstr ""
6066
6091
6067
#: serverguide/C/security.xml:197(computeroutput)
6092
#: serverguide/C/security.xml:186(computeroutput)
6068
6093
#, no-wrap
6069
6094
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6070
6095
msgstr ""
6071
6096
6072
#: serverguide/C/security.xml:204(title)
6097
#: serverguide/C/security.xml:193(title)
6073
6098
msgid "Password Policy"
6074
6099
msgstr ""
6075
6100
6076
#: serverguide/C/security.xml:205(para)
6101
#: serverguide/C/security.xml:194(para)
6077
6102
msgid ""
6078
6103
"A strong password policy is one of the most important aspects of your "
6079
6104
"security posture. Many successful security breaches involve simple brute "
6083
6108
"password lifetimes, and frequent audits of your authentication systems."
6084
6109
msgstr ""
6085
6110
6086
#: serverguide/C/security.xml:209(title)
6111
#: serverguide/C/security.xml:198(title)
6087
6112
msgid "Minimum Password Length"
6088
6113
msgstr ""
6089
6114
6090
#: serverguide/C/security.xml:210(para)
6115
#: serverguide/C/security.xml:199(para)
6091
6116
msgid ""
6092
6117
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6093
6118
"well as some basic entropy checks. These values are controlled in the file "
6101
6126
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6102
6127
msgstr ""
6103
6128
6104
#: serverguide/C/security.xml:216(para)
6129
#: serverguide/C/security.xml:205(para)
6105
6130
msgid ""
6106
6131
"If you would like to adjust the minimum length to 8 characters, change the "
6107
6132
"appropriate variable to min=8. The modification is outlined below."
6115
6140
"minlen=8\n"
6116
6141
msgstr ""
6117
6142
6118
#: serverguide/C/security.xml:223(para)
6143
#: serverguide/C/security.xml:212(para)
6119
6144
msgid ""
6120
6145
"Basic password entropy checks and minimum length rules do not apply to the "
6121
6146
"administrator using sudo level commands to setup a new user."
6122
6147
msgstr ""
6123
6148
6124
#: serverguide/C/security.xml:229(title)
6149
#: serverguide/C/security.xml:218(title)
6125
6150
msgid "Password Expiration"
6126
6151
msgstr ""
6127
6152
6128
#: serverguide/C/security.xml:230(para)
6153
#: serverguide/C/security.xml:219(para)
6129
6154
msgid ""
6130
6155
"When creating user accounts, you should make it a policy to have a minimum "
6131
6156
"and maximum password age forcing users to change their passwords when they "
6132
6157
"expire."
6133
6158
msgstr ""
6134
6159
6135
#: serverguide/C/security.xml:235(para)
6160
#: serverguide/C/security.xml:224(para)
6136
6161
msgid ""
6137
6162
"To easily view the current status of a user account, use the following "
6138
6163
"syntax:"
6139
6164
msgstr ""
6140
6165
6141
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6166
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6142
6167
msgid "sudo chage -l username"
6143
6168
msgstr ""
6144
6169
6145
#: serverguide/C/security.xml:241(para)
6170
#: serverguide/C/security.xml:230(para)
6146
6171
msgid ""
6147
6172
"The output below shows interesting facts about the user account, namely that "
6148
6173
"there are no policies applied:"
6149
6174
msgstr ""
6150
6175
6151
#: serverguide/C/security.xml:244(computeroutput)
6176
#: serverguide/C/security.xml:233(computeroutput)
6152
6177
#, no-wrap
6153
6178
msgid ""
6154
6179
"Last password change : Jan 20, 2008\n"
6160
6185
"Number of days of warning before password expires : 7"
6161
6186
msgstr ""
6162
6187
6163
#: serverguide/C/security.xml:254(para)
6188
#: serverguide/C/security.xml:243(para)
6164
6189
msgid ""
6165
6190
"To set any of these values, simply use the following syntax, and follow the "
6166
6191
"interactive prompts:"
6167
6192
msgstr ""
6168
6193
6169
#: serverguide/C/security.xml:258(command)
6194
#: serverguide/C/security.xml:247(command)
6170
6195
msgid "sudo chage username"
6171
6196
msgstr ""
6172
6197
6173
#: serverguide/C/security.xml:260(para)
6198
#: serverguide/C/security.xml:249(para)
6174
6199
msgid ""
6175
6200
"The following is also an example of how you can manually change the explicit "
6176
6201
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6179
6204
"password expiration."
6180
6205
msgstr ""
6181
6206
6182
#: serverguide/C/security.xml:264(command)
6207
#: serverguide/C/security.xml:253(command)
6183
6208
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6184
6209
msgstr ""
6185
6210
6186
#: serverguide/C/security.xml:268(para)
6211
#: serverguide/C/security.xml:257(para)
6187
6212
msgid "To verify changes, use the same syntax as mentioned previously:"
6188
6213
msgstr ""
6189
6214
6190
#: serverguide/C/security.xml:274(para)
6215
#: serverguide/C/security.xml:263(para)
6191
6216
msgid ""
6192
6217
"The output below shows the new policies that have been established for the "
6193
6218
"account:"
6194
6219
msgstr ""
6195
6220
6196
#: serverguide/C/security.xml:277(computeroutput)
6221
#: serverguide/C/security.xml:266(computeroutput)
6197
6222
#, no-wrap
6198
6223
msgid ""
6199
6224
"Last password change : Jan 20, 2008\n"
6205
6230
"Number of days of warning before password expires : 14"
6206
6231
msgstr ""
6207
6232
6208
#: serverguide/C/security.xml:293(title)
6233
#: serverguide/C/security.xml:282(title)
6209
6234
msgid "Other Security Considerations"
6210
6235
msgstr ""
6211
6236
6212
#: serverguide/C/security.xml:294(para)
6237
#: serverguide/C/security.xml:283(para)
6213
6238
msgid ""
6214
6239
"Many applications use alternate authentication mechanisms that can be easily "
6215
6240
"overlooked by even experienced system administrators. Therefore, it is "
6217
6242
"to services and applications on your server."
6218
6243
msgstr ""
6219
6244
6220
#: serverguide/C/security.xml:299(title)
6245
#: serverguide/C/security.xml:288(title)
6221
6246
msgid "SSH Access by Disabled Users"
6222
6247
msgstr ""
6223
6248
6224
#: serverguide/C/security.xml:300(para)
6249
#: serverguide/C/security.xml:289(para)
6225
6250
msgid ""
6226
6251
"Simply disabling/locking a user account will not prevent a user from logging "
6227
6252
"into your server remotely if they have previously set up RSA public key "
6231
6256
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6232
6257
msgstr ""
6233
6258
6234
#: serverguide/C/security.xml:303(para)
6259
#: serverguide/C/security.xml:292(para)
6235
6260
msgid ""
6236
6261
"Remove or rename the directory <filename "
6237
6262
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6238
6263
"further SSH authentication capabilities."
6239
6264
msgstr ""
6240
6265
6241
#: serverguide/C/security.xml:306(para)
6266
#: serverguide/C/security.xml:295(para)
6242
6267
msgid ""
6243
6268
"Be sure to check for any established SSH connections by the disabled user, "
6244
6269
"as it is possible they may have existing inbound or outbound connections. "
6261
6286
"<placeholder-2/>\n"
6262
6287
msgstr ""
6263
6288
6264
#: serverguide/C/security.xml:313(para)
6289
#: serverguide/C/security.xml:298(para)
6265
6290
msgid ""
6266
6291
"Restrict SSH access to only user accounts that should have it. For example, "
6267
6292
"you may create a group called \"sshlogin\" and add the group name as the "
6269
6294
"the file <filename>/etc/ssh/sshd_config</filename>."
6270
6295
msgstr ""
6271
6296
6272
#: serverguide/C/security.xml:316(programlisting)
6297
#: serverguide/C/security.xml:301(programlisting)
6273
6298
#, no-wrap
6274
6299
msgid ""
6275
6300
"\n"
6276
6301
"AllowGroups sshlogin\n"
6277
6302
msgstr ""
6278
6303
6279
#: serverguide/C/security.xml:319(para)
6304
#: serverguide/C/security.xml:304(para)
6280
6305
msgid ""
6281
6306
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6282
6307
"SSH service."
6283
6308
msgstr ""
6284
6309
6285
#: serverguide/C/security.xml:323(command)
6310
#: serverguide/C/security.xml:308(command)
6286
6311
msgid "sudo adduser username sshlogin"
6287
6312
msgstr ""
6288
6313
6289
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6314
#: serverguide/C/security.xml:309(command)
6290
6315
msgid "sudo service ssh restart"
6291
6316
msgstr ""
6292
6317
6293
#: serverguide/C/security.xml:328(title)
6318
#: serverguide/C/security.xml:313(title)
6294
6319
msgid "External User Database Authentication"
6295
6320
msgstr ""
6296
6321
6297
#: serverguide/C/security.xml:329(para)
6322
#: serverguide/C/security.xml:314(para)
6298
6323
msgid ""
6299
6324
"Most enterprise networks require centralized authentication and access "
6300
6325
"controls for all system resources. If you have configured your server to "
6303
6328
"fallback authentication is not possible."
6304
6329
msgstr ""
6305
6330
6306
#: serverguide/C/security.xml:338(title)
6331
#: serverguide/C/security.xml:323(title)
6307
6332
msgid "Console Security"
6308
6333
msgstr ""
6309
6334
6310
#: serverguide/C/security.xml:339(para)
6335
#: serverguide/C/security.xml:324(para)
6311
6336
msgid ""
6312
6337
"As with any other security barrier you put in place to protect your server, "
6313
6338
"it is pretty tough to defend against untold damage caused by someone with "
6319
6344
"basic precautions with regard to console security."
6320
6345
msgstr ""
6321
6346
6322
#: serverguide/C/security.xml:342(para)
6347
#: serverguide/C/security.xml:327(para)
6323
6348
msgid ""
6324
6349
"The following instructions will help defend your server against issues that "
6325
6350
"could otherwise yield very serious consequences."
6326
6351
msgstr ""
6327
6352
6328
#: serverguide/C/security.xml:347(title)
6353
#: serverguide/C/security.xml:332(title)
6329
6354
msgid "Disable Ctrl+Alt+Delete"
6330
6355
msgstr ""
6331
6356
6332
#: serverguide/C/security.xml:348(para)
6357
#: serverguide/C/security.xml:333(para)
6333
6358
msgid ""
6334
6359
"First and foremost, anyone that has physical access to the keyboard can "
6335
6360
"simply use the "
6341
6366
"prevent accidental reboots at the same time."
6342
6367
msgstr ""
6343
6368
6344
#: serverguide/C/security.xml:353(para)
6369
#: serverguide/C/security.xml:338(para)
6345
6370
msgid ""
6346
6371
"To disable the reboot action taken by pressing the "
6347
6372
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6349
6374
"<filename>/etc/init/control-alt-delete.conf</filename>."
6350
6375
msgstr ""
6351
6376
6352
#: serverguide/C/security.xml:356(programlisting)
6377
#: serverguide/C/security.xml:341(programlisting)
6353
6378
#, no-wrap
6354
6379
msgid ""
6355
6380
"\n"
6356
6381
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6357
6382
msgstr ""
6358
6383
6359
#: serverguide/C/security.xml:365(title)
6384
#: serverguide/C/security.xml:350(title)
6360
6385
msgid "Firewall"
6361
6386
msgstr ""
6362
6387
6363
#: serverguide/C/security.xml:368(para)
6388
#: serverguide/C/security.xml:353(para)
6364
6389
msgid ""
6365
6390
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6366
6391
"which is used to manipulate or decide the fate of network traffic headed "
6368
6393
"system for packet filtering."
6369
6394
msgstr ""
6370
6395
6371
#: serverguide/C/security.xml:373(para)
6396
#: serverguide/C/security.xml:358(para)
6372
6397
msgid ""
6373
6398
"The kernel's packet filtering system would be of little use to "
6374
6399
"administrators without a userspace interface to manage it. This is the "
6379
6404
"but many frontends are available to simplify the task."
6380
6405
msgstr ""
6381
6406
6382
#: serverguide/C/security.xml:383(title)
6407
#: serverguide/C/security.xml:368(title)
6383
6408
msgid "ufw - Uncomplicated Firewall"
6384
6409
msgstr ""
6385
6410
6386
#: serverguide/C/security.xml:384(para)
6411
#: serverguide/C/security.xml:369(para)
6387
6412
msgid ""
6388
6413
"The default firewall configuration tool for Ubuntu is "
6389
6414
"<application>ufw</application>. Developed to ease iptables firewall "
6391
6416
"to create an IPv4 or IPv6 host-based firewall."
6392
6417
msgstr ""
6393
6418
6394
#: serverguide/C/security.xml:388(para)
6419
#: serverguide/C/security.xml:373(para)
6395
6420
msgid ""
6396
6421
"<application>ufw</application> by default is initially disabled. From the "
6397
6422
"<application>ufw</application> man page:"
6398
6423
msgstr ""
6399
6424
6400
#: serverguide/C/security.xml:392(quote)
6425
#: serverguide/C/security.xml:377(quote)
6401
6426
msgid ""
6402
6427
"ufw is not intended to provide complete firewall functionality via its "
6403
6428
"command interface, but instead provides an easy way to add or remove simple "
6404
6429
"rules. It is currently mainly used for host-based firewalls."
6405
6430
msgstr ""
6406
6431
6407
#: serverguide/C/security.xml:396(para)
6432
#: serverguide/C/security.xml:381(para)
6408
6433
msgid ""
6409
6434
"The following are some examples of how to use <application>ufw</application>:"
6410
6435
msgstr ""
6411
6436
6412
#: serverguide/C/security.xml:401(para)
6437
#: serverguide/C/security.xml:386(para)
6413
6438
msgid ""
6414
6439
"First, <application>ufw</application> needs to be enabled. From a terminal "
6415
6440
"prompt enter:"
6416
6441
msgstr ""
6417
6442
6418
#: serverguide/C/security.xml:405(command)
6443
#: serverguide/C/security.xml:390(command)
6419
6444
msgid "sudo ufw enable"
6420
6445
msgstr ""
6421
6446
6422
#: serverguide/C/security.xml:409(para)
6447
#: serverguide/C/security.xml:394(para)
6423
6448
msgid "To open a port (ssh in this example):"
6424
6449
msgstr ""
6425
6450
6426
#: serverguide/C/security.xml:413(command)
6451
#: serverguide/C/security.xml:398(command)
6427
6452
msgid "sudo ufw allow 22"
6428
6453
msgstr ""
6429
6454
6430
#: serverguide/C/security.xml:417(para)
6455
#: serverguide/C/security.xml:402(para)
6431
6456
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6432
6457
msgstr ""
6433
6458
6434
#: serverguide/C/security.xml:421(command)
6459
#: serverguide/C/security.xml:406(command)
6435
6460
msgid "sudo ufw insert 1 allow 80"
6436
6461
msgstr ""
6437
6462
6438
#: serverguide/C/security.xml:425(para)
6463
#: serverguide/C/security.xml:410(para)
6439
6464
msgid "Similarly, to close an opened port:"
6440
6465
msgstr ""
6441
6466
6442
#: serverguide/C/security.xml:429(command)
6467
#: serverguide/C/security.xml:414(command)
6443
6468
msgid "sudo ufw deny 22"
6444
6469
msgstr ""
6445
6470
6446
#: serverguide/C/security.xml:433(para)
6471
#: serverguide/C/security.xml:418(para)
6447
6472
msgid "To remove a rule, use delete followed by the rule:"
6448
6473
msgstr ""
6449
6474
6450
#: serverguide/C/security.xml:437(command)
6475
#: serverguide/C/security.xml:422(command)
6451
6476
msgid "sudo ufw delete deny 22"
6452
6477
msgstr ""
6453
6478
6454
#: serverguide/C/security.xml:441(para)
6479
#: serverguide/C/security.xml:426(para)
6455
6480
msgid ""
6456
6481
"It is also possible to allow access from specific hosts or networks to a "
6457
6482
"port. The following example allows ssh access from host 192.168.0.2 to any "
6458
6483
"ip address on this host:"
6459
6484
msgstr ""
6460
6485
6461
#: serverguide/C/security.xml:446(command)
6486
#: serverguide/C/security.xml:431(command)
6462
6487
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6463
6488
msgstr ""
6464
6489
6465
#: serverguide/C/security.xml:448(para)
6490
#: serverguide/C/security.xml:433(para)
6466
6491
msgid ""
6467
6492
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6468
6493
"subnet."
6469
6494
msgstr ""
6470
6495
6471
#: serverguide/C/security.xml:454(para)
6496
#: serverguide/C/security.xml:439(para)
6472
6497
msgid ""
6473
6498
"Adding the <emphasis>--dry-run</emphasis> option to a "
6474
6499
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6476
6501
"the HTTP port:"
6477
6502
msgstr ""
6478
6503
6479
#: serverguide/C/security.xml:460(command)
6504
#: serverguide/C/security.xml:445(command)
6480
6505
msgid "sudo ufw --dry-run allow http"
6481
6506
msgstr ""
6482
6507
6483
#: serverguide/C/security.xml:464(computeroutput)
6508
#: serverguide/C/security.xml:449(computeroutput)
6484
6509
#, no-wrap
6485
6510
msgid ""
6486
6511
"*filter\n"
6506
6531
"Rules updated"
6507
6532
msgstr ""
6508
6533
6509
#: serverguide/C/security.xml:488(para)
6534
#: serverguide/C/security.xml:473(para)
6510
6535
msgid "<application>ufw</application> can be disabled by:"
6511
6536
msgstr ""
6512
6537
6513
#: serverguide/C/security.xml:492(command)
6538
#: serverguide/C/security.xml:477(command)
6514
6539
msgid "sudo ufw disable"
6515
6540
msgstr ""
6516
6541
6517
#: serverguide/C/security.xml:496(para)
6542
#: serverguide/C/security.xml:481(para)
6518
6543
msgid "To see the firewall status, enter:"
6519
6544
msgstr ""
6520
6545
6521
#: serverguide/C/security.xml:500(command)
6546
#: serverguide/C/security.xml:485(command)
6522
6547
msgid "sudo ufw status"
6523
6548
msgstr ""
6524
6549
6525
#: serverguide/C/security.xml:504(para)
6550
#: serverguide/C/security.xml:489(para)
6526
6551
msgid "And for more verbose status information use:"
6527
6552
msgstr ""
6528
6553
6529
#: serverguide/C/security.xml:508(command)
6554
#: serverguide/C/security.xml:493(command)
6530
6555
msgid "sudo ufw status verbose"
6531
6556
msgstr ""
6532
6557
6533
#: serverguide/C/security.xml:512(para)
6558
#: serverguide/C/security.xml:497(para)
6534
6559
msgid "To view the <emphasis>numbered</emphasis> format:"
6535
6560
msgstr ""
6536
6561
6537
#: serverguide/C/security.xml:516(command)
6562
#: serverguide/C/security.xml:501(command)
6538
6563
msgid "sudo ufw status numbered"
6539
6564
msgstr ""
6540
6565
6541
#: serverguide/C/security.xml:521(para)
6566
#: serverguide/C/security.xml:506(para)
6542
6567
msgid ""
6543
6568
"If the port you want to open or close is defined in "
6544
6569
"<filename>/etc/services</filename>, you can use the port name instead of the "
6546
6571
"<emphasis>ssh</emphasis>."
6547
6572
msgstr ""
6548
6573
6549
#: serverguide/C/security.xml:527(para)
6574
#: serverguide/C/security.xml:512(para)
6550
6575
msgid ""
6551
6576
"This is a quick introduction to using <application>ufw</application>. Please "
6552
6577
"refer to the <application>ufw</application> man page for more information."
6553
6578
msgstr ""
6554
6579
6555
#: serverguide/C/security.xml:533(title)
6580
#: serverguide/C/security.xml:518(title)
6556
6581
msgid "ufw Application Integration"
6557
6582
msgstr ""
6558
6583
6559
#: serverguide/C/security.xml:535(para)
6584
#: serverguide/C/security.xml:520(para)
6560
6585
msgid ""
6561
6586
"Applications that open ports can include an <application>ufw</application> "
6562
6587
"profile, which details the ports needed for the application to function "
6565
6590
"the default ports have been changed."
6566
6591
msgstr ""
6567
6592
6568
#: serverguide/C/security.xml:544(para)
6593
#: serverguide/C/security.xml:529(para)
6569
6594
msgid ""
6570
6595
"To view which applications have installed a profile, enter the following in "
6571
6596
"a terminal:"
6572
6597
msgstr ""
6573
6598
6574
#: serverguide/C/security.xml:549(command)
6599
#: serverguide/C/security.xml:534(command)
6575
6600
msgid "sudo ufw app list"
6576
6601
msgstr ""
6577
6602
6578
#: serverguide/C/security.xml:555(para)
6603
#: serverguide/C/security.xml:540(para)
6579
6604
msgid ""
6580
6605
"Similar to allowing traffic to a port, using an application profile is "
6581
6606
"accomplished by entering:"
6582
6607
msgstr ""
6583
6608
6584
#: serverguide/C/security.xml:560(command)
6609
#: serverguide/C/security.xml:545(command)
6585
6610
msgid "sudo ufw allow Samba"
6586
6611
msgstr ""
6587
6612
6588
#: serverguide/C/security.xml:566(para)
6613
#: serverguide/C/security.xml:551(para)
6589
6614
msgid "An extended syntax is available as well:"
6590
6615
msgstr ""
6591
6616
6592
#: serverguide/C/security.xml:571(command)
6617
#: serverguide/C/security.xml:556(command)
6593
6618
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6594
6619
msgstr ""
6595
6620
6596
#: serverguide/C/security.xml:574(para)
6621
#: serverguide/C/security.xml:559(para)
6597
6622
msgid ""
6598
6623
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6599
6624
"with the application profile you are using and the IP range for your network."
6600
6625
msgstr ""
6601
6626
6602
#: serverguide/C/security.xml:580(para)
6627
#: serverguide/C/security.xml:565(para)
6603
6628
msgid ""
6604
6629
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6605
6630
"application, because that information is detailed in the profile. Also, note "
6607
6632
"<emphasis>port</emphasis> number."
6608
6633
msgstr ""
6609
6634
6610
#: serverguide/C/security.xml:589(para)
6635
#: serverguide/C/security.xml:574(para)
6611
6636
msgid ""
6612
6637
"To view details about which ports, protocols, etc are defined for an "
6613
6638
"application, enter:"
6614
6639
msgstr ""
6615
6640
6616
#: serverguide/C/security.xml:594(command)
6641
#: serverguide/C/security.xml:579(command)
6617
6642
msgid "sudo ufw app info Samba"
6618
6643
msgstr ""
6619
6644
6620
#: serverguide/C/security.xml:600(para)
6645
#: serverguide/C/security.xml:585(para)
6621
6646
msgid ""
6622
6647
"Not all applications that require opening a network port come with "
6623
6648
"<application>ufw</application> profiles, but if you have profiled an "
6625
6650
"bug against the package in Launchpad."
6626
6651
msgstr ""
6627
6652
6628
#: serverguide/C/security.xml:606(command)
6653
#: serverguide/C/security.xml:591(command)
6629
6654
msgid "ubuntu-bug nameofpackage"
6630
6655
msgstr ""
6631
6656
6632
#: serverguide/C/security.xml:612(title)
6657
#: serverguide/C/security.xml:597(title)
6633
6658
msgid "IP Masquerading"
6634
6659
msgstr ""
6635
6660
6636
#: serverguide/C/security.xml:613(para)
6661
#: serverguide/C/security.xml:598(para)
6637
6662
msgid ""
6638
6663
"The purpose of IP Masquerading is to allow machines with private, non-"
6639
6664
"routable IP addresses on your network to access the Internet through the "
6650
6675
"to in Microsoft documentation as Internet Connection Sharing."
6651
6676
msgstr ""
6652
6677
6653
#: serverguide/C/security.xml:629(title)
6678
#: serverguide/C/security.xml:614(title)
6654
6679
msgid "ufw Masquerading"
6655
6680
msgstr ""
6656
6681
6657
#: serverguide/C/security.xml:630(para)
6682
#: serverguide/C/security.xml:615(para)
6658
6683
msgid ""
6659
6684
"IP Masquerading can be achieved using custom <application>ufw</application> "
6660
6685
"rules. This is possible because the current back-end for "
6665
6690
"that are more network gateway or bridge related."
6666
6691
msgstr ""
6667
6692
6668
#: serverguide/C/security.xml:636(para)
6693
#: serverguide/C/security.xml:621(para)
6669
6694
msgid ""
6670
6695
"The rules are split into two different files, rules that should be executed "
6671
6696
"before <application>ufw</application> command line rules, and rules that are "
6672
6697
"executed after <application>ufw</application> command line rules."
6673
6698
msgstr ""
6674
6699
6675
#: serverguide/C/security.xml:642(para)
6700
#: serverguide/C/security.xml:627(para)
6676
6701
msgid ""
6677
6702
"First, packet forwarding needs to be enabled in "
6678
6703
"<application>ufw</application>. Two configuration files will need to be "
6680
6705
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6681
6706
msgstr ""
6682
6707
6683
#: serverguide/C/security.xml:646(programlisting)
6708
#: serverguide/C/security.xml:631(programlisting)
6684
6709
#, no-wrap
6685
6710
msgid ""
6686
6711
"\n"
6687
6712
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6688
6713
msgstr ""
6689
6714
6690
#: serverguide/C/security.xml:649(para)
6715
#: serverguide/C/security.xml:634(para)
6691
6716
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6692
6717
msgstr ""
6693
6718
6694
#: serverguide/C/security.xml:652(programlisting)
6719
#: serverguide/C/security.xml:637(programlisting)
6695
6720
#, no-wrap
6696
6721
msgid ""
6697
6722
"\n"
6698
6723
"net/ipv4/ip_forward=1\n"
6699
6724
msgstr ""
6700
6725
6701
#: serverguide/C/security.xml:655(para)
6726
#: serverguide/C/security.xml:640(para)
6702
6727
msgid "Similarly, for IPv6 forwarding uncomment:"
6703
6728
msgstr ""
6704
6729
6705
#: serverguide/C/security.xml:658(programlisting)
6730
#: serverguide/C/security.xml:643(programlisting)
6706
6731
#, no-wrap
6707
6732
msgid ""
6708
6733
"\n"
6709
6734
"net/ipv6/conf/default/forwarding=1\n"
6710
6735
msgstr ""
6711
6736
6712
#: serverguide/C/security.xml:663(para)
6737
#: serverguide/C/security.xml:648(para)
6713
6738
msgid ""
6714
6739
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6715
6740
"file. The default rules only configure the <emphasis>filter</emphasis> "
6718
6743
"the header comments:"
6719
6744
msgstr ""
6720
6745
6721
#: serverguide/C/security.xml:668(programlisting)
6746
#: serverguide/C/security.xml:653(programlisting)
6722
6747
#, no-wrap
6723
6748
msgid ""
6724
6749
"\n"
6734
6759
"COMMIT\n"
6735
6760
msgstr ""
6736
6761
6737
#: serverguide/C/security.xml:679(para)
6762
#: serverguide/C/security.xml:664(para)
6738
6763
msgid ""
6739
6764
"The comments are not strictly necessary, but it is considered good practice "
6740
6765
"to document your configuration. Also, when modifying any of the "
6743
6768
"line for each table modified:"
6744
6769
msgstr ""
6745
6770
6746
#: serverguide/C/security.xml:685(programlisting)
6771
#: serverguide/C/security.xml:670(programlisting)
6747
6772
#, no-wrap
6748
6773
msgid ""
6749
6774
"\n"
6751
6776
"COMMIT\n"
6752
6777
msgstr ""
6753
6778
6754
#: serverguide/C/security.xml:690(para)
6779
#: serverguide/C/security.xml:675(para)
6755
6780
msgid ""
6756
6781
"For each <emphasis>Table</emphasis> a corresponding "
6757
6782
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6760
6785
"<emphasis>mangle</emphasis> tables."
6761
6786
msgstr ""
6762
6787
6763
#: serverguide/C/security.xml:697(para)
6788
#: serverguide/C/security.xml:682(para)
6764
6789
msgid ""
6765
6790
"In the above example replace <emphasis>eth0</emphasis>, "
6766
6791
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6767
6792
"appropriate interfaces and IP range for your network."
6768
6793
msgstr ""
6769
6794
6770
#: serverguide/C/security.xml:705(para)
6795
#: serverguide/C/security.xml:690(para)
6771
6796
msgid ""
6772
6797
"Finally, disable and re-enable <application>ufw</application> to apply the "
6773
6798
"changes:"
6774
6799
msgstr ""
6775
6800
6776
#: serverguide/C/security.xml:709(command)
6801
#: serverguide/C/security.xml:694(command)
6777
6802
msgid "sudo ufw disable && sudo ufw enable"
6778
6803
msgstr ""
6779
6804
6780
#: serverguide/C/security.xml:713(para)
6805
#: serverguide/C/security.xml:698(para)
6781
6806
msgid ""
6782
6807
"IP Masquerading should now be enabled. You can also add any additional "
6783
6808
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6785
6810
"forward</emphasis> chain."
6786
6811
msgstr ""
6787
6812
6788
#: serverguide/C/security.xml:720(title)
6813
#: serverguide/C/security.xml:705(title)
6789
6814
msgid "iptables Masquerading"
6790
6815
msgstr ""
6791
6816
6792
#: serverguide/C/security.xml:721(para)
6817
#: serverguide/C/security.xml:706(para)
6793
6818
msgid ""
6794
6819
"<application>iptables</application> can also be used to enable Masquerading."
6795
6820
msgstr ""
6796
6821
6797
#: serverguide/C/security.xml:726(para)
6822
#: serverguide/C/security.xml:711(para)
6798
6823
msgid ""
6799
6824
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6800
6825
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6801
6826
"uncomment the following line"
6802
6827
msgstr ""
6803
6828
6804
#: serverguide/C/security.xml:730(programlisting)
6829
#: serverguide/C/security.xml:715(programlisting)
6805
6830
#, no-wrap
6806
6831
msgid ""
6807
6832
"\n"
6808
6833
"net.ipv4.ip_forward=1\n"
6809
6834
msgstr ""
6810
6835
6811
#: serverguide/C/security.xml:733(para)
6836
#: serverguide/C/security.xml:718(para)
6812
6837
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6813
6838
msgstr ""
6814
6839
6815
#: serverguide/C/security.xml:736(programlisting)
6840
#: serverguide/C/security.xml:721(programlisting)
6816
6841
#, no-wrap
6817
6842
msgid ""
6818
6843
"\n"
6819
6844
"net.ipv6.conf.default.forwarding=1\n"
6820
6845
msgstr ""
6821
6846
6822
#: serverguide/C/security.xml:741(para)
6847
#: serverguide/C/security.xml:726(para)
6823
6848
msgid ""
6824
6849
"Next, execute the <application>sysctl</application> command to enable the "
6825
6850
"new settings in the configuration file:"
6826
6851
msgstr ""
6827
6852
6828
#: serverguide/C/security.xml:745(command)
6853
#: serverguide/C/security.xml:730(command)
6829
6854
msgid "sudo sysctl -p"
6830
6855
msgstr ""
6831
6856
6832
#: serverguide/C/security.xml:749(para)
6857
#: serverguide/C/security.xml:734(para)
6833
6858
msgid ""
6834
6859
"IP Masquerading can now be accomplished with a single iptables rule, which "
6835
6860
"may differ slightly based on your network configuration:"
6836
6861
msgstr ""
6837
6862
6838
#: serverguide/C/security.xml:752(screen)
6863
#: serverguide/C/security.xml:737(screen)
6839
6864
#, no-wrap
6840
6865
msgid ""
6841
6866
"\n"
6842
6867
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6843
6868
msgstr ""
6844
6869
6845
#: serverguide/C/security.xml:755(para)
6870
#: serverguide/C/security.xml:740(para)
6846
6871
msgid ""
6847
6872
"The above command assumes that your private address space is 192.168.0.0/16 "
6848
6873
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6849
6874
"follows:"
6850
6875
msgstr ""
6851
6876
6852
#: serverguide/C/security.xml:760(para)
6877
#: serverguide/C/security.xml:745(para)
6853
6878
msgid "-t nat -- the rule is to go into the nat table"
6854
6879
msgstr ""
6855
6880
6856
#: serverguide/C/security.xml:761(para)
6881
#: serverguide/C/security.xml:746(para)
6857
6882
msgid ""
6858
6883
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6859
6884
msgstr ""
6860
6885
6861
#: serverguide/C/security.xml:762(para)
6886
#: serverguide/C/security.xml:747(para)
6862
6887
msgid ""
6863
6888
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6864
6889
"specified address space"
6865
6890
msgstr ""
6866
6891
6867
#: serverguide/C/security.xml:763(para)
6892
#: serverguide/C/security.xml:748(para)
6868
6893
msgid ""
6869
6894
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6870
6895
"specified network device"
6871
6896
msgstr ""
6872
6897
6873
#: serverguide/C/security.xml:765(para)
6898
#: serverguide/C/security.xml:750(para)
6874
6899
msgid ""
6875
6900
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6876
6901
"MASQUERADE target to be manipulated as described above"
6877
6902
msgstr ""
6878
6903
6879
#: serverguide/C/security.xml:773(para)
6904
#: serverguide/C/security.xml:758(para)
6880
6905
msgid ""
6881
6906
"Also, each chain in the filter table (the default table, and where most or "
6882
6907
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6886
6911
"above rule to work:"
6887
6912
msgstr ""
6888
6913
6889
#: serverguide/C/security.xml:780(screen)
6914
#: serverguide/C/security.xml:765(screen)
6890
6915
#, no-wrap
6891
6916
msgid ""
6892
6917
"\n"
6895
6920
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6896
6921
msgstr ""
6897
6922
6898
#: serverguide/C/security.xml:785(para)
6923
#: serverguide/C/security.xml:770(para)
6899
6924
msgid ""
6900
6925
"The above commands will allow all connections from your local network to the "
6901
6926
"Internet and all traffic related to those connections to return to the "
6902
6927
"machine that initiated them."
6903
6928
msgstr ""
6904
6929
6905
#: serverguide/C/security.xml:792(para)
6930
#: serverguide/C/security.xml:777(para)
6906
6931
msgid ""
6907
6932
"If you want masquerading to be enabled on reboot, which you probably do, "
6908
6933
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6909
6934
"example add the first command with no filtering:"
6910
6935
msgstr ""
6911
6936
6912
#: serverguide/C/security.xml:796(screen)
6937
#: serverguide/C/security.xml:781(screen)
6913
6938
#, no-wrap
6914
6939
msgid ""
6915
6940
"\n"
6916
6941
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6917
6942
msgstr ""
6918
6943
6919
#: serverguide/C/security.xml:804(title)
6944
#: serverguide/C/security.xml:789(title)
6920
6945
msgid "Logs"
6921
6946
msgstr ""
6922
6947
6923
#: serverguide/C/security.xml:805(para)
6948
#: serverguide/C/security.xml:790(para)
6924
6949
msgid ""
6925
6950
"Firewall logs are essential for recognizing attacks, troubleshooting your "
6926
6951
"firewall rules, and noticing unusual activity on your network. You must "
6930
6955
"REJECT)."
6931
6956
msgstr ""
6932
6957
6933
#: serverguide/C/security.xml:812(para)
6958
#: serverguide/C/security.xml:797(para)
6934
6959
msgid ""
6935
6960
"If you are using <application>ufw</application>, you can turn on logging by "
6936
6961
"entering the following in a terminal:"
6937
6962
msgstr ""
6938
6963
6939
#: serverguide/C/security.xml:816(command)
6964
#: serverguide/C/security.xml:801(command)
6940
6965
msgid "sudo ufw logging on"
6941
6966
msgstr ""
6942
6967
6943
#: serverguide/C/security.xml:818(para)
6968
#: serverguide/C/security.xml:803(para)
6944
6969
msgid ""
6945
6970
"To turn logging off in <application>ufw</application>, simply replace "
6946
6971
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
6947
6972
"role=\"italic\">off</emphasis> in the above command."
6948
6973
msgstr ""
6949
6974
6950
#: serverguide/C/security.xml:821(para)
6975
#: serverguide/C/security.xml:806(para)
6951
6976
msgid ""
6952
6977
"If using <application>iptables</application> instead of "
6953
6978
"<application>ufw</application>, enter:"
6954
6979
msgstr ""
6955
6980
6956
#: serverguide/C/security.xml:824(screen)
6981
#: serverguide/C/security.xml:809(screen)
6957
6982
#, no-wrap
6958
6983
msgid ""
6959
6984
"\n"
6961
6986
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
6962
6987
msgstr ""
6963
6988
6964
#: serverguide/C/security.xml:828(para)
6989
#: serverguide/C/security.xml:813(para)
6965
6990
msgid ""
6966
6991
"A request on port 80 from the local machine, then, would generate a log in "
6967
6992
"dmesg that looks like this (single line split into 3 to fit this document):"
6977
7002
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
6978
7003
msgstr ""
6979
7004
6980
#: serverguide/C/security.xml:836(para)
7005
#: serverguide/C/security.xml:822(para)
6981
7006
msgid ""
6982
7007
"The above log will also appear in <filename>/var/log/messages</filename>, "
6983
7008
"<filename>/var/log/syslog</filename>, and "
6994
7019
"or <application>lire</application>."
6995
7020
msgstr ""
6996
7021
6997
#: serverguide/C/security.xml:851(title)
7022
#: serverguide/C/security.xml:837(title)
6998
7023
msgid "Other Tools"
6999
7024
msgstr ""
7000
7025
7001
#: serverguide/C/security.xml:852(para)
7026
#: serverguide/C/security.xml:838(para)
7002
7027
msgid ""
7003
7028
"There are many tools available to help you construct a complete firewall "
7004
7029
"without intimate knowledge of iptables. For the GUI-inclined:"
7005
7030
msgstr ""
7006
7031
7007
#: serverguide/C/security.xml:858(para)
7032
#: serverguide/C/security.xml:844(para)
7008
7033
msgid ""
7009
7034
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7010
7035
"and will look familiar to an administrator who has used a commercial "
7011
7036
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7012
7037
msgstr ""
7013
7038
7014
#: serverguide/C/security.xml:864(para)
7039
#: serverguide/C/security.xml:850(para)
7015
7040
msgid ""
7016
7041
"If you prefer a command-line tool with plain-text configuration files:"
7017
7042
msgstr ""
7018
7043
7019
#: serverguide/C/security.xml:869(para)
7044
#: serverguide/C/security.xml:855(para)
7020
7045
msgid ""
7021
7046
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7022
7047
"powerful solution to help you configure an advanced firewall for any network."
7023
7048
msgstr ""
7024
7049
7025
#: serverguide/C/security.xml:880(para)
7050
#: serverguide/C/security.xml:866(para)
7026
7051
msgid ""
7027
7052
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7028
7053
"Firewall</ulink> wiki page contains information on the development of "
7029
7054
"<application>ufw</application>."
7030
7055
msgstr ""
7031
7056
7032
#: serverguide/C/security.xml:886(para)
7057
#: serverguide/C/security.xml:872(para)
7033
7058
msgid ""
7034
7059
"Also, the <application>ufw</application> manual page contains some very "
7035
7060
"useful information: <command>man ufw</command>."
7036
7061
msgstr ""
7037
7062
7038
#: serverguide/C/security.xml:891(para)
7063
#: serverguide/C/security.xml:877(para)
7039
7064
msgid ""
7040
7065
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7041
7066
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7042
7067
"on using <application>iptables</application>."
7043
7068
msgstr ""
7044
7069
7045
#: serverguide/C/security.xml:897(para)
7070
#: serverguide/C/security.xml:883(para)
7046
7071
msgid ""
7047
7072
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7048
7073
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7049
7074
msgstr ""
7050
7075
7051
#: serverguide/C/security.xml:903(para)
7076
#: serverguide/C/security.xml:889(para)
7052
7077
msgid ""
7053
7078
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7054
7079
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7055
7080
msgstr ""
7056
7081
7057
#: serverguide/C/security.xml:911(title)
7082
#: serverguide/C/security.xml:897(title)
7058
7083
msgid "AppArmor"
7059
7084
msgstr ""
7060
7085
7061
#: serverguide/C/security.xml:912(para)
7086
#: serverguide/C/security.xml:898(para)
7062
7087
msgid ""
7063
7088
"<application>AppArmor</application> is a Linux Security Module "
7064
7089
"implementation of name-based mandatory access controls. AppArmor confines "
7066
7091
"capabilities."
7067
7092
msgstr ""
7068
7093
7069
#: serverguide/C/security.xml:916(para)
7094
#: serverguide/C/security.xml:902(para)
7070
7095
msgid ""
7071
7096
"<application>AppArmor</application> is installed and loaded by default. It "
7072
7097
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7075
7100
"<application>apparmor-profiles</application> package."
7076
7101
msgstr ""
7077
7102
7078
#: serverguide/C/security.xml:921(para)
7103
#: serverguide/C/security.xml:907(para)
7079
7104
msgid ""
7080
7105
"To install the <application>apparmor-profiles</application> package from a "
7081
7106
"terminal prompt:"
7082
7107
msgstr ""
7083
7108
7084
#: serverguide/C/security.xml:925(command)
7109
#: serverguide/C/security.xml:911(command)
7085
7110
msgid "sudo apt-get install apparmor-profiles"
7086
7111
msgstr ""
7087
7112
7088
#: serverguide/C/security.xml:927(para)
7113
#: serverguide/C/security.xml:913(para)
7089
7114
msgid "AppArmor profiles have two modes of execution:"
7090
7115
msgstr ""
7091
7116
7092
#: serverguide/C/security.xml:932(para)
7117
#: serverguide/C/security.xml:918(para)
7093
7118
msgid ""
7094
7119
"Complaining/Learning: profile violations are permitted and logged. Useful "
7095
7120
"for testing and developing new profiles."
7096
7121
msgstr ""
7097
7122
7098
#: serverguide/C/security.xml:937(para)
7123
#: serverguide/C/security.xml:923(para)
7099
7124
msgid ""
7100
7125
"Enforced/Confined: enforces profile policy as well as logging the violation."
7101
7126
msgstr ""
7102
7127
7103
#: serverguide/C/security.xml:943(title)
7128
#: serverguide/C/security.xml:929(title)
7104
7129
msgid "Using AppArmor"
7105
7130
msgstr ""
7106
7131
7107
#: serverguide/C/security.xml:944(para)
7132
#: serverguide/C/security.xml:945(para)
7133
msgid ""
7134
"This section is plagued by a bug (<ulink "
7135
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7136
"#1304134</ulink>) and instructions will not work as advertised."
7137
msgstr ""
7138
7139
#: serverguide/C/security.xml:930(para)
7108
7140
msgid ""
7109
7141
"The <application>apparmor-utils</application> package contains command line "
7110
7142
"utilities that you can use to change the <application>AppArmor</application> "
7111
7143
"execution mode, find the status of a profile, create new profiles, etc."
7112
7144
msgstr ""
7113
7145
7114
#: serverguide/C/security.xml:950(para)
7146
#: serverguide/C/security.xml:936(para)
7115
7147
msgid ""
7116
7148
"<application>apparmor_status</application> is used to view the current "
7117
7149
"status of AppArmor profiles."
7118
7150
msgstr ""
7119
7151
7120
#: serverguide/C/security.xml:954(command)
7152
#: serverguide/C/security.xml:940(command)
7121
7153
msgid "sudo apparmor_status"
7122
7154
msgstr ""
7123
7155
7124
#: serverguide/C/security.xml:958(para)
7156
#: serverguide/C/security.xml:944(para)
7125
7157
msgid ""
7126
7158
"<application>aa-complain</application> places a profile into "
7127
7159
"<emphasis>complain</emphasis> mode."
7128
7160
msgstr ""
7129
7161
7130
#: serverguide/C/security.xml:962(command)
7162
#: serverguide/C/security.xml:948(command)
7131
7163
msgid "sudo aa-complain /path/to/bin"
7132
7164
msgstr ""
7133
7165
7134
#: serverguide/C/security.xml:966(para)
7166
#: serverguide/C/security.xml:952(para)
7135
7167
msgid ""
7136
7168
"<application>aa-enforce</application> places a profile into "
7137
7169
"<emphasis>enforce</emphasis> mode."
7138
7170
msgstr ""
7139
7171
7140
#: serverguide/C/security.xml:970(command)
7172
#: serverguide/C/security.xml:956(command)
7141
7173
msgid "sudo aa-enforce /path/to/bin"
7142
7174
msgstr ""
7143
7175
7144
#: serverguide/C/security.xml:974(para)
7176
#: serverguide/C/security.xml:960(para)
7145
7177
msgid ""
7146
7178
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7147
7179
"profiles are located. It can be used to manipulate the "
7148
7180
"<emphasis>mode</emphasis> of all profiles."
7149
7181
msgstr ""
7150
7182
7151
#: serverguide/C/security.xml:978(para)
7183
#: serverguide/C/security.xml:964(para)
7152
7184
msgid "Enter the following to place all profiles into complain mode:"
7153
7185
msgstr ""
7154
7186
7155
#: serverguide/C/security.xml:982(command)
7187
#: serverguide/C/security.xml:968(command)
7156
7188
msgid "sudo aa-complain /etc/apparmor.d/*"
7157
7189
msgstr ""
7158
7190
7159
#: serverguide/C/security.xml:984(para)
7191
#: serverguide/C/security.xml:970(para)
7160
7192
msgid "To place all profiles in enforce mode:"
7161
7193
msgstr ""
7162
7194
7163
#: serverguide/C/security.xml:988(command)
7195
#: serverguide/C/security.xml:974(command)
7164
7196
msgid "sudo aa-enforce /etc/apparmor.d/*"
7165
7197
msgstr ""
7166
7198
7167
#: serverguide/C/security.xml:992(para)
7199
#: serverguide/C/security.xml:978(para)
7168
7200
msgid ""
7169
7201
"<application>apparmor_parser</application> is used to load a profile into "
7170
7202
"the kernel. It can also be used to reload a currently loaded profile using "
7171
7203
"the <emphasis>-r</emphasis> option. To load a profile:"
7172
7204
msgstr ""
7173
7205
7174
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7206
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7175
7207
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7176
7208
msgstr ""
7177
7209
7178
#: serverguide/C/security.xml:999(para)
7210
#: serverguide/C/security.xml:985(para)
7179
7211
msgid "To reload a profile:"
7180
7212
msgstr ""
7181
7213
7182
#: serverguide/C/security.xml:1003(command)
7214
#: serverguide/C/security.xml:989(command)
7183
7215
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7184
7216
msgstr ""
7185
7217
7186
#: serverguide/C/security.xml:1007(para)
7218
#: serverguide/C/security.xml:1013(para)
7187
7219
msgid ""
7188
7220
"<filename>service apparmor</filename> can be used to "
7189
7221
"<emphasis>reload</emphasis> all profiles:"
7190
7222
msgstr ""
7191
7223
7192
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7224
#: serverguide/C/network-auth.xml:964(command)
7193
7225
msgid "sudo service apparmor reload"
7194
7226
msgstr ""
7195
7227
7196
#: serverguide/C/security.xml:1015(para)
7228
#: serverguide/C/security.xml:1001(para)
7197
7229
msgid ""
7198
7230
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7199
7231
"with the <application>apparmor_parser -R</application> option to "
7200
7232
"<emphasis>disable</emphasis> a profile."
7201
7233
msgstr ""
7202
7234
7203
#: serverguide/C/security.xml:1020(command)
7235
#: serverguide/C/security.xml:1006(command)
7204
7236
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7205
7237
msgstr ""
7206
7238
7207
#: serverguide/C/security.xml:1021(command)
7239
#: serverguide/C/security.xml:1007(command)
7208
7240
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7209
7241
msgstr ""
7210
7242
7211
#: serverguide/C/security.xml:1023(para)
7243
#: serverguide/C/security.xml:1009(para)
7212
7244
msgid ""
7213
7245
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7214
7246
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7215
7247
"load the profile using the <emphasis>-a</emphasis> option."
7216
7248
msgstr ""
7217
7249
7218
#: serverguide/C/security.xml:1028(command)
7250
#: serverguide/C/security.xml:1014(command)
7219
7251
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7220
7252
msgstr ""
7221
7253
7222
#: serverguide/C/security.xml:1033(para)
7254
#: serverguide/C/security.xml:1019(para)
7223
7255
msgid ""
7224
7256
"<application>AppArmor</application> can be disabled, and the kernel module "
7225
7257
"unloaded by entering the following:"
7226
7258
msgstr ""
7227
7259
7228
#: serverguide/C/security.xml:1037(command)
7260
#: serverguide/C/security.xml:1043(command)
7229
7261
msgid "sudo service apparmor stop"
7230
7262
msgstr ""
7231
7263
7232
#: serverguide/C/security.xml:1038(command)
7264
#: serverguide/C/security.xml:1024(command)
7233
7265
msgid "sudo update-rc.d -f apparmor remove"
7234
7266
msgstr ""
7235
7267
7236
#: serverguide/C/security.xml:1042(para)
7268
#: serverguide/C/security.xml:1028(para)
7237
7269
msgid "To re-enable <application>AppArmor</application> enter:"
7238
7270
msgstr ""
7239
7271
7240
#: serverguide/C/security.xml:1046(command)
7272
#: serverguide/C/security.xml:1052(command)
7241
7273
msgid "sudo service apparmor start"
7242
7274
msgstr ""
7243
7275
7244
#: serverguide/C/security.xml:1047(command)
7276
#: serverguide/C/security.xml:1033(command)
7245
7277
msgid "sudo update-rc.d apparmor defaults"
7246
7278
msgstr ""
7247
7279
7248
#: serverguide/C/security.xml:1052(para)
7280
#: serverguide/C/security.xml:1038(para)
7249
7281
msgid ""
7250
7282
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7251
7283
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7253
7285
"<application>ping</application> command use <filename>/bin/ping</filename>"
7254
7286
msgstr ""
7255
7287
7256
#: serverguide/C/security.xml:1060(title)
7288
#: serverguide/C/security.xml:1046(title)
7257
7289
msgid "Profiles"
7258
7290
msgstr ""
7259
7291
7260
#: serverguide/C/security.xml:1061(para)
7292
#: serverguide/C/security.xml:1047(para)
7261
7293
msgid ""
7262
7294
"<application>AppArmor</application> profiles are simple text files located "
7263
7295
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7266
7298
"profile for the <filename>/bin/ping</filename> command."
7267
7299
msgstr ""
7268
7300
7269
#: serverguide/C/security.xml:1067(para)
7301
#: serverguide/C/security.xml:1053(para)
7270
7302
msgid "There are two main type of rules used in profiles:"
7271
7303
msgstr ""
7272
7304
7273
#: serverguide/C/security.xml:1072(para)
7305
#: serverguide/C/security.xml:1058(para)
7274
7306
msgid ""
7275
7307
"<emphasis>Path entries:</emphasis> which detail which files an application "
7276
7308
"can access in the file system."
7277
7309
msgstr ""
7278
7310
7279
#: serverguide/C/security.xml:1077(para)
7311
#: serverguide/C/security.xml:1063(para)
7280
7312
msgid ""
7281
7313
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7282
7314
"confined process is allowed to use."
7283
7315
msgstr ""
7284
7316
7285
#: serverguide/C/security.xml:1082(para)
7317
#: serverguide/C/security.xml:1068(para)
7286
7318
msgid ""
7287
7319
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7288
7320
msgstr ""
7289
7321
7290
#: serverguide/C/security.xml:1085(programlisting)
7322
#: serverguide/C/security.xml:1071(programlisting)
7291
7323
#, no-wrap
7292
7324
msgid ""
7293
7325
"\n"
7306
7338
"}\n"
7307
7339
msgstr ""
7308
7340
7309
#: serverguide/C/security.xml:1102(para)
7341
#: serverguide/C/security.xml:1088(para)
7310
7342
msgid ""
7311
7343
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7312
7344
"from other files. This allows statements pertaining to multiple applications "
7313
7345
"to be placed in a common file."
7314
7346
msgstr ""
7315
7347
7316
#: serverguide/C/security.xml:1108(para)
7348
#: serverguide/C/security.xml:1094(para)
7317
7349
msgid ""
7318
7350
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7319
7351
"program, also setting the mode to <emphasis>complain</emphasis>."
7320
7352
msgstr ""
7321
7353
7322
#: serverguide/C/security.xml:1114(para)
7354
#: serverguide/C/security.xml:1100(para)
7323
7355
msgid ""
7324
7356
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7325
7357
"the CAP_NET_RAW Posix.1e capability."
7326
7358
msgstr ""
7327
7359
7328
#: serverguide/C/security.xml:1119(para)
7360
#: serverguide/C/security.xml:1105(para)
7329
7361
msgid ""
7330
7362
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7331
7363
"execute access to the file."
7332
7364
msgstr ""
7333
7365
7334
#: serverguide/C/security.xml:1125(para)
7366
#: serverguide/C/security.xml:1111(para)
7335
7367
msgid ""
7336
7368
"After editing a profile file the profile must be reloaded. See <xref "
7337
7369
"linkend=\"apparmor-usage\"/> for details."
7338
7370
msgstr ""
7339
7371
7340
#: serverguide/C/security.xml:1130(title)
7372
#: serverguide/C/security.xml:1116(title)
7341
7373
msgid "Creating a Profile"
7342
7374
msgstr ""
7343
7375
7344
#: serverguide/C/security.xml:1133(para)
7376
#: serverguide/C/security.xml:1119(para)
7345
7377
msgid ""
7346
7378
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7347
7379
"application should be exercised. The test plan should be divided into small "
7349
7381
"steps to follow."
7350
7382
msgstr ""
7351
7383
7352
#: serverguide/C/security.xml:1137(para)
7384
#: serverguide/C/security.xml:1123(para)
7353
7385
msgid "Some standard test cases are:"
7354
7386
msgstr ""
7355
7387
7356
#: serverguide/C/security.xml:1142(para)
7388
#: serverguide/C/security.xml:1128(para)
7357
7389
msgid "Starting the program."
7358
7390
msgstr ""
7359
7391
7360
#: serverguide/C/security.xml:1147(para)
7392
#: serverguide/C/security.xml:1133(para)
7361
7393
msgid "Stopping the program."
7362
7394
msgstr ""
7363
7395
7364
#: serverguide/C/security.xml:1152(para)
7396
#: serverguide/C/security.xml:1138(para)
7365
7397
msgid "Reloading the program."
7366
7398
msgstr ""
7367
7399
7368
#: serverguide/C/security.xml:1157(para)
7400
#: serverguide/C/security.xml:1143(para)
7369
7401
msgid "Testing all the commands supported by the init script."
7370
7402
msgstr ""
7371
7403
7372
#: serverguide/C/security.xml:1164(para)
7404
#: serverguide/C/security.xml:1150(para)
7373
7405
msgid ""
7374
7406
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7375
7407
"genprof</application> to generate a new profile. From a terminal:"
7376
7408
msgstr ""
7377
7409
7378
#: serverguide/C/security.xml:1169(command)
7410
#: serverguide/C/security.xml:1155(command)
7379
7411
msgid "sudo aa-genprof executable"
7380
7412
msgstr ""
7381
7413
7382
#: serverguide/C/security.xml:1171(para)
7414
#: serverguide/C/security.xml:1157(para)
7383
7415
msgid "For example:"
7384
7416
msgstr ""
7385
7417
7386
#: serverguide/C/security.xml:1175(command)
7418
#: serverguide/C/security.xml:1161(command)
7387
7419
msgid "sudo aa-genprof slapd"
7388
7420
msgstr ""
7389
7421
7390
#: serverguide/C/security.xml:1179(para)
7422
#: serverguide/C/security.xml:1165(para)
7391
7423
msgid ""
7392
7424
"To get your new profile included in the <application>apparmor-"
7393
7425
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7396
7428
"/ulink> package:"
7397
7429
msgstr ""
7398
7430
7399
#: serverguide/C/security.xml:1186(para)
7431
#: serverguide/C/security.xml:1172(para)
7400
7432
msgid "Include your test plan and test cases."
7401
7433
msgstr ""
7402
7434
7403
#: serverguide/C/security.xml:1191(para)
7435
#: serverguide/C/security.xml:1177(para)
7404
7436
msgid "Attach your new profile to the bug."
7405
7437
msgstr ""
7406
7438
7407
#: serverguide/C/security.xml:1200(title)
7439
#: serverguide/C/security.xml:1186(title)
7408
7440
msgid "Updating Profiles"
7409
7441
msgstr ""
7410
7442
7411
#: serverguide/C/security.xml:1201(para)
7443
#: serverguide/C/security.xml:1187(para)
7412
7444
msgid ""
7413
7445
"When the program is misbehaving, audit messages are sent to the log files. "
7414
7446
"The program <application>aa-logprof</application> can be used to scan log "
7416
7448
"and update the profiles. From a terminal:"
7417
7449
msgstr ""
7418
7450
7419
#: serverguide/C/security.xml:1206(command)
7451
#: serverguide/C/security.xml:1192(command)
7420
7452
msgid "sudo aa-logprof"
7421
7453
msgstr ""
7422
7454
7423
#: serverguide/C/security.xml:1214(para)
7455
#: serverguide/C/security.xml:1200(para)
7424
7456
msgid ""
7425
7457
"See the <ulink "
7426
7458
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7429
7461
"configuration options."
7430
7462
msgstr ""
7431
7463
7432
#: serverguide/C/security.xml:1221(para)
7464
#: serverguide/C/security.xml:1207(para)
7433
7465
msgid ""
7434
7466
"For details using AppArmor with other Ubuntu releases see the <ulink "
7435
7467
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7436
7468
"Wiki</ulink> page."
7437
7469
msgstr ""
7438
7470
7439
#: serverguide/C/security.xml:1229(para)
7471
#: serverguide/C/security.xml:1215(para)
7440
7472
msgid ""
7441
7473
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7442
7474
"AppArmor</ulink> page is another introduction to AppArmor."
7443
7475
msgstr ""
7444
7476
7445
#: serverguide/C/security.xml:1236(para)
7477
#: serverguide/C/security.xml:1222(para)
7446
7478
msgid ""
7447
7479
"A great place to ask for <application>AppArmor</application> assistance, and "
7448
7480
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7450
7482
"url=\"http://freenode.net\">freenode</ulink>."
7451
7483
msgstr ""
7452
7484
7453
#: serverguide/C/security.xml:1246(title)
7485
#: serverguide/C/security.xml:1232(title)
7454
7486
msgid "Certificates"
7455
7487
msgstr ""
7456
7488
7457
#: serverguide/C/security.xml:1247(para)
7489
#: serverguide/C/security.xml:1233(para)
7458
7490
msgid ""
7459
7491
"One of the most common forms of cryptography today is <emphasis>public-"
7460
7492
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7464
7496
"the private key."
7465
7497
msgstr ""
7466
7498
7467
#: serverguide/C/security.xml:1253(para)
7499
#: serverguide/C/security.xml:1239(para)
7468
7500
msgid ""
7469
7501
"A common use for public-key cryptography is encrypting application traffic "
7470
7502
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7473
7505
"encrypt traffic using a protocol that does not itself provide encryption."
7474
7506
msgstr ""
7475
7507
7476
#: serverguide/C/security.xml:1258(para)
7508
#: serverguide/C/security.xml:1244(para)
7477
7509
msgid ""
7478
7510
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7479
7511
"<emphasis>public key</emphasis> and other information about a server and the "
7483
7515
"certificate is accurate."
7484
7516
msgstr ""
7485
7517
7486
#: serverguide/C/security.xml:1265(title)
7518
#: serverguide/C/security.xml:1251(title)
7487
7519
msgid "Types of Certificates"
7488
7520
msgstr ""
7489
7521
7490
#: serverguide/C/security.xml:1266(para)
7522
#: serverguide/C/security.xml:1252(para)
7491
7523
msgid ""
7492
7524
"To set up a secure server using public-key cryptography, in most cases, you "
7493
7525
"send your certificate request (including your public key), proof of your "
7497
7529
"signed</emphasis> certificate."
7498
7530
msgstr ""
7499
7531
7500
#: serverguide/C/security.xml:1276(para)
7532
#: serverguide/C/security.xml:1262(para)
7501
7533
msgid ""
7502
7534
"Note, that self-signed certificates should not be used in most production "
7503
7535
"environments."
7504
7536
msgstr ""
7505
7537
7506
#: serverguide/C/security.xml:1280(para)
7538
#: serverguide/C/security.xml:1266(para)
7507
7539
msgid ""
7508
7540
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7509
7541
"capabilities that a self-signed certificate does not:"
7510
7542
msgstr ""
7511
7543
7512
#: serverguide/C/security.xml:1287(para)
7544
#: serverguide/C/security.xml:1273(para)
7513
7545
msgid ""
7514
7546
"Browsers (usually) automatically recognize the certificate and allow a "
7515
7547
"secure connection to be made without prompting the user."
7516
7548
msgstr ""
7517
7549
7518
#: serverguide/C/security.xml:1294(para)
7550
#: serverguide/C/security.xml:1280(para)
7519
7551
msgid ""
7520
7552
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7521
7553
"the organization that is providing the web pages to the browser."
7522
7554
msgstr ""
7523
7555
7524
#: serverguide/C/security.xml:1302(para)
7556
#: serverguide/C/security.xml:1308(para)
7525
7557
msgid ""
7526
7558
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
7527
7559
"certificates they automatically accept. If a browser encounters a "
7530
7562
"may generate an error message when using a self-signed certificate."
7531
7563
msgstr ""
7532
7564
7533
#: serverguide/C/security.xml:1310(para)
7565
#: serverguide/C/security.xml:1296(para)
7534
7566
msgid ""
7535
7567
"The process of getting a certificate from a CA is fairly easy. A quick "
7536
7568
"overview is as follows:"
7537
7569
msgstr ""
7538
7570
7539
#: serverguide/C/security.xml:1317(para)
7571
#: serverguide/C/security.xml:1303(para)
7540
7572
msgid "Create a private and public encryption key pair."
7541
7573
msgstr ""
7542
7574
7543
#: serverguide/C/security.xml:1320(para)
7575
#: serverguide/C/security.xml:1306(para)
7544
7576
msgid ""
7545
7577
"Create a certificate request based on the public key. The certificate "
7546
7578
"request contains information about your server and the company hosting it."
7547
7579
msgstr ""
7548
7580
7549
#: serverguide/C/security.xml:1325(para)
7581
#: serverguide/C/security.xml:1311(para)
7550
7582
msgid ""
7551
7583
"Send the certificate request, along with documents proving your identity, to "
7552
7584
"a CA. We cannot tell you which certificate authority to choose. Your "
7554
7586
"your friends or colleagues, or purely on monetary factors."
7555
7587
msgstr ""
7556
7588
7557
#: serverguide/C/security.xml:1331(para)
7589
#: serverguide/C/security.xml:1317(para)
7558
7590
msgid ""
7559
7591
"Once you have decided upon a CA, you need to follow the instructions they "
7560
7592
"provide on how to obtain a certificate from them."
7561
7593
msgstr ""
7562
7594
7563
#: serverguide/C/security.xml:1336(para)
7595
#: serverguide/C/security.xml:1322(para)
7564
7596
msgid ""
7565
7597
"When the CA is satisfied that you are indeed who you claim to be, they send "
7566
7598
"you a digital certificate."
7567
7599
msgstr ""
7568
7600
7569
#: serverguide/C/security.xml:1340(para)
7601
#: serverguide/C/security.xml:1326(para)
7570
7602
msgid ""
7571
7603
"Install this certificate on your secure server, and configure the "
7572
7604
"appropriate applications to use the certificate."
7573
7605
msgstr ""
7574
7606
7575
#: serverguide/C/security.xml:1349(title)
7607
#: serverguide/C/security.xml:1335(title)
7576
7608
msgid "Generating a Certificate Signing Request (CSR)"
7577
7609
msgstr ""
7578
7610
7579
#: serverguide/C/security.xml:1351(para)
7611
#: serverguide/C/security.xml:1337(para)
7580
7612
msgid ""
7581
7613
"Whether you are getting a certificate from a CA or generating your own self-"
7582
7614
"signed certificate, the first step is to generate a key."
7583
7615
msgstr ""
7584
7616
7585
#: serverguide/C/security.xml:1356(para)
7617
#: serverguide/C/security.xml:1342(para)
7586
7618
msgid ""
7587
7619
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7588
7620
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7590
7622
"the preferred way to start a daemon."
7591
7623
msgstr ""
7592
7624
7593
#: serverguide/C/security.xml:1362(para)
7625
#: serverguide/C/security.xml:1348(para)
7594
7626
msgid ""
7595
7627
"This section will cover generating a key with a passphrase, and one without. "
7596
7628
"The non-passphrase key will then be used to generate a certificate that can "
7597
7629
"be used with various service daemons."
7598
7630
msgstr ""
7599
7631
7600
#: serverguide/C/security.xml:1368(para)
7632
#: serverguide/C/security.xml:1354(para)
7601
7633
msgid ""
7602
7634
"Running your secure service without a passphrase is convenient because you "
7603
7635
"will not need to enter the passphrase every time you start your secure "
7605
7637
"of the server as well."
7606
7638
msgstr ""
7607
7639
7608
#: serverguide/C/security.xml:1375(para)
7640
#: serverguide/C/security.xml:1361(para)
7609
7641
msgid ""
7610
7642
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7611
7643
"Request (CSR) run the following command from a terminal prompt:"
7612
7644
msgstr ""
7613
7645
7614
#: serverguide/C/security.xml:1381(command)
7646
#: serverguide/C/security.xml:1367(command)
7615
7647
msgid "openssl genrsa -des3 -out server.key 2048"
7616
7648
msgstr ""
7617
7649
7618
#: serverguide/C/security.xml:1384(programlisting)
7650
#: serverguide/C/security.xml:1370(programlisting)
7619
7651
#, no-wrap
7620
7652
msgid ""
7621
7653
"\n"
7626
7658
"Enter pass phrase for server.key:\n"
7627
7659
msgstr ""
7628
7660
7629
#: serverguide/C/security.xml:1392(para)
7661
#: serverguide/C/security.xml:1378(para)
7630
7662
msgid ""
7631
7663
"You can now enter your passphrase. For best security, it should at least "
7632
7664
"contain eight characters. The minimum length when specifying -des3 is four "
7634
7666
"in a dictionary. Also remember that your passphrase is case-sensitive."
7635
7667
msgstr ""
7636
7668
7637
#: serverguide/C/security.xml:1400(para)
7669
#: serverguide/C/security.xml:1386(para)
7638
7670
msgid ""
7639
7671
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7640
7672
"server key is generated and stored in the <filename>server.key</filename> "
7641
7673
"file."
7642
7674
msgstr ""
7643
7675
7644
#: serverguide/C/security.xml:1406(para)
7676
#: serverguide/C/security.xml:1392(para)
7645
7677
msgid ""
7646
7678
"Now create the insecure key, the one without a passphrase, and shuffle the "
7647
7679
"key names:"
7648
7680
msgstr ""
7649
7681
7650
#: serverguide/C/security.xml:1412(command)
7682
#: serverguide/C/security.xml:1398(command)
7651
7683
msgid "openssl rsa -in server.key -out server.key.insecure"
7652
7684
msgstr ""
7653
7685
7654
#: serverguide/C/security.xml:1413(command)
7686
#: serverguide/C/security.xml:1399(command)
7655
7687
msgid "mv server.key server.key.secure"
7656
7688
msgstr ""
7657
7689
7658
#: serverguide/C/security.xml:1414(command)
7690
#: serverguide/C/security.xml:1400(command)
7659
7691
msgid "mv server.key.insecure server.key"
7660
7692
msgstr ""
7661
7693
7662
#: serverguide/C/security.xml:1417(para)
7694
#: serverguide/C/security.xml:1403(para)
7663
7695
msgid ""
7664
7696
"The insecure key is now named <filename>server.key</filename>, and you can "
7665
7697
"use this file to generate the CSR without passphrase."
7666
7698
msgstr ""
7667
7699
7668
#: serverguide/C/security.xml:1422(para)
7700
#: serverguide/C/security.xml:1408(para)
7669
7701
msgid "To create the CSR, run the following command at a terminal prompt:"
7670
7702
msgstr ""
7671
7703
7672
#: serverguide/C/security.xml:1427(command)
7704
#: serverguide/C/security.xml:1413(command)
7673
7705
msgid "openssl req -new -key server.key -out server.csr"
7674
7706
msgstr ""
7675
7707
7676
#: serverguide/C/security.xml:1430(para)
7708
#: serverguide/C/security.xml:1416(para)
7677
7709
msgid ""
7678
7710
"It will prompt you enter the passphrase. If you enter the correct "
7679
7711
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7681
7713
"be stored in the <filename>server.csr</filename> file."
7682
7714
msgstr ""
7683
7715
7684
#: serverguide/C/security.xml:1438(para)
7716
#: serverguide/C/security.xml:1424(para)
7685
7717
msgid ""
7686
7718
"You can now submit this CSR file to a CA for processing. The CA will use "
7687
7719
"this CSR file and issue the certificate. On the other hand, you can create "
7688
7720
"self-signed certificate using this CSR."
7689
7721
msgstr ""
7690
7722
7691
#: serverguide/C/security.xml:1446(title)
7723
#: serverguide/C/security.xml:1432(title)
7692
7724
msgid "Creating a Self-Signed Certificate"
7693
7725
msgstr ""
7694
7726
7695
#: serverguide/C/security.xml:1447(para)
7727
#: serverguide/C/security.xml:1433(para)
7696
7728
msgid ""
7697
7729
"To create the self-signed certificate, run the following command at a "
7698
7730
"terminal prompt:"
7699
7731
msgstr ""
7700
7732
7701
#: serverguide/C/security.xml:1452(command)
7733
#: serverguide/C/security.xml:1438(command)
7702
7734
msgid ""
7703
7735
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7704
7736
"server.crt"
7705
7737
msgstr ""
7706
7738
7707
#: serverguide/C/security.xml:1455(para)
7739
#: serverguide/C/security.xml:1441(para)
7708
7740
msgid ""
7709
7741
"The above command will prompt you to enter the passphrase. Once you enter "
7710
7742
"the correct passphrase, your certificate will be created and it will be "
7711
7743
"stored in the <filename>server.crt</filename> file."
7712
7744
msgstr ""
7713
7745
7714
#: serverguide/C/security.xml:1460(para)
7746
#: serverguide/C/security.xml:1446(para)
7715
7747
msgid ""
7716
7748
"If your secure server is to be used in a production environment, you "
7717
7749
"probably need a CA-signed certificate. It is not recommended to use self-"
7718
7750
"signed certificate."
7719
7751
msgstr ""
7720
7752
7721
#: serverguide/C/security.xml:1468(title)
7753
#: serverguide/C/security.xml:1454(title)
7722
7754
msgid "Installing the Certificate"
7723
7755
msgstr ""
7724
7756
7725
#: serverguide/C/security.xml:1470(para)
7757
#: serverguide/C/security.xml:1456(para)
7726
7758
msgid ""
7727
7759
"You can install the key file <filename>server.key</filename> and certificate "
7728
7760
"file <filename>server.crt</filename>, or the certificate file issued by your "
7729
7761
"CA, by running following commands at a terminal prompt:"
7730
7762
msgstr ""
7731
7763
7732
#: serverguide/C/security.xml:1476(command)
7764
#: serverguide/C/security.xml:1462(command)
7733
7765
msgid "sudo cp server.crt /etc/ssl/certs"
7734
7766
msgstr ""
7735
7767
7736
#: serverguide/C/security.xml:1477(command)
7768
#: serverguide/C/security.xml:1463(command)
7737
7769
msgid "sudo cp server.key /etc/ssl/private"
7738
7770
msgstr ""
7739
7771
7740
#: serverguide/C/security.xml:1479(para)
7772
#: serverguide/C/security.xml:1465(para)
7741
7773
msgid ""
7742
7774
"Now simply configure any applications, with the ability to use public-key "
7743
7775
"cryptography, to use the <emphasis>certificate</emphasis> and "
7746
7778
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7747
7779
msgstr ""
7748
7780
7749
#: serverguide/C/security.xml:1486(title)
7781
#: serverguide/C/security.xml:1472(title)
7750
7782
msgid "Certification Authority"
7751
7783
msgstr ""
7752
7784
7753
#: serverguide/C/security.xml:1488(para)
7785
#: serverguide/C/security.xml:1474(para)
7754
7786
msgid ""
7755
7787
"If the services on your network require more than a few self-signed "
7756
7788
"certificates it may be worth the additional effort to setup your own "
7760
7792
"the same CA."
7761
7793
msgstr ""
7762
7794
7763
#: serverguide/C/security.xml:1498(para)
7795
#: serverguide/C/security.xml:1484(para)
7764
7796
msgid ""
7765
7797
"First, create the directories to hold the CA certificate and related files:"
7766
7798
msgstr ""
7767
7799
7768
#: serverguide/C/security.xml:1503(command)
7800
#: serverguide/C/security.xml:1489(command)
7769
7801
msgid "sudo mkdir /etc/ssl/CA"
7770
7802
msgstr ""
7771
7803
7772
#: serverguide/C/security.xml:1504(command)
7804
#: serverguide/C/security.xml:1490(command)
7773
7805
msgid "sudo mkdir /etc/ssl/newcerts"
7774
7806
msgstr ""
7775
7807
7776
#: serverguide/C/security.xml:1510(para)
7808
#: serverguide/C/security.xml:1496(para)
7777
7809
msgid ""
7778
7810
"The CA needs a few additional files to operate, one to keep track of the "
7779
7811
"last serial number used by the CA, each certificate must have a unique "
7781
7813
"issued:"
7782
7814
msgstr ""
7783
7815
7784
#: serverguide/C/security.xml:1517(command)
7816
#: serverguide/C/security.xml:1503(command)
7785
7817
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7786
7818
msgstr ""
7787
7819
7788
#: serverguide/C/security.xml:1518(command)
7820
#: serverguide/C/security.xml:1504(command)
7789
7821
msgid "sudo touch /etc/ssl/CA/index.txt"
7790
7822
msgstr ""
7791
7823
7792
#: serverguide/C/security.xml:1524(para)
7824
#: serverguide/C/security.xml:1510(para)
7793
7825
msgid ""
7794
7826
"The third file is a CA configuration file. Though not strictly necessary, it "
7795
7827
"is very convenient when issuing multiple certificates. Edit "
7797
7829
"]</emphasis> change:"
7798
7830
msgstr ""
7799
7831
7800
#: serverguide/C/security.xml:1530(programlisting)
7832
#: serverguide/C/security.xml:1516(programlisting)
7801
7833
#, no-wrap
7802
7834
msgid ""
7803
7835
"\n"
7808
7840
"private_key = $dir/private/cakey.pem# The private key\n"
7809
7841
msgstr ""
7810
7842
7811
#: serverguide/C/security.xml:1541(para)
7843
#: serverguide/C/security.xml:1547(para)
7812
7844
msgid "Next, create the self-signed root certificate:"
7813
7845
msgstr ""
7814
7846
7815
#: serverguide/C/security.xml:1546(command)
7847
#: serverguide/C/security.xml:1532(command)
7816
7848
msgid ""
7817
7849
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7818
7850
"days 3650"
7819
7851
msgstr ""
7820
7852
7821
#: serverguide/C/security.xml:1549(para)
7853
#: serverguide/C/security.xml:1535(para)
7822
7854
msgid "You will then be asked to enter the details about the certificate."
7823
7855
msgstr ""
7824
7856
7825
#: serverguide/C/security.xml:1556(para)
7857
#: serverguide/C/security.xml:1542(para)
7826
7858
msgid "Now install the root certificate and key:"
7827
7859
msgstr ""
7828
7860
7829
#: serverguide/C/security.xml:1561(command)
7861
#: serverguide/C/security.xml:1547(command)
7830
7862
msgid "sudo mv cakey.pem /etc/ssl/private/"
7831
7863
msgstr ""
7832
7864
7833
#: serverguide/C/security.xml:1562(command)
7865
#: serverguide/C/security.xml:1548(command)
7834
7866
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7835
7867
msgstr ""
7836
7868
7837
#: serverguide/C/security.xml:1568(para)
7869
#: serverguide/C/security.xml:1554(para)
7838
7870
msgid ""
7839
7871
"You are now ready to start signing certificates. The first item needed is a "
7840
7872
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7842
7874
"certificate signed by the CA:"
7843
7875
msgstr ""
7844
7876
7845
#: serverguide/C/security.xml:1575(command)
7877
#: serverguide/C/security.xml:1561(command)
7846
7878
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7847
7879
msgstr ""
7848
7880
7849
#: serverguide/C/security.xml:1578(para)
7881
#: serverguide/C/security.xml:1564(para)
7850
7882
msgid ""
7851
7883
"After entering the password for the CA key, you will be prompted to sign the "
7852
7884
"certificate, and again to commit the new certificate. You should then see a "
7853
7885
"somewhat large amount of output related to the certificate creation."
7854
7886
msgstr ""
7855
7887
7856
#: serverguide/C/security.xml:1587(para)
7888
#: serverguide/C/security.xml:1573(para)
7857
7889
msgid ""
7858
7890
"There should now be a new file, "
7859
7891
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7864
7896
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7865
7897
msgstr ""
7866
7898
7867
#: serverguide/C/security.xml:1595(para)
7899
#: serverguide/C/security.xml:1581(para)
7868
7900
msgid ""
7869
7901
"Subsequent certificates will be named <filename>02.pem</filename>, "
7870
7902
"<filename>03.pem</filename>, etc."
7871
7903
msgstr ""
7872
7904
7873
#: serverguide/C/security.xml:1600(para)
7905
#: serverguide/C/security.xml:1586(para)
7874
7906
msgid ""
7875
7907
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7876
7908
"name."
7877
7909
msgstr ""
7878
7910
7879
#: serverguide/C/security.xml:1608(para)
7911
#: serverguide/C/security.xml:1594(para)
7880
7912
msgid ""
7881
7913
"Finally, copy the new certificate to the host that needs it, and configure "
7882
7914
"the appropriate applications to use it. The default location to install "
7885
7917
"complicated file permissions."
7886
7918
msgstr ""
7887
7919
7888
#: serverguide/C/security.xml:1614(para)
7920
#: serverguide/C/security.xml:1600(para)
7889
7921
msgid ""
7890
7922
"For applications that can be configured to use a CA certificate, you should "
7891
7923
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7893
7925
"server."
7894
7926
msgstr ""
7895
7927
7896
#: serverguide/C/security.xml:1628(para)
7928
#: serverguide/C/security.xml:1614(para)
7897
7929
msgid ""
7898
7930
"For more detailed instructions on using cryptography see the <ulink "
7899
7931
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7900
"Certificates HOWTO</ulink> by tlpd.org"
7932
"Certificates HOWTO</ulink> by tldp.org"
7901
7933
msgstr ""
7902
7934
7903
#: serverguide/C/security.xml:1634(para)
7935
#: serverguide/C/security.xml:1620(para)
7904
7936
msgid ""
7905
7937
"The Wikipedia <ulink "
7906
7938
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7907
7939
"information regarding HTTPS."
7908
7940
msgstr ""
7909
7941
7910
#: serverguide/C/security.xml:1639(para)
7942
#: serverguide/C/security.xml:1625(para)
7911
7943
msgid ""
7912
7944
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7913
7945
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7914
7946
msgstr ""
7915
7947
7916
#: serverguide/C/security.xml:1644(para)
7948
#: serverguide/C/security.xml:1630(para)
7917
7949
msgid ""
7918
7950
"Also, O'Reilly's <ulink "
7919
7951
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7920
7952
"OpenSSL</ulink> is a good in depth reference."
7921
7953
msgstr ""
7922
7954
7923
#: serverguide/C/security.xml:1653(title)
7955
#: serverguide/C/security.xml:1639(title)
7924
7956
msgid "eCryptfs"
7925
7957
msgstr ""
7926
7958
7927
#: serverguide/C/security.xml:1655(para)
7959
#: serverguide/C/security.xml:1661(para)
7928
7960
msgid ""
7929
7961
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
7930
7962
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
7932
7964
"filesystem, partition type, etc."
7933
7965
msgstr ""
7934
7966
7935
#: serverguide/C/security.xml:1661(para)
7967
#: serverguide/C/security.xml:1647(para)
7936
7968
msgid ""
7937
7969
"During installation there is an option to encrypt the <filename "
7938
7970
"role=\"directory\">/home</filename> partition. This will automatically "
7939
7971
"configure everything needed to encrypt and mount the partition."
7940
7972
msgstr ""
7941
7973
7942
#: serverguide/C/security.xml:1666(para)
7974
#: serverguide/C/security.xml:1652(para)
7943
7975
msgid ""
7944
7976
"As an example, this section will cover configuring <filename "
7945
7977
"role=\"directory\">/srv</filename> to be encrypted using "
7946
7978
"<emphasis>eCryptfs</emphasis>."
7947
7979
msgstr ""
7948
7980
7949
#: serverguide/C/security.xml:1671(title)
7981
#: serverguide/C/security.xml:1657(title)
7950
7982
msgid "Using eCryptfs"
7951
7983
msgstr ""
7952
7984
7953
#: serverguide/C/security.xml:1673(para)
7985
#: serverguide/C/security.xml:1659(para)
7954
7986
msgid "First, install the necessary packages. From a terminal prompt enter:"
7955
7987
msgstr ""
7956
7988
7957
#: serverguide/C/security.xml:1678(command)
7989
#: serverguide/C/security.xml:1664(command)
7958
7990
msgid "sudo apt-get install ecryptfs-utils"
7959
7991
msgstr ""
7960
7992
7961
#: serverguide/C/security.xml:1681(para)
7993
#: serverguide/C/security.xml:1667(para)
7962
7994
msgid "Now mount the partition to be encrypted:"
7963
7995
msgstr ""
7964
7996
7965
#: serverguide/C/security.xml:1686(command)
7997
#: serverguide/C/security.xml:1672(command)
7966
7998
msgid "sudo mount -t ecryptfs /srv /srv"
7967
7999
msgstr ""
7968
8000
7969
#: serverguide/C/security.xml:1689(para)
8001
#: serverguide/C/security.xml:1675(para)
7970
8002
msgid ""
7971
8003
"You will then be prompted for some details on how "
7972
8004
"<application>ecryptfs</application> should encrypt the data."
7973
8005
msgstr ""
7974
8006
7975
#: serverguide/C/security.xml:1693(para)
8007
#: serverguide/C/security.xml:1679(para)
7976
8008
msgid ""
7977
8009
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
7978
8010
"copy the <filename>/etc/default</filename> folder to "
7979
8011
"<filename>/srv</filename>:"
7980
8012
msgstr ""
7981
8013
7982
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8014
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
7983
8015
msgid "sudo cp -r /etc/default /srv"
7984
8016
msgstr ""
7985
8017
7986
#: serverguide/C/security.xml:1702(para)
8018
#: serverguide/C/security.xml:1688(para)
7987
8019
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
7988
8020
msgstr ""
7989
8021
7990
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8022
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
7991
8023
msgid "sudo umount /srv"
7992
8024
msgstr ""
7993
8025
7994
#: serverguide/C/security.xml:1708(command)
8026
#: serverguide/C/security.xml:1694(command)
7995
8027
msgid "cat /srv/default/cron"
7996
8028
msgstr ""
7997
8029
7998
#: serverguide/C/security.xml:1711(para)
8030
#: serverguide/C/security.xml:1697(para)
7999
8031
msgid ""
8000
8032
"Remounting <filename>/srv</filename> using "
8001
8033
"<application>ecryptfs</application> will make the data viewable once again."
8002
8034
msgstr ""
8003
8035
8004
#: serverguide/C/security.xml:1717(title)
8036
#: serverguide/C/security.xml:1703(title)
8005
8037
msgid "Automatically Mounting Encrypted Partitions"
8006
8038
msgstr ""
8007
8039
8008
#: serverguide/C/security.xml:1719(para)
8040
#: serverguide/C/security.xml:1705(para)
8009
8041
msgid ""
8010
8042
"There are a couple of ways to automatically mount an "
8011
8043
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8013
8045
"mount options, along with a passphrase file residing on a USB key."
8014
8046
msgstr ""
8015
8047
8016
#: serverguide/C/security.xml:1725(para)
8048
#: serverguide/C/security.xml:1711(para)
8017
8049
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8018
8050
msgstr ""
8019
8051
8020
#: serverguide/C/security.xml:1729(programlisting)
8052
#: serverguide/C/security.xml:1715(programlisting)
8021
8053
#, no-wrap
8022
8054
msgid ""
8023
8055
"\n"
8029
8061
"ecryptfs_enable_filename_crypto=n\n"
8030
8062
msgstr ""
8031
8063
8032
#: serverguide/C/security.xml:1739(para)
8064
#: serverguide/C/security.xml:1725(para)
8033
8065
msgid ""
8034
8066
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8035
8067
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8036
8068
msgstr ""
8037
8069
8038
#: serverguide/C/security.xml:1744(para)
8070
#: serverguide/C/security.xml:1730(para)
8039
8071
msgid ""
8040
8072
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8041
8073
"file:"
8042
8074
msgstr ""
8043
8075
8044
#: serverguide/C/security.xml:1748(programlisting)
8076
#: serverguide/C/security.xml:1734(programlisting)
8045
8077
#, no-wrap
8046
8078
msgid ""
8047
8079
"\n"
8048
8080
"passphrase_passwd=[secrets]\n"
8049
8081
msgstr ""
8050
8082
8051
#: serverguide/C/security.xml:1752(para)
8083
#: serverguide/C/security.xml:1738(para)
8052
8084
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8053
8085
msgstr ""
8054
8086
8055
#: serverguide/C/security.xml:1756(programlisting)
8087
#: serverguide/C/security.xml:1742(programlisting)
8056
8088
#, no-wrap
8057
8089
msgid ""
8058
8090
"\n"
8060
8092
"/srv /srv ecryptfs defaults 0 0\n"
8061
8093
msgstr ""
8062
8094
8063
#: serverguide/C/security.xml:1761(para)
8095
#: serverguide/C/security.xml:1747(para)
8064
8096
msgid "Make sure the USB drive is mounted before the encrypted partition."
8065
8097
msgstr ""
8066
8098
8067
#: serverguide/C/security.xml:1765(para)
8099
#: serverguide/C/security.xml:1751(para)
8068
8100
msgid ""
8069
8101
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8070
8102
"<emphasis>eCryptfs</emphasis>."
8071
8103
msgstr ""
8072
8104
8073
#: serverguide/C/security.xml:1771(title)
8105
#: serverguide/C/security.xml:1757(title)
8074
8106
msgid "Other Utilities"
8075
8107
msgstr ""
8076
8108
8077
#: serverguide/C/security.xml:1773(para)
8109
#: serverguide/C/security.xml:1759(para)
8078
8110
msgid ""
8079
8111
"The <application>ecryptfs-utils</application> package includes several other "
8080
8112
"useful utilities:"
8081
8113
msgstr ""
8082
8114
8083
#: serverguide/C/security.xml:1779(para)
8115
#: serverguide/C/security.xml:1765(para)
8084
8116
msgid ""
8085
8117
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8086
8118
"<filename>~/Private</filename> directory to contain encrypted information. "
8088
8120
"other users on the system."
8089
8121
msgstr ""
8090
8122
8091
#: serverguide/C/security.xml:1786(para)
8123
#: serverguide/C/security.xml:1772(para)
8092
8124
msgid ""
8093
8125
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8094
8126
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8095
8127
"directory."
8096
8128
msgstr ""
8097
8129
8098
#: serverguide/C/security.xml:1792(para)
8130
#: serverguide/C/security.xml:1778(para)
8099
8131
msgid ""
8100
8132
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8101
8133
"kernel keyring."
8102
8134
msgstr ""
8103
8135
8104
#: serverguide/C/security.xml:1797(para)
8136
#: serverguide/C/security.xml:1783(para)
8105
8137
msgid ""
8106
8138
"<emphasis>ecryptfs-manager:</emphasis> manages "
8107
8139
"<application>eCryptfs</application> objects such as keys."
8108
8140
msgstr ""
8109
8141
8110
#: serverguide/C/security.xml:1802(para)
8142
#: serverguide/C/security.xml:1788(para)
8111
8143
msgid ""
8112
8144
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8113
8145
"<application>ecryptfs</application> meta information for a file."
8114
8146
msgstr ""
8115
8147
8116
#: serverguide/C/security.xml:1815(para)
8148
#: serverguide/C/security.xml:1801(para)
8117
8149
msgid ""
8118
8150
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8119
8151
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8120
8152
msgstr ""
8121
8153
8122
#: serverguide/C/security.xml:1820(para)
8154
#: serverguide/C/security.xml:1806(para)
8123
8155
msgid ""
8124
8156
"There is also a <ulink "
8125
8157
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8126
8158
"article covering <emphasis>eCryptfs</emphasis>."
8127
8159
msgstr ""
8128
8160
8129
#: serverguide/C/security.xml:1825(para)
8161
#: serverguide/C/security.xml:1831(para)
8130
8162
msgid ""
8131
"Also, for more <application>ecryptfs</application> options see the <ulink "
8163
"Also, for more <application>ecryptfs</application> options and details see "
8164
"the <ulink "
8132
8165
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man7/ecryptfs.7.html\">ec"
8133
8166
"ryptfs man page</ulink>."
8134
8167
msgstr ""
8135
8168
8136
#: serverguide/C/security.xml:1831(para)
8137
msgid ""
8138
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
8139
"Ubuntu Wiki</ulink> page also has more details."
8140
msgstr ""
8141
8142
8169
#: serverguide/C/samba.xml:11(title)
8143
8170
msgid "Samba"
8144
8171
msgstr ""
8145
8172
8146
#: serverguide/C/samba.xml:13(para)
8173
#: serverguide/C/windows-networking.xml:13(para)
8147
8174
msgid ""
8148
8175
"Computer networks are often comprised of diverse systems, and while "
8149
8176
"operating a network made up entirely of Ubuntu desktop and server computers "
8155
8182
"network resources with Windows computers."
8156
8183
msgstr ""
8157
8184
8158
#: serverguide/C/samba.xml:25(para)
8185
#: serverguide/C/windows-networking.xml:25(para)
8159
8186
msgid ""
8160
8187
"Successfully networking your Ubuntu system with Windows clients involves "
8161
8188
"providing and integrating with services common to Windows environments. Such "
8164
8191
"categories of functionality:"
8165
8192
msgstr ""
8166
8193
8167
#: serverguide/C/samba.xml:33(para)
8194
#: serverguide/C/windows-networking.xml:33(para)
8168
8195
msgid ""
8169
8196
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8170
8197
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8171
8198
"folders, volumes, and the sharing of printers throughout the network."
8172
8199
msgstr ""
8173
8200
8174
#: serverguide/C/samba.xml:39(para)
8201
#: serverguide/C/windows-networking.xml:39(para)
8175
8202
msgid ""
8176
8203
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8177
8204
"information about the computers and users of the network with such "
8179
8206
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
8180
8207
msgstr ""
8181
8208
8182
#: serverguide/C/samba.xml:46(para)
8209
#: serverguide/C/windows-networking.xml:46(para)
8183
8210
msgid ""
8184
8211
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8185
8212
"the identity of a computer or user of the network and determining the "
8188
8215
"Kerberos authentication service."
8189
8216
msgstr ""
8190
8217
8191
#: serverguide/C/samba.xml:54(para)
8218
#: serverguide/C/windows-networking.xml:54(para)
8192
8219
msgid ""
8193
8220
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8194
8221
"clients and share network resources among them. One of the principal pieces "
8196
8223
"suite of SMB server applications and tools."
8197
8224
msgstr ""
8198
8225
8199
#: serverguide/C/samba.xml:60(para)
8226
#: serverguide/C/windows-networking.xml:60(para)
8200
8227
msgid ""
8201
8228
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8202
8229
"of the common Samba use cases, and how to install and configure the "
8209
8236
msgid "File Server"
8210
8237
msgstr ""
8211
8238
8212
#: serverguide/C/samba.xml:70(para)
8239
#: serverguide/C/windows-networking.xml:70(para)
8213
8240
msgid ""
8214
8241
"One of the most common ways to network Ubuntu and Windows computers is to "
8215
8242
"configure Samba as a File Server. This section covers setting up a "
8216
8243
"<application>Samba</application> server to share files with Windows clients."
8217
8244
msgstr ""
8218
8245
8219
#: serverguide/C/samba.xml:75(para)
8246
#: serverguide/C/windows-networking.xml:75(para)
8220
8247
msgid ""
8221
8248
"The server will be configured to share files with any client on the network "
8222
8249
"without prompting for a password. If your environment requires stricter "
8223
8250
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
8224
8251
msgstr ""
8225
8252
8226
#: serverguide/C/samba.xml:83(para)
8253
#: serverguide/C/windows-networking.xml:83(para)
8227
8254
msgid ""
8228
8255
"The first step is to install the <application>samba</application> package. "
8229
8256
"From a terminal prompt enter:"
8230
8257
msgstr ""
8231
8258
8232
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8259
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8233
8260
msgid "sudo apt-get install samba"
8234
8261
msgstr ""
8235
8262
8236
#: serverguide/C/samba.xml:91(para)
8263
#: serverguide/C/windows-networking.xml:91(para)
8237
8264
msgid ""
8238
8265
"That's all there is to it; you are now ready to configure Samba to share "
8239
8266
"files."
8240
8267
msgstr ""
8241
8268
8242
#: serverguide/C/samba.xml:99(para)
8269
#: serverguide/C/windows-networking.xml:99(para)
8243
8270
msgid ""
8244
8271
"The main Samba configuration file is located in "
8245
8272
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8247
8274
"directives."
8248
8275
msgstr ""
8249
8276
8250
#: serverguide/C/samba.xml:104(para)
8277
#: serverguide/C/windows-networking.xml:104(para)
8251
8278
msgid ""
8252
8279
"Not all the available options are included in the default configuration "
8253
8280
"file. See the <filename>smb.conf</filename><application>man</application> "
8255
8282
"Collection/\">Samba HOWTO Collection</ulink> for more details."
8256
8283
msgstr ""
8257
8284
8258
#: serverguide/C/samba.xml:113(para)
8285
#: serverguide/C/windows-networking.xml:113(para)
8259
8286
msgid ""
8260
8287
"First, edit the following key/value pairs in the "
8261
8288
"<emphasis>[global]</emphasis> section of "
8262
8289
"<filename>/etc/samba/smb.conf</filename>:"
8263
8290
msgstr ""
8264
8291
8265
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8292
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8266
8293
#, no-wrap
8267
8294
msgid ""
8268
8295
"\n"
8271
8298
" security = user\n"
8272
8299
msgstr ""
8273
8300
8274
#: serverguide/C/samba.xml:124(para)
8301
#: serverguide/C/windows-networking.xml:124(para)
8275
8302
msgid ""
8276
8303
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8277
8304
"section, and is commented by default. Also, change "
8278
8305
"<emphasis>EXAMPLE</emphasis> to better match your environment."
8279
8306
msgstr ""
8280
8307
8281
#: serverguide/C/samba.xml:132(para)
8308
#: serverguide/C/windows-networking.xml:132(para)
8282
8309
msgid ""
8283
8310
"Create a new section at the bottom of the file, or uncomment one of the "
8284
8311
"examples, for the directory to be shared:"
8285
8312
msgstr ""
8286
8313
8287
#: serverguide/C/samba.xml:136(programlisting)
8314
#: serverguide/C/windows-networking.xml:136(programlisting)
8288
8315
#, no-wrap
8289
8316
msgid ""
8290
8317
"\n"
8297
8324
" create mask = 0755\n"
8298
8325
msgstr ""
8299
8326
8300
#: serverguide/C/samba.xml:148(para)
8327
#: serverguide/C/windows-networking.xml:148(para)
8301
8328
msgid ""
8302
8329
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8303
8330
"fit your needs."
8304
8331
msgstr ""
8305
8332
8306
#: serverguide/C/samba.xml:153(para)
8333
#: serverguide/C/windows-networking.xml:153(para)
8307
8334
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8308
8335
msgstr ""
8309
8336
8310
#: serverguide/C/samba.xml:156(para)
8337
#: serverguide/C/windows-networking.xml:156(para)
8311
8338
msgid ""
8312
8339
"This example uses <filename>/srv/samba/sharename</filename> because, "
8313
8340
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8318
8345
"adhering to standards is recommended."
8319
8346
msgstr ""
8320
8347
8321
#: serverguide/C/samba.xml:165(para)
8348
#: serverguide/C/windows-networking.xml:165(para)
8322
8349
msgid ""
8323
8350
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8324
8351
"directory using <application>Windows Explorer</application>."
8325
8352
msgstr ""
8326
8353
8327
#: serverguide/C/samba.xml:171(para)
8354
#: serverguide/C/windows-networking.xml:171(para)
8328
8355
msgid ""
8329
8356
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8330
8357
"without supplying a password."
8331
8358
msgstr ""
8332
8359
8333
#: serverguide/C/samba.xml:176(para)
8360
#: serverguide/C/windows-networking.xml:176(para)
8334
8361
msgid ""
8335
8362
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8336
8363
"write privileges are granted. Write privileges are allowed only when the "
8338
8365
"is <emphasis>yes</emphasis>, then access to the share is read only."
8339
8366
msgstr ""
8340
8367
8341
#: serverguide/C/samba.xml:181(para)
8368
#: serverguide/C/windows-networking.xml:181(para)
8342
8369
msgid ""
8343
8370
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8344
8371
"have when created."
8345
8372
msgstr ""
8346
8373
8347
#: serverguide/C/samba.xml:190(para)
8374
#: serverguide/C/windows-networking.xml:190(para)
8348
8375
msgid ""
8349
8376
"Now that <application>Samba</application> is configured, the directory needs "
8350
8377
"to be created and the permissions changed. From a terminal enter:"
8351
8378
msgstr ""
8352
8379
8353
#: serverguide/C/samba.xml:196(command)
8380
#: serverguide/C/windows-networking.xml:196(command)
8354
8381
msgid "sudo mkdir -p /srv/samba/share"
8355
8382
msgstr ""
8356
8383
8357
#: serverguide/C/samba.xml:197(command)
8358
msgid "sudo chown nobody.nogroup /srv/samba/share/"
8384
#: serverguide/C/windows-networking.xml:197(command)
8385
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8359
8386
msgstr ""
8360
8387
8361
#: serverguide/C/samba.xml:201(para)
8388
#: serverguide/C/windows-networking.xml:201(para)
8362
8389
msgid ""
8363
8390
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8364
8391
"directory tree if it doesn't exist."
8365
8392
msgstr ""
8366
8393
8367
#: serverguide/C/samba.xml:209(para)
8394
#: serverguide/C/windows-networking.xml:209(para)
8368
8395
msgid ""
8369
8396
"Finally, restart the <application>samba</application> services to enable the "
8370
8397
"new configuration:"
8371
8398
msgstr ""
8372
8399
8373
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2504(command)
8400
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8374
8401
msgid "sudo restart smbd"
8375
8402
msgstr ""
8376
8403
8377
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2505(command)
8404
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8378
8405
msgid "sudo restart nmbd"
8379
8406
msgstr ""
8380
8407
8381
#: serverguide/C/samba.xml:222(para)
8408
#: serverguide/C/windows-networking.xml:222(para)
8382
8409
msgid ""
8383
8410
"Once again, the above configuration gives all access to any client on the "
8384
8411
"local network. For a more secure configuration see <xref linkend=\"samba-"
8385
8412
"fileprint-security\"/>."
8386
8413
msgstr ""
8387
8414
8388
#: serverguide/C/samba.xml:228(para)
8415
#: serverguide/C/windows-networking.xml:228(para)
8389
8416
msgid ""
8390
8417
"From a Windows client you should now be able to browse to the Ubuntu file "
8391
8418
"server and see the shared directory. If your client doesn't show your share "
8394
8421
"working try creating a directory from Windows."
8395
8422
msgstr ""
8396
8423
8397
#: serverguide/C/samba.xml:232(para)
8424
#: serverguide/C/windows-networking.xml:232(para)
8398
8425
msgid ""
8399
8426
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8400
8427
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8402
8429
"share actually exists and the permissions are correct."
8403
8430
msgstr ""
8404
8431
8405
#: serverguide/C/samba.xml:239(para)
8432
#: serverguide/C/windows-networking.xml:239(para)
8406
8433
msgid ""
8407
8434
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8408
8435
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8412
8439
"<filename>/srv/samba/qa</filename>."
8413
8440
msgstr ""
8414
8441
8415
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8442
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8416
8443
msgid ""
8417
8444
"For in depth Samba configurations see the <ulink "
8418
8445
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8419
8446
"Collection</ulink>"
8420
8447
msgstr ""
8421
8448
8422
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8449
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8423
8450
msgid ""
8424
8451
"The guide is also available in <ulink "
8425
8452
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8426
8453
"format</ulink>."
8427
8454
msgstr ""
8428
8455
8429
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8456
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8430
8457
msgid ""
8431
8458
"O'Reilly's <ulink "
8432
8459
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8433
8460
"another good reference."
8434
8461
msgstr ""
8435
8462
8436
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8463
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8437
8464
msgid ""
8438
8465
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8439
8466
"</ulink> page."
8440
8467
msgstr ""
8441
8468
8442
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8469
#: serverguide/C/network-config.xml:908(para)
8443
8470
msgid "Print Server"
8444
8471
msgstr ""
8445
8472
8446
#: serverguide/C/samba.xml:281(para)
8473
#: serverguide/C/windows-networking.xml:281(para)
8447
8474
msgid ""
8448
8475
"Another common use of Samba is to configure it to share printers installed, "
8449
8476
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8452
8479
"prompting for a username and password."
8453
8480
msgstr ""
8454
8481
8455
#: serverguide/C/samba.xml:287(para)
8482
#: serverguide/C/windows-networking.xml:287(para)
8456
8483
msgid ""
8457
8484
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8458
8485
"security\"/>."
8459
8486
msgstr ""
8460
8487
8461
#: serverguide/C/samba.xml:294(para)
8488
#: serverguide/C/windows-networking.xml:294(para)
8462
8489
msgid ""
8463
8490
"Before installing and configuring Samba it is best to already have a working "
8464
8491
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8465
8492
"for details."
8466
8493
msgstr ""
8467
8494
8468
#: serverguide/C/samba.xml:299(para)
8495
#: serverguide/C/windows-networking.xml:299(para)
8469
8496
msgid ""
8470
8497
"To install the <application>samba</application> package, from a terminal "
8471
8498
"enter:"
8472
8499
msgstr ""
8473
8500
8474
#: serverguide/C/samba.xml:310(para)
8501
#: serverguide/C/windows-networking.xml:310(para)
8475
8502
msgid ""
8476
8503
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8477
8504
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8479
8506
"role=\"italic\">user</emphasis>:"
8480
8507
msgstr ""
8481
8508
8482
#: serverguide/C/samba.xml:322(para)
8509
#: serverguide/C/windows-networking.xml:322(para)
8483
8510
msgid ""
8484
8511
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8485
8512
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8486
8513
msgstr ""
8487
8514
8488
#: serverguide/C/samba.xml:326(programlisting)
8515
#: serverguide/C/windows-networking.xml:326(programlisting)
8489
8516
#, no-wrap
8490
8517
msgid ""
8491
8518
"\n"
8493
8520
" guest ok = yes\n"
8494
8521
msgstr ""
8495
8522
8496
#: serverguide/C/samba.xml:331(para)
8523
#: serverguide/C/windows-networking.xml:331(para)
8497
8524
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8498
8525
msgstr ""
8499
8526
8500
#: serverguide/C/samba.xml:340(para)
8527
#: serverguide/C/windows-networking.xml:340(para)
8501
8528
msgid ""
8502
8529
"The default Samba configuration will automatically share any printers "
8503
8530
"installed. Simply install the printer locally on your Windows clients."
8504
8531
msgstr ""
8505
8532
8506
#: serverguide/C/samba.xml:369(para)
8533
#: serverguide/C/windows-networking.xml:369(para)
8507
8534
msgid ""
8508
8535
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8509
8536
"more information on configuring CUPS."
8513
8540
msgid "Securing File and Print Server"
8514
8541
msgstr ""
8515
8542
8516
#: serverguide/C/samba.xml:386(title)
8543
#: serverguide/C/windows-networking.xml:386(title)
8517
8544
msgid "Samba Security Modes"
8518
8545
msgstr ""
8519
8546
8520
#: serverguide/C/samba.xml:388(para)
8547
#: serverguide/C/windows-networking.xml:388(para)
8521
8548
msgid ""
8522
8549
"There are two security levels available to the Common Internet Filesystem "
8523
8550
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8526
8553
"security and one way to implement share-level:"
8527
8554
msgstr ""
8528
8555
8529
#: serverguide/C/samba.xml:397(para)
8556
#: serverguide/C/windows-networking.xml:397(para)
8530
8557
msgid ""
8531
8558
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8532
8559
"and password to connect to shares. Samba user accounts are separate from "
8534
8561
"will sync system users and passwords with the Samba user database."
8535
8562
msgstr ""
8536
8563
8537
#: serverguide/C/samba.xml:404(para)
8564
#: serverguide/C/windows-networking.xml:404(para)
8538
8565
msgid ""
8539
8566
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8540
8567
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8542
8569
"linkend=\"samba-dc\"/> for further information."
8543
8570
msgstr ""
8544
8571
8545
#: serverguide/C/samba.xml:411(para)
8572
#: serverguide/C/windows-networking.xml:411(para)
8546
8573
msgid ""
8547
8574
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8548
8575
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8549
8576
"integration\"/> for details."
8550
8577
msgstr ""
8551
8578
8552
#: serverguide/C/samba.xml:417(para)
8579
#: serverguide/C/windows-networking.xml:417(para)
8553
8580
msgid ""
8554
8581
"<emphasis>security = server:</emphasis> this mode is left over from before "
8555
8582
"Samba could become a member server, and due to some security issues should "
8558
8585
"of the Samba guide for more details."
8559
8586
msgstr ""
8560
8587
8561
#: serverguide/C/samba.xml:425(para)
8588
#: serverguide/C/windows-networking.xml:425(para)
8562
8589
msgid ""
8563
8590
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8564
8591
"without supplying a username and password."
8565
8592
msgstr ""
8566
8593
8567
#: serverguide/C/samba.xml:432(para)
8594
#: serverguide/C/windows-networking.xml:432(para)
8568
8595
msgid ""
8569
8596
"The security mode you choose will depend on your environment and what you "
8570
8597
"need the Samba server to accomplish."
8571
8598
msgstr ""
8572
8599
8573
#: serverguide/C/samba.xml:438(title)
8600
#: serverguide/C/windows-networking.xml:438(title)
8574
8601
msgid "Security = User"
8575
8602
msgstr ""
8576
8603
8577
#: serverguide/C/samba.xml:440(para)
8604
#: serverguide/C/windows-networking.xml:440(para)
8578
8605
msgid ""
8579
8606
"This section will reconfigure the Samba file and print server, from <xref "
8580
8607
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8581
8608
"require authentication."
8582
8609
msgstr ""
8583
8610
8584
#: serverguide/C/samba.xml:445(para)
8611
#: serverguide/C/windows-networking.xml:445(para)
8585
8612
msgid ""
8586
8613
"First, install the <application>libpam-smbpass</application> package which "
8587
8614
"will sync the system users to the Samba user database:"
8588
8615
msgstr ""
8589
8616
8590
#: serverguide/C/samba.xml:451(command)
8617
#: serverguide/C/windows-networking.xml:451(command)
8591
8618
msgid "sudo apt-get install libpam-smbpass"
8592
8619
msgstr ""
8593
8620
8594
#: serverguide/C/samba.xml:455(para)
8621
#: serverguide/C/windows-networking.xml:455(para)
8595
8622
msgid ""
8596
8623
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8597
8624
"<application>libpam-smbpass</application> is already installed."
8598
8625
msgstr ""
8599
8626
8600
#: serverguide/C/samba.xml:461(para)
8627
#: serverguide/C/windows-networking.xml:461(para)
8601
8628
msgid ""
8602
8629
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8603
8630
"<emphasis>[share]</emphasis> section change:"
8604
8631
msgstr ""
8605
8632
8606
#: serverguide/C/samba.xml:465(programlisting)
8633
#: serverguide/C/windows-networking.xml:465(programlisting)
8607
8634
#, no-wrap
8608
8635
msgid ""
8609
8636
"\n"
8610
8637
" guest ok = no\n"
8611
8638
msgstr ""
8612
8639
8613
#: serverguide/C/samba.xml:469(para)
8640
#: serverguide/C/windows-networking.xml:469(para)
8614
8641
msgid "Finally, restart Samba for the new settings to take effect:"
8615
8642
msgstr ""
8616
8643
8617
#: serverguide/C/samba.xml:478(para)
8644
#: serverguide/C/windows-networking.xml:478(para)
8618
8645
msgid ""
8619
8646
"Now when connecting to the shared directories or printers you should be "
8620
8647
"prompted for a username and password."
8621
8648
msgstr ""
8622
8649
8623
#: serverguide/C/samba.xml:483(para)
8650
#: serverguide/C/windows-networking.xml:483(para)
8624
8651
msgid ""
8625
8652
"If you choose to map a network drive to the share you can check the "
8626
8653
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8627
8654
"enter the username and password once, at least until the password changes."
8628
8655
msgstr ""
8629
8656
8630
#: serverguide/C/samba.xml:491(title)
8657
#: serverguide/C/windows-networking.xml:491(title)
8631
8658
msgid "Share Security"
8632
8659
msgstr ""
8633
8660
8634
#: serverguide/C/samba.xml:493(para)
8661
#: serverguide/C/windows-networking.xml:493(para)
8635
8662
msgid ""
8636
8663
"There are several options available to increase the security for each "
8637
8664
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8638
8665
"this section will cover some common options."
8639
8666
msgstr ""
8640
8667
8641
#: serverguide/C/samba.xml:499(title)
8668
#: serverguide/C/windows-networking.xml:499(title)
8642
8669
msgid "Groups"
8643
8670
msgstr ""
8644
8671
8645
#: serverguide/C/samba.xml:501(para)
8672
#: serverguide/C/windows-networking.xml:501(para)
8646
8673
msgid ""
8647
8674
"Groups define a collection of computers or users which have a common level "
8648
8675
"of access to particular network resources and offer a level of granularity "
8664
8691
"have only access to resources explicitly allowing the group they are part of."
8665
8692
msgstr ""
8666
8693
8667
#: serverguide/C/samba.xml:515(para)
8694
#: serverguide/C/windows-networking.xml:515(para)
8668
8695
msgid ""
8669
8696
"By default Samba looks for the local system groups defined in "
8670
8697
"<filename>/etc/group</filename> to determine which users belong to which "
8672
8699
"<xref linkend=\"adding-deleting-users\"/>."
8673
8700
msgstr ""
8674
8701
8675
#: serverguide/C/samba.xml:521(para)
8702
#: serverguide/C/windows-networking.xml:521(para)
8676
8703
msgid ""
8677
8704
"When defining groups in the Samba configuration file, "
8678
8705
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8683
8710
"role=\"bold\">@sysadmin</emphasis>."
8684
8711
msgstr ""
8685
8712
8686
#: serverguide/C/samba.xml:530(title)
8713
#: serverguide/C/windows-networking.xml:530(title)
8687
8714
msgid "File Permissions"
8688
8715
msgstr ""
8689
8716
8690
#: serverguide/C/samba.xml:532(para)
8717
#: serverguide/C/windows-networking.xml:532(para)
8691
8718
msgid ""
8692
8719
"File Permissions define the explicit rights a computer or user has to a "
8693
8720
"particular directory, file, or set of files. Such permissions may be defined "
8695
8722
"the explicit permissions of a defined file share."
8696
8723
msgstr ""
8697
8724
8698
#: serverguide/C/samba.xml:538(para)
8725
#: serverguide/C/windows-networking.xml:538(para)
8699
8726
msgid ""
8700
8727
"For example, if you have defined a Samba share called "
8701
8728
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8707
8734
"under the <emphasis>[share]</emphasis> entry:"
8708
8735
msgstr ""
8709
8736
8710
#: serverguide/C/samba.xml:547(programlisting)
8737
#: serverguide/C/windows-networking.xml:547(programlisting)
8711
8738
#, no-wrap
8712
8739
msgid ""
8713
8740
"\n"
8715
8742
" write list = @sysadmin, vincent\n"
8716
8743
msgstr ""
8717
8744
8718
#: serverguide/C/samba.xml:552(para)
8745
#: serverguide/C/windows-networking.xml:552(para)
8719
8746
msgid ""
8720
8747
"Another possible Samba permission is to declare "
8721
8748
"<emphasis>administrative</emphasis> permissions to a particular shared "
8724
8751
"administrative permissions to."
8725
8752
msgstr ""
8726
8753
8727
#: serverguide/C/samba.xml:558(para)
8754
#: serverguide/C/windows-networking.xml:558(para)
8728
8755
msgid ""
8729
8756
"For example, if you wanted to give the user <emphasis "
8730
8757
"role=\"italic\">melissa</emphasis> administrative permissions to the "
8733
8760
"under the <emphasis>[share]</emphasis> entry:"
8734
8761
msgstr ""
8735
8762
8736
#: serverguide/C/samba.xml:565(programlisting)
8763
#: serverguide/C/windows-networking.xml:565(programlisting)
8737
8764
#, no-wrap
8738
8765
msgid ""
8739
8766
"\n"
8740
8767
" admin users = melissa\n"
8741
8768
msgstr ""
8742
8769
8743
#: serverguide/C/samba.xml:569(para)
8770
#: serverguide/C/windows-networking.xml:569(para)
8744
8771
msgid ""
8745
8772
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
8746
8773
"the changes to take effect:"
8747
8774
msgstr ""
8748
8775
8749
#: serverguide/C/samba.xml:579(para)
8776
#: serverguide/C/windows-networking.xml:579(para)
8750
8777
msgid ""
8751
8778
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
8752
8779
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
8753
8780
"<emphasis role=\"italic\">security = share</emphasis>"
8754
8781
msgstr ""
8755
8782
8756
#: serverguide/C/samba.xml:585(para)
8783
#: serverguide/C/windows-networking.xml:585(para)
8757
8784
msgid ""
8758
8785
"Now that Samba has been configured to limit which groups have access to the "
8759
8786
"shared directory, the filesystem permissions need to be updated."
8760
8787
msgstr ""
8761
8788
8762
#: serverguide/C/samba.xml:590(para)
8789
#: serverguide/C/windows-networking.xml:590(para)
8763
8790
msgid ""
8764
8791
"Traditional Linux file permissions do not map well to Windows NT Access "
8765
8792
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
8768
8795
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
8769
8796
msgstr ""
8770
8797
8771
#: serverguide/C/samba.xml:597(programlisting)
8798
#: serverguide/C/windows-networking.xml:597(programlisting)
8772
8799
#, no-wrap
8773
8800
msgid ""
8774
8801
"\n"
8776
8803
"0 1\n"
8777
8804
msgstr ""
8778
8805
8779
#: serverguide/C/samba.xml:601(para)
8806
#: serverguide/C/windows-networking.xml:601(para)
8780
8807
msgid "Then remount the partition:"
8781
8808
msgstr ""
8782
8809
8783
#: serverguide/C/samba.xml:606(command)
8810
#: serverguide/C/windows-networking.xml:606(command)
8784
8811
msgid "sudo mount -v -o remount /srv"
8785
8812
msgstr ""
8786
8813
8787
#: serverguide/C/samba.xml:610(para)
8814
#: serverguide/C/windows-networking.xml:610(para)
8788
8815
msgid ""
8789
8816
"The above example assumes <filename>/srv</filename> on a separate partition. "
8790
8817
"If <filename>/srv</filename>, or wherever you have configured your share "
8792
8819
"required."
8793
8820
msgstr ""
8794
8821
8795
#: serverguide/C/samba.xml:617(para)
8822
#: serverguide/C/windows-networking.xml:617(para)
8796
8823
msgid ""
8797
8824
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
8798
8825
"group will be given read, write, and execute permissions to "
8801
8828
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
8802
8829
msgstr ""
8803
8830
8804
#: serverguide/C/samba.xml:625(command)
8831
#: serverguide/C/windows-networking.xml:625(command)
8805
8832
msgid "sudo chown -R melissa /srv/samba/share/"
8806
8833
msgstr ""
8807
8834
8808
#: serverguide/C/samba.xml:626(command)
8835
#: serverguide/C/windows-networking.xml:626(command)
8809
8836
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
8810
8837
msgstr ""
8811
8838
8812
#: serverguide/C/samba.xml:627(command)
8839
#: serverguide/C/windows-networking.xml:627(command)
8813
8840
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
8814
8841
msgstr ""
8815
8842
8816
#: serverguide/C/samba.xml:631(para)
8843
#: serverguide/C/windows-networking.xml:631(para)
8817
8844
msgid ""
8818
8845
"The <application>setfacl</application> command above gives "
8819
8846
"<emphasis>execute</emphasis> permissions to all files in the "
8821
8848
"want."
8822
8849
msgstr ""
8823
8850
8824
#: serverguide/C/samba.xml:637(para)
8851
#: serverguide/C/windows-networking.xml:637(para)
8825
8852
msgid ""
8826
8853
"Now from a Windows client you should notice the new file permissions are "
8827
8854
"implemented. See the <application>acl</application> and "
8829
8856
"ACLs."
8830
8857
msgstr ""
8831
8858
8832
#: serverguide/C/samba.xml:645(title)
8859
#: serverguide/C/windows-networking.xml:645(title)
8833
8860
msgid "Samba AppArmor Profile"
8834
8861
msgstr ""
8835
8862
8836
#: serverguide/C/samba.xml:647(para)
8863
#: serverguide/C/windows-networking.xml:647(para)
8837
8864
msgid ""
8838
8865
"Ubuntu comes with the <application>AppArmor</application> security module, "
8839
8866
"which provides mandatory access controls. The default AppArmor profile for "
8841
8868
"using AppArmor see <xref linkend=\"apparmor\"/>."
8842
8869
msgstr ""
8843
8870
8844
#: serverguide/C/samba.xml:653(para)
8871
#: serverguide/C/windows-networking.xml:653(para)
8845
8872
msgid ""
8846
8873
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
8847
8874
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
8849
8876
"package, from a terminal prompt enter:"
8850
8877
msgstr ""
8851
8878
8852
#: serverguide/C/samba.xml:660(command)
8879
#: serverguide/C/windows-networking.xml:660(command)
8853
8880
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
8854
8881
msgstr ""
8855
8882
8856
#: serverguide/C/samba.xml:664(para)
8883
#: serverguide/C/windows-networking.xml:664(para)
8857
8884
msgid "This package contains profiles for several other binaries."
8858
8885
msgstr ""
8859
8886
8860
#: serverguide/C/samba.xml:669(para)
8887
#: serverguide/C/windows-networking.xml:669(para)
8861
8888
msgid ""
8862
8889
"By default the profiles for <application>smbd</application> and "
8863
8890
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
8867
8894
"profile will need to be modified to reflect any directories that are shared."
8868
8895
msgstr ""
8869
8896
8870
#: serverguide/C/samba.xml:676(para)
8897
#: serverguide/C/windows-networking.xml:676(para)
8871
8898
msgid ""
8872
8899
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
8873
8900
"for <emphasis>[share]</emphasis> from the file server example:"
8874
8901
msgstr ""
8875
8902
8876
#: serverguide/C/samba.xml:681(programlisting)
8903
#: serverguide/C/windows-networking.xml:681(programlisting)
8877
8904
#, no-wrap
8878
8905
msgid ""
8879
8906
"\n"
8881
8908
" /srv/samba/share/** rwkix,\n"
8882
8909
msgstr ""
8883
8910
8884
#: serverguide/C/samba.xml:686(para)
8911
#: serverguide/C/windows-networking.xml:686(para)
8885
8912
msgid ""
8886
8913
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
8887
8914
msgstr ""
8888
8915
8889
#: serverguide/C/samba.xml:691(command)
8916
#: serverguide/C/windows-networking.xml:691(command)
8890
8917
msgid "sudo aa-enforce /usr/sbin/smbd"
8891
8918
msgstr ""
8892
8919
8893
#: serverguide/C/samba.xml:692(command)
8920
#: serverguide/C/windows-networking.xml:692(command)
8894
8921
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
8895
8922
msgstr ""
8896
8923
8897
#: serverguide/C/samba.xml:695(para)
8924
#: serverguide/C/windows-networking.xml:695(para)
8898
8925
msgid ""
8899
8926
"You should now be able to read, write, and execute files in the shared "
8900
8927
"directory as normal, and the <application>smbd</application> binary will "
8903
8930
"will be logged to <filename>/var/log/syslog</filename>."
8904
8931
msgstr ""
8905
8932
8906
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
8933
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
8907
8934
msgid ""
8908
8935
"O'Reilly's <ulink "
8909
8936
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8910
8937
"also a good reference."
8911
8938
msgstr ""
8912
8939
8913
#: serverguide/C/samba.xml:726(para)
8940
#: serverguide/C/windows-networking.xml:726(para)
8914
8941
msgid ""
8915
8942
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
8916
8943
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
8917
8944
"security."
8918
8945
msgstr ""
8919
8946
8920
#: serverguide/C/samba.xml:732(para)
8947
#: serverguide/C/windows-networking.xml:732(para)
8921
8948
msgid ""
8922
8949
"For more information on Samba and ACLs see the <ulink "
8923
8950
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
8928
8955
msgid "As a Domain Controller"
8929
8956
msgstr ""
8930
8957
8931
#: serverguide/C/samba.xml:750(para)
8958
#: serverguide/C/windows-networking.xml:750(para)
8932
8959
msgid ""
8933
8960
"Although it cannot act as an Active Directory Primary Domain Controller "
8934
8961
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
8937
8964
"backends to store the user information."
8938
8965
msgstr ""
8939
8966
8940
#: serverguide/C/samba.xml:757(title)
8967
#: serverguide/C/windows-networking.xml:757(title)
8941
8968
msgid "Primary Domain Controller"
8942
8969
msgstr ""
8943
8970
8944
#: serverguide/C/samba.xml:759(para)
8971
#: serverguide/C/windows-networking.xml:759(para)
8945
8972
msgid ""
8946
8973
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
8947
8974
"using the default smbpasswd backend."
8948
8975
msgstr ""
8949
8976
8950
#: serverguide/C/samba.xml:766(para)
8977
#: serverguide/C/windows-networking.xml:766(para)
8951
8978
msgid ""
8952
8979
"First, install Samba, and <application>libpam-smbpass</application> to sync "
8953
8980
"the user accounts, by entering the following in a terminal prompt:"
8954
8981
msgstr ""
8955
8982
8956
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
8983
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
8957
8984
msgid "sudo apt-get install samba libpam-smbpass"
8958
8985
msgstr ""
8959
8986
8960
#: serverguide/C/samba.xml:778(para)
8987
#: serverguide/C/windows-networking.xml:778(para)
8961
8988
msgid ""
8962
8989
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
8963
8990
"The <emphasis>security</emphasis> mode should be set to <emphasis "
8965
8992
"should relate to your organization:"
8966
8993
msgstr ""
8967
8994
8968
#: serverguide/C/samba.xml:793(para)
8995
#: serverguide/C/windows-networking.xml:793(para)
8969
8996
msgid ""
8970
8997
"In the commented <quote>Domains</quote> section add or uncomment the "
8971
8998
"following (the last line has been split to fit the format of this document):"
8972
8999
msgstr ""
8973
9000
8974
#: serverguide/C/samba.xml:797(programlisting)
9001
#: serverguide/C/windows-networking.xml:797(programlisting)
8975
9002
#, no-wrap
8976
9003
msgid ""
8977
9004
"\n"
8984
9011
" /var/lib/samba -s /bin/false %u\n"
8985
9012
msgstr ""
8986
9013
8987
#: serverguide/C/samba.xml:808(para)
9014
#: serverguide/C/windows-networking.xml:808(para)
8988
9015
msgid ""
8989
9016
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
8990
9017
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
8991
9018
"commented."
8992
9019
msgstr ""
8993
9020
8994
#: serverguide/C/samba.xml:816(para)
9021
#: serverguide/C/windows-networking.xml:816(para)
8995
9022
msgid ""
8996
9023
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
8997
9024
"Samba to act as a domain controller."
8998
9025
msgstr ""
8999
9026
9000
#: serverguide/C/samba.xml:821(para)
9027
#: serverguide/C/windows-networking.xml:821(para)
9001
9028
msgid ""
9002
9029
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9003
9030
"their home directory. It is also possible to configure a "
9005
9032
"directory."
9006
9033
msgstr ""
9007
9034
9008
#: serverguide/C/samba.xml:827(para)
9035
#: serverguide/C/windows-networking.xml:827(para)
9009
9036
msgid ""
9010
9037
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9011
9038
msgstr ""
9012
9039
9013
#: serverguide/C/samba.xml:832(para)
9040
#: serverguide/C/windows-networking.xml:832(para)
9014
9041
msgid ""
9015
9042
"<emphasis>logon home:</emphasis> specifies the home directory location."
9016
9043
msgstr ""
9017
9044
9018
#: serverguide/C/samba.xml:837(para)
9045
#: serverguide/C/windows-networking.xml:837(para)
9019
9046
msgid ""
9020
9047
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9021
9048
"once a user has logged in. The script needs to be placed in the "
9022
9049
"<emphasis>[netlogon]</emphasis> share."
9023
9050
msgstr ""
9024
9051
9025
#: serverguide/C/samba.xml:843(para)
9052
#: serverguide/C/windows-networking.xml:843(para)
9026
9053
msgid ""
9027
9054
"<emphasis>add machine script:</emphasis> a script that will automatically "
9028
9055
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9029
9056
"workstation to join the domain."
9030
9057
msgstr ""
9031
9058
9032
#: serverguide/C/samba.xml:847(para)
9059
#: serverguide/C/windows-networking.xml:847(para)
9033
9060
msgid ""
9034
9061
"In this example the <emphasis>machines</emphasis> group will need to be "
9035
9062
"created using the <application>addgroup</application> utility see <xref "
9036
9063
"linkend=\"adding-deleting-users\"/> for details."
9037
9064
msgstr ""
9038
9065
9039
#: serverguide/C/samba.xml:858(para)
9066
#: serverguide/C/windows-networking.xml:858(para)
9040
9067
msgid ""
9041
9068
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9042
9069
"role=\"italic\">logon home</emphasis> to be mapped:"
9043
9070
msgstr ""
9044
9071
9045
#: serverguide/C/samba.xml:863(programlisting)
9072
#: serverguide/C/windows-networking.xml:863(programlisting)
9046
9073
#, no-wrap
9047
9074
msgid ""
9048
9075
"\n"
9055
9082
" valid users = %S\n"
9056
9083
msgstr ""
9057
9084
9058
#: serverguide/C/samba.xml:876(para)
9085
#: serverguide/C/windows-networking.xml:876(para)
9059
9086
msgid ""
9060
9087
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9061
9088
"share needs to be configured. To enable the share, uncomment:"
9062
9089
msgstr ""
9063
9090
9064
#: serverguide/C/samba.xml:881(programlisting)
9091
#: serverguide/C/windows-networking.xml:881(programlisting)
9065
9092
#, no-wrap
9066
9093
msgid ""
9067
9094
"\n"
9073
9100
" share modes = no\n"
9074
9101
msgstr ""
9075
9102
9076
#: serverguide/C/samba.xml:891(para)
9103
#: serverguide/C/windows-networking.xml:891(para)
9077
9104
msgid ""
9078
9105
"The original <emphasis>netlogon</emphasis> share path is "
9079
9106
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9082
9109
"location for site-specific data provided by the system."
9083
9110
msgstr ""
9084
9111
9085
#: serverguide/C/samba.xml:902(para)
9112
#: serverguide/C/windows-networking.xml:902(para)
9086
9113
msgid ""
9087
9114
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9088
9115
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9089
9116
msgstr ""
9090
9117
9091
#: serverguide/C/samba.xml:908(command)
9118
#: serverguide/C/windows-networking.xml:908(command)
9092
9119
msgid "sudo mkdir -p /srv/samba/netlogon"
9093
9120
msgstr ""
9094
9121
9095
#: serverguide/C/samba.xml:909(command)
9122
#: serverguide/C/windows-networking.xml:909(command)
9096
9123
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9097
9124
msgstr ""
9098
9125
9099
#: serverguide/C/samba.xml:912(para)
9126
#: serverguide/C/windows-networking.xml:912(para)
9100
9127
msgid ""
9101
9128
"You can enter any normal Windows logon script commands in "
9102
9129
"<filename>logon.cmd</filename> to customize the client's environment."
9103
9130
msgstr ""
9104
9131
9105
#: serverguide/C/samba.xml:920(para)
9132
#: serverguide/C/windows-networking.xml:920(para)
9106
9133
msgid "Restart Samba to enable the new domain controller:"
9107
9134
msgstr ""
9108
9135
9109
#: serverguide/C/samba.xml:932(para)
9136
#: serverguide/C/windows-networking.xml:932(para)
9110
9137
msgid ""
9111
9138
"Lastly, there are a few additional commands needed to setup the appropriate "
9112
9139
"rights."
9113
9140
msgstr ""
9114
9141
9115
#: serverguide/C/samba.xml:936(para)
9142
#: serverguide/C/windows-networking.xml:936(para)
9116
9143
msgid ""
9117
9144
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9118
9145
"workstation to the domain, a system group needs to be mapped to the Windows "
9120
9147
"<application>net</application> utility, from a terminal enter:"
9121
9148
msgstr ""
9122
9149
9123
#: serverguide/C/samba.xml:943(command)
9150
#: serverguide/C/windows-networking.xml:943(command)
9124
9151
msgid ""
9125
9152
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9126
9153
"type=d"
9127
9154
msgstr ""
9128
9155
9129
#: serverguide/C/samba.xml:947(para)
9156
#: serverguide/C/windows-networking.xml:947(para)
9130
9157
msgid ""
9131
9158
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9132
9159
"prefer. Also, the user used to join the domain needs to be a member of the "
9135
9162
"allows <application>sudo</application> use."
9136
9163
msgstr ""
9137
9164
9138
#: serverguide/C/samba.xml:953(para)
9165
#: serverguide/C/windows-networking.xml:953(para)
9139
9166
msgid ""
9140
9167
"If the user does not have Samba credentials yet, you can add them with the "
9141
9168
"<application>smbpasswd</application> utility, change the "
9144
9171
"</screen>"
9145
9172
msgstr ""
9146
9173
9147
#: serverguide/C/samba.xml:963(para)
9174
#: serverguide/C/windows-networking.xml:963(para)
9148
9175
msgid ""
9149
9176
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9150
9177
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9151
9178
"(and other admin functions) to work. This is achieved by executing:"
9152
9179
msgstr ""
9153
9180
9154
#: serverguide/C/samba.xml:968(command)
9181
#: serverguide/C/windows-networking.xml:968(command)
9155
9182
msgid ""
9156
9183
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9157
9184
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9158
9185
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9159
9186
msgstr ""
9160
9187
9161
#: serverguide/C/samba.xml:976(para)
9188
#: serverguide/C/windows-networking.xml:976(para)
9162
9189
msgid ""
9163
9190
"You should now be able to join Windows clients to the Domain in the same "
9164
9191
"manner as joining them to an NT4 domain running on a Windows server."
9165
9192
msgstr ""
9166
9193
9167
#: serverguide/C/samba.xml:986(title)
9194
#: serverguide/C/windows-networking.xml:986(title)
9168
9195
msgid "Backup Domain Controller"
9169
9196
msgstr ""
9170
9197
9171
#: serverguide/C/samba.xml:988(para)
9198
#: serverguide/C/windows-networking.xml:988(para)
9172
9199
msgid ""
9173
9200
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9174
9201
"Backup Domain Controller (BDC) as well. This will allow clients to "
9175
9202
"authenticate in case the PDC becomes unavailable."
9176
9203
msgstr ""
9177
9204
9178
#: serverguide/C/samba.xml:993(para)
9205
#: serverguide/C/windows-networking.xml:993(para)
9179
9206
msgid ""
9180
9207
"When configuring Samba as a BDC you need a way to sync account information "
9181
9208
"with the PDC. There are multiple ways of accomplishing this "
9184
9211
"backend</emphasis>."
9185
9212
msgstr ""
9186
9213
9187
#: serverguide/C/samba.xml:999(para)
9214
#: serverguide/C/windows-networking.xml:999(para)
9188
9215
msgid ""
9189
9216
"Using LDAP is the most robust way to sync account information, because both "
9190
9217
"domain controllers can use the same information in real time. However, "
9192
9219
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9193
9220
msgstr ""
9194
9221
9195
#: serverguide/C/samba.xml:1008(para)
9222
#: serverguide/C/windows-networking.xml:1008(para)
9196
9223
msgid ""
9197
9224
"First, install <application>samba</application> and <application>libpam-"
9198
9225
"smbpass</application>. From a terminal enter:"
9199
9226
msgstr ""
9200
9227
9201
#: serverguide/C/samba.xml:1019(para)
9228
#: serverguide/C/windows-networking.xml:1019(para)
9202
9229
msgid ""
9203
9230
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9204
9231
"following in the <emphasis>[global]</emphasis>:"
9205
9232
msgstr ""
9206
9233
9207
#: serverguide/C/samba.xml:1032(para)
9234
#: serverguide/C/windows-networking.xml:1032(para)
9208
9235
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9209
9236
msgstr ""
9210
9237
9211
#: serverguide/C/samba.xml:1036(programlisting)
9238
#: serverguide/C/windows-networking.xml:1036(programlisting)
9212
9239
#, no-wrap
9213
9240
msgid ""
9214
9241
"\n"
9216
9243
" domain master = no\n"
9217
9244
msgstr ""
9218
9245
9219
#: serverguide/C/samba.xml:1044(para)
9246
#: serverguide/C/windows-networking.xml:1044(para)
9220
9247
msgid ""
9221
9248
"Make sure a user has rights to read the files in "
9222
9249
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9224
9251
"files, enter:"
9225
9252
msgstr ""
9226
9253
9227
#: serverguide/C/samba.xml:1050(command)
9254
#: serverguide/C/windows-networking.xml:1050(command)
9228
9255
msgid "sudo chgrp -R admin /var/lib/samba"
9229
9256
msgstr ""
9230
9257
9231
#: serverguide/C/samba.xml:1056(para)
9258
#: serverguide/C/windows-networking.xml:1056(para)
9232
9259
msgid ""
9233
9260
"Next, sync the user accounts, using <application>scp</application> to copy "
9234
9261
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9235
9262
msgstr ""
9236
9263
9237
#: serverguide/C/samba.xml:1062(command)
9264
#: serverguide/C/windows-networking.xml:1062(command)
9238
9265
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9239
9266
msgstr ""
9240
9267
9241
#: serverguide/C/samba.xml:1066(para)
9268
#: serverguide/C/windows-networking.xml:1066(para)
9242
9269
msgid ""
9243
9270
"Replace <emphasis>username</emphasis> with a valid username and "
9244
9271
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9245
9272
msgstr ""
9246
9273
9247
#: serverguide/C/samba.xml:1075(para)
9274
#: serverguide/C/windows-networking.xml:1075(para)
9248
9275
msgid "Finally, restart <application>samba</application>:"
9249
9276
msgstr ""
9250
9277
9251
#: serverguide/C/samba.xml:1087(para)
9278
#: serverguide/C/windows-networking.xml:1087(para)
9252
9279
msgid ""
9253
9280
"You can test that your Backup Domain controller is working by stopping the "
9254
9281
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9255
9282
"the domain."
9256
9283
msgstr ""
9257
9284
9258
#: serverguide/C/samba.xml:1092(para)
9285
#: serverguide/C/windows-networking.xml:1092(para)
9259
9286
msgid ""
9260
9287
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9261
9288
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9264
9291
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9265
9292
msgstr ""
9266
9293
9267
#: serverguide/C/samba.xml:1122(para)
9294
#: serverguide/C/windows-networking.xml:1122(para)
9268
9295
msgid ""
9269
9296
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9270
9297
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9271
9298
"up a Primary Domain Controller."
9272
9299
msgstr ""
9273
9300
9274
#: serverguide/C/samba.xml:1128(para)
9301
#: serverguide/C/windows-networking.xml:1128(para)
9275
9302
msgid ""
9276
9303
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9277
9304
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9282
9309
msgid "Active Directory Integration"
9283
9310
msgstr ""
9284
9311
9285
#: serverguide/C/samba.xml:1146(title)
9312
#: serverguide/C/windows-networking.xml:1146(title)
9286
9313
msgid "Accessing a Samba Share"
9287
9314
msgstr ""
9288
9315
9289
#: serverguide/C/samba.xml:1148(para)
9316
#: serverguide/C/windows-networking.xml:1148(para)
9290
9317
msgid ""
9291
9318
"Another, use for Samba is to integrate into an existing Windows network. "
9292
9319
"Once part of an Active Directory domain, Samba can provide file and print "
9302
9329
"Likewise Open documentation</ulink>."
9303
9330
msgstr ""
9304
9331
9305
#: serverguide/C/samba.xml:1159(para)
9332
#: serverguide/C/windows-networking.xml:1159(para)
9306
9333
msgid ""
9307
9334
"Once part of the Active Directory domain, enter the following command in the "
9308
9335
"terminal prompt:"
9309
9336
msgstr ""
9310
9337
9311
#: serverguide/C/samba.xml:1164(command)
9338
#: serverguide/C/windows-networking.xml:1164(command)
9312
9339
msgid "sudo apt-get install samba smbfs smbclient"
9313
9340
msgstr ""
9314
9341
9315
#: serverguide/C/samba.xml:1167(para)
9342
#: serverguide/C/windows-networking.xml:1167(para)
9316
9343
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9317
9344
msgstr ""
9318
9345
9319
#: serverguide/C/samba.xml:1171(programlisting)
9346
#: serverguide/C/windows-networking.xml:1171(programlisting)
9320
9347
#, no-wrap
9321
9348
msgid ""
9322
9349
"\n"
9330
9357
" idmap gid = 50-9999999999\n"
9331
9358
msgstr ""
9332
9359
9333
#: serverguide/C/samba.xml:1182(para)
9360
#: serverguide/C/windows-networking.xml:1182(para)
9334
9361
msgid ""
9335
9362
"Restart <application>samba</application> for the new settings to take effect:"
9336
9363
msgstr ""
9337
9364
9338
#: serverguide/C/samba.xml:1191(para)
9365
#: serverguide/C/windows-networking.xml:1191(para)
9339
9366
msgid ""
9340
9367
"You should now be able to access any <application>Samba</application> shares "
9341
9368
"from a Windows client. However, be sure to give the appropriate AD users or "
9343
9370
"security\"/> for more details."
9344
9371
msgstr ""
9345
9372
9346
#: serverguide/C/samba.xml:1199(title)
9373
#: serverguide/C/windows-networking.xml:1199(title)
9347
9374
msgid "Accessing a Windows Share"
9348
9375
msgstr ""
9349
9376
9350
#: serverguide/C/samba.xml:1201(para)
9377
#: serverguide/C/windows-networking.xml:1201(para)
9351
9378
msgid ""
9352
9379
"Now that the Samba server is part of the Active Directory domain you can "
9353
9380
"access any Windows server shares:"
9354
9381
msgstr ""
9355
9382
9356
#: serverguide/C/samba.xml:1208(para)
9383
#: serverguide/C/windows-networking.xml:1208(para)
9357
9384
msgid ""
9358
9385
"To mount a Windows file share enter the following in a terminal prompt:"
9359
9386
msgstr ""
9360
9387
9361
#: serverguide/C/samba.xml:1212(command)
9388
#: serverguide/C/windows-networking.xml:1212(command)
9362
9389
msgid "mount.cifs //fs01.example.com/share mount_point"
9363
9390
msgstr ""
9364
9391
9365
#: serverguide/C/samba.xml:1215(para)
9392
#: serverguide/C/windows-networking.xml:1215(para)
9366
9393
msgid ""
9367
9394
"It is also possible to access shares on computers not part of an AD domain, "
9368
9395
"but a username and password will need to be provided."
9369
9396
msgstr ""
9370
9397
9371
#: serverguide/C/samba.xml:1223(para)
9398
#: serverguide/C/windows-networking.xml:1223(para)
9372
9399
msgid ""
9373
9400
"To mount the share during boot place an entry in "
9374
9401
"<filename>/etc/fstab</filename>, for example:"
9375
9402
msgstr ""
9376
9403
9377
#: serverguide/C/samba.xml:1227(programlisting)
9404
#: serverguide/C/windows-networking.xml:1227(programlisting)
9378
9405
#, no-wrap
9379
9406
msgid ""
9380
9407
"\n"
9382
9409
"0 0\n"
9383
9410
msgstr ""
9384
9411
9385
#: serverguide/C/samba.xml:1234(para)
9412
#: serverguide/C/windows-networking.xml:1234(para)
9386
9413
msgid ""
9387
9414
"Another way to copy files from a Windows server is to use the "
9388
9415
"<application>smbclient</application> utility. To list the files in a Windows "
9389
9416
"share:"
9390
9417
msgstr ""
9391
9418
9392
#: serverguide/C/samba.xml:1240(command)
9419
#: serverguide/C/windows-networking.xml:1240(command)
9393
9420
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9394
9421
msgstr ""
9395
9422
9396
#: serverguide/C/samba.xml:1246(para)
9423
#: serverguide/C/windows-networking.xml:1246(para)
9397
9424
msgid "To copy a file from the share, enter:"
9398
9425
msgstr ""
9399
9426
9400
#: serverguide/C/samba.xml:1251(command)
9427
#: serverguide/C/windows-networking.xml:1251(command)
9401
9428
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9402
9429
msgstr ""
9403
9430
9404
#: serverguide/C/samba.xml:1254(para)
9431
#: serverguide/C/windows-networking.xml:1254(para)
9405
9432
msgid ""
9406
9433
"This will copy the <filename>file.txt</filename> into the current directory."
9407
9434
msgstr ""
9408
9435
9409
#: serverguide/C/samba.xml:1261(para)
9436
#: serverguide/C/windows-networking.xml:1261(para)
9410
9437
msgid "And to copy a file to the share:"
9411
9438
msgstr ""
9412
9439
9413
#: serverguide/C/samba.xml:1266(command)
9440
#: serverguide/C/windows-networking.xml:1266(command)
9414
9441
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9415
9442
msgstr ""
9416
9443
9417
#: serverguide/C/samba.xml:1269(para)
9444
#: serverguide/C/windows-networking.xml:1269(para)
9418
9445
msgid ""
9419
9446
"This will copy the <filename>/etc/hosts</filename> to "
9420
9447
"<filename>//fs01.example.com/share/hosts</filename>."
9421
9448
msgstr ""
9422
9449
9423
#: serverguide/C/samba.xml:1276(para)
9450
#: serverguide/C/windows-networking.xml:1276(para)
9424
9451
msgid ""
9425
9452
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9426
9453
"<application>smbclient</application> command all at once. This is useful for "
9429
9456
"and directory commands, simply execute:"
9430
9457
msgstr ""
9431
9458
9432
#: serverguide/C/samba.xml:1283(command)
9459
#: serverguide/C/windows-networking.xml:1283(command)
9433
9460
msgid "smbclient //fs01.example.com/share -k"
9434
9461
msgstr ""
9435
9462
9436
#: serverguide/C/samba.xml:1290(para)
9463
#: serverguide/C/windows-networking.xml:1290(para)
9437
9464
msgid ""
9438
9465
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9439
9466
"<emphasis>//192.168.0.5/share</emphasis>, "
9780
9807
"<application>Zentyal</application>."
9781
9808
msgstr ""
9782
9809
9783
#: serverguide/C/remote-administration.xml:16(title)
9810
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
9784
9811
msgid "OpenSSH Server"
9785
9812
msgstr ""
9786
9813
9972
9999
msgstr ""
9973
10000
9974
10001
#: serverguide/C/remote-administration.xml:170(command)
9975
msgid "ssh-keygen -t dsa"
10002
msgid "ssh-keygen -t rsa"
9976
10003
msgstr ""
9977
10004
9978
10005
#: serverguide/C/remote-administration.xml:172(para)
9979
10006
msgid ""
9980
"This will generate the keys using the <emphasis>Digital Signature Algorithm "
9981
"(DSA)</emphasis> method. During the process you will be prompted for a "
9982
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
9983
"key."
10007
"This will generate the keys using the <emphasis>RSA Algorithm</emphasis>. "
10008
"During the process you will be prompted for a password. Simply hit "
10009
"<emphasis>Enter</emphasis> when prompted to create the key."
9984
10010
msgstr ""
9985
10011
9986
10012
#: serverguide/C/remote-administration.xml:176(para)
9987
10013
msgid ""
9988
10014
"By default the <emphasis>public</emphasis> key is saved in the file "
9989
"<filename>~/.ssh/id_dsa.pub</filename>, while "
9990
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
9991
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10015
"<filename>~/.ssh/id_rsa.pub</filename>, while "
10016
"<filename>~/.ssh/id_rsa</filename> is the <emphasis>private</emphasis> key. "
10017
"Now copy the <filename>id_rsa.pub</filename> file to the remote host and "
9992
10018
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
9993
10019
msgstr ""
9994
10020
10056
10082
msgid "Preconfiguration"
10057
10083
msgstr ""
10058
10084
10059
#: serverguide/C/remote-administration.xml:236(para)
10085
#: serverguide/C/remote-administration.xml:256(para)
10060
10086
msgid ""
10061
10087
"Prior to configuring <application>puppet</application> you may want to add a "
10062
10088
"DNS <emphasis>CNAME</emphasis> record for "
10067
10093
"linkend=\"dns\"/> for more DNS details."
10068
10094
msgstr ""
10069
10095
10070
#: serverguide/C/remote-administration.xml:243(para)
10096
#: serverguide/C/remote-administration.xml:263(para)
10071
10097
msgid ""
10072
10098
"If you do not wish to use DNS, you can add entries to the server and client "
10073
10099
"<filename>/etc/hosts</filename> file. For example, in the "
10083
10109
"192.168.1.17 puppetclient.example.com puppetclient\n"
10084
10110
msgstr ""
10085
10111
10086
#: serverguide/C/remote-administration.xml:253(para)
10112
#: serverguide/C/remote-administration.xml:273(para)
10087
10113
msgid ""
10088
10114
"On each <application>Puppet</application> client, add an entry for the "
10089
10115
"server:"
10096
10122
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10097
10123
msgstr ""
10098
10124
10099
#: serverguide/C/remote-administration.xml:262(para)
10125
#: serverguide/C/remote-administration.xml:282(para)
10100
10126
msgid ""
10101
10127
"Replace the example IP addresses and domain names above with your actual "
10102
10128
"server and client addresses and domain names."
10103
10129
msgstr ""
10104
10130
10105
#: serverguide/C/remote-administration.xml:271(para)
10131
#: serverguide/C/remote-administration.xml:236(para)
10106
10132
msgid ""
10107
10133
"To install <application>Puppet</application>, in a terminal on the "
10108
10134
"<emphasis>server</emphasis> enter:"
10109
10135
msgstr ""
10110
10136
10111
#: serverguide/C/remote-administration.xml:276(command)
10137
#: serverguide/C/remote-administration.xml:241(command)
10112
10138
msgid "sudo apt-get install puppetmaster"
10113
10139
msgstr ""
10114
10140
10115
#: serverguide/C/remote-administration.xml:279(para)
10141
#: serverguide/C/remote-administration.xml:244(para)
10116
10142
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10117
10143
msgstr ""
10118
10144
10119
#: serverguide/C/remote-administration.xml:284(command)
10145
#: serverguide/C/remote-administration.xml:249(command)
10120
10146
msgid "sudo apt-get install puppet"
10121
10147
msgstr ""
10122
10148
10173
10199
"<application>Puppet</application> client's host name."
10174
10200
msgstr ""
10175
10201
10176
#: serverguide/C/remote-administration.xml:337(para)
10202
#: serverguide/C/remote-administration.xml:323(para)
10177
10203
msgid ""
10178
10204
"The final step for this simple <application>Puppet</application> server is "
10179
10205
"to restart the daemon:"
10183
10209
msgid "sudo service puppetmaster restart"
10184
10210
msgstr ""
10185
10211
10186
#: serverguide/C/remote-administration.xml:345(para)
10212
#: serverguide/C/remote-administration.xml:331(para)
10187
10213
msgid ""
10188
10214
"Now everything is configured on the <application>Puppet</application> "
10189
10215
"server, it is time to configure the client."
10196
10222
"<emphasis>START</emphasis> to yes:"
10197
10223
msgstr ""
10198
10224
10199
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10225
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10200
10226
#, no-wrap
10201
10227
msgid ""
10202
10228
"\n"
10203
10229
"START=yes\n"
10204
10230
msgstr ""
10205
10231
10206
#: serverguide/C/remote-administration.xml:358(para)
10232
#: serverguide/C/remote-administration.xml:344(para)
10207
10233
msgid "Then start the service:"
10208
10234
msgstr ""
10209
10235
10258
10284
"<application>Puppet</application> client."
10259
10285
msgstr ""
10260
10286
10261
#: serverguide/C/remote-administration.xml:406(para)
10287
#: serverguide/C/remote-administration.xml:366(para)
10262
10288
msgid ""
10263
10289
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10264
10290
"many of <application>Puppet</application>'s features and benefits. For more "
10265
10291
"information see <xref linkend=\"puppet-resources\"/>."
10266
10292
msgstr ""
10267
10293
10268
#: serverguide/C/remote-administration.xml:418(para)
10294
#: serverguide/C/remote-administration.xml:378(para)
10269
10295
msgid ""
10270
10296
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10271
10297
"Documentation</ulink> web site."
10277
10303
"online repository of puppet modules."
10278
10304
msgstr ""
10279
10305
10280
#: serverguide/C/remote-administration.xml:428(para)
10306
#: serverguide/C/remote-administration.xml:383(para)
10281
10307
msgid ""
10282
10308
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10283
10309
"Puppet</ulink>."
10284
10310
msgstr ""
10285
10311
10286
#: serverguide/C/remote-administration.xml:437(title)
10312
#: serverguide/C/remote-administration.xml:397(title)
10287
10313
msgid "Zentyal"
10288
10314
msgstr ""
10289
10315
10290
#: serverguide/C/remote-administration.xml:439(para)
10316
#: serverguide/C/remote-administration.xml:399(para)
10291
10317
msgid ""
10292
10318
"<application>Zentyal</application> is a Linux small business server, that "
10293
10319
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10314
10340
"them."
10315
10341
msgstr ""
10316
10342
10317
#: serverguide/C/remote-administration.xml:467(para)
10343
#: serverguide/C/remote-administration.xml:427(para)
10318
10344
msgid ""
10319
10345
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10320
10346
"available are:"
10321
10347
msgstr ""
10322
10348
10323
#: serverguide/C/remote-administration.xml:474(para)
10349
#: serverguide/C/remote-administration.xml:434(para)
10324
10350
msgid ""
10325
10351
"zentyal-core & zentyal-common: the core of the "
10326
10352
"<application>Zentyal</application> interface and the common libraries of the "
10328
10354
"administrator an interface to view the logs and generate events from them."
10329
10355
msgstr ""
10330
10356
10331
#: serverguide/C/remote-administration.xml:483(para)
10357
#: serverguide/C/remote-administration.xml:443(para)
10332
10358
msgid ""
10333
10359
"zentyal-network: manages the configuration of the network. From the "
10334
10360
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10343
10369
"services (e.g. HTTP instead of 80/TCP)."
10344
10370
msgstr ""
10345
10371
10346
#: serverguide/C/remote-administration.xml:498(para)
10372
#: serverguide/C/remote-administration.xml:458(para)
10347
10373
msgid ""
10348
10374
"zentyal-firewall: configures the <application>iptables</application> rules "
10349
10375
"to block forbiden connections, NAT and port redirections."
10350
10376
msgstr ""
10351
10377
10352
#: serverguide/C/remote-administration.xml:504(para)
10378
#: serverguide/C/remote-administration.xml:464(para)
10353
10379
msgid ""
10354
10380
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10355
10381
"network clients to synchronize their clocks against the server."
10356
10382
msgstr ""
10357
10383
10358
#: serverguide/C/remote-administration.xml:510(para)
10384
#: serverguide/C/remote-administration.xml:470(para)
10359
10385
msgid ""
10360
10386
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10361
10387
"supporting network ranges, static leases and other advanced options like "
10362
10388
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10363
10389
msgstr ""
10364
10390
10365
#: serverguide/C/remote-administration.xml:517(para)
10391
#: serverguide/C/remote-administration.xml:477(para)
10366
10392
msgid ""
10367
10393
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10368
10394
"your server for caching local queries as a forwarder or as an authoritative "
10370
10396
"and SRV records."
10371
10397
msgstr ""
10372
10398
10373
#: serverguide/C/remote-administration.xml:525(para)
10399
#: serverguide/C/remote-administration.xml:485(para)
10374
10400
msgid ""
10375
10401
"zentyal-ca: integrates the management of a Certification Authority within "
10376
10402
"Zentyal so users can use certificates to authenticate against the services, "
10377
10403
"like with <application>OpenVPN</application>."
10378
10404
msgstr ""
10379
10405
10380
#: serverguide/C/remote-administration.xml:532(para)
10406
#: serverguide/C/remote-administration.xml:492(para)
10381
10407
msgid ""
10382
10408
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10383
10409
"<application>OpenVPN</application> with dynamic routing configuration using "
10384
10410
"<application>Quagga</application>."
10385
10411
msgstr ""
10386
10412
10387
#: serverguide/C/remote-administration.xml:539(para)
10413
#: serverguide/C/remote-administration.xml:499(para)
10388
10414
msgid ""
10389
10415
"zentyal-users: provides an interface to configure and manage users and "
10390
10416
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10393
10419
"<application>Microsoft Active Directory</application> domain."
10394
10420
msgstr ""
10395
10421
10396
#: serverguide/C/remote-administration.xml:549(para)
10422
#: serverguide/C/remote-administration.xml:509(para)
10397
10423
msgid ""
10398
10424
"zentyal-squid: configures <application>Squid</application> and "
10399
10425
"<application>Dansguardian</application> for speeding up browsing thanks to "
10400
10426
"the caching capabilities and content filtering."
10401
10427
msgstr ""
10402
10428
10403
#: serverguide/C/remote-administration.xml:556(para)
10429
#: serverguide/C/remote-administration.xml:516(para)
10404
10430
msgid ""
10405
10431
"zentyal-samba: allows <application>Samba</application> configuration and "
10406
10432
"integration with existing LDAP. From the same interface you can define "
10407
10433
"password policies, create shared resources and assign permissions."
10408
10434
msgstr ""
10409
10435
10410
#: serverguide/C/remote-administration.xml:564(para)
10436
#: serverguide/C/remote-administration.xml:524(para)
10411
10437
msgid ""
10412
10438
"zentyal-printers: integrates <application>CUPS</application> with "
10413
10439
"<application>Samba</application> and allows not only to configure the "
10414
10440
"printers but also give them permissions based on LDAP users and groups."
10415
10441
msgstr ""
10416
10442
10417
#: serverguide/C/remote-administration.xml:573(para)
10443
#: serverguide/C/remote-administration.xml:533(para)
10418
10444
msgid ""
10419
10445
"To install <application>Zentyal</application>, in a terminal on the "
10420
10446
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10421
10447
"the modules from the previous list):"
10422
10448
msgstr ""
10423
10449
10424
#: serverguide/C/remote-administration.xml:580(command)
10450
#: serverguide/C/remote-administration.xml:540(command)
10425
10451
msgid "sudo apt-get install <zentyal-module>"
10426
10452
msgstr ""
10427
10453
10428
#: serverguide/C/remote-administration.xml:584(para)
10454
#: serverguide/C/remote-administration.xml:544(para)
10429
10455
msgid ""
10430
10456
"<application>Zentyal</application> publishes one major stable release once a "
10431
10457
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10445
10471
"Personal Package Archive (PPA)</ulink>."
10446
10472
msgstr ""
10447
10473
10448
#: serverguide/C/remote-administration.xml:606(para)
10474
#: serverguide/C/remote-administration.xml:566(para)
10449
10475
msgid ""
10450
10476
"Not present on Ubuntu Universe repositories, but on <ulink "
10451
10477
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10452
10478
"find these other modules:"
10453
10479
msgstr ""
10454
10480
10455
#: serverguide/C/remote-administration.xml:613(para)
10481
#: serverguide/C/remote-administration.xml:573(para)
10456
10482
msgid ""
10457
10483
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10458
10484
"with other modules like the proxy, file sharing or mailfilter."
10459
10485
msgstr ""
10460
10486
10461
#: serverguide/C/remote-administration.xml:620(para)
10487
#: serverguide/C/remote-administration.xml:580(para)
10462
10488
msgid ""
10463
10489
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10464
10490
"a simple PBX with LDAP based authentication."
10465
10491
msgstr ""
10466
10492
10467
#: serverguide/C/remote-administration.xml:626(para)
10493
#: serverguide/C/remote-administration.xml:586(para)
10468
10494
msgid ""
10469
10495
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10470
10496
msgstr ""
10471
10497
10472
#: serverguide/C/remote-administration.xml:632(para)
10498
#: serverguide/C/remote-administration.xml:592(para)
10473
10499
msgid ""
10474
10500
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10475
10501
"LDAP users and groups."
10476
10502
msgstr ""
10477
10503
10478
#: serverguide/C/remote-administration.xml:638(para)
10504
#: serverguide/C/remote-administration.xml:598(para)
10479
10505
msgid ""
10480
10506
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10481
10507
"popular <application>duplicity</application> backup tool."
10482
10508
msgstr ""
10483
10509
10484
#: serverguide/C/remote-administration.xml:644(para)
10510
#: serverguide/C/remote-administration.xml:604(para)
10485
10511
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10486
10512
msgstr ""
10487
10513
10488
#: serverguide/C/remote-administration.xml:649(para)
10514
#: serverguide/C/remote-administration.xml:609(para)
10489
10515
msgid "zentyal-ids: integrates a network intrusion detection system."
10490
10516
msgstr ""
10491
10517
10492
#: serverguide/C/remote-administration.xml:654(para)
10518
#: serverguide/C/remote-administration.xml:614(para)
10493
10519
msgid ""
10494
10520
"zentyal-ipsec: allows to configure IPsec tunnels using "
10495
10521
"<application>OpenSwan</application>."
10496
10522
msgstr ""
10497
10523
10498
#: serverguide/C/remote-administration.xml:660(para)
10524
#: serverguide/C/remote-administration.xml:620(para)
10499
10525
msgid ""
10500
10526
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10501
10527
"with LDAP users and groups."
10502
10528
msgstr ""
10503
10529
10504
#: serverguide/C/remote-administration.xml:666(para)
10530
#: serverguide/C/remote-administration.xml:626(para)
10505
10531
msgid ""
10506
10532
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10507
10533
"solution."
10508
10534
msgstr ""
10509
10535
10510
#: serverguide/C/remote-administration.xml:672(para)
10536
#: serverguide/C/remote-administration.xml:632(para)
10511
10537
msgid ""
10512
10538
"zentyal-mail: a full mail stack including <application>Postfix "
10513
10539
"</application> and <application>Dovecot</application> with LDAP backend."
10514
10540
msgstr ""
10515
10541
10516
#: serverguide/C/remote-administration.xml:679(para)
10542
#: serverguide/C/remote-administration.xml:639(para)
10517
10543
msgid ""
10518
10544
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10519
10545
"stack to filter spam and attached virus."
10520
10546
msgstr ""
10521
10547
10522
#: serverguide/C/remote-administration.xml:685(para)
10548
#: serverguide/C/remote-administration.xml:645(para)
10523
10549
msgid ""
10524
10550
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10525
10551
"server performance and running services."
10526
10552
msgstr ""
10527
10553
10528
#: serverguide/C/remote-administration.xml:691(para)
10554
#: serverguide/C/remote-administration.xml:651(para)
10529
10555
msgid ""
10530
10556
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10531
10557
msgstr ""
10532
10558
10533
#: serverguide/C/remote-administration.xml:696(para)
10559
#: serverguide/C/remote-administration.xml:656(para)
10534
10560
msgid ""
10535
10561
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10536
10562
"users and groups."
10537
10563
msgstr ""
10538
10564
10539
#: serverguide/C/remote-administration.xml:702(para)
10565
#: serverguide/C/remote-administration.xml:662(para)
10540
10566
msgid ""
10541
10567
"zentyal-software: simple interface to manage installed "
10542
10568
"<application>Zentyal</application> modules and system updates."
10543
10569
msgstr ""
10544
10570
10545
#: serverguide/C/remote-administration.xml:708(para)
10571
#: serverguide/C/remote-administration.xml:668(para)
10546
10572
msgid ""
10547
10573
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10548
10574
"throttling and improve latency."
10549
10575
msgstr ""
10550
10576
10551
#: serverguide/C/remote-administration.xml:714(para)
10577
#: serverguide/C/remote-administration.xml:674(para)
10552
10578
msgid ""
10553
10579
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10554
10580
"web browser."
10555
10581
msgstr ""
10556
10582
10557
#: serverguide/C/remote-administration.xml:720(para)
10583
#: serverguide/C/remote-administration.xml:680(para)
10558
10584
msgid ""
10559
10585
"zentyal-virt: simple interface to create and manage virtual machines based "
10560
10586
"on <application>libvirt</application>."
10561
10587
msgstr ""
10562
10588
10563
#: serverguide/C/remote-administration.xml:726(para)
10589
#: serverguide/C/remote-administration.xml:686(para)
10564
10590
msgid ""
10565
10591
"zentyal-webmail: allows to access your mail using the popular "
10566
10592
"<application>Roundcube</application> webmail."
10567
10593
msgstr ""
10568
10594
10569
#: serverguide/C/remote-administration.xml:732(para)
10595
#: serverguide/C/remote-administration.xml:692(para)
10570
10596
msgid ""
10571
10597
"zentyal-webserver: configures <application>Apache</application> webserver to "
10572
10598
"host different sites on your machine."
10573
10599
msgstr ""
10574
10600
10575
#: serverguide/C/remote-administration.xml:738(para)
10601
#: serverguide/C/remote-administration.xml:698(para)
10576
10602
msgid ""
10577
10603
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10578
10604
"with <application>Zentyal</application> mail stack and LDAP."
10579
10605
msgstr ""
10580
10606
10581
#: serverguide/C/remote-administration.xml:750(title)
10607
#: serverguide/C/remote-administration.xml:710(title)
10582
10608
msgid "First steps"
10583
10609
msgstr ""
10584
10610
10585
#: serverguide/C/remote-administration.xml:752(para)
10611
#: serverguide/C/remote-administration.xml:712(para)
10586
10612
msgid ""
10587
10613
"Any system account belonging to the sudo group is allowed to log into "
10588
10614
"<application>Zentyal</application> web interface. If you are using the user "
10589
10615
"created during the installation, this should be in the sudo group by default."
10590
10616
msgstr ""
10591
10617
10592
#: serverguide/C/remote-administration.xml:760(para)
10618
#: serverguide/C/remote-administration.xml:720(para)
10593
10619
msgid "If you need to add another user to the sudo group, just execute:"
10594
10620
msgstr ""
10595
10621
10596
#: serverguide/C/remote-administration.xml:765(command)
10622
#: serverguide/C/remote-administration.xml:725(command)
10597
10623
msgid "sudo adduser username sudo"
10598
10624
msgstr ""
10599
10625
10600
#: serverguide/C/remote-administration.xml:769(para)
10626
#: serverguide/C/remote-administration.xml:729(para)
10601
10627
msgid ""
10602
10628
"To access <application>Zentyal</application> web interface, browse into "
10603
10629
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10605
10631
"exception on your browser."
10606
10632
msgstr ""
10607
10633
10608
#: serverguide/C/remote-administration.xml:776(para)
10634
#: serverguide/C/remote-administration.xml:736(para)
10609
10635
msgid ""
10610
10636
"Once logged in you will see the dashboard with an overview of your server. "
10611
10637
"To configure any of the features of your installed modules, go to the "
10619
10645
"files."
10620
10646
msgstr ""
10621
10647
10622
#: serverguide/C/remote-administration.xml:790(para)
10648
#: serverguide/C/remote-administration.xml:750(para)
10623
10649
msgid ""
10624
10650
"If you need to customize any configuration file or run certain actions "
10625
10651
"(scripts or commands) to configure features not available on "
10628
10654
"/etc/zentyal/hooks/<module>.<action>."
10629
10655
msgstr ""
10630
10656
10631
#: serverguide/C/remote-administration.xml:803(para)
10657
#: serverguide/C/remote-administration.xml:763(para)
10632
10658
msgid ""
10633
10659
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10634
10660
"</ulink> page."
10635
10661
msgstr ""
10636
10662
10637
#: serverguide/C/remote-administration.xml:807(para)
10663
#: serverguide/C/remote-administration.xml:767(para)
10638
10664
msgid ""
10639
10665
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10640
10666
"Community Documentation</ulink> page."
10641
10667
msgstr ""
10642
10668
10643
#: serverguide/C/remote-administration.xml:811(para)
10669
#: serverguide/C/remote-administration.xml:771(para)
10644
10670
msgid ""
10645
10671
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10646
10672
"</ulink> for community support, feedback, feature requests, etc."
11008
11034
"menu."
11009
11035
msgstr ""
11010
11036
11011
#: serverguide/C/package-management.xml:263(para)
11037
#: serverguide/C/package-management.xml:246(para)
11012
11038
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11013
11039
msgstr ""
11014
11040
11015
#: serverguide/C/package-management.xml:268(para)
11041
#: serverguide/C/package-management.xml:251(para)
11016
11042
msgid ""
11017
11043
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11018
11044
"configuration remains on system"
11019
11045
msgstr ""
11020
11046
11021
#: serverguide/C/package-management.xml:272(para)
11047
#: serverguide/C/package-management.xml:255(para)
11022
11048
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11023
11049
msgstr ""
11024
11050
11025
#: serverguide/C/package-management.xml:276(para)
11051
#: serverguide/C/package-management.xml:259(para)
11026
11052
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11027
11053
msgstr ""
11028
11054
11029
#: serverguide/C/package-management.xml:280(para)
11055
#: serverguide/C/package-management.xml:263(para)
11030
11056
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11031
11057
msgstr ""
11032
11058
11033
#: serverguide/C/package-management.xml:284(para)
11059
#: serverguide/C/package-management.xml:267(para)
11034
11060
msgid ""
11035
11061
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11036
11062
"configured"
11037
11063
msgstr ""
11038
11064
11039
#: serverguide/C/package-management.xml:288(para)
11065
#: serverguide/C/package-management.xml:271(para)
11040
11066
msgid ""
11041
11067
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11042
11068
"and requires fix"
11043
11069
msgstr ""
11044
11070
11045
#: serverguide/C/package-management.xml:292(para)
11071
#: serverguide/C/package-management.xml:275(para)
11046
11072
msgid ""
11047
11073
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11048
11074
"requires fix"
11049
11075
msgstr ""
11050
11076
11051
#: serverguide/C/package-management.xml:260(para)
11077
#: serverguide/C/package-management.xml:243(para)
11052
11078
msgid ""
11053
11079
"The first column of information displayed in the package list in the top "
11054
11080
"pane, when actually viewing packages lists the current state of the package, "
11056
11082
"<placeholder-1/>"
11057
11083
msgstr ""
11058
11084
11059
#: serverguide/C/package-management.xml:298(para)
11085
#: serverguide/C/package-management.xml:281(para)
11060
11086
msgid ""
11061
11087
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11062
11088
"wish to exit. Many other functions are available from the Aptitude menu by "
11063
11089
"pressing the <keycap>F10</keycap> key."
11064
11090
msgstr ""
11065
11091
11066
#: serverguide/C/package-management.xml:301(title)
11092
#: serverguide/C/package-management.xml:284(title)
11067
11093
msgid "Command Line Aptitude"
11068
11094
msgstr ""
11069
11095
11070
#: serverguide/C/package-management.xml:302(para)
11096
#: serverguide/C/package-management.xml:285(para)
11071
11097
msgid ""
11072
11098
"You can also use <application>Aptitude</application> as a command-line tool, "
11073
11099
"similar to <application>apt-get</application>. To install the "
11081
11107
"of command line options for <application>Aptitude</application>."
11082
11108
msgstr ""
11083
11109
11084
#: serverguide/C/package-management.xml:315(title)
11110
#: serverguide/C/package-management.xml:298(title)
11085
11111
msgid "Automatic Updates"
11086
11112
msgstr ""
11087
11113
11088
#: serverguide/C/package-management.xml:317(para)
11114
#: serverguide/C/package-management.xml:300(para)
11089
11115
msgid ""
11090
11116
"The <application>unattended-upgrades</application> package can be used to "
11091
11117
"automatically install updated packages, and can be configured to update all "
11093
11119
"entering the following in a terminal:"
11094
11120
msgstr ""
11095
11121
11096
#: serverguide/C/package-management.xml:323(command)
11122
#: serverguide/C/package-management.xml:306(command)
11097
11123
msgid "sudo apt-get install unattended-upgrades"
11098
11124
msgstr ""
11099
11125
11100
#: serverguide/C/package-management.xml:326(para)
11126
#: serverguide/C/package-management.xml:309(para)
11101
11127
msgid ""
11102
11128
"To configure <application>unattended-upgrades</application>, edit "
11103
11129
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11114
11140
"};\n"
11115
11141
msgstr ""
11116
11142
11117
#: serverguide/C/package-management.xml:338(para)
11143
#: serverguide/C/package-management.xml:321(para)
11118
11144
msgid ""
11119
11145
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11120
11146
"will not be automatically updated. To blacklist a package, add it to the "
11121
11147
"list:"
11122
11148
msgstr ""
11123
11149
11124
#: serverguide/C/package-management.xml:343(programlisting)
11150
#: serverguide/C/package-management.xml:326(programlisting)
11125
11151
#, no-wrap
11126
11152
msgid ""
11127
11153
"\n"
11133
11159
"};\n"
11134
11160
msgstr ""
11135
11161
11136
#: serverguide/C/package-management.xml:353(para)
11162
#: serverguide/C/package-management.xml:336(para)
11137
11163
msgid ""
11138
11164
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11139
11165
"whatever follows \"//\" will not be evaluated."
11140
11166
msgstr ""
11141
11167
11142
#: serverguide/C/package-management.xml:358(para)
11168
#: serverguide/C/package-management.xml:341(para)
11143
11169
msgid ""
11144
11170
"To enable automatic updates, edit "
11145
11171
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11146
11172
"<application>apt</application> configuration options:"
11147
11173
msgstr ""
11148
11174
11149
#: serverguide/C/package-management.xml:362(programlisting)
11175
#: serverguide/C/package-management.xml:345(programlisting)
11150
11176
#, no-wrap
11151
11177
msgid ""
11152
11178
"\n"
11156
11182
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11157
11183
msgstr ""
11158
11184
11159
#: serverguide/C/package-management.xml:369(para)
11185
#: serverguide/C/package-management.xml:352(para)
11160
11186
msgid ""
11161
11187
"The above configuration updates the package list, downloads, and installs "
11162
11188
"available upgrades every day. The local download archive is cleaned every "
11163
11189
"week."
11164
11190
msgstr ""
11165
11191
11166
#: serverguide/C/package-management.xml:375(para)
11192
#: serverguide/C/package-management.xml:358(para)
11167
11193
msgid ""
11168
11194
"You can read more about <application>apt</application> Periodic "
11169
11195
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11170
11196
"header."
11171
11197
msgstr ""
11172
11198
11173
#: serverguide/C/package-management.xml:380(para)
11199
#: serverguide/C/package-management.xml:363(para)
11174
11200
msgid ""
11175
11201
"The results of <application>unattended-upgrades</application> will be logged "
11176
11202
"to <filename>/var/log/unattended-upgrades</filename>."
11177
11203
msgstr ""
11178
11204
11179
#: serverguide/C/package-management.xml:385(title)
11205
#: serverguide/C/package-management.xml:368(title)
11180
11206
msgid "Notifications"
11181
11207
msgstr ""
11182
11208
11183
#: serverguide/C/package-management.xml:387(para)
11209
#: serverguide/C/package-management.xml:370(para)
11184
11210
msgid ""
11185
11211
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11186
11212
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11188
11214
"detailing any packages that need upgrading or have problems."
11189
11215
msgstr ""
11190
11216
11191
#: serverguide/C/package-management.xml:392(para)
11217
#: serverguide/C/package-management.xml:375(para)
11192
11218
msgid ""
11193
11219
"Another useful package is <application>apticron</application>. "
11194
11220
"<application>apticron</application> will configure a "
11197
11223
"summary of changes in each package."
11198
11224
msgstr ""
11199
11225
11200
#: serverguide/C/package-management.xml:398(para)
11226
#: serverguide/C/package-management.xml:381(para)
11201
11227
msgid ""
11202
11228
"To install the <application>apticron</application> package, in a terminal "
11203
11229
"enter:"
11204
11230
msgstr ""
11205
11231
11206
#: serverguide/C/package-management.xml:403(command)
11232
#: serverguide/C/package-management.xml:386(command)
11207
11233
msgid "sudo apt-get install apticron"
11208
11234
msgstr ""
11209
11235
11210
#: serverguide/C/package-management.xml:406(para)
11236
#: serverguide/C/package-management.xml:389(para)
11211
11237
msgid ""
11212
11238
"Once the package is installed edit "
11213
11239
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11214
11240
"and other options:"
11215
11241
msgstr ""
11216
11242
11217
#: serverguide/C/package-management.xml:410(programlisting)
11243
#: serverguide/C/package-management.xml:393(programlisting)
11218
11244
#, no-wrap
11219
11245
msgid ""
11220
11246
"\n"
11221
11247
"EMAIL=\"root@example.com\"\n"
11222
11248
msgstr ""
11223
11249
11224
#: serverguide/C/package-management.xml:419(para)
11250
#: serverguide/C/package-management.xml:402(para)
11225
11251
msgid ""
11226
11252
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11227
11253
"system repositories is stored in the "
11231
11257
"repository references from the file."
11232
11258
msgstr ""
11233
11259
11234
#: serverguide/C/package-management.xml:424(para)
11260
#: serverguide/C/package-management.xml:411(para)
11235
11261
msgid ""
11236
11262
"You may edit the file to enable repositories or disable them. For example, "
11237
11263
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11248
11274
"main restricted\n"
11249
11275
msgstr ""
11250
11276
11251
#: serverguide/C/package-management.xml:435(title)
11277
#: serverguide/C/package-management.xml:422(title)
11252
11278
msgid "Extra Repositories"
11253
11279
msgstr ""
11254
11280
11255
#: serverguide/C/package-management.xml:436(para)
11281
#: serverguide/C/package-management.xml:423(para)
11256
11282
msgid ""
11257
11283
"In addition to the officially supported package repositories available for "
11258
11284
"Ubuntu, there exist additional community-maintained repositories which add "
11263
11289
"which are safe for use with your Ubuntu computer."
11264
11290
msgstr ""
11265
11291
11266
#: serverguide/C/package-management.xml:439(para)
11292
#: serverguide/C/package-management.xml:426(para)
11267
11293
msgid ""
11268
11294
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11269
11295
"licensing issues that prevent them from being distributed with a free "
11270
11296
"operating system, and they may be illegal in your locality."
11271
11297
msgstr ""
11272
11298
11273
#: serverguide/C/package-management.xml:441(para)
11299
#: serverguide/C/package-management.xml:428(para)
11274
11300
msgid ""
11275
11301
"Be advised that neither the <emphasis>Universe</emphasis> or "
11276
11302
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11278
11304
"packages."
11279
11305
msgstr ""
11280
11306
11281
#: serverguide/C/package-management.xml:445(para)
11307
#: serverguide/C/package-management.xml:432(para)
11282
11308
msgid ""
11283
11309
"Many other package sources are available, sometimes even offering only one "
11284
11310
"package, as in the case of package sources provided by the developer of a "
11289
11315
"functional in some respects."
11290
11316
msgstr ""
11291
11317
11292
#: serverguide/C/package-management.xml:448(para)
11318
#: serverguide/C/package-management.xml:435(para)
11293
11319
msgid ""
11294
11320
"By default, the <emphasis>Universe</emphasis> and "
11295
11321
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11320
11346
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11321
11347
msgstr ""
11322
11348
11323
#: serverguide/C/package-management.xml:481(para)
11349
#: serverguide/C/package-management.xml:468(para)
11324
11350
msgid ""
11325
11351
"Most of the material covered in this chapter is available in "
11326
11352
"<application>man</application> pages, many of which are available online."
11327
11353
msgstr ""
11328
11354
11329
#: serverguide/C/package-management.xml:488(para)
11355
#: serverguide/C/package-management.xml:475(para)
11330
11356
msgid ""
11331
11357
"The <ulink "
11332
11358
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11356
11382
"ude man page</ulink> for more <application>aptitude</application> options."
11357
11383
msgstr ""
11358
11384
11359
#: serverguide/C/package-management.xml:512(para)
11385
#: serverguide/C/package-management.xml:499(para)
11360
11386
msgid ""
11361
11387
"The <ulink "
11362
11388
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11423
11449
"reboots (e.g.: after a kernel upgrade)."
11424
11450
msgstr ""
11425
11451
11426
#: serverguide/C/other-apps.xml:61(para)
11452
#: serverguide/C/other-apps.xml:44(para)
11427
11453
msgid ""
11428
11454
"<application>pam_motd</application> executes the scripts in "
11429
11455
"<filename>/etc/update-motd.d</filename> in order based on the number "
11432
11458
"concatenated with <filename>/etc/motd.tail</filename>."
11433
11459
msgstr ""
11434
11460
11435
#: serverguide/C/other-apps.xml:67(para)
11461
#: serverguide/C/other-apps.xml:50(para)
11436
11462
msgid ""
11437
11463
"You can add your own dynamic information to the MOTD. For example, to add "
11438
11464
"local weather information:"
11439
11465
msgstr ""
11440
11466
11441
#: serverguide/C/other-apps.xml:73(para)
11467
#: serverguide/C/other-apps.xml:56(para)
11442
11468
msgid "First, install the <application>weather-util</application> package:"
11443
11469
msgstr ""
11444
11470
11445
#: serverguide/C/other-apps.xml:78(command)
11471
#: serverguide/C/other-apps.xml:61(command)
11446
11472
msgid "sudo apt-get install weather-util"
11447
11473
msgstr ""
11448
11474
11449
#: serverguide/C/other-apps.xml:83(para)
11475
#: serverguide/C/other-apps.xml:66(para)
11450
11476
msgid ""
11451
11477
"The <application>weather</application> utility uses METAR data from the "
11452
11478
"National Oceanic and Atmospheric Administration and forecasts from the "
11456
11482
"Weather Service</ulink> site."
11457
11483
msgstr ""
11458
11484
11459
#: serverguide/C/other-apps.xml:90(para)
11485
#: serverguide/C/other-apps.xml:73(para)
11460
11486
msgid ""
11461
11487
"Although the National Weather Service is a United States government agency "
11462
11488
"there are weather stations available world wide. However, local weather "
11463
11489
"information for all locations outside the U.S. may not be available."
11464
11490
msgstr ""
11465
11491
11466
#: serverguide/C/other-apps.xml:96(para)
11492
#: serverguide/C/other-apps.xml:79(para)
11467
11493
msgid ""
11468
11494
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11469
11495
"script to use <application>weather</application> with your local ICAO "
11470
11496
"indicator:"
11471
11497
msgstr ""
11472
11498
11473
#: serverguide/C/other-apps.xml:101(programlisting)
11499
#: serverguide/C/other-apps.xml:84(programlisting)
11474
11500
#, no-wrap
11475
11501
msgid ""
11476
11502
"\n"
11490
11516
"\n"
11491
11517
msgstr ""
11492
11518
11493
#: serverguide/C/other-apps.xml:119(para)
11519
#: serverguide/C/other-apps.xml:102(para)
11494
11520
msgid "Make the script executable:"
11495
11521
msgstr ""
11496
11522
11497
#: serverguide/C/other-apps.xml:124(command)
11523
#: serverguide/C/other-apps.xml:107(command)
11498
11524
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11499
11525
msgstr ""
11500
11526
11501
#: serverguide/C/other-apps.xml:128(para)
11527
#: serverguide/C/other-apps.xml:111(para)
11502
11528
msgid ""
11503
11529
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11504
11530
"weather</filename>:"
11505
11531
msgstr ""
11506
11532
11507
#: serverguide/C/other-apps.xml:133(command)
11533
#: serverguide/C/other-apps.xml:116(command)
11508
11534
msgid ""
11509
11535
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11510
11536
msgstr ""
11511
11537
11512
#: serverguide/C/other-apps.xml:137(para)
11538
#: serverguide/C/other-apps.xml:120(para)
11513
11539
msgid "Finally, exit the server and re-login to view the new MOTD."
11514
11540
msgstr ""
11515
11541
11516
#: serverguide/C/other-apps.xml:143(para)
11542
#: serverguide/C/other-apps.xml:126(para)
11517
11543
msgid ""
11518
11544
"You should now be greeted with some useful information, and some information "
11519
11545
"about the local weather that may not be quite so useful. Hopefully the "
11521
11547
"flexibility of <application>pam_motd</application>."
11522
11548
msgstr ""
11523
11549
11524
#: serverguide/C/other-apps.xml:151(title)
11550
#: serverguide/C/other-apps.xml:156(para)
11551
msgid ""
11552
"See the <ulink "
11553
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11554
"motd.5.html\">update-motd man page</ulink> for more options available to "
11555
"<application>update-motd</application>."
11556
msgstr ""
11557
11558
#: serverguide/C/other-apps.xml:338(para)
11559
msgid ""
11560
"The Debian Package of the Day <ulink "
11561
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11562
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11563
"details about using the <application>weather</application>utility."
11564
msgstr ""
11565
11566
#: serverguide/C/other-apps.xml:134(title)
11525
11567
msgid "etckeeper"
11526
11568
msgstr ""
11527
11569
11528
#: serverguide/C/other-apps.xml:153(para)
11570
#: serverguide/C/other-apps.xml:180(para)
11529
11571
msgid ""
11530
11572
"<application>etckeeper</application> allows the contents of <filename "
11531
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11532
"System (VCS) repository. It hooks into <application>apt</application> to "
11533
"automatically commit changes to <filename>/etc</filename> when packages are "
11573
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
11574
"(VCS) repository. It integrates with <application>APT</application> and "
11575
"automatically commits changes to <filename>/etc</filename> when packages are "
11534
11576
"installed or upgraded. Placing <filename>/etc</filename> under version "
11535
11577
"control is considered an industry best practice, and the goal of "
11536
11578
"<application>etckeeper</application> is to make this process as painless as "
11537
11579
"possible."
11538
11580
msgstr ""
11539
11581
11540
#: serverguide/C/other-apps.xml:161(para)
11582
#: serverguide/C/other-apps.xml:144(para)
11541
11583
msgid ""
11542
11584
"Install <application>etckeeper</application> by entering the following in a "
11543
11585
"terminal:"
11544
11586
msgstr ""
11545
11587
11546
#: serverguide/C/other-apps.xml:166(command)
11588
#: serverguide/C/other-apps.xml:149(command)
11547
11589
msgid "sudo apt-get install etckeeper"
11548
11590
msgstr ""
11549
11591
11550
#: serverguide/C/other-apps.xml:169(para)
11592
#: serverguide/C/other-apps.xml:196(para)
11551
11593
msgid ""
11552
11594
"The main configuration file, "
11553
11595
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11554
"main option is which VCS to use. By default "
11596
"main option is which VCS to use and by default "
11555
11597
"<application>etckeeper</application> is configured to use "
11556
"<application>bzr</application> for version control. The repository is "
11557
"automatically initialized (and committed for the first time) during package "
11558
"installation. It is possible to undo this by entering the following command:"
11598
"<application>Bazaar</application>. The repository is automatically "
11599
"initialized (and committed for the first time) during package installation. "
11600
"It is possible to undo this by entering the following command:"
11559
11601
msgstr ""
11560
11602
11561
#: serverguide/C/other-apps.xml:179(command)
11603
#: serverguide/C/other-apps.xml:162(command)
11562
11604
msgid "sudo etckeeper uninit"
11563
11605
msgstr ""
11564
11606
11565
#: serverguide/C/other-apps.xml:182(para)
11607
#: serverguide/C/other-apps.xml:165(para)
11566
11608
msgid ""
11567
11609
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11568
11610
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11571
11613
"commit your changes manually, together with a commit message, using:"
11572
11614
msgstr ""
11573
11615
11574
#: serverguide/C/other-apps.xml:191(command)
11616
#: serverguide/C/other-apps.xml:174(command)
11575
11617
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11576
11618
msgstr ""
11577
11619
11578
#: serverguide/C/other-apps.xml:194(para)
11579
msgid ""
11580
"Using the VCS commands you can view log information about files in "
11581
"<filename>/etc</filename>:"
11620
#: serverguide/C/other-apps.xml:217(para)
11621
msgid "Using bzr's VCS commands you can view log information:"
11582
11622
msgstr ""
11583
11623
11584
#: serverguide/C/other-apps.xml:199(command)
11624
#: serverguide/C/other-apps.xml:182(command)
11585
11625
msgid "sudo bzr log /etc/passwd"
11586
11626
msgstr ""
11587
11627
11588
#: serverguide/C/other-apps.xml:202(para)
11628
#: serverguide/C/other-apps.xml:225(para)
11589
11629
msgid ""
11590
"To demonstrate the integration with the package management system, install "
11591
"<application>postfix</application>:"
11630
"To demonstrate the integration with the package management system (APT), "
11631
"install <application>postfix</application>:"
11592
11632
msgstr ""
11593
11633
11594
#: serverguide/C/other-apps.xml:207(command) serverguide/C/mail.xml:43(command)
11634
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11595
11635
msgid "sudo apt-get install postfix"
11596
11636
msgstr ""
11597
11637
11598
#: serverguide/C/other-apps.xml:210(para)
11638
#: serverguide/C/other-apps.xml:193(para)
11599
11639
msgid ""
11600
11640
"When the installation is finished, all the "
11601
11641
"<application>postfix</application> configuration files should be committed "
11602
11642
"to the repository:"
11603
11643
msgstr ""
11604
11644
11605
#: serverguide/C/other-apps.xml:216(computeroutput)
11645
#: serverguide/C/other-apps.xml:199(computeroutput)
11606
11646
#, no-wrap
11607
11647
msgid ""
11608
11648
"Committing to: /etc/\n"
11645
11685
"Committed revision 2."
11646
11686
msgstr ""
11647
11687
11648
#: serverguide/C/other-apps.xml:256(para)
11688
#: serverguide/C/other-apps.xml:239(para)
11649
11689
msgid ""
11650
11690
"For an example of how <application>etckeeper</application> tracks manual "
11651
11691
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11652
11692
"<application>bzr</application> you can see which files have been modified:"
11653
11693
msgstr ""
11654
11694
11655
#: serverguide/C/other-apps.xml:262(command)
11695
#: serverguide/C/other-apps.xml:245(command)
11656
11696
msgid "sudo bzr status /etc/"
11657
11697
msgstr ""
11658
11698
11659
#: serverguide/C/other-apps.xml:263(computeroutput)
11699
#: serverguide/C/other-apps.xml:246(computeroutput)
11660
11700
#, no-wrap
11661
11701
msgid ""
11662
11702
"modified:\n"
11663
11703
" hosts"
11664
11704
msgstr ""
11665
11705
11666
#: serverguide/C/other-apps.xml:267(para)
11706
#: serverguide/C/other-apps.xml:250(para)
11667
11707
msgid "Now commit the changes:"
11668
11708
msgstr ""
11669
11709
11670
#: serverguide/C/other-apps.xml:272(command)
11671
msgid "sudo etckeeper commit \"new host\""
11710
#: serverguide/C/other-apps.xml:295(command)
11711
msgid "sudo etckeeper commit \"added new host\""
11672
11712
msgstr ""
11673
11713
11674
#: serverguide/C/other-apps.xml:275(para)
11714
#: serverguide/C/other-apps.xml:258(para)
11675
11715
msgid ""
11676
11716
"For more information on <application>bzr</application> see <xref "
11677
11717
"linkend=\"bazaar\"/>."
11678
11718
msgstr ""
11679
11719
11680
#: serverguide/C/other-apps.xml:281(title)
11720
#: serverguide/C/other-apps.xml:345(para)
11721
msgid ""
11722
"See the <ulink "
11723
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11724
"more details on using <application>etckeeper</application>."
11725
msgstr ""
11726
11727
#: serverguide/C/other-apps.xml:351(para)
11728
msgid ""
11729
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11730
"Ubuntu Wiki</ulink> page."
11731
msgstr ""
11732
11733
#: serverguide/C/other-apps.xml:356(para)
11734
msgid ""
11735
"For the latest news and information about <application>bzr</application> see "
11736
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11737
msgstr ""
11738
11739
#: serverguide/C/other-apps.xml:264(title)
11681
11740
msgid "Byobu"
11682
11741
msgstr ""
11683
11742
11684
#: serverguide/C/other-apps.xml:283(para)
11685
msgid ""
11686
"One of the most useful applications for any system administrator is "
11687
"<application>screen</application>. It allows the execution of multiple "
11688
"shells in one terminal. To make some of the advanced "
11689
"<application>screen</application> features more user friendly, and provide "
11690
"some useful information about the system, the "
11691
"<application>byobu</application> package was created."
11692
msgstr ""
11693
11694
#: serverguide/C/other-apps.xml:290(para)
11695
msgid ""
11696
"When executing <application>byobu</application> pressing the "
11697
"<emphasis>F9</emphasis> key will bring up the "
11698
"<application>Configuration</application> menu. This menu will allow you to:"
11699
msgstr ""
11700
11701
#: serverguide/C/other-apps.xml:296(para)
11743
#: serverguide/C/other-apps.xml:337(para)
11744
msgid ""
11745
"One of the most useful applications for any system administrator is an xterm "
11746
"multiplexor such as <application>screen</application> or "
11747
"<application>tmux</application>. It allows for the execution of multiple "
11748
"shells in one terminal. To make some of the advanced multiplexor features "
11749
"more user-friendly and provide some useful information about the system, the "
11750
"<application>byobu</application> package was created. It acts as a wrapper "
11751
"to these programs. By default Byobu uses tmux (if installed) but this can be "
11752
"changed by the user."
11753
msgstr ""
11754
11755
#: serverguide/C/other-apps.xml:344(para)
11756
msgid "Invoke it simply with:"
11757
msgstr ""
11758
11759
#: serverguide/C/other-apps.xml:349(command)
11760
msgid "byobu"
11761
msgstr ""
11762
11763
#: serverguide/C/other-apps.xml:352(para)
11764
msgid ""
11765
"Now bring up the configuration menu. By default this is done by pressing the "
11766
"<emphasis>F9</emphasis> key. This will allow you to:"
11767
msgstr ""
11768
11769
#: serverguide/C/other-apps.xml:279(para)
11702
11770
msgid "View the Help menu"
11703
11771
msgstr ""
11704
11772
11705
#: serverguide/C/other-apps.xml:297(para)
11773
#: serverguide/C/other-apps.xml:280(para)
11706
11774
msgid "Change Byobu's background color"
11707
11775
msgstr ""
11708
11776
11709
#: serverguide/C/other-apps.xml:298(para)
11777
#: serverguide/C/other-apps.xml:281(para)
11710
11778
msgid "Change Byobu's foreground color"
11711
11779
msgstr ""
11712
11780
11713
#: serverguide/C/other-apps.xml:299(para)
11781
#: serverguide/C/other-apps.xml:282(para)
11714
11782
msgid "Toggle status notifications"
11715
11783
msgstr ""
11716
11784
11717
#: serverguide/C/other-apps.xml:300(para)
11785
#: serverguide/C/other-apps.xml:283(para)
11718
11786
msgid "Change the key binding set"
11719
11787
msgstr ""
11720
11788
11721
#: serverguide/C/other-apps.xml:301(para)
11789
#: serverguide/C/other-apps.xml:284(para)
11722
11790
msgid "Change the escape sequence"
11723
11791
msgstr ""
11724
11792
11725
#: serverguide/C/other-apps.xml:302(para)
11793
#: serverguide/C/other-apps.xml:285(para)
11726
11794
msgid "Create new windows"
11727
11795
msgstr ""
11728
11796
11729
#: serverguide/C/other-apps.xml:303(para)
11797
#: serverguide/C/other-apps.xml:286(para)
11730
11798
msgid "Manage the default windows"
11731
11799
msgstr ""
11732
11800
11733
#: serverguide/C/other-apps.xml:304(para)
11801
#: serverguide/C/other-apps.xml:287(para)
11734
11802
msgid "Byobu currently does not launch at login (toggle on)"
11735
11803
msgstr ""
11736
11804
11737
#: serverguide/C/other-apps.xml:307(para)
11805
#: serverguide/C/other-apps.xml:290(para)
11738
11806
msgid ""
11739
11807
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11740
11808
"sequence, new window, change window, etc. There are two key binding sets to "
11743
11811
"<emphasis>none</emphasis> set."
11744
11812
msgstr ""
11745
11813
11746
#: serverguide/C/other-apps.xml:313(para)
11814
#: serverguide/C/other-apps.xml:296(para)
11747
11815
msgid ""
11748
11816
"<application>byobu</application> provides a menu which displays the Ubuntu "
11749
11817
"release, processor information, memory information, and the time and date. "
11750
11818
"The effect is similar to a desktop menu."
11751
11819
msgstr ""
11752
11820
11753
#: serverguide/C/other-apps.xml:318(para)
11821
#: serverguide/C/other-apps.xml:301(para)
11754
11822
msgid ""
11755
11823
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11756
11824
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11759
11827
"affect other users on the system."
11760
11828
msgstr ""
11761
11829
11762
#: serverguide/C/other-apps.xml:324(para)
11830
#: serverguide/C/other-apps.xml:307(para)
11763
11831
msgid ""
11764
11832
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11765
11833
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11767
11835
"commands. Here is a quick list of movement commands:"
11768
11836
msgstr ""
11769
11837
11770
#: serverguide/C/other-apps.xml:331(para)
11838
#: serverguide/C/other-apps.xml:314(para)
11771
11839
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11772
11840
msgstr ""
11773
11841
11774
#: serverguide/C/other-apps.xml:332(para)
11842
#: serverguide/C/other-apps.xml:315(para)
11775
11843
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11776
11844
msgstr ""
11777
11845
11778
#: serverguide/C/other-apps.xml:333(para)
11846
#: serverguide/C/other-apps.xml:316(para)
11779
11847
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11780
11848
msgstr ""
11781
11849
11782
#: serverguide/C/other-apps.xml:334(para)
11850
#: serverguide/C/other-apps.xml:317(para)
11783
11851
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11784
11852
msgstr ""
11785
11853
11786
#: serverguide/C/other-apps.xml:335(para)
11854
#: serverguide/C/other-apps.xml:318(para)
11787
11855
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11788
11856
msgstr ""
11789
11857
11790
#: serverguide/C/other-apps.xml:336(para)
11858
#: serverguide/C/other-apps.xml:319(para)
11791
11859
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11792
11860
msgstr ""
11793
11861
11794
#: serverguide/C/other-apps.xml:337(para)
11862
#: serverguide/C/other-apps.xml:320(para)
11795
11863
msgid ""
11796
11864
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11797
11865
"the buffer)"
11798
11866
msgstr ""
11799
11867
11800
#: serverguide/C/other-apps.xml:338(para)
11868
#: serverguide/C/other-apps.xml:321(para)
11801
11869
msgid "<emphasis>/</emphasis> - Search forward"
11802
11870
msgstr ""
11803
11871
11804
#: serverguide/C/other-apps.xml:339(para)
11872
#: serverguide/C/other-apps.xml:322(para)
11805
11873
msgid "<emphasis>?</emphasis> - Search backward"
11806
11874
msgstr ""
11807
11875
11808
#: serverguide/C/other-apps.xml:340(para)
11876
#: serverguide/C/other-apps.xml:401(para)
11809
11877
msgid ""
11810
11878
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11811
11879
msgstr ""
11812
11880
11813
#: serverguide/C/other-apps.xml:349(para)
11814
msgid ""
11815
"See the <ulink "
11816
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11817
"motd.5.html\">update-motd man page</ulink> for more options available to "
11818
"<application>update-motd</application>."
11819
msgstr ""
11820
11821
#: serverguide/C/other-apps.xml:355(para)
11822
msgid ""
11823
"The Debian Package of the Day <ulink "
11824
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11825
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11826
"details about using the <application>weather</application>utility."
11827
msgstr ""
11828
11829
#: serverguide/C/other-apps.xml:362(para)
11830
msgid ""
11831
"See the <ulink "
11832
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11833
"more details on using <application>etckeeper</application>."
11834
msgstr ""
11835
11836
#: serverguide/C/other-apps.xml:368(para)
11837
msgid ""
11838
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11839
"Ubuntu Wiki</ulink> page."
11840
msgstr ""
11841
11842
#: serverguide/C/other-apps.xml:373(para)
11843
msgid ""
11844
"For the latest news and information about <application>bzr</application> see "
11845
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11846
msgstr ""
11847
11848
#: serverguide/C/other-apps.xml:378(para)
11881
#: serverguide/C/other-apps.xml:361(para)
11849
11882
msgid ""
11850
11883
"For more information on <application>screen</application> see the <ulink "
11851
11884
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11852
11885
msgstr ""
11853
11886
11854
#: serverguide/C/other-apps.xml:383(para)
11887
#: serverguide/C/other-apps.xml:366(para)
11855
11888
msgid ""
11856
11889
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11857
11890
"screen</ulink> page."
11858
11891
msgstr ""
11859
11892
11860
#: serverguide/C/other-apps.xml:388(para)
11893
#: serverguide/C/other-apps.xml:371(para)
11861
11894
msgid ""
11862
11895
"Also, see the <application>byobu</application><ulink "
11863
11896
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11879
11912
"discussion of popular network protocols."
11880
11913
msgstr ""
11881
11914
11882
#: serverguide/C/network-config.xml:25(title)
11915
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
11883
11916
msgid "Network Configuration"
11884
11917
msgstr ""
11885
11918
12162
12195
"persistent way to do DNS client configuration is in a following section."
12163
12196
msgstr ""
12164
12197
12165
#: serverguide/C/network-config.xml:226(programlisting)
12198
#: serverguide/C/network-config.xml:224(programlisting)
12166
12199
#, no-wrap
12167
12200
msgid ""
12168
12201
"\n"
12170
12203
"nameserver 8.8.4.4\n"
12171
12204
msgstr ""
12172
12205
12173
#: serverguide/C/network-config.xml:230(para)
12206
#: serverguide/C/network-config.xml:228(para)
12174
12207
msgid ""
12175
12208
"If you no longer need this configuration and wish to purge all IP "
12176
12209
"configuration from an interface, you can use the "
12177
12210
"<application>ip</application> command with the flush option as shown below."
12178
12211
msgstr ""
12179
12212
12180
#: serverguide/C/network-config.xml:236(command)
12213
#: serverguide/C/network-config.xml:234(command)
12181
12214
msgid "ip addr flush eth0"
12182
12215
msgstr ""
12183
12216
12191
12224
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12192
12225
msgstr ""
12193
12226
12194
#: serverguide/C/network-config.xml:249(title)
12227
#: serverguide/C/network-config.xml:245(title)
12195
12228
msgid "Dynamic IP Address Assignment (DHCP Client)"
12196
12229
msgstr ""
12197
12230
12198
#: serverguide/C/network-config.xml:250(para)
12231
#: serverguide/C/network-config.xml:246(para)
12199
12232
msgid ""
12200
12233
"To configure your server to use DHCP for dynamic address assignment, add the "
12201
12234
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12205
12238
"role=\"italic\">eth0</emphasis>."
12206
12239
msgstr ""
12207
12240
12208
#: serverguide/C/network-config.xml:257(programlisting)
12241
#: serverguide/C/network-config.xml:253(programlisting)
12209
12242
#, no-wrap
12210
12243
msgid ""
12211
12244
"\n"
12213
12246
"iface eth0 inet dhcp\n"
12214
12247
msgstr ""
12215
12248
12216
#: serverguide/C/network-config.xml:261(para)
12249
#: serverguide/C/network-config.xml:257(para)
12217
12250
msgid ""
12218
12251
"By adding an interface configuration as shown above, you can manually enable "
12219
12252
"the interface through the <application>ifup</application> command which "
12220
12253
"initiates the DHCP process via <application>dhclient</application>."
12221
12254
msgstr ""
12222
12255
12223
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12256
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12224
12257
msgid "sudo ifup eth0"
12225
12258
msgstr ""
12226
12259
12227
#: serverguide/C/network-config.xml:269(para)
12260
#: serverguide/C/network-config.xml:265(para)
12228
12261
msgid ""
12229
12262
"To manually disable the interface, you can use the "
12230
12263
"<application>ifdown</application> command, which in turn will initiate the "
12231
12264
"DHCP release process and shut down the interface."
12232
12265
msgstr ""
12233
12266
12234
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12267
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12235
12268
msgid "sudo ifdown eth0"
12236
12269
msgstr ""
12237
12270
12238
#: serverguide/C/network-config.xml:280(title)
12271
#: serverguide/C/network-config.xml:276(title)
12239
12272
msgid "Static IP Address Assignment"
12240
12273
msgstr ""
12241
12274
12242
#: serverguide/C/network-config.xml:281(para)
12275
#: serverguide/C/network-config.xml:277(para)
12243
12276
msgid ""
12244
12277
"To configure your system to use a static IP address assignment, add the "
12245
12278
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12253
12286
"network."
12254
12287
msgstr ""
12255
12288
12256
#: serverguide/C/network-config.xml:290(programlisting)
12289
#: serverguide/C/network-config.xml:286(programlisting)
12257
12290
#, no-wrap
12258
12291
msgid ""
12259
12292
"\n"
12264
12297
"gateway 10.0.0.1\n"
12265
12298
msgstr ""
12266
12299
12267
#: serverguide/C/network-config.xml:297(para)
12300
#: serverguide/C/network-config.xml:293(para)
12268
12301
msgid ""
12269
12302
"By adding an interface configuration as shown above, you can manually enable "
12270
12303
"the interface through the <application>ifup</application> command."
12271
12304
msgstr ""
12272
12305
12273
#: serverguide/C/network-config.xml:304(para)
12306
#: serverguide/C/network-config.xml:300(para)
12274
12307
msgid ""
12275
12308
"To manually disable the interface, you can use the "
12276
12309
"<application>ifdown</application> command."
12277
12310
msgstr ""
12278
12311
12279
#: serverguide/C/network-config.xml:314(title)
12312
#: serverguide/C/network-config.xml:310(title)
12280
12313
msgid "Loopback Interface"
12281
12314
msgstr ""
12282
12315
12283
#: serverguide/C/network-config.xml:315(para)
12316
#: serverguide/C/network-config.xml:311(para)
12284
12317
msgid ""
12285
12318
"The loopback interface is identified by the system as <emphasis "
12286
12319
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12287
12320
"can be viewed using the ifconfig command."
12288
12321
msgstr ""
12289
12322
12290
#: serverguide/C/network-config.xml:320(command)
12323
#: serverguide/C/network-config.xml:316(command)
12291
12324
msgid "ifconfig lo"
12292
12325
msgstr ""
12293
12326
12294
#: serverguide/C/network-config.xml:321(computeroutput)
12327
#: serverguide/C/network-config.xml:317(computeroutput)
12295
12328
#, no-wrap
12296
12329
msgid ""
12297
12330
"lo Link encap:Local Loopback \n"
12304
12337
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12305
12338
msgstr ""
12306
12339
12307
#: serverguide/C/network-config.xml:330(para)
12340
#: serverguide/C/network-config.xml:326(para)
12308
12341
msgid ""
12309
12342
"By default, there should be two lines in "
12310
12343
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12313
12346
"example of the two default lines are shown below."
12314
12347
msgstr ""
12315
12348
12316
#: serverguide/C/network-config.xml:336(programlisting)
12349
#: serverguide/C/network-config.xml:332(programlisting)
12317
12350
#, no-wrap
12318
12351
msgid ""
12319
12352
"\n"
12321
12354
"iface lo inet loopback\n"
12322
12355
msgstr ""
12323
12356
12324
#: serverguide/C/network-config.xml:345(title)
12357
#: serverguide/C/network-config.xml:341(title)
12325
12358
msgid "Name Resolution"
12326
12359
msgstr ""
12327
12360
12328
#: serverguide/C/network-config.xml:346(para)
12361
#: serverguide/C/network-config.xml:342(para)
12329
12362
msgid ""
12330
12363
"Name resolution as it relates to IP networking is the process of mapping IP "
12331
12364
"addresses to hostnames, making it easier to identify resources on a network. "
12333
12366
"name resolution using DNS and static hostname records."
12334
12367
msgstr ""
12335
12368
12336
#: serverguide/C/network-config.xml:354(title)
12369
#: serverguide/C/network-config.xml:350(title)
12337
12370
msgid "DNS Client Configuration"
12338
12371
msgstr ""
12339
12372
12340
#: serverguide/C/network-config.xml:366(programlisting)
12373
#: serverguide/C/network-config.xml:362(programlisting)
12341
12374
#, no-wrap
12342
12375
msgid ""
12343
12376
"\n"
12370
12403
"following:"
12371
12404
msgstr ""
12372
12405
12373
#: serverguide/C/network-config.xml:377(programlisting)
12406
#: serverguide/C/network-config.xml:373(programlisting)
12374
12407
#, no-wrap
12375
12408
msgid ""
12376
12409
"\n"
12382
12415
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12383
12416
msgstr ""
12384
12417
12385
#: serverguide/C/network-config.xml:386(para)
12418
#: serverguide/C/network-config.xml:382(para)
12386
12419
msgid ""
12387
12420
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12388
12421
"multiple domain names so that DNS queries will be appended in the order in "
12393
12426
"role=\"italic\">dev.example.com</emphasis>."
12394
12427
msgstr ""
12395
12428
12396
#: serverguide/C/network-config.xml:393(para)
12429
#: serverguide/C/network-config.xml:389(para)
12397
12430
msgid ""
12398
12431
"If you have multiple domains you wish to search, your configuration might "
12399
12432
"look like the following:"
12400
12433
msgstr ""
12401
12434
12402
#: serverguide/C/network-config.xml:397(programlisting)
12435
#: serverguide/C/network-config.xml:393(programlisting)
12403
12436
#, no-wrap
12404
12437
msgid ""
12405
12438
"\n"
12411
12444
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12412
12445
msgstr ""
12413
12446
12414
#: serverguide/C/network-config.xml:406(para)
12447
#: serverguide/C/network-config.xml:402(para)
12415
12448
msgid ""
12416
12449
"If you try to ping a host with the name of <emphasis "
12417
12450
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12418
12451
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12419
12452
msgstr ""
12420
12453
12421
#: serverguide/C/network-config.xml:413(para)
12454
#: serverguide/C/network-config.xml:409(para)
12422
12455
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12423
12456
msgstr ""
12424
12457
12425
#: serverguide/C/network-config.xml:418(para)
12458
#: serverguide/C/network-config.xml:414(para)
12426
12459
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12427
12460
msgstr ""
12428
12461
12429
#: serverguide/C/network-config.xml:423(para)
12462
#: serverguide/C/network-config.xml:419(para)
12430
12463
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12431
12464
msgstr ""
12432
12465
12433
#: serverguide/C/network-config.xml:428(para)
12466
#: serverguide/C/network-config.xml:424(para)
12434
12467
msgid ""
12435
12468
"If no matches are found, the DNS server will provide a result of <emphasis "
12436
12469
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12437
12470
msgstr ""
12438
12471
12439
#: serverguide/C/network-config.xml:435(title)
12472
#: serverguide/C/network-config.xml:431(title)
12440
12473
msgid "Static Hostnames"
12441
12474
msgstr ""
12442
12475
12443
#: serverguide/C/network-config.xml:436(para)
12476
#: serverguide/C/network-config.xml:432(para)
12444
12477
msgid ""
12445
12478
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12446
12479
"file <filename>/etc/hosts</filename>. Entries in the "
12452
12485
"conveniently set to use static hostnames instead of DNS."
12453
12486
msgstr ""
12454
12487
12455
#: serverguide/C/network-config.xml:443(para)
12488
#: serverguide/C/network-config.xml:439(para)
12456
12489
msgid ""
12457
12490
"The following is an example of a <filename>hosts</filename> file where a "
12458
12491
"number of local servers have been identified by simple hostnames, aliases "
12459
12492
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12460
12493
msgstr ""
12461
12494
12462
#: serverguide/C/network-config.xml:447(programlisting)
12495
#: serverguide/C/network-config.xml:443(programlisting)
12463
12496
#, no-wrap
12464
12497
msgid ""
12465
12498
"\n"
12471
12504
"10.0.0.14\tserver4 server4.example.com file\n"
12472
12505
msgstr ""
12473
12506
12474
#: serverguide/C/network-config.xml:456(para)
12507
#: serverguide/C/network-config.xml:452(para)
12475
12508
msgid ""
12476
12509
"In the above example, notice that each of the servers have been given "
12477
12510
"aliases in addition to their proper names and FQDN's. <emphasis "
12484
12517
"role=\"italic\">file</emphasis>."
12485
12518
msgstr ""
12486
12519
12487
#: serverguide/C/network-config.xml:468(title)
12520
#: serverguide/C/network-config.xml:464(title)
12488
12521
msgid "Name Service Switch Configuration"
12489
12522
msgstr ""
12490
12523
12491
#: serverguide/C/network-config.xml:469(para)
12524
#: serverguide/C/network-config.xml:465(para)
12492
12525
msgid ""
12493
12526
"The order in which your system selects a method of resolving hostnames to IP "
12494
12527
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12499
12532
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12500
12533
msgstr ""
12501
12534
12502
#: serverguide/C/network-config.xml:477(programlisting)
12535
#: serverguide/C/network-config.xml:473(programlisting)
12503
12536
#, no-wrap
12504
12537
msgid ""
12505
12538
"\n"
12506
12539
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12507
12540
msgstr ""
12508
12541
12509
#: serverguide/C/network-config.xml:483(para)
12542
#: serverguide/C/network-config.xml:479(para)
12510
12543
msgid ""
12511
12544
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12512
12545
"hostnames located in <filename>/etc/hosts</filename>."
12513
12546
msgstr ""
12514
12547
12515
#: serverguide/C/network-config.xml:489(para)
12548
#: serverguide/C/network-config.xml:485(para)
12516
12549
msgid ""
12517
12550
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12518
12551
"name using Multicast DNS."
12519
12552
msgstr ""
12520
12553
12521
#: serverguide/C/network-config.xml:494(para)
12554
#: serverguide/C/network-config.xml:490(para)
12522
12555
msgid ""
12523
12556
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12524
12557
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12527
12560
"answer."
12528
12561
msgstr ""
12529
12562
12530
#: serverguide/C/network-config.xml:502(para)
12563
#: serverguide/C/network-config.xml:498(para)
12531
12564
msgid ""
12532
12565
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12533
12566
msgstr ""
12534
12567
12535
#: serverguide/C/network-config.xml:507(para)
12568
#: serverguide/C/network-config.xml:503(para)
12536
12569
msgid ""
12537
12570
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12538
12571
msgstr ""
12539
12572
12540
#: serverguide/C/network-config.xml:513(para)
12573
#: serverguide/C/network-config.xml:509(para)
12541
12574
msgid ""
12542
12575
"To modify the order of the above mentioned name resolution methods, you can "
12543
12576
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12546
12579
"<filename>/etc/nsswitch.conf</filename> as shown below."
12547
12580
msgstr ""
12548
12581
12549
#: serverguide/C/network-config.xml:520(programlisting)
12582
#: serverguide/C/network-config.xml:516(programlisting)
12550
12583
#, no-wrap
12551
12584
msgid ""
12552
12585
"\n"
12553
12586
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12554
12587
msgstr ""
12555
12588
12556
#: serverguide/C/network-config.xml:527(title)
12589
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12557
12590
msgid "Bridging"
12558
12591
msgstr ""
12559
12592
12560
#: serverguide/C/network-config.xml:529(para)
12593
#: serverguide/C/network-config.xml:525(para)
12561
12594
msgid ""
12562
12595
"Bridging multiple interfaces is a more advanced configuration, but is very "
12563
12596
"useful in multiple scenarios. One scenario is setting up a bridge with "
12567
12600
"The following example covers the latter scenario."
12568
12601
msgstr ""
12569
12602
12570
#: serverguide/C/network-config.xml:536(para)
12603
#: serverguide/C/network-config.xml:532(para)
12571
12604
msgid ""
12572
12605
"Before configuring a bridge you will need to install the <application>bridge-"
12573
12606
"utils</application> package. To install the package, in a terminal enter:"
12574
12607
msgstr ""
12575
12608
12576
#: serverguide/C/network-config.xml:545(para)
12609
#: serverguide/C/network-config.xml:541(para)
12577
12610
msgid ""
12578
12611
"Next, configure the bridge by editing "
12579
12612
"<filename>/etc/network/interfaces</filename>:"
12580
12613
msgstr ""
12581
12614
12582
#: serverguide/C/network-config.xml:549(programlisting)
12615
#: serverguide/C/network-config.xml:545(programlisting)
12583
12616
#, no-wrap
12584
12617
msgid ""
12585
12618
"\n"
12600
12633
" bridge_stp off\n"
12601
12634
msgstr ""
12602
12635
12603
#: serverguide/C/network-config.xml:568(para)
12636
#: serverguide/C/network-config.xml:564(para)
12604
12637
msgid "Enter the appropriate values for your physical interface and network."
12605
12638
msgstr ""
12606
12639
12612
12645
msgid "sudo ifup br0"
12613
12646
msgstr ""
12614
12647
12615
#: serverguide/C/network-config.xml:580(para)
12648
#: serverguide/C/network-config.xml:576(para)
12616
12649
msgid ""
12617
12650
"The new bridge interface should now be up and running. The "
12618
12651
"<application>brctl</application> provides useful information about the state "
12620
12653
"<command>man brctl</command> for more information."
12621
12654
msgstr ""
12622
12655
12623
#: serverguide/C/network-config.xml:596(para)
12656
#: serverguide/C/network-config.xml:592(para)
12624
12657
msgid ""
12625
12658
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12626
12659
"Network page</ulink> has links to articles covering more advanced network "
12627
12660
"configuration."
12628
12661
msgstr ""
12629
12662
12630
#: serverguide/C/network-config.xml:602(para)
12663
#: serverguide/C/network-config.xml:598(para)
12631
12664
msgid ""
12632
12665
"The <ulink "
12633
12666
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12634
12667
" man page</ulink> has more information on resolvconf."
12635
12668
msgstr ""
12636
12669
12637
#: serverguide/C/network-config.xml:608(para)
12670
#: serverguide/C/network-config.xml:604(para)
12638
12671
msgid ""
12639
12672
"The <ulink "
12640
12673
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12642
12675
"<filename>/etc/network/interfaces</filename>."
12643
12676
msgstr ""
12644
12677
12645
#: serverguide/C/network-config.xml:614(para)
12678
#: serverguide/C/network-config.xml:610(para)
12646
12679
msgid ""
12647
12680
"The <ulink "
12648
12681
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
12650
12683
"settings."
12651
12684
msgstr ""
12652
12685
12653
#: serverguide/C/network-config.xml:620(para)
12686
#: serverguide/C/network-config.xml:616(para)
12654
12687
msgid ""
12655
12688
"For more information on DNS client configuration see the <ulink "
12656
12689
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
12669
12702
"\">Networking-Bridge</ulink> page."
12670
12703
msgstr ""
12671
12704
12672
#: serverguide/C/network-config.xml:639(title)
12705
#: serverguide/C/network-config.xml:635(title)
12673
12706
msgid "TCP/IP"
12674
12707
msgstr ""
12675
12708
12676
#: serverguide/C/network-config.xml:640(para)
12709
#: serverguide/C/network-config.xml:636(para)
12677
12710
msgid ""
12678
12711
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12679
12712
"standard set of protocols developed in the late 1970s by the Defense "
12683
12716
"network protocols on Earth."
12684
12717
msgstr ""
12685
12718
12686
#: serverguide/C/network-config.xml:648(title)
12719
#: serverguide/C/network-config.xml:644(title)
12687
12720
msgid "TCP/IP Introduction"
12688
12721
msgstr ""
12689
12722
12690
#: serverguide/C/network-config.xml:649(para)
12723
#: serverguide/C/network-config.xml:645(para)
12691
12724
msgid ""
12692
12725
"The two protocol components of TCP/IP deal with different aspects of "
12693
12726
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12702
12735
"host."
12703
12736
msgstr ""
12704
12737
12705
#: serverguide/C/network-config.xml:662(title)
12738
#: serverguide/C/network-config.xml:658(title)
12706
12739
msgid "TCP/IP Configuration"
12707
12740
msgstr ""
12708
12741
12709
#: serverguide/C/network-config.xml:663(para)
12742
#: serverguide/C/network-config.xml:659(para)
12710
12743
msgid ""
12711
12744
"The TCP/IP protocol configuration consists of several elements which must be "
12712
12745
"set by editing the appropriate configuration files, or deploying solutions "
12717
12750
"system."
12718
12751
msgstr ""
12719
12752
12720
#: serverguide/C/network-config.xml:675(para)
12753
#: serverguide/C/network-config.xml:671(para)
12721
12754
msgid ""
12722
12755
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12723
12756
"identifying string expressed as four decimal numbers ranging from zero (0) "
12727
12760
"<emphasis>dotted quad notation</emphasis>."
12728
12761
msgstr ""
12729
12762
12730
#: serverguide/C/network-config.xml:685(para)
12763
#: serverguide/C/network-config.xml:681(para)
12731
12764
msgid ""
12732
12765
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12733
12766
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12738
12771
"remain available for specifying hosts on the subnetwork."
12739
12772
msgstr ""
12740
12773
12741
#: serverguide/C/network-config.xml:696(para)
12774
#: serverguide/C/network-config.xml:692(para)
12742
12775
msgid ""
12743
12776
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12744
12777
"represents the bytes comprising the network portion of an IP address. For "
12751
12784
"network and a zero (0) for all the possible hosts on the network."
12752
12785
msgstr ""
12753
12786
12754
#: serverguide/C/network-config.xml:709(para)
12787
#: serverguide/C/network-config.xml:705(para)
12755
12788
msgid ""
12756
12789
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12757
12790
"is an IP address which allows network data to be sent simultaneously to all "
12765
12798
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12766
12799
msgstr ""
12767
12800
12768
#: serverguide/C/network-config.xml:722(para)
12801
#: serverguide/C/network-config.xml:718(para)
12769
12802
msgid ""
12770
12803
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12771
12804
"IP address through which a particular network, or host on a network, may be "
12778
12811
"not be able to reach any hosts beyond those on the same network."
12779
12812
msgstr ""
12780
12813
12781
#: serverguide/C/network-config.xml:733(para)
12814
#: serverguide/C/network-config.xml:729(para)
12782
12815
msgid ""
12783
12816
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12784
12817
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12804
12837
"command typed at a terminal prompt:"
12805
12838
msgstr ""
12806
12839
12807
#: serverguide/C/network-config.xml:754(para)
12840
#: serverguide/C/network-config.xml:750(para)
12808
12841
msgid ""
12809
12842
"Access the system manual page for <filename>interfaces</filename> with the "
12810
12843
"following command:"
12811
12844
msgstr ""
12812
12845
12813
#: serverguide/C/network-config.xml:759(command)
12846
#: serverguide/C/network-config.xml:755(command)
12814
12847
msgid "man interfaces"
12815
12848
msgstr ""
12816
12849
12817
#: serverguide/C/network-config.xml:671(para)
12850
#: serverguide/C/network-config.xml:667(para)
12818
12851
msgid ""
12819
12852
"The common configuration elements of TCP/IP and their purposes are as "
12820
12853
"follows: <placeholder-1/>"
12821
12854
msgstr ""
12822
12855
12823
#: serverguide/C/network-config.xml:767(title)
12856
#: serverguide/C/network-config.xml:771(title)
12824
12857
msgid "IP Routing"
12825
12858
msgstr ""
12826
12859
12827
#: serverguide/C/network-config.xml:768(para)
12860
#: serverguide/C/network-config.xml:772(para)
12828
12861
msgid ""
12829
12862
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12830
12863
"network along which network data may be sent. Routing uses a set of "
12835
12868
"<emphasis>Dynamic Routing.</emphasis>"
12836
12869
msgstr ""
12837
12870
12838
#: serverguide/C/network-config.xml:777(para)
12871
#: serverguide/C/network-config.xml:781(para)
12839
12872
msgid ""
12840
12873
"Static routing involves manually adding IP routes to the system's routing "
12841
12874
"table, and this is usually done by manipulating the routing table with the "
12850
12883
"and failures along the route due to the fixed nature of the route."
12851
12884
msgstr ""
12852
12885
12853
#: serverguide/C/network-config.xml:787(para)
12886
#: serverguide/C/network-config.xml:791(para)
12854
12887
msgid ""
12855
12888
"Dynamic routing depends on large networks with multiple possible IP routes "
12856
12889
"from a source to a destination and makes use of special routing protocols, "
12867
12900
"immediately benefit the end users, but still consumes network bandwidth."
12868
12901
msgstr ""
12869
12902
12870
#: serverguide/C/network-config.xml:801(title)
12903
#: serverguide/C/network-config.xml:805(title)
12871
12904
msgid "TCP and UDP"
12872
12905
msgstr ""
12873
12906
12874
#: serverguide/C/network-config.xml:802(para)
12907
#: serverguide/C/network-config.xml:806(para)
12875
12908
msgid ""
12876
12909
"TCP is a connection-based protocol, offering error correction and guaranteed "
12877
12910
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12882
12915
"important information such as database transactions."
12883
12916
msgstr ""
12884
12917
12885
#: serverguide/C/network-config.xml:810(para)
12918
#: serverguide/C/network-config.xml:814(para)
12886
12919
msgid ""
12887
12920
"The User Datagram Protocol (UDP), on the other hand, is a "
12888
12921
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12893
12926
"loss of a few packets is not generally catastrophic."
12894
12927
msgstr ""
12895
12928
12896
#: serverguide/C/network-config.xml:820(title)
12929
#: serverguide/C/network-config.xml:824(title)
12897
12930
msgid "ICMP"
12898
12931
msgstr ""
12899
12932
12900
#: serverguide/C/network-config.xml:821(para)
12933
#: serverguide/C/network-config.xml:825(para)
12901
12934
msgid ""
12902
12935
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12903
12936
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12910
12943
"<emphasis>Time Exceeded</emphasis>."
12911
12944
msgstr ""
12912
12945
12913
#: serverguide/C/network-config.xml:831(title)
12946
#: serverguide/C/network-config.xml:835(title)
12914
12947
msgid "Daemons"
12915
12948
msgstr ""
12916
12949
12917
#: serverguide/C/network-config.xml:832(para)
12950
#: serverguide/C/network-config.xml:836(para)
12918
12951
msgid ""
12919
12952
"Daemons are special system applications which typically execute continuously "
12920
12953
"in the background and await requests for the functions they provide from "
12937
12970
"that contain more useful information."
12938
12971
msgstr ""
12939
12972
12940
#: serverguide/C/network-config.xml:853(para)
12973
#: serverguide/C/network-config.xml:857(para)
12941
12974
msgid ""
12942
12975
"Also, see the <ulink "
12943
12976
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12944
12977
"and Technical Overview</ulink> IBM Redbook."
12945
12978
msgstr ""
12946
12979
12947
#: serverguide/C/network-config.xml:859(para)
12980
#: serverguide/C/network-config.xml:863(para)
12948
12981
msgid ""
12949
12982
"Another resource is O'Reilly's <ulink "
12950
12983
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12951
12984
"Administration</ulink>."
12952
12985
msgstr ""
12953
12986
12954
#: serverguide/C/network-config.xml:868(title)
12987
#: serverguide/C/network-config.xml:872(title)
12955
12988
msgid "Dynamic Host Configuration Protocol (DHCP)"
12956
12989
msgstr ""
12957
12990
12958
#: serverguide/C/network-config.xml:869(para)
12991
#: serverguide/C/network-config.xml:873(para)
12959
12992
msgid ""
12960
12993
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12961
12994
"enables host computers to be automatically assigned settings from a server "
12964
12997
"DHCP server, and the configuration is transparent to the computer's user."
12965
12998
msgstr ""
12966
12999
12967
#: serverguide/C/network-config.xml:876(para)
13000
#: serverguide/C/network-config.xml:880(para)
12968
13001
msgid ""
12969
13002
"The most common settings provided by a DHCP server to DHCP clients include:"
12970
13003
msgstr ""
12971
13004
12972
#: serverguide/C/network-config.xml:881(para)
13005
#: serverguide/C/network-config.xml:885(para)
12973
13006
msgid "IP address and netmask"
12974
13007
msgstr ""
12975
13008
12976
#: serverguide/C/network-config.xml:884(para)
13009
#: serverguide/C/network-config.xml:888(para)
12977
13010
msgid "IP address of the default-gateway to use"
12978
13011
msgstr ""
12979
13012
12980
#: serverguide/C/network-config.xml:887(para)
13013
#: serverguide/C/network-config.xml:891(para)
12981
13014
msgid "IP adresses of the DNS servers to use"
12982
13015
msgstr ""
12983
13016
12984
#: serverguide/C/network-config.xml:890(para)
13017
#: serverguide/C/network-config.xml:894(para)
12985
13018
msgid ""
12986
13019
"However, a DHCP server can also supply configuration properties such as:"
12987
13020
msgstr ""
12988
13021
12989
#: serverguide/C/network-config.xml:895(para)
13022
#: serverguide/C/network-config.xml:899(para)
12990
13023
msgid "Host Name"
12991
13024
msgstr ""
12992
13025
12993
#: serverguide/C/network-config.xml:898(para)
13026
#: serverguide/C/network-config.xml:902(para)
12994
13027
msgid "Domain Name"
12995
13028
msgstr ""
12996
13029
12997
#: serverguide/C/network-config.xml:901(para)
13030
#: serverguide/C/network-config.xml:905(para)
12998
13031
msgid "Time Server"
12999
13032
msgstr ""
13000
13033
13001
#: serverguide/C/network-config.xml:907(para)
13034
#: serverguide/C/network-config.xml:911(para)
13002
13035
msgid ""
13003
13036
"The advantage of using DHCP is that changes to the network, for example a "
13004
13037
"change in the address of the DNS server, need only be changed at the DHCP "
13009
13042
"also reduced."
13010
13043
msgstr ""
13011
13044
13012
#: serverguide/C/network-config.xml:915(para)
13045
#: serverguide/C/network-config.xml:919(para)
13013
13046
msgid ""
13014
13047
"A DHCP server can provide configuration settings using the following methods:"
13015
13048
msgstr ""
13016
13049
13017
#: serverguide/C/network-config.xml:920(term)
13050
#: serverguide/C/network-config.xml:924(term)
13018
13051
msgid "Manual allocation (MAC address)"
13019
13052
msgstr ""
13020
13053
13021
#: serverguide/C/network-config.xml:922(para)
13054
#: serverguide/C/network-config.xml:926(para)
13022
13055
msgid ""
13023
13056
"This method entails using DHCP to identify the unique hardware address of "
13024
13057
"each network card connected to the network and then continually supplying a "
13027
13060
"assigned automatically to that network card, based on it's MAC address."
13028
13061
msgstr ""
13029
13062
13030
#: serverguide/C/network-config.xml:933(term)
13063
#: serverguide/C/network-config.xml:937(term)
13031
13064
msgid "Dynamic allocation (address pool)"
13032
13065
msgstr ""
13033
13066
13045
13078
"renegociate the lease with the server to maintain use of the address."
13046
13079
msgstr ""
13047
13080
13048
#: serverguide/C/network-config.xml:949(term)
13081
#: serverguide/C/network-config.xml:952(term)
13049
13082
msgid "Automatic allocation"
13050
13083
msgstr ""
13051
13084
13052
#: serverguide/C/network-config.xml:951(para)
13085
#: serverguide/C/network-config.xml:954(para)
13053
13086
msgid ""
13054
13087
"Using this method, the DHCP automatically assigns an IP address permanently "
13055
13088
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13071
13104
"and configure and will be automatically started at system boot."
13072
13105
msgstr ""
13073
13106
13074
#: serverguide/C/network-config.xml:974(para)
13107
#: serverguide/C/network-config.xml:976(para)
13075
13108
msgid ""
13076
13109
"At a terminal prompt, enter the following command to install "
13077
13110
"<application>dhcpd</application>:"
13078
13111
msgstr ""
13079
13112
13080
#: serverguide/C/network-config.xml:979(command)
13113
#: serverguide/C/network-config.xml:981(command)
13081
13114
msgid "sudo apt-get install isc-dhcp-server"
13082
13115
msgstr ""
13083
13116
13084
#: serverguide/C/network-config.xml:981(para)
13117
#: serverguide/C/network-config.xml:983(para)
13085
13118
msgid ""
13086
13119
"You will probably need to change the default configuration by editing "
13087
13120
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13088
13121
msgstr ""
13089
13122
13090
#: serverguide/C/network-config.xml:985(para)
13123
#: serverguide/C/network-config.xml:987(para)
13091
13124
msgid ""
13092
13125
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13093
13126
"interfaces dhcpd should listen to."
13094
13127
msgstr ""
13095
13128
13096
#: serverguide/C/network-config.xml:989(para)
13129
#: serverguide/C/network-config.xml:991(para)
13097
13130
msgid ""
13098
13131
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13099
13132
"messages."
13100
13133
msgstr ""
13101
13134
13102
#: serverguide/C/network-config.xml:996(para)
13135
#: serverguide/C/network-config.xml:998(para)
13103
13136
msgid ""
13104
13137
"The error message the installation ends with might be a little confusing, "
13105
13138
"but the following steps will help you configure the service:"
13106
13139
msgstr ""
13107
13140
13108
#: serverguide/C/network-config.xml:1000(para)
13141
#: serverguide/C/network-config.xml:1002(para)
13109
13142
msgid ""
13110
13143
"Most commonly, what you want to do is assign an IP address randomly. This "
13111
13144
"can be done with settings as follows:"
13112
13145
msgstr ""
13113
13146
13114
#: serverguide/C/network-config.xml:1004(programlisting)
13147
#: serverguide/C/network-config.xml:1006(programlisting)
13115
13148
#, no-wrap
13116
13149
msgid ""
13117
13150
"\n"
13127
13160
"} \n"
13128
13161
msgstr ""
13129
13162
13130
#: serverguide/C/network-config.xml:1016(para)
13163
#: serverguide/C/network-config.xml:1018(para)
13131
13164
msgid ""
13132
13165
"This will result in the DHCP server giving clients an IP address from the "
13133
13166
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13137
13170
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13138
13171
msgstr ""
13139
13172
13140
#: serverguide/C/network-config.xml:1024(para)
13173
#: serverguide/C/network-config.xml:1026(para)
13141
13174
msgid ""
13142
13175
"After changing the config file you have to restart the "
13143
13176
"<application>dhcpd</application>:"
13147
13180
msgid "sudo service isc-dhcp-server restart"
13148
13181
msgstr ""
13149
13182
13150
#: serverguide/C/network-config.xml:1037(para)
13183
#: serverguide/C/network-config.xml:1039(para)
13151
13184
msgid ""
13152
13185
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13153
13186
"server Ubuntu Wiki</ulink> page has more information."
13160
13193
"dhcpd.conf man page</ulink>."
13161
13194
msgstr ""
13162
13195
13163
#: serverguide/C/network-config.xml:1049(ulink)
13196
#: serverguide/C/network-config.xml:1051(ulink)
13164
13197
msgid "ISC dhcp-server"
13165
13198
msgstr ""
13166
13199
13167
#: serverguide/C/network-config.xml:1058(title)
13200
#: serverguide/C/network-config.xml:1060(title)
13168
13201
msgid "Time Synchronisation with NTP"
13169
13202
msgstr ""
13170
13203
13171
#: serverguide/C/network-config.xml:1059(para)
13204
#: serverguide/C/network-config.xml:1061(para)
13172
13205
msgid ""
13173
13206
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13174
13207
"client requests the current time from a server, and uses it to set its own "
13175
13208
"clock."
13176
13209
msgstr ""
13177
13210
13178
#: serverguide/C/network-config.xml:1062(para)
13211
#: serverguide/C/network-config.xml:1064(para)
13179
13212
msgid ""
13180
13213
"Behind this simple description, there is a lot of complexity - there are "
13181
13214
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13187
13220
"from you!"
13188
13221
msgstr ""
13189
13222
13190
#: serverguide/C/network-config.xml:1065(para)
13223
#: serverguide/C/network-config.xml:1067(para)
13191
13224
msgid "Ubuntu uses ntpdate and ntpd."
13192
13225
msgstr ""
13193
13226
13194
#: serverguide/C/network-config.xml:1070(title)
13227
#: serverguide/C/network-config.xml:1072(title)
13195
13228
msgid "ntpdate"
13196
13229
msgstr ""
13197
13230
13198
#: serverguide/C/network-config.xml:1071(para)
13231
#: serverguide/C/network-config.xml:1073(para)
13199
13232
msgid ""
13200
13233
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13201
13234
"set up your time according to Ubuntu's NTP server."
13202
13235
msgstr ""
13203
13236
13204
#: serverguide/C/network-config.xml:1074(programlisting)
13237
#: serverguide/C/network-config.xml:1076(programlisting)
13205
13238
#, no-wrap
13206
13239
msgid ""
13207
13240
"\n"
13208
13241
"ntpdate -s ntp.ubuntu.com\n"
13209
13242
msgstr ""
13210
13243
13211
#: serverguide/C/network-config.xml:1080(title)
13244
#: serverguide/C/network-config.xml:1082(title)
13212
13245
msgid "ntpd"
13213
13246
msgstr ""
13214
13247
13215
#: serverguide/C/network-config.xml:1081(para)
13248
#: serverguide/C/network-config.xml:1083(para)
13216
13249
msgid ""
13217
13250
"The ntp daemon ntpd calculates the drift of your system clock and "
13218
13251
"continuously adjusts it, so there are no large corrections that could lead "
13220
13253
"memory, but for a modern server this is negligible."
13221
13254
msgstr ""
13222
13255
13223
#: serverguide/C/network-config.xml:1088(para)
13256
#: serverguide/C/network-config.xml:1090(para)
13224
13257
msgid "To install ntpd, from a terminal prompt enter:"
13225
13258
msgstr ""
13226
13259
13227
#: serverguide/C/network-config.xml:1093(command)
13260
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13228
13261
msgid "sudo apt-get install ntp"
13229
13262
msgstr ""
13230
13263
13231
#: serverguide/C/network-config.xml:1100(para)
13264
#: serverguide/C/network-config.xml:1102(para)
13232
13265
msgid ""
13233
13266
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13234
13267
"default these servers are configured:"
13235
13268
msgstr ""
13236
13269
13237
#: serverguide/C/network-config.xml:1105(programlisting)
13270
#: serverguide/C/network-config.xml:1107(programlisting)
13238
13271
#, no-wrap
13239
13272
msgid ""
13240
13273
"\n"
13247
13280
"server 3.ubuntu.pool.ntp.org\n"
13248
13281
msgstr ""
13249
13282
13250
#: serverguide/C/network-config.xml:1115(para)
13283
#: serverguide/C/network-config.xml:1117(para)
13251
13284
msgid ""
13252
13285
"After changing the config file you have to reload the "
13253
13286
"<application>ntpd</application>:"
13257
13290
msgid "sudo service ntp reload"
13258
13291
msgstr ""
13259
13292
13260
#: serverguide/C/network-config.xml:1124(title)
13293
#: serverguide/C/network-config.xml:1126(title)
13261
13294
msgid "View status"
13262
13295
msgstr ""
13263
13296
13265
13298
msgid "Use ntpq to see more info:"
13266
13299
msgstr ""
13267
13300
13268
#: serverguide/C/network-config.xml:1129(command)
13301
#: serverguide/C/network-config.xml:1131(command)
13269
13302
msgid "# sudo ntpq -p"
13270
13303
msgstr ""
13271
13304
13272
#: serverguide/C/network-config.xml:1130(computeroutput)
13305
#: serverguide/C/network-config.xml:1132(computeroutput)
13273
13306
#, no-wrap
13274
13307
msgid ""
13275
13308
" remote refid st t when poll reach delay offset "
13288
13321
"92.792"
13289
13322
msgstr ""
13290
13323
13291
#: serverguide/C/network-config.xml:1145(para)
13324
#: serverguide/C/network-config.xml:1147(para)
13292
13325
msgid ""
13293
13326
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13294
13327
"Time</ulink> wiki page for more information."
13295
13328
msgstr ""
13296
13329
13297
#: serverguide/C/network-config.xml:1151(ulink)
13330
#: serverguide/C/network-config.xml:1153(ulink)
13298
13331
msgid "ntp.org, home of the Network Time Protocol project"
13299
13332
msgstr ""
13300
13333
13316
13349
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13317
13350
"querying and modifying a X.500-based directory service running over TCP/IP. "
13318
13351
"The current LDAP version is LDAPv3, as defined in <ulink "
13319
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the LDAP "
13320
"implementation used in Ubuntu is OpenLDAP, currently at version 2.4.25 "
13321
"(Oneiric)."
13352
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13353
"implementation used in Ubuntu is from OpenLDAP."
13322
13354
msgstr ""
13323
13355
13324
13356
#: serverguide/C/network-auth.xml:27(para)
13325
13357
msgid ""
13326
"So this protocol accesses LDAP directories. Here are some key concepts and "
13327
"terms:"
13358
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13359
"and terms:"
13328
13360
msgstr ""
13329
13361
13330
13362
#: serverguide/C/network-auth.xml:34(para)
13357
13389
13358
13390
#: serverguide/C/network-auth.xml:66(para)
13359
13391
msgid ""
13360
"Each entry has a unique identifier: it's <emphasis>Distinguished "
13361
"Name</emphasis> (DN or dn). This consists of it's <emphasis>Relative "
13392
"Each entry has a unique identifier: its <emphasis>Distinguished "
13393
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13362
13394
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13363
13395
msgstr ""
13364
13396
13378
13410
13379
13411
#: serverguide/C/network-auth.xml:87(para)
13380
13412
msgid ""
13381
"For example, below we have a single entry consisting of 11 attributes. It's "
13382
"DN is \"cn=John Doe,dc=example,dc=com\"; it's RDN is \"cn=John Doe\"; and "
13383
"it's parent DN is \"dc=example,dc=com\"."
13384
msgstr ""
13385
13386
#: serverguide/C/network-auth.xml:92(programlisting)
13413
"For example, below we have a single entry consisting of 11 attributes where "
13414
"the following is true:"
13415
msgstr ""
13416
13417
#: serverguide/C/network-auth.xml:94(para)
13418
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13419
msgstr ""
13420
13421
#: serverguide/C/network-auth.xml:100(para)
13422
msgid "RDN is \"cn=John Doe\""
13423
msgstr ""
13424
13425
#: serverguide/C/network-auth.xml:106(para)
13426
msgid "parent DN is \"dc=example,dc=com\""
13427
msgstr ""
13428
13429
#: serverguide/C/network-auth.xml:113(programlisting)
13387
13430
#, no-wrap
13388
13431
msgid ""
13389
13432
"\n"
13401
13444
" objectClass: top\n"
13402
13445
msgstr ""
13403
13446
13404
#: serverguide/C/network-auth.xml:107(para)
13447
#: serverguide/C/network-auth.xml:128(para)
13405
13448
msgid ""
13406
13449
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13407
13450
"Interchange Format). Any information that you feed into your DIT must also "
13409
13452
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13410
13453
msgstr ""
13411
13454
13412
#: serverguide/C/network-auth.xml:112(para)
13455
#: serverguide/C/network-auth.xml:133(para)
13413
13456
msgid ""
13414
13457
"Although this guide will describe how to use it for central authentication, "
13415
13458
"LDAP is good for anything that involves a large number of access requests to "
13417
13460
"address book, a list of email addresses, and a mail server's configuration."
13418
13461
msgstr ""
13419
13462
13420
#: serverguide/C/network-auth.xml:121(para)
13463
#: serverguide/C/network-auth.xml:142(para)
13421
13464
msgid ""
13422
13465
"Install the OpenLDAP server daemon and the traditional LDAP management "
13423
13466
"utilities. These are found in packages <application>slapd</application> and "
13424
13467
"<application>ldap-utils</application> respectively."
13425
13468
msgstr ""
13426
13469
13427
#: serverguide/C/network-auth.xml:126(para)
13470
#: serverguide/C/network-auth.xml:147(para)
13428
13471
msgid ""
13429
13472
"The installation of slapd will create a working configuration. In "
13430
13473
"particular, it will create a database instance that you can use to store "
13436
13479
"a line similar to this:"
13437
13480
msgstr ""
13438
13481
13439
#: serverguide/C/network-auth.xml:134(programlisting)
13482
#: serverguide/C/network-auth.xml:155(programlisting)
13440
13483
#, no-wrap
13441
13484
msgid ""
13442
13485
"\n"
13443
13486
"127.0.1.1 hostname.example.com\thostname\n"
13444
13487
msgstr ""
13445
13488
13446
#: serverguide/C/network-auth.xml:138(para)
13489
#: serverguide/C/network-auth.xml:159(para)
13447
13490
msgid "You can revert the change after package installation."
13448
13491
msgstr ""
13449
13492
13450
#: serverguide/C/network-auth.xml:143(para)
13493
#: serverguide/C/network-auth.xml:164(para)
13451
13494
msgid ""
13452
13495
"This guide will use a database suffix of "
13453
13496
"<emphasis>dc=example,dc=com</emphasis>."
13454
13497
msgstr ""
13455
13498
13456
#: serverguide/C/network-auth.xml:148(para)
13499
#: serverguide/C/network-auth.xml:169(para)
13457
13500
msgid "Proceed with the install:"
13458
13501
msgstr ""
13459
13502
13460
#: serverguide/C/network-auth.xml:153(command)
13503
#: serverguide/C/network-auth.xml:174(command)
13461
13504
msgid "sudo apt-get install slapd ldap-utils"
13462
13505
msgstr ""
13463
13506
13464
#: serverguide/C/network-auth.xml:156(para)
13507
#: serverguide/C/network-auth.xml:177(para)
13465
13508
msgid ""
13466
13509
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13467
13510
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13474
13517
"will be eventually phased out."
13475
13518
msgstr ""
13476
13519
13477
#: serverguide/C/network-auth.xml:165(para)
13520
#: serverguide/C/network-auth.xml:186(para)
13478
13521
msgid ""
13479
13522
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13480
13523
"configuration and this guide reflects that."
13481
13524
msgstr ""
13482
13525
13483
#: serverguide/C/network-auth.xml:171(para)
13526
#: serverguide/C/network-auth.xml:192(para)
13484
13527
msgid ""
13485
13528
"During the install you were prompted to define administrative credentials. "
13486
13529
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13491
13534
"will see how to do this later on."
13492
13535
msgstr ""
13493
13536
13494
#: serverguide/C/network-auth.xml:178(para)
13537
#: serverguide/C/network-auth.xml:199(para)
13495
13538
msgid ""
13496
13539
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13497
13540
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13498
13541
"schema to work."
13499
13542
msgstr ""
13500
13543
13501
#: serverguide/C/network-auth.xml:186(title)
13544
#: serverguide/C/network-auth.xml:207(title)
13502
13545
msgid "Post-install Inspection"
13503
13546
msgstr ""
13504
13547
13505
#: serverguide/C/network-auth.xml:188(para)
13548
#: serverguide/C/network-auth.xml:209(para)
13506
13549
msgid ""
13507
13550
"The installation process set up 2 DITs. One for slapd-config and one for "
13508
13551
"your own data (dc=example,dc=com). Let's take a look."
13509
13552
msgstr ""
13510
13553
13511
#: serverguide/C/network-auth.xml:195(para)
13554
#: serverguide/C/network-auth.xml:216(para)
13512
13555
msgid ""
13513
13556
"This is what the slapd-config database/DIT looks like. Recall that this "
13514
13557
"database is LDIF-based and lives under "
13515
13558
"<filename>/etc/ldap/slapd.d</filename>:"
13516
13559
msgstr ""
13517
13560
13518
#: serverguide/C/network-auth.xml:201(computeroutput)
13561
#: serverguide/C/network-auth.xml:222(computeroutput)
13519
13562
#, no-wrap
13520
13563
msgid ""
13521
13564
"\n"
13535
13578
" /etc/ldap/slapd.d/cn=config.ldif\n"
13536
13579
msgstr ""
13537
13580
13538
#: serverguide/C/network-auth.xml:220(para)
13581
#: serverguide/C/network-auth.xml:242(para)
13539
13582
msgid ""
13540
13583
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13541
13584
"protocol (utilities)."
13542
13585
msgstr ""
13543
13586
13544
#: serverguide/C/network-auth.xml:228(para)
13587
#: serverguide/C/network-auth.xml:250(para)
13545
13588
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13546
13589
msgstr ""
13547
13590
13548
#: serverguide/C/network-auth.xml:233(command)
13591
#: serverguide/C/network-auth.xml:254(para)
13592
msgid ""
13593
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13594
"work due to a <ulink "
13595
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1392018\">bug</"
13596
"ulink>"
13597
msgstr ""
13598
13599
#: serverguide/C/network-auth.xml:255(command)
13549
13600
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13550
13601
msgstr ""
13551
13602
13552
#: serverguide/C/network-auth.xml:234(computeroutput)
13603
#: serverguide/C/network-auth.xml:256(computeroutput)
13553
13604
#, no-wrap
13554
13605
msgid ""
13555
13606
"\n"
13576
13627
"dn: olcDatabase={1}hdb,cn=config\n"
13577
13628
msgstr ""
13578
13629
13579
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
13630
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13580
13631
msgid "Explanation of entries:"
13581
13632
msgstr ""
13582
13633
13583
#: serverguide/C/network-auth.xml:266(para)
13634
#: serverguide/C/network-auth.xml:288(para)
13584
13635
msgid "<emphasis>cn=config</emphasis>: global settings"
13585
13636
msgstr ""
13586
13637
13587
#: serverguide/C/network-auth.xml:272(para)
13638
#: serverguide/C/network-auth.xml:294(para)
13588
13639
msgid ""
13589
13640
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13590
13641
msgstr ""
13591
13642
13592
#: serverguide/C/network-auth.xml:278(para)
13643
#: serverguide/C/network-auth.xml:300(para)
13593
13644
msgid ""
13594
13645
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13595
13646
"schema"
13596
13647
msgstr ""
13597
13648
13598
#: serverguide/C/network-auth.xml:284(para)
13649
#: serverguide/C/network-auth.xml:306(para)
13599
13650
msgid ""
13600
13651
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13601
13652
"schema"
13602
13653
msgstr ""
13603
13654
13604
#: serverguide/C/network-auth.xml:290(para)
13655
#: serverguide/C/network-auth.xml:312(para)
13605
13656
msgid ""
13606
13657
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13607
13658
msgstr ""
13608
13659
13609
#: serverguide/C/network-auth.xml:296(para)
13660
#: serverguide/C/network-auth.xml:318(para)
13610
13661
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13611
13662
msgstr ""
13612
13663
13613
#: serverguide/C/network-auth.xml:302(para)
13664
#: serverguide/C/network-auth.xml:324(para)
13614
13665
msgid ""
13615
13666
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13616
13667
"inetorgperson schema"
13617
13668
msgstr ""
13618
13669
13619
#: serverguide/C/network-auth.xml:308(para)
13670
#: serverguide/C/network-auth.xml:330(para)
13620
13671
msgid ""
13621
13672
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13622
13673
"type"
13623
13674
msgstr ""
13624
13675
13625
#: serverguide/C/network-auth.xml:314(para)
13676
#: serverguide/C/network-auth.xml:336(para)
13626
13677
msgid ""
13627
13678
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13628
13679
"default settings for other databases"
13629
13680
msgstr ""
13630
13681
13631
#: serverguide/C/network-auth.xml:320(para)
13682
#: serverguide/C/network-auth.xml:342(para)
13632
13683
msgid ""
13633
13684
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13634
13685
"database (cn=config)"
13635
13686
msgstr ""
13636
13687
13637
#: serverguide/C/network-auth.xml:326(para)
13688
#: serverguide/C/network-auth.xml:348(para)
13638
13689
msgid ""
13639
13690
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13640
13691
"(dc=examle,dc=com)"
13641
13692
msgstr ""
13642
13693
13643
#: serverguide/C/network-auth.xml:337(para)
13694
#: serverguide/C/network-auth.xml:359(para)
13644
13695
msgid "This is what the dc=example,dc=com DIT looks like:"
13645
13696
msgstr ""
13646
13697
13647
#: serverguide/C/network-auth.xml:342(command)
13698
#: serverguide/C/network-auth.xml:364(command)
13648
13699
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13649
13700
msgstr ""
13650
13701
13651
#: serverguide/C/network-auth.xml:343(computeroutput)
13702
#: serverguide/C/network-auth.xml:365(computeroutput)
13652
13703
#, no-wrap
13653
13704
msgid ""
13654
13705
"\n"
13657
13708
"dn: cn=admin,dc=example,dc=com\n"
13658
13709
msgstr ""
13659
13710
13660
#: serverguide/C/network-auth.xml:357(para)
13711
#: serverguide/C/network-auth.xml:379(para)
13661
13712
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13662
13713
msgstr ""
13663
13714
13664
#: serverguide/C/network-auth.xml:363(para)
13715
#: serverguide/C/network-auth.xml:385(para)
13665
13716
msgid ""
13666
13717
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13667
13718
"this DIT (set up during package install)"
13668
13719
msgstr ""
13669
13720
13670
#: serverguide/C/network-auth.xml:377(title)
13721
#: serverguide/C/network-auth.xml:399(title)
13671
13722
msgid "Modifying/Populating your Database"
13672
13723
msgstr ""
13673
13724
13674
#: serverguide/C/network-auth.xml:379(para)
13725
#: serverguide/C/network-auth.xml:401(para)
13675
13726
msgid ""
13676
13727
"Let's introduce some content to our database. We will add the following:"
13677
13728
msgstr ""
13678
13729
13679
#: serverguide/C/network-auth.xml:386(para)
13730
#: serverguide/C/network-auth.xml:408(para)
13680
13731
msgid "a node called <emphasis>People</emphasis> (to store users)"
13681
13732
msgstr ""
13682
13733
13683
#: serverguide/C/network-auth.xml:392(para)
13734
#: serverguide/C/network-auth.xml:414(para)
13684
13735
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13685
13736
msgstr ""
13686
13737
13687
#: serverguide/C/network-auth.xml:398(para)
13738
#: serverguide/C/network-auth.xml:420(para)
13688
13739
msgid "a group called <emphasis>miners</emphasis>"
13689
13740
msgstr ""
13690
13741
13691
#: serverguide/C/network-auth.xml:404(para)
13742
#: serverguide/C/network-auth.xml:426(para)
13692
13743
msgid "a user called <emphasis>john</emphasis>"
13693
13744
msgstr ""
13694
13745
13695
#: serverguide/C/network-auth.xml:411(para)
13746
#: serverguide/C/network-auth.xml:433(para)
13696
13747
msgid ""
13697
13748
"Create the following LDIF file and call it "
13698
13749
"<filename>add_content.ldif</filename>:"
13699
13750
msgstr ""
13700
13751
13701
#: serverguide/C/network-auth.xml:415(programlisting)
13752
#: serverguide/C/network-auth.xml:437(programlisting)
13702
13753
#, no-wrap
13703
13754
msgid ""
13704
13755
"\n"
13732
13783
"homeDirectory: /home/john\n"
13733
13784
msgstr ""
13734
13785
13735
#: serverguide/C/network-auth.xml:447(para)
13786
#: serverguide/C/network-auth.xml:469(para)
13736
13787
msgid ""
13737
13788
"It's important that uid and gid values in your directory do not collide with "
13738
13789
"local values. Use high number ranges, such as starting at 5000. By setting "
13740
13791
"what can be done with a local user vs a ldap one. More on that later."
13741
13792
msgstr ""
13742
13793
13743
#: serverguide/C/network-auth.xml:455(para)
13794
#: serverguide/C/network-auth.xml:477(para)
13744
13795
msgid "Add the content:"
13745
13796
msgstr ""
13746
13797
13747
#: serverguide/C/network-auth.xml:460(command)
13798
#: serverguide/C/network-auth.xml:482(command)
13748
13799
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
13749
13800
msgstr ""
13750
13801
13751
#: serverguide/C/network-auth.xml:462(application)
13802
#: serverguide/C/network-auth.xml:484(application)
13752
13803
msgid "********"
13753
13804
msgstr ""
13754
13805
13755
#: serverguide/C/network-auth.xml:461(computeroutput)
13806
#: serverguide/C/network-auth.xml:483(computeroutput)
13756
13807
#, no-wrap
13757
13808
msgid ""
13758
13809
"\n"
13766
13817
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
13767
13818
msgstr ""
13768
13819
13769
#: serverguide/C/network-auth.xml:473(para)
13820
#: serverguide/C/network-auth.xml:495(para)
13770
13821
msgid ""
13771
13822
"We can check that the information has been correctly added with the "
13772
13823
"<application>ldapsearch</application> utility:"
13773
13824
msgstr ""
13774
13825
13775
#: serverguide/C/network-auth.xml:478(command)
13826
#: serverguide/C/network-auth.xml:500(command)
13776
13827
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
13777
13828
msgstr ""
13778
13829
13779
#: serverguide/C/network-auth.xml:479(computeroutput)
13830
#: serverguide/C/network-auth.xml:501(computeroutput)
13780
13831
#, no-wrap
13781
13832
msgid ""
13782
13833
"\n"
13785
13836
"gidNumber: 5000\n"
13786
13837
msgstr ""
13787
13838
13788
#: serverguide/C/network-auth.xml:486(para)
13839
#: serverguide/C/network-auth.xml:508(para)
13789
13840
msgid "Explanation of switches:"
13790
13841
msgstr ""
13791
13842
13792
#: serverguide/C/network-auth.xml:493(para)
13843
#: serverguide/C/network-auth.xml:515(para)
13793
13844
msgid ""
13794
13845
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
13795
13846
"method"
13796
13847
msgstr ""
13797
13848
13798
#: serverguide/C/network-auth.xml:499(para)
13849
#: serverguide/C/network-auth.xml:521(para)
13799
13850
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
13800
13851
msgstr ""
13801
13852
13802
#: serverguide/C/network-auth.xml:505(para)
13853
#: serverguide/C/network-auth.xml:527(para)
13803
13854
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
13804
13855
msgstr ""
13805
13856
13806
#: serverguide/C/network-auth.xml:511(para)
13857
#: serverguide/C/network-auth.xml:533(para)
13807
13858
msgid ""
13808
13859
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
13809
13860
"displayed (the default is to show all attributes)"
13810
13861
msgstr ""
13811
13862
13812
#: serverguide/C/network-auth.xml:521(title)
13863
#: serverguide/C/network-auth.xml:543(title)
13813
13864
msgid "Modifying the slapd Configuration Database"
13814
13865
msgstr ""
13815
13866
13816
#: serverguide/C/network-auth.xml:523(para)
13867
#: serverguide/C/network-auth.xml:545(para)
13817
13868
msgid ""
13818
13869
"The slapd-config DIT can also be queried and modified. Here are a few "
13819
13870
"examples."
13820
13871
msgstr ""
13821
13872
13822
#: serverguide/C/network-auth.xml:530(para)
13873
#: serverguide/C/network-auth.xml:552(para)
13823
13874
msgid ""
13824
13875
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
13825
13876
"attribute) to your <application>{1}hdb,cn=config</application> database "
13827
13878
"<filename>uid_index.ldif</filename>, with the following contents:"
13828
13879
msgstr ""
13829
13880
13830
#: serverguide/C/network-auth.xml:535(programlisting)
13881
#: serverguide/C/network-auth.xml:557(programlisting)
13831
13882
#, no-wrap
13832
13883
msgid ""
13833
13884
"\n"
13836
13887
"olcDbIndex: uid eq,pres,sub\n"
13837
13888
msgstr ""
13838
13889
13839
#: serverguide/C/network-auth.xml:541(para)
13890
#: serverguide/C/network-auth.xml:563(para)
13840
13891
msgid "Then issue the command:"
13841
13892
msgstr ""
13842
13893
13843
#: serverguide/C/network-auth.xml:546(command)
13894
#: serverguide/C/network-auth.xml:568(command)
13844
13895
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13845
13896
msgstr ""
13846
13897
13847
#: serverguide/C/network-auth.xml:547(computeroutput)
13898
#: serverguide/C/network-auth.xml:569(computeroutput)
13848
13899
#, no-wrap
13849
13900
msgid ""
13850
13901
"\n"
13851
13902
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13852
13903
msgstr ""
13853
13904
13854
#: serverguide/C/network-auth.xml:552(para)
13905
#: serverguide/C/network-auth.xml:574(para)
13855
13906
msgid "You can confirm the change in this way:"
13856
13907
msgstr ""
13857
13908
13858
#: serverguide/C/network-auth.xml:557(command)
13909
#: serverguide/C/network-auth.xml:579(command)
13859
13910
msgid ""
13860
13911
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
13861
13912
"'(olcDatabase={1}hdb)' olcDbIndex"
13862
13913
msgstr ""
13863
13914
13864
#: serverguide/C/network-auth.xml:559(computeroutput)
13915
#: serverguide/C/network-auth.xml:581(computeroutput)
13865
13916
#, no-wrap
13866
13917
msgid ""
13867
13918
"\n"
13870
13921
"olcDbIndex: uid eq,pres,sub\n"
13871
13922
msgstr ""
13872
13923
13873
#: serverguide/C/network-auth.xml:569(para)
13924
#: serverguide/C/network-auth.xml:591(para)
13874
13925
msgid ""
13875
13926
"Let's add a schema. It will first need to be converted to LDIF format. You "
13876
13927
"can find unconverted schemas in addition to converted ones in the <filename "
13877
13928
"role=\"directory\">/etc/ldap/schema</filename> directory."
13878
13929
msgstr ""
13879
13930
13880
#: serverguide/C/network-auth.xml:577(para)
13931
#: serverguide/C/network-auth.xml:599(para)
13881
13932
msgid ""
13882
13933
"It is not trivial to remove a schema from the slapd-config database. "
13883
13934
"Practice adding schemas on a test system."
13884
13935
msgstr ""
13885
13936
13886
#: serverguide/C/network-auth.xml:583(para)
13937
#: serverguide/C/network-auth.xml:605(para)
13887
13938
msgid ""
13888
13939
"Before adding any schema, you should check which schemas are already "
13889
13940
"installed (shown is a default, out-of-the-box output):"
13890
13941
msgstr ""
13891
13942
13892
#: serverguide/C/network-auth.xml:589(command)
13943
#: serverguide/C/network-auth.xml:611(command)
13893
13944
msgid ""
13894
13945
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
13895
13946
msgstr ""
13896
13947
13897
#: serverguide/C/network-auth.xml:591(computeroutput)
13948
#: serverguide/C/network-auth.xml:613(computeroutput)
13898
13949
#, no-wrap
13899
13950
msgid ""
13900
13951
"\n"
13909
13960
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13910
13961
msgstr ""
13911
13962
13912
#: serverguide/C/network-auth.xml:608(para)
13963
#: serverguide/C/network-auth.xml:630(para)
13913
13964
msgid "In the following example we'll add the CORBA schema."
13914
13965
msgstr ""
13915
13966
13916
#: serverguide/C/network-auth.xml:615(para)
13967
#: serverguide/C/network-auth.xml:637(para)
13917
13968
msgid ""
13918
13969
"Create the conversion configuration file "
13919
13970
"<filename>schema_convert.conf</filename> containing the following lines:"
13920
13971
msgstr ""
13921
13972
13922
#: serverguide/C/network-auth.xml:620(programlisting)
13973
#: serverguide/C/network-auth.xml:642(programlisting)
13923
13974
#, no-wrap
13924
13975
msgid ""
13925
13976
"\n"
13939
13990
"include /etc/ldap/schema/pmi.schema\n"
13940
13991
msgstr ""
13941
13992
13942
#: serverguide/C/network-auth.xml:640(para)
13993
#: serverguide/C/network-auth.xml:662(para)
13943
13994
msgid "Create the output directory <filename>ldif_output</filename>."
13944
13995
msgstr ""
13945
13996
13946
#: serverguide/C/network-auth.xml:646(para) serverguide/C/network-auth.xml:2296(para)
13997
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
13947
13998
msgid "Determine the index of the schema:"
13948
13999
msgstr ""
13949
14000
13950
#: serverguide/C/network-auth.xml:651(command)
14001
#: serverguide/C/network-auth.xml:673(command)
13951
14002
msgid ""
13952
14003
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
13953
14004
msgstr ""
13954
14005
13955
#: serverguide/C/network-auth.xml:652(computeroutput)
14006
#: serverguide/C/network-auth.xml:674(computeroutput)
13956
14007
#, no-wrap
13957
14008
msgid ""
13958
14009
"\n"
13959
14010
"cn={1}corba,cn=schema,cn=config\n"
13960
14011
msgstr ""
13961
14012
13962
#: serverguide/C/network-auth.xml:658(para)
14013
#: serverguide/C/network-auth.xml:685(para)
13963
14014
msgid ""
13964
14015
"When slapd ingests objects with the same parent DN it will create an "
13965
14016
"<emphasis>index</emphasis> for that object. An index is contained within "
13966
14017
"braces: <application>{X}</application>."
13967
14018
msgstr ""
13968
14019
13969
#: serverguide/C/network-auth.xml:667(para)
14020
#: serverguide/C/network-auth.xml:689(para)
13970
14021
msgid "Use <application>slapcat</application> to perform the conversion:"
13971
14022
msgstr ""
13972
14023
13973
#: serverguide/C/network-auth.xml:672(command)
14024
#: serverguide/C/network-auth.xml:694(command)
13974
14025
msgid ""
13975
14026
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
13976
14027
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
13977
14028
msgstr ""
13978
14029
13979
#: serverguide/C/network-auth.xml:676(para)
14030
#: serverguide/C/network-auth.xml:698(para)
13980
14031
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
13981
14032
msgstr ""
13982
14033
13983
#: serverguide/C/network-auth.xml:682(para)
14034
#: serverguide/C/network-auth.xml:704(para)
13984
14035
msgid ""
13985
14036
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
13986
14037
"attributes:"
13987
14038
msgstr ""
13988
14039
13989
#: serverguide/C/network-auth.xml:686(programlisting)
14040
#: serverguide/C/network-auth.xml:708(programlisting)
13990
14041
#, no-wrap
13991
14042
msgid ""
13992
14043
"\n"
13995
14046
"cn: corba\n"
13996
14047
msgstr ""
13997
14048
13998
#: serverguide/C/network-auth.xml:692(para)
14049
#: serverguide/C/network-auth.xml:714(para)
13999
14050
msgid "Also remove the following lines from the bottom:"
14000
14051
msgstr ""
14001
14052
14002
#: serverguide/C/network-auth.xml:696(programlisting)
14053
#: serverguide/C/network-auth.xml:718(programlisting)
14003
14054
#, no-wrap
14004
14055
msgid ""
14005
14056
"\n"
14012
14063
"modifyTimestamp: 20110829165435Z\n"
14013
14064
msgstr ""
14014
14065
14015
#: serverguide/C/network-auth.xml:706(para) serverguide/C/network-auth.xml:2346(para)
14066
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14016
14067
msgid "Your attribute values will vary."
14017
14068
msgstr ""
14018
14069
14019
#: serverguide/C/network-auth.xml:712(para)
14070
#: serverguide/C/network-auth.xml:734(para)
14020
14071
msgid ""
14021
14072
"Finally, use <application>ldapadd</application> to add the new schema to the "
14022
14073
"slapd-config DIT:"
14023
14074
msgstr ""
14024
14075
14025
#: serverguide/C/network-auth.xml:717(command)
14076
#: serverguide/C/network-auth.xml:739(command)
14026
14077
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14027
14078
msgstr ""
14028
14079
14029
#: serverguide/C/network-auth.xml:718(computeroutput)
14080
#: serverguide/C/network-auth.xml:740(computeroutput)
14030
14081
#, no-wrap
14031
14082
msgid ""
14032
14083
"\n"
14033
14084
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14034
14085
msgstr ""
14035
14086
14036
#: serverguide/C/network-auth.xml:726(para)
14087
#: serverguide/C/network-auth.xml:748(para)
14037
14088
msgid "Confirm currently loaded schemas:"
14038
14089
msgstr ""
14039
14090
14040
#: serverguide/C/network-auth.xml:731(command)
14091
#: serverguide/C/network-auth.xml:753(command)
14041
14092
msgid ""
14042
14093
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14043
14094
msgstr ""
14044
14095
14045
#: serverguide/C/network-auth.xml:732(computeroutput)
14096
#: serverguide/C/network-auth.xml:754(computeroutput)
14046
14097
#, no-wrap
14047
14098
msgid ""
14048
14099
"\n"
14059
14110
"dn: cn={4}corba,cn=schema,cn=config\n"
14060
14111
msgstr ""
14061
14112
14062
#: serverguide/C/network-auth.xml:756(para)
14113
#: serverguide/C/network-auth.xml:778(para)
14063
14114
msgid ""
14064
14115
"For external applications and clients to authenticate using LDAP they will "
14065
14116
"each need to be specifically configured to do so. Refer to the appropriate "
14066
14117
"client-side documentation for details."
14067
14118
msgstr ""
14068
14119
14069
#: serverguide/C/network-auth.xml:767(para)
14120
#: serverguide/C/network-auth.xml:789(para)
14070
14121
msgid ""
14071
14122
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14072
14123
"based solution yet it must be manually enabled after software installation. "
14074
14125
"any other slapd configuration, is enabled via the slapd-config database."
14075
14126
msgstr ""
14076
14127
14077
#: serverguide/C/network-auth.xml:773(para)
14128
#: serverguide/C/network-auth.xml:795(para)
14078
14129
msgid ""
14079
14130
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14080
14131
"containing the lower one (additive). A good level to try is "
14084
14135
"different subsystems."
14085
14136
msgstr ""
14086
14137
14087
#: serverguide/C/network-auth.xml:779(para)
14138
#: serverguide/C/network-auth.xml:801(para)
14088
14139
msgid ""
14089
14140
"Create the file <filename>logging.ldif</filename> with the following "
14090
14141
"contents:"
14091
14142
msgstr ""
14092
14143
14093
#: serverguide/C/network-auth.xml:783(programlisting)
14144
#: serverguide/C/network-auth.xml:805(programlisting)
14094
14145
#, no-wrap
14095
14146
msgid ""
14096
14147
"\n"
14097
14148
"dn: cn=config\n"
14098
14149
"changetype: modify\n"
14099
"add: olcLogLevel\n"
14150
"replace: olcLogLevel\n"
14100
14151
"olcLogLevel: stats\n"
14101
14152
msgstr ""
14102
14153
14103
#: serverguide/C/network-auth.xml:790(para)
14154
#: serverguide/C/network-auth.xml:812(para)
14104
14155
msgid "Implement the change:"
14105
14156
msgstr ""
14106
14157
14107
#: serverguide/C/network-auth.xml:795(command)
14158
#: serverguide/C/network-auth.xml:817(command)
14108
14159
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14109
14160
msgstr ""
14110
14161
14111
#: serverguide/C/network-auth.xml:798(para)
14162
#: serverguide/C/network-auth.xml:820(para)
14112
14163
msgid ""
14113
14164
"This will produce a significant amount of logging and you will want to "
14114
14165
"throttle back to a less verbose level once your system is in production. "
14116
14167
"hard time keeping up and may drop messages:"
14117
14168
msgstr ""
14118
14169
14119
#: serverguide/C/network-auth.xml:804(programlisting)
14170
#: serverguide/C/network-auth.xml:826(programlisting)
14120
14171
#, no-wrap
14121
14172
msgid ""
14122
14173
"\n"
14124
14175
"limiting\n"
14125
14176
msgstr ""
14126
14177
14127
#: serverguide/C/network-auth.xml:808(para)
14178
#: serverguide/C/network-auth.xml:830(para)
14128
14179
msgid ""
14129
14180
"You may consider a change to rsyslog's configuration. In "
14130
14181
"<filename>/etc/rsyslog.conf</filename>, put:"
14131
14182
msgstr ""
14132
14183
14133
#: serverguide/C/network-auth.xml:812(programlisting)
14184
#: serverguide/C/network-auth.xml:834(programlisting)
14134
14185
#, no-wrap
14135
14186
msgid ""
14136
14187
"\n"
14139
14190
"$SystemLogRateLimitInterval 0\n"
14140
14191
msgstr ""
14141
14192
14142
#: serverguide/C/network-auth.xml:818(para)
14193
#: serverguide/C/network-auth.xml:840(para)
14143
14194
msgid "And then restart the rsyslog daemon:"
14144
14195
msgstr ""
14145
14196
14146
#: serverguide/C/network-auth.xml:823(command)
14197
#: serverguide/C/network-auth.xml:845(command)
14147
14198
msgid "sudo service rsyslog restart"
14148
14199
msgstr ""
14149
14200
14150
#: serverguide/C/network-auth.xml:829(title)
14201
#: serverguide/C/network-auth.xml:851(title)
14151
14202
msgid "Replication"
14152
14203
msgstr ""
14153
14204
14154
#: serverguide/C/network-auth.xml:831(para)
14205
#: serverguide/C/network-auth.xml:853(para)
14155
14206
msgid ""
14156
14207
"The LDAP service becomes increasingly important as more networked systems "
14157
14208
"begin to depend on it. In such an environment, it is standard practice to "
14160
14211
"replication</emphasis>."
14161
14212
msgstr ""
14162
14213
14163
#: serverguide/C/network-auth.xml:837(para)
14214
#: serverguide/C/network-auth.xml:859(para)
14164
14215
msgid ""
14165
14216
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14166
14217
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14172
14223
"be sent, not entire entries."
14173
14224
msgstr ""
14174
14225
14175
#: serverguide/C/network-auth.xml:846(title)
14226
#: serverguide/C/network-auth.xml:868(title)
14176
14227
msgid "Provider Configuration"
14177
14228
msgstr ""
14178
14229
14179
#: serverguide/C/network-auth.xml:848(para)
14230
#: serverguide/C/network-auth.xml:870(para)
14180
14231
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14181
14232
msgstr ""
14182
14233
14183
#: serverguide/C/network-auth.xml:855(para)
14234
#: serverguide/C/network-auth.xml:877(para)
14184
14235
msgid ""
14185
14236
"Create an LDIF file with the following contents and name it "
14186
14237
"<filename>provider_sync.ldif</filename>:"
14187
14238
msgstr ""
14188
14239
14189
#: serverguide/C/network-auth.xml:859(programlisting)
14240
#: serverguide/C/network-auth.xml:881(programlisting)
14190
14241
#, no-wrap
14191
14242
msgid ""
14192
14243
"\n"
14248
14299
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14249
14300
msgstr ""
14250
14301
14251
#: serverguide/C/network-auth.xml:918(para)
14302
#: serverguide/C/network-auth.xml:940(para)
14252
14303
msgid ""
14253
14304
"Change the rootDN in the LDIF file to match the one you have for your "
14254
14305
"directory."
14255
14306
msgstr ""
14256
14307
14257
#: serverguide/C/network-auth.xml:925(para)
14308
#: serverguide/C/network-auth.xml:947(para)
14258
14309
msgid ""
14259
"The <application>apparmor</application> profile for slapd will need to be "
14260
"adjusted for the accesslog database location. Edit "
14261
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
14262
"following:"
14310
"The <application>apparmor</application> profile for slapd will not need to "
14311
"be adjusted for the accesslog database location since "
14312
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14263
14313
msgstr ""
14264
14314
14265
#: serverguide/C/network-auth.xml:931(programlisting)
14315
#: serverguide/C/network-auth.xml:952(programlisting)
14266
14316
#, no-wrap
14267
14317
msgid ""
14268
14318
"\n"
14269
"/var/lib/ldap/accesslog/ r,\n"
14270
"/var/lib/ldap/accesslog/** rwk,\n"
14319
"/var/lib/ldap/ r,\n"
14320
"/var/lib/ldap/** rwk,\n"
14271
14321
msgstr ""
14272
14322
14273
#: serverguide/C/network-auth.xml:936(para)
14323
#: serverguide/C/network-auth.xml:957(para)
14274
14324
msgid ""
14275
14325
"Create a directory, set up a databse config file, and reload the apparmor "
14276
14326
"profile:"
14277
14327
msgstr ""
14278
14328
14279
#: serverguide/C/network-auth.xml:941(command)
14329
#: serverguide/C/network-auth.xml:962(command)
14280
14330
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14281
14331
msgstr ""
14282
14332
14283
#: serverguide/C/network-auth.xml:942(command)
14333
#: serverguide/C/network-auth.xml:963(command)
14284
14334
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14285
14335
msgstr ""
14286
14336
14287
#: serverguide/C/network-auth.xml:949(para)
14337
#: serverguide/C/network-auth.xml:970(para)
14288
14338
msgid ""
14289
14339
"Add the new content and, due to the apparmor change, restart the daemon:"
14290
14340
msgstr ""
14291
14341
14292
#: serverguide/C/network-auth.xml:954(command)
14342
#: serverguide/C/network-auth.xml:975(command)
14293
14343
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14294
14344
msgstr ""
14295
14345
14296
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
14346
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14297
14347
msgid "sudo service slapd restart"
14298
14348
msgstr ""
14299
14349
14300
#: serverguide/C/network-auth.xml:962(para)
14350
#: serverguide/C/network-auth.xml:983(para)
14301
14351
msgid "The Provider is now configured."
14302
14352
msgstr ""
14303
14353
14304
#: serverguide/C/network-auth.xml:969(title)
14354
#: serverguide/C/network-auth.xml:990(title)
14305
14355
msgid "Consumer Configuration"
14306
14356
msgstr ""
14307
14357
14308
#: serverguide/C/network-auth.xml:971(para)
14358
#: serverguide/C/network-auth.xml:992(para)
14309
14359
msgid "And now configure the <emphasis>Consumer</emphasis>."
14310
14360
msgstr ""
14311
14361
14312
#: serverguide/C/network-auth.xml:978(para)
14362
#: serverguide/C/network-auth.xml:999(para)
14313
14363
msgid ""
14314
14364
"Install the software by going through <xref linkend=\"openldap-server-"
14315
14365
"installation\"/>. Make sure the slapd-config databse is identical to the "
14317
14367
"same."
14318
14368
msgstr ""
14319
14369
14320
#: serverguide/C/network-auth.xml:985(para)
14370
#: serverguide/C/network-auth.xml:1006(para)
14321
14371
msgid ""
14322
14372
"Create an LDIF file with the following contents and name it "
14323
14373
"<filename>consumer_sync.ldif</filename>:"
14324
14374
msgstr ""
14325
14375
14326
#: serverguide/C/network-auth.xml:989(programlisting)
14376
#: serverguide/C/network-auth.xml:1010(programlisting)
14327
14377
#, no-wrap
14328
14378
msgid ""
14329
14379
"\n"
14350
14400
"olcUpdateRef: ldap://ldap01.example.com\n"
14351
14401
msgstr ""
14352
14402
14353
#: serverguide/C/network-auth.xml:1010(para)
14403
#: serverguide/C/network-auth.xml:1031(para)
14354
14404
msgid "Ensure the following attributes have the correct values:"
14355
14405
msgstr ""
14356
14406
14357
#: serverguide/C/network-auth.xml:1015(para)
14407
#: serverguide/C/network-auth.xml:1036(para)
14358
14408
msgid ""
14359
14409
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14360
14410
"ldap01.example.com in this example -- or IP address)"
14361
14411
msgstr ""
14362
14412
14363
#: serverguide/C/network-auth.xml:1016(para)
14413
#: serverguide/C/network-auth.xml:1037(para)
14364
14414
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14365
14415
msgstr ""
14366
14416
14367
#: serverguide/C/network-auth.xml:1017(para)
14417
#: serverguide/C/network-auth.xml:1038(para)
14368
14418
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14369
14419
msgstr ""
14370
14420
14371
#: serverguide/C/network-auth.xml:1018(para)
14421
#: serverguide/C/network-auth.xml:1039(para)
14372
14422
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14373
14423
msgstr ""
14374
14424
14375
#: serverguide/C/network-auth.xml:1019(para)
14425
#: serverguide/C/network-auth.xml:1040(para)
14376
14426
msgid ""
14377
14427
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14378
14428
msgstr ""
14379
14429
14380
#: serverguide/C/network-auth.xml:1020(para)
14430
#: serverguide/C/network-auth.xml:1041(para)
14381
14431
msgid ""
14382
14432
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14383
14433
"replica. Each consumer should have at least one rid)"
14384
14434
msgstr ""
14385
14435
14386
#: serverguide/C/network-auth.xml:1029(para)
14436
#: serverguide/C/network-auth.xml:1050(para)
14387
14437
msgid "Add the new content:"
14388
14438
msgstr ""
14389
14439
14390
#: serverguide/C/network-auth.xml:1034(command)
14440
#: serverguide/C/network-auth.xml:1055(command)
14391
14441
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14392
14442
msgstr ""
14393
14443
14394
#: serverguide/C/network-auth.xml:1041(para)
14444
#: serverguide/C/network-auth.xml:1062(para)
14395
14445
msgid ""
14396
14446
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14397
14447
"synchronizing."
14398
14448
msgstr ""
14399
14449
14400
#: serverguide/C/network-auth.xml:1050(para)
14450
#: serverguide/C/network-auth.xml:1071(para)
14401
14451
msgid "Once replication starts, you can monitor it by running"
14402
14452
msgstr ""
14403
14453
14404
#: serverguide/C/network-auth.xml:1055(command)
14454
#: serverguide/C/network-auth.xml:1081(command)
14405
14455
msgid ""
14406
14456
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14407
14457
"contextCSN"
14408
14458
msgstr ""
14409
14459
14410
#: serverguide/C/network-auth.xml:1056(computeroutput)
14460
#: serverguide/C/network-auth.xml:1077(computeroutput)
14411
14461
#, no-wrap
14412
14462
msgid ""
14413
14463
"\n"
14415
14465
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14416
14466
msgstr ""
14417
14467
14418
#: serverguide/C/network-auth.xml:1062(para)
14468
#: serverguide/C/network-auth.xml:1083(para)
14419
14469
msgid ""
14420
14470
"on both the provider and the consumer. Once the output "
14421
14471
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14424
14474
"the one in the consumer(s)."
14425
14475
msgstr ""
14426
14476
14427
#: serverguide/C/network-auth.xml:1071(para)
14477
#: serverguide/C/network-auth.xml:1092(para)
14428
14478
msgid ""
14429
14479
"If your connection is slow and/or your ldap database large, it might take a "
14430
14480
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14432
14482
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14433
14483
msgstr ""
14434
14484
14435
#: serverguide/C/network-auth.xml:1079(para)
14485
#: serverguide/C/network-auth.xml:1100(para)
14436
14486
msgid ""
14437
14487
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14438
14488
"match the provider, you should stop and figure out the issue before "
14442
14492
"statements) return no errors."
14443
14493
msgstr ""
14444
14494
14445
#: serverguide/C/network-auth.xml:1088(para)
14495
#: serverguide/C/network-auth.xml:1109(para)
14446
14496
msgid ""
14447
14497
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14448
14498
msgstr ""
14449
14499
14450
#: serverguide/C/network-auth.xml:1093(command)
14500
#: serverguide/C/network-auth.xml:1114(command)
14451
14501
msgid ""
14452
14502
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14453
14503
msgstr ""
14454
14504
14455
#: serverguide/C/network-auth.xml:1096(para)
14505
#: serverguide/C/network-auth.xml:1117(para)
14456
14506
msgid ""
14457
14507
"You should see the user 'john' and the group 'miners' as well as the nodes "
14458
14508
"'People' and 'Groups'."
14459
14509
msgstr ""
14460
14510
14461
#: serverguide/C/network-auth.xml:1105(title)
14511
#: serverguide/C/network-auth.xml:1126(title)
14462
14512
msgid "Access Control"
14463
14513
msgstr ""
14464
14514
14465
#: serverguide/C/network-auth.xml:1107(para)
14515
#: serverguide/C/network-auth.xml:1128(para)
14466
14516
msgid ""
14467
14517
"The management of what type of access (read, write, etc) users should be "
14468
14518
"granted to resources is known as <emphasis>access control</emphasis>. The "
14470
14520
"lists</emphasis> or ACL."
14471
14521
msgstr ""
14472
14522
14473
#: serverguide/C/network-auth.xml:1112(para)
14523
#: serverguide/C/network-auth.xml:1133(para)
14474
14524
msgid ""
14475
14525
"When we installed the slapd package various ACL were set up automatically. "
14476
14526
"We will look at a few important consequences of those defaults and, in so "
14477
14527
"doing, we'll get an idea of how ACLs work and how they're configured."
14478
14528
msgstr ""
14479
14529
14480
#: serverguide/C/network-auth.xml:1117(para)
14530
#: serverguide/C/network-auth.xml:1138(para)
14481
14531
msgid ""
14482
14532
"To get the effective ACL for an LDAP query we need to look at the ACL "
14483
14533
"entries of the database being queried as well as those of the special "
14489
14539
"(\"dc=example,dc=com\") and those of the frontend database:"
14490
14540
msgstr ""
14491
14541
14492
#: serverguide/C/network-auth.xml:1126(command)
14542
#: serverguide/C/network-auth.xml:1147(command)
14493
14543
msgid ""
14494
14544
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14495
14545
"'(olcDatabase={1}hdb)' olcAccess"
14496
14546
msgstr ""
14497
14547
14498
#: serverguide/C/network-auth.xml:1128(computeroutput)
14548
#: serverguide/C/network-auth.xml:1149(computeroutput)
14499
14549
#, no-wrap
14500
14550
msgid ""
14501
14551
"\n"
14509
14559
" read\n"
14510
14560
msgstr ""
14511
14561
14512
#: serverguide/C/network-auth.xml:1139(para)
14562
#: serverguide/C/network-auth.xml:1160(para)
14513
14563
msgid ""
14514
"The rootDN always has full rights to it's database. Including it in an ACL "
14564
"The rootDN always has full rights to its database. Including it in an ACL "
14515
14565
"does provide an explicit configuration but it also causes slapd to incur a "
14516
14566
"performance penalty."
14517
14567
msgstr ""
14518
14568
14519
#: serverguide/C/network-auth.xml:1146(command)
14569
#: serverguide/C/network-auth.xml:1167(command)
14520
14570
msgid ""
14521
14571
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14522
14572
"'(olcDatabase={-1}frontend)' olcAccess"
14523
14573
msgstr ""
14524
14574
14525
#: serverguide/C/network-auth.xml:1148(computeroutput)
14575
#: serverguide/C/network-auth.xml:1169(computeroutput)
14526
14576
#, no-wrap
14527
14577
msgid ""
14528
14578
"\n"
14533
14583
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14534
14584
msgstr ""
14535
14585
14536
#: serverguide/C/network-auth.xml:1157(para)
14586
#: serverguide/C/network-auth.xml:1178(para)
14537
14587
msgid "The very first ACL is crucial:"
14538
14588
msgstr ""
14539
14589
14540
#: serverguide/C/network-auth.xml:1161(programlisting)
14590
#: serverguide/C/network-auth.xml:1182(programlisting)
14541
14591
#, no-wrap
14542
14592
msgid ""
14543
14593
"\n"
14546
14596
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14547
14597
msgstr ""
14548
14598
14549
#: serverguide/C/network-auth.xml:1166(para)
14599
#: serverguide/C/network-auth.xml:1187(para)
14550
14600
msgid "This can be represented differently for easier digestion:"
14551
14601
msgstr ""
14552
14602
14553
#: serverguide/C/network-auth.xml:1170(programlisting)
14603
#: serverguide/C/network-auth.xml:1191(programlisting)
14554
14604
#, no-wrap
14555
14605
msgid ""
14556
14606
"\n"
14567
14617
"\tby * none\n"
14568
14618
msgstr ""
14569
14619
14570
#: serverguide/C/network-auth.xml:1184(para)
14620
#: serverguide/C/network-auth.xml:1205(para)
14571
14621
msgid "This compound ACL (there are 2) enforces the following:"
14572
14622
msgstr ""
14573
14623
14574
#: serverguide/C/network-auth.xml:1191(para)
14624
#: serverguide/C/network-auth.xml:1212(para)
14575
14625
msgid ""
14576
14626
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14577
14627
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14580
14630
"occur (see next point)."
14581
14631
msgstr ""
14582
14632
14583
#: serverguide/C/network-auth.xml:1199(para)
14633
#: serverguide/C/network-auth.xml:1220(para)
14584
14634
msgid ""
14585
14635
"Authentication can happen because all users have 'read' (due to 'by self "
14586
14636
"write') access to the <emphasis>userPassword</emphasis> attribute."
14587
14637
msgstr ""
14588
14638
14589
#: serverguide/C/network-auth.xml:1205(para)
14639
#: serverguide/C/network-auth.xml:1226(para)
14590
14640
msgid ""
14591
14641
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14592
14642
"all other users, with the exception of the rootDN, who has complete access "
14593
14643
"to it."
14594
14644
msgstr ""
14595
14645
14596
#: serverguide/C/network-auth.xml:1212(para)
14646
#: serverguide/C/network-auth.xml:1233(para)
14597
14647
msgid ""
14598
14648
"In order for users to change their own password, using "
14599
14649
"<command>passwd</command> or other utilities, the "
14601
14651
"a user has authenticated."
14602
14652
msgstr ""
14603
14653
14604
#: serverguide/C/network-auth.xml:1220(para)
14654
#: serverguide/C/network-auth.xml:1241(para)
14605
14655
msgid ""
14606
14656
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14607
14657
msgstr ""
14608
14658
14609
#: serverguide/C/network-auth.xml:1224(programlisting)
14659
#: serverguide/C/network-auth.xml:1245(programlisting)
14610
14660
#, no-wrap
14611
14661
msgid ""
14612
14662
"\n"
14616
14666
"\tby * read\n"
14617
14667
msgstr ""
14618
14668
14619
#: serverguide/C/network-auth.xml:1231(para)
14669
#: serverguide/C/network-auth.xml:1252(para)
14620
14670
msgid ""
14621
14671
"If this is unwanted then you need to change the ACLs. To force "
14622
14672
"authentication during a bind request you can alternatively (or in "
14623
14673
"combination with the modified ACL) use the 'olcRequire: authc' directive."
14624
14674
msgstr ""
14625
14675
14626
#: serverguide/C/network-auth.xml:1236(para)
14676
#: serverguide/C/network-auth.xml:1257(para)
14627
14677
msgid ""
14628
14678
"As previously mentioned, there is no administrative account created for the "
14629
14679
"slapd-config database. There is, however, a SASL identity that is granted "
14631
14681
"it is:"
14632
14682
msgstr ""
14633
14683
14634
#: serverguide/C/network-auth.xml:1241(programlisting)
14684
#: serverguide/C/network-auth.xml:1262(programlisting)
14635
14685
#, no-wrap
14636
14686
msgid ""
14637
14687
"\n"
14638
14688
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
14639
14689
msgstr ""
14640
14690
14641
#: serverguide/C/network-auth.xml:1245(para)
14691
#: serverguide/C/network-auth.xml:1266(para)
14642
14692
msgid ""
14643
14693
"The following command will display the ACLs of the slapd-config database:"
14644
14694
msgstr ""
14645
14695
14646
#: serverguide/C/network-auth.xml:1250(command)
14696
#: serverguide/C/network-auth.xml:1271(command)
14647
14697
msgid ""
14648
14698
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14649
14699
"'(olcDatabase={0}config)' olcAccess"
14650
14700
msgstr ""
14651
14701
14652
#: serverguide/C/network-auth.xml:1252(computeroutput)
14702
#: serverguide/C/network-auth.xml:1273(computeroutput)
14653
14703
#, no-wrap
14654
14704
msgid ""
14655
14705
"\n"
14658
14708
" cn=external,cn=auth manage by * break\n"
14659
14709
msgstr ""
14660
14710
14661
#: serverguide/C/network-auth.xml:1259(para)
14711
#: serverguide/C/network-auth.xml:1285(para)
14662
14712
msgid ""
14663
14713
"Since this is a SASL identity we need to use a SASL "
14664
14714
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
14666
14716
"mechanism. See the previous command for an example. Note that:"
14667
14717
msgstr ""
14668
14718
14669
#: serverguide/C/network-auth.xml:1267(para)
14719
#: serverguide/C/network-auth.xml:1288(para)
14670
14720
msgid ""
14671
14721
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
14672
14722
"for the ACL to match."
14673
14723
msgstr ""
14674
14724
14675
#: serverguide/C/network-auth.xml:1273(para)
14725
#: serverguide/C/network-auth.xml:1294(para)
14676
14726
msgid ""
14677
14727
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
14678
14728
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
14679
14729
msgstr ""
14680
14730
14681
#: serverguide/C/network-auth.xml:1281(para)
14731
#: serverguide/C/network-auth.xml:1302(para)
14682
14732
msgid "A succinct way to get all the ACLs is like this:"
14683
14733
msgstr ""
14684
14734
14685
#: serverguide/C/network-auth.xml:1286(command)
14735
#: serverguide/C/network-auth.xml:1307(command)
14686
14736
msgid ""
14687
14737
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14688
14738
"'(olcAccess=*)' olcAccess olcSuffix"
14689
14739
msgstr ""
14690
14740
14691
#: serverguide/C/network-auth.xml:1290(para)
14741
#: serverguide/C/network-auth.xml:1311(para)
14692
14742
msgid ""
14693
14743
"There is much to say on the topic of access control. See the man page for "
14694
14744
"<ulink "
14696
14746
".access</ulink>."
14697
14747
msgstr ""
14698
14748
14699
#: serverguide/C/network-auth.xml:1298(title)
14749
#: serverguide/C/network-auth.xml:1319(title)
14700
14750
msgid "TLS"
14701
14751
msgstr ""
14702
14752
14703
#: serverguide/C/network-auth.xml:1300(para)
14753
#: serverguide/C/network-auth.xml:1321(para)
14704
14754
msgid ""
14705
14755
"When authenticating to an OpenLDAP server it is best to do so using an "
14706
14756
"encrypted session. This can be accomplished using Transport Layer Security "
14707
14757
"(TLS)."
14708
14758
msgstr ""
14709
14759
14710
#: serverguide/C/network-auth.xml:1305(para)
14760
#: serverguide/C/network-auth.xml:1326(para)
14711
14761
msgid ""
14712
14762
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
14713
14763
"create and sign our LDAP server certificate as that CA. Since "
14716
14766
"<application>certtool</application> utility to complete these tasks."
14717
14767
msgstr ""
14718
14768
14719
#: serverguide/C/network-auth.xml:1314(para)
14769
#: serverguide/C/network-auth.xml:1335(para)
14720
14770
msgid ""
14721
14771
"Install the <application>gnutls-bin</application> and <application>ssl-"
14722
14772
"cert</application> packages:"
14723
14773
msgstr ""
14724
14774
14725
#: serverguide/C/network-auth.xml:1319(command)
14775
#: serverguide/C/network-auth.xml:1340(command)
14726
14776
msgid "sudo apt-get install gnutls-bin ssl-cert"
14727
14777
msgstr ""
14728
14778
14729
#: serverguide/C/network-auth.xml:1325(para)
14779
#: serverguide/C/network-auth.xml:1346(para)
14730
14780
msgid "Create a private key for the Certificate Authority:"
14731
14781
msgstr ""
14732
14782
14733
#: serverguide/C/network-auth.xml:1330(command)
14783
#: serverguide/C/network-auth.xml:1351(command)
14734
14784
msgid ""
14735
14785
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14736
14786
msgstr ""
14737
14787
14738
#: serverguide/C/network-auth.xml:1336(para)
14788
#: serverguide/C/network-auth.xml:1357(para)
14739
14789
msgid ""
14740
14790
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
14741
14791
"CA:"
14742
14792
msgstr ""
14743
14793
14744
#: serverguide/C/network-auth.xml:1340(programlisting)
14794
#: serverguide/C/network-auth.xml:1361(programlisting)
14745
14795
#, no-wrap
14746
14796
msgid ""
14747
14797
"\n"
14750
14800
"cert_signing_key\n"
14751
14801
msgstr ""
14752
14802
14753
#: serverguide/C/network-auth.xml:1349(para)
14803
#: serverguide/C/network-auth.xml:1370(para)
14754
14804
msgid "Create the self-signed CA certificate:"
14755
14805
msgstr ""
14756
14806
14757
#: serverguide/C/network-auth.xml:1354(command)
14807
#: serverguide/C/network-auth.xml:1375(command)
14758
14808
msgid ""
14759
14809
"sudo certtool --generate-self-signed \\ --load-privkey "
14760
14810
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14761
14811
"/etc/ssl/certs/cacert.pem"
14762
14812
msgstr ""
14763
14813
14764
#: serverguide/C/network-auth.xml:1363(para)
14814
#: serverguide/C/network-auth.xml:1384(para)
14765
14815
msgid "Make a private key for the server:"
14766
14816
msgstr ""
14767
14817
14768
#: serverguide/C/network-auth.xml:1368(command)
14818
#: serverguide/C/network-auth.xml:1389(command)
14769
14819
msgid ""
14770
14820
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14771
14821
"/etc/ssl/private/ldap01_slapd_key.pem"
14772
14822
msgstr ""
14773
14823
14774
#: serverguide/C/network-auth.xml:1374(para)
14824
#: serverguide/C/network-auth.xml:1395(para)
14775
14825
msgid ""
14776
14826
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14777
14827
"hostname. Naming the certificate and key for the host and service that will "
14778
14828
"be using them will help keep things clear."
14779
14829
msgstr ""
14780
14830
14781
#: serverguide/C/network-auth.xml:1383(para)
14831
#: serverguide/C/network-auth.xml:1404(para)
14782
14832
msgid ""
14783
14833
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14784
14834
msgstr ""
14785
14835
14786
#: serverguide/C/network-auth.xml:1387(programlisting)
14836
#: serverguide/C/network-auth.xml:1408(programlisting)
14787
14837
#, no-wrap
14788
14838
msgid ""
14789
14839
"\n"
14795
14845
"expiration_days = 3650\n"
14796
14846
msgstr ""
14797
14847
14798
#: serverguide/C/network-auth.xml:1396(para)
14848
#: serverguide/C/network-auth.xml:1417(para)
14799
14849
msgid "The above certificate is good for 10 years. Adjust accordingly."
14800
14850
msgstr ""
14801
14851
14802
#: serverguide/C/network-auth.xml:1402(para)
14852
#: serverguide/C/network-auth.xml:1423(para)
14803
14853
msgid "Create the server's certificate:"
14804
14854
msgstr ""
14805
14855
14806
#: serverguide/C/network-auth.xml:1407(command)
14856
#: serverguide/C/network-auth.xml:1428(command)
14807
14857
msgid ""
14808
14858
"sudo certtool --generate-certificate \\ --load-privkey "
14809
14859
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
14812
14862
"/etc/ssl/certs/ldap01_slapd_cert.pem"
14813
14863
msgstr ""
14814
14864
14815
#: serverguide/C/network-auth.xml:1419(para)
14865
#: serverguide/C/network-auth.xml:1440(para)
14816
14866
msgid ""
14817
14867
"Create the file <filename>certinfo.ldif</filename> with the following "
14818
14868
"contents (adjust accordingly, our example assumes we created certs using "
14819
14869
"https://www.cacert.org):"
14820
14870
msgstr ""
14821
14871
14822
#: serverguide/C/network-auth.xml:1423(programlisting)
14872
#: serverguide/C/network-auth.xml:1444(programlisting)
14823
14873
#, no-wrap
14824
14874
msgid ""
14825
14875
"\n"
14834
14884
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
14835
14885
msgstr ""
14836
14886
14837
#: serverguide/C/network-auth.xml:1435(para)
14887
#: serverguide/C/network-auth.xml:1456(para)
14838
14888
msgid ""
14839
14889
"Use the <application>ldapmodify</application> command to tell slapd about "
14840
14890
"our TLS work via the slapd-config database:"
14841
14891
msgstr ""
14842
14892
14843
#: serverguide/C/network-auth.xml:1440(command)
14893
#: serverguide/C/network-auth.xml:1461(command)
14844
14894
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
14845
14895
msgstr ""
14846
14896
14847
#: serverguide/C/network-auth.xml:1443(para)
14897
#: serverguide/C/network-auth.xml:1464(para)
14848
14898
msgid ""
14849
14899
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
14850
14900
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
14851
14901
"should have just:"
14852
14902
msgstr ""
14853
14903
14854
#: serverguide/C/network-auth.xml:1448(programlisting)
14904
#: serverguide/C/network-auth.xml:1469(programlisting)
14855
14905
#, no-wrap
14856
14906
msgid ""
14857
14907
"\n"
14858
14908
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
14859
14909
msgstr ""
14860
14910
14861
#: serverguide/C/network-auth.xml:1453(para)
14911
#: serverguide/C/network-auth.xml:1474(para)
14862
14912
msgid ""
14863
14913
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
14864
14914
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
14867
14917
"over TCP port 636."
14868
14918
msgstr ""
14869
14919
14870
#: serverguide/C/network-auth.xml:1461(para)
14920
#: serverguide/C/network-auth.xml:1482(para)
14871
14921
msgid "Tighten up ownership and permissions:"
14872
14922
msgstr ""
14873
14923
14874
#: serverguide/C/network-auth.xml:1466(command) serverguide/C/network-auth.xml:1583(command)
14924
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
14875
14925
msgid "sudo adduser openldap ssl-cert"
14876
14926
msgstr ""
14877
14927
14878
#: serverguide/C/network-auth.xml:1467(command)
14928
#: serverguide/C/network-auth.xml:1488(command)
14879
14929
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14880
14930
msgstr ""
14881
14931
14882
#: serverguide/C/network-auth.xml:1468(command)
14932
#: serverguide/C/network-auth.xml:1489(command)
14883
14933
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14884
14934
msgstr ""
14885
14935
14886
#: serverguide/C/network-auth.xml:1469(command)
14936
#: serverguide/C/network-auth.xml:1490(command)
14887
14937
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
14888
14938
msgstr ""
14889
14939
14890
#: serverguide/C/network-auth.xml:1472(para)
14940
#: serverguide/C/network-auth.xml:1493(para)
14891
14941
msgid "Restart OpenLDAP:"
14892
14942
msgstr ""
14893
14943
14894
#: serverguide/C/network-auth.xml:1480(para)
14944
#: serverguide/C/network-auth.xml:1501(para)
14895
14945
msgid ""
14896
14946
"Check your host's logs (/var/log/syslog) to see if the server has started "
14897
14947
"properly."
14898
14948
msgstr ""
14899
14949
14900
#: serverguide/C/network-auth.xml:1487(title)
14950
#: serverguide/C/network-auth.xml:1508(title)
14901
14951
msgid "Replication and TLS"
14902
14952
msgstr ""
14903
14953
14904
#: serverguide/C/network-auth.xml:1489(para)
14954
#: serverguide/C/network-auth.xml:1510(para)
14905
14955
msgid ""
14906
14956
"If you have set up replication between servers, it is common practice to "
14907
14957
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
14909
14959
"section we will build on that TLS-authentication work."
14910
14960
msgstr ""
14911
14961
14912
#: serverguide/C/network-auth.xml:1495(para)
14962
#: serverguide/C/network-auth.xml:1516(para)
14913
14963
msgid ""
14914
14964
"The assumption here is that you have set up replication between Provider and "
14915
14965
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
14917
14967
"linkend=\"openldap-tls\"/>."
14918
14968
msgstr ""
14919
14969
14920
#: serverguide/C/network-auth.xml:1500(para)
14970
#: serverguide/C/network-auth.xml:1521(para)
14921
14971
msgid ""
14922
14972
"As previously stated, the objective (for us) with replication is high "
14923
14973
"availablity for the LDAP service. Since we have TLS for authentication on "
14929
14979
"material over to the Consumer."
14930
14980
msgstr ""
14931
14981
14932
#: serverguide/C/network-auth.xml:1511(para) serverguide/C/network-auth.xml:1668(para)
14982
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
14933
14983
msgid "On the Provider,"
14934
14984
msgstr ""
14935
14985
14936
#: serverguide/C/network-auth.xml:1515(para)
14986
#: serverguide/C/network-auth.xml:1536(para)
14937
14987
msgid ""
14938
14988
"Create a holding directory (which will be used for the eventual transfer) "
14939
14989
"and then the Consumer's private key:"
14940
14990
msgstr ""
14941
14991
14942
#: serverguide/C/network-auth.xml:1520(command)
14992
#: serverguide/C/network-auth.xml:1541(command)
14943
14993
msgid "mkdir ldap02-ssl"
14944
14994
msgstr ""
14945
14995
14946
#: serverguide/C/network-auth.xml:1521(command)
14996
#: serverguide/C/network-auth.xml:1542(command)
14947
14997
msgid "cd ldap02-ssl"
14948
14998
msgstr ""
14949
14999
14950
#: serverguide/C/network-auth.xml:1522(command)
15000
#: serverguide/C/network-auth.xml:1543(command)
14951
15001
msgid ""
14952
15002
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14953
15003
"ldap02_slapd_key.pem"
14954
15004
msgstr ""
14955
15005
14956
#: serverguide/C/network-auth.xml:1527(para)
15006
#: serverguide/C/network-auth.xml:1548(para)
14957
15007
msgid ""
14958
15008
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
14959
"server, adjusting it's values accordingly:"
15009
"server, adjusting its values accordingly:"
14960
15010
msgstr ""
14961
15011
14962
#: serverguide/C/network-auth.xml:1531(programlisting)
15012
#: serverguide/C/network-auth.xml:1552(programlisting)
14963
15013
#, no-wrap
14964
15014
msgid ""
14965
15015
"\n"
14971
15021
"expiration_days = 3650\n"
14972
15022
msgstr ""
14973
15023
14974
#: serverguide/C/network-auth.xml:1540(para)
15024
#: serverguide/C/network-auth.xml:1561(para)
14975
15025
msgid "Create the Consumer's certificate:"
14976
15026
msgstr ""
14977
15027
14978
#: serverguide/C/network-auth.xml:1545(command)
15028
#: serverguide/C/network-auth.xml:1566(command)
14979
15029
msgid ""
14980
15030
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
14981
15031
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
14983
15033
"ldap02_slapd_cert.pem"
14984
15034
msgstr ""
14985
15035
14986
#: serverguide/C/network-auth.xml:1553(para)
15036
#: serverguide/C/network-auth.xml:1574(para)
14987
15037
msgid "Get a copy of the CA certificate:"
14988
15038
msgstr ""
14989
15039
14990
#: serverguide/C/network-auth.xml:1558(command)
15040
#: serverguide/C/network-auth.xml:1579(command)
14991
15041
msgid "cp /etc/ssl/certs/cacert.pem ."
14992
15042
msgstr ""
14993
15043
14994
#: serverguide/C/network-auth.xml:1561(para)
15044
#: serverguide/C/network-auth.xml:1582(para)
14995
15045
msgid ""
14996
15046
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
14997
15047
"the Consumer. Here we use scp (adjust accordingly):"
14998
15048
msgstr ""
14999
15049
15000
#: serverguide/C/network-auth.xml:1566(command)
15050
#: serverguide/C/network-auth.xml:1587(command)
15001
15051
msgid "cd .."
15002
15052
msgstr ""
15003
15053
15004
#: serverguide/C/network-auth.xml:1567(command)
15054
#: serverguide/C/network-auth.xml:1588(command)
15005
15055
msgid "scp -r ldap02-ssl user@consumer:"
15006
15056
msgstr ""
15007
15057
15008
#: serverguide/C/network-auth.xml:1573(para) serverguide/C/network-auth.xml:1621(para)
15058
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15009
15059
msgid "On the Consumer,"
15010
15060
msgstr ""
15011
15061
15012
#: serverguide/C/network-auth.xml:1577(para)
15062
#: serverguide/C/network-auth.xml:1598(para)
15013
15063
msgid "Configure TLS authentication:"
15014
15064
msgstr ""
15015
15065
15016
#: serverguide/C/network-auth.xml:1582(command)
15066
#: serverguide/C/network-auth.xml:1603(command)
15017
15067
msgid "sudo apt-get install ssl-cert"
15018
15068
msgstr ""
15019
15069
15020
#: serverguide/C/network-auth.xml:1584(command)
15070
#: serverguide/C/network-auth.xml:1605(command)
15021
15071
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15022
15072
msgstr ""
15023
15073
15024
#: serverguide/C/network-auth.xml:1585(command)
15074
#: serverguide/C/network-auth.xml:1606(command)
15025
15075
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15026
15076
msgstr ""
15027
15077
15028
#: serverguide/C/network-auth.xml:1586(command)
15078
#: serverguide/C/network-auth.xml:1607(command)
15029
15079
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15030
15080
msgstr ""
15031
15081
15032
#: serverguide/C/network-auth.xml:1587(command)
15082
#: serverguide/C/network-auth.xml:1608(command)
15033
15083
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15034
15084
msgstr ""
15035
15085
15036
#: serverguide/C/network-auth.xml:1588(command)
15086
#: serverguide/C/network-auth.xml:1609(command)
15037
15087
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15038
15088
msgstr ""
15039
15089
15040
#: serverguide/C/network-auth.xml:1591(para)
15090
#: serverguide/C/network-auth.xml:1612(para)
15041
15091
msgid ""
15042
15092
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15043
15093
"following contents (adjust accordingly):"
15044
15094
msgstr ""
15045
15095
15046
#: serverguide/C/network-auth.xml:1595(programlisting)
15096
#: serverguide/C/network-auth.xml:1616(programlisting)
15047
15097
#, no-wrap
15048
15098
msgid ""
15049
15099
"\n"
15058
15108
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15059
15109
msgstr ""
15060
15110
15061
#: serverguide/C/network-auth.xml:1607(para)
15111
#: serverguide/C/network-auth.xml:1628(para)
15062
15112
msgid "Configure the slapd-config database:"
15063
15113
msgstr ""
15064
15114
15065
#: serverguide/C/network-auth.xml:1612(command)
15115
#: serverguide/C/network-auth.xml:1633(command)
15066
15116
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15067
15117
msgstr ""
15068
15118
15069
#: serverguide/C/network-auth.xml:1615(para)
15119
#: serverguide/C/network-auth.xml:1636(para)
15070
15120
msgid ""
15071
15121
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15072
15122
"(SLAPD_SERVICES)."
15073
15123
msgstr ""
15074
15124
15075
#: serverguide/C/network-auth.xml:1625(para)
15125
#: serverguide/C/network-auth.xml:1646(para)
15076
15126
msgid ""
15077
15127
"Configure TLS for Consumer-side replication. Modify the existing "
15078
15128
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15080
15130
"value(s)."
15081
15131
msgstr ""
15082
15132
15083
#: serverguide/C/network-auth.xml:1630(para)
15133
#: serverguide/C/network-auth.xml:1651(para)
15084
15134
msgid ""
15085
15135
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15086
15136
"following contents:"
15087
15137
msgstr ""
15088
15138
15089
#: serverguide/C/network-auth.xml:1634(programlisting)
15139
#: serverguide/C/network-auth.xml:1660(programlisting)
15090
15140
#, no-wrap
15091
15141
msgid ""
15092
15142
"\n"
15101
15151
" starttls=critical tls_reqcert=demand\n"
15102
15152
msgstr ""
15103
15153
15104
#: serverguide/C/network-auth.xml:1644(para)
15154
#: serverguide/C/network-auth.xml:1665(para)
15105
15155
msgid ""
15106
15156
"The extra options specify, respectively, that the consumer must use StartTLS "
15107
15157
"and that the CA certificate is required to verify the Provider's identity. "
15109
15159
"('replace')."
15110
15160
msgstr ""
15111
15161
15112
#: serverguide/C/network-auth.xml:1649(para)
15162
#: serverguide/C/network-auth.xml:1670(para)
15113
15163
msgid "Implement these changes:"
15114
15164
msgstr ""
15115
15165
15116
#: serverguide/C/network-auth.xml:1654(command)
15166
#: serverguide/C/network-auth.xml:1675(command)
15117
15167
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15118
15168
msgstr ""
15119
15169
15120
#: serverguide/C/network-auth.xml:1657(para)
15170
#: serverguide/C/network-auth.xml:1678(para)
15121
15171
msgid "And restart slapd:"
15122
15172
msgstr ""
15123
15173
15124
#: serverguide/C/network-auth.xml:1672(para)
15174
#: serverguide/C/network-auth.xml:1693(para)
15125
15175
msgid ""
15126
15176
"Check to see that a TLS session has been established. In "
15127
15177
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15128
15178
"logging set up, you should see messages similar to:"
15129
15179
msgstr ""
15130
15180
15131
#: serverguide/C/network-auth.xml:1677(programlisting)
15181
#: serverguide/C/network-auth.xml:1698(programlisting)
15132
15182
#, no-wrap
15133
15183
msgid ""
15134
15184
"\n"
15145
15195
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15146
15196
msgstr ""
15147
15197
15148
#: serverguide/C/network-auth.xml:1695(title)
15198
#: serverguide/C/network-auth.xml:1716(title)
15149
15199
msgid "LDAP Authentication"
15150
15200
msgstr ""
15151
15201
15152
#: serverguide/C/network-auth.xml:1697(para)
15202
#: serverguide/C/network-auth.xml:1723(para)
15153
15203
msgid ""
15154
15204
"Once you have a working LDAP server, you will need to install libraries on "
15155
15205
"the client that will know how and when to contact it. On Ubuntu, this has "
15158
15208
"assist you in the configuration step. Install this package now:"
15159
15209
msgstr ""
15160
15210
15161
#: serverguide/C/network-auth.xml:1704(command)
15211
#: serverguide/C/network-auth.xml:1725(command)
15162
15212
msgid "sudo apt-get install libnss-ldap"
15163
15213
msgstr ""
15164
15214
15165
#: serverguide/C/network-auth.xml:1707(para)
15215
#: serverguide/C/network-auth.xml:1728(para)
15166
15216
msgid ""
15167
15217
"You will be prompted for details of your LDAP server. If you make a mistake "
15168
15218
"you can try again using:"
15169
15219
msgstr ""
15170
15220
15171
#: serverguide/C/network-auth.xml:1712(command)
15221
#: serverguide/C/network-auth.xml:1733(command)
15172
15222
msgid "sudo dpkg-reconfigure ldap-auth-config"
15173
15223
msgstr ""
15174
15224
15175
#: serverguide/C/network-auth.xml:1715(para)
15225
#: serverguide/C/network-auth.xml:1736(para)
15176
15226
msgid ""
15177
15227
"The results of the dialog can be seen in "
15178
15228
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15179
15229
"covered in the menu edit this file accordingly."
15180
15230
msgstr ""
15181
15231
15182
#: serverguide/C/network-auth.xml:1720(para)
15232
#: serverguide/C/network-auth.xml:1741(para)
15183
15233
msgid "Now configure the LDAP profile for NSS:"
15184
15234
msgstr ""
15185
15235
15186
#: serverguide/C/network-auth.xml:1725(command)
15236
#: serverguide/C/network-auth.xml:1746(command)
15187
15237
msgid "sudo auth-client-config -t nss -p lac_ldap"
15188
15238
msgstr ""
15189
15239
15190
#: serverguide/C/network-auth.xml:1728(para)
15240
#: serverguide/C/network-auth.xml:1749(para)
15191
15241
msgid "Configure the system to use LDAP for authentication:"
15192
15242
msgstr ""
15193
15243
15194
#: serverguide/C/network-auth.xml:1733(command)
15244
#: serverguide/C/network-auth.xml:1754(command)
15195
15245
msgid "sudo pam-auth-update"
15196
15246
msgstr ""
15197
15247
15198
#: serverguide/C/network-auth.xml:1736(para)
15248
#: serverguide/C/network-auth.xml:1757(para)
15199
15249
msgid ""
15200
15250
"From the menu, choose LDAP and any other authentication mechanisms you need."
15201
15251
msgstr ""
15202
15252
15203
#: serverguide/C/network-auth.xml:1740(para)
15253
#: serverguide/C/network-auth.xml:1761(para)
15204
15254
msgid "You should now be able to log in using LDAP-based credentials."
15205
15255
msgstr ""
15206
15256
15207
#: serverguide/C/network-auth.xml:1744(para)
15257
#: serverguide/C/network-auth.xml:1765(para)
15208
15258
msgid ""
15209
15259
"LDAP clients will need to refer to multiple servers if replication is in "
15210
15260
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15211
15261
msgstr ""
15212
15262
15213
#: serverguide/C/network-auth.xml:1749(programlisting)
15263
#: serverguide/C/network-auth.xml:1770(programlisting)
15214
15264
#, no-wrap
15215
15265
msgid ""
15216
15266
"\n"
15217
15267
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15218
15268
msgstr ""
15219
15269
15220
#: serverguide/C/network-auth.xml:1753(para)
15270
#: serverguide/C/network-auth.xml:1774(para)
15221
15271
msgid ""
15222
15272
"The request will time out and the Consumer (ldap02) will attempt to be "
15223
15273
"reached if the Provider (ldap01) becomes unresponsive."
15224
15274
msgstr ""
15225
15275
15226
#: serverguide/C/network-auth.xml:1757(para)
15276
#: serverguide/C/network-auth.xml:1778(para)
15227
15277
msgid ""
15228
15278
"If you are going to use LDAP to store Samba users you will need to configure "
15229
15279
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15230
15280
"ldap\"/> for details."
15231
15281
msgstr ""
15232
15282
15233
#: serverguide/C/network-auth.xml:1763(para)
15283
#: serverguide/C/network-auth.xml:1784(para)
15234
15284
msgid ""
15235
15285
"An alternative to the <application>libnss-ldap</application> package is the "
15236
15286
"<application>libnss-ldapd</application> package. This, however, will bring "
15238
15288
"wanted. Simply remove it afterwards."
15239
15289
msgstr ""
15240
15290
15241
#: serverguide/C/network-auth.xml:1773(title)
15291
#: serverguide/C/network-auth.xml:1794(title)
15242
15292
msgid "User and Group Management"
15243
15293
msgstr ""
15244
15294
15245
#: serverguide/C/network-auth.xml:1775(para)
15295
#: serverguide/C/network-auth.xml:1796(para)
15246
15296
msgid ""
15247
15297
"The <application>ldap-utils</application> package comes with enough "
15248
15298
"utilities to manage the directory but the long string of options needed can "
15251
15301
"easier to use."
15252
15302
msgstr ""
15253
15303
15254
#: serverguide/C/network-auth.xml:1781(para)
15304
#: serverguide/C/network-auth.xml:1802(para)
15255
15305
msgid "Install the package:"
15256
15306
msgstr ""
15257
15307
15258
#: serverguide/C/network-auth.xml:1786(command)
15308
#: serverguide/C/network-auth.xml:1807(command)
15259
15309
msgid "sudo apt-get install ldapscripts"
15260
15310
msgstr ""
15261
15311
15262
#: serverguide/C/network-auth.xml:1789(para)
15312
#: serverguide/C/network-auth.xml:1810(para)
15263
15313
msgid ""
15264
15314
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15265
15315
"arrive at something similar to the following:"
15266
15316
msgstr ""
15267
15317
15268
#: serverguide/C/network-auth.xml:1793(programlisting)
15318
#: serverguide/C/network-auth.xml:1814(programlisting)
15269
15319
#, no-wrap
15270
15320
msgid ""
15271
15321
"\n"
15281
15331
"MIDSTART=10000\n"
15282
15332
msgstr ""
15283
15333
15284
#: serverguide/C/network-auth.xml:1806(para)
15334
#: serverguide/C/network-auth.xml:1827(para)
15285
15335
msgid ""
15286
15336
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15287
15337
"access to the directory:"
15288
15338
msgstr ""
15289
15339
15290
#: serverguide/C/network-auth.xml:1811(command)
15340
#: serverguide/C/network-auth.xml:1832(command)
15291
15341
msgid ""
15292
15342
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15293
15343
msgstr ""
15294
15344
15295
#: serverguide/C/network-auth.xml:1812(command)
15345
#: serverguide/C/network-auth.xml:1833(command)
15296
15346
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15297
15347
msgstr ""
15298
15348
15299
#: serverguide/C/network-auth.xml:1816(para)
15349
#: serverguide/C/network-auth.xml:1837(para)
15300
15350
msgid ""
15301
15351
"Replace <quote>secret</quote> with the actual password for your database's "
15302
15352
"rootDN user."
15303
15353
msgstr ""
15304
15354
15305
#: serverguide/C/network-auth.xml:1821(para)
15355
#: serverguide/C/network-auth.xml:1842(para)
15306
15356
msgid ""
15307
15357
"The scripts are now ready to help manage your directory. Here are some "
15308
15358
"examples of how to use them:"
15309
15359
msgstr ""
15310
15360
15311
#: serverguide/C/network-auth.xml:1828(para)
15361
#: serverguide/C/network-auth.xml:1849(para)
15312
15362
msgid "Create a new user:"
15313
15363
msgstr ""
15314
15364
15315
#: serverguide/C/network-auth.xml:1833(command)
15365
#: serverguide/C/network-auth.xml:1854(command)
15316
15366
msgid "sudo ldapadduser george example"
15317
15367
msgstr ""
15318
15368
15319
#: serverguide/C/network-auth.xml:1836(para)
15369
#: serverguide/C/network-auth.xml:1857(para)
15320
15370
msgid ""
15321
15371
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15322
15372
"and set the user's primary group (gid) to <emphasis "
15323
15373
"role=\"italic\">example</emphasis>"
15324
15374
msgstr ""
15325
15375
15326
#: serverguide/C/network-auth.xml:1843(para)
15376
#: serverguide/C/network-auth.xml:1864(para)
15327
15377
msgid "Change a user's password:"
15328
15378
msgstr ""
15329
15379
15330
#: serverguide/C/network-auth.xml:1848(command)
15380
#: serverguide/C/network-auth.xml:1869(command)
15331
15381
msgid "sudo ldapsetpasswd george"
15332
15382
msgstr ""
15333
15383
15334
#: serverguide/C/network-auth.xml:1849(computeroutput)
15384
#: serverguide/C/network-auth.xml:1870(computeroutput)
15335
15385
#, no-wrap
15336
15386
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15337
15387
msgstr ""
15338
15388
15339
#: serverguide/C/network-auth.xml:1850(userinput)
15389
#: serverguide/C/network-auth.xml:1871(userinput)
15340
15390
#, no-wrap
15341
15391
msgid "New Password: "
15342
15392
msgstr ""
15343
15393
15344
#: serverguide/C/network-auth.xml:1851(userinput)
15394
#: serverguide/C/network-auth.xml:1872(userinput)
15345
15395
#, no-wrap
15346
15396
msgid "New Password (verify): "
15347
15397
msgstr ""
15348
15398
15349
#: serverguide/C/network-auth.xml:1857(para)
15399
#: serverguide/C/network-auth.xml:1878(para)
15350
15400
msgid "Delete a user:"
15351
15401
msgstr ""
15352
15402
15353
#: serverguide/C/network-auth.xml:1862(command)
15403
#: serverguide/C/network-auth.xml:1883(command)
15354
15404
msgid "sudo ldapdeleteuser george"
15355
15405
msgstr ""
15356
15406
15357
#: serverguide/C/network-auth.xml:1868(para)
15407
#: serverguide/C/network-auth.xml:1889(para)
15358
15408
msgid "Add a group:"
15359
15409
msgstr ""
15360
15410
15361
#: serverguide/C/network-auth.xml:1873(command)
15411
#: serverguide/C/network-auth.xml:1894(command)
15362
15412
msgid "sudo ldapaddgroup qa"
15363
15413
msgstr ""
15364
15414
15365
#: serverguide/C/network-auth.xml:1879(para)
15415
#: serverguide/C/network-auth.xml:1900(para)
15366
15416
msgid "Delete a group:"
15367
15417
msgstr ""
15368
15418
15369
#: serverguide/C/network-auth.xml:1884(command)
15419
#: serverguide/C/network-auth.xml:1905(command)
15370
15420
msgid "sudo ldapdeletegroup qa"
15371
15421
msgstr ""
15372
15422
15373
#: serverguide/C/network-auth.xml:1890(para)
15423
#: serverguide/C/network-auth.xml:1911(para)
15374
15424
msgid "Add a user to a group:"
15375
15425
msgstr ""
15376
15426
15377
#: serverguide/C/network-auth.xml:1895(command)
15427
#: serverguide/C/network-auth.xml:1916(command)
15378
15428
msgid "sudo ldapaddusertogroup george qa"
15379
15429
msgstr ""
15380
15430
15381
#: serverguide/C/network-auth.xml:1898(para)
15431
#: serverguide/C/network-auth.xml:1919(para)
15382
15432
msgid ""
15383
15433
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15384
15434
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15385
15435
"role=\"italic\">george</emphasis>."
15386
15436
msgstr ""
15387
15437
15388
#: serverguide/C/network-auth.xml:1905(para)
15438
#: serverguide/C/network-auth.xml:1926(para)
15389
15439
msgid "Remove a user from a group:"
15390
15440
msgstr ""
15391
15441
15392
#: serverguide/C/network-auth.xml:1910(command)
15442
#: serverguide/C/network-auth.xml:1931(command)
15393
15443
msgid "sudo ldapdeleteuserfromgroup george qa"
15394
15444
msgstr ""
15395
15445
15396
#: serverguide/C/network-auth.xml:1913(para)
15446
#: serverguide/C/network-auth.xml:1934(para)
15397
15447
msgid ""
15398
15448
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15399
15449
"<emphasis role=\"italic\">qa</emphasis> group."
15400
15450
msgstr ""
15401
15451
15402
#: serverguide/C/network-auth.xml:1920(para)
15452
#: serverguide/C/network-auth.xml:1941(para)
15403
15453
msgid ""
15404
15454
"The <application>ldapmodifyuser</application> script allows you to add, "
15405
15455
"remove, or replace a user's attributes. The script uses the same syntax as "
15406
15456
"the <application>ldapmodify</application> utility. For example:"
15407
15457
msgstr ""
15408
15458
15409
#: serverguide/C/network-auth.xml:1926(command)
15459
#: serverguide/C/network-auth.xml:1947(command)
15410
15460
msgid "sudo ldapmodifyuser george"
15411
15461
msgstr ""
15412
15462
15413
#: serverguide/C/network-auth.xml:1927(computeroutput)
15463
#: serverguide/C/network-auth.xml:1948(computeroutput)
15414
15464
#, no-wrap
15415
15465
msgid ""
15416
15466
"# About to modify the following entry :\n"
15431
15481
"dn: uid=george,ou=People,dc=example,dc=com"
15432
15482
msgstr ""
15433
15483
15434
#: serverguide/C/network-auth.xml:1943(userinput)
15484
#: serverguide/C/network-auth.xml:1964(userinput)
15435
15485
#, no-wrap
15436
15486
msgid ""
15437
15487
"replace: gecos\n"
15438
15488
"gecos: George Carlin"
15439
15489
msgstr ""
15440
15490
15441
#: serverguide/C/network-auth.xml:1947(para)
15491
#: serverguide/C/network-auth.xml:1968(para)
15442
15492
msgid ""
15443
15493
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15444
15494
"Carlin</quote>."
15445
15495
msgstr ""
15446
15496
15447
#: serverguide/C/network-auth.xml:1953(para)
15497
#: serverguide/C/network-auth.xml:1979(para)
15448
15498
msgid ""
15449
15499
"A nice feature of <application>ldapscripts</application> is the template "
15450
15500
"system. Templates allow you to customize the attributes of user, group, and "
15453
15503
"changing:"
15454
15504
msgstr ""
15455
15505
15456
#: serverguide/C/network-auth.xml:1959(programlisting)
15506
#: serverguide/C/network-auth.xml:1980(programlisting)
15457
15507
#, no-wrap
15458
15508
msgid ""
15459
15509
"\n"
15460
15510
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15461
15511
msgstr ""
15462
15512
15463
#: serverguide/C/network-auth.xml:1963(para)
15513
#: serverguide/C/network-auth.xml:1984(para)
15464
15514
msgid ""
15465
15515
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15466
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15467
"<filename>ldapadduser.template.sample</filename> file to "
15516
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15517
"rename the <filename>ldapadduser.template.sample</filename> file to "
15468
15518
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15469
15519
msgstr ""
15470
15520
15471
#: serverguide/C/network-auth.xml:1970(command)
15521
#: serverguide/C/network-auth.xml:1991(command)
15472
15522
msgid ""
15473
15523
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15474
15524
"/etc/ldapscripts/ldapadduser.template"
15475
15525
msgstr ""
15476
15526
15477
#: serverguide/C/network-auth.xml:1974(para)
15527
#: serverguide/C/network-auth.xml:1995(para)
15478
15528
msgid ""
15479
15529
"Edit the new template to add the desired attributes. The following will "
15480
15530
"create new users with an objectClass of inetOrgPerson:"
15481
15531
msgstr ""
15482
15532
15483
#: serverguide/C/network-auth.xml:1979(programlisting)
15533
#: serverguide/C/network-auth.xml:2000(programlisting)
15484
15534
#, no-wrap
15485
15535
msgid ""
15486
15536
"\n"
15499
15549
"title: Employee\n"
15500
15550
msgstr ""
15501
15551
15502
#: serverguide/C/network-auth.xml:1995(para)
15552
#: serverguide/C/network-auth.xml:2016(para)
15503
15553
msgid ""
15504
15554
"Notice the <emphasis><ask></emphasis> option used for the "
15505
15555
"<emphasis>sn</emphasis> attribute. This will make "
15506
"<application>ldapadduser</application> prompt you for it's value."
15556
"<application>ldapadduser</application> prompt you for its value."
15507
15557
msgstr ""
15508
15558
15509
#: serverguide/C/network-auth.xml:2003(para)
15559
#: serverguide/C/network-auth.xml:2024(para)
15510
15560
msgid ""
15511
15561
"There are utilities in the package that were not covered here. Here is a "
15512
15562
"complete list:"
15513
15563
msgstr ""
15514
15564
15515
#: serverguide/C/network-auth.xml:2008(ulink)
15565
#: serverguide/C/network-auth.xml:2029(ulink)
15516
15566
msgid "ldaprenamemachine"
15517
15567
msgstr ""
15518
15568
15519
#: serverguide/C/network-auth.xml:2009(ulink)
15569
#: serverguide/C/network-auth.xml:2030(ulink)
15520
15570
msgid "ldapadduser"
15521
15571
msgstr ""
15522
15572
15523
#: serverguide/C/network-auth.xml:2010(ulink)
15573
#: serverguide/C/network-auth.xml:2031(ulink)
15524
15574
msgid "ldapdeleteuserfromgroup"
15525
15575
msgstr ""
15526
15576
15527
#: serverguide/C/network-auth.xml:2011(ulink)
15577
#: serverguide/C/network-auth.xml:2032(ulink)
15528
15578
msgid "ldapfinger"
15529
15579
msgstr ""
15530
15580
15531
#: serverguide/C/network-auth.xml:2012(ulink)
15581
#: serverguide/C/network-auth.xml:2033(ulink)
15532
15582
msgid "ldapid"
15533
15583
msgstr ""
15534
15584
15535
#: serverguide/C/network-auth.xml:2013(ulink)
15585
#: serverguide/C/network-auth.xml:2034(ulink)
15536
15586
msgid "ldapgid"
15537
15587
msgstr ""
15538
15588
15539
#: serverguide/C/network-auth.xml:2014(ulink)
15589
#: serverguide/C/network-auth.xml:2035(ulink)
15540
15590
msgid "ldapmodifyuser"
15541
15591
msgstr ""
15542
15592
15543
#: serverguide/C/network-auth.xml:2015(ulink)
15593
#: serverguide/C/network-auth.xml:2036(ulink)
15544
15594
msgid "ldaprenameuser"
15545
15595
msgstr ""
15546
15596
15547
#: serverguide/C/network-auth.xml:2016(ulink)
15597
#: serverguide/C/network-auth.xml:2037(ulink)
15548
15598
msgid "lsldap"
15549
15599
msgstr ""
15550
15600
15551
#: serverguide/C/network-auth.xml:2017(ulink)
15601
#: serverguide/C/network-auth.xml:2038(ulink)
15552
15602
msgid "ldapaddusertogroup"
15553
15603
msgstr ""
15554
15604
15555
#: serverguide/C/network-auth.xml:2018(ulink)
15605
#: serverguide/C/network-auth.xml:2039(ulink)
15556
15606
msgid "ldapsetpasswd"
15557
15607
msgstr ""
15558
15608
15559
#: serverguide/C/network-auth.xml:2019(ulink)
15609
#: serverguide/C/network-auth.xml:2040(ulink)
15560
15610
msgid "ldapinit"
15561
15611
msgstr ""
15562
15612
15563
#: serverguide/C/network-auth.xml:2020(ulink)
15613
#: serverguide/C/network-auth.xml:2041(ulink)
15564
15614
msgid "ldapaddgroup"
15565
15615
msgstr ""
15566
15616
15567
#: serverguide/C/network-auth.xml:2021(ulink)
15617
#: serverguide/C/network-auth.xml:2042(ulink)
15568
15618
msgid "ldapdeletegroup"
15569
15619
msgstr ""
15570
15620
15571
#: serverguide/C/network-auth.xml:2022(ulink)
15621
#: serverguide/C/network-auth.xml:2043(ulink)
15572
15622
msgid "ldapmodifygroup"
15573
15623
msgstr ""
15574
15624
15575
#: serverguide/C/network-auth.xml:2023(ulink)
15625
#: serverguide/C/network-auth.xml:2044(ulink)
15576
15626
msgid "ldapdeletemachine"
15577
15627
msgstr ""
15578
15628
15579
#: serverguide/C/network-auth.xml:2024(ulink)
15629
#: serverguide/C/network-auth.xml:2045(ulink)
15580
15630
msgid "ldaprenamegroup"
15581
15631
msgstr ""
15582
15632
15583
#: serverguide/C/network-auth.xml:2025(ulink)
15633
#: serverguide/C/network-auth.xml:2046(ulink)
15584
15634
msgid "ldapaddmachine"
15585
15635
msgstr ""
15586
15636
15587
#: serverguide/C/network-auth.xml:2026(ulink)
15637
#: serverguide/C/network-auth.xml:2047(ulink)
15588
15638
msgid "ldapmodifymachine"
15589
15639
msgstr ""
15590
15640
15591
#: serverguide/C/network-auth.xml:2027(ulink)
15641
#: serverguide/C/network-auth.xml:2048(ulink)
15592
15642
msgid "ldapsetprimarygroup"
15593
15643
msgstr ""
15594
15644
15595
#: serverguide/C/network-auth.xml:2028(ulink)
15645
#: serverguide/C/network-auth.xml:2049(ulink)
15596
15646
msgid "ldapdeleteuser"
15597
15647
msgstr ""
15598
15648
15599
#: serverguide/C/network-auth.xml:2034(title)
15649
#: serverguide/C/network-auth.xml:2055(title)
15600
15650
msgid "Backup and Restore"
15601
15651
msgstr ""
15602
15652
15603
#: serverguide/C/network-auth.xml:2036(para)
15653
#: serverguide/C/network-auth.xml:2057(para)
15604
15654
msgid ""
15605
15655
"Now we have ldap running just the way we want, it is time to ensure we can "
15606
15656
"save all of our work and restore it as needed."
15607
15657
msgstr ""
15608
15658
15609
#: serverguide/C/network-auth.xml:2041(para)
15659
#: serverguide/C/network-auth.xml:2062(para)
15610
15660
msgid ""
15611
15661
"What we need is a way to backup the ldap database(s), specifically the "
15612
15662
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15615
15665
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15616
15666
msgstr ""
15617
15667
15618
#: serverguide/C/network-auth.xml:2051(programlisting)
15668
#: serverguide/C/network-auth.xml:2072(programlisting)
15619
15669
#, no-wrap
15620
15670
msgid ""
15621
15671
"\n"
15630
15680
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
15631
15681
msgstr ""
15632
15682
15633
#: serverguide/C/network-auth.xml:2064(para)
15683
#: serverguide/C/network-auth.xml:2085(para)
15634
15684
msgid ""
15635
15685
"These files are uncompressed text files containing everything in your ldap "
15636
15686
"databases including the tree layout, usernames, and every password. So, you "
15640
15690
"requirements."
15641
15691
msgstr ""
15642
15692
15643
#: serverguide/C/network-auth.xml:2075(para)
15693
#: serverguide/C/network-auth.xml:2096(para)
15644
15694
msgid ""
15645
15695
"Then, it is just a matter of having a cron script to run this program as "
15646
15696
"often as we feel comfortable with. For many, once a day suffices. For "
15649
15699
"22:45h:"
15650
15700
msgstr ""
15651
15701
15652
#: serverguide/C/network-auth.xml:2083(programlisting)
15702
#: serverguide/C/network-auth.xml:2104(programlisting)
15653
15703
#, no-wrap
15654
15704
msgid ""
15655
15705
"\n"
15657
15707
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15658
15708
msgstr ""
15659
15709
15660
#: serverguide/C/network-auth.xml:2088(para)
15710
#: serverguide/C/network-auth.xml:2109(para)
15661
15711
msgid "Now the files are created, they should be copied to a backup server."
15662
15712
msgstr ""
15663
15713
15664
#: serverguide/C/network-auth.xml:2093(para)
15714
#: serverguide/C/network-auth.xml:2114(para)
15665
15715
msgid ""
15666
15716
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15667
15717
"something like this:"
15668
15718
msgstr ""
15669
15719
15670
#: serverguide/C/network-auth.xml:2099(command)
15720
#: serverguide/C/network-auth.xml:2120(command)
15671
15721
msgid "sudo service slapd stop"
15672
15722
msgstr ""
15673
15723
15674
#: serverguide/C/network-auth.xml:2100(command)
15724
#: serverguide/C/network-auth.xml:2121(command)
15675
15725
msgid "sudo mkdir /var/lib/ldap/accesslog"
15676
15726
msgstr ""
15677
15727
15678
#: serverguide/C/network-auth.xml:2101(command)
15728
#: serverguide/C/network-auth.xml:2122(command)
15679
15729
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15680
15730
msgstr ""
15681
15731
15682
#: serverguide/C/network-auth.xml:2102(command)
15732
#: serverguide/C/network-auth.xml:2123(command)
15683
15733
msgid ""
15684
15734
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15685
15735
msgstr ""
15686
15736
15687
#: serverguide/C/network-auth.xml:2103(command)
15737
#: serverguide/C/network-auth.xml:2124(command)
15688
15738
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15689
15739
msgstr ""
15690
15740
15691
#: serverguide/C/network-auth.xml:2104(command)
15741
#: serverguide/C/network-auth.xml:2125(command)
15692
15742
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15693
15743
msgstr ""
15694
15744
15695
#: serverguide/C/network-auth.xml:2105(command)
15745
#: serverguide/C/network-auth.xml:2126(command)
15696
15746
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15697
15747
msgstr ""
15698
15748
15699
#: serverguide/C/network-auth.xml:2106(command)
15749
#: serverguide/C/network-auth.xml:2127(command)
15700
15750
msgid "sudo service slapd start"
15701
15751
msgstr ""
15702
15752
15703
#: serverguide/C/network-auth.xml:2117(para)
15753
#: serverguide/C/network-auth.xml:2138(para)
15704
15754
msgid ""
15705
15755
"The primary resource is the upstream documentation: <ulink "
15706
15756
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15707
15757
msgstr ""
15708
15758
15709
#: serverguide/C/network-auth.xml:2123(para)
15759
#: serverguide/C/network-auth.xml:2144(para)
15710
15760
msgid ""
15711
15761
"There are many man pages that come with the slapd package. Here are some "
15712
15762
"important ones, especially considering the material presented in this guide:"
15713
15763
msgstr ""
15714
15764
15715
#: serverguide/C/network-auth.xml:2129(ulink)
15765
#: serverguide/C/network-auth.xml:2150(ulink)
15716
15766
msgid "slapd"
15717
15767
msgstr ""
15718
15768
15719
#: serverguide/C/network-auth.xml:2130(ulink)
15769
#: serverguide/C/network-auth.xml:2151(ulink)
15720
15770
msgid "slapd-config"
15721
15771
msgstr ""
15722
15772
15723
#: serverguide/C/network-auth.xml:2131(ulink)
15773
#: serverguide/C/network-auth.xml:2152(ulink)
15724
15774
msgid "slapd.access"
15725
15775
msgstr ""
15726
15776
15727
#: serverguide/C/network-auth.xml:2132(ulink)
15777
#: serverguide/C/network-auth.xml:2153(ulink)
15728
15778
msgid "slapo-syncprov"
15729
15779
msgstr ""
15730
15780
15731
#: serverguide/C/network-auth.xml:2138(para)
15781
#: serverguide/C/network-auth.xml:2159(para)
15732
15782
msgid "Other man pages:"
15733
15783
msgstr ""
15734
15784
15735
#: serverguide/C/network-auth.xml:2143(ulink)
15785
#: serverguide/C/network-auth.xml:2164(ulink)
15736
15786
msgid "auth-client-config"
15737
15787
msgstr ""
15738
15788
15739
#: serverguide/C/network-auth.xml:2144(ulink)
15789
#: serverguide/C/network-auth.xml:2165(ulink)
15740
15790
msgid "pam-auth-update"
15741
15791
msgstr ""
15742
15792
15743
#: serverguide/C/network-auth.xml:2150(para)
15793
#: serverguide/C/network-auth.xml:2171(para)
15744
15794
msgid ""
15745
15795
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15746
15796
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15747
15797
msgstr ""
15748
15798
15749
#: serverguide/C/network-auth.xml:2156(para)
15799
#: serverguide/C/network-auth.xml:2177(para)
15750
15800
msgid ""
15751
15801
"A Ubuntu community <ulink "
15752
15802
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15753
15803
"wiki</ulink> page has a collection of notes"
15754
15804
msgstr ""
15755
15805
15756
#: serverguide/C/network-auth.xml:2162(para)
15806
#: serverguide/C/network-auth.xml:2183(para)
15757
15807
msgid ""
15758
15808
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15759
15809
"Administration</ulink> (textbook; 2003)"
15760
15810
msgstr ""
15761
15811
15762
#: serverguide/C/network-auth.xml:2168(para)
15812
#: serverguide/C/network-auth.xml:2189(para)
15763
15813
msgid ""
15764
15814
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15765
15815
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15766
15816
msgstr ""
15767
15817
15768
#: serverguide/C/network-auth.xml:2179(title)
15818
#: serverguide/C/network-auth.xml:2200(title)
15769
15819
msgid "Samba and LDAP"
15770
15820
msgstr ""
15771
15821
15772
#: serverguide/C/network-auth.xml:2181(para)
15822
#: serverguide/C/network-auth.xml:2202(para)
15773
15823
msgid ""
15774
15824
"This section covers the integration of Samba with LDAP. The Samba server's "
15775
15825
"role will be that of a \"standalone\" server and the LDAP directory will "
15776
15826
"provide the authentication layer in addition to containing the user, group, "
15777
15827
"and machine account information that Samba requires in order to function (in "
15778
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
15828
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
15779
15829
"configured with a directory that can accept authentication requests. See "
15780
15830
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
15781
15831
"requirement. Once this section is completed, you will need to decide what "
15782
15832
"specifically you want Samba to do for you and then configure it accordingly."
15783
15833
msgstr ""
15784
15834
15785
#: serverguide/C/network-auth.xml:2190(title)
15835
#: serverguide/C/network-auth.xml:2211(title)
15786
15836
msgid "Software Installation"
15787
15837
msgstr ""
15788
15838
15789
#: serverguide/C/network-auth.xml:2192(para)
15839
#: serverguide/C/network-auth.xml:2213(para)
15790
15840
msgid ""
15791
15841
"There are three packages needed when integrating Samba with LDAP: "
15792
15842
"<application>samba</application>, <application>samba-doc</application>, and "
15793
15843
"<application>smbldap-tools</application> packages."
15794
15844
msgstr ""
15795
15845
15796
#: serverguide/C/network-auth.xml:2197(para)
15846
#: serverguide/C/network-auth.xml:2223(para)
15797
15847
msgid ""
15798
15848
"Strictly speaking, the <application>smbldap-tools</application> package "
15799
15849
"isn't needed, but unless you have some other way to manage the various Samba "
15801
15851
"install it."
15802
15852
msgstr ""
15803
15853
15804
#: serverguide/C/network-auth.xml:2202(para)
15854
#: serverguide/C/network-auth.xml:2223(para)
15805
15855
msgid "Install these packages now:"
15806
15856
msgstr ""
15807
15857
15808
#: serverguide/C/network-auth.xml:2207(command)
15858
#: serverguide/C/network-auth.xml:2228(command)
15809
15859
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15810
15860
msgstr ""
15811
15861
15812
#: serverguide/C/network-auth.xml:2213(title)
15862
#: serverguide/C/network-auth.xml:2234(title)
15813
15863
msgid "LDAP Configuration"
15814
15864
msgstr ""
15815
15865
15816
#: serverguide/C/network-auth.xml:2215(para)
15866
#: serverguide/C/network-auth.xml:2236(para)
15817
15867
msgid ""
15818
15868
"We will now configure the LDAP server so that it can accomodate Samba data. "
15819
15869
"We will perform three tasks in this section:"
15820
15870
msgstr ""
15821
15871
15822
#: serverguide/C/network-auth.xml:2222(para)
15872
#: serverguide/C/network-auth.xml:2243(para)
15823
15873
msgid "Import a schema"
15824
15874
msgstr ""
15825
15875
15826
#: serverguide/C/network-auth.xml:2226(para)
15876
#: serverguide/C/network-auth.xml:2247(para)
15827
15877
msgid "Index some entries"
15828
15878
msgstr ""
15829
15879
15830
#: serverguide/C/network-auth.xml:2230(para)
15880
#: serverguide/C/network-auth.xml:2251(para)
15831
15881
msgid "Add objects"
15832
15882
msgstr ""
15833
15883
15834
#: serverguide/C/network-auth.xml:2236(title)
15884
#: serverguide/C/network-auth.xml:2257(title)
15835
15885
msgid "Samba schema"
15836
15886
msgstr ""
15837
15887
15838
#: serverguide/C/network-auth.xml:2238(para)
15888
#: serverguide/C/network-auth.xml:2259(para)
15839
15889
msgid ""
15840
15890
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
15841
15891
"will need to use attributes that can properly describe Samba data. Such "
15843
15893
"now."
15844
15894
msgstr ""
15845
15895
15846
#: serverguide/C/network-auth.xml:2244(para)
15896
#: serverguide/C/network-auth.xml:2265(para)
15847
15897
msgid ""
15848
15898
"For more information on schemas and their installation see <xref "
15849
15899
"linkend=\"openldap-configuration\"/>."
15850
15900
msgstr ""
15851
15901
15852
#: serverguide/C/network-auth.xml:2252(para)
15902
#: serverguide/C/network-auth.xml:2273(para)
15853
15903
msgid ""
15854
15904
"The schema is found in the now-installed <application>samba-"
15855
15905
"doc</application> package. It needs to be unzipped and copied to the "
15856
15906
"<filename>/etc/ldap/schema</filename> directory:"
15857
15907
msgstr ""
15858
15908
15859
#: serverguide/C/network-auth.xml:2258(command)
15909
#: serverguide/C/network-auth.xml:2279(command)
15860
15910
msgid ""
15861
15911
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15862
15912
"/etc/ldap/schema"
15863
15913
msgstr ""
15864
15914
15865
#: serverguide/C/network-auth.xml:2259(command)
15915
#: serverguide/C/network-auth.xml:2280(command)
15866
15916
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15867
15917
msgstr ""
15868
15918
15869
#: serverguide/C/network-auth.xml:2265(para)
15919
#: serverguide/C/network-auth.xml:2286(para)
15870
15920
msgid ""
15871
15921
"Have the configuration file <filename>schema_convert.conf</filename> that "
15872
15922
"contains the following lines:"
15873
15923
msgstr ""
15874
15924
15875
#: serverguide/C/network-auth.xml:2269(programlisting)
15925
#: serverguide/C/network-auth.xml:2290(programlisting)
15876
15926
#, no-wrap
15877
15927
msgid ""
15878
15928
"\n"
15893
15943
"include /etc/ldap/schema/samba.schema\n"
15894
15944
msgstr ""
15895
15945
15896
#: serverguide/C/network-auth.xml:2290(para)
15946
#: serverguide/C/network-auth.xml:2311(para)
15897
15947
msgid "Have the directory <filename>ldif_output</filename> hold output."
15898
15948
msgstr ""
15899
15949
15900
#: serverguide/C/network-auth.xml:2301(command)
15950
#: serverguide/C/network-auth.xml:2322(command)
15901
15951
msgid ""
15902
15952
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
15903
15953
msgstr ""
15904
15954
15905
#: serverguide/C/network-auth.xml:2302(computeroutput)
15955
#: serverguide/C/network-auth.xml:2323(computeroutput)
15906
15956
#, no-wrap
15907
15957
msgid ""
15908
15958
"\n"
15909
15959
"dn: cn={14}samba,cn=schema,cn=config\n"
15910
15960
msgstr ""
15911
15961
15912
#: serverguide/C/network-auth.xml:2310(para)
15962
#: serverguide/C/network-auth.xml:2331(para)
15913
15963
msgid "Convert the schema to LDIF format:"
15914
15964
msgstr ""
15915
15965
15916
#: serverguide/C/network-auth.xml:2315(command)
15966
#: serverguide/C/network-auth.xml:2336(command)
15917
15967
msgid ""
15918
15968
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
15919
15969
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
15920
15970
msgstr ""
15921
15971
15922
#: serverguide/C/network-auth.xml:2322(para)
15972
#: serverguide/C/network-auth.xml:2343(para)
15923
15973
msgid ""
15924
15974
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
15925
15975
"information to arrive at:"
15926
15976
msgstr ""
15927
15977
15928
#: serverguide/C/network-auth.xml:2326(programlisting)
15978
#: serverguide/C/network-auth.xml:2347(programlisting)
15929
15979
#, no-wrap
15930
15980
msgid ""
15931
15981
"\n"
15934
15984
"cn: samba\n"
15935
15985
msgstr ""
15936
15986
15937
#: serverguide/C/network-auth.xml:2332(para)
15987
#: serverguide/C/network-auth.xml:2353(para)
15938
15988
msgid "Remove the bottom lines:"
15939
15989
msgstr ""
15940
15990
15941
#: serverguide/C/network-auth.xml:2336(programlisting)
15991
#: serverguide/C/network-auth.xml:2357(programlisting)
15942
15992
#, no-wrap
15943
15993
msgid ""
15944
15994
"\n"
15951
16001
"modifyTimestamp: 20080827045234Z\n"
15952
16002
msgstr ""
15953
16003
15954
#: serverguide/C/network-auth.xml:2352(para)
16004
#: serverguide/C/network-auth.xml:2373(para)
15955
16005
msgid "Add the new schema:"
15956
16006
msgstr ""
15957
16007
15958
#: serverguide/C/network-auth.xml:2357(command)
16008
#: serverguide/C/network-auth.xml:2378(command)
15959
16009
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
15960
16010
msgstr ""
15961
16011
15962
#: serverguide/C/network-auth.xml:2360(para)
16012
#: serverguide/C/network-auth.xml:2381(para)
15963
16013
msgid "To query and view this new schema:"
15964
16014
msgstr ""
15965
16015
15966
#: serverguide/C/network-auth.xml:2365(command)
16016
#: serverguide/C/network-auth.xml:2386(command)
15967
16017
msgid ""
15968
16018
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
15969
16019
"'cn=*samba*'"
15970
16020
msgstr ""
15971
16021
15972
#: serverguide/C/network-auth.xml:2375(title)
16022
#: serverguide/C/network-auth.xml:2396(title)
15973
16023
msgid "Samba indices"
15974
16024
msgstr ""
15975
16025
15976
#: serverguide/C/network-auth.xml:2377(para)
16026
#: serverguide/C/network-auth.xml:2398(para)
15977
16027
msgid ""
15978
16028
"Now that slapd knows about the Samba attributes, we can set up some indices "
15979
16029
"based on them. Indexing entries is a way to improve performance when a "
15980
16030
"client performs a filtered search on the DIT."
15981
16031
msgstr ""
15982
16032
15983
#: serverguide/C/network-auth.xml:2382(para)
16033
#: serverguide/C/network-auth.xml:2403(para)
15984
16034
msgid ""
15985
16035
"Create the file <filename>samba_indices.ldif</filename> with the following "
15986
16036
"contents:"
15987
16037
msgstr ""
15988
16038
15989
#: serverguide/C/network-auth.xml:2386(programlisting)
16039
#: serverguide/C/network-auth.xml:2407(programlisting)
15990
16040
#, no-wrap
15991
16041
msgid ""
15992
16042
"\n"
16007
16057
"olcDbIndex: default sub\n"
16008
16058
msgstr ""
16009
16059
16010
#: serverguide/C/network-auth.xml:2404(para)
16060
#: serverguide/C/network-auth.xml:2425(para)
16011
16061
msgid ""
16012
16062
"Using the <application>ldapmodify</application> utility load the new indices:"
16013
16063
msgstr ""
16014
16064
16015
#: serverguide/C/network-auth.xml:2409(command)
16065
#: serverguide/C/network-auth.xml:2430(command)
16016
16066
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16017
16067
msgstr ""
16018
16068
16019
#: serverguide/C/network-auth.xml:2412(para)
16069
#: serverguide/C/network-auth.xml:2433(para)
16020
16070
msgid ""
16021
16071
"If all went well you should see the new indices using "
16022
16072
"<application>ldapsearch</application>:"
16023
16073
msgstr ""
16024
16074
16025
#: serverguide/C/network-auth.xml:2417(command)
16075
#: serverguide/C/network-auth.xml:2438(command)
16026
16076
msgid ""
16027
16077
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16028
16078
"olcDatabase={1}hdb olcDbIndex"
16029
16079
msgstr ""
16030
16080
16031
#: serverguide/C/network-auth.xml:2424(title)
16081
#: serverguide/C/network-auth.xml:2445(title)
16032
16082
msgid "Adding Samba LDAP objects"
16033
16083
msgstr ""
16034
16084
16035
#: serverguide/C/network-auth.xml:2426(para)
16085
#: serverguide/C/network-auth.xml:2452(para)
16036
16086
msgid ""
16037
16087
"Next, configure the <application>smbldap-tools</application> package to "
16038
16088
"match your environment. The package is supposed to come with a configuration "
16043
16093
"smbldap-tools')."
16044
16094
msgstr ""
16045
16095
16046
#: serverguide/C/network-auth.xml:2433(para)
16096
#: serverguide/C/network-auth.xml:2459(para)
16047
16097
msgid ""
16048
16098
"To manually configure the package, you need to create and edit the files "
16049
16099
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16050
16100
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16051
16101
msgstr ""
16052
16102
16053
#: serverguide/C/network-auth.xml:2438(para)
16103
#: serverguide/C/network-auth.xml:2464(para)
16054
16104
msgid ""
16055
16105
"The <application>smbldap-populate</application> script will then add the "
16056
16106
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16057
16107
"your DIT using <application>slapcat</application>:"
16058
16108
msgstr ""
16059
16109
16060
#: serverguide/C/network-auth.xml:2444(command)
16110
#: serverguide/C/network-auth.xml:2473(command)
16061
16111
msgid "sudo slapcat -l backup.ldif"
16062
16112
msgstr ""
16063
16113
16064
#: serverguide/C/network-auth.xml:2447(para)
16114
#: serverguide/C/network-auth.xml:2476(para)
16065
16115
msgid "Once you have a backup proceed to populate your directory:"
16066
16116
msgstr ""
16067
16117
16068
#: serverguide/C/network-auth.xml:2452(command)
16118
#: serverguide/C/network-auth.xml:2481(command)
16069
16119
msgid "sudo smbldap-populate"
16070
16120
msgstr ""
16071
16121
16072
#: serverguide/C/network-auth.xml:2455(para)
16122
#: serverguide/C/network-auth.xml:2484(para)
16073
16123
msgid ""
16074
16124
"You can create a LDIF file containing the new Samba objects by executing "
16075
16125
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16076
16126
"look over the changes making sure everything is correct. If it is, rerun the "
16077
16127
"script without the '-e' switch. Alternatively, you can take the LDIF file "
16078
"and import it's data per usual."
16128
"and import its data per usual."
16079
16129
msgstr ""
16080
16130
16081
#: serverguide/C/network-auth.xml:2461(para)
16131
#: serverguide/C/network-auth.xml:2490(para)
16082
16132
msgid ""
16083
16133
"Your LDAP directory now has the necessary information to authenticate Samba "
16084
16134
"users."
16085
16135
msgstr ""
16086
16136
16087
#: serverguide/C/network-auth.xml:2470(title)
16137
#: serverguide/C/network-auth.xml:2499(title)
16088
16138
msgid "Samba Configuration"
16089
16139
msgstr ""
16090
16140
16091
#: serverguide/C/network-auth.xml:2472(para)
16141
#: serverguide/C/network-auth.xml:2498(para)
16092
16142
msgid ""
16093
16143
"There are multiple ways to configure Samba. For details on some common "
16094
16144
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16095
"LDAP, edit it's configuration file <filename>/etc/samba/smb.conf</filename> "
16145
"LDAP, edit its configuration file <filename>/etc/samba/smb.conf</filename> "
16096
16146
"commenting out the default <emphasis>passdb backend</emphasis> parameter and "
16097
16147
"adding some ldap-related ones:"
16098
16148
msgstr ""
16099
16149
16100
#: serverguide/C/network-auth.xml:2478(programlisting)
16150
#: serverguide/C/network-auth.xml:2507(programlisting)
16101
16151
#, no-wrap
16102
16152
msgid ""
16103
16153
"\n"
16117
16167
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16118
16168
msgstr ""
16119
16169
16120
#: serverguide/C/network-auth.xml:2495(para)
16170
#: serverguide/C/network-auth.xml:2524(para)
16121
16171
msgid "Change the values to match your environment."
16122
16172
msgstr ""
16123
16173
16124
#: serverguide/C/network-auth.xml:2499(para)
16174
#: serverguide/C/network-auth.xml:2528(para)
16125
16175
msgid "Restart <application>samba</application> to enable the new settings:"
16126
16176
msgstr ""
16127
16177
16128
#: serverguide/C/network-auth.xml:2508(para)
16178
#: serverguide/C/network-auth.xml:2537(para)
16129
16179
msgid ""
16130
16180
"Now inform Samba about the rootDN user's password (the one set during the "
16131
16181
"installation of the slapd package):"
16132
16182
msgstr ""
16133
16183
16134
#: serverguide/C/network-auth.xml:2513(command)
16184
#: serverguide/C/network-auth.xml:2542(command)
16135
16185
msgid "sudo smbpasswd -w password"
16136
16186
msgstr ""
16137
16187
16138
#: serverguide/C/network-auth.xml:2516(para)
16188
#: serverguide/C/network-auth.xml:2545(para)
16139
16189
msgid ""
16140
16190
"If you have existing LDAP users that you want to include in your new LDAP-"
16141
16191
"backed Samba they will, of course, also need to be given some of the extra "
16145
16195
"<application>libnss-ldap</application>):"
16146
16196
msgstr ""
16147
16197
16148
#: serverguide/C/network-auth.xml:2524(command)
16198
#: serverguide/C/network-auth.xml:2553(command)
16149
16199
msgid "sudo smbpasswd -a username"
16150
16200
msgstr ""
16151
16201
16152
#: serverguide/C/network-auth.xml:2527(para)
16202
#: serverguide/C/network-auth.xml:2556(para)
16153
16203
msgid ""
16154
16204
"You will prompted to enter a password. It will be considered as the new "
16155
16205
"password for that user. Making it the same as before is reasonable."
16156
16206
msgstr ""
16157
16207
16158
#: serverguide/C/network-auth.xml:2531(para)
16208
#: serverguide/C/network-auth.xml:2560(para)
16159
16209
msgid ""
16160
16210
"To manage user, group, and machine accounts use the utilities provided by "
16161
16211
"the <application>smbldap-tools</application> package. Here are some examples:"
16162
16212
msgstr ""
16163
16213
16164
#: serverguide/C/network-auth.xml:2539(para)
16214
#: serverguide/C/network-auth.xml:2568(para)
16165
16215
msgid "To add a new user:"
16166
16216
msgstr ""
16167
16217
16168
#: serverguide/C/network-auth.xml:2544(command)
16218
#: serverguide/C/network-auth.xml:2573(command)
16169
16219
msgid "sudo smbldap-useradd -a -P username"
16170
16220
msgstr ""
16171
16221
16172
#: serverguide/C/network-auth.xml:2547(para)
16222
#: serverguide/C/network-auth.xml:2576(para)
16173
16223
msgid ""
16174
16224
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16175
16225
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16177
16227
"a password for the user."
16178
16228
msgstr ""
16179
16229
16180
#: serverguide/C/network-auth.xml:2554(para)
16230
#: serverguide/C/network-auth.xml:2583(para)
16181
16231
msgid "To remove a user:"
16182
16232
msgstr ""
16183
16233
16184
#: serverguide/C/network-auth.xml:2559(command)
16234
#: serverguide/C/network-auth.xml:2588(command)
16185
16235
msgid "sudo smbldap-userdel username"
16186
16236
msgstr ""
16187
16237
16188
#: serverguide/C/network-auth.xml:2562(para)
16238
#: serverguide/C/network-auth.xml:2591(para)
16189
16239
msgid ""
16190
16240
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16191
16241
"user's home directory."
16192
16242
msgstr ""
16193
16243
16194
#: serverguide/C/network-auth.xml:2568(para)
16244
#: serverguide/C/network-auth.xml:2597(para)
16195
16245
msgid "To add a group:"
16196
16246
msgstr ""
16197
16247
16198
#: serverguide/C/network-auth.xml:2573(command)
16248
#: serverguide/C/network-auth.xml:2602(command)
16199
16249
msgid "sudo smbldap-groupadd -a groupname"
16200
16250
msgstr ""
16201
16251
16202
#: serverguide/C/network-auth.xml:2576(para)
16252
#: serverguide/C/network-auth.xml:2605(para)
16203
16253
msgid ""
16204
16254
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16205
16255
"a</emphasis> adds the Samba attributes."
16206
16256
msgstr ""
16207
16257
16208
#: serverguide/C/network-auth.xml:2582(para)
16258
#: serverguide/C/network-auth.xml:2611(para)
16209
16259
msgid "To make an existing user a member of a group:"
16210
16260
msgstr ""
16211
16261
16212
#: serverguide/C/network-auth.xml:2587(command)
16262
#: serverguide/C/network-auth.xml:2616(command)
16213
16263
msgid "sudo smbldap-groupmod -m username groupname"
16214
16264
msgstr ""
16215
16265
16216
#: serverguide/C/network-auth.xml:2590(para)
16266
#: serverguide/C/network-auth.xml:2619(para)
16217
16267
msgid ""
16218
16268
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16219
16269
"listing them in comma-separated format."
16220
16270
msgstr ""
16221
16271
16222
#: serverguide/C/network-auth.xml:2596(para)
16272
#: serverguide/C/network-auth.xml:2625(para)
16223
16273
msgid "To remove a user from a group:"
16224
16274
msgstr ""
16225
16275
16226
#: serverguide/C/network-auth.xml:2601(command)
16276
#: serverguide/C/network-auth.xml:2630(command)
16227
16277
msgid "sudo smbldap-groupmod -x username groupname"
16228
16278
msgstr ""
16229
16279
16230
#: serverguide/C/network-auth.xml:2607(para)
16280
#: serverguide/C/network-auth.xml:2636(para)
16231
16281
msgid "To add a Samba machine account:"
16232
16282
msgstr ""
16233
16283
16234
#: serverguide/C/network-auth.xml:2612(command)
16284
#: serverguide/C/network-auth.xml:2641(command)
16235
16285
msgid "sudo smbldap-useradd -t 0 -w username"
16236
16286
msgstr ""
16237
16287
16238
#: serverguide/C/network-auth.xml:2615(para)
16288
#: serverguide/C/network-auth.xml:2644(para)
16239
16289
msgid ""
16240
16290
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16241
16291
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16245
16295
"<application>smbldap-useradd</application>."
16246
16296
msgstr ""
16247
16297
16248
#: serverguide/C/network-auth.xml:2624(para)
16298
#: serverguide/C/network-auth.xml:2653(para)
16249
16299
msgid ""
16250
16300
"There are utilities in the <application>smbldap-tools</application> package "
16251
16301
"that were not covered here. Here is a complete list:"
16252
16302
msgstr ""
16253
16303
16254
#: serverguide/C/network-auth.xml:2629(ulink)
16304
#: serverguide/C/network-auth.xml:2658(ulink)
16255
16305
msgid "smbldap-groupadd"
16256
16306
msgstr ""
16257
16307
16258
#: serverguide/C/network-auth.xml:2630(ulink)
16308
#: serverguide/C/network-auth.xml:2659(ulink)
16259
16309
msgid "smbldap-groupdel"
16260
16310
msgstr ""
16261
16311
16262
#: serverguide/C/network-auth.xml:2631(ulink)
16312
#: serverguide/C/network-auth.xml:2660(ulink)
16263
16313
msgid "smbldap-groupmod"
16264
16314
msgstr ""
16265
16315
16266
#: serverguide/C/network-auth.xml:2632(ulink)
16316
#: serverguide/C/network-auth.xml:2661(ulink)
16267
16317
msgid "smbldap-groupshow"
16268
16318
msgstr ""
16269
16319
16270
#: serverguide/C/network-auth.xml:2633(ulink)
16320
#: serverguide/C/network-auth.xml:2662(ulink)
16271
16321
msgid "smbldap-passwd"
16272
16322
msgstr ""
16273
16323
16274
#: serverguide/C/network-auth.xml:2634(ulink)
16324
#: serverguide/C/network-auth.xml:2663(ulink)
16275
16325
msgid "smbldap-populate"
16276
16326
msgstr ""
16277
16327
16278
#: serverguide/C/network-auth.xml:2635(ulink)
16328
#: serverguide/C/network-auth.xml:2664(ulink)
16279
16329
msgid "smbldap-useradd"
16280
16330
msgstr ""
16281
16331
16282
#: serverguide/C/network-auth.xml:2636(ulink)
16332
#: serverguide/C/network-auth.xml:2665(ulink)
16283
16333
msgid "smbldap-userdel"
16284
16334
msgstr ""
16285
16335
16286
#: serverguide/C/network-auth.xml:2637(ulink)
16336
#: serverguide/C/network-auth.xml:2666(ulink)
16287
16337
msgid "smbldap-userinfo"
16288
16338
msgstr ""
16289
16339
16290
#: serverguide/C/network-auth.xml:2638(ulink)
16340
#: serverguide/C/network-auth.xml:2667(ulink)
16291
16341
msgid "smbldap-userlist"
16292
16342
msgstr ""
16293
16343
16294
#: serverguide/C/network-auth.xml:2639(ulink)
16344
#: serverguide/C/network-auth.xml:2668(ulink)
16295
16345
msgid "smbldap-usermod"
16296
16346
msgstr ""
16297
16347
16298
#: serverguide/C/network-auth.xml:2640(ulink)
16348
#: serverguide/C/network-auth.xml:2669(ulink)
16299
16349
msgid "smbldap-usershow"
16300
16350
msgstr ""
16301
16351
16302
#: serverguide/C/network-auth.xml:2651(para)
16352
#: serverguide/C/network-auth.xml:2677(para)
16303
16353
msgid ""
16304
16354
"For more information on installing and configuring Samba see <xref "
16305
16355
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16306
16356
msgstr ""
16307
16357
16308
#: serverguide/C/network-auth.xml:2657(para)
16358
#: serverguide/C/network-auth.xml:2686(para)
16309
16359
msgid ""
16310
16360
"There are multiple places where LDAP and Samba is documented in the upstream "
16311
16361
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16312
16362
"HOWTO Collection</ulink>."
16313
16363
msgstr ""
16314
16364
16315
#: serverguide/C/network-auth.xml:2664(para)
16365
#: serverguide/C/network-auth.xml:2693(para)
16316
16366
msgid ""
16317
16367
"Regarding the above, see specifically the <ulink "
16318
16368
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16319
16369
"Collection/passdb.html\">passdb section</ulink>."
16320
16370
msgstr ""
16321
16371
16322
#: serverguide/C/network-auth.xml:2670(para)
16372
#: serverguide/C/network-auth.xml:2699(para)
16323
16373
msgid ""
16324
16374
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16325
16375
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16326
16376
"valuable notes."
16327
16377
msgstr ""
16328
16378
16329
#: serverguide/C/network-auth.xml:2676(para)
16379
#: serverguide/C/network-auth.xml:2705(para)
16330
16380
msgid ""
16331
16381
"The main page of the <ulink "
16332
16382
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16334
16384
"prove useful."
16335
16385
msgstr ""
16336
16386
16337
#: serverguide/C/network-auth.xml:2689(title)
16387
#: serverguide/C/network-auth.xml:2718(title)
16338
16388
msgid "Kerberos"
16339
16389
msgstr ""
16340
16390
16341
#: serverguide/C/network-auth.xml:2691(para)
16391
#: serverguide/C/network-auth.xml:2720(para)
16342
16392
msgid ""
16343
16393
"<application>Kerberos</application> is a network authentication system based "
16344
16394
"on the principal of a trusted third party. The other two parties being the "
16347
16397
"network environment one step closer to being Single Sign On (SSO)."
16348
16398
msgstr ""
16349
16399
16350
#: serverguide/C/network-auth.xml:2697(para)
16400
#: serverguide/C/network-auth.xml:2726(para)
16351
16401
msgid ""
16352
16402
"This section covers installation and configuration of a Kerberos server, and "
16353
16403
"some example client configurations."
16354
16404
msgstr ""
16355
16405
16356
#: serverguide/C/network-auth.xml:2702(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:545(title)
16406
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16357
16407
msgid "Overview"
16358
16408
msgstr ""
16359
16409
16360
#: serverguide/C/network-auth.xml:2704(para)
16410
#: serverguide/C/network-auth.xml:2733(para)
16361
16411
msgid ""
16362
16412
"If you are new to Kerberos there are a few terms that are good to understand "
16363
16413
"before setting up a Kerberos server. Most of the terms will relate to things "
16364
16414
"you may be familiar with in other environments:"
16365
16415
msgstr ""
16366
16416
16367
#: serverguide/C/network-auth.xml:2711(para)
16417
#: serverguide/C/network-auth.xml:2740(para)
16368
16418
msgid ""
16369
16419
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16370
16420
"by servers need to be defined as Kerberos Principals."
16371
16421
msgstr ""
16372
16422
16373
#: serverguide/C/network-auth.xml:2716(para)
16423
#: serverguide/C/network-auth.xml:2745(para)
16374
16424
msgid ""
16375
16425
"<emphasis>Instances:</emphasis> are used for service principals and special "
16376
16426
"administrative principals."
16377
16427
msgstr ""
16378
16428
16379
#: serverguide/C/network-auth.xml:2721(para)
16429
#: serverguide/C/network-auth.xml:2750(para)
16380
16430
msgid ""
16381
16431
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16382
16432
"Kerberos installation. Think of it as the domain or group your hosts and "
16385
16435
"as the realm."
16386
16436
msgstr ""
16387
16437
16388
#: serverguide/C/network-auth.xml:2730(para)
16438
#: serverguide/C/network-auth.xml:2759(para)
16389
16439
msgid ""
16390
16440
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16391
16441
"a database of all principals, the authentication server, and the ticket "
16392
16442
"granting server. For each realm there must be at least one KDC."
16393
16443
msgstr ""
16394
16444
16395
#: serverguide/C/network-auth.xml:2736(para)
16445
#: serverguide/C/network-auth.xml:2765(para)
16396
16446
msgid ""
16397
16447
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16398
16448
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16399
16449
"password which is known only to the user and the KDC."
16400
16450
msgstr ""
16401
16451
16402
#: serverguide/C/network-auth.xml:2742(para)
16452
#: serverguide/C/network-auth.xml:2771(para)
16403
16453
msgid ""
16404
16454
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16405
16455
"clients upon request."
16406
16456
msgstr ""
16407
16457
16408
#: serverguide/C/network-auth.xml:2747(para)
16458
#: serverguide/C/network-auth.xml:2776(para)
16409
16459
msgid ""
16410
16460
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16411
16461
"One principal being a user and the other a service requested by the user. "
16413
16463
"authenticated session."
16414
16464
msgstr ""
16415
16465
16416
#: serverguide/C/network-auth.xml:2753(para)
16466
#: serverguide/C/network-auth.xml:2782(para)
16417
16467
msgid ""
16418
16468
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16419
16469
"principal database and contain the encryption key for a service or host."
16420
16470
msgstr ""
16421
16471
16422
#: serverguide/C/network-auth.xml:2760(para)
16472
#: serverguide/C/network-auth.xml:2789(para)
16423
16473
msgid ""
16424
16474
"To put the pieces together, a Realm has at least one KDC, preferably more "
16425
16475
"for redundancy, which contains a database of Principals. When a user "
16431
16481
"entering another username and password."
16432
16482
msgstr ""
16433
16483
16434
#: serverguide/C/network-auth.xml:2769(title)
16484
#: serverguide/C/network-auth.xml:2798(title)
16435
16485
msgid "Kerberos Server"
16436
16486
msgstr ""
16437
16487
16438
#: serverguide/C/network-auth.xml:2773(para)
16488
#: serverguide/C/network-auth.xml:2802(para)
16439
16489
msgid ""
16440
16490
"For this discussion, we will create a MIT Kerberos domain with the following "
16441
16491
"features (edit them to fit your needs):"
16442
16492
msgstr ""
16443
16493
16444
#: serverguide/C/network-auth.xml:2780(para)
16494
#: serverguide/C/network-auth.xml:2809(para)
16445
16495
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16446
16496
msgstr ""
16447
16497
16448
#: serverguide/C/network-auth.xml:2785(para)
16498
#: serverguide/C/network-auth.xml:2814(para)
16449
16499
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16450
16500
msgstr ""
16451
16501
16452
#: serverguide/C/network-auth.xml:2790(para)
16502
#: serverguide/C/network-auth.xml:2819(para)
16453
16503
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16454
16504
msgstr ""
16455
16505
16456
#: serverguide/C/network-auth.xml:2795(para)
16506
#: serverguide/C/network-auth.xml:2824(para)
16457
16507
msgid "<emphasis>User principal:</emphasis> steve"
16458
16508
msgstr ""
16459
16509
16460
#: serverguide/C/network-auth.xml:2800(para)
16510
#: serverguide/C/network-auth.xml:2829(para)
16461
16511
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16462
16512
msgstr ""
16463
16513
16464
#: serverguide/C/network-auth.xml:2807(para)
16514
#: serverguide/C/network-auth.xml:2836(para)
16465
16515
msgid ""
16466
16516
"It is <emphasis>strongly</emphasis> recommended that your network-"
16467
16517
"authenticated users have their uid in a different range (say, starting at "
16468
16518
"5000) than that of your local users."
16469
16519
msgstr ""
16470
16520
16471
#: serverguide/C/network-auth.xml:2813(para)
16521
#: serverguide/C/network-auth.xml:2842(para)
16472
16522
msgid ""
16473
16523
"Before installing the Kerberos server a properly configured DNS server is "
16474
16524
"needed for your domain. Since the Kerberos Realm by convention matches the "
16477
16527
"documentation."
16478
16528
msgstr ""
16479
16529
16480
#: serverguide/C/network-auth.xml:2819(para)
16530
#: serverguide/C/network-auth.xml:2848(para)
16481
16531
msgid ""
16482
16532
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16483
16533
"between a client machine and the server differs by more than five minutes "
16487
16537
"setting up NTP see <xref linkend=\"NTP\"/>."
16488
16538
msgstr ""
16489
16539
16490
#: serverguide/C/network-auth.xml:2827(para)
16540
#: serverguide/C/network-auth.xml:2856(para)
16491
16541
msgid ""
16492
16542
"The first step in creating a Kerberos Realm is to install the "
16493
16543
"<application>krb5-kdc</application> and <application>krb5-admin-"
16494
16544
"server</application> packages. From a terminal enter:"
16495
16545
msgstr ""
16496
16546
16497
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:3040(command)
16547
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16498
16548
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16499
16549
msgstr ""
16500
16550
16501
#: serverguide/C/network-auth.xml:2836(para)
16551
#: serverguide/C/network-auth.xml:2865(para)
16502
16552
msgid ""
16503
16553
"You will be asked at the end of the install to supply the hostname for the "
16504
16554
"Kerberos and Admin servers, which may or may not be the same server, for the "
16505
16555
"realm."
16506
16556
msgstr ""
16507
16557
16508
#: serverguide/C/network-auth.xml:2843(para)
16558
#: serverguide/C/network-auth.xml:2872(para)
16509
16559
msgid "By default the realm is created from the KDC's domain name."
16510
16560
msgstr ""
16511
16561
16512
#: serverguide/C/network-auth.xml:2848(para)
16562
#: serverguide/C/network-auth.xml:2877(para)
16513
16563
msgid ""
16514
16564
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16515
16565
"utility:"
16516
16566
msgstr ""
16517
16567
16518
#: serverguide/C/network-auth.xml:2853(command)
16568
#: serverguide/C/network-auth.xml:2882(command)
16519
16569
msgid "sudo krb5_newrealm"
16520
16570
msgstr ""
16521
16571
16522
#: serverguide/C/network-auth.xml:2860(para)
16572
#: serverguide/C/network-auth.xml:2889(para)
16523
16573
msgid ""
16524
16574
"The questions asked during installation are used to configure the "
16525
16575
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16529
16579
"typing"
16530
16580
msgstr ""
16531
16581
16532
#: serverguide/C/network-auth.xml:2867(command)
16582
#: serverguide/C/network-auth.xml:2896(command)
16533
16583
msgid "sudo dpkg-reconfigure krb5-kdc"
16534
16584
msgstr ""
16535
16585
16536
#: serverguide/C/network-auth.xml:2873(para)
16586
#: serverguide/C/network-auth.xml:2902(para)
16537
16587
msgid ""
16538
16588
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16539
16589
"principal</emphasis> -- is needed. It is recommended to use a different "
16541
16591
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16542
16592
msgstr ""
16543
16593
16544
#: serverguide/C/network-auth.xml:2881(command) serverguide/C/network-auth.xml:3751(command)
16594
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16545
16595
msgid "sudo kadmin.local"
16546
16596
msgstr ""
16547
16597
16548
#: serverguide/C/network-auth.xml:2882(computeroutput)
16598
#: serverguide/C/network-auth.xml:2911(computeroutput)
16549
16599
#, no-wrap
16550
16600
msgid ""
16551
16601
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16552
16602
"kadmin.local:"
16553
16603
msgstr ""
16554
16604
16555
#: serverguide/C/network-auth.xml:2883(userinput)
16605
#: serverguide/C/network-auth.xml:2912(userinput)
16556
16606
#, no-wrap
16557
16607
msgid " addprinc steve/admin"
16558
16608
msgstr ""
16559
16609
16560
#: serverguide/C/network-auth.xml:2884(computeroutput)
16610
#: serverguide/C/network-auth.xml:2913(computeroutput)
16561
16611
#, no-wrap
16562
16612
msgid ""
16563
16613
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16568
16618
"kadmin.local:"
16569
16619
msgstr ""
16570
16620
16571
#: serverguide/C/network-auth.xml:2888(userinput)
16621
#: serverguide/C/network-auth.xml:2917(userinput)
16572
16622
#, no-wrap
16573
16623
msgid " quit"
16574
16624
msgstr ""
16575
16625
16576
#: serverguide/C/network-auth.xml:2891(para)
16626
#: serverguide/C/network-auth.xml:2920(para)
16577
16627
msgid ""
16578
16628
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16579
16629
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16585
16635
"rights."
16586
16636
msgstr ""
16587
16637
16588
#: serverguide/C/network-auth.xml:2901(para)
16638
#: serverguide/C/network-auth.xml:2930(para)
16589
16639
msgid ""
16590
16640
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16591
16641
"your Realm and admin username."
16592
16642
msgstr ""
16593
16643
16594
#: serverguide/C/network-auth.xml:2909(para)
16644
#: serverguide/C/network-auth.xml:2938(para)
16595
16645
msgid ""
16596
16646
"Next, the new admin user needs to have the appropriate Access Control List "
16597
16647
"(ACL) permissions. The permissions are configured in the "
16598
16648
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16599
16649
msgstr ""
16600
16650
16601
#: serverguide/C/network-auth.xml:2914(programlisting)
16651
#: serverguide/C/network-auth.xml:2943(programlisting)
16602
16652
#, no-wrap
16603
16653
msgid ""
16604
16654
"\n"
16605
16655
"steve/admin@EXAMPLE.COM *\n"
16606
16656
msgstr ""
16607
16657
16608
#: serverguide/C/network-auth.xml:2918(para)
16658
#: serverguide/C/network-auth.xml:2947(para)
16609
16659
msgid ""
16610
16660
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16611
16661
"any operation on all principals in the realm. You can configure principals "
16614
16664
"<emphasis>kadm5.acl</emphasis> man page for details."
16615
16665
msgstr ""
16616
16666
16617
#: serverguide/C/network-auth.xml:2930(para)
16667
#: serverguide/C/network-auth.xml:2959(para)
16618
16668
msgid ""
16619
16669
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16620
16670
"to take affect:"
16621
16671
msgstr ""
16622
16672
16623
#: serverguide/C/network-auth.xml:2935(command)
16673
#: serverguide/C/network-auth.xml:2961(command)
16624
16674
msgid "sudo service krb5-admin-server restart"
16625
16675
msgstr ""
16626
16676
16627
#: serverguide/C/network-auth.xml:2941(para)
16677
#: serverguide/C/network-auth.xml:2970(para)
16628
16678
msgid ""
16629
16679
"The new user principal can be tested using the <application>kinit "
16630
16680
"utility</application>:"
16631
16681
msgstr ""
16632
16682
16633
#: serverguide/C/network-auth.xml:2946(command)
16683
#: serverguide/C/network-auth.xml:2975(command)
16634
16684
msgid "kinit steve/admin"
16635
16685
msgstr ""
16636
16686
16637
#: serverguide/C/network-auth.xml:2947(computeroutput)
16687
#: serverguide/C/network-auth.xml:2976(computeroutput)
16638
16688
#, no-wrap
16639
16689
msgid "steve/admin@EXAMPLE.COM's Password:"
16640
16690
msgstr ""
16641
16691
16642
#: serverguide/C/network-auth.xml:2950(para)
16692
#: serverguide/C/network-auth.xml:2979(para)
16643
16693
msgid ""
16644
16694
"After entering the password, use the <application>klist</application> "
16645
16695
"utility to view information about the Ticket Granting Ticket (TGT):"
16646
16696
msgstr ""
16647
16697
16648
#: serverguide/C/network-auth.xml:2956(command) serverguide/C/network-auth.xml:3333(command)
16698
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16649
16699
msgid "klist"
16650
16700
msgstr ""
16651
16701
16652
#: serverguide/C/network-auth.xml:2957(computeroutput)
16702
#: serverguide/C/network-auth.xml:2986(computeroutput)
16653
16703
#, no-wrap
16654
16704
msgid ""
16655
16705
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16659
16709
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16660
16710
msgstr ""
16661
16711
16662
#: serverguide/C/network-auth.xml:2964(para)
16712
#: serverguide/C/network-auth.xml:2993(para)
16663
16713
msgid ""
16664
16714
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
16665
16715
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
16668
16718
"For example:"
16669
16719
msgstr ""
16670
16720
16671
#: serverguide/C/network-auth.xml:2973(programlisting)
16721
#: serverguide/C/network-auth.xml:3002(programlisting)
16672
16722
#, no-wrap
16673
16723
msgid ""
16674
16724
"\n"
16675
16725
"192.168.0.1 kdc01.example.com kdc01\n"
16676
16726
msgstr ""
16677
16727
16678
#: serverguide/C/network-auth.xml:2977(para)
16728
#: serverguide/C/network-auth.xml:3006(para)
16679
16729
msgid ""
16680
16730
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
16681
16731
"This usually happens when you have a Kerberos realm encompassing different "
16682
16732
"networks separated by routers."
16683
16733
msgstr ""
16684
16734
16685
#: serverguide/C/network-auth.xml:2986(para)
16735
#: serverguide/C/network-auth.xml:3015(para)
16686
16736
msgid ""
16687
16737
"The best way to allow clients to automatically determine the KDC for the "
16688
16738
"Realm is using DNS SRV records. Add the following to "
16689
16739
"<filename>/etc/named/db.example.com</filename>:"
16690
16740
msgstr ""
16691
16741
16692
#: serverguide/C/network-auth.xml:2992(programlisting)
16742
#: serverguide/C/network-auth.xml:3021(programlisting)
16693
16743
#, no-wrap
16694
16744
msgid ""
16695
16745
"\n"
16701
16751
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16702
16752
msgstr ""
16703
16753
16704
#: serverguide/C/network-auth.xml:3002(para)
16754
#: serverguide/C/network-auth.xml:3031(para)
16705
16755
msgid ""
16706
16756
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16707
16757
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16708
16758
"KDC."
16709
16759
msgstr ""
16710
16760
16711
#: serverguide/C/network-auth.xml:3008(para)
16761
#: serverguide/C/network-auth.xml:3037(para)
16712
16762
msgid ""
16713
16763
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16714
16764
msgstr ""
16715
16765
16716
#: serverguide/C/network-auth.xml:3015(para)
16766
#: serverguide/C/network-auth.xml:3044(para)
16717
16767
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16718
16768
msgstr ""
16719
16769
16720
#: serverguide/C/network-auth.xml:3022(title)
16770
#: serverguide/C/network-auth.xml:3051(title)
16721
16771
msgid "Secondary KDC"
16722
16772
msgstr ""
16723
16773
16724
#: serverguide/C/network-auth.xml:3024(para)
16774
#: serverguide/C/network-auth.xml:3053(para)
16725
16775
msgid ""
16726
16776
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16727
16777
"practice to have a Secondary KDC in case the primary becomes unavailable. "
16730
16780
"of those networks."
16731
16781
msgstr ""
16732
16782
16733
#: serverguide/C/network-auth.xml:3035(para)
16783
#: serverguide/C/network-auth.xml:3064(para)
16734
16784
msgid ""
16735
16785
"First, install the packages, and when asked for the Kerberos and Admin "
16736
16786
"server names enter the name of the Primary KDC:"
16737
16787
msgstr ""
16738
16788
16739
#: serverguide/C/network-auth.xml:3046(para)
16789
#: serverguide/C/network-auth.xml:3075(para)
16740
16790
msgid ""
16741
16791
"Once you have the packages installed, create the Secondary KDC's host "
16742
16792
"principal. From a terminal prompt, enter:"
16743
16793
msgstr ""
16744
16794
16745
#: serverguide/C/network-auth.xml:3051(command)
16795
#: serverguide/C/network-auth.xml:3080(command)
16746
16796
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16747
16797
msgstr ""
16748
16798
16749
#: serverguide/C/network-auth.xml:3055(para)
16799
#: serverguide/C/network-auth.xml:3084(para)
16750
16800
msgid ""
16751
16801
"After, issuing any <application>kadmin</application> commands you will be "
16752
16802
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16753
16803
"password."
16754
16804
msgstr ""
16755
16805
16756
#: serverguide/C/network-auth.xml:3064(para)
16806
#: serverguide/C/network-auth.xml:3093(para)
16757
16807
msgid "Extract the <emphasis>keytab</emphasis> file:"
16758
16808
msgstr ""
16759
16809
16760
#: serverguide/C/network-auth.xml:3069(command)
16810
#: serverguide/C/network-auth.xml:3098(command)
16761
16811
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16762
16812
msgstr ""
16763
16813
16764
#: serverguide/C/network-auth.xml:3075(para)
16814
#: serverguide/C/network-auth.xml:3104(para)
16765
16815
msgid ""
16766
16816
"There should now be a <filename>keytab.kdc02</filename> in the current "
16767
16817
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16768
16818
msgstr ""
16769
16819
16770
#: serverguide/C/network-auth.xml:3081(command)
16820
#: serverguide/C/network-auth.xml:3110(command)
16771
16821
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16772
16822
msgstr ""
16773
16823
16774
#: serverguide/C/network-auth.xml:3085(para)
16824
#: serverguide/C/network-auth.xml:3114(para)
16775
16825
msgid ""
16776
16826
"If the path to the <filename>keytab.kdc02</filename> file is different "
16777
16827
"adjust accordingly."
16778
16828
msgstr ""
16779
16829
16780
#: serverguide/C/network-auth.xml:3090(para)
16830
#: serverguide/C/network-auth.xml:3119(para)
16781
16831
msgid ""
16782
16832
"Also, you can list the principals in a Keytab file, which can be useful when "
16783
16833
"troubleshooting, using the <application>klist</application> utility:"
16784
16834
msgstr ""
16785
16835
16786
#: serverguide/C/network-auth.xml:3096(command)
16836
#: serverguide/C/network-auth.xml:3125(command)
16787
16837
msgid "sudo klist -k /etc/krb5.keytab"
16788
16838
msgstr ""
16789
16839
16790
#: serverguide/C/network-auth.xml:3099(para)
16840
#: serverguide/C/network-auth.xml:3128(para)
16791
16841
msgid ""
16792
16842
"The <application>-k</application> option indicates the file is a keytab file."
16793
16843
msgstr ""
16794
16844
16795
#: serverguide/C/network-auth.xml:3106(para)
16845
#: serverguide/C/network-auth.xml:3135(para)
16796
16846
msgid ""
16797
16847
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16798
16848
"that lists all KDCs for the Realm. For example, on both primary and "
16799
16849
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16800
16850
msgstr ""
16801
16851
16802
#: serverguide/C/network-auth.xml:3111(programlisting)
16852
#: serverguide/C/network-auth.xml:3140(programlisting)
16803
16853
#, no-wrap
16804
16854
msgid ""
16805
16855
"\n"
16807
16857
"host/kdc02.example.com@EXAMPLE.COM\n"
16808
16858
msgstr ""
16809
16859
16810
#: serverguide/C/network-auth.xml:3119(para)
16860
#: serverguide/C/network-auth.xml:3148(para)
16811
16861
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16812
16862
msgstr ""
16813
16863
16814
#: serverguide/C/network-auth.xml:3124(command)
16864
#: serverguide/C/network-auth.xml:3153(command)
16815
16865
msgid "sudo kdb5_util -s create"
16816
16866
msgstr ""
16817
16867
16818
#: serverguide/C/network-auth.xml:3130(para)
16868
#: serverguide/C/network-auth.xml:3159(para)
16819
16869
msgid ""
16820
16870
"Now start the <application>kpropd</application> daemon, which listens for "
16821
16871
"connections from the <application>kprop</application> utility. "
16822
16872
"<application>kprop</application> is used to transfer dump files:"
16823
16873
msgstr ""
16824
16874
16825
#: serverguide/C/network-auth.xml:3137(command)
16875
#: serverguide/C/network-auth.xml:3166(command)
16826
16876
msgid "sudo kpropd -S"
16827
16877
msgstr ""
16828
16878
16829
#: serverguide/C/network-auth.xml:3143(para)
16879
#: serverguide/C/network-auth.xml:3172(para)
16830
16880
msgid ""
16831
16881
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16832
16882
"of the principal database:"
16833
16883
msgstr ""
16834
16884
16835
#: serverguide/C/network-auth.xml:3148(command)
16885
#: serverguide/C/network-auth.xml:3177(command)
16836
16886
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16837
16887
msgstr ""
16838
16888
16839
#: serverguide/C/network-auth.xml:3154(para)
16889
#: serverguide/C/network-auth.xml:3183(para)
16840
16890
msgid ""
16841
16891
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16842
16892
"<filename>/etc/krb5.keytab</filename>:"
16843
16893
msgstr ""
16844
16894
16845
#: serverguide/C/network-auth.xml:3159(command)
16895
#: serverguide/C/network-auth.xml:3188(command)
16846
16896
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16847
16897
msgstr ""
16848
16898
16849
#: serverguide/C/network-auth.xml:3160(command)
16899
#: serverguide/C/network-auth.xml:3189(command)
16850
16900
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16851
16901
msgstr ""
16852
16902
16853
#: serverguide/C/network-auth.xml:3164(para)
16903
#: serverguide/C/network-auth.xml:3193(para)
16854
16904
msgid ""
16855
16905
"Make sure there is a <emphasis>host</emphasis> for "
16856
16906
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16857
16907
msgstr ""
16858
16908
16859
#: serverguide/C/network-auth.xml:3172(para)
16909
#: serverguide/C/network-auth.xml:3201(para)
16860
16910
msgid ""
16861
16911
"Using the <application>kprop</application> utility push the database to the "
16862
16912
"Secondary KDC:"
16863
16913
msgstr ""
16864
16914
16865
#: serverguide/C/network-auth.xml:3177(command)
16915
#: serverguide/C/network-auth.xml:3206(command)
16866
16916
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16867
16917
msgstr ""
16868
16918
16869
#: serverguide/C/network-auth.xml:3181(para)
16919
#: serverguide/C/network-auth.xml:3210(para)
16870
16920
msgid ""
16871
16921
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16872
16922
"worked. If there is an error message check "
16874
16924
"information."
16875
16925
msgstr ""
16876
16926
16877
#: serverguide/C/network-auth.xml:3187(para)
16927
#: serverguide/C/network-auth.xml:3216(para)
16878
16928
msgid ""
16879
16929
"You may also want to create a <application>cron</application> job to "
16880
16930
"periodically update the database on the Secondary KDC. For example, the "
16882
16932
"split to fit the format of this document):"
16883
16933
msgstr ""
16884
16934
16885
#: serverguide/C/network-auth.xml:3192(programlisting)
16935
#: serverguide/C/network-auth.xml:3221(programlisting)
16886
16936
#, no-wrap
16887
16937
msgid ""
16888
16938
"\n"
16891
16941
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16892
16942
msgstr ""
16893
16943
16894
#: serverguide/C/network-auth.xml:3201(para)
16944
#: serverguide/C/network-auth.xml:3230(para)
16895
16945
msgid ""
16896
16946
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16897
16947
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16898
16948
msgstr ""
16899
16949
16900
#: serverguide/C/network-auth.xml:3207(command)
16950
#: serverguide/C/network-auth.xml:3236(command)
16901
16951
msgid "sudo kdb5_util stash"
16902
16952
msgstr ""
16903
16953
16904
#: serverguide/C/network-auth.xml:3213(para)
16954
#: serverguide/C/network-auth.xml:3242(para)
16905
16955
msgid ""
16906
16956
"Finally, start the <application>krb5-kdc</application> daemon on the "
16907
16957
"Secondary KDC:"
16908
16958
msgstr ""
16909
16959
16910
#: serverguide/C/network-auth.xml:3218(command) serverguide/C/network-auth.xml:3894(command)
16960
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
16911
16961
msgid "sudo service krb5-kdc start"
16912
16962
msgstr ""
16913
16963
16914
#: serverguide/C/network-auth.xml:3224(para)
16964
#: serverguide/C/network-auth.xml:3253(para)
16915
16965
msgid ""
16916
16966
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16917
16967
"for the Realm. You can test this by stopping the <application>krb5-"
16922
16972
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
16923
16973
msgstr ""
16924
16974
16925
#: serverguide/C/network-auth.xml:3235(title)
16975
#: serverguide/C/network-auth.xml:3264(title)
16926
16976
msgid "Kerberos Linux Client"
16927
16977
msgstr ""
16928
16978
16929
#: serverguide/C/network-auth.xml:3237(para)
16979
#: serverguide/C/network-auth.xml:3266(para)
16930
16980
msgid ""
16931
16981
"This section covers configuring a Linux system as a "
16932
16982
"<application>Kerberos</application> client. This will allow access to any "
16933
16983
"kerberized services once a user has successfully logged into the system."
16934
16984
msgstr ""
16935
16985
16936
#: serverguide/C/network-auth.xml:3245(para)
16986
#: serverguide/C/network-auth.xml:3274(para)
16937
16987
msgid ""
16938
16988
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16939
16989
"user</application> and <application>libpam-krb5</application> packages are "
16942
16992
"prompt:"
16943
16993
msgstr ""
16944
16994
16945
#: serverguide/C/network-auth.xml:3252(command)
16995
#: serverguide/C/network-auth.xml:3281(command)
16946
16996
msgid ""
16947
16997
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16948
16998
msgstr ""
16949
16999
16950
#: serverguide/C/network-auth.xml:3255(para)
17000
#: serverguide/C/network-auth.xml:3284(para)
16951
17001
msgid ""
16952
17002
"The <application>auth-client-config</application> package allows simple "
16953
17003
"configuration of PAM for authentication from multiple sources, and the "
16958
17008
"be accessed off the network as well."
16959
17009
msgstr ""
16960
17010
16961
#: serverguide/C/network-auth.xml:3266(para)
17011
#: serverguide/C/network-auth.xml:3295(para)
16962
17012
msgid "To configure the client in a terminal enter:"
16963
17013
msgstr ""
16964
17014
16965
#: serverguide/C/network-auth.xml:3271(command)
17015
#: serverguide/C/network-auth.xml:3300(command)
16966
17016
msgid "sudo dpkg-reconfigure krb5-config"
16967
17017
msgstr ""
16968
17018
16969
#: serverguide/C/network-auth.xml:3274(para)
17019
#: serverguide/C/network-auth.xml:3303(para)
16970
17020
msgid ""
16971
17021
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16972
17022
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16974
17024
"Center (KDC) and Realm Administration server."
16975
17025
msgstr ""
16976
17026
16977
#: serverguide/C/network-auth.xml:3280(para)
17027
#: serverguide/C/network-auth.xml:3309(para)
16978
17028
msgid ""
16979
17029
"The <application>dpkg-reconfigure</application> adds entries to the "
16980
17030
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16981
17031
"entries similar to the following:"
16982
17032
msgstr ""
16983
17033
16984
#: serverguide/C/network-auth.xml:3285(programlisting)
17034
#: serverguide/C/network-auth.xml:3311(programlisting)
16985
17035
#, no-wrap
16986
17036
msgid ""
16987
17037
"\n"
16995
17045
" }\n"
16996
17046
msgstr ""
16997
17047
16998
#: serverguide/C/network-auth.xml:3297(para)
17048
#: serverguide/C/network-auth.xml:3326(para)
16999
17049
msgid ""
17000
17050
"If you set the uid of each of your network-authenticated users to start at "
17001
17051
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17003
17053
"> 5000:"
17004
17054
msgstr ""
17005
17055
17006
#: serverguide/C/network-auth.xml:3305(command)
17056
#: serverguide/C/network-auth.xml:3334(command)
17007
17057
msgid ""
17008
17058
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17009
17059
"for i in common-auth common-session common-account common-password; do sudo "
17011
17061
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17012
17062
msgstr ""
17013
17063
17014
#: serverguide/C/network-auth.xml:3312(para)
17064
#: serverguide/C/network-auth.xml:3341(para)
17015
17065
msgid ""
17016
17066
"This will avoid being asked for the (non-existent) Kerberos password of a "
17017
17067
"locally authenticated user when changing its password using "
17018
17068
"<command>passwd</command>."
17019
17069
msgstr ""
17020
17070
17021
#: serverguide/C/network-auth.xml:3319(para)
17071
#: serverguide/C/network-auth.xml:3348(para)
17022
17072
msgid ""
17023
17073
"You can test the configuration by requesting a ticket using the "
17024
17074
"<application>kinit</application> utility. For example:"
17025
17075
msgstr ""
17026
17076
17027
#: serverguide/C/network-auth.xml:3324(command)
17077
#: serverguide/C/network-auth.xml:3353(command)
17028
17078
msgid "kinit steve@EXAMPLE.COM"
17029
17079
msgstr ""
17030
17080
17031
#: serverguide/C/network-auth.xml:3325(computeroutput)
17081
#: serverguide/C/network-auth.xml:3354(computeroutput)
17032
17082
#, no-wrap
17033
17083
msgid "Password for steve@EXAMPLE.COM:"
17034
17084
msgstr ""
17035
17085
17036
#: serverguide/C/network-auth.xml:3328(para)
17086
#: serverguide/C/network-auth.xml:3357(para)
17037
17087
msgid ""
17038
17088
"When a ticket has been granted, the details can be viewed using "
17039
17089
"<application>klist</application>:"
17040
17090
msgstr ""
17041
17091
17042
#: serverguide/C/network-auth.xml:3334(computeroutput)
17092
#: serverguide/C/network-auth.xml:3363(computeroutput)
17043
17093
#, no-wrap
17044
17094
msgid ""
17045
17095
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17054
17104
"klist: You have no tickets cached"
17055
17105
msgstr ""
17056
17106
17057
#: serverguide/C/network-auth.xml:3346(para)
17107
#: serverguide/C/network-auth.xml:3375(para)
17058
17108
msgid ""
17059
17109
"Next, use the <application>auth-client-config</application> to configure the "
17060
17110
"<application>libpam-krb5</application> module to request a ticket during "
17061
17111
"login:"
17062
17112
msgstr ""
17063
17113
17064
#: serverguide/C/network-auth.xml:3352(command)
17114
#: serverguide/C/network-auth.xml:3381(command)
17065
17115
msgid "sudo auth-client-config -a -p kerberos_example"
17066
17116
msgstr ""
17067
17117
17068
#: serverguide/C/network-auth.xml:3355(para)
17118
#: serverguide/C/network-auth.xml:3384(para)
17069
17119
msgid ""
17070
17120
"You will should now receive a ticket upon successful login authentication."
17071
17121
msgstr ""
17072
17122
17073
#: serverguide/C/network-auth.xml:3366(para)
17123
#: serverguide/C/network-auth.xml:3395(para)
17074
17124
msgid ""
17075
17125
"For more information on MIT's version of Kerberos, see the <ulink "
17076
17126
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17077
17127
msgstr ""
17078
17128
17079
#: serverguide/C/network-auth.xml:3371(para)
17129
#: serverguide/C/network-auth.xml:3400(para)
17080
17130
msgid ""
17081
17131
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17082
17132
"Kerberos</ulink> page has more details."
17083
17133
msgstr ""
17084
17134
17085
#: serverguide/C/network-auth.xml:3376(para)
17135
#: serverguide/C/network-auth.xml:3405(para)
17086
17136
msgid ""
17087
17137
"O'Reilly's <ulink "
17088
17138
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17089
17139
"Guide</ulink> is a great reference when setting up Kerberos."
17090
17140
msgstr ""
17091
17141
17092
#: serverguide/C/network-auth.xml:3382(para)
17142
#: serverguide/C/network-auth.xml:3411(para)
17093
17143
msgid ""
17094
17144
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17095
17145
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17096
17146
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17097
17147
msgstr ""
17098
17148
17099
#: serverguide/C/network-auth.xml:3394(title)
17149
#: serverguide/C/network-auth.xml:3423(title)
17100
17150
msgid "Kerberos and LDAP"
17101
17151
msgstr ""
17102
17152
17103
#: serverguide/C/network-auth.xml:3396(para)
17153
#: serverguide/C/network-auth.xml:3425(para)
17104
17154
msgid ""
17105
17155
"Most people will not use Kerberos by itself; once an user is authenticated "
17106
17156
"(Kerberos), we need to figure out what this user can do (authorization). And "
17107
17157
"that would be the job of programs such as <application>LDAP</application>."
17108
17158
msgstr ""
17109
17159
17110
#: serverguide/C/network-auth.xml:3403(para)
17160
#: serverguide/C/network-auth.xml:3432(para)
17111
17161
msgid ""
17112
17162
"Replicating a Kerberos principal database between two servers can be "
17113
17163
"complicated, and adds an additional user database to your network. "
17117
17167
"<application>OpenLDAP</application> for the principal database."
17118
17168
msgstr ""
17119
17169
17120
#: serverguide/C/network-auth.xml:3411(para)
17170
#: serverguide/C/network-auth.xml:3440(para)
17121
17171
msgid ""
17122
17172
"The examples presented here assume <application>MIT Kerberos</application> "
17123
17173
"and <application>OpenLDAP</application>."
17124
17174
msgstr ""
17125
17175
17126
#: serverguide/C/network-auth.xml:3419(title)
17176
#: serverguide/C/network-auth.xml:3448(title)
17127
17177
msgid "Configuring OpenLDAP"
17128
17178
msgstr ""
17129
17179
17130
#: serverguide/C/network-auth.xml:3421(para)
17180
#: serverguide/C/network-auth.xml:3450(para)
17131
17181
msgid ""
17132
17182
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17133
17183
"<application>OpenLDAP</application> server that has network connectivity to "
17136
17186
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17137
17187
msgstr ""
17138
17188
17139
#: serverguide/C/network-auth.xml:3427(para)
17189
#: serverguide/C/network-auth.xml:3456(para)
17140
17190
msgid ""
17141
17191
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17142
17192
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17143
17193
"linkend=\"openldap-tls\"/> for details."
17144
17194
msgstr ""
17145
17195
17146
#: serverguide/C/network-auth.xml:3433(para)
17196
#: serverguide/C/network-auth.xml:3462(para)
17147
17197
msgid ""
17148
17198
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17149
17199
"edit the ldap database. Many times it is the RootDN. Change its value to "
17150
17200
"reflect your setup."
17151
17201
msgstr ""
17152
17202
17153
#: serverguide/C/network-auth.xml:3442(para)
17203
#: serverguide/C/network-auth.xml:3471(para)
17154
17204
msgid ""
17155
17205
"To load the schema into LDAP, on the LDAP server install the "
17156
17206
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17157
17207
msgstr ""
17158
17208
17159
#: serverguide/C/network-auth.xml:3448(command)
17209
#: serverguide/C/network-auth.xml:3477(command)
17160
17210
msgid "sudo apt-get install krb5-kdc-ldap"
17161
17211
msgstr ""
17162
17212
17163
#: serverguide/C/network-auth.xml:3453(para)
17213
#: serverguide/C/network-auth.xml:3482(para)
17164
17214
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17165
17215
msgstr ""
17166
17216
17167
#: serverguide/C/network-auth.xml:3458(command)
17217
#: serverguide/C/network-auth.xml:3487(command)
17168
17218
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17169
17219
msgstr ""
17170
17220
17171
#: serverguide/C/network-auth.xml:3459(command)
17221
#: serverguide/C/network-auth.xml:3488(command)
17172
17222
msgid ""
17173
17223
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17174
17224
msgstr ""
17175
17225
17176
#: serverguide/C/network-auth.xml:3465(para)
17226
#: serverguide/C/network-auth.xml:3494(para)
17177
17227
msgid ""
17178
17228
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17179
17229
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17181
17231
"linkend=\"openldap-configuration\"/>."
17182
17232
msgstr ""
17183
17233
17184
#: serverguide/C/network-auth.xml:3473(para)
17234
#: serverguide/C/network-auth.xml:3502(para)
17185
17235
msgid ""
17186
17236
"First, create a configuration file named "
17187
17237
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17188
17238
"containing the following lines:"
17189
17239
msgstr ""
17190
17240
17191
#: serverguide/C/network-auth.xml:3478(programlisting)
17241
#: serverguide/C/network-auth.xml:3507(programlisting)
17192
17242
#, no-wrap
17193
17243
msgid ""
17194
17244
"\n"
17207
17257
"include /etc/ldap/schema/kerberos.schema\n"
17208
17258
msgstr ""
17209
17259
17210
#: serverguide/C/network-auth.xml:3498(para)
17260
#: serverguide/C/network-auth.xml:3527(para)
17211
17261
msgid "Create a temporary directory to hold the LDIF files:"
17212
17262
msgstr ""
17213
17263
17214
#: serverguide/C/network-auth.xml:3502(command)
17264
#: serverguide/C/network-auth.xml:3531(command)
17215
17265
msgid "mkdir /tmp/ldif_output"
17216
17266
msgstr ""
17217
17267
17218
#: serverguide/C/network-auth.xml:3508(para)
17268
#: serverguide/C/network-auth.xml:3537(para)
17219
17269
msgid ""
17220
17270
"Now use <application>slapcat</application> to convert the schema files:"
17221
17271
msgstr ""
17222
17272
17223
#: serverguide/C/network-auth.xml:3513(command)
17273
#: serverguide/C/network-auth.xml:3542(command)
17224
17274
msgid ""
17225
17275
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17226
17276
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17227
17277
msgstr ""
17228
17278
17229
#: serverguide/C/network-auth.xml:3517(para)
17279
#: serverguide/C/network-auth.xml:3546(para)
17230
17280
msgid ""
17231
17281
"Change the above file and path names to match your own if they are different."
17232
17282
msgstr ""
17233
17283
17234
#: serverguide/C/network-auth.xml:3524(para)
17284
#: serverguide/C/network-auth.xml:3553(para)
17235
17285
msgid ""
17236
17286
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17237
17287
"changing the following attributes:"
17238
17288
msgstr ""
17239
17289
17240
#: serverguide/C/network-auth.xml:3528(programlisting)
17290
#: serverguide/C/network-auth.xml:3557(programlisting)
17241
17291
#, no-wrap
17242
17292
msgid ""
17243
17293
"\n"
17246
17296
"cn: kerberos\n"
17247
17297
msgstr ""
17248
17298
17249
#: serverguide/C/network-auth.xml:3534(para)
17299
#: serverguide/C/network-auth.xml:3563(para)
17250
17300
msgid "And remove the following lines from the end of the file:"
17251
17301
msgstr ""
17252
17302
17253
#: serverguide/C/network-auth.xml:3538(programlisting)
17303
#: serverguide/C/network-auth.xml:3567(programlisting)
17254
17304
#, no-wrap
17255
17305
msgid ""
17256
17306
"\n"
17263
17313
"modifyTimestamp: 20090111203515Z\n"
17264
17314
msgstr ""
17265
17315
17266
#: serverguide/C/network-auth.xml:3548(para)
17316
#: serverguide/C/network-auth.xml:3577(para)
17267
17317
msgid ""
17268
17318
"The attribute values will vary, just be sure the attributes are removed."
17269
17319
msgstr ""
17270
17320
17271
#: serverguide/C/network-auth.xml:3555(para)
17321
#: serverguide/C/network-auth.xml:3584(para)
17272
17322
msgid "Load the new schema with <application>ldapadd</application>:"
17273
17323
msgstr ""
17274
17324
17275
#: serverguide/C/network-auth.xml:3560(command)
17325
#: serverguide/C/network-auth.xml:3589(command)
17276
17326
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17277
17327
msgstr ""
17278
17328
17279
#: serverguide/C/network-auth.xml:3566(para)
17329
#: serverguide/C/network-auth.xml:3595(para)
17280
17330
msgid ""
17281
17331
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17282
17332
msgstr ""
17283
17333
17284
#: serverguide/C/network-auth.xml:3571(command) serverguide/C/network-auth.xml:3588(command)
17334
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17285
17335
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17286
17336
msgstr ""
17287
17337
17288
#: serverguide/C/network-auth.xml:3573(userinput)
17338
#: serverguide/C/network-auth.xml:3602(userinput)
17289
17339
#, no-wrap
17290
17340
msgid ""
17291
17341
"dn: olcDatabase={1}hdb,cn=config\n"
17293
17343
"olcDbIndex: krbPrincipalName eq,pres,sub"
17294
17344
msgstr ""
17295
17345
17296
#: serverguide/C/network-auth.xml:3572(computeroutput)
17346
#: serverguide/C/network-auth.xml:3601(computeroutput)
17297
17347
#, no-wrap
17298
17348
msgid ""
17299
17349
"Enter LDAP Password:\n"
17302
17352
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17303
17353
msgstr ""
17304
17354
17305
#: serverguide/C/network-auth.xml:3583(para)
17355
#: serverguide/C/network-auth.xml:3612(para)
17306
17356
msgid "Finally, update the Access Control Lists (ACL):"
17307
17357
msgstr ""
17308
17358
17309
#: serverguide/C/network-auth.xml:3590(userinput)
17359
#: serverguide/C/network-auth.xml:3619(userinput)
17310
17360
#, no-wrap
17311
17361
msgid ""
17312
17362
"dn: olcDatabase={1}hdb,cn=config\n"
17322
17372
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17323
17373
msgstr ""
17324
17374
17325
#: serverguide/C/network-auth.xml:3589(computeroutput)
17375
#: serverguide/C/network-auth.xml:3618(computeroutput)
17326
17376
#, no-wrap
17327
17377
msgid ""
17328
17378
"Enter LDAP Password: \n"
17331
17381
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17332
17382
msgstr ""
17333
17383
17334
#: serverguide/C/network-auth.xml:3610(para)
17384
#: serverguide/C/network-auth.xml:3639(para)
17335
17385
msgid ""
17336
17386
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17337
17387
"database."
17338
17388
msgstr ""
17339
17389
17340
#: serverguide/C/network-auth.xml:3616(title)
17390
#: serverguide/C/network-auth.xml:3645(title)
17341
17391
msgid "Primary KDC Configuration"
17342
17392
msgstr ""
17343
17393
17344
#: serverguide/C/network-auth.xml:3618(para)
17394
#: serverguide/C/network-auth.xml:3647(para)
17345
17395
msgid ""
17346
17396
"With <application>OpenLDAP</application> configured it is time to configure "
17347
17397
"the KDC."
17348
17398
msgstr ""
17349
17399
17350
#: serverguide/C/network-auth.xml:3624(para)
17400
#: serverguide/C/network-auth.xml:3653(para)
17351
17401
msgid "First, install the necessary packages, from a terminal enter:"
17352
17402
msgstr ""
17353
17403
17354
#: serverguide/C/network-auth.xml:3629(command) serverguide/C/network-auth.xml:3788(command)
17404
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17355
17405
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17356
17406
msgstr ""
17357
17407
17358
#: serverguide/C/network-auth.xml:3635(para)
17408
#: serverguide/C/network-auth.xml:3664(para)
17359
17409
msgid ""
17360
17410
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17361
17411
"under the appropriate sections:"
17362
17412
msgstr ""
17363
17413
17364
#: serverguide/C/network-auth.xml:3639(programlisting)
17414
#: serverguide/C/network-auth.xml:3668(programlisting)
17365
17415
#, no-wrap
17366
17416
msgid ""
17367
17417
"\n"
17411
17461
" }\n"
17412
17462
msgstr ""
17413
17463
17414
#: serverguide/C/network-auth.xml:3684(para)
17464
#: serverguide/C/network-auth.xml:3713(para)
17415
17465
msgid ""
17416
17466
"Change <emphasis>example.com</emphasis>, "
17417
17467
"<emphasis>dc=example,dc=com</emphasis>, "
17420
17470
"object, and LDAP server for your network."
17421
17471
msgstr ""
17422
17472
17423
#: serverguide/C/network-auth.xml:3693(para)
17473
#: serverguide/C/network-auth.xml:3722(para)
17424
17474
msgid ""
17425
17475
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17426
17476
"the realm:"
17427
17477
msgstr ""
17428
17478
17429
#: serverguide/C/network-auth.xml:3698(command)
17479
#: serverguide/C/network-auth.xml:3727(command)
17430
17480
msgid ""
17431
17481
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17432
17482
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17433
17483
msgstr ""
17434
17484
17435
#: serverguide/C/network-auth.xml:3705(para)
17485
#: serverguide/C/network-auth.xml:3734(para)
17436
17486
msgid ""
17437
17487
"Create a stash of the password used to bind to the LDAP server. This "
17438
17488
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17440
17490
"<filename>/etc/krb5.conf</filename>:"
17441
17491
msgstr ""
17442
17492
17443
#: serverguide/C/network-auth.xml:3711(command) serverguide/C/network-auth.xml:3850(command)
17493
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17444
17494
msgid ""
17445
17495
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17446
17496
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17447
17497
msgstr ""
17448
17498
17449
#: serverguide/C/network-auth.xml:3718(para)
17499
#: serverguide/C/network-auth.xml:3747(para)
17450
17500
msgid "Copy the CA certificate from the LDAP server:"
17451
17501
msgstr ""
17452
17502
17453
#: serverguide/C/network-auth.xml:3723(command)
17503
#: serverguide/C/network-auth.xml:3752(command)
17454
17504
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17455
17505
msgstr ""
17456
17506
17457
#: serverguide/C/network-auth.xml:3724(command)
17507
#: serverguide/C/network-auth.xml:3753(command)
17458
17508
msgid "sudo cp cacert.pem /etc/ssl/certs"
17459
17509
msgstr ""
17460
17510
17461
#: serverguide/C/network-auth.xml:3727(para)
17511
#: serverguide/C/network-auth.xml:3756(para)
17462
17512
msgid ""
17463
17513
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17464
17514
msgstr ""
17465
17515
17466
#: serverguide/C/network-auth.xml:3731(programlisting)
17516
#: serverguide/C/network-auth.xml:3760(programlisting)
17467
17517
#, no-wrap
17468
17518
msgid ""
17469
17519
"\n"
17470
17520
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17471
17521
msgstr ""
17472
17522
17473
#: serverguide/C/network-auth.xml:3736(para)
17523
#: serverguide/C/network-auth.xml:3765(para)
17474
17524
msgid ""
17475
17525
"The certificate will also need to be copied to the Secondary KDC, to allow "
17476
17526
"the connection to the LDAP servers using LDAPS."
17477
17527
msgstr ""
17478
17528
17479
#: serverguide/C/network-auth.xml:3745(para)
17529
#: serverguide/C/network-auth.xml:3774(para)
17480
17530
msgid ""
17481
17531
"You can now add Kerberos principals to the LDAP database, and they will be "
17482
17532
"copied to any other LDAP servers configured for replication. To add a "
17483
17533
"principal using the <application>kadmin.local</application> utility enter:"
17484
17534
msgstr ""
17485
17535
17486
#: serverguide/C/network-auth.xml:3753(userinput)
17536
#: serverguide/C/network-auth.xml:3782(userinput)
17487
17537
#, no-wrap
17488
17538
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17489
17539
msgstr ""
17490
17540
17491
#: serverguide/C/network-auth.xml:3752(computeroutput)
17541
#: serverguide/C/network-auth.xml:3781(computeroutput)
17492
17542
#, no-wrap
17493
17543
msgid ""
17494
17544
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17499
17549
"Principal \"steve@EXAMPLE.COM\" created."
17500
17550
msgstr ""
17501
17551
17502
#: serverguide/C/network-auth.xml:3760(para)
17552
#: serverguide/C/network-auth.xml:3789(para)
17503
17553
msgid ""
17504
17554
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17505
17555
"krbExtraData attributes added to the "
17508
17558
"utilities to test that the user is indeed issued a ticket."
17509
17559
msgstr ""
17510
17560
17511
#: serverguide/C/network-auth.xml:3767(para)
17561
#: serverguide/C/network-auth.xml:3796(para)
17512
17562
msgid ""
17513
17563
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17514
17564
"option is needed to add the Kerberos attributes. Otherwise a new "
17515
17565
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17516
17566
msgstr ""
17517
17567
17518
#: serverguide/C/network-auth.xml:3775(title)
17568
#: serverguide/C/network-auth.xml:3804(title)
17519
17569
msgid "Secondary KDC Configuration"
17520
17570
msgstr ""
17521
17571
17522
#: serverguide/C/network-auth.xml:3777(para)
17572
#: serverguide/C/network-auth.xml:3806(para)
17523
17573
msgid ""
17524
17574
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17525
17575
"one using the normal Kerberos database."
17526
17576
msgstr ""
17527
17577
17528
#: serverguide/C/network-auth.xml:3783(para)
17578
#: serverguide/C/network-auth.xml:3812(para)
17529
17579
msgid "First, install the necessary packages. In a terminal enter:"
17530
17580
msgstr ""
17531
17581
17532
#: serverguide/C/network-auth.xml:3794(para)
17582
#: serverguide/C/network-auth.xml:3823(para)
17533
17583
msgid ""
17534
17584
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17535
17585
msgstr ""
17536
17586
17537
#: serverguide/C/network-auth.xml:3798(programlisting)
17587
#: serverguide/C/network-auth.xml:3827(programlisting)
17538
17588
#, no-wrap
17539
17589
msgid ""
17540
17590
"\n"
17583
17633
" }\n"
17584
17634
msgstr ""
17585
17635
17586
#: serverguide/C/network-auth.xml:3845(para)
17636
#: serverguide/C/network-auth.xml:3874(para)
17587
17637
msgid "Create the stash for the LDAP bind password:"
17588
17638
msgstr ""
17589
17639
17590
#: serverguide/C/network-auth.xml:3857(para)
17640
#: serverguide/C/network-auth.xml:3886(para)
17591
17641
msgid ""
17592
17642
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17593
17643
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17596
17646
"media."
17597
17647
msgstr ""
17598
17648
17599
#: serverguide/C/network-auth.xml:3864(command)
17649
#: serverguide/C/network-auth.xml:3893(command)
17600
17650
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17601
17651
msgstr ""
17602
17652
17603
#: serverguide/C/network-auth.xml:3865(command)
17653
#: serverguide/C/network-auth.xml:3894(command)
17604
17654
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17605
17655
msgstr ""
17606
17656
17607
#: serverguide/C/network-auth.xml:3869(para)
17657
#: serverguide/C/network-auth.xml:3898(para)
17608
17658
msgid ""
17609
17659
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17610
17660
msgstr ""
17611
17661
17612
#: serverguide/C/network-auth.xml:3877(para)
17662
#: serverguide/C/network-auth.xml:3906(para)
17613
17663
msgid ""
17614
17664
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17615
17665
"only,"
17616
17666
msgstr ""
17617
17667
17618
#: serverguide/C/network-auth.xml:3889(para)
17668
#: serverguide/C/network-auth.xml:3918(para)
17619
17669
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17620
17670
msgstr ""
17621
17671
17622
#: serverguide/C/network-auth.xml:3900(para)
17672
#: serverguide/C/network-auth.xml:3929(para)
17623
17673
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17624
17674
msgstr ""
17625
17675
17626
#: serverguide/C/network-auth.xml:3907(para)
17676
#: serverguide/C/network-auth.xml:3936(para)
17627
17677
msgid ""
17628
17678
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17629
17679
"you should be able to continue to authenticate users if one LDAP server, one "
17630
17680
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17631
17681
msgstr ""
17632
17682
17633
#: serverguide/C/network-auth.xml:3919(para)
17683
#: serverguide/C/network-auth.xml:3948(para)
17634
17684
msgid ""
17635
17685
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17636
17686
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17637
17687
"Guide</ulink> has some additional details."
17638
17688
msgstr ""
17639
17689
17640
#: serverguide/C/network-auth.xml:3925(para)
17690
#: serverguide/C/network-auth.xml:3951(para)
17641
17691
msgid ""
17642
17692
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17643
17693
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17647
17697
"l\">kdb5_ldap_util man page</ulink>."
17648
17698
msgstr ""
17649
17699
17650
#: serverguide/C/network-auth.xml:3933(para)
17700
#: serverguide/C/network-auth.xml:3959(para)
17651
17701
msgid ""
17652
17702
"Another useful link is the <ulink "
17653
17703
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17654
17704
"rb5.conf man page</ulink>."
17655
17705
msgstr ""
17656
17706
17657
#: serverguide/C/network-auth.xml:3938(para)
17707
#: serverguide/C/network-auth.xml:3967(para)
17658
17708
msgid ""
17659
17709
"Also, see the <ulink "
17660
17710
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17661
17711
"and LDAP</ulink> Ubuntu wiki page."
17662
17712
msgstr ""
17663
17713
17714
#: serverguide/C/network-auth.xml:3973(title)
17715
msgid "SSSD and Active Directory"
17716
msgstr ""
17717
17718
#: serverguide/C/network-auth.xml:3974(para)
17719
msgid ""
17720
"This section describes the use of sssd to authenticate user logins against "
17721
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17722
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
17723
"However, when authenticating against a Microsoft Windows AD Domain "
17724
"Controller, it was generally necessary to install the POSIX AD extensions on "
17725
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
17726
"requires no modifications to the AD structure."
17727
msgstr ""
17728
17729
#: serverguide/C/network-auth.xml:3978(title)
17730
msgid "Prerequisites, Assumptions, and Requirements"
17731
msgstr ""
17732
17733
#: serverguide/C/network-auth.xml:3981(para)
17734
msgid ""
17735
"This guide does not explain Active Directory, how it works, how to set one "
17736
"up, or how to maintain it. It may not provide “best practices” for your "
17737
"environment."
17738
msgstr ""
17739
17740
#: serverguide/C/network-auth.xml:3983(para)
17741
msgid ""
17742
"This guide assumes that a working Active Directory domain is already "
17743
"configured."
17744
msgstr ""
17745
17746
#: serverguide/C/network-auth.xml:3985(para)
17747
msgid ""
17748
"The domain controller is acting as an authoritative DNS server for the "
17749
"domain."
17750
msgstr ""
17751
17752
#: serverguide/C/network-auth.xml:3987(para)
17753
msgid ""
17754
"The domain controller is the primary DNS resolver as specified in "
17755
"<filename>/etc/resolv.conf</filename>."
17756
msgstr ""
17757
17758
#: serverguide/C/network-auth.xml:3990(para)
17759
msgid ""
17760
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17761
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17762
"(see Resources section for external links)."
17763
msgstr ""
17764
17765
#: serverguide/C/network-auth.xml:3992(para)
17766
msgid ""
17767
"System time is synchronized on the domain controller (necessary for "
17768
"Kerberos)."
17769
msgstr ""
17770
17771
#: serverguide/C/network-auth.xml:3994(para)
17772
msgid ""
17773
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17774
"."
17775
msgstr ""
17776
17777
#: serverguide/C/network-auth.xml:3999(para)
17778
msgid ""
17779
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17780
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17781
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
17782
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
17783
"controllers are needed for this step."
17784
msgstr ""
17785
17786
#: serverguide/C/network-auth.xml:4000(para)
17787
msgid "Install these packages now."
17788
msgstr ""
17789
17790
#: serverguide/C/network-auth.xml:4002(command)
17791
msgid "sudo apt-get install krb5-user samba sssd ntp"
17792
msgstr ""
17793
17794
#: serverguide/C/network-auth.xml:4003(para)
17795
msgid ""
17796
"See the next section for the answers to the questions asked by the "
17797
"<emphasis>krb5-user</emphasis> postinstall script."
17798
msgstr ""
17799
17800
#: serverguide/C/network-auth.xml:4006(title)
17801
msgid "Kerberos Configuration"
17802
msgstr ""
17803
17804
#: serverguide/C/network-auth.xml:4007(para)
17805
msgid ""
17806
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17807
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17808
"server (also the domain controller in this example.) This will write the "
17809
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
17810
"These sections may not be necessary if domain autodiscovery is working. If "
17811
"not, then both are needed."
17812
msgstr ""
17813
17814
#: serverguide/C/network-auth.xml:4008(para)
17815
msgid ""
17816
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17817
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17818
msgstr ""
17819
17820
#: serverguide/C/network-auth.xml:4011(para)
17821
msgid ""
17822
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17823
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17824
"as defaults):"
17825
msgstr ""
17826
17827
#: serverguide/C/network-auth.xml:4012(programlisting)
17828
#, no-wrap
17829
msgid ""
17830
"\n"
17831
"[libdefaults]\n"
17832
"\n"
17833
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
17834
"ticket_lifetime = 24h #\n"
17835
"renew_lifetime = 7d\n"
17836
"\t\t"
17837
msgstr ""
17838
17839
#: serverguide/C/network-auth.xml:4020(para)
17840
msgid ""
17841
"If default_realm is not specified, it may be necessary to log in with "
17842
"“username@domain” instead of “username”."
17843
msgstr ""
17844
17845
#: serverguide/C/network-auth.xml:4022(para)
17846
msgid ""
17847
"The system time on the Active Directory member needs to be consistent with "
17848
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17849
"the domain controller server itself will provide the NTP service. Edit "
17850
"<filename>/etc/ntp.conf</filename>:"
17851
msgstr ""
17852
17853
#: serverguide/C/network-auth.xml:4024(programlisting)
17854
#, no-wrap
17855
msgid ""
17856
"\n"
17857
"server dc.myubuntu.example.com\n"
17858
msgstr ""
17859
17860
#: serverguide/C/network-auth.xml:4031(para)
17861
msgid ""
17862
"Samba will be used to perform netbios/nmbd services related to Active "
17863
"Directory authentication, even if no file shares are exported. Edit the file "
17864
"/etc/samba/smb.conf and add the following to the "
17865
"<emphasis>[global]</emphasis> section:"
17866
msgstr ""
17867
17868
#: serverguide/C/network-auth.xml:4033(programlisting)
17869
#, no-wrap
17870
msgid ""
17871
"\n"
17872
"[global]\n"
17873
"\n"
17874
"workgroup = MYUBUNTU\n"
17875
"client signing = yes\n"
17876
"client use spnego = yes\n"
17877
"kerberos method = secrets and keytab\n"
17878
"realm = MYUBUNTU.EXAMPLE.COM\n"
17879
"security = ads\n"
17880
msgstr ""
17881
17882
#: serverguide/C/network-auth.xml:4044(para)
17883
msgid ""
17884
"Some guides specify that \"password server\" should be specified and pointed "
17885
"to the domain controller. This is only necessary if DNS is not properly set "
17886
"up to find the DC. By default, Samba will display a warning if \"password "
17887
"server\" is specified with \"security = ads\"."
17888
msgstr ""
17889
17890
#: serverguide/C/network-auth.xml:4049(title)
17891
msgid "SSSD Configuration"
17892
msgstr ""
17893
17894
#: serverguide/C/network-auth.xml:4051(para)
17895
msgid ""
17896
"There is no default/example config file for "
17897
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17898
"necessary to create one. This is a minimal working config file:"
17899
msgstr ""
17900
17901
#: serverguide/C/network-auth.xml:4053(programlisting)
17902
#, no-wrap
17903
msgid ""
17904
"\n"
17905
"[sssd]\n"
17906
"services = nss, pam\n"
17907
"config_file_version = 2\n"
17908
"domains = MYUBUNTU.EXAMPLE.COM\n"
17909
"\n"
17910
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
17911
"id_provider = ad\n"
17912
"access_provider = ad\n"
17913
"\n"
17914
"# Use this if users are being logged in at /.\n"
17915
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
17916
"pam_mkhomedir.so\n"
17917
"override_homedir = /home/%d/%u\n"
17918
"\n"
17919
"# Uncomment if the client machine hostname doesn't match the computer object "
17920
"on the DC.\n"
17921
"# ad_hostname = mymachine.myubuntu.example.com\n"
17922
"\n"
17923
"# Uncomment if DNS SRV resolution is not working\n"
17924
"# ad_server = dc.mydomain.example.com\n"
17925
"\n"
17926
"# Uncomment if the AD domain is named differently than the Samba domain\n"
17927
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
17928
"\n"
17929
"# Enumeration is discouraged for performance reasons.\n"
17930
"# enumerate = true\n"
17931
msgstr ""
17932
17933
#: serverguide/C/network-auth.xml:4080(para)
17934
msgid ""
17935
"After saving this file, set the ownership to root and the file permissions "
17936
"to 600:"
17937
msgstr ""
17938
17939
#: serverguide/C/network-auth.xml:4081(command)
17940
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17941
msgstr ""
17942
17943
#: serverguide/C/network-auth.xml:4082(command)
17944
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17945
msgstr ""
17946
17947
#: serverguide/C/network-auth.xml:4084(para)
17948
msgid ""
17949
"If the ownership or permissions are not correct, sssd will refuse to start."
17950
msgstr ""
17951
17952
#: serverguide/C/network-auth.xml:4088(title)
17953
msgid "Verify nsswitch.conf Configuration"
17954
msgstr ""
17955
17956
#: serverguide/C/network-auth.xml:4089(para)
17957
msgid ""
17958
"The post-install script for the sssd package makes some modifications to "
17959
"/etc/nsswitch.conf automatically. It should look something like this:"
17960
msgstr ""
17961
17962
#: serverguide/C/network-auth.xml:4091(programlisting)
17963
#, no-wrap
17964
msgid ""
17965
"\n"
17966
"passwd: compat sss\n"
17967
"group: compat sss\n"
17968
"...\n"
17969
"netgroup: nis sss\n"
17970
"sudoers: files sss\n"
17971
msgstr ""
17972
17973
#: serverguide/C/network-auth.xml:4101(title)
17974
msgid "Modify /etc/hosts"
17975
msgstr ""
17976
17977
#: serverguide/C/network-auth.xml:4102(para)
17978
msgid ""
17979
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17980
"example:"
17981
msgstr ""
17982
17983
#: serverguide/C/network-auth.xml:4103(programlisting)
17984
#, no-wrap
17985
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
17986
msgstr ""
17987
17988
#: serverguide/C/network-auth.xml:4105(para)
17989
msgid "This is useful in conjunction with dynamic DNS updates."
17990
msgstr ""
17991
17992
#: serverguide/C/network-auth.xml:4109(title)
17993
msgid "Join the Active Directory"
17994
msgstr ""
17995
17996
#: serverguide/C/network-auth.xml:4110(para)
17997
msgid "Now, restart ntp and samba and start sssd."
17998
msgstr ""
17999
18000
#: serverguide/C/virtualization.xml:2208(command)
18001
msgid "sudo service ntp restart"
18002
msgstr ""
18003
18004
#: serverguide/C/network-auth.xml:4114(command)
18005
msgid "sudo start sssd"
18006
msgstr ""
18007
18008
#: serverguide/C/network-auth.xml:4116(para)
18009
msgid "Test the configuration by obtaining a Kerberos ticket:"
18010
msgstr ""
18011
18012
#: serverguide/C/network-auth.xml:4118(command)
18013
msgid "sudo kinit Administrator"
18014
msgstr ""
18015
18016
#: serverguide/C/network-auth.xml:4120(para)
18017
msgid "Verify the ticket with:"
18018
msgstr ""
18019
18020
#: serverguide/C/network-auth.xml:4121(command)
18021
msgid "sudo klist"
18022
msgstr ""
18023
18024
#: serverguide/C/network-auth.xml:4123(para)
18025
msgid ""
18026
"If there is a ticket with an expiration date listed, then it is time to join "
18027
"the domain:"
18028
msgstr ""
18029
18030
#: serverguide/C/network-auth.xml:4125(command)
18031
msgid "sudo net ads join -k"
18032
msgstr ""
18033
18034
#: serverguide/C/network-auth.xml:4127(para)
18035
msgid ""
18036
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18037
"probably means that there is no (correct) alias in "
18038
"<filename>/etc/hosts</filename>, and the system could not provide its own "
18039
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
18040
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
18041
"\"Modify /etc/hosts\" above."
18042
msgstr ""
18043
18044
#: serverguide/C/network-auth.xml:4129(para)
18045
msgid ""
18046
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18047
"something is incorrect. Review the prior steps before proceeding)."
18048
msgstr ""
18049
18050
#: serverguide/C/network-auth.xml:4131(para)
18051
msgid ""
18052
"Here are a couple of (optional) checks to verify that the domain join was "
18053
"successful. Note that if the domain was successfully joined but one or both "
18054
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
18055
"Some of the changes appear to be asynchronous."
18056
msgstr ""
18057
18058
#: serverguide/C/network-auth.xml:4133(para)
18059
msgid "Verification option #1:"
18060
msgstr ""
18061
18062
#: serverguide/C/network-auth.xml:4134(para)
18063
msgid ""
18064
"Check the default Organizational Unit for computer accounts in the Active "
18065
"Directory to verify that the computer account was created. (Organizational "
18066
"Units in Active Directory is a topic outside the scope of this guide)."
18067
msgstr ""
18068
18069
#: serverguide/C/network-auth.xml:4136(para)
18070
msgid "Verification option #2"
18071
msgstr ""
18072
18073
#: serverguide/C/network-auth.xml:4137(para)
18074
msgid "Execute this command for a specific AD user (e.g. administrator)"
18075
msgstr ""
18076
18077
#: serverguide/C/network-auth.xml:4138(command)
18078
msgid "getent passwd username"
18079
msgstr ""
18080
18081
#: serverguide/C/network-auth.xml:4140(para)
18082
msgid ""
18083
"If <emphasis>enumerate = true</emphasis> is set in "
18084
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18085
"username argument will list all domain users. This may be useful for "
18086
"testing, but is slow and not recommended for production."
18087
msgstr ""
18088
18089
#: serverguide/C/network-auth.xml:4144(title)
18090
msgid "Test Authentication"
18091
msgstr ""
18092
18093
#: serverguide/C/network-auth.xml:4145(para)
18094
msgid ""
18095
"It should now be possible to authenticate using an Active Directory User's "
18096
"credentials:"
18097
msgstr ""
18098
18099
#: serverguide/C/network-auth.xml:4147(command)
18100
msgid "su - username"
18101
msgstr ""
18102
18103
#: serverguide/C/network-auth.xml:4149(para)
18104
msgid ""
18105
"If this works, then other login methods (getty, ssh) should also work."
18106
msgstr ""
18107
18108
#: serverguide/C/network-auth.xml:4151(para)
18109
msgid ""
18110
"If the computer account was created, indicating that the system was "
18111
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18112
"helpful to review <filename>/etc/pam.d</filename> and "
18113
"<filename>nssswitch.conf</filename> as well as the file changes described "
18114
"earlier in this guide."
18115
msgstr ""
18116
18117
#: serverguide/C/network-auth.xml:4155(title)
18118
msgid "Home directories with pam_mkhomedir (optional)"
18119
msgstr ""
18120
18121
#: serverguide/C/network-auth.xml:4156(para)
18122
msgid ""
18123
"When logging in using an Active Directory user account, it is likely that "
18124
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18125
"will create the user’s home directory on login. Edit "
18126
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
18127
"after <emphasis>session required pam_unix.so:</emphasis>"
18128
msgstr ""
18129
18130
#: serverguide/C/network-auth.xml:4157(programlisting)
18131
#, no-wrap
18132
msgid ""
18133
"\n"
18134
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18135
msgstr ""
18136
18137
#: serverguide/C/network-auth.xml:4161(para)
18138
msgid ""
18139
"This may also need <emphasis>override_homedir</emphasis> in "
18140
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18141
"set."
18142
msgstr ""
18143
18144
#: serverguide/C/network-auth.xml:4165(title)
18145
msgid "Desktop Ubuntu Authentication"
18146
msgstr ""
18147
18148
#: serverguide/C/network-auth.xml:4166(para)
18149
msgid ""
18150
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18151
"Directory accounts. The AD accounts will not show up in the pick list with "
18152
"local users, so lightdm will need to be modified. Edit the file "
18153
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
18154
"append the following two lines:"
18155
msgstr ""
18156
18157
#: serverguide/C/network-auth.xml:4168(programlisting)
18158
#, no-wrap
18159
msgid ""
18160
"\n"
18161
"greeter-show-manual-login=true\n"
18162
"greeter-hide-users=true\n"
18163
msgstr ""
18164
18165
#: serverguide/C/network-auth.xml:4173(para)
18166
msgid ""
18167
"Reboot to restart lightdm. It should now be possible to log in using a "
18168
"domain account using either <emphasis>username</emphasis> or "
18169
"<emphasis>username/username@domain</emphasis> format."
18170
msgstr ""
18171
18172
#: serverguide/C/network-auth.xml:4179(ulink)
18173
msgid "SSSD Project"
18174
msgstr ""
18175
18176
#: serverguide/C/network-auth.xml:4180(ulink)
18177
msgid "DNS Server Configuration guidelines"
18178
msgstr ""
18179
18180
#: serverguide/C/network-auth.xml:4181(ulink)
18181
msgid "Active Directory DNS Zone Entries"
18182
msgstr ""
18183
18184
#: serverguide/C/network-auth.xml:4182(ulink)
18185
msgid "Kerberos config options"
18186
msgstr ""
18187
17664
18188
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
17665
18189
msgid "Device Attributes"
17666
18190
msgstr ""
17669
18193
msgid "Attribute"
17670
18194
msgstr ""
17671
18195
17672
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18196
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
17673
18197
msgid "Description"
17674
18198
msgstr ""
17675
18199
17803
18327
"levels are between 0 and 6. The default value is 2."
17804
18328
msgstr ""
17805
18329
17806
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18330
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
17807
18331
msgid "path_selector"
17808
18332
msgstr ""
17809
18333
17838
18362
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
17839
18363
msgstr ""
17840
18364
17841
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18365
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
17842
18366
msgid "path_grouping_policy"
17843
18367
msgstr ""
17844
18368
17881
18405
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
17882
18406
msgstr ""
17883
18407
17884
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18408
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
17885
18409
msgid "getuid_callout"
17886
18410
msgstr ""
17887
18411
17897
18421
"path identifier. An absolute path is required. <placeholder-1/>"
17898
18422
msgstr ""
17899
18423
17900
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18424
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
17901
18425
msgid "prio"
17902
18426
msgstr ""
17903
18427
17953
18477
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
17954
18478
msgstr ""
17955
18479
17956
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18480
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
17957
18481
msgid "prio_args"
17958
18482
msgstr ""
17959
18483
17965
18489
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
17966
18490
msgstr ""
17967
18491
17968
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18492
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
17969
18493
msgid "features"
17970
18494
msgstr ""
17971
18495
17973
18497
msgid "queue_if_no_path"
17974
18498
msgstr ""
17975
18499
17976
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18500
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
17977
18501
msgid "no_path_retry"
17978
18502
msgstr ""
17979
18503
17993
18517
"feature, see Section, <placeholder-4/>."
17994
18518
msgstr ""
17995
18519
17996
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18520
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
17997
18521
msgid "path_checker"
17998
18522
msgstr ""
17999
18523
18043
18567
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18044
18568
msgstr ""
18045
18569
18046
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18570
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18047
18571
msgid "failback"
18048
18572
msgstr ""
18049
18573
18074
18598
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18075
18599
msgstr ""
18076
18600
18077
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18601
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18078
18602
msgid "rr_min_io"
18079
18603
msgstr ""
18080
18604
18088
18612
"the next path in the current path group.<placeholder-1/>"
18089
18613
msgstr ""
18090
18614
18091
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18615
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18092
18616
msgid "rr_weight"
18093
18617
msgstr ""
18094
18618
18142
18666
msgid "alias"
18143
18667
msgstr ""
18144
18668
18145
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
18669
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
18146
18670
msgid "multipath"
18147
18671
msgstr ""
18148
18672
18179
18703
"devices when it is shut down. <placeholder-2/>"
18180
18704
msgstr ""
18181
18705
18182
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
18706
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
18183
18707
msgid "flush_on_last_del"
18184
18708
msgstr ""
18185
18709
18225
18749
"explicit timeout, in seconds. <placeholder-1/>"
18226
18750
msgstr ""
18227
18751
18228
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
18752
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
18229
18753
msgid "fast_io_fail_tmo"
18230
18754
msgstr ""
18231
18755
18241
18765
"this to off will disable the timeout. <placeholder-1/>"
18242
18766
msgstr ""
18243
18767
18244
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
18768
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
18245
18769
msgid "dev_loss_tmo"
18246
18770
msgstr ""
18247
18771
18923
19447
"IMAP server."
18924
19448
msgstr ""
18925
19449
18926
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1581(title)
19450
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
18927
19451
msgid "Postfix"
18928
19452
msgstr ""
18929
19453
19046
19570
"your Mail Delivery Agent (MDA) to use the same path."
19047
19571
msgstr ""
19048
19572
19049
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19573
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19050
19574
msgid "SMTP Authentication"
19051
19575
msgstr ""
19052
19576
19197
19721
"tls_random_source = dev:/dev/urandom\n"
19198
19722
msgstr ""
19199
19723
19200
#: serverguide/C/mail.xml:229(para)
19724
#: serverguide/C/mail.xml:188(para)
19201
19725
msgid ""
19202
19726
"The postfix initial configuration is complete. Run the following command to "
19203
19727
"restart the postfix daemon:"
19204
19728
msgstr ""
19205
19729
19206
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1632(command)
19730
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1628(command)
19207
19731
msgid "sudo service postfix restart"
19208
19732
msgstr ""
19209
19733
19210
#: serverguide/C/mail.xml:238(para)
19734
#: serverguide/C/mail.xml:197(para)
19211
19735
msgid ""
19212
19736
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
19213
19737
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
19216
19740
"AUTH."
19217
19741
msgstr ""
19218
19742
19219
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
19743
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
19220
19744
msgid "Configuring SASL"
19221
19745
msgstr ""
19222
19746
19223
#: serverguide/C/mail.xml:249(para)
19747
#: serverguide/C/mail.xml:208(para)
19224
19748
msgid ""
19225
19749
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
19226
19750
"enable Dovecot SASL the <application>dovecot-common</application> package "
19227
19751
"will need to be installed. From a terminal prompt enter the following:"
19228
19752
msgstr ""
19229
19753
19230
#: serverguide/C/mail.xml:255(command)
19754
#: serverguide/C/mail.xml:214(command)
19231
19755
msgid "sudo apt-get install dovecot-common"
19232
19756
msgstr ""
19233
19757
19289
19813
"auth_mechanisms = plain login\n"
19290
19814
msgstr ""
19291
19815
19292
#: serverguide/C/mail.xml:298(para)
19816
#: serverguide/C/mail.xml:253(para)
19293
19817
msgid ""
19294
19818
"Once you have <application>Dovecot</application> configured restart it with:"
19295
19819
msgstr ""
19298
19822
msgid "sudo service dovecot restart"
19299
19823
msgstr ""
19300
19824
19301
#: serverguide/C/mail.xml:307(title)
19825
#: serverguide/C/mail.xml:262(title)
19302
19826
msgid "Mail-Stack Delivery"
19303
19827
msgstr ""
19304
19828
19305
#: serverguide/C/mail.xml:309(para)
19829
#: serverguide/C/mail.xml:264(para)
19306
19830
msgid ""
19307
19831
"Another option for configuring <application>Postfix</application> for SMTP-"
19308
19832
"AUTH is using the <application>mail-stack-delivery</application> package "
19313
19837
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
19314
19838
msgstr ""
19315
19839
19316
#: serverguide/C/mail.xml:319(para)
19840
#: serverguide/C/mail.xml:274(para)
19317
19841
msgid ""
19318
19842
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
19319
19843
"server. For example, if you are configuring your server to be a mail "
19321
19845
"the above commands to configure Postfix for SMTP-AUTH."
19322
19846
msgstr ""
19323
19847
19324
#: serverguide/C/mail.xml:326(para)
19848
#: serverguide/C/mail.xml:281(para)
19325
19849
msgid "To install the package, from a terminal prompt enter:"
19326
19850
msgstr ""
19327
19851
19328
#: serverguide/C/mail.xml:331(command)
19852
#: serverguide/C/mail.xml:286(command)
19329
19853
msgid "sudo apt-get install mail-stack-delivery"
19330
19854
msgstr ""
19331
19855
19332
#: serverguide/C/mail.xml:334(para)
19856
#: serverguide/C/mail.xml:289(para)
19333
19857
msgid ""
19334
19858
"You should now have a working mail server, but there are a few options that "
19335
19859
"you may wish to further customize. For example, the package uses the "
19339
19863
"for more details."
19340
19864
msgstr ""
19341
19865
19342
#: serverguide/C/mail.xml:340(para)
19866
#: serverguide/C/mail.xml:295(para)
19343
19867
msgid ""
19344
19868
"Once you have a customized certificate and key for the host, change the "
19345
19869
"following options in <filename>/etc/postfix/main.cf</filename>:"
19346
19870
msgstr ""
19347
19871
19348
#: serverguide/C/mail.xml:344(programlisting)
19872
#: serverguide/C/mail.xml:299(programlisting)
19349
19873
#, no-wrap
19350
19874
msgid ""
19351
19875
"\n"
19353
19877
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
19354
19878
msgstr ""
19355
19879
19356
#: serverguide/C/mail.xml:349(para)
19880
#: serverguide/C/mail.xml:304(para)
19357
19881
msgid "Then restart Postfix:"
19358
19882
msgstr ""
19359
19883
19360
#: serverguide/C/mail.xml:360(para)
19884
#: serverguide/C/mail.xml:315(para)
19361
19885
msgid ""
19362
19886
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
19363
19887
msgstr ""
19364
19888
19365
#: serverguide/C/mail.xml:363(para)
19889
#: serverguide/C/mail.xml:318(para)
19366
19890
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
19367
19891
msgstr ""
19368
19892
19369
#: serverguide/C/mail.xml:368(command)
19893
#: serverguide/C/mail.xml:323(command)
19370
19894
msgid "telnet mail.example.com 25"
19371
19895
msgstr ""
19372
19896
19373
#: serverguide/C/mail.xml:370(para)
19897
#: serverguide/C/mail.xml:325(para)
19374
19898
msgid ""
19375
19899
"After you have established the connection to the postfix mail server, type:"
19376
19900
msgstr ""
19377
19901
19378
#: serverguide/C/mail.xml:374(screen)
19902
#: serverguide/C/mail.xml:329(screen)
19379
19903
#, no-wrap
19380
19904
msgid ""
19381
19905
"\n"
19382
19906
"ehlo mail.example.com\n"
19383
19907
msgstr ""
19384
19908
19385
#: serverguide/C/mail.xml:377(para)
19909
#: serverguide/C/mail.xml:332(para)
19386
19910
msgid ""
19387
19911
"If you see the following lines among others, then everything is working "
19388
19912
"perfectly. Type <command>quit</command> to exit."
19389
19913
msgstr ""
19390
19914
19391
#: serverguide/C/mail.xml:381(programlisting)
19915
#: serverguide/C/mail.xml:336(programlisting)
19392
19916
#, no-wrap
19393
19917
msgid ""
19394
19918
"\n"
19398
19922
"250 8BITMIME\n"
19399
19923
msgstr ""
19400
19924
19401
#: serverguide/C/mail.xml:391(para)
19925
#: serverguide/C/mail.xml:346(para)
19402
19926
msgid ""
19403
19927
"This section introduces some common ways to determine the cause if problems "
19404
19928
"arise."
19405
19929
msgstr ""
19406
19930
19407
#: serverguide/C/mail.xml:395(title)
19931
#: serverguide/C/mail.xml:350(title)
19408
19932
msgid "Escaping chroot"
19409
19933
msgstr ""
19410
19934
19411
#: serverguide/C/mail.xml:396(para)
19935
#: serverguide/C/mail.xml:351(para)
19412
19936
msgid ""
19413
19937
"The Ubuntu <application>postfix</application> package will by default "
19414
19938
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
19415
19939
"This can add greater complexity when troubleshooting problems."
19416
19940
msgstr ""
19417
19941
19418
#: serverguide/C/mail.xml:400(para)
19942
#: serverguide/C/mail.xml:355(para)
19419
19943
msgid ""
19420
19944
"To turn off the chroot operation locate for the following line in the "
19421
19945
"<filename>/etc/postfix/master.cf</filename> configuration file:"
19422
19946
msgstr ""
19423
19947
19424
#: serverguide/C/mail.xml:404(screen)
19948
#: serverguide/C/mail.xml:359(screen)
19425
19949
#, no-wrap
19426
19950
msgid ""
19427
19951
"\n"
19428
19952
"smtp inet n - - - - smtpd\n"
19429
19953
msgstr ""
19430
19954
19431
#: serverguide/C/mail.xml:407(para)
19955
#: serverguide/C/mail.xml:362(para)
19432
19956
msgid "and modify it as follows:"
19433
19957
msgstr ""
19434
19958
19435
#: serverguide/C/mail.xml:410(screen)
19959
#: serverguide/C/mail.xml:365(screen)
19436
19960
#, no-wrap
19437
19961
msgid ""
19438
19962
"\n"
19439
19963
"smtp inet n - n - - smtpd\n"
19440
19964
msgstr ""
19441
19965
19442
#: serverguide/C/mail.xml:413(para)
19966
#: serverguide/C/mail.xml:368(para)
19443
19967
msgid ""
19444
19968
"You will then need to restart Postfix to use the new configuration. From a "
19445
19969
"terminal prompt enter:"
19467
19991
"\t "
19468
19992
msgstr ""
19469
19993
19470
#: serverguide/C/mail.xml:434(title)
19994
#: serverguide/C/mail.xml:376(title)
19471
19995
msgid "Log Files"
19472
19996
msgstr ""
19473
19997
19474
#: serverguide/C/mail.xml:435(para)
19998
#: serverguide/C/mail.xml:377(para)
19475
19999
msgid ""
19476
20000
"<application>Postfix</application> sends all log messages to "
19477
20001
"<filename>/var/log/mail.log</filename>. However error and warning messages "
19480
20004
"<filename>/var/log/mail.warn</filename> respectively."
19481
20005
msgstr ""
19482
20006
19483
#: serverguide/C/mail.xml:440(para)
20007
#: serverguide/C/mail.xml:382(para)
19484
20008
msgid ""
19485
20009
"To see messages entered into the logs in real time you can use the "
19486
20010
"<application>tail -f</application> command:"
19487
20011
msgstr ""
19488
20012
19489
#: serverguide/C/mail.xml:445(command)
20013
#: serverguide/C/mail.xml:387(command)
19490
20014
msgid "tail -f /var/log/mail.err"
19491
20015
msgstr ""
19492
20016
19493
#: serverguide/C/mail.xml:447(para)
20017
#: serverguide/C/mail.xml:389(para)
19494
20018
msgid ""
19495
20019
"The amount of detail that is recorded in the logs can be increased. Below "
19496
20020
"are some configuration options for increasing the log level for some of the "
19497
20021
"areas covered above."
19498
20022
msgstr ""
19499
20023
19500
#: serverguide/C/mail.xml:453(para)
20024
#: serverguide/C/mail.xml:395(para)
19501
20025
msgid ""
19502
20026
"To increase <emphasis>TLS</emphasis> activity logging set the "
19503
20027
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
19504
20028
msgstr ""
19505
20029
19506
#: serverguide/C/mail.xml:457(command)
20030
#: serverguide/C/mail.xml:399(command)
19507
20031
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
19508
20032
msgstr ""
19509
20033
19510
#: serverguide/C/mail.xml:461(para)
20034
#: serverguide/C/mail.xml:403(para)
19511
20035
msgid ""
19512
20036
"If you are having trouble sending or receiving mail from a specific domain "
19513
20037
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
19514
20038
msgstr ""
19515
20039
19516
#: serverguide/C/mail.xml:466(command)
20040
#: serverguide/C/mail.xml:408(command)
19517
20041
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
19518
20042
msgstr ""
19519
20043
19520
#: serverguide/C/mail.xml:470(para)
20044
#: serverguide/C/mail.xml:412(para)
19521
20045
msgid ""
19522
20046
"You can increase the verbosity of any <application>Postfix</application> "
19523
20047
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
19525
20049
"<emphasis>smtp</emphasis> entry:"
19526
20050
msgstr ""
19527
20051
19528
#: serverguide/C/mail.xml:474(programlisting)
20052
#: serverguide/C/mail.xml:416(programlisting)
19529
20053
#, no-wrap
19530
20054
msgid ""
19531
20055
"\n"
19547
20071
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
19548
20072
msgstr ""
19549
20073
19550
#: serverguide/C/mail.xml:491(programlisting)
20074
#: serverguide/C/mail.xml:433(programlisting)
19551
20075
#, no-wrap
19552
20076
msgid ""
19553
20077
"\n"
19562
20086
"reloaded: <command>sudo service dovecot reload</command>."
19563
20087
msgstr ""
19564
20088
19565
#: serverguide/C/mail.xml:504(para)
20089
#: serverguide/C/mail.xml:446(para)
19566
20090
msgid ""
19567
20091
"Some of the options above can drastically increase the amount of information "
19568
20092
"sent to the log files. Remember to return the log level back to normal after "
19570
20094
"new configuration to take affect."
19571
20095
msgstr ""
19572
20096
19573
#: serverguide/C/mail.xml:512(para)
20097
#: serverguide/C/mail.xml:454(para)
19574
20098
msgid ""
19575
20099
"Administering a <application>Postfix</application> server can be a very "
19576
20100
"complicated task. At some point you may need to turn to the Ubuntu community "
19577
20101
"for more experienced help."
19578
20102
msgstr ""
19579
20103
19580
#: serverguide/C/mail.xml:516(para)
20104
#: serverguide/C/mail.xml:458(para)
19581
20105
msgid ""
19582
20106
"A great place to ask for <application>Postfix</application> assistance, and "
19583
20107
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
19587
20111
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
19588
20112
msgstr ""
19589
20113
19590
#: serverguide/C/mail.xml:521(para)
20114
#: serverguide/C/mail.xml:463(para)
19591
20115
msgid ""
19592
20116
"For in depth <application>Postfix</application> information Ubuntu "
19593
20117
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
19594
20118
"Book of Postfix</ulink>."
19595
20119
msgstr ""
19596
20120
19597
#: serverguide/C/mail.xml:525(para)
20121
#: serverguide/C/mail.xml:467(para)
19598
20122
msgid ""
19599
20123
"Finally, the <ulink "
19600
20124
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
19608
20132
"Wiki Postfix</ulink> page has more information."
19609
20133
msgstr ""
19610
20134
19611
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20135
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
19612
20136
msgid "Exim4"
19613
20137
msgstr ""
19614
20138
19615
#: serverguide/C/mail.xml:538(para)
20139
#: serverguide/C/mail.xml:480(para)
19616
20140
msgid ""
19617
20141
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
19618
20142
"developed at the University of Cambridge for use on Unix systems connected "
19622
20146
"<application>sendmail</application>."
19623
20147
msgstr ""
19624
20148
19625
#: serverguide/C/mail.xml:549(para)
20149
#: serverguide/C/mail.xml:491(para)
19626
20150
msgid ""
19627
20151
"To install <application>exim4</application>, run the following command: "
19628
20152
"<screen>\n"
19630
20154
"</screen>"
19631
20155
msgstr ""
19632
20156
19633
#: serverguide/C/mail.xml:558(para)
20157
#: serverguide/C/mail.xml:500(para)
19634
20158
msgid ""
19635
20159
"To configure <application>Exim4</application>, run the following command:"
19636
20160
msgstr ""
19637
20161
19638
#: serverguide/C/mail.xml:562(command)
20162
#: serverguide/C/mail.xml:504(command)
19639
20163
msgid "sudo dpkg-reconfigure exim4-config"
19640
20164
msgstr ""
19641
20165
19642
#: serverguide/C/mail.xml:564(para)
20166
#: serverguide/C/mail.xml:506(para)
19643
20167
msgid ""
19644
20168
"The user interface will be displayed. The user interface lets you configure "
19645
20169
"many parameters. For example, In <application>Exim4</application> the "
19647
20171
"in one file you can configure accordingly in this user interface."
19648
20172
msgstr ""
19649
20173
19650
#: serverguide/C/mail.xml:572(para)
20174
#: serverguide/C/mail.xml:514(para)
19651
20175
msgid ""
19652
20176
"All the parameters you configure in the user interface are stored in "
19653
20177
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
19656
20180
"following command to generate the master configuration file:"
19657
20181
msgstr ""
19658
20182
19659
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20183
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
19660
20184
msgid "sudo update-exim4.conf"
19661
20185
msgstr ""
19662
20186
19663
#: serverguide/C/mail.xml:585(para)
20187
#: serverguide/C/mail.xml:527(para)
19664
20188
msgid ""
19665
20189
"The master configuration file, is generated and it is stored in "
19666
20190
"<filename>/var/lib/exim4/config.autogenerated</filename>."
19667
20191
msgstr ""
19668
20192
19669
#: serverguide/C/mail.xml:591(para)
20193
#: serverguide/C/mail.xml:533(para)
19670
20194
msgid ""
19671
20195
"At any time, you should not edit the master configuration file, "
19672
20196
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
19673
20197
"updated automatically every time you run <command>update-exim4.conf</command>"
19674
20198
msgstr ""
19675
20199
19676
#: serverguide/C/mail.xml:599(para)
20200
#: serverguide/C/mail.xml:541(para)
19677
20201
msgid ""
19678
20202
"You can run the following command to start <application>Exim4</application> "
19679
20203
"daemon."
19683
20207
msgid "sudo service exim4 start"
19684
20208
msgstr ""
19685
20209
19686
#: serverguide/C/mail.xml:609(para)
20210
#: serverguide/C/mail.xml:551(para)
19687
20211
msgid ""
19688
20212
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
19689
20213
msgstr ""
19690
20214
19691
#: serverguide/C/mail.xml:612(para)
20215
#: serverguide/C/mail.xml:554(para)
19692
20216
msgid ""
19693
20217
"The first step is to create a certificate for use with TLS. Enter the "
19694
20218
"following into a terminal prompt:"
19695
20219
msgstr ""
19696
20220
19697
#: serverguide/C/mail.xml:616(command)
20221
#: serverguide/C/mail.xml:558(command)
19698
20222
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19699
20223
msgstr ""
19700
20224
19701
#: serverguide/C/mail.xml:618(para)
20225
#: serverguide/C/mail.xml:560(para)
19702
20226
msgid ""
19703
20227
"Now Exim4 needs to be configured for TLS by editing "
19704
20228
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
19705
20229
"the following:"
19706
20230
msgstr ""
19707
20231
19708
#: serverguide/C/mail.xml:622(programlisting)
20232
#: serverguide/C/mail.xml:564(programlisting)
19709
20233
#, no-wrap
19710
20234
msgid ""
19711
20235
"\n"
19712
20236
"MAIN_TLS_ENABLE = yes\n"
19713
20237
msgstr ""
19714
20238
19715
#: serverguide/C/mail.xml:625(para)
20239
#: serverguide/C/mail.xml:567(para)
19716
20240
msgid ""
19717
20241
"Next you need to configure <application>Exim4</application> to use the "
19718
20242
"<application>saslauthd</application> for authentication. Edit "
19721
20245
"<emphasis>login_saslauthd_server</emphasis> sections:"
19722
20246
msgstr ""
19723
20247
19724
#: serverguide/C/mail.xml:630(programlisting)
20248
#: serverguide/C/mail.xml:572(programlisting)
19725
20249
#, no-wrap
19726
20250
msgid ""
19727
20251
"\n"
19747
20271
" .endif\n"
19748
20272
msgstr ""
19749
20273
19750
#: serverguide/C/mail.xml:652(para)
20274
#: serverguide/C/mail.xml:594(para)
19751
20275
msgid ""
19752
20276
"Additionally, in order for outside mail client to be able to connect to new "
19753
20277
"exim server, new user needs to be added into exim by using the following "
19758
20282
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
19759
20283
msgstr ""
19760
20284
19761
#: serverguide/C/mail.xml:658(para)
20285
#: serverguide/C/mail.xml:600(para)
19762
20286
msgid ""
19763
20287
"Users should protect the new exim password files with the following commands."
19764
20288
msgstr ""
19765
20289
19766
#: serverguide/C/mail.xml:660(command)
20290
#: serverguide/C/mail.xml:602(command)
19767
20291
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
19768
20292
msgstr ""
19769
20293
19770
#: serverguide/C/mail.xml:661(command)
20294
#: serverguide/C/mail.xml:603(command)
19771
20295
msgid "sudo chmod 640 /etc/exim4/passwd"
19772
20296
msgstr ""
19773
20297
19774
#: serverguide/C/mail.xml:663(para)
20298
#: serverguide/C/mail.xml:605(para)
19775
20299
msgid "Finally, update the Exim4 configuration and restart the service:"
19776
20300
msgstr ""
19777
20301
19779
20303
msgid "sudo service exim4 restart"
19780
20304
msgstr ""
19781
20305
19782
#: serverguide/C/mail.xml:673(para)
20306
#: serverguide/C/mail.xml:615(para)
19783
20307
msgid ""
19784
20308
"This section provides details on configuring the saslauthd to provide "
19785
20309
"authentication for <application>Exim4</application>."
19786
20310
msgstr ""
19787
20311
19788
#: serverguide/C/mail.xml:676(para)
20312
#: serverguide/C/mail.xml:618(para)
19789
20313
msgid ""
19790
20314
"The first step is to install the sasl2-bin package. From a terminal prompt "
19791
20315
"enter the following:"
19792
20316
msgstr ""
19793
20317
19794
#: serverguide/C/mail.xml:680(command)
20318
#: serverguide/C/mail.xml:622(command)
19795
20319
msgid "sudo apt-get install sasl2-bin"
19796
20320
msgstr ""
19797
20321
19798
#: serverguide/C/mail.xml:682(para)
20322
#: serverguide/C/mail.xml:624(para)
19799
20323
msgid ""
19800
20324
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
19801
20325
"and set START=no to:"
19802
20326
msgstr ""
19803
20327
19804
#: serverguide/C/mail.xml:688(para)
20328
#: serverguide/C/mail.xml:630(para)
19805
20329
msgid ""
19806
20330
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
19807
20331
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
19808
20332
"service:"
19809
20333
msgstr ""
19810
20334
19811
#: serverguide/C/mail.xml:693(command)
20335
#: serverguide/C/mail.xml:635(command)
19812
20336
msgid "sudo adduser Debian-exim sasl"
19813
20337
msgstr ""
19814
20338
19815
#: serverguide/C/mail.xml:695(para)
20339
#: serverguide/C/mail.xml:637(para)
19816
20340
msgid "Now start the <application>saslauthd</application> service:"
19817
20341
msgstr ""
19818
20342
19820
20344
msgid "sudo service saslauthd start"
19821
20345
msgstr ""
19822
20346
19823
#: serverguide/C/mail.xml:701(para)
20347
#: serverguide/C/mail.xml:643(para)
19824
20348
msgid ""
19825
20349
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
19826
20350
"and SASL authentication."
19827
20351
msgstr ""
19828
20352
19829
#: serverguide/C/mail.xml:710(para)
20353
#: serverguide/C/mail.xml:652(para)
19830
20354
msgid ""
19831
20355
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
19832
20356
"information."
19833
20357
msgstr ""
19834
20358
19835
#: serverguide/C/mail.xml:715(para)
20359
#: serverguide/C/mail.xml:657(para)
19836
20360
msgid ""
19837
20361
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
19838
20362
"server\">Exim4 Book</ulink> available."
19839
20363
msgstr ""
19840
20364
19841
#: serverguide/C/mail.xml:720(para)
20365
#: serverguide/C/mail.xml:662(para)
19842
20366
msgid ""
19843
20367
"Another resource is the <ulink "
19844
20368
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
19845
20369
"page."
19846
20370
msgstr ""
19847
20371
19848
#: serverguide/C/mail.xml:729(title)
20372
#: serverguide/C/mail.xml:671(title)
19849
20373
msgid "Dovecot Server"
19850
20374
msgstr ""
19851
20375
19852
#: serverguide/C/mail.xml:730(para)
20376
#: serverguide/C/mail.xml:672(para)
19853
20377
msgid ""
19854
20378
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
19855
20379
"security primarily in mind. It supports the major mailbox formats: mbox or "
19856
20380
"Maildir. This section explain how to set it up as an imap or pop3 server."
19857
20381
msgstr ""
19858
20382
19859
#: serverguide/C/mail.xml:738(para)
20383
#: serverguide/C/mail.xml:680(para)
19860
20384
msgid ""
19861
20385
"To install <application>dovecot</application>, run the following command in "
19862
20386
"the command prompt:"
19863
20387
msgstr ""
19864
20388
19865
#: serverguide/C/mail.xml:743(command)
20389
#: serverguide/C/mail.xml:685(command)
19866
20390
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
19867
20391
msgstr ""
19868
20392
19869
#: serverguide/C/mail.xml:748(para)
20393
#: serverguide/C/mail.xml:690(para)
19870
20394
msgid ""
19871
20395
"To configure <application>dovecot</application>, you can edit the file "
19872
20396
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
19878
20402
"link>."
19879
20403
msgstr ""
19880
20404
19881
#: serverguide/C/mail.xml:758(para)
20405
#: serverguide/C/mail.xml:700(para)
19882
20406
msgid ""
19883
20407
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
19884
20408
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
19885
20409
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
19886
20410
msgstr ""
19887
20411
19888
#: serverguide/C/mail.xml:764(programlisting)
20412
#: serverguide/C/mail.xml:706(programlisting)
19889
20413
#, no-wrap
19890
20414
msgid ""
19891
20415
"\n"
19910
20434
"following line:"
19911
20435
msgstr ""
19912
20436
19913
#: serverguide/C/mail.xml:780(programlisting)
20437
#: serverguide/C/mail.xml:722(programlisting)
19914
20438
#, no-wrap
19915
20439
msgid ""
19916
20440
"\n"
19919
20443
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
19920
20444
msgstr ""
19921
20445
19922
#: serverguide/C/mail.xml:786(para)
20446
#: serverguide/C/mail.xml:728(para)
19923
20447
msgid ""
19924
20448
"You should configure your Mail Transport Agent (MTA) to transfer the "
19925
20449
"incoming mail to this type of mailbox if it is different from the one you "
19926
20450
"have configured."
19927
20451
msgstr ""
19928
20452
19929
#: serverguide/C/mail.xml:792(para)
20453
#: serverguide/C/mail.xml:734(para)
19930
20454
msgid ""
19931
20455
"Once you have configured dovecot, restart the "
19932
20456
"<application>dovecot</application> daemon in order to test your setup:"
19933
20457
msgstr ""
19934
20458
19935
#: serverguide/C/mail.xml:801(para)
20459
#: serverguide/C/mail.xml:743(para)
19936
20460
msgid ""
19937
20461
"If you have enabled imap, or pop3, you can also try to log in with the "
19938
20462
"commands <command>telnet localhost pop3</command> or <command>telnet "
19940
20464
"installation has been successful:"
19941
20465
msgstr ""
19942
20466
19943
#: serverguide/C/mail.xml:808(programlisting)
20467
#: serverguide/C/mail.xml:750(programlisting)
19944
20468
#, no-wrap
19945
20469
msgid ""
19946
20470
"\n"
19951
20475
"+OK Dovecot ready.\n"
19952
20476
msgstr ""
19953
20477
19954
#: serverguide/C/mail.xml:817(title)
20478
#: serverguide/C/mail.xml:759(title)
19955
20479
msgid "Dovecot SSL Configuration"
19956
20480
msgstr ""
19957
20481
19974
20498
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
19975
20499
msgstr ""
19976
20500
19977
#: serverguide/C/mail.xml:845(title)
20501
#: serverguide/C/mail.xml:786(title)
19978
20502
msgid "Firewall Configuration for an Email Server"
19979
20503
msgstr ""
19980
20504
19981
#: serverguide/C/mail.xml:851(para)
20505
#: serverguide/C/mail.xml:792(para)
19982
20506
msgid "IMAP - 143"
19983
20507
msgstr ""
19984
20508
19985
#: serverguide/C/mail.xml:852(para)
20509
#: serverguide/C/mail.xml:793(para)
19986
20510
msgid "IMAPS - 993"
19987
20511
msgstr ""
19988
20512
19989
#: serverguide/C/mail.xml:853(para)
20513
#: serverguide/C/mail.xml:794(para)
19990
20514
msgid "POP3 - 110"
19991
20515
msgstr ""
19992
20516
19993
#: serverguide/C/mail.xml:854(para)
20517
#: serverguide/C/mail.xml:795(para)
19994
20518
msgid "POP3S - 995"
19995
20519
msgstr ""
19996
20520
19997
#: serverguide/C/mail.xml:846(para)
20521
#: serverguide/C/mail.xml:787(para)
19998
20522
msgid ""
19999
20523
"To access your mail server from another computer, you must configure your "
20000
20524
"firewall to allow connections to the server on the necessary ports. "
20001
20525
"<placeholder-1/>"
20002
20526
msgstr ""
20003
20527
20004
#: serverguide/C/mail.xml:863(para)
20528
#: serverguide/C/mail.xml:804(para)
20005
20529
msgid ""
20006
20530
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20007
20531
"more information."
20008
20532
msgstr ""
20009
20533
20010
#: serverguide/C/mail.xml:868(para)
20534
#: serverguide/C/mail.xml:809(para)
20011
20535
msgid ""
20012
20536
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20013
20537
"Ubuntu Wiki</ulink> page has more details."
20014
20538
msgstr ""
20015
20539
20016
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20540
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20017
20541
msgid "Mailman"
20018
20542
msgstr ""
20019
20543
20020
#: serverguide/C/mail.xml:878(para)
20544
#: serverguide/C/mail.xml:819(para)
20021
20545
msgid ""
20022
20546
"Mailman is an open source program for managing electronic mail discussions "
20023
20547
"and e-newsletter lists. Many open source mailing lists (including all the "
20026
20550
"and maintain."
20027
20551
msgstr ""
20028
20552
20029
#: serverguide/C/mail.xml:888(para)
20553
#: serverguide/C/mail.xml:829(para)
20030
20554
msgid ""
20031
20555
"Mailman provides a web interface for the administrators and users, using an "
20032
20556
"external mail server to send and receive emails. It works perfectly with the "
20033
20557
"following mail servers:"
20034
20558
msgstr ""
20035
20559
20036
#: serverguide/C/mail.xml:899(application)
20560
#: serverguide/C/mail.xml:840(application)
20037
20561
msgid "Exim"
20038
20562
msgstr ""
20039
20563
20040
#: serverguide/C/mail.xml:902(application)
20564
#: serverguide/C/mail.xml:843(application)
20041
20565
msgid "Sendmail"
20042
20566
msgstr ""
20043
20567
20044
#: serverguide/C/mail.xml:905(application)
20568
#: serverguide/C/mail.xml:846(application)
20045
20569
msgid "Qmail"
20046
20570
msgstr ""
20047
20571
20048
#: serverguide/C/mail.xml:910(para)
20572
#: serverguide/C/mail.xml:851(para)
20049
20573
msgid ""
20050
20574
"We will see how to install and configure Mailman with, the Apache web "
20051
20575
"server, and either the Postfix or Exim mail server. If you wish to install "
20052
20576
"Mailman with a different mail server, please refer to the references section."
20053
20577
msgstr ""
20054
20578
20055
#: serverguide/C/mail.xml:917(para)
20579
#: serverguide/C/mail.xml:858(para)
20056
20580
msgid ""
20057
20581
"You only need to install one mail server and "
20058
20582
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20059
20583
msgstr ""
20060
20584
20061
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20585
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20062
20586
msgid "Apache2"
20063
20587
msgstr ""
20064
20588
20065
#: serverguide/C/mail.xml:923(para)
20589
#: serverguide/C/mail.xml:864(para)
20066
20590
msgid ""
20067
20591
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20068
20592
"details."
20069
20593
msgstr ""
20070
20594
20071
#: serverguide/C/mail.xml:929(para)
20595
#: serverguide/C/mail.xml:870(para)
20072
20596
msgid ""
20073
20597
"For instructions on installing and configuring Postfix refer to <xref "
20074
20598
"linkend=\"postfix\"/>"
20075
20599
msgstr ""
20076
20600
20077
#: serverguide/C/mail.xml:935(para)
20601
#: serverguide/C/mail.xml:876(para)
20078
20602
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20079
20603
msgstr ""
20080
20604
20081
#: serverguide/C/mail.xml:938(para)
20605
#: serverguide/C/mail.xml:879(para)
20082
20606
msgid ""
20083
20607
"Once exim4 is installed, the configuration files are stored in the "
20084
20608
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20087
20611
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20088
20612
msgstr ""
20089
20613
20090
#: serverguide/C/mail.xml:945(programlisting)
20614
#: serverguide/C/mail.xml:886(programlisting)
20091
20615
#, no-wrap
20092
20616
msgid ""
20093
20617
"\n"
20094
20618
"dc_use_split_config='true'\n"
20095
20619
msgstr ""
20096
20620
20097
#: serverguide/C/mail.xml:953(para)
20621
#: serverguide/C/mail.xml:894(para)
20098
20622
msgid ""
20099
20623
"To install <application>Mailman</application>, run following command at a "
20100
20624
"terminal prompt:"
20101
20625
msgstr ""
20102
20626
20103
#: serverguide/C/mail.xml:957(command)
20627
#: serverguide/C/mail.xml:898(command)
20104
20628
msgid "sudo apt-get install mailman"
20105
20629
msgstr ""
20106
20630
20107
#: serverguide/C/mail.xml:959(para)
20631
#: serverguide/C/mail.xml:900(para)
20108
20632
msgid ""
20109
20633
"It copies the installation files in "
20110
20634
"<application>/var/lib/mailman</application> directory. It installs the CGI "
20114
20638
"this user."
20115
20639
msgstr ""
20116
20640
20117
#: serverguide/C/mail.xml:971(para)
20641
#: serverguide/C/mail.xml:912(para)
20118
20642
msgid ""
20119
20643
"This section assumes you have successfully installed "
20120
20644
"<application>mailman</application>, <application>apache2</application>, and "
20122
20646
"you just need to configure them."
20123
20647
msgstr ""
20124
20648
20125
#: serverguide/C/mail.xml:980(para)
20649
#: serverguide/C/mail.xml:921(para)
20126
20650
msgid ""
20127
20651
"An example Apache configuration file comes with "
20128
20652
"<application>Mailman</application> and is placed in "
20131
20655
"available</filename>:"
20132
20656
msgstr ""
20133
20657
20134
#: serverguide/C/mail.xml:986(command)
20658
#: serverguide/C/mail.xml:927(command)
20135
20659
msgid ""
20136
20660
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20137
20661
msgstr ""
20138
20662
20139
#: serverguide/C/mail.xml:988(para)
20663
#: serverguide/C/mail.xml:929(para)
20140
20664
msgid ""
20141
20665
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
20142
20666
"Mailman administration site. Now enable the new configuration and restart "
20143
20667
"Apache:"
20144
20668
msgstr ""
20145
20669
20146
#: serverguide/C/mail.xml:993(command)
20670
#: serverguide/C/mail.xml:934(command)
20147
20671
msgid "sudo a2ensite mailman.conf"
20148
20672
msgstr ""
20149
20673
20150
#: serverguide/C/mail.xml:996(para)
20674
#: serverguide/C/mail.xml:937(para)
20151
20675
msgid ""
20152
20676
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
20153
20677
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
20156
20680
"available/mailman.conf</filename> file if you wish to change this behavior."
20157
20681
msgstr ""
20158
20682
20159
#: serverguide/C/mail.xml:1007(para)
20683
#: serverguide/C/mail.xml:948(para)
20160
20684
msgid ""
20161
20685
"For <application>Postfix</application> integration, we will associate the "
20162
20686
"domain lists.example.com with the mailing lists. Please replace "
20163
20687
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20164
20688
msgstr ""
20165
20689
20166
#: serverguide/C/mail.xml:1011(para)
20690
#: serverguide/C/mail.xml:952(para)
20167
20691
msgid ""
20168
20692
"You can use the postconf command to add the necessary configuration to "
20169
20693
"<filename>/etc/postfix/main.cf</filename>:"
20170
20694
msgstr ""
20171
20695
20172
#: serverguide/C/mail.xml:1015(command)
20696
#: serverguide/C/mail.xml:956(command)
20173
20697
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20174
20698
msgstr ""
20175
20699
20176
#: serverguide/C/mail.xml:1016(command)
20700
#: serverguide/C/mail.xml:957(command)
20177
20701
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20178
20702
msgstr ""
20179
20703
20180
#: serverguide/C/mail.xml:1017(command)
20704
#: serverguide/C/mail.xml:958(command)
20181
20705
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20182
20706
msgstr ""
20183
20707
20184
#: serverguide/C/mail.xml:1019(para)
20708
#: serverguide/C/mail.xml:960(para)
20185
20709
msgid ""
20186
20710
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20187
20711
"the following transport:"
20188
20712
msgstr ""
20189
20713
20190
#: serverguide/C/mail.xml:1022(programlisting)
20714
#: serverguide/C/mail.xml:963(programlisting)
20191
20715
#, no-wrap
20192
20716
msgid ""
20193
20717
"\n"
20196
20720
" ${nexthop} ${user}\n"
20197
20721
msgstr ""
20198
20722
20199
#: serverguide/C/mail.xml:1027(para)
20723
#: serverguide/C/mail.xml:968(para)
20200
20724
msgid ""
20201
20725
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20202
20726
"is delivered to a list."
20203
20727
msgstr ""
20204
20728
20205
#: serverguide/C/mail.xml:1030(para)
20729
#: serverguide/C/mail.xml:971(para)
20206
20730
msgid ""
20207
20731
"Associate the domain lists.example.com to the Mailman transport with the "
20208
20732
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20209
20733
msgstr ""
20210
20734
20211
#: serverguide/C/mail.xml:1033(programlisting)
20735
#: serverguide/C/mail.xml:974(programlisting)
20212
20736
#, no-wrap
20213
20737
msgid ""
20214
20738
"\n"
20215
20739
"lists.example.com mailman:\n"
20216
20740
msgstr ""
20217
20741
20218
#: serverguide/C/mail.xml:1036(para)
20742
#: serverguide/C/mail.xml:977(para)
20219
20743
msgid ""
20220
20744
"Now have <application>Postfix</application> build the transport map by "
20221
20745
"entering the following from a terminal prompt:"
20222
20746
msgstr ""
20223
20747
20224
#: serverguide/C/mail.xml:1040(command)
20748
#: serverguide/C/mail.xml:981(command)
20225
20749
msgid "sudo postmap -v /etc/postfix/transport"
20226
20750
msgstr ""
20227
20751
20228
#: serverguide/C/mail.xml:1042(para)
20752
#: serverguide/C/mail.xml:983(para)
20229
20753
msgid "Then restart Postfix to enable the new configurations:"
20230
20754
msgstr ""
20231
20755
20232
#: serverguide/C/mail.xml:1051(para)
20756
#: serverguide/C/mail.xml:992(para)
20233
20757
msgid ""
20234
20758
"Once Exim4 is installed, you can start the Exim server using the following "
20235
20759
"command from a terminal prompt:"
20236
20760
msgstr ""
20237
20761
20238
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
20762
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
20239
20763
msgid "Main"
20240
20764
msgstr ""
20241
20765
20242
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
20766
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
20243
20767
msgid "Transport"
20244
20768
msgstr ""
20245
20769
20246
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
20770
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
20247
20771
msgid "Router"
20248
20772
msgstr ""
20249
20773
20250
#: serverguide/C/mail.xml:1058(para)
20774
#: serverguide/C/mail.xml:999(para)
20251
20775
msgid ""
20252
20776
"In order to make mailman work with Exim4, you need to configure Exim4. As "
20253
20777
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
20259
20783
"is very important."
20260
20784
msgstr ""
20261
20785
20262
#: serverguide/C/mail.xml:1089(programlisting)
20786
#: serverguide/C/mail.xml:1030(programlisting)
20263
20787
#, no-wrap
20264
20788
msgid ""
20265
20789
"\n"
20293
20817
"# end\n"
20294
20818
msgstr ""
20295
20819
20296
#: serverguide/C/mail.xml:1083(para)
20820
#: serverguide/C/mail.xml:1024(para)
20297
20821
msgid ""
20298
20822
"All the configuration files belonging to the main type are stored in the "
20299
20823
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
20301
20825
"config_mailman</filename>: <placeholder-1/>"
20302
20826
msgstr ""
20303
20827
20304
#: serverguide/C/mail.xml:1129(programlisting)
20828
#: serverguide/C/mail.xml:1070(programlisting)
20305
20829
#, no-wrap
20306
20830
msgid ""
20307
20831
"\n"
20319
20843
" group = MM_GID\n"
20320
20844
msgstr ""
20321
20845
20322
#: serverguide/C/mail.xml:1123(para)
20846
#: serverguide/C/mail.xml:1064(para)
20323
20847
msgid ""
20324
20848
"All the configuration files belonging to transport type are stored in the "
20325
20849
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
20327
20851
"config_mailman</filename>: <placeholder-1/>"
20328
20852
msgstr ""
20329
20853
20330
#: serverguide/C/mail.xml:1150(programlisting)
20854
#: serverguide/C/mail.xml:1091(programlisting)
20331
20855
#, no-wrap
20332
20856
msgid ""
20333
20857
"\n"
20341
20865
" transport = mailman_transport\n"
20342
20866
msgstr ""
20343
20867
20344
#: serverguide/C/mail.xml:1146(para)
20868
#: serverguide/C/mail.xml:1087(para)
20345
20869
msgid ""
20346
20870
"All the configuration files belonging to router type are stored in the "
20347
20871
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
20349
20873
"config_mailman</filename>: <placeholder-1/>"
20350
20874
msgstr ""
20351
20875
20352
#: serverguide/C/mail.xml:1163(para)
20876
#: serverguide/C/mail.xml:1104(para)
20353
20877
msgid ""
20354
20878
"The order of main and transport configuration files can be in any order. "
20355
20879
"But, the order of router configuration files must be the same. This "
20359
20883
"details, please refer to the references section."
20360
20884
msgstr ""
20361
20885
20362
#: serverguide/C/mail.xml:1176(para)
20886
#: serverguide/C/mail.xml:1117(para)
20363
20887
msgid ""
20364
20888
"Once mailman is installed, you can run it using the following command:"
20365
20889
msgstr ""
20368
20892
msgid "sudo service mailman start"
20369
20893
msgstr ""
20370
20894
20371
#: serverguide/C/mail.xml:1182(para)
20895
#: serverguide/C/mail.xml:1123(para)
20372
20896
msgid ""
20373
20897
"Once mailman is installed, you should create the default mailing list. Run "
20374
20898
"the following command to create the mailing list:"
20375
20899
msgstr ""
20376
20900
20377
#: serverguide/C/mail.xml:1188(command)
20901
#: serverguide/C/mail.xml:1129(command)
20378
20902
msgid "sudo /usr/sbin/newlist mailman"
20379
20903
msgstr ""
20380
20904
20381
#: serverguide/C/mail.xml:1191(programlisting)
20905
#: serverguide/C/mail.xml:1132(programlisting)
20382
20906
#, no-wrap
20383
20907
msgid ""
20384
20908
"\n"
20409
20933
" # \n"
20410
20934
msgstr ""
20411
20935
20412
#: serverguide/C/mail.xml:1214(para)
20936
#: serverguide/C/mail.xml:1155(para)
20413
20937
msgid ""
20414
20938
"We have configured either Postfix or Exim4 to recognize all emails from "
20415
20939
"mailman. So, it is not mandatory to make any new entries in "
20418
20942
"continuing to next section."
20419
20943
msgstr ""
20420
20944
20421
#: serverguide/C/mail.xml:1222(para)
20945
#: serverguide/C/mail.xml:1163(para)
20422
20946
msgid ""
20423
20947
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
20424
20948
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
20426
20950
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
20427
20951
msgstr ""
20428
20952
20429
#: serverguide/C/mail.xml:1233(title)
20953
#: serverguide/C/mail.xml:1174(title)
20430
20954
msgid "Administration"
20431
20955
msgstr ""
20432
20956
20433
#: serverguide/C/mail.xml:1234(para)
20957
#: serverguide/C/mail.xml:1175(para)
20434
20958
msgid ""
20435
20959
"We assume you have a default installation. The mailman cgi scripts are still "
20436
20960
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
20438
20962
"point your browser to the following url:"
20439
20963
msgstr ""
20440
20964
20441
#: serverguide/C/mail.xml:1242(para)
20965
#: serverguide/C/mail.xml:1183(para)
20442
20966
msgid "http://hostname/cgi-bin/mailman/admin"
20443
20967
msgstr ""
20444
20968
20445
#: serverguide/C/mail.xml:1246(para)
20969
#: serverguide/C/mail.xml:1187(para)
20446
20970
msgid ""
20447
20971
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20448
20972
"screen. If you click the mailing list name, it will ask for your "
20453
20977
"mailing list using the web interface."
20454
20978
msgstr ""
20455
20979
20456
#: serverguide/C/mail.xml:1259(title)
20980
#: serverguide/C/mail.xml:1200(title)
20457
20981
msgid "Users"
20458
20982
msgstr ""
20459
20983
20460
#: serverguide/C/mail.xml:1260(para)
20984
#: serverguide/C/mail.xml:1201(para)
20461
20985
msgid ""
20462
20986
"Mailman provides a web based interface for users. To access this page, point "
20463
20987
"your browser to the following url:"
20464
20988
msgstr ""
20465
20989
20466
#: serverguide/C/mail.xml:1265(para)
20990
#: serverguide/C/mail.xml:1206(para)
20467
20991
msgid "http://hostname/cgi-bin/mailman/listinfo"
20468
20992
msgstr ""
20469
20993
20470
#: serverguide/C/mail.xml:1269(para)
20994
#: serverguide/C/mail.xml:1210(para)
20471
20995
msgid ""
20472
20996
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20473
20997
"screen. If you click the mailing list name, it will display the subscription "
20476
21000
"instructions in the email to subscribe."
20477
21001
msgstr ""
20478
21002
20479
#: serverguide/C/mail.xml:1281(ulink)
21003
#: serverguide/C/mail.xml:1222(ulink)
20480
21004
msgid "GNU Mailman - Installation Manual"
20481
21005
msgstr ""
20482
21006
20483
#: serverguide/C/mail.xml:1285(ulink)
21007
#: serverguide/C/mail.xml:1226(ulink)
20484
21008
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
20485
21009
msgstr ""
20486
21010
20487
#: serverguide/C/mail.xml:1288(para)
21011
#: serverguide/C/mail.xml:1229(para)
20488
21012
msgid ""
20489
21013
"Also, see the <ulink "
20490
21014
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
20491
21015
"Wiki</ulink> page."
20492
21016
msgstr ""
20493
21017
20494
#: serverguide/C/mail.xml:1294(title)
21018
#: serverguide/C/mail.xml:1235(title)
20495
21019
msgid "Mail Filtering"
20496
21020
msgstr ""
20497
21021
20498
#: serverguide/C/mail.xml:1295(para)
21022
#: serverguide/C/mail.xml:1236(para)
20499
21023
msgid ""
20500
21024
"One of the largest issues with email today is the problem of Unsolicited "
20501
21025
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
20503
21027
"the bulk of all email traffic on the Internet."
20504
21028
msgstr ""
20505
21029
20506
#: serverguide/C/mail.xml:1300(para)
21030
#: serverguide/C/mail.xml:1241(para)
20507
21031
msgid ""
20508
21032
"This section will cover integrating <application>Amavisd-new</application>, "
20509
21033
"<application>Spamassassin</application>, and "
20517
21041
"spf</application>."
20518
21042
msgstr ""
20519
21043
20520
#: serverguide/C/mail.xml:1310(para)
21044
#: serverguide/C/mail.xml:1251(para)
20521
21045
msgid ""
20522
21046
"<application>Amavisd-new</application> is a wrapper program that can call "
20523
21047
"any number of content filtering programs for spam detection, antivirus, etc."
20524
21048
msgstr ""
20525
21049
20526
#: serverguide/C/mail.xml:1316(para)
21050
#: serverguide/C/mail.xml:1257(para)
20527
21051
msgid ""
20528
21052
"<application>Spamassassin</application> uses a variety of mechanisms to "
20529
21053
"filter email based on the message content."
20530
21054
msgstr ""
20531
21055
20532
#: serverguide/C/mail.xml:1321(para)
21056
#: serverguide/C/mail.xml:1262(para)
20533
21057
msgid ""
20534
21058
"<application>ClamAV</application> is an open source antivirus application."
20535
21059
msgstr ""
20536
21060
20537
#: serverguide/C/mail.xml:1326(para)
21061
#: serverguide/C/mail.xml:1267(para)
20538
21062
msgid ""
20539
21063
"<application>opendkim</application> implements a Sendmail Mail Filter "
20540
21064
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
20541
21065
msgstr ""
20542
21066
20543
#: serverguide/C/mail.xml:1332(para)
21067
#: serverguide/C/mail.xml:1273(para)
20544
21068
msgid ""
20545
21069
"<application>python-policyd-spf</application> enables Sender Policy "
20546
21070
"Framework (SPF) checking with <application>Postfix</application>."
20547
21071
msgstr ""
20548
21072
20549
#: serverguide/C/mail.xml:1337(para)
21073
#: serverguide/C/mail.xml:1278(para)
20550
21074
msgid "This is how the pieces fit together:"
20551
21075
msgstr ""
20552
21076
20553
#: serverguide/C/mail.xml:1342(para)
21077
#: serverguide/C/mail.xml:1283(para)
20554
21078
msgid "An email message is accepted by <application>Postfix</application>."
20555
21079
msgstr ""
20556
21080
20557
#: serverguide/C/mail.xml:1347(para)
21081
#: serverguide/C/mail.xml:1288(para)
20558
21082
msgid ""
20559
21083
"The message is passed through any external filters "
20560
21084
"<application>opendkim</application> and <application>python-policyd-"
20561
21085
"spf</application> in this case."
20562
21086
msgstr ""
20563
21087
20564
#: serverguide/C/mail.xml:1353(para)
21088
#: serverguide/C/mail.xml:1294(para)
20565
21089
msgid "<application>Amavisd-new</application> then processes the message."
20566
21090
msgstr ""
20567
21091
20568
#: serverguide/C/mail.xml:1358(para)
21092
#: serverguide/C/mail.xml:1299(para)
20569
21093
msgid ""
20570
21094
"<application>ClamAV</application> is used to scan the message. If the "
20571
21095
"message contains a virus <application>Postfix</application> will reject the "
20572
21096
"message."
20573
21097
msgstr ""
20574
21098
20575
#: serverguide/C/mail.xml:1364(para)
21099
#: serverguide/C/mail.xml:1305(para)
20576
21100
msgid ""
20577
21101
"Clean messages will then be analyzed by "
20578
21102
"<application>Spamassassin</application> to find out if the message is spam. "
20581
21105
"message."
20582
21106
msgstr ""
20583
21107
20584
#: serverguide/C/mail.xml:1371(para)
21108
#: serverguide/C/mail.xml:1312(para)
20585
21109
msgid ""
20586
21110
"For example, if a message has a Spam score of over fifty the message could "
20587
21111
"be automatically dropped from the queue without the recipient ever having to "
20590
21114
"see fit."
20591
21115
msgstr ""
20592
21116
20593
#: serverguide/C/mail.xml:1378(para)
21117
#: serverguide/C/mail.xml:1319(para)
20594
21118
msgid ""
20595
21119
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20596
21120
"configuring Postfix."
20597
21121
msgstr ""
20598
21122
20599
#: serverguide/C/mail.xml:1381(para)
21123
#: serverguide/C/mail.xml:1322(para)
20600
21124
msgid ""
20601
21125
"To install the rest of the applications enter the following from a terminal "
20602
21126
"prompt:"
20603
21127
msgstr ""
20604
21128
20605
#: serverguide/C/mail.xml:1385(command)
21129
#: serverguide/C/mail.xml:1326(command)
20606
21130
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20607
21131
msgstr ""
20608
21132
20609
#: serverguide/C/mail.xml:1386(command)
21133
#: serverguide/C/mail.xml:1327(command)
20610
21134
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
20611
21135
msgstr ""
20612
21136
20613
#: serverguide/C/mail.xml:1388(para)
21137
#: serverguide/C/mail.xml:1329(para)
20614
21138
msgid ""
20615
21139
"There are some optional packages that integrate with "
20616
21140
"<application>Spamassassin</application> for better spam detection:"
20617
21141
msgstr ""
20618
21142
20619
#: serverguide/C/mail.xml:1392(command)
21143
#: serverguide/C/mail.xml:1333(command)
20620
21144
msgid "sudo apt-get install pyzor razor"
20621
21145
msgstr ""
20622
21146
20623
#: serverguide/C/mail.xml:1394(para)
21147
#: serverguide/C/mail.xml:1335(para)
20624
21148
msgid ""
20625
21149
"Along with the main filtering applications compression utilities are needed "
20626
21150
"to process some email attachments:"
20627
21151
msgstr ""
20628
21152
20629
#: serverguide/C/mail.xml:1398(command)
21153
#: serverguide/C/mail.xml:1339(command)
20630
21154
msgid ""
20631
21155
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20632
21156
msgstr ""
20633
21157
20634
#: serverguide/C/mail.xml:1401(para)
21158
#: serverguide/C/mail.xml:1342(para)
20635
21159
msgid ""
20636
21160
"If some packages are not found, check that the "
20637
21161
"<emphasis>multiverse</emphasis> repository is enabled in "
20638
21162
"<filename>/etc/apt/sources.list</filename>"
20639
21163
msgstr ""
20640
21164
20641
#: serverguide/C/mail.xml:1402(para)
21165
#: serverguide/C/mail.xml:1343(para)
20642
21166
msgid ""
20643
21167
"If you make changes to the file, be sure to run <command>sudo apt-get "
20644
21168
"update</command> before trying to install again."
20645
21169
msgstr ""
20646
21170
20647
#: serverguide/C/mail.xml:1407(para)
21171
#: serverguide/C/mail.xml:1348(para)
20648
21172
msgid "Now configure everything to work together and filter email."
20649
21173
msgstr ""
20650
21174
20651
#: serverguide/C/mail.xml:1411(title)
21175
#: serverguide/C/mail.xml:1352(title)
20652
21176
msgid "ClamAV"
20653
21177
msgstr ""
20654
21178
20655
#: serverguide/C/mail.xml:1412(para)
21179
#: serverguide/C/mail.xml:1353(para)
20656
21180
msgid ""
20657
21181
"The default behaviour of <application>ClamAV</application> will fit our "
20658
21182
"needs. For more ClamAV configuration options, check the configuration files "
20659
21183
"in <filename>/etc/clamav</filename>."
20660
21184
msgstr ""
20661
21185
20662
#: serverguide/C/mail.xml:1417(para)
21186
#: serverguide/C/mail.xml:1358(para)
20663
21187
msgid ""
20664
21188
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20665
21189
"group in order for <application>Amavisd-new</application> to have the "
20666
21190
"appropriate access to scan files:"
20667
21191
msgstr ""
20668
21192
20669
#: serverguide/C/mail.xml:1422(command)
21193
#: serverguide/C/mail.xml:1363(command)
20670
21194
msgid "sudo adduser clamav amavis"
20671
21195
msgstr ""
20672
21196
20673
#: serverguide/C/mail.xml:1423(command)
21197
#: serverguide/C/mail.xml:1364(command)
20674
21198
msgid "sudo adduser amavis clamav"
20675
21199
msgstr ""
20676
21200
20677
#: serverguide/C/mail.xml:1427(title)
21201
#: serverguide/C/mail.xml:1368(title)
20678
21202
msgid "Spamassassin"
20679
21203
msgstr ""
20680
21204
20681
#: serverguide/C/mail.xml:1428(para)
21205
#: serverguide/C/mail.xml:1369(para)
20682
21206
msgid ""
20683
21207
"Spamassassin automatically detects optional components and will use them if "
20684
21208
"they are present. This means that there is no need to configure "
20685
21209
"<application>pyzor</application> and <application>razor</application>."
20686
21210
msgstr ""
20687
21211
20688
#: serverguide/C/mail.xml:1432(para)
21212
#: serverguide/C/mail.xml:1373(para)
20689
21213
msgid ""
20690
21214
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20691
21215
"<application>Spamassassin</application> daemon. Change "
20692
21216
"<emphasis>ENABLED=0</emphasis> to:"
20693
21217
msgstr ""
20694
21218
20695
#: serverguide/C/mail.xml:1436(programlisting)
21219
#: serverguide/C/mail.xml:1377(programlisting)
20696
21220
#, no-wrap
20697
21221
msgid ""
20698
21222
"\n"
20699
21223
"ENABLED=1\n"
20700
21224
msgstr ""
20701
21225
20702
#: serverguide/C/mail.xml:1439(para)
21226
#: serverguide/C/mail.xml:1380(para)
20703
21227
msgid "Now start the daemon:"
20704
21228
msgstr ""
20705
21229
20707
21231
msgid "sudo service spamassassin start"
20708
21232
msgstr ""
20709
21233
20710
#: serverguide/C/mail.xml:1447(title)
21234
#: serverguide/C/mail.xml:1388(title)
20711
21235
msgid "Amavisd-new"
20712
21236
msgstr ""
20713
21237
20714
#: serverguide/C/mail.xml:1448(para)
21238
#: serverguide/C/mail.xml:1389(para)
20715
21239
msgid ""
20716
21240
"First activate spam and antivirus detection in <application>Amavisd-"
20717
21241
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
20718
21242
"content_filter_mode</filename>:"
20719
21243
msgstr ""
20720
21244
20721
#: serverguide/C/mail.xml:1452(programlisting)
21245
#: serverguide/C/mail.xml:1393(programlisting)
20722
21246
#, no-wrap
20723
21247
msgid ""
20724
21248
"\n"
20749
21273
"1; # insure a defined return\n"
20750
21274
msgstr ""
20751
21275
20752
#: serverguide/C/mail.xml:1477(para)
20753
msgid ""
20754
"Bouncing spam can be a bad idea as the return address is often faked. "
20755
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
20756
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
20757
"D_BOUNCE, as follows:"
20758
msgstr ""
20759
20760
#: serverguide/C/mail.xml:1483(programlisting)
20761
#, no-wrap
20762
msgid ""
20763
"\n"
20764
"$final_spam_destiny = D_DISCARD;\n"
20765
msgstr ""
20766
20767
#: serverguide/C/mail.xml:1487(para)
21276
#: serverguide/C/mail.xml:1419(para)
21277
msgid ""
21278
"Bouncing spam can be a bad idea as the return address is often faked. The "
21279
"default behaviour is to instead discard. This is configured in "
21280
"<filename>/etc/amavis/conf.d/21-debian_defaults</filename> where "
21281
"<emphasis>$final_spam_destiny</emphasis> is set to D_DISCARD rather than "
21282
"D_BOUNCE."
21283
msgstr ""
21284
21285
#: serverguide/C/mail.xml:1425(para)
20768
21286
msgid ""
20769
21287
"Additionally, you may want to adjust the following options to flag more "
20770
21288
"messages as spam:"
20771
21289
msgstr ""
20772
21290
20773
#: serverguide/C/mail.xml:1491(programlisting)
21291
#: serverguide/C/mail.xml:1429(programlisting)
20774
21292
#, no-wrap
20775
21293
msgid ""
20776
21294
"\n"
20781
21299
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
20782
21300
msgstr ""
20783
21301
20784
#: serverguide/C/mail.xml:1498(para)
21302
#: serverguide/C/mail.xml:1436(para)
20785
21303
msgid ""
20786
21304
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
20787
21305
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
20790
21308
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
20791
21309
msgstr ""
20792
21310
20793
#: serverguide/C/mail.xml:1505(programlisting)
21311
#: serverguide/C/mail.xml:1443(programlisting)
20794
21312
#, no-wrap
20795
21313
msgid ""
20796
21314
"\n"
20798
21316
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
20799
21317
msgstr ""
20800
21318
20801
#: serverguide/C/mail.xml:1510(para)
21319
#: serverguide/C/mail.xml:1448(para)
20802
21320
msgid ""
20803
21321
"If you want to cover multiple domains you can use the following in "
20804
21322
"the<filename>/etc/amavis/conf.d/50-user</filename>"
20805
21323
msgstr ""
20806
21324
20807
#: serverguide/C/mail.xml:1513(programlisting)
21325
#: serverguide/C/mail.xml:1451(programlisting)
20808
21326
#, no-wrap
20809
21327
msgid ""
20810
21328
"\n"
20811
21329
"@local_domains_acl = qw(.);\n"
20812
21330
msgstr ""
20813
21331
20814
#: serverguide/C/mail.xml:1517(para)
21332
#: serverguide/C/mail.xml:1455(para)
20815
21333
msgid ""
20816
21334
"After configuration <application>Amavisd-new</application> needs to be "
20817
21335
"restarted:"
20818
21336
msgstr ""
20819
21337
20820
#: serverguide/C/mail.xml:1521(command) serverguide/C/mail.xml:1568(command)
21338
#: serverguide/C/mail.xml:1517(command) serverguide/C/mail.xml:1564(command)
20821
21339
msgid "sudo service amavis restart"
20822
21340
msgstr ""
20823
21341
20824
#: serverguide/C/mail.xml:1524(title)
21342
#: serverguide/C/mail.xml:1462(title)
20825
21343
msgid "DKIM Whitelist"
20826
21344
msgstr ""
20827
21345
20828
#: serverguide/C/mail.xml:1526(para)
21346
#: serverguide/C/mail.xml:1464(para)
20829
21347
msgid ""
20830
21348
"<application>Amavisd-new</application> can be configured to automatically "
20831
21349
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
20833
21351
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
20834
21352
msgstr ""
20835
21353
20836
#: serverguide/C/mail.xml:1532(para)
21354
#: serverguide/C/mail.xml:1470(para)
20837
21355
msgid "There are multiple ways to configure the Whitelist for a domain:"
20838
21356
msgstr ""
20839
21357
20840
#: serverguide/C/mail.xml:1538(para)
21358
#: serverguide/C/mail.xml:1476(para)
20841
21359
msgid ""
20842
21360
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20843
21361
"address from the \"example.com\" domain."
20844
21362
msgstr ""
20845
21363
20846
#: serverguide/C/mail.xml:1543(para)
21364
#: serverguide/C/mail.xml:1481(para)
20847
21365
msgid ""
20848
21366
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20849
21367
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
20850
21368
"have a valid signature."
20851
21369
msgstr ""
20852
21370
20853
#: serverguide/C/mail.xml:1549(para)
21371
#: serverguide/C/mail.xml:1487(para)
20854
21372
msgid ""
20855
21373
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
20856
21374
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
20857
21375
"role=\"italic\">example.com</emphasis> the parent domain."
20858
21376
msgstr ""
20859
21377
20860
#: serverguide/C/mail.xml:1555(para)
21378
#: serverguide/C/mail.xml:1493(para)
20861
21379
msgid ""
20862
21380
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
20863
21381
"that have a valid signature from \"example.com\". This is usually used for "
20864
21382
"discussion groups that sign their messages."
20865
21383
msgstr ""
20866
21384
20867
#: serverguide/C/mail.xml:1562(para)
21385
#: serverguide/C/mail.xml:1500(para)
20868
21386
msgid ""
20869
21387
"A domain can also have multiple Whitelist configurations. After editing the "
20870
21388
"file, restart <application>amavisd-new</application>:"
20871
21389
msgstr ""
20872
21390
20873
#: serverguide/C/mail.xml:1572(para)
21391
#: serverguide/C/mail.xml:1510(para)
20874
21392
msgid ""
20875
21393
"In this context, once a domain has been added to the Whitelist the message "
20876
21394
"will not receive any anti-virus or spam filtering. This may or may not be "
20877
21395
"the intended behavior you wish for a domain."
20878
21396
msgstr ""
20879
21397
20880
#: serverguide/C/mail.xml:1582(para)
21398
#: serverguide/C/mail.xml:1520(para)
20881
21399
msgid ""
20882
21400
"For <application>Postfix</application> integration, enter the following from "
20883
21401
"a terminal prompt:"
20884
21402
msgstr ""
20885
21403
20886
#: serverguide/C/mail.xml:1586(command)
21404
#: serverguide/C/mail.xml:1524(command)
20887
21405
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20888
21406
msgstr ""
20889
21407
20890
#: serverguide/C/mail.xml:1588(para)
21408
#: serverguide/C/mail.xml:1526(para)
20891
21409
msgid ""
20892
21410
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
20893
21411
"to the end of the file:"
20894
21412
msgstr ""
20895
21413
20896
#: serverguide/C/mail.xml:1591(programlisting)
21414
#: serverguide/C/mail.xml:1587(programlisting)
20897
21415
#, no-wrap
20898
21416
msgid ""
20899
21417
"\n"
20926
21444
"_milters\n"
20927
21445
msgstr ""
20928
21446
20929
#: serverguide/C/mail.xml:1618(para)
21447
#: serverguide/C/mail.xml:1556(para)
20930
21448
msgid ""
20931
21449
"Also add the following two lines immediately below the "
20932
21450
"<emphasis>\"pickup\"</emphasis> transport service:"
20933
21451
msgstr ""
20934
21452
20935
#: serverguide/C/mail.xml:1621(programlisting)
21453
#: serverguide/C/mail.xml:1559(programlisting)
20936
21454
#, no-wrap
20937
21455
msgid ""
20938
21456
"\n"
20940
21458
" -o receive_override_options=no_header_body_checks\n"
20941
21459
msgstr ""
20942
21460
20943
#: serverguide/C/mail.xml:1625(para)
21461
#: serverguide/C/mail.xml:1563(para)
20944
21462
msgid ""
20945
21463
"This will prevent messages that are generated to report on spam from being "
20946
21464
"classified as spam."
20947
21465
msgstr ""
20948
21466
20949
#: serverguide/C/mail.xml:1628(para)
21467
#: serverguide/C/mail.xml:1566(para)
20950
21468
msgid "Now restart <application>Postfix</application>:"
20951
21469
msgstr ""
20952
21470
20953
#: serverguide/C/mail.xml:1634(para)
21471
#: serverguide/C/mail.xml:1572(para)
20954
21472
msgid "Content filtering with spam and virus detection is now enabled."
20955
21473
msgstr ""
20956
21474
20957
#: serverguide/C/mail.xml:1640(title)
21475
#: serverguide/C/mail.xml:1578(title)
20958
21476
msgid "Amavisd-new and Spamassassin"
20959
21477
msgstr ""
20960
21478
20961
#: serverguide/C/mail.xml:1642(para)
21479
#: serverguide/C/mail.xml:1580(para)
20962
21480
msgid ""
20963
21481
"When integrating <application>Amavisd-new</application> with "
20964
21482
"<application>Spamassassin</application>, if you choose to disable the bayes "
20969
21487
"<application>cron</application> job."
20970
21488
msgstr ""
20971
21489
20972
#: serverguide/C/mail.xml:1649(para)
21490
#: serverguide/C/mail.xml:1587(para)
20973
21491
msgid "There are several ways to handle this situation:"
20974
21492
msgstr ""
20975
21493
20976
#: serverguide/C/mail.xml:1655(para)
21494
#: serverguide/C/mail.xml:1593(para)
20977
21495
msgid "Configure your MDA to filter messages you do not wish to see."
20978
21496
msgstr ""
20979
21497
20980
#: serverguide/C/mail.xml:1660(para)
21498
#: serverguide/C/mail.xml:1598(para)
20981
21499
msgid ""
20982
21500
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
20983
21501
"<emphasis>use_bayes 0</emphasis>. For example, edit "
20985
21503
"the top before the <emphasis>test</emphasis> statements:"
20986
21504
msgstr ""
20987
21505
20988
#: serverguide/C/mail.xml:1664(programlisting)
21506
#: serverguide/C/mail.xml:1602(programlisting)
20989
21507
#, no-wrap
20990
21508
msgid ""
20991
21509
"\n"
20993
21511
"exit 0\n"
20994
21512
msgstr ""
20995
21513
20996
#: serverguide/C/mail.xml:1674(para)
21514
#: serverguide/C/mail.xml:1612(para)
20997
21515
msgid ""
20998
21516
"First, test that the <application>Amavisd-new</application> SMTP is "
20999
21517
"listening:"
21000
21518
msgstr ""
21001
21519
21002
#: serverguide/C/mail.xml:1677(programlisting)
21520
#: serverguide/C/mail.xml:1615(programlisting)
21003
21521
#, no-wrap
21004
21522
msgid ""
21005
21523
"\n"
21011
21529
"^]\n"
21012
21530
msgstr ""
21013
21531
21014
#: serverguide/C/mail.xml:1685(para)
21532
#: serverguide/C/mail.xml:1623(para)
21015
21533
msgid ""
21016
21534
"In the Header of messages that go through the content filter you should see:"
21017
21535
msgstr ""
21018
21536
21019
#: serverguide/C/mail.xml:1688(programlisting)
21537
#: serverguide/C/mail.xml:1626(programlisting)
21020
21538
#, no-wrap
21021
21539
msgid ""
21022
21540
"\n"
21027
21545
"X-Spam-Level: \n"
21028
21546
msgstr ""
21029
21547
21030
#: serverguide/C/mail.xml:1695(para)
21548
#: serverguide/C/mail.xml:1633(para)
21031
21549
msgid ""
21032
21550
"Your output will vary, but the important thing is that there are <emphasis>X-"
21033
21551
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21034
21552
msgstr ""
21035
21553
21036
#: serverguide/C/mail.xml:1703(para)
21554
#: serverguide/C/mail.xml:1641(para)
21037
21555
msgid ""
21038
21556
"The best way to figure out why something is going wrong is to check the log "
21039
21557
"files."
21040
21558
msgstr ""
21041
21559
21042
#: serverguide/C/mail.xml:1708(para)
21560
#: serverguide/C/mail.xml:1646(para)
21043
21561
msgid ""
21044
21562
"For instructions on <application>Postfix</application> logging see the <xref "
21045
21563
"linkend=\"postfix-troubleshooting\"/> section."
21046
21564
msgstr ""
21047
21565
21048
#: serverguide/C/mail.xml:1714(para)
21566
#: serverguide/C/mail.xml:1652(para)
21049
21567
msgid ""
21050
21568
"<application>Amavisd-new</application> uses "
21051
21569
"<application>Syslog</application> to send messages to "
21055
21573
"1 to 5."
21056
21574
msgstr ""
21057
21575
21058
#: serverguide/C/mail.xml:1719(programlisting)
21576
#: serverguide/C/mail.xml:1657(programlisting)
21059
21577
#, no-wrap
21060
21578
msgid ""
21061
21579
"\n"
21062
21580
"$log_level = 2;\n"
21063
21581
msgstr ""
21064
21582
21065
#: serverguide/C/mail.xml:1723(para)
21583
#: serverguide/C/mail.xml:1661(para)
21066
21584
msgid ""
21067
21585
"When the <application>Amavisd-new</application> log output is increased "
21068
21586
"<application>Spamassassin</application> log output is also increased."
21069
21587
msgstr ""
21070
21588
21071
#: serverguide/C/mail.xml:1730(para)
21589
#: serverguide/C/mail.xml:1668(para)
21072
21590
msgid ""
21073
21591
"The <application>ClamAV</application> log level can be increased by editing "
21074
21592
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
21075
21593
msgstr ""
21076
21594
21077
#: serverguide/C/mail.xml:1734(programlisting)
21595
#: serverguide/C/mail.xml:1672(programlisting)
21078
21596
#, no-wrap
21079
21597
msgid ""
21080
21598
"\n"
21081
21599
"LogVerbose true\n"
21082
21600
msgstr ""
21083
21601
21084
#: serverguide/C/mail.xml:1737(para)
21602
#: serverguide/C/mail.xml:1675(para)
21085
21603
msgid ""
21086
21604
"By default <application>ClamAV</application> will send log messages to "
21087
21605
"<filename>/var/log/clamav/clamav.log</filename>."
21088
21606
msgstr ""
21089
21607
21090
#: serverguide/C/mail.xml:1743(para)
21608
#: serverguide/C/mail.xml:1681(para)
21091
21609
msgid ""
21092
21610
"After changing an applications log settings remember to restart the service "
21093
21611
"for the new settings to take affect. Also, once the issue you are "
21095
21613
"back to normal."
21096
21614
msgstr ""
21097
21615
21098
#: serverguide/C/mail.xml:1751(para)
21616
#: serverguide/C/mail.xml:1689(para)
21099
21617
msgid "For more information on filtering mail see the following links:"
21100
21618
msgstr ""
21101
21619
21102
#: serverguide/C/mail.xml:1757(ulink)
21620
#: serverguide/C/mail.xml:1695(ulink)
21103
21621
msgid "Amavisd-new Documentation"
21104
21622
msgstr ""
21105
21623
21106
#: serverguide/C/mail.xml:1761(para)
21624
#: serverguide/C/mail.xml:1699(para)
21107
21625
msgid ""
21108
21626
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21109
21627
"Documentation</ulink> and <ulink "
21110
21628
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21111
21629
msgstr ""
21112
21630
21113
#: serverguide/C/mail.xml:1768(ulink)
21631
#: serverguide/C/mail.xml:1706(ulink)
21114
21632
msgid "Spamassassin Wiki"
21115
21633
msgstr ""
21116
21634
21117
#: serverguide/C/mail.xml:1773(ulink)
21635
#: serverguide/C/mail.xml:1711(ulink)
21118
21636
msgid "Pyzor Homepage"
21119
21637
msgstr ""
21120
21638
21121
#: serverguide/C/mail.xml:1778(ulink)
21639
#: serverguide/C/mail.xml:1716(ulink)
21122
21640
msgid "Razor Homepage"
21123
21641
msgstr ""
21124
21642
21125
#: serverguide/C/mail.xml:1783(ulink)
21643
#: serverguide/C/mail.xml:1721(ulink)
21126
21644
msgid "DKIM.org"
21127
21645
msgstr ""
21128
21646
21129
#: serverguide/C/mail.xml:1788(ulink)
21647
#: serverguide/C/mail.xml:1726(ulink)
21130
21648
msgid "Postfix Amavis New"
21131
21649
msgstr ""
21132
21650
21133
#: serverguide/C/mail.xml:1792(para)
21651
#: serverguide/C/mail.xml:1730(para)
21134
21652
msgid ""
21135
21653
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21136
21654
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
21285
21803
msgstr ""
21286
21804
21287
21805
#: serverguide/C/lamp-applications.xml:144(command)
21288
msgid "sudo chown -R www-data.www-data mywiki"
21806
msgid "sudo chown -R www-data:www-data mywiki"
21289
21807
msgstr ""
21290
21808
21291
21809
#: serverguide/C/lamp-applications.xml:145(command)
21384
21902
"server:"
21385
21903
msgstr ""
21386
21904
21387
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1246(title)
21905
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
21388
21906
msgid "Verification"
21389
21907
msgstr ""
21390
21908
21461
21979
#: serverguide/C/lamp-applications.xml:301(para)
21462
21980
msgid ""
21463
21981
"The Apache configuration file <filename>mediawiki.conf</filename> for "
21464
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
21465
"directory. You should uncomment the following line in this file to access "
21466
"MediaWiki application."
21982
"<application>MediaWiki</application> is installed in "
21983
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
21984
"<application>MediaWiki</application>, uncomment the following line in the "
21985
"file."
21467
21986
msgstr ""
21468
21987
21469
21988
#: serverguide/C/lamp-applications.xml:309(screen)
21473
21992
"# Alias /mediawiki /var/lib/mediawiki\n"
21474
21993
msgstr ""
21475
21994
21476
#: serverguide/C/lamp-applications.xml:313(para)
21477
msgid ""
21478
"After you uncomment the above line, restart Apache server and access "
21479
"MediaWiki using the following url:"
21480
msgstr ""
21481
21482
#: serverguide/C/lamp-applications.xml:318(programlisting)
21483
#, no-wrap
21484
msgid ""
21485
"\n"
21486
"http://localhost/mediawiki/config/index.php\n"
21487
msgstr ""
21488
21489
#: serverguide/C/lamp-applications.xml:323(para)
21490
msgid ""
21491
"Please read the <quote>Checking environment...</quote> section in this page. "
21492
"You should be able to fix many issues by carefully reading this section."
21995
#: serverguide/C/lamp-applications.xml:312(para)
21996
msgid ""
21997
"The <application>MediaWiki</application> configuration also needs to be "
21998
"enabled."
21999
msgstr ""
22000
22001
#: serverguide/C/lamp-applications.xml:316(command)
22002
msgid "sudo a2enconf mediawiki.conf"
22003
msgstr ""
22004
22005
#: serverguide/C/lamp-applications.xml:319(para)
22006
msgid "Restart Apache server."
22007
msgstr ""
22008
22009
#: serverguide/C/lamp-applications.xml:326(para)
22010
msgid ""
22011
"Access <application>MediaWiki</application> by visiting <ulink "
22012
"url=\"http://localhost/mediawiki/mw-"
22013
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
22014
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
22015
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
22016
"config/index.php</ulink> if your server has no GUI.)"
22017
msgstr ""
22018
22019
#: serverguide/C/lamp-applications.xml:334(para)
22020
msgid ""
22021
"Please read the <quote>Environmental checks</quote> section of the "
22022
"configuration page. You should be able to fix many issues by carefully "
22023
"reading this section."
21493
22024
msgstr ""
21494
22025
21495
22026
#: serverguide/C/lamp-applications.xml:330(para)
21550
22081
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
21551
22082
msgstr ""
21552
22083
21553
#: serverguide/C/lamp-applications.xml:383(para)
22084
#: serverguide/C/lamp-applications.xml:394(para)
21554
22085
msgid ""
21555
22086
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
21556
22087
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
21595
22126
"<application>Apache2</application> for the web server."
21596
22127
msgstr ""
21597
22128
21598
#: serverguide/C/lamp-applications.xml:425(para)
22129
#: serverguide/C/lamp-applications.xml:436(para)
21599
22130
msgid ""
21600
22131
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
21601
22132
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
21689
22220
"Wiki</ulink> page."
21690
22221
msgstr ""
21691
22222
21692
#: serverguide/C/lamp-applications.xml:506(title)
22223
#: serverguide/C/lamp-applications.xml:517(title)
21693
22224
msgid "WordPress"
21694
22225
msgstr ""
21695
22226
21696
#: serverguide/C/lamp-applications.xml:507(para)
22227
#: serverguide/C/lamp-applications.xml:518(para)
21697
22228
msgid ""
21698
22229
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
21699
22230
"licensed under the GNU GPLv2."
21700
22231
msgstr ""
21701
22232
21702
#: serverguide/C/lamp-applications.xml:513(para)
22233
#: serverguide/C/lamp-applications.xml:524(para)
21703
22234
msgid ""
21704
22235
"To install <application>WordPress</application>, run the following comand in "
21705
22236
"the command prompt:"
21706
22237
msgstr ""
21707
22238
21708
#: serverguide/C/lamp-applications.xml:518(command)
22239
#: serverguide/C/lamp-applications.xml:529(command)
21709
22240
msgid "sudo apt-get install wordpress"
21710
22241
msgstr ""
21711
22242
21712
#: serverguide/C/lamp-applications.xml:521(para)
22243
#: serverguide/C/lamp-applications.xml:532(para)
21713
22244
msgid ""
21714
22245
"You should also install <application>apache2</application> web server and "
21715
22246
"<application>mysql</application> server. For installing "
21720
22251
"linkend=\"mysql\"/> section."
21721
22252
msgstr ""
21722
22253
21723
#: serverguide/C/lamp-applications.xml:535(para)
22254
#: serverguide/C/lamp-applications.xml:546(para)
21724
22255
msgid ""
21725
22256
"For configuring your first <application>WordPress</application> application, "
21726
22257
"configure an apache site. Open <filename>/etc/apache2/sites-"
21727
22258
"available/wordpress.conf</filename> and write the following lines:"
21728
22259
msgstr ""
21729
22260
21730
#: serverguide/C/lamp-applications.xml:542(programlisting)
22261
#: serverguide/C/lamp-applications.xml:553(programlisting)
21731
22262
#, no-wrap
21732
22263
msgid ""
21733
22264
"\n"
21747
22278
" "
21748
22279
msgstr ""
21749
22280
21750
#: serverguide/C/lamp-applications.xml:558(para)
22281
#: serverguide/C/lamp-applications.xml:569(para)
21751
22282
msgid "Enable this new <application>WordPress</application> site"
21752
22283
msgstr ""
21753
22284
21754
#: serverguide/C/lamp-applications.xml:561(command)
22285
#: serverguide/C/lamp-applications.xml:572(command)
21755
22286
msgid "sudo a2ensite wordpress"
21756
22287
msgstr ""
21757
22288
21758
#: serverguide/C/lamp-applications.xml:564(para)
22289
#: serverguide/C/lamp-applications.xml:575(para)
21759
22290
msgid ""
21760
22291
"Once you configure the <application>apache2</application> web server and "
21761
22292
"make it ready for your <application>WordPress</application> application, you "
21763
22294
"<application>apache2</application> web server:"
21764
22295
msgstr ""
21765
22296
21766
#: serverguide/C/lamp-applications.xml:576(para)
22297
#: serverguide/C/lamp-applications.xml:587(para)
21767
22298
msgid ""
21768
22299
"To facilitate multiple <application>WordPress</application> installations, "
21769
22300
"the name of this configuration file is based on the Host header of the HTTP "
21776
22307
"NAME_OF_YOUR_VIRTUAL_HOST.php."
21777
22308
msgstr ""
21778
22309
21779
#: serverguide/C/lamp-applications.xml:587(para)
22310
#: serverguide/C/lamp-applications.xml:598(para)
21780
22311
msgid ""
21781
22312
"Once the configuration file is written, it is up to you to choose a "
21782
22313
"convention for username and password to mysql for each "
21784
22315
"shows only one, localhost, example."
21785
22316
msgstr ""
21786
22317
21787
#: serverguide/C/lamp-applications.xml:594(para)
22318
#: serverguide/C/lamp-applications.xml:605(para)
21788
22319
msgid ""
21789
22320
"Now configure <application>WordPress</application> to use a mysql database. "
21790
22321
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
21791
22322
"the following lines:"
21792
22323
msgstr ""
21793
22324
21794
#: serverguide/C/lamp-applications.xml:600(programlisting)
22325
#: serverguide/C/lamp-applications.xml:611(programlisting)
21795
22326
#, no-wrap
21796
22327
msgid ""
21797
22328
"\n"
21804
22335
"?>\n"
21805
22336
msgstr ""
21806
22337
21807
#: serverguide/C/lamp-applications.xml:609(para)
22338
#: serverguide/C/lamp-applications.xml:620(para)
21808
22339
msgid ""
21809
22340
"Now create this mysql database. Open a temporary file with mysql commands "
21810
22341
"<filename>wordpress.sql</filename> and write the following lines:"
21811
22342
msgstr ""
21812
22343
21813
#: serverguide/C/lamp-applications.xml:612(programlisting)
22344
#: serverguide/C/lamp-applications.xml:623(programlisting)
21814
22345
#, no-wrap
21815
22346
msgid ""
21816
22347
"\n"
21822
22353
"FLUSH PRIVILEGES;\n"
21823
22354
msgstr ""
21824
22355
21825
#: serverguide/C/lamp-applications.xml:620(para)
22356
#: serverguide/C/lamp-applications.xml:631(para)
21826
22357
msgid "Execute these commands."
21827
22358
msgstr ""
21828
22359
21829
#: serverguide/C/lamp-applications.xml:622(command)
22360
#: serverguide/C/lamp-applications.xml:633(command)
21830
22361
msgid ""
21831
22362
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
21832
22363
msgstr ""
21833
22364
21834
#: serverguide/C/lamp-applications.xml:624(para)
22365
#: serverguide/C/lamp-applications.xml:635(para)
21835
22366
msgid ""
21836
22367
"Your new <application>WordPress</application> can now be configured by "
21837
22368
"visiting <ulink url=\"http://localhost/blog/wp-"
21844
22375
"mail and click Install WordPress."
21845
22376
msgstr ""
21846
22377
21847
#: serverguide/C/lamp-applications.xml:631(para)
22378
#: serverguide/C/lamp-applications.xml:642(para)
21848
22379
msgid ""
21849
22380
"Note the generated password (if applicable) and click the login password. "
21850
22381
"Your <application>WordPress</application> is now ready for use."
21851
22382
msgstr ""
21852
22383
21853
#: serverguide/C/lamp-applications.xml:641(ulink)
22384
#: serverguide/C/lamp-applications.xml:652(ulink)
21854
22385
msgid "WordPress.org Codex"
21855
22386
msgstr ""
21856
22387
21857
#: serverguide/C/lamp-applications.xml:646(ulink)
22388
#: serverguide/C/lamp-applications.xml:657(ulink)
21858
22389
msgid "Ubuntu Wiki WordPress"
21859
22390
msgstr ""
21860
22391
21949
22480
msgid "Install Type"
21950
22481
msgstr ""
21951
22482
21952
#: serverguide/C/installation.xml:36(para)
22483
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
21953
22484
msgid "CPU"
21954
22485
msgstr ""
21955
22486
21981
22512
msgid "512 megabytes"
21982
22513
msgstr ""
21983
22514
21984
#: serverguide/C/installation.xml:50(para)
22515
#: serverguide/C/installation.xml:51(para)
21985
22516
msgid "1 gigabyte"
21986
22517
msgstr ""
21987
22518
21993
22524
msgid "Server (Minimal)"
21994
22525
msgstr ""
21995
22526
21996
#: serverguide/C/installation.xml:55(para)
22527
#: serverguide/C/installation.xml:48(para)
21997
22528
msgid "300 megahertz"
21998
22529
msgstr ""
21999
22530
22009
22540
msgid "1.4 gigabytes"
22010
22541
msgstr ""
22011
22542
22012
#: serverguide/C/installation.xml:64(para)
22543
#: serverguide/C/installation.xml:56(para)
22013
22544
msgid ""
22014
22545
"The Server Edition provides a common base for all sorts of server "
22015
22546
"applications. It is a minimalist design providing a platform for the desired "
22016
22547
"services, such as file/print services, web hosting, email hosting, etc."
22017
22548
msgstr ""
22018
22549
22019
#: serverguide/C/installation.xml:72(title)
22550
#: serverguide/C/installation.xml:70(title)
22020
22551
msgid "Server and Desktop Differences"
22021
22552
msgstr ""
22022
22553
22023
#: serverguide/C/installation.xml:73(para)
22554
#: serverguide/C/installation.xml:71(para)
22024
22555
msgid ""
22025
22556
"There are a few differences between the <emphasis>Ubuntu Server "
22026
22557
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
22036
22567
"environment in the Server Edition and the installation process."
22037
22568
msgstr ""
22038
22569
22039
#: serverguide/C/installation.xml:86(title)
22570
#: serverguide/C/installation.xml:84(title)
22040
22571
msgid "Kernel Differences:"
22041
22572
msgstr ""
22042
22573
22043
#: serverguide/C/installation.xml:87(para)
22574
#: serverguide/C/installation.xml:85(para)
22044
22575
msgid ""
22045
22576
"Ubuntu version 10.10 and prior, actually had different kernels for the "
22046
22577
"server and desktop editions. Ubuntu no longer has separate -server and -"
22048
22579
"flavor to help reduce the maintenance burden over the life of the release."
22049
22580
msgstr ""
22050
22581
22051
#: serverguide/C/installation.xml:92(para)
22582
#: serverguide/C/installation.xml:90(para)
22052
22583
msgid ""
22053
22584
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
22054
22585
"limited by memory addressing space."
22062
22593
"great resource on the options available."
22063
22594
msgstr ""
22064
22595
22065
#: serverguide/C/installation.xml:106(title)
22596
#: serverguide/C/installation.xml:104(title)
22066
22597
msgid "Backing Up"
22067
22598
msgstr ""
22068
22599
22069
#: serverguide/C/installation.xml:109(para)
22600
#: serverguide/C/installation.xml:107(para)
22070
22601
msgid ""
22071
22602
"Before installing <application>Ubuntu Server Edition</application> you "
22072
22603
"should make sure all data on the system is backed up. See <xref "
22073
22604
"linkend=\"backups\"/> for backup options."
22074
22605
msgstr ""
22075
22606
22076
#: serverguide/C/installation.xml:113(para)
22607
#: serverguide/C/installation.xml:111(para)
22077
22608
msgid ""
22078
22609
"If this is not the first time an operating system has been installed on your "
22079
22610
"computer, it is likely you will need to re-partition your disk to make room "
22080
22611
"for Ubuntu."
22081
22612
msgstr ""
22082
22613
22083
#: serverguide/C/installation.xml:117(para)
22614
#: serverguide/C/installation.xml:115(para)
22084
22615
msgid ""
22085
22616
"Any time you partition your disk, you should be prepared to lose everything "
22086
22617
"on the disk should you make a mistake or something goes wrong during "
22088
22619
"have seen years of use, but they also perform destructive actions."
22089
22620
msgstr ""
22090
22621
22091
#: serverguide/C/installation.xml:129(title)
22622
#: serverguide/C/installation.xml:127(title)
22092
22623
msgid "Installing from CD"
22093
22624
msgstr ""
22094
22625
22095
#: serverguide/C/installation.xml:130(para)
22626
#: serverguide/C/installation.xml:128(para)
22096
22627
msgid ""
22097
22628
"The basic steps to install Ubuntu Server Edition from CD are the same as "
22098
22629
"those for installing any operating system from CD. Unlike the "
22101
22632
"Server Edition uses a console menu based process instead."
22102
22633
msgstr ""
22103
22634
22104
#: serverguide/C/installation.xml:137(para)
22635
#: serverguide/C/installation.xml:135(para)
22105
22636
msgid ""
22106
22637
"First, download and burn the appropriate ISO file from the <ulink "
22107
22638
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
22108
22639
"site</ulink>."
22109
22640
msgstr ""
22110
22641
22111
#: serverguide/C/installation.xml:143(para)
22642
#: serverguide/C/installation.xml:141(para)
22112
22643
msgid "Boot the system from the CD-ROM drive."
22113
22644
msgstr ""
22114
22645
22115
#: serverguide/C/installation.xml:148(para)
22646
#: serverguide/C/installation.xml:146(para)
22116
22647
msgid "At the boot prompt you will be asked to select a language."
22117
22648
msgstr ""
22118
22649
22119
#: serverguide/C/installation.xml:153(para)
22650
#: serverguide/C/installation.xml:151(para)
22120
22651
msgid ""
22121
22652
"From the main boot menu there are some additional options to install Ubuntu "
22122
22653
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
22125
22656
"install."
22126
22657
msgstr ""
22127
22658
22128
#: serverguide/C/installation.xml:160(para)
22659
#: serverguide/C/installation.xml:158(para)
22129
22660
msgid ""
22130
22661
"The installer asks for which language it should use. Afterwards, you are "
22131
22662
"asked to select your location."
22132
22663
msgstr ""
22133
22664
22134
#: serverguide/C/installation.xml:166(para)
22665
#: serverguide/C/installation.xml:164(para)
22135
22666
msgid ""
22136
22667
"Next, the installation process begins by asking for your keyboard layout. "
22137
22668
"You can ask the installer to attempt auto-detecting it, or you can select it "
22138
22669
"manually from a list."
22139
22670
msgstr ""
22140
22671
22141
#: serverguide/C/installation.xml:172(para)
22672
#: serverguide/C/installation.xml:170(para)
22142
22673
msgid ""
22143
22674
"The installer then discovers your hardware configuration, and configures the "
22144
22675
"network settings using DHCP. If you do not wish to use DHCP at the next "
22150
22681
msgid "Next, the installer asks for the system's hostname."
22151
22682
msgstr ""
22152
22683
22153
#: serverguide/C/installation.xml:184(para)
22684
#: serverguide/C/installation.xml:195(para)
22154
22685
msgid ""
22155
22686
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22156
22687
"through the <application>sudo</application> utility."
22157
22688
msgstr ""
22158
22689
22159
#: serverguide/C/installation.xml:190(para)
22690
#: serverguide/C/installation.xml:201(para)
22160
22691
msgid ""
22161
22692
"After the user settings have been completed, you will be asked to encrypt "
22162
22693
"your <filename role=\"directory\">home</filename> directory."
22166
22697
msgid "Next, the installer asks for the system's Time Zone."
22167
22698
msgstr ""
22168
22699
22169
#: serverguide/C/installation.xml:201(para)
22700
#: serverguide/C/installation.xml:182(para)
22170
22701
msgid ""
22171
22702
"You can then choose from several options to configure the hard drive layout. "
22172
22703
"Afterwards you are asked for which disk to install to. You may get "
22176
22707
"linkend=\"advanced-installation\"/>."
22177
22708
msgstr ""
22178
22709
22179
#: serverguide/C/installation.xml:209(para)
22710
#: serverguide/C/installation.xml:190(para)
22180
22711
msgid "The Ubuntu base system is then installed."
22181
22712
msgstr ""
22182
22713
22183
#: serverguide/C/installation.xml:214(para)
22714
#: serverguide/C/installation.xml:207(para)
22184
22715
msgid ""
22185
22716
"The next step in the installation process is to decide how you want to "
22186
22717
"update the system. There are three options:"
22187
22718
msgstr ""
22188
22719
22189
#: serverguide/C/installation.xml:220(para)
22720
#: serverguide/C/installation.xml:213(para)
22190
22721
msgid ""
22191
22722
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
22192
22723
"log into the machine and manually install updates."
22193
22724
msgstr ""
22194
22725
22195
#: serverguide/C/installation.xml:226(para)
22726
#: serverguide/C/installation.xml:219(para)
22196
22727
msgid ""
22197
22728
"<emphasis>Install security updates automatically</emphasis>: this will "
22198
22729
"install the <application>unattended-upgrades</application> package, which "
22200
22731
"For more details see <xref linkend=\"automatic-updates\"/>."
22201
22732
msgstr ""
22202
22733
22203
#: serverguide/C/installation.xml:233(para)
22734
#: serverguide/C/installation.xml:226(para)
22204
22735
msgid ""
22205
22736
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
22206
22737
"service provided by Canonical to help manage your Ubuntu machines. See the "
22208
22739
"site for details."
22209
22740
msgstr ""
22210
22741
22211
#: serverguide/C/installation.xml:242(para)
22742
#: serverguide/C/installation.xml:235(para)
22212
22743
msgid ""
22213
22744
"You now have the option to install, or not install, several package tasks. "
22214
22745
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
22216
22747
"install. For more information see <xref linkend=\"aptitude\"/>."
22217
22748
msgstr ""
22218
22749
22219
#: serverguide/C/installation.xml:250(para)
22750
#: serverguide/C/installation.xml:243(para)
22220
22751
msgid "Finally, the last step before rebooting is to set the clock to UTC."
22221
22752
msgstr ""
22222
22753
22223
#: serverguide/C/installation.xml:256(para)
22754
#: serverguide/C/installation.xml:249(para)
22224
22755
msgid ""
22225
22756
"If at any point during installation you are not satisfied by the default "
22226
22757
"setting, use the \"Go Back\" function at any prompt to be brought to a "
22228
22759
"settings."
22229
22760
msgstr ""
22230
22761
22231
#: serverguide/C/installation.xml:261(para)
22762
#: serverguide/C/installation.xml:254(para)
22232
22763
msgid ""
22233
22764
"At some point during the installation process you may want to read the help "
22234
22765
"screen provided by the installation system. To do this, press F1."
22241
22772
"Installation Guide</ulink>."
22242
22773
msgstr ""
22243
22774
22244
#: serverguide/C/installation.xml:272(title)
22775
#: serverguide/C/installation.xml:265(title)
22245
22776
msgid "Package Tasks"
22246
22777
msgstr ""
22247
22778
22248
#: serverguide/C/installation.xml:273(para)
22779
#: serverguide/C/installation.xml:266(para)
22249
22780
msgid ""
22250
22781
"During the Server Edition installation you have the option of installing "
22251
22782
"additional packages from the CD. The packages are grouped by the type of "
22252
22783
"service they provide."
22253
22784
msgstr ""
22254
22785
22255
#: serverguide/C/installation.xml:279(para)
22786
#: serverguide/C/installation.xml:272(para)
22256
22787
msgid "DNS server: Selects the BIND DNS server and its documentation."
22257
22788
msgstr ""
22258
22789
22259
#: serverguide/C/installation.xml:284(para)
22790
#: serverguide/C/installation.xml:277(para)
22260
22791
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
22261
22792
msgstr ""
22262
22793
22263
#: serverguide/C/installation.xml:289(para)
22794
#: serverguide/C/installation.xml:282(para)
22264
22795
msgid ""
22265
22796
"Mail server: This task selects a variety of packages useful for a general "
22266
22797
"purpose mail server system."
22267
22798
msgstr ""
22268
22799
22269
#: serverguide/C/installation.xml:294(para)
22800
#: serverguide/C/installation.xml:287(para)
22270
22801
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
22271
22802
msgstr ""
22272
22803
22273
#: serverguide/C/installation.xml:299(para)
22804
#: serverguide/C/installation.xml:292(para)
22274
22805
msgid ""
22275
22806
"PostgreSQL database: This task selects client and server packages for the "
22276
22807
"PostgreSQL database."
22277
22808
msgstr ""
22278
22809
22279
#: serverguide/C/installation.xml:304(para)
22810
#: serverguide/C/installation.xml:297(para)
22280
22811
msgid "Print server: This task sets up your system to be a print server."
22281
22812
msgstr ""
22282
22813
22283
#: serverguide/C/installation.xml:309(para)
22814
#: serverguide/C/installation.xml:302(para)
22284
22815
msgid ""
22285
22816
"Samba File server: This task sets up your system to be a Samba file server, "
22286
22817
"which is especially suitable in networks with both Windows and Linux systems."
22287
22818
msgstr ""
22288
22819
22289
#: serverguide/C/installation.xml:315(para)
22820
#: serverguide/C/installation.xml:308(para)
22290
22821
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
22291
22822
msgstr ""
22292
22823
22293
#: serverguide/C/installation.xml:320(para)
22824
#: serverguide/C/installation.xml:313(para)
22294
22825
msgid ""
22295
22826
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
22296
22827
msgstr ""
22297
22828
22298
#: serverguide/C/installation.xml:325(para)
22829
#: serverguide/C/installation.xml:318(para)
22299
22830
msgid ""
22300
22831
"Manually select packages: Executes <application>aptitude</application> "
22301
22832
"allowing you to individually select packages."
22302
22833
msgstr ""
22303
22834
22304
#: serverguide/C/installation.xml:330(para)
22835
#: serverguide/C/installation.xml:323(para)
22305
22836
msgid ""
22306
22837
"Installing the package groups is accomplished using the "
22307
22838
"<application>tasksel</application> utility. One of the important differences "
22312
22843
"a fully integrated service."
22313
22844
msgstr ""
22314
22845
22315
#: serverguide/C/installation.xml:337(para)
22846
#: serverguide/C/installation.xml:330(para)
22316
22847
msgid ""
22317
22848
"Once the installation process has finished you can view a list of available "
22318
22849
"tasks by entering the following from a terminal prompt:"
22319
22850
msgstr ""
22320
22851
22321
#: serverguide/C/installation.xml:342(command)
22852
#: serverguide/C/installation.xml:335(command)
22322
22853
msgid "tasksel --list-tasks"
22323
22854
msgstr ""
22324
22855
22325
#: serverguide/C/installation.xml:345(para)
22856
#: serverguide/C/installation.xml:338(para)
22326
22857
msgid ""
22327
22858
"The output will list tasks from other Ubuntu based distributions such as "
22328
22859
"Kubuntu and Edubuntu. Note that you can also invoke the "
22330
22861
"the different tasks available."
22331
22862
msgstr ""
22332
22863
22333
#: serverguide/C/installation.xml:351(para)
22864
#: serverguide/C/installation.xml:344(para)
22334
22865
msgid ""
22335
22866
"You can view a list of which packages are installed with each task using the "
22336
22867
"<emphasis>--task-packages</emphasis> option. For example, to list the "
22338
22869
"following:"
22339
22870
msgstr ""
22340
22871
22341
#: serverguide/C/installation.xml:356(command)
22872
#: serverguide/C/installation.xml:349(command)
22342
22873
msgid "tasksel --task-packages dns-server"
22343
22874
msgstr ""
22344
22875
22345
#: serverguide/C/installation.xml:358(para)
22876
#: serverguide/C/installation.xml:351(para)
22346
22877
msgid "The output of the command should list:"
22347
22878
msgstr ""
22348
22879
22349
#: serverguide/C/installation.xml:361(programlisting)
22880
#: serverguide/C/installation.xml:354(programlisting)
22350
22881
#, no-wrap
22351
22882
msgid ""
22352
22883
"\n"
22355
22886
"bind9\n"
22356
22887
msgstr ""
22357
22888
22358
#: serverguide/C/installation.xml:366(para)
22889
#: serverguide/C/installation.xml:359(para)
22359
22890
msgid ""
22360
22891
"If you did not install one of the tasks during the installation process, but "
22361
22892
"for example you decide to make your new LAMP server a DNS server as well, "
22362
22893
"simply insert the installation CD and from a terminal:"
22363
22894
msgstr ""
22364
22895
22365
#: serverguide/C/installation.xml:371(command)
22896
#: serverguide/C/installation.xml:364(command)
22366
22897
msgid "sudo tasksel install dns-server"
22367
22898
msgstr ""
22368
22899
22369
#: serverguide/C/installation.xml:376(title)
22900
#: serverguide/C/installation.xml:369(title)
22370
22901
msgid "Upgrading"
22371
22902
msgstr ""
22372
22903
22373
#: serverguide/C/installation.xml:377(para)
22904
#: serverguide/C/installation.xml:370(para)
22374
22905
msgid ""
22375
22906
"There are several ways to upgrade from one Ubuntu release to another. This "
22376
22907
"section gives an overview of the recommended upgrade method."
22377
22908
msgstr ""
22378
22909
22379
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
22910
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
22380
22911
msgid "do-release-upgrade"
22381
22912
msgstr ""
22382
22913
22383
#: serverguide/C/installation.xml:382(para)
22914
#: serverguide/C/installation.xml:375(para)
22384
22915
msgid ""
22385
22916
"The recommended way to upgrade a Server Edition installation is to use the "
22386
22917
"<application>do-release-upgrade</application> utility. Part of the "
22388
22919
"graphical dependencies and is installed by default."
22389
22920
msgstr ""
22390
22921
22391
#: serverguide/C/installation.xml:387(para)
22922
#: serverguide/C/installation.xml:380(para)
22392
22923
msgid ""
22393
22924
"Debian based systems can also be upgraded by using <command>apt-get dist-"
22394
22925
"upgrade</command>. However, using <application>do-release-"
22396
22927
"system configuration changes sometimes needed between releases."
22397
22928
msgstr ""
22398
22929
22399
#: serverguide/C/installation.xml:392(para)
22930
#: serverguide/C/installation.xml:385(para)
22400
22931
msgid "To upgrade to a newer release, from a terminal prompt enter:"
22401
22932
msgstr ""
22402
22933
22403
#: serverguide/C/installation.xml:398(para)
22934
#: serverguide/C/installation.xml:391(para)
22404
22935
msgid ""
22405
22936
"It is also possible to use <application>do-release-upgrade</application> to "
22406
22937
"upgrade to a development version of Ubuntu. To accomplish this use the "
22407
22938
"<emphasis>-d</emphasis> switch:"
22408
22939
msgstr ""
22409
22940
22410
#: serverguide/C/installation.xml:403(command)
22941
#: serverguide/C/installation.xml:396(command)
22411
22942
msgid "do-release-upgrade -d"
22412
22943
msgstr ""
22413
22944
22414
#: serverguide/C/installation.xml:406(para)
22945
#: serverguide/C/installation.xml:399(para)
22415
22946
msgid ""
22416
22947
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
22417
22948
"for production environments."
22418
22949
msgstr ""
22419
22950
22420
#: serverguide/C/installation.xml:413(title)
22951
#: serverguide/C/installation.xml:406(title)
22421
22952
msgid "Advanced Installation"
22422
22953
msgstr ""
22423
22954
22424
#: serverguide/C/installation.xml:416(title)
22955
#: serverguide/C/installation.xml:409(title)
22425
22956
msgid "Software RAID"
22426
22957
msgstr ""
22427
22958
22428
#: serverguide/C/installation.xml:418(para)
22959
#: serverguide/C/installation.xml:411(para)
22429
22960
msgid ""
22430
22961
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
22431
22962
"disks to provide different balances of increasing data reliability and/or "
22436
22967
"the drives 'invisibly')."
22437
22968
msgstr ""
22438
22969
22439
#: serverguide/C/installation.xml:426(para)
22970
#: serverguide/C/installation.xml:419(para)
22440
22971
msgid ""
22441
22972
"The RAID software included with current versions of Linux (and Ubuntu) is "
22442
22973
"based on the <application>'mdadm'</application> driver and works very well, "
22446
22977
"another for <emphasis>swap</emphasis>."
22447
22978
msgstr ""
22448
22979
22449
#: serverguide/C/installation.xml:434(title)
22980
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
22450
22981
msgid "Partitioning"
22451
22982
msgstr ""
22452
22983
22453
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
22984
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
22454
22985
msgid ""
22455
22986
"Follow the installation steps until you get to the <emphasis>Partition "
22456
22987
"disks</emphasis> step, then:"
22457
22988
msgstr ""
22458
22989
22990
#: serverguide/C/installation.xml:436(para)
22991
msgid "Select <emphasis>Manual</emphasis> as the partition method."
22992
msgstr ""
22993
22459
22994
#: serverguide/C/installation.xml:443(para)
22460
msgid "Select <emphasis>Manual</emphasis> as the partition method."
22461
msgstr ""
22462
22463
#: serverguide/C/installation.xml:450(para)
22464
22995
msgid ""
22465
22996
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
22466
22997
"partition table on this device?\"</emphasis>."
22467
22998
msgstr ""
22468
22999
23000
#: serverguide/C/installation.xml:447(para)
23001
msgid ""
23002
"Repeat this step for each drive you wish to be part of the RAID array."
23003
msgstr ""
23004
22469
23005
#: serverguide/C/installation.xml:454(para)
22470
23006
msgid ""
22471
"Repeat this step for each drive you wish to be part of the RAID array."
22472
msgstr ""
22473
22474
#: serverguide/C/installation.xml:461(para)
22475
msgid ""
22476
23007
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
22477
23008
"select <emphasis>\"Create a new partition\"</emphasis>."
22478
23009
msgstr ""
22479
23010
22480
#: serverguide/C/installation.xml:468(para)
23011
#: serverguide/C/installation.xml:461(para)
22481
23012
msgid ""
22482
23013
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
22483
23014
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
22485
23016
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
22486
23017
msgstr ""
22487
23018
22488
#: serverguide/C/installation.xml:475(para)
23019
#: serverguide/C/installation.xml:468(para)
22489
23020
msgid ""
22490
23021
"A swap partition size of twice the available RAM capacity may not always be "
22491
23022
"desirable, especially on systems with large amounts of RAM. Calculating the "
22493
23024
"going to be used."
22494
23025
msgstr ""
22495
23026
22496
#: serverguide/C/installation.xml:484(para)
23027
#: serverguide/C/installation.xml:477(para)
22497
23028
msgid ""
22498
23029
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
22499
23030
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
22501
23032
"<emphasis>\"Done setting up partition\"</emphasis>."
22502
23033
msgstr ""
22503
23034
22504
#: serverguide/C/installation.xml:493(para)
23035
#: serverguide/C/installation.xml:486(para)
22505
23036
msgid ""
22506
23037
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
22507
23038
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
22508
23039
"partition\"</emphasis>."
22509
23040
msgstr ""
22510
23041
22511
#: serverguide/C/installation.xml:501(para)
23042
#: serverguide/C/installation.xml:494(para)
22512
23043
msgid ""
22513
23044
"Use the rest of the free space on the drive and choose "
22514
23045
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
22515
23046
msgstr ""
22516
23047
22517
#: serverguide/C/installation.xml:508(para)
23048
#: serverguide/C/installation.xml:501(para)
22518
23049
msgid ""
22519
23050
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
22520
23051
"at the top, changing it to <emphasis>\"physical volume for "
22523
23054
"<emphasis>\"Done setting up partition\"</emphasis>."
22524
23055
msgstr ""
22525
23056
22526
#: serverguide/C/installation.xml:518(para)
23057
#: serverguide/C/installation.xml:511(para)
22527
23058
msgid "Repeat steps three through eight for the other disk and partitions."
22528
23059
msgstr ""
22529
23060
22530
#: serverguide/C/installation.xml:527(title)
23061
#: serverguide/C/installation.xml:520(title)
22531
23062
msgid "RAID Configuration"
22532
23063
msgstr ""
22533
23064
23065
#: serverguide/C/installation.xml:522(para)
23066
msgid "With the partitions setup the arrays are ready to be configured:"
23067
msgstr ""
23068
22534
23069
#: serverguide/C/installation.xml:529(para)
22535
msgid "With the partitions setup the arrays are ready to be configured:"
22536
msgstr ""
22537
22538
#: serverguide/C/installation.xml:536(para)
22539
23070
msgid ""
22540
23071
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
22541
23072
"Software RAID\"</emphasis> at the top."
22542
23073
msgstr ""
22543
23074
23075
#: serverguide/C/installation.xml:536(para)
23076
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23077
msgstr ""
23078
22544
23079
#: serverguide/C/installation.xml:543(para)
22545
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23080
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22546
23081
msgstr ""
22547
23082
22548
23083
#: serverguide/C/installation.xml:550(para)
22549
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22550
msgstr ""
22551
22552
#: serverguide/C/installation.xml:557(para)
22553
23084
msgid ""
22554
23085
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
22555
23086
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
22556
23087
msgstr ""
22557
23088
22558
#: serverguide/C/installation.xml:563(para)
23089
#: serverguide/C/installation.xml:556(para)
22559
23090
msgid ""
22560
23091
"In order to use <emphasis>RAID5</emphasis> you need at least "
22561
23092
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
22562
23093
"<emphasis>two</emphasis> drives are required."
22563
23094
msgstr ""
22564
23095
22565
#: serverguide/C/installation.xml:572(para)
23096
#: serverguide/C/installation.xml:565(para)
22566
23097
msgid ""
22567
23098
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
22568
23099
"of hard drives you have, for the array. Then select "
22569
23100
"<emphasis>\"Continue\"</emphasis>."
22570
23101
msgstr ""
22571
23102
22572
#: serverguide/C/installation.xml:580(para)
23103
#: serverguide/C/installation.xml:573(para)
22573
23104
msgid ""
22574
23105
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
22575
23106
"default, then choose <emphasis>\"Continue\"</emphasis>."
22576
23107
msgstr ""
22577
23108
22578
#: serverguide/C/installation.xml:587(para)
23109
#: serverguide/C/installation.xml:580(para)
22579
23110
msgid ""
22580
23111
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22581
23112
"etc. The numbers will usually match and the different letters correspond to "
22582
23113
"different hard drives."
22583
23114
msgstr ""
22584
23115
22585
#: serverguide/C/installation.xml:592(para)
23116
#: serverguide/C/installation.xml:585(para)
22586
23117
msgid ""
22587
23118
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22588
23119
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22589
23120
"go to the next step."
22590
23121
msgstr ""
22591
23122
22592
#: serverguide/C/installation.xml:600(para)
23123
#: serverguide/C/installation.xml:593(para)
22593
23124
msgid ""
22594
23125
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22595
23126
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22596
23127
"and <emphasis>sdb2</emphasis>."
22597
23128
msgstr ""
22598
23129
22599
#: serverguide/C/installation.xml:608(para)
23130
#: serverguide/C/installation.xml:601(para)
22600
23131
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22601
23132
msgstr ""
22602
23133
22603
#: serverguide/C/installation.xml:618(title)
23134
#: serverguide/C/installation.xml:611(title)
22604
23135
msgid "Formatting"
22605
23136
msgstr ""
22606
23137
22607
#: serverguide/C/installation.xml:620(para)
23138
#: serverguide/C/installation.xml:613(para)
22608
23139
msgid ""
22609
23140
"There should now be a list of hard drives and RAID devices. The next step is "
22610
23141
"to format and set the mount point for the RAID devices. Treat the RAID "
22611
23142
"device as a local hard drive, format and mount accordingly."
22612
23143
msgstr ""
22613
23144
22614
#: serverguide/C/installation.xml:628(para)
23145
#: serverguide/C/installation.xml:621(para)
22615
23146
msgid ""
22616
23147
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22617
23148
"#0\"</emphasis> partition."
22618
23149
msgstr ""
22619
23150
22620
#: serverguide/C/installation.xml:635(para)
23151
#: serverguide/C/installation.xml:628(para)
22621
23152
msgid ""
22622
23153
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22623
23154
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22624
23155
msgstr ""
22625
23156
22626
#: serverguide/C/installation.xml:643(para)
23157
#: serverguide/C/installation.xml:636(para)
22627
23158
msgid ""
22628
23159
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22629
23160
"#1\"</emphasis> partition."
22630
23161
msgstr ""
22631
23162
22632
#: serverguide/C/installation.xml:650(para)
23163
#: serverguide/C/installation.xml:643(para)
22633
23164
msgid ""
22634
23165
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22635
23166
"journaling file system\"</emphasis>."
22636
23167
msgstr ""
22637
23168
22638
#: serverguide/C/installation.xml:657(para)
23169
#: serverguide/C/installation.xml:650(para)
22639
23170
msgid ""
22640
23171
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22641
23172
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22643
23174
"partition\"</emphasis>."
22644
23175
msgstr ""
22645
23176
23177
#: serverguide/C/installation.xml:658(para)
23178
msgid ""
23179
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23180
"disk\"</emphasis>."
23181
msgstr ""
23182
22646
23183
#: serverguide/C/installation.xml:665(para)
22647
23184
msgid ""
22648
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22649
"disk\"</emphasis>."
22650
msgstr ""
22651
22652
#: serverguide/C/installation.xml:672(para)
22653
msgid ""
22654
23185
"If you choose to place the root partition on a RAID array, the installer "
22655
23186
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
22656
23187
"state. See <xref linkend=\"raid-degraded\"/> for further details."
22657
23188
msgstr ""
22658
23189
22659
#: serverguide/C/installation.xml:677(para)
23190
#: serverguide/C/installation.xml:670(para)
22660
23191
msgid "The installation process will then continue normally."
22661
23192
msgstr ""
22662
23193
22663
#: serverguide/C/installation.xml:683(title)
23194
#: serverguide/C/installation.xml:676(title)
22664
23195
msgid "Degraded RAID"
22665
23196
msgstr ""
22666
23197
22667
#: serverguide/C/installation.xml:685(para)
23198
#: serverguide/C/installation.xml:678(para)
22668
23199
msgid ""
22669
23200
"At some point in the life of the computer a disk failure event may occur. "
22670
23201
"When this happens, using Software RAID, the operating system will place the "
22671
23202
"array into what is known as a <emphasis>degraded</emphasis> state."
22672
23203
msgstr ""
22673
23204
22674
#: serverguide/C/installation.xml:690(para)
23205
#: serverguide/C/installation.xml:683(para)
22675
23206
msgid ""
22676
23207
"If the array has become degraded, due to the chance of data corruption, by "
22677
23208
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
22682
23213
"Booting to a degraded array can be configured several ways:"
22683
23214
msgstr ""
22684
23215
22685
#: serverguide/C/installation.xml:701(para)
23216
#: serverguide/C/installation.xml:694(para)
22686
23217
msgid ""
22687
23218
"The <application>dpkg-reconfigure</application> utility can be used to "
22688
23219
"configure the default behavior, and during the process you will be queried "
22691
23222
"following:"
22692
23223
msgstr ""
22693
23224
22694
#: serverguide/C/installation.xml:708(command)
23225
#: serverguide/C/installation.xml:701(command)
22695
23226
msgid "sudo dpkg-reconfigure mdadm"
22696
23227
msgstr ""
22697
23228
22698
#: serverguide/C/installation.xml:714(para)
23229
#: serverguide/C/installation.xml:707(para)
22699
23230
msgid ""
22700
23231
"The <command>dpkg-reconfigure mdadm</command> process will change the "
22701
23232
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
22703
23234
"behavior, and can also be manually edited:"
22704
23235
msgstr ""
22705
23236
22706
#: serverguide/C/installation.xml:720(programlisting)
23237
#: serverguide/C/installation.xml:713(programlisting)
22707
23238
#, no-wrap
22708
23239
msgid ""
22709
23240
"\n"
22710
23241
"BOOT_DEGRADED=true\n"
22711
23242
msgstr ""
22712
23243
22713
#: serverguide/C/installation.xml:725(para)
23244
#: serverguide/C/installation.xml:718(para)
22714
23245
msgid "The configuration file can be overridden by using a Kernel argument."
22715
23246
msgstr ""
22716
23247
22717
#: serverguide/C/installation.xml:733(para)
23248
#: serverguide/C/installation.xml:726(para)
22718
23249
msgid ""
22719
23250
"Using a Kernel argument will allow the system to boot to a degraded array as "
22720
23251
"well:"
22721
23252
msgstr ""
22722
23253
22723
#: serverguide/C/installation.xml:739(para)
23254
#: serverguide/C/installation.xml:732(para)
22724
23255
msgid ""
22725
23256
"When the server is booting press <keycap>Shift</keycap> to open the "
22726
23257
"<application>Grub</application> menu."
22727
23258
msgstr ""
22728
23259
22729
#: serverguide/C/installation.xml:744(para)
23260
#: serverguide/C/installation.xml:737(para)
22730
23261
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22731
23262
msgstr ""
22732
23263
22733
#: serverguide/C/installation.xml:749(para)
23264
#: serverguide/C/installation.xml:742(para)
22734
23265
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22735
23266
msgstr ""
22736
23267
22737
#: serverguide/C/installation.xml:754(para)
23268
#: serverguide/C/installation.xml:747(para)
22738
23269
msgid ""
22739
23270
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22740
23271
"end of the line."
22741
23272
msgstr ""
22742
23273
22743
#: serverguide/C/installation.xml:759(para)
23274
#: serverguide/C/installation.xml:752(para)
22744
23275
msgid ""
22745
23276
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22746
23277
"the system."
22747
23278
msgstr ""
22748
23279
22749
#: serverguide/C/installation.xml:768(para)
23280
#: serverguide/C/installation.xml:761(para)
22750
23281
msgid ""
22751
23282
"Once the system has booted you can either repair the array see <xref "
22752
23283
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22753
23284
"another machine due to major hardware failure."
22754
23285
msgstr ""
22755
23286
22756
#: serverguide/C/installation.xml:775(title)
23287
#: serverguide/C/installation.xml:768(title)
22757
23288
msgid "RAID Maintenance"
22758
23289
msgstr ""
22759
23290
22760
#: serverguide/C/installation.xml:777(para)
23291
#: serverguide/C/installation.xml:770(para)
22761
23292
msgid ""
22762
23293
"The <application>mdadm</application> utility can be used to view the status "
22763
23294
"of an array, add disks to an array, remove disks, etc:"
22764
23295
msgstr ""
22765
23296
22766
#: serverguide/C/installation.xml:784(para)
23297
#: serverguide/C/installation.xml:777(para)
22767
23298
msgid "To view the status of an array, from a terminal prompt enter:"
22768
23299
msgstr ""
22769
23300
22770
#: serverguide/C/installation.xml:788(command)
23301
#: serverguide/C/installation.xml:781(command)
22771
23302
msgid "sudo mdadm -D /dev/md0"
22772
23303
msgstr ""
22773
23304
22774
#: serverguide/C/installation.xml:791(para)
23305
#: serverguide/C/installation.xml:784(para)
22775
23306
msgid ""
22776
23307
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22777
23308
"display <emphasis>detailed</emphasis> information about the "
22779
23310
"with the appropriate RAID device."
22780
23311
msgstr ""
22781
23312
22782
#: serverguide/C/installation.xml:797(para)
23313
#: serverguide/C/installation.xml:790(para)
22783
23314
msgid "To view the status of a disk in an array:"
22784
23315
msgstr ""
22785
23316
22786
#: serverguide/C/installation.xml:801(command)
23317
#: serverguide/C/installation.xml:794(command)
22787
23318
msgid "sudo mdadm -E /dev/sda1"
22788
23319
msgstr ""
22789
23320
22790
#: serverguide/C/installation.xml:803(para)
23321
#: serverguide/C/installation.xml:796(para)
22791
23322
msgid ""
22792
23323
"The output if very similar to the <command>mdadm -D</command> command, "
22793
23324
"adjust <filename>/dev/sda1</filename> for each disk."
22794
23325
msgstr ""
22795
23326
22796
#: serverguide/C/installation.xml:808(para)
23327
#: serverguide/C/installation.xml:801(para)
22797
23328
msgid "If a disk fails and needs to be removed from an array enter:"
22798
23329
msgstr ""
22799
23330
22800
#: serverguide/C/installation.xml:812(command)
23331
#: serverguide/C/installation.xml:805(command)
22801
23332
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
22802
23333
msgstr ""
22803
23334
22804
#: serverguide/C/installation.xml:814(para)
23335
#: serverguide/C/installation.xml:807(para)
22805
23336
msgid ""
22806
23337
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
22807
23338
"the appropriate RAID device and disk."
22808
23339
msgstr ""
22809
23340
22810
#: serverguide/C/installation.xml:819(para)
23341
#: serverguide/C/installation.xml:812(para)
22811
23342
msgid "Similarly, to add a new disk:"
22812
23343
msgstr ""
22813
23344
22814
#: serverguide/C/installation.xml:823(command)
23345
#: serverguide/C/installation.xml:816(command)
22815
23346
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
22816
23347
msgstr ""
22817
23348
22818
#: serverguide/C/installation.xml:828(para)
23349
#: serverguide/C/installation.xml:821(para)
22819
23350
msgid ""
22820
23351
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
22821
23352
"though there is nothing physically wrong with the drive. It is usually "
22824
23355
"the array, it is a good indication of hardware failure."
22825
23356
msgstr ""
22826
23357
22827
#: serverguide/C/installation.xml:834(para)
23358
#: serverguide/C/installation.xml:827(para)
22828
23359
msgid ""
22829
23360
"The <filename>/proc/mdstat</filename> file also contains useful information "
22830
23361
"about the system's RAID devices:"
22831
23362
msgstr ""
22832
23363
22833
#: serverguide/C/installation.xml:839(command)
23364
#: serverguide/C/installation.xml:832(command)
22834
23365
msgid "cat /proc/mdstat"
22835
23366
msgstr ""
22836
23367
22837
#: serverguide/C/installation.xml:840(computeroutput)
23368
#: serverguide/C/installation.xml:833(computeroutput)
22838
23369
#, no-wrap
22839
23370
msgid ""
22840
23371
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
22845
23376
"unused devices: <none>"
22846
23377
msgstr ""
22847
23378
22848
#: serverguide/C/installation.xml:847(para)
23379
#: serverguide/C/installation.xml:840(para)
22849
23380
msgid ""
22850
23381
"The following command is great for watching the status of a syncing drive:"
22851
23382
msgstr ""
22852
23383
22853
#: serverguide/C/installation.xml:852(command)
23384
#: serverguide/C/installation.xml:845(command)
22854
23385
msgid "watch -n1 cat /proc/mdstat"
22855
23386
msgstr ""
22856
23387
22857
#: serverguide/C/installation.xml:855(para)
23388
#: serverguide/C/installation.xml:848(para)
22858
23389
msgid ""
22859
23390
"Press <emphasis>Ctrl+c</emphasis> to stop the "
22860
23391
"<application>watch</application> command."
22861
23392
msgstr ""
22862
23393
22863
#: serverguide/C/installation.xml:859(para)
23394
#: serverguide/C/installation.xml:852(para)
22864
23395
msgid ""
22865
23396
"If you do need to replace a faulty drive, after the drive has been replaced "
22866
23397
"and synced, <application>grub</application> will need to be installed. To "
22868
23399
"following:"
22869
23400
msgstr ""
22870
23401
22871
#: serverguide/C/installation.xml:865(command)
23402
#: serverguide/C/installation.xml:858(command)
22872
23403
msgid "sudo grub-install /dev/md0"
22873
23404
msgstr ""
22874
23405
22875
#: serverguide/C/installation.xml:868(para)
23406
#: serverguide/C/installation.xml:861(para)
22876
23407
msgid ""
22877
23408
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
22878
23409
msgstr ""
22879
23410
22880
#: serverguide/C/installation.xml:876(para)
23411
#: serverguide/C/installation.xml:869(para)
22881
23412
msgid ""
22882
23413
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
22883
23414
"can be configured. Please see the following links for more information:"
22884
23415
msgstr ""
22885
23416
22886
#: serverguide/C/installation.xml:883(para)
23417
#: serverguide/C/installation.xml:876(para)
22887
23418
msgid ""
22888
23419
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
22889
23420
"Wiki Articles on RAID</ulink>."
22890
23421
msgstr ""
22891
23422
22892
#: serverguide/C/installation.xml:889(ulink)
23423
#: serverguide/C/installation.xml:882(ulink)
22893
23424
msgid "Software RAID HOWTO"
22894
23425
msgstr ""
22895
23426
22896
#: serverguide/C/installation.xml:894(ulink)
23427
#: serverguide/C/installation.xml:887(ulink)
22897
23428
msgid "Managing RAID on Linux"
22898
23429
msgstr ""
22899
23430
22900
#: serverguide/C/installation.xml:901(title)
23431
#: serverguide/C/installation.xml:894(title)
22901
23432
msgid "Logical Volume Manager (LVM)"
22902
23433
msgstr ""
22903
23434
22904
#: serverguide/C/installation.xml:903(para)
23435
#: serverguide/C/installation.xml:896(para)
22905
23436
msgid ""
22906
23437
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
22907
23438
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
22910
23441
"giving greater flexibility to systems as requirements change."
22911
23442
msgstr ""
22912
23443
22913
#: serverguide/C/installation.xml:912(para)
23444
#: serverguide/C/installation.xml:905(para)
22914
23445
msgid ""
22915
23446
"A side effect of LVM's power and flexibility is a greater degree of "
22916
23447
"complication. Before diving into the LVM installation process, it is best to "
22917
23448
"get familiar with some terms."
22918
23449
msgstr ""
22919
23450
22920
#: serverguide/C/installation.xml:919(para)
23451
#: serverguide/C/installation.xml:912(para)
22921
23452
msgid ""
22922
23453
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
22923
23454
"partition or software RAID partition formatted as LVM PV."
22924
23455
msgstr ""
22925
23456
22926
#: serverguide/C/installation.xml:925(para)
23457
#: serverguide/C/installation.xml:918(para)
22927
23458
msgid ""
22928
23459
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
22929
23460
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
22930
23461
"disk drive, from which one or more logical volumes are carved."
22931
23462
msgstr ""
22932
23463
22933
#: serverguide/C/installation.xml:931(para)
23464
#: serverguide/C/installation.xml:924(para)
22934
23465
msgid ""
22935
23466
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
22936
23467
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
22937
23468
"etc), it is then available for mounting and data storage."
22938
23469
msgstr ""
22939
23470
22940
#: serverguide/C/installation.xml:942(para)
23471
#: serverguide/C/installation.xml:935(para)
22941
23472
msgid ""
22942
23473
"As an example this section covers installing Ubuntu Server Edition with "
22943
23474
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
22946
23477
"can be extended."
22947
23478
msgstr ""
22948
23479
22949
#: serverguide/C/installation.xml:948(para)
23480
#: serverguide/C/installation.xml:941(para)
22950
23481
msgid ""
22951
23482
"There are several installation options for LVM, <emphasis>\"Guided - use the "
22952
23483
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
22957
23488
"the Manual approach."
22958
23489
msgstr ""
22959
23490
22960
#: serverguide/C/installation.xml:965(para)
23491
#: serverguide/C/installation.xml:958(para)
22961
23492
msgid ""
22962
23493
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
22963
23494
"<emphasis>\"Manual\"</emphasis>."
22964
23495
msgstr ""
22965
23496
22966
#: serverguide/C/installation.xml:972(para)
23497
#: serverguide/C/installation.xml:965(para)
22967
23498
msgid ""
22968
23499
"Select the hard disk and on the next screen choose \"yes\" to "
22969
23500
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
22970
23501
msgstr ""
22971
23502
22972
#: serverguide/C/installation.xml:979(para)
23503
#: serverguide/C/installation.xml:972(para)
22973
23504
msgid ""
22974
23505
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
22975
23506
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
22976
23507
msgstr ""
22977
23508
22978
#: serverguide/C/installation.xml:987(para)
23509
#: serverguide/C/installation.xml:980(para)
22979
23510
msgid ""
22980
23511
"For the LVM <emphasis>/srv</emphasis>, create a new "
22981
23512
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
22983
23514
"<emphasis>\"Done setting up the partition\"</emphasis>."
22984
23515
msgstr ""
22985
23516
22986
#: serverguide/C/installation.xml:995(para)
23517
#: serverguide/C/installation.xml:988(para)
22987
23518
msgid ""
22988
23519
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
22989
23520
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
22990
23521
"disk."
22991
23522
msgstr ""
22992
23523
22993
#: serverguide/C/installation.xml:1003(para)
23524
#: serverguide/C/installation.xml:996(para)
22994
23525
msgid ""
22995
23526
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
22996
23527
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
22999
23530
"<emphasis>\"Continue\"</emphasis>."
23000
23531
msgstr ""
23001
23532
23002
#: serverguide/C/installation.xml:1012(para)
23533
#: serverguide/C/installation.xml:1005(para)
23003
23534
msgid ""
23004
23535
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
23005
23536
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
23010
23541
"main <emphasis>\"Partition Disks\"</emphasis> screen."
23011
23542
msgstr ""
23012
23543
23013
#: serverguide/C/installation.xml:1022(para)
23544
#: serverguide/C/installation.xml:1015(para)
23014
23545
msgid ""
23015
23546
"Now add a filesystem to the new LVM. Select the partition under "
23016
23547
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
23019
23550
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23020
23551
msgstr ""
23021
23552
23022
#: serverguide/C/installation.xml:1031(para)
23553
#: serverguide/C/installation.xml:1024(para)
23023
23554
msgid ""
23024
23555
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23025
23556
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23026
23557
"the installation."
23027
23558
msgstr ""
23028
23559
23029
#: serverguide/C/installation.xml:1039(para)
23560
#: serverguide/C/installation.xml:1032(para)
23030
23561
msgid "There are some useful utilities to view information about LVM:"
23031
23562
msgstr ""
23032
23563
23033
#: serverguide/C/installation.xml:1044(para)
23564
#: serverguide/C/installation.xml:1037(para)
23034
23565
msgid ""
23035
23566
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23036
23567
msgstr ""
23037
23568
23038
#: serverguide/C/installation.xml:1045(para)
23569
#: serverguide/C/installation.xml:1038(para)
23039
23570
msgid ""
23040
23571
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23041
23572
msgstr ""
23042
23573
23043
#: serverguide/C/installation.xml:1046(para)
23574
#: serverguide/C/installation.xml:1039(para)
23044
23575
msgid ""
23045
23576
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23046
23577
msgstr ""
23047
23578
23048
#: serverguide/C/installation.xml:1051(title)
23579
#: serverguide/C/installation.xml:1044(title)
23049
23580
msgid "Extending Volume Groups"
23050
23581
msgstr ""
23051
23582
23052
#: serverguide/C/installation.xml:1053(para)
23583
#: serverguide/C/installation.xml:1046(para)
23053
23584
msgid ""
23054
23585
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23055
23586
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23061
23592
"partitions and use them as different physical volumes)"
23062
23593
msgstr ""
23063
23594
23064
#: serverguide/C/installation.xml:1061(para)
23595
#: serverguide/C/installation.xml:1054(para)
23065
23596
msgid ""
23066
23597
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23067
23598
"before issuing the commands below. You could lose some data if you issue "
23068
23599
"those commands on a non-empty disk."
23069
23600
msgstr ""
23070
23601
23071
#: serverguide/C/installation.xml:1069(para)
23602
#: serverguide/C/installation.xml:1062(para)
23072
23603
msgid "First, create the physical volume, in a terminal execute:"
23073
23604
msgstr ""
23074
23605
23075
#: serverguide/C/installation.xml:1074(command)
23606
#: serverguide/C/installation.xml:1067(command)
23076
23607
msgid "sudo pvcreate /dev/sdb"
23077
23608
msgstr ""
23078
23609
23079
#: serverguide/C/installation.xml:1080(para)
23610
#: serverguide/C/installation.xml:1073(para)
23080
23611
msgid "Now extend the Volume Group (VG):"
23081
23612
msgstr ""
23082
23613
23083
#: serverguide/C/installation.xml:1085(command)
23614
#: serverguide/C/installation.xml:1078(command)
23084
23615
msgid "sudo vgextend vg01 /dev/sdb"
23085
23616
msgstr ""
23086
23617
23087
#: serverguide/C/installation.xml:1091(para)
23618
#: serverguide/C/installation.xml:1084(para)
23088
23619
msgid ""
23089
23620
"Use <application>vgdisplay</application> to find out the free physical "
23090
23621
"extents - Free PE / size (the size you can allocate). We will assume a free "
23092
23623
"whole free space available. Use your own PE and/or free space."
23093
23624
msgstr ""
23094
23625
23095
#: serverguide/C/installation.xml:1097(para)
23626
#: serverguide/C/installation.xml:1090(para)
23096
23627
msgid ""
23097
23628
"The Logical Volume (LV) can now be extended by different methods, we will "
23098
23629
"only see how to use the PE to extend the LV:"
23099
23630
msgstr ""
23100
23631
23101
#: serverguide/C/installation.xml:1102(command)
23632
#: serverguide/C/installation.xml:1095(command)
23102
23633
msgid "sudo lvextend /dev/vg01/srv -l +511"
23103
23634
msgstr ""
23104
23635
23105
#: serverguide/C/installation.xml:1105(para)
23636
#: serverguide/C/installation.xml:1098(para)
23106
23637
msgid ""
23107
23638
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
23108
23639
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
23109
23640
"Gig, Tera, etc bytes."
23110
23641
msgstr ""
23111
23642
23112
#: serverguide/C/installation.xml:1113(para)
23643
#: serverguide/C/installation.xml:1106(para)
23113
23644
msgid ""
23114
23645
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
23115
23646
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
23118
23649
"first is compulsory)."
23119
23650
msgstr ""
23120
23651
23121
#: serverguide/C/installation.xml:1119(para)
23652
#: serverguide/C/installation.xml:1112(para)
23122
23653
msgid ""
23123
23654
"The following commands are for an <emphasis>EXT3</emphasis> or "
23124
23655
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23125
23656
"there may be other utilities available."
23126
23657
msgstr ""
23127
23658
23128
#: serverguide/C/installation.xml:1126(command)
23659
#: serverguide/C/installation.xml:1119(command)
23129
23660
msgid "sudo e2fsck -f /dev/vg01/srv"
23130
23661
msgstr ""
23131
23662
23132
#: serverguide/C/installation.xml:1129(para)
23663
#: serverguide/C/installation.xml:1122(para)
23133
23664
msgid ""
23134
23665
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23135
23666
"forces checking even if the system seems clean."
23136
23667
msgstr ""
23137
23668
23138
#: serverguide/C/installation.xml:1136(para)
23669
#: serverguide/C/installation.xml:1129(para)
23139
23670
msgid "Finally, resize the filesystem:"
23140
23671
msgstr ""
23141
23672
23142
#: serverguide/C/installation.xml:1141(command)
23673
#: serverguide/C/installation.xml:1134(command)
23143
23674
msgid "sudo resize2fs /dev/vg01/srv"
23144
23675
msgstr ""
23145
23676
23146
#: serverguide/C/installation.xml:1147(para)
23677
#: serverguide/C/installation.xml:1140(para)
23147
23678
msgid "Now mount the partition and check its size."
23148
23679
msgstr ""
23149
23680
23150
#: serverguide/C/installation.xml:1152(command)
23681
#: serverguide/C/installation.xml:1145(command)
23151
23682
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23152
23683
msgstr ""
23153
23684
23154
#: serverguide/C/installation.xml:1164(para)
23685
#: serverguide/C/installation.xml:1157(para)
23155
23686
msgid ""
23156
23687
"See the <ulink "
23157
23688
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23158
23689
"Articles</ulink>."
23159
23690
msgstr ""
23160
23691
23161
#: serverguide/C/installation.xml:1169(para)
23692
#: serverguide/C/installation.xml:1162(para)
23162
23693
msgid ""
23163
23694
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
23164
23695
"HOWTO</ulink> for more information."
23165
23696
msgstr ""
23166
23697
23167
#: serverguide/C/installation.xml:1174(para)
23698
#: serverguide/C/installation.xml:1167(para)
23168
23699
msgid ""
23169
23700
"Another good article is <ulink "
23170
23701
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
23179
23710
" man page</ulink>."
23180
23711
msgstr ""
23181
23712
23182
#: serverguide/C/installation.xml:1192(title)
23713
#: serverguide/C/installation.xml:1185(title)
23183
23714
msgid "Kernel Crash Dump"
23184
23715
msgstr ""
23185
23716
23186
#: serverguide/C/installation.xml:1199(para)
23717
#: serverguide/C/installation.xml:1192(para)
23187
23718
msgid "Kernel Panic"
23188
23719
msgstr ""
23189
23720
23190
#: serverguide/C/installation.xml:1200(para)
23721
#: serverguide/C/installation.xml:1193(para)
23191
23722
msgid "Non Maskable Interrupts (NMI)"
23192
23723
msgstr ""
23193
23724
23194
#: serverguide/C/installation.xml:1201(para)
23725
#: serverguide/C/installation.xml:1194(para)
23195
23726
msgid "Machine Check Exceptions (MCE)"
23196
23727
msgstr ""
23197
23728
23198
#: serverguide/C/installation.xml:1202(para)
23729
#: serverguide/C/installation.xml:1195(para)
23199
23730
msgid "Hardware failure"
23200
23731
msgstr ""
23201
23732
23202
#: serverguide/C/installation.xml:1203(para)
23733
#: serverguide/C/installation.xml:1196(para)
23203
23734
msgid "Manual intervention"
23204
23735
msgstr ""
23205
23736
23206
#: serverguide/C/installation.xml:1195(para)
23737
#: serverguide/C/installation.xml:1188(para)
23207
23738
msgid ""
23208
23739
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
23209
23740
"(RAM) that is copied to disk whenever the execution of the kernel is "
23217
23748
"memory contents."
23218
23749
msgstr ""
23219
23750
23220
#: serverguide/C/installation.xml:1212(title)
23751
#: serverguide/C/installation.xml:1205(title)
23221
23752
msgid "Kernel Crash Dump Mechanism"
23222
23753
msgstr ""
23223
23754
23224
#: serverguide/C/installation.xml:1214(para)
23755
#: serverguide/C/installation.xml:1207(para)
23225
23756
msgid ""
23226
23757
"When a kernel panic occurs, the kernel relies on the "
23227
23758
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
23230
23761
"untouched in order to safely copy its contents to storage."
23231
23762
msgstr ""
23232
23763
23233
#: serverguide/C/installation.xml:1223(para)
23764
#: serverguide/C/installation.xml:1216(para)
23234
23765
msgid ""
23235
23766
"The kernel crash dump utility is installed with the following command:"
23236
23767
msgstr ""
23237
23768
23238
#: serverguide/C/installation.xml:1228(command)
23769
#: serverguide/C/installation.xml:1221(command)
23239
23770
msgid "sudo apt-get install linux-crashdump"
23240
23771
msgstr ""
23241
23772
23242
#: serverguide/C/installation.xml:1231(para)
23773
#: serverguide/C/installation.xml:1230(programlisting)
23774
#, no-wrap
23775
msgid ""
23776
"\n"
23777
"USE_KDUMP=1\n"
23778
msgstr ""
23779
23780
#: serverguide/C/installation.xml:1228(para)
23781
msgid ""
23782
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
23783
"line: <placeholder-1/>"
23784
msgstr ""
23785
23786
#: serverguide/C/installation.xml:1235(para)
23243
23787
msgid "A reboot is then needed."
23244
23788
msgstr ""
23245
23789
23246
#: serverguide/C/installation.xml:1239(para)
23247
msgid ""
23248
"No further configuration is required in order to have the kernel dump "
23249
"mechanism enabled."
23250
msgstr ""
23251
23252
#: serverguide/C/installation.xml:1248(para)
23790
#: serverguide/C/installation.xml:1244(para)
23253
23791
msgid ""
23254
23792
"To confirm that the kernel dump mechanism is enabled, there are a few things "
23255
23793
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
23257
23795
"fit the format of this document:"
23258
23796
msgstr ""
23259
23797
23260
#: serverguide/C/installation.xml:1255(command)
23798
#: serverguide/C/installation.xml:1251(command)
23261
23799
msgid "cat /proc/cmdline"
23262
23800
msgstr ""
23263
23801
23264
#: serverguide/C/installation.xml:1256(computeroutput)
23802
#: serverguide/C/installation.xml:1252(computeroutput)
23265
23803
#, no-wrap
23266
23804
msgid ""
23267
23805
"\n"
23269
23807
" crashkernel=384M-2G:64M,2G-:128M\n"
23270
23808
msgstr ""
23271
23809
23272
#: serverguide/C/installation.xml:1264(programlisting)
23810
#: serverguide/C/installation.xml:1260(programlisting)
23273
23811
#, no-wrap
23274
23812
msgid ""
23275
23813
"\n"
23279
23817
" "
23280
23818
msgstr ""
23281
23819
23282
#: serverguide/C/installation.xml:1262(para)
23820
#: serverguide/C/installation.xml:1258(para)
23283
23821
msgid ""
23284
23822
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
23285
23823
"<placeholder-1/>"
23286
23824
msgstr ""
23287
23825
23288
#: serverguide/C/installation.xml:1272(programlisting)
23826
#: serverguide/C/installation.xml:1268(programlisting)
23289
23827
#, no-wrap
23290
23828
msgid ""
23291
23829
"\n"
23292
23830
"crashkernel=384M-2G:64M,2G-:128M\n"
23293
23831
msgstr ""
23294
23832
23295
#: serverguide/C/installation.xml:1270(para)
23833
#: serverguide/C/installation.xml:1266(para)
23296
23834
msgid ""
23297
23835
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
23298
23836
"we would have : <placeholder-1/>"
23299
23837
msgstr ""
23300
23838
23301
#: serverguide/C/installation.xml:1277(para)
23839
#: serverguide/C/installation.xml:1273(para)
23302
23840
msgid "The above value means:"
23303
23841
msgstr ""
23304
23842
23305
#: serverguide/C/installation.xml:1279(para)
23843
#: serverguide/C/installation.xml:1275(para)
23306
23844
msgid ""
23307
23845
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
23308
23846
"\"rescue\" case)"
23309
23847
msgstr ""
23310
23848
23311
#: serverguide/C/installation.xml:1281(para)
23849
#: serverguide/C/installation.xml:1277(para)
23312
23850
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
23313
23851
msgstr ""
23314
23852
23315
#: serverguide/C/installation.xml:1282(para)
23853
#: serverguide/C/installation.xml:1278(para)
23316
23854
msgid "if the RAM size is larger than 2G, then reserve 128M"
23317
23855
msgstr ""
23318
23856
23319
#: serverguide/C/installation.xml:1285(para)
23857
#: serverguide/C/installation.xml:1281(para)
23320
23858
msgid ""
23321
23859
"Second, verify that the kernel has reserved the requested memory area for "
23322
23860
"the kdump kernel by doing:"
23323
23861
msgstr ""
23324
23862
23325
#: serverguide/C/installation.xml:1290(command)
23863
#: serverguide/C/installation.xml:1286(command)
23326
23864
msgid "dmesg | grep -i crash"
23327
23865
msgstr ""
23328
23866
23329
#: serverguide/C/installation.xml:1291(computeroutput)
23867
#: serverguide/C/installation.xml:1287(computeroutput)
23330
23868
#, no-wrap
23331
23869
msgid ""
23332
23870
"\n"
23335
23873
"RAM: 1023MB)\n"
23336
23874
msgstr ""
23337
23875
23338
#: serverguide/C/installation.xml:1300(title)
23876
#: serverguide/C/installation.xml:1296(title)
23339
23877
msgid "Testing the Crash Dump Mechanism"
23340
23878
msgstr ""
23341
23879
23342
#: serverguide/C/installation.xml:1303(para)
23880
#: serverguide/C/installation.xml:1299(para)
23343
23881
msgid ""
23344
23882
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
23345
23883
"reboot.</emphasis> In certain situations, this can cause data loss if the "
23347
23885
"that the system is idle or under very light load."
23348
23886
msgstr ""
23349
23887
23350
#: serverguide/C/installation.xml:1310(para)
23888
#: serverguide/C/installation.xml:1306(para)
23351
23889
msgid ""
23352
23890
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
23353
23891
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
23354
23892
"parameter :"
23355
23893
msgstr ""
23356
23894
23357
#: serverguide/C/installation.xml:1316(command)
23895
#: serverguide/C/installation.xml:1312(command)
23358
23896
msgid "cat /proc/sys/kernel/sysrq"
23359
23897
msgstr ""
23360
23898
23361
#: serverguide/C/installation.xml:1319(para)
23899
#: serverguide/C/installation.xml:1315(para)
23362
23900
msgid ""
23363
23901
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
23364
23902
"Enable it with the following command :"
23365
23903
msgstr ""
23366
23904
23367
#: serverguide/C/installation.xml:1324(command)
23905
#: serverguide/C/installation.xml:1320(command)
23368
23906
msgid "sudo sysctl -w kernel.sysrq=1"
23369
23907
msgstr ""
23370
23908
23371
#: serverguide/C/installation.xml:1327(para)
23909
#: serverguide/C/installation.xml:1323(para)
23372
23910
msgid ""
23373
23911
"Once this is done, you must become root, as just using "
23374
23912
"<command>sudo</command> will not be sufficient. As the "
23379
23917
"the advantage of making the kernel dump process visible."
23380
23918
msgstr ""
23381
23919
23382
#: serverguide/C/installation.xml:1334(para)
23920
#: serverguide/C/installation.xml:1330(para)
23383
23921
msgid "A typical test output should look like the following :"
23384
23922
msgstr ""
23385
23923
23386
#: serverguide/C/installation.xml:1339(command)
23924
#: serverguide/C/installation.xml:1335(command)
23387
23925
msgid "sudo -s"
23388
23926
msgstr ""
23389
23927
23390
#: serverguide/C/installation.xml:1341(command)
23928
#: serverguide/C/installation.xml:1337(command)
23391
23929
msgid "echo c > /proc/sysrq-trigger"
23392
23930
msgstr ""
23393
23931
23394
#: serverguide/C/installation.xml:1338(screen)
23932
#: serverguide/C/installation.xml:1334(screen)
23395
23933
#, no-wrap
23396
23934
msgid ""
23397
23935
"\n"
23408
23946
"....\n"
23409
23947
msgstr ""
23410
23948
23411
#: serverguide/C/installation.xml:1351(para)
23949
#: serverguide/C/installation.xml:1347(para)
23412
23950
msgid ""
23413
23951
"The rest of the output is truncated, but you should see the system rebooting "
23414
23952
"and somewhere in the log, you will see the following line : <screen>Begin: "
23417
23955
"file in the <filename>/var/crash</filename> directory :"
23418
23956
msgstr ""
23419
23957
23420
#: serverguide/C/installation.xml:1358(command)
23958
#: serverguide/C/installation.xml:1354(command)
23421
23959
msgid "ls /var/crash"
23422
23960
msgstr ""
23423
23961
23424
#: serverguide/C/installation.xml:1357(screen)
23962
#: serverguide/C/installation.xml:1353(screen)
23425
23963
#, no-wrap
23426
23964
msgid ""
23427
23965
"\n"
23429
23967
"linux-image-3.0.0-12-server.0.crash\n"
23430
23968
msgstr ""
23431
23969
23432
#: serverguide/C/installation.xml:1367(para)
23970
#: serverguide/C/installation.xml:1363(para)
23433
23971
msgid ""
23434
23972
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
23435
23973
"kernel. You can find more information on the topic here :"
23436
23974
msgstr ""
23437
23975
23438
#: serverguide/C/installation.xml:1373(para)
23976
#: serverguide/C/installation.xml:1369(para)
23439
23977
msgid ""
23440
23978
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
23441
23979
"kernel documentation</ulink>."
23442
23980
msgstr ""
23443
23981
23444
#: serverguide/C/installation.xml:1379(ulink)
23982
#: serverguide/C/installation.xml:1375(ulink)
23445
23983
msgid "The crash tool"
23446
23984
msgstr ""
23447
23985
23448
#: serverguide/C/installation.xml:1383(para)
23986
#: serverguide/C/installation.xml:1379(para)
23449
23987
msgid ""
23450
23988
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
23451
23989
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
23919
24457
"as follows:"
23920
24458
msgstr ""
23921
24459
23922
#: serverguide/C/file-server.xml:429(programlisting)
24460
#: serverguide/C/file-server.xml:430(programlisting)
23923
24461
#, no-wrap
23924
24462
msgid ""
23925
24463
"\n"
23927
24465
"rsize=8192,wsize=8192,timeo=14,intr\n"
23928
24466
msgstr ""
23929
24467
23930
#: serverguide/C/file-server.xml:433(para)
24468
#: serverguide/C/file-server.xml:434(para)
23931
24469
msgid ""
23932
24470
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
23933
24471
"common</application> package is installed on your client. To install "
23937
24475
"</screen>"
23938
24476
msgstr ""
23939
24477
23940
#: serverguide/C/file-server.xml:446(ulink)
24478
#: serverguide/C/file-server.xml:447(ulink)
23941
24479
msgid "Linux NFS faq"
23942
24480
msgstr ""
23943
24481
23944
#: serverguide/C/file-server.xml:448(ulink)
24482
#: serverguide/C/file-server.xml:449(ulink)
23945
24483
msgid "Ubuntu Wiki NFS Howto"
23946
24484
msgstr ""
23947
24485
23948
#: serverguide/C/file-server.xml:454(title)
24486
#: serverguide/C/file-server.xml:455(title)
23949
24487
msgid "iSCSI Initiator"
23950
24488
msgstr ""
23951
24489
23952
#: serverguide/C/file-server.xml:456(para)
24490
#: serverguide/C/file-server.xml:457(para)
23953
24491
msgid ""
23954
24492
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
23955
24493
"protocol that allows SCSI commands to be transmitted over a network. "
23969
24507
"your vendor documentation to configure your specific iSCSI target."
23970
24508
msgstr ""
23971
24509
23972
#: serverguide/C/file-server.xml:470(title)
24510
#: serverguide/C/file-server.xml:471(title)
23973
24511
msgid "iSCSI Initiator Install"
23974
24512
msgstr ""
23975
24513
23976
#: serverguide/C/file-server.xml:472(para)
24514
#: serverguide/C/file-server.xml:473(para)
23977
24515
msgid ""
23978
24516
"To configure Ubuntu Server as an iSCSI initiator install the "
23979
24517
"<application>open-iscsi</application> package. In a terminal enter:"
23980
24518
msgstr ""
23981
24519
23982
#: serverguide/C/file-server.xml:477(command)
24520
#: serverguide/C/file-server.xml:478(command)
23983
24521
msgid "sudo apt-get install open-iscsi"
23984
24522
msgstr ""
23985
24523
23986
#: serverguide/C/file-server.xml:482(title)
24524
#: serverguide/C/file-server.xml:483(title)
23987
24525
msgid "iSCSI Initiator Configuration"
23988
24526
msgstr ""
23989
24527
23990
#: serverguide/C/file-server.xml:484(para)
24528
#: serverguide/C/file-server.xml:485(para)
23991
24529
msgid ""
23992
24530
"Once the <application>open-iscsi</application> package is installed, edit "
23993
24531
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
23994
24532
msgstr ""
23995
24533
23996
#: serverguide/C/file-server.xml:488(programlisting)
24534
#: serverguide/C/file-server.xml:489(programlisting)
23997
24535
#, no-wrap
23998
24536
msgid ""
23999
24537
"\n"
24000
24538
"node.startup = automatic\n"
24001
24539
msgstr ""
24002
24540
24003
#: serverguide/C/file-server.xml:492(para)
24541
#: serverguide/C/file-server.xml:493(para)
24004
24542
msgid ""
24005
24543
"You can check which targets are available by using the "
24006
24544
"<application>iscsiadm</application> utility. Enter the following in a "
24007
24545
"terminal:"
24008
24546
msgstr ""
24009
24547
24010
#: serverguide/C/file-server.xml:497(command)
24548
#: serverguide/C/file-server.xml:498(command)
24011
24549
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24012
24550
msgstr ""
24013
24551
24014
#: serverguide/C/file-server.xml:501(para)
24552
#: serverguide/C/file-server.xml:502(para)
24015
24553
msgid ""
24016
24554
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24017
24555
msgstr ""
24018
24556
24019
#: serverguide/C/file-server.xml:502(para)
24557
#: serverguide/C/file-server.xml:503(para)
24020
24558
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24021
24559
msgstr ""
24022
24560
24023
#: serverguide/C/file-server.xml:503(para)
24561
#: serverguide/C/file-server.xml:504(para)
24024
24562
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24025
24563
msgstr ""
24026
24564
24027
#: serverguide/C/file-server.xml:507(para)
24565
#: serverguide/C/file-server.xml:508(para)
24028
24566
msgid ""
24029
24567
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24030
24568
"your network."
24031
24569
msgstr ""
24032
24570
24033
#: serverguide/C/file-server.xml:512(para)
24571
#: serverguide/C/file-server.xml:513(para)
24034
24572
msgid ""
24035
24573
"If the target is available you should see output similar to the following:"
24036
24574
msgstr ""
24037
24575
24038
#: serverguide/C/file-server.xml:517(computeroutput)
24576
#: serverguide/C/file-server.xml:518(computeroutput)
24039
24577
#, no-wrap
24040
24578
msgid ""
24041
24579
"\n"
24042
24580
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24043
24581
msgstr ""
24044
24582
24045
#: serverguide/C/file-server.xml:523(para)
24583
#: serverguide/C/file-server.xml:524(para)
24046
24584
msgid ""
24047
24585
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24048
24586
"on your hardware."
24049
24587
msgstr ""
24050
24588
24051
#: serverguide/C/file-server.xml:528(para)
24589
#: serverguide/C/file-server.xml:529(para)
24052
24590
msgid ""
24053
24591
"You should now be able to connect to the iSCSI target, and depending on your "
24054
24592
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24055
24593
msgstr ""
24056
24594
24057
#: serverguide/C/file-server.xml:534(command)
24595
#: serverguide/C/file-server.xml:535(command)
24058
24596
msgid "sudo iscsiadm -m node --login"
24059
24597
msgstr ""
24060
24598
24061
#: serverguide/C/file-server.xml:537(para)
24599
#: serverguide/C/file-server.xml:538(para)
24062
24600
msgid ""
24063
24601
"Check to make sure that the new disk has been detected using "
24064
24602
"<application>dmesg</application>:"
24065
24603
msgstr ""
24066
24604
24067
#: serverguide/C/file-server.xml:542(command)
24605
#: serverguide/C/file-server.xml:543(command)
24068
24606
msgid "dmesg | grep sd"
24069
24607
msgstr ""
24070
24608
24071
#: serverguide/C/file-server.xml:543(computeroutput)
24609
#: serverguide/C/file-server.xml:544(computeroutput)
24072
24610
#, no-wrap
24073
24611
msgid ""
24074
24612
"\n"
24097
24635
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
24098
24636
msgstr ""
24099
24637
24100
#: serverguide/C/file-server.xml:567(para)
24638
#: serverguide/C/file-server.xml:568(para)
24101
24639
msgid ""
24102
24640
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
24103
24641
"this is just an example; the output you see on your screen will vary."
24104
24642
msgstr ""
24105
24643
24106
#: serverguide/C/file-server.xml:572(para)
24644
#: serverguide/C/file-server.xml:573(para)
24107
24645
msgid ""
24108
24646
"Next, create a partition, format the file system, and mount the new iSCSI "
24109
24647
"disk. In a terminal enter:"
24110
24648
msgstr ""
24111
24649
24112
#: serverguide/C/file-server.xml:577(command)
24650
#: serverguide/C/file-server.xml:578(command)
24113
24651
msgid "sudo fdisk /dev/sdb"
24114
24652
msgstr ""
24115
24653
24116
#: serverguide/C/file-server.xml:578(command)
24654
#: serverguide/C/file-server.xml:579(command)
24117
24655
msgid "n"
24118
24656
msgstr ""
24119
24657
24120
#: serverguide/C/file-server.xml:579(command)
24658
#: serverguide/C/file-server.xml:580(command)
24121
24659
msgid "p"
24122
24660
msgstr ""
24123
24661
24124
#: serverguide/C/file-server.xml:580(command)
24662
#: serverguide/C/file-server.xml:581(command)
24125
24663
msgid "enter"
24126
24664
msgstr ""
24127
24665
24128
#: serverguide/C/file-server.xml:581(command)
24666
#: serverguide/C/file-server.xml:582(command)
24129
24667
msgid "w"
24130
24668
msgstr ""
24131
24669
24132
#: serverguide/C/file-server.xml:585(para)
24670
#: serverguide/C/file-server.xml:586(para)
24133
24671
msgid ""
24134
24672
"The above commands are from inside the <application>fdisk</application> "
24135
24673
"utility; see <command>man fdisk</command> for more detailed instructions. "
24137
24675
"friendly."
24138
24676
msgstr ""
24139
24677
24140
#: serverguide/C/file-server.xml:591(para)
24678
#: serverguide/C/file-server.xml:592(para)
24141
24679
msgid ""
24142
24680
"Now format the file system and mount it to <filename>/srv</filename> as an "
24143
24681
"example:"
24144
24682
msgstr ""
24145
24683
24146
#: serverguide/C/file-server.xml:596(command)
24684
#: serverguide/C/file-server.xml:597(command)
24147
24685
msgid "sudo mkfs.ext4 /dev/sdb1"
24148
24686
msgstr ""
24149
24687
24150
#: serverguide/C/file-server.xml:597(command)
24688
#: serverguide/C/file-server.xml:598(command)
24151
24689
msgid "sudo mount /dev/sdb1 /srv"
24152
24690
msgstr ""
24153
24691
24154
#: serverguide/C/file-server.xml:601(para)
24692
#: serverguide/C/file-server.xml:602(para)
24155
24693
msgid ""
24156
24694
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
24157
24695
"drive during boot:"
24158
24696
msgstr ""
24159
24697
24160
#: serverguide/C/file-server.xml:605(programlisting)
24698
#: serverguide/C/file-server.xml:606(programlisting)
24161
24699
#, no-wrap
24162
24700
msgid ""
24163
24701
"\n"
24164
24702
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
24165
24703
msgstr ""
24166
24704
24167
#: serverguide/C/file-server.xml:609(para)
24705
#: serverguide/C/file-server.xml:610(para)
24168
24706
msgid ""
24169
24707
"It is a good idea to make sure everything is working as expected by "
24170
24708
"rebooting the server."
24171
24709
msgstr ""
24172
24710
24173
#: serverguide/C/file-server.xml:618(ulink)
24711
#: serverguide/C/file-server.xml:619(ulink)
24174
24712
msgid "Open-iSCSI Website"
24175
24713
msgstr ""
24176
24714
24177
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
24715
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
24178
24716
msgid "Debian Open-iSCSI page"
24179
24717
msgstr ""
24180
24718
24181
#: serverguide/C/file-server.xml:628(title)
24719
#: serverguide/C/file-server.xml:629(title)
24182
24720
msgid "CUPS - Print Server"
24183
24721
msgstr ""
24184
24722
24185
#: serverguide/C/file-server.xml:629(para)
24723
#: serverguide/C/file-server.xml:630(para)
24186
24724
msgid ""
24187
24725
"The primary mechanism for Ubuntu printing and print services is the "
24188
24726
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
24190
24728
"become the new standard for printing in most Linux distributions."
24191
24729
msgstr ""
24192
24730
24193
#: serverguide/C/file-server.xml:636(para)
24731
#: serverguide/C/file-server.xml:637(para)
24194
24732
msgid ""
24195
24733
"CUPS manages print jobs and queues and provides network printing using the "
24196
24734
"standard Internet Printing Protocol (IPP), while offering support for a very "
24200
24738
"administration tool."
24201
24739
msgstr ""
24202
24740
24203
#: serverguide/C/file-server.xml:646(para)
24741
#: serverguide/C/file-server.xml:647(para)
24204
24742
msgid ""
24205
24743
"To install CUPS on your Ubuntu computer, simply use "
24206
24744
"<application>sudo</application> with the <application>apt-get</application> "
24210
24748
"CUPS:"
24211
24749
msgstr ""
24212
24750
24213
#: serverguide/C/file-server.xml:651(command)
24751
#: serverguide/C/file-server.xml:652(command)
24214
24752
msgid "sudo apt-get install cups"
24215
24753
msgstr ""
24216
24754
24217
#: serverguide/C/file-server.xml:654(para)
24755
#: serverguide/C/file-server.xml:655(para)
24218
24756
msgid ""
24219
24757
"Upon authenticating with your user password, the packages should be "
24220
24758
"downloaded and installed without error. Upon the conclusion of installation, "
24221
24759
"the CUPS server will be started automatically."
24222
24760
msgstr ""
24223
24761
24224
#: serverguide/C/file-server.xml:659(para)
24762
#: serverguide/C/file-server.xml:660(para)
24225
24763
msgid ""
24226
24764
"For troubleshooting purposes, you can access CUPS server errors via the "
24227
24765
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
24234
24772
"from becoming overly large."
24235
24773
msgstr ""
24236
24774
24237
#: serverguide/C/file-server.xml:672(para)
24775
#: serverguide/C/file-server.xml:673(para)
24238
24776
msgid ""
24239
24777
"The Common UNIX Printing System server's behavior is configured through the "
24240
24778
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
24245
24783
"initially will be presented here."
24246
24784
msgstr ""
24247
24785
24248
#: serverguide/C/file-server.xml:682(para)
24786
#: serverguide/C/file-server.xml:683(para)
24249
24787
msgid ""
24250
24788
"Prior to editing the configuration file, you should make a copy of the "
24251
24789
"original file and protect it from writing, so you will have the original "
24252
24790
"settings as a reference, and to reuse as necessary."
24253
24791
msgstr ""
24254
24792
24255
#: serverguide/C/file-server.xml:686(para)
24793
#: serverguide/C/file-server.xml:687(para)
24256
24794
msgid ""
24257
24795
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
24258
24796
"writing with the following commands, issued at a terminal prompt:"
24259
24797
msgstr ""
24260
24798
24261
#: serverguide/C/file-server.xml:692(command)
24799
#: serverguide/C/file-server.xml:693(command)
24262
24800
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
24263
24801
msgstr ""
24264
24802
24265
#: serverguide/C/file-server.xml:693(command)
24803
#: serverguide/C/file-server.xml:694(command)
24266
24804
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
24267
24805
msgstr ""
24268
24806
24269
#: serverguide/C/file-server.xml:698(para)
24807
#: serverguide/C/file-server.xml:699(para)
24270
24808
msgid ""
24271
24809
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
24272
24810
"address of the designated administrator of the CUPS server, simply edit the "
24278
24816
"as such:"
24279
24817
msgstr ""
24280
24818
24281
#: serverguide/C/file-server.xml:709(screen)
24819
#: serverguide/C/file-server.xml:710(screen)
24282
24820
#, no-wrap
24283
24821
msgid ""
24284
24822
"\n"
24285
24823
"ServerAdmin bjoy@somebigco.com\n"
24286
24824
msgstr ""
24287
24825
24288
#: serverguide/C/file-server.xml:715(para)
24826
#: serverguide/C/file-server.xml:716(para)
24289
24827
msgid ""
24290
24828
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
24291
24829
"server installation listens only on the loopback interface at IP address "
24300
24838
"such:"
24301
24839
msgstr ""
24302
24840
24303
#: serverguide/C/file-server.xml:729(screen)
24841
#: serverguide/C/file-server.xml:730(screen)
24304
24842
#, no-wrap
24305
24843
msgid ""
24306
24844
"\n"
24310
24848
"(IPP)\n"
24311
24849
msgstr ""
24312
24850
24313
#: serverguide/C/file-server.xml:735(para)
24851
#: serverguide/C/file-server.xml:736(para)
24314
24852
msgid ""
24315
24853
"In the example above, you may comment out or remove the reference to the "
24316
24854
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
24321
24859
"<emphasis>socrates</emphasis> as such:"
24322
24860
msgstr ""
24323
24861
24324
#: serverguide/C/file-server.xml:745(screen)
24862
#: serverguide/C/file-server.xml:746(screen)
24325
24863
#, no-wrap
24326
24864
msgid ""
24327
24865
"\n"
24328
24866
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
24329
24867
msgstr ""
24330
24868
24331
#: serverguide/C/file-server.xml:749(para)
24869
#: serverguide/C/file-server.xml:750(para)
24332
24870
msgid ""
24333
24871
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
24334
24872
"instead, as in:"
24335
24873
msgstr ""
24336
24874
24337
#: serverguide/C/file-server.xml:751(screen)
24875
#: serverguide/C/file-server.xml:752(screen)
24338
24876
#, no-wrap
24339
24877
msgid ""
24340
24878
"\n"
24341
24879
"Port 631 # Listen on port 631 on all interfaces\n"
24342
24880
msgstr ""
24343
24881
24344
#: serverguide/C/file-server.xml:758(para)
24882
#: serverguide/C/file-server.xml:759(para)
24345
24883
msgid ""
24346
24884
"For more examples of configuration directives in the CUPS server "
24347
24885
"configuration file, view the associated system manual page by entering the "
24348
24886
"following command at a terminal prompt:"
24349
24887
msgstr ""
24350
24888
24351
#: serverguide/C/file-server.xml:765(command)
24889
#: serverguide/C/file-server.xml:766(command)
24352
24890
msgid "man cupsd.conf"
24353
24891
msgstr ""
24354
24892
24355
#: serverguide/C/file-server.xml:769(para)
24893
#: serverguide/C/file-server.xml:770(para)
24356
24894
msgid ""
24357
24895
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
24358
24896
"configuration file, you'll need to restart the CUPS server by typing the "
24363
24901
msgid "sudo service cups restart"
24364
24902
msgstr ""
24365
24903
24366
#: serverguide/C/file-server.xml:781(title)
24904
#: serverguide/C/file-server.xml:782(title)
24367
24905
msgid "Web Interface"
24368
24906
msgstr ""
24369
24907
24370
#: serverguide/C/file-server.xml:783(para)
24908
#: serverguide/C/file-server.xml:784(para)
24371
24909
msgid ""
24372
24910
"CUPS can be configured and monitored using a web interface, which by default "
24373
24911
"is available at <ulink "
24375
24913
"web interface can be used to perform all printer management tasks."
24376
24914
msgstr ""
24377
24915
24378
#: serverguide/C/file-server.xml:787(para)
24916
#: serverguide/C/file-server.xml:788(para)
24379
24917
msgid ""
24380
24918
"In order to perform administrative tasks via the web interface, you must "
24381
24919
"either have the root account enabled on your server, or authenticate as a "
24383
24921
"reasons, CUPS won't authenticate a user that doesn't have a password."
24384
24922
msgstr ""
24385
24923
24386
#: serverguide/C/file-server.xml:790(para)
24924
#: serverguide/C/file-server.xml:791(para)
24387
24925
msgid ""
24388
24926
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
24389
24927
"at the terminal prompt: <screen>\n"
24391
24929
"</screen>"
24392
24930
msgstr ""
24393
24931
24394
#: serverguide/C/file-server.xml:796(para)
24932
#: serverguide/C/file-server.xml:797(para)
24395
24933
msgid ""
24396
24934
"Further documentation is available in the <emphasis "
24397
24935
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
24398
24936
msgstr ""
24399
24937
24400
#: serverguide/C/file-server.xml:804(ulink)
24938
#: serverguide/C/file-server.xml:805(ulink)
24401
24939
msgid "CUPS Website"
24402
24940
msgstr ""
24403
24941
24528
25066
"prompt:"
24529
25067
msgstr ""
24530
25068
24531
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25069
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
24532
25070
msgid "sudo service bind9 restart"
24533
25071
msgstr ""
24534
25072
24578
25116
"command below.)"
24579
25117
msgstr ""
24580
25118
24581
#: serverguide/C/dns.xml:145(para)
25119
#: serverguide/C/dns.xml:141(para)
24582
25120
msgid ""
24583
25121
"Now use an existing zone file as a template to create the "
24584
25122
"<filename>/etc/bind/db.example.com</filename> file:"
24585
25123
msgstr ""
24586
25124
24587
#: serverguide/C/dns.xml:149(command)
25125
#: serverguide/C/dns.xml:145(command)
24588
25126
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
24589
25127
msgstr ""
24590
25128
24591
#: serverguide/C/dns.xml:151(para)
25129
#: serverguide/C/dns.xml:147(para)
24592
25130
msgid ""
24593
25131
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
24594
25132
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
24599
25137
"this file is for."
24600
25138
msgstr ""
24601
25139
24602
#: serverguide/C/dns.xml:158(para)
25140
#: serverguide/C/dns.xml:154(para)
24603
25141
msgid ""
24604
25142
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
24605
25143
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
24607
25145
"the name server in this example:"
24608
25146
msgstr ""
24609
25147
24610
#: serverguide/C/dns.xml:163(programlisting)
25148
#: serverguide/C/dns.xml:159(programlisting)
24611
25149
#, no-wrap
24612
25150
msgid ""
24613
25151
"\n"
24629
25167
"ns IN A 192.168.1.10\n"
24630
25168
msgstr ""
24631
25169
24632
#: serverguide/C/dns.xml:181(para)
25170
#: serverguide/C/dns.xml:177(para)
24633
25171
msgid ""
24634
25172
"You must increment the <emphasis>Serial Number</emphasis> every time you "
24635
25173
"make changes to the zone file. If you make multiple changes before "
24636
25174
"restarting BIND9, simply increment the Serial once."
24637
25175
msgstr ""
24638
25176
24639
#: serverguide/C/dns.xml:185(para)
25177
#: serverguide/C/dns.xml:181(para)
24640
25178
msgid ""
24641
25179
"Now, you can add DNS records to the bottom of the zone file. See <xref "
24642
25180
"linkend=\"dns-record-types\"/> for details."
24643
25181
msgstr ""
24644
25182
24645
#: serverguide/C/dns.xml:189(para)
25183
#: serverguide/C/dns.xml:185(para)
24646
25184
msgid ""
24647
25185
"Many admins like to use the last date edited as the serial of a zone, such "
24648
25186
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
24649
25187
"<emphasis>ss</emphasis> is the Serial Number)"
24650
25188
msgstr ""
24651
25189
24652
#: serverguide/C/dns.xml:194(para)
25190
#: serverguide/C/dns.xml:190(para)
24653
25191
msgid ""
24654
25192
"Once you have made changes to the zone file <application>BIND9</application> "
24655
25193
"needs to be restarted for the changes to take effect:"
24656
25194
msgstr ""
24657
25195
24658
#: serverguide/C/dns.xml:203(title)
25196
#: serverguide/C/dns.xml:199(title)
24659
25197
msgid "Reverse Zone File"
24660
25198
msgstr ""
24661
25199
24662
#: serverguide/C/dns.xml:204(para)
25200
#: serverguide/C/dns.xml:200(para)
24663
25201
msgid ""
24664
25202
"Now that the zone is setup and resolving names to IP Adresses a "
24665
25203
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
24666
25204
"DNS to resolve an address to a name."
24667
25205
msgstr ""
24668
25206
24669
#: serverguide/C/dns.xml:208(para)
25207
#: serverguide/C/dns.xml:204(para)
24670
25208
msgid "Edit /etc/bind/named.conf.local and add the following:"
24671
25209
msgstr ""
24672
25210
24673
#: serverguide/C/dns.xml:211(programlisting)
25211
#: serverguide/C/dns.xml:207(programlisting)
24674
25212
#, no-wrap
24675
25213
msgid ""
24676
25214
"\n"
24680
25218
"};\n"
24681
25219
msgstr ""
24682
25220
24683
#: serverguide/C/dns.xml:218(para)
25221
#: serverguide/C/dns.xml:214(para)
24684
25222
msgid ""
24685
25223
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
24686
25224
"whatever network you are using. Also, name the zone file "
24688
25226
"first octet of your network."
24689
25227
msgstr ""
24690
25228
24691
#: serverguide/C/dns.xml:223(para)
25229
#: serverguide/C/dns.xml:219(para)
24692
25230
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
24693
25231
msgstr ""
24694
25232
24695
#: serverguide/C/dns.xml:227(command)
25233
#: serverguide/C/dns.xml:223(command)
24696
25234
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
24697
25235
msgstr ""
24698
25236
24699
#: serverguide/C/dns.xml:229(para)
25237
#: serverguide/C/dns.xml:225(para)
24700
25238
msgid ""
24701
25239
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
24702
25240
"same options as <filename>/etc/bind/db.example.com</filename>:"
24703
25241
msgstr ""
24704
25242
24705
#: serverguide/C/dns.xml:233(programlisting)
25243
#: serverguide/C/dns.xml:229(programlisting)
24706
25244
#, no-wrap
24707
25245
msgid ""
24708
25246
"\n"
24721
25259
"10 IN PTR ns.example.com.\n"
24722
25260
msgstr ""
24723
25261
24724
#: serverguide/C/dns.xml:248(para)
25262
#: serverguide/C/dns.xml:244(para)
24725
25263
msgid ""
24726
25264
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
24727
25265
"incremented on each change as well. For each <emphasis>A record</emphasis> "
24730
25268
"<filename>/etc/bind/db.192</filename>."
24731
25269
msgstr ""
24732
25270
24733
#: serverguide/C/dns.xml:253(para)
25271
#: serverguide/C/dns.xml:249(para)
24734
25272
msgid ""
24735
25273
"After creating the reverse zone file restart "
24736
25274
"<application>BIND9</application>:"
24737
25275
msgstr ""
24738
25276
24739
#: serverguide/C/dns.xml:262(title)
25277
#: serverguide/C/dns.xml:258(title)
24740
25278
msgid "Secondary Master"
24741
25279
msgstr ""
24742
25280
24743
#: serverguide/C/dns.xml:263(para)
25281
#: serverguide/C/dns.xml:259(para)
24744
25282
msgid ""
24745
25283
"Once a <emphasis>Primary Master</emphasis> has been configured a "
24746
25284
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
24747
25285
"availability of the domain should the Primary become unavailable."
24748
25286
msgstr ""
24749
25287
24750
#: serverguide/C/dns.xml:267(para)
25288
#: serverguide/C/dns.xml:263(para)
24751
25289
msgid ""
24752
25290
"First, on the Primary Master server, the zone transfer needs to be allowed. "
24753
25291
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
24755
25293
"<filename>/etc/bind/named.conf.local</filename>:"
24756
25294
msgstr ""
24757
25295
24758
#: serverguide/C/dns.xml:271(programlisting)
25296
#: serverguide/C/dns.xml:267(programlisting)
24759
25297
#, no-wrap
24760
25298
msgid ""
24761
25299
"\n"
24772
25310
"};\n"
24773
25311
msgstr ""
24774
25312
24775
#: serverguide/C/dns.xml:285(para)
25313
#: serverguide/C/dns.xml:281(para)
24776
25314
msgid ""
24777
25315
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
24778
25316
"Secondary nameserver."
24779
25317
msgstr ""
24780
25318
24781
#: serverguide/C/dns.xml:289(para)
25319
#: serverguide/C/dns.xml:285(para)
24782
25320
msgid "Restart <application>BIND9</application> on the Primary Master:"
24783
25321
msgstr ""
24784
25322
24785
#: serverguide/C/dns.xml:295(para)
25323
#: serverguide/C/dns.xml:291(para)
24786
25324
msgid ""
24787
25325
"Next, on the Secondary Master, install the <application>bind9</application> "
24788
25326
"package the same way as on the Primary. Then edit the "
24790
25328
"declarations for the Forward and Reverse zones:"
24791
25329
msgstr ""
24792
25330
24793
#: serverguide/C/dns.xml:299(programlisting)
25331
#: serverguide/C/dns.xml:295(programlisting)
24794
25332
#, no-wrap
24795
25333
msgid ""
24796
25334
"\n"
24807
25345
"};\n"
24808
25346
msgstr ""
24809
25347
24810
#: serverguide/C/dns.xml:313(para)
25348
#: serverguide/C/dns.xml:309(para)
24811
25349
msgid ""
24812
25350
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
24813
25351
"Primary nameserver."
24814
25352
msgstr ""
24815
25353
24816
#: serverguide/C/dns.xml:317(para)
25354
#: serverguide/C/dns.xml:313(para)
24817
25355
msgid "Restart <application>BIND9</application> on the Secondary Master:"
24818
25356
msgstr ""
24819
25357
24820
#: serverguide/C/dns.xml:323(para)
25358
#: serverguide/C/dns.xml:319(para)
24821
25359
msgid ""
24822
25360
"In <filename>/var/log/syslog</filename> you should see something similar to "
24823
25361
"(some lines have been split to fit the format of this document):"
24824
25362
msgstr ""
24825
25363
24826
#: serverguide/C/dns.xml:326(programlisting)
25364
#: serverguide/C/dns.xml:322(programlisting)
24827
25365
#, no-wrap
24828
25366
msgid ""
24829
25367
"\n"
24848
25386
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
24849
25387
msgstr ""
24850
25388
24851
#: serverguide/C/dns.xml:345(para)
25389
#: serverguide/C/dns.xml:341(para)
24852
25390
msgid ""
24853
25391
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
24854
25392
"on the Primary is larger than the one on the Secondary. If you want to have "
24858
25396
"below:"
24859
25397
msgstr ""
24860
25398
24861
#: serverguide/C/dns.xml:349(programlisting)
25399
#: serverguide/C/dns.xml:345(programlisting)
24862
25400
#, no-wrap
24863
25401
msgid ""
24864
25402
"\n"
24878
25416
"\t"
24879
25417
msgstr ""
24880
25418
24881
#: serverguide/C/dns.xml:365(para)
25419
#: serverguide/C/dns.xml:361(para)
24882
25420
msgid ""
24883
25421
"The default directory for non-authoritative zone files is "
24884
25422
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
24887
25425
"on AppArmor see <xref linkend=\"apparmor\"/>."
24888
25426
msgstr ""
24889
25427
24890
#: serverguide/C/dns.xml:376(para)
25428
#: serverguide/C/dns.xml:372(para)
24891
25429
msgid ""
24892
25430
"This section covers ways to help determine the cause when problems happen "
24893
25431
"with DNS and <application>BIND9</application>."
24894
25432
msgstr ""
24895
25433
24896
#: serverguide/C/dns.xml:382(title)
25434
#: serverguide/C/dns.xml:378(title)
24897
25435
msgid "resolv.conf"
24898
25436
msgstr ""
24899
25437
24907
25445
"<filename>/etc/resolv.conf</filename> contains (for this example):"
24908
25446
msgstr ""
24909
25447
24910
#: serverguide/C/dns.xml:389(programlisting)
25448
#: serverguide/C/dns.xml:384(programlisting)
24911
25449
#, no-wrap
24912
25450
msgid ""
24913
25451
"\n"
24923
25461
"to RESOLVCONF=yes."
24924
25462
msgstr ""
24925
25463
24926
#: serverguide/C/dns.xml:398(para)
25464
#: serverguide/C/dns.xml:389(para)
24927
25465
msgid ""
24928
25466
"You should also add the IP Address of the Secondary nameserver in case the "
24929
25467
"Primary becomes unavailable."
24930
25468
msgstr ""
24931
25469
24932
#: serverguide/C/dns.xml:404(title)
25470
#: serverguide/C/dns.xml:395(title)
24933
25471
msgid "dig"
24934
25472
msgstr ""
24935
25473
24936
#: serverguide/C/dns.xml:405(para)
25474
#: serverguide/C/dns.xml:396(para)
24937
25475
msgid ""
24938
25476
"If you installed the <application>dnsutils</application> package you can "
24939
25477
"test your setup using the DNS lookup utility <application>dig</application>:"
24940
25478
msgstr ""
24941
25479
24942
#: serverguide/C/dns.xml:411(para)
25480
#: serverguide/C/dns.xml:402(para)
24943
25481
msgid ""
24944
25482
"After installing <application>BIND9</application> use "
24945
25483
"<application>dig</application> against the loopback interface to make sure "
24946
25484
"it is listening on port 53. From a terminal prompt:"
24947
25485
msgstr ""
24948
25486
24949
#: serverguide/C/dns.xml:416(command)
25487
#: serverguide/C/dns.xml:407(command)
24950
25488
msgid "dig -x 127.0.0.1"
24951
25489
msgstr ""
24952
25490
24953
#: serverguide/C/dns.xml:418(para)
25491
#: serverguide/C/dns.xml:409(para)
24954
25492
msgid "You should see lines similar to the following in the command output:"
24955
25493
msgstr ""
24956
25494
24957
#: serverguide/C/dns.xml:421(programlisting)
25495
#: serverguide/C/dns.xml:412(programlisting)
24958
25496
#, no-wrap
24959
25497
msgid ""
24960
25498
"\n"
24962
25500
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
24963
25501
msgstr ""
24964
25502
24965
#: serverguide/C/dns.xml:427(para)
25503
#: serverguide/C/dns.xml:418(para)
24966
25504
msgid ""
24967
25505
"If you have configured <application>BIND9</application> as a "
24968
25506
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
24969
25507
"the query time:"
24970
25508
msgstr ""
24971
25509
24972
#: serverguide/C/dns.xml:432(command)
25510
#: serverguide/C/dns.xml:423(command)
24973
25511
msgid "dig ubuntu.com"
24974
25512
msgstr ""
24975
25513
24976
#: serverguide/C/dns.xml:434(para)
25514
#: serverguide/C/dns.xml:425(para)
24977
25515
msgid "Note the query time toward the end of the command output:"
24978
25516
msgstr ""
24979
25517
24980
#: serverguide/C/dns.xml:437(programlisting)
25518
#: serverguide/C/dns.xml:428(programlisting)
24981
25519
#, no-wrap
24982
25520
msgid ""
24983
25521
"\n"
24984
25522
";; Query time: 49 msec\n"
24985
25523
msgstr ""
24986
25524
24987
#: serverguide/C/dns.xml:440(para)
25525
#: serverguide/C/dns.xml:431(para)
24988
25526
msgid "After a second dig there should be improvement:"
24989
25527
msgstr ""
24990
25528
24991
#: serverguide/C/dns.xml:443(programlisting)
25529
#: serverguide/C/dns.xml:434(programlisting)
24992
25530
#, no-wrap
24993
25531
msgid ""
24994
25532
"\n"
24995
25533
";; Query time: 1 msec\n"
24996
25534
msgstr ""
24997
25535
24998
#: serverguide/C/dns.xml:450(title)
25536
#: serverguide/C/dns.xml:441(title)
24999
25537
msgid "ping"
25000
25538
msgstr ""
25001
25539
25002
#: serverguide/C/dns.xml:452(para)
25540
#: serverguide/C/dns.xml:443(para)
25003
25541
msgid ""
25004
25542
"Now to demonstrate how applications make use of DNS to resolve a host name "
25005
25543
"use the <application>ping</application> utility to send an ICMP echo "
25006
25544
"request. From a terminal prompt enter:"
25007
25545
msgstr ""
25008
25546
25009
#: serverguide/C/dns.xml:458(command)
25547
#: serverguide/C/dns.xml:449(command)
25010
25548
msgid "ping example.com"
25011
25549
msgstr ""
25012
25550
25013
#: serverguide/C/dns.xml:460(para)
25551
#: serverguide/C/dns.xml:451(para)
25014
25552
msgid ""
25015
25553
"This tests if the nameserver can resolve the name "
25016
25554
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25017
25555
"should resemble:"
25018
25556
msgstr ""
25019
25557
25020
#: serverguide/C/dns.xml:464(programlisting)
25558
#: serverguide/C/dns.xml:455(programlisting)
25021
25559
#, no-wrap
25022
25560
msgid ""
25023
25561
"\n"
25026
25564
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
25027
25565
msgstr ""
25028
25566
25029
#: serverguide/C/dns.xml:471(title)
25567
#: serverguide/C/dns.xml:462(title)
25030
25568
msgid "named-checkzone"
25031
25569
msgstr ""
25032
25570
25033
#: serverguide/C/dns.xml:472(para)
25571
#: serverguide/C/dns.xml:463(para)
25034
25572
msgid ""
25035
25573
"A great way to test your zone files is by using the <application>named-"
25036
25574
"checkzone</application> utility installed with the "
25039
25577
"<application>BIND9</application> and making the changes live."
25040
25578
msgstr ""
25041
25579
25042
#: serverguide/C/dns.xml:479(para)
25580
#: serverguide/C/dns.xml:470(para)
25043
25581
msgid ""
25044
25582
"To test our example Forward zone file enter the following from a command "
25045
25583
"prompt:"
25046
25584
msgstr ""
25047
25585
25048
#: serverguide/C/dns.xml:483(command)
25586
#: serverguide/C/dns.xml:474(command)
25049
25587
msgid "named-checkzone example.com /etc/bind/db.example.com"
25050
25588
msgstr ""
25051
25589
25052
#: serverguide/C/dns.xml:485(para)
25590
#: serverguide/C/dns.xml:476(para)
25053
25591
msgid ""
25054
25592
"If everything is configured correctly you should see output similar to:"
25055
25593
msgstr ""
25056
25594
25057
#: serverguide/C/dns.xml:488(programlisting)
25595
#: serverguide/C/dns.xml:479(programlisting)
25058
25596
#, no-wrap
25059
25597
msgid ""
25060
25598
"\n"
25062
25600
"OK\n"
25063
25601
msgstr ""
25064
25602
25065
#: serverguide/C/dns.xml:494(para)
25603
#: serverguide/C/dns.xml:485(para)
25066
25604
msgid "Similarly, to test the Reverse zone file enter the following:"
25067
25605
msgstr ""
25068
25606
25069
#: serverguide/C/dns.xml:498(command)
25607
#: serverguide/C/dns.xml:489(command)
25070
25608
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
25071
25609
msgstr ""
25072
25610
25073
#: serverguide/C/dns.xml:500(para)
25611
#: serverguide/C/dns.xml:491(para)
25074
25612
msgid "The output should be similar to:"
25075
25613
msgstr ""
25076
25614
25077
#: serverguide/C/dns.xml:503(programlisting)
25615
#: serverguide/C/dns.xml:494(programlisting)
25078
25616
#, no-wrap
25079
25617
msgid ""
25080
25618
"\n"
25082
25620
"OK\n"
25083
25621
msgstr ""
25084
25622
25085
#: serverguide/C/dns.xml:510(para)
25623
#: serverguide/C/dns.xml:501(para)
25086
25624
msgid ""
25087
25625
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
25088
25626
"different."
25089
25627
msgstr ""
25090
25628
25091
#: serverguide/C/dns.xml:518(para)
25629
#: serverguide/C/dns.xml:509(para)
25092
25630
msgid ""
25093
25631
"<application>BIND9</application> has a wide variety of logging configuration "
25094
25632
"options available. There are two main options. The "
25096
25634
"<emphasis>category</emphasis> option determines what information to log."
25097
25635
msgstr ""
25098
25636
25099
#: serverguide/C/dns.xml:522(para)
25637
#: serverguide/C/dns.xml:513(para)
25100
25638
msgid "If no logging option is configured the default option is:"
25101
25639
msgstr ""
25102
25640
25103
#: serverguide/C/dns.xml:525(programlisting)
25641
#: serverguide/C/dns.xml:516(programlisting)
25104
25642
#, no-wrap
25105
25643
msgid ""
25106
25644
"\n"
25110
25648
"};\n"
25111
25649
msgstr ""
25112
25650
25113
#: serverguide/C/dns.xml:531(para)
25651
#: serverguide/C/dns.xml:522(para)
25114
25652
msgid ""
25115
25653
"This section covers configuring <application>BIND9</application> to send "
25116
25654
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
25117
25655
"file."
25118
25656
msgstr ""
25119
25657
25120
#: serverguide/C/dns.xml:536(para)
25658
#: serverguide/C/dns.xml:527(para)
25121
25659
msgid ""
25122
25660
"First, we need to configure a channel to specify which file to send the "
25123
25661
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
25124
25662
"the following:"
25125
25663
msgstr ""
25126
25664
25127
#: serverguide/C/dns.xml:540(programlisting)
25665
#: serverguide/C/dns.xml:531(programlisting)
25128
25666
#, no-wrap
25129
25667
msgid ""
25130
25668
"\n"
25136
25674
"};\n"
25137
25675
msgstr ""
25138
25676
25139
#: serverguide/C/dns.xml:550(para)
25677
#: serverguide/C/dns.xml:541(para)
25140
25678
msgid "Next, configure a category to send all DNS queries to the query file:"
25141
25679
msgstr ""
25142
25680
25143
#: serverguide/C/dns.xml:553(programlisting)
25681
#: serverguide/C/dns.xml:544(programlisting)
25144
25682
#, no-wrap
25145
25683
msgid ""
25146
25684
"\n"
25153
25691
"};\n"
25154
25692
msgstr ""
25155
25693
25156
#: serverguide/C/dns.xml:565(para)
25694
#: serverguide/C/dns.xml:556(para)
25157
25695
msgid ""
25158
25696
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
25159
25697
"level isn't specified level 1 is the default."
25160
25698
msgstr ""
25161
25699
25162
#: serverguide/C/dns.xml:571(para)
25700
#: serverguide/C/dns.xml:562(para)
25163
25701
msgid ""
25164
25702
"Since the <emphasis>named daemon</emphasis> runs as the "
25165
25703
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
25166
25704
"file must be created and the ownership changed:"
25167
25705
msgstr ""
25168
25706
25169
#: serverguide/C/dns.xml:576(command)
25707
#: serverguide/C/dns.xml:567(command)
25170
25708
msgid "sudo touch /var/log/query.log"
25171
25709
msgstr ""
25172
25710
25173
#: serverguide/C/dns.xml:577(command)
25711
#: serverguide/C/dns.xml:568(command)
25174
25712
msgid "sudo chown bind /var/log/query.log"
25175
25713
msgstr ""
25176
25714
25177
#: serverguide/C/dns.xml:581(para)
25715
#: serverguide/C/dns.xml:572(para)
25178
25716
msgid ""
25179
25717
"Before <application>named</application> daemon can write to the new log file "
25180
25718
"the <application>AppArmor</application> profile must be updated. First, edit "
25181
25719
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
25182
25720
msgstr ""
25183
25721
25184
#: serverguide/C/dns.xml:585(programlisting)
25722
#: serverguide/C/dns.xml:576(programlisting)
25185
25723
#, no-wrap
25186
25724
msgid ""
25187
25725
"\n"
25188
25726
"/var/log/query.log w,\n"
25189
25727
msgstr ""
25190
25728
25191
#: serverguide/C/dns.xml:588(para)
25729
#: serverguide/C/dns.xml:579(para)
25192
25730
msgid "Next, reload the profile:"
25193
25731
msgstr ""
25194
25732
25195
#: serverguide/C/dns.xml:592(command)
25733
#: serverguide/C/dns.xml:583(command)
25196
25734
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
25197
25735
msgstr ""
25198
25736
25199
#: serverguide/C/dns.xml:594(para)
25737
#: serverguide/C/dns.xml:585(para)
25200
25738
msgid ""
25201
25739
"For more information on <application>AppArmor</application> see <xref "
25202
25740
"linkend=\"apparmor\"/>"
25203
25741
msgstr ""
25204
25742
25205
#: serverguide/C/dns.xml:599(para)
25743
#: serverguide/C/dns.xml:590(para)
25206
25744
msgid ""
25207
25745
"Now restart <application>BIND9</application> for the changes to take effect:"
25208
25746
msgstr ""
25209
25747
25210
#: serverguide/C/dns.xml:607(para)
25748
#: serverguide/C/dns.xml:598(para)
25211
25749
msgid ""
25212
25750
"You should see the file <filename>/var/log/query.log</filename> fill with "
25213
25751
"query information. This is a simple example of the "
25215
25753
"options see <xref linkend=\"dns-more-info\"/>."
25216
25754
msgstr ""
25217
25755
25218
#: serverguide/C/dns.xml:616(title)
25756
#: serverguide/C/dns.xml:607(title)
25219
25757
msgid "Common Record Types"
25220
25758
msgstr ""
25221
25759
25222
#: serverguide/C/dns.xml:617(para)
25760
#: serverguide/C/dns.xml:608(para)
25223
25761
msgid "This section covers some of the most common DNS record types."
25224
25762
msgstr ""
25225
25763
25226
#: serverguide/C/dns.xml:622(para)
25764
#: serverguide/C/dns.xml:613(para)
25227
25765
msgid ""
25228
25766
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
25229
25767
msgstr ""
25230
25768
25231
#: serverguide/C/dns.xml:625(programlisting)
25769
#: serverguide/C/dns.xml:616(programlisting)
25232
25770
#, no-wrap
25233
25771
msgid ""
25234
25772
"\n"
25235
25773
"www IN A 192.168.1.12\n"
25236
25774
msgstr ""
25237
25775
25238
#: serverguide/C/dns.xml:630(para)
25776
#: serverguide/C/dns.xml:621(para)
25239
25777
msgid ""
25240
25778
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
25241
25779
"record. You cannot create a CNAME record pointing to another CNAME record."
25242
25780
msgstr ""
25243
25781
25244
#: serverguide/C/dns.xml:633(programlisting)
25782
#: serverguide/C/dns.xml:624(programlisting)
25245
25783
#, no-wrap
25246
25784
msgid ""
25247
25785
"\n"
25248
25786
"web IN CNAME www\n"
25249
25787
msgstr ""
25250
25788
25251
#: serverguide/C/dns.xml:638(para)
25789
#: serverguide/C/dns.xml:629(para)
25252
25790
msgid ""
25253
25791
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
25254
25792
"to. Must point to an A record, not a CNAME."
25255
25793
msgstr ""
25256
25794
25257
#: serverguide/C/dns.xml:641(programlisting)
25795
#: serverguide/C/dns.xml:632(programlisting)
25258
25796
#, no-wrap
25259
25797
msgid ""
25260
25798
"\n"
25262
25800
"mail IN A 192.168.1.13\n"
25263
25801
msgstr ""
25264
25802
25265
#: serverguide/C/dns.xml:647(para)
25803
#: serverguide/C/dns.xml:638(para)
25266
25804
msgid ""
25267
25805
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
25268
25806
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
25269
25807
"Secondary servers are defined."
25270
25808
msgstr ""
25271
25809
25272
#: serverguide/C/dns.xml:651(programlisting)
25810
#: serverguide/C/dns.xml:642(programlisting)
25273
25811
#, no-wrap
25274
25812
msgid ""
25275
25813
"\n"
25279
25817
"ns2 IN A 192.168.1.11\n"
25280
25818
msgstr ""
25281
25819
25282
#: serverguide/C/dns.xml:661(title)
25820
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
25283
25821
msgid "More Information"
25284
25822
msgstr ""
25285
25823
25310
25848
"BIND on IPv6</ulink> book."
25311
25849
msgstr ""
25312
25850
25313
#: serverguide/C/dns.xml:684(para)
25851
#: serverguide/C/dns.xml:670(para)
25314
25852
msgid ""
25315
25853
"A great place to ask for <application>BIND9</application> assistance, and "
25316
25854
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
25493
26031
"Components</link> describes the components of the DM-Multipath package."
25494
26032
msgstr ""
25495
26033
25496
#: serverguide/C/dm-multipath.xml:183(title)
26034
#: serverguide/C/dm-multipath.xml:184(title)
25497
26035
msgid "DM-Multipath Setup Overview"
25498
26036
msgstr ""
25499
26037
25500
#: serverguide/C/dm-multipath.xml:190(para)
26038
#: serverguide/C/dm-multipath.xml:191(para)
25501
26039
msgid ""
25502
26040
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
25503
26041
"role=\"bold\">multipath-tools-boot</emphasis> packages"
25504
26042
msgstr ""
25505
26043
25506
#: serverguide/C/dm-multipath.xml:196(para)
26044
#: serverguide/C/dm-multipath.xml:197(para)
25507
26045
msgid ""
25508
26046
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
25509
26047
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
25510
26048
msgstr ""
25511
26049
25512
#: serverguide/C/dm-multipath.xml:202(para)
26050
#: serverguide/C/dm-multipath.xml:203(para)
25513
26051
msgid ""
25514
26052
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
25515
26053
"configuration file to modify default values and save the updated file."
25516
26054
msgstr ""
25517
26055
25518
#: serverguide/C/dm-multipath.xml:208(para)
26056
#: serverguide/C/dm-multipath.xml:209(para)
25519
26057
msgid "Start the multipath daemon"
25520
26058
msgstr ""
25521
26059
25522
#: serverguide/C/dm-multipath.xml:212(para)
26060
#: serverguide/C/dm-multipath.xml:213(para)
25523
26061
msgid "Update initial ramdisk"
25524
26062
msgstr ""
25525
26063
25526
#: serverguide/C/dm-multipath.xml:185(para)
26064
#: serverguide/C/dm-multipath.xml:186(para)
25527
26065
msgid ""
25528
26066
"DM-Multipath includes compiled-in default settings that are suitable for "
25529
26067
"common multipath configurations. Setting up DM-multipath is often a simple "
25533
26071
"overview\">Setting Up DM-Multipath</link>."
25534
26072
msgstr ""
25535
26073
25536
#: serverguide/C/dm-multipath.xml:222(title)
26074
#: serverguide/C/dm-multipath.xml:223(title)
25537
26075
msgid "Multipath Devices"
25538
26076
msgstr ""
25539
26077
25540
#: serverguide/C/dm-multipath.xml:224(para)
26078
#: serverguide/C/dm-multipath.xml:225(para)
25541
26079
msgid ""
25542
26080
"Without DM-Multipath, each path from a server node to a storage controller "
25543
26081
"is treated by the system as a separate device, even when the I/O path "
25546
26084
"multipath device on top of the underlying devices."
25547
26085
msgstr ""
25548
26086
25549
#: serverguide/C/dm-multipath.xml:232(title)
26087
#: serverguide/C/dm-multipath.xml:233(title)
25550
26088
msgid "Multipath Device Identifiers"
25551
26089
msgstr ""
25552
26090
25553
#: serverguide/C/dm-multipath.xml:260(para)
26091
#: serverguide/C/dm-multipath.xml:261(para)
25554
26092
msgid ""
25555
26093
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
25556
26094
"early in the boot process. Use these devices to access the multipathed "
25557
26095
"devices, for example when creating logical volumes."
25558
26096
msgstr ""
25559
26097
25560
#: serverguide/C/dm-multipath.xml:267(para)
26098
#: serverguide/C/dm-multipath.xml:268(para)
25561
26099
msgid ""
25562
26100
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
25563
26101
"internal use only and should never be used."
25603
26141
"Device Configuration Attributes</link>."
25604
26142
msgstr ""
25605
26143
25606
#: serverguide/C/dm-multipath.xml:288(title)
26144
#: serverguide/C/dm-multipath.xml:289(title)
25607
26145
msgid "Consistent Multipath Device Names in a Cluster"
25608
26146
msgstr ""
25609
26147
25610
#: serverguide/C/dm-multipath.xml:290(para)
26148
#: serverguide/C/dm-multipath.xml:291(para)
25611
26149
msgid ""
25612
26150
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
25613
26151
"configuration option is set to yes, the name of the multipath device is "
25630
26168
"procedure:"
25631
26169
msgstr ""
25632
26170
25633
#: serverguide/C/dm-multipath.xml:312(para)
26171
#: serverguide/C/dm-multipath.xml:313(para)
25634
26172
msgid "Set up all of the multipath devices on one machine."
25635
26173
msgstr ""
25636
26174
25637
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26175
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
25638
26176
msgid ""
25639
26177
"Disable all of your multipath devices on your other machines by running the "
25640
26178
"following commands:"
25641
26179
msgstr ""
25642
26180
25643
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26181
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
25644
26182
#, no-wrap
25645
26183
msgid ""
25646
26184
"# service multipath-tools stop\n"
25647
26185
"# multipath -F\n"
25648
26186
msgstr ""
25649
26187
25650
#: serverguide/C/dm-multipath.xml:325(para)
26188
#: serverguide/C/dm-multipath.xml:326(para)
25651
26189
msgid ""
25652
26190
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
25653
26191
"machine to all the other machines in the cluster."
25654
26192
msgstr ""
25655
26193
25656
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26194
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
25657
26195
msgid ""
25658
26196
"Re-enable the multipathd daemon on all the other machines in the cluster by "
25659
26197
"running the following command:"
25660
26198
msgstr ""
25661
26199
25662
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26200
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
25663
26201
#, no-wrap
25664
26202
msgid "# service multipath-tools start"
25665
26203
msgstr ""
25666
26204
25667
#: serverguide/C/dm-multipath.xml:338(para)
26205
#: serverguide/C/dm-multipath.xml:339(para)
25668
26206
msgid "If you add a new device, you will need to repeat this process."
25669
26207
msgstr ""
25670
26208
25671
#: serverguide/C/dm-multipath.xml:341(para)
26209
#: serverguide/C/dm-multipath.xml:342(para)
25672
26210
msgid ""
25673
26211
"Similarly, if you configure an alias for a device that you would like to be "
25674
26212
"consistent across the nodes in the cluster, you should ensure that the "
25676
26214
"the cluster by following the same procedure:"
25677
26215
msgstr ""
25678
26216
25679
#: serverguide/C/dm-multipath.xml:348(para)
26217
#: serverguide/C/dm-multipath.xml:349(para)
25680
26218
msgid ""
25681
26219
"Configure the aliases for the multipath devices in the in the "
25682
26220
"<filename>multipath.conf</filename> file on one machine."
25683
26221
msgstr ""
25684
26222
25685
#: serverguide/C/dm-multipath.xml:362(para)
26223
#: serverguide/C/dm-multipath.xml:363(para)
25686
26224
msgid ""
25687
26225
"Copy the <filename>multipath.conf</filename> file from the first machine to "
25688
26226
"all the other machines in the cluster."
25689
26227
msgstr ""
25690
26228
25691
#: serverguide/C/dm-multipath.xml:374(para)
26229
#: serverguide/C/dm-multipath.xml:375(para)
25692
26230
msgid "When you add a new device you will need to repeat this process."
25693
26231
msgstr ""
25694
26232
25695
#: serverguide/C/dm-multipath.xml:379(title)
26233
#: serverguide/C/dm-multipath.xml:380(title)
25696
26234
msgid "Multipath Device attributes"
25697
26235
msgstr ""
25698
26236
25699
#: serverguide/C/dm-multipath.xml:381(para)
26237
#: serverguide/C/dm-multipath.xml:382(para)
25700
26238
msgid ""
25701
26239
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
25702
26240
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
25709
26247
"linkend=\"multipath-config-multipath\"/>\"."
25710
26248
msgstr ""
25711
26249
25712
#: serverguide/C/dm-multipath.xml:394(title)
26250
#: serverguide/C/dm-multipath.xml:395(title)
25713
26251
msgid "Multipath Devices in Logical Volumes"
25714
26252
msgstr ""
25715
26253
25716
#: serverguide/C/dm-multipath.xml:396(para)
26254
#: serverguide/C/dm-multipath.xml:397(para)
25717
26255
msgid ""
25718
26256
"After creating multipath devices, you can use the multipath device names "
25719
26257
"just as you would use a physical device name when creating an LVM physical "
25724
26262
"you would use any other LVM physical device."
25725
26263
msgstr ""
25726
26264
25727
#: serverguide/C/dm-multipath.xml:405(para)
26265
#: serverguide/C/dm-multipath.xml:406(para)
25728
26266
msgid ""
25729
26267
"If you attempt to create an LVM physical volume on a whole device on which "
25730
26268
"you have configured partitions, the pvcreate command will fail."
25731
26269
msgstr ""
25732
26270
25733
#: serverguide/C/dm-multipath.xml:425(para)
26271
#: serverguide/C/dm-multipath.xml:426(para)
25734
26272
msgid ""
25735
26273
"Every time either <filename>/etc/lvm.conf</filename> or "
25736
26274
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
25738
26276
"filters are necessary to maintain a stable storage configuration."
25739
26277
msgstr ""
25740
26278
25741
#: serverguide/C/dm-multipath.xml:410(para)
26279
#: serverguide/C/dm-multipath.xml:411(para)
25742
26280
msgid ""
25743
26281
"When you create an LVM logical volume that uses active/passive multipath "
25744
26282
"arrays as the underlying physical devices, you should include filters in the "
25757
26295
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
25758
26296
msgstr ""
25759
26297
25760
#: serverguide/C/dm-multipath.xml:435(title)
26298
#: serverguide/C/dm-multipath.xml:436(title)
25761
26299
msgid "Setting up DM-Multipath Overview"
25762
26300
msgstr ""
25763
26301
25764
#: serverguide/C/dm-multipath.xml:437(para)
26302
#: serverguide/C/dm-multipath.xml:438(para)
25765
26303
msgid ""
25766
26304
"This section provides step-by-step example procedures for configuring DM-"
25767
26305
"Multipath. It includes the following procedures:"
25768
26306
msgstr ""
25769
26307
25770
#: serverguide/C/dm-multipath.xml:442(para)
26308
#: serverguide/C/dm-multipath.xml:443(para)
25771
26309
msgid "Basic DM-Multipath setup"
25772
26310
msgstr ""
25773
26311
25774
#: serverguide/C/dm-multipath.xml:446(para)
26312
#: serverguide/C/dm-multipath.xml:447(para)
25775
26313
msgid "Ignoring local disks"
25776
26314
msgstr ""
25777
26315
25778
#: serverguide/C/dm-multipath.xml:450(para)
26316
#: serverguide/C/dm-multipath.xml:451(para)
25779
26317
msgid "Adding more devices to the configuration file"
25780
26318
msgstr ""
25781
26319
25782
#: serverguide/C/dm-multipath.xml:455(title)
26320
#: serverguide/C/dm-multipath.xml:456(title)
25783
26321
msgid "Setting Up DM-Multipath"
25784
26322
msgstr ""
25785
26323
25786
#: serverguide/C/dm-multipath.xml:457(para)
26324
#: serverguide/C/dm-multipath.xml:458(para)
25787
26325
msgid ""
25788
26326
"Before setting up DM-Multipath on your system, ensure that your system has "
25789
26327
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
25792
26330
"boot</application></emphasis> package is also required."
25793
26331
msgstr ""
25794
26332
25795
#: serverguide/C/dm-multipath.xml:475(para)
26333
#: serverguide/C/dm-multipath.xml:476(para)
25796
26334
msgid ""
25797
26335
"To work around a quirk in multipathd, when an "
25798
26336
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
25809
26347
"database."
25810
26348
msgstr ""
25811
26349
25812
#: serverguide/C/dm-multipath.xml:464(para)
26350
#: serverguide/C/dm-multipath.xml:465(para)
25813
26351
msgid ""
25814
26352
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
25815
26353
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
25825
26363
"multipath.conf-live</screen><placeholder-1/>"
25826
26364
msgstr ""
25827
26365
25828
#: serverguide/C/dm-multipath.xml:492(title)
26366
#: serverguide/C/dm-multipath.xml:493(title)
25829
26367
msgid "Installing with Multipath Support"
25830
26368
msgstr ""
25831
26369
25832
#: serverguide/C/dm-multipath.xml:494(para)
26370
#: serverguide/C/dm-multipath.xml:495(para)
25833
26371
msgid ""
25834
26372
"To enable <ulink "
25835
26373
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
25839
26377
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
25840
26378
msgstr ""
25841
26379
25842
#: serverguide/C/dm-multipath.xml:503(title)
26380
#: serverguide/C/dm-multipath.xml:504(title)
25843
26381
msgid "Ignoring Local Disks When Generating Multipath Devices"
25844
26382
msgstr ""
25845
26383
25846
#: serverguide/C/dm-multipath.xml:505(para)
26384
#: serverguide/C/dm-multipath.xml:506(para)
25847
26385
msgid ""
25848
26386
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
25849
26387
"is not recommended for these devices. The following procedure shows how to "
25864
26402
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
25865
26403
msgstr ""
25866
26404
25867
#: serverguide/C/dm-multipath.xml:524(screen)
26405
#: serverguide/C/dm-multipath.xml:525(screen)
25868
26406
#, no-wrap
25869
26407
msgid ""
25870
26408
"\n"
25901
26439
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
25902
26440
msgstr ""
25903
26441
25904
#: serverguide/C/dm-multipath.xml:560(para)
26442
#: serverguide/C/dm-multipath.xml:561(para)
25905
26443
msgid ""
25906
26444
"In order to prevent the device mapper from mapping <emphasis "
25907
26445
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
25918
26456
"the following in the <filename>/etc/multipath.conf</filename> file."
25919
26457
msgstr ""
25920
26458
25921
#: serverguide/C/dm-multipath.xml:575(screen)
26459
#: serverguide/C/dm-multipath.xml:576(screen)
25922
26460
#, no-wrap
25923
26461
msgid ""
25924
26462
"\n"
25927
26465
"}\n"
25928
26466
msgstr ""
25929
26467
25930
#: serverguide/C/dm-multipath.xml:583(para)
26468
#: serverguide/C/dm-multipath.xml:584(para)
25931
26469
msgid ""
25932
26470
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
25933
26471
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
25935
26473
"<filename>/etc/multipath.conf</filename> file."
25936
26474
msgstr ""
25937
26475
25938
#: serverguide/C/dm-multipath.xml:588(screen)
26476
#: serverguide/C/dm-multipath.xml:589(screen)
25939
26477
#, no-wrap
25940
26478
msgid "# service multipath-tools reload"
25941
26479
msgstr ""
25942
26480
25943
#: serverguide/C/dm-multipath.xml:592(para)
26481
#: serverguide/C/dm-multipath.xml:593(para)
25944
26482
msgid "Run the following command to remove the multipath device:"
25945
26483
msgstr ""
25946
26484
25947
#: serverguide/C/dm-multipath.xml:595(screen)
26485
#: serverguide/C/dm-multipath.xml:596(screen)
25948
26486
#, no-wrap
25949
26487
msgid ""
25950
26488
"\n"
25964
26502
"specify a <emphasis role=\"bold\">-v</emphasis> option."
25965
26503
msgstr ""
25966
26504
25967
#: serverguide/C/dm-multipath.xml:612(screen)
26505
#: serverguide/C/dm-multipath.xml:613(screen)
25968
26506
#, no-wrap
25969
26507
msgid ""
25970
26508
"\n"
25995
26533
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
25996
26534
msgstr ""
25997
26535
25998
#: serverguide/C/dm-multipath.xml:644(title)
26536
#: serverguide/C/dm-multipath.xml:645(title)
25999
26537
msgid "Configuring Storage Devices"
26000
26538
msgstr ""
26001
26539
26002
#: serverguide/C/dm-multipath.xml:646(para)
26540
#: serverguide/C/dm-multipath.xml:647(para)
26003
26541
msgid ""
26004
26542
"By default, DM-Multipath includes support for the most common storage arrays "
26005
26543
"that support DM-Multipath. The default configuration values, including "
26007
26545
"<filename>multipath.conf.defaults</filename> file."
26008
26546
msgstr ""
26009
26547
26010
#: serverguide/C/dm-multipath.xml:651(para)
26548
#: serverguide/C/dm-multipath.xml:652(para)
26011
26549
msgid ""
26012
26550
"If you need to add a storage device that is not supported by default as a "
26013
26551
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
26014
26552
"file and insert the appropriate device information."
26015
26553
msgstr ""
26016
26554
26017
#: serverguide/C/dm-multipath.xml:655(para)
26555
#: serverguide/C/dm-multipath.xml:656(para)
26018
26556
msgid ""
26019
26557
"For example, to add information about the HP Open-V series the entry looks "
26020
26558
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
26021
26559
msgstr ""
26022
26560
26023
#: serverguide/C/dm-multipath.xml:659(screen)
26561
#: serverguide/C/dm-multipath.xml:660(screen)
26024
26562
#, no-wrap
26025
26563
msgid ""
26026
26564
"devices {\n"
26033
26571
"}\n"
26034
26572
msgstr ""
26035
26573
26036
#: serverguide/C/dm-multipath.xml:668(para)
26574
#: serverguide/C/dm-multipath.xml:669(para)
26037
26575
msgid ""
26038
26576
"For more information on the devices section of the configuration file, see "
26039
26577
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
26040
26578
"device\"/>."
26041
26579
msgstr ""
26042
26580
26043
#: serverguide/C/dm-multipath.xml:675(title)
26581
#: serverguide/C/dm-multipath.xml:676(title)
26044
26582
msgid "The DM-Multipath Configuration File"
26045
26583
msgstr ""
26046
26584
26047
#: serverguide/C/dm-multipath.xml:677(para)
26585
#: serverguide/C/dm-multipath.xml:678(para)
26048
26586
msgid ""
26049
26587
"By default, DM-Multipath provides configuration values for the most common "
26050
26588
"uses of multipathing. In addition, DM-Multipath includes support for the "
26053
26591
"<filename>multipath.conf.defaults</filename> file."
26054
26592
msgstr ""
26055
26593
26056
#: serverguide/C/dm-multipath.xml:683(para)
26594
#: serverguide/C/dm-multipath.xml:684(para)
26057
26595
msgid ""
26058
26596
"You can override the default configuration values for DM-Multipath by "
26059
26597
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
26063
26601
"on the following topics: <placeholder-1/>"
26064
26602
msgstr ""
26065
26603
26066
#: serverguide/C/dm-multipath.xml:715(para)
26604
#: serverguide/C/dm-multipath.xml:716(para)
26067
26605
msgid ""
26068
26606
"In the multipath configuration file, you need to specify only the sections "
26069
26607
"that you need for your configuration, or that you wish to change from the "
26073
26611
"can leave them commented out, as they are in the initial file."
26074
26612
msgstr ""
26075
26613
26076
#: serverguide/C/dm-multipath.xml:723(para)
26614
#: serverguide/C/dm-multipath.xml:724(para)
26077
26615
msgid "The configuration file allows regular expression description syntax."
26078
26616
msgstr ""
26079
26617
26080
#: serverguide/C/dm-multipath.xml:726(para)
26618
#: serverguide/C/dm-multipath.xml:727(para)
26081
26619
msgid ""
26082
26620
"An annotated version of the configuration file can be found in "
26083
26621
"<filename><filename>/usr/share/doc/multipath-"
26084
26622
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26085
26623
msgstr ""
26086
26624
26087
#: serverguide/C/dm-multipath.xml:730(title)
26625
#: serverguide/C/dm-multipath.xml:731(title)
26088
26626
msgid "Configuration File Overview"
26089
26627
msgstr ""
26090
26628
26091
#: serverguide/C/dm-multipath.xml:732(para)
26629
#: serverguide/C/dm-multipath.xml:733(para)
26092
26630
msgid ""
26093
26631
"The multipath configuration file is divided into the following sections:"
26094
26632
msgstr ""
26095
26633
26096
#: serverguide/C/dm-multipath.xml:737(emphasis)
26634
#: serverguide/C/dm-multipath.xml:738(emphasis)
26097
26635
msgid "blacklist"
26098
26636
msgstr ""
26099
26637
26100
#: serverguide/C/dm-multipath.xml:740(para)
26638
#: serverguide/C/dm-multipath.xml:741(para)
26101
26639
msgid ""
26102
26640
"Listing of specific devices that will not be considered for multipath."
26103
26641
msgstr ""
26104
26642
26105
#: serverguide/C/dm-multipath.xml:746(emphasis)
26643
#: serverguide/C/dm-multipath.xml:747(emphasis)
26106
26644
msgid "blacklist_exceptions"
26107
26645
msgstr ""
26108
26646
26109
#: serverguide/C/dm-multipath.xml:749(para)
26647
#: serverguide/C/dm-multipath.xml:750(para)
26110
26648
msgid ""
26111
26649
"Listing of multipath candidates that would otherwise be blacklisted "
26112
26650
"according to the parameters of the blacklist section."
26113
26651
msgstr ""
26114
26652
26115
#: serverguide/C/dm-multipath.xml:756(emphasis)
26653
#: serverguide/C/dm-multipath.xml:757(emphasis)
26116
26654
msgid "defaults"
26117
26655
msgstr ""
26118
26656
26119
#: serverguide/C/dm-multipath.xml:759(para)
26657
#: serverguide/C/dm-multipath.xml:760(para)
26120
26658
msgid "General default settings for DM-Multipath."
26121
26659
msgstr ""
26122
26660
26123
#: serverguide/C/dm-multipath.xml:767(para)
26661
#: serverguide/C/dm-multipath.xml:768(para)
26124
26662
msgid ""
26125
26663
"Settings for the characteristics of individual multipath devices. These "
26126
26664
"values overwrite what is specified in the <emphasis "
26128
26666
"role=\"bold\">devices</emphasis> sections of the configuration file."
26129
26667
msgstr ""
26130
26668
26131
#: serverguide/C/dm-multipath.xml:776(emphasis)
26669
#: serverguide/C/dm-multipath.xml:777(emphasis)
26132
26670
msgid "devices"
26133
26671
msgstr ""
26134
26672
26135
#: serverguide/C/dm-multipath.xml:779(para)
26673
#: serverguide/C/dm-multipath.xml:780(para)
26136
26674
msgid ""
26137
26675
"Settings for the individual storage controllers. These values overwrite what "
26138
26676
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
26141
26679
"array."
26142
26680
msgstr ""
26143
26681
26144
#: serverguide/C/dm-multipath.xml:788(para)
26682
#: serverguide/C/dm-multipath.xml:789(para)
26145
26683
msgid ""
26146
26684
"When the system determines the attributes of a multipath device, first it "
26147
26685
"checks the multipath settings, then the per devices settings, then the "
26148
26686
"multipath system defaults."
26149
26687
msgstr ""
26150
26688
26151
#: serverguide/C/dm-multipath.xml:794(title)
26689
#: serverguide/C/dm-multipath.xml:795(title)
26152
26690
msgid "Configuration File Blacklist"
26153
26691
msgstr ""
26154
26692
26155
#: serverguide/C/dm-multipath.xml:796(para)
26693
#: serverguide/C/dm-multipath.xml:797(para)
26156
26694
msgid ""
26157
26695
"The blacklist section of the multipath configuration file specifies the "
26158
26696
"devices that will not be used when the system configures multipath devices. "
26159
26697
"Devices that are blacklisted will not be grouped into a multipath device."
26160
26698
msgstr ""
26161
26699
26162
#: serverguide/C/dm-multipath.xml:803(para)
26700
#: serverguide/C/dm-multipath.xml:804(para)
26163
26701
msgid ""
26164
26702
"If you do need to blacklist devices, you can do so according to the "
26165
26703
"following criteria:"
26166
26704
msgstr ""
26167
26705
26168
#: serverguide/C/dm-multipath.xml:808(para)
26706
#: serverguide/C/dm-multipath.xml:809(para)
26169
26707
msgid ""
26170
26708
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
26171
26709
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
26172
26710
msgstr ""
26173
26711
26174
#: serverguide/C/dm-multipath.xml:814(para)
26712
#: serverguide/C/dm-multipath.xml:815(para)
26175
26713
msgid ""
26176
26714
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
26177
26715
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
26178
26716
msgstr ""
26179
26717
26180
#: serverguide/C/dm-multipath.xml:820(para)
26718
#: serverguide/C/dm-multipath.xml:821(para)
26181
26719
msgid ""
26182
26720
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
26183
26721
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
26184
26722
msgstr ""
26185
26723
26186
#: serverguide/C/dm-multipath.xml:826(para)
26724
#: serverguide/C/dm-multipath.xml:827(para)
26187
26725
msgid ""
26188
26726
"By default, a variety of device types are blacklisted, even after you "
26189
26727
"comment out the initial blacklist section of the configuration file. For "
26191
26729
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
26192
26730
msgstr ""
26193
26731
26194
#: serverguide/C/dm-multipath.xml:835(title)
26732
#: serverguide/C/dm-multipath.xml:836(title)
26195
26733
msgid "Blacklisting By WWID"
26196
26734
msgstr ""
26197
26735
26198
#: serverguide/C/dm-multipath.xml:838(para)
26736
#: serverguide/C/dm-multipath.xml:839(para)
26199
26737
msgid ""
26200
26738
"You can specify individual devices to blacklist by their World-Wide "
26201
26739
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
26203
26741
"file."
26204
26742
msgstr ""
26205
26743
26206
#: serverguide/C/dm-multipath.xml:843(para)
26744
#: serverguide/C/dm-multipath.xml:844(para)
26207
26745
msgid ""
26208
26746
"The following example shows the lines in the configuration file that would "
26209
26747
"blacklist a device with a WWID of 26353900f02796769."
26210
26748
msgstr ""
26211
26749
26212
#: serverguide/C/dm-multipath.xml:846(screen)
26750
#: serverguide/C/dm-multipath.xml:847(screen)
26213
26751
#, no-wrap
26214
26752
msgid ""
26215
26753
"\n"
26218
26756
"}\n"
26219
26757
msgstr ""
26220
26758
26221
#: serverguide/C/dm-multipath.xml:854(title)
26759
#: serverguide/C/dm-multipath.xml:855(title)
26222
26760
msgid "Blacklisting By Device Name"
26223
26761
msgstr ""
26224
26762
26225
#: serverguide/C/dm-multipath.xml:857(para)
26763
#: serverguide/C/dm-multipath.xml:858(para)
26226
26764
msgid ""
26227
26765
"You can blacklist device types by device name so that they will not be "
26228
26766
"grouped into a multipath device by specifying a <emphasis "
26230
26768
"role=\"bold\">blacklist</emphasis> section of the configuration file."
26231
26769
msgstr ""
26232
26770
26233
#: serverguide/C/dm-multipath.xml:863(para)
26771
#: serverguide/C/dm-multipath.xml:864(para)
26234
26772
msgid ""
26235
26773
"The following example shows the lines in the configuration file that would "
26236
26774
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
26239
26777
"}</screen>"
26240
26778
msgstr ""
26241
26779
26242
#: serverguide/C/dm-multipath.xml:870(para)
26780
#: serverguide/C/dm-multipath.xml:871(para)
26243
26781
msgid ""
26244
26782
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
26245
26783
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
26251
26789
"on reboot."
26252
26790
msgstr ""
26253
26791
26254
#: serverguide/C/dm-multipath.xml:880(para)
26792
#: serverguide/C/dm-multipath.xml:881(para)
26255
26793
msgid ""
26256
26794
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
26257
26795
"are compiled in the default blacklist; the devices that these entries "
26267
26805
"</screen>"
26268
26806
msgstr ""
26269
26807
26270
#: serverguide/C/dm-multipath.xml:897(title)
26808
#: serverguide/C/dm-multipath.xml:898(title)
26271
26809
msgid "Blacklisting By Device Type"
26272
26810
msgstr ""
26273
26811
26274
#: serverguide/C/dm-multipath.xml:900(para)
26812
#: serverguide/C/dm-multipath.xml:901(para)
26275
26813
msgid ""
26276
26814
"You can specify specific device types in the <emphasis "
26277
26815
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
26290
26828
"</screen>"
26291
26829
msgstr ""
26292
26830
26293
#: serverguide/C/dm-multipath.xml:918(title)
26831
#: serverguide/C/dm-multipath.xml:919(title)
26294
26832
msgid "Blacklist Exceptions"
26295
26833
msgstr ""
26296
26834
26297
#: serverguide/C/dm-multipath.xml:921(para)
26835
#: serverguide/C/dm-multipath.xml:922(para)
26298
26836
msgid ""
26299
26837
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
26300
26838
"section of the configuration file to enable multipathing on devices that "
26301
26839
"have been blacklisted by default."
26302
26840
msgstr ""
26303
26841
26304
#: serverguide/C/dm-multipath.xml:926(para)
26842
#: serverguide/C/dm-multipath.xml:927(para)
26305
26843
msgid ""
26306
26844
"For example, if you have a large number of devices and want to multipath "
26307
26845
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
26319
26857
"</screen>"
26320
26858
msgstr ""
26321
26859
26322
#: serverguide/C/dm-multipath.xml:941(para)
26860
#: serverguide/C/dm-multipath.xml:942(para)
26323
26861
msgid ""
26324
26862
"When specifying devices in the <emphasis "
26325
26863
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
26331
26869
"only to devnode entries, and device exceptions apply only to device entries."
26332
26870
msgstr ""
26333
26871
26334
#: serverguide/C/dm-multipath.xml:954(title)
26872
#: serverguide/C/dm-multipath.xml:955(title)
26335
26873
msgid "Configuration File Defaults"
26336
26874
msgstr ""
26337
26875
26338
#: serverguide/C/dm-multipath.xml:956(para)
26876
#: serverguide/C/dm-multipath.xml:957(para)
26339
26877
msgid ""
26340
26878
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
26341
26879
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
26343
26881
"role=\"bold\">yes</emphasis>, as follows."
26344
26882
msgstr ""
26345
26883
26346
#: serverguide/C/dm-multipath.xml:961(screen)
26884
#: serverguide/C/dm-multipath.xml:962(screen)
26347
26885
#, no-wrap
26348
26886
msgid ""
26349
26887
"\n"
26352
26890
"}\n"
26353
26891
msgstr ""
26354
26892
26355
#: serverguide/C/dm-multipath.xml:967(para)
26893
#: serverguide/C/dm-multipath.xml:968(para)
26356
26894
msgid ""
26357
26895
"This overwrites the default value of the <emphasis "
26358
26896
"role=\"bold\">user_friendly_names</emphasis> parameter."
26359
26897
msgstr ""
26360
26898
26361
#: serverguide/C/dm-multipath.xml:970(para)
26899
#: serverguide/C/dm-multipath.xml:971(para)
26362
26900
msgid ""
26363
26901
"The configuration file includes a template of configuration defaults. This "
26364
26902
"section is commented out, as follows."
26365
26903
msgstr ""
26366
26904
26367
#: serverguide/C/dm-multipath.xml:973(screen)
26905
#: serverguide/C/dm-multipath.xml:974(screen)
26368
26906
#, no-wrap
26369
26907
msgid ""
26370
26908
"\n"
26385
26923
"#}\n"
26386
26924
msgstr ""
26387
26925
26388
#: serverguide/C/dm-multipath.xml:990(para)
26926
#: serverguide/C/dm-multipath.xml:991(para)
26389
26927
msgid ""
26390
26928
"To overwrite the default value for any of the configuration parameters, you "
26391
26929
"can copy the relevant line from this template into the <emphasis "
26398
26936
"uncomment it, as follows."
26399
26937
msgstr ""
26400
26938
26401
#: serverguide/C/dm-multipath.xml:1001(screen)
26939
#: serverguide/C/dm-multipath.xml:1002(screen)
26402
26940
#, no-wrap
26403
26941
msgid ""
26404
26942
"\n"
26408
26946
"}\n"
26409
26947
msgstr ""
26410
26948
26411
#: serverguide/C/dm-multipath.xml:1008(para)
26949
#: serverguide/C/dm-multipath.xml:1009(para)
26412
26950
msgid ""
26413
26951
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
26414
26952
"config-defaults-table\"/> describes the attributes that are set in the "
26420
26958
"<filename>multipath.conf</filename> file."
26421
26959
msgstr ""
26422
26960
26423
#: serverguide/C/dm-multipath.xml:1022(title)
26961
#: serverguide/C/dm-multipath.xml:1023(title)
26424
26962
msgid "Configuration File Multipath Attributes"
26425
26963
msgstr ""
26426
26964
26427
#: serverguide/C/dm-multipath.xml:1025(para)
26965
#: serverguide/C/dm-multipath.xml:1026(para)
26428
26966
msgid ""
26429
26967
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
26430
26968
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
26436
26974
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
26437
26975
msgstr ""
26438
26976
26439
#: serverguide/C/dm-multipath.xml:1038(para)
26977
#: serverguide/C/dm-multipath.xml:1039(para)
26440
26978
msgid ""
26441
26979
"In addition, the following parameters may be overridden in this <emphasis "
26442
26980
"role=\"bold\">multipath</emphasis> section"
26443
26981
msgstr ""
26444
26982
26445
#: serverguide/C/dm-multipath.xml:1087(para)
26983
#: serverguide/C/dm-multipath.xml:1088(para)
26446
26984
msgid ""
26447
26985
"The following example shows multipath attributes specified in the "
26448
26986
"configuration file for two specific multipath devices. The first device has "
26457
26995
"are set to priorities."
26458
26996
msgstr ""
26459
26997
26460
#: serverguide/C/dm-multipath.xml:1097(screen)
26998
#: serverguide/C/dm-multipath.xml:1098(screen)
26461
26999
#, no-wrap
26462
27000
msgid ""
26463
27001
"\n"
26479
27017
"}\n"
26480
27018
msgstr ""
26481
27019
26482
#: serverguide/C/dm-multipath.xml:1118(title)
27020
#: serverguide/C/dm-multipath.xml:1119(title)
26483
27021
msgid "Configuration File Devices"
26484
27022
msgstr ""
26485
27023
26486
#: serverguide/C/dm-multipath.xml:1120(para)
27024
#: serverguide/C/dm-multipath.xml:1121(para)
26487
27025
msgid ""
26488
27026
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
26489
27027
"device-attributes-table\"/> shows the attributes that you can set for each "
26497
27035
"<filename>multipath.conf</filename> file."
26498
27036
msgstr ""
26499
27037
26500
#: serverguide/C/dm-multipath.xml:1131(para)
27038
#: serverguide/C/dm-multipath.xml:1132(para)
26501
27039
msgid ""
26502
27040
"Many devices that support multipathing are included by default in a "
26503
27041
"multipath configuration. The values for the devices that are supported by "
26511
27049
"the device and override the values that you want to change."
26512
27050
msgstr ""
26513
27051
26514
#: serverguide/C/dm-multipath.xml:1143(para)
27052
#: serverguide/C/dm-multipath.xml:1144(para)
26515
27053
msgid ""
26516
27054
"To add a device to this section of the configuration file that is not "
26517
27055
"configured automatically by default, you must set the <emphasis "
26523
27061
"device_name is the device to be multipathed, as in the following example:"
26524
27062
msgstr ""
26525
27063
26526
#: serverguide/C/dm-multipath.xml:1153(screen)
27064
#: serverguide/C/dm-multipath.xml:1154(screen)
26527
27065
#, no-wrap
26528
27066
msgid ""
26529
27067
"\n"
26533
27071
"SF2372\n"
26534
27072
msgstr ""
26535
27073
26536
#: serverguide/C/dm-multipath.xml:1160(para)
27074
#: serverguide/C/dm-multipath.xml:1161(para)
26537
27075
msgid ""
26538
27076
"The additional parameters to specify depend on your specific device. If the "
26539
27077
"device is active/active, you will usually not need to set additional "
26546
27084
"table\"/>."
26547
27085
msgstr ""
26548
27086
26549
#: serverguide/C/dm-multipath.xml:1170(para)
27087
#: serverguide/C/dm-multipath.xml:1171(para)
26550
27088
msgid ""
26551
27089
"If the device is active/passive, but it automatically switches paths with "
26552
27090
"I/O to the passive path, you need to change the checker function to one that "
26557
27095
"the Test Unit Ready command, which most do."
26558
27096
msgstr ""
26559
27097
26560
#: serverguide/C/dm-multipath.xml:1179(para)
27098
#: serverguide/C/dm-multipath.xml:1180(para)
26561
27099
msgid ""
26562
27100
"If the device needs a special command to switch paths, then configuring this "
26563
27101
"device for multipath requires a hardware handler kernel module. The current "
26565
27103
"device, you may not be able to configure the device for multipath."
26566
27104
msgstr ""
26567
27105
26568
#: serverguide/C/dm-multipath.xml:1188(para)
27106
#: serverguide/C/dm-multipath.xml:1189(para)
26569
27107
msgid ""
26570
27108
"In addition, the following parameters may be overridden in this <emphasis "
26571
27109
"role=\"bold\">device</emphasis> section"
26572
27110
msgstr ""
26573
27111
26574
#: serverguide/C/dm-multipath.xml:1263(para)
27112
#: serverguide/C/dm-multipath.xml:1264(para)
26575
27113
msgid ""
26576
27114
"Whenever a hardware_handler is specified, it is your responsibility to "
26577
27115
"ensure that the appropriate kernel module is loaded to support the specified "
26585
27123
"# update-initramfs -u -k all</screen>"
26586
27124
msgstr ""
26587
27125
26588
#: serverguide/C/dm-multipath.xml:1274(para)
27126
#: serverguide/C/dm-multipath.xml:1275(para)
26589
27127
msgid ""
26590
27128
"The following example shows a device entry in the multipath configuration "
26591
27129
"file."
26592
27130
msgstr ""
26593
27131
26594
#: serverguide/C/dm-multipath.xml:1277(screen)
27132
#: serverguide/C/dm-multipath.xml:1278(screen)
26595
27133
#, no-wrap
26596
27134
msgid ""
26597
27135
"\n"
26606
27144
"#}\n"
26607
27145
msgstr ""
26608
27146
26609
#: serverguide/C/dm-multipath.xml:1289(para)
27147
#: serverguide/C/dm-multipath.xml:1290(para)
26610
27148
msgid ""
26611
27149
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
26612
27150
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
26623
27161
"characters or spaces, as seen in the example above"
26624
27162
msgstr ""
26625
27163
26626
#: serverguide/C/dm-multipath.xml:1306(para)
27164
#: serverguide/C/dm-multipath.xml:1307(para)
26627
27165
msgid "vendor: 8 characters"
26628
27166
msgstr ""
26629
27167
26630
#: serverguide/C/dm-multipath.xml:1310(para)
27168
#: serverguide/C/dm-multipath.xml:1311(para)
26631
27169
msgid "product: 16 characters"
26632
27170
msgstr ""
26633
27171
26634
#: serverguide/C/dm-multipath.xml:1314(para)
27172
#: serverguide/C/dm-multipath.xml:1315(para)
26635
27173
msgid "revision: 4 characters"
26636
27174
msgstr ""
26637
27175
26638
#: serverguide/C/dm-multipath.xml:1318(para)
27176
#: serverguide/C/dm-multipath.xml:1319(para)
26639
27177
msgid ""
26640
27178
"To create a more robust configuration file, regular expressions can also be "
26641
27179
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
26644
27182
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
26645
27183
msgstr ""
26646
27184
26647
#: serverguide/C/dm-multipath.xml:1325(screen)
27185
#: serverguide/C/dm-multipath.xml:1326(screen)
26648
27186
#, no-wrap
26649
27187
msgid "# echo 'show config' | multipathd -k"
26650
27188
msgstr ""
26651
27189
26652
#: serverguide/C/dm-multipath.xml:1330(title)
27190
#: serverguide/C/dm-multipath.xml:1331(title)
26653
27191
msgid "DM-Multipath Administration and Troubleshooting"
26654
27192
msgstr ""
26655
27193
26656
#: serverguide/C/dm-multipath.xml:1333(title)
27194
#: serverguide/C/dm-multipath.xml:1334(title)
26657
27195
msgid "Resizing an Online Multipath Device"
26658
27196
msgstr ""
26659
27197
26660
#: serverguide/C/dm-multipath.xml:1335(para)
27198
#: serverguide/C/dm-multipath.xml:1336(para)
26661
27199
msgid ""
26662
27200
"If you need to resize an online multipath device, use the following procedure"
26663
27201
msgstr ""
26664
27202
26665
#: serverguide/C/dm-multipath.xml:1340(para)
27203
#: serverguide/C/dm-multipath.xml:1341(para)
26666
27204
msgid "Resize your physical device. This is storage platform specific."
26667
27205
msgstr ""
26668
27206
26669
#: serverguide/C/dm-multipath.xml:1345(para)
27207
#: serverguide/C/dm-multipath.xml:1346(para)
26670
27208
msgid "Use the following command to find the paths to the LUN:"
26671
27209
msgstr ""
26672
27210
26673
#: serverguide/C/dm-multipath.xml:1347(screen)
27211
#: serverguide/C/dm-multipath.xml:1348(screen)
26674
27212
#, no-wrap
26675
27213
msgid "# multipath -l"
26676
27214
msgstr ""
26677
27215
26678
#: serverguide/C/dm-multipath.xml:1351(para)
27216
#: serverguide/C/dm-multipath.xml:1352(para)
26679
27217
msgid ""
26680
27218
"Resize your paths. For SCSI devices, writing 1 to the "
26681
27219
"<filename>rescan</filename> file for the device causes the SCSI driver to "
26682
27220
"rescan, as in the following command:"
26683
27221
msgstr ""
26684
27222
26685
#: serverguide/C/dm-multipath.xml:1355(screen)
27223
#: serverguide/C/dm-multipath.xml:1356(screen)
26686
27224
#, no-wrap
26687
27225
msgid "# echo 1 > /sys/block/device_name/device/rescan"
26688
27226
msgstr ""
26689
27227
26690
#: serverguide/C/dm-multipath.xml:1359(para)
27228
#: serverguide/C/dm-multipath.xml:1360(para)
26691
27229
msgid ""
26692
27230
"Resize your multipath device by running the multipathd resize command:"
26693
27231
msgstr ""
26694
27232
26695
#: serverguide/C/dm-multipath.xml:1362(screen)
27233
#: serverguide/C/dm-multipath.xml:1363(screen)
26696
27234
#, no-wrap
26697
27235
msgid "# multipathd -k 'resize map mpatha'"
26698
27236
msgstr ""
26699
27237
26700
#: serverguide/C/dm-multipath.xml:1366(para)
27238
#: serverguide/C/dm-multipath.xml:1367(para)
26701
27239
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
26702
27240
msgstr ""
26703
27241
26704
#: serverguide/C/dm-multipath.xml:1369(screen)
27242
#: serverguide/C/dm-multipath.xml:1370(screen)
26705
27243
#, no-wrap
26706
27244
msgid "# resize2fs /dev/mapper/mpatha"
26707
27245
msgstr ""
26708
27246
26709
#: serverguide/C/dm-multipath.xml:1375(title)
27247
#: serverguide/C/dm-multipath.xml:1376(title)
26710
27248
msgid ""
26711
27249
"Moving root File Systems from a Single Path Device to a Multipath Device"
26712
27250
msgstr ""
26713
27251
26714
#: serverguide/C/dm-multipath.xml:1378(para)
27252
#: serverguide/C/dm-multipath.xml:1379(para)
26715
27253
msgid ""
26716
27254
"This is dramatically simplified by the use of UUIDs to identify devices as "
26717
27255
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
26720
27258
"mounted by UUID."
26721
27259
msgstr ""
26722
27260
26723
#: serverguide/C/dm-multipath.xml:1385(para)
27261
#: serverguide/C/dm-multipath.xml:1386(para)
26724
27262
msgid ""
26725
27263
"Whenever <filename>multipath.conf</filename> is updated, so should the "
26726
27264
"initrd by executing <command>update-initramfs -u -k all</command>. The "
26729
27267
"blacklist and device sections."
26730
27268
msgstr ""
26731
27269
26732
#: serverguide/C/dm-multipath.xml:1394(title)
27270
#: serverguide/C/dm-multipath.xml:1395(title)
26733
27271
msgid ""
26734
27272
"Moving swap File Systems from a Single Path Device to a Multipath Device"
26735
27273
msgstr ""
26736
27274
26737
#: serverguide/C/dm-multipath.xml:1397(para)
27275
#: serverguide/C/dm-multipath.xml:1398(para)
26738
27276
msgid ""
26739
27277
"The procedure is exactly the same as illustrated in the previous section "
26740
27278
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
26742
27280
"Device</link>."
26743
27281
msgstr ""
26744
27282
26745
#: serverguide/C/dm-multipath.xml:1405(title)
27283
#: serverguide/C/dm-multipath.xml:1406(title)
26746
27284
msgid "The Multipath Daemon"
26747
27285
msgstr ""
26748
27286
26749
#: serverguide/C/dm-multipath.xml:1407(para)
27287
#: serverguide/C/dm-multipath.xml:1408(para)
26750
27288
msgid ""
26751
27289
"If you find you have trouble implementing a multipath configuration, you "
26752
27290
"should ensure the multipath daemon is running as described in <link "
26758
27296
"<command>multipathd</command> as a debugging aid."
26759
27297
msgstr ""
26760
27298
26761
#: serverguide/C/dm-multipath.xml:1447(title)
27299
#: serverguide/C/dm-multipath.xml:1448(title)
26762
27300
msgid "Issues with queue_if_no_path"
26763
27301
msgstr ""
26764
27302
26765
#: serverguide/C/dm-multipath.xml:1449(para)
27303
#: serverguide/C/dm-multipath.xml:1450(para)
26766
27304
msgid ""
26767
27305
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
26768
27306
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
26772
27310
"<filename>/etc/multipath.conf</filename>."
26773
27311
msgstr ""
26774
27312
26775
#: serverguide/C/dm-multipath.xml:1456(para)
27313
#: serverguide/C/dm-multipath.xml:1457(para)
26776
27314
msgid ""
26777
27315
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
26778
27316
"remove the <emphasis role=\"bold\">features \"1 "
26788
27326
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
26789
27327
msgstr ""
26790
27328
26791
#: serverguide/C/dm-multipath.xml:1470(para)
27329
#: serverguide/C/dm-multipath.xml:1471(para)
26792
27330
msgid ""
26793
27331
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
26794
27332
"option and you experience the issue noted here, use the "
26799
27337
"<option> \"fail_if_no_path\"</option>, execute the following command."
26800
27338
msgstr ""
26801
27339
26802
#: serverguide/C/dm-multipath.xml:1479(screen)
27340
#: serverguide/C/dm-multipath.xml:1480(screen)
26803
27341
#, no-wrap
26804
27342
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
26805
27343
msgstr ""
26806
27344
26807
#: serverguide/C/dm-multipath.xml:1482(para)
27345
#: serverguide/C/dm-multipath.xml:1483(para)
26808
27346
msgid ""
26809
27347
"You must specify the <filename>mpathN</filename> alias rather than the path"
26810
27348
msgstr ""
26811
27349
26812
#: serverguide/C/dm-multipath.xml:1488(title)
27350
#: serverguide/C/dm-multipath.xml:1489(title)
26813
27351
msgid "Multipath Command Output"
26814
27352
msgstr ""
26815
27353
26816
#: serverguide/C/dm-multipath.xml:1490(para)
27354
#: serverguide/C/dm-multipath.xml:1491(para)
26817
27355
msgid ""
26818
27356
"When you create, modify, or list a multipath device, you get a printout of "
26819
27357
"the current device setup. The format is as follows. For each multipath "
26820
27358
"device:"
26821
27359
msgstr ""
26822
27360
26823
#: serverguide/C/dm-multipath.xml:1494(screen)
27361
#: serverguide/C/dm-multipath.xml:1495(screen)
26824
27362
#, no-wrap
26825
27363
msgid ""
26826
27364
" action_if_any: alias (wwid_if_different_from_alias) "
26829
27367
"wp=write_permission_if_known"
26830
27368
msgstr ""
26831
27369
26832
#: serverguide/C/dm-multipath.xml:1497(para)
27370
#: serverguide/C/dm-multipath.xml:1498(para)
26833
27371
msgid "For each path group:"
26834
27372
msgstr ""
26835
27373
26836
#: serverguide/C/dm-multipath.xml:1499(screen)
27374
#: serverguide/C/dm-multipath.xml:1500(screen)
26837
27375
#, no-wrap
26838
27376
msgid ""
26839
27377
" -+- policy='scheduling_policy' prio=prio_if_known\n"
26840
27378
" status=path_group_status_if_known"
26841
27379
msgstr ""
26842
27380
26843
#: serverguide/C/dm-multipath.xml:1502(para)
27381
#: serverguide/C/dm-multipath.xml:1503(para)
26844
27382
msgid "For each path:"
26845
27383
msgstr ""
26846
27384
26847
#: serverguide/C/dm-multipath.xml:1504(screen)
27385
#: serverguide/C/dm-multipath.xml:1505(screen)
26848
27386
#, no-wrap
26849
27387
msgid ""
26850
27388
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
26852
27390
" online_status"
26853
27391
msgstr ""
26854
27392
26855
#: serverguide/C/dm-multipath.xml:1507(para)
27393
#: serverguide/C/dm-multipath.xml:1508(para)
26856
27394
msgid ""
26857
27395
"For example, the output of a multipath command might appear as follows:"
26858
27396
msgstr ""
26859
27397
26860
#: serverguide/C/dm-multipath.xml:1510(screen)
27398
#: serverguide/C/dm-multipath.xml:1511(screen)
26861
27399
#, no-wrap
26862
27400
msgid ""
26863
27401
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
26868
27406
" `- 7:0:0:0 sdf 8:80 active ready running"
26869
27407
msgstr ""
26870
27408
26871
#: serverguide/C/dm-multipath.xml:1517(para)
27409
#: serverguide/C/dm-multipath.xml:1518(para)
26872
27410
msgid ""
26873
27411
"If the path is up and ready for I/O, the status of the path is <emphasis "
26874
27412
"role=\"bold\">ready</emphasis> or <emphasis "
26879
27417
"defined in the <filename>/etc/multipath.conf</filename> file."
26880
27418
msgstr ""
26881
27419
26882
#: serverguide/C/dm-multipath.xml:1525(para)
27420
#: serverguide/C/dm-multipath.xml:1526(para)
26883
27421
msgid ""
26884
27422
"The dm status is similar to the path status, but from the kernel's point of "
26885
27423
"view. The dm status has two states: <emphasis "
26890
27428
"not agree."
26891
27429
msgstr ""
26892
27430
26893
#: serverguide/C/dm-multipath.xml:1533(para)
27431
#: serverguide/C/dm-multipath.xml:1534(para)
26894
27432
msgid ""
26895
27433
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
26896
27434
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
26899
27437
"disabled."
26900
27438
msgstr ""
26901
27439
26902
#: serverguide/C/dm-multipath.xml:1541(para)
27440
#: serverguide/C/dm-multipath.xml:1542(para)
26903
27441
msgid ""
26904
27442
"When a multipath device is being created or modified , the path group "
26905
27443
"status, the dm device name, the write permissions, and the dm status are not "
26906
27444
"known. Also, the features are not always correct"
26907
27445
msgstr ""
26908
27446
26909
#: serverguide/C/dm-multipath.xml:1548(title)
27447
#: serverguide/C/dm-multipath.xml:1549(title)
26910
27448
msgid "Multipath Queries with multipath Command"
26911
27449
msgstr ""
26912
27450
26913
#: serverguide/C/dm-multipath.xml:1550(para)
27451
#: serverguide/C/dm-multipath.xml:1551(para)
26914
27452
msgid ""
26915
27453
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
26916
27454
"role=\"bold\">-ll</emphasis> options of the <emphasis "
26922
27460
"available components of the system."
26923
27461
msgstr ""
26924
27462
26925
#: serverguide/C/dm-multipath.xml:1559(para)
27463
#: serverguide/C/dm-multipath.xml:1560(para)
26926
27464
msgid ""
26927
27465
"When displaying the multipath configuration, there are three verbosity "
26928
27466
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
26933
27471
"v2</emphasis> prints all detected paths, multipaths, and device maps."
26934
27472
msgstr ""
26935
27473
26936
#: serverguide/C/dm-multipath.xml:1569(para)
27474
#: serverguide/C/dm-multipath.xml:1570(para)
26937
27475
msgid ""
26938
27476
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
26939
27477
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
26942
27480
"of <filename>multipath.conf</filename>."
26943
27481
msgstr ""
26944
27482
26945
#: serverguide/C/dm-multipath.xml:1576(para)
27483
#: serverguide/C/dm-multipath.xml:1577(para)
26946
27484
msgid ""
26947
27485
"The following example shows the output of a <emphasis "
26948
27486
"role=\"bold\">multipath -l</emphasis> command."
26949
27487
msgstr ""
26950
27488
26951
#: serverguide/C/dm-multipath.xml:1579(screen)
27489
#: serverguide/C/dm-multipath.xml:1580(screen)
26952
27490
#, no-wrap
26953
27491
msgid ""
26954
27492
"# multipath -l\n"
26960
27498
" `- 7:0:0:0 sdf 8:80 active ready running"
26961
27499
msgstr ""
26962
27500
26963
#: serverguide/C/dm-multipath.xml:1587(para)
27501
#: serverguide/C/dm-multipath.xml:1588(para)
26964
27502
msgid ""
26965
27503
"The following example shows the output of a <emphasis "
26966
27504
"role=\"bold\">multipath -ll</emphasis> command."
26967
27505
msgstr ""
26968
27506
26969
#: serverguide/C/dm-multipath.xml:1590(screen)
27507
#: serverguide/C/dm-multipath.xml:1591(screen)
26970
27508
#, no-wrap
26971
27509
msgid ""
26972
27510
"# multipath -ll\n"
26983
27521
" `- 18:0:0:3 sdj 8:144 active ready running"
26984
27522
msgstr ""
26985
27523
26986
#: serverguide/C/dm-multipath.xml:1605(title)
27524
#: serverguide/C/dm-multipath.xml:1606(title)
26987
27525
msgid "Multipath Command Options"
26988
27526
msgstr ""
26989
27527
26990
#: serverguide/C/dm-multipath.xml:1607(para)
27528
#: serverguide/C/dm-multipath.xml:1608(para)
26991
27529
msgid ""
26992
27530
"Table <xref endterm=\"useful-multipath-command-options-title\" "
26993
27531
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
26995
27533
"useful."
26996
27534
msgstr ""
26997
27535
26998
#: serverguide/C/dm-multipath.xml:1613(title)
27536
#: serverguide/C/dm-multipath.xml:1614(title)
26999
27537
msgid "Useful multipath Command Options"
27000
27538
msgstr ""
27001
27539
27002
#: serverguide/C/dm-multipath.xml:1622(entry)
27540
#: serverguide/C/dm-multipath.xml:1623(entry)
27003
27541
msgid "Option"
27004
27542
msgstr ""
27005
27543
27006
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27544
#: serverguide/C/dm-multipath.xml:1630(emphasis)
27007
27545
msgid "-l"
27008
27546
msgstr ""
27009
27547
27010
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27548
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
27011
27549
msgid "sysfs"
27012
27550
msgstr ""
27013
27551
27014
#: serverguide/C/dm-multipath.xml:1630(entry)
27552
#: serverguide/C/dm-multipath.xml:1631(entry)
27015
27553
msgid ""
27016
27554
"Display the current multipath configuration gathered from <placeholder-1/> "
27017
27555
"and the device mapper."
27018
27556
msgstr ""
27019
27557
27020
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27558
#: serverguide/C/dm-multipath.xml:1637(emphasis)
27021
27559
msgid "-ll"
27022
27560
msgstr ""
27023
27561
27024
#: serverguide/C/dm-multipath.xml:1637(entry)
27562
#: serverguide/C/dm-multipath.xml:1638(entry)
27025
27563
msgid ""
27026
27564
"Display the current multipath configuration gathered from <placeholder-1/>, "
27027
27565
"the device mapper, and all other available components on the system."
27028
27566
msgstr ""
27029
27567
27030
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27568
#: serverguide/C/dm-multipath.xml:1644(emphasis)
27031
27569
msgid "-f device"
27032
27570
msgstr ""
27033
27571
27034
#: serverguide/C/dm-multipath.xml:1644(entry)
27572
#: serverguide/C/dm-multipath.xml:1645(entry)
27035
27573
msgid "Remove the named multipath device."
27036
27574
msgstr ""
27037
27575
27038
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27576
#: serverguide/C/dm-multipath.xml:1649(emphasis)
27039
27577
msgid "-F"
27040
27578
msgstr ""
27041
27579
27042
#: serverguide/C/dm-multipath.xml:1649(entry)
27580
#: serverguide/C/dm-multipath.xml:1650(entry)
27043
27581
msgid "Remove all unused multipath devices."
27044
27582
msgstr ""
27045
27583
27046
#: serverguide/C/dm-multipath.xml:1657(title)
27584
#: serverguide/C/dm-multipath.xml:1658(title)
27047
27585
msgid "Determining Device Mapper Entries with dmsetup Command"
27048
27586
msgstr ""
27049
27587
27050
#: serverguide/C/dm-multipath.xml:1659(para)
27588
#: serverguide/C/dm-multipath.xml:1660(para)
27051
27589
msgid ""
27052
27590
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27053
27591
"out which device mapper entries match the <emphasis "
27054
27592
"role=\"bold\">multipathed</emphasis> devices."
27055
27593
msgstr ""
27056
27594
27057
#: serverguide/C/dm-multipath.xml:1663(para)
27595
#: serverguide/C/dm-multipath.xml:1664(para)
27058
27596
msgid ""
27059
27597
"The following command displays all the device mapper devices and their major "
27060
27598
"and minor numbers. The minor numbers determine the name of the dm device. "
27063
27601
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
27064
27602
msgstr ""
27065
27603
27066
#: serverguide/C/dm-multipath.xml:1669(screen)
27604
#: serverguide/C/dm-multipath.xml:1670(screen)
27067
27605
#, no-wrap
27068
27606
msgid ""
27069
27607
"\n"
27086
27624
" "
27087
27625
msgstr ""
27088
27626
27089
#: serverguide/C/dm-multipath.xml:1690(title)
27627
#: serverguide/C/dm-multipath.xml:1691(title)
27090
27628
msgid "Troubleshooting with the multipathd interactive console"
27091
27629
msgstr ""
27092
27630
27093
#: serverguide/C/dm-multipath.xml:1692(para)
27631
#: serverguide/C/dm-multipath.xml:1693(para)
27094
27632
msgid ""
27095
27633
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
27096
27634
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
27100
27638
"role=\"bold\">CTRL-D</emphasis> to quit."
27101
27639
msgstr ""
27102
27640
27103
#: serverguide/C/dm-multipath.xml:1699(para)
27641
#: serverguide/C/dm-multipath.xml:1700(para)
27104
27642
msgid ""
27105
27643
"The multipathd interactive console can be used to troubleshoot problems you "
27106
27644
"may be having with your system. For example, the following command sequence "
27110
27648
"Multipathd\"</ulink> for more examples."
27111
27649
msgstr ""
27112
27650
27113
#: serverguide/C/dm-multipath.xml:1706(screen)
27651
#: serverguide/C/dm-multipath.xml:1707(screen)
27114
27652
#, no-wrap
27115
27653
msgid ""
27116
27654
"# multipathd -k\n"
27118
27656
" > > CTRL-D"
27119
27657
msgstr ""
27120
27658
27121
#: serverguide/C/dm-multipath.xml:1710(para)
27659
#: serverguide/C/dm-multipath.xml:1711(para)
27122
27660
msgid ""
27123
27661
"The following command sequence ensures that multipath has picked up any "
27124
27662
"changes to the multipath.conf,"
27125
27663
msgstr ""
27126
27664
27127
#: serverguide/C/dm-multipath.xml:1713(screen)
27665
#: serverguide/C/dm-multipath.xml:1714(screen)
27128
27666
#, no-wrap
27129
27667
msgid ""
27130
27668
"\n"
27133
27671
"> > CTRL-D\n"
27134
27672
msgstr ""
27135
27673
27136
#: serverguide/C/dm-multipath.xml:1719(para)
27674
#: serverguide/C/dm-multipath.xml:1720(para)
27137
27675
msgid ""
27138
27676
"Use the following command sequence to ensure that the path checker is "
27139
27677
"working properly."
27140
27678
msgstr ""
27141
27679
27142
#: serverguide/C/dm-multipath.xml:1722(screen)
27680
#: serverguide/C/dm-multipath.xml:1723(screen)
27143
27681
#, no-wrap
27144
27682
msgid ""
27145
27683
"\n"
27148
27686
"> > CTRL-D\n"
27149
27687
msgstr ""
27150
27688
27151
#: serverguide/C/dm-multipath.xml:1728(para)
27689
#: serverguide/C/dm-multipath.xml:1729(para)
27152
27690
msgid ""
27153
27691
"Commands can also be streamed into multipathd using stdin like so:<screen># "
27154
27692
"echo 'show config' | multipathd -k</screen>"
27162
27700
msgid "Ubuntu provides two popular database servers. They are:"
27163
27701
msgstr ""
27164
27702
27165
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27703
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27166
27704
msgid "MySQL"
27167
27705
msgstr ""
27168
27706
27169
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
27707
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
27170
27708
msgid "PostgreSQL"
27171
27709
msgstr ""
27172
27710
27187
27725
msgid "To install MySQL, run the following command from a terminal prompt:"
27188
27726
msgstr ""
27189
27727
27190
#: serverguide/C/databases.xml:42(command)
27728
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
27191
27729
msgid "sudo apt-get install mysql-server"
27192
27730
msgstr ""
27193
27731
27194
#: serverguide/C/databases.xml:44(para)
27732
#: serverguide/C/databases.xml:51(para)
27195
27733
msgid ""
27196
27734
"During the installation process you will be prompted to enter a password for "
27197
27735
"the MySQL root user."
27198
27736
msgstr ""
27199
27737
27200
#: serverguide/C/databases.xml:48(para)
27738
#: serverguide/C/databases.xml:55(para)
27201
27739
msgid ""
27202
27740
"Once the installation is complete, the MySQL server should be started "
27203
27741
"automatically. You can run the following command from a terminal prompt to "
27204
27742
"check whether the MySQL server is running:"
27205
27743
msgstr ""
27206
27744
27207
#: serverguide/C/databases.xml:55(command)
27745
#: serverguide/C/databases.xml:62(command)
27208
27746
msgid "sudo netstat -tap | grep mysql"
27209
27747
msgstr ""
27210
27748
27211
#: serverguide/C/databases.xml:58(para)
27749
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
27212
27750
msgid ""
27213
27751
"When you run this command, you should see the following line or something "
27214
27752
"similar:"
27215
27753
msgstr ""
27216
27754
27217
#: serverguide/C/databases.xml:62(programlisting)
27755
#: serverguide/C/databases.xml:69(programlisting)
27218
27756
#, no-wrap
27219
27757
msgid ""
27220
27758
"\n"
27222
27760
"2556/mysqld\n"
27223
27761
msgstr ""
27224
27762
27225
#: serverguide/C/databases.xml:65(para)
27763
#: serverguide/C/databases.xml:72(para)
27226
27764
msgid ""
27227
27765
"If the server is not running correctly, you can type the following command "
27228
27766
"to start it:"
27229
27767
msgstr ""
27230
27768
27231
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
27769
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
27232
27770
msgid "sudo service mysql restart"
27233
27771
msgstr ""
27234
27772
27235
#: serverguide/C/databases.xml:74(para)
27773
#: serverguide/C/databases.xml:81(para)
27236
27774
msgid ""
27237
27775
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
27238
27776
"the basic settings -- log file, port number, etc. For example, to configure "
27240
27778
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
27241
27779
msgstr ""
27242
27780
27243
#: serverguide/C/databases.xml:80(programlisting)
27781
#: serverguide/C/databases.xml:87(programlisting)
27244
27782
#, no-wrap
27245
27783
msgid ""
27246
27784
"\n"
27247
27785
"bind-address = 192.168.0.5\n"
27248
27786
msgstr ""
27249
27787
27250
#: serverguide/C/databases.xml:84(para)
27788
#: serverguide/C/databases.xml:91(para)
27251
27789
msgid "Replace 192.168.0.5 with the appropriate address."
27252
27790
msgstr ""
27253
27791
27254
#: serverguide/C/databases.xml:88(para)
27792
#: serverguide/C/databases.xml:95(para)
27255
27793
msgid ""
27256
27794
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
27257
27795
"daemon will need to be restarted:"
27258
27796
msgstr ""
27259
27797
27260
#: serverguide/C/databases.xml:95(para)
27798
#: serverguide/C/databases.xml:102(para)
27261
27799
msgid ""
27262
27800
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
27263
27801
"a terminal enter:"
27264
27802
msgstr ""
27265
27803
27266
#: serverguide/C/databases.xml:100(command)
27804
#: serverguide/C/databases.xml:107(command)
27267
27805
msgid "sudo dpkg-reconfigure mysql-server-5.5"
27268
27806
msgstr ""
27269
27807
27270
#: serverguide/C/databases.xml:102(para)
27808
#: serverguide/C/databases.xml:109(para)
27271
27809
msgid ""
27272
27810
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
27273
27811
"password."
27274
27812
msgstr ""
27275
27813
27276
#: serverguide/C/databases.xml:107(title)
27814
#: serverguide/C/databases.xml:114(title)
27277
27815
msgid "Database Engines"
27278
27816
msgstr ""
27279
27817
27280
#: serverguide/C/databases.xml:108(para)
27818
#: serverguide/C/databases.xml:115(para)
27281
27819
msgid ""
27282
27820
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
27283
27821
"perfectly functional and performs well there are things you may wish to "
27284
27822
"consider before you proceed."
27285
27823
msgstr ""
27286
27824
27287
#: serverguide/C/databases.xml:112(para)
27825
#: serverguide/C/databases.xml:119(para)
27288
27826
msgid ""
27289
27827
"MySQL is designed to allow data to be stored in different ways. These "
27290
27828
"methods are referred to as either database or storage engines. There are two "
27294
27832
"use, you will interact with the database in the same way."
27295
27833
msgstr ""
27296
27834
27297
#: serverguide/C/databases.xml:119(para)
27835
#: serverguide/C/databases.xml:126(para)
27298
27836
msgid "Each engine has its own advantages and disadvantages."
27299
27837
msgstr ""
27300
27838
27301
#: serverguide/C/databases.xml:122(para)
27839
#: serverguide/C/databases.xml:129(para)
27302
27840
msgid ""
27303
27841
"While it is possible, and may be advantageous to mix and match database "
27304
27842
"engines on a table level, doing so reduces the effectiveness of the "
27306
27844
"two engines instead of dedicating them to one."
27307
27845
msgstr ""
27308
27846
27309
#: serverguide/C/databases.xml:129(para)
27847
#: serverguide/C/databases.xml:136(para)
27310
27848
msgid ""
27311
27849
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
27312
27850
"circumstances and favours a read only workload. Some web applications have "
27322
27860
"production/\">MyISAM on a production database</ulink>."
27323
27861
msgstr ""
27324
27862
27325
#: serverguide/C/databases.xml:143(para)
27863
#: serverguide/C/databases.xml:150(para)
27326
27864
msgid ""
27327
27865
"InnoDB is a more modern database engine, designed to be <ulink "
27328
27866
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
27335
27873
"reliable data recovery as data consistency can be checked."
27336
27874
msgstr ""
27337
27875
27338
#: serverguide/C/databases.xml:156(para)
27876
#: serverguide/C/databases.xml:163(para)
27339
27877
msgid ""
27340
27878
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
27341
27879
"MyISAM unless you have specific need for features unique to the engine."
27342
27880
msgstr ""
27343
27881
27344
#: serverguide/C/databases.xml:163(title)
27882
#: serverguide/C/databases.xml:170(title)
27345
27883
msgid "Creating a tuned my.cnf file"
27346
27884
msgstr ""
27347
27885
27348
#: serverguide/C/databases.xml:164(para)
27886
#: serverguide/C/databases.xml:171(para)
27349
27887
msgid ""
27350
27888
"There are a number of parameters that can be adjusted within MySQL's "
27351
27889
"configuration file that will allow you to improve the performance of the "
27398
27936
"</screen> Once that is complete all is good to go!"
27399
27937
msgstr ""
27400
27938
27401
#: serverguide/C/databases.xml:206(para)
27939
#: serverguide/C/databases.xml:213(para)
27402
27940
msgid ""
27403
27941
"This is not necessary for all my.cnf changes. Most of the variables you may "
27404
27942
"wish to change to improve performance are adjustable even whilst the server "
27406
27944
"files and data before making changes."
27407
27945
msgstr ""
27408
27946
27409
#: serverguide/C/databases.xml:215(title)
27947
#: serverguide/C/databases.xml:222(title)
27410
27948
msgid "MySQL Tuner"
27411
27949
msgstr ""
27412
27950
27413
#: serverguide/C/databases.xml:216(para)
27951
#: serverguide/C/databases.xml:223(para)
27414
27952
msgid ""
27415
27953
"<application>MySQL Tuner</application> is a useful tool that will connect to "
27416
27954
"a running MySQL instance and offer suggestions for how it can be best "
27442
27980
"</screen>"
27443
27981
msgstr ""
27444
27982
27445
#: serverguide/C/databases.xml:250(para)
27983
#: serverguide/C/databases.xml:257(para)
27446
27984
msgid ""
27447
27985
"One final comment on tuning databases: Whilst we can broadly say that "
27448
27986
"certain settings are the best, performance can vary from application to "
27457
27995
"either using more powerful hardware or by adding slave servers."
27458
27996
msgstr ""
27459
27997
27460
#: serverguide/C/databases.xml:267(para)
27998
#: serverguide/C/databases.xml:274(para)
27461
27999
msgid ""
27462
28000
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
27463
28001
"more information."
27464
28002
msgstr ""
27465
28003
27466
#: serverguide/C/databases.xml:272(para)
28004
#: serverguide/C/databases.xml:279(para)
27467
28005
msgid ""
27468
28006
"Full documentation is available in both online and offline formats from the "
27469
28007
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
27470
28008
msgstr ""
27471
28009
27472
#: serverguide/C/databases.xml:278(para)
28010
#: serverguide/C/databases.xml:285(para)
27473
28011
msgid ""
27474
28012
"For general SQL information see <ulink "
27475
28013
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
27476
28014
"SQL Special Edition</ulink> by Rafe Colburn."
27477
28015
msgstr ""
27478
28016
27479
#: serverguide/C/databases.xml:284(para)
28017
#: serverguide/C/databases.xml:291(para)
27480
28018
msgid ""
27481
28019
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
27482
28020
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
27495
28033
"in the command prompt:"
27496
28034
msgstr ""
27497
28035
27498
#: serverguide/C/databases.xml:307(command)
28036
#: serverguide/C/databases.xml:314(command)
27499
28037
msgid "sudo apt-get install postgresql"
27500
28038
msgstr ""
27501
28039
27542
28080
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
27543
28081
msgstr ""
27544
28082
27545
#: serverguide/C/databases.xml:339(para)
28083
#: serverguide/C/databases.xml:346(para)
27546
28084
msgid ""
27547
28085
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
27548
28086
"change it to:"
27574
28112
"default <application>PostgreSQL</application> template database:"
27575
28113
msgstr ""
27576
28114
27577
#: serverguide/C/databases.xml:362(command)
28115
#: serverguide/C/databases.xml:370(command)
27578
28116
msgid "sudo -u postgres psql template1"
27579
28117
msgstr ""
27580
28118
27588
28126
"user <emphasis role=\"italics\">postgres</emphasis>."
27589
28127
msgstr ""
27590
28128
27591
#: serverguide/C/databases.xml:372(command)
28129
#: serverguide/C/databases.xml:380(command)
27592
28130
msgid "ALTER USER postgres with encrypted password 'your_password';"
27593
28131
msgstr ""
27594
28132
27600
28138
"<emphasis>postgres</emphasis> user:"
27601
28139
msgstr ""
27602
28140
27603
#: serverguide/C/databases.xml:380(programlisting)
28141
#: serverguide/C/databases.xml:388(programlisting)
27604
28142
#, no-wrap
27605
28143
msgid ""
27606
28144
"\n"
27607
28145
"local all postgres md5\n"
27608
28146
msgstr ""
27609
28147
27610
#: serverguide/C/databases.xml:384(para)
28148
#: serverguide/C/databases.xml:392(para)
27611
28149
msgid ""
27612
28150
"Finally, you should restart the <application>PostgreSQL</application> "
27613
28151
"service to initialize the new configuration. From a terminal prompt enter "
27643
28181
msgid "Replace the domain name with your actual server domain name."
27644
28182
msgstr ""
27645
28183
27646
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28184
#: serverguide/C/backups.xml:11(title)
27647
28185
msgid "Backups"
27648
28186
msgstr ""
27649
28187
27674
28212
"9.1/html/index.html</command> into the address bar of your browser."
27675
28213
msgstr ""
27676
28214
27677
#: serverguide/C/databases.xml:436(para)
28215
#: serverguide/C/databases.xml:426(para)
27678
28216
msgid ""
27679
28217
"For general SQL information see <ulink "
27680
28218
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
27681
28219
"Special Edition</ulink> by Rafe Colburn."
27682
28220
msgstr ""
27683
28221
27684
#: serverguide/C/databases.xml:442(para)
28222
#: serverguide/C/databases.xml:432(para)
27685
28223
msgid ""
27686
28224
"Also, see the <ulink "
27687
28225
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
Loggerhead is a web-based interface for Breezy
Version: 2.0.1