2930
2952
"a GUI), or via a remote VNC client from a GUI based computer."
2933
#: serverguide/C/virtualization.xml:206(title)
2955
#: serverguide/C/virtualization.xml:179(title)
2934
2956
msgid "virt-clone"
2937
#: serverguide/C/virtualization.xml:208(para)
2959
#: serverguide/C/virtualization.xml:180(para)
2939
2961
"The <application>virt-clone</application> application can be used to copy "
2940
2962
"one virtual machine to another. For example:"
2943
#: serverguide/C/virtualization.xml:212(command)
2965
#: serverguide/C/virtualization.xml:184(command)
2945
2967
"sudo virt-clone -o web_devel -n database_devel -f "
2946
2968
"/path/to/database_devel.img \\ --connect=qemu:///system"
2949
#: serverguide/C/virtualization.xml:218(para)
2971
#: serverguide/C/virtualization.xml:189(para)
2950
2972
msgid "<emphasis>-o:</emphasis> original virtual machine."
2953
#: serverguide/C/virtualization.xml:222(para)
2975
#: serverguide/C/virtualization.xml:194(para)
2954
2976
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2957
#: serverguide/C/virtualization.xml:227(para)
2979
#: serverguide/C/virtualization.xml:199(para)
2959
2981
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2960
2982
"be used by the new virtual machine."
2963
#: serverguide/C/virtualization.xml:232(para)
2985
#: serverguide/C/virtualization.xml:204(para)
2965
2987
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2968
#: serverguide/C/virtualization.xml:237(para)
2990
#: serverguide/C/virtualization.xml:209(para)
2970
2992
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2971
2993
"help troubleshoot problems with <application>virt-clone</application>."
2974
#: serverguide/C/virtualization.xml:242(para)
2996
#: serverguide/C/virtualization.xml:214(para)
2976
2998
"Replace <emphasis>web_devel</emphasis> and "
2977
2999
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2980
#: serverguide/C/virtualization.xml:249(title)
3002
#: serverguide/C/virtualization.xml:220(title)
2981
3003
msgid "Virtual Machine Management"
2984
#: serverguide/C/virtualization.xml:252(title)
3006
#: serverguide/C/virtualization.xml:222(title)
2988
#: serverguide/C/virtualization.xml:254(para)
3010
#: serverguide/C/virtualization.xml:223(para)
2990
3012
"There are several utilities available to manage virtual machines and "
2991
3013
"<application>libvirt</application>. The <application>virsh</application> "
2992
3014
"utility can be used from the command line. Some examples:"
2995
#: serverguide/C/virtualization.xml:261(para)
3017
#: serverguide/C/virtualization.xml:229(para)
2996
3018
msgid "To list running virtual machines:"
2999
#: serverguide/C/virtualization.xml:264(command)
3021
#: serverguide/C/virtualization.xml:233(command)
3000
3022
msgid "virsh -c qemu:///system list"
3003
#: serverguide/C/virtualization.xml:269(para)
3025
#: serverguide/C/virtualization.xml:237(para)
3004
3026
msgid "To start a virtual machine:"
3007
#: serverguide/C/virtualization.xml:272(command)
3029
#: serverguide/C/virtualization.xml:241(command)
3008
3030
msgid "virsh -c qemu:///system start web_devel"
3011
#: serverguide/C/virtualization.xml:277(para)
3033
#: serverguide/C/virtualization.xml:245(para)
3012
3034
msgid "Similarly, to start a virtual machine at boot:"
3015
#: serverguide/C/virtualization.xml:280(command)
3037
#: serverguide/C/virtualization.xml:249(command)
3016
3038
msgid "virsh -c qemu:///system autostart web_devel"
3019
#: serverguide/C/virtualization.xml:285(para)
3041
#: serverguide/C/virtualization.xml:253(para)
3020
3042
msgid "Reboot a virtual machine with:"
3023
#: serverguide/C/virtualization.xml:288(command)
3045
#: serverguide/C/virtualization.xml:257(command)
3024
3046
msgid "virsh -c qemu:///system reboot web_devel"
3027
#: serverguide/C/virtualization.xml:293(para)
3049
#: serverguide/C/virtualization.xml:261(para)
3029
3051
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3030
3052
"order to be restored later. The following will save the virtual machine "
3031
3053
"state into a file named according to the date:"
3034
#: serverguide/C/virtualization.xml:299(command)
3056
#: serverguide/C/virtualization.xml:266(command)
3035
3057
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3038
#: serverguide/C/virtualization.xml:302(para)
3060
#: serverguide/C/virtualization.xml:268(para)
3039
3061
msgid "Once saved the virtual machine will no longer be running."
3042
#: serverguide/C/virtualization.xml:307(para)
3064
#: serverguide/C/virtualization.xml:273(para)
3043
3065
msgid "A saved virtual machine can be restored using:"
3046
#: serverguide/C/virtualization.xml:310(command)
3068
#: serverguide/C/virtualization.xml:277(command)
3047
3069
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3050
#: serverguide/C/virtualization.xml:315(para)
3072
#: serverguide/C/virtualization.xml:281(para)
3051
3073
msgid "To shutdown a virtual machine do:"
3054
#: serverguide/C/virtualization.xml:318(command)
3076
#: serverguide/C/virtualization.xml:285(command)
3055
3077
msgid "virsh -c qemu:///system shutdown web_devel"
3058
#: serverguide/C/virtualization.xml:323(para)
3080
#: serverguide/C/virtualization.xml:289(para)
3059
3081
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3062
#: serverguide/C/virtualization.xml:327(command)
3084
#: serverguide/C/virtualization.xml:293(command)
3063
3085
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3066
#: serverguide/C/virtualization.xml:333(para)
3088
#: serverguide/C/virtualization.xml:298(para)
3068
3090
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3069
3091
"appropriate virtual machine name, and <filename>web_devel-"
3070
3092
"022708.state</filename> with a descriptive file name."
3073
#: serverguide/C/virtualization.xml:341(title)
3095
#: serverguide/C/virtualization.xml:305(title)
3074
3096
msgid "Virtual Machine Manager"
3077
#: serverguide/C/virtualization.xml:343(para)
3099
#: serverguide/C/virtualization.xml:306(para)
3079
3101
"The <application>virt-manager</application> package contains a graphical "
3080
3102
"utility to manage local and remote virtual machines. To install virt-manager "
3084
#: serverguide/C/virtualization.xml:348(command)
3106
#: serverguide/C/virtualization.xml:311(command)
3085
3107
msgid "sudo apt-get install virt-manager"
3088
#: serverguide/C/virtualization.xml:351(para)
3110
#: serverguide/C/virtualization.xml:313(para)
3090
3112
"Since <application>virt-manager</application> requires a Graphical User "
3091
3113
"Interface (GUI) environment it is recommended to be installed on a "
5886
5911
"package for account management."
5889
#: serverguide/C/security.xml:88(para)
5914
#: serverguide/C/security.xml:77(para)
5891
5916
"To add a user account, use the following syntax, and follow the prompts to "
5892
5917
"give the account a password and identifiable characteristics such as a full "
5893
5918
"name, phone number, etc."
5896
#: serverguide/C/security.xml:92(command)
5921
#: serverguide/C/security.xml:81(command)
5897
5922
msgid "sudo adduser username"
5900
#: serverguide/C/security.xml:96(para)
5925
#: serverguide/C/security.xml:85(para)
5902
5927
"To delete a user account and its primary group, use the following syntax:"
5905
#: serverguide/C/security.xml:100(command)
5930
#: serverguide/C/security.xml:89(command)
5906
5931
msgid "sudo deluser username"
5909
#: serverguide/C/security.xml:102(para)
5934
#: serverguide/C/security.xml:91(para)
5911
5936
"Deleting an account does not remove their respective home folder. It is up "
5912
5937
"to you whether or not you wish to delete the folder manually or keep it "
5913
5938
"according to your desired retention policies."
5916
#: serverguide/C/security.xml:105(para)
5941
#: serverguide/C/security.xml:94(para)
5918
5943
"Remember, any user added later on with the same UID/GID as the previous "
5919
5944
"owner will now have access to this folder if you have not taken the "
5920
5945
"necessary precautions."
5923
#: serverguide/C/security.xml:108(para)
5948
#: serverguide/C/security.xml:97(para)
5925
5950
"You may want to change these UID/GID values to something more appropriate, "
5926
5951
"such as the root account, and perhaps even relocate the folder to avoid "
5927
5952
"future conflicts:"
5930
#: serverguide/C/security.xml:112(command)
5955
#: serverguide/C/security.xml:101(command)
5931
5956
msgid "sudo chown -R root:root /home/username/"
5934
#: serverguide/C/security.xml:113(command)
5959
#: serverguide/C/security.xml:102(command)
5935
5960
msgid "sudo mkdir /home/archived_users/"
5938
#: serverguide/C/security.xml:114(command)
5963
#: serverguide/C/security.xml:103(command)
5939
5964
msgid "sudo mv /home/username /home/archived_users/"
5942
#: serverguide/C/security.xml:118(para)
5967
#: serverguide/C/security.xml:107(para)
5944
5969
"To temporarily lock or unlock a user account, use the following syntax, "
5945
5970
"respectively:"
5948
#: serverguide/C/security.xml:122(command)
5973
#: serverguide/C/security.xml:111(command)
5949
5974
msgid "sudo passwd -l username"
5952
#: serverguide/C/security.xml:123(command)
5977
#: serverguide/C/security.xml:112(command)
5953
5978
msgid "sudo passwd -u username"
5956
#: serverguide/C/security.xml:127(para)
5981
#: serverguide/C/security.xml:116(para)
5958
5983
"To add or delete a personalized group, use the following syntax, "
5959
5984
"respectively:"
5962
#: serverguide/C/security.xml:131(command)
5987
#: serverguide/C/security.xml:120(command)
5963
5988
msgid "sudo addgroup groupname"
5966
#: serverguide/C/security.xml:132(command)
5991
#: serverguide/C/security.xml:121(command)
5967
5992
msgid "sudo delgroup groupname"
5970
#: serverguide/C/security.xml:136(para)
5995
#: serverguide/C/security.xml:125(para)
5971
5996
msgid "To add a user to a group, use the following syntax:"
5974
#: serverguide/C/security.xml:140(command)
5999
#: serverguide/C/security.xml:129(command)
5975
6000
msgid "sudo adduser username groupname"
5978
#: serverguide/C/security.xml:147(title)
6003
#: serverguide/C/security.xml:136(title)
5979
6004
msgid "User Profile Security"
5982
#: serverguide/C/security.xml:148(para)
6007
#: serverguide/C/security.xml:137(para)
5984
6009
"When a new user is created, the adduser utility creates a brand new home "
5985
6010
"directory named <filename class=\"directory\">/home/username</filename>, "
6391
6416
"to create an IPv4 or IPv6 host-based firewall."
6394
#: serverguide/C/security.xml:388(para)
6419
#: serverguide/C/security.xml:373(para)
6396
6421
"<application>ufw</application> by default is initially disabled. From the "
6397
6422
"<application>ufw</application> man page:"
6400
#: serverguide/C/security.xml:392(quote)
6425
#: serverguide/C/security.xml:377(quote)
6402
6427
"ufw is not intended to provide complete firewall functionality via its "
6403
6428
"command interface, but instead provides an easy way to add or remove simple "
6404
6429
"rules. It is currently mainly used for host-based firewalls."
6407
#: serverguide/C/security.xml:396(para)
6432
#: serverguide/C/security.xml:381(para)
6409
6434
"The following are some examples of how to use <application>ufw</application>:"
6412
#: serverguide/C/security.xml:401(para)
6437
#: serverguide/C/security.xml:386(para)
6414
6439
"First, <application>ufw</application> needs to be enabled. From a terminal "
6415
6440
"prompt enter:"
6418
#: serverguide/C/security.xml:405(command)
6443
#: serverguide/C/security.xml:390(command)
6419
6444
msgid "sudo ufw enable"
6422
#: serverguide/C/security.xml:409(para)
6447
#: serverguide/C/security.xml:394(para)
6423
6448
msgid "To open a port (ssh in this example):"
6426
#: serverguide/C/security.xml:413(command)
6451
#: serverguide/C/security.xml:398(command)
6427
6452
msgid "sudo ufw allow 22"
6430
#: serverguide/C/security.xml:417(para)
6455
#: serverguide/C/security.xml:402(para)
6431
6456
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6434
#: serverguide/C/security.xml:421(command)
6459
#: serverguide/C/security.xml:406(command)
6435
6460
msgid "sudo ufw insert 1 allow 80"
6438
#: serverguide/C/security.xml:425(para)
6463
#: serverguide/C/security.xml:410(para)
6439
6464
msgid "Similarly, to close an opened port:"
6442
#: serverguide/C/security.xml:429(command)
6467
#: serverguide/C/security.xml:414(command)
6443
6468
msgid "sudo ufw deny 22"
6446
#: serverguide/C/security.xml:433(para)
6471
#: serverguide/C/security.xml:418(para)
6447
6472
msgid "To remove a rule, use delete followed by the rule:"
6450
#: serverguide/C/security.xml:437(command)
6475
#: serverguide/C/security.xml:422(command)
6451
6476
msgid "sudo ufw delete deny 22"
6454
#: serverguide/C/security.xml:441(para)
6479
#: serverguide/C/security.xml:426(para)
6456
6481
"It is also possible to allow access from specific hosts or networks to a "
6457
6482
"port. The following example allows ssh access from host 192.168.0.2 to any "
6458
6483
"ip address on this host:"
6461
#: serverguide/C/security.xml:446(command)
6486
#: serverguide/C/security.xml:431(command)
6462
6487
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6465
#: serverguide/C/security.xml:448(para)
6490
#: serverguide/C/security.xml:433(para)
6467
6492
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6471
#: serverguide/C/security.xml:454(para)
6496
#: serverguide/C/security.xml:439(para)
6473
6498
"Adding the <emphasis>--dry-run</emphasis> option to a "
6474
6499
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6785
6810
"forward</emphasis> chain."
6788
#: serverguide/C/security.xml:720(title)
6813
#: serverguide/C/security.xml:705(title)
6789
6814
msgid "iptables Masquerading"
6792
#: serverguide/C/security.xml:721(para)
6817
#: serverguide/C/security.xml:706(para)
6794
6819
"<application>iptables</application> can also be used to enable Masquerading."
6797
#: serverguide/C/security.xml:726(para)
6822
#: serverguide/C/security.xml:711(para)
6799
6824
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6800
6825
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6801
6826
"uncomment the following line"
6804
#: serverguide/C/security.xml:730(programlisting)
6829
#: serverguide/C/security.xml:715(programlisting)
6808
6833
"net.ipv4.ip_forward=1\n"
6811
#: serverguide/C/security.xml:733(para)
6836
#: serverguide/C/security.xml:718(para)
6812
6837
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6815
#: serverguide/C/security.xml:736(programlisting)
6840
#: serverguide/C/security.xml:721(programlisting)
6819
6844
"net.ipv6.conf.default.forwarding=1\n"
6822
#: serverguide/C/security.xml:741(para)
6847
#: serverguide/C/security.xml:726(para)
6824
6849
"Next, execute the <application>sysctl</application> command to enable the "
6825
6850
"new settings in the configuration file:"
6828
#: serverguide/C/security.xml:745(command)
6853
#: serverguide/C/security.xml:730(command)
6829
6854
msgid "sudo sysctl -p"
6832
#: serverguide/C/security.xml:749(para)
6857
#: serverguide/C/security.xml:734(para)
6834
6859
"IP Masquerading can now be accomplished with a single iptables rule, which "
6835
6860
"may differ slightly based on your network configuration:"
6838
#: serverguide/C/security.xml:752(screen)
6863
#: serverguide/C/security.xml:737(screen)
6842
6867
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6845
#: serverguide/C/security.xml:755(para)
6870
#: serverguide/C/security.xml:740(para)
6847
6872
"The above command assumes that your private address space is 192.168.0.0/16 "
6848
6873
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6852
#: serverguide/C/security.xml:760(para)
6877
#: serverguide/C/security.xml:745(para)
6853
6878
msgid "-t nat -- the rule is to go into the nat table"
6856
#: serverguide/C/security.xml:761(para)
6881
#: serverguide/C/security.xml:746(para)
6858
6883
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6861
#: serverguide/C/security.xml:762(para)
6886
#: serverguide/C/security.xml:747(para)
6863
6888
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6864
6889
"specified address space"
6867
#: serverguide/C/security.xml:763(para)
6892
#: serverguide/C/security.xml:748(para)
6869
6894
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6870
6895
"specified network device"
6873
#: serverguide/C/security.xml:765(para)
6898
#: serverguide/C/security.xml:750(para)
6875
6900
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6876
6901
"MASQUERADE target to be manipulated as described above"
6879
#: serverguide/C/security.xml:773(para)
6904
#: serverguide/C/security.xml:758(para)
6881
6906
"Also, each chain in the filter table (the default table, and where most or "
6882
6907
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7075
7100
"<application>apparmor-profiles</application> package."
7078
#: serverguide/C/security.xml:921(para)
7103
#: serverguide/C/security.xml:907(para)
7080
7105
"To install the <application>apparmor-profiles</application> package from a "
7081
7106
"terminal prompt:"
7084
#: serverguide/C/security.xml:925(command)
7109
#: serverguide/C/security.xml:911(command)
7085
7110
msgid "sudo apt-get install apparmor-profiles"
7088
#: serverguide/C/security.xml:927(para)
7113
#: serverguide/C/security.xml:913(para)
7089
7114
msgid "AppArmor profiles have two modes of execution:"
7092
#: serverguide/C/security.xml:932(para)
7117
#: serverguide/C/security.xml:918(para)
7094
7119
"Complaining/Learning: profile violations are permitted and logged. Useful "
7095
7120
"for testing and developing new profiles."
7098
#: serverguide/C/security.xml:937(para)
7123
#: serverguide/C/security.xml:923(para)
7100
7125
"Enforced/Confined: enforces profile policy as well as logging the violation."
7103
#: serverguide/C/security.xml:943(title)
7128
#: serverguide/C/security.xml:929(title)
7104
7129
msgid "Using AppArmor"
7107
#: serverguide/C/security.xml:944(para)
7132
#: serverguide/C/security.xml:945(para)
7134
"This section is plagued by a bug (<ulink "
7135
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7136
"#1304134</ulink>) and instructions will not work as advertised."
7139
#: serverguide/C/security.xml:930(para)
7109
7141
"The <application>apparmor-utils</application> package contains command line "
7110
7142
"utilities that you can use to change the <application>AppArmor</application> "
7111
7143
"execution mode, find the status of a profile, create new profiles, etc."
7114
#: serverguide/C/security.xml:950(para)
7146
#: serverguide/C/security.xml:936(para)
7116
7148
"<application>apparmor_status</application> is used to view the current "
7117
7149
"status of AppArmor profiles."
7120
#: serverguide/C/security.xml:954(command)
7152
#: serverguide/C/security.xml:940(command)
7121
7153
msgid "sudo apparmor_status"
7124
#: serverguide/C/security.xml:958(para)
7156
#: serverguide/C/security.xml:944(para)
7126
7158
"<application>aa-complain</application> places a profile into "
7127
7159
"<emphasis>complain</emphasis> mode."
7130
#: serverguide/C/security.xml:962(command)
7162
#: serverguide/C/security.xml:948(command)
7131
7163
msgid "sudo aa-complain /path/to/bin"
7134
#: serverguide/C/security.xml:966(para)
7166
#: serverguide/C/security.xml:952(para)
7136
7168
"<application>aa-enforce</application> places a profile into "
7137
7169
"<emphasis>enforce</emphasis> mode."
7140
#: serverguide/C/security.xml:970(command)
7172
#: serverguide/C/security.xml:956(command)
7141
7173
msgid "sudo aa-enforce /path/to/bin"
7144
#: serverguide/C/security.xml:974(para)
7176
#: serverguide/C/security.xml:960(para)
7146
7178
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7147
7179
"profiles are located. It can be used to manipulate the "
7148
7180
"<emphasis>mode</emphasis> of all profiles."
7151
#: serverguide/C/security.xml:978(para)
7183
#: serverguide/C/security.xml:964(para)
7152
7184
msgid "Enter the following to place all profiles into complain mode:"
7155
#: serverguide/C/security.xml:982(command)
7187
#: serverguide/C/security.xml:968(command)
7156
7188
msgid "sudo aa-complain /etc/apparmor.d/*"
7159
#: serverguide/C/security.xml:984(para)
7191
#: serverguide/C/security.xml:970(para)
7160
7192
msgid "To place all profiles in enforce mode:"
7163
#: serverguide/C/security.xml:988(command)
7195
#: serverguide/C/security.xml:974(command)
7164
7196
msgid "sudo aa-enforce /etc/apparmor.d/*"
7167
#: serverguide/C/security.xml:992(para)
7199
#: serverguide/C/security.xml:978(para)
7169
7201
"<application>apparmor_parser</application> is used to load a profile into "
7170
7202
"the kernel. It can also be used to reload a currently loaded profile using "
7171
7203
"the <emphasis>-r</emphasis> option. To load a profile:"
7174
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7206
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7175
7207
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7178
#: serverguide/C/security.xml:999(para)
7210
#: serverguide/C/security.xml:985(para)
7179
7211
msgid "To reload a profile:"
7182
#: serverguide/C/security.xml:1003(command)
7214
#: serverguide/C/security.xml:989(command)
7183
7215
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7186
#: serverguide/C/security.xml:1007(para)
7218
#: serverguide/C/security.xml:1013(para)
7188
7220
"<filename>service apparmor</filename> can be used to "
7189
7221
"<emphasis>reload</emphasis> all profiles:"
7192
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7224
#: serverguide/C/network-auth.xml:964(command)
7193
7225
msgid "sudo service apparmor reload"
7196
#: serverguide/C/security.xml:1015(para)
7228
#: serverguide/C/security.xml:1001(para)
7198
7230
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7199
7231
"with the <application>apparmor_parser -R</application> option to "
7200
7232
"<emphasis>disable</emphasis> a profile."
7203
#: serverguide/C/security.xml:1020(command)
7235
#: serverguide/C/security.xml:1006(command)
7204
7236
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7207
#: serverguide/C/security.xml:1021(command)
7239
#: serverguide/C/security.xml:1007(command)
7208
7240
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7211
#: serverguide/C/security.xml:1023(para)
7243
#: serverguide/C/security.xml:1009(para)
7213
7245
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7214
7246
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7215
7247
"load the profile using the <emphasis>-a</emphasis> option."
7218
#: serverguide/C/security.xml:1028(command)
7250
#: serverguide/C/security.xml:1014(command)
7219
7251
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7222
#: serverguide/C/security.xml:1033(para)
7254
#: serverguide/C/security.xml:1019(para)
7224
7256
"<application>AppArmor</application> can be disabled, and the kernel module "
7225
7257
"unloaded by entering the following:"
7228
#: serverguide/C/security.xml:1037(command)
7260
#: serverguide/C/security.xml:1043(command)
7229
7261
msgid "sudo service apparmor stop"
7232
#: serverguide/C/security.xml:1038(command)
7264
#: serverguide/C/security.xml:1024(command)
7233
7265
msgid "sudo update-rc.d -f apparmor remove"
7236
#: serverguide/C/security.xml:1042(para)
7268
#: serverguide/C/security.xml:1028(para)
7237
7269
msgid "To re-enable <application>AppArmor</application> enter:"
7240
#: serverguide/C/security.xml:1046(command)
7272
#: serverguide/C/security.xml:1052(command)
7241
7273
msgid "sudo service apparmor start"
7244
#: serverguide/C/security.xml:1047(command)
7276
#: serverguide/C/security.xml:1033(command)
7245
7277
msgid "sudo update-rc.d apparmor defaults"
7248
#: serverguide/C/security.xml:1052(para)
7280
#: serverguide/C/security.xml:1038(para)
7250
7282
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7251
7283
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7932
7964
"filesystem, partition type, etc."
7935
#: serverguide/C/security.xml:1661(para)
7967
#: serverguide/C/security.xml:1647(para)
7937
7969
"During installation there is an option to encrypt the <filename "
7938
7970
"role=\"directory\">/home</filename> partition. This will automatically "
7939
7971
"configure everything needed to encrypt and mount the partition."
7942
#: serverguide/C/security.xml:1666(para)
7974
#: serverguide/C/security.xml:1652(para)
7944
7976
"As an example, this section will cover configuring <filename "
7945
7977
"role=\"directory\">/srv</filename> to be encrypted using "
7946
7978
"<emphasis>eCryptfs</emphasis>."
7949
#: serverguide/C/security.xml:1671(title)
7981
#: serverguide/C/security.xml:1657(title)
7950
7982
msgid "Using eCryptfs"
7953
#: serverguide/C/security.xml:1673(para)
7985
#: serverguide/C/security.xml:1659(para)
7954
7986
msgid "First, install the necessary packages. From a terminal prompt enter:"
7957
#: serverguide/C/security.xml:1678(command)
7989
#: serverguide/C/security.xml:1664(command)
7958
7990
msgid "sudo apt-get install ecryptfs-utils"
7961
#: serverguide/C/security.xml:1681(para)
7993
#: serverguide/C/security.xml:1667(para)
7962
7994
msgid "Now mount the partition to be encrypted:"
7965
#: serverguide/C/security.xml:1686(command)
7997
#: serverguide/C/security.xml:1672(command)
7966
7998
msgid "sudo mount -t ecryptfs /srv /srv"
7969
#: serverguide/C/security.xml:1689(para)
8001
#: serverguide/C/security.xml:1675(para)
7971
8003
"You will then be prompted for some details on how "
7972
8004
"<application>ecryptfs</application> should encrypt the data."
7975
#: serverguide/C/security.xml:1693(para)
8007
#: serverguide/C/security.xml:1679(para)
7977
8009
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
7978
8010
"copy the <filename>/etc/default</filename> folder to "
7979
8011
"<filename>/srv</filename>:"
7982
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8014
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
7983
8015
msgid "sudo cp -r /etc/default /srv"
7986
#: serverguide/C/security.xml:1702(para)
8018
#: serverguide/C/security.xml:1688(para)
7987
8019
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
7990
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8022
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
7991
8023
msgid "sudo umount /srv"
7994
#: serverguide/C/security.xml:1708(command)
8026
#: serverguide/C/security.xml:1694(command)
7995
8027
msgid "cat /srv/default/cron"
7998
#: serverguide/C/security.xml:1711(para)
8030
#: serverguide/C/security.xml:1697(para)
8000
8032
"Remounting <filename>/srv</filename> using "
8001
8033
"<application>ecryptfs</application> will make the data viewable once again."
8004
#: serverguide/C/security.xml:1717(title)
8036
#: serverguide/C/security.xml:1703(title)
8005
8037
msgid "Automatically Mounting Encrypted Partitions"
8008
#: serverguide/C/security.xml:1719(para)
8040
#: serverguide/C/security.xml:1705(para)
8010
8042
"There are a couple of ways to automatically mount an "
8011
8043
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8558
8585
"of the Samba guide for more details."
8561
#: serverguide/C/samba.xml:425(para)
8588
#: serverguide/C/windows-networking.xml:425(para)
8563
8590
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8564
8591
"without supplying a username and password."
8567
#: serverguide/C/samba.xml:432(para)
8594
#: serverguide/C/windows-networking.xml:432(para)
8569
8596
"The security mode you choose will depend on your environment and what you "
8570
8597
"need the Samba server to accomplish."
8573
#: serverguide/C/samba.xml:438(title)
8600
#: serverguide/C/windows-networking.xml:438(title)
8574
8601
msgid "Security = User"
8577
#: serverguide/C/samba.xml:440(para)
8604
#: serverguide/C/windows-networking.xml:440(para)
8579
8606
"This section will reconfigure the Samba file and print server, from <xref "
8580
8607
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8581
8608
"require authentication."
8584
#: serverguide/C/samba.xml:445(para)
8611
#: serverguide/C/windows-networking.xml:445(para)
8586
8613
"First, install the <application>libpam-smbpass</application> package which "
8587
8614
"will sync the system users to the Samba user database:"
8590
#: serverguide/C/samba.xml:451(command)
8617
#: serverguide/C/windows-networking.xml:451(command)
8591
8618
msgid "sudo apt-get install libpam-smbpass"
8594
#: serverguide/C/samba.xml:455(para)
8621
#: serverguide/C/windows-networking.xml:455(para)
8596
8623
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8597
8624
"<application>libpam-smbpass</application> is already installed."
8600
#: serverguide/C/samba.xml:461(para)
8627
#: serverguide/C/windows-networking.xml:461(para)
8602
8629
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8603
8630
"<emphasis>[share]</emphasis> section change:"
8606
#: serverguide/C/samba.xml:465(programlisting)
8633
#: serverguide/C/windows-networking.xml:465(programlisting)
8610
8637
" guest ok = no\n"
8613
#: serverguide/C/samba.xml:469(para)
8640
#: serverguide/C/windows-networking.xml:469(para)
8614
8641
msgid "Finally, restart Samba for the new settings to take effect:"
8617
#: serverguide/C/samba.xml:478(para)
8644
#: serverguide/C/windows-networking.xml:478(para)
8619
8646
"Now when connecting to the shared directories or printers you should be "
8620
8647
"prompted for a username and password."
8623
#: serverguide/C/samba.xml:483(para)
8650
#: serverguide/C/windows-networking.xml:483(para)
8625
8652
"If you choose to map a network drive to the share you can check the "
8626
8653
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8627
8654
"enter the username and password once, at least until the password changes."
8630
#: serverguide/C/samba.xml:491(title)
8657
#: serverguide/C/windows-networking.xml:491(title)
8631
8658
msgid "Share Security"
8634
#: serverguide/C/samba.xml:493(para)
8661
#: serverguide/C/windows-networking.xml:493(para)
8636
8663
"There are several options available to increase the security for each "
8637
8664
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8638
8665
"this section will cover some common options."
8641
#: serverguide/C/samba.xml:499(title)
8668
#: serverguide/C/windows-networking.xml:499(title)
8645
#: serverguide/C/samba.xml:501(para)
8672
#: serverguide/C/windows-networking.xml:501(para)
8647
8674
"Groups define a collection of computers or users which have a common level "
8648
8675
"of access to particular network resources and offer a level of granularity "
10445
10471
"Personal Package Archive (PPA)</ulink>."
10448
#: serverguide/C/remote-administration.xml:606(para)
10474
#: serverguide/C/remote-administration.xml:566(para)
10450
10476
"Not present on Ubuntu Universe repositories, but on <ulink "
10451
10477
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10452
10478
"find these other modules:"
10455
#: serverguide/C/remote-administration.xml:613(para)
10481
#: serverguide/C/remote-administration.xml:573(para)
10457
10483
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10458
10484
"with other modules like the proxy, file sharing or mailfilter."
10461
#: serverguide/C/remote-administration.xml:620(para)
10487
#: serverguide/C/remote-administration.xml:580(para)
10463
10489
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10464
10490
"a simple PBX with LDAP based authentication."
10467
#: serverguide/C/remote-administration.xml:626(para)
10493
#: serverguide/C/remote-administration.xml:586(para)
10469
10495
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10472
#: serverguide/C/remote-administration.xml:632(para)
10498
#: serverguide/C/remote-administration.xml:592(para)
10474
10500
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10475
10501
"LDAP users and groups."
10478
#: serverguide/C/remote-administration.xml:638(para)
10504
#: serverguide/C/remote-administration.xml:598(para)
10480
10506
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10481
10507
"popular <application>duplicity</application> backup tool."
10484
#: serverguide/C/remote-administration.xml:644(para)
10510
#: serverguide/C/remote-administration.xml:604(para)
10485
10511
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10488
#: serverguide/C/remote-administration.xml:649(para)
10514
#: serverguide/C/remote-administration.xml:609(para)
10489
10515
msgid "zentyal-ids: integrates a network intrusion detection system."
10492
#: serverguide/C/remote-administration.xml:654(para)
10518
#: serverguide/C/remote-administration.xml:614(para)
10494
10520
"zentyal-ipsec: allows to configure IPsec tunnels using "
10495
10521
"<application>OpenSwan</application>."
10498
#: serverguide/C/remote-administration.xml:660(para)
10524
#: serverguide/C/remote-administration.xml:620(para)
10500
10526
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10501
10527
"with LDAP users and groups."
10504
#: serverguide/C/remote-administration.xml:666(para)
10530
#: serverguide/C/remote-administration.xml:626(para)
10506
10532
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10510
#: serverguide/C/remote-administration.xml:672(para)
10536
#: serverguide/C/remote-administration.xml:632(para)
10512
10538
"zentyal-mail: a full mail stack including <application>Postfix "
10513
10539
"</application> and <application>Dovecot</application> with LDAP backend."
10516
#: serverguide/C/remote-administration.xml:679(para)
10542
#: serverguide/C/remote-administration.xml:639(para)
10518
10544
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10519
10545
"stack to filter spam and attached virus."
10522
#: serverguide/C/remote-administration.xml:685(para)
10548
#: serverguide/C/remote-administration.xml:645(para)
10524
10550
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10525
10551
"server performance and running services."
10528
#: serverguide/C/remote-administration.xml:691(para)
10554
#: serverguide/C/remote-administration.xml:651(para)
10530
10556
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10533
#: serverguide/C/remote-administration.xml:696(para)
10559
#: serverguide/C/remote-administration.xml:656(para)
10535
10561
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10536
10562
"users and groups."
10539
#: serverguide/C/remote-administration.xml:702(para)
10565
#: serverguide/C/remote-administration.xml:662(para)
10541
10567
"zentyal-software: simple interface to manage installed "
10542
10568
"<application>Zentyal</application> modules and system updates."
10545
#: serverguide/C/remote-administration.xml:708(para)
10571
#: serverguide/C/remote-administration.xml:668(para)
10547
10573
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10548
10574
"throttling and improve latency."
10551
#: serverguide/C/remote-administration.xml:714(para)
10577
#: serverguide/C/remote-administration.xml:674(para)
10553
10579
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10554
10580
"web browser."
10557
#: serverguide/C/remote-administration.xml:720(para)
10583
#: serverguide/C/remote-administration.xml:680(para)
10559
10585
"zentyal-virt: simple interface to create and manage virtual machines based "
10560
10586
"on <application>libvirt</application>."
10563
#: serverguide/C/remote-administration.xml:726(para)
10589
#: serverguide/C/remote-administration.xml:686(para)
10565
10591
"zentyal-webmail: allows to access your mail using the popular "
10566
10592
"<application>Roundcube</application> webmail."
10569
#: serverguide/C/remote-administration.xml:732(para)
10595
#: serverguide/C/remote-administration.xml:692(para)
10571
10597
"zentyal-webserver: configures <application>Apache</application> webserver to "
10572
10598
"host different sites on your machine."
10575
#: serverguide/C/remote-administration.xml:738(para)
10601
#: serverguide/C/remote-administration.xml:698(para)
10577
10603
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10578
10604
"with <application>Zentyal</application> mail stack and LDAP."
10581
#: serverguide/C/remote-administration.xml:750(title)
10607
#: serverguide/C/remote-administration.xml:710(title)
10582
10608
msgid "First steps"
10585
#: serverguide/C/remote-administration.xml:752(para)
10611
#: serverguide/C/remote-administration.xml:712(para)
10587
10613
"Any system account belonging to the sudo group is allowed to log into "
10588
10614
"<application>Zentyal</application> web interface. If you are using the user "
10589
10615
"created during the installation, this should be in the sudo group by default."
10592
#: serverguide/C/remote-administration.xml:760(para)
10618
#: serverguide/C/remote-administration.xml:720(para)
10593
10619
msgid "If you need to add another user to the sudo group, just execute:"
10596
#: serverguide/C/remote-administration.xml:765(command)
10622
#: serverguide/C/remote-administration.xml:725(command)
10597
10623
msgid "sudo adduser username sudo"
10600
#: serverguide/C/remote-administration.xml:769(para)
10626
#: serverguide/C/remote-administration.xml:729(para)
10602
10628
"To access <application>Zentyal</application> web interface, browse into "
10603
10629
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11521
11547
"flexibility of <application>pam_motd</application>."
11524
#: serverguide/C/other-apps.xml:151(title)
11550
#: serverguide/C/other-apps.xml:156(para)
11553
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11554
"motd.5.html\">update-motd man page</ulink> for more options available to "
11555
"<application>update-motd</application>."
11558
#: serverguide/C/other-apps.xml:338(para)
11560
"The Debian Package of the Day <ulink "
11561
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11562
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11563
"details about using the <application>weather</application>utility."
11566
#: serverguide/C/other-apps.xml:134(title)
11525
11567
msgid "etckeeper"
11528
#: serverguide/C/other-apps.xml:153(para)
11570
#: serverguide/C/other-apps.xml:180(para)
11530
11572
"<application>etckeeper</application> allows the contents of <filename "
11531
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11532
"System (VCS) repository. It hooks into <application>apt</application> to "
11533
"automatically commit changes to <filename>/etc</filename> when packages are "
11573
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
11574
"(VCS) repository. It integrates with <application>APT</application> and "
11575
"automatically commits changes to <filename>/etc</filename> when packages are "
11534
11576
"installed or upgraded. Placing <filename>/etc</filename> under version "
11535
11577
"control is considered an industry best practice, and the goal of "
11536
11578
"<application>etckeeper</application> is to make this process as painless as "
11540
#: serverguide/C/other-apps.xml:161(para)
11582
#: serverguide/C/other-apps.xml:144(para)
11542
11584
"Install <application>etckeeper</application> by entering the following in a "
11546
#: serverguide/C/other-apps.xml:166(command)
11588
#: serverguide/C/other-apps.xml:149(command)
11547
11589
msgid "sudo apt-get install etckeeper"
11550
#: serverguide/C/other-apps.xml:169(para)
11592
#: serverguide/C/other-apps.xml:196(para)
11552
11594
"The main configuration file, "
11553
11595
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11554
"main option is which VCS to use. By default "
11596
"main option is which VCS to use and by default "
11555
11597
"<application>etckeeper</application> is configured to use "
11556
"<application>bzr</application> for version control. The repository is "
11557
"automatically initialized (and committed for the first time) during package "
11558
"installation. It is possible to undo this by entering the following command:"
11598
"<application>Bazaar</application>. The repository is automatically "
11599
"initialized (and committed for the first time) during package installation. "
11600
"It is possible to undo this by entering the following command:"
11561
#: serverguide/C/other-apps.xml:179(command)
11603
#: serverguide/C/other-apps.xml:162(command)
11562
11604
msgid "sudo etckeeper uninit"
11565
#: serverguide/C/other-apps.xml:182(para)
11607
#: serverguide/C/other-apps.xml:165(para)
11567
11609
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11568
11610
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11645
11685
"Committed revision 2."
11648
#: serverguide/C/other-apps.xml:256(para)
11688
#: serverguide/C/other-apps.xml:239(para)
11650
11690
"For an example of how <application>etckeeper</application> tracks manual "
11651
11691
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11652
11692
"<application>bzr</application> you can see which files have been modified:"
11655
#: serverguide/C/other-apps.xml:262(command)
11695
#: serverguide/C/other-apps.xml:245(command)
11656
11696
msgid "sudo bzr status /etc/"
11659
#: serverguide/C/other-apps.xml:263(computeroutput)
11699
#: serverguide/C/other-apps.xml:246(computeroutput)
11662
11702
"modified:\n"
11666
#: serverguide/C/other-apps.xml:267(para)
11706
#: serverguide/C/other-apps.xml:250(para)
11667
11707
msgid "Now commit the changes:"
11670
#: serverguide/C/other-apps.xml:272(command)
11671
msgid "sudo etckeeper commit \"new host\""
11710
#: serverguide/C/other-apps.xml:295(command)
11711
msgid "sudo etckeeper commit \"added new host\""
11674
#: serverguide/C/other-apps.xml:275(para)
11714
#: serverguide/C/other-apps.xml:258(para)
11676
11716
"For more information on <application>bzr</application> see <xref "
11677
11717
"linkend=\"bazaar\"/>."
11680
#: serverguide/C/other-apps.xml:281(title)
11720
#: serverguide/C/other-apps.xml:345(para)
11723
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11724
"more details on using <application>etckeeper</application>."
11727
#: serverguide/C/other-apps.xml:351(para)
11729
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11730
"Ubuntu Wiki</ulink> page."
11733
#: serverguide/C/other-apps.xml:356(para)
11735
"For the latest news and information about <application>bzr</application> see "
11736
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11739
#: serverguide/C/other-apps.xml:264(title)
11681
11740
msgid "Byobu"
11684
#: serverguide/C/other-apps.xml:283(para)
11686
"One of the most useful applications for any system administrator is "
11687
"<application>screen</application>. It allows the execution of multiple "
11688
"shells in one terminal. To make some of the advanced "
11689
"<application>screen</application> features more user friendly, and provide "
11690
"some useful information about the system, the "
11691
"<application>byobu</application> package was created."
11694
#: serverguide/C/other-apps.xml:290(para)
11696
"When executing <application>byobu</application> pressing the "
11697
"<emphasis>F9</emphasis> key will bring up the "
11698
"<application>Configuration</application> menu. This menu will allow you to:"
11701
#: serverguide/C/other-apps.xml:296(para)
11743
#: serverguide/C/other-apps.xml:337(para)
11745
"One of the most useful applications for any system administrator is an xterm "
11746
"multiplexor such as <application>screen</application> or "
11747
"<application>tmux</application>. It allows for the execution of multiple "
11748
"shells in one terminal. To make some of the advanced multiplexor features "
11749
"more user-friendly and provide some useful information about the system, the "
11750
"<application>byobu</application> package was created. It acts as a wrapper "
11751
"to these programs. By default Byobu uses tmux (if installed) but this can be "
11752
"changed by the user."
11755
#: serverguide/C/other-apps.xml:344(para)
11756
msgid "Invoke it simply with:"
11759
#: serverguide/C/other-apps.xml:349(command)
11763
#: serverguide/C/other-apps.xml:352(para)
11765
"Now bring up the configuration menu. By default this is done by pressing the "
11766
"<emphasis>F9</emphasis> key. This will allow you to:"
11769
#: serverguide/C/other-apps.xml:279(para)
11702
11770
msgid "View the Help menu"
11705
#: serverguide/C/other-apps.xml:297(para)
11773
#: serverguide/C/other-apps.xml:280(para)
11706
11774
msgid "Change Byobu's background color"
11709
#: serverguide/C/other-apps.xml:298(para)
11777
#: serverguide/C/other-apps.xml:281(para)
11710
11778
msgid "Change Byobu's foreground color"
11713
#: serverguide/C/other-apps.xml:299(para)
11781
#: serverguide/C/other-apps.xml:282(para)
11714
11782
msgid "Toggle status notifications"
11717
#: serverguide/C/other-apps.xml:300(para)
11785
#: serverguide/C/other-apps.xml:283(para)
11718
11786
msgid "Change the key binding set"
11721
#: serverguide/C/other-apps.xml:301(para)
11789
#: serverguide/C/other-apps.xml:284(para)
11722
11790
msgid "Change the escape sequence"
11725
#: serverguide/C/other-apps.xml:302(para)
11793
#: serverguide/C/other-apps.xml:285(para)
11726
11794
msgid "Create new windows"
11729
#: serverguide/C/other-apps.xml:303(para)
11797
#: serverguide/C/other-apps.xml:286(para)
11730
11798
msgid "Manage the default windows"
11733
#: serverguide/C/other-apps.xml:304(para)
11801
#: serverguide/C/other-apps.xml:287(para)
11734
11802
msgid "Byobu currently does not launch at login (toggle on)"
11737
#: serverguide/C/other-apps.xml:307(para)
11805
#: serverguide/C/other-apps.xml:290(para)
11739
11807
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11740
11808
"sequence, new window, change window, etc. There are two key binding sets to "
11767
11835
"commands. Here is a quick list of movement commands:"
11770
#: serverguide/C/other-apps.xml:331(para)
11838
#: serverguide/C/other-apps.xml:314(para)
11771
11839
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11774
#: serverguide/C/other-apps.xml:332(para)
11842
#: serverguide/C/other-apps.xml:315(para)
11775
11843
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11778
#: serverguide/C/other-apps.xml:333(para)
11846
#: serverguide/C/other-apps.xml:316(para)
11779
11847
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11782
#: serverguide/C/other-apps.xml:334(para)
11850
#: serverguide/C/other-apps.xml:317(para)
11783
11851
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11786
#: serverguide/C/other-apps.xml:335(para)
11854
#: serverguide/C/other-apps.xml:318(para)
11787
11855
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11790
#: serverguide/C/other-apps.xml:336(para)
11858
#: serverguide/C/other-apps.xml:319(para)
11791
11859
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11794
#: serverguide/C/other-apps.xml:337(para)
11862
#: serverguide/C/other-apps.xml:320(para)
11796
11864
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11797
11865
"the buffer)"
11800
#: serverguide/C/other-apps.xml:338(para)
11868
#: serverguide/C/other-apps.xml:321(para)
11801
11869
msgid "<emphasis>/</emphasis> - Search forward"
11804
#: serverguide/C/other-apps.xml:339(para)
11872
#: serverguide/C/other-apps.xml:322(para)
11805
11873
msgid "<emphasis>?</emphasis> - Search backward"
11808
#: serverguide/C/other-apps.xml:340(para)
11876
#: serverguide/C/other-apps.xml:401(para)
11810
11878
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11813
#: serverguide/C/other-apps.xml:349(para)
11816
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11817
"motd.5.html\">update-motd man page</ulink> for more options available to "
11818
"<application>update-motd</application>."
11821
#: serverguide/C/other-apps.xml:355(para)
11823
"The Debian Package of the Day <ulink "
11824
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11825
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11826
"details about using the <application>weather</application>utility."
11829
#: serverguide/C/other-apps.xml:362(para)
11832
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11833
"more details on using <application>etckeeper</application>."
11836
#: serverguide/C/other-apps.xml:368(para)
11838
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11839
"Ubuntu Wiki</ulink> page."
11842
#: serverguide/C/other-apps.xml:373(para)
11844
"For the latest news and information about <application>bzr</application> see "
11845
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11848
#: serverguide/C/other-apps.xml:378(para)
11881
#: serverguide/C/other-apps.xml:361(para)
11850
11883
"For more information on <application>screen</application> see the <ulink "
11851
11884
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11854
#: serverguide/C/other-apps.xml:383(para)
11887
#: serverguide/C/other-apps.xml:366(para)
11856
11889
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11857
11890
"screen</ulink> page."
11860
#: serverguide/C/other-apps.xml:388(para)
11893
#: serverguide/C/other-apps.xml:371(para)
11862
11895
"Also, see the <application>byobu</application><ulink "
11863
11896
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
13576
13627
"dn: olcDatabase={1}hdb,cn=config\n"
13579
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
13630
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13580
13631
msgid "Explanation of entries:"
13583
#: serverguide/C/network-auth.xml:266(para)
13634
#: serverguide/C/network-auth.xml:288(para)
13584
13635
msgid "<emphasis>cn=config</emphasis>: global settings"
13587
#: serverguide/C/network-auth.xml:272(para)
13638
#: serverguide/C/network-auth.xml:294(para)
13589
13640
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13592
#: serverguide/C/network-auth.xml:278(para)
13643
#: serverguide/C/network-auth.xml:300(para)
13594
13645
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13598
#: serverguide/C/network-auth.xml:284(para)
13649
#: serverguide/C/network-auth.xml:306(para)
13600
13651
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13604
#: serverguide/C/network-auth.xml:290(para)
13655
#: serverguide/C/network-auth.xml:312(para)
13606
13657
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13609
#: serverguide/C/network-auth.xml:296(para)
13660
#: serverguide/C/network-auth.xml:318(para)
13610
13661
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13613
#: serverguide/C/network-auth.xml:302(para)
13664
#: serverguide/C/network-auth.xml:324(para)
13615
13666
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13616
13667
"inetorgperson schema"
13619
#: serverguide/C/network-auth.xml:308(para)
13670
#: serverguide/C/network-auth.xml:330(para)
13621
13672
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13625
#: serverguide/C/network-auth.xml:314(para)
13676
#: serverguide/C/network-auth.xml:336(para)
13627
13678
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13628
13679
"default settings for other databases"
13631
#: serverguide/C/network-auth.xml:320(para)
13682
#: serverguide/C/network-auth.xml:342(para)
13633
13684
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13634
13685
"database (cn=config)"
13637
#: serverguide/C/network-auth.xml:326(para)
13688
#: serverguide/C/network-auth.xml:348(para)
13639
13690
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13640
13691
"(dc=examle,dc=com)"
13643
#: serverguide/C/network-auth.xml:337(para)
13694
#: serverguide/C/network-auth.xml:359(para)
13644
13695
msgid "This is what the dc=example,dc=com DIT looks like:"
13647
#: serverguide/C/network-auth.xml:342(command)
13698
#: serverguide/C/network-auth.xml:364(command)
13648
13699
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13651
#: serverguide/C/network-auth.xml:343(computeroutput)
13702
#: serverguide/C/network-auth.xml:365(computeroutput)
14248
14299
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14251
#: serverguide/C/network-auth.xml:918(para)
14302
#: serverguide/C/network-auth.xml:940(para)
14253
14304
"Change the rootDN in the LDIF file to match the one you have for your "
14257
#: serverguide/C/network-auth.xml:925(para)
14308
#: serverguide/C/network-auth.xml:947(para)
14259
"The <application>apparmor</application> profile for slapd will need to be "
14260
"adjusted for the accesslog database location. Edit "
14261
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
14310
"The <application>apparmor</application> profile for slapd will not need to "
14311
"be adjusted for the accesslog database location since "
14312
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14265
#: serverguide/C/network-auth.xml:931(programlisting)
14315
#: serverguide/C/network-auth.xml:952(programlisting)
14269
"/var/lib/ldap/accesslog/ r,\n"
14270
"/var/lib/ldap/accesslog/** rwk,\n"
14319
"/var/lib/ldap/ r,\n"
14320
"/var/lib/ldap/** rwk,\n"
14273
#: serverguide/C/network-auth.xml:936(para)
14323
#: serverguide/C/network-auth.xml:957(para)
14275
14325
"Create a directory, set up a databse config file, and reload the apparmor "
14279
#: serverguide/C/network-auth.xml:941(command)
14329
#: serverguide/C/network-auth.xml:962(command)
14280
14330
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14283
#: serverguide/C/network-auth.xml:942(command)
14333
#: serverguide/C/network-auth.xml:963(command)
14284
14334
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14287
#: serverguide/C/network-auth.xml:949(para)
14337
#: serverguide/C/network-auth.xml:970(para)
14289
14339
"Add the new content and, due to the apparmor change, restart the daemon:"
14292
#: serverguide/C/network-auth.xml:954(command)
14342
#: serverguide/C/network-auth.xml:975(command)
14293
14343
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14296
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
14346
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14297
14347
msgid "sudo service slapd restart"
14300
#: serverguide/C/network-auth.xml:962(para)
14350
#: serverguide/C/network-auth.xml:983(para)
14301
14351
msgid "The Provider is now configured."
14304
#: serverguide/C/network-auth.xml:969(title)
14354
#: serverguide/C/network-auth.xml:990(title)
14305
14355
msgid "Consumer Configuration"
14308
#: serverguide/C/network-auth.xml:971(para)
14358
#: serverguide/C/network-auth.xml:992(para)
14309
14359
msgid "And now configure the <emphasis>Consumer</emphasis>."
14312
#: serverguide/C/network-auth.xml:978(para)
14362
#: serverguide/C/network-auth.xml:999(para)
14314
14364
"Install the software by going through <xref linkend=\"openldap-server-"
14315
14365
"installation\"/>. Make sure the slapd-config databse is identical to the "
15158
15208
"assist you in the configuration step. Install this package now:"
15161
#: serverguide/C/network-auth.xml:1704(command)
15211
#: serverguide/C/network-auth.xml:1725(command)
15162
15212
msgid "sudo apt-get install libnss-ldap"
15165
#: serverguide/C/network-auth.xml:1707(para)
15215
#: serverguide/C/network-auth.xml:1728(para)
15167
15217
"You will be prompted for details of your LDAP server. If you make a mistake "
15168
15218
"you can try again using:"
15171
#: serverguide/C/network-auth.xml:1712(command)
15221
#: serverguide/C/network-auth.xml:1733(command)
15172
15222
msgid "sudo dpkg-reconfigure ldap-auth-config"
15175
#: serverguide/C/network-auth.xml:1715(para)
15225
#: serverguide/C/network-auth.xml:1736(para)
15177
15227
"The results of the dialog can be seen in "
15178
15228
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15179
15229
"covered in the menu edit this file accordingly."
15182
#: serverguide/C/network-auth.xml:1720(para)
15232
#: serverguide/C/network-auth.xml:1741(para)
15183
15233
msgid "Now configure the LDAP profile for NSS:"
15186
#: serverguide/C/network-auth.xml:1725(command)
15236
#: serverguide/C/network-auth.xml:1746(command)
15187
15237
msgid "sudo auth-client-config -t nss -p lac_ldap"
15190
#: serverguide/C/network-auth.xml:1728(para)
15240
#: serverguide/C/network-auth.xml:1749(para)
15191
15241
msgid "Configure the system to use LDAP for authentication:"
15194
#: serverguide/C/network-auth.xml:1733(command)
15244
#: serverguide/C/network-auth.xml:1754(command)
15195
15245
msgid "sudo pam-auth-update"
15198
#: serverguide/C/network-auth.xml:1736(para)
15248
#: serverguide/C/network-auth.xml:1757(para)
15200
15250
"From the menu, choose LDAP and any other authentication mechanisms you need."
15203
#: serverguide/C/network-auth.xml:1740(para)
15253
#: serverguide/C/network-auth.xml:1761(para)
15204
15254
msgid "You should now be able to log in using LDAP-based credentials."
15207
#: serverguide/C/network-auth.xml:1744(para)
15257
#: serverguide/C/network-auth.xml:1765(para)
15209
15259
"LDAP clients will need to refer to multiple servers if replication is in "
15210
15260
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15213
#: serverguide/C/network-auth.xml:1749(programlisting)
15263
#: serverguide/C/network-auth.xml:1770(programlisting)
15217
15267
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15220
#: serverguide/C/network-auth.xml:1753(para)
15270
#: serverguide/C/network-auth.xml:1774(para)
15222
15272
"The request will time out and the Consumer (ldap02) will attempt to be "
15223
15273
"reached if the Provider (ldap01) becomes unresponsive."
15226
#: serverguide/C/network-auth.xml:1757(para)
15276
#: serverguide/C/network-auth.xml:1778(para)
15228
15278
"If you are going to use LDAP to store Samba users you will need to configure "
15229
15279
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15230
15280
"ldap\"/> for details."
15233
#: serverguide/C/network-auth.xml:1763(para)
15283
#: serverguide/C/network-auth.xml:1784(para)
15235
15285
"An alternative to the <application>libnss-ldap</application> package is the "
15236
15286
"<application>libnss-ldapd</application> package. This, however, will bring "
15281
15331
"MIDSTART=10000\n"
15284
#: serverguide/C/network-auth.xml:1806(para)
15334
#: serverguide/C/network-auth.xml:1827(para)
15286
15336
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15287
15337
"access to the directory:"
15290
#: serverguide/C/network-auth.xml:1811(command)
15340
#: serverguide/C/network-auth.xml:1832(command)
15292
15342
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15295
#: serverguide/C/network-auth.xml:1812(command)
15345
#: serverguide/C/network-auth.xml:1833(command)
15296
15346
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15299
#: serverguide/C/network-auth.xml:1816(para)
15349
#: serverguide/C/network-auth.xml:1837(para)
15301
15351
"Replace <quote>secret</quote> with the actual password for your database's "
15302
15352
"rootDN user."
15305
#: serverguide/C/network-auth.xml:1821(para)
15355
#: serverguide/C/network-auth.xml:1842(para)
15307
15357
"The scripts are now ready to help manage your directory. Here are some "
15308
15358
"examples of how to use them:"
15311
#: serverguide/C/network-auth.xml:1828(para)
15361
#: serverguide/C/network-auth.xml:1849(para)
15312
15362
msgid "Create a new user:"
15315
#: serverguide/C/network-auth.xml:1833(command)
15365
#: serverguide/C/network-auth.xml:1854(command)
15316
15366
msgid "sudo ldapadduser george example"
15319
#: serverguide/C/network-auth.xml:1836(para)
15369
#: serverguide/C/network-auth.xml:1857(para)
15321
15371
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15322
15372
"and set the user's primary group (gid) to <emphasis "
15323
15373
"role=\"italic\">example</emphasis>"
15326
#: serverguide/C/network-auth.xml:1843(para)
15376
#: serverguide/C/network-auth.xml:1864(para)
15327
15377
msgid "Change a user's password:"
15330
#: serverguide/C/network-auth.xml:1848(command)
15380
#: serverguide/C/network-auth.xml:1869(command)
15331
15381
msgid "sudo ldapsetpasswd george"
15334
#: serverguide/C/network-auth.xml:1849(computeroutput)
15384
#: serverguide/C/network-auth.xml:1870(computeroutput)
15336
15386
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15339
#: serverguide/C/network-auth.xml:1850(userinput)
15389
#: serverguide/C/network-auth.xml:1871(userinput)
15341
15391
msgid "New Password: "
15344
#: serverguide/C/network-auth.xml:1851(userinput)
15394
#: serverguide/C/network-auth.xml:1872(userinput)
15346
15396
msgid "New Password (verify): "
15349
#: serverguide/C/network-auth.xml:1857(para)
15399
#: serverguide/C/network-auth.xml:1878(para)
15350
15400
msgid "Delete a user:"
15353
#: serverguide/C/network-auth.xml:1862(command)
15403
#: serverguide/C/network-auth.xml:1883(command)
15354
15404
msgid "sudo ldapdeleteuser george"
15357
#: serverguide/C/network-auth.xml:1868(para)
15407
#: serverguide/C/network-auth.xml:1889(para)
15358
15408
msgid "Add a group:"
15361
#: serverguide/C/network-auth.xml:1873(command)
15411
#: serverguide/C/network-auth.xml:1894(command)
15362
15412
msgid "sudo ldapaddgroup qa"
15365
#: serverguide/C/network-auth.xml:1879(para)
15415
#: serverguide/C/network-auth.xml:1900(para)
15366
15416
msgid "Delete a group:"
15369
#: serverguide/C/network-auth.xml:1884(command)
15419
#: serverguide/C/network-auth.xml:1905(command)
15370
15420
msgid "sudo ldapdeletegroup qa"
15373
#: serverguide/C/network-auth.xml:1890(para)
15423
#: serverguide/C/network-auth.xml:1911(para)
15374
15424
msgid "Add a user to a group:"
15377
#: serverguide/C/network-auth.xml:1895(command)
15427
#: serverguide/C/network-auth.xml:1916(command)
15378
15428
msgid "sudo ldapaddusertogroup george qa"
15381
#: serverguide/C/network-auth.xml:1898(para)
15431
#: serverguide/C/network-auth.xml:1919(para)
15383
15433
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15384
15434
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15385
15435
"role=\"italic\">george</emphasis>."
15388
#: serverguide/C/network-auth.xml:1905(para)
15438
#: serverguide/C/network-auth.xml:1926(para)
15389
15439
msgid "Remove a user from a group:"
15392
#: serverguide/C/network-auth.xml:1910(command)
15442
#: serverguide/C/network-auth.xml:1931(command)
15393
15443
msgid "sudo ldapdeleteuserfromgroup george qa"
15396
#: serverguide/C/network-auth.xml:1913(para)
15446
#: serverguide/C/network-auth.xml:1934(para)
15398
15448
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15399
15449
"<emphasis role=\"italic\">qa</emphasis> group."
15402
#: serverguide/C/network-auth.xml:1920(para)
15452
#: serverguide/C/network-auth.xml:1941(para)
15404
15454
"The <application>ldapmodifyuser</application> script allows you to add, "
15405
15455
"remove, or replace a user's attributes. The script uses the same syntax as "
15406
15456
"the <application>ldapmodify</application> utility. For example:"
15409
#: serverguide/C/network-auth.xml:1926(command)
15459
#: serverguide/C/network-auth.xml:1947(command)
15410
15460
msgid "sudo ldapmodifyuser george"
15413
#: serverguide/C/network-auth.xml:1927(computeroutput)
15463
#: serverguide/C/network-auth.xml:1948(computeroutput)
15416
15466
"# About to modify the following entry :\n"
15499
15549
"title: Employee\n"
15502
#: serverguide/C/network-auth.xml:1995(para)
15552
#: serverguide/C/network-auth.xml:2016(para)
15504
15554
"Notice the <emphasis><ask></emphasis> option used for the "
15505
15555
"<emphasis>sn</emphasis> attribute. This will make "
15506
"<application>ldapadduser</application> prompt you for it's value."
15556
"<application>ldapadduser</application> prompt you for its value."
15509
#: serverguide/C/network-auth.xml:2003(para)
15559
#: serverguide/C/network-auth.xml:2024(para)
15511
15561
"There are utilities in the package that were not covered here. Here is a "
15512
15562
"complete list:"
15515
#: serverguide/C/network-auth.xml:2008(ulink)
15565
#: serverguide/C/network-auth.xml:2029(ulink)
15516
15566
msgid "ldaprenamemachine"
15519
#: serverguide/C/network-auth.xml:2009(ulink)
15569
#: serverguide/C/network-auth.xml:2030(ulink)
15520
15570
msgid "ldapadduser"
15523
#: serverguide/C/network-auth.xml:2010(ulink)
15573
#: serverguide/C/network-auth.xml:2031(ulink)
15524
15574
msgid "ldapdeleteuserfromgroup"
15527
#: serverguide/C/network-auth.xml:2011(ulink)
15577
#: serverguide/C/network-auth.xml:2032(ulink)
15528
15578
msgid "ldapfinger"
15531
#: serverguide/C/network-auth.xml:2012(ulink)
15581
#: serverguide/C/network-auth.xml:2033(ulink)
15532
15582
msgid "ldapid"
15535
#: serverguide/C/network-auth.xml:2013(ulink)
15585
#: serverguide/C/network-auth.xml:2034(ulink)
15536
15586
msgid "ldapgid"
15539
#: serverguide/C/network-auth.xml:2014(ulink)
15589
#: serverguide/C/network-auth.xml:2035(ulink)
15540
15590
msgid "ldapmodifyuser"
15543
#: serverguide/C/network-auth.xml:2015(ulink)
15593
#: serverguide/C/network-auth.xml:2036(ulink)
15544
15594
msgid "ldaprenameuser"
15547
#: serverguide/C/network-auth.xml:2016(ulink)
15597
#: serverguide/C/network-auth.xml:2037(ulink)
15548
15598
msgid "lsldap"
15551
#: serverguide/C/network-auth.xml:2017(ulink)
15601
#: serverguide/C/network-auth.xml:2038(ulink)
15552
15602
msgid "ldapaddusertogroup"
15555
#: serverguide/C/network-auth.xml:2018(ulink)
15605
#: serverguide/C/network-auth.xml:2039(ulink)
15556
15606
msgid "ldapsetpasswd"
15559
#: serverguide/C/network-auth.xml:2019(ulink)
15609
#: serverguide/C/network-auth.xml:2040(ulink)
15560
15610
msgid "ldapinit"
15563
#: serverguide/C/network-auth.xml:2020(ulink)
15613
#: serverguide/C/network-auth.xml:2041(ulink)
15564
15614
msgid "ldapaddgroup"
15567
#: serverguide/C/network-auth.xml:2021(ulink)
15617
#: serverguide/C/network-auth.xml:2042(ulink)
15568
15618
msgid "ldapdeletegroup"
15571
#: serverguide/C/network-auth.xml:2022(ulink)
15621
#: serverguide/C/network-auth.xml:2043(ulink)
15572
15622
msgid "ldapmodifygroup"
15575
#: serverguide/C/network-auth.xml:2023(ulink)
15625
#: serverguide/C/network-auth.xml:2044(ulink)
15576
15626
msgid "ldapdeletemachine"
15579
#: serverguide/C/network-auth.xml:2024(ulink)
15629
#: serverguide/C/network-auth.xml:2045(ulink)
15580
15630
msgid "ldaprenamegroup"
15583
#: serverguide/C/network-auth.xml:2025(ulink)
15633
#: serverguide/C/network-auth.xml:2046(ulink)
15584
15634
msgid "ldapaddmachine"
15587
#: serverguide/C/network-auth.xml:2026(ulink)
15637
#: serverguide/C/network-auth.xml:2047(ulink)
15588
15638
msgid "ldapmodifymachine"
15591
#: serverguide/C/network-auth.xml:2027(ulink)
15641
#: serverguide/C/network-auth.xml:2048(ulink)
15592
15642
msgid "ldapsetprimarygroup"
15595
#: serverguide/C/network-auth.xml:2028(ulink)
15645
#: serverguide/C/network-auth.xml:2049(ulink)
15596
15646
msgid "ldapdeleteuser"
15599
#: serverguide/C/network-auth.xml:2034(title)
15649
#: serverguide/C/network-auth.xml:2055(title)
15600
15650
msgid "Backup and Restore"
15603
#: serverguide/C/network-auth.xml:2036(para)
15653
#: serverguide/C/network-auth.xml:2057(para)
15605
15655
"Now we have ldap running just the way we want, it is time to ensure we can "
15606
15656
"save all of our work and restore it as needed."
15609
#: serverguide/C/network-auth.xml:2041(para)
15659
#: serverguide/C/network-auth.xml:2062(para)
15611
15661
"What we need is a way to backup the ldap database(s), specifically the "
15612
15662
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15657
15707
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15660
#: serverguide/C/network-auth.xml:2088(para)
15710
#: serverguide/C/network-auth.xml:2109(para)
15661
15711
msgid "Now the files are created, they should be copied to a backup server."
15664
#: serverguide/C/network-auth.xml:2093(para)
15714
#: serverguide/C/network-auth.xml:2114(para)
15666
15716
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15667
15717
"something like this:"
15670
#: serverguide/C/network-auth.xml:2099(command)
15720
#: serverguide/C/network-auth.xml:2120(command)
15671
15721
msgid "sudo service slapd stop"
15674
#: serverguide/C/network-auth.xml:2100(command)
15724
#: serverguide/C/network-auth.xml:2121(command)
15675
15725
msgid "sudo mkdir /var/lib/ldap/accesslog"
15678
#: serverguide/C/network-auth.xml:2101(command)
15728
#: serverguide/C/network-auth.xml:2122(command)
15679
15729
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15682
#: serverguide/C/network-auth.xml:2102(command)
15732
#: serverguide/C/network-auth.xml:2123(command)
15684
15734
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15687
#: serverguide/C/network-auth.xml:2103(command)
15737
#: serverguide/C/network-auth.xml:2124(command)
15688
15738
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15691
#: serverguide/C/network-auth.xml:2104(command)
15741
#: serverguide/C/network-auth.xml:2125(command)
15692
15742
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15695
#: serverguide/C/network-auth.xml:2105(command)
15745
#: serverguide/C/network-auth.xml:2126(command)
15696
15746
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15699
#: serverguide/C/network-auth.xml:2106(command)
15749
#: serverguide/C/network-auth.xml:2127(command)
15700
15750
msgid "sudo service slapd start"
15703
#: serverguide/C/network-auth.xml:2117(para)
15753
#: serverguide/C/network-auth.xml:2138(para)
15705
15755
"The primary resource is the upstream documentation: <ulink "
15706
15756
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15709
#: serverguide/C/network-auth.xml:2123(para)
15759
#: serverguide/C/network-auth.xml:2144(para)
15711
15761
"There are many man pages that come with the slapd package. Here are some "
15712
15762
"important ones, especially considering the material presented in this guide:"
15715
#: serverguide/C/network-auth.xml:2129(ulink)
15765
#: serverguide/C/network-auth.xml:2150(ulink)
15716
15766
msgid "slapd"
15719
#: serverguide/C/network-auth.xml:2130(ulink)
15769
#: serverguide/C/network-auth.xml:2151(ulink)
15720
15770
msgid "slapd-config"
15723
#: serverguide/C/network-auth.xml:2131(ulink)
15773
#: serverguide/C/network-auth.xml:2152(ulink)
15724
15774
msgid "slapd.access"
15727
#: serverguide/C/network-auth.xml:2132(ulink)
15777
#: serverguide/C/network-auth.xml:2153(ulink)
15728
15778
msgid "slapo-syncprov"
15731
#: serverguide/C/network-auth.xml:2138(para)
15781
#: serverguide/C/network-auth.xml:2159(para)
15732
15782
msgid "Other man pages:"
15735
#: serverguide/C/network-auth.xml:2143(ulink)
15785
#: serverguide/C/network-auth.xml:2164(ulink)
15736
15786
msgid "auth-client-config"
15739
#: serverguide/C/network-auth.xml:2144(ulink)
15789
#: serverguide/C/network-auth.xml:2165(ulink)
15740
15790
msgid "pam-auth-update"
15743
#: serverguide/C/network-auth.xml:2150(para)
15793
#: serverguide/C/network-auth.xml:2171(para)
15745
15795
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15746
15796
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15749
#: serverguide/C/network-auth.xml:2156(para)
15799
#: serverguide/C/network-auth.xml:2177(para)
15751
15801
"A Ubuntu community <ulink "
15752
15802
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15753
15803
"wiki</ulink> page has a collection of notes"
15756
#: serverguide/C/network-auth.xml:2162(para)
15806
#: serverguide/C/network-auth.xml:2183(para)
15758
15808
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15759
15809
"Administration</ulink> (textbook; 2003)"
15762
#: serverguide/C/network-auth.xml:2168(para)
15812
#: serverguide/C/network-auth.xml:2189(para)
15764
15814
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15765
15815
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15768
#: serverguide/C/network-auth.xml:2179(title)
15818
#: serverguide/C/network-auth.xml:2200(title)
15769
15819
msgid "Samba and LDAP"
15772
#: serverguide/C/network-auth.xml:2181(para)
15822
#: serverguide/C/network-auth.xml:2202(para)
15774
15824
"This section covers the integration of Samba with LDAP. The Samba server's "
15775
15825
"role will be that of a \"standalone\" server and the LDAP directory will "
15776
15826
"provide the authentication layer in addition to containing the user, group, "
15777
15827
"and machine account information that Samba requires in order to function (in "
15778
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
15828
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
15779
15829
"configured with a directory that can accept authentication requests. See "
15780
15830
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
15781
15831
"requirement. Once this section is completed, you will need to decide what "
15782
15832
"specifically you want Samba to do for you and then configure it accordingly."
15785
#: serverguide/C/network-auth.xml:2190(title)
15835
#: serverguide/C/network-auth.xml:2211(title)
15786
15836
msgid "Software Installation"
15789
#: serverguide/C/network-auth.xml:2192(para)
15839
#: serverguide/C/network-auth.xml:2213(para)
15791
15841
"There are three packages needed when integrating Samba with LDAP: "
15792
15842
"<application>samba</application>, <application>samba-doc</application>, and "
15793
15843
"<application>smbldap-tools</application> packages."
15796
#: serverguide/C/network-auth.xml:2197(para)
15846
#: serverguide/C/network-auth.xml:2223(para)
15798
15848
"Strictly speaking, the <application>smbldap-tools</application> package "
15799
15849
"isn't needed, but unless you have some other way to manage the various Samba "
16245
16295
"<application>smbldap-useradd</application>."
16248
#: serverguide/C/network-auth.xml:2624(para)
16298
#: serverguide/C/network-auth.xml:2653(para)
16250
16300
"There are utilities in the <application>smbldap-tools</application> package "
16251
16301
"that were not covered here. Here is a complete list:"
16254
#: serverguide/C/network-auth.xml:2629(ulink)
16304
#: serverguide/C/network-auth.xml:2658(ulink)
16255
16305
msgid "smbldap-groupadd"
16258
#: serverguide/C/network-auth.xml:2630(ulink)
16308
#: serverguide/C/network-auth.xml:2659(ulink)
16259
16309
msgid "smbldap-groupdel"
16262
#: serverguide/C/network-auth.xml:2631(ulink)
16312
#: serverguide/C/network-auth.xml:2660(ulink)
16263
16313
msgid "smbldap-groupmod"
16266
#: serverguide/C/network-auth.xml:2632(ulink)
16316
#: serverguide/C/network-auth.xml:2661(ulink)
16267
16317
msgid "smbldap-groupshow"
16270
#: serverguide/C/network-auth.xml:2633(ulink)
16320
#: serverguide/C/network-auth.xml:2662(ulink)
16271
16321
msgid "smbldap-passwd"
16274
#: serverguide/C/network-auth.xml:2634(ulink)
16324
#: serverguide/C/network-auth.xml:2663(ulink)
16275
16325
msgid "smbldap-populate"
16278
#: serverguide/C/network-auth.xml:2635(ulink)
16328
#: serverguide/C/network-auth.xml:2664(ulink)
16279
16329
msgid "smbldap-useradd"
16282
#: serverguide/C/network-auth.xml:2636(ulink)
16332
#: serverguide/C/network-auth.xml:2665(ulink)
16283
16333
msgid "smbldap-userdel"
16286
#: serverguide/C/network-auth.xml:2637(ulink)
16336
#: serverguide/C/network-auth.xml:2666(ulink)
16287
16337
msgid "smbldap-userinfo"
16290
#: serverguide/C/network-auth.xml:2638(ulink)
16340
#: serverguide/C/network-auth.xml:2667(ulink)
16291
16341
msgid "smbldap-userlist"
16294
#: serverguide/C/network-auth.xml:2639(ulink)
16344
#: serverguide/C/network-auth.xml:2668(ulink)
16295
16345
msgid "smbldap-usermod"
16298
#: serverguide/C/network-auth.xml:2640(ulink)
16348
#: serverguide/C/network-auth.xml:2669(ulink)
16299
16349
msgid "smbldap-usershow"
16302
#: serverguide/C/network-auth.xml:2651(para)
16352
#: serverguide/C/network-auth.xml:2677(para)
16304
16354
"For more information on installing and configuring Samba see <xref "
16305
16355
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16308
#: serverguide/C/network-auth.xml:2657(para)
16358
#: serverguide/C/network-auth.xml:2686(para)
16310
16360
"There are multiple places where LDAP and Samba is documented in the upstream "
16311
16361
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16312
16362
"HOWTO Collection</ulink>."
16315
#: serverguide/C/network-auth.xml:2664(para)
16365
#: serverguide/C/network-auth.xml:2693(para)
16317
16367
"Regarding the above, see specifically the <ulink "
16318
16368
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16319
16369
"Collection/passdb.html\">passdb section</ulink>."
16322
#: serverguide/C/network-auth.xml:2670(para)
16372
#: serverguide/C/network-auth.xml:2699(para)
16324
16374
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16325
16375
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16326
16376
"valuable notes."
16329
#: serverguide/C/network-auth.xml:2676(para)
16379
#: serverguide/C/network-auth.xml:2705(para)
16331
16381
"The main page of the <ulink "
16332
16382
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16730
16780
"of those networks."
16733
#: serverguide/C/network-auth.xml:3035(para)
16783
#: serverguide/C/network-auth.xml:3064(para)
16735
16785
"First, install the packages, and when asked for the Kerberos and Admin "
16736
16786
"server names enter the name of the Primary KDC:"
16739
#: serverguide/C/network-auth.xml:3046(para)
16789
#: serverguide/C/network-auth.xml:3075(para)
16741
16791
"Once you have the packages installed, create the Secondary KDC's host "
16742
16792
"principal. From a terminal prompt, enter:"
16745
#: serverguide/C/network-auth.xml:3051(command)
16795
#: serverguide/C/network-auth.xml:3080(command)
16746
16796
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16749
#: serverguide/C/network-auth.xml:3055(para)
16799
#: serverguide/C/network-auth.xml:3084(para)
16751
16801
"After, issuing any <application>kadmin</application> commands you will be "
16752
16802
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16756
#: serverguide/C/network-auth.xml:3064(para)
16806
#: serverguide/C/network-auth.xml:3093(para)
16757
16807
msgid "Extract the <emphasis>keytab</emphasis> file:"
16760
#: serverguide/C/network-auth.xml:3069(command)
16810
#: serverguide/C/network-auth.xml:3098(command)
16761
16811
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16764
#: serverguide/C/network-auth.xml:3075(para)
16814
#: serverguide/C/network-auth.xml:3104(para)
16766
16816
"There should now be a <filename>keytab.kdc02</filename> in the current "
16767
16817
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16770
#: serverguide/C/network-auth.xml:3081(command)
16820
#: serverguide/C/network-auth.xml:3110(command)
16771
16821
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16774
#: serverguide/C/network-auth.xml:3085(para)
16824
#: serverguide/C/network-auth.xml:3114(para)
16776
16826
"If the path to the <filename>keytab.kdc02</filename> file is different "
16777
16827
"adjust accordingly."
16780
#: serverguide/C/network-auth.xml:3090(para)
16830
#: serverguide/C/network-auth.xml:3119(para)
16782
16832
"Also, you can list the principals in a Keytab file, which can be useful when "
16783
16833
"troubleshooting, using the <application>klist</application> utility:"
16786
#: serverguide/C/network-auth.xml:3096(command)
16836
#: serverguide/C/network-auth.xml:3125(command)
16787
16837
msgid "sudo klist -k /etc/krb5.keytab"
16790
#: serverguide/C/network-auth.xml:3099(para)
16840
#: serverguide/C/network-auth.xml:3128(para)
16792
16842
"The <application>-k</application> option indicates the file is a keytab file."
16795
#: serverguide/C/network-auth.xml:3106(para)
16845
#: serverguide/C/network-auth.xml:3135(para)
16797
16847
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16798
16848
"that lists all KDCs for the Realm. For example, on both primary and "
16799
16849
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16802
#: serverguide/C/network-auth.xml:3111(programlisting)
16852
#: serverguide/C/network-auth.xml:3140(programlisting)
17647
17697
"l\">kdb5_ldap_util man page</ulink>."
17650
#: serverguide/C/network-auth.xml:3933(para)
17700
#: serverguide/C/network-auth.xml:3959(para)
17652
17702
"Another useful link is the <ulink "
17653
17703
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17654
17704
"rb5.conf man page</ulink>."
17657
#: serverguide/C/network-auth.xml:3938(para)
17707
#: serverguide/C/network-auth.xml:3967(para)
17659
17709
"Also, see the <ulink "
17660
17710
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17661
17711
"and LDAP</ulink> Ubuntu wiki page."
17714
#: serverguide/C/network-auth.xml:3973(title)
17715
msgid "SSSD and Active Directory"
17718
#: serverguide/C/network-auth.xml:3974(para)
17720
"This section describes the use of sssd to authenticate user logins against "
17721
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17722
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
17723
"However, when authenticating against a Microsoft Windows AD Domain "
17724
"Controller, it was generally necessary to install the POSIX AD extensions on "
17725
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
17726
"requires no modifications to the AD structure."
17729
#: serverguide/C/network-auth.xml:3978(title)
17730
msgid "Prerequisites, Assumptions, and Requirements"
17733
#: serverguide/C/network-auth.xml:3981(para)
17735
"This guide does not explain Active Directory, how it works, how to set one "
17736
"up, or how to maintain it. It may not provide “best practices” for your "
17740
#: serverguide/C/network-auth.xml:3983(para)
17742
"This guide assumes that a working Active Directory domain is already "
17746
#: serverguide/C/network-auth.xml:3985(para)
17748
"The domain controller is acting as an authoritative DNS server for the "
17752
#: serverguide/C/network-auth.xml:3987(para)
17754
"The domain controller is the primary DNS resolver as specified in "
17755
"<filename>/etc/resolv.conf</filename>."
17758
#: serverguide/C/network-auth.xml:3990(para)
17760
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17761
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17762
"(see Resources section for external links)."
17765
#: serverguide/C/network-auth.xml:3992(para)
17767
"System time is synchronized on the domain controller (necessary for "
17771
#: serverguide/C/network-auth.xml:3994(para)
17773
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17777
#: serverguide/C/network-auth.xml:3999(para)
17779
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17780
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17781
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
17782
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
17783
"controllers are needed for this step."
17786
#: serverguide/C/network-auth.xml:4000(para)
17787
msgid "Install these packages now."
17790
#: serverguide/C/network-auth.xml:4002(command)
17791
msgid "sudo apt-get install krb5-user samba sssd ntp"
17794
#: serverguide/C/network-auth.xml:4003(para)
17796
"See the next section for the answers to the questions asked by the "
17797
"<emphasis>krb5-user</emphasis> postinstall script."
17800
#: serverguide/C/network-auth.xml:4006(title)
17801
msgid "Kerberos Configuration"
17804
#: serverguide/C/network-auth.xml:4007(para)
17806
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17807
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17808
"server (also the domain controller in this example.) This will write the "
17809
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
17810
"These sections may not be necessary if domain autodiscovery is working. If "
17811
"not, then both are needed."
17814
#: serverguide/C/network-auth.xml:4008(para)
17816
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17817
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17820
#: serverguide/C/network-auth.xml:4011(para)
17822
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17823
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17827
#: serverguide/C/network-auth.xml:4012(programlisting)
17833
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
17834
"ticket_lifetime = 24h #\n"
17835
"renew_lifetime = 7d\n"
17839
#: serverguide/C/network-auth.xml:4020(para)
17841
"If default_realm is not specified, it may be necessary to log in with "
17842
"“username@domain” instead of “username”."
17845
#: serverguide/C/network-auth.xml:4022(para)
17847
"The system time on the Active Directory member needs to be consistent with "
17848
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17849
"the domain controller server itself will provide the NTP service. Edit "
17850
"<filename>/etc/ntp.conf</filename>:"
17853
#: serverguide/C/network-auth.xml:4024(programlisting)
17857
"server dc.myubuntu.example.com\n"
17860
#: serverguide/C/network-auth.xml:4031(para)
17862
"Samba will be used to perform netbios/nmbd services related to Active "
17863
"Directory authentication, even if no file shares are exported. Edit the file "
17864
"/etc/samba/smb.conf and add the following to the "
17865
"<emphasis>[global]</emphasis> section:"
17868
#: serverguide/C/network-auth.xml:4033(programlisting)
17874
"workgroup = MYUBUNTU\n"
17875
"client signing = yes\n"
17876
"client use spnego = yes\n"
17877
"kerberos method = secrets and keytab\n"
17878
"realm = MYUBUNTU.EXAMPLE.COM\n"
17882
#: serverguide/C/network-auth.xml:4044(para)
17884
"Some guides specify that \"password server\" should be specified and pointed "
17885
"to the domain controller. This is only necessary if DNS is not properly set "
17886
"up to find the DC. By default, Samba will display a warning if \"password "
17887
"server\" is specified with \"security = ads\"."
17890
#: serverguide/C/network-auth.xml:4049(title)
17891
msgid "SSSD Configuration"
17894
#: serverguide/C/network-auth.xml:4051(para)
17896
"There is no default/example config file for "
17897
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17898
"necessary to create one. This is a minimal working config file:"
17901
#: serverguide/C/network-auth.xml:4053(programlisting)
17906
"services = nss, pam\n"
17907
"config_file_version = 2\n"
17908
"domains = MYUBUNTU.EXAMPLE.COM\n"
17910
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
17911
"id_provider = ad\n"
17912
"access_provider = ad\n"
17914
"# Use this if users are being logged in at /.\n"
17915
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
17916
"pam_mkhomedir.so\n"
17917
"override_homedir = /home/%d/%u\n"
17919
"# Uncomment if the client machine hostname doesn't match the computer object "
17921
"# ad_hostname = mymachine.myubuntu.example.com\n"
17923
"# Uncomment if DNS SRV resolution is not working\n"
17924
"# ad_server = dc.mydomain.example.com\n"
17926
"# Uncomment if the AD domain is named differently than the Samba domain\n"
17927
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
17929
"# Enumeration is discouraged for performance reasons.\n"
17930
"# enumerate = true\n"
17933
#: serverguide/C/network-auth.xml:4080(para)
17935
"After saving this file, set the ownership to root and the file permissions "
17939
#: serverguide/C/network-auth.xml:4081(command)
17940
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17943
#: serverguide/C/network-auth.xml:4082(command)
17944
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17947
#: serverguide/C/network-auth.xml:4084(para)
17949
"If the ownership or permissions are not correct, sssd will refuse to start."
17952
#: serverguide/C/network-auth.xml:4088(title)
17953
msgid "Verify nsswitch.conf Configuration"
17956
#: serverguide/C/network-auth.xml:4089(para)
17958
"The post-install script for the sssd package makes some modifications to "
17959
"/etc/nsswitch.conf automatically. It should look something like this:"
17962
#: serverguide/C/network-auth.xml:4091(programlisting)
17966
"passwd: compat sss\n"
17967
"group: compat sss\n"
17969
"netgroup: nis sss\n"
17970
"sudoers: files sss\n"
17973
#: serverguide/C/network-auth.xml:4101(title)
17974
msgid "Modify /etc/hosts"
17977
#: serverguide/C/network-auth.xml:4102(para)
17979
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17983
#: serverguide/C/network-auth.xml:4103(programlisting)
17985
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
17988
#: serverguide/C/network-auth.xml:4105(para)
17989
msgid "This is useful in conjunction with dynamic DNS updates."
17992
#: serverguide/C/network-auth.xml:4109(title)
17993
msgid "Join the Active Directory"
17996
#: serverguide/C/network-auth.xml:4110(para)
17997
msgid "Now, restart ntp and samba and start sssd."
18000
#: serverguide/C/virtualization.xml:2208(command)
18001
msgid "sudo service ntp restart"
18004
#: serverguide/C/network-auth.xml:4114(command)
18005
msgid "sudo start sssd"
18008
#: serverguide/C/network-auth.xml:4116(para)
18009
msgid "Test the configuration by obtaining a Kerberos ticket:"
18012
#: serverguide/C/network-auth.xml:4118(command)
18013
msgid "sudo kinit Administrator"
18016
#: serverguide/C/network-auth.xml:4120(para)
18017
msgid "Verify the ticket with:"
18020
#: serverguide/C/network-auth.xml:4121(command)
18024
#: serverguide/C/network-auth.xml:4123(para)
18026
"If there is a ticket with an expiration date listed, then it is time to join "
18030
#: serverguide/C/network-auth.xml:4125(command)
18031
msgid "sudo net ads join -k"
18034
#: serverguide/C/network-auth.xml:4127(para)
18036
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18037
"probably means that there is no (correct) alias in "
18038
"<filename>/etc/hosts</filename>, and the system could not provide its own "
18039
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
18040
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
18041
"\"Modify /etc/hosts\" above."
18044
#: serverguide/C/network-auth.xml:4129(para)
18046
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18047
"something is incorrect. Review the prior steps before proceeding)."
18050
#: serverguide/C/network-auth.xml:4131(para)
18052
"Here are a couple of (optional) checks to verify that the domain join was "
18053
"successful. Note that if the domain was successfully joined but one or both "
18054
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
18055
"Some of the changes appear to be asynchronous."
18058
#: serverguide/C/network-auth.xml:4133(para)
18059
msgid "Verification option #1:"
18062
#: serverguide/C/network-auth.xml:4134(para)
18064
"Check the default Organizational Unit for computer accounts in the Active "
18065
"Directory to verify that the computer account was created. (Organizational "
18066
"Units in Active Directory is a topic outside the scope of this guide)."
18069
#: serverguide/C/network-auth.xml:4136(para)
18070
msgid "Verification option #2"
18073
#: serverguide/C/network-auth.xml:4137(para)
18074
msgid "Execute this command for a specific AD user (e.g. administrator)"
18077
#: serverguide/C/network-auth.xml:4138(command)
18078
msgid "getent passwd username"
18081
#: serverguide/C/network-auth.xml:4140(para)
18083
"If <emphasis>enumerate = true</emphasis> is set in "
18084
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18085
"username argument will list all domain users. This may be useful for "
18086
"testing, but is slow and not recommended for production."
18089
#: serverguide/C/network-auth.xml:4144(title)
18090
msgid "Test Authentication"
18093
#: serverguide/C/network-auth.xml:4145(para)
18095
"It should now be possible to authenticate using an Active Directory User's "
18099
#: serverguide/C/network-auth.xml:4147(command)
18100
msgid "su - username"
18103
#: serverguide/C/network-auth.xml:4149(para)
18105
"If this works, then other login methods (getty, ssh) should also work."
18108
#: serverguide/C/network-auth.xml:4151(para)
18110
"If the computer account was created, indicating that the system was "
18111
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18112
"helpful to review <filename>/etc/pam.d</filename> and "
18113
"<filename>nssswitch.conf</filename> as well as the file changes described "
18114
"earlier in this guide."
18117
#: serverguide/C/network-auth.xml:4155(title)
18118
msgid "Home directories with pam_mkhomedir (optional)"
18121
#: serverguide/C/network-auth.xml:4156(para)
18123
"When logging in using an Active Directory user account, it is likely that "
18124
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18125
"will create the user’s home directory on login. Edit "
18126
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
18127
"after <emphasis>session required pam_unix.so:</emphasis>"
18130
#: serverguide/C/network-auth.xml:4157(programlisting)
18134
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18137
#: serverguide/C/network-auth.xml:4161(para)
18139
"This may also need <emphasis>override_homedir</emphasis> in "
18140
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18144
#: serverguide/C/network-auth.xml:4165(title)
18145
msgid "Desktop Ubuntu Authentication"
18148
#: serverguide/C/network-auth.xml:4166(para)
18150
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18151
"Directory accounts. The AD accounts will not show up in the pick list with "
18152
"local users, so lightdm will need to be modified. Edit the file "
18153
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
18154
"append the following two lines:"
18157
#: serverguide/C/network-auth.xml:4168(programlisting)
18161
"greeter-show-manual-login=true\n"
18162
"greeter-hide-users=true\n"
18165
#: serverguide/C/network-auth.xml:4173(para)
18167
"Reboot to restart lightdm. It should now be possible to log in using a "
18168
"domain account using either <emphasis>username</emphasis> or "
18169
"<emphasis>username/username@domain</emphasis> format."
18172
#: serverguide/C/network-auth.xml:4179(ulink)
18173
msgid "SSSD Project"
18176
#: serverguide/C/network-auth.xml:4180(ulink)
18177
msgid "DNS Server Configuration guidelines"
18180
#: serverguide/C/network-auth.xml:4181(ulink)
18181
msgid "Active Directory DNS Zone Entries"
18184
#: serverguide/C/network-auth.xml:4182(ulink)
18185
msgid "Kerberos config options"
17664
18188
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
17665
18189
msgid "Device Attributes"
20593
#: serverguide/C/mail.xml:1378(para)
21117
#: serverguide/C/mail.xml:1319(para)
20595
21119
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20596
21120
"configuring Postfix."
20599
#: serverguide/C/mail.xml:1381(para)
21123
#: serverguide/C/mail.xml:1322(para)
20601
21125
"To install the rest of the applications enter the following from a terminal "
20605
#: serverguide/C/mail.xml:1385(command)
21129
#: serverguide/C/mail.xml:1326(command)
20606
21130
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20609
#: serverguide/C/mail.xml:1386(command)
21133
#: serverguide/C/mail.xml:1327(command)
20610
21134
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
20613
#: serverguide/C/mail.xml:1388(para)
21137
#: serverguide/C/mail.xml:1329(para)
20615
21139
"There are some optional packages that integrate with "
20616
21140
"<application>Spamassassin</application> for better spam detection:"
20619
#: serverguide/C/mail.xml:1392(command)
21143
#: serverguide/C/mail.xml:1333(command)
20620
21144
msgid "sudo apt-get install pyzor razor"
20623
#: serverguide/C/mail.xml:1394(para)
21147
#: serverguide/C/mail.xml:1335(para)
20625
21149
"Along with the main filtering applications compression utilities are needed "
20626
21150
"to process some email attachments:"
20629
#: serverguide/C/mail.xml:1398(command)
21153
#: serverguide/C/mail.xml:1339(command)
20631
21155
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20634
#: serverguide/C/mail.xml:1401(para)
21158
#: serverguide/C/mail.xml:1342(para)
20636
21160
"If some packages are not found, check that the "
20637
21161
"<emphasis>multiverse</emphasis> repository is enabled in "
20638
21162
"<filename>/etc/apt/sources.list</filename>"
20641
#: serverguide/C/mail.xml:1402(para)
21165
#: serverguide/C/mail.xml:1343(para)
20643
21167
"If you make changes to the file, be sure to run <command>sudo apt-get "
20644
21168
"update</command> before trying to install again."
20647
#: serverguide/C/mail.xml:1407(para)
21171
#: serverguide/C/mail.xml:1348(para)
20648
21172
msgid "Now configure everything to work together and filter email."
20651
#: serverguide/C/mail.xml:1411(title)
21175
#: serverguide/C/mail.xml:1352(title)
20652
21176
msgid "ClamAV"
20655
#: serverguide/C/mail.xml:1412(para)
21179
#: serverguide/C/mail.xml:1353(para)
20657
21181
"The default behaviour of <application>ClamAV</application> will fit our "
20658
21182
"needs. For more ClamAV configuration options, check the configuration files "
20659
21183
"in <filename>/etc/clamav</filename>."
20662
#: serverguide/C/mail.xml:1417(para)
21186
#: serverguide/C/mail.xml:1358(para)
20664
21188
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20665
21189
"group in order for <application>Amavisd-new</application> to have the "
20666
21190
"appropriate access to scan files:"
20669
#: serverguide/C/mail.xml:1422(command)
21193
#: serverguide/C/mail.xml:1363(command)
20670
21194
msgid "sudo adduser clamav amavis"
20673
#: serverguide/C/mail.xml:1423(command)
21197
#: serverguide/C/mail.xml:1364(command)
20674
21198
msgid "sudo adduser amavis clamav"
20677
#: serverguide/C/mail.xml:1427(title)
21201
#: serverguide/C/mail.xml:1368(title)
20678
21202
msgid "Spamassassin"
20681
#: serverguide/C/mail.xml:1428(para)
21205
#: serverguide/C/mail.xml:1369(para)
20683
21207
"Spamassassin automatically detects optional components and will use them if "
20684
21208
"they are present. This means that there is no need to configure "
20685
21209
"<application>pyzor</application> and <application>razor</application>."
20688
#: serverguide/C/mail.xml:1432(para)
21212
#: serverguide/C/mail.xml:1373(para)
20690
21214
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20691
21215
"<application>Spamassassin</application> daemon. Change "
20692
21216
"<emphasis>ENABLED=0</emphasis> to:"
20695
#: serverguide/C/mail.xml:1436(programlisting)
21219
#: serverguide/C/mail.xml:1377(programlisting)
20699
21223
"ENABLED=1\n"
20702
#: serverguide/C/mail.xml:1439(para)
21226
#: serverguide/C/mail.xml:1380(para)
20703
21227
msgid "Now start the daemon:"
22523
23054
"<emphasis>\"Done setting up partition\"</emphasis>."
22526
#: serverguide/C/installation.xml:518(para)
23057
#: serverguide/C/installation.xml:511(para)
22527
23058
msgid "Repeat steps three through eight for the other disk and partitions."
22530
#: serverguide/C/installation.xml:527(title)
23061
#: serverguide/C/installation.xml:520(title)
22531
23062
msgid "RAID Configuration"
23065
#: serverguide/C/installation.xml:522(para)
23066
msgid "With the partitions setup the arrays are ready to be configured:"
22534
23069
#: serverguide/C/installation.xml:529(para)
22535
msgid "With the partitions setup the arrays are ready to be configured:"
22538
#: serverguide/C/installation.xml:536(para)
22540
23071
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
22541
23072
"Software RAID\"</emphasis> at the top."
23075
#: serverguide/C/installation.xml:536(para)
23076
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
22544
23079
#: serverguide/C/installation.xml:543(para)
22545
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23080
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22548
23083
#: serverguide/C/installation.xml:550(para)
22549
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22552
#: serverguide/C/installation.xml:557(para)
22554
23085
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
22555
23086
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
22558
#: serverguide/C/installation.xml:563(para)
23089
#: serverguide/C/installation.xml:556(para)
22560
23091
"In order to use <emphasis>RAID5</emphasis> you need at least "
22561
23092
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
22562
23093
"<emphasis>two</emphasis> drives are required."
22565
#: serverguide/C/installation.xml:572(para)
23096
#: serverguide/C/installation.xml:565(para)
22567
23098
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
22568
23099
"of hard drives you have, for the array. Then select "
22569
23100
"<emphasis>\"Continue\"</emphasis>."
22572
#: serverguide/C/installation.xml:580(para)
23103
#: serverguide/C/installation.xml:573(para)
22574
23105
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
22575
23106
"default, then choose <emphasis>\"Continue\"</emphasis>."
22578
#: serverguide/C/installation.xml:587(para)
23109
#: serverguide/C/installation.xml:580(para)
22580
23111
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22581
23112
"etc. The numbers will usually match and the different letters correspond to "
22582
23113
"different hard drives."
22585
#: serverguide/C/installation.xml:592(para)
23116
#: serverguide/C/installation.xml:585(para)
22587
23118
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22588
23119
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22589
23120
"go to the next step."
22592
#: serverguide/C/installation.xml:600(para)
23123
#: serverguide/C/installation.xml:593(para)
22594
23125
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22595
23126
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22596
23127
"and <emphasis>sdb2</emphasis>."
22599
#: serverguide/C/installation.xml:608(para)
23130
#: serverguide/C/installation.xml:601(para)
22600
23131
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22603
#: serverguide/C/installation.xml:618(title)
23134
#: serverguide/C/installation.xml:611(title)
22604
23135
msgid "Formatting"
22607
#: serverguide/C/installation.xml:620(para)
23138
#: serverguide/C/installation.xml:613(para)
22609
23140
"There should now be a list of hard drives and RAID devices. The next step is "
22610
23141
"to format and set the mount point for the RAID devices. Treat the RAID "
22611
23142
"device as a local hard drive, format and mount accordingly."
22614
#: serverguide/C/installation.xml:628(para)
23145
#: serverguide/C/installation.xml:621(para)
22616
23147
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22617
23148
"#0\"</emphasis> partition."
22620
#: serverguide/C/installation.xml:635(para)
23151
#: serverguide/C/installation.xml:628(para)
22622
23153
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22623
23154
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22626
#: serverguide/C/installation.xml:643(para)
23157
#: serverguide/C/installation.xml:636(para)
22628
23159
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22629
23160
"#1\"</emphasis> partition."
22632
#: serverguide/C/installation.xml:650(para)
23163
#: serverguide/C/installation.xml:643(para)
22634
23165
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22635
23166
"journaling file system\"</emphasis>."
22638
#: serverguide/C/installation.xml:657(para)
23169
#: serverguide/C/installation.xml:650(para)
22640
23171
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22641
23172
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22703
23234
"behavior, and can also be manually edited:"
22706
#: serverguide/C/installation.xml:720(programlisting)
23237
#: serverguide/C/installation.xml:713(programlisting)
22710
23241
"BOOT_DEGRADED=true\n"
22713
#: serverguide/C/installation.xml:725(para)
23244
#: serverguide/C/installation.xml:718(para)
22714
23245
msgid "The configuration file can be overridden by using a Kernel argument."
22717
#: serverguide/C/installation.xml:733(para)
23248
#: serverguide/C/installation.xml:726(para)
22719
23250
"Using a Kernel argument will allow the system to boot to a degraded array as "
22723
#: serverguide/C/installation.xml:739(para)
23254
#: serverguide/C/installation.xml:732(para)
22725
23256
"When the server is booting press <keycap>Shift</keycap> to open the "
22726
23257
"<application>Grub</application> menu."
22729
#: serverguide/C/installation.xml:744(para)
23260
#: serverguide/C/installation.xml:737(para)
22730
23261
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22733
#: serverguide/C/installation.xml:749(para)
23264
#: serverguide/C/installation.xml:742(para)
22734
23265
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22737
#: serverguide/C/installation.xml:754(para)
23268
#: serverguide/C/installation.xml:747(para)
22739
23270
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22740
23271
"end of the line."
22743
#: serverguide/C/installation.xml:759(para)
23274
#: serverguide/C/installation.xml:752(para)
22745
23276
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22746
23277
"the system."
22749
#: serverguide/C/installation.xml:768(para)
23280
#: serverguide/C/installation.xml:761(para)
22751
23282
"Once the system has booted you can either repair the array see <xref "
22752
23283
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22753
23284
"another machine due to major hardware failure."
22756
#: serverguide/C/installation.xml:775(title)
23287
#: serverguide/C/installation.xml:768(title)
22757
23288
msgid "RAID Maintenance"
22760
#: serverguide/C/installation.xml:777(para)
23291
#: serverguide/C/installation.xml:770(para)
22762
23293
"The <application>mdadm</application> utility can be used to view the status "
22763
23294
"of an array, add disks to an array, remove disks, etc:"
22766
#: serverguide/C/installation.xml:784(para)
23297
#: serverguide/C/installation.xml:777(para)
22767
23298
msgid "To view the status of an array, from a terminal prompt enter:"
22770
#: serverguide/C/installation.xml:788(command)
23301
#: serverguide/C/installation.xml:781(command)
22771
23302
msgid "sudo mdadm -D /dev/md0"
22774
#: serverguide/C/installation.xml:791(para)
23305
#: serverguide/C/installation.xml:784(para)
22776
23307
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22777
23308
"display <emphasis>detailed</emphasis> information about the "
23969
24507
"your vendor documentation to configure your specific iSCSI target."
23972
#: serverguide/C/file-server.xml:470(title)
24510
#: serverguide/C/file-server.xml:471(title)
23973
24511
msgid "iSCSI Initiator Install"
23976
#: serverguide/C/file-server.xml:472(para)
24514
#: serverguide/C/file-server.xml:473(para)
23978
24516
"To configure Ubuntu Server as an iSCSI initiator install the "
23979
24517
"<application>open-iscsi</application> package. In a terminal enter:"
23982
#: serverguide/C/file-server.xml:477(command)
24520
#: serverguide/C/file-server.xml:478(command)
23983
24521
msgid "sudo apt-get install open-iscsi"
23986
#: serverguide/C/file-server.xml:482(title)
24524
#: serverguide/C/file-server.xml:483(title)
23987
24525
msgid "iSCSI Initiator Configuration"
23990
#: serverguide/C/file-server.xml:484(para)
24528
#: serverguide/C/file-server.xml:485(para)
23992
24530
"Once the <application>open-iscsi</application> package is installed, edit "
23993
24531
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
23996
#: serverguide/C/file-server.xml:488(programlisting)
24534
#: serverguide/C/file-server.xml:489(programlisting)
24000
24538
"node.startup = automatic\n"
24003
#: serverguide/C/file-server.xml:492(para)
24541
#: serverguide/C/file-server.xml:493(para)
24005
24543
"You can check which targets are available by using the "
24006
24544
"<application>iscsiadm</application> utility. Enter the following in a "
24010
#: serverguide/C/file-server.xml:497(command)
24548
#: serverguide/C/file-server.xml:498(command)
24011
24549
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24014
#: serverguide/C/file-server.xml:501(para)
24552
#: serverguide/C/file-server.xml:502(para)
24016
24554
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24019
#: serverguide/C/file-server.xml:502(para)
24557
#: serverguide/C/file-server.xml:503(para)
24020
24558
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24023
#: serverguide/C/file-server.xml:503(para)
24561
#: serverguide/C/file-server.xml:504(para)
24024
24562
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24027
#: serverguide/C/file-server.xml:507(para)
24565
#: serverguide/C/file-server.xml:508(para)
24029
24567
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24030
24568
"your network."
24033
#: serverguide/C/file-server.xml:512(para)
24571
#: serverguide/C/file-server.xml:513(para)
24035
24573
"If the target is available you should see output similar to the following:"
24038
#: serverguide/C/file-server.xml:517(computeroutput)
24576
#: serverguide/C/file-server.xml:518(computeroutput)
24042
24580
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24045
#: serverguide/C/file-server.xml:523(para)
24583
#: serverguide/C/file-server.xml:524(para)
24047
24585
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24048
24586
"on your hardware."
24051
#: serverguide/C/file-server.xml:528(para)
24589
#: serverguide/C/file-server.xml:529(para)
24053
24591
"You should now be able to connect to the iSCSI target, and depending on your "
24054
24592
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24057
#: serverguide/C/file-server.xml:534(command)
24595
#: serverguide/C/file-server.xml:535(command)
24058
24596
msgid "sudo iscsiadm -m node --login"
24061
#: serverguide/C/file-server.xml:537(para)
24599
#: serverguide/C/file-server.xml:538(para)
24063
24601
"Check to make sure that the new disk has been detected using "
24064
24602
"<application>dmesg</application>:"
24067
#: serverguide/C/file-server.xml:542(command)
24605
#: serverguide/C/file-server.xml:543(command)
24068
24606
msgid "dmesg | grep sd"
24071
#: serverguide/C/file-server.xml:543(computeroutput)
24609
#: serverguide/C/file-server.xml:544(computeroutput)
26644
27182
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
26647
#: serverguide/C/dm-multipath.xml:1325(screen)
27185
#: serverguide/C/dm-multipath.xml:1326(screen)
26649
27187
msgid "# echo 'show config' | multipathd -k"
26652
#: serverguide/C/dm-multipath.xml:1330(title)
27190
#: serverguide/C/dm-multipath.xml:1331(title)
26653
27191
msgid "DM-Multipath Administration and Troubleshooting"
26656
#: serverguide/C/dm-multipath.xml:1333(title)
27194
#: serverguide/C/dm-multipath.xml:1334(title)
26657
27195
msgid "Resizing an Online Multipath Device"
26660
#: serverguide/C/dm-multipath.xml:1335(para)
27198
#: serverguide/C/dm-multipath.xml:1336(para)
26662
27200
"If you need to resize an online multipath device, use the following procedure"
26665
#: serverguide/C/dm-multipath.xml:1340(para)
27203
#: serverguide/C/dm-multipath.xml:1341(para)
26666
27204
msgid "Resize your physical device. This is storage platform specific."
26669
#: serverguide/C/dm-multipath.xml:1345(para)
27207
#: serverguide/C/dm-multipath.xml:1346(para)
26670
27208
msgid "Use the following command to find the paths to the LUN:"
26673
#: serverguide/C/dm-multipath.xml:1347(screen)
27211
#: serverguide/C/dm-multipath.xml:1348(screen)
26675
27213
msgid "# multipath -l"
26678
#: serverguide/C/dm-multipath.xml:1351(para)
27216
#: serverguide/C/dm-multipath.xml:1352(para)
26680
27218
"Resize your paths. For SCSI devices, writing 1 to the "
26681
27219
"<filename>rescan</filename> file for the device causes the SCSI driver to "
26682
27220
"rescan, as in the following command:"
26685
#: serverguide/C/dm-multipath.xml:1355(screen)
27223
#: serverguide/C/dm-multipath.xml:1356(screen)
26687
27225
msgid "# echo 1 > /sys/block/device_name/device/rescan"
26690
#: serverguide/C/dm-multipath.xml:1359(para)
27228
#: serverguide/C/dm-multipath.xml:1360(para)
26692
27230
"Resize your multipath device by running the multipathd resize command:"
26695
#: serverguide/C/dm-multipath.xml:1362(screen)
27233
#: serverguide/C/dm-multipath.xml:1363(screen)
26697
27235
msgid "# multipathd -k 'resize map mpatha'"
26700
#: serverguide/C/dm-multipath.xml:1366(para)
27238
#: serverguide/C/dm-multipath.xml:1367(para)
26701
27239
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
26704
#: serverguide/C/dm-multipath.xml:1369(screen)
27242
#: serverguide/C/dm-multipath.xml:1370(screen)
26706
27244
msgid "# resize2fs /dev/mapper/mpatha"
26709
#: serverguide/C/dm-multipath.xml:1375(title)
27247
#: serverguide/C/dm-multipath.xml:1376(title)
26711
27249
"Moving root File Systems from a Single Path Device to a Multipath Device"
26714
#: serverguide/C/dm-multipath.xml:1378(para)
27252
#: serverguide/C/dm-multipath.xml:1379(para)
26716
27254
"This is dramatically simplified by the use of UUIDs to identify devices as "
26717
27255
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"