« back to all changes in this revision
Viewing changes to serverguide/po/zh_CN.po
- browse files at revision 246
- compare with another revision
- download diff
- download tarball
- view history from revision 246
- Committer: Peter Matulis
- Date: 2015-03-22 23:02:24 UTC
- Revision ID: peter.matulis@canonical.com-20150322230224-zu4rs9j8jjf4zzwj
Updated the PO files; by Peter Matulis
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/zh_CN.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2014-09-22 11:47-0700\n"
11
"PO-Revision-Date: 2014-03-20 22:00+0000\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Chinese (Simplified) <zh_CN@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2014-10-11 02:53+0000\n"
18
"X-Generator: Launchpad (build 17196)\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:35+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
95
95
"<application>Perl</application> 组合在一起。这一组合被称为 LAMP (Linux, Apache, MySQL and "
96
96
"Perl/Python/PHP) ,并形成一个强大健壮的开发基于 Web 应用程序的开发平台。"
97
97
98
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:703(title) serverguide/C/web-servers.xml:846(title) serverguide/C/web-servers.xml:969(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:813(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:87(title) serverguide/C/vcs.xml:211(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:119(title) serverguide/C/network-auth.xml:2771(title) serverguide/C/network-auth.xml:3243(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/lamp-applications.xml:512(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1221(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
98
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
99
99
msgid "Installation"
100
100
msgstr "安装"
101
101
113
113
msgid "sudo apt-get install apache2"
114
114
msgstr "sudo apt-get install apache2"
115
115
116
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:756(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:996(title) serverguide/C/web-servers.xml:1099(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:96(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2858(title) serverguide/C/network-auth.xml:3264(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/lamp-applications.xml:533(title) serverguide/C/installation.xml:1237(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
116
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
117
117
msgid "Configuration"
118
118
msgstr "配置"
119
119
157
157
"<application>apache2</application> is restarted."
158
158
msgstr ""
159
159
160
#: serverguide/C/web-servers.xml:108(para)
160
#: serverguide/C/web-servers.xml:93(para)
161
161
msgid ""
162
162
"<emphasis>envvars:</emphasis> file where Apache2 "
163
163
"<emphasis>environment</emphasis> variables are set."
164
164
msgstr ""
165
165
"<emphasis> 环境变量设置: </emphasis> 文件下的 Apache2 <emphasis> 环境 </emphasis> 变量设置。"
166
166
167
#: serverguide/C/web-servers.xml:113(para)
167
#: serverguide/C/web-servers.xml:106(para)
168
168
msgid ""
169
169
"<emphasis>mods-available:</emphasis> this directory contains configuration "
170
170
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
173
173
"<emphasis> mods-available: </emphasis> 该目录包含的配置文件都装载 <emphasis> 模块 "
174
174
"</emphasis> 和设置它们。不管怎样并非所有模块都会有具体的配置文件。"
175
175
176
#: serverguide/C/web-servers.xml:119(para)
176
#: serverguide/C/web-servers.xml:112(para)
177
177
msgid ""
178
178
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
179
179
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
185
185
"available</filename>。当一模块配置文件被设为符号连接后会在下一次<application>apache2</application>重"
186
186
"启时激活。"
187
187
188
#: serverguide/C/web-servers.xml:126(para)
188
#: serverguide/C/web-servers.xml:119(para)
189
189
msgid ""
190
190
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
191
191
"TCP ports Apache2 is listening on."
192
192
msgstr "<emphasis>ports.conf:</emphasis>房屋指示以确定 Apache2 正在监听哪些 TCP 端口。"
193
193
194
#: serverguide/C/web-servers.xml:131(para)
194
#: serverguide/C/web-servers.xml:124(para)
195
195
msgid ""
196
196
"<emphasis>sites-available:</emphasis> this directory has configuration files "
197
197
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
200
200
"<emphasis>sites-available:</emphasis> 这个目录下有 Apache2 <emphasis> 虚拟主机 "
201
201
"</emphasis> 的配置文件。虚拟主机使 Apache2 能够配置多个站点,这些站点有各自不同的配置。"
202
202
203
#: serverguide/C/web-servers.xml:138(para)
203
#: serverguide/C/web-servers.xml:130(para)
204
204
msgid ""
205
205
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
206
206
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
215
215
"the first few bytes of a file."
216
216
msgstr ""
217
217
218
#: serverguide/C/web-servers.xml:151(para)
218
#: serverguide/C/web-servers.xml:138(para)
219
219
msgid ""
220
220
"In addition, other configuration files may be added using the "
221
221
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
226
226
"除此之外,其他的配置文件可能会增加使用 <emphasis> 头文件 </emphasis> 指令, "
227
227
"并和通配符用于包括许多配置文件。任何说明可放置于这些任意配置文件中。"
228
228
229
#: serverguide/C/web-servers.xml:160(para)
229
#: serverguide/C/web-servers.xml:147(para)
230
230
msgid ""
231
231
"The server also reads a file containing mime document types; the filename is "
232
232
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
235
235
"by default."
236
236
msgstr ""
237
237
238
#: serverguide/C/web-servers.xml:168(title)
238
#: serverguide/C/web-servers.xml:155(title)
239
239
msgid "Basic Settings"
240
240
msgstr "基本设置"
241
241
250
250
msgid ""
251
251
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
252
252
"it is configured with a single default virtual host (using the "
253
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
254
"if you have a single site, or used as a template for additional virtual "
253
"<emphasis>VirtualHost</emphasis> directive) which can be modified or used as-"
254
"is if you have a single site, or used as a template for additional virtual "
255
255
"hosts if you have multiple sites. If left alone, the default virtual host "
256
256
"will serve as your default site, or the site users will see if the URL they "
257
257
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
259
259
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
260
260
msgstr ""
261
261
262
#: serverguide/C/web-servers.xml:190(para)
262
#: serverguide/C/web-servers.xml:177(para)
263
263
msgid ""
264
264
"The directives set for a virtual host only apply to that particular virtual "
265
265
"host. If a directive is set server-wide and not defined within the virtual "
270
270
"虚拟主机的语句设置仅应用于特定的虚拟主机。如果一个语句在服务器范围中设置而没有在虚拟主机设置中定义,那么将使用缺省设置。例如,您可以定义网络管理员的邮件地"
271
271
"址而无需为每个虚拟主机都分别定义邮件地址。"
272
272
273
#: serverguide/C/web-servers.xml:198(para)
273
#: serverguide/C/web-servers.xml:185(para)
274
274
msgid ""
275
275
"If you wish to configure a new virtual host or site, copy that file into the "
276
276
"same directory with a name you choose. For example:"
282
282
"available/mynewsite.conf"
283
283
msgstr ""
284
284
285
#: serverguide/C/web-servers.xml:207(para)
285
#: serverguide/C/web-servers.xml:194(para)
286
286
msgid ""
287
287
"Edit the new file to configure the new site using some of the directives "
288
288
"described below."
289
289
msgstr "编辑新文件配置新的站点就要使用下列的一些指示说明。"
290
290
291
#: serverguide/C/web-servers.xml:214(para)
291
#: serverguide/C/web-servers.xml:201(para)
292
292
msgid ""
293
293
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
294
294
"to be advertised for the server's administrator. The default value is "
302
302
"webmaster@localhost。应该改成您的邮件地址 (如果您是服务器管理员的话)。如果您的网站有问题,Apache2 "
303
303
"将显示包含该邮件地址的错误信息以便报告该问题。在 /etc/apache2/sites-available 目录中您网站的配置文件里可以找到该语句。"
304
304
305
#: serverguide/C/web-servers.xml:225(para)
305
#: serverguide/C/web-servers.xml:212(para)
306
306
msgid ""
307
307
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
308
308
"the IP address, Apache2 should listen on. If the IP address is not "
333
333
"available/mynewsite.conf</filename>)."
334
334
msgstr ""
335
335
336
#: serverguide/C/web-servers.xml:250(para)
336
#: serverguide/C/web-servers.xml:237(para)
337
337
msgid ""
338
338
"You may also want your site to respond to www.ubunturocks.com, since many "
339
339
"users will assume the www prefix is appropriate. Use the "
343
343
"可能还需要把您的站点来响应 www.ubunturocks.com ,因为许多用户会认定加上前缀 www "
344
344
"是适当的。使用<emphasis>服务器别名</emphasis>指令来做这事。 可能需要在服务别名指令中使用通配符。"
345
345
346
#: serverguide/C/web-servers.xml:257(para)
346
#: serverguide/C/web-servers.xml:244(para)
347
347
msgid ""
348
348
"For example, the following configuration will cause your site to respond to "
349
349
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
350
350
msgstr ""
351
351
"比如,下一步的配置会引导您站点来响应在 <emphasis> .ubunturocks.com </emphasis> 的任意请求结束域。"
352
352
353
#: serverguide/C/web-servers.xml:263(programlisting)
353
#: serverguide/C/web-servers.xml:250(programlisting)
354
354
#, no-wrap
355
355
msgid ""
356
356
"\n"
368
368
"virtual host file, and remember to create that directory if necessary!"
369
369
msgstr ""
370
370
371
#: serverguide/C/web-servers.xml:278(para)
371
#: serverguide/C/web-servers.xml:265(para)
372
372
msgid ""
373
373
"Enable the new <emphasis>VirtualHost</emphasis> using the "
374
374
"<application>a2ensite</application> utility and restart Apache2:"
375
375
msgstr ""
376
376
377
#: serverguide/C/web-servers.xml:284(command)
377
#: serverguide/C/web-servers.xml:271(command)
378
378
msgid "sudo a2ensite mynewsite"
379
379
msgstr "sudo a2ensite mynewsite"
380
380
381
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:222(command) serverguide/C/lamp-applications.xml:573(command)
381
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
382
382
msgid "sudo service apache2 restart"
383
383
msgstr "sudo service apache2 restart"
384
384
385
#: serverguide/C/web-servers.xml:289(para)
385
#: serverguide/C/web-servers.xml:276(para)
386
386
msgid ""
387
387
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
388
388
"name for the VirtualHost. One method is to name the file after the "
389
389
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
390
390
msgstr "确定为虚拟主机用广泛的名字来代替新站点。一种方法是以虚拟主机的 <emphasis> 服务器名 </emphasis> 指令来命名。"
391
391
392
#: serverguide/C/web-servers.xml:296(para)
392
#: serverguide/C/web-servers.xml:283(para)
393
393
msgid ""
394
394
"Similarly, use the <application>a2dissite</application> utility to disable "
395
395
"sites. This is can be useful when troubleshooting configuration problems "
398
398
"同样,使用 <application> a2dissite </application> "
399
399
"功能来关闭站点。使用多个虚拟主机来为故障排除配置问题是非常有用的。"
400
400
401
#: serverguide/C/web-servers.xml:302(command)
401
#: serverguide/C/web-servers.xml:289(command)
402
402
msgid "sudo a2dissite mynewsite"
403
403
msgstr "sudo a2dissite mynewsite"
404
404
405
#: serverguide/C/web-servers.xml:308(title)
405
#: serverguide/C/web-servers.xml:295(title)
406
406
msgid "Default Settings"
407
407
msgstr "缺省设置"
408
408
409
#: serverguide/C/web-servers.xml:310(para)
409
#: serverguide/C/web-servers.xml:297(para)
410
410
msgid ""
411
411
"This section explains configuration of the Apache2 server default settings. "
412
412
"For example, if you add a virtual host, the settings you configure for the "
417
417
"服务器缺省设置的配置。举个例子,如果您添加一个虚拟主机,您为该虚拟主机配置的设置将优先于缺省虚拟主机。如果在该虚拟主机的设置中有个语句没有定义,那么将使用"
418
418
"缺省值。"
419
419
420
#: serverguide/C/web-servers.xml:322(para)
420
#: serverguide/C/web-servers.xml:309(para)
421
421
msgid ""
422
422
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
423
423
"server when a user requests an index of a directory by specifying a forward "
426
426
"当用户在目录名后使用斜杠 (/) 来请求一个目录索引时,The <emphasis>DirectoryIndex</emphasis> "
427
427
"将通过服务器提供缺省页服务。"
428
428
429
#: serverguide/C/web-servers.xml:329(para)
429
#: serverguide/C/web-servers.xml:316(para)
430
430
msgid ""
431
431
"For example, when a user requests the page "
432
432
"http://www.example.com/this_directory/, he or she will get either the "
449
449
"file for Apache2 to use for specific error events. For example, if a user "
450
450
"requests a resource that does not exist, a 404 error will occur. By default, "
451
451
"Apache2 will simply return a HTTP 404 Return code. Read "
452
"<filename>/etc/apache2/conf.d/localized-error-pages</filename> for detailed "
453
"instructions for using ErrorDocument, including locations of example files."
452
"<filename>/etc/apache2/conf-available/localized-error-pages.conf</filename> "
453
"for detailed instructions for using ErrorDocument, including locations of "
454
"example files."
454
455
msgstr ""
455
456
456
#: serverguide/C/web-servers.xml:360(para)
457
#: serverguide/C/web-servers.xml:347(para)
457
458
msgid ""
458
459
"By default, the server writes the transfer log to the file "
459
460
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
469
470
"/etc/apache2/apache2.conf</filename> for the default value)."
470
471
msgstr ""
471
472
472
#: serverguide/C/web-servers.xml:375(para)
473
#: serverguide/C/web-servers.xml:362(para)
473
474
msgid ""
474
475
"Some options are specified on a per-directory basis rather than per-server. "
475
476
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
487
488
"</Directory>\n"
488
489
msgstr ""
489
490
490
#: serverguide/C/web-servers.xml:387(para)
491
#: serverguide/C/web-servers.xml:374(para)
491
492
msgid ""
492
493
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
493
494
"one or more of the following values (among others), separated by spaces:"
494
495
msgstr "<emphasis> 选项 </emphasis> 指令在目录接收一个或多个值(除了其它之外),由空格所分隔:"
495
496
496
#: serverguide/C/web-servers.xml:399(para)
497
#: serverguide/C/web-servers.xml:386(para)
497
498
msgid ""
498
499
"Most files should not be executed as CGI scripts. This would be very "
499
500
"dangerous. CGI scripts should kept in a directory separate from and outside "
504
505
"许多文件都不应该做为 CGI 脚本所执行。这会非常危险。CGI 脚本应该单独保存在一目录里和你的外部启动文档所分开,只有这目录已经设置了 ExecCGI "
505
506
"选项。CGI 脚本的默认位置是 <filename> /usr/lib/cgi-bin </filename>。"
506
507
507
#: serverguide/C/web-servers.xml:394(para)
508
#: serverguide/C/web-servers.xml:381(para)
508
509
msgid ""
509
510
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
510
511
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
512
513
"<emphasis role=\"bold\">ExecCGI</emphasis> - 允许执行 CGI 脚本。如果该选项没有设置,则 CGI "
513
514
"脚本将不能执行。<placeholder-1/>"
514
515
515
#: serverguide/C/web-servers.xml:410(para)
516
#: serverguide/C/web-servers.xml:397(para)
516
517
msgid ""
517
518
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
518
519
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
521
522
"documentation (Ubuntu community)</ulink> for more information."
522
523
msgstr ""
523
524
524
#: serverguide/C/web-servers.xml:419(para)
525
#: serverguide/C/web-servers.xml:406(para)
525
526
msgid ""
526
527
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
527
528
"includes, but disable the <emphasis>#exec</emphasis> and "
530
531
"允许服务端包含 <emphasis role=\"bold\"> IncludesNOEXEC </emphasis>,但要在 CGI 脚本里禁用 "
531
532
"<emphasis> #exec </emphasis> 和 <emphasis>#include</emphasis> 命令。"
532
533
533
#: serverguide/C/web-servers.xml:431(para)
534
#: serverguide/C/web-servers.xml:418(para)
534
535
msgid ""
535
536
"For security reasons, this should usually not be set, and certainly should "
536
537
"not be set on your DocumentRoot directory. Enable this option carefully on a "
540
541
"出于安全考虑,这个通常不会设置,无疑也不应在您 DocumentRoot "
541
542
"目录中设置。只有在您确定您希望用户看到目录的整个内容时请小心地基于每个目录启用该选项。"
542
543
543
#: serverguide/C/web-servers.xml:426(para)
544
#: serverguide/C/web-servers.xml:413(para)
544
545
msgid ""
545
546
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
546
547
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
558
559
"Apache2 documentation on this option</ulink>."
559
560
msgstr ""
560
561
561
#: serverguide/C/web-servers.xml:449(para)
562
#: serverguide/C/web-servers.xml:436(para)
562
563
msgid ""
563
564
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
564
565
"symbolic links if the target file or directory has the same owner as the "
567
568
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - "
568
569
"仅在软连接与其目的文件或目录拥有相同所有者时才使用。"
569
570
570
#: serverguide/C/web-servers.xml:461(title)
571
#: serverguide/C/web-servers.xml:448(title)
571
572
msgid "httpd Settings"
572
573
msgstr "httpd 设置"
573
574
574
#: serverguide/C/web-servers.xml:463(para)
575
#: serverguide/C/web-servers.xml:450(para)
575
576
msgid ""
576
577
"This section explains some basic <application>httpd</application> daemon "
577
578
"configuration settings."
578
579
msgstr "本节说明了一些基本的 <application> httpd </application> 守护进程的配置设置。"
579
580
580
#: serverguide/C/web-servers.xml:467(para)
581
#: serverguide/C/web-servers.xml:454(para)
581
582
msgid ""
582
583
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
583
584
"the path to the lockfile used when the server is compiled with either "
592
593
"语句来设置 lockfile 的路径。它必须保存在本地磁盘上,它应该设置成缺省值,除非日志目录被定位在 NFS "
593
594
"共享上。如果是这种情况,缺省值应该被改为本地磁盘的位置并且其目录只对 root 用户可读。"
594
595
595
#: serverguide/C/web-servers.xml:476(para)
596
#: serverguide/C/web-servers.xml:463(para)
596
597
msgid ""
597
598
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
598
599
"file in which the server records its process ID (pid). This file should only "
601
602
"<emphasis role=\"bold\">PidFile</emphasis> - PidFile 语句设置服务器记录其进程 ID (pid) "
602
603
"的文件。该文件只对 root 用户可读。在大多数情况下,应该保留其缺省值。"
603
604
604
#: serverguide/C/web-servers.xml:482(para)
605
#: serverguide/C/web-servers.xml:469(para)
605
606
msgid ""
606
607
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
607
608
"used by the server to answer requests. This setting determines the server's "
609
610
"your website's visitors. The default value for User is \"www-data\"."
610
611
msgstr ""
611
612
612
#: serverguide/C/web-servers.xml:489(para)
613
#: serverguide/C/web-servers.xml:476(para)
613
614
msgid ""
614
615
"Unless you know exactly what you are doing, do not set the User directive to "
615
616
"root. Using root as the User will create large security holes for your Web "
617
618
msgstr ""
618
619
"除非您的确知道您在做什么,否则请不要将 User 设为 root 用户。用 root 作为 User 的值将会在您的 Web 服务器中产生极大的安全漏洞。"
619
620
620
#: serverguide/C/web-servers.xml:495(para)
621
#: serverguide/C/web-servers.xml:482(para)
621
622
msgid ""
622
623
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
623
624
"the User directive. Group sets the group under which the server will answer "
626
627
"<emphasis role=\"bold\">Group</emphasis> - Group 指令和 User 指令类似。Group "
627
628
"指令设置服务器响应请求使用的用户组。默认组为\"www-data\"。"
628
629
629
#: serverguide/C/web-servers.xml:502(title)
630
#: serverguide/C/web-servers.xml:489(title)
630
631
msgid "Apache2 Modules"
631
632
msgstr "Apache2 模块"
632
633
633
#: serverguide/C/web-servers.xml:504(para)
634
#: serverguide/C/web-servers.xml:491(para)
634
635
msgid ""
635
636
"Apache2 is a modular server. This implies that only the most basic "
636
637
"functionality is included in the core server. Extended features are "
641
642
"Apache2 must be recompiled to add or remove modules."
642
643
msgstr ""
643
644
644
#: serverguide/C/web-servers.xml:516(para)
645
#: serverguide/C/web-servers.xml:503(para)
645
646
msgid ""
646
647
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
647
648
"Configuration directives may be conditionally included on the presence of a "
651
652
"Ubuntu把Apache2编译成可以动态加载模块的形式。配置命令可以通过包含在<emphasis><IfModule></emphasis>"
652
653
"块中的方式包含到某个模块中。"
653
654
654
#: serverguide/C/web-servers.xml:523(para)
655
#: serverguide/C/web-servers.xml:510(para)
655
656
msgid ""
656
657
"You can install additional Apache2 modules and use them with your Web "
657
658
"server. For example, run the following command from a terminal prompt to "
660
661
"您可以安装额外的 Apache2 模块,并和您的 Web 服务器使用这些模块。例如,运行以下终端提示的命令来安装 <emphasis>MySQL "
661
662
"认证</emphasis> 模块:"
662
663
663
#: serverguide/C/web-servers.xml:530(command)
664
#: serverguide/C/web-servers.xml:517(command)
664
665
msgid "sudo apt-get install libapache2-mod-auth-mysql"
665
666
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
666
667
667
#: serverguide/C/web-servers.xml:533(para)
668
#: serverguide/C/web-servers.xml:520(para)
668
669
msgid ""
669
670
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
670
671
"additional modules."
671
672
msgstr "请浏览 <filename>/etc/apache2/mods-available</filename> 目录,能提供更多的模块。"
672
673
673
#: serverguide/C/web-servers.xml:537(para)
674
#: serverguide/C/web-servers.xml:524(para)
674
675
msgid ""
675
676
"Use the <application>a2enmod</application> utility to enable a module:"
676
677
msgstr "使用 <application>a2enmod</application> 功能来激活模块:"
677
678
678
#: serverguide/C/web-servers.xml:543(command)
679
#: serverguide/C/web-servers.xml:530(command)
679
680
msgid "sudo a2enmod auth_mysql"
680
681
msgstr "sudo a2enmod auth_mysql"
681
682
682
#: serverguide/C/web-servers.xml:547(para)
683
#: serverguide/C/web-servers.xml:534(para)
683
684
msgid "Similarly, <application>a2dismod</application> will disable a module:"
684
685
msgstr "同样的,<application>a2dismod</application> 将禁用模块。"
685
686
686
#: serverguide/C/web-servers.xml:552(command)
687
#: serverguide/C/web-servers.xml:539(command)
687
688
msgid "sudo a2dismod auth_mysql"
688
689
msgstr "sudo a2dismod auth_mysql"
689
690
690
#: serverguide/C/web-servers.xml:559(title)
691
#: serverguide/C/web-servers.xml:546(title)
691
692
msgid "HTTPS Configuration"
692
693
msgstr "HTTPS 配置"
693
694
694
#: serverguide/C/web-servers.xml:561(para)
695
#: serverguide/C/web-servers.xml:548(para)
695
696
msgid ""
696
697
"The <application>mod_ssl</application> module adds an important feature to "
697
698
"the Apache2 server - the ability to encrypt communications. Thus, when your "
702
703
"<application>mod_ssl</application>模块为Apache2服务器提供了一个重要特性 - 对传送内容的加密功能。因此, "
703
704
"当您使用SSL浏览信息的时候,即导航栏中有https:// 前缀的情况。"
704
705
705
#: serverguide/C/web-servers.xml:570(para)
706
#: serverguide/C/web-servers.xml:557(para)
706
707
msgid ""
707
708
"The <application>mod_ssl</application> module is available in "
708
709
"<application>apache2-common</application> package. Execute the following "
713
714
"<application>mod_ssl</application> 模块。 在终端命令行中输入如下命令以使用 "
714
715
"<application>mod_ssl</application> 模块:"
715
716
716
#: serverguide/C/web-servers.xml:577(command)
717
#: serverguide/C/web-servers.xml:564(command)
717
718
msgid "sudo a2enmod ssl"
718
719
msgstr "sudo a2enmod ssl"
719
720
731
732
"linkend=\"certificates-and-security\"/>"
732
733
msgstr ""
733
734
734
#: serverguide/C/web-servers.xml:590(para)
735
#: serverguide/C/web-servers.xml:577(para)
735
736
msgid ""
736
737
"To configure <application>Apache2</application> for HTTPS, enter the "
737
738
"following:"
738
739
msgstr "要为 <application>Apache2</application> 配置 HTTPS,请输入以下内容:"
739
740
740
#: serverguide/C/web-servers.xml:595(command)
741
#: serverguide/C/web-servers.xml:582(command)
741
742
msgid "sudo a2ensite default-ssl"
742
743
msgstr "sudo a2ensite default-ssl"
743
744
744
#: serverguide/C/web-servers.xml:599(para)
745
#: serverguide/C/web-servers.xml:586(para)
745
746
msgid ""
746
747
"The directories <filename>/etc/ssl/certs</filename> and "
747
748
"<filename>/etc/ssl/private</filename> are the default locations. If you "
754
755
"<emphasis>SSLCertificateFile</emphasis> 和 "
755
756
"<emphasis>SSLCertificateKeyFile</emphasis> 的配置。"
756
757
757
#: serverguide/C/web-servers.xml:606(para)
758
#: serverguide/C/web-servers.xml:593(para)
758
759
msgid ""
759
760
"With Apache2 now configured for HTTPS, restart the service to enable the new "
760
761
"settings:"
761
762
msgstr "现在 Appache2 已经配置了 HTTPS。要使新设置生效,请重新启动服务:"
762
763
763
#: serverguide/C/web-servers.xml:617(para)
764
#: serverguide/C/web-servers.xml:604(para)
764
765
msgid ""
765
766
"Depending on how you obtained your certificate you may need to enter a "
766
767
"passphrase when <application>Apache2</application> starts."
767
768
msgstr ""
768
769
769
#: serverguide/C/web-servers.xml:623(para)
770
#: serverguide/C/web-servers.xml:610(para)
770
771
msgid ""
771
772
"You can access the secure server pages by typing https://your_hostname/url/ "
772
773
"in your browser address bar."
773
774
msgstr "你可通过在浏览器地址栏输入https://your_hostname/url/来进入安装服务器页面。"
774
775
775
#: serverguide/C/web-servers.xml:630(title)
776
#: serverguide/C/web-servers.xml:617(title)
776
777
msgid "Sharing Write Permission"
777
778
msgstr ""
778
779
796
797
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
797
798
msgstr ""
798
799
799
#: serverguide/C/web-servers.xml:645(para)
800
#: serverguide/C/web-servers.xml:632(para)
800
801
msgid ""
801
802
"If access must be granted to more than one group per directory, enable "
802
803
"Access Control Lists (ACLs)."
803
804
msgstr "如果需要对一个目录设置多于一个的授权访问组,请使用访问控制列表 (ACLs)。"
804
805
805
#: serverguide/C/web-servers.xml:652(title) serverguide/C/web-servers.xml:802(title) serverguide/C/web-servers.xml:951(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/web-servers.xml:1271(title) serverguide/C/vpn.xml:830(title) serverguide/C/vcs.xml:531(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1625(title) serverguide/C/security.xml:1811(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/other-apps.xml:345(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1750(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/lamp-applications.xml:636(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
806
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
806
807
msgid "References"
807
808
msgstr "参考资料"
808
809
814
815
"the official Apache2 docs."
815
816
msgstr ""
816
817
817
#: serverguide/C/web-servers.xml:663(para)
818
#: serverguide/C/web-servers.xml:650(para)
818
819
msgid ""
819
820
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
820
821
"Documentation</ulink> site for more SSL related information."
822
823
"请浏览 <ulink url=\"http://www.modssl.org/docs/\">Mod SSL 文件</ulink>站点可以查到更多的 "
823
824
"SSL 相关信息。"
824
825
825
#: serverguide/C/web-servers.xml:669(para)
826
#: serverguide/C/web-servers.xml:656(para)
826
827
msgid ""
827
828
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
828
829
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
831
832
"奥赖利的 <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
832
833
"菜谱</ulink> 是个能完成特定 Apache2 配置的好资料。"
833
834
834
#: serverguide/C/web-servers.xml:675(para)
835
#: serverguide/C/web-servers.xml:662(para)
835
836
msgid ""
836
837
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
837
838
"server</emphasis> IRC channel on <ulink "
841
842
"url=\"http://freenode.net/\">freenode.net</ulink> 的 <emphasis>#ubuntu-"
842
843
"server</emphasis> IRC 频道。"
843
844
844
#: serverguide/C/web-servers.xml:681(para)
845
#: serverguide/C/web-servers.xml:668(para)
845
846
msgid ""
846
847
"Usually integrated with PHP and MySQL the <ulink "
847
848
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
851
852
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
852
853
"Ubuntu Wiki </ulink> 页面是个很好的资源。"
853
854
854
#: serverguide/C/web-servers.xml:692(title)
855
#: serverguide/C/web-servers.xml:679(title)
855
856
msgid "PHP5 - Scripting Language"
856
857
msgstr "PHP5 - 脚本语言"
857
858
858
#: serverguide/C/web-servers.xml:693(para)
859
#: serverguide/C/web-servers.xml:680(para)
859
860
msgid ""
860
861
"PHP is a general-purpose scripting language suited for Web development. The "
861
862
"PHP script can be embedded into HTML. This section explains how to install "
864
865
"PHP 是一种适合 Web 开发的通用脚本语言。PHP 脚本可以被嵌入 HTML 之中。本节解释了如何在已有 Apache2 和 MySQL 的 "
865
866
"Ubuntu 系统中安装和配置 PHP5。"
866
867
867
#: serverguide/C/web-servers.xml:697(para)
868
#: serverguide/C/web-servers.xml:684(para)
868
869
msgid ""
869
870
"This section assumes you have installed and configured Apache2 Web Server "
870
871
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
874
875
"这里我们假定您已经安装并配置了 Apache2 Web 服务器和 MySQL 数据库服务器。要安装 Apache2 和 MySQL, "
875
876
"您可以分别查阅这个文档里的 Apache2 和 MySQL 章节。"
876
877
877
#: serverguide/C/web-servers.xml:704(para)
878
#: serverguide/C/web-servers.xml:691(para)
878
879
msgid ""
879
880
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
880
881
"installed in the base system, PHP must be added."
881
882
msgstr "Ubuntu Linux 里有 PHP5。和属于基础系统的 python 和 perl 不同,PHP 需要安装。"
882
883
883
#: serverguide/C/web-servers.xml:708(para)
884
#: serverguide/C/web-servers.xml:695(para)
884
885
msgid ""
885
886
"To install PHP5 you can enter the following command in the terminal prompt: "
886
887
"<screen>\n"
891
892
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
892
893
"</screen>"
893
894
894
#: serverguide/C/web-servers.xml:717(para)
895
#: serverguide/C/web-servers.xml:704(para)
895
896
msgid ""
896
897
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
897
898
"line you should install <application>php5-cli</application> package. To "
905
906
"<command>sudo apt-get install php5-cli</command>\n"
906
907
"</screen>"
907
908
908
#: serverguide/C/web-servers.xml:726(para)
909
#: serverguide/C/web-servers.xml:713(para)
909
910
msgid ""
910
911
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
911
912
"accomplish this, you should install <application>php5-cgi</application> "
920
921
"<command>sudo apt-get install php5-cgi</command>\n"
921
922
"</screen>"
922
923
923
#: serverguide/C/web-servers.xml:736(para)
924
#: serverguide/C/web-servers.xml:723(para)
924
925
msgid ""
925
926
"To use <application>MySQL</application> with PHP5 you should install "
926
927
"<application>php5-mysql</application> package. To install <application>php5-"
934
935
"<command>sudo apt-get install php5-mysql</command>\n"
935
936
"</screen>"
936
937
937
#: serverguide/C/web-servers.xml:744(para)
938
#: serverguide/C/web-servers.xml:731(para)
938
939
msgid ""
939
940
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
940
941
"install <application>php5-pgsql</application> package. To install "
948
949
"<command>sudo apt-get install php5-pgsql</command>\n"
949
950
"</screen>"
950
951
951
#: serverguide/C/web-servers.xml:757(para)
952
#: serverguide/C/web-servers.xml:744(para)
952
953
msgid ""
953
954
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
954
955
"you have installed <application>php5-cli</application> package, you can run "
957
958
"当你安装了PHP5后,你就可以在你的浏览器里运行PHP5脚本了。而且,如果你也安装了<application>php5-"
958
959
"cli</application>软件包,你就可以在命令提示符下运行PHP5脚本了。"
959
960
960
#: serverguide/C/web-servers.xml:764(para)
961
#: serverguide/C/web-servers.xml:751(para)
961
962
msgid ""
962
963
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
963
964
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
972
973
"<filename>/etc/apache2/mods-enabled/php5.load</filename> "
973
974
"文件是否存在。如果它们不存在的话,您可以使用 <command>a2enmod</command> 命令来加载模块。"
974
975
975
#: serverguide/C/web-servers.xml:775(para)
976
#: serverguide/C/web-servers.xml:762(para)
976
977
msgid ""
977
978
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
978
979
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
983
984
"脚本。您需在终端提示符下列命令,重启 web 服务器:<screen><command>sudo service apache2 "
984
985
"restart</command> </screen>"
985
986
986
#: serverguide/C/web-servers.xml:783(title) serverguide/C/network-auth.xml:1048(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1673(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
987
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
987
988
msgid "Testing"
988
989
msgstr "测试"
989
990
990
#: serverguide/C/web-servers.xml:784(para)
991
#: serverguide/C/web-servers.xml:771(para)
991
992
msgid ""
992
993
"To verify your installation, you can run following PHP5 phpinfo script:"
993
994
msgstr "您可以运行如下的 PHP5 phpinfo 脚本来验证您的安装:"
994
995
995
#: serverguide/C/web-servers.xml:787(programlisting)
996
#: serverguide/C/web-servers.xml:774(programlisting)
996
997
#, no-wrap
997
998
msgid ""
998
999
"\n"
1005
1006
" phpinfo();\n"
1006
1007
"?>\n"
1007
1008
1008
#: serverguide/C/web-servers.xml:792(para)
1009
#: serverguide/C/web-servers.xml:779(para)
1009
1010
msgid ""
1010
1011
"You can save the content in a file <filename>phpinfo.php</filename> and "
1011
1012
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
1017
1018
"<command>DocumentRoot</command> 目录下。当把您的浏览器指向 "
1018
1019
"<filename>http://hostname/phpinfo.php</filename> 后,将会显示 PHP5 的各种配置参数的值。"
1019
1020
1020
#: serverguide/C/web-servers.xml:806(para)
1021
#: serverguide/C/web-servers.xml:793(para)
1021
1022
msgid ""
1022
1023
"For more in depth information see <ulink "
1023
1024
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
1024
1025
msgstr ""
1025
1026
"更多的高级应用资料请访问<ulink url=\"http://www.php.net/docs.php\">php.net</ulink> 文档。"
1026
1027
1027
#: serverguide/C/web-servers.xml:811(para)
1028
#: serverguide/C/web-servers.xml:798(para)
1028
1029
msgid ""
1029
1030
"There are a plethora of books on PHP. Two good books from O'Reilly are "
1030
1031
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
1036
1037
"5</ulink>和<ulink url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook "
1037
1038
"Book</ulink>。"
1038
1039
1039
#: serverguide/C/web-servers.xml:818(para)
1040
#: serverguide/C/web-servers.xml:805(para)
1040
1041
msgid ""
1041
1042
"Also, see the <ulink "
1042
1043
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
1045
1046
"另外,参见 <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
1046
1047
"MySQL PHP Ubuntu Wiki</ulink> 页面以获得更多信息。"
1047
1048
1048
#: serverguide/C/web-servers.xml:829(title)
1049
#: serverguide/C/web-servers.xml:816(title)
1049
1050
msgid "Squid - Proxy Server"
1050
1051
msgstr "Squid - 代理服务器"
1051
1052
1074
1075
"for increased performance."
1075
1076
msgstr ""
1076
1077
1077
#: serverguide/C/web-servers.xml:847(para)
1078
#: serverguide/C/web-servers.xml:834(para)
1078
1079
msgid ""
1079
1080
"At a terminal prompt, enter the following command to install the Squid "
1080
1081
"server:"
1109
1110
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
1110
1111
msgstr ""
1111
1112
1112
#: serverguide/C/web-servers.xml:878(para)
1113
#: serverguide/C/web-servers.xml:866(para)
1113
1114
msgid ""
1114
1115
"To set your Squid server to listen on TCP port 8888 instead of the default "
1115
1116
"TCP port 3128, change the http_port directive as such:"
1116
1117
msgstr ""
1117
1118
"要将您的 Squid 服务器监听 TCP 端口 8888 以代替缺省的 TCP 端口 3128,可以如下所示修改 http_port 语句:"
1118
1119
1119
#: serverguide/C/web-servers.xml:882(programlisting)
1120
#: serverguide/C/web-servers.xml:870(programlisting)
1120
1121
#, no-wrap
1121
1122
msgid ""
1122
1123
"\n"
1125
1126
"\n"
1126
1127
"http_port 8888\n"
1127
1128
1128
#: serverguide/C/web-servers.xml:887(para)
1129
#: serverguide/C/web-servers.xml:875(para)
1129
1130
msgid ""
1130
1131
"Change the visible_hostname directive in order to give the Squid server a "
1131
1132
"specific hostname. This hostname does not necessarily need to be the "
1134
1135
"改变 visible_hostname 语句是为了给 Squid 服务器一个特定的主机名。该主机名并必是计算机的主机名。在本范例中它被设为 "
1135
1136
"<emphasis>weezie</emphasis>。"
1136
1137
1137
#: serverguide/C/web-servers.xml:891(programlisting)
1138
#: serverguide/C/web-servers.xml:879(programlisting)
1138
1139
#, no-wrap
1139
1140
msgid ""
1140
1141
"\n"
1143
1144
"\n"
1144
1145
"visible_hostname weezie\n"
1145
1146
1146
#: serverguide/C/web-servers.xml:896(para)
1147
#: serverguide/C/web-servers.xml:884(para)
1147
1148
msgid ""
1148
1149
"Using Squid's access control, you may configure use of Internet services "
1149
1150
"proxied by Squid to be available only users with certain Internet Protocol "
1157
1158
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1158
1159
msgstr ""
1159
1160
1160
#: serverguide/C/web-servers.xml:904(programlisting)
1161
#: serverguide/C/web-servers.xml:892(programlisting)
1161
1162
#, no-wrap
1162
1163
msgid ""
1163
1164
"\n"
1172
1173
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1173
1174
msgstr ""
1174
1175
1175
#: serverguide/C/web-servers.xml:911(programlisting)
1176
#: serverguide/C/web-servers.xml:899(programlisting)
1176
1177
#, no-wrap
1177
1178
msgid ""
1178
1179
"\n"
1190
1191
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1191
1192
msgstr ""
1192
1193
1193
#: serverguide/C/web-servers.xml:924(programlisting)
1194
#: serverguide/C/web-servers.xml:912(programlisting)
1194
1195
#, no-wrap
1195
1196
msgid ""
1196
1197
"\n"
1201
1202
"acl biz_network src 10.1.42.0/24\n"
1202
1203
"acl biz_hours time M T W T F 9:00-17:00\n"
1203
1204
1204
#: serverguide/C/web-servers.xml:932(programlisting)
1205
#: serverguide/C/web-servers.xml:920(programlisting)
1205
1206
#, no-wrap
1206
1207
msgid ""
1207
1208
"\n"
1222
1223
msgid "sudo service squid3 restart"
1223
1224
msgstr ""
1224
1225
1225
#: serverguide/C/web-servers.xml:953(ulink)
1226
#: serverguide/C/web-servers.xml:941(ulink)
1226
1227
msgid "Squid Website"
1227
1228
msgstr "Squid 网站"
1228
1229
1229
#: serverguide/C/web-servers.xml:955(para)
1230
#: serverguide/C/web-servers.xml:943(para)
1230
1231
msgid ""
1231
1232
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1232
1233
"Squid</ulink> page."
1234
1235
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1235
1236
"Squid</ulink> page."
1236
1237
1237
#: serverguide/C/web-servers.xml:962(title)
1238
#: serverguide/C/web-servers.xml:950(title)
1238
1239
msgid "Ruby on Rails"
1239
1240
msgstr "Ruby on Rails"
1240
1241
1241
#: serverguide/C/web-servers.xml:963(para)
1242
#: serverguide/C/web-servers.xml:951(para)
1242
1243
msgid ""
1243
1244
"Ruby on Rails is an open source web framework for developing database backed "
1244
1245
"web applications. It is optimized for sustainable productivity of the "
1248
1249
"Ruby on Rails 是一个用于开发以数据库为后台的 web 应用程序的开源 web "
1249
1250
"框架。其为发挥程序员持久的生产力而优化,因为它能让程序员通过有益的约定而不是配置来编写代码。"
1250
1251
1251
#: serverguide/C/web-servers.xml:970(para)
1252
#: serverguide/C/web-servers.xml:958(para)
1252
1253
msgid ""
1253
1254
"Before installing <application>Rails</application> you should install "
1254
1255
"<application>Apache</application> and <application>MySQL</application>. To "
1261
1262
"软件包的安装, 请参考<xref linkend=\"httpd\"/>。关于 <application>MySQL</application>则请参考 "
1262
1263
"<xref linkend=\"mysql\"/>。"
1263
1264
1264
#: serverguide/C/web-servers.xml:978(para)
1265
#: serverguide/C/web-servers.xml:966(para)
1265
1266
msgid ""
1266
1267
"Once you have <application>Apache</application> and "
1267
1268
"<application>MySQL</application> packages installed, you are ready to "
1270
1271
"当你安装好了<application>Apache</application>和<application>MySQL</application>,你就可以"
1271
1272
"安装<application>Ruby on Rails</application>软件包了。"
1272
1273
1273
#: serverguide/C/web-servers.xml:985(para)
1274
#: serverguide/C/web-servers.xml:973(para)
1274
1275
msgid ""
1275
1276
"To install the <application>Ruby</application> base packages and "
1276
1277
"<application>Ruby on Rails</application>, you can enter the following "
1279
1280
"要安装<application>Ruby</application>基础包和<application>Ruby on "
1280
1281
"Rails</application>,你可以在终端输入如下命令:"
1281
1282
1282
#: serverguide/C/web-servers.xml:991(command)
1283
#: serverguide/C/web-servers.xml:979(command)
1283
1284
msgid "sudo apt-get install rails"
1284
1285
msgstr "sudo apt-get install rails"
1285
1286
1289
1290
"default.conf</filename> configuration file to setup your domains."
1290
1291
msgstr ""
1291
1292
1292
#: serverguide/C/web-servers.xml:1001(para)
1293
#: serverguide/C/web-servers.xml:989(para)
1293
1294
msgid ""
1294
1295
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1295
1296
msgstr "首先改变的是<emphasis>DocumentRoot</emphasis>指令:"
1296
1297
1297
#: serverguide/C/web-servers.xml:1005(programlisting)
1298
#: serverguide/C/web-servers.xml:993(programlisting)
1298
1299
#, no-wrap
1299
1300
msgid ""
1300
1301
"\n"
1303
1304
"\n"
1304
1305
"DocumentRoot /path/to/rails/application/public\n"
1305
1306
1306
#: serverguide/C/web-servers.xml:1008(para)
1307
#: serverguide/C/web-servers.xml:996(para)
1307
1308
msgid ""
1308
1309
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1309
1310
"directive:"
1310
1311
msgstr "下一步,改变 <Directory \"/path/to/rails/application/public\"> 指令:"
1311
1312
1312
#: serverguide/C/web-servers.xml:1012(programlisting)
1313
#: serverguide/C/web-servers.xml:1000(programlisting)
1313
1314
#, no-wrap
1314
1315
msgid ""
1315
1316
"\n"
1330
1331
" AddHandler cgi-script .cgi\n"
1331
1332
"</Directory>\n"
1332
1333
1333
#: serverguide/C/web-servers.xml:1022(para)
1334
#: serverguide/C/web-servers.xml:1010(para)
1334
1335
msgid ""
1335
1336
"You should also enable the <application>mod_rewrite</application> module for "
1336
1337
"Apache. To enable <application>mod_rewrite</application> module, please "
1339
1340
"你也必须为Apache打开<application>mod_rewrite</application>模块。请在终端输入如下命令来打开<applicati"
1340
1341
"on>mod_rewrite</application>模块:"
1341
1342
1342
#: serverguide/C/web-servers.xml:1028(command)
1343
#: serverguide/C/web-servers.xml:1016(command)
1343
1344
msgid "sudo a2enmod rewrite"
1344
1345
msgstr "sudo a2enmod rewrite"
1345
1346
1346
#: serverguide/C/web-servers.xml:1031(para)
1347
#: serverguide/C/web-servers.xml:1019(para)
1347
1348
msgid ""
1348
1349
"Finally you will need to change the ownership of the "
1349
1350
"<filename>/path/to/rails/application/public</filename> and "
1354
1355
"<filename>/path/to/rails/application/tmp</filename> "
1355
1356
"目录的所有权到运行<application>Apache</application> 进程的用户:"
1356
1357
1357
#: serverguide/C/web-servers.xml:1037(command)
1358
#: serverguide/C/web-servers.xml:1025(command)
1358
1359
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1359
1360
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
1360
1361
1361
#: serverguide/C/web-servers.xml:1038(command)
1362
#: serverguide/C/web-servers.xml:1026(command)
1362
1363
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1363
1364
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1364
1365
1365
#: serverguide/C/web-servers.xml:1041(para)
1366
#: serverguide/C/web-servers.xml:1029(para)
1366
1367
msgid ""
1367
1368
"That's it! Now you have your Server ready for your <application>Ruby on "
1368
1369
"Rails</application> applications."
1369
1370
msgstr "搞定!现在您的服务器已经可以运行 <application>Ruby on Rails</application> 应用程序。"
1370
1371
1371
#: serverguide/C/web-servers.xml:1050(para)
1372
#: serverguide/C/web-servers.xml:1038(para)
1372
1373
msgid ""
1373
1374
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1374
1375
"for more information."
1375
1376
msgstr ""
1376
1377
"查看更多信息请浏览<ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink>站点。"
1377
1378
1378
#: serverguide/C/web-servers.xml:1055(para)
1379
#: serverguide/C/web-servers.xml:1043(para)
1379
1380
msgid ""
1380
1381
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1381
1382
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1384
1385
"同样,<ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-with-"
1385
1386
"rails-third-edition\">Agile Development with Rails</ulink>是个不错的学习材料。"
1386
1387
1387
#: serverguide/C/web-servers.xml:1061(para)
1388
#: serverguide/C/web-servers.xml:1049(para)
1388
1389
msgid ""
1389
1390
"Another place for more information is the <ulink "
1390
1391
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1391
1392
"Wiki</ulink> page."
1392
1393
msgstr ""
1393
1394
1394
#: serverguide/C/web-servers.xml:1072(title)
1395
#: serverguide/C/web-servers.xml:1060(title)
1395
1396
msgid "Apache Tomcat"
1396
1397
msgstr "Apache Tomcat"
1397
1398
1398
#: serverguide/C/web-servers.xml:1073(para)
1399
#: serverguide/C/web-servers.xml:1061(para)
1399
1400
msgid ""
1400
1401
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1401
1402
"JSP (Java Server Pages) web applications."
1421
1422
"need to test on their own private Tomcat instances."
1422
1423
msgstr ""
1423
1424
1424
#: serverguide/C/web-servers.xml:1088(title)
1425
#: serverguide/C/web-servers.xml:1073(title)
1425
1426
msgid "System-wide installation"
1426
1427
msgstr "系统级安装"
1427
1428
1428
#: serverguide/C/web-servers.xml:1089(para)
1429
#: serverguide/C/web-servers.xml:1074(para)
1429
1430
msgid ""
1430
1431
"To install the Tomcat server, you can enter the following command in the "
1431
1432
"terminal prompt:"
1435
1436
msgid "sudo apt-get install tomcat7"
1436
1437
msgstr ""
1437
1438
1438
#: serverguide/C/web-servers.xml:1094(para)
1439
#: serverguide/C/web-servers.xml:1079(para)
1439
1440
msgid ""
1440
1441
"This will install a Tomcat server with just a default ROOT webapp that "
1441
1442
"displays a minimal \"It works\" page by default."
1450
1451
"documentation</ulink> for more."
1451
1452
msgstr ""
1452
1453
1453
#: serverguide/C/web-servers.xml:1106(title)
1454
#: serverguide/C/web-servers.xml:1091(title)
1454
1455
msgid "Changing default ports"
1455
1456
msgstr "修改默认端口"
1456
1457
1462
1463
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1463
1464
msgstr ""
1464
1465
1465
#: serverguide/C/web-servers.xml:1112(programlisting)
1466
#: serverguide/C/web-servers.xml:1097(programlisting)
1466
1467
#, no-wrap
1467
1468
msgid ""
1468
1469
"\n"
1481
1482
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
1482
1483
"/>\n"
1483
1484
1484
#: serverguide/C/web-servers.xml:1121(title)
1485
#: serverguide/C/web-servers.xml:1106(title)
1485
1486
msgid "Changing JVM used"
1486
1487
msgstr "修改使用的 JVM"
1487
1488
1492
1493
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1493
1494
msgstr ""
1494
1495
1495
#: serverguide/C/web-servers.xml:1126(programlisting)
1496
#: serverguide/C/web-servers.xml:1111(programlisting)
1496
1497
#, no-wrap
1497
1498
msgid ""
1498
1499
"\n"
1501
1502
"\n"
1502
1503
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1503
1504
1504
#: serverguide/C/web-servers.xml:1131(title)
1505
#: serverguide/C/web-servers.xml:1116(title)
1505
1506
msgid "Declaring users and roles"
1506
1507
msgstr "声明用户与角色"
1507
1508
1512
1513
"users.xml</filename> file:"
1513
1514
msgstr ""
1514
1515
1515
#: serverguide/C/web-servers.xml:1135(programlisting)
1516
#: serverguide/C/web-servers.xml:1120(programlisting)
1516
1517
#, no-wrap
1517
1518
msgid ""
1518
1519
"\n"
1523
1524
"<role rolename=\"admin\"/>\n"
1524
1525
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1525
1526
1526
#: serverguide/C/web-servers.xml:1143(title)
1527
#: serverguide/C/web-servers.xml:1128(title)
1527
1528
msgid "Using Tomcat standard webapps"
1528
1529
msgstr "使用 Tomcat 标准应用程序"
1529
1530
1530
#: serverguide/C/web-servers.xml:1144(para)
1531
#: serverguide/C/web-servers.xml:1129(para)
1531
1532
msgid ""
1532
1533
"Tomcat is shipped with webapps that you can install for documentation, "
1533
1534
"administration or demo purposes."
1534
1535
msgstr "Tomcat 捆绑了一些应用程序,您可以安装作为文档、管理和演示之用。"
1535
1536
1536
#: serverguide/C/web-servers.xml:1147(title)
1537
#: serverguide/C/web-servers.xml:1132(title)
1537
1538
msgid "Tomcat documentation"
1538
1539
msgstr "Tomcat 文档"
1539
1540
1549
1550
msgid "sudo apt-get install tomcat7-docs"
1550
1551
msgstr ""
1551
1552
1552
#: serverguide/C/web-servers.xml:1157(title)
1553
#: serverguide/C/web-servers.xml:1142(title)
1553
1554
msgid "Tomcat administration webapps"
1554
1555
msgstr "Tomcat 管理应用程序"
1555
1556
1564
1565
msgid "sudo apt-get install tomcat7-admin"
1565
1566
msgstr ""
1566
1567
1567
#: serverguide/C/web-servers.xml:1165(para)
1568
#: serverguide/C/web-servers.xml:1150(para)
1568
1569
msgid ""
1569
1570
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1570
1571
"access by default at http://yourserver:8080/manager/html. It is primarily "
1580
1581
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1581
1582
msgstr ""
1582
1583
1583
#: serverguide/C/web-servers.xml:1172(para)
1584
#: serverguide/C/web-servers.xml:1157(para)
1584
1585
msgid ""
1585
1586
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1586
1587
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1614
1615
msgid "sudo chmod -R g+w /etc/tomcat7"
1615
1616
msgstr ""
1616
1617
1617
#: serverguide/C/web-servers.xml:1194(title)
1618
#: serverguide/C/web-servers.xml:1179(title)
1618
1619
msgid "Tomcat examples webapps"
1619
1620
msgstr "Tomcat 示例应用程序"
1620
1621
1630
1631
msgid "sudo apt-get install tomcat7-examples"
1631
1632
msgstr ""
1632
1633
1633
#: serverguide/C/web-servers.xml:1207(title)
1634
#: serverguide/C/web-servers.xml:1192(title)
1634
1635
msgid "Using private instances"
1635
1636
msgstr "使用私有实例"
1636
1637
1644
1645
"system-installed libraries."
1645
1646
msgstr ""
1646
1647
1647
#: serverguide/C/web-servers.xml:1215(para)
1648
#: serverguide/C/web-servers.xml:1200(para)
1648
1649
msgid ""
1649
1650
"It is possible to run the system-wide instance and the private instances in "
1650
1651
"parallel, as long as they do not use the same TCP ports."
1651
1652
msgstr "只要他们不使用同样的 TCP 端口,有可能并行运行全系统例子和人例子。"
1652
1653
1653
#: serverguide/C/web-servers.xml:1219(title)
1654
#: serverguide/C/web-servers.xml:1204(title)
1654
1655
msgid "Installing private instance support"
1655
1656
msgstr "安装兼容的个人事例"
1656
1657
1657
#: serverguide/C/web-servers.xml:1220(para)
1658
#: serverguide/C/web-servers.xml:1205(para)
1658
1659
msgid ""
1659
1660
"You can install everything necessary to run private instances by entering "
1660
1661
"the following command in the terminal prompt:"
1664
1665
msgid "sudo apt-get install tomcat7-user"
1665
1666
msgstr ""
1666
1667
1667
#: serverguide/C/web-servers.xml:1227(title)
1668
#: serverguide/C/web-servers.xml:1212(title)
1668
1669
msgid "Creating a private instance"
1669
1670
msgstr "创建个人事例"
1670
1671
1671
#: serverguide/C/web-servers.xml:1228(para)
1672
#: serverguide/C/web-servers.xml:1213(para)
1672
1673
msgid ""
1673
1674
"You can create a private instance directory by entering the following "
1674
1675
"command in the terminal prompt:"
1678
1679
msgid "tomcat7-instance-create my-instance"
1679
1680
msgstr ""
1680
1681
1681
#: serverguide/C/web-servers.xml:1233(para)
1682
#: serverguide/C/web-servers.xml:1218(para)
1682
1683
msgid ""
1683
1684
"This will create a new <filename>my-instance</filename> directory with all "
1684
1685
"the necessary subdirectories and scripts. You can for example install your "
1690
1691
"instance</filename>目录以提供一切必需子目录和脚本。例如,您也可以共同安装库在<filename>lib/</filename>子目录里"
1691
1692
"来布置 webapps 在您的<filename>webapps/</filename>子目录里。默认下是没有布置 webapps 的。"
1692
1693
1693
#: serverguide/C/web-servers.xml:1241(title)
1694
#: serverguide/C/web-servers.xml:1226(title)
1694
1695
msgid "Configuring your private instance"
1695
1696
msgstr "配置你的个人事例"
1696
1697
1697
#: serverguide/C/web-servers.xml:1242(para)
1698
#: serverguide/C/web-servers.xml:1227(para)
1698
1699
msgid ""
1699
1700
"You will find the classic Tomcat configuration files for your private "
1700
1701
"instance in the <filename>conf/</filename> subdirectory. You should for "
1705
1706
"您会在您个人示范 <filename>conf/</filename> 子目录里找到典型的 Tomcat 配置文件。你应该个人 Tomcat 示范编辑 "
1706
1707
"<filename>conf/server.xml</filename> 文件来改变默认端口的使用,以避免运行时和其它的示范有冲突。"
1707
1708
1708
#: serverguide/C/web-servers.xml:1250(title)
1709
#: serverguide/C/web-servers.xml:1235(title)
1709
1710
msgid "Starting/stopping your private instance"
1710
1711
msgstr "开始/停止 您的个人事例"
1711
1712
1712
#: serverguide/C/web-servers.xml:1251(para)
1713
#: serverguide/C/web-servers.xml:1236(para)
1713
1714
msgid ""
1714
1715
"You can start your private instance by entering the following command in the "
1715
1716
"terminal prompt (supposing your instance is located in the <filename>my-"
1716
1717
"instance</filename> directory):"
1717
1718
msgstr "您可以键入以下终端提示命令来启动你个人事例(认定您的事例已锁在<filename>my-instance</filename>目录里):"
1718
1719
1719
#: serverguide/C/web-servers.xml:1255(command)
1720
#: serverguide/C/web-servers.xml:1240(command)
1720
1721
msgid "my-instance/bin/startup.sh"
1721
1722
msgstr "my-instance/bin/startup.sh"
1722
1723
1723
#: serverguide/C/web-servers.xml:1257(para)
1724
#: serverguide/C/web-servers.xml:1242(para)
1724
1725
msgid ""
1725
1726
"You should check the <filename>logs/</filename> subdirectory for any error. "
1726
1727
"If you have a <emphasis>java.net.BindException: Address already in "
1731
1732
"<emphasis>java.net.BindException: 地址已经在使用<null>:8080</emphasis> "
1732
1733
"的错误,这意味着你您使用的端口已经被标记,您应该要使用另一端口。"
1733
1734
1734
#: serverguide/C/web-servers.xml:1262(para)
1735
#: serverguide/C/web-servers.xml:1247(para)
1735
1736
msgid ""
1736
1737
"You can stop your instance by entering the following command in the terminal "
1737
1738
"prompt (supposing your instance is located in the <filename>my-"
1738
1739
"instance</filename> directory):"
1739
1740
msgstr "您可以键入以下终端提示命令来停止你个人事例(认定您的事例已锁在<filename>my-instance</filename>目录里):"
1740
1741
1741
#: serverguide/C/web-servers.xml:1266(command)
1742
#: serverguide/C/web-servers.xml:1251(command)
1742
1743
msgid "my-instance/bin/shutdown.sh"
1743
1744
msgstr "my-instance/bin/shutdown.sh"
1744
1745
1745
#: serverguide/C/web-servers.xml:1275(para)
1746
#: serverguide/C/web-servers.xml:1260(para)
1746
1747
msgid ""
1747
1748
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1748
1749
"website for more information."
1756
1757
"with Tomcat."
1757
1758
msgstr ""
1758
1759
1759
#: serverguide/C/web-servers.xml:1286(para)
1760
#: serverguide/C/web-servers.xml:1271(para)
1760
1761
msgid ""
1761
1762
"For additional books see the <ulink "
1762
1763
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1889
1890
"\n"
1890
1891
msgstr ""
1891
1892
1892
#: serverguide/C/vpn.xml:94(para)
1893
#: serverguide/C/vpn.xml:90(para)
1893
1894
msgid ""
1894
1895
"Enter the following to generate the master Certificate Authority (CA) "
1895
1896
"certificate and key:"
1896
1897
msgstr ""
1897
1898
1898
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1899
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1899
1900
msgid "cd /etc/openvpn/easy-rsa/"
1900
1901
msgstr "cd /etc/openvpn/easy-rsa/"
1901
1902
1902
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1903
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1903
1904
msgid "source vars"
1904
1905
msgstr "原始变量"
1905
1906
1906
#: serverguide/C/vpn.xml:101(command)
1907
#: serverguide/C/vpn.xml:97(command)
1907
1908
msgid "./clean-all"
1908
1909
msgstr "./clean-all"
1909
1910
1910
#: serverguide/C/vpn.xml:102(command)
1911
#: serverguide/C/vpn.xml:98(command)
1911
1912
msgid "./build-ca"
1912
1913
msgstr "./build-ca"
1913
1914
1914
#: serverguide/C/vpn.xml:107(title)
1915
#: serverguide/C/vpn.xml:103(title)
1915
1916
msgid "Server Certificates"
1916
1917
msgstr "服务器证书"
1917
1918
1918
#: serverguide/C/vpn.xml:109(para)
1919
#: serverguide/C/vpn.xml:105(para)
1919
1920
msgid "Next, we will generate a certificate and private key for the server:"
1920
1921
msgstr ""
1921
1922
1922
#: serverguide/C/vpn.xml:114(command)
1923
#: serverguide/C/vpn.xml:110(command)
1923
1924
msgid "./build-key-server myservername"
1924
1925
msgstr ""
1925
1926
1926
#: serverguide/C/vpn.xml:117(para)
1927
#: serverguide/C/vpn.xml:113(para)
1927
1928
msgid ""
1928
1929
"As in the previous step, most parameters can be defaulted. Two other queries "
1929
1930
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1930
1931
"certificate requests certified, commit? [y/n]\"."
1931
1932
msgstr ""
1932
1933
1933
#: serverguide/C/vpn.xml:121(para)
1934
#: serverguide/C/vpn.xml:117(para)
1934
1935
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1935
1936
msgstr "需要为 OpenVPN 服务器生成 Diffie Hellman 参数:"
1936
1937
1937
#: serverguide/C/vpn.xml:126(command)
1938
#: serverguide/C/vpn.xml:122(command)
1938
1939
msgid "./build-dh"
1939
1940
msgstr "./build-dh"
1940
1941
1941
#: serverguide/C/vpn.xml:129(para)
1942
#: serverguide/C/vpn.xml:125(para)
1942
1943
msgid ""
1943
1944
"All certificates and keys have been generated in the subdirectory keys/. "
1944
1945
"Common practice is to copy them to /etc/openvpn/:"
1945
1946
msgstr ""
1946
1947
1947
#: serverguide/C/vpn.xml:133(command)
1948
#: serverguide/C/vpn.xml:129(command)
1948
1949
msgid "cd keys/"
1949
1950
msgstr ""
1950
1951
1952
1953
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1953
1954
msgstr ""
1954
1955
1955
#: serverguide/C/vpn.xml:139(title)
1956
#: serverguide/C/vpn.xml:135(title)
1956
1957
msgid "Client Certificates"
1957
1958
msgstr "客户端证书"
1958
1959
1959
#: serverguide/C/vpn.xml:141(para)
1960
#: serverguide/C/vpn.xml:137(para)
1960
1961
msgid ""
1961
1962
"The VPN client will also need a certificate to authenticate itself to the "
1962
1963
"server. Usually you create a different certificate for each client. To "
1964
1965
"root:"
1965
1966
msgstr ""
1966
1967
1967
#: serverguide/C/vpn.xml:149(command)
1968
#: serverguide/C/vpn.xml:145(command)
1968
1969
msgid "./build-key client1"
1969
1970
msgstr ""
1970
1971
1971
#: serverguide/C/vpn.xml:152(para)
1972
#: serverguide/C/vpn.xml:148(para)
1972
1973
msgid "Copy the following files to the client using a secure method:"
1973
1974
msgstr "使用安全的方法,把下列文件拷贝到客户端:"
1974
1975
1975
#: serverguide/C/vpn.xml:157(para)
1976
#: serverguide/C/vpn.xml:153(para)
1976
1977
msgid "/etc/openvpn/ca.crt"
1977
1978
msgstr "/etc/openvpn/ca.crt"
1978
1979
1979
#: serverguide/C/vpn.xml:158(para)
1980
#: serverguide/C/vpn.xml:154(para)
1980
1981
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1981
1982
msgstr "/etc/openvpn/easy-rsa/keys/client1.crt"
1982
1983
1983
#: serverguide/C/vpn.xml:159(para)
1984
#: serverguide/C/vpn.xml:155(para)
1984
1985
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1985
1986
msgstr ""
1986
1987
1987
#: serverguide/C/vpn.xml:162(para)
1988
#: serverguide/C/vpn.xml:158(para)
1988
1989
msgid ""
1989
1990
"As the client certificates and keys are only required on the client machine, "
1990
1991
"you should remove them from the server."
1991
1992
msgstr ""
1992
1993
1993
#: serverguide/C/vpn.xml:170(title)
1994
#: serverguide/C/vpn.xml:166(title)
1994
1995
msgid "Simple Server Configuration"
1995
1996
msgstr ""
1996
1997
1997
#: serverguide/C/vpn.xml:172(para)
1998
#: serverguide/C/vpn.xml:168(para)
1998
1999
msgid ""
1999
2000
"Along with your <application>OpenVPN</application> installation you got "
2000
2001
"these sample config files (and many more if if you check):"
2001
2002
msgstr ""
2002
2003
2003
#: serverguide/C/vpn.xml:176(programlisting)
2004
#: serverguide/C/vpn.xml:172(programlisting)
2004
2005
#, no-wrap
2005
2006
msgid ""
2006
2007
"\n"
2010
2011
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
2011
2012
msgstr ""
2012
2013
2013
#: serverguide/C/vpn.xml:183(para)
2014
#: serverguide/C/vpn.xml:179(para)
2014
2015
msgid ""
2015
2016
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
2016
2017
msgstr ""
2017
2018
2018
#: serverguide/C/vpn.xml:187(command)
2019
#: serverguide/C/vpn.xml:183(command)
2019
2020
msgid ""
2020
2021
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
2021
2022
"/etc/openvpn/"
2023
2024
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
2024
2025
"/etc/openvpn/"
2025
2026
2026
#: serverguide/C/vpn.xml:188(command)
2027
#: serverguide/C/vpn.xml:184(command)
2027
2028
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
2028
2029
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
2029
2030
2030
#: serverguide/C/vpn.xml:191(para)
2031
#: serverguide/C/vpn.xml:187(para)
2031
2032
msgid ""
2032
2033
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
2033
2034
"following lines are pointing to the certificates and keys you created in the "
2046
2047
2047
2048
#: serverguide/C/vpn.xml:201(para)
2048
2049
msgid ""
2050
"Edit <filename>/etc/sysctl.conf</filename> and uncomment the following line "
2051
"to enable IP forwarding."
2052
msgstr ""
2053
2054
#: serverguide/C/vpn.xml:204(programlisting)
2055
#, no-wrap
2056
msgid ""
2057
"\n"
2058
"#net.ipv4.ip_forward=1\n"
2059
msgstr ""
2060
2061
#: serverguide/C/vpn.xml:207(para)
2062
msgid "Then reload sysctl."
2063
msgstr ""
2064
2065
#: serverguide/C/vpn.xml:211(command)
2066
msgid "sudo sysctl -p /etc/sysctl.conf"
2067
msgstr ""
2068
2069
#: serverguide/C/vpn.xml:197(para)
2070
msgid ""
2049
2071
"That is the minimum you have to configure to get a working OpenVPN server. "
2050
2072
"You can use all the default settings in the sample server.conf file. Now "
2051
2073
"start the server. You will find logging and error messages in your syslog."
2052
2074
msgstr ""
2053
2075
2054
#: serverguide/C/vpn.xml:206(programlisting)
2076
#: serverguide/C/vpn.xml:219(programlisting)
2055
2077
#, no-wrap
2056
2078
msgid ""
2057
2079
"\n"
2060
2082
" * Autostarting VPN 'server' [ OK ]\n"
2061
2083
msgstr ""
2062
2084
2063
#: serverguide/C/vpn.xml:212(para)
2085
#: serverguide/C/vpn.xml:208(para)
2064
2086
msgid "Now check if OpenVPN created a tun0 interface:"
2065
2087
msgstr ""
2066
2088
2067
#: serverguide/C/vpn.xml:216(programlisting)
2089
#: serverguide/C/vpn.xml:212(programlisting)
2068
2090
#, no-wrap
2069
2091
msgid ""
2070
2092
"\n"
2076
2098
"[...]\n"
2077
2099
msgstr ""
2078
2100
2079
#: serverguide/C/vpn.xml:226(title)
2101
#: serverguide/C/vpn.xml:222(title)
2080
2102
msgid "Simple Client Configuration"
2081
2103
msgstr ""
2082
2104
2083
#: serverguide/C/vpn.xml:228(para)
2105
#: serverguide/C/vpn.xml:224(para)
2084
2106
msgid ""
2085
2107
"There are various different <application>OpenVPN</application> client "
2086
2108
"implementations with and without GUIs. You can read more about clients in a "
2089
2111
"install the openvpn package again on the client machine:"
2090
2112
msgstr ""
2091
2113
2092
#: serverguide/C/vpn.xml:235(command) serverguide/C/vpn.xml:603(command)
2114
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
2093
2115
msgid "sudo apt-get install openvpn"
2094
2116
msgstr "sudo apt-get install openvpn"
2095
2117
2096
#: serverguide/C/vpn.xml:238(para)
2118
#: serverguide/C/vpn.xml:234(para)
2097
2119
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
2098
2120
msgstr ""
2099
2121
2100
#: serverguide/C/vpn.xml:242(command)
2122
#: serverguide/C/vpn.xml:238(command)
2101
2123
msgid ""
2102
2124
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2103
2125
"/etc/openvpn/"
2104
2126
msgstr ""
2105
2127
2106
#: serverguide/C/vpn.xml:245(para)
2128
#: serverguide/C/vpn.xml:241(para)
2107
2129
msgid ""
2108
2130
"Copy the client keys and the certificate of the CA you created in the "
2109
2131
"section above to e.g. /etc/openvpn/ and edit "
2112
2134
"you can omit the path."
2113
2135
msgstr ""
2114
2136
2115
#: serverguide/C/vpn.xml:248(programlisting) serverguide/C/vpn.xml:268(programlisting)
2137
#: serverguide/C/vpn.xml:244(programlisting)
2116
2138
#, no-wrap
2117
2139
msgid ""
2118
2140
"\n"
2121
2143
"key client1.key\n"
2122
2144
msgstr ""
2123
2145
2124
#: serverguide/C/vpn.xml:254(para)
2146
#: serverguide/C/vpn.xml:250(para)
2125
2147
msgid ""
2126
2148
"And you have to at least specify the OpenVPN server name or address. Make "
2127
2149
"sure the keyword client is in the config. That's what enables client mode."
2128
2150
msgstr ""
2129
2151
2130
#: serverguide/C/vpn.xml:260(programlisting)
2152
#: serverguide/C/vpn.xml:256(programlisting)
2131
2153
#, no-wrap
2132
2154
msgid ""
2133
2155
"\n"
2135
2157
"remote vpnserver.example.com 1194\n"
2136
2158
msgstr ""
2137
2159
2138
#: serverguide/C/vpn.xml:265(para)
2160
#: serverguide/C/vpn.xml:278(para)
2139
2161
msgid ""
2140
2162
"Also, make sure you specify the keyfile names you copied from the server"
2141
2163
msgstr ""
2142
2164
2143
#: serverguide/C/vpn.xml:273(para)
2165
#: serverguide/C/vpn.xml:261(para)
2144
2166
msgid "Now start the OpenVPN client:"
2145
2167
msgstr ""
2146
2168
2147
#: serverguide/C/vpn.xml:277(programlisting)
2169
#: serverguide/C/vpn.xml:290(programlisting)
2148
2170
#, no-wrap
2149
2171
msgid ""
2150
2172
"\n"
2153
2175
" * Autostarting VPN 'client' [ OK ] \n"
2154
2176
msgstr ""
2155
2177
2156
#: serverguide/C/vpn.xml:283(para)
2178
#: serverguide/C/vpn.xml:271(para)
2157
2179
msgid "Check if it created a tun0 interface:"
2158
2180
msgstr ""
2159
2181
2160
#: serverguide/C/vpn.xml:287(programlisting)
2182
#: serverguide/C/vpn.xml:275(programlisting)
2161
2183
#, no-wrap
2162
2184
msgid ""
2163
2185
"\n"
2168
2190
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
2169
2191
msgstr ""
2170
2192
2171
#: serverguide/C/vpn.xml:294(para)
2193
#: serverguide/C/vpn.xml:282(para)
2172
2194
msgid "Check if you can ping the OpenVPN server:"
2173
2195
msgstr ""
2174
2196
2175
#: serverguide/C/vpn.xml:297(programlisting)
2197
#: serverguide/C/vpn.xml:285(programlisting)
2176
2198
#, no-wrap
2177
2199
msgid ""
2178
2200
"\n"
2181
2203
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
2182
2204
msgstr ""
2183
2205
2184
#: serverguide/C/vpn.xml:304(para)
2206
#: serverguide/C/vpn.xml:292(para)
2185
2207
msgid ""
2186
2208
"The OpenVPN server always uses the first usable IP address in the client "
2187
2209
"network and only that IP is pingable. E.g. if you configured a /24 for the "
2189
2211
"in the ifconfig output above is usually not answering ping requests."
2190
2212
msgstr ""
2191
2213
2192
#: serverguide/C/vpn.xml:309(para)
2214
#: serverguide/C/vpn.xml:297(para)
2193
2215
msgid "Check out your routes:"
2194
2216
msgstr ""
2195
2217
2196
#: serverguide/C/vpn.xml:312(programlisting)
2218
#: serverguide/C/vpn.xml:300(programlisting)
2197
2219
#, no-wrap
2198
2220
msgid ""
2199
2221
"\n"
2211
2233
"eth0\n"
2212
2234
msgstr ""
2213
2235
2214
#: serverguide/C/vpn.xml:324(title)
2236
#: serverguide/C/vpn.xml:312(title)
2215
2237
msgid "First trouble shooting"
2216
2238
msgstr ""
2217
2239
2218
#: serverguide/C/vpn.xml:326(para)
2240
#: serverguide/C/vpn.xml:314(para)
2219
2241
msgid "If the above didn't work for you, check this:"
2220
2242
msgstr ""
2221
2243
2222
#: serverguide/C/vpn.xml:331(para)
2244
#: serverguide/C/vpn.xml:319(para)
2223
2245
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2224
2246
msgstr ""
2225
2247
2226
#: serverguide/C/vpn.xml:334(para)
2248
#: serverguide/C/vpn.xml:347(para)
2227
2249
msgid ""
2228
2250
"Check that you have specified the keyfile names correctly in client.conf and "
2229
2251
"server.conf."
2230
2252
msgstr ""
2231
2253
2232
#: serverguide/C/vpn.xml:337(para)
2254
#: serverguide/C/vpn.xml:322(para)
2233
2255
msgid ""
2234
2256
"Can the client connect to the server machine? Maybe a firewall is blocking "
2235
2257
"access? Check syslog on server."
2236
2258
msgstr ""
2237
2259
2238
#: serverguide/C/vpn.xml:340(para)
2260
#: serverguide/C/vpn.xml:325(para)
2239
2261
msgid ""
2240
2262
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2241
2263
"port and proto config option"
2242
2264
msgstr ""
2243
2265
2244
#: serverguide/C/vpn.xml:343(para)
2266
#: serverguide/C/vpn.xml:328(para)
2245
2267
msgid ""
2246
2268
"Client and server must use same config regarding compression, see comp-lzo "
2247
2269
"config option"
2248
2270
msgstr ""
2249
2271
2250
#: serverguide/C/vpn.xml:346(para)
2272
#: serverguide/C/vpn.xml:331(para)
2251
2273
msgid ""
2252
2274
"Client and server must use same config regarding bridged vs routed mode, see "
2253
2275
"server vs server-bridge config option"
2254
2276
msgstr ""
2255
2277
2256
#: serverguide/C/vpn.xml:353(title) serverguide/C/databases.xml:161(title)
2278
#: serverguide/C/databases.xml:168(title)
2257
2279
msgid "Advanced configuration"
2258
2280
msgstr ""
2259
2281
2260
#: serverguide/C/vpn.xml:356(title)
2282
#: serverguide/C/vpn.xml:342(title)
2261
2283
msgid "Advanced routed VPN configuration on server"
2262
2284
msgstr ""
2263
2285
2264
#: serverguide/C/vpn.xml:358(para)
2286
#: serverguide/C/vpn.xml:344(para)
2265
2287
msgid ""
2266
2288
"The above is a very simple working VPN. The client can access services on "
2267
2289
"the VPN server machine through an encrypted tunnel. If you want to reach "
2272
2294
"route to the VPN client-network."
2273
2295
msgstr ""
2274
2296
2275
#: serverguide/C/vpn.xml:362(para)
2297
#: serverguide/C/vpn.xml:348(para)
2276
2298
msgid ""
2277
2299
"Or you might push a default gateway to all the clients to send all their "
2278
2300
"internet traffic to the VPN gateway first and from there via the company "
2279
2301
"firewall into the internet. This section shows you some possible options."
2280
2302
msgstr ""
2281
2303
2282
#: serverguide/C/vpn.xml:366(para)
2304
#: serverguide/C/vpn.xml:352(para)
2283
2305
msgid ""
2284
2306
"Push routes to the client to allow it to reach other private subnets behind "
2285
2307
"the server. Remember that these private subnets will also need to know to "
2287
2309
"server."
2288
2310
msgstr ""
2289
2311
2290
#: serverguide/C/vpn.xml:375(programlisting)
2312
#: serverguide/C/vpn.xml:361(programlisting)
2291
2313
#, no-wrap
2292
2314
msgid ""
2293
2315
"\n"
2294
2316
"push \"route 10.0.0.0 255.0.0.0\"\n"
2295
2317
msgstr ""
2296
2318
2297
#: serverguide/C/vpn.xml:379(para)
2319
#: serverguide/C/vpn.xml:392(para)
2298
2320
msgid ""
2299
2321
"If enabled, this directive will configure all clients to redirect their "
2300
2322
"default network gateway through the VPN, causing all IP traffic such as web "
2303
2325
"internet in order for this to work properly)."
2304
2326
msgstr ""
2305
2327
2306
#: serverguide/C/vpn.xml:388(programlisting)
2328
#: serverguide/C/vpn.xml:374(programlisting)
2307
2329
#, no-wrap
2308
2330
msgid ""
2309
2331
"\n"
2310
2332
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2311
2333
msgstr ""
2312
2334
2313
#: serverguide/C/vpn.xml:392(para)
2335
#: serverguide/C/vpn.xml:378(para)
2314
2336
msgid ""
2315
2337
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2316
2338
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2318
2340
"10.8.0.1. Comment this line out if you are ethernet bridging."
2319
2341
msgstr ""
2320
2342
2321
#: serverguide/C/vpn.xml:401(programlisting)
2343
#: serverguide/C/vpn.xml:387(programlisting)
2322
2344
#, no-wrap
2323
2345
msgid ""
2324
2346
"\n"
2325
2347
"server 10.8.0.0 255.255.255.0\n"
2326
2348
msgstr ""
2327
2349
2328
#: serverguide/C/vpn.xml:405(para)
2350
#: serverguide/C/vpn.xml:391(para)
2329
2351
msgid ""
2330
2352
"Maintain a record of client to virtual IP address associations in this file. "
2331
2353
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2332
2354
"the same virtual IP address from the pool that was previously assigned."
2333
2355
msgstr ""
2334
2356
2335
#: serverguide/C/vpn.xml:412(programlisting)
2357
#: serverguide/C/vpn.xml:398(programlisting)
2336
2358
#, no-wrap
2337
2359
msgid ""
2338
2360
"\n"
2339
2361
"ifconfig-pool-persist ipp.txt\n"
2340
2362
msgstr ""
2341
2363
2342
#: serverguide/C/vpn.xml:416(para)
2364
#: serverguide/C/vpn.xml:402(para)
2343
2365
msgid "Push DNS servers to the client."
2344
2366
msgstr ""
2345
2367
2346
#: serverguide/C/vpn.xml:419(programlisting)
2368
#: serverguide/C/vpn.xml:405(programlisting)
2347
2369
#, no-wrap
2348
2370
msgid ""
2349
2371
"\n"
2351
2373
"push \"dhcp-option DNS 10.1.0.2\"\n"
2352
2374
msgstr ""
2353
2375
2354
#: serverguide/C/vpn.xml:424(para)
2376
#: serverguide/C/vpn.xml:410(para)
2355
2377
msgid "Allow client to client communication."
2356
2378
msgstr ""
2357
2379
2358
#: serverguide/C/vpn.xml:427(programlisting)
2380
#: serverguide/C/vpn.xml:413(programlisting)
2359
2381
#, no-wrap
2360
2382
msgid ""
2361
2383
"\n"
2362
2384
"client-to-client\n"
2363
2385
msgstr ""
2364
2386
2365
#: serverguide/C/vpn.xml:431(para)
2387
#: serverguide/C/vpn.xml:417(para)
2366
2388
msgid "Enable compression on the VPN link."
2367
2389
msgstr ""
2368
2390
2369
#: serverguide/C/vpn.xml:434(programlisting)
2391
#: serverguide/C/vpn.xml:420(programlisting)
2370
2392
#, no-wrap
2371
2393
msgid ""
2372
2394
"\n"
2373
2395
"comp-lzo\n"
2374
2396
msgstr ""
2375
2397
2376
#: serverguide/C/vpn.xml:438(para)
2398
#: serverguide/C/vpn.xml:424(para)
2377
2399
msgid ""
2378
2400
"The keepalive directive causes ping-like messages to be sent back and forth "
2379
2401
"over the link so that each side knows when the other side has gone down. "
2381
2403
"during a 3 second time period."
2382
2404
msgstr ""
2383
2405
2384
#: serverguide/C/vpn.xml:447(programlisting)
2406
#: serverguide/C/vpn.xml:433(programlisting)
2385
2407
#, no-wrap
2386
2408
msgid ""
2387
2409
"\n"
2388
2410
"keepalive 1 3\n"
2389
2411
msgstr ""
2390
2412
2391
#: serverguide/C/vpn.xml:451(para)
2413
#: serverguide/C/vpn.xml:437(para)
2392
2414
msgid ""
2393
2415
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2394
2416
"initialization."
2395
2417
msgstr ""
2396
2418
2397
#: serverguide/C/vpn.xml:454(programlisting)
2419
#: serverguide/C/vpn.xml:440(programlisting)
2398
2420
#, no-wrap
2399
2421
msgid ""
2400
2422
"\n"
2402
2424
"group nogroup\n"
2403
2425
msgstr ""
2404
2426
2405
#: serverguide/C/vpn.xml:459(para)
2427
#: serverguide/C/vpn.xml:445(para)
2406
2428
msgid ""
2407
2429
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2408
2430
"obtain a username and password from a connecting client, and to use that "
2412
2434
"username/password, passing it on to the server over the secure TLS channel."
2413
2435
msgstr ""
2414
2436
2415
#: serverguide/C/vpn.xml:463(programlisting)
2437
#: serverguide/C/vpn.xml:449(programlisting)
2416
2438
#, no-wrap
2417
2439
msgid ""
2418
2440
"\n"
2420
2442
"auth-user-pass\n"
2421
2443
msgstr ""
2422
2444
2423
#: serverguide/C/vpn.xml:468(para)
2445
#: serverguide/C/vpn.xml:454(para)
2424
2446
msgid ""
2425
2447
"This will tell the OpenVPN server to validate the username/password entered "
2426
2448
"by clients using the login PAM module. Useful if you have centralized "
2427
2449
"authentication with e.g. Kerberos."
2428
2450
msgstr ""
2429
2451
2430
#: serverguide/C/vpn.xml:473(programlisting)
2452
#: serverguide/C/vpn.xml:486(programlisting)
2431
2453
#, no-wrap
2432
2454
msgid ""
2433
2455
"\n"
2434
2456
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2435
2457
msgstr ""
2436
2458
2437
#: serverguide/C/vpn.xml:477(para)
2459
#: serverguide/C/vpn.xml:463(para)
2438
2460
msgid ""
2439
2461
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2440
2462
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2441
2463
"for further security advice."
2442
2464
msgstr ""
2443
2465
2444
#: serverguide/C/vpn.xml:483(title)
2466
#: serverguide/C/vpn.xml:469(title)
2445
2467
msgid "Advanced bridged VPN configuration on server"
2446
2468
msgstr ""
2447
2469
2448
#: serverguide/C/vpn.xml:485(para)
2470
#: serverguide/C/vpn.xml:471(para)
2449
2471
msgid ""
2450
2472
"<application>OpenVPN</application> can be setup for either a routed or a "
2451
2473
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2457
2479
"be filtered."
2458
2480
msgstr ""
2459
2481
2460
#: serverguide/C/vpn.xml:491(title)
2482
#: serverguide/C/vpn.xml:477(title)
2461
2483
msgid "Prepare interface config for bridging on server"
2462
2484
msgstr ""
2463
2485
2464
#: serverguide/C/vpn.xml:493(para)
2486
#: serverguide/C/vpn.xml:479(para)
2465
2487
msgid "Make sure you have the bridge-utils package installed:"
2466
2488
msgstr ""
2467
2489
2468
#: serverguide/C/vpn.xml:497(command) serverguide/C/network-config.xml:542(command)
2490
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2469
2491
msgid "sudo apt-get install bridge-utils"
2470
2492
msgstr ""
2471
2493
2472
#: serverguide/C/vpn.xml:500(para)
2494
#: serverguide/C/vpn.xml:486(para)
2473
2495
msgid ""
2474
2496
"Before you setup OpenVPN in bridged mode you need to change your interface "
2475
2497
"configuration. Let's assume your server has an interface eth0 connected to "
2477
2499
"Your /etc/network/interfaces would like this:"
2478
2500
msgstr ""
2479
2501
2480
#: serverguide/C/vpn.xml:504(programlisting)
2502
#: serverguide/C/vpn.xml:490(programlisting)
2481
2503
#, no-wrap
2482
2504
msgid ""
2483
2505
"\n"
2493
2515
" netmask 255.255.255.0\n"
2494
2516
msgstr ""
2495
2517
2496
#: serverguide/C/vpn.xml:517(para)
2518
#: serverguide/C/vpn.xml:503(para)
2497
2519
msgid ""
2498
2520
"This straight forward interface config needs to be changed into a bridged "
2499
2521
"mode like where the config of interface eth1 moves to the new br0 interface. "
2502
2524
"interface to forward all ethernet frames to the IP stack."
2503
2525
msgstr ""
2504
2526
2505
#: serverguide/C/vpn.xml:521(programlisting)
2527
#: serverguide/C/vpn.xml:507(programlisting)
2506
2528
#, no-wrap
2507
2529
msgid ""
2508
2530
"\n"
2523
2545
" bridge_ports eth1\n"
2524
2546
msgstr ""
2525
2547
2526
#: serverguide/C/vpn.xml:539(para)
2548
#: serverguide/C/vpn.xml:552(para)
2527
2549
msgid ""
2528
2550
"At this point you need to bring up the bridge. Be prepared that this might "
2529
2551
"not work as expected and that you will lose remote connectivity. Make sure "
2530
2552
"you can solve problems having local access."
2531
2553
msgstr ""
2532
2554
2533
#: serverguide/C/vpn.xml:543(command)
2555
#: serverguide/C/vpn.xml:556(command)
2534
2556
msgid "sudo ifdown eth1 && sudo ifup -a"
2535
2557
msgstr ""
2536
2558
2537
#: serverguide/C/vpn.xml:548(title)
2559
#: serverguide/C/vpn.xml:534(title)
2538
2560
msgid "Prepare server config for bridging"
2539
2561
msgstr ""
2540
2562
2541
#: serverguide/C/vpn.xml:550(para)
2563
#: serverguide/C/vpn.xml:536(para)
2542
2564
msgid ""
2543
2565
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2544
2566
"options to:"
2545
2567
msgstr ""
2546
2568
2547
#: serverguide/C/vpn.xml:554(programlisting)
2569
#: serverguide/C/vpn.xml:540(programlisting)
2548
2570
#, no-wrap
2549
2571
msgid ""
2550
2572
"\n"
2555
2577
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2556
2578
msgstr ""
2557
2579
2558
#: serverguide/C/vpn.xml:562(para)
2580
#: serverguide/C/vpn.xml:548(para)
2559
2581
msgid ""
2560
2582
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2561
2583
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2562
2584
"<filename>/etc/openvpn/up.sh</filename>:"
2563
2585
msgstr ""
2564
2586
2565
#: serverguide/C/vpn.xml:566(programlisting)
2587
#: serverguide/C/vpn.xml:552(programlisting)
2566
2588
#, no-wrap
2567
2589
msgid ""
2568
2590
"\n"
2577
2599
"/sbin/brctl addif $BR $TAPDEV\n"
2578
2600
msgstr ""
2579
2601
2580
#: serverguide/C/vpn.xml:578(para)
2602
#: serverguide/C/vpn.xml:564(para)
2581
2603
msgid "Then make it executable:"
2582
2604
msgstr ""
2583
2605
2584
#: serverguide/C/vpn.xml:583(command)
2606
#: serverguide/C/vpn.xml:569(command)
2585
2607
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2586
2608
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
2587
2609
2588
#: serverguide/C/vpn.xml:586(para)
2610
#: serverguide/C/vpn.xml:572(para)
2589
2611
msgid ""
2590
2612
"After configuring the server, restart <application>openvpn</application> by "
2591
2613
"entering:"
2592
2614
msgstr "配置完服务器之后,使用以下命令来重启<application>openvpn</application>:"
2593
2615
2594
#: serverguide/C/vpn.xml:591(command) serverguide/C/vpn.xml:632(command)
2616
#: serverguide/C/vpn.xml:604(command) serverguide/C/vpn.xml:645(command)
2595
2617
msgid "sudo service openvpn restart"
2596
2618
msgstr ""
2597
2619
2598
#: serverguide/C/vpn.xml:596(title)
2620
#: serverguide/C/vpn.xml:582(title)
2599
2621
msgid "Client Configuration"
2600
2622
msgstr "客户端配置"
2601
2623
2602
#: serverguide/C/vpn.xml:598(para)
2624
#: serverguide/C/vpn.xml:584(para)
2603
2625
msgid "First, install <application>openvpn</application> on the client:"
2604
2626
msgstr ""
2605
2627
2606
#: serverguide/C/vpn.xml:606(para)
2628
#: serverguide/C/vpn.xml:592(para)
2607
2629
msgid ""
2608
2630
"Then with the server configured and the client certificates copied to the "
2609
2631
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2610
2632
"file by copying the example. In a terminal on the client machine enter:"
2611
2633
msgstr ""
2612
2634
2613
#: serverguide/C/vpn.xml:612(command)
2635
#: serverguide/C/vpn.xml:598(command)
2614
2636
msgid ""
2615
2637
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2616
2638
"/etc/openvpn"
2618
2640
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2619
2641
"/etc/openvpn"
2620
2642
2621
#: serverguide/C/vpn.xml:615(para)
2643
#: serverguide/C/vpn.xml:601(para)
2622
2644
msgid ""
2623
2645
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2624
2646
"following options:"
2625
2647
msgstr "现在编辑<filename>/etc/openvpn/client.conf</filename>,更改以下选项:"
2626
2648
2627
#: serverguide/C/vpn.xml:619(programlisting)
2649
#: serverguide/C/vpn.xml:632(programlisting)
2628
2650
#, no-wrap
2629
2651
msgid ""
2630
2652
"\n"
2635
2657
"key client1.key\n"
2636
2658
msgstr ""
2637
2659
2638
#: serverguide/C/vpn.xml:627(para)
2660
#: serverguide/C/vpn.xml:610(para)
2639
2661
msgid "Finally, restart <application>openvpn</application>:"
2640
2662
msgstr "最后,重启<application>openvpn</application>:"
2641
2663
2642
#: serverguide/C/vpn.xml:635(para)
2664
#: serverguide/C/vpn.xml:618(para)
2643
2665
msgid "You should now be able to connect to the remote LAN through the VPN."
2644
2666
msgstr "您现在应该可以通过VPN连接到远程LAN。"
2645
2667
2646
#: serverguide/C/vpn.xml:644(title)
2668
#: serverguide/C/vpn.xml:627(title)
2647
2669
msgid "Client software implementations"
2648
2670
msgstr ""
2649
2671
2650
#: serverguide/C/vpn.xml:647(title)
2672
#: serverguide/C/vpn.xml:630(title)
2651
2673
msgid "Linux Network-Manager GUI for OpenVPN"
2652
2674
msgstr ""
2653
2675
2654
#: serverguide/C/vpn.xml:649(para)
2676
#: serverguide/C/vpn.xml:632(para)
2655
2677
msgid ""
2656
2678
"Many Linux distributions including Ubuntu desktop variants come with Network "
2657
2679
"Manager, a nice GUI to configure your network settings. It also can manage "
2660
2682
"packages as well:"
2661
2683
msgstr ""
2662
2684
2663
#: serverguide/C/vpn.xml:654(programlisting)
2685
#: serverguide/C/vpn.xml:637(programlisting)
2664
2686
#, no-wrap
2665
2687
msgid ""
2666
2688
"\n"
2681
2703
"Do you want to continue [Y/n]? \n"
2682
2704
msgstr ""
2683
2705
2684
#: serverguide/C/vpn.xml:672(para)
2706
#: serverguide/C/vpn.xml:655(para)
2685
2707
msgid ""
2686
2708
"To inform network-manager about the new installed packages you will have to "
2687
2709
"restart it:"
2688
2710
msgstr ""
2689
2711
2690
#: serverguide/C/vpn.xml:676(programlisting)
2712
#: serverguide/C/vpn.xml:659(programlisting)
2691
2713
#, no-wrap
2692
2714
msgid ""
2693
2715
"\n"
2695
2717
"network-manager start/running, process 3078\n"
2696
2718
msgstr ""
2697
2719
2698
#: serverguide/C/vpn.xml:681(para)
2720
#: serverguide/C/vpn.xml:694(para)
2699
2721
msgid ""
2700
2722
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
2701
2723
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
2707
2729
"to establish your VPN."
2708
2730
msgstr ""
2709
2731
2710
#: serverguide/C/vpn.xml:693(title)
2732
#: serverguide/C/vpn.xml:676(title)
2711
2733
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2712
2734
msgstr ""
2713
2735
2714
#: serverguide/C/vpn.xml:695(para)
2736
#: serverguide/C/vpn.xml:678(para)
2715
2737
msgid ""
2716
2738
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2717
2739
"OpenVPN for OS X. The project's homepage is at <ulink "
2723
2745
"Application folder."
2724
2746
msgstr ""
2725
2747
2726
#: serverguide/C/vpn.xml:701(programlisting)
2748
#: serverguide/C/vpn.xml:684(programlisting)
2727
2749
#, no-wrap
2728
2750
msgid ""
2729
2751
"\n"
2746
2768
"key client.key\n"
2747
2769
msgstr ""
2748
2770
2749
#: serverguide/C/vpn.xml:723(title)
2771
#: serverguide/C/vpn.xml:706(title)
2750
2772
msgid "OpenVPN with GUI for Win 7"
2751
2773
msgstr ""
2752
2774
2753
#: serverguide/C/vpn.xml:725(para)
2775
#: serverguide/C/vpn.xml:738(para)
2754
2776
msgid ""
2755
2777
"First download and install the latest <ulink "
2756
2778
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
2759
2781
"binary installer."
2760
2782
msgstr ""
2761
2783
2762
#: serverguide/C/vpn.xml:730(para)
2784
#: serverguide/C/vpn.xml:714(para)
2763
2785
msgid ""
2764
2786
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2765
2787
"> Services and Applications > Services. Find the OpenVPN service and "
2768
2790
"click on it and you will see that option."
2769
2791
msgstr ""
2770
2792
2771
#: serverguide/C/vpn.xml:734(para)
2793
#: serverguide/C/vpn.xml:718(para)
2772
2794
msgid ""
2773
2795
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2774
2796
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2776
2798
"follwing example."
2777
2799
msgstr ""
2778
2800
2779
#: serverguide/C/vpn.xml:738(programlisting)
2801
#: serverguide/C/vpn.xml:751(programlisting)
2780
2802
#, no-wrap
2781
2803
msgid ""
2782
2804
"\n"
2805
2827
"\n"
2806
2828
msgstr ""
2807
2829
2808
#: serverguide/C/vpn.xml:763(para)
2830
#: serverguide/C/vpn.xml:776(para)
2809
2831
msgid ""
2810
2832
"Note: If you are not using user authentication and/or you want to run the "
2811
2833
"service without user interaction, comment out the following options:"
2812
2834
msgstr ""
2813
2835
2814
#: serverguide/C/vpn.xml:766(programlisting)
2836
#: serverguide/C/vpn.xml:779(programlisting)
2815
2837
#, no-wrap
2816
2838
msgid ""
2817
2839
"\n"
2822
2844
"management-query-passwords\n"
2823
2845
msgstr ""
2824
2846
2825
#: serverguide/C/vpn.xml:773(para)
2847
#: serverguide/C/vpn.xml:786(para)
2826
2848
msgid "You may want to set the Windows service to \"automatic\"."
2827
2849
msgstr ""
2828
2850
2829
#: serverguide/C/vpn.xml:777(title)
2851
#: serverguide/C/vpn.xml:747(title)
2830
2852
msgid "OpenVPN for OpenWRT"
2831
2853
msgstr ""
2832
2854
2833
#: serverguide/C/vpn.xml:779(para)
2855
#: serverguide/C/vpn.xml:749(para)
2834
2856
msgid ""
2835
2857
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2836
2858
"router. There are certain types of WLAN routers who can be flashed to run "
2843
2865
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2844
2866
msgstr ""
2845
2867
2846
#: serverguide/C/vpn.xml:788(para)
2868
#: serverguide/C/vpn.xml:758(para)
2847
2869
msgid "Log into your OpenWRT router and install OpenVPN:"
2848
2870
msgstr ""
2849
2871
2850
#: serverguide/C/vpn.xml:793(command)
2872
#: serverguide/C/vpn.xml:763(command)
2851
2873
msgid "opkg update"
2852
2874
msgstr ""
2853
2875
2854
#: serverguide/C/vpn.xml:794(command)
2876
#: serverguide/C/vpn.xml:764(command)
2855
2877
msgid "opkg install openvpn"
2856
2878
msgstr ""
2857
2879
2858
#: serverguide/C/vpn.xml:797(para)
2880
#: serverguide/C/vpn.xml:810(para)
2859
2881
msgid ""
2860
2882
"Check out /etc/config/openvpn and put your client config in there. Copy "
2861
2883
"certificates and keys to /etc/openvpn/"
2862
2884
msgstr ""
2863
2885
2864
#: serverguide/C/vpn.xml:802(programlisting)
2886
#: serverguide/C/vpn.xml:772(programlisting)
2865
2887
#, no-wrap
2866
2888
msgid ""
2867
2889
"\n"
2877
2899
" option comp_lzo 1 \n"
2878
2900
msgstr ""
2879
2901
2880
#: serverguide/C/vpn.xml:815(para)
2902
#: serverguide/C/vpn.xml:785(para)
2881
2903
msgid "Restart OpenVPN:"
2882
2904
msgstr ""
2883
2905
2884
#: serverguide/C/vpn.xml:820(command)
2906
#: serverguide/C/vpn.xml:833(command)
2885
2907
msgid "service openvpn restart"
2886
2908
msgstr ""
2887
2909
2888
#: serverguide/C/vpn.xml:823(para)
2910
#: serverguide/C/vpn.xml:793(para)
2889
2911
msgid ""
2890
2912
"You will have to see if you need to adjust your router's routing and "
2891
2913
"firewall rules."
2892
2914
msgstr ""
2893
2915
2894
#: serverguide/C/vpn.xml:833(para)
2916
#: serverguide/C/vpn.xml:803(para)
2895
2917
msgid ""
2896
2918
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2897
2919
"additional information."
2898
2920
msgstr "请查看<ulink url=\"http://openvpn.net/\">OpenVPN</ulink>网站以获取更多信息。"
2899
2921
2900
#: serverguide/C/vpn.xml:839(ulink)
2922
#: serverguide/C/vpn.xml:809(ulink)
2901
2923
msgid "OpenVPN hardening security guide"
2902
2924
msgstr ""
2903
2925
2904
#: serverguide/C/vpn.xml:843(para)
2926
#: serverguide/C/vpn.xml:813(para)
2905
2927
msgid ""
2906
2928
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2907
2929
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2913
2935
msgid "Virtualization"
2914
2936
msgstr "虚拟化"
2915
2937
2916
#: serverguide/C/virtualization.xml:13(para)
2938
#: serverguide/C/virtualization.xml:12(para)
2917
2939
msgid ""
2918
2940
"Virtualization is being adopted in many different environments and "
2919
2941
"situations. If you are a developer, virtualization can provide you with a "
2925
2947
"虚拟化正被广泛地使用于各种不同的环境之中。如果您是一位开发者,虚拟化可以为您提供一个虚拟的环境,在这个环境你可以做几乎所有的工作而不必更改你主要的工作环境"
2926
2948
"。如果您是一位系统管理员,您可以使用虚拟化以满足不同的服务需求同时使他们依不同的需求而任意改变。"
2927
2949
2928
#: serverguide/C/virtualization.xml:20(para)
2950
#: serverguide/C/virtualization.xml:18(para)
2929
2951
msgid ""
2930
2952
"The default virtualization technology supported in Ubuntu is "
2931
2953
"<application>KVM</application>. KVM requires virtualization extensions built "
2936
2958
"hardware without virtualization extensions."
2937
2959
msgstr ""
2938
2960
2939
#: serverguide/C/virtualization.xml:29(title)
2961
#: serverguide/C/virtualization.xml:26(title)
2940
2962
msgid "libvirt"
2941
2963
msgstr "libvirt"
2942
2964
2943
#: serverguide/C/virtualization.xml:31(para)
2965
#: serverguide/C/virtualization.xml:27(para)
2944
2966
msgid ""
2945
2967
"The <application>libvirt</application> library is used to interface with "
2946
2968
"different virtualization technologies. Before getting started with "
2952
2974
"是支持不同的虚拟化技术的统一接口。在开始使用<application>libvirt</application> "
2953
2975
"之前,最好确认您的硬件是否支持<application>KVM</application>所必须的虚拟化扩展。在终端提示符下输入如下内容:"
2954
2976
2955
#: serverguide/C/virtualization.xml:39(command)
2977
#: serverguide/C/virtualization.xml:34(command)
2956
2978
msgid "kvm-ok"
2957
2979
msgstr ""
2958
2980
2959
#: serverguide/C/virtualization.xml:42(para)
2981
#: serverguide/C/virtualization.xml:36(para)
2960
2982
msgid ""
2961
2983
"A message will be printed informing you if your CPU "
2962
2984
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2970
2992
"it."
2971
2993
msgstr ""
2972
2994
2973
#: serverguide/C/virtualization.xml:53(title)
2995
#: serverguide/C/virtualization.xml:46(title)
2974
2996
msgid "Virtual Networking"
2975
2997
msgstr "虚拟网络"
2976
2998
2992
3014
"to the rest of the network."
2993
3015
msgstr ""
2994
3016
2995
#: serverguide/C/virtualization.xml:72(para)
3017
#: serverguide/C/virtualization.xml:62(para)
2996
3018
msgid "To install the necessary packages, from a terminal prompt enter:"
2997
3019
msgstr "要安装必要的软件包,从终端中输入:"
2998
3020
3000
3022
msgid "sudo apt-get install qemu-kvm libvirt-bin"
3001
3023
msgstr ""
3002
3024
3003
#: serverguide/C/virtualization.xml:79(para)
3025
#: serverguide/C/virtualization.xml:68(para)
3004
3026
msgid ""
3005
3027
"After installing <application>libvirt-bin</application>, the user used to "
3006
3028
"manage virtual machines will need to be added to the "
3011
3033
"bin</application>后,用于管理虚拟机的用户需要被添加到<emphasis>libvirtd</emphasis>组。这样做会赋予这个用户进"
3012
3034
"入到高级网络选项的权限。"
3013
3035
3014
#: serverguide/C/virtualization.xml:84(para)
3036
#: serverguide/C/virtualization.xml:72(para)
3015
3037
msgid "In a terminal enter:"
3016
3038
msgstr "在终端中输入:"
3017
3039
3018
#: serverguide/C/virtualization.xml:87(command)
3040
#: serverguide/C/virtualization.xml:76(command)
3019
3041
msgid "sudo adduser $USER libvirtd"
3020
3042
msgstr "sudo adduser $USER libvirtd"
3021
3043
3022
#: serverguide/C/virtualization.xml:91(para)
3044
#: serverguide/C/virtualization.xml:79(para)
3023
3045
msgid ""
3024
3046
"If the user chosen is the current user, you will need to log out and back in "
3025
3047
"for the new group membership to take effect."
3026
3048
msgstr "如果用户是当前用户,你需要登出再登陆回来以使新的组成员设置生效。"
3027
3049
3028
#: serverguide/C/virtualization.xml:95(para)
3050
#: serverguide/C/virtualization.xml:83(para)
3029
3051
msgid ""
3030
3052
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3031
3053
"Installing a virtual machine follows the same process as installing the "
3036
3058
"您现在已准备好安装一个 <emphasis>Guest</emphasis> "
3037
3059
"操作系统。按照在真实硬件上直接安装操作系统的步骤来安装虚拟机。您也需要一个自动化安装的方法,否则一套键盘和显示器需要连接到物理机器上。"
3038
3060
3039
#: serverguide/C/virtualization.xml:101(para)
3061
#: serverguide/C/virtualization.xml:88(para)
3040
3062
msgid ""
3041
3063
"In the case of virtual machines a Graphical User Interface (GUI) is "
3042
3064
"analogous to using a physical keyboard and mouse. Instead of installing a "
3064
3086
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
3065
3087
msgstr ""
3066
3088
3067
#: serverguide/C/virtualization.xml:119(para)
3089
#: serverguide/C/virtualization.xml:101(para)
3068
3090
msgid ""
3069
3091
"Libvirt can also be configured work with <application>Xen</application>. For "
3070
3092
"details, see the Xen Ubuntu community page referenced below."
3071
3093
msgstr ""
3072
3094
3073
#: serverguide/C/virtualization.xml:125(title)
3095
#: serverguide/C/virtualization.xml:106(title)
3074
3096
msgid "virt-install"
3075
3097
msgstr "virt-install"
3076
3098
3077
#: serverguide/C/virtualization.xml:127(para)
3099
#: serverguide/C/virtualization.xml:107(para)
3078
3100
msgid ""
3079
3101
"<application>virt-install</application> is part of the "
3080
3102
"<application>virtinst</application> package. To install it, from a terminal "
3081
3103
"prompt enter:"
3082
3104
msgstr ""
3083
3105
3084
#: serverguide/C/virtualization.xml:132(command)
3106
#: serverguide/C/virtualization.xml:111(command)
3085
3107
msgid "sudo apt-get install virtinst"
3086
3108
msgstr ""
3087
3109
3088
#: serverguide/C/virtualization.xml:135(para)
3110
#: serverguide/C/virtualization.xml:113(para)
3089
3111
msgid ""
3090
3112
"There are several options available when using <application>virt-"
3091
3113
"install</application>. For example:"
3099
3121
"vnc,listen=0.0.0.0 --noautoconsole -v"
3100
3122
msgstr ""
3101
3123
3102
#: serverguide/C/virtualization.xml:147(para)
3124
#: serverguide/C/virtualization.xml:124(para)
3103
3125
msgid ""
3104
3126
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3105
3127
"be <emphasis>web_devel</emphasis> in this example."
3107
3129
"<emphasis>-n "
3108
3130
"web_devel:</emphasis>本例中的新虚拟机的名字将是<emphasis>web_devel</emphasis>。"
3109
3131
3110
#: serverguide/C/virtualization.xml:153(para)
3132
#: serverguide/C/virtualization.xml:129(para)
3111
3133
msgid ""
3112
3134
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3113
3135
"machine will use in megabytes."
3114
3136
msgstr ""
3115
3137
3116
#: serverguide/C/virtualization.xml:158(para)
3138
#: serverguide/C/virtualization.xml:134(para)
3117
3139
msgid ""
3118
3140
"<emphasis>--disk "
3119
3141
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3130
3152
"CDROM device."
3131
3153
msgstr ""
3132
3154
3133
#: serverguide/C/virtualization.xml:174(para)
3155
#: serverguide/C/virtualization.xml:152(para)
3134
3156
msgid ""
3135
3157
"<emphasis>--network</emphasis> provides details related to the VM's network "
3136
3158
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3145
3167
"connect via VNC to complete the installation."
3146
3168
msgstr ""
3147
3169
3148
#: serverguide/C/virtualization.xml:189(para)
3170
#: serverguide/C/virtualization.xml:163(para)
3149
3171
msgid ""
3150
3172
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3151
3173
"virtual machine's console."
3152
3174
msgstr "<emphasis>--noautoconsole:</emphasis>将不会自动连接到虚拟机的控制台。"
3153
3175
3154
#: serverguide/C/virtualization.xml:194(para)
3176
#: serverguide/C/virtualization.xml:168(para)
3155
3177
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3156
3178
msgstr "<emphasis>-v:</emphasis>创建完全虚拟化的客户端。"
3157
3179
3162
3184
"a GUI), or via a remote VNC client from a GUI based computer."
3163
3185
msgstr ""
3164
3186
3165
#: serverguide/C/virtualization.xml:206(title)
3187
#: serverguide/C/virtualization.xml:179(title)
3166
3188
msgid "virt-clone"
3167
3189
msgstr "virt-clone"
3168
3190
3169
#: serverguide/C/virtualization.xml:208(para)
3191
#: serverguide/C/virtualization.xml:180(para)
3170
3192
msgid ""
3171
3193
"The <application>virt-clone</application> application can be used to copy "
3172
3194
"one virtual machine to another. For example:"
3173
3195
msgstr "<application>virt-clone</application>程序可从一个虚拟机复制成另一个。例如:"
3174
3196
3175
#: serverguide/C/virtualization.xml:212(command)
3197
#: serverguide/C/virtualization.xml:184(command)
3176
3198
msgid ""
3177
3199
"sudo virt-clone -o web_devel -n database_devel -f "
3178
3200
"/path/to/database_devel.img \\ --connect=qemu:///system"
3179
3201
msgstr ""
3180
3202
3181
#: serverguide/C/virtualization.xml:218(para)
3203
#: serverguide/C/virtualization.xml:189(para)
3182
3204
msgid "<emphasis>-o:</emphasis> original virtual machine."
3183
3205
msgstr "<emphasis>-o:</emphasis>原始虚拟机。"
3184
3206
3185
#: serverguide/C/virtualization.xml:222(para)
3207
#: serverguide/C/virtualization.xml:194(para)
3186
3208
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3187
3209
msgstr "<emphasis>-n:</emphasis>新的虚拟机的名字。"
3188
3210
3189
#: serverguide/C/virtualization.xml:227(para)
3211
#: serverguide/C/virtualization.xml:199(para)
3190
3212
msgid ""
3191
3213
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3192
3214
"be used by the new virtual machine."
3193
3215
msgstr "<emphasis>-f:</emphasis>文件、逻辑卷或新虚拟机使用的分区的路径。"
3194
3216
3195
#: serverguide/C/virtualization.xml:232(para)
3217
#: serverguide/C/virtualization.xml:204(para)
3196
3218
msgid ""
3197
3219
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3198
3220
msgstr "<emphasis>--connect:</emphasis>指定要连接的管理程序。"
3199
3221
3200
#: serverguide/C/virtualization.xml:237(para)
3222
#: serverguide/C/virtualization.xml:209(para)
3201
3223
msgid ""
3202
3224
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3203
3225
"help troubleshoot problems with <application>virt-clone</application>."
3205
3227
"还有,用<emphasis>-d</emphasis>或<emphasis>--"
3206
3228
"debug</emphasis>选项来为<application>virt-clone</application>寻找故障。"
3207
3229
3208
#: serverguide/C/virtualization.xml:242(para)
3230
#: serverguide/C/virtualization.xml:214(para)
3209
3231
msgid ""
3210
3232
"Replace <emphasis>web_devel</emphasis> and "
3211
3233
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3213
3235
"用相应的虚拟机名称来替代<emphasis>web_devel</emphasis>和<emphasis>database_devel</emphasis"
3214
3236
">。"
3215
3237
3216
#: serverguide/C/virtualization.xml:249(title)
3238
#: serverguide/C/virtualization.xml:220(title)
3217
3239
msgid "Virtual Machine Management"
3218
3240
msgstr "虚拟机管理"
3219
3241
3220
#: serverguide/C/virtualization.xml:252(title)
3242
#: serverguide/C/virtualization.xml:222(title)
3221
3243
msgid "virsh"
3222
3244
msgstr "virsh"
3223
3245
3224
#: serverguide/C/virtualization.xml:254(para)
3246
#: serverguide/C/virtualization.xml:223(para)
3225
3247
msgid ""
3226
3248
"There are several utilities available to manage virtual machines and "
3227
3249
"<application>libvirt</application>. The <application>virsh</application> "
3230
3252
"有几个工具可以用来管理虚拟机和<application>libvirt</application>。<application>virsh</applica"
3231
3253
"tion>工具要顺命令行下使用。一些例子:"
3232
3254
3233
#: serverguide/C/virtualization.xml:261(para)
3255
#: serverguide/C/virtualization.xml:229(para)
3234
3256
msgid "To list running virtual machines:"
3235
3257
msgstr "列出正运行的虚拟机:"
3236
3258
3237
#: serverguide/C/virtualization.xml:264(command)
3259
#: serverguide/C/virtualization.xml:233(command)
3238
3260
msgid "virsh -c qemu:///system list"
3239
3261
msgstr "virsh -c qemu:///system list"
3240
3262
3241
#: serverguide/C/virtualization.xml:269(para)
3263
#: serverguide/C/virtualization.xml:237(para)
3242
3264
msgid "To start a virtual machine:"
3243
3265
msgstr "启动一个虚拟机:"
3244
3266
3245
#: serverguide/C/virtualization.xml:272(command)
3267
#: serverguide/C/virtualization.xml:241(command)
3246
3268
msgid "virsh -c qemu:///system start web_devel"
3247
3269
msgstr "virsh -c qemu:///system start web_devel"
3248
3270
3249
#: serverguide/C/virtualization.xml:277(para)
3271
#: serverguide/C/virtualization.xml:245(para)
3250
3272
msgid "Similarly, to start a virtual machine at boot:"
3251
3273
msgstr "类似地,在启动时开始一个虚拟机:"
3252
3274
3253
#: serverguide/C/virtualization.xml:280(command)
3275
#: serverguide/C/virtualization.xml:249(command)
3254
3276
msgid "virsh -c qemu:///system autostart web_devel"
3255
3277
msgstr "virsh -c qemu:///system autostart web_devel"
3256
3278
3257
#: serverguide/C/virtualization.xml:285(para)
3279
#: serverguide/C/virtualization.xml:253(para)
3258
3280
msgid "Reboot a virtual machine with:"
3259
3281
msgstr "重启一个虚拟机:"
3260
3282
3261
#: serverguide/C/virtualization.xml:288(command)
3283
#: serverguide/C/virtualization.xml:257(command)
3262
3284
msgid "virsh -c qemu:///system reboot web_devel"
3263
3285
msgstr "virsh -c qemu:///system reboot web_devel"
3264
3286
3265
#: serverguide/C/virtualization.xml:293(para)
3287
#: serverguide/C/virtualization.xml:261(para)
3266
3288
msgid ""
3267
3289
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3268
3290
"order to be restored later. The following will save the virtual machine "
3270
3292
msgstr ""
3271
3293
"虚拟机的<emphasis>状态</emphasis>可被保存到一个文件中以方便稍后恢复。如下命令会将虚拟机的状态保存到一个以日期命名的文件中:"
3272
3294
3273
#: serverguide/C/virtualization.xml:299(command)
3295
#: serverguide/C/virtualization.xml:266(command)
3274
3296
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3275
3297
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
3276
3298
3277
#: serverguide/C/virtualization.xml:302(para)
3299
#: serverguide/C/virtualization.xml:268(para)
3278
3300
msgid "Once saved the virtual machine will no longer be running."
3279
3301
msgstr "一旦保存,虚拟机将不再运行。"
3280
3302
3281
#: serverguide/C/virtualization.xml:307(para)
3303
#: serverguide/C/virtualization.xml:273(para)
3282
3304
msgid "A saved virtual machine can be restored using:"
3283
3305
msgstr "一个经保存后的虚拟机可以用如下命令唤醒:"
3284
3306
3285
#: serverguide/C/virtualization.xml:310(command)
3307
#: serverguide/C/virtualization.xml:277(command)
3286
3308
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3287
3309
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
3288
3310
3289
#: serverguide/C/virtualization.xml:315(para)
3311
#: serverguide/C/virtualization.xml:281(para)
3290
3312
msgid "To shutdown a virtual machine do:"
3291
3313
msgstr "要关闭一个虚拟机,输入:"
3292
3314
3293
#: serverguide/C/virtualization.xml:318(command)
3315
#: serverguide/C/virtualization.xml:285(command)
3294
3316
msgid "virsh -c qemu:///system shutdown web_devel"
3295
3317
msgstr "virsh -c qemu:///system shutdown web_devel"
3296
3318
3297
#: serverguide/C/virtualization.xml:323(para)
3319
#: serverguide/C/virtualization.xml:289(para)
3298
3320
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3299
3321
msgstr "CDROM设备可以通过如下命令挂载到虚拟机上:"
3300
3322
3301
#: serverguide/C/virtualization.xml:327(command)
3323
#: serverguide/C/virtualization.xml:293(command)
3302
3324
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3303
3325
msgstr ""
3304
3326
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3305
3327
3306
#: serverguide/C/virtualization.xml:333(para)
3328
#: serverguide/C/virtualization.xml:298(para)
3307
3329
msgid ""
3308
3330
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3309
3331
"appropriate virtual machine name, and <filename>web_devel-"
3312
3334
"在上面例子中把合适的虚拟主机名代替为<emphasis>web_devel</emphasis>,并和<filename>web_devel-"
3313
3335
"022708.state</filename>带有详细描述的文件名。"
3314
3336
3315
#: serverguide/C/virtualization.xml:341(title)
3337
#: serverguide/C/virtualization.xml:305(title)
3316
3338
msgid "Virtual Machine Manager"
3317
3339
msgstr "虚拟机管理器"
3318
3340
3319
#: serverguide/C/virtualization.xml:343(para)
3341
#: serverguide/C/virtualization.xml:306(para)
3320
3342
msgid ""
3321
3343
"The <application>virt-manager</application> package contains a graphical "
3322
3344
"utility to manage local and remote virtual machines. To install virt-manager "
3325
3347
"<application>virt-manager</application> 软件包含了一组图形化的程序用以管理本地和远程的虚拟机。要安装virt-"
3326
3348
"manager请输入:"
3327
3349
3328
#: serverguide/C/virtualization.xml:348(command)
3350
#: serverguide/C/virtualization.xml:311(command)
3329
3351
msgid "sudo apt-get install virt-manager"
3330
3352
msgstr "sudo apt-get install virt-manager"
3331
3353
3332
#: serverguide/C/virtualization.xml:351(para)
3354
#: serverguide/C/virtualization.xml:313(para)
3333
3355
msgid ""
3334
3356
"Since <application>virt-manager</application> requires a Graphical User "
3335
3357
"Interface (GUI) environment it is recommended to be installed on a "
3340
3362
"manager</application>需要图形操作界面(GUI)环境,那么推荐将其安装在工作站或测试机器上,而不是生产用的服务器上。要连接到本地<ap"
3341
3363
"plication>libvirt</application>服务,输入:"
3342
3364
3343
#: serverguide/C/virtualization.xml:358(command)
3365
#: serverguide/C/virtualization.xml:319(command)
3344
3366
msgid "virt-manager -c qemu:///system"
3345
3367
msgstr "virt-manager -c qemu:///system"
3346
3368
3347
#: serverguide/C/virtualization.xml:361(para)
3369
#: serverguide/C/virtualization.xml:321(para)
3348
3370
msgid ""
3349
3371
"You can connect to the <application>libvirt</application> service running on "
3350
3372
"another host by entering the following in a terminal prompt:"
3351
3373
msgstr "你可以通过在命令行输入命令来连接到在另一台主机上运行的<application>libvirt</application>服务:"
3352
3374
3353
#: serverguide/C/virtualization.xml:366(command)
3375
#: serverguide/C/virtualization.xml:325(command)
3354
3376
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3355
3377
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3356
3378
3357
#: serverguide/C/virtualization.xml:370(para)
3379
#: serverguide/C/virtualization.xml:328(para)
3358
3380
msgid ""
3359
3381
"The above example assumes that <application>SSH</application> connectivity "
3360
3382
"between the management system and virtnode1.mydomain.com has already been "
3369
3391
"<emphasis>密钥</emphasis>是必需的,因为<application>libvirt</application>是发送密码提示到另一进程里"
3370
3392
"。更多细节在设置<application>SSH</application>时请浏览<xref linkend=\"openssh-server\"/>"
3371
3393
3372
#: serverguide/C/virtualization.xml:383(title)
3394
#: serverguide/C/virtualization.xml:338(title)
3373
3395
msgid "Virtual Machine Viewer"
3374
3396
msgstr "虚拟机查看器"
3375
3397
3376
#: serverguide/C/virtualization.xml:385(para)
3398
#: serverguide/C/virtualization.xml:339(para)
3377
3399
msgid ""
3378
3400
"The <application>virt-viewer</application> application allows you to connect "
3379
3401
"to a virtual machine's console. <application>virt-viewer</application> does "
3383
3405
"<application>virt-viewer</application> 程序使您能够连接到虚拟机。 运行<application>virt-"
3384
3406
"viewer</application>需要您的虚拟机具备图形(GUI)支持。"
3385
3407
3386
#: serverguide/C/virtualization.xml:390(para)
3408
#: serverguide/C/virtualization.xml:343(para)
3387
3409
msgid ""
3388
3410
"To install <application>virt-viewer</application> from a terminal enter:"
3389
3411
msgstr "要从命令行安装<application>virt-viewer</application>,输入:"
3390
3412
3391
#: serverguide/C/virtualization.xml:394(command)
3413
#: serverguide/C/virtualization.xml:347(command)
3392
3414
msgid "sudo apt-get install virt-viewer"
3393
3415
msgstr "sudo apt-get install virt-viewer"
3394
3416
3395
#: serverguide/C/virtualization.xml:397(para)
3417
#: serverguide/C/virtualization.xml:349(para)
3396
3418
msgid ""
3397
3419
"Once a virtual machine is installed and running you can connect to the "
3398
3420
"virtual machine's console by using:"
3399
3421
msgstr "当虚拟机安装并运行后,你可以通过如下命令连接到虚拟机的控制台:"
3400
3422
3401
#: serverguide/C/virtualization.xml:401(command)
3423
#: serverguide/C/virtualization.xml:353(command)
3402
3424
msgid "virt-viewer -c qemu:///system web_devel"
3403
3425
msgstr "virt-viewer -c qemu:///system web_devel"
3404
3426
3405
#: serverguide/C/virtualization.xml:404(para)
3427
#: serverguide/C/virtualization.xml:355(para)
3406
3428
msgid ""
3407
3429
"Similar to <application>virt-manager</application>, <application>virt-"
3408
3430
"viewer</application> can connect to a remote host using "
3411
3433
"和<application>virt-manager</application>相似,<application>virt-"
3412
3434
"viewer</application>也可以通过键授权的<emphasis>SSH</emphasis>连接到远方主机:"
3413
3435
3414
#: serverguide/C/virtualization.xml:409(command)
3436
#: serverguide/C/virtualization.xml:360(command)
3415
3437
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3416
3438
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3417
3439
3418
#: serverguide/C/virtualization.xml:412(para)
3440
#: serverguide/C/virtualization.xml:362(para)
3419
3441
msgid ""
3420
3442
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3421
3443
"appropriate virtual machine name."
3427
3449
"can also setup <application>SSH</application> access to the virtual machine."
3428
3450
msgstr ""
3429
3451
3430
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:667(title) serverguide/C/virtualization.xml:738(title) serverguide/C/virtualization.xml:1792(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2112(title) serverguide/C/network-auth.xml:2646(title) serverguide/C/network-auth.xml:3362(title) serverguide/C/network-auth.xml:3915(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1160(title) serverguide/C/installation.xml:1365(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:864(title)
3452
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3431
3453
msgid "Resources"
3432
3454
msgstr "资源"
3433
3455
3437
3459
"more details."
3438
3460
msgstr ""
3439
3461
3440
#: serverguide/C/virtualization.xml:430(para)
3462
#: serverguide/C/virtualization.xml:379(para)
3441
3463
msgid ""
3442
3464
"For more information on <application>libvirt</application> see the <ulink "
3443
3465
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3445
3467
"关于<application>libvirt</application>的更多信息请参见<ulink "
3446
3468
"url=\"http://libvirt.org/\">libvirt 主页</ulink>。"
3447
3469
3448
#: serverguide/C/virtualization.xml:436(para)
3470
#: serverguide/C/virtualization.xml:384(para)
3449
3471
msgid ""
3450
3472
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3451
3473
"Manager</ulink> site has more information on <application>virt-"
3455
3477
"manager.et.redhat.com/\">虚拟机管理器网站</ulink>有上更多关于<application>virt-"
3456
3478
"manager</application> 开发的信息。"
3457
3479
3458
#: serverguide/C/virtualization.xml:442(para)
3480
#: serverguide/C/virtualization.xml:390(para)
3459
3481
msgid ""
3460
3482
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3461
3483
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3464
3486
"您还可以看看 <emphasis>#ubuntu-virt</emphasis>这个IRC频道 <ulink "
3465
3487
"url=\"http://freenode.net/\">freenode</ulink> 来讨论关于Ubuntu中的虚拟化技术。"
3466
3488
3467
#: serverguide/C/virtualization.xml:448(para)
3489
#: serverguide/C/virtualization.xml:396(para)
3468
3490
msgid ""
3469
3491
"Another good resource is the <ulink "
3470
3492
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3471
3493
msgstr ""
3472
3494
3473
#: serverguide/C/virtualization.xml:454(para)
3495
#: serverguide/C/virtualization.xml:401(para)
3474
3496
msgid ""
3475
3497
"For information on Xen, including using Xen with libvirt, please see the "
3476
3498
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3481
3503
msgid "Cloud images and uvtool"
3482
3504
msgstr ""
3483
3505
3484
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1194(title)
3506
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3485
3507
msgid "Introduction"
3486
3508
msgstr "简介"
3487
3509
3796
3818
3797
3819
#: serverguide/C/virtualization.xml:658(para)
3798
3820
msgid ""
3799
"--run-script-one script_file : Run script_file as root on the VM the first "
3821
"--run-script-once script_file : Run script_file as root on the VM the first "
3800
3822
"time it is booted, but never again."
3801
3823
msgstr ""
3802
3824
3812
3834
"manpage of uvt-kvm"
3813
3835
msgstr ""
3814
3836
3815
#: serverguide/C/virtualization.xml:669(para)
3837
#: serverguide/C/virtualization.xml:1073(para)
3816
3838
msgid ""
3817
3839
"If you are interested in learning more, have questions or suggestions, "
3818
3840
"please contact the Ubuntu Server Team at:"
3819
3841
msgstr "如果您有兴趣了解更多,有问题或建议,请联系 Ubuntu 服务团队:"
3820
3842
3821
#: serverguide/C/virtualization.xml:674(para)
3843
#: serverguide/C/virtualization.xml:1078(para)
3822
3844
msgid "IRC: #ubuntu-server on freenode"
3823
3845
msgstr "IRC: #ubuntu-server on freenode"
3824
3846
3825
#: serverguide/C/virtualization.xml:678(para)
3847
#: serverguide/C/virtualization.xml:1083(para)
3826
3848
msgid ""
3827
3849
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3828
3850
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3830
3852
"邮件列表: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3831
3853
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3832
3854
3833
#: serverguide/C/virtualization.xml:687(title)
3855
#: serverguide/C/virtualization.xml:2121(title)
3834
3856
msgid "Ubuntu Cloud"
3835
3857
msgstr ""
3836
3858
3837
#: serverguide/C/virtualization.xml:689(para)
3859
#: serverguide/C/virtualization.xml:2122(para)
3838
3860
msgid ""
3839
3861
"<application>Cloud computing</application> is a computing model that allows "
3840
3862
"vast pools of resources to be allocated on-demand. These resources such as "
3858
3880
"concerning installation and configuration."
3859
3881
msgstr ""
3860
3882
3861
#: serverguide/C/virtualization.xml:711(title)
3883
#: serverguide/C/virtualization.xml:2452(title)
3862
3884
msgid "Support and Troubleshooting"
3863
3885
msgstr ""
3864
3886
3865
#: serverguide/C/virtualization.xml:713(para)
3887
#: serverguide/C/virtualization.xml:2453(para)
3866
3888
msgid "Community Support"
3867
3889
msgstr ""
3868
3890
3869
#: serverguide/C/virtualization.xml:717(ulink)
3891
#: serverguide/C/virtualization.xml:2457(ulink)
3870
3892
msgid "OpenStack Mailing list"
3871
3893
msgstr ""
3872
3894
3873
#: serverguide/C/virtualization.xml:722(ulink)
3895
#: serverguide/C/virtualization.xml:2462(ulink)
3874
3896
msgid "The OpenStack Wiki search"
3875
3897
msgstr ""
3876
3898
3877
#: serverguide/C/virtualization.xml:727(ulink)
3899
#: serverguide/C/virtualization.xml:2468(ulink)
3878
3900
msgid "Launchpad bugs area"
3879
3901
msgstr ""
3880
3902
3881
#: serverguide/C/virtualization.xml:732(para)
3903
#: serverguide/C/virtualization.xml:2472(para)
3882
3904
msgid "Join the IRC channel #openstack on freenode."
3883
3905
msgstr ""
3884
3906
3885
#: serverguide/C/virtualization.xml:743(ulink)
3907
#: serverguide/C/virtualization.xml:2486(ulink)
3886
3908
msgid "Cloud Computing - Service models"
3887
3909
msgstr ""
3888
3910
3889
#: serverguide/C/virtualization.xml:749(ulink)
3911
#: serverguide/C/virtualization.xml:2491(ulink)
3890
3912
msgid "OpenStack Compute"
3891
3913
msgstr ""
3892
3914
3893
#: serverguide/C/virtualization.xml:755(ulink)
3915
#: serverguide/C/virtualization.xml:2496(ulink)
3894
3916
msgid "OpenStack Image Service"
3895
3917
msgstr ""
3896
3918
3897
#: serverguide/C/virtualization.xml:761(ulink)
3919
#: serverguide/C/virtualization.xml:2501(ulink)
3898
3920
msgid "OpenStack Object Storage Administration Guide"
3899
3921
msgstr ""
3900
3922
3901
#: serverguide/C/virtualization.xml:767(ulink)
3923
#: serverguide/C/virtualization.xml:2506(ulink)
3902
3924
msgid "Installing OpenStack Object Storage on Ubuntu"
3903
3925
msgstr ""
3904
3926
3905
#: serverguide/C/virtualization.xml:773(ulink)
3927
#: serverguide/C/virtualization.xml:2511(ulink)
3906
3928
msgid "http://cloudglossary.com/"
3907
3929
msgstr ""
3908
3930
3909
#: serverguide/C/virtualization.xml:783(title)
3931
#: serverguide/C/virtualization.xml:2586(title)
3910
3932
msgid "LXC"
3911
3933
msgstr ""
3912
3934
3915
3937
"Containers are a lightweight virtualization technology. They are more akin "
3916
3938
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3917
3939
"because they do not emulate hardware and because containers share the same "
3918
"operating system as the host. Therefore containers are better compared to "
3919
"Solaris zones or BSD jails. Linux-vserver and OpenVZ are two pre-existing, "
3920
"independently developed implementations of containers-like functionality for "
3921
"Linux. In fact, containers came about as a result of the work to upstream "
3922
"the vserver and OpenVZ functionality."
3940
"operating system as the host. Containers are similar to Solaris zones or BSD "
3941
"jails. Linux-vserver and OpenVZ are two pre-existing, independently "
3942
"developed implementations of containers-like functionality for Linux. In "
3943
"fact, containers came about as a result of the work to upstream the vserver "
3944
"and OpenVZ functionality."
3923
3945
msgstr ""
3924
3946
3925
#: serverguide/C/virtualization.xml:795(para)
3947
#: serverguide/C/virtualization.xml:2602(para)
3926
3948
msgid ""
3927
3949
"There are two user-space implementations of containers, each exploiting the "
3928
3950
"same kernel features. Libvirt allows the use of containers through the LXC "
3940
3962
"Apparmor protection for libvirt-lxc containers."
3941
3963
msgstr ""
3942
3964
3943
#: serverguide/C/virtualization.xml:809(para)
3965
#: serverguide/C/virtualization.xml:2618(para)
3944
3966
msgid "In this document, a container name will be shown as CN, C1, or C2."
3945
3967
msgstr ""
3946
3968
3947
#: serverguide/C/virtualization.xml:815(para)
3969
#: serverguide/C/virtualization.xml:2624(para)
3948
3970
msgid "The <application>lxc</application> package can be installed using"
3949
3971
msgstr ""
3950
3972
3951
#: serverguide/C/virtualization.xml:819(command)
3973
#: serverguide/C/virtualization.xml:2629(command)
3952
3974
msgid "sudo apt-get install lxc"
3953
3975
msgstr ""
3954
3976
4189
4211
"commands using the \"-P|--lxcpath\" argument."
4190
4212
msgstr ""
4191
4213
4192
#: serverguide/C/virtualization.xml:1042(title) serverguide/C/network-config.xml:11(title)
4214
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
4193
4215
msgid "Networking"
4194
4216
msgstr "联网"
4195
4217
4299
4321
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4300
4322
msgstr ""
4301
4323
4302
#: serverguide/C/virtualization.xml:1142(title)
4324
#: serverguide/C/virtualization.xml:3232(title)
4303
4325
msgid "Backing Stores"
4304
4326
msgstr ""
4305
4327
4426
4448
"lxc.container.conf for more information."
4427
4449
msgstr ""
4428
4450
4429
#: serverguide/C/virtualization.xml:1256(title)
4451
#: serverguide/C/virtualization.xml:2859(title)
4430
4452
msgid "Apparmor"
4431
4453
msgstr ""
4432
4454
4438
4460
"trigger</filename> or to most <filename>/sys</filename> files."
4439
4461
msgstr ""
4440
4462
4441
#: serverguide/C/virtualization.xml:1264(para)
4463
#: serverguide/C/virtualization.xml:2867(para)
4442
4464
msgid ""
4443
4465
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4444
4466
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4458
4480
"to enter the MySQL profile (to protect the container)."
4459
4481
msgstr ""
4460
4482
4461
#: serverguide/C/virtualization.xml:1280(para)
4483
#: serverguide/C/virtualization.xml:2926(para)
4462
4484
msgid ""
4463
4485
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4464
4486
"container it spawns will be confined."
4468
4490
msgid "Customizing container policies"
4469
4491
msgstr ""
4470
4492
4471
#: serverguide/C/virtualization.xml:1284(para)
4493
#: serverguide/C/virtualization.xml:2879(para)
4472
4494
msgid ""
4473
4495
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4474
4496
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4475
4497
"start profile by doing:"
4476
4498
msgstr ""
4477
4499
4478
#: serverguide/C/virtualization.xml:1288(screen)
4500
#: serverguide/C/virtualization.xml:2885(screen)
4479
4501
#, no-wrap
4480
4502
msgid ""
4481
4503
"\n"
4483
4505
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4484
4506
msgstr ""
4485
4507
4486
#: serverguide/C/virtualization.xml:1293(para)
4508
#: serverguide/C/virtualization.xml:2890(para)
4487
4509
msgid ""
4488
4510
"This will make <command>lxc-start</command> run unconfined, but continue to "
4489
4511
"confine the container itself. If you also wish to disable confinement of the "
4491
4513
"start</filename> profile, you must add:"
4492
4514
msgstr ""
4493
4515
4494
#: serverguide/C/virtualization.xml:1298(screen)
4516
#: serverguide/C/virtualization.xml:2897(screen)
4495
4517
#, no-wrap
4496
4518
msgid ""
4497
4519
"\n"
4550
4572
msgid "After creating the policy, load it using:"
4551
4573
msgstr ""
4552
4574
4553
#: serverguide/C/virtualization.xml:1348(screen)
4575
#: serverguide/C/virtualization.xml:2910(screen)
4554
4576
#, no-wrap
4555
4577
msgid ""
4556
4578
"\n"
4557
4579
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4558
4580
msgstr ""
4559
4581
4560
#: serverguide/C/virtualization.xml:1352(para)
4582
#: serverguide/C/virtualization.xml:2914(para)
4561
4583
msgid ""
4562
4584
"The profile will automatically be loaded after a reboot, because it is "
4563
4585
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4566
4588
"configuration file:"
4567
4589
msgstr ""
4568
4590
4569
#: serverguide/C/virtualization.xml:1359(screen)
4591
#: serverguide/C/virtualization.xml:2922(screen)
4570
4592
#, no-wrap
4571
4593
msgid ""
4572
4594
"\n"
4573
4595
"lxc.aa_profile = lxc-CN-profile\n"
4574
4596
msgstr ""
4575
4597
4576
#: serverguide/C/virtualization.xml:1367(title) serverguide/C/cgroups.xml:11(title)
4598
#: serverguide/C/virtualization.xml:2934(title)
4577
4599
msgid "Control Groups"
4578
4600
msgstr ""
4579
4601
4624
4646
"requests for which they are not authorized."
4625
4647
msgstr ""
4626
4648
4627
#: serverguide/C/virtualization.xml:1414(title)
4649
#: serverguide/C/virtualization.xml:3262(title)
4628
4650
msgid "Cloning"
4629
4651
msgstr ""
4630
4652
4667
4689
msgid "Given an existing container called C1, a copy can be created using:"
4668
4690
msgstr ""
4669
4691
4670
#: serverguide/C/virtualization.xml:1450(command)
4692
#: serverguide/C/virtualization.xml:3274(command)
4671
4693
msgid "sudo lxc-clone -o C1 -n C2"
4672
4694
msgstr ""
4673
4695
4675
4697
msgid "A snapshot can be created using"
4676
4698
msgstr ""
4677
4699
4678
#: serverguide/C/virtualization.xml:1457(command)
4700
#: serverguide/C/virtualization.xml:3288(command)
4679
4701
msgid "sudo lxc-clone -s -o C1 -n C2"
4680
4702
msgstr ""
4681
4703
4801
4823
"lxc package to serve as an example of how to write and use such hooks."
4802
4824
msgstr ""
4803
4825
4804
#: serverguide/C/virtualization.xml:1579(title)
4826
#: serverguide/C/virtualization.xml:3452(title)
4805
4827
msgid "Consoles"
4806
4828
msgstr ""
4807
4829
4819
4841
"3 from the host, use"
4820
4842
msgstr ""
4821
4843
4822
#: serverguide/C/virtualization.xml:1594(command)
4844
#: serverguide/C/virtualization.xml:3467(command)
4823
4845
msgid "sudo lxc-console -n container -t 3"
4824
4846
msgstr ""
4825
4847
4826
#: serverguide/C/virtualization.xml:1599(para)
4848
#: serverguide/C/virtualization.xml:3472(para)
4827
4849
msgid ""
4828
4850
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4829
4851
"console will be automatically chosen. To exit the console, use the escape "
4832
4854
"d</emphasis> option."
4833
4855
msgstr ""
4834
4856
4835
#: serverguide/C/virtualization.xml:1605(para)
4857
#: serverguide/C/virtualization.xml:3480(para)
4836
4858
msgid ""
4837
4859
"Each container console is actually a Unix98 pty in the host's (not the "
4838
4860
"guest's) pty mount, bind-mounted over the guest's "
4845
4867
"<filename>/dev</filename>."
4846
4868
msgstr ""
4847
4869
4848
#: serverguide/C/virtualization.xml:1617(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1702(title) serverguide/C/dns.xml:375(title)
4870
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4849
4871
msgid "Troubleshooting"
4850
4872
msgstr "疑难解答"
4851
4873
4852
#: serverguide/C/virtualization.xml:1619(title) serverguide/C/network-auth.xml:765(title) serverguide/C/dns.xml:517(title)
4874
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4853
4875
msgid "Logging"
4854
4876
msgstr ""
4855
4877
4866
4888
"new log information will be appended."
4867
4889
msgstr ""
4868
4890
4869
#: serverguide/C/virtualization.xml:1635(title)
4891
#: serverguide/C/virtualization.xml:3414(title)
4870
4892
msgid "Monitoring container status"
4871
4893
msgstr ""
4872
4894
4873
#: serverguide/C/virtualization.xml:1637(para)
4895
#: serverguide/C/virtualization.xml:3416(para)
4874
4896
msgid ""
4875
4897
"Two commands are available to monitor container state changes. <command>lxc-"
4876
4898
"monitor</command> monitors one or more containers for any state changes. It "
4882
4904
"instance,"
4883
4905
msgstr ""
4884
4906
4885
#: serverguide/C/virtualization.xml:1647(command)
4907
#: serverguide/C/virtualization.xml:3429(command)
4886
4908
msgid "sudo lxc-monitor -n cont[0-5]*"
4887
4909
msgstr ""
4888
4910
4889
#: serverguide/C/virtualization.xml:1652(para)
4911
#: serverguide/C/virtualization.xml:3434(para)
4890
4912
msgid ""
4891
4913
"would print all state changes to any containers matching the listed regular "
4892
4914
"expression, whereas"
4893
4915
msgstr ""
4894
4916
4895
#: serverguide/C/virtualization.xml:1656(command)
4917
#: serverguide/C/virtualization.xml:3440(command)
4896
4918
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4897
4919
msgstr ""
4898
4920
4899
#: serverguide/C/virtualization.xml:1661(para)
4921
#: serverguide/C/virtualization.xml:3445(para)
4900
4922
msgid ""
4901
4923
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4902
4924
"then exit."
4982
5004
"True\n"
4983
5005
msgstr ""
4984
5006
4985
#: serverguide/C/virtualization.xml:1740(title) serverguide/C/security.xml:11(title)
5007
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4986
5008
msgid "Security"
4987
5009
msgstr "安全性"
4988
5010
4989
#: serverguide/C/virtualization.xml:1742(para)
5011
#: serverguide/C/virtualization.xml:4351(para)
4990
5012
msgid ""
4991
5013
"A namespace maps ids to resources. By not providing a container any id with "
4992
5014
"which to reference a resource, the resource can be protected. This is the "
5008
5030
"host."
5009
5031
msgstr ""
5010
5032
5011
#: serverguide/C/virtualization.xml:1762(title)
5033
#: serverguide/C/virtualization.xml:4375(title)
5012
5034
msgid "Exploitable system calls"
5013
5035
msgstr ""
5014
5036
5044
5066
"loaded."
5045
5067
msgstr ""
5046
5068
5047
#: serverguide/C/virtualization.xml:1796(para)
5069
#: serverguide/C/virtualization.xml:4392(para)
5048
5070
msgid ""
5049
5071
"The DeveloperWorks article <ulink "
5050
5072
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
5052
5074
"to the use of containers."
5053
5075
msgstr ""
5054
5076
5055
#: serverguide/C/virtualization.xml:1803(para)
5077
#: serverguide/C/virtualization.xml:4398(para)
5056
5078
msgid ""
5057
5079
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
5058
5080
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
5063
5085
msgid "Manual pages referenced above can be found at:"
5064
5086
msgstr ""
5065
5087
5066
#: serverguide/C/virtualization.xml:1812(ulink)
5088
#: serverguide/C/virtualization.xml:4407(ulink)
5067
5089
msgid "capabilities"
5068
5090
msgstr ""
5069
5091
5070
#: serverguide/C/virtualization.xml:1813(ulink)
5092
#: serverguide/C/virtualization.xml:4408(ulink)
5071
5093
msgid "lxc.conf"
5072
5094
msgstr ""
5073
5095
5077
5099
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
5078
5100
msgstr ""
5079
5101
5080
#: serverguide/C/virtualization.xml:1823(para)
5102
#: serverguide/C/virtualization.xml:4420(para)
5081
5103
msgid ""
5082
5104
"LXC security issues are listed and discussed at <ulink "
5083
5105
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
5213
5235
msgstr ""
5214
5236
5215
5237
#: serverguide/C/vcs.xml:92(command)
5216
msgid "sudo apt-get install git-core"
5238
msgid "sudo apt-get install git"
5217
5239
msgstr ""
5218
5240
5219
5241
#: serverguide/C/vcs.xml:97(para)
5326
5348
#: serverguide/C/vcs.xml:151(para)
5327
5349
msgid ""
5328
5350
"Now we want to let gitolite know about the repository administrator's public "
5329
"SSH key. This assumes that the current user is the repository administrator."
5351
"SSH key. This assumes that the current user is the repository administrator. "
5352
"If you have not yet configured an SSH key, refer to <xref linkend=\"openssh-"
5353
"keys\"/>"
5330
5354
msgstr ""
5331
5355
5332
#: serverguide/C/vcs.xml:155(command)
5356
#: serverguide/C/vcs.xml:156(command)
5333
5357
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5334
5358
msgstr ""
5335
5359
5336
#: serverguide/C/vcs.xml:157(para)
5360
#: serverguide/C/vcs.xml:158(para)
5337
5361
msgid ""
5338
5362
"Let's switch to the git user and import the administrator's key into "
5339
5363
"gitolite."
5340
5364
msgstr ""
5341
5365
5342
#: serverguide/C/vcs.xml:161(command)
5366
#: serverguide/C/vcs.xml:162(command)
5343
5367
msgid "sudo su - git"
5344
5368
msgstr ""
5345
5369
5346
#: serverguide/C/vcs.xml:162(command)
5370
#: serverguide/C/vcs.xml:163(command)
5347
5371
msgid "gl-setup /tmp/*.pub"
5348
5372
msgstr ""
5349
5373
5350
#: serverguide/C/vcs.xml:164(para)
5374
#: serverguide/C/vcs.xml:165(para)
5351
5375
msgid ""
5352
5376
"Gitolite will allow you to make initial changes to its configuration file "
5353
5377
"during the setup process. You can now clone and modify the gitolite "
5356
5380
"configuration repository:"
5357
5381
msgstr ""
5358
5382
5359
#: serverguide/C/vcs.xml:168(command)
5383
#: serverguide/C/vcs.xml:169(command)
5360
5384
msgid "exit"
5361
5385
msgstr ""
5362
5386
5363
#: serverguide/C/vcs.xml:169(command)
5387
#: serverguide/C/vcs.xml:170(command)
5364
5388
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5365
5389
msgstr ""
5366
5390
5367
#: serverguide/C/vcs.xml:170(command)
5391
#: serverguide/C/vcs.xml:171(command)
5368
5392
msgid "cd gitolite-admin"
5369
5393
msgstr ""
5370
5394
5371
#: serverguide/C/vcs.xml:172(para)
5395
#: serverguide/C/vcs.xml:173(para)
5372
5396
msgid ""
5373
5397
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5374
5398
"configuration files are in the conf dir, and the keydir directory contains "
5375
5399
"the list of user's public SSH keys."
5376
5400
msgstr ""
5377
5401
5378
#: serverguide/C/vcs.xml:175(title)
5402
#: serverguide/C/vcs.xml:176(title)
5379
5403
msgid "Managing gitolite users and repositories"
5380
5404
msgstr ""
5381
5405
5382
#: serverguide/C/vcs.xml:176(para)
5406
#: serverguide/C/vcs.xml:177(para)
5383
5407
msgid ""
5384
5408
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5385
5409
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5390
5414
"server with"
5391
5415
msgstr ""
5392
5416
5393
#: serverguide/C/vcs.xml:178(command)
5417
#: serverguide/C/vcs.xml:179(command)
5394
5418
msgid "git commit -a"
5395
5419
msgstr ""
5396
5420
5397
#: serverguide/C/vcs.xml:179(command)
5421
#: serverguide/C/vcs.xml:180(command)
5398
5422
msgid "git push origin master"
5399
5423
msgstr ""
5400
5424
5401
#: serverguide/C/vcs.xml:181(para)
5425
#: serverguide/C/vcs.xml:182(para)
5402
5426
msgid ""
5403
5427
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5404
5428
"is space separated, and simply specifies the list of repositories followed "
5405
5429
"by some access rules. The following is a default example"
5406
5430
msgstr ""
5407
5431
5408
#: serverguide/C/vcs.xml:182(programlisting)
5432
#: serverguide/C/vcs.xml:183(programlisting)
5409
5433
#, no-wrap
5410
5434
msgid ""
5411
5435
"\n"
5419
5443
" R = denise\n"
5420
5444
msgstr ""
5421
5445
5422
#: serverguide/C/vcs.xml:194(title)
5446
#: serverguide/C/vcs.xml:195(title)
5423
5447
msgid "Using your server"
5424
5448
msgstr ""
5425
5449
5426
#: serverguide/C/vcs.xml:195(para)
5450
#: serverguide/C/vcs.xml:196(para)
5427
5451
msgid ""
5428
5452
"To use the newly created server, users have to have the gitolite admin "
5429
5453
"import their public key into the gitolite configuration repository, they can "
5430
5454
"then access any project they have access to with the following command:"
5431
5455
msgstr ""
5432
5456
5433
#: serverguide/C/vcs.xml:197(command)
5457
#: serverguide/C/vcs.xml:198(command)
5434
5458
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5435
5459
msgstr ""
5436
5460
5437
#: serverguide/C/vcs.xml:199(para)
5461
#: serverguide/C/vcs.xml:200(para)
5438
5462
msgid ""
5439
5463
"Or add the server's project as a remote for an existing git repository:"
5440
5464
msgstr ""
5441
5465
5442
#: serverguide/C/vcs.xml:201(command)
5466
#: serverguide/C/vcs.xml:202(command)
5443
5467
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5444
5468
msgstr ""
5445
5469
5446
#: serverguide/C/vcs.xml:206(title)
5470
#: serverguide/C/vcs.xml:79(title)
5447
5471
msgid "Subversion"
5448
5472
msgstr "Subversion"
5449
5473
5450
#: serverguide/C/vcs.xml:207(para)
5474
#: serverguide/C/vcs.xml:80(para)
5451
5475
msgid ""
5452
5476
"Subversion is an open source version control system. Using Subversion, you "
5453
5477
"can record the history of source files and documents. It manages files and "
5459
5483
"Subversion,您可以记录源文件和文档的历史。它管理文件和目录。文件树被放入了中心库中。库更象是一个普通的文件服务器,除了它可以记住对文件和目录的每"
5460
5484
"次改变。"
5461
5485
5462
#: serverguide/C/vcs.xml:212(para)
5486
#: serverguide/C/vcs.xml:85(para)
5463
5487
msgid ""
5464
5488
"To access Subversion repository using the HTTP protocol, you must install "
5465
5489
"and configure a web server. Apache2 is proven to work with Subversion. "
5473
5497
"一起工作。请参考 Apache2 章节的 HTTP 小节以安装和配置 Apache2。要使用 HTTPS 协议访问 Subversion "
5474
5498
"库,您必须在您的 Apache2 web 服务器上安装和配置数字证书。请参考 Apache2 章节的 HTTPS 小节以安装和配置数据证书。"
5475
5499
5476
#: serverguide/C/vcs.xml:221(para)
5500
#: serverguide/C/vcs.xml:94(para)
5477
5501
msgid ""
5478
5502
"To install Subversion, run the following command from a terminal prompt:"
5479
5503
msgstr "要安装 Subversion,可以在终端提示符后运行以下命令:"
5480
5504
5481
#: serverguide/C/vcs.xml:226(command)
5505
#: serverguide/C/vcs.xml:227(command)
5482
5506
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5483
5507
msgstr ""
5484
5508
5485
#: serverguide/C/vcs.xml:232(title)
5509
#: serverguide/C/vcs.xml:105(title)
5486
5510
msgid "Server Configuration"
5487
5511
msgstr "服务器配置"
5488
5512
5489
#: serverguide/C/vcs.xml:233(para)
5513
#: serverguide/C/vcs.xml:106(para)
5490
5514
msgid ""
5491
5515
"This step assumes you have installed above mentioned packages on your "
5492
5516
"system. This section explains how to create a Subversion repository and "
5493
5517
"access the project."
5494
5518
msgstr "这一步假定您已经在您的系统上安装了上面提及的包。本部分内容说明如何创建一个 Subversion 库和访问项目。"
5495
5519
5496
#: serverguide/C/vcs.xml:236(title)
5520
#: serverguide/C/vcs.xml:109(title)
5497
5521
msgid "Create Subversion Repository"
5498
5522
msgstr "创建 Subversion 库"
5499
5523
5500
#: serverguide/C/vcs.xml:237(para)
5524
#: serverguide/C/vcs.xml:110(para)
5501
5525
msgid ""
5502
5526
"The Subversion repository can be created using the following command from a "
5503
5527
"terminal prompt:"
5504
5528
msgstr "Subversion 库可以在终端提示符后使用以下命令创建:"
5505
5529
5506
#: serverguide/C/vcs.xml:241(command)
5530
#: serverguide/C/vcs.xml:114(command)
5507
5531
msgid "svnadmin create /path/to/repos/project"
5508
5532
msgstr "svnadmin create /path/to/repos/project"
5509
5533
5510
#: serverguide/C/vcs.xml:246(title)
5534
#: serverguide/C/vcs.xml:119(title)
5511
5535
msgid "Importing Files"
5512
5536
msgstr "导入文件"
5513
5537
5514
#: serverguide/C/vcs.xml:247(para)
5538
#: serverguide/C/vcs.xml:120(para)
5515
5539
msgid ""
5516
5540
"Once you create the repository you can <emphasis>import</emphasis> files "
5517
5541
"into the repository. To import a directory, enter the following from a "
5525
5549
"file:///path/to/repos/project</command>\n"
5526
5550
"</screen>"
5527
5551
5528
#: serverguide/C/vcs.xml:259(title) serverguide/C/vcs.xml:264(title)
5552
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5529
5553
msgid "Access Methods"
5530
5554
msgstr "访问方式"
5531
5555
5532
#: serverguide/C/vcs.xml:260(para)
5556
#: serverguide/C/vcs.xml:133(para)
5533
5557
msgid ""
5534
5558
"Subversion repositories can be accessed (checked out) through many different "
5535
5559
"methods --on local disk, or through various network protocols. A repository "
5538
5562
msgstr ""
5539
5563
"版本库可以通过很多方式来存取(签出)--在本地磁盘,或者通过各种各样的网络协议。然而一个库的位置始终是个URL。表里描述了不同存取方法下的不同URL样子。"
5540
5564
5541
#: serverguide/C/vcs.xml:271(para)
5565
#: serverguide/C/vcs.xml:144(para)
5542
5566
msgid "Schema"
5543
5567
msgstr "模式"
5544
5568
5545
#: serverguide/C/vcs.xml:272(para)
5569
#: serverguide/C/vcs.xml:145(para)
5546
5570
msgid "Access Method"
5547
5571
msgstr "访问方式"
5548
5572
5549
#: serverguide/C/vcs.xml:277(para)
5573
#: serverguide/C/vcs.xml:150(para)
5550
5574
msgid "file://"
5551
5575
msgstr "file://"
5552
5576
5553
#: serverguide/C/vcs.xml:278(para)
5577
#: serverguide/C/vcs.xml:151(para)
5554
5578
msgid "direct repository access (on local disk)"
5555
5579
msgstr "直接访问库 (在本地磁盘)"
5556
5580
5557
#: serverguide/C/vcs.xml:281(para)
5581
#: serverguide/C/vcs.xml:154(para)
5558
5582
msgid "http://"
5559
5583
msgstr "http://"
5560
5584
5561
#: serverguide/C/vcs.xml:282(para)
5585
#: serverguide/C/vcs.xml:155(para)
5562
5586
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5563
5587
msgstr "通过 WebDAV 协议访问带有 Subversion 的 Apache2 web 服务器。"
5564
5588
5565
#: serverguide/C/vcs.xml:285(para)
5589
#: serverguide/C/vcs.xml:158(para)
5566
5590
msgid "https://"
5567
5591
msgstr "https://"
5568
5592
5569
#: serverguide/C/vcs.xml:286(para)
5593
#: serverguide/C/vcs.xml:159(para)
5570
5594
msgid "Same as http://, but with SSL encryption"
5571
5595
msgstr "与 http:// 相同,但有 SSL 加密"
5572
5596
5573
#: serverguide/C/vcs.xml:289(para)
5597
#: serverguide/C/vcs.xml:162(para)
5574
5598
msgid "svn://"
5575
5599
msgstr "svn://"
5576
5600
5577
#: serverguide/C/vcs.xml:290(para)
5601
#: serverguide/C/vcs.xml:163(para)
5578
5602
msgid "Access via custom protocol to an svnserve server"
5579
5603
msgstr "通过自身协议访问 svnserve 服务"
5580
5604
5581
#: serverguide/C/vcs.xml:293(para)
5605
#: serverguide/C/vcs.xml:166(para)
5582
5606
msgid "svn+ssh://"
5583
5607
msgstr "svn+ssh://"
5584
5608
5585
#: serverguide/C/vcs.xml:294(para)
5609
#: serverguide/C/vcs.xml:167(para)
5586
5610
msgid "Same as svn://, but through an SSH tunnel"
5587
5611
msgstr "与 svn:// 一样,但使用 SSH 遂道"
5588
5612
5589
#: serverguide/C/vcs.xml:300(para)
5613
#: serverguide/C/vcs.xml:173(para)
5590
5614
msgid ""
5591
5615
"In this section, we will see how to configure Subversion for all these "
5592
5616
"access methods. Here, we cover the basics. For more advanced usage details, "
5595
5619
"在本部分,我们将看到如何为所有这些访问方式来配置 Subversion。这里,我们只介绍基本用法。更多详细、高级用法请参阅<ulink "
5596
5620
"url=\"http://svnbook.red-bean.com/\">svn 书</ulink>"
5597
5621
5598
#: serverguide/C/vcs.xml:307(title)
5622
#: serverguide/C/vcs.xml:180(title)
5599
5623
msgid "Direct repository access (file://)"
5600
5624
msgstr "直接访问库 (file://)"
5601
5625
5602
#: serverguide/C/vcs.xml:308(para)
5626
#: serverguide/C/vcs.xml:181(para)
5603
5627
msgid ""
5604
5628
"This is the simplest of all access methods. It does not require any "
5605
5629
"Subversion server process to be running. This access method is used to "
5609
5633
"这是所有访问方式中最简单的。它不要求运行任何 Subversion 服务器进程。该访问方式用于在同一台机器上访问 "
5610
5634
"Subversion。在终端提示符后输入的命令如下所示:"
5611
5635
5612
#: serverguide/C/vcs.xml:315(command)
5636
#: serverguide/C/vcs.xml:188(command)
5613
5637
msgid "svn co file:///path/to/repos/project"
5614
5638
msgstr "svn co file:///path/to/repos/project"
5615
5639
5616
#: serverguide/C/vcs.xml:318(para)
5640
#: serverguide/C/vcs.xml:191(para)
5617
5641
msgid "or"
5618
5642
msgstr "或"
5619
5643
5620
#: serverguide/C/vcs.xml:321(command)
5644
#: serverguide/C/vcs.xml:194(command)
5621
5645
msgid "svn co file://localhost/path/to/repos/project"
5622
5646
msgstr "svn co file://localhost/path/to/repos/project"
5623
5647
5624
#: serverguide/C/vcs.xml:325(para)
5648
#: serverguide/C/vcs.xml:198(para)
5625
5649
msgid ""
5626
5650
"If you do not specify the hostname, there are three forward slashes (///) -- "
5627
5651
"two for the protocol (file, in this case) plus the leading slash in the "
5630
5654
"如果您没有指定主机名,则需要三个斜杠 (///) -- 其中两个是协议的 (这里是 "
5631
5655
"file),另一个是路径前的。如果您指定了主机名,那么您必须使用双个斜杠 (//)。"
5632
5656
5633
#: serverguide/C/vcs.xml:327(para)
5657
#: serverguide/C/vcs.xml:200(para)
5634
5658
msgid ""
5635
5659
"The repository permissions depend on filesystem permissions. If the user has "
5636
5660
"read/write permission, he can checkout from and commit to the repository."
5637
5661
msgstr "库权限依赖于文件系统的权限。如果用户有读/写权限,他可以从库中检出或者提交到库。"
5638
5662
5639
#: serverguide/C/vcs.xml:330(title)
5663
#: serverguide/C/vcs.xml:203(title)
5640
5664
msgid "Access via WebDAV protocol (http://)"
5641
5665
msgstr "通过 WebDAV 协议 (http://) 访问"
5642
5666
5643
#: serverguide/C/vcs.xml:331(para)
5667
#: serverguide/C/vcs.xml:332(para)
5644
5668
msgid ""
5645
5669
"To access the Subversion repository via WebDAV protocol, you must configure "
5646
5670
"your Apache 2 web server. Add the following snippet between the "
5650
5674
"another VirtualHost file:"
5651
5675
msgstr ""
5652
5676
5653
#: serverguide/C/vcs.xml:337(programlisting)
5677
#: serverguide/C/vcs.xml:338(programlisting)
5654
5678
#, no-wrap
5655
5679
msgid ""
5656
5680
"\n"
5664
5688
" </Location> \n"
5665
5689
msgstr ""
5666
5690
5667
#: serverguide/C/vcs.xml:348(para)
5691
#: serverguide/C/vcs.xml:349(para)
5668
5692
msgid ""
5669
5693
"The above configuration snippet assumes that Subversion repositories are "
5670
5694
"created under <filename>/path/to/repos</filename> directory using "
5673
5697
"<command>http://hostname/svn/repos_name</command> url."
5674
5698
msgstr ""
5675
5699
5676
#: serverguide/C/vcs.xml:354(para)
5700
#: serverguide/C/vcs.xml:355(para)
5677
5701
msgid ""
5678
5702
"Changing the apache configuration like the above requires to reload the "
5679
5703
"service with the following command"
5680
5704
msgstr ""
5681
5705
5682
#: serverguide/C/vcs.xml:359(command)
5706
#: serverguide/C/vcs.xml:360(command)
5683
5707
msgid "sudo service apache2 reload"
5684
5708
msgstr ""
5685
5709
5686
#: serverguide/C/vcs.xml:361(para)
5710
#: serverguide/C/vcs.xml:362(para)
5687
5711
msgid ""
5688
5712
"To import or commit files to your Subversion repository over HTTP, the "
5689
5713
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5691
5715
"repository files enter the following command from terminal prompt:"
5692
5716
msgstr ""
5693
5717
5694
#: serverguide/C/vcs.xml:370(command)
5718
#: serverguide/C/vcs.xml:236(command)
5695
5719
msgid "sudo chown -R www-data:www-data /path/to/repos"
5696
5720
msgstr "sudo chown -R www-data:www-data /path/to/repos"
5697
5721
5698
#: serverguide/C/vcs.xml:373(para)
5722
#: serverguide/C/vcs.xml:239(para)
5699
5723
msgid ""
5700
5724
"By changing the ownership of repository as <command>www-data</command> you "
5701
5725
"will not be able to import or commit files into the repository by running "
5705
5729
"将版本库的所有者修改为<command>www-data</command>后,你不能用除<command>www-"
5706
5730
"data</command>以外的用户运行<command>svn import file:///</command>命令来导出或提交文件。"
5707
5731
5708
#: serverguide/C/vcs.xml:382(para)
5732
#: serverguide/C/vcs.xml:248(para)
5709
5733
msgid ""
5710
5734
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5711
5735
"that will contain user authentication details. To create a file issue the "
5715
5739
"然后, 你必须创建文件<filename>/etc/subversion/passwd</filename>来存放用户验证的详细信息. "
5716
5740
"在命令提示符后面输入下面的命令:"
5717
5741
5718
#: serverguide/C/vcs.xml:388(command)
5742
#: serverguide/C/vcs.xml:254(command)
5719
5743
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5720
5744
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
5721
5745
5722
#: serverguide/C/vcs.xml:391(para)
5746
#: serverguide/C/vcs.xml:257(para)
5723
5747
msgid ""
5724
5748
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5725
5749
"option replaces the old file. Instead use this form:"
5726
5750
msgstr ""
5727
5751
"添加附加的用户时请省略<emphasis>\"-c\"</emphasis>选项,因为这个选项将用来替换旧的文件。应该使用这个形式来代替:"
5728
5752
5729
#: serverguide/C/vcs.xml:396(command)
5753
#: serverguide/C/vcs.xml:262(command)
5730
5754
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5731
5755
msgstr ""
5732
5756
5733
#: serverguide/C/vcs.xml:400(para)
5757
#: serverguide/C/vcs.xml:266(para)
5734
5758
msgid ""
5735
5759
"This command will prompt you to enter the password. Once you enter the "
5736
5760
"password, the user is added. Now, to access the repository you can run the "
5737
5761
"following command:"
5738
5762
msgstr "该命令将提示您输入密码。一旦您输入密码。该用户将被添加。现在您可以运行下列命令来访问库:"
5739
5763
5740
#: serverguide/C/vcs.xml:401(command)
5764
#: serverguide/C/vcs.xml:267(command)
5741
5765
msgid "svn co http://servername/svn"
5742
5766
msgstr "svn co http://servername/svn"
5743
5767
5744
#: serverguide/C/vcs.xml:403(para)
5768
#: serverguide/C/vcs.xml:269(para)
5745
5769
msgid ""
5746
5770
"The password is transmitted as plain text. If you are worried about password "
5747
5771
"snooping, you are advised to use SSL encryption. For details, please refer "
5748
5772
"next section."
5749
5773
msgstr "该密码是以纯文本传输的。如果您担心密码被截取,建议您使用 SSL 加密。相关细节,请参考下一章节。"
5750
5774
5751
#: serverguide/C/vcs.xml:409(title)
5775
#: serverguide/C/vcs.xml:275(title)
5752
5776
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5753
5777
msgstr "通过带有 SSL 加密的 WebDAV 协议来访问 (https://)"
5754
5778
5755
#: serverguide/C/vcs.xml:410(para)
5779
#: serverguide/C/vcs.xml:411(para)
5756
5780
msgid ""
5757
5781
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5758
5782
"(https://) is similar to http:// except that you must install and configure "
5763
5787
"configuration\"/>."
5764
5788
msgstr ""
5765
5789
5766
#: serverguide/C/vcs.xml:419(para)
5790
#: serverguide/C/vcs.xml:285(para)
5767
5791
msgid ""
5768
5792
"You can install a digital certificate issued by a signing authority. "
5769
5793
"Alternatively, you can install your own self-signed certificate."
5770
5794
msgstr "您可以安装一个权威机构发行的数字证书。当然,您也可以安装一个自定义的证书。"
5771
5795
5772
#: serverguide/C/vcs.xml:424(para)
5796
#: serverguide/C/vcs.xml:290(para)
5773
5797
msgid ""
5774
5798
"This step assumes you have installed and configured a digital certificate in "
5775
5799
"your Apache 2 web server. Now, to access the Subversion repository, please "
5779
5803
"这一步假设您已经在您的 Apache2 web 服务器中安装和配置了数字证书。现在要访问 Subversion "
5780
5804
"库,请参考上一章节!除了所用协议之外访问方式完全相同。您必须使用 https:// 来访问 Subversion 库。"
5781
5805
5782
#: serverguide/C/vcs.xml:434(title)
5806
#: serverguide/C/vcs.xml:300(title)
5783
5807
msgid "Access via custom protocol (svn://)"
5784
5808
msgstr "通过自身协议访问 (svn://)"
5785
5809
5786
#: serverguide/C/vcs.xml:435(para)
5810
#: serverguide/C/vcs.xml:301(para)
5787
5811
msgid ""
5788
5812
"Once the Subversion repository is created, you can configure the access "
5789
5813
"control. You can edit the <filename> "
5795
5819
"/path/to/repos/project/conf/svnserve.conf</filename> "
5796
5820
"文件来配置访问控制了。例如,要设置认证,您可以在配置文件中反注释下列行:"
5797
5821
5798
#: serverguide/C/vcs.xml:442(programlisting)
5822
#: serverguide/C/vcs.xml:308(programlisting)
5799
5823
#, no-wrap
5800
5824
msgid ""
5801
5825
"# [general]\n"
5804
5828
"# [general]\n"
5805
5829
"# password-db = passwd"
5806
5830
5807
#: serverguide/C/vcs.xml:445(para)
5831
#: serverguide/C/vcs.xml:311(para)
5808
5832
msgid ""
5809
5833
"After uncommenting the above lines, you can maintain the user list in the "
5810
5834
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5813
5837
"在反注释上面几行之后,您可以在 passwd 文件中维护用户列表。因此编辑同一目录中的文件 <filename>passwd "
5814
5838
"</filename>并添加新用户。其语法如下:"
5815
5839
5816
#: serverguide/C/vcs.xml:451(programlisting)
5840
#: serverguide/C/vcs.xml:317(programlisting)
5817
5841
#, no-wrap
5818
5842
msgid "username = password"
5819
5843
msgstr "username = password"
5820
5844
5821
#: serverguide/C/vcs.xml:452(para)
5845
#: serverguide/C/vcs.xml:318(para)
5822
5846
msgid "For more details, please refer to the file."
5823
5847
msgstr "更多细节,请参考该文件。"
5824
5848
5825
#: serverguide/C/vcs.xml:456(para)
5849
#: serverguide/C/vcs.xml:322(para)
5826
5850
msgid ""
5827
5851
"Now, to access Subversion via the svn:// custom protocol, either from the "
5828
5852
"same machine or a different machine, you can run svnserver using svnserve "
5830
5854
msgstr ""
5831
5855
"现在要从本机或不同机器通过 svn:// 自身协议来访问 Subversion,您可以使用 svnserve 命令来运行 svnserver。其语法如下:"
5832
5856
5833
#: serverguide/C/vcs.xml:461(programlisting)
5857
#: serverguide/C/vcs.xml:327(programlisting)
5834
5858
#, no-wrap
5835
5859
msgid ""
5836
5860
"$ svnserve -d --foreground -r /path/to/repos\n"
5849
5873
"For more usage details, please refer to:\n"
5850
5874
"$ svnserve --help"
5851
5875
5852
#: serverguide/C/vcs.xml:469(para)
5876
#: serverguide/C/vcs.xml:335(para)
5853
5877
msgid ""
5854
5878
"Once you run this command, Subversion starts listening on default port "
5855
5879
"(3690). To access the project repository, you must run the following command "
5856
5880
"from a terminal prompt:"
5857
5881
msgstr "一旦您运行该命令,将启动 Subversion 并在缺省端口 (3690) 监听。要访问项目库,您必须在终端提示符后运行下列命令:"
5858
5882
5859
#: serverguide/C/vcs.xml:472(command)
5883
#: serverguide/C/vcs.xml:338(command)
5860
5884
msgid "svn co svn://hostname/project project --username user_name"
5861
5885
msgstr "svn co svn://hostname/project project --username user_name"
5862
5886
5863
#: serverguide/C/vcs.xml:475(para)
5887
#: serverguide/C/vcs.xml:341(para)
5864
5888
msgid ""
5865
5889
"Based on server configuration, it prompts for password. Once you are "
5866
5890
"authenticated, it checks out the code from Subversion repository. To "
5871
5895
"根据服务器的配置,出现密码提示。一旦您认证通过,将从 Subversion 库检出代码。要让本地副本同步项目库,您可以运行 "
5872
5896
"<command>update</command> 子命令。在终端提示符后的命令语法如下所示:"
5873
5897
5874
#: serverguide/C/vcs.xml:483(command)
5898
#: serverguide/C/vcs.xml:349(command)
5875
5899
msgid "cd project_dir ; svn update"
5876
5900
msgstr "cd project_dir ; svn update"
5877
5901
5878
#: serverguide/C/vcs.xml:486(para)
5902
#: serverguide/C/vcs.xml:352(para)
5879
5903
msgid ""
5880
5904
"For more details about using each Subversion sub-command, you can refer to "
5881
5905
"the manual. For example, to learn more about the co (checkout) command, "
5883
5907
msgstr ""
5884
5908
"关于 Subversion 子命令的更多细节,您可以参考手册。如为了学到关于 co (checkout) 命令的细节,请在终端提示符后运行下列命令:"
5885
5909
5886
#: serverguide/C/vcs.xml:490(command)
5910
#: serverguide/C/vcs.xml:356(command)
5887
5911
msgid "svn co help"
5888
5912
msgstr "svn co help"
5889
5913
5890
#: serverguide/C/vcs.xml:494(title)
5914
#: serverguide/C/vcs.xml:495(title)
5891
5915
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5892
5916
msgstr ""
5893
5917
5894
#: serverguide/C/vcs.xml:495(para)
5918
#: serverguide/C/vcs.xml:361(para)
5895
5919
msgid ""
5896
5920
"The configuration and server process is same as in the svn:// method. For "
5897
5921
"details, please refer to the above section. This step assumes you have "
5901
5925
"配置和服务器处理与用 svn:// 方式是相同的。详情请参考上面的章节。这一步假定您已经完成了上面的步骤并用 "
5902
5926
"<application>svnserve</application> 命令启动了 Subversion 服务器。"
5903
5927
5904
#: serverguide/C/vcs.xml:501(para)
5928
#: serverguide/C/vcs.xml:367(para)
5905
5929
msgid ""
5906
5930
"It is also assumed that the ssh server is running on that machine and that "
5907
5931
"it is allowing incoming connections. To confirm, please try to login to that "
5910
5934
msgstr ""
5911
5935
"它也假定 ssh 服务器已经在该机上运行并允许连接。为了确认,请尝试使用 ssh 登录该机器。如果您可以登录,一切就绪。如果不能登录,请在继续之前解决它。"
5912
5936
5913
#: serverguide/C/vcs.xml:507(para)
5937
#: serverguide/C/vcs.xml:373(para)
5914
5938
msgid ""
5915
5939
"The svn+ssh:// protocol is used to access the Subversion repository using "
5916
5940
"SSL encryption. The data transfer is encrypted using this method. To access "
5920
5944
"svn+ssh:// 协议使用 SSL 加密来访问 Subversion 库。使用这种方式进行的数据传输是加密的。要访问项目库 (如 "
5921
5945
"checkout),您必须使用下面的命令语法:"
5922
5946
5923
#: serverguide/C/vcs.xml:514(command)
5947
#: serverguide/C/vcs.xml:515(command)
5924
5948
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5925
5949
msgstr ""
5926
5950
5927
#: serverguide/C/vcs.xml:518(para)
5951
#: serverguide/C/vcs.xml:384(para)
5928
5952
msgid ""
5929
5953
"You must use the full path (/path/to/repos/project) to access the Subversion "
5930
5954
"repository using this access method."
5931
5955
msgstr "使用这种访问方式您必须使用全路径 (/path/to/repos/project) 来访问 Subversion 库。"
5932
5956
5933
#: serverguide/C/vcs.xml:521(para)
5957
#: serverguide/C/vcs.xml:387(para)
5934
5958
msgid ""
5935
5959
"Based on server configuration, it prompts for password. You must enter the "
5936
5960
"password you use to login via ssh. Once you are authenticated, it checks out "
5938
5962
msgstr ""
5939
5963
"根据服务器配置,它将提示输入密码。在使用 ssh 登录时您必须输入密码。一旦您被认证通过之后,它将从 Subversion 库中检出代码。"
5940
5964
5941
#: serverguide/C/vcs.xml:536(ulink)
5965
#: serverguide/C/vcs.xml:539(ulink)
5942
5966
msgid "Bazaar Home Page"
5943
5967
msgstr "Bazaar主页"
5944
5968
5945
#: serverguide/C/vcs.xml:541(ulink)
5969
#: serverguide/C/vcs.xml:540(ulink)
5946
5970
msgid "Launchpad"
5947
5971
msgstr "Launchpad"
5948
5972
5949
#: serverguide/C/vcs.xml:546(ulink)
5973
#: serverguide/C/vcs.xml:547(ulink)
5950
5974
msgid "Git homepage"
5951
5975
msgstr ""
5952
5976
5953
#: serverguide/C/vcs.xml:551(ulink)
5977
#: serverguide/C/vcs.xml:552(ulink)
5954
5978
msgid "Gitolite"
5955
5979
msgstr ""
5956
5980
5957
#: serverguide/C/vcs.xml:556(ulink)
5981
#: serverguide/C/vcs.xml:541(ulink)
5958
5982
msgid "Subversion Home Page"
5959
5983
msgstr "Subversion 主页"
5960
5984
5961
#: serverguide/C/vcs.xml:561(ulink)
5985
#: serverguide/C/vcs.xml:542(ulink)
5962
5986
msgid "Subversion Book"
5963
5987
msgstr "Subversion 书 (使用Subversion进行版本控制)"
5964
5988
5965
#: serverguide/C/vcs.xml:566(ulink)
5989
#: serverguide/C/vcs.xml:545(ulink)
5966
5990
msgid "Easy Bazaar Ubuntu Wiki page"
5967
5991
msgstr ""
5968
5992
5969
#: serverguide/C/vcs.xml:571(ulink)
5993
#: serverguide/C/vcs.xml:546(ulink)
5970
5994
msgid "Ubuntu Wiki Subversion page"
5971
5995
msgstr ""
5972
5996
6032
6056
#: serverguide/C/serverguide.xml:17(para)
6033
6057
msgid ""
6034
6058
"Other contributors can be found in the revision history of the <ulink "
6035
"url=\"https://code.launchpad.net/serverguide\">serverguide</ulink> and "
6036
"<ulink url=\"https://code.launchpad.net/ubuntu-docs\">ubuntu-docs</ulink> "
6037
"bzr branches available on Launchpad."
6059
"url=\"https://bazaar.launchpad.net/~ubuntu-core-"
6060
"doc/serverguide/trunk/changes\">serverguide</ulink> and <ulink "
6061
"url=\"https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-"
6062
"docs/trunk/changes\">ubuntu-docs</ulink> bzr branches available on Launchpad."
6038
6063
msgstr ""
6039
6064
6040
6065
#: serverguide/C/serverguide.xml:12(para)
6137
6162
msgid "Configurations with root passwords are not supported."
6138
6163
msgstr ""
6139
6164
6140
#: serverguide/C/security.xml:42(command)
6165
#: serverguide/C/security.xml:37(command)
6141
6166
msgid "sudo passwd"
6142
6167
msgstr "sudo passwd"
6143
6168
6144
#: serverguide/C/security.xml:44(para)
6169
#: serverguide/C/security.xml:39(para)
6145
6170
msgid ""
6146
6171
"Sudo will prompt you for your password, and then ask you to supply a new "
6147
6172
"password for root as shown below:"
6148
6173
msgstr "Sudo会让你输入你的密码,接着会让你为root设置新密码:"
6149
6174
6150
#: serverguide/C/security.xml:47(computeroutput)
6175
#: serverguide/C/security.xml:42(computeroutput)
6151
6176
#, no-wrap
6152
6177
msgid "[sudo] password for username:"
6153
6178
msgstr ""
6154
6179
6155
#: serverguide/C/security.xml:47(userinput)
6180
#: serverguide/C/security.xml:42(userinput)
6156
6181
#, no-wrap
6157
6182
msgid "(enter your own password)"
6158
6183
msgstr "(输入你自己的密码)"
6159
6184
6160
#: serverguide/C/security.xml:48(computeroutput)
6185
#: serverguide/C/security.xml:43(computeroutput)
6161
6186
#, no-wrap
6162
6187
msgid "Enter new UNIX password:"
6163
6188
msgstr ""
6164
6189
6165
#: serverguide/C/security.xml:48(userinput)
6190
#: serverguide/C/security.xml:43(userinput)
6166
6191
#, no-wrap
6167
6192
msgid "(enter a new password for root)"
6168
6193
msgstr "(为 root 输入一个新密码)"
6169
6194
6170
#: serverguide/C/security.xml:49(computeroutput)
6195
#: serverguide/C/security.xml:44(computeroutput)
6171
6196
#, no-wrap
6172
6197
msgid "Retype new UNIX password:"
6173
6198
msgstr ""
6174
6199
6175
#: serverguide/C/security.xml:49(userinput)
6200
#: serverguide/C/security.xml:44(userinput)
6176
6201
#, no-wrap
6177
6202
msgid "(repeat new password for root)"
6178
6203
msgstr "(重复为 root 输入一个新密码)"
6179
6204
6180
#: serverguide/C/security.xml:50(computeroutput)
6205
#: serverguide/C/security.xml:45(computeroutput)
6181
6206
#, no-wrap
6182
6207
msgid "passwd: password updated successfully"
6183
6208
msgstr ""
6187
6212
"To disable the root account password, use the following passwd syntax:"
6188
6213
msgstr ""
6189
6214
6190
#: serverguide/C/security.xml:58(command)
6215
#: serverguide/C/security.xml:53(command)
6191
6216
msgid "sudo passwd -l root"
6192
6217
msgstr "sudo passwd -l root"
6193
6218
6200
6225
msgid "usermod --expiredate 1"
6201
6226
msgstr ""
6202
6227
6203
#: serverguide/C/security.xml:68(para)
6228
#: serverguide/C/security.xml:57(para)
6204
6229
msgid ""
6205
6230
"You should read more on <application>Sudo</application> by checking out it's "
6206
6231
"man page:"
6207
6232
msgstr "你应该到<application>Sudo</application>的man帮助信息里阅读更多有关信息:"
6208
6233
6209
#: serverguide/C/security.xml:72(command)
6234
#: serverguide/C/security.xml:61(command)
6210
6235
msgid "man sudo"
6211
6236
msgstr "man sudo"
6212
6237
6220
6245
"<emphasis>sudo</emphasis> group."
6221
6246
msgstr ""
6222
6247
6223
#: serverguide/C/security.xml:82(title)
6248
#: serverguide/C/security.xml:71(title)
6224
6249
msgid "Adding and Deleting Users"
6225
6250
msgstr "添加和删除用户"
6226
6251
6227
#: serverguide/C/security.xml:83(para)
6252
#: serverguide/C/security.xml:72(para)
6228
6253
msgid ""
6229
6254
"The process for managing local users and groups is straight forward and "
6230
6255
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
6234
6259
"管理本地用户和组的过程是很直接的,对于大多数其他GNU/Linux操作系统而言差异很小。Ubuntu和其他基于Debian的发行版,都鼓励使用\"addu"
6235
6260
"ser\"包来管理用户。"
6236
6261
6237
#: serverguide/C/security.xml:88(para)
6262
#: serverguide/C/security.xml:77(para)
6238
6263
msgid ""
6239
6264
"To add a user account, use the following syntax, and follow the prompts to "
6240
6265
"give the account a password and identifiable characteristics such as a full "
6241
6266
"name, phone number, etc."
6242
6267
msgstr "如需添加帐户,请使用下述语句,并根据提示给帐户设置密码以及可识别的特征(如全名,电话等)。"
6243
6268
6244
#: serverguide/C/security.xml:92(command)
6269
#: serverguide/C/security.xml:81(command)
6245
6270
msgid "sudo adduser username"
6246
6271
msgstr "sudo adduser username"
6247
6272
6248
#: serverguide/C/security.xml:96(para)
6273
#: serverguide/C/security.xml:85(para)
6249
6274
msgid ""
6250
6275
"To delete a user account and its primary group, use the following syntax:"
6251
6276
msgstr "要删除一个用户及其主要组别,使用如下命令:"
6252
6277
6253
#: serverguide/C/security.xml:100(command)
6278
#: serverguide/C/security.xml:89(command)
6254
6279
msgid "sudo deluser username"
6255
6280
msgstr "sudo deluser username"
6256
6281
6257
#: serverguide/C/security.xml:102(para)
6282
#: serverguide/C/security.xml:91(para)
6258
6283
msgid ""
6259
6284
"Deleting an account does not remove their respective home folder. It is up "
6260
6285
"to you whether or not you wish to delete the folder manually or keep it "
6261
6286
"according to your desired retention policies."
6262
6287
msgstr "删除一个帐号并不会同时删除其相应的home文件夹。要你自己决定性是手动把它删掉还是根据你的保留政策而将其留下来。"
6263
6288
6264
#: serverguide/C/security.xml:105(para)
6289
#: serverguide/C/security.xml:94(para)
6265
6290
msgid ""
6266
6291
"Remember, any user added later on with the same UID/GID as the previous "
6267
6292
"owner will now have access to this folder if you have not taken the "
6268
6293
"necessary precautions."
6269
6294
msgstr "请记住,如果不采取预防措施,将来添加的任何与以前拥有者相同UID/GID的用户都能够进入到此文件夹。"
6270
6295
6271
#: serverguide/C/security.xml:108(para)
6296
#: serverguide/C/security.xml:97(para)
6272
6297
msgid ""
6273
6298
"You may want to change these UID/GID values to something more appropriate, "
6274
6299
"such as the root account, and perhaps even relocate the folder to avoid "
6275
6300
"future conflicts:"
6276
6301
msgstr "你可以将这些UID/GID改成比较合适的值,如根帐户,或许将文件夹也移至新位置以避免将来发生的冲突。"
6277
6302
6278
#: serverguide/C/security.xml:112(command)
6303
#: serverguide/C/security.xml:101(command)
6279
6304
msgid "sudo chown -R root:root /home/username/"
6280
6305
msgstr "sudo chown -R root:root /home/username/"
6281
6306
6282
#: serverguide/C/security.xml:113(command)
6307
#: serverguide/C/security.xml:102(command)
6283
6308
msgid "sudo mkdir /home/archived_users/"
6284
6309
msgstr "sudo mkdir /home/archived_users/"
6285
6310
6286
#: serverguide/C/security.xml:114(command)
6311
#: serverguide/C/security.xml:103(command)
6287
6312
msgid "sudo mv /home/username /home/archived_users/"
6288
6313
msgstr "sudo mv /home/username /home/archived_users/"
6289
6314
6290
#: serverguide/C/security.xml:118(para)
6315
#: serverguide/C/security.xml:107(para)
6291
6316
msgid ""
6292
6317
"To temporarily lock or unlock a user account, use the following syntax, "
6293
6318
"respectively:"
6294
6319
msgstr "要暂时锁住或解锁一个用户帐户,请相应地使用如下命令语句:"
6295
6320
6296
#: serverguide/C/security.xml:122(command)
6321
#: serverguide/C/security.xml:111(command)
6297
6322
msgid "sudo passwd -l username"
6298
6323
msgstr "sudo passwd -l 用户名"
6299
6324
6300
#: serverguide/C/security.xml:123(command)
6325
#: serverguide/C/security.xml:112(command)
6301
6326
msgid "sudo passwd -u username"
6302
6327
msgstr "sudo passwd -u 用户名"
6303
6328
6304
#: serverguide/C/security.xml:127(para)
6329
#: serverguide/C/security.xml:116(para)
6305
6330
msgid ""
6306
6331
"To add or delete a personalized group, use the following syntax, "
6307
6332
"respectively:"
6308
6333
msgstr "要添加或删除一个个性化组,请相应地使用如下命令语句:"
6309
6334
6310
#: serverguide/C/security.xml:131(command)
6335
#: serverguide/C/security.xml:120(command)
6311
6336
msgid "sudo addgroup groupname"
6312
6337
msgstr "sudo addgroup groupname"
6313
6338
6314
#: serverguide/C/security.xml:132(command)
6339
#: serverguide/C/security.xml:121(command)
6315
6340
msgid "sudo delgroup groupname"
6316
6341
msgstr "sudo delgroup 组名称"
6317
6342
6318
#: serverguide/C/security.xml:136(para)
6343
#: serverguide/C/security.xml:125(para)
6319
6344
msgid "To add a user to a group, use the following syntax:"
6320
6345
msgstr "要将一个用户加入到某个组,请使用如下命令语句:"
6321
6346
6322
#: serverguide/C/security.xml:140(command)
6347
#: serverguide/C/security.xml:129(command)
6323
6348
msgid "sudo adduser username groupname"
6324
6349
msgstr "sudo adduser username groupname"
6325
6350
6326
#: serverguide/C/security.xml:147(title)
6351
#: serverguide/C/security.xml:136(title)
6327
6352
msgid "User Profile Security"
6328
6353
msgstr "用户资料安全"
6329
6354
6330
#: serverguide/C/security.xml:148(para)
6355
#: serverguide/C/security.xml:137(para)
6331
6356
msgid ""
6332
6357
"When a new user is created, the adduser utility creates a brand new home "
6333
6358
"directory named <filename class=\"directory\">/home/username</filename>, "
6339
6364
"class=\"directory\">/home/username</filename>的home目录。默认的资料是复制目录<filename "
6340
6365
"class=\"directory\">/etc/skel</filename>中发现的内容,里面包含所有的基本信息。"
6341
6366
6342
#: serverguide/C/security.xml:151(para)
6367
#: serverguide/C/security.xml:140(para)
6343
6368
msgid ""
6344
6369
"If your server will be home to multiple users, you should pay close "
6345
6370
"attention to the user home directory permissions to ensure confidentiality. "
6351
6376
"如果你的服务器是供多人使用,那你就应该注意一下用户主目录的权限问题,以保安全。默认情况下,Ubuntu用户的主目录在创建时是被赋予写/执行权限。这意味着所"
6352
6377
"有的用户都能够进入并浏览到其他用户的主目录里的内容。这对你的现状可能并不适用。"
6353
6378
6354
#: serverguide/C/security.xml:156(para)
6379
#: serverguide/C/security.xml:145(para)
6355
6380
msgid ""
6356
6381
"To verify your current users home directory permissions, use the following "
6357
6382
"syntax:"
6358
6383
msgstr "要查验你的当前用户home目录权限,请使用如下命令语句:"
6359
6384
6360
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6385
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6361
6386
msgid "ls -ld /home/username"
6362
6387
msgstr "ls -ld /home/username"
6363
6388
6364
#: serverguide/C/security.xml:162(para)
6389
#: serverguide/C/security.xml:151(para)
6365
6390
msgid ""
6366
6391
"The following output shows that the directory <filename "
6367
6392
"class=\"directory\">/home/username</filename> has world readable permissions:"
6368
6393
msgstr ""
6369
6394
"下列输出显示目录<filename class=\"directory\">/home/username</filename>拥有普遍读权限:"
6370
6395
6371
#: serverguide/C/security.xml:165(computeroutput)
6396
#: serverguide/C/security.xml:154(computeroutput)
6372
6397
#, no-wrap
6373
6398
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6374
6399
msgstr "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6375
6400
6376
#: serverguide/C/security.xml:169(para)
6401
#: serverguide/C/security.xml:158(para)
6377
6402
msgid ""
6378
6403
"You can remove the world readable permissions using the following syntax:"
6379
6404
msgstr "你可以使用如下命令语句移除普遍读权限:"
6380
6405
6381
#: serverguide/C/security.xml:173(command)
6406
#: serverguide/C/security.xml:162(command)
6382
6407
msgid "sudo chmod 0750 /home/username"
6383
6408
msgstr "sudo chmod 0750 /home/username"
6384
6409
6385
#: serverguide/C/security.xml:176(para)
6410
#: serverguide/C/security.xml:165(para)
6386
6411
msgid ""
6387
6412
"Some people tend to use the recursive option (-R) indiscriminately which "
6388
6413
"modifies all child folders and files, but this is not necessary, and may "
6392
6417
"有些人喜欢不分青红皂白地对子文件夹和文件使用递归选项(-"
6393
6418
"R),其实这并没有必要,有时甚至会产生不必要的麻烦。仅使用父目录会阻止任何对父目录下的非经授权的闯入。"
6394
6419
6395
#: serverguide/C/security.xml:180(para)
6420
#: serverguide/C/security.xml:169(para)
6396
6421
msgid ""
6397
6422
"A much more efficient approach to the matter would be to modify the "
6398
6423
"<application>adduser</application> global default permissions when creating "
6405
6430
"filename>/etc/adduser.conf</filename>文件和修改<varname>DIR_MODE</varname>变量,这样新用户"
6406
6431
"目录就会接受正确的权限。"
6407
6432
6408
#: serverguide/C/security.xml:183(programlisting)
6433
#: serverguide/C/security.xml:172(programlisting)
6409
6434
#, no-wrap
6410
6435
msgid ""
6411
6436
"\n"
6414
6439
"\n"
6415
6440
"DIR_MODE=0750\n"
6416
6441
6417
#: serverguide/C/security.xml:188(para)
6442
#: serverguide/C/security.xml:177(para)
6418
6443
msgid ""
6419
6444
"After correcting the directory permissions using any of the previously "
6420
6445
"mentioned techniques, verify the results using the following syntax:"
6421
6446
msgstr "在用了之前提到的技术更改过目录的权限后,使用如下命令语句来验证结果:"
6422
6447
6423
#: serverguide/C/security.xml:194(para)
6448
#: serverguide/C/security.xml:183(para)
6424
6449
msgid ""
6425
6450
"The results below show that world readable permissions have been removed:"
6426
6451
msgstr "结果显示普遍权限已被移除:"
6427
6452
6428
#: serverguide/C/security.xml:197(computeroutput)
6453
#: serverguide/C/security.xml:186(computeroutput)
6429
6454
#, no-wrap
6430
6455
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6431
6456
msgstr "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6432
6457
6433
#: serverguide/C/security.xml:204(title)
6458
#: serverguide/C/security.xml:193(title)
6434
6459
msgid "Password Policy"
6435
6460
msgstr "密码策略"
6436
6461
6437
#: serverguide/C/security.xml:205(para)
6462
#: serverguide/C/security.xml:194(para)
6438
6463
msgid ""
6439
6464
"A strong password policy is one of the most important aspects of your "
6440
6465
"security posture. Many successful security breaches involve simple brute "
6446
6471
"在您的安全状态中一个强大的密码策略是其中一个最重要的方面。许多成功的安全漏洞涉及穷举和字典攻击弱密码。如果您打算提供任何形式的远程访问涉及您当地的密码系统"
6447
6472
",确保您充分解决最低密码复杂性的要求,密码最长寿命,和频繁发生的审计您的系统验证。"
6448
6473
6449
#: serverguide/C/security.xml:209(title)
6474
#: serverguide/C/security.xml:198(title)
6450
6475
msgid "Minimum Password Length"
6451
6476
msgstr "最小密码长度"
6452
6477
6453
#: serverguide/C/security.xml:210(para)
6478
#: serverguide/C/security.xml:199(para)
6454
6479
msgid ""
6455
6480
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6456
6481
"well as some basic entropy checks. These values are controlled in the file "
6464
6489
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6465
6490
msgstr ""
6466
6491
6467
#: serverguide/C/security.xml:216(para)
6492
#: serverguide/C/security.xml:205(para)
6468
6493
msgid ""
6469
6494
"If you would like to adjust the minimum length to 8 characters, change the "
6470
6495
"appropriate variable to min=8. The modification is outlined below."
6478
6503
"minlen=8\n"
6479
6504
msgstr ""
6480
6505
6481
#: serverguide/C/security.xml:223(para)
6506
#: serverguide/C/security.xml:212(para)
6482
6507
msgid ""
6483
6508
"Basic password entropy checks and minimum length rules do not apply to the "
6484
6509
"administrator using sudo level commands to setup a new user."
6485
6510
msgstr ""
6486
6511
6487
#: serverguide/C/security.xml:229(title)
6512
#: serverguide/C/security.xml:218(title)
6488
6513
msgid "Password Expiration"
6489
6514
msgstr "密码过期"
6490
6515
6491
#: serverguide/C/security.xml:230(para)
6516
#: serverguide/C/security.xml:219(para)
6492
6517
msgid ""
6493
6518
"When creating user accounts, you should make it a policy to have a minimum "
6494
6519
"and maximum password age forcing users to change their passwords when they "
6495
6520
"expire."
6496
6521
msgstr "当创建用户帐户时,你应该使用最短和最长密码期效来强迫用户在密码过期时改变他们的密码。"
6497
6522
6498
#: serverguide/C/security.xml:235(para)
6523
#: serverguide/C/security.xml:224(para)
6499
6524
msgid ""
6500
6525
"To easily view the current status of a user account, use the following "
6501
6526
"syntax:"
6502
6527
msgstr "要简易地查看某用户的当前状态,使用如下命令语句:"
6503
6528
6504
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6529
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6505
6530
msgid "sudo chage -l username"
6506
6531
msgstr "sudo chage -l username"
6507
6532
6508
#: serverguide/C/security.xml:241(para)
6533
#: serverguide/C/security.xml:230(para)
6509
6534
msgid ""
6510
6535
"The output below shows interesting facts about the user account, namely that "
6511
6536
"there are no policies applied:"
6512
6537
msgstr "下面输出显示了有关这个用户帐户的有趣事实,即其未应用任何策略:"
6513
6538
6514
#: serverguide/C/security.xml:244(computeroutput)
6539
#: serverguide/C/security.xml:233(computeroutput)
6515
6540
#, no-wrap
6516
6541
msgid ""
6517
6542
"Last password change : Jan 20, 2008\n"
6530
6555
"两次密码改变这间最多天数 : 99999\n"
6531
6556
"密码过期前警告天数 : 7"
6532
6557
6533
#: serverguide/C/security.xml:254(para)
6558
#: serverguide/C/security.xml:243(para)
6534
6559
msgid ""
6535
6560
"To set any of these values, simply use the following syntax, and follow the "
6536
6561
"interactive prompts:"
6537
6562
msgstr "要设置其中任何一个值,使用以下语法,并跟随交互的提示:"
6538
6563
6539
#: serverguide/C/security.xml:258(command)
6564
#: serverguide/C/security.xml:247(command)
6540
6565
msgid "sudo chage username"
6541
6566
msgstr "sudo chage username"
6542
6567
6543
#: serverguide/C/security.xml:260(para)
6568
#: serverguide/C/security.xml:249(para)
6544
6569
msgid ""
6545
6570
"The following is also an example of how you can manually change the explicit "
6546
6571
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6551
6576
"下面也是一个关于让你如何手动更改明确过期日期(-E)到01/31/2008,5天的最短密码寿命(-m),90天的最长密码寿命(-"
6552
6577
"M),密码过期后5天的不活动期(-I),以及密码过期前14天的警告时段(-W)。"
6553
6578
6554
#: serverguide/C/security.xml:264(command)
6579
#: serverguide/C/security.xml:253(command)
6555
6580
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6556
6581
msgstr ""
6557
6582
6558
#: serverguide/C/security.xml:268(para)
6583
#: serverguide/C/security.xml:257(para)
6559
6584
msgid "To verify changes, use the same syntax as mentioned previously:"
6560
6585
msgstr "要确认更改,请使用前面提到的相同命令语句:"
6561
6586
6562
#: serverguide/C/security.xml:274(para)
6587
#: serverguide/C/security.xml:263(para)
6563
6588
msgid ""
6564
6589
"The output below shows the new policies that have been established for the "
6565
6590
"account:"
6566
6591
msgstr "以下的输出显示对帐号的新策略已建立:"
6567
6592
6568
#: serverguide/C/security.xml:277(computeroutput)
6593
#: serverguide/C/security.xml:266(computeroutput)
6569
6594
#, no-wrap
6570
6595
msgid ""
6571
6596
"Last password change : Jan 20, 2008\n"
6584
6609
"两次密码更改之间最多天数 : 90\n"
6585
6610
"密码过期前警告天数 : 14"
6586
6611
6587
#: serverguide/C/security.xml:293(title)
6612
#: serverguide/C/security.xml:282(title)
6588
6613
msgid "Other Security Considerations"
6589
6614
msgstr "其它安全注意事项"
6590
6615
6591
#: serverguide/C/security.xml:294(para)
6616
#: serverguide/C/security.xml:283(para)
6592
6617
msgid ""
6593
6618
"Many applications use alternate authentication mechanisms that can be easily "
6594
6619
"overlooked by even experienced system administrators. Therefore, it is "
6596
6621
"to services and applications on your server."
6597
6622
msgstr "许多程序使用交替谁机制,即使是有经验的系统管理员也很容易对其忽视。因此,理解并控制用户获得认证和并进入你的服务器上的服务和程序就很重要。"
6598
6623
6599
#: serverguide/C/security.xml:299(title)
6624
#: serverguide/C/security.xml:288(title)
6600
6625
msgid "SSH Access by Disabled Users"
6601
6626
msgstr "已禁用用户试图通过SSH连入"
6602
6627
6603
#: serverguide/C/security.xml:300(para)
6628
#: serverguide/C/security.xml:289(para)
6604
6629
msgid ""
6605
6630
"Simply disabling/locking a user account will not prevent a user from logging "
6606
6631
"into your server remotely if they have previously set up RSA public key "
6613
6638
"的访问权,并且不需要任何密码。记住检查用户的 home 目录,查看是否有允许这类 SSH "
6614
6639
"访问验证的文件。例如:<filename>/home/username/.ssh/authorized_keys</filename>"
6615
6640
6616
#: serverguide/C/security.xml:303(para)
6641
#: serverguide/C/security.xml:292(para)
6617
6642
msgid ""
6618
6643
"Remove or rename the directory <filename "
6619
6644
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6622
6647
"将用户home文件夹下面的目录<filename "
6623
6648
"class=\"directory\">.ssh/</filename>删除或改名,以防止将来自动获得SSH认证权限。"
6624
6649
6625
#: serverguide/C/security.xml:306(para)
6650
#: serverguide/C/security.xml:295(para)
6626
6651
msgid ""
6627
6652
"Be sure to check for any established SSH connections by the disabled user, "
6628
6653
"as it is possible they may have existing inbound or outbound connections. "
6645
6670
"<placeholder-2/>\n"
6646
6671
msgstr ""
6647
6672
6648
#: serverguide/C/security.xml:313(para)
6673
#: serverguide/C/security.xml:298(para)
6649
6674
msgid ""
6650
6675
"Restrict SSH access to only user accounts that should have it. For example, "
6651
6676
"you may create a group called \"sshlogin\" and add the group name as the "
6655
6680
"限制只有适当的用户拥有SSH的读取权限。例如,您可以生成一个叫做\"sshlogin\"的用户组,然后把和文件<filename>/etc/ssh/ssh"
6656
6681
"d_config</filename>中的<varname>AllowGroups</varname>变量关联起来。"
6657
6682
6658
#: serverguide/C/security.xml:316(programlisting)
6683
#: serverguide/C/security.xml:301(programlisting)
6659
6684
#, no-wrap
6660
6685
msgid ""
6661
6686
"\n"
6664
6689
"\n"
6665
6690
"允许 ssh 组登陆\n"
6666
6691
6667
#: serverguide/C/security.xml:319(para)
6692
#: serverguide/C/security.xml:304(para)
6668
6693
msgid ""
6669
6694
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6670
6695
"SSH service."
6671
6696
msgstr "然后将你允许的SSH用户添加到\"sshlogin\"组,并重启SSH服务。"
6672
6697
6673
#: serverguide/C/security.xml:323(command)
6698
#: serverguide/C/security.xml:308(command)
6674
6699
msgid "sudo adduser username sshlogin"
6675
6700
msgstr "sudo adduser 用户名 sshlogin"
6676
6701
6677
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6702
#: serverguide/C/security.xml:309(command)
6678
6703
msgid "sudo service ssh restart"
6679
6704
msgstr ""
6680
6705
6681
#: serverguide/C/security.xml:328(title)
6706
#: serverguide/C/security.xml:313(title)
6682
6707
msgid "External User Database Authentication"
6683
6708
msgstr "外部用户数据库认证"
6684
6709
6685
#: serverguide/C/security.xml:329(para)
6710
#: serverguide/C/security.xml:314(para)
6686
6711
msgid ""
6687
6712
"Most enterprise networks require centralized authentication and access "
6688
6713
"controls for all system resources. If you have configured your server to "
6693
6718
"绝大多数企业网络对所有系统资源实行中心认证和准入控制。如果你配置你的服务来授权用户使用外部数据库,一定要将用户的帐号于外部和本地都予以禁用,以免其获得本地"
6694
6719
"后退认证。"
6695
6720
6696
#: serverguide/C/security.xml:338(title)
6721
#: serverguide/C/security.xml:323(title)
6697
6722
msgid "Console Security"
6698
6723
msgstr "控制台安全"
6699
6724
6700
#: serverguide/C/security.xml:339(para)
6725
#: serverguide/C/security.xml:324(para)
6701
6726
msgid ""
6702
6727
"As with any other security barrier you put in place to protect your server, "
6703
6728
"it is pretty tough to defend against untold damage caused by someone with "
6709
6734
"basic precautions with regard to console security."
6710
6735
msgstr ""
6711
6736
6712
#: serverguide/C/security.xml:342(para)
6737
#: serverguide/C/security.xml:327(para)
6713
6738
msgid ""
6714
6739
"The following instructions will help defend your server against issues that "
6715
6740
"could otherwise yield very serious consequences."
6716
6741
msgstr "以下建议会帮你避开那些会让你遭受严重后果的事件。"
6717
6742
6718
#: serverguide/C/security.xml:347(title)
6743
#: serverguide/C/security.xml:332(title)
6719
6744
msgid "Disable Ctrl+Alt+Delete"
6720
6745
msgstr "禁用 Ctrl+Alt+Delete"
6721
6746
6722
#: serverguide/C/security.xml:348(para)
6747
#: serverguide/C/security.xml:333(para)
6723
6748
msgid ""
6724
6749
"First and foremost, anyone that has physical access to the keyboard can "
6725
6750
"simply use the "
6734
6759
"p><keycap>Delete</keycap></keycombo>的组合键来重启服务器,而不需要登录。而且,任何人都可以很轻易的拔掉电源,不过您应该"
6735
6760
"防止在一个生产用的服务器上使用这个组合键。这将导致攻击者使用更加激烈的方式来重启服务器或者在某些时候防止意外的重启。"
6736
6761
6737
#: serverguide/C/security.xml:353(para)
6762
#: serverguide/C/security.xml:338(para)
6738
6763
msgid ""
6739
6764
"To disable the reboot action taken by pressing the "
6740
6765
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6742
6767
"<filename>/etc/init/control-alt-delete.conf</filename>."
6743
6768
msgstr ""
6744
6769
6745
#: serverguide/C/security.xml:356(programlisting)
6770
#: serverguide/C/security.xml:341(programlisting)
6746
6771
#, no-wrap
6747
6772
msgid ""
6748
6773
"\n"
6749
6774
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6750
6775
msgstr ""
6751
6776
6752
#: serverguide/C/security.xml:365(title)
6777
#: serverguide/C/security.xml:350(title)
6753
6778
msgid "Firewall"
6754
6779
msgstr "防火墙"
6755
6780
6756
#: serverguide/C/security.xml:368(para)
6781
#: serverguide/C/security.xml:353(para)
6757
6782
msgid ""
6758
6783
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6759
6784
"which is used to manipulate or decide the fate of network traffic headed "
6763
6788
"Linux 内核包括 <emphasis>Netfilter</emphasis> 子系统,用来处理或决定网络传输头部进入或穿过你的服务器,目前所有的 "
6764
6789
"Linux 防火墙都用该系统来做包过滤。"
6765
6790
6766
#: serverguide/C/security.xml:373(para)
6791
#: serverguide/C/security.xml:358(para)
6767
6792
msgid ""
6768
6793
"The kernel's packet filtering system would be of little use to "
6769
6794
"administrators without a userspace interface to manage it. This is the "
6777
6802
"的目的。当一个包到达您的服务器,它从用户态 (userspace) 通过 iptables 传给 Netfilter "
6778
6803
"子系统,然后基于提供的规则去接受、操作或拒绝。因此,如果你能熟悉它的话,那么 iptables 就是您管理您防火墙所需的全部。"
6779
6804
6780
#: serverguide/C/security.xml:383(title)
6805
#: serverguide/C/security.xml:368(title)
6781
6806
msgid "ufw - Uncomplicated Firewall"
6782
6807
msgstr "ufw - 不复杂的防火墙"
6783
6808
6784
#: serverguide/C/security.xml:384(para)
6809
#: serverguide/C/security.xml:369(para)
6785
6810
msgid ""
6786
6811
"The default firewall configuration tool for Ubuntu is "
6787
6812
"<application>ufw</application>. Developed to ease iptables firewall "
6791
6816
"Ubuntu默认的防火墙配置工具是<application>ufw</application>。为了使得iptables防火墙的配置轻松而开发的<appl"
6792
6817
"ication>ufw</application>为用户提供了一种友好的方式来创建基于主机的IPv4或IPv6防火墙。"
6793
6818
6794
#: serverguide/C/security.xml:388(para)
6819
#: serverguide/C/security.xml:373(para)
6795
6820
msgid ""
6796
6821
"<application>ufw</application> by default is initially disabled. From the "
6797
6822
"<application>ufw</application> man page:"
6799
6824
"默认情况下,<application>ufw</application>处于禁用状态. <application>ufw</application> "
6800
6825
"man页面讲到:"
6801
6826
6802
#: serverguide/C/security.xml:392(quote)
6827
#: serverguide/C/security.xml:377(quote)
6803
6828
msgid ""
6804
6829
"ufw is not intended to provide complete firewall functionality via its "
6805
6830
"command interface, but instead provides an easy way to add or remove simple "
6806
6831
"rules. It is currently mainly used for host-based firewalls."
6807
6832
msgstr "ufw并非意于通过其命令行界面提供完备的防火墙功能,而是为添加或删除简单规则提供了简易的方法。目前主要用于基于主机的防火墙。"
6808
6833
6809
#: serverguide/C/security.xml:396(para)
6834
#: serverguide/C/security.xml:381(para)
6810
6835
msgid ""
6811
6836
"The following are some examples of how to use <application>ufw</application>:"
6812
6837
msgstr "下面是几个关于如何使用<application>ufw</application>的例子:"
6813
6838
6814
#: serverguide/C/security.xml:401(para)
6839
#: serverguide/C/security.xml:386(para)
6815
6840
msgid ""
6816
6841
"First, <application>ufw</application> needs to be enabled. From a terminal "
6817
6842
"prompt enter:"
6818
6843
msgstr "首先,<application>ufw</application>要被激活。在终端里输入:"
6819
6844
6820
#: serverguide/C/security.xml:405(command)
6845
#: serverguide/C/security.xml:390(command)
6821
6846
msgid "sudo ufw enable"
6822
6847
msgstr "sudo ufw enable"
6823
6848
6824
#: serverguide/C/security.xml:409(para)
6849
#: serverguide/C/security.xml:394(para)
6825
6850
msgid "To open a port (ssh in this example):"
6826
6851
msgstr "打开一个通信端口(本例中是ssh):"
6827
6852
6828
#: serverguide/C/security.xml:413(command)
6853
#: serverguide/C/security.xml:398(command)
6829
6854
msgid "sudo ufw allow 22"
6830
6855
msgstr "sudo ufw allow 22"
6831
6856
6832
#: serverguide/C/security.xml:417(para)
6857
#: serverguide/C/security.xml:402(para)
6833
6858
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6834
6859
msgstr "规则同样可以使用一个<emphasis>numbered</emphais>格式来添加:"
6835
6860
6836
#: serverguide/C/security.xml:421(command)
6861
#: serverguide/C/security.xml:406(command)
6837
6862
msgid "sudo ufw insert 1 allow 80"
6838
6863
msgstr "sudo ufw insert 1 allow 80"
6839
6864
6840
#: serverguide/C/security.xml:425(para)
6865
#: serverguide/C/security.xml:410(para)
6841
6866
msgid "Similarly, to close an opened port:"
6842
6867
msgstr "相应地,关闭一个打开的通信端口:"
6843
6868
6844
#: serverguide/C/security.xml:429(command)
6869
#: serverguide/C/security.xml:414(command)
6845
6870
msgid "sudo ufw deny 22"
6846
6871
msgstr "sudo ufw deny 22"
6847
6872
6848
#: serverguide/C/security.xml:433(para)
6873
#: serverguide/C/security.xml:418(para)
6849
6874
msgid "To remove a rule, use delete followed by the rule:"
6850
6875
msgstr "要删除一条规则,使用delete加上要删的规则:"
6851
6876
6852
#: serverguide/C/security.xml:437(command)
6877
#: serverguide/C/security.xml:422(command)
6853
6878
msgid "sudo ufw delete deny 22"
6854
6879
msgstr "sudo ufw delete deny 22"
6855
6880
6856
#: serverguide/C/security.xml:441(para)
6881
#: serverguide/C/security.xml:426(para)
6857
6882
msgid ""
6858
6883
"It is also possible to allow access from specific hosts or networks to a "
6859
6884
"port. The following example allows ssh access from host 192.168.0.2 to any "
6860
6885
"ip address on this host:"
6861
6886
msgstr "也可以允许从某些特定的主机或网络进入某通信口。下面的例子可用允许主机192.168.0.2通过ssh进入到本主机的任何ip地址:"
6862
6887
6863
#: serverguide/C/security.xml:446(command)
6888
#: serverguide/C/security.xml:431(command)
6864
6889
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6865
6890
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6866
6891
6867
#: serverguide/C/security.xml:448(para)
6892
#: serverguide/C/security.xml:433(para)
6868
6893
msgid ""
6869
6894
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6870
6895
"subnet."
6871
6896
msgstr "用192.168.0.0/24替换掉192.168.0.2就可以允许ssh到整个子网。"
6872
6897
6873
#: serverguide/C/security.xml:454(para)
6898
#: serverguide/C/security.xml:439(para)
6874
6899
msgid ""
6875
6900
"Adding the <emphasis>--dry-run</emphasis> option to a "
6876
6901
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6880
6905
"在<emphasis>ufw</emphasis>命令中添加<emphasis>--dry-"
6881
6906
"run</emphasis>选项将输出结果规则,但并不添加它们。举例来说,下面是将在打开HTTP端口的时候添加的内容:"
6882
6907
6883
#: serverguide/C/security.xml:460(command)
6908
#: serverguide/C/security.xml:445(command)
6884
6909
msgid "sudo ufw --dry-run allow http"
6885
6910
msgstr "sudo ufw --dry-run allow http"
6886
6911
6887
#: serverguide/C/security.xml:464(computeroutput)
6912
#: serverguide/C/security.xml:449(computeroutput)
6888
6913
#, no-wrap
6889
6914
msgid ""
6890
6915
"*filter\n"
6931
6956
"COMMIT\n"
6932
6957
"规则更新"
6933
6958
6934
#: serverguide/C/security.xml:488(para)
6959
#: serverguide/C/security.xml:473(para)
6935
6960
msgid "<application>ufw</application> can be disabled by:"
6936
6961
msgstr "<application>ufw</application>可以通过下列命令来禁用:"
6937
6962
6938
#: serverguide/C/security.xml:492(command)
6963
#: serverguide/C/security.xml:477(command)
6939
6964
msgid "sudo ufw disable"
6940
6965
msgstr "sudo ufw disable"
6941
6966
6942
#: serverguide/C/security.xml:496(para)
6967
#: serverguide/C/security.xml:481(para)
6943
6968
msgid "To see the firewall status, enter:"
6944
6969
msgstr "查看防火墙状态,键入:"
6945
6970
6946
#: serverguide/C/security.xml:500(command)
6971
#: serverguide/C/security.xml:485(command)
6947
6972
msgid "sudo ufw status"
6948
6973
msgstr "sudo ufw status"
6949
6974
6950
#: serverguide/C/security.xml:504(para)
6975
#: serverguide/C/security.xml:489(para)
6951
6976
msgid "And for more verbose status information use:"
6952
6977
msgstr "以及更详细的状态信息请使用:"
6953
6978
6954
#: serverguide/C/security.xml:508(command)
6979
#: serverguide/C/security.xml:493(command)
6955
6980
msgid "sudo ufw status verbose"
6956
6981
msgstr "sudo ufw status verbose"
6957
6982
6958
#: serverguide/C/security.xml:512(para)
6983
#: serverguide/C/security.xml:497(para)
6959
6984
msgid "To view the <emphasis>numbered</emphasis> format:"
6960
6985
msgstr "要查看<emphasis>numbered</emphasis>格式:"
6961
6986
6962
#: serverguide/C/security.xml:516(command)
6987
#: serverguide/C/security.xml:501(command)
6963
6988
msgid "sudo ufw status numbered"
6964
6989
msgstr "sudo ufw status numbered"
6965
6990
6966
#: serverguide/C/security.xml:521(para)
6991
#: serverguide/C/security.xml:506(para)
6967
6992
msgid ""
6968
6993
"If the port you want to open or close is defined in "
6969
6994
"<filename>/etc/services</filename>, you can use the port name instead of the "
6973
6998
"如果你要打开或关闭的端口在<filename>/etc/services</filename>中已经定义了,你可以使用端口名称代替端口号。在上面的例子中,"
6974
6999
"将<emphasis>22</emphasis>用<emphasis>ssh</emphasis>代替。"
6975
7000
6976
#: serverguide/C/security.xml:527(para)
7001
#: serverguide/C/security.xml:512(para)
6977
7002
msgid ""
6978
7003
"This is a quick introduction to using <application>ufw</application>. Please "
6979
7004
"refer to the <application>ufw</application> man page for more information."
6981
7006
"这是一个使用<application>ufw</application>的快速介绍。请参阅<application>ufw</application>的m"
6982
7007
"an页面来获得更多信息。"
6983
7008
6984
#: serverguide/C/security.xml:533(title)
7009
#: serverguide/C/security.xml:518(title)
6985
7010
msgid "ufw Application Integration"
6986
7011
msgstr "ufw 应用集成"
6987
7012
6988
#: serverguide/C/security.xml:535(para)
7013
#: serverguide/C/security.xml:520(para)
6989
7014
msgid ""
6990
7015
"Applications that open ports can include an <application>ufw</application> "
6991
7016
"profile, which details the ports needed for the application to function "
6997
7022
"个预设文件包含在<filename "
6998
7023
"role=\"directory\">/etc/ufw/applications.d</filename>,在默认端口发生改变的时候可以进行编辑。"
6999
7024
7000
#: serverguide/C/security.xml:544(para)
7025
#: serverguide/C/security.xml:529(para)
7001
7026
msgid ""
7002
7027
"To view which applications have installed a profile, enter the following in "
7003
7028
"a terminal:"
7004
7029
msgstr "要查看已安装程序的配置文件,请在终端里键入以下内容:"
7005
7030
7006
#: serverguide/C/security.xml:549(command)
7031
#: serverguide/C/security.xml:534(command)
7007
7032
msgid "sudo ufw app list"
7008
7033
msgstr "sudo ufw app list"
7009
7034
7010
#: serverguide/C/security.xml:555(para)
7035
#: serverguide/C/security.xml:540(para)
7011
7036
msgid ""
7012
7037
"Similar to allowing traffic to a port, using an application profile is "
7013
7038
"accomplished by entering:"
7014
7039
msgstr "就像允许车辆到一个路口,可以通过输入下面的内容来使用一个应用程序预设文件。"
7015
7040
7016
#: serverguide/C/security.xml:560(command)
7041
#: serverguide/C/security.xml:545(command)
7017
7042
msgid "sudo ufw allow Samba"
7018
7043
msgstr "sudo ufw allow Samba"
7019
7044
7020
#: serverguide/C/security.xml:566(para)
7045
#: serverguide/C/security.xml:551(para)
7021
7046
msgid "An extended syntax is available as well:"
7022
7047
msgstr "一种扩展语法也是可用的:"
7023
7048
7024
#: serverguide/C/security.xml:571(command)
7049
#: serverguide/C/security.xml:556(command)
7025
7050
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7026
7051
msgstr "ufw allow from 192.168.0.0/24 to any app Samba"
7027
7052
7028
#: serverguide/C/security.xml:574(para)
7053
#: serverguide/C/security.xml:559(para)
7029
7054
msgid ""
7030
7055
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7031
7056
"with the application profile you are using and the IP range for your network."
7033
7058
"使用您所使用的主机名和您的网络的IP地址范围代替应用程序预预设文件中的<emphasis>Samba</emphasis>和<emphasis>192.1"
7034
7059
"68.0.0/24</emphasis>。"
7035
7060
7036
#: serverguide/C/security.xml:580(para)
7061
#: serverguide/C/security.xml:565(para)
7037
7062
msgid ""
7038
7063
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7039
7064
"application, because that information is detailed in the profile. Also, note "
7043
7068
"对于应用程序来说,<emphasis>protocol</emphasis>并不需要特地的设置,因为信息被定义到了文件中。然后,注意我们使用<emphas"
7044
7069
"is>app</emphahsis>替换了<emphasis>port</emphasis>。"
7045
7070
7046
#: serverguide/C/security.xml:589(para)
7071
#: serverguide/C/security.xml:574(para)
7047
7072
msgid ""
7048
7073
"To view details about which ports, protocols, etc are defined for an "
7049
7074
"application, enter:"
7050
7075
msgstr "要查看关于端品,协议等细节来定义程序,键入:"
7051
7076
7052
#: serverguide/C/security.xml:594(command)
7077
#: serverguide/C/security.xml:579(command)
7053
7078
msgid "sudo ufw app info Samba"
7054
7079
msgstr "sudo ufw app info Samba"
7055
7080
7056
#: serverguide/C/security.xml:600(para)
7081
#: serverguide/C/security.xml:585(para)
7057
7082
msgid ""
7058
7083
"Not all applications that require opening a network port come with "
7059
7084
"<application>ufw</application> profiles, but if you have profiled an "
7061
7086
"bug against the package in Launchpad."
7062
7087
msgstr ""
7063
7088
7064
#: serverguide/C/security.xml:606(command)
7089
#: serverguide/C/security.xml:591(command)
7065
7090
msgid "ubuntu-bug nameofpackage"
7066
7091
msgstr ""
7067
7092
7068
#: serverguide/C/security.xml:612(title)
7093
#: serverguide/C/security.xml:597(title)
7069
7094
msgid "IP Masquerading"
7070
7095
msgstr "IP 伪装"
7071
7096
7072
#: serverguide/C/security.xml:613(para)
7097
#: serverguide/C/security.xml:598(para)
7073
7098
msgid ""
7074
7099
"The purpose of IP Masquerading is to allow machines with private, non-"
7075
7100
"routable IP addresses on your network to access the Internet through the "
7092
7117
"来保持那个连接是属于哪个机器的,并相应地对每个返回包重新做路由。发自您私有网络的流量就这样被伪装成源于您的网关机器。这一过程在 Microsoft "
7093
7118
"文档中被称为 Internet 连接共享。"
7094
7119
7095
#: serverguide/C/security.xml:629(title)
7120
#: serverguide/C/security.xml:614(title)
7096
7121
msgid "ufw Masquerading"
7097
7122
msgstr "ufw Masquerading"
7098
7123
7099
#: serverguide/C/security.xml:630(para)
7124
#: serverguide/C/security.xml:615(para)
7100
7125
msgid ""
7101
7126
"IP Masquerading can be achieved using custom <application>ufw</application> "
7102
7127
"rules. This is possible because the current back-end for "
7112
7137
"里。用户可以在这些文件中添加遗留 iptables 规则和与网关或网桥相关的规则,其中遗留 iptables 规则在没有 "
7113
7138
"<application>ufw</application> 的情况下也会被使用。"
7114
7139
7115
#: serverguide/C/security.xml:636(para)
7140
#: serverguide/C/security.xml:621(para)
7116
7141
msgid ""
7117
7142
"The rules are split into two different files, rules that should be executed "
7118
7143
"before <application>ufw</application> command line rules, and rules that are "
7119
7144
"executed after <application>ufw</application> command line rules."
7120
7145
msgstr "规则被分割为两个不同的文件,并且分别在<application>ufw</application>的命令行规则的前后被执行。"
7121
7146
7122
#: serverguide/C/security.xml:642(para)
7147
#: serverguide/C/security.xml:627(para)
7123
7148
msgid ""
7124
7149
"First, packet forwarding needs to be enabled in "
7125
7150
"<application>ufw</application>. Two configuration files will need to be "
7130
7155
"<filename>/etc/default/ufw</filename> "
7131
7156
"中需要调整<emphasis>DEFAULT_FORWARD_POLICY</emphasis> 为 <quote>ACCEPT</quote>"
7132
7157
7133
#: serverguide/C/security.xml:646(programlisting)
7158
#: serverguide/C/security.xml:631(programlisting)
7134
7159
#, no-wrap
7135
7160
msgid ""
7136
7161
"\n"
7139
7164
"\n"
7140
7165
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
7141
7166
7142
#: serverguide/C/security.xml:649(para)
7167
#: serverguide/C/security.xml:634(para)
7143
7168
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
7144
7169
msgstr "然后修改<filename>/etc/ufw/sysctl.conf</filename>,并注释掉:"
7145
7170
7146
#: serverguide/C/security.xml:652(programlisting)
7171
#: serverguide/C/security.xml:637(programlisting)
7147
7172
#, no-wrap
7148
7173
msgid ""
7149
7174
"\n"
7152
7177
"\n"
7153
7178
"net/ipv4/ip_forward=1\n"
7154
7179
7155
#: serverguide/C/security.xml:655(para)
7180
#: serverguide/C/security.xml:640(para)
7156
7181
msgid "Similarly, for IPv6 forwarding uncomment:"
7157
7182
msgstr "类似地,对IPv6的投递,注释掉:"
7158
7183
7159
#: serverguide/C/security.xml:658(programlisting)
7184
#: serverguide/C/security.xml:643(programlisting)
7160
7185
#, no-wrap
7161
7186
msgid ""
7162
7187
"\n"
7165
7190
"\n"
7166
7191
"net/ipv6/conf/default/forwarding=1\n"
7167
7192
7168
#: serverguide/C/security.xml:663(para)
7193
#: serverguide/C/security.xml:648(para)
7169
7194
msgid ""
7170
7195
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
7171
7196
"file. The default rules only configure the <emphasis>filter</emphasis> "
7177
7202
"lter</emphasis>表,如果需要启用伪装则需要配置<emphasis>nat</emphasis>表。请添加一下信息到配置文件紧跟在最头部注释的"
7178
7203
"后面。"
7179
7204
7180
#: serverguide/C/security.xml:668(programlisting)
7205
#: serverguide/C/security.xml:653(programlisting)
7181
7206
#, no-wrap
7182
7207
msgid ""
7183
7208
"\n"
7204
7229
"processed\n"
7205
7230
"COMMIT\n"
7206
7231
7207
#: serverguide/C/security.xml:679(para)
7232
#: serverguide/C/security.xml:664(para)
7208
7233
msgid ""
7209
7234
"The comments are not strictly necessary, but it is considered good practice "
7210
7235
"to document your configuration. Also, when modifying any of the "
7216
7241
"class=\"directory\">/etc/ufw</filename>文件任何<emphasis>rules</emphasis>的时候,确保这些"
7217
7242
"文字保留在每一处修改的后面。"
7218
7243
7219
#: serverguide/C/security.xml:685(programlisting)
7244
#: serverguide/C/security.xml:670(programlisting)
7220
7245
#, no-wrap
7221
7246
msgid ""
7222
7247
"\n"
7227
7252
"#不要删除'COMMIT'行,否则这些规则将不被处理\n"
7228
7253
"表示一个换行。在翻译的相应位置开始新的行\n"
7229
7254
7230
#: serverguide/C/security.xml:690(para)
7255
#: serverguide/C/security.xml:675(para)
7231
7256
msgid ""
7232
7257
"For each <emphasis>Table</emphasis> a corresponding "
7233
7258
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
7239
7264
"<emphasis>nat</emphasis> 和 <emphasis>filter</emphasis> 表,但您也可以为 "
7240
7265
"<emphasis>raw</emphasis> 和 <emphasis>mangle</emphasis> 表添加规则。"
7241
7266
7242
#: serverguide/C/security.xml:697(para)
7267
#: serverguide/C/security.xml:682(para)
7243
7268
msgid ""
7244
7269
"In the above example replace <emphasis>eth0</emphasis>, "
7245
7270
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
7248
7273
"在上面的例子中将<emphasis>eth0</emphasis>, <emphasis>eth1</emphasis>, 和 "
7249
7274
"<emphasis>192.168.0.0/24</emphasis>替换为你的网络的正确的设备和IP范围。"
7250
7275
7251
#: serverguide/C/security.xml:705(para)
7276
#: serverguide/C/security.xml:690(para)
7252
7277
msgid ""
7253
7278
"Finally, disable and re-enable <application>ufw</application> to apply the "
7254
7279
"changes:"
7255
7280
msgstr "最后,禁止并重新激活<application>ufw</application>来运用修改"
7256
7281
7257
#: serverguide/C/security.xml:709(command)
7282
#: serverguide/C/security.xml:694(command)
7258
7283
msgid "sudo ufw disable && sudo ufw enable"
7259
7284
msgstr "sudo ufw disable && sudo ufw enable"
7260
7285
7261
#: serverguide/C/security.xml:713(para)
7286
#: serverguide/C/security.xml:698(para)
7262
7287
msgid ""
7263
7288
"IP Masquerading should now be enabled. You can also add any additional "
7264
7289
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
7268
7293
"现在应该启用IP伪装。你还可以添加额外的更早的规则到<filename>/etc/ufw/before.rules</filename>。推荐将这些规则添"
7269
7294
"加到<emphasis>ufw-before-forward</emphasis>节点。"
7270
7295
7271
#: serverguide/C/security.xml:720(title)
7296
#: serverguide/C/security.xml:705(title)
7272
7297
msgid "iptables Masquerading"
7273
7298
msgstr "iptables 伪装"
7274
7299
7275
#: serverguide/C/security.xml:721(para)
7300
#: serverguide/C/security.xml:706(para)
7276
7301
msgid ""
7277
7302
"<application>iptables</application> can also be used to enable Masquerading."
7278
7303
msgstr ""
7279
7304
7280
#: serverguide/C/security.xml:726(para)
7305
#: serverguide/C/security.xml:711(para)
7281
7306
msgid ""
7282
7307
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
7283
7308
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
7286
7311
"类似于<application>ufw</application>,激活IPv4包投递的第一步是编辑<filename>/etc/sysctl.conf<"
7287
7312
"/filename>并注释掉以下行:"
7288
7313
7289
#: serverguide/C/security.xml:730(programlisting)
7314
#: serverguide/C/security.xml:715(programlisting)
7290
7315
#, no-wrap
7291
7316
msgid ""
7292
7317
"\n"
7295
7320
"\n"
7296
7321
"net.ipv4.ip_forward=1\n"
7297
7322
7298
#: serverguide/C/security.xml:733(para)
7323
#: serverguide/C/security.xml:718(para)
7299
7324
msgid "If you wish to enable IPv6 forwarding also uncomment:"
7300
7325
msgstr "如果你想激活IPv6投递,还要注释掉:"
7301
7326
7302
#: serverguide/C/security.xml:736(programlisting)
7327
#: serverguide/C/security.xml:721(programlisting)
7303
7328
#, no-wrap
7304
7329
msgid ""
7305
7330
"\n"
7308
7333
"\n"
7309
7334
"net.ipv6.conf.default.forwarding=1\n"
7310
7335
7311
#: serverguide/C/security.xml:741(para)
7336
#: serverguide/C/security.xml:726(para)
7312
7337
msgid ""
7313
7338
"Next, execute the <application>sysctl</application> command to enable the "
7314
7339
"new settings in the configuration file:"
7315
7340
msgstr "接下来,执行<application>sysctl</application>命令来激活配置文件中的新设置。"
7316
7341
7317
#: serverguide/C/security.xml:745(command)
7342
#: serverguide/C/security.xml:730(command)
7318
7343
msgid "sudo sysctl -p"
7319
7344
msgstr "sudo sysctl -p"
7320
7345
7321
#: serverguide/C/security.xml:749(para)
7346
#: serverguide/C/security.xml:734(para)
7322
7347
msgid ""
7323
7348
"IP Masquerading can now be accomplished with a single iptables rule, which "
7324
7349
"may differ slightly based on your network configuration:"
7325
7350
msgstr "如今根据一条iptables规则即可完成IP伪装,视您的网络而定,其配置可能略有不同。"
7326
7351
7327
#: serverguide/C/security.xml:752(screen)
7352
#: serverguide/C/security.xml:737(screen)
7328
7353
#, no-wrap
7329
7354
msgid ""
7330
7355
"\n"
7333
7358
"\n"
7334
7359
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7335
7360
7336
#: serverguide/C/security.xml:755(para)
7361
#: serverguide/C/security.xml:740(para)
7337
7362
msgid ""
7338
7363
"The above command assumes that your private address space is 192.168.0.0/16 "
7339
7364
"and that your Internet-facing device is ppp0. The syntax is broken down as "
7340
7365
"follows:"
7341
7366
msgstr "上面的命令假定您的个人地址空间是 192.168.0.0/16,同时您的网络连接设备是 ppp0。这个语法失效,如下所示:"
7342
7367
7343
#: serverguide/C/security.xml:760(para)
7368
#: serverguide/C/security.xml:745(para)
7344
7369
msgid "-t nat -- the rule is to go into the nat table"
7345
7370
msgstr "-t nat -- 该规则将进入 nat 表"
7346
7371
7347
#: serverguide/C/security.xml:761(para)
7372
#: serverguide/C/security.xml:746(para)
7348
7373
msgid ""
7349
7374
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
7350
7375
msgstr "-A POSTROUTING -- 该规则将被追加 (-A) 到 POSTROUTING 链"
7351
7376
7352
#: serverguide/C/security.xml:762(para)
7377
#: serverguide/C/security.xml:747(para)
7353
7378
msgid ""
7354
7379
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
7355
7380
"specified address space"
7356
7381
msgstr "-s 192.168.0.0/16 -- 该规则将被应用在源自指定地址空间的流量上"
7357
7382
7358
#: serverguide/C/security.xml:763(para)
7383
#: serverguide/C/security.xml:748(para)
7359
7384
msgid ""
7360
7385
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
7361
7386
"specified network device"
7362
7387
msgstr "-o ppp0 -- 该规则应用于计划通过指定网络设备的流量。"
7363
7388
7364
#: serverguide/C/security.xml:765(para)
7389
#: serverguide/C/security.xml:750(para)
7365
7390
msgid ""
7366
7391
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
7367
7392
"MASQUERADE target to be manipulated as described above"
7368
7393
msgstr "-j MASQUERADE -- 匹配该规则的流量将如上所述 \"跳转\" (-j) 到 MASQUERADE (伪装) 目标。"
7369
7394
7370
#: serverguide/C/security.xml:773(para)
7395
#: serverguide/C/security.xml:758(para)
7371
7396
msgid ""
7372
7397
"Also, each chain in the filter table (the default table, and where most or "
7373
7398
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7380
7405
"<emphasis>策略(policy)</emphasis>,但如果您是为网关设备添加防火墙,那么您可能会将这些策略设置为 DROP 或 "
7381
7406
"REJECT。在这种情况下您伪装过的数据流需要允许通过 FORWARD 链,以使得上述规则正确执行。"
7382
7407
7383
#: serverguide/C/security.xml:780(screen)
7408
#: serverguide/C/security.xml:765(screen)
7384
7409
#, no-wrap
7385
7410
msgid ""
7386
7411
"\n"
7389
7414
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
7390
7415
msgstr ""
7391
7416
7392
#: serverguide/C/security.xml:785(para)
7417
#: serverguide/C/security.xml:770(para)
7393
7418
msgid ""
7394
7419
"The above commands will allow all connections from your local network to the "
7395
7420
"Internet and all traffic related to those connections to return to the "
7396
7421
"machine that initiated them."
7397
7422
msgstr "上面的命令将允许从你的本地网络到互联网的所有连接,以及和这些连接相关的、返回产生它们的计算机的所有流量。"
7398
7423
7399
#: serverguide/C/security.xml:792(para)
7424
#: serverguide/C/security.xml:777(para)
7400
7425
msgid ""
7401
7426
"If you want masquerading to be enabled on reboot, which you probably do, "
7402
7427
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
7405
7430
"如果您想在重启以后应用IP伪装,您可能需要编辑<filename>/etc/rc.local</filename>并加入上面使用的任一命令。例如加入没有过"
7406
7431
"滤的第一条命令:"
7407
7432
7408
#: serverguide/C/security.xml:796(screen)
7433
#: serverguide/C/security.xml:781(screen)
7409
7434
#, no-wrap
7410
7435
msgid ""
7411
7436
"\n"
7414
7439
"\n"
7415
7440
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7416
7441
7417
#: serverguide/C/security.xml:804(title)
7442
#: serverguide/C/security.xml:789(title)
7418
7443
msgid "Logs"
7419
7444
msgstr "日志"
7420
7445
7421
#: serverguide/C/security.xml:805(para)
7446
#: serverguide/C/security.xml:790(para)
7422
7447
msgid ""
7423
7448
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7424
7449
"firewall rules, and noticing unusual activity on your network. You must "
7430
7455
"防火墙日志对于识别攻击、调试防火墙规则和发现你网络上不正常活动方面非常重要。一定要在防火墙里包含日志生成规则并且日志规则一定是在任何终结性规则之前使用(用"
7431
7456
"来觉得字节包裹命运:如ACCEPT, DROP 或者 REJECT)。"
7432
7457
7433
#: serverguide/C/security.xml:812(para)
7458
#: serverguide/C/security.xml:797(para)
7434
7459
msgid ""
7435
7460
"If you are using <application>ufw</application>, you can turn on logging by "
7436
7461
"entering the following in a terminal:"
7437
7462
msgstr "如果你在使用<application>ufw</application>,你可以在终端输入以下内容以开启登录:"
7438
7463
7439
#: serverguide/C/security.xml:816(command)
7464
#: serverguide/C/security.xml:801(command)
7440
7465
msgid "sudo ufw logging on"
7441
7466
msgstr "sudo ufw logging on"
7442
7467
7443
#: serverguide/C/security.xml:818(para)
7468
#: serverguide/C/security.xml:803(para)
7444
7469
msgid ""
7445
7470
"To turn logging off in <application>ufw</application>, simply replace "
7446
7471
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7449
7474
"为退出登录<application>ufw</application>,在以上命令中用<emphasis "
7450
7475
"role=\"italic\">off</emphasis>替换<emphasis role=\"italic\">on</emphasis>即可。"
7451
7476
7452
#: serverguide/C/security.xml:821(para)
7477
#: serverguide/C/security.xml:806(para)
7453
7478
msgid ""
7454
7479
"If using <application>iptables</application> instead of "
7455
7480
"<application>ufw</application>, enter:"
7457
7482
"如果您要使用<application>ufw</application>来代替<application>iptables</application>,请输"
7458
7483
"入:"
7459
7484
7460
#: serverguide/C/security.xml:824(screen)
7485
#: serverguide/C/security.xml:809(screen)
7461
7486
#, no-wrap
7462
7487
msgid ""
7463
7488
"\n"
7465
7490
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
7466
7491
msgstr ""
7467
7492
7468
#: serverguide/C/security.xml:828(para)
7493
#: serverguide/C/security.xml:813(para)
7469
7494
msgid ""
7470
7495
"A request on port 80 from the local machine, then, would generate a log in "
7471
7496
"dmesg that looks like this (single line split into 3 to fit this document):"
7481
7506
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
7482
7507
msgstr ""
7483
7508
7484
#: serverguide/C/security.xml:836(para)
7509
#: serverguide/C/security.xml:822(para)
7485
7510
msgid ""
7486
7511
"The above log will also appear in <filename>/var/log/messages</filename>, "
7487
7512
"<filename>/var/log/syslog</filename>, and "
7498
7523
"or <application>lire</application>."
7499
7524
msgstr ""
7500
7525
7501
#: serverguide/C/security.xml:851(title)
7526
#: serverguide/C/security.xml:837(title)
7502
7527
msgid "Other Tools"
7503
7528
msgstr "其它工具"
7504
7529
7505
#: serverguide/C/security.xml:852(para)
7530
#: serverguide/C/security.xml:838(para)
7506
7531
msgid ""
7507
7532
"There are many tools available to help you construct a complete firewall "
7508
7533
"without intimate knowledge of iptables. For the GUI-inclined:"
7509
7534
msgstr "有许多工具可以帮助你不用深奥的iptables的知识就创建一个完整的防火墙。图形操作界面的有:"
7510
7535
7511
#: serverguide/C/security.xml:858(para)
7536
#: serverguide/C/security.xml:844(para)
7512
7537
msgid ""
7513
7538
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7514
7539
"and will look familiar to an administrator who has used a commercial "
7518
7543
"url=\"http://www.fwbuilder.org/\">fwbuilder</ulink>功能很强大,使用过类似于<application>C"
7519
7544
"heckpoint FireWall-1</application>等商业防火墙软件的管理员会对它很面熟。"
7520
7545
7521
#: serverguide/C/security.xml:864(para)
7546
#: serverguide/C/security.xml:850(para)
7522
7547
msgid ""
7523
7548
"If you prefer a command-line tool with plain-text configuration files:"
7524
7549
msgstr "如果你更倾向于使用有纯文本配置文件的命令行工具:"
7525
7550
7526
#: serverguide/C/security.xml:869(para)
7551
#: serverguide/C/security.xml:855(para)
7527
7552
msgid ""
7528
7553
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7529
7554
"powerful solution to help you configure an advanced firewall for any network."
7532
7557
"url=\"http://www.shorewall.net/\">Shorewall</ulink>是一个非常强大的帮助你配置高级防火墙的解决方案,它适"
7533
7558
"合于任何类型的网络。"
7534
7559
7535
#: serverguide/C/security.xml:880(para)
7560
#: serverguide/C/security.xml:866(para)
7536
7561
msgid ""
7537
7562
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7538
7563
"Firewall</ulink> wiki page contains information on the development of "
7539
7564
"<application>ufw</application>."
7540
7565
msgstr ""
7541
7566
7542
#: serverguide/C/security.xml:886(para)
7567
#: serverguide/C/security.xml:872(para)
7543
7568
msgid ""
7544
7569
"Also, the <application>ufw</application> manual page contains some very "
7545
7570
"useful information: <command>man ufw</command>."
7546
7571
msgstr ""
7547
7572
"同时,<application>ufw</application>的使用手册包含了一些非常有用的内容:<command>man ufw</command>"
7548
7573
7549
#: serverguide/C/security.xml:891(para)
7574
#: serverguide/C/security.xml:877(para)
7550
7575
msgid ""
7551
7576
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7552
7577
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7556
7581
"url=\"http://www.netfilter.org/documentation/HOWTO/packet-filtering-"
7557
7582
"HOWTO.html\">packet-filtering-HOWTO</ulink>。"
7558
7583
7559
#: serverguide/C/security.xml:897(para)
7584
#: serverguide/C/security.xml:883(para)
7560
7585
msgid ""
7561
7586
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7562
7587
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7564
7589
"<ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7565
7590
"HOWTO.html\">nat-HOWTO</ulink>包含了有关伪装地址的更多细节。"
7566
7591
7567
#: serverguide/C/security.xml:903(para)
7592
#: serverguide/C/security.xml:889(para)
7568
7593
msgid ""
7569
7594
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7570
7595
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7571
7596
msgstr ""
7572
7597
7573
#: serverguide/C/security.xml:911(title)
7598
#: serverguide/C/security.xml:897(title)
7574
7599
msgid "AppArmor"
7575
7600
msgstr "AppArmor"
7576
7601
7577
#: serverguide/C/security.xml:912(para)
7602
#: serverguide/C/security.xml:898(para)
7578
7603
msgid ""
7579
7604
"<application>AppArmor</application> is a Linux Security Module "
7580
7605
"implementation of name-based mandatory access controls. AppArmor confines "
7584
7609
"<application>AppArmor</application> 是一个实施了基于名称强制存取控制的Linux安全模组。AppArmor "
7585
7610
"界定了单个程序进入一组文件列表的权限并遵循posix 1003.1e 草稿的能力。"
7586
7611
7587
#: serverguide/C/security.xml:916(para)
7612
#: serverguide/C/security.xml:902(para)
7588
7613
msgid ""
7589
7614
"<application>AppArmor</application> is installed and loaded by default. It "
7590
7615
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7596
7621
"phasis>来确定这个程序需要什么文件和权限。有些包会安装它们自己的profiles,额外的profiles可以在<application>apparm"
7597
7622
"or-profiles</application>包里找到。"
7598
7623
7599
#: serverguide/C/security.xml:921(para)
7624
#: serverguide/C/security.xml:907(para)
7600
7625
msgid ""
7601
7626
"To install the <application>apparmor-profiles</application> package from a "
7602
7627
"terminal prompt:"
7603
7628
msgstr "要安装<application>apparmor-profiles</application>软件包,在终端输入:"
7604
7629
7605
#: serverguide/C/security.xml:925(command)
7630
#: serverguide/C/security.xml:911(command)
7606
7631
msgid "sudo apt-get install apparmor-profiles"
7607
7632
msgstr "sudo apt-get install apparmor-profiles"
7608
7633
7609
#: serverguide/C/security.xml:927(para)
7634
#: serverguide/C/security.xml:913(para)
7610
7635
msgid "AppArmor profiles have two modes of execution:"
7611
7636
msgstr "AppArmor配置文件有两种执行模式:"
7612
7637
7613
#: serverguide/C/security.xml:932(para)
7638
#: serverguide/C/security.xml:918(para)
7614
7639
msgid ""
7615
7640
"Complaining/Learning: profile violations are permitted and logged. Useful "
7616
7641
"for testing and developing new profiles."
7617
7642
msgstr "投诉/学习: 允许并记录配置文件的冲突。对于测试并开发新的配置文件有用途。"
7618
7643
7619
#: serverguide/C/security.xml:937(para)
7644
#: serverguide/C/security.xml:923(para)
7620
7645
msgid ""
7621
7646
"Enforced/Confined: enforces profile policy as well as logging the violation."
7622
7647
msgstr "强制/受限:强制配置策略及违规记录。"
7623
7648
7624
#: serverguide/C/security.xml:943(title)
7649
#: serverguide/C/security.xml:929(title)
7625
7650
msgid "Using AppArmor"
7626
7651
msgstr "使用 AppArmor"
7627
7652
7628
#: serverguide/C/security.xml:944(para)
7653
#: serverguide/C/security.xml:945(para)
7654
msgid ""
7655
"This section is plagued by a bug (<ulink "
7656
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7657
"#1304134</ulink>) and instructions will not work as advertised."
7658
msgstr ""
7659
7660
#: serverguide/C/security.xml:930(para)
7629
7661
msgid ""
7630
7662
"The <application>apparmor-utils</application> package contains command line "
7631
7663
"utilities that you can use to change the <application>AppArmor</application> "
7635
7667
"utils</application>软件包包含一些命令行工具,使用它们您可以更改<application>AppArmor</application>的"
7636
7668
"执行模式、查看配置文件的状态、创建新的配置文件等等。"
7637
7669
7638
#: serverguide/C/security.xml:950(para)
7670
#: serverguide/C/security.xml:936(para)
7639
7671
msgid ""
7640
7672
"<application>apparmor_status</application> is used to view the current "
7641
7673
"status of AppArmor profiles."
7642
7674
msgstr "<application>apparmor_status</application>是用来查看AppArmor配置文件的当前状态的。"
7643
7675
7644
#: serverguide/C/security.xml:954(command)
7676
#: serverguide/C/security.xml:940(command)
7645
7677
msgid "sudo apparmor_status"
7646
7678
msgstr "sudo apparmor_status"
7647
7679
7648
#: serverguide/C/security.xml:958(para)
7680
#: serverguide/C/security.xml:944(para)
7649
7681
msgid ""
7650
7682
"<application>aa-complain</application> places a profile into "
7651
7683
"<emphasis>complain</emphasis> mode."
7653
7685
"<application>aa-"
7654
7686
"complain</application>将一个配置文件置入<emphasis>complain</emphasis>模式。"
7655
7687
7656
#: serverguide/C/security.xml:962(command)
7688
#: serverguide/C/security.xml:948(command)
7657
7689
msgid "sudo aa-complain /path/to/bin"
7658
7690
msgstr "sudo aa-complain /path/to/bin"
7659
7691
7660
#: serverguide/C/security.xml:966(para)
7692
#: serverguide/C/security.xml:952(para)
7661
7693
msgid ""
7662
7694
"<application>aa-enforce</application> places a profile into "
7663
7695
"<emphasis>enforce</emphasis> mode."
7664
7696
msgstr ""
7665
7697
"<application>aa-enforce</application>将一个配置文件置入<emphasis>enforce</emphasis>模式。"
7666
7698
7667
#: serverguide/C/security.xml:970(command)
7699
#: serverguide/C/security.xml:956(command)
7668
7700
msgid "sudo aa-enforce /path/to/bin"
7669
7701
msgstr "sudo aa-enforce /path/to/bin"
7670
7702
7671
#: serverguide/C/security.xml:974(para)
7703
#: serverguide/C/security.xml:960(para)
7672
7704
msgid ""
7673
7705
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7674
7706
"profiles are located. It can be used to manipulate the "
7677
7709
"<filename>/etc/apparmor.d</filename>目录是AppArmor配置文件的所在之处。可用来操作所有配置文件的<emphasi"
7678
7710
"s>模式mode</emphasis>。"
7679
7711
7680
#: serverguide/C/security.xml:978(para)
7712
#: serverguide/C/security.xml:964(para)
7681
7713
msgid "Enter the following to place all profiles into complain mode:"
7682
7714
msgstr "要将所有配置文件置入complain模式,输入:"
7683
7715
7684
#: serverguide/C/security.xml:982(command)
7716
#: serverguide/C/security.xml:968(command)
7685
7717
msgid "sudo aa-complain /etc/apparmor.d/*"
7686
7718
msgstr "sudo aa-complain /etc/apparmor.d/*"
7687
7719
7688
#: serverguide/C/security.xml:984(para)
7720
#: serverguide/C/security.xml:970(para)
7689
7721
msgid "To place all profiles in enforce mode:"
7690
7722
msgstr "要将所有配置文件置入enforce模式:"
7691
7723
7692
#: serverguide/C/security.xml:988(command)
7724
#: serverguide/C/security.xml:974(command)
7693
7725
msgid "sudo aa-enforce /etc/apparmor.d/*"
7694
7726
msgstr "sudo aa-enforce /etc/apparmor.d/*"
7695
7727
7696
#: serverguide/C/security.xml:992(para)
7728
#: serverguide/C/security.xml:978(para)
7697
7729
msgid ""
7698
7730
"<application>apparmor_parser</application> is used to load a profile into "
7699
7731
"the kernel. It can also be used to reload a currently loaded profile using "
7702
7734
"<application>apparmor_parser</application>用来将一个配置文件载入内核。它也可以通过使用<emphasis>-"
7703
7735
"r</emphasis>选项来重新载入当前已载入的配置文件。要载入一个配置文件:"
7704
7736
7705
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7737
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7706
7738
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7707
7739
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7708
7740
7709
#: serverguide/C/security.xml:999(para)
7741
#: serverguide/C/security.xml:985(para)
7710
7742
msgid "To reload a profile:"
7711
7743
msgstr "要重新载入一个配置文件:"
7712
7744
7713
#: serverguide/C/security.xml:1003(command)
7745
#: serverguide/C/security.xml:989(command)
7714
7746
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7715
7747
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7716
7748
7717
#: serverguide/C/security.xml:1007(para)
7749
#: serverguide/C/security.xml:1013(para)
7718
7750
msgid ""
7719
7751
"<filename>service apparmor</filename> can be used to "
7720
7752
"<emphasis>reload</emphasis> all profiles:"
7721
7753
msgstr ""
7722
7754
7723
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7755
#: serverguide/C/network-auth.xml:964(command)
7724
7756
msgid "sudo service apparmor reload"
7725
7757
msgstr ""
7726
7758
7727
#: serverguide/C/security.xml:1015(para)
7759
#: serverguide/C/security.xml:1001(para)
7728
7760
msgid ""
7729
7761
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7730
7762
"with the <application>apparmor_parser -R</application> option to "
7734
7766
"<filename>/etc/apparmor.d/disable</filename>目录可以和<application>apparmor_parser"
7735
7767
" -R</application>选项一起使用以<emphasis>禁用</emphasis>一个配置文件。"
7736
7768
7737
#: serverguide/C/security.xml:1020(command)
7769
#: serverguide/C/security.xml:1006(command)
7738
7770
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7739
7771
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7740
7772
7741
#: serverguide/C/security.xml:1021(command)
7773
#: serverguide/C/security.xml:1007(command)
7742
7774
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7743
7775
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7744
7776
7745
#: serverguide/C/security.xml:1023(para)
7777
#: serverguide/C/security.xml:1009(para)
7746
7778
msgid ""
7747
7779
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7748
7780
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7752
7784
"<filename>/etc/apparmor.d/disable/</filename>里删除到其配置文件的软链接。然后使用选项 <emphasis>-"
7753
7785
"a</emphasis>载入配置文件。"
7754
7786
7755
#: serverguide/C/security.xml:1028(command)
7787
#: serverguide/C/security.xml:1014(command)
7756
7788
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7757
7789
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
7758
7790
7759
#: serverguide/C/security.xml:1033(para)
7791
#: serverguide/C/security.xml:1019(para)
7760
7792
msgid ""
7761
7793
"<application>AppArmor</application> can be disabled, and the kernel module "
7762
7794
"unloaded by entering the following:"
7763
7795
msgstr "<application>AppArmor</application>可以被禁用,其内核模块可以通过输入以下命令卸载:"
7764
7796
7765
#: serverguide/C/security.xml:1037(command)
7797
#: serverguide/C/security.xml:1043(command)
7766
7798
msgid "sudo service apparmor stop"
7767
7799
msgstr ""
7768
7800
7769
#: serverguide/C/security.xml:1038(command)
7801
#: serverguide/C/security.xml:1024(command)
7770
7802
msgid "sudo update-rc.d -f apparmor remove"
7771
7803
msgstr "sudo update-rc.d -f apparmor remove"
7772
7804
7773
#: serverguide/C/security.xml:1042(para)
7805
#: serverguide/C/security.xml:1028(para)
7774
7806
msgid "To re-enable <application>AppArmor</application> enter:"
7775
7807
msgstr "要重新启用<application>AppArmor</application>,输入:"
7776
7808
7777
#: serverguide/C/security.xml:1046(command)
7809
#: serverguide/C/security.xml:1052(command)
7778
7810
msgid "sudo service apparmor start"
7779
7811
msgstr ""
7780
7812
7781
#: serverguide/C/security.xml:1047(command)
7813
#: serverguide/C/security.xml:1033(command)
7782
7814
msgid "sudo update-rc.d apparmor defaults"
7783
7815
msgstr "sudo update-rc.d apparmor defaults"
7784
7816
7785
#: serverguide/C/security.xml:1052(para)
7817
#: serverguide/C/security.xml:1038(para)
7786
7818
msgid ""
7787
7819
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7788
7820
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7793
7825
">/path/to/bin/</filename>。例如,使用<filename>/bin/ping</filename>来替代<application>"
7794
7826
"ping</application>"
7795
7827
7796
#: serverguide/C/security.xml:1060(title)
7828
#: serverguide/C/security.xml:1046(title)
7797
7829
msgid "Profiles"
7798
7830
msgstr "配置文件"
7799
7831
7800
#: serverguide/C/security.xml:1061(para)
7832
#: serverguide/C/security.xml:1047(para)
7801
7833
msgid ""
7802
7834
"<application>AppArmor</application> profiles are simple text files located "
7803
7835
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7806
7838
"profile for the <filename>/bin/ping</filename> command."
7807
7839
msgstr ""
7808
7840
7809
#: serverguide/C/security.xml:1067(para)
7841
#: serverguide/C/security.xml:1053(para)
7810
7842
msgid "There are two main type of rules used in profiles:"
7811
7843
msgstr "在配置文件中,主要有两种类型的规则"
7812
7844
7813
#: serverguide/C/security.xml:1072(para)
7845
#: serverguide/C/security.xml:1058(para)
7814
7846
msgid ""
7815
7847
"<emphasis>Path entries:</emphasis> which detail which files an application "
7816
7848
"can access in the file system."
7817
7849
msgstr "<emphasis>路径 项:</emphasis> 指定文件系统中哪些文件是一个应用程序可以访问的。"
7818
7850
7819
#: serverguide/C/security.xml:1077(para)
7851
#: serverguide/C/security.xml:1063(para)
7820
7852
msgid ""
7821
7853
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7822
7854
"confined process is allowed to use."
7823
7855
msgstr ""
7824
7856
7825
#: serverguide/C/security.xml:1082(para)
7857
#: serverguide/C/security.xml:1068(para)
7826
7858
msgid ""
7827
7859
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7828
7860
msgstr "作为一个例子来看看<filename>/etc/apparmor.d/bin.ping</filename>:"
7829
7861
7830
#: serverguide/C/security.xml:1085(programlisting)
7862
#: serverguide/C/security.xml:1071(programlisting)
7831
7863
#, no-wrap
7832
7864
msgid ""
7833
7865
"\n"
7860
7892
" /etc/modules.conf r,\n"
7861
7893
"}\n"
7862
7894
7863
#: serverguide/C/security.xml:1102(para)
7895
#: serverguide/C/security.xml:1088(para)
7864
7896
msgid ""
7865
7897
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7866
7898
"from other files. This allows statements pertaining to multiple applications "
7870
7902
"<tunables/global>:</emphasis>包含了来自另外文件的声明。这样做使得来自不同应用程序的相关声明都被放置在同一个文件中"
7871
7903
"。"
7872
7904
7873
#: serverguide/C/security.xml:1108(para)
7905
#: serverguide/C/security.xml:1094(para)
7874
7906
msgid ""
7875
7907
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7876
7908
"program, also setting the mode to <emphasis>complain</emphasis>."
7877
7909
msgstr ""
7878
7910
7879
#: serverguide/C/security.xml:1114(para)
7911
#: serverguide/C/security.xml:1100(para)
7880
7912
msgid ""
7881
7913
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7882
7914
"the CAP_NET_RAW Posix.1e capability."
7883
7915
msgstr ""
7884
7916
"<emphasis>capability net_raw,:</emphasis> 允许程序拥有连接 CAP_NET_RAW Posix.1e 的能力。"
7885
7917
7886
#: serverguide/C/security.xml:1119(para)
7918
#: serverguide/C/security.xml:1105(para)
7887
7919
msgid ""
7888
7920
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7889
7921
"execute access to the file."
7890
7922
msgstr "<emphasis>/bin/ping mixr,:</emphasis> 允许应用程序读取和执行该文件。"
7891
7923
7892
#: serverguide/C/security.xml:1125(para)
7924
#: serverguide/C/security.xml:1111(para)
7893
7925
msgid ""
7894
7926
"After editing a profile file the profile must be reloaded. See <xref "
7895
7927
"linkend=\"apparmor-usage\"/> for details."
7896
7928
msgstr "编辑配置文件后必须重新载入配置文件。参看<xref linkend=\"apparmor-usage\"/> 获取详情"
7897
7929
7898
#: serverguide/C/security.xml:1130(title)
7930
#: serverguide/C/security.xml:1116(title)
7899
7931
msgid "Creating a Profile"
7900
7932
msgstr "创建配置文件"
7901
7933
7902
#: serverguide/C/security.xml:1133(para)
7934
#: serverguide/C/security.xml:1119(para)
7903
7935
msgid ""
7904
7936
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7905
7937
"application should be exercised. The test plan should be divided into small "
7909
7941
"<emphasis>设计测试计划:</emphasis> "
7910
7942
"试着思考应用程序会怎样运行。测试计划可以分解为小的测试用例。对每个测试用例,应该有个简短的描述,并列出应该执行的步骤。"
7911
7943
7912
#: serverguide/C/security.xml:1137(para)
7944
#: serverguide/C/security.xml:1123(para)
7913
7945
msgid "Some standard test cases are:"
7914
7946
msgstr "一些标准的测试情况是:"
7915
7947
7916
#: serverguide/C/security.xml:1142(para)
7948
#: serverguide/C/security.xml:1128(para)
7917
7949
msgid "Starting the program."
7918
7950
msgstr "启动程序。"
7919
7951
7920
#: serverguide/C/security.xml:1147(para)
7952
#: serverguide/C/security.xml:1133(para)
7921
7953
msgid "Stopping the program."
7922
7954
msgstr "停止程序。"
7923
7955
7924
#: serverguide/C/security.xml:1152(para)
7956
#: serverguide/C/security.xml:1138(para)
7925
7957
msgid "Reloading the program."
7926
7958
msgstr "重新载入程序。"
7927
7959
7928
#: serverguide/C/security.xml:1157(para)
7960
#: serverguide/C/security.xml:1143(para)
7929
7961
msgid "Testing all the commands supported by the init script."
7930
7962
msgstr "测试所有init脚本支持的命令。"
7931
7963
7932
#: serverguide/C/security.xml:1164(para)
7964
#: serverguide/C/security.xml:1150(para)
7933
7965
msgid ""
7934
7966
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7935
7967
"genprof</application> to generate a new profile. From a terminal:"
7937
7969
"<emphasis>生成新配置文件:</emphasis> 使用 <application>aa-genprof</application> "
7938
7970
"生成新的配置文件。在终端输入:"
7939
7971
7940
#: serverguide/C/security.xml:1169(command)
7972
#: serverguide/C/security.xml:1155(command)
7941
7973
msgid "sudo aa-genprof executable"
7942
7974
msgstr "sudo aa-genprof executable"
7943
7975
7944
#: serverguide/C/security.xml:1171(para)
7976
#: serverguide/C/security.xml:1157(para)
7945
7977
msgid "For example:"
7946
7978
msgstr "例如:"
7947
7979
7948
#: serverguide/C/security.xml:1175(command)
7980
#: serverguide/C/security.xml:1161(command)
7949
7981
msgid "sudo aa-genprof slapd"
7950
7982
msgstr "sudo aa-genprof slapd"
7951
7983
7952
#: serverguide/C/security.xml:1179(para)
7984
#: serverguide/C/security.xml:1165(para)
7953
7985
msgid ""
7954
7986
"To get your new profile included in the <application>apparmor-"
7955
7987
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7962
7994
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
7963
7995
"/ulink>发一个bug报告:"
7964
7996
7965
#: serverguide/C/security.xml:1186(para)
7997
#: serverguide/C/security.xml:1172(para)
7966
7998
msgid "Include your test plan and test cases."
7967
7999
msgstr "包含您的测试计划和测试用例。"
7968
8000
7969
#: serverguide/C/security.xml:1191(para)
8001
#: serverguide/C/security.xml:1177(para)
7970
8002
msgid "Attach your new profile to the bug."
7971
8003
msgstr "在bug报告里附上你的新配置文件。"
7972
8004
7973
#: serverguide/C/security.xml:1200(title)
8005
#: serverguide/C/security.xml:1186(title)
7974
8006
msgid "Updating Profiles"
7975
8007
msgstr "更新配置文件"
7976
8008
7977
#: serverguide/C/security.xml:1201(para)
8009
#: serverguide/C/security.xml:1187(para)
7978
8010
msgid ""
7979
8011
"When the program is misbehaving, audit messages are sent to the log files. "
7980
8012
"The program <application>aa-logprof</application> can be used to scan log "
7982
8014
"and update the profiles. From a terminal:"
7983
8015
msgstr ""
7984
8016
7985
#: serverguide/C/security.xml:1206(command)
8017
#: serverguide/C/security.xml:1192(command)
7986
8018
msgid "sudo aa-logprof"
7987
8019
msgstr "sudo aa-logprof"
7988
8020
7989
#: serverguide/C/security.xml:1214(para)
8021
#: serverguide/C/security.xml:1200(para)
7990
8022
msgid ""
7991
8023
"See the <ulink "
7992
8024
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7999
8031
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8000
8032
"r_admin.html\">AppArmor 管理指南</ulink>找到高级配置选项。"
8001
8033
8002
#: serverguide/C/security.xml:1221(para)
8034
#: serverguide/C/security.xml:1207(para)
8003
8035
msgid ""
8004
8036
"For details using AppArmor with other Ubuntu releases see the <ulink "
8005
8037
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8009
8041
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8010
8042
"Wiki</ulink>"
8011
8043
8012
#: serverguide/C/security.xml:1229(para)
8044
#: serverguide/C/security.xml:1215(para)
8013
8045
msgid ""
8014
8046
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
8015
8047
"AppArmor</ulink> page is another introduction to AppArmor."
8016
8048
msgstr ""
8017
8049
8018
#: serverguide/C/security.xml:1236(para)
8050
#: serverguide/C/security.xml:1222(para)
8019
8051
msgid ""
8020
8052
"A great place to ask for <application>AppArmor</application> assistance, and "
8021
8053
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8025
8057
"在 <ulink url=\"http://freenode.net\">freenode</ulink> 上的 <emphasis>#ubuntu-"
8026
8058
"server</emphasis> IRC 聊天频道是一个寻求AppArmor帮助和参与Ubuntu Server社区的一个好地方。"
8027
8059
8028
#: serverguide/C/security.xml:1246(title)
8060
#: serverguide/C/security.xml:1232(title)
8029
8061
msgid "Certificates"
8030
8062
msgstr "证书"
8031
8063
8032
#: serverguide/C/security.xml:1247(para)
8064
#: serverguide/C/security.xml:1233(para)
8033
8065
msgid ""
8034
8066
"One of the most common forms of cryptography today is <emphasis>public-"
8035
8067
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8042
8074
"一个<emphasis>私钥</emphasis>来完成加解密。系统使用公钥来<emphasis>加密</emphasis>信息,加密后的信息只有用<em"
8043
8075
"phasis>私钥</emphasis>才可以解密。"
8044
8076
8045
#: serverguide/C/security.xml:1253(para)
8077
#: serverguide/C/security.xml:1239(para)
8046
8078
msgid ""
8047
8079
"A common use for public-key cryptography is encrypting application traffic "
8048
8080
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8053
8085
"一个公开密钥加密的普遍用法是使用SSL或者TLS加密应用程序传输的数据。例如,配置Apache提供HTTPS(HTTP over "
8054
8086
"SSL)。这样可以提供一种方式来加密不自己实现加密机制的协议产生的流量。"
8055
8087
8056
#: serverguide/C/security.xml:1258(para)
8088
#: serverguide/C/security.xml:1244(para)
8057
8089
msgid ""
8058
8090
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8059
8091
"<emphasis>public key</emphasis> and other information about a server and the "
8065
8097
"<emphasis>数字证书</emphasis>是一种传播公钥和关于服务器以及对其负责的组织的信息的一种方式。数字证书可以被<emphasis>证书认证"
8066
8098
"机构(CA)</emphasis>签名。CA是一个被信任的第三方机构,用来保证被签名的数字证书内所包含的信息是准确有效的。"
8067
8099
8068
#: serverguide/C/security.xml:1265(title)
8100
#: serverguide/C/security.xml:1251(title)
8069
8101
msgid "Types of Certificates"
8070
8102
msgstr "证书类型"
8071
8103
8072
#: serverguide/C/security.xml:1266(para)
8104
#: serverguide/C/security.xml:1252(para)
8073
8105
msgid ""
8074
8106
"To set up a secure server using public-key cryptography, in most cases, you "
8075
8107
"send your certificate request (including your public key), proof of your "
8082
8114
"定的费用 "
8083
8115
"(2)CA验证你的证书请求和身份,并且使用它的私钥签名,制作成证书发回来。或者,你可以自己创建一个<emphasis>自签名<emphasis>的证书。"
8084
8116
8085
#: serverguide/C/security.xml:1276(para)
8117
#: serverguide/C/security.xml:1262(para)
8086
8118
msgid ""
8087
8119
"Note, that self-signed certificates should not be used in most production "
8088
8120
"environments."
8089
8121
msgstr "注意, 自签名的证书不应当被用在生产环境上。"
8090
8122
8091
#: serverguide/C/security.xml:1280(para)
8123
#: serverguide/C/security.xml:1266(para)
8092
8124
msgid ""
8093
8125
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8094
8126
"capabilities that a self-signed certificate does not:"
8095
8127
msgstr "继续HTTPS的例子,一个CA签署的证书可以提供两个自签名证书不能提供的重要的能力:"
8096
8128
8097
#: serverguide/C/security.xml:1287(para)
8129
#: serverguide/C/security.xml:1273(para)
8098
8130
msgid ""
8099
8131
"Browsers (usually) automatically recognize the certificate and allow a "
8100
8132
"secure connection to be made without prompting the user."
8101
8133
msgstr "浏览器 (通常) 会自动地识别证书并且在不提示用户的情况下允许创建一个安全连接。"
8102
8134
8103
#: serverguide/C/security.xml:1294(para)
8135
#: serverguide/C/security.xml:1280(para)
8104
8136
msgid ""
8105
8137
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8106
8138
"the organization that is providing the web pages to the browser."
8107
8139
msgstr "当一个 CA 生成一个签署过的证书,它为提供网页给浏览器的组织提供身份担保。"
8108
8140
8109
#: serverguide/C/security.xml:1302(para)
8141
#: serverguide/C/security.xml:1308(para)
8110
8142
msgid ""
8111
8143
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8112
8144
"certificates they automatically accept. If a browser encounters a "
8115
8147
"may generate an error message when using a self-signed certificate."
8116
8148
msgstr ""
8117
8149
8118
#: serverguide/C/security.xml:1310(para)
8150
#: serverguide/C/security.xml:1296(para)
8119
8151
msgid ""
8120
8152
"The process of getting a certificate from a CA is fairly easy. A quick "
8121
8153
"overview is as follows:"
8122
8154
msgstr "从CA获得一个数字证书相当简单。下面是简要步骤:"
8123
8155
8124
#: serverguide/C/security.xml:1317(para)
8156
#: serverguide/C/security.xml:1303(para)
8125
8157
msgid "Create a private and public encryption key pair."
8126
8158
msgstr "创建一个私有和公共密钥对"
8127
8159
8128
#: serverguide/C/security.xml:1320(para)
8160
#: serverguide/C/security.xml:1306(para)
8129
8161
msgid ""
8130
8162
"Create a certificate request based on the public key. The certificate "
8131
8163
"request contains information about your server and the company hosting it."
8132
8164
msgstr "基于公钥创建一个证书请求。证书请求包含您服务器及公司信息。"
8133
8165
8134
#: serverguide/C/security.xml:1325(para)
8166
#: serverguide/C/security.xml:1311(para)
8135
8167
msgid ""
8136
8168
"Send the certificate request, along with documents proving your identity, to "
8137
8169
"a CA. We cannot tell you which certificate authority to choose. Your "
8140
8172
msgstr ""
8141
8173
"发送证书请求,并随之提供您的身份文档到一个 CA。我们不能告诉您选择哪个证书颁发机构。您可以基于您以往的经验或您朋友或同事的经验或纯粹基于经济因素来决定。"
8142
8174
8143
#: serverguide/C/security.xml:1331(para)
8175
#: serverguide/C/security.xml:1317(para)
8144
8176
msgid ""
8145
8177
"Once you have decided upon a CA, you need to follow the instructions they "
8146
8178
"provide on how to obtain a certificate from them."
8147
8179
msgstr "一旦您选定一家 CA,您需要根据他们所提供的规程来从他们那里获得证书。"
8148
8180
8149
#: serverguide/C/security.xml:1336(para)
8181
#: serverguide/C/security.xml:1322(para)
8150
8182
msgid ""
8151
8183
"When the CA is satisfied that you are indeed who you claim to be, they send "
8152
8184
"you a digital certificate."
8153
8185
msgstr "当 CA 确定您确实如您所声称的那样时,他们将发给您一个数字证书。"
8154
8186
8155
#: serverguide/C/security.xml:1340(para)
8187
#: serverguide/C/security.xml:1326(para)
8156
8188
msgid ""
8157
8189
"Install this certificate on your secure server, and configure the "
8158
8190
"appropriate applications to use the certificate."
8159
8191
msgstr "将此证书安装到您的安全服务器,并使用证书配置相应的程序。"
8160
8192
8161
#: serverguide/C/security.xml:1349(title)
8193
#: serverguide/C/security.xml:1335(title)
8162
8194
msgid "Generating a Certificate Signing Request (CSR)"
8163
8195
msgstr "生成一个证书签署请求 (CSR)"
8164
8196
8165
#: serverguide/C/security.xml:1351(para)
8197
#: serverguide/C/security.xml:1337(para)
8166
8198
msgid ""
8167
8199
"Whether you are getting a certificate from a CA or generating your own self-"
8168
8200
"signed certificate, the first step is to generate a key."
8169
8201
msgstr "无论您是从一家 CA 那儿获得证书或是生成您自己签署的证书,第一步就是生成钥匙。"
8170
8202
8171
#: serverguide/C/security.xml:1356(para)
8203
#: serverguide/C/security.xml:1342(para)
8172
8204
msgid ""
8173
8205
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8174
8206
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8178
8210
"如果数字证书被服务进程使用(比如Apache,Postfix,Dovecot等等),一个没有密码保护的私钥是适用的。私钥没有密码保护可以让服务在没有人工干"
8179
8211
"预的情况下启动,通常这是启动服务的首选方式。"
8180
8212
8181
#: serverguide/C/security.xml:1362(para)
8213
#: serverguide/C/security.xml:1348(para)
8182
8214
msgid ""
8183
8215
"This section will cover generating a key with a passphrase, and one without. "
8184
8216
"The non-passphrase key will then be used to generate a certificate that can "
8185
8217
"be used with various service daemons."
8186
8218
msgstr "这一节的内容包括生成有密码保护和没有密码保护的密钥。没有密码保护的密钥将被用做生成一个可被各种服务使用的数字证书。"
8187
8219
8188
#: serverguide/C/security.xml:1368(para)
8220
#: serverguide/C/security.xml:1354(para)
8189
8221
msgid ""
8190
8222
"Running your secure service without a passphrase is convenient because you "
8191
8223
"will not need to enter the passphrase every time you start your secure "
8194
8226
msgstr ""
8195
8227
"使用没有密码保护的私钥来运行服务很方便,因为你不需要在每次启动服务的时候输入密码。但是这是不安全的,而且对私钥的威胁同样也是对服务器的威胁。"
8196
8228
8197
#: serverguide/C/security.xml:1375(para)
8229
#: serverguide/C/security.xml:1361(para)
8198
8230
msgid ""
8199
8231
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
8200
8232
"Request (CSR) run the following command from a terminal prompt:"
8201
8233
msgstr "在终端提示符下运行以下命令来为这个证书签名请求(CSR)生成<emphasis>keys</emphasis>:"
8202
8234
8203
#: serverguide/C/security.xml:1381(command)
8235
#: serverguide/C/security.xml:1367(command)
8204
8236
msgid "openssl genrsa -des3 -out server.key 2048"
8205
8237
msgstr ""
8206
8238
8207
#: serverguide/C/security.xml:1384(programlisting)
8239
#: serverguide/C/security.xml:1370(programlisting)
8208
8240
#, no-wrap
8209
8241
msgid ""
8210
8242
"\n"
8215
8247
"Enter pass phrase for server.key:\n"
8216
8248
msgstr ""
8217
8249
8218
#: serverguide/C/security.xml:1392(para)
8250
#: serverguide/C/security.xml:1378(para)
8219
8251
msgid ""
8220
8252
"You can now enter your passphrase. For best security, it should at least "
8221
8253
"contain eight characters. The minimum length when specifying -des3 is four "
8225
8257
"您现在可以输入您的 passphrase。为了最大程度的安全,它至少应该包含八个字符。当指定 -des3 "
8226
8258
"时最小长度为四个字符。它应该包含数字和/或标点符号,并且不应该是字典中的单词。也请记住您的 passphrase 是大小写敏感的。"
8227
8259
8228
#: serverguide/C/security.xml:1400(para)
8260
#: serverguide/C/security.xml:1386(para)
8229
8261
msgid ""
8230
8262
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
8231
8263
"server key is generated and stored in the <filename>server.key</filename> "
8232
8264
"file."
8233
8265
msgstr ""
8234
8266
8235
#: serverguide/C/security.xml:1406(para)
8267
#: serverguide/C/security.xml:1392(para)
8236
8268
msgid ""
8237
8269
"Now create the insecure key, the one without a passphrase, and shuffle the "
8238
8270
"key names:"
8239
8271
msgstr ""
8240
8272
8241
#: serverguide/C/security.xml:1412(command)
8273
#: serverguide/C/security.xml:1398(command)
8242
8274
msgid "openssl rsa -in server.key -out server.key.insecure"
8243
8275
msgstr "openssl rsa -in server.key -out server.key.insecure"
8244
8276
8245
#: serverguide/C/security.xml:1413(command)
8277
#: serverguide/C/security.xml:1399(command)
8246
8278
msgid "mv server.key server.key.secure"
8247
8279
msgstr "mv server.key server.key.secure"
8248
8280
8249
#: serverguide/C/security.xml:1414(command)
8281
#: serverguide/C/security.xml:1400(command)
8250
8282
msgid "mv server.key.insecure server.key"
8251
8283
msgstr "mv server.key.insecure server.key"
8252
8284
8253
#: serverguide/C/security.xml:1417(para)
8285
#: serverguide/C/security.xml:1403(para)
8254
8286
msgid ""
8255
8287
"The insecure key is now named <filename>server.key</filename>, and you can "
8256
8288
"use this file to generate the CSR without passphrase."
8257
8289
msgstr ""
8258
8290
8259
#: serverguide/C/security.xml:1422(para)
8291
#: serverguide/C/security.xml:1408(para)
8260
8292
msgid "To create the CSR, run the following command at a terminal prompt:"
8261
8293
msgstr "要创建 CSR,可以在终端提示符后运行以下命令:"
8262
8294
8263
#: serverguide/C/security.xml:1427(command)
8295
#: serverguide/C/security.xml:1413(command)
8264
8296
msgid "openssl req -new -key server.key -out server.csr"
8265
8297
msgstr "openssl req -new -key server.key -out server.csr"
8266
8298
8267
#: serverguide/C/security.xml:1430(para)
8299
#: serverguide/C/security.xml:1416(para)
8268
8300
msgid ""
8269
8301
"It will prompt you enter the passphrase. If you enter the correct "
8270
8302
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
8272
8304
"be stored in the <filename>server.csr</filename> file."
8273
8305
msgstr ""
8274
8306
8275
#: serverguide/C/security.xml:1438(para)
8307
#: serverguide/C/security.xml:1424(para)
8276
8308
msgid ""
8277
8309
"You can now submit this CSR file to a CA for processing. The CA will use "
8278
8310
"this CSR file and issue the certificate. On the other hand, you can create "
8279
8311
"self-signed certificate using this CSR."
8280
8312
msgstr ""
8281
8313
8282
#: serverguide/C/security.xml:1446(title)
8314
#: serverguide/C/security.xml:1432(title)
8283
8315
msgid "Creating a Self-Signed Certificate"
8284
8316
msgstr "创建一个自己签署的证书"
8285
8317
8286
#: serverguide/C/security.xml:1447(para)
8318
#: serverguide/C/security.xml:1433(para)
8287
8319
msgid ""
8288
8320
"To create the self-signed certificate, run the following command at a "
8289
8321
"terminal prompt:"
8290
8322
msgstr "要创建自己签署的证书,在终端提示符下运行以下命令:"
8291
8323
8292
#: serverguide/C/security.xml:1452(command)
8324
#: serverguide/C/security.xml:1438(command)
8293
8325
msgid ""
8294
8326
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8295
8327
"server.crt"
8297
8329
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8298
8330
"server.crt"
8299
8331
8300
#: serverguide/C/security.xml:1455(para)
8332
#: serverguide/C/security.xml:1441(para)
8301
8333
msgid ""
8302
8334
"The above command will prompt you to enter the passphrase. Once you enter "
8303
8335
"the correct passphrase, your certificate will be created and it will be "
8306
8338
"上述命令将提示您输入 passphrase。一旦您输入正确的 passphrase,您的证书将被创建并将保存在 "
8307
8339
"<filename>server.crt</filename> 文件中。"
8308
8340
8309
#: serverguide/C/security.xml:1460(para)
8341
#: serverguide/C/security.xml:1446(para)
8310
8342
msgid ""
8311
8343
"If your secure server is to be used in a production environment, you "
8312
8344
"probably need a CA-signed certificate. It is not recommended to use self-"
8313
8345
"signed certificate."
8314
8346
msgstr "如果您的安全服务器被用在生产环境中,你也许需要 CA 签署的证书。并不推荐使用自己签署的证书。"
8315
8347
8316
#: serverguide/C/security.xml:1468(title)
8348
#: serverguide/C/security.xml:1454(title)
8317
8349
msgid "Installing the Certificate"
8318
8350
msgstr "安装证书"
8319
8351
8320
#: serverguide/C/security.xml:1470(para)
8352
#: serverguide/C/security.xml:1456(para)
8321
8353
msgid ""
8322
8354
"You can install the key file <filename>server.key</filename> and certificate "
8323
8355
"file <filename>server.crt</filename>, or the certificate file issued by your "
8326
8358
"您可以通过在终端提示符下运行以下命令来安装密钥文件<filename>server.key</filename>和证书文件<filename>server"
8327
8359
".crt</filename>,或是由您的CA签发的证书文件。"
8328
8360
8329
#: serverguide/C/security.xml:1476(command)
8361
#: serverguide/C/security.xml:1462(command)
8330
8362
msgid "sudo cp server.crt /etc/ssl/certs"
8331
8363
msgstr "sudo cp server.crt /etc/ssl/certs"
8332
8364
8333
#: serverguide/C/security.xml:1477(command)
8365
#: serverguide/C/security.xml:1463(command)
8334
8366
msgid "sudo cp server.key /etc/ssl/private"
8335
8367
msgstr "sudo cp server.key /etc/ssl/private"
8336
8368
8337
#: serverguide/C/security.xml:1479(para)
8369
#: serverguide/C/security.xml:1465(para)
8338
8370
msgid ""
8339
8371
"Now simply configure any applications, with the ability to use public-key "
8340
8372
"cryptography, to use the <emphasis>certificate</emphasis> and "
8343
8375
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
8344
8376
msgstr ""
8345
8377
8346
#: serverguide/C/security.xml:1486(title)
8378
#: serverguide/C/security.xml:1472(title)
8347
8379
msgid "Certification Authority"
8348
8380
msgstr "认证机构"
8349
8381
8350
#: serverguide/C/security.xml:1488(para)
8382
#: serverguide/C/security.xml:1474(para)
8351
8383
msgid ""
8352
8384
"If the services on your network require more than a few self-signed "
8353
8385
"certificates it may be worth the additional effort to setup your own "
8357
8389
"the same CA."
8358
8390
msgstr ""
8359
8391
8360
#: serverguide/C/security.xml:1498(para)
8392
#: serverguide/C/security.xml:1484(para)
8361
8393
msgid ""
8362
8394
"First, create the directories to hold the CA certificate and related files:"
8363
8395
msgstr "首先,创建一个目录,用来存放CA证书及其相关文件:"
8364
8396
8365
#: serverguide/C/security.xml:1503(command)
8397
#: serverguide/C/security.xml:1489(command)
8366
8398
msgid "sudo mkdir /etc/ssl/CA"
8367
8399
msgstr "sudo mkdir /etc/ssl/CA"
8368
8400
8369
#: serverguide/C/security.xml:1504(command)
8401
#: serverguide/C/security.xml:1490(command)
8370
8402
msgid "sudo mkdir /etc/ssl/newcerts"
8371
8403
msgstr "sudo mkdir /etc/ssl/newcerts"
8372
8404
8373
#: serverguide/C/security.xml:1510(para)
8405
#: serverguide/C/security.xml:1496(para)
8374
8406
msgid ""
8375
8407
"The CA needs a few additional files to operate, one to keep track of the "
8376
8408
"last serial number used by the CA, each certificate must have a unique "
8378
8410
"issued:"
8379
8411
msgstr ""
8380
8412
8381
#: serverguide/C/security.xml:1517(command)
8413
#: serverguide/C/security.xml:1503(command)
8382
8414
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
8383
8415
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
8384
8416
8385
#: serverguide/C/security.xml:1518(command)
8417
#: serverguide/C/security.xml:1504(command)
8386
8418
msgid "sudo touch /etc/ssl/CA/index.txt"
8387
8419
msgstr "sudo touch /etc/ssl/CA/index.txt"
8388
8420
8389
#: serverguide/C/security.xml:1524(para)
8421
#: serverguide/C/security.xml:1510(para)
8390
8422
msgid ""
8391
8423
"The third file is a CA configuration file. Though not strictly necessary, it "
8392
8424
"is very convenient when issuing multiple certificates. Edit "
8394
8426
"]</emphasis> change:"
8395
8427
msgstr ""
8396
8428
8397
#: serverguide/C/security.xml:1530(programlisting)
8429
#: serverguide/C/security.xml:1516(programlisting)
8398
8430
#, no-wrap
8399
8431
msgid ""
8400
8432
"\n"
8411
8443
"serial = $dir/CA/serial # The current serial number\n"
8412
8444
"private_key = $dir/private/cakey.pem# The private key\n"
8413
8445
8414
#: serverguide/C/security.xml:1541(para)
8446
#: serverguide/C/security.xml:1547(para)
8415
8447
msgid "Next, create the self-signed root certificate:"
8416
8448
msgstr ""
8417
8449
8418
#: serverguide/C/security.xml:1546(command)
8450
#: serverguide/C/security.xml:1532(command)
8419
8451
msgid ""
8420
8452
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
8421
8453
"days 3650"
8423
8455
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
8424
8456
"days 3650"
8425
8457
8426
#: serverguide/C/security.xml:1549(para)
8458
#: serverguide/C/security.xml:1535(para)
8427
8459
msgid "You will then be asked to enter the details about the certificate."
8428
8460
msgstr "您将被要求输入关于证书的详情。"
8429
8461
8430
#: serverguide/C/security.xml:1556(para)
8462
#: serverguide/C/security.xml:1542(para)
8431
8463
msgid "Now install the root certificate and key:"
8432
8464
msgstr "现在安装根证书和钥匙:"
8433
8465
8434
#: serverguide/C/security.xml:1561(command)
8466
#: serverguide/C/security.xml:1547(command)
8435
8467
msgid "sudo mv cakey.pem /etc/ssl/private/"
8436
8468
msgstr "sudo mv cakey.pem /etc/ssl/private/"
8437
8469
8438
#: serverguide/C/security.xml:1562(command)
8470
#: serverguide/C/security.xml:1548(command)
8439
8471
msgid "sudo mv cacert.pem /etc/ssl/certs/"
8440
8472
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
8441
8473
8442
#: serverguide/C/security.xml:1568(para)
8474
#: serverguide/C/security.xml:1554(para)
8443
8475
msgid ""
8444
8476
"You are now ready to start signing certificates. The first item needed is a "
8445
8477
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
8447
8479
"certificate signed by the CA:"
8448
8480
msgstr ""
8449
8481
8450
#: serverguide/C/security.xml:1575(command)
8482
#: serverguide/C/security.xml:1561(command)
8451
8483
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
8452
8484
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
8453
8485
8454
#: serverguide/C/security.xml:1578(para)
8486
#: serverguide/C/security.xml:1564(para)
8455
8487
msgid ""
8456
8488
"After entering the password for the CA key, you will be prompted to sign the "
8457
8489
"certificate, and again to commit the new certificate. You should then see a "
8458
8490
"somewhat large amount of output related to the certificate creation."
8459
8491
msgstr ""
8460
8492
8461
#: serverguide/C/security.xml:1587(para)
8493
#: serverguide/C/security.xml:1573(para)
8462
8494
msgid ""
8463
8495
"There should now be a new file, "
8464
8496
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
8469
8501
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
8470
8502
msgstr ""
8471
8503
8472
#: serverguide/C/security.xml:1595(para)
8504
#: serverguide/C/security.xml:1581(para)
8473
8505
msgid ""
8474
8506
"Subsequent certificates will be named <filename>02.pem</filename>, "
8475
8507
"<filename>03.pem</filename>, etc."
8476
8508
msgstr ""
8477
8509
"随后产生的证书将被命名为<filename>02.pem</filename>, <filename>03.pem</filename>,等等。"
8478
8510
8479
#: serverguide/C/security.xml:1600(para)
8511
#: serverguide/C/security.xml:1586(para)
8480
8512
msgid ""
8481
8513
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
8482
8514
"name."
8483
8515
msgstr "用你自己具有描述性的名字来替代<emphasis>mail.example.com.crt</emphasis>。"
8484
8516
8485
#: serverguide/C/security.xml:1608(para)
8517
#: serverguide/C/security.xml:1594(para)
8486
8518
msgid ""
8487
8519
"Finally, copy the new certificate to the host that needs it, and configure "
8488
8520
"the appropriate applications to use it. The default location to install "
8491
8523
"complicated file permissions."
8492
8524
msgstr ""
8493
8525
8494
#: serverguide/C/security.xml:1614(para)
8526
#: serverguide/C/security.xml:1600(para)
8495
8527
msgid ""
8496
8528
"For applications that can be configured to use a CA certificate, you should "
8497
8529
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
8499
8531
"server."
8500
8532
msgstr ""
8501
8533
8502
#: serverguide/C/security.xml:1628(para)
8534
#: serverguide/C/security.xml:1614(para)
8503
8535
msgid ""
8504
8536
"For more detailed instructions on using cryptography see the <ulink "
8505
8537
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
8506
"Certificates HOWTO</ulink> by tlpd.org"
8538
"Certificates HOWTO</ulink> by tldp.org"
8507
8539
msgstr ""
8508
"要得到更多关于加密的指导,请参阅由tlpd.org编写的<ulink url=\"http://tldp.org/HOWTO/SSL-"
8509
"Certificates-HOWTO/index.html\">SSL Certificates HOWTO</ulink>。"
8510
8540
8511
#: serverguide/C/security.xml:1634(para)
8541
#: serverguide/C/security.xml:1620(para)
8512
8542
msgid ""
8513
8543
"The Wikipedia <ulink "
8514
8544
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8517
8547
"维基上关于<ulink "
8518
8548
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink>的页面有更多关于HTTPS的信息。"
8519
8549
8520
#: serverguide/C/security.xml:1639(para)
8550
#: serverguide/C/security.xml:1625(para)
8521
8551
msgid ""
8522
8552
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8523
8553
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8525
8555
"更多关于 <emphasis>OpenSSL</emphasis> 的信息,请参阅 <ulink "
8526
8556
"url=\"http://www.openssl.org/\">OpenSSL 主页</ulink>。"
8527
8557
8528
#: serverguide/C/security.xml:1644(para)
8558
#: serverguide/C/security.xml:1630(para)
8529
8559
msgid ""
8530
8560
"Also, O'Reilly's <ulink "
8531
8561
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8532
8562
"OpenSSL</ulink> is a good in depth reference."
8533
8563
msgstr ""
8534
8564
8535
#: serverguide/C/security.xml:1653(title)
8565
#: serverguide/C/security.xml:1639(title)
8536
8566
msgid "eCryptfs"
8537
8567
msgstr "eCryptfs"
8538
8568
8539
#: serverguide/C/security.xml:1655(para)
8569
#: serverguide/C/security.xml:1661(para)
8540
8570
msgid ""
8541
8571
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
8542
8572
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
8544
8574
"filesystem, partition type, etc."
8545
8575
msgstr ""
8546
8576
8547
#: serverguide/C/security.xml:1661(para)
8577
#: serverguide/C/security.xml:1647(para)
8548
8578
msgid ""
8549
8579
"During installation there is an option to encrypt the <filename "
8550
8580
"role=\"directory\">/home</filename> partition. This will automatically "
8553
8583
"在安装过程中有一个加密 <filename role=\"directory\">/home</filename> "
8554
8584
"分区的选项,该选项会自动完成有关加密及挂载该分区的所有配置。"
8555
8585
8556
#: serverguide/C/security.xml:1666(para)
8586
#: serverguide/C/security.xml:1652(para)
8557
8587
msgid ""
8558
8588
"As an example, this section will cover configuring <filename "
8559
8589
"role=\"directory\">/srv</filename> to be encrypted using "
8560
8590
"<emphasis>eCryptfs</emphasis>."
8561
8591
msgstr ""
8562
8592
8563
#: serverguide/C/security.xml:1671(title)
8593
#: serverguide/C/security.xml:1657(title)
8564
8594
msgid "Using eCryptfs"
8565
8595
msgstr "使用 eCryptfs"
8566
8596
8567
#: serverguide/C/security.xml:1673(para)
8597
#: serverguide/C/security.xml:1659(para)
8568
8598
msgid "First, install the necessary packages. From a terminal prompt enter:"
8569
8599
msgstr "首先,安装必要的软件包。在终端输入:"
8570
8600
8571
#: serverguide/C/security.xml:1678(command)
8601
#: serverguide/C/security.xml:1664(command)
8572
8602
msgid "sudo apt-get install ecryptfs-utils"
8573
8603
msgstr "sudo apt-get install ecryptfs-utils"
8574
8604
8575
#: serverguide/C/security.xml:1681(para)
8605
#: serverguide/C/security.xml:1667(para)
8576
8606
msgid "Now mount the partition to be encrypted:"
8577
8607
msgstr "现在挂载要加密的分区:"
8578
8608
8579
#: serverguide/C/security.xml:1686(command)
8609
#: serverguide/C/security.xml:1672(command)
8580
8610
msgid "sudo mount -t ecryptfs /srv /srv"
8581
8611
msgstr "sudo mount -t ecryptfs /srv /srv"
8582
8612
8583
#: serverguide/C/security.xml:1689(para)
8613
#: serverguide/C/security.xml:1675(para)
8584
8614
msgid ""
8585
8615
"You will then be prompted for some details on how "
8586
8616
"<application>ecryptfs</application> should encrypt the data."
8587
8617
msgstr "你接下来会看到有关<application>ecryptfs</application>如何加密数据的详细信息。"
8588
8618
8589
#: serverguide/C/security.xml:1693(para)
8619
#: serverguide/C/security.xml:1679(para)
8590
8620
msgid ""
8591
8621
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8592
8622
"copy the <filename>/etc/default</filename> folder to "
8595
8625
"要测试<filename>/srv</filename>内的文件是否确实已加密,将文件夹<filename>/etc/default</filename>"
8596
8626
"复制到<filename>/srv</filename>:"
8597
8627
8598
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8628
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8599
8629
msgid "sudo cp -r /etc/default /srv"
8600
8630
msgstr "sudo cp -r /etc/default /srv"
8601
8631
8602
#: serverguide/C/security.xml:1702(para)
8632
#: serverguide/C/security.xml:1688(para)
8603
8633
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8604
8634
msgstr "现在卸载<filename>/srv</filename>,并尝试查看一个文件:"
8605
8635
8606
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8636
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8607
8637
msgid "sudo umount /srv"
8608
8638
msgstr "sudo umount /srv"
8609
8639
8610
#: serverguide/C/security.xml:1708(command)
8640
#: serverguide/C/security.xml:1694(command)
8611
8641
msgid "cat /srv/default/cron"
8612
8642
msgstr "cat /srv/default/cron"
8613
8643
8614
#: serverguide/C/security.xml:1711(para)
8644
#: serverguide/C/security.xml:1697(para)
8615
8645
msgid ""
8616
8646
"Remounting <filename>/srv</filename> using "
8617
8647
"<application>ecryptfs</application> will make the data viewable once again."
8618
8648
msgstr ""
8619
8649
"再次使用<application>ecryptfs</application>挂载<filename>/srv</filename>将会让数据再次可查看。"
8620
8650
8621
#: serverguide/C/security.xml:1717(title)
8651
#: serverguide/C/security.xml:1703(title)
8622
8652
msgid "Automatically Mounting Encrypted Partitions"
8623
8653
msgstr "自动挂载加密分区"
8624
8654
8625
#: serverguide/C/security.xml:1719(para)
8655
#: serverguide/C/security.xml:1705(para)
8626
8656
msgid ""
8627
8657
"There are a couple of ways to automatically mount an "
8628
8658
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8633
8663
"加密文件系统,有几种不同的方式。在本例中,我们将使用一个包含挂载选项的 <filename>/root/.ecryptfsrc</filename> "
8634
8664
"文件,和一个保存在 USB 设备上的密码文件。"
8635
8665
8636
#: serverguide/C/security.xml:1725(para)
8666
#: serverguide/C/security.xml:1711(para)
8637
8667
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8638
8668
msgstr "首先,创建<filename>/root/.ecryptfsrc</filename>,并加入:"
8639
8669
8640
#: serverguide/C/security.xml:1729(programlisting)
8670
#: serverguide/C/security.xml:1715(programlisting)
8641
8671
#, no-wrap
8642
8672
msgid ""
8643
8673
"\n"
8656
8686
"ecryptfs_passthrough=n\n"
8657
8687
"ecryptfs_enable_filename_crypto=n\n"
8658
8688
8659
#: serverguide/C/security.xml:1739(para)
8689
#: serverguide/C/security.xml:1725(para)
8660
8690
msgid ""
8661
8691
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8662
8692
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8663
8693
msgstr ""
8664
8694
8665
#: serverguide/C/security.xml:1744(para)
8695
#: serverguide/C/security.xml:1730(para)
8666
8696
msgid ""
8667
8697
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8668
8698
"file:"
8669
8699
msgstr ""
8670
8700
8671
#: serverguide/C/security.xml:1748(programlisting)
8701
#: serverguide/C/security.xml:1734(programlisting)
8672
8702
#, no-wrap
8673
8703
msgid ""
8674
8704
"\n"
8677
8707
"\n"
8678
8708
"passphrase_passwd=[secrets]\n"
8679
8709
8680
#: serverguide/C/security.xml:1752(para)
8710
#: serverguide/C/security.xml:1738(para)
8681
8711
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8682
8712
msgstr "现在将相应字段加入到<filename>/etc/fstab</filename>:"
8683
8713
8684
#: serverguide/C/security.xml:1756(programlisting)
8714
#: serverguide/C/security.xml:1742(programlisting)
8685
8715
#, no-wrap
8686
8716
msgid ""
8687
8717
"\n"
8692
8722
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
8693
8723
"/srv /srv ecryptfs defaults 0 0\n"
8694
8724
8695
#: serverguide/C/security.xml:1761(para)
8725
#: serverguide/C/security.xml:1747(para)
8696
8726
msgid "Make sure the USB drive is mounted before the encrypted partition."
8697
8727
msgstr "确信USB驱动器在加密分区之前得到挂载。"
8698
8728
8699
#: serverguide/C/security.xml:1765(para)
8729
#: serverguide/C/security.xml:1751(para)
8700
8730
msgid ""
8701
8731
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8702
8732
"<emphasis>eCryptfs</emphasis>."
8703
8733
msgstr ""
8704
8734
8705
#: serverguide/C/security.xml:1771(title)
8735
#: serverguide/C/security.xml:1757(title)
8706
8736
msgid "Other Utilities"
8707
8737
msgstr "其它工具"
8708
8738
8709
#: serverguide/C/security.xml:1773(para)
8739
#: serverguide/C/security.xml:1759(para)
8710
8740
msgid ""
8711
8741
"The <application>ecryptfs-utils</application> package includes several other "
8712
8742
"useful utilities:"
8713
8743
msgstr "<application>ecryptfs-utils</application>软件包包含几个其它的有用工具:"
8714
8744
8715
#: serverguide/C/security.xml:1779(para)
8745
#: serverguide/C/security.xml:1765(para)
8716
8746
msgid ""
8717
8747
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8718
8748
"<filename>~/Private</filename> directory to contain encrypted information. "
8720
8750
"other users on the system."
8721
8751
msgstr ""
8722
8752
8723
#: serverguide/C/security.xml:1786(para)
8753
#: serverguide/C/security.xml:1772(para)
8724
8754
msgid ""
8725
8755
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8726
8756
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8727
8757
"directory."
8728
8758
msgstr ""
8729
8759
8730
#: serverguide/C/security.xml:1792(para)
8760
#: serverguide/C/security.xml:1778(para)
8731
8761
msgid ""
8732
8762
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8733
8763
"kernel keyring."
8734
8764
msgstr ""
8735
8765
8736
#: serverguide/C/security.xml:1797(para)
8766
#: serverguide/C/security.xml:1783(para)
8737
8767
msgid ""
8738
8768
"<emphasis>ecryptfs-manager:</emphasis> manages "
8739
8769
"<application>eCryptfs</application> objects such as keys."
8740
8770
msgstr ""
8741
8771
8742
#: serverguide/C/security.xml:1802(para)
8772
#: serverguide/C/security.xml:1788(para)
8743
8773
msgid ""
8744
8774
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8745
8775
"<application>ecryptfs</application> meta information for a file."
8746
8776
msgstr ""
8747
8777
8748
#: serverguide/C/security.xml:1815(para)
8778
#: serverguide/C/security.xml:1801(para)
8749
8779
msgid ""
8750
8780
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8751
8781
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8752
8782
msgstr ""
8753
8783
8754
#: serverguide/C/security.xml:1820(para)
8784
#: serverguide/C/security.xml:1806(para)
8755
8785
msgid ""
8756
8786
"There is also a <ulink "
8757
8787
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8758
8788
"article covering <emphasis>eCryptfs</emphasis>."
8759
8789
msgstr ""
8760
8790
8761
#: serverguide/C/security.xml:1825(para)
8791
#: serverguide/C/security.xml:1831(para)
8762
8792
msgid ""
8763
"Also, for more <application>ecryptfs</application> options see the <ulink "
8793
"Also, for more <application>ecryptfs</application> options and details see "
8794
"the <ulink "
8764
8795
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man7/ecryptfs.7.html\">ec"
8765
8796
"ryptfs man page</ulink>."
8766
8797
msgstr ""
8767
8798
8768
#: serverguide/C/security.xml:1831(para)
8769
msgid ""
8770
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
8771
"Ubuntu Wiki</ulink> page also has more details."
8772
msgstr ""
8773
8774
8799
#: serverguide/C/samba.xml:11(title)
8775
8800
msgid "Samba"
8776
8801
msgstr ""
8777
8802
8778
#: serverguide/C/samba.xml:13(para)
8803
#: serverguide/C/windows-networking.xml:13(para)
8779
8804
msgid ""
8780
8805
"Computer networks are often comprised of diverse systems, and while "
8781
8806
"operating a network made up entirely of Ubuntu desktop and server computers "
8791
8816
"class=\"registered\">Windows</trademark> 这两个系统协同工作。<phrase>Ubuntu</phrase> "
8792
8817
"服务器指南中的这部分内容将向你介绍 Ubuntu 服务器的原理及配置所用工具,以便同 Windows 计算机共享网络资源。"
8793
8818
8794
#: serverguide/C/samba.xml:25(para)
8819
#: serverguide/C/windows-networking.xml:25(para)
8795
8820
msgid ""
8796
8821
"Successfully networking your Ubuntu system with Windows clients involves "
8797
8822
"providing and integrating with services common to Windows environments. Such "
8802
8827
"要想将您的 Ubuntu 系统与 Windows 客户机成功连网,则需要为 Windows "
8803
8828
"环境提供和整合常用服务。这些服务有助于网络中计算机和用户的数据和信息共享,它们按功能可划分为以下三大类:"
8804
8829
8805
#: serverguide/C/samba.xml:33(para)
8830
#: serverguide/C/windows-networking.xml:33(para)
8806
8831
msgid ""
8807
8832
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8808
8833
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8811
8836
"<emphasis role=\"bold\">文件和打印机共享服务</emphasis>。SMB(Server Message "
8812
8837
"Block,服务器信息块) 协议可以使在网络上共享文件、文件夹、卷和打印机变得容易。"
8813
8838
8814
#: serverguide/C/samba.xml:39(para)
8839
#: serverguide/C/windows-networking.xml:39(para)
8815
8840
msgid ""
8816
8841
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8817
8842
"information about the computers and users of the network with such "
8822
8847
"Protocol,轻量目录访问协议) 和 Microsoft <trademark class=\"registered\">Active "
8823
8848
"Directory</trademark> 技术来共享网络计算机和用户的重要信息。"
8824
8849
8825
#: serverguide/C/samba.xml:46(para)
8850
#: serverguide/C/windows-networking.xml:46(para)
8826
8851
msgid ""
8827
8852
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8828
8853
"the identity of a computer or user of the network and determining the "
8833
8858
"<emphasis role=\"bold\">认证和权限</emphasis>。建立网络计算机和用户的身份信息,并通过使用文件权限、组策略和 "
8834
8859
"Kerberos 认证服务等原理和技术来确定计算机或用户可以访问的信息。"
8835
8860
8836
#: serverguide/C/samba.xml:54(para)
8861
#: serverguide/C/windows-networking.xml:54(para)
8837
8862
msgid ""
8838
8863
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8839
8864
"clients and share network resources among them. One of the principal pieces "
8843
8868
"幸运的是您的 Ubuntu 系统可以为 Windows 客户端提供所有这样的便利,并在它们中共享网络资源。您的 Ubuntu为 Windows "
8844
8869
"网络提供的软件中主要部分之一是 SMB 服务器应用和工具的 Samba 套件。"
8845
8870
8846
#: serverguide/C/samba.xml:60(para)
8871
#: serverguide/C/windows-networking.xml:60(para)
8847
8872
msgid ""
8848
8873
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8849
8874
"of the common Samba use cases, and how to install and configure the "
8858
8883
msgid "File Server"
8859
8884
msgstr ""
8860
8885
8861
#: serverguide/C/samba.xml:70(para)
8886
#: serverguide/C/windows-networking.xml:70(para)
8862
8887
msgid ""
8863
8888
"One of the most common ways to network Ubuntu and Windows computers is to "
8864
8889
"configure Samba as a File Server. This section covers setting up a "
8867
8892
"最通用的连接 Ubuntu 和 Windows的方法之一是将 Samba 配置为文件服务器。本部分包括设置Samba>服务器以便同 Windows "
8868
8893
"客户端共享文件。"
8869
8894
8870
#: serverguide/C/samba.xml:75(para)
8895
#: serverguide/C/windows-networking.xml:75(para)
8871
8896
msgid ""
8872
8897
"The server will be configured to share files with any client on the network "
8873
8898
"without prompting for a password. If your environment requires stricter "
8876
8901
"服务器将被配置为不需要密码即可与网络上任何客户端共享文件。如果您的环境要求更严格的访问控制,请看<xref linkend=\"samba-"
8877
8902
"fileprint-security\"/>"
8878
8903
8879
#: serverguide/C/samba.xml:83(para)
8904
#: serverguide/C/windows-networking.xml:83(para)
8880
8905
msgid ""
8881
8906
"The first step is to install the <application>samba</application> package. "
8882
8907
"From a terminal prompt enter:"
8883
8908
msgstr "第一步是安装samba软件包。在终端提示符键入:"
8884
8909
8885
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8910
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8886
8911
msgid "sudo apt-get install samba"
8887
8912
msgstr "sudo apt-get install samba"
8888
8913
8889
#: serverguide/C/samba.xml:91(para)
8914
#: serverguide/C/windows-networking.xml:91(para)
8890
8915
msgid ""
8891
8916
"That's all there is to it; you are now ready to configure Samba to share "
8892
8917
"files."
8893
8918
msgstr "这是唯一需要做的;现在您可以通过配置 Samba 来共享文件了。"
8894
8919
8895
#: serverguide/C/samba.xml:99(para)
8920
#: serverguide/C/windows-networking.xml:99(para)
8896
8921
msgid ""
8897
8922
"The main Samba configuration file is located in "
8898
8923
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8903
8928
"Samba配置文件置于<filename>/etc/samba/smb.conf</filename>。默认的配置文件包含了大量的的注解,描述了各种配置指"
8904
8929
"令。"
8905
8930
8906
#: serverguide/C/samba.xml:104(para)
8931
#: serverguide/C/windows-networking.xml:104(para)
8907
8932
msgid ""
8908
8933
"Not all the available options are included in the default configuration "
8909
8934
"file. See the <filename>smb.conf</filename><application>man</application> "
8914
8939
"ation> 手册页,或者 <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
8915
8940
"Collection/\">Samba HOWTO 合集</ulink>"
8916
8941
8917
#: serverguide/C/samba.xml:113(para)
8942
#: serverguide/C/windows-networking.xml:113(para)
8918
8943
msgid ""
8919
8944
"First, edit the following key/value pairs in the "
8920
8945
"<emphasis>[global]</emphasis> section of "
8923
8948
"首先,编辑<filename>/etc/samba/smb.conf</filename>文件中的<emphasis>[global]</emphasis"
8924
8949
">片段的键值对"
8925
8950
8926
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8951
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8927
8952
#, no-wrap
8928
8953
msgid ""
8929
8954
"\n"
8936
8961
" ...\n"
8937
8962
" 安全等级 = user\n"
8938
8963
8939
#: serverguide/C/samba.xml:124(para)
8964
#: serverguide/C/windows-networking.xml:124(para)
8940
8965
msgid ""
8941
8966
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8942
8967
"section, and is commented by default. Also, change "
8945
8970
"<emphasis>security</emphasis>这个参数在[global]章节的下面,默认是被注释掉的。同样,根据你的环境改变<emphasis"
8946
8971
">EXAMPLE</emphasis>参数。"
8947
8972
8948
#: serverguide/C/samba.xml:132(para)
8973
#: serverguide/C/windows-networking.xml:132(para)
8949
8974
msgid ""
8950
8975
"Create a new section at the bottom of the file, or uncomment one of the "
8951
8976
"examples, for the directory to be shared:"
8952
8977
msgstr "在文件底部为要共享的目录创建一个新段落或将某一例子前#去掉,"
8953
8978
8954
#: serverguide/C/samba.xml:136(programlisting)
8979
#: serverguide/C/windows-networking.xml:136(programlisting)
8955
8980
#, no-wrap
8956
8981
msgid ""
8957
8982
"\n"
8972
8997
" 只读 = no\n"
8973
8998
" create mask = 0755\n"
8974
8999
8975
#: serverguide/C/samba.xml:148(para)
9000
#: serverguide/C/windows-networking.xml:148(para)
8976
9001
msgid ""
8977
9002
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8978
9003
"fit your needs."
8979
9004
msgstr "<emphasis>comment:</emphasis> 一段简短的描述,根据你的需要进行调整。"
8980
9005
8981
#: serverguide/C/samba.xml:153(para)
9006
#: serverguide/C/windows-networking.xml:153(para)
8982
9007
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8983
9008
msgstr "<emphasis>path:</emphasis>共享文件的路径"
8984
9009
8985
#: serverguide/C/samba.xml:156(para)
9010
#: serverguide/C/windows-networking.xml:156(para)
8986
9011
msgid ""
8987
9012
"This example uses <filename>/srv/samba/sharename</filename> because, "
8988
9013
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8998
9023
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> "
8999
9024
"站点提供的数据。技术上来说Samba shares只要权限正确,可以在文件系统的任何位置,但是建议遵守规范。"
9000
9025
9001
#: serverguide/C/samba.xml:165(para)
9026
#: serverguide/C/windows-networking.xml:165(para)
9002
9027
msgid ""
9003
9028
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
9004
9029
"directory using <application>Windows Explorer</application>."
9005
9030
msgstr "<emphasis>browsable:</emphasis> 允许windows客户机使用资源管理器浏览共享目录。"
9006
9031
9007
#: serverguide/C/samba.xml:171(para)
9032
#: serverguide/C/windows-networking.xml:171(para)
9008
9033
msgid ""
9009
9034
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
9010
9035
"without supplying a password."
9011
9036
msgstr "<emphasis>guest ok:</emphasis>允许客户机连接共享目录不用提供密码。"
9012
9037
9013
#: serverguide/C/samba.xml:176(para)
9038
#: serverguide/C/windows-networking.xml:176(para)
9014
9039
msgid ""
9015
9040
"<emphasis>read only:</emphasis> determines if the share is read only or if "
9016
9041
"write privileges are granted. Write privileges are allowed only when the "
9020
9045
"<emphasis>只读::</emphasis>决定共享是否为只读或已赋予写权限。只有当其值为<emphasis>no</emphasis>时才会赋予写"
9021
9046
"权限,就如此例中所看到的。如果值是<emphasis>yes</emphasis>,那么将只能以只读方式进入。"
9022
9047
9023
#: serverguide/C/samba.xml:181(para)
9048
#: serverguide/C/windows-networking.xml:181(para)
9024
9049
msgid ""
9025
9050
"<emphasis>create mask:</emphasis> determines the permissions new files will "
9026
9051
"have when created."
9027
9052
msgstr "<emphasis>create mask:</emphasis> 在文件被创建时确定新建文件的权限。"
9028
9053
9029
#: serverguide/C/samba.xml:190(para)
9054
#: serverguide/C/windows-networking.xml:190(para)
9030
9055
msgid ""
9031
9056
"Now that <application>Samba</application> is configured, the directory needs "
9032
9057
"to be created and the permissions changed. From a terminal enter:"
9033
9058
msgstr "既然<application>Samba</application>已经设置,您需要新建一个目录并更改授权。请从终端输入:"
9034
9059
9035
#: serverguide/C/samba.xml:196(command)
9060
#: serverguide/C/windows-networking.xml:196(command)
9036
9061
msgid "sudo mkdir -p /srv/samba/share"
9037
9062
msgstr "sudo mkdir -p /srv/samba/share"
9038
9063
9039
#: serverguide/C/samba.xml:197(command)
9040
msgid "sudo chown nobody.nogroup /srv/samba/share/"
9041
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
9064
#: serverguide/C/windows-networking.xml:197(command)
9065
msgid "sudo chown nobody:nogroup /srv/samba/share/"
9066
msgstr ""
9042
9067
9043
#: serverguide/C/samba.xml:201(para)
9068
#: serverguide/C/windows-networking.xml:201(para)
9044
9069
msgid ""
9045
9070
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
9046
9071
"directory tree if it doesn't exist."
9047
9072
msgstr "<emphasis>-p</emphasis> 开关使 mkdir 创建整个目录,如果该目录不存在。"
9048
9073
9049
#: serverguide/C/samba.xml:209(para)
9074
#: serverguide/C/windows-networking.xml:209(para)
9050
9075
msgid ""
9051
9076
"Finally, restart the <application>samba</application> services to enable the "
9052
9077
"new configuration:"
9053
9078
msgstr "最后,为使新设定生效,请重启<application>samba</application>服务。"
9054
9079
9055
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2504(command)
9080
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
9056
9081
msgid "sudo restart smbd"
9057
9082
msgstr "sudo restart smbd"
9058
9083
9059
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2505(command)
9084
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
9060
9085
msgid "sudo restart nmbd"
9061
9086
msgstr "sudo restart nmbd"
9062
9087
9063
#: serverguide/C/samba.xml:222(para)
9088
#: serverguide/C/windows-networking.xml:222(para)
9064
9089
msgid ""
9065
9090
"Once again, the above configuration gives all access to any client on the "
9066
9091
"local network. For a more secure configuration see <xref linkend=\"samba-"
9069
9094
"再次地,上述设定使得所有用户可以接入本地网络。欲知更多安全设定方法请参阅<xref linkend=\"samba-fileprint-"
9070
9095
"security\"/>。"
9071
9096
9072
#: serverguide/C/samba.xml:228(para)
9097
#: serverguide/C/windows-networking.xml:228(para)
9073
9098
msgid ""
9074
9099
"From a Windows client you should now be able to browse to the Ubuntu file "
9075
9100
"server and see the shared directory. If your client doesn't show your share "
9078
9103
"working try creating a directory from Windows."
9079
9104
msgstr ""
9080
9105
9081
#: serverguide/C/samba.xml:232(para)
9106
#: serverguide/C/windows-networking.xml:232(para)
9082
9107
msgid ""
9083
9108
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
9084
9109
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
9088
9113
"为了创建更多的共享只需在文件 <filename>/etc/samba/smb.conf</filename>中的章节下写入新的路径,并重新启动 "
9089
9114
"<emphasis>Samba</emphasis>。只需要确定该目录要共享和当前的权限是正确的。"
9090
9115
9091
#: serverguide/C/samba.xml:239(para)
9116
#: serverguide/C/windows-networking.xml:239(para)
9092
9117
msgid ""
9093
9118
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
9094
9119
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
9102
9127
"只是例子。根据您的环境调整共享和路径名称。根据文件系统上的目录名命名共享是个好主意。例如,</emphasis> 对路径 "
9103
9128
"<filename>/srv/samba/qa</filename>,共享名可设为 <emphasis>[qa]</emphasis>。"
9104
9129
9105
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
9130
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
9106
9131
msgid ""
9107
9132
"For in depth Samba configurations see the <ulink "
9108
9133
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
9111
9136
"要更深入地了解Samba设定请参阅<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9112
9137
"Collection/\">Samba HOWTO Collection</ulink>"
9113
9138
9114
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
9139
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
9115
9140
msgid ""
9116
9141
"The guide is also available in <ulink "
9117
9142
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
9120
9145
"您也可以在<ulink url=\"http://www.amazon.com/exec/obidos/tg/detail/-"
9121
9146
"/0131882228\">printed format</ulink>查看帮助"
9122
9147
9123
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
9148
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
9124
9149
msgid ""
9125
9150
"O'Reilly's <ulink "
9126
9151
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
9130
9155
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink>是另一篇"
9131
9156
"很好的参考文章。"
9132
9157
9133
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
9158
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
9134
9159
msgid ""
9135
9160
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
9136
9161
"</ulink> page."
9137
9162
msgstr ""
9138
9163
9139
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
9164
#: serverguide/C/network-config.xml:908(para)
9140
9165
msgid "Print Server"
9141
9166
msgstr "打印服务器"
9142
9167
9143
#: serverguide/C/samba.xml:281(para)
9168
#: serverguide/C/windows-networking.xml:281(para)
9144
9169
msgid ""
9145
9170
"Another common use of Samba is to configure it to share printers installed, "
9146
9171
"either locally or over the network, on an Ubuntu server. Similar to <xref "
9151
9176
"另一种较常见的Samba应用是在Ubuntu服务器上安装共享打印机,无论是本地还是共享的。比如 <xref linkend=\"samba-"
9152
9177
"fileserver\"/> 这一节将配置Samba允许任何客户机安装使用本地网络上的打印机而不提示的用户名和密码。"
9153
9178
9154
#: serverguide/C/samba.xml:287(para)
9179
#: serverguide/C/windows-networking.xml:287(para)
9155
9180
msgid ""
9156
9181
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
9157
9182
"security\"/>."
9158
9183
msgstr "欲知更多关于安全设定的内容请查看<xref linkend=\"samba-fileprint-security\"/>"
9159
9184
9160
#: serverguide/C/samba.xml:294(para)
9185
#: serverguide/C/windows-networking.xml:294(para)
9161
9186
msgid ""
9162
9187
"Before installing and configuring Samba it is best to already have a working "
9163
9188
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
9166
9191
"在安装和设定Samba之前最好安装一个能工作的<application>CUPS</application>。欲知详情请查看<xref "
9167
9192
"linkend=\"cups\"/>。"
9168
9193
9169
#: serverguide/C/samba.xml:299(para)
9194
#: serverguide/C/windows-networking.xml:299(para)
9170
9195
msgid ""
9171
9196
"To install the <application>samba</application> package, from a terminal "
9172
9197
"enter:"
9173
9198
msgstr "要安装<application>samba</application>软件包,请在中断输入:"
9174
9199
9175
#: serverguide/C/samba.xml:310(para)
9200
#: serverguide/C/windows-networking.xml:310(para)
9176
9201
msgid ""
9177
9202
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
9178
9203
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
9183
9208
"p</emphasis>属性,并把<emphasis>security</emphasis>改为<emphasis "
9184
9209
"role=\"italic\">user</emphasis>:"
9185
9210
9186
#: serverguide/C/samba.xml:322(para)
9211
#: serverguide/C/windows-networking.xml:322(para)
9187
9212
msgid ""
9188
9213
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
9189
9214
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
9191
9216
"在 <emphasis>[printers]</emphasis> 一节中改变 <emphasis>guest ok</emphasis> 参数为 "
9192
9217
"<emphasis role=\"italic\">yes</emphasis>:"
9193
9218
9194
#: serverguide/C/samba.xml:326(programlisting)
9219
#: serverguide/C/windows-networking.xml:326(programlisting)
9195
9220
#, no-wrap
9196
9221
msgid ""
9197
9222
"\n"
9202
9227
" browsable = yes\n"
9203
9228
" guest ok = yes\n"
9204
9229
9205
#: serverguide/C/samba.xml:331(para)
9230
#: serverguide/C/windows-networking.xml:331(para)
9206
9231
msgid "After editing <filename>smb.conf</filename> restart Samba:"
9207
9232
msgstr "编辑<filename>smb.conf</filename>后重启 Samba:"
9208
9233
9209
#: serverguide/C/samba.xml:340(para)
9234
#: serverguide/C/windows-networking.xml:340(para)
9210
9235
msgid ""
9211
9236
"The default Samba configuration will automatically share any printers "
9212
9237
"installed. Simply install the printer locally on your Windows clients."
9213
9238
msgstr "默认Samba设定将会自动共享安装的打印机。请在您的Windows客户端安装本地打印机。"
9214
9239
9215
#: serverguide/C/samba.xml:369(para)
9240
#: serverguide/C/windows-networking.xml:369(para)
9216
9241
msgid ""
9217
9242
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
9218
9243
"more information on configuring CUPS."
9223
9248
msgid "Securing File and Print Server"
9224
9249
msgstr ""
9225
9250
9226
#: serverguide/C/samba.xml:386(title)
9251
#: serverguide/C/windows-networking.xml:386(title)
9227
9252
msgid "Samba Security Modes"
9228
9253
msgstr "Samba安全模式"
9229
9254
9230
#: serverguide/C/samba.xml:388(para)
9255
#: serverguide/C/windows-networking.xml:388(para)
9231
9256
msgid ""
9232
9257
"There are two security levels available to the Common Internet Filesystem "
9233
9258
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
9239
9264
"等级</emphasis> Samba的 <emphasis>security 模式</emphasis> 允许更灵活的执行方式,为user-"
9240
9265
"level安全等级提供了4种方式,为share-level等级提供了一种方式。"
9241
9266
9242
#: serverguide/C/samba.xml:397(para)
9267
#: serverguide/C/windows-networking.xml:397(para)
9243
9268
msgid ""
9244
9269
"<emphasis>security = user:</emphasis> requires clients to supply a username "
9245
9270
"and password to connect to shares. Samba user accounts are separate from "
9250
9275
"就需要连接共享的客户机提供用户名和密码。虽然Samba的用户帐户区别于系统帐户,但是软件包 <application>libpam-"
9251
9276
"smbpass</application> 会同步系统用户名和密码与Samba用户数据库。"
9252
9277
9253
#: serverguide/C/samba.xml:404(para)
9278
#: serverguide/C/windows-networking.xml:404(para)
9254
9279
msgid ""
9255
9280
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
9256
9281
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
9261
9286
"客户端的主域控制器 ( PDC ) , 备份域控制器(BDC) ,或者一个域成员服务器(DMS) ,了解更多信息参见 <xref "
9262
9287
"linkend=\"samba-dc\"/>。"
9263
9288
9264
#: serverguide/C/samba.xml:411(para)
9289
#: serverguide/C/windows-networking.xml:411(para)
9265
9290
msgid ""
9266
9291
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
9267
9292
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
9270
9295
"<emphasis>security = ADS:</emphasis> 允许 Samba服务器作为一个本地成员加入活动目录域。详细内容参见 <xref "
9271
9296
"linkend=\"samba-ad-integration\"/>"
9272
9297
9273
#: serverguide/C/samba.xml:417(para)
9298
#: serverguide/C/windows-networking.xml:417(para)
9274
9299
msgid ""
9275
9300
"<emphasis>security = server:</emphasis> this mode is left over from before "
9276
9301
"Samba could become a member server, and due to some security issues should "
9283
9308
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection "
9284
9309
"/ServerType.html#id349531\">Server Security</ulink>"
9285
9310
9286
#: serverguide/C/samba.xml:425(para)
9311
#: serverguide/C/windows-networking.xml:425(para)
9287
9312
msgid ""
9288
9313
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
9289
9314
"without supplying a username and password."
9290
9315
msgstr "参数 <emphasis>security = share:</emphasis> 允许客户机访问共享文件时不提供用户名和密码。"
9291
9316
9292
#: serverguide/C/samba.xml:432(para)
9317
#: serverguide/C/windows-networking.xml:432(para)
9293
9318
msgid ""
9294
9319
"The security mode you choose will depend on your environment and what you "
9295
9320
"need the Samba server to accomplish."
9296
9321
msgstr "您将选择的安全模式将取决与您的环境和您需要用Samba服务器完成的工作。"
9297
9322
9298
#: serverguide/C/samba.xml:438(title)
9323
#: serverguide/C/windows-networking.xml:438(title)
9299
9324
msgid "Security = User"
9300
9325
msgstr "Security = User"
9301
9326
9302
#: serverguide/C/samba.xml:440(para)
9327
#: serverguide/C/windows-networking.xml:440(para)
9303
9328
msgid ""
9304
9329
"This section will reconfigure the Samba file and print server, from <xref "
9305
9330
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
9308
9333
"本节将根据 <xref linkend=\"samba-fileserver\"/> 和 <xref linkend=\"samba-"
9309
9334
"printserver\"/>重新配置 Samba 文件和打印服务器。"
9310
9335
9311
#: serverguide/C/samba.xml:445(para)
9336
#: serverguide/C/windows-networking.xml:445(para)
9312
9337
msgid ""
9313
9338
"First, install the <application>libpam-smbpass</application> package which "
9314
9339
"will sync the system users to the Samba user database:"
9315
9340
msgstr ""
9316
9341
"首先安装软件包 <application>libpam-smbpass</application> 同步系统用户与 Samba 用户数据库:"
9317
9342
9318
#: serverguide/C/samba.xml:451(command)
9343
#: serverguide/C/windows-networking.xml:451(command)
9319
9344
msgid "sudo apt-get install libpam-smbpass"
9320
9345
msgstr "sudo apt-get install libpam-smbpass"
9321
9346
9322
#: serverguide/C/samba.xml:455(para)
9347
#: serverguide/C/windows-networking.xml:455(para)
9323
9348
msgid ""
9324
9349
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
9325
9350
"<application>libpam-smbpass</application> is already installed."
9327
9352
"如果你在安装过程中选择 <emphasis>Samba Server</emphasis> 任务则软件包 <application>libpam-"
9328
9353
"smbpass</application> 就已经安装在系统中。"
9329
9354
9330
#: serverguide/C/samba.xml:461(para)
9355
#: serverguide/C/windows-networking.xml:461(para)
9331
9356
msgid ""
9332
9357
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
9333
9358
"<emphasis>[share]</emphasis> section change:"
9335
9360
"编辑<filename>/etc/samba/smb.conf</filename>,并且在<emphasis>[share]</emphasis>区域更"
9336
9361
"改:"
9337
9362
9338
#: serverguide/C/samba.xml:465(programlisting)
9363
#: serverguide/C/windows-networking.xml:465(programlisting)
9339
9364
#, no-wrap
9340
9365
msgid ""
9341
9366
"\n"
9344
9369
"\n"
9345
9370
" 来宾就绪=no\n"
9346
9371
9347
#: serverguide/C/samba.xml:469(para)
9372
#: serverguide/C/windows-networking.xml:469(para)
9348
9373
msgid "Finally, restart Samba for the new settings to take effect:"
9349
9374
msgstr "最后,为使得新设定生效,请重启Samba"
9350
9375
9351
#: serverguide/C/samba.xml:478(para)
9376
#: serverguide/C/windows-networking.xml:478(para)
9352
9377
msgid ""
9353
9378
"Now when connecting to the shared directories or printers you should be "
9354
9379
"prompted for a username and password."
9355
9380
msgstr "当连接到共享的目录或打印机时,您需要一个用户名和密码。"
9356
9381
9357
#: serverguide/C/samba.xml:483(para)
9382
#: serverguide/C/windows-networking.xml:483(para)
9358
9383
msgid ""
9359
9384
"If you choose to map a network drive to the share you can check the "
9360
9385
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
9363
9388
"如果你选择要映射一个网络驱动器,那么你可以选择<quote>Reconnect at Logon</quote> "
9364
9389
"复选框,并且只需输入一次用户名和密码。至少在密码不变的情况下。"
9365
9390
9366
#: serverguide/C/samba.xml:491(title)
9391
#: serverguide/C/windows-networking.xml:491(title)
9367
9392
msgid "Share Security"
9368
9393
msgstr "共享安全"
9369
9394
9370
#: serverguide/C/samba.xml:493(para)
9395
#: serverguide/C/windows-networking.xml:493(para)
9371
9396
msgid ""
9372
9397
"There are several options available to increase the security for each "
9373
9398
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
9374
9399
"this section will cover some common options."
9375
9400
msgstr "有几个选项可以为每个共享目录增强安全性。以 <emphasis>[share]</emphasis> 为例,这节中包括了一些常见的选项。"
9376
9401
9377
#: serverguide/C/samba.xml:499(title)
9402
#: serverguide/C/windows-networking.xml:499(title)
9378
9403
msgid "Groups"
9379
9404
msgstr "组"
9380
9405
9381
#: serverguide/C/samba.xml:501(para)
9406
#: serverguide/C/windows-networking.xml:501(para)
9382
9407
msgid ""
9383
9408
"Groups define a collection of computers or users which have a common level "
9384
9409
"of access to particular network resources and offer a level of granularity "
9412
9437
"role=\"italic\">qa</emphasis> 和 <emphasis role=\"italic\">support</emphasis> "
9413
9438
"两个组,所以她能够访问配置为两个组访问的资源,而所有其他用户则只能访问明确允许其所属组访问的资源。"
9414
9439
9415
#: serverguide/C/samba.xml:515(para)
9440
#: serverguide/C/windows-networking.xml:515(para)
9416
9441
msgid ""
9417
9442
"By default Samba looks for the local system groups defined in "
9418
9443
"<filename>/etc/group</filename> to determine which users belong to which "
9422
9447
"默认的 Samba 会查找本地系统组文件 <filename>/etc/group</filename> "
9423
9448
"以确定哪些用户属于哪些用户组。欲了解更多有关添加和删除用户组请访问 <xref linkend=\"adding-deleting-users\"/>."
9424
9449
9425
#: serverguide/C/samba.xml:521(para)
9450
#: serverguide/C/windows-networking.xml:521(para)
9426
9451
msgid ""
9427
9452
"When defining groups in the Samba configuration file, "
9428
9453
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
9437
9462
"你就需要在文件 <filename>/etc/samba/smb.conf</filename>中相关的章节下输入组的名字比如 <emphasis "
9438
9463
"role=\"bold\">@sysadmin</emphasis>。"
9439
9464
9440
#: serverguide/C/samba.xml:530(title)
9465
#: serverguide/C/windows-networking.xml:530(title)
9441
9466
msgid "File Permissions"
9442
9467
msgstr "文件权限"
9443
9468
9444
#: serverguide/C/samba.xml:532(para)
9469
#: serverguide/C/windows-networking.xml:532(para)
9445
9470
msgid ""
9446
9471
"File Permissions define the explicit rights a computer or user has to a "
9447
9472
"particular directory, file, or set of files. Such permissions may be defined "
9451
9476
"文件权限清楚的表明了计算机或者用户对特定目录所拥有的权力。这种权限的定义可以通过编辑文件 "
9452
9477
"<filename>/etc/samba/smb.conf</filename>来确定一个共享文件的权限。"
9453
9478
9454
#: serverguide/C/samba.xml:538(para)
9479
#: serverguide/C/windows-networking.xml:538(para)
9455
9480
msgid ""
9456
9481
"For example, if you have defined a Samba share called "
9457
9482
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
9468
9493
"role=\"italic\">vincent</emphasis> 用户可以写共享。这样的话你需要编辑文件 "
9469
9494
"<filename>/etc/samba/smb.conf</filename> 在<emphasis>[share]</emphasis>下面添加:"
9470
9495
9471
#: serverguide/C/samba.xml:547(programlisting)
9496
#: serverguide/C/windows-networking.xml:547(programlisting)
9472
9497
#, no-wrap
9473
9498
msgid ""
9474
9499
"\n"
9479
9504
" read list = @qa\n"
9480
9505
" write list = @sysadmin, vincent\n"
9481
9506
9482
#: serverguide/C/samba.xml:552(para)
9507
#: serverguide/C/windows-networking.xml:552(para)
9483
9508
msgid ""
9484
9509
"Another possible Samba permission is to declare "
9485
9510
"<emphasis>administrative</emphasis> permissions to a particular shared "
9489
9514
msgstr ""
9490
9515
"另一种可能的Samba权限是为特定的共享资源声明一个管理权限。用户拥有管理权限后可以读,写或修改资源中的任何信息。用户被给予了明确的管理权限。"
9491
9516
9492
#: serverguide/C/samba.xml:558(para)
9517
#: serverguide/C/windows-networking.xml:558(para)
9493
9518
msgid ""
9494
9519
"For example, if you wanted to give the user <emphasis "
9495
9520
"role=\"italic\">melissa</emphasis> administrative permissions to the "
9501
9526
"<filename>/etc/samba/smb.conf</filename> 在<emphasis>[share]</emphasis> "
9502
9527
"节中添加如内容:"
9503
9528
9504
#: serverguide/C/samba.xml:565(programlisting)
9529
#: serverguide/C/windows-networking.xml:565(programlisting)
9505
9530
#, no-wrap
9506
9531
msgid ""
9507
9532
"\n"
9510
9535
"\n"
9511
9536
" 用户名=melissa\n"
9512
9537
9513
#: serverguide/C/samba.xml:569(para)
9538
#: serverguide/C/windows-networking.xml:569(para)
9514
9539
msgid ""
9515
9540
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
9516
9541
"the changes to take effect:"
9517
9542
msgstr "编辑<filename>/etc/samba/smb.conf</filename>以后请重启Samba使更改生效:"
9518
9543
9519
#: serverguide/C/samba.xml:579(para)
9544
#: serverguide/C/windows-networking.xml:579(para)
9520
9545
msgid ""
9521
9546
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
9522
9547
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
9526
9551
"list</emphasis>可以工作,Samba安全模式决不能设置成<emphasis role=\"italic\">security = "
9527
9552
"share</emphasis>"
9528
9553
9529
#: serverguide/C/samba.xml:585(para)
9554
#: serverguide/C/windows-networking.xml:585(para)
9530
9555
msgid ""
9531
9556
"Now that Samba has been configured to limit which groups have access to the "
9532
9557
"shared directory, the filesystem permissions need to be updated."
9533
9558
msgstr "Samba 已经配置为限定某些组对共享目录的访问,文件系统权限需要更新。"
9534
9559
9535
#: serverguide/C/samba.xml:590(para)
9560
#: serverguide/C/windows-networking.xml:590(para)
9536
9561
msgid ""
9537
9562
"Traditional Linux file permissions do not map well to Windows NT Access "
9538
9563
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
9544
9569
"以提供更细粒度的控制。例如,想要在 EXT3 文件系统中使用 ACLs <filename>/srv</filename>,只需编辑文件 "
9545
9570
"<filename>/etc/fstab</filename>,添加 <emphasis>acl</emphasis> 选项:"
9546
9571
9547
#: serverguide/C/samba.xml:597(programlisting)
9572
#: serverguide/C/windows-networking.xml:597(programlisting)
9548
9573
#, no-wrap
9549
9574
msgid ""
9550
9575
"\n"
9555
9580
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
9556
9581
"0 1\n"
9557
9582
9558
#: serverguide/C/samba.xml:601(para)
9583
#: serverguide/C/windows-networking.xml:601(para)
9559
9584
msgid "Then remount the partition:"
9560
9585
msgstr "然后重新挂载分区:"
9561
9586
9562
#: serverguide/C/samba.xml:606(command)
9587
#: serverguide/C/windows-networking.xml:606(command)
9563
9588
msgid "sudo mount -v -o remount /srv"
9564
9589
msgstr "sudo mount -v -o remount /srv"
9565
9590
9566
#: serverguide/C/samba.xml:610(para)
9591
#: serverguide/C/windows-networking.xml:610(para)
9567
9592
msgid ""
9568
9593
"The above example assumes <filename>/srv</filename> on a separate partition. "
9569
9594
"If <filename>/srv</filename>, or wherever you have configured your share "
9573
9598
"以上示例假设 <filename>/srv</filename> 在单独的分区。无论您配置的共享目录 <filename>/srv</filename> "
9574
9599
"在什么位置,只要它属于 <filename>/</filename> 分区,都可能需要重启。"
9575
9600
9576
#: serverguide/C/samba.xml:617(para)
9601
#: serverguide/C/windows-networking.xml:617(para)
9577
9602
msgid ""
9578
9603
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
9579
9604
"group will be given read, write, and execute permissions to "
9586
9611
"组需要给出读、写、执行的权限,而 <emphasis>qa</emphasis> 需要给出读与执行的权限,并且其文件应隶属于用户 "
9587
9612
"<emphasis>melissa</emphasis>。在终端中输入:"
9588
9613
9589
#: serverguide/C/samba.xml:625(command)
9614
#: serverguide/C/windows-networking.xml:625(command)
9590
9615
msgid "sudo chown -R melissa /srv/samba/share/"
9591
9616
msgstr "sudo chown -R melissa /srv/samba/share/"
9592
9617
9593
#: serverguide/C/samba.xml:626(command)
9618
#: serverguide/C/windows-networking.xml:626(command)
9594
9619
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
9595
9620
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
9596
9621
9597
#: serverguide/C/samba.xml:627(command)
9622
#: serverguide/C/windows-networking.xml:627(command)
9598
9623
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
9599
9624
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
9600
9625
9601
#: serverguide/C/samba.xml:631(para)
9626
#: serverguide/C/windows-networking.xml:631(para)
9602
9627
msgid ""
9603
9628
"The <application>setfacl</application> command above gives "
9604
9629
"<emphasis>execute</emphasis> permissions to all files in the "
9609
9634
"<filename>/srv/samba/share</filename> 下所有文件给予 <emphasis>执行</emphasis> "
9610
9635
"的权限,这可能并不是您所希望的。"
9611
9636
9612
#: serverguide/C/samba.xml:637(para)
9637
#: serverguide/C/windows-networking.xml:637(para)
9613
9638
msgid ""
9614
9639
"Now from a Windows client you should notice the new file permissions are "
9615
9640
"implemented. See the <application>acl</application> and "
9619
9644
"现在,通过使用Windows客户端,你应该注意到新的文件的权限开始应用了。想了解更多关于POSIX ACLs的信息请使用 man 命令查看 "
9620
9645
"<application>acl</application> 和 <application>setfacl</application>程序的帮助文档。"
9621
9646
9622
#: serverguide/C/samba.xml:645(title)
9647
#: serverguide/C/windows-networking.xml:645(title)
9623
9648
msgid "Samba AppArmor Profile"
9624
9649
msgstr "Samba AppArmor 策略"
9625
9650
9626
#: serverguide/C/samba.xml:647(para)
9651
#: serverguide/C/windows-networking.xml:647(para)
9627
9652
msgid ""
9628
9653
"Ubuntu comes with the <application>AppArmor</application> security module, "
9629
9654
"which provides mandatory access controls. The default AppArmor profile for "
9634
9659
"安全模块,提供必须的访问控制功能。为符合您的配置,需要对默认的 Samba AppArmor 策略做些修改。详情使用 AppArmor,请参考 "
9635
9660
"<xref linkend=\"apparmor\"/>。"
9636
9661
9637
#: serverguide/C/samba.xml:653(para)
9662
#: serverguide/C/windows-networking.xml:653(para)
9638
9663
msgid ""
9639
9664
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
9640
9665
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
9645
9670
"Samba 守护进程的两个程序,它们默认的 AppArmor 策略,包含在 <application>apparmor-"
9646
9671
"profiles</application> 软件包,要安装这个包,在终端命令行中输入:"
9647
9672
9648
#: serverguide/C/samba.xml:660(command)
9673
#: serverguide/C/windows-networking.xml:660(command)
9649
9674
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
9650
9675
msgstr "sudo apt-get install apparmor-profiles apparmor-utils"
9651
9676
9652
#: serverguide/C/samba.xml:664(para)
9677
#: serverguide/C/windows-networking.xml:664(para)
9653
9678
msgid "This package contains profiles for several other binaries."
9654
9679
msgstr "这个软件包还带有其它一些程序的策略。"
9655
9680
9656
#: serverguide/C/samba.xml:669(para)
9681
#: serverguide/C/windows-networking.xml:669(para)
9657
9682
msgid ""
9658
9683
"By default the profiles for <application>smbd</application> and "
9659
9684
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
9668
9693
"<emphasis>enforce</emphasis> 的策略模式,以使得 Samba "
9669
9694
"如期望地工作,则默认的策略需要进行修改,以反映到每一个共享的目录。"
9670
9695
9671
#: serverguide/C/samba.xml:676(para)
9696
#: serverguide/C/windows-networking.xml:676(para)
9672
9697
msgid ""
9673
9698
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
9674
9699
"for <emphasis>[share]</emphasis> from the file server example:"
9676
9701
"例如,在文件服务器上添加 <emphasis>[share]</emphasis> 的标识信息,编辑 "
9677
9702
"<filename>/etc/apparmor.d/usr.sbin.smbd</filename>:"
9678
9703
9679
#: serverguide/C/samba.xml:681(programlisting)
9704
#: serverguide/C/windows-networking.xml:681(programlisting)
9680
9705
#, no-wrap
9681
9706
msgid ""
9682
9707
"\n"
9687
9712
" /srv/samba/share/ r,\n"
9688
9713
" /srv/samba/share/** rwkix,\n"
9689
9714
9690
#: serverguide/C/samba.xml:686(para)
9715
#: serverguide/C/windows-networking.xml:686(para)
9691
9716
msgid ""
9692
9717
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
9693
9718
msgstr "切换到 <emphasis>enforce</emphasis> 的策略模式,并重新加载:"
9694
9719
9695
#: serverguide/C/samba.xml:691(command)
9720
#: serverguide/C/windows-networking.xml:691(command)
9696
9721
msgid "sudo aa-enforce /usr/sbin/smbd"
9697
9722
msgstr "sudo aa-enforce /usr/sbin/smbd"
9698
9723
9699
#: serverguide/C/samba.xml:692(command)
9724
#: serverguide/C/windows-networking.xml:692(command)
9700
9725
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
9701
9726
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
9702
9727
9703
#: serverguide/C/samba.xml:695(para)
9728
#: serverguide/C/windows-networking.xml:695(para)
9704
9729
msgid ""
9705
9730
"You should now be able to read, write, and execute files in the shared "
9706
9731
"directory as normal, and the <application>smbd</application> binary will "
9712
9737
"程序将仅会访问配置文件和目录。请确定添加要让 Samba 共享的每个目录。同时,任何的错误会被记录在 "
9713
9738
"<filename>/var/log/syslog</filename>。"
9714
9739
9715
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
9740
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
9716
9741
msgid ""
9717
9742
"O'Reilly's <ulink "
9718
9743
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
9722
9747
"url=\"http://www.oreilly.com/catalog/9780596007690/\">使用Samba</ulink>也是一本不错的参"
9723
9748
"考书。"
9724
9749
9725
#: serverguide/C/samba.xml:726(para)
9750
#: serverguide/C/windows-networking.xml:726(para)
9726
9751
msgid ""
9727
9752
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
9728
9753
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
9731
9756
"Samba HOWTO集锦的<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9732
9757
"Collection/securing-samba.html\">第18章</ulink>主要致力于安全问题。"
9733
9758
9734
#: serverguide/C/samba.xml:732(para)
9759
#: serverguide/C/windows-networking.xml:732(para)
9735
9760
msgid ""
9736
9761
"For more information on Samba and ACLs see the <ulink "
9737
9762
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9744
9769
msgid "As a Domain Controller"
9745
9770
msgstr ""
9746
9771
9747
#: serverguide/C/samba.xml:750(para)
9772
#: serverguide/C/windows-networking.xml:750(para)
9748
9773
msgid ""
9749
9774
"Although it cannot act as an Active Directory Primary Domain Controller "
9750
9775
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
9755
9780
"虽然 Samba 服务器不能作为活动目录主域控制器( PDC),但可以配置为类似 Windows NT4 "
9756
9781
"风格的域控制器,该配置的主要优势在于能够集中用户和计算机证书。 此外,Samba 可以使用多种后端用于存储用户信息。"
9757
9782
9758
#: serverguide/C/samba.xml:757(title)
9783
#: serverguide/C/windows-networking.xml:757(title)
9759
9784
msgid "Primary Domain Controller"
9760
9785
msgstr "主域控制器"
9761
9786
9762
#: serverguide/C/samba.xml:759(para)
9787
#: serverguide/C/windows-networking.xml:759(para)
9763
9788
msgid ""
9764
9789
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
9765
9790
"using the default smbpasswd backend."
9766
9791
msgstr "本节内容涉及使用默认的 smbpasswd 后端配置 Samba 作为主域控制器(PDC)。"
9767
9792
9768
#: serverguide/C/samba.xml:766(para)
9793
#: serverguide/C/windows-networking.xml:766(para)
9769
9794
msgid ""
9770
9795
"First, install Samba, and <application>libpam-smbpass</application> to sync "
9771
9796
"the user accounts, by entering the following in a terminal prompt:"
9773
9798
"首先,安装 Samba 和用于同步用户账号的软件包 <application>libpam-smbpass</application>。 "
9774
9799
"在终端命令行中输入如下:"
9775
9800
9776
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
9801
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
9777
9802
msgid "sudo apt-get install samba libpam-smbpass"
9778
9803
msgstr "sudo apt-get install samba libpam-smbpass"
9779
9804
9780
#: serverguide/C/samba.xml:778(para)
9805
#: serverguide/C/windows-networking.xml:778(para)
9781
9806
msgid ""
9782
9807
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
9783
9808
"The <emphasis>security</emphasis> mode should be set to <emphasis "
9788
9813
"其中,<emphasis>security</emphasis> 模式需要设置为 <emphasis "
9789
9814
"role=\"italic\">user</emphasis>; <emphasis>workgroup</emphasis> 设置为您的组织。"
9790
9815
9791
#: serverguide/C/samba.xml:793(para)
9816
#: serverguide/C/windows-networking.xml:793(para)
9792
9817
msgid ""
9793
9818
"In the commented <quote>Domains</quote> section add or uncomment the "
9794
9819
"following (the last line has been split to fit the format of this document):"
9795
9820
msgstr ""
9796
9821
9797
#: serverguide/C/samba.xml:797(programlisting)
9822
#: serverguide/C/windows-networking.xml:797(programlisting)
9798
9823
#, no-wrap
9799
9824
msgid ""
9800
9825
"\n"
9807
9832
" /var/lib/samba -s /bin/false %u\n"
9808
9833
msgstr ""
9809
9834
9810
#: serverguide/C/samba.xml:808(para)
9835
#: serverguide/C/windows-networking.xml:808(para)
9811
9836
msgid ""
9812
9837
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
9813
9838
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
9816
9841
"如果您不想使用 <emphasis>漫游式的配置文件</emphasis>,将 <emphasis>logon home</emphasis> 和 "
9817
9842
"<emphasis>logon path</emphasis> 选项注释掉即可。"
9818
9843
9819
#: serverguide/C/samba.xml:816(para)
9844
#: serverguide/C/windows-networking.xml:816(para)
9820
9845
msgid ""
9821
9846
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
9822
9847
"Samba to act as a domain controller."
9823
9848
msgstr ""
9824
9849
"<emphasis>domain logons:</emphasis> 提供 netlogon 服务,使得 Samba 服务器成为域控制器。"
9825
9850
9826
#: serverguide/C/samba.xml:821(para)
9851
#: serverguide/C/windows-networking.xml:821(para)
9827
9852
msgid ""
9828
9853
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9829
9854
"their home directory. It is also possible to configure a "
9833
9858
"<emphasis>logon path:</emphasis> 存放用户的 Windows 配置文件到其主目录。 也可以创建一个 "
9834
9859
"<emphasis>[profiles]</emphasis> 将所有用户的 Windows 配置文件存放到统一的目录。"
9835
9860
9836
#: serverguide/C/samba.xml:827(para)
9861
#: serverguide/C/windows-networking.xml:827(para)
9837
9862
msgid ""
9838
9863
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9839
9864
msgstr "<emphasis>logon drive:</emphasis> 指定主目录本地路径。"
9840
9865
9841
#: serverguide/C/samba.xml:832(para)
9866
#: serverguide/C/windows-networking.xml:832(para)
9842
9867
msgid ""
9843
9868
"<emphasis>logon home:</emphasis> specifies the home directory location."
9844
9869
msgstr "<emphasis>logon home:</emphasis> 指定主目录的位置。"
9845
9870
9846
#: serverguide/C/samba.xml:837(para)
9871
#: serverguide/C/windows-networking.xml:837(para)
9847
9872
msgid ""
9848
9873
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9849
9874
"once a user has logged in. The script needs to be placed in the "
9852
9877
"<emphasis>logon script:</emphasis> 当用户登陆时,在其本地执行的脚本。 脚本必须存放在 "
9853
9878
"<emphasis>[netlogon]</emphasis> 共享当中。"
9854
9879
9855
#: serverguide/C/samba.xml:843(para)
9880
#: serverguide/C/windows-networking.xml:843(para)
9856
9881
msgid ""
9857
9882
"<emphasis>add machine script:</emphasis> a script that will automatically "
9858
9883
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9861
9886
"<emphasis>add machine script:</emphasis> 为工作站加入域而自动创建 "
9862
9887
"<emphasis>系统信任账户</emphasis> 的脚本。"
9863
9888
9864
#: serverguide/C/samba.xml:847(para)
9889
#: serverguide/C/windows-networking.xml:847(para)
9865
9890
msgid ""
9866
9891
"In this example the <emphasis>machines</emphasis> group will need to be "
9867
9892
"created using the <application>addgroup</application> utility see <xref "
9871
9896
"<emphasis>machines</emphasis> 组。 请参考 <xref linkend=\"adding-deleting-"
9872
9897
"users\"/>。"
9873
9898
9874
#: serverguide/C/samba.xml:858(para)
9899
#: serverguide/C/windows-networking.xml:858(para)
9875
9900
msgid ""
9876
9901
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9877
9902
"role=\"italic\">logon home</emphasis> to be mapped:"
9879
9904
"为使得 <emphasis role=\"italic\">logon home</emphasis> 被正确映射到,需要对 "
9880
9905
"<emphasis>[homes]</emphasis> 共享设置取消注释。"
9881
9906
9882
#: serverguide/C/samba.xml:863(programlisting)
9907
#: serverguide/C/windows-networking.xml:863(programlisting)
9883
9908
#, no-wrap
9884
9909
msgid ""
9885
9910
"\n"
9900
9925
" directory mask = 0700\n"
9901
9926
" valid users = %S\n"
9902
9927
9903
#: serverguide/C/samba.xml:876(para)
9928
#: serverguide/C/windows-networking.xml:876(para)
9904
9929
msgid ""
9905
9930
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9906
9931
"share needs to be configured. To enable the share, uncomment:"
9907
9932
msgstr ""
9908
9933
"当配置为域控制器时,<emphasis>[netlogon]</emphasis> 共享设置需要开启。 要开启该共享设置,则需要取消注释,使得其内容如下:"
9909
9934
9910
#: serverguide/C/samba.xml:881(programlisting)
9935
#: serverguide/C/windows-networking.xml:881(programlisting)
9911
9936
#, no-wrap
9912
9937
msgid ""
9913
9938
"\n"
9926
9951
" read only = yes\n"
9927
9952
" share modes = no\n"
9928
9953
9929
#: serverguide/C/samba.xml:891(para)
9954
#: serverguide/C/windows-networking.xml:891(para)
9930
9955
msgid ""
9931
9956
"The original <emphasis>netlogon</emphasis> share path is "
9932
9957
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9939
9964
"url=\"http://www.pathname.com/fhs/pub/fhs-"
9940
9965
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> 是站点特定数据的合适位置。"
9941
9966
9942
#: serverguide/C/samba.xml:902(para)
9967
#: serverguide/C/windows-networking.xml:902(para)
9943
9968
msgid ""
9944
9969
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9945
9970
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9947
9972
"创建 <filename role=\"directory\">netlogon</filename> 目录和一个暂时为空的脚本文件 "
9948
9973
"<filename>logon.cmd</filename>:"
9949
9974
9950
#: serverguide/C/samba.xml:908(command)
9975
#: serverguide/C/windows-networking.xml:908(command)
9951
9976
msgid "sudo mkdir -p /srv/samba/netlogon"
9952
9977
msgstr "sudo mkdir -p /srv/samba/netlogon"
9953
9978
9954
#: serverguide/C/samba.xml:909(command)
9979
#: serverguide/C/windows-networking.xml:909(command)
9955
9980
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9956
9981
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9957
9982
9958
#: serverguide/C/samba.xml:912(para)
9983
#: serverguide/C/windows-networking.xml:912(para)
9959
9984
msgid ""
9960
9985
"You can enter any normal Windows logon script commands in "
9961
9986
"<filename>logon.cmd</filename> to customize the client's environment."
9962
9987
msgstr ""
9963
9988
"您可以在 <filename>logon.cmd</filename> 中输入任何 Windows 登陆的脚本命令,用以定制客户的工作环境。"
9964
9989
9965
#: serverguide/C/samba.xml:920(para)
9990
#: serverguide/C/windows-networking.xml:920(para)
9966
9991
msgid "Restart Samba to enable the new domain controller:"
9967
9992
msgstr "重启 Samba,启用新的域控制器:"
9968
9993
9969
#: serverguide/C/samba.xml:932(para)
9994
#: serverguide/C/windows-networking.xml:932(para)
9970
9995
msgid ""
9971
9996
"Lastly, there are a few additional commands needed to setup the appropriate "
9972
9997
"rights."
9973
9998
msgstr ""
9974
9999
9975
#: serverguide/C/samba.xml:936(para)
10000
#: serverguide/C/windows-networking.xml:936(para)
9976
10001
msgid ""
9977
10002
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9978
10003
"workstation to the domain, a system group needs to be mapped to the Windows "
9983
10008
"<emphasis>Domain Admins</emphasis> 组。 可以使用工具 "
9984
10009
"<application>net</application>,在终端输入:"
9985
10010
9986
#: serverguide/C/samba.xml:943(command)
10011
#: serverguide/C/windows-networking.xml:943(command)
9987
10012
msgid ""
9988
10013
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9989
10014
"type=d"
9991
10016
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9992
10017
"type=d"
9993
10018
9994
#: serverguide/C/samba.xml:947(para)
10019
#: serverguide/C/windows-networking.xml:947(para)
9995
10020
msgid ""
9996
10021
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9997
10022
"prefer. Also, the user used to join the domain needs to be a member of the "
10004
10029
"<emphasis>admin</emphasis> 组的成员,因为 <emphasis>admin</emphasis> 组可以使用 "
10005
10030
"<application>sudo</application> 命令。"
10006
10031
10007
#: serverguide/C/samba.xml:953(para)
10032
#: serverguide/C/windows-networking.xml:953(para)
10008
10033
msgid ""
10009
10034
"If the user does not have Samba credentials yet, you can add them with the "
10010
10035
"<application>smbpasswd</application> utility, change the "
10013
10038
"</screen>"
10014
10039
msgstr ""
10015
10040
10016
#: serverguide/C/samba.xml:963(para)
10041
#: serverguide/C/windows-networking.xml:963(para)
10017
10042
msgid ""
10018
10043
"Also, rights need to be explicitly provided to the <emphasis>Domain "
10019
10044
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
10020
10045
"(and other admin functions) to work. This is achieved by executing:"
10021
10046
msgstr ""
10022
10047
10023
#: serverguide/C/samba.xml:968(command)
10048
#: serverguide/C/windows-networking.xml:968(command)
10024
10049
msgid ""
10025
10050
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
10026
10051
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
10027
10052
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
10028
10053
msgstr ""
10029
10054
10030
#: serverguide/C/samba.xml:976(para)
10055
#: serverguide/C/windows-networking.xml:976(para)
10031
10056
msgid ""
10032
10057
"You should now be able to join Windows clients to the Domain in the same "
10033
10058
"manner as joining them to an NT4 domain running on a Windows server."
10034
10059
msgstr "现在,您可以将 Windows 客户加入到域,正如将它们加入到运行在 Windows 服务器上的 NT4 域。"
10035
10060
10036
#: serverguide/C/samba.xml:986(title)
10061
#: serverguide/C/windows-networking.xml:986(title)
10037
10062
msgid "Backup Domain Controller"
10038
10063
msgstr "备份域控制器"
10039
10064
10040
#: serverguide/C/samba.xml:988(para)
10065
#: serverguide/C/windows-networking.xml:988(para)
10041
10066
msgid ""
10042
10067
"With a Primary Domain Controller (PDC) on the network it is best to have a "
10043
10068
"Backup Domain Controller (BDC) as well. This will allow clients to "
10044
10069
"authenticate in case the PDC becomes unavailable."
10045
10070
msgstr "网络有了主域控制器(PDC),最好也有个备份的域控制器(BDC),这样,一旦 PDC 不可用,还可以使用 BDC 进行客户认证。"
10046
10071
10047
#: serverguide/C/samba.xml:993(para)
10072
#: serverguide/C/windows-networking.xml:993(para)
10048
10073
msgid ""
10049
10074
"When configuring Samba as a BDC you need a way to sync account information "
10050
10075
"with the PDC. There are multiple ways of accomplishing this "
10057
10082
"<application>rsync</application> 或者使用 <application>LDAP</application> 作为 "
10058
10083
"<emphasis>passdb 后端</emphasis>。"
10059
10084
10060
#: serverguide/C/samba.xml:999(para)
10085
#: serverguide/C/windows-networking.xml:999(para)
10061
10086
msgid ""
10062
10087
"Using LDAP is the most robust way to sync account information, because both "
10063
10088
"domain controllers can use the same information in real time. However, "
10067
10092
"使用 LDAP 同步帐户信息是最稳健的做法,因为 PDC 和 BDC 都可以实时地使用相同的信息。然而,对于为数不多的用户和计算机帐户,配置 LDAP "
10068
10093
"服务器会可能过于繁琐。"
10069
10094
10070
#: serverguide/C/samba.xml:1008(para)
10095
#: serverguide/C/windows-networking.xml:1008(para)
10071
10096
msgid ""
10072
10097
"First, install <application>samba</application> and <application>libpam-"
10073
10098
"smbpass</application>. From a terminal enter:"
10075
10100
"首先,安装 <application>samba</application> 和 <application>libpam-"
10076
10101
"smbpass</application>。 在终端中输入:"
10077
10102
10078
#: serverguide/C/samba.xml:1019(para)
10103
#: serverguide/C/windows-networking.xml:1019(para)
10079
10104
msgid ""
10080
10105
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
10081
10106
"following in the <emphasis>[global]</emphasis>:"
10083
10108
"编辑 <filename>/etc/samba/smb.conf</filename>,取消注释 "
10084
10109
"<emphasis>[global]</emphasis> 中如下项:"
10085
10110
10086
#: serverguide/C/samba.xml:1032(para)
10111
#: serverguide/C/windows-networking.xml:1032(para)
10087
10112
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
10088
10113
msgstr "对被注释掉的 <emphasis>Domains</emphasis> 项进行取消注释,或者,如果没有该项则进行添加:"
10089
10114
10090
#: serverguide/C/samba.xml:1036(programlisting)
10115
#: serverguide/C/windows-networking.xml:1036(programlisting)
10091
10116
#, no-wrap
10092
10117
msgid ""
10093
10118
"\n"
10098
10123
" domain logons = yes\n"
10099
10124
" domain master = no\n"
10100
10125
10101
#: serverguide/C/samba.xml:1044(para)
10126
#: serverguide/C/windows-networking.xml:1044(para)
10102
10127
msgid ""
10103
10128
"Make sure a user has rights to read the files in "
10104
10129
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
10109
10134
"<emphasis>admin</emphasis> 组的用户可以 <application>scp</application> "
10110
10135
"其中的文件,在终端输入命令:"
10111
10136
10112
#: serverguide/C/samba.xml:1050(command)
10137
#: serverguide/C/windows-networking.xml:1050(command)
10113
10138
msgid "sudo chgrp -R admin /var/lib/samba"
10114
10139
msgstr "sudo chgrp -R admin /var/lib/samba"
10115
10140
10116
#: serverguide/C/samba.xml:1056(para)
10141
#: serverguide/C/windows-networking.xml:1056(para)
10117
10142
msgid ""
10118
10143
"Next, sync the user accounts, using <application>scp</application> to copy "
10119
10144
"the <filename>/var/lib/samba</filename> directory from the PDC:"
10121
10146
"接下来,同步用户帐号。 使用 <application>scp</application> 从 PDC 上拷贝 目录 "
10122
10147
"<filename>/var/lib/samba</filename>:"
10123
10148
10124
#: serverguide/C/samba.xml:1062(command)
10149
#: serverguide/C/windows-networking.xml:1062(command)
10125
10150
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
10126
10151
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
10127
10152
10128
#: serverguide/C/samba.xml:1066(para)
10153
#: serverguide/C/windows-networking.xml:1066(para)
10129
10154
msgid ""
10130
10155
"Replace <emphasis>username</emphasis> with a valid username and "
10131
10156
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
10133
10158
"使用一个合法的用户名替换 <emphasis>username</emphasis>,并使用实际的 PDC 主机名或其 IP 地址替换 "
10134
10159
"<emphasis>pdc</emphasis>。"
10135
10160
10136
#: serverguide/C/samba.xml:1075(para)
10161
#: serverguide/C/windows-networking.xml:1075(para)
10137
10162
msgid "Finally, restart <application>samba</application>:"
10138
10163
msgstr "最后, 重启 <application>samba</application>:"
10139
10164
10140
#: serverguide/C/samba.xml:1087(para)
10165
#: serverguide/C/windows-networking.xml:1087(para)
10141
10166
msgid ""
10142
10167
"You can test that your Backup Domain controller is working by stopping the "
10143
10168
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
10144
10169
"the domain."
10145
10170
msgstr "您可以这样来测试备份域控制器是否正确工作:在 PDC 上停止 Samba 守护进程,然后偿试登陆到一台加入域的 Windows 客户机。"
10146
10171
10147
#: serverguide/C/samba.xml:1092(para)
10172
#: serverguide/C/windows-networking.xml:1092(para)
10148
10173
msgid ""
10149
10174
"Another thing to keep in mind is if you have configured the <emphasis>logon "
10150
10175
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
10156
10181
"无法访问时,则用户的 <emphasis>Home</emphasis> 位置也将无法访问。 出于这个原因,最好将 <emphasis>logon "
10157
10182
"home</emphasis> 配置为驻留在 PDC 和 BDC 之外独立的文件服务器上。"
10158
10183
10159
#: serverguide/C/samba.xml:1122(para)
10184
#: serverguide/C/windows-networking.xml:1122(para)
10160
10185
msgid ""
10161
10186
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
10162
10187
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
10165
10190
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
10166
10191
"pdc.html\">第 4 章</ulink> 关于配置 Samba 为主域控制器的 HOWTO 收集。"
10167
10192
10168
#: serverguide/C/samba.xml:1128(para)
10193
#: serverguide/C/windows-networking.xml:1128(para)
10169
10194
msgid ""
10170
10195
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
10171
10196
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
10178
10203
msgid "Active Directory Integration"
10179
10204
msgstr ""
10180
10205
10181
#: serverguide/C/samba.xml:1146(title)
10206
#: serverguide/C/windows-networking.xml:1146(title)
10182
10207
msgid "Accessing a Samba Share"
10183
10208
msgstr "访问 Samba 共享"
10184
10209
10185
#: serverguide/C/samba.xml:1148(para)
10210
#: serverguide/C/windows-networking.xml:1148(para)
10186
10211
msgid ""
10187
10212
"Another, use for Samba is to integrate into an existing Windows network. "
10188
10213
"Once part of an Active Directory domain, Samba can provide file and print "
10203
10228
"Support/Downloads/files/pbiso/Manuals/ubuntu-active-directory.html\"> "
10204
10229
"Likewise Open文档</ulink>。"
10205
10230
10206
#: serverguide/C/samba.xml:1159(para)
10231
#: serverguide/C/windows-networking.xml:1159(para)
10207
10232
msgid ""
10208
10233
"Once part of the Active Directory domain, enter the following command in the "
10209
10234
"terminal prompt:"
10210
10235
msgstr "成为\"活动目录\"的一部分后,在终端提示符处输入以下命令:"
10211
10236
10212
#: serverguide/C/samba.xml:1164(command)
10237
#: serverguide/C/windows-networking.xml:1164(command)
10213
10238
msgid "sudo apt-get install samba smbfs smbclient"
10214
10239
msgstr "sudo apt-get install samba smbfs smbclient"
10215
10240
10216
#: serverguide/C/samba.xml:1167(para)
10241
#: serverguide/C/windows-networking.xml:1167(para)
10217
10242
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
10218
10243
msgstr "下一步,编辑 <filename>/etc/samba/smb.conf</filename>,修改:"
10219
10244
10220
#: serverguide/C/samba.xml:1171(programlisting)
10245
#: serverguide/C/windows-networking.xml:1171(programlisting)
10221
10246
#, no-wrap
10222
10247
msgid ""
10223
10248
"\n"
10240
10265
" idmap uid = 50-9999999999\n"
10241
10266
" idmap gid = 50-9999999999\n"
10242
10267
10243
#: serverguide/C/samba.xml:1182(para)
10268
#: serverguide/C/windows-networking.xml:1182(para)
10244
10269
msgid ""
10245
10270
"Restart <application>samba</application> for the new settings to take effect:"
10246
10271
msgstr "重启<application>samba</application>为新的设置生效:"
10247
10272
10248
#: serverguide/C/samba.xml:1191(para)
10273
#: serverguide/C/windows-networking.xml:1191(para)
10249
10274
msgid ""
10250
10275
"You should now be able to access any <application>Samba</application> shares "
10251
10276
"from a Windows client. However, be sure to give the appropriate AD users or "
10255
10280
"现在你应该能够从 Windows 客户端访问任何<application>Samba</application>共享了。但是,一定要给 AD "
10256
10281
"用户或者组分配合适的共享目录。请参考<xref linkend=\"samba-fileprint-security\"/>获得更多详细信息。"
10257
10282
10258
#: serverguide/C/samba.xml:1199(title)
10283
#: serverguide/C/windows-networking.xml:1199(title)
10259
10284
msgid "Accessing a Windows Share"
10260
10285
msgstr "访问 Windows 共享文件"
10261
10286
10262
#: serverguide/C/samba.xml:1201(para)
10287
#: serverguide/C/windows-networking.xml:1201(para)
10263
10288
msgid ""
10264
10289
"Now that the Samba server is part of the Active Directory domain you can "
10265
10290
"access any Windows server shares:"
10266
10291
msgstr "Samba 已经是活动目录域的一部分,您可以任意访问 Windows 的共享:"
10267
10292
10268
#: serverguide/C/samba.xml:1208(para)
10293
#: serverguide/C/windows-networking.xml:1208(para)
10269
10294
msgid ""
10270
10295
"To mount a Windows file share enter the following in a terminal prompt:"
10271
10296
msgstr "挂载 Windows 文件共享,在终端命令行中输入:"
10272
10297
10273
#: serverguide/C/samba.xml:1212(command)
10298
#: serverguide/C/windows-networking.xml:1212(command)
10274
10299
msgid "mount.cifs //fs01.example.com/share mount_point"
10275
10300
msgstr "mount.cifs //fs01.example.com/share mount_point"
10276
10301
10277
#: serverguide/C/samba.xml:1215(para)
10302
#: serverguide/C/windows-networking.xml:1215(para)
10278
10303
msgid ""
10279
10304
"It is also possible to access shares on computers not part of an AD domain, "
10280
10305
"but a username and password will need to be provided."
10281
10306
msgstr "也可访问非活动域的计算机,不过,需要提供用户名和密码。"
10282
10307
10283
#: serverguide/C/samba.xml:1223(para)
10308
#: serverguide/C/windows-networking.xml:1223(para)
10284
10309
msgid ""
10285
10310
"To mount the share during boot place an entry in "
10286
10311
"<filename>/etc/fstab</filename>, for example:"
10287
10312
msgstr "在系统启动时挂载共享,需要在 <filename>/etc/fstab</filename> 中添加相应项,例如:"
10288
10313
10289
#: serverguide/C/samba.xml:1227(programlisting)
10314
#: serverguide/C/windows-networking.xml:1227(programlisting)
10290
10315
#, no-wrap
10291
10316
msgid ""
10292
10317
"\n"
10297
10322
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
10298
10323
"0 0\n"
10299
10324
10300
#: serverguide/C/samba.xml:1234(para)
10325
#: serverguide/C/windows-networking.xml:1234(para)
10301
10326
msgid ""
10302
10327
"Another way to copy files from a Windows server is to use the "
10303
10328
"<application>smbclient</application> utility. To list the files in a Windows "
10306
10331
"从 Windows 服务器拷贝文件的另一种方法是使用 <application>smbclient</application> 程序。 列出 "
10307
10332
"Windows 共享的文件:"
10308
10333
10309
#: serverguide/C/samba.xml:1240(command)
10334
#: serverguide/C/windows-networking.xml:1240(command)
10310
10335
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
10311
10336
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
10312
10337
10313
#: serverguide/C/samba.xml:1246(para)
10338
#: serverguide/C/windows-networking.xml:1246(para)
10314
10339
msgid "To copy a file from the share, enter:"
10315
10340
msgstr "从共享中拷贝文件,输入:"
10316
10341
10317
#: serverguide/C/samba.xml:1251(command)
10342
#: serverguide/C/windows-networking.xml:1251(command)
10318
10343
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
10319
10344
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
10320
10345
10321
#: serverguide/C/samba.xml:1254(para)
10346
#: serverguide/C/windows-networking.xml:1254(para)
10322
10347
msgid ""
10323
10348
"This will copy the <filename>file.txt</filename> into the current directory."
10324
10349
msgstr "这将拷贝 <filename>file.txt</filename> 到当前目录。"
10325
10350
10326
#: serverguide/C/samba.xml:1261(para)
10351
#: serverguide/C/windows-networking.xml:1261(para)
10327
10352
msgid "And to copy a file to the share:"
10328
10353
msgstr "同时,拷贝文件到共享:"
10329
10354
10330
#: serverguide/C/samba.xml:1266(command)
10355
#: serverguide/C/windows-networking.xml:1266(command)
10331
10356
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
10332
10357
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
10333
10358
10334
#: serverguide/C/samba.xml:1269(para)
10359
#: serverguide/C/windows-networking.xml:1269(para)
10335
10360
msgid ""
10336
10361
"This will copy the <filename>/etc/hosts</filename> to "
10337
10362
"<filename>//fs01.example.com/share/hosts</filename>."
10339
10364
"它会将<filename>/etc/hosts</filename>复制到<filename>//fs01.example.com/share/hosts"
10340
10365
"</filename>."
10341
10366
10342
#: serverguide/C/samba.xml:1276(para)
10367
#: serverguide/C/windows-networking.xml:1276(para)
10343
10368
msgid ""
10344
10369
"The <emphasis>-c</emphasis> option used above allows you to execute the "
10345
10370
"<application>smbclient</application> command all at once. This is useful for "
10351
10376
"<application>smbclient</application> 命令,这有利于使用脚本及少量的文件操作。 <emphasis>smb: \\"
10352
10377
"></emphasis> 命令行类似于 FTP 命令行,您可以使用它进行普通的文件目录操作,要进入其命令行,只需执行:"
10353
10378
10354
#: serverguide/C/samba.xml:1283(command)
10379
#: serverguide/C/windows-networking.xml:1283(command)
10355
10380
msgid "smbclient //fs01.example.com/share -k"
10356
10381
msgstr "smbclient //fs01.example.com/share -k"
10357
10382
10358
#: serverguide/C/samba.xml:1290(para)
10383
#: serverguide/C/windows-networking.xml:1290(para)
10359
10384
msgid ""
10360
10385
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
10361
10386
"<emphasis>//192.168.0.5/share</emphasis>, "
10705
10730
"<application>Zentyal</application>."
10706
10731
msgstr ""
10707
10732
10708
#: serverguide/C/remote-administration.xml:16(title)
10733
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
10709
10734
msgid "OpenSSH Server"
10710
10735
msgstr "OpenSSH 服务器"
10711
10736
10912
10937
msgstr "要生成一个密钥,在终端提示符下输入:"
10913
10938
10914
10939
#: serverguide/C/remote-administration.xml:170(command)
10915
msgid "ssh-keygen -t dsa"
10916
msgstr "ssh-keygen -t dsa"
10940
msgid "ssh-keygen -t rsa"
10941
msgstr ""
10917
10942
10918
10943
#: serverguide/C/remote-administration.xml:172(para)
10919
10944
msgid ""
10920
"This will generate the keys using the <emphasis>Digital Signature Algorithm "
10921
"(DSA)</emphasis> method. During the process you will be prompted for a "
10922
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10923
"key."
10945
"This will generate the keys using the <emphasis>RSA Algorithm</emphasis>. "
10946
"During the process you will be prompted for a password. Simply hit "
10947
"<emphasis>Enter</emphasis> when prompted to create the key."
10924
10948
msgstr ""
10925
10949
10926
10950
#: serverguide/C/remote-administration.xml:176(para)
10927
10951
msgid ""
10928
10952
"By default the <emphasis>public</emphasis> key is saved in the file "
10929
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10930
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10931
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10953
"<filename>~/.ssh/id_rsa.pub</filename>, while "
10954
"<filename>~/.ssh/id_rsa</filename> is the <emphasis>private</emphasis> key. "
10955
"Now copy the <filename>id_rsa.pub</filename> file to the remote host and "
10932
10956
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10933
10957
msgstr ""
10934
10958
10996
11020
msgid "Preconfiguration"
10997
11021
msgstr ""
10998
11022
10999
#: serverguide/C/remote-administration.xml:236(para)
11023
#: serverguide/C/remote-administration.xml:256(para)
11000
11024
msgid ""
11001
11025
"Prior to configuring <application>puppet</application> you may want to add a "
11002
11026
"DNS <emphasis>CNAME</emphasis> record for "
11007
11031
"linkend=\"dns\"/> for more DNS details."
11008
11032
msgstr ""
11009
11033
11010
#: serverguide/C/remote-administration.xml:243(para)
11034
#: serverguide/C/remote-administration.xml:263(para)
11011
11035
msgid ""
11012
11036
"If you do not wish to use DNS, you can add entries to the server and client "
11013
11037
"<filename>/etc/hosts</filename> file. For example, in the "
11023
11047
"192.168.1.17 puppetclient.example.com puppetclient\n"
11024
11048
msgstr ""
11025
11049
11026
#: serverguide/C/remote-administration.xml:253(para)
11050
#: serverguide/C/remote-administration.xml:273(para)
11027
11051
msgid ""
11028
11052
"On each <application>Puppet</application> client, add an entry for the "
11029
11053
"server:"
11036
11060
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
11037
11061
msgstr ""
11038
11062
11039
#: serverguide/C/remote-administration.xml:262(para)
11063
#: serverguide/C/remote-administration.xml:282(para)
11040
11064
msgid ""
11041
11065
"Replace the example IP addresses and domain names above with your actual "
11042
11066
"server and client addresses and domain names."
11043
11067
msgstr ""
11044
11068
11045
#: serverguide/C/remote-administration.xml:271(para)
11069
#: serverguide/C/remote-administration.xml:236(para)
11046
11070
msgid ""
11047
11071
"To install <application>Puppet</application>, in a terminal on the "
11048
11072
"<emphasis>server</emphasis> enter:"
11049
11073
msgstr ""
11050
11074
11051
#: serverguide/C/remote-administration.xml:276(command)
11075
#: serverguide/C/remote-administration.xml:241(command)
11052
11076
msgid "sudo apt-get install puppetmaster"
11053
11077
msgstr ""
11054
11078
11055
#: serverguide/C/remote-administration.xml:279(para)
11079
#: serverguide/C/remote-administration.xml:244(para)
11056
11080
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
11057
11081
msgstr ""
11058
11082
11059
#: serverguide/C/remote-administration.xml:284(command)
11083
#: serverguide/C/remote-administration.xml:249(command)
11060
11084
msgid "sudo apt-get install puppet"
11061
11085
msgstr ""
11062
11086
11113
11137
"<application>Puppet</application> client's host name."
11114
11138
msgstr ""
11115
11139
11116
#: serverguide/C/remote-administration.xml:337(para)
11140
#: serverguide/C/remote-administration.xml:323(para)
11117
11141
msgid ""
11118
11142
"The final step for this simple <application>Puppet</application> server is "
11119
11143
"to restart the daemon:"
11123
11147
msgid "sudo service puppetmaster restart"
11124
11148
msgstr ""
11125
11149
11126
#: serverguide/C/remote-administration.xml:345(para)
11150
#: serverguide/C/remote-administration.xml:331(para)
11127
11151
msgid ""
11128
11152
"Now everything is configured on the <application>Puppet</application> "
11129
11153
"server, it is time to configure the client."
11136
11160
"<emphasis>START</emphasis> to yes:"
11137
11161
msgstr ""
11138
11162
11139
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
11163
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
11140
11164
#, no-wrap
11141
11165
msgid ""
11142
11166
"\n"
11145
11169
"\n"
11146
11170
"START=yes\n"
11147
11171
11148
#: serverguide/C/remote-administration.xml:358(para)
11172
#: serverguide/C/remote-administration.xml:344(para)
11149
11173
msgid "Then start the service:"
11150
11174
msgstr ""
11151
11175
11200
11224
"<application>Puppet</application> client."
11201
11225
msgstr ""
11202
11226
11203
#: serverguide/C/remote-administration.xml:406(para)
11227
#: serverguide/C/remote-administration.xml:366(para)
11204
11228
msgid ""
11205
11229
"This example is <emphasis>very</emphasis> simple, and does not highlight "
11206
11230
"many of <application>Puppet</application>'s features and benefits. For more "
11207
11231
"information see <xref linkend=\"puppet-resources\"/>."
11208
11232
msgstr ""
11209
11233
11210
#: serverguide/C/remote-administration.xml:418(para)
11234
#: serverguide/C/remote-administration.xml:378(para)
11211
11235
msgid ""
11212
11236
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
11213
11237
"Documentation</ulink> web site."
11219
11243
"online repository of puppet modules."
11220
11244
msgstr ""
11221
11245
11222
#: serverguide/C/remote-administration.xml:428(para)
11246
#: serverguide/C/remote-administration.xml:383(para)
11223
11247
msgid ""
11224
11248
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
11225
11249
"Puppet</ulink>."
11226
11250
msgstr ""
11227
11251
11228
#: serverguide/C/remote-administration.xml:437(title)
11252
#: serverguide/C/remote-administration.xml:397(title)
11229
11253
msgid "Zentyal"
11230
11254
msgstr ""
11231
11255
11232
#: serverguide/C/remote-administration.xml:439(para)
11256
#: serverguide/C/remote-administration.xml:399(para)
11233
11257
msgid ""
11234
11258
"<application>Zentyal</application> is a Linux small business server, that "
11235
11259
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
11256
11280
"them."
11257
11281
msgstr ""
11258
11282
11259
#: serverguide/C/remote-administration.xml:467(para)
11283
#: serverguide/C/remote-administration.xml:427(para)
11260
11284
msgid ""
11261
11285
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
11262
11286
"available are:"
11263
11287
msgstr ""
11264
11288
11265
#: serverguide/C/remote-administration.xml:474(para)
11289
#: serverguide/C/remote-administration.xml:434(para)
11266
11290
msgid ""
11267
11291
"zentyal-core & zentyal-common: the core of the "
11268
11292
"<application>Zentyal</application> interface and the common libraries of the "
11270
11294
"administrator an interface to view the logs and generate events from them."
11271
11295
msgstr ""
11272
11296
11273
#: serverguide/C/remote-administration.xml:483(para)
11297
#: serverguide/C/remote-administration.xml:443(para)
11274
11298
msgid ""
11275
11299
"zentyal-network: manages the configuration of the network. From the "
11276
11300
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
11285
11309
"services (e.g. HTTP instead of 80/TCP)."
11286
11310
msgstr ""
11287
11311
11288
#: serverguide/C/remote-administration.xml:498(para)
11312
#: serverguide/C/remote-administration.xml:458(para)
11289
11313
msgid ""
11290
11314
"zentyal-firewall: configures the <application>iptables</application> rules "
11291
11315
"to block forbiden connections, NAT and port redirections."
11292
11316
msgstr ""
11293
11317
11294
#: serverguide/C/remote-administration.xml:504(para)
11318
#: serverguide/C/remote-administration.xml:464(para)
11295
11319
msgid ""
11296
11320
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
11297
11321
"network clients to synchronize their clocks against the server."
11298
11322
msgstr ""
11299
11323
11300
#: serverguide/C/remote-administration.xml:510(para)
11324
#: serverguide/C/remote-administration.xml:470(para)
11301
11325
msgid ""
11302
11326
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
11303
11327
"supporting network ranges, static leases and other advanced options like "
11304
11328
"NTP, WINS, dynamic DNS updates and network boot with PXE."
11305
11329
msgstr ""
11306
11330
11307
#: serverguide/C/remote-administration.xml:517(para)
11331
#: serverguide/C/remote-administration.xml:477(para)
11308
11332
msgid ""
11309
11333
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
11310
11334
"your server for caching local queries as a forwarder or as an authoritative "
11312
11336
"and SRV records."
11313
11337
msgstr ""
11314
11338
11315
#: serverguide/C/remote-administration.xml:525(para)
11339
#: serverguide/C/remote-administration.xml:485(para)
11316
11340
msgid ""
11317
11341
"zentyal-ca: integrates the management of a Certification Authority within "
11318
11342
"Zentyal so users can use certificates to authenticate against the services, "
11319
11343
"like with <application>OpenVPN</application>."
11320
11344
msgstr ""
11321
11345
11322
#: serverguide/C/remote-administration.xml:532(para)
11346
#: serverguide/C/remote-administration.xml:492(para)
11323
11347
msgid ""
11324
11348
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
11325
11349
"<application>OpenVPN</application> with dynamic routing configuration using "
11326
11350
"<application>Quagga</application>."
11327
11351
msgstr ""
11328
11352
11329
#: serverguide/C/remote-administration.xml:539(para)
11353
#: serverguide/C/remote-administration.xml:499(para)
11330
11354
msgid ""
11331
11355
"zentyal-users: provides an interface to configure and manage users and "
11332
11356
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
11335
11359
"<application>Microsoft Active Directory</application> domain."
11336
11360
msgstr ""
11337
11361
11338
#: serverguide/C/remote-administration.xml:549(para)
11362
#: serverguide/C/remote-administration.xml:509(para)
11339
11363
msgid ""
11340
11364
"zentyal-squid: configures <application>Squid</application> and "
11341
11365
"<application>Dansguardian</application> for speeding up browsing thanks to "
11342
11366
"the caching capabilities and content filtering."
11343
11367
msgstr ""
11344
11368
11345
#: serverguide/C/remote-administration.xml:556(para)
11369
#: serverguide/C/remote-administration.xml:516(para)
11346
11370
msgid ""
11347
11371
"zentyal-samba: allows <application>Samba</application> configuration and "
11348
11372
"integration with existing LDAP. From the same interface you can define "
11349
11373
"password policies, create shared resources and assign permissions."
11350
11374
msgstr ""
11351
11375
11352
#: serverguide/C/remote-administration.xml:564(para)
11376
#: serverguide/C/remote-administration.xml:524(para)
11353
11377
msgid ""
11354
11378
"zentyal-printers: integrates <application>CUPS</application> with "
11355
11379
"<application>Samba</application> and allows not only to configure the "
11356
11380
"printers but also give them permissions based on LDAP users and groups."
11357
11381
msgstr ""
11358
11382
11359
#: serverguide/C/remote-administration.xml:573(para)
11383
#: serverguide/C/remote-administration.xml:533(para)
11360
11384
msgid ""
11361
11385
"To install <application>Zentyal</application>, in a terminal on the "
11362
11386
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
11363
11387
"the modules from the previous list):"
11364
11388
msgstr ""
11365
11389
11366
#: serverguide/C/remote-administration.xml:580(command)
11390
#: serverguide/C/remote-administration.xml:540(command)
11367
11391
msgid "sudo apt-get install <zentyal-module>"
11368
11392
msgstr ""
11369
11393
11370
#: serverguide/C/remote-administration.xml:584(para)
11394
#: serverguide/C/remote-administration.xml:544(para)
11371
11395
msgid ""
11372
11396
"<application>Zentyal</application> publishes one major stable release once a "
11373
11397
"year (in September) based on latest Ubuntu LTS release. Stable releases "
11387
11411
"Personal Package Archive (PPA)</ulink>."
11388
11412
msgstr ""
11389
11413
11390
#: serverguide/C/remote-administration.xml:606(para)
11414
#: serverguide/C/remote-administration.xml:566(para)
11391
11415
msgid ""
11392
11416
"Not present on Ubuntu Universe repositories, but on <ulink "
11393
11417
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
11394
11418
"find these other modules:"
11395
11419
msgstr ""
11396
11420
11397
#: serverguide/C/remote-administration.xml:613(para)
11421
#: serverguide/C/remote-administration.xml:573(para)
11398
11422
msgid ""
11399
11423
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
11400
11424
"with other modules like the proxy, file sharing or mailfilter."
11401
11425
msgstr ""
11402
11426
11403
#: serverguide/C/remote-administration.xml:620(para)
11427
#: serverguide/C/remote-administration.xml:580(para)
11404
11428
msgid ""
11405
11429
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
11406
11430
"a simple PBX with LDAP based authentication."
11407
11431
msgstr ""
11408
11432
11409
#: serverguide/C/remote-administration.xml:626(para)
11433
#: serverguide/C/remote-administration.xml:586(para)
11410
11434
msgid ""
11411
11435
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
11412
11436
msgstr ""
11413
11437
11414
#: serverguide/C/remote-administration.xml:632(para)
11438
#: serverguide/C/remote-administration.xml:592(para)
11415
11439
msgid ""
11416
11440
"zentyal-captiveportal: integrates a captive portal with the firewall and "
11417
11441
"LDAP users and groups."
11418
11442
msgstr ""
11419
11443
11420
#: serverguide/C/remote-administration.xml:638(para)
11444
#: serverguide/C/remote-administration.xml:598(para)
11421
11445
msgid ""
11422
11446
"zentyal-ebackup: allows to make scheduled backups of your server using the "
11423
11447
"popular <application>duplicity</application> backup tool."
11424
11448
msgstr ""
11425
11449
11426
#: serverguide/C/remote-administration.xml:644(para)
11450
#: serverguide/C/remote-administration.xml:604(para)
11427
11451
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
11428
11452
msgstr ""
11429
11453
11430
#: serverguide/C/remote-administration.xml:649(para)
11454
#: serverguide/C/remote-administration.xml:609(para)
11431
11455
msgid "zentyal-ids: integrates a network intrusion detection system."
11432
11456
msgstr ""
11433
11457
11434
#: serverguide/C/remote-administration.xml:654(para)
11458
#: serverguide/C/remote-administration.xml:614(para)
11435
11459
msgid ""
11436
11460
"zentyal-ipsec: allows to configure IPsec tunnels using "
11437
11461
"<application>OpenSwan</application>."
11438
11462
msgstr ""
11439
11463
11440
#: serverguide/C/remote-administration.xml:660(para)
11464
#: serverguide/C/remote-administration.xml:620(para)
11441
11465
msgid ""
11442
11466
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
11443
11467
"with LDAP users and groups."
11444
11468
msgstr ""
11445
11469
11446
#: serverguide/C/remote-administration.xml:666(para)
11470
#: serverguide/C/remote-administration.xml:626(para)
11447
11471
msgid ""
11448
11472
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
11449
11473
"solution."
11450
11474
msgstr ""
11451
11475
11452
#: serverguide/C/remote-administration.xml:672(para)
11476
#: serverguide/C/remote-administration.xml:632(para)
11453
11477
msgid ""
11454
11478
"zentyal-mail: a full mail stack including <application>Postfix "
11455
11479
"</application> and <application>Dovecot</application> with LDAP backend."
11456
11480
msgstr ""
11457
11481
11458
#: serverguide/C/remote-administration.xml:679(para)
11482
#: serverguide/C/remote-administration.xml:639(para)
11459
11483
msgid ""
11460
11484
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
11461
11485
"stack to filter spam and attached virus."
11462
11486
msgstr ""
11463
11487
11464
#: serverguide/C/remote-administration.xml:685(para)
11488
#: serverguide/C/remote-administration.xml:645(para)
11465
11489
msgid ""
11466
11490
"zentyal-monitor: integrates <application>collectd</application> to monitor "
11467
11491
"server performance and running services."
11468
11492
msgstr ""
11469
11493
11470
#: serverguide/C/remote-administration.xml:691(para)
11494
#: serverguide/C/remote-administration.xml:651(para)
11471
11495
msgid ""
11472
11496
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
11473
11497
msgstr ""
11474
11498
11475
#: serverguide/C/remote-administration.xml:696(para)
11499
#: serverguide/C/remote-administration.xml:656(para)
11476
11500
msgid ""
11477
11501
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
11478
11502
"users and groups."
11479
11503
msgstr ""
11480
11504
11481
#: serverguide/C/remote-administration.xml:702(para)
11505
#: serverguide/C/remote-administration.xml:662(para)
11482
11506
msgid ""
11483
11507
"zentyal-software: simple interface to manage installed "
11484
11508
"<application>Zentyal</application> modules and system updates."
11485
11509
msgstr ""
11486
11510
11487
#: serverguide/C/remote-administration.xml:708(para)
11511
#: serverguide/C/remote-administration.xml:668(para)
11488
11512
msgid ""
11489
11513
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
11490
11514
"throttling and improve latency."
11491
11515
msgstr ""
11492
11516
11493
#: serverguide/C/remote-administration.xml:714(para)
11517
#: serverguide/C/remote-administration.xml:674(para)
11494
11518
msgid ""
11495
11519
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
11496
11520
"web browser."
11497
11521
msgstr ""
11498
11522
11499
#: serverguide/C/remote-administration.xml:720(para)
11523
#: serverguide/C/remote-administration.xml:680(para)
11500
11524
msgid ""
11501
11525
"zentyal-virt: simple interface to create and manage virtual machines based "
11502
11526
"on <application>libvirt</application>."
11503
11527
msgstr ""
11504
11528
11505
#: serverguide/C/remote-administration.xml:726(para)
11529
#: serverguide/C/remote-administration.xml:686(para)
11506
11530
msgid ""
11507
11531
"zentyal-webmail: allows to access your mail using the popular "
11508
11532
"<application>Roundcube</application> webmail."
11509
11533
msgstr ""
11510
11534
11511
#: serverguide/C/remote-administration.xml:732(para)
11535
#: serverguide/C/remote-administration.xml:692(para)
11512
11536
msgid ""
11513
11537
"zentyal-webserver: configures <application>Apache</application> webserver to "
11514
11538
"host different sites on your machine."
11515
11539
msgstr ""
11516
11540
11517
#: serverguide/C/remote-administration.xml:738(para)
11541
#: serverguide/C/remote-administration.xml:698(para)
11518
11542
msgid ""
11519
11543
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
11520
11544
"with <application>Zentyal</application> mail stack and LDAP."
11521
11545
msgstr ""
11522
11546
11523
#: serverguide/C/remote-administration.xml:750(title)
11547
#: serverguide/C/remote-administration.xml:710(title)
11524
11548
msgid "First steps"
11525
11549
msgstr ""
11526
11550
11527
#: serverguide/C/remote-administration.xml:752(para)
11551
#: serverguide/C/remote-administration.xml:712(para)
11528
11552
msgid ""
11529
11553
"Any system account belonging to the sudo group is allowed to log into "
11530
11554
"<application>Zentyal</application> web interface. If you are using the user "
11531
11555
"created during the installation, this should be in the sudo group by default."
11532
11556
msgstr ""
11533
11557
11534
#: serverguide/C/remote-administration.xml:760(para)
11558
#: serverguide/C/remote-administration.xml:720(para)
11535
11559
msgid "If you need to add another user to the sudo group, just execute:"
11536
11560
msgstr ""
11537
11561
11538
#: serverguide/C/remote-administration.xml:765(command)
11562
#: serverguide/C/remote-administration.xml:725(command)
11539
11563
msgid "sudo adduser username sudo"
11540
11564
msgstr ""
11541
11565
11542
#: serverguide/C/remote-administration.xml:769(para)
11566
#: serverguide/C/remote-administration.xml:729(para)
11543
11567
msgid ""
11544
11568
"To access <application>Zentyal</application> web interface, browse into "
11545
11569
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11547
11571
"exception on your browser."
11548
11572
msgstr ""
11549
11573
11550
#: serverguide/C/remote-administration.xml:776(para)
11574
#: serverguide/C/remote-administration.xml:736(para)
11551
11575
msgid ""
11552
11576
"Once logged in you will see the dashboard with an overview of your server. "
11553
11577
"To configure any of the features of your installed modules, go to the "
11561
11585
"files."
11562
11586
msgstr ""
11563
11587
11564
#: serverguide/C/remote-administration.xml:790(para)
11588
#: serverguide/C/remote-administration.xml:750(para)
11565
11589
msgid ""
11566
11590
"If you need to customize any configuration file or run certain actions "
11567
11591
"(scripts or commands) to configure features not available on "
11570
11594
"/etc/zentyal/hooks/<module>.<action>."
11571
11595
msgstr ""
11572
11596
11573
#: serverguide/C/remote-administration.xml:803(para)
11597
#: serverguide/C/remote-administration.xml:763(para)
11574
11598
msgid ""
11575
11599
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
11576
11600
"</ulink> page."
11577
11601
msgstr ""
11578
11602
11579
#: serverguide/C/remote-administration.xml:807(para)
11603
#: serverguide/C/remote-administration.xml:767(para)
11580
11604
msgid ""
11581
11605
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
11582
11606
"Community Documentation</ulink> page."
11583
11607
msgstr ""
11584
11608
11585
#: serverguide/C/remote-administration.xml:811(para)
11609
#: serverguide/C/remote-administration.xml:771(para)
11586
11610
msgid ""
11587
11611
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
11588
11612
"</ulink> for community support, feedback, feature requests, etc."
11967
11991
"menu."
11968
11992
msgstr ""
11969
11993
11970
#: serverguide/C/package-management.xml:263(para)
11994
#: serverguide/C/package-management.xml:246(para)
11971
11995
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11972
11996
msgstr "<emphasis role=\"bold\">i</emphasis>: 已安装的软件包"
11973
11997
11974
#: serverguide/C/package-management.xml:268(para)
11998
#: serverguide/C/package-management.xml:251(para)
11975
11999
msgid ""
11976
12000
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11977
12001
"configuration remains on system"
11978
12002
msgstr "<emphasis role=\"bold\">c</emphasis>: 软件包没有安装,但在系统中有软件包的残留配置"
11979
12003
11980
#: serverguide/C/package-management.xml:272(para)
12004
#: serverguide/C/package-management.xml:255(para)
11981
12005
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11982
12006
msgstr "<emphasis role=\"bold\">p</emphasis>: 从系统彻底删除"
11983
12007
11984
#: serverguide/C/package-management.xml:276(para)
12008
#: serverguide/C/package-management.xml:259(para)
11985
12009
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11986
12010
msgstr "<emphasis role=\"bold\">v</emphasis>: 虚拟软件包"
11987
12011
11988
#: serverguide/C/package-management.xml:280(para)
12012
#: serverguide/C/package-management.xml:263(para)
11989
12013
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11990
12014
msgstr "<emphasis role=\"bold\">B</emphasis>: 已损坏的软件包"
11991
12015
11992
#: serverguide/C/package-management.xml:284(para)
12016
#: serverguide/C/package-management.xml:267(para)
11993
12017
msgid ""
11994
12018
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11995
12019
"configured"
11996
12020
msgstr "<emphasis role=\"bold\">u</emphasis>: 文件已解压,但尚未配置软件包"
11997
12021
11998
#: serverguide/C/package-management.xml:288(para)
12022
#: serverguide/C/package-management.xml:271(para)
11999
12023
msgid ""
12000
12024
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
12001
12025
"and requires fix"
12002
12026
msgstr "<emphasis role=\"bold\">C</emphasis>: 半配置的 - 配置失败并需要修复"
12003
12027
12004
#: serverguide/C/package-management.xml:292(para)
12028
#: serverguide/C/package-management.xml:275(para)
12005
12029
msgid ""
12006
12030
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
12007
12031
"requires fix"
12008
12032
msgstr "<emphasis role=\"bold\">H</emphasis>: 半安装的 - 移除失败并需要修复"
12009
12033
12010
#: serverguide/C/package-management.xml:260(para)
12034
#: serverguide/C/package-management.xml:243(para)
12011
12035
msgid ""
12012
12036
"The first column of information displayed in the package list in the top "
12013
12037
"pane, when actually viewing packages lists the current state of the package, "
12015
12039
"<placeholder-1/>"
12016
12040
msgstr "当实际查看软件时列出软件包当前状态,在顶窗软件包列表中显示信息的第一列使用下列关键字来描述软件包状态:<placeholder-1/>"
12017
12041
12018
#: serverguide/C/package-management.xml:298(para)
12042
#: serverguide/C/package-management.xml:281(para)
12019
12043
msgid ""
12020
12044
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
12021
12045
"wish to exit. Many other functions are available from the Aptitude menu by "
12024
12048
"要退出 Aptitude,只需简单按 <keycap>q</keycap> 键并确认您想退出即可。在 Aptitude 菜单中按 "
12025
12049
"<keycap>F10</keycap> 键可以列出其他许多功能。"
12026
12050
12027
#: serverguide/C/package-management.xml:301(title)
12051
#: serverguide/C/package-management.xml:284(title)
12028
12052
msgid "Command Line Aptitude"
12029
12053
msgstr ""
12030
12054
12031
#: serverguide/C/package-management.xml:302(para)
12055
#: serverguide/C/package-management.xml:285(para)
12032
12056
msgid ""
12033
12057
"You can also use <application>Aptitude</application> as a command-line tool, "
12034
12058
"similar to <application>apt-get</application>. To install the "
12042
12066
"of command line options for <application>Aptitude</application>."
12043
12067
msgstr ""
12044
12068
12045
#: serverguide/C/package-management.xml:315(title)
12069
#: serverguide/C/package-management.xml:298(title)
12046
12070
msgid "Automatic Updates"
12047
12071
msgstr "自动更新"
12048
12072
12049
#: serverguide/C/package-management.xml:317(para)
12073
#: serverguide/C/package-management.xml:300(para)
12050
12074
msgid ""
12051
12075
"The <application>unattended-upgrades</application> package can be used to "
12052
12076
"automatically install updated packages, and can be configured to update all "
12054
12078
"entering the following in a terminal:"
12055
12079
msgstr ""
12056
12080
12057
#: serverguide/C/package-management.xml:323(command)
12081
#: serverguide/C/package-management.xml:306(command)
12058
12082
msgid "sudo apt-get install unattended-upgrades"
12059
12083
msgstr "sudo apt-get install unattended-upgrades"
12060
12084
12061
#: serverguide/C/package-management.xml:326(para)
12085
#: serverguide/C/package-management.xml:309(para)
12062
12086
msgid ""
12063
12087
"To configure <application>unattended-upgrades</application>, edit "
12064
12088
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
12075
12099
"};\n"
12076
12100
msgstr ""
12077
12101
12078
#: serverguide/C/package-management.xml:338(para)
12102
#: serverguide/C/package-management.xml:321(para)
12079
12103
msgid ""
12080
12104
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
12081
12105
"will not be automatically updated. To blacklist a package, add it to the "
12082
12106
"list:"
12083
12107
msgstr ""
12084
12108
12085
#: serverguide/C/package-management.xml:343(programlisting)
12109
#: serverguide/C/package-management.xml:326(programlisting)
12086
12110
#, no-wrap
12087
12111
msgid ""
12088
12112
"\n"
12094
12118
"};\n"
12095
12119
msgstr ""
12096
12120
12097
#: serverguide/C/package-management.xml:353(para)
12121
#: serverguide/C/package-management.xml:336(para)
12098
12122
msgid ""
12099
12123
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
12100
12124
"whatever follows \"//\" will not be evaluated."
12101
12125
msgstr ""
12102
12126
12103
#: serverguide/C/package-management.xml:358(para)
12127
#: serverguide/C/package-management.xml:341(para)
12104
12128
msgid ""
12105
12129
"To enable automatic updates, edit "
12106
12130
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
12107
12131
"<application>apt</application> configuration options:"
12108
12132
msgstr ""
12109
12133
12110
#: serverguide/C/package-management.xml:362(programlisting)
12134
#: serverguide/C/package-management.xml:345(programlisting)
12111
12135
#, no-wrap
12112
12136
msgid ""
12113
12137
"\n"
12117
12141
"APT::Periodic::Unattended-Upgrade \"1\";\n"
12118
12142
msgstr ""
12119
12143
12120
#: serverguide/C/package-management.xml:369(para)
12144
#: serverguide/C/package-management.xml:352(para)
12121
12145
msgid ""
12122
12146
"The above configuration updates the package list, downloads, and installs "
12123
12147
"available upgrades every day. The local download archive is cleaned every "
12124
12148
"week."
12125
12149
msgstr ""
12126
12150
12127
#: serverguide/C/package-management.xml:375(para)
12151
#: serverguide/C/package-management.xml:358(para)
12128
12152
msgid ""
12129
12153
"You can read more about <application>apt</application> Periodic "
12130
12154
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
12131
12155
"header."
12132
12156
msgstr ""
12133
12157
12134
#: serverguide/C/package-management.xml:380(para)
12158
#: serverguide/C/package-management.xml:363(para)
12135
12159
msgid ""
12136
12160
"The results of <application>unattended-upgrades</application> will be logged "
12137
12161
"to <filename>/var/log/unattended-upgrades</filename>."
12138
12162
msgstr ""
12139
12163
12140
#: serverguide/C/package-management.xml:385(title)
12164
#: serverguide/C/package-management.xml:368(title)
12141
12165
msgid "Notifications"
12142
12166
msgstr "通知"
12143
12167
12144
#: serverguide/C/package-management.xml:387(para)
12168
#: serverguide/C/package-management.xml:370(para)
12145
12169
msgid ""
12146
12170
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
12147
12171
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
12149
12173
"detailing any packages that need upgrading or have problems."
12150
12174
msgstr ""
12151
12175
12152
#: serverguide/C/package-management.xml:392(para)
12176
#: serverguide/C/package-management.xml:375(para)
12153
12177
msgid ""
12154
12178
"Another useful package is <application>apticron</application>. "
12155
12179
"<application>apticron</application> will configure a "
12158
12182
"summary of changes in each package."
12159
12183
msgstr ""
12160
12184
12161
#: serverguide/C/package-management.xml:398(para)
12185
#: serverguide/C/package-management.xml:381(para)
12162
12186
msgid ""
12163
12187
"To install the <application>apticron</application> package, in a terminal "
12164
12188
"enter:"
12165
12189
msgstr "要安装 <application>apticron</application> 软件包,在终端中输入:"
12166
12190
12167
#: serverguide/C/package-management.xml:403(command)
12191
#: serverguide/C/package-management.xml:386(command)
12168
12192
msgid "sudo apt-get install apticron"
12169
12193
msgstr "sudo apt-get install apticron"
12170
12194
12171
#: serverguide/C/package-management.xml:406(para)
12195
#: serverguide/C/package-management.xml:389(para)
12172
12196
msgid ""
12173
12197
"Once the package is installed edit "
12174
12198
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
12176
12200
msgstr ""
12177
12201
"软件包安装后,编辑 <filename>/etc/apticron/apticron.conf</filename> 来设置电子邮件地址和其他选项:"
12178
12202
12179
#: serverguide/C/package-management.xml:410(programlisting)
12203
#: serverguide/C/package-management.xml:393(programlisting)
12180
12204
#, no-wrap
12181
12205
msgid ""
12182
12206
"\n"
12183
12207
"EMAIL=\"root@example.com\"\n"
12184
12208
msgstr ""
12185
12209
12186
#: serverguide/C/package-management.xml:419(para)
12210
#: serverguide/C/package-management.xml:402(para)
12187
12211
msgid ""
12188
12212
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
12189
12213
"system repositories is stored in the "
12193
12217
"repository references from the file."
12194
12218
msgstr ""
12195
12219
12196
#: serverguide/C/package-management.xml:424(para)
12220
#: serverguide/C/package-management.xml:411(para)
12197
12221
msgid ""
12198
12222
"You may edit the file to enable repositories or disable them. For example, "
12199
12223
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
12212
12236
"main restricted\n"
12213
12237
msgstr ""
12214
12238
12215
#: serverguide/C/package-management.xml:435(title)
12239
#: serverguide/C/package-management.xml:422(title)
12216
12240
msgid "Extra Repositories"
12217
12241
msgstr "其他软件库"
12218
12242
12219
#: serverguide/C/package-management.xml:436(para)
12243
#: serverguide/C/package-management.xml:423(para)
12220
12244
msgid ""
12221
12245
"In addition to the officially supported package repositories available for "
12222
12246
"Ubuntu, there exist additional community-maintained repositories which add "
12227
12251
"which are safe for use with your Ubuntu computer."
12228
12252
msgstr ""
12229
12253
12230
#: serverguide/C/package-management.xml:439(para)
12254
#: serverguide/C/package-management.xml:426(para)
12231
12255
msgid ""
12232
12256
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
12233
12257
"licensing issues that prevent them from being distributed with a free "
12236
12260
"在 <emphasis>Multiverse</emphasis> "
12237
12261
"软件库中的软件包通常有授权问题,这阻碍了它们随同一个自由操作系统一起发布,并且它们在您所处的地域中可能是非法的。"
12238
12262
12239
#: serverguide/C/package-management.xml:441(para)
12263
#: serverguide/C/package-management.xml:428(para)
12240
12264
msgid ""
12241
12265
"Be advised that neither the <emphasis>Universe</emphasis> or "
12242
12266
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
12246
12270
"提醒您在 <emphasis>Universe</emphasis> 或 <emphasis>Multiverse</emphasis> "
12247
12271
"软件库中均没有官方支持的软件包。特别是这些软件包可能没有安全更新。"
12248
12272
12249
#: serverguide/C/package-management.xml:445(para)
12273
#: serverguide/C/package-management.xml:432(para)
12250
12274
msgid ""
12251
12275
"Many other package sources are available, sometimes even offering only one "
12252
12276
"package, as in the case of package sources provided by the developer of a "
12259
12283
"许多其他软件包源也是可用的,有时甚至只提供一个软件包,这种情况主要发生在由单个应用程序的开发人员所提供软件包源上。然而当您在使用非标准软件包源时您应该非常"
12260
12284
"小心谨慎,在执行任何安装之前仔细考查源和软件包,因为有些软件包源和其中的软件包可能会使您的系统在某些方面运行不稳定或不正常。"
12261
12285
12262
#: serverguide/C/package-management.xml:448(para)
12286
#: serverguide/C/package-management.xml:435(para)
12263
12287
msgid ""
12264
12288
"By default, the <emphasis>Universe</emphasis> and "
12265
12289
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
12290
12314
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
12291
12315
msgstr ""
12292
12316
12293
#: serverguide/C/package-management.xml:481(para)
12317
#: serverguide/C/package-management.xml:468(para)
12294
12318
msgid ""
12295
12319
"Most of the material covered in this chapter is available in "
12296
12320
"<application>man</application> pages, many of which are available online."
12297
12321
msgstr ""
12298
12322
12299
#: serverguide/C/package-management.xml:488(para)
12323
#: serverguide/C/package-management.xml:475(para)
12300
12324
msgid ""
12301
12325
"The <ulink "
12302
12326
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
12326
12350
"ude man page</ulink> for more <application>aptitude</application> options."
12327
12351
msgstr ""
12328
12352
12329
#: serverguide/C/package-management.xml:512(para)
12353
#: serverguide/C/package-management.xml:499(para)
12330
12354
msgid ""
12331
12355
"The <ulink "
12332
12356
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
12393
12417
"reboots (e.g.: after a kernel upgrade)."
12394
12418
msgstr ""
12395
12419
12396
#: serverguide/C/other-apps.xml:61(para)
12420
#: serverguide/C/other-apps.xml:44(para)
12397
12421
msgid ""
12398
12422
"<application>pam_motd</application> executes the scripts in "
12399
12423
"<filename>/etc/update-motd.d</filename> in order based on the number "
12402
12426
"concatenated with <filename>/etc/motd.tail</filename>."
12403
12427
msgstr ""
12404
12428
12405
#: serverguide/C/other-apps.xml:67(para)
12429
#: serverguide/C/other-apps.xml:50(para)
12406
12430
msgid ""
12407
12431
"You can add your own dynamic information to the MOTD. For example, to add "
12408
12432
"local weather information:"
12409
12433
msgstr "您可以往MOTD上添加您自己的动态信息。比如,要添加当地的气象信息,您可以:"
12410
12434
12411
#: serverguide/C/other-apps.xml:73(para)
12435
#: serverguide/C/other-apps.xml:56(para)
12412
12436
msgid "First, install the <application>weather-util</application> package:"
12413
12437
msgstr "首先,安装 <application>weather-util</application> 软件包:"
12414
12438
12415
#: serverguide/C/other-apps.xml:78(command)
12439
#: serverguide/C/other-apps.xml:61(command)
12416
12440
msgid "sudo apt-get install weather-util"
12417
12441
msgstr ""
12418
12442
12419
#: serverguide/C/other-apps.xml:83(para)
12443
#: serverguide/C/other-apps.xml:66(para)
12420
12444
msgid ""
12421
12445
"The <application>weather</application> utility uses METAR data from the "
12422
12446
"National Oceanic and Atmospheric Administration and forecasts from the "
12426
12450
"Weather Service</ulink> site."
12427
12451
msgstr ""
12428
12452
12429
#: serverguide/C/other-apps.xml:90(para)
12453
#: serverguide/C/other-apps.xml:73(para)
12430
12454
msgid ""
12431
12455
"Although the National Weather Service is a United States government agency "
12432
12456
"there are weather stations available world wide. However, local weather "
12433
12457
"information for all locations outside the U.S. may not be available."
12434
12458
msgstr ""
12435
12459
12436
#: serverguide/C/other-apps.xml:96(para)
12460
#: serverguide/C/other-apps.xml:79(para)
12437
12461
msgid ""
12438
12462
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
12439
12463
"script to use <application>weather</application> with your local ICAO "
12440
12464
"indicator:"
12441
12465
msgstr ""
12442
12466
12443
#: serverguide/C/other-apps.xml:101(programlisting)
12467
#: serverguide/C/other-apps.xml:84(programlisting)
12444
12468
#, no-wrap
12445
12469
msgid ""
12446
12470
"\n"
12460
12484
"\n"
12461
12485
msgstr ""
12462
12486
12463
#: serverguide/C/other-apps.xml:119(para)
12487
#: serverguide/C/other-apps.xml:102(para)
12464
12488
msgid "Make the script executable:"
12465
12489
msgstr "使脚本可以执行:"
12466
12490
12467
#: serverguide/C/other-apps.xml:124(command)
12491
#: serverguide/C/other-apps.xml:107(command)
12468
12492
msgid "sudo chmod 755 /usr/local/bin/local-weather"
12469
12493
msgstr ""
12470
12494
12471
#: serverguide/C/other-apps.xml:128(para)
12495
#: serverguide/C/other-apps.xml:111(para)
12472
12496
msgid ""
12473
12497
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
12474
12498
"weather</filename>:"
12475
12499
msgstr ""
12476
12500
12477
#: serverguide/C/other-apps.xml:133(command)
12501
#: serverguide/C/other-apps.xml:116(command)
12478
12502
msgid ""
12479
12503
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
12480
12504
msgstr ""
12481
12505
12482
#: serverguide/C/other-apps.xml:137(para)
12506
#: serverguide/C/other-apps.xml:120(para)
12483
12507
msgid "Finally, exit the server and re-login to view the new MOTD."
12484
12508
msgstr ""
12485
12509
12486
#: serverguide/C/other-apps.xml:143(para)
12510
#: serverguide/C/other-apps.xml:126(para)
12487
12511
msgid ""
12488
12512
"You should now be greeted with some useful information, and some information "
12489
12513
"about the local weather that may not be quite so useful. Hopefully the "
12491
12515
"flexibility of <application>pam_motd</application>."
12492
12516
msgstr ""
12493
12517
12494
#: serverguide/C/other-apps.xml:151(title)
12518
#: serverguide/C/other-apps.xml:156(para)
12519
msgid ""
12520
"See the <ulink "
12521
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
12522
"motd.5.html\">update-motd man page</ulink> for more options available to "
12523
"<application>update-motd</application>."
12524
msgstr ""
12525
12526
#: serverguide/C/other-apps.xml:338(para)
12527
msgid ""
12528
"The Debian Package of the Day <ulink "
12529
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12530
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12531
"details about using the <application>weather</application>utility."
12532
msgstr ""
12533
12534
#: serverguide/C/other-apps.xml:134(title)
12495
12535
msgid "etckeeper"
12496
12536
msgstr ""
12497
12537
12498
#: serverguide/C/other-apps.xml:153(para)
12538
#: serverguide/C/other-apps.xml:180(para)
12499
12539
msgid ""
12500
12540
"<application>etckeeper</application> allows the contents of <filename "
12501
"role=\"directory\">/etc</filename> be easily stored in Version Control "
12502
"System (VCS) repository. It hooks into <application>apt</application> to "
12503
"automatically commit changes to <filename>/etc</filename> when packages are "
12541
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
12542
"(VCS) repository. It integrates with <application>APT</application> and "
12543
"automatically commits changes to <filename>/etc</filename> when packages are "
12504
12544
"installed or upgraded. Placing <filename>/etc</filename> under version "
12505
12545
"control is considered an industry best practice, and the goal of "
12506
12546
"<application>etckeeper</application> is to make this process as painless as "
12507
12547
"possible."
12508
12548
msgstr ""
12509
12549
12510
#: serverguide/C/other-apps.xml:161(para)
12550
#: serverguide/C/other-apps.xml:144(para)
12511
12551
msgid ""
12512
12552
"Install <application>etckeeper</application> by entering the following in a "
12513
12553
"terminal:"
12514
12554
msgstr ""
12515
12555
12516
#: serverguide/C/other-apps.xml:166(command)
12556
#: serverguide/C/other-apps.xml:149(command)
12517
12557
msgid "sudo apt-get install etckeeper"
12518
12558
msgstr ""
12519
12559
12520
#: serverguide/C/other-apps.xml:169(para)
12560
#: serverguide/C/other-apps.xml:196(para)
12521
12561
msgid ""
12522
12562
"The main configuration file, "
12523
12563
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
12524
"main option is which VCS to use. By default "
12564
"main option is which VCS to use and by default "
12525
12565
"<application>etckeeper</application> is configured to use "
12526
"<application>bzr</application> for version control. The repository is "
12527
"automatically initialized (and committed for the first time) during package "
12528
"installation. It is possible to undo this by entering the following command:"
12566
"<application>Bazaar</application>. The repository is automatically "
12567
"initialized (and committed for the first time) during package installation. "
12568
"It is possible to undo this by entering the following command:"
12529
12569
msgstr ""
12530
12570
12531
#: serverguide/C/other-apps.xml:179(command)
12571
#: serverguide/C/other-apps.xml:162(command)
12532
12572
msgid "sudo etckeeper uninit"
12533
12573
msgstr ""
12534
12574
12535
#: serverguide/C/other-apps.xml:182(para)
12575
#: serverguide/C/other-apps.xml:165(para)
12536
12576
msgid ""
12537
12577
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
12538
12578
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
12541
12581
"commit your changes manually, together with a commit message, using:"
12542
12582
msgstr ""
12543
12583
12544
#: serverguide/C/other-apps.xml:191(command)
12584
#: serverguide/C/other-apps.xml:174(command)
12545
12585
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
12546
12586
msgstr ""
12547
12587
12548
#: serverguide/C/other-apps.xml:194(para)
12549
msgid ""
12550
"Using the VCS commands you can view log information about files in "
12551
"<filename>/etc</filename>:"
12588
#: serverguide/C/other-apps.xml:217(para)
12589
msgid "Using bzr's VCS commands you can view log information:"
12552
12590
msgstr ""
12553
12591
12554
#: serverguide/C/other-apps.xml:199(command)
12592
#: serverguide/C/other-apps.xml:182(command)
12555
12593
msgid "sudo bzr log /etc/passwd"
12556
12594
msgstr ""
12557
12595
12558
#: serverguide/C/other-apps.xml:202(para)
12596
#: serverguide/C/other-apps.xml:225(para)
12559
12597
msgid ""
12560
"To demonstrate the integration with the package management system, install "
12561
"<application>postfix</application>:"
12598
"To demonstrate the integration with the package management system (APT), "
12599
"install <application>postfix</application>:"
12562
12600
msgstr ""
12563
12601
12564
#: serverguide/C/other-apps.xml:207(command) serverguide/C/mail.xml:43(command)
12602
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
12565
12603
msgid "sudo apt-get install postfix"
12566
12604
msgstr ""
12567
12605
12568
#: serverguide/C/other-apps.xml:210(para)
12606
#: serverguide/C/other-apps.xml:193(para)
12569
12607
msgid ""
12570
12608
"When the installation is finished, all the "
12571
12609
"<application>postfix</application> configuration files should be committed "
12572
12610
"to the repository:"
12573
12611
msgstr ""
12574
12612
12575
#: serverguide/C/other-apps.xml:216(computeroutput)
12613
#: serverguide/C/other-apps.xml:199(computeroutput)
12576
12614
#, no-wrap
12577
12615
msgid ""
12578
12616
"Committing to: /etc/\n"
12615
12653
"Committed revision 2."
12616
12654
msgstr ""
12617
12655
12618
#: serverguide/C/other-apps.xml:256(para)
12656
#: serverguide/C/other-apps.xml:239(para)
12619
12657
msgid ""
12620
12658
"For an example of how <application>etckeeper</application> tracks manual "
12621
12659
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
12622
12660
"<application>bzr</application> you can see which files have been modified:"
12623
12661
msgstr ""
12624
12662
12625
#: serverguide/C/other-apps.xml:262(command)
12663
#: serverguide/C/other-apps.xml:245(command)
12626
12664
msgid "sudo bzr status /etc/"
12627
12665
msgstr ""
12628
12666
12629
#: serverguide/C/other-apps.xml:263(computeroutput)
12667
#: serverguide/C/other-apps.xml:246(computeroutput)
12630
12668
#, no-wrap
12631
12669
msgid ""
12632
12670
"modified:\n"
12633
12671
" hosts"
12634
12672
msgstr ""
12635
12673
12636
#: serverguide/C/other-apps.xml:267(para)
12674
#: serverguide/C/other-apps.xml:250(para)
12637
12675
msgid "Now commit the changes:"
12638
12676
msgstr ""
12639
12677
12640
#: serverguide/C/other-apps.xml:272(command)
12641
msgid "sudo etckeeper commit \"new host\""
12678
#: serverguide/C/other-apps.xml:295(command)
12679
msgid "sudo etckeeper commit \"added new host\""
12642
12680
msgstr ""
12643
12681
12644
#: serverguide/C/other-apps.xml:275(para)
12682
#: serverguide/C/other-apps.xml:258(para)
12645
12683
msgid ""
12646
12684
"For more information on <application>bzr</application> see <xref "
12647
12685
"linkend=\"bazaar\"/>."
12648
12686
msgstr ""
12649
12687
12650
#: serverguide/C/other-apps.xml:281(title)
12688
#: serverguide/C/other-apps.xml:345(para)
12689
msgid ""
12690
"See the <ulink "
12691
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12692
"more details on using <application>etckeeper</application>."
12693
msgstr ""
12694
12695
#: serverguide/C/other-apps.xml:351(para)
12696
msgid ""
12697
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12698
"Ubuntu Wiki</ulink> page."
12699
msgstr ""
12700
12701
#: serverguide/C/other-apps.xml:356(para)
12702
msgid ""
12703
"For the latest news and information about <application>bzr</application> see "
12704
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12705
msgstr ""
12706
12707
#: serverguide/C/other-apps.xml:264(title)
12651
12708
msgid "Byobu"
12652
12709
msgstr ""
12653
12710
12654
#: serverguide/C/other-apps.xml:283(para)
12655
msgid ""
12656
"One of the most useful applications for any system administrator is "
12657
"<application>screen</application>. It allows the execution of multiple "
12658
"shells in one terminal. To make some of the advanced "
12659
"<application>screen</application> features more user friendly, and provide "
12660
"some useful information about the system, the "
12661
"<application>byobu</application> package was created."
12662
msgstr ""
12663
12664
#: serverguide/C/other-apps.xml:290(para)
12665
msgid ""
12666
"When executing <application>byobu</application> pressing the "
12667
"<emphasis>F9</emphasis> key will bring up the "
12668
"<application>Configuration</application> menu. This menu will allow you to:"
12669
msgstr ""
12670
12671
#: serverguide/C/other-apps.xml:296(para)
12711
#: serverguide/C/other-apps.xml:337(para)
12712
msgid ""
12713
"One of the most useful applications for any system administrator is an xterm "
12714
"multiplexor such as <application>screen</application> or "
12715
"<application>tmux</application>. It allows for the execution of multiple "
12716
"shells in one terminal. To make some of the advanced multiplexor features "
12717
"more user-friendly and provide some useful information about the system, the "
12718
"<application>byobu</application> package was created. It acts as a wrapper "
12719
"to these programs. By default Byobu uses tmux (if installed) but this can be "
12720
"changed by the user."
12721
msgstr ""
12722
12723
#: serverguide/C/other-apps.xml:344(para)
12724
msgid "Invoke it simply with:"
12725
msgstr ""
12726
12727
#: serverguide/C/other-apps.xml:349(command)
12728
msgid "byobu"
12729
msgstr ""
12730
12731
#: serverguide/C/other-apps.xml:352(para)
12732
msgid ""
12733
"Now bring up the configuration menu. By default this is done by pressing the "
12734
"<emphasis>F9</emphasis> key. This will allow you to:"
12735
msgstr ""
12736
12737
#: serverguide/C/other-apps.xml:279(para)
12672
12738
msgid "View the Help menu"
12673
12739
msgstr "查看帮助菜单"
12674
12740
12675
#: serverguide/C/other-apps.xml:297(para)
12741
#: serverguide/C/other-apps.xml:280(para)
12676
12742
msgid "Change Byobu's background color"
12677
12743
msgstr ""
12678
12744
12679
#: serverguide/C/other-apps.xml:298(para)
12745
#: serverguide/C/other-apps.xml:281(para)
12680
12746
msgid "Change Byobu's foreground color"
12681
12747
msgstr ""
12682
12748
12683
#: serverguide/C/other-apps.xml:299(para)
12749
#: serverguide/C/other-apps.xml:282(para)
12684
12750
msgid "Toggle status notifications"
12685
12751
msgstr ""
12686
12752
12687
#: serverguide/C/other-apps.xml:300(para)
12753
#: serverguide/C/other-apps.xml:283(para)
12688
12754
msgid "Change the key binding set"
12689
12755
msgstr ""
12690
12756
12691
#: serverguide/C/other-apps.xml:301(para)
12757
#: serverguide/C/other-apps.xml:284(para)
12692
12758
msgid "Change the escape sequence"
12693
12759
msgstr ""
12694
12760
12695
#: serverguide/C/other-apps.xml:302(para)
12761
#: serverguide/C/other-apps.xml:285(para)
12696
12762
msgid "Create new windows"
12697
12763
msgstr ""
12698
12764
12699
#: serverguide/C/other-apps.xml:303(para)
12765
#: serverguide/C/other-apps.xml:286(para)
12700
12766
msgid "Manage the default windows"
12701
12767
msgstr ""
12702
12768
12703
#: serverguide/C/other-apps.xml:304(para)
12769
#: serverguide/C/other-apps.xml:287(para)
12704
12770
msgid "Byobu currently does not launch at login (toggle on)"
12705
12771
msgstr ""
12706
12772
12707
#: serverguide/C/other-apps.xml:307(para)
12773
#: serverguide/C/other-apps.xml:290(para)
12708
12774
msgid ""
12709
12775
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12710
12776
"sequence, new window, change window, etc. There are two key binding sets to "
12713
12779
"<emphasis>none</emphasis> set."
12714
12780
msgstr ""
12715
12781
12716
#: serverguide/C/other-apps.xml:313(para)
12782
#: serverguide/C/other-apps.xml:296(para)
12717
12783
msgid ""
12718
12784
"<application>byobu</application> provides a menu which displays the Ubuntu "
12719
12785
"release, processor information, memory information, and the time and date. "
12720
12786
"The effect is similar to a desktop menu."
12721
12787
msgstr ""
12722
12788
12723
#: serverguide/C/other-apps.xml:318(para)
12789
#: serverguide/C/other-apps.xml:301(para)
12724
12790
msgid ""
12725
12791
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12726
12792
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12729
12795
"affect other users on the system."
12730
12796
msgstr ""
12731
12797
12732
#: serverguide/C/other-apps.xml:324(para)
12798
#: serverguide/C/other-apps.xml:307(para)
12733
12799
msgid ""
12734
12800
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12735
12801
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12737
12803
"commands. Here is a quick list of movement commands:"
12738
12804
msgstr ""
12739
12805
12740
#: serverguide/C/other-apps.xml:331(para)
12806
#: serverguide/C/other-apps.xml:314(para)
12741
12807
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12742
12808
msgstr ""
12743
12809
12744
#: serverguide/C/other-apps.xml:332(para)
12810
#: serverguide/C/other-apps.xml:315(para)
12745
12811
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12746
12812
msgstr ""
12747
12813
12748
#: serverguide/C/other-apps.xml:333(para)
12814
#: serverguide/C/other-apps.xml:316(para)
12749
12815
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12750
12816
msgstr ""
12751
12817
12752
#: serverguide/C/other-apps.xml:334(para)
12818
#: serverguide/C/other-apps.xml:317(para)
12753
12819
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12754
12820
msgstr ""
12755
12821
12756
#: serverguide/C/other-apps.xml:335(para)
12822
#: serverguide/C/other-apps.xml:318(para)
12757
12823
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12758
12824
msgstr ""
12759
12825
12760
#: serverguide/C/other-apps.xml:336(para)
12826
#: serverguide/C/other-apps.xml:319(para)
12761
12827
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12762
12828
msgstr ""
12763
12829
12764
#: serverguide/C/other-apps.xml:337(para)
12830
#: serverguide/C/other-apps.xml:320(para)
12765
12831
msgid ""
12766
12832
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12767
12833
"the buffer)"
12768
12834
msgstr ""
12769
12835
12770
#: serverguide/C/other-apps.xml:338(para)
12836
#: serverguide/C/other-apps.xml:321(para)
12771
12837
msgid "<emphasis>/</emphasis> - Search forward"
12772
12838
msgstr ""
12773
12839
12774
#: serverguide/C/other-apps.xml:339(para)
12840
#: serverguide/C/other-apps.xml:322(para)
12775
12841
msgid "<emphasis>?</emphasis> - Search backward"
12776
12842
msgstr ""
12777
12843
12778
#: serverguide/C/other-apps.xml:340(para)
12844
#: serverguide/C/other-apps.xml:401(para)
12779
12845
msgid ""
12780
12846
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
12781
12847
msgstr ""
12782
12848
12783
#: serverguide/C/other-apps.xml:349(para)
12784
msgid ""
12785
"See the <ulink "
12786
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
12787
"motd.5.html\">update-motd man page</ulink> for more options available to "
12788
"<application>update-motd</application>."
12789
msgstr ""
12790
12791
#: serverguide/C/other-apps.xml:355(para)
12792
msgid ""
12793
"The Debian Package of the Day <ulink "
12794
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12795
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12796
"details about using the <application>weather</application>utility."
12797
msgstr ""
12798
12799
#: serverguide/C/other-apps.xml:362(para)
12800
msgid ""
12801
"See the <ulink "
12802
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12803
"more details on using <application>etckeeper</application>."
12804
msgstr ""
12805
12806
#: serverguide/C/other-apps.xml:368(para)
12807
msgid ""
12808
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12809
"Ubuntu Wiki</ulink> page."
12810
msgstr ""
12811
12812
#: serverguide/C/other-apps.xml:373(para)
12813
msgid ""
12814
"For the latest news and information about <application>bzr</application> see "
12815
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12816
msgstr ""
12817
12818
#: serverguide/C/other-apps.xml:378(para)
12849
#: serverguide/C/other-apps.xml:361(para)
12819
12850
msgid ""
12820
12851
"For more information on <application>screen</application> see the <ulink "
12821
12852
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12822
12853
msgstr ""
12823
12854
12824
#: serverguide/C/other-apps.xml:383(para)
12855
#: serverguide/C/other-apps.xml:366(para)
12825
12856
msgid ""
12826
12857
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12827
12858
"screen</ulink> page."
12828
12859
msgstr ""
12829
12860
12830
#: serverguide/C/other-apps.xml:388(para)
12861
#: serverguide/C/other-apps.xml:371(para)
12831
12862
msgid ""
12832
12863
"Also, see the <application>byobu</application><ulink "
12833
12864
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12849
12880
"discussion of popular network protocols."
12850
12881
msgstr "本节提供属于联网范畴的一般和特定信息,包括网络概念的概览以及对于流行网络协议的详细讨论。"
12851
12882
12852
#: serverguide/C/network-config.xml:25(title)
12883
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
12853
12884
msgid "Network Configuration"
12854
12885
msgstr "网络配置"
12855
12886
13132
13163
"persistent way to do DNS client configuration is in a following section."
13133
13164
msgstr ""
13134
13165
13135
#: serverguide/C/network-config.xml:226(programlisting)
13166
#: serverguide/C/network-config.xml:224(programlisting)
13136
13167
#, no-wrap
13137
13168
msgid ""
13138
13169
"\n"
13140
13171
"nameserver 8.8.4.4\n"
13141
13172
msgstr ""
13142
13173
13143
#: serverguide/C/network-config.xml:230(para)
13174
#: serverguide/C/network-config.xml:228(para)
13144
13175
msgid ""
13145
13176
"If you no longer need this configuration and wish to purge all IP "
13146
13177
"configuration from an interface, you can use the "
13147
13178
"<application>ip</application> command with the flush option as shown below."
13148
13179
msgstr ""
13149
13180
13150
#: serverguide/C/network-config.xml:236(command)
13181
#: serverguide/C/network-config.xml:234(command)
13151
13182
msgid "ip addr flush eth0"
13152
13183
msgstr ""
13153
13184
13161
13192
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
13162
13193
msgstr ""
13163
13194
13164
#: serverguide/C/network-config.xml:249(title)
13195
#: serverguide/C/network-config.xml:245(title)
13165
13196
msgid "Dynamic IP Address Assignment (DHCP Client)"
13166
13197
msgstr ""
13167
13198
13168
#: serverguide/C/network-config.xml:250(para)
13199
#: serverguide/C/network-config.xml:246(para)
13169
13200
msgid ""
13170
13201
"To configure your server to use DHCP for dynamic address assignment, add the "
13171
13202
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
13175
13206
"role=\"italic\">eth0</emphasis>."
13176
13207
msgstr ""
13177
13208
13178
#: serverguide/C/network-config.xml:257(programlisting)
13209
#: serverguide/C/network-config.xml:253(programlisting)
13179
13210
#, no-wrap
13180
13211
msgid ""
13181
13212
"\n"
13183
13214
"iface eth0 inet dhcp\n"
13184
13215
msgstr ""
13185
13216
13186
#: serverguide/C/network-config.xml:261(para)
13217
#: serverguide/C/network-config.xml:257(para)
13187
13218
msgid ""
13188
13219
"By adding an interface configuration as shown above, you can manually enable "
13189
13220
"the interface through the <application>ifup</application> command which "
13190
13221
"initiates the DHCP process via <application>dhclient</application>."
13191
13222
msgstr ""
13192
13223
13193
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
13224
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
13194
13225
msgid "sudo ifup eth0"
13195
13226
msgstr ""
13196
13227
13197
#: serverguide/C/network-config.xml:269(para)
13228
#: serverguide/C/network-config.xml:265(para)
13198
13229
msgid ""
13199
13230
"To manually disable the interface, you can use the "
13200
13231
"<application>ifdown</application> command, which in turn will initiate the "
13201
13232
"DHCP release process and shut down the interface."
13202
13233
msgstr ""
13203
13234
13204
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
13235
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
13205
13236
msgid "sudo ifdown eth0"
13206
13237
msgstr ""
13207
13238
13208
#: serverguide/C/network-config.xml:280(title)
13239
#: serverguide/C/network-config.xml:276(title)
13209
13240
msgid "Static IP Address Assignment"
13210
13241
msgstr ""
13211
13242
13212
#: serverguide/C/network-config.xml:281(para)
13243
#: serverguide/C/network-config.xml:277(para)
13213
13244
msgid ""
13214
13245
"To configure your system to use a static IP address assignment, add the "
13215
13246
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
13223
13254
"network."
13224
13255
msgstr ""
13225
13256
13226
#: serverguide/C/network-config.xml:290(programlisting)
13257
#: serverguide/C/network-config.xml:286(programlisting)
13227
13258
#, no-wrap
13228
13259
msgid ""
13229
13260
"\n"
13234
13265
"gateway 10.0.0.1\n"
13235
13266
msgstr ""
13236
13267
13237
#: serverguide/C/network-config.xml:297(para)
13268
#: serverguide/C/network-config.xml:293(para)
13238
13269
msgid ""
13239
13270
"By adding an interface configuration as shown above, you can manually enable "
13240
13271
"the interface through the <application>ifup</application> command."
13241
13272
msgstr ""
13242
13273
13243
#: serverguide/C/network-config.xml:304(para)
13274
#: serverguide/C/network-config.xml:300(para)
13244
13275
msgid ""
13245
13276
"To manually disable the interface, you can use the "
13246
13277
"<application>ifdown</application> command."
13247
13278
msgstr ""
13248
13279
13249
#: serverguide/C/network-config.xml:314(title)
13280
#: serverguide/C/network-config.xml:310(title)
13250
13281
msgid "Loopback Interface"
13251
13282
msgstr ""
13252
13283
13253
#: serverguide/C/network-config.xml:315(para)
13284
#: serverguide/C/network-config.xml:311(para)
13254
13285
msgid ""
13255
13286
"The loopback interface is identified by the system as <emphasis "
13256
13287
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
13257
13288
"can be viewed using the ifconfig command."
13258
13289
msgstr ""
13259
13290
13260
#: serverguide/C/network-config.xml:320(command)
13291
#: serverguide/C/network-config.xml:316(command)
13261
13292
msgid "ifconfig lo"
13262
13293
msgstr ""
13263
13294
13264
#: serverguide/C/network-config.xml:321(computeroutput)
13295
#: serverguide/C/network-config.xml:317(computeroutput)
13265
13296
#, no-wrap
13266
13297
msgid ""
13267
13298
"lo Link encap:Local Loopback \n"
13274
13305
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
13275
13306
msgstr ""
13276
13307
13277
#: serverguide/C/network-config.xml:330(para)
13308
#: serverguide/C/network-config.xml:326(para)
13278
13309
msgid ""
13279
13310
"By default, there should be two lines in "
13280
13311
"<filename>/etc/network/interfaces</filename> responsible for automatically "
13283
13314
"example of the two default lines are shown below."
13284
13315
msgstr ""
13285
13316
13286
#: serverguide/C/network-config.xml:336(programlisting)
13317
#: serverguide/C/network-config.xml:332(programlisting)
13287
13318
#, no-wrap
13288
13319
msgid ""
13289
13320
"\n"
13291
13322
"iface lo inet loopback\n"
13292
13323
msgstr ""
13293
13324
13294
#: serverguide/C/network-config.xml:345(title)
13325
#: serverguide/C/network-config.xml:341(title)
13295
13326
msgid "Name Resolution"
13296
13327
msgstr ""
13297
13328
13298
#: serverguide/C/network-config.xml:346(para)
13329
#: serverguide/C/network-config.xml:342(para)
13299
13330
msgid ""
13300
13331
"Name resolution as it relates to IP networking is the process of mapping IP "
13301
13332
"addresses to hostnames, making it easier to identify resources on a network. "
13303
13334
"name resolution using DNS and static hostname records."
13304
13335
msgstr ""
13305
13336
13306
#: serverguide/C/network-config.xml:354(title)
13337
#: serverguide/C/network-config.xml:350(title)
13307
13338
msgid "DNS Client Configuration"
13308
13339
msgstr ""
13309
13340
13310
#: serverguide/C/network-config.xml:366(programlisting)
13341
#: serverguide/C/network-config.xml:362(programlisting)
13311
13342
#, no-wrap
13312
13343
msgid ""
13313
13344
"\n"
13340
13371
"following:"
13341
13372
msgstr ""
13342
13373
13343
#: serverguide/C/network-config.xml:377(programlisting)
13374
#: serverguide/C/network-config.xml:373(programlisting)
13344
13375
#, no-wrap
13345
13376
msgid ""
13346
13377
"\n"
13352
13383
" dns-nameservers 192.168.3.45 192.168.8.10\n"
13353
13384
msgstr ""
13354
13385
13355
#: serverguide/C/network-config.xml:386(para)
13386
#: serverguide/C/network-config.xml:382(para)
13356
13387
msgid ""
13357
13388
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
13358
13389
"multiple domain names so that DNS queries will be appended in the order in "
13363
13394
"role=\"italic\">dev.example.com</emphasis>."
13364
13395
msgstr ""
13365
13396
13366
#: serverguide/C/network-config.xml:393(para)
13397
#: serverguide/C/network-config.xml:389(para)
13367
13398
msgid ""
13368
13399
"If you have multiple domains you wish to search, your configuration might "
13369
13400
"look like the following:"
13370
13401
msgstr ""
13371
13402
13372
#: serverguide/C/network-config.xml:397(programlisting)
13403
#: serverguide/C/network-config.xml:393(programlisting)
13373
13404
#, no-wrap
13374
13405
msgid ""
13375
13406
"\n"
13381
13412
" dns-nameservers 192.168.3.45 192.168.8.10\n"
13382
13413
msgstr ""
13383
13414
13384
#: serverguide/C/network-config.xml:406(para)
13415
#: serverguide/C/network-config.xml:402(para)
13385
13416
msgid ""
13386
13417
"If you try to ping a host with the name of <emphasis "
13387
13418
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
13388
13419
"for its Fully Qualified Domain Name (FQDN) in the following order:"
13389
13420
msgstr ""
13390
13421
13391
#: serverguide/C/network-config.xml:413(para)
13422
#: serverguide/C/network-config.xml:409(para)
13392
13423
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
13393
13424
msgstr ""
13394
13425
13395
#: serverguide/C/network-config.xml:418(para)
13426
#: serverguide/C/network-config.xml:414(para)
13396
13427
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
13397
13428
msgstr ""
13398
13429
13399
#: serverguide/C/network-config.xml:423(para)
13430
#: serverguide/C/network-config.xml:419(para)
13400
13431
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
13401
13432
msgstr ""
13402
13433
13403
#: serverguide/C/network-config.xml:428(para)
13434
#: serverguide/C/network-config.xml:424(para)
13404
13435
msgid ""
13405
13436
"If no matches are found, the DNS server will provide a result of <emphasis "
13406
13437
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
13407
13438
msgstr ""
13408
13439
13409
#: serverguide/C/network-config.xml:435(title)
13440
#: serverguide/C/network-config.xml:431(title)
13410
13441
msgid "Static Hostnames"
13411
13442
msgstr ""
13412
13443
13413
#: serverguide/C/network-config.xml:436(para)
13444
#: serverguide/C/network-config.xml:432(para)
13414
13445
msgid ""
13415
13446
"Static hostnames are locally defined hostname-to-IP mappings located in the "
13416
13447
"file <filename>/etc/hosts</filename>. Entries in the "
13422
13453
"conveniently set to use static hostnames instead of DNS."
13423
13454
msgstr ""
13424
13455
13425
#: serverguide/C/network-config.xml:443(para)
13456
#: serverguide/C/network-config.xml:439(para)
13426
13457
msgid ""
13427
13458
"The following is an example of a <filename>hosts</filename> file where a "
13428
13459
"number of local servers have been identified by simple hostnames, aliases "
13429
13460
"and their equivalent Fully Qualified Domain Names (FQDN's)."
13430
13461
msgstr ""
13431
13462
13432
#: serverguide/C/network-config.xml:447(programlisting)
13463
#: serverguide/C/network-config.xml:443(programlisting)
13433
13464
#, no-wrap
13434
13465
msgid ""
13435
13466
"\n"
13441
13472
"10.0.0.14\tserver4 server4.example.com file\n"
13442
13473
msgstr ""
13443
13474
13444
#: serverguide/C/network-config.xml:456(para)
13475
#: serverguide/C/network-config.xml:452(para)
13445
13476
msgid ""
13446
13477
"In the above example, notice that each of the servers have been given "
13447
13478
"aliases in addition to their proper names and FQDN's. <emphasis "
13454
13485
"role=\"italic\">file</emphasis>."
13455
13486
msgstr ""
13456
13487
13457
#: serverguide/C/network-config.xml:468(title)
13488
#: serverguide/C/network-config.xml:464(title)
13458
13489
msgid "Name Service Switch Configuration"
13459
13490
msgstr ""
13460
13491
13461
#: serverguide/C/network-config.xml:469(para)
13492
#: serverguide/C/network-config.xml:465(para)
13462
13493
msgid ""
13463
13494
"The order in which your system selects a method of resolving hostnames to IP "
13464
13495
"addresses is controlled by the Name Service Switch (NSS) configuration file "
13469
13500
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
13470
13501
msgstr ""
13471
13502
13472
#: serverguide/C/network-config.xml:477(programlisting)
13503
#: serverguide/C/network-config.xml:473(programlisting)
13473
13504
#, no-wrap
13474
13505
msgid ""
13475
13506
"\n"
13476
13507
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
13477
13508
msgstr ""
13478
13509
13479
#: serverguide/C/network-config.xml:483(para)
13510
#: serverguide/C/network-config.xml:479(para)
13480
13511
msgid ""
13481
13512
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
13482
13513
"hostnames located in <filename>/etc/hosts</filename>."
13483
13514
msgstr ""
13484
13515
13485
#: serverguide/C/network-config.xml:489(para)
13516
#: serverguide/C/network-config.xml:485(para)
13486
13517
msgid ""
13487
13518
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
13488
13519
"name using Multicast DNS."
13489
13520
msgstr ""
13490
13521
13491
#: serverguide/C/network-config.xml:494(para)
13522
#: serverguide/C/network-config.xml:490(para)
13492
13523
msgid ""
13493
13524
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
13494
13525
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
13497
13528
"answer."
13498
13529
msgstr ""
13499
13530
13500
#: serverguide/C/network-config.xml:502(para)
13531
#: serverguide/C/network-config.xml:498(para)
13501
13532
msgid ""
13502
13533
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
13503
13534
msgstr ""
13504
13535
13505
#: serverguide/C/network-config.xml:507(para)
13536
#: serverguide/C/network-config.xml:503(para)
13506
13537
msgid ""
13507
13538
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
13508
13539
msgstr ""
13509
13540
13510
#: serverguide/C/network-config.xml:513(para)
13541
#: serverguide/C/network-config.xml:509(para)
13511
13542
msgid ""
13512
13543
"To modify the order of the above mentioned name resolution methods, you can "
13513
13544
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
13516
13547
"<filename>/etc/nsswitch.conf</filename> as shown below."
13517
13548
msgstr ""
13518
13549
13519
#: serverguide/C/network-config.xml:520(programlisting)
13550
#: serverguide/C/network-config.xml:516(programlisting)
13520
13551
#, no-wrap
13521
13552
msgid ""
13522
13553
"\n"
13523
13554
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
13524
13555
msgstr ""
13525
13556
13526
#: serverguide/C/network-config.xml:527(title)
13557
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
13527
13558
msgid "Bridging"
13528
13559
msgstr ""
13529
13560
13530
#: serverguide/C/network-config.xml:529(para)
13561
#: serverguide/C/network-config.xml:525(para)
13531
13562
msgid ""
13532
13563
"Bridging multiple interfaces is a more advanced configuration, but is very "
13533
13564
"useful in multiple scenarios. One scenario is setting up a bridge with "
13537
13568
"The following example covers the latter scenario."
13538
13569
msgstr ""
13539
13570
13540
#: serverguide/C/network-config.xml:536(para)
13571
#: serverguide/C/network-config.xml:532(para)
13541
13572
msgid ""
13542
13573
"Before configuring a bridge you will need to install the <application>bridge-"
13543
13574
"utils</application> package. To install the package, in a terminal enter:"
13544
13575
msgstr ""
13545
13576
13546
#: serverguide/C/network-config.xml:545(para)
13577
#: serverguide/C/network-config.xml:541(para)
13547
13578
msgid ""
13548
13579
"Next, configure the bridge by editing "
13549
13580
"<filename>/etc/network/interfaces</filename>:"
13550
13581
msgstr ""
13551
13582
13552
#: serverguide/C/network-config.xml:549(programlisting)
13583
#: serverguide/C/network-config.xml:545(programlisting)
13553
13584
#, no-wrap
13554
13585
msgid ""
13555
13586
"\n"
13586
13617
" bridge_maxage 12\n"
13587
13618
" bridge_stp off\n"
13588
13619
13589
#: serverguide/C/network-config.xml:568(para)
13620
#: serverguide/C/network-config.xml:564(para)
13590
13621
msgid "Enter the appropriate values for your physical interface and network."
13591
13622
msgstr "为你的物理接口和网络输入相应的值。"
13592
13623
13598
13629
msgid "sudo ifup br0"
13599
13630
msgstr ""
13600
13631
13601
#: serverguide/C/network-config.xml:580(para)
13632
#: serverguide/C/network-config.xml:576(para)
13602
13633
msgid ""
13603
13634
"The new bridge interface should now be up and running. The "
13604
13635
"<application>brctl</application> provides useful information about the state "
13606
13637
"<command>man brctl</command> for more information."
13607
13638
msgstr ""
13608
13639
13609
#: serverguide/C/network-config.xml:596(para)
13640
#: serverguide/C/network-config.xml:592(para)
13610
13641
msgid ""
13611
13642
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
13612
13643
"Network page</ulink> has links to articles covering more advanced network "
13613
13644
"configuration."
13614
13645
msgstr ""
13615
13646
13616
#: serverguide/C/network-config.xml:602(para)
13647
#: serverguide/C/network-config.xml:598(para)
13617
13648
msgid ""
13618
13649
"The <ulink "
13619
13650
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
13620
13651
" man page</ulink> has more information on resolvconf."
13621
13652
msgstr ""
13622
13653
13623
#: serverguide/C/network-config.xml:608(para)
13654
#: serverguide/C/network-config.xml:604(para)
13624
13655
msgid ""
13625
13656
"The <ulink "
13626
13657
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
13628
13659
"<filename>/etc/network/interfaces</filename>."
13629
13660
msgstr ""
13630
13661
13631
#: serverguide/C/network-config.xml:614(para)
13662
#: serverguide/C/network-config.xml:610(para)
13632
13663
msgid ""
13633
13664
"The <ulink "
13634
13665
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
13636
13667
"settings."
13637
13668
msgstr ""
13638
13669
13639
#: serverguide/C/network-config.xml:620(para)
13670
#: serverguide/C/network-config.xml:616(para)
13640
13671
msgid ""
13641
13672
"For more information on DNS client configuration see the <ulink "
13642
13673
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
13655
13686
"\">Networking-Bridge</ulink> page."
13656
13687
msgstr ""
13657
13688
13658
#: serverguide/C/network-config.xml:639(title)
13689
#: serverguide/C/network-config.xml:635(title)
13659
13690
msgid "TCP/IP"
13660
13691
msgstr "TCP/IP"
13661
13692
13662
#: serverguide/C/network-config.xml:640(para)
13693
#: serverguide/C/network-config.xml:636(para)
13663
13694
msgid ""
13664
13695
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
13665
13696
"standard set of protocols developed in the late 1970s by the Defense "
13672
13703
"(DARPA)作为在不同类型计算机及计算机网络之间的通信手段而被开发的一个标准协议簇。TCP/IP 是 Internet "
13673
13704
"的驱动力,因此它是全球最流行的网络协议簇。"
13674
13705
13675
#: serverguide/C/network-config.xml:648(title)
13706
#: serverguide/C/network-config.xml:644(title)
13676
13707
msgid "TCP/IP Introduction"
13677
13708
msgstr "TCP/IP 介绍"
13678
13709
13679
#: serverguide/C/network-config.xml:649(para)
13710
#: serverguide/C/network-config.xml:645(para)
13680
13711
msgid ""
13681
13712
"The two protocol components of TCP/IP deal with different aspects of "
13682
13713
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
13691
13722
"host."
13692
13723
msgstr ""
13693
13724
13694
#: serverguide/C/network-config.xml:662(title)
13725
#: serverguide/C/network-config.xml:658(title)
13695
13726
msgid "TCP/IP Configuration"
13696
13727
msgstr "TCP/IP 配置"
13697
13728
13698
#: serverguide/C/network-config.xml:663(para)
13729
#: serverguide/C/network-config.xml:659(para)
13699
13730
msgid ""
13700
13731
"The TCP/IP protocol configuration consists of several elements which must be "
13701
13732
"set by editing the appropriate configuration files, or deploying solutions "
13708
13739
"TCP/IP 协议配置由必须设置的几个元素组成,可以通过编辑相应的配置文件或配置方案如动态主机配置协议 (DHCP) 来设置,它可以配置成提供适当的 "
13709
13740
"TCP/IP 配置来自动设置网络客户机。这些配置值必须正确设置,以便于您的 Ubuntu 系统进行相应网络操作。"
13710
13741
13711
#: serverguide/C/network-config.xml:675(para)
13742
#: serverguide/C/network-config.xml:671(para)
13712
13743
msgid ""
13713
13744
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
13714
13745
"identifying string expressed as four decimal numbers ranging from zero (0) "
13721
13752
"255 的十进制数组成。 每部分由8个比特表示,整个地址总长为32个比特。这种格式被称为 <emphasis>dotted quad "
13722
13753
"notation</emphasis>。"
13723
13754
13724
#: serverguide/C/network-config.xml:685(para)
13755
#: serverguide/C/network-config.xml:681(para)
13725
13756
msgid ""
13726
13757
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13727
13758
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13735
13766
"是一个局部位掩码,或用指定的 <emphasis>子网掩码</emphasis> 来将IP 地址中的网络分隔出来的一组标识。举个例子,在 C "
13736
13767
"类网络中,标准的掩码是 255.255.255.0 屏蔽了 IP 地址的前三个字节,并允许 IP 地址的最后一个字节指定子网中的主机。"
13737
13768
13738
#: serverguide/C/network-config.xml:696(para)
13769
#: serverguide/C/network-config.xml:692(para)
13739
13770
msgid ""
13740
13771
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13741
13772
"represents the bytes comprising the network portion of an IP address. For "
13752
13783
"的字节表示可能的主机值的。网络主机使用象 192.168.1.100 这样的私有 IP 地址将使用 192.168.1.0 "
13753
13784
"作为网络地址,其用前三个字节来指定 C 类 192.168.1 网络,而用一个 0 来表示网络上所有可能的主机。"
13754
13785
13755
#: serverguide/C/network-config.xml:709(para)
13786
#: serverguide/C/network-config.xml:705(para)
13756
13787
msgid ""
13757
13788
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13758
13789
"is an IP address which allows network data to be sent simultaneously to all "
13771
13802
"上的每台主机发送一个广播消息,因为路由器会阻止它。更特定的广播地址被设置成匹配特定的子网。例如,在私有 C 类 IP 网 192.168.1.0 "
13772
13803
"中,广播地址为 192.168.1.255。广播消息一般都是由网络协议产生的,如地址解析协议 (ARP) 和路由信息协议 (RIP)。"
13773
13804
13774
#: serverguide/C/network-config.xml:722(para)
13805
#: serverguide/C/network-config.xml:718(para)
13775
13806
msgid ""
13776
13807
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13777
13808
"IP address through which a particular network, or host on a network, may be "
13788
13819
"<emphasis>网关</emphasis>。在很多情况下,网关地址会是同一个网络中的某台路由器,其会接着将网络流量输送到其它的网络或主机,如 "
13789
13820
"Internet 主机。网关地址设置必须正确,否则您的系统将除了在同一个网络中的主机外不能到达任何其它主机。"
13790
13821
13791
#: serverguide/C/network-config.xml:733(para)
13822
#: serverguide/C/network-config.xml:729(para)
13792
13823
msgid ""
13793
13824
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13794
13825
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13814
13845
"command typed at a terminal prompt:"
13815
13846
msgstr ""
13816
13847
13817
#: serverguide/C/network-config.xml:754(para)
13848
#: serverguide/C/network-config.xml:750(para)
13818
13849
msgid ""
13819
13850
"Access the system manual page for <filename>interfaces</filename> with the "
13820
13851
"following command:"
13821
13852
msgstr "查阅 <filename>interfaces</filename> 系统手册页,可用以下命令:"
13822
13853
13823
#: serverguide/C/network-config.xml:759(command)
13854
#: serverguide/C/network-config.xml:755(command)
13824
13855
msgid "man interfaces"
13825
13856
msgstr "man interfaces"
13826
13857
13827
#: serverguide/C/network-config.xml:671(para)
13858
#: serverguide/C/network-config.xml:667(para)
13828
13859
msgid ""
13829
13860
"The common configuration elements of TCP/IP and their purposes are as "
13830
13861
"follows: <placeholder-1/>"
13831
13862
msgstr "TCP/IP 常用配置元素及其作用如下所示:<placeholder-1/>"
13832
13863
13833
#: serverguide/C/network-config.xml:767(title)
13864
#: serverguide/C/network-config.xml:771(title)
13834
13865
msgid "IP Routing"
13835
13866
msgstr "IP 路由"
13836
13867
13837
#: serverguide/C/network-config.xml:768(para)
13868
#: serverguide/C/network-config.xml:772(para)
13838
13869
msgid ""
13839
13870
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13840
13871
"network along which network data may be sent. Routing uses a set of "
13848
13879
"来指示网络数据包从源地址转发到目的地,经常是通过许多叫做 <emphasis>路由器</emphasis> 的网络节点做中转。IP "
13849
13880
"路由分为两种主要形式:<emphasis>静态</emphasis> 和 <emphasis>动态路由。</emphasis>"
13850
13881
13851
#: serverguide/C/network-config.xml:777(para)
13882
#: serverguide/C/network-config.xml:781(para)
13852
13883
msgid ""
13853
13884
"Static routing involves manually adding IP routes to the system's routing "
13854
13885
"table, and this is usually done by manipulating the routing table with the "
13867
13898
",以及在连接其它的路由器和网络时由于无需动态路由协议所带来的低开销。然而,静态路由同样也存在一些缺点。例如,静态路由仅限于在小型网络中使用,没有很好的递增"
13868
13899
"适应性。而由于其路由固定的本质,静态路由在遇到沿路由的网络失效时也会完全失效。"
13869
13900
13870
#: serverguide/C/network-config.xml:787(para)
13901
#: serverguide/C/network-config.xml:791(para)
13871
13902
msgid ""
13872
13903
"Dynamic routing depends on large networks with multiple possible IP routes "
13873
13904
"from a source to a destination and makes use of special routing protocols, "
13888
13919
"手工配置路由表,因为路由器可以相互学到其他已有并且可用的路由器。这一特性也消除了由于人为错误而在路由表中引入错误的可能。然而,动态路由也并不完美,其表现出"
13889
13920
"来的缺点如相当复杂以及由于路由器通信所带来的额外的网络开销,后者并不能使最终用户由此获益,却仍旧会消耗网络带宽。"
13890
13921
13891
#: serverguide/C/network-config.xml:801(title)
13922
#: serverguide/C/network-config.xml:805(title)
13892
13923
msgid "TCP and UDP"
13893
13924
msgstr "TCP 和 UDP"
13894
13925
13895
#: serverguide/C/network-config.xml:802(para)
13926
#: serverguide/C/network-config.xml:806(para)
13896
13927
msgid ""
13897
13928
"TCP is a connection-based protocol, offering error correction and guaranteed "
13898
13929
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13906
13937
"来确保数据的送达。流量控制决定像什么时候需要停止一个数据流,以及在出现诸如 <emphasis>冲突</emphasis> "
13907
13938
"等问题时重发先前发送的数据包,以确保完整和准确的数据传输。TCP 常用于重要信息的交换,如数据库事务。"
13908
13939
13909
#: serverguide/C/network-config.xml:810(para)
13940
#: serverguide/C/network-config.xml:814(para)
13910
13941
msgid ""
13911
13942
"The User Datagram Protocol (UDP), on the other hand, is a "
13912
13943
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13920
13951
"协议,很少用于重要数据的传输,因为缺乏流量控制或其他一些确保可靠数据传输的方法。UDP 常用在如音视频流这样的应用程序,由于它缺少纠错和流控,因此相对于 "
13921
13952
"TCP 来说更快,而且丢失少量包通常也不会造成灾难性的后果。"
13922
13953
13923
#: serverguide/C/network-config.xml:820(title)
13954
#: serverguide/C/network-config.xml:824(title)
13924
13955
msgid "ICMP"
13925
13956
msgstr "ICMP"
13926
13957
13927
#: serverguide/C/network-config.xml:821(para)
13958
#: serverguide/C/network-config.xml:825(para)
13928
13959
msgid ""
13929
13960
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13930
13961
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13942
13973
"所返回的错误消息示例包括 <emphasis>Destination Unreachable</emphasis> 和 <emphasis>Time "
13943
13974
"Exceeded</emphasis>。"
13944
13975
13945
#: serverguide/C/network-config.xml:831(title)
13976
#: serverguide/C/network-config.xml:835(title)
13946
13977
msgid "Daemons"
13947
13978
msgstr "守护程序"
13948
13979
13949
#: serverguide/C/network-config.xml:832(para)
13980
#: serverguide/C/network-config.xml:836(para)
13950
13981
msgid ""
13951
13982
"Daemons are special system applications which typically execute continuously "
13952
13983
"in the background and await requests for the functions they provide from "
13974
14005
"that contain more useful information."
13975
14006
msgstr ""
13976
14007
13977
#: serverguide/C/network-config.xml:853(para)
14008
#: serverguide/C/network-config.xml:857(para)
13978
14009
msgid ""
13979
14010
"Also, see the <ulink "
13980
14011
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13981
14012
"and Technical Overview</ulink> IBM Redbook."
13982
14013
msgstr ""
13983
14014
13984
#: serverguide/C/network-config.xml:859(para)
14015
#: serverguide/C/network-config.xml:863(para)
13985
14016
msgid ""
13986
14017
"Another resource is O'Reilly's <ulink "
13987
14018
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13988
14019
"Administration</ulink>."
13989
14020
msgstr ""
13990
14021
13991
#: serverguide/C/network-config.xml:868(title)
14022
#: serverguide/C/network-config.xml:872(title)
13992
14023
msgid "Dynamic Host Configuration Protocol (DHCP)"
13993
14024
msgstr "动态主机配置协议 (DHCP)"
13994
14025
13995
#: serverguide/C/network-config.xml:869(para)
14026
#: serverguide/C/network-config.xml:873(para)
13996
14027
msgid ""
13997
14028
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13998
14029
"enables host computers to be automatically assigned settings from a server "
14003
14034
"动态主机配置协议 (DHCP) 是一种网络服务,相对于手工为每台网络主机配置,它使网络主机可能自动被服务器指定设置。被配置成 DHCP "
14004
14035
"客户端的计算机并不能控制其从 DHCP 服务器得到的设置,且该配置对于计算机用户来说是透明的。"
14005
14036
14006
#: serverguide/C/network-config.xml:876(para)
14037
#: serverguide/C/network-config.xml:880(para)
14007
14038
msgid ""
14008
14039
"The most common settings provided by a DHCP server to DHCP clients include:"
14009
14040
msgstr "由 DHCP 服务器提供给 DHCP 客户端最常用的设置包括:"
14010
14041
14011
#: serverguide/C/network-config.xml:881(para)
14042
#: serverguide/C/network-config.xml:885(para)
14012
14043
msgid "IP address and netmask"
14013
14044
msgstr ""
14014
14045
14015
#: serverguide/C/network-config.xml:884(para)
14046
#: serverguide/C/network-config.xml:888(para)
14016
14047
msgid "IP address of the default-gateway to use"
14017
14048
msgstr ""
14018
14049
14019
#: serverguide/C/network-config.xml:887(para)
14050
#: serverguide/C/network-config.xml:891(para)
14020
14051
msgid "IP adresses of the DNS servers to use"
14021
14052
msgstr ""
14022
14053
14023
#: serverguide/C/network-config.xml:890(para)
14054
#: serverguide/C/network-config.xml:894(para)
14024
14055
msgid ""
14025
14056
"However, a DHCP server can also supply configuration properties such as:"
14026
14057
msgstr "然而,一个 DHCP 服务器也支持配置如下属性,如:"
14027
14058
14028
#: serverguide/C/network-config.xml:895(para)
14059
#: serverguide/C/network-config.xml:899(para)
14029
14060
msgid "Host Name"
14030
14061
msgstr "主机名"
14031
14062
14032
#: serverguide/C/network-config.xml:898(para)
14063
#: serverguide/C/network-config.xml:902(para)
14033
14064
msgid "Domain Name"
14034
14065
msgstr "域名"
14035
14066
14036
#: serverguide/C/network-config.xml:901(para)
14067
#: serverguide/C/network-config.xml:905(para)
14037
14068
msgid "Time Server"
14038
14069
msgstr "时间服务器"
14039
14070
14040
#: serverguide/C/network-config.xml:907(para)
14071
#: serverguide/C/network-config.xml:911(para)
14041
14072
msgid ""
14042
14073
"The advantage of using DHCP is that changes to the network, for example a "
14043
14074
"change in the address of the DNS server, need only be changed at the DHCP "
14051
14082
"客户端下一次轮询 DHCP 服务器时被重新配置。另一个好处就是,它在将新计算机整合到网络时也更容易,因为不需要再检查 IP 地址的有效性。同时也减少 "
14052
14083
"IP 地址的冲突。"
14053
14084
14054
#: serverguide/C/network-config.xml:915(para)
14085
#: serverguide/C/network-config.xml:919(para)
14055
14086
msgid ""
14056
14087
"A DHCP server can provide configuration settings using the following methods:"
14057
14088
msgstr ""
14058
14089
14059
#: serverguide/C/network-config.xml:920(term)
14090
#: serverguide/C/network-config.xml:924(term)
14060
14091
msgid "Manual allocation (MAC address)"
14061
14092
msgstr ""
14062
14093
14063
#: serverguide/C/network-config.xml:922(para)
14094
#: serverguide/C/network-config.xml:926(para)
14064
14095
msgid ""
14065
14096
"This method entails using DHCP to identify the unique hardware address of "
14066
14097
"each network card connected to the network and then continually supplying a "
14069
14100
"assigned automatically to that network card, based on it's MAC address."
14070
14101
msgstr ""
14071
14102
14072
#: serverguide/C/network-config.xml:933(term)
14103
#: serverguide/C/network-config.xml:937(term)
14073
14104
msgid "Dynamic allocation (address pool)"
14074
14105
msgstr ""
14075
14106
14087
14118
"renegociate the lease with the server to maintain use of the address."
14088
14119
msgstr ""
14089
14120
14090
#: serverguide/C/network-config.xml:949(term)
14121
#: serverguide/C/network-config.xml:952(term)
14091
14122
msgid "Automatic allocation"
14092
14123
msgstr ""
14093
14124
14094
#: serverguide/C/network-config.xml:951(para)
14125
#: serverguide/C/network-config.xml:954(para)
14095
14126
msgid ""
14096
14127
"Using this method, the DHCP automatically assigns an IP address permanently "
14097
14128
"to a device, selecting it from a pool of available addresses. Usually DHCP "
14113
14144
"and configure and will be automatically started at system boot."
14114
14145
msgstr ""
14115
14146
14116
#: serverguide/C/network-config.xml:974(para)
14147
#: serverguide/C/network-config.xml:976(para)
14117
14148
msgid ""
14118
14149
"At a terminal prompt, enter the following command to install "
14119
14150
"<application>dhcpd</application>:"
14120
14151
msgstr "要安装 <application>dhcpd</application>,可以在终端提示符后输入以下命令:"
14121
14152
14122
#: serverguide/C/network-config.xml:979(command)
14153
#: serverguide/C/network-config.xml:981(command)
14123
14154
msgid "sudo apt-get install isc-dhcp-server"
14124
14155
msgstr ""
14125
14156
14126
#: serverguide/C/network-config.xml:981(para)
14157
#: serverguide/C/network-config.xml:983(para)
14127
14158
msgid ""
14128
14159
"You will probably need to change the default configuration by editing "
14129
14160
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
14130
14161
msgstr ""
14131
14162
14132
#: serverguide/C/network-config.xml:985(para)
14163
#: serverguide/C/network-config.xml:987(para)
14133
14164
msgid ""
14134
14165
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
14135
14166
"interfaces dhcpd should listen to."
14136
14167
msgstr ""
14137
14168
14138
#: serverguide/C/network-config.xml:989(para)
14169
#: serverguide/C/network-config.xml:991(para)
14139
14170
msgid ""
14140
14171
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
14141
14172
"messages."
14142
14173
msgstr "注意:dhcpd 的消息会被发往 syslog。可以在那里寻找诊断信息。"
14143
14174
14144
#: serverguide/C/network-config.xml:996(para)
14175
#: serverguide/C/network-config.xml:998(para)
14145
14176
msgid ""
14146
14177
"The error message the installation ends with might be a little confusing, "
14147
14178
"but the following steps will help you configure the service:"
14148
14179
msgstr "安装结束后的错误消息可能会带来小小的困惑,不过下面几步将帮助您配置服务:"
14149
14180
14150
#: serverguide/C/network-config.xml:1000(para)
14181
#: serverguide/C/network-config.xml:1002(para)
14151
14182
msgid ""
14152
14183
"Most commonly, what you want to do is assign an IP address randomly. This "
14153
14184
"can be done with settings as follows:"
14154
14185
msgstr "通常,您想做的是随机指定一个 IP 地址。这可以通过以下设置来实现:"
14155
14186
14156
#: serverguide/C/network-config.xml:1004(programlisting)
14187
#: serverguide/C/network-config.xml:1006(programlisting)
14157
14188
#, no-wrap
14158
14189
msgid ""
14159
14190
"\n"
14169
14200
"} \n"
14170
14201
msgstr ""
14171
14202
14172
#: serverguide/C/network-config.xml:1016(para)
14203
#: serverguide/C/network-config.xml:1018(para)
14173
14204
msgid ""
14174
14205
"This will result in the DHCP server giving clients an IP address from the "
14175
14206
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
14179
14210
"192.168.1.1 and 192.168.1.2 as its DNS servers."
14180
14211
msgstr ""
14181
14212
14182
#: serverguide/C/network-config.xml:1024(para)
14213
#: serverguide/C/network-config.xml:1026(para)
14183
14214
msgid ""
14184
14215
"After changing the config file you have to restart the "
14185
14216
"<application>dhcpd</application>:"
14189
14220
msgid "sudo service isc-dhcp-server restart"
14190
14221
msgstr ""
14191
14222
14192
#: serverguide/C/network-config.xml:1037(para)
14223
#: serverguide/C/network-config.xml:1039(para)
14193
14224
msgid ""
14194
14225
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
14195
14226
"server Ubuntu Wiki</ulink> page has more information."
14202
14233
"dhcpd.conf man page</ulink>."
14203
14234
msgstr ""
14204
14235
14205
#: serverguide/C/network-config.xml:1049(ulink)
14236
#: serverguide/C/network-config.xml:1051(ulink)
14206
14237
msgid "ISC dhcp-server"
14207
14238
msgstr ""
14208
14239
14209
#: serverguide/C/network-config.xml:1058(title)
14240
#: serverguide/C/network-config.xml:1060(title)
14210
14241
msgid "Time Synchronisation with NTP"
14211
14242
msgstr "使用 NTP 进行时间同步"
14212
14243
14213
#: serverguide/C/network-config.xml:1059(para)
14244
#: serverguide/C/network-config.xml:1061(para)
14214
14245
msgid ""
14215
14246
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
14216
14247
"client requests the current time from a server, and uses it to set its own "
14217
14248
"clock."
14218
14249
msgstr "NTP 是通过网络来同步时间的一种 TCP/IP 协议。通常客户端向服务器请求当前的时间,并根据结果来设置其时钟。"
14219
14250
14220
#: serverguide/C/network-config.xml:1062(para)
14251
#: serverguide/C/network-config.xml:1064(para)
14221
14252
msgid ""
14222
14253
"Behind this simple description, there is a lot of complexity - there are "
14223
14254
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
14229
14260
"from you!"
14230
14261
msgstr ""
14231
14262
14232
#: serverguide/C/network-config.xml:1065(para)
14263
#: serverguide/C/network-config.xml:1067(para)
14233
14264
msgid "Ubuntu uses ntpdate and ntpd."
14234
14265
msgstr ""
14235
14266
14236
#: serverguide/C/network-config.xml:1070(title)
14267
#: serverguide/C/network-config.xml:1072(title)
14237
14268
msgid "ntpdate"
14238
14269
msgstr "ntpdate"
14239
14270
14240
#: serverguide/C/network-config.xml:1071(para)
14271
#: serverguide/C/network-config.xml:1073(para)
14241
14272
msgid ""
14242
14273
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
14243
14274
"set up your time according to Ubuntu's NTP server."
14244
14275
msgstr ""
14245
14276
14246
#: serverguide/C/network-config.xml:1074(programlisting)
14277
#: serverguide/C/network-config.xml:1076(programlisting)
14247
14278
#, no-wrap
14248
14279
msgid ""
14249
14280
"\n"
14250
14281
"ntpdate -s ntp.ubuntu.com\n"
14251
14282
msgstr ""
14252
14283
14253
#: serverguide/C/network-config.xml:1080(title)
14284
#: serverguide/C/network-config.xml:1082(title)
14254
14285
msgid "ntpd"
14255
14286
msgstr "ntpd"
14256
14287
14257
#: serverguide/C/network-config.xml:1081(para)
14288
#: serverguide/C/network-config.xml:1083(para)
14258
14289
msgid ""
14259
14290
"The ntp daemon ntpd calculates the drift of your system clock and "
14260
14291
"continuously adjusts it, so there are no large corrections that could lead "
14262
14293
"memory, but for a modern server this is negligible."
14263
14294
msgstr ""
14264
14295
14265
#: serverguide/C/network-config.xml:1088(para)
14296
#: serverguide/C/network-config.xml:1090(para)
14266
14297
msgid "To install ntpd, from a terminal prompt enter:"
14267
14298
msgstr ""
14268
14299
14269
#: serverguide/C/network-config.xml:1093(command)
14300
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
14270
14301
msgid "sudo apt-get install ntp"
14271
14302
msgstr ""
14272
14303
14273
#: serverguide/C/network-config.xml:1100(para)
14304
#: serverguide/C/network-config.xml:1102(para)
14274
14305
msgid ""
14275
14306
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
14276
14307
"default these servers are configured:"
14277
14308
msgstr ""
14278
14309
14279
#: serverguide/C/network-config.xml:1105(programlisting)
14310
#: serverguide/C/network-config.xml:1107(programlisting)
14280
14311
#, no-wrap
14281
14312
msgid ""
14282
14313
"\n"
14289
14320
"server 3.ubuntu.pool.ntp.org\n"
14290
14321
msgstr ""
14291
14322
14292
#: serverguide/C/network-config.xml:1115(para)
14323
#: serverguide/C/network-config.xml:1117(para)
14293
14324
msgid ""
14294
14325
"After changing the config file you have to reload the "
14295
14326
"<application>ntpd</application>:"
14299
14330
msgid "sudo service ntp reload"
14300
14331
msgstr ""
14301
14332
14302
#: serverguide/C/network-config.xml:1124(title)
14333
#: serverguide/C/network-config.xml:1126(title)
14303
14334
msgid "View status"
14304
14335
msgstr ""
14305
14336
14307
14338
msgid "Use ntpq to see more info:"
14308
14339
msgstr ""
14309
14340
14310
#: serverguide/C/network-config.xml:1129(command)
14341
#: serverguide/C/network-config.xml:1131(command)
14311
14342
msgid "# sudo ntpq -p"
14312
14343
msgstr ""
14313
14344
14314
#: serverguide/C/network-config.xml:1130(computeroutput)
14345
#: serverguide/C/network-config.xml:1132(computeroutput)
14315
14346
#, no-wrap
14316
14347
msgid ""
14317
14348
" remote refid st t when poll reach delay offset "
14330
14361
"92.792"
14331
14362
msgstr ""
14332
14363
14333
#: serverguide/C/network-config.xml:1145(para)
14364
#: serverguide/C/network-config.xml:1147(para)
14334
14365
msgid ""
14335
14366
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
14336
14367
"Time</ulink> wiki page for more information."
14337
14368
msgstr ""
14338
14369
14339
#: serverguide/C/network-config.xml:1151(ulink)
14370
#: serverguide/C/network-config.xml:1153(ulink)
14340
14371
msgid "ntp.org, home of the Network Time Protocol project"
14341
14372
msgstr ""
14342
14373
14358
14389
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
14359
14390
"querying and modifying a X.500-based directory service running over TCP/IP. "
14360
14391
"The current LDAP version is LDAPv3, as defined in <ulink "
14361
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the LDAP "
14362
"implementation used in Ubuntu is OpenLDAP, currently at version 2.4.25 "
14363
"(Oneiric)."
14392
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
14393
"implementation used in Ubuntu is from OpenLDAP."
14364
14394
msgstr ""
14365
14395
14366
14396
#: serverguide/C/network-auth.xml:27(para)
14367
14397
msgid ""
14368
"So this protocol accesses LDAP directories. Here are some key concepts and "
14369
"terms:"
14398
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
14399
"and terms:"
14370
14400
msgstr ""
14371
14401
14372
14402
#: serverguide/C/network-auth.xml:34(para)
14399
14429
14400
14430
#: serverguide/C/network-auth.xml:66(para)
14401
14431
msgid ""
14402
"Each entry has a unique identifier: it's <emphasis>Distinguished "
14403
"Name</emphasis> (DN or dn). This consists of it's <emphasis>Relative "
14432
"Each entry has a unique identifier: its <emphasis>Distinguished "
14433
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
14404
14434
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
14405
14435
msgstr ""
14406
14436
14420
14450
14421
14451
#: serverguide/C/network-auth.xml:87(para)
14422
14452
msgid ""
14423
"For example, below we have a single entry consisting of 11 attributes. It's "
14424
"DN is \"cn=John Doe,dc=example,dc=com\"; it's RDN is \"cn=John Doe\"; and "
14425
"it's parent DN is \"dc=example,dc=com\"."
14426
msgstr ""
14427
14428
#: serverguide/C/network-auth.xml:92(programlisting)
14453
"For example, below we have a single entry consisting of 11 attributes where "
14454
"the following is true:"
14455
msgstr ""
14456
14457
#: serverguide/C/network-auth.xml:94(para)
14458
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:100(para)
14462
msgid "RDN is \"cn=John Doe\""
14463
msgstr ""
14464
14465
#: serverguide/C/network-auth.xml:106(para)
14466
msgid "parent DN is \"dc=example,dc=com\""
14467
msgstr ""
14468
14469
#: serverguide/C/network-auth.xml:113(programlisting)
14429
14470
#, no-wrap
14430
14471
msgid ""
14431
14472
"\n"
14443
14484
" objectClass: top\n"
14444
14485
msgstr ""
14445
14486
14446
#: serverguide/C/network-auth.xml:107(para)
14487
#: serverguide/C/network-auth.xml:128(para)
14447
14488
msgid ""
14448
14489
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
14449
14490
"Interchange Format). Any information that you feed into your DIT must also "
14451
14492
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
14452
14493
msgstr ""
14453
14494
14454
#: serverguide/C/network-auth.xml:112(para)
14495
#: serverguide/C/network-auth.xml:133(para)
14455
14496
msgid ""
14456
14497
"Although this guide will describe how to use it for central authentication, "
14457
14498
"LDAP is good for anything that involves a large number of access requests to "
14459
14500
"address book, a list of email addresses, and a mail server's configuration."
14460
14501
msgstr ""
14461
14502
14462
#: serverguide/C/network-auth.xml:121(para)
14503
#: serverguide/C/network-auth.xml:142(para)
14463
14504
msgid ""
14464
14505
"Install the OpenLDAP server daemon and the traditional LDAP management "
14465
14506
"utilities. These are found in packages <application>slapd</application> and "
14466
14507
"<application>ldap-utils</application> respectively."
14467
14508
msgstr ""
14468
14509
14469
#: serverguide/C/network-auth.xml:126(para)
14510
#: serverguide/C/network-auth.xml:147(para)
14470
14511
msgid ""
14471
14512
"The installation of slapd will create a working configuration. In "
14472
14513
"particular, it will create a database instance that you can use to store "
14478
14519
"a line similar to this:"
14479
14520
msgstr ""
14480
14521
14481
#: serverguide/C/network-auth.xml:134(programlisting)
14522
#: serverguide/C/network-auth.xml:155(programlisting)
14482
14523
#, no-wrap
14483
14524
msgid ""
14484
14525
"\n"
14485
14526
"127.0.1.1 hostname.example.com\thostname\n"
14486
14527
msgstr ""
14487
14528
14488
#: serverguide/C/network-auth.xml:138(para)
14529
#: serverguide/C/network-auth.xml:159(para)
14489
14530
msgid "You can revert the change after package installation."
14490
14531
msgstr ""
14491
14532
14492
#: serverguide/C/network-auth.xml:143(para)
14533
#: serverguide/C/network-auth.xml:164(para)
14493
14534
msgid ""
14494
14535
"This guide will use a database suffix of "
14495
14536
"<emphasis>dc=example,dc=com</emphasis>."
14496
14537
msgstr ""
14497
14538
14498
#: serverguide/C/network-auth.xml:148(para)
14539
#: serverguide/C/network-auth.xml:169(para)
14499
14540
msgid "Proceed with the install:"
14500
14541
msgstr ""
14501
14542
14502
#: serverguide/C/network-auth.xml:153(command)
14543
#: serverguide/C/network-auth.xml:174(command)
14503
14544
msgid "sudo apt-get install slapd ldap-utils"
14504
14545
msgstr ""
14505
14546
14506
#: serverguide/C/network-auth.xml:156(para)
14547
#: serverguide/C/network-auth.xml:177(para)
14507
14548
msgid ""
14508
14549
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
14509
14550
"dedicating a separate DIT for that purpose. This allows one to dynamically "
14516
14557
"will be eventually phased out."
14517
14558
msgstr ""
14518
14559
14519
#: serverguide/C/network-auth.xml:165(para)
14560
#: serverguide/C/network-auth.xml:186(para)
14520
14561
msgid ""
14521
14562
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
14522
14563
"configuration and this guide reflects that."
14523
14564
msgstr ""
14524
14565
14525
#: serverguide/C/network-auth.xml:171(para)
14566
#: serverguide/C/network-auth.xml:192(para)
14526
14567
msgid ""
14527
14568
"During the install you were prompted to define administrative credentials. "
14528
14569
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
14533
14574
"will see how to do this later on."
14534
14575
msgstr ""
14535
14576
14536
#: serverguide/C/network-auth.xml:178(para)
14577
#: serverguide/C/network-auth.xml:199(para)
14537
14578
msgid ""
14538
14579
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
14539
14580
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
14540
14581
"schema to work."
14541
14582
msgstr ""
14542
14583
14543
#: serverguide/C/network-auth.xml:186(title)
14584
#: serverguide/C/network-auth.xml:207(title)
14544
14585
msgid "Post-install Inspection"
14545
14586
msgstr ""
14546
14587
14547
#: serverguide/C/network-auth.xml:188(para)
14588
#: serverguide/C/network-auth.xml:209(para)
14548
14589
msgid ""
14549
14590
"The installation process set up 2 DITs. One for slapd-config and one for "
14550
14591
"your own data (dc=example,dc=com). Let's take a look."
14551
14592
msgstr ""
14552
14593
14553
#: serverguide/C/network-auth.xml:195(para)
14594
#: serverguide/C/network-auth.xml:216(para)
14554
14595
msgid ""
14555
14596
"This is what the slapd-config database/DIT looks like. Recall that this "
14556
14597
"database is LDIF-based and lives under "
14557
14598
"<filename>/etc/ldap/slapd.d</filename>:"
14558
14599
msgstr ""
14559
14600
14560
#: serverguide/C/network-auth.xml:201(computeroutput)
14601
#: serverguide/C/network-auth.xml:222(computeroutput)
14561
14602
#, no-wrap
14562
14603
msgid ""
14563
14604
"\n"
14577
14618
" /etc/ldap/slapd.d/cn=config.ldif\n"
14578
14619
msgstr ""
14579
14620
14580
#: serverguide/C/network-auth.xml:220(para)
14621
#: serverguide/C/network-auth.xml:242(para)
14581
14622
msgid ""
14582
14623
"Do not edit the slapd-config database directly. Make changes via the LDAP "
14583
14624
"protocol (utilities)."
14584
14625
msgstr ""
14585
14626
14586
#: serverguide/C/network-auth.xml:228(para)
14627
#: serverguide/C/network-auth.xml:250(para)
14587
14628
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
14588
14629
msgstr ""
14589
14630
14590
#: serverguide/C/network-auth.xml:233(command)
14631
#: serverguide/C/network-auth.xml:254(para)
14632
msgid ""
14633
"On Ubuntu server 14.10, and possibly higher, the following command may not "
14634
"work due to a <ulink "
14635
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1392018\">bug</"
14636
"ulink>"
14637
msgstr ""
14638
14639
#: serverguide/C/network-auth.xml:255(command)
14591
14640
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
14592
14641
msgstr ""
14593
14642
14594
#: serverguide/C/network-auth.xml:234(computeroutput)
14643
#: serverguide/C/network-auth.xml:256(computeroutput)
14595
14644
#, no-wrap
14596
14645
msgid ""
14597
14646
"\n"
14618
14667
"dn: olcDatabase={1}hdb,cn=config\n"
14619
14668
msgstr ""
14620
14669
14621
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
14670
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
14622
14671
msgid "Explanation of entries:"
14623
14672
msgstr ""
14624
14673
14625
#: serverguide/C/network-auth.xml:266(para)
14674
#: serverguide/C/network-auth.xml:288(para)
14626
14675
msgid "<emphasis>cn=config</emphasis>: global settings"
14627
14676
msgstr ""
14628
14677
14629
#: serverguide/C/network-auth.xml:272(para)
14678
#: serverguide/C/network-auth.xml:294(para)
14630
14679
msgid ""
14631
14680
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
14632
14681
msgstr ""
14633
14682
14634
#: serverguide/C/network-auth.xml:278(para)
14683
#: serverguide/C/network-auth.xml:300(para)
14635
14684
msgid ""
14636
14685
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
14637
14686
"schema"
14638
14687
msgstr ""
14639
14688
14640
#: serverguide/C/network-auth.xml:284(para)
14689
#: serverguide/C/network-auth.xml:306(para)
14641
14690
msgid ""
14642
14691
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
14643
14692
"schema"
14644
14693
msgstr ""
14645
14694
14646
#: serverguide/C/network-auth.xml:290(para)
14695
#: serverguide/C/network-auth.xml:312(para)
14647
14696
msgid ""
14648
14697
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
14649
14698
msgstr ""
14650
14699
14651
#: serverguide/C/network-auth.xml:296(para)
14700
#: serverguide/C/network-auth.xml:318(para)
14652
14701
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
14653
14702
msgstr ""
14654
14703
14655
#: serverguide/C/network-auth.xml:302(para)
14704
#: serverguide/C/network-auth.xml:324(para)
14656
14705
msgid ""
14657
14706
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
14658
14707
"inetorgperson schema"
14659
14708
msgstr ""
14660
14709
14661
#: serverguide/C/network-auth.xml:308(para)
14710
#: serverguide/C/network-auth.xml:330(para)
14662
14711
msgid ""
14663
14712
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
14664
14713
"type"
14665
14714
msgstr ""
14666
14715
14667
#: serverguide/C/network-auth.xml:314(para)
14716
#: serverguide/C/network-auth.xml:336(para)
14668
14717
msgid ""
14669
14718
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
14670
14719
"default settings for other databases"
14671
14720
msgstr ""
14672
14721
14673
#: serverguide/C/network-auth.xml:320(para)
14722
#: serverguide/C/network-auth.xml:342(para)
14674
14723
msgid ""
14675
14724
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
14676
14725
"database (cn=config)"
14677
14726
msgstr ""
14678
14727
14679
#: serverguide/C/network-auth.xml:326(para)
14728
#: serverguide/C/network-auth.xml:348(para)
14680
14729
msgid ""
14681
14730
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
14682
14731
"(dc=examle,dc=com)"
14683
14732
msgstr ""
14684
14733
14685
#: serverguide/C/network-auth.xml:337(para)
14734
#: serverguide/C/network-auth.xml:359(para)
14686
14735
msgid "This is what the dc=example,dc=com DIT looks like:"
14687
14736
msgstr ""
14688
14737
14689
#: serverguide/C/network-auth.xml:342(command)
14738
#: serverguide/C/network-auth.xml:364(command)
14690
14739
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
14691
14740
msgstr ""
14692
14741
14693
#: serverguide/C/network-auth.xml:343(computeroutput)
14742
#: serverguide/C/network-auth.xml:365(computeroutput)
14694
14743
#, no-wrap
14695
14744
msgid ""
14696
14745
"\n"
14699
14748
"dn: cn=admin,dc=example,dc=com\n"
14700
14749
msgstr ""
14701
14750
14702
#: serverguide/C/network-auth.xml:357(para)
14751
#: serverguide/C/network-auth.xml:379(para)
14703
14752
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
14704
14753
msgstr ""
14705
14754
14706
#: serverguide/C/network-auth.xml:363(para)
14755
#: serverguide/C/network-auth.xml:385(para)
14707
14756
msgid ""
14708
14757
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
14709
14758
"this DIT (set up during package install)"
14710
14759
msgstr ""
14711
14760
14712
#: serverguide/C/network-auth.xml:377(title)
14761
#: serverguide/C/network-auth.xml:399(title)
14713
14762
msgid "Modifying/Populating your Database"
14714
14763
msgstr ""
14715
14764
14716
#: serverguide/C/network-auth.xml:379(para)
14765
#: serverguide/C/network-auth.xml:401(para)
14717
14766
msgid ""
14718
14767
"Let's introduce some content to our database. We will add the following:"
14719
14768
msgstr ""
14720
14769
14721
#: serverguide/C/network-auth.xml:386(para)
14770
#: serverguide/C/network-auth.xml:408(para)
14722
14771
msgid "a node called <emphasis>People</emphasis> (to store users)"
14723
14772
msgstr ""
14724
14773
14725
#: serverguide/C/network-auth.xml:392(para)
14774
#: serverguide/C/network-auth.xml:414(para)
14726
14775
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
14727
14776
msgstr ""
14728
14777
14729
#: serverguide/C/network-auth.xml:398(para)
14778
#: serverguide/C/network-auth.xml:420(para)
14730
14779
msgid "a group called <emphasis>miners</emphasis>"
14731
14780
msgstr ""
14732
14781
14733
#: serverguide/C/network-auth.xml:404(para)
14782
#: serverguide/C/network-auth.xml:426(para)
14734
14783
msgid "a user called <emphasis>john</emphasis>"
14735
14784
msgstr ""
14736
14785
14737
#: serverguide/C/network-auth.xml:411(para)
14786
#: serverguide/C/network-auth.xml:433(para)
14738
14787
msgid ""
14739
14788
"Create the following LDIF file and call it "
14740
14789
"<filename>add_content.ldif</filename>:"
14741
14790
msgstr ""
14742
14791
14743
#: serverguide/C/network-auth.xml:415(programlisting)
14792
#: serverguide/C/network-auth.xml:437(programlisting)
14744
14793
#, no-wrap
14745
14794
msgid ""
14746
14795
"\n"
14774
14823
"homeDirectory: /home/john\n"
14775
14824
msgstr ""
14776
14825
14777
#: serverguide/C/network-auth.xml:447(para)
14826
#: serverguide/C/network-auth.xml:469(para)
14778
14827
msgid ""
14779
14828
"It's important that uid and gid values in your directory do not collide with "
14780
14829
"local values. Use high number ranges, such as starting at 5000. By setting "
14782
14831
"what can be done with a local user vs a ldap one. More on that later."
14783
14832
msgstr ""
14784
14833
14785
#: serverguide/C/network-auth.xml:455(para)
14834
#: serverguide/C/network-auth.xml:477(para)
14786
14835
msgid "Add the content:"
14787
14836
msgstr ""
14788
14837
14789
#: serverguide/C/network-auth.xml:460(command)
14838
#: serverguide/C/network-auth.xml:482(command)
14790
14839
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
14791
14840
msgstr ""
14792
14841
14793
#: serverguide/C/network-auth.xml:462(application)
14842
#: serverguide/C/network-auth.xml:484(application)
14794
14843
msgid "********"
14795
14844
msgstr ""
14796
14845
14797
#: serverguide/C/network-auth.xml:461(computeroutput)
14846
#: serverguide/C/network-auth.xml:483(computeroutput)
14798
14847
#, no-wrap
14799
14848
msgid ""
14800
14849
"\n"
14808
14857
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
14809
14858
msgstr ""
14810
14859
14811
#: serverguide/C/network-auth.xml:473(para)
14860
#: serverguide/C/network-auth.xml:495(para)
14812
14861
msgid ""
14813
14862
"We can check that the information has been correctly added with the "
14814
14863
"<application>ldapsearch</application> utility:"
14815
14864
msgstr ""
14816
14865
14817
#: serverguide/C/network-auth.xml:478(command)
14866
#: serverguide/C/network-auth.xml:500(command)
14818
14867
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
14819
14868
msgstr ""
14820
14869
14821
#: serverguide/C/network-auth.xml:479(computeroutput)
14870
#: serverguide/C/network-auth.xml:501(computeroutput)
14822
14871
#, no-wrap
14823
14872
msgid ""
14824
14873
"\n"
14827
14876
"gidNumber: 5000\n"
14828
14877
msgstr ""
14829
14878
14830
#: serverguide/C/network-auth.xml:486(para)
14879
#: serverguide/C/network-auth.xml:508(para)
14831
14880
msgid "Explanation of switches:"
14832
14881
msgstr ""
14833
14882
14834
#: serverguide/C/network-auth.xml:493(para)
14883
#: serverguide/C/network-auth.xml:515(para)
14835
14884
msgid ""
14836
14885
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
14837
14886
"method"
14838
14887
msgstr ""
14839
14888
14840
#: serverguide/C/network-auth.xml:499(para)
14889
#: serverguide/C/network-auth.xml:521(para)
14841
14890
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
14842
14891
msgstr ""
14843
14892
14844
#: serverguide/C/network-auth.xml:505(para)
14893
#: serverguide/C/network-auth.xml:527(para)
14845
14894
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
14846
14895
msgstr ""
14847
14896
14848
#: serverguide/C/network-auth.xml:511(para)
14897
#: serverguide/C/network-auth.xml:533(para)
14849
14898
msgid ""
14850
14899
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
14851
14900
"displayed (the default is to show all attributes)"
14852
14901
msgstr ""
14853
14902
14854
#: serverguide/C/network-auth.xml:521(title)
14903
#: serverguide/C/network-auth.xml:543(title)
14855
14904
msgid "Modifying the slapd Configuration Database"
14856
14905
msgstr ""
14857
14906
14858
#: serverguide/C/network-auth.xml:523(para)
14907
#: serverguide/C/network-auth.xml:545(para)
14859
14908
msgid ""
14860
14909
"The slapd-config DIT can also be queried and modified. Here are a few "
14861
14910
"examples."
14862
14911
msgstr ""
14863
14912
14864
#: serverguide/C/network-auth.xml:530(para)
14913
#: serverguide/C/network-auth.xml:552(para)
14865
14914
msgid ""
14866
14915
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
14867
14916
"attribute) to your <application>{1}hdb,cn=config</application> database "
14869
14918
"<filename>uid_index.ldif</filename>, with the following contents:"
14870
14919
msgstr ""
14871
14920
14872
#: serverguide/C/network-auth.xml:535(programlisting)
14921
#: serverguide/C/network-auth.xml:557(programlisting)
14873
14922
#, no-wrap
14874
14923
msgid ""
14875
14924
"\n"
14878
14927
"olcDbIndex: uid eq,pres,sub\n"
14879
14928
msgstr ""
14880
14929
14881
#: serverguide/C/network-auth.xml:541(para)
14930
#: serverguide/C/network-auth.xml:563(para)
14882
14931
msgid "Then issue the command:"
14883
14932
msgstr ""
14884
14933
14885
#: serverguide/C/network-auth.xml:546(command)
14934
#: serverguide/C/network-auth.xml:568(command)
14886
14935
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14887
14936
msgstr ""
14888
14937
14889
#: serverguide/C/network-auth.xml:547(computeroutput)
14938
#: serverguide/C/network-auth.xml:569(computeroutput)
14890
14939
#, no-wrap
14891
14940
msgid ""
14892
14941
"\n"
14893
14942
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14894
14943
msgstr ""
14895
14944
14896
#: serverguide/C/network-auth.xml:552(para)
14945
#: serverguide/C/network-auth.xml:574(para)
14897
14946
msgid "You can confirm the change in this way:"
14898
14947
msgstr ""
14899
14948
14900
#: serverguide/C/network-auth.xml:557(command)
14949
#: serverguide/C/network-auth.xml:579(command)
14901
14950
msgid ""
14902
14951
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14903
14952
"'(olcDatabase={1}hdb)' olcDbIndex"
14904
14953
msgstr ""
14905
14954
14906
#: serverguide/C/network-auth.xml:559(computeroutput)
14955
#: serverguide/C/network-auth.xml:581(computeroutput)
14907
14956
#, no-wrap
14908
14957
msgid ""
14909
14958
"\n"
14912
14961
"olcDbIndex: uid eq,pres,sub\n"
14913
14962
msgstr ""
14914
14963
14915
#: serverguide/C/network-auth.xml:569(para)
14964
#: serverguide/C/network-auth.xml:591(para)
14916
14965
msgid ""
14917
14966
"Let's add a schema. It will first need to be converted to LDIF format. You "
14918
14967
"can find unconverted schemas in addition to converted ones in the <filename "
14919
14968
"role=\"directory\">/etc/ldap/schema</filename> directory."
14920
14969
msgstr ""
14921
14970
14922
#: serverguide/C/network-auth.xml:577(para)
14971
#: serverguide/C/network-auth.xml:599(para)
14923
14972
msgid ""
14924
14973
"It is not trivial to remove a schema from the slapd-config database. "
14925
14974
"Practice adding schemas on a test system."
14926
14975
msgstr ""
14927
14976
14928
#: serverguide/C/network-auth.xml:583(para)
14977
#: serverguide/C/network-auth.xml:605(para)
14929
14978
msgid ""
14930
14979
"Before adding any schema, you should check which schemas are already "
14931
14980
"installed (shown is a default, out-of-the-box output):"
14932
14981
msgstr ""
14933
14982
14934
#: serverguide/C/network-auth.xml:589(command)
14983
#: serverguide/C/network-auth.xml:611(command)
14935
14984
msgid ""
14936
14985
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
14937
14986
msgstr ""
14938
14987
14939
#: serverguide/C/network-auth.xml:591(computeroutput)
14988
#: serverguide/C/network-auth.xml:613(computeroutput)
14940
14989
#, no-wrap
14941
14990
msgid ""
14942
14991
"\n"
14951
15000
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14952
15001
msgstr ""
14953
15002
14954
#: serverguide/C/network-auth.xml:608(para)
15003
#: serverguide/C/network-auth.xml:630(para)
14955
15004
msgid "In the following example we'll add the CORBA schema."
14956
15005
msgstr ""
14957
15006
14958
#: serverguide/C/network-auth.xml:615(para)
15007
#: serverguide/C/network-auth.xml:637(para)
14959
15008
msgid ""
14960
15009
"Create the conversion configuration file "
14961
15010
"<filename>schema_convert.conf</filename> containing the following lines:"
14962
15011
msgstr ""
14963
15012
14964
#: serverguide/C/network-auth.xml:620(programlisting)
15013
#: serverguide/C/network-auth.xml:642(programlisting)
14965
15014
#, no-wrap
14966
15015
msgid ""
14967
15016
"\n"
14981
15030
"include /etc/ldap/schema/pmi.schema\n"
14982
15031
msgstr ""
14983
15032
14984
#: serverguide/C/network-auth.xml:640(para)
15033
#: serverguide/C/network-auth.xml:662(para)
14985
15034
msgid "Create the output directory <filename>ldif_output</filename>."
14986
15035
msgstr ""
14987
15036
14988
#: serverguide/C/network-auth.xml:646(para) serverguide/C/network-auth.xml:2296(para)
15037
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14989
15038
msgid "Determine the index of the schema:"
14990
15039
msgstr ""
14991
15040
14992
#: serverguide/C/network-auth.xml:651(command)
15041
#: serverguide/C/network-auth.xml:673(command)
14993
15042
msgid ""
14994
15043
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14995
15044
msgstr ""
14996
15045
14997
#: serverguide/C/network-auth.xml:652(computeroutput)
15046
#: serverguide/C/network-auth.xml:674(computeroutput)
14998
15047
#, no-wrap
14999
15048
msgid ""
15000
15049
"\n"
15001
15050
"cn={1}corba,cn=schema,cn=config\n"
15002
15051
msgstr ""
15003
15052
15004
#: serverguide/C/network-auth.xml:658(para)
15053
#: serverguide/C/network-auth.xml:685(para)
15005
15054
msgid ""
15006
15055
"When slapd ingests objects with the same parent DN it will create an "
15007
15056
"<emphasis>index</emphasis> for that object. An index is contained within "
15008
15057
"braces: <application>{X}</application>."
15009
15058
msgstr ""
15010
15059
15011
#: serverguide/C/network-auth.xml:667(para)
15060
#: serverguide/C/network-auth.xml:689(para)
15012
15061
msgid "Use <application>slapcat</application> to perform the conversion:"
15013
15062
msgstr ""
15014
15063
15015
#: serverguide/C/network-auth.xml:672(command)
15064
#: serverguide/C/network-auth.xml:694(command)
15016
15065
msgid ""
15017
15066
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
15018
15067
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
15019
15068
msgstr ""
15020
15069
15021
#: serverguide/C/network-auth.xml:676(para)
15070
#: serverguide/C/network-auth.xml:698(para)
15022
15071
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
15023
15072
msgstr ""
15024
15073
15025
#: serverguide/C/network-auth.xml:682(para)
15074
#: serverguide/C/network-auth.xml:704(para)
15026
15075
msgid ""
15027
15076
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
15028
15077
"attributes:"
15029
15078
msgstr ""
15030
15079
15031
#: serverguide/C/network-auth.xml:686(programlisting)
15080
#: serverguide/C/network-auth.xml:708(programlisting)
15032
15081
#, no-wrap
15033
15082
msgid ""
15034
15083
"\n"
15037
15086
"cn: corba\n"
15038
15087
msgstr ""
15039
15088
15040
#: serverguide/C/network-auth.xml:692(para)
15089
#: serverguide/C/network-auth.xml:714(para)
15041
15090
msgid "Also remove the following lines from the bottom:"
15042
15091
msgstr ""
15043
15092
15044
#: serverguide/C/network-auth.xml:696(programlisting)
15093
#: serverguide/C/network-auth.xml:718(programlisting)
15045
15094
#, no-wrap
15046
15095
msgid ""
15047
15096
"\n"
15054
15103
"modifyTimestamp: 20110829165435Z\n"
15055
15104
msgstr ""
15056
15105
15057
#: serverguide/C/network-auth.xml:706(para) serverguide/C/network-auth.xml:2346(para)
15106
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
15058
15107
msgid "Your attribute values will vary."
15059
15108
msgstr ""
15060
15109
15061
#: serverguide/C/network-auth.xml:712(para)
15110
#: serverguide/C/network-auth.xml:734(para)
15062
15111
msgid ""
15063
15112
"Finally, use <application>ldapadd</application> to add the new schema to the "
15064
15113
"slapd-config DIT:"
15065
15114
msgstr ""
15066
15115
15067
#: serverguide/C/network-auth.xml:717(command)
15116
#: serverguide/C/network-auth.xml:739(command)
15068
15117
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
15069
15118
msgstr ""
15070
15119
15071
#: serverguide/C/network-auth.xml:718(computeroutput)
15120
#: serverguide/C/network-auth.xml:740(computeroutput)
15072
15121
#, no-wrap
15073
15122
msgid ""
15074
15123
"\n"
15075
15124
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
15076
15125
msgstr ""
15077
15126
15078
#: serverguide/C/network-auth.xml:726(para)
15127
#: serverguide/C/network-auth.xml:748(para)
15079
15128
msgid "Confirm currently loaded schemas:"
15080
15129
msgstr ""
15081
15130
15082
#: serverguide/C/network-auth.xml:731(command)
15131
#: serverguide/C/network-auth.xml:753(command)
15083
15132
msgid ""
15084
15133
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
15085
15134
msgstr ""
15086
15135
15087
#: serverguide/C/network-auth.xml:732(computeroutput)
15136
#: serverguide/C/network-auth.xml:754(computeroutput)
15088
15137
#, no-wrap
15089
15138
msgid ""
15090
15139
"\n"
15101
15150
"dn: cn={4}corba,cn=schema,cn=config\n"
15102
15151
msgstr ""
15103
15152
15104
#: serverguide/C/network-auth.xml:756(para)
15153
#: serverguide/C/network-auth.xml:778(para)
15105
15154
msgid ""
15106
15155
"For external applications and clients to authenticate using LDAP they will "
15107
15156
"each need to be specifically configured to do so. Refer to the appropriate "
15108
15157
"client-side documentation for details."
15109
15158
msgstr ""
15110
15159
15111
#: serverguide/C/network-auth.xml:767(para)
15160
#: serverguide/C/network-auth.xml:789(para)
15112
15161
msgid ""
15113
15162
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
15114
15163
"based solution yet it must be manually enabled after software installation. "
15116
15165
"any other slapd configuration, is enabled via the slapd-config database."
15117
15166
msgstr ""
15118
15167
15119
#: serverguide/C/network-auth.xml:773(para)
15168
#: serverguide/C/network-auth.xml:795(para)
15120
15169
msgid ""
15121
15170
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
15122
15171
"containing the lower one (additive). A good level to try is "
15126
15175
"different subsystems."
15127
15176
msgstr ""
15128
15177
15129
#: serverguide/C/network-auth.xml:779(para)
15178
#: serverguide/C/network-auth.xml:801(para)
15130
15179
msgid ""
15131
15180
"Create the file <filename>logging.ldif</filename> with the following "
15132
15181
"contents:"
15133
15182
msgstr ""
15134
15183
15135
#: serverguide/C/network-auth.xml:783(programlisting)
15184
#: serverguide/C/network-auth.xml:805(programlisting)
15136
15185
#, no-wrap
15137
15186
msgid ""
15138
15187
"\n"
15139
15188
"dn: cn=config\n"
15140
15189
"changetype: modify\n"
15141
"add: olcLogLevel\n"
15190
"replace: olcLogLevel\n"
15142
15191
"olcLogLevel: stats\n"
15143
15192
msgstr ""
15144
15193
15145
#: serverguide/C/network-auth.xml:790(para)
15194
#: serverguide/C/network-auth.xml:812(para)
15146
15195
msgid "Implement the change:"
15147
15196
msgstr ""
15148
15197
15149
#: serverguide/C/network-auth.xml:795(command)
15198
#: serverguide/C/network-auth.xml:817(command)
15150
15199
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
15151
15200
msgstr ""
15152
15201
15153
#: serverguide/C/network-auth.xml:798(para)
15202
#: serverguide/C/network-auth.xml:820(para)
15154
15203
msgid ""
15155
15204
"This will produce a significant amount of logging and you will want to "
15156
15205
"throttle back to a less verbose level once your system is in production. "
15158
15207
"hard time keeping up and may drop messages:"
15159
15208
msgstr ""
15160
15209
15161
#: serverguide/C/network-auth.xml:804(programlisting)
15210
#: serverguide/C/network-auth.xml:826(programlisting)
15162
15211
#, no-wrap
15163
15212
msgid ""
15164
15213
"\n"
15166
15215
"limiting\n"
15167
15216
msgstr ""
15168
15217
15169
#: serverguide/C/network-auth.xml:808(para)
15218
#: serverguide/C/network-auth.xml:830(para)
15170
15219
msgid ""
15171
15220
"You may consider a change to rsyslog's configuration. In "
15172
15221
"<filename>/etc/rsyslog.conf</filename>, put:"
15173
15222
msgstr ""
15174
15223
15175
#: serverguide/C/network-auth.xml:812(programlisting)
15224
#: serverguide/C/network-auth.xml:834(programlisting)
15176
15225
#, no-wrap
15177
15226
msgid ""
15178
15227
"\n"
15181
15230
"$SystemLogRateLimitInterval 0\n"
15182
15231
msgstr ""
15183
15232
15184
#: serverguide/C/network-auth.xml:818(para)
15233
#: serverguide/C/network-auth.xml:840(para)
15185
15234
msgid "And then restart the rsyslog daemon:"
15186
15235
msgstr ""
15187
15236
15188
#: serverguide/C/network-auth.xml:823(command)
15237
#: serverguide/C/network-auth.xml:845(command)
15189
15238
msgid "sudo service rsyslog restart"
15190
15239
msgstr ""
15191
15240
15192
#: serverguide/C/network-auth.xml:829(title)
15241
#: serverguide/C/network-auth.xml:851(title)
15193
15242
msgid "Replication"
15194
15243
msgstr ""
15195
15244
15196
#: serverguide/C/network-auth.xml:831(para)
15245
#: serverguide/C/network-auth.xml:853(para)
15197
15246
msgid ""
15198
15247
"The LDAP service becomes increasingly important as more networked systems "
15199
15248
"begin to depend on it. In such an environment, it is standard practice to "
15202
15251
"replication</emphasis>."
15203
15252
msgstr ""
15204
15253
15205
#: serverguide/C/network-auth.xml:837(para)
15254
#: serverguide/C/network-auth.xml:859(para)
15206
15255
msgid ""
15207
15256
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
15208
15257
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
15214
15263
"be sent, not entire entries."
15215
15264
msgstr ""
15216
15265
15217
#: serverguide/C/network-auth.xml:846(title)
15266
#: serverguide/C/network-auth.xml:868(title)
15218
15267
msgid "Provider Configuration"
15219
15268
msgstr ""
15220
15269
15221
#: serverguide/C/network-auth.xml:848(para)
15270
#: serverguide/C/network-auth.xml:870(para)
15222
15271
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
15223
15272
msgstr ""
15224
15273
15225
#: serverguide/C/network-auth.xml:855(para)
15274
#: serverguide/C/network-auth.xml:877(para)
15226
15275
msgid ""
15227
15276
"Create an LDIF file with the following contents and name it "
15228
15277
"<filename>provider_sync.ldif</filename>:"
15229
15278
msgstr ""
15230
15279
15231
#: serverguide/C/network-auth.xml:859(programlisting)
15280
#: serverguide/C/network-auth.xml:881(programlisting)
15232
15281
#, no-wrap
15233
15282
msgid ""
15234
15283
"\n"
15290
15339
"olcAccessLogPurge: 07+00:00 01+00:00\n"
15291
15340
msgstr ""
15292
15341
15293
#: serverguide/C/network-auth.xml:918(para)
15342
#: serverguide/C/network-auth.xml:940(para)
15294
15343
msgid ""
15295
15344
"Change the rootDN in the LDIF file to match the one you have for your "
15296
15345
"directory."
15297
15346
msgstr ""
15298
15347
15299
#: serverguide/C/network-auth.xml:925(para)
15348
#: serverguide/C/network-auth.xml:947(para)
15300
15349
msgid ""
15301
"The <application>apparmor</application> profile for slapd will need to be "
15302
"adjusted for the accesslog database location. Edit "
15303
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
15304
"following:"
15350
"The <application>apparmor</application> profile for slapd will not need to "
15351
"be adjusted for the accesslog database location since "
15352
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
15305
15353
msgstr ""
15306
15354
15307
#: serverguide/C/network-auth.xml:931(programlisting)
15355
#: serverguide/C/network-auth.xml:952(programlisting)
15308
15356
#, no-wrap
15309
15357
msgid ""
15310
15358
"\n"
15311
"/var/lib/ldap/accesslog/ r,\n"
15312
"/var/lib/ldap/accesslog/** rwk,\n"
15359
"/var/lib/ldap/ r,\n"
15360
"/var/lib/ldap/** rwk,\n"
15313
15361
msgstr ""
15314
15362
15315
#: serverguide/C/network-auth.xml:936(para)
15363
#: serverguide/C/network-auth.xml:957(para)
15316
15364
msgid ""
15317
15365
"Create a directory, set up a databse config file, and reload the apparmor "
15318
15366
"profile:"
15319
15367
msgstr ""
15320
15368
15321
#: serverguide/C/network-auth.xml:941(command)
15369
#: serverguide/C/network-auth.xml:962(command)
15322
15370
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
15323
15371
msgstr ""
15324
15372
15325
#: serverguide/C/network-auth.xml:942(command)
15373
#: serverguide/C/network-auth.xml:963(command)
15326
15374
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
15327
15375
msgstr ""
15328
15376
15329
#: serverguide/C/network-auth.xml:949(para)
15377
#: serverguide/C/network-auth.xml:970(para)
15330
15378
msgid ""
15331
15379
"Add the new content and, due to the apparmor change, restart the daemon:"
15332
15380
msgstr ""
15333
15381
15334
#: serverguide/C/network-auth.xml:954(command)
15382
#: serverguide/C/network-auth.xml:975(command)
15335
15383
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
15336
15384
msgstr ""
15337
15385
15338
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
15386
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
15339
15387
msgid "sudo service slapd restart"
15340
15388
msgstr ""
15341
15389
15342
#: serverguide/C/network-auth.xml:962(para)
15390
#: serverguide/C/network-auth.xml:983(para)
15343
15391
msgid "The Provider is now configured."
15344
15392
msgstr ""
15345
15393
15346
#: serverguide/C/network-auth.xml:969(title)
15394
#: serverguide/C/network-auth.xml:990(title)
15347
15395
msgid "Consumer Configuration"
15348
15396
msgstr ""
15349
15397
15350
#: serverguide/C/network-auth.xml:971(para)
15398
#: serverguide/C/network-auth.xml:992(para)
15351
15399
msgid "And now configure the <emphasis>Consumer</emphasis>."
15352
15400
msgstr ""
15353
15401
15354
#: serverguide/C/network-auth.xml:978(para)
15402
#: serverguide/C/network-auth.xml:999(para)
15355
15403
msgid ""
15356
15404
"Install the software by going through <xref linkend=\"openldap-server-"
15357
15405
"installation\"/>. Make sure the slapd-config databse is identical to the "
15359
15407
"same."
15360
15408
msgstr ""
15361
15409
15362
#: serverguide/C/network-auth.xml:985(para)
15410
#: serverguide/C/network-auth.xml:1006(para)
15363
15411
msgid ""
15364
15412
"Create an LDIF file with the following contents and name it "
15365
15413
"<filename>consumer_sync.ldif</filename>:"
15366
15414
msgstr ""
15367
15415
15368
#: serverguide/C/network-auth.xml:989(programlisting)
15416
#: serverguide/C/network-auth.xml:1010(programlisting)
15369
15417
#, no-wrap
15370
15418
msgid ""
15371
15419
"\n"
15392
15440
"olcUpdateRef: ldap://ldap01.example.com\n"
15393
15441
msgstr ""
15394
15442
15395
#: serverguide/C/network-auth.xml:1010(para)
15443
#: serverguide/C/network-auth.xml:1031(para)
15396
15444
msgid "Ensure the following attributes have the correct values:"
15397
15445
msgstr ""
15398
15446
15399
#: serverguide/C/network-auth.xml:1015(para)
15447
#: serverguide/C/network-auth.xml:1036(para)
15400
15448
msgid ""
15401
15449
"<emphasis>provider</emphasis> (Provider server's hostname -- "
15402
15450
"ldap01.example.com in this example -- or IP address)"
15403
15451
msgstr ""
15404
15452
15405
#: serverguide/C/network-auth.xml:1016(para)
15453
#: serverguide/C/network-auth.xml:1037(para)
15406
15454
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
15407
15455
msgstr ""
15408
15456
15409
#: serverguide/C/network-auth.xml:1017(para)
15457
#: serverguide/C/network-auth.xml:1038(para)
15410
15458
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
15411
15459
msgstr ""
15412
15460
15413
#: serverguide/C/network-auth.xml:1018(para)
15461
#: serverguide/C/network-auth.xml:1039(para)
15414
15462
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
15415
15463
msgstr ""
15416
15464
15417
#: serverguide/C/network-auth.xml:1019(para)
15465
#: serverguide/C/network-auth.xml:1040(para)
15418
15466
msgid ""
15419
15467
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
15420
15468
msgstr ""
15421
15469
15422
#: serverguide/C/network-auth.xml:1020(para)
15470
#: serverguide/C/network-auth.xml:1041(para)
15423
15471
msgid ""
15424
15472
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
15425
15473
"replica. Each consumer should have at least one rid)"
15426
15474
msgstr ""
15427
15475
15428
#: serverguide/C/network-auth.xml:1029(para)
15476
#: serverguide/C/network-auth.xml:1050(para)
15429
15477
msgid "Add the new content:"
15430
15478
msgstr ""
15431
15479
15432
#: serverguide/C/network-auth.xml:1034(command)
15480
#: serverguide/C/network-auth.xml:1055(command)
15433
15481
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
15434
15482
msgstr ""
15435
15483
15436
#: serverguide/C/network-auth.xml:1041(para)
15484
#: serverguide/C/network-auth.xml:1062(para)
15437
15485
msgid ""
15438
15486
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
15439
15487
"synchronizing."
15440
15488
msgstr ""
15441
15489
15442
#: serverguide/C/network-auth.xml:1050(para)
15490
#: serverguide/C/network-auth.xml:1071(para)
15443
15491
msgid "Once replication starts, you can monitor it by running"
15444
15492
msgstr ""
15445
15493
15446
#: serverguide/C/network-auth.xml:1055(command)
15494
#: serverguide/C/network-auth.xml:1081(command)
15447
15495
msgid ""
15448
15496
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
15449
15497
"contextCSN"
15450
15498
msgstr ""
15451
15499
15452
#: serverguide/C/network-auth.xml:1056(computeroutput)
15500
#: serverguide/C/network-auth.xml:1077(computeroutput)
15453
15501
#, no-wrap
15454
15502
msgid ""
15455
15503
"\n"
15457
15505
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
15458
15506
msgstr ""
15459
15507
15460
#: serverguide/C/network-auth.xml:1062(para)
15508
#: serverguide/C/network-auth.xml:1083(para)
15461
15509
msgid ""
15462
15510
"on both the provider and the consumer. Once the output "
15463
15511
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
15466
15514
"the one in the consumer(s)."
15467
15515
msgstr ""
15468
15516
15469
#: serverguide/C/network-auth.xml:1071(para)
15517
#: serverguide/C/network-auth.xml:1092(para)
15470
15518
msgid ""
15471
15519
"If your connection is slow and/or your ldap database large, it might take a "
15472
15520
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
15474
15522
"<emphasis>contextCSN</emphasis> will be steadly increasing."
15475
15523
msgstr ""
15476
15524
15477
#: serverguide/C/network-auth.xml:1079(para)
15525
#: serverguide/C/network-auth.xml:1100(para)
15478
15526
msgid ""
15479
15527
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
15480
15528
"match the provider, you should stop and figure out the issue before "
15484
15532
"statements) return no errors."
15485
15533
msgstr ""
15486
15534
15487
#: serverguide/C/network-auth.xml:1088(para)
15535
#: serverguide/C/network-auth.xml:1109(para)
15488
15536
msgid ""
15489
15537
"To test if it worked simply query, on the Consumer, the DNs in the database:"
15490
15538
msgstr ""
15491
15539
15492
#: serverguide/C/network-auth.xml:1093(command)
15540
#: serverguide/C/network-auth.xml:1114(command)
15493
15541
msgid ""
15494
15542
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
15495
15543
msgstr ""
15496
15544
15497
#: serverguide/C/network-auth.xml:1096(para)
15545
#: serverguide/C/network-auth.xml:1117(para)
15498
15546
msgid ""
15499
15547
"You should see the user 'john' and the group 'miners' as well as the nodes "
15500
15548
"'People' and 'Groups'."
15501
15549
msgstr ""
15502
15550
15503
#: serverguide/C/network-auth.xml:1105(title)
15551
#: serverguide/C/network-auth.xml:1126(title)
15504
15552
msgid "Access Control"
15505
15553
msgstr ""
15506
15554
15507
#: serverguide/C/network-auth.xml:1107(para)
15555
#: serverguide/C/network-auth.xml:1128(para)
15508
15556
msgid ""
15509
15557
"The management of what type of access (read, write, etc) users should be "
15510
15558
"granted to resources is known as <emphasis>access control</emphasis>. The "
15512
15560
"lists</emphasis> or ACL."
15513
15561
msgstr ""
15514
15562
15515
#: serverguide/C/network-auth.xml:1112(para)
15563
#: serverguide/C/network-auth.xml:1133(para)
15516
15564
msgid ""
15517
15565
"When we installed the slapd package various ACL were set up automatically. "
15518
15566
"We will look at a few important consequences of those defaults and, in so "
15519
15567
"doing, we'll get an idea of how ACLs work and how they're configured."
15520
15568
msgstr ""
15521
15569
15522
#: serverguide/C/network-auth.xml:1117(para)
15570
#: serverguide/C/network-auth.xml:1138(para)
15523
15571
msgid ""
15524
15572
"To get the effective ACL for an LDAP query we need to look at the ACL "
15525
15573
"entries of the database being queried as well as those of the special "
15531
15579
"(\"dc=example,dc=com\") and those of the frontend database:"
15532
15580
msgstr ""
15533
15581
15534
#: serverguide/C/network-auth.xml:1126(command)
15582
#: serverguide/C/network-auth.xml:1147(command)
15535
15583
msgid ""
15536
15584
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
15537
15585
"'(olcDatabase={1}hdb)' olcAccess"
15538
15586
msgstr ""
15539
15587
15540
#: serverguide/C/network-auth.xml:1128(computeroutput)
15588
#: serverguide/C/network-auth.xml:1149(computeroutput)
15541
15589
#, no-wrap
15542
15590
msgid ""
15543
15591
"\n"
15551
15599
" read\n"
15552
15600
msgstr ""
15553
15601
15554
#: serverguide/C/network-auth.xml:1139(para)
15602
#: serverguide/C/network-auth.xml:1160(para)
15555
15603
msgid ""
15556
"The rootDN always has full rights to it's database. Including it in an ACL "
15604
"The rootDN always has full rights to its database. Including it in an ACL "
15557
15605
"does provide an explicit configuration but it also causes slapd to incur a "
15558
15606
"performance penalty."
15559
15607
msgstr ""
15560
15608
15561
#: serverguide/C/network-auth.xml:1146(command)
15609
#: serverguide/C/network-auth.xml:1167(command)
15562
15610
msgid ""
15563
15611
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
15564
15612
"'(olcDatabase={-1}frontend)' olcAccess"
15565
15613
msgstr ""
15566
15614
15567
#: serverguide/C/network-auth.xml:1148(computeroutput)
15615
#: serverguide/C/network-auth.xml:1169(computeroutput)
15568
15616
#, no-wrap
15569
15617
msgid ""
15570
15618
"\n"
15575
15623
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
15576
15624
msgstr ""
15577
15625
15578
#: serverguide/C/network-auth.xml:1157(para)
15626
#: serverguide/C/network-auth.xml:1178(para)
15579
15627
msgid "The very first ACL is crucial:"
15580
15628
msgstr ""
15581
15629
15582
#: serverguide/C/network-auth.xml:1161(programlisting)
15630
#: serverguide/C/network-auth.xml:1182(programlisting)
15583
15631
#, no-wrap
15584
15632
msgid ""
15585
15633
"\n"
15588
15636
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
15589
15637
msgstr ""
15590
15638
15591
#: serverguide/C/network-auth.xml:1166(para)
15639
#: serverguide/C/network-auth.xml:1187(para)
15592
15640
msgid "This can be represented differently for easier digestion:"
15593
15641
msgstr ""
15594
15642
15595
#: serverguide/C/network-auth.xml:1170(programlisting)
15643
#: serverguide/C/network-auth.xml:1191(programlisting)
15596
15644
#, no-wrap
15597
15645
msgid ""
15598
15646
"\n"
15609
15657
"\tby * none\n"
15610
15658
msgstr ""
15611
15659
15612
#: serverguide/C/network-auth.xml:1184(para)
15660
#: serverguide/C/network-auth.xml:1205(para)
15613
15661
msgid "This compound ACL (there are 2) enforces the following:"
15614
15662
msgstr ""
15615
15663
15616
#: serverguide/C/network-auth.xml:1191(para)
15664
#: serverguide/C/network-auth.xml:1212(para)
15617
15665
msgid ""
15618
15666
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
15619
15667
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
15622
15670
"occur (see next point)."
15623
15671
msgstr ""
15624
15672
15625
#: serverguide/C/network-auth.xml:1199(para)
15673
#: serverguide/C/network-auth.xml:1220(para)
15626
15674
msgid ""
15627
15675
"Authentication can happen because all users have 'read' (due to 'by self "
15628
15676
"write') access to the <emphasis>userPassword</emphasis> attribute."
15629
15677
msgstr ""
15630
15678
15631
#: serverguide/C/network-auth.xml:1205(para)
15679
#: serverguide/C/network-auth.xml:1226(para)
15632
15680
msgid ""
15633
15681
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
15634
15682
"all other users, with the exception of the rootDN, who has complete access "
15635
15683
"to it."
15636
15684
msgstr ""
15637
15685
15638
#: serverguide/C/network-auth.xml:1212(para)
15686
#: serverguide/C/network-auth.xml:1233(para)
15639
15687
msgid ""
15640
15688
"In order for users to change their own password, using "
15641
15689
"<command>passwd</command> or other utilities, the "
15643
15691
"a user has authenticated."
15644
15692
msgstr ""
15645
15693
15646
#: serverguide/C/network-auth.xml:1220(para)
15694
#: serverguide/C/network-auth.xml:1241(para)
15647
15695
msgid ""
15648
15696
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
15649
15697
msgstr ""
15650
15698
15651
#: serverguide/C/network-auth.xml:1224(programlisting)
15699
#: serverguide/C/network-auth.xml:1245(programlisting)
15652
15700
#, no-wrap
15653
15701
msgid ""
15654
15702
"\n"
15658
15706
"\tby * read\n"
15659
15707
msgstr ""
15660
15708
15661
#: serverguide/C/network-auth.xml:1231(para)
15709
#: serverguide/C/network-auth.xml:1252(para)
15662
15710
msgid ""
15663
15711
"If this is unwanted then you need to change the ACLs. To force "
15664
15712
"authentication during a bind request you can alternatively (or in "
15665
15713
"combination with the modified ACL) use the 'olcRequire: authc' directive."
15666
15714
msgstr ""
15667
15715
15668
#: serverguide/C/network-auth.xml:1236(para)
15716
#: serverguide/C/network-auth.xml:1257(para)
15669
15717
msgid ""
15670
15718
"As previously mentioned, there is no administrative account created for the "
15671
15719
"slapd-config database. There is, however, a SASL identity that is granted "
15673
15721
"it is:"
15674
15722
msgstr ""
15675
15723
15676
#: serverguide/C/network-auth.xml:1241(programlisting)
15724
#: serverguide/C/network-auth.xml:1262(programlisting)
15677
15725
#, no-wrap
15678
15726
msgid ""
15679
15727
"\n"
15680
15728
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
15681
15729
msgstr ""
15682
15730
15683
#: serverguide/C/network-auth.xml:1245(para)
15731
#: serverguide/C/network-auth.xml:1266(para)
15684
15732
msgid ""
15685
15733
"The following command will display the ACLs of the slapd-config database:"
15686
15734
msgstr ""
15687
15735
15688
#: serverguide/C/network-auth.xml:1250(command)
15736
#: serverguide/C/network-auth.xml:1271(command)
15689
15737
msgid ""
15690
15738
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
15691
15739
"'(olcDatabase={0}config)' olcAccess"
15692
15740
msgstr ""
15693
15741
15694
#: serverguide/C/network-auth.xml:1252(computeroutput)
15742
#: serverguide/C/network-auth.xml:1273(computeroutput)
15695
15743
#, no-wrap
15696
15744
msgid ""
15697
15745
"\n"
15700
15748
" cn=external,cn=auth manage by * break\n"
15701
15749
msgstr ""
15702
15750
15703
#: serverguide/C/network-auth.xml:1259(para)
15751
#: serverguide/C/network-auth.xml:1285(para)
15704
15752
msgid ""
15705
15753
"Since this is a SASL identity we need to use a SASL "
15706
15754
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
15708
15756
"mechanism. See the previous command for an example. Note that:"
15709
15757
msgstr ""
15710
15758
15711
#: serverguide/C/network-auth.xml:1267(para)
15759
#: serverguide/C/network-auth.xml:1288(para)
15712
15760
msgid ""
15713
15761
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
15714
15762
"for the ACL to match."
15715
15763
msgstr ""
15716
15764
15717
#: serverguide/C/network-auth.xml:1273(para)
15765
#: serverguide/C/network-auth.xml:1294(para)
15718
15766
msgid ""
15719
15767
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
15720
15768
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
15721
15769
msgstr ""
15722
15770
15723
#: serverguide/C/network-auth.xml:1281(para)
15771
#: serverguide/C/network-auth.xml:1302(para)
15724
15772
msgid "A succinct way to get all the ACLs is like this:"
15725
15773
msgstr ""
15726
15774
15727
#: serverguide/C/network-auth.xml:1286(command)
15775
#: serverguide/C/network-auth.xml:1307(command)
15728
15776
msgid ""
15729
15777
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
15730
15778
"'(olcAccess=*)' olcAccess olcSuffix"
15731
15779
msgstr ""
15732
15780
15733
#: serverguide/C/network-auth.xml:1290(para)
15781
#: serverguide/C/network-auth.xml:1311(para)
15734
15782
msgid ""
15735
15783
"There is much to say on the topic of access control. See the man page for "
15736
15784
"<ulink "
15738
15786
".access</ulink>."
15739
15787
msgstr ""
15740
15788
15741
#: serverguide/C/network-auth.xml:1298(title)
15789
#: serverguide/C/network-auth.xml:1319(title)
15742
15790
msgid "TLS"
15743
15791
msgstr ""
15744
15792
15745
#: serverguide/C/network-auth.xml:1300(para)
15793
#: serverguide/C/network-auth.xml:1321(para)
15746
15794
msgid ""
15747
15795
"When authenticating to an OpenLDAP server it is best to do so using an "
15748
15796
"encrypted session. This can be accomplished using Transport Layer Security "
15749
15797
"(TLS)."
15750
15798
msgstr ""
15751
15799
15752
#: serverguide/C/network-auth.xml:1305(para)
15800
#: serverguide/C/network-auth.xml:1326(para)
15753
15801
msgid ""
15754
15802
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
15755
15803
"create and sign our LDAP server certificate as that CA. Since "
15758
15806
"<application>certtool</application> utility to complete these tasks."
15759
15807
msgstr ""
15760
15808
15761
#: serverguide/C/network-auth.xml:1314(para)
15809
#: serverguide/C/network-auth.xml:1335(para)
15762
15810
msgid ""
15763
15811
"Install the <application>gnutls-bin</application> and <application>ssl-"
15764
15812
"cert</application> packages:"
15765
15813
msgstr ""
15766
15814
15767
#: serverguide/C/network-auth.xml:1319(command)
15815
#: serverguide/C/network-auth.xml:1340(command)
15768
15816
msgid "sudo apt-get install gnutls-bin ssl-cert"
15769
15817
msgstr ""
15770
15818
15771
#: serverguide/C/network-auth.xml:1325(para)
15819
#: serverguide/C/network-auth.xml:1346(para)
15772
15820
msgid "Create a private key for the Certificate Authority:"
15773
15821
msgstr ""
15774
15822
15775
#: serverguide/C/network-auth.xml:1330(command)
15823
#: serverguide/C/network-auth.xml:1351(command)
15776
15824
msgid ""
15777
15825
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
15778
15826
msgstr ""
15779
15827
15780
#: serverguide/C/network-auth.xml:1336(para)
15828
#: serverguide/C/network-auth.xml:1357(para)
15781
15829
msgid ""
15782
15830
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
15783
15831
"CA:"
15784
15832
msgstr ""
15785
15833
15786
#: serverguide/C/network-auth.xml:1340(programlisting)
15834
#: serverguide/C/network-auth.xml:1361(programlisting)
15787
15835
#, no-wrap
15788
15836
msgid ""
15789
15837
"\n"
15792
15840
"cert_signing_key\n"
15793
15841
msgstr ""
15794
15842
15795
#: serverguide/C/network-auth.xml:1349(para)
15843
#: serverguide/C/network-auth.xml:1370(para)
15796
15844
msgid "Create the self-signed CA certificate:"
15797
15845
msgstr ""
15798
15846
15799
#: serverguide/C/network-auth.xml:1354(command)
15847
#: serverguide/C/network-auth.xml:1375(command)
15800
15848
msgid ""
15801
15849
"sudo certtool --generate-self-signed \\ --load-privkey "
15802
15850
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
15803
15851
"/etc/ssl/certs/cacert.pem"
15804
15852
msgstr ""
15805
15853
15806
#: serverguide/C/network-auth.xml:1363(para)
15854
#: serverguide/C/network-auth.xml:1384(para)
15807
15855
msgid "Make a private key for the server:"
15808
15856
msgstr ""
15809
15857
15810
#: serverguide/C/network-auth.xml:1368(command)
15858
#: serverguide/C/network-auth.xml:1389(command)
15811
15859
msgid ""
15812
15860
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15813
15861
"/etc/ssl/private/ldap01_slapd_key.pem"
15814
15862
msgstr ""
15815
15863
15816
#: serverguide/C/network-auth.xml:1374(para)
15864
#: serverguide/C/network-auth.xml:1395(para)
15817
15865
msgid ""
15818
15866
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15819
15867
"hostname. Naming the certificate and key for the host and service that will "
15820
15868
"be using them will help keep things clear."
15821
15869
msgstr ""
15822
15870
15823
#: serverguide/C/network-auth.xml:1383(para)
15871
#: serverguide/C/network-auth.xml:1404(para)
15824
15872
msgid ""
15825
15873
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
15826
15874
msgstr ""
15827
15875
15828
#: serverguide/C/network-auth.xml:1387(programlisting)
15876
#: serverguide/C/network-auth.xml:1408(programlisting)
15829
15877
#, no-wrap
15830
15878
msgid ""
15831
15879
"\n"
15837
15885
"expiration_days = 3650\n"
15838
15886
msgstr ""
15839
15887
15840
#: serverguide/C/network-auth.xml:1396(para)
15888
#: serverguide/C/network-auth.xml:1417(para)
15841
15889
msgid "The above certificate is good for 10 years. Adjust accordingly."
15842
15890
msgstr ""
15843
15891
15844
#: serverguide/C/network-auth.xml:1402(para)
15892
#: serverguide/C/network-auth.xml:1423(para)
15845
15893
msgid "Create the server's certificate:"
15846
15894
msgstr ""
15847
15895
15848
#: serverguide/C/network-auth.xml:1407(command)
15896
#: serverguide/C/network-auth.xml:1428(command)
15849
15897
msgid ""
15850
15898
"sudo certtool --generate-certificate \\ --load-privkey "
15851
15899
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
15854
15902
"/etc/ssl/certs/ldap01_slapd_cert.pem"
15855
15903
msgstr ""
15856
15904
15857
#: serverguide/C/network-auth.xml:1419(para)
15905
#: serverguide/C/network-auth.xml:1440(para)
15858
15906
msgid ""
15859
15907
"Create the file <filename>certinfo.ldif</filename> with the following "
15860
15908
"contents (adjust accordingly, our example assumes we created certs using "
15861
15909
"https://www.cacert.org):"
15862
15910
msgstr ""
15863
15911
15864
#: serverguide/C/network-auth.xml:1423(programlisting)
15912
#: serverguide/C/network-auth.xml:1444(programlisting)
15865
15913
#, no-wrap
15866
15914
msgid ""
15867
15915
"\n"
15876
15924
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
15877
15925
msgstr ""
15878
15926
15879
#: serverguide/C/network-auth.xml:1435(para)
15927
#: serverguide/C/network-auth.xml:1456(para)
15880
15928
msgid ""
15881
15929
"Use the <application>ldapmodify</application> command to tell slapd about "
15882
15930
"our TLS work via the slapd-config database:"
15883
15931
msgstr ""
15884
15932
15885
#: serverguide/C/network-auth.xml:1440(command)
15933
#: serverguide/C/network-auth.xml:1461(command)
15886
15934
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
15887
15935
msgstr ""
15888
15936
15889
#: serverguide/C/network-auth.xml:1443(para)
15937
#: serverguide/C/network-auth.xml:1464(para)
15890
15938
msgid ""
15891
15939
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
15892
15940
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
15893
15941
"should have just:"
15894
15942
msgstr ""
15895
15943
15896
#: serverguide/C/network-auth.xml:1448(programlisting)
15944
#: serverguide/C/network-auth.xml:1469(programlisting)
15897
15945
#, no-wrap
15898
15946
msgid ""
15899
15947
"\n"
15900
15948
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
15901
15949
msgstr ""
15902
15950
15903
#: serverguide/C/network-auth.xml:1453(para)
15951
#: serverguide/C/network-auth.xml:1474(para)
15904
15952
msgid ""
15905
15953
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
15906
15954
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
15909
15957
"over TCP port 636."
15910
15958
msgstr ""
15911
15959
15912
#: serverguide/C/network-auth.xml:1461(para)
15960
#: serverguide/C/network-auth.xml:1482(para)
15913
15961
msgid "Tighten up ownership and permissions:"
15914
15962
msgstr ""
15915
15963
15916
#: serverguide/C/network-auth.xml:1466(command) serverguide/C/network-auth.xml:1583(command)
15964
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15917
15965
msgid "sudo adduser openldap ssl-cert"
15918
15966
msgstr ""
15919
15967
15920
#: serverguide/C/network-auth.xml:1467(command)
15968
#: serverguide/C/network-auth.xml:1488(command)
15921
15969
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15922
15970
msgstr ""
15923
15971
15924
#: serverguide/C/network-auth.xml:1468(command)
15972
#: serverguide/C/network-auth.xml:1489(command)
15925
15973
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15926
15974
msgstr ""
15927
15975
15928
#: serverguide/C/network-auth.xml:1469(command)
15976
#: serverguide/C/network-auth.xml:1490(command)
15929
15977
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15930
15978
msgstr ""
15931
15979
15932
#: serverguide/C/network-auth.xml:1472(para)
15980
#: serverguide/C/network-auth.xml:1493(para)
15933
15981
msgid "Restart OpenLDAP:"
15934
15982
msgstr ""
15935
15983
15936
#: serverguide/C/network-auth.xml:1480(para)
15984
#: serverguide/C/network-auth.xml:1501(para)
15937
15985
msgid ""
15938
15986
"Check your host's logs (/var/log/syslog) to see if the server has started "
15939
15987
"properly."
15940
15988
msgstr ""
15941
15989
15942
#: serverguide/C/network-auth.xml:1487(title)
15990
#: serverguide/C/network-auth.xml:1508(title)
15943
15991
msgid "Replication and TLS"
15944
15992
msgstr ""
15945
15993
15946
#: serverguide/C/network-auth.xml:1489(para)
15994
#: serverguide/C/network-auth.xml:1510(para)
15947
15995
msgid ""
15948
15996
"If you have set up replication between servers, it is common practice to "
15949
15997
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15951
15999
"section we will build on that TLS-authentication work."
15952
16000
msgstr ""
15953
16001
15954
#: serverguide/C/network-auth.xml:1495(para)
16002
#: serverguide/C/network-auth.xml:1516(para)
15955
16003
msgid ""
15956
16004
"The assumption here is that you have set up replication between Provider and "
15957
16005
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
15959
16007
"linkend=\"openldap-tls\"/>."
15960
16008
msgstr ""
15961
16009
15962
#: serverguide/C/network-auth.xml:1500(para)
16010
#: serverguide/C/network-auth.xml:1521(para)
15963
16011
msgid ""
15964
16012
"As previously stated, the objective (for us) with replication is high "
15965
16013
"availablity for the LDAP service. Since we have TLS for authentication on "
15971
16019
"material over to the Consumer."
15972
16020
msgstr ""
15973
16021
15974
#: serverguide/C/network-auth.xml:1511(para) serverguide/C/network-auth.xml:1668(para)
16022
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
15975
16023
msgid "On the Provider,"
15976
16024
msgstr ""
15977
16025
15978
#: serverguide/C/network-auth.xml:1515(para)
16026
#: serverguide/C/network-auth.xml:1536(para)
15979
16027
msgid ""
15980
16028
"Create a holding directory (which will be used for the eventual transfer) "
15981
16029
"and then the Consumer's private key:"
15982
16030
msgstr ""
15983
16031
15984
#: serverguide/C/network-auth.xml:1520(command)
16032
#: serverguide/C/network-auth.xml:1541(command)
15985
16033
msgid "mkdir ldap02-ssl"
15986
16034
msgstr ""
15987
16035
15988
#: serverguide/C/network-auth.xml:1521(command)
16036
#: serverguide/C/network-auth.xml:1542(command)
15989
16037
msgid "cd ldap02-ssl"
15990
16038
msgstr ""
15991
16039
15992
#: serverguide/C/network-auth.xml:1522(command)
16040
#: serverguide/C/network-auth.xml:1543(command)
15993
16041
msgid ""
15994
16042
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15995
16043
"ldap02_slapd_key.pem"
15996
16044
msgstr ""
15997
16045
15998
#: serverguide/C/network-auth.xml:1527(para)
16046
#: serverguide/C/network-auth.xml:1548(para)
15999
16047
msgid ""
16000
16048
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
16001
"server, adjusting it's values accordingly:"
16049
"server, adjusting its values accordingly:"
16002
16050
msgstr ""
16003
16051
16004
#: serverguide/C/network-auth.xml:1531(programlisting)
16052
#: serverguide/C/network-auth.xml:1552(programlisting)
16005
16053
#, no-wrap
16006
16054
msgid ""
16007
16055
"\n"
16013
16061
"expiration_days = 3650\n"
16014
16062
msgstr ""
16015
16063
16016
#: serverguide/C/network-auth.xml:1540(para)
16064
#: serverguide/C/network-auth.xml:1561(para)
16017
16065
msgid "Create the Consumer's certificate:"
16018
16066
msgstr ""
16019
16067
16020
#: serverguide/C/network-auth.xml:1545(command)
16068
#: serverguide/C/network-auth.xml:1566(command)
16021
16069
msgid ""
16022
16070
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
16023
16071
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
16025
16073
"ldap02_slapd_cert.pem"
16026
16074
msgstr ""
16027
16075
16028
#: serverguide/C/network-auth.xml:1553(para)
16076
#: serverguide/C/network-auth.xml:1574(para)
16029
16077
msgid "Get a copy of the CA certificate:"
16030
16078
msgstr ""
16031
16079
16032
#: serverguide/C/network-auth.xml:1558(command)
16080
#: serverguide/C/network-auth.xml:1579(command)
16033
16081
msgid "cp /etc/ssl/certs/cacert.pem ."
16034
16082
msgstr ""
16035
16083
16036
#: serverguide/C/network-auth.xml:1561(para)
16084
#: serverguide/C/network-auth.xml:1582(para)
16037
16085
msgid ""
16038
16086
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
16039
16087
"the Consumer. Here we use scp (adjust accordingly):"
16040
16088
msgstr ""
16041
16089
16042
#: serverguide/C/network-auth.xml:1566(command)
16090
#: serverguide/C/network-auth.xml:1587(command)
16043
16091
msgid "cd .."
16044
16092
msgstr ""
16045
16093
16046
#: serverguide/C/network-auth.xml:1567(command)
16094
#: serverguide/C/network-auth.xml:1588(command)
16047
16095
msgid "scp -r ldap02-ssl user@consumer:"
16048
16096
msgstr ""
16049
16097
16050
#: serverguide/C/network-auth.xml:1573(para) serverguide/C/network-auth.xml:1621(para)
16098
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
16051
16099
msgid "On the Consumer,"
16052
16100
msgstr ""
16053
16101
16054
#: serverguide/C/network-auth.xml:1577(para)
16102
#: serverguide/C/network-auth.xml:1598(para)
16055
16103
msgid "Configure TLS authentication:"
16056
16104
msgstr ""
16057
16105
16058
#: serverguide/C/network-auth.xml:1582(command)
16106
#: serverguide/C/network-auth.xml:1603(command)
16059
16107
msgid "sudo apt-get install ssl-cert"
16060
16108
msgstr ""
16061
16109
16062
#: serverguide/C/network-auth.xml:1584(command)
16110
#: serverguide/C/network-auth.xml:1605(command)
16063
16111
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
16064
16112
msgstr ""
16065
16113
16066
#: serverguide/C/network-auth.xml:1585(command)
16114
#: serverguide/C/network-auth.xml:1606(command)
16067
16115
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
16068
16116
msgstr ""
16069
16117
16070
#: serverguide/C/network-auth.xml:1586(command)
16118
#: serverguide/C/network-auth.xml:1607(command)
16071
16119
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
16072
16120
msgstr ""
16073
16121
16074
#: serverguide/C/network-auth.xml:1587(command)
16122
#: serverguide/C/network-auth.xml:1608(command)
16075
16123
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
16076
16124
msgstr ""
16077
16125
16078
#: serverguide/C/network-auth.xml:1588(command)
16126
#: serverguide/C/network-auth.xml:1609(command)
16079
16127
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
16080
16128
msgstr ""
16081
16129
16082
#: serverguide/C/network-auth.xml:1591(para)
16130
#: serverguide/C/network-auth.xml:1612(para)
16083
16131
msgid ""
16084
16132
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
16085
16133
"following contents (adjust accordingly):"
16086
16134
msgstr ""
16087
16135
16088
#: serverguide/C/network-auth.xml:1595(programlisting)
16136
#: serverguide/C/network-auth.xml:1616(programlisting)
16089
16137
#, no-wrap
16090
16138
msgid ""
16091
16139
"\n"
16100
16148
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
16101
16149
msgstr ""
16102
16150
16103
#: serverguide/C/network-auth.xml:1607(para)
16151
#: serverguide/C/network-auth.xml:1628(para)
16104
16152
msgid "Configure the slapd-config database:"
16105
16153
msgstr ""
16106
16154
16107
#: serverguide/C/network-auth.xml:1612(command)
16155
#: serverguide/C/network-auth.xml:1633(command)
16108
16156
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
16109
16157
msgstr ""
16110
16158
16111
#: serverguide/C/network-auth.xml:1615(para)
16159
#: serverguide/C/network-auth.xml:1636(para)
16112
16160
msgid ""
16113
16161
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
16114
16162
"(SLAPD_SERVICES)."
16115
16163
msgstr ""
16116
16164
16117
#: serverguide/C/network-auth.xml:1625(para)
16165
#: serverguide/C/network-auth.xml:1646(para)
16118
16166
msgid ""
16119
16167
"Configure TLS for Consumer-side replication. Modify the existing "
16120
16168
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
16122
16170
"value(s)."
16123
16171
msgstr ""
16124
16172
16125
#: serverguide/C/network-auth.xml:1630(para)
16173
#: serverguide/C/network-auth.xml:1651(para)
16126
16174
msgid ""
16127
16175
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
16128
16176
"following contents:"
16129
16177
msgstr ""
16130
16178
16131
#: serverguide/C/network-auth.xml:1634(programlisting)
16179
#: serverguide/C/network-auth.xml:1660(programlisting)
16132
16180
#, no-wrap
16133
16181
msgid ""
16134
16182
"\n"
16143
16191
" starttls=critical tls_reqcert=demand\n"
16144
16192
msgstr ""
16145
16193
16146
#: serverguide/C/network-auth.xml:1644(para)
16194
#: serverguide/C/network-auth.xml:1665(para)
16147
16195
msgid ""
16148
16196
"The extra options specify, respectively, that the consumer must use StartTLS "
16149
16197
"and that the CA certificate is required to verify the Provider's identity. "
16151
16199
"('replace')."
16152
16200
msgstr ""
16153
16201
16154
#: serverguide/C/network-auth.xml:1649(para)
16202
#: serverguide/C/network-auth.xml:1670(para)
16155
16203
msgid "Implement these changes:"
16156
16204
msgstr ""
16157
16205
16158
#: serverguide/C/network-auth.xml:1654(command)
16206
#: serverguide/C/network-auth.xml:1675(command)
16159
16207
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
16160
16208
msgstr ""
16161
16209
16162
#: serverguide/C/network-auth.xml:1657(para)
16210
#: serverguide/C/network-auth.xml:1678(para)
16163
16211
msgid "And restart slapd:"
16164
16212
msgstr ""
16165
16213
16166
#: serverguide/C/network-auth.xml:1672(para)
16214
#: serverguide/C/network-auth.xml:1693(para)
16167
16215
msgid ""
16168
16216
"Check to see that a TLS session has been established. In "
16169
16217
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
16170
16218
"logging set up, you should see messages similar to:"
16171
16219
msgstr ""
16172
16220
16173
#: serverguide/C/network-auth.xml:1677(programlisting)
16221
#: serverguide/C/network-auth.xml:1698(programlisting)
16174
16222
#, no-wrap
16175
16223
msgid ""
16176
16224
"\n"
16187
16235
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
16188
16236
msgstr ""
16189
16237
16190
#: serverguide/C/network-auth.xml:1695(title)
16238
#: serverguide/C/network-auth.xml:1716(title)
16191
16239
msgid "LDAP Authentication"
16192
16240
msgstr ""
16193
16241
16194
#: serverguide/C/network-auth.xml:1697(para)
16242
#: serverguide/C/network-auth.xml:1723(para)
16195
16243
msgid ""
16196
16244
"Once you have a working LDAP server, you will need to install libraries on "
16197
16245
"the client that will know how and when to contact it. On Ubuntu, this has "
16200
16248
"assist you in the configuration step. Install this package now:"
16201
16249
msgstr ""
16202
16250
16203
#: serverguide/C/network-auth.xml:1704(command)
16251
#: serverguide/C/network-auth.xml:1725(command)
16204
16252
msgid "sudo apt-get install libnss-ldap"
16205
16253
msgstr ""
16206
16254
16207
#: serverguide/C/network-auth.xml:1707(para)
16255
#: serverguide/C/network-auth.xml:1728(para)
16208
16256
msgid ""
16209
16257
"You will be prompted for details of your LDAP server. If you make a mistake "
16210
16258
"you can try again using:"
16211
16259
msgstr ""
16212
16260
16213
#: serverguide/C/network-auth.xml:1712(command)
16261
#: serverguide/C/network-auth.xml:1733(command)
16214
16262
msgid "sudo dpkg-reconfigure ldap-auth-config"
16215
16263
msgstr ""
16216
16264
16217
#: serverguide/C/network-auth.xml:1715(para)
16265
#: serverguide/C/network-auth.xml:1736(para)
16218
16266
msgid ""
16219
16267
"The results of the dialog can be seen in "
16220
16268
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
16221
16269
"covered in the menu edit this file accordingly."
16222
16270
msgstr ""
16223
16271
16224
#: serverguide/C/network-auth.xml:1720(para)
16272
#: serverguide/C/network-auth.xml:1741(para)
16225
16273
msgid "Now configure the LDAP profile for NSS:"
16226
16274
msgstr ""
16227
16275
16228
#: serverguide/C/network-auth.xml:1725(command)
16276
#: serverguide/C/network-auth.xml:1746(command)
16229
16277
msgid "sudo auth-client-config -t nss -p lac_ldap"
16230
16278
msgstr ""
16231
16279
16232
#: serverguide/C/network-auth.xml:1728(para)
16280
#: serverguide/C/network-auth.xml:1749(para)
16233
16281
msgid "Configure the system to use LDAP for authentication:"
16234
16282
msgstr ""
16235
16283
16236
#: serverguide/C/network-auth.xml:1733(command)
16284
#: serverguide/C/network-auth.xml:1754(command)
16237
16285
msgid "sudo pam-auth-update"
16238
16286
msgstr ""
16239
16287
16240
#: serverguide/C/network-auth.xml:1736(para)
16288
#: serverguide/C/network-auth.xml:1757(para)
16241
16289
msgid ""
16242
16290
"From the menu, choose LDAP and any other authentication mechanisms you need."
16243
16291
msgstr ""
16244
16292
16245
#: serverguide/C/network-auth.xml:1740(para)
16293
#: serverguide/C/network-auth.xml:1761(para)
16246
16294
msgid "You should now be able to log in using LDAP-based credentials."
16247
16295
msgstr ""
16248
16296
16249
#: serverguide/C/network-auth.xml:1744(para)
16297
#: serverguide/C/network-auth.xml:1765(para)
16250
16298
msgid ""
16251
16299
"LDAP clients will need to refer to multiple servers if replication is in "
16252
16300
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
16253
16301
msgstr ""
16254
16302
16255
#: serverguide/C/network-auth.xml:1749(programlisting)
16303
#: serverguide/C/network-auth.xml:1770(programlisting)
16256
16304
#, no-wrap
16257
16305
msgid ""
16258
16306
"\n"
16259
16307
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
16260
16308
msgstr ""
16261
16309
16262
#: serverguide/C/network-auth.xml:1753(para)
16310
#: serverguide/C/network-auth.xml:1774(para)
16263
16311
msgid ""
16264
16312
"The request will time out and the Consumer (ldap02) will attempt to be "
16265
16313
"reached if the Provider (ldap01) becomes unresponsive."
16266
16314
msgstr ""
16267
16315
16268
#: serverguide/C/network-auth.xml:1757(para)
16316
#: serverguide/C/network-auth.xml:1778(para)
16269
16317
msgid ""
16270
16318
"If you are going to use LDAP to store Samba users you will need to configure "
16271
16319
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
16272
16320
"ldap\"/> for details."
16273
16321
msgstr ""
16274
16322
16275
#: serverguide/C/network-auth.xml:1763(para)
16323
#: serverguide/C/network-auth.xml:1784(para)
16276
16324
msgid ""
16277
16325
"An alternative to the <application>libnss-ldap</application> package is the "
16278
16326
"<application>libnss-ldapd</application> package. This, however, will bring "
16280
16328
"wanted. Simply remove it afterwards."
16281
16329
msgstr ""
16282
16330
16283
#: serverguide/C/network-auth.xml:1773(title)
16331
#: serverguide/C/network-auth.xml:1794(title)
16284
16332
msgid "User and Group Management"
16285
16333
msgstr ""
16286
16334
16287
#: serverguide/C/network-auth.xml:1775(para)
16335
#: serverguide/C/network-auth.xml:1796(para)
16288
16336
msgid ""
16289
16337
"The <application>ldap-utils</application> package comes with enough "
16290
16338
"utilities to manage the directory but the long string of options needed can "
16293
16341
"easier to use."
16294
16342
msgstr ""
16295
16343
16296
#: serverguide/C/network-auth.xml:1781(para)
16344
#: serverguide/C/network-auth.xml:1802(para)
16297
16345
msgid "Install the package:"
16298
16346
msgstr ""
16299
16347
16300
#: serverguide/C/network-auth.xml:1786(command)
16348
#: serverguide/C/network-auth.xml:1807(command)
16301
16349
msgid "sudo apt-get install ldapscripts"
16302
16350
msgstr ""
16303
16351
16304
#: serverguide/C/network-auth.xml:1789(para)
16352
#: serverguide/C/network-auth.xml:1810(para)
16305
16353
msgid ""
16306
16354
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
16307
16355
"arrive at something similar to the following:"
16308
16356
msgstr ""
16309
16357
16310
#: serverguide/C/network-auth.xml:1793(programlisting)
16358
#: serverguide/C/network-auth.xml:1814(programlisting)
16311
16359
#, no-wrap
16312
16360
msgid ""
16313
16361
"\n"
16323
16371
"MIDSTART=10000\n"
16324
16372
msgstr ""
16325
16373
16326
#: serverguide/C/network-auth.xml:1806(para)
16374
#: serverguide/C/network-auth.xml:1827(para)
16327
16375
msgid ""
16328
16376
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
16329
16377
"access to the directory:"
16330
16378
msgstr ""
16331
16379
16332
#: serverguide/C/network-auth.xml:1811(command)
16380
#: serverguide/C/network-auth.xml:1832(command)
16333
16381
msgid ""
16334
16382
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
16335
16383
msgstr ""
16336
16384
16337
#: serverguide/C/network-auth.xml:1812(command)
16385
#: serverguide/C/network-auth.xml:1833(command)
16338
16386
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
16339
16387
msgstr ""
16340
16388
16341
#: serverguide/C/network-auth.xml:1816(para)
16389
#: serverguide/C/network-auth.xml:1837(para)
16342
16390
msgid ""
16343
16391
"Replace <quote>secret</quote> with the actual password for your database's "
16344
16392
"rootDN user."
16345
16393
msgstr ""
16346
16394
16347
#: serverguide/C/network-auth.xml:1821(para)
16395
#: serverguide/C/network-auth.xml:1842(para)
16348
16396
msgid ""
16349
16397
"The scripts are now ready to help manage your directory. Here are some "
16350
16398
"examples of how to use them:"
16351
16399
msgstr ""
16352
16400
16353
#: serverguide/C/network-auth.xml:1828(para)
16401
#: serverguide/C/network-auth.xml:1849(para)
16354
16402
msgid "Create a new user:"
16355
16403
msgstr ""
16356
16404
16357
#: serverguide/C/network-auth.xml:1833(command)
16405
#: serverguide/C/network-auth.xml:1854(command)
16358
16406
msgid "sudo ldapadduser george example"
16359
16407
msgstr ""
16360
16408
16361
#: serverguide/C/network-auth.xml:1836(para)
16409
#: serverguide/C/network-auth.xml:1857(para)
16362
16410
msgid ""
16363
16411
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
16364
16412
"and set the user's primary group (gid) to <emphasis "
16365
16413
"role=\"italic\">example</emphasis>"
16366
16414
msgstr ""
16367
16415
16368
#: serverguide/C/network-auth.xml:1843(para)
16416
#: serverguide/C/network-auth.xml:1864(para)
16369
16417
msgid "Change a user's password:"
16370
16418
msgstr ""
16371
16419
16372
#: serverguide/C/network-auth.xml:1848(command)
16420
#: serverguide/C/network-auth.xml:1869(command)
16373
16421
msgid "sudo ldapsetpasswd george"
16374
16422
msgstr ""
16375
16423
16376
#: serverguide/C/network-auth.xml:1849(computeroutput)
16424
#: serverguide/C/network-auth.xml:1870(computeroutput)
16377
16425
#, no-wrap
16378
16426
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
16379
16427
msgstr ""
16380
16428
16381
#: serverguide/C/network-auth.xml:1850(userinput)
16429
#: serverguide/C/network-auth.xml:1871(userinput)
16382
16430
#, no-wrap
16383
16431
msgid "New Password: "
16384
16432
msgstr ""
16385
16433
16386
#: serverguide/C/network-auth.xml:1851(userinput)
16434
#: serverguide/C/network-auth.xml:1872(userinput)
16387
16435
#, no-wrap
16388
16436
msgid "New Password (verify): "
16389
16437
msgstr ""
16390
16438
16391
#: serverguide/C/network-auth.xml:1857(para)
16439
#: serverguide/C/network-auth.xml:1878(para)
16392
16440
msgid "Delete a user:"
16393
16441
msgstr ""
16394
16442
16395
#: serverguide/C/network-auth.xml:1862(command)
16443
#: serverguide/C/network-auth.xml:1883(command)
16396
16444
msgid "sudo ldapdeleteuser george"
16397
16445
msgstr ""
16398
16446
16399
#: serverguide/C/network-auth.xml:1868(para)
16447
#: serverguide/C/network-auth.xml:1889(para)
16400
16448
msgid "Add a group:"
16401
16449
msgstr ""
16402
16450
16403
#: serverguide/C/network-auth.xml:1873(command)
16451
#: serverguide/C/network-auth.xml:1894(command)
16404
16452
msgid "sudo ldapaddgroup qa"
16405
16453
msgstr ""
16406
16454
16407
#: serverguide/C/network-auth.xml:1879(para)
16455
#: serverguide/C/network-auth.xml:1900(para)
16408
16456
msgid "Delete a group:"
16409
16457
msgstr ""
16410
16458
16411
#: serverguide/C/network-auth.xml:1884(command)
16459
#: serverguide/C/network-auth.xml:1905(command)
16412
16460
msgid "sudo ldapdeletegroup qa"
16413
16461
msgstr ""
16414
16462
16415
#: serverguide/C/network-auth.xml:1890(para)
16463
#: serverguide/C/network-auth.xml:1911(para)
16416
16464
msgid "Add a user to a group:"
16417
16465
msgstr ""
16418
16466
16419
#: serverguide/C/network-auth.xml:1895(command)
16467
#: serverguide/C/network-auth.xml:1916(command)
16420
16468
msgid "sudo ldapaddusertogroup george qa"
16421
16469
msgstr ""
16422
16470
16423
#: serverguide/C/network-auth.xml:1898(para)
16471
#: serverguide/C/network-auth.xml:1919(para)
16424
16472
msgid ""
16425
16473
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
16426
16474
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
16427
16475
"role=\"italic\">george</emphasis>."
16428
16476
msgstr ""
16429
16477
16430
#: serverguide/C/network-auth.xml:1905(para)
16478
#: serverguide/C/network-auth.xml:1926(para)
16431
16479
msgid "Remove a user from a group:"
16432
16480
msgstr ""
16433
16481
16434
#: serverguide/C/network-auth.xml:1910(command)
16482
#: serverguide/C/network-auth.xml:1931(command)
16435
16483
msgid "sudo ldapdeleteuserfromgroup george qa"
16436
16484
msgstr ""
16437
16485
16438
#: serverguide/C/network-auth.xml:1913(para)
16486
#: serverguide/C/network-auth.xml:1934(para)
16439
16487
msgid ""
16440
16488
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
16441
16489
"<emphasis role=\"italic\">qa</emphasis> group."
16442
16490
msgstr ""
16443
16491
16444
#: serverguide/C/network-auth.xml:1920(para)
16492
#: serverguide/C/network-auth.xml:1941(para)
16445
16493
msgid ""
16446
16494
"The <application>ldapmodifyuser</application> script allows you to add, "
16447
16495
"remove, or replace a user's attributes. The script uses the same syntax as "
16448
16496
"the <application>ldapmodify</application> utility. For example:"
16449
16497
msgstr ""
16450
16498
16451
#: serverguide/C/network-auth.xml:1926(command)
16499
#: serverguide/C/network-auth.xml:1947(command)
16452
16500
msgid "sudo ldapmodifyuser george"
16453
16501
msgstr ""
16454
16502
16455
#: serverguide/C/network-auth.xml:1927(computeroutput)
16503
#: serverguide/C/network-auth.xml:1948(computeroutput)
16456
16504
#, no-wrap
16457
16505
msgid ""
16458
16506
"# About to modify the following entry :\n"
16473
16521
"dn: uid=george,ou=People,dc=example,dc=com"
16474
16522
msgstr ""
16475
16523
16476
#: serverguide/C/network-auth.xml:1943(userinput)
16524
#: serverguide/C/network-auth.xml:1964(userinput)
16477
16525
#, no-wrap
16478
16526
msgid ""
16479
16527
"replace: gecos\n"
16480
16528
"gecos: George Carlin"
16481
16529
msgstr ""
16482
16530
16483
#: serverguide/C/network-auth.xml:1947(para)
16531
#: serverguide/C/network-auth.xml:1968(para)
16484
16532
msgid ""
16485
16533
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
16486
16534
"Carlin</quote>."
16487
16535
msgstr ""
16488
16536
16489
#: serverguide/C/network-auth.xml:1953(para)
16537
#: serverguide/C/network-auth.xml:1979(para)
16490
16538
msgid ""
16491
16539
"A nice feature of <application>ldapscripts</application> is the template "
16492
16540
"system. Templates allow you to customize the attributes of user, group, and "
16495
16543
"changing:"
16496
16544
msgstr ""
16497
16545
16498
#: serverguide/C/network-auth.xml:1959(programlisting)
16546
#: serverguide/C/network-auth.xml:1980(programlisting)
16499
16547
#, no-wrap
16500
16548
msgid ""
16501
16549
"\n"
16502
16550
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
16503
16551
msgstr ""
16504
16552
16505
#: serverguide/C/network-auth.xml:1963(para)
16553
#: serverguide/C/network-auth.xml:1984(para)
16506
16554
msgid ""
16507
16555
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
16508
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
16509
"<filename>ldapadduser.template.sample</filename> file to "
16556
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
16557
"rename the <filename>ldapadduser.template.sample</filename> file to "
16510
16558
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
16511
16559
msgstr ""
16512
16560
16513
#: serverguide/C/network-auth.xml:1970(command)
16561
#: serverguide/C/network-auth.xml:1991(command)
16514
16562
msgid ""
16515
16563
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
16516
16564
"/etc/ldapscripts/ldapadduser.template"
16517
16565
msgstr ""
16518
16566
16519
#: serverguide/C/network-auth.xml:1974(para)
16567
#: serverguide/C/network-auth.xml:1995(para)
16520
16568
msgid ""
16521
16569
"Edit the new template to add the desired attributes. The following will "
16522
16570
"create new users with an objectClass of inetOrgPerson:"
16523
16571
msgstr ""
16524
16572
16525
#: serverguide/C/network-auth.xml:1979(programlisting)
16573
#: serverguide/C/network-auth.xml:2000(programlisting)
16526
16574
#, no-wrap
16527
16575
msgid ""
16528
16576
"\n"
16541
16589
"title: Employee\n"
16542
16590
msgstr ""
16543
16591
16544
#: serverguide/C/network-auth.xml:1995(para)
16592
#: serverguide/C/network-auth.xml:2016(para)
16545
16593
msgid ""
16546
16594
"Notice the <emphasis><ask></emphasis> option used for the "
16547
16595
"<emphasis>sn</emphasis> attribute. This will make "
16548
"<application>ldapadduser</application> prompt you for it's value."
16596
"<application>ldapadduser</application> prompt you for its value."
16549
16597
msgstr ""
16550
16598
16551
#: serverguide/C/network-auth.xml:2003(para)
16599
#: serverguide/C/network-auth.xml:2024(para)
16552
16600
msgid ""
16553
16601
"There are utilities in the package that were not covered here. Here is a "
16554
16602
"complete list:"
16555
16603
msgstr ""
16556
16604
16557
#: serverguide/C/network-auth.xml:2008(ulink)
16605
#: serverguide/C/network-auth.xml:2029(ulink)
16558
16606
msgid "ldaprenamemachine"
16559
16607
msgstr ""
16560
16608
16561
#: serverguide/C/network-auth.xml:2009(ulink)
16609
#: serverguide/C/network-auth.xml:2030(ulink)
16562
16610
msgid "ldapadduser"
16563
16611
msgstr ""
16564
16612
16565
#: serverguide/C/network-auth.xml:2010(ulink)
16613
#: serverguide/C/network-auth.xml:2031(ulink)
16566
16614
msgid "ldapdeleteuserfromgroup"
16567
16615
msgstr ""
16568
16616
16569
#: serverguide/C/network-auth.xml:2011(ulink)
16617
#: serverguide/C/network-auth.xml:2032(ulink)
16570
16618
msgid "ldapfinger"
16571
16619
msgstr ""
16572
16620
16573
#: serverguide/C/network-auth.xml:2012(ulink)
16621
#: serverguide/C/network-auth.xml:2033(ulink)
16574
16622
msgid "ldapid"
16575
16623
msgstr ""
16576
16624
16577
#: serverguide/C/network-auth.xml:2013(ulink)
16625
#: serverguide/C/network-auth.xml:2034(ulink)
16578
16626
msgid "ldapgid"
16579
16627
msgstr ""
16580
16628
16581
#: serverguide/C/network-auth.xml:2014(ulink)
16629
#: serverguide/C/network-auth.xml:2035(ulink)
16582
16630
msgid "ldapmodifyuser"
16583
16631
msgstr ""
16584
16632
16585
#: serverguide/C/network-auth.xml:2015(ulink)
16633
#: serverguide/C/network-auth.xml:2036(ulink)
16586
16634
msgid "ldaprenameuser"
16587
16635
msgstr ""
16588
16636
16589
#: serverguide/C/network-auth.xml:2016(ulink)
16637
#: serverguide/C/network-auth.xml:2037(ulink)
16590
16638
msgid "lsldap"
16591
16639
msgstr ""
16592
16640
16593
#: serverguide/C/network-auth.xml:2017(ulink)
16641
#: serverguide/C/network-auth.xml:2038(ulink)
16594
16642
msgid "ldapaddusertogroup"
16595
16643
msgstr ""
16596
16644
16597
#: serverguide/C/network-auth.xml:2018(ulink)
16645
#: serverguide/C/network-auth.xml:2039(ulink)
16598
16646
msgid "ldapsetpasswd"
16599
16647
msgstr ""
16600
16648
16601
#: serverguide/C/network-auth.xml:2019(ulink)
16649
#: serverguide/C/network-auth.xml:2040(ulink)
16602
16650
msgid "ldapinit"
16603
16651
msgstr ""
16604
16652
16605
#: serverguide/C/network-auth.xml:2020(ulink)
16653
#: serverguide/C/network-auth.xml:2041(ulink)
16606
16654
msgid "ldapaddgroup"
16607
16655
msgstr ""
16608
16656
16609
#: serverguide/C/network-auth.xml:2021(ulink)
16657
#: serverguide/C/network-auth.xml:2042(ulink)
16610
16658
msgid "ldapdeletegroup"
16611
16659
msgstr ""
16612
16660
16613
#: serverguide/C/network-auth.xml:2022(ulink)
16661
#: serverguide/C/network-auth.xml:2043(ulink)
16614
16662
msgid "ldapmodifygroup"
16615
16663
msgstr ""
16616
16664
16617
#: serverguide/C/network-auth.xml:2023(ulink)
16665
#: serverguide/C/network-auth.xml:2044(ulink)
16618
16666
msgid "ldapdeletemachine"
16619
16667
msgstr ""
16620
16668
16621
#: serverguide/C/network-auth.xml:2024(ulink)
16669
#: serverguide/C/network-auth.xml:2045(ulink)
16622
16670
msgid "ldaprenamegroup"
16623
16671
msgstr ""
16624
16672
16625
#: serverguide/C/network-auth.xml:2025(ulink)
16673
#: serverguide/C/network-auth.xml:2046(ulink)
16626
16674
msgid "ldapaddmachine"
16627
16675
msgstr ""
16628
16676
16629
#: serverguide/C/network-auth.xml:2026(ulink)
16677
#: serverguide/C/network-auth.xml:2047(ulink)
16630
16678
msgid "ldapmodifymachine"
16631
16679
msgstr ""
16632
16680
16633
#: serverguide/C/network-auth.xml:2027(ulink)
16681
#: serverguide/C/network-auth.xml:2048(ulink)
16634
16682
msgid "ldapsetprimarygroup"
16635
16683
msgstr ""
16636
16684
16637
#: serverguide/C/network-auth.xml:2028(ulink)
16685
#: serverguide/C/network-auth.xml:2049(ulink)
16638
16686
msgid "ldapdeleteuser"
16639
16687
msgstr ""
16640
16688
16641
#: serverguide/C/network-auth.xml:2034(title)
16689
#: serverguide/C/network-auth.xml:2055(title)
16642
16690
msgid "Backup and Restore"
16643
16691
msgstr ""
16644
16692
16645
#: serverguide/C/network-auth.xml:2036(para)
16693
#: serverguide/C/network-auth.xml:2057(para)
16646
16694
msgid ""
16647
16695
"Now we have ldap running just the way we want, it is time to ensure we can "
16648
16696
"save all of our work and restore it as needed."
16649
16697
msgstr ""
16650
16698
16651
#: serverguide/C/network-auth.xml:2041(para)
16699
#: serverguide/C/network-auth.xml:2062(para)
16652
16700
msgid ""
16653
16701
"What we need is a way to backup the ldap database(s), specifically the "
16654
16702
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
16657
16705
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
16658
16706
msgstr ""
16659
16707
16660
#: serverguide/C/network-auth.xml:2051(programlisting)
16708
#: serverguide/C/network-auth.xml:2072(programlisting)
16661
16709
#, no-wrap
16662
16710
msgid ""
16663
16711
"\n"
16672
16720
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
16673
16721
msgstr ""
16674
16722
16675
#: serverguide/C/network-auth.xml:2064(para)
16723
#: serverguide/C/network-auth.xml:2085(para)
16676
16724
msgid ""
16677
16725
"These files are uncompressed text files containing everything in your ldap "
16678
16726
"databases including the tree layout, usernames, and every password. So, you "
16682
16730
"requirements."
16683
16731
msgstr ""
16684
16732
16685
#: serverguide/C/network-auth.xml:2075(para)
16733
#: serverguide/C/network-auth.xml:2096(para)
16686
16734
msgid ""
16687
16735
"Then, it is just a matter of having a cron script to run this program as "
16688
16736
"often as we feel comfortable with. For many, once a day suffices. For "
16691
16739
"22:45h:"
16692
16740
msgstr ""
16693
16741
16694
#: serverguide/C/network-auth.xml:2083(programlisting)
16742
#: serverguide/C/network-auth.xml:2104(programlisting)
16695
16743
#, no-wrap
16696
16744
msgid ""
16697
16745
"\n"
16699
16747
"45 22 * * * root /usr/local/bin/ldapbackup\n"
16700
16748
msgstr ""
16701
16749
16702
#: serverguide/C/network-auth.xml:2088(para)
16750
#: serverguide/C/network-auth.xml:2109(para)
16703
16751
msgid "Now the files are created, they should be copied to a backup server."
16704
16752
msgstr ""
16705
16753
16706
#: serverguide/C/network-auth.xml:2093(para)
16754
#: serverguide/C/network-auth.xml:2114(para)
16707
16755
msgid ""
16708
16756
"Assuming we did a fresh reinstall of ldap, the restore process could be "
16709
16757
"something like this:"
16710
16758
msgstr ""
16711
16759
16712
#: serverguide/C/network-auth.xml:2099(command)
16760
#: serverguide/C/network-auth.xml:2120(command)
16713
16761
msgid "sudo service slapd stop"
16714
16762
msgstr ""
16715
16763
16716
#: serverguide/C/network-auth.xml:2100(command)
16764
#: serverguide/C/network-auth.xml:2121(command)
16717
16765
msgid "sudo mkdir /var/lib/ldap/accesslog"
16718
16766
msgstr ""
16719
16767
16720
#: serverguide/C/network-auth.xml:2101(command)
16768
#: serverguide/C/network-auth.xml:2122(command)
16721
16769
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
16722
16770
msgstr ""
16723
16771
16724
#: serverguide/C/network-auth.xml:2102(command)
16772
#: serverguide/C/network-auth.xml:2123(command)
16725
16773
msgid ""
16726
16774
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
16727
16775
msgstr ""
16728
16776
16729
#: serverguide/C/network-auth.xml:2103(command)
16777
#: serverguide/C/network-auth.xml:2124(command)
16730
16778
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
16731
16779
msgstr ""
16732
16780
16733
#: serverguide/C/network-auth.xml:2104(command)
16781
#: serverguide/C/network-auth.xml:2125(command)
16734
16782
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
16735
16783
msgstr ""
16736
16784
16737
#: serverguide/C/network-auth.xml:2105(command)
16785
#: serverguide/C/network-auth.xml:2126(command)
16738
16786
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
16739
16787
msgstr ""
16740
16788
16741
#: serverguide/C/network-auth.xml:2106(command)
16789
#: serverguide/C/network-auth.xml:2127(command)
16742
16790
msgid "sudo service slapd start"
16743
16791
msgstr ""
16744
16792
16745
#: serverguide/C/network-auth.xml:2117(para)
16793
#: serverguide/C/network-auth.xml:2138(para)
16746
16794
msgid ""
16747
16795
"The primary resource is the upstream documentation: <ulink "
16748
16796
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
16749
16797
msgstr ""
16750
16798
16751
#: serverguide/C/network-auth.xml:2123(para)
16799
#: serverguide/C/network-auth.xml:2144(para)
16752
16800
msgid ""
16753
16801
"There are many man pages that come with the slapd package. Here are some "
16754
16802
"important ones, especially considering the material presented in this guide:"
16755
16803
msgstr ""
16756
16804
16757
#: serverguide/C/network-auth.xml:2129(ulink)
16805
#: serverguide/C/network-auth.xml:2150(ulink)
16758
16806
msgid "slapd"
16759
16807
msgstr ""
16760
16808
16761
#: serverguide/C/network-auth.xml:2130(ulink)
16809
#: serverguide/C/network-auth.xml:2151(ulink)
16762
16810
msgid "slapd-config"
16763
16811
msgstr ""
16764
16812
16765
#: serverguide/C/network-auth.xml:2131(ulink)
16813
#: serverguide/C/network-auth.xml:2152(ulink)
16766
16814
msgid "slapd.access"
16767
16815
msgstr ""
16768
16816
16769
#: serverguide/C/network-auth.xml:2132(ulink)
16817
#: serverguide/C/network-auth.xml:2153(ulink)
16770
16818
msgid "slapo-syncprov"
16771
16819
msgstr ""
16772
16820
16773
#: serverguide/C/network-auth.xml:2138(para)
16821
#: serverguide/C/network-auth.xml:2159(para)
16774
16822
msgid "Other man pages:"
16775
16823
msgstr ""
16776
16824
16777
#: serverguide/C/network-auth.xml:2143(ulink)
16825
#: serverguide/C/network-auth.xml:2164(ulink)
16778
16826
msgid "auth-client-config"
16779
16827
msgstr ""
16780
16828
16781
#: serverguide/C/network-auth.xml:2144(ulink)
16829
#: serverguide/C/network-auth.xml:2165(ulink)
16782
16830
msgid "pam-auth-update"
16783
16831
msgstr ""
16784
16832
16785
#: serverguide/C/network-auth.xml:2150(para)
16833
#: serverguide/C/network-auth.xml:2171(para)
16786
16834
msgid ""
16787
16835
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
16788
16836
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
16789
16837
msgstr ""
16790
16838
16791
#: serverguide/C/network-auth.xml:2156(para)
16839
#: serverguide/C/network-auth.xml:2177(para)
16792
16840
msgid ""
16793
16841
"A Ubuntu community <ulink "
16794
16842
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16795
16843
"wiki</ulink> page has a collection of notes"
16796
16844
msgstr ""
16797
16845
16798
#: serverguide/C/network-auth.xml:2162(para)
16846
#: serverguide/C/network-auth.xml:2183(para)
16799
16847
msgid ""
16800
16848
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16801
16849
"Administration</ulink> (textbook; 2003)"
16802
16850
msgstr ""
16803
16851
16804
#: serverguide/C/network-auth.xml:2168(para)
16852
#: serverguide/C/network-auth.xml:2189(para)
16805
16853
msgid ""
16806
16854
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16807
16855
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
16808
16856
msgstr ""
16809
16857
16810
#: serverguide/C/network-auth.xml:2179(title)
16858
#: serverguide/C/network-auth.xml:2200(title)
16811
16859
msgid "Samba and LDAP"
16812
16860
msgstr ""
16813
16861
16814
#: serverguide/C/network-auth.xml:2181(para)
16862
#: serverguide/C/network-auth.xml:2202(para)
16815
16863
msgid ""
16816
16864
"This section covers the integration of Samba with LDAP. The Samba server's "
16817
16865
"role will be that of a \"standalone\" server and the LDAP directory will "
16818
16866
"provide the authentication layer in addition to containing the user, group, "
16819
16867
"and machine account information that Samba requires in order to function (in "
16820
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
16868
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
16821
16869
"configured with a directory that can accept authentication requests. See "
16822
16870
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
16823
16871
"requirement. Once this section is completed, you will need to decide what "
16824
16872
"specifically you want Samba to do for you and then configure it accordingly."
16825
16873
msgstr ""
16826
16874
16827
#: serverguide/C/network-auth.xml:2190(title)
16875
#: serverguide/C/network-auth.xml:2211(title)
16828
16876
msgid "Software Installation"
16829
16877
msgstr ""
16830
16878
16831
#: serverguide/C/network-auth.xml:2192(para)
16879
#: serverguide/C/network-auth.xml:2213(para)
16832
16880
msgid ""
16833
16881
"There are three packages needed when integrating Samba with LDAP: "
16834
16882
"<application>samba</application>, <application>samba-doc</application>, and "
16835
16883
"<application>smbldap-tools</application> packages."
16836
16884
msgstr ""
16837
16885
16838
#: serverguide/C/network-auth.xml:2197(para)
16886
#: serverguide/C/network-auth.xml:2223(para)
16839
16887
msgid ""
16840
16888
"Strictly speaking, the <application>smbldap-tools</application> package "
16841
16889
"isn't needed, but unless you have some other way to manage the various Samba "
16843
16891
"install it."
16844
16892
msgstr ""
16845
16893
16846
#: serverguide/C/network-auth.xml:2202(para)
16894
#: serverguide/C/network-auth.xml:2223(para)
16847
16895
msgid "Install these packages now:"
16848
16896
msgstr ""
16849
16897
16850
#: serverguide/C/network-auth.xml:2207(command)
16898
#: serverguide/C/network-auth.xml:2228(command)
16851
16899
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16852
16900
msgstr ""
16853
16901
16854
#: serverguide/C/network-auth.xml:2213(title)
16902
#: serverguide/C/network-auth.xml:2234(title)
16855
16903
msgid "LDAP Configuration"
16856
16904
msgstr ""
16857
16905
16858
#: serverguide/C/network-auth.xml:2215(para)
16906
#: serverguide/C/network-auth.xml:2236(para)
16859
16907
msgid ""
16860
16908
"We will now configure the LDAP server so that it can accomodate Samba data. "
16861
16909
"We will perform three tasks in this section:"
16862
16910
msgstr ""
16863
16911
16864
#: serverguide/C/network-auth.xml:2222(para)
16912
#: serverguide/C/network-auth.xml:2243(para)
16865
16913
msgid "Import a schema"
16866
16914
msgstr ""
16867
16915
16868
#: serverguide/C/network-auth.xml:2226(para)
16916
#: serverguide/C/network-auth.xml:2247(para)
16869
16917
msgid "Index some entries"
16870
16918
msgstr ""
16871
16919
16872
#: serverguide/C/network-auth.xml:2230(para)
16920
#: serverguide/C/network-auth.xml:2251(para)
16873
16921
msgid "Add objects"
16874
16922
msgstr ""
16875
16923
16876
#: serverguide/C/network-auth.xml:2236(title)
16924
#: serverguide/C/network-auth.xml:2257(title)
16877
16925
msgid "Samba schema"
16878
16926
msgstr ""
16879
16927
16880
#: serverguide/C/network-auth.xml:2238(para)
16928
#: serverguide/C/network-auth.xml:2259(para)
16881
16929
msgid ""
16882
16930
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16883
16931
"will need to use attributes that can properly describe Samba data. Such "
16885
16933
"now."
16886
16934
msgstr ""
16887
16935
16888
#: serverguide/C/network-auth.xml:2244(para)
16936
#: serverguide/C/network-auth.xml:2265(para)
16889
16937
msgid ""
16890
16938
"For more information on schemas and their installation see <xref "
16891
16939
"linkend=\"openldap-configuration\"/>."
16892
16940
msgstr ""
16893
16941
16894
#: serverguide/C/network-auth.xml:2252(para)
16942
#: serverguide/C/network-auth.xml:2273(para)
16895
16943
msgid ""
16896
16944
"The schema is found in the now-installed <application>samba-"
16897
16945
"doc</application> package. It needs to be unzipped and copied to the "
16898
16946
"<filename>/etc/ldap/schema</filename> directory:"
16899
16947
msgstr ""
16900
16948
16901
#: serverguide/C/network-auth.xml:2258(command)
16949
#: serverguide/C/network-auth.xml:2279(command)
16902
16950
msgid ""
16903
16951
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16904
16952
"/etc/ldap/schema"
16905
16953
msgstr ""
16906
16954
16907
#: serverguide/C/network-auth.xml:2259(command)
16955
#: serverguide/C/network-auth.xml:2280(command)
16908
16956
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16909
16957
msgstr ""
16910
16958
16911
#: serverguide/C/network-auth.xml:2265(para)
16959
#: serverguide/C/network-auth.xml:2286(para)
16912
16960
msgid ""
16913
16961
"Have the configuration file <filename>schema_convert.conf</filename> that "
16914
16962
"contains the following lines:"
16915
16963
msgstr ""
16916
16964
16917
#: serverguide/C/network-auth.xml:2269(programlisting)
16965
#: serverguide/C/network-auth.xml:2290(programlisting)
16918
16966
#, no-wrap
16919
16967
msgid ""
16920
16968
"\n"
16935
16983
"include /etc/ldap/schema/samba.schema\n"
16936
16984
msgstr ""
16937
16985
16938
#: serverguide/C/network-auth.xml:2290(para)
16986
#: serverguide/C/network-auth.xml:2311(para)
16939
16987
msgid "Have the directory <filename>ldif_output</filename> hold output."
16940
16988
msgstr ""
16941
16989
16942
#: serverguide/C/network-auth.xml:2301(command)
16990
#: serverguide/C/network-auth.xml:2322(command)
16943
16991
msgid ""
16944
16992
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16945
16993
msgstr ""
16946
16994
16947
#: serverguide/C/network-auth.xml:2302(computeroutput)
16995
#: serverguide/C/network-auth.xml:2323(computeroutput)
16948
16996
#, no-wrap
16949
16997
msgid ""
16950
16998
"\n"
16951
16999
"dn: cn={14}samba,cn=schema,cn=config\n"
16952
17000
msgstr ""
16953
17001
16954
#: serverguide/C/network-auth.xml:2310(para)
17002
#: serverguide/C/network-auth.xml:2331(para)
16955
17003
msgid "Convert the schema to LDIF format:"
16956
17004
msgstr ""
16957
17005
16958
#: serverguide/C/network-auth.xml:2315(command)
17006
#: serverguide/C/network-auth.xml:2336(command)
16959
17007
msgid ""
16960
17008
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16961
17009
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16962
17010
msgstr ""
16963
17011
16964
#: serverguide/C/network-auth.xml:2322(para)
17012
#: serverguide/C/network-auth.xml:2343(para)
16965
17013
msgid ""
16966
17014
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16967
17015
"information to arrive at:"
16968
17016
msgstr ""
16969
17017
16970
#: serverguide/C/network-auth.xml:2326(programlisting)
17018
#: serverguide/C/network-auth.xml:2347(programlisting)
16971
17019
#, no-wrap
16972
17020
msgid ""
16973
17021
"\n"
16976
17024
"cn: samba\n"
16977
17025
msgstr ""
16978
17026
16979
#: serverguide/C/network-auth.xml:2332(para)
17027
#: serverguide/C/network-auth.xml:2353(para)
16980
17028
msgid "Remove the bottom lines:"
16981
17029
msgstr ""
16982
17030
16983
#: serverguide/C/network-auth.xml:2336(programlisting)
17031
#: serverguide/C/network-auth.xml:2357(programlisting)
16984
17032
#, no-wrap
16985
17033
msgid ""
16986
17034
"\n"
16993
17041
"modifyTimestamp: 20080827045234Z\n"
16994
17042
msgstr ""
16995
17043
16996
#: serverguide/C/network-auth.xml:2352(para)
17044
#: serverguide/C/network-auth.xml:2373(para)
16997
17045
msgid "Add the new schema:"
16998
17046
msgstr ""
16999
17047
17000
#: serverguide/C/network-auth.xml:2357(command)
17048
#: serverguide/C/network-auth.xml:2378(command)
17001
17049
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
17002
17050
msgstr ""
17003
17051
17004
#: serverguide/C/network-auth.xml:2360(para)
17052
#: serverguide/C/network-auth.xml:2381(para)
17005
17053
msgid "To query and view this new schema:"
17006
17054
msgstr ""
17007
17055
17008
#: serverguide/C/network-auth.xml:2365(command)
17056
#: serverguide/C/network-auth.xml:2386(command)
17009
17057
msgid ""
17010
17058
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
17011
17059
"'cn=*samba*'"
17012
17060
msgstr ""
17013
17061
17014
#: serverguide/C/network-auth.xml:2375(title)
17062
#: serverguide/C/network-auth.xml:2396(title)
17015
17063
msgid "Samba indices"
17016
17064
msgstr ""
17017
17065
17018
#: serverguide/C/network-auth.xml:2377(para)
17066
#: serverguide/C/network-auth.xml:2398(para)
17019
17067
msgid ""
17020
17068
"Now that slapd knows about the Samba attributes, we can set up some indices "
17021
17069
"based on them. Indexing entries is a way to improve performance when a "
17022
17070
"client performs a filtered search on the DIT."
17023
17071
msgstr ""
17024
17072
17025
#: serverguide/C/network-auth.xml:2382(para)
17073
#: serverguide/C/network-auth.xml:2403(para)
17026
17074
msgid ""
17027
17075
"Create the file <filename>samba_indices.ldif</filename> with the following "
17028
17076
"contents:"
17029
17077
msgstr ""
17030
17078
17031
#: serverguide/C/network-auth.xml:2386(programlisting)
17079
#: serverguide/C/network-auth.xml:2407(programlisting)
17032
17080
#, no-wrap
17033
17081
msgid ""
17034
17082
"\n"
17049
17097
"olcDbIndex: default sub\n"
17050
17098
msgstr ""
17051
17099
17052
#: serverguide/C/network-auth.xml:2404(para)
17100
#: serverguide/C/network-auth.xml:2425(para)
17053
17101
msgid ""
17054
17102
"Using the <application>ldapmodify</application> utility load the new indices:"
17055
17103
msgstr ""
17056
17104
17057
#: serverguide/C/network-auth.xml:2409(command)
17105
#: serverguide/C/network-auth.xml:2430(command)
17058
17106
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
17059
17107
msgstr ""
17060
17108
17061
#: serverguide/C/network-auth.xml:2412(para)
17109
#: serverguide/C/network-auth.xml:2433(para)
17062
17110
msgid ""
17063
17111
"If all went well you should see the new indices using "
17064
17112
"<application>ldapsearch</application>:"
17065
17113
msgstr ""
17066
17114
17067
#: serverguide/C/network-auth.xml:2417(command)
17115
#: serverguide/C/network-auth.xml:2438(command)
17068
17116
msgid ""
17069
17117
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
17070
17118
"olcDatabase={1}hdb olcDbIndex"
17071
17119
msgstr ""
17072
17120
17073
#: serverguide/C/network-auth.xml:2424(title)
17121
#: serverguide/C/network-auth.xml:2445(title)
17074
17122
msgid "Adding Samba LDAP objects"
17075
17123
msgstr ""
17076
17124
17077
#: serverguide/C/network-auth.xml:2426(para)
17125
#: serverguide/C/network-auth.xml:2452(para)
17078
17126
msgid ""
17079
17127
"Next, configure the <application>smbldap-tools</application> package to "
17080
17128
"match your environment. The package is supposed to come with a configuration "
17085
17133
"smbldap-tools')."
17086
17134
msgstr ""
17087
17135
17088
#: serverguide/C/network-auth.xml:2433(para)
17136
#: serverguide/C/network-auth.xml:2459(para)
17089
17137
msgid ""
17090
17138
"To manually configure the package, you need to create and edit the files "
17091
17139
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
17092
17140
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
17093
17141
msgstr ""
17094
17142
17095
#: serverguide/C/network-auth.xml:2438(para)
17143
#: serverguide/C/network-auth.xml:2464(para)
17096
17144
msgid ""
17097
17145
"The <application>smbldap-populate</application> script will then add the "
17098
17146
"LDAP objects required for Samba. It is a good idea to first make a backup of "
17099
17147
"your DIT using <application>slapcat</application>:"
17100
17148
msgstr ""
17101
17149
17102
#: serverguide/C/network-auth.xml:2444(command)
17150
#: serverguide/C/network-auth.xml:2473(command)
17103
17151
msgid "sudo slapcat -l backup.ldif"
17104
17152
msgstr ""
17105
17153
17106
#: serverguide/C/network-auth.xml:2447(para)
17154
#: serverguide/C/network-auth.xml:2476(para)
17107
17155
msgid "Once you have a backup proceed to populate your directory:"
17108
17156
msgstr ""
17109
17157
17110
#: serverguide/C/network-auth.xml:2452(command)
17158
#: serverguide/C/network-auth.xml:2481(command)
17111
17159
msgid "sudo smbldap-populate"
17112
17160
msgstr ""
17113
17161
17114
#: serverguide/C/network-auth.xml:2455(para)
17162
#: serverguide/C/network-auth.xml:2484(para)
17115
17163
msgid ""
17116
17164
"You can create a LDIF file containing the new Samba objects by executing "
17117
17165
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
17118
17166
"look over the changes making sure everything is correct. If it is, rerun the "
17119
17167
"script without the '-e' switch. Alternatively, you can take the LDIF file "
17120
"and import it's data per usual."
17168
"and import its data per usual."
17121
17169
msgstr ""
17122
17170
17123
#: serverguide/C/network-auth.xml:2461(para)
17171
#: serverguide/C/network-auth.xml:2490(para)
17124
17172
msgid ""
17125
17173
"Your LDAP directory now has the necessary information to authenticate Samba "
17126
17174
"users."
17127
17175
msgstr ""
17128
17176
17129
#: serverguide/C/network-auth.xml:2470(title)
17177
#: serverguide/C/network-auth.xml:2499(title)
17130
17178
msgid "Samba Configuration"
17131
17179
msgstr ""
17132
17180
17133
#: serverguide/C/network-auth.xml:2472(para)
17181
#: serverguide/C/network-auth.xml:2498(para)
17134
17182
msgid ""
17135
17183
"There are multiple ways to configure Samba. For details on some common "
17136
17184
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
17137
"LDAP, edit it's configuration file <filename>/etc/samba/smb.conf</filename> "
17185
"LDAP, edit its configuration file <filename>/etc/samba/smb.conf</filename> "
17138
17186
"commenting out the default <emphasis>passdb backend</emphasis> parameter and "
17139
17187
"adding some ldap-related ones:"
17140
17188
msgstr ""
17141
17189
17142
#: serverguide/C/network-auth.xml:2478(programlisting)
17190
#: serverguide/C/network-auth.xml:2507(programlisting)
17143
17191
#, no-wrap
17144
17192
msgid ""
17145
17193
"\n"
17159
17207
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
17160
17208
msgstr ""
17161
17209
17162
#: serverguide/C/network-auth.xml:2495(para)
17210
#: serverguide/C/network-auth.xml:2524(para)
17163
17211
msgid "Change the values to match your environment."
17164
17212
msgstr ""
17165
17213
17166
#: serverguide/C/network-auth.xml:2499(para)
17214
#: serverguide/C/network-auth.xml:2528(para)
17167
17215
msgid "Restart <application>samba</application> to enable the new settings:"
17168
17216
msgstr ""
17169
17217
17170
#: serverguide/C/network-auth.xml:2508(para)
17218
#: serverguide/C/network-auth.xml:2537(para)
17171
17219
msgid ""
17172
17220
"Now inform Samba about the rootDN user's password (the one set during the "
17173
17221
"installation of the slapd package):"
17174
17222
msgstr ""
17175
17223
17176
#: serverguide/C/network-auth.xml:2513(command)
17224
#: serverguide/C/network-auth.xml:2542(command)
17177
17225
msgid "sudo smbpasswd -w password"
17178
17226
msgstr ""
17179
17227
17180
#: serverguide/C/network-auth.xml:2516(para)
17228
#: serverguide/C/network-auth.xml:2545(para)
17181
17229
msgid ""
17182
17230
"If you have existing LDAP users that you want to include in your new LDAP-"
17183
17231
"backed Samba they will, of course, also need to be given some of the extra "
17187
17235
"<application>libnss-ldap</application>):"
17188
17236
msgstr ""
17189
17237
17190
#: serverguide/C/network-auth.xml:2524(command)
17238
#: serverguide/C/network-auth.xml:2553(command)
17191
17239
msgid "sudo smbpasswd -a username"
17192
17240
msgstr ""
17193
17241
17194
#: serverguide/C/network-auth.xml:2527(para)
17242
#: serverguide/C/network-auth.xml:2556(para)
17195
17243
msgid ""
17196
17244
"You will prompted to enter a password. It will be considered as the new "
17197
17245
"password for that user. Making it the same as before is reasonable."
17198
17246
msgstr ""
17199
17247
17200
#: serverguide/C/network-auth.xml:2531(para)
17248
#: serverguide/C/network-auth.xml:2560(para)
17201
17249
msgid ""
17202
17250
"To manage user, group, and machine accounts use the utilities provided by "
17203
17251
"the <application>smbldap-tools</application> package. Here are some examples:"
17204
17252
msgstr ""
17205
17253
17206
#: serverguide/C/network-auth.xml:2539(para)
17254
#: serverguide/C/network-auth.xml:2568(para)
17207
17255
msgid "To add a new user:"
17208
17256
msgstr ""
17209
17257
17210
#: serverguide/C/network-auth.xml:2544(command)
17258
#: serverguide/C/network-auth.xml:2573(command)
17211
17259
msgid "sudo smbldap-useradd -a -P username"
17212
17260
msgstr ""
17213
17261
17214
#: serverguide/C/network-auth.xml:2547(para)
17262
#: serverguide/C/network-auth.xml:2576(para)
17215
17263
msgid ""
17216
17264
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
17217
17265
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
17219
17267
"a password for the user."
17220
17268
msgstr ""
17221
17269
17222
#: serverguide/C/network-auth.xml:2554(para)
17270
#: serverguide/C/network-auth.xml:2583(para)
17223
17271
msgid "To remove a user:"
17224
17272
msgstr ""
17225
17273
17226
#: serverguide/C/network-auth.xml:2559(command)
17274
#: serverguide/C/network-auth.xml:2588(command)
17227
17275
msgid "sudo smbldap-userdel username"
17228
17276
msgstr ""
17229
17277
17230
#: serverguide/C/network-auth.xml:2562(para)
17278
#: serverguide/C/network-auth.xml:2591(para)
17231
17279
msgid ""
17232
17280
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
17233
17281
"user's home directory."
17234
17282
msgstr ""
17235
17283
17236
#: serverguide/C/network-auth.xml:2568(para)
17284
#: serverguide/C/network-auth.xml:2597(para)
17237
17285
msgid "To add a group:"
17238
17286
msgstr ""
17239
17287
17240
#: serverguide/C/network-auth.xml:2573(command)
17288
#: serverguide/C/network-auth.xml:2602(command)
17241
17289
msgid "sudo smbldap-groupadd -a groupname"
17242
17290
msgstr ""
17243
17291
17244
#: serverguide/C/network-auth.xml:2576(para)
17292
#: serverguide/C/network-auth.xml:2605(para)
17245
17293
msgid ""
17246
17294
"As for <application>smbldap-useradd</application>, the <emphasis>-"
17247
17295
"a</emphasis> adds the Samba attributes."
17248
17296
msgstr ""
17249
17297
17250
#: serverguide/C/network-auth.xml:2582(para)
17298
#: serverguide/C/network-auth.xml:2611(para)
17251
17299
msgid "To make an existing user a member of a group:"
17252
17300
msgstr ""
17253
17301
17254
#: serverguide/C/network-auth.xml:2587(command)
17302
#: serverguide/C/network-auth.xml:2616(command)
17255
17303
msgid "sudo smbldap-groupmod -m username groupname"
17256
17304
msgstr ""
17257
17305
17258
#: serverguide/C/network-auth.xml:2590(para)
17306
#: serverguide/C/network-auth.xml:2619(para)
17259
17307
msgid ""
17260
17308
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
17261
17309
"listing them in comma-separated format."
17262
17310
msgstr ""
17263
17311
17264
#: serverguide/C/network-auth.xml:2596(para)
17312
#: serverguide/C/network-auth.xml:2625(para)
17265
17313
msgid "To remove a user from a group:"
17266
17314
msgstr ""
17267
17315
17268
#: serverguide/C/network-auth.xml:2601(command)
17316
#: serverguide/C/network-auth.xml:2630(command)
17269
17317
msgid "sudo smbldap-groupmod -x username groupname"
17270
17318
msgstr ""
17271
17319
17272
#: serverguide/C/network-auth.xml:2607(para)
17320
#: serverguide/C/network-auth.xml:2636(para)
17273
17321
msgid "To add a Samba machine account:"
17274
17322
msgstr ""
17275
17323
17276
#: serverguide/C/network-auth.xml:2612(command)
17324
#: serverguide/C/network-auth.xml:2641(command)
17277
17325
msgid "sudo smbldap-useradd -t 0 -w username"
17278
17326
msgstr ""
17279
17327
17280
#: serverguide/C/network-auth.xml:2615(para)
17328
#: serverguide/C/network-auth.xml:2644(para)
17281
17329
msgid ""
17282
17330
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
17283
17331
"<emphasis>-t 0</emphasis> option creates the machine account without a "
17287
17335
"<application>smbldap-useradd</application>."
17288
17336
msgstr ""
17289
17337
17290
#: serverguide/C/network-auth.xml:2624(para)
17338
#: serverguide/C/network-auth.xml:2653(para)
17291
17339
msgid ""
17292
17340
"There are utilities in the <application>smbldap-tools</application> package "
17293
17341
"that were not covered here. Here is a complete list:"
17294
17342
msgstr ""
17295
17343
17296
#: serverguide/C/network-auth.xml:2629(ulink)
17344
#: serverguide/C/network-auth.xml:2658(ulink)
17297
17345
msgid "smbldap-groupadd"
17298
17346
msgstr ""
17299
17347
17300
#: serverguide/C/network-auth.xml:2630(ulink)
17348
#: serverguide/C/network-auth.xml:2659(ulink)
17301
17349
msgid "smbldap-groupdel"
17302
17350
msgstr ""
17303
17351
17304
#: serverguide/C/network-auth.xml:2631(ulink)
17352
#: serverguide/C/network-auth.xml:2660(ulink)
17305
17353
msgid "smbldap-groupmod"
17306
17354
msgstr ""
17307
17355
17308
#: serverguide/C/network-auth.xml:2632(ulink)
17356
#: serverguide/C/network-auth.xml:2661(ulink)
17309
17357
msgid "smbldap-groupshow"
17310
17358
msgstr ""
17311
17359
17312
#: serverguide/C/network-auth.xml:2633(ulink)
17360
#: serverguide/C/network-auth.xml:2662(ulink)
17313
17361
msgid "smbldap-passwd"
17314
17362
msgstr ""
17315
17363
17316
#: serverguide/C/network-auth.xml:2634(ulink)
17364
#: serverguide/C/network-auth.xml:2663(ulink)
17317
17365
msgid "smbldap-populate"
17318
17366
msgstr ""
17319
17367
17320
#: serverguide/C/network-auth.xml:2635(ulink)
17368
#: serverguide/C/network-auth.xml:2664(ulink)
17321
17369
msgid "smbldap-useradd"
17322
17370
msgstr ""
17323
17371
17324
#: serverguide/C/network-auth.xml:2636(ulink)
17372
#: serverguide/C/network-auth.xml:2665(ulink)
17325
17373
msgid "smbldap-userdel"
17326
17374
msgstr ""
17327
17375
17328
#: serverguide/C/network-auth.xml:2637(ulink)
17376
#: serverguide/C/network-auth.xml:2666(ulink)
17329
17377
msgid "smbldap-userinfo"
17330
17378
msgstr ""
17331
17379
17332
#: serverguide/C/network-auth.xml:2638(ulink)
17380
#: serverguide/C/network-auth.xml:2667(ulink)
17333
17381
msgid "smbldap-userlist"
17334
17382
msgstr ""
17335
17383
17336
#: serverguide/C/network-auth.xml:2639(ulink)
17384
#: serverguide/C/network-auth.xml:2668(ulink)
17337
17385
msgid "smbldap-usermod"
17338
17386
msgstr ""
17339
17387
17340
#: serverguide/C/network-auth.xml:2640(ulink)
17388
#: serverguide/C/network-auth.xml:2669(ulink)
17341
17389
msgid "smbldap-usershow"
17342
17390
msgstr ""
17343
17391
17344
#: serverguide/C/network-auth.xml:2651(para)
17392
#: serverguide/C/network-auth.xml:2677(para)
17345
17393
msgid ""
17346
17394
"For more information on installing and configuring Samba see <xref "
17347
17395
"linkend=\"samba\"/> of this Ubuntu Server Guide."
17348
17396
msgstr ""
17349
17397
17350
#: serverguide/C/network-auth.xml:2657(para)
17398
#: serverguide/C/network-auth.xml:2686(para)
17351
17399
msgid ""
17352
17400
"There are multiple places where LDAP and Samba is documented in the upstream "
17353
17401
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
17354
17402
"HOWTO Collection</ulink>."
17355
17403
msgstr ""
17356
17404
17357
#: serverguide/C/network-auth.xml:2664(para)
17405
#: serverguide/C/network-auth.xml:2693(para)
17358
17406
msgid ""
17359
17407
"Regarding the above, see specifically the <ulink "
17360
17408
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
17361
17409
"Collection/passdb.html\">passdb section</ulink>."
17362
17410
msgstr ""
17363
17411
17364
#: serverguide/C/network-auth.xml:2670(para)
17412
#: serverguide/C/network-auth.xml:2699(para)
17365
17413
msgid ""
17366
17414
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
17367
17415
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
17368
17416
"valuable notes."
17369
17417
msgstr ""
17370
17418
17371
#: serverguide/C/network-auth.xml:2676(para)
17419
#: serverguide/C/network-auth.xml:2705(para)
17372
17420
msgid ""
17373
17421
"The main page of the <ulink "
17374
17422
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
17376
17424
"prove useful."
17377
17425
msgstr ""
17378
17426
17379
#: serverguide/C/network-auth.xml:2689(title)
17427
#: serverguide/C/network-auth.xml:2718(title)
17380
17428
msgid "Kerberos"
17381
17429
msgstr "Kerberos"
17382
17430
17383
#: serverguide/C/network-auth.xml:2691(para)
17431
#: serverguide/C/network-auth.xml:2720(para)
17384
17432
msgid ""
17385
17433
"<application>Kerberos</application> is a network authentication system based "
17386
17434
"on the principal of a trusted third party. The other two parties being the "
17389
17437
"network environment one step closer to being Single Sign On (SSO)."
17390
17438
msgstr ""
17391
17439
17392
#: serverguide/C/network-auth.xml:2697(para)
17440
#: serverguide/C/network-auth.xml:2726(para)
17393
17441
msgid ""
17394
17442
"This section covers installation and configuration of a Kerberos server, and "
17395
17443
"some example client configurations."
17396
17444
msgstr ""
17397
17445
17398
#: serverguide/C/network-auth.xml:2702(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:545(title)
17446
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
17399
17447
msgid "Overview"
17400
17448
msgstr "概览"
17401
17449
17402
#: serverguide/C/network-auth.xml:2704(para)
17450
#: serverguide/C/network-auth.xml:2733(para)
17403
17451
msgid ""
17404
17452
"If you are new to Kerberos there are a few terms that are good to understand "
17405
17453
"before setting up a Kerberos server. Most of the terms will relate to things "
17406
17454
"you may be familiar with in other environments:"
17407
17455
msgstr ""
17408
17456
17409
#: serverguide/C/network-auth.xml:2711(para)
17457
#: serverguide/C/network-auth.xml:2740(para)
17410
17458
msgid ""
17411
17459
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
17412
17460
"by servers need to be defined as Kerberos Principals."
17413
17461
msgstr ""
17414
17462
17415
#: serverguide/C/network-auth.xml:2716(para)
17463
#: serverguide/C/network-auth.xml:2745(para)
17416
17464
msgid ""
17417
17465
"<emphasis>Instances:</emphasis> are used for service principals and special "
17418
17466
"administrative principals."
17419
17467
msgstr ""
17420
17468
17421
#: serverguide/C/network-auth.xml:2721(para)
17469
#: serverguide/C/network-auth.xml:2750(para)
17422
17470
msgid ""
17423
17471
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
17424
17472
"Kerberos installation. Think of it as the domain or group your hosts and "
17427
17475
"as the realm."
17428
17476
msgstr ""
17429
17477
17430
#: serverguide/C/network-auth.xml:2730(para)
17478
#: serverguide/C/network-auth.xml:2759(para)
17431
17479
msgid ""
17432
17480
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
17433
17481
"a database of all principals, the authentication server, and the ticket "
17434
17482
"granting server. For each realm there must be at least one KDC."
17435
17483
msgstr ""
17436
17484
17437
#: serverguide/C/network-auth.xml:2736(para)
17485
#: serverguide/C/network-auth.xml:2765(para)
17438
17486
msgid ""
17439
17487
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
17440
17488
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
17441
17489
"password which is known only to the user and the KDC."
17442
17490
msgstr ""
17443
17491
17444
#: serverguide/C/network-auth.xml:2742(para)
17492
#: serverguide/C/network-auth.xml:2771(para)
17445
17493
msgid ""
17446
17494
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
17447
17495
"clients upon request."
17448
17496
msgstr ""
17449
17497
17450
#: serverguide/C/network-auth.xml:2747(para)
17498
#: serverguide/C/network-auth.xml:2776(para)
17451
17499
msgid ""
17452
17500
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
17453
17501
"One principal being a user and the other a service requested by the user. "
17455
17503
"authenticated session."
17456
17504
msgstr ""
17457
17505
17458
#: serverguide/C/network-auth.xml:2753(para)
17506
#: serverguide/C/network-auth.xml:2782(para)
17459
17507
msgid ""
17460
17508
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
17461
17509
"principal database and contain the encryption key for a service or host."
17462
17510
msgstr ""
17463
17511
17464
#: serverguide/C/network-auth.xml:2760(para)
17512
#: serverguide/C/network-auth.xml:2789(para)
17465
17513
msgid ""
17466
17514
"To put the pieces together, a Realm has at least one KDC, preferably more "
17467
17515
"for redundancy, which contains a database of Principals. When a user "
17473
17521
"entering another username and password."
17474
17522
msgstr ""
17475
17523
17476
#: serverguide/C/network-auth.xml:2769(title)
17524
#: serverguide/C/network-auth.xml:2798(title)
17477
17525
msgid "Kerberos Server"
17478
17526
msgstr ""
17479
17527
17480
#: serverguide/C/network-auth.xml:2773(para)
17528
#: serverguide/C/network-auth.xml:2802(para)
17481
17529
msgid ""
17482
17530
"For this discussion, we will create a MIT Kerberos domain with the following "
17483
17531
"features (edit them to fit your needs):"
17484
17532
msgstr ""
17485
17533
17486
#: serverguide/C/network-auth.xml:2780(para)
17534
#: serverguide/C/network-auth.xml:2809(para)
17487
17535
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
17488
17536
msgstr ""
17489
17537
17490
#: serverguide/C/network-auth.xml:2785(para)
17538
#: serverguide/C/network-auth.xml:2814(para)
17491
17539
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
17492
17540
msgstr ""
17493
17541
17494
#: serverguide/C/network-auth.xml:2790(para)
17542
#: serverguide/C/network-auth.xml:2819(para)
17495
17543
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
17496
17544
msgstr ""
17497
17545
17498
#: serverguide/C/network-auth.xml:2795(para)
17546
#: serverguide/C/network-auth.xml:2824(para)
17499
17547
msgid "<emphasis>User principal:</emphasis> steve"
17500
17548
msgstr ""
17501
17549
17502
#: serverguide/C/network-auth.xml:2800(para)
17550
#: serverguide/C/network-auth.xml:2829(para)
17503
17551
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
17504
17552
msgstr ""
17505
17553
17506
#: serverguide/C/network-auth.xml:2807(para)
17554
#: serverguide/C/network-auth.xml:2836(para)
17507
17555
msgid ""
17508
17556
"It is <emphasis>strongly</emphasis> recommended that your network-"
17509
17557
"authenticated users have their uid in a different range (say, starting at "
17510
17558
"5000) than that of your local users."
17511
17559
msgstr ""
17512
17560
17513
#: serverguide/C/network-auth.xml:2813(para)
17561
#: serverguide/C/network-auth.xml:2842(para)
17514
17562
msgid ""
17515
17563
"Before installing the Kerberos server a properly configured DNS server is "
17516
17564
"needed for your domain. Since the Kerberos Realm by convention matches the "
17519
17567
"documentation."
17520
17568
msgstr ""
17521
17569
17522
#: serverguide/C/network-auth.xml:2819(para)
17570
#: serverguide/C/network-auth.xml:2848(para)
17523
17571
msgid ""
17524
17572
"Also, Kerberos is a time sensitive protocol. So if the local system time "
17525
17573
"between a client machine and the server differs by more than five minutes "
17529
17577
"setting up NTP see <xref linkend=\"NTP\"/>."
17530
17578
msgstr ""
17531
17579
17532
#: serverguide/C/network-auth.xml:2827(para)
17580
#: serverguide/C/network-auth.xml:2856(para)
17533
17581
msgid ""
17534
17582
"The first step in creating a Kerberos Realm is to install the "
17535
17583
"<application>krb5-kdc</application> and <application>krb5-admin-"
17536
17584
"server</application> packages. From a terminal enter:"
17537
17585
msgstr ""
17538
17586
17539
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:3040(command)
17587
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
17540
17588
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
17541
17589
msgstr ""
17542
17590
17543
#: serverguide/C/network-auth.xml:2836(para)
17591
#: serverguide/C/network-auth.xml:2865(para)
17544
17592
msgid ""
17545
17593
"You will be asked at the end of the install to supply the hostname for the "
17546
17594
"Kerberos and Admin servers, which may or may not be the same server, for the "
17547
17595
"realm."
17548
17596
msgstr ""
17549
17597
17550
#: serverguide/C/network-auth.xml:2843(para)
17598
#: serverguide/C/network-auth.xml:2872(para)
17551
17599
msgid "By default the realm is created from the KDC's domain name."
17552
17600
msgstr ""
17553
17601
17554
#: serverguide/C/network-auth.xml:2848(para)
17602
#: serverguide/C/network-auth.xml:2877(para)
17555
17603
msgid ""
17556
17604
"Next, create the new realm with the <application>kdb5_newrealm</application> "
17557
17605
"utility:"
17558
17606
msgstr ""
17559
17607
17560
#: serverguide/C/network-auth.xml:2853(command)
17608
#: serverguide/C/network-auth.xml:2882(command)
17561
17609
msgid "sudo krb5_newrealm"
17562
17610
msgstr ""
17563
17611
17564
#: serverguide/C/network-auth.xml:2860(para)
17612
#: serverguide/C/network-auth.xml:2889(para)
17565
17613
msgid ""
17566
17614
"The questions asked during installation are used to configure the "
17567
17615
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
17571
17619
"typing"
17572
17620
msgstr ""
17573
17621
17574
#: serverguide/C/network-auth.xml:2867(command)
17622
#: serverguide/C/network-auth.xml:2896(command)
17575
17623
msgid "sudo dpkg-reconfigure krb5-kdc"
17576
17624
msgstr ""
17577
17625
17578
#: serverguide/C/network-auth.xml:2873(para)
17626
#: serverguide/C/network-auth.xml:2902(para)
17579
17627
msgid ""
17580
17628
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
17581
17629
"principal</emphasis> -- is needed. It is recommended to use a different "
17583
17631
"<application>kadmin.local</application> utility in a terminal prompt enter:"
17584
17632
msgstr ""
17585
17633
17586
#: serverguide/C/network-auth.xml:2881(command) serverguide/C/network-auth.xml:3751(command)
17634
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
17587
17635
msgid "sudo kadmin.local"
17588
17636
msgstr ""
17589
17637
17590
#: serverguide/C/network-auth.xml:2882(computeroutput)
17638
#: serverguide/C/network-auth.xml:2911(computeroutput)
17591
17639
#, no-wrap
17592
17640
msgid ""
17593
17641
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17594
17642
"kadmin.local:"
17595
17643
msgstr ""
17596
17644
17597
#: serverguide/C/network-auth.xml:2883(userinput)
17645
#: serverguide/C/network-auth.xml:2912(userinput)
17598
17646
#, no-wrap
17599
17647
msgid " addprinc steve/admin"
17600
17648
msgstr ""
17601
17649
17602
#: serverguide/C/network-auth.xml:2884(computeroutput)
17650
#: serverguide/C/network-auth.xml:2913(computeroutput)
17603
17651
#, no-wrap
17604
17652
msgid ""
17605
17653
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
17610
17658
"kadmin.local:"
17611
17659
msgstr ""
17612
17660
17613
#: serverguide/C/network-auth.xml:2888(userinput)
17661
#: serverguide/C/network-auth.xml:2917(userinput)
17614
17662
#, no-wrap
17615
17663
msgid " quit"
17616
17664
msgstr ""
17617
17665
17618
#: serverguide/C/network-auth.xml:2891(para)
17666
#: serverguide/C/network-auth.xml:2920(para)
17619
17667
msgid ""
17620
17668
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
17621
17669
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
17627
17675
"rights."
17628
17676
msgstr ""
17629
17677
17630
#: serverguide/C/network-auth.xml:2901(para)
17678
#: serverguide/C/network-auth.xml:2930(para)
17631
17679
msgid ""
17632
17680
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
17633
17681
"your Realm and admin username."
17634
17682
msgstr ""
17635
17683
17636
#: serverguide/C/network-auth.xml:2909(para)
17684
#: serverguide/C/network-auth.xml:2938(para)
17637
17685
msgid ""
17638
17686
"Next, the new admin user needs to have the appropriate Access Control List "
17639
17687
"(ACL) permissions. The permissions are configured in the "
17640
17688
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
17641
17689
msgstr ""
17642
17690
17643
#: serverguide/C/network-auth.xml:2914(programlisting)
17691
#: serverguide/C/network-auth.xml:2943(programlisting)
17644
17692
#, no-wrap
17645
17693
msgid ""
17646
17694
"\n"
17647
17695
"steve/admin@EXAMPLE.COM *\n"
17648
17696
msgstr ""
17649
17697
17650
#: serverguide/C/network-auth.xml:2918(para)
17698
#: serverguide/C/network-auth.xml:2947(para)
17651
17699
msgid ""
17652
17700
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
17653
17701
"any operation on all principals in the realm. You can configure principals "
17656
17704
"<emphasis>kadm5.acl</emphasis> man page for details."
17657
17705
msgstr ""
17658
17706
17659
#: serverguide/C/network-auth.xml:2930(para)
17707
#: serverguide/C/network-auth.xml:2959(para)
17660
17708
msgid ""
17661
17709
"Now restart the <application>krb5-admin-server</application> for the new ACL "
17662
17710
"to take affect:"
17663
17711
msgstr ""
17664
17712
17665
#: serverguide/C/network-auth.xml:2935(command)
17713
#: serverguide/C/network-auth.xml:2961(command)
17666
17714
msgid "sudo service krb5-admin-server restart"
17667
17715
msgstr ""
17668
17716
17669
#: serverguide/C/network-auth.xml:2941(para)
17717
#: serverguide/C/network-auth.xml:2970(para)
17670
17718
msgid ""
17671
17719
"The new user principal can be tested using the <application>kinit "
17672
17720
"utility</application>:"
17673
17721
msgstr ""
17674
17722
17675
#: serverguide/C/network-auth.xml:2946(command)
17723
#: serverguide/C/network-auth.xml:2975(command)
17676
17724
msgid "kinit steve/admin"
17677
17725
msgstr ""
17678
17726
17679
#: serverguide/C/network-auth.xml:2947(computeroutput)
17727
#: serverguide/C/network-auth.xml:2976(computeroutput)
17680
17728
#, no-wrap
17681
17729
msgid "steve/admin@EXAMPLE.COM's Password:"
17682
17730
msgstr ""
17683
17731
17684
#: serverguide/C/network-auth.xml:2950(para)
17732
#: serverguide/C/network-auth.xml:2979(para)
17685
17733
msgid ""
17686
17734
"After entering the password, use the <application>klist</application> "
17687
17735
"utility to view information about the Ticket Granting Ticket (TGT):"
17688
17736
msgstr ""
17689
17737
17690
#: serverguide/C/network-auth.xml:2956(command) serverguide/C/network-auth.xml:3333(command)
17738
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
17691
17739
msgid "klist"
17692
17740
msgstr ""
17693
17741
17694
#: serverguide/C/network-auth.xml:2957(computeroutput)
17742
#: serverguide/C/network-auth.xml:2986(computeroutput)
17695
17743
#, no-wrap
17696
17744
msgid ""
17697
17745
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
17701
17749
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
17702
17750
msgstr ""
17703
17751
17704
#: serverguide/C/network-auth.xml:2964(para)
17752
#: serverguide/C/network-auth.xml:2993(para)
17705
17753
msgid ""
17706
17754
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
17707
17755
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
17710
17758
"For example:"
17711
17759
msgstr ""
17712
17760
17713
#: serverguide/C/network-auth.xml:2973(programlisting)
17761
#: serverguide/C/network-auth.xml:3002(programlisting)
17714
17762
#, no-wrap
17715
17763
msgid ""
17716
17764
"\n"
17717
17765
"192.168.0.1 kdc01.example.com kdc01\n"
17718
17766
msgstr ""
17719
17767
17720
#: serverguide/C/network-auth.xml:2977(para)
17768
#: serverguide/C/network-auth.xml:3006(para)
17721
17769
msgid ""
17722
17770
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
17723
17771
"This usually happens when you have a Kerberos realm encompassing different "
17724
17772
"networks separated by routers."
17725
17773
msgstr ""
17726
17774
17727
#: serverguide/C/network-auth.xml:2986(para)
17775
#: serverguide/C/network-auth.xml:3015(para)
17728
17776
msgid ""
17729
17777
"The best way to allow clients to automatically determine the KDC for the "
17730
17778
"Realm is using DNS SRV records. Add the following to "
17731
17779
"<filename>/etc/named/db.example.com</filename>:"
17732
17780
msgstr ""
17733
17781
17734
#: serverguide/C/network-auth.xml:2992(programlisting)
17782
#: serverguide/C/network-auth.xml:3021(programlisting)
17735
17783
#, no-wrap
17736
17784
msgid ""
17737
17785
"\n"
17743
17791
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
17744
17792
msgstr ""
17745
17793
17746
#: serverguide/C/network-auth.xml:3002(para)
17794
#: serverguide/C/network-auth.xml:3031(para)
17747
17795
msgid ""
17748
17796
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
17749
17797
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
17750
17798
"KDC."
17751
17799
msgstr ""
17752
17800
17753
#: serverguide/C/network-auth.xml:3008(para)
17801
#: serverguide/C/network-auth.xml:3037(para)
17754
17802
msgid ""
17755
17803
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
17756
17804
msgstr ""
17757
17805
17758
#: serverguide/C/network-auth.xml:3015(para)
17806
#: serverguide/C/network-auth.xml:3044(para)
17759
17807
msgid "Your new Kerberos Realm is now ready to authenticate clients."
17760
17808
msgstr ""
17761
17809
17762
#: serverguide/C/network-auth.xml:3022(title)
17810
#: serverguide/C/network-auth.xml:3051(title)
17763
17811
msgid "Secondary KDC"
17764
17812
msgstr ""
17765
17813
17766
#: serverguide/C/network-auth.xml:3024(para)
17814
#: serverguide/C/network-auth.xml:3053(para)
17767
17815
msgid ""
17768
17816
"Once you have one Key Distribution Center (KDC) on your network, it is good "
17769
17817
"practice to have a Secondary KDC in case the primary becomes unavailable. "
17772
17820
"of those networks."
17773
17821
msgstr ""
17774
17822
17775
#: serverguide/C/network-auth.xml:3035(para)
17823
#: serverguide/C/network-auth.xml:3064(para)
17776
17824
msgid ""
17777
17825
"First, install the packages, and when asked for the Kerberos and Admin "
17778
17826
"server names enter the name of the Primary KDC:"
17779
17827
msgstr ""
17780
17828
17781
#: serverguide/C/network-auth.xml:3046(para)
17829
#: serverguide/C/network-auth.xml:3075(para)
17782
17830
msgid ""
17783
17831
"Once you have the packages installed, create the Secondary KDC's host "
17784
17832
"principal. From a terminal prompt, enter:"
17785
17833
msgstr ""
17786
17834
17787
#: serverguide/C/network-auth.xml:3051(command)
17835
#: serverguide/C/network-auth.xml:3080(command)
17788
17836
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
17789
17837
msgstr ""
17790
17838
17791
#: serverguide/C/network-auth.xml:3055(para)
17839
#: serverguide/C/network-auth.xml:3084(para)
17792
17840
msgid ""
17793
17841
"After, issuing any <application>kadmin</application> commands you will be "
17794
17842
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
17795
17843
"password."
17796
17844
msgstr ""
17797
17845
17798
#: serverguide/C/network-auth.xml:3064(para)
17846
#: serverguide/C/network-auth.xml:3093(para)
17799
17847
msgid "Extract the <emphasis>keytab</emphasis> file:"
17800
17848
msgstr ""
17801
17849
17802
#: serverguide/C/network-auth.xml:3069(command)
17850
#: serverguide/C/network-auth.xml:3098(command)
17803
17851
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
17804
17852
msgstr ""
17805
17853
17806
#: serverguide/C/network-auth.xml:3075(para)
17854
#: serverguide/C/network-auth.xml:3104(para)
17807
17855
msgid ""
17808
17856
"There should now be a <filename>keytab.kdc02</filename> in the current "
17809
17857
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17810
17858
msgstr ""
17811
17859
17812
#: serverguide/C/network-auth.xml:3081(command)
17860
#: serverguide/C/network-auth.xml:3110(command)
17813
17861
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17814
17862
msgstr ""
17815
17863
17816
#: serverguide/C/network-auth.xml:3085(para)
17864
#: serverguide/C/network-auth.xml:3114(para)
17817
17865
msgid ""
17818
17866
"If the path to the <filename>keytab.kdc02</filename> file is different "
17819
17867
"adjust accordingly."
17820
17868
msgstr ""
17821
17869
17822
#: serverguide/C/network-auth.xml:3090(para)
17870
#: serverguide/C/network-auth.xml:3119(para)
17823
17871
msgid ""
17824
17872
"Also, you can list the principals in a Keytab file, which can be useful when "
17825
17873
"troubleshooting, using the <application>klist</application> utility:"
17826
17874
msgstr ""
17827
17875
17828
#: serverguide/C/network-auth.xml:3096(command)
17876
#: serverguide/C/network-auth.xml:3125(command)
17829
17877
msgid "sudo klist -k /etc/krb5.keytab"
17830
17878
msgstr ""
17831
17879
17832
#: serverguide/C/network-auth.xml:3099(para)
17880
#: serverguide/C/network-auth.xml:3128(para)
17833
17881
msgid ""
17834
17882
"The <application>-k</application> option indicates the file is a keytab file."
17835
17883
msgstr ""
17836
17884
17837
#: serverguide/C/network-auth.xml:3106(para)
17885
#: serverguide/C/network-auth.xml:3135(para)
17838
17886
msgid ""
17839
17887
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17840
17888
"that lists all KDCs for the Realm. For example, on both primary and "
17841
17889
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17842
17890
msgstr ""
17843
17891
17844
#: serverguide/C/network-auth.xml:3111(programlisting)
17892
#: serverguide/C/network-auth.xml:3140(programlisting)
17845
17893
#, no-wrap
17846
17894
msgid ""
17847
17895
"\n"
17849
17897
"host/kdc02.example.com@EXAMPLE.COM\n"
17850
17898
msgstr ""
17851
17899
17852
#: serverguide/C/network-auth.xml:3119(para)
17900
#: serverguide/C/network-auth.xml:3148(para)
17853
17901
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17854
17902
msgstr ""
17855
17903
17856
#: serverguide/C/network-auth.xml:3124(command)
17904
#: serverguide/C/network-auth.xml:3153(command)
17857
17905
msgid "sudo kdb5_util -s create"
17858
17906
msgstr ""
17859
17907
17860
#: serverguide/C/network-auth.xml:3130(para)
17908
#: serverguide/C/network-auth.xml:3159(para)
17861
17909
msgid ""
17862
17910
"Now start the <application>kpropd</application> daemon, which listens for "
17863
17911
"connections from the <application>kprop</application> utility. "
17864
17912
"<application>kprop</application> is used to transfer dump files:"
17865
17913
msgstr ""
17866
17914
17867
#: serverguide/C/network-auth.xml:3137(command)
17915
#: serverguide/C/network-auth.xml:3166(command)
17868
17916
msgid "sudo kpropd -S"
17869
17917
msgstr ""
17870
17918
17871
#: serverguide/C/network-auth.xml:3143(para)
17919
#: serverguide/C/network-auth.xml:3172(para)
17872
17920
msgid ""
17873
17921
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17874
17922
"of the principal database:"
17875
17923
msgstr ""
17876
17924
17877
#: serverguide/C/network-auth.xml:3148(command)
17925
#: serverguide/C/network-auth.xml:3177(command)
17878
17926
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17879
17927
msgstr ""
17880
17928
17881
#: serverguide/C/network-auth.xml:3154(para)
17929
#: serverguide/C/network-auth.xml:3183(para)
17882
17930
msgid ""
17883
17931
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17884
17932
"<filename>/etc/krb5.keytab</filename>:"
17885
17933
msgstr ""
17886
17934
17887
#: serverguide/C/network-auth.xml:3159(command)
17935
#: serverguide/C/network-auth.xml:3188(command)
17888
17936
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17889
17937
msgstr ""
17890
17938
17891
#: serverguide/C/network-auth.xml:3160(command)
17939
#: serverguide/C/network-auth.xml:3189(command)
17892
17940
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17893
17941
msgstr ""
17894
17942
17895
#: serverguide/C/network-auth.xml:3164(para)
17943
#: serverguide/C/network-auth.xml:3193(para)
17896
17944
msgid ""
17897
17945
"Make sure there is a <emphasis>host</emphasis> for "
17898
17946
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17899
17947
msgstr ""
17900
17948
17901
#: serverguide/C/network-auth.xml:3172(para)
17949
#: serverguide/C/network-auth.xml:3201(para)
17902
17950
msgid ""
17903
17951
"Using the <application>kprop</application> utility push the database to the "
17904
17952
"Secondary KDC:"
17905
17953
msgstr ""
17906
17954
17907
#: serverguide/C/network-auth.xml:3177(command)
17955
#: serverguide/C/network-auth.xml:3206(command)
17908
17956
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17909
17957
msgstr ""
17910
17958
17911
#: serverguide/C/network-auth.xml:3181(para)
17959
#: serverguide/C/network-auth.xml:3210(para)
17912
17960
msgid ""
17913
17961
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17914
17962
"worked. If there is an error message check "
17916
17964
"information."
17917
17965
msgstr ""
17918
17966
17919
#: serverguide/C/network-auth.xml:3187(para)
17967
#: serverguide/C/network-auth.xml:3216(para)
17920
17968
msgid ""
17921
17969
"You may also want to create a <application>cron</application> job to "
17922
17970
"periodically update the database on the Secondary KDC. For example, the "
17924
17972
"split to fit the format of this document):"
17925
17973
msgstr ""
17926
17974
17927
#: serverguide/C/network-auth.xml:3192(programlisting)
17975
#: serverguide/C/network-auth.xml:3221(programlisting)
17928
17976
#, no-wrap
17929
17977
msgid ""
17930
17978
"\n"
17933
17981
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
17934
17982
msgstr ""
17935
17983
17936
#: serverguide/C/network-auth.xml:3201(para)
17984
#: serverguide/C/network-auth.xml:3230(para)
17937
17985
msgid ""
17938
17986
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
17939
17987
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
17940
17988
msgstr ""
17941
17989
17942
#: serverguide/C/network-auth.xml:3207(command)
17990
#: serverguide/C/network-auth.xml:3236(command)
17943
17991
msgid "sudo kdb5_util stash"
17944
17992
msgstr ""
17945
17993
17946
#: serverguide/C/network-auth.xml:3213(para)
17994
#: serverguide/C/network-auth.xml:3242(para)
17947
17995
msgid ""
17948
17996
"Finally, start the <application>krb5-kdc</application> daemon on the "
17949
17997
"Secondary KDC:"
17950
17998
msgstr ""
17951
17999
17952
#: serverguide/C/network-auth.xml:3218(command) serverguide/C/network-auth.xml:3894(command)
18000
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
17953
18001
msgid "sudo service krb5-kdc start"
17954
18002
msgstr ""
17955
18003
17956
#: serverguide/C/network-auth.xml:3224(para)
18004
#: serverguide/C/network-auth.xml:3253(para)
17957
18005
msgid ""
17958
18006
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
17959
18007
"for the Realm. You can test this by stopping the <application>krb5-"
17964
18012
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
17965
18013
msgstr ""
17966
18014
17967
#: serverguide/C/network-auth.xml:3235(title)
18015
#: serverguide/C/network-auth.xml:3264(title)
17968
18016
msgid "Kerberos Linux Client"
17969
18017
msgstr ""
17970
18018
17971
#: serverguide/C/network-auth.xml:3237(para)
18019
#: serverguide/C/network-auth.xml:3266(para)
17972
18020
msgid ""
17973
18021
"This section covers configuring a Linux system as a "
17974
18022
"<application>Kerberos</application> client. This will allow access to any "
17975
18023
"kerberized services once a user has successfully logged into the system."
17976
18024
msgstr ""
17977
18025
17978
#: serverguide/C/network-auth.xml:3245(para)
18026
#: serverguide/C/network-auth.xml:3274(para)
17979
18027
msgid ""
17980
18028
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17981
18029
"user</application> and <application>libpam-krb5</application> packages are "
17984
18032
"prompt:"
17985
18033
msgstr ""
17986
18034
17987
#: serverguide/C/network-auth.xml:3252(command)
18035
#: serverguide/C/network-auth.xml:3281(command)
17988
18036
msgid ""
17989
18037
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17990
18038
msgstr ""
17991
18039
17992
#: serverguide/C/network-auth.xml:3255(para)
18040
#: serverguide/C/network-auth.xml:3284(para)
17993
18041
msgid ""
17994
18042
"The <application>auth-client-config</application> package allows simple "
17995
18043
"configuration of PAM for authentication from multiple sources, and the "
18000
18048
"be accessed off the network as well."
18001
18049
msgstr ""
18002
18050
18003
#: serverguide/C/network-auth.xml:3266(para)
18051
#: serverguide/C/network-auth.xml:3295(para)
18004
18052
msgid "To configure the client in a terminal enter:"
18005
18053
msgstr ""
18006
18054
18007
#: serverguide/C/network-auth.xml:3271(command)
18055
#: serverguide/C/network-auth.xml:3300(command)
18008
18056
msgid "sudo dpkg-reconfigure krb5-config"
18009
18057
msgstr ""
18010
18058
18011
#: serverguide/C/network-auth.xml:3274(para)
18059
#: serverguide/C/network-auth.xml:3303(para)
18012
18060
msgid ""
18013
18061
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
18014
18062
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
18016
18064
"Center (KDC) and Realm Administration server."
18017
18065
msgstr ""
18018
18066
18019
#: serverguide/C/network-auth.xml:3280(para)
18067
#: serverguide/C/network-auth.xml:3309(para)
18020
18068
msgid ""
18021
18069
"The <application>dpkg-reconfigure</application> adds entries to the "
18022
18070
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
18023
18071
"entries similar to the following:"
18024
18072
msgstr ""
18025
18073
18026
#: serverguide/C/network-auth.xml:3285(programlisting)
18074
#: serverguide/C/network-auth.xml:3311(programlisting)
18027
18075
#, no-wrap
18028
18076
msgid ""
18029
18077
"\n"
18037
18085
" }\n"
18038
18086
msgstr ""
18039
18087
18040
#: serverguide/C/network-auth.xml:3297(para)
18088
#: serverguide/C/network-auth.xml:3326(para)
18041
18089
msgid ""
18042
18090
"If you set the uid of each of your network-authenticated users to start at "
18043
18091
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
18045
18093
"> 5000:"
18046
18094
msgstr ""
18047
18095
18048
#: serverguide/C/network-auth.xml:3305(command)
18096
#: serverguide/C/network-auth.xml:3334(command)
18049
18097
msgid ""
18050
18098
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
18051
18099
"for i in common-auth common-session common-account common-password; do sudo "
18053
18101
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
18054
18102
msgstr ""
18055
18103
18056
#: serverguide/C/network-auth.xml:3312(para)
18104
#: serverguide/C/network-auth.xml:3341(para)
18057
18105
msgid ""
18058
18106
"This will avoid being asked for the (non-existent) Kerberos password of a "
18059
18107
"locally authenticated user when changing its password using "
18060
18108
"<command>passwd</command>."
18061
18109
msgstr ""
18062
18110
18063
#: serverguide/C/network-auth.xml:3319(para)
18111
#: serverguide/C/network-auth.xml:3348(para)
18064
18112
msgid ""
18065
18113
"You can test the configuration by requesting a ticket using the "
18066
18114
"<application>kinit</application> utility. For example:"
18067
18115
msgstr ""
18068
18116
18069
#: serverguide/C/network-auth.xml:3324(command)
18117
#: serverguide/C/network-auth.xml:3353(command)
18070
18118
msgid "kinit steve@EXAMPLE.COM"
18071
18119
msgstr ""
18072
18120
18073
#: serverguide/C/network-auth.xml:3325(computeroutput)
18121
#: serverguide/C/network-auth.xml:3354(computeroutput)
18074
18122
#, no-wrap
18075
18123
msgid "Password for steve@EXAMPLE.COM:"
18076
18124
msgstr ""
18077
18125
18078
#: serverguide/C/network-auth.xml:3328(para)
18126
#: serverguide/C/network-auth.xml:3357(para)
18079
18127
msgid ""
18080
18128
"When a ticket has been granted, the details can be viewed using "
18081
18129
"<application>klist</application>:"
18082
18130
msgstr ""
18083
18131
18084
#: serverguide/C/network-auth.xml:3334(computeroutput)
18132
#: serverguide/C/network-auth.xml:3363(computeroutput)
18085
18133
#, no-wrap
18086
18134
msgid ""
18087
18135
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
18096
18144
"klist: You have no tickets cached"
18097
18145
msgstr ""
18098
18146
18099
#: serverguide/C/network-auth.xml:3346(para)
18147
#: serverguide/C/network-auth.xml:3375(para)
18100
18148
msgid ""
18101
18149
"Next, use the <application>auth-client-config</application> to configure the "
18102
18150
"<application>libpam-krb5</application> module to request a ticket during "
18103
18151
"login:"
18104
18152
msgstr ""
18105
18153
18106
#: serverguide/C/network-auth.xml:3352(command)
18154
#: serverguide/C/network-auth.xml:3381(command)
18107
18155
msgid "sudo auth-client-config -a -p kerberos_example"
18108
18156
msgstr ""
18109
18157
18110
#: serverguide/C/network-auth.xml:3355(para)
18158
#: serverguide/C/network-auth.xml:3384(para)
18111
18159
msgid ""
18112
18160
"You will should now receive a ticket upon successful login authentication."
18113
18161
msgstr ""
18114
18162
18115
#: serverguide/C/network-auth.xml:3366(para)
18163
#: serverguide/C/network-auth.xml:3395(para)
18116
18164
msgid ""
18117
18165
"For more information on MIT's version of Kerberos, see the <ulink "
18118
18166
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
18119
18167
msgstr ""
18120
18168
18121
#: serverguide/C/network-auth.xml:3371(para)
18169
#: serverguide/C/network-auth.xml:3400(para)
18122
18170
msgid ""
18123
18171
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
18124
18172
"Kerberos</ulink> page has more details."
18125
18173
msgstr ""
18126
18174
18127
#: serverguide/C/network-auth.xml:3376(para)
18175
#: serverguide/C/network-auth.xml:3405(para)
18128
18176
msgid ""
18129
18177
"O'Reilly's <ulink "
18130
18178
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
18131
18179
"Guide</ulink> is a great reference when setting up Kerberos."
18132
18180
msgstr ""
18133
18181
18134
#: serverguide/C/network-auth.xml:3382(para)
18182
#: serverguide/C/network-auth.xml:3411(para)
18135
18183
msgid ""
18136
18184
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
18137
18185
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
18138
18186
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
18139
18187
msgstr ""
18140
18188
18141
#: serverguide/C/network-auth.xml:3394(title)
18189
#: serverguide/C/network-auth.xml:3423(title)
18142
18190
msgid "Kerberos and LDAP"
18143
18191
msgstr ""
18144
18192
18145
#: serverguide/C/network-auth.xml:3396(para)
18193
#: serverguide/C/network-auth.xml:3425(para)
18146
18194
msgid ""
18147
18195
"Most people will not use Kerberos by itself; once an user is authenticated "
18148
18196
"(Kerberos), we need to figure out what this user can do (authorization). And "
18149
18197
"that would be the job of programs such as <application>LDAP</application>."
18150
18198
msgstr ""
18151
18199
18152
#: serverguide/C/network-auth.xml:3403(para)
18200
#: serverguide/C/network-auth.xml:3432(para)
18153
18201
msgid ""
18154
18202
"Replicating a Kerberos principal database between two servers can be "
18155
18203
"complicated, and adds an additional user database to your network. "
18159
18207
"<application>OpenLDAP</application> for the principal database."
18160
18208
msgstr ""
18161
18209
18162
#: serverguide/C/network-auth.xml:3411(para)
18210
#: serverguide/C/network-auth.xml:3440(para)
18163
18211
msgid ""
18164
18212
"The examples presented here assume <application>MIT Kerberos</application> "
18165
18213
"and <application>OpenLDAP</application>."
18166
18214
msgstr ""
18167
18215
18168
#: serverguide/C/network-auth.xml:3419(title)
18216
#: serverguide/C/network-auth.xml:3448(title)
18169
18217
msgid "Configuring OpenLDAP"
18170
18218
msgstr ""
18171
18219
18172
#: serverguide/C/network-auth.xml:3421(para)
18220
#: serverguide/C/network-auth.xml:3450(para)
18173
18221
msgid ""
18174
18222
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
18175
18223
"<application>OpenLDAP</application> server that has network connectivity to "
18178
18226
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
18179
18227
msgstr ""
18180
18228
18181
#: serverguide/C/network-auth.xml:3427(para)
18229
#: serverguide/C/network-auth.xml:3456(para)
18182
18230
msgid ""
18183
18231
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
18184
18232
"that traffic between the KDC and LDAP server is encrypted. See <xref "
18185
18233
"linkend=\"openldap-tls\"/> for details."
18186
18234
msgstr ""
18187
18235
18188
#: serverguide/C/network-auth.xml:3433(para)
18236
#: serverguide/C/network-auth.xml:3462(para)
18189
18237
msgid ""
18190
18238
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
18191
18239
"edit the ldap database. Many times it is the RootDN. Change its value to "
18192
18240
"reflect your setup."
18193
18241
msgstr ""
18194
18242
18195
#: serverguide/C/network-auth.xml:3442(para)
18243
#: serverguide/C/network-auth.xml:3471(para)
18196
18244
msgid ""
18197
18245
"To load the schema into LDAP, on the LDAP server install the "
18198
18246
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
18199
18247
msgstr ""
18200
18248
18201
#: serverguide/C/network-auth.xml:3448(command)
18249
#: serverguide/C/network-auth.xml:3477(command)
18202
18250
msgid "sudo apt-get install krb5-kdc-ldap"
18203
18251
msgstr ""
18204
18252
18205
#: serverguide/C/network-auth.xml:3453(para)
18253
#: serverguide/C/network-auth.xml:3482(para)
18206
18254
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
18207
18255
msgstr ""
18208
18256
18209
#: serverguide/C/network-auth.xml:3458(command)
18257
#: serverguide/C/network-auth.xml:3487(command)
18210
18258
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
18211
18259
msgstr ""
18212
18260
18213
#: serverguide/C/network-auth.xml:3459(command)
18261
#: serverguide/C/network-auth.xml:3488(command)
18214
18262
msgid ""
18215
18263
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
18216
18264
msgstr ""
18217
18265
18218
#: serverguide/C/network-auth.xml:3465(para)
18266
#: serverguide/C/network-auth.xml:3494(para)
18219
18267
msgid ""
18220
18268
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
18221
18269
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
18223
18271
"linkend=\"openldap-configuration\"/>."
18224
18272
msgstr ""
18225
18273
18226
#: serverguide/C/network-auth.xml:3473(para)
18274
#: serverguide/C/network-auth.xml:3502(para)
18227
18275
msgid ""
18228
18276
"First, create a configuration file named "
18229
18277
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
18230
18278
"containing the following lines:"
18231
18279
msgstr ""
18232
18280
18233
#: serverguide/C/network-auth.xml:3478(programlisting)
18281
#: serverguide/C/network-auth.xml:3507(programlisting)
18234
18282
#, no-wrap
18235
18283
msgid ""
18236
18284
"\n"
18249
18297
"include /etc/ldap/schema/kerberos.schema\n"
18250
18298
msgstr ""
18251
18299
18252
#: serverguide/C/network-auth.xml:3498(para)
18300
#: serverguide/C/network-auth.xml:3527(para)
18253
18301
msgid "Create a temporary directory to hold the LDIF files:"
18254
18302
msgstr ""
18255
18303
18256
#: serverguide/C/network-auth.xml:3502(command)
18304
#: serverguide/C/network-auth.xml:3531(command)
18257
18305
msgid "mkdir /tmp/ldif_output"
18258
18306
msgstr ""
18259
18307
18260
#: serverguide/C/network-auth.xml:3508(para)
18308
#: serverguide/C/network-auth.xml:3537(para)
18261
18309
msgid ""
18262
18310
"Now use <application>slapcat</application> to convert the schema files:"
18263
18311
msgstr ""
18264
18312
18265
#: serverguide/C/network-auth.xml:3513(command)
18313
#: serverguide/C/network-auth.xml:3542(command)
18266
18314
msgid ""
18267
18315
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
18268
18316
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
18269
18317
msgstr ""
18270
18318
18271
#: serverguide/C/network-auth.xml:3517(para)
18319
#: serverguide/C/network-auth.xml:3546(para)
18272
18320
msgid ""
18273
18321
"Change the above file and path names to match your own if they are different."
18274
18322
msgstr ""
18275
18323
18276
#: serverguide/C/network-auth.xml:3524(para)
18324
#: serverguide/C/network-auth.xml:3553(para)
18277
18325
msgid ""
18278
18326
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
18279
18327
"changing the following attributes:"
18280
18328
msgstr ""
18281
18329
18282
#: serverguide/C/network-auth.xml:3528(programlisting)
18330
#: serverguide/C/network-auth.xml:3557(programlisting)
18283
18331
#, no-wrap
18284
18332
msgid ""
18285
18333
"\n"
18288
18336
"cn: kerberos\n"
18289
18337
msgstr ""
18290
18338
18291
#: serverguide/C/network-auth.xml:3534(para)
18339
#: serverguide/C/network-auth.xml:3563(para)
18292
18340
msgid "And remove the following lines from the end of the file:"
18293
18341
msgstr ""
18294
18342
18295
#: serverguide/C/network-auth.xml:3538(programlisting)
18343
#: serverguide/C/network-auth.xml:3567(programlisting)
18296
18344
#, no-wrap
18297
18345
msgid ""
18298
18346
"\n"
18305
18353
"modifyTimestamp: 20090111203515Z\n"
18306
18354
msgstr ""
18307
18355
18308
#: serverguide/C/network-auth.xml:3548(para)
18356
#: serverguide/C/network-auth.xml:3577(para)
18309
18357
msgid ""
18310
18358
"The attribute values will vary, just be sure the attributes are removed."
18311
18359
msgstr ""
18312
18360
18313
#: serverguide/C/network-auth.xml:3555(para)
18361
#: serverguide/C/network-auth.xml:3584(para)
18314
18362
msgid "Load the new schema with <application>ldapadd</application>:"
18315
18363
msgstr ""
18316
18364
18317
#: serverguide/C/network-auth.xml:3560(command)
18365
#: serverguide/C/network-auth.xml:3589(command)
18318
18366
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
18319
18367
msgstr ""
18320
18368
18321
#: serverguide/C/network-auth.xml:3566(para)
18369
#: serverguide/C/network-auth.xml:3595(para)
18322
18370
msgid ""
18323
18371
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
18324
18372
msgstr ""
18325
18373
18326
#: serverguide/C/network-auth.xml:3571(command) serverguide/C/network-auth.xml:3588(command)
18374
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
18327
18375
msgid "ldapmodify -x -D cn=admin,cn=config -W"
18328
18376
msgstr ""
18329
18377
18330
#: serverguide/C/network-auth.xml:3573(userinput)
18378
#: serverguide/C/network-auth.xml:3602(userinput)
18331
18379
#, no-wrap
18332
18380
msgid ""
18333
18381
"dn: olcDatabase={1}hdb,cn=config\n"
18335
18383
"olcDbIndex: krbPrincipalName eq,pres,sub"
18336
18384
msgstr ""
18337
18385
18338
#: serverguide/C/network-auth.xml:3572(computeroutput)
18386
#: serverguide/C/network-auth.xml:3601(computeroutput)
18339
18387
#, no-wrap
18340
18388
msgid ""
18341
18389
"Enter LDAP Password:\n"
18344
18392
"modifying entry \"olcDatabase={1}hdb,cn=config\""
18345
18393
msgstr ""
18346
18394
18347
#: serverguide/C/network-auth.xml:3583(para)
18395
#: serverguide/C/network-auth.xml:3612(para)
18348
18396
msgid "Finally, update the Access Control Lists (ACL):"
18349
18397
msgstr ""
18350
18398
18351
#: serverguide/C/network-auth.xml:3590(userinput)
18399
#: serverguide/C/network-auth.xml:3619(userinput)
18352
18400
#, no-wrap
18353
18401
msgid ""
18354
18402
"dn: olcDatabase={1}hdb,cn=config\n"
18364
18412
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
18365
18413
msgstr ""
18366
18414
18367
#: serverguide/C/network-auth.xml:3589(computeroutput)
18415
#: serverguide/C/network-auth.xml:3618(computeroutput)
18368
18416
#, no-wrap
18369
18417
msgid ""
18370
18418
"Enter LDAP Password: \n"
18373
18421
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
18374
18422
msgstr ""
18375
18423
18376
#: serverguide/C/network-auth.xml:3610(para)
18424
#: serverguide/C/network-auth.xml:3639(para)
18377
18425
msgid ""
18378
18426
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
18379
18427
"database."
18380
18428
msgstr ""
18381
18429
18382
#: serverguide/C/network-auth.xml:3616(title)
18430
#: serverguide/C/network-auth.xml:3645(title)
18383
18431
msgid "Primary KDC Configuration"
18384
18432
msgstr ""
18385
18433
18386
#: serverguide/C/network-auth.xml:3618(para)
18434
#: serverguide/C/network-auth.xml:3647(para)
18387
18435
msgid ""
18388
18436
"With <application>OpenLDAP</application> configured it is time to configure "
18389
18437
"the KDC."
18390
18438
msgstr ""
18391
18439
18392
#: serverguide/C/network-auth.xml:3624(para)
18440
#: serverguide/C/network-auth.xml:3653(para)
18393
18441
msgid "First, install the necessary packages, from a terminal enter:"
18394
18442
msgstr ""
18395
18443
18396
#: serverguide/C/network-auth.xml:3629(command) serverguide/C/network-auth.xml:3788(command)
18444
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
18397
18445
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
18398
18446
msgstr ""
18399
18447
18400
#: serverguide/C/network-auth.xml:3635(para)
18448
#: serverguide/C/network-auth.xml:3664(para)
18401
18449
msgid ""
18402
18450
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
18403
18451
"under the appropriate sections:"
18404
18452
msgstr ""
18405
18453
18406
#: serverguide/C/network-auth.xml:3639(programlisting)
18454
#: serverguide/C/network-auth.xml:3668(programlisting)
18407
18455
#, no-wrap
18408
18456
msgid ""
18409
18457
"\n"
18453
18501
" }\n"
18454
18502
msgstr ""
18455
18503
18456
#: serverguide/C/network-auth.xml:3684(para)
18504
#: serverguide/C/network-auth.xml:3713(para)
18457
18505
msgid ""
18458
18506
"Change <emphasis>example.com</emphasis>, "
18459
18507
"<emphasis>dc=example,dc=com</emphasis>, "
18462
18510
"object, and LDAP server for your network."
18463
18511
msgstr ""
18464
18512
18465
#: serverguide/C/network-auth.xml:3693(para)
18513
#: serverguide/C/network-auth.xml:3722(para)
18466
18514
msgid ""
18467
18515
"Next, use the <application>kdb5_ldap_util</application> utility to create "
18468
18516
"the realm:"
18469
18517
msgstr ""
18470
18518
18471
#: serverguide/C/network-auth.xml:3698(command)
18519
#: serverguide/C/network-auth.xml:3727(command)
18472
18520
msgid ""
18473
18521
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
18474
18522
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
18475
18523
msgstr ""
18476
18524
18477
#: serverguide/C/network-auth.xml:3705(para)
18525
#: serverguide/C/network-auth.xml:3734(para)
18478
18526
msgid ""
18479
18527
"Create a stash of the password used to bind to the LDAP server. This "
18480
18528
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
18482
18530
"<filename>/etc/krb5.conf</filename>:"
18483
18531
msgstr ""
18484
18532
18485
#: serverguide/C/network-auth.xml:3711(command) serverguide/C/network-auth.xml:3850(command)
18533
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
18486
18534
msgid ""
18487
18535
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
18488
18536
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
18489
18537
msgstr ""
18490
18538
18491
#: serverguide/C/network-auth.xml:3718(para)
18539
#: serverguide/C/network-auth.xml:3747(para)
18492
18540
msgid "Copy the CA certificate from the LDAP server:"
18493
18541
msgstr ""
18494
18542
18495
#: serverguide/C/network-auth.xml:3723(command)
18543
#: serverguide/C/network-auth.xml:3752(command)
18496
18544
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
18497
18545
msgstr ""
18498
18546
18499
#: serverguide/C/network-auth.xml:3724(command)
18547
#: serverguide/C/network-auth.xml:3753(command)
18500
18548
msgid "sudo cp cacert.pem /etc/ssl/certs"
18501
18549
msgstr ""
18502
18550
18503
#: serverguide/C/network-auth.xml:3727(para)
18551
#: serverguide/C/network-auth.xml:3756(para)
18504
18552
msgid ""
18505
18553
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
18506
18554
msgstr ""
18507
18555
18508
#: serverguide/C/network-auth.xml:3731(programlisting)
18556
#: serverguide/C/network-auth.xml:3760(programlisting)
18509
18557
#, no-wrap
18510
18558
msgid ""
18511
18559
"\n"
18512
18560
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
18513
18561
msgstr ""
18514
18562
18515
#: serverguide/C/network-auth.xml:3736(para)
18563
#: serverguide/C/network-auth.xml:3765(para)
18516
18564
msgid ""
18517
18565
"The certificate will also need to be copied to the Secondary KDC, to allow "
18518
18566
"the connection to the LDAP servers using LDAPS."
18519
18567
msgstr ""
18520
18568
18521
#: serverguide/C/network-auth.xml:3745(para)
18569
#: serverguide/C/network-auth.xml:3774(para)
18522
18570
msgid ""
18523
18571
"You can now add Kerberos principals to the LDAP database, and they will be "
18524
18572
"copied to any other LDAP servers configured for replication. To add a "
18525
18573
"principal using the <application>kadmin.local</application> utility enter:"
18526
18574
msgstr ""
18527
18575
18528
#: serverguide/C/network-auth.xml:3753(userinput)
18576
#: serverguide/C/network-auth.xml:3782(userinput)
18529
18577
#, no-wrap
18530
18578
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
18531
18579
msgstr ""
18532
18580
18533
#: serverguide/C/network-auth.xml:3752(computeroutput)
18581
#: serverguide/C/network-auth.xml:3781(computeroutput)
18534
18582
#, no-wrap
18535
18583
msgid ""
18536
18584
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
18541
18589
"Principal \"steve@EXAMPLE.COM\" created."
18542
18590
msgstr ""
18543
18591
18544
#: serverguide/C/network-auth.xml:3760(para)
18592
#: serverguide/C/network-auth.xml:3789(para)
18545
18593
msgid ""
18546
18594
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
18547
18595
"krbExtraData attributes added to the "
18550
18598
"utilities to test that the user is indeed issued a ticket."
18551
18599
msgstr ""
18552
18600
18553
#: serverguide/C/network-auth.xml:3767(para)
18601
#: serverguide/C/network-auth.xml:3796(para)
18554
18602
msgid ""
18555
18603
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
18556
18604
"option is needed to add the Kerberos attributes. Otherwise a new "
18557
18605
"<emphasis>principal</emphasis> object will be created in the realm subtree."
18558
18606
msgstr ""
18559
18607
18560
#: serverguide/C/network-auth.xml:3775(title)
18608
#: serverguide/C/network-auth.xml:3804(title)
18561
18609
msgid "Secondary KDC Configuration"
18562
18610
msgstr ""
18563
18611
18564
#: serverguide/C/network-auth.xml:3777(para)
18612
#: serverguide/C/network-auth.xml:3806(para)
18565
18613
msgid ""
18566
18614
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
18567
18615
"one using the normal Kerberos database."
18568
18616
msgstr ""
18569
18617
18570
#: serverguide/C/network-auth.xml:3783(para)
18618
#: serverguide/C/network-auth.xml:3812(para)
18571
18619
msgid "First, install the necessary packages. In a terminal enter:"
18572
18620
msgstr ""
18573
18621
18574
#: serverguide/C/network-auth.xml:3794(para)
18622
#: serverguide/C/network-auth.xml:3823(para)
18575
18623
msgid ""
18576
18624
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
18577
18625
msgstr ""
18578
18626
18579
#: serverguide/C/network-auth.xml:3798(programlisting)
18627
#: serverguide/C/network-auth.xml:3827(programlisting)
18580
18628
#, no-wrap
18581
18629
msgid ""
18582
18630
"\n"
18625
18673
" }\n"
18626
18674
msgstr ""
18627
18675
18628
#: serverguide/C/network-auth.xml:3845(para)
18676
#: serverguide/C/network-auth.xml:3874(para)
18629
18677
msgid "Create the stash for the LDAP bind password:"
18630
18678
msgstr ""
18631
18679
18632
#: serverguide/C/network-auth.xml:3857(para)
18680
#: serverguide/C/network-auth.xml:3886(para)
18633
18681
msgid ""
18634
18682
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
18635
18683
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
18638
18686
"media."
18639
18687
msgstr ""
18640
18688
18641
#: serverguide/C/network-auth.xml:3864(command)
18689
#: serverguide/C/network-auth.xml:3893(command)
18642
18690
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
18643
18691
msgstr ""
18644
18692
18645
#: serverguide/C/network-auth.xml:3865(command)
18693
#: serverguide/C/network-auth.xml:3894(command)
18646
18694
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
18647
18695
msgstr ""
18648
18696
18649
#: serverguide/C/network-auth.xml:3869(para)
18697
#: serverguide/C/network-auth.xml:3898(para)
18650
18698
msgid ""
18651
18699
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
18652
18700
msgstr ""
18653
18701
18654
#: serverguide/C/network-auth.xml:3877(para)
18702
#: serverguide/C/network-auth.xml:3906(para)
18655
18703
msgid ""
18656
18704
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
18657
18705
"only,"
18658
18706
msgstr ""
18659
18707
18660
#: serverguide/C/network-auth.xml:3889(para)
18708
#: serverguide/C/network-auth.xml:3918(para)
18661
18709
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
18662
18710
msgstr ""
18663
18711
18664
#: serverguide/C/network-auth.xml:3900(para)
18712
#: serverguide/C/network-auth.xml:3929(para)
18665
18713
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
18666
18714
msgstr ""
18667
18715
18668
#: serverguide/C/network-auth.xml:3907(para)
18716
#: serverguide/C/network-auth.xml:3936(para)
18669
18717
msgid ""
18670
18718
"You now have redundant KDCs on your network, and with redundant LDAP servers "
18671
18719
"you should be able to continue to authenticate users if one LDAP server, one "
18672
18720
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
18673
18721
msgstr ""
18674
18722
18675
#: serverguide/C/network-auth.xml:3919(para)
18723
#: serverguide/C/network-auth.xml:3948(para)
18676
18724
msgid ""
18677
18725
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18678
18726
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
18679
18727
"Guide</ulink> has some additional details."
18680
18728
msgstr ""
18681
18729
18682
#: serverguide/C/network-auth.xml:3925(para)
18730
#: serverguide/C/network-auth.xml:3951(para)
18683
18731
msgid ""
18684
18732
"For more information on <application>kdb5_ldap_util</application> see <ulink "
18685
18733
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18689
18737
"l\">kdb5_ldap_util man page</ulink>."
18690
18738
msgstr ""
18691
18739
18692
#: serverguide/C/network-auth.xml:3933(para)
18740
#: serverguide/C/network-auth.xml:3959(para)
18693
18741
msgid ""
18694
18742
"Another useful link is the <ulink "
18695
18743
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
18696
18744
"rb5.conf man page</ulink>."
18697
18745
msgstr ""
18698
18746
18699
#: serverguide/C/network-auth.xml:3938(para)
18747
#: serverguide/C/network-auth.xml:3967(para)
18700
18748
msgid ""
18701
18749
"Also, see the <ulink "
18702
18750
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
18703
18751
"and LDAP</ulink> Ubuntu wiki page."
18704
18752
msgstr ""
18705
18753
18754
#: serverguide/C/network-auth.xml:3973(title)
18755
msgid "SSSD and Active Directory"
18756
msgstr ""
18757
18758
#: serverguide/C/network-auth.xml:3974(para)
18759
msgid ""
18760
"This section describes the use of sssd to authenticate user logins against "
18761
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
18762
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
18763
"However, when authenticating against a Microsoft Windows AD Domain "
18764
"Controller, it was generally necessary to install the POSIX AD extensions on "
18765
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
18766
"requires no modifications to the AD structure."
18767
msgstr ""
18768
18769
#: serverguide/C/network-auth.xml:3978(title)
18770
msgid "Prerequisites, Assumptions, and Requirements"
18771
msgstr ""
18772
18773
#: serverguide/C/network-auth.xml:3981(para)
18774
msgid ""
18775
"This guide does not explain Active Directory, how it works, how to set one "
18776
"up, or how to maintain it. It may not provide “best practices” for your "
18777
"environment."
18778
msgstr ""
18779
18780
#: serverguide/C/network-auth.xml:3983(para)
18781
msgid ""
18782
"This guide assumes that a working Active Directory domain is already "
18783
"configured."
18784
msgstr ""
18785
18786
#: serverguide/C/network-auth.xml:3985(para)
18787
msgid ""
18788
"The domain controller is acting as an authoritative DNS server for the "
18789
"domain."
18790
msgstr ""
18791
18792
#: serverguide/C/network-auth.xml:3987(para)
18793
msgid ""
18794
"The domain controller is the primary DNS resolver as specified in "
18795
"<filename>/etc/resolv.conf</filename>."
18796
msgstr ""
18797
18798
#: serverguide/C/network-auth.xml:3990(para)
18799
msgid ""
18800
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
18801
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
18802
"(see Resources section for external links)."
18803
msgstr ""
18804
18805
#: serverguide/C/network-auth.xml:3992(para)
18806
msgid ""
18807
"System time is synchronized on the domain controller (necessary for "
18808
"Kerberos)."
18809
msgstr ""
18810
18811
#: serverguide/C/network-auth.xml:3994(para)
18812
msgid ""
18813
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
18814
"."
18815
msgstr ""
18816
18817
#: serverguide/C/network-auth.xml:3999(para)
18818
msgid ""
18819
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
18820
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18821
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
18822
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
18823
"controllers are needed for this step."
18824
msgstr ""
18825
18826
#: serverguide/C/network-auth.xml:4000(para)
18827
msgid "Install these packages now."
18828
msgstr ""
18829
18830
#: serverguide/C/network-auth.xml:4002(command)
18831
msgid "sudo apt-get install krb5-user samba sssd ntp"
18832
msgstr ""
18833
18834
#: serverguide/C/network-auth.xml:4003(para)
18835
msgid ""
18836
"See the next section for the answers to the questions asked by the "
18837
"<emphasis>krb5-user</emphasis> postinstall script."
18838
msgstr ""
18839
18840
#: serverguide/C/network-auth.xml:4006(title)
18841
msgid "Kerberos Configuration"
18842
msgstr ""
18843
18844
#: serverguide/C/network-auth.xml:4007(para)
18845
msgid ""
18846
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
18847
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
18848
"server (also the domain controller in this example.) This will write the "
18849
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
18850
"These sections may not be necessary if domain autodiscovery is working. If "
18851
"not, then both are needed."
18852
msgstr ""
18853
18854
#: serverguide/C/network-auth.xml:4008(para)
18855
msgid ""
18856
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
18857
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
18858
msgstr ""
18859
18860
#: serverguide/C/network-auth.xml:4011(para)
18861
msgid ""
18862
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
18863
"settings to specify Kerberos ticket lifetime (these values are safe to use "
18864
"as defaults):"
18865
msgstr ""
18866
18867
#: serverguide/C/network-auth.xml:4012(programlisting)
18868
#, no-wrap
18869
msgid ""
18870
"\n"
18871
"[libdefaults]\n"
18872
"\n"
18873
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
18874
"ticket_lifetime = 24h #\n"
18875
"renew_lifetime = 7d\n"
18876
"\t\t"
18877
msgstr ""
18878
18879
#: serverguide/C/network-auth.xml:4020(para)
18880
msgid ""
18881
"If default_realm is not specified, it may be necessary to log in with "
18882
"“username@domain” instead of “username”."
18883
msgstr ""
18884
18885
#: serverguide/C/network-auth.xml:4022(para)
18886
msgid ""
18887
"The system time on the Active Directory member needs to be consistent with "
18888
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
18889
"the domain controller server itself will provide the NTP service. Edit "
18890
"<filename>/etc/ntp.conf</filename>:"
18891
msgstr ""
18892
18893
#: serverguide/C/network-auth.xml:4024(programlisting)
18894
#, no-wrap
18895
msgid ""
18896
"\n"
18897
"server dc.myubuntu.example.com\n"
18898
msgstr ""
18899
18900
#: serverguide/C/network-auth.xml:4031(para)
18901
msgid ""
18902
"Samba will be used to perform netbios/nmbd services related to Active "
18903
"Directory authentication, even if no file shares are exported. Edit the file "
18904
"/etc/samba/smb.conf and add the following to the "
18905
"<emphasis>[global]</emphasis> section:"
18906
msgstr ""
18907
18908
#: serverguide/C/network-auth.xml:4033(programlisting)
18909
#, no-wrap
18910
msgid ""
18911
"\n"
18912
"[global]\n"
18913
"\n"
18914
"workgroup = MYUBUNTU\n"
18915
"client signing = yes\n"
18916
"client use spnego = yes\n"
18917
"kerberos method = secrets and keytab\n"
18918
"realm = MYUBUNTU.EXAMPLE.COM\n"
18919
"security = ads\n"
18920
msgstr ""
18921
18922
#: serverguide/C/network-auth.xml:4044(para)
18923
msgid ""
18924
"Some guides specify that \"password server\" should be specified and pointed "
18925
"to the domain controller. This is only necessary if DNS is not properly set "
18926
"up to find the DC. By default, Samba will display a warning if \"password "
18927
"server\" is specified with \"security = ads\"."
18928
msgstr ""
18929
18930
#: serverguide/C/network-auth.xml:4049(title)
18931
msgid "SSSD Configuration"
18932
msgstr ""
18933
18934
#: serverguide/C/network-auth.xml:4051(para)
18935
msgid ""
18936
"There is no default/example config file for "
18937
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
18938
"necessary to create one. This is a minimal working config file:"
18939
msgstr ""
18940
18941
#: serverguide/C/network-auth.xml:4053(programlisting)
18942
#, no-wrap
18943
msgid ""
18944
"\n"
18945
"[sssd]\n"
18946
"services = nss, pam\n"
18947
"config_file_version = 2\n"
18948
"domains = MYUBUNTU.EXAMPLE.COM\n"
18949
"\n"
18950
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
18951
"id_provider = ad\n"
18952
"access_provider = ad\n"
18953
"\n"
18954
"# Use this if users are being logged in at /.\n"
18955
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
18956
"pam_mkhomedir.so\n"
18957
"override_homedir = /home/%d/%u\n"
18958
"\n"
18959
"# Uncomment if the client machine hostname doesn't match the computer object "
18960
"on the DC.\n"
18961
"# ad_hostname = mymachine.myubuntu.example.com\n"
18962
"\n"
18963
"# Uncomment if DNS SRV resolution is not working\n"
18964
"# ad_server = dc.mydomain.example.com\n"
18965
"\n"
18966
"# Uncomment if the AD domain is named differently than the Samba domain\n"
18967
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
18968
"\n"
18969
"# Enumeration is discouraged for performance reasons.\n"
18970
"# enumerate = true\n"
18971
msgstr ""
18972
18973
#: serverguide/C/network-auth.xml:4080(para)
18974
msgid ""
18975
"After saving this file, set the ownership to root and the file permissions "
18976
"to 600:"
18977
msgstr ""
18978
18979
#: serverguide/C/network-auth.xml:4081(command)
18980
msgid "sudo chown root:root /etc/sssd/sssd.conf"
18981
msgstr ""
18982
18983
#: serverguide/C/network-auth.xml:4082(command)
18984
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
18985
msgstr ""
18986
18987
#: serverguide/C/network-auth.xml:4084(para)
18988
msgid ""
18989
"If the ownership or permissions are not correct, sssd will refuse to start."
18990
msgstr ""
18991
18992
#: serverguide/C/network-auth.xml:4088(title)
18993
msgid "Verify nsswitch.conf Configuration"
18994
msgstr ""
18995
18996
#: serverguide/C/network-auth.xml:4089(para)
18997
msgid ""
18998
"The post-install script for the sssd package makes some modifications to "
18999
"/etc/nsswitch.conf automatically. It should look something like this:"
19000
msgstr ""
19001
19002
#: serverguide/C/network-auth.xml:4091(programlisting)
19003
#, no-wrap
19004
msgid ""
19005
"\n"
19006
"passwd: compat sss\n"
19007
"group: compat sss\n"
19008
"...\n"
19009
"netgroup: nis sss\n"
19010
"sudoers: files sss\n"
19011
msgstr ""
19012
19013
#: serverguide/C/network-auth.xml:4101(title)
19014
msgid "Modify /etc/hosts"
19015
msgstr ""
19016
19017
#: serverguide/C/network-auth.xml:4102(para)
19018
msgid ""
19019
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
19020
"example:"
19021
msgstr ""
19022
19023
#: serverguide/C/network-auth.xml:4103(programlisting)
19024
#, no-wrap
19025
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
19026
msgstr ""
19027
19028
#: serverguide/C/network-auth.xml:4105(para)
19029
msgid "This is useful in conjunction with dynamic DNS updates."
19030
msgstr ""
19031
19032
#: serverguide/C/network-auth.xml:4109(title)
19033
msgid "Join the Active Directory"
19034
msgstr ""
19035
19036
#: serverguide/C/network-auth.xml:4110(para)
19037
msgid "Now, restart ntp and samba and start sssd."
19038
msgstr ""
19039
19040
#: serverguide/C/virtualization.xml:2208(command)
19041
msgid "sudo service ntp restart"
19042
msgstr ""
19043
19044
#: serverguide/C/network-auth.xml:4114(command)
19045
msgid "sudo start sssd"
19046
msgstr ""
19047
19048
#: serverguide/C/network-auth.xml:4116(para)
19049
msgid "Test the configuration by obtaining a Kerberos ticket:"
19050
msgstr ""
19051
19052
#: serverguide/C/network-auth.xml:4118(command)
19053
msgid "sudo kinit Administrator"
19054
msgstr ""
19055
19056
#: serverguide/C/network-auth.xml:4120(para)
19057
msgid "Verify the ticket with:"
19058
msgstr ""
19059
19060
#: serverguide/C/network-auth.xml:4121(command)
19061
msgid "sudo klist"
19062
msgstr ""
19063
19064
#: serverguide/C/network-auth.xml:4123(para)
19065
msgid ""
19066
"If there is a ticket with an expiration date listed, then it is time to join "
19067
"the domain:"
19068
msgstr ""
19069
19070
#: serverguide/C/network-auth.xml:4125(command)
19071
msgid "sudo net ads join -k"
19072
msgstr ""
19073
19074
#: serverguide/C/network-auth.xml:4127(para)
19075
msgid ""
19076
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
19077
"probably means that there is no (correct) alias in "
19078
"<filename>/etc/hosts</filename>, and the system could not provide its own "
19079
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
19080
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
19081
"\"Modify /etc/hosts\" above."
19082
msgstr ""
19083
19084
#: serverguide/C/network-auth.xml:4129(para)
19085
msgid ""
19086
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
19087
"something is incorrect. Review the prior steps before proceeding)."
19088
msgstr ""
19089
19090
#: serverguide/C/network-auth.xml:4131(para)
19091
msgid ""
19092
"Here are a couple of (optional) checks to verify that the domain join was "
19093
"successful. Note that if the domain was successfully joined but one or both "
19094
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
19095
"Some of the changes appear to be asynchronous."
19096
msgstr ""
19097
19098
#: serverguide/C/network-auth.xml:4133(para)
19099
msgid "Verification option #1:"
19100
msgstr ""
19101
19102
#: serverguide/C/network-auth.xml:4134(para)
19103
msgid ""
19104
"Check the default Organizational Unit for computer accounts in the Active "
19105
"Directory to verify that the computer account was created. (Organizational "
19106
"Units in Active Directory is a topic outside the scope of this guide)."
19107
msgstr ""
19108
19109
#: serverguide/C/network-auth.xml:4136(para)
19110
msgid "Verification option #2"
19111
msgstr ""
19112
19113
#: serverguide/C/network-auth.xml:4137(para)
19114
msgid "Execute this command for a specific AD user (e.g. administrator)"
19115
msgstr ""
19116
19117
#: serverguide/C/network-auth.xml:4138(command)
19118
msgid "getent passwd username"
19119
msgstr ""
19120
19121
#: serverguide/C/network-auth.xml:4140(para)
19122
msgid ""
19123
"If <emphasis>enumerate = true</emphasis> is set in "
19124
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
19125
"username argument will list all domain users. This may be useful for "
19126
"testing, but is slow and not recommended for production."
19127
msgstr ""
19128
19129
#: serverguide/C/network-auth.xml:4144(title)
19130
msgid "Test Authentication"
19131
msgstr ""
19132
19133
#: serverguide/C/network-auth.xml:4145(para)
19134
msgid ""
19135
"It should now be possible to authenticate using an Active Directory User's "
19136
"credentials:"
19137
msgstr ""
19138
19139
#: serverguide/C/network-auth.xml:4147(command)
19140
msgid "su - username"
19141
msgstr ""
19142
19143
#: serverguide/C/network-auth.xml:4149(para)
19144
msgid ""
19145
"If this works, then other login methods (getty, ssh) should also work."
19146
msgstr ""
19147
19148
#: serverguide/C/network-auth.xml:4151(para)
19149
msgid ""
19150
"If the computer account was created, indicating that the system was "
19151
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
19152
"helpful to review <filename>/etc/pam.d</filename> and "
19153
"<filename>nssswitch.conf</filename> as well as the file changes described "
19154
"earlier in this guide."
19155
msgstr ""
19156
19157
#: serverguide/C/network-auth.xml:4155(title)
19158
msgid "Home directories with pam_mkhomedir (optional)"
19159
msgstr ""
19160
19161
#: serverguide/C/network-auth.xml:4156(para)
19162
msgid ""
19163
"When logging in using an Active Directory user account, it is likely that "
19164
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
19165
"will create the user’s home directory on login. Edit "
19166
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
19167
"after <emphasis>session required pam_unix.so:</emphasis>"
19168
msgstr ""
19169
19170
#: serverguide/C/network-auth.xml:4157(programlisting)
19171
#, no-wrap
19172
msgid ""
19173
"\n"
19174
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
19175
msgstr ""
19176
19177
#: serverguide/C/network-auth.xml:4161(para)
19178
msgid ""
19179
"This may also need <emphasis>override_homedir</emphasis> in "
19180
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
19181
"set."
19182
msgstr ""
19183
19184
#: serverguide/C/network-auth.xml:4165(title)
19185
msgid "Desktop Ubuntu Authentication"
19186
msgstr ""
19187
19188
#: serverguide/C/network-auth.xml:4166(para)
19189
msgid ""
19190
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
19191
"Directory accounts. The AD accounts will not show up in the pick list with "
19192
"local users, so lightdm will need to be modified. Edit the file "
19193
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
19194
"append the following two lines:"
19195
msgstr ""
19196
19197
#: serverguide/C/network-auth.xml:4168(programlisting)
19198
#, no-wrap
19199
msgid ""
19200
"\n"
19201
"greeter-show-manual-login=true\n"
19202
"greeter-hide-users=true\n"
19203
msgstr ""
19204
19205
#: serverguide/C/network-auth.xml:4173(para)
19206
msgid ""
19207
"Reboot to restart lightdm. It should now be possible to log in using a "
19208
"domain account using either <emphasis>username</emphasis> or "
19209
"<emphasis>username/username@domain</emphasis> format."
19210
msgstr ""
19211
19212
#: serverguide/C/network-auth.xml:4179(ulink)
19213
msgid "SSSD Project"
19214
msgstr ""
19215
19216
#: serverguide/C/network-auth.xml:4180(ulink)
19217
msgid "DNS Server Configuration guidelines"
19218
msgstr ""
19219
19220
#: serverguide/C/network-auth.xml:4181(ulink)
19221
msgid "Active Directory DNS Zone Entries"
19222
msgstr ""
19223
19224
#: serverguide/C/network-auth.xml:4182(ulink)
19225
msgid "Kerberos config options"
19226
msgstr ""
19227
18706
19228
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
18707
19229
msgid "Device Attributes"
18708
19230
msgstr ""
18711
19233
msgid "Attribute"
18712
19234
msgstr ""
18713
19235
18714
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
19236
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
18715
19237
msgid "Description"
18716
19238
msgstr ""
18717
19239
18845
19367
"levels are between 0 and 6. The default value is 2."
18846
19368
msgstr ""
18847
19369
18848
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
19370
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
18849
19371
msgid "path_selector"
18850
19372
msgstr ""
18851
19373
18880
19402
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
18881
19403
msgstr ""
18882
19404
18883
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
19405
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
18884
19406
msgid "path_grouping_policy"
18885
19407
msgstr ""
18886
19408
18923
19445
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
18924
19446
msgstr ""
18925
19447
18926
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
19448
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
18927
19449
msgid "getuid_callout"
18928
19450
msgstr ""
18929
19451
18939
19461
"path identifier. An absolute path is required. <placeholder-1/>"
18940
19462
msgstr ""
18941
19463
18942
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
19464
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
18943
19465
msgid "prio"
18944
19466
msgstr ""
18945
19467
18995
19517
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
18996
19518
msgstr ""
18997
19519
18998
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
19520
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
18999
19521
msgid "prio_args"
19000
19522
msgstr ""
19001
19523
19007
19529
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
19008
19530
msgstr ""
19009
19531
19010
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
19532
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
19011
19533
msgid "features"
19012
19534
msgstr ""
19013
19535
19015
19537
msgid "queue_if_no_path"
19016
19538
msgstr ""
19017
19539
19018
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
19540
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
19019
19541
msgid "no_path_retry"
19020
19542
msgstr ""
19021
19543
19035
19557
"feature, see Section, <placeholder-4/>."
19036
19558
msgstr ""
19037
19559
19038
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
19560
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
19039
19561
msgid "path_checker"
19040
19562
msgstr ""
19041
19563
19085
19607
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
19086
19608
msgstr ""
19087
19609
19088
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
19610
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
19089
19611
msgid "failback"
19090
19612
msgstr ""
19091
19613
19116
19638
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
19117
19639
msgstr ""
19118
19640
19119
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
19641
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
19120
19642
msgid "rr_min_io"
19121
19643
msgstr ""
19122
19644
19130
19652
"the next path in the current path group.<placeholder-1/>"
19131
19653
msgstr ""
19132
19654
19133
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
19655
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
19134
19656
msgid "rr_weight"
19135
19657
msgstr ""
19136
19658
19184
19706
msgid "alias"
19185
19707
msgstr ""
19186
19708
19187
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
19709
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
19188
19710
msgid "multipath"
19189
19711
msgstr ""
19190
19712
19221
19743
"devices when it is shut down. <placeholder-2/>"
19222
19744
msgstr ""
19223
19745
19224
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
19746
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
19225
19747
msgid "flush_on_last_del"
19226
19748
msgstr ""
19227
19749
19267
19789
"explicit timeout, in seconds. <placeholder-1/>"
19268
19790
msgstr ""
19269
19791
19270
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
19792
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
19271
19793
msgid "fast_io_fail_tmo"
19272
19794
msgstr ""
19273
19795
19283
19805
"this to off will disable the timeout. <placeholder-1/>"
19284
19806
msgstr ""
19285
19807
19286
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
19808
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
19287
19809
msgid "dev_loss_tmo"
19288
19810
msgstr ""
19289
19811
19970
20492
"来发送信息,最后一个将信息送到 <emphasis>邮件投递代理</emphasis> (MDA) "
19971
20493
"以便将其投递到接受者的收件箱中。该信息将会被接受者邮件客户端检索到,通常是通过 POP3 或 IMAP 服务器。"
19972
20494
19973
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1581(title)
20495
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
19974
20496
msgid "Postfix"
19975
20497
msgstr "Postfix"
19976
20498
20097
20619
"your Mail Delivery Agent (MDA) to use the same path."
20098
20620
msgstr ""
20099
20621
20100
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
20622
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
20101
20623
msgid "SMTP Authentication"
20102
20624
msgstr "SMTP 认证"
20103
20625
20248
20770
"tls_random_source = dev:/dev/urandom\n"
20249
20771
msgstr ""
20250
20772
20251
#: serverguide/C/mail.xml:229(para)
20773
#: serverguide/C/mail.xml:188(para)
20252
20774
msgid ""
20253
20775
"The postfix initial configuration is complete. Run the following command to "
20254
20776
"restart the postfix daemon:"
20255
20777
msgstr ""
20256
20778
20257
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1632(command)
20779
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1628(command)
20258
20780
msgid "sudo service postfix restart"
20259
20781
msgstr ""
20260
20782
20261
#: serverguide/C/mail.xml:238(para)
20783
#: serverguide/C/mail.xml:197(para)
20262
20784
msgid ""
20263
20785
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
20264
20786
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
20267
20789
"AUTH."
20268
20790
msgstr ""
20269
20791
20270
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
20792
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
20271
20793
msgid "Configuring SASL"
20272
20794
msgstr "配置 SASL"
20273
20795
20274
#: serverguide/C/mail.xml:249(para)
20796
#: serverguide/C/mail.xml:208(para)
20275
20797
msgid ""
20276
20798
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
20277
20799
"enable Dovecot SASL the <application>dovecot-common</application> package "
20278
20800
"will need to be installed. From a terminal prompt enter the following:"
20279
20801
msgstr ""
20280
20802
20281
#: serverguide/C/mail.xml:255(command)
20803
#: serverguide/C/mail.xml:214(command)
20282
20804
msgid "sudo apt-get install dovecot-common"
20283
20805
msgstr "sudo apt-get install dovecot-common"
20284
20806
20340
20862
"auth_mechanisms = plain login\n"
20341
20863
msgstr ""
20342
20864
20343
#: serverguide/C/mail.xml:298(para)
20865
#: serverguide/C/mail.xml:253(para)
20344
20866
msgid ""
20345
20867
"Once you have <application>Dovecot</application> configured restart it with:"
20346
20868
msgstr ""
20349
20871
msgid "sudo service dovecot restart"
20350
20872
msgstr ""
20351
20873
20352
#: serverguide/C/mail.xml:307(title)
20874
#: serverguide/C/mail.xml:262(title)
20353
20875
msgid "Mail-Stack Delivery"
20354
20876
msgstr ""
20355
20877
20356
#: serverguide/C/mail.xml:309(para)
20878
#: serverguide/C/mail.xml:264(para)
20357
20879
msgid ""
20358
20880
"Another option for configuring <application>Postfix</application> for SMTP-"
20359
20881
"AUTH is using the <application>mail-stack-delivery</application> package "
20364
20886
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
20365
20887
msgstr ""
20366
20888
20367
#: serverguide/C/mail.xml:319(para)
20889
#: serverguide/C/mail.xml:274(para)
20368
20890
msgid ""
20369
20891
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
20370
20892
"server. For example, if you are configuring your server to be a mail "
20372
20894
"the above commands to configure Postfix for SMTP-AUTH."
20373
20895
msgstr ""
20374
20896
20375
#: serverguide/C/mail.xml:326(para)
20897
#: serverguide/C/mail.xml:281(para)
20376
20898
msgid "To install the package, from a terminal prompt enter:"
20377
20899
msgstr ""
20378
20900
20379
#: serverguide/C/mail.xml:331(command)
20901
#: serverguide/C/mail.xml:286(command)
20380
20902
msgid "sudo apt-get install mail-stack-delivery"
20381
20903
msgstr ""
20382
20904
20383
#: serverguide/C/mail.xml:334(para)
20905
#: serverguide/C/mail.xml:289(para)
20384
20906
msgid ""
20385
20907
"You should now have a working mail server, but there are a few options that "
20386
20908
"you may wish to further customize. For example, the package uses the "
20390
20912
"for more details."
20391
20913
msgstr ""
20392
20914
20393
#: serverguide/C/mail.xml:340(para)
20915
#: serverguide/C/mail.xml:295(para)
20394
20916
msgid ""
20395
20917
"Once you have a customized certificate and key for the host, change the "
20396
20918
"following options in <filename>/etc/postfix/main.cf</filename>:"
20397
20919
msgstr ""
20398
20920
20399
#: serverguide/C/mail.xml:344(programlisting)
20921
#: serverguide/C/mail.xml:299(programlisting)
20400
20922
#, no-wrap
20401
20923
msgid ""
20402
20924
"\n"
20404
20926
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
20405
20927
msgstr ""
20406
20928
20407
#: serverguide/C/mail.xml:349(para)
20929
#: serverguide/C/mail.xml:304(para)
20408
20930
msgid "Then restart Postfix:"
20409
20931
msgstr ""
20410
20932
20411
#: serverguide/C/mail.xml:360(para)
20933
#: serverguide/C/mail.xml:315(para)
20412
20934
msgid ""
20413
20935
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
20414
20936
msgstr ""
20415
20937
20416
#: serverguide/C/mail.xml:363(para)
20938
#: serverguide/C/mail.xml:318(para)
20417
20939
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
20418
20940
msgstr ""
20419
20941
20420
#: serverguide/C/mail.xml:368(command)
20942
#: serverguide/C/mail.xml:323(command)
20421
20943
msgid "telnet mail.example.com 25"
20422
20944
msgstr "telnet mail.example.com 25"
20423
20945
20424
#: serverguide/C/mail.xml:370(para)
20946
#: serverguide/C/mail.xml:325(para)
20425
20947
msgid ""
20426
20948
"After you have established the connection to the postfix mail server, type:"
20427
20949
msgstr ""
20428
20950
20429
#: serverguide/C/mail.xml:374(screen)
20951
#: serverguide/C/mail.xml:329(screen)
20430
20952
#, no-wrap
20431
20953
msgid ""
20432
20954
"\n"
20435
20957
"\n"
20436
20958
"ehlo mail.example.com\n"
20437
20959
20438
#: serverguide/C/mail.xml:377(para)
20960
#: serverguide/C/mail.xml:332(para)
20439
20961
msgid ""
20440
20962
"If you see the following lines among others, then everything is working "
20441
20963
"perfectly. Type <command>quit</command> to exit."
20442
20964
msgstr ""
20443
20965
20444
#: serverguide/C/mail.xml:381(programlisting)
20966
#: serverguide/C/mail.xml:336(programlisting)
20445
20967
#, no-wrap
20446
20968
msgid ""
20447
20969
"\n"
20456
20978
"250-AUTH=LOGIN PLAIN\n"
20457
20979
"250 8BITMIME\n"
20458
20980
20459
#: serverguide/C/mail.xml:391(para)
20981
#: serverguide/C/mail.xml:346(para)
20460
20982
msgid ""
20461
20983
"This section introduces some common ways to determine the cause if problems "
20462
20984
"arise."
20463
20985
msgstr ""
20464
20986
20465
#: serverguide/C/mail.xml:395(title)
20987
#: serverguide/C/mail.xml:350(title)
20466
20988
msgid "Escaping chroot"
20467
20989
msgstr ""
20468
20990
20469
#: serverguide/C/mail.xml:396(para)
20991
#: serverguide/C/mail.xml:351(para)
20470
20992
msgid ""
20471
20993
"The Ubuntu <application>postfix</application> package will by default "
20472
20994
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
20473
20995
"This can add greater complexity when troubleshooting problems."
20474
20996
msgstr ""
20475
20997
20476
#: serverguide/C/mail.xml:400(para)
20998
#: serverguide/C/mail.xml:355(para)
20477
20999
msgid ""
20478
21000
"To turn off the chroot operation locate for the following line in the "
20479
21001
"<filename>/etc/postfix/master.cf</filename> configuration file:"
20480
21002
msgstr ""
20481
21003
20482
#: serverguide/C/mail.xml:404(screen)
21004
#: serverguide/C/mail.xml:359(screen)
20483
21005
#, no-wrap
20484
21006
msgid ""
20485
21007
"\n"
20488
21010
"\n"
20489
21011
"smtp inet n - - - - smtpd\n"
20490
21012
20491
#: serverguide/C/mail.xml:407(para)
21013
#: serverguide/C/mail.xml:362(para)
20492
21014
msgid "and modify it as follows:"
20493
21015
msgstr "并且修改它如下:"
20494
21016
20495
#: serverguide/C/mail.xml:410(screen)
21017
#: serverguide/C/mail.xml:365(screen)
20496
21018
#, no-wrap
20497
21019
msgid ""
20498
21020
"\n"
20501
21023
"\n"
20502
21024
"smtp inet n - n - - smtpd\n"
20503
21025
20504
#: serverguide/C/mail.xml:413(para)
21026
#: serverguide/C/mail.xml:368(para)
20505
21027
msgid ""
20506
21028
"You will then need to restart Postfix to use the new configuration. From a "
20507
21029
"terminal prompt enter:"
20529
21051
"\t "
20530
21052
msgstr ""
20531
21053
20532
#: serverguide/C/mail.xml:434(title)
21054
#: serverguide/C/mail.xml:376(title)
20533
21055
msgid "Log Files"
20534
21056
msgstr ""
20535
21057
20536
#: serverguide/C/mail.xml:435(para)
21058
#: serverguide/C/mail.xml:377(para)
20537
21059
msgid ""
20538
21060
"<application>Postfix</application> sends all log messages to "
20539
21061
"<filename>/var/log/mail.log</filename>. However error and warning messages "
20542
21064
"<filename>/var/log/mail.warn</filename> respectively."
20543
21065
msgstr ""
20544
21066
20545
#: serverguide/C/mail.xml:440(para)
21067
#: serverguide/C/mail.xml:382(para)
20546
21068
msgid ""
20547
21069
"To see messages entered into the logs in real time you can use the "
20548
21070
"<application>tail -f</application> command:"
20549
21071
msgstr ""
20550
21072
20551
#: serverguide/C/mail.xml:445(command)
21073
#: serverguide/C/mail.xml:387(command)
20552
21074
msgid "tail -f /var/log/mail.err"
20553
21075
msgstr "tail -f /var/log/mail.err"
20554
21076
20555
#: serverguide/C/mail.xml:447(para)
21077
#: serverguide/C/mail.xml:389(para)
20556
21078
msgid ""
20557
21079
"The amount of detail that is recorded in the logs can be increased. Below "
20558
21080
"are some configuration options for increasing the log level for some of the "
20559
21081
"areas covered above."
20560
21082
msgstr ""
20561
21083
20562
#: serverguide/C/mail.xml:453(para)
21084
#: serverguide/C/mail.xml:395(para)
20563
21085
msgid ""
20564
21086
"To increase <emphasis>TLS</emphasis> activity logging set the "
20565
21087
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20566
21088
msgstr ""
20567
21089
20568
#: serverguide/C/mail.xml:457(command)
21090
#: serverguide/C/mail.xml:399(command)
20569
21091
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20570
21092
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20571
21093
20572
#: serverguide/C/mail.xml:461(para)
21094
#: serverguide/C/mail.xml:403(para)
20573
21095
msgid ""
20574
21096
"If you are having trouble sending or receiving mail from a specific domain "
20575
21097
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20576
21098
msgstr ""
20577
21099
20578
#: serverguide/C/mail.xml:466(command)
21100
#: serverguide/C/mail.xml:408(command)
20579
21101
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20580
21102
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
20581
21103
20582
#: serverguide/C/mail.xml:470(para)
21104
#: serverguide/C/mail.xml:412(para)
20583
21105
msgid ""
20584
21106
"You can increase the verbosity of any <application>Postfix</application> "
20585
21107
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20587
21109
"<emphasis>smtp</emphasis> entry:"
20588
21110
msgstr ""
20589
21111
20590
#: serverguide/C/mail.xml:474(programlisting)
21112
#: serverguide/C/mail.xml:416(programlisting)
20591
21113
#, no-wrap
20592
21114
msgid ""
20593
21115
"\n"
20611
21133
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
20612
21134
msgstr ""
20613
21135
20614
#: serverguide/C/mail.xml:491(programlisting)
21136
#: serverguide/C/mail.xml:433(programlisting)
20615
21137
#, no-wrap
20616
21138
msgid ""
20617
21139
"\n"
20629
21151
"reloaded: <command>sudo service dovecot reload</command>."
20630
21152
msgstr ""
20631
21153
20632
#: serverguide/C/mail.xml:504(para)
21154
#: serverguide/C/mail.xml:446(para)
20633
21155
msgid ""
20634
21156
"Some of the options above can drastically increase the amount of information "
20635
21157
"sent to the log files. Remember to return the log level back to normal after "
20637
21159
"new configuration to take affect."
20638
21160
msgstr ""
20639
21161
20640
#: serverguide/C/mail.xml:512(para)
21162
#: serverguide/C/mail.xml:454(para)
20641
21163
msgid ""
20642
21164
"Administering a <application>Postfix</application> server can be a very "
20643
21165
"complicated task. At some point you may need to turn to the Ubuntu community "
20644
21166
"for more experienced help."
20645
21167
msgstr ""
20646
21168
20647
#: serverguide/C/mail.xml:516(para)
21169
#: serverguide/C/mail.xml:458(para)
20648
21170
msgid ""
20649
21171
"A great place to ask for <application>Postfix</application> assistance, and "
20650
21172
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20654
21176
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
20655
21177
msgstr ""
20656
21178
20657
#: serverguide/C/mail.xml:521(para)
21179
#: serverguide/C/mail.xml:463(para)
20658
21180
msgid ""
20659
21181
"For in depth <application>Postfix</application> information Ubuntu "
20660
21182
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
20661
21183
"Book of Postfix</ulink>."
20662
21184
msgstr ""
20663
21185
20664
#: serverguide/C/mail.xml:525(para)
21186
#: serverguide/C/mail.xml:467(para)
20665
21187
msgid ""
20666
21188
"Finally, the <ulink "
20667
21189
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
20675
21197
"Wiki Postfix</ulink> page has more information."
20676
21198
msgstr ""
20677
21199
20678
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
21200
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
20679
21201
msgid "Exim4"
20680
21202
msgstr "Exim4"
20681
21203
20682
#: serverguide/C/mail.xml:538(para)
21204
#: serverguide/C/mail.xml:480(para)
20683
21205
msgid ""
20684
21206
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
20685
21207
"developed at the University of Cambridge for use on Unix systems connected "
20689
21211
"<application>sendmail</application>."
20690
21212
msgstr ""
20691
21213
20692
#: serverguide/C/mail.xml:549(para)
21214
#: serverguide/C/mail.xml:491(para)
20693
21215
msgid ""
20694
21216
"To install <application>exim4</application>, run the following command: "
20695
21217
"<screen>\n"
20697
21219
"</screen>"
20698
21220
msgstr ""
20699
21221
20700
#: serverguide/C/mail.xml:558(para)
21222
#: serverguide/C/mail.xml:500(para)
20701
21223
msgid ""
20702
21224
"To configure <application>Exim4</application>, run the following command:"
20703
21225
msgstr ""
20704
21226
20705
#: serverguide/C/mail.xml:562(command)
21227
#: serverguide/C/mail.xml:504(command)
20706
21228
msgid "sudo dpkg-reconfigure exim4-config"
20707
21229
msgstr "sudo dpkg-reconfigure exim4-config"
20708
21230
20709
#: serverguide/C/mail.xml:564(para)
21231
#: serverguide/C/mail.xml:506(para)
20710
21232
msgid ""
20711
21233
"The user interface will be displayed. The user interface lets you configure "
20712
21234
"many parameters. For example, In <application>Exim4</application> the "
20714
21236
"in one file you can configure accordingly in this user interface."
20715
21237
msgstr ""
20716
21238
20717
#: serverguide/C/mail.xml:572(para)
21239
#: serverguide/C/mail.xml:514(para)
20718
21240
msgid ""
20719
21241
"All the parameters you configure in the user interface are stored in "
20720
21242
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20723
21245
"following command to generate the master configuration file:"
20724
21246
msgstr ""
20725
21247
20726
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
21248
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20727
21249
msgid "sudo update-exim4.conf"
20728
21250
msgstr "sudo update-exim4.conf"
20729
21251
20730
#: serverguide/C/mail.xml:585(para)
21252
#: serverguide/C/mail.xml:527(para)
20731
21253
msgid ""
20732
21254
"The master configuration file, is generated and it is stored in "
20733
21255
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20734
21256
msgstr ""
20735
21257
20736
#: serverguide/C/mail.xml:591(para)
21258
#: serverguide/C/mail.xml:533(para)
20737
21259
msgid ""
20738
21260
"At any time, you should not edit the master configuration file, "
20739
21261
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20743
21265
"<filename>/var/lib/exim4/config.autogenerated</filename>。它在每次您运行 "
20744
21266
"<command>update-exim4.conf</command> 之后会自动更新。"
20745
21267
20746
#: serverguide/C/mail.xml:599(para)
21268
#: serverguide/C/mail.xml:541(para)
20747
21269
msgid ""
20748
21270
"You can run the following command to start <application>Exim4</application> "
20749
21271
"daemon."
20753
21275
msgid "sudo service exim4 start"
20754
21276
msgstr ""
20755
21277
20756
#: serverguide/C/mail.xml:609(para)
21278
#: serverguide/C/mail.xml:551(para)
20757
21279
msgid ""
20758
21280
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
20759
21281
msgstr ""
20760
21282
20761
#: serverguide/C/mail.xml:612(para)
21283
#: serverguide/C/mail.xml:554(para)
20762
21284
msgid ""
20763
21285
"The first step is to create a certificate for use with TLS. Enter the "
20764
21286
"following into a terminal prompt:"
20765
21287
msgstr ""
20766
21288
20767
#: serverguide/C/mail.xml:616(command)
21289
#: serverguide/C/mail.xml:558(command)
20768
21290
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20769
21291
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20770
21292
20771
#: serverguide/C/mail.xml:618(para)
21293
#: serverguide/C/mail.xml:560(para)
20772
21294
msgid ""
20773
21295
"Now Exim4 needs to be configured for TLS by editing "
20774
21296
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
20775
21297
"the following:"
20776
21298
msgstr ""
20777
21299
20778
#: serverguide/C/mail.xml:622(programlisting)
21300
#: serverguide/C/mail.xml:564(programlisting)
20779
21301
#, no-wrap
20780
21302
msgid ""
20781
21303
"\n"
20784
21306
"\n"
20785
21307
"MAIN_TLS_ENABLE = yes\n"
20786
21308
20787
#: serverguide/C/mail.xml:625(para)
21309
#: serverguide/C/mail.xml:567(para)
20788
21310
msgid ""
20789
21311
"Next you need to configure <application>Exim4</application> to use the "
20790
21312
"<application>saslauthd</application> for authentication. Edit "
20793
21315
"<emphasis>login_saslauthd_server</emphasis> sections:"
20794
21316
msgstr ""
20795
21317
20796
#: serverguide/C/mail.xml:630(programlisting)
21318
#: serverguide/C/mail.xml:572(programlisting)
20797
21319
#, no-wrap
20798
21320
msgid ""
20799
21321
"\n"
20819
21341
" .endif\n"
20820
21342
msgstr ""
20821
21343
20822
#: serverguide/C/mail.xml:652(para)
21344
#: serverguide/C/mail.xml:594(para)
20823
21345
msgid ""
20824
21346
"Additionally, in order for outside mail client to be able to connect to new "
20825
21347
"exim server, new user needs to be added into exim by using the following "
20830
21352
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
20831
21353
msgstr ""
20832
21354
20833
#: serverguide/C/mail.xml:658(para)
21355
#: serverguide/C/mail.xml:600(para)
20834
21356
msgid ""
20835
21357
"Users should protect the new exim password files with the following commands."
20836
21358
msgstr ""
20837
21359
20838
#: serverguide/C/mail.xml:660(command)
21360
#: serverguide/C/mail.xml:602(command)
20839
21361
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
20840
21362
msgstr ""
20841
21363
20842
#: serverguide/C/mail.xml:661(command)
21364
#: serverguide/C/mail.xml:603(command)
20843
21365
msgid "sudo chmod 640 /etc/exim4/passwd"
20844
21366
msgstr ""
20845
21367
20846
#: serverguide/C/mail.xml:663(para)
21368
#: serverguide/C/mail.xml:605(para)
20847
21369
msgid "Finally, update the Exim4 configuration and restart the service:"
20848
21370
msgstr ""
20849
21371
20851
21373
msgid "sudo service exim4 restart"
20852
21374
msgstr ""
20853
21375
20854
#: serverguide/C/mail.xml:673(para)
21376
#: serverguide/C/mail.xml:615(para)
20855
21377
msgid ""
20856
21378
"This section provides details on configuring the saslauthd to provide "
20857
21379
"authentication for <application>Exim4</application>."
20858
21380
msgstr ""
20859
21381
20860
#: serverguide/C/mail.xml:676(para)
21382
#: serverguide/C/mail.xml:618(para)
20861
21383
msgid ""
20862
21384
"The first step is to install the sasl2-bin package. From a terminal prompt "
20863
21385
"enter the following:"
20864
21386
msgstr ""
20865
21387
20866
#: serverguide/C/mail.xml:680(command)
21388
#: serverguide/C/mail.xml:622(command)
20867
21389
msgid "sudo apt-get install sasl2-bin"
20868
21390
msgstr "sudo apt-get install sasl2-bin"
20869
21391
20870
#: serverguide/C/mail.xml:682(para)
21392
#: serverguide/C/mail.xml:624(para)
20871
21393
msgid ""
20872
21394
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20873
21395
"and set START=no to:"
20874
21396
msgstr ""
20875
21397
20876
#: serverguide/C/mail.xml:688(para)
21398
#: serverguide/C/mail.xml:630(para)
20877
21399
msgid ""
20878
21400
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20879
21401
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20880
21402
"service:"
20881
21403
msgstr ""
20882
21404
20883
#: serverguide/C/mail.xml:693(command)
21405
#: serverguide/C/mail.xml:635(command)
20884
21406
msgid "sudo adduser Debian-exim sasl"
20885
21407
msgstr "sudo adduser Debian-exim sasl"
20886
21408
20887
#: serverguide/C/mail.xml:695(para)
21409
#: serverguide/C/mail.xml:637(para)
20888
21410
msgid "Now start the <application>saslauthd</application> service:"
20889
21411
msgstr ""
20890
21412
20892
21414
msgid "sudo service saslauthd start"
20893
21415
msgstr ""
20894
21416
20895
#: serverguide/C/mail.xml:701(para)
21417
#: serverguide/C/mail.xml:643(para)
20896
21418
msgid ""
20897
21419
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20898
21420
"and SASL authentication."
20899
21421
msgstr ""
20900
21422
20901
#: serverguide/C/mail.xml:710(para)
21423
#: serverguide/C/mail.xml:652(para)
20902
21424
msgid ""
20903
21425
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20904
21426
"information."
20905
21427
msgstr ""
20906
21428
20907
#: serverguide/C/mail.xml:715(para)
21429
#: serverguide/C/mail.xml:657(para)
20908
21430
msgid ""
20909
21431
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20910
21432
"server\">Exim4 Book</ulink> available."
20911
21433
msgstr ""
20912
21434
20913
#: serverguide/C/mail.xml:720(para)
21435
#: serverguide/C/mail.xml:662(para)
20914
21436
msgid ""
20915
21437
"Another resource is the <ulink "
20916
21438
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20917
21439
"page."
20918
21440
msgstr ""
20919
21441
20920
#: serverguide/C/mail.xml:729(title)
21442
#: serverguide/C/mail.xml:671(title)
20921
21443
msgid "Dovecot Server"
20922
21444
msgstr "Dovecot 服务器"
20923
21445
20924
#: serverguide/C/mail.xml:730(para)
21446
#: serverguide/C/mail.xml:672(para)
20925
21447
msgid ""
20926
21448
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20927
21449
"security primarily in mind. It supports the major mailbox formats: mbox or "
20930
21452
"<application>Dovecot</application> 是一个主要出于安全考虑编写的邮件投递代理。它支持主要收件箱格式:mbox 或 "
20931
21453
"Maidir。这部分说明如何将它设为一个 imap 或 pop3 服务器。"
20932
21454
20933
#: serverguide/C/mail.xml:738(para)
21455
#: serverguide/C/mail.xml:680(para)
20934
21456
msgid ""
20935
21457
"To install <application>dovecot</application>, run the following command in "
20936
21458
"the command prompt:"
20937
21459
msgstr ""
20938
21460
20939
#: serverguide/C/mail.xml:743(command)
21461
#: serverguide/C/mail.xml:685(command)
20940
21462
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20941
21463
msgstr ""
20942
21464
20943
#: serverguide/C/mail.xml:748(para)
21465
#: serverguide/C/mail.xml:690(para)
20944
21466
msgid ""
20945
21467
"To configure <application>dovecot</application>, you can edit the file "
20946
21468
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20952
21474
"link>."
20953
21475
msgstr ""
20954
21476
20955
#: serverguide/C/mail.xml:758(para)
21477
#: serverguide/C/mail.xml:700(para)
20956
21478
msgid ""
20957
21479
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
20958
21480
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
20959
21481
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
20960
21482
msgstr ""
20961
21483
20962
#: serverguide/C/mail.xml:764(programlisting)
21484
#: serverguide/C/mail.xml:706(programlisting)
20963
21485
#, no-wrap
20964
21486
msgid ""
20965
21487
"\n"
20986
21508
"following line:"
20987
21509
msgstr ""
20988
21510
20989
#: serverguide/C/mail.xml:780(programlisting)
21511
#: serverguide/C/mail.xml:722(programlisting)
20990
21512
#, no-wrap
20991
21513
msgid ""
20992
21514
"\n"
20999
21521
"或\n"
21000
21522
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (对于 mbox)\n"
21001
21523
21002
#: serverguide/C/mail.xml:786(para)
21524
#: serverguide/C/mail.xml:728(para)
21003
21525
msgid ""
21004
21526
"You should configure your Mail Transport Agent (MTA) to transfer the "
21005
21527
"incoming mail to this type of mailbox if it is different from the one you "
21007
21529
msgstr ""
21008
21530
"您应当配置您的 MTA (Mail Transport Agent,邮件传输助理)来将新邮件传输到这类邮箱中,如果其与您已经配置的不同的话。"
21009
21531
21010
#: serverguide/C/mail.xml:792(para)
21532
#: serverguide/C/mail.xml:734(para)
21011
21533
msgid ""
21012
21534
"Once you have configured dovecot, restart the "
21013
21535
"<application>dovecot</application> daemon in order to test your setup:"
21014
21536
msgstr ""
21015
21537
21016
#: serverguide/C/mail.xml:801(para)
21538
#: serverguide/C/mail.xml:743(para)
21017
21539
msgid ""
21018
21540
"If you have enabled imap, or pop3, you can also try to log in with the "
21019
21541
"commands <command>telnet localhost pop3</command> or <command>telnet "
21021
21543
"installation has been successful:"
21022
21544
msgstr ""
21023
21545
21024
#: serverguide/C/mail.xml:808(programlisting)
21546
#: serverguide/C/mail.xml:750(programlisting)
21025
21547
#, no-wrap
21026
21548
msgid ""
21027
21549
"\n"
21038
21560
"Escape character is '^]'.\n"
21039
21561
"+OK Dovecot ready.\n"
21040
21562
21041
#: serverguide/C/mail.xml:817(title)
21563
#: serverguide/C/mail.xml:759(title)
21042
21564
msgid "Dovecot SSL Configuration"
21043
21565
msgstr "Dovecot SSL 配置"
21044
21566
21061
21583
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
21062
21584
msgstr ""
21063
21585
21064
#: serverguide/C/mail.xml:845(title)
21586
#: serverguide/C/mail.xml:786(title)
21065
21587
msgid "Firewall Configuration for an Email Server"
21066
21588
msgstr "邮件服务器的防火墙配置"
21067
21589
21068
#: serverguide/C/mail.xml:851(para)
21590
#: serverguide/C/mail.xml:792(para)
21069
21591
msgid "IMAP - 143"
21070
21592
msgstr "IMAP - 143"
21071
21593
21072
#: serverguide/C/mail.xml:852(para)
21594
#: serverguide/C/mail.xml:793(para)
21073
21595
msgid "IMAPS - 993"
21074
21596
msgstr "IMAPS - 993"
21075
21597
21076
#: serverguide/C/mail.xml:853(para)
21598
#: serverguide/C/mail.xml:794(para)
21077
21599
msgid "POP3 - 110"
21078
21600
msgstr "POP3 - 110"
21079
21601
21080
#: serverguide/C/mail.xml:854(para)
21602
#: serverguide/C/mail.xml:795(para)
21081
21603
msgid "POP3S - 995"
21082
21604
msgstr "POP3S - 995"
21083
21605
21084
#: serverguide/C/mail.xml:846(para)
21606
#: serverguide/C/mail.xml:787(para)
21085
21607
msgid ""
21086
21608
"To access your mail server from another computer, you must configure your "
21087
21609
"firewall to allow connections to the server on the necessary ports. "
21088
21610
"<placeholder-1/>"
21089
21611
msgstr "要从另一台计算机访问您的邮件服务器,您必须配置您的防火墙以允许连接服务器必要的端口。<placeholder-1/>"
21090
21612
21091
#: serverguide/C/mail.xml:863(para)
21613
#: serverguide/C/mail.xml:804(para)
21092
21614
msgid ""
21093
21615
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
21094
21616
"more information."
21095
21617
msgstr ""
21096
21618
21097
#: serverguide/C/mail.xml:868(para)
21619
#: serverguide/C/mail.xml:809(para)
21098
21620
msgid ""
21099
21621
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
21100
21622
"Ubuntu Wiki</ulink> page has more details."
21101
21623
msgstr ""
21102
21624
21103
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
21625
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
21104
21626
msgid "Mailman"
21105
21627
msgstr "Mailman"
21106
21628
21107
#: serverguide/C/mail.xml:878(para)
21629
#: serverguide/C/mail.xml:819(para)
21108
21630
msgid ""
21109
21631
"Mailman is an open source program for managing electronic mail discussions "
21110
21632
"and e-newsletter lists. Many open source mailing lists (including all the "
21116
21638
"url=\"http://lists.ubuntu.com\">Ubuntu 邮件列表</ulink>)使用 Mailman "
21117
21639
"作为他们的邮件列表软件。它是强大的且易于安装和维护。"
21118
21640
21119
#: serverguide/C/mail.xml:888(para)
21641
#: serverguide/C/mail.xml:829(para)
21120
21642
msgid ""
21121
21643
"Mailman provides a web interface for the administrators and users, using an "
21122
21644
"external mail server to send and receive emails. It works perfectly with the "
21123
21645
"following mail servers:"
21124
21646
msgstr ""
21125
21647
21126
#: serverguide/C/mail.xml:899(application)
21648
#: serverguide/C/mail.xml:840(application)
21127
21649
msgid "Exim"
21128
21650
msgstr "Exim"
21129
21651
21130
#: serverguide/C/mail.xml:902(application)
21652
#: serverguide/C/mail.xml:843(application)
21131
21653
msgid "Sendmail"
21132
21654
msgstr "Sendmail"
21133
21655
21134
#: serverguide/C/mail.xml:905(application)
21656
#: serverguide/C/mail.xml:846(application)
21135
21657
msgid "Qmail"
21136
21658
msgstr "Qmail"
21137
21659
21138
#: serverguide/C/mail.xml:910(para)
21660
#: serverguide/C/mail.xml:851(para)
21139
21661
msgid ""
21140
21662
"We will see how to install and configure Mailman with, the Apache web "
21141
21663
"server, and either the Postfix or Exim mail server. If you wish to install "
21142
21664
"Mailman with a different mail server, please refer to the references section."
21143
21665
msgstr ""
21144
21666
21145
#: serverguide/C/mail.xml:917(para)
21667
#: serverguide/C/mail.xml:858(para)
21146
21668
msgid ""
21147
21669
"You only need to install one mail server and "
21148
21670
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
21149
21671
msgstr ""
21150
21672
21151
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
21673
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
21152
21674
msgid "Apache2"
21153
21675
msgstr "Apache2"
21154
21676
21155
#: serverguide/C/mail.xml:923(para)
21677
#: serverguide/C/mail.xml:864(para)
21156
21678
msgid ""
21157
21679
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
21158
21680
"details."
21159
21681
msgstr ""
21160
21682
21161
#: serverguide/C/mail.xml:929(para)
21683
#: serverguide/C/mail.xml:870(para)
21162
21684
msgid ""
21163
21685
"For instructions on installing and configuring Postfix refer to <xref "
21164
21686
"linkend=\"postfix\"/>"
21165
21687
msgstr ""
21166
21688
21167
#: serverguide/C/mail.xml:935(para)
21689
#: serverguide/C/mail.xml:876(para)
21168
21690
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
21169
21691
msgstr ""
21170
21692
21171
#: serverguide/C/mail.xml:938(para)
21693
#: serverguide/C/mail.xml:879(para)
21172
21694
msgid ""
21173
21695
"Once exim4 is installed, the configuration files are stored in the "
21174
21696
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
21177
21699
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
21178
21700
msgstr ""
21179
21701
21180
#: serverguide/C/mail.xml:945(programlisting)
21702
#: serverguide/C/mail.xml:886(programlisting)
21181
21703
#, no-wrap
21182
21704
msgid ""
21183
21705
"\n"
21184
21706
"dc_use_split_config='true'\n"
21185
21707
msgstr ""
21186
21708
21187
#: serverguide/C/mail.xml:953(para)
21709
#: serverguide/C/mail.xml:894(para)
21188
21710
msgid ""
21189
21711
"To install <application>Mailman</application>, run following command at a "
21190
21712
"terminal prompt:"
21191
21713
msgstr ""
21192
21714
21193
#: serverguide/C/mail.xml:957(command)
21715
#: serverguide/C/mail.xml:898(command)
21194
21716
msgid "sudo apt-get install mailman"
21195
21717
msgstr "sudo apt-get install mailman"
21196
21718
21197
#: serverguide/C/mail.xml:959(para)
21719
#: serverguide/C/mail.xml:900(para)
21198
21720
msgid ""
21199
21721
"It copies the installation files in "
21200
21722
"<application>/var/lib/mailman</application> directory. It installs the CGI "
21204
21726
"this user."
21205
21727
msgstr ""
21206
21728
21207
#: serverguide/C/mail.xml:971(para)
21729
#: serverguide/C/mail.xml:912(para)
21208
21730
msgid ""
21209
21731
"This section assumes you have successfully installed "
21210
21732
"<application>mailman</application>, <application>apache2</application>, and "
21212
21734
"you just need to configure them."
21213
21735
msgstr ""
21214
21736
21215
#: serverguide/C/mail.xml:980(para)
21737
#: serverguide/C/mail.xml:921(para)
21216
21738
msgid ""
21217
21739
"An example Apache configuration file comes with "
21218
21740
"<application>Mailman</application> and is placed in "
21221
21743
"available</filename>:"
21222
21744
msgstr ""
21223
21745
21224
#: serverguide/C/mail.xml:986(command)
21746
#: serverguide/C/mail.xml:927(command)
21225
21747
msgid ""
21226
21748
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
21227
21749
msgstr ""
21228
21750
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
21229
21751
21230
#: serverguide/C/mail.xml:988(para)
21752
#: serverguide/C/mail.xml:929(para)
21231
21753
msgid ""
21232
21754
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
21233
21755
"Mailman administration site. Now enable the new configuration and restart "
21234
21756
"Apache:"
21235
21757
msgstr ""
21236
21758
21237
#: serverguide/C/mail.xml:993(command)
21759
#: serverguide/C/mail.xml:934(command)
21238
21760
msgid "sudo a2ensite mailman.conf"
21239
21761
msgstr "sudo a2ensite mailman.conf"
21240
21762
21241
#: serverguide/C/mail.xml:996(para)
21763
#: serverguide/C/mail.xml:937(para)
21242
21764
msgid ""
21243
21765
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
21244
21766
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
21247
21769
"available/mailman.conf</filename> file if you wish to change this behavior."
21248
21770
msgstr ""
21249
21771
21250
#: serverguide/C/mail.xml:1007(para)
21772
#: serverguide/C/mail.xml:948(para)
21251
21773
msgid ""
21252
21774
"For <application>Postfix</application> integration, we will associate the "
21253
21775
"domain lists.example.com with the mailing lists. Please replace "
21254
21776
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
21255
21777
msgstr ""
21256
21778
21257
#: serverguide/C/mail.xml:1011(para)
21779
#: serverguide/C/mail.xml:952(para)
21258
21780
msgid ""
21259
21781
"You can use the postconf command to add the necessary configuration to "
21260
21782
"<filename>/etc/postfix/main.cf</filename>:"
21261
21783
msgstr ""
21262
21784
21263
#: serverguide/C/mail.xml:1015(command)
21785
#: serverguide/C/mail.xml:956(command)
21264
21786
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
21265
21787
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
21266
21788
21267
#: serverguide/C/mail.xml:1016(command)
21789
#: serverguide/C/mail.xml:957(command)
21268
21790
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
21269
21791
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
21270
21792
21271
#: serverguide/C/mail.xml:1017(command)
21793
#: serverguide/C/mail.xml:958(command)
21272
21794
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
21273
21795
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
21274
21796
21275
#: serverguide/C/mail.xml:1019(para)
21797
#: serverguide/C/mail.xml:960(para)
21276
21798
msgid ""
21277
21799
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
21278
21800
"the following transport:"
21279
21801
msgstr ""
21280
21802
21281
#: serverguide/C/mail.xml:1022(programlisting)
21803
#: serverguide/C/mail.xml:963(programlisting)
21282
21804
#, no-wrap
21283
21805
msgid ""
21284
21806
"\n"
21291
21813
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
21292
21814
" ${nexthop} ${user}\n"
21293
21815
21294
#: serverguide/C/mail.xml:1027(para)
21816
#: serverguide/C/mail.xml:968(para)
21295
21817
msgid ""
21296
21818
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
21297
21819
"is delivered to a list."
21298
21820
msgstr "当有邮件发送到一个列表时,它会调用<emphasis>postfix-to-mailman.py</emphasis>脚本。"
21299
21821
21300
#: serverguide/C/mail.xml:1030(para)
21822
#: serverguide/C/mail.xml:971(para)
21301
21823
msgid ""
21302
21824
"Associate the domain lists.example.com to the Mailman transport with the "
21303
21825
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
21305
21827
"用传送图将域名lists.example.com与Mailman传送连接起来。请编辑文件<filename>/etc/postfix/transport<"
21306
21828
"/filename>:"
21307
21829
21308
#: serverguide/C/mail.xml:1033(programlisting)
21830
#: serverguide/C/mail.xml:974(programlisting)
21309
21831
#, no-wrap
21310
21832
msgid ""
21311
21833
"\n"
21314
21836
"\n"
21315
21837
"lists.example.com mailman:\n"
21316
21838
21317
#: serverguide/C/mail.xml:1036(para)
21839
#: serverguide/C/mail.xml:977(para)
21318
21840
msgid ""
21319
21841
"Now have <application>Postfix</application> build the transport map by "
21320
21842
"entering the following from a terminal prompt:"
21321
21843
msgstr "然后在终端输入如下命令来用<application>Postfix</application>构建传送图:"
21322
21844
21323
#: serverguide/C/mail.xml:1040(command)
21845
#: serverguide/C/mail.xml:981(command)
21324
21846
msgid "sudo postmap -v /etc/postfix/transport"
21325
21847
msgstr "sudo postmap -v /etc/postfix/transport"
21326
21848
21327
#: serverguide/C/mail.xml:1042(para)
21849
#: serverguide/C/mail.xml:983(para)
21328
21850
msgid "Then restart Postfix to enable the new configurations:"
21329
21851
msgstr "然后重启Postfix以启用新的配置:"
21330
21852
21331
#: serverguide/C/mail.xml:1051(para)
21853
#: serverguide/C/mail.xml:992(para)
21332
21854
msgid ""
21333
21855
"Once Exim4 is installed, you can start the Exim server using the following "
21334
21856
"command from a terminal prompt:"
21335
21857
msgstr "当Exim4安装以后,你可以在终端输入如下命令以启动Exim服务器:"
21336
21858
21337
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21859
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21338
21860
msgid "Main"
21339
21861
msgstr "主"
21340
21862
21341
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21863
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21342
21864
msgid "Transport"
21343
21865
msgstr "传输"
21344
21866
21345
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21867
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21346
21868
msgid "Router"
21347
21869
msgstr "路由器"
21348
21870
21349
#: serverguide/C/mail.xml:1058(para)
21871
#: serverguide/C/mail.xml:999(para)
21350
21872
msgid ""
21351
21873
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21352
21874
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21362
21884
"url=\"http://www.exim.org\">Exim</ulink>网站。要运行mailman,我们要向如下配置类型里添加一个新的配置文件:<"
21363
21885
"placeholder-1/> Exim通过搜选这些迷你配置文件来创建一个主配置文件。因此,这些配置文件罗列的顺序是非常重要的。"
21364
21886
21365
#: serverguide/C/mail.xml:1089(programlisting)
21887
#: serverguide/C/mail.xml:1030(programlisting)
21366
21888
#, no-wrap
21367
21889
msgid ""
21368
21890
"\n"
21440
21962
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
21441
21963
"# end\n"
21442
21964
21443
#: serverguide/C/mail.xml:1083(para)
21965
#: serverguide/C/mail.xml:1024(para)
21444
21966
msgid ""
21445
21967
"All the configuration files belonging to the main type are stored in the "
21446
21968
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
21451
21973
"目录中。您可以将下面的内容添加到一个名为 <filename>04_exim4-config_mailman</filename> "
21452
21974
"的新文件中:<placeholder-1/>"
21453
21975
21454
#: serverguide/C/mail.xml:1129(programlisting)
21976
#: serverguide/C/mail.xml:1070(programlisting)
21455
21977
#, no-wrap
21456
21978
msgid ""
21457
21979
"\n"
21482
22004
" user = MM_UID\n"
21483
22005
" group = MM_GID\n"
21484
22006
21485
#: serverguide/C/mail.xml:1123(para)
22007
#: serverguide/C/mail.xml:1064(para)
21486
22008
msgid ""
21487
22009
"All the configuration files belonging to transport type are stored in the "
21488
22010
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
21493
22015
"目录中。您可以将下面的内容添加到一个名为 <filename>40_exim4-config_mailman</filename> "
21494
22016
"的新文件中:<placeholder-1/>"
21495
22017
21496
#: serverguide/C/mail.xml:1150(programlisting)
22018
#: serverguide/C/mail.xml:1091(programlisting)
21497
22019
#, no-wrap
21498
22020
msgid ""
21499
22021
"\n"
21516
22038
" -owner : -request : -admin\n"
21517
22039
" transport = mailman_transport\n"
21518
22040
21519
#: serverguide/C/mail.xml:1146(para)
22041
#: serverguide/C/mail.xml:1087(para)
21520
22042
msgid ""
21521
22043
"All the configuration files belonging to router type are stored in the "
21522
22044
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
21527
22049
"目录中。您可以将下列内容添加到名为 <filename>101_exim4-config_mailman</filename> "
21528
22050
"的新文件中:<placeholder-1/>"
21529
22051
21530
#: serverguide/C/mail.xml:1163(para)
22052
#: serverguide/C/mail.xml:1104(para)
21531
22053
msgid ""
21532
22054
"The order of main and transport configuration files can be in any order. "
21533
22055
"But, the order of router configuration files must be the same. This "
21539
22061
"主类和传输类的配置文件的顺序可以随意。但路由类的配置文件的顺序必须相同。该文件必须在 <application>200_exim4-"
21540
22062
"config_primary</application> 文件之前出现。如果两个配置文件包含相同类型的信息。第一个文件优先。详情请参阅参考部分。"
21541
22063
21542
#: serverguide/C/mail.xml:1176(para)
22064
#: serverguide/C/mail.xml:1117(para)
21543
22065
msgid ""
21544
22066
"Once mailman is installed, you can run it using the following command:"
21545
22067
msgstr "当mailman安装之后,你可以使用如下命令来运行它:"
21548
22070
msgid "sudo service mailman start"
21549
22071
msgstr ""
21550
22072
21551
#: serverguide/C/mail.xml:1182(para)
22073
#: serverguide/C/mail.xml:1123(para)
21552
22074
msgid ""
21553
22075
"Once mailman is installed, you should create the default mailing list. Run "
21554
22076
"the following command to create the mailing list:"
21555
22077
msgstr "当mailman安装以后,你可以创建默认的邮件列表。运行如下命令来创建邮件列表:"
21556
22078
21557
#: serverguide/C/mail.xml:1188(command)
22079
#: serverguide/C/mail.xml:1129(command)
21558
22080
msgid "sudo /usr/sbin/newlist mailman"
21559
22081
msgstr "sudo /usr/sbin/newlist mailman"
21560
22082
21561
#: serverguide/C/mail.xml:1191(programlisting)
22083
#: serverguide/C/mail.xml:1132(programlisting)
21562
22084
#, no-wrap
21563
22085
msgid ""
21564
22086
"\n"
21615
22137
"\n"
21616
22138
" # \n"
21617
22139
21618
#: serverguide/C/mail.xml:1214(para)
22140
#: serverguide/C/mail.xml:1155(para)
21619
22141
msgid ""
21620
22142
"We have configured either Postfix or Exim4 to recognize all emails from "
21621
22143
"mailman. So, it is not mandatory to make any new entries in "
21626
22148
"我们已经配置了Postfix或Exim4以查看来自mailman的所有邮件。因此,你不用必须在<filename>/etc/aliases</filena"
21627
22149
"me>里添加新的条目了。如果你对配置文件做过了更改,请确保在进入下一环节之前已重启过这些服务。"
21628
22150
21629
#: serverguide/C/mail.xml:1222(para)
22151
#: serverguide/C/mail.xml:1163(para)
21630
22152
msgid ""
21631
22153
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
21632
22154
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
21637
22159
"机制,所以它不使用以上的别名将邮件转发给Mailman。要在创建列表时禁止别名,你可以将<emphasis>MTA=None</emphasis>添加到M"
21638
22160
"ailman的配置文件<filename>/etc/mailman/mm_cfg.py</filename>中。"
21639
22161
21640
#: serverguide/C/mail.xml:1233(title)
22162
#: serverguide/C/mail.xml:1174(title)
21641
22163
msgid "Administration"
21642
22164
msgstr "管理"
21643
22165
21644
#: serverguide/C/mail.xml:1234(para)
22166
#: serverguide/C/mail.xml:1175(para)
21645
22167
msgid ""
21646
22168
"We assume you have a default installation. The mailman cgi scripts are still "
21647
22169
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
21652
22174
"bin/mailman/</application> 目录中。mailman 提供了一个基于 web "
21653
22175
"的管理工具。若想访问这个页面,请将您的浏览器指向以下 url:"
21654
22176
21655
#: serverguide/C/mail.xml:1242(para)
22177
#: serverguide/C/mail.xml:1183(para)
21656
22178
msgid "http://hostname/cgi-bin/mailman/admin"
21657
22179
msgstr "http://hostname/cgi-bin/mailman/admin"
21658
22180
21659
#: serverguide/C/mail.xml:1246(para)
22181
#: serverguide/C/mail.xml:1187(para)
21660
22182
msgid ""
21661
22183
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21662
22184
"screen. If you click the mailing list name, it will ask for your "
21670
22192
"会在这个屏幕中出现。如果您点击邮件列表的名称,它会向您询问通行密码。如果您输入了正确的密码,您就可以修改这个邮件列表的管理设定。您可以使用命令行工具来创建"
21671
22193
"新的邮件列表(<command>/usr/sbin/newlist</command>)。或者您也可以使用 web 界面"
21672
22194
21673
#: serverguide/C/mail.xml:1259(title)
22195
#: serverguide/C/mail.xml:1200(title)
21674
22196
msgid "Users"
21675
22197
msgstr "用户"
21676
22198
21677
#: serverguide/C/mail.xml:1260(para)
22199
#: serverguide/C/mail.xml:1201(para)
21678
22200
msgid ""
21679
22201
"Mailman provides a web based interface for users. To access this page, point "
21680
22202
"your browser to the following url:"
21681
22203
msgstr "Mailman 为用户提供了一个 web 界面,可以在您的浏览器中输入下列 url 来访问该页:"
21682
22204
21683
#: serverguide/C/mail.xml:1265(para)
22205
#: serverguide/C/mail.xml:1206(para)
21684
22206
msgid "http://hostname/cgi-bin/mailman/listinfo"
21685
22207
msgstr "http://hostname/cgi-bin/mailman/listinfo"
21686
22208
21687
#: serverguide/C/mail.xml:1269(para)
22209
#: serverguide/C/mail.xml:1210(para)
21688
22210
msgid ""
21689
22211
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21690
22212
"screen. If you click the mailing list name, it will display the subscription "
21696
22218
"将出现在屏幕上。如果您点击邮件列表名,它将显示订阅表单。您可以输入您的邮件地址、姓名 "
21697
22219
"(可选)及密码来订阅。一个邀请邮件将发送给您。您可以根据该邮件的指示完成订阅。"
21698
22220
21699
#: serverguide/C/mail.xml:1281(ulink)
22221
#: serverguide/C/mail.xml:1222(ulink)
21700
22222
msgid "GNU Mailman - Installation Manual"
21701
22223
msgstr "GNU Mailman - 安装手册"
21702
22224
21703
#: serverguide/C/mail.xml:1285(ulink)
22225
#: serverguide/C/mail.xml:1226(ulink)
21704
22226
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
21705
22227
msgstr "指南 - 一起使用 Exim 4 和 Mailman 2.1"
21706
22228
21707
#: serverguide/C/mail.xml:1288(para)
22229
#: serverguide/C/mail.xml:1229(para)
21708
22230
msgid ""
21709
22231
"Also, see the <ulink "
21710
22232
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
21711
22233
"Wiki</ulink> page."
21712
22234
msgstr ""
21713
22235
21714
#: serverguide/C/mail.xml:1294(title)
22236
#: serverguide/C/mail.xml:1235(title)
21715
22237
msgid "Mail Filtering"
21716
22238
msgstr "邮件过滤"
21717
22239
21718
#: serverguide/C/mail.xml:1295(para)
22240
#: serverguide/C/mail.xml:1236(para)
21719
22241
msgid ""
21720
22242
"One of the largest issues with email today is the problem of Unsolicited "
21721
22243
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
21725
22247
"当前邮件面临的最大问题是垃圾广告邮件(UBE,即Unsolicited Bulk "
21726
22248
"Email)。也叫做SPAM,此类信息也可能携带病毒或者其它形式的流氓软件。据一些报告显示,此类邮件已占据互联网邮件流量的大部分。"
21727
22249
21728
#: serverguide/C/mail.xml:1300(para)
22250
#: serverguide/C/mail.xml:1241(para)
21729
22251
msgid ""
21730
22252
"This section will cover integrating <application>Amavisd-new</application>, "
21731
22253
"<application>Spamassassin</application>, and "
21739
22261
"spf</application>."
21740
22262
msgstr ""
21741
22263
21742
#: serverguide/C/mail.xml:1310(para)
22264
#: serverguide/C/mail.xml:1251(para)
21743
22265
msgid ""
21744
22266
"<application>Amavisd-new</application> is a wrapper program that can call "
21745
22267
"any number of content filtering programs for spam detection, antivirus, etc."
21746
22268
msgstr ""
21747
22269
21748
#: serverguide/C/mail.xml:1316(para)
22270
#: serverguide/C/mail.xml:1257(para)
21749
22271
msgid ""
21750
22272
"<application>Spamassassin</application> uses a variety of mechanisms to "
21751
22273
"filter email based on the message content."
21752
22274
msgstr ""
21753
22275
21754
#: serverguide/C/mail.xml:1321(para)
22276
#: serverguide/C/mail.xml:1262(para)
21755
22277
msgid ""
21756
22278
"<application>ClamAV</application> is an open source antivirus application."
21757
22279
msgstr ""
21758
22280
21759
#: serverguide/C/mail.xml:1326(para)
22281
#: serverguide/C/mail.xml:1267(para)
21760
22282
msgid ""
21761
22283
"<application>opendkim</application> implements a Sendmail Mail Filter "
21762
22284
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21763
22285
msgstr ""
21764
22286
21765
#: serverguide/C/mail.xml:1332(para)
22287
#: serverguide/C/mail.xml:1273(para)
21766
22288
msgid ""
21767
22289
"<application>python-policyd-spf</application> enables Sender Policy "
21768
22290
"Framework (SPF) checking with <application>Postfix</application>."
21769
22291
msgstr ""
21770
22292
21771
#: serverguide/C/mail.xml:1337(para)
22293
#: serverguide/C/mail.xml:1278(para)
21772
22294
msgid "This is how the pieces fit together:"
21773
22295
msgstr ""
21774
22296
21775
#: serverguide/C/mail.xml:1342(para)
22297
#: serverguide/C/mail.xml:1283(para)
21776
22298
msgid "An email message is accepted by <application>Postfix</application>."
21777
22299
msgstr ""
21778
22300
21779
#: serverguide/C/mail.xml:1347(para)
22301
#: serverguide/C/mail.xml:1288(para)
21780
22302
msgid ""
21781
22303
"The message is passed through any external filters "
21782
22304
"<application>opendkim</application> and <application>python-policyd-"
21783
22305
"spf</application> in this case."
21784
22306
msgstr ""
21785
22307
21786
#: serverguide/C/mail.xml:1353(para)
22308
#: serverguide/C/mail.xml:1294(para)
21787
22309
msgid "<application>Amavisd-new</application> then processes the message."
21788
22310
msgstr ""
21789
22311
21790
#: serverguide/C/mail.xml:1358(para)
22312
#: serverguide/C/mail.xml:1299(para)
21791
22313
msgid ""
21792
22314
"<application>ClamAV</application> is used to scan the message. If the "
21793
22315
"message contains a virus <application>Postfix</application> will reject the "
21794
22316
"message."
21795
22317
msgstr ""
21796
22318
21797
#: serverguide/C/mail.xml:1364(para)
22319
#: serverguide/C/mail.xml:1305(para)
21798
22320
msgid ""
21799
22321
"Clean messages will then be analyzed by "
21800
22322
"<application>Spamassassin</application> to find out if the message is spam. "
21803
22325
"message."
21804
22326
msgstr ""
21805
22327
21806
#: serverguide/C/mail.xml:1371(para)
22328
#: serverguide/C/mail.xml:1312(para)
21807
22329
msgid ""
21808
22330
"For example, if a message has a Spam score of over fifty the message could "
21809
22331
"be automatically dropped from the queue without the recipient ever having to "
21812
22334
"see fit."
21813
22335
msgstr ""
21814
22336
21815
#: serverguide/C/mail.xml:1378(para)
22337
#: serverguide/C/mail.xml:1319(para)
21816
22338
msgid ""
21817
22339
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21818
22340
"configuring Postfix."
21819
22341
msgstr ""
21820
22342
21821
#: serverguide/C/mail.xml:1381(para)
22343
#: serverguide/C/mail.xml:1322(para)
21822
22344
msgid ""
21823
22345
"To install the rest of the applications enter the following from a terminal "
21824
22346
"prompt:"
21825
22347
msgstr ""
21826
22348
21827
#: serverguide/C/mail.xml:1385(command)
22349
#: serverguide/C/mail.xml:1326(command)
21828
22350
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21829
22351
msgstr ""
21830
22352
21831
#: serverguide/C/mail.xml:1386(command)
22353
#: serverguide/C/mail.xml:1327(command)
21832
22354
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21833
22355
msgstr ""
21834
22356
21835
#: serverguide/C/mail.xml:1388(para)
22357
#: serverguide/C/mail.xml:1329(para)
21836
22358
msgid ""
21837
22359
"There are some optional packages that integrate with "
21838
22360
"<application>Spamassassin</application> for better spam detection:"
21839
22361
msgstr ""
21840
22362
21841
#: serverguide/C/mail.xml:1392(command)
22363
#: serverguide/C/mail.xml:1333(command)
21842
22364
msgid "sudo apt-get install pyzor razor"
21843
22365
msgstr "sudo apt-get install pyzor razor"
21844
22366
21845
#: serverguide/C/mail.xml:1394(para)
22367
#: serverguide/C/mail.xml:1335(para)
21846
22368
msgid ""
21847
22369
"Along with the main filtering applications compression utilities are needed "
21848
22370
"to process some email attachments:"
21849
22371
msgstr ""
21850
22372
21851
#: serverguide/C/mail.xml:1398(command)
22373
#: serverguide/C/mail.xml:1339(command)
21852
22374
msgid ""
21853
22375
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21854
22376
msgstr ""
21855
22377
21856
#: serverguide/C/mail.xml:1401(para)
22378
#: serverguide/C/mail.xml:1342(para)
21857
22379
msgid ""
21858
22380
"If some packages are not found, check that the "
21859
22381
"<emphasis>multiverse</emphasis> repository is enabled in "
21860
22382
"<filename>/etc/apt/sources.list</filename>"
21861
22383
msgstr ""
21862
22384
21863
#: serverguide/C/mail.xml:1402(para)
22385
#: serverguide/C/mail.xml:1343(para)
21864
22386
msgid ""
21865
22387
"If you make changes to the file, be sure to run <command>sudo apt-get "
21866
22388
"update</command> before trying to install again."
21867
22389
msgstr ""
21868
22390
21869
#: serverguide/C/mail.xml:1407(para)
22391
#: serverguide/C/mail.xml:1348(para)
21870
22392
msgid "Now configure everything to work together and filter email."
21871
22393
msgstr ""
21872
22394
21873
#: serverguide/C/mail.xml:1411(title)
22395
#: serverguide/C/mail.xml:1352(title)
21874
22396
msgid "ClamAV"
21875
22397
msgstr "ClamAV"
21876
22398
21877
#: serverguide/C/mail.xml:1412(para)
22399
#: serverguide/C/mail.xml:1353(para)
21878
22400
msgid ""
21879
22401
"The default behaviour of <application>ClamAV</application> will fit our "
21880
22402
"needs. For more ClamAV configuration options, check the configuration files "
21881
22403
"in <filename>/etc/clamav</filename>."
21882
22404
msgstr ""
21883
22405
21884
#: serverguide/C/mail.xml:1417(para)
22406
#: serverguide/C/mail.xml:1358(para)
21885
22407
msgid ""
21886
22408
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21887
22409
"group in order for <application>Amavisd-new</application> to have the "
21888
22410
"appropriate access to scan files:"
21889
22411
msgstr ""
21890
22412
21891
#: serverguide/C/mail.xml:1422(command)
22413
#: serverguide/C/mail.xml:1363(command)
21892
22414
msgid "sudo adduser clamav amavis"
21893
22415
msgstr ""
21894
22416
21895
#: serverguide/C/mail.xml:1423(command)
22417
#: serverguide/C/mail.xml:1364(command)
21896
22418
msgid "sudo adduser amavis clamav"
21897
22419
msgstr ""
21898
22420
21899
#: serverguide/C/mail.xml:1427(title)
22421
#: serverguide/C/mail.xml:1368(title)
21900
22422
msgid "Spamassassin"
21901
22423
msgstr "Spamassassin"
21902
22424
21903
#: serverguide/C/mail.xml:1428(para)
22425
#: serverguide/C/mail.xml:1369(para)
21904
22426
msgid ""
21905
22427
"Spamassassin automatically detects optional components and will use them if "
21906
22428
"they are present. This means that there is no need to configure "
21907
22429
"<application>pyzor</application> and <application>razor</application>."
21908
22430
msgstr ""
21909
22431
21910
#: serverguide/C/mail.xml:1432(para)
22432
#: serverguide/C/mail.xml:1373(para)
21911
22433
msgid ""
21912
22434
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21913
22435
"<application>Spamassassin</application> daemon. Change "
21914
22436
"<emphasis>ENABLED=0</emphasis> to:"
21915
22437
msgstr ""
21916
22438
21917
#: serverguide/C/mail.xml:1436(programlisting)
22439
#: serverguide/C/mail.xml:1377(programlisting)
21918
22440
#, no-wrap
21919
22441
msgid ""
21920
22442
"\n"
21923
22445
"\n"
21924
22446
"ENABLED=1\n"
21925
22447
21926
#: serverguide/C/mail.xml:1439(para)
22448
#: serverguide/C/mail.xml:1380(para)
21927
22449
msgid "Now start the daemon:"
21928
22450
msgstr "现在启动守护进程:"
21929
22451
21931
22453
msgid "sudo service spamassassin start"
21932
22454
msgstr ""
21933
22455
21934
#: serverguide/C/mail.xml:1447(title)
22456
#: serverguide/C/mail.xml:1388(title)
21935
22457
msgid "Amavisd-new"
21936
22458
msgstr ""
21937
22459
21938
#: serverguide/C/mail.xml:1448(para)
22460
#: serverguide/C/mail.xml:1389(para)
21939
22461
msgid ""
21940
22462
"First activate spam and antivirus detection in <application>Amavisd-"
21941
22463
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
21942
22464
"content_filter_mode</filename>:"
21943
22465
msgstr ""
21944
22466
21945
#: serverguide/C/mail.xml:1452(programlisting)
22467
#: serverguide/C/mail.xml:1393(programlisting)
21946
22468
#, no-wrap
21947
22469
msgid ""
21948
22470
"\n"
21973
22495
"1; # insure a defined return\n"
21974
22496
msgstr ""
21975
22497
21976
#: serverguide/C/mail.xml:1477(para)
21977
msgid ""
21978
"Bouncing spam can be a bad idea as the return address is often faked. "
21979
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
21980
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
21981
"D_BOUNCE, as follows:"
21982
msgstr ""
21983
21984
#: serverguide/C/mail.xml:1483(programlisting)
21985
#, no-wrap
21986
msgid ""
21987
"\n"
21988
"$final_spam_destiny = D_DISCARD;\n"
21989
msgstr ""
21990
"\n"
21991
"$final_spam_destiny = D_DISCARD;\n"
21992
21993
#: serverguide/C/mail.xml:1487(para)
22498
#: serverguide/C/mail.xml:1419(para)
22499
msgid ""
22500
"Bouncing spam can be a bad idea as the return address is often faked. The "
22501
"default behaviour is to instead discard. This is configured in "
22502
"<filename>/etc/amavis/conf.d/21-debian_defaults</filename> where "
22503
"<emphasis>$final_spam_destiny</emphasis> is set to D_DISCARD rather than "
22504
"D_BOUNCE."
22505
msgstr ""
22506
22507
#: serverguide/C/mail.xml:1425(para)
21994
22508
msgid ""
21995
22509
"Additionally, you may want to adjust the following options to flag more "
21996
22510
"messages as spam:"
21997
22511
msgstr ""
21998
22512
21999
#: serverguide/C/mail.xml:1491(programlisting)
22513
#: serverguide/C/mail.xml:1429(programlisting)
22000
22514
#, no-wrap
22001
22515
msgid ""
22002
22516
"\n"
22007
22521
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
22008
22522
msgstr ""
22009
22523
22010
#: serverguide/C/mail.xml:1498(para)
22524
#: serverguide/C/mail.xml:1436(para)
22011
22525
msgid ""
22012
22526
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
22013
22527
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
22016
22530
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
22017
22531
msgstr ""
22018
22532
22019
#: serverguide/C/mail.xml:1505(programlisting)
22533
#: serverguide/C/mail.xml:1443(programlisting)
22020
22534
#, no-wrap
22021
22535
msgid ""
22022
22536
"\n"
22024
22538
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
22025
22539
msgstr ""
22026
22540
22027
#: serverguide/C/mail.xml:1510(para)
22541
#: serverguide/C/mail.xml:1448(para)
22028
22542
msgid ""
22029
22543
"If you want to cover multiple domains you can use the following in "
22030
22544
"the<filename>/etc/amavis/conf.d/50-user</filename>"
22031
22545
msgstr ""
22032
22546
22033
#: serverguide/C/mail.xml:1513(programlisting)
22547
#: serverguide/C/mail.xml:1451(programlisting)
22034
22548
#, no-wrap
22035
22549
msgid ""
22036
22550
"\n"
22037
22551
"@local_domains_acl = qw(.);\n"
22038
22552
msgstr ""
22039
22553
22040
#: serverguide/C/mail.xml:1517(para)
22554
#: serverguide/C/mail.xml:1455(para)
22041
22555
msgid ""
22042
22556
"After configuration <application>Amavisd-new</application> needs to be "
22043
22557
"restarted:"
22044
22558
msgstr ""
22045
22559
22046
#: serverguide/C/mail.xml:1521(command) serverguide/C/mail.xml:1568(command)
22560
#: serverguide/C/mail.xml:1517(command) serverguide/C/mail.xml:1564(command)
22047
22561
msgid "sudo service amavis restart"
22048
22562
msgstr ""
22049
22563
22050
#: serverguide/C/mail.xml:1524(title)
22564
#: serverguide/C/mail.xml:1462(title)
22051
22565
msgid "DKIM Whitelist"
22052
22566
msgstr ""
22053
22567
22054
#: serverguide/C/mail.xml:1526(para)
22568
#: serverguide/C/mail.xml:1464(para)
22055
22569
msgid ""
22056
22570
"<application>Amavisd-new</application> can be configured to automatically "
22057
22571
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
22059
22573
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
22060
22574
msgstr ""
22061
22575
22062
#: serverguide/C/mail.xml:1532(para)
22576
#: serverguide/C/mail.xml:1470(para)
22063
22577
msgid "There are multiple ways to configure the Whitelist for a domain:"
22064
22578
msgstr ""
22065
22579
22066
#: serverguide/C/mail.xml:1538(para)
22580
#: serverguide/C/mail.xml:1476(para)
22067
22581
msgid ""
22068
22582
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
22069
22583
"address from the \"example.com\" domain."
22070
22584
msgstr ""
22071
22585
22072
#: serverguide/C/mail.xml:1543(para)
22586
#: serverguide/C/mail.xml:1481(para)
22073
22587
msgid ""
22074
22588
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
22075
22589
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
22076
22590
"have a valid signature."
22077
22591
msgstr ""
22078
22592
22079
#: serverguide/C/mail.xml:1549(para)
22593
#: serverguide/C/mail.xml:1487(para)
22080
22594
msgid ""
22081
22595
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
22082
22596
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
22083
22597
"role=\"italic\">example.com</emphasis> the parent domain."
22084
22598
msgstr ""
22085
22599
22086
#: serverguide/C/mail.xml:1555(para)
22600
#: serverguide/C/mail.xml:1493(para)
22087
22601
msgid ""
22088
22602
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
22089
22603
"that have a valid signature from \"example.com\". This is usually used for "
22090
22604
"discussion groups that sign their messages."
22091
22605
msgstr ""
22092
22606
22093
#: serverguide/C/mail.xml:1562(para)
22607
#: serverguide/C/mail.xml:1500(para)
22094
22608
msgid ""
22095
22609
"A domain can also have multiple Whitelist configurations. After editing the "
22096
22610
"file, restart <application>amavisd-new</application>:"
22097
22611
msgstr ""
22098
22612
22099
#: serverguide/C/mail.xml:1572(para)
22613
#: serverguide/C/mail.xml:1510(para)
22100
22614
msgid ""
22101
22615
"In this context, once a domain has been added to the Whitelist the message "
22102
22616
"will not receive any anti-virus or spam filtering. This may or may not be "
22103
22617
"the intended behavior you wish for a domain."
22104
22618
msgstr ""
22105
22619
22106
#: serverguide/C/mail.xml:1582(para)
22620
#: serverguide/C/mail.xml:1520(para)
22107
22621
msgid ""
22108
22622
"For <application>Postfix</application> integration, enter the following from "
22109
22623
"a terminal prompt:"
22110
22624
msgstr ""
22111
22625
22112
#: serverguide/C/mail.xml:1586(command)
22626
#: serverguide/C/mail.xml:1524(command)
22113
22627
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
22114
22628
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
22115
22629
22116
#: serverguide/C/mail.xml:1588(para)
22630
#: serverguide/C/mail.xml:1526(para)
22117
22631
msgid ""
22118
22632
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
22119
22633
"to the end of the file:"
22120
22634
msgstr ""
22121
22635
22122
#: serverguide/C/mail.xml:1591(programlisting)
22636
#: serverguide/C/mail.xml:1587(programlisting)
22123
22637
#, no-wrap
22124
22638
msgid ""
22125
22639
"\n"
22152
22666
"_milters\n"
22153
22667
msgstr ""
22154
22668
22155
#: serverguide/C/mail.xml:1618(para)
22669
#: serverguide/C/mail.xml:1556(para)
22156
22670
msgid ""
22157
22671
"Also add the following two lines immediately below the "
22158
22672
"<emphasis>\"pickup\"</emphasis> transport service:"
22159
22673
msgstr ""
22160
22674
22161
#: serverguide/C/mail.xml:1621(programlisting)
22675
#: serverguide/C/mail.xml:1559(programlisting)
22162
22676
#, no-wrap
22163
22677
msgid ""
22164
22678
"\n"
22169
22683
" -o content_filter=\n"
22170
22684
" -o receive_override_options=no_header_body_checks\n"
22171
22685
22172
#: serverguide/C/mail.xml:1625(para)
22686
#: serverguide/C/mail.xml:1563(para)
22173
22687
msgid ""
22174
22688
"This will prevent messages that are generated to report on spam from being "
22175
22689
"classified as spam."
22176
22690
msgstr ""
22177
22691
22178
#: serverguide/C/mail.xml:1628(para)
22692
#: serverguide/C/mail.xml:1566(para)
22179
22693
msgid "Now restart <application>Postfix</application>:"
22180
22694
msgstr "现在重启 <application>Postfix</application>:"
22181
22695
22182
#: serverguide/C/mail.xml:1634(para)
22696
#: serverguide/C/mail.xml:1572(para)
22183
22697
msgid "Content filtering with spam and virus detection is now enabled."
22184
22698
msgstr ""
22185
22699
22186
#: serverguide/C/mail.xml:1640(title)
22700
#: serverguide/C/mail.xml:1578(title)
22187
22701
msgid "Amavisd-new and Spamassassin"
22188
22702
msgstr ""
22189
22703
22190
#: serverguide/C/mail.xml:1642(para)
22704
#: serverguide/C/mail.xml:1580(para)
22191
22705
msgid ""
22192
22706
"When integrating <application>Amavisd-new</application> with "
22193
22707
"<application>Spamassassin</application>, if you choose to disable the bayes "
22198
22712
"<application>cron</application> job."
22199
22713
msgstr ""
22200
22714
22201
#: serverguide/C/mail.xml:1649(para)
22715
#: serverguide/C/mail.xml:1587(para)
22202
22716
msgid "There are several ways to handle this situation:"
22203
22717
msgstr ""
22204
22718
22205
#: serverguide/C/mail.xml:1655(para)
22719
#: serverguide/C/mail.xml:1593(para)
22206
22720
msgid "Configure your MDA to filter messages you do not wish to see."
22207
22721
msgstr ""
22208
22722
22209
#: serverguide/C/mail.xml:1660(para)
22723
#: serverguide/C/mail.xml:1598(para)
22210
22724
msgid ""
22211
22725
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
22212
22726
"<emphasis>use_bayes 0</emphasis>. For example, edit "
22214
22728
"the top before the <emphasis>test</emphasis> statements:"
22215
22729
msgstr ""
22216
22730
22217
#: serverguide/C/mail.xml:1664(programlisting)
22731
#: serverguide/C/mail.xml:1602(programlisting)
22218
22732
#, no-wrap
22219
22733
msgid ""
22220
22734
"\n"
22222
22736
"exit 0\n"
22223
22737
msgstr ""
22224
22738
22225
#: serverguide/C/mail.xml:1674(para)
22739
#: serverguide/C/mail.xml:1612(para)
22226
22740
msgid ""
22227
22741
"First, test that the <application>Amavisd-new</application> SMTP is "
22228
22742
"listening:"
22229
22743
msgstr ""
22230
22744
22231
#: serverguide/C/mail.xml:1677(programlisting)
22745
#: serverguide/C/mail.xml:1615(programlisting)
22232
22746
#, no-wrap
22233
22747
msgid ""
22234
22748
"\n"
22240
22754
"^]\n"
22241
22755
msgstr ""
22242
22756
22243
#: serverguide/C/mail.xml:1685(para)
22757
#: serverguide/C/mail.xml:1623(para)
22244
22758
msgid ""
22245
22759
"In the Header of messages that go through the content filter you should see:"
22246
22760
msgstr ""
22247
22761
22248
#: serverguide/C/mail.xml:1688(programlisting)
22762
#: serverguide/C/mail.xml:1626(programlisting)
22249
22763
#, no-wrap
22250
22764
msgid ""
22251
22765
"\n"
22262
22776
"BAYES_00\n"
22263
22777
"X-Spam-Level: \n"
22264
22778
22265
#: serverguide/C/mail.xml:1695(para)
22779
#: serverguide/C/mail.xml:1633(para)
22266
22780
msgid ""
22267
22781
"Your output will vary, but the important thing is that there are <emphasis>X-"
22268
22782
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
22269
22783
msgstr ""
22270
22784
22271
#: serverguide/C/mail.xml:1703(para)
22785
#: serverguide/C/mail.xml:1641(para)
22272
22786
msgid ""
22273
22787
"The best way to figure out why something is going wrong is to check the log "
22274
22788
"files."
22275
22789
msgstr ""
22276
22790
22277
#: serverguide/C/mail.xml:1708(para)
22791
#: serverguide/C/mail.xml:1646(para)
22278
22792
msgid ""
22279
22793
"For instructions on <application>Postfix</application> logging see the <xref "
22280
22794
"linkend=\"postfix-troubleshooting\"/> section."
22281
22795
msgstr ""
22282
22796
22283
#: serverguide/C/mail.xml:1714(para)
22797
#: serverguide/C/mail.xml:1652(para)
22284
22798
msgid ""
22285
22799
"<application>Amavisd-new</application> uses "
22286
22800
"<application>Syslog</application> to send messages to "
22290
22804
"1 to 5."
22291
22805
msgstr ""
22292
22806
22293
#: serverguide/C/mail.xml:1719(programlisting)
22807
#: serverguide/C/mail.xml:1657(programlisting)
22294
22808
#, no-wrap
22295
22809
msgid ""
22296
22810
"\n"
22299
22813
"\n"
22300
22814
"$log_level = 2;\n"
22301
22815
22302
#: serverguide/C/mail.xml:1723(para)
22816
#: serverguide/C/mail.xml:1661(para)
22303
22817
msgid ""
22304
22818
"When the <application>Amavisd-new</application> log output is increased "
22305
22819
"<application>Spamassassin</application> log output is also increased."
22306
22820
msgstr ""
22307
22821
22308
#: serverguide/C/mail.xml:1730(para)
22822
#: serverguide/C/mail.xml:1668(para)
22309
22823
msgid ""
22310
22824
"The <application>ClamAV</application> log level can be increased by editing "
22311
22825
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
22312
22826
msgstr ""
22313
22827
22314
#: serverguide/C/mail.xml:1734(programlisting)
22828
#: serverguide/C/mail.xml:1672(programlisting)
22315
22829
#, no-wrap
22316
22830
msgid ""
22317
22831
"\n"
22318
22832
"LogVerbose true\n"
22319
22833
msgstr ""
22320
22834
22321
#: serverguide/C/mail.xml:1737(para)
22835
#: serverguide/C/mail.xml:1675(para)
22322
22836
msgid ""
22323
22837
"By default <application>ClamAV</application> will send log messages to "
22324
22838
"<filename>/var/log/clamav/clamav.log</filename>."
22325
22839
msgstr ""
22326
22840
22327
#: serverguide/C/mail.xml:1743(para)
22841
#: serverguide/C/mail.xml:1681(para)
22328
22842
msgid ""
22329
22843
"After changing an applications log settings remember to restart the service "
22330
22844
"for the new settings to take affect. Also, once the issue you are "
22332
22846
"back to normal."
22333
22847
msgstr ""
22334
22848
22335
#: serverguide/C/mail.xml:1751(para)
22849
#: serverguide/C/mail.xml:1689(para)
22336
22850
msgid "For more information on filtering mail see the following links:"
22337
22851
msgstr ""
22338
22852
22339
#: serverguide/C/mail.xml:1757(ulink)
22853
#: serverguide/C/mail.xml:1695(ulink)
22340
22854
msgid "Amavisd-new Documentation"
22341
22855
msgstr ""
22342
22856
22343
#: serverguide/C/mail.xml:1761(para)
22857
#: serverguide/C/mail.xml:1699(para)
22344
22858
msgid ""
22345
22859
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
22346
22860
"Documentation</ulink> and <ulink "
22347
22861
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
22348
22862
msgstr ""
22349
22863
22350
#: serverguide/C/mail.xml:1768(ulink)
22864
#: serverguide/C/mail.xml:1706(ulink)
22351
22865
msgid "Spamassassin Wiki"
22352
22866
msgstr "Spamassassin 维基"
22353
22867
22354
#: serverguide/C/mail.xml:1773(ulink)
22868
#: serverguide/C/mail.xml:1711(ulink)
22355
22869
msgid "Pyzor Homepage"
22356
22870
msgstr "Pyzor 主页"
22357
22871
22358
#: serverguide/C/mail.xml:1778(ulink)
22872
#: serverguide/C/mail.xml:1716(ulink)
22359
22873
msgid "Razor Homepage"
22360
22874
msgstr "Razor 主页"
22361
22875
22362
#: serverguide/C/mail.xml:1783(ulink)
22876
#: serverguide/C/mail.xml:1721(ulink)
22363
22877
msgid "DKIM.org"
22364
22878
msgstr ""
22365
22879
22366
#: serverguide/C/mail.xml:1788(ulink)
22880
#: serverguide/C/mail.xml:1726(ulink)
22367
22881
msgid "Postfix Amavis New"
22368
22882
msgstr ""
22369
22883
22370
#: serverguide/C/mail.xml:1792(para)
22884
#: serverguide/C/mail.xml:1730(para)
22371
22885
msgid ""
22372
22886
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
22373
22887
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22527
23041
msgstr ""
22528
23042
22529
23043
#: serverguide/C/lamp-applications.xml:144(command)
22530
msgid "sudo chown -R www-data.www-data mywiki"
23044
msgid "sudo chown -R www-data:www-data mywiki"
22531
23045
msgstr ""
22532
23046
22533
23047
#: serverguide/C/lamp-applications.xml:145(command)
22637
23151
"当您配置完 <application>apache2</application> web 服务器,要使其能运行您的 Wiki "
22638
23152
"应用程序,您需要重启它。您可以运行如下命令来重启 <application>apache2</application> web 服务器:"
22639
23153
22640
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1246(title)
23154
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
22641
23155
msgid "Verification"
22642
23156
msgstr "验证"
22643
23157
22719
23233
#: serverguide/C/lamp-applications.xml:301(para)
22720
23234
msgid ""
22721
23235
"The Apache configuration file <filename>mediawiki.conf</filename> for "
22722
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
22723
"directory. You should uncomment the following line in this file to access "
22724
"MediaWiki application."
23236
"<application>MediaWiki</application> is installed in "
23237
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
23238
"<application>MediaWiki</application>, uncomment the following line in the "
23239
"file."
22725
23240
msgstr ""
22726
23241
22727
23242
#: serverguide/C/lamp-applications.xml:309(screen)
22731
23246
"# Alias /mediawiki /var/lib/mediawiki\n"
22732
23247
msgstr ""
22733
23248
22734
#: serverguide/C/lamp-applications.xml:313(para)
22735
msgid ""
22736
"After you uncomment the above line, restart Apache server and access "
22737
"MediaWiki using the following url:"
22738
msgstr ""
22739
22740
#: serverguide/C/lamp-applications.xml:318(programlisting)
22741
#, no-wrap
22742
msgid ""
22743
"\n"
22744
"http://localhost/mediawiki/config/index.php\n"
22745
msgstr ""
22746
"\n"
22747
"http://localhost/mediawiki/config/index.php\n"
22748
22749
#: serverguide/C/lamp-applications.xml:323(para)
22750
msgid ""
22751
"Please read the <quote>Checking environment...</quote> section in this page. "
22752
"You should be able to fix many issues by carefully reading this section."
22753
msgstr "请阅读本页中的 <quote>检查环境...</quote> 部分。通过仔细阅读这部分您应当能够解决许多问题。"
23249
#: serverguide/C/lamp-applications.xml:312(para)
23250
msgid ""
23251
"The <application>MediaWiki</application> configuration also needs to be "
23252
"enabled."
23253
msgstr ""
23254
23255
#: serverguide/C/lamp-applications.xml:316(command)
23256
msgid "sudo a2enconf mediawiki.conf"
23257
msgstr ""
23258
23259
#: serverguide/C/lamp-applications.xml:319(para)
23260
msgid "Restart Apache server."
23261
msgstr ""
23262
23263
#: serverguide/C/lamp-applications.xml:326(para)
23264
msgid ""
23265
"Access <application>MediaWiki</application> by visiting <ulink "
23266
"url=\"http://localhost/mediawiki/mw-"
23267
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
23268
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23269
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23270
"config/index.php</ulink> if your server has no GUI.)"
23271
msgstr ""
23272
23273
#: serverguide/C/lamp-applications.xml:334(para)
23274
msgid ""
23275
"Please read the <quote>Environmental checks</quote> section of the "
23276
"configuration page. You should be able to fix many issues by carefully "
23277
"reading this section."
23278
msgstr ""
22754
23279
22755
23280
#: serverguide/C/lamp-applications.xml:330(para)
22756
23281
msgid ""
22810
23335
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22811
23336
msgstr "详情请参阅 <ulink url=\"http://www.mediawiki.org\">MediaWiki</ulink> 网站。"
22812
23337
22813
#: serverguide/C/lamp-applications.xml:383(para)
23338
#: serverguide/C/lamp-applications.xml:394(para)
22814
23339
msgid ""
22815
23340
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22816
23341
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22855
23380
"<application>Apache2</application> for the web server."
22856
23381
msgstr ""
22857
23382
22858
#: serverguide/C/lamp-applications.xml:425(para)
23383
#: serverguide/C/lamp-applications.xml:436(para)
22859
23384
msgid ""
22860
23385
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
22861
23386
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
22949
23474
"Wiki</ulink> page."
22950
23475
msgstr ""
22951
23476
22952
#: serverguide/C/lamp-applications.xml:506(title)
23477
#: serverguide/C/lamp-applications.xml:517(title)
22953
23478
msgid "WordPress"
22954
23479
msgstr ""
22955
23480
22956
#: serverguide/C/lamp-applications.xml:507(para)
23481
#: serverguide/C/lamp-applications.xml:518(para)
22957
23482
msgid ""
22958
23483
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22959
23484
"licensed under the GNU GPLv2."
22960
23485
msgstr ""
22961
23486
22962
#: serverguide/C/lamp-applications.xml:513(para)
23487
#: serverguide/C/lamp-applications.xml:524(para)
22963
23488
msgid ""
22964
23489
"To install <application>WordPress</application>, run the following comand in "
22965
23490
"the command prompt:"
22966
23491
msgstr ""
22967
23492
22968
#: serverguide/C/lamp-applications.xml:518(command)
23493
#: serverguide/C/lamp-applications.xml:529(command)
22969
23494
msgid "sudo apt-get install wordpress"
22970
23495
msgstr ""
22971
23496
22972
#: serverguide/C/lamp-applications.xml:521(para)
23497
#: serverguide/C/lamp-applications.xml:532(para)
22973
23498
msgid ""
22974
23499
"You should also install <application>apache2</application> web server and "
22975
23500
"<application>mysql</application> server. For installing "
22980
23505
"linkend=\"mysql\"/> section."
22981
23506
msgstr ""
22982
23507
22983
#: serverguide/C/lamp-applications.xml:535(para)
23508
#: serverguide/C/lamp-applications.xml:546(para)
22984
23509
msgid ""
22985
23510
"For configuring your first <application>WordPress</application> application, "
22986
23511
"configure an apache site. Open <filename>/etc/apache2/sites-"
22987
23512
"available/wordpress.conf</filename> and write the following lines:"
22988
23513
msgstr ""
22989
23514
22990
#: serverguide/C/lamp-applications.xml:542(programlisting)
23515
#: serverguide/C/lamp-applications.xml:553(programlisting)
22991
23516
#, no-wrap
22992
23517
msgid ""
22993
23518
"\n"
23007
23532
" "
23008
23533
msgstr ""
23009
23534
23010
#: serverguide/C/lamp-applications.xml:558(para)
23535
#: serverguide/C/lamp-applications.xml:569(para)
23011
23536
msgid "Enable this new <application>WordPress</application> site"
23012
23537
msgstr ""
23013
23538
23014
#: serverguide/C/lamp-applications.xml:561(command)
23539
#: serverguide/C/lamp-applications.xml:572(command)
23015
23540
msgid "sudo a2ensite wordpress"
23016
23541
msgstr ""
23017
23542
23018
#: serverguide/C/lamp-applications.xml:564(para)
23543
#: serverguide/C/lamp-applications.xml:575(para)
23019
23544
msgid ""
23020
23545
"Once you configure the <application>apache2</application> web server and "
23021
23546
"make it ready for your <application>WordPress</application> application, you "
23023
23548
"<application>apache2</application> web server:"
23024
23549
msgstr ""
23025
23550
23026
#: serverguide/C/lamp-applications.xml:576(para)
23551
#: serverguide/C/lamp-applications.xml:587(para)
23027
23552
msgid ""
23028
23553
"To facilitate multiple <application>WordPress</application> installations, "
23029
23554
"the name of this configuration file is based on the Host header of the HTTP "
23036
23561
"NAME_OF_YOUR_VIRTUAL_HOST.php."
23037
23562
msgstr ""
23038
23563
23039
#: serverguide/C/lamp-applications.xml:587(para)
23564
#: serverguide/C/lamp-applications.xml:598(para)
23040
23565
msgid ""
23041
23566
"Once the configuration file is written, it is up to you to choose a "
23042
23567
"convention for username and password to mysql for each "
23044
23569
"shows only one, localhost, example."
23045
23570
msgstr ""
23046
23571
23047
#: serverguide/C/lamp-applications.xml:594(para)
23572
#: serverguide/C/lamp-applications.xml:605(para)
23048
23573
msgid ""
23049
23574
"Now configure <application>WordPress</application> to use a mysql database. "
23050
23575
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
23051
23576
"the following lines:"
23052
23577
msgstr ""
23053
23578
23054
#: serverguide/C/lamp-applications.xml:600(programlisting)
23579
#: serverguide/C/lamp-applications.xml:611(programlisting)
23055
23580
#, no-wrap
23056
23581
msgid ""
23057
23582
"\n"
23064
23589
"?>\n"
23065
23590
msgstr ""
23066
23591
23067
#: serverguide/C/lamp-applications.xml:609(para)
23592
#: serverguide/C/lamp-applications.xml:620(para)
23068
23593
msgid ""
23069
23594
"Now create this mysql database. Open a temporary file with mysql commands "
23070
23595
"<filename>wordpress.sql</filename> and write the following lines:"
23071
23596
msgstr ""
23072
23597
23073
#: serverguide/C/lamp-applications.xml:612(programlisting)
23598
#: serverguide/C/lamp-applications.xml:623(programlisting)
23074
23599
#, no-wrap
23075
23600
msgid ""
23076
23601
"\n"
23082
23607
"FLUSH PRIVILEGES;\n"
23083
23608
msgstr ""
23084
23609
23085
#: serverguide/C/lamp-applications.xml:620(para)
23610
#: serverguide/C/lamp-applications.xml:631(para)
23086
23611
msgid "Execute these commands."
23087
23612
msgstr ""
23088
23613
23089
#: serverguide/C/lamp-applications.xml:622(command)
23614
#: serverguide/C/lamp-applications.xml:633(command)
23090
23615
msgid ""
23091
23616
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
23092
23617
msgstr ""
23093
23618
23094
#: serverguide/C/lamp-applications.xml:624(para)
23619
#: serverguide/C/lamp-applications.xml:635(para)
23095
23620
msgid ""
23096
23621
"Your new <application>WordPress</application> can now be configured by "
23097
23622
"visiting <ulink url=\"http://localhost/blog/wp-"
23104
23629
"mail and click Install WordPress."
23105
23630
msgstr ""
23106
23631
23107
#: serverguide/C/lamp-applications.xml:631(para)
23632
#: serverguide/C/lamp-applications.xml:642(para)
23108
23633
msgid ""
23109
23634
"Note the generated password (if applicable) and click the login password. "
23110
23635
"Your <application>WordPress</application> is now ready for use."
23111
23636
msgstr ""
23112
23637
23113
#: serverguide/C/lamp-applications.xml:641(ulink)
23638
#: serverguide/C/lamp-applications.xml:652(ulink)
23114
23639
msgid "WordPress.org Codex"
23115
23640
msgstr ""
23116
23641
23117
#: serverguide/C/lamp-applications.xml:646(ulink)
23642
#: serverguide/C/lamp-applications.xml:657(ulink)
23118
23643
msgid "Ubuntu Wiki WordPress"
23119
23644
msgstr ""
23120
23645
23209
23734
msgid "Install Type"
23210
23735
msgstr "安装类型"
23211
23736
23212
#: serverguide/C/installation.xml:36(para)
23737
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
23213
23738
msgid "CPU"
23214
23739
msgstr ""
23215
23740
23241
23766
msgid "512 megabytes"
23242
23767
msgstr ""
23243
23768
23244
#: serverguide/C/installation.xml:50(para)
23769
#: serverguide/C/installation.xml:51(para)
23245
23770
msgid "1 gigabyte"
23246
23771
msgstr ""
23247
23772
23253
23778
msgid "Server (Minimal)"
23254
23779
msgstr ""
23255
23780
23256
#: serverguide/C/installation.xml:55(para)
23781
#: serverguide/C/installation.xml:48(para)
23257
23782
msgid "300 megahertz"
23258
23783
msgstr ""
23259
23784
23269
23794
msgid "1.4 gigabytes"
23270
23795
msgstr ""
23271
23796
23272
#: serverguide/C/installation.xml:64(para)
23797
#: serverguide/C/installation.xml:56(para)
23273
23798
msgid ""
23274
23799
"The Server Edition provides a common base for all sorts of server "
23275
23800
"applications. It is a minimalist design providing a platform for the desired "
23276
23801
"services, such as file/print services, web hosting, email hosting, etc."
23277
23802
msgstr ""
23278
23803
23279
#: serverguide/C/installation.xml:72(title)
23804
#: serverguide/C/installation.xml:70(title)
23280
23805
msgid "Server and Desktop Differences"
23281
23806
msgstr ""
23282
23807
23283
#: serverguide/C/installation.xml:73(para)
23808
#: serverguide/C/installation.xml:71(para)
23284
23809
msgid ""
23285
23810
"There are a few differences between the <emphasis>Ubuntu Server "
23286
23811
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
23296
23821
"environment in the Server Edition and the installation process."
23297
23822
msgstr ""
23298
23823
23299
#: serverguide/C/installation.xml:86(title)
23824
#: serverguide/C/installation.xml:84(title)
23300
23825
msgid "Kernel Differences:"
23301
23826
msgstr ""
23302
23827
23303
#: serverguide/C/installation.xml:87(para)
23828
#: serverguide/C/installation.xml:85(para)
23304
23829
msgid ""
23305
23830
"Ubuntu version 10.10 and prior, actually had different kernels for the "
23306
23831
"server and desktop editions. Ubuntu no longer has separate -server and -"
23308
23833
"flavor to help reduce the maintenance burden over the life of the release."
23309
23834
msgstr ""
23310
23835
23311
#: serverguide/C/installation.xml:92(para)
23836
#: serverguide/C/installation.xml:90(para)
23312
23837
msgid ""
23313
23838
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
23314
23839
"limited by memory addressing space."
23322
23847
"great resource on the options available."
23323
23848
msgstr ""
23324
23849
23325
#: serverguide/C/installation.xml:106(title)
23850
#: serverguide/C/installation.xml:104(title)
23326
23851
msgid "Backing Up"
23327
23852
msgstr "备份"
23328
23853
23329
#: serverguide/C/installation.xml:109(para)
23854
#: serverguide/C/installation.xml:107(para)
23330
23855
msgid ""
23331
23856
"Before installing <application>Ubuntu Server Edition</application> you "
23332
23857
"should make sure all data on the system is backed up. See <xref "
23333
23858
"linkend=\"backups\"/> for backup options."
23334
23859
msgstr ""
23335
23860
23336
#: serverguide/C/installation.xml:113(para)
23861
#: serverguide/C/installation.xml:111(para)
23337
23862
msgid ""
23338
23863
"If this is not the first time an operating system has been installed on your "
23339
23864
"computer, it is likely you will need to re-partition your disk to make room "
23340
23865
"for Ubuntu."
23341
23866
msgstr ""
23342
23867
23343
#: serverguide/C/installation.xml:117(para)
23868
#: serverguide/C/installation.xml:115(para)
23344
23869
msgid ""
23345
23870
"Any time you partition your disk, you should be prepared to lose everything "
23346
23871
"on the disk should you make a mistake or something goes wrong during "
23348
23873
"have seen years of use, but they also perform destructive actions."
23349
23874
msgstr ""
23350
23875
23351
#: serverguide/C/installation.xml:129(title)
23876
#: serverguide/C/installation.xml:127(title)
23352
23877
msgid "Installing from CD"
23353
23878
msgstr "从 CD 安装"
23354
23879
23355
#: serverguide/C/installation.xml:130(para)
23880
#: serverguide/C/installation.xml:128(para)
23356
23881
msgid ""
23357
23882
"The basic steps to install Ubuntu Server Edition from CD are the same as "
23358
23883
"those for installing any operating system from CD. Unlike the "
23361
23886
"Server Edition uses a console menu based process instead."
23362
23887
msgstr ""
23363
23888
23364
#: serverguide/C/installation.xml:137(para)
23889
#: serverguide/C/installation.xml:135(para)
23365
23890
msgid ""
23366
23891
"First, download and burn the appropriate ISO file from the <ulink "
23367
23892
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
23368
23893
"site</ulink>."
23369
23894
msgstr ""
23370
23895
23371
#: serverguide/C/installation.xml:143(para)
23896
#: serverguide/C/installation.xml:141(para)
23372
23897
msgid "Boot the system from the CD-ROM drive."
23373
23898
msgstr ""
23374
23899
23375
#: serverguide/C/installation.xml:148(para)
23900
#: serverguide/C/installation.xml:146(para)
23376
23901
msgid "At the boot prompt you will be asked to select a language."
23377
23902
msgstr ""
23378
23903
23379
#: serverguide/C/installation.xml:153(para)
23904
#: serverguide/C/installation.xml:151(para)
23380
23905
msgid ""
23381
23906
"From the main boot menu there are some additional options to install Ubuntu "
23382
23907
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
23385
23910
"install."
23386
23911
msgstr ""
23387
23912
23388
#: serverguide/C/installation.xml:160(para)
23913
#: serverguide/C/installation.xml:158(para)
23389
23914
msgid ""
23390
23915
"The installer asks for which language it should use. Afterwards, you are "
23391
23916
"asked to select your location."
23392
23917
msgstr ""
23393
23918
23394
#: serverguide/C/installation.xml:166(para)
23919
#: serverguide/C/installation.xml:164(para)
23395
23920
msgid ""
23396
23921
"Next, the installation process begins by asking for your keyboard layout. "
23397
23922
"You can ask the installer to attempt auto-detecting it, or you can select it "
23398
23923
"manually from a list."
23399
23924
msgstr ""
23400
23925
23401
#: serverguide/C/installation.xml:172(para)
23926
#: serverguide/C/installation.xml:170(para)
23402
23927
msgid ""
23403
23928
"The installer then discovers your hardware configuration, and configures the "
23404
23929
"network settings using DHCP. If you do not wish to use DHCP at the next "
23410
23935
msgid "Next, the installer asks for the system's hostname."
23411
23936
msgstr ""
23412
23937
23413
#: serverguide/C/installation.xml:184(para)
23938
#: serverguide/C/installation.xml:195(para)
23414
23939
msgid ""
23415
23940
"A new user is set up; this user will have <emphasis>root</emphasis> access "
23416
23941
"through the <application>sudo</application> utility."
23417
23942
msgstr ""
23418
23943
23419
#: serverguide/C/installation.xml:190(para)
23944
#: serverguide/C/installation.xml:201(para)
23420
23945
msgid ""
23421
23946
"After the user settings have been completed, you will be asked to encrypt "
23422
23947
"your <filename role=\"directory\">home</filename> directory."
23426
23951
msgid "Next, the installer asks for the system's Time Zone."
23427
23952
msgstr ""
23428
23953
23429
#: serverguide/C/installation.xml:201(para)
23954
#: serverguide/C/installation.xml:182(para)
23430
23955
msgid ""
23431
23956
"You can then choose from several options to configure the hard drive layout. "
23432
23957
"Afterwards you are asked for which disk to install to. You may get "
23436
23961
"linkend=\"advanced-installation\"/>."
23437
23962
msgstr ""
23438
23963
23439
#: serverguide/C/installation.xml:209(para)
23964
#: serverguide/C/installation.xml:190(para)
23440
23965
msgid "The Ubuntu base system is then installed."
23441
23966
msgstr ""
23442
23967
23443
#: serverguide/C/installation.xml:214(para)
23968
#: serverguide/C/installation.xml:207(para)
23444
23969
msgid ""
23445
23970
"The next step in the installation process is to decide how you want to "
23446
23971
"update the system. There are three options:"
23447
23972
msgstr ""
23448
23973
23449
#: serverguide/C/installation.xml:220(para)
23974
#: serverguide/C/installation.xml:213(para)
23450
23975
msgid ""
23451
23976
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
23452
23977
"log into the machine and manually install updates."
23453
23978
msgstr ""
23454
23979
23455
#: serverguide/C/installation.xml:226(para)
23980
#: serverguide/C/installation.xml:219(para)
23456
23981
msgid ""
23457
23982
"<emphasis>Install security updates automatically</emphasis>: this will "
23458
23983
"install the <application>unattended-upgrades</application> package, which "
23460
23985
"For more details see <xref linkend=\"automatic-updates\"/>."
23461
23986
msgstr ""
23462
23987
23463
#: serverguide/C/installation.xml:233(para)
23988
#: serverguide/C/installation.xml:226(para)
23464
23989
msgid ""
23465
23990
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
23466
23991
"service provided by Canonical to help manage your Ubuntu machines. See the "
23468
23993
"site for details."
23469
23994
msgstr ""
23470
23995
23471
#: serverguide/C/installation.xml:242(para)
23996
#: serverguide/C/installation.xml:235(para)
23472
23997
msgid ""
23473
23998
"You now have the option to install, or not install, several package tasks. "
23474
23999
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
23476
24001
"install. For more information see <xref linkend=\"aptitude\"/>."
23477
24002
msgstr ""
23478
24003
23479
#: serverguide/C/installation.xml:250(para)
24004
#: serverguide/C/installation.xml:243(para)
23480
24005
msgid "Finally, the last step before rebooting is to set the clock to UTC."
23481
24006
msgstr ""
23482
24007
23483
#: serverguide/C/installation.xml:256(para)
24008
#: serverguide/C/installation.xml:249(para)
23484
24009
msgid ""
23485
24010
"If at any point during installation you are not satisfied by the default "
23486
24011
"setting, use the \"Go Back\" function at any prompt to be brought to a "
23488
24013
"settings."
23489
24014
msgstr ""
23490
24015
23491
#: serverguide/C/installation.xml:261(para)
24016
#: serverguide/C/installation.xml:254(para)
23492
24017
msgid ""
23493
24018
"At some point during the installation process you may want to read the help "
23494
24019
"screen provided by the installation system. To do this, press F1."
23501
24026
"Installation Guide</ulink>."
23502
24027
msgstr ""
23503
24028
23504
#: serverguide/C/installation.xml:272(title)
24029
#: serverguide/C/installation.xml:265(title)
23505
24030
msgid "Package Tasks"
23506
24031
msgstr ""
23507
24032
23508
#: serverguide/C/installation.xml:273(para)
24033
#: serverguide/C/installation.xml:266(para)
23509
24034
msgid ""
23510
24035
"During the Server Edition installation you have the option of installing "
23511
24036
"additional packages from the CD. The packages are grouped by the type of "
23512
24037
"service they provide."
23513
24038
msgstr ""
23514
24039
23515
#: serverguide/C/installation.xml:279(para)
24040
#: serverguide/C/installation.xml:272(para)
23516
24041
msgid "DNS server: Selects the BIND DNS server and its documentation."
23517
24042
msgstr ""
23518
24043
23519
#: serverguide/C/installation.xml:284(para)
24044
#: serverguide/C/installation.xml:277(para)
23520
24045
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23521
24046
msgstr ""
23522
24047
23523
#: serverguide/C/installation.xml:289(para)
24048
#: serverguide/C/installation.xml:282(para)
23524
24049
msgid ""
23525
24050
"Mail server: This task selects a variety of packages useful for a general "
23526
24051
"purpose mail server system."
23527
24052
msgstr ""
23528
24053
23529
#: serverguide/C/installation.xml:294(para)
24054
#: serverguide/C/installation.xml:287(para)
23530
24055
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23531
24056
msgstr ""
23532
24057
23533
#: serverguide/C/installation.xml:299(para)
24058
#: serverguide/C/installation.xml:292(para)
23534
24059
msgid ""
23535
24060
"PostgreSQL database: This task selects client and server packages for the "
23536
24061
"PostgreSQL database."
23537
24062
msgstr ""
23538
24063
23539
#: serverguide/C/installation.xml:304(para)
24064
#: serverguide/C/installation.xml:297(para)
23540
24065
msgid "Print server: This task sets up your system to be a print server."
23541
24066
msgstr ""
23542
24067
23543
#: serverguide/C/installation.xml:309(para)
24068
#: serverguide/C/installation.xml:302(para)
23544
24069
msgid ""
23545
24070
"Samba File server: This task sets up your system to be a Samba file server, "
23546
24071
"which is especially suitable in networks with both Windows and Linux systems."
23547
24072
msgstr ""
23548
24073
23549
#: serverguide/C/installation.xml:315(para)
24074
#: serverguide/C/installation.xml:308(para)
23550
24075
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23551
24076
msgstr ""
23552
24077
23553
#: serverguide/C/installation.xml:320(para)
24078
#: serverguide/C/installation.xml:313(para)
23554
24079
msgid ""
23555
24080
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23556
24081
msgstr ""
23557
24082
23558
#: serverguide/C/installation.xml:325(para)
24083
#: serverguide/C/installation.xml:318(para)
23559
24084
msgid ""
23560
24085
"Manually select packages: Executes <application>aptitude</application> "
23561
24086
"allowing you to individually select packages."
23562
24087
msgstr ""
23563
24088
23564
#: serverguide/C/installation.xml:330(para)
24089
#: serverguide/C/installation.xml:323(para)
23565
24090
msgid ""
23566
24091
"Installing the package groups is accomplished using the "
23567
24092
"<application>tasksel</application> utility. One of the important differences "
23572
24097
"a fully integrated service."
23573
24098
msgstr ""
23574
24099
23575
#: serverguide/C/installation.xml:337(para)
24100
#: serverguide/C/installation.xml:330(para)
23576
24101
msgid ""
23577
24102
"Once the installation process has finished you can view a list of available "
23578
24103
"tasks by entering the following from a terminal prompt:"
23579
24104
msgstr ""
23580
24105
23581
#: serverguide/C/installation.xml:342(command)
24106
#: serverguide/C/installation.xml:335(command)
23582
24107
msgid "tasksel --list-tasks"
23583
24108
msgstr "tasksel --list-tasks"
23584
24109
23585
#: serverguide/C/installation.xml:345(para)
24110
#: serverguide/C/installation.xml:338(para)
23586
24111
msgid ""
23587
24112
"The output will list tasks from other Ubuntu based distributions such as "
23588
24113
"Kubuntu and Edubuntu. Note that you can also invoke the "
23590
24115
"the different tasks available."
23591
24116
msgstr ""
23592
24117
23593
#: serverguide/C/installation.xml:351(para)
24118
#: serverguide/C/installation.xml:344(para)
23594
24119
msgid ""
23595
24120
"You can view a list of which packages are installed with each task using the "
23596
24121
"<emphasis>--task-packages</emphasis> option. For example, to list the "
23598
24123
"following:"
23599
24124
msgstr ""
23600
24125
23601
#: serverguide/C/installation.xml:356(command)
24126
#: serverguide/C/installation.xml:349(command)
23602
24127
msgid "tasksel --task-packages dns-server"
23603
24128
msgstr "tasksel --task-packages dns-server"
23604
24129
23605
#: serverguide/C/installation.xml:358(para)
24130
#: serverguide/C/installation.xml:351(para)
23606
24131
msgid "The output of the command should list:"
23607
24132
msgstr ""
23608
24133
23609
#: serverguide/C/installation.xml:361(programlisting)
24134
#: serverguide/C/installation.xml:354(programlisting)
23610
24135
#, no-wrap
23611
24136
msgid ""
23612
24137
"\n"
23615
24140
"bind9\n"
23616
24141
msgstr ""
23617
24142
23618
#: serverguide/C/installation.xml:366(para)
24143
#: serverguide/C/installation.xml:359(para)
23619
24144
msgid ""
23620
24145
"If you did not install one of the tasks during the installation process, but "
23621
24146
"for example you decide to make your new LAMP server a DNS server as well, "
23622
24147
"simply insert the installation CD and from a terminal:"
23623
24148
msgstr ""
23624
24149
23625
#: serverguide/C/installation.xml:371(command)
24150
#: serverguide/C/installation.xml:364(command)
23626
24151
msgid "sudo tasksel install dns-server"
23627
24152
msgstr "sudo tasksel install dns-server"
23628
24153
23629
#: serverguide/C/installation.xml:376(title)
24154
#: serverguide/C/installation.xml:369(title)
23630
24155
msgid "Upgrading"
23631
24156
msgstr "正在更新"
23632
24157
23633
#: serverguide/C/installation.xml:377(para)
24158
#: serverguide/C/installation.xml:370(para)
23634
24159
msgid ""
23635
24160
"There are several ways to upgrade from one Ubuntu release to another. This "
23636
24161
"section gives an overview of the recommended upgrade method."
23637
24162
msgstr ""
23638
24163
23639
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
24164
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
23640
24165
msgid "do-release-upgrade"
23641
24166
msgstr "do-release-upgrade"
23642
24167
23643
#: serverguide/C/installation.xml:382(para)
24168
#: serverguide/C/installation.xml:375(para)
23644
24169
msgid ""
23645
24170
"The recommended way to upgrade a Server Edition installation is to use the "
23646
24171
"<application>do-release-upgrade</application> utility. Part of the "
23648
24173
"graphical dependencies and is installed by default."
23649
24174
msgstr ""
23650
24175
23651
#: serverguide/C/installation.xml:387(para)
24176
#: serverguide/C/installation.xml:380(para)
23652
24177
msgid ""
23653
24178
"Debian based systems can also be upgraded by using <command>apt-get dist-"
23654
24179
"upgrade</command>. However, using <application>do-release-"
23656
24181
"system configuration changes sometimes needed between releases."
23657
24182
msgstr ""
23658
24183
23659
#: serverguide/C/installation.xml:392(para)
24184
#: serverguide/C/installation.xml:385(para)
23660
24185
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23661
24186
msgstr ""
23662
24187
23663
#: serverguide/C/installation.xml:398(para)
24188
#: serverguide/C/installation.xml:391(para)
23664
24189
msgid ""
23665
24190
"It is also possible to use <application>do-release-upgrade</application> to "
23666
24191
"upgrade to a development version of Ubuntu. To accomplish this use the "
23667
24192
"<emphasis>-d</emphasis> switch:"
23668
24193
msgstr ""
23669
24194
23670
#: serverguide/C/installation.xml:403(command)
24195
#: serverguide/C/installation.xml:396(command)
23671
24196
msgid "do-release-upgrade -d"
23672
24197
msgstr "do-release-upgrade -d"
23673
24198
23674
#: serverguide/C/installation.xml:406(para)
24199
#: serverguide/C/installation.xml:399(para)
23675
24200
msgid ""
23676
24201
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23677
24202
"for production environments."
23678
24203
msgstr ""
23679
24204
23680
#: serverguide/C/installation.xml:413(title)
24205
#: serverguide/C/installation.xml:406(title)
23681
24206
msgid "Advanced Installation"
23682
24207
msgstr ""
23683
24208
23684
#: serverguide/C/installation.xml:416(title)
24209
#: serverguide/C/installation.xml:409(title)
23685
24210
msgid "Software RAID"
23686
24211
msgstr ""
23687
24212
23688
#: serverguide/C/installation.xml:418(para)
24213
#: serverguide/C/installation.xml:411(para)
23689
24214
msgid ""
23690
24215
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23691
24216
"disks to provide different balances of increasing data reliability and/or "
23696
24221
"the drives 'invisibly')."
23697
24222
msgstr ""
23698
24223
23699
#: serverguide/C/installation.xml:426(para)
24224
#: serverguide/C/installation.xml:419(para)
23700
24225
msgid ""
23701
24226
"The RAID software included with current versions of Linux (and Ubuntu) is "
23702
24227
"based on the <application>'mdadm'</application> driver and works very well, "
23706
24231
"another for <emphasis>swap</emphasis>."
23707
24232
msgstr ""
23708
24233
23709
#: serverguide/C/installation.xml:434(title)
24234
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23710
24235
msgid "Partitioning"
23711
24236
msgstr "分区"
23712
24237
23713
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
24238
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23714
24239
msgid ""
23715
24240
"Follow the installation steps until you get to the <emphasis>Partition "
23716
24241
"disks</emphasis> step, then:"
23717
24242
msgstr ""
23718
24243
24244
#: serverguide/C/installation.xml:436(para)
24245
msgid "Select <emphasis>Manual</emphasis> as the partition method."
24246
msgstr ""
24247
23719
24248
#: serverguide/C/installation.xml:443(para)
23720
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23721
msgstr ""
23722
23723
#: serverguide/C/installation.xml:450(para)
23724
24249
msgid ""
23725
24250
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23726
24251
"partition table on this device?\"</emphasis>."
23727
24252
msgstr ""
23728
24253
24254
#: serverguide/C/installation.xml:447(para)
24255
msgid ""
24256
"Repeat this step for each drive you wish to be part of the RAID array."
24257
msgstr ""
24258
23729
24259
#: serverguide/C/installation.xml:454(para)
23730
24260
msgid ""
23731
"Repeat this step for each drive you wish to be part of the RAID array."
23732
msgstr ""
23733
23734
#: serverguide/C/installation.xml:461(para)
23735
msgid ""
23736
24261
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23737
24262
"select <emphasis>\"Create a new partition\"</emphasis>."
23738
24263
msgstr ""
23739
24264
23740
#: serverguide/C/installation.xml:468(para)
24265
#: serverguide/C/installation.xml:461(para)
23741
24266
msgid ""
23742
24267
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23743
24268
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23745
24270
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
23746
24271
msgstr ""
23747
24272
23748
#: serverguide/C/installation.xml:475(para)
24273
#: serverguide/C/installation.xml:468(para)
23749
24274
msgid ""
23750
24275
"A swap partition size of twice the available RAM capacity may not always be "
23751
24276
"desirable, especially on systems with large amounts of RAM. Calculating the "
23753
24278
"going to be used."
23754
24279
msgstr ""
23755
24280
23756
#: serverguide/C/installation.xml:484(para)
24281
#: serverguide/C/installation.xml:477(para)
23757
24282
msgid ""
23758
24283
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
23759
24284
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
23761
24286
"<emphasis>\"Done setting up partition\"</emphasis>."
23762
24287
msgstr ""
23763
24288
23764
#: serverguide/C/installation.xml:493(para)
24289
#: serverguide/C/installation.xml:486(para)
23765
24290
msgid ""
23766
24291
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
23767
24292
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
23768
24293
"partition\"</emphasis>."
23769
24294
msgstr ""
23770
24295
23771
#: serverguide/C/installation.xml:501(para)
24296
#: serverguide/C/installation.xml:494(para)
23772
24297
msgid ""
23773
24298
"Use the rest of the free space on the drive and choose "
23774
24299
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
23775
24300
msgstr ""
23776
24301
23777
#: serverguide/C/installation.xml:508(para)
24302
#: serverguide/C/installation.xml:501(para)
23778
24303
msgid ""
23779
24304
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
23780
24305
"at the top, changing it to <emphasis>\"physical volume for "
23783
24308
"<emphasis>\"Done setting up partition\"</emphasis>."
23784
24309
msgstr ""
23785
24310
23786
#: serverguide/C/installation.xml:518(para)
24311
#: serverguide/C/installation.xml:511(para)
23787
24312
msgid "Repeat steps three through eight for the other disk and partitions."
23788
24313
msgstr ""
23789
24314
23790
#: serverguide/C/installation.xml:527(title)
24315
#: serverguide/C/installation.xml:520(title)
23791
24316
msgid "RAID Configuration"
23792
24317
msgstr ""
23793
24318
24319
#: serverguide/C/installation.xml:522(para)
24320
msgid "With the partitions setup the arrays are ready to be configured:"
24321
msgstr ""
24322
23794
24323
#: serverguide/C/installation.xml:529(para)
23795
msgid "With the partitions setup the arrays are ready to be configured:"
23796
msgstr ""
23797
23798
#: serverguide/C/installation.xml:536(para)
23799
24324
msgid ""
23800
24325
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23801
24326
"Software RAID\"</emphasis> at the top."
23802
24327
msgstr ""
23803
24328
24329
#: serverguide/C/installation.xml:536(para)
24330
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
24331
msgstr ""
24332
23804
24333
#: serverguide/C/installation.xml:543(para)
23805
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
24334
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23806
24335
msgstr ""
23807
24336
23808
24337
#: serverguide/C/installation.xml:550(para)
23809
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23810
msgstr ""
23811
23812
#: serverguide/C/installation.xml:557(para)
23813
24338
msgid ""
23814
24339
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23815
24340
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23816
24341
msgstr ""
23817
24342
23818
#: serverguide/C/installation.xml:563(para)
24343
#: serverguide/C/installation.xml:556(para)
23819
24344
msgid ""
23820
24345
"In order to use <emphasis>RAID5</emphasis> you need at least "
23821
24346
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23822
24347
"<emphasis>two</emphasis> drives are required."
23823
24348
msgstr ""
23824
24349
23825
#: serverguide/C/installation.xml:572(para)
24350
#: serverguide/C/installation.xml:565(para)
23826
24351
msgid ""
23827
24352
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23828
24353
"of hard drives you have, for the array. Then select "
23829
24354
"<emphasis>\"Continue\"</emphasis>."
23830
24355
msgstr ""
23831
24356
23832
#: serverguide/C/installation.xml:580(para)
24357
#: serverguide/C/installation.xml:573(para)
23833
24358
msgid ""
23834
24359
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23835
24360
"default, then choose <emphasis>\"Continue\"</emphasis>."
23836
24361
msgstr ""
23837
24362
23838
#: serverguide/C/installation.xml:587(para)
24363
#: serverguide/C/installation.xml:580(para)
23839
24364
msgid ""
23840
24365
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23841
24366
"etc. The numbers will usually match and the different letters correspond to "
23842
24367
"different hard drives."
23843
24368
msgstr ""
23844
24369
23845
#: serverguide/C/installation.xml:592(para)
24370
#: serverguide/C/installation.xml:585(para)
23846
24371
msgid ""
23847
24372
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23848
24373
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23849
24374
"go to the next step."
23850
24375
msgstr ""
23851
24376
23852
#: serverguide/C/installation.xml:600(para)
24377
#: serverguide/C/installation.xml:593(para)
23853
24378
msgid ""
23854
24379
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23855
24380
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23856
24381
"and <emphasis>sdb2</emphasis>."
23857
24382
msgstr ""
23858
24383
23859
#: serverguide/C/installation.xml:608(para)
24384
#: serverguide/C/installation.xml:601(para)
23860
24385
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23861
24386
msgstr ""
23862
24387
23863
#: serverguide/C/installation.xml:618(title)
24388
#: serverguide/C/installation.xml:611(title)
23864
24389
msgid "Formatting"
23865
24390
msgstr ""
23866
24391
23867
#: serverguide/C/installation.xml:620(para)
24392
#: serverguide/C/installation.xml:613(para)
23868
24393
msgid ""
23869
24394
"There should now be a list of hard drives and RAID devices. The next step is "
23870
24395
"to format and set the mount point for the RAID devices. Treat the RAID "
23871
24396
"device as a local hard drive, format and mount accordingly."
23872
24397
msgstr ""
23873
24398
23874
#: serverguide/C/installation.xml:628(para)
24399
#: serverguide/C/installation.xml:621(para)
23875
24400
msgid ""
23876
24401
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23877
24402
"#0\"</emphasis> partition."
23878
24403
msgstr ""
23879
24404
23880
#: serverguide/C/installation.xml:635(para)
24405
#: serverguide/C/installation.xml:628(para)
23881
24406
msgid ""
23882
24407
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23883
24408
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23884
24409
msgstr ""
23885
24410
23886
#: serverguide/C/installation.xml:643(para)
24411
#: serverguide/C/installation.xml:636(para)
23887
24412
msgid ""
23888
24413
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23889
24414
"#1\"</emphasis> partition."
23890
24415
msgstr ""
23891
24416
23892
#: serverguide/C/installation.xml:650(para)
24417
#: serverguide/C/installation.xml:643(para)
23893
24418
msgid ""
23894
24419
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23895
24420
"journaling file system\"</emphasis>."
23896
24421
msgstr ""
23897
24422
23898
#: serverguide/C/installation.xml:657(para)
24423
#: serverguide/C/installation.xml:650(para)
23899
24424
msgid ""
23900
24425
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23901
24426
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23903
24428
"partition\"</emphasis>."
23904
24429
msgstr ""
23905
24430
24431
#: serverguide/C/installation.xml:658(para)
24432
msgid ""
24433
"Finally, select <emphasis>\"Finish partitioning and write changes to "
24434
"disk\"</emphasis>."
24435
msgstr ""
24436
23906
24437
#: serverguide/C/installation.xml:665(para)
23907
24438
msgid ""
23908
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23909
"disk\"</emphasis>."
23910
msgstr ""
23911
23912
#: serverguide/C/installation.xml:672(para)
23913
msgid ""
23914
24439
"If you choose to place the root partition on a RAID array, the installer "
23915
24440
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23916
24441
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23917
24442
msgstr ""
23918
24443
23919
#: serverguide/C/installation.xml:677(para)
24444
#: serverguide/C/installation.xml:670(para)
23920
24445
msgid "The installation process will then continue normally."
23921
24446
msgstr ""
23922
24447
23923
#: serverguide/C/installation.xml:683(title)
24448
#: serverguide/C/installation.xml:676(title)
23924
24449
msgid "Degraded RAID"
23925
24450
msgstr ""
23926
24451
23927
#: serverguide/C/installation.xml:685(para)
24452
#: serverguide/C/installation.xml:678(para)
23928
24453
msgid ""
23929
24454
"At some point in the life of the computer a disk failure event may occur. "
23930
24455
"When this happens, using Software RAID, the operating system will place the "
23931
24456
"array into what is known as a <emphasis>degraded</emphasis> state."
23932
24457
msgstr ""
23933
24458
23934
#: serverguide/C/installation.xml:690(para)
24459
#: serverguide/C/installation.xml:683(para)
23935
24460
msgid ""
23936
24461
"If the array has become degraded, due to the chance of data corruption, by "
23937
24462
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23942
24467
"Booting to a degraded array can be configured several ways:"
23943
24468
msgstr ""
23944
24469
23945
#: serverguide/C/installation.xml:701(para)
24470
#: serverguide/C/installation.xml:694(para)
23946
24471
msgid ""
23947
24472
"The <application>dpkg-reconfigure</application> utility can be used to "
23948
24473
"configure the default behavior, and during the process you will be queried "
23951
24476
"following:"
23952
24477
msgstr ""
23953
24478
23954
#: serverguide/C/installation.xml:708(command)
24479
#: serverguide/C/installation.xml:701(command)
23955
24480
msgid "sudo dpkg-reconfigure mdadm"
23956
24481
msgstr ""
23957
24482
23958
#: serverguide/C/installation.xml:714(para)
24483
#: serverguide/C/installation.xml:707(para)
23959
24484
msgid ""
23960
24485
"The <command>dpkg-reconfigure mdadm</command> process will change the "
23961
24486
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
23963
24488
"behavior, and can also be manually edited:"
23964
24489
msgstr ""
23965
24490
23966
#: serverguide/C/installation.xml:720(programlisting)
24491
#: serverguide/C/installation.xml:713(programlisting)
23967
24492
#, no-wrap
23968
24493
msgid ""
23969
24494
"\n"
23970
24495
"BOOT_DEGRADED=true\n"
23971
24496
msgstr ""
23972
24497
23973
#: serverguide/C/installation.xml:725(para)
24498
#: serverguide/C/installation.xml:718(para)
23974
24499
msgid "The configuration file can be overridden by using a Kernel argument."
23975
24500
msgstr ""
23976
24501
23977
#: serverguide/C/installation.xml:733(para)
24502
#: serverguide/C/installation.xml:726(para)
23978
24503
msgid ""
23979
24504
"Using a Kernel argument will allow the system to boot to a degraded array as "
23980
24505
"well:"
23981
24506
msgstr ""
23982
24507
23983
#: serverguide/C/installation.xml:739(para)
24508
#: serverguide/C/installation.xml:732(para)
23984
24509
msgid ""
23985
24510
"When the server is booting press <keycap>Shift</keycap> to open the "
23986
24511
"<application>Grub</application> menu."
23987
24512
msgstr ""
23988
24513
23989
#: serverguide/C/installation.xml:744(para)
24514
#: serverguide/C/installation.xml:737(para)
23990
24515
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23991
24516
msgstr ""
23992
24517
23993
#: serverguide/C/installation.xml:749(para)
24518
#: serverguide/C/installation.xml:742(para)
23994
24519
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23995
24520
msgstr ""
23996
24521
23997
#: serverguide/C/installation.xml:754(para)
24522
#: serverguide/C/installation.xml:747(para)
23998
24523
msgid ""
23999
24524
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
24000
24525
"end of the line."
24001
24526
msgstr ""
24002
24527
24003
#: serverguide/C/installation.xml:759(para)
24528
#: serverguide/C/installation.xml:752(para)
24004
24529
msgid ""
24005
24530
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
24006
24531
"the system."
24007
24532
msgstr ""
24008
24533
24009
#: serverguide/C/installation.xml:768(para)
24534
#: serverguide/C/installation.xml:761(para)
24010
24535
msgid ""
24011
24536
"Once the system has booted you can either repair the array see <xref "
24012
24537
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
24013
24538
"another machine due to major hardware failure."
24014
24539
msgstr ""
24015
24540
24016
#: serverguide/C/installation.xml:775(title)
24541
#: serverguide/C/installation.xml:768(title)
24017
24542
msgid "RAID Maintenance"
24018
24543
msgstr ""
24019
24544
24020
#: serverguide/C/installation.xml:777(para)
24545
#: serverguide/C/installation.xml:770(para)
24021
24546
msgid ""
24022
24547
"The <application>mdadm</application> utility can be used to view the status "
24023
24548
"of an array, add disks to an array, remove disks, etc:"
24024
24549
msgstr ""
24025
24550
24026
#: serverguide/C/installation.xml:784(para)
24551
#: serverguide/C/installation.xml:777(para)
24027
24552
msgid "To view the status of an array, from a terminal prompt enter:"
24028
24553
msgstr ""
24029
24554
24030
#: serverguide/C/installation.xml:788(command)
24555
#: serverguide/C/installation.xml:781(command)
24031
24556
msgid "sudo mdadm -D /dev/md0"
24032
24557
msgstr ""
24033
24558
24034
#: serverguide/C/installation.xml:791(para)
24559
#: serverguide/C/installation.xml:784(para)
24035
24560
msgid ""
24036
24561
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
24037
24562
"display <emphasis>detailed</emphasis> information about the "
24039
24564
"with the appropriate RAID device."
24040
24565
msgstr ""
24041
24566
24042
#: serverguide/C/installation.xml:797(para)
24567
#: serverguide/C/installation.xml:790(para)
24043
24568
msgid "To view the status of a disk in an array:"
24044
24569
msgstr ""
24045
24570
24046
#: serverguide/C/installation.xml:801(command)
24571
#: serverguide/C/installation.xml:794(command)
24047
24572
msgid "sudo mdadm -E /dev/sda1"
24048
24573
msgstr ""
24049
24574
24050
#: serverguide/C/installation.xml:803(para)
24575
#: serverguide/C/installation.xml:796(para)
24051
24576
msgid ""
24052
24577
"The output if very similar to the <command>mdadm -D</command> command, "
24053
24578
"adjust <filename>/dev/sda1</filename> for each disk."
24054
24579
msgstr ""
24055
24580
24056
#: serverguide/C/installation.xml:808(para)
24581
#: serverguide/C/installation.xml:801(para)
24057
24582
msgid "If a disk fails and needs to be removed from an array enter:"
24058
24583
msgstr ""
24059
24584
24060
#: serverguide/C/installation.xml:812(command)
24585
#: serverguide/C/installation.xml:805(command)
24061
24586
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
24062
24587
msgstr ""
24063
24588
24064
#: serverguide/C/installation.xml:814(para)
24589
#: serverguide/C/installation.xml:807(para)
24065
24590
msgid ""
24066
24591
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
24067
24592
"the appropriate RAID device and disk."
24068
24593
msgstr ""
24069
24594
24070
#: serverguide/C/installation.xml:819(para)
24595
#: serverguide/C/installation.xml:812(para)
24071
24596
msgid "Similarly, to add a new disk:"
24072
24597
msgstr ""
24073
24598
24074
#: serverguide/C/installation.xml:823(command)
24599
#: serverguide/C/installation.xml:816(command)
24075
24600
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
24076
24601
msgstr ""
24077
24602
24078
#: serverguide/C/installation.xml:828(para)
24603
#: serverguide/C/installation.xml:821(para)
24079
24604
msgid ""
24080
24605
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
24081
24606
"though there is nothing physically wrong with the drive. It is usually "
24084
24609
"the array, it is a good indication of hardware failure."
24085
24610
msgstr ""
24086
24611
24087
#: serverguide/C/installation.xml:834(para)
24612
#: serverguide/C/installation.xml:827(para)
24088
24613
msgid ""
24089
24614
"The <filename>/proc/mdstat</filename> file also contains useful information "
24090
24615
"about the system's RAID devices:"
24091
24616
msgstr ""
24092
24617
24093
#: serverguide/C/installation.xml:839(command)
24618
#: serverguide/C/installation.xml:832(command)
24094
24619
msgid "cat /proc/mdstat"
24095
24620
msgstr ""
24096
24621
24097
#: serverguide/C/installation.xml:840(computeroutput)
24622
#: serverguide/C/installation.xml:833(computeroutput)
24098
24623
#, no-wrap
24099
24624
msgid ""
24100
24625
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
24105
24630
"unused devices: <none>"
24106
24631
msgstr ""
24107
24632
24108
#: serverguide/C/installation.xml:847(para)
24633
#: serverguide/C/installation.xml:840(para)
24109
24634
msgid ""
24110
24635
"The following command is great for watching the status of a syncing drive:"
24111
24636
msgstr ""
24112
24637
24113
#: serverguide/C/installation.xml:852(command)
24638
#: serverguide/C/installation.xml:845(command)
24114
24639
msgid "watch -n1 cat /proc/mdstat"
24115
24640
msgstr ""
24116
24641
24117
#: serverguide/C/installation.xml:855(para)
24642
#: serverguide/C/installation.xml:848(para)
24118
24643
msgid ""
24119
24644
"Press <emphasis>Ctrl+c</emphasis> to stop the "
24120
24645
"<application>watch</application> command."
24121
24646
msgstr ""
24122
24647
24123
#: serverguide/C/installation.xml:859(para)
24648
#: serverguide/C/installation.xml:852(para)
24124
24649
msgid ""
24125
24650
"If you do need to replace a faulty drive, after the drive has been replaced "
24126
24651
"and synced, <application>grub</application> will need to be installed. To "
24128
24653
"following:"
24129
24654
msgstr ""
24130
24655
24131
#: serverguide/C/installation.xml:865(command)
24656
#: serverguide/C/installation.xml:858(command)
24132
24657
msgid "sudo grub-install /dev/md0"
24133
24658
msgstr ""
24134
24659
24135
#: serverguide/C/installation.xml:868(para)
24660
#: serverguide/C/installation.xml:861(para)
24136
24661
msgid ""
24137
24662
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
24138
24663
msgstr ""
24139
24664
24140
#: serverguide/C/installation.xml:876(para)
24665
#: serverguide/C/installation.xml:869(para)
24141
24666
msgid ""
24142
24667
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
24143
24668
"can be configured. Please see the following links for more information:"
24144
24669
msgstr ""
24145
24670
24146
#: serverguide/C/installation.xml:883(para)
24671
#: serverguide/C/installation.xml:876(para)
24147
24672
msgid ""
24148
24673
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
24149
24674
"Wiki Articles on RAID</ulink>."
24150
24675
msgstr ""
24151
24676
24152
#: serverguide/C/installation.xml:889(ulink)
24677
#: serverguide/C/installation.xml:882(ulink)
24153
24678
msgid "Software RAID HOWTO"
24154
24679
msgstr ""
24155
24680
24156
#: serverguide/C/installation.xml:894(ulink)
24681
#: serverguide/C/installation.xml:887(ulink)
24157
24682
msgid "Managing RAID on Linux"
24158
24683
msgstr ""
24159
24684
24160
#: serverguide/C/installation.xml:901(title)
24685
#: serverguide/C/installation.xml:894(title)
24161
24686
msgid "Logical Volume Manager (LVM)"
24162
24687
msgstr ""
24163
24688
24164
#: serverguide/C/installation.xml:903(para)
24689
#: serverguide/C/installation.xml:896(para)
24165
24690
msgid ""
24166
24691
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
24167
24692
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
24170
24695
"giving greater flexibility to systems as requirements change."
24171
24696
msgstr ""
24172
24697
24173
#: serverguide/C/installation.xml:912(para)
24698
#: serverguide/C/installation.xml:905(para)
24174
24699
msgid ""
24175
24700
"A side effect of LVM's power and flexibility is a greater degree of "
24176
24701
"complication. Before diving into the LVM installation process, it is best to "
24177
24702
"get familiar with some terms."
24178
24703
msgstr ""
24179
24704
24180
#: serverguide/C/installation.xml:919(para)
24705
#: serverguide/C/installation.xml:912(para)
24181
24706
msgid ""
24182
24707
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
24183
24708
"partition or software RAID partition formatted as LVM PV."
24184
24709
msgstr ""
24185
24710
24186
#: serverguide/C/installation.xml:925(para)
24711
#: serverguide/C/installation.xml:918(para)
24187
24712
msgid ""
24188
24713
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
24189
24714
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
24190
24715
"disk drive, from which one or more logical volumes are carved."
24191
24716
msgstr ""
24192
24717
24193
#: serverguide/C/installation.xml:931(para)
24718
#: serverguide/C/installation.xml:924(para)
24194
24719
msgid ""
24195
24720
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
24196
24721
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
24197
24722
"etc), it is then available for mounting and data storage."
24198
24723
msgstr ""
24199
24724
24200
#: serverguide/C/installation.xml:942(para)
24725
#: serverguide/C/installation.xml:935(para)
24201
24726
msgid ""
24202
24727
"As an example this section covers installing Ubuntu Server Edition with "
24203
24728
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
24206
24731
"can be extended."
24207
24732
msgstr ""
24208
24733
24209
#: serverguide/C/installation.xml:948(para)
24734
#: serverguide/C/installation.xml:941(para)
24210
24735
msgid ""
24211
24736
"There are several installation options for LVM, <emphasis>\"Guided - use the "
24212
24737
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
24217
24742
"the Manual approach."
24218
24743
msgstr ""
24219
24744
24220
#: serverguide/C/installation.xml:965(para)
24745
#: serverguide/C/installation.xml:958(para)
24221
24746
msgid ""
24222
24747
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
24223
24748
"<emphasis>\"Manual\"</emphasis>."
24224
24749
msgstr ""
24225
24750
24226
#: serverguide/C/installation.xml:972(para)
24751
#: serverguide/C/installation.xml:965(para)
24227
24752
msgid ""
24228
24753
"Select the hard disk and on the next screen choose \"yes\" to "
24229
24754
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
24230
24755
msgstr ""
24231
24756
24232
#: serverguide/C/installation.xml:979(para)
24757
#: serverguide/C/installation.xml:972(para)
24233
24758
msgid ""
24234
24759
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
24235
24760
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
24236
24761
msgstr ""
24237
24762
24238
#: serverguide/C/installation.xml:987(para)
24763
#: serverguide/C/installation.xml:980(para)
24239
24764
msgid ""
24240
24765
"For the LVM <emphasis>/srv</emphasis>, create a new "
24241
24766
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
24243
24768
"<emphasis>\"Done setting up the partition\"</emphasis>."
24244
24769
msgstr ""
24245
24770
24246
#: serverguide/C/installation.xml:995(para)
24771
#: serverguide/C/installation.xml:988(para)
24247
24772
msgid ""
24248
24773
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
24249
24774
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
24250
24775
"disk."
24251
24776
msgstr ""
24252
24777
24253
#: serverguide/C/installation.xml:1003(para)
24778
#: serverguide/C/installation.xml:996(para)
24254
24779
msgid ""
24255
24780
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
24256
24781
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
24259
24784
"<emphasis>\"Continue\"</emphasis>."
24260
24785
msgstr ""
24261
24786
24262
#: serverguide/C/installation.xml:1012(para)
24787
#: serverguide/C/installation.xml:1005(para)
24263
24788
msgid ""
24264
24789
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
24265
24790
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
24270
24795
"main <emphasis>\"Partition Disks\"</emphasis> screen."
24271
24796
msgstr ""
24272
24797
24273
#: serverguide/C/installation.xml:1022(para)
24798
#: serverguide/C/installation.xml:1015(para)
24274
24799
msgid ""
24275
24800
"Now add a filesystem to the new LVM. Select the partition under "
24276
24801
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
24279
24804
"select <emphasis>\"Done setting up the partition\"</emphasis>."
24280
24805
msgstr ""
24281
24806
24282
#: serverguide/C/installation.xml:1031(para)
24807
#: serverguide/C/installation.xml:1024(para)
24283
24808
msgid ""
24284
24809
"Finally, select <emphasis>\"Finish partitioning and write changes to "
24285
24810
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
24286
24811
"the installation."
24287
24812
msgstr ""
24288
24813
24289
#: serverguide/C/installation.xml:1039(para)
24814
#: serverguide/C/installation.xml:1032(para)
24290
24815
msgid "There are some useful utilities to view information about LVM:"
24291
24816
msgstr ""
24292
24817
24293
#: serverguide/C/installation.xml:1044(para)
24818
#: serverguide/C/installation.xml:1037(para)
24294
24819
msgid ""
24295
24820
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
24296
24821
msgstr ""
24297
24822
24298
#: serverguide/C/installation.xml:1045(para)
24823
#: serverguide/C/installation.xml:1038(para)
24299
24824
msgid ""
24300
24825
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
24301
24826
msgstr ""
24302
24827
24303
#: serverguide/C/installation.xml:1046(para)
24828
#: serverguide/C/installation.xml:1039(para)
24304
24829
msgid ""
24305
24830
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
24306
24831
msgstr ""
24307
24832
24308
#: serverguide/C/installation.xml:1051(title)
24833
#: serverguide/C/installation.xml:1044(title)
24309
24834
msgid "Extending Volume Groups"
24310
24835
msgstr ""
24311
24836
24312
#: serverguide/C/installation.xml:1053(para)
24837
#: serverguide/C/installation.xml:1046(para)
24313
24838
msgid ""
24314
24839
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
24315
24840
"section covers adding a second hard disk, creating a Physical Volume (PV), "
24321
24846
"partitions and use them as different physical volumes)"
24322
24847
msgstr ""
24323
24848
24324
#: serverguide/C/installation.xml:1061(para)
24849
#: serverguide/C/installation.xml:1054(para)
24325
24850
msgid ""
24326
24851
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
24327
24852
"before issuing the commands below. You could lose some data if you issue "
24328
24853
"those commands on a non-empty disk."
24329
24854
msgstr ""
24330
24855
24331
#: serverguide/C/installation.xml:1069(para)
24856
#: serverguide/C/installation.xml:1062(para)
24332
24857
msgid "First, create the physical volume, in a terminal execute:"
24333
24858
msgstr ""
24334
24859
24335
#: serverguide/C/installation.xml:1074(command)
24860
#: serverguide/C/installation.xml:1067(command)
24336
24861
msgid "sudo pvcreate /dev/sdb"
24337
24862
msgstr ""
24338
24863
24339
#: serverguide/C/installation.xml:1080(para)
24864
#: serverguide/C/installation.xml:1073(para)
24340
24865
msgid "Now extend the Volume Group (VG):"
24341
24866
msgstr ""
24342
24867
24343
#: serverguide/C/installation.xml:1085(command)
24868
#: serverguide/C/installation.xml:1078(command)
24344
24869
msgid "sudo vgextend vg01 /dev/sdb"
24345
24870
msgstr ""
24346
24871
24347
#: serverguide/C/installation.xml:1091(para)
24872
#: serverguide/C/installation.xml:1084(para)
24348
24873
msgid ""
24349
24874
"Use <application>vgdisplay</application> to find out the free physical "
24350
24875
"extents - Free PE / size (the size you can allocate). We will assume a free "
24352
24877
"whole free space available. Use your own PE and/or free space."
24353
24878
msgstr ""
24354
24879
24355
#: serverguide/C/installation.xml:1097(para)
24880
#: serverguide/C/installation.xml:1090(para)
24356
24881
msgid ""
24357
24882
"The Logical Volume (LV) can now be extended by different methods, we will "
24358
24883
"only see how to use the PE to extend the LV:"
24359
24884
msgstr ""
24360
24885
24361
#: serverguide/C/installation.xml:1102(command)
24886
#: serverguide/C/installation.xml:1095(command)
24362
24887
msgid "sudo lvextend /dev/vg01/srv -l +511"
24363
24888
msgstr ""
24364
24889
24365
#: serverguide/C/installation.xml:1105(para)
24890
#: serverguide/C/installation.xml:1098(para)
24366
24891
msgid ""
24367
24892
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
24368
24893
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
24369
24894
"Gig, Tera, etc bytes."
24370
24895
msgstr ""
24371
24896
24372
#: serverguide/C/installation.xml:1113(para)
24897
#: serverguide/C/installation.xml:1106(para)
24373
24898
msgid ""
24374
24899
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
24375
24900
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
24378
24903
"first is compulsory)."
24379
24904
msgstr ""
24380
24905
24381
#: serverguide/C/installation.xml:1119(para)
24906
#: serverguide/C/installation.xml:1112(para)
24382
24907
msgid ""
24383
24908
"The following commands are for an <emphasis>EXT3</emphasis> or "
24384
24909
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
24385
24910
"there may be other utilities available."
24386
24911
msgstr ""
24387
24912
24388
#: serverguide/C/installation.xml:1126(command)
24913
#: serverguide/C/installation.xml:1119(command)
24389
24914
msgid "sudo e2fsck -f /dev/vg01/srv"
24390
24915
msgstr ""
24391
24916
24392
#: serverguide/C/installation.xml:1129(para)
24917
#: serverguide/C/installation.xml:1122(para)
24393
24918
msgid ""
24394
24919
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
24395
24920
"forces checking even if the system seems clean."
24396
24921
msgstr ""
24397
24922
24398
#: serverguide/C/installation.xml:1136(para)
24923
#: serverguide/C/installation.xml:1129(para)
24399
24924
msgid "Finally, resize the filesystem:"
24400
24925
msgstr ""
24401
24926
24402
#: serverguide/C/installation.xml:1141(command)
24927
#: serverguide/C/installation.xml:1134(command)
24403
24928
msgid "sudo resize2fs /dev/vg01/srv"
24404
24929
msgstr ""
24405
24930
24406
#: serverguide/C/installation.xml:1147(para)
24931
#: serverguide/C/installation.xml:1140(para)
24407
24932
msgid "Now mount the partition and check its size."
24408
24933
msgstr ""
24409
24934
24410
#: serverguide/C/installation.xml:1152(command)
24935
#: serverguide/C/installation.xml:1145(command)
24411
24936
msgid "mount /dev/vg01/srv /srv && df -h /srv"
24412
24937
msgstr ""
24413
24938
24414
#: serverguide/C/installation.xml:1164(para)
24939
#: serverguide/C/installation.xml:1157(para)
24415
24940
msgid ""
24416
24941
"See the <ulink "
24417
24942
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
24418
24943
"Articles</ulink>."
24419
24944
msgstr ""
24420
24945
24421
#: serverguide/C/installation.xml:1169(para)
24946
#: serverguide/C/installation.xml:1162(para)
24422
24947
msgid ""
24423
24948
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
24424
24949
"HOWTO</ulink> for more information."
24425
24950
msgstr ""
24426
24951
24427
#: serverguide/C/installation.xml:1174(para)
24952
#: serverguide/C/installation.xml:1167(para)
24428
24953
msgid ""
24429
24954
"Another good article is <ulink "
24430
24955
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
24439
24964
" man page</ulink>."
24440
24965
msgstr ""
24441
24966
24442
#: serverguide/C/installation.xml:1192(title)
24967
#: serverguide/C/installation.xml:1185(title)
24443
24968
msgid "Kernel Crash Dump"
24444
24969
msgstr ""
24445
24970
24446
#: serverguide/C/installation.xml:1199(para)
24971
#: serverguide/C/installation.xml:1192(para)
24447
24972
msgid "Kernel Panic"
24448
24973
msgstr ""
24449
24974
24450
#: serverguide/C/installation.xml:1200(para)
24975
#: serverguide/C/installation.xml:1193(para)
24451
24976
msgid "Non Maskable Interrupts (NMI)"
24452
24977
msgstr ""
24453
24978
24454
#: serverguide/C/installation.xml:1201(para)
24979
#: serverguide/C/installation.xml:1194(para)
24455
24980
msgid "Machine Check Exceptions (MCE)"
24456
24981
msgstr ""
24457
24982
24458
#: serverguide/C/installation.xml:1202(para)
24983
#: serverguide/C/installation.xml:1195(para)
24459
24984
msgid "Hardware failure"
24460
24985
msgstr ""
24461
24986
24462
#: serverguide/C/installation.xml:1203(para)
24987
#: serverguide/C/installation.xml:1196(para)
24463
24988
msgid "Manual intervention"
24464
24989
msgstr ""
24465
24990
24466
#: serverguide/C/installation.xml:1195(para)
24991
#: serverguide/C/installation.xml:1188(para)
24467
24992
msgid ""
24468
24993
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
24469
24994
"(RAM) that is copied to disk whenever the execution of the kernel is "
24477
25002
"memory contents."
24478
25003
msgstr ""
24479
25004
24480
#: serverguide/C/installation.xml:1212(title)
25005
#: serverguide/C/installation.xml:1205(title)
24481
25006
msgid "Kernel Crash Dump Mechanism"
24482
25007
msgstr ""
24483
25008
24484
#: serverguide/C/installation.xml:1214(para)
25009
#: serverguide/C/installation.xml:1207(para)
24485
25010
msgid ""
24486
25011
"When a kernel panic occurs, the kernel relies on the "
24487
25012
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
24490
25015
"untouched in order to safely copy its contents to storage."
24491
25016
msgstr ""
24492
25017
24493
#: serverguide/C/installation.xml:1223(para)
25018
#: serverguide/C/installation.xml:1216(para)
24494
25019
msgid ""
24495
25020
"The kernel crash dump utility is installed with the following command:"
24496
25021
msgstr ""
24497
25022
24498
#: serverguide/C/installation.xml:1228(command)
25023
#: serverguide/C/installation.xml:1221(command)
24499
25024
msgid "sudo apt-get install linux-crashdump"
24500
25025
msgstr ""
24501
25026
24502
#: serverguide/C/installation.xml:1231(para)
25027
#: serverguide/C/installation.xml:1230(programlisting)
25028
#, no-wrap
25029
msgid ""
25030
"\n"
25031
"USE_KDUMP=1\n"
25032
msgstr ""
25033
25034
#: serverguide/C/installation.xml:1228(para)
25035
msgid ""
25036
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
25037
"line: <placeholder-1/>"
25038
msgstr ""
25039
25040
#: serverguide/C/installation.xml:1235(para)
24503
25041
msgid "A reboot is then needed."
24504
25042
msgstr ""
24505
25043
24506
#: serverguide/C/installation.xml:1239(para)
24507
msgid ""
24508
"No further configuration is required in order to have the kernel dump "
24509
"mechanism enabled."
24510
msgstr ""
24511
24512
#: serverguide/C/installation.xml:1248(para)
25044
#: serverguide/C/installation.xml:1244(para)
24513
25045
msgid ""
24514
25046
"To confirm that the kernel dump mechanism is enabled, there are a few things "
24515
25047
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
24517
25049
"fit the format of this document:"
24518
25050
msgstr ""
24519
25051
24520
#: serverguide/C/installation.xml:1255(command)
25052
#: serverguide/C/installation.xml:1251(command)
24521
25053
msgid "cat /proc/cmdline"
24522
25054
msgstr ""
24523
25055
24524
#: serverguide/C/installation.xml:1256(computeroutput)
25056
#: serverguide/C/installation.xml:1252(computeroutput)
24525
25057
#, no-wrap
24526
25058
msgid ""
24527
25059
"\n"
24529
25061
" crashkernel=384M-2G:64M,2G-:128M\n"
24530
25062
msgstr ""
24531
25063
24532
#: serverguide/C/installation.xml:1264(programlisting)
25064
#: serverguide/C/installation.xml:1260(programlisting)
24533
25065
#, no-wrap
24534
25066
msgid ""
24535
25067
"\n"
24539
25071
" "
24540
25072
msgstr ""
24541
25073
24542
#: serverguide/C/installation.xml:1262(para)
25074
#: serverguide/C/installation.xml:1258(para)
24543
25075
msgid ""
24544
25076
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24545
25077
"<placeholder-1/>"
24546
25078
msgstr ""
24547
25079
24548
#: serverguide/C/installation.xml:1272(programlisting)
25080
#: serverguide/C/installation.xml:1268(programlisting)
24549
25081
#, no-wrap
24550
25082
msgid ""
24551
25083
"\n"
24552
25084
"crashkernel=384M-2G:64M,2G-:128M\n"
24553
25085
msgstr ""
24554
25086
24555
#: serverguide/C/installation.xml:1270(para)
25087
#: serverguide/C/installation.xml:1266(para)
24556
25088
msgid ""
24557
25089
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24558
25090
"we would have : <placeholder-1/>"
24559
25091
msgstr ""
24560
25092
24561
#: serverguide/C/installation.xml:1277(para)
25093
#: serverguide/C/installation.xml:1273(para)
24562
25094
msgid "The above value means:"
24563
25095
msgstr ""
24564
25096
24565
#: serverguide/C/installation.xml:1279(para)
25097
#: serverguide/C/installation.xml:1275(para)
24566
25098
msgid ""
24567
25099
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24568
25100
"\"rescue\" case)"
24569
25101
msgstr ""
24570
25102
24571
#: serverguide/C/installation.xml:1281(para)
25103
#: serverguide/C/installation.xml:1277(para)
24572
25104
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24573
25105
msgstr ""
24574
25106
24575
#: serverguide/C/installation.xml:1282(para)
25107
#: serverguide/C/installation.xml:1278(para)
24576
25108
msgid "if the RAM size is larger than 2G, then reserve 128M"
24577
25109
msgstr ""
24578
25110
24579
#: serverguide/C/installation.xml:1285(para)
25111
#: serverguide/C/installation.xml:1281(para)
24580
25112
msgid ""
24581
25113
"Second, verify that the kernel has reserved the requested memory area for "
24582
25114
"the kdump kernel by doing:"
24583
25115
msgstr ""
24584
25116
24585
#: serverguide/C/installation.xml:1290(command)
25117
#: serverguide/C/installation.xml:1286(command)
24586
25118
msgid "dmesg | grep -i crash"
24587
25119
msgstr ""
24588
25120
24589
#: serverguide/C/installation.xml:1291(computeroutput)
25121
#: serverguide/C/installation.xml:1287(computeroutput)
24590
25122
#, no-wrap
24591
25123
msgid ""
24592
25124
"\n"
24595
25127
"RAM: 1023MB)\n"
24596
25128
msgstr ""
24597
25129
24598
#: serverguide/C/installation.xml:1300(title)
25130
#: serverguide/C/installation.xml:1296(title)
24599
25131
msgid "Testing the Crash Dump Mechanism"
24600
25132
msgstr ""
24601
25133
24602
#: serverguide/C/installation.xml:1303(para)
25134
#: serverguide/C/installation.xml:1299(para)
24603
25135
msgid ""
24604
25136
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
24605
25137
"reboot.</emphasis> In certain situations, this can cause data loss if the "
24607
25139
"that the system is idle or under very light load."
24608
25140
msgstr ""
24609
25141
24610
#: serverguide/C/installation.xml:1310(para)
25142
#: serverguide/C/installation.xml:1306(para)
24611
25143
msgid ""
24612
25144
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
24613
25145
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
24614
25146
"parameter :"
24615
25147
msgstr ""
24616
25148
24617
#: serverguide/C/installation.xml:1316(command)
25149
#: serverguide/C/installation.xml:1312(command)
24618
25150
msgid "cat /proc/sys/kernel/sysrq"
24619
25151
msgstr ""
24620
25152
24621
#: serverguide/C/installation.xml:1319(para)
25153
#: serverguide/C/installation.xml:1315(para)
24622
25154
msgid ""
24623
25155
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
24624
25156
"Enable it with the following command :"
24625
25157
msgstr ""
24626
25158
24627
#: serverguide/C/installation.xml:1324(command)
25159
#: serverguide/C/installation.xml:1320(command)
24628
25160
msgid "sudo sysctl -w kernel.sysrq=1"
24629
25161
msgstr ""
24630
25162
24631
#: serverguide/C/installation.xml:1327(para)
25163
#: serverguide/C/installation.xml:1323(para)
24632
25164
msgid ""
24633
25165
"Once this is done, you must become root, as just using "
24634
25166
"<command>sudo</command> will not be sufficient. As the "
24639
25171
"the advantage of making the kernel dump process visible."
24640
25172
msgstr ""
24641
25173
24642
#: serverguide/C/installation.xml:1334(para)
25174
#: serverguide/C/installation.xml:1330(para)
24643
25175
msgid "A typical test output should look like the following :"
24644
25176
msgstr ""
24645
25177
24646
#: serverguide/C/installation.xml:1339(command)
25178
#: serverguide/C/installation.xml:1335(command)
24647
25179
msgid "sudo -s"
24648
25180
msgstr ""
24649
25181
24650
#: serverguide/C/installation.xml:1341(command)
25182
#: serverguide/C/installation.xml:1337(command)
24651
25183
msgid "echo c > /proc/sysrq-trigger"
24652
25184
msgstr ""
24653
25185
24654
#: serverguide/C/installation.xml:1338(screen)
25186
#: serverguide/C/installation.xml:1334(screen)
24655
25187
#, no-wrap
24656
25188
msgid ""
24657
25189
"\n"
24668
25200
"....\n"
24669
25201
msgstr ""
24670
25202
24671
#: serverguide/C/installation.xml:1351(para)
25203
#: serverguide/C/installation.xml:1347(para)
24672
25204
msgid ""
24673
25205
"The rest of the output is truncated, but you should see the system rebooting "
24674
25206
"and somewhere in the log, you will see the following line : <screen>Begin: "
24677
25209
"file in the <filename>/var/crash</filename> directory :"
24678
25210
msgstr ""
24679
25211
24680
#: serverguide/C/installation.xml:1358(command)
25212
#: serverguide/C/installation.xml:1354(command)
24681
25213
msgid "ls /var/crash"
24682
25214
msgstr ""
24683
25215
24684
#: serverguide/C/installation.xml:1357(screen)
25216
#: serverguide/C/installation.xml:1353(screen)
24685
25217
#, no-wrap
24686
25218
msgid ""
24687
25219
"\n"
24689
25221
"linux-image-3.0.0-12-server.0.crash\n"
24690
25222
msgstr ""
24691
25223
24692
#: serverguide/C/installation.xml:1367(para)
25224
#: serverguide/C/installation.xml:1363(para)
24693
25225
msgid ""
24694
25226
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
24695
25227
"kernel. You can find more information on the topic here :"
24696
25228
msgstr ""
24697
25229
24698
#: serverguide/C/installation.xml:1373(para)
25230
#: serverguide/C/installation.xml:1369(para)
24699
25231
msgid ""
24700
25232
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
24701
25233
"kernel documentation</ulink>."
24702
25234
msgstr ""
24703
25235
24704
#: serverguide/C/installation.xml:1379(ulink)
25236
#: serverguide/C/installation.xml:1375(ulink)
24705
25237
msgid "The crash tool"
24706
25238
msgstr ""
24707
25239
24708
#: serverguide/C/installation.xml:1383(para)
25240
#: serverguide/C/installation.xml:1379(para)
24709
25241
msgid ""
24710
25242
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
24711
25243
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
25187
25719
"as follows:"
25188
25720
msgstr "以下是在 <filename>/etc/fstab</filename> 中的常用语法:"
25189
25721
25190
#: serverguide/C/file-server.xml:429(programlisting)
25722
#: serverguide/C/file-server.xml:430(programlisting)
25191
25723
#, no-wrap
25192
25724
msgid ""
25193
25725
"\n"
25198
25730
"example.hostname.com:/ubuntu /local/ubuntu nfs "
25199
25731
"rsize=8192,wsize=8192,timeo=14,intr\n"
25200
25732
25201
#: serverguide/C/file-server.xml:433(para)
25733
#: serverguide/C/file-server.xml:434(para)
25202
25734
msgid ""
25203
25735
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
25204
25736
"common</application> package is installed on your client. To install "
25208
25740
"</screen>"
25209
25741
msgstr ""
25210
25742
25211
#: serverguide/C/file-server.xml:446(ulink)
25743
#: serverguide/C/file-server.xml:447(ulink)
25212
25744
msgid "Linux NFS faq"
25213
25745
msgstr "Linux NFS 常见问答"
25214
25746
25215
#: serverguide/C/file-server.xml:448(ulink)
25747
#: serverguide/C/file-server.xml:449(ulink)
25216
25748
msgid "Ubuntu Wiki NFS Howto"
25217
25749
msgstr ""
25218
25750
25219
#: serverguide/C/file-server.xml:454(title)
25751
#: serverguide/C/file-server.xml:455(title)
25220
25752
msgid "iSCSI Initiator"
25221
25753
msgstr ""
25222
25754
25223
#: serverguide/C/file-server.xml:456(para)
25755
#: serverguide/C/file-server.xml:457(para)
25224
25756
msgid ""
25225
25757
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
25226
25758
"protocol that allows SCSI commands to be transmitted over a network. "
25240
25772
"your vendor documentation to configure your specific iSCSI target."
25241
25773
msgstr ""
25242
25774
25243
#: serverguide/C/file-server.xml:470(title)
25775
#: serverguide/C/file-server.xml:471(title)
25244
25776
msgid "iSCSI Initiator Install"
25245
25777
msgstr ""
25246
25778
25247
#: serverguide/C/file-server.xml:472(para)
25779
#: serverguide/C/file-server.xml:473(para)
25248
25780
msgid ""
25249
25781
"To configure Ubuntu Server as an iSCSI initiator install the "
25250
25782
"<application>open-iscsi</application> package. In a terminal enter:"
25251
25783
msgstr ""
25252
25784
25253
#: serverguide/C/file-server.xml:477(command)
25785
#: serverguide/C/file-server.xml:478(command)
25254
25786
msgid "sudo apt-get install open-iscsi"
25255
25787
msgstr ""
25256
25788
25257
#: serverguide/C/file-server.xml:482(title)
25789
#: serverguide/C/file-server.xml:483(title)
25258
25790
msgid "iSCSI Initiator Configuration"
25259
25791
msgstr ""
25260
25792
25261
#: serverguide/C/file-server.xml:484(para)
25793
#: serverguide/C/file-server.xml:485(para)
25262
25794
msgid ""
25263
25795
"Once the <application>open-iscsi</application> package is installed, edit "
25264
25796
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
25265
25797
msgstr ""
25266
25798
25267
#: serverguide/C/file-server.xml:488(programlisting)
25799
#: serverguide/C/file-server.xml:489(programlisting)
25268
25800
#, no-wrap
25269
25801
msgid ""
25270
25802
"\n"
25271
25803
"node.startup = automatic\n"
25272
25804
msgstr ""
25273
25805
25274
#: serverguide/C/file-server.xml:492(para)
25806
#: serverguide/C/file-server.xml:493(para)
25275
25807
msgid ""
25276
25808
"You can check which targets are available by using the "
25277
25809
"<application>iscsiadm</application> utility. Enter the following in a "
25278
25810
"terminal:"
25279
25811
msgstr ""
25280
25812
25281
#: serverguide/C/file-server.xml:497(command)
25813
#: serverguide/C/file-server.xml:498(command)
25282
25814
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
25283
25815
msgstr ""
25284
25816
25285
#: serverguide/C/file-server.xml:501(para)
25817
#: serverguide/C/file-server.xml:502(para)
25286
25818
msgid ""
25287
25819
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
25288
25820
msgstr ""
25289
25821
25290
#: serverguide/C/file-server.xml:502(para)
25822
#: serverguide/C/file-server.xml:503(para)
25291
25823
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
25292
25824
msgstr ""
25293
25825
25294
#: serverguide/C/file-server.xml:503(para)
25826
#: serverguide/C/file-server.xml:504(para)
25295
25827
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
25296
25828
msgstr ""
25297
25829
25298
#: serverguide/C/file-server.xml:507(para)
25830
#: serverguide/C/file-server.xml:508(para)
25299
25831
msgid ""
25300
25832
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
25301
25833
"your network."
25302
25834
msgstr ""
25303
25835
25304
#: serverguide/C/file-server.xml:512(para)
25836
#: serverguide/C/file-server.xml:513(para)
25305
25837
msgid ""
25306
25838
"If the target is available you should see output similar to the following:"
25307
25839
msgstr ""
25308
25840
25309
#: serverguide/C/file-server.xml:517(computeroutput)
25841
#: serverguide/C/file-server.xml:518(computeroutput)
25310
25842
#, no-wrap
25311
25843
msgid ""
25312
25844
"\n"
25313
25845
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
25314
25846
msgstr ""
25315
25847
25316
#: serverguide/C/file-server.xml:523(para)
25848
#: serverguide/C/file-server.xml:524(para)
25317
25849
msgid ""
25318
25850
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
25319
25851
"on your hardware."
25320
25852
msgstr ""
25321
25853
25322
#: serverguide/C/file-server.xml:528(para)
25854
#: serverguide/C/file-server.xml:529(para)
25323
25855
msgid ""
25324
25856
"You should now be able to connect to the iSCSI target, and depending on your "
25325
25857
"target setup you may have to enter user credentials. Login to the iSCSI node:"
25326
25858
msgstr ""
25327
25859
25328
#: serverguide/C/file-server.xml:534(command)
25860
#: serverguide/C/file-server.xml:535(command)
25329
25861
msgid "sudo iscsiadm -m node --login"
25330
25862
msgstr ""
25331
25863
25332
#: serverguide/C/file-server.xml:537(para)
25864
#: serverguide/C/file-server.xml:538(para)
25333
25865
msgid ""
25334
25866
"Check to make sure that the new disk has been detected using "
25335
25867
"<application>dmesg</application>:"
25336
25868
msgstr ""
25337
25869
25338
#: serverguide/C/file-server.xml:542(command)
25870
#: serverguide/C/file-server.xml:543(command)
25339
25871
msgid "dmesg | grep sd"
25340
25872
msgstr ""
25341
25873
25342
#: serverguide/C/file-server.xml:543(computeroutput)
25874
#: serverguide/C/file-server.xml:544(computeroutput)
25343
25875
#, no-wrap
25344
25876
msgid ""
25345
25877
"\n"
25368
25900
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
25369
25901
msgstr ""
25370
25902
25371
#: serverguide/C/file-server.xml:567(para)
25903
#: serverguide/C/file-server.xml:568(para)
25372
25904
msgid ""
25373
25905
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
25374
25906
"this is just an example; the output you see on your screen will vary."
25375
25907
msgstr ""
25376
25908
25377
#: serverguide/C/file-server.xml:572(para)
25909
#: serverguide/C/file-server.xml:573(para)
25378
25910
msgid ""
25379
25911
"Next, create a partition, format the file system, and mount the new iSCSI "
25380
25912
"disk. In a terminal enter:"
25381
25913
msgstr ""
25382
25914
25383
#: serverguide/C/file-server.xml:577(command)
25915
#: serverguide/C/file-server.xml:578(command)
25384
25916
msgid "sudo fdisk /dev/sdb"
25385
25917
msgstr ""
25386
25918
25387
#: serverguide/C/file-server.xml:578(command)
25919
#: serverguide/C/file-server.xml:579(command)
25388
25920
msgid "n"
25389
25921
msgstr ""
25390
25922
25391
#: serverguide/C/file-server.xml:579(command)
25923
#: serverguide/C/file-server.xml:580(command)
25392
25924
msgid "p"
25393
25925
msgstr ""
25394
25926
25395
#: serverguide/C/file-server.xml:580(command)
25927
#: serverguide/C/file-server.xml:581(command)
25396
25928
msgid "enter"
25397
25929
msgstr ""
25398
25930
25399
#: serverguide/C/file-server.xml:581(command)
25931
#: serverguide/C/file-server.xml:582(command)
25400
25932
msgid "w"
25401
25933
msgstr ""
25402
25934
25403
#: serverguide/C/file-server.xml:585(para)
25935
#: serverguide/C/file-server.xml:586(para)
25404
25936
msgid ""
25405
25937
"The above commands are from inside the <application>fdisk</application> "
25406
25938
"utility; see <command>man fdisk</command> for more detailed instructions. "
25408
25940
"friendly."
25409
25941
msgstr ""
25410
25942
25411
#: serverguide/C/file-server.xml:591(para)
25943
#: serverguide/C/file-server.xml:592(para)
25412
25944
msgid ""
25413
25945
"Now format the file system and mount it to <filename>/srv</filename> as an "
25414
25946
"example:"
25415
25947
msgstr ""
25416
25948
25417
#: serverguide/C/file-server.xml:596(command)
25949
#: serverguide/C/file-server.xml:597(command)
25418
25950
msgid "sudo mkfs.ext4 /dev/sdb1"
25419
25951
msgstr ""
25420
25952
25421
#: serverguide/C/file-server.xml:597(command)
25953
#: serverguide/C/file-server.xml:598(command)
25422
25954
msgid "sudo mount /dev/sdb1 /srv"
25423
25955
msgstr ""
25424
25956
25425
#: serverguide/C/file-server.xml:601(para)
25957
#: serverguide/C/file-server.xml:602(para)
25426
25958
msgid ""
25427
25959
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
25428
25960
"drive during boot:"
25429
25961
msgstr ""
25430
25962
25431
#: serverguide/C/file-server.xml:605(programlisting)
25963
#: serverguide/C/file-server.xml:606(programlisting)
25432
25964
#, no-wrap
25433
25965
msgid ""
25434
25966
"\n"
25435
25967
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
25436
25968
msgstr ""
25437
25969
25438
#: serverguide/C/file-server.xml:609(para)
25970
#: serverguide/C/file-server.xml:610(para)
25439
25971
msgid ""
25440
25972
"It is a good idea to make sure everything is working as expected by "
25441
25973
"rebooting the server."
25442
25974
msgstr ""
25443
25975
25444
#: serverguide/C/file-server.xml:618(ulink)
25976
#: serverguide/C/file-server.xml:619(ulink)
25445
25977
msgid "Open-iSCSI Website"
25446
25978
msgstr ""
25447
25979
25448
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
25980
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25449
25981
msgid "Debian Open-iSCSI page"
25450
25982
msgstr ""
25451
25983
25452
#: serverguide/C/file-server.xml:628(title)
25984
#: serverguide/C/file-server.xml:629(title)
25453
25985
msgid "CUPS - Print Server"
25454
25986
msgstr "CUPS - 打印服务器"
25455
25987
25456
#: serverguide/C/file-server.xml:629(para)
25988
#: serverguide/C/file-server.xml:630(para)
25457
25989
msgid ""
25458
25990
"The primary mechanism for Ubuntu printing and print services is the "
25459
25991
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25464
25996
"Printing System,通用 UNIX 打印系统)。这个打印系统是一个免费可用的、可移植的打印虚拟层,并已成为大多数 Linux "
25465
25997
"发行版的新打印标准。"
25466
25998
25467
#: serverguide/C/file-server.xml:636(para)
25999
#: serverguide/C/file-server.xml:637(para)
25468
26000
msgid ""
25469
26001
"CUPS manages print jobs and queues and provides network printing using the "
25470
26002
"standard Internet Printing Protocol (IPP), while offering support for a very "
25477
26009
"提供网络打印,该协议提供最大范围的打印机支持,从点阵打印机到激光打印机以及位于两者之间的许多打印机。CUPS 也支持 PostScript "
25478
26010
"Printer Description (PPD) 和网络打印机的自动检测,以及提供基于 Web 的简单配置和管理工具。"
25479
26011
25480
#: serverguide/C/file-server.xml:646(para)
26012
#: serverguide/C/file-server.xml:647(para)
25481
26013
msgid ""
25482
26014
"To install CUPS on your Ubuntu computer, simply use "
25483
26015
"<application>sudo</application> with the <application>apt-get</application> "
25490
26022
"<application>apt-get</application> 命令并将要安装的包作为第一个参数即可。一个完整的 CUPS "
25491
26023
"安装有很多包依赖关系,但它们都可以在同一行上给出。在终端输入以下命令来安装 CUPS:"
25492
26024
25493
#: serverguide/C/file-server.xml:651(command)
26025
#: serverguide/C/file-server.xml:652(command)
25494
26026
msgid "sudo apt-get install cups"
25495
26027
msgstr ""
25496
26028
25497
#: serverguide/C/file-server.xml:654(para)
26029
#: serverguide/C/file-server.xml:655(para)
25498
26030
msgid ""
25499
26031
"Upon authenticating with your user password, the packages should be "
25500
26032
"downloaded and installed without error. Upon the conclusion of installation, "
25501
26033
"the CUPS server will be started automatically."
25502
26034
msgstr ""
25503
26035
25504
#: serverguide/C/file-server.xml:659(para)
26036
#: serverguide/C/file-server.xml:660(para)
25505
26037
msgid ""
25506
26038
"For troubleshooting purposes, you can access CUPS server errors via the "
25507
26039
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
25514
26046
"from becoming overly large."
25515
26047
msgstr ""
25516
26048
25517
#: serverguide/C/file-server.xml:672(para)
26049
#: serverguide/C/file-server.xml:673(para)
25518
26050
msgid ""
25519
26051
"The Common UNIX Printing System server's behavior is configured through the "
25520
26052
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
25528
26060
"打印系统服务器的行为的。CUPS 配置文件与 Apache HTTP 服务器的主配置文件语法相同,因此熟悉编辑 Apache 配置文件的用户在编辑 "
25529
26061
"CUPS 配置文件时会感到相当容易。在这里将显示一些您可能想要改变初始值的设置范例。"
25530
26062
25531
#: serverguide/C/file-server.xml:682(para)
26063
#: serverguide/C/file-server.xml:683(para)
25532
26064
msgid ""
25533
26065
"Prior to editing the configuration file, you should make a copy of the "
25534
26066
"original file and protect it from writing, so you will have the original "
25535
26067
"settings as a reference, and to reuse as necessary."
25536
26068
msgstr "在编辑配置文件之前,您应该将原始文件做个副本并将其写保护,以便您可以将原始文件作为参考并在必要时重用它。"
25537
26069
25538
#: serverguide/C/file-server.xml:686(para)
26070
#: serverguide/C/file-server.xml:687(para)
25539
26071
msgid ""
25540
26072
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
25541
26073
"writing with the following commands, issued at a terminal prompt:"
25542
26074
msgstr ""
25543
26075
"拷贝 <filename>/etc/cups/cupsd.conf</filename> 文件并对其写保护,可以在终端提示符后执行以下命令:"
25544
26076
25545
#: serverguide/C/file-server.xml:692(command)
26077
#: serverguide/C/file-server.xml:693(command)
25546
26078
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25547
26079
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25548
26080
25549
#: serverguide/C/file-server.xml:693(command)
26081
#: serverguide/C/file-server.xml:694(command)
25550
26082
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
25551
26083
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
25552
26084
25553
#: serverguide/C/file-server.xml:698(para)
26085
#: serverguide/C/file-server.xml:699(para)
25554
26086
msgid ""
25555
26087
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
25556
26088
"address of the designated administrator of the CUPS server, simply edit the "
25562
26094
"as such:"
25563
26095
msgstr ""
25564
26096
25565
#: serverguide/C/file-server.xml:709(screen)
26097
#: serverguide/C/file-server.xml:710(screen)
25566
26098
#, no-wrap
25567
26099
msgid ""
25568
26100
"\n"
25571
26103
"\n"
25572
26104
"ServerAdmin bjoy@somebigco.com\n"
25573
26105
25574
#: serverguide/C/file-server.xml:715(para)
26106
#: serverguide/C/file-server.xml:716(para)
25575
26107
msgid ""
25576
26108
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
25577
26109
"server installation listens only on the loopback interface at IP address "
25586
26118
"such:"
25587
26119
msgstr ""
25588
26120
25589
#: serverguide/C/file-server.xml:729(screen)
26121
#: serverguide/C/file-server.xml:730(screen)
25590
26122
#, no-wrap
25591
26123
msgid ""
25592
26124
"\n"
25600
26132
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
25601
26133
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 (IPP)\n"
25602
26134
25603
#: serverguide/C/file-server.xml:735(para)
26135
#: serverguide/C/file-server.xml:736(para)
25604
26136
msgid ""
25605
26137
"In the example above, you may comment out or remove the reference to the "
25606
26138
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
25614
26146
",您可能注释或删除了相关语句。但最好保留它以监听局域网 (LAN) 的以太网接口。为了能监听一个特定主机名所绑定的所有的网络接口,您可以为 "
25615
26147
"<emphasis>socrates</emphasis> 主机名创建一个 Listen 条目,如下所示:"
25616
26148
25617
#: serverguide/C/file-server.xml:745(screen)
26149
#: serverguide/C/file-server.xml:746(screen)
25618
26150
#, no-wrap
25619
26151
msgid ""
25620
26152
"\n"
25623
26155
"\n"
25624
26156
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
25625
26157
25626
#: serverguide/C/file-server.xml:749(para)
26158
#: serverguide/C/file-server.xml:750(para)
25627
26159
msgid ""
25628
26160
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
25629
26161
"instead, as in:"
25630
26162
msgstr "或者忽略 Listen 语句并使用 <emphasis>Port</emphasis> 来代替,如:"
25631
26163
25632
#: serverguide/C/file-server.xml:751(screen)
26164
#: serverguide/C/file-server.xml:752(screen)
25633
26165
#, no-wrap
25634
26166
msgid ""
25635
26167
"\n"
25638
26170
"\n"
25639
26171
"Port 631 # Listen on port 631 on all interfaces\n"
25640
26172
25641
#: serverguide/C/file-server.xml:758(para)
26173
#: serverguide/C/file-server.xml:759(para)
25642
26174
msgid ""
25643
26175
"For more examples of configuration directives in the CUPS server "
25644
26176
"configuration file, view the associated system manual page by entering the "
25645
26177
"following command at a terminal prompt:"
25646
26178
msgstr "关于 CUPS 服务器配置文件中配置语句的更多范例,通过在终端提示符后输入以下命令可以查阅相关的系统手册页:"
25647
26179
25648
#: serverguide/C/file-server.xml:765(command)
26180
#: serverguide/C/file-server.xml:766(command)
25649
26181
msgid "man cupsd.conf"
25650
26182
msgstr "man cupsd.conf"
25651
26183
25652
#: serverguide/C/file-server.xml:769(para)
26184
#: serverguide/C/file-server.xml:770(para)
25653
26185
msgid ""
25654
26186
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
25655
26187
"configuration file, you'll need to restart the CUPS server by typing the "
25662
26194
msgid "sudo service cups restart"
25663
26195
msgstr ""
25664
26196
25665
#: serverguide/C/file-server.xml:781(title)
26197
#: serverguide/C/file-server.xml:782(title)
25666
26198
msgid "Web Interface"
25667
26199
msgstr ""
25668
26200
25669
#: serverguide/C/file-server.xml:783(para)
26201
#: serverguide/C/file-server.xml:784(para)
25670
26202
msgid ""
25671
26203
"CUPS can be configured and monitored using a web interface, which by default "
25672
26204
"is available at <ulink "
25674
26206
"web interface can be used to perform all printer management tasks."
25675
26207
msgstr ""
25676
26208
25677
#: serverguide/C/file-server.xml:787(para)
26209
#: serverguide/C/file-server.xml:788(para)
25678
26210
msgid ""
25679
26211
"In order to perform administrative tasks via the web interface, you must "
25680
26212
"either have the root account enabled on your server, or authenticate as a "
25682
26214
"reasons, CUPS won't authenticate a user that doesn't have a password."
25683
26215
msgstr ""
25684
26216
25685
#: serverguide/C/file-server.xml:790(para)
26217
#: serverguide/C/file-server.xml:791(para)
25686
26218
msgid ""
25687
26219
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
25688
26220
"at the terminal prompt: <screen>\n"
25690
26222
"</screen>"
25691
26223
msgstr ""
25692
26224
25693
#: serverguide/C/file-server.xml:796(para)
26225
#: serverguide/C/file-server.xml:797(para)
25694
26226
msgid ""
25695
26227
"Further documentation is available in the <emphasis "
25696
26228
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
25697
26229
msgstr ""
25698
26230
25699
#: serverguide/C/file-server.xml:804(ulink)
26231
#: serverguide/C/file-server.xml:805(ulink)
25700
26232
msgid "CUPS Website"
25701
26233
msgstr "CUPS 网络"
25702
26234
25831
26363
"prompt:"
25832
26364
msgstr ""
25833
26365
25834
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
26366
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
25835
26367
msgid "sudo service bind9 restart"
25836
26368
msgstr ""
25837
26369
25881
26413
"command below.)"
25882
26414
msgstr ""
25883
26415
25884
#: serverguide/C/dns.xml:145(para)
26416
#: serverguide/C/dns.xml:141(para)
25885
26417
msgid ""
25886
26418
"Now use an existing zone file as a template to create the "
25887
26419
"<filename>/etc/bind/db.example.com</filename> file:"
25888
26420
msgstr ""
25889
26421
25890
#: serverguide/C/dns.xml:149(command)
26422
#: serverguide/C/dns.xml:145(command)
25891
26423
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
25892
26424
msgstr ""
25893
26425
25894
#: serverguide/C/dns.xml:151(para)
26426
#: serverguide/C/dns.xml:147(para)
25895
26427
msgid ""
25896
26428
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
25897
26429
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
25902
26434
"this file is for."
25903
26435
msgstr ""
25904
26436
25905
#: serverguide/C/dns.xml:158(para)
26437
#: serverguide/C/dns.xml:154(para)
25906
26438
msgid ""
25907
26439
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
25908
26440
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
25910
26442
"the name server in this example:"
25911
26443
msgstr ""
25912
26444
25913
#: serverguide/C/dns.xml:163(programlisting)
26445
#: serverguide/C/dns.xml:159(programlisting)
25914
26446
#, no-wrap
25915
26447
msgid ""
25916
26448
"\n"
25932
26464
"ns IN A 192.168.1.10\n"
25933
26465
msgstr ""
25934
26466
25935
#: serverguide/C/dns.xml:181(para)
26467
#: serverguide/C/dns.xml:177(para)
25936
26468
msgid ""
25937
26469
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25938
26470
"make changes to the zone file. If you make multiple changes before "
25939
26471
"restarting BIND9, simply increment the Serial once."
25940
26472
msgstr ""
25941
26473
25942
#: serverguide/C/dns.xml:185(para)
26474
#: serverguide/C/dns.xml:181(para)
25943
26475
msgid ""
25944
26476
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25945
26477
"linkend=\"dns-record-types\"/> for details."
25946
26478
msgstr ""
25947
26479
25948
#: serverguide/C/dns.xml:189(para)
26480
#: serverguide/C/dns.xml:185(para)
25949
26481
msgid ""
25950
26482
"Many admins like to use the last date edited as the serial of a zone, such "
25951
26483
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25952
26484
"<emphasis>ss</emphasis> is the Serial Number)"
25953
26485
msgstr ""
25954
26486
25955
#: serverguide/C/dns.xml:194(para)
26487
#: serverguide/C/dns.xml:190(para)
25956
26488
msgid ""
25957
26489
"Once you have made changes to the zone file <application>BIND9</application> "
25958
26490
"needs to be restarted for the changes to take effect:"
25959
26491
msgstr ""
25960
26492
25961
#: serverguide/C/dns.xml:203(title)
26493
#: serverguide/C/dns.xml:199(title)
25962
26494
msgid "Reverse Zone File"
25963
26495
msgstr ""
25964
26496
25965
#: serverguide/C/dns.xml:204(para)
26497
#: serverguide/C/dns.xml:200(para)
25966
26498
msgid ""
25967
26499
"Now that the zone is setup and resolving names to IP Adresses a "
25968
26500
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25969
26501
"DNS to resolve an address to a name."
25970
26502
msgstr ""
25971
26503
25972
#: serverguide/C/dns.xml:208(para)
26504
#: serverguide/C/dns.xml:204(para)
25973
26505
msgid "Edit /etc/bind/named.conf.local and add the following:"
25974
26506
msgstr ""
25975
26507
25976
#: serverguide/C/dns.xml:211(programlisting)
26508
#: serverguide/C/dns.xml:207(programlisting)
25977
26509
#, no-wrap
25978
26510
msgid ""
25979
26511
"\n"
25983
26515
"};\n"
25984
26516
msgstr ""
25985
26517
25986
#: serverguide/C/dns.xml:218(para)
26518
#: serverguide/C/dns.xml:214(para)
25987
26519
msgid ""
25988
26520
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
25989
26521
"whatever network you are using. Also, name the zone file "
25991
26523
"first octet of your network."
25992
26524
msgstr ""
25993
26525
25994
#: serverguide/C/dns.xml:223(para)
26526
#: serverguide/C/dns.xml:219(para)
25995
26527
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
25996
26528
msgstr ""
25997
26529
25998
#: serverguide/C/dns.xml:227(command)
26530
#: serverguide/C/dns.xml:223(command)
25999
26531
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
26000
26532
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
26001
26533
26002
#: serverguide/C/dns.xml:229(para)
26534
#: serverguide/C/dns.xml:225(para)
26003
26535
msgid ""
26004
26536
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
26005
26537
"same options as <filename>/etc/bind/db.example.com</filename>:"
26006
26538
msgstr ""
26007
26539
26008
#: serverguide/C/dns.xml:233(programlisting)
26540
#: serverguide/C/dns.xml:229(programlisting)
26009
26541
#, no-wrap
26010
26542
msgid ""
26011
26543
"\n"
26024
26556
"10 IN PTR ns.example.com.\n"
26025
26557
msgstr ""
26026
26558
26027
#: serverguide/C/dns.xml:248(para)
26559
#: serverguide/C/dns.xml:244(para)
26028
26560
msgid ""
26029
26561
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
26030
26562
"incremented on each change as well. For each <emphasis>A record</emphasis> "
26033
26565
"<filename>/etc/bind/db.192</filename>."
26034
26566
msgstr ""
26035
26567
26036
#: serverguide/C/dns.xml:253(para)
26568
#: serverguide/C/dns.xml:249(para)
26037
26569
msgid ""
26038
26570
"After creating the reverse zone file restart "
26039
26571
"<application>BIND9</application>:"
26040
26572
msgstr ""
26041
26573
26042
#: serverguide/C/dns.xml:262(title)
26574
#: serverguide/C/dns.xml:258(title)
26043
26575
msgid "Secondary Master"
26044
26576
msgstr ""
26045
26577
26046
#: serverguide/C/dns.xml:263(para)
26578
#: serverguide/C/dns.xml:259(para)
26047
26579
msgid ""
26048
26580
"Once a <emphasis>Primary Master</emphasis> has been configured a "
26049
26581
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
26050
26582
"availability of the domain should the Primary become unavailable."
26051
26583
msgstr ""
26052
26584
26053
#: serverguide/C/dns.xml:267(para)
26585
#: serverguide/C/dns.xml:263(para)
26054
26586
msgid ""
26055
26587
"First, on the Primary Master server, the zone transfer needs to be allowed. "
26056
26588
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
26058
26590
"<filename>/etc/bind/named.conf.local</filename>:"
26059
26591
msgstr ""
26060
26592
26061
#: serverguide/C/dns.xml:271(programlisting)
26593
#: serverguide/C/dns.xml:267(programlisting)
26062
26594
#, no-wrap
26063
26595
msgid ""
26064
26596
"\n"
26075
26607
"};\n"
26076
26608
msgstr ""
26077
26609
26078
#: serverguide/C/dns.xml:285(para)
26610
#: serverguide/C/dns.xml:281(para)
26079
26611
msgid ""
26080
26612
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
26081
26613
"Secondary nameserver."
26082
26614
msgstr ""
26083
26615
26084
#: serverguide/C/dns.xml:289(para)
26616
#: serverguide/C/dns.xml:285(para)
26085
26617
msgid "Restart <application>BIND9</application> on the Primary Master:"
26086
26618
msgstr ""
26087
26619
26088
#: serverguide/C/dns.xml:295(para)
26620
#: serverguide/C/dns.xml:291(para)
26089
26621
msgid ""
26090
26622
"Next, on the Secondary Master, install the <application>bind9</application> "
26091
26623
"package the same way as on the Primary. Then edit the "
26093
26625
"declarations for the Forward and Reverse zones:"
26094
26626
msgstr ""
26095
26627
26096
#: serverguide/C/dns.xml:299(programlisting)
26628
#: serverguide/C/dns.xml:295(programlisting)
26097
26629
#, no-wrap
26098
26630
msgid ""
26099
26631
"\n"
26110
26642
"};\n"
26111
26643
msgstr ""
26112
26644
26113
#: serverguide/C/dns.xml:313(para)
26645
#: serverguide/C/dns.xml:309(para)
26114
26646
msgid ""
26115
26647
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
26116
26648
"Primary nameserver."
26117
26649
msgstr ""
26118
26650
26119
#: serverguide/C/dns.xml:317(para)
26651
#: serverguide/C/dns.xml:313(para)
26120
26652
msgid "Restart <application>BIND9</application> on the Secondary Master:"
26121
26653
msgstr ""
26122
26654
26123
#: serverguide/C/dns.xml:323(para)
26655
#: serverguide/C/dns.xml:319(para)
26124
26656
msgid ""
26125
26657
"In <filename>/var/log/syslog</filename> you should see something similar to "
26126
26658
"(some lines have been split to fit the format of this document):"
26127
26659
msgstr ""
26128
26660
26129
#: serverguide/C/dns.xml:326(programlisting)
26661
#: serverguide/C/dns.xml:322(programlisting)
26130
26662
#, no-wrap
26131
26663
msgid ""
26132
26664
"\n"
26151
26683
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
26152
26684
msgstr ""
26153
26685
26154
#: serverguide/C/dns.xml:345(para)
26686
#: serverguide/C/dns.xml:341(para)
26155
26687
msgid ""
26156
26688
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
26157
26689
"on the Primary is larger than the one on the Secondary. If you want to have "
26161
26693
"below:"
26162
26694
msgstr ""
26163
26695
26164
#: serverguide/C/dns.xml:349(programlisting)
26696
#: serverguide/C/dns.xml:345(programlisting)
26165
26697
#, no-wrap
26166
26698
msgid ""
26167
26699
"\n"
26181
26713
"\t"
26182
26714
msgstr ""
26183
26715
26184
#: serverguide/C/dns.xml:365(para)
26716
#: serverguide/C/dns.xml:361(para)
26185
26717
msgid ""
26186
26718
"The default directory for non-authoritative zone files is "
26187
26719
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
26190
26722
"on AppArmor see <xref linkend=\"apparmor\"/>."
26191
26723
msgstr ""
26192
26724
26193
#: serverguide/C/dns.xml:376(para)
26725
#: serverguide/C/dns.xml:372(para)
26194
26726
msgid ""
26195
26727
"This section covers ways to help determine the cause when problems happen "
26196
26728
"with DNS and <application>BIND9</application>."
26197
26729
msgstr ""
26198
26730
26199
#: serverguide/C/dns.xml:382(title)
26731
#: serverguide/C/dns.xml:378(title)
26200
26732
msgid "resolv.conf"
26201
26733
msgstr "resolv.conf"
26202
26734
26210
26742
"<filename>/etc/resolv.conf</filename> contains (for this example):"
26211
26743
msgstr ""
26212
26744
26213
#: serverguide/C/dns.xml:389(programlisting)
26745
#: serverguide/C/dns.xml:384(programlisting)
26214
26746
#, no-wrap
26215
26747
msgid ""
26216
26748
"\n"
26226
26758
"to RESOLVCONF=yes."
26227
26759
msgstr ""
26228
26760
26229
#: serverguide/C/dns.xml:398(para)
26761
#: serverguide/C/dns.xml:389(para)
26230
26762
msgid ""
26231
26763
"You should also add the IP Address of the Secondary nameserver in case the "
26232
26764
"Primary becomes unavailable."
26233
26765
msgstr ""
26234
26766
26235
#: serverguide/C/dns.xml:404(title)
26767
#: serverguide/C/dns.xml:395(title)
26236
26768
msgid "dig"
26237
26769
msgstr "dig"
26238
26770
26239
#: serverguide/C/dns.xml:405(para)
26771
#: serverguide/C/dns.xml:396(para)
26240
26772
msgid ""
26241
26773
"If you installed the <application>dnsutils</application> package you can "
26242
26774
"test your setup using the DNS lookup utility <application>dig</application>:"
26243
26775
msgstr ""
26244
26776
26245
#: serverguide/C/dns.xml:411(para)
26777
#: serverguide/C/dns.xml:402(para)
26246
26778
msgid ""
26247
26779
"After installing <application>BIND9</application> use "
26248
26780
"<application>dig</application> against the loopback interface to make sure "
26249
26781
"it is listening on port 53. From a terminal prompt:"
26250
26782
msgstr ""
26251
26783
26252
#: serverguide/C/dns.xml:416(command)
26784
#: serverguide/C/dns.xml:407(command)
26253
26785
msgid "dig -x 127.0.0.1"
26254
26786
msgstr "dig -x 127.0.0.1"
26255
26787
26256
#: serverguide/C/dns.xml:418(para)
26788
#: serverguide/C/dns.xml:409(para)
26257
26789
msgid "You should see lines similar to the following in the command output:"
26258
26790
msgstr ""
26259
26791
26260
#: serverguide/C/dns.xml:421(programlisting)
26792
#: serverguide/C/dns.xml:412(programlisting)
26261
26793
#, no-wrap
26262
26794
msgid ""
26263
26795
"\n"
26265
26797
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
26266
26798
msgstr ""
26267
26799
26268
#: serverguide/C/dns.xml:427(para)
26800
#: serverguide/C/dns.xml:418(para)
26269
26801
msgid ""
26270
26802
"If you have configured <application>BIND9</application> as a "
26271
26803
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
26272
26804
"the query time:"
26273
26805
msgstr ""
26274
26806
26275
#: serverguide/C/dns.xml:432(command)
26807
#: serverguide/C/dns.xml:423(command)
26276
26808
msgid "dig ubuntu.com"
26277
26809
msgstr "dig ubuntu.com"
26278
26810
26279
#: serverguide/C/dns.xml:434(para)
26811
#: serverguide/C/dns.xml:425(para)
26280
26812
msgid "Note the query time toward the end of the command output:"
26281
26813
msgstr ""
26282
26814
26283
#: serverguide/C/dns.xml:437(programlisting)
26815
#: serverguide/C/dns.xml:428(programlisting)
26284
26816
#, no-wrap
26285
26817
msgid ""
26286
26818
"\n"
26287
26819
";; Query time: 49 msec\n"
26288
26820
msgstr ""
26289
26821
26290
#: serverguide/C/dns.xml:440(para)
26822
#: serverguide/C/dns.xml:431(para)
26291
26823
msgid "After a second dig there should be improvement:"
26292
26824
msgstr ""
26293
26825
26294
#: serverguide/C/dns.xml:443(programlisting)
26826
#: serverguide/C/dns.xml:434(programlisting)
26295
26827
#, no-wrap
26296
26828
msgid ""
26297
26829
"\n"
26298
26830
";; Query time: 1 msec\n"
26299
26831
msgstr ""
26300
26832
26301
#: serverguide/C/dns.xml:450(title)
26833
#: serverguide/C/dns.xml:441(title)
26302
26834
msgid "ping"
26303
26835
msgstr "ping"
26304
26836
26305
#: serverguide/C/dns.xml:452(para)
26837
#: serverguide/C/dns.xml:443(para)
26306
26838
msgid ""
26307
26839
"Now to demonstrate how applications make use of DNS to resolve a host name "
26308
26840
"use the <application>ping</application> utility to send an ICMP echo "
26309
26841
"request. From a terminal prompt enter:"
26310
26842
msgstr ""
26311
26843
26312
#: serverguide/C/dns.xml:458(command)
26844
#: serverguide/C/dns.xml:449(command)
26313
26845
msgid "ping example.com"
26314
26846
msgstr "ping example.com"
26315
26847
26316
#: serverguide/C/dns.xml:460(para)
26848
#: serverguide/C/dns.xml:451(para)
26317
26849
msgid ""
26318
26850
"This tests if the nameserver can resolve the name "
26319
26851
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
26320
26852
"should resemble:"
26321
26853
msgstr ""
26322
26854
26323
#: serverguide/C/dns.xml:464(programlisting)
26855
#: serverguide/C/dns.xml:455(programlisting)
26324
26856
#, no-wrap
26325
26857
msgid ""
26326
26858
"\n"
26329
26861
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
26330
26862
msgstr ""
26331
26863
26332
#: serverguide/C/dns.xml:471(title)
26864
#: serverguide/C/dns.xml:462(title)
26333
26865
msgid "named-checkzone"
26334
26866
msgstr "named-checkzone"
26335
26867
26336
#: serverguide/C/dns.xml:472(para)
26868
#: serverguide/C/dns.xml:463(para)
26337
26869
msgid ""
26338
26870
"A great way to test your zone files is by using the <application>named-"
26339
26871
"checkzone</application> utility installed with the "
26342
26874
"<application>BIND9</application> and making the changes live."
26343
26875
msgstr ""
26344
26876
26345
#: serverguide/C/dns.xml:479(para)
26877
#: serverguide/C/dns.xml:470(para)
26346
26878
msgid ""
26347
26879
"To test our example Forward zone file enter the following from a command "
26348
26880
"prompt:"
26349
26881
msgstr ""
26350
26882
26351
#: serverguide/C/dns.xml:483(command)
26883
#: serverguide/C/dns.xml:474(command)
26352
26884
msgid "named-checkzone example.com /etc/bind/db.example.com"
26353
26885
msgstr "named-checkzone example.com /etc/bind/db.example.com"
26354
26886
26355
#: serverguide/C/dns.xml:485(para)
26887
#: serverguide/C/dns.xml:476(para)
26356
26888
msgid ""
26357
26889
"If everything is configured correctly you should see output similar to:"
26358
26890
msgstr ""
26359
26891
26360
#: serverguide/C/dns.xml:488(programlisting)
26892
#: serverguide/C/dns.xml:479(programlisting)
26361
26893
#, no-wrap
26362
26894
msgid ""
26363
26895
"\n"
26365
26897
"OK\n"
26366
26898
msgstr ""
26367
26899
26368
#: serverguide/C/dns.xml:494(para)
26900
#: serverguide/C/dns.xml:485(para)
26369
26901
msgid "Similarly, to test the Reverse zone file enter the following:"
26370
26902
msgstr ""
26371
26903
26372
#: serverguide/C/dns.xml:498(command)
26904
#: serverguide/C/dns.xml:489(command)
26373
26905
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
26374
26906
msgstr ""
26375
26907
26376
#: serverguide/C/dns.xml:500(para)
26908
#: serverguide/C/dns.xml:491(para)
26377
26909
msgid "The output should be similar to:"
26378
26910
msgstr ""
26379
26911
26380
#: serverguide/C/dns.xml:503(programlisting)
26912
#: serverguide/C/dns.xml:494(programlisting)
26381
26913
#, no-wrap
26382
26914
msgid ""
26383
26915
"\n"
26385
26917
"OK\n"
26386
26918
msgstr ""
26387
26919
26388
#: serverguide/C/dns.xml:510(para)
26920
#: serverguide/C/dns.xml:501(para)
26389
26921
msgid ""
26390
26922
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
26391
26923
"different."
26392
26924
msgstr ""
26393
26925
26394
#: serverguide/C/dns.xml:518(para)
26926
#: serverguide/C/dns.xml:509(para)
26395
26927
msgid ""
26396
26928
"<application>BIND9</application> has a wide variety of logging configuration "
26397
26929
"options available. There are two main options. The "
26399
26931
"<emphasis>category</emphasis> option determines what information to log."
26400
26932
msgstr ""
26401
26933
26402
#: serverguide/C/dns.xml:522(para)
26934
#: serverguide/C/dns.xml:513(para)
26403
26935
msgid "If no logging option is configured the default option is:"
26404
26936
msgstr ""
26405
26937
26406
#: serverguide/C/dns.xml:525(programlisting)
26938
#: serverguide/C/dns.xml:516(programlisting)
26407
26939
#, no-wrap
26408
26940
msgid ""
26409
26941
"\n"
26413
26945
"};\n"
26414
26946
msgstr ""
26415
26947
26416
#: serverguide/C/dns.xml:531(para)
26948
#: serverguide/C/dns.xml:522(para)
26417
26949
msgid ""
26418
26950
"This section covers configuring <application>BIND9</application> to send "
26419
26951
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
26420
26952
"file."
26421
26953
msgstr ""
26422
26954
26423
#: serverguide/C/dns.xml:536(para)
26955
#: serverguide/C/dns.xml:527(para)
26424
26956
msgid ""
26425
26957
"First, we need to configure a channel to specify which file to send the "
26426
26958
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
26427
26959
"the following:"
26428
26960
msgstr ""
26429
26961
26430
#: serverguide/C/dns.xml:540(programlisting)
26962
#: serverguide/C/dns.xml:531(programlisting)
26431
26963
#, no-wrap
26432
26964
msgid ""
26433
26965
"\n"
26439
26971
"};\n"
26440
26972
msgstr ""
26441
26973
26442
#: serverguide/C/dns.xml:550(para)
26974
#: serverguide/C/dns.xml:541(para)
26443
26975
msgid "Next, configure a category to send all DNS queries to the query file:"
26444
26976
msgstr ""
26445
26977
26446
#: serverguide/C/dns.xml:553(programlisting)
26978
#: serverguide/C/dns.xml:544(programlisting)
26447
26979
#, no-wrap
26448
26980
msgid ""
26449
26981
"\n"
26456
26988
"};\n"
26457
26989
msgstr ""
26458
26990
26459
#: serverguide/C/dns.xml:565(para)
26991
#: serverguide/C/dns.xml:556(para)
26460
26992
msgid ""
26461
26993
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
26462
26994
"level isn't specified level 1 is the default."
26463
26995
msgstr ""
26464
26996
26465
#: serverguide/C/dns.xml:571(para)
26997
#: serverguide/C/dns.xml:562(para)
26466
26998
msgid ""
26467
26999
"Since the <emphasis>named daemon</emphasis> runs as the "
26468
27000
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
26469
27001
"file must be created and the ownership changed:"
26470
27002
msgstr ""
26471
27003
26472
#: serverguide/C/dns.xml:576(command)
27004
#: serverguide/C/dns.xml:567(command)
26473
27005
msgid "sudo touch /var/log/query.log"
26474
27006
msgstr "sudo touch /var/log/query.log"
26475
27007
26476
#: serverguide/C/dns.xml:577(command)
27008
#: serverguide/C/dns.xml:568(command)
26477
27009
msgid "sudo chown bind /var/log/query.log"
26478
27010
msgstr "sudo chown bind /var/log/query.log"
26479
27011
26480
#: serverguide/C/dns.xml:581(para)
27012
#: serverguide/C/dns.xml:572(para)
26481
27013
msgid ""
26482
27014
"Before <application>named</application> daemon can write to the new log file "
26483
27015
"the <application>AppArmor</application> profile must be updated. First, edit "
26484
27016
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
26485
27017
msgstr ""
26486
27018
26487
#: serverguide/C/dns.xml:585(programlisting)
27019
#: serverguide/C/dns.xml:576(programlisting)
26488
27020
#, no-wrap
26489
27021
msgid ""
26490
27022
"\n"
26491
27023
"/var/log/query.log w,\n"
26492
27024
msgstr ""
26493
27025
26494
#: serverguide/C/dns.xml:588(para)
27026
#: serverguide/C/dns.xml:579(para)
26495
27027
msgid "Next, reload the profile:"
26496
27028
msgstr ""
26497
27029
26498
#: serverguide/C/dns.xml:592(command)
27030
#: serverguide/C/dns.xml:583(command)
26499
27031
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
26500
27032
msgstr ""
26501
27033
26502
#: serverguide/C/dns.xml:594(para)
27034
#: serverguide/C/dns.xml:585(para)
26503
27035
msgid ""
26504
27036
"For more information on <application>AppArmor</application> see <xref "
26505
27037
"linkend=\"apparmor\"/>"
26506
27038
msgstr ""
26507
27039
26508
#: serverguide/C/dns.xml:599(para)
27040
#: serverguide/C/dns.xml:590(para)
26509
27041
msgid ""
26510
27042
"Now restart <application>BIND9</application> for the changes to take effect:"
26511
27043
msgstr ""
26512
27044
26513
#: serverguide/C/dns.xml:607(para)
27045
#: serverguide/C/dns.xml:598(para)
26514
27046
msgid ""
26515
27047
"You should see the file <filename>/var/log/query.log</filename> fill with "
26516
27048
"query information. This is a simple example of the "
26518
27050
"options see <xref linkend=\"dns-more-info\"/>."
26519
27051
msgstr ""
26520
27052
26521
#: serverguide/C/dns.xml:616(title)
27053
#: serverguide/C/dns.xml:607(title)
26522
27054
msgid "Common Record Types"
26523
27055
msgstr ""
26524
27056
26525
#: serverguide/C/dns.xml:617(para)
27057
#: serverguide/C/dns.xml:608(para)
26526
27058
msgid "This section covers some of the most common DNS record types."
26527
27059
msgstr ""
26528
27060
26529
#: serverguide/C/dns.xml:622(para)
27061
#: serverguide/C/dns.xml:613(para)
26530
27062
msgid ""
26531
27063
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26532
27064
msgstr ""
26533
27065
26534
#: serverguide/C/dns.xml:625(programlisting)
27066
#: serverguide/C/dns.xml:616(programlisting)
26535
27067
#, no-wrap
26536
27068
msgid ""
26537
27069
"\n"
26540
27072
"\n"
26541
27073
"www IN A 192.168.1.12\n"
26542
27074
26543
#: serverguide/C/dns.xml:630(para)
27075
#: serverguide/C/dns.xml:621(para)
26544
27076
msgid ""
26545
27077
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26546
27078
"record. You cannot create a CNAME record pointing to another CNAME record."
26547
27079
msgstr ""
26548
27080
26549
#: serverguide/C/dns.xml:633(programlisting)
27081
#: serverguide/C/dns.xml:624(programlisting)
26550
27082
#, no-wrap
26551
27083
msgid ""
26552
27084
"\n"
26555
27087
"\n"
26556
27088
"web IN CNAME www\n"
26557
27089
26558
#: serverguide/C/dns.xml:638(para)
27090
#: serverguide/C/dns.xml:629(para)
26559
27091
msgid ""
26560
27092
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26561
27093
"to. Must point to an A record, not a CNAME."
26562
27094
msgstr ""
26563
27095
26564
#: serverguide/C/dns.xml:641(programlisting)
27096
#: serverguide/C/dns.xml:632(programlisting)
26565
27097
#, no-wrap
26566
27098
msgid ""
26567
27099
"\n"
26569
27101
"mail IN A 192.168.1.13\n"
26570
27102
msgstr ""
26571
27103
26572
#: serverguide/C/dns.xml:647(para)
27104
#: serverguide/C/dns.xml:638(para)
26573
27105
msgid ""
26574
27106
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
26575
27107
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
26576
27108
"Secondary servers are defined."
26577
27109
msgstr ""
26578
27110
26579
#: serverguide/C/dns.xml:651(programlisting)
27111
#: serverguide/C/dns.xml:642(programlisting)
26580
27112
#, no-wrap
26581
27113
msgid ""
26582
27114
"\n"
26586
27118
"ns2 IN A 192.168.1.11\n"
26587
27119
msgstr ""
26588
27120
26589
#: serverguide/C/dns.xml:661(title)
27121
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
26590
27122
msgid "More Information"
26591
27123
msgstr "更多信息"
26592
27124
26617
27149
"BIND on IPv6</ulink> book."
26618
27150
msgstr ""
26619
27151
26620
#: serverguide/C/dns.xml:684(para)
27152
#: serverguide/C/dns.xml:670(para)
26621
27153
msgid ""
26622
27154
"A great place to ask for <application>BIND9</application> assistance, and "
26623
27155
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
26800
27332
"Components</link> describes the components of the DM-Multipath package."
26801
27333
msgstr ""
26802
27334
26803
#: serverguide/C/dm-multipath.xml:183(title)
27335
#: serverguide/C/dm-multipath.xml:184(title)
26804
27336
msgid "DM-Multipath Setup Overview"
26805
27337
msgstr ""
26806
27338
26807
#: serverguide/C/dm-multipath.xml:190(para)
27339
#: serverguide/C/dm-multipath.xml:191(para)
26808
27340
msgid ""
26809
27341
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26810
27342
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26811
27343
msgstr ""
26812
27344
26813
#: serverguide/C/dm-multipath.xml:196(para)
27345
#: serverguide/C/dm-multipath.xml:197(para)
26814
27346
msgid ""
26815
27347
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26816
27348
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26817
27349
msgstr ""
26818
27350
26819
#: serverguide/C/dm-multipath.xml:202(para)
27351
#: serverguide/C/dm-multipath.xml:203(para)
26820
27352
msgid ""
26821
27353
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26822
27354
"configuration file to modify default values and save the updated file."
26823
27355
msgstr ""
26824
27356
26825
#: serverguide/C/dm-multipath.xml:208(para)
27357
#: serverguide/C/dm-multipath.xml:209(para)
26826
27358
msgid "Start the multipath daemon"
26827
27359
msgstr ""
26828
27360
26829
#: serverguide/C/dm-multipath.xml:212(para)
27361
#: serverguide/C/dm-multipath.xml:213(para)
26830
27362
msgid "Update initial ramdisk"
26831
27363
msgstr ""
26832
27364
26833
#: serverguide/C/dm-multipath.xml:185(para)
27365
#: serverguide/C/dm-multipath.xml:186(para)
26834
27366
msgid ""
26835
27367
"DM-Multipath includes compiled-in default settings that are suitable for "
26836
27368
"common multipath configurations. Setting up DM-multipath is often a simple "
26840
27372
"overview\">Setting Up DM-Multipath</link>."
26841
27373
msgstr ""
26842
27374
26843
#: serverguide/C/dm-multipath.xml:222(title)
27375
#: serverguide/C/dm-multipath.xml:223(title)
26844
27376
msgid "Multipath Devices"
26845
27377
msgstr ""
26846
27378
26847
#: serverguide/C/dm-multipath.xml:224(para)
27379
#: serverguide/C/dm-multipath.xml:225(para)
26848
27380
msgid ""
26849
27381
"Without DM-Multipath, each path from a server node to a storage controller "
26850
27382
"is treated by the system as a separate device, even when the I/O path "
26853
27385
"multipath device on top of the underlying devices."
26854
27386
msgstr ""
26855
27387
26856
#: serverguide/C/dm-multipath.xml:232(title)
27388
#: serverguide/C/dm-multipath.xml:233(title)
26857
27389
msgid "Multipath Device Identifiers"
26858
27390
msgstr ""
26859
27391
26860
#: serverguide/C/dm-multipath.xml:260(para)
27392
#: serverguide/C/dm-multipath.xml:261(para)
26861
27393
msgid ""
26862
27394
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
26863
27395
"early in the boot process. Use these devices to access the multipathed "
26864
27396
"devices, for example when creating logical volumes."
26865
27397
msgstr ""
26866
27398
26867
#: serverguide/C/dm-multipath.xml:267(para)
27399
#: serverguide/C/dm-multipath.xml:268(para)
26868
27400
msgid ""
26869
27401
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
26870
27402
"internal use only and should never be used."
26910
27442
"Device Configuration Attributes</link>."
26911
27443
msgstr ""
26912
27444
26913
#: serverguide/C/dm-multipath.xml:288(title)
27445
#: serverguide/C/dm-multipath.xml:289(title)
26914
27446
msgid "Consistent Multipath Device Names in a Cluster"
26915
27447
msgstr ""
26916
27448
26917
#: serverguide/C/dm-multipath.xml:290(para)
27449
#: serverguide/C/dm-multipath.xml:291(para)
26918
27450
msgid ""
26919
27451
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26920
27452
"configuration option is set to yes, the name of the multipath device is "
26937
27469
"procedure:"
26938
27470
msgstr ""
26939
27471
26940
#: serverguide/C/dm-multipath.xml:312(para)
27472
#: serverguide/C/dm-multipath.xml:313(para)
26941
27473
msgid "Set up all of the multipath devices on one machine."
26942
27474
msgstr ""
26943
27475
26944
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
27476
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26945
27477
msgid ""
26946
27478
"Disable all of your multipath devices on your other machines by running the "
26947
27479
"following commands:"
26948
27480
msgstr ""
26949
27481
26950
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
27482
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26951
27483
#, no-wrap
26952
27484
msgid ""
26953
27485
"# service multipath-tools stop\n"
26954
27486
"# multipath -F\n"
26955
27487
msgstr ""
26956
27488
26957
#: serverguide/C/dm-multipath.xml:325(para)
27489
#: serverguide/C/dm-multipath.xml:326(para)
26958
27490
msgid ""
26959
27491
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26960
27492
"machine to all the other machines in the cluster."
26961
27493
msgstr ""
26962
27494
26963
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
27495
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26964
27496
msgid ""
26965
27497
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26966
27498
"running the following command:"
26967
27499
msgstr ""
26968
27500
26969
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
27501
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26970
27502
#, no-wrap
26971
27503
msgid "# service multipath-tools start"
26972
27504
msgstr ""
26973
27505
26974
#: serverguide/C/dm-multipath.xml:338(para)
27506
#: serverguide/C/dm-multipath.xml:339(para)
26975
27507
msgid "If you add a new device, you will need to repeat this process."
26976
27508
msgstr ""
26977
27509
26978
#: serverguide/C/dm-multipath.xml:341(para)
27510
#: serverguide/C/dm-multipath.xml:342(para)
26979
27511
msgid ""
26980
27512
"Similarly, if you configure an alias for a device that you would like to be "
26981
27513
"consistent across the nodes in the cluster, you should ensure that the "
26983
27515
"the cluster by following the same procedure:"
26984
27516
msgstr ""
26985
27517
26986
#: serverguide/C/dm-multipath.xml:348(para)
27518
#: serverguide/C/dm-multipath.xml:349(para)
26987
27519
msgid ""
26988
27520
"Configure the aliases for the multipath devices in the in the "
26989
27521
"<filename>multipath.conf</filename> file on one machine."
26990
27522
msgstr ""
26991
27523
26992
#: serverguide/C/dm-multipath.xml:362(para)
27524
#: serverguide/C/dm-multipath.xml:363(para)
26993
27525
msgid ""
26994
27526
"Copy the <filename>multipath.conf</filename> file from the first machine to "
26995
27527
"all the other machines in the cluster."
26996
27528
msgstr ""
26997
27529
26998
#: serverguide/C/dm-multipath.xml:374(para)
27530
#: serverguide/C/dm-multipath.xml:375(para)
26999
27531
msgid "When you add a new device you will need to repeat this process."
27000
27532
msgstr ""
27001
27533
27002
#: serverguide/C/dm-multipath.xml:379(title)
27534
#: serverguide/C/dm-multipath.xml:380(title)
27003
27535
msgid "Multipath Device attributes"
27004
27536
msgstr ""
27005
27537
27006
#: serverguide/C/dm-multipath.xml:381(para)
27538
#: serverguide/C/dm-multipath.xml:382(para)
27007
27539
msgid ""
27008
27540
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
27009
27541
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
27016
27548
"linkend=\"multipath-config-multipath\"/>\"."
27017
27549
msgstr ""
27018
27550
27019
#: serverguide/C/dm-multipath.xml:394(title)
27551
#: serverguide/C/dm-multipath.xml:395(title)
27020
27552
msgid "Multipath Devices in Logical Volumes"
27021
27553
msgstr ""
27022
27554
27023
#: serverguide/C/dm-multipath.xml:396(para)
27555
#: serverguide/C/dm-multipath.xml:397(para)
27024
27556
msgid ""
27025
27557
"After creating multipath devices, you can use the multipath device names "
27026
27558
"just as you would use a physical device name when creating an LVM physical "
27031
27563
"you would use any other LVM physical device."
27032
27564
msgstr ""
27033
27565
27034
#: serverguide/C/dm-multipath.xml:405(para)
27566
#: serverguide/C/dm-multipath.xml:406(para)
27035
27567
msgid ""
27036
27568
"If you attempt to create an LVM physical volume on a whole device on which "
27037
27569
"you have configured partitions, the pvcreate command will fail."
27038
27570
msgstr ""
27039
27571
27040
#: serverguide/C/dm-multipath.xml:425(para)
27572
#: serverguide/C/dm-multipath.xml:426(para)
27041
27573
msgid ""
27042
27574
"Every time either <filename>/etc/lvm.conf</filename> or "
27043
27575
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
27045
27577
"filters are necessary to maintain a stable storage configuration."
27046
27578
msgstr ""
27047
27579
27048
#: serverguide/C/dm-multipath.xml:410(para)
27580
#: serverguide/C/dm-multipath.xml:411(para)
27049
27581
msgid ""
27050
27582
"When you create an LVM logical volume that uses active/passive multipath "
27051
27583
"arrays as the underlying physical devices, you should include filters in the "
27064
27596
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
27065
27597
msgstr ""
27066
27598
27067
#: serverguide/C/dm-multipath.xml:435(title)
27599
#: serverguide/C/dm-multipath.xml:436(title)
27068
27600
msgid "Setting up DM-Multipath Overview"
27069
27601
msgstr ""
27070
27602
27071
#: serverguide/C/dm-multipath.xml:437(para)
27603
#: serverguide/C/dm-multipath.xml:438(para)
27072
27604
msgid ""
27073
27605
"This section provides step-by-step example procedures for configuring DM-"
27074
27606
"Multipath. It includes the following procedures:"
27075
27607
msgstr ""
27076
27608
27077
#: serverguide/C/dm-multipath.xml:442(para)
27609
#: serverguide/C/dm-multipath.xml:443(para)
27078
27610
msgid "Basic DM-Multipath setup"
27079
27611
msgstr ""
27080
27612
27081
#: serverguide/C/dm-multipath.xml:446(para)
27613
#: serverguide/C/dm-multipath.xml:447(para)
27082
27614
msgid "Ignoring local disks"
27083
27615
msgstr ""
27084
27616
27085
#: serverguide/C/dm-multipath.xml:450(para)
27617
#: serverguide/C/dm-multipath.xml:451(para)
27086
27618
msgid "Adding more devices to the configuration file"
27087
27619
msgstr ""
27088
27620
27089
#: serverguide/C/dm-multipath.xml:455(title)
27621
#: serverguide/C/dm-multipath.xml:456(title)
27090
27622
msgid "Setting Up DM-Multipath"
27091
27623
msgstr ""
27092
27624
27093
#: serverguide/C/dm-multipath.xml:457(para)
27625
#: serverguide/C/dm-multipath.xml:458(para)
27094
27626
msgid ""
27095
27627
"Before setting up DM-Multipath on your system, ensure that your system has "
27096
27628
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
27099
27631
"boot</application></emphasis> package is also required."
27100
27632
msgstr ""
27101
27633
27102
#: serverguide/C/dm-multipath.xml:475(para)
27634
#: serverguide/C/dm-multipath.xml:476(para)
27103
27635
msgid ""
27104
27636
"To work around a quirk in multipathd, when an "
27105
27637
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
27116
27648
"database."
27117
27649
msgstr ""
27118
27650
27119
#: serverguide/C/dm-multipath.xml:464(para)
27651
#: serverguide/C/dm-multipath.xml:465(para)
27120
27652
msgid ""
27121
27653
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
27122
27654
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
27132
27664
"multipath.conf-live</screen><placeholder-1/>"
27133
27665
msgstr ""
27134
27666
27135
#: serverguide/C/dm-multipath.xml:492(title)
27667
#: serverguide/C/dm-multipath.xml:493(title)
27136
27668
msgid "Installing with Multipath Support"
27137
27669
msgstr ""
27138
27670
27139
#: serverguide/C/dm-multipath.xml:494(para)
27671
#: serverguide/C/dm-multipath.xml:495(para)
27140
27672
msgid ""
27141
27673
"To enable <ulink "
27142
27674
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
27146
27678
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
27147
27679
msgstr ""
27148
27680
27149
#: serverguide/C/dm-multipath.xml:503(title)
27681
#: serverguide/C/dm-multipath.xml:504(title)
27150
27682
msgid "Ignoring Local Disks When Generating Multipath Devices"
27151
27683
msgstr ""
27152
27684
27153
#: serverguide/C/dm-multipath.xml:505(para)
27685
#: serverguide/C/dm-multipath.xml:506(para)
27154
27686
msgid ""
27155
27687
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
27156
27688
"is not recommended for these devices. The following procedure shows how to "
27171
27703
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
27172
27704
msgstr ""
27173
27705
27174
#: serverguide/C/dm-multipath.xml:524(screen)
27706
#: serverguide/C/dm-multipath.xml:525(screen)
27175
27707
#, no-wrap
27176
27708
msgid ""
27177
27709
"\n"
27208
27740
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
27209
27741
msgstr ""
27210
27742
27211
#: serverguide/C/dm-multipath.xml:560(para)
27743
#: serverguide/C/dm-multipath.xml:561(para)
27212
27744
msgid ""
27213
27745
"In order to prevent the device mapper from mapping <emphasis "
27214
27746
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
27225
27757
"the following in the <filename>/etc/multipath.conf</filename> file."
27226
27758
msgstr ""
27227
27759
27228
#: serverguide/C/dm-multipath.xml:575(screen)
27760
#: serverguide/C/dm-multipath.xml:576(screen)
27229
27761
#, no-wrap
27230
27762
msgid ""
27231
27763
"\n"
27234
27766
"}\n"
27235
27767
msgstr ""
27236
27768
27237
#: serverguide/C/dm-multipath.xml:583(para)
27769
#: serverguide/C/dm-multipath.xml:584(para)
27238
27770
msgid ""
27239
27771
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
27240
27772
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
27242
27774
"<filename>/etc/multipath.conf</filename> file."
27243
27775
msgstr ""
27244
27776
27245
#: serverguide/C/dm-multipath.xml:588(screen)
27777
#: serverguide/C/dm-multipath.xml:589(screen)
27246
27778
#, no-wrap
27247
27779
msgid "# service multipath-tools reload"
27248
27780
msgstr ""
27249
27781
27250
#: serverguide/C/dm-multipath.xml:592(para)
27782
#: serverguide/C/dm-multipath.xml:593(para)
27251
27783
msgid "Run the following command to remove the multipath device:"
27252
27784
msgstr ""
27253
27785
27254
#: serverguide/C/dm-multipath.xml:595(screen)
27786
#: serverguide/C/dm-multipath.xml:596(screen)
27255
27787
#, no-wrap
27256
27788
msgid ""
27257
27789
"\n"
27271
27803
"specify a <emphasis role=\"bold\">-v</emphasis> option."
27272
27804
msgstr ""
27273
27805
27274
#: serverguide/C/dm-multipath.xml:612(screen)
27806
#: serverguide/C/dm-multipath.xml:613(screen)
27275
27807
#, no-wrap
27276
27808
msgid ""
27277
27809
"\n"
27302
27834
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
27303
27835
msgstr ""
27304
27836
27305
#: serverguide/C/dm-multipath.xml:644(title)
27837
#: serverguide/C/dm-multipath.xml:645(title)
27306
27838
msgid "Configuring Storage Devices"
27307
27839
msgstr ""
27308
27840
27309
#: serverguide/C/dm-multipath.xml:646(para)
27841
#: serverguide/C/dm-multipath.xml:647(para)
27310
27842
msgid ""
27311
27843
"By default, DM-Multipath includes support for the most common storage arrays "
27312
27844
"that support DM-Multipath. The default configuration values, including "
27314
27846
"<filename>multipath.conf.defaults</filename> file."
27315
27847
msgstr ""
27316
27848
27317
#: serverguide/C/dm-multipath.xml:651(para)
27849
#: serverguide/C/dm-multipath.xml:652(para)
27318
27850
msgid ""
27319
27851
"If you need to add a storage device that is not supported by default as a "
27320
27852
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
27321
27853
"file and insert the appropriate device information."
27322
27854
msgstr ""
27323
27855
27324
#: serverguide/C/dm-multipath.xml:655(para)
27856
#: serverguide/C/dm-multipath.xml:656(para)
27325
27857
msgid ""
27326
27858
"For example, to add information about the HP Open-V series the entry looks "
27327
27859
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
27328
27860
msgstr ""
27329
27861
27330
#: serverguide/C/dm-multipath.xml:659(screen)
27862
#: serverguide/C/dm-multipath.xml:660(screen)
27331
27863
#, no-wrap
27332
27864
msgid ""
27333
27865
"devices {\n"
27340
27872
"}\n"
27341
27873
msgstr ""
27342
27874
27343
#: serverguide/C/dm-multipath.xml:668(para)
27875
#: serverguide/C/dm-multipath.xml:669(para)
27344
27876
msgid ""
27345
27877
"For more information on the devices section of the configuration file, see "
27346
27878
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
27347
27879
"device\"/>."
27348
27880
msgstr ""
27349
27881
27350
#: serverguide/C/dm-multipath.xml:675(title)
27882
#: serverguide/C/dm-multipath.xml:676(title)
27351
27883
msgid "The DM-Multipath Configuration File"
27352
27884
msgstr ""
27353
27885
27354
#: serverguide/C/dm-multipath.xml:677(para)
27886
#: serverguide/C/dm-multipath.xml:678(para)
27355
27887
msgid ""
27356
27888
"By default, DM-Multipath provides configuration values for the most common "
27357
27889
"uses of multipathing. In addition, DM-Multipath includes support for the "
27360
27892
"<filename>multipath.conf.defaults</filename> file."
27361
27893
msgstr ""
27362
27894
27363
#: serverguide/C/dm-multipath.xml:683(para)
27895
#: serverguide/C/dm-multipath.xml:684(para)
27364
27896
msgid ""
27365
27897
"You can override the default configuration values for DM-Multipath by "
27366
27898
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
27370
27902
"on the following topics: <placeholder-1/>"
27371
27903
msgstr ""
27372
27904
27373
#: serverguide/C/dm-multipath.xml:715(para)
27905
#: serverguide/C/dm-multipath.xml:716(para)
27374
27906
msgid ""
27375
27907
"In the multipath configuration file, you need to specify only the sections "
27376
27908
"that you need for your configuration, or that you wish to change from the "
27380
27912
"can leave them commented out, as they are in the initial file."
27381
27913
msgstr ""
27382
27914
27383
#: serverguide/C/dm-multipath.xml:723(para)
27915
#: serverguide/C/dm-multipath.xml:724(para)
27384
27916
msgid "The configuration file allows regular expression description syntax."
27385
27917
msgstr ""
27386
27918
27387
#: serverguide/C/dm-multipath.xml:726(para)
27919
#: serverguide/C/dm-multipath.xml:727(para)
27388
27920
msgid ""
27389
27921
"An annotated version of the configuration file can be found in "
27390
27922
"<filename><filename>/usr/share/doc/multipath-"
27391
27923
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
27392
27924
msgstr ""
27393
27925
27394
#: serverguide/C/dm-multipath.xml:730(title)
27926
#: serverguide/C/dm-multipath.xml:731(title)
27395
27927
msgid "Configuration File Overview"
27396
27928
msgstr ""
27397
27929
27398
#: serverguide/C/dm-multipath.xml:732(para)
27930
#: serverguide/C/dm-multipath.xml:733(para)
27399
27931
msgid ""
27400
27932
"The multipath configuration file is divided into the following sections:"
27401
27933
msgstr ""
27402
27934
27403
#: serverguide/C/dm-multipath.xml:737(emphasis)
27935
#: serverguide/C/dm-multipath.xml:738(emphasis)
27404
27936
msgid "blacklist"
27405
27937
msgstr ""
27406
27938
27407
#: serverguide/C/dm-multipath.xml:740(para)
27939
#: serverguide/C/dm-multipath.xml:741(para)
27408
27940
msgid ""
27409
27941
"Listing of specific devices that will not be considered for multipath."
27410
27942
msgstr ""
27411
27943
27412
#: serverguide/C/dm-multipath.xml:746(emphasis)
27944
#: serverguide/C/dm-multipath.xml:747(emphasis)
27413
27945
msgid "blacklist_exceptions"
27414
27946
msgstr ""
27415
27947
27416
#: serverguide/C/dm-multipath.xml:749(para)
27948
#: serverguide/C/dm-multipath.xml:750(para)
27417
27949
msgid ""
27418
27950
"Listing of multipath candidates that would otherwise be blacklisted "
27419
27951
"according to the parameters of the blacklist section."
27420
27952
msgstr ""
27421
27953
27422
#: serverguide/C/dm-multipath.xml:756(emphasis)
27954
#: serverguide/C/dm-multipath.xml:757(emphasis)
27423
27955
msgid "defaults"
27424
27956
msgstr ""
27425
27957
27426
#: serverguide/C/dm-multipath.xml:759(para)
27958
#: serverguide/C/dm-multipath.xml:760(para)
27427
27959
msgid "General default settings for DM-Multipath."
27428
27960
msgstr ""
27429
27961
27430
#: serverguide/C/dm-multipath.xml:767(para)
27962
#: serverguide/C/dm-multipath.xml:768(para)
27431
27963
msgid ""
27432
27964
"Settings for the characteristics of individual multipath devices. These "
27433
27965
"values overwrite what is specified in the <emphasis "
27435
27967
"role=\"bold\">devices</emphasis> sections of the configuration file."
27436
27968
msgstr ""
27437
27969
27438
#: serverguide/C/dm-multipath.xml:776(emphasis)
27970
#: serverguide/C/dm-multipath.xml:777(emphasis)
27439
27971
msgid "devices"
27440
27972
msgstr ""
27441
27973
27442
#: serverguide/C/dm-multipath.xml:779(para)
27974
#: serverguide/C/dm-multipath.xml:780(para)
27443
27975
msgid ""
27444
27976
"Settings for the individual storage controllers. These values overwrite what "
27445
27977
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
27448
27980
"array."
27449
27981
msgstr ""
27450
27982
27451
#: serverguide/C/dm-multipath.xml:788(para)
27983
#: serverguide/C/dm-multipath.xml:789(para)
27452
27984
msgid ""
27453
27985
"When the system determines the attributes of a multipath device, first it "
27454
27986
"checks the multipath settings, then the per devices settings, then the "
27455
27987
"multipath system defaults."
27456
27988
msgstr ""
27457
27989
27458
#: serverguide/C/dm-multipath.xml:794(title)
27990
#: serverguide/C/dm-multipath.xml:795(title)
27459
27991
msgid "Configuration File Blacklist"
27460
27992
msgstr ""
27461
27993
27462
#: serverguide/C/dm-multipath.xml:796(para)
27994
#: serverguide/C/dm-multipath.xml:797(para)
27463
27995
msgid ""
27464
27996
"The blacklist section of the multipath configuration file specifies the "
27465
27997
"devices that will not be used when the system configures multipath devices. "
27466
27998
"Devices that are blacklisted will not be grouped into a multipath device."
27467
27999
msgstr ""
27468
28000
27469
#: serverguide/C/dm-multipath.xml:803(para)
28001
#: serverguide/C/dm-multipath.xml:804(para)
27470
28002
msgid ""
27471
28003
"If you do need to blacklist devices, you can do so according to the "
27472
28004
"following criteria:"
27473
28005
msgstr ""
27474
28006
27475
#: serverguide/C/dm-multipath.xml:808(para)
28007
#: serverguide/C/dm-multipath.xml:809(para)
27476
28008
msgid ""
27477
28009
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
27478
28010
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
27479
28011
msgstr ""
27480
28012
27481
#: serverguide/C/dm-multipath.xml:814(para)
28013
#: serverguide/C/dm-multipath.xml:815(para)
27482
28014
msgid ""
27483
28015
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
27484
28016
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
27485
28017
msgstr ""
27486
28018
27487
#: serverguide/C/dm-multipath.xml:820(para)
28019
#: serverguide/C/dm-multipath.xml:821(para)
27488
28020
msgid ""
27489
28021
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
27490
28022
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
27491
28023
msgstr ""
27492
28024
27493
#: serverguide/C/dm-multipath.xml:826(para)
28025
#: serverguide/C/dm-multipath.xml:827(para)
27494
28026
msgid ""
27495
28027
"By default, a variety of device types are blacklisted, even after you "
27496
28028
"comment out the initial blacklist section of the configuration file. For "
27498
28030
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
27499
28031
msgstr ""
27500
28032
27501
#: serverguide/C/dm-multipath.xml:835(title)
28033
#: serverguide/C/dm-multipath.xml:836(title)
27502
28034
msgid "Blacklisting By WWID"
27503
28035
msgstr ""
27504
28036
27505
#: serverguide/C/dm-multipath.xml:838(para)
28037
#: serverguide/C/dm-multipath.xml:839(para)
27506
28038
msgid ""
27507
28039
"You can specify individual devices to blacklist by their World-Wide "
27508
28040
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
27510
28042
"file."
27511
28043
msgstr ""
27512
28044
27513
#: serverguide/C/dm-multipath.xml:843(para)
28045
#: serverguide/C/dm-multipath.xml:844(para)
27514
28046
msgid ""
27515
28047
"The following example shows the lines in the configuration file that would "
27516
28048
"blacklist a device with a WWID of 26353900f02796769."
27517
28049
msgstr ""
27518
28050
27519
#: serverguide/C/dm-multipath.xml:846(screen)
28051
#: serverguide/C/dm-multipath.xml:847(screen)
27520
28052
#, no-wrap
27521
28053
msgid ""
27522
28054
"\n"
27525
28057
"}\n"
27526
28058
msgstr ""
27527
28059
27528
#: serverguide/C/dm-multipath.xml:854(title)
28060
#: serverguide/C/dm-multipath.xml:855(title)
27529
28061
msgid "Blacklisting By Device Name"
27530
28062
msgstr ""
27531
28063
27532
#: serverguide/C/dm-multipath.xml:857(para)
28064
#: serverguide/C/dm-multipath.xml:858(para)
27533
28065
msgid ""
27534
28066
"You can blacklist device types by device name so that they will not be "
27535
28067
"grouped into a multipath device by specifying a <emphasis "
27537
28069
"role=\"bold\">blacklist</emphasis> section of the configuration file."
27538
28070
msgstr ""
27539
28071
27540
#: serverguide/C/dm-multipath.xml:863(para)
28072
#: serverguide/C/dm-multipath.xml:864(para)
27541
28073
msgid ""
27542
28074
"The following example shows the lines in the configuration file that would "
27543
28075
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
27546
28078
"}</screen>"
27547
28079
msgstr ""
27548
28080
27549
#: serverguide/C/dm-multipath.xml:870(para)
28081
#: serverguide/C/dm-multipath.xml:871(para)
27550
28082
msgid ""
27551
28083
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
27552
28084
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
27558
28090
"on reboot."
27559
28091
msgstr ""
27560
28092
27561
#: serverguide/C/dm-multipath.xml:880(para)
28093
#: serverguide/C/dm-multipath.xml:881(para)
27562
28094
msgid ""
27563
28095
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
27564
28096
"are compiled in the default blacklist; the devices that these entries "
27574
28106
"</screen>"
27575
28107
msgstr ""
27576
28108
27577
#: serverguide/C/dm-multipath.xml:897(title)
28109
#: serverguide/C/dm-multipath.xml:898(title)
27578
28110
msgid "Blacklisting By Device Type"
27579
28111
msgstr ""
27580
28112
27581
#: serverguide/C/dm-multipath.xml:900(para)
28113
#: serverguide/C/dm-multipath.xml:901(para)
27582
28114
msgid ""
27583
28115
"You can specify specific device types in the <emphasis "
27584
28116
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
27597
28129
"</screen>"
27598
28130
msgstr ""
27599
28131
27600
#: serverguide/C/dm-multipath.xml:918(title)
28132
#: serverguide/C/dm-multipath.xml:919(title)
27601
28133
msgid "Blacklist Exceptions"
27602
28134
msgstr ""
27603
28135
27604
#: serverguide/C/dm-multipath.xml:921(para)
28136
#: serverguide/C/dm-multipath.xml:922(para)
27605
28137
msgid ""
27606
28138
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
27607
28139
"section of the configuration file to enable multipathing on devices that "
27608
28140
"have been blacklisted by default."
27609
28141
msgstr ""
27610
28142
27611
#: serverguide/C/dm-multipath.xml:926(para)
28143
#: serverguide/C/dm-multipath.xml:927(para)
27612
28144
msgid ""
27613
28145
"For example, if you have a large number of devices and want to multipath "
27614
28146
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
27626
28158
"</screen>"
27627
28159
msgstr ""
27628
28160
27629
#: serverguide/C/dm-multipath.xml:941(para)
28161
#: serverguide/C/dm-multipath.xml:942(para)
27630
28162
msgid ""
27631
28163
"When specifying devices in the <emphasis "
27632
28164
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
27638
28170
"only to devnode entries, and device exceptions apply only to device entries."
27639
28171
msgstr ""
27640
28172
27641
#: serverguide/C/dm-multipath.xml:954(title)
28173
#: serverguide/C/dm-multipath.xml:955(title)
27642
28174
msgid "Configuration File Defaults"
27643
28175
msgstr ""
27644
28176
27645
#: serverguide/C/dm-multipath.xml:956(para)
28177
#: serverguide/C/dm-multipath.xml:957(para)
27646
28178
msgid ""
27647
28179
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
27648
28180
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
27650
28182
"role=\"bold\">yes</emphasis>, as follows."
27651
28183
msgstr ""
27652
28184
27653
#: serverguide/C/dm-multipath.xml:961(screen)
28185
#: serverguide/C/dm-multipath.xml:962(screen)
27654
28186
#, no-wrap
27655
28187
msgid ""
27656
28188
"\n"
27659
28191
"}\n"
27660
28192
msgstr ""
27661
28193
27662
#: serverguide/C/dm-multipath.xml:967(para)
28194
#: serverguide/C/dm-multipath.xml:968(para)
27663
28195
msgid ""
27664
28196
"This overwrites the default value of the <emphasis "
27665
28197
"role=\"bold\">user_friendly_names</emphasis> parameter."
27666
28198
msgstr ""
27667
28199
27668
#: serverguide/C/dm-multipath.xml:970(para)
28200
#: serverguide/C/dm-multipath.xml:971(para)
27669
28201
msgid ""
27670
28202
"The configuration file includes a template of configuration defaults. This "
27671
28203
"section is commented out, as follows."
27672
28204
msgstr ""
27673
28205
27674
#: serverguide/C/dm-multipath.xml:973(screen)
28206
#: serverguide/C/dm-multipath.xml:974(screen)
27675
28207
#, no-wrap
27676
28208
msgid ""
27677
28209
"\n"
27692
28224
"#}\n"
27693
28225
msgstr ""
27694
28226
27695
#: serverguide/C/dm-multipath.xml:990(para)
28227
#: serverguide/C/dm-multipath.xml:991(para)
27696
28228
msgid ""
27697
28229
"To overwrite the default value for any of the configuration parameters, you "
27698
28230
"can copy the relevant line from this template into the <emphasis "
27705
28237
"uncomment it, as follows."
27706
28238
msgstr ""
27707
28239
27708
#: serverguide/C/dm-multipath.xml:1001(screen)
28240
#: serverguide/C/dm-multipath.xml:1002(screen)
27709
28241
#, no-wrap
27710
28242
msgid ""
27711
28243
"\n"
27715
28247
"}\n"
27716
28248
msgstr ""
27717
28249
27718
#: serverguide/C/dm-multipath.xml:1008(para)
28250
#: serverguide/C/dm-multipath.xml:1009(para)
27719
28251
msgid ""
27720
28252
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
27721
28253
"config-defaults-table\"/> describes the attributes that are set in the "
27727
28259
"<filename>multipath.conf</filename> file."
27728
28260
msgstr ""
27729
28261
27730
#: serverguide/C/dm-multipath.xml:1022(title)
28262
#: serverguide/C/dm-multipath.xml:1023(title)
27731
28263
msgid "Configuration File Multipath Attributes"
27732
28264
msgstr ""
27733
28265
27734
#: serverguide/C/dm-multipath.xml:1025(para)
28266
#: serverguide/C/dm-multipath.xml:1026(para)
27735
28267
msgid ""
27736
28268
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
27737
28269
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
27743
28275
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
27744
28276
msgstr ""
27745
28277
27746
#: serverguide/C/dm-multipath.xml:1038(para)
28278
#: serverguide/C/dm-multipath.xml:1039(para)
27747
28279
msgid ""
27748
28280
"In addition, the following parameters may be overridden in this <emphasis "
27749
28281
"role=\"bold\">multipath</emphasis> section"
27750
28282
msgstr ""
27751
28283
27752
#: serverguide/C/dm-multipath.xml:1087(para)
28284
#: serverguide/C/dm-multipath.xml:1088(para)
27753
28285
msgid ""
27754
28286
"The following example shows multipath attributes specified in the "
27755
28287
"configuration file for two specific multipath devices. The first device has "
27764
28296
"are set to priorities."
27765
28297
msgstr ""
27766
28298
27767
#: serverguide/C/dm-multipath.xml:1097(screen)
28299
#: serverguide/C/dm-multipath.xml:1098(screen)
27768
28300
#, no-wrap
27769
28301
msgid ""
27770
28302
"\n"
27786
28318
"}\n"
27787
28319
msgstr ""
27788
28320
27789
#: serverguide/C/dm-multipath.xml:1118(title)
28321
#: serverguide/C/dm-multipath.xml:1119(title)
27790
28322
msgid "Configuration File Devices"
27791
28323
msgstr ""
27792
28324
27793
#: serverguide/C/dm-multipath.xml:1120(para)
28325
#: serverguide/C/dm-multipath.xml:1121(para)
27794
28326
msgid ""
27795
28327
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
27796
28328
"device-attributes-table\"/> shows the attributes that you can set for each "
27804
28336
"<filename>multipath.conf</filename> file."
27805
28337
msgstr ""
27806
28338
27807
#: serverguide/C/dm-multipath.xml:1131(para)
28339
#: serverguide/C/dm-multipath.xml:1132(para)
27808
28340
msgid ""
27809
28341
"Many devices that support multipathing are included by default in a "
27810
28342
"multipath configuration. The values for the devices that are supported by "
27818
28350
"the device and override the values that you want to change."
27819
28351
msgstr ""
27820
28352
27821
#: serverguide/C/dm-multipath.xml:1143(para)
28353
#: serverguide/C/dm-multipath.xml:1144(para)
27822
28354
msgid ""
27823
28355
"To add a device to this section of the configuration file that is not "
27824
28356
"configured automatically by default, you must set the <emphasis "
27830
28362
"device_name is the device to be multipathed, as in the following example:"
27831
28363
msgstr ""
27832
28364
27833
#: serverguide/C/dm-multipath.xml:1153(screen)
28365
#: serverguide/C/dm-multipath.xml:1154(screen)
27834
28366
#, no-wrap
27835
28367
msgid ""
27836
28368
"\n"
27840
28372
"SF2372\n"
27841
28373
msgstr ""
27842
28374
27843
#: serverguide/C/dm-multipath.xml:1160(para)
28375
#: serverguide/C/dm-multipath.xml:1161(para)
27844
28376
msgid ""
27845
28377
"The additional parameters to specify depend on your specific device. If the "
27846
28378
"device is active/active, you will usually not need to set additional "
27853
28385
"table\"/>."
27854
28386
msgstr ""
27855
28387
27856
#: serverguide/C/dm-multipath.xml:1170(para)
28388
#: serverguide/C/dm-multipath.xml:1171(para)
27857
28389
msgid ""
27858
28390
"If the device is active/passive, but it automatically switches paths with "
27859
28391
"I/O to the passive path, you need to change the checker function to one that "
27864
28396
"the Test Unit Ready command, which most do."
27865
28397
msgstr ""
27866
28398
27867
#: serverguide/C/dm-multipath.xml:1179(para)
28399
#: serverguide/C/dm-multipath.xml:1180(para)
27868
28400
msgid ""
27869
28401
"If the device needs a special command to switch paths, then configuring this "
27870
28402
"device for multipath requires a hardware handler kernel module. The current "
27872
28404
"device, you may not be able to configure the device for multipath."
27873
28405
msgstr ""
27874
28406
27875
#: serverguide/C/dm-multipath.xml:1188(para)
28407
#: serverguide/C/dm-multipath.xml:1189(para)
27876
28408
msgid ""
27877
28409
"In addition, the following parameters may be overridden in this <emphasis "
27878
28410
"role=\"bold\">device</emphasis> section"
27879
28411
msgstr ""
27880
28412
27881
#: serverguide/C/dm-multipath.xml:1263(para)
28413
#: serverguide/C/dm-multipath.xml:1264(para)
27882
28414
msgid ""
27883
28415
"Whenever a hardware_handler is specified, it is your responsibility to "
27884
28416
"ensure that the appropriate kernel module is loaded to support the specified "
27892
28424
"# update-initramfs -u -k all</screen>"
27893
28425
msgstr ""
27894
28426
27895
#: serverguide/C/dm-multipath.xml:1274(para)
28427
#: serverguide/C/dm-multipath.xml:1275(para)
27896
28428
msgid ""
27897
28429
"The following example shows a device entry in the multipath configuration "
27898
28430
"file."
27899
28431
msgstr ""
27900
28432
27901
#: serverguide/C/dm-multipath.xml:1277(screen)
28433
#: serverguide/C/dm-multipath.xml:1278(screen)
27902
28434
#, no-wrap
27903
28435
msgid ""
27904
28436
"\n"
27913
28445
"#}\n"
27914
28446
msgstr ""
27915
28447
27916
#: serverguide/C/dm-multipath.xml:1289(para)
28448
#: serverguide/C/dm-multipath.xml:1290(para)
27917
28449
msgid ""
27918
28450
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
27919
28451
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
27930
28462
"characters or spaces, as seen in the example above"
27931
28463
msgstr ""
27932
28464
27933
#: serverguide/C/dm-multipath.xml:1306(para)
28465
#: serverguide/C/dm-multipath.xml:1307(para)
27934
28466
msgid "vendor: 8 characters"
27935
28467
msgstr ""
27936
28468
27937
#: serverguide/C/dm-multipath.xml:1310(para)
28469
#: serverguide/C/dm-multipath.xml:1311(para)
27938
28470
msgid "product: 16 characters"
27939
28471
msgstr ""
27940
28472
27941
#: serverguide/C/dm-multipath.xml:1314(para)
28473
#: serverguide/C/dm-multipath.xml:1315(para)
27942
28474
msgid "revision: 4 characters"
27943
28475
msgstr ""
27944
28476
27945
#: serverguide/C/dm-multipath.xml:1318(para)
28477
#: serverguide/C/dm-multipath.xml:1319(para)
27946
28478
msgid ""
27947
28479
"To create a more robust configuration file, regular expressions can also be "
27948
28480
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
27951
28483
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27952
28484
msgstr ""
27953
28485
27954
#: serverguide/C/dm-multipath.xml:1325(screen)
28486
#: serverguide/C/dm-multipath.xml:1326(screen)
27955
28487
#, no-wrap
27956
28488
msgid "# echo 'show config' | multipathd -k"
27957
28489
msgstr ""
27958
28490
27959
#: serverguide/C/dm-multipath.xml:1330(title)
28491
#: serverguide/C/dm-multipath.xml:1331(title)
27960
28492
msgid "DM-Multipath Administration and Troubleshooting"
27961
28493
msgstr ""
27962
28494
27963
#: serverguide/C/dm-multipath.xml:1333(title)
28495
#: serverguide/C/dm-multipath.xml:1334(title)
27964
28496
msgid "Resizing an Online Multipath Device"
27965
28497
msgstr ""
27966
28498
27967
#: serverguide/C/dm-multipath.xml:1335(para)
28499
#: serverguide/C/dm-multipath.xml:1336(para)
27968
28500
msgid ""
27969
28501
"If you need to resize an online multipath device, use the following procedure"
27970
28502
msgstr ""
27971
28503
27972
#: serverguide/C/dm-multipath.xml:1340(para)
28504
#: serverguide/C/dm-multipath.xml:1341(para)
27973
28505
msgid "Resize your physical device. This is storage platform specific."
27974
28506
msgstr ""
27975
28507
27976
#: serverguide/C/dm-multipath.xml:1345(para)
28508
#: serverguide/C/dm-multipath.xml:1346(para)
27977
28509
msgid "Use the following command to find the paths to the LUN:"
27978
28510
msgstr ""
27979
28511
27980
#: serverguide/C/dm-multipath.xml:1347(screen)
28512
#: serverguide/C/dm-multipath.xml:1348(screen)
27981
28513
#, no-wrap
27982
28514
msgid "# multipath -l"
27983
28515
msgstr ""
27984
28516
27985
#: serverguide/C/dm-multipath.xml:1351(para)
28517
#: serverguide/C/dm-multipath.xml:1352(para)
27986
28518
msgid ""
27987
28519
"Resize your paths. For SCSI devices, writing 1 to the "
27988
28520
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27989
28521
"rescan, as in the following command:"
27990
28522
msgstr ""
27991
28523
27992
#: serverguide/C/dm-multipath.xml:1355(screen)
28524
#: serverguide/C/dm-multipath.xml:1356(screen)
27993
28525
#, no-wrap
27994
28526
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27995
28527
msgstr ""
27996
28528
27997
#: serverguide/C/dm-multipath.xml:1359(para)
28529
#: serverguide/C/dm-multipath.xml:1360(para)
27998
28530
msgid ""
27999
28531
"Resize your multipath device by running the multipathd resize command:"
28000
28532
msgstr ""
28001
28533
28002
#: serverguide/C/dm-multipath.xml:1362(screen)
28534
#: serverguide/C/dm-multipath.xml:1363(screen)
28003
28535
#, no-wrap
28004
28536
msgid "# multipathd -k 'resize map mpatha'"
28005
28537
msgstr ""
28006
28538
28007
#: serverguide/C/dm-multipath.xml:1366(para)
28539
#: serverguide/C/dm-multipath.xml:1367(para)
28008
28540
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
28009
28541
msgstr ""
28010
28542
28011
#: serverguide/C/dm-multipath.xml:1369(screen)
28543
#: serverguide/C/dm-multipath.xml:1370(screen)
28012
28544
#, no-wrap
28013
28545
msgid "# resize2fs /dev/mapper/mpatha"
28014
28546
msgstr ""
28015
28547
28016
#: serverguide/C/dm-multipath.xml:1375(title)
28548
#: serverguide/C/dm-multipath.xml:1376(title)
28017
28549
msgid ""
28018
28550
"Moving root File Systems from a Single Path Device to a Multipath Device"
28019
28551
msgstr ""
28020
28552
28021
#: serverguide/C/dm-multipath.xml:1378(para)
28553
#: serverguide/C/dm-multipath.xml:1379(para)
28022
28554
msgid ""
28023
28555
"This is dramatically simplified by the use of UUIDs to identify devices as "
28024
28556
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
28027
28559
"mounted by UUID."
28028
28560
msgstr ""
28029
28561
28030
#: serverguide/C/dm-multipath.xml:1385(para)
28562
#: serverguide/C/dm-multipath.xml:1386(para)
28031
28563
msgid ""
28032
28564
"Whenever <filename>multipath.conf</filename> is updated, so should the "
28033
28565
"initrd by executing <command>update-initramfs -u -k all</command>. The "
28036
28568
"blacklist and device sections."
28037
28569
msgstr ""
28038
28570
28039
#: serverguide/C/dm-multipath.xml:1394(title)
28571
#: serverguide/C/dm-multipath.xml:1395(title)
28040
28572
msgid ""
28041
28573
"Moving swap File Systems from a Single Path Device to a Multipath Device"
28042
28574
msgstr ""
28043
28575
28044
#: serverguide/C/dm-multipath.xml:1397(para)
28576
#: serverguide/C/dm-multipath.xml:1398(para)
28045
28577
msgid ""
28046
28578
"The procedure is exactly the same as illustrated in the previous section "
28047
28579
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
28049
28581
"Device</link>."
28050
28582
msgstr ""
28051
28583
28052
#: serverguide/C/dm-multipath.xml:1405(title)
28584
#: serverguide/C/dm-multipath.xml:1406(title)
28053
28585
msgid "The Multipath Daemon"
28054
28586
msgstr ""
28055
28587
28056
#: serverguide/C/dm-multipath.xml:1407(para)
28588
#: serverguide/C/dm-multipath.xml:1408(para)
28057
28589
msgid ""
28058
28590
"If you find you have trouble implementing a multipath configuration, you "
28059
28591
"should ensure the multipath daemon is running as described in <link "
28065
28597
"<command>multipathd</command> as a debugging aid."
28066
28598
msgstr ""
28067
28599
28068
#: serverguide/C/dm-multipath.xml:1447(title)
28600
#: serverguide/C/dm-multipath.xml:1448(title)
28069
28601
msgid "Issues with queue_if_no_path"
28070
28602
msgstr ""
28071
28603
28072
#: serverguide/C/dm-multipath.xml:1449(para)
28604
#: serverguide/C/dm-multipath.xml:1450(para)
28073
28605
msgid ""
28074
28606
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
28075
28607
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
28079
28611
"<filename>/etc/multipath.conf</filename>."
28080
28612
msgstr ""
28081
28613
28082
#: serverguide/C/dm-multipath.xml:1456(para)
28614
#: serverguide/C/dm-multipath.xml:1457(para)
28083
28615
msgid ""
28084
28616
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
28085
28617
"remove the <emphasis role=\"bold\">features \"1 "
28095
28627
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
28096
28628
msgstr ""
28097
28629
28098
#: serverguide/C/dm-multipath.xml:1470(para)
28630
#: serverguide/C/dm-multipath.xml:1471(para)
28099
28631
msgid ""
28100
28632
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
28101
28633
"option and you experience the issue noted here, use the "
28106
28638
"<option> \"fail_if_no_path\"</option>, execute the following command."
28107
28639
msgstr ""
28108
28640
28109
#: serverguide/C/dm-multipath.xml:1479(screen)
28641
#: serverguide/C/dm-multipath.xml:1480(screen)
28110
28642
#, no-wrap
28111
28643
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
28112
28644
msgstr ""
28113
28645
28114
#: serverguide/C/dm-multipath.xml:1482(para)
28646
#: serverguide/C/dm-multipath.xml:1483(para)
28115
28647
msgid ""
28116
28648
"You must specify the <filename>mpathN</filename> alias rather than the path"
28117
28649
msgstr ""
28118
28650
28119
#: serverguide/C/dm-multipath.xml:1488(title)
28651
#: serverguide/C/dm-multipath.xml:1489(title)
28120
28652
msgid "Multipath Command Output"
28121
28653
msgstr ""
28122
28654
28123
#: serverguide/C/dm-multipath.xml:1490(para)
28655
#: serverguide/C/dm-multipath.xml:1491(para)
28124
28656
msgid ""
28125
28657
"When you create, modify, or list a multipath device, you get a printout of "
28126
28658
"the current device setup. The format is as follows. For each multipath "
28127
28659
"device:"
28128
28660
msgstr ""
28129
28661
28130
#: serverguide/C/dm-multipath.xml:1494(screen)
28662
#: serverguide/C/dm-multipath.xml:1495(screen)
28131
28663
#, no-wrap
28132
28664
msgid ""
28133
28665
" action_if_any: alias (wwid_if_different_from_alias) "
28136
28668
"wp=write_permission_if_known"
28137
28669
msgstr ""
28138
28670
28139
#: serverguide/C/dm-multipath.xml:1497(para)
28671
#: serverguide/C/dm-multipath.xml:1498(para)
28140
28672
msgid "For each path group:"
28141
28673
msgstr ""
28142
28674
28143
#: serverguide/C/dm-multipath.xml:1499(screen)
28675
#: serverguide/C/dm-multipath.xml:1500(screen)
28144
28676
#, no-wrap
28145
28677
msgid ""
28146
28678
" -+- policy='scheduling_policy' prio=prio_if_known\n"
28147
28679
" status=path_group_status_if_known"
28148
28680
msgstr ""
28149
28681
28150
#: serverguide/C/dm-multipath.xml:1502(para)
28682
#: serverguide/C/dm-multipath.xml:1503(para)
28151
28683
msgid "For each path:"
28152
28684
msgstr ""
28153
28685
28154
#: serverguide/C/dm-multipath.xml:1504(screen)
28686
#: serverguide/C/dm-multipath.xml:1505(screen)
28155
28687
#, no-wrap
28156
28688
msgid ""
28157
28689
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
28159
28691
" online_status"
28160
28692
msgstr ""
28161
28693
28162
#: serverguide/C/dm-multipath.xml:1507(para)
28694
#: serverguide/C/dm-multipath.xml:1508(para)
28163
28695
msgid ""
28164
28696
"For example, the output of a multipath command might appear as follows:"
28165
28697
msgstr ""
28166
28698
28167
#: serverguide/C/dm-multipath.xml:1510(screen)
28699
#: serverguide/C/dm-multipath.xml:1511(screen)
28168
28700
#, no-wrap
28169
28701
msgid ""
28170
28702
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
28175
28707
" `- 7:0:0:0 sdf 8:80 active ready running"
28176
28708
msgstr ""
28177
28709
28178
#: serverguide/C/dm-multipath.xml:1517(para)
28710
#: serverguide/C/dm-multipath.xml:1518(para)
28179
28711
msgid ""
28180
28712
"If the path is up and ready for I/O, the status of the path is <emphasis "
28181
28713
"role=\"bold\">ready</emphasis> or <emphasis "
28186
28718
"defined in the <filename>/etc/multipath.conf</filename> file."
28187
28719
msgstr ""
28188
28720
28189
#: serverguide/C/dm-multipath.xml:1525(para)
28721
#: serverguide/C/dm-multipath.xml:1526(para)
28190
28722
msgid ""
28191
28723
"The dm status is similar to the path status, but from the kernel's point of "
28192
28724
"view. The dm status has two states: <emphasis "
28197
28729
"not agree."
28198
28730
msgstr ""
28199
28731
28200
#: serverguide/C/dm-multipath.xml:1533(para)
28732
#: serverguide/C/dm-multipath.xml:1534(para)
28201
28733
msgid ""
28202
28734
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
28203
28735
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
28206
28738
"disabled."
28207
28739
msgstr ""
28208
28740
28209
#: serverguide/C/dm-multipath.xml:1541(para)
28741
#: serverguide/C/dm-multipath.xml:1542(para)
28210
28742
msgid ""
28211
28743
"When a multipath device is being created or modified , the path group "
28212
28744
"status, the dm device name, the write permissions, and the dm status are not "
28213
28745
"known. Also, the features are not always correct"
28214
28746
msgstr ""
28215
28747
28216
#: serverguide/C/dm-multipath.xml:1548(title)
28748
#: serverguide/C/dm-multipath.xml:1549(title)
28217
28749
msgid "Multipath Queries with multipath Command"
28218
28750
msgstr ""
28219
28751
28220
#: serverguide/C/dm-multipath.xml:1550(para)
28752
#: serverguide/C/dm-multipath.xml:1551(para)
28221
28753
msgid ""
28222
28754
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
28223
28755
"role=\"bold\">-ll</emphasis> options of the <emphasis "
28229
28761
"available components of the system."
28230
28762
msgstr ""
28231
28763
28232
#: serverguide/C/dm-multipath.xml:1559(para)
28764
#: serverguide/C/dm-multipath.xml:1560(para)
28233
28765
msgid ""
28234
28766
"When displaying the multipath configuration, there are three verbosity "
28235
28767
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
28240
28772
"v2</emphasis> prints all detected paths, multipaths, and device maps."
28241
28773
msgstr ""
28242
28774
28243
#: serverguide/C/dm-multipath.xml:1569(para)
28775
#: serverguide/C/dm-multipath.xml:1570(para)
28244
28776
msgid ""
28245
28777
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
28246
28778
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
28249
28781
"of <filename>multipath.conf</filename>."
28250
28782
msgstr ""
28251
28783
28252
#: serverguide/C/dm-multipath.xml:1576(para)
28784
#: serverguide/C/dm-multipath.xml:1577(para)
28253
28785
msgid ""
28254
28786
"The following example shows the output of a <emphasis "
28255
28787
"role=\"bold\">multipath -l</emphasis> command."
28256
28788
msgstr ""
28257
28789
28258
#: serverguide/C/dm-multipath.xml:1579(screen)
28790
#: serverguide/C/dm-multipath.xml:1580(screen)
28259
28791
#, no-wrap
28260
28792
msgid ""
28261
28793
"# multipath -l\n"
28267
28799
" `- 7:0:0:0 sdf 8:80 active ready running"
28268
28800
msgstr ""
28269
28801
28270
#: serverguide/C/dm-multipath.xml:1587(para)
28802
#: serverguide/C/dm-multipath.xml:1588(para)
28271
28803
msgid ""
28272
28804
"The following example shows the output of a <emphasis "
28273
28805
"role=\"bold\">multipath -ll</emphasis> command."
28274
28806
msgstr ""
28275
28807
28276
#: serverguide/C/dm-multipath.xml:1590(screen)
28808
#: serverguide/C/dm-multipath.xml:1591(screen)
28277
28809
#, no-wrap
28278
28810
msgid ""
28279
28811
"# multipath -ll\n"
28290
28822
" `- 18:0:0:3 sdj 8:144 active ready running"
28291
28823
msgstr ""
28292
28824
28293
#: serverguide/C/dm-multipath.xml:1605(title)
28825
#: serverguide/C/dm-multipath.xml:1606(title)
28294
28826
msgid "Multipath Command Options"
28295
28827
msgstr ""
28296
28828
28297
#: serverguide/C/dm-multipath.xml:1607(para)
28829
#: serverguide/C/dm-multipath.xml:1608(para)
28298
28830
msgid ""
28299
28831
"Table <xref endterm=\"useful-multipath-command-options-title\" "
28300
28832
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
28302
28834
"useful."
28303
28835
msgstr ""
28304
28836
28305
#: serverguide/C/dm-multipath.xml:1613(title)
28837
#: serverguide/C/dm-multipath.xml:1614(title)
28306
28838
msgid "Useful multipath Command Options"
28307
28839
msgstr ""
28308
28840
28309
#: serverguide/C/dm-multipath.xml:1622(entry)
28841
#: serverguide/C/dm-multipath.xml:1623(entry)
28310
28842
msgid "Option"
28311
28843
msgstr ""
28312
28844
28313
#: serverguide/C/dm-multipath.xml:1629(emphasis)
28845
#: serverguide/C/dm-multipath.xml:1630(emphasis)
28314
28846
msgid "-l"
28315
28847
msgstr ""
28316
28848
28317
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
28849
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
28318
28850
msgid "sysfs"
28319
28851
msgstr ""
28320
28852
28321
#: serverguide/C/dm-multipath.xml:1630(entry)
28853
#: serverguide/C/dm-multipath.xml:1631(entry)
28322
28854
msgid ""
28323
28855
"Display the current multipath configuration gathered from <placeholder-1/> "
28324
28856
"and the device mapper."
28325
28857
msgstr ""
28326
28858
28327
#: serverguide/C/dm-multipath.xml:1636(emphasis)
28859
#: serverguide/C/dm-multipath.xml:1637(emphasis)
28328
28860
msgid "-ll"
28329
28861
msgstr ""
28330
28862
28331
#: serverguide/C/dm-multipath.xml:1637(entry)
28863
#: serverguide/C/dm-multipath.xml:1638(entry)
28332
28864
msgid ""
28333
28865
"Display the current multipath configuration gathered from <placeholder-1/>, "
28334
28866
"the device mapper, and all other available components on the system."
28335
28867
msgstr ""
28336
28868
28337
#: serverguide/C/dm-multipath.xml:1643(emphasis)
28869
#: serverguide/C/dm-multipath.xml:1644(emphasis)
28338
28870
msgid "-f device"
28339
28871
msgstr ""
28340
28872
28341
#: serverguide/C/dm-multipath.xml:1644(entry)
28873
#: serverguide/C/dm-multipath.xml:1645(entry)
28342
28874
msgid "Remove the named multipath device."
28343
28875
msgstr ""
28344
28876
28345
#: serverguide/C/dm-multipath.xml:1648(emphasis)
28877
#: serverguide/C/dm-multipath.xml:1649(emphasis)
28346
28878
msgid "-F"
28347
28879
msgstr ""
28348
28880
28349
#: serverguide/C/dm-multipath.xml:1649(entry)
28881
#: serverguide/C/dm-multipath.xml:1650(entry)
28350
28882
msgid "Remove all unused multipath devices."
28351
28883
msgstr ""
28352
28884
28353
#: serverguide/C/dm-multipath.xml:1657(title)
28885
#: serverguide/C/dm-multipath.xml:1658(title)
28354
28886
msgid "Determining Device Mapper Entries with dmsetup Command"
28355
28887
msgstr ""
28356
28888
28357
#: serverguide/C/dm-multipath.xml:1659(para)
28889
#: serverguide/C/dm-multipath.xml:1660(para)
28358
28890
msgid ""
28359
28891
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
28360
28892
"out which device mapper entries match the <emphasis "
28361
28893
"role=\"bold\">multipathed</emphasis> devices."
28362
28894
msgstr ""
28363
28895
28364
#: serverguide/C/dm-multipath.xml:1663(para)
28896
#: serverguide/C/dm-multipath.xml:1664(para)
28365
28897
msgid ""
28366
28898
"The following command displays all the device mapper devices and their major "
28367
28899
"and minor numbers. The minor numbers determine the name of the dm device. "
28370
28902
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
28371
28903
msgstr ""
28372
28904
28373
#: serverguide/C/dm-multipath.xml:1669(screen)
28905
#: serverguide/C/dm-multipath.xml:1670(screen)
28374
28906
#, no-wrap
28375
28907
msgid ""
28376
28908
"\n"
28393
28925
" "
28394
28926
msgstr ""
28395
28927
28396
#: serverguide/C/dm-multipath.xml:1690(title)
28928
#: serverguide/C/dm-multipath.xml:1691(title)
28397
28929
msgid "Troubleshooting with the multipathd interactive console"
28398
28930
msgstr ""
28399
28931
28400
#: serverguide/C/dm-multipath.xml:1692(para)
28932
#: serverguide/C/dm-multipath.xml:1693(para)
28401
28933
msgid ""
28402
28934
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
28403
28935
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
28407
28939
"role=\"bold\">CTRL-D</emphasis> to quit."
28408
28940
msgstr ""
28409
28941
28410
#: serverguide/C/dm-multipath.xml:1699(para)
28942
#: serverguide/C/dm-multipath.xml:1700(para)
28411
28943
msgid ""
28412
28944
"The multipathd interactive console can be used to troubleshoot problems you "
28413
28945
"may be having with your system. For example, the following command sequence "
28417
28949
"Multipathd\"</ulink> for more examples."
28418
28950
msgstr ""
28419
28951
28420
#: serverguide/C/dm-multipath.xml:1706(screen)
28952
#: serverguide/C/dm-multipath.xml:1707(screen)
28421
28953
#, no-wrap
28422
28954
msgid ""
28423
28955
"# multipathd -k\n"
28425
28957
" > > CTRL-D"
28426
28958
msgstr ""
28427
28959
28428
#: serverguide/C/dm-multipath.xml:1710(para)
28960
#: serverguide/C/dm-multipath.xml:1711(para)
28429
28961
msgid ""
28430
28962
"The following command sequence ensures that multipath has picked up any "
28431
28963
"changes to the multipath.conf,"
28432
28964
msgstr ""
28433
28965
28434
#: serverguide/C/dm-multipath.xml:1713(screen)
28966
#: serverguide/C/dm-multipath.xml:1714(screen)
28435
28967
#, no-wrap
28436
28968
msgid ""
28437
28969
"\n"
28440
28972
"> > CTRL-D\n"
28441
28973
msgstr ""
28442
28974
28443
#: serverguide/C/dm-multipath.xml:1719(para)
28975
#: serverguide/C/dm-multipath.xml:1720(para)
28444
28976
msgid ""
28445
28977
"Use the following command sequence to ensure that the path checker is "
28446
28978
"working properly."
28447
28979
msgstr ""
28448
28980
28449
#: serverguide/C/dm-multipath.xml:1722(screen)
28981
#: serverguide/C/dm-multipath.xml:1723(screen)
28450
28982
#, no-wrap
28451
28983
msgid ""
28452
28984
"\n"
28455
28987
"> > CTRL-D\n"
28456
28988
msgstr ""
28457
28989
28458
#: serverguide/C/dm-multipath.xml:1728(para)
28990
#: serverguide/C/dm-multipath.xml:1729(para)
28459
28991
msgid ""
28460
28992
"Commands can also be streamed into multipathd using stdin like so:<screen># "
28461
28993
"echo 'show config' | multipathd -k</screen>"
28469
29001
msgid "Ubuntu provides two popular database servers. They are:"
28470
29002
msgstr ""
28471
29003
28472
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
29004
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
28473
29005
msgid "MySQL"
28474
29006
msgstr "MySQL"
28475
29007
28476
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
29008
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
28477
29009
msgid "PostgreSQL"
28478
29010
msgstr "PostgreSQL"
28479
29011
28494
29026
msgid "To install MySQL, run the following command from a terminal prompt:"
28495
29027
msgstr "要安装 MySQL,可以在终端提示符后运行下列命令:"
28496
29028
28497
#: serverguide/C/databases.xml:42(command)
29029
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
28498
29030
msgid "sudo apt-get install mysql-server"
28499
29031
msgstr ""
28500
29032
28501
#: serverguide/C/databases.xml:44(para)
29033
#: serverguide/C/databases.xml:51(para)
28502
29034
msgid ""
28503
29035
"During the installation process you will be prompted to enter a password for "
28504
29036
"the MySQL root user."
28505
29037
msgstr ""
28506
29038
28507
#: serverguide/C/databases.xml:48(para)
29039
#: serverguide/C/databases.xml:55(para)
28508
29040
msgid ""
28509
29041
"Once the installation is complete, the MySQL server should be started "
28510
29042
"automatically. You can run the following command from a terminal prompt to "
28511
29043
"check whether the MySQL server is running:"
28512
29044
msgstr "一旦安装完成,MySQL 服务器应该自动启动。您可以在终端提示符后运行以下命令来检查 MySQL 服务器是否正在运行:"
28513
29045
28514
#: serverguide/C/databases.xml:55(command)
29046
#: serverguide/C/databases.xml:62(command)
28515
29047
msgid "sudo netstat -tap | grep mysql"
28516
29048
msgstr "sudo netstat -tap | grep mysql"
28517
29049
28518
#: serverguide/C/databases.xml:58(para)
29050
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
28519
29051
msgid ""
28520
29052
"When you run this command, you should see the following line or something "
28521
29053
"similar:"
28522
29054
msgstr "当您运行该命令时,您可以看到类似下面的行:"
28523
29055
28524
#: serverguide/C/databases.xml:62(programlisting)
29056
#: serverguide/C/databases.xml:69(programlisting)
28525
29057
#, no-wrap
28526
29058
msgid ""
28527
29059
"\n"
28529
29061
"2556/mysqld\n"
28530
29062
msgstr ""
28531
29063
28532
#: serverguide/C/databases.xml:65(para)
29064
#: serverguide/C/databases.xml:72(para)
28533
29065
msgid ""
28534
29066
"If the server is not running correctly, you can type the following command "
28535
29067
"to start it:"
28536
29068
msgstr "如果服务器不能正常运行,您可以通过下列命令启动它:"
28537
29069
28538
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
29070
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
28539
29071
msgid "sudo service mysql restart"
28540
29072
msgstr ""
28541
29073
28542
#: serverguide/C/databases.xml:74(para)
29074
#: serverguide/C/databases.xml:81(para)
28543
29075
msgid ""
28544
29076
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
28545
29077
"the basic settings -- log file, port number, etc. For example, to configure "
28547
29079
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
28548
29080
msgstr ""
28549
29081
28550
#: serverguide/C/databases.xml:80(programlisting)
29082
#: serverguide/C/databases.xml:87(programlisting)
28551
29083
#, no-wrap
28552
29084
msgid ""
28553
29085
"\n"
28554
29086
"bind-address = 192.168.0.5\n"
28555
29087
msgstr ""
28556
29088
28557
#: serverguide/C/databases.xml:84(para)
29089
#: serverguide/C/databases.xml:91(para)
28558
29090
msgid "Replace 192.168.0.5 with the appropriate address."
28559
29091
msgstr ""
28560
29092
28561
#: serverguide/C/databases.xml:88(para)
29093
#: serverguide/C/databases.xml:95(para)
28562
29094
msgid ""
28563
29095
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28564
29096
"daemon will need to be restarted:"
28565
29097
msgstr ""
28566
29098
28567
#: serverguide/C/databases.xml:95(para)
29099
#: serverguide/C/databases.xml:102(para)
28568
29100
msgid ""
28569
29101
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28570
29102
"a terminal enter:"
28571
29103
msgstr ""
28572
29104
28573
#: serverguide/C/databases.xml:100(command)
29105
#: serverguide/C/databases.xml:107(command)
28574
29106
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28575
29107
msgstr ""
28576
29108
28577
#: serverguide/C/databases.xml:102(para)
29109
#: serverguide/C/databases.xml:109(para)
28578
29110
msgid ""
28579
29111
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28580
29112
"password."
28581
29113
msgstr ""
28582
29114
28583
#: serverguide/C/databases.xml:107(title)
29115
#: serverguide/C/databases.xml:114(title)
28584
29116
msgid "Database Engines"
28585
29117
msgstr ""
28586
29118
28587
#: serverguide/C/databases.xml:108(para)
29119
#: serverguide/C/databases.xml:115(para)
28588
29120
msgid ""
28589
29121
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28590
29122
"perfectly functional and performs well there are things you may wish to "
28591
29123
"consider before you proceed."
28592
29124
msgstr ""
28593
29125
28594
#: serverguide/C/databases.xml:112(para)
29126
#: serverguide/C/databases.xml:119(para)
28595
29127
msgid ""
28596
29128
"MySQL is designed to allow data to be stored in different ways. These "
28597
29129
"methods are referred to as either database or storage engines. There are two "
28601
29133
"use, you will interact with the database in the same way."
28602
29134
msgstr ""
28603
29135
28604
#: serverguide/C/databases.xml:119(para)
29136
#: serverguide/C/databases.xml:126(para)
28605
29137
msgid "Each engine has its own advantages and disadvantages."
28606
29138
msgstr ""
28607
29139
28608
#: serverguide/C/databases.xml:122(para)
29140
#: serverguide/C/databases.xml:129(para)
28609
29141
msgid ""
28610
29142
"While it is possible, and may be advantageous to mix and match database "
28611
29143
"engines on a table level, doing so reduces the effectiveness of the "
28613
29145
"two engines instead of dedicating them to one."
28614
29146
msgstr ""
28615
29147
28616
#: serverguide/C/databases.xml:129(para)
29148
#: serverguide/C/databases.xml:136(para)
28617
29149
msgid ""
28618
29150
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
28619
29151
"circumstances and favours a read only workload. Some web applications have "
28629
29161
"production/\">MyISAM on a production database</ulink>."
28630
29162
msgstr ""
28631
29163
28632
#: serverguide/C/databases.xml:143(para)
29164
#: serverguide/C/databases.xml:150(para)
28633
29165
msgid ""
28634
29166
"InnoDB is a more modern database engine, designed to be <ulink "
28635
29167
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
28642
29174
"reliable data recovery as data consistency can be checked."
28643
29175
msgstr ""
28644
29176
28645
#: serverguide/C/databases.xml:156(para)
29177
#: serverguide/C/databases.xml:163(para)
28646
29178
msgid ""
28647
29179
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
28648
29180
"MyISAM unless you have specific need for features unique to the engine."
28649
29181
msgstr ""
28650
29182
28651
#: serverguide/C/databases.xml:163(title)
29183
#: serverguide/C/databases.xml:170(title)
28652
29184
msgid "Creating a tuned my.cnf file"
28653
29185
msgstr ""
28654
29186
28655
#: serverguide/C/databases.xml:164(para)
29187
#: serverguide/C/databases.xml:171(para)
28656
29188
msgid ""
28657
29189
"There are a number of parameters that can be adjusted within MySQL's "
28658
29190
"configuration file that will allow you to improve the performance of the "
28705
29237
"</screen> Once that is complete all is good to go!"
28706
29238
msgstr ""
28707
29239
28708
#: serverguide/C/databases.xml:206(para)
29240
#: serverguide/C/databases.xml:213(para)
28709
29241
msgid ""
28710
29242
"This is not necessary for all my.cnf changes. Most of the variables you may "
28711
29243
"wish to change to improve performance are adjustable even whilst the server "
28713
29245
"files and data before making changes."
28714
29246
msgstr ""
28715
29247
28716
#: serverguide/C/databases.xml:215(title)
29248
#: serverguide/C/databases.xml:222(title)
28717
29249
msgid "MySQL Tuner"
28718
29250
msgstr ""
28719
29251
28720
#: serverguide/C/databases.xml:216(para)
29252
#: serverguide/C/databases.xml:223(para)
28721
29253
msgid ""
28722
29254
"<application>MySQL Tuner</application> is a useful tool that will connect to "
28723
29255
"a running MySQL instance and offer suggestions for how it can be best "
28749
29281
"</screen>"
28750
29282
msgstr ""
28751
29283
28752
#: serverguide/C/databases.xml:250(para)
29284
#: serverguide/C/databases.xml:257(para)
28753
29285
msgid ""
28754
29286
"One final comment on tuning databases: Whilst we can broadly say that "
28755
29287
"certain settings are the best, performance can vary from application to "
28764
29296
"either using more powerful hardware or by adding slave servers."
28765
29297
msgstr ""
28766
29298
28767
#: serverguide/C/databases.xml:267(para)
29299
#: serverguide/C/databases.xml:274(para)
28768
29300
msgid ""
28769
29301
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
28770
29302
"more information."
28771
29303
msgstr ""
28772
29304
28773
#: serverguide/C/databases.xml:272(para)
29305
#: serverguide/C/databases.xml:279(para)
28774
29306
msgid ""
28775
29307
"Full documentation is available in both online and offline formats from the "
28776
29308
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
28777
29309
msgstr ""
28778
29310
28779
#: serverguide/C/databases.xml:278(para)
29311
#: serverguide/C/databases.xml:285(para)
28780
29312
msgid ""
28781
29313
"For general SQL information see <ulink "
28782
29314
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
28783
29315
"SQL Special Edition</ulink> by Rafe Colburn."
28784
29316
msgstr ""
28785
29317
28786
#: serverguide/C/databases.xml:284(para)
29318
#: serverguide/C/databases.xml:291(para)
28787
29319
msgid ""
28788
29320
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
28789
29321
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
28802
29334
"in the command prompt:"
28803
29335
msgstr ""
28804
29336
28805
#: serverguide/C/databases.xml:307(command)
29337
#: serverguide/C/databases.xml:314(command)
28806
29338
msgid "sudo apt-get install postgresql"
28807
29339
msgstr "sudo apt-get install postgresql"
28808
29340
28849
29381
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
28850
29382
msgstr ""
28851
29383
28852
#: serverguide/C/databases.xml:339(para)
29384
#: serverguide/C/databases.xml:346(para)
28853
29385
msgid ""
28854
29386
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
28855
29387
"change it to:"
28881
29413
"default <application>PostgreSQL</application> template database:"
28882
29414
msgstr ""
28883
29415
28884
#: serverguide/C/databases.xml:362(command)
29416
#: serverguide/C/databases.xml:370(command)
28885
29417
msgid "sudo -u postgres psql template1"
28886
29418
msgstr "sudo -u postgres psql template1"
28887
29419
28895
29427
"user <emphasis role=\"italics\">postgres</emphasis>."
28896
29428
msgstr ""
28897
29429
28898
#: serverguide/C/databases.xml:372(command)
29430
#: serverguide/C/databases.xml:380(command)
28899
29431
msgid "ALTER USER postgres with encrypted password 'your_password';"
28900
29432
msgstr ""
28901
29433
28907
29439
"<emphasis>postgres</emphasis> user:"
28908
29440
msgstr ""
28909
29441
28910
#: serverguide/C/databases.xml:380(programlisting)
29442
#: serverguide/C/databases.xml:388(programlisting)
28911
29443
#, no-wrap
28912
29444
msgid ""
28913
29445
"\n"
28914
29446
"local all postgres md5\n"
28915
29447
msgstr ""
28916
29448
28917
#: serverguide/C/databases.xml:384(para)
29449
#: serverguide/C/databases.xml:392(para)
28918
29450
msgid ""
28919
29451
"Finally, you should restart the <application>PostgreSQL</application> "
28920
29452
"service to initialize the new configuration. From a terminal prompt enter "
28950
29482
msgid "Replace the domain name with your actual server domain name."
28951
29483
msgstr ""
28952
29484
28953
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
29485
#: serverguide/C/backups.xml:11(title)
28954
29486
msgid "Backups"
28955
29487
msgstr "备份"
28956
29488
28981
29513
"9.1/html/index.html</command> into the address bar of your browser."
28982
29514
msgstr ""
28983
29515
28984
#: serverguide/C/databases.xml:436(para)
29516
#: serverguide/C/databases.xml:426(para)
28985
29517
msgid ""
28986
29518
"For general SQL information see <ulink "
28987
29519
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
28988
29520
"Special Edition</ulink> by Rafe Colburn."
28989
29521
msgstr ""
28990
29522
28991
#: serverguide/C/databases.xml:442(para)
29523
#: serverguide/C/databases.xml:432(para)
28992
29524
msgid ""
28993
29525
"Also, see the <ulink "
28994
29526
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
30877
31409
" Jeremy Bicha https://launchpad.net/~jbicha\n"
30878
31410
" zhxq https://launchpad.net/~zhxq"
30879
31411
30880
#~ msgid ""
30881
#~ "This section explains Apache2 server essential configuration parameters. "
30882
#~ "Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
30883
#~ "Documentation</ulink> for more details."
30884
#~ msgstr ""
30885
#~ "这一节讲述了Apache2服务器的基本配置参数。更详细的资料请查阅<ulink "
30886
#~ "url=\"http://httpd.apache.org/docs/2.2/\">Apache2文档</ulink>"
30887
30888
#~ msgid ""
30889
#~ "Apache2 ships with a virtual-host-friendly default configuration. That is, "
30890
#~ "it is configured with a single default virtual host (using the "
30891
#~ "<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
30892
#~ "if you have a single site, or used as a template for additional virtual "
30893
#~ "hosts if you have multiple sites. If left alone, the default virtual host "
30894
#~ "will serve as your default site, or the site users will see if the URL they "
30895
#~ "enter does not match the <emphasis>ServerName</emphasis> directive of any of "
30896
#~ "your custom sites. To modify the default virtual host, edit the file "
30897
#~ "<filename>/etc/apache2/sites-available/default</filename>."
30898
#~ msgstr ""
30899
#~ "Apache2以一个“虚拟主机友好”的默认配置来部署。也就是说,它以一个默认的虚拟主机(用<emphasis>VirtualHost</emphasis>"
30900
#~ "指令)来配置。如果你只有一个站点,这个配置可以修改,也可以直接使用;或者如果你有多个站点,也可以把它当作模板来添加新的虚拟主机。如果不做改变的话,默认的虚"
30901
#~ "拟主机将作为你的默认站点,否则站点用户将会看到他们所输入的URL是否没有匹配任何你的客户站点的<emphasis>ServerName</emphasis"
30902
#~ ">指令。要修改默认的虚拟主机,请编辑文件<filename>/etc/apache2/sites-"
30903
#~ "available/default</filename>。"
30904
30905
#~ msgid ""
30906
#~ "sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
30907
#~ "available/mynewsite"
30908
#~ msgstr ""
30909
#~ "sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
30910
#~ "available/mynewsite"
30911
30912
#~ msgid ""
30913
#~ "The <emphasis>ServerName</emphasis> directive is optional and specifies what "
30914
#~ "FQDN your site should answer to. The default virtual host has no ServerName "
30915
#~ "directive specified, so it will respond to all requests that do not match a "
30916
#~ "ServerName directive in another virtual host. If you have just acquired the "
30917
#~ "domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
30918
#~ "value of the ServerName directive in your virtual host configuration file "
30919
#~ "should be ubunturocks.com. Add this directive to the new virtual host file "
30920
#~ "you created earlier (<filename>/etc/apache2/sites-"
30921
#~ "available/mynewsite</filename>)."
30922
#~ msgstr ""
30923
#~ "这<emphasis>服务器名</emphasis>指令是可选的,并且指定回答你站点的 FQDN "
30924
#~ "。默认虚拟主机没有指定服务器指令。因此,它将会响应在另一虚拟主机不匹配服务器指令的所有请求。如果你仅取得 ubunturocks.com 域名并希望建立 "
30925
#~ "Ubuntu 服务器,重要的是你要在虚拟主机配置文件里服务器指令应该设为 ubunturocks.com 。把这指令加到较早前你新创建的虚拟主机文件。"
30926
30927
#, no-wrap
30928
#~ msgid ""
30929
#~ "\n"
30930
#~ "<Directory /var/www/mynewsite>\n"
30931
#~ "...\n"
30932
#~ "</Directory>\n"
30933
#~ msgstr ""
30934
#~ "\n"
30935
#~ "<Directory /var/www/mynewsite>\n"
30936
#~ "...\n"
30937
#~ "</Directory>\n"
30938
30939
#~ msgid ""
30940
#~ "<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
30941
#~ "multiviews; this option is disabled by default for security reasons. See the "
30942
#~ "<ulink "
30943
#~ "url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
30944
#~ "Apache2 documentation on this option</ulink>."
30945
#~ msgstr ""
30946
#~ "<emphasis role=\"bold\">Multiview</emphasis> - 支持内容协商多视图,出于安全原因,该选项默认是被禁止的。 "
30947
#~ "请参考 <ulink "
30948
#~ "url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
30949
#~ "Apache2 关于该选项的文档</ulink>。"
30950
30951
#~ msgid ""
30952
#~ "<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
30953
#~ "Documentation</ulink> contains in depth information on Apache2 configuration "
30954
#~ "directives. Also, see the <application>apache2-doc</application> package for "
30955
#~ "the official Apache2 docs."
30956
#~ msgstr ""
30957
#~ "<ulink url=\"http://httpd.apache.org/docs/2.2/\"> Apache2 文档</ulink>包含 "
30958
#~ "Apache2 配置指令更深层的信息。同样也可参考官方 Apache2 docs 文档<application>apache2-"
30959
#~ "doc</application>包。"
30960
30961
#~ msgid ""
30962
#~ "Modify the <filename>/etc/apache2/sites-available/default</filename> "
30963
#~ "configuration file to setup your domains."
30964
#~ msgstr ""
30965
#~ "修改配置文件<filename>/etc/apache2/sites-available/default</filename>以建立起你的域名。"
30966
30967
#~ msgid "What is vmbuilder"
30968
#~ msgstr "什么是 vmbuilder"
30969
30970
#~ msgid ""
30971
#~ "You can pass command line options to add extra packages, remove packages, "
30972
#~ "choose which version of Ubuntu, which mirror etc. On recent hardware with "
30973
#~ "plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
30974
#~ "a local mirror, you can bootstrap a VM in less than a minute."
30975
#~ msgstr ""
30976
#~ "您可通过命令行选项来添加额外安装包,移除安装包,选择 Ubuntu "
30977
#~ "版本的镜像等等。会列出最近大量内存的硬件,临时目录在<filename>/dev/shm</filename>或者使用 tmpfs 和 "
30978
#~ "本地镜像,您可在一分钟内启动 VM。"
30979
30980
#~ msgid "Develop it so that it can be reused by other distributions."
30981
#~ msgstr "使之流传开发能由其它发布版本重复使用。"
30982
30983
#~ msgid ""
30984
#~ "Use a plugin mechanisms for all virtualization interactions so that others "
30985
#~ "can easily add logic for other virtualization environments."
30986
#~ msgstr "为所有虚拟化的互动使用插件途径,使其他人能方便添加逻辑虚拟环境。"
30987
30988
#~ msgid ""
30989
#~ "Provide an easy to maintain web interface as an option to the command line "
30990
#~ "interface."
30991
#~ msgstr "提供作为个命令行界面的选项能简单维护 web 的界面。"
30992
30993
#~ msgid "But the general principles and commands remain the same."
30994
#~ msgstr "但一般原则和命令仍保持不变。"
30995
30996
#~ msgid "Initial Setup"
30997
#~ msgstr "初始安装"
30998
30999
#~ msgid ""
31000
#~ "It is assumed that you have installed and configured "
31001
#~ "<application>libvirt</application> and <application>KVM</application> "
31002
#~ "locally on the machine you are using. For details on how to perform this, "
31003
#~ "please refer to:"
31004
#~ msgstr ""
31005
#~ "假如您已经安装并配置<application>libvirt</application>和<application>KVM</application>在本"
31006
#~ "地的机器上。关于如何执行的更多细节请浏览:"
31007
31008
#~ msgid ""
31009
#~ "The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
31010
#~ "page."
31011
#~ msgstr ""
31012
#~ "<ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki 页面。"
31013
31014
#~ msgid ""
31015
#~ "We also assume that you know how to use a text based text editor such as "
31016
#~ "nano or vi. If you have not used any of them before, you can get an overview "
31017
#~ "of the various text editors available by reading the <ulink "
31018
#~ "url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
31019
#~ "tEditors</ulink> page. This tutorial has been done on KVM, but the general "
31020
#~ "principle should remain on other virtualization technologies."
31021
#~ msgstr ""
31022
#~ "我们同样设定您知道怎样使用基于文本格式文本编辑器,例如nano或者vi。如果您之前没有使用过其中任何一个,可以通过阅读<ulink "
31023
#~ "url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
31024
#~ "tEditors</ulink>页面来获得对各种文本编辑器的大致了解。这指南是针对 KVM 完成的,但一般原则应该对其他的虚拟化技术做保留。"
31025
31026
#~ msgid "Install vmbuilder"
31027
#~ msgstr "安装l vmbuilder"
31028
31029
#~ msgid ""
31030
#~ "The name of the package that we need to install is <application>python-vm-"
31031
#~ "builder</application>. In a terminal prompt enter:"
31032
#~ msgstr "我们必需要安装的安装包名字是<application>python-vm-builder</application>。在终端提示里键入:"
31033
31034
#~ msgid "sudo apt-get install python-vm-builder"
31035
#~ msgstr "sudo apt-get install python-vm-builder"
31036
31037
#~ msgid ""
31038
#~ "If you are running Hardy, you can still perform most of this using the older "
31039
#~ "version of the package named <application>ubuntu-vm-builder</application>, "
31040
#~ "there are only a few changes to the syntax of the tool."
31041
#~ msgstr ""
31042
#~ "如果您在运行 Hardy,你仍可以执行大多数使用的是旧版本且命名为<application>ubuntu-vm-"
31043
#~ "builder</application>的老版本,只有少数语法变化的工具。"
31044
31045
#~ msgid "Defining Your Virtual Machine"
31046
#~ msgstr "定义您的虚拟机"
31047
31048
#~ msgid ""
31049
#~ "Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
31050
#~ "are a few thing to consider:"
31051
#~ msgstr "定义 Ubuntu 的 vmbuilder 虚拟机非常简单,但这里有几点是要考虑的:"
31052
31053
#~ msgid ""
31054
#~ "If you plan on shipping a virtual appliance, do not assume that the end-user "
31055
#~ "will know how to extend disk size to fit their need, so either plan for a "
31056
#~ "large virtual disk to allow for your appliance to grow, or explain fairly "
31057
#~ "well in your documentation how to allocate more space. It might actually be "
31058
#~ "a good idea to store data on some separate external storage."
31059
#~ msgstr ""
31060
#~ "如果你想部署一个虚拟应用,不要假设终端用户会知道如何扩展磁盘空间以使之适合他们的需要。因此,要么预留一个大的虚拟磁盘来允许你的应用的增长,要么在你的文档里"
31061
#~ "详细的说明如何获取更多的空间。把数据分别存放在不同的扩展存储器上是再好不过的主意了。"
31062
31063
#~ msgid ""
31064
#~ "Given that RAM is much easier to allocate in a VM, RAM size should be set to "
31065
#~ "whatever you think is a safe minimum for your appliance."
31066
#~ msgstr "内存在虚拟机中的分配比较容易一些,内存大小应该被设置为你想要的装置所需的最小安全值。"
31067
31068
#~ msgid ""
31069
#~ "The <application>vmbuilder</application> command has 2 main parameters: the "
31070
#~ "<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
31071
#~ "<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
31072
#~ "and can be found using the following command:"
31073
#~ msgstr ""
31074
#~ "<application>vmbuilder</application>命令有 2 "
31075
#~ "个主要参数:<emphasis>虚拟化技术(hypervisor)</emphasis>和<emphasis>发布</emphasis>目标。可选参数可是"
31076
#~ "相当多的,可使用以下命令:"
31077
31078
#~ msgid "Base Parameters"
31079
#~ msgstr "基本参数"
31080
31081
#~ msgid ""
31082
#~ "The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
31083
#~ "flavour</emphasis> specifies that we want to use the virtual kernel (that's "
31084
#~ "the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
31085
#~ "that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
31086
#~ "vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
31087
#~ "libvirt</emphasis> tells to inform the local virtualization environment to "
31088
#~ "add the resulting VM to the list of available machines."
31089
#~ msgstr ""
31090
#~ "The <emphasis>--suite</emphasis>定义 Ubuntu 版本,<emphasis>--"
31091
#~ "flavour</emphasis>规定,我们要使用的虚拟内核(这是用来建立一个 JeOS 图像),<emphasis>--"
31092
#~ "arch</emphasis>告诉我们要使用 32 位的机器,<emphasis>-o</emphasis> 告诉 vmbuilder "
31093
#~ "覆盖虚拟机的上个版本和 <emphasis>--libvirt</emphasis>通知本地虚拟化环境增加导致虚拟机的名单上可用机器。"
31094
31095
#~ msgid "Notes:"
31096
#~ msgstr "备注:"
31097
31098
#~ msgid ""
31099
#~ "Because of the nature of operations performed by vmbuilder, it needs to have "
31100
#~ "root privilege, hence the use of sudo."
31101
#~ msgstr "由于 vmbuilder 所要执行的任务,它需要有 root 权限,因此请使用命令 sudo 。"
31102
31103
#~ msgid ""
31104
#~ "If your virtual machine needs to use more than 3Gb of ram, you should build "
31105
#~ "a 64 bit machine (--arch amd64)."
31106
#~ msgstr "如果您的虚拟机需要使用超过 3Gb 的内存,应该建立64位虚拟机(--arch amd64)。"
31107
31108
#~ msgid ""
31109
#~ "Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
31110
#~ "architecture, so if you want to define an amd64 machine on Hardy, you should "
31111
#~ "use <emphasis>--flavour</emphasis> server instead."
31112
#~ msgstr ""
31113
#~ "直到 Ubuntu 8.10 版本虚拟内核技术仅建立在 32 位结构,如果您想在 amd64 机器上安装 Hardy,您应使用<emphasis>--"
31114
#~ "flavour</emphasis>服务器来代替使用。"
31115
31116
#~ msgid "Assigning a fixed IP address"
31117
#~ msgstr "分配一个规定 IP 地址"
31118
31119
#~ msgid ""
31120
#~ "As a virtual appliance that may be deployed on various very different "
31121
#~ "networks, it is very difficult to know what the actual network will look "
31122
#~ "like. In order to simplify configuration, it is a good idea to take an "
31123
#~ "approach similar to what network hardware vendors usually do, namely "
31124
#~ "assigning an initial fixed IP address to the appliance in a private class "
31125
#~ "network that you will provide in your documentation. An address in the range "
31126
#~ "192.168.0.0/255 is usually a good choice."
31127
#~ msgstr ""
31128
#~ "对于一个可能被部署到大不相同的各种网络上的虚拟装备来说,很难了解实际的网络是什么样的。为了简化配置,好的办法就是采取网络硬件供应商通常采取的办法,也就是在"
31129
#~ "一个你要在文档中提供的私有级别的网络里,给装置分配一个初始的固定IP地址。地址范围为192.168.0.0/255通常是个好选择。"
31130
31131
#~ msgid "To do this we'll use the following parameters:"
31132
#~ msgstr "做这种我们会使用下面的参数:"
31133
31134
#~ msgid ""
31135
#~ "<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
31136
#~ "dhcp if not specified)"
31137
#~ msgstr "<emphasis>--ip ADDRESS</emphasis>:IP 地址的指派(如没指定默认为 dhcp )"
31138
31139
#~ msgid ""
31140
#~ "<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
31141
#~ "255.255.255.0)"
31142
#~ msgstr "<emphasis>--net VALUE</emphasis>:IP 子网俺码的指派(默认:255.255.255.0)"
31143
31144
#~ msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
31145
#~ msgstr "<emphasis>--net VALUE</emphasis>:IP 网络地址(默认:X.X.X.0)"
31146
31147
#~ msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
31148
#~ msgstr "<emphasis>--bcast VALUE</emphasis>:IP 广播地址(默认:X.X.X.255)"
31149
31150
#~ msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
31151
#~ msgstr "<emphasis>--gw ADDRESS</emphasis>:网关地址(默认:X.X.X.1)"
31152
31153
#~ msgid ""
31154
#~ "<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
31155
#~ msgstr "<emphasis>--dns ADDRESS</emphasis>:DNS 服务器地址:(默认:X.X.X.1)"
31156
31157
#~ msgid ""
31158
#~ "We assume for now that default values are good enough, so the resulting "
31159
#~ "invocation becomes:"
31160
#~ msgstr "我们承认目前默认值不够好,所以导致调用变成:"
31161
31162
#~ msgid ""
31163
#~ "Partitioning of the virtual appliance will have to take into consideration "
31164
#~ "what you are planning to do with is. Because most appliances want to have a "
31165
#~ "separate storage for data, having a separate <filename>/var</filename> would "
31166
#~ "make sense."
31167
#~ msgstr ""
31168
#~ "您必须认真考虑计划去做虚拟设备的分区的事。因为大多数设备只单独为数据存储,有个独立的<filename>/var</filename>分区是个明智的选择。"
31169
31170
#~ msgid ""
31171
#~ "In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
31172
#~ msgstr "vmbuilder 为我们提供<emphasis>--part</emphasis>来做到这点:"
31173
31174
#~ msgid ""
31175
#~ "In our case we will define a text file name "
31176
#~ "<filename>vmbuilder.partition</filename> which will contain the following:"
31177
#~ msgstr "就我们而言,我们会定义文本文件命名为<filename>vmbuilder.partition</filename>,这包含以下内容:"
31178
31179
#, no-wrap
31180
#~ msgid ""
31181
#~ "\n"
31182
#~ "root 8000\n"
31183
#~ "swap 4000\n"
31184
#~ "---\n"
31185
#~ "/var 20000\n"
31186
#~ msgstr ""
31187
#~ "\n"
31188
#~ "root 8000\n"
31189
#~ "swap 4000\n"
31190
#~ "---\n"
31191
#~ "/var 20000\n"
31192
31193
#~ msgid ""
31194
#~ "Note that as we are using virtual disk images, the actual sizes that we put "
31195
#~ "here are maximum sizes for these volumes."
31196
#~ msgstr "注意的是我们正使用虚拟镜像盘,把这些卷的最大值设为实际大小值。"
31197
31198
#~ msgid "Our command line now looks like:"
31199
#~ msgstr "现在我们使用的命令行看起来像:"
31200
31201
#~ msgid ""
31202
#~ "Using a \"\\\" in a command will allow long command strings to wrap to the "
31203
#~ "next line."
31204
#~ msgstr "在命令里使用 “\\” 将允许换行时截断长字符串的命令。"
31205
31206
#~ msgid "User and Password"
31207
#~ msgstr "用户和密码"
31208
31209
#~ msgid ""
31210
#~ "Again setting up a virtual appliance, you will need to provide a default "
31211
#~ "user and password that is generic so that you can include it in your "
31212
#~ "documentation. We will see later on in this tutorial how we will provide "
31213
#~ "some security by defining a script that will be run the first time a user "
31214
#~ "actually logs in the appliance, that will, among other things, ask him to "
31215
#~ "change his password. In this example I will use <emphasis>'user'</emphasis> "
31216
#~ "as my user name, and <emphasis>'default'</emphasis> as the password."
31217
#~ msgstr ""
31218
#~ "再次建立个虚拟设置,您需要提供通用的默认用户名和密码,让它可以包含在您的文档中。我们将看到后来的指南中将如何提供一些由脚本定义的安全性,该脚本将实际记录用"
31219
#~ "户首次运行设备上,除此之外,会询问是否改变密码。在这例子中将会使用<emphasis>'user'</emphasis>来做为用户名和<emphasis>"
31220
#~ "'default'</emphasis>做来密码。"
31221
31222
#~ msgid "To do this we use the following optional parameters:"
31223
#~ msgstr "采用这步骤要使用以下可选参数:"
31224
31225
#~ msgid ""
31226
#~ "<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
31227
#~ "Default: ubuntu."
31228
#~ msgstr "<emphasis>--user USERNAME:</emphasis>添加新的用户名。默认名为:ubuntu。"
31229
31230
#~ msgid ""
31231
#~ "<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
31232
#~ "added. Default: Ubuntu."
31233
#~ msgstr "<emphasis>--name FULLNAME:</emphasis>添加新的用户全名。默认名为:Ubuntu。"
31234
31235
#~ msgid ""
31236
#~ "<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
31237
#~ "Default: ubuntu."
31238
#~ msgstr "<emphasis>--pass PASSWORD:</emphasis>为用户名设置密码。默认值为:ubuntu。"
31239
31240
#~ msgid "Our resulting command line becomes:"
31241
#~ msgstr "我们的生效命令行成为:"
31242
31243
#~ msgid "Installing Required Packages"
31244
#~ msgstr "安装需要的包"
31245
31246
#~ msgid ""
31247
#~ "In this example we will be installing a package "
31248
#~ "<application>(Limesurvey)</application> that accesses a "
31249
#~ "<application>MySQL</application> database and has a web interface. We will "
31250
#~ "therefore require our OS to provide us with:"
31251
#~ msgstr ""
31252
#~ "在这样例中我们将安装<application>(Limesurvey)</application>软件包以能够访问有 web "
31253
#~ "接面的<application>MySQL</application>数据库。因此需要操作系统为我们提供:"
31254
31255
#~ msgid "Apache"
31256
#~ msgstr "Apache"
31257
31258
#~ msgid "PHP"
31259
#~ msgstr "PHP"
31260
31261
#~ msgid "Limesurvey (as an example application that we have packaged)"
31262
#~ msgstr "Limesurvey (做为样例我们应打包应用程序)"
31263
31264
#, no-wrap
31265
#~ msgid ""
31266
#~ "\n"
31267
#~ "--addpkg PKG\n"
31268
#~ " Install PKG into the guest (can be specfied multiple times)\n"
31269
#~ msgstr ""
31270
#~ "\n"
31271
#~ "--addpkg PKG\n"
31272
#~ " 安装 PKG 在 guest 帐号里 (能指定安装时间)\n"
31273
31274
#~ msgid ""
31275
#~ "However, due to the way vmbuilder operates, packages that have to ask "
31276
#~ "questions to the user during the post install phase are not supported and "
31277
#~ "should instead be installed while interactivity can occur. This is the case "
31278
#~ "of Limesurvey, which we will have to install later, once the user logs in."
31279
#~ msgstr ""
31280
#~ "然而,由于vmbuilder的操作方式,报在安装过程步骤中向用户提出问题的功能并不被支持,作为替代,在可以交互的时候才被安装。举例来说,Limesurve"
31281
#~ "y就是这样的,这个软件将在随后登录之后安装。"
31282
31283
#~ msgid ""
31284
#~ "Other packages that ask simple debconf question, such as <application>mysql-"
31285
#~ "server</application> asking to set a password, the package can be installed "
31286
#~ "immediately, but we will have to reconfigure it the first time the user logs "
31287
#~ "in."
31288
#~ msgstr ""
31289
#~ "其它软件包会要求简单的 debconf 问题,例如<application>mysql-"
31290
#~ "server</application>询问是否设置密码,软件包可以立即安装,但我们不得不将重设置在用户首次登陆上。"
31291
31292
#~ msgid ""
31293
#~ "If some packages that we need to install are not in main, we need to enable "
31294
#~ "the additional repositories using --comp and --ppa:"
31295
#~ msgstr "如果安装的些软件包不是主要的,那我们需要使额外的库来使用 --comp 和 --ppa:"
31296
31297
#~ msgid ""
31298
#~ "Limesurvey not being part of the archive at the moment, we'll specify it's "
31299
#~ "PPA (personal package archive) address so that it is added to the VM "
31300
#~ "<filename>/etc/apt/source.list</filename>, so we add the following options "
31301
#~ "to the command line:"
31302
#~ msgstr ""
31303
#~ "此刻 Limesurvey 不是做为存档的一部分,我们将指定它的 "
31304
#~ "PPA(个人软件包存档)地址以便加入到虚拟机<filename>/etc/apt/source.list</filename>,所以我们把以下选项加到命令"
31305
#~ "行:"
31306
31307
#~ msgid "Speed Considerations"
31308
#~ msgstr "敏捷思考"
31309
31310
#~ msgid "Package Caching"
31311
#~ msgstr "包缓存"
31312
31313
#~ msgid "sudo apt-get install apt-proxy"
31314
#~ msgstr "sudo apt-get install apt-proxy"
31315
31316
#~ msgid ""
31317
#~ "Once this is complete, your (empty) proxy is ready for use on "
31318
#~ "http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
31319
#~ "vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
31320
#~ "option:"
31321
#~ msgstr ""
31322
#~ "一旦这完成后,您的(空)代理准备用于 http://mirroraddress:9999 和找到在存放在 /ubuntu 目录下的 ubuntu "
31323
#~ "。为了能让 vmbuilder 能使用它,我们必须使用<emphasis>--mirror</emphasis>选项:"
31324
31325
#, no-wrap
31326
#~ msgid ""
31327
#~ "\n"
31328
#~ "--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
31329
#~ " is http://archive.ubuntu.com/ubuntu for official\n"
31330
#~ " arches and http://ports.ubuntu.com/ubuntu-ports\n"
31331
#~ " otherwise\n"
31332
#~ msgstr ""
31333
#~ "\n"
31334
#~ "--mirror=使用 Ubuntu 镜像 URL 来代替,URL\n"
31335
#~ " 官方网是 http://archive.ubuntu.com/ubuntu\n"
31336
#~ " 主站和 http://ports.ubuntu.com/ubuntu-ports\n"
31337
#~ " 否则\n"
31338
31339
#~ msgid "So we add to the command line:"
31340
#~ msgstr "因此加进命令行:"
31341
31342
#~ msgid "--mirror http://mirroraddress:9999/ubuntu"
31343
#~ msgstr "--mirror http://mirroraddress:9999/ubuntu"
31344
31345
#~ msgid "Install a Local Mirror"
31346
#~ msgstr "安装本地镜像"
31347
31348
#~ msgid ""
31349
#~ "If we are in a larger environment, it may make sense to setup a local mirror "
31350
#~ "of the Ubuntu repositories. The package apt-mirror provides you with a "
31351
#~ "script that will handle the mirroring for you. You should plan on having "
31352
#~ "about 20 gigabyte of free space per supported release and architecture."
31353
#~ msgstr ""
31354
#~ "如果我们在一个大环境中,建立一个Ubuntu的本地源是有意义的。apt-"
31355
#~ "mirror使用脚本提供给你的包将处理您的镜像问题。您应该针对每个发行版和架构计划保留20GB的自由空间。"
31356
31357
#~ msgid ""
31358
#~ "Notice that the source packages are not mirrored as they are seldom used "
31359
#~ "compared to the binaries and they do take a lot more space, but they can be "
31360
#~ "easily added to the list."
31361
#~ msgstr "注意,源码包并没有被镜像,因为和二进制包相比它们使用的很少,但是却占用更多的空间。不过它们可以很容易的添加到列表。"
31362
31363
#~ msgid ""
31364
#~ "Once the mirror has finished replicating (and this can be quite long), you "
31365
#~ "need to configure Apache so that your mirror files (in "
31366
#~ "<filename>/var/spool/apt-mirror</filename> if you did not change the "
31367
#~ "default), are published by your Apache server. For more information on "
31368
#~ "Apache see <xref linkend=\"httpd\"/>."
31369
#~ msgstr ""
31370
#~ "一旦镜像完成复制(这可能需要很长时间),你需要设置Apache,因为您的镜像文件(没有修改的话,默认在<filename>/var/spool/apt-"
31371
#~ "mirror</filename>)是通过您的Apache服务器来发布的。关于Apache的更多信息,请参见<xref "
31372
#~ "linkend=\"httpd\"/>"
31373
31374
#~ msgid "Package the Application"
31375
#~ msgstr "将程序打包"
31376
31377
#~ msgid "Two option are available to us:"
31378
#~ msgstr "2 个选项是可用的:"
31379
31380
#~ msgid ""
31381
#~ "The recommended method to do so is to make a <emphasis>Debian</emphasis> "
31382
#~ "package. Since this is outside of the scope of this tutorial, we will not "
31383
#~ "perform this here and invite the reader to read the documentation on how to "
31384
#~ "do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
31385
#~ "Packaging Guide</ulink>. In this case it is also a good idea to setup a "
31386
#~ "repository for your package so that updates can be conveniently pulled from "
31387
#~ "it. See the <ulink url=\"http://www.debian-"
31388
#~ "administration.org/articles/286\">Debian Administration</ulink> article for "
31389
#~ "a tutorial on this."
31390
#~ msgstr ""
31391
#~ "达成此目的建议方法是制作一个<emphasis>Debian</emphasis>包。因为这已经超出了我们这个向导的范围,我们将不再在这里介绍,读者可以到"
31392
#~ "网址<ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu Packaging "
31393
#~ "Guide</ulink>来阅读如何达到这个目的的文档。在这种情况下,建立一个源是一个好主意,因为这样您可以随后方便的从它升级。关于这个的介绍,请参阅<u"
31394
#~ "link url=\"http://www.debian-administration.org/articles/286\">Debian "
31395
#~ "Administration</ulink>相关文章。"
31396
31397
#~ msgid ""
31398
#~ "Manually install the application under <filename>/opt</filename> as "
31399
#~ "recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
31400
#~ "guidelines</ulink>."
31401
#~ msgstr ""
31402
#~ "在<filename>/opt</filename>下手动安装程序是<ulink "
31403
#~ "url=\"http://www.pathname.com/fhs/\">FHS 指南</ulink>所推荐的方式."
31404
31405
#~ msgid ""
31406
#~ "In our case we'll use <application>Limesurvey</application> as example web "
31407
#~ "application for which we wish to provide a virtual appliance. As noted "
31408
#~ "before, we've made a version of the package available in a PPA (Personal "
31409
#~ "Package Archive)."
31410
#~ msgstr ""
31411
#~ "在这里,我们将使用<application>Limesurvey</application>作为示例程序来展示我们如何提供一个虚拟装置。如前所述,我们制作"
31412
#~ "了一个可以在一个PPA中(个人包获取)使用的版本的包。"
31413
31414
#~ msgid "Useful Additions"
31415
#~ msgstr "有用的扩展"
31416
31417
#~ msgid "Configuring Automatic Updates"
31418
#~ msgstr "配置自动更新"
31419
31420
#~ msgid ""
31421
#~ "To have your system be configured to update itself on a regular basis, we "
31422
#~ "will just install <application>unattended-upgrades</application>, so we add "
31423
#~ "the following option to our command line:"
31424
#~ msgstr ""
31425
#~ "想要将你的系统配置为定期自动更新,只需安装<application>unattended-upgrades</application>. "
31426
#~ "在命令行中添加下面的选项."
31427
31428
#~ msgid "--addpkg unattended-upgrades"
31429
#~ msgstr "--addpkg unattended-upgrades"
31430
31431
#~ msgid ""
31432
#~ "As we have put our application package in a PPA, the process will update not "
31433
#~ "only the system, but also the application each time we update the version in "
31434
#~ "the PPA."
31435
#~ msgstr "正如我们已经把应用包加入到了PPA, 我们在PPA中更新版本的时候,不仅会更新系统,应用程序也会更新."
31436
31437
#~ msgid "ACPI Event Handling"
31438
#~ msgstr "ACPI 事件处理"
31439
31440
#~ msgid ""
31441
#~ "For your virtual machine to be able to handle restart and shutdown events it "
31442
#~ "is being sent, it is a good idea to install the acpid package as well. To do "
31443
#~ "this we just add the following option:"
31444
#~ msgstr "为了您的虚拟机发送信息能够处理重启和关闭事件,这也是个安装 acpid 软件包的好方法。为了做到这点我们只需加进以下选项即可:"
31445
31446
#~ msgid "--addpkg acpid"
31447
#~ msgstr "--addpkg acpid"
31448
31449
#~ msgid "Final Command"
31450
#~ msgstr "最终命令"
31451
31452
#~ msgid "Here is the command with all the options discussed above:"
31453
#~ msgstr "这是使用了上面所有涉及到选项的命令:"
31454
31455
#~ msgid ""
31456
#~ "Accessing Subversion repository via WebDAV protocol with SSL encryption "
31457
#~ "(https://) is similar to http:// except that you must install and configure "
31458
#~ "the digital certificate in your Apache2 web server. To use SSL with "
31459
#~ "Subversion add the above Apache2 configuration to "
31460
#~ "<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
31461
#~ "information on setting up Apache2 with SSL see <xref linkend=\"https-"
31462
#~ "configuration\"/>."
31463
#~ msgstr ""
31464
#~ "使用带有SSL加密的(https://)WebDAV协议访问Subversion仓库跟 http://... "
31465
#~ "的方式相似,除了你必须在你的Apache2中安装配置数字证书。 你可以向<filename>/etc/apache2/sites-"
31466
#~ "available/default-"
31467
#~ "ssl</filename>文件添加以上Apache2配置来使用带有SSL的Subversion。关于配置Apache2 SSL的更多信息请看<xref "
31468
#~ "linkend=\"https-configuration\"/>。"
31469
31470
#~ msgid ""
31471
#~ "You should add the following lines in <filename>/etc/apache2/sites-"
31472
#~ "available/default</filename> file inside the <quote><VirtualHost "
31473
#~ "*></quote> tag:"
31474
#~ msgstr ""
31475
#~ "您应当在 <filename>/etc/apache2/sites-available/default</filename> 中的 "
31476
#~ "<quote><VirtualHost *></quote> 标签内添加如下内容:"
31477
31478
#~ msgid "sudo chgrp -R webmasters /var/www"
31479
#~ msgstr "sudo chgrp -R webmasters /var/www"
31480
31481
#~ msgid "sudo find /var/www -type d -exec chmod g=rwxs \"{}\" \\;"
31482
#~ msgstr "sudo find /var/www -type d -exec chmod g=rwxs \"{}\" \\;"
31483
31484
#~ msgid "sudo find /var/www -type f -exec chmod g=rws \"{}\" \\;"
31485
#~ msgstr "sudo find /var/www -type f -exec chmod g=rws \"{}\" \\;"
31412
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
31413
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
31414
31415
#~ msgid ""
31416
#~ "For more detailed instructions on using cryptography see the <ulink "
31417
#~ "url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
31418
#~ "Certificates HOWTO</ulink> by tlpd.org"
31419
#~ msgstr ""
31420
#~ "要得到更多关于加密的指导,请参阅由tlpd.org编写的<ulink url=\"http://tldp.org/HOWTO/SSL-"
31421
#~ "Certificates-HOWTO/index.html\">SSL Certificates HOWTO</ulink>。"
31422
31423
#~ msgid "ssh-keygen -t dsa"
31424
#~ msgstr "ssh-keygen -t dsa"
31425
31426
#, no-wrap
31427
#~ msgid ""
31428
#~ "\n"
31429
#~ "$final_spam_destiny = D_DISCARD;\n"
31430
#~ msgstr ""
31431
#~ "\n"
31432
#~ "$final_spam_destiny = D_DISCARD;\n"
31433
31434
#, no-wrap
31435
#~ msgid ""
31436
#~ "\n"
31437
#~ "http://localhost/mediawiki/config/index.php\n"
31438
#~ msgstr ""
31439
#~ "\n"
31440
#~ "http://localhost/mediawiki/config/index.php\n"
31441
31442
#~ msgid ""
31443
#~ "Please read the <quote>Checking environment...</quote> section in this page. "
31444
#~ "You should be able to fix many issues by carefully reading this section."
31445
#~ msgstr "请阅读本页中的 <quote>检查环境...</quote> 部分。通过仔细阅读这部分您应当能够解决许多问题。"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1