331
331
"virtual host file, and remember to create that directory if necessary!"
334
#: serverguide/C/web-servers.xml:265(para)
334
#: serverguide/C/web-servers.xml:278(para)
336
336
"Enable the new <emphasis>VirtualHost</emphasis> using the "
337
337
"<application>a2ensite</application> utility and restart Apache2:"
340
#: serverguide/C/web-servers.xml:271(command)
340
#: serverguide/C/web-servers.xml:284(command)
341
341
msgid "sudo a2ensite mynewsite"
342
342
msgstr "sudo a2ensite mynewsite"
344
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
344
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
345
345
msgid "sudo service apache2 restart"
348
#: serverguide/C/web-servers.xml:276(para)
348
#: serverguide/C/web-servers.xml:289(para)
350
350
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
351
351
"name for the VirtualHost. One method is to name the file after the "
352
352
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
355
#: serverguide/C/web-servers.xml:283(para)
355
#: serverguide/C/web-servers.xml:296(para)
357
357
"Similarly, use the <application>a2dissite</application> utility to disable "
358
358
"sites. This is can be useful when troubleshooting configuration problems "
359
359
"with multiple VirtualHosts:"
362
#: serverguide/C/web-servers.xml:289(command)
362
#: serverguide/C/web-servers.xml:302(command)
363
363
msgid "sudo a2dissite mynewsite"
364
364
msgstr "sudo a2dissite mynewsite"
366
#: serverguide/C/web-servers.xml:295(title)
366
#: serverguide/C/web-servers.xml:308(title)
367
367
msgid "Default Settings"
368
368
msgstr "Прадвызначаныя ўсталёўкі"
370
#: serverguide/C/web-servers.xml:297(para)
370
#: serverguide/C/web-servers.xml:310(para)
372
372
"This section explains configuration of the Apache2 server default settings. "
373
373
"For example, if you add a virtual host, the settings you configure for the "
583
583
"<emphasis><IfModule></emphasis> block."
586
#: serverguide/C/web-servers.xml:510(para)
586
#: serverguide/C/web-servers.xml:523(para)
588
588
"You can install additional Apache2 modules and use them with your Web "
589
589
"server. For example, run the following command from a terminal prompt to "
590
590
"install the <emphasis>MySQL Authentication</emphasis> module:"
593
#: serverguide/C/web-servers.xml:517(command)
593
#: serverguide/C/web-servers.xml:530(command)
594
594
msgid "sudo apt-get install libapache2-mod-auth-mysql"
595
595
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
597
#: serverguide/C/web-servers.xml:520(para)
597
#: serverguide/C/web-servers.xml:533(para)
599
599
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
600
600
"additional modules."
603
#: serverguide/C/web-servers.xml:524(para)
603
#: serverguide/C/web-servers.xml:537(para)
605
605
"Use the <application>a2enmod</application> utility to enable a module:"
608
#: serverguide/C/web-servers.xml:530(command)
608
#: serverguide/C/web-servers.xml:543(command)
609
609
msgid "sudo a2enmod auth_mysql"
610
610
msgstr "sudo a2enmod auth_mysql"
612
#: serverguide/C/web-servers.xml:534(para)
612
#: serverguide/C/web-servers.xml:547(para)
613
613
msgid "Similarly, <application>a2dismod</application> will disable a module:"
616
#: serverguide/C/web-servers.xml:539(command)
616
#: serverguide/C/web-servers.xml:552(command)
617
617
msgid "sudo a2dismod auth_mysql"
618
618
msgstr "sudo a2dismod auth_mysql"
620
#: serverguide/C/web-servers.xml:546(title)
620
#: serverguide/C/web-servers.xml:559(title)
621
621
msgid "HTTPS Configuration"
622
622
msgstr "Настаўленьні HTTPS"
624
#: serverguide/C/web-servers.xml:548(para)
624
#: serverguide/C/web-servers.xml:561(para)
626
626
"The <application>mod_ssl</application> module adds an important feature to "
627
627
"the Apache2 server - the ability to encrypt communications. Thus, when your "
735
744
"the official Apache2 docs."
738
#: serverguide/C/web-servers.xml:650(para)
747
#: serverguide/C/web-servers.xml:670(para)
740
749
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
741
750
"Documentation</ulink> site for more SSL related information."
744
#: serverguide/C/web-servers.xml:656(para)
753
#: serverguide/C/web-servers.xml:676(para)
746
755
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
747
756
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
748
757
"configurations."
751
#: serverguide/C/web-servers.xml:662(para)
760
#: serverguide/C/web-servers.xml:682(para)
753
762
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
754
763
"server</emphasis> IRC channel on <ulink "
755
764
"url=\"http://freenode.net/\">freenode.net</ulink>."
758
#: serverguide/C/web-servers.xml:668(para)
767
#: serverguide/C/web-servers.xml:688(para)
760
769
"Usually integrated with PHP and MySQL the <ulink "
761
770
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
762
771
"Ubuntu Wiki </ulink> page is a good resource."
765
#: serverguide/C/web-servers.xml:679(title)
774
#: serverguide/C/web-servers.xml:699(title)
766
775
msgid "PHP5 - Scripting Language"
769
#: serverguide/C/web-servers.xml:680(para)
778
#: serverguide/C/web-servers.xml:700(para)
771
780
"PHP is a general-purpose scripting language suited for Web development. The "
772
781
"PHP script can be embedded into HTML. This section explains how to install "
773
782
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
776
#: serverguide/C/web-servers.xml:684(para)
785
#: serverguide/C/web-servers.xml:704(para)
778
787
"This section assumes you have installed and configured Apache2 Web Server "
779
788
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
1370
1379
"command in the terminal prompt:"
1373
#: serverguide/C/web-servers.xml:1153(command)
1382
#: serverguide/C/web-servers.xml:1160(command)
1374
1383
msgid "sudo apt-get install tomcat7-docs"
1377
#: serverguide/C/web-servers.xml:1142(title)
1386
#: serverguide/C/web-servers.xml:1164(title)
1378
1387
msgid "Tomcat administration webapps"
1381
#: serverguide/C/web-servers.xml:1158(para)
1390
#: serverguide/C/web-servers.xml:1165(para)
1383
1392
"The <application>tomcat7-admin</application> package contains two webapps "
1384
1393
"that can be used to administer the Tomcat server using a web interface. You "
1385
1394
"can install them by entering the following command in the terminal prompt:"
1388
#: serverguide/C/web-servers.xml:1163(command)
1397
#: serverguide/C/web-servers.xml:1170(command)
1389
1398
msgid "sudo apt-get install tomcat7-admin"
1392
#: serverguide/C/web-servers.xml:1150(para)
1401
#: serverguide/C/web-servers.xml:1172(para)
1394
1403
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1395
1404
"access by default at http://yourserver:8080/manager/html. It is primarily "
1396
1405
"used to get server status and restart webapps."
1399
#: serverguide/C/web-servers.xml:1168(para)
1408
#: serverguide/C/web-servers.xml:1175(para)
1401
1410
"Access to the <emphasis>manager</emphasis> application is protected by "
1402
1411
"default: you need to define a user with the role \"manager-gui\" in "
1403
1412
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1406
#: serverguide/C/web-servers.xml:1157(para)
1415
#: serverguide/C/web-servers.xml:1179(para)
1408
1417
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1409
1418
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1410
1419
"used to create virtual hosts dynamically."
1413
#: serverguide/C/web-servers.xml:1176(para)
1422
#: serverguide/C/web-servers.xml:1183(para)
1415
1424
"Access to the <emphasis>host-manager</emphasis> application is also "
1416
1425
"protected by default: you need to define a user with the role \"admin-gui\" "
1465
1474
"system-installed libraries."
1468
#: serverguide/C/web-servers.xml:1200(para)
1477
#: serverguide/C/web-servers.xml:1222(para)
1470
1479
"It is possible to run the system-wide instance and the private instances in "
1471
1480
"parallel, as long as they do not use the same TCP ports."
1474
#: serverguide/C/web-servers.xml:1204(title)
1483
#: serverguide/C/web-servers.xml:1226(title)
1475
1484
msgid "Installing private instance support"
1478
#: serverguide/C/web-servers.xml:1205(para)
1487
#: serverguide/C/web-servers.xml:1227(para)
1480
1489
"You can install everything necessary to run private instances by entering "
1481
1490
"the following command in the terminal prompt:"
1484
#: serverguide/C/web-servers.xml:1223(command)
1493
#: serverguide/C/web-servers.xml:1230(command)
1485
1494
msgid "sudo apt-get install tomcat7-user"
1488
#: serverguide/C/web-servers.xml:1212(title)
1497
#: serverguide/C/web-servers.xml:1234(title)
1489
1498
msgid "Creating a private instance"
1492
#: serverguide/C/web-servers.xml:1213(para)
1501
#: serverguide/C/web-servers.xml:1235(para)
1494
1503
"You can create a private instance directory by entering the following "
1495
1504
"command in the terminal prompt:"
1498
#: serverguide/C/web-servers.xml:1231(command)
1507
#: serverguide/C/web-servers.xml:1238(command)
1499
1508
msgid "tomcat7-instance-create my-instance"
1502
#: serverguide/C/web-servers.xml:1218(para)
1511
#: serverguide/C/web-servers.xml:1240(para)
1504
1513
"This will create a new <filename>my-instance</filename> directory with all "
1505
1514
"the necessary subdirectories and scripts. You can for example install your "
1706
#: serverguide/C/vpn.xml:90(para)
1715
#: serverguide/C/vpn.xml:94(para)
1708
1717
"Enter the following to generate the master Certificate Authority (CA) "
1709
1718
"certificate and key:"
1712
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1721
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1713
1722
msgid "cd /etc/openvpn/easy-rsa/"
1716
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1725
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1717
1726
msgid "source vars"
1720
#: serverguide/C/vpn.xml:97(command)
1729
#: serverguide/C/vpn.xml:101(command)
1721
1730
msgid "./clean-all"
1724
#: serverguide/C/vpn.xml:98(command)
1733
#: serverguide/C/vpn.xml:102(command)
1725
1734
msgid "./build-ca"
1728
#: serverguide/C/vpn.xml:103(title)
1737
#: serverguide/C/vpn.xml:107(title)
1729
1738
msgid "Server Certificates"
1732
#: serverguide/C/vpn.xml:105(para)
1741
#: serverguide/C/vpn.xml:109(para)
1733
1742
msgid "Next, we will generate a certificate and private key for the server:"
1736
#: serverguide/C/vpn.xml:110(command)
1745
#: serverguide/C/vpn.xml:114(command)
1737
1746
msgid "./build-key-server myservername"
1740
#: serverguide/C/vpn.xml:113(para)
1749
#: serverguide/C/vpn.xml:117(para)
1742
1751
"As in the previous step, most parameters can be defaulted. Two other queries "
1743
1752
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1744
1753
"certificate requests certified, commit? [y/n]\"."
1747
#: serverguide/C/vpn.xml:117(para)
1756
#: serverguide/C/vpn.xml:121(para)
1748
1757
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1751
#: serverguide/C/vpn.xml:122(command)
1760
#: serverguide/C/vpn.xml:126(command)
1752
1761
msgid "./build-dh"
1755
#: serverguide/C/vpn.xml:125(para)
1764
#: serverguide/C/vpn.xml:129(para)
1757
1766
"All certificates and keys have been generated in the subdirectory keys/. "
1758
1767
"Common practice is to copy them to /etc/openvpn/:"
1761
#: serverguide/C/vpn.xml:129(command)
1770
#: serverguide/C/vpn.xml:133(command)
1762
1771
msgid "cd keys/"
1781
#: serverguide/C/vpn.xml:145(command)
1790
#: serverguide/C/vpn.xml:149(command)
1782
1791
msgid "./build-key client1"
1785
#: serverguide/C/vpn.xml:148(para)
1794
#: serverguide/C/vpn.xml:152(para)
1786
1795
msgid "Copy the following files to the client using a secure method:"
1789
#: serverguide/C/vpn.xml:153(para)
1798
#: serverguide/C/vpn.xml:157(para)
1790
1799
msgid "/etc/openvpn/ca.crt"
1793
#: serverguide/C/vpn.xml:154(para)
1802
#: serverguide/C/vpn.xml:158(para)
1794
1803
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1797
#: serverguide/C/vpn.xml:155(para)
1806
#: serverguide/C/vpn.xml:159(para)
1798
1807
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1801
#: serverguide/C/vpn.xml:158(para)
1810
#: serverguide/C/vpn.xml:162(para)
1803
1812
"As the client certificates and keys are only required on the client machine, "
1804
1813
"you should remove them from the server."
1807
#: serverguide/C/vpn.xml:166(title)
1816
#: serverguide/C/vpn.xml:170(title)
1808
1817
msgid "Simple Server Configuration"
1811
#: serverguide/C/vpn.xml:168(para)
1820
#: serverguide/C/vpn.xml:172(para)
1813
1822
"Along with your <application>OpenVPN</application> installation you got "
1814
1823
"these sample config files (and many more if if you check):"
1817
#: serverguide/C/vpn.xml:172(programlisting)
1826
#: serverguide/C/vpn.xml:176(programlisting)
2065
#: serverguide/C/vpn.xml:322(para)
2074
#: serverguide/C/vpn.xml:350(para)
2067
2076
"Can the client connect to the server machine? Maybe a firewall is blocking "
2068
2077
"access? Check syslog on server."
2071
#: serverguide/C/vpn.xml:325(para)
2080
#: serverguide/C/vpn.xml:353(para)
2073
2082
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2074
2083
"port and proto config option"
2077
#: serverguide/C/vpn.xml:328(para)
2086
#: serverguide/C/vpn.xml:356(para)
2079
2088
"Client and server must use same config regarding compression, see comp-lzo "
2080
2089
"config option"
2083
#: serverguide/C/vpn.xml:331(para)
2092
#: serverguide/C/vpn.xml:359(para)
2085
2094
"Client and server must use same config regarding bridged vs routed mode, see "
2086
2095
"server vs server-bridge config option"
2089
#: serverguide/C/databases.xml:168(title)
2098
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2090
2099
msgid "Advanced configuration"
2093
#: serverguide/C/vpn.xml:342(title)
2102
#: serverguide/C/vpn.xml:369(title)
2094
2103
msgid "Advanced routed VPN configuration on server"
2097
#: serverguide/C/vpn.xml:344(para)
2106
#: serverguide/C/vpn.xml:371(para)
2099
2108
"The above is a very simple working VPN. The client can access services on "
2100
2109
"the VPN server machine through an encrypted tunnel. If you want to reach "
2184
2193
"push \"dhcp-option DNS 10.1.0.2\"\n"
2187
#: serverguide/C/vpn.xml:410(para)
2196
#: serverguide/C/vpn.xml:437(para)
2188
2197
msgid "Allow client to client communication."
2191
#: serverguide/C/vpn.xml:413(programlisting)
2200
#: serverguide/C/vpn.xml:440(programlisting)
2195
2204
"client-to-client\n"
2198
#: serverguide/C/vpn.xml:417(para)
2207
#: serverguide/C/vpn.xml:444(para)
2199
2208
msgid "Enable compression on the VPN link."
2202
#: serverguide/C/vpn.xml:420(programlisting)
2211
#: serverguide/C/vpn.xml:447(programlisting)
2209
#: serverguide/C/vpn.xml:424(para)
2218
#: serverguide/C/vpn.xml:451(para)
2211
"The keepalive directive causes ping-like messages to be sent back and forth "
2212
"over the link so that each side knows when the other side has gone down. "
2213
"Ping every 1 second, assume that remote peer is down if no ping received "
2214
"during a 3 second time period."
2220
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2221
"sent back and forth over the link so that each side knows when the other "
2222
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2223
"no ping received during a 3 second time period."
2217
#: serverguide/C/vpn.xml:433(programlisting)
2226
#: serverguide/C/vpn.xml:460(programlisting)
2221
2230
"keepalive 1 3\n"
2224
#: serverguide/C/vpn.xml:437(para)
2233
#: serverguide/C/vpn.xml:464(para)
2226
2235
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2227
2236
"initialization."
2230
#: serverguide/C/vpn.xml:440(programlisting)
2239
#: serverguide/C/vpn.xml:467(programlisting)
2875
2884
#: serverguide/C/virtualization.xml:113(para)
2877
2886
"Yet another way to install an Ubuntu virtual machine is to use "
2878
"<application>uvtool</application>. This application, available as of 14.04 "
2887
"<application>uvtool</application>. This application, available as of 14.04, "
2879
2888
"allows you to set up specific VM options, execute custom post-install "
2880
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2889
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2883
#: serverguide/C/virtualization.xml:101(para)
2892
#: serverguide/C/virtualization.xml:119(para)
2885
2894
"Libvirt can also be configured work with <application>Xen</application>. For "
2886
2895
"details, see the Xen Ubuntu community page referenced below."
2889
#: serverguide/C/virtualization.xml:106(title)
2898
#: serverguide/C/virtualization.xml:125(title)
2890
2899
msgid "virt-install"
2891
2900
msgstr "virt-install"
2893
#: serverguide/C/virtualization.xml:107(para)
2902
#: serverguide/C/virtualization.xml:127(para)
2895
2904
"<application>virt-install</application> is part of the "
2896
2905
"<application>virtinst</application> package. To install it, from a terminal "
2897
2906
"prompt enter:"
2900
#: serverguide/C/virtualization.xml:111(command)
2909
#: serverguide/C/virtualization.xml:132(command)
2901
2910
msgid "sudo apt-get install virtinst"
2904
#: serverguide/C/virtualization.xml:113(para)
2913
#: serverguide/C/virtualization.xml:135(para)
2906
2915
"There are several options available when using <application>virt-"
2907
2916
"install</application>. For example:"
2974
2983
"After launching <application>virt-install</application> you can connect to "
2975
2984
"the virtual machine's console either locally using a GUI (if your server has "
2976
"a GUI), or via a remote VNC client from a GUI based computer."
2985
"a GUI), or via a remote VNC client from a GUI-based computer."
2979
#: serverguide/C/virtualization.xml:179(title)
2988
#: serverguide/C/virtualization.xml:206(title)
2980
2989
msgid "virt-clone"
2981
2990
msgstr "virt-clone"
2983
#: serverguide/C/virtualization.xml:180(para)
2992
#: serverguide/C/virtualization.xml:208(para)
2985
2994
"The <application>virt-clone</application> application can be used to copy "
2986
2995
"one virtual machine to another. For example:"
2989
#: serverguide/C/virtualization.xml:184(command)
2998
#: serverguide/C/virtualization.xml:212(command)
2991
3000
"sudo virt-clone -o web_devel -n database_devel -f "
2992
3001
"/path/to/database_devel.img \\ --connect=qemu:///system"
2995
#: serverguide/C/virtualization.xml:189(para)
3004
#: serverguide/C/virtualization.xml:218(para)
2996
3005
msgid "<emphasis>-o:</emphasis> original virtual machine."
2999
#: serverguide/C/virtualization.xml:194(para)
3008
#: serverguide/C/virtualization.xml:222(para)
3000
3009
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3001
3010
msgstr "<emphasis>-n:</emphasis> імя новай віртуальнай машыны."
3003
#: serverguide/C/virtualization.xml:199(para)
3012
#: serverguide/C/virtualization.xml:227(para)
3005
3014
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3006
3015
"be used by the new virtual machine."
3009
#: serverguide/C/virtualization.xml:204(para)
3018
#: serverguide/C/virtualization.xml:232(para)
3011
3020
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3014
#: serverguide/C/virtualization.xml:209(para)
3023
#: serverguide/C/virtualization.xml:237(para)
3016
3025
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3017
3026
"help troubleshoot problems with <application>virt-clone</application>."
3020
#: serverguide/C/virtualization.xml:214(para)
3029
#: serverguide/C/virtualization.xml:242(para)
3022
3031
"Replace <emphasis>web_devel</emphasis> and "
3023
3032
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3026
#: serverguide/C/virtualization.xml:220(title)
3035
#: serverguide/C/virtualization.xml:249(title)
3027
3036
msgid "Virtual Machine Management"
3030
#: serverguide/C/virtualization.xml:222(title)
3039
#: serverguide/C/virtualization.xml:252(title)
3034
#: serverguide/C/virtualization.xml:223(para)
3043
#: serverguide/C/virtualization.xml:254(para)
3036
3045
"There are several utilities available to manage virtual machines and "
3037
3046
"<application>libvirt</application>. The <application>virsh</application> "
3038
3047
"utility can be used from the command line. Some examples:"
3041
#: serverguide/C/virtualization.xml:229(para)
3050
#: serverguide/C/virtualization.xml:261(para)
3042
3051
msgid "To list running virtual machines:"
3045
#: serverguide/C/virtualization.xml:233(command)
3054
#: serverguide/C/virtualization.xml:264(command)
3046
3055
msgid "virsh -c qemu:///system list"
3047
3056
msgstr "virsh -c qemu:///system list"
3049
#: serverguide/C/virtualization.xml:237(para)
3058
#: serverguide/C/virtualization.xml:269(para)
3050
3059
msgid "To start a virtual machine:"
3053
#: serverguide/C/virtualization.xml:241(command)
3062
#: serverguide/C/virtualization.xml:272(command)
3054
3063
msgid "virsh -c qemu:///system start web_devel"
3055
3064
msgstr "virsh -c qemu:///system start web_devel"
3057
#: serverguide/C/virtualization.xml:245(para)
3066
#: serverguide/C/virtualization.xml:277(para)
3058
3067
msgid "Similarly, to start a virtual machine at boot:"
3061
#: serverguide/C/virtualization.xml:249(command)
3070
#: serverguide/C/virtualization.xml:280(command)
3062
3071
msgid "virsh -c qemu:///system autostart web_devel"
3063
3072
msgstr "virsh -c qemu:///system autostart web_devel"
3065
#: serverguide/C/virtualization.xml:253(para)
3074
#: serverguide/C/virtualization.xml:285(para)
3066
3075
msgid "Reboot a virtual machine with:"
3069
#: serverguide/C/virtualization.xml:257(command)
3078
#: serverguide/C/virtualization.xml:288(command)
3070
3079
msgid "virsh -c qemu:///system reboot web_devel"
3071
3080
msgstr "virsh -c qemu:///system reboot web_devel"
3073
#: serverguide/C/virtualization.xml:261(para)
3082
#: serverguide/C/virtualization.xml:293(para)
3075
3084
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3076
3085
"order to be restored later. The following will save the virtual machine "
3077
3086
"state into a file named according to the date:"
3080
#: serverguide/C/virtualization.xml:266(command)
3089
#: serverguide/C/virtualization.xml:299(command)
3081
3090
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3082
3091
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
3084
#: serverguide/C/virtualization.xml:268(para)
3093
#: serverguide/C/virtualization.xml:302(para)
3085
3094
msgid "Once saved the virtual machine will no longer be running."
3088
#: serverguide/C/virtualization.xml:273(para)
3097
#: serverguide/C/virtualization.xml:307(para)
3089
3098
msgid "A saved virtual machine can be restored using:"
3092
#: serverguide/C/virtualization.xml:277(command)
3101
#: serverguide/C/virtualization.xml:310(command)
3093
3102
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3094
3103
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
3096
#: serverguide/C/virtualization.xml:281(para)
3105
#: serverguide/C/virtualization.xml:315(para)
3097
3106
msgid "To shutdown a virtual machine do:"
3100
#: serverguide/C/virtualization.xml:285(command)
3109
#: serverguide/C/virtualization.xml:318(command)
3101
3110
msgid "virsh -c qemu:///system shutdown web_devel"
3102
3111
msgstr "virsh -c qemu:///system shutdown web_devel"
3104
#: serverguide/C/virtualization.xml:289(para)
3113
#: serverguide/C/virtualization.xml:323(para)
3105
3114
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3108
#: serverguide/C/virtualization.xml:293(command)
3117
#: serverguide/C/virtualization.xml:327(command)
3109
3118
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3111
3120
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3113
#: serverguide/C/virtualization.xml:298(para)
3122
#: serverguide/C/virtualization.xml:333(para)
3115
3124
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3116
3125
"appropriate virtual machine name, and <filename>web_devel-"
3117
3126
"022708.state</filename> with a descriptive file name."
3120
#: serverguide/C/virtualization.xml:305(title)
3129
#: serverguide/C/virtualization.xml:341(title)
3121
3130
msgid "Virtual Machine Manager"
3124
#: serverguide/C/virtualization.xml:306(para)
3133
#: serverguide/C/virtualization.xml:343(para)
3126
3135
"The <application>virt-manager</application> package contains a graphical "
3127
3136
"utility to manage local and remote virtual machines. To install virt-manager "
3131
#: serverguide/C/virtualization.xml:311(command)
3140
#: serverguide/C/virtualization.xml:348(command)
3132
3141
msgid "sudo apt-get install virt-manager"
3133
3142
msgstr "sudo apt-get install virt-manager"
3135
#: serverguide/C/virtualization.xml:313(para)
3144
#: serverguide/C/virtualization.xml:351(para)
3137
3146
"Since <application>virt-manager</application> requires a Graphical User "
3138
3147
"Interface (GUI) environment it is recommended to be installed on a "
3180
#: serverguide/C/virtualization.xml:343(para)
3189
#: serverguide/C/virtualization.xml:390(para)
3182
3191
"To install <application>virt-viewer</application> from a terminal enter:"
3184
3193
"Каб устанавіць <application>virt-viewer</application>, увядзіце ў тэрмінале:"
3186
#: serverguide/C/virtualization.xml:347(command)
3195
#: serverguide/C/virtualization.xml:394(command)
3187
3196
msgid "sudo apt-get install virt-viewer"
3188
3197
msgstr "sudo apt-get install virt-viewer"
3190
#: serverguide/C/virtualization.xml:349(para)
3199
#: serverguide/C/virtualization.xml:397(para)
3192
3201
"Once a virtual machine is installed and running you can connect to the "
3193
3202
"virtual machine's console by using:"
3196
#: serverguide/C/virtualization.xml:353(command)
3205
#: serverguide/C/virtualization.xml:401(command)
3197
3206
msgid "virt-viewer -c qemu:///system web_devel"
3198
3207
msgstr "virt-viewer -c qemu:///system web_devel"
3200
#: serverguide/C/virtualization.xml:355(para)
3209
#: serverguide/C/virtualization.xml:404(para)
3202
3211
"Similar to <application>virt-manager</application>, <application>virt-"
3203
3212
"viewer</application> can connect to a remote host using "
3204
3213
"<emphasis>SSH</emphasis> with key authentication, as well:"
3207
#: serverguide/C/virtualization.xml:360(command)
3216
#: serverguide/C/virtualization.xml:409(command)
3208
3217
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3209
3218
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3211
#: serverguide/C/virtualization.xml:362(para)
3220
#: serverguide/C/virtualization.xml:412(para)
3213
3222
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3214
3223
"appropriate virtual machine name."
3238
3247
"Для больш зьмястоўнай інфармацыі пра <application>libvirt</application> "
3239
3248
"глядзіце <ulink url=\"http://libvirt.org/\">хатнюю старонку libvirt</ulink>"
3241
#: serverguide/C/virtualization.xml:384(para)
3250
#: serverguide/C/virtualization.xml:436(para)
3243
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3244
"Manager</ulink> site has more information on <application>virt-"
3245
"manager</application> development."
3252
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3253
"site has more information on <application>virt-manager</application> "
3248
#: serverguide/C/virtualization.xml:390(para)
3257
#: serverguide/C/virtualization.xml:442(para)
3250
3259
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3251
3260
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3252
3261
"technology in Ubuntu."
3255
#: serverguide/C/virtualization.xml:396(para)
3264
#: serverguide/C/virtualization.xml:448(para)
3257
3266
"Another good resource is the <ulink "
3258
3267
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3261
#: serverguide/C/virtualization.xml:401(para)
3270
#: serverguide/C/virtualization.xml:454(para)
3263
3272
"For information on Xen, including using Xen with libvirt, please see the "
3264
3273
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3269
3278
msgid "Cloud images and uvtool"
3272
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3281
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3273
3282
msgid "Introduction"
3274
3283
msgstr "Уводзіны"
3276
3285
#: serverguide/C/virtualization.xml:469(para)
3278
"With Ubuntu being one of the most used operating systems on most of the "
3279
"cloud platforms, the availability of stable and secure cloud images has "
3280
"become very important. As of 12.04 the utilization of cloud images outside "
3281
"of a cloud infrastructure has been improved. It is now possible to use those "
3287
"With Ubuntu being one of the most used operating systems on many cloud "
3288
"platforms, the availability of stable and secure cloud images has become "
3289
"very important. As of 12.04 the utilization of cloud images outside of a "
3290
"cloud infrastructure has been improved. It is now possible to use those "
3282
3291
"images to create a virtual machine without the need of a complete "
3283
3292
"installation."
3286
#: serverguide/C/virtualization.xml:478(title)
3295
#: serverguide/C/virtualization.xml:477(title)
3287
3296
msgid "Creating virtual machines using uvtool"
3290
#: serverguide/C/virtualization.xml:480(para)
3299
#: serverguide/C/virtualization.xml:479(para)
3292
3301
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3293
3302
"of generating virtual machines (VM) using the cloud images. "
3295
3304
"synchronize cloud-images locally and use them to create new VMs in minutes."
3298
#: serverguide/C/virtualization.xml:487(title)
3307
#: serverguide/C/virtualization.xml:486(title)
3299
3308
msgid "Uvtool packages"
3302
#: serverguide/C/virtualization.xml:489(para)
3311
#: serverguide/C/virtualization.xml:488(para)
3304
"The following packages and their dependancies will be required in order to "
3313
"The following packages and their dependencies will be required in order to "
3308
#: serverguide/C/virtualization.xml:496(para)
3317
#: serverguide/C/virtualization.xml:495(para)
3312
#: serverguide/C/virtualization.xml:500(para)
3321
#: serverguide/C/virtualization.xml:499(para)
3313
3322
msgid "uvtool-libvirt"
3316
#: serverguide/C/virtualization.xml:505(para)
3318
"Installation of <application>uvtool</application> is done the same as for "
3319
"any other application by using apt-get:"
3325
#: serverguide/C/virtualization.xml:504(para)
3326
msgid "To install <application>uvtool</application>, run:"
3322
#: serverguide/C/virtualization.xml:507(programlisting)
3329
#: serverguide/C/virtualization.xml:505(programlisting)
3324
3331
msgid "$ apt-get -y install uvtool"
3327
#: serverguide/C/virtualization.xml:509(para)
3334
#: serverguide/C/virtualization.xml:507(para)
3328
3335
msgid "This will install uvtool's main commands:"
3331
#: serverguide/C/virtualization.xml:511(application)
3338
#: serverguide/C/virtualization.xml:509(application)
3332
3339
msgid "uvt-simplestreams-libvirt"
3335
#: serverguide/C/virtualization.xml:512(application)
3342
#: serverguide/C/virtualization.xml:510(application)
3336
3343
msgid "uvt-kvm"
3339
#: serverguide/C/virtualization.xml:517(title)
3346
#: serverguide/C/virtualization.xml:515(title)
3341
3348
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3342
3349
"libvirt</application>"
3345
#: serverguide/C/virtualization.xml:519(para)
3352
#: serverguide/C/virtualization.xml:517(para)
3347
3354
"This is one of the major simplifications that "
3348
3355
"<application>uvtool</application> brings. It is aware of where to find the "
3374
3381
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3377
#: serverguide/C/virtualization.xml:538(para)
3384
#: serverguide/C/virtualization.xml:536(para)
3379
3386
"In the case where you want to synchronize only one specific cloud-image, you "
3380
3387
"need to use the release= and arch= filters to identify which image needs to "
3381
3388
"be synchronized."
3384
#: serverguide/C/virtualization.xml:541(programlisting)
3391
#: serverguide/C/virtualization.xml:539(programlisting)
3386
3393
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3389
#: serverguide/C/virtualization.xml:546(title)
3396
#: serverguide/C/virtualization.xml:544(title)
3390
3397
msgid "Create the VM using uvt-kvm"
3393
#: serverguide/C/virtualization.xml:548(para)
3400
#: serverguide/C/virtualization.xml:546(para)
3395
"In order to be able to connect to the virtual machine once it has been "
3396
"created, it is necessary to have a valid SSH key available for the ubuntu "
3397
"user. If your environment does not have a ssh key, you can easily create one "
3398
"using the following command:"
3402
"In order to connect to the virtual machine once it has been created, you "
3403
"must have a valid SSH key available for the Ubuntu user. If your environment "
3404
"does not have an SSH key, you can easily create one using the following "
3401
#: serverguide/C/virtualization.xml:552(programlisting)
3408
#: serverguide/C/virtualization.xml:548(programlisting)
3425
3432
"+-----------------+\n"
3435
#: serverguide/C/virtualization.xml:571(para)
3437
"To create of a new virtual machine using uvtool, run the following in a "
3441
#: serverguide/C/virtualization.xml:573(programlisting)
3443
msgid "$ uvt-kvm create firsttest"
3428
3446
#: serverguide/C/virtualization.xml:575(para)
3430
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3431
"form, you only need to do:"
3434
#: serverguide/C/virtualization.xml:578(programlisting)
3436
msgid "$ uvt-kvm create firsttest"
3439
#: serverguide/C/virtualization.xml:580(para)
3441
3448
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3442
3449
"using the current LTS cloud image available locally. If you want to specify "
3443
3450
"a release to be used to create the VM, you need to use the <emphasis "
3444
"role=\"bold\">release=</emphasis> filter"
3451
"role=\"bold\">release=</emphasis> filter:"
3454
#: serverguide/C/virtualization.xml:578(programlisting)
3456
msgid "$ uvt-kvm create secondtest release=trusty"
3459
#: serverguide/C/virtualization.xml:580(para)
3461
"<application>uvt-kvm wait</application> can be used to wait until the "
3462
"creation of the VM has completed:"
3447
3465
#: serverguide/C/virtualization.xml:583(programlisting)
3449
msgid "$ uvt-kvm create secondtest release=trusty"
3452
#: serverguide/C/virtualization.xml:585(para)
3454
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3455
"the creation of the VM has completed"
3458
#: serverguide/C/virtualization.xml:588(programlisting)
3461
3468
"$ uvt-kvm wait secondttest --insecure\n"
3462
3469
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3465
#: serverguide/C/virtualization.xml:593(title)
3472
#: serverguide/C/virtualization.xml:588(title)
3466
3473
msgid "Connect to the running VM"
3469
#: serverguide/C/virtualization.xml:594(para)
3476
#: serverguide/C/virtualization.xml:589(para)
3471
3478
"Once the virtual machine creation is completed, you can connect to it using "
3475
#: serverguide/C/virtualization.xml:597(programlisting)
3482
#: serverguide/C/virtualization.xml:592(programlisting)
3477
3484
msgid "$ uvt-kvm ssh secondtest --insecure"
3480
#: serverguide/C/virtualization.xml:599(para)
3487
#: serverguide/C/virtualization.xml:594(para)
3482
3489
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3483
"required so you should be using this mechanism to connect to your VM only if "
3484
"you completely trust your network infrastructure"
3490
"required, so use this mechanism to connect to your VM only if you completely "
3491
"trust your network infrastructure."
3487
#: serverguide/C/virtualization.xml:602(para)
3494
#: serverguide/C/virtualization.xml:596(para)
3489
"You can also connect to your VM using a regular ssh session using the IP "
3496
"You can also connect to your VM using a regular SSH session using the IP "
3490
3497
"address of the VM. The address can be queried using the following command:"
3493
#: serverguide/C/virtualization.xml:605(programlisting)
3500
#: serverguide/C/virtualization.xml:598(programlisting)
3524
#: serverguide/C/virtualization.xml:631(title)
3531
#: serverguide/C/virtualization.xml:624(title)
3525
3532
msgid "Get the list of running VMs"
3528
#: serverguide/C/virtualization.xml:632(para)
3529
msgid "You can get the list of VM running on your system with this command:"
3535
#: serverguide/C/virtualization.xml:625(para)
3536
msgid "You can get the list of VMs running on your system with this command:"
3532
#: serverguide/C/virtualization.xml:634(programlisting)
3539
#: serverguide/C/virtualization.xml:627(programlisting)
3535
3542
"$ uvt-kvm list\n"
3539
#: serverguide/C/virtualization.xml:639(title)
3546
#: serverguide/C/virtualization.xml:632(title)
3540
3547
msgid "Destroy your VM"
3543
#: serverguide/C/virtualization.xml:640(para)
3544
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3550
#: serverguide/C/virtualization.xml:633(para)
3551
msgid "Once you are done with your VM, you can destroy it with:"
3547
#: serverguide/C/virtualization.xml:642(programlisting)
3554
#: serverguide/C/virtualization.xml:635(programlisting)
3549
3556
msgid "$ uvt-kvm destroy secondtest"
3552
#: serverguide/C/virtualization.xml:644(title)
3559
#: serverguide/C/virtualization.xml:637(title)
3553
3560
msgid "More uvt-kvm options"
3556
#: serverguide/C/virtualization.xml:646(para)
3563
#: serverguide/C/virtualization.xml:639(para)
3558
3565
"The following options can be used to change some of the characteristics of "
3559
"the virtual memory that you are creating"
3566
"the VM that you are creating:"
3569
#: serverguide/C/virtualization.xml:642(para)
3570
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3573
#: serverguide/C/virtualization.xml:643(para)
3574
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3577
#: serverguide/C/virtualization.xml:644(para)
3578
msgid "--cpu : Number of CPU cores. Default: 1."
3581
#: serverguide/C/virtualization.xml:647(para)
3583
"Some other parameters will have an impact on the cloud-init configuration:"
3586
#: serverguide/C/virtualization.xml:649(para)
3588
"--password password : Allow login to the VM using the Ubuntu account and "
3589
"this provided password."
3562
3592
#: serverguide/C/virtualization.xml:650(para)
3563
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3566
#: serverguide/C/virtualization.xml:651(para)
3567
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3570
#: serverguide/C/virtualization.xml:652(para)
3571
msgid "--cpu : Number of CPU cores. Default: 1"
3574
#: serverguide/C/virtualization.xml:655(para)
3576
"Some other parameters will have an impact on the cloud-init configuration"
3579
#: serverguide/C/virtualization.xml:657(para)
3581
"--password password : Allow login to the VM using the ubuntu account and "
3582
"this provided password"
3585
#: serverguide/C/virtualization.xml:658(para)
3587
3594
"--run-script-once script_file : Run script_file as root on the VM the first "
3588
3595
"time it is booted, but never again."
3591
#: serverguide/C/virtualization.xml:659(para)
3598
#: serverguide/C/virtualization.xml:651(para)
3593
3600
"--packages package_list : Install the comma-separated packages specified in "
3594
3601
"package_list on first boot."
3597
#: serverguide/C/virtualization.xml:662(para)
3604
#: serverguide/C/virtualization.xml:654(para)
3599
3606
"A complete description of all available modifiers is available in the "
3600
"manpage of uvt-kvm"
3607
"manpage of uvt-kvm."
3603
#: serverguide/C/virtualization.xml:1073(para)
3610
#: serverguide/C/virtualization.xml:661(para)
3605
3612
"If you are interested in learning more, have questions or suggestions, "
3606
3613
"please contact the Ubuntu Server Team at:"
3609
#: serverguide/C/virtualization.xml:1078(para)
3616
#: serverguide/C/virtualization.xml:666(para)
3610
3617
msgid "IRC: #ubuntu-server on freenode"
3611
3618
msgstr "IRC: канал #ubuntu-server на freenode"
3613
#: serverguide/C/virtualization.xml:1083(para)
3620
#: serverguide/C/virtualization.xml:670(para)
3615
3622
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3616
3623
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3619
#: serverguide/C/virtualization.xml:2121(title)
3626
#: serverguide/C/virtualization.xml:679(title)
3620
3627
msgid "Ubuntu Cloud"
3623
#: serverguide/C/virtualization.xml:2122(para)
3630
#: serverguide/C/virtualization.xml:681(para)
3625
3632
"<application>Cloud computing</application> is a computing model that allows "
3626
3633
"vast pools of resources to be allocated on-demand. These resources such as "
3644
3651
"concerning installation and configuration."
3647
#: serverguide/C/virtualization.xml:2452(title)
3654
#: serverguide/C/virtualization.xml:703(title)
3648
3655
msgid "Support and Troubleshooting"
3651
#: serverguide/C/virtualization.xml:2453(para)
3658
#: serverguide/C/virtualization.xml:705(para)
3652
3659
msgid "Community Support"
3655
#: serverguide/C/virtualization.xml:2457(ulink)
3662
#: serverguide/C/virtualization.xml:709(ulink)
3656
3663
msgid "OpenStack Mailing list"
3659
#: serverguide/C/virtualization.xml:2462(ulink)
3666
#: serverguide/C/virtualization.xml:714(ulink)
3660
3667
msgid "The OpenStack Wiki search"
3663
#: serverguide/C/virtualization.xml:2468(ulink)
3670
#: serverguide/C/virtualization.xml:719(ulink)
3664
3671
msgid "Launchpad bugs area"
3667
#: serverguide/C/virtualization.xml:2472(para)
3674
#: serverguide/C/virtualization.xml:724(para)
3668
3675
msgid "Join the IRC channel #openstack on freenode."
3671
#: serverguide/C/virtualization.xml:2486(ulink)
3678
#: serverguide/C/virtualization.xml:735(ulink)
3672
3679
msgid "Cloud Computing - Service models"
3675
#: serverguide/C/virtualization.xml:2491(ulink)
3682
#: serverguide/C/virtualization.xml:741(ulink)
3676
3683
msgid "OpenStack Compute"
3679
#: serverguide/C/virtualization.xml:2496(ulink)
3686
#: serverguide/C/virtualization.xml:747(ulink)
3680
3687
msgid "OpenStack Image Service"
3683
#: serverguide/C/virtualization.xml:2501(ulink)
3690
#: serverguide/C/virtualization.xml:753(ulink)
3684
3691
msgid "OpenStack Object Storage Administration Guide"
3687
#: serverguide/C/virtualization.xml:2506(ulink)
3694
#: serverguide/C/virtualization.xml:759(ulink)
3688
3695
msgid "Installing OpenStack Object Storage on Ubuntu"
3691
#: serverguide/C/virtualization.xml:2511(ulink)
3698
#: serverguide/C/virtualization.xml:765(ulink)
3692
3699
msgid "http://cloudglossary.com/"
3695
#: serverguide/C/virtualization.xml:2586(title)
3702
#: serverguide/C/virtualization.xml:775(title)
3699
#: serverguide/C/virtualization.xml:785(para)
3706
#: serverguide/C/virtualization.xml:777(para)
3701
3708
"Containers are a lightweight virtualization technology. They are more akin "
3702
3709
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3943
#: serverguide/C/virtualization.xml:1015(para)
3950
#: serverguide/C/virtualization.xml:1007(para)
3945
3952
"<filename>default.conf</filename> specifies configuration which every newly "
3946
3953
"created container should contain. This usually contains at least a network "
3947
3954
"section, and, for unprivileged users, an id mapping section"
3950
#: serverguide/C/virtualization.xml:1022(para)
3957
#: serverguide/C/virtualization.xml:1014(para)
3952
3959
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3953
3960
"connect their containers to the host-owned network."
3956
#: serverguide/C/virtualization.xml:1002(para)
3963
#: serverguide/C/virtualization.xml:994(para)
3958
3965
"The following configuration files are consulted by LXC. For privileged use, "
3959
3966
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3960
3967
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3963
#: serverguide/C/virtualization.xml:1028(para)
3970
#: serverguide/C/virtualization.xml:1020(para)
3965
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3966
"exist both under <filename>/etc/lxc</filename> and "
3972
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3973
"under <filename>/etc/lxc</filename> and "
3967
3974
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3968
3975
"usernet.conf</filename> is only host-wide."
3971
#: serverguide/C/virtualization.xml:1033(para)
3978
#: serverguide/C/virtualization.xml:1025(para)
3973
3980
"By default, containers are located under /var/lib/lxc for the root user, and "
3974
3981
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3975
3982
"commands using the \"-P|--lxcpath\" argument."
3978
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3985
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3979
3986
msgid "Networking"
3980
3987
msgstr "Сеціва"
3982
#: serverguide/C/virtualization.xml:1043(para)
3989
#: serverguide/C/virtualization.xml:1035(para)
3984
3991
"By default LXC creates a private network namespace for each container, which "
3985
3992
"includes a layer 2 networking stack. Containers usually connect to the "
4372
4380
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4375
#: serverguide/C/virtualization.xml:1377(para)
4383
#: serverguide/C/virtualization.xml:1369(para)
4377
"By default, a privileged container CN will be assigned a cgroup called "
4385
"By default, a privileged container CN will be assigned to a cgroup called "
4378
4386
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4379
4387
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4380
4388
"at 0, will be appended to the cgroup name."
4383
#: serverguide/C/virtualization.xml:1383(para)
4391
#: serverguide/C/virtualization.xml:1375(para)
4385
"By default, a privileged container CN will be assigned a cgroup called "
4393
"By default, a privileged container CN will be assigned to a cgroup called "
4386
4394
"<filename>CN</filename> under the cgroup of the task which started the "
4387
4395
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4388
4396
"The container root will be given group ownership of the directory (but not "
4389
4397
"all files) so that it is allowed to create new child cgroups."
4392
#: serverguide/C/virtualization.xml:1390(para)
4400
#: serverguide/C/virtualization.xml:1382(para)
4394
4402
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4395
4403
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4396
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4404
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4397
4405
"nested containers, the line <screen>\n"
4399
4407
"lxc.mount.auto = cgroup\n"
4449
4457
"container, and to only use its snapshots."
4452
#: serverguide/C/virtualization.xml:1446(para)
4460
#: serverguide/C/virtualization.xml:1438(para)
4453
4461
msgid "Given an existing container called C1, a copy can be created using:"
4456
#: serverguide/C/virtualization.xml:3274(command)
4464
#: serverguide/C/virtualization.xml:1442(command)
4457
4465
msgid "sudo lxc-clone -o C1 -n C2"
4460
#: serverguide/C/virtualization.xml:1455(para)
4461
msgid "A snapshot can be created using"
4468
#: serverguide/C/virtualization.xml:1447(para)
4469
msgid "A snapshot can be created using:"
4464
#: serverguide/C/virtualization.xml:3288(command)
4472
#: serverguide/C/virtualization.xml:1449(command)
4465
4473
msgid "sudo lxc-clone -s -o C1 -n C2"
4468
#: serverguide/C/virtualization.xml:1461(para)
4476
#: serverguide/C/virtualization.xml:1453(para)
4469
4477
msgid "See the lxc-clone manpage for more information."
4472
#: serverguide/C/virtualization.xml:1464(title)
4480
#: serverguide/C/virtualization.xml:1456(title)
4473
4481
msgid "Snapshots"
4476
#: serverguide/C/virtualization.xml:1465(para)
4484
#: serverguide/C/virtualization.xml:1457(para)
4478
4486
"To more easily support the use of snapshot clones for iterative container "
4479
4487
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4531
4539
"page for more options."
4534
#: serverguide/C/virtualization.xml:1527(title)
4542
#: serverguide/C/virtualization.xml:1519(title)
4535
4543
msgid "Lifecycle management hooks"
4538
#: serverguide/C/virtualization.xml:1529(para)
4546
#: serverguide/C/virtualization.xml:1521(para)
4540
4548
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4541
4549
"at specific points in a container's lifetime:"
4544
#: serverguide/C/virtualization.xml:1534(para)
4552
#: serverguide/C/virtualization.xml:1526(para)
4546
4554
"Pre-start hooks are run in the host's namespace before the container ttys, "
4547
4555
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4548
4556
"be cleaned up in the post-stop hook."
4551
#: serverguide/C/virtualization.xml:1541(para)
4559
#: serverguide/C/virtualization.xml:1533(para)
4553
4561
"Pre-mount hooks are run in the container's namespaces, but before the root "
4554
4562
"filesystem has been mounted. Mounts done in this hook will be automatically "
4555
4563
"cleaned up when the container shuts down."
4558
#: serverguide/C/virtualization.xml:1548(para)
4566
#: serverguide/C/virtualization.xml:1540(para)
4560
4568
"Mount hooks are run after the container filesystems have been mounted, but "
4561
4569
"before the container has called <command>pivot_root</command> to change its "
4562
4570
"root filesystem."
4565
#: serverguide/C/virtualization.xml:1555(para)
4573
#: serverguide/C/virtualization.xml:1547(para)
4567
4575
"Start hooks are run immediately before executing the container's init. Since "
4568
4576
"these are executed after pivoting into the container's filesystem, the "
4569
4577
"command to be executed must be copied into the container's filesystem."
4572
#: serverguide/C/virtualization.xml:1562(para)
4580
#: serverguide/C/virtualization.xml:1554(para)
4573
4581
msgid "Post-stop hooks are executed after the container has been shut down."
4576
#: serverguide/C/virtualization.xml:1567(para)
4584
#: serverguide/C/virtualization.xml:1559(para)
4578
4586
"If any hook returns an error, the container's run will be aborted. Any "
4579
4587
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4580
4588
"generated by the script will be logged at the debug priority."
4583
#: serverguide/C/virtualization.xml:1572(para)
4591
#: serverguide/C/virtualization.xml:1564(para)
4585
4593
"Please see the lxc.container.conf manual page for the configuration file "
4586
4594
"format with which to specify hooks. Some sample hooks are shipped with the "
4587
4595
"lxc package to serve as an example of how to write and use such hooks."
4590
#: serverguide/C/virtualization.xml:3452(title)
4598
#: serverguide/C/virtualization.xml:1571(title)
4591
4599
msgid "Consoles"
4594
#: serverguide/C/virtualization.xml:1581(para)
4602
#: serverguide/C/virtualization.xml:1573(para)
4596
4604
"Containers have a configurable number of consoles. One always exists on the "
4597
4605
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4838
4846
"to the use of containers."
4841
#: serverguide/C/virtualization.xml:4398(para)
4849
#: serverguide/C/virtualization.xml:1795(para)
4843
4851
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4844
4852
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4845
4853
"use of security modules to make containers more secure."
4848
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4856
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4849
4857
msgid "Manual pages referenced above can be found at:"
4852
#: serverguide/C/virtualization.xml:4407(ulink)
4860
#: serverguide/C/virtualization.xml:1804(ulink)
4853
4861
msgid "capabilities"
4856
#: serverguide/C/virtualization.xml:4408(ulink)
4864
#: serverguide/C/virtualization.xml:1805(ulink)
4857
4865
msgid "lxc.conf"
4860
#: serverguide/C/virtualization.xml:1818(para)
4868
#: serverguide/C/virtualization.xml:1810(para)
4862
4870
"The upstream LXC project is hosted at <ulink "
4863
4871
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4866
#: serverguide/C/virtualization.xml:4420(para)
4874
#: serverguide/C/virtualization.xml:1815(para)
4868
4876
"LXC security issues are listed and discussed at <ulink "
4869
4877
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4872
#: serverguide/C/virtualization.xml:1829(para)
4880
#: serverguide/C/virtualization.xml:1821(para)
4874
4882
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4875
4883
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4969
4977
"access or a central server."
4972
#: serverguide/C/vcs.xml:88(para)
4980
#: serverguide/C/vcs.xml:95(para)
4974
4982
"The <application>git</application> version control system is installed with "
4975
4983
"the following command"
4978
#: serverguide/C/vcs.xml:92(command)
4986
#: serverguide/C/vcs.xml:99(command)
4979
4987
msgid "sudo apt-get install git"
4982
#: serverguide/C/vcs.xml:97(para)
4990
#: serverguide/C/vcs.xml:104(para)
4984
4992
"Every git user should first introduce himself to git, by running these two "
4988
#: serverguide/C/vcs.xml:99(command)
4996
#: serverguide/C/vcs.xml:106(command)
4989
4997
msgid "git config --global user.email \"you@example.com\""
4992
#: serverguide/C/vcs.xml:100(command)
5000
#: serverguide/C/vcs.xml:107(command)
4993
5001
msgid "git config --global user.name \"Your Name\""
4996
#: serverguide/C/vcs.xml:105(para)
5004
#: serverguide/C/vcs.xml:112(para)
4998
5006
"The above is already sufficient to use git in a distributed and secure way, "
4999
5007
"provided users have access to the machine assuming the server role via SSH. "
5000
"On the server machine, creating a new repository can be done with"
5008
"On the server machine, creating a new repository can be done with:"
5003
#: serverguide/C/vcs.xml:108(command)
5011
#: serverguide/C/vcs.xml:119(command)
5004
5012
msgid "git init --bare /path/to/repository"
5007
#: serverguide/C/vcs.xml:110(para)
5015
#: serverguide/C/vcs.xml:121(para)
5009
5017
"This creates a bare repository, that cannot be used to edit files directly. "
5010
5018
"If you would rather have a working copy of the contents of the repository on "
5011
5019
"the server, ommit the <emphasis>--bare</emphasis> option."
5014
#: serverguide/C/vcs.xml:111(para)
5022
#: serverguide/C/vcs.xml:122(para)
5016
"Any client with ssh access to the machine can from then on clone the "
5024
"Any client with SSH access to the machine can then clone the repository with:"
5020
#: serverguide/C/vcs.xml:113(command)
5027
#: serverguide/C/vcs.xml:127(command)
5021
5028
msgid "git clone username@hostname:/path/to/repository"
5024
#: serverguide/C/vcs.xml:115(para)
5031
#: serverguide/C/vcs.xml:129(para)
5026
5033
"Once cloned to the client's machine, the client can edit files, then commit "
5027
5034
"and share them with:"
5030
#: serverguide/C/vcs.xml:119(command)
5037
#: serverguide/C/vcs.xml:133(command)
5031
5038
msgid "cd /path/to/repository"
5034
#: serverguide/C/vcs.xml:120(command)
5041
#: serverguide/C/vcs.xml:134(command)
5035
5042
msgid "#(edit some files"
5038
#: serverguide/C/vcs.xml:121(command)
5045
#: serverguide/C/vcs.xml:135(command)
5040
5047
"git commit -a # Commit all changes to the local version of the repository"
5043
#: serverguide/C/vcs.xml:122(command)
5050
#: serverguide/C/vcs.xml:136(command)
5045
5052
"git push origin master # Push changes to the server's version of the "
5049
#: serverguide/C/vcs.xml:127(title)
5056
#: serverguide/C/vcs.xml:141(title)
5050
5057
msgid "Installing a gitolite server"
5053
#: serverguide/C/vcs.xml:128(para)
5060
#: serverguide/C/vcs.xml:142(para)
5055
5062
"While the above is sufficient to create, clone and edit repositories, users "
5056
5063
"wanting to install git on a server will most likely want to have git work "
5184
5191
" R = denise\n"
5187
#: serverguide/C/vcs.xml:195(title)
5194
#: serverguide/C/vcs.xml:209(title)
5188
5195
msgid "Using your server"
5191
#: serverguide/C/vcs.xml:196(para)
5198
#: serverguide/C/vcs.xml:210(para)
5193
5200
"To use the newly created server, users have to have the gitolite admin "
5194
5201
"import their public key into the gitolite configuration repository, they can "
5195
5202
"then access any project they have access to with the following command:"
5198
#: serverguide/C/vcs.xml:198(command)
5205
#: serverguide/C/vcs.xml:212(command)
5199
5206
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5202
#: serverguide/C/vcs.xml:200(para)
5209
#: serverguide/C/vcs.xml:214(para)
5204
5211
"Or add the server's project as a remote for an existing git repository:"
5207
#: serverguide/C/vcs.xml:202(command)
5214
#: serverguide/C/vcs.xml:216(command)
5208
5215
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5211
#: serverguide/C/vcs.xml:79(title)
5218
#: serverguide/C/vcs.xml:221(title)
5212
5219
msgid "Subversion"
5215
#: serverguide/C/vcs.xml:80(para)
5222
#: serverguide/C/vcs.xml:222(para)
5217
5224
"Subversion is an open source version control system. Using Subversion, you "
5218
5225
"can record the history of source files and documents. It manages files and "
5232
5239
"section to install and configure the digital certificate."
5235
#: serverguide/C/vcs.xml:94(para)
5242
#: serverguide/C/vcs.xml:236(para)
5237
5244
"To install Subversion, run the following command from a terminal prompt:"
5240
#: serverguide/C/vcs.xml:227(command)
5247
#: serverguide/C/vcs.xml:241(command)
5241
5248
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5244
#: serverguide/C/vcs.xml:105(title)
5251
#: serverguide/C/vcs.xml:247(title)
5245
5252
msgid "Server Configuration"
5248
#: serverguide/C/vcs.xml:106(para)
5255
#: serverguide/C/vcs.xml:248(para)
5250
5257
"This step assumes you have installed above mentioned packages on your "
5251
5258
"system. This section explains how to create a Subversion repository and "
5252
5259
"access the project."
5255
#: serverguide/C/vcs.xml:109(title)
5262
#: serverguide/C/vcs.xml:251(title)
5256
5263
msgid "Create Subversion Repository"
5259
#: serverguide/C/vcs.xml:110(para)
5266
#: serverguide/C/vcs.xml:252(para)
5261
5268
"The Subversion repository can be created using the following command from a "
5262
5269
"terminal prompt:"
5265
#: serverguide/C/vcs.xml:114(command)
5272
#: serverguide/C/vcs.xml:256(command)
5266
5273
msgid "svnadmin create /path/to/repos/project"
5269
#: serverguide/C/vcs.xml:119(title)
5276
#: serverguide/C/vcs.xml:261(title)
5270
5277
msgid "Importing Files"
5271
5278
msgstr "Імпартаваньне файлаў"
5273
#: serverguide/C/vcs.xml:120(para)
5280
#: serverguide/C/vcs.xml:262(para)
5275
5282
"Once you create the repository you can <emphasis>import</emphasis> files "
5276
5283
"into the repository. To import a directory, enter the following from a "
5292
5299
"schemes map to the available access methods."
5295
#: serverguide/C/vcs.xml:144(para)
5302
#: serverguide/C/vcs.xml:286(para)
5299
#: serverguide/C/vcs.xml:145(para)
5306
#: serverguide/C/vcs.xml:287(para)
5300
5307
msgid "Access Method"
5303
#: serverguide/C/vcs.xml:150(para)
5310
#: serverguide/C/vcs.xml:292(para)
5304
5311
msgid "file://"
5305
5312
msgstr "file://"
5307
#: serverguide/C/vcs.xml:151(para)
5314
#: serverguide/C/vcs.xml:293(para)
5308
5315
msgid "direct repository access (on local disk)"
5311
#: serverguide/C/vcs.xml:154(para)
5318
#: serverguide/C/vcs.xml:296(para)
5312
5319
msgid "http://"
5313
5320
msgstr "http://"
5315
#: serverguide/C/vcs.xml:155(para)
5322
#: serverguide/C/vcs.xml:297(para)
5316
5323
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5319
#: serverguide/C/vcs.xml:158(para)
5326
#: serverguide/C/vcs.xml:300(para)
5320
5327
msgid "https://"
5321
5328
msgstr "https://"
5323
#: serverguide/C/vcs.xml:159(para)
5330
#: serverguide/C/vcs.xml:301(para)
5324
5331
msgid "Same as http://, but with SSL encryption"
5327
#: serverguide/C/vcs.xml:162(para)
5334
#: serverguide/C/vcs.xml:304(para)
5329
5336
msgstr "svn://"
5331
#: serverguide/C/vcs.xml:163(para)
5338
#: serverguide/C/vcs.xml:305(para)
5332
5339
msgid "Access via custom protocol to an svnserve server"
5335
#: serverguide/C/vcs.xml:166(para)
5342
#: serverguide/C/vcs.xml:308(para)
5336
5343
msgid "svn+ssh://"
5337
5344
msgstr "svn+ssh://"
5339
#: serverguide/C/vcs.xml:167(para)
5346
#: serverguide/C/vcs.xml:309(para)
5340
5347
msgid "Same as svn://, but through an SSH tunnel"
5343
#: serverguide/C/vcs.xml:173(para)
5350
#: serverguide/C/vcs.xml:315(para)
5345
5352
"In this section, we will see how to configure Subversion for all these "
5346
5353
"access methods. Here, we cover the basics. For more advanced usage details, "
5347
5354
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5350
#: serverguide/C/vcs.xml:180(title)
5357
#: serverguide/C/vcs.xml:322(title)
5351
5358
msgid "Direct repository access (file://)"
5354
#: serverguide/C/vcs.xml:181(para)
5361
#: serverguide/C/vcs.xml:323(para)
5356
5363
"This is the simplest of all access methods. It does not require any "
5357
5364
"Subversion server process to be running. This access method is used to "
5359
5366
"at a terminal prompt, is as follows:"
5362
#: serverguide/C/vcs.xml:188(command)
5369
#: serverguide/C/vcs.xml:330(command)
5363
5370
msgid "svn co file:///path/to/repos/project"
5366
#: serverguide/C/vcs.xml:191(para)
5373
#: serverguide/C/vcs.xml:333(para)
5370
#: serverguide/C/vcs.xml:194(command)
5377
#: serverguide/C/vcs.xml:336(command)
5371
5378
msgid "svn co file://localhost/path/to/repos/project"
5374
#: serverguide/C/vcs.xml:198(para)
5381
#: serverguide/C/vcs.xml:340(para)
5376
5383
"If you do not specify the hostname, there are three forward slashes (///) -- "
5377
5384
"two for the protocol (file, in this case) plus the leading slash in the "
5378
5385
"path. If you specify the hostname, you must use two forward slashes (//)."
5381
#: serverguide/C/vcs.xml:200(para)
5388
#: serverguide/C/vcs.xml:342(para)
5383
5390
"The repository permissions depend on filesystem permissions. If the user has "
5384
5391
"read/write permission, he can checkout from and commit to the repository."
5387
#: serverguide/C/vcs.xml:203(title)
5394
#: serverguide/C/vcs.xml:345(title)
5388
5395
msgid "Access via WebDAV protocol (http://)"
5391
#: serverguide/C/vcs.xml:332(para)
5398
#: serverguide/C/vcs.xml:346(para)
5393
5400
"To access the Subversion repository via WebDAV protocol, you must configure "
5394
5401
"your Apache 2 web server. Add the following snippet between the "
5459
5466
"the first user):"
5462
#: serverguide/C/vcs.xml:254(command)
5469
#: serverguide/C/vcs.xml:403(command)
5463
5470
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5464
5471
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
5466
#: serverguide/C/vcs.xml:257(para)
5473
#: serverguide/C/vcs.xml:406(para)
5468
5475
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5469
5476
"option replaces the old file. Instead use this form:"
5472
#: serverguide/C/vcs.xml:262(command)
5479
#: serverguide/C/vcs.xml:411(command)
5473
5480
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5476
#: serverguide/C/vcs.xml:266(para)
5483
#: serverguide/C/vcs.xml:415(para)
5478
5485
"This command will prompt you to enter the password. Once you enter the "
5479
5486
"password, the user is added. Now, to access the repository you can run the "
5480
5487
"following command:"
5483
#: serverguide/C/vcs.xml:267(command)
5490
#: serverguide/C/vcs.xml:416(command)
5484
5491
msgid "svn co http://servername/svn"
5487
#: serverguide/C/vcs.xml:269(para)
5494
#: serverguide/C/vcs.xml:418(para)
5489
5496
"The password is transmitted as plain text. If you are worried about password "
5490
5497
"snooping, you are advised to use SSL encryption. For details, please refer "
5491
5498
"next section."
5494
#: serverguide/C/vcs.xml:275(title)
5501
#: serverguide/C/vcs.xml:424(title)
5495
5502
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5498
#: serverguide/C/vcs.xml:411(para)
5505
#: serverguide/C/vcs.xml:425(para)
5500
5507
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5501
5508
"(https://) is similar to http:// except that you must install and configure "
5640
5647
"following command syntax:"
5643
#: serverguide/C/vcs.xml:515(command)
5650
#: serverguide/C/vcs.xml:529(command)
5644
5651
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5647
#: serverguide/C/vcs.xml:384(para)
5654
#: serverguide/C/vcs.xml:533(para)
5649
5656
"You must use the full path (/path/to/repos/project) to access the Subversion "
5650
5657
"repository using this access method."
5653
#: serverguide/C/vcs.xml:387(para)
5660
#: serverguide/C/vcs.xml:536(para)
5655
5662
"Based on server configuration, it prompts for password. You must enter the "
5656
5663
"password you use to login via ssh. Once you are authenticated, it checks out "
5657
5664
"the code from the Subversion repository."
5660
#: serverguide/C/vcs.xml:539(ulink)
5667
#: serverguide/C/vcs.xml:551(ulink)
5661
5668
msgid "Bazaar Home Page"
5662
5669
msgstr "Хатняя старонка Bazaar"
5664
#: serverguide/C/vcs.xml:540(ulink)
5671
#: serverguide/C/vcs.xml:556(ulink)
5665
5672
msgid "Launchpad"
5666
5673
msgstr "Launchpad"
5668
#: serverguide/C/vcs.xml:547(ulink)
5675
#: serverguide/C/vcs.xml:561(ulink)
5669
5676
msgid "Git homepage"
5672
#: serverguide/C/vcs.xml:552(ulink)
5679
#: serverguide/C/vcs.xml:566(ulink)
5673
5680
msgid "Gitolite"
5676
#: serverguide/C/vcs.xml:541(ulink)
5683
#: serverguide/C/vcs.xml:571(ulink)
5677
5684
msgid "Subversion Home Page"
5680
#: serverguide/C/vcs.xml:542(ulink)
5687
#: serverguide/C/vcs.xml:576(ulink)
5681
5688
msgid "Subversion Book"
5684
#: serverguide/C/vcs.xml:545(ulink)
5691
#: serverguide/C/vcs.xml:581(ulink)
5685
5692
msgid "Easy Bazaar Ubuntu Wiki page"
5688
#: serverguide/C/vcs.xml:546(ulink)
5695
#: serverguide/C/vcs.xml:586(ulink)
5689
5696
msgid "Ubuntu Wiki Subversion page"
5846
5853
msgid "Configurations with root passwords are not supported."
5849
#: serverguide/C/security.xml:37(command)
5856
#: serverguide/C/security.xml:42(command)
5850
5857
msgid "sudo passwd"
5851
5858
msgstr "sudo passwd"
5853
#: serverguide/C/security.xml:39(para)
5860
#: serverguide/C/security.xml:44(para)
5855
5862
"Sudo will prompt you for your password, and then ask you to supply a new "
5856
5863
"password for root as shown below:"
5859
#: serverguide/C/security.xml:42(computeroutput)
5866
#: serverguide/C/security.xml:47(computeroutput)
5861
5868
msgid "[sudo] password for username:"
5864
#: serverguide/C/security.xml:42(userinput)
5871
#: serverguide/C/security.xml:47(userinput)
5866
5873
msgid "(enter your own password)"
5867
5874
msgstr "(увядзіце ваш асабісты пароль)"
5869
#: serverguide/C/security.xml:43(computeroutput)
5876
#: serverguide/C/security.xml:48(computeroutput)
5871
5878
msgid "Enter new UNIX password:"
5874
#: serverguide/C/security.xml:43(userinput)
5881
#: serverguide/C/security.xml:48(userinput)
5876
5883
msgid "(enter a new password for root)"
5877
5884
msgstr "(увядзіце новы пароль адміністратара)"
5879
#: serverguide/C/security.xml:44(computeroutput)
5886
#: serverguide/C/security.xml:49(computeroutput)
5881
5888
msgid "Retype new UNIX password:"
5884
#: serverguide/C/security.xml:44(userinput)
5891
#: serverguide/C/security.xml:49(userinput)
5886
5893
msgid "(repeat new password for root)"
5887
5894
msgstr "(паўтарыце новы пароль адміністратара)"
5889
#: serverguide/C/security.xml:45(computeroutput)
5896
#: serverguide/C/security.xml:50(computeroutput)
5891
5898
msgid "passwd: password updated successfully"
5929
5936
"<emphasis>sudo</emphasis> group."
5932
#: serverguide/C/security.xml:71(title)
5939
#: serverguide/C/security.xml:82(title)
5933
5940
msgid "Adding and Deleting Users"
5936
#: serverguide/C/security.xml:72(para)
5943
#: serverguide/C/security.xml:83(para)
5938
"The process for managing local users and groups is straight forward and "
5945
"The process for managing local users and groups is straightforward and "
5939
5946
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5940
"other Debian based distributions, encourage the use of the \"adduser\" "
5947
"other Debian based distributions encourage the use of the \"adduser\" "
5941
5948
"package for account management."
5944
#: serverguide/C/security.xml:77(para)
5951
#: serverguide/C/security.xml:88(para)
5946
5953
"To add a user account, use the following syntax, and follow the prompts to "
5947
"give the account a password and identifiable characteristics such as a full "
5954
"give the account a password and identifiable characteristics, such as a full "
5948
5955
"name, phone number, etc."
5951
#: serverguide/C/security.xml:81(command)
5958
#: serverguide/C/security.xml:92(command)
5952
5959
msgid "sudo adduser username"
5953
5960
msgstr "sudo adduser username"
5955
#: serverguide/C/security.xml:85(para)
5962
#: serverguide/C/security.xml:96(para)
5957
5964
"To delete a user account and its primary group, use the following syntax:"
5960
#: serverguide/C/security.xml:89(command)
5967
#: serverguide/C/security.xml:100(command)
5961
5968
msgid "sudo deluser username"
5962
5969
msgstr "sudo deluser username"
5964
#: serverguide/C/security.xml:91(para)
5971
#: serverguide/C/security.xml:102(para)
5966
5973
"Deleting an account does not remove their respective home folder. It is up "
5967
5974
"to you whether or not you wish to delete the folder manually or keep it "
5968
5975
"according to your desired retention policies."
5971
#: serverguide/C/security.xml:94(para)
5978
#: serverguide/C/security.xml:105(para)
5973
5980
"Remember, any user added later on with the same UID/GID as the previous "
5974
5981
"owner will now have access to this folder if you have not taken the "
5975
5982
"necessary precautions."
5978
#: serverguide/C/security.xml:97(para)
5985
#: serverguide/C/security.xml:108(para)
5980
5987
"You may want to change these UID/GID values to something more appropriate, "
5981
5988
"such as the root account, and perhaps even relocate the folder to avoid "
5982
5989
"future conflicts:"
5985
#: serverguide/C/security.xml:101(command)
5992
#: serverguide/C/security.xml:112(command)
5986
5993
msgid "sudo chown -R root:root /home/username/"
5987
5994
msgstr "sudo chown -R root:root /home/username/"
5989
#: serverguide/C/security.xml:102(command)
5996
#: serverguide/C/security.xml:113(command)
5990
5997
msgid "sudo mkdir /home/archived_users/"
5991
5998
msgstr "sudo mkdir /home/archived_users/"
5993
#: serverguide/C/security.xml:103(command)
6000
#: serverguide/C/security.xml:114(command)
5994
6001
msgid "sudo mv /home/username /home/archived_users/"
5995
6002
msgstr "sudo mv /home/username /home/archived_users/"
5997
#: serverguide/C/security.xml:107(para)
6004
#: serverguide/C/security.xml:118(para)
5999
6006
"To temporarily lock or unlock a user account, use the following syntax, "
6000
6007
"respectively:"
6003
#: serverguide/C/security.xml:111(command)
6010
#: serverguide/C/security.xml:122(command)
6004
6011
msgid "sudo passwd -l username"
6005
6012
msgstr "sudo passwd -l username"
6007
#: serverguide/C/security.xml:112(command)
6014
#: serverguide/C/security.xml:123(command)
6008
6015
msgid "sudo passwd -u username"
6009
6016
msgstr "sudo passwd -u username"
6011
#: serverguide/C/security.xml:116(para)
6018
#: serverguide/C/security.xml:127(para)
6013
6020
"To add or delete a personalized group, use the following syntax, "
6014
6021
"respectively:"
6017
#: serverguide/C/security.xml:120(command)
6024
#: serverguide/C/security.xml:131(command)
6018
6025
msgid "sudo addgroup groupname"
6019
6026
msgstr "sudo addgroup groupname"
6021
#: serverguide/C/security.xml:121(command)
6028
#: serverguide/C/security.xml:132(command)
6022
6029
msgid "sudo delgroup groupname"
6023
6030
msgstr "sudo delgroup groupname"
6025
#: serverguide/C/security.xml:125(para)
6032
#: serverguide/C/security.xml:136(para)
6026
6033
msgid "To add a user to a group, use the following syntax:"
6029
#: serverguide/C/security.xml:129(command)
6036
#: serverguide/C/security.xml:140(command)
6030
6037
msgid "sudo adduser username groupname"
6031
6038
msgstr "sudo adduser username groupname"
6033
#: serverguide/C/security.xml:136(title)
6040
#: serverguide/C/security.xml:147(title)
6034
6041
msgid "User Profile Security"
6037
#: serverguide/C/security.xml:137(para)
6044
#: serverguide/C/security.xml:148(para)
6039
6046
"When a new user is created, the adduser utility creates a brand new home "
6040
"directory named <filename class=\"directory\">/home/username</filename>, "
6041
"respectively. The default profile is modeled after the contents found in the "
6042
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6043
"includes all profile basics."
6047
"directory named <filename class=\"directory\">/home/username</filename>. The "
6048
"default profile is modeled after the contents found in the directory of "
6049
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6046
#: serverguide/C/security.xml:140(para)
6053
#: serverguide/C/security.xml:151(para)
6048
6055
"If your server will be home to multiple users, you should pay close "
6049
6056
"attention to the user home directory permissions to ensure confidentiality. "
6053
6060
"your environment."
6056
#: serverguide/C/security.xml:145(para)
6063
#: serverguide/C/security.xml:156(para)
6058
"To verify your current users home directory permissions, use the following "
6065
"To verify your current user home directory permissions, use the following "
6062
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6069
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6063
6070
msgid "ls -ld /home/username"
6064
6071
msgstr "ls -ld /home/username"
6066
#: serverguide/C/security.xml:151(para)
6073
#: serverguide/C/security.xml:162(para)
6068
6075
"The following output shows that the directory <filename "
6069
"class=\"directory\">/home/username</filename> has world readable permissions:"
6076
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6072
#: serverguide/C/security.xml:154(computeroutput)
6079
#: serverguide/C/security.xml:165(computeroutput)
6074
6081
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6077
#: serverguide/C/security.xml:158(para)
6084
#: serverguide/C/security.xml:169(para)
6079
"You can remove the world readable permissions using the following syntax:"
6086
"You can remove the world readable-permissions using the following syntax:"
6082
#: serverguide/C/security.xml:162(command)
6089
#: serverguide/C/security.xml:173(command)
6083
6090
msgid "sudo chmod 0750 /home/username"
6084
6091
msgstr "sudo chmod 0750 /home/username"
6086
#: serverguide/C/security.xml:165(para)
6093
#: serverguide/C/security.xml:176(para)
6088
6095
"Some people tend to use the recursive option (-R) indiscriminately which "
6089
6096
"modifies all child folders and files, but this is not necessary, and may "
6175
#: serverguide/C/security.xml:212(para)
6182
#: serverguide/C/security.xml:223(para)
6177
6184
"Basic password entropy checks and minimum length rules do not apply to the "
6178
6185
"administrator using sudo level commands to setup a new user."
6181
#: serverguide/C/security.xml:218(title)
6188
#: serverguide/C/security.xml:229(title)
6182
6189
msgid "Password Expiration"
6185
#: serverguide/C/security.xml:219(para)
6192
#: serverguide/C/security.xml:230(para)
6187
6194
"When creating user accounts, you should make it a policy to have a minimum "
6188
6195
"and maximum password age forcing users to change their passwords when they "
6192
#: serverguide/C/security.xml:224(para)
6199
#: serverguide/C/security.xml:235(para)
6194
6201
"To easily view the current status of a user account, use the following "
6198
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6205
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6199
6206
msgid "sudo chage -l username"
6200
6207
msgstr "sudo chage -l username"
6202
#: serverguide/C/security.xml:230(para)
6209
#: serverguide/C/security.xml:241(para)
6204
6211
"The output below shows interesting facts about the user account, namely that "
6205
6212
"there are no policies applied:"
6208
#: serverguide/C/security.xml:233(computeroutput)
6215
#: serverguide/C/security.xml:244(computeroutput)
6211
"Last password change : Jan 20, 2008\n"
6218
"Last password change : Jan 20, 2015\n"
6212
6219
"Password expires : never\n"
6213
6220
"Password inactive : never\n"
6214
6221
"Account expires : never\n"
6217
6224
"Number of days of warning before password expires : 7"
6220
#: serverguide/C/security.xml:243(para)
6227
#: serverguide/C/security.xml:254(para)
6222
6229
"To set any of these values, simply use the following syntax, and follow the "
6223
6230
"interactive prompts:"
6226
#: serverguide/C/security.xml:247(command)
6233
#: serverguide/C/security.xml:258(command)
6227
6234
msgid "sudo chage username"
6228
6235
msgstr "sudo chage username"
6230
#: serverguide/C/security.xml:249(para)
6237
#: serverguide/C/security.xml:260(para)
6232
6239
"The following is also an example of how you can manually change the explicit "
6233
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6240
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6234
6241
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6235
6242
"password expiration, and a warning time period (-W) of 14 days before "
6236
"password expiration."
6239
#: serverguide/C/security.xml:253(command)
6240
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6243
#: serverguide/C/security.xml:257(para)
6243
"password expiration:"
6246
#: serverguide/C/security.xml:264(command)
6247
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6250
#: serverguide/C/security.xml:268(para)
6244
6251
msgid "To verify changes, use the same syntax as mentioned previously:"
6247
#: serverguide/C/security.xml:263(para)
6254
#: serverguide/C/security.xml:274(para)
6249
6256
"The output below shows the new policies that have been established for the "
6253
#: serverguide/C/security.xml:266(computeroutput)
6260
#: serverguide/C/security.xml:277(computeroutput)
6256
"Last password change : Jan 20, 2008\n"
6257
"Password expires : Apr 19, 2008\n"
6258
"Password inactive : May 19, 2008\n"
6259
"Account expires : Jan 31, 2008\n"
6263
"Last password change : Jan 20, 2015\n"
6264
"Password expires : Apr 19, 2015\n"
6265
"Password inactive : May 19, 2015\n"
6266
"Account expires : Jan 31, 2015\n"
6260
6267
"Minimum number of days between password change : 5\n"
6261
6268
"Maximum number of days between password change : 90\n"
6262
6269
"Number of days of warning before password expires : 14"
6265
#: serverguide/C/security.xml:282(title)
6272
#: serverguide/C/security.xml:293(title)
6266
6273
msgid "Other Security Considerations"
6269
#: serverguide/C/security.xml:283(para)
6276
#: serverguide/C/security.xml:294(para)
6271
6278
"Many applications use alternate authentication mechanisms that can be easily "
6272
6279
"overlooked by even experienced system administrators. Therefore, it is "
6274
6281
"to services and applications on your server."
6277
#: serverguide/C/security.xml:288(title)
6284
#: serverguide/C/security.xml:299(title)
6278
6285
msgid "SSH Access by Disabled Users"
6281
#: serverguide/C/security.xml:289(para)
6288
#: serverguide/C/security.xml:300(para)
6283
6290
"Simply disabling/locking a user account will not prevent a user from logging "
6284
6291
"into your server remotely if they have previously set up RSA public key "
6285
6292
"authentication. They will still be able to gain shell access to the server, "
6286
6293
"without the need for any password. Remember to check the users home "
6287
6294
"directory for files that will allow for this type of authenticated SSH "
6288
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6295
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6291
#: serverguide/C/security.xml:292(para)
6298
#: serverguide/C/security.xml:303(para)
6293
6300
"Remove or rename the directory <filename "
6294
6301
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6295
6302
"further SSH authentication capabilities."
6298
#: serverguide/C/security.xml:295(para)
6305
#: serverguide/C/security.xml:306(para)
6300
6307
"Be sure to check for any established SSH connections by the disabled user, "
6301
6308
"as it is possible they may have existing inbound or outbound connections. "
6326
6333
"the file <filename>/etc/ssh/sshd_config</filename>."
6329
#: serverguide/C/security.xml:301(programlisting)
6336
#: serverguide/C/security.xml:316(programlisting)
6333
6340
"AllowGroups sshlogin\n"
6336
#: serverguide/C/security.xml:304(para)
6343
#: serverguide/C/security.xml:319(para)
6338
6345
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6342
#: serverguide/C/security.xml:308(command)
6349
#: serverguide/C/security.xml:323(command)
6343
6350
msgid "sudo adduser username sshlogin"
6344
6351
msgstr "sudo adduser username sshlogin"
6346
#: serverguide/C/security.xml:309(command)
6353
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6347
6354
msgid "sudo service ssh restart"
6350
#: serverguide/C/security.xml:313(title)
6357
#: serverguide/C/security.xml:328(title)
6351
6358
msgid "External User Database Authentication"
6354
#: serverguide/C/security.xml:314(para)
6361
#: serverguide/C/security.xml:329(para)
6356
6363
"Most enterprise networks require centralized authentication and access "
6357
6364
"controls for all system resources. If you have configured your server to "
6358
6365
"authenticate users against external databases, be sure to disable the user "
6359
"accounts both externally and locally, this way you ensure that local "
6366
"accounts both externally and locally. This way you ensure that local "
6360
6367
"fallback authentication is not possible."
6363
#: serverguide/C/security.xml:323(title)
6370
#: serverguide/C/security.xml:338(title)
6364
6371
msgid "Console Security"
6367
#: serverguide/C/security.xml:324(para)
6374
#: serverguide/C/security.xml:339(para)
6369
6376
"As with any other security barrier you put in place to protect your server, "
6370
6377
"it is pretty tough to defend against untold damage caused by someone with "
6376
6383
"basic precautions with regard to console security."
6379
#: serverguide/C/security.xml:327(para)
6386
#: serverguide/C/security.xml:342(para)
6381
6388
"The following instructions will help defend your server against issues that "
6382
6389
"could otherwise yield very serious consequences."
6385
#: serverguide/C/security.xml:332(title)
6392
#: serverguide/C/security.xml:347(title)
6386
6393
msgid "Disable Ctrl+Alt+Delete"
6387
6394
msgstr "Выключыць Ctrl+Alt+Delete"
6389
#: serverguide/C/security.xml:333(para)
6396
#: serverguide/C/security.xml:348(para)
6391
"First and foremost, anyone that has physical access to the keyboard can "
6398
"Anyone that has physical access to the keyboard can simply use the "
6393
6399
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6394
6400
"eycombo> key combination to reboot the server without having to log on. "
6395
"Sure, someone could simply unplug the power source, but you should still "
6396
"prevent the use of this key combination on a production server. This forces "
6397
"an attacker to take more drastic measures to reboot the server, and will "
6401
"While someone could simply unplug the power source, you should still prevent "
6402
"the use of this key combination on a production server. This forces an "
6403
"attacker to take more drastic measures to reboot the server, and will "
6398
6404
"prevent accidental reboots at the same time."
6401
#: serverguide/C/security.xml:338(para)
6407
#: serverguide/C/security.xml:353(para)
6403
6409
"To disable the reboot action taken by pressing the "
6404
6410
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6405
6411
"eycombo> key combination, comment out the following line in the file "
6406
"<filename>/etc/init/control-alt-delete.conf</filename>."
6412
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6409
#: serverguide/C/security.xml:341(programlisting)
6415
#: serverguide/C/security.xml:356(programlisting)
6413
6419
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6416
#: serverguide/C/security.xml:350(title)
6422
#: serverguide/C/security.xml:365(title)
6417
6423
msgid "Firewall"
6418
6424
msgstr "Брандмаўэр"
6420
#: serverguide/C/security.xml:353(para)
6426
#: serverguide/C/security.xml:368(para)
6422
6428
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6423
6429
"which is used to manipulate or decide the fate of network traffic headed "
6425
6431
"system for packet filtering."
6428
#: serverguide/C/security.xml:358(para)
6434
#: serverguide/C/security.xml:373(para)
6430
6436
"The kernel's packet filtering system would be of little use to "
6431
6437
"administrators without a userspace interface to manage it. This is the "
6432
"purpose of iptables. When a packet reaches your server, it will be handed "
6438
"purpose of iptables: When a packet reaches your server, it will be handed "
6433
6439
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6434
6440
"based on the rules supplied to it from userspace via iptables. Thus, "
6435
"iptables is all you need to manage your firewall if you're familiar with it, "
6436
"but many frontends are available to simplify the task."
6441
"iptables is all you need to manage your firewall, if you're familiar with "
6442
"it, but many frontends are available to simplify the task."
6439
#: serverguide/C/security.xml:368(title)
6445
#: serverguide/C/security.xml:383(title)
6440
6446
msgid "ufw - Uncomplicated Firewall"
6443
#: serverguide/C/security.xml:369(para)
6449
#: serverguide/C/security.xml:384(para)
6445
6451
"The default firewall configuration tool for Ubuntu is "
6446
6452
"<application>ufw</application>. Developed to ease iptables firewall "
6447
"configuration, <application>ufw</application> provides a user friendly way "
6453
"configuration, <application>ufw</application> provides a user-friendly way "
6448
6454
"to create an IPv4 or IPv6 host-based firewall."
6451
#: serverguide/C/security.xml:373(para)
6457
#: serverguide/C/security.xml:388(para)
6453
6459
"<application>ufw</application> by default is initially disabled. From the "
6454
6460
"<application>ufw</application> man page:"
6457
#: serverguide/C/security.xml:377(quote)
6463
#: serverguide/C/security.xml:392(quote)
6459
6465
"ufw is not intended to provide complete firewall functionality via its "
6460
6466
"command interface, but instead provides an easy way to add or remove simple "
6461
6467
"rules. It is currently mainly used for host-based firewalls."
6464
#: serverguide/C/security.xml:381(para)
6470
#: serverguide/C/security.xml:396(para)
6466
6472
"The following are some examples of how to use <application>ufw</application>:"
6469
#: serverguide/C/security.xml:386(para)
6475
#: serverguide/C/security.xml:401(para)
6471
6477
"First, <application>ufw</application> needs to be enabled. From a terminal "
6472
6478
"prompt enter:"
6475
#: serverguide/C/security.xml:390(command)
6481
#: serverguide/C/security.xml:405(command)
6476
6482
msgid "sudo ufw enable"
6477
6483
msgstr "sudo ufw enable"
6479
#: serverguide/C/security.xml:394(para)
6480
msgid "To open a port (ssh in this example):"
6485
#: serverguide/C/security.xml:409(para)
6486
msgid "To open a port (SSH in this example):"
6483
#: serverguide/C/security.xml:398(command)
6489
#: serverguide/C/security.xml:413(command)
6484
6490
msgid "sudo ufw allow 22"
6485
6491
msgstr "sudo ufw allow 22"
6487
#: serverguide/C/security.xml:402(para)
6493
#: serverguide/C/security.xml:417(para)
6488
6494
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6491
#: serverguide/C/security.xml:406(command)
6497
#: serverguide/C/security.xml:421(command)
6492
6498
msgid "sudo ufw insert 1 allow 80"
6493
6499
msgstr "sudo ufw insert 1 allow 80"
6495
#: serverguide/C/security.xml:410(para)
6501
#: serverguide/C/security.xml:425(para)
6496
6502
msgid "Similarly, to close an opened port:"
6499
#: serverguide/C/security.xml:414(command)
6505
#: serverguide/C/security.xml:429(command)
6500
6506
msgid "sudo ufw deny 22"
6501
6507
msgstr "sudo ufw deny 22"
6503
#: serverguide/C/security.xml:418(para)
6509
#: serverguide/C/security.xml:433(para)
6504
6510
msgid "To remove a rule, use delete followed by the rule:"
6507
#: serverguide/C/security.xml:422(command)
6513
#: serverguide/C/security.xml:437(command)
6508
6514
msgid "sudo ufw delete deny 22"
6509
6515
msgstr "sudo ufw delete deny 22"
6511
#: serverguide/C/security.xml:426(para)
6517
#: serverguide/C/security.xml:441(para)
6513
6519
"It is also possible to allow access from specific hosts or networks to a "
6514
"port. The following example allows ssh access from host 192.168.0.2 to any "
6515
"ip address on this host:"
6520
"port. The following example allows SSH access from host 192.168.0.2 to any "
6521
"IP address on this host:"
6518
#: serverguide/C/security.xml:431(command)
6524
#: serverguide/C/security.xml:446(command)
6519
6525
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6520
6526
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6522
#: serverguide/C/security.xml:433(para)
6528
#: serverguide/C/security.xml:448(para)
6524
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6530
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6528
#: serverguide/C/security.xml:439(para)
6534
#: serverguide/C/security.xml:454(para)
6530
6536
"Adding the <emphasis>--dry-run</emphasis> option to a "
6531
6537
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6563
6569
"Rules updated"
6566
#: serverguide/C/security.xml:473(para)
6572
#: serverguide/C/security.xml:488(para)
6567
6573
msgid "<application>ufw</application> can be disabled by:"
6568
6574
msgstr "<application>ufw</application> можа быць выключана з дапамогай:"
6570
#: serverguide/C/security.xml:477(command)
6576
#: serverguide/C/security.xml:492(command)
6571
6577
msgid "sudo ufw disable"
6572
6578
msgstr "sudo ufw disable"
6574
#: serverguide/C/security.xml:481(para)
6580
#: serverguide/C/security.xml:496(para)
6575
6581
msgid "To see the firewall status, enter:"
6576
6582
msgstr "Каб паглядзець стан брандмаўэра, увядзіце:"
6578
#: serverguide/C/security.xml:485(command)
6584
#: serverguide/C/security.xml:500(command)
6579
6585
msgid "sudo ufw status"
6580
6586
msgstr "sudo ufw status"
6582
#: serverguide/C/security.xml:489(para)
6588
#: serverguide/C/security.xml:504(para)
6583
6589
msgid "And for more verbose status information use:"
6586
#: serverguide/C/security.xml:493(command)
6592
#: serverguide/C/security.xml:508(command)
6587
6593
msgid "sudo ufw status verbose"
6588
6594
msgstr "sudo ufw status verbose"
6590
#: serverguide/C/security.xml:497(para)
6596
#: serverguide/C/security.xml:512(para)
6591
6597
msgid "To view the <emphasis>numbered</emphasis> format:"
6594
#: serverguide/C/security.xml:501(command)
6600
#: serverguide/C/security.xml:516(command)
6595
6601
msgid "sudo ufw status numbered"
6596
6602
msgstr "sudo ufw status numbered"
6598
#: serverguide/C/security.xml:506(para)
6604
#: serverguide/C/security.xml:521(para)
6600
6606
"If the port you want to open or close is defined in "
6601
6607
"<filename>/etc/services</filename>, you can use the port name instead of the "
6622
6628
"the default ports have been changed."
6625
#: serverguide/C/security.xml:529(para)
6631
#: serverguide/C/security.xml:544(para)
6627
6633
"To view which applications have installed a profile, enter the following in "
6631
#: serverguide/C/security.xml:534(command)
6637
#: serverguide/C/security.xml:549(command)
6632
6638
msgid "sudo ufw app list"
6633
6639
msgstr "sudo ufw app list"
6635
#: serverguide/C/security.xml:540(para)
6641
#: serverguide/C/security.xml:555(para)
6637
6643
"Similar to allowing traffic to a port, using an application profile is "
6638
6644
"accomplished by entering:"
6641
#: serverguide/C/security.xml:545(command)
6647
#: serverguide/C/security.xml:560(command)
6642
6648
msgid "sudo ufw allow Samba"
6643
6649
msgstr "sudo ufw allow Samba"
6645
#: serverguide/C/security.xml:551(para)
6651
#: serverguide/C/security.xml:566(para)
6646
6652
msgid "An extended syntax is available as well:"
6649
#: serverguide/C/security.xml:556(command)
6655
#: serverguide/C/security.xml:571(command)
6650
6656
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6653
#: serverguide/C/security.xml:559(para)
6659
#: serverguide/C/security.xml:574(para)
6655
6661
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6656
6662
"with the application profile you are using and the IP range for your network."
6659
#: serverguide/C/security.xml:565(para)
6665
#: serverguide/C/security.xml:580(para)
6661
6667
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6662
6668
"application, because that information is detailed in the profile. Also, note "
6747
6753
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6749
#: serverguide/C/security.xml:634(para)
6755
#: serverguide/C/security.xml:649(para)
6750
6756
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6753
#: serverguide/C/security.xml:637(programlisting)
6759
#: serverguide/C/security.xml:652(programlisting)
6757
6763
"net/ipv4/ip_forward=1\n"
6760
#: serverguide/C/security.xml:640(para)
6766
#: serverguide/C/security.xml:655(para)
6761
6767
msgid "Similarly, for IPv6 forwarding uncomment:"
6764
#: serverguide/C/security.xml:643(programlisting)
6770
#: serverguide/C/security.xml:658(programlisting)
6768
6774
"net/ipv6/conf/default/forwarding=1\n"
6771
#: serverguide/C/security.xml:648(para)
6777
#: serverguide/C/security.xml:663(para)
6773
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6774
"file. The default rules only configure the <emphasis>filter</emphasis> "
6775
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6776
"need to be configured. Add the following to the top of the file just after "
6777
"the header comments:"
6779
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6780
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6781
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6782
"configured. Add the following to the top of the file just after the header "
6780
#: serverguide/C/security.xml:653(programlisting)
6786
#: serverguide/C/security.xml:668(programlisting)
6908
6914
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6910
#: serverguide/C/security.xml:740(para)
6916
#: serverguide/C/security.xml:755(para)
6912
6918
"The above command assumes that your private address space is 192.168.0.0/16 "
6913
6919
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6917
#: serverguide/C/security.xml:745(para)
6923
#: serverguide/C/security.xml:760(para)
6918
6924
msgid "-t nat -- the rule is to go into the nat table"
6921
#: serverguide/C/security.xml:746(para)
6927
#: serverguide/C/security.xml:761(para)
6923
6929
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6926
#: serverguide/C/security.xml:747(para)
6932
#: serverguide/C/security.xml:762(para)
6928
6934
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6929
6935
"specified address space"
6932
#: serverguide/C/security.xml:748(para)
6938
#: serverguide/C/security.xml:763(para)
6934
6940
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6935
6941
"specified network device"
6938
#: serverguide/C/security.xml:750(para)
6944
#: serverguide/C/security.xml:765(para)
6940
6946
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6941
6947
"MASQUERADE target to be manipulated as described above"
6944
#: serverguide/C/security.xml:758(para)
6950
#: serverguide/C/security.xml:773(para)
6946
6952
"Also, each chain in the filter table (the default table, and where most or "
6947
6953
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7061
7067
"or <application>lire</application>."
7064
#: serverguide/C/security.xml:837(title)
7070
#: serverguide/C/security.xml:851(title)
7065
7071
msgid "Other Tools"
7066
7072
msgstr "Іншыя прылады"
7068
#: serverguide/C/security.xml:838(para)
7074
#: serverguide/C/security.xml:852(para)
7070
7076
"There are many tools available to help you construct a complete firewall "
7071
7077
"without intimate knowledge of iptables. For the GUI-inclined:"
7074
#: serverguide/C/security.xml:844(para)
7080
#: serverguide/C/security.xml:858(para)
7076
7082
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7077
7083
"and will look familiar to an administrator who has used a commercial "
7078
7084
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7081
#: serverguide/C/security.xml:850(para)
7087
#: serverguide/C/security.xml:864(para)
7083
7089
"If you prefer a command-line tool with plain-text configuration files:"
7086
#: serverguide/C/security.xml:855(para)
7092
#: serverguide/C/security.xml:869(para)
7088
7094
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7089
7095
"powerful solution to help you configure an advanced firewall for any network."
7092
#: serverguide/C/security.xml:866(para)
7098
#: serverguide/C/security.xml:880(para)
7094
7100
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7095
7101
"Firewall</ulink> wiki page contains information on the development of "
7096
7102
"<application>ufw</application>."
7099
#: serverguide/C/security.xml:872(para)
7105
#: serverguide/C/security.xml:886(para)
7101
7107
"Also, the <application>ufw</application> manual page contains some very "
7102
7108
"useful information: <command>man ufw</command>."
7105
#: serverguide/C/security.xml:877(para)
7111
#: serverguide/C/security.xml:891(para)
7107
7113
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7108
7114
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7109
7115
"on using <application>iptables</application>."
7112
#: serverguide/C/security.xml:883(para)
7118
#: serverguide/C/security.xml:897(para)
7114
7120
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7115
7121
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7118
#: serverguide/C/security.xml:889(para)
7124
#: serverguide/C/security.xml:903(para)
7120
7126
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7121
7127
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7124
#: serverguide/C/security.xml:897(title)
7130
#: serverguide/C/security.xml:911(title)
7125
7131
msgid "AppArmor"
7126
7132
msgstr "AppArmor"
7128
#: serverguide/C/security.xml:898(para)
7134
#: serverguide/C/security.xml:912(para)
7130
7136
"<application>AppArmor</application> is a Linux Security Module "
7131
7137
"implementation of name-based mandatory access controls. AppArmor confines "
7178
7184
"#1304134</ulink>) and instructions will not work as advertised."
7181
#: serverguide/C/security.xml:930(para)
7187
#: serverguide/C/security.xml:950(para)
7183
7189
"The <application>apparmor-utils</application> package contains command line "
7184
7190
"utilities that you can use to change the <application>AppArmor</application> "
7185
7191
"execution mode, find the status of a profile, create new profiles, etc."
7188
#: serverguide/C/security.xml:936(para)
7194
#: serverguide/C/security.xml:956(para)
7190
7196
"<application>apparmor_status</application> is used to view the current "
7191
7197
"status of AppArmor profiles."
7194
#: serverguide/C/security.xml:940(command)
7200
#: serverguide/C/security.xml:960(command)
7195
7201
msgid "sudo apparmor_status"
7196
7202
msgstr "sudo apparmor_status"
7198
#: serverguide/C/security.xml:944(para)
7204
#: serverguide/C/security.xml:964(para)
7200
7206
"<application>aa-complain</application> places a profile into "
7201
7207
"<emphasis>complain</emphasis> mode."
7204
#: serverguide/C/security.xml:948(command)
7210
#: serverguide/C/security.xml:968(command)
7205
7211
msgid "sudo aa-complain /path/to/bin"
7206
7212
msgstr "sudo aa-complain /path/to/bin"
7208
#: serverguide/C/security.xml:952(para)
7214
#: serverguide/C/security.xml:972(para)
7210
7216
"<application>aa-enforce</application> places a profile into "
7211
7217
"<emphasis>enforce</emphasis> mode."
7214
#: serverguide/C/security.xml:956(command)
7220
#: serverguide/C/security.xml:976(command)
7215
7221
msgid "sudo aa-enforce /path/to/bin"
7216
7222
msgstr "sudo aa-enforce /path/to/bin"
7218
#: serverguide/C/security.xml:960(para)
7224
#: serverguide/C/security.xml:980(para)
7220
7226
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7221
7227
"profiles are located. It can be used to manipulate the "
7222
7228
"<emphasis>mode</emphasis> of all profiles."
7225
#: serverguide/C/security.xml:964(para)
7231
#: serverguide/C/security.xml:984(para)
7226
7232
msgid "Enter the following to place all profiles into complain mode:"
7229
#: serverguide/C/security.xml:968(command)
7235
#: serverguide/C/security.xml:988(command)
7230
7236
msgid "sudo aa-complain /etc/apparmor.d/*"
7231
7237
msgstr "sudo aa-complain /etc/apparmor.d/*"
7233
#: serverguide/C/security.xml:970(para)
7239
#: serverguide/C/security.xml:990(para)
7234
7240
msgid "To place all profiles in enforce mode:"
7237
#: serverguide/C/security.xml:974(command)
7243
#: serverguide/C/security.xml:994(command)
7238
7244
msgid "sudo aa-enforce /etc/apparmor.d/*"
7239
7245
msgstr "sudo aa-enforce /etc/apparmor.d/*"
7241
#: serverguide/C/security.xml:978(para)
7247
#: serverguide/C/security.xml:998(para)
7243
7249
"<application>apparmor_parser</application> is used to load a profile into "
7244
7250
"the kernel. It can also be used to reload a currently loaded profile using "
7245
7251
"the <emphasis>-r</emphasis> option. To load a profile:"
7248
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7254
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7249
7255
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7250
7256
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7252
#: serverguide/C/security.xml:985(para)
7258
#: serverguide/C/security.xml:1005(para)
7253
7259
msgid "To reload a profile:"
7254
7260
msgstr "Каб перазапусьціць профіль:"
7256
#: serverguide/C/security.xml:989(command)
7262
#: serverguide/C/security.xml:1009(command)
7257
7263
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7258
7264
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7263
7269
"<emphasis>reload</emphasis> all profiles:"
7266
#: serverguide/C/network-auth.xml:964(command)
7272
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7267
7273
msgid "sudo service apparmor reload"
7270
#: serverguide/C/security.xml:1001(para)
7276
#: serverguide/C/security.xml:1021(para)
7272
7278
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7273
7279
"with the <application>apparmor_parser -R</application> option to "
7274
7280
"<emphasis>disable</emphasis> a profile."
7277
#: serverguide/C/security.xml:1006(command)
7283
#: serverguide/C/security.xml:1026(command)
7278
7284
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7279
7285
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7281
#: serverguide/C/security.xml:1007(command)
7287
#: serverguide/C/security.xml:1027(command)
7282
7288
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7283
7289
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7285
#: serverguide/C/security.xml:1009(para)
7291
#: serverguide/C/security.xml:1029(para)
7287
7293
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7288
7294
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7289
7295
"load the profile using the <emphasis>-a</emphasis> option."
7292
#: serverguide/C/security.xml:1014(command)
7298
#: serverguide/C/security.xml:1034(command)
7293
7299
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7294
7300
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
7296
#: serverguide/C/security.xml:1019(para)
7302
#: serverguide/C/security.xml:1039(para)
7298
7304
"<application>AppArmor</application> can be disabled, and the kernel module "
7299
7305
"unloaded by entering the following:"
7383
#: serverguide/C/security.xml:1088(para)
7389
#: serverguide/C/security.xml:1108(para)
7385
7391
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7386
7392
"from other files. This allows statements pertaining to multiple applications "
7387
7393
"to be placed in a common file."
7390
#: serverguide/C/security.xml:1094(para)
7396
#: serverguide/C/security.xml:1114(para)
7392
7398
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7393
7399
"program, also setting the mode to <emphasis>complain</emphasis>."
7396
#: serverguide/C/security.xml:1100(para)
7402
#: serverguide/C/security.xml:1120(para)
7398
7404
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7399
7405
"the CAP_NET_RAW Posix.1e capability."
7402
#: serverguide/C/security.xml:1105(para)
7408
#: serverguide/C/security.xml:1125(para)
7404
7410
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7405
7411
"execute access to the file."
7408
#: serverguide/C/security.xml:1111(para)
7414
#: serverguide/C/security.xml:1131(para)
7410
7416
"After editing a profile file the profile must be reloaded. See <xref "
7411
7417
"linkend=\"apparmor-usage\"/> for details."
7414
#: serverguide/C/security.xml:1116(title)
7420
#: serverguide/C/security.xml:1136(title)
7415
7421
msgid "Creating a Profile"
7416
7422
msgstr "Стварэньне профіля"
7418
#: serverguide/C/security.xml:1119(para)
7424
#: serverguide/C/security.xml:1139(para)
7420
7426
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7421
7427
"application should be exercised. The test plan should be divided into small "
7423
7429
"steps to follow."
7426
#: serverguide/C/security.xml:1123(para)
7432
#: serverguide/C/security.xml:1143(para)
7427
7433
msgid "Some standard test cases are:"
7430
#: serverguide/C/security.xml:1128(para)
7436
#: serverguide/C/security.xml:1148(para)
7431
7437
msgid "Starting the program."
7432
7438
msgstr "Урухомленьне праграмы."
7434
#: serverguide/C/security.xml:1133(para)
7440
#: serverguide/C/security.xml:1153(para)
7435
7441
msgid "Stopping the program."
7436
7442
msgstr "Спыненьне праграмы."
7438
#: serverguide/C/security.xml:1138(para)
7444
#: serverguide/C/security.xml:1158(para)
7439
7445
msgid "Reloading the program."
7440
7446
msgstr "Перазагрузка праграмы."
7442
#: serverguide/C/security.xml:1143(para)
7448
#: serverguide/C/security.xml:1163(para)
7443
7449
msgid "Testing all the commands supported by the init script."
7446
#: serverguide/C/security.xml:1150(para)
7452
#: serverguide/C/security.xml:1170(para)
7448
7454
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7449
7455
"genprof</application> to generate a new profile. From a terminal:"
7452
#: serverguide/C/security.xml:1155(command)
7458
#: serverguide/C/security.xml:1175(command)
7453
7459
msgid "sudo aa-genprof executable"
7454
7460
msgstr "sudo aa-genprof executable"
7456
#: serverguide/C/security.xml:1157(para)
7462
#: serverguide/C/security.xml:1177(para)
7457
7463
msgid "For example:"
7458
7464
msgstr "Напрыклад:"
7460
#: serverguide/C/security.xml:1161(command)
7466
#: serverguide/C/security.xml:1181(command)
7461
7467
msgid "sudo aa-genprof slapd"
7462
7468
msgstr "sudo aa-genprof slapd"
7464
#: serverguide/C/security.xml:1165(para)
7470
#: serverguide/C/security.xml:1185(para)
7466
7472
"To get your new profile included in the <application>apparmor-"
7467
7473
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7538
7544
"the private key."
7541
#: serverguide/C/security.xml:1239(para)
7547
#: serverguide/C/security.xml:1259(para)
7543
7549
"A common use for public-key cryptography is encrypting application traffic "
7544
7550
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7545
"connection. For example, configuring Apache to provide "
7551
"connection. One example: configuring Apache to provide "
7546
7552
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7547
7553
"encrypt traffic using a protocol that does not itself provide encryption."
7550
#: serverguide/C/security.xml:1244(para)
7556
#: serverguide/C/security.xml:1264(para)
7552
7558
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7553
7559
"<emphasis>public key</emphasis> and other information about a server and the "
7554
7560
"organization who is responsible for it. Certificates can be digitally signed "
7555
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7561
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7556
7562
"third party that has confirmed that the information contained in the "
7557
7563
"certificate is accurate."
7560
#: serverguide/C/security.xml:1251(title)
7566
#: serverguide/C/security.xml:1271(title)
7561
7567
msgid "Types of Certificates"
7562
7568
msgstr "Тыпы сэртыфікатаў"
7564
#: serverguide/C/security.xml:1252(para)
7570
#: serverguide/C/security.xml:1272(para)
7566
7572
"To set up a secure server using public-key cryptography, in most cases, you "
7567
7573
"send your certificate request (including your public key), proof of your "
7628
7634
"your friends or colleagues, or purely on monetary factors."
7631
#: serverguide/C/security.xml:1317(para)
7637
#: serverguide/C/security.xml:1337(para)
7633
7639
"Once you have decided upon a CA, you need to follow the instructions they "
7634
7640
"provide on how to obtain a certificate from them."
7637
#: serverguide/C/security.xml:1322(para)
7643
#: serverguide/C/security.xml:1342(para)
7639
7645
"When the CA is satisfied that you are indeed who you claim to be, they send "
7640
7646
"you a digital certificate."
7643
#: serverguide/C/security.xml:1326(para)
7649
#: serverguide/C/security.xml:1346(para)
7645
7651
"Install this certificate on your secure server, and configure the "
7646
7652
"appropriate applications to use the certificate."
7649
#: serverguide/C/security.xml:1335(title)
7655
#: serverguide/C/security.xml:1355(title)
7650
7656
msgid "Generating a Certificate Signing Request (CSR)"
7653
#: serverguide/C/security.xml:1337(para)
7659
#: serverguide/C/security.xml:1357(para)
7655
7661
"Whether you are getting a certificate from a CA or generating your own self-"
7656
7662
"signed certificate, the first step is to generate a key."
7659
#: serverguide/C/security.xml:1342(para)
7665
#: serverguide/C/security.xml:1362(para)
7661
7667
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7662
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7668
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7663
7669
"passphrase allows the services to start without manual intervention, usually "
7664
7670
"the preferred way to start a daemon."
7667
#: serverguide/C/security.xml:1348(para)
7673
#: serverguide/C/security.xml:1368(para)
7669
7675
"This section will cover generating a key with a passphrase, and one without. "
7670
7676
"The non-passphrase key will then be used to generate a certificate that can "
7671
7677
"be used with various service daemons."
7674
#: serverguide/C/security.xml:1354(para)
7680
#: serverguide/C/security.xml:1374(para)
7676
7682
"Running your secure service without a passphrase is convenient because you "
7677
7683
"will not need to enter the passphrase every time you start your secure "
7708
7714
"in a dictionary. Also remember that your passphrase is case-sensitive."
7711
#: serverguide/C/security.xml:1386(para)
7717
#: serverguide/C/security.xml:1406(para)
7713
7719
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7714
7720
"server key is generated and stored in the <filename>server.key</filename> "
7718
#: serverguide/C/security.xml:1392(para)
7724
#: serverguide/C/security.xml:1412(para)
7720
7726
"Now create the insecure key, the one without a passphrase, and shuffle the "
7724
#: serverguide/C/security.xml:1398(command)
7730
#: serverguide/C/security.xml:1418(command)
7725
7731
msgid "openssl rsa -in server.key -out server.key.insecure"
7726
7732
msgstr "openssl rsa -in server.key -out server.key.insecure"
7728
#: serverguide/C/security.xml:1399(command)
7734
#: serverguide/C/security.xml:1419(command)
7729
7735
msgid "mv server.key server.key.secure"
7730
7736
msgstr "mv server.key server.key.secure"
7732
#: serverguide/C/security.xml:1400(command)
7738
#: serverguide/C/security.xml:1420(command)
7733
7739
msgid "mv server.key.insecure server.key"
7734
7740
msgstr "mv server.key.insecure server.key"
7736
#: serverguide/C/security.xml:1403(para)
7742
#: serverguide/C/security.xml:1423(para)
7738
7744
"The insecure key is now named <filename>server.key</filename>, and you can "
7739
7745
"use this file to generate the CSR without passphrase."
7742
#: serverguide/C/security.xml:1408(para)
7748
#: serverguide/C/security.xml:1428(para)
7743
7749
msgid "To create the CSR, run the following command at a terminal prompt:"
7746
#: serverguide/C/security.xml:1413(command)
7752
#: serverguide/C/security.xml:1433(command)
7747
7753
msgid "openssl req -new -key server.key -out server.csr"
7748
7754
msgstr "openssl req -new -key server.key -out server.csr"
7750
#: serverguide/C/security.xml:1416(para)
7756
#: serverguide/C/security.xml:1436(para)
7752
7758
"It will prompt you enter the passphrase. If you enter the correct "
7753
7759
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7780
7786
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7783
#: serverguide/C/security.xml:1441(para)
7789
#: serverguide/C/security.xml:1461(para)
7785
7791
"The above command will prompt you to enter the passphrase. Once you enter "
7786
7792
"the correct passphrase, your certificate will be created and it will be "
7787
7793
"stored in the <filename>server.crt</filename> file."
7790
#: serverguide/C/security.xml:1446(para)
7796
#: serverguide/C/security.xml:1466(para)
7792
7798
"If your secure server is to be used in a production environment, you "
7793
7799
"probably need a CA-signed certificate. It is not recommended to use self-"
7794
7800
"signed certificate."
7797
#: serverguide/C/security.xml:1454(title)
7803
#: serverguide/C/security.xml:1474(title)
7798
7804
msgid "Installing the Certificate"
7799
7805
msgstr "Устаноўка сэртыфіката"
7801
#: serverguide/C/security.xml:1456(para)
7807
#: serverguide/C/security.xml:1476(para)
7803
7809
"You can install the key file <filename>server.key</filename> and certificate "
7804
7810
"file <filename>server.crt</filename>, or the certificate file issued by your "
7805
7811
"CA, by running following commands at a terminal prompt:"
7808
#: serverguide/C/security.xml:1462(command)
7814
#: serverguide/C/security.xml:1482(command)
7809
7815
msgid "sudo cp server.crt /etc/ssl/certs"
7810
7816
msgstr "sudo cp server.crt /etc/ssl/certs"
7812
#: serverguide/C/security.xml:1463(command)
7818
#: serverguide/C/security.xml:1483(command)
7813
7819
msgid "sudo cp server.key /etc/ssl/private"
7814
7820
msgstr "sudo cp server.key /etc/ssl/private"
7816
#: serverguide/C/security.xml:1465(para)
7822
#: serverguide/C/security.xml:1485(para)
7818
7824
"Now simply configure any applications, with the ability to use public-key "
7819
7825
"cryptography, to use the <emphasis>certificate</emphasis> and "
7974
#: serverguide/C/security.xml:1614(para)
7980
#: serverguide/C/security.xml:1634(para)
7976
7982
"For more detailed instructions on using cryptography see the <ulink "
7977
7983
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7978
"Certificates HOWTO</ulink> by tldp.org"
7984
"Certificates HOWTO</ulink> by tldp.org:"
7981
#: serverguide/C/security.xml:1620(para)
7987
#: serverguide/C/security.xml:1640(para)
7983
7989
"The Wikipedia <ulink "
7984
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7990
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
7985
7991
"information regarding HTTPS."
7988
#: serverguide/C/security.xml:1625(para)
7994
#: serverguide/C/security.xml:1645(para)
7990
7996
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7991
7997
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7994
#: serverguide/C/security.xml:1630(para)
8000
#: serverguide/C/security.xml:1650(para)
7996
8002
"Also, O'Reilly's <ulink "
7997
8003
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7998
"OpenSSL</ulink> is a good in depth reference."
8004
"OpenSSL</ulink> is a good in-depth reference."
8001
#: serverguide/C/security.xml:1639(title)
8007
#: serverguide/C/security.xml:1659(title)
8002
8008
msgid "eCryptfs"
8003
8009
msgstr "eCryptfs"
8010
8016
"filesystem, partition type, etc."
8013
#: serverguide/C/security.xml:1647(para)
8019
#: serverguide/C/security.xml:1667(para)
8015
8021
"During installation there is an option to encrypt the <filename "
8016
8022
"role=\"directory\">/home</filename> partition. This will automatically "
8017
8023
"configure everything needed to encrypt and mount the partition."
8020
#: serverguide/C/security.xml:1652(para)
8026
#: serverguide/C/security.xml:1672(para)
8022
8028
"As an example, this section will cover configuring <filename "
8023
8029
"role=\"directory\">/srv</filename> to be encrypted using "
8024
8030
"<emphasis>eCryptfs</emphasis>."
8027
#: serverguide/C/security.xml:1657(title)
8033
#: serverguide/C/security.xml:1677(title)
8028
8034
msgid "Using eCryptfs"
8029
8035
msgstr "Ужываньне eCryptfs"
8031
#: serverguide/C/security.xml:1659(para)
8037
#: serverguide/C/security.xml:1679(para)
8032
8038
msgid "First, install the necessary packages. From a terminal prompt enter:"
8033
8039
msgstr "Спачатку устанавіце неабходныя пакеты. Увядзіце ў тэрмінале:"
8035
#: serverguide/C/security.xml:1664(command)
8041
#: serverguide/C/security.xml:1684(command)
8036
8042
msgid "sudo apt-get install ecryptfs-utils"
8037
8043
msgstr "sudo apt-get install ecryptfs-utils"
8039
#: serverguide/C/security.xml:1667(para)
8045
#: serverguide/C/security.xml:1687(para)
8040
8046
msgid "Now mount the partition to be encrypted:"
8043
#: serverguide/C/security.xml:1672(command)
8049
#: serverguide/C/security.xml:1692(command)
8044
8050
msgid "sudo mount -t ecryptfs /srv /srv"
8045
8051
msgstr "sudo mount -t ecryptfs /srv /srv"
8047
#: serverguide/C/security.xml:1675(para)
8053
#: serverguide/C/security.xml:1695(para)
8049
8055
"You will then be prompted for some details on how "
8050
8056
"<application>ecryptfs</application> should encrypt the data."
8053
#: serverguide/C/security.xml:1679(para)
8059
#: serverguide/C/security.xml:1699(para)
8055
8061
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8056
8062
"copy the <filename>/etc/default</filename> folder to "
8057
8063
"<filename>/srv</filename>:"
8060
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8066
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8061
8067
msgid "sudo cp -r /etc/default /srv"
8062
8068
msgstr "sudo cp -r /etc/default /srv"
8064
#: serverguide/C/security.xml:1688(para)
8070
#: serverguide/C/security.xml:1708(para)
8065
8071
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8068
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8074
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8069
8075
msgid "sudo umount /srv"
8070
8076
msgstr "sudo umount /srv"
8072
#: serverguide/C/security.xml:1694(command)
8078
#: serverguide/C/security.xml:1714(command)
8073
8079
msgid "cat /srv/default/cron"
8074
8080
msgstr "cat /srv/default/cron"
8076
#: serverguide/C/security.xml:1697(para)
8082
#: serverguide/C/security.xml:1717(para)
8078
8084
"Remounting <filename>/srv</filename> using "
8079
8085
"<application>ecryptfs</application> will make the data viewable once again."
8082
#: serverguide/C/security.xml:1703(title)
8088
#: serverguide/C/security.xml:1723(title)
8083
8089
msgid "Automatically Mounting Encrypted Partitions"
8086
#: serverguide/C/security.xml:1705(para)
8092
#: serverguide/C/security.xml:1725(para)
8088
8094
"There are a couple of ways to automatically mount an "
8089
8095
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8171
8177
"other users on the system."
8174
#: serverguide/C/security.xml:1772(para)
8180
#: serverguide/C/security.xml:1792(para)
8176
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8177
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8182
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8183
"private</emphasis> will mount and unmount a user's "
8184
"<filename>~/Private</filename> directory."
8181
#: serverguide/C/security.xml:1778(para)
8187
#: serverguide/C/security.xml:1798(para)
8183
8189
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8184
8190
"kernel keyring."
8187
#: serverguide/C/security.xml:1783(para)
8193
#: serverguide/C/security.xml:1803(para)
8189
8195
"<emphasis>ecryptfs-manager:</emphasis> manages "
8190
8196
"<application>eCryptfs</application> objects such as keys."
8193
#: serverguide/C/security.xml:1788(para)
8199
#: serverguide/C/security.xml:1808(para)
8195
8201
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8196
8202
"<application>ecryptfs</application> meta information for a file."
8199
#: serverguide/C/security.xml:1801(para)
8205
#: serverguide/C/security.xml:1821(para)
8201
8207
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8202
8208
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8205
#: serverguide/C/security.xml:1806(para)
8211
#: serverguide/C/security.xml:1826(para)
8207
8213
"There is also a <ulink "
8208
8214
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8296
8302
msgid "File Server"
8299
#: serverguide/C/windows-networking.xml:70(para)
8305
#: serverguide/C/samba.xml:70(para)
8301
8307
"One of the most common ways to network Ubuntu and Windows computers is to "
8302
8308
"configure Samba as a File Server. This section covers setting up a "
8303
8309
"<application>Samba</application> server to share files with Windows clients."
8306
#: serverguide/C/windows-networking.xml:75(para)
8312
#: serverguide/C/samba.xml:75(para)
8308
8314
"The server will be configured to share files with any client on the network "
8309
8315
"without prompting for a password. If your environment requires stricter "
8310
8316
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
8313
#: serverguide/C/windows-networking.xml:83(para)
8319
#: serverguide/C/samba.xml:83(para)
8315
8321
"The first step is to install the <application>samba</application> package. "
8316
8322
"From a terminal prompt enter:"
8319
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8325
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8320
8326
msgid "sudo apt-get install samba"
8321
8327
msgstr "sudo apt-get install samba"
8323
#: serverguide/C/windows-networking.xml:91(para)
8329
#: serverguide/C/samba.xml:91(para)
8325
8331
"That's all there is to it; you are now ready to configure Samba to share "
8329
#: serverguide/C/windows-networking.xml:99(para)
8335
#: serverguide/C/samba.xml:99(para)
8331
8337
"The main Samba configuration file is located in "
8332
8338
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8425
8431
"is <emphasis>yes</emphasis>, then access to the share is read only."
8428
#: serverguide/C/windows-networking.xml:181(para)
8434
#: serverguide/C/samba.xml:181(para)
8430
8436
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8431
8437
"have when created."
8434
#: serverguide/C/windows-networking.xml:190(para)
8440
#: serverguide/C/samba.xml:190(para)
8436
8442
"Now that <application>Samba</application> is configured, the directory needs "
8437
8443
"to be created and the permissions changed. From a terminal enter:"
8440
#: serverguide/C/windows-networking.xml:196(command)
8446
#: serverguide/C/samba.xml:196(command)
8441
8447
msgid "sudo mkdir -p /srv/samba/share"
8442
8448
msgstr "sudo mkdir -p /srv/samba/share"
8444
#: serverguide/C/windows-networking.xml:197(command)
8450
#: serverguide/C/samba.xml:197(command)
8445
8451
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8448
#: serverguide/C/windows-networking.xml:201(para)
8454
#: serverguide/C/samba.xml:201(para)
8450
8456
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8451
8457
"directory tree if it doesn't exist."
8454
#: serverguide/C/windows-networking.xml:209(para)
8460
#: serverguide/C/samba.xml:209(para)
8456
8462
"Finally, restart the <application>samba</application> services to enable the "
8457
8463
"new configuration:"
8501
8507
"<filename>/srv/samba/qa</filename>."
8504
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8510
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8506
8512
"For in depth Samba configurations see the <ulink "
8507
8513
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8508
8514
"Collection</ulink>"
8511
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8517
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8513
8519
"The guide is also available in <ulink "
8514
8520
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8515
8521
"format</ulink>."
8518
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8524
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8520
8526
"O'Reilly's <ulink "
8521
8527
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8522
8528
"another good reference."
8525
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8531
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8527
8533
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8528
8534
"</ulink> page."
8531
#: serverguide/C/network-config.xml:908(para)
8537
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8532
8538
msgid "Print Server"
8533
8539
msgstr "Сэрвер друку"
8535
#: serverguide/C/windows-networking.xml:281(para)
8541
#: serverguide/C/samba.xml:281(para)
8537
8543
"Another common use of Samba is to configure it to share printers installed, "
8538
8544
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8653
8659
"of the Samba guide for more details."
8656
#: serverguide/C/windows-networking.xml:425(para)
8662
#: serverguide/C/samba.xml:425(para)
8658
8664
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8659
8665
"without supplying a username and password."
8662
#: serverguide/C/windows-networking.xml:432(para)
8668
#: serverguide/C/samba.xml:432(para)
8664
8670
"The security mode you choose will depend on your environment and what you "
8665
8671
"need the Samba server to accomplish."
8668
#: serverguide/C/windows-networking.xml:438(title)
8674
#: serverguide/C/samba.xml:438(title)
8669
8675
msgid "Security = User"
8672
#: serverguide/C/windows-networking.xml:440(para)
8678
#: serverguide/C/samba.xml:440(para)
8674
8680
"This section will reconfigure the Samba file and print server, from <xref "
8675
8681
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8676
8682
"require authentication."
8679
#: serverguide/C/windows-networking.xml:445(para)
8685
#: serverguide/C/samba.xml:445(para)
8681
8687
"First, install the <application>libpam-smbpass</application> package which "
8682
8688
"will sync the system users to the Samba user database:"
8685
#: serverguide/C/windows-networking.xml:451(command)
8691
#: serverguide/C/samba.xml:451(command)
8686
8692
msgid "sudo apt-get install libpam-smbpass"
8687
8693
msgstr "sudo apt-get install libpam-smbpass"
8689
#: serverguide/C/windows-networking.xml:455(para)
8695
#: serverguide/C/samba.xml:455(para)
8691
8697
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8692
8698
"<application>libpam-smbpass</application> is already installed."
8695
#: serverguide/C/windows-networking.xml:461(para)
8701
#: serverguide/C/samba.xml:461(para)
8697
8703
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8698
8704
"<emphasis>[share]</emphasis> section change:"
8701
#: serverguide/C/windows-networking.xml:465(programlisting)
8707
#: serverguide/C/samba.xml:465(programlisting)
8705
8711
" guest ok = no\n"
8708
#: serverguide/C/windows-networking.xml:469(para)
8714
#: serverguide/C/samba.xml:469(para)
8709
8715
msgid "Finally, restart Samba for the new settings to take effect:"
8712
#: serverguide/C/windows-networking.xml:478(para)
8718
#: serverguide/C/samba.xml:478(para)
8714
8720
"Now when connecting to the shared directories or printers you should be "
8715
8721
"prompted for a username and password."
8718
#: serverguide/C/windows-networking.xml:483(para)
8724
#: serverguide/C/samba.xml:483(para)
8720
8726
"If you choose to map a network drive to the share you can check the "
8721
8727
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8722
8728
"enter the username and password once, at least until the password changes."
8725
#: serverguide/C/windows-networking.xml:491(title)
8731
#: serverguide/C/samba.xml:491(title)
8726
8732
msgid "Share Security"
8729
#: serverguide/C/windows-networking.xml:493(para)
8735
#: serverguide/C/samba.xml:493(para)
8731
8737
"There are several options available to increase the security for each "
8732
8738
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8733
8739
"this section will cover some common options."
8736
#: serverguide/C/windows-networking.xml:499(title)
8742
#: serverguide/C/samba.xml:499(title)
8740
#: serverguide/C/windows-networking.xml:501(para)
8746
#: serverguide/C/samba.xml:501(para)
8742
8748
"Groups define a collection of computers or users which have a common level "
8743
8749
"of access to particular network resources and offer a level of granularity "
9114
#: serverguide/C/windows-networking.xml:827(para)
9120
#: serverguide/C/samba.xml:827(para)
9116
9122
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9119
#: serverguide/C/windows-networking.xml:832(para)
9125
#: serverguide/C/samba.xml:832(para)
9121
9127
"<emphasis>logon home:</emphasis> specifies the home directory location."
9124
#: serverguide/C/windows-networking.xml:837(para)
9130
#: serverguide/C/samba.xml:837(para)
9126
9132
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9127
9133
"once a user has logged in. The script needs to be placed in the "
9128
9134
"<emphasis>[netlogon]</emphasis> share."
9131
#: serverguide/C/windows-networking.xml:843(para)
9137
#: serverguide/C/samba.xml:843(para)
9133
9139
"<emphasis>add machine script:</emphasis> a script that will automatically "
9134
9140
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9135
9141
"workstation to join the domain."
9138
#: serverguide/C/windows-networking.xml:847(para)
9144
#: serverguide/C/samba.xml:847(para)
9140
9146
"In this example the <emphasis>machines</emphasis> group will need to be "
9141
9147
"created using the <application>addgroup</application> utility see <xref "
9142
9148
"linkend=\"adding-deleting-users\"/> for details."
9145
#: serverguide/C/windows-networking.xml:858(para)
9151
#: serverguide/C/samba.xml:858(para)
9147
9153
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9148
9154
"role=\"italic\">logon home</emphasis> to be mapped:"
9151
#: serverguide/C/windows-networking.xml:863(programlisting)
9157
#: serverguide/C/samba.xml:863(programlisting)
9188
9194
"location for site-specific data provided by the system."
9191
#: serverguide/C/windows-networking.xml:902(para)
9197
#: serverguide/C/samba.xml:902(para)
9193
9199
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9194
9200
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9197
#: serverguide/C/windows-networking.xml:908(command)
9203
#: serverguide/C/samba.xml:908(command)
9198
9204
msgid "sudo mkdir -p /srv/samba/netlogon"
9199
9205
msgstr "sudo mkdir -p /srv/samba/netlogon"
9201
#: serverguide/C/windows-networking.xml:909(command)
9207
#: serverguide/C/samba.xml:909(command)
9202
9208
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9203
9209
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9205
#: serverguide/C/windows-networking.xml:912(para)
9211
#: serverguide/C/samba.xml:912(para)
9207
9213
"You can enter any normal Windows logon script commands in "
9208
9214
"<filename>logon.cmd</filename> to customize the client's environment."
9211
#: serverguide/C/windows-networking.xml:920(para)
9217
#: serverguide/C/samba.xml:920(para)
9212
9218
msgid "Restart Samba to enable the new domain controller:"
9215
#: serverguide/C/windows-networking.xml:932(para)
9221
#: serverguide/C/samba.xml:932(para)
9217
9223
"Lastly, there are a few additional commands needed to setup the appropriate "
9221
#: serverguide/C/windows-networking.xml:936(para)
9227
#: serverguide/C/samba.xml:936(para)
9223
9229
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9224
9230
"workstation to the domain, a system group needs to be mapped to the Windows "
9253
#: serverguide/C/windows-networking.xml:963(para)
9259
#: serverguide/C/samba.xml:963(para)
9255
9261
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9256
9262
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9257
9263
"(and other admin functions) to work. This is achieved by executing:"
9260
#: serverguide/C/windows-networking.xml:968(command)
9266
#: serverguide/C/samba.xml:968(command)
9262
9268
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9263
9269
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9264
9270
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9267
#: serverguide/C/windows-networking.xml:976(para)
9273
#: serverguide/C/samba.xml:976(para)
9269
9275
"You should now be able to join Windows clients to the Domain in the same "
9270
9276
"manner as joining them to an NT4 domain running on a Windows server."
9273
#: serverguide/C/windows-networking.xml:986(title)
9279
#: serverguide/C/samba.xml:986(title)
9274
9280
msgid "Backup Domain Controller"
9277
#: serverguide/C/windows-networking.xml:988(para)
9283
#: serverguide/C/samba.xml:988(para)
9279
9285
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9280
9286
"Backup Domain Controller (BDC) as well. This will allow clients to "
9281
9287
"authenticate in case the PDC becomes unavailable."
9284
#: serverguide/C/windows-networking.xml:993(para)
9290
#: serverguide/C/samba.xml:993(para)
9286
9292
"When configuring Samba as a BDC you need a way to sync account information "
9287
9293
"with the PDC. There are multiple ways of accomplishing this "
9332
9338
"files, enter:"
9335
#: serverguide/C/windows-networking.xml:1050(command)
9341
#: serverguide/C/samba.xml:1050(command)
9336
9342
msgid "sudo chgrp -R admin /var/lib/samba"
9337
9343
msgstr "sudo chgrp -R admin /var/lib/samba"
9339
#: serverguide/C/windows-networking.xml:1056(para)
9345
#: serverguide/C/samba.xml:1056(para)
9341
9347
"Next, sync the user accounts, using <application>scp</application> to copy "
9342
9348
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9345
#: serverguide/C/windows-networking.xml:1062(command)
9351
#: serverguide/C/samba.xml:1062(command)
9346
9352
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9347
9353
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9349
#: serverguide/C/windows-networking.xml:1066(para)
9355
#: serverguide/C/samba.xml:1066(para)
9351
9357
"Replace <emphasis>username</emphasis> with a valid username and "
9352
9358
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9355
#: serverguide/C/windows-networking.xml:1075(para)
9361
#: serverguide/C/samba.xml:1075(para)
9356
9362
msgid "Finally, restart <application>samba</application>:"
9357
9363
msgstr "У канцы, перазапусьціце <application>samba</application>:"
9359
#: serverguide/C/windows-networking.xml:1087(para)
9365
#: serverguide/C/samba.xml:1087(para)
9361
9367
"You can test that your Backup Domain controller is working by stopping the "
9362
9368
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9366
#: serverguide/C/windows-networking.xml:1092(para)
9372
#: serverguide/C/samba.xml:1092(para)
9368
9374
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9369
9375
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9453
9459
"security\"/> for more details."
9456
#: serverguide/C/windows-networking.xml:1199(title)
9462
#: serverguide/C/samba.xml:1199(title)
9457
9463
msgid "Accessing a Windows Share"
9460
#: serverguide/C/windows-networking.xml:1201(para)
9466
#: serverguide/C/samba.xml:1201(para)
9462
9468
"Now that the Samba server is part of the Active Directory domain you can "
9463
9469
"access any Windows server shares:"
9466
#: serverguide/C/windows-networking.xml:1208(para)
9472
#: serverguide/C/samba.xml:1208(para)
9468
9474
"To mount a Windows file share enter the following in a terminal prompt:"
9471
#: serverguide/C/windows-networking.xml:1212(command)
9477
#: serverguide/C/samba.xml:1212(command)
9472
9478
msgid "mount.cifs //fs01.example.com/share mount_point"
9473
9479
msgstr "mount.cifs //fs01.example.com/share mount_point"
9475
#: serverguide/C/windows-networking.xml:1215(para)
9481
#: serverguide/C/samba.xml:1215(para)
9477
9483
"It is also possible to access shares on computers not part of an AD domain, "
9478
9484
"but a username and password will need to be provided."
9481
#: serverguide/C/windows-networking.xml:1223(para)
9487
#: serverguide/C/samba.xml:1223(para)
9483
9489
"To mount the share during boot place an entry in "
9484
9490
"<filename>/etc/fstab</filename>, for example:"
9487
#: serverguide/C/windows-networking.xml:1227(programlisting)
9493
#: serverguide/C/samba.xml:1227(programlisting)
9495
9501
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
9498
#: serverguide/C/windows-networking.xml:1234(para)
9504
#: serverguide/C/samba.xml:1234(para)
9500
9506
"Another way to copy files from a Windows server is to use the "
9501
9507
"<application>smbclient</application> utility. To list the files in a Windows "
9505
#: serverguide/C/windows-networking.xml:1240(command)
9511
#: serverguide/C/samba.xml:1240(command)
9506
9512
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9507
9513
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
9509
#: serverguide/C/windows-networking.xml:1246(para)
9515
#: serverguide/C/samba.xml:1246(para)
9510
9516
msgid "To copy a file from the share, enter:"
9513
#: serverguide/C/windows-networking.xml:1251(command)
9519
#: serverguide/C/samba.xml:1251(command)
9514
9520
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9515
9521
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9517
#: serverguide/C/windows-networking.xml:1254(para)
9523
#: serverguide/C/samba.xml:1254(para)
9519
9525
"This will copy the <filename>file.txt</filename> into the current directory."
9521
9527
"Гэта будзе капіяваць <filename>file.txt</filename> у бягучую дырэкторыю."
9523
#: serverguide/C/windows-networking.xml:1261(para)
9529
#: serverguide/C/samba.xml:1261(para)
9524
9530
msgid "And to copy a file to the share:"
9527
#: serverguide/C/windows-networking.xml:1266(command)
9533
#: serverguide/C/samba.xml:1266(command)
9528
9534
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9529
9535
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9531
#: serverguide/C/windows-networking.xml:1269(para)
9537
#: serverguide/C/samba.xml:1269(para)
9533
9539
"This will copy the <filename>/etc/hosts</filename> to "
9534
9540
"<filename>//fs01.example.com/share/hosts</filename>."
9537
#: serverguide/C/windows-networking.xml:1276(para)
9543
#: serverguide/C/samba.xml:1276(para)
9539
9545
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9540
9546
"<application>smbclient</application> command all at once. This is useful for "
10508
10514
"<application>Microsoft Active Directory</application> domain."
10511
#: serverguide/C/remote-administration.xml:509(para)
10517
#: serverguide/C/remote-administration.xml:549(para)
10513
10519
"zentyal-squid: configures <application>Squid</application> and "
10514
10520
"<application>Dansguardian</application> for speeding up browsing thanks to "
10515
10521
"the caching capabilities and content filtering."
10518
#: serverguide/C/remote-administration.xml:516(para)
10524
#: serverguide/C/remote-administration.xml:556(para)
10520
10526
"zentyal-samba: allows <application>Samba</application> configuration and "
10521
10527
"integration with existing LDAP. From the same interface you can define "
10522
10528
"password policies, create shared resources and assign permissions."
10525
#: serverguide/C/remote-administration.xml:524(para)
10531
#: serverguide/C/remote-administration.xml:564(para)
10527
10533
"zentyal-printers: integrates <application>CUPS</application> with "
10528
10534
"<application>Samba</application> and allows not only to configure the "
10529
10535
"printers but also give them permissions based on LDAP users and groups."
10532
#: serverguide/C/remote-administration.xml:533(para)
10538
#: serverguide/C/remote-administration.xml:573(para)
10534
10540
"To install <application>Zentyal</application>, in a terminal on the "
10535
10541
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10536
10542
"the modules from the previous list):"
10539
#: serverguide/C/remote-administration.xml:540(command)
10545
#: serverguide/C/remote-administration.xml:580(command)
10540
10546
msgid "sudo apt-get install <zentyal-module>"
10543
#: serverguide/C/remote-administration.xml:544(para)
10549
#: serverguide/C/remote-administration.xml:584(para)
10545
10551
"<application>Zentyal</application> publishes one major stable release once a "
10546
10552
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10560
10566
"Personal Package Archive (PPA)</ulink>."
10563
#: serverguide/C/remote-administration.xml:566(para)
10569
#: serverguide/C/remote-administration.xml:606(para)
10565
10571
"Not present on Ubuntu Universe repositories, but on <ulink "
10566
10572
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10567
10573
"find these other modules:"
10570
#: serverguide/C/remote-administration.xml:573(para)
10576
#: serverguide/C/remote-administration.xml:613(para)
10572
10578
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10573
10579
"with other modules like the proxy, file sharing or mailfilter."
10576
#: serverguide/C/remote-administration.xml:580(para)
10582
#: serverguide/C/remote-administration.xml:620(para)
10578
10584
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10579
10585
"a simple PBX with LDAP based authentication."
10582
#: serverguide/C/remote-administration.xml:586(para)
10588
#: serverguide/C/remote-administration.xml:626(para)
10584
10590
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10587
#: serverguide/C/remote-administration.xml:592(para)
10593
#: serverguide/C/remote-administration.xml:632(para)
10589
10595
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10590
10596
"LDAP users and groups."
10593
#: serverguide/C/remote-administration.xml:598(para)
10599
#: serverguide/C/remote-administration.xml:638(para)
10595
10601
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10596
10602
"popular <application>duplicity</application> backup tool."
10599
#: serverguide/C/remote-administration.xml:604(para)
10605
#: serverguide/C/remote-administration.xml:644(para)
10600
10606
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10603
#: serverguide/C/remote-administration.xml:609(para)
10609
#: serverguide/C/remote-administration.xml:649(para)
10604
10610
msgid "zentyal-ids: integrates a network intrusion detection system."
10607
#: serverguide/C/remote-administration.xml:614(para)
10613
#: serverguide/C/remote-administration.xml:654(para)
10609
10615
"zentyal-ipsec: allows to configure IPsec tunnels using "
10610
10616
"<application>OpenSwan</application>."
10613
#: serverguide/C/remote-administration.xml:620(para)
10619
#: serverguide/C/remote-administration.xml:660(para)
10615
10621
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10616
10622
"with LDAP users and groups."
10619
#: serverguide/C/remote-administration.xml:626(para)
10625
#: serverguide/C/remote-administration.xml:666(para)
10621
10627
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10625
#: serverguide/C/remote-administration.xml:632(para)
10631
#: serverguide/C/remote-administration.xml:672(para)
10627
10633
"zentyal-mail: a full mail stack including <application>Postfix "
10628
10634
"</application> and <application>Dovecot</application> with LDAP backend."
10631
#: serverguide/C/remote-administration.xml:639(para)
10637
#: serverguide/C/remote-administration.xml:679(para)
10633
10639
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10634
10640
"stack to filter spam and attached virus."
10637
#: serverguide/C/remote-administration.xml:645(para)
10643
#: serverguide/C/remote-administration.xml:685(para)
10639
10645
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10640
10646
"server performance and running services."
10643
#: serverguide/C/remote-administration.xml:651(para)
10649
#: serverguide/C/remote-administration.xml:691(para)
10645
10651
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10648
#: serverguide/C/remote-administration.xml:656(para)
10654
#: serverguide/C/remote-administration.xml:696(para)
10650
10656
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10651
10657
"users and groups."
10654
#: serverguide/C/remote-administration.xml:662(para)
10660
#: serverguide/C/remote-administration.xml:702(para)
10656
10662
"zentyal-software: simple interface to manage installed "
10657
10663
"<application>Zentyal</application> modules and system updates."
10660
#: serverguide/C/remote-administration.xml:668(para)
10666
#: serverguide/C/remote-administration.xml:708(para)
10662
10668
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10663
10669
"throttling and improve latency."
10666
#: serverguide/C/remote-administration.xml:674(para)
10672
#: serverguide/C/remote-administration.xml:714(para)
10668
10674
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10669
10675
"web browser."
10672
#: serverguide/C/remote-administration.xml:680(para)
10678
#: serverguide/C/remote-administration.xml:720(para)
10674
10680
"zentyal-virt: simple interface to create and manage virtual machines based "
10675
10681
"on <application>libvirt</application>."
10678
#: serverguide/C/remote-administration.xml:686(para)
10684
#: serverguide/C/remote-administration.xml:726(para)
10680
10686
"zentyal-webmail: allows to access your mail using the popular "
10681
10687
"<application>Roundcube</application> webmail."
10684
#: serverguide/C/remote-administration.xml:692(para)
10690
#: serverguide/C/remote-administration.xml:732(para)
10686
10692
"zentyal-webserver: configures <application>Apache</application> webserver to "
10687
10693
"host different sites on your machine."
10690
#: serverguide/C/remote-administration.xml:698(para)
10696
#: serverguide/C/remote-administration.xml:738(para)
10692
10698
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10693
10699
"with <application>Zentyal</application> mail stack and LDAP."
10696
#: serverguide/C/remote-administration.xml:710(title)
10702
#: serverguide/C/remote-administration.xml:750(title)
10697
10703
msgid "First steps"
10700
#: serverguide/C/remote-administration.xml:712(para)
10706
#: serverguide/C/remote-administration.xml:752(para)
10702
10708
"Any system account belonging to the sudo group is allowed to log into "
10703
10709
"<application>Zentyal</application> web interface. If you are using the user "
10704
10710
"created during the installation, this should be in the sudo group by default."
10707
#: serverguide/C/remote-administration.xml:720(para)
10713
#: serverguide/C/remote-administration.xml:760(para)
10708
10714
msgid "If you need to add another user to the sudo group, just execute:"
10711
#: serverguide/C/remote-administration.xml:725(command)
10717
#: serverguide/C/remote-administration.xml:765(command)
10712
10718
msgid "sudo adduser username sudo"
10715
#: serverguide/C/remote-administration.xml:729(para)
10721
#: serverguide/C/remote-administration.xml:769(para)
10717
10723
"To access <application>Zentyal</application> web interface, browse into "
10718
10724
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11126
#: serverguide/C/package-management.xml:246(para)
11132
#: serverguide/C/package-management.xml:263(para)
11127
11133
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11130
#: serverguide/C/package-management.xml:251(para)
11136
#: serverguide/C/package-management.xml:268(para)
11132
11138
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11133
11139
"configuration remains on system"
11136
#: serverguide/C/package-management.xml:255(para)
11142
#: serverguide/C/package-management.xml:272(para)
11137
11143
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11140
#: serverguide/C/package-management.xml:259(para)
11146
#: serverguide/C/package-management.xml:276(para)
11141
11147
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11144
#: serverguide/C/package-management.xml:263(para)
11150
#: serverguide/C/package-management.xml:280(para)
11145
11151
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11148
#: serverguide/C/package-management.xml:267(para)
11154
#: serverguide/C/package-management.xml:284(para)
11150
11156
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11154
#: serverguide/C/package-management.xml:271(para)
11160
#: serverguide/C/package-management.xml:288(para)
11156
11162
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11157
11163
"and requires fix"
11160
#: serverguide/C/package-management.xml:275(para)
11166
#: serverguide/C/package-management.xml:292(para)
11162
11168
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11163
11169
"requires fix"
11166
#: serverguide/C/package-management.xml:243(para)
11172
#: serverguide/C/package-management.xml:260(para)
11168
11174
"The first column of information displayed in the package list in the top "
11169
11175
"pane, when actually viewing packages lists the current state of the package, "
11804
11810
msgid "sudo etckeeper commit \"added new host\""
11807
#: serverguide/C/other-apps.xml:258(para)
11813
#: serverguide/C/other-apps.xml:298(para)
11809
11815
"For more information on <application>bzr</application> see <xref "
11810
11816
"linkend=\"bazaar\"/>."
11813
#: serverguide/C/other-apps.xml:345(para)
11816
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11817
"more details on using <application>etckeeper</application>."
11820
#: serverguide/C/other-apps.xml:351(para)
11822
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11823
"Ubuntu Wiki</ulink> page."
11826
#: serverguide/C/other-apps.xml:356(para)
11819
#: serverguide/C/other-apps.xml:310(para)
11821
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
11822
"site for more details on using <application>etckeeper</application>."
11825
#: serverguide/C/other-apps.xml:317(para)
11828
11827
"For the latest news and information about <application>bzr</application> see "
11829
11828
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11832
#: serverguide/C/other-apps.xml:264(title)
11831
#: serverguide/C/other-apps.xml:329(title)
11833
11832
msgid "Byobu"
11836
#: serverguide/C/other-apps.xml:337(para)
11835
#: serverguide/C/other-apps.xml:331(para)
11838
11837
"One of the most useful applications for any system administrator is an xterm "
11839
11838
"multiplexor such as <application>screen</application> or "
11845
11844
"changed by the user."
11848
#: serverguide/C/other-apps.xml:344(para)
11847
#: serverguide/C/other-apps.xml:338(para)
11849
11848
msgid "Invoke it simply with:"
11852
#: serverguide/C/other-apps.xml:349(command)
11851
#: serverguide/C/other-apps.xml:343(command)
11853
11852
msgid "byobu"
11856
#: serverguide/C/other-apps.xml:352(para)
11855
#: serverguide/C/other-apps.xml:346(para)
11858
11857
"Now bring up the configuration menu. By default this is done by pressing the "
11859
11858
"<emphasis>F9</emphasis> key. This will allow you to:"
11862
#: serverguide/C/other-apps.xml:279(para)
11861
#: serverguide/C/other-apps.xml:351(para)
11863
11862
msgid "View the Help menu"
11864
11863
msgstr "Прагляд мэню Дапамогі"
11866
#: serverguide/C/other-apps.xml:280(para)
11865
#: serverguide/C/other-apps.xml:352(para)
11867
11866
msgid "Change Byobu's background color"
11870
#: serverguide/C/other-apps.xml:281(para)
11869
#: serverguide/C/other-apps.xml:353(para)
11871
11870
msgid "Change Byobu's foreground color"
11874
#: serverguide/C/other-apps.xml:282(para)
11873
#: serverguide/C/other-apps.xml:354(para)
11875
11874
msgid "Toggle status notifications"
11878
#: serverguide/C/other-apps.xml:283(para)
11877
#: serverguide/C/other-apps.xml:355(para)
11879
11878
msgid "Change the key binding set"
11882
#: serverguide/C/other-apps.xml:284(para)
11881
#: serverguide/C/other-apps.xml:356(para)
11883
11882
msgid "Change the escape sequence"
11886
#: serverguide/C/other-apps.xml:285(para)
11885
#: serverguide/C/other-apps.xml:357(para)
11887
11886
msgid "Create new windows"
11890
#: serverguide/C/other-apps.xml:286(para)
11889
#: serverguide/C/other-apps.xml:358(para)
11891
11890
msgid "Manage the default windows"
11894
#: serverguide/C/other-apps.xml:287(para)
11893
#: serverguide/C/other-apps.xml:359(para)
11895
11894
msgid "Byobu currently does not launch at login (toggle on)"
11898
#: serverguide/C/other-apps.xml:290(para)
11897
#: serverguide/C/other-apps.xml:362(para)
11900
11899
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11901
11900
"sequence, new window, change window, etc. There are two key binding sets to "
11928
11927
"commands. Here is a quick list of movement commands:"
11931
#: serverguide/C/other-apps.xml:314(para)
11930
#: serverguide/C/other-apps.xml:386(para)
11932
11931
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11935
#: serverguide/C/other-apps.xml:315(para)
11934
#: serverguide/C/other-apps.xml:387(para)
11936
11935
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11939
#: serverguide/C/other-apps.xml:316(para)
11938
#: serverguide/C/other-apps.xml:388(para)
11940
11939
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11943
#: serverguide/C/other-apps.xml:317(para)
11942
#: serverguide/C/other-apps.xml:389(para)
11944
11943
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11947
#: serverguide/C/other-apps.xml:318(para)
11946
#: serverguide/C/other-apps.xml:390(para)
11948
11947
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11951
#: serverguide/C/other-apps.xml:319(para)
11950
#: serverguide/C/other-apps.xml:391(para)
11952
11951
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11955
#: serverguide/C/other-apps.xml:320(para)
11954
#: serverguide/C/other-apps.xml:392(para)
11957
11956
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11958
11957
"the buffer)"
11961
#: serverguide/C/other-apps.xml:321(para)
11960
#: serverguide/C/other-apps.xml:393(para)
11962
11961
msgid "<emphasis>/</emphasis> - Search forward"
11965
#: serverguide/C/other-apps.xml:322(para)
11964
#: serverguide/C/other-apps.xml:394(para)
11966
11965
msgid "<emphasis>?</emphasis> - Search backward"
11969
#: serverguide/C/other-apps.xml:401(para)
11968
#: serverguide/C/other-apps.xml:395(para)
11971
11970
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11974
#: serverguide/C/other-apps.xml:361(para)
11973
#: serverguide/C/other-apps.xml:403(para)
11976
11975
"For more information on <application>screen</application> see the <ulink "
11977
11976
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11980
#: serverguide/C/other-apps.xml:366(para)
11979
#: serverguide/C/other-apps.xml:408(para)
11982
11981
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11983
11982
"screen</ulink> page."
11986
#: serverguide/C/other-apps.xml:371(para)
11985
#: serverguide/C/other-apps.xml:413(para)
11988
11987
"Also, see the <application>byobu</application><ulink "
11989
11988
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12342
12341
"auto eth0\n"
12343
12342
"iface eth0 inet dhcp\n"
12345
#: serverguide/C/network-config.xml:257(para)
12344
#: serverguide/C/network-config.xml:261(para)
12347
12346
"By adding an interface configuration as shown above, you can manually enable "
12348
12347
"the interface through the <application>ifup</application> command which "
12349
12348
"initiates the DHCP process via <application>dhclient</application>."
12352
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12351
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12353
12352
msgid "sudo ifup eth0"
12356
#: serverguide/C/network-config.xml:265(para)
12355
#: serverguide/C/network-config.xml:269(para)
12358
12357
"To manually disable the interface, you can use the "
12359
12358
"<application>ifdown</application> command, which in turn will initiate the "
12360
12359
"DHCP release process and shut down the interface."
12363
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12362
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12364
12363
msgid "sudo ifdown eth0"
12367
#: serverguide/C/network-config.xml:276(title)
12366
#: serverguide/C/network-config.xml:280(title)
12368
12367
msgid "Static IP Address Assignment"
12371
#: serverguide/C/network-config.xml:277(para)
12370
#: serverguide/C/network-config.xml:281(para)
12373
12372
"To configure your system to use a static IP address assignment, add the "
12374
12373
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12540
12539
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12543
#: serverguide/C/network-config.xml:402(para)
12542
#: serverguide/C/network-config.xml:406(para)
12545
12544
"If you try to ping a host with the name of <emphasis "
12546
12545
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12547
12546
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12550
#: serverguide/C/network-config.xml:409(para)
12549
#: serverguide/C/network-config.xml:413(para)
12551
12550
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12554
#: serverguide/C/network-config.xml:414(para)
12553
#: serverguide/C/network-config.xml:418(para)
12555
12554
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12558
#: serverguide/C/network-config.xml:419(para)
12557
#: serverguide/C/network-config.xml:423(para)
12559
12558
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12562
#: serverguide/C/network-config.xml:424(para)
12561
#: serverguide/C/network-config.xml:428(para)
12564
12563
"If no matches are found, the DNS server will provide a result of <emphasis "
12565
12564
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12568
#: serverguide/C/network-config.xml:431(title)
12567
#: serverguide/C/network-config.xml:435(title)
12569
12568
msgid "Static Hostnames"
12572
#: serverguide/C/network-config.xml:432(para)
12571
#: serverguide/C/network-config.xml:436(para)
12574
12573
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12575
12574
"file <filename>/etc/hosts</filename>. Entries in the "
13093
13092
"DHCP server, and the configuration is transparent to the computer's user."
13096
#: serverguide/C/network-config.xml:880(para)
13095
#: serverguide/C/network-config.xml:876(para)
13098
13097
"The most common settings provided by a DHCP server to DHCP clients include:"
13101
#: serverguide/C/network-config.xml:885(para)
13100
#: serverguide/C/network-config.xml:881(para)
13102
13101
msgid "IP address and netmask"
13105
#: serverguide/C/network-config.xml:888(para)
13104
#: serverguide/C/network-config.xml:884(para)
13106
13105
msgid "IP address of the default-gateway to use"
13109
#: serverguide/C/network-config.xml:891(para)
13108
#: serverguide/C/network-config.xml:887(para)
13110
13109
msgid "IP adresses of the DNS servers to use"
13113
#: serverguide/C/network-config.xml:894(para)
13112
#: serverguide/C/network-config.xml:890(para)
13115
13114
"However, a DHCP server can also supply configuration properties such as:"
13118
#: serverguide/C/network-config.xml:899(para)
13117
#: serverguide/C/network-config.xml:895(para)
13119
13118
msgid "Host Name"
13120
13119
msgstr "Імя вузла"
13122
#: serverguide/C/network-config.xml:902(para)
13121
#: serverguide/C/network-config.xml:898(para)
13123
13122
msgid "Domain Name"
13124
13123
msgstr "Імя дамена"
13126
#: serverguide/C/network-config.xml:905(para)
13125
#: serverguide/C/network-config.xml:901(para)
13127
13126
msgid "Time Server"
13130
#: serverguide/C/network-config.xml:911(para)
13129
#: serverguide/C/network-config.xml:907(para)
13132
13131
"The advantage of using DHCP is that changes to the network, for example a "
13133
13132
"change in the address of the DNS server, need only be changed at the DHCP "
13200
13199
"and configure and will be automatically started at system boot."
13203
#: serverguide/C/network-config.xml:976(para)
13202
#: serverguide/C/network-config.xml:974(para)
13205
13204
"At a terminal prompt, enter the following command to install "
13206
13205
"<application>dhcpd</application>:"
13209
#: serverguide/C/network-config.xml:981(command)
13208
#: serverguide/C/network-config.xml:979(command)
13210
13209
msgid "sudo apt-get install isc-dhcp-server"
13213
#: serverguide/C/network-config.xml:983(para)
13212
#: serverguide/C/network-config.xml:981(para)
13215
13214
"You will probably need to change the default configuration by editing "
13216
13215
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13219
#: serverguide/C/network-config.xml:987(para)
13218
#: serverguide/C/network-config.xml:985(para)
13221
13220
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13222
13221
"interfaces dhcpd should listen to."
13225
#: serverguide/C/network-config.xml:991(para)
13224
#: serverguide/C/network-config.xml:989(para)
13227
13226
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13231
#: serverguide/C/network-config.xml:998(para)
13230
#: serverguide/C/network-config.xml:996(para)
13233
13232
"The error message the installation ends with might be a little confusing, "
13234
13233
"but the following steps will help you configure the service:"
13237
#: serverguide/C/network-config.xml:1002(para)
13236
#: serverguide/C/network-config.xml:1000(para)
13239
13238
"Most commonly, what you want to do is assign an IP address randomly. This "
13240
13239
"can be done with settings as follows:"
13243
#: serverguide/C/network-config.xml:1006(programlisting)
13242
#: serverguide/C/network-config.xml:1004(programlisting)
13445
13444
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13446
13445
"querying and modifying a X.500-based directory service running over TCP/IP. "
13447
13446
"The current LDAP version is LDAPv3, as defined in <ulink "
13448
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13449
"implementation used in Ubuntu is from OpenLDAP."
13447
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13448
"implementation in Ubuntu is OpenLDAP.\""
13452
#: serverguide/C/network-auth.xml:27(para)
13451
#: serverguide/C/network-auth.xml:29(para)
13454
13453
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13458
#: serverguide/C/network-auth.xml:34(para)
13457
#: serverguide/C/network-auth.xml:36(para)
13460
13459
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13461
13460
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13464
#: serverguide/C/network-auth.xml:41(para)
13463
#: serverguide/C/network-auth.xml:43(para)
13465
13464
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13468
#: serverguide/C/network-auth.xml:47(para)
13467
#: serverguide/C/network-auth.xml:49(para)
13470
13469
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13471
13470
"more <emphasis>values</emphasis>."
13474
#: serverguide/C/network-auth.xml:53(para)
13473
#: serverguide/C/network-auth.xml:55(para)
13476
13475
"Every attribute must be defined in at least one "
13477
13476
"<emphasis>objectClass</emphasis>."
13480
#: serverguide/C/network-auth.xml:59(para)
13479
#: serverguide/C/network-auth.xml:61(para)
13482
13481
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13483
13482
"objectclass is actually considered as a special kind of attribute)."
13486
#: serverguide/C/network-auth.xml:66(para)
13485
#: serverguide/C/network-auth.xml:68(para)
13488
13487
"Each entry has a unique identifier: its <emphasis>Distinguished "
13489
13488
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13490
13489
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13493
#: serverguide/C/network-auth.xml:73(para)
13492
#: serverguide/C/network-auth.xml:75(para)
13495
13494
"The entry's DN is not an attribute. It is not considered part of the entry "
13499
#: serverguide/C/network-auth.xml:81(para)
13498
#: serverguide/C/network-auth.xml:83(para)
13501
13500
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13502
13501
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13723
13722
"dn: olcDatabase={1}hdb,cn=config\n"
13726
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13725
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13727
13726
msgid "Explanation of entries:"
13730
#: serverguide/C/network-auth.xml:288(para)
13729
#: serverguide/C/network-auth.xml:295(para)
13731
13730
msgid "<emphasis>cn=config</emphasis>: global settings"
13734
#: serverguide/C/network-auth.xml:294(para)
13733
#: serverguide/C/network-auth.xml:301(para)
13736
13735
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13739
#: serverguide/C/network-auth.xml:300(para)
13738
#: serverguide/C/network-auth.xml:307(para)
13741
13740
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13745
#: serverguide/C/network-auth.xml:306(para)
13744
#: serverguide/C/network-auth.xml:313(para)
13747
13746
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13751
#: serverguide/C/network-auth.xml:312(para)
13750
#: serverguide/C/network-auth.xml:319(para)
13753
13752
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13756
#: serverguide/C/network-auth.xml:318(para)
13755
#: serverguide/C/network-auth.xml:325(para)
13757
13756
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13760
#: serverguide/C/network-auth.xml:324(para)
13759
#: serverguide/C/network-auth.xml:331(para)
13762
13761
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13763
13762
"inetorgperson schema"
13766
#: serverguide/C/network-auth.xml:330(para)
13765
#: serverguide/C/network-auth.xml:337(para)
13768
13767
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13772
#: serverguide/C/network-auth.xml:336(para)
13771
#: serverguide/C/network-auth.xml:343(para)
13774
13773
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13775
13774
"default settings for other databases"
13778
#: serverguide/C/network-auth.xml:342(para)
13777
#: serverguide/C/network-auth.xml:349(para)
13780
13779
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13781
13780
"database (cn=config)"
13784
#: serverguide/C/network-auth.xml:348(para)
13783
#: serverguide/C/network-auth.xml:355(para)
13786
13785
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13787
13786
"(dc=examle,dc=com)"
13790
#: serverguide/C/network-auth.xml:359(para)
13789
#: serverguide/C/network-auth.xml:366(para)
13791
13790
msgid "This is what the dc=example,dc=com DIT looks like:"
13794
#: serverguide/C/network-auth.xml:364(command)
13793
#: serverguide/C/network-auth.xml:371(command)
13795
13794
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13798
#: serverguide/C/network-auth.xml:365(computeroutput)
13797
#: serverguide/C/network-auth.xml:372(computeroutput)
13804
13803
"dn: cn=admin,dc=example,dc=com\n"
13807
#: serverguide/C/network-auth.xml:379(para)
13806
#: serverguide/C/network-auth.xml:386(para)
13808
13807
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13811
#: serverguide/C/network-auth.xml:385(para)
13810
#: serverguide/C/network-auth.xml:392(para)
13813
13812
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13814
13813
"this DIT (set up during package install)"
13817
#: serverguide/C/network-auth.xml:399(title)
13816
#: serverguide/C/network-auth.xml:406(title)
13818
13817
msgid "Modifying/Populating your Database"
13821
#: serverguide/C/network-auth.xml:401(para)
13820
#: serverguide/C/network-auth.xml:408(para)
13823
13822
"Let's introduce some content to our database. We will add the following:"
13826
#: serverguide/C/network-auth.xml:408(para)
13825
#: serverguide/C/network-auth.xml:415(para)
13827
13826
msgid "a node called <emphasis>People</emphasis> (to store users)"
13830
#: serverguide/C/network-auth.xml:414(para)
13829
#: serverguide/C/network-auth.xml:421(para)
13831
13830
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13834
#: serverguide/C/network-auth.xml:420(para)
13833
#: serverguide/C/network-auth.xml:427(para)
13835
13834
msgid "a group called <emphasis>miners</emphasis>"
13838
#: serverguide/C/network-auth.xml:426(para)
13837
#: serverguide/C/network-auth.xml:433(para)
13839
13838
msgid "a user called <emphasis>john</emphasis>"
13842
#: serverguide/C/network-auth.xml:433(para)
13841
#: serverguide/C/network-auth.xml:440(para)
13844
13843
"Create the following LDIF file and call it "
13845
13844
"<filename>add_content.ldif</filename>:"
13848
#: serverguide/C/network-auth.xml:437(programlisting)
13847
#: serverguide/C/network-auth.xml:444(programlisting)
13932
13931
"gidNumber: 5000\n"
13935
#: serverguide/C/network-auth.xml:508(para)
13934
#: serverguide/C/network-auth.xml:515(para)
13936
13935
msgid "Explanation of switches:"
13939
#: serverguide/C/network-auth.xml:515(para)
13938
#: serverguide/C/network-auth.xml:522(para)
13941
13940
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
13945
#: serverguide/C/network-auth.xml:521(para)
13944
#: serverguide/C/network-auth.xml:528(para)
13946
13945
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
13949
#: serverguide/C/network-auth.xml:527(para)
13948
#: serverguide/C/network-auth.xml:534(para)
13950
13949
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
13953
#: serverguide/C/network-auth.xml:533(para)
13952
#: serverguide/C/network-auth.xml:540(para)
13955
13954
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
13956
13955
"displayed (the default is to show all attributes)"
13959
#: serverguide/C/network-auth.xml:543(title)
13958
#: serverguide/C/network-auth.xml:550(title)
13960
13959
msgid "Modifying the slapd Configuration Database"
13963
#: serverguide/C/network-auth.xml:545(para)
13962
#: serverguide/C/network-auth.xml:552(para)
13965
13964
"The slapd-config DIT can also be queried and modified. Here are a few "
13969
#: serverguide/C/network-auth.xml:552(para)
13968
#: serverguide/C/network-auth.xml:559(para)
13971
13970
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
13972
13971
"attribute) to your <application>{1}hdb,cn=config</application> database "
14090
14089
"include /etc/ldap/schema/pmi.schema\n"
14093
#: serverguide/C/network-auth.xml:662(para)
14092
#: serverguide/C/network-auth.xml:669(para)
14094
14093
msgid "Create the output directory <filename>ldif_output</filename>."
14097
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14096
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14098
14097
msgid "Determine the index of the schema:"
14101
#: serverguide/C/network-auth.xml:673(command)
14100
#: serverguide/C/network-auth.xml:680(command)
14103
14102
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14106
#: serverguide/C/network-auth.xml:674(computeroutput)
14105
#: serverguide/C/network-auth.xml:681(computeroutput)
14110
14109
"cn={1}corba,cn=schema,cn=config\n"
14113
#: serverguide/C/network-auth.xml:685(para)
14112
#: serverguide/C/network-auth.xml:687(para)
14115
14114
"When slapd ingests objects with the same parent DN it will create an "
14116
14115
"<emphasis>index</emphasis> for that object. An index is contained within "
14117
14116
"braces: <application>{X}</application>."
14120
#: serverguide/C/network-auth.xml:689(para)
14119
#: serverguide/C/network-auth.xml:696(para)
14121
14120
msgid "Use <application>slapcat</application> to perform the conversion:"
14124
#: serverguide/C/network-auth.xml:694(command)
14123
#: serverguide/C/network-auth.xml:701(command)
14126
14125
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14127
14126
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14130
#: serverguide/C/network-auth.xml:698(para)
14129
#: serverguide/C/network-auth.xml:705(para)
14131
14130
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14134
#: serverguide/C/network-auth.xml:704(para)
14133
#: serverguide/C/network-auth.xml:711(para)
14136
14135
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14137
14136
"attributes:"
14140
#: serverguide/C/network-auth.xml:708(programlisting)
14139
#: serverguide/C/network-auth.xml:715(programlisting)
14420
14419
"/var/lib/ldap/** rwk,\n"
14423
#: serverguide/C/network-auth.xml:957(para)
14422
#: serverguide/C/network-auth.xml:964(para)
14425
14424
"Create a directory, set up a databse config file, and reload the apparmor "
14429
#: serverguide/C/network-auth.xml:962(command)
14428
#: serverguide/C/network-auth.xml:969(command)
14430
14429
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14433
#: serverguide/C/network-auth.xml:963(command)
14432
#: serverguide/C/network-auth.xml:970(command)
14434
14433
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14437
#: serverguide/C/network-auth.xml:970(para)
14436
#: serverguide/C/network-auth.xml:977(para)
14439
14438
"Add the new content and, due to the apparmor change, restart the daemon:"
14442
#: serverguide/C/network-auth.xml:975(command)
14441
#: serverguide/C/network-auth.xml:982(command)
14443
14442
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14446
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14445
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14447
14446
msgid "sudo service slapd restart"
14450
#: serverguide/C/network-auth.xml:983(para)
14449
#: serverguide/C/network-auth.xml:990(para)
14451
14450
msgid "The Provider is now configured."
14454
#: serverguide/C/network-auth.xml:990(title)
14453
#: serverguide/C/network-auth.xml:997(title)
14455
14454
msgid "Consumer Configuration"
14458
#: serverguide/C/network-auth.xml:992(para)
14457
#: serverguide/C/network-auth.xml:999(para)
14459
14458
msgid "And now configure the <emphasis>Consumer</emphasis>."
14462
#: serverguide/C/network-auth.xml:999(para)
14461
#: serverguide/C/network-auth.xml:1006(para)
14464
14463
"Install the software by going through <xref linkend=\"openldap-server-"
14465
14464
"installation\"/>. Make sure the slapd-config databse is identical to the "
14500
14499
"olcUpdateRef: ldap://ldap01.example.com\n"
14503
#: serverguide/C/network-auth.xml:1031(para)
14502
#: serverguide/C/network-auth.xml:1038(para)
14504
14503
msgid "Ensure the following attributes have the correct values:"
14507
#: serverguide/C/network-auth.xml:1036(para)
14506
#: serverguide/C/network-auth.xml:1043(para)
14509
14508
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14510
14509
"ldap01.example.com in this example -- or IP address)"
14513
#: serverguide/C/network-auth.xml:1037(para)
14512
#: serverguide/C/network-auth.xml:1044(para)
14514
14513
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14517
#: serverguide/C/network-auth.xml:1038(para)
14516
#: serverguide/C/network-auth.xml:1045(para)
14518
14517
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14521
#: serverguide/C/network-auth.xml:1039(para)
14520
#: serverguide/C/network-auth.xml:1046(para)
14522
14521
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14525
#: serverguide/C/network-auth.xml:1040(para)
14524
#: serverguide/C/network-auth.xml:1047(para)
14527
14526
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14530
#: serverguide/C/network-auth.xml:1041(para)
14529
#: serverguide/C/network-auth.xml:1048(para)
14532
14531
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14533
14532
"replica. Each consumer should have at least one rid)"
14536
#: serverguide/C/network-auth.xml:1050(para)
14535
#: serverguide/C/network-auth.xml:1057(para)
14537
14536
msgid "Add the new content:"
14540
#: serverguide/C/network-auth.xml:1055(command)
14539
#: serverguide/C/network-auth.xml:1062(command)
14541
14540
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14544
#: serverguide/C/network-auth.xml:1062(para)
14543
#: serverguide/C/network-auth.xml:1069(para)
14546
14545
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14547
14546
"synchronizing."
14550
#: serverguide/C/network-auth.xml:1071(para)
14549
#: serverguide/C/network-auth.xml:1078(para)
14551
14550
msgid "Once replication starts, you can monitor it by running"
14554
#: serverguide/C/network-auth.xml:1081(command)
14553
#: serverguide/C/network-auth.xml:1083(command)
14556
14555
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14560
#: serverguide/C/network-auth.xml:1077(computeroutput)
14559
#: serverguide/C/network-auth.xml:1084(computeroutput)
14900
14899
"cert_signing_key\n"
14903
#: serverguide/C/network-auth.xml:1370(para)
14902
#: serverguide/C/network-auth.xml:1377(para)
14904
14903
msgid "Create the self-signed CA certificate:"
14907
#: serverguide/C/network-auth.xml:1375(command)
14906
#: serverguide/C/network-auth.xml:1382(command)
14909
14908
"sudo certtool --generate-self-signed \\ --load-privkey "
14910
14909
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14911
14910
"/etc/ssl/certs/cacert.pem"
14914
#: serverguide/C/network-auth.xml:1384(para)
14913
#: serverguide/C/network-auth.xml:1391(para)
14915
14914
msgid "Make a private key for the server:"
14918
#: serverguide/C/network-auth.xml:1389(command)
14917
#: serverguide/C/network-auth.xml:1396(command)
14920
14919
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14921
14920
"/etc/ssl/private/ldap01_slapd_key.pem"
14924
#: serverguide/C/network-auth.xml:1395(para)
14923
#: serverguide/C/network-auth.xml:1402(para)
14926
14925
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14927
14926
"hostname. Naming the certificate and key for the host and service that will "
14928
14927
"be using them will help keep things clear."
14931
#: serverguide/C/network-auth.xml:1404(para)
14930
#: serverguide/C/network-auth.xml:1411(para)
14933
14932
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14936
#: serverguide/C/network-auth.xml:1408(programlisting)
14935
#: serverguide/C/network-auth.xml:1415(programlisting)
15017
15016
"over TCP port 636."
15020
#: serverguide/C/network-auth.xml:1482(para)
15019
#: serverguide/C/network-auth.xml:1489(para)
15021
15020
msgid "Tighten up ownership and permissions:"
15024
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15023
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15025
15024
msgid "sudo adduser openldap ssl-cert"
15026
15025
msgstr "sudo adduser openldap ssl-cert"
15028
#: serverguide/C/network-auth.xml:1488(command)
15027
#: serverguide/C/network-auth.xml:1495(command)
15029
15028
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15032
#: serverguide/C/network-auth.xml:1489(command)
15031
#: serverguide/C/network-auth.xml:1496(command)
15033
15032
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15036
#: serverguide/C/network-auth.xml:1490(command)
15035
#: serverguide/C/network-auth.xml:1497(command)
15037
15036
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15040
#: serverguide/C/network-auth.xml:1493(para)
15039
#: serverguide/C/network-auth.xml:1500(para)
15041
15040
msgid "Restart OpenLDAP:"
15044
#: serverguide/C/network-auth.xml:1501(para)
15043
#: serverguide/C/network-auth.xml:1508(para)
15046
15045
"Check your host's logs (/var/log/syslog) to see if the server has started "
15050
#: serverguide/C/network-auth.xml:1508(title)
15049
#: serverguide/C/network-auth.xml:1515(title)
15051
15050
msgid "Replication and TLS"
15054
#: serverguide/C/network-auth.xml:1510(para)
15053
#: serverguide/C/network-auth.xml:1517(para)
15056
15055
"If you have set up replication between servers, it is common practice to "
15057
15056
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15133
15132
"ldap02_slapd_cert.pem"
15136
#: serverguide/C/network-auth.xml:1574(para)
15135
#: serverguide/C/network-auth.xml:1581(para)
15137
15136
msgid "Get a copy of the CA certificate:"
15140
#: serverguide/C/network-auth.xml:1579(command)
15139
#: serverguide/C/network-auth.xml:1586(command)
15141
15140
msgid "cp /etc/ssl/certs/cacert.pem ."
15144
#: serverguide/C/network-auth.xml:1582(para)
15143
#: serverguide/C/network-auth.xml:1589(para)
15146
15145
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15147
15146
"the Consumer. Here we use scp (adjust accordingly):"
15150
#: serverguide/C/network-auth.xml:1587(command)
15149
#: serverguide/C/network-auth.xml:1594(command)
15151
15150
msgid "cd .."
15154
#: serverguide/C/network-auth.xml:1588(command)
15153
#: serverguide/C/network-auth.xml:1595(command)
15155
15154
msgid "scp -r ldap02-ssl user@consumer:"
15158
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15157
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15159
15158
msgid "On the Consumer,"
15162
#: serverguide/C/network-auth.xml:1598(para)
15161
#: serverguide/C/network-auth.xml:1605(para)
15163
15162
msgid "Configure TLS authentication:"
15166
#: serverguide/C/network-auth.xml:1603(command)
15165
#: serverguide/C/network-auth.xml:1610(command)
15167
15166
msgid "sudo apt-get install ssl-cert"
15170
#: serverguide/C/network-auth.xml:1605(command)
15169
#: serverguide/C/network-auth.xml:1612(command)
15171
15170
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15174
#: serverguide/C/network-auth.xml:1606(command)
15173
#: serverguide/C/network-auth.xml:1613(command)
15175
15174
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15178
#: serverguide/C/network-auth.xml:1607(command)
15177
#: serverguide/C/network-auth.xml:1614(command)
15179
15178
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15182
#: serverguide/C/network-auth.xml:1608(command)
15181
#: serverguide/C/network-auth.xml:1615(command)
15183
15182
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15186
#: serverguide/C/network-auth.xml:1609(command)
15185
#: serverguide/C/network-auth.xml:1616(command)
15187
15186
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15190
#: serverguide/C/network-auth.xml:1612(para)
15189
#: serverguide/C/network-auth.xml:1619(para)
15192
15191
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15193
15192
"following contents (adjust accordingly):"
15196
#: serverguide/C/network-auth.xml:1616(programlisting)
15195
#: serverguide/C/network-auth.xml:1623(programlisting)
15308
15307
"assist you in the configuration step. Install this package now:"
15311
#: serverguide/C/network-auth.xml:1725(command)
15310
#: serverguide/C/network-auth.xml:1732(command)
15312
15311
msgid "sudo apt-get install libnss-ldap"
15313
15312
msgstr "sudo apt-get install libnss-ldap"
15315
#: serverguide/C/network-auth.xml:1728(para)
15314
#: serverguide/C/network-auth.xml:1735(para)
15317
15316
"You will be prompted for details of your LDAP server. If you make a mistake "
15318
15317
"you can try again using:"
15321
#: serverguide/C/network-auth.xml:1733(command)
15320
#: serverguide/C/network-auth.xml:1740(command)
15322
15321
msgid "sudo dpkg-reconfigure ldap-auth-config"
15323
15322
msgstr "sudo dpkg-reconfigure ldap-auth-config"
15325
#: serverguide/C/network-auth.xml:1736(para)
15324
#: serverguide/C/network-auth.xml:1743(para)
15327
15326
"The results of the dialog can be seen in "
15328
15327
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15329
15328
"covered in the menu edit this file accordingly."
15332
#: serverguide/C/network-auth.xml:1741(para)
15331
#: serverguide/C/network-auth.xml:1748(para)
15333
15332
msgid "Now configure the LDAP profile for NSS:"
15336
#: serverguide/C/network-auth.xml:1746(command)
15335
#: serverguide/C/network-auth.xml:1753(command)
15337
15336
msgid "sudo auth-client-config -t nss -p lac_ldap"
15338
15337
msgstr "sudo auth-client-config -t nss -p lac_ldap"
15340
#: serverguide/C/network-auth.xml:1749(para)
15339
#: serverguide/C/network-auth.xml:1756(para)
15341
15340
msgid "Configure the system to use LDAP for authentication:"
15344
#: serverguide/C/network-auth.xml:1754(command)
15343
#: serverguide/C/network-auth.xml:1761(command)
15345
15344
msgid "sudo pam-auth-update"
15348
#: serverguide/C/network-auth.xml:1757(para)
15347
#: serverguide/C/network-auth.xml:1764(para)
15350
15349
"From the menu, choose LDAP and any other authentication mechanisms you need."
15353
#: serverguide/C/network-auth.xml:1761(para)
15352
#: serverguide/C/network-auth.xml:1768(para)
15354
15353
msgid "You should now be able to log in using LDAP-based credentials."
15357
#: serverguide/C/network-auth.xml:1765(para)
15356
#: serverguide/C/network-auth.xml:1772(para)
15359
15358
"LDAP clients will need to refer to multiple servers if replication is in "
15360
15359
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15363
#: serverguide/C/network-auth.xml:1770(programlisting)
15362
#: serverguide/C/network-auth.xml:1777(programlisting)
15367
15366
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15370
#: serverguide/C/network-auth.xml:1774(para)
15369
#: serverguide/C/network-auth.xml:1781(para)
15372
15371
"The request will time out and the Consumer (ldap02) will attempt to be "
15373
15372
"reached if the Provider (ldap01) becomes unresponsive."
15376
#: serverguide/C/network-auth.xml:1778(para)
15375
#: serverguide/C/network-auth.xml:1785(para)
15378
15377
"If you are going to use LDAP to store Samba users you will need to configure "
15379
15378
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15380
15379
"ldap\"/> for details."
15383
#: serverguide/C/network-auth.xml:1784(para)
15382
#: serverguide/C/network-auth.xml:1791(para)
15385
15384
"An alternative to the <application>libnss-ldap</application> package is the "
15386
15385
"<application>libnss-ldapd</application> package. This, however, will bring "
15442
15441
"UIDSTART=10000\n"
15443
15442
"MIDSTART=10000\n"
15445
#: serverguide/C/network-auth.xml:1827(para)
15444
#: serverguide/C/network-auth.xml:1834(para)
15447
15446
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15448
15447
"access to the directory:"
15451
#: serverguide/C/network-auth.xml:1832(command)
15450
#: serverguide/C/network-auth.xml:1839(command)
15453
15452
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15455
15454
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15457
#: serverguide/C/network-auth.xml:1833(command)
15456
#: serverguide/C/network-auth.xml:1840(command)
15458
15457
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15459
15458
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15461
#: serverguide/C/network-auth.xml:1837(para)
15460
#: serverguide/C/network-auth.xml:1844(para)
15463
15462
"Replace <quote>secret</quote> with the actual password for your database's "
15464
15463
"rootDN user."
15467
#: serverguide/C/network-auth.xml:1842(para)
15466
#: serverguide/C/network-auth.xml:1849(para)
15469
15468
"The scripts are now ready to help manage your directory. Here are some "
15470
15469
"examples of how to use them:"
15473
#: serverguide/C/network-auth.xml:1849(para)
15472
#: serverguide/C/network-auth.xml:1856(para)
15474
15473
msgid "Create a new user:"
15475
15474
msgstr "Стварыць новага карыстальніка:"
15477
#: serverguide/C/network-auth.xml:1854(command)
15476
#: serverguide/C/network-auth.xml:1861(command)
15478
15477
msgid "sudo ldapadduser george example"
15479
15478
msgstr "sudo ldapadduser george example"
15481
#: serverguide/C/network-auth.xml:1857(para)
15480
#: serverguide/C/network-auth.xml:1864(para)
15483
15482
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15484
15483
"and set the user's primary group (gid) to <emphasis "
15485
15484
"role=\"italic\">example</emphasis>"
15488
#: serverguide/C/network-auth.xml:1864(para)
15487
#: serverguide/C/network-auth.xml:1871(para)
15489
15488
msgid "Change a user's password:"
15490
15489
msgstr "Зьмяніць пароль карыстальніка:"
15492
#: serverguide/C/network-auth.xml:1869(command)
15491
#: serverguide/C/network-auth.xml:1876(command)
15493
15492
msgid "sudo ldapsetpasswd george"
15494
15493
msgstr "sudo ldapsetpasswd george"
15496
#: serverguide/C/network-auth.xml:1870(computeroutput)
15495
#: serverguide/C/network-auth.xml:1877(computeroutput)
15498
15497
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15501
#: serverguide/C/network-auth.xml:1871(userinput)
15500
#: serverguide/C/network-auth.xml:1878(userinput)
15503
15502
msgid "New Password: "
15504
15503
msgstr "Новы пароль: "
15506
#: serverguide/C/network-auth.xml:1872(userinput)
15505
#: serverguide/C/network-auth.xml:1879(userinput)
15508
15507
msgid "New Password (verify): "
15511
#: serverguide/C/network-auth.xml:1878(para)
15510
#: serverguide/C/network-auth.xml:1885(para)
15512
15511
msgid "Delete a user:"
15513
15512
msgstr "Выдаліць карыстальніка:"
15515
#: serverguide/C/network-auth.xml:1883(command)
15514
#: serverguide/C/network-auth.xml:1890(command)
15516
15515
msgid "sudo ldapdeleteuser george"
15517
15516
msgstr "sudo ldapdeleteuser george"
15519
#: serverguide/C/network-auth.xml:1889(para)
15518
#: serverguide/C/network-auth.xml:1896(para)
15520
15519
msgid "Add a group:"
15521
15520
msgstr "Дадаць групу:"
15523
#: serverguide/C/network-auth.xml:1894(command)
15522
#: serverguide/C/network-auth.xml:1901(command)
15524
15523
msgid "sudo ldapaddgroup qa"
15525
15524
msgstr "sudo ldapaddgroup qa"
15527
#: serverguide/C/network-auth.xml:1900(para)
15526
#: serverguide/C/network-auth.xml:1907(para)
15528
15527
msgid "Delete a group:"
15529
15528
msgstr "Выдаліць групу:"
15531
#: serverguide/C/network-auth.xml:1905(command)
15530
#: serverguide/C/network-auth.xml:1912(command)
15532
15531
msgid "sudo ldapdeletegroup qa"
15533
15532
msgstr "sudo ldapdeletegroup qa"
15535
#: serverguide/C/network-auth.xml:1911(para)
15534
#: serverguide/C/network-auth.xml:1918(para)
15536
15535
msgid "Add a user to a group:"
15537
15536
msgstr "Дадаць карыстальніка ў групу:"
15539
#: serverguide/C/network-auth.xml:1916(command)
15538
#: serverguide/C/network-auth.xml:1923(command)
15540
15539
msgid "sudo ldapaddusertogroup george qa"
15541
15540
msgstr "sudo ldapaddusertogroup george qa"
15543
#: serverguide/C/network-auth.xml:1919(para)
15542
#: serverguide/C/network-auth.xml:1926(para)
15545
15544
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15546
15545
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15547
15546
"role=\"italic\">george</emphasis>."
15550
#: serverguide/C/network-auth.xml:1926(para)
15549
#: serverguide/C/network-auth.xml:1933(para)
15551
15550
msgid "Remove a user from a group:"
15552
15551
msgstr "Выдаліць карыстальніка з групы:"
15554
#: serverguide/C/network-auth.xml:1931(command)
15553
#: serverguide/C/network-auth.xml:1938(command)
15555
15554
msgid "sudo ldapdeleteuserfromgroup george qa"
15556
15555
msgstr "sudo ldapdeleteuserfromgroup george qa"
15558
#: serverguide/C/network-auth.xml:1934(para)
15557
#: serverguide/C/network-auth.xml:1941(para)
15560
15559
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15561
15560
"<emphasis role=\"italic\">qa</emphasis> group."
15564
#: serverguide/C/network-auth.xml:1941(para)
15563
#: serverguide/C/network-auth.xml:1948(para)
15566
15565
"The <application>ldapmodifyuser</application> script allows you to add, "
15567
15566
"remove, or replace a user's attributes. The script uses the same syntax as "
15568
15567
"the <application>ldapmodify</application> utility. For example:"
15571
#: serverguide/C/network-auth.xml:1947(command)
15570
#: serverguide/C/network-auth.xml:1954(command)
15572
15571
msgid "sudo ldapmodifyuser george"
15573
15572
msgstr "sudo ldapmodifyuser george"
15575
#: serverguide/C/network-auth.xml:1948(computeroutput)
15574
#: serverguide/C/network-auth.xml:1955(computeroutput)
15578
15577
"# About to modify the following entry :\n"
15677
15676
"description: User account\n"
15678
15677
"title: Employee\n"
15680
#: serverguide/C/network-auth.xml:2016(para)
15679
#: serverguide/C/network-auth.xml:2023(para)
15682
15681
"Notice the <emphasis><ask></emphasis> option used for the "
15683
15682
"<emphasis>sn</emphasis> attribute. This will make "
15684
15683
"<application>ldapadduser</application> prompt you for its value."
15687
#: serverguide/C/network-auth.xml:2024(para)
15686
#: serverguide/C/network-auth.xml:2031(para)
15689
15688
"There are utilities in the package that were not covered here. Here is a "
15690
15689
"complete list:"
15693
#: serverguide/C/network-auth.xml:2029(ulink)
15692
#: serverguide/C/network-auth.xml:2036(ulink)
15694
15693
msgid "ldaprenamemachine"
15697
#: serverguide/C/network-auth.xml:2030(ulink)
15696
#: serverguide/C/network-auth.xml:2037(ulink)
15698
15697
msgid "ldapadduser"
15701
#: serverguide/C/network-auth.xml:2031(ulink)
15700
#: serverguide/C/network-auth.xml:2038(ulink)
15702
15701
msgid "ldapdeleteuserfromgroup"
15705
#: serverguide/C/network-auth.xml:2032(ulink)
15704
#: serverguide/C/network-auth.xml:2039(ulink)
15706
15705
msgid "ldapfinger"
15709
#: serverguide/C/network-auth.xml:2033(ulink)
15708
#: serverguide/C/network-auth.xml:2040(ulink)
15710
15709
msgid "ldapid"
15713
#: serverguide/C/network-auth.xml:2034(ulink)
15712
#: serverguide/C/network-auth.xml:2041(ulink)
15714
15713
msgid "ldapgid"
15717
#: serverguide/C/network-auth.xml:2035(ulink)
15716
#: serverguide/C/network-auth.xml:2042(ulink)
15718
15717
msgid "ldapmodifyuser"
15721
#: serverguide/C/network-auth.xml:2036(ulink)
15720
#: serverguide/C/network-auth.xml:2043(ulink)
15722
15721
msgid "ldaprenameuser"
15725
#: serverguide/C/network-auth.xml:2037(ulink)
15724
#: serverguide/C/network-auth.xml:2044(ulink)
15726
15725
msgid "lsldap"
15729
#: serverguide/C/network-auth.xml:2038(ulink)
15728
#: serverguide/C/network-auth.xml:2045(ulink)
15730
15729
msgid "ldapaddusertogroup"
15733
#: serverguide/C/network-auth.xml:2039(ulink)
15732
#: serverguide/C/network-auth.xml:2046(ulink)
15734
15733
msgid "ldapsetpasswd"
15737
#: serverguide/C/network-auth.xml:2040(ulink)
15736
#: serverguide/C/network-auth.xml:2047(ulink)
15738
15737
msgid "ldapinit"
15741
#: serverguide/C/network-auth.xml:2041(ulink)
15740
#: serverguide/C/network-auth.xml:2048(ulink)
15742
15741
msgid "ldapaddgroup"
15745
#: serverguide/C/network-auth.xml:2042(ulink)
15744
#: serverguide/C/network-auth.xml:2049(ulink)
15746
15745
msgid "ldapdeletegroup"
15749
#: serverguide/C/network-auth.xml:2043(ulink)
15748
#: serverguide/C/network-auth.xml:2050(ulink)
15750
15749
msgid "ldapmodifygroup"
15753
#: serverguide/C/network-auth.xml:2044(ulink)
15752
#: serverguide/C/network-auth.xml:2051(ulink)
15754
15753
msgid "ldapdeletemachine"
15757
#: serverguide/C/network-auth.xml:2045(ulink)
15756
#: serverguide/C/network-auth.xml:2052(ulink)
15758
15757
msgid "ldaprenamegroup"
15761
#: serverguide/C/network-auth.xml:2046(ulink)
15760
#: serverguide/C/network-auth.xml:2053(ulink)
15762
15761
msgid "ldapaddmachine"
15765
#: serverguide/C/network-auth.xml:2047(ulink)
15764
#: serverguide/C/network-auth.xml:2054(ulink)
15766
15765
msgid "ldapmodifymachine"
15769
#: serverguide/C/network-auth.xml:2048(ulink)
15768
#: serverguide/C/network-auth.xml:2055(ulink)
15770
15769
msgid "ldapsetprimarygroup"
15773
#: serverguide/C/network-auth.xml:2049(ulink)
15772
#: serverguide/C/network-auth.xml:2056(ulink)
15774
15773
msgid "ldapdeleteuser"
15777
#: serverguide/C/network-auth.xml:2055(title)
15776
#: serverguide/C/network-auth.xml:2062(title)
15778
15777
msgid "Backup and Restore"
15781
#: serverguide/C/network-auth.xml:2057(para)
15780
#: serverguide/C/network-auth.xml:2064(para)
15783
15782
"Now we have ldap running just the way we want, it is time to ensure we can "
15784
15783
"save all of our work and restore it as needed."
15787
#: serverguide/C/network-auth.xml:2062(para)
15786
#: serverguide/C/network-auth.xml:2069(para)
15789
15788
"What we need is a way to backup the ldap database(s), specifically the "
15790
15789
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15835
15834
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15838
#: serverguide/C/network-auth.xml:2109(para)
15837
#: serverguide/C/network-auth.xml:2116(para)
15839
15838
msgid "Now the files are created, they should be copied to a backup server."
15842
#: serverguide/C/network-auth.xml:2114(para)
15841
#: serverguide/C/network-auth.xml:2121(para)
15844
15843
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15845
15844
"something like this:"
15848
#: serverguide/C/network-auth.xml:2120(command)
15847
#: serverguide/C/network-auth.xml:2127(command)
15849
15848
msgid "sudo service slapd stop"
15852
#: serverguide/C/network-auth.xml:2121(command)
15851
#: serverguide/C/network-auth.xml:2128(command)
15853
15852
msgid "sudo mkdir /var/lib/ldap/accesslog"
15856
#: serverguide/C/network-auth.xml:2122(command)
15855
#: serverguide/C/network-auth.xml:2129(command)
15857
15856
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15860
#: serverguide/C/network-auth.xml:2123(command)
15859
#: serverguide/C/network-auth.xml:2130(command)
15862
15861
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15865
#: serverguide/C/network-auth.xml:2124(command)
15864
#: serverguide/C/network-auth.xml:2131(command)
15866
15865
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15869
#: serverguide/C/network-auth.xml:2125(command)
15868
#: serverguide/C/network-auth.xml:2132(command)
15870
15869
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15873
#: serverguide/C/network-auth.xml:2126(command)
15872
#: serverguide/C/network-auth.xml:2133(command)
15874
15873
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15877
#: serverguide/C/network-auth.xml:2127(command)
15876
#: serverguide/C/network-auth.xml:2134(command)
15878
15877
msgid "sudo service slapd start"
15881
#: serverguide/C/network-auth.xml:2138(para)
15880
#: serverguide/C/network-auth.xml:2145(para)
15883
15882
"The primary resource is the upstream documentation: <ulink "
15884
15883
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15887
#: serverguide/C/network-auth.xml:2144(para)
15886
#: serverguide/C/network-auth.xml:2151(para)
15889
15888
"There are many man pages that come with the slapd package. Here are some "
15890
15889
"important ones, especially considering the material presented in this guide:"
15893
#: serverguide/C/network-auth.xml:2150(ulink)
15892
#: serverguide/C/network-auth.xml:2157(ulink)
15894
15893
msgid "slapd"
15897
#: serverguide/C/network-auth.xml:2151(ulink)
15896
#: serverguide/C/network-auth.xml:2158(ulink)
15898
15897
msgid "slapd-config"
15901
#: serverguide/C/network-auth.xml:2152(ulink)
15900
#: serverguide/C/network-auth.xml:2159(ulink)
15902
15901
msgid "slapd.access"
15905
#: serverguide/C/network-auth.xml:2153(ulink)
15904
#: serverguide/C/network-auth.xml:2160(ulink)
15906
15905
msgid "slapo-syncprov"
15909
#: serverguide/C/network-auth.xml:2159(para)
15908
#: serverguide/C/network-auth.xml:2166(para)
15910
15909
msgid "Other man pages:"
15913
#: serverguide/C/network-auth.xml:2164(ulink)
15912
#: serverguide/C/network-auth.xml:2171(ulink)
15914
15913
msgid "auth-client-config"
15917
#: serverguide/C/network-auth.xml:2165(ulink)
15916
#: serverguide/C/network-auth.xml:2172(ulink)
15918
15917
msgid "pam-auth-update"
15921
#: serverguide/C/network-auth.xml:2171(para)
15920
#: serverguide/C/network-auth.xml:2178(para)
15923
15922
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15924
15923
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15927
#: serverguide/C/network-auth.xml:2177(para)
15926
#: serverguide/C/network-auth.xml:2184(para)
15929
15928
"A Ubuntu community <ulink "
15930
15929
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15931
15930
"wiki</ulink> page has a collection of notes"
15934
#: serverguide/C/network-auth.xml:2183(para)
15933
#: serverguide/C/network-auth.xml:2190(para)
15936
15935
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15937
15936
"Administration</ulink> (textbook; 2003)"
15940
#: serverguide/C/network-auth.xml:2189(para)
15939
#: serverguide/C/network-auth.xml:2196(para)
15942
15941
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15943
15942
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15946
#: serverguide/C/network-auth.xml:2200(title)
15945
#: serverguide/C/network-auth.xml:2207(title)
15947
15946
msgid "Samba and LDAP"
15948
15947
msgstr "Samba і LDAP"
15950
#: serverguide/C/network-auth.xml:2202(para)
15949
#: serverguide/C/network-auth.xml:2209(para)
15952
15951
"This section covers the integration of Samba with LDAP. The Samba server's "
15953
15952
"role will be that of a \"standalone\" server and the LDAP directory will "
15979
15978
"install it."
15982
#: serverguide/C/network-auth.xml:2223(para)
15981
#: serverguide/C/network-auth.xml:2230(para)
15983
15982
msgid "Install these packages now:"
15986
#: serverguide/C/network-auth.xml:2228(command)
15985
#: serverguide/C/network-auth.xml:2235(command)
15987
15986
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15988
15987
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
15990
#: serverguide/C/network-auth.xml:2234(title)
15989
#: serverguide/C/network-auth.xml:2241(title)
15991
15990
msgid "LDAP Configuration"
15994
#: serverguide/C/network-auth.xml:2236(para)
15993
#: serverguide/C/network-auth.xml:2243(para)
15996
15995
"We will now configure the LDAP server so that it can accomodate Samba data. "
15997
15996
"We will perform three tasks in this section:"
16000
#: serverguide/C/network-auth.xml:2243(para)
15999
#: serverguide/C/network-auth.xml:2250(para)
16001
16000
msgid "Import a schema"
16004
#: serverguide/C/network-auth.xml:2247(para)
16003
#: serverguide/C/network-auth.xml:2254(para)
16005
16004
msgid "Index some entries"
16008
#: serverguide/C/network-auth.xml:2251(para)
16007
#: serverguide/C/network-auth.xml:2258(para)
16009
16008
msgid "Add objects"
16012
#: serverguide/C/network-auth.xml:2257(title)
16011
#: serverguide/C/network-auth.xml:2264(title)
16013
16012
msgid "Samba schema"
16016
#: serverguide/C/network-auth.xml:2259(para)
16015
#: serverguide/C/network-auth.xml:2266(para)
16018
16017
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16019
16018
"will need to use attributes that can properly describe Samba data. Such "
16071
16070
"include /etc/ldap/schema/samba.schema\n"
16074
#: serverguide/C/network-auth.xml:2311(para)
16073
#: serverguide/C/network-auth.xml:2318(para)
16075
16074
msgid "Have the directory <filename>ldif_output</filename> hold output."
16078
#: serverguide/C/network-auth.xml:2322(command)
16077
#: serverguide/C/network-auth.xml:2329(command)
16080
16079
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16083
#: serverguide/C/network-auth.xml:2323(computeroutput)
16082
#: serverguide/C/network-auth.xml:2330(computeroutput)
16087
16086
"dn: cn={14}samba,cn=schema,cn=config\n"
16090
#: serverguide/C/network-auth.xml:2331(para)
16089
#: serverguide/C/network-auth.xml:2338(para)
16091
16090
msgid "Convert the schema to LDIF format:"
16094
#: serverguide/C/network-auth.xml:2336(command)
16093
#: serverguide/C/network-auth.xml:2343(command)
16096
16095
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16097
16096
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16100
#: serverguide/C/network-auth.xml:2343(para)
16099
#: serverguide/C/network-auth.xml:2350(para)
16102
16101
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16103
16102
"information to arrive at:"
16106
#: serverguide/C/network-auth.xml:2347(programlisting)
16105
#: serverguide/C/network-auth.xml:2354(programlisting)
16141
16140
"modifiersName: cn=config\n"
16142
16141
"modifyTimestamp: 20080827045234Z\n"
16144
#: serverguide/C/network-auth.xml:2373(para)
16143
#: serverguide/C/network-auth.xml:2380(para)
16145
16144
msgid "Add the new schema:"
16148
#: serverguide/C/network-auth.xml:2378(command)
16147
#: serverguide/C/network-auth.xml:2385(command)
16149
16148
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16152
#: serverguide/C/network-auth.xml:2381(para)
16151
#: serverguide/C/network-auth.xml:2388(para)
16153
16152
msgid "To query and view this new schema:"
16156
#: serverguide/C/network-auth.xml:2386(command)
16155
#: serverguide/C/network-auth.xml:2393(command)
16158
16157
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16159
16158
"'cn=*samba*'"
16162
#: serverguide/C/network-auth.xml:2396(title)
16161
#: serverguide/C/network-auth.xml:2403(title)
16163
16162
msgid "Samba indices"
16166
#: serverguide/C/network-auth.xml:2398(para)
16165
#: serverguide/C/network-auth.xml:2405(para)
16168
16167
"Now that slapd knows about the Samba attributes, we can set up some indices "
16169
16168
"based on them. Indexing entries is a way to improve performance when a "
16170
16169
"client performs a filtered search on the DIT."
16173
#: serverguide/C/network-auth.xml:2403(para)
16172
#: serverguide/C/network-auth.xml:2410(para)
16175
16174
"Create the file <filename>samba_indices.ldif</filename> with the following "
16179
#: serverguide/C/network-auth.xml:2407(programlisting)
16178
#: serverguide/C/network-auth.xml:2414(programlisting)
16213
16212
"olcDbIndex: sambaDomainName eq\n"
16214
16213
"olcDbIndex: default sub\n"
16216
#: serverguide/C/network-auth.xml:2425(para)
16215
#: serverguide/C/network-auth.xml:2432(para)
16218
16217
"Using the <application>ldapmodify</application> utility load the new indices:"
16221
#: serverguide/C/network-auth.xml:2430(command)
16220
#: serverguide/C/network-auth.xml:2437(command)
16222
16221
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16225
#: serverguide/C/network-auth.xml:2433(para)
16224
#: serverguide/C/network-auth.xml:2440(para)
16227
16226
"If all went well you should see the new indices using "
16228
16227
"<application>ldapsearch</application>:"
16231
#: serverguide/C/network-auth.xml:2438(command)
16230
#: serverguide/C/network-auth.xml:2445(command)
16233
16232
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16234
16233
"olcDatabase={1}hdb olcDbIndex"
16237
#: serverguide/C/network-auth.xml:2445(title)
16236
#: serverguide/C/network-auth.xml:2452(title)
16238
16237
msgid "Adding Samba LDAP objects"
16241
#: serverguide/C/network-auth.xml:2452(para)
16240
#: serverguide/C/network-auth.xml:2454(para)
16243
16242
"Next, configure the <application>smbldap-tools</application> package to "
16244
16243
"match your environment. The package is supposed to come with a configuration "
16249
16248
"smbldap-tools')."
16252
#: serverguide/C/network-auth.xml:2459(para)
16251
#: serverguide/C/network-auth.xml:2461(para)
16254
16253
"To manually configure the package, you need to create and edit the files "
16255
16254
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16256
16255
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16259
#: serverguide/C/network-auth.xml:2464(para)
16258
#: serverguide/C/network-auth.xml:2466(para)
16261
16260
"The <application>smbldap-populate</application> script will then add the "
16262
16261
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16263
16262
"your DIT using <application>slapcat</application>:"
16266
#: serverguide/C/network-auth.xml:2473(command)
16265
#: serverguide/C/network-auth.xml:2472(command)
16267
16266
msgid "sudo slapcat -l backup.ldif"
16268
16267
msgstr "sudo slapcat -l backup.ldif"
16270
#: serverguide/C/network-auth.xml:2476(para)
16269
#: serverguide/C/network-auth.xml:2475(para)
16271
16270
msgid "Once you have a backup proceed to populate your directory:"
16274
#: serverguide/C/network-auth.xml:2481(command)
16273
#: serverguide/C/network-auth.xml:2480(command)
16275
16274
msgid "sudo smbldap-populate"
16276
16275
msgstr "sudo smbldap-populate"
16278
#: serverguide/C/network-auth.xml:2484(para)
16277
#: serverguide/C/network-auth.xml:2483(para)
16280
16279
"You can create a LDIF file containing the new Samba objects by executing "
16281
16280
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16366
16365
"<application>libnss-ldap</application>):"
16369
#: serverguide/C/network-auth.xml:2553(command)
16368
#: serverguide/C/network-auth.xml:2552(command)
16370
16369
msgid "sudo smbpasswd -a username"
16371
16370
msgstr "sudo smbpasswd -a username"
16373
#: serverguide/C/network-auth.xml:2556(para)
16372
#: serverguide/C/network-auth.xml:2555(para)
16375
16374
"You will prompted to enter a password. It will be considered as the new "
16376
16375
"password for that user. Making it the same as before is reasonable."
16379
#: serverguide/C/network-auth.xml:2560(para)
16378
#: serverguide/C/network-auth.xml:2559(para)
16381
16380
"To manage user, group, and machine accounts use the utilities provided by "
16382
16381
"the <application>smbldap-tools</application> package. Here are some examples:"
16385
#: serverguide/C/network-auth.xml:2568(para)
16384
#: serverguide/C/network-auth.xml:2567(para)
16386
16385
msgid "To add a new user:"
16389
#: serverguide/C/network-auth.xml:2573(command)
16388
#: serverguide/C/network-auth.xml:2572(command)
16390
16389
msgid "sudo smbldap-useradd -a -P username"
16393
#: serverguide/C/network-auth.xml:2576(para)
16392
#: serverguide/C/network-auth.xml:2575(para)
16395
16394
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16396
16395
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16398
16397
"a password for the user."
16401
#: serverguide/C/network-auth.xml:2583(para)
16400
#: serverguide/C/network-auth.xml:2582(para)
16402
16401
msgid "To remove a user:"
16405
#: serverguide/C/network-auth.xml:2588(command)
16404
#: serverguide/C/network-auth.xml:2587(command)
16406
16405
msgid "sudo smbldap-userdel username"
16407
16406
msgstr "sudo smbldap-userdel username"
16409
#: serverguide/C/network-auth.xml:2591(para)
16408
#: serverguide/C/network-auth.xml:2590(para)
16411
16410
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16412
16411
"user's home directory."
16415
#: serverguide/C/network-auth.xml:2597(para)
16414
#: serverguide/C/network-auth.xml:2596(para)
16416
16415
msgid "To add a group:"
16419
#: serverguide/C/network-auth.xml:2602(command)
16418
#: serverguide/C/network-auth.xml:2601(command)
16420
16419
msgid "sudo smbldap-groupadd -a groupname"
16421
16420
msgstr "sudo smbldap-groupadd -a groupname"
16423
#: serverguide/C/network-auth.xml:2605(para)
16422
#: serverguide/C/network-auth.xml:2604(para)
16425
16424
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16426
16425
"a</emphasis> adds the Samba attributes."
16429
#: serverguide/C/network-auth.xml:2611(para)
16428
#: serverguide/C/network-auth.xml:2610(para)
16430
16429
msgid "To make an existing user a member of a group:"
16433
#: serverguide/C/network-auth.xml:2616(command)
16432
#: serverguide/C/network-auth.xml:2615(command)
16434
16433
msgid "sudo smbldap-groupmod -m username groupname"
16435
16434
msgstr "sudo smbldap-groupmod -m username groupname"
16437
#: serverguide/C/network-auth.xml:2619(para)
16436
#: serverguide/C/network-auth.xml:2618(para)
16439
16438
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16440
16439
"listing them in comma-separated format."
16443
#: serverguide/C/network-auth.xml:2625(para)
16442
#: serverguide/C/network-auth.xml:2624(para)
16444
16443
msgid "To remove a user from a group:"
16447
#: serverguide/C/network-auth.xml:2630(command)
16446
#: serverguide/C/network-auth.xml:2629(command)
16448
16447
msgid "sudo smbldap-groupmod -x username groupname"
16449
16448
msgstr "sudo smbldap-groupmod -x username groupname"
16451
#: serverguide/C/network-auth.xml:2636(para)
16450
#: serverguide/C/network-auth.xml:2635(para)
16452
16451
msgid "To add a Samba machine account:"
16455
#: serverguide/C/network-auth.xml:2641(command)
16454
#: serverguide/C/network-auth.xml:2640(command)
16456
16455
msgid "sudo smbldap-useradd -t 0 -w username"
16457
16456
msgstr "sudo smbldap-useradd -t 0 -w username"
16459
#: serverguide/C/network-auth.xml:2644(para)
16458
#: serverguide/C/network-auth.xml:2643(para)
16461
16460
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16462
16461
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16466
16465
"<application>smbldap-useradd</application>."
16469
#: serverguide/C/network-auth.xml:2653(para)
16468
#: serverguide/C/network-auth.xml:2652(para)
16471
16470
"There are utilities in the <application>smbldap-tools</application> package "
16472
16471
"that were not covered here. Here is a complete list:"
16474
#: serverguide/C/network-auth.xml:2657(ulink)
16475
msgid "smbldap-groupadd"
16475
16478
#: serverguide/C/network-auth.xml:2658(ulink)
16476
msgid "smbldap-groupadd"
16479
msgid "smbldap-groupdel"
16479
16482
#: serverguide/C/network-auth.xml:2659(ulink)
16480
msgid "smbldap-groupdel"
16483
msgid "smbldap-groupmod"
16483
16486
#: serverguide/C/network-auth.xml:2660(ulink)
16484
msgid "smbldap-groupmod"
16487
msgid "smbldap-groupshow"
16487
16490
#: serverguide/C/network-auth.xml:2661(ulink)
16488
msgid "smbldap-groupshow"
16491
msgid "smbldap-passwd"
16491
16494
#: serverguide/C/network-auth.xml:2662(ulink)
16492
msgid "smbldap-passwd"
16495
msgid "smbldap-populate"
16495
16498
#: serverguide/C/network-auth.xml:2663(ulink)
16496
msgid "smbldap-populate"
16499
msgid "smbldap-useradd"
16499
16502
#: serverguide/C/network-auth.xml:2664(ulink)
16500
msgid "smbldap-useradd"
16503
msgid "smbldap-userdel"
16503
16506
#: serverguide/C/network-auth.xml:2665(ulink)
16504
msgid "smbldap-userdel"
16507
msgid "smbldap-userinfo"
16507
16510
#: serverguide/C/network-auth.xml:2666(ulink)
16508
msgid "smbldap-userinfo"
16511
msgid "smbldap-userlist"
16511
16514
#: serverguide/C/network-auth.xml:2667(ulink)
16512
msgid "smbldap-userlist"
16515
msgid "smbldap-usermod"
16515
16518
#: serverguide/C/network-auth.xml:2668(ulink)
16516
msgid "smbldap-usermod"
16519
#: serverguide/C/network-auth.xml:2669(ulink)
16520
16519
msgid "smbldap-usershow"
16523
#: serverguide/C/network-auth.xml:2677(para)
16522
#: serverguide/C/network-auth.xml:2679(para)
16525
16524
"For more information on installing and configuring Samba see <xref "
16526
16525
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16529
#: serverguide/C/network-auth.xml:2686(para)
16528
#: serverguide/C/network-auth.xml:2685(para)
16531
16530
"There are multiple places where LDAP and Samba is documented in the upstream "
16532
16531
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16533
16532
"HOWTO Collection</ulink>."
16536
#: serverguide/C/network-auth.xml:2693(para)
16535
#: serverguide/C/network-auth.xml:2692(para)
16538
16537
"Regarding the above, see specifically the <ulink "
16539
16538
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16540
16539
"Collection/passdb.html\">passdb section</ulink>."
16543
#: serverguide/C/network-auth.xml:2699(para)
16542
#: serverguide/C/network-auth.xml:2698(para)
16545
16544
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16546
16545
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16547
16546
"valuable notes."
16550
#: serverguide/C/network-auth.xml:2705(para)
16549
#: serverguide/C/network-auth.xml:2704(para)
16552
16551
"The main page of the <ulink "
16553
16552
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16568
16567
"network environment one step closer to being Single Sign On (SSO)."
16571
#: serverguide/C/network-auth.xml:2726(para)
16570
#: serverguide/C/network-auth.xml:2725(para)
16573
16572
"This section covers installation and configuration of a Kerberos server, and "
16574
16573
"some example client configurations."
16577
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16576
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16578
16577
msgid "Overview"
16581
#: serverguide/C/network-auth.xml:2733(para)
16580
#: serverguide/C/network-auth.xml:2732(para)
16583
16582
"If you are new to Kerberos there are a few terms that are good to understand "
16584
16583
"before setting up a Kerberos server. Most of the terms will relate to things "
16585
16584
"you may be familiar with in other environments:"
16588
#: serverguide/C/network-auth.xml:2740(para)
16587
#: serverguide/C/network-auth.xml:2739(para)
16590
16589
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16591
16590
"by servers need to be defined as Kerberos Principals."
16594
#: serverguide/C/network-auth.xml:2745(para)
16593
#: serverguide/C/network-auth.xml:2744(para)
16596
16595
"<emphasis>Instances:</emphasis> are used for service principals and special "
16597
16596
"administrative principals."
16600
#: serverguide/C/network-auth.xml:2750(para)
16599
#: serverguide/C/network-auth.xml:2749(para)
16602
16601
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16603
16602
"Kerberos installation. Think of it as the domain or group your hosts and "
16652
16651
"entering another username and password."
16655
#: serverguide/C/network-auth.xml:2798(title)
16654
#: serverguide/C/network-auth.xml:2797(title)
16656
16655
msgid "Kerberos Server"
16657
16656
msgstr "Сэрвер Kerberos"
16659
#: serverguide/C/network-auth.xml:2802(para)
16658
#: serverguide/C/network-auth.xml:2801(para)
16661
16660
"For this discussion, we will create a MIT Kerberos domain with the following "
16662
16661
"features (edit them to fit your needs):"
16665
#: serverguide/C/network-auth.xml:2809(para)
16664
#: serverguide/C/network-auth.xml:2808(para)
16666
16665
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16669
#: serverguide/C/network-auth.xml:2814(para)
16668
#: serverguide/C/network-auth.xml:2813(para)
16670
16669
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16673
#: serverguide/C/network-auth.xml:2819(para)
16672
#: serverguide/C/network-auth.xml:2818(para)
16674
16673
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16677
#: serverguide/C/network-auth.xml:2824(para)
16676
#: serverguide/C/network-auth.xml:2823(para)
16678
16677
msgid "<emphasis>User principal:</emphasis> steve"
16681
#: serverguide/C/network-auth.xml:2829(para)
16680
#: serverguide/C/network-auth.xml:2828(para)
16682
16681
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16685
#: serverguide/C/network-auth.xml:2836(para)
16684
#: serverguide/C/network-auth.xml:2835(para)
16687
16686
"It is <emphasis>strongly</emphasis> recommended that your network-"
16688
16687
"authenticated users have their uid in a different range (say, starting at "
16689
16688
"5000) than that of your local users."
16692
#: serverguide/C/network-auth.xml:2842(para)
16691
#: serverguide/C/network-auth.xml:2841(para)
16694
16693
"Before installing the Kerberos server a properly configured DNS server is "
16695
16694
"needed for your domain. Since the Kerberos Realm by convention matches the "
16708
16707
"setting up NTP see <xref linkend=\"NTP\"/>."
16711
#: serverguide/C/network-auth.xml:2856(para)
16710
#: serverguide/C/network-auth.xml:2855(para)
16713
16712
"The first step in creating a Kerberos Realm is to install the "
16714
16713
"<application>krb5-kdc</application> and <application>krb5-admin-"
16715
16714
"server</application> packages. From a terminal enter:"
16718
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16717
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16719
16718
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16720
16719
msgstr "sudo apt-get install krb5-kdc krb5-admin-server"
16722
#: serverguide/C/network-auth.xml:2865(para)
16721
#: serverguide/C/network-auth.xml:2864(para)
16724
16723
"You will be asked at the end of the install to supply the hostname for the "
16725
16724
"Kerberos and Admin servers, which may or may not be the same server, for the "
16729
#: serverguide/C/network-auth.xml:2872(para)
16728
#: serverguide/C/network-auth.xml:2871(para)
16730
16729
msgid "By default the realm is created from the KDC's domain name."
16733
#: serverguide/C/network-auth.xml:2877(para)
16732
#: serverguide/C/network-auth.xml:2876(para)
16735
16734
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16739
#: serverguide/C/network-auth.xml:2882(command)
16738
#: serverguide/C/network-auth.xml:2881(command)
16740
16739
msgid "sudo krb5_newrealm"
16741
16740
msgstr "sudo krb5_newrealm"
16743
#: serverguide/C/network-auth.xml:2889(para)
16742
#: serverguide/C/network-auth.xml:2888(para)
16745
16744
"The questions asked during installation are used to configure the "
16746
16745
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16837
16836
"<emphasis>kadm5.acl</emphasis> man page for details."
16840
#: serverguide/C/network-auth.xml:2959(para)
16839
#: serverguide/C/network-auth.xml:2958(para)
16842
16841
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16843
16842
"to take affect:"
16846
#: serverguide/C/network-auth.xml:2961(command)
16845
#: serverguide/C/network-auth.xml:2963(command)
16847
16846
msgid "sudo service krb5-admin-server restart"
16850
#: serverguide/C/network-auth.xml:2970(para)
16849
#: serverguide/C/network-auth.xml:2969(para)
16852
16851
"The new user principal can be tested using the <application>kinit "
16853
16852
"utility</application>:"
16856
#: serverguide/C/network-auth.xml:2975(command)
16855
#: serverguide/C/network-auth.xml:2974(command)
16857
16856
msgid "kinit steve/admin"
16858
16857
msgstr "kinit steve/admin"
16860
#: serverguide/C/network-auth.xml:2976(computeroutput)
16859
#: serverguide/C/network-auth.xml:2975(computeroutput)
16862
16861
msgid "steve/admin@EXAMPLE.COM's Password:"
16863
16862
msgstr "Пароль на steve/admin@EXAMPLE.COM:"
16865
#: serverguide/C/network-auth.xml:2979(para)
16864
#: serverguide/C/network-auth.xml:2978(para)
16867
16866
"After entering the password, use the <application>klist</application> "
16868
16867
"utility to view information about the Ticket Granting Ticket (TGT):"
16871
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16870
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
16872
16871
msgid "klist"
16873
16872
msgstr "klist"
16875
#: serverguide/C/network-auth.xml:2986(computeroutput)
16874
#: serverguide/C/network-auth.xml:2985(computeroutput)
16878
16877
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16962
16961
"of those networks."
16965
#: serverguide/C/network-auth.xml:3064(para)
16964
#: serverguide/C/network-auth.xml:3063(para)
16967
16966
"First, install the packages, and when asked for the Kerberos and Admin "
16968
16967
"server names enter the name of the Primary KDC:"
16971
#: serverguide/C/network-auth.xml:3075(para)
16970
#: serverguide/C/network-auth.xml:3074(para)
16973
16972
"Once you have the packages installed, create the Secondary KDC's host "
16974
16973
"principal. From a terminal prompt, enter:"
16977
#: serverguide/C/network-auth.xml:3080(command)
16976
#: serverguide/C/network-auth.xml:3079(command)
16978
16977
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16979
16978
msgstr "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16981
#: serverguide/C/network-auth.xml:3084(para)
16980
#: serverguide/C/network-auth.xml:3083(para)
16983
16982
"After, issuing any <application>kadmin</application> commands you will be "
16984
16983
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16988
#: serverguide/C/network-auth.xml:3093(para)
16987
#: serverguide/C/network-auth.xml:3092(para)
16989
16988
msgid "Extract the <emphasis>keytab</emphasis> file:"
16992
#: serverguide/C/network-auth.xml:3098(command)
16991
#: serverguide/C/network-auth.xml:3097(command)
16993
16992
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16996
#: serverguide/C/network-auth.xml:3104(para)
16995
#: serverguide/C/network-auth.xml:3103(para)
16998
16997
"There should now be a <filename>keytab.kdc02</filename> in the current "
16999
16998
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17002
#: serverguide/C/network-auth.xml:3110(command)
17001
#: serverguide/C/network-auth.xml:3109(command)
17003
17002
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17004
17003
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
17006
#: serverguide/C/network-auth.xml:3114(para)
17005
#: serverguide/C/network-auth.xml:3113(para)
17008
17007
"If the path to the <filename>keytab.kdc02</filename> file is different "
17009
17008
"adjust accordingly."
17012
#: serverguide/C/network-auth.xml:3119(para)
17011
#: serverguide/C/network-auth.xml:3118(para)
17014
17013
"Also, you can list the principals in a Keytab file, which can be useful when "
17015
17014
"troubleshooting, using the <application>klist</application> utility:"
17018
#: serverguide/C/network-auth.xml:3125(command)
17017
#: serverguide/C/network-auth.xml:3124(command)
17019
17018
msgid "sudo klist -k /etc/krb5.keytab"
17020
17019
msgstr "sudo klist -k /etc/krb5.keytab"
17022
#: serverguide/C/network-auth.xml:3128(para)
17021
#: serverguide/C/network-auth.xml:3127(para)
17024
17023
"The <application>-k</application> option indicates the file is a keytab file."
17027
#: serverguide/C/network-auth.xml:3135(para)
17026
#: serverguide/C/network-auth.xml:3134(para)
17029
17028
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17030
17029
"that lists all KDCs for the Realm. For example, on both primary and "
17031
17030
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17034
#: serverguide/C/network-auth.xml:3140(programlisting)
17033
#: serverguide/C/network-auth.xml:3139(programlisting)
17042
17041
"host/kdc01.example.com@EXAMPLE.COM\n"
17043
17042
"host/kdc02.example.com@EXAMPLE.COM\n"
17045
#: serverguide/C/network-auth.xml:3148(para)
17044
#: serverguide/C/network-auth.xml:3147(para)
17046
17045
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17049
#: serverguide/C/network-auth.xml:3153(command)
17048
#: serverguide/C/network-auth.xml:3152(command)
17050
17049
msgid "sudo kdb5_util -s create"
17051
17050
msgstr "sudo kdb5_util -s create"
17053
#: serverguide/C/network-auth.xml:3159(para)
17052
#: serverguide/C/network-auth.xml:3158(para)
17055
17054
"Now start the <application>kpropd</application> daemon, which listens for "
17056
17055
"connections from the <application>kprop</application> utility. "
17057
17056
"<application>kprop</application> is used to transfer dump files:"
17060
#: serverguide/C/network-auth.xml:3166(command)
17059
#: serverguide/C/network-auth.xml:3165(command)
17061
17060
msgid "sudo kpropd -S"
17062
17061
msgstr "sudo kpropd -S"
17064
#: serverguide/C/network-auth.xml:3172(para)
17063
#: serverguide/C/network-auth.xml:3171(para)
17066
17065
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17067
17066
"of the principal database:"
17070
#: serverguide/C/network-auth.xml:3177(command)
17069
#: serverguide/C/network-auth.xml:3176(command)
17071
17070
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17072
17071
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17074
#: serverguide/C/network-auth.xml:3183(para)
17073
#: serverguide/C/network-auth.xml:3182(para)
17076
17075
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17077
17076
"<filename>/etc/krb5.keytab</filename>:"
17080
#: serverguide/C/network-auth.xml:3188(command)
17079
#: serverguide/C/network-auth.xml:3187(command)
17081
17080
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17082
17081
msgstr "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17084
#: serverguide/C/network-auth.xml:3189(command)
17083
#: serverguide/C/network-auth.xml:3188(command)
17085
17084
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17088
#: serverguide/C/network-auth.xml:3193(para)
17087
#: serverguide/C/network-auth.xml:3192(para)
17090
17089
"Make sure there is a <emphasis>host</emphasis> for "
17091
17090
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17094
#: serverguide/C/network-auth.xml:3201(para)
17093
#: serverguide/C/network-auth.xml:3200(para)
17096
17095
"Using the <application>kprop</application> utility push the database to the "
17097
17096
"Secondary KDC:"
17100
#: serverguide/C/network-auth.xml:3206(command)
17099
#: serverguide/C/network-auth.xml:3205(command)
17101
17100
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17102
17101
msgstr "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17104
#: serverguide/C/network-auth.xml:3210(para)
17103
#: serverguide/C/network-auth.xml:3209(para)
17106
17105
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17107
17106
"worked. If there is an error message check "
17247
17246
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17250
#: serverguide/C/network-auth.xml:3341(para)
17249
#: serverguide/C/network-auth.xml:3340(para)
17252
17251
"This will avoid being asked for the (non-existent) Kerberos password of a "
17253
17252
"locally authenticated user when changing its password using "
17254
17253
"<command>passwd</command>."
17257
#: serverguide/C/network-auth.xml:3348(para)
17256
#: serverguide/C/network-auth.xml:3347(para)
17259
17258
"You can test the configuration by requesting a ticket using the "
17260
17259
"<application>kinit</application> utility. For example:"
17263
#: serverguide/C/network-auth.xml:3353(command)
17262
#: serverguide/C/network-auth.xml:3352(command)
17264
17263
msgid "kinit steve@EXAMPLE.COM"
17265
17264
msgstr "kinit steve@EXAMPLE.COM"
17267
#: serverguide/C/network-auth.xml:3354(computeroutput)
17266
#: serverguide/C/network-auth.xml:3353(computeroutput)
17269
17268
msgid "Password for steve@EXAMPLE.COM:"
17270
17269
msgstr "Пароль для steve@EXAMPLE.COM:"
17272
#: serverguide/C/network-auth.xml:3357(para)
17271
#: serverguide/C/network-auth.xml:3356(para)
17274
17273
"When a ticket has been granted, the details can be viewed using "
17275
17274
"<application>klist</application>:"
17278
#: serverguide/C/network-auth.xml:3363(computeroutput)
17277
#: serverguide/C/network-auth.xml:3362(computeroutput)
17281
17280
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17290
17289
"klist: You have no tickets cached"
17293
#: serverguide/C/network-auth.xml:3375(para)
17292
#: serverguide/C/network-auth.xml:3374(para)
17295
17294
"Next, use the <application>auth-client-config</application> to configure the "
17296
17295
"<application>libpam-krb5</application> module to request a ticket during "
17300
#: serverguide/C/network-auth.xml:3381(command)
17299
#: serverguide/C/network-auth.xml:3380(command)
17301
17300
msgid "sudo auth-client-config -a -p kerberos_example"
17302
17301
msgstr "sudo auth-client-config -a -p kerberos_example"
17304
#: serverguide/C/network-auth.xml:3384(para)
17303
#: serverguide/C/network-auth.xml:3383(para)
17306
17305
"You will should now receive a ticket upon successful login authentication."
17309
#: serverguide/C/network-auth.xml:3395(para)
17308
#: serverguide/C/network-auth.xml:3394(para)
17311
17310
"For more information on MIT's version of Kerberos, see the <ulink "
17312
17311
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17315
#: serverguide/C/network-auth.xml:3400(para)
17314
#: serverguide/C/network-auth.xml:3399(para)
17317
17316
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17318
17317
"Kerberos</ulink> page has more details."
17321
#: serverguide/C/network-auth.xml:3405(para)
17320
#: serverguide/C/network-auth.xml:3404(para)
17323
17322
"O'Reilly's <ulink "
17324
17323
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17325
17324
"Guide</ulink> is a great reference when setting up Kerberos."
17328
#: serverguide/C/network-auth.xml:3411(para)
17327
#: serverguide/C/network-auth.xml:3410(para)
17330
17329
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17331
17330
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17332
17331
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17335
#: serverguide/C/network-auth.xml:3423(title)
17334
#: serverguide/C/network-auth.xml:3422(title)
17336
17335
msgid "Kerberos and LDAP"
17337
17336
msgstr "Kerberos і LDAP"
17339
#: serverguide/C/network-auth.xml:3425(para)
17338
#: serverguide/C/network-auth.xml:3424(para)
17341
17340
"Most people will not use Kerberos by itself; once an user is authenticated "
17342
17341
"(Kerberos), we need to figure out what this user can do (authorization). And "
17343
17342
"that would be the job of programs such as <application>LDAP</application>."
17346
#: serverguide/C/network-auth.xml:3432(para)
17345
#: serverguide/C/network-auth.xml:3431(para)
17348
17347
"Replicating a Kerberos principal database between two servers can be "
17349
17348
"complicated, and adds an additional user database to your network. "
17372
17371
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17375
#: serverguide/C/network-auth.xml:3456(para)
17374
#: serverguide/C/network-auth.xml:3455(para)
17377
17376
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17378
17377
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17379
17378
"linkend=\"openldap-tls\"/> for details."
17382
#: serverguide/C/network-auth.xml:3462(para)
17381
#: serverguide/C/network-auth.xml:3461(para)
17384
17383
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17385
17384
"edit the ldap database. Many times it is the RootDN. Change its value to "
17386
17385
"reflect your setup."
17389
#: serverguide/C/network-auth.xml:3471(para)
17388
#: serverguide/C/network-auth.xml:3470(para)
17391
17390
"To load the schema into LDAP, on the LDAP server install the "
17392
17391
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17395
#: serverguide/C/network-auth.xml:3477(command)
17394
#: serverguide/C/network-auth.xml:3476(command)
17396
17395
msgid "sudo apt-get install krb5-kdc-ldap"
17397
17396
msgstr "sudo apt-get install krb5-kdc-ldap"
17399
#: serverguide/C/network-auth.xml:3482(para)
17398
#: serverguide/C/network-auth.xml:3481(para)
17400
17399
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17403
#: serverguide/C/network-auth.xml:3487(command)
17402
#: serverguide/C/network-auth.xml:3486(command)
17404
17403
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17405
17404
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17407
#: serverguide/C/network-auth.xml:3488(command)
17406
#: serverguide/C/network-auth.xml:3487(command)
17409
17408
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17411
17410
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17413
#: serverguide/C/network-auth.xml:3494(para)
17412
#: serverguide/C/network-auth.xml:3493(para)
17415
17414
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17416
17415
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17444
17443
"include /etc/ldap/schema/kerberos.schema\n"
17447
#: serverguide/C/network-auth.xml:3527(para)
17446
#: serverguide/C/network-auth.xml:3526(para)
17448
17447
msgid "Create a temporary directory to hold the LDIF files:"
17451
#: serverguide/C/network-auth.xml:3531(command)
17450
#: serverguide/C/network-auth.xml:3530(command)
17452
17451
msgid "mkdir /tmp/ldif_output"
17453
17452
msgstr "mkdir /tmp/ldif_output"
17455
#: serverguide/C/network-auth.xml:3537(para)
17454
#: serverguide/C/network-auth.xml:3536(para)
17457
17456
"Now use <application>slapcat</application> to convert the schema files:"
17460
#: serverguide/C/network-auth.xml:3542(command)
17459
#: serverguide/C/network-auth.xml:3541(command)
17462
17461
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17463
17462
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17466
#: serverguide/C/network-auth.xml:3546(para)
17465
#: serverguide/C/network-auth.xml:3545(para)
17468
17467
"Change the above file and path names to match your own if they are different."
17471
#: serverguide/C/network-auth.xml:3553(para)
17470
#: serverguide/C/network-auth.xml:3552(para)
17473
17472
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17474
17473
"changing the following attributes:"
17477
#: serverguide/C/network-auth.xml:3557(programlisting)
17476
#: serverguide/C/network-auth.xml:3556(programlisting)
17512
17511
"modifiersName: cn=config\n"
17513
17512
"modifyTimestamp: 20090111203515Z\n"
17515
#: serverguide/C/network-auth.xml:3577(para)
17514
#: serverguide/C/network-auth.xml:3576(para)
17517
17516
"The attribute values will vary, just be sure the attributes are removed."
17520
#: serverguide/C/network-auth.xml:3584(para)
17519
#: serverguide/C/network-auth.xml:3583(para)
17521
17520
msgid "Load the new schema with <application>ldapadd</application>:"
17524
#: serverguide/C/network-auth.xml:3589(command)
17523
#: serverguide/C/network-auth.xml:3588(command)
17525
17524
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17528
#: serverguide/C/network-auth.xml:3595(para)
17527
#: serverguide/C/network-auth.xml:3594(para)
17530
17529
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17533
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17532
#: serverguide/C/network-auth.xml:3599(command) serverguide/C/network-auth.xml:3616(command)
17534
17533
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17535
17534
msgstr "ldapmodify -x -D cn=admin,cn=config -W"
17537
#: serverguide/C/network-auth.xml:3602(userinput)
17536
#: serverguide/C/network-auth.xml:3601(userinput)
17540
17539
"dn: olcDatabase={1}hdb,cn=config\n"
17583
17582
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17586
#: serverguide/C/network-auth.xml:3639(para)
17585
#: serverguide/C/network-auth.xml:3638(para)
17588
17587
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17592
#: serverguide/C/network-auth.xml:3645(title)
17591
#: serverguide/C/network-auth.xml:3644(title)
17593
17592
msgid "Primary KDC Configuration"
17596
#: serverguide/C/network-auth.xml:3647(para)
17595
#: serverguide/C/network-auth.xml:3646(para)
17598
17597
"With <application>OpenLDAP</application> configured it is time to configure "
17602
#: serverguide/C/network-auth.xml:3653(para)
17601
#: serverguide/C/network-auth.xml:3652(para)
17603
17602
msgid "First, install the necessary packages, from a terminal enter:"
17606
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17605
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17607
17606
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17608
17607
msgstr "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17610
#: serverguide/C/network-auth.xml:3664(para)
17609
#: serverguide/C/network-auth.xml:3663(para)
17612
17611
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17613
17612
"under the appropriate sections:"
17616
#: serverguide/C/network-auth.xml:3668(programlisting)
17615
#: serverguide/C/network-auth.xml:3667(programlisting)
17853
#: serverguide/C/network-auth.xml:3893(command)
17852
#: serverguide/C/network-auth.xml:3892(command)
17854
17853
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17855
17854
msgstr "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17857
#: serverguide/C/network-auth.xml:3894(command)
17856
#: serverguide/C/network-auth.xml:3893(command)
17858
17857
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17859
17858
msgstr "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17861
#: serverguide/C/network-auth.xml:3898(para)
17860
#: serverguide/C/network-auth.xml:3897(para)
17863
17862
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17866
#: serverguide/C/network-auth.xml:3906(para)
17865
#: serverguide/C/network-auth.xml:3905(para)
17868
17867
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17872
#: serverguide/C/network-auth.xml:3918(para)
17871
#: serverguide/C/network-auth.xml:3917(para)
17873
17872
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17876
#: serverguide/C/network-auth.xml:3929(para)
17875
#: serverguide/C/network-auth.xml:3928(para)
17877
17876
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17880
#: serverguide/C/network-auth.xml:3936(para)
17879
#: serverguide/C/network-auth.xml:3935(para)
17882
17881
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17883
17882
"you should be able to continue to authenticate users if one LDAP server, one "
17884
17883
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17887
#: serverguide/C/network-auth.xml:3948(para)
17886
#: serverguide/C/network-auth.xml:3947(para)
17889
17888
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17890
17889
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17891
17890
"Guide</ulink> has some additional details."
17894
#: serverguide/C/network-auth.xml:3951(para)
17893
#: serverguide/C/network-auth.xml:3953(para)
17896
17895
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17897
17896
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17930
17929
"requires no modifications to the AD structure."
17933
#: serverguide/C/network-auth.xml:3978(title)
17932
#: serverguide/C/network-auth.xml:3980(title)
17934
17933
msgid "Prerequisites, Assumptions, and Requirements"
17937
#: serverguide/C/network-auth.xml:3981(para)
17936
#: serverguide/C/network-auth.xml:3983(para)
17939
17938
"This guide does not explain Active Directory, how it works, how to set one "
17940
17939
"up, or how to maintain it. It may not provide “best practices” for your "
17941
17940
"environment."
17944
#: serverguide/C/network-auth.xml:3983(para)
17943
#: serverguide/C/network-auth.xml:3985(para)
17946
17945
"This guide assumes that a working Active Directory domain is already "
17947
17946
"configured."
17950
#: serverguide/C/network-auth.xml:3985(para)
17949
#: serverguide/C/network-auth.xml:3987(para)
17952
17951
"The domain controller is acting as an authoritative DNS server for the "
17956
#: serverguide/C/network-auth.xml:3987(para)
17955
#: serverguide/C/network-auth.xml:3989(para)
17958
17957
"The domain controller is the primary DNS resolver as specified in "
17959
17958
"<filename>/etc/resolv.conf</filename>."
17962
#: serverguide/C/network-auth.xml:3990(para)
17961
#: serverguide/C/network-auth.xml:3992(para)
17964
17963
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17965
17964
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17966
17965
"(see Resources section for external links)."
17969
#: serverguide/C/network-auth.xml:3992(para)
17968
#: serverguide/C/network-auth.xml:3994(para)
17971
17970
"System time is synchronized on the domain controller (necessary for "
17975
#: serverguide/C/network-auth.xml:3994(para)
17974
#: serverguide/C/network-auth.xml:3996(para)
17977
17976
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17981
#: serverguide/C/network-auth.xml:3999(para)
17980
#: serverguide/C/network-auth.xml:4001(para)
17983
17982
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17984
17983
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18174
18173
"sudoers: files sss\n"
18177
#: serverguide/C/network-auth.xml:4101(title)
18176
#: serverguide/C/network-auth.xml:4103(title)
18178
18177
msgid "Modify /etc/hosts"
18181
#: serverguide/C/network-auth.xml:4102(para)
18180
#: serverguide/C/network-auth.xml:4104(para)
18183
18182
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18187
#: serverguide/C/network-auth.xml:4103(programlisting)
18186
#: serverguide/C/network-auth.xml:4105(programlisting)
18189
18188
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18192
#: serverguide/C/network-auth.xml:4105(para)
18191
#: serverguide/C/network-auth.xml:4107(para)
18193
18192
msgid "This is useful in conjunction with dynamic DNS updates."
18196
#: serverguide/C/network-auth.xml:4109(title)
18195
#: serverguide/C/network-auth.xml:4111(title)
18197
18196
msgid "Join the Active Directory"
18200
#: serverguide/C/network-auth.xml:4110(para)
18199
#: serverguide/C/network-auth.xml:4112(para)
18201
18200
msgid "Now, restart ntp and samba and start sssd."
18204
#: serverguide/C/virtualization.xml:2208(command)
18203
#: serverguide/C/network-auth.xml:4113(command)
18205
18204
msgid "sudo service ntp restart"
18208
#: serverguide/C/network-auth.xml:4114(command)
18207
#: serverguide/C/network-auth.xml:4116(command)
18209
18208
msgid "sudo start sssd"
18212
#: serverguide/C/network-auth.xml:4116(para)
18211
#: serverguide/C/network-auth.xml:4118(para)
18213
18212
msgid "Test the configuration by obtaining a Kerberos ticket:"
18216
#: serverguide/C/network-auth.xml:4118(command)
18215
#: serverguide/C/network-auth.xml:4120(command)
18217
18216
msgid "sudo kinit Administrator"
18220
#: serverguide/C/network-auth.xml:4120(para)
18219
#: serverguide/C/network-auth.xml:4122(para)
18221
18220
msgid "Verify the ticket with:"
18224
#: serverguide/C/network-auth.xml:4121(command)
18223
#: serverguide/C/network-auth.xml:4123(command)
18225
18224
msgid "sudo klist"
18228
#: serverguide/C/network-auth.xml:4123(para)
18227
#: serverguide/C/network-auth.xml:4125(para)
18230
18229
"If there is a ticket with an expiration date listed, then it is time to join "
18231
18230
"the domain:"
18234
#: serverguide/C/network-auth.xml:4125(command)
18233
#: serverguide/C/network-auth.xml:4127(command)
18235
18234
msgid "sudo net ads join -k"
18238
#: serverguide/C/network-auth.xml:4127(para)
18237
#: serverguide/C/network-auth.xml:4129(para)
18240
18239
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18241
18240
"probably means that there is no (correct) alias in "
20222
20221
"<filename>/var/log/mail.warn</filename> respectively."
20225
#: serverguide/C/mail.xml:382(para)
20224
#: serverguide/C/mail.xml:440(para)
20227
20226
"To see messages entered into the logs in real time you can use the "
20228
20227
"<application>tail -f</application> command:"
20231
#: serverguide/C/mail.xml:387(command)
20230
#: serverguide/C/mail.xml:445(command)
20232
20231
msgid "tail -f /var/log/mail.err"
20233
20232
msgstr "tail -f /var/log/mail.err"
20235
#: serverguide/C/mail.xml:389(para)
20234
#: serverguide/C/mail.xml:447(para)
20237
20236
"The amount of detail that is recorded in the logs can be increased. Below "
20238
20237
"are some configuration options for increasing the log level for some of the "
20239
20238
"areas covered above."
20242
#: serverguide/C/mail.xml:395(para)
20241
#: serverguide/C/mail.xml:453(para)
20244
20243
"To increase <emphasis>TLS</emphasis> activity logging set the "
20245
20244
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20248
#: serverguide/C/mail.xml:399(command)
20247
#: serverguide/C/mail.xml:457(command)
20249
20248
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20250
20249
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20252
#: serverguide/C/mail.xml:403(para)
20251
#: serverguide/C/mail.xml:461(para)
20254
20253
"If you are having trouble sending or receiving mail from a specific domain "
20255
20254
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20258
#: serverguide/C/mail.xml:408(command)
20257
#: serverguide/C/mail.xml:466(command)
20259
20258
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20260
20259
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
20262
#: serverguide/C/mail.xml:412(para)
20261
#: serverguide/C/mail.xml:470(para)
20264
20263
"You can increase the verbosity of any <application>Postfix</application> "
20265
20264
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20397
20396
"in one file you can configure accordingly in this user interface."
20400
#: serverguide/C/mail.xml:514(para)
20399
#: serverguide/C/mail.xml:572(para)
20402
20401
"All the parameters you configure in the user interface are stored in "
20403
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20404
"configure, either you re-run the configuration wizard or manually edit this "
20405
"file using your favorite editor. Once you configure, you can run the "
20402
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20403
"re-configure, either you re-run the configuration wizard or manually edit "
20404
"this file using your favorite editor. Once you configure, you can run the "
20406
20405
"following command to generate the master configuration file:"
20409
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20408
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20410
20409
msgid "sudo update-exim4.conf"
20411
20410
msgstr "sudo update-exim4.conf"
20413
#: serverguide/C/mail.xml:527(para)
20412
#: serverguide/C/mail.xml:585(para)
20415
20414
"The master configuration file, is generated and it is stored in "
20416
20415
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20419
#: serverguide/C/mail.xml:533(para)
20418
#: serverguide/C/mail.xml:591(para)
20421
20420
"At any time, you should not edit the master configuration file, "
20422
20421
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20423
20422
"updated automatically every time you run <command>update-exim4.conf</command>"
20426
#: serverguide/C/mail.xml:541(para)
20425
#: serverguide/C/mail.xml:599(para)
20428
20427
"You can run the following command to start <application>Exim4</application> "
20529
20528
msgid "sudo service exim4 restart"
20532
#: serverguide/C/mail.xml:615(para)
20531
#: serverguide/C/mail.xml:673(para)
20534
20533
"This section provides details on configuring the saslauthd to provide "
20535
20534
"authentication for <application>Exim4</application>."
20538
#: serverguide/C/mail.xml:618(para)
20537
#: serverguide/C/mail.xml:676(para)
20540
20539
"The first step is to install the sasl2-bin package. From a terminal prompt "
20541
20540
"enter the following:"
20544
#: serverguide/C/mail.xml:622(command)
20543
#: serverguide/C/mail.xml:680(command)
20545
20544
msgid "sudo apt-get install sasl2-bin"
20546
20545
msgstr "sudo apt-get install sasl2-bin"
20548
#: serverguide/C/mail.xml:624(para)
20547
#: serverguide/C/mail.xml:682(para)
20550
20549
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20551
20550
"and set START=no to:"
20554
#: serverguide/C/mail.xml:630(para)
20553
#: serverguide/C/mail.xml:688(para)
20556
20555
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20557
20556
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20561
#: serverguide/C/mail.xml:635(command)
20560
#: serverguide/C/mail.xml:693(command)
20562
20561
msgid "sudo adduser Debian-exim sasl"
20565
#: serverguide/C/mail.xml:637(para)
20564
#: serverguide/C/mail.xml:695(para)
20566
20565
msgid "Now start the <application>saslauthd</application> service:"
20567
20566
msgstr "Цяпер запусьціце сэрвіс <application>saslauthd</application>:"
20790
20789
"and maintain."
20793
#: serverguide/C/mail.xml:829(para)
20792
#: serverguide/C/mail.xml:888(para)
20795
20794
"Mailman provides a web interface for the administrators and users, using an "
20796
20795
"external mail server to send and receive emails. It works perfectly with the "
20797
20796
"following mail servers:"
20800
#: serverguide/C/mail.xml:840(application)
20799
#: serverguide/C/mail.xml:899(application)
20802
20801
msgstr "Exim"
20804
#: serverguide/C/mail.xml:843(application)
20803
#: serverguide/C/mail.xml:902(application)
20805
20804
msgid "Sendmail"
20806
20805
msgstr "Sendmail"
20808
#: serverguide/C/mail.xml:846(application)
20807
#: serverguide/C/mail.xml:905(application)
20809
20808
msgid "Qmail"
20810
20809
msgstr "Qmail"
20812
#: serverguide/C/mail.xml:851(para)
20811
#: serverguide/C/mail.xml:910(para)
20814
20813
"We will see how to install and configure Mailman with, the Apache web "
20815
20814
"server, and either the Postfix or Exim mail server. If you wish to install "
20816
20815
"Mailman with a different mail server, please refer to the references section."
20819
#: serverguide/C/mail.xml:858(para)
20818
#: serverguide/C/mail.xml:917(para)
20821
20820
"You only need to install one mail server and "
20822
20821
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20825
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20824
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20826
20825
msgid "Apache2"
20827
20826
msgstr "Apache2"
20829
#: serverguide/C/mail.xml:864(para)
20828
#: serverguide/C/mail.xml:923(para)
20831
20830
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20835
#: serverguide/C/mail.xml:870(para)
20834
#: serverguide/C/mail.xml:929(para)
20837
20836
"For instructions on installing and configuring Postfix refer to <xref "
20838
20837
"linkend=\"postfix\"/>"
20841
#: serverguide/C/mail.xml:876(para)
20840
#: serverguide/C/mail.xml:935(para)
20842
20841
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20845
#: serverguide/C/mail.xml:879(para)
20844
#: serverguide/C/mail.xml:938(para)
20847
20846
"Once exim4 is installed, the configuration files are stored in the "
20848
20847
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20923
20922
"available/mailman.conf</filename> file if you wish to change this behavior."
20926
#: serverguide/C/mail.xml:948(para)
20925
#: serverguide/C/mail.xml:1007(para)
20928
20927
"For <application>Postfix</application> integration, we will associate the "
20929
20928
"domain lists.example.com with the mailing lists. Please replace "
20930
20929
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20933
#: serverguide/C/mail.xml:952(para)
20932
#: serverguide/C/mail.xml:1011(para)
20935
20934
"You can use the postconf command to add the necessary configuration to "
20936
20935
"<filename>/etc/postfix/main.cf</filename>:"
20939
#: serverguide/C/mail.xml:956(command)
20938
#: serverguide/C/mail.xml:1015(command)
20940
20939
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20941
20940
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
20943
#: serverguide/C/mail.xml:957(command)
20942
#: serverguide/C/mail.xml:1016(command)
20944
20943
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20945
20944
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20947
#: serverguide/C/mail.xml:958(command)
20946
#: serverguide/C/mail.xml:1017(command)
20948
20947
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20951
#: serverguide/C/mail.xml:960(para)
20950
#: serverguide/C/mail.xml:1019(para)
20953
20952
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20954
20953
"the following transport:"
20957
#: serverguide/C/mail.xml:963(programlisting)
20956
#: serverguide/C/mail.xml:1022(programlisting)
20989
20988
"lists.example.com mailman:\n"
20991
#: serverguide/C/mail.xml:977(para)
20990
#: serverguide/C/mail.xml:1036(para)
20993
20992
"Now have <application>Postfix</application> build the transport map by "
20994
20993
"entering the following from a terminal prompt:"
20997
#: serverguide/C/mail.xml:981(command)
20996
#: serverguide/C/mail.xml:1040(command)
20998
20997
msgid "sudo postmap -v /etc/postfix/transport"
20999
20998
msgstr "sudo postmap -v /etc/postfix/transport"
21001
#: serverguide/C/mail.xml:983(para)
21000
#: serverguide/C/mail.xml:1042(para)
21002
21001
msgid "Then restart Postfix to enable the new configurations:"
21003
21002
msgstr "Перазапусьціце Postfix каб ужыць новыя наладкі:"
21005
#: serverguide/C/mail.xml:992(para)
21004
#: serverguide/C/mail.xml:1051(para)
21007
21006
"Once Exim4 is installed, you can start the Exim server using the following "
21008
21007
"command from a terminal prompt:"
21011
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21010
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21015
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21014
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21016
21015
msgid "Transport"
21019
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21018
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21020
21019
msgid "Router"
21023
#: serverguide/C/mail.xml:999(para)
21022
#: serverguide/C/mail.xml:1058(para)
21025
21024
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21026
21025
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21312
21311
"spf</application>."
21315
#: serverguide/C/mail.xml:1251(para)
21314
#: serverguide/C/mail.xml:1310(para)
21317
21316
"<application>Amavisd-new</application> is a wrapper program that can call "
21318
21317
"any number of content filtering programs for spam detection, antivirus, etc."
21321
#: serverguide/C/mail.xml:1257(para)
21320
#: serverguide/C/mail.xml:1316(para)
21323
21322
"<application>Spamassassin</application> uses a variety of mechanisms to "
21324
21323
"filter email based on the message content."
21327
#: serverguide/C/mail.xml:1262(para)
21326
#: serverguide/C/mail.xml:1321(para)
21329
21328
"<application>ClamAV</application> is an open source antivirus application."
21332
#: serverguide/C/mail.xml:1267(para)
21331
#: serverguide/C/mail.xml:1326(para)
21334
21333
"<application>opendkim</application> implements a Sendmail Mail Filter "
21335
21334
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21338
#: serverguide/C/mail.xml:1273(para)
21337
#: serverguide/C/mail.xml:1332(para)
21340
21339
"<application>python-policyd-spf</application> enables Sender Policy "
21341
21340
"Framework (SPF) checking with <application>Postfix</application>."
21344
#: serverguide/C/mail.xml:1278(para)
21343
#: serverguide/C/mail.xml:1337(para)
21345
21344
msgid "This is how the pieces fit together:"
21348
#: serverguide/C/mail.xml:1283(para)
21347
#: serverguide/C/mail.xml:1342(para)
21349
21348
msgid "An email message is accepted by <application>Postfix</application>."
21352
#: serverguide/C/mail.xml:1288(para)
21351
#: serverguide/C/mail.xml:1347(para)
21354
21353
"The message is passed through any external filters "
21355
21354
"<application>opendkim</application> and <application>python-policyd-"
21356
21355
"spf</application> in this case."
21359
#: serverguide/C/mail.xml:1294(para)
21358
#: serverguide/C/mail.xml:1353(para)
21360
21359
msgid "<application>Amavisd-new</application> then processes the message."
21363
#: serverguide/C/mail.xml:1299(para)
21362
#: serverguide/C/mail.xml:1358(para)
21365
21364
"<application>ClamAV</application> is used to scan the message. If the "
21366
21365
"message contains a virus <application>Postfix</application> will reject the "
21370
#: serverguide/C/mail.xml:1305(para)
21369
#: serverguide/C/mail.xml:1364(para)
21372
21371
"Clean messages will then be analyzed by "
21373
21372
"<application>Spamassassin</application> to find out if the message is spam. "
21388
#: serverguide/C/mail.xml:1319(para)
21387
#: serverguide/C/mail.xml:1378(para)
21390
21389
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21391
21390
"configuring Postfix."
21394
#: serverguide/C/mail.xml:1322(para)
21393
#: serverguide/C/mail.xml:1381(para)
21396
21395
"To install the rest of the applications enter the following from a terminal "
21400
#: serverguide/C/mail.xml:1326(command)
21399
#: serverguide/C/mail.xml:1385(command)
21401
21400
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21402
21401
msgstr "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21404
#: serverguide/C/mail.xml:1327(command)
21403
#: serverguide/C/mail.xml:1386(command)
21405
21404
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21408
#: serverguide/C/mail.xml:1329(para)
21407
#: serverguide/C/mail.xml:1388(para)
21410
21409
"There are some optional packages that integrate with "
21411
21410
"<application>Spamassassin</application> for better spam detection:"
21414
#: serverguide/C/mail.xml:1333(command)
21413
#: serverguide/C/mail.xml:1392(command)
21415
21414
msgid "sudo apt-get install pyzor razor"
21416
21415
msgstr "sudo apt-get install pyzor razor"
21418
#: serverguide/C/mail.xml:1335(para)
21417
#: serverguide/C/mail.xml:1394(para)
21420
21419
"Along with the main filtering applications compression utilities are needed "
21421
21420
"to process some email attachments:"
21424
#: serverguide/C/mail.xml:1339(command)
21423
#: serverguide/C/mail.xml:1398(command)
21426
21425
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21429
#: serverguide/C/mail.xml:1342(para)
21428
#: serverguide/C/mail.xml:1401(para)
21431
21430
"If some packages are not found, check that the "
21432
21431
"<emphasis>multiverse</emphasis> repository is enabled in "
21433
21432
"<filename>/etc/apt/sources.list</filename>"
21436
#: serverguide/C/mail.xml:1343(para)
21435
#: serverguide/C/mail.xml:1402(para)
21438
21437
"If you make changes to the file, be sure to run <command>sudo apt-get "
21439
21438
"update</command> before trying to install again."
21442
#: serverguide/C/mail.xml:1348(para)
21441
#: serverguide/C/mail.xml:1407(para)
21443
21442
msgid "Now configure everything to work together and filter email."
21446
#: serverguide/C/mail.xml:1352(title)
21445
#: serverguide/C/mail.xml:1411(title)
21447
21446
msgid "ClamAV"
21448
21447
msgstr "ClamAV"
21450
#: serverguide/C/mail.xml:1353(para)
21449
#: serverguide/C/mail.xml:1412(para)
21452
21451
"The default behaviour of <application>ClamAV</application> will fit our "
21453
21452
"needs. For more ClamAV configuration options, check the configuration files "
21454
21453
"in <filename>/etc/clamav</filename>."
21457
#: serverguide/C/mail.xml:1358(para)
21456
#: serverguide/C/mail.xml:1417(para)
21459
21458
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21460
21459
"group in order for <application>Amavisd-new</application> to have the "
21461
21460
"appropriate access to scan files:"
21464
#: serverguide/C/mail.xml:1363(command)
21463
#: serverguide/C/mail.xml:1422(command)
21465
21464
msgid "sudo adduser clamav amavis"
21466
21465
msgstr "sudo adduser clamav amavis"
21468
#: serverguide/C/mail.xml:1364(command)
21467
#: serverguide/C/mail.xml:1423(command)
21469
21468
msgid "sudo adduser amavis clamav"
21472
#: serverguide/C/mail.xml:1368(title)
21471
#: serverguide/C/mail.xml:1427(title)
21473
21472
msgid "Spamassassin"
21476
#: serverguide/C/mail.xml:1369(para)
21475
#: serverguide/C/mail.xml:1428(para)
21478
21477
"Spamassassin automatically detects optional components and will use them if "
21479
21478
"they are present. This means that there is no need to configure "
21480
21479
"<application>pyzor</application> and <application>razor</application>."
21483
#: serverguide/C/mail.xml:1373(para)
21482
#: serverguide/C/mail.xml:1432(para)
21485
21484
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21486
21485
"<application>Spamassassin</application> daemon. Change "
21487
21486
"<emphasis>ENABLED=0</emphasis> to:"
21490
#: serverguide/C/mail.xml:1377(programlisting)
21489
#: serverguide/C/mail.xml:1436(programlisting)
21627
21626
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21630
#: serverguide/C/mail.xml:1470(para)
21629
#: serverguide/C/mail.xml:1528(para)
21631
21630
msgid "There are multiple ways to configure the Whitelist for a domain:"
21634
#: serverguide/C/mail.xml:1476(para)
21633
#: serverguide/C/mail.xml:1534(para)
21636
21635
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21637
21636
"address from the \"example.com\" domain."
21640
#: serverguide/C/mail.xml:1481(para)
21639
#: serverguide/C/mail.xml:1539(para)
21642
21641
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21643
21642
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21644
21643
"have a valid signature."
21647
#: serverguide/C/mail.xml:1487(para)
21646
#: serverguide/C/mail.xml:1545(para)
21649
21648
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21650
21649
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21651
21650
"role=\"italic\">example.com</emphasis> the parent domain."
21654
#: serverguide/C/mail.xml:1493(para)
21653
#: serverguide/C/mail.xml:1551(para)
21656
21655
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21657
21656
"that have a valid signature from \"example.com\". This is usually used for "
21658
21657
"discussion groups that sign their messages."
21661
#: serverguide/C/mail.xml:1500(para)
21660
#: serverguide/C/mail.xml:1558(para)
21663
21662
"A domain can also have multiple Whitelist configurations. After editing the "
21664
21663
"file, restart <application>amavisd-new</application>:"
21667
#: serverguide/C/mail.xml:1510(para)
21666
#: serverguide/C/mail.xml:1568(para)
21669
21668
"In this context, once a domain has been added to the Whitelist the message "
21670
21669
"will not receive any anti-virus or spam filtering. This may or may not be "
21671
21670
"the intended behavior you wish for a domain."
21674
#: serverguide/C/mail.xml:1520(para)
21673
#: serverguide/C/mail.xml:1578(para)
21676
21675
"For <application>Postfix</application> integration, enter the following from "
21677
21676
"a terminal prompt:"
21680
#: serverguide/C/mail.xml:1524(command)
21679
#: serverguide/C/mail.xml:1582(command)
21681
21680
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21682
21681
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21684
#: serverguide/C/mail.xml:1526(para)
21683
#: serverguide/C/mail.xml:1584(para)
21686
21685
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21687
21686
"to the end of the file:"
21909
21908
"back to normal."
21912
#: serverguide/C/mail.xml:1689(para)
21911
#: serverguide/C/mail.xml:1747(para)
21913
21912
msgid "For more information on filtering mail see the following links:"
21916
#: serverguide/C/mail.xml:1695(ulink)
21915
#: serverguide/C/mail.xml:1753(ulink)
21917
21916
msgid "Amavisd-new Documentation"
21920
#: serverguide/C/mail.xml:1699(para)
21919
#: serverguide/C/mail.xml:1757(para)
21922
21921
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21923
21922
"Documentation</ulink> and <ulink "
21924
21923
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21927
#: serverguide/C/mail.xml:1706(ulink)
21926
#: serverguide/C/mail.xml:1764(ulink)
21928
21927
msgid "Spamassassin Wiki"
21931
#: serverguide/C/mail.xml:1711(ulink)
21930
#: serverguide/C/mail.xml:1769(ulink)
21932
21931
msgid "Pyzor Homepage"
21933
21932
msgstr "Хатняя старонка Pyzor"
21935
#: serverguide/C/mail.xml:1716(ulink)
21934
#: serverguide/C/mail.xml:1774(ulink)
21936
21935
msgid "Razor Homepage"
21937
21936
msgstr "Хатняя старонка Razor"
21939
#: serverguide/C/mail.xml:1721(ulink)
21938
#: serverguide/C/mail.xml:1779(ulink)
21940
21939
msgid "DKIM.org"
21941
21940
msgstr "DKIM.org"
21943
#: serverguide/C/mail.xml:1726(ulink)
21942
#: serverguide/C/mail.xml:1784(ulink)
21944
21943
msgid "Postfix Amavis New"
21947
#: serverguide/C/mail.xml:1730(para)
21946
#: serverguide/C/mail.xml:1788(para)
21949
21948
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21950
21949
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22222
22242
"http://localhost/mywiki\n"
22224
#: serverguide/C/lamp-applications.xml:237(para)
22244
#: serverguide/C/lamp-applications.xml:253(para)
22226
22246
"For more details, please refer to the <ulink "
22227
22247
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
22230
#: serverguide/C/lamp-applications.xml:248(para)
22250
#: serverguide/C/lamp-applications.xml:264(para)
22232
22252
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
22233
22253
"Wiki</ulink>."
22236
#: serverguide/C/lamp-applications.xml:253(para)
22256
#: serverguide/C/lamp-applications.xml:269(para)
22238
22258
"Also, see the <ulink "
22239
22259
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
22240
22260
"MoinMoin</ulink> page."
22243
#: serverguide/C/lamp-applications.xml:262(title)
22263
#: serverguide/C/lamp-applications.xml:278(title)
22244
22264
msgid "MediaWiki"
22245
22265
msgstr "MediaWiki"
22247
#: serverguide/C/lamp-applications.xml:264(para)
22267
#: serverguide/C/lamp-applications.xml:280(para)
22249
22269
"MediaWiki is an web based Wiki software written in the PHP language. It can "
22250
22270
"either use <application>MySQL</application> or "
22251
22271
"<application>PostgreSQL</application> Database Management System."
22254
#: serverguide/C/lamp-applications.xml:274(para)
22274
#: serverguide/C/lamp-applications.xml:290(para)
22256
22276
"Before installing <application>MediaWiki</application> you should also "
22257
22277
"install <application>Apache2</application>, the "
22318
22338
"config/index.php</ulink> if your server has no GUI.)"
22321
#: serverguide/C/lamp-applications.xml:334(para)
22341
#: serverguide/C/lamp-applications.xml:350(para)
22323
22343
"Please read the <quote>Environmental checks</quote> section of the "
22324
22344
"configuration page. You should be able to fix many issues by carefully "
22325
22345
"reading this section."
22328
#: serverguide/C/lamp-applications.xml:330(para)
22348
#: serverguide/C/lamp-applications.xml:357(para)
22330
22350
"Once the configuration is complete, you should copy the "
22331
22351
"<filename>LocalSettings.php</filename> file to "
22332
22352
"<filename>/etc/mediawiki</filename> directory:"
22335
#: serverguide/C/lamp-applications.xml:337(command)
22355
#: serverguide/C/lamp-applications.xml:364(command)
22336
22356
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22339
#: serverguide/C/lamp-applications.xml:340(para)
22359
#: serverguide/C/lamp-applications.xml:367(para)
22341
22361
"You may also want to edit "
22342
22362
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22343
22363
"memory limit (disabled by default):"
22346
#: serverguide/C/lamp-applications.xml:345(programlisting)
22366
#: serverguide/C/lamp-applications.xml:372(programlisting)
22350
22370
"ini_set( 'memory_limit', '64M' );\n"
22353
#: serverguide/C/lamp-applications.xml:352(title)
22373
#: serverguide/C/lamp-applications.xml:379(title)
22354
22374
msgid "Extensions"
22357
#: serverguide/C/lamp-applications.xml:353(para)
22377
#: serverguide/C/lamp-applications.xml:380(para)
22359
22379
"The extensions add new features and enhancements for the MediaWiki "
22360
22380
"application. The extensions give wiki administrators and end users the "
22361
22381
"ability to customize MediaWiki to their requirements."
22364
#: serverguide/C/lamp-applications.xml:359(para)
22384
#: serverguide/C/lamp-applications.xml:386(para)
22366
22386
"You can download MediaWiki extensions as an archive file or checkout from "
22367
22387
"the Subversion repository. You should copy it to "
22370
22390
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
22373
#: serverguide/C/lamp-applications.xml:367(programlisting)
22393
#: serverguide/C/lamp-applications.xml:394(programlisting)
22377
22397
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
22380
#: serverguide/C/lamp-applications.xml:377(para)
22400
#: serverguide/C/lamp-applications.xml:404(para)
22382
22402
"For more details, please refer to the <ulink "
22383
22403
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22386
#: serverguide/C/lamp-applications.xml:394(para)
22406
#: serverguide/C/lamp-applications.xml:410(para)
22388
22408
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22389
22409
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22390
22410
"new MediaWiki administrators."
22393
#: serverguide/C/lamp-applications.xml:389(para)
22413
#: serverguide/C/lamp-applications.xml:416(para)
22395
22415
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
22396
22416
"Wiki MediaWiki</ulink> page is a good resource."
22399
#: serverguide/C/lamp-applications.xml:399(title)
22419
#: serverguide/C/lamp-applications.xml:426(title)
22400
22420
msgid "phpMyAdmin"
22401
22421
msgstr "phpMyAdmin"
22403
#: serverguide/C/lamp-applications.xml:401(para)
22423
#: serverguide/C/lamp-applications.xml:428(para)
22405
22425
"<application>phpMyAdmin</application> is a LAMP application specifically "
22406
22426
"written for administering <application>MySQL</application> servers. Written "
22477
22497
"remote database."
22480
#: serverguide/C/lamp-applications.xml:462(para)
22500
#: serverguide/C/lamp-applications.xml:489(para)
22482
22502
"Once configured, log out of <application>phpMyAdmin</application> and back "
22483
22503
"in, and you should be accessing the new server."
22486
#: serverguide/C/lamp-applications.xml:466(para)
22506
#: serverguide/C/lamp-applications.xml:493(para)
22488
22508
"The <filename>config.header.inc.php</filename> and "
22489
22509
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22490
22510
"header and footer to <application>phpMyAdmin</application>."
22493
#: serverguide/C/lamp-applications.xml:471(para)
22513
#: serverguide/C/lamp-applications.xml:498(para)
22495
22515
"Another important configuration file is "
22496
22516
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22497
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22498
"configure <application>Apache2</application> to serve the "
22499
"<application>phpMyAdmin</application> site. The file contains directives for "
22500
"loading <application>PHP</application>, directory permissions, etc. For more "
22501
"information on configuring <application>Apache2</application> see <xref "
22502
"linkend=\"httpd\"/>."
22505
#: serverguide/C/lamp-applications.xml:485(para)
22517
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22518
"enabled, is used to configure <application>Apache2</application> to serve "
22519
"the <application>phpMyAdmin</application> site. The file contains directives "
22520
"for loading <application>PHP</application>, directory permissions, etc. From "
22524
#: serverguide/C/lamp-applications.xml:506(command)
22526
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22527
"available/phpmyadmin.conf"
22530
#: serverguide/C/lamp-applications.xml:507(command)
22531
msgid "sudo a2enconf phpmyadmin.conf"
22534
#: serverguide/C/lamp-applications.xml:511(para)
22536
"For more information on configuring <application>Apache2</application> see "
22537
"<xref linkend=\"httpd\"/>."
22540
#: serverguide/C/lamp-applications.xml:522(para)
22507
22542
"The <application>phpMyAdmin</application> documentation comes installed with "
22508
22543
"the package and can be accessed from the <emphasis>phpMyAdmin "
22511
22546
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22514
#: serverguide/C/lamp-applications.xml:492(para)
22549
#: serverguide/C/lamp-applications.xml:529(para)
22516
22551
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22517
22552
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22520
#: serverguide/C/lamp-applications.xml:497(para)
22555
#: serverguide/C/lamp-applications.xml:534(para)
22522
22557
"A third resource is the <ulink "
22523
22558
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22524
22559
"Wiki</ulink> page."
22527
#: serverguide/C/lamp-applications.xml:517(title)
22562
#: serverguide/C/lamp-applications.xml:543(title)
22528
22563
msgid "WordPress"
22531
#: serverguide/C/lamp-applications.xml:518(para)
22566
#: serverguide/C/lamp-applications.xml:544(para)
22533
22568
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22534
22569
"licensed under the GNU GPLv2."
22537
#: serverguide/C/lamp-applications.xml:524(para)
22572
#: serverguide/C/lamp-applications.xml:550(para)
22539
22574
"To install <application>WordPress</application>, run the following comand in "
22540
22575
"the command prompt:"
22543
#: serverguide/C/lamp-applications.xml:529(command)
22578
#: serverguide/C/lamp-applications.xml:555(command)
22544
22579
msgid "sudo apt-get install wordpress"
22547
#: serverguide/C/lamp-applications.xml:532(para)
22582
#: serverguide/C/lamp-applications.xml:558(para)
22549
22584
"You should also install <application>apache2</application> web server and "
22550
22585
"<application>mysql</application> server. For installing "
22726
22761
#: serverguide/C/introduction.xml:31(para)
22728
22763
"There are a couple of different ways that Ubuntu Server Edition is "
22729
"supported, commercial support and community support. The main commercial "
22730
"support (and development funding) is available from Canonical Ltd. They "
22731
"supply reasonably priced support contracts on a per desktop or per server "
22764
"supported: commercial support and community support. The main commercial "
22765
"support (and development funding) is available from Canonical, Ltd. They "
22766
"supply reasonably- priced support contracts on a per desktop or per server "
22732
22767
"basis. For more information see the <ulink "
22733
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22768
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22737
#: serverguide/C/introduction.xml:38(para)
22771
#: serverguide/C/introduction.xml:40(para)
22739
"Community support is also provided by dedicated individuals, and companies, "
22773
"Community support is also provided by dedicated individuals and companies "
22740
22774
"that wish to make Ubuntu the best distribution possible. Support is provided "
22741
22775
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22742
22776
"large amount of information available can be overwhelming, but a good search "
22985
23019
msgid "Next, the installer asks for the system's hostname."
22988
#: serverguide/C/installation.xml:195(para)
23022
#: serverguide/C/installation.xml:184(para)
22990
23024
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22991
23025
"through the <application>sudo</application> utility."
22994
#: serverguide/C/installation.xml:201(para)
23028
#: serverguide/C/installation.xml:190(para)
22996
"After the user settings have been completed, you will be asked to encrypt "
22997
"your <filename role=\"directory\">home</filename> directory."
23030
"After the user settings have been completed, you will be asked if you want "
23031
"to encrypt your <filename role=\"directory\">home</filename> directory."
23000
23034
#: serverguide/C/installation.xml:196(para)
23001
23035
msgid "Next, the installer asks for the system's Time Zone."
23004
#: serverguide/C/installation.xml:182(para)
23038
#: serverguide/C/installation.xml:201(para)
23006
23040
"You can then choose from several options to configure the hard drive layout. "
23007
"Afterwards you are asked for which disk to install to. You may get "
23008
"confirmation prompts before rewriting the partition table or setting up LVM "
23009
"depending on disk layout. If you choose LVM, you will be asked for the size "
23010
"of the root logical volume. For advanced disk options see <xref "
23011
"linkend=\"advanced-installation\"/>."
23041
"Afterwards you are asked which disk to install to. You may get confirmation "
23042
"prompts before rewriting the partition table or setting up LVM depending on "
23043
"disk layout. If you choose LVM, you will be asked for the size of the root "
23044
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
23045
"installation\"/>."
23014
#: serverguide/C/installation.xml:190(para)
23048
#: serverguide/C/installation.xml:209(para)
23015
23049
msgid "The Ubuntu base system is then installed."
23018
#: serverguide/C/installation.xml:207(para)
23052
#: serverguide/C/installation.xml:214(para)
23020
23054
"The next step in the installation process is to decide how you want to "
23021
23055
"update the system. There are three options:"
23024
#: serverguide/C/installation.xml:213(para)
23058
#: serverguide/C/installation.xml:220(para)
23026
23060
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
23027
23061
"log into the machine and manually install updates."
23030
#: serverguide/C/installation.xml:219(para)
23064
#: serverguide/C/installation.xml:226(para)
23032
23066
"<emphasis>Install security updates automatically</emphasis>: this will "
23033
23067
"install the <application>unattended-upgrades</application> package, which "
23076
23110
"Installation Guide</ulink>."
23079
#: serverguide/C/installation.xml:265(title)
23113
#: serverguide/C/installation.xml:272(title)
23080
23114
msgid "Package Tasks"
23083
#: serverguide/C/installation.xml:266(para)
23117
#: serverguide/C/installation.xml:273(para)
23085
23119
"During the Server Edition installation you have the option of installing "
23086
23120
"additional packages from the CD. The packages are grouped by the type of "
23087
23121
"service they provide."
23090
#: serverguide/C/installation.xml:272(para)
23124
#: serverguide/C/installation.xml:279(para)
23091
23125
msgid "DNS server: Selects the BIND DNS server and its documentation."
23094
#: serverguide/C/installation.xml:277(para)
23128
#: serverguide/C/installation.xml:284(para)
23095
23129
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23098
#: serverguide/C/installation.xml:282(para)
23132
#: serverguide/C/installation.xml:289(para)
23100
23134
"Mail server: This task selects a variety of packages useful for a general "
23101
23135
"purpose mail server system."
23104
#: serverguide/C/installation.xml:287(para)
23138
#: serverguide/C/installation.xml:294(para)
23105
23139
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23108
#: serverguide/C/installation.xml:292(para)
23142
#: serverguide/C/installation.xml:299(para)
23110
23144
"PostgreSQL database: This task selects client and server packages for the "
23111
23145
"PostgreSQL database."
23114
#: serverguide/C/installation.xml:297(para)
23148
#: serverguide/C/installation.xml:304(para)
23115
23149
msgid "Print server: This task sets up your system to be a print server."
23118
#: serverguide/C/installation.xml:302(para)
23152
#: serverguide/C/installation.xml:309(para)
23120
23154
"Samba File server: This task sets up your system to be a Samba file server, "
23121
23155
"which is especially suitable in networks with both Windows and Linux systems."
23124
#: serverguide/C/installation.xml:308(para)
23158
#: serverguide/C/installation.xml:315(para)
23125
23159
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23128
#: serverguide/C/installation.xml:313(para)
23162
#: serverguide/C/installation.xml:320(para)
23130
23164
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23133
#: serverguide/C/installation.xml:318(para)
23167
#: serverguide/C/installation.xml:325(para)
23135
23169
"Manually select packages: Executes <application>aptitude</application> "
23136
23170
"allowing you to individually select packages."
23139
#: serverguide/C/installation.xml:323(para)
23173
#: serverguide/C/installation.xml:330(para)
23141
23175
"Installing the package groups is accomplished using the "
23142
23176
"<application>tasksel</application> utility. One of the important differences "
23193
#: serverguide/C/installation.xml:359(para)
23227
#: serverguide/C/installation.xml:366(para)
23195
23229
"If you did not install one of the tasks during the installation process, but "
23196
23230
"for example you decide to make your new LAMP server a DNS server as well, "
23197
23231
"simply insert the installation CD and from a terminal:"
23200
#: serverguide/C/installation.xml:364(command)
23234
#: serverguide/C/installation.xml:371(command)
23201
23235
msgid "sudo tasksel install dns-server"
23202
23236
msgstr "sudo tasksel install dns-server"
23204
#: serverguide/C/installation.xml:369(title)
23238
#: serverguide/C/installation.xml:376(title)
23205
23239
msgid "Upgrading"
23206
23240
msgstr "Абнаўленьне"
23208
#: serverguide/C/installation.xml:370(para)
23242
#: serverguide/C/installation.xml:377(para)
23210
23244
"There are several ways to upgrade from one Ubuntu release to another. This "
23211
23245
"section gives an overview of the recommended upgrade method."
23214
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
23248
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
23215
23249
msgid "do-release-upgrade"
23216
23250
msgstr "do-release-upgrade"
23218
#: serverguide/C/installation.xml:375(para)
23252
#: serverguide/C/installation.xml:382(para)
23220
23254
"The recommended way to upgrade a Server Edition installation is to use the "
23221
23255
"<application>do-release-upgrade</application> utility. Part of the "
23231
23265
"system configuration changes sometimes needed between releases."
23234
#: serverguide/C/installation.xml:385(para)
23268
#: serverguide/C/installation.xml:392(para)
23235
23269
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23236
23270
msgstr "Каб абнавіць да апошняга выпуску, увядзіце ў тэрмінале:"
23238
#: serverguide/C/installation.xml:391(para)
23272
#: serverguide/C/installation.xml:398(para)
23240
23274
"It is also possible to use <application>do-release-upgrade</application> to "
23241
23275
"upgrade to a development version of Ubuntu. To accomplish this use the "
23242
23276
"<emphasis>-d</emphasis> switch:"
23245
#: serverguide/C/installation.xml:396(command)
23279
#: serverguide/C/installation.xml:403(command)
23246
23280
msgid "do-release-upgrade -d"
23247
23281
msgstr "do-release-upgrade -d"
23249
#: serverguide/C/installation.xml:399(para)
23283
#: serverguide/C/installation.xml:406(para)
23251
23285
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23252
23286
"for production environments."
23255
#: serverguide/C/installation.xml:406(title)
23289
#: serverguide/C/installation.xml:413(title)
23256
23290
msgid "Advanced Installation"
23259
#: serverguide/C/installation.xml:409(title)
23293
#: serverguide/C/installation.xml:416(title)
23260
23294
msgid "Software RAID"
23263
#: serverguide/C/installation.xml:411(para)
23297
#: serverguide/C/installation.xml:418(para)
23265
23299
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23266
23300
"disks to provide different balances of increasing data reliability and/or "
23281
23315
"another for <emphasis>swap</emphasis>."
23284
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23318
#: serverguide/C/installation.xml:434(title)
23285
23319
msgid "Partitioning"
23288
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23322
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23290
23324
"Follow the installation steps until you get to the <emphasis>Partition "
23291
23325
"disks</emphasis> step, then:"
23294
#: serverguide/C/installation.xml:436(para)
23328
#: serverguide/C/installation.xml:443(para)
23295
23329
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23298
#: serverguide/C/installation.xml:443(para)
23332
#: serverguide/C/installation.xml:450(para)
23300
23334
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23301
23335
"partition table on this device?\"</emphasis>."
23304
#: serverguide/C/installation.xml:447(para)
23338
#: serverguide/C/installation.xml:454(para)
23306
23340
"Repeat this step for each drive you wish to be part of the RAID array."
23309
#: serverguide/C/installation.xml:454(para)
23343
#: serverguide/C/installation.xml:461(para)
23311
23345
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23312
23346
"select <emphasis>\"Create a new partition\"</emphasis>."
23315
#: serverguide/C/installation.xml:461(para)
23349
#: serverguide/C/installation.xml:468(para)
23317
23351
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23318
23352
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23358
23392
"<emphasis>\"Done setting up partition\"</emphasis>."
23361
#: serverguide/C/installation.xml:511(para)
23395
#: serverguide/C/installation.xml:518(para)
23362
23396
msgid "Repeat steps three through eight for the other disk and partitions."
23365
#: serverguide/C/installation.xml:520(title)
23399
#: serverguide/C/installation.xml:527(title)
23366
23400
msgid "RAID Configuration"
23367
23401
msgstr "Наладкі RAID"
23369
#: serverguide/C/installation.xml:522(para)
23403
#: serverguide/C/installation.xml:529(para)
23370
23404
msgid "With the partitions setup the arrays are ready to be configured:"
23373
#: serverguide/C/installation.xml:529(para)
23407
#: serverguide/C/installation.xml:536(para)
23375
23409
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23376
23410
"Software RAID\"</emphasis> at the top."
23379
#: serverguide/C/installation.xml:536(para)
23413
#: serverguide/C/installation.xml:543(para)
23380
23414
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23383
#: serverguide/C/installation.xml:543(para)
23417
#: serverguide/C/installation.xml:550(para)
23384
23418
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23387
#: serverguide/C/installation.xml:550(para)
23421
#: serverguide/C/installation.xml:557(para)
23389
23423
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23390
23424
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23393
#: serverguide/C/installation.xml:556(para)
23427
#: serverguide/C/installation.xml:563(para)
23395
23429
"In order to use <emphasis>RAID5</emphasis> you need at least "
23396
23430
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23397
23431
"<emphasis>two</emphasis> drives are required."
23400
#: serverguide/C/installation.xml:565(para)
23434
#: serverguide/C/installation.xml:572(para)
23402
23436
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23403
23437
"of hard drives you have, for the array. Then select "
23404
23438
"<emphasis>\"Continue\"</emphasis>."
23407
#: serverguide/C/installation.xml:573(para)
23441
#: serverguide/C/installation.xml:580(para)
23409
23443
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23410
23444
"default, then choose <emphasis>\"Continue\"</emphasis>."
23413
#: serverguide/C/installation.xml:580(para)
23447
#: serverguide/C/installation.xml:587(para)
23415
23449
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23416
23450
"etc. The numbers will usually match and the different letters correspond to "
23417
23451
"different hard drives."
23420
#: serverguide/C/installation.xml:585(para)
23454
#: serverguide/C/installation.xml:592(para)
23422
23456
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23423
23457
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23424
23458
"go to the next step."
23427
#: serverguide/C/installation.xml:593(para)
23461
#: serverguide/C/installation.xml:600(para)
23429
23463
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23430
23464
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23431
23465
"and <emphasis>sdb2</emphasis>."
23434
#: serverguide/C/installation.xml:601(para)
23468
#: serverguide/C/installation.xml:608(para)
23435
23469
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23438
#: serverguide/C/installation.xml:611(title)
23472
#: serverguide/C/installation.xml:618(title)
23439
23473
msgid "Formatting"
23442
#: serverguide/C/installation.xml:613(para)
23476
#: serverguide/C/installation.xml:620(para)
23444
23478
"There should now be a list of hard drives and RAID devices. The next step is "
23445
23479
"to format and set the mount point for the RAID devices. Treat the RAID "
23446
23480
"device as a local hard drive, format and mount accordingly."
23449
#: serverguide/C/installation.xml:621(para)
23483
#: serverguide/C/installation.xml:628(para)
23451
23485
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23452
23486
"#0\"</emphasis> partition."
23455
#: serverguide/C/installation.xml:628(para)
23489
#: serverguide/C/installation.xml:635(para)
23457
23491
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23458
23492
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23461
#: serverguide/C/installation.xml:636(para)
23495
#: serverguide/C/installation.xml:643(para)
23463
23497
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23464
23498
"#1\"</emphasis> partition."
23467
#: serverguide/C/installation.xml:643(para)
23501
#: serverguide/C/installation.xml:650(para)
23469
23503
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23470
23504
"journaling file system\"</emphasis>."
23473
#: serverguide/C/installation.xml:650(para)
23507
#: serverguide/C/installation.xml:657(para)
23475
23509
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23476
23510
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23478
23512
"partition\"</emphasis>."
23481
#: serverguide/C/installation.xml:658(para)
23515
#: serverguide/C/installation.xml:665(para)
23483
23517
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23484
23518
"disk\"</emphasis>."
23487
#: serverguide/C/installation.xml:665(para)
23521
#: serverguide/C/installation.xml:672(para)
23489
23523
"If you choose to place the root partition on a RAID array, the installer "
23490
23524
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23491
23525
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23494
#: serverguide/C/installation.xml:670(para)
23528
#: serverguide/C/installation.xml:677(para)
23495
23529
msgid "The installation process will then continue normally."
23498
#: serverguide/C/installation.xml:676(title)
23532
#: serverguide/C/installation.xml:683(title)
23499
23533
msgid "Degraded RAID"
23502
#: serverguide/C/installation.xml:678(para)
23536
#: serverguide/C/installation.xml:685(para)
23504
23538
"At some point in the life of the computer a disk failure event may occur. "
23505
23539
"When this happens, using Software RAID, the operating system will place the "
23506
23540
"array into what is known as a <emphasis>degraded</emphasis> state."
23509
#: serverguide/C/installation.xml:683(para)
23543
#: serverguide/C/installation.xml:690(para)
23511
23545
"If the array has become degraded, due to the chance of data corruption, by "
23512
23546
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23548
23582
"BOOT_DEGRADED=true\n"
23550
#: serverguide/C/installation.xml:718(para)
23584
#: serverguide/C/installation.xml:725(para)
23551
23585
msgid "The configuration file can be overridden by using a Kernel argument."
23554
#: serverguide/C/installation.xml:726(para)
23588
#: serverguide/C/installation.xml:733(para)
23556
23590
"Using a Kernel argument will allow the system to boot to a degraded array as "
23560
#: serverguide/C/installation.xml:732(para)
23594
#: serverguide/C/installation.xml:739(para)
23562
23596
"When the server is booting press <keycap>Shift</keycap> to open the "
23563
23597
"<application>Grub</application> menu."
23566
#: serverguide/C/installation.xml:737(para)
23600
#: serverguide/C/installation.xml:744(para)
23567
23601
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23570
#: serverguide/C/installation.xml:742(para)
23604
#: serverguide/C/installation.xml:749(para)
23571
23605
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23574
#: serverguide/C/installation.xml:747(para)
23608
#: serverguide/C/installation.xml:754(para)
23576
23610
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23577
23611
"end of the line."
23580
#: serverguide/C/installation.xml:752(para)
23614
#: serverguide/C/installation.xml:759(para)
23582
23616
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23583
23617
"the system."
23586
#: serverguide/C/installation.xml:761(para)
23620
#: serverguide/C/installation.xml:768(para)
23588
23622
"Once the system has booted you can either repair the array see <xref "
23589
23623
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23590
23624
"another machine due to major hardware failure."
23593
#: serverguide/C/installation.xml:768(title)
23627
#: serverguide/C/installation.xml:775(title)
23594
23628
msgid "RAID Maintenance"
23597
#: serverguide/C/installation.xml:770(para)
23631
#: serverguide/C/installation.xml:777(para)
23599
23633
"The <application>mdadm</application> utility can be used to view the status "
23600
23634
"of an array, add disks to an array, remove disks, etc:"
23603
#: serverguide/C/installation.xml:777(para)
23637
#: serverguide/C/installation.xml:784(para)
23604
23638
msgid "To view the status of an array, from a terminal prompt enter:"
23607
#: serverguide/C/installation.xml:781(command)
23641
#: serverguide/C/installation.xml:788(command)
23608
23642
msgid "sudo mdadm -D /dev/md0"
23609
23643
msgstr "sudo mdadm -D /dev/md0"
23611
#: serverguide/C/installation.xml:784(para)
23645
#: serverguide/C/installation.xml:791(para)
23613
23647
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23614
23648
"display <emphasis>detailed</emphasis> information about the "
23616
23650
"with the appropriate RAID device."
23619
#: serverguide/C/installation.xml:790(para)
23653
#: serverguide/C/installation.xml:797(para)
23620
23654
msgid "To view the status of a disk in an array:"
23623
#: serverguide/C/installation.xml:794(command)
23657
#: serverguide/C/installation.xml:801(command)
23624
23658
msgid "sudo mdadm -E /dev/sda1"
23625
23659
msgstr "sudo mdadm -E /dev/sda1"
23627
#: serverguide/C/installation.xml:796(para)
23661
#: serverguide/C/installation.xml:803(para)
23629
23663
"The output if very similar to the <command>mdadm -D</command> command, "
23630
23664
"adjust <filename>/dev/sda1</filename> for each disk."
23633
#: serverguide/C/installation.xml:801(para)
23667
#: serverguide/C/installation.xml:808(para)
23634
23668
msgid "If a disk fails and needs to be removed from an array enter:"
23637
#: serverguide/C/installation.xml:805(command)
23671
#: serverguide/C/installation.xml:812(command)
23638
23672
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23639
23673
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
23641
#: serverguide/C/installation.xml:807(para)
23675
#: serverguide/C/installation.xml:814(para)
23643
23677
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23644
23678
"the appropriate RAID device and disk."
23647
#: serverguide/C/installation.xml:812(para)
23681
#: serverguide/C/installation.xml:819(para)
23648
23682
msgid "Similarly, to add a new disk:"
23651
#: serverguide/C/installation.xml:816(command)
23685
#: serverguide/C/installation.xml:823(command)
23652
23686
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23653
23687
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
23655
#: serverguide/C/installation.xml:821(para)
23689
#: serverguide/C/installation.xml:828(para)
23657
23691
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23658
23692
"though there is nothing physically wrong with the drive. It is usually "
23708
#: serverguide/C/installation.xml:858(command)
23742
#: serverguide/C/installation.xml:865(command)
23709
23743
msgid "sudo grub-install /dev/md0"
23710
23744
msgstr "sudo grub-install /dev/md0"
23712
#: serverguide/C/installation.xml:861(para)
23746
#: serverguide/C/installation.xml:868(para)
23714
23748
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23717
#: serverguide/C/installation.xml:869(para)
23751
#: serverguide/C/installation.xml:876(para)
23719
23753
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23720
23754
"can be configured. Please see the following links for more information:"
23723
#: serverguide/C/installation.xml:876(para)
23757
#: serverguide/C/installation.xml:883(para)
23725
23759
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23726
23760
"Wiki Articles on RAID</ulink>."
23729
#: serverguide/C/installation.xml:882(ulink)
23763
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23730
23764
msgid "Software RAID HOWTO"
23733
#: serverguide/C/installation.xml:887(ulink)
23767
#: serverguide/C/installation.xml:894(ulink)
23734
23768
msgid "Managing RAID on Linux"
23737
#: serverguide/C/installation.xml:894(title)
23771
#: serverguide/C/installation.xml:901(title)
23738
23772
msgid "Logical Volume Manager (LVM)"
23741
#: serverguide/C/installation.xml:896(para)
23775
#: serverguide/C/installation.xml:903(para)
23743
23777
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23744
23778
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23747
23781
"giving greater flexibility to systems as requirements change."
23750
#: serverguide/C/installation.xml:905(para)
23784
#: serverguide/C/installation.xml:912(para)
23752
23786
"A side effect of LVM's power and flexibility is a greater degree of "
23753
23787
"complication. Before diving into the LVM installation process, it is best to "
23754
23788
"get familiar with some terms."
23757
#: serverguide/C/installation.xml:912(para)
23791
#: serverguide/C/installation.xml:919(para)
23759
23793
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23760
23794
"partition or software RAID partition formatted as LVM PV."
23763
#: serverguide/C/installation.xml:918(para)
23797
#: serverguide/C/installation.xml:925(para)
23765
23799
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23766
23800
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23767
23801
"disk drive, from which one or more logical volumes are carved."
23770
#: serverguide/C/installation.xml:924(para)
23804
#: serverguide/C/installation.xml:931(para)
23772
23806
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23773
23807
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23774
23808
"etc), it is then available for mounting and data storage."
23777
#: serverguide/C/installation.xml:935(para)
23811
#: serverguide/C/installation.xml:942(para)
23779
23813
"As an example this section covers installing Ubuntu Server Edition with "
23780
23814
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23856
23890
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23859
#: serverguide/C/installation.xml:1024(para)
23893
#: serverguide/C/installation.xml:1031(para)
23861
23895
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23862
23896
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23863
23897
"the installation."
23866
#: serverguide/C/installation.xml:1032(para)
23900
#: serverguide/C/installation.xml:1039(para)
23867
23901
msgid "There are some useful utilities to view information about LVM:"
23870
#: serverguide/C/installation.xml:1037(para)
23904
#: serverguide/C/installation.xml:1044(para)
23872
23906
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23875
#: serverguide/C/installation.xml:1038(para)
23909
#: serverguide/C/installation.xml:1045(para)
23877
23911
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23880
#: serverguide/C/installation.xml:1039(para)
23914
#: serverguide/C/installation.xml:1046(para)
23882
23916
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23885
#: serverguide/C/installation.xml:1044(title)
23919
#: serverguide/C/installation.xml:1051(title)
23886
23920
msgid "Extending Volume Groups"
23889
#: serverguide/C/installation.xml:1046(para)
23923
#: serverguide/C/installation.xml:1053(para)
23891
23925
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23892
23926
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23898
23932
"partitions and use them as different physical volumes)"
23901
#: serverguide/C/installation.xml:1054(para)
23935
#: serverguide/C/installation.xml:1061(para)
23903
23937
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23904
23938
"before issuing the commands below. You could lose some data if you issue "
23905
23939
"those commands on a non-empty disk."
23908
#: serverguide/C/installation.xml:1062(para)
23942
#: serverguide/C/installation.xml:1069(para)
23909
23943
msgid "First, create the physical volume, in a terminal execute:"
23912
#: serverguide/C/installation.xml:1067(command)
23946
#: serverguide/C/installation.xml:1074(command)
23913
23947
msgid "sudo pvcreate /dev/sdb"
23916
#: serverguide/C/installation.xml:1073(para)
23950
#: serverguide/C/installation.xml:1080(para)
23917
23951
msgid "Now extend the Volume Group (VG):"
23920
#: serverguide/C/installation.xml:1078(command)
23954
#: serverguide/C/installation.xml:1085(command)
23921
23955
msgid "sudo vgextend vg01 /dev/sdb"
23922
23956
msgstr "sudo vgextend vg01 /dev/sdb"
23924
#: serverguide/C/installation.xml:1084(para)
23958
#: serverguide/C/installation.xml:1091(para)
23926
23960
"Use <application>vgdisplay</application> to find out the free physical "
23927
23961
"extents - Free PE / size (the size you can allocate). We will assume a free "
23955
23989
"first is compulsory)."
23958
#: serverguide/C/installation.xml:1112(para)
23992
#: serverguide/C/installation.xml:1119(para)
23960
23994
"The following commands are for an <emphasis>EXT3</emphasis> or "
23961
23995
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23962
23996
"there may be other utilities available."
23965
#: serverguide/C/installation.xml:1119(command)
23966
msgid "sudo e2fsck -f /dev/vg01/srv"
23967
msgstr "sudo e2fsck -f /dev/vg01/srv"
23969
#: serverguide/C/installation.xml:1122(para)
23971
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23972
"forces checking even if the system seems clean."
23975
#: serverguide/C/installation.xml:1129(para)
23976
msgid "Finally, resize the filesystem:"
23979
#: serverguide/C/installation.xml:1134(command)
23980
msgid "sudo resize2fs /dev/vg01/srv"
23981
msgstr "sudo resize2fs /dev/vg01/srv"
23983
#: serverguide/C/installation.xml:1140(para)
23999
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
23984
24000
msgid "Now mount the partition and check its size."
23987
#: serverguide/C/installation.xml:1145(command)
24003
#: serverguide/C/installation.xml:1136(para)
24005
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
24008
#: serverguide/C/installation.xml:1141(command)
23988
24009
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23989
24010
msgstr "mount /dev/vg01/srv /srv && df -h /srv"
23991
#: serverguide/C/installation.xml:1157(para)
24012
#: serverguide/C/installation.xml:1153(para)
23993
24014
"See the <ulink "
23994
24015
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23995
24016
"Articles</ulink>."
23998
#: serverguide/C/installation.xml:1162(para)
24019
#: serverguide/C/installation.xml:1158(para)
24000
24021
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
24001
24022
"HOWTO</ulink> for more information."
24004
#: serverguide/C/installation.xml:1167(para)
24006
"Another good article is <ulink "
24007
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
24008
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
24009
"linuxdevcenter.com site."
24012
#: serverguide/C/installation.xml:1181(para)
24014
"For more information on <application>fdisk</application> see the <ulink "
24015
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
24016
" man page</ulink>."
24019
#: serverguide/C/installation.xml:1185(title)
24025
#: serverguide/C/installation.xml:1171(title)
24029
#: serverguide/C/installation.xml:1174(para)
24030
msgid "bla bla 4 para."
24033
#: serverguide/C/installation.xml:1179(para)
24034
msgid "bla bla 5 para."
24037
#: serverguide/C/installation.xml:1184(para)
24038
msgid "list item 1."
24041
#: serverguide/C/installation.xml:1189(para)
24042
msgid "list item 2."
24045
#: serverguide/C/installation.xml:1194(para)
24046
msgid "list item 3."
24049
#: serverguide/C/installation.xml:1199(para)
24050
msgid "bla bla para"
24053
#: serverguide/C/installation.xml:1204(para)
24054
msgid "bla bla 6 para."
24057
#: serverguide/C/installation.xml:1209(para)
24058
msgid "bla bla 7 para."
24061
#: serverguide/C/installation.xml:1214(para)
24062
msgid "bla bla 8 para."
24065
#: serverguide/C/installation.xml:1219(para)
24066
msgid "bla bla 9 para."
24069
#: serverguide/C/installation.xml:1226(title)
24073
#: serverguide/C/installation.xml:1229(title)
24077
#: serverguide/C/installation.xml:1232(title)
24081
#: serverguide/C/installation.xml:1235(title)
24085
#: serverguide/C/installation.xml:1238(title)
24089
#: serverguide/C/installation.xml:1241(title)
24093
#: serverguide/C/installation.xml:1244(title)
24097
#: serverguide/C/installation.xml:1247(title)
24101
#: serverguide/C/installation.xml:1250(title)
24105
#: serverguide/C/installation.xml:1253(title)
24109
#: serverguide/C/installation.xml:1258(title)
24020
24110
msgid "Kernel Crash Dump"
24023
#: serverguide/C/installation.xml:1192(para)
24113
#: serverguide/C/installation.xml:1265(para)
24024
24114
msgid "Kernel Panic"
24027
#: serverguide/C/installation.xml:1193(para)
24117
#: serverguide/C/installation.xml:1266(para)
24028
24118
msgid "Non Maskable Interrupts (NMI)"
24031
#: serverguide/C/installation.xml:1194(para)
24121
#: serverguide/C/installation.xml:1267(para)
24032
24122
msgid "Machine Check Exceptions (MCE)"
24035
#: serverguide/C/installation.xml:1195(para)
24125
#: serverguide/C/installation.xml:1268(para)
24036
24126
msgid "Hardware failure"
24039
#: serverguide/C/installation.xml:1196(para)
24129
#: serverguide/C/installation.xml:1269(para)
24040
24130
msgid "Manual intervention"
24043
#: serverguide/C/installation.xml:1188(para)
24133
#: serverguide/C/installation.xml:1261(para)
24045
24135
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
24046
24136
"(RAM) that is copied to disk whenever the execution of the kernel is "
24126
#: serverguide/C/installation.xml:1258(para)
24216
#: serverguide/C/installation.xml:1331(para)
24128
24218
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24129
24219
"<placeholder-1/>"
24132
#: serverguide/C/installation.xml:1268(programlisting)
24222
#: serverguide/C/installation.xml:1341(programlisting)
24136
24226
"crashkernel=384M-2G:64M,2G-:128M\n"
24139
#: serverguide/C/installation.xml:1266(para)
24229
#: serverguide/C/installation.xml:1339(para)
24141
24231
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24142
24232
"we would have : <placeholder-1/>"
24145
#: serverguide/C/installation.xml:1273(para)
24235
#: serverguide/C/installation.xml:1346(para)
24146
24236
msgid "The above value means:"
24149
#: serverguide/C/installation.xml:1275(para)
24239
#: serverguide/C/installation.xml:1348(para)
24151
24241
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24152
24242
"\"rescue\" case)"
24155
#: serverguide/C/installation.xml:1277(para)
24245
#: serverguide/C/installation.xml:1350(para)
24156
24246
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24159
#: serverguide/C/installation.xml:1278(para)
24249
#: serverguide/C/installation.xml:1351(para)
24160
24250
msgid "if the RAM size is larger than 2G, then reserve 128M"
24163
#: serverguide/C/installation.xml:1281(para)
24253
#: serverguide/C/installation.xml:1354(para)
24165
24255
"Second, verify that the kernel has reserved the requested memory area for "
24166
24256
"the kdump kernel by doing:"
24169
#: serverguide/C/installation.xml:1286(command)
24259
#: serverguide/C/installation.xml:1359(command)
24170
24260
msgid "dmesg | grep -i crash"
24173
#: serverguide/C/installation.xml:1287(computeroutput)
24263
#: serverguide/C/installation.xml:1360(computeroutput)
24833
24923
"your vendor documentation to configure your specific iSCSI target."
24836
#: serverguide/C/file-server.xml:471(title)
24926
#: serverguide/C/file-server.xml:470(title)
24837
24927
msgid "iSCSI Initiator Install"
24840
#: serverguide/C/file-server.xml:473(para)
24930
#: serverguide/C/file-server.xml:472(para)
24842
24932
"To configure Ubuntu Server as an iSCSI initiator install the "
24843
24933
"<application>open-iscsi</application> package. In a terminal enter:"
24846
#: serverguide/C/file-server.xml:478(command)
24936
#: serverguide/C/file-server.xml:477(command)
24847
24937
msgid "sudo apt-get install open-iscsi"
24850
#: serverguide/C/file-server.xml:483(title)
24940
#: serverguide/C/file-server.xml:482(title)
24851
24941
msgid "iSCSI Initiator Configuration"
24854
#: serverguide/C/file-server.xml:485(para)
24944
#: serverguide/C/file-server.xml:484(para)
24856
24946
"Once the <application>open-iscsi</application> package is installed, edit "
24857
24947
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24860
#: serverguide/C/file-server.xml:489(programlisting)
24950
#: serverguide/C/file-server.xml:488(programlisting)
24864
24954
"node.startup = automatic\n"
24867
#: serverguide/C/file-server.xml:493(para)
24957
#: serverguide/C/file-server.xml:492(para)
24869
24959
"You can check which targets are available by using the "
24870
24960
"<application>iscsiadm</application> utility. Enter the following in a "
24874
#: serverguide/C/file-server.xml:498(command)
24964
#: serverguide/C/file-server.xml:497(command)
24875
24965
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24968
#: serverguide/C/file-server.xml:501(para)
24970
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24878
24973
#: serverguide/C/file-server.xml:502(para)
24880
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24974
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24883
24977
#: serverguide/C/file-server.xml:503(para)
24884
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24887
#: serverguide/C/file-server.xml:504(para)
24888
24978
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24891
#: serverguide/C/file-server.xml:508(para)
24981
#: serverguide/C/file-server.xml:507(para)
24893
24983
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24894
24984
"your network."
24897
#: serverguide/C/file-server.xml:513(para)
24987
#: serverguide/C/file-server.xml:512(para)
24899
24989
"If the target is available you should see output similar to the following:"
24902
#: serverguide/C/file-server.xml:518(computeroutput)
24992
#: serverguide/C/file-server.xml:517(computeroutput)
24906
24996
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24909
#: serverguide/C/file-server.xml:524(para)
24999
#: serverguide/C/file-server.xml:523(para)
24911
25001
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24912
25002
"on your hardware."
24915
#: serverguide/C/file-server.xml:529(para)
25005
#: serverguide/C/file-server.xml:528(para)
24917
25007
"You should now be able to connect to the iSCSI target, and depending on your "
24918
25008
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24921
#: serverguide/C/file-server.xml:535(command)
25011
#: serverguide/C/file-server.xml:534(command)
24922
25012
msgid "sudo iscsiadm -m node --login"
24925
#: serverguide/C/file-server.xml:538(para)
25015
#: serverguide/C/file-server.xml:537(para)
24927
25017
"Check to make sure that the new disk has been detected using "
24928
25018
"<application>dmesg</application>:"
24931
#: serverguide/C/file-server.xml:543(command)
25021
#: serverguide/C/file-server.xml:542(command)
24932
25022
msgid "dmesg | grep sd"
24935
#: serverguide/C/file-server.xml:544(computeroutput)
25025
#: serverguide/C/file-server.xml:543(computeroutput)
25004
#: serverguide/C/file-server.xml:592(para)
25094
#: serverguide/C/file-server.xml:591(para)
25006
25096
"Now format the file system and mount it to <filename>/srv</filename> as an "
25100
#: serverguide/C/file-server.xml:596(command)
25101
msgid "sudo mkfs.ext4 /dev/sdb1"
25010
25104
#: serverguide/C/file-server.xml:597(command)
25011
msgid "sudo mkfs.ext4 /dev/sdb1"
25014
#: serverguide/C/file-server.xml:598(command)
25015
25105
msgid "sudo mount /dev/sdb1 /srv"
25018
#: serverguide/C/file-server.xml:602(para)
25108
#: serverguide/C/file-server.xml:601(para)
25020
25110
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
25021
25111
"drive during boot:"
25024
#: serverguide/C/file-server.xml:606(programlisting)
25114
#: serverguide/C/file-server.xml:605(programlisting)
25028
25118
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
25031
#: serverguide/C/file-server.xml:610(para)
25121
#: serverguide/C/file-server.xml:609(para)
25033
25123
"It is a good idea to make sure everything is working as expected by "
25034
25124
"rebooting the server."
25037
#: serverguide/C/file-server.xml:619(ulink)
25127
#: serverguide/C/file-server.xml:618(ulink)
25038
25128
msgid "Open-iSCSI Website"
25041
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25131
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
25042
25132
msgid "Debian Open-iSCSI page"
25045
#: serverguide/C/file-server.xml:629(title)
25135
#: serverguide/C/file-server.xml:628(title)
25046
25136
msgid "CUPS - Print Server"
25047
25137
msgstr "CUPS - Сэрвер друку"
25049
#: serverguide/C/file-server.xml:630(para)
25139
#: serverguide/C/file-server.xml:629(para)
25051
25141
"The primary mechanism for Ubuntu printing and print services is the "
25052
25142
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25109
25199
"initially will be presented here."
25112
#: serverguide/C/file-server.xml:683(para)
25202
#: serverguide/C/file-server.xml:682(para)
25114
25204
"Prior to editing the configuration file, you should make a copy of the "
25115
25205
"original file and protect it from writing, so you will have the original "
25116
25206
"settings as a reference, and to reuse as necessary."
25119
#: serverguide/C/file-server.xml:687(para)
25209
#: serverguide/C/file-server.xml:686(para)
25121
25211
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
25122
25212
"writing with the following commands, issued at a terminal prompt:"
25125
#: serverguide/C/file-server.xml:693(command)
25215
#: serverguide/C/file-server.xml:692(command)
25126
25216
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25127
25217
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25129
#: serverguide/C/file-server.xml:694(command)
25219
#: serverguide/C/file-server.xml:693(command)
25130
25220
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
25131
25221
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
25133
#: serverguide/C/file-server.xml:699(para)
25223
#: serverguide/C/file-server.xml:698(para)
25135
25225
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
25136
25226
"address of the designated administrator of the CUPS server, simply edit the "
25503
25593
"ns IN A 192.168.1.10\n"
25506
#: serverguide/C/dns.xml:177(para)
25596
#: serverguide/C/dns.xml:181(para)
25508
25598
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25509
25599
"make changes to the zone file. If you make multiple changes before "
25510
25600
"restarting BIND9, simply increment the Serial once."
25513
#: serverguide/C/dns.xml:181(para)
25603
#: serverguide/C/dns.xml:185(para)
25515
25605
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25516
25606
"linkend=\"dns-record-types\"/> for details."
25519
#: serverguide/C/dns.xml:185(para)
25609
#: serverguide/C/dns.xml:189(para)
25521
25611
"Many admins like to use the last date edited as the serial of a zone, such "
25522
25612
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25523
25613
"<emphasis>ss</emphasis> is the Serial Number)"
25526
#: serverguide/C/dns.xml:190(para)
25616
#: serverguide/C/dns.xml:194(para)
25528
25618
"Once you have made changes to the zone file <application>BIND9</application> "
25529
25619
"needs to be restarted for the changes to take effect:"
25532
#: serverguide/C/dns.xml:199(title)
25622
#: serverguide/C/dns.xml:203(title)
25533
25623
msgid "Reverse Zone File"
25536
#: serverguide/C/dns.xml:200(para)
25626
#: serverguide/C/dns.xml:204(para)
25538
25628
"Now that the zone is setup and resolving names to IP Adresses a "
25539
25629
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25540
25630
"DNS to resolve an address to a name."
25543
#: serverguide/C/dns.xml:204(para)
25633
#: serverguide/C/dns.xml:208(para)
25544
25634
msgid "Edit /etc/bind/named.conf.local and add the following:"
25547
#: serverguide/C/dns.xml:207(programlisting)
25637
#: serverguide/C/dns.xml:211(programlisting)
25839
25929
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
25842
#: serverguide/C/dns.xml:418(para)
25932
#: serverguide/C/dns.xml:427(para)
25844
25934
"If you have configured <application>BIND9</application> as a "
25845
25935
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
25846
25936
"the query time:"
25849
#: serverguide/C/dns.xml:423(command)
25939
#: serverguide/C/dns.xml:432(command)
25850
25940
msgid "dig ubuntu.com"
25851
25941
msgstr "dig ubuntu.com"
25853
#: serverguide/C/dns.xml:425(para)
25943
#: serverguide/C/dns.xml:434(para)
25854
25944
msgid "Note the query time toward the end of the command output:"
25857
#: serverguide/C/dns.xml:428(programlisting)
25947
#: serverguide/C/dns.xml:437(programlisting)
25861
25951
";; Query time: 49 msec\n"
25864
#: serverguide/C/dns.xml:431(para)
25954
#: serverguide/C/dns.xml:440(para)
25865
25955
msgid "After a second dig there should be improvement:"
25868
#: serverguide/C/dns.xml:434(programlisting)
25958
#: serverguide/C/dns.xml:443(programlisting)
25872
25962
";; Query time: 1 msec\n"
25875
#: serverguide/C/dns.xml:441(title)
25965
#: serverguide/C/dns.xml:450(title)
25877
25967
msgstr "ping"
25879
#: serverguide/C/dns.xml:443(para)
25969
#: serverguide/C/dns.xml:452(para)
25881
25971
"Now to demonstrate how applications make use of DNS to resolve a host name "
25882
25972
"use the <application>ping</application> utility to send an ICMP echo "
25883
25973
"request. From a terminal prompt enter:"
25886
#: serverguide/C/dns.xml:449(command)
25976
#: serverguide/C/dns.xml:458(command)
25887
25977
msgid "ping example.com"
25888
25978
msgstr "ping example.com"
25890
#: serverguide/C/dns.xml:451(para)
25980
#: serverguide/C/dns.xml:460(para)
25892
25982
"This tests if the nameserver can resolve the name "
25893
25983
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25894
25984
"should resemble:"
25897
#: serverguide/C/dns.xml:455(programlisting)
25987
#: serverguide/C/dns.xml:464(programlisting)
26054
26144
" <emphasis>category queries { query.log; };</emphasis> \n"
26057
#: serverguide/C/dns.xml:556(para)
26147
#: serverguide/C/dns.xml:565(para)
26059
26149
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
26060
26150
"level isn't specified level 1 is the default."
26063
#: serverguide/C/dns.xml:562(para)
26153
#: serverguide/C/dns.xml:571(para)
26065
26155
"Since the <emphasis>named daemon</emphasis> runs as the "
26066
26156
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
26067
26157
"file must be created and the ownership changed:"
26070
#: serverguide/C/dns.xml:567(command)
26160
#: serverguide/C/dns.xml:576(command)
26071
26161
msgid "sudo touch /var/log/query.log"
26072
26162
msgstr "sudo touch /var/log/query.log"
26074
#: serverguide/C/dns.xml:568(command)
26164
#: serverguide/C/dns.xml:577(command)
26075
26165
msgid "sudo chown bind /var/log/query.log"
26076
26166
msgstr "sudo chown bind /var/log/query.log"
26078
#: serverguide/C/dns.xml:572(para)
26168
#: serverguide/C/dns.xml:581(para)
26080
26170
"Before <application>named</application> daemon can write to the new log file "
26081
26171
"the <application>AppArmor</application> profile must be updated. First, edit "
26082
26172
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
26085
#: serverguide/C/dns.xml:576(programlisting)
26175
#: serverguide/C/dns.xml:585(programlisting)
26403
26493
"Components</link> describes the components of the DM-Multipath package."
26406
#: serverguide/C/dm-multipath.xml:184(title)
26496
#: serverguide/C/dm-multipath.xml:183(title)
26407
26497
msgid "DM-Multipath Setup Overview"
26410
#: serverguide/C/dm-multipath.xml:191(para)
26500
#: serverguide/C/dm-multipath.xml:190(para)
26412
26502
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26413
26503
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26416
#: serverguide/C/dm-multipath.xml:197(para)
26506
#: serverguide/C/dm-multipath.xml:196(para)
26418
26508
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26419
26509
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26422
#: serverguide/C/dm-multipath.xml:203(para)
26512
#: serverguide/C/dm-multipath.xml:202(para)
26424
26514
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26425
26515
"configuration file to modify default values and save the updated file."
26428
#: serverguide/C/dm-multipath.xml:209(para)
26518
#: serverguide/C/dm-multipath.xml:208(para)
26429
26519
msgid "Start the multipath daemon"
26432
#: serverguide/C/dm-multipath.xml:213(para)
26522
#: serverguide/C/dm-multipath.xml:212(para)
26433
26523
msgid "Update initial ramdisk"
26436
#: serverguide/C/dm-multipath.xml:186(para)
26526
#: serverguide/C/dm-multipath.xml:185(para)
26438
26528
"DM-Multipath includes compiled-in default settings that are suitable for "
26439
26529
"common multipath configurations. Setting up DM-multipath is often a simple "
26543
#: serverguide/C/dm-multipath.xml:313(para)
26633
#: serverguide/C/dm-multipath.xml:312(para)
26544
26634
msgid "Set up all of the multipath devices on one machine."
26547
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26637
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26549
26639
"Disable all of your multipath devices on your other machines by running the "
26550
26640
"following commands:"
26553
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26643
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26556
26646
"# service multipath-tools stop\n"
26557
26647
"# multipath -F\n"
26560
#: serverguide/C/dm-multipath.xml:326(para)
26650
#: serverguide/C/dm-multipath.xml:325(para)
26562
26652
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26563
26653
"machine to all the other machines in the cluster."
26566
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26656
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26568
26658
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26569
26659
"running the following command:"
26572
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26662
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26574
26664
msgid "# service multipath-tools start"
26577
#: serverguide/C/dm-multipath.xml:339(para)
26667
#: serverguide/C/dm-multipath.xml:338(para)
26578
26668
msgid "If you add a new device, you will need to repeat this process."
26581
#: serverguide/C/dm-multipath.xml:342(para)
26671
#: serverguide/C/dm-multipath.xml:341(para)
26583
26673
"Similarly, if you configure an alias for a device that you would like to be "
26584
26674
"consistent across the nodes in the cluster, you should ensure that the "
26667
26757
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26670
#: serverguide/C/dm-multipath.xml:436(title)
26760
#: serverguide/C/dm-multipath.xml:435(title)
26671
26761
msgid "Setting up DM-Multipath Overview"
26674
#: serverguide/C/dm-multipath.xml:438(para)
26764
#: serverguide/C/dm-multipath.xml:437(para)
26676
26766
"This section provides step-by-step example procedures for configuring DM-"
26677
26767
"Multipath. It includes the following procedures:"
26680
#: serverguide/C/dm-multipath.xml:443(para)
26770
#: serverguide/C/dm-multipath.xml:442(para)
26681
26771
msgid "Basic DM-Multipath setup"
26684
#: serverguide/C/dm-multipath.xml:447(para)
26774
#: serverguide/C/dm-multipath.xml:446(para)
26685
26775
msgid "Ignoring local disks"
26688
#: serverguide/C/dm-multipath.xml:451(para)
26778
#: serverguide/C/dm-multipath.xml:450(para)
26689
26779
msgid "Adding more devices to the configuration file"
26692
#: serverguide/C/dm-multipath.xml:456(title)
26782
#: serverguide/C/dm-multipath.xml:455(title)
26693
26783
msgid "Setting Up DM-Multipath"
26696
#: serverguide/C/dm-multipath.xml:458(para)
26786
#: serverguide/C/dm-multipath.xml:457(para)
26698
26788
"Before setting up DM-Multipath on your system, ensure that your system has "
26699
26789
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26983
27073
"can leave them commented out, as they are in the initial file."
26986
#: serverguide/C/dm-multipath.xml:724(para)
27076
#: serverguide/C/dm-multipath.xml:723(para)
26987
27077
msgid "The configuration file allows regular expression description syntax."
26990
#: serverguide/C/dm-multipath.xml:727(para)
27080
#: serverguide/C/dm-multipath.xml:726(para)
26992
27082
"An annotated version of the configuration file can be found in "
26993
27083
"<filename><filename>/usr/share/doc/multipath-"
26994
27084
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26997
#: serverguide/C/dm-multipath.xml:731(title)
27087
#: serverguide/C/dm-multipath.xml:730(title)
26998
27088
msgid "Configuration File Overview"
27001
#: serverguide/C/dm-multipath.xml:733(para)
27091
#: serverguide/C/dm-multipath.xml:732(para)
27003
27093
"The multipath configuration file is divided into the following sections:"
27006
#: serverguide/C/dm-multipath.xml:738(emphasis)
27096
#: serverguide/C/dm-multipath.xml:737(emphasis)
27007
27097
msgid "blacklist"
27010
#: serverguide/C/dm-multipath.xml:741(para)
27100
#: serverguide/C/dm-multipath.xml:740(para)
27012
27102
"Listing of specific devices that will not be considered for multipath."
27015
#: serverguide/C/dm-multipath.xml:747(emphasis)
27105
#: serverguide/C/dm-multipath.xml:746(emphasis)
27016
27106
msgid "blacklist_exceptions"
27019
#: serverguide/C/dm-multipath.xml:750(para)
27109
#: serverguide/C/dm-multipath.xml:749(para)
27021
27111
"Listing of multipath candidates that would otherwise be blacklisted "
27022
27112
"according to the parameters of the blacklist section."
27025
#: serverguide/C/dm-multipath.xml:757(emphasis)
27115
#: serverguide/C/dm-multipath.xml:756(emphasis)
27026
27116
msgid "defaults"
27029
#: serverguide/C/dm-multipath.xml:760(para)
27119
#: serverguide/C/dm-multipath.xml:759(para)
27030
27120
msgid "General default settings for DM-Multipath."
27033
#: serverguide/C/dm-multipath.xml:768(para)
27123
#: serverguide/C/dm-multipath.xml:767(para)
27035
27125
"Settings for the characteristics of individual multipath devices. These "
27036
27126
"values overwrite what is specified in the <emphasis "
27054
#: serverguide/C/dm-multipath.xml:789(para)
27144
#: serverguide/C/dm-multipath.xml:788(para)
27056
27146
"When the system determines the attributes of a multipath device, first it "
27057
27147
"checks the multipath settings, then the per devices settings, then the "
27058
27148
"multipath system defaults."
27061
#: serverguide/C/dm-multipath.xml:795(title)
27151
#: serverguide/C/dm-multipath.xml:794(title)
27062
27152
msgid "Configuration File Blacklist"
27065
#: serverguide/C/dm-multipath.xml:797(para)
27155
#: serverguide/C/dm-multipath.xml:796(para)
27067
27157
"The blacklist section of the multipath configuration file specifies the "
27068
27158
"devices that will not be used when the system configures multipath devices. "
27069
27159
"Devices that are blacklisted will not be grouped into a multipath device."
27072
#: serverguide/C/dm-multipath.xml:804(para)
27162
#: serverguide/C/dm-multipath.xml:803(para)
27074
27164
"If you do need to blacklist devices, you can do so according to the "
27075
27165
"following criteria:"
27078
#: serverguide/C/dm-multipath.xml:809(para)
27168
#: serverguide/C/dm-multipath.xml:808(para)
27080
27170
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
27081
27171
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
27084
#: serverguide/C/dm-multipath.xml:815(para)
27174
#: serverguide/C/dm-multipath.xml:814(para)
27086
27176
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
27087
27177
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
27090
#: serverguide/C/dm-multipath.xml:821(para)
27180
#: serverguide/C/dm-multipath.xml:820(para)
27092
27182
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
27093
27183
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
27096
#: serverguide/C/dm-multipath.xml:827(para)
27186
#: serverguide/C/dm-multipath.xml:826(para)
27098
27188
"By default, a variety of device types are blacklisted, even after you "
27099
27189
"comment out the initial blacklist section of the configuration file. For "
27554
27644
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27557
#: serverguide/C/dm-multipath.xml:1326(screen)
27647
#: serverguide/C/dm-multipath.xml:1325(screen)
27559
27649
msgid "# echo 'show config' | multipathd -k"
27562
#: serverguide/C/dm-multipath.xml:1331(title)
27652
#: serverguide/C/dm-multipath.xml:1330(title)
27563
27653
msgid "DM-Multipath Administration and Troubleshooting"
27566
#: serverguide/C/dm-multipath.xml:1334(title)
27656
#: serverguide/C/dm-multipath.xml:1333(title)
27567
27657
msgid "Resizing an Online Multipath Device"
27570
#: serverguide/C/dm-multipath.xml:1336(para)
27660
#: serverguide/C/dm-multipath.xml:1335(para)
27572
27662
"If you need to resize an online multipath device, use the following procedure"
27575
#: serverguide/C/dm-multipath.xml:1341(para)
27665
#: serverguide/C/dm-multipath.xml:1340(para)
27576
27666
msgid "Resize your physical device. This is storage platform specific."
27579
#: serverguide/C/dm-multipath.xml:1346(para)
27669
#: serverguide/C/dm-multipath.xml:1345(para)
27580
27670
msgid "Use the following command to find the paths to the LUN:"
27583
#: serverguide/C/dm-multipath.xml:1348(screen)
27673
#: serverguide/C/dm-multipath.xml:1347(screen)
27585
27675
msgid "# multipath -l"
27588
#: serverguide/C/dm-multipath.xml:1352(para)
27678
#: serverguide/C/dm-multipath.xml:1351(para)
27590
27680
"Resize your paths. For SCSI devices, writing 1 to the "
27591
27681
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27592
27682
"rescan, as in the following command:"
27595
#: serverguide/C/dm-multipath.xml:1356(screen)
27685
#: serverguide/C/dm-multipath.xml:1355(screen)
27597
27687
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27600
#: serverguide/C/dm-multipath.xml:1360(para)
27690
#: serverguide/C/dm-multipath.xml:1359(para)
27602
27692
"Resize your multipath device by running the multipathd resize command:"
27605
#: serverguide/C/dm-multipath.xml:1363(screen)
27695
#: serverguide/C/dm-multipath.xml:1362(screen)
27607
27697
msgid "# multipathd -k 'resize map mpatha'"
27610
#: serverguide/C/dm-multipath.xml:1367(para)
27700
#: serverguide/C/dm-multipath.xml:1366(para)
27611
27701
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27614
#: serverguide/C/dm-multipath.xml:1370(screen)
27704
#: serverguide/C/dm-multipath.xml:1369(screen)
27616
27706
msgid "# resize2fs /dev/mapper/mpatha"
27619
#: serverguide/C/dm-multipath.xml:1376(title)
27709
#: serverguide/C/dm-multipath.xml:1375(title)
27621
27711
"Moving root File Systems from a Single Path Device to a Multipath Device"
27624
#: serverguide/C/dm-multipath.xml:1379(para)
27714
#: serverguide/C/dm-multipath.xml:1378(para)
27626
27716
"This is dramatically simplified by the use of UUIDs to identify devices as "
27627
27717
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27908
#: serverguide/C/dm-multipath.xml:1614(title)
27998
#: serverguide/C/dm-multipath.xml:1613(title)
27909
27999
msgid "Useful multipath Command Options"
27912
#: serverguide/C/dm-multipath.xml:1623(entry)
28002
#: serverguide/C/dm-multipath.xml:1622(entry)
27913
28003
msgid "Option"
27916
#: serverguide/C/dm-multipath.xml:1630(emphasis)
28006
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27920
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
28010
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27921
28011
msgid "sysfs"
27924
#: serverguide/C/dm-multipath.xml:1631(entry)
28014
#: serverguide/C/dm-multipath.xml:1630(entry)
27926
28016
"Display the current multipath configuration gathered from <placeholder-1/> "
27927
28017
"and the device mapper."
27930
#: serverguide/C/dm-multipath.xml:1637(emphasis)
28020
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27934
#: serverguide/C/dm-multipath.xml:1638(entry)
28024
#: serverguide/C/dm-multipath.xml:1637(entry)
27936
28026
"Display the current multipath configuration gathered from <placeholder-1/>, "
27937
28027
"the device mapper, and all other available components on the system."
27940
#: serverguide/C/dm-multipath.xml:1644(emphasis)
28030
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27941
28031
msgid "-f device"
27944
#: serverguide/C/dm-multipath.xml:1645(entry)
28034
#: serverguide/C/dm-multipath.xml:1644(entry)
27945
28035
msgid "Remove the named multipath device."
27948
#: serverguide/C/dm-multipath.xml:1649(emphasis)
28038
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27952
#: serverguide/C/dm-multipath.xml:1650(entry)
28042
#: serverguide/C/dm-multipath.xml:1649(entry)
27953
28043
msgid "Remove all unused multipath devices."
27956
#: serverguide/C/dm-multipath.xml:1658(title)
28046
#: serverguide/C/dm-multipath.xml:1657(title)
27957
28047
msgid "Determining Device Mapper Entries with dmsetup Command"
27960
#: serverguide/C/dm-multipath.xml:1660(para)
28050
#: serverguide/C/dm-multipath.xml:1659(para)
27962
28052
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27963
28053
"out which device mapper entries match the <emphasis "
27964
28054
"role=\"bold\">multipathed</emphasis> devices."
27967
#: serverguide/C/dm-multipath.xml:1664(para)
28057
#: serverguide/C/dm-multipath.xml:1663(para)
27969
28059
"The following command displays all the device mapper devices and their major "
27970
28060
"and minor numbers. The minor numbers determine the name of the dm device. "
28097
28187
msgid "To install MySQL, run the following command from a terminal prompt:"
28098
28188
msgstr "Каб устанавіць MySQL, запусьціце наступны загад у тэрмінале:"
28100
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
28190
#: serverguide/C/databases.xml:42(command)
28101
28191
msgid "sudo apt-get install mysql-server"
28102
28192
msgstr "sudo apt-get install mysql-server"
28104
#: serverguide/C/databases.xml:51(para)
28194
#: serverguide/C/databases.xml:44(para)
28106
28196
"During the installation process you will be prompted to enter a password for "
28107
28197
"the MySQL root user."
28110
#: serverguide/C/databases.xml:55(para)
28200
#: serverguide/C/databases.xml:48(para)
28112
28202
"Once the installation is complete, the MySQL server should be started "
28113
28203
"automatically. You can run the following command from a terminal prompt to "
28114
28204
"check whether the MySQL server is running:"
28117
#: serverguide/C/databases.xml:62(command)
28207
#: serverguide/C/databases.xml:55(command)
28118
28208
msgid "sudo netstat -tap | grep mysql"
28119
28209
msgstr "sudo netstat -tap | grep mysql"
28121
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
28211
#: serverguide/C/databases.xml:58(para)
28123
28213
"When you run this command, you should see the following line or something "
28127
#: serverguide/C/databases.xml:69(programlisting)
28217
#: serverguide/C/databases.xml:62(programlisting)
28160
28250
"bind-address = 192.168.0.5\n"
28162
#: serverguide/C/databases.xml:91(para)
28252
#: serverguide/C/databases.xml:84(para)
28163
28253
msgid "Replace 192.168.0.5 with the appropriate address."
28166
#: serverguide/C/databases.xml:95(para)
28256
#: serverguide/C/databases.xml:88(para)
28168
28258
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28169
28259
"daemon will need to be restarted:"
28172
#: serverguide/C/databases.xml:102(para)
28262
#: serverguide/C/databases.xml:95(para)
28174
28264
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28175
28265
"a terminal enter:"
28178
#: serverguide/C/databases.xml:107(command)
28268
#: serverguide/C/databases.xml:100(command)
28179
28269
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28182
#: serverguide/C/databases.xml:109(para)
28272
#: serverguide/C/databases.xml:102(para)
28184
28274
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28188
#: serverguide/C/databases.xml:114(title)
28278
#: serverguide/C/databases.xml:107(title)
28189
28279
msgid "Database Engines"
28192
#: serverguide/C/databases.xml:115(para)
28282
#: serverguide/C/databases.xml:108(para)
28194
28284
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28195
28285
"perfectly functional and performs well there are things you may wish to "
28196
28286
"consider before you proceed."
28199
#: serverguide/C/databases.xml:119(para)
28289
#: serverguide/C/databases.xml:112(para)
28201
28291
"MySQL is designed to allow data to be stored in different ways. These "
28202
28292
"methods are referred to as either database or storage engines. There are two "
29521
29611
#: serverguide/C/backups.xml:153(para)
29523
29613
"The simplest way of executing the above backup script is to copy and paste "
29524
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29525
"from a terminal prompt:"
29614
"the contents into a file. <filename>backup.sh</filename> for example. The "
29615
"file must be made executable:"
29528
29618
#: serverguide/C/backups.xml:158(command)
29529
msgid "sudo bash backup.sh"
29530
msgstr "sudo bash backup.sh"
29619
msgid "chmod u+x backup.sh"
29532
29622
#: serverguide/C/backups.xml:160(para)
29623
msgid "Then from a terminal prompt:"
29626
#: serverguide/C/backups.xml:164(command)
29627
msgid "sudo ./backup.sh"
29630
#: serverguide/C/backups.xml:166(para)
29534
29632
"This is a great way to test the script to make sure everything works as "
29538
#: serverguide/C/backups.xml:165(title)
29636
#: serverguide/C/backups.xml:171(title)
29539
29637
msgid "Executing with cron"
29542
#: serverguide/C/backups.xml:166(para)
29640
#: serverguide/C/backups.xml:172(para)
29544
29642
"The <application>cron</application> utility can be used to automate the "
29545
29643
"script execution. The <application>cron</application> daemon allows the "
29546
29644
"execution of scripts, or commands, at a specified time and date."
29549
#: serverguide/C/backups.xml:170(para)
29647
#: serverguide/C/backups.xml:176(para)
29551
29649
"<application>cron</application> is configured through entries in a "
29552
29650
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29553
29651
"separated into fields:"
29556
#: serverguide/C/backups.xml:174(programlisting)
29654
#: serverguide/C/backups.xml:180(programlisting)
29563
29661
"# m h dom mon dow command\n"
29565
#: serverguide/C/backups.xml:179(para)
29663
#: serverguide/C/backups.xml:185(para)
29567
29665
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29570
#: serverguide/C/backups.xml:184(para)
29668
#: serverguide/C/backups.xml:190(para)
29572
29670
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29575
#: serverguide/C/backups.xml:189(para)
29673
#: serverguide/C/backups.xml:195(para)
29576
29674
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29579
#: serverguide/C/backups.xml:194(para)
29677
#: serverguide/C/backups.xml:200(para)
29581
29679
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29585
#: serverguide/C/backups.xml:199(para)
29683
#: serverguide/C/backups.xml:205(para)
29587
29685
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29588
29686
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29592
#: serverguide/C/backups.xml:204(para)
29690
#: serverguide/C/backups.xml:210(para)
29593
29691
msgid "<emphasis>command:</emphasis> the command to execute."
29596
#: serverguide/C/backups.xml:209(para)
29694
#: serverguide/C/backups.xml:215(para)
29598
29696
"To add or change entries in a <filename>crontab</filename> file the "
29599
29697
"<application>crontab -e</application> command should be used. Also, the "
29649
29747
"simply change the script path appropriately."
29652
#: serverguide/C/backups.xml:242(para)
29750
#: serverguide/C/backups.xml:248(para)
29654
29752
"For more in-depth <application>crontab</application> options see <xref "
29655
29753
"linkend=\"backup-shellscript-references\"/>."
29658
#: serverguide/C/backups.xml:248(title)
29756
#: serverguide/C/backups.xml:254(title)
29659
29757
msgid "Restoring from the Archive"
29662
#: serverguide/C/backups.xml:249(para)
29760
#: serverguide/C/backups.xml:255(para)
29664
29762
"Once an archive has been created it is important to test the archive. The "
29665
29763
"archive can be tested by listing the files it contains, but the best test is "
29666
29764
"to <emphasis>restore</emphasis> a file from the archive."
29669
#: serverguide/C/backups.xml:255(para)
29767
#: serverguide/C/backups.xml:261(para)
29671
29769
"To see a listing of the archive contents. From a terminal prompt type:"
29674
#: serverguide/C/backups.xml:259(command)
29772
#: serverguide/C/backups.xml:265(command)
29675
29773
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29676
29774
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
29678
#: serverguide/C/backups.xml:263(para)
29776
#: serverguide/C/backups.xml:269(para)
29679
29777
msgid "To restore a file from the archive to a different directory enter:"
29682
#: serverguide/C/backups.xml:267(command)
29780
#: serverguide/C/backups.xml:273(command)
29683
29781
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29684
29782
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29686
#: serverguide/C/backups.xml:269(para)
29784
#: serverguide/C/backups.xml:275(para)
29688
29786
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29689
29787
"redirects the extracted files to the specified directory. The above example "
29692
29790
"recreates the directory structure that it contains."
29695
#: serverguide/C/backups.xml:274(para)
29793
#: serverguide/C/backups.xml:280(para)
29697
29795
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29698
29796
"the file to restore."
29701
#: serverguide/C/backups.xml:279(para)
29799
#: serverguide/C/backups.xml:285(para)
29702
29800
msgid "To restore all files in the archive enter the following:"
29705
#: serverguide/C/backups.xml:283(command)
29803
#: serverguide/C/backups.xml:289(command)
29707
29805
msgstr "cd /"
29709
#: serverguide/C/backups.xml:284(command)
29807
#: serverguide/C/backups.xml:290(command)
29710
29808
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29711
29809
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29713
#: serverguide/C/backups.xml:289(para)
29811
#: serverguide/C/backups.xml:295(para)
29714
29812
msgid "This will overwrite the files currently on the file system."
29717
#: serverguide/C/backups.xml:298(para)
29815
#: serverguide/C/backups.xml:304(para)
29719
29817
"For more information on shell scripting see the <ulink "
29720
29818
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29723
#: serverguide/C/backups.xml:303(para)
29821
#: serverguide/C/backups.xml:309(para)
29725
29823
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29726
29824
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29727
29825
"great resource for shell scripting."
29730
#: serverguide/C/backups.xml:309(para)
29828
#: serverguide/C/backups.xml:315(para)
29732
29830
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29733
29831
"Wiki Page</ulink> contains details on advanced "
29734
29832
"<application>cron</application> options."
29737
#: serverguide/C/backups.xml:316(para)
29835
#: serverguide/C/backups.xml:322(para)
29739
29837
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29740
29838
"tar Manual</ulink> for more <application>tar</application> options."
29743
#: serverguide/C/backups.xml:322(para)
29841
#: serverguide/C/backups.xml:328(para)
29745
29843
"The Wikipedia <ulink "
29746
29844
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29747
29845
"Scheme</ulink> article contains information on other backup rotation schemes."
29750
#: serverguide/C/backups.xml:328(para)
29848
#: serverguide/C/backups.xml:334(para)
29752
29850
"The shell script uses <application>tar</application> to create the archive, "
29753
29851
"but there many other command line utilities that can be used. For example:"
29756
#: serverguide/C/backups.xml:334(para)
29854
#: serverguide/C/backups.xml:340(para)
29758
29856
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29759
29857
"files to and from archives."
29762
#: serverguide/C/backups.xml:339(para)
29860
#: serverguide/C/backups.xml:345(para)
29764
29862
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29765
29863
"the <application>coreutils</application> package. A low level utility that "
29766
29864
"can copy data from one format to another."
29769
#: serverguide/C/backups.xml:345(para)
29867
#: serverguide/C/backups.xml:351(para)
29771
29869
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29772
29870
"snapshot utility used to create copies of an entire file system."
29775
#: serverguide/C/backups.xml:351(para)
29873
#: serverguide/C/backups.xml:357(para)
29777
29875
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29778
29876
"flexible utility used to create incremental copies of files."
29781
#: serverguide/C/backups.xml:362(title)
29879
#: serverguide/C/backups.xml:368(title)
29782
29880
msgid "Archive Rotation"
29785
#: serverguide/C/backups.xml:363(para)
29883
#: serverguide/C/backups.xml:369(para)
29787
29885
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29788
29886
"seven different archives. For a server whose data doesn't change often, this "
29790
29888
"rotation scheme should be used."
29793
#: serverguide/C/backups.xml:369(title)
29891
#: serverguide/C/backups.xml:375(title)
29794
29892
msgid "Rotating NFS Archives"
29797
#: serverguide/C/backups.xml:370(para)
29895
#: serverguide/C/backups.xml:376(para)
29799
29897
"In this section, the shell script will be slightly modified to implement a "
29800
29898
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29803
#: serverguide/C/backups.xml:376(para)
29901
#: serverguide/C/backups.xml:382(para)
29805
29903
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29809
#: serverguide/C/backups.xml:381(para)
29907
#: serverguide/C/backups.xml:387(para)
29811
29909
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29812
29910
"weekly backups a month."
29815
#: serverguide/C/backups.xml:386(para)
29913
#: serverguide/C/backups.xml:392(para)
29817
29915
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29818
29916
"rotating two monthly backups based on if the month is odd or even."
29821
#: serverguide/C/backups.xml:392(para)
29919
#: serverguide/C/backups.xml:398(para)
29822
29920
msgid "Here is the new script:"
29825
#: serverguide/C/backups.xml:395(programlisting)
29923
#: serverguide/C/backups.xml:401(programlisting)
30011
30109
"network wide solution."
30014
#: serverguide/C/backups.xml:546(para)
30112
#: serverguide/C/backups.xml:552(para)
30016
30114
"<application>Bacula</application> is made up of several components and "
30017
30115
"services used to manage which files to backup and backup locations:"
30020
#: serverguide/C/backups.xml:551(para)
30118
#: serverguide/C/backups.xml:557(para)
30022
30120
"<application>Bacula Director:</application> a service that controls all "
30023
30121
"backup, restore, verify, and archive operations."
30026
#: serverguide/C/backups.xml:556(para)
30124
#: serverguide/C/backups.xml:562(para)
30028
30126
"<application>Bacula Console:</application> an application allowing "
30029
30127
"communication with the Director. There are three versions of the Console:"
30032
#: serverguide/C/backups.xml:561(para)
30130
#: serverguide/C/backups.xml:567(para)
30033
30131
msgid "Text based command line version."
30036
#: serverguide/C/backups.xml:562(para)
30134
#: serverguide/C/backups.xml:568(para)
30037
30135
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
30040
#: serverguide/C/backups.xml:563(para)
30138
#: serverguide/C/backups.xml:569(para)
30041
30139
msgid "wxWidgets GUI interface."
30044
#: serverguide/C/backups.xml:567(para)
30142
#: serverguide/C/backups.xml:573(para)
30046
30144
"<application>Bacula File:</application> also known as the "
30047
30145
"<application>Bacula Client</application> program. This application is "
30063
30161
"different databases MySQL, PostgreSQL, and SQLite."
30066
#: serverguide/C/backups.xml:584(para)
30164
#: serverguide/C/backups.xml:590(para)
30068
30166
"<application>Bacula Monitor:</application> allows the monitoring of the "
30069
30167
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
30070
30168
"available as a GTK+ GUI application."
30073
#: serverguide/C/backups.xml:590(para)
30171
#: serverguide/C/backups.xml:596(para)
30075
30173
"These services and applications can be run on multiple servers and clients, "
30076
30174
"or they can be installed on one machine if backing up a single disk or "
30080
#: serverguide/C/backups.xml:598(para)
30178
#: serverguide/C/backups.xml:604(para)
30082
30180
"If using MySQL or PostgreSQL as your database, you should already have the "
30083
30181
"services available. <application>Bacula</application> will not install them "
30087
#: serverguide/C/backups.xml:603(para)
30185
#: serverguide/C/backups.xml:609(para)
30089
30187
"There are multiple packages containing the different "
30090
30188
"<application>Bacula</application> components. To install Bacula, from a "
30091
30189
"terminal prompt enter:"
30094
#: serverguide/C/backups.xml:608(command)
30192
#: serverguide/C/backups.xml:614(command)
30095
30193
msgid "sudo apt-get install bacula"
30096
30194
msgstr "sudo apt-get install bacula"
30098
#: serverguide/C/backups.xml:610(para)
30196
#: serverguide/C/backups.xml:616(para)
30100
30198
"By default installing the <application>bacula</application> package will use "
30101
30199
"a <application>MySQL</application> database for the Catalog. If you want to "