« back to all changes in this revision
Viewing changes to serverguide/po/be.po
- browse files at revision 261
- compare with another revision
- download diff
- download tarball
- view history from revision 261
- Committer: Doug Smythies
- Date: 2016-01-05 22:55:10 UTC
- Revision ID: dsmythies@telus.net-20160105225510-2eg49ayn1hh6rk19
Updated the po files
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/be.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
10
"POT-Creation-Date: 2015-12-01 09:44-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Belarusian <be@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:33+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
17
"X-Launchpad-Export-Date: 2016-01-05 22:21+0000\n"
18
"X-Generator: Launchpad (build 17876)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
86
86
"for the development and deployment of Web-based applications."
87
87
msgstr ""
88
88
89
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
89
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:853(title) serverguide/C/web-servers.xml:976(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:805(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2799(title) serverguide/C/network-auth.xml:3271(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1287(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:602(title)
90
90
msgid "Installation"
91
91
msgstr "Усталёўка"
92
92
104
104
msgid "sudo apt-get install apache2"
105
105
msgstr "sudo apt-get install apache2"
106
106
107
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
107
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:864(title) serverguide/C/web-servers.xml:1003(title) serverguide/C/web-servers.xml:1106(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2886(title) serverguide/C/network-auth.xml:3292(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1299(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:631(title)
108
108
msgid "Configuration"
109
109
msgstr "Настаўленьні"
110
110
146
146
"<application>apache2</application> is restarted."
147
147
msgstr ""
148
148
149
#: serverguide/C/web-servers.xml:93(para)
149
#: serverguide/C/web-servers.xml:108(para)
150
150
msgid ""
151
151
"<emphasis>envvars:</emphasis> file where Apache2 "
152
152
"<emphasis>environment</emphasis> variables are set."
153
153
msgstr ""
154
154
155
#: serverguide/C/web-servers.xml:106(para)
155
#: serverguide/C/web-servers.xml:113(para)
156
156
msgid ""
157
157
"<emphasis>mods-available:</emphasis> this directory contains configuration "
158
158
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
159
159
"modules will have specific configuration files, however."
160
160
msgstr ""
161
161
162
#: serverguide/C/web-servers.xml:112(para)
162
#: serverguide/C/web-servers.xml:119(para)
163
163
msgid ""
164
164
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
165
165
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
167
167
"<application>apache2</application> is restarted."
168
168
msgstr ""
169
169
170
#: serverguide/C/web-servers.xml:119(para)
170
#: serverguide/C/web-servers.xml:126(para)
171
171
msgid ""
172
172
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
173
173
"TCP ports Apache2 is listening on."
174
174
msgstr ""
175
175
176
#: serverguide/C/web-servers.xml:124(para)
176
#: serverguide/C/web-servers.xml:131(para)
177
177
msgid ""
178
178
"<emphasis>sites-available:</emphasis> this directory has configuration files "
179
179
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
180
180
"to be configured for multiple sites that have separate configurations."
181
181
msgstr ""
182
182
183
#: serverguide/C/web-servers.xml:130(para)
183
#: serverguide/C/web-servers.xml:138(para)
184
184
msgid ""
185
185
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
186
186
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
195
195
"the first few bytes of a file."
196
196
msgstr ""
197
197
198
#: serverguide/C/web-servers.xml:138(para)
198
#: serverguide/C/web-servers.xml:151(para)
199
199
msgid ""
200
200
"In addition, other configuration files may be added using the "
201
201
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
204
204
"recognized by Apache2 when it is started or restarted."
205
205
msgstr ""
206
206
207
#: serverguide/C/web-servers.xml:147(para)
207
#: serverguide/C/web-servers.xml:160(para)
208
208
msgid ""
209
209
"The server also reads a file containing mime document types; the filename is "
210
210
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
213
213
"by default."
214
214
msgstr ""
215
215
216
#: serverguide/C/web-servers.xml:155(title)
216
#: serverguide/C/web-servers.xml:168(title)
217
217
msgid "Basic Settings"
218
218
msgstr "Асноўныя настаўленьні"
219
219
237
237
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
238
238
msgstr ""
239
239
240
#: serverguide/C/web-servers.xml:177(para)
240
#: serverguide/C/web-servers.xml:190(para)
241
241
msgid ""
242
242
"The directives set for a virtual host only apply to that particular virtual "
243
243
"host. If a directive is set server-wide and not defined within the virtual "
246
246
"virtual host."
247
247
msgstr ""
248
248
249
#: serverguide/C/web-servers.xml:185(para)
249
#: serverguide/C/web-servers.xml:198(para)
250
250
msgid ""
251
251
"If you wish to configure a new virtual host or site, copy that file into the "
252
252
"same directory with a name you choose. For example:"
258
258
"available/mynewsite.conf"
259
259
msgstr ""
260
260
261
#: serverguide/C/web-servers.xml:194(para)
261
#: serverguide/C/web-servers.xml:207(para)
262
262
msgid ""
263
263
"Edit the new file to configure the new site using some of the directives "
264
264
"described below."
265
265
msgstr ""
266
266
267
#: serverguide/C/web-servers.xml:201(para)
267
#: serverguide/C/web-servers.xml:214(para)
268
268
msgid ""
269
269
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
270
270
"to be advertised for the server's administrator. The default value is "
275
275
"configuration file in /etc/apache2/sites-available."
276
276
msgstr ""
277
277
278
#: serverguide/C/web-servers.xml:212(para)
278
#: serverguide/C/web-servers.xml:225(para)
279
279
msgid ""
280
280
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
281
281
"the IP address, Apache2 should listen on. If the IP address is not "
301
301
"available/mynewsite.conf</filename>)."
302
302
msgstr ""
303
303
304
#: serverguide/C/web-servers.xml:237(para)
304
#: serverguide/C/web-servers.xml:250(para)
305
305
msgid ""
306
306
"You may also want your site to respond to www.ubunturocks.com, since many "
307
307
"users will assume the www prefix is appropriate. Use the "
309
309
"wildcards in the ServerAlias directive."
310
310
msgstr ""
311
311
312
#: serverguide/C/web-servers.xml:244(para)
312
#: serverguide/C/web-servers.xml:257(para)
313
313
msgid ""
314
314
"For example, the following configuration will cause your site to respond to "
315
315
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
316
316
msgstr ""
317
317
318
#: serverguide/C/web-servers.xml:250(programlisting)
318
#: serverguide/C/web-servers.xml:263(programlisting)
319
319
#, no-wrap
320
320
msgid ""
321
321
"\n"
331
331
"virtual host file, and remember to create that directory if necessary!"
332
332
msgstr ""
333
333
334
#: serverguide/C/web-servers.xml:265(para)
334
#: serverguide/C/web-servers.xml:278(para)
335
335
msgid ""
336
336
"Enable the new <emphasis>VirtualHost</emphasis> using the "
337
337
"<application>a2ensite</application> utility and restart Apache2:"
338
338
msgstr ""
339
339
340
#: serverguide/C/web-servers.xml:271(command)
340
#: serverguide/C/web-servers.xml:284(command)
341
341
msgid "sudo a2ensite mynewsite"
342
342
msgstr "sudo a2ensite mynewsite"
343
343
344
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
344
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
345
345
msgid "sudo service apache2 restart"
346
346
msgstr ""
347
347
348
#: serverguide/C/web-servers.xml:276(para)
348
#: serverguide/C/web-servers.xml:289(para)
349
349
msgid ""
350
350
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
351
351
"name for the VirtualHost. One method is to name the file after the "
352
352
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
353
353
msgstr ""
354
354
355
#: serverguide/C/web-servers.xml:283(para)
355
#: serverguide/C/web-servers.xml:296(para)
356
356
msgid ""
357
357
"Similarly, use the <application>a2dissite</application> utility to disable "
358
358
"sites. This is can be useful when troubleshooting configuration problems "
359
359
"with multiple VirtualHosts:"
360
360
msgstr ""
361
361
362
#: serverguide/C/web-servers.xml:289(command)
362
#: serverguide/C/web-servers.xml:302(command)
363
363
msgid "sudo a2dissite mynewsite"
364
364
msgstr "sudo a2dissite mynewsite"
365
365
366
#: serverguide/C/web-servers.xml:295(title)
366
#: serverguide/C/web-servers.xml:308(title)
367
367
msgid "Default Settings"
368
368
msgstr "Прадвызначаныя ўсталёўкі"
369
369
370
#: serverguide/C/web-servers.xml:297(para)
370
#: serverguide/C/web-servers.xml:310(para)
371
371
msgid ""
372
372
"This section explains configuration of the Apache2 server default settings. "
373
373
"For example, if you add a virtual host, the settings you configure for the "
375
375
"defined within the virtual host settings, the default value is used."
376
376
msgstr ""
377
377
378
#: serverguide/C/web-servers.xml:309(para)
378
#: serverguide/C/web-servers.xml:322(para)
379
379
msgid ""
380
380
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
381
381
"server when a user requests an index of a directory by specifying a forward "
382
382
"slash (/) at the end of the directory name."
383
383
msgstr ""
384
384
385
#: serverguide/C/web-servers.xml:316(para)
385
#: serverguide/C/web-servers.xml:329(para)
386
386
msgid ""
387
387
"For example, when a user requests the page "
388
388
"http://www.example.com/this_directory/, he or she will get either the "
410
410
"example files."
411
411
msgstr ""
412
412
413
#: serverguide/C/web-servers.xml:347(para)
413
#: serverguide/C/web-servers.xml:360(para)
414
414
msgid ""
415
415
"By default, the server writes the transfer log to the file "
416
416
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
417
417
"per-site basis in your virtual host configuration files with the "
418
418
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
419
"specified in <filename> /etc/apache2/conf.d/other-vhosts-access-"
420
"log</filename>. You may also specify the file to which errors are logged, "
421
"via the <emphasis>ErrorLog</emphasis> directive, whose default is "
419
"specified in <filename> /etc/apache2/conf-available/other-vhosts-access-"
420
"log.conf</filename>. You may also specify the file to which errors are "
421
"logged, via the <emphasis>ErrorLog</emphasis> directive, whose default is "
422
422
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
423
423
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
424
424
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
426
426
"/etc/apache2/apache2.conf</filename> for the default value)."
427
427
msgstr ""
428
428
429
#: serverguide/C/web-servers.xml:362(para)
429
#: serverguide/C/web-servers.xml:375(para)
430
430
msgid ""
431
431
"Some options are specified on a per-directory basis rather than per-server. "
432
432
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
442
442
"</Directory>\n"
443
443
msgstr ""
444
444
445
#: serverguide/C/web-servers.xml:374(para)
445
#: serverguide/C/web-servers.xml:387(para)
446
446
msgid ""
447
447
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
448
448
"one or more of the following values (among others), separated by spaces:"
449
449
msgstr ""
450
450
451
#: serverguide/C/web-servers.xml:386(para)
451
#: serverguide/C/web-servers.xml:399(para)
452
452
msgid ""
453
453
"Most files should not be executed as CGI scripts. This would be very "
454
454
"dangerous. CGI scripts should kept in a directory separate from and outside "
457
457
"<filename>/usr/lib/cgi-bin</filename>."
458
458
msgstr ""
459
459
460
#: serverguide/C/web-servers.xml:381(para)
460
#: serverguide/C/web-servers.xml:394(para)
461
461
msgid ""
462
462
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
463
463
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
464
464
msgstr ""
465
465
466
#: serverguide/C/web-servers.xml:397(para)
466
#: serverguide/C/web-servers.xml:410(para)
467
467
msgid ""
468
468
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
469
469
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
472
472
"documentation (Ubuntu community)</ulink> for more information."
473
473
msgstr ""
474
474
475
#: serverguide/C/web-servers.xml:406(para)
475
#: serverguide/C/web-servers.xml:419(para)
476
476
msgid ""
477
477
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
478
478
"includes, but disable the <emphasis>#exec</emphasis> and "
479
479
"<emphasis>#include</emphasis> commands in CGI scripts."
480
480
msgstr ""
481
481
482
#: serverguide/C/web-servers.xml:418(para)
482
#: serverguide/C/web-servers.xml:431(para)
483
483
msgid ""
484
484
"For security reasons, this should usually not be set, and certainly should "
485
485
"not be set on your DocumentRoot directory. Enable this option carefully on a "
487
487
"contents of the directory."
488
488
msgstr ""
489
489
490
#: serverguide/C/web-servers.xml:413(para)
490
#: serverguide/C/web-servers.xml:426(para)
491
491
msgid ""
492
492
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
493
493
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
503
503
"Apache2 documentation on this option</ulink>."
504
504
msgstr ""
505
505
506
#: serverguide/C/web-servers.xml:436(para)
506
#: serverguide/C/web-servers.xml:449(para)
507
507
msgid ""
508
508
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
509
509
"symbolic links if the target file or directory has the same owner as the "
510
510
"link."
511
511
msgstr ""
512
512
513
#: serverguide/C/web-servers.xml:448(title)
513
#: serverguide/C/web-servers.xml:461(title)
514
514
msgid "httpd Settings"
515
515
msgstr "httpd Наладкі"
516
516
517
#: serverguide/C/web-servers.xml:450(para)
517
#: serverguide/C/web-servers.xml:463(para)
518
518
msgid ""
519
519
"This section explains some basic <application>httpd</application> daemon "
520
520
"configuration settings."
521
521
msgstr ""
522
522
523
#: serverguide/C/web-servers.xml:454(para)
523
#: serverguide/C/web-servers.xml:467(para)
524
524
msgid ""
525
525
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
526
526
"the path to the lockfile used when the server is compiled with either "
531
531
"that is readable only by root."
532
532
msgstr ""
533
533
534
#: serverguide/C/web-servers.xml:463(para)
534
#: serverguide/C/web-servers.xml:476(para)
535
535
msgid ""
536
536
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
537
537
"file in which the server records its process ID (pid). This file should only "
538
538
"be readable by root. In most cases, it should be left to the default value."
539
539
msgstr ""
540
540
541
#: serverguide/C/web-servers.xml:469(para)
541
#: serverguide/C/web-servers.xml:482(para)
542
542
msgid ""
543
543
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
544
544
"used by the server to answer requests. This setting determines the server's "
546
546
"your website's visitors. The default value for User is \"www-data\"."
547
547
msgstr ""
548
548
549
#: serverguide/C/web-servers.xml:476(para)
549
#: serverguide/C/web-servers.xml:489(para)
550
550
msgid ""
551
551
"Unless you know exactly what you are doing, do not set the User directive to "
552
552
"root. Using root as the User will create large security holes for your Web "
553
553
"server."
554
554
msgstr ""
555
555
556
#: serverguide/C/web-servers.xml:482(para)
556
#: serverguide/C/web-servers.xml:495(para)
557
557
msgid ""
558
558
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
559
559
"the User directive. Group sets the group under which the server will answer "
560
560
"requests. The default group is also \"www-data\"."
561
561
msgstr ""
562
562
563
#: serverguide/C/web-servers.xml:489(title)
563
#: serverguide/C/web-servers.xml:502(title)
564
564
msgid "Apache2 Modules"
565
565
msgstr ""
566
566
567
#: serverguide/C/web-servers.xml:491(para)
567
#: serverguide/C/web-servers.xml:504(para)
568
568
msgid ""
569
569
"Apache2 is a modular server. This implies that only the most basic "
570
570
"functionality is included in the core server. Extended features are "
575
575
"Apache2 must be recompiled to add or remove modules."
576
576
msgstr ""
577
577
578
#: serverguide/C/web-servers.xml:503(para)
578
#: serverguide/C/web-servers.xml:516(para)
579
579
msgid ""
580
580
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
581
581
"Configuration directives may be conditionally included on the presence of a "
583
583
"<emphasis><IfModule></emphasis> block."
584
584
msgstr ""
585
585
586
#: serverguide/C/web-servers.xml:510(para)
586
#: serverguide/C/web-servers.xml:523(para)
587
587
msgid ""
588
588
"You can install additional Apache2 modules and use them with your Web "
589
589
"server. For example, run the following command from a terminal prompt to "
590
590
"install the <emphasis>MySQL Authentication</emphasis> module:"
591
591
msgstr ""
592
592
593
#: serverguide/C/web-servers.xml:517(command)
593
#: serverguide/C/web-servers.xml:530(command)
594
594
msgid "sudo apt-get install libapache2-mod-auth-mysql"
595
595
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
596
596
597
#: serverguide/C/web-servers.xml:520(para)
597
#: serverguide/C/web-servers.xml:533(para)
598
598
msgid ""
599
599
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
600
600
"additional modules."
601
601
msgstr ""
602
602
603
#: serverguide/C/web-servers.xml:524(para)
603
#: serverguide/C/web-servers.xml:537(para)
604
604
msgid ""
605
605
"Use the <application>a2enmod</application> utility to enable a module:"
606
606
msgstr ""
607
607
608
#: serverguide/C/web-servers.xml:530(command)
608
#: serverguide/C/web-servers.xml:543(command)
609
609
msgid "sudo a2enmod auth_mysql"
610
610
msgstr "sudo a2enmod auth_mysql"
611
611
612
#: serverguide/C/web-servers.xml:534(para)
612
#: serverguide/C/web-servers.xml:547(para)
613
613
msgid "Similarly, <application>a2dismod</application> will disable a module:"
614
614
msgstr ""
615
615
616
#: serverguide/C/web-servers.xml:539(command)
616
#: serverguide/C/web-servers.xml:552(command)
617
617
msgid "sudo a2dismod auth_mysql"
618
618
msgstr "sudo a2dismod auth_mysql"
619
619
620
#: serverguide/C/web-servers.xml:546(title)
620
#: serverguide/C/web-servers.xml:559(title)
621
621
msgid "HTTPS Configuration"
622
622
msgstr "Настаўленьні HTTPS"
623
623
624
#: serverguide/C/web-servers.xml:548(para)
624
#: serverguide/C/web-servers.xml:561(para)
625
625
msgid ""
626
626
"The <application>mod_ssl</application> module adds an important feature to "
627
627
"the Apache2 server - the ability to encrypt communications. Thus, when your "
630
630
"bar."
631
631
msgstr ""
632
632
633
#: serverguide/C/web-servers.xml:557(para)
633
#: serverguide/C/web-servers.xml:570(para)
634
634
msgid ""
635
635
"The <application>mod_ssl</application> module is available in "
636
636
"<application>apache2-common</application> package. Execute the following "
638
638
"<application>mod_ssl</application> module:"
639
639
msgstr ""
640
640
641
#: serverguide/C/web-servers.xml:564(command)
641
#: serverguide/C/web-servers.xml:577(command)
642
642
msgid "sudo a2enmod ssl"
643
643
msgstr "sudo a2enmod ssl"
644
644
656
656
"linkend=\"certificates-and-security\"/>"
657
657
msgstr ""
658
658
659
#: serverguide/C/web-servers.xml:577(para)
659
#: serverguide/C/web-servers.xml:590(para)
660
660
msgid ""
661
661
"To configure <application>Apache2</application> for HTTPS, enter the "
662
662
"following:"
663
663
msgstr ""
664
664
665
#: serverguide/C/web-servers.xml:582(command)
665
#: serverguide/C/web-servers.xml:595(command)
666
666
msgid "sudo a2ensite default-ssl"
667
667
msgstr "sudo a2ensite default-ssl"
668
668
669
#: serverguide/C/web-servers.xml:586(para)
669
#: serverguide/C/web-servers.xml:599(para)
670
670
msgid ""
671
671
"The directories <filename>/etc/ssl/certs</filename> and "
672
672
"<filename>/etc/ssl/private</filename> are the default locations. If you "
675
675
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
676
676
msgstr ""
677
677
678
#: serverguide/C/web-servers.xml:593(para)
678
#: serverguide/C/web-servers.xml:606(para)
679
679
msgid ""
680
680
"With Apache2 now configured for HTTPS, restart the service to enable the new "
681
681
"settings:"
682
682
msgstr ""
683
683
684
#: serverguide/C/web-servers.xml:604(para)
684
#: serverguide/C/web-servers.xml:617(para)
685
685
msgid ""
686
686
"Depending on how you obtained your certificate you may need to enter a "
687
687
"passphrase when <application>Apache2</application> starts."
688
688
msgstr ""
689
689
690
#: serverguide/C/web-servers.xml:610(para)
690
#: serverguide/C/web-servers.xml:623(para)
691
691
msgid ""
692
692
"You can access the secure server pages by typing https://your_hostname/url/ "
693
693
"in your browser address bar."
694
694
msgstr ""
695
695
696
#: serverguide/C/web-servers.xml:617(title)
696
#: serverguide/C/web-servers.xml:630(title)
697
697
msgid "Sharing Write Permission"
698
698
msgstr ""
699
699
714
714
msgstr ""
715
715
716
716
#: serverguide/C/web-servers.xml:641(command)
717
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
718
msgstr ""
719
720
#: serverguide/C/web-servers.xml:632(para)
717
msgid "sudo find /var/www/html -type f -exec chmod g=rw \"{}\" \\;"
718
msgstr ""
719
720
#: serverguide/C/web-servers.xml:643(para)
721
msgid ""
722
"These commands recursively set the group permission on all files and "
723
"directories in /var/www/html to read write and set user id. This has the "
724
"effect of having the files and directories inherit their group and "
725
"permission from their parrent. Many admins find this useful for allowing "
726
"multiple users to edit files in a directory tree."
727
msgstr ""
728
729
#: serverguide/C/web-servers.xml:652(para)
721
730
msgid ""
722
731
"If access must be granted to more than one group per directory, enable "
723
732
"Access Control Lists (ACLs)."
724
733
msgstr ""
725
734
726
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
735
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:809(title) serverguide/C/web-servers.xml:958(title) serverguide/C/web-servers.xml:1053(title) serverguide/C/web-servers.xml:1278(title) serverguide/C/vpn.xml:843(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1217(title) serverguide/C/security.xml:1631(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:301(title)
727
736
msgid "References"
728
737
msgstr "Спасылкі"
729
738
730
#: serverguide/C/web-servers.xml:656(para)
739
#: serverguide/C/web-servers.xml:663(para)
731
740
msgid ""
732
741
"<ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
733
742
"Documentation</ulink> contains in depth information on Apache2 configuration "
735
744
"the official Apache2 docs."
736
745
msgstr ""
737
746
738
#: serverguide/C/web-servers.xml:650(para)
747
#: serverguide/C/web-servers.xml:670(para)
739
748
msgid ""
740
749
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
741
750
"Documentation</ulink> site for more SSL related information."
742
751
msgstr ""
743
752
744
#: serverguide/C/web-servers.xml:656(para)
753
#: serverguide/C/web-servers.xml:676(para)
745
754
msgid ""
746
755
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
747
756
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
748
757
"configurations."
749
758
msgstr ""
750
759
751
#: serverguide/C/web-servers.xml:662(para)
760
#: serverguide/C/web-servers.xml:682(para)
752
761
msgid ""
753
762
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
754
763
"server</emphasis> IRC channel on <ulink "
755
764
"url=\"http://freenode.net/\">freenode.net</ulink>."
756
765
msgstr ""
757
766
758
#: serverguide/C/web-servers.xml:668(para)
767
#: serverguide/C/web-servers.xml:688(para)
759
768
msgid ""
760
769
"Usually integrated with PHP and MySQL the <ulink "
761
770
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
762
771
"Ubuntu Wiki </ulink> page is a good resource."
763
772
msgstr ""
764
773
765
#: serverguide/C/web-servers.xml:679(title)
774
#: serverguide/C/web-servers.xml:699(title)
766
775
msgid "PHP5 - Scripting Language"
767
776
msgstr ""
768
777
769
#: serverguide/C/web-servers.xml:680(para)
778
#: serverguide/C/web-servers.xml:700(para)
770
779
msgid ""
771
780
"PHP is a general-purpose scripting language suited for Web development. The "
772
781
"PHP script can be embedded into HTML. This section explains how to install "
773
782
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
774
783
msgstr ""
775
784
776
#: serverguide/C/web-servers.xml:684(para)
785
#: serverguide/C/web-servers.xml:704(para)
777
786
msgid ""
778
787
"This section assumes you have installed and configured Apache2 Web Server "
779
788
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
781
790
"respectively."
782
791
msgstr ""
783
792
784
#: serverguide/C/web-servers.xml:691(para)
793
#: serverguide/C/web-servers.xml:711(para)
785
794
msgid ""
786
795
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
787
796
"installed in the base system, PHP must be added."
788
797
msgstr ""
789
798
790
#: serverguide/C/web-servers.xml:695(para)
799
#: serverguide/C/web-servers.xml:715(para)
791
800
msgid ""
792
801
"To install PHP5 you can enter the following command in the terminal prompt: "
793
802
"<screen>\n"
795
804
"</screen>"
796
805
msgstr ""
797
806
798
#: serverguide/C/web-servers.xml:704(para)
807
#: serverguide/C/web-servers.xml:724(para)
799
808
msgid ""
800
809
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
801
810
"line you should install <application>php5-cli</application> package. To "
805
814
"</screen>"
806
815
msgstr ""
807
816
808
#: serverguide/C/web-servers.xml:713(para)
817
#: serverguide/C/web-servers.xml:733(para)
809
818
msgid ""
810
819
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
811
820
"accomplish this, you should install <application>php5-cgi</application> "
815
824
"</screen>"
816
825
msgstr ""
817
826
818
#: serverguide/C/web-servers.xml:723(para)
827
#: serverguide/C/web-servers.xml:743(para)
819
828
msgid ""
820
829
"To use <application>MySQL</application> with PHP5 you should install "
821
830
"<application>php5-mysql</application> package. To install <application>php5-"
825
834
"</screen>"
826
835
msgstr ""
827
836
828
#: serverguide/C/web-servers.xml:731(para)
837
#: serverguide/C/web-servers.xml:751(para)
829
838
msgid ""
830
839
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
831
840
"install <application>php5-pgsql</application> package. To install "
835
844
"</screen>"
836
845
msgstr ""
837
846
838
#: serverguide/C/web-servers.xml:744(para)
847
#: serverguide/C/web-servers.xml:764(para)
839
848
msgid ""
840
849
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
841
850
"you have installed <application>php5-cli</application> package, you can run "
842
851
"PHP5 scripts from your command prompt."
843
852
msgstr ""
844
853
845
#: serverguide/C/web-servers.xml:751(para)
854
#: serverguide/C/web-servers.xml:771(para)
846
855
msgid ""
847
856
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
848
857
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
853
862
"command."
854
863
msgstr ""
855
864
856
#: serverguide/C/web-servers.xml:762(para)
865
#: serverguide/C/web-servers.xml:782(para)
857
866
msgid ""
858
867
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
859
868
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
861
870
"<screen><command>sudo service apache2 restart</command> </screen>"
862
871
msgstr ""
863
872
864
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
873
#: serverguide/C/web-servers.xml:790(title) serverguide/C/network-auth.xml:1076(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1669(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
865
874
msgid "Testing"
866
875
msgstr "Праверка"
867
876
868
#: serverguide/C/web-servers.xml:771(para)
877
#: serverguide/C/web-servers.xml:791(para)
869
878
msgid ""
870
879
"To verify your installation, you can run following PHP5 phpinfo script:"
871
880
msgstr ""
872
881
873
#: serverguide/C/web-servers.xml:774(programlisting)
882
#: serverguide/C/web-servers.xml:794(programlisting)
874
883
#, no-wrap
875
884
msgid ""
876
885
"\n"
879
888
"?>\n"
880
889
msgstr ""
881
890
882
#: serverguide/C/web-servers.xml:779(para)
891
#: serverguide/C/web-servers.xml:799(para)
883
892
msgid ""
884
893
"You can save the content in a file <filename>phpinfo.php</filename> and "
885
894
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
888
897
"various PHP5 configuration parameters."
889
898
msgstr ""
890
899
891
#: serverguide/C/web-servers.xml:793(para)
900
#: serverguide/C/web-servers.xml:813(para)
892
901
msgid ""
893
902
"For more in depth information see <ulink "
894
903
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
896
905
"Для больш зьмястоўнай інфармацыі глядзіце дакумэнтацыю <ulink "
897
906
"url=\"http://www.php.net/docs.php\">php.net</ulink>."
898
907
899
#: serverguide/C/web-servers.xml:798(para)
908
#: serverguide/C/web-servers.xml:818(para)
900
909
msgid ""
901
910
"There are a plethora of books on PHP. Two good books from O'Reilly are "
902
911
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
904
913
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
905
914
msgstr ""
906
915
907
#: serverguide/C/web-servers.xml:805(para)
916
#: serverguide/C/web-servers.xml:825(para)
908
917
msgid ""
909
918
"Also, see the <ulink "
910
919
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
911
920
"Ubuntu Wiki</ulink> page for more information."
912
921
msgstr ""
913
922
914
#: serverguide/C/web-servers.xml:816(title)
923
#: serverguide/C/web-servers.xml:836(title)
915
924
msgid "Squid - Proxy Server"
916
925
msgstr "Squid - паўнамоцны паслужнік"
917
926
918
#: serverguide/C/web-servers.xml:830(para)
927
#: serverguide/C/web-servers.xml:837(para)
919
928
msgid ""
920
929
"Squid is a full-featured web proxy cache server application which provides "
921
930
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
928
937
"(WCCP)."
929
938
msgstr ""
930
939
931
#: serverguide/C/web-servers.xml:838(para)
940
#: serverguide/C/web-servers.xml:845(para)
932
941
msgid ""
933
942
"The Squid proxy cache server is an excellent solution to a variety of proxy "
934
943
"and caching server needs, and scales from the branch office to enterprise "
940
949
"for increased performance."
941
950
msgstr ""
942
951
943
#: serverguide/C/web-servers.xml:834(para)
952
#: serverguide/C/web-servers.xml:854(para)
944
953
msgid ""
945
954
"At a terminal prompt, enter the following command to install the Squid "
946
955
"server:"
947
956
msgstr ""
948
957
949
#: serverguide/C/web-servers.xml:852(command)
958
#: serverguide/C/web-servers.xml:859(command)
950
959
msgid "sudo apt-get install squid3"
951
960
msgstr ""
952
961
953
#: serverguide/C/web-servers.xml:858(para)
962
#: serverguide/C/web-servers.xml:865(para)
954
963
msgid ""
955
964
"Squid is configured by editing the directives contained within the "
956
965
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
959
968
"of Squid, see the References section."
960
969
msgstr ""
961
970
962
#: serverguide/C/web-servers.xml:864(para)
971
#: serverguide/C/web-servers.xml:871(para)
963
972
msgid ""
964
973
"Prior to editing the configuration file, you should make a copy of the "
965
974
"original file and protect it from writing so you will have the original "
967
976
"protect it from writing using the following commands:"
968
977
msgstr ""
969
978
970
#: serverguide/C/web-servers.xml:870(command)
979
#: serverguide/C/web-servers.xml:877(command)
971
980
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
972
981
msgstr ""
973
982
974
#: serverguide/C/web-servers.xml:871(command)
983
#: serverguide/C/web-servers.xml:878(command)
975
984
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
976
985
msgstr ""
977
986
978
#: serverguide/C/web-servers.xml:866(para)
987
#: serverguide/C/web-servers.xml:885(para)
979
988
msgid ""
980
989
"To set your Squid server to listen on TCP port 8888 instead of the default "
981
990
"TCP port 3128, change the http_port directive as such:"
982
991
msgstr ""
983
992
984
#: serverguide/C/web-servers.xml:870(programlisting)
993
#: serverguide/C/web-servers.xml:889(programlisting)
985
994
#, no-wrap
986
995
msgid ""
987
996
"\n"
990
999
"\n"
991
1000
"http_port 8888\n"
992
1001
993
#: serverguide/C/web-servers.xml:875(para)
1002
#: serverguide/C/web-servers.xml:894(para)
994
1003
msgid ""
995
1004
"Change the visible_hostname directive in order to give the Squid server a "
996
1005
"specific hostname. This hostname does not necessarily need to be the "
997
1006
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
998
1007
msgstr ""
999
1008
1000
#: serverguide/C/web-servers.xml:879(programlisting)
1009
#: serverguide/C/web-servers.xml:898(programlisting)
1001
1010
#, no-wrap
1002
1011
msgid ""
1003
1012
"\n"
1004
1013
"visible_hostname weezie\n"
1005
1014
msgstr ""
1006
1015
1007
#: serverguide/C/web-servers.xml:884(para)
1016
#: serverguide/C/web-servers.xml:903(para)
1008
1017
msgid ""
1009
1018
"Using Squid's access control, you may configure use of Internet services "
1010
1019
"proxied by Squid to be available only users with certain Internet Protocol "
1012
1021
"192.168.42.0/24 subnetwork only:"
1013
1022
msgstr ""
1014
1023
1015
#: serverguide/C/web-servers.xml:901(para) serverguide/C/web-servers.xml:921(para)
1024
#: serverguide/C/web-servers.xml:908(para) serverguide/C/web-servers.xml:928(para)
1016
1025
msgid ""
1017
1026
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1018
1027
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1019
1028
msgstr ""
1020
1029
1021
#: serverguide/C/web-servers.xml:892(programlisting)
1030
#: serverguide/C/web-servers.xml:911(programlisting)
1022
1031
#, no-wrap
1023
1032
msgid ""
1024
1033
"\n"
1027
1036
"\n"
1028
1037
"acl fortytwo_network src 192.168.42.0/24\n"
1029
1038
1030
#: serverguide/C/web-servers.xml:907(para) serverguide/C/web-servers.xml:928(para)
1039
#: serverguide/C/web-servers.xml:914(para) serverguide/C/web-servers.xml:935(para)
1031
1040
msgid ""
1032
1041
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1033
1042
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1034
1043
msgstr ""
1035
1044
1036
#: serverguide/C/web-servers.xml:899(programlisting)
1045
#: serverguide/C/web-servers.xml:918(programlisting)
1037
1046
#, no-wrap
1038
1047
msgid ""
1039
1048
"\n"
1042
1051
"\n"
1043
1052
"http_access allow fortytwo_network\n"
1044
1053
1045
#: serverguide/C/web-servers.xml:916(para)
1054
#: serverguide/C/web-servers.xml:923(para)
1046
1055
msgid ""
1047
1056
"Using the excellent access control features of Squid, you may configure use "
1048
1057
"of Internet services proxied by Squid to be available only during normal "
1051
1060
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1052
1061
msgstr ""
1053
1062
1054
#: serverguide/C/web-servers.xml:912(programlisting)
1055
#, no-wrap
1056
msgid ""
1057
"\n"
1058
"acl biz_network src 10.1.42.0/24\n"
1059
"acl biz_hours time M T W T F 9:00-17:00\n"
1060
msgstr ""
1061
"\n"
1062
"acl biz_network src 10.1.42.0/24\n"
1063
"acl biz_hours time M T W T F 9:00-17:00\n"
1064
1065
#: serverguide/C/web-servers.xml:920(programlisting)
1066
#, no-wrap
1067
msgid ""
1068
"\n"
1069
"http_access allow biz_network biz_hours\n"
1070
msgstr ""
1071
"\n"
1072
"http_access allow biz_network biz_hours\n"
1073
1074
#: serverguide/C/web-servers.xml:939(para)
1063
#: serverguide/C/web-servers.xml:931(programlisting)
1064
#, no-wrap
1065
msgid ""
1066
"\n"
1067
"acl biz_network src 10.1.42.0/24\n"
1068
"acl biz_hours time M T W T F 9:00-17:00\n"
1069
msgstr ""
1070
"\n"
1071
"acl biz_network src 10.1.42.0/24\n"
1072
"acl biz_hours time M T W T F 9:00-17:00\n"
1073
1074
#: serverguide/C/web-servers.xml:939(programlisting)
1075
#, no-wrap
1076
msgid ""
1077
"\n"
1078
"http_access allow biz_network biz_hours\n"
1079
msgstr ""
1080
"\n"
1081
"http_access allow biz_network biz_hours\n"
1082
1083
#: serverguide/C/web-servers.xml:946(para)
1075
1084
msgid ""
1076
1085
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1077
1086
"file, save the file and restart the <application>squid</application> server "
1079
1088
"terminal prompt:"
1080
1089
msgstr ""
1081
1090
1082
#: serverguide/C/web-servers.xml:945(command)
1091
#: serverguide/C/web-servers.xml:952(command)
1083
1092
msgid "sudo service squid3 restart"
1084
1093
msgstr ""
1085
1094
1086
#: serverguide/C/web-servers.xml:941(ulink)
1095
#: serverguide/C/web-servers.xml:960(ulink)
1087
1096
msgid "Squid Website"
1088
1097
msgstr "Вэб старонка Squid"
1089
1098
1090
#: serverguide/C/web-servers.xml:943(para)
1099
#: serverguide/C/web-servers.xml:962(para)
1091
1100
msgid ""
1092
1101
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1093
1102
"Squid</ulink> page."
1094
1103
msgstr ""
1095
1104
1096
#: serverguide/C/web-servers.xml:950(title)
1105
#: serverguide/C/web-servers.xml:969(title)
1097
1106
msgid "Ruby on Rails"
1098
1107
msgstr "Ruby on Rails"
1099
1108
1100
#: serverguide/C/web-servers.xml:951(para)
1109
#: serverguide/C/web-servers.xml:970(para)
1101
1110
msgid ""
1102
1111
"Ruby on Rails is an open source web framework for developing database backed "
1103
1112
"web applications. It is optimized for sustainable productivity of the "
1105
1114
"convention over configuration."
1106
1115
msgstr ""
1107
1116
1108
#: serverguide/C/web-servers.xml:958(para)
1117
#: serverguide/C/web-servers.xml:977(para)
1109
1118
msgid ""
1110
1119
"Before installing <application>Rails</application> you should install "
1111
1120
"<application>Apache</application> and <application>MySQL</application>. To "
1114
1123
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1115
1124
msgstr ""
1116
1125
1117
#: serverguide/C/web-servers.xml:966(para)
1126
#: serverguide/C/web-servers.xml:985(para)
1118
1127
msgid ""
1119
1128
"Once you have <application>Apache</application> and "
1120
1129
"<application>MySQL</application> packages installed, you are ready to "
1121
1130
"install <application>Ruby on Rails</application> package."
1122
1131
msgstr ""
1123
1132
1124
#: serverguide/C/web-servers.xml:973(para)
1133
#: serverguide/C/web-servers.xml:992(para)
1125
1134
msgid ""
1126
1135
"To install the <application>Ruby</application> base packages and "
1127
1136
"<application>Ruby on Rails</application>, you can enter the following "
1131
1140
"<application>Ruby on Rails</application>, можаце ўвесці ў тэрмінале наступны "
1132
1141
"загад::"
1133
1142
1134
#: serverguide/C/web-servers.xml:979(command)
1143
#: serverguide/C/web-servers.xml:998(command)
1135
1144
msgid "sudo apt-get install rails"
1136
1145
msgstr "sudo apt-get install rails"
1137
1146
1138
#: serverguide/C/web-servers.xml:997(para)
1147
#: serverguide/C/web-servers.xml:1004(para)
1139
1148
msgid ""
1140
1149
"Modify the <filename>/etc/apache2/sites-available/000-"
1141
1150
"default.conf</filename> configuration file to setup your domains."
1142
1151
msgstr ""
1143
1152
1144
#: serverguide/C/web-servers.xml:989(para)
1153
#: serverguide/C/web-servers.xml:1008(para)
1145
1154
msgid ""
1146
1155
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1147
1156
msgstr ""
1148
1157
1149
#: serverguide/C/web-servers.xml:993(programlisting)
1158
#: serverguide/C/web-servers.xml:1012(programlisting)
1150
1159
#, no-wrap
1151
1160
msgid ""
1152
1161
"\n"
1153
1162
"DocumentRoot /path/to/rails/application/public\n"
1154
1163
msgstr ""
1155
1164
1156
#: serverguide/C/web-servers.xml:996(para)
1165
#: serverguide/C/web-servers.xml:1015(para)
1157
1166
msgid ""
1158
1167
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1159
1168
"directive:"
1160
1169
msgstr ""
1161
1170
1162
#: serverguide/C/web-servers.xml:1000(programlisting)
1171
#: serverguide/C/web-servers.xml:1019(programlisting)
1163
1172
#, no-wrap
1164
1173
msgid ""
1165
1174
"\n"
1172
1181
"</Directory>\n"
1173
1182
msgstr ""
1174
1183
1175
#: serverguide/C/web-servers.xml:1010(para)
1184
#: serverguide/C/web-servers.xml:1029(para)
1176
1185
msgid ""
1177
1186
"You should also enable the <application>mod_rewrite</application> module for "
1178
1187
"Apache. To enable <application>mod_rewrite</application> module, please "
1179
1188
"enter the following command in a terminal prompt:"
1180
1189
msgstr ""
1181
1190
1182
#: serverguide/C/web-servers.xml:1016(command)
1191
#: serverguide/C/web-servers.xml:1035(command)
1183
1192
msgid "sudo a2enmod rewrite"
1184
1193
msgstr "sudo a2enmod rewrite"
1185
1194
1186
#: serverguide/C/web-servers.xml:1019(para)
1195
#: serverguide/C/web-servers.xml:1038(para)
1187
1196
msgid ""
1188
1197
"Finally you will need to change the ownership of the "
1189
1198
"<filename>/path/to/rails/application/public</filename> and "
1191
1200
"used to run the <application>Apache</application> process:"
1192
1201
msgstr ""
1193
1202
1194
#: serverguide/C/web-servers.xml:1025(command)
1203
#: serverguide/C/web-servers.xml:1044(command)
1195
1204
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1196
1205
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
1197
1206
1198
#: serverguide/C/web-servers.xml:1026(command)
1207
#: serverguide/C/web-servers.xml:1045(command)
1199
1208
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1200
1209
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1201
1210
1202
#: serverguide/C/web-servers.xml:1029(para)
1211
#: serverguide/C/web-servers.xml:1048(para)
1203
1212
msgid ""
1204
1213
"That's it! Now you have your Server ready for your <application>Ruby on "
1205
1214
"Rails</application> applications."
1206
1215
msgstr ""
1207
1216
1208
#: serverguide/C/web-servers.xml:1038(para)
1217
#: serverguide/C/web-servers.xml:1057(para)
1209
1218
msgid ""
1210
1219
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1211
1220
"for more information."
1213
1222
"Глядзіце вэб-старонку <ulink url=\"http://rubyonrails.org/\">Ruby on "
1214
1223
"Rails</ulink> для больш зьмястоўнай інфармацыі."
1215
1224
1216
#: serverguide/C/web-servers.xml:1043(para)
1225
#: serverguide/C/web-servers.xml:1062(para)
1217
1226
msgid ""
1218
1227
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1219
1228
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1220
1229
"resource."
1221
1230
msgstr ""
1222
1231
1223
#: serverguide/C/web-servers.xml:1049(para)
1232
#: serverguide/C/web-servers.xml:1068(para)
1224
1233
msgid ""
1225
1234
"Another place for more information is the <ulink "
1226
1235
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1227
1236
"Wiki</ulink> page."
1228
1237
msgstr ""
1229
1238
1230
#: serverguide/C/web-servers.xml:1060(title)
1239
#: serverguide/C/web-servers.xml:1079(title)
1231
1240
msgid "Apache Tomcat"
1232
1241
msgstr "Apache Tomcat"
1233
1242
1234
#: serverguide/C/web-servers.xml:1061(para)
1243
#: serverguide/C/web-servers.xml:1080(para)
1235
1244
msgid ""
1236
1245
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1237
1246
"JSP (Java Server Pages) web applications."
1238
1247
msgstr ""
1239
1248
1240
#: serverguide/C/web-servers.xml:1075(para)
1249
#: serverguide/C/web-servers.xml:1082(para)
1241
1250
msgid ""
1242
1251
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1243
1252
"legacy version, and Tomcat 7 is the current version where new features are "
1245
1254
"but most configuration details are valid for both versions."
1246
1255
msgstr ""
1247
1256
1248
#: serverguide/C/web-servers.xml:1078(para)
1257
#: serverguide/C/web-servers.xml:1085(para)
1249
1258
msgid ""
1250
1259
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1251
1260
"You can install them as a classic unique system-wide instance, that will be "
1256
1265
"need to test on their own private Tomcat instances."
1257
1266
msgstr ""
1258
1267
1259
#: serverguide/C/web-servers.xml:1073(title)
1268
#: serverguide/C/web-servers.xml:1095(title)
1260
1269
msgid "System-wide installation"
1261
1270
msgstr ""
1262
1271
1263
#: serverguide/C/web-servers.xml:1074(para)
1272
#: serverguide/C/web-servers.xml:1096(para)
1264
1273
msgid ""
1265
1274
"To install the Tomcat server, you can enter the following command in the "
1266
1275
"terminal prompt:"
1267
1276
msgstr ""
1268
1277
1269
#: serverguide/C/web-servers.xml:1092(command)
1278
#: serverguide/C/web-servers.xml:1099(command)
1270
1279
msgid "sudo apt-get install tomcat7"
1271
1280
msgstr ""
1272
1281
1273
#: serverguide/C/web-servers.xml:1079(para)
1282
#: serverguide/C/web-servers.xml:1101(para)
1274
1283
msgid ""
1275
1284
"This will install a Tomcat server with just a default ROOT webapp that "
1276
1285
"displays a minimal \"It works\" page by default."
1277
1286
msgstr ""
1278
1287
1279
#: serverguide/C/web-servers.xml:1100(para)
1288
#: serverguide/C/web-servers.xml:1107(para)
1280
1289
msgid ""
1281
1290
"Tomcat configuration files can be found in "
1282
1291
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1285
1294
"documentation</ulink> for more."
1286
1295
msgstr ""
1287
1296
1288
#: serverguide/C/web-servers.xml:1091(title)
1297
#: serverguide/C/web-servers.xml:1113(title)
1289
1298
msgid "Changing default ports"
1290
1299
msgstr "Зьмяніць прадвызначаныя парты"
1291
1300
1292
#: serverguide/C/web-servers.xml:1107(para)
1301
#: serverguide/C/web-servers.xml:1114(para)
1293
1302
msgid ""
1294
1303
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1295
1304
"port 8009. You might want to change those default ports to avoid conflict "
1297
1306
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1298
1307
msgstr ""
1299
1308
1300
#: serverguide/C/web-servers.xml:1097(programlisting)
1309
#: serverguide/C/web-servers.xml:1119(programlisting)
1301
1310
#, no-wrap
1302
1311
msgid ""
1303
1312
"\n"
1309
1318
"/>\n"
1310
1319
msgstr ""
1311
1320
1312
#: serverguide/C/web-servers.xml:1106(title)
1321
#: serverguide/C/web-servers.xml:1128(title)
1313
1322
msgid "Changing JVM used"
1314
1323
msgstr ""
1315
1324
1316
#: serverguide/C/web-servers.xml:1122(para)
1325
#: serverguide/C/web-servers.xml:1129(para)
1317
1326
msgid ""
1318
1327
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1319
1328
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1320
1329
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1321
1330
msgstr ""
1322
1331
1323
#: serverguide/C/web-servers.xml:1111(programlisting)
1332
#: serverguide/C/web-servers.xml:1133(programlisting)
1324
1333
#, no-wrap
1325
1334
msgid ""
1326
1335
"\n"
1329
1338
"\n"
1330
1339
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1331
1340
1332
#: serverguide/C/web-servers.xml:1116(title)
1341
#: serverguide/C/web-servers.xml:1138(title)
1333
1342
msgid "Declaring users and roles"
1334
1343
msgstr ""
1335
1344
1336
#: serverguide/C/web-servers.xml:1132(para)
1345
#: serverguide/C/web-servers.xml:1139(para)
1337
1346
msgid ""
1338
1347
"Usernames, passwords and roles (groups) can be defined centrally in a "
1339
1348
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1340
1349
"users.xml</filename> file:"
1341
1350
msgstr ""
1342
1351
1343
#: serverguide/C/web-servers.xml:1120(programlisting)
1352
#: serverguide/C/web-servers.xml:1142(programlisting)
1344
1353
#, no-wrap
1345
1354
msgid ""
1346
1355
"\n"
1348
1357
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1349
1358
msgstr ""
1350
1359
1351
#: serverguide/C/web-servers.xml:1128(title)
1360
#: serverguide/C/web-servers.xml:1150(title)
1352
1361
msgid "Using Tomcat standard webapps"
1353
1362
msgstr ""
1354
1363
1355
#: serverguide/C/web-servers.xml:1129(para)
1364
#: serverguide/C/web-servers.xml:1151(para)
1356
1365
msgid ""
1357
1366
"Tomcat is shipped with webapps that you can install for documentation, "
1358
1367
"administration or demo purposes."
1359
1368
msgstr ""
1360
1369
1361
#: serverguide/C/web-servers.xml:1132(title)
1370
#: serverguide/C/web-servers.xml:1154(title)
1362
1371
msgid "Tomcat documentation"
1363
1372
msgstr "Дакумэнтацыя Tomcat"
1364
1373
1365
#: serverguide/C/web-servers.xml:1148(para)
1374
#: serverguide/C/web-servers.xml:1155(para)
1366
1375
msgid ""
1367
1376
"The <application>tomcat7-docs</application> package contains Tomcat "
1368
1377
"documentation, packaged as a webapp that you can access by default at "
1370
1379
"command in the terminal prompt:"
1371
1380
msgstr ""
1372
1381
1373
#: serverguide/C/web-servers.xml:1153(command)
1382
#: serverguide/C/web-servers.xml:1160(command)
1374
1383
msgid "sudo apt-get install tomcat7-docs"
1375
1384
msgstr ""
1376
1385
1377
#: serverguide/C/web-servers.xml:1142(title)
1386
#: serverguide/C/web-servers.xml:1164(title)
1378
1387
msgid "Tomcat administration webapps"
1379
1388
msgstr ""
1380
1389
1381
#: serverguide/C/web-servers.xml:1158(para)
1390
#: serverguide/C/web-servers.xml:1165(para)
1382
1391
msgid ""
1383
1392
"The <application>tomcat7-admin</application> package contains two webapps "
1384
1393
"that can be used to administer the Tomcat server using a web interface. You "
1385
1394
"can install them by entering the following command in the terminal prompt:"
1386
1395
msgstr ""
1387
1396
1388
#: serverguide/C/web-servers.xml:1163(command)
1397
#: serverguide/C/web-servers.xml:1170(command)
1389
1398
msgid "sudo apt-get install tomcat7-admin"
1390
1399
msgstr ""
1391
1400
1392
#: serverguide/C/web-servers.xml:1150(para)
1401
#: serverguide/C/web-servers.xml:1172(para)
1393
1402
msgid ""
1394
1403
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1395
1404
"access by default at http://yourserver:8080/manager/html. It is primarily "
1396
1405
"used to get server status and restart webapps."
1397
1406
msgstr ""
1398
1407
1399
#: serverguide/C/web-servers.xml:1168(para)
1408
#: serverguide/C/web-servers.xml:1175(para)
1400
1409
msgid ""
1401
1410
"Access to the <emphasis>manager</emphasis> application is protected by "
1402
1411
"default: you need to define a user with the role \"manager-gui\" in "
1403
1412
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1404
1413
msgstr ""
1405
1414
1406
#: serverguide/C/web-servers.xml:1157(para)
1415
#: serverguide/C/web-servers.xml:1179(para)
1407
1416
msgid ""
1408
1417
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1409
1418
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1410
1419
"used to create virtual hosts dynamically."
1411
1420
msgstr ""
1412
1421
1413
#: serverguide/C/web-servers.xml:1176(para)
1422
#: serverguide/C/web-servers.xml:1183(para)
1414
1423
msgid ""
1415
1424
"Access to the <emphasis>host-manager</emphasis> application is also "
1416
1425
"protected by default: you need to define a user with the role \"admin-gui\" "
1418
1427
"it."
1419
1428
msgstr ""
1420
1429
1421
#: serverguide/C/web-servers.xml:1181(para)
1430
#: serverguide/C/web-servers.xml:1188(para)
1422
1431
msgid ""
1423
1432
"For security reasons, the tomcat7 user cannot write to the "
1424
1433
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1427
1436
"the following, to give users in the tomcat7 group the necessary rights:"
1428
1437
msgstr ""
1429
1438
1430
#: serverguide/C/web-servers.xml:1188(command)
1439
#: serverguide/C/web-servers.xml:1195(command)
1431
1440
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1432
1441
msgstr ""
1433
1442
1434
#: serverguide/C/web-servers.xml:1189(command)
1443
#: serverguide/C/web-servers.xml:1196(command)
1435
1444
msgid "sudo chmod -R g+w /etc/tomcat7"
1436
1445
msgstr ""
1437
1446
1438
#: serverguide/C/web-servers.xml:1179(title)
1447
#: serverguide/C/web-servers.xml:1201(title)
1439
1448
msgid "Tomcat examples webapps"
1440
1449
msgstr ""
1441
1450
1442
#: serverguide/C/web-servers.xml:1195(para)
1451
#: serverguide/C/web-servers.xml:1202(para)
1443
1452
msgid ""
1444
1453
"The <application>tomcat7-examples</application> package contains two webapps "
1445
1454
"that can be used to test or demonstrate Servlets and JSP features, which you "
1447
1456
"install them by entering the following command in the terminal prompt:"
1448
1457
msgstr ""
1449
1458
1450
#: serverguide/C/web-servers.xml:1201(command)
1459
#: serverguide/C/web-servers.xml:1208(command)
1451
1460
msgid "sudo apt-get install tomcat7-examples"
1452
1461
msgstr ""
1453
1462
1454
#: serverguide/C/web-servers.xml:1192(title)
1463
#: serverguide/C/web-servers.xml:1214(title)
1455
1464
msgid "Using private instances"
1456
1465
msgstr ""
1457
1466
1458
#: serverguide/C/web-servers.xml:1208(para)
1467
#: serverguide/C/web-servers.xml:1215(para)
1459
1468
msgid ""
1460
1469
"Tomcat is heavily used in development and testing scenarios where using a "
1461
1470
"single system-wide instance doesn't meet the requirements of multiple users "
1465
1474
"system-installed libraries."
1466
1475
msgstr ""
1467
1476
1468
#: serverguide/C/web-servers.xml:1200(para)
1477
#: serverguide/C/web-servers.xml:1222(para)
1469
1478
msgid ""
1470
1479
"It is possible to run the system-wide instance and the private instances in "
1471
1480
"parallel, as long as they do not use the same TCP ports."
1472
1481
msgstr ""
1473
1482
1474
#: serverguide/C/web-servers.xml:1204(title)
1483
#: serverguide/C/web-servers.xml:1226(title)
1475
1484
msgid "Installing private instance support"
1476
1485
msgstr ""
1477
1486
1478
#: serverguide/C/web-servers.xml:1205(para)
1487
#: serverguide/C/web-servers.xml:1227(para)
1479
1488
msgid ""
1480
1489
"You can install everything necessary to run private instances by entering "
1481
1490
"the following command in the terminal prompt:"
1482
1491
msgstr ""
1483
1492
1484
#: serverguide/C/web-servers.xml:1223(command)
1493
#: serverguide/C/web-servers.xml:1230(command)
1485
1494
msgid "sudo apt-get install tomcat7-user"
1486
1495
msgstr ""
1487
1496
1488
#: serverguide/C/web-servers.xml:1212(title)
1497
#: serverguide/C/web-servers.xml:1234(title)
1489
1498
msgid "Creating a private instance"
1490
1499
msgstr ""
1491
1500
1492
#: serverguide/C/web-servers.xml:1213(para)
1501
#: serverguide/C/web-servers.xml:1235(para)
1493
1502
msgid ""
1494
1503
"You can create a private instance directory by entering the following "
1495
1504
"command in the terminal prompt:"
1496
1505
msgstr ""
1497
1506
1498
#: serverguide/C/web-servers.xml:1231(command)
1507
#: serverguide/C/web-servers.xml:1238(command)
1499
1508
msgid "tomcat7-instance-create my-instance"
1500
1509
msgstr ""
1501
1510
1502
#: serverguide/C/web-servers.xml:1218(para)
1511
#: serverguide/C/web-servers.xml:1240(para)
1503
1512
msgid ""
1504
1513
"This will create a new <filename>my-instance</filename> directory with all "
1505
1514
"the necessary subdirectories and scripts. You can for example install your "
1508
1517
"are deployed by default."
1509
1518
msgstr ""
1510
1519
1511
#: serverguide/C/web-servers.xml:1226(title)
1520
#: serverguide/C/web-servers.xml:1248(title)
1512
1521
msgid "Configuring your private instance"
1513
1522
msgstr ""
1514
1523
1515
#: serverguide/C/web-servers.xml:1227(para)
1524
#: serverguide/C/web-servers.xml:1249(para)
1516
1525
msgid ""
1517
1526
"You will find the classic Tomcat configuration files for your private "
1518
1527
"instance in the <filename>conf/</filename> subdirectory. You should for "
1521
1530
"conflict with other instances that might be running."
1522
1531
msgstr ""
1523
1532
1524
#: serverguide/C/web-servers.xml:1235(title)
1533
#: serverguide/C/web-servers.xml:1257(title)
1525
1534
msgid "Starting/stopping your private instance"
1526
1535
msgstr ""
1527
1536
1528
#: serverguide/C/web-servers.xml:1236(para)
1537
#: serverguide/C/web-servers.xml:1258(para)
1529
1538
msgid ""
1530
1539
"You can start your private instance by entering the following command in the "
1531
1540
"terminal prompt (supposing your instance is located in the <filename>my-"
1532
1541
"instance</filename> directory):"
1533
1542
msgstr ""
1534
1543
1535
#: serverguide/C/web-servers.xml:1240(command)
1544
#: serverguide/C/web-servers.xml:1262(command)
1536
1545
msgid "my-instance/bin/startup.sh"
1537
1546
msgstr "my-instance/bin/startup.sh"
1538
1547
1539
#: serverguide/C/web-servers.xml:1242(para)
1548
#: serverguide/C/web-servers.xml:1264(para)
1540
1549
msgid ""
1541
1550
"You should check the <filename>logs/</filename> subdirectory for any error. "
1542
1551
"If you have a <emphasis>java.net.BindException: Address already in "
1544
1553
"is already taken and that you should change it."
1545
1554
msgstr ""
1546
1555
1547
#: serverguide/C/web-servers.xml:1247(para)
1556
#: serverguide/C/web-servers.xml:1269(para)
1548
1557
msgid ""
1549
1558
"You can stop your instance by entering the following command in the terminal "
1550
1559
"prompt (supposing your instance is located in the <filename>my-"
1551
1560
"instance</filename> directory):"
1552
1561
msgstr ""
1553
1562
1554
#: serverguide/C/web-servers.xml:1251(command)
1563
#: serverguide/C/web-servers.xml:1273(command)
1555
1564
msgid "my-instance/bin/shutdown.sh"
1556
1565
msgstr "my-instance/bin/shutdown.sh"
1557
1566
1558
#: serverguide/C/web-servers.xml:1260(para)
1567
#: serverguide/C/web-servers.xml:1282(para)
1559
1568
msgid ""
1560
1569
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1561
1570
"website for more information."
1563
1572
"Глядзіце вэб-старонку <ulink url=\"http://tomcat.apache.org/\">Apache "
1564
1573
"Tomcat</ulink>для больш зьмястоўнай інфармацыі."
1565
1574
1566
#: serverguide/C/web-servers.xml:1280(para)
1575
#: serverguide/C/web-servers.xml:1287(para)
1567
1576
msgid ""
1568
1577
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1569
1578
"Definitive Guide</ulink> is a good resource for building web applications "
1570
1579
"with Tomcat."
1571
1580
msgstr ""
1572
1581
1573
#: serverguide/C/web-servers.xml:1271(para)
1582
#: serverguide/C/web-servers.xml:1293(para)
1574
1583
msgid ""
1575
1584
"For additional books see the <ulink "
1576
1585
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1703
1712
"\n"
1704
1713
msgstr ""
1705
1714
1706
#: serverguide/C/vpn.xml:90(para)
1715
#: serverguide/C/vpn.xml:94(para)
1707
1716
msgid ""
1708
1717
"Enter the following to generate the master Certificate Authority (CA) "
1709
1718
"certificate and key:"
1710
1719
msgstr ""
1711
1720
1712
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1721
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1713
1722
msgid "cd /etc/openvpn/easy-rsa/"
1714
1723
msgstr ""
1715
1724
1716
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1725
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1717
1726
msgid "source vars"
1718
1727
msgstr ""
1719
1728
1720
#: serverguide/C/vpn.xml:97(command)
1729
#: serverguide/C/vpn.xml:101(command)
1721
1730
msgid "./clean-all"
1722
1731
msgstr ""
1723
1732
1724
#: serverguide/C/vpn.xml:98(command)
1733
#: serverguide/C/vpn.xml:102(command)
1725
1734
msgid "./build-ca"
1726
1735
msgstr ""
1727
1736
1728
#: serverguide/C/vpn.xml:103(title)
1737
#: serverguide/C/vpn.xml:107(title)
1729
1738
msgid "Server Certificates"
1730
1739
msgstr ""
1731
1740
1732
#: serverguide/C/vpn.xml:105(para)
1741
#: serverguide/C/vpn.xml:109(para)
1733
1742
msgid "Next, we will generate a certificate and private key for the server:"
1734
1743
msgstr ""
1735
1744
1736
#: serverguide/C/vpn.xml:110(command)
1745
#: serverguide/C/vpn.xml:114(command)
1737
1746
msgid "./build-key-server myservername"
1738
1747
msgstr ""
1739
1748
1740
#: serverguide/C/vpn.xml:113(para)
1749
#: serverguide/C/vpn.xml:117(para)
1741
1750
msgid ""
1742
1751
"As in the previous step, most parameters can be defaulted. Two other queries "
1743
1752
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1744
1753
"certificate requests certified, commit? [y/n]\"."
1745
1754
msgstr ""
1746
1755
1747
#: serverguide/C/vpn.xml:117(para)
1756
#: serverguide/C/vpn.xml:121(para)
1748
1757
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1749
1758
msgstr ""
1750
1759
1751
#: serverguide/C/vpn.xml:122(command)
1760
#: serverguide/C/vpn.xml:126(command)
1752
1761
msgid "./build-dh"
1753
1762
msgstr ""
1754
1763
1755
#: serverguide/C/vpn.xml:125(para)
1764
#: serverguide/C/vpn.xml:129(para)
1756
1765
msgid ""
1757
1766
"All certificates and keys have been generated in the subdirectory keys/. "
1758
1767
"Common practice is to copy them to /etc/openvpn/:"
1759
1768
msgstr ""
1760
1769
1761
#: serverguide/C/vpn.xml:129(command)
1770
#: serverguide/C/vpn.xml:133(command)
1762
1771
msgid "cd keys/"
1763
1772
msgstr ""
1764
1773
1766
1775
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1767
1776
msgstr ""
1768
1777
1769
#: serverguide/C/vpn.xml:135(title)
1778
#: serverguide/C/vpn.xml:139(title)
1770
1779
msgid "Client Certificates"
1771
1780
msgstr ""
1772
1781
1773
#: serverguide/C/vpn.xml:137(para)
1782
#: serverguide/C/vpn.xml:141(para)
1774
1783
msgid ""
1775
1784
"The VPN client will also need a certificate to authenticate itself to the "
1776
1785
"server. Usually you create a different certificate for each client. To "
1778
1787
"root:"
1779
1788
msgstr ""
1780
1789
1781
#: serverguide/C/vpn.xml:145(command)
1790
#: serverguide/C/vpn.xml:149(command)
1782
1791
msgid "./build-key client1"
1783
1792
msgstr ""
1784
1793
1785
#: serverguide/C/vpn.xml:148(para)
1794
#: serverguide/C/vpn.xml:152(para)
1786
1795
msgid "Copy the following files to the client using a secure method:"
1787
1796
msgstr ""
1788
1797
1789
#: serverguide/C/vpn.xml:153(para)
1798
#: serverguide/C/vpn.xml:157(para)
1790
1799
msgid "/etc/openvpn/ca.crt"
1791
1800
msgstr ""
1792
1801
1793
#: serverguide/C/vpn.xml:154(para)
1802
#: serverguide/C/vpn.xml:158(para)
1794
1803
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1795
1804
msgstr ""
1796
1805
1797
#: serverguide/C/vpn.xml:155(para)
1806
#: serverguide/C/vpn.xml:159(para)
1798
1807
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1799
1808
msgstr ""
1800
1809
1801
#: serverguide/C/vpn.xml:158(para)
1810
#: serverguide/C/vpn.xml:162(para)
1802
1811
msgid ""
1803
1812
"As the client certificates and keys are only required on the client machine, "
1804
1813
"you should remove them from the server."
1805
1814
msgstr ""
1806
1815
1807
#: serverguide/C/vpn.xml:166(title)
1816
#: serverguide/C/vpn.xml:170(title)
1808
1817
msgid "Simple Server Configuration"
1809
1818
msgstr ""
1810
1819
1811
#: serverguide/C/vpn.xml:168(para)
1820
#: serverguide/C/vpn.xml:172(para)
1812
1821
msgid ""
1813
1822
"Along with your <application>OpenVPN</application> installation you got "
1814
1823
"these sample config files (and many more if if you check):"
1815
1824
msgstr ""
1816
1825
1817
#: serverguide/C/vpn.xml:172(programlisting)
1826
#: serverguide/C/vpn.xml:176(programlisting)
1818
1827
#, no-wrap
1819
1828
msgid ""
1820
1829
"\n"
1824
1833
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1825
1834
msgstr ""
1826
1835
1827
#: serverguide/C/vpn.xml:179(para)
1836
#: serverguide/C/vpn.xml:183(para)
1828
1837
msgid ""
1829
1838
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1830
1839
msgstr ""
1831
1840
1832
#: serverguide/C/vpn.xml:183(command)
1841
#: serverguide/C/vpn.xml:187(command)
1833
1842
msgid ""
1834
1843
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1835
1844
"/etc/openvpn/"
1836
1845
msgstr ""
1837
1846
1838
#: serverguide/C/vpn.xml:184(command)
1847
#: serverguide/C/vpn.xml:188(command)
1839
1848
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1840
1849
msgstr ""
1841
1850
1842
#: serverguide/C/vpn.xml:187(para)
1851
#: serverguide/C/vpn.xml:191(para)
1843
1852
msgid ""
1844
1853
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1845
1854
"following lines are pointing to the certificates and keys you created in the "
1877
1886
msgid "sudo sysctl -p /etc/sysctl.conf"
1878
1887
msgstr ""
1879
1888
1880
#: serverguide/C/vpn.xml:197(para)
1889
#: serverguide/C/vpn.xml:214(para)
1881
1890
msgid ""
1882
1891
"That is the minimum you have to configure to get a working OpenVPN server. "
1883
1892
"You can use all the default settings in the sample server.conf file. Now "
1893
1902
" * Autostarting VPN 'server' [ OK ]\n"
1894
1903
msgstr ""
1895
1904
1896
#: serverguide/C/vpn.xml:208(para)
1905
#: serverguide/C/vpn.xml:225(para)
1897
1906
msgid "Now check if OpenVPN created a tun0 interface:"
1898
1907
msgstr ""
1899
1908
1900
#: serverguide/C/vpn.xml:212(programlisting)
1909
#: serverguide/C/vpn.xml:229(programlisting)
1901
1910
#, no-wrap
1902
1911
msgid ""
1903
1912
"\n"
1909
1918
"[...]\n"
1910
1919
msgstr ""
1911
1920
1912
#: serverguide/C/vpn.xml:222(title)
1921
#: serverguide/C/vpn.xml:239(title)
1913
1922
msgid "Simple Client Configuration"
1914
1923
msgstr ""
1915
1924
1916
#: serverguide/C/vpn.xml:224(para)
1925
#: serverguide/C/vpn.xml:241(para)
1917
1926
msgid ""
1918
1927
"There are various different <application>OpenVPN</application> client "
1919
1928
"implementations with and without GUIs. You can read more about clients in a "
1922
1931
"install the openvpn package again on the client machine:"
1923
1932
msgstr ""
1924
1933
1925
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1934
#: serverguide/C/vpn.xml:248(command) serverguide/C/vpn.xml:616(command)
1926
1935
msgid "sudo apt-get install openvpn"
1927
1936
msgstr ""
1928
1937
1929
#: serverguide/C/vpn.xml:234(para)
1938
#: serverguide/C/vpn.xml:251(para)
1930
1939
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1931
1940
msgstr ""
1932
1941
1933
#: serverguide/C/vpn.xml:238(command)
1942
#: serverguide/C/vpn.xml:255(command)
1934
1943
msgid ""
1935
1944
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1936
1945
"/etc/openvpn/"
1937
1946
msgstr ""
1938
1947
1939
#: serverguide/C/vpn.xml:241(para)
1948
#: serverguide/C/vpn.xml:258(para)
1940
1949
msgid ""
1941
1950
"Copy the client keys and the certificate of the CA you created in the "
1942
1951
"section above to e.g. /etc/openvpn/ and edit "
1945
1954
"you can omit the path."
1946
1955
msgstr ""
1947
1956
1948
#: serverguide/C/vpn.xml:244(programlisting)
1957
#: serverguide/C/vpn.xml:261(programlisting) serverguide/C/vpn.xml:281(programlisting)
1949
1958
#, no-wrap
1950
1959
msgid ""
1951
1960
"\n"
1954
1963
"key client1.key\n"
1955
1964
msgstr ""
1956
1965
1957
#: serverguide/C/vpn.xml:250(para)
1966
#: serverguide/C/vpn.xml:267(para)
1958
1967
msgid ""
1959
1968
"And you have to at least specify the OpenVPN server name or address. Make "
1960
1969
"sure the keyword client is in the config. That's what enables client mode."
1961
1970
msgstr ""
1962
1971
1963
#: serverguide/C/vpn.xml:256(programlisting)
1972
#: serverguide/C/vpn.xml:273(programlisting)
1964
1973
#, no-wrap
1965
1974
msgid ""
1966
1975
"\n"
1973
1982
"Also, make sure you specify the keyfile names you copied from the server"
1974
1983
msgstr ""
1975
1984
1976
#: serverguide/C/vpn.xml:261(para)
1985
#: serverguide/C/vpn.xml:286(para)
1977
1986
msgid "Now start the OpenVPN client:"
1978
1987
msgstr ""
1979
1988
1986
1995
" * Autostarting VPN 'client' [ OK ] \n"
1987
1996
msgstr ""
1988
1997
1989
#: serverguide/C/vpn.xml:271(para)
1998
#: serverguide/C/vpn.xml:296(para)
1990
1999
msgid "Check if it created a tun0 interface:"
1991
2000
msgstr ""
1992
2001
1993
#: serverguide/C/vpn.xml:275(programlisting)
2002
#: serverguide/C/vpn.xml:300(programlisting)
1994
2003
#, no-wrap
1995
2004
msgid ""
1996
2005
"\n"
2001
2010
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
2002
2011
msgstr ""
2003
2012
2004
#: serverguide/C/vpn.xml:282(para)
2013
#: serverguide/C/vpn.xml:307(para)
2005
2014
msgid "Check if you can ping the OpenVPN server:"
2006
2015
msgstr ""
2007
2016
2008
#: serverguide/C/vpn.xml:285(programlisting)
2017
#: serverguide/C/vpn.xml:310(programlisting)
2009
2018
#, no-wrap
2010
2019
msgid ""
2011
2020
"\n"
2014
2023
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
2015
2024
msgstr ""
2016
2025
2017
#: serverguide/C/vpn.xml:292(para)
2026
#: serverguide/C/vpn.xml:317(para)
2018
2027
msgid ""
2019
2028
"The OpenVPN server always uses the first usable IP address in the client "
2020
2029
"network and only that IP is pingable. E.g. if you configured a /24 for the "
2022
2031
"in the ifconfig output above is usually not answering ping requests."
2023
2032
msgstr ""
2024
2033
2025
#: serverguide/C/vpn.xml:297(para)
2034
#: serverguide/C/vpn.xml:322(para)
2026
2035
msgid "Check out your routes:"
2027
2036
msgstr ""
2028
2037
2029
#: serverguide/C/vpn.xml:300(programlisting)
2038
#: serverguide/C/vpn.xml:325(programlisting)
2030
2039
#, no-wrap
2031
2040
msgid ""
2032
2041
"\n"
2044
2053
"eth0\n"
2045
2054
msgstr ""
2046
2055
2047
#: serverguide/C/vpn.xml:312(title)
2056
#: serverguide/C/vpn.xml:337(title)
2048
2057
msgid "First trouble shooting"
2049
2058
msgstr ""
2050
2059
2051
#: serverguide/C/vpn.xml:314(para)
2060
#: serverguide/C/vpn.xml:339(para)
2052
2061
msgid "If the above didn't work for you, check this:"
2053
2062
msgstr ""
2054
2063
2055
#: serverguide/C/vpn.xml:319(para)
2064
#: serverguide/C/vpn.xml:344(para)
2056
2065
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2057
2066
msgstr ""
2058
2067
2062
2071
"server.conf."
2063
2072
msgstr ""
2064
2073
2065
#: serverguide/C/vpn.xml:322(para)
2074
#: serverguide/C/vpn.xml:350(para)
2066
2075
msgid ""
2067
2076
"Can the client connect to the server machine? Maybe a firewall is blocking "
2068
2077
"access? Check syslog on server."
2069
2078
msgstr ""
2070
2079
2071
#: serverguide/C/vpn.xml:325(para)
2080
#: serverguide/C/vpn.xml:353(para)
2072
2081
msgid ""
2073
2082
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2074
2083
"port and proto config option"
2075
2084
msgstr ""
2076
2085
2077
#: serverguide/C/vpn.xml:328(para)
2086
#: serverguide/C/vpn.xml:356(para)
2078
2087
msgid ""
2079
2088
"Client and server must use same config regarding compression, see comp-lzo "
2080
2089
"config option"
2081
2090
msgstr ""
2082
2091
2083
#: serverguide/C/vpn.xml:331(para)
2092
#: serverguide/C/vpn.xml:359(para)
2084
2093
msgid ""
2085
2094
"Client and server must use same config regarding bridged vs routed mode, see "
2086
2095
"server vs server-bridge config option"
2087
2096
msgstr ""
2088
2097
2089
#: serverguide/C/databases.xml:168(title)
2098
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2090
2099
msgid "Advanced configuration"
2091
2100
msgstr ""
2092
2101
2093
#: serverguide/C/vpn.xml:342(title)
2102
#: serverguide/C/vpn.xml:369(title)
2094
2103
msgid "Advanced routed VPN configuration on server"
2095
2104
msgstr ""
2096
2105
2097
#: serverguide/C/vpn.xml:344(para)
2106
#: serverguide/C/vpn.xml:371(para)
2098
2107
msgid ""
2099
2108
"The above is a very simple working VPN. The client can access services on "
2100
2109
"the VPN server machine through an encrypted tunnel. If you want to reach "
2105
2114
"route to the VPN client-network."
2106
2115
msgstr ""
2107
2116
2108
#: serverguide/C/vpn.xml:348(para)
2117
#: serverguide/C/vpn.xml:375(para)
2109
2118
msgid ""
2110
2119
"Or you might push a default gateway to all the clients to send all their "
2111
2120
"internet traffic to the VPN gateway first and from there via the company "
2112
2121
"firewall into the internet. This section shows you some possible options."
2113
2122
msgstr ""
2114
2123
2115
#: serverguide/C/vpn.xml:352(para)
2124
#: serverguide/C/vpn.xml:379(para)
2116
2125
msgid ""
2117
2126
"Push routes to the client to allow it to reach other private subnets behind "
2118
2127
"the server. Remember that these private subnets will also need to know to "
2120
2129
"server."
2121
2130
msgstr ""
2122
2131
2123
#: serverguide/C/vpn.xml:361(programlisting)
2132
#: serverguide/C/vpn.xml:388(programlisting)
2124
2133
#, no-wrap
2125
2134
msgid ""
2126
2135
"\n"
2136
2145
"internet in order for this to work properly)."
2137
2146
msgstr ""
2138
2147
2139
#: serverguide/C/vpn.xml:374(programlisting)
2148
#: serverguide/C/vpn.xml:401(programlisting)
2140
2149
#, no-wrap
2141
2150
msgid ""
2142
2151
"\n"
2143
2152
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2144
2153
msgstr ""
2145
2154
2146
#: serverguide/C/vpn.xml:378(para)
2155
#: serverguide/C/vpn.xml:405(para)
2147
2156
msgid ""
2148
2157
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2149
2158
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2151
2160
"10.8.0.1. Comment this line out if you are ethernet bridging."
2152
2161
msgstr ""
2153
2162
2154
#: serverguide/C/vpn.xml:387(programlisting)
2163
#: serverguide/C/vpn.xml:414(programlisting)
2155
2164
#, no-wrap
2156
2165
msgid ""
2157
2166
"\n"
2158
2167
"server 10.8.0.0 255.255.255.0\n"
2159
2168
msgstr ""
2160
2169
2161
#: serverguide/C/vpn.xml:391(para)
2170
#: serverguide/C/vpn.xml:418(para)
2162
2171
msgid ""
2163
2172
"Maintain a record of client to virtual IP address associations in this file. "
2164
2173
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2165
2174
"the same virtual IP address from the pool that was previously assigned."
2166
2175
msgstr ""
2167
2176
2168
#: serverguide/C/vpn.xml:398(programlisting)
2177
#: serverguide/C/vpn.xml:425(programlisting)
2169
2178
#, no-wrap
2170
2179
msgid ""
2171
2180
"\n"
2172
2181
"ifconfig-pool-persist ipp.txt\n"
2173
2182
msgstr ""
2174
2183
2175
#: serverguide/C/vpn.xml:402(para)
2184
#: serverguide/C/vpn.xml:429(para)
2176
2185
msgid "Push DNS servers to the client."
2177
2186
msgstr ""
2178
2187
2179
#: serverguide/C/vpn.xml:405(programlisting)
2188
#: serverguide/C/vpn.xml:432(programlisting)
2180
2189
#, no-wrap
2181
2190
msgid ""
2182
2191
"\n"
2184
2193
"push \"dhcp-option DNS 10.1.0.2\"\n"
2185
2194
msgstr ""
2186
2195
2187
#: serverguide/C/vpn.xml:410(para)
2196
#: serverguide/C/vpn.xml:437(para)
2188
2197
msgid "Allow client to client communication."
2189
2198
msgstr ""
2190
2199
2191
#: serverguide/C/vpn.xml:413(programlisting)
2200
#: serverguide/C/vpn.xml:440(programlisting)
2192
2201
#, no-wrap
2193
2202
msgid ""
2194
2203
"\n"
2195
2204
"client-to-client\n"
2196
2205
msgstr ""
2197
2206
2198
#: serverguide/C/vpn.xml:417(para)
2207
#: serverguide/C/vpn.xml:444(para)
2199
2208
msgid "Enable compression on the VPN link."
2200
2209
msgstr ""
2201
2210
2202
#: serverguide/C/vpn.xml:420(programlisting)
2211
#: serverguide/C/vpn.xml:447(programlisting)
2203
2212
#, no-wrap
2204
2213
msgid ""
2205
2214
"\n"
2206
2215
"comp-lzo\n"
2207
2216
msgstr ""
2208
2217
2209
#: serverguide/C/vpn.xml:424(para)
2218
#: serverguide/C/vpn.xml:451(para)
2210
2219
msgid ""
2211
"The keepalive directive causes ping-like messages to be sent back and forth "
2212
"over the link so that each side knows when the other side has gone down. "
2213
"Ping every 1 second, assume that remote peer is down if no ping received "
2214
"during a 3 second time period."
2220
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2221
"sent back and forth over the link so that each side knows when the other "
2222
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2223
"no ping received during a 3 second time period."
2215
2224
msgstr ""
2216
2225
2217
#: serverguide/C/vpn.xml:433(programlisting)
2226
#: serverguide/C/vpn.xml:460(programlisting)
2218
2227
#, no-wrap
2219
2228
msgid ""
2220
2229
"\n"
2221
2230
"keepalive 1 3\n"
2222
2231
msgstr ""
2223
2232
2224
#: serverguide/C/vpn.xml:437(para)
2233
#: serverguide/C/vpn.xml:464(para)
2225
2234
msgid ""
2226
2235
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2227
2236
"initialization."
2228
2237
msgstr ""
2229
2238
2230
#: serverguide/C/vpn.xml:440(programlisting)
2239
#: serverguide/C/vpn.xml:467(programlisting)
2231
2240
#, no-wrap
2232
2241
msgid ""
2233
2242
"\n"
2235
2244
"group nogroup\n"
2236
2245
msgstr ""
2237
2246
2238
#: serverguide/C/vpn.xml:445(para)
2247
#: serverguide/C/vpn.xml:472(para)
2239
2248
msgid ""
2240
2249
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2241
2250
"obtain a username and password from a connecting client, and to use that "
2245
2254
"username/password, passing it on to the server over the secure TLS channel."
2246
2255
msgstr ""
2247
2256
2248
#: serverguide/C/vpn.xml:449(programlisting)
2257
#: serverguide/C/vpn.xml:476(programlisting)
2249
2258
#, no-wrap
2250
2259
msgid ""
2251
2260
"\n"
2253
2262
"auth-user-pass\n"
2254
2263
msgstr ""
2255
2264
2256
#: serverguide/C/vpn.xml:454(para)
2265
#: serverguide/C/vpn.xml:481(para)
2257
2266
msgid ""
2258
2267
"This will tell the OpenVPN server to validate the username/password entered "
2259
2268
"by clients using the login PAM module. Useful if you have centralized "
2267
2276
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2268
2277
msgstr ""
2269
2278
2270
#: serverguide/C/vpn.xml:463(para)
2279
#: serverguide/C/vpn.xml:490(para)
2271
2280
msgid ""
2272
2281
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2273
2282
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2274
2283
"for further security advice."
2275
2284
msgstr ""
2276
2285
2277
#: serverguide/C/vpn.xml:469(title)
2286
#: serverguide/C/vpn.xml:496(title)
2278
2287
msgid "Advanced bridged VPN configuration on server"
2279
2288
msgstr ""
2280
2289
2281
#: serverguide/C/vpn.xml:471(para)
2290
#: serverguide/C/vpn.xml:498(para)
2282
2291
msgid ""
2283
2292
"<application>OpenVPN</application> can be setup for either a routed or a "
2284
2293
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2290
2299
"be filtered."
2291
2300
msgstr ""
2292
2301
2293
#: serverguide/C/vpn.xml:477(title)
2302
#: serverguide/C/vpn.xml:504(title)
2294
2303
msgid "Prepare interface config for bridging on server"
2295
2304
msgstr ""
2296
2305
2297
#: serverguide/C/vpn.xml:479(para)
2306
#: serverguide/C/vpn.xml:506(para)
2298
2307
msgid "Make sure you have the bridge-utils package installed:"
2299
2308
msgstr ""
2300
2309
2301
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2310
#: serverguide/C/vpn.xml:510(command) serverguide/C/network-config.xml:542(command)
2302
2311
msgid "sudo apt-get install bridge-utils"
2303
2312
msgstr "sudo apt-get install bridge-utils"
2304
2313
2305
#: serverguide/C/vpn.xml:486(para)
2314
#: serverguide/C/vpn.xml:513(para)
2306
2315
msgid ""
2307
2316
"Before you setup OpenVPN in bridged mode you need to change your interface "
2308
2317
"configuration. Let's assume your server has an interface eth0 connected to "
2310
2319
"Your /etc/network/interfaces would like this:"
2311
2320
msgstr ""
2312
2321
2313
#: serverguide/C/vpn.xml:490(programlisting)
2322
#: serverguide/C/vpn.xml:517(programlisting)
2314
2323
#, no-wrap
2315
2324
msgid ""
2316
2325
"\n"
2326
2335
" netmask 255.255.255.0\n"
2327
2336
msgstr ""
2328
2337
2329
#: serverguide/C/vpn.xml:503(para)
2338
#: serverguide/C/vpn.xml:530(para)
2330
2339
msgid ""
2331
2340
"This straight forward interface config needs to be changed into a bridged "
2332
2341
"mode like where the config of interface eth1 moves to the new br0 interface. "
2335
2344
"interface to forward all ethernet frames to the IP stack."
2336
2345
msgstr ""
2337
2346
2338
#: serverguide/C/vpn.xml:507(programlisting)
2347
#: serverguide/C/vpn.xml:534(programlisting)
2339
2348
#, no-wrap
2340
2349
msgid ""
2341
2350
"\n"
2367
2376
msgid "sudo ifdown eth1 && sudo ifup -a"
2368
2377
msgstr ""
2369
2378
2370
#: serverguide/C/vpn.xml:534(title)
2379
#: serverguide/C/vpn.xml:561(title)
2371
2380
msgid "Prepare server config for bridging"
2372
2381
msgstr ""
2373
2382
2374
#: serverguide/C/vpn.xml:536(para)
2383
#: serverguide/C/vpn.xml:563(para)
2375
2384
msgid ""
2376
2385
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2377
2386
"options to:"
2378
2387
msgstr ""
2379
2388
2380
#: serverguide/C/vpn.xml:540(programlisting)
2389
#: serverguide/C/vpn.xml:567(programlisting)
2381
2390
#, no-wrap
2382
2391
msgid ""
2383
2392
"\n"
2388
2397
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2389
2398
msgstr ""
2390
2399
2391
#: serverguide/C/vpn.xml:548(para)
2400
#: serverguide/C/vpn.xml:575(para)
2392
2401
msgid ""
2393
2402
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2394
2403
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2395
2404
"<filename>/etc/openvpn/up.sh</filename>:"
2396
2405
msgstr ""
2397
2406
2398
#: serverguide/C/vpn.xml:552(programlisting)
2407
#: serverguide/C/vpn.xml:579(programlisting)
2399
2408
#, no-wrap
2400
2409
msgid ""
2401
2410
"\n"
2410
2419
"/sbin/brctl addif $BR $TAPDEV\n"
2411
2420
msgstr ""
2412
2421
2413
#: serverguide/C/vpn.xml:564(para)
2422
#: serverguide/C/vpn.xml:591(para)
2414
2423
msgid "Then make it executable:"
2415
2424
msgstr ""
2416
2425
2417
#: serverguide/C/vpn.xml:569(command)
2426
#: serverguide/C/vpn.xml:596(command)
2418
2427
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2419
2428
msgstr ""
2420
2429
2421
#: serverguide/C/vpn.xml:572(para)
2430
#: serverguide/C/vpn.xml:599(para)
2422
2431
msgid ""
2423
2432
"After configuring the server, restart <application>openvpn</application> by "
2424
2433
"entering:"
2428
2437
msgid "sudo service openvpn restart"
2429
2438
msgstr ""
2430
2439
2431
#: serverguide/C/vpn.xml:582(title)
2440
#: serverguide/C/vpn.xml:609(title)
2432
2441
msgid "Client Configuration"
2433
2442
msgstr ""
2434
2443
2435
#: serverguide/C/vpn.xml:584(para)
2444
#: serverguide/C/vpn.xml:611(para)
2436
2445
msgid "First, install <application>openvpn</application> on the client:"
2437
2446
msgstr ""
2438
2447
2439
#: serverguide/C/vpn.xml:592(para)
2448
#: serverguide/C/vpn.xml:619(para)
2440
2449
msgid ""
2441
2450
"Then with the server configured and the client certificates copied to the "
2442
2451
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2443
2452
"file by copying the example. In a terminal on the client machine enter:"
2444
2453
msgstr ""
2445
2454
2446
#: serverguide/C/vpn.xml:598(command)
2455
#: serverguide/C/vpn.xml:625(command)
2447
2456
msgid ""
2448
2457
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2449
2458
"/etc/openvpn"
2450
2459
msgstr ""
2451
2460
2452
#: serverguide/C/vpn.xml:601(para)
2461
#: serverguide/C/vpn.xml:628(para)
2453
2462
msgid ""
2454
2463
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2455
2464
"following options:"
2466
2475
"key client1.key\n"
2467
2476
msgstr ""
2468
2477
2469
#: serverguide/C/vpn.xml:610(para)
2478
#: serverguide/C/vpn.xml:640(para)
2470
2479
msgid "Finally, restart <application>openvpn</application>:"
2471
2480
msgstr ""
2472
2481
2473
#: serverguide/C/vpn.xml:618(para)
2482
#: serverguide/C/vpn.xml:648(para)
2474
2483
msgid "You should now be able to connect to the remote LAN through the VPN."
2475
2484
msgstr ""
2476
2485
2477
#: serverguide/C/vpn.xml:627(title)
2486
#: serverguide/C/vpn.xml:657(title)
2478
2487
msgid "Client software implementations"
2479
2488
msgstr ""
2480
2489
2481
#: serverguide/C/vpn.xml:630(title)
2490
#: serverguide/C/vpn.xml:660(title)
2482
2491
msgid "Linux Network-Manager GUI for OpenVPN"
2483
2492
msgstr ""
2484
2493
2485
#: serverguide/C/vpn.xml:632(para)
2494
#: serverguide/C/vpn.xml:662(para)
2486
2495
msgid ""
2487
2496
"Many Linux distributions including Ubuntu desktop variants come with Network "
2488
2497
"Manager, a nice GUI to configure your network settings. It also can manage "
2491
2500
"packages as well:"
2492
2501
msgstr ""
2493
2502
2494
#: serverguide/C/vpn.xml:637(programlisting)
2503
#: serverguide/C/vpn.xml:667(programlisting)
2495
2504
#, no-wrap
2496
2505
msgid ""
2497
2506
"\n"
2512
2521
"Do you want to continue [Y/n]? \n"
2513
2522
msgstr ""
2514
2523
2515
#: serverguide/C/vpn.xml:655(para)
2524
#: serverguide/C/vpn.xml:685(para)
2516
2525
msgid ""
2517
2526
"To inform network-manager about the new installed packages you will have to "
2518
2527
"restart it:"
2519
2528
msgstr ""
2520
2529
2521
#: serverguide/C/vpn.xml:659(programlisting)
2530
#: serverguide/C/vpn.xml:689(programlisting)
2522
2531
#, no-wrap
2523
2532
msgid ""
2524
2533
"\n"
2538
2547
"to establish your VPN."
2539
2548
msgstr ""
2540
2549
2541
#: serverguide/C/vpn.xml:676(title)
2550
#: serverguide/C/vpn.xml:706(title)
2542
2551
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2543
2552
msgstr ""
2544
2553
2545
#: serverguide/C/vpn.xml:678(para)
2554
#: serverguide/C/vpn.xml:708(para)
2546
2555
msgid ""
2547
2556
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2548
2557
"OpenVPN for OS X. The project's homepage is at <ulink "
2554
2563
"Application folder."
2555
2564
msgstr ""
2556
2565
2557
#: serverguide/C/vpn.xml:684(programlisting)
2566
#: serverguide/C/vpn.xml:714(programlisting)
2558
2567
#, no-wrap
2559
2568
msgid ""
2560
2569
"\n"
2577
2586
"key client.key\n"
2578
2587
msgstr ""
2579
2588
2580
#: serverguide/C/vpn.xml:706(title)
2589
#: serverguide/C/vpn.xml:736(title)
2581
2590
msgid "OpenVPN with GUI for Win 7"
2582
2591
msgstr ""
2583
2592
2590
2599
"binary installer."
2591
2600
msgstr ""
2592
2601
2593
#: serverguide/C/vpn.xml:714(para)
2602
#: serverguide/C/vpn.xml:743(para)
2594
2603
msgid ""
2595
2604
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2596
2605
"> Services and Applications > Services. Find the OpenVPN service and "
2599
2608
"click on it and you will see that option."
2600
2609
msgstr ""
2601
2610
2602
#: serverguide/C/vpn.xml:718(para)
2611
#: serverguide/C/vpn.xml:747(para)
2603
2612
msgid ""
2604
2613
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2605
2614
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2657
2666
msgid "You may want to set the Windows service to \"automatic\"."
2658
2667
msgstr ""
2659
2668
2660
#: serverguide/C/vpn.xml:747(title)
2669
#: serverguide/C/vpn.xml:790(title)
2661
2670
msgid "OpenVPN for OpenWRT"
2662
2671
msgstr ""
2663
2672
2664
#: serverguide/C/vpn.xml:749(para)
2673
#: serverguide/C/vpn.xml:792(para)
2665
2674
msgid ""
2666
2675
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2667
2676
"router. There are certain types of WLAN routers who can be flashed to run "
2674
2683
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2675
2684
msgstr ""
2676
2685
2677
#: serverguide/C/vpn.xml:758(para)
2686
#: serverguide/C/vpn.xml:801(para)
2678
2687
msgid "Log into your OpenWRT router and install OpenVPN:"
2679
2688
msgstr ""
2680
2689
2681
#: serverguide/C/vpn.xml:763(command)
2690
#: serverguide/C/vpn.xml:806(command)
2682
2691
msgid "opkg update"
2683
2692
msgstr ""
2684
2693
2685
#: serverguide/C/vpn.xml:764(command)
2694
#: serverguide/C/vpn.xml:807(command)
2686
2695
msgid "opkg install openvpn"
2687
2696
msgstr ""
2688
2697
2692
2701
"certificates and keys to /etc/openvpn/"
2693
2702
msgstr ""
2694
2703
2695
#: serverguide/C/vpn.xml:772(programlisting)
2704
#: serverguide/C/vpn.xml:815(programlisting)
2696
2705
#, no-wrap
2697
2706
msgid ""
2698
2707
"\n"
2708
2717
" option comp_lzo 1 \n"
2709
2718
msgstr ""
2710
2719
2711
#: serverguide/C/vpn.xml:785(para)
2720
#: serverguide/C/vpn.xml:828(para)
2712
2721
msgid "Restart OpenVPN:"
2713
2722
msgstr ""
2714
2723
2716
2725
msgid "service openvpn restart"
2717
2726
msgstr ""
2718
2727
2719
#: serverguide/C/vpn.xml:793(para)
2728
#: serverguide/C/vpn.xml:836(para)
2720
2729
msgid ""
2721
2730
"You will have to see if you need to adjust your router's routing and "
2722
2731
"firewall rules."
2723
2732
msgstr ""
2724
2733
2725
#: serverguide/C/vpn.xml:803(para)
2734
#: serverguide/C/vpn.xml:846(para)
2726
2735
msgid ""
2727
2736
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2728
2737
"additional information."
2729
2738
msgstr ""
2730
2739
2731
#: serverguide/C/vpn.xml:809(ulink)
2740
#: serverguide/C/vpn.xml:852(ulink)
2732
2741
msgid "OpenVPN hardening security guide"
2733
2742
msgstr ""
2734
2743
2735
#: serverguide/C/vpn.xml:813(para)
2744
#: serverguide/C/vpn.xml:856(para)
2736
2745
msgid ""
2737
2746
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2738
2747
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2742
2751
msgid "Virtualization"
2743
2752
msgstr ""
2744
2753
2745
#: serverguide/C/virtualization.xml:12(para)
2754
#: serverguide/C/virtualization.xml:13(para)
2746
2755
msgid ""
2747
2756
"Virtualization is being adopted in many different environments and "
2748
2757
"situations. If you are a developer, virtualization can provide you with a "
2752
2761
"services and move them around based on demand."
2753
2762
msgstr ""
2754
2763
2755
#: serverguide/C/virtualization.xml:18(para)
2764
#: serverguide/C/virtualization.xml:20(para)
2756
2765
msgid ""
2757
2766
"The default virtualization technology supported in Ubuntu is "
2758
2767
"<application>KVM</application>. KVM requires virtualization extensions built "
2763
2772
"hardware without virtualization extensions."
2764
2773
msgstr ""
2765
2774
2766
#: serverguide/C/virtualization.xml:26(title)
2775
#: serverguide/C/virtualization.xml:29(title)
2767
2776
msgid "libvirt"
2768
2777
msgstr "libvirt"
2769
2778
2770
#: serverguide/C/virtualization.xml:27(para)
2779
#: serverguide/C/virtualization.xml:31(para)
2771
2780
msgid ""
2772
2781
"The <application>libvirt</application> library is used to interface with "
2773
2782
"different virtualization technologies. Before getting started with "
2776
2785
"<application>KVM</application>. Enter the following from a terminal prompt:"
2777
2786
msgstr ""
2778
2787
2779
#: serverguide/C/virtualization.xml:34(command)
2788
#: serverguide/C/virtualization.xml:39(command)
2780
2789
msgid "kvm-ok"
2781
2790
msgstr ""
2782
2791
2783
#: serverguide/C/virtualization.xml:36(para)
2792
#: serverguide/C/virtualization.xml:42(para)
2784
2793
msgid ""
2785
2794
"A message will be printed informing you if your CPU "
2786
2795
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2794
2803
"it."
2795
2804
msgstr ""
2796
2805
2797
#: serverguide/C/virtualization.xml:46(title)
2806
#: serverguide/C/virtualization.xml:53(title)
2798
2807
msgid "Virtual Networking"
2799
2808
msgstr ""
2800
2809
2816
2825
"to the rest of the network."
2817
2826
msgstr ""
2818
2827
2819
#: serverguide/C/virtualization.xml:62(para)
2828
#: serverguide/C/virtualization.xml:72(para)
2820
2829
msgid "To install the necessary packages, from a terminal prompt enter:"
2821
2830
msgstr "Каб устанавіць неабходныя пакеты, увядзіце ў тэрмінале:"
2822
2831
2824
2833
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2825
2834
msgstr ""
2826
2835
2827
#: serverguide/C/virtualization.xml:68(para)
2836
#: serverguide/C/virtualization.xml:79(para)
2828
2837
msgid ""
2829
2838
"After installing <application>libvirt-bin</application>, the user used to "
2830
2839
"manage virtual machines will need to be added to the "
2832
2841
"the advanced networking options."
2833
2842
msgstr ""
2834
2843
2835
#: serverguide/C/virtualization.xml:72(para)
2844
#: serverguide/C/virtualization.xml:84(para)
2836
2845
msgid "In a terminal enter:"
2837
2846
msgstr "Увядзіце ў тэрмінале:"
2838
2847
2839
#: serverguide/C/virtualization.xml:76(command)
2848
#: serverguide/C/virtualization.xml:87(command)
2840
2849
msgid "sudo adduser $USER libvirtd"
2841
2850
msgstr "sudo adduser $USER libvirtd"
2842
2851
2843
#: serverguide/C/virtualization.xml:79(para)
2852
#: serverguide/C/virtualization.xml:91(para)
2844
2853
msgid ""
2845
2854
"If the user chosen is the current user, you will need to log out and back in "
2846
2855
"for the new group membership to take effect."
2847
2856
msgstr ""
2848
2857
2849
#: serverguide/C/virtualization.xml:83(para)
2858
#: serverguide/C/virtualization.xml:95(para)
2850
2859
msgid ""
2851
2860
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2852
2861
"Installing a virtual machine follows the same process as installing the "
2855
2864
"physical machine."
2856
2865
msgstr ""
2857
2866
2858
#: serverguide/C/virtualization.xml:88(para)
2867
#: serverguide/C/virtualization.xml:101(para)
2859
2868
msgid ""
2860
2869
"In the case of virtual machines a Graphical User Interface (GUI) is "
2861
2870
"analogous to using a physical keyboard and mouse. Instead of installing a "
2875
2884
#: serverguide/C/virtualization.xml:113(para)
2876
2885
msgid ""
2877
2886
"Yet another way to install an Ubuntu virtual machine is to use "
2878
"<application>uvtool</application>. This application, available as of 14.04 "
2887
"<application>uvtool</application>. This application, available as of 14.04, "
2879
2888
"allows you to set up specific VM options, execute custom post-install "
2880
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2889
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2881
2890
msgstr ""
2882
2891
2883
#: serverguide/C/virtualization.xml:101(para)
2892
#: serverguide/C/virtualization.xml:119(para)
2884
2893
msgid ""
2885
2894
"Libvirt can also be configured work with <application>Xen</application>. For "
2886
2895
"details, see the Xen Ubuntu community page referenced below."
2887
2896
msgstr ""
2888
2897
2889
#: serverguide/C/virtualization.xml:106(title)
2898
#: serverguide/C/virtualization.xml:125(title)
2890
2899
msgid "virt-install"
2891
2900
msgstr "virt-install"
2892
2901
2893
#: serverguide/C/virtualization.xml:107(para)
2902
#: serverguide/C/virtualization.xml:127(para)
2894
2903
msgid ""
2895
2904
"<application>virt-install</application> is part of the "
2896
2905
"<application>virtinst</application> package. To install it, from a terminal "
2897
2906
"prompt enter:"
2898
2907
msgstr ""
2899
2908
2900
#: serverguide/C/virtualization.xml:111(command)
2909
#: serverguide/C/virtualization.xml:132(command)
2901
2910
msgid "sudo apt-get install virtinst"
2902
2911
msgstr ""
2903
2912
2904
#: serverguide/C/virtualization.xml:113(para)
2913
#: serverguide/C/virtualization.xml:135(para)
2905
2914
msgid ""
2906
2915
"There are several options available when using <application>virt-"
2907
2916
"install</application>. For example:"
2915
2924
"vnc,listen=0.0.0.0 --noautoconsole -v"
2916
2925
msgstr ""
2917
2926
2918
#: serverguide/C/virtualization.xml:124(para)
2927
#: serverguide/C/virtualization.xml:147(para)
2919
2928
msgid ""
2920
2929
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2921
2930
"be <emphasis>web_devel</emphasis> in this example."
2922
2931
msgstr ""
2923
2932
2924
#: serverguide/C/virtualization.xml:129(para)
2933
#: serverguide/C/virtualization.xml:153(para)
2925
2934
msgid ""
2926
2935
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2927
2936
"machine will use in megabytes."
2928
2937
msgstr ""
2929
2938
2930
#: serverguide/C/virtualization.xml:134(para)
2939
#: serverguide/C/virtualization.xml:158(para)
2931
2940
msgid ""
2932
2941
"<emphasis>--disk "
2933
2942
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2944
2953
"CDROM device."
2945
2954
msgstr ""
2946
2955
2947
#: serverguide/C/virtualization.xml:152(para)
2956
#: serverguide/C/virtualization.xml:174(para)
2948
2957
msgid ""
2949
2958
"<emphasis>--network</emphasis> provides details related to the VM's network "
2950
2959
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2959
2968
"connect via VNC to complete the installation."
2960
2969
msgstr ""
2961
2970
2962
#: serverguide/C/virtualization.xml:163(para)
2971
#: serverguide/C/virtualization.xml:189(para)
2963
2972
msgid ""
2964
2973
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2965
2974
"virtual machine's console."
2966
2975
msgstr ""
2967
2976
2968
#: serverguide/C/virtualization.xml:168(para)
2977
#: serverguide/C/virtualization.xml:194(para)
2969
2978
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2970
2979
msgstr ""
2971
2980
2973
2982
msgid ""
2974
2983
"After launching <application>virt-install</application> you can connect to "
2975
2984
"the virtual machine's console either locally using a GUI (if your server has "
2976
"a GUI), or via a remote VNC client from a GUI based computer."
2985
"a GUI), or via a remote VNC client from a GUI-based computer."
2977
2986
msgstr ""
2978
2987
2979
#: serverguide/C/virtualization.xml:179(title)
2988
#: serverguide/C/virtualization.xml:206(title)
2980
2989
msgid "virt-clone"
2981
2990
msgstr "virt-clone"
2982
2991
2983
#: serverguide/C/virtualization.xml:180(para)
2992
#: serverguide/C/virtualization.xml:208(para)
2984
2993
msgid ""
2985
2994
"The <application>virt-clone</application> application can be used to copy "
2986
2995
"one virtual machine to another. For example:"
2987
2996
msgstr ""
2988
2997
2989
#: serverguide/C/virtualization.xml:184(command)
2998
#: serverguide/C/virtualization.xml:212(command)
2990
2999
msgid ""
2991
3000
"sudo virt-clone -o web_devel -n database_devel -f "
2992
3001
"/path/to/database_devel.img \\ --connect=qemu:///system"
2993
3002
msgstr ""
2994
3003
2995
#: serverguide/C/virtualization.xml:189(para)
3004
#: serverguide/C/virtualization.xml:218(para)
2996
3005
msgid "<emphasis>-o:</emphasis> original virtual machine."
2997
3006
msgstr ""
2998
3007
2999
#: serverguide/C/virtualization.xml:194(para)
3008
#: serverguide/C/virtualization.xml:222(para)
3000
3009
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3001
3010
msgstr "<emphasis>-n:</emphasis> імя новай віртуальнай машыны."
3002
3011
3003
#: serverguide/C/virtualization.xml:199(para)
3012
#: serverguide/C/virtualization.xml:227(para)
3004
3013
msgid ""
3005
3014
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3006
3015
"be used by the new virtual machine."
3007
3016
msgstr ""
3008
3017
3009
#: serverguide/C/virtualization.xml:204(para)
3018
#: serverguide/C/virtualization.xml:232(para)
3010
3019
msgid ""
3011
3020
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3012
3021
msgstr ""
3013
3022
3014
#: serverguide/C/virtualization.xml:209(para)
3023
#: serverguide/C/virtualization.xml:237(para)
3015
3024
msgid ""
3016
3025
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3017
3026
"help troubleshoot problems with <application>virt-clone</application>."
3018
3027
msgstr ""
3019
3028
3020
#: serverguide/C/virtualization.xml:214(para)
3029
#: serverguide/C/virtualization.xml:242(para)
3021
3030
msgid ""
3022
3031
"Replace <emphasis>web_devel</emphasis> and "
3023
3032
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3024
3033
msgstr ""
3025
3034
3026
#: serverguide/C/virtualization.xml:220(title)
3035
#: serverguide/C/virtualization.xml:249(title)
3027
3036
msgid "Virtual Machine Management"
3028
3037
msgstr ""
3029
3038
3030
#: serverguide/C/virtualization.xml:222(title)
3039
#: serverguide/C/virtualization.xml:252(title)
3031
3040
msgid "virsh"
3032
3041
msgstr ""
3033
3042
3034
#: serverguide/C/virtualization.xml:223(para)
3043
#: serverguide/C/virtualization.xml:254(para)
3035
3044
msgid ""
3036
3045
"There are several utilities available to manage virtual machines and "
3037
3046
"<application>libvirt</application>. The <application>virsh</application> "
3038
3047
"utility can be used from the command line. Some examples:"
3039
3048
msgstr ""
3040
3049
3041
#: serverguide/C/virtualization.xml:229(para)
3050
#: serverguide/C/virtualization.xml:261(para)
3042
3051
msgid "To list running virtual machines:"
3043
3052
msgstr ""
3044
3053
3045
#: serverguide/C/virtualization.xml:233(command)
3054
#: serverguide/C/virtualization.xml:264(command)
3046
3055
msgid "virsh -c qemu:///system list"
3047
3056
msgstr "virsh -c qemu:///system list"
3048
3057
3049
#: serverguide/C/virtualization.xml:237(para)
3058
#: serverguide/C/virtualization.xml:269(para)
3050
3059
msgid "To start a virtual machine:"
3051
3060
msgstr ""
3052
3061
3053
#: serverguide/C/virtualization.xml:241(command)
3062
#: serverguide/C/virtualization.xml:272(command)
3054
3063
msgid "virsh -c qemu:///system start web_devel"
3055
3064
msgstr "virsh -c qemu:///system start web_devel"
3056
3065
3057
#: serverguide/C/virtualization.xml:245(para)
3066
#: serverguide/C/virtualization.xml:277(para)
3058
3067
msgid "Similarly, to start a virtual machine at boot:"
3059
3068
msgstr ""
3060
3069
3061
#: serverguide/C/virtualization.xml:249(command)
3070
#: serverguide/C/virtualization.xml:280(command)
3062
3071
msgid "virsh -c qemu:///system autostart web_devel"
3063
3072
msgstr "virsh -c qemu:///system autostart web_devel"
3064
3073
3065
#: serverguide/C/virtualization.xml:253(para)
3074
#: serverguide/C/virtualization.xml:285(para)
3066
3075
msgid "Reboot a virtual machine with:"
3067
3076
msgstr ""
3068
3077
3069
#: serverguide/C/virtualization.xml:257(command)
3078
#: serverguide/C/virtualization.xml:288(command)
3070
3079
msgid "virsh -c qemu:///system reboot web_devel"
3071
3080
msgstr "virsh -c qemu:///system reboot web_devel"
3072
3081
3073
#: serverguide/C/virtualization.xml:261(para)
3082
#: serverguide/C/virtualization.xml:293(para)
3074
3083
msgid ""
3075
3084
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3076
3085
"order to be restored later. The following will save the virtual machine "
3077
3086
"state into a file named according to the date:"
3078
3087
msgstr ""
3079
3088
3080
#: serverguide/C/virtualization.xml:266(command)
3089
#: serverguide/C/virtualization.xml:299(command)
3081
3090
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3082
3091
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
3083
3092
3084
#: serverguide/C/virtualization.xml:268(para)
3093
#: serverguide/C/virtualization.xml:302(para)
3085
3094
msgid "Once saved the virtual machine will no longer be running."
3086
3095
msgstr ""
3087
3096
3088
#: serverguide/C/virtualization.xml:273(para)
3097
#: serverguide/C/virtualization.xml:307(para)
3089
3098
msgid "A saved virtual machine can be restored using:"
3090
3099
msgstr ""
3091
3100
3092
#: serverguide/C/virtualization.xml:277(command)
3101
#: serverguide/C/virtualization.xml:310(command)
3093
3102
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3094
3103
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
3095
3104
3096
#: serverguide/C/virtualization.xml:281(para)
3105
#: serverguide/C/virtualization.xml:315(para)
3097
3106
msgid "To shutdown a virtual machine do:"
3098
3107
msgstr ""
3099
3108
3100
#: serverguide/C/virtualization.xml:285(command)
3109
#: serverguide/C/virtualization.xml:318(command)
3101
3110
msgid "virsh -c qemu:///system shutdown web_devel"
3102
3111
msgstr "virsh -c qemu:///system shutdown web_devel"
3103
3112
3104
#: serverguide/C/virtualization.xml:289(para)
3113
#: serverguide/C/virtualization.xml:323(para)
3105
3114
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3106
3115
msgstr ""
3107
3116
3108
#: serverguide/C/virtualization.xml:293(command)
3117
#: serverguide/C/virtualization.xml:327(command)
3109
3118
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3110
3119
msgstr ""
3111
3120
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3112
3121
3113
#: serverguide/C/virtualization.xml:298(para)
3122
#: serverguide/C/virtualization.xml:333(para)
3114
3123
msgid ""
3115
3124
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3116
3125
"appropriate virtual machine name, and <filename>web_devel-"
3117
3126
"022708.state</filename> with a descriptive file name."
3118
3127
msgstr ""
3119
3128
3120
#: serverguide/C/virtualization.xml:305(title)
3129
#: serverguide/C/virtualization.xml:341(title)
3121
3130
msgid "Virtual Machine Manager"
3122
3131
msgstr ""
3123
3132
3124
#: serverguide/C/virtualization.xml:306(para)
3133
#: serverguide/C/virtualization.xml:343(para)
3125
3134
msgid ""
3126
3135
"The <application>virt-manager</application> package contains a graphical "
3127
3136
"utility to manage local and remote virtual machines. To install virt-manager "
3128
3137
"enter:"
3129
3138
msgstr ""
3130
3139
3131
#: serverguide/C/virtualization.xml:311(command)
3140
#: serverguide/C/virtualization.xml:348(command)
3132
3141
msgid "sudo apt-get install virt-manager"
3133
3142
msgstr "sudo apt-get install virt-manager"
3134
3143
3135
#: serverguide/C/virtualization.xml:313(para)
3144
#: serverguide/C/virtualization.xml:351(para)
3136
3145
msgid ""
3137
3146
"Since <application>virt-manager</application> requires a Graphical User "
3138
3147
"Interface (GUI) environment it is recommended to be installed on a "
3140
3149
"the local <application>libvirt</application> service enter:"
3141
3150
msgstr ""
3142
3151
3143
#: serverguide/C/virtualization.xml:319(command)
3152
#: serverguide/C/virtualization.xml:358(command)
3144
3153
msgid "virt-manager -c qemu:///system"
3145
3154
msgstr "virt-manager -c qemu:///system"
3146
3155
3147
#: serverguide/C/virtualization.xml:321(para)
3156
#: serverguide/C/virtualization.xml:361(para)
3148
3157
msgid ""
3149
3158
"You can connect to the <application>libvirt</application> service running on "
3150
3159
"another host by entering the following in a terminal prompt:"
3151
3160
msgstr ""
3152
3161
3153
#: serverguide/C/virtualization.xml:325(command)
3162
#: serverguide/C/virtualization.xml:366(command)
3154
3163
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3155
3164
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3156
3165
3157
#: serverguide/C/virtualization.xml:328(para)
3166
#: serverguide/C/virtualization.xml:370(para)
3158
3167
msgid ""
3159
3168
"The above example assumes that <application>SSH</application> connectivity "
3160
3169
"between the management system and virtnode1.mydomain.com has already been "
3165
3174
"linkend=\"openssh-server\"/>"
3166
3175
msgstr ""
3167
3176
3168
#: serverguide/C/virtualization.xml:338(title)
3177
#: serverguide/C/virtualization.xml:383(title)
3169
3178
msgid "Virtual Machine Viewer"
3170
3179
msgstr ""
3171
3180
3172
#: serverguide/C/virtualization.xml:339(para)
3181
#: serverguide/C/virtualization.xml:385(para)
3173
3182
msgid ""
3174
3183
"The <application>virt-viewer</application> application allows you to connect "
3175
3184
"to a virtual machine's console. <application>virt-viewer</application> does "
3177
3186
"machine."
3178
3187
msgstr ""
3179
3188
3180
#: serverguide/C/virtualization.xml:343(para)
3189
#: serverguide/C/virtualization.xml:390(para)
3181
3190
msgid ""
3182
3191
"To install <application>virt-viewer</application> from a terminal enter:"
3183
3192
msgstr ""
3184
3193
"Каб устанавіць <application>virt-viewer</application>, увядзіце ў тэрмінале:"
3185
3194
3186
#: serverguide/C/virtualization.xml:347(command)
3195
#: serverguide/C/virtualization.xml:394(command)
3187
3196
msgid "sudo apt-get install virt-viewer"
3188
3197
msgstr "sudo apt-get install virt-viewer"
3189
3198
3190
#: serverguide/C/virtualization.xml:349(para)
3199
#: serverguide/C/virtualization.xml:397(para)
3191
3200
msgid ""
3192
3201
"Once a virtual machine is installed and running you can connect to the "
3193
3202
"virtual machine's console by using:"
3194
3203
msgstr ""
3195
3204
3196
#: serverguide/C/virtualization.xml:353(command)
3205
#: serverguide/C/virtualization.xml:401(command)
3197
3206
msgid "virt-viewer -c qemu:///system web_devel"
3198
3207
msgstr "virt-viewer -c qemu:///system web_devel"
3199
3208
3200
#: serverguide/C/virtualization.xml:355(para)
3209
#: serverguide/C/virtualization.xml:404(para)
3201
3210
msgid ""
3202
3211
"Similar to <application>virt-manager</application>, <application>virt-"
3203
3212
"viewer</application> can connect to a remote host using "
3204
3213
"<emphasis>SSH</emphasis> with key authentication, as well:"
3205
3214
msgstr ""
3206
3215
3207
#: serverguide/C/virtualization.xml:360(command)
3216
#: serverguide/C/virtualization.xml:409(command)
3208
3217
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3209
3218
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3210
3219
3211
#: serverguide/C/virtualization.xml:362(para)
3220
#: serverguide/C/virtualization.xml:412(para)
3212
3221
msgid ""
3213
3222
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3214
3223
"appropriate virtual machine name."
3220
3229
"can also setup <application>SSH</application> access to the virtual machine."
3221
3230
msgstr ""
3222
3231
3223
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3232
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:659(title) serverguide/C/virtualization.xml:730(title) serverguide/C/virtualization.xml:1784(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2674(title) serverguide/C/network-auth.xml:3390(title) serverguide/C/network-auth.xml:3943(title) serverguide/C/network-auth.xml:4179(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1149(title) serverguide/C/installation.xml:1434(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3224
3233
msgid "Resources"
3225
3234
msgstr "Рэсурсы"
3226
3235
3230
3239
"more details."
3231
3240
msgstr ""
3232
3241
3233
#: serverguide/C/virtualization.xml:379(para)
3242
#: serverguide/C/virtualization.xml:430(para)
3234
3243
msgid ""
3235
3244
"For more information on <application>libvirt</application> see the <ulink "
3236
3245
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3238
3247
"Для больш зьмястоўнай інфармацыі пра <application>libvirt</application> "
3239
3248
"глядзіце <ulink url=\"http://libvirt.org/\">хатнюю старонку libvirt</ulink>"
3240
3249
3241
#: serverguide/C/virtualization.xml:384(para)
3250
#: serverguide/C/virtualization.xml:436(para)
3242
3251
msgid ""
3243
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3244
"Manager</ulink> site has more information on <application>virt-"
3245
"manager</application> development."
3252
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3253
"site has more information on <application>virt-manager</application> "
3254
"development."
3246
3255
msgstr ""
3247
3256
3248
#: serverguide/C/virtualization.xml:390(para)
3257
#: serverguide/C/virtualization.xml:442(para)
3249
3258
msgid ""
3250
3259
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3251
3260
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3252
3261
"technology in Ubuntu."
3253
3262
msgstr ""
3254
3263
3255
#: serverguide/C/virtualization.xml:396(para)
3264
#: serverguide/C/virtualization.xml:448(para)
3256
3265
msgid ""
3257
3266
"Another good resource is the <ulink "
3258
3267
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3259
3268
msgstr ""
3260
3269
3261
#: serverguide/C/virtualization.xml:401(para)
3270
#: serverguide/C/virtualization.xml:454(para)
3262
3271
msgid ""
3263
3272
"For information on Xen, including using Xen with libvirt, please see the "
3264
3273
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3269
3278
msgid "Cloud images and uvtool"
3270
3279
msgstr ""
3271
3280
3272
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3281
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3273
3282
msgid "Introduction"
3274
3283
msgstr "Уводзіны"
3275
3284
3276
3285
#: serverguide/C/virtualization.xml:469(para)
3277
3286
msgid ""
3278
"With Ubuntu being one of the most used operating systems on most of the "
3279
"cloud platforms, the availability of stable and secure cloud images has "
3280
"become very important. As of 12.04 the utilization of cloud images outside "
3281
"of a cloud infrastructure has been improved. It is now possible to use those "
3287
"With Ubuntu being one of the most used operating systems on many cloud "
3288
"platforms, the availability of stable and secure cloud images has become "
3289
"very important. As of 12.04 the utilization of cloud images outside of a "
3290
"cloud infrastructure has been improved. It is now possible to use those "
3282
3291
"images to create a virtual machine without the need of a complete "
3283
3292
"installation."
3284
3293
msgstr ""
3285
3294
3286
#: serverguide/C/virtualization.xml:478(title)
3295
#: serverguide/C/virtualization.xml:477(title)
3287
3296
msgid "Creating virtual machines using uvtool"
3288
3297
msgstr ""
3289
3298
3290
#: serverguide/C/virtualization.xml:480(para)
3299
#: serverguide/C/virtualization.xml:479(para)
3291
3300
msgid ""
3292
3301
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3293
3302
"of generating virtual machines (VM) using the cloud images. "
3295
3304
"synchronize cloud-images locally and use them to create new VMs in minutes."
3296
3305
msgstr ""
3297
3306
3298
#: serverguide/C/virtualization.xml:487(title)
3307
#: serverguide/C/virtualization.xml:486(title)
3299
3308
msgid "Uvtool packages"
3300
3309
msgstr ""
3301
3310
3302
#: serverguide/C/virtualization.xml:489(para)
3311
#: serverguide/C/virtualization.xml:488(para)
3303
3312
msgid ""
3304
"The following packages and their dependancies will be required in order to "
3313
"The following packages and their dependencies will be required in order to "
3305
3314
"use uvtool:"
3306
3315
msgstr ""
3307
3316
3308
#: serverguide/C/virtualization.xml:496(para)
3317
#: serverguide/C/virtualization.xml:495(para)
3309
3318
msgid "uvtool"
3310
3319
msgstr ""
3311
3320
3312
#: serverguide/C/virtualization.xml:500(para)
3321
#: serverguide/C/virtualization.xml:499(para)
3313
3322
msgid "uvtool-libvirt"
3314
3323
msgstr ""
3315
3324
3316
#: serverguide/C/virtualization.xml:505(para)
3317
msgid ""
3318
"Installation of <application>uvtool</application> is done the same as for "
3319
"any other application by using apt-get:"
3325
#: serverguide/C/virtualization.xml:504(para)
3326
msgid "To install <application>uvtool</application>, run:"
3320
3327
msgstr ""
3321
3328
3322
#: serverguide/C/virtualization.xml:507(programlisting)
3329
#: serverguide/C/virtualization.xml:505(programlisting)
3323
3330
#, no-wrap
3324
3331
msgid "$ apt-get -y install uvtool"
3325
3332
msgstr ""
3326
3333
3327
#: serverguide/C/virtualization.xml:509(para)
3334
#: serverguide/C/virtualization.xml:507(para)
3328
3335
msgid "This will install uvtool's main commands:"
3329
3336
msgstr ""
3330
3337
3331
#: serverguide/C/virtualization.xml:511(application)
3338
#: serverguide/C/virtualization.xml:509(application)
3332
3339
msgid "uvt-simplestreams-libvirt"
3333
3340
msgstr ""
3334
3341
3335
#: serverguide/C/virtualization.xml:512(application)
3342
#: serverguide/C/virtualization.xml:510(application)
3336
3343
msgid "uvt-kvm"
3337
3344
msgstr ""
3338
3345
3339
#: serverguide/C/virtualization.xml:517(title)
3346
#: serverguide/C/virtualization.xml:515(title)
3340
3347
msgid ""
3341
3348
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3342
3349
"libvirt</application>"
3343
3350
msgstr ""
3344
3351
3345
#: serverguide/C/virtualization.xml:519(para)
3352
#: serverguide/C/virtualization.xml:517(para)
3346
3353
msgid ""
3347
3354
"This is one of the major simplifications that "
3348
3355
"<application>uvtool</application> brings. It is aware of where to find the "
3351
3358
"architecture, the uvtool command would be:"
3352
3359
msgstr ""
3353
3360
3354
#: serverguide/C/virtualization.xml:524(programlisting)
3361
#: serverguide/C/virtualization.xml:522(programlisting)
3355
3362
#, no-wrap
3356
3363
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3357
3364
msgstr ""
3358
3365
3359
#: serverguide/C/virtualization.xml:526(para)
3366
#: serverguide/C/virtualization.xml:524(para)
3360
3367
msgid ""
3361
3368
"After an amount of time required to download all the images from the "
3362
"internet, you will have a complete set of cloud images stored locally. To "
3369
"Internet, you will have a complete set of cloud images stored locally. To "
3363
3370
"see what has been downloaded use the following command:"
3364
3371
msgstr ""
3365
3372
3366
#: serverguide/C/virtualization.xml:530(programlisting)
3373
#: serverguide/C/virtualization.xml:528(programlisting)
3367
3374
#, no-wrap
3368
3375
msgid ""
3369
3376
"$ uvt-simplestreams-libvirt query\n"
3374
3381
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3375
3382
msgstr ""
3376
3383
3377
#: serverguide/C/virtualization.xml:538(para)
3384
#: serverguide/C/virtualization.xml:536(para)
3378
3385
msgid ""
3379
3386
"In the case where you want to synchronize only one specific cloud-image, you "
3380
3387
"need to use the release= and arch= filters to identify which image needs to "
3381
3388
"be synchronized."
3382
3389
msgstr ""
3383
3390
3384
#: serverguide/C/virtualization.xml:541(programlisting)
3391
#: serverguide/C/virtualization.xml:539(programlisting)
3385
3392
#, no-wrap
3386
3393
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3387
3394
msgstr ""
3388
3395
3389
#: serverguide/C/virtualization.xml:546(title)
3396
#: serverguide/C/virtualization.xml:544(title)
3390
3397
msgid "Create the VM using uvt-kvm"
3391
3398
msgstr ""
3392
3399
3393
#: serverguide/C/virtualization.xml:548(para)
3400
#: serverguide/C/virtualization.xml:546(para)
3394
3401
msgid ""
3395
"In order to be able to connect to the virtual machine once it has been "
3396
"created, it is necessary to have a valid SSH key available for the ubuntu "
3397
"user. If your environment does not have a ssh key, you can easily create one "
3398
"using the following command:"
3402
"In order to connect to the virtual machine once it has been created, you "
3403
"must have a valid SSH key available for the Ubuntu user. If your environment "
3404
"does not have an SSH key, you can easily create one using the following "
3405
"command:"
3399
3406
msgstr ""
3400
3407
3401
#: serverguide/C/virtualization.xml:552(programlisting)
3408
#: serverguide/C/virtualization.xml:548(programlisting)
3402
3409
#, no-wrap
3403
3410
msgid ""
3404
3411
"\n"
3425
3432
"+-----------------+\n"
3426
3433
msgstr ""
3427
3434
3435
#: serverguide/C/virtualization.xml:571(para)
3436
msgid ""
3437
"To create of a new virtual machine using uvtool, run the following in a "
3438
"terminal:"
3439
msgstr ""
3440
3441
#: serverguide/C/virtualization.xml:573(programlisting)
3442
#, no-wrap
3443
msgid "$ uvt-kvm create firsttest"
3444
msgstr ""
3445
3428
3446
#: serverguide/C/virtualization.xml:575(para)
3429
3447
msgid ""
3430
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3431
"form, you only need to do:"
3432
msgstr ""
3433
3434
#: serverguide/C/virtualization.xml:578(programlisting)
3435
#, no-wrap
3436
msgid "$ uvt-kvm create firsttest"
3437
msgstr ""
3438
3439
#: serverguide/C/virtualization.xml:580(para)
3440
msgid ""
3441
3448
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3442
3449
"using the current LTS cloud image available locally. If you want to specify "
3443
3450
"a release to be used to create the VM, you need to use the <emphasis "
3444
"role=\"bold\">release=</emphasis> filter"
3451
"role=\"bold\">release=</emphasis> filter:"
3452
msgstr ""
3453
3454
#: serverguide/C/virtualization.xml:578(programlisting)
3455
#, no-wrap
3456
msgid "$ uvt-kvm create secondtest release=trusty"
3457
msgstr ""
3458
3459
#: serverguide/C/virtualization.xml:580(para)
3460
msgid ""
3461
"<application>uvt-kvm wait</application> can be used to wait until the "
3462
"creation of the VM has completed:"
3445
3463
msgstr ""
3446
3464
3447
3465
#: serverguide/C/virtualization.xml:583(programlisting)
3448
3466
#, no-wrap
3449
msgid "$ uvt-kvm create secondtest release=trusty"
3450
msgstr ""
3451
3452
#: serverguide/C/virtualization.xml:585(para)
3453
msgid ""
3454
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3455
"the creation of the VM has completed"
3456
msgstr ""
3457
3458
#: serverguide/C/virtualization.xml:588(programlisting)
3459
#, no-wrap
3460
3467
msgid ""
3461
3468
"$ uvt-kvm wait secondttest --insecure\n"
3462
3469
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3463
3470
msgstr ""
3464
3471
3465
#: serverguide/C/virtualization.xml:593(title)
3472
#: serverguide/C/virtualization.xml:588(title)
3466
3473
msgid "Connect to the running VM"
3467
3474
msgstr ""
3468
3475
3469
#: serverguide/C/virtualization.xml:594(para)
3476
#: serverguide/C/virtualization.xml:589(para)
3470
3477
msgid ""
3471
3478
"Once the virtual machine creation is completed, you can connect to it using "
3472
"ssh:"
3479
"SSH:"
3473
3480
msgstr ""
3474
3481
3475
#: serverguide/C/virtualization.xml:597(programlisting)
3482
#: serverguide/C/virtualization.xml:592(programlisting)
3476
3483
#, no-wrap
3477
3484
msgid "$ uvt-kvm ssh secondtest --insecure"
3478
3485
msgstr ""
3479
3486
3480
#: serverguide/C/virtualization.xml:599(para)
3487
#: serverguide/C/virtualization.xml:594(para)
3481
3488
msgid ""
3482
3489
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3483
"required so you should be using this mechanism to connect to your VM only if "
3484
"you completely trust your network infrastructure"
3490
"required, so use this mechanism to connect to your VM only if you completely "
3491
"trust your network infrastructure."
3485
3492
msgstr ""
3486
3493
3487
#: serverguide/C/virtualization.xml:602(para)
3494
#: serverguide/C/virtualization.xml:596(para)
3488
3495
msgid ""
3489
"You can also connect to your VM using a regular ssh session using the IP "
3496
"You can also connect to your VM using a regular SSH session using the IP "
3490
3497
"address of the VM. The address can be queried using the following command:"
3491
3498
msgstr ""
3492
3499
3493
#: serverguide/C/virtualization.xml:605(programlisting)
3500
#: serverguide/C/virtualization.xml:598(programlisting)
3494
3501
#, no-wrap
3495
3502
msgid ""
3496
3503
"\n"
3521
3528
"\n"
3522
3529
msgstr ""
3523
3530
3524
#: serverguide/C/virtualization.xml:631(title)
3531
#: serverguide/C/virtualization.xml:624(title)
3525
3532
msgid "Get the list of running VMs"
3526
3533
msgstr ""
3527
3534
3528
#: serverguide/C/virtualization.xml:632(para)
3529
msgid "You can get the list of VM running on your system with this command:"
3535
#: serverguide/C/virtualization.xml:625(para)
3536
msgid "You can get the list of VMs running on your system with this command:"
3530
3537
msgstr ""
3531
3538
3532
#: serverguide/C/virtualization.xml:634(programlisting)
3539
#: serverguide/C/virtualization.xml:627(programlisting)
3533
3540
#, no-wrap
3534
3541
msgid ""
3535
3542
"$ uvt-kvm list\n"
3536
3543
"secondtest\n"
3537
3544
msgstr ""
3538
3545
3539
#: serverguide/C/virtualization.xml:639(title)
3546
#: serverguide/C/virtualization.xml:632(title)
3540
3547
msgid "Destroy your VM"
3541
3548
msgstr ""
3542
3549
3543
#: serverguide/C/virtualization.xml:640(para)
3544
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3550
#: serverguide/C/virtualization.xml:633(para)
3551
msgid "Once you are done with your VM, you can destroy it with:"
3545
3552
msgstr ""
3546
3553
3547
#: serverguide/C/virtualization.xml:642(programlisting)
3554
#: serverguide/C/virtualization.xml:635(programlisting)
3548
3555
#, no-wrap
3549
3556
msgid "$ uvt-kvm destroy secondtest"
3550
3557
msgstr ""
3551
3558
3552
#: serverguide/C/virtualization.xml:644(title)
3559
#: serverguide/C/virtualization.xml:637(title)
3553
3560
msgid "More uvt-kvm options"
3554
3561
msgstr ""
3555
3562
3556
#: serverguide/C/virtualization.xml:646(para)
3563
#: serverguide/C/virtualization.xml:639(para)
3557
3564
msgid ""
3558
3565
"The following options can be used to change some of the characteristics of "
3559
"the virtual memory that you are creating"
3566
"the VM that you are creating:"
3567
msgstr ""
3568
3569
#: serverguide/C/virtualization.xml:642(para)
3570
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3571
msgstr ""
3572
3573
#: serverguide/C/virtualization.xml:643(para)
3574
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3575
msgstr ""
3576
3577
#: serverguide/C/virtualization.xml:644(para)
3578
msgid "--cpu : Number of CPU cores. Default: 1."
3579
msgstr ""
3580
3581
#: serverguide/C/virtualization.xml:647(para)
3582
msgid ""
3583
"Some other parameters will have an impact on the cloud-init configuration:"
3584
msgstr ""
3585
3586
#: serverguide/C/virtualization.xml:649(para)
3587
msgid ""
3588
"--password password : Allow login to the VM using the Ubuntu account and "
3589
"this provided password."
3560
3590
msgstr ""
3561
3591
3562
3592
#: serverguide/C/virtualization.xml:650(para)
3563
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3564
msgstr ""
3565
3566
#: serverguide/C/virtualization.xml:651(para)
3567
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3568
msgstr ""
3569
3570
#: serverguide/C/virtualization.xml:652(para)
3571
msgid "--cpu : Number of CPU cores. Default: 1"
3572
msgstr ""
3573
3574
#: serverguide/C/virtualization.xml:655(para)
3575
msgid ""
3576
"Some other parameters will have an impact on the cloud-init configuration"
3577
msgstr ""
3578
3579
#: serverguide/C/virtualization.xml:657(para)
3580
msgid ""
3581
"--password password : Allow login to the VM using the ubuntu account and "
3582
"this provided password"
3583
msgstr ""
3584
3585
#: serverguide/C/virtualization.xml:658(para)
3586
3593
msgid ""
3587
3594
"--run-script-once script_file : Run script_file as root on the VM the first "
3588
3595
"time it is booted, but never again."
3589
3596
msgstr ""
3590
3597
3591
#: serverguide/C/virtualization.xml:659(para)
3598
#: serverguide/C/virtualization.xml:651(para)
3592
3599
msgid ""
3593
3600
"--packages package_list : Install the comma-separated packages specified in "
3594
3601
"package_list on first boot."
3595
3602
msgstr ""
3596
3603
3597
#: serverguide/C/virtualization.xml:662(para)
3604
#: serverguide/C/virtualization.xml:654(para)
3598
3605
msgid ""
3599
3606
"A complete description of all available modifiers is available in the "
3600
"manpage of uvt-kvm"
3607
"manpage of uvt-kvm."
3601
3608
msgstr ""
3602
3609
3603
#: serverguide/C/virtualization.xml:1073(para)
3610
#: serverguide/C/virtualization.xml:661(para)
3604
3611
msgid ""
3605
3612
"If you are interested in learning more, have questions or suggestions, "
3606
3613
"please contact the Ubuntu Server Team at:"
3607
3614
msgstr ""
3608
3615
3609
#: serverguide/C/virtualization.xml:1078(para)
3616
#: serverguide/C/virtualization.xml:666(para)
3610
3617
msgid "IRC: #ubuntu-server on freenode"
3611
3618
msgstr "IRC: канал #ubuntu-server на freenode"
3612
3619
3613
#: serverguide/C/virtualization.xml:1083(para)
3620
#: serverguide/C/virtualization.xml:670(para)
3614
3621
msgid ""
3615
3622
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3616
3623
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3617
3624
msgstr ""
3618
3625
3619
#: serverguide/C/virtualization.xml:2121(title)
3626
#: serverguide/C/virtualization.xml:679(title)
3620
3627
msgid "Ubuntu Cloud"
3621
3628
msgstr ""
3622
3629
3623
#: serverguide/C/virtualization.xml:2122(para)
3630
#: serverguide/C/virtualization.xml:681(para)
3624
3631
msgid ""
3625
3632
"<application>Cloud computing</application> is a computing model that allows "
3626
3633
"vast pools of resources to be allocated on-demand. These resources such as "
3632
3639
"build highly scalable, cloud computing for both public and private clouds."
3633
3640
msgstr ""
3634
3641
3635
#: serverguide/C/virtualization.xml:700(title)
3642
#: serverguide/C/virtualization.xml:692(title)
3636
3643
msgid "Installation and Configuration"
3637
3644
msgstr ""
3638
3645
3639
#: serverguide/C/virtualization.xml:702(para)
3646
#: serverguide/C/virtualization.xml:694(para)
3640
3647
msgid ""
3641
3648
"Due to the current high rate of development of this complex technology we "
3642
3649
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3644
3651
"concerning installation and configuration."
3645
3652
msgstr ""
3646
3653
3647
#: serverguide/C/virtualization.xml:2452(title)
3654
#: serverguide/C/virtualization.xml:703(title)
3648
3655
msgid "Support and Troubleshooting"
3649
3656
msgstr ""
3650
3657
3651
#: serverguide/C/virtualization.xml:2453(para)
3658
#: serverguide/C/virtualization.xml:705(para)
3652
3659
msgid "Community Support"
3653
3660
msgstr ""
3654
3661
3655
#: serverguide/C/virtualization.xml:2457(ulink)
3662
#: serverguide/C/virtualization.xml:709(ulink)
3656
3663
msgid "OpenStack Mailing list"
3657
3664
msgstr ""
3658
3665
3659
#: serverguide/C/virtualization.xml:2462(ulink)
3666
#: serverguide/C/virtualization.xml:714(ulink)
3660
3667
msgid "The OpenStack Wiki search"
3661
3668
msgstr ""
3662
3669
3663
#: serverguide/C/virtualization.xml:2468(ulink)
3670
#: serverguide/C/virtualization.xml:719(ulink)
3664
3671
msgid "Launchpad bugs area"
3665
3672
msgstr ""
3666
3673
3667
#: serverguide/C/virtualization.xml:2472(para)
3674
#: serverguide/C/virtualization.xml:724(para)
3668
3675
msgid "Join the IRC channel #openstack on freenode."
3669
3676
msgstr ""
3670
3677
3671
#: serverguide/C/virtualization.xml:2486(ulink)
3678
#: serverguide/C/virtualization.xml:735(ulink)
3672
3679
msgid "Cloud Computing - Service models"
3673
3680
msgstr ""
3674
3681
3675
#: serverguide/C/virtualization.xml:2491(ulink)
3682
#: serverguide/C/virtualization.xml:741(ulink)
3676
3683
msgid "OpenStack Compute"
3677
3684
msgstr ""
3678
3685
3679
#: serverguide/C/virtualization.xml:2496(ulink)
3686
#: serverguide/C/virtualization.xml:747(ulink)
3680
3687
msgid "OpenStack Image Service"
3681
3688
msgstr ""
3682
3689
3683
#: serverguide/C/virtualization.xml:2501(ulink)
3690
#: serverguide/C/virtualization.xml:753(ulink)
3684
3691
msgid "OpenStack Object Storage Administration Guide"
3685
3692
msgstr ""
3686
3693
3687
#: serverguide/C/virtualization.xml:2506(ulink)
3694
#: serverguide/C/virtualization.xml:759(ulink)
3688
3695
msgid "Installing OpenStack Object Storage on Ubuntu"
3689
3696
msgstr ""
3690
3697
3691
#: serverguide/C/virtualization.xml:2511(ulink)
3698
#: serverguide/C/virtualization.xml:765(ulink)
3692
3699
msgid "http://cloudglossary.com/"
3693
3700
msgstr ""
3694
3701
3695
#: serverguide/C/virtualization.xml:2586(title)
3702
#: serverguide/C/virtualization.xml:775(title)
3696
3703
msgid "LXC"
3697
3704
msgstr ""
3698
3705
3699
#: serverguide/C/virtualization.xml:785(para)
3706
#: serverguide/C/virtualization.xml:777(para)
3700
3707
msgid ""
3701
3708
"Containers are a lightweight virtualization technology. They are more akin "
3702
3709
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3708
3715
"and OpenVZ functionality."
3709
3716
msgstr ""
3710
3717
3711
#: serverguide/C/virtualization.xml:2602(para)
3718
#: serverguide/C/virtualization.xml:787(para)
3712
3719
msgid ""
3713
3720
"There are two user-space implementations of containers, each exploiting the "
3714
3721
"same kernel features. Libvirt allows the use of containers through the LXC "
3719
3726
"there are peculiarities which can cause confusion."
3720
3727
msgstr ""
3721
3728
3722
#: serverguide/C/virtualization.xml:804(para)
3729
#: serverguide/C/virtualization.xml:796(para)
3723
3730
msgid ""
3724
3731
"In this document we will mainly describe the <application>lxc</application> "
3725
3732
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
3726
3733
"Apparmor protection for libvirt-lxc containers."
3727
3734
msgstr ""
3728
3735
3729
#: serverguide/C/virtualization.xml:2618(para)
3736
#: serverguide/C/virtualization.xml:801(para)
3730
3737
msgid "In this document, a container name will be shown as CN, C1, or C2."
3731
3738
msgstr ""
3732
3739
3733
#: serverguide/C/virtualization.xml:2624(para)
3740
#: serverguide/C/virtualization.xml:807(para)
3734
3741
msgid "The <application>lxc</application> package can be installed using"
3735
3742
msgstr ""
3736
3743
3737
#: serverguide/C/virtualization.xml:2629(command)
3744
#: serverguide/C/virtualization.xml:811(command)
3738
3745
msgid "sudo apt-get install lxc"
3739
3746
msgstr ""
3740
3747
3741
#: serverguide/C/virtualization.xml:824(para)
3748
#: serverguide/C/virtualization.xml:816(para)
3742
3749
msgid ""
3743
3750
"This will pull in the required and recommended dependencies, as well as set "
3744
3751
"up a network bridge for containers to use. If you wish to use unprivileged "
3747
3754
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
3748
3755
msgstr ""
3749
3756
3750
#: serverguide/C/virtualization.xml:834(title) serverguide/C/vcs.xml:104(title)
3757
#: serverguide/C/virtualization.xml:826(title) serverguide/C/vcs.xml:111(title)
3751
3758
msgid "Basic usage"
3752
3759
msgstr ""
3753
3760
3754
#: serverguide/C/virtualization.xml:835(para)
3761
#: serverguide/C/virtualization.xml:827(para)
3755
3762
msgid ""
3756
3763
"LXC can be used in two distinct ways - privileged, by running the lxc "
3757
3764
"commands as the root user; or unprivileged, by running the lxc commands as a "
3762
3769
"in the container is mapped to a non-root userid on the host."
3763
3770
msgstr ""
3764
3771
3765
#: serverguide/C/virtualization.xml:847(title)
3772
#: serverguide/C/virtualization.xml:839(title)
3766
3773
msgid "Basic privileged usage"
3767
3774
msgstr ""
3768
3775
3769
#: serverguide/C/virtualization.xml:848(para)
3770
msgid "To create a privileged container, you can simply to"
3776
#: serverguide/C/virtualization.xml:840(para)
3777
msgid "To create a privileged container, you can simply do:"
3771
3778
msgstr ""
3772
3779
3773
#: serverguide/C/virtualization.xml:852(command)
3780
#: serverguide/C/virtualization.xml:844(command)
3774
3781
msgid "sudo lxc-create --template download --name u1"
3775
3782
msgstr ""
3776
3783
3777
#: serverguide/C/virtualization.xml:856(command)
3784
#: serverguide/C/virtualization.xml:848(command)
3778
3785
msgid "sudo lxc-create -t download -n u1"
3779
3786
msgstr ""
3780
3787
3781
#: serverguide/C/virtualization.xml:851(screen)
3788
#: serverguide/C/virtualization.xml:843(screen)
3782
3789
#, no-wrap
3783
3790
msgid ""
3784
3791
"\n"
3787
3794
"<placeholder-2/>\n"
3788
3795
msgstr ""
3789
3796
3790
#: serverguide/C/virtualization.xml:860(para)
3797
#: serverguide/C/virtualization.xml:852(para)
3791
3798
msgid ""
3792
3799
"This will interactively ask for a container root filesystem type to download "
3793
3800
"- in particular the distribution, release, and architecture. To create the "
3795
3802
"line:"
3796
3803
msgstr ""
3797
3804
3798
#: serverguide/C/virtualization.xml:867(command)
3805
#: serverguide/C/virtualization.xml:859(command)
3799
3806
msgid ""
3800
3807
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release trusty --arch "
3801
3808
"amd64"
3802
3809
msgstr ""
3803
3810
3804
#: serverguide/C/virtualization.xml:871(command)
3811
#: serverguide/C/virtualization.xml:863(command)
3805
3812
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64"
3806
3813
msgstr ""
3807
3814
3808
#: serverguide/C/virtualization.xml:866(screen)
3815
#: serverguide/C/virtualization.xml:858(screen)
3809
3816
#, no-wrap
3810
3817
msgid ""
3811
3818
"\n"
3814
3821
"<placeholder-2/>\n"
3815
3822
msgstr ""
3816
3823
3817
#: serverguide/C/virtualization.xml:876(para)
3824
#: serverguide/C/virtualization.xml:868(para)
3818
3825
msgid ""
3819
3826
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
3820
3827
"info</command> to obtain detailed container information, <command>lxc-"
3826
3833
"look like:"
3827
3834
msgstr ""
3828
3835
3829
#: serverguide/C/virtualization.xml:887(command)
3836
#: serverguide/C/virtualization.xml:879(command)
3830
3837
msgid ""
3831
3838
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
3832
3839
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
3833
3840
msgstr ""
3834
3841
3835
#: serverguide/C/virtualization.xml:899(title)
3842
#: serverguide/C/virtualization.xml:891(title)
3836
3843
msgid "User namespaces"
3837
3844
msgstr ""
3838
3845
3839
#: serverguide/C/virtualization.xml:900(para)
3846
#: serverguide/C/virtualization.xml:892(para)
3840
3847
msgid ""
3841
3848
"Unprivileged containers allow users to create and administer containers "
3842
3849
"without having any root privilege. The feature underpinning this is called "
3853
3860
"convention started at id 100000 to avoid conflicting with system users."
3854
3861
msgstr ""
3855
3862
3856
#: serverguide/C/virtualization.xml:918(para)
3863
#: serverguide/C/virtualization.xml:910(para)
3857
3864
msgid ""
3858
3865
"If a user was created on an earlier release, it can be granted a range of "
3859
3866
"ids using <command>usermod</command>, as follows:"
3860
3867
msgstr ""
3861
3868
3862
#: serverguide/C/virtualization.xml:923(command)
3869
#: serverguide/C/virtualization.xml:915(command)
3863
3870
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
3864
3871
msgstr ""
3865
3872
3866
#: serverguide/C/virtualization.xml:928(para)
3873
#: serverguide/C/virtualization.xml:920(para)
3867
3874
msgid ""
3868
3875
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
3869
3876
"are setuid-root programs in the <filename>uidmap</filename> package, which "
3872
3879
"authorized by the host configuration."
3873
3880
msgstr ""
3874
3881
3875
#: serverguide/C/virtualization.xml:939(title)
3882
#: serverguide/C/virtualization.xml:931(title)
3876
3883
msgid "Basic unprivileged usage"
3877
3884
msgstr ""
3878
3885
3879
#: serverguide/C/virtualization.xml:943(para)
3886
#: serverguide/C/virtualization.xml:935(para)
3880
3887
msgid ""
3881
3888
"To create unprivileged containers, a few first steps are needed. You will "
3882
3889
"need to create a default container configuration file, specifying your "
3885
3892
"assumes that your mapped user and group id ranges are 100000-165536."
3886
3893
msgstr ""
3887
3894
3888
#: serverguide/C/virtualization.xml:952(command)
3895
#: serverguide/C/virtualization.xml:944(command)
3889
3896
msgid ""
3890
3897
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
3891
3898
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
3895
3902
"/etc/lxc/lxc-usernet"
3896
3903
msgstr ""
3897
3904
3898
#: serverguide/C/virtualization.xml:962(para)
3905
#: serverguide/C/virtualization.xml:954(para)
3899
3906
msgid ""
3900
3907
"After this, you can create unprivileged containers the same way as "
3901
3908
"privileged ones, simply without using sudo."
3902
3909
msgstr ""
3903
3910
3904
#: serverguide/C/virtualization.xml:967(command)
3911
#: serverguide/C/virtualization.xml:959(command)
3905
3912
msgid ""
3906
3913
"lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64 lxc-start -n u1 "
3907
3914
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
3908
3915
msgstr ""
3909
3916
3910
#: serverguide/C/virtualization.xml:978(title)
3917
#: serverguide/C/virtualization.xml:970(title)
3911
3918
msgid "Nesting"
3912
3919
msgstr ""
3913
3920
3914
#: serverguide/C/virtualization.xml:979(para)
3921
#: serverguide/C/virtualization.xml:971(para)
3915
3922
msgid ""
3916
3923
"In order to run containers inside containers - referred to as nested "
3917
3924
"containers - two lines must be present in the parent container configuration "
3928
3935
"information."
3929
3936
msgstr ""
3930
3937
3931
#: serverguide/C/virtualization.xml:1001(title)
3938
#: serverguide/C/virtualization.xml:993(title)
3932
3939
msgid "Global configuration"
3933
3940
msgstr ""
3934
3941
3935
#: serverguide/C/virtualization.xml:1008(para)
3942
#: serverguide/C/virtualization.xml:1000(para)
3936
3943
msgid ""
3937
3944
"<filename>lxc.conf</filename> may optionally specify alternate values for "
3938
3945
"several lxc settings, including the lxcpath, the default configuration, "
3940
3947
"lvm and zfs."
3941
3948
msgstr ""
3942
3949
3943
#: serverguide/C/virtualization.xml:1015(para)
3950
#: serverguide/C/virtualization.xml:1007(para)
3944
3951
msgid ""
3945
3952
"<filename>default.conf</filename> specifies configuration which every newly "
3946
3953
"created container should contain. This usually contains at least a network "
3947
3954
"section, and, for unprivileged users, an id mapping section"
3948
3955
msgstr ""
3949
3956
3950
#: serverguide/C/virtualization.xml:1022(para)
3957
#: serverguide/C/virtualization.xml:1014(para)
3951
3958
msgid ""
3952
3959
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3953
3960
"connect their containers to the host-owned network."
3954
3961
msgstr ""
3955
3962
3956
#: serverguide/C/virtualization.xml:1002(para)
3963
#: serverguide/C/virtualization.xml:994(para)
3957
3964
msgid ""
3958
3965
"The following configuration files are consulted by LXC. For privileged use, "
3959
3966
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3960
3967
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3961
3968
msgstr ""
3962
3969
3963
#: serverguide/C/virtualization.xml:1028(para)
3970
#: serverguide/C/virtualization.xml:1020(para)
3964
3971
msgid ""
3965
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3966
"exist both under <filename>/etc/lxc</filename> and "
3972
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3973
"under <filename>/etc/lxc</filename> and "
3967
3974
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3968
3975
"usernet.conf</filename> is only host-wide."
3969
3976
msgstr ""
3970
3977
3971
#: serverguide/C/virtualization.xml:1033(para)
3978
#: serverguide/C/virtualization.xml:1025(para)
3972
3979
msgid ""
3973
3980
"By default, containers are located under /var/lib/lxc for the root user, and "
3974
3981
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3975
3982
"commands using the \"-P|--lxcpath\" argument."
3976
3983
msgstr ""
3977
3984
3978
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3985
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3979
3986
msgid "Networking"
3980
3987
msgstr "Сеціва"
3981
3988
3982
#: serverguide/C/virtualization.xml:1043(para)
3989
#: serverguide/C/virtualization.xml:1035(para)
3983
3990
msgid ""
3984
3991
"By default LXC creates a private network namespace for each container, which "
3985
3992
"includes a layer 2 networking stack. Containers usually connect to the "
3991
3998
"container is not usable on the host."
3992
3999
msgstr ""
3993
4000
3994
#: serverguide/C/virtualization.xml:1051(para)
4001
#: serverguide/C/virtualization.xml:1043(para)
3995
4002
msgid ""
3996
4003
"It is possible to create a container without a private network namespace. In "
3997
4004
"this case, the container will have access to the host networking like any "
4001
4008
"Unix domain socket to the host's upstart, and shut down the host."
4002
4009
msgstr ""
4003
4010
4004
#: serverguide/C/virtualization.xml:1057(para)
4011
#: serverguide/C/virtualization.xml:1049(para)
4005
4012
msgid ""
4006
4013
"To give containers on lxcbr0 a persistent ip address based on domain name, "
4007
4014
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
4011
4018
"</screen>"
4012
4019
msgstr ""
4013
4020
4014
#: serverguide/C/virtualization.xml:1065(para)
4021
#: serverguide/C/virtualization.xml:1057(para)
4015
4022
msgid ""
4016
4023
"If it is desirable for the container to be publicly accessible, there are a "
4017
4024
"few ways to go about it. One is to use <command>iptables</command> to "
4030
4037
"are preferred and more commonly used."
4031
4038
msgstr ""
4032
4039
4033
#: serverguide/C/virtualization.xml:1086(para)
4040
#: serverguide/C/virtualization.xml:1078(para)
4034
4041
msgid ""
4035
4042
"There are several ways to determine the ip address for a container. First, "
4036
4043
"you can use <command>lxc-ls --fancy</command> which will print the ip "
4046
4053
"</screen>"
4047
4054
msgstr ""
4048
4055
4049
#: serverguide/C/virtualization.xml:1101(para)
4056
#: serverguide/C/virtualization.xml:1093(para)
4050
4057
msgid ""
4051
4058
"For more information, see the lxc.conf manpage as well as the example "
4052
4059
"network configurations under "
4053
4060
"<filename>/usr/share/doc/lxc/examples/</filename>."
4054
4061
msgstr ""
4055
4062
4056
#: serverguide/C/virtualization.xml:1107(title)
4063
#: serverguide/C/virtualization.xml:1099(title)
4057
4064
msgid "LXC startup"
4058
4065
msgstr ""
4059
4066
4060
#: serverguide/C/virtualization.xml:1109(para)
4067
#: serverguide/C/virtualization.xml:1101(para)
4061
4068
msgid ""
4062
4069
"LXC does not have a long-running daemon. However it does have three upstart "
4063
4070
"jobs."
4064
4071
msgstr ""
4065
4072
4066
#: serverguide/C/virtualization.xml:1115(para)
4073
#: serverguide/C/virtualization.xml:1107(para)
4067
4074
msgid ""
4068
4075
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
4069
4076
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
4070
4077
"(true by default). It sets up a NATed bridge for containers to use."
4071
4078
msgstr ""
4072
4079
4073
#: serverguide/C/virtualization.xml:1123(para)
4080
#: serverguide/C/virtualization.xml:1115(para)
4074
4081
msgid ""
4075
4082
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
4076
4083
"optionally starts any autostart containers. The autostart containers will be "
4079
4086
"more information on autostarted containers."
4080
4087
msgstr ""
4081
4088
4082
#: serverguide/C/virtualization.xml:1133(para)
4089
#: serverguide/C/virtualization.xml:1125(para)
4083
4090
msgid ""
4084
"<filename>/etc/init/lxc-instance.conf:</filename> is used by "
4091
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
4085
4092
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4086
4093
msgstr ""
4087
4094
4088
#: serverguide/C/virtualization.xml:3232(title)
4095
#: serverguide/C/virtualization.xml:1134(title)
4089
4096
msgid "Backing Stores"
4090
4097
msgstr ""
4091
4098
4092
#: serverguide/C/virtualization.xml:1143(para)
4099
#: serverguide/C/virtualization.xml:1135(para)
4093
4100
msgid ""
4094
4101
"LXC supports several backing stores for container root filesystems. The "
4095
4102
"default is a simple directory backing store, because it requires no prior "
4104
4111
"<filename>$lxcpath/C1/rootfs</filename>."
4105
4112
msgstr ""
4106
4113
4107
#: serverguide/C/virtualization.xml:1157(para)
4114
#: serverguide/C/virtualization.xml:1149(para)
4108
4115
msgid ""
4109
4116
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
4110
4117
"backed container, with a rootfs called "
4112
4119
" Other backing store types include loop, btrfs, LVM and zfs."
4113
4120
msgstr ""
4114
4121
4115
#: serverguide/C/virtualization.xml:1165(para)
4122
#: serverguide/C/virtualization.xml:1157(para)
4116
4123
msgid ""
4117
4124
"A btrfs backed container mostly looks like a directory backed container, "
4118
4125
"with its root filesystem in the same location. However, the root filesystem "
4120
4127
"snapshot."
4121
4128
msgstr ""
4122
4129
4123
#: serverguide/C/virtualization.xml:1172(para)
4130
#: serverguide/C/virtualization.xml:1164(para)
4124
4131
msgid ""
4125
4132
"The root filesystem for an LVM backed container can be any separate LV. The "
4126
4133
"default VG name can be specified in lxc.conf. The filesystem type and size "
4127
4134
"are configurable per-container using lxc-create."
4128
4135
msgstr ""
4129
4136
4130
#: serverguide/C/virtualization.xml:1178(para)
4137
#: serverguide/C/virtualization.xml:1170(para)
4131
4138
msgid ""
4132
4139
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
4133
4140
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
4135
4142
"in lxc.system.conf."
4136
4143
msgstr ""
4137
4144
4138
#: serverguide/C/virtualization.xml:1185(para)
4145
#: serverguide/C/virtualization.xml:1177(para)
4139
4146
msgid ""
4140
4147
"More information on creating containers with the various backing stores can "
4141
4148
"be found in the lxc-create manual page."
4142
4149
msgstr ""
4143
4150
4144
#: serverguide/C/virtualization.xml:1192(title)
4151
#: serverguide/C/virtualization.xml:1184(title)
4145
4152
msgid "Templates"
4146
4153
msgstr ""
4147
4154
4148
#: serverguide/C/virtualization.xml:1193(para)
4155
#: serverguide/C/virtualization.xml:1185(para)
4149
4156
msgid ""
4150
4157
"Creating a container generally involves creating a root filesystem for the "
4151
4158
"container. <command>lxc-create</command> delegates this work to "
4156
4163
"others."
4157
4164
msgstr ""
4158
4165
4159
#: serverguide/C/virtualization.xml:1202(para)
4166
#: serverguide/C/virtualization.xml:1194(para)
4160
4167
msgid ""
4161
4168
"Creating distribution images in most cases requires the ability to create "
4162
4169
"device nodes, often requires tools which are not available in other "
4167
4174
"could not for instance easily run the <command>debootstrap</command> command."
4168
4175
msgstr ""
4169
4176
4170
#: serverguide/C/virtualization.xml:1212(para)
4177
#: serverguide/C/virtualization.xml:1204(para)
4171
4178
msgid ""
4172
4179
"When running <command>lxc-create</command>, all options which come after "
4173
4180
"<emphasis>--</emphasis> are passed to the template. In the following "
4180
4187
"</screen>"
4181
4188
msgstr ""
4182
4189
4183
#: serverguide/C/virtualization.xml:1224(para)
4190
#: serverguide/C/virtualization.xml:1216(para)
4184
4191
msgid ""
4185
4192
"You can obtain help for the options supported by any particular container by "
4186
4193
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
4187
4194
"create</command>. For instance, for help with the download template,"
4188
4195
msgstr ""
4189
4196
4190
#: serverguide/C/virtualization.xml:1231(command)
4197
#: serverguide/C/virtualization.xml:1223(command)
4191
4198
msgid "lxc-create --template download --help"
4192
4199
msgstr ""
4193
4200
4194
#: serverguide/C/virtualization.xml:1237(title)
4201
#: serverguide/C/virtualization.xml:1229(title)
4195
4202
msgid "Autostart"
4196
4203
msgstr ""
4197
4204
4198
#: serverguide/C/virtualization.xml:1238(para)
4205
#: serverguide/C/virtualization.xml:1230(para)
4199
4206
msgid ""
4200
4207
"LXC supports marking containers to be started at system boot. Prior to "
4201
4208
"Ubuntu 14.04, this was done using symbolic links under the directory "
4212
4219
"lxc.container.conf for more information."
4213
4220
msgstr ""
4214
4221
4215
#: serverguide/C/virtualization.xml:2859(title)
4222
#: serverguide/C/virtualization.xml:1248(title)
4216
4223
msgid "Apparmor"
4217
4224
msgstr ""
4218
4225
4219
#: serverguide/C/virtualization.xml:1258(para)
4226
#: serverguide/C/virtualization.xml:1250(para)
4220
4227
msgid ""
4221
4228
"LXC ships with a default Apparmor profile intended to protect the host from "
4222
4229
"accidental misuses of privilege inside the container. For instance, the "
4224
4231
"trigger</filename> or to most <filename>/sys</filename> files."
4225
4232
msgstr ""
4226
4233
4227
#: serverguide/C/virtualization.xml:2867(para)
4234
#: serverguide/C/virtualization.xml:1256(para)
4228
4235
msgid ""
4229
4236
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4230
4237
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4237
4244
"dangerous paths, and from mounting most filesystems."
4238
4245
msgstr ""
4239
4246
4240
#: serverguide/C/virtualization.xml:1275(para)
4247
#: serverguide/C/virtualization.xml:1267(para)
4241
4248
msgid ""
4242
4249
"Programs in a container cannot be further confined - for instance, MySQL "
4243
4250
"runs under the container profile (protecting the host) but will not be able "
4244
4251
"to enter the MySQL profile (to protect the container)."
4245
4252
msgstr ""
4246
4253
4247
#: serverguide/C/virtualization.xml:2926(para)
4254
#: serverguide/C/virtualization.xml:1272(para)
4248
4255
msgid ""
4249
4256
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4250
4257
"container it spawns will be confined."
4251
4258
msgstr ""
4252
4259
4253
#: serverguide/C/virtualization.xml:1283(title)
4260
#: serverguide/C/virtualization.xml:1275(title)
4254
4261
msgid "Customizing container policies"
4255
4262
msgstr ""
4256
4263
4257
#: serverguide/C/virtualization.xml:2879(para)
4264
#: serverguide/C/virtualization.xml:1276(para)
4258
4265
msgid ""
4259
4266
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4260
4267
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4261
4268
"start profile by doing:"
4262
4269
msgstr ""
4263
4270
4264
#: serverguide/C/virtualization.xml:2885(screen)
4271
#: serverguide/C/virtualization.xml:1280(screen)
4265
4272
#, no-wrap
4266
4273
msgid ""
4267
4274
"\n"
4269
4276
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4270
4277
msgstr ""
4271
4278
4272
#: serverguide/C/virtualization.xml:2890(para)
4279
#: serverguide/C/virtualization.xml:1285(para)
4273
4280
msgid ""
4274
4281
"This will make <command>lxc-start</command> run unconfined, but continue to "
4275
4282
"confine the container itself. If you also wish to disable confinement of the "
4277
4284
"start</filename> profile, you must add:"
4278
4285
msgstr ""
4279
4286
4280
#: serverguide/C/virtualization.xml:2897(screen)
4287
#: serverguide/C/virtualization.xml:1290(screen)
4281
4288
#, no-wrap
4282
4289
msgid ""
4283
4290
"\n"
4284
4291
"lxc.aa_profile = unconfined\n"
4285
4292
msgstr ""
4286
4293
4287
#: serverguide/C/virtualization.xml:1302(para)
4294
#: serverguide/C/virtualization.xml:1294(para)
4288
4295
msgid "to the container's configuration file."
4289
4296
msgstr ""
4290
4297
4291
#: serverguide/C/virtualization.xml:1304(para)
4298
#: serverguide/C/virtualization.xml:1296(para)
4292
4299
msgid ""
4293
4300
"LXC ships with a few alternate policies for containers. If you wish to run "
4294
4301
"containers inside containers (nesting), then you can use the lxc-container-"
4297
4304
"lxc.aa_profile = lxc-container-default-with-nesting\n"
4298
4305
"\t</screen> If you wish to use libvirt inside containers, then you will need "
4299
4306
"to edit that policy (which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
4300
"default-with-nesting</filename>) to uncomment the following line <screen>\n"
4307
"default-with-nesting</filename>) by uncommenting the following line: "
4308
"<screen>\n"
4301
4309
"mount fstype=cgroup -> /sys/fs/cgroup/**,\n"
4302
4310
"\t</screen> and re-load the policy."
4303
4311
msgstr ""
4304
4312
4305
#: serverguide/C/virtualization.xml:1321(para)
4313
#: serverguide/C/virtualization.xml:1313(para)
4306
4314
msgid ""
4307
4315
"Note that the nesting policy with privileged containers is far less safe "
4308
4316
"than the default policy, as it allows containers to re-mount "
4312
4320
"<filename>proc</filename> and <filename>sys</filename> files."
4313
4321
msgstr ""
4314
4322
4315
#: serverguide/C/virtualization.xml:1329(para)
4323
#: serverguide/C/virtualization.xml:1321(para)
4316
4324
msgid ""
4317
4325
"Another profile shipped with lxc allows containers to mount block filesystem "
4318
4326
"types like ext4. This can be useful in some cases like maas provisioning, "
4320
4328
"have not been audited for safe handling of untrusted input."
4321
4329
msgstr ""
4322
4330
4323
#: serverguide/C/virtualization.xml:1335(para)
4331
#: serverguide/C/virtualization.xml:1327(para)
4324
4332
msgid ""
4325
4333
"If you need to run a container in a custom profile, you can create a new "
4326
4334
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
4332
4340
"permissions at the bottom of your policy."
4333
4341
msgstr ""
4334
4342
4335
#: serverguide/C/virtualization.xml:1346(para)
4343
#: serverguide/C/virtualization.xml:1338(para)
4336
4344
msgid "After creating the policy, load it using:"
4337
4345
msgstr ""
4338
4346
4339
#: serverguide/C/virtualization.xml:2910(screen)
4347
#: serverguide/C/virtualization.xml:1340(screen)
4340
4348
#, no-wrap
4341
4349
msgid ""
4342
4350
"\n"
4343
4351
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4344
4352
msgstr ""
4345
4353
4346
#: serverguide/C/virtualization.xml:2914(para)
4354
#: serverguide/C/virtualization.xml:1344(para)
4347
4355
msgid ""
4348
4356
"The profile will automatically be loaded after a reboot, because it is "
4349
4357
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4352
4360
"configuration file:"
4353
4361
msgstr ""
4354
4362
4355
#: serverguide/C/virtualization.xml:2922(screen)
4363
#: serverguide/C/virtualization.xml:1351(screen)
4356
4364
#, no-wrap
4357
4365
msgid ""
4358
4366
"\n"
4359
4367
"lxc.aa_profile = lxc-CN-profile\n"
4360
4368
msgstr ""
4361
4369
4362
#: serverguide/C/virtualization.xml:2934(title)
4370
#: serverguide/C/virtualization.xml:1359(title) serverguide/C/cgroups.xml:11(title)
4363
4371
msgid "Control Groups"
4364
4372
msgstr ""
4365
4373
4366
#: serverguide/C/virtualization.xml:1369(para)
4374
#: serverguide/C/virtualization.xml:1361(para)
4367
4375
msgid ""
4368
4376
"Control groups (cgroups) are a kernel feature providing hierarchical task "
4369
4377
"grouping and per-cgroup resource accounting and limits. They are used in "
4372
4380
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4373
4381
msgstr ""
4374
4382
4375
#: serverguide/C/virtualization.xml:1377(para)
4383
#: serverguide/C/virtualization.xml:1369(para)
4376
4384
msgid ""
4377
"By default, a privileged container CN will be assigned a cgroup called "
4385
"By default, a privileged container CN will be assigned to a cgroup called "
4378
4386
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4379
4387
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4380
4388
"at 0, will be appended to the cgroup name."
4381
4389
msgstr ""
4382
4390
4383
#: serverguide/C/virtualization.xml:1383(para)
4391
#: serverguide/C/virtualization.xml:1375(para)
4384
4392
msgid ""
4385
"By default, a privileged container CN will be assigned a cgroup called "
4393
"By default, a privileged container CN will be assigned to a cgroup called "
4386
4394
"<filename>CN</filename> under the cgroup of the task which started the "
4387
4395
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4388
4396
"The container root will be given group ownership of the directory (but not "
4389
4397
"all files) so that it is allowed to create new child cgroups."
4390
4398
msgstr ""
4391
4399
4392
#: serverguide/C/virtualization.xml:1390(para)
4400
#: serverguide/C/virtualization.xml:1382(para)
4393
4401
msgid ""
4394
4402
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4395
4403
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4396
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4404
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4397
4405
"nested containers, the line <screen>\n"
4398
4406
"<command>\n"
4399
4407
"lxc.mount.auto = cgroup\n"
4410
4418
"requests for which they are not authorized."
4411
4419
msgstr ""
4412
4420
4413
#: serverguide/C/virtualization.xml:3262(title)
4421
#: serverguide/C/virtualization.xml:1406(title)
4414
4422
msgid "Cloning"
4415
4423
msgstr ""
4416
4424
4417
#: serverguide/C/virtualization.xml:1416(para)
4425
#: serverguide/C/virtualization.xml:1408(para)
4418
4426
msgid ""
4419
4427
"For rapid provisioning, you may wish to customize a canonical container "
4420
4428
"according to your needs and then make multiple copies of it. This can be "
4421
4429
"done with the <command>lxc-clone</command> program."
4422
4430
msgstr ""
4423
4431
4424
#: serverguide/C/virtualization.xml:1420(para)
4432
#: serverguide/C/virtualization.xml:1412(para)
4425
4433
msgid ""
4426
4434
"Clones are either snapshots or copies of another container. A copy is a new "
4427
4435
"container copied from the original, and takes as much space on the host as "
4437
4445
"and apt-get to be slower."
4438
4446
msgstr ""
4439
4447
4440
#: serverguide/C/virtualization.xml:1434(para)
4448
#: serverguide/C/virtualization.xml:1426(para)
4441
4449
msgid ""
4442
4450
"Snapshots of directory-packed containers are created using the overlay "
4443
4451
"filesystem. For instance, a privileged directory-backed container C1 will "
4449
4457
"container, and to only use its snapshots."
4450
4458
msgstr ""
4451
4459
4452
#: serverguide/C/virtualization.xml:1446(para)
4460
#: serverguide/C/virtualization.xml:1438(para)
4453
4461
msgid "Given an existing container called C1, a copy can be created using:"
4454
4462
msgstr ""
4455
4463
4456
#: serverguide/C/virtualization.xml:3274(command)
4464
#: serverguide/C/virtualization.xml:1442(command)
4457
4465
msgid "sudo lxc-clone -o C1 -n C2"
4458
4466
msgstr ""
4459
4467
4460
#: serverguide/C/virtualization.xml:1455(para)
4461
msgid "A snapshot can be created using"
4468
#: serverguide/C/virtualization.xml:1447(para)
4469
msgid "A snapshot can be created using:"
4462
4470
msgstr ""
4463
4471
4464
#: serverguide/C/virtualization.xml:3288(command)
4472
#: serverguide/C/virtualization.xml:1449(command)
4465
4473
msgid "sudo lxc-clone -s -o C1 -n C2"
4466
4474
msgstr ""
4467
4475
4468
#: serverguide/C/virtualization.xml:1461(para)
4476
#: serverguide/C/virtualization.xml:1453(para)
4469
4477
msgid "See the lxc-clone manpage for more information."
4470
4478
msgstr ""
4471
4479
4472
#: serverguide/C/virtualization.xml:1464(title)
4480
#: serverguide/C/virtualization.xml:1456(title)
4473
4481
msgid "Snapshots"
4474
4482
msgstr ""
4475
4483
4476
#: serverguide/C/virtualization.xml:1465(para)
4484
#: serverguide/C/virtualization.xml:1457(para)
4477
4485
msgid ""
4478
4486
"To more easily support the use of snapshot clones for iterative container "
4479
4487
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4491
4499
"is erased and replaced with the snap1 snapshot."
4492
4500
msgstr ""
4493
4501
4494
#: serverguide/C/virtualization.xml:1484(para)
4502
#: serverguide/C/virtualization.xml:1476(para)
4495
4503
msgid ""
4496
4504
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
4497
4505
"lxc-snapshot is called on a directory-backed container, an error will be "
4512
4520
"</screen>"
4513
4521
msgstr ""
4514
4522
4515
#: serverguide/C/virtualization.xml:1508(title)
4523
#: serverguide/C/virtualization.xml:1500(title)
4516
4524
msgid "Ephemeral Containers"
4517
4525
msgstr ""
4518
4526
4519
#: serverguide/C/virtualization.xml:1509(para)
4527
#: serverguide/C/virtualization.xml:1501(para)
4520
4528
msgid ""
4521
4529
"While snapshots are useful for longer-term incremental development of "
4522
4530
"images, ephemeral containers utilize snapshots for quick, single-use "
4531
4539
"page for more options."
4532
4540
msgstr ""
4533
4541
4534
#: serverguide/C/virtualization.xml:1527(title)
4542
#: serverguide/C/virtualization.xml:1519(title)
4535
4543
msgid "Lifecycle management hooks"
4536
4544
msgstr ""
4537
4545
4538
#: serverguide/C/virtualization.xml:1529(para)
4546
#: serverguide/C/virtualization.xml:1521(para)
4539
4547
msgid ""
4540
4548
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4541
4549
"at specific points in a container's lifetime:"
4542
4550
msgstr ""
4543
4551
4544
#: serverguide/C/virtualization.xml:1534(para)
4552
#: serverguide/C/virtualization.xml:1526(para)
4545
4553
msgid ""
4546
4554
"Pre-start hooks are run in the host's namespace before the container ttys, "
4547
4555
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4548
4556
"be cleaned up in the post-stop hook."
4549
4557
msgstr ""
4550
4558
4551
#: serverguide/C/virtualization.xml:1541(para)
4559
#: serverguide/C/virtualization.xml:1533(para)
4552
4560
msgid ""
4553
4561
"Pre-mount hooks are run in the container's namespaces, but before the root "
4554
4562
"filesystem has been mounted. Mounts done in this hook will be automatically "
4555
4563
"cleaned up when the container shuts down."
4556
4564
msgstr ""
4557
4565
4558
#: serverguide/C/virtualization.xml:1548(para)
4566
#: serverguide/C/virtualization.xml:1540(para)
4559
4567
msgid ""
4560
4568
"Mount hooks are run after the container filesystems have been mounted, but "
4561
4569
"before the container has called <command>pivot_root</command> to change its "
4562
4570
"root filesystem."
4563
4571
msgstr ""
4564
4572
4565
#: serverguide/C/virtualization.xml:1555(para)
4573
#: serverguide/C/virtualization.xml:1547(para)
4566
4574
msgid ""
4567
4575
"Start hooks are run immediately before executing the container's init. Since "
4568
4576
"these are executed after pivoting into the container's filesystem, the "
4569
4577
"command to be executed must be copied into the container's filesystem."
4570
4578
msgstr ""
4571
4579
4572
#: serverguide/C/virtualization.xml:1562(para)
4580
#: serverguide/C/virtualization.xml:1554(para)
4573
4581
msgid "Post-stop hooks are executed after the container has been shut down."
4574
4582
msgstr ""
4575
4583
4576
#: serverguide/C/virtualization.xml:1567(para)
4584
#: serverguide/C/virtualization.xml:1559(para)
4577
4585
msgid ""
4578
4586
"If any hook returns an error, the container's run will be aborted. Any "
4579
4587
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4580
4588
"generated by the script will be logged at the debug priority."
4581
4589
msgstr ""
4582
4590
4583
#: serverguide/C/virtualization.xml:1572(para)
4591
#: serverguide/C/virtualization.xml:1564(para)
4584
4592
msgid ""
4585
4593
"Please see the lxc.container.conf manual page for the configuration file "
4586
4594
"format with which to specify hooks. Some sample hooks are shipped with the "
4587
4595
"lxc package to serve as an example of how to write and use such hooks."
4588
4596
msgstr ""
4589
4597
4590
#: serverguide/C/virtualization.xml:3452(title)
4598
#: serverguide/C/virtualization.xml:1571(title)
4591
4599
msgid "Consoles"
4592
4600
msgstr ""
4593
4601
4594
#: serverguide/C/virtualization.xml:1581(para)
4602
#: serverguide/C/virtualization.xml:1573(para)
4595
4603
msgid ""
4596
4604
"Containers have a configurable number of consoles. One always exists on the "
4597
4605
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4602
4610
"The number of extra consoles is specified by the <command>lxc.tty</command> "
4603
4611
"variable, and is usually set to 4. Those consoles are shown on "
4604
4612
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
4605
"3 from the host, use"
4613
"3 from the host, use:"
4606
4614
msgstr ""
4607
4615
4608
#: serverguide/C/virtualization.xml:3467(command)
4616
#: serverguide/C/virtualization.xml:1586(command)
4609
4617
msgid "sudo lxc-console -n container -t 3"
4610
4618
msgstr ""
4611
4619
4612
#: serverguide/C/virtualization.xml:3472(para)
4620
#: serverguide/C/virtualization.xml:1591(para)
4613
4621
msgid ""
4614
4622
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4615
4623
"console will be automatically chosen. To exit the console, use the escape "
4618
4626
"d</emphasis> option."
4619
4627
msgstr ""
4620
4628
4621
#: serverguide/C/virtualization.xml:3480(para)
4629
#: serverguide/C/virtualization.xml:1597(para)
4622
4630
msgid ""
4623
4631
"Each container console is actually a Unix98 pty in the host's (not the "
4624
4632
"guest's) pty mount, bind-mounted over the guest's "
4631
4639
"<filename>/dev</filename>."
4632
4640
msgstr ""
4633
4641
4634
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4642
#: serverguide/C/virtualization.xml:1609(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4635
4643
msgid "Troubleshooting"
4636
4644
msgstr ""
4637
4645
4638
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4646
#: serverguide/C/virtualization.xml:1611(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
4639
4647
msgid "Logging"
4640
4648
msgstr ""
4641
4649
4642
#: serverguide/C/virtualization.xml:1620(para)
4650
#: serverguide/C/virtualization.xml:1612(para)
4643
4651
msgid ""
4644
4652
"If something goes wrong when starting a container, the first step should be "
4645
4653
"to get full logging from LXC: <screen>\n"
4652
4660
"new log information will be appended."
4653
4661
msgstr ""
4654
4662
4655
#: serverguide/C/virtualization.xml:3414(title)
4663
#: serverguide/C/virtualization.xml:1627(title)
4656
4664
msgid "Monitoring container status"
4657
4665
msgstr ""
4658
4666
4659
#: serverguide/C/virtualization.xml:3416(para)
4667
#: serverguide/C/virtualization.xml:1629(para)
4660
4668
msgid ""
4661
4669
"Two commands are available to monitor container state changes. <command>lxc-"
4662
4670
"monitor</command> monitors one or more containers for any state changes. It "
4668
4676
"instance,"
4669
4677
msgstr ""
4670
4678
4671
#: serverguide/C/virtualization.xml:3429(command)
4679
#: serverguide/C/virtualization.xml:1639(command)
4672
4680
msgid "sudo lxc-monitor -n cont[0-5]*"
4673
4681
msgstr ""
4674
4682
4675
#: serverguide/C/virtualization.xml:3434(para)
4683
#: serverguide/C/virtualization.xml:1644(para)
4676
4684
msgid ""
4677
4685
"would print all state changes to any containers matching the listed regular "
4678
4686
"expression, whereas"
4679
4687
msgstr ""
4680
4688
4681
#: serverguide/C/virtualization.xml:3440(command)
4689
#: serverguide/C/virtualization.xml:1648(command)
4682
4690
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4683
4691
msgstr ""
4684
4692
4685
#: serverguide/C/virtualization.xml:3445(para)
4693
#: serverguide/C/virtualization.xml:1653(para)
4686
4694
msgid ""
4687
4695
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4688
4696
"then exit."
4689
4697
msgstr ""
4690
4698
4691
#: serverguide/C/virtualization.xml:1666(title)
4699
#: serverguide/C/virtualization.xml:1658(title)
4692
4700
msgid "Attach"
4693
4701
msgstr ""
4694
4702
4695
#: serverguide/C/virtualization.xml:1667(para)
4703
#: serverguide/C/virtualization.xml:1659(para)
4696
4704
msgid ""
4697
4705
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
4698
4706
"The simplest case is to simply do <screen>\n"
4705
4713
"context. See the manual page for more information."
4706
4714
msgstr ""
4707
4715
4708
#: serverguide/C/virtualization.xml:1683(title)
4716
#: serverguide/C/virtualization.xml:1675(title)
4709
4717
msgid "Container init verbosity"
4710
4718
msgstr ""
4711
4719
4712
#: serverguide/C/virtualization.xml:1684(para)
4720
#: serverguide/C/virtualization.xml:1676(para)
4713
4721
msgid ""
4714
4722
"If LXC completes the container startup, but the container init fails to "
4715
4723
"complete (for instance, no login prompt is shown), it can be useful to "
4728
4736
"</screen>"
4729
4737
msgstr ""
4730
4738
4731
#: serverguide/C/virtualization.xml:1708(title)
4739
#: serverguide/C/virtualization.xml:1700(title)
4732
4740
msgid "LXC API"
4733
4741
msgstr ""
4734
4742
4735
#: serverguide/C/virtualization.xml:1710(para)
4743
#: serverguide/C/virtualization.xml:1702(para)
4736
4744
msgid ""
4737
4745
"Most of the LXC functionality can now be accessed through an API exported by "
4738
4746
"<filename>liblxc</filename> for which bindings are available in several "
4739
4747
"languages, including Python, lua, ruby, and go."
4740
4748
msgstr ""
4741
4749
4742
#: serverguide/C/virtualization.xml:1714(para)
4750
#: serverguide/C/virtualization.xml:1706(para)
4743
4751
msgid ""
4744
4752
"Below is an example using the python bindings (which are available in the "
4745
4753
"<application>python3-lxc</application> package) which creates and starts a "
4746
4754
"container, then waits until it has been shut down:"
4747
4755
msgstr ""
4748
4756
4749
#: serverguide/C/virtualization.xml:1720(programlisting)
4757
#: serverguide/C/virtualization.xml:1712(programlisting)
4750
4758
#, no-wrap
4751
4759
msgid ""
4752
4760
"\n"
4768
4776
"True\n"
4769
4777
msgstr ""
4770
4778
4771
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4779
#: serverguide/C/virtualization.xml:1732(title) serverguide/C/security.xml:11(title)
4772
4780
msgid "Security"
4773
4781
msgstr "Бясьпека"
4774
4782
4775
#: serverguide/C/virtualization.xml:4351(para)
4783
#: serverguide/C/virtualization.xml:1734(para)
4776
4784
msgid ""
4777
4785
"A namespace maps ids to resources. By not providing a container any id with "
4778
4786
"which to reference a resource, the resource can be protected. This is the "
4783
4791
"host."
4784
4792
msgstr ""
4785
4793
4786
#: serverguide/C/virtualization.xml:1751(para)
4794
#: serverguide/C/virtualization.xml:1743(para)
4787
4795
msgid ""
4788
4796
"By default, LXC containers are started under a Apparmor policy to restrict "
4789
4797
"some actions. The details of AppArmor integration with lxc are in section "
4794
4802
"host."
4795
4803
msgstr ""
4796
4804
4797
#: serverguide/C/virtualization.xml:4375(title)
4805
#: serverguide/C/virtualization.xml:1754(title)
4798
4806
msgid "Exploitable system calls"
4799
4807
msgstr ""
4800
4808
4801
#: serverguide/C/virtualization.xml:1764(para)
4809
#: serverguide/C/virtualization.xml:1756(para)
4802
4810
msgid ""
4803
4811
"It is a core container feature that containers share a kernel with the host. "
4804
4812
"Therefore if the kernel contains any exploitable system calls the container "
4806
4814
"fully control any resource known to the host."
4807
4815
msgstr ""
4808
4816
4809
#: serverguide/C/virtualization.xml:1770(para)
4817
#: serverguide/C/virtualization.xml:1762(para)
4810
4818
msgid ""
4811
4819
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
4812
4820
"seccomp filter. Seccomp is a new kernel feature which filters the system "
4818
4826
"by a list of numbers, one per line."
4819
4827
msgstr ""
4820
4828
4821
#: serverguide/C/virtualization.xml:1780(para)
4829
#: serverguide/C/virtualization.xml:1772(para)
4822
4830
msgid ""
4823
4831
"In general to run a full distribution container a large number of system "
4824
4832
"calls will be needed. However for application containers it may be possible "
4830
4838
"loaded."
4831
4839
msgstr ""
4832
4840
4833
#: serverguide/C/virtualization.xml:4392(para)
4841
#: serverguide/C/virtualization.xml:1788(para)
4834
4842
msgid ""
4835
4843
"The DeveloperWorks article <ulink "
4836
4844
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4838
4846
"to the use of containers."
4839
4847
msgstr ""
4840
4848
4841
#: serverguide/C/virtualization.xml:4398(para)
4849
#: serverguide/C/virtualization.xml:1795(para)
4842
4850
msgid ""
4843
4851
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4844
4852
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4845
4853
"use of security modules to make containers more secure."
4846
4854
msgstr ""
4847
4855
4848
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4856
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4849
4857
msgid "Manual pages referenced above can be found at:"
4850
4858
msgstr ""
4851
4859
4852
#: serverguide/C/virtualization.xml:4407(ulink)
4860
#: serverguide/C/virtualization.xml:1804(ulink)
4853
4861
msgid "capabilities"
4854
4862
msgstr ""
4855
4863
4856
#: serverguide/C/virtualization.xml:4408(ulink)
4864
#: serverguide/C/virtualization.xml:1805(ulink)
4857
4865
msgid "lxc.conf"
4858
4866
msgstr ""
4859
4867
4860
#: serverguide/C/virtualization.xml:1818(para)
4868
#: serverguide/C/virtualization.xml:1810(para)
4861
4869
msgid ""
4862
4870
"The upstream LXC project is hosted at <ulink "
4863
4871
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4864
4872
msgstr ""
4865
4873
4866
#: serverguide/C/virtualization.xml:4420(para)
4874
#: serverguide/C/virtualization.xml:1815(para)
4867
4875
msgid ""
4868
4876
"LXC security issues are listed and discussed at <ulink "
4869
4877
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4870
4878
msgstr ""
4871
4879
4872
#: serverguide/C/virtualization.xml:1829(para)
4880
#: serverguide/C/virtualization.xml:1821(para)
4873
4881
msgid ""
4874
4882
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4875
4883
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4890
4898
"to manage information that changes often, there is room for version control."
4891
4899
msgstr ""
4892
4900
4893
#: serverguide/C/vcs.xml:15(title)
4901
#: serverguide/C/vcs.xml:22(title)
4894
4902
msgid "Bazaar"
4895
4903
msgstr "Bazaar"
4896
4904
4897
#: serverguide/C/vcs.xml:16(para)
4905
#: serverguide/C/vcs.xml:23(para)
4898
4906
msgid ""
4899
4907
"Bazaar is a new version control system sponsored by Canonical, the "
4900
4908
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
4904
4912
"maximize the level of community participation in open source projects."
4905
4913
msgstr ""
4906
4914
4907
#: serverguide/C/vcs.xml:27(para)
4915
#: serverguide/C/vcs.xml:34(para)
4908
4916
msgid ""
4909
4917
"At a terminal prompt, enter the following command to install "
4910
4918
"<application>bzr</application>: <screen>\n"
4912
4920
"</screen>"
4913
4921
msgstr ""
4914
4922
4915
#: serverguide/C/vcs.xml:38(para)
4923
#: serverguide/C/vcs.xml:45(para)
4916
4924
msgid ""
4917
4925
"To introduce yourself to <application>bzr</application>, use the "
4918
4926
"<emphasis>whoami</emphasis> command like this: <screen>\n"
4920
4928
"</screen>"
4921
4929
msgstr ""
4922
4930
4923
#: serverguide/C/vcs.xml:47(title)
4931
#: serverguide/C/vcs.xml:54(title)
4924
4932
msgid "Learning Bazaar"
4925
4933
msgstr "Вывучэньне Bazaar"
4926
4934
4927
#: serverguide/C/vcs.xml:48(para)
4935
#: serverguide/C/vcs.xml:55(para)
4928
4936
msgid ""
4929
4937
"Bazaar comes with bundled documentation installed into "
4930
4938
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
4934
4942
"</screen>"
4935
4943
msgstr ""
4936
4944
4937
#: serverguide/C/vcs.xml:58(para)
4945
#: serverguide/C/vcs.xml:65(para)
4938
4946
msgid ""
4939
4947
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
4940
4948
"<command>$ bzr help foo</command>\n"
4941
4949
"</screen>"
4942
4950
msgstr ""
4943
4951
4944
#: serverguide/C/vcs.xml:66(title)
4952
#: serverguide/C/vcs.xml:73(title)
4945
4953
msgid "Launchpad Integration"
4946
4954
msgstr ""
4947
4955
4948
#: serverguide/C/vcs.xml:67(para)
4956
#: serverguide/C/vcs.xml:74(para)
4949
4957
msgid ""
4950
4958
"While highly useful as a stand-alone system, Bazaar has good, optional "
4951
4959
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
4956
4964
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
4957
4965
msgstr ""
4958
4966
4959
#: serverguide/C/vcs.xml:80(title)
4967
#: serverguide/C/vcs.xml:87(title)
4960
4968
msgid "Git"
4961
4969
msgstr ""
4962
4970
4963
#: serverguide/C/vcs.xml:82(para)
4971
#: serverguide/C/vcs.xml:89(para)
4964
4972
msgid ""
4965
4973
"Git is an open source distributed version control system originally "
4966
4974
"developped by Linus Torvalds to support the development of the linux kernel. "
4969
4977
"access or a central server."
4970
4978
msgstr ""
4971
4979
4972
#: serverguide/C/vcs.xml:88(para)
4980
#: serverguide/C/vcs.xml:95(para)
4973
4981
msgid ""
4974
4982
"The <application>git</application> version control system is installed with "
4975
4983
"the following command"
4976
4984
msgstr ""
4977
4985
4978
#: serverguide/C/vcs.xml:92(command)
4986
#: serverguide/C/vcs.xml:99(command)
4979
4987
msgid "sudo apt-get install git"
4980
4988
msgstr ""
4981
4989
4982
#: serverguide/C/vcs.xml:97(para)
4990
#: serverguide/C/vcs.xml:104(para)
4983
4991
msgid ""
4984
4992
"Every git user should first introduce himself to git, by running these two "
4985
4993
"commands:"
4986
4994
msgstr ""
4987
4995
4988
#: serverguide/C/vcs.xml:99(command)
4996
#: serverguide/C/vcs.xml:106(command)
4989
4997
msgid "git config --global user.email \"you@example.com\""
4990
4998
msgstr ""
4991
4999
4992
#: serverguide/C/vcs.xml:100(command)
5000
#: serverguide/C/vcs.xml:107(command)
4993
5001
msgid "git config --global user.name \"Your Name\""
4994
5002
msgstr ""
4995
5003
4996
#: serverguide/C/vcs.xml:105(para)
5004
#: serverguide/C/vcs.xml:112(para)
4997
5005
msgid ""
4998
5006
"The above is already sufficient to use git in a distributed and secure way, "
4999
5007
"provided users have access to the machine assuming the server role via SSH. "
5000
"On the server machine, creating a new repository can be done with"
5008
"On the server machine, creating a new repository can be done with:"
5001
5009
msgstr ""
5002
5010
5003
#: serverguide/C/vcs.xml:108(command)
5011
#: serverguide/C/vcs.xml:119(command)
5004
5012
msgid "git init --bare /path/to/repository"
5005
5013
msgstr ""
5006
5014
5007
#: serverguide/C/vcs.xml:110(para)
5015
#: serverguide/C/vcs.xml:121(para)
5008
5016
msgid ""
5009
5017
"This creates a bare repository, that cannot be used to edit files directly. "
5010
5018
"If you would rather have a working copy of the contents of the repository on "
5011
5019
"the server, ommit the <emphasis>--bare</emphasis> option."
5012
5020
msgstr ""
5013
5021
5014
#: serverguide/C/vcs.xml:111(para)
5022
#: serverguide/C/vcs.xml:122(para)
5015
5023
msgid ""
5016
"Any client with ssh access to the machine can from then on clone the "
5017
"repository with"
5024
"Any client with SSH access to the machine can then clone the repository with:"
5018
5025
msgstr ""
5019
5026
5020
#: serverguide/C/vcs.xml:113(command)
5027
#: serverguide/C/vcs.xml:127(command)
5021
5028
msgid "git clone username@hostname:/path/to/repository"
5022
5029
msgstr ""
5023
5030
5024
#: serverguide/C/vcs.xml:115(para)
5031
#: serverguide/C/vcs.xml:129(para)
5025
5032
msgid ""
5026
5033
"Once cloned to the client's machine, the client can edit files, then commit "
5027
5034
"and share them with:"
5028
5035
msgstr ""
5029
5036
5030
#: serverguide/C/vcs.xml:119(command)
5037
#: serverguide/C/vcs.xml:133(command)
5031
5038
msgid "cd /path/to/repository"
5032
5039
msgstr ""
5033
5040
5034
#: serverguide/C/vcs.xml:120(command)
5041
#: serverguide/C/vcs.xml:134(command)
5035
5042
msgid "#(edit some files"
5036
5043
msgstr ""
5037
5044
5038
#: serverguide/C/vcs.xml:121(command)
5045
#: serverguide/C/vcs.xml:135(command)
5039
5046
msgid ""
5040
5047
"git commit -a # Commit all changes to the local version of the repository"
5041
5048
msgstr ""
5042
5049
5043
#: serverguide/C/vcs.xml:122(command)
5050
#: serverguide/C/vcs.xml:136(command)
5044
5051
msgid ""
5045
5052
"git push origin master # Push changes to the server's version of the "
5046
5053
"repository"
5047
5054
msgstr ""
5048
5055
5049
#: serverguide/C/vcs.xml:127(title)
5056
#: serverguide/C/vcs.xml:141(title)
5050
5057
msgid "Installing a gitolite server"
5051
5058
msgstr ""
5052
5059
5053
#: serverguide/C/vcs.xml:128(para)
5060
#: serverguide/C/vcs.xml:142(para)
5054
5061
msgid ""
5055
5062
"While the above is sufficient to create, clone and edit repositories, users "
5056
5063
"wanting to install git on a server will most likely want to have git work "
5059
5066
"<application>gitolite</application> with the following command:"
5060
5067
msgstr ""
5061
5068
5062
#: serverguide/C/vcs.xml:134(command)
5069
#: serverguide/C/vcs.xml:148(command)
5063
5070
msgid "sudo apt-get install gitolite"
5064
5071
msgstr ""
5065
5072
5066
#: serverguide/C/vcs.xml:139(title)
5073
#: serverguide/C/vcs.xml:153(title)
5067
5074
msgid "Gitolite configuration"
5068
5075
msgstr ""
5069
5076
5070
#: serverguide/C/vcs.xml:140(para)
5077
#: serverguide/C/vcs.xml:154(para)
5071
5078
msgid ""
5072
5079
"Configuration of the <application>gitolite</application> server is a little "
5073
5080
"different that most other servers on Unix-like systems. Instead of the "
5076
5083
"therefore to allow access to the configuration repository."
5077
5084
msgstr ""
5078
5085
5079
#: serverguide/C/vcs.xml:145(para)
5086
#: serverguide/C/vcs.xml:159(para)
5080
5087
msgid "First of all, let's create a user for gitolite to be accessed as."
5081
5088
msgstr ""
5082
5089
5083
#: serverguide/C/vcs.xml:149(command)
5090
#: serverguide/C/vcs.xml:163(command)
5084
5091
msgid ""
5085
5092
"sudo adduser --system --shell /bin/bash --group --disabled-password --home "
5086
5093
"/home/git git"
5087
5094
msgstr ""
5088
5095
5089
#: serverguide/C/vcs.xml:151(para)
5096
#: serverguide/C/vcs.xml:165(para)
5090
5097
msgid ""
5091
5098
"Now we want to let gitolite know about the repository administrator's public "
5092
5099
"SSH key. This assumes that the current user is the repository administrator. "
5094
5101
"keys\"/>"
5095
5102
msgstr ""
5096
5103
5097
#: serverguide/C/vcs.xml:156(command)
5104
#: serverguide/C/vcs.xml:170(command)
5098
5105
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5099
5106
msgstr ""
5100
5107
5101
#: serverguide/C/vcs.xml:158(para)
5108
#: serverguide/C/vcs.xml:172(para)
5102
5109
msgid ""
5103
5110
"Let's switch to the git user and import the administrator's key into "
5104
5111
"gitolite."
5105
5112
msgstr ""
5106
5113
5107
#: serverguide/C/vcs.xml:162(command)
5114
#: serverguide/C/vcs.xml:176(command)
5108
5115
msgid "sudo su - git"
5109
5116
msgstr ""
5110
5117
5111
#: serverguide/C/vcs.xml:163(command)
5118
#: serverguide/C/vcs.xml:177(command)
5112
5119
msgid "gl-setup /tmp/*.pub"
5113
5120
msgstr ""
5114
5121
5115
#: serverguide/C/vcs.xml:165(para)
5122
#: serverguide/C/vcs.xml:179(para)
5116
5123
msgid ""
5117
5124
"Gitolite will allow you to make initial changes to its configuration file "
5118
5125
"during the setup process. You can now clone and modify the gitolite "
5121
5128
"configuration repository:"
5122
5129
msgstr ""
5123
5130
5124
#: serverguide/C/vcs.xml:169(command)
5131
#: serverguide/C/vcs.xml:183(command)
5125
5132
msgid "exit"
5126
5133
msgstr ""
5127
5134
5128
#: serverguide/C/vcs.xml:170(command)
5135
#: serverguide/C/vcs.xml:184(command)
5129
5136
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5130
5137
msgstr ""
5131
5138
5132
#: serverguide/C/vcs.xml:171(command)
5139
#: serverguide/C/vcs.xml:185(command)
5133
5140
msgid "cd gitolite-admin"
5134
5141
msgstr ""
5135
5142
5136
#: serverguide/C/vcs.xml:173(para)
5143
#: serverguide/C/vcs.xml:187(para)
5137
5144
msgid ""
5138
5145
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5139
5146
"configuration files are in the conf dir, and the keydir directory contains "
5140
5147
"the list of user's public SSH keys."
5141
5148
msgstr ""
5142
5149
5143
#: serverguide/C/vcs.xml:176(title)
5150
#: serverguide/C/vcs.xml:190(title)
5144
5151
msgid "Managing gitolite users and repositories"
5145
5152
msgstr ""
5146
5153
5147
#: serverguide/C/vcs.xml:177(para)
5154
#: serverguide/C/vcs.xml:191(para)
5148
5155
msgid ""
5149
5156
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5150
5157
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5155
5162
"server with"
5156
5163
msgstr ""
5157
5164
5158
#: serverguide/C/vcs.xml:179(command)
5165
#: serverguide/C/vcs.xml:193(command)
5159
5166
msgid "git commit -a"
5160
5167
msgstr ""
5161
5168
5162
#: serverguide/C/vcs.xml:180(command)
5169
#: serverguide/C/vcs.xml:194(command)
5163
5170
msgid "git push origin master"
5164
5171
msgstr ""
5165
5172
5166
#: serverguide/C/vcs.xml:182(para)
5173
#: serverguide/C/vcs.xml:196(para)
5167
5174
msgid ""
5168
5175
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5169
5176
"is space separated, and simply specifies the list of repositories followed "
5170
5177
"by some access rules. The following is a default example"
5171
5178
msgstr ""
5172
5179
5173
#: serverguide/C/vcs.xml:183(programlisting)
5180
#: serverguide/C/vcs.xml:197(programlisting)
5174
5181
#, no-wrap
5175
5182
msgid ""
5176
5183
"\n"
5184
5191
" R = denise\n"
5185
5192
msgstr ""
5186
5193
5187
#: serverguide/C/vcs.xml:195(title)
5194
#: serverguide/C/vcs.xml:209(title)
5188
5195
msgid "Using your server"
5189
5196
msgstr ""
5190
5197
5191
#: serverguide/C/vcs.xml:196(para)
5198
#: serverguide/C/vcs.xml:210(para)
5192
5199
msgid ""
5193
5200
"To use the newly created server, users have to have the gitolite admin "
5194
5201
"import their public key into the gitolite configuration repository, they can "
5195
5202
"then access any project they have access to with the following command:"
5196
5203
msgstr ""
5197
5204
5198
#: serverguide/C/vcs.xml:198(command)
5205
#: serverguide/C/vcs.xml:212(command)
5199
5206
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5200
5207
msgstr ""
5201
5208
5202
#: serverguide/C/vcs.xml:200(para)
5209
#: serverguide/C/vcs.xml:214(para)
5203
5210
msgid ""
5204
5211
"Or add the server's project as a remote for an existing git repository:"
5205
5212
msgstr ""
5206
5213
5207
#: serverguide/C/vcs.xml:202(command)
5214
#: serverguide/C/vcs.xml:216(command)
5208
5215
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5209
5216
msgstr ""
5210
5217
5211
#: serverguide/C/vcs.xml:79(title)
5218
#: serverguide/C/vcs.xml:221(title)
5212
5219
msgid "Subversion"
5213
5220
msgstr ""
5214
5221
5215
#: serverguide/C/vcs.xml:80(para)
5222
#: serverguide/C/vcs.xml:222(para)
5216
5223
msgid ""
5217
5224
"Subversion is an open source version control system. Using Subversion, you "
5218
5225
"can record the history of source files and documents. It manages files and "
5221
5228
"remembers every change ever made to files and directories."
5222
5229
msgstr ""
5223
5230
5224
#: serverguide/C/vcs.xml:85(para)
5231
#: serverguide/C/vcs.xml:227(para)
5225
5232
msgid ""
5226
5233
"To access Subversion repository using the HTTP protocol, you must install "
5227
5234
"and configure a web server. Apache2 is proven to work with Subversion. "
5232
5239
"section to install and configure the digital certificate."
5233
5240
msgstr ""
5234
5241
5235
#: serverguide/C/vcs.xml:94(para)
5242
#: serverguide/C/vcs.xml:236(para)
5236
5243
msgid ""
5237
5244
"To install Subversion, run the following command from a terminal prompt:"
5238
5245
msgstr ""
5239
5246
5240
#: serverguide/C/vcs.xml:227(command)
5247
#: serverguide/C/vcs.xml:241(command)
5241
5248
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5242
5249
msgstr ""
5243
5250
5244
#: serverguide/C/vcs.xml:105(title)
5251
#: serverguide/C/vcs.xml:247(title)
5245
5252
msgid "Server Configuration"
5246
5253
msgstr ""
5247
5254
5248
#: serverguide/C/vcs.xml:106(para)
5255
#: serverguide/C/vcs.xml:248(para)
5249
5256
msgid ""
5250
5257
"This step assumes you have installed above mentioned packages on your "
5251
5258
"system. This section explains how to create a Subversion repository and "
5252
5259
"access the project."
5253
5260
msgstr ""
5254
5261
5255
#: serverguide/C/vcs.xml:109(title)
5262
#: serverguide/C/vcs.xml:251(title)
5256
5263
msgid "Create Subversion Repository"
5257
5264
msgstr ""
5258
5265
5259
#: serverguide/C/vcs.xml:110(para)
5266
#: serverguide/C/vcs.xml:252(para)
5260
5267
msgid ""
5261
5268
"The Subversion repository can be created using the following command from a "
5262
5269
"terminal prompt:"
5263
5270
msgstr ""
5264
5271
5265
#: serverguide/C/vcs.xml:114(command)
5272
#: serverguide/C/vcs.xml:256(command)
5266
5273
msgid "svnadmin create /path/to/repos/project"
5267
5274
msgstr ""
5268
5275
5269
#: serverguide/C/vcs.xml:119(title)
5276
#: serverguide/C/vcs.xml:261(title)
5270
5277
msgid "Importing Files"
5271
5278
msgstr "Імпартаваньне файлаў"
5272
5279
5273
#: serverguide/C/vcs.xml:120(para)
5280
#: serverguide/C/vcs.xml:262(para)
5274
5281
msgid ""
5275
5282
"Once you create the repository you can <emphasis>import</emphasis> files "
5276
5283
"into the repository. To import a directory, enter the following from a "
5280
5287
"</screen>"
5281
5288
msgstr ""
5282
5289
5283
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5290
#: serverguide/C/vcs.xml:274(title) serverguide/C/vcs.xml:279(title)
5284
5291
msgid "Access Methods"
5285
5292
msgstr ""
5286
5293
5287
#: serverguide/C/vcs.xml:133(para)
5294
#: serverguide/C/vcs.xml:275(para)
5288
5295
msgid ""
5289
5296
"Subversion repositories can be accessed (checked out) through many different "
5290
5297
"methods --on local disk, or through various network protocols. A repository "
5292
5299
"schemes map to the available access methods."
5293
5300
msgstr ""
5294
5301
5295
#: serverguide/C/vcs.xml:144(para)
5302
#: serverguide/C/vcs.xml:286(para)
5296
5303
msgid "Schema"
5297
5304
msgstr ""
5298
5305
5299
#: serverguide/C/vcs.xml:145(para)
5306
#: serverguide/C/vcs.xml:287(para)
5300
5307
msgid "Access Method"
5301
5308
msgstr ""
5302
5309
5303
#: serverguide/C/vcs.xml:150(para)
5310
#: serverguide/C/vcs.xml:292(para)
5304
5311
msgid "file://"
5305
5312
msgstr "file://"
5306
5313
5307
#: serverguide/C/vcs.xml:151(para)
5314
#: serverguide/C/vcs.xml:293(para)
5308
5315
msgid "direct repository access (on local disk)"
5309
5316
msgstr ""
5310
5317
5311
#: serverguide/C/vcs.xml:154(para)
5318
#: serverguide/C/vcs.xml:296(para)
5312
5319
msgid "http://"
5313
5320
msgstr "http://"
5314
5321
5315
#: serverguide/C/vcs.xml:155(para)
5322
#: serverguide/C/vcs.xml:297(para)
5316
5323
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5317
5324
msgstr ""
5318
5325
5319
#: serverguide/C/vcs.xml:158(para)
5326
#: serverguide/C/vcs.xml:300(para)
5320
5327
msgid "https://"
5321
5328
msgstr "https://"
5322
5329
5323
#: serverguide/C/vcs.xml:159(para)
5330
#: serverguide/C/vcs.xml:301(para)
5324
5331
msgid "Same as http://, but with SSL encryption"
5325
5332
msgstr ""
5326
5333
5327
#: serverguide/C/vcs.xml:162(para)
5334
#: serverguide/C/vcs.xml:304(para)
5328
5335
msgid "svn://"
5329
5336
msgstr "svn://"
5330
5337
5331
#: serverguide/C/vcs.xml:163(para)
5338
#: serverguide/C/vcs.xml:305(para)
5332
5339
msgid "Access via custom protocol to an svnserve server"
5333
5340
msgstr ""
5334
5341
5335
#: serverguide/C/vcs.xml:166(para)
5342
#: serverguide/C/vcs.xml:308(para)
5336
5343
msgid "svn+ssh://"
5337
5344
msgstr "svn+ssh://"
5338
5345
5339
#: serverguide/C/vcs.xml:167(para)
5346
#: serverguide/C/vcs.xml:309(para)
5340
5347
msgid "Same as svn://, but through an SSH tunnel"
5341
5348
msgstr ""
5342
5349
5343
#: serverguide/C/vcs.xml:173(para)
5350
#: serverguide/C/vcs.xml:315(para)
5344
5351
msgid ""
5345
5352
"In this section, we will see how to configure Subversion for all these "
5346
5353
"access methods. Here, we cover the basics. For more advanced usage details, "
5347
5354
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5348
5355
msgstr ""
5349
5356
5350
#: serverguide/C/vcs.xml:180(title)
5357
#: serverguide/C/vcs.xml:322(title)
5351
5358
msgid "Direct repository access (file://)"
5352
5359
msgstr ""
5353
5360
5354
#: serverguide/C/vcs.xml:181(para)
5361
#: serverguide/C/vcs.xml:323(para)
5355
5362
msgid ""
5356
5363
"This is the simplest of all access methods. It does not require any "
5357
5364
"Subversion server process to be running. This access method is used to "
5359
5366
"at a terminal prompt, is as follows:"
5360
5367
msgstr ""
5361
5368
5362
#: serverguide/C/vcs.xml:188(command)
5369
#: serverguide/C/vcs.xml:330(command)
5363
5370
msgid "svn co file:///path/to/repos/project"
5364
5371
msgstr ""
5365
5372
5366
#: serverguide/C/vcs.xml:191(para)
5373
#: serverguide/C/vcs.xml:333(para)
5367
5374
msgid "or"
5368
5375
msgstr ""
5369
5376
5370
#: serverguide/C/vcs.xml:194(command)
5377
#: serverguide/C/vcs.xml:336(command)
5371
5378
msgid "svn co file://localhost/path/to/repos/project"
5372
5379
msgstr ""
5373
5380
5374
#: serverguide/C/vcs.xml:198(para)
5381
#: serverguide/C/vcs.xml:340(para)
5375
5382
msgid ""
5376
5383
"If you do not specify the hostname, there are three forward slashes (///) -- "
5377
5384
"two for the protocol (file, in this case) plus the leading slash in the "
5378
5385
"path. If you specify the hostname, you must use two forward slashes (//)."
5379
5386
msgstr ""
5380
5387
5381
#: serverguide/C/vcs.xml:200(para)
5388
#: serverguide/C/vcs.xml:342(para)
5382
5389
msgid ""
5383
5390
"The repository permissions depend on filesystem permissions. If the user has "
5384
5391
"read/write permission, he can checkout from and commit to the repository."
5385
5392
msgstr ""
5386
5393
5387
#: serverguide/C/vcs.xml:203(title)
5394
#: serverguide/C/vcs.xml:345(title)
5388
5395
msgid "Access via WebDAV protocol (http://)"
5389
5396
msgstr ""
5390
5397
5391
#: serverguide/C/vcs.xml:332(para)
5398
#: serverguide/C/vcs.xml:346(para)
5392
5399
msgid ""
5393
5400
"To access the Subversion repository via WebDAV protocol, you must configure "
5394
5401
"your Apache 2 web server. Add the following snippet between the "
5398
5405
"another VirtualHost file:"
5399
5406
msgstr ""
5400
5407
5401
#: serverguide/C/vcs.xml:338(programlisting)
5408
#: serverguide/C/vcs.xml:352(programlisting)
5402
5409
#, no-wrap
5403
5410
msgid ""
5404
5411
"\n"
5412
5419
" </Location> \n"
5413
5420
msgstr ""
5414
5421
5415
#: serverguide/C/vcs.xml:349(para)
5422
#: serverguide/C/vcs.xml:363(para)
5416
5423
msgid ""
5417
5424
"The above configuration snippet assumes that Subversion repositories are "
5418
5425
"created under <filename>/path/to/repos</filename> directory using "
5421
5428
"<command>http://hostname/svn/repos_name</command> url."
5422
5429
msgstr ""
5423
5430
5424
#: serverguide/C/vcs.xml:355(para)
5431
#: serverguide/C/vcs.xml:369(para)
5425
5432
msgid ""
5426
5433
"Changing the apache configuration like the above requires to reload the "
5427
5434
"service with the following command"
5428
5435
msgstr ""
5429
5436
5430
#: serverguide/C/vcs.xml:360(command)
5437
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
5431
5438
msgid "sudo service apache2 reload"
5432
5439
msgstr ""
5433
5440
5434
#: serverguide/C/vcs.xml:362(para)
5441
#: serverguide/C/vcs.xml:376(para)
5435
5442
msgid ""
5436
5443
"To import or commit files to your Subversion repository over HTTP, the "
5437
5444
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5439
5446
"repository files enter the following command from terminal prompt:"
5440
5447
msgstr ""
5441
5448
5442
#: serverguide/C/vcs.xml:236(command)
5449
#: serverguide/C/vcs.xml:385(command)
5443
5450
msgid "sudo chown -R www-data:www-data /path/to/repos"
5444
5451
msgstr "sudo chown -R www-data:www-data /path/to/repos"
5445
5452
5446
#: serverguide/C/vcs.xml:239(para)
5453
#: serverguide/C/vcs.xml:388(para)
5447
5454
msgid ""
5448
5455
"By changing the ownership of repository as <command>www-data</command> you "
5449
5456
"will not be able to import or commit files into the repository by running "
5451
5458
"<command>www-data</command>."
5452
5459
msgstr ""
5453
5460
5454
#: serverguide/C/vcs.xml:248(para)
5461
#: serverguide/C/vcs.xml:397(para)
5455
5462
msgid ""
5456
5463
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5457
5464
"that will contain user authentication details. To create a file issue the "
5459
5466
"the first user):"
5460
5467
msgstr ""
5461
5468
5462
#: serverguide/C/vcs.xml:254(command)
5469
#: serverguide/C/vcs.xml:403(command)
5463
5470
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5464
5471
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
5465
5472
5466
#: serverguide/C/vcs.xml:257(para)
5473
#: serverguide/C/vcs.xml:406(para)
5467
5474
msgid ""
5468
5475
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5469
5476
"option replaces the old file. Instead use this form:"
5470
5477
msgstr ""
5471
5478
5472
#: serverguide/C/vcs.xml:262(command)
5479
#: serverguide/C/vcs.xml:411(command)
5473
5480
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5474
5481
msgstr ""
5475
5482
5476
#: serverguide/C/vcs.xml:266(para)
5483
#: serverguide/C/vcs.xml:415(para)
5477
5484
msgid ""
5478
5485
"This command will prompt you to enter the password. Once you enter the "
5479
5486
"password, the user is added. Now, to access the repository you can run the "
5480
5487
"following command:"
5481
5488
msgstr ""
5482
5489
5483
#: serverguide/C/vcs.xml:267(command)
5490
#: serverguide/C/vcs.xml:416(command)
5484
5491
msgid "svn co http://servername/svn"
5485
5492
msgstr ""
5486
5493
5487
#: serverguide/C/vcs.xml:269(para)
5494
#: serverguide/C/vcs.xml:418(para)
5488
5495
msgid ""
5489
5496
"The password is transmitted as plain text. If you are worried about password "
5490
5497
"snooping, you are advised to use SSL encryption. For details, please refer "
5491
5498
"next section."
5492
5499
msgstr ""
5493
5500
5494
#: serverguide/C/vcs.xml:275(title)
5501
#: serverguide/C/vcs.xml:424(title)
5495
5502
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5496
5503
msgstr ""
5497
5504
5498
#: serverguide/C/vcs.xml:411(para)
5505
#: serverguide/C/vcs.xml:425(para)
5499
5506
msgid ""
5500
5507
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5501
5508
"(https://) is similar to http:// except that you must install and configure "
5506
5513
"configuration\"/>."
5507
5514
msgstr ""
5508
5515
5509
#: serverguide/C/vcs.xml:285(para)
5516
#: serverguide/C/vcs.xml:434(para)
5510
5517
msgid ""
5511
5518
"You can install a digital certificate issued by a signing authority. "
5512
5519
"Alternatively, you can install your own self-signed certificate."
5513
5520
msgstr ""
5514
5521
5515
#: serverguide/C/vcs.xml:290(para)
5522
#: serverguide/C/vcs.xml:439(para)
5516
5523
msgid ""
5517
5524
"This step assumes you have installed and configured a digital certificate in "
5518
5525
"your Apache 2 web server. Now, to access the Subversion repository, please "
5520
5527
"the protocol. You must use https:// to access the Subversion repository."
5521
5528
msgstr ""
5522
5529
5523
#: serverguide/C/vcs.xml:300(title)
5530
#: serverguide/C/vcs.xml:449(title)
5524
5531
msgid "Access via custom protocol (svn://)"
5525
5532
msgstr ""
5526
5533
5527
#: serverguide/C/vcs.xml:301(para)
5534
#: serverguide/C/vcs.xml:450(para)
5528
5535
msgid ""
5529
5536
"Once the Subversion repository is created, you can configure the access "
5530
5537
"control. You can edit the <filename> "
5533
5540
"following lines in the configuration file:"
5534
5541
msgstr ""
5535
5542
5536
#: serverguide/C/vcs.xml:308(programlisting)
5543
#: serverguide/C/vcs.xml:457(programlisting)
5537
5544
#, no-wrap
5538
5545
msgid ""
5539
5546
"# [general]\n"
5542
5549
"# [general]\n"
5543
5550
"# password-db = passwd"
5544
5551
5545
#: serverguide/C/vcs.xml:311(para)
5552
#: serverguide/C/vcs.xml:460(para)
5546
5553
msgid ""
5547
5554
"After uncommenting the above lines, you can maintain the user list in the "
5548
5555
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5549
5556
"directory and add the new user. The syntax is as follows:"
5550
5557
msgstr ""
5551
5558
5552
#: serverguide/C/vcs.xml:317(programlisting)
5559
#: serverguide/C/vcs.xml:466(programlisting)
5553
5560
#, no-wrap
5554
5561
msgid "username = password"
5555
5562
msgstr ""
5556
5563
5557
#: serverguide/C/vcs.xml:318(para)
5564
#: serverguide/C/vcs.xml:467(para)
5558
5565
msgid "For more details, please refer to the file."
5559
5566
msgstr ""
5560
5567
5561
#: serverguide/C/vcs.xml:322(para)
5568
#: serverguide/C/vcs.xml:471(para)
5562
5569
msgid ""
5563
5570
"Now, to access Subversion via the svn:// custom protocol, either from the "
5564
5571
"same machine or a different machine, you can run svnserver using svnserve "
5565
5572
"command. The syntax is as follows:"
5566
5573
msgstr ""
5567
5574
5568
#: serverguide/C/vcs.xml:327(programlisting)
5575
#: serverguide/C/vcs.xml:476(programlisting)
5569
5576
#, no-wrap
5570
5577
msgid ""
5571
5578
"$ svnserve -d --foreground -r /path/to/repos\n"
5577
5584
"$ svnserve --help"
5578
5585
msgstr ""
5579
5586
5580
#: serverguide/C/vcs.xml:335(para)
5587
#: serverguide/C/vcs.xml:484(para)
5581
5588
msgid ""
5582
5589
"Once you run this command, Subversion starts listening on default port "
5583
5590
"(3690). To access the project repository, you must run the following command "
5584
5591
"from a terminal prompt:"
5585
5592
msgstr ""
5586
5593
5587
#: serverguide/C/vcs.xml:338(command)
5594
#: serverguide/C/vcs.xml:487(command)
5588
5595
msgid "svn co svn://hostname/project project --username user_name"
5589
5596
msgstr "svn co svn://hostname/project project --username user_name"
5590
5597
5591
#: serverguide/C/vcs.xml:341(para)
5598
#: serverguide/C/vcs.xml:490(para)
5592
5599
msgid ""
5593
5600
"Based on server configuration, it prompts for password. Once you are "
5594
5601
"authenticated, it checks out the code from Subversion repository. To "
5597
5604
"a terminal prompt, is as follows:"
5598
5605
msgstr ""
5599
5606
5600
#: serverguide/C/vcs.xml:349(command)
5607
#: serverguide/C/vcs.xml:498(command)
5601
5608
msgid "cd project_dir ; svn update"
5602
5609
msgstr ""
5603
5610
5604
#: serverguide/C/vcs.xml:352(para)
5611
#: serverguide/C/vcs.xml:501(para)
5605
5612
msgid ""
5606
5613
"For more details about using each Subversion sub-command, you can refer to "
5607
5614
"the manual. For example, to learn more about the co (checkout) command, "
5608
5615
"please run the following command from a terminal prompt:"
5609
5616
msgstr ""
5610
5617
5611
#: serverguide/C/vcs.xml:356(command)
5618
#: serverguide/C/vcs.xml:505(command)
5612
5619
msgid "svn co help"
5613
5620
msgstr "svn co help"
5614
5621
5615
#: serverguide/C/vcs.xml:495(title)
5622
#: serverguide/C/vcs.xml:509(title)
5616
5623
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5617
5624
msgstr ""
5618
5625
5619
#: serverguide/C/vcs.xml:361(para)
5626
#: serverguide/C/vcs.xml:510(para)
5620
5627
msgid ""
5621
5628
"The configuration and server process is same as in the svn:// method. For "
5622
5629
"details, please refer to the above section. This step assumes you have "
5624
5631
"<application>svnserve</application> command."
5625
5632
msgstr ""
5626
5633
5627
#: serverguide/C/vcs.xml:367(para)
5634
#: serverguide/C/vcs.xml:516(para)
5628
5635
msgid ""
5629
5636
"It is also assumed that the ssh server is running on that machine and that "
5630
5637
"it is allowing incoming connections. To confirm, please try to login to that "
5632
5639
"login, please address it before continuing further."
5633
5640
msgstr ""
5634
5641
5635
#: serverguide/C/vcs.xml:373(para)
5642
#: serverguide/C/vcs.xml:522(para)
5636
5643
msgid ""
5637
5644
"The svn+ssh:// protocol is used to access the Subversion repository using "
5638
5645
"SSL encryption. The data transfer is encrypted using this method. To access "
5640
5647
"following command syntax:"
5641
5648
msgstr ""
5642
5649
5643
#: serverguide/C/vcs.xml:515(command)
5650
#: serverguide/C/vcs.xml:529(command)
5644
5651
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5645
5652
msgstr ""
5646
5653
5647
#: serverguide/C/vcs.xml:384(para)
5654
#: serverguide/C/vcs.xml:533(para)
5648
5655
msgid ""
5649
5656
"You must use the full path (/path/to/repos/project) to access the Subversion "
5650
5657
"repository using this access method."
5651
5658
msgstr ""
5652
5659
5653
#: serverguide/C/vcs.xml:387(para)
5660
#: serverguide/C/vcs.xml:536(para)
5654
5661
msgid ""
5655
5662
"Based on server configuration, it prompts for password. You must enter the "
5656
5663
"password you use to login via ssh. Once you are authenticated, it checks out "
5657
5664
"the code from the Subversion repository."
5658
5665
msgstr ""
5659
5666
5660
#: serverguide/C/vcs.xml:539(ulink)
5667
#: serverguide/C/vcs.xml:551(ulink)
5661
5668
msgid "Bazaar Home Page"
5662
5669
msgstr "Хатняя старонка Bazaar"
5663
5670
5664
#: serverguide/C/vcs.xml:540(ulink)
5671
#: serverguide/C/vcs.xml:556(ulink)
5665
5672
msgid "Launchpad"
5666
5673
msgstr "Launchpad"
5667
5674
5668
#: serverguide/C/vcs.xml:547(ulink)
5675
#: serverguide/C/vcs.xml:561(ulink)
5669
5676
msgid "Git homepage"
5670
5677
msgstr ""
5671
5678
5672
#: serverguide/C/vcs.xml:552(ulink)
5679
#: serverguide/C/vcs.xml:566(ulink)
5673
5680
msgid "Gitolite"
5674
5681
msgstr ""
5675
5682
5676
#: serverguide/C/vcs.xml:541(ulink)
5683
#: serverguide/C/vcs.xml:571(ulink)
5677
5684
msgid "Subversion Home Page"
5678
5685
msgstr ""
5679
5686
5680
#: serverguide/C/vcs.xml:542(ulink)
5687
#: serverguide/C/vcs.xml:576(ulink)
5681
5688
msgid "Subversion Book"
5682
5689
msgstr ""
5683
5690
5684
#: serverguide/C/vcs.xml:545(ulink)
5691
#: serverguide/C/vcs.xml:581(ulink)
5685
5692
msgid "Easy Bazaar Ubuntu Wiki page"
5686
5693
msgstr ""
5687
5694
5688
#: serverguide/C/vcs.xml:546(ulink)
5695
#: serverguide/C/vcs.xml:586(ulink)
5689
5696
msgid "Ubuntu Wiki Subversion page"
5690
5697
msgstr ""
5691
5698
5786
5793
"Security should always be considered when installing, deploying, and using "
5787
5794
"any type of computer system. Although a fresh installation of Ubuntu is "
5788
5795
"relatively safe for immediate use on the Internet, it is important to have a "
5789
"balanced understanding of your systems security posture based on how it will "
5790
"be used after deployment."
5796
"balanced understanding of your system's security posture based on how it "
5797
"will be used after deployment."
5791
5798
msgstr ""
5792
5799
5793
5800
#: serverguide/C/security.xml:15(para)
5794
5801
msgid ""
5795
"This chapter provides an overview of security related topics as they pertain "
5802
"This chapter provides an overview of security-related topics as they pertain "
5796
5803
"to Ubuntu 14.04 LTS Server Edition, and outlines simple measures you may use "
5797
5804
"to protect your server and network from any number of potential security "
5798
5805
"threats."
5846
5853
msgid "Configurations with root passwords are not supported."
5847
5854
msgstr ""
5848
5855
5849
#: serverguide/C/security.xml:37(command)
5856
#: serverguide/C/security.xml:42(command)
5850
5857
msgid "sudo passwd"
5851
5858
msgstr "sudo passwd"
5852
5859
5853
#: serverguide/C/security.xml:39(para)
5860
#: serverguide/C/security.xml:44(para)
5854
5861
msgid ""
5855
5862
"Sudo will prompt you for your password, and then ask you to supply a new "
5856
5863
"password for root as shown below:"
5857
5864
msgstr ""
5858
5865
5859
#: serverguide/C/security.xml:42(computeroutput)
5866
#: serverguide/C/security.xml:47(computeroutput)
5860
5867
#, no-wrap
5861
5868
msgid "[sudo] password for username:"
5862
5869
msgstr ""
5863
5870
5864
#: serverguide/C/security.xml:42(userinput)
5871
#: serverguide/C/security.xml:47(userinput)
5865
5872
#, no-wrap
5866
5873
msgid "(enter your own password)"
5867
5874
msgstr "(увядзіце ваш асабісты пароль)"
5868
5875
5869
#: serverguide/C/security.xml:43(computeroutput)
5876
#: serverguide/C/security.xml:48(computeroutput)
5870
5877
#, no-wrap
5871
5878
msgid "Enter new UNIX password:"
5872
5879
msgstr ""
5873
5880
5874
#: serverguide/C/security.xml:43(userinput)
5881
#: serverguide/C/security.xml:48(userinput)
5875
5882
#, no-wrap
5876
5883
msgid "(enter a new password for root)"
5877
5884
msgstr "(увядзіце новы пароль адміністратара)"
5878
5885
5879
#: serverguide/C/security.xml:44(computeroutput)
5886
#: serverguide/C/security.xml:49(computeroutput)
5880
5887
#, no-wrap
5881
5888
msgid "Retype new UNIX password:"
5882
5889
msgstr ""
5883
5890
5884
#: serverguide/C/security.xml:44(userinput)
5891
#: serverguide/C/security.xml:49(userinput)
5885
5892
#, no-wrap
5886
5893
msgid "(repeat new password for root)"
5887
5894
msgstr "(паўтарыце новы пароль адміністратара)"
5888
5895
5889
#: serverguide/C/security.xml:45(computeroutput)
5896
#: serverguide/C/security.xml:50(computeroutput)
5890
5897
#, no-wrap
5891
5898
msgid "passwd: password updated successfully"
5892
5899
msgstr ""
5896
5903
"To disable the root account password, use the following passwd syntax:"
5897
5904
msgstr ""
5898
5905
5899
#: serverguide/C/security.xml:53(command)
5906
#: serverguide/C/security.xml:58(command)
5900
5907
msgid "sudo passwd -l root"
5901
5908
msgstr "sudo passwd -l root"
5902
5909
5909
5916
msgid "usermod --expiredate 1"
5910
5917
msgstr ""
5911
5918
5912
#: serverguide/C/security.xml:57(para)
5919
#: serverguide/C/security.xml:68(para)
5913
5920
msgid ""
5914
"You should read more on <application>Sudo</application> by checking out it's "
5915
"man page:"
5921
"You should read more on <application>Sudo</application> by reading the man "
5922
"page:"
5916
5923
msgstr ""
5917
5924
5918
#: serverguide/C/security.xml:61(command)
5925
#: serverguide/C/security.xml:72(command)
5919
5926
msgid "man sudo"
5920
5927
msgstr "man sudo"
5921
5928
5929
5936
"<emphasis>sudo</emphasis> group."
5930
5937
msgstr ""
5931
5938
5932
#: serverguide/C/security.xml:71(title)
5939
#: serverguide/C/security.xml:82(title)
5933
5940
msgid "Adding and Deleting Users"
5934
5941
msgstr ""
5935
5942
5936
#: serverguide/C/security.xml:72(para)
5943
#: serverguide/C/security.xml:83(para)
5937
5944
msgid ""
5938
"The process for managing local users and groups is straight forward and "
5945
"The process for managing local users and groups is straightforward and "
5939
5946
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5940
"other Debian based distributions, encourage the use of the \"adduser\" "
5947
"other Debian based distributions encourage the use of the \"adduser\" "
5941
5948
"package for account management."
5942
5949
msgstr ""
5943
5950
5944
#: serverguide/C/security.xml:77(para)
5951
#: serverguide/C/security.xml:88(para)
5945
5952
msgid ""
5946
5953
"To add a user account, use the following syntax, and follow the prompts to "
5947
"give the account a password and identifiable characteristics such as a full "
5954
"give the account a password and identifiable characteristics, such as a full "
5948
5955
"name, phone number, etc."
5949
5956
msgstr ""
5950
5957
5951
#: serverguide/C/security.xml:81(command)
5958
#: serverguide/C/security.xml:92(command)
5952
5959
msgid "sudo adduser username"
5953
5960
msgstr "sudo adduser username"
5954
5961
5955
#: serverguide/C/security.xml:85(para)
5962
#: serverguide/C/security.xml:96(para)
5956
5963
msgid ""
5957
5964
"To delete a user account and its primary group, use the following syntax:"
5958
5965
msgstr ""
5959
5966
5960
#: serverguide/C/security.xml:89(command)
5967
#: serverguide/C/security.xml:100(command)
5961
5968
msgid "sudo deluser username"
5962
5969
msgstr "sudo deluser username"
5963
5970
5964
#: serverguide/C/security.xml:91(para)
5971
#: serverguide/C/security.xml:102(para)
5965
5972
msgid ""
5966
5973
"Deleting an account does not remove their respective home folder. It is up "
5967
5974
"to you whether or not you wish to delete the folder manually or keep it "
5968
5975
"according to your desired retention policies."
5969
5976
msgstr ""
5970
5977
5971
#: serverguide/C/security.xml:94(para)
5978
#: serverguide/C/security.xml:105(para)
5972
5979
msgid ""
5973
5980
"Remember, any user added later on with the same UID/GID as the previous "
5974
5981
"owner will now have access to this folder if you have not taken the "
5975
5982
"necessary precautions."
5976
5983
msgstr ""
5977
5984
5978
#: serverguide/C/security.xml:97(para)
5985
#: serverguide/C/security.xml:108(para)
5979
5986
msgid ""
5980
5987
"You may want to change these UID/GID values to something more appropriate, "
5981
5988
"such as the root account, and perhaps even relocate the folder to avoid "
5982
5989
"future conflicts:"
5983
5990
msgstr ""
5984
5991
5985
#: serverguide/C/security.xml:101(command)
5992
#: serverguide/C/security.xml:112(command)
5986
5993
msgid "sudo chown -R root:root /home/username/"
5987
5994
msgstr "sudo chown -R root:root /home/username/"
5988
5995
5989
#: serverguide/C/security.xml:102(command)
5996
#: serverguide/C/security.xml:113(command)
5990
5997
msgid "sudo mkdir /home/archived_users/"
5991
5998
msgstr "sudo mkdir /home/archived_users/"
5992
5999
5993
#: serverguide/C/security.xml:103(command)
6000
#: serverguide/C/security.xml:114(command)
5994
6001
msgid "sudo mv /home/username /home/archived_users/"
5995
6002
msgstr "sudo mv /home/username /home/archived_users/"
5996
6003
5997
#: serverguide/C/security.xml:107(para)
6004
#: serverguide/C/security.xml:118(para)
5998
6005
msgid ""
5999
6006
"To temporarily lock or unlock a user account, use the following syntax, "
6000
6007
"respectively:"
6001
6008
msgstr ""
6002
6009
6003
#: serverguide/C/security.xml:111(command)
6010
#: serverguide/C/security.xml:122(command)
6004
6011
msgid "sudo passwd -l username"
6005
6012
msgstr "sudo passwd -l username"
6006
6013
6007
#: serverguide/C/security.xml:112(command)
6014
#: serverguide/C/security.xml:123(command)
6008
6015
msgid "sudo passwd -u username"
6009
6016
msgstr "sudo passwd -u username"
6010
6017
6011
#: serverguide/C/security.xml:116(para)
6018
#: serverguide/C/security.xml:127(para)
6012
6019
msgid ""
6013
6020
"To add or delete a personalized group, use the following syntax, "
6014
6021
"respectively:"
6015
6022
msgstr ""
6016
6023
6017
#: serverguide/C/security.xml:120(command)
6024
#: serverguide/C/security.xml:131(command)
6018
6025
msgid "sudo addgroup groupname"
6019
6026
msgstr "sudo addgroup groupname"
6020
6027
6021
#: serverguide/C/security.xml:121(command)
6028
#: serverguide/C/security.xml:132(command)
6022
6029
msgid "sudo delgroup groupname"
6023
6030
msgstr "sudo delgroup groupname"
6024
6031
6025
#: serverguide/C/security.xml:125(para)
6032
#: serverguide/C/security.xml:136(para)
6026
6033
msgid "To add a user to a group, use the following syntax:"
6027
6034
msgstr ""
6028
6035
6029
#: serverguide/C/security.xml:129(command)
6036
#: serverguide/C/security.xml:140(command)
6030
6037
msgid "sudo adduser username groupname"
6031
6038
msgstr "sudo adduser username groupname"
6032
6039
6033
#: serverguide/C/security.xml:136(title)
6040
#: serverguide/C/security.xml:147(title)
6034
6041
msgid "User Profile Security"
6035
6042
msgstr ""
6036
6043
6037
#: serverguide/C/security.xml:137(para)
6044
#: serverguide/C/security.xml:148(para)
6038
6045
msgid ""
6039
6046
"When a new user is created, the adduser utility creates a brand new home "
6040
"directory named <filename class=\"directory\">/home/username</filename>, "
6041
"respectively. The default profile is modeled after the contents found in the "
6042
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6043
"includes all profile basics."
6047
"directory named <filename class=\"directory\">/home/username</filename>. The "
6048
"default profile is modeled after the contents found in the directory of "
6049
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6050
"profile basics."
6044
6051
msgstr ""
6045
6052
6046
#: serverguide/C/security.xml:140(para)
6053
#: serverguide/C/security.xml:151(para)
6047
6054
msgid ""
6048
6055
"If your server will be home to multiple users, you should pay close "
6049
6056
"attention to the user home directory permissions to ensure confidentiality. "
6053
6060
"your environment."
6054
6061
msgstr ""
6055
6062
6056
#: serverguide/C/security.xml:145(para)
6063
#: serverguide/C/security.xml:156(para)
6057
6064
msgid ""
6058
"To verify your current users home directory permissions, use the following "
6065
"To verify your current user home directory permissions, use the following "
6059
6066
"syntax:"
6060
6067
msgstr ""
6061
6068
6062
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6069
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6063
6070
msgid "ls -ld /home/username"
6064
6071
msgstr "ls -ld /home/username"
6065
6072
6066
#: serverguide/C/security.xml:151(para)
6073
#: serverguide/C/security.xml:162(para)
6067
6074
msgid ""
6068
6075
"The following output shows that the directory <filename "
6069
"class=\"directory\">/home/username</filename> has world readable permissions:"
6076
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6070
6077
msgstr ""
6071
6078
6072
#: serverguide/C/security.xml:154(computeroutput)
6079
#: serverguide/C/security.xml:165(computeroutput)
6073
6080
#, no-wrap
6074
6081
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6075
6082
msgstr ""
6076
6083
6077
#: serverguide/C/security.xml:158(para)
6084
#: serverguide/C/security.xml:169(para)
6078
6085
msgid ""
6079
"You can remove the world readable permissions using the following syntax:"
6086
"You can remove the world readable-permissions using the following syntax:"
6080
6087
msgstr ""
6081
6088
6082
#: serverguide/C/security.xml:162(command)
6089
#: serverguide/C/security.xml:173(command)
6083
6090
msgid "sudo chmod 0750 /home/username"
6084
6091
msgstr "sudo chmod 0750 /home/username"
6085
6092
6086
#: serverguide/C/security.xml:165(para)
6093
#: serverguide/C/security.xml:176(para)
6087
6094
msgid ""
6088
6095
"Some people tend to use the recursive option (-R) indiscriminately which "
6089
6096
"modifies all child folders and files, but this is not necessary, and may "
6091
6098
"for preventing unauthorized access to anything below the parent."
6092
6099
msgstr ""
6093
6100
6094
#: serverguide/C/security.xml:169(para)
6101
#: serverguide/C/security.xml:180(para)
6095
6102
msgid ""
6096
6103
"A much more efficient approach to the matter would be to modify the "
6097
6104
"<application>adduser</application> global default permissions when creating "
6101
6108
"new home directories will receive the correct permissions."
6102
6109
msgstr ""
6103
6110
6104
#: serverguide/C/security.xml:172(programlisting)
6111
#: serverguide/C/security.xml:183(programlisting)
6105
6112
#, no-wrap
6106
6113
msgid ""
6107
6114
"\n"
6110
6117
"\n"
6111
6118
"DIR_MODE=0750\n"
6112
6119
6113
#: serverguide/C/security.xml:177(para)
6120
#: serverguide/C/security.xml:188(para)
6114
6121
msgid ""
6115
6122
"After correcting the directory permissions using any of the previously "
6116
6123
"mentioned techniques, verify the results using the following syntax:"
6117
6124
msgstr ""
6118
6125
6119
#: serverguide/C/security.xml:183(para)
6126
#: serverguide/C/security.xml:194(para)
6120
6127
msgid ""
6121
"The results below show that world readable permissions have been removed:"
6128
"The results below show that world-readable permissions have been removed:"
6122
6129
msgstr ""
6123
6130
6124
#: serverguide/C/security.xml:186(computeroutput)
6131
#: serverguide/C/security.xml:197(computeroutput)
6125
6132
#, no-wrap
6126
6133
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6127
6134
msgstr ""
6128
6135
6129
#: serverguide/C/security.xml:193(title)
6136
#: serverguide/C/security.xml:204(title)
6130
6137
msgid "Password Policy"
6131
6138
msgstr ""
6132
6139
6133
#: serverguide/C/security.xml:194(para)
6140
#: serverguide/C/security.xml:205(para)
6134
6141
msgid ""
6135
6142
"A strong password policy is one of the most important aspects of your "
6136
6143
"security posture. Many successful security breaches involve simple brute "
6140
6147
"password lifetimes, and frequent audits of your authentication systems."
6141
6148
msgstr ""
6142
6149
6143
#: serverguide/C/security.xml:198(title)
6150
#: serverguide/C/security.xml:209(title)
6144
6151
msgid "Minimum Password Length"
6145
6152
msgstr "Мінімальная даўжыня пароля"
6146
6153
6147
#: serverguide/C/security.xml:199(para)
6154
#: serverguide/C/security.xml:210(para)
6148
6155
msgid ""
6149
6156
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6150
6157
"well as some basic entropy checks. These values are controlled in the file "
6158
6165
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6159
6166
msgstr ""
6160
6167
6161
#: serverguide/C/security.xml:205(para)
6168
#: serverguide/C/security.xml:216(para)
6162
6169
msgid ""
6163
6170
"If you would like to adjust the minimum length to 8 characters, change the "
6164
6171
"appropriate variable to min=8. The modification is outlined below."
6172
6179
"minlen=8\n"
6173
6180
msgstr ""
6174
6181
6175
#: serverguide/C/security.xml:212(para)
6182
#: serverguide/C/security.xml:223(para)
6176
6183
msgid ""
6177
6184
"Basic password entropy checks and minimum length rules do not apply to the "
6178
6185
"administrator using sudo level commands to setup a new user."
6179
6186
msgstr ""
6180
6187
6181
#: serverguide/C/security.xml:218(title)
6188
#: serverguide/C/security.xml:229(title)
6182
6189
msgid "Password Expiration"
6183
6190
msgstr ""
6184
6191
6185
#: serverguide/C/security.xml:219(para)
6192
#: serverguide/C/security.xml:230(para)
6186
6193
msgid ""
6187
6194
"When creating user accounts, you should make it a policy to have a minimum "
6188
6195
"and maximum password age forcing users to change their passwords when they "
6189
6196
"expire."
6190
6197
msgstr ""
6191
6198
6192
#: serverguide/C/security.xml:224(para)
6199
#: serverguide/C/security.xml:235(para)
6193
6200
msgid ""
6194
6201
"To easily view the current status of a user account, use the following "
6195
6202
"syntax:"
6196
6203
msgstr ""
6197
6204
6198
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6205
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6199
6206
msgid "sudo chage -l username"
6200
6207
msgstr "sudo chage -l username"
6201
6208
6202
#: serverguide/C/security.xml:230(para)
6209
#: serverguide/C/security.xml:241(para)
6203
6210
msgid ""
6204
6211
"The output below shows interesting facts about the user account, namely that "
6205
6212
"there are no policies applied:"
6206
6213
msgstr ""
6207
6214
6208
#: serverguide/C/security.xml:233(computeroutput)
6215
#: serverguide/C/security.xml:244(computeroutput)
6209
6216
#, no-wrap
6210
6217
msgid ""
6211
"Last password change : Jan 20, 2008\n"
6218
"Last password change : Jan 20, 2015\n"
6212
6219
"Password expires : never\n"
6213
6220
"Password inactive : never\n"
6214
6221
"Account expires : never\n"
6217
6224
"Number of days of warning before password expires : 7"
6218
6225
msgstr ""
6219
6226
6220
#: serverguide/C/security.xml:243(para)
6227
#: serverguide/C/security.xml:254(para)
6221
6228
msgid ""
6222
6229
"To set any of these values, simply use the following syntax, and follow the "
6223
6230
"interactive prompts:"
6224
6231
msgstr ""
6225
6232
6226
#: serverguide/C/security.xml:247(command)
6233
#: serverguide/C/security.xml:258(command)
6227
6234
msgid "sudo chage username"
6228
6235
msgstr "sudo chage username"
6229
6236
6230
#: serverguide/C/security.xml:249(para)
6237
#: serverguide/C/security.xml:260(para)
6231
6238
msgid ""
6232
6239
"The following is also an example of how you can manually change the explicit "
6233
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6240
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6234
6241
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6235
6242
"password expiration, and a warning time period (-W) of 14 days before "
6236
"password expiration."
6237
msgstr ""
6238
6239
#: serverguide/C/security.xml:253(command)
6240
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6241
msgstr ""
6242
6243
#: serverguide/C/security.xml:257(para)
6243
"password expiration:"
6244
msgstr ""
6245
6246
#: serverguide/C/security.xml:264(command)
6247
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6248
msgstr ""
6249
6250
#: serverguide/C/security.xml:268(para)
6244
6251
msgid "To verify changes, use the same syntax as mentioned previously:"
6245
6252
msgstr ""
6246
6253
6247
#: serverguide/C/security.xml:263(para)
6254
#: serverguide/C/security.xml:274(para)
6248
6255
msgid ""
6249
6256
"The output below shows the new policies that have been established for the "
6250
6257
"account:"
6251
6258
msgstr ""
6252
6259
6253
#: serverguide/C/security.xml:266(computeroutput)
6260
#: serverguide/C/security.xml:277(computeroutput)
6254
6261
#, no-wrap
6255
6262
msgid ""
6256
"Last password change : Jan 20, 2008\n"
6257
"Password expires : Apr 19, 2008\n"
6258
"Password inactive : May 19, 2008\n"
6259
"Account expires : Jan 31, 2008\n"
6263
"Last password change : Jan 20, 2015\n"
6264
"Password expires : Apr 19, 2015\n"
6265
"Password inactive : May 19, 2015\n"
6266
"Account expires : Jan 31, 2015\n"
6260
6267
"Minimum number of days between password change : 5\n"
6261
6268
"Maximum number of days between password change : 90\n"
6262
6269
"Number of days of warning before password expires : 14"
6263
6270
msgstr ""
6264
6271
6265
#: serverguide/C/security.xml:282(title)
6272
#: serverguide/C/security.xml:293(title)
6266
6273
msgid "Other Security Considerations"
6267
6274
msgstr ""
6268
6275
6269
#: serverguide/C/security.xml:283(para)
6276
#: serverguide/C/security.xml:294(para)
6270
6277
msgid ""
6271
6278
"Many applications use alternate authentication mechanisms that can be easily "
6272
6279
"overlooked by even experienced system administrators. Therefore, it is "
6274
6281
"to services and applications on your server."
6275
6282
msgstr ""
6276
6283
6277
#: serverguide/C/security.xml:288(title)
6284
#: serverguide/C/security.xml:299(title)
6278
6285
msgid "SSH Access by Disabled Users"
6279
6286
msgstr ""
6280
6287
6281
#: serverguide/C/security.xml:289(para)
6288
#: serverguide/C/security.xml:300(para)
6282
6289
msgid ""
6283
6290
"Simply disabling/locking a user account will not prevent a user from logging "
6284
6291
"into your server remotely if they have previously set up RSA public key "
6285
6292
"authentication. They will still be able to gain shell access to the server, "
6286
6293
"without the need for any password. Remember to check the users home "
6287
6294
"directory for files that will allow for this type of authenticated SSH "
6288
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6295
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6289
6296
msgstr ""
6290
6297
6291
#: serverguide/C/security.xml:292(para)
6298
#: serverguide/C/security.xml:303(para)
6292
6299
msgid ""
6293
6300
"Remove or rename the directory <filename "
6294
6301
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6295
6302
"further SSH authentication capabilities."
6296
6303
msgstr ""
6297
6304
6298
#: serverguide/C/security.xml:295(para)
6305
#: serverguide/C/security.xml:306(para)
6299
6306
msgid ""
6300
6307
"Be sure to check for any established SSH connections by the disabled user, "
6301
6308
"as it is possible they may have existing inbound or outbound connections. "
6303
6310
msgstr ""
6304
6311
6305
6312
#: serverguide/C/security.xml:310(command)
6306
msgid "who |grep username"
6313
msgid "who | grep username"
6307
6314
msgstr ""
6308
6315
6309
6316
#: serverguide/C/security.xml:311(command)
6318
6325
"<placeholder-2/>\n"
6319
6326
msgstr ""
6320
6327
6321
#: serverguide/C/security.xml:298(para)
6328
#: serverguide/C/security.xml:313(para)
6322
6329
msgid ""
6323
6330
"Restrict SSH access to only user accounts that should have it. For example, "
6324
6331
"you may create a group called \"sshlogin\" and add the group name as the "
6326
6333
"the file <filename>/etc/ssh/sshd_config</filename>."
6327
6334
msgstr ""
6328
6335
6329
#: serverguide/C/security.xml:301(programlisting)
6336
#: serverguide/C/security.xml:316(programlisting)
6330
6337
#, no-wrap
6331
6338
msgid ""
6332
6339
"\n"
6333
6340
"AllowGroups sshlogin\n"
6334
6341
msgstr ""
6335
6342
6336
#: serverguide/C/security.xml:304(para)
6343
#: serverguide/C/security.xml:319(para)
6337
6344
msgid ""
6338
6345
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6339
6346
"SSH service."
6340
6347
msgstr ""
6341
6348
6342
#: serverguide/C/security.xml:308(command)
6349
#: serverguide/C/security.xml:323(command)
6343
6350
msgid "sudo adduser username sshlogin"
6344
6351
msgstr "sudo adduser username sshlogin"
6345
6352
6346
#: serverguide/C/security.xml:309(command)
6353
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6347
6354
msgid "sudo service ssh restart"
6348
6355
msgstr ""
6349
6356
6350
#: serverguide/C/security.xml:313(title)
6357
#: serverguide/C/security.xml:328(title)
6351
6358
msgid "External User Database Authentication"
6352
6359
msgstr ""
6353
6360
6354
#: serverguide/C/security.xml:314(para)
6361
#: serverguide/C/security.xml:329(para)
6355
6362
msgid ""
6356
6363
"Most enterprise networks require centralized authentication and access "
6357
6364
"controls for all system resources. If you have configured your server to "
6358
6365
"authenticate users against external databases, be sure to disable the user "
6359
"accounts both externally and locally, this way you ensure that local "
6366
"accounts both externally and locally. This way you ensure that local "
6360
6367
"fallback authentication is not possible."
6361
6368
msgstr ""
6362
6369
6363
#: serverguide/C/security.xml:323(title)
6370
#: serverguide/C/security.xml:338(title)
6364
6371
msgid "Console Security"
6365
6372
msgstr ""
6366
6373
6367
#: serverguide/C/security.xml:324(para)
6374
#: serverguide/C/security.xml:339(para)
6368
6375
msgid ""
6369
6376
"As with any other security barrier you put in place to protect your server, "
6370
6377
"it is pretty tough to defend against untold damage caused by someone with "
6376
6383
"basic precautions with regard to console security."
6377
6384
msgstr ""
6378
6385
6379
#: serverguide/C/security.xml:327(para)
6386
#: serverguide/C/security.xml:342(para)
6380
6387
msgid ""
6381
6388
"The following instructions will help defend your server against issues that "
6382
6389
"could otherwise yield very serious consequences."
6383
6390
msgstr ""
6384
6391
6385
#: serverguide/C/security.xml:332(title)
6392
#: serverguide/C/security.xml:347(title)
6386
6393
msgid "Disable Ctrl+Alt+Delete"
6387
6394
msgstr "Выключыць Ctrl+Alt+Delete"
6388
6395
6389
#: serverguide/C/security.xml:333(para)
6396
#: serverguide/C/security.xml:348(para)
6390
6397
msgid ""
6391
"First and foremost, anyone that has physical access to the keyboard can "
6392
"simply use the "
6398
"Anyone that has physical access to the keyboard can simply use the "
6393
6399
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6394
6400
"eycombo> key combination to reboot the server without having to log on. "
6395
"Sure, someone could simply unplug the power source, but you should still "
6396
"prevent the use of this key combination on a production server. This forces "
6397
"an attacker to take more drastic measures to reboot the server, and will "
6401
"While someone could simply unplug the power source, you should still prevent "
6402
"the use of this key combination on a production server. This forces an "
6403
"attacker to take more drastic measures to reboot the server, and will "
6398
6404
"prevent accidental reboots at the same time."
6399
6405
msgstr ""
6400
6406
6401
#: serverguide/C/security.xml:338(para)
6407
#: serverguide/C/security.xml:353(para)
6402
6408
msgid ""
6403
6409
"To disable the reboot action taken by pressing the "
6404
6410
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6405
6411
"eycombo> key combination, comment out the following line in the file "
6406
"<filename>/etc/init/control-alt-delete.conf</filename>."
6412
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6407
6413
msgstr ""
6408
6414
6409
#: serverguide/C/security.xml:341(programlisting)
6415
#: serverguide/C/security.xml:356(programlisting)
6410
6416
#, no-wrap
6411
6417
msgid ""
6412
6418
"\n"
6413
6419
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6414
6420
msgstr ""
6415
6421
6416
#: serverguide/C/security.xml:350(title)
6422
#: serverguide/C/security.xml:365(title)
6417
6423
msgid "Firewall"
6418
6424
msgstr "Брандмаўэр"
6419
6425
6420
#: serverguide/C/security.xml:353(para)
6426
#: serverguide/C/security.xml:368(para)
6421
6427
msgid ""
6422
6428
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6423
6429
"which is used to manipulate or decide the fate of network traffic headed "
6425
6431
"system for packet filtering."
6426
6432
msgstr ""
6427
6433
6428
#: serverguide/C/security.xml:358(para)
6434
#: serverguide/C/security.xml:373(para)
6429
6435
msgid ""
6430
6436
"The kernel's packet filtering system would be of little use to "
6431
6437
"administrators without a userspace interface to manage it. This is the "
6432
"purpose of iptables. When a packet reaches your server, it will be handed "
6438
"purpose of iptables: When a packet reaches your server, it will be handed "
6433
6439
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6434
6440
"based on the rules supplied to it from userspace via iptables. Thus, "
6435
"iptables is all you need to manage your firewall if you're familiar with it, "
6436
"but many frontends are available to simplify the task."
6441
"iptables is all you need to manage your firewall, if you're familiar with "
6442
"it, but many frontends are available to simplify the task."
6437
6443
msgstr ""
6438
6444
6439
#: serverguide/C/security.xml:368(title)
6445
#: serverguide/C/security.xml:383(title)
6440
6446
msgid "ufw - Uncomplicated Firewall"
6441
6447
msgstr ""
6442
6448
6443
#: serverguide/C/security.xml:369(para)
6449
#: serverguide/C/security.xml:384(para)
6444
6450
msgid ""
6445
6451
"The default firewall configuration tool for Ubuntu is "
6446
6452
"<application>ufw</application>. Developed to ease iptables firewall "
6447
"configuration, <application>ufw</application> provides a user friendly way "
6453
"configuration, <application>ufw</application> provides a user-friendly way "
6448
6454
"to create an IPv4 or IPv6 host-based firewall."
6449
6455
msgstr ""
6450
6456
6451
#: serverguide/C/security.xml:373(para)
6457
#: serverguide/C/security.xml:388(para)
6452
6458
msgid ""
6453
6459
"<application>ufw</application> by default is initially disabled. From the "
6454
6460
"<application>ufw</application> man page:"
6455
6461
msgstr ""
6456
6462
6457
#: serverguide/C/security.xml:377(quote)
6463
#: serverguide/C/security.xml:392(quote)
6458
6464
msgid ""
6459
6465
"ufw is not intended to provide complete firewall functionality via its "
6460
6466
"command interface, but instead provides an easy way to add or remove simple "
6461
6467
"rules. It is currently mainly used for host-based firewalls."
6462
6468
msgstr ""
6463
6469
6464
#: serverguide/C/security.xml:381(para)
6470
#: serverguide/C/security.xml:396(para)
6465
6471
msgid ""
6466
6472
"The following are some examples of how to use <application>ufw</application>:"
6467
6473
msgstr ""
6468
6474
6469
#: serverguide/C/security.xml:386(para)
6475
#: serverguide/C/security.xml:401(para)
6470
6476
msgid ""
6471
6477
"First, <application>ufw</application> needs to be enabled. From a terminal "
6472
6478
"prompt enter:"
6473
6479
msgstr ""
6474
6480
6475
#: serverguide/C/security.xml:390(command)
6481
#: serverguide/C/security.xml:405(command)
6476
6482
msgid "sudo ufw enable"
6477
6483
msgstr "sudo ufw enable"
6478
6484
6479
#: serverguide/C/security.xml:394(para)
6480
msgid "To open a port (ssh in this example):"
6485
#: serverguide/C/security.xml:409(para)
6486
msgid "To open a port (SSH in this example):"
6481
6487
msgstr ""
6482
6488
6483
#: serverguide/C/security.xml:398(command)
6489
#: serverguide/C/security.xml:413(command)
6484
6490
msgid "sudo ufw allow 22"
6485
6491
msgstr "sudo ufw allow 22"
6486
6492
6487
#: serverguide/C/security.xml:402(para)
6493
#: serverguide/C/security.xml:417(para)
6488
6494
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6489
6495
msgstr ""
6490
6496
6491
#: serverguide/C/security.xml:406(command)
6497
#: serverguide/C/security.xml:421(command)
6492
6498
msgid "sudo ufw insert 1 allow 80"
6493
6499
msgstr "sudo ufw insert 1 allow 80"
6494
6500
6495
#: serverguide/C/security.xml:410(para)
6501
#: serverguide/C/security.xml:425(para)
6496
6502
msgid "Similarly, to close an opened port:"
6497
6503
msgstr ""
6498
6504
6499
#: serverguide/C/security.xml:414(command)
6505
#: serverguide/C/security.xml:429(command)
6500
6506
msgid "sudo ufw deny 22"
6501
6507
msgstr "sudo ufw deny 22"
6502
6508
6503
#: serverguide/C/security.xml:418(para)
6509
#: serverguide/C/security.xml:433(para)
6504
6510
msgid "To remove a rule, use delete followed by the rule:"
6505
6511
msgstr ""
6506
6512
6507
#: serverguide/C/security.xml:422(command)
6513
#: serverguide/C/security.xml:437(command)
6508
6514
msgid "sudo ufw delete deny 22"
6509
6515
msgstr "sudo ufw delete deny 22"
6510
6516
6511
#: serverguide/C/security.xml:426(para)
6517
#: serverguide/C/security.xml:441(para)
6512
6518
msgid ""
6513
6519
"It is also possible to allow access from specific hosts or networks to a "
6514
"port. The following example allows ssh access from host 192.168.0.2 to any "
6515
"ip address on this host:"
6520
"port. The following example allows SSH access from host 192.168.0.2 to any "
6521
"IP address on this host:"
6516
6522
msgstr ""
6517
6523
6518
#: serverguide/C/security.xml:431(command)
6524
#: serverguide/C/security.xml:446(command)
6519
6525
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6520
6526
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6521
6527
6522
#: serverguide/C/security.xml:433(para)
6528
#: serverguide/C/security.xml:448(para)
6523
6529
msgid ""
6524
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6530
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6525
6531
"subnet."
6526
6532
msgstr ""
6527
6533
6528
#: serverguide/C/security.xml:439(para)
6534
#: serverguide/C/security.xml:454(para)
6529
6535
msgid ""
6530
6536
"Adding the <emphasis>--dry-run</emphasis> option to a "
6531
6537
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6533
6539
"the HTTP port:"
6534
6540
msgstr ""
6535
6541
6536
#: serverguide/C/security.xml:445(command)
6542
#: serverguide/C/security.xml:460(command)
6537
6543
msgid "sudo ufw --dry-run allow http"
6538
6544
msgstr "sudo ufw --dry-run allow http"
6539
6545
6540
#: serverguide/C/security.xml:449(computeroutput)
6546
#: serverguide/C/security.xml:464(computeroutput)
6541
6547
#, no-wrap
6542
6548
msgid ""
6543
6549
"*filter\n"
6563
6569
"Rules updated"
6564
6570
msgstr ""
6565
6571
6566
#: serverguide/C/security.xml:473(para)
6572
#: serverguide/C/security.xml:488(para)
6567
6573
msgid "<application>ufw</application> can be disabled by:"
6568
6574
msgstr "<application>ufw</application> можа быць выключана з дапамогай:"
6569
6575
6570
#: serverguide/C/security.xml:477(command)
6576
#: serverguide/C/security.xml:492(command)
6571
6577
msgid "sudo ufw disable"
6572
6578
msgstr "sudo ufw disable"
6573
6579
6574
#: serverguide/C/security.xml:481(para)
6580
#: serverguide/C/security.xml:496(para)
6575
6581
msgid "To see the firewall status, enter:"
6576
6582
msgstr "Каб паглядзець стан брандмаўэра, увядзіце:"
6577
6583
6578
#: serverguide/C/security.xml:485(command)
6584
#: serverguide/C/security.xml:500(command)
6579
6585
msgid "sudo ufw status"
6580
6586
msgstr "sudo ufw status"
6581
6587
6582
#: serverguide/C/security.xml:489(para)
6588
#: serverguide/C/security.xml:504(para)
6583
6589
msgid "And for more verbose status information use:"
6584
6590
msgstr ""
6585
6591
6586
#: serverguide/C/security.xml:493(command)
6592
#: serverguide/C/security.xml:508(command)
6587
6593
msgid "sudo ufw status verbose"
6588
6594
msgstr "sudo ufw status verbose"
6589
6595
6590
#: serverguide/C/security.xml:497(para)
6596
#: serverguide/C/security.xml:512(para)
6591
6597
msgid "To view the <emphasis>numbered</emphasis> format:"
6592
6598
msgstr ""
6593
6599
6594
#: serverguide/C/security.xml:501(command)
6600
#: serverguide/C/security.xml:516(command)
6595
6601
msgid "sudo ufw status numbered"
6596
6602
msgstr "sudo ufw status numbered"
6597
6603
6598
#: serverguide/C/security.xml:506(para)
6604
#: serverguide/C/security.xml:521(para)
6599
6605
msgid ""
6600
6606
"If the port you want to open or close is defined in "
6601
6607
"<filename>/etc/services</filename>, you can use the port name instead of the "
6603
6609
"<emphasis>ssh</emphasis>."
6604
6610
msgstr ""
6605
6611
6606
#: serverguide/C/security.xml:512(para)
6612
#: serverguide/C/security.xml:527(para)
6607
6613
msgid ""
6608
6614
"This is a quick introduction to using <application>ufw</application>. Please "
6609
6615
"refer to the <application>ufw</application> man page for more information."
6610
6616
msgstr ""
6611
6617
6612
#: serverguide/C/security.xml:518(title)
6618
#: serverguide/C/security.xml:533(title)
6613
6619
msgid "ufw Application Integration"
6614
6620
msgstr ""
6615
6621
6616
#: serverguide/C/security.xml:520(para)
6622
#: serverguide/C/security.xml:535(para)
6617
6623
msgid ""
6618
6624
"Applications that open ports can include an <application>ufw</application> "
6619
6625
"profile, which details the ports needed for the application to function "
6622
6628
"the default ports have been changed."
6623
6629
msgstr ""
6624
6630
6625
#: serverguide/C/security.xml:529(para)
6631
#: serverguide/C/security.xml:544(para)
6626
6632
msgid ""
6627
6633
"To view which applications have installed a profile, enter the following in "
6628
6634
"a terminal:"
6629
6635
msgstr ""
6630
6636
6631
#: serverguide/C/security.xml:534(command)
6637
#: serverguide/C/security.xml:549(command)
6632
6638
msgid "sudo ufw app list"
6633
6639
msgstr "sudo ufw app list"
6634
6640
6635
#: serverguide/C/security.xml:540(para)
6641
#: serverguide/C/security.xml:555(para)
6636
6642
msgid ""
6637
6643
"Similar to allowing traffic to a port, using an application profile is "
6638
6644
"accomplished by entering:"
6639
6645
msgstr ""
6640
6646
6641
#: serverguide/C/security.xml:545(command)
6647
#: serverguide/C/security.xml:560(command)
6642
6648
msgid "sudo ufw allow Samba"
6643
6649
msgstr "sudo ufw allow Samba"
6644
6650
6645
#: serverguide/C/security.xml:551(para)
6651
#: serverguide/C/security.xml:566(para)
6646
6652
msgid "An extended syntax is available as well:"
6647
6653
msgstr ""
6648
6654
6649
#: serverguide/C/security.xml:556(command)
6655
#: serverguide/C/security.xml:571(command)
6650
6656
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6651
6657
msgstr ""
6652
6658
6653
#: serverguide/C/security.xml:559(para)
6659
#: serverguide/C/security.xml:574(para)
6654
6660
msgid ""
6655
6661
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6656
6662
"with the application profile you are using and the IP range for your network."
6657
6663
msgstr ""
6658
6664
6659
#: serverguide/C/security.xml:565(para)
6665
#: serverguide/C/security.xml:580(para)
6660
6666
msgid ""
6661
6667
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6662
6668
"application, because that information is detailed in the profile. Also, note "
6664
6670
"<emphasis>port</emphasis> number."
6665
6671
msgstr ""
6666
6672
6667
#: serverguide/C/security.xml:574(para)
6673
#: serverguide/C/security.xml:589(para)
6668
6674
msgid ""
6669
"To view details about which ports, protocols, etc are defined for an "
6675
"To view details about which ports, protocols, etc., are defined for an "
6670
6676
"application, enter:"
6671
6677
msgstr ""
6672
6678
6673
#: serverguide/C/security.xml:579(command)
6679
#: serverguide/C/security.xml:594(command)
6674
6680
msgid "sudo ufw app info Samba"
6675
6681
msgstr "sudo ufw app info Samba"
6676
6682
6677
#: serverguide/C/security.xml:585(para)
6683
#: serverguide/C/security.xml:600(para)
6678
6684
msgid ""
6679
6685
"Not all applications that require opening a network port come with "
6680
6686
"<application>ufw</application> profiles, but if you have profiled an "
6682
6688
"bug against the package in Launchpad."
6683
6689
msgstr ""
6684
6690
6685
#: serverguide/C/security.xml:591(command)
6691
#: serverguide/C/security.xml:606(command)
6686
6692
msgid "ubuntu-bug nameofpackage"
6687
6693
msgstr ""
6688
6694
6689
#: serverguide/C/security.xml:597(title)
6695
#: serverguide/C/security.xml:612(title)
6690
6696
msgid "IP Masquerading"
6691
6697
msgstr ""
6692
6698
6693
#: serverguide/C/security.xml:598(para)
6699
#: serverguide/C/security.xml:613(para)
6694
6700
msgid ""
6695
6701
"The purpose of IP Masquerading is to allow machines with private, non-"
6696
6702
"routable IP addresses on your network to access the Internet through the "
6707
6713
"to in Microsoft documentation as Internet Connection Sharing."
6708
6714
msgstr ""
6709
6715
6710
#: serverguide/C/security.xml:614(title)
6716
#: serverguide/C/security.xml:629(title)
6711
6717
msgid "ufw Masquerading"
6712
6718
msgstr ""
6713
6719
6714
#: serverguide/C/security.xml:615(para)
6720
#: serverguide/C/security.xml:630(para)
6715
6721
msgid ""
6716
6722
"IP Masquerading can be achieved using custom <application>ufw</application> "
6717
6723
"rules. This is possible because the current back-end for "
6722
6728
"that are more network gateway or bridge related."
6723
6729
msgstr ""
6724
6730
6725
#: serverguide/C/security.xml:621(para)
6731
#: serverguide/C/security.xml:636(para)
6726
6732
msgid ""
6727
6733
"The rules are split into two different files, rules that should be executed "
6728
6734
"before <application>ufw</application> command line rules, and rules that are "
6729
6735
"executed after <application>ufw</application> command line rules."
6730
6736
msgstr ""
6731
6737
6732
#: serverguide/C/security.xml:627(para)
6738
#: serverguide/C/security.xml:642(para)
6733
6739
msgid ""
6734
6740
"First, packet forwarding needs to be enabled in "
6735
6741
"<application>ufw</application>. Two configuration files will need to be "
6737
6743
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6738
6744
msgstr ""
6739
6745
6740
#: serverguide/C/security.xml:631(programlisting)
6746
#: serverguide/C/security.xml:646(programlisting)
6741
6747
#, no-wrap
6742
6748
msgid ""
6743
6749
"\n"
6746
6752
"\n"
6747
6753
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6748
6754
6749
#: serverguide/C/security.xml:634(para)
6755
#: serverguide/C/security.xml:649(para)
6750
6756
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6751
6757
msgstr ""
6752
6758
6753
#: serverguide/C/security.xml:637(programlisting)
6759
#: serverguide/C/security.xml:652(programlisting)
6754
6760
#, no-wrap
6755
6761
msgid ""
6756
6762
"\n"
6757
6763
"net/ipv4/ip_forward=1\n"
6758
6764
msgstr ""
6759
6765
6760
#: serverguide/C/security.xml:640(para)
6766
#: serverguide/C/security.xml:655(para)
6761
6767
msgid "Similarly, for IPv6 forwarding uncomment:"
6762
6768
msgstr ""
6763
6769
6764
#: serverguide/C/security.xml:643(programlisting)
6770
#: serverguide/C/security.xml:658(programlisting)
6765
6771
#, no-wrap
6766
6772
msgid ""
6767
6773
"\n"
6768
6774
"net/ipv6/conf/default/forwarding=1\n"
6769
6775
msgstr ""
6770
6776
6771
#: serverguide/C/security.xml:648(para)
6777
#: serverguide/C/security.xml:663(para)
6772
6778
msgid ""
6773
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6774
"file. The default rules only configure the <emphasis>filter</emphasis> "
6775
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6776
"need to be configured. Add the following to the top of the file just after "
6777
"the header comments:"
6779
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6780
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6781
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6782
"configured. Add the following to the top of the file just after the header "
6783
"comments:"
6778
6784
msgstr ""
6779
6785
6780
#: serverguide/C/security.xml:653(programlisting)
6786
#: serverguide/C/security.xml:668(programlisting)
6781
6787
#, no-wrap
6782
6788
msgid ""
6783
6789
"\n"
6793
6799
"COMMIT\n"
6794
6800
msgstr ""
6795
6801
6796
#: serverguide/C/security.xml:664(para)
6802
#: serverguide/C/security.xml:679(para)
6797
6803
msgid ""
6798
6804
"The comments are not strictly necessary, but it is considered good practice "
6799
6805
"to document your configuration. Also, when modifying any of the "
6802
6808
"line for each table modified:"
6803
6809
msgstr ""
6804
6810
6805
#: serverguide/C/security.xml:670(programlisting)
6811
#: serverguide/C/security.xml:685(programlisting)
6806
6812
#, no-wrap
6807
6813
msgid ""
6808
6814
"\n"
6810
6816
"COMMIT\n"
6811
6817
msgstr ""
6812
6818
6813
#: serverguide/C/security.xml:675(para)
6819
#: serverguide/C/security.xml:690(para)
6814
6820
msgid ""
6815
6821
"For each <emphasis>Table</emphasis> a corresponding "
6816
6822
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6819
6825
"<emphasis>mangle</emphasis> tables."
6820
6826
msgstr ""
6821
6827
6822
#: serverguide/C/security.xml:682(para)
6828
#: serverguide/C/security.xml:697(para)
6823
6829
msgid ""
6824
6830
"In the above example replace <emphasis>eth0</emphasis>, "
6825
6831
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6826
6832
"appropriate interfaces and IP range for your network."
6827
6833
msgstr ""
6828
6834
6829
#: serverguide/C/security.xml:690(para)
6835
#: serverguide/C/security.xml:705(para)
6830
6836
msgid ""
6831
6837
"Finally, disable and re-enable <application>ufw</application> to apply the "
6832
6838
"changes:"
6833
6839
msgstr ""
6834
6840
6835
#: serverguide/C/security.xml:694(command)
6841
#: serverguide/C/security.xml:709(command)
6836
6842
msgid "sudo ufw disable && sudo ufw enable"
6837
6843
msgstr "sudo ufw disable && sudo ufw enable"
6838
6844
6839
#: serverguide/C/security.xml:698(para)
6845
#: serverguide/C/security.xml:713(para)
6840
6846
msgid ""
6841
6847
"IP Masquerading should now be enabled. You can also add any additional "
6842
6848
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6844
6850
"forward</emphasis> chain."
6845
6851
msgstr ""
6846
6852
6847
#: serverguide/C/security.xml:705(title)
6853
#: serverguide/C/security.xml:720(title)
6848
6854
msgid "iptables Masquerading"
6849
6855
msgstr ""
6850
6856
6851
#: serverguide/C/security.xml:706(para)
6857
#: serverguide/C/security.xml:721(para)
6852
6858
msgid ""
6853
6859
"<application>iptables</application> can also be used to enable Masquerading."
6854
6860
msgstr ""
6855
6861
6856
#: serverguide/C/security.xml:711(para)
6862
#: serverguide/C/security.xml:726(para)
6857
6863
msgid ""
6858
6864
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6859
6865
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6860
"uncomment the following line"
6866
"uncomment the following line:"
6861
6867
msgstr ""
6862
6868
6863
#: serverguide/C/security.xml:715(programlisting)
6869
#: serverguide/C/security.xml:730(programlisting)
6864
6870
#, no-wrap
6865
6871
msgid ""
6866
6872
"\n"
6869
6875
"\n"
6870
6876
"net.ipv4.ip_forward=1\n"
6871
6877
6872
#: serverguide/C/security.xml:718(para)
6878
#: serverguide/C/security.xml:733(para)
6873
6879
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6874
6880
msgstr ""
6875
6881
6876
#: serverguide/C/security.xml:721(programlisting)
6882
#: serverguide/C/security.xml:736(programlisting)
6877
6883
#, no-wrap
6878
6884
msgid ""
6879
6885
"\n"
6882
6888
"\n"
6883
6889
"net.ipv6.conf.default.forwarding=1\n"
6884
6890
6885
#: serverguide/C/security.xml:726(para)
6891
#: serverguide/C/security.xml:741(para)
6886
6892
msgid ""
6887
6893
"Next, execute the <application>sysctl</application> command to enable the "
6888
6894
"new settings in the configuration file:"
6889
6895
msgstr ""
6890
6896
6891
#: serverguide/C/security.xml:730(command)
6897
#: serverguide/C/security.xml:745(command)
6892
6898
msgid "sudo sysctl -p"
6893
6899
msgstr "sudo sysctl -p"
6894
6900
6895
#: serverguide/C/security.xml:734(para)
6901
#: serverguide/C/security.xml:749(para)
6896
6902
msgid ""
6897
6903
"IP Masquerading can now be accomplished with a single iptables rule, which "
6898
6904
"may differ slightly based on your network configuration:"
6899
6905
msgstr ""
6900
6906
6901
#: serverguide/C/security.xml:737(screen)
6907
#: serverguide/C/security.xml:752(screen)
6902
6908
#, no-wrap
6903
6909
msgid ""
6904
6910
"\n"
6907
6913
"\n"
6908
6914
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6909
6915
6910
#: serverguide/C/security.xml:740(para)
6916
#: serverguide/C/security.xml:755(para)
6911
6917
msgid ""
6912
6918
"The above command assumes that your private address space is 192.168.0.0/16 "
6913
6919
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6914
6920
"follows:"
6915
6921
msgstr ""
6916
6922
6917
#: serverguide/C/security.xml:745(para)
6923
#: serverguide/C/security.xml:760(para)
6918
6924
msgid "-t nat -- the rule is to go into the nat table"
6919
6925
msgstr ""
6920
6926
6921
#: serverguide/C/security.xml:746(para)
6927
#: serverguide/C/security.xml:761(para)
6922
6928
msgid ""
6923
6929
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6924
6930
msgstr ""
6925
6931
6926
#: serverguide/C/security.xml:747(para)
6932
#: serverguide/C/security.xml:762(para)
6927
6933
msgid ""
6928
6934
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6929
6935
"specified address space"
6930
6936
msgstr ""
6931
6937
6932
#: serverguide/C/security.xml:748(para)
6938
#: serverguide/C/security.xml:763(para)
6933
6939
msgid ""
6934
6940
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6935
6941
"specified network device"
6936
6942
msgstr ""
6937
6943
6938
#: serverguide/C/security.xml:750(para)
6944
#: serverguide/C/security.xml:765(para)
6939
6945
msgid ""
6940
6946
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6941
6947
"MASQUERADE target to be manipulated as described above"
6942
6948
msgstr ""
6943
6949
6944
#: serverguide/C/security.xml:758(para)
6950
#: serverguide/C/security.xml:773(para)
6945
6951
msgid ""
6946
6952
"Also, each chain in the filter table (the default table, and where most or "
6947
6953
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6951
6957
"above rule to work:"
6952
6958
msgstr ""
6953
6959
6954
#: serverguide/C/security.xml:765(screen)
6960
#: serverguide/C/security.xml:780(screen)
6955
6961
#, no-wrap
6956
6962
msgid ""
6957
6963
"\n"
6960
6966
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6961
6967
msgstr ""
6962
6968
6963
#: serverguide/C/security.xml:770(para)
6969
#: serverguide/C/security.xml:785(para)
6964
6970
msgid ""
6965
6971
"The above commands will allow all connections from your local network to the "
6966
6972
"Internet and all traffic related to those connections to return to the "
6967
6973
"machine that initiated them."
6968
6974
msgstr ""
6969
6975
6970
#: serverguide/C/security.xml:777(para)
6976
#: serverguide/C/security.xml:792(para)
6971
6977
msgid ""
6972
6978
"If you want masquerading to be enabled on reboot, which you probably do, "
6973
6979
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6974
6980
"example add the first command with no filtering:"
6975
6981
msgstr ""
6976
6982
6977
#: serverguide/C/security.xml:781(screen)
6983
#: serverguide/C/security.xml:796(screen)
6978
6984
#, no-wrap
6979
6985
msgid ""
6980
6986
"\n"
6983
6989
"\n"
6984
6990
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6985
6991
6986
#: serverguide/C/security.xml:789(title)
6992
#: serverguide/C/security.xml:804(title)
6987
6993
msgid "Logs"
6988
6994
msgstr ""
6989
6995
6990
#: serverguide/C/security.xml:790(para)
6996
#: serverguide/C/security.xml:805(para)
6991
6997
msgid ""
6992
6998
"Firewall logs are essential for recognizing attacks, troubleshooting your "
6993
6999
"firewall rules, and noticing unusual activity on your network. You must "
6997
7003
"REJECT)."
6998
7004
msgstr ""
6999
7005
7000
#: serverguide/C/security.xml:797(para)
7006
#: serverguide/C/security.xml:812(para)
7001
7007
msgid ""
7002
7008
"If you are using <application>ufw</application>, you can turn on logging by "
7003
7009
"entering the following in a terminal:"
7004
7010
msgstr ""
7005
7011
7006
#: serverguide/C/security.xml:801(command)
7012
#: serverguide/C/security.xml:816(command)
7007
7013
msgid "sudo ufw logging on"
7008
7014
msgstr "sudo ufw logging on"
7009
7015
7010
#: serverguide/C/security.xml:803(para)
7016
#: serverguide/C/security.xml:818(para)
7011
7017
msgid ""
7012
7018
"To turn logging off in <application>ufw</application>, simply replace "
7013
7019
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7014
7020
"role=\"italic\">off</emphasis> in the above command."
7015
7021
msgstr ""
7016
7022
7017
#: serverguide/C/security.xml:806(para)
7023
#: serverguide/C/security.xml:821(para)
7018
7024
msgid ""
7019
7025
"If using <application>iptables</application> instead of "
7020
7026
"<application>ufw</application>, enter:"
7021
7027
msgstr ""
7022
7028
7023
#: serverguide/C/security.xml:809(screen)
7029
#: serverguide/C/security.xml:824(screen)
7024
7030
#, no-wrap
7025
7031
msgid ""
7026
7032
"\n"
7028
7034
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
7029
7035
msgstr ""
7030
7036
7031
#: serverguide/C/security.xml:813(para)
7037
#: serverguide/C/security.xml:828(para)
7032
7038
msgid ""
7033
7039
"A request on port 80 from the local machine, then, would generate a log in "
7034
7040
"dmesg that looks like this (single line split into 3 to fit this document):"
7044
7050
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
7045
7051
msgstr ""
7046
7052
7047
#: serverguide/C/security.xml:822(para)
7053
#: serverguide/C/security.xml:836(para)
7048
7054
msgid ""
7049
7055
"The above log will also appear in <filename>/var/log/messages</filename>, "
7050
7056
"<filename>/var/log/syslog</filename>, and "
7061
7067
"or <application>lire</application>."
7062
7068
msgstr ""
7063
7069
7064
#: serverguide/C/security.xml:837(title)
7070
#: serverguide/C/security.xml:851(title)
7065
7071
msgid "Other Tools"
7066
7072
msgstr "Іншыя прылады"
7067
7073
7068
#: serverguide/C/security.xml:838(para)
7074
#: serverguide/C/security.xml:852(para)
7069
7075
msgid ""
7070
7076
"There are many tools available to help you construct a complete firewall "
7071
7077
"without intimate knowledge of iptables. For the GUI-inclined:"
7072
7078
msgstr ""
7073
7079
7074
#: serverguide/C/security.xml:844(para)
7080
#: serverguide/C/security.xml:858(para)
7075
7081
msgid ""
7076
7082
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7077
7083
"and will look familiar to an administrator who has used a commercial "
7078
7084
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7079
7085
msgstr ""
7080
7086
7081
#: serverguide/C/security.xml:850(para)
7087
#: serverguide/C/security.xml:864(para)
7082
7088
msgid ""
7083
7089
"If you prefer a command-line tool with plain-text configuration files:"
7084
7090
msgstr ""
7085
7091
7086
#: serverguide/C/security.xml:855(para)
7092
#: serverguide/C/security.xml:869(para)
7087
7093
msgid ""
7088
7094
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7089
7095
"powerful solution to help you configure an advanced firewall for any network."
7090
7096
msgstr ""
7091
7097
7092
#: serverguide/C/security.xml:866(para)
7098
#: serverguide/C/security.xml:880(para)
7093
7099
msgid ""
7094
7100
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7095
7101
"Firewall</ulink> wiki page contains information on the development of "
7096
7102
"<application>ufw</application>."
7097
7103
msgstr ""
7098
7104
7099
#: serverguide/C/security.xml:872(para)
7105
#: serverguide/C/security.xml:886(para)
7100
7106
msgid ""
7101
7107
"Also, the <application>ufw</application> manual page contains some very "
7102
7108
"useful information: <command>man ufw</command>."
7103
7109
msgstr ""
7104
7110
7105
#: serverguide/C/security.xml:877(para)
7111
#: serverguide/C/security.xml:891(para)
7106
7112
msgid ""
7107
7113
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7108
7114
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7109
7115
"on using <application>iptables</application>."
7110
7116
msgstr ""
7111
7117
7112
#: serverguide/C/security.xml:883(para)
7118
#: serverguide/C/security.xml:897(para)
7113
7119
msgid ""
7114
7120
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7115
7121
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7116
7122
msgstr ""
7117
7123
7118
#: serverguide/C/security.xml:889(para)
7124
#: serverguide/C/security.xml:903(para)
7119
7125
msgid ""
7120
7126
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7121
7127
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7122
7128
msgstr ""
7123
7129
7124
#: serverguide/C/security.xml:897(title)
7130
#: serverguide/C/security.xml:911(title)
7125
7131
msgid "AppArmor"
7126
7132
msgstr "AppArmor"
7127
7133
7128
#: serverguide/C/security.xml:898(para)
7134
#: serverguide/C/security.xml:912(para)
7129
7135
msgid ""
7130
7136
"<application>AppArmor</application> is a Linux Security Module "
7131
7137
"implementation of name-based mandatory access controls. AppArmor confines "
7133
7139
"capabilities."
7134
7140
msgstr ""
7135
7141
7136
#: serverguide/C/security.xml:902(para)
7142
#: serverguide/C/security.xml:916(para)
7137
7143
msgid ""
7138
7144
"<application>AppArmor</application> is installed and loaded by default. It "
7139
7145
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7142
7148
"<application>apparmor-profiles</application> package."
7143
7149
msgstr ""
7144
7150
7145
#: serverguide/C/security.xml:907(para)
7151
#: serverguide/C/security.xml:921(para)
7146
7152
msgid ""
7147
7153
"To install the <application>apparmor-profiles</application> package from a "
7148
7154
"terminal prompt:"
7149
7155
msgstr ""
7150
7156
7151
#: serverguide/C/security.xml:911(command)
7157
#: serverguide/C/security.xml:925(command)
7152
7158
msgid "sudo apt-get install apparmor-profiles"
7153
7159
msgstr "sudo apt-get install apparmor-profiles"
7154
7160
7155
#: serverguide/C/security.xml:913(para)
7161
#: serverguide/C/security.xml:927(para)
7156
7162
msgid "AppArmor profiles have two modes of execution:"
7157
7163
msgstr ""
7158
7164
7159
#: serverguide/C/security.xml:918(para)
7165
#: serverguide/C/security.xml:932(para)
7160
7166
msgid ""
7161
7167
"Complaining/Learning: profile violations are permitted and logged. Useful "
7162
7168
"for testing and developing new profiles."
7163
7169
msgstr ""
7164
7170
7165
#: serverguide/C/security.xml:923(para)
7171
#: serverguide/C/security.xml:937(para)
7166
7172
msgid ""
7167
7173
"Enforced/Confined: enforces profile policy as well as logging the violation."
7168
7174
msgstr ""
7169
7175
7170
#: serverguide/C/security.xml:929(title)
7176
#: serverguide/C/security.xml:943(title)
7171
7177
msgid "Using AppArmor"
7172
7178
msgstr "Ужываньне AppArmor"
7173
7179
7178
7184
"#1304134</ulink>) and instructions will not work as advertised."
7179
7185
msgstr ""
7180
7186
7181
#: serverguide/C/security.xml:930(para)
7187
#: serverguide/C/security.xml:950(para)
7182
7188
msgid ""
7183
7189
"The <application>apparmor-utils</application> package contains command line "
7184
7190
"utilities that you can use to change the <application>AppArmor</application> "
7185
7191
"execution mode, find the status of a profile, create new profiles, etc."
7186
7192
msgstr ""
7187
7193
7188
#: serverguide/C/security.xml:936(para)
7194
#: serverguide/C/security.xml:956(para)
7189
7195
msgid ""
7190
7196
"<application>apparmor_status</application> is used to view the current "
7191
7197
"status of AppArmor profiles."
7192
7198
msgstr ""
7193
7199
7194
#: serverguide/C/security.xml:940(command)
7200
#: serverguide/C/security.xml:960(command)
7195
7201
msgid "sudo apparmor_status"
7196
7202
msgstr "sudo apparmor_status"
7197
7203
7198
#: serverguide/C/security.xml:944(para)
7204
#: serverguide/C/security.xml:964(para)
7199
7205
msgid ""
7200
7206
"<application>aa-complain</application> places a profile into "
7201
7207
"<emphasis>complain</emphasis> mode."
7202
7208
msgstr ""
7203
7209
7204
#: serverguide/C/security.xml:948(command)
7210
#: serverguide/C/security.xml:968(command)
7205
7211
msgid "sudo aa-complain /path/to/bin"
7206
7212
msgstr "sudo aa-complain /path/to/bin"
7207
7213
7208
#: serverguide/C/security.xml:952(para)
7214
#: serverguide/C/security.xml:972(para)
7209
7215
msgid ""
7210
7216
"<application>aa-enforce</application> places a profile into "
7211
7217
"<emphasis>enforce</emphasis> mode."
7212
7218
msgstr ""
7213
7219
7214
#: serverguide/C/security.xml:956(command)
7220
#: serverguide/C/security.xml:976(command)
7215
7221
msgid "sudo aa-enforce /path/to/bin"
7216
7222
msgstr "sudo aa-enforce /path/to/bin"
7217
7223
7218
#: serverguide/C/security.xml:960(para)
7224
#: serverguide/C/security.xml:980(para)
7219
7225
msgid ""
7220
7226
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7221
7227
"profiles are located. It can be used to manipulate the "
7222
7228
"<emphasis>mode</emphasis> of all profiles."
7223
7229
msgstr ""
7224
7230
7225
#: serverguide/C/security.xml:964(para)
7231
#: serverguide/C/security.xml:984(para)
7226
7232
msgid "Enter the following to place all profiles into complain mode:"
7227
7233
msgstr ""
7228
7234
7229
#: serverguide/C/security.xml:968(command)
7235
#: serverguide/C/security.xml:988(command)
7230
7236
msgid "sudo aa-complain /etc/apparmor.d/*"
7231
7237
msgstr "sudo aa-complain /etc/apparmor.d/*"
7232
7238
7233
#: serverguide/C/security.xml:970(para)
7239
#: serverguide/C/security.xml:990(para)
7234
7240
msgid "To place all profiles in enforce mode:"
7235
7241
msgstr ""
7236
7242
7237
#: serverguide/C/security.xml:974(command)
7243
#: serverguide/C/security.xml:994(command)
7238
7244
msgid "sudo aa-enforce /etc/apparmor.d/*"
7239
7245
msgstr "sudo aa-enforce /etc/apparmor.d/*"
7240
7246
7241
#: serverguide/C/security.xml:978(para)
7247
#: serverguide/C/security.xml:998(para)
7242
7248
msgid ""
7243
7249
"<application>apparmor_parser</application> is used to load a profile into "
7244
7250
"the kernel. It can also be used to reload a currently loaded profile using "
7245
7251
"the <emphasis>-r</emphasis> option. To load a profile:"
7246
7252
msgstr ""
7247
7253
7248
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7254
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7249
7255
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7250
7256
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7251
7257
7252
#: serverguide/C/security.xml:985(para)
7258
#: serverguide/C/security.xml:1005(para)
7253
7259
msgid "To reload a profile:"
7254
7260
msgstr "Каб перазапусьціць профіль:"
7255
7261
7256
#: serverguide/C/security.xml:989(command)
7262
#: serverguide/C/security.xml:1009(command)
7257
7263
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7258
7264
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7259
7265
7263
7269
"<emphasis>reload</emphasis> all profiles:"
7264
7270
msgstr ""
7265
7271
7266
#: serverguide/C/network-auth.xml:964(command)
7272
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7267
7273
msgid "sudo service apparmor reload"
7268
7274
msgstr ""
7269
7275
7270
#: serverguide/C/security.xml:1001(para)
7276
#: serverguide/C/security.xml:1021(para)
7271
7277
msgid ""
7272
7278
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7273
7279
"with the <application>apparmor_parser -R</application> option to "
7274
7280
"<emphasis>disable</emphasis> a profile."
7275
7281
msgstr ""
7276
7282
7277
#: serverguide/C/security.xml:1006(command)
7283
#: serverguide/C/security.xml:1026(command)
7278
7284
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7279
7285
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7280
7286
7281
#: serverguide/C/security.xml:1007(command)
7287
#: serverguide/C/security.xml:1027(command)
7282
7288
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7283
7289
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7284
7290
7285
#: serverguide/C/security.xml:1009(para)
7291
#: serverguide/C/security.xml:1029(para)
7286
7292
msgid ""
7287
7293
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7288
7294
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7289
7295
"load the profile using the <emphasis>-a</emphasis> option."
7290
7296
msgstr ""
7291
7297
7292
#: serverguide/C/security.xml:1014(command)
7298
#: serverguide/C/security.xml:1034(command)
7293
7299
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7294
7300
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
7295
7301
7296
#: serverguide/C/security.xml:1019(para)
7302
#: serverguide/C/security.xml:1039(para)
7297
7303
msgid ""
7298
7304
"<application>AppArmor</application> can be disabled, and the kernel module "
7299
7305
"unloaded by entering the following:"
7303
7309
msgid "sudo service apparmor stop"
7304
7310
msgstr ""
7305
7311
7306
#: serverguide/C/security.xml:1024(command)
7312
#: serverguide/C/security.xml:1044(command)
7307
7313
msgid "sudo update-rc.d -f apparmor remove"
7308
7314
msgstr "sudo update-rc.d -f apparmor remove"
7309
7315
7310
#: serverguide/C/security.xml:1028(para)
7316
#: serverguide/C/security.xml:1048(para)
7311
7317
msgid "To re-enable <application>AppArmor</application> enter:"
7312
7318
msgstr ""
7313
7319
7315
7321
msgid "sudo service apparmor start"
7316
7322
msgstr ""
7317
7323
7318
#: serverguide/C/security.xml:1033(command)
7324
#: serverguide/C/security.xml:1053(command)
7319
7325
msgid "sudo update-rc.d apparmor defaults"
7320
7326
msgstr "sudo update-rc.d apparmor defaults"
7321
7327
7322
#: serverguide/C/security.xml:1038(para)
7328
#: serverguide/C/security.xml:1058(para)
7323
7329
msgid ""
7324
7330
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7325
7331
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7327
7333
"<application>ping</application> command use <filename>/bin/ping</filename>"
7328
7334
msgstr ""
7329
7335
7330
#: serverguide/C/security.xml:1046(title)
7336
#: serverguide/C/security.xml:1066(title)
7331
7337
msgid "Profiles"
7332
7338
msgstr "Профілі"
7333
7339
7334
#: serverguide/C/security.xml:1047(para)
7340
#: serverguide/C/security.xml:1067(para)
7335
7341
msgid ""
7336
7342
"<application>AppArmor</application> profiles are simple text files located "
7337
7343
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7340
7346
"profile for the <filename>/bin/ping</filename> command."
7341
7347
msgstr ""
7342
7348
7343
#: serverguide/C/security.xml:1053(para)
7349
#: serverguide/C/security.xml:1073(para)
7344
7350
msgid "There are two main type of rules used in profiles:"
7345
7351
msgstr "Ў профілях ёсьць два голоўных тыпа правілаў:"
7346
7352
7347
#: serverguide/C/security.xml:1058(para)
7353
#: serverguide/C/security.xml:1078(para)
7348
7354
msgid ""
7349
"<emphasis>Path entries:</emphasis> which detail which files an application "
7350
"can access in the file system."
7355
"<emphasis>Path entries:</emphasis> detail which files an application can "
7356
"access in the file system."
7351
7357
msgstr ""
7352
7358
7353
#: serverguide/C/security.xml:1063(para)
7359
#: serverguide/C/security.xml:1083(para)
7354
7360
msgid ""
7355
7361
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7356
7362
"confined process is allowed to use."
7357
7363
msgstr ""
7358
7364
7359
#: serverguide/C/security.xml:1068(para)
7365
#: serverguide/C/security.xml:1088(para)
7360
7366
msgid ""
7361
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7367
"As an example, take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7362
7368
msgstr ""
7363
7369
7364
#: serverguide/C/security.xml:1071(programlisting)
7370
#: serverguide/C/security.xml:1091(programlisting)
7365
7371
#, no-wrap
7366
7372
msgid ""
7367
7373
"\n"
7380
7386
"}\n"
7381
7387
msgstr ""
7382
7388
7383
#: serverguide/C/security.xml:1088(para)
7389
#: serverguide/C/security.xml:1108(para)
7384
7390
msgid ""
7385
7391
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7386
7392
"from other files. This allows statements pertaining to multiple applications "
7387
7393
"to be placed in a common file."
7388
7394
msgstr ""
7389
7395
7390
#: serverguide/C/security.xml:1094(para)
7396
#: serverguide/C/security.xml:1114(para)
7391
7397
msgid ""
7392
7398
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7393
7399
"program, also setting the mode to <emphasis>complain</emphasis>."
7394
7400
msgstr ""
7395
7401
7396
#: serverguide/C/security.xml:1100(para)
7402
#: serverguide/C/security.xml:1120(para)
7397
7403
msgid ""
7398
7404
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7399
7405
"the CAP_NET_RAW Posix.1e capability."
7400
7406
msgstr ""
7401
7407
7402
#: serverguide/C/security.xml:1105(para)
7408
#: serverguide/C/security.xml:1125(para)
7403
7409
msgid ""
7404
7410
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7405
7411
"execute access to the file."
7406
7412
msgstr ""
7407
7413
7408
#: serverguide/C/security.xml:1111(para)
7414
#: serverguide/C/security.xml:1131(para)
7409
7415
msgid ""
7410
7416
"After editing a profile file the profile must be reloaded. See <xref "
7411
7417
"linkend=\"apparmor-usage\"/> for details."
7412
7418
msgstr ""
7413
7419
7414
#: serverguide/C/security.xml:1116(title)
7420
#: serverguide/C/security.xml:1136(title)
7415
7421
msgid "Creating a Profile"
7416
7422
msgstr "Стварэньне профіля"
7417
7423
7418
#: serverguide/C/security.xml:1119(para)
7424
#: serverguide/C/security.xml:1139(para)
7419
7425
msgid ""
7420
7426
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7421
7427
"application should be exercised. The test plan should be divided into small "
7423
7429
"steps to follow."
7424
7430
msgstr ""
7425
7431
7426
#: serverguide/C/security.xml:1123(para)
7432
#: serverguide/C/security.xml:1143(para)
7427
7433
msgid "Some standard test cases are:"
7428
7434
msgstr ""
7429
7435
7430
#: serverguide/C/security.xml:1128(para)
7436
#: serverguide/C/security.xml:1148(para)
7431
7437
msgid "Starting the program."
7432
7438
msgstr "Урухомленьне праграмы."
7433
7439
7434
#: serverguide/C/security.xml:1133(para)
7440
#: serverguide/C/security.xml:1153(para)
7435
7441
msgid "Stopping the program."
7436
7442
msgstr "Спыненьне праграмы."
7437
7443
7438
#: serverguide/C/security.xml:1138(para)
7444
#: serverguide/C/security.xml:1158(para)
7439
7445
msgid "Reloading the program."
7440
7446
msgstr "Перазагрузка праграмы."
7441
7447
7442
#: serverguide/C/security.xml:1143(para)
7448
#: serverguide/C/security.xml:1163(para)
7443
7449
msgid "Testing all the commands supported by the init script."
7444
7450
msgstr ""
7445
7451
7446
#: serverguide/C/security.xml:1150(para)
7452
#: serverguide/C/security.xml:1170(para)
7447
7453
msgid ""
7448
7454
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7449
7455
"genprof</application> to generate a new profile. From a terminal:"
7450
7456
msgstr ""
7451
7457
7452
#: serverguide/C/security.xml:1155(command)
7458
#: serverguide/C/security.xml:1175(command)
7453
7459
msgid "sudo aa-genprof executable"
7454
7460
msgstr "sudo aa-genprof executable"
7455
7461
7456
#: serverguide/C/security.xml:1157(para)
7462
#: serverguide/C/security.xml:1177(para)
7457
7463
msgid "For example:"
7458
7464
msgstr "Напрыклад:"
7459
7465
7460
#: serverguide/C/security.xml:1161(command)
7466
#: serverguide/C/security.xml:1181(command)
7461
7467
msgid "sudo aa-genprof slapd"
7462
7468
msgstr "sudo aa-genprof slapd"
7463
7469
7464
#: serverguide/C/security.xml:1165(para)
7470
#: serverguide/C/security.xml:1185(para)
7465
7471
msgid ""
7466
7472
"To get your new profile included in the <application>apparmor-"
7467
7473
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7470
7476
"/ulink> package:"
7471
7477
msgstr ""
7472
7478
7473
#: serverguide/C/security.xml:1172(para)
7479
#: serverguide/C/security.xml:1192(para)
7474
7480
msgid "Include your test plan and test cases."
7475
7481
msgstr ""
7476
7482
7477
#: serverguide/C/security.xml:1177(para)
7483
#: serverguide/C/security.xml:1197(para)
7478
7484
msgid "Attach your new profile to the bug."
7479
7485
msgstr ""
7480
7486
7481
#: serverguide/C/security.xml:1186(title)
7487
#: serverguide/C/security.xml:1206(title)
7482
7488
msgid "Updating Profiles"
7483
7489
msgstr ""
7484
7490
7485
#: serverguide/C/security.xml:1187(para)
7491
#: serverguide/C/security.xml:1207(para)
7486
7492
msgid ""
7487
7493
"When the program is misbehaving, audit messages are sent to the log files. "
7488
7494
"The program <application>aa-logprof</application> can be used to scan log "
7490
7496
"and update the profiles. From a terminal:"
7491
7497
msgstr ""
7492
7498
7493
#: serverguide/C/security.xml:1192(command)
7499
#: serverguide/C/security.xml:1212(command)
7494
7500
msgid "sudo aa-logprof"
7495
7501
msgstr "sudo aa-logprof"
7496
7502
7497
#: serverguide/C/security.xml:1200(para)
7503
#: serverguide/C/security.xml:1220(para)
7498
7504
msgid ""
7499
7505
"See the <ulink "
7500
7506
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7503
7509
"configuration options."
7504
7510
msgstr ""
7505
7511
7506
#: serverguide/C/security.xml:1207(para)
7512
#: serverguide/C/security.xml:1227(para)
7507
7513
msgid ""
7508
7514
"For details using AppArmor with other Ubuntu releases see the <ulink "
7509
7515
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7510
7516
"Wiki</ulink> page."
7511
7517
msgstr ""
7512
7518
7513
#: serverguide/C/security.xml:1215(para)
7519
#: serverguide/C/security.xml:1235(para)
7514
7520
msgid ""
7515
7521
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7516
7522
"AppArmor</ulink> page is another introduction to AppArmor."
7517
7523
msgstr ""
7518
7524
7519
#: serverguide/C/security.xml:1222(para)
7525
#: serverguide/C/security.xml:1242(para)
7520
7526
msgid ""
7521
7527
"A great place to ask for <application>AppArmor</application> assistance, and "
7522
7528
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7524
7530
"url=\"http://freenode.net\">freenode</ulink>."
7525
7531
msgstr ""
7526
7532
7527
#: serverguide/C/security.xml:1232(title)
7533
#: serverguide/C/security.xml:1252(title)
7528
7534
msgid "Certificates"
7529
7535
msgstr ""
7530
7536
7531
#: serverguide/C/security.xml:1233(para)
7537
#: serverguide/C/security.xml:1253(para)
7532
7538
msgid ""
7533
7539
"One of the most common forms of cryptography today is <emphasis>public-"
7534
7540
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7538
7544
"the private key."
7539
7545
msgstr ""
7540
7546
7541
#: serverguide/C/security.xml:1239(para)
7547
#: serverguide/C/security.xml:1259(para)
7542
7548
msgid ""
7543
7549
"A common use for public-key cryptography is encrypting application traffic "
7544
7550
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7545
"connection. For example, configuring Apache to provide "
7551
"connection. One example: configuring Apache to provide "
7546
7552
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7547
7553
"encrypt traffic using a protocol that does not itself provide encryption."
7548
7554
msgstr ""
7549
7555
7550
#: serverguide/C/security.xml:1244(para)
7556
#: serverguide/C/security.xml:1264(para)
7551
7557
msgid ""
7552
7558
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7553
7559
"<emphasis>public key</emphasis> and other information about a server and the "
7554
7560
"organization who is responsible for it. Certificates can be digitally signed "
7555
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7561
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7556
7562
"third party that has confirmed that the information contained in the "
7557
7563
"certificate is accurate."
7558
7564
msgstr ""
7559
7565
7560
#: serverguide/C/security.xml:1251(title)
7566
#: serverguide/C/security.xml:1271(title)
7561
7567
msgid "Types of Certificates"
7562
7568
msgstr "Тыпы сэртыфікатаў"
7563
7569
7564
#: serverguide/C/security.xml:1252(para)
7570
#: serverguide/C/security.xml:1272(para)
7565
7571
msgid ""
7566
7572
"To set up a secure server using public-key cryptography, in most cases, you "
7567
7573
"send your certificate request (including your public key), proof of your "
7571
7577
"signed</emphasis> certificate."
7572
7578
msgstr ""
7573
7579
7574
#: serverguide/C/security.xml:1262(para)
7580
#: serverguide/C/security.xml:1282(para)
7575
7581
msgid ""
7576
"Note, that self-signed certificates should not be used in most production "
7582
"Note that self-signed certificates should not be used in most production "
7577
7583
"environments."
7578
7584
msgstr ""
7579
7585
7580
#: serverguide/C/security.xml:1266(para)
7586
#: serverguide/C/security.xml:1286(para)
7581
7587
msgid ""
7582
7588
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7583
7589
"capabilities that a self-signed certificate does not:"
7584
7590
msgstr ""
7585
7591
7586
#: serverguide/C/security.xml:1273(para)
7592
#: serverguide/C/security.xml:1293(para)
7587
7593
msgid ""
7588
7594
"Browsers (usually) automatically recognize the certificate and allow a "
7589
7595
"secure connection to be made without prompting the user."
7590
7596
msgstr ""
7591
7597
7592
#: serverguide/C/security.xml:1280(para)
7598
#: serverguide/C/security.xml:1300(para)
7593
7599
msgid ""
7594
7600
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7595
7601
"the organization that is providing the web pages to the browser."
7604
7610
"may generate an error message when using a self-signed certificate."
7605
7611
msgstr ""
7606
7612
7607
#: serverguide/C/security.xml:1296(para)
7613
#: serverguide/C/security.xml:1316(para)
7608
7614
msgid ""
7609
7615
"The process of getting a certificate from a CA is fairly easy. A quick "
7610
7616
"overview is as follows:"
7611
7617
msgstr ""
7612
7618
7613
#: serverguide/C/security.xml:1303(para)
7619
#: serverguide/C/security.xml:1323(para)
7614
7620
msgid "Create a private and public encryption key pair."
7615
7621
msgstr ""
7616
7622
7617
#: serverguide/C/security.xml:1306(para)
7623
#: serverguide/C/security.xml:1326(para)
7618
7624
msgid ""
7619
7625
"Create a certificate request based on the public key. The certificate "
7620
7626
"request contains information about your server and the company hosting it."
7621
7627
msgstr ""
7622
7628
7623
#: serverguide/C/security.xml:1311(para)
7629
#: serverguide/C/security.xml:1331(para)
7624
7630
msgid ""
7625
7631
"Send the certificate request, along with documents proving your identity, to "
7626
7632
"a CA. We cannot tell you which certificate authority to choose. Your "
7628
7634
"your friends or colleagues, or purely on monetary factors."
7629
7635
msgstr ""
7630
7636
7631
#: serverguide/C/security.xml:1317(para)
7637
#: serverguide/C/security.xml:1337(para)
7632
7638
msgid ""
7633
7639
"Once you have decided upon a CA, you need to follow the instructions they "
7634
7640
"provide on how to obtain a certificate from them."
7635
7641
msgstr ""
7636
7642
7637
#: serverguide/C/security.xml:1322(para)
7643
#: serverguide/C/security.xml:1342(para)
7638
7644
msgid ""
7639
7645
"When the CA is satisfied that you are indeed who you claim to be, they send "
7640
7646
"you a digital certificate."
7641
7647
msgstr ""
7642
7648
7643
#: serverguide/C/security.xml:1326(para)
7649
#: serverguide/C/security.xml:1346(para)
7644
7650
msgid ""
7645
7651
"Install this certificate on your secure server, and configure the "
7646
7652
"appropriate applications to use the certificate."
7647
7653
msgstr ""
7648
7654
7649
#: serverguide/C/security.xml:1335(title)
7655
#: serverguide/C/security.xml:1355(title)
7650
7656
msgid "Generating a Certificate Signing Request (CSR)"
7651
7657
msgstr ""
7652
7658
7653
#: serverguide/C/security.xml:1337(para)
7659
#: serverguide/C/security.xml:1357(para)
7654
7660
msgid ""
7655
7661
"Whether you are getting a certificate from a CA or generating your own self-"
7656
7662
"signed certificate, the first step is to generate a key."
7657
7663
msgstr ""
7658
7664
7659
#: serverguide/C/security.xml:1342(para)
7665
#: serverguide/C/security.xml:1362(para)
7660
7666
msgid ""
7661
7667
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7662
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7668
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7663
7669
"passphrase allows the services to start without manual intervention, usually "
7664
7670
"the preferred way to start a daemon."
7665
7671
msgstr ""
7666
7672
7667
#: serverguide/C/security.xml:1348(para)
7673
#: serverguide/C/security.xml:1368(para)
7668
7674
msgid ""
7669
7675
"This section will cover generating a key with a passphrase, and one without. "
7670
7676
"The non-passphrase key will then be used to generate a certificate that can "
7671
7677
"be used with various service daemons."
7672
7678
msgstr ""
7673
7679
7674
#: serverguide/C/security.xml:1354(para)
7680
#: serverguide/C/security.xml:1374(para)
7675
7681
msgid ""
7676
7682
"Running your secure service without a passphrase is convenient because you "
7677
7683
"will not need to enter the passphrase every time you start your secure "
7679
7685
"of the server as well."
7680
7686
msgstr ""
7681
7687
7682
#: serverguide/C/security.xml:1361(para)
7688
#: serverguide/C/security.xml:1381(para)
7683
7689
msgid ""
7684
7690
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7685
7691
"Request (CSR) run the following command from a terminal prompt:"
7686
7692
msgstr ""
7687
7693
7688
#: serverguide/C/security.xml:1367(command)
7694
#: serverguide/C/security.xml:1387(command)
7689
7695
msgid "openssl genrsa -des3 -out server.key 2048"
7690
7696
msgstr ""
7691
7697
7692
#: serverguide/C/security.xml:1370(programlisting)
7698
#: serverguide/C/security.xml:1390(programlisting)
7693
7699
#, no-wrap
7694
7700
msgid ""
7695
7701
"\n"
7700
7706
"Enter pass phrase for server.key:\n"
7701
7707
msgstr ""
7702
7708
7703
#: serverguide/C/security.xml:1378(para)
7709
#: serverguide/C/security.xml:1398(para)
7704
7710
msgid ""
7705
7711
"You can now enter your passphrase. For best security, it should at least "
7706
7712
"contain eight characters. The minimum length when specifying -des3 is four "
7708
7714
"in a dictionary. Also remember that your passphrase is case-sensitive."
7709
7715
msgstr ""
7710
7716
7711
#: serverguide/C/security.xml:1386(para)
7717
#: serverguide/C/security.xml:1406(para)
7712
7718
msgid ""
7713
7719
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7714
7720
"server key is generated and stored in the <filename>server.key</filename> "
7715
7721
"file."
7716
7722
msgstr ""
7717
7723
7718
#: serverguide/C/security.xml:1392(para)
7724
#: serverguide/C/security.xml:1412(para)
7719
7725
msgid ""
7720
7726
"Now create the insecure key, the one without a passphrase, and shuffle the "
7721
7727
"key names:"
7722
7728
msgstr ""
7723
7729
7724
#: serverguide/C/security.xml:1398(command)
7730
#: serverguide/C/security.xml:1418(command)
7725
7731
msgid "openssl rsa -in server.key -out server.key.insecure"
7726
7732
msgstr "openssl rsa -in server.key -out server.key.insecure"
7727
7733
7728
#: serverguide/C/security.xml:1399(command)
7734
#: serverguide/C/security.xml:1419(command)
7729
7735
msgid "mv server.key server.key.secure"
7730
7736
msgstr "mv server.key server.key.secure"
7731
7737
7732
#: serverguide/C/security.xml:1400(command)
7738
#: serverguide/C/security.xml:1420(command)
7733
7739
msgid "mv server.key.insecure server.key"
7734
7740
msgstr "mv server.key.insecure server.key"
7735
7741
7736
#: serverguide/C/security.xml:1403(para)
7742
#: serverguide/C/security.xml:1423(para)
7737
7743
msgid ""
7738
7744
"The insecure key is now named <filename>server.key</filename>, and you can "
7739
7745
"use this file to generate the CSR without passphrase."
7740
7746
msgstr ""
7741
7747
7742
#: serverguide/C/security.xml:1408(para)
7748
#: serverguide/C/security.xml:1428(para)
7743
7749
msgid "To create the CSR, run the following command at a terminal prompt:"
7744
7750
msgstr ""
7745
7751
7746
#: serverguide/C/security.xml:1413(command)
7752
#: serverguide/C/security.xml:1433(command)
7747
7753
msgid "openssl req -new -key server.key -out server.csr"
7748
7754
msgstr "openssl req -new -key server.key -out server.csr"
7749
7755
7750
#: serverguide/C/security.xml:1416(para)
7756
#: serverguide/C/security.xml:1436(para)
7751
7757
msgid ""
7752
7758
"It will prompt you enter the passphrase. If you enter the correct "
7753
7759
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7755
7761
"be stored in the <filename>server.csr</filename> file."
7756
7762
msgstr ""
7757
7763
7758
#: serverguide/C/security.xml:1424(para)
7764
#: serverguide/C/security.xml:1444(para)
7759
7765
msgid ""
7760
7766
"You can now submit this CSR file to a CA for processing. The CA will use "
7761
7767
"this CSR file and issue the certificate. On the other hand, you can create "
7762
7768
"self-signed certificate using this CSR."
7763
7769
msgstr ""
7764
7770
7765
#: serverguide/C/security.xml:1432(title)
7771
#: serverguide/C/security.xml:1452(title)
7766
7772
msgid "Creating a Self-Signed Certificate"
7767
7773
msgstr ""
7768
7774
7769
#: serverguide/C/security.xml:1433(para)
7775
#: serverguide/C/security.xml:1453(para)
7770
7776
msgid ""
7771
7777
"To create the self-signed certificate, run the following command at a "
7772
7778
"terminal prompt:"
7773
7779
msgstr ""
7774
7780
7775
#: serverguide/C/security.xml:1438(command)
7781
#: serverguide/C/security.xml:1458(command)
7776
7782
msgid ""
7777
7783
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7778
7784
"server.crt"
7780
7786
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7781
7787
"server.crt"
7782
7788
7783
#: serverguide/C/security.xml:1441(para)
7789
#: serverguide/C/security.xml:1461(para)
7784
7790
msgid ""
7785
7791
"The above command will prompt you to enter the passphrase. Once you enter "
7786
7792
"the correct passphrase, your certificate will be created and it will be "
7787
7793
"stored in the <filename>server.crt</filename> file."
7788
7794
msgstr ""
7789
7795
7790
#: serverguide/C/security.xml:1446(para)
7796
#: serverguide/C/security.xml:1466(para)
7791
7797
msgid ""
7792
7798
"If your secure server is to be used in a production environment, you "
7793
7799
"probably need a CA-signed certificate. It is not recommended to use self-"
7794
7800
"signed certificate."
7795
7801
msgstr ""
7796
7802
7797
#: serverguide/C/security.xml:1454(title)
7803
#: serverguide/C/security.xml:1474(title)
7798
7804
msgid "Installing the Certificate"
7799
7805
msgstr "Устаноўка сэртыфіката"
7800
7806
7801
#: serverguide/C/security.xml:1456(para)
7807
#: serverguide/C/security.xml:1476(para)
7802
7808
msgid ""
7803
7809
"You can install the key file <filename>server.key</filename> and certificate "
7804
7810
"file <filename>server.crt</filename>, or the certificate file issued by your "
7805
7811
"CA, by running following commands at a terminal prompt:"
7806
7812
msgstr ""
7807
7813
7808
#: serverguide/C/security.xml:1462(command)
7814
#: serverguide/C/security.xml:1482(command)
7809
7815
msgid "sudo cp server.crt /etc/ssl/certs"
7810
7816
msgstr "sudo cp server.crt /etc/ssl/certs"
7811
7817
7812
#: serverguide/C/security.xml:1463(command)
7818
#: serverguide/C/security.xml:1483(command)
7813
7819
msgid "sudo cp server.key /etc/ssl/private"
7814
7820
msgstr "sudo cp server.key /etc/ssl/private"
7815
7821
7816
#: serverguide/C/security.xml:1465(para)
7822
#: serverguide/C/security.xml:1485(para)
7817
7823
msgid ""
7818
7824
"Now simply configure any applications, with the ability to use public-key "
7819
7825
"cryptography, to use the <emphasis>certificate</emphasis> and "
7822
7828
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7823
7829
msgstr ""
7824
7830
7825
#: serverguide/C/security.xml:1472(title)
7831
#: serverguide/C/security.xml:1492(title)
7826
7832
msgid "Certification Authority"
7827
7833
msgstr ""
7828
7834
7829
#: serverguide/C/security.xml:1474(para)
7835
#: serverguide/C/security.xml:1494(para)
7830
7836
msgid ""
7831
7837
"If the services on your network require more than a few self-signed "
7832
7838
"certificates it may be worth the additional effort to setup your own "
7836
7842
"the same CA."
7837
7843
msgstr ""
7838
7844
7839
#: serverguide/C/security.xml:1484(para)
7845
#: serverguide/C/security.xml:1504(para)
7840
7846
msgid ""
7841
7847
"First, create the directories to hold the CA certificate and related files:"
7842
7848
msgstr ""
7843
7849
7844
#: serverguide/C/security.xml:1489(command)
7850
#: serverguide/C/security.xml:1509(command)
7845
7851
msgid "sudo mkdir /etc/ssl/CA"
7846
7852
msgstr "sudo mkdir /etc/ssl/CA"
7847
7853
7848
#: serverguide/C/security.xml:1490(command)
7854
#: serverguide/C/security.xml:1510(command)
7849
7855
msgid "sudo mkdir /etc/ssl/newcerts"
7850
7856
msgstr "sudo mkdir /etc/ssl/newcerts"
7851
7857
7852
#: serverguide/C/security.xml:1496(para)
7858
#: serverguide/C/security.xml:1516(para)
7853
7859
msgid ""
7854
7860
"The CA needs a few additional files to operate, one to keep track of the "
7855
7861
"last serial number used by the CA, each certificate must have a unique "
7857
7863
"issued:"
7858
7864
msgstr ""
7859
7865
7860
#: serverguide/C/security.xml:1503(command)
7866
#: serverguide/C/security.xml:1523(command)
7861
7867
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7862
7868
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7863
7869
7864
#: serverguide/C/security.xml:1504(command)
7870
#: serverguide/C/security.xml:1524(command)
7865
7871
msgid "sudo touch /etc/ssl/CA/index.txt"
7866
7872
msgstr "sudo touch /etc/ssl/CA/index.txt"
7867
7873
7868
#: serverguide/C/security.xml:1510(para)
7874
#: serverguide/C/security.xml:1530(para)
7869
7875
msgid ""
7870
7876
"The third file is a CA configuration file. Though not strictly necessary, it "
7871
7877
"is very convenient when issuing multiple certificates. Edit "
7873
7879
"]</emphasis> change:"
7874
7880
msgstr ""
7875
7881
7876
#: serverguide/C/security.xml:1516(programlisting)
7882
#: serverguide/C/security.xml:1536(programlisting)
7877
7883
#, no-wrap
7878
7884
msgid ""
7879
7885
"\n"
7888
7894
msgid "Next, create the self-signed root certificate:"
7889
7895
msgstr ""
7890
7896
7891
#: serverguide/C/security.xml:1532(command)
7897
#: serverguide/C/security.xml:1552(command)
7892
7898
msgid ""
7893
7899
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7894
7900
"days 3650"
7896
7902
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7897
7903
"days 3650"
7898
7904
7899
#: serverguide/C/security.xml:1535(para)
7905
#: serverguide/C/security.xml:1555(para)
7900
7906
msgid "You will then be asked to enter the details about the certificate."
7901
7907
msgstr ""
7902
7908
7903
#: serverguide/C/security.xml:1542(para)
7909
#: serverguide/C/security.xml:1562(para)
7904
7910
msgid "Now install the root certificate and key:"
7905
7911
msgstr ""
7906
7912
7907
#: serverguide/C/security.xml:1547(command)
7913
#: serverguide/C/security.xml:1567(command)
7908
7914
msgid "sudo mv cakey.pem /etc/ssl/private/"
7909
7915
msgstr "sudo mv cakey.pem /etc/ssl/private/"
7910
7916
7911
#: serverguide/C/security.xml:1548(command)
7917
#: serverguide/C/security.xml:1568(command)
7912
7918
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7913
7919
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
7914
7920
7915
#: serverguide/C/security.xml:1554(para)
7921
#: serverguide/C/security.xml:1574(para)
7916
7922
msgid ""
7917
7923
"You are now ready to start signing certificates. The first item needed is a "
7918
7924
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7920
7926
"certificate signed by the CA:"
7921
7927
msgstr ""
7922
7928
7923
#: serverguide/C/security.xml:1561(command)
7929
#: serverguide/C/security.xml:1581(command)
7924
7930
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7925
7931
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7926
7932
7927
#: serverguide/C/security.xml:1564(para)
7933
#: serverguide/C/security.xml:1584(para)
7928
7934
msgid ""
7929
7935
"After entering the password for the CA key, you will be prompted to sign the "
7930
7936
"certificate, and again to commit the new certificate. You should then see a "
7931
7937
"somewhat large amount of output related to the certificate creation."
7932
7938
msgstr ""
7933
7939
7934
#: serverguide/C/security.xml:1573(para)
7940
#: serverguide/C/security.xml:1593(para)
7935
7941
msgid ""
7936
7942
"There should now be a new file, "
7937
7943
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7942
7948
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7943
7949
msgstr ""
7944
7950
7945
#: serverguide/C/security.xml:1581(para)
7951
#: serverguide/C/security.xml:1601(para)
7946
7952
msgid ""
7947
7953
"Subsequent certificates will be named <filename>02.pem</filename>, "
7948
7954
"<filename>03.pem</filename>, etc."
7949
7955
msgstr ""
7950
7956
7951
#: serverguide/C/security.xml:1586(para)
7957
#: serverguide/C/security.xml:1606(para)
7952
7958
msgid ""
7953
7959
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7954
7960
"name."
7955
7961
msgstr ""
7956
7962
7957
#: serverguide/C/security.xml:1594(para)
7963
#: serverguide/C/security.xml:1614(para)
7958
7964
msgid ""
7959
7965
"Finally, copy the new certificate to the host that needs it, and configure "
7960
7966
"the appropriate applications to use it. The default location to install "
7963
7969
"complicated file permissions."
7964
7970
msgstr ""
7965
7971
7966
#: serverguide/C/security.xml:1600(para)
7972
#: serverguide/C/security.xml:1620(para)
7967
7973
msgid ""
7968
7974
"For applications that can be configured to use a CA certificate, you should "
7969
7975
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7971
7977
"server."
7972
7978
msgstr ""
7973
7979
7974
#: serverguide/C/security.xml:1614(para)
7980
#: serverguide/C/security.xml:1634(para)
7975
7981
msgid ""
7976
7982
"For more detailed instructions on using cryptography see the <ulink "
7977
7983
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7978
"Certificates HOWTO</ulink> by tldp.org"
7984
"Certificates HOWTO</ulink> by tldp.org:"
7979
7985
msgstr ""
7980
7986
7981
#: serverguide/C/security.xml:1620(para)
7987
#: serverguide/C/security.xml:1640(para)
7982
7988
msgid ""
7983
7989
"The Wikipedia <ulink "
7984
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7990
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
7985
7991
"information regarding HTTPS."
7986
7992
msgstr ""
7987
7993
7988
#: serverguide/C/security.xml:1625(para)
7994
#: serverguide/C/security.xml:1645(para)
7989
7995
msgid ""
7990
7996
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7991
7997
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7992
7998
msgstr ""
7993
7999
7994
#: serverguide/C/security.xml:1630(para)
8000
#: serverguide/C/security.xml:1650(para)
7995
8001
msgid ""
7996
8002
"Also, O'Reilly's <ulink "
7997
8003
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7998
"OpenSSL</ulink> is a good in depth reference."
8004
"OpenSSL</ulink> is a good in-depth reference."
7999
8005
msgstr ""
8000
8006
8001
#: serverguide/C/security.xml:1639(title)
8007
#: serverguide/C/security.xml:1659(title)
8002
8008
msgid "eCryptfs"
8003
8009
msgstr "eCryptfs"
8004
8010
8010
8016
"filesystem, partition type, etc."
8011
8017
msgstr ""
8012
8018
8013
#: serverguide/C/security.xml:1647(para)
8019
#: serverguide/C/security.xml:1667(para)
8014
8020
msgid ""
8015
8021
"During installation there is an option to encrypt the <filename "
8016
8022
"role=\"directory\">/home</filename> partition. This will automatically "
8017
8023
"configure everything needed to encrypt and mount the partition."
8018
8024
msgstr ""
8019
8025
8020
#: serverguide/C/security.xml:1652(para)
8026
#: serverguide/C/security.xml:1672(para)
8021
8027
msgid ""
8022
8028
"As an example, this section will cover configuring <filename "
8023
8029
"role=\"directory\">/srv</filename> to be encrypted using "
8024
8030
"<emphasis>eCryptfs</emphasis>."
8025
8031
msgstr ""
8026
8032
8027
#: serverguide/C/security.xml:1657(title)
8033
#: serverguide/C/security.xml:1677(title)
8028
8034
msgid "Using eCryptfs"
8029
8035
msgstr "Ужываньне eCryptfs"
8030
8036
8031
#: serverguide/C/security.xml:1659(para)
8037
#: serverguide/C/security.xml:1679(para)
8032
8038
msgid "First, install the necessary packages. From a terminal prompt enter:"
8033
8039
msgstr "Спачатку устанавіце неабходныя пакеты. Увядзіце ў тэрмінале:"
8034
8040
8035
#: serverguide/C/security.xml:1664(command)
8041
#: serverguide/C/security.xml:1684(command)
8036
8042
msgid "sudo apt-get install ecryptfs-utils"
8037
8043
msgstr "sudo apt-get install ecryptfs-utils"
8038
8044
8039
#: serverguide/C/security.xml:1667(para)
8045
#: serverguide/C/security.xml:1687(para)
8040
8046
msgid "Now mount the partition to be encrypted:"
8041
8047
msgstr ""
8042
8048
8043
#: serverguide/C/security.xml:1672(command)
8049
#: serverguide/C/security.xml:1692(command)
8044
8050
msgid "sudo mount -t ecryptfs /srv /srv"
8045
8051
msgstr "sudo mount -t ecryptfs /srv /srv"
8046
8052
8047
#: serverguide/C/security.xml:1675(para)
8053
#: serverguide/C/security.xml:1695(para)
8048
8054
msgid ""
8049
8055
"You will then be prompted for some details on how "
8050
8056
"<application>ecryptfs</application> should encrypt the data."
8051
8057
msgstr ""
8052
8058
8053
#: serverguide/C/security.xml:1679(para)
8059
#: serverguide/C/security.xml:1699(para)
8054
8060
msgid ""
8055
8061
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8056
8062
"copy the <filename>/etc/default</filename> folder to "
8057
8063
"<filename>/srv</filename>:"
8058
8064
msgstr ""
8059
8065
8060
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8066
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8061
8067
msgid "sudo cp -r /etc/default /srv"
8062
8068
msgstr "sudo cp -r /etc/default /srv"
8063
8069
8064
#: serverguide/C/security.xml:1688(para)
8070
#: serverguide/C/security.xml:1708(para)
8065
8071
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8066
8072
msgstr ""
8067
8073
8068
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8074
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8069
8075
msgid "sudo umount /srv"
8070
8076
msgstr "sudo umount /srv"
8071
8077
8072
#: serverguide/C/security.xml:1694(command)
8078
#: serverguide/C/security.xml:1714(command)
8073
8079
msgid "cat /srv/default/cron"
8074
8080
msgstr "cat /srv/default/cron"
8075
8081
8076
#: serverguide/C/security.xml:1697(para)
8082
#: serverguide/C/security.xml:1717(para)
8077
8083
msgid ""
8078
8084
"Remounting <filename>/srv</filename> using "
8079
8085
"<application>ecryptfs</application> will make the data viewable once again."
8080
8086
msgstr ""
8081
8087
8082
#: serverguide/C/security.xml:1703(title)
8088
#: serverguide/C/security.xml:1723(title)
8083
8089
msgid "Automatically Mounting Encrypted Partitions"
8084
8090
msgstr ""
8085
8091
8086
#: serverguide/C/security.xml:1705(para)
8092
#: serverguide/C/security.xml:1725(para)
8087
8093
msgid ""
8088
8094
"There are a couple of ways to automatically mount an "
8089
8095
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8091
8097
"mount options, along with a passphrase file residing on a USB key."
8092
8098
msgstr ""
8093
8099
8094
#: serverguide/C/security.xml:1711(para)
8100
#: serverguide/C/security.xml:1731(para)
8095
8101
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8096
8102
msgstr ""
8097
8103
8098
#: serverguide/C/security.xml:1715(programlisting)
8104
#: serverguide/C/security.xml:1735(programlisting)
8099
8105
#, no-wrap
8100
8106
msgid ""
8101
8107
"\n"
8107
8113
"ecryptfs_enable_filename_crypto=n\n"
8108
8114
msgstr ""
8109
8115
8110
#: serverguide/C/security.xml:1725(para)
8116
#: serverguide/C/security.xml:1745(para)
8111
8117
msgid ""
8112
8118
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8113
8119
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8114
8120
msgstr ""
8115
8121
8116
#: serverguide/C/security.xml:1730(para)
8122
#: serverguide/C/security.xml:1750(para)
8117
8123
msgid ""
8118
8124
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8119
8125
"file:"
8120
8126
msgstr ""
8121
8127
8122
#: serverguide/C/security.xml:1734(programlisting)
8128
#: serverguide/C/security.xml:1754(programlisting)
8123
8129
#, no-wrap
8124
8130
msgid ""
8125
8131
"\n"
8128
8134
"\n"
8129
8135
"passphrase_passwd=[secrets]\n"
8130
8136
8131
#: serverguide/C/security.xml:1738(para)
8137
#: serverguide/C/security.xml:1758(para)
8132
8138
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8133
8139
msgstr ""
8134
8140
8135
#: serverguide/C/security.xml:1742(programlisting)
8141
#: serverguide/C/security.xml:1762(programlisting)
8136
8142
#, no-wrap
8137
8143
msgid ""
8138
8144
"\n"
8143
8149
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
8144
8150
"/srv /srv ecryptfs defaults 0 0\n"
8145
8151
8146
#: serverguide/C/security.xml:1747(para)
8152
#: serverguide/C/security.xml:1767(para)
8147
8153
msgid "Make sure the USB drive is mounted before the encrypted partition."
8148
8154
msgstr ""
8149
8155
8150
#: serverguide/C/security.xml:1751(para)
8156
#: serverguide/C/security.xml:1771(para)
8151
8157
msgid ""
8152
8158
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8153
8159
"<emphasis>eCryptfs</emphasis>."
8154
8160
msgstr ""
8155
8161
8156
#: serverguide/C/security.xml:1757(title)
8162
#: serverguide/C/security.xml:1777(title)
8157
8163
msgid "Other Utilities"
8158
8164
msgstr ""
8159
8165
8160
#: serverguide/C/security.xml:1759(para)
8166
#: serverguide/C/security.xml:1779(para)
8161
8167
msgid ""
8162
8168
"The <application>ecryptfs-utils</application> package includes several other "
8163
8169
"useful utilities:"
8164
8170
msgstr ""
8165
8171
8166
#: serverguide/C/security.xml:1765(para)
8172
#: serverguide/C/security.xml:1785(para)
8167
8173
msgid ""
8168
8174
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8169
8175
"<filename>~/Private</filename> directory to contain encrypted information. "
8171
8177
"other users on the system."
8172
8178
msgstr ""
8173
8179
8174
#: serverguide/C/security.xml:1772(para)
8180
#: serverguide/C/security.xml:1792(para)
8175
8181
msgid ""
8176
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8177
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8178
"directory."
8182
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8183
"private</emphasis> will mount and unmount a user's "
8184
"<filename>~/Private</filename> directory."
8179
8185
msgstr ""
8180
8186
8181
#: serverguide/C/security.xml:1778(para)
8187
#: serverguide/C/security.xml:1798(para)
8182
8188
msgid ""
8183
8189
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8184
8190
"kernel keyring."
8185
8191
msgstr ""
8186
8192
8187
#: serverguide/C/security.xml:1783(para)
8193
#: serverguide/C/security.xml:1803(para)
8188
8194
msgid ""
8189
8195
"<emphasis>ecryptfs-manager:</emphasis> manages "
8190
8196
"<application>eCryptfs</application> objects such as keys."
8191
8197
msgstr ""
8192
8198
8193
#: serverguide/C/security.xml:1788(para)
8199
#: serverguide/C/security.xml:1808(para)
8194
8200
msgid ""
8195
8201
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8196
8202
"<application>ecryptfs</application> meta information for a file."
8197
8203
msgstr ""
8198
8204
8199
#: serverguide/C/security.xml:1801(para)
8205
#: serverguide/C/security.xml:1821(para)
8200
8206
msgid ""
8201
8207
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8202
8208
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8203
8209
msgstr ""
8204
8210
8205
#: serverguide/C/security.xml:1806(para)
8211
#: serverguide/C/security.xml:1826(para)
8206
8212
msgid ""
8207
8213
"There is also a <ulink "
8208
8214
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8221
8227
msgid "Samba"
8222
8228
msgstr ""
8223
8229
8224
#: serverguide/C/windows-networking.xml:13(para)
8230
#: serverguide/C/samba.xml:13(para)
8225
8231
msgid ""
8226
8232
"Computer networks are often comprised of diverse systems, and while "
8227
8233
"operating a network made up entirely of Ubuntu desktop and server computers "
8242
8248
"ўводзіны ў прынцыпы й сродкі, прызначаныя для наладкі вашага паслужніка "
8243
8249
"Ubuntu для сумеснай працы з кампутарамі з Windows."
8244
8250
8245
#: serverguide/C/windows-networking.xml:25(para)
8251
#: serverguide/C/samba.xml:25(para)
8246
8252
msgid ""
8247
8253
"Successfully networking your Ubuntu system with Windows clients involves "
8248
8254
"providing and integrating with services common to Windows environments. Such "
8251
8257
"categories of functionality:"
8252
8258
msgstr ""
8253
8259
8254
#: serverguide/C/windows-networking.xml:33(para)
8260
#: serverguide/C/samba.xml:33(para)
8255
8261
msgid ""
8256
8262
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8257
8263
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8258
8264
"folders, volumes, and the sharing of printers throughout the network."
8259
8265
msgstr ""
8260
8266
8261
#: serverguide/C/windows-networking.xml:39(para)
8267
#: serverguide/C/samba.xml:39(para)
8262
8268
msgid ""
8263
8269
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8264
8270
"information about the computers and users of the network with such "
8266
8272
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
8267
8273
msgstr ""
8268
8274
8269
#: serverguide/C/windows-networking.xml:46(para)
8275
#: serverguide/C/samba.xml:46(para)
8270
8276
msgid ""
8271
8277
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8272
8278
"the identity of a computer or user of the network and determining the "
8275
8281
"Kerberos authentication service."
8276
8282
msgstr ""
8277
8283
8278
#: serverguide/C/windows-networking.xml:54(para)
8284
#: serverguide/C/samba.xml:54(para)
8279
8285
msgid ""
8280
8286
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8281
8287
"clients and share network resources among them. One of the principal pieces "
8283
8289
"suite of SMB server applications and tools."
8284
8290
msgstr ""
8285
8291
8286
#: serverguide/C/windows-networking.xml:60(para)
8292
#: serverguide/C/samba.xml:60(para)
8287
8293
msgid ""
8288
8294
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8289
8295
"of the common Samba use cases, and how to install and configure the "
8296
8302
msgid "File Server"
8297
8303
msgstr ""
8298
8304
8299
#: serverguide/C/windows-networking.xml:70(para)
8305
#: serverguide/C/samba.xml:70(para)
8300
8306
msgid ""
8301
8307
"One of the most common ways to network Ubuntu and Windows computers is to "
8302
8308
"configure Samba as a File Server. This section covers setting up a "
8303
8309
"<application>Samba</application> server to share files with Windows clients."
8304
8310
msgstr ""
8305
8311
8306
#: serverguide/C/windows-networking.xml:75(para)
8312
#: serverguide/C/samba.xml:75(para)
8307
8313
msgid ""
8308
8314
"The server will be configured to share files with any client on the network "
8309
8315
"without prompting for a password. If your environment requires stricter "
8310
8316
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
8311
8317
msgstr ""
8312
8318
8313
#: serverguide/C/windows-networking.xml:83(para)
8319
#: serverguide/C/samba.xml:83(para)
8314
8320
msgid ""
8315
8321
"The first step is to install the <application>samba</application> package. "
8316
8322
"From a terminal prompt enter:"
8317
8323
msgstr ""
8318
8324
8319
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8325
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8320
8326
msgid "sudo apt-get install samba"
8321
8327
msgstr "sudo apt-get install samba"
8322
8328
8323
#: serverguide/C/windows-networking.xml:91(para)
8329
#: serverguide/C/samba.xml:91(para)
8324
8330
msgid ""
8325
8331
"That's all there is to it; you are now ready to configure Samba to share "
8326
8332
"files."
8327
8333
msgstr ""
8328
8334
8329
#: serverguide/C/windows-networking.xml:99(para)
8335
#: serverguide/C/samba.xml:99(para)
8330
8336
msgid ""
8331
8337
"The main Samba configuration file is located in "
8332
8338
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8334
8340
"directives."
8335
8341
msgstr ""
8336
8342
8337
#: serverguide/C/windows-networking.xml:104(para)
8343
#: serverguide/C/samba.xml:104(para)
8338
8344
msgid ""
8339
8345
"Not all the available options are included in the default configuration "
8340
8346
"file. See the <filename>smb.conf</filename><application>man</application> "
8342
8348
"Collection/\">Samba HOWTO Collection</ulink> for more details."
8343
8349
msgstr ""
8344
8350
8345
#: serverguide/C/windows-networking.xml:113(para)
8351
#: serverguide/C/samba.xml:113(para)
8346
8352
msgid ""
8347
8353
"First, edit the following key/value pairs in the "
8348
8354
"<emphasis>[global]</emphasis> section of "
8349
8355
"<filename>/etc/samba/smb.conf</filename>:"
8350
8356
msgstr ""
8351
8357
8352
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8358
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8353
8359
#, no-wrap
8354
8360
msgid ""
8355
8361
"\n"
8358
8364
" security = user\n"
8359
8365
msgstr ""
8360
8366
8361
#: serverguide/C/windows-networking.xml:124(para)
8367
#: serverguide/C/samba.xml:124(para)
8362
8368
msgid ""
8363
8369
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8364
8370
"section, and is commented by default. Also, change "
8365
8371
"<emphasis>EXAMPLE</emphasis> to better match your environment."
8366
8372
msgstr ""
8367
8373
8368
#: serverguide/C/windows-networking.xml:132(para)
8374
#: serverguide/C/samba.xml:132(para)
8369
8375
msgid ""
8370
8376
"Create a new section at the bottom of the file, or uncomment one of the "
8371
8377
"examples, for the directory to be shared:"
8372
8378
msgstr ""
8373
8379
8374
#: serverguide/C/windows-networking.xml:136(programlisting)
8380
#: serverguide/C/samba.xml:136(programlisting)
8375
8381
#, no-wrap
8376
8382
msgid ""
8377
8383
"\n"
8384
8390
" create mask = 0755\n"
8385
8391
msgstr ""
8386
8392
8387
#: serverguide/C/windows-networking.xml:148(para)
8393
#: serverguide/C/samba.xml:148(para)
8388
8394
msgid ""
8389
8395
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8390
8396
"fit your needs."
8391
8397
msgstr ""
8392
8398
8393
#: serverguide/C/windows-networking.xml:153(para)
8399
#: serverguide/C/samba.xml:153(para)
8394
8400
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8395
8401
msgstr ""
8396
8402
8397
#: serverguide/C/windows-networking.xml:156(para)
8403
#: serverguide/C/samba.xml:156(para)
8398
8404
msgid ""
8399
8405
"This example uses <filename>/srv/samba/sharename</filename> because, "
8400
8406
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8405
8411
"adhering to standards is recommended."
8406
8412
msgstr ""
8407
8413
8408
#: serverguide/C/windows-networking.xml:165(para)
8414
#: serverguide/C/samba.xml:165(para)
8409
8415
msgid ""
8410
8416
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8411
8417
"directory using <application>Windows Explorer</application>."
8412
8418
msgstr ""
8413
8419
8414
#: serverguide/C/windows-networking.xml:171(para)
8420
#: serverguide/C/samba.xml:171(para)
8415
8421
msgid ""
8416
8422
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8417
8423
"without supplying a password."
8418
8424
msgstr ""
8419
8425
8420
#: serverguide/C/windows-networking.xml:176(para)
8426
#: serverguide/C/samba.xml:176(para)
8421
8427
msgid ""
8422
8428
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8423
8429
"write privileges are granted. Write privileges are allowed only when the "
8425
8431
"is <emphasis>yes</emphasis>, then access to the share is read only."
8426
8432
msgstr ""
8427
8433
8428
#: serverguide/C/windows-networking.xml:181(para)
8434
#: serverguide/C/samba.xml:181(para)
8429
8435
msgid ""
8430
8436
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8431
8437
"have when created."
8432
8438
msgstr ""
8433
8439
8434
#: serverguide/C/windows-networking.xml:190(para)
8440
#: serverguide/C/samba.xml:190(para)
8435
8441
msgid ""
8436
8442
"Now that <application>Samba</application> is configured, the directory needs "
8437
8443
"to be created and the permissions changed. From a terminal enter:"
8438
8444
msgstr ""
8439
8445
8440
#: serverguide/C/windows-networking.xml:196(command)
8446
#: serverguide/C/samba.xml:196(command)
8441
8447
msgid "sudo mkdir -p /srv/samba/share"
8442
8448
msgstr "sudo mkdir -p /srv/samba/share"
8443
8449
8444
#: serverguide/C/windows-networking.xml:197(command)
8450
#: serverguide/C/samba.xml:197(command)
8445
8451
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8446
8452
msgstr ""
8447
8453
8448
#: serverguide/C/windows-networking.xml:201(para)
8454
#: serverguide/C/samba.xml:201(para)
8449
8455
msgid ""
8450
8456
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8451
8457
"directory tree if it doesn't exist."
8452
8458
msgstr ""
8453
8459
8454
#: serverguide/C/windows-networking.xml:209(para)
8460
#: serverguide/C/samba.xml:209(para)
8455
8461
msgid ""
8456
8462
"Finally, restart the <application>samba</application> services to enable the "
8457
8463
"new configuration:"
8459
8465
"Нарэшце перазапусьціце сэрвісы <application>samba</application> каб уключыць "
8460
8466
"новыя настаўленьні:"
8461
8467
8462
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8468
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4114(command)
8463
8469
msgid "sudo restart smbd"
8464
8470
msgstr ""
8465
8471
8466
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8472
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2533(command) serverguide/C/network-auth.xml:4115(command)
8467
8473
msgid "sudo restart nmbd"
8468
8474
msgstr ""
8469
8475
8470
#: serverguide/C/windows-networking.xml:222(para)
8476
#: serverguide/C/samba.xml:222(para)
8471
8477
msgid ""
8472
8478
"Once again, the above configuration gives all access to any client on the "
8473
8479
"local network. For a more secure configuration see <xref linkend=\"samba-"
8474
8480
"fileprint-security\"/>."
8475
8481
msgstr ""
8476
8482
8477
#: serverguide/C/windows-networking.xml:228(para)
8483
#: serverguide/C/samba.xml:228(para)
8478
8484
msgid ""
8479
8485
"From a Windows client you should now be able to browse to the Ubuntu file "
8480
8486
"server and see the shared directory. If your client doesn't show your share "
8483
8489
"working try creating a directory from Windows."
8484
8490
msgstr ""
8485
8491
8486
#: serverguide/C/windows-networking.xml:232(para)
8492
#: serverguide/C/samba.xml:232(para)
8487
8493
msgid ""
8488
8494
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8489
8495
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8491
8497
"share actually exists and the permissions are correct."
8492
8498
msgstr ""
8493
8499
8494
#: serverguide/C/windows-networking.xml:239(para)
8500
#: serverguide/C/samba.xml:239(para)
8495
8501
msgid ""
8496
8502
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8497
8503
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8501
8507
"<filename>/srv/samba/qa</filename>."
8502
8508
msgstr ""
8503
8509
8504
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8510
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8505
8511
msgid ""
8506
8512
"For in depth Samba configurations see the <ulink "
8507
8513
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8508
8514
"Collection</ulink>"
8509
8515
msgstr ""
8510
8516
8511
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8517
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8512
8518
msgid ""
8513
8519
"The guide is also available in <ulink "
8514
8520
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8515
8521
"format</ulink>."
8516
8522
msgstr ""
8517
8523
8518
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8524
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8519
8525
msgid ""
8520
8526
"O'Reilly's <ulink "
8521
8527
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8522
8528
"another good reference."
8523
8529
msgstr ""
8524
8530
8525
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8531
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8526
8532
msgid ""
8527
8533
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8528
8534
"</ulink> page."
8529
8535
msgstr ""
8530
8536
8531
#: serverguide/C/network-config.xml:908(para)
8537
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8532
8538
msgid "Print Server"
8533
8539
msgstr "Сэрвер друку"
8534
8540
8535
#: serverguide/C/windows-networking.xml:281(para)
8541
#: serverguide/C/samba.xml:281(para)
8536
8542
msgid ""
8537
8543
"Another common use of Samba is to configure it to share printers installed, "
8538
8544
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8541
8547
"prompting for a username and password."
8542
8548
msgstr ""
8543
8549
8544
#: serverguide/C/windows-networking.xml:287(para)
8550
#: serverguide/C/samba.xml:287(para)
8545
8551
msgid ""
8546
8552
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8547
8553
"security\"/>."
8549
8555
"Для больш бясьпечнай наладкі глядзіце <xref linkend=\"samba-fileprint-"
8550
8556
"security\"/>."
8551
8557
8552
#: serverguide/C/windows-networking.xml:294(para)
8558
#: serverguide/C/samba.xml:294(para)
8553
8559
msgid ""
8554
8560
"Before installing and configuring Samba it is best to already have a working "
8555
8561
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8556
8562
"for details."
8557
8563
msgstr ""
8558
8564
8559
#: serverguide/C/windows-networking.xml:299(para)
8565
#: serverguide/C/samba.xml:299(para)
8560
8566
msgid ""
8561
8567
"To install the <application>samba</application> package, from a terminal "
8562
8568
"enter:"
8563
8569
msgstr ""
8564
8570
"Каб устанавіць пакет <application>samba</application>, увядзіце ў тэрмінале:"
8565
8571
8566
#: serverguide/C/windows-networking.xml:310(para)
8572
#: serverguide/C/samba.xml:310(para)
8567
8573
msgid ""
8568
8574
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8569
8575
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8571
8577
"role=\"italic\">user</emphasis>:"
8572
8578
msgstr ""
8573
8579
8574
#: serverguide/C/windows-networking.xml:322(para)
8580
#: serverguide/C/samba.xml:322(para)
8575
8581
msgid ""
8576
8582
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8577
8583
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8578
8584
msgstr ""
8579
8585
8580
#: serverguide/C/windows-networking.xml:326(programlisting)
8586
#: serverguide/C/samba.xml:326(programlisting)
8581
8587
#, no-wrap
8582
8588
msgid ""
8583
8589
"\n"
8585
8591
" guest ok = yes\n"
8586
8592
msgstr ""
8587
8593
8588
#: serverguide/C/windows-networking.xml:331(para)
8594
#: serverguide/C/samba.xml:331(para)
8589
8595
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8590
8596
msgstr ""
8591
8597
"Пасьля рэдагаваньня <filename>smb.conf</filename> перазапусьціце Samba:"
8592
8598
8593
#: serverguide/C/windows-networking.xml:340(para)
8599
#: serverguide/C/samba.xml:340(para)
8594
8600
msgid ""
8595
8601
"The default Samba configuration will automatically share any printers "
8596
8602
"installed. Simply install the printer locally on your Windows clients."
8597
8603
msgstr ""
8598
8604
8599
#: serverguide/C/windows-networking.xml:369(para)
8605
#: serverguide/C/samba.xml:369(para)
8600
8606
msgid ""
8601
8607
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8602
8608
"more information on configuring CUPS."
8608
8614
msgid "Securing File and Print Server"
8609
8615
msgstr ""
8610
8616
8611
#: serverguide/C/windows-networking.xml:386(title)
8617
#: serverguide/C/samba.xml:386(title)
8612
8618
msgid "Samba Security Modes"
8613
8619
msgstr "Рэжымы бясьпекі Samba"
8614
8620
8615
#: serverguide/C/windows-networking.xml:388(para)
8621
#: serverguide/C/samba.xml:388(para)
8616
8622
msgid ""
8617
8623
"There are two security levels available to the Common Internet Filesystem "
8618
8624
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8621
8627
"security and one way to implement share-level:"
8622
8628
msgstr ""
8623
8629
8624
#: serverguide/C/windows-networking.xml:397(para)
8630
#: serverguide/C/samba.xml:397(para)
8625
8631
msgid ""
8626
8632
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8627
8633
"and password to connect to shares. Samba user accounts are separate from "
8629
8635
"will sync system users and passwords with the Samba user database."
8630
8636
msgstr ""
8631
8637
8632
#: serverguide/C/windows-networking.xml:404(para)
8638
#: serverguide/C/samba.xml:404(para)
8633
8639
msgid ""
8634
8640
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8635
8641
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8637
8643
"linkend=\"samba-dc\"/> for further information."
8638
8644
msgstr ""
8639
8645
8640
#: serverguide/C/windows-networking.xml:411(para)
8646
#: serverguide/C/samba.xml:411(para)
8641
8647
msgid ""
8642
8648
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8643
8649
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8644
8650
"integration\"/> for details."
8645
8651
msgstr ""
8646
8652
8647
#: serverguide/C/windows-networking.xml:417(para)
8653
#: serverguide/C/samba.xml:417(para)
8648
8654
msgid ""
8649
8655
"<emphasis>security = server:</emphasis> this mode is left over from before "
8650
8656
"Samba could become a member server, and due to some security issues should "
8653
8659
"of the Samba guide for more details."
8654
8660
msgstr ""
8655
8661
8656
#: serverguide/C/windows-networking.xml:425(para)
8662
#: serverguide/C/samba.xml:425(para)
8657
8663
msgid ""
8658
8664
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8659
8665
"without supplying a username and password."
8660
8666
msgstr ""
8661
8667
8662
#: serverguide/C/windows-networking.xml:432(para)
8668
#: serverguide/C/samba.xml:432(para)
8663
8669
msgid ""
8664
8670
"The security mode you choose will depend on your environment and what you "
8665
8671
"need the Samba server to accomplish."
8666
8672
msgstr ""
8667
8673
8668
#: serverguide/C/windows-networking.xml:438(title)
8674
#: serverguide/C/samba.xml:438(title)
8669
8675
msgid "Security = User"
8670
8676
msgstr ""
8671
8677
8672
#: serverguide/C/windows-networking.xml:440(para)
8678
#: serverguide/C/samba.xml:440(para)
8673
8679
msgid ""
8674
8680
"This section will reconfigure the Samba file and print server, from <xref "
8675
8681
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8676
8682
"require authentication."
8677
8683
msgstr ""
8678
8684
8679
#: serverguide/C/windows-networking.xml:445(para)
8685
#: serverguide/C/samba.xml:445(para)
8680
8686
msgid ""
8681
8687
"First, install the <application>libpam-smbpass</application> package which "
8682
8688
"will sync the system users to the Samba user database:"
8683
8689
msgstr ""
8684
8690
8685
#: serverguide/C/windows-networking.xml:451(command)
8691
#: serverguide/C/samba.xml:451(command)
8686
8692
msgid "sudo apt-get install libpam-smbpass"
8687
8693
msgstr "sudo apt-get install libpam-smbpass"
8688
8694
8689
#: serverguide/C/windows-networking.xml:455(para)
8695
#: serverguide/C/samba.xml:455(para)
8690
8696
msgid ""
8691
8697
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8692
8698
"<application>libpam-smbpass</application> is already installed."
8693
8699
msgstr ""
8694
8700
8695
#: serverguide/C/windows-networking.xml:461(para)
8701
#: serverguide/C/samba.xml:461(para)
8696
8702
msgid ""
8697
8703
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8698
8704
"<emphasis>[share]</emphasis> section change:"
8699
8705
msgstr ""
8700
8706
8701
#: serverguide/C/windows-networking.xml:465(programlisting)
8707
#: serverguide/C/samba.xml:465(programlisting)
8702
8708
#, no-wrap
8703
8709
msgid ""
8704
8710
"\n"
8705
8711
" guest ok = no\n"
8706
8712
msgstr ""
8707
8713
8708
#: serverguide/C/windows-networking.xml:469(para)
8714
#: serverguide/C/samba.xml:469(para)
8709
8715
msgid "Finally, restart Samba for the new settings to take effect:"
8710
8716
msgstr ""
8711
8717
8712
#: serverguide/C/windows-networking.xml:478(para)
8718
#: serverguide/C/samba.xml:478(para)
8713
8719
msgid ""
8714
8720
"Now when connecting to the shared directories or printers you should be "
8715
8721
"prompted for a username and password."
8716
8722
msgstr ""
8717
8723
8718
#: serverguide/C/windows-networking.xml:483(para)
8724
#: serverguide/C/samba.xml:483(para)
8719
8725
msgid ""
8720
8726
"If you choose to map a network drive to the share you can check the "
8721
8727
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8722
8728
"enter the username and password once, at least until the password changes."
8723
8729
msgstr ""
8724
8730
8725
#: serverguide/C/windows-networking.xml:491(title)
8731
#: serverguide/C/samba.xml:491(title)
8726
8732
msgid "Share Security"
8727
8733
msgstr ""
8728
8734
8729
#: serverguide/C/windows-networking.xml:493(para)
8735
#: serverguide/C/samba.xml:493(para)
8730
8736
msgid ""
8731
8737
"There are several options available to increase the security for each "
8732
8738
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8733
8739
"this section will cover some common options."
8734
8740
msgstr ""
8735
8741
8736
#: serverguide/C/windows-networking.xml:499(title)
8742
#: serverguide/C/samba.xml:499(title)
8737
8743
msgid "Groups"
8738
8744
msgstr "Групы"
8739
8745
8740
#: serverguide/C/windows-networking.xml:501(para)
8746
#: serverguide/C/samba.xml:501(para)
8741
8747
msgid ""
8742
8748
"Groups define a collection of computers or users which have a common level "
8743
8749
"of access to particular network resources and offer a level of granularity "
8759
8765
"have only access to resources explicitly allowing the group they are part of."
8760
8766
msgstr ""
8761
8767
8762
#: serverguide/C/windows-networking.xml:515(para)
8768
#: serverguide/C/samba.xml:515(para)
8763
8769
msgid ""
8764
8770
"By default Samba looks for the local system groups defined in "
8765
8771
"<filename>/etc/group</filename> to determine which users belong to which "
8767
8773
"<xref linkend=\"adding-deleting-users\"/>."
8768
8774
msgstr ""
8769
8775
8770
#: serverguide/C/windows-networking.xml:521(para)
8776
#: serverguide/C/samba.xml:521(para)
8771
8777
msgid ""
8772
8778
"When defining groups in the Samba configuration file, "
8773
8779
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8778
8784
"role=\"bold\">@sysadmin</emphasis>."
8779
8785
msgstr ""
8780
8786
8781
#: serverguide/C/windows-networking.xml:530(title)
8787
#: serverguide/C/samba.xml:530(title)
8782
8788
msgid "File Permissions"
8783
8789
msgstr ""
8784
8790
8785
#: serverguide/C/windows-networking.xml:532(para)
8791
#: serverguide/C/samba.xml:532(para)
8786
8792
msgid ""
8787
8793
"File Permissions define the explicit rights a computer or user has to a "
8788
8794
"particular directory, file, or set of files. Such permissions may be defined "
8790
8796
"the explicit permissions of a defined file share."
8791
8797
msgstr ""
8792
8798
8793
#: serverguide/C/windows-networking.xml:538(para)
8799
#: serverguide/C/samba.xml:538(para)
8794
8800
msgid ""
8795
8801
"For example, if you have defined a Samba share called "
8796
8802
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8802
8808
"under the <emphasis>[share]</emphasis> entry:"
8803
8809
msgstr ""
8804
8810
8805
#: serverguide/C/windows-networking.xml:547(programlisting)
8811
#: serverguide/C/samba.xml:547(programlisting)
8806
8812
#, no-wrap
8807
8813
msgid ""
8808
8814
"\n"
8810
8816
" write list = @sysadmin, vincent\n"
8811
8817
msgstr ""
8812
8818
8813
#: serverguide/C/windows-networking.xml:552(para)
8819
#: serverguide/C/samba.xml:552(para)
8814
8820
msgid ""
8815
8821
"Another possible Samba permission is to declare "
8816
8822
"<emphasis>administrative</emphasis> permissions to a particular shared "
8819
8825
"administrative permissions to."
8820
8826
msgstr ""
8821
8827
8822
#: serverguide/C/windows-networking.xml:558(para)
8828
#: serverguide/C/samba.xml:558(para)
8823
8829
msgid ""
8824
8830
"For example, if you wanted to give the user <emphasis "
8825
8831
"role=\"italic\">melissa</emphasis> administrative permissions to the "
8828
8834
"under the <emphasis>[share]</emphasis> entry:"
8829
8835
msgstr ""
8830
8836
8831
#: serverguide/C/windows-networking.xml:565(programlisting)
8837
#: serverguide/C/samba.xml:565(programlisting)
8832
8838
#, no-wrap
8833
8839
msgid ""
8834
8840
"\n"
8835
8841
" admin users = melissa\n"
8836
8842
msgstr ""
8837
8843
8838
#: serverguide/C/windows-networking.xml:569(para)
8844
#: serverguide/C/samba.xml:569(para)
8839
8845
msgid ""
8840
8846
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
8841
8847
"the changes to take effect:"
8843
8849
"Пасьля рэдагаваньня <filename>/etc/samba/smb.conf</filename>, перазапусьціце "
8844
8850
"Samba каб ужыць зьмены:"
8845
8851
8846
#: serverguide/C/windows-networking.xml:579(para)
8852
#: serverguide/C/samba.xml:579(para)
8847
8853
msgid ""
8848
8854
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
8849
8855
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
8850
8856
"<emphasis role=\"italic\">security = share</emphasis>"
8851
8857
msgstr ""
8852
8858
8853
#: serverguide/C/windows-networking.xml:585(para)
8859
#: serverguide/C/samba.xml:585(para)
8854
8860
msgid ""
8855
8861
"Now that Samba has been configured to limit which groups have access to the "
8856
8862
"shared directory, the filesystem permissions need to be updated."
8857
8863
msgstr ""
8858
8864
8859
#: serverguide/C/windows-networking.xml:590(para)
8865
#: serverguide/C/samba.xml:590(para)
8860
8866
msgid ""
8861
8867
"Traditional Linux file permissions do not map well to Windows NT Access "
8862
8868
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
8865
8871
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
8866
8872
msgstr ""
8867
8873
8868
#: serverguide/C/windows-networking.xml:597(programlisting)
8874
#: serverguide/C/samba.xml:597(programlisting)
8869
8875
#, no-wrap
8870
8876
msgid ""
8871
8877
"\n"
8876
8882
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
8877
8883
"0 1\n"
8878
8884
8879
#: serverguide/C/windows-networking.xml:601(para)
8885
#: serverguide/C/samba.xml:601(para)
8880
8886
msgid "Then remount the partition:"
8881
8887
msgstr ""
8882
8888
8883
#: serverguide/C/windows-networking.xml:606(command)
8889
#: serverguide/C/samba.xml:606(command)
8884
8890
msgid "sudo mount -v -o remount /srv"
8885
8891
msgstr "sudo mount -v -o remount /srv"
8886
8892
8887
#: serverguide/C/windows-networking.xml:610(para)
8893
#: serverguide/C/samba.xml:610(para)
8888
8894
msgid ""
8889
8895
"The above example assumes <filename>/srv</filename> on a separate partition. "
8890
8896
"If <filename>/srv</filename>, or wherever you have configured your share "
8892
8898
"required."
8893
8899
msgstr ""
8894
8900
8895
#: serverguide/C/windows-networking.xml:617(para)
8901
#: serverguide/C/samba.xml:617(para)
8896
8902
msgid ""
8897
8903
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
8898
8904
"group will be given read, write, and execute permissions to "
8901
8907
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
8902
8908
msgstr ""
8903
8909
8904
#: serverguide/C/windows-networking.xml:625(command)
8910
#: serverguide/C/samba.xml:625(command)
8905
8911
msgid "sudo chown -R melissa /srv/samba/share/"
8906
8912
msgstr "sudo chown -R melissa /srv/samba/share/"
8907
8913
8908
#: serverguide/C/windows-networking.xml:626(command)
8914
#: serverguide/C/samba.xml:626(command)
8909
8915
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
8910
8916
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
8911
8917
8912
#: serverguide/C/windows-networking.xml:627(command)
8918
#: serverguide/C/samba.xml:627(command)
8913
8919
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
8914
8920
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
8915
8921
8916
#: serverguide/C/windows-networking.xml:631(para)
8922
#: serverguide/C/samba.xml:631(para)
8917
8923
msgid ""
8918
8924
"The <application>setfacl</application> command above gives "
8919
8925
"<emphasis>execute</emphasis> permissions to all files in the "
8921
8927
"want."
8922
8928
msgstr ""
8923
8929
8924
#: serverguide/C/windows-networking.xml:637(para)
8930
#: serverguide/C/samba.xml:637(para)
8925
8931
msgid ""
8926
8932
"Now from a Windows client you should notice the new file permissions are "
8927
8933
"implemented. See the <application>acl</application> and "
8929
8935
"ACLs."
8930
8936
msgstr ""
8931
8937
8932
#: serverguide/C/windows-networking.xml:645(title)
8938
#: serverguide/C/samba.xml:645(title)
8933
8939
msgid "Samba AppArmor Profile"
8934
8940
msgstr "Профіль Samba AppArmor"
8935
8941
8936
#: serverguide/C/windows-networking.xml:647(para)
8942
#: serverguide/C/samba.xml:647(para)
8937
8943
msgid ""
8938
8944
"Ubuntu comes with the <application>AppArmor</application> security module, "
8939
8945
"which provides mandatory access controls. The default AppArmor profile for "
8941
8947
"using AppArmor see <xref linkend=\"apparmor\"/>."
8942
8948
msgstr ""
8943
8949
8944
#: serverguide/C/windows-networking.xml:653(para)
8950
#: serverguide/C/samba.xml:653(para)
8945
8951
msgid ""
8946
8952
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
8947
8953
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
8949
8955
"package, from a terminal prompt enter:"
8950
8956
msgstr ""
8951
8957
8952
#: serverguide/C/windows-networking.xml:660(command)
8958
#: serverguide/C/samba.xml:660(command)
8953
8959
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
8954
8960
msgstr ""
8955
8961
8956
#: serverguide/C/windows-networking.xml:664(para)
8962
#: serverguide/C/samba.xml:664(para)
8957
8963
msgid "This package contains profiles for several other binaries."
8958
8964
msgstr ""
8959
8965
8960
#: serverguide/C/windows-networking.xml:669(para)
8966
#: serverguide/C/samba.xml:669(para)
8961
8967
msgid ""
8962
8968
"By default the profiles for <application>smbd</application> and "
8963
8969
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
8967
8973
"profile will need to be modified to reflect any directories that are shared."
8968
8974
msgstr ""
8969
8975
8970
#: serverguide/C/windows-networking.xml:676(para)
8976
#: serverguide/C/samba.xml:676(para)
8971
8977
msgid ""
8972
8978
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
8973
8979
"for <emphasis>[share]</emphasis> from the file server example:"
8974
8980
msgstr ""
8975
8981
8976
#: serverguide/C/windows-networking.xml:681(programlisting)
8982
#: serverguide/C/samba.xml:681(programlisting)
8977
8983
#, no-wrap
8978
8984
msgid ""
8979
8985
"\n"
8984
8990
" /srv/samba/share/ r,\n"
8985
8991
" /srv/samba/share/** rwkix,\n"
8986
8992
8987
#: serverguide/C/windows-networking.xml:686(para)
8993
#: serverguide/C/samba.xml:686(para)
8988
8994
msgid ""
8989
8995
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
8990
8996
msgstr ""
8991
8997
8992
#: serverguide/C/windows-networking.xml:691(command)
8998
#: serverguide/C/samba.xml:691(command)
8993
8999
msgid "sudo aa-enforce /usr/sbin/smbd"
8994
9000
msgstr "sudo aa-enforce /usr/sbin/smbd"
8995
9001
8996
#: serverguide/C/windows-networking.xml:692(command)
9002
#: serverguide/C/samba.xml:692(command)
8997
9003
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
8998
9004
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
8999
9005
9000
#: serverguide/C/windows-networking.xml:695(para)
9006
#: serverguide/C/samba.xml:695(para)
9001
9007
msgid ""
9002
9008
"You should now be able to read, write, and execute files in the shared "
9003
9009
"directory as normal, and the <application>smbd</application> binary will "
9006
9012
"will be logged to <filename>/var/log/syslog</filename>."
9007
9013
msgstr ""
9008
9014
9009
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
9015
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
9010
9016
msgid ""
9011
9017
"O'Reilly's <ulink "
9012
9018
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
9013
9019
"also a good reference."
9014
9020
msgstr ""
9015
9021
9016
#: serverguide/C/windows-networking.xml:726(para)
9022
#: serverguide/C/samba.xml:726(para)
9017
9023
msgid ""
9018
9024
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
9019
9025
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
9023
9029
"samba.html\">Разьдзел 18</ulink> Калекцыі Samba HOWTO зьмяшчае інфармацыю "
9024
9030
"пра бясьпеку."
9025
9031
9026
#: serverguide/C/windows-networking.xml:732(para)
9032
#: serverguide/C/samba.xml:732(para)
9027
9033
msgid ""
9028
9034
"For more information on Samba and ACLs see the <ulink "
9029
9035
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9034
9040
msgid "As a Domain Controller"
9035
9041
msgstr ""
9036
9042
9037
#: serverguide/C/windows-networking.xml:750(para)
9043
#: serverguide/C/samba.xml:750(para)
9038
9044
msgid ""
9039
9045
"Although it cannot act as an Active Directory Primary Domain Controller "
9040
9046
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
9043
9049
"backends to store the user information."
9044
9050
msgstr ""
9045
9051
9046
#: serverguide/C/windows-networking.xml:757(title)
9052
#: serverguide/C/samba.xml:757(title)
9047
9053
msgid "Primary Domain Controller"
9048
9054
msgstr ""
9049
9055
9050
#: serverguide/C/windows-networking.xml:759(para)
9056
#: serverguide/C/samba.xml:759(para)
9051
9057
msgid ""
9052
9058
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
9053
9059
"using the default smbpasswd backend."
9054
9060
msgstr ""
9055
9061
9056
#: serverguide/C/windows-networking.xml:766(para)
9062
#: serverguide/C/samba.xml:766(para)
9057
9063
msgid ""
9058
9064
"First, install Samba, and <application>libpam-smbpass</application> to sync "
9059
9065
"the user accounts, by entering the following in a terminal prompt:"
9060
9066
msgstr ""
9061
9067
9062
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
9068
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
9063
9069
msgid "sudo apt-get install samba libpam-smbpass"
9064
9070
msgstr "sudo apt-get install samba libpam-smbpass"
9065
9071
9066
#: serverguide/C/windows-networking.xml:778(para)
9072
#: serverguide/C/samba.xml:778(para)
9067
9073
msgid ""
9068
9074
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
9069
9075
"The <emphasis>security</emphasis> mode should be set to <emphasis "
9071
9077
"should relate to your organization:"
9072
9078
msgstr ""
9073
9079
9074
#: serverguide/C/windows-networking.xml:793(para)
9080
#: serverguide/C/samba.xml:793(para)
9075
9081
msgid ""
9076
9082
"In the commented <quote>Domains</quote> section add or uncomment the "
9077
9083
"following (the last line has been split to fit the format of this document):"
9078
9084
msgstr ""
9079
9085
9080
#: serverguide/C/windows-networking.xml:797(programlisting)
9086
#: serverguide/C/samba.xml:797(programlisting)
9081
9087
#, no-wrap
9082
9088
msgid ""
9083
9089
"\n"
9090
9096
" /var/lib/samba -s /bin/false %u\n"
9091
9097
msgstr ""
9092
9098
9093
#: serverguide/C/windows-networking.xml:808(para)
9099
#: serverguide/C/samba.xml:808(para)
9094
9100
msgid ""
9095
9101
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
9096
9102
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
9097
9103
"commented."
9098
9104
msgstr ""
9099
9105
9100
#: serverguide/C/windows-networking.xml:816(para)
9106
#: serverguide/C/samba.xml:816(para)
9101
9107
msgid ""
9102
9108
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
9103
9109
"Samba to act as a domain controller."
9104
9110
msgstr ""
9105
9111
9106
#: serverguide/C/windows-networking.xml:821(para)
9112
#: serverguide/C/samba.xml:821(para)
9107
9113
msgid ""
9108
9114
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9109
9115
"their home directory. It is also possible to configure a "
9111
9117
"directory."
9112
9118
msgstr ""
9113
9119
9114
#: serverguide/C/windows-networking.xml:827(para)
9120
#: serverguide/C/samba.xml:827(para)
9115
9121
msgid ""
9116
9122
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9117
9123
msgstr ""
9118
9124
9119
#: serverguide/C/windows-networking.xml:832(para)
9125
#: serverguide/C/samba.xml:832(para)
9120
9126
msgid ""
9121
9127
"<emphasis>logon home:</emphasis> specifies the home directory location."
9122
9128
msgstr ""
9123
9129
9124
#: serverguide/C/windows-networking.xml:837(para)
9130
#: serverguide/C/samba.xml:837(para)
9125
9131
msgid ""
9126
9132
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9127
9133
"once a user has logged in. The script needs to be placed in the "
9128
9134
"<emphasis>[netlogon]</emphasis> share."
9129
9135
msgstr ""
9130
9136
9131
#: serverguide/C/windows-networking.xml:843(para)
9137
#: serverguide/C/samba.xml:843(para)
9132
9138
msgid ""
9133
9139
"<emphasis>add machine script:</emphasis> a script that will automatically "
9134
9140
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9135
9141
"workstation to join the domain."
9136
9142
msgstr ""
9137
9143
9138
#: serverguide/C/windows-networking.xml:847(para)
9144
#: serverguide/C/samba.xml:847(para)
9139
9145
msgid ""
9140
9146
"In this example the <emphasis>machines</emphasis> group will need to be "
9141
9147
"created using the <application>addgroup</application> utility see <xref "
9142
9148
"linkend=\"adding-deleting-users\"/> for details."
9143
9149
msgstr ""
9144
9150
9145
#: serverguide/C/windows-networking.xml:858(para)
9151
#: serverguide/C/samba.xml:858(para)
9146
9152
msgid ""
9147
9153
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9148
9154
"role=\"italic\">logon home</emphasis> to be mapped:"
9149
9155
msgstr ""
9150
9156
9151
#: serverguide/C/windows-networking.xml:863(programlisting)
9157
#: serverguide/C/samba.xml:863(programlisting)
9152
9158
#, no-wrap
9153
9159
msgid ""
9154
9160
"\n"
9161
9167
" valid users = %S\n"
9162
9168
msgstr ""
9163
9169
9164
#: serverguide/C/windows-networking.xml:876(para)
9170
#: serverguide/C/samba.xml:876(para)
9165
9171
msgid ""
9166
9172
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9167
9173
"share needs to be configured. To enable the share, uncomment:"
9168
9174
msgstr ""
9169
9175
9170
#: serverguide/C/windows-networking.xml:881(programlisting)
9176
#: serverguide/C/samba.xml:881(programlisting)
9171
9177
#, no-wrap
9172
9178
msgid ""
9173
9179
"\n"
9179
9185
" share modes = no\n"
9180
9186
msgstr ""
9181
9187
9182
#: serverguide/C/windows-networking.xml:891(para)
9188
#: serverguide/C/samba.xml:891(para)
9183
9189
msgid ""
9184
9190
"The original <emphasis>netlogon</emphasis> share path is "
9185
9191
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9188
9194
"location for site-specific data provided by the system."
9189
9195
msgstr ""
9190
9196
9191
#: serverguide/C/windows-networking.xml:902(para)
9197
#: serverguide/C/samba.xml:902(para)
9192
9198
msgid ""
9193
9199
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9194
9200
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9195
9201
msgstr ""
9196
9202
9197
#: serverguide/C/windows-networking.xml:908(command)
9203
#: serverguide/C/samba.xml:908(command)
9198
9204
msgid "sudo mkdir -p /srv/samba/netlogon"
9199
9205
msgstr "sudo mkdir -p /srv/samba/netlogon"
9200
9206
9201
#: serverguide/C/windows-networking.xml:909(command)
9207
#: serverguide/C/samba.xml:909(command)
9202
9208
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9203
9209
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9204
9210
9205
#: serverguide/C/windows-networking.xml:912(para)
9211
#: serverguide/C/samba.xml:912(para)
9206
9212
msgid ""
9207
9213
"You can enter any normal Windows logon script commands in "
9208
9214
"<filename>logon.cmd</filename> to customize the client's environment."
9209
9215
msgstr ""
9210
9216
9211
#: serverguide/C/windows-networking.xml:920(para)
9217
#: serverguide/C/samba.xml:920(para)
9212
9218
msgid "Restart Samba to enable the new domain controller:"
9213
9219
msgstr ""
9214
9220
9215
#: serverguide/C/windows-networking.xml:932(para)
9221
#: serverguide/C/samba.xml:932(para)
9216
9222
msgid ""
9217
9223
"Lastly, there are a few additional commands needed to setup the appropriate "
9218
9224
"rights."
9219
9225
msgstr ""
9220
9226
9221
#: serverguide/C/windows-networking.xml:936(para)
9227
#: serverguide/C/samba.xml:936(para)
9222
9228
msgid ""
9223
9229
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9224
9230
"workstation to the domain, a system group needs to be mapped to the Windows "
9226
9232
"<application>net</application> utility, from a terminal enter:"
9227
9233
msgstr ""
9228
9234
9229
#: serverguide/C/windows-networking.xml:943(command)
9235
#: serverguide/C/samba.xml:943(command)
9230
9236
msgid ""
9231
9237
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9232
9238
"type=d"
9233
9239
msgstr ""
9234
9240
9235
#: serverguide/C/windows-networking.xml:947(para)
9241
#: serverguide/C/samba.xml:947(para)
9236
9242
msgid ""
9237
9243
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9238
9244
"prefer. Also, the user used to join the domain needs to be a member of the "
9241
9247
"allows <application>sudo</application> use."
9242
9248
msgstr ""
9243
9249
9244
#: serverguide/C/windows-networking.xml:953(para)
9250
#: serverguide/C/samba.xml:953(para)
9245
9251
msgid ""
9246
9252
"If the user does not have Samba credentials yet, you can add them with the "
9247
9253
"<application>smbpasswd</application> utility, change the "
9250
9256
"</screen>"
9251
9257
msgstr ""
9252
9258
9253
#: serverguide/C/windows-networking.xml:963(para)
9259
#: serverguide/C/samba.xml:963(para)
9254
9260
msgid ""
9255
9261
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9256
9262
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9257
9263
"(and other admin functions) to work. This is achieved by executing:"
9258
9264
msgstr ""
9259
9265
9260
#: serverguide/C/windows-networking.xml:968(command)
9266
#: serverguide/C/samba.xml:968(command)
9261
9267
msgid ""
9262
9268
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9263
9269
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9264
9270
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9265
9271
msgstr ""
9266
9272
9267
#: serverguide/C/windows-networking.xml:976(para)
9273
#: serverguide/C/samba.xml:976(para)
9268
9274
msgid ""
9269
9275
"You should now be able to join Windows clients to the Domain in the same "
9270
9276
"manner as joining them to an NT4 domain running on a Windows server."
9271
9277
msgstr ""
9272
9278
9273
#: serverguide/C/windows-networking.xml:986(title)
9279
#: serverguide/C/samba.xml:986(title)
9274
9280
msgid "Backup Domain Controller"
9275
9281
msgstr ""
9276
9282
9277
#: serverguide/C/windows-networking.xml:988(para)
9283
#: serverguide/C/samba.xml:988(para)
9278
9284
msgid ""
9279
9285
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9280
9286
"Backup Domain Controller (BDC) as well. This will allow clients to "
9281
9287
"authenticate in case the PDC becomes unavailable."
9282
9288
msgstr ""
9283
9289
9284
#: serverguide/C/windows-networking.xml:993(para)
9290
#: serverguide/C/samba.xml:993(para)
9285
9291
msgid ""
9286
9292
"When configuring Samba as a BDC you need a way to sync account information "
9287
9293
"with the PDC. There are multiple ways of accomplishing this "
9290
9296
"backend</emphasis>."
9291
9297
msgstr ""
9292
9298
9293
#: serverguide/C/windows-networking.xml:999(para)
9299
#: serverguide/C/samba.xml:999(para)
9294
9300
msgid ""
9295
9301
"Using LDAP is the most robust way to sync account information, because both "
9296
9302
"domain controllers can use the same information in real time. However, "
9298
9304
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9299
9305
msgstr ""
9300
9306
9301
#: serverguide/C/windows-networking.xml:1008(para)
9307
#: serverguide/C/samba.xml:1008(para)
9302
9308
msgid ""
9303
9309
"First, install <application>samba</application> and <application>libpam-"
9304
9310
"smbpass</application>. From a terminal enter:"
9306
9312
"Спачатку ўстанавіце <application>samba</application> і <application>libpam-"
9307
9313
"smbpass</application>. У тэрмінале ўвядзіце:"
9308
9314
9309
#: serverguide/C/windows-networking.xml:1019(para)
9315
#: serverguide/C/samba.xml:1019(para)
9310
9316
msgid ""
9311
9317
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9312
9318
"following in the <emphasis>[global]</emphasis>:"
9313
9319
msgstr ""
9314
9320
9315
#: serverguide/C/windows-networking.xml:1032(para)
9321
#: serverguide/C/samba.xml:1032(para)
9316
9322
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9317
9323
msgstr ""
9318
9324
9319
#: serverguide/C/windows-networking.xml:1036(programlisting)
9325
#: serverguide/C/samba.xml:1036(programlisting)
9320
9326
#, no-wrap
9321
9327
msgid ""
9322
9328
"\n"
9324
9330
" domain master = no\n"
9325
9331
msgstr ""
9326
9332
9327
#: serverguide/C/windows-networking.xml:1044(para)
9333
#: serverguide/C/samba.xml:1044(para)
9328
9334
msgid ""
9329
9335
"Make sure a user has rights to read the files in "
9330
9336
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9332
9338
"files, enter:"
9333
9339
msgstr ""
9334
9340
9335
#: serverguide/C/windows-networking.xml:1050(command)
9341
#: serverguide/C/samba.xml:1050(command)
9336
9342
msgid "sudo chgrp -R admin /var/lib/samba"
9337
9343
msgstr "sudo chgrp -R admin /var/lib/samba"
9338
9344
9339
#: serverguide/C/windows-networking.xml:1056(para)
9345
#: serverguide/C/samba.xml:1056(para)
9340
9346
msgid ""
9341
9347
"Next, sync the user accounts, using <application>scp</application> to copy "
9342
9348
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9343
9349
msgstr ""
9344
9350
9345
#: serverguide/C/windows-networking.xml:1062(command)
9351
#: serverguide/C/samba.xml:1062(command)
9346
9352
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9347
9353
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9348
9354
9349
#: serverguide/C/windows-networking.xml:1066(para)
9355
#: serverguide/C/samba.xml:1066(para)
9350
9356
msgid ""
9351
9357
"Replace <emphasis>username</emphasis> with a valid username and "
9352
9358
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9353
9359
msgstr ""
9354
9360
9355
#: serverguide/C/windows-networking.xml:1075(para)
9361
#: serverguide/C/samba.xml:1075(para)
9356
9362
msgid "Finally, restart <application>samba</application>:"
9357
9363
msgstr "У канцы, перазапусьціце <application>samba</application>:"
9358
9364
9359
#: serverguide/C/windows-networking.xml:1087(para)
9365
#: serverguide/C/samba.xml:1087(para)
9360
9366
msgid ""
9361
9367
"You can test that your Backup Domain controller is working by stopping the "
9362
9368
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9363
9369
"the domain."
9364
9370
msgstr ""
9365
9371
9366
#: serverguide/C/windows-networking.xml:1092(para)
9372
#: serverguide/C/samba.xml:1092(para)
9367
9373
msgid ""
9368
9374
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9369
9375
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9372
9378
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9373
9379
msgstr ""
9374
9380
9375
#: serverguide/C/windows-networking.xml:1122(para)
9381
#: serverguide/C/samba.xml:1122(para)
9376
9382
msgid ""
9377
9383
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9378
9384
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9379
9385
"up a Primary Domain Controller."
9380
9386
msgstr ""
9381
9387
9382
#: serverguide/C/windows-networking.xml:1128(para)
9388
#: serverguide/C/samba.xml:1128(para)
9383
9389
msgid ""
9384
9390
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9385
9391
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9390
9396
msgid "Active Directory Integration"
9391
9397
msgstr ""
9392
9398
9393
#: serverguide/C/windows-networking.xml:1146(title)
9399
#: serverguide/C/samba.xml:1146(title)
9394
9400
msgid "Accessing a Samba Share"
9395
9401
msgstr ""
9396
9402
9397
#: serverguide/C/windows-networking.xml:1148(para)
9403
#: serverguide/C/samba.xml:1148(para)
9398
9404
msgid ""
9399
9405
"Another, use for Samba is to integrate into an existing Windows network. "
9400
9406
"Once part of an Active Directory domain, Samba can provide file and print "
9410
9416
"Likewise Open documentation</ulink>."
9411
9417
msgstr ""
9412
9418
9413
#: serverguide/C/windows-networking.xml:1159(para)
9419
#: serverguide/C/samba.xml:1159(para)
9414
9420
msgid ""
9415
9421
"Once part of the Active Directory domain, enter the following command in the "
9416
9422
"terminal prompt:"
9417
9423
msgstr ""
9418
9424
9419
#: serverguide/C/windows-networking.xml:1164(command)
9425
#: serverguide/C/samba.xml:1164(command)
9420
9426
msgid "sudo apt-get install samba smbfs smbclient"
9421
9427
msgstr "sudo apt-get install samba smbfs smbclient"
9422
9428
9423
#: serverguide/C/windows-networking.xml:1167(para)
9429
#: serverguide/C/samba.xml:1167(para)
9424
9430
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9425
9431
msgstr ""
9426
9432
"Пасьля, рэдагуйце <filename>/etc/samba/smb.conf</filename> зьмяніўшы:"
9427
9433
9428
#: serverguide/C/windows-networking.xml:1171(programlisting)
9434
#: serverguide/C/samba.xml:1171(programlisting)
9429
9435
#, no-wrap
9430
9436
msgid ""
9431
9437
"\n"
9439
9445
" idmap gid = 50-9999999999\n"
9440
9446
msgstr ""
9441
9447
9442
#: serverguide/C/windows-networking.xml:1182(para)
9448
#: serverguide/C/samba.xml:1182(para)
9443
9449
msgid ""
9444
9450
"Restart <application>samba</application> for the new settings to take effect:"
9445
9451
msgstr ""
9446
9452
"Перазапусьціце <application>samba</application> каб ужыць новыя наладкі:"
9447
9453
9448
#: serverguide/C/windows-networking.xml:1191(para)
9454
#: serverguide/C/samba.xml:1191(para)
9449
9455
msgid ""
9450
9456
"You should now be able to access any <application>Samba</application> shares "
9451
9457
"from a Windows client. However, be sure to give the appropriate AD users or "
9453
9459
"security\"/> for more details."
9454
9460
msgstr ""
9455
9461
9456
#: serverguide/C/windows-networking.xml:1199(title)
9462
#: serverguide/C/samba.xml:1199(title)
9457
9463
msgid "Accessing a Windows Share"
9458
9464
msgstr ""
9459
9465
9460
#: serverguide/C/windows-networking.xml:1201(para)
9466
#: serverguide/C/samba.xml:1201(para)
9461
9467
msgid ""
9462
9468
"Now that the Samba server is part of the Active Directory domain you can "
9463
9469
"access any Windows server shares:"
9464
9470
msgstr ""
9465
9471
9466
#: serverguide/C/windows-networking.xml:1208(para)
9472
#: serverguide/C/samba.xml:1208(para)
9467
9473
msgid ""
9468
9474
"To mount a Windows file share enter the following in a terminal prompt:"
9469
9475
msgstr ""
9470
9476
9471
#: serverguide/C/windows-networking.xml:1212(command)
9477
#: serverguide/C/samba.xml:1212(command)
9472
9478
msgid "mount.cifs //fs01.example.com/share mount_point"
9473
9479
msgstr "mount.cifs //fs01.example.com/share mount_point"
9474
9480
9475
#: serverguide/C/windows-networking.xml:1215(para)
9481
#: serverguide/C/samba.xml:1215(para)
9476
9482
msgid ""
9477
9483
"It is also possible to access shares on computers not part of an AD domain, "
9478
9484
"but a username and password will need to be provided."
9479
9485
msgstr ""
9480
9486
9481
#: serverguide/C/windows-networking.xml:1223(para)
9487
#: serverguide/C/samba.xml:1223(para)
9482
9488
msgid ""
9483
9489
"To mount the share during boot place an entry in "
9484
9490
"<filename>/etc/fstab</filename>, for example:"
9485
9491
msgstr ""
9486
9492
9487
#: serverguide/C/windows-networking.xml:1227(programlisting)
9493
#: serverguide/C/samba.xml:1227(programlisting)
9488
9494
#, no-wrap
9489
9495
msgid ""
9490
9496
"\n"
9495
9501
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
9496
9502
"0 0\n"
9497
9503
9498
#: serverguide/C/windows-networking.xml:1234(para)
9504
#: serverguide/C/samba.xml:1234(para)
9499
9505
msgid ""
9500
9506
"Another way to copy files from a Windows server is to use the "
9501
9507
"<application>smbclient</application> utility. To list the files in a Windows "
9502
9508
"share:"
9503
9509
msgstr ""
9504
9510
9505
#: serverguide/C/windows-networking.xml:1240(command)
9511
#: serverguide/C/samba.xml:1240(command)
9506
9512
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9507
9513
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
9508
9514
9509
#: serverguide/C/windows-networking.xml:1246(para)
9515
#: serverguide/C/samba.xml:1246(para)
9510
9516
msgid "To copy a file from the share, enter:"
9511
9517
msgstr ""
9512
9518
9513
#: serverguide/C/windows-networking.xml:1251(command)
9519
#: serverguide/C/samba.xml:1251(command)
9514
9520
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9515
9521
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9516
9522
9517
#: serverguide/C/windows-networking.xml:1254(para)
9523
#: serverguide/C/samba.xml:1254(para)
9518
9524
msgid ""
9519
9525
"This will copy the <filename>file.txt</filename> into the current directory."
9520
9526
msgstr ""
9521
9527
"Гэта будзе капіяваць <filename>file.txt</filename> у бягучую дырэкторыю."
9522
9528
9523
#: serverguide/C/windows-networking.xml:1261(para)
9529
#: serverguide/C/samba.xml:1261(para)
9524
9530
msgid "And to copy a file to the share:"
9525
9531
msgstr ""
9526
9532
9527
#: serverguide/C/windows-networking.xml:1266(command)
9533
#: serverguide/C/samba.xml:1266(command)
9528
9534
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9529
9535
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9530
9536
9531
#: serverguide/C/windows-networking.xml:1269(para)
9537
#: serverguide/C/samba.xml:1269(para)
9532
9538
msgid ""
9533
9539
"This will copy the <filename>/etc/hosts</filename> to "
9534
9540
"<filename>//fs01.example.com/share/hosts</filename>."
9535
9541
msgstr ""
9536
9542
9537
#: serverguide/C/windows-networking.xml:1276(para)
9543
#: serverguide/C/samba.xml:1276(para)
9538
9544
msgid ""
9539
9545
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9540
9546
"<application>smbclient</application> command all at once. This is useful for "
9543
9549
"and directory commands, simply execute:"
9544
9550
msgstr ""
9545
9551
9546
#: serverguide/C/windows-networking.xml:1283(command)
9552
#: serverguide/C/samba.xml:1283(command)
9547
9553
msgid "smbclient //fs01.example.com/share -k"
9548
9554
msgstr "smbclient //fs01.example.com/share -k"
9549
9555
9550
#: serverguide/C/windows-networking.xml:1290(para)
9556
#: serverguide/C/samba.xml:1290(para)
9551
9557
msgid ""
9552
9558
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9553
9559
"<emphasis>//192.168.0.5/share</emphasis>, "
9678
9684
"given the opportunity to describe the bug in your own words."
9679
9685
msgstr ""
9680
9686
9681
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:852(userinput)
9687
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:858(userinput)
9682
9688
#, no-wrap
9683
9689
msgid "1"
9684
9690
msgstr "1"
9894
9900
"<application>Zentyal</application>."
9895
9901
msgstr ""
9896
9902
9897
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
9903
#: serverguide/C/remote-administration.xml:16(title)
9898
9904
msgid "OpenSSH Server"
9899
9905
msgstr ""
9900
9906
10169
10175
msgid "Preconfiguration"
10170
10176
msgstr ""
10171
10177
10172
#: serverguide/C/remote-administration.xml:256(para)
10178
#: serverguide/C/remote-administration.xml:236(para)
10173
10179
msgid ""
10174
10180
"Prior to configuring <application>puppet</application> you may want to add a "
10175
10181
"DNS <emphasis>CNAME</emphasis> record for "
10180
10186
"linkend=\"dns\"/> for more DNS details."
10181
10187
msgstr ""
10182
10188
10183
#: serverguide/C/remote-administration.xml:263(para)
10189
#: serverguide/C/remote-administration.xml:243(para)
10184
10190
msgid ""
10185
10191
"If you do not wish to use DNS, you can add entries to the server and client "
10186
10192
"<filename>/etc/hosts</filename> file. For example, in the "
10196
10202
"192.168.1.17 puppetclient.example.com puppetclient\n"
10197
10203
msgstr ""
10198
10204
10199
#: serverguide/C/remote-administration.xml:273(para)
10205
#: serverguide/C/remote-administration.xml:253(para)
10200
10206
msgid ""
10201
10207
"On each <application>Puppet</application> client, add an entry for the "
10202
10208
"server:"
10209
10215
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10210
10216
msgstr ""
10211
10217
10212
#: serverguide/C/remote-administration.xml:282(para)
10218
#: serverguide/C/remote-administration.xml:262(para)
10213
10219
msgid ""
10214
10220
"Replace the example IP addresses and domain names above with your actual "
10215
10221
"server and client addresses and domain names."
10216
10222
msgstr ""
10217
10223
10218
#: serverguide/C/remote-administration.xml:236(para)
10224
#: serverguide/C/remote-administration.xml:271(para)
10219
10225
msgid ""
10220
10226
"To install <application>Puppet</application>, in a terminal on the "
10221
10227
"<emphasis>server</emphasis> enter:"
10222
10228
msgstr ""
10223
10229
10224
#: serverguide/C/remote-administration.xml:241(command)
10230
#: serverguide/C/remote-administration.xml:276(command)
10225
10231
msgid "sudo apt-get install puppetmaster"
10226
10232
msgstr ""
10227
10233
10228
#: serverguide/C/remote-administration.xml:244(para)
10234
#: serverguide/C/remote-administration.xml:279(para)
10229
10235
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10230
10236
msgstr ""
10231
10237
10232
#: serverguide/C/remote-administration.xml:249(command)
10238
#: serverguide/C/remote-administration.xml:284(command)
10233
10239
msgid "sudo apt-get install puppet"
10234
10240
msgstr ""
10235
10241
10286
10292
"<application>Puppet</application> client's host name."
10287
10293
msgstr ""
10288
10294
10289
#: serverguide/C/remote-administration.xml:323(para)
10295
#: serverguide/C/remote-administration.xml:337(para)
10290
10296
msgid ""
10291
10297
"The final step for this simple <application>Puppet</application> server is "
10292
10298
"to restart the daemon:"
10296
10302
msgid "sudo service puppetmaster restart"
10297
10303
msgstr ""
10298
10304
10299
#: serverguide/C/remote-administration.xml:331(para)
10305
#: serverguide/C/remote-administration.xml:345(para)
10300
10306
msgid ""
10301
10307
"Now everything is configured on the <application>Puppet</application> "
10302
10308
"server, it is time to configure the client."
10309
10315
"<emphasis>START</emphasis> to yes:"
10310
10316
msgstr ""
10311
10317
10312
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10318
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10313
10319
#, no-wrap
10314
10320
msgid ""
10315
10321
"\n"
10318
10324
"\n"
10319
10325
"START=yes\n"
10320
10326
10321
#: serverguide/C/remote-administration.xml:344(para)
10327
#: serverguide/C/remote-administration.xml:358(para)
10322
10328
msgid "Then start the service:"
10323
10329
msgstr ""
10324
10330
10373
10379
"<application>Puppet</application> client."
10374
10380
msgstr ""
10375
10381
10376
#: serverguide/C/remote-administration.xml:366(para)
10382
#: serverguide/C/remote-administration.xml:406(para)
10377
10383
msgid ""
10378
10384
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10379
10385
"many of <application>Puppet</application>'s features and benefits. For more "
10380
10386
"information see <xref linkend=\"puppet-resources\"/>."
10381
10387
msgstr ""
10382
10388
10383
#: serverguide/C/remote-administration.xml:378(para)
10389
#: serverguide/C/remote-administration.xml:418(para)
10384
10390
msgid ""
10385
10391
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10386
10392
"Documentation</ulink> web site."
10392
10398
"online repository of puppet modules."
10393
10399
msgstr ""
10394
10400
10395
#: serverguide/C/remote-administration.xml:383(para)
10401
#: serverguide/C/remote-administration.xml:428(para)
10396
10402
msgid ""
10397
10403
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10398
10404
"Puppet</ulink>."
10399
10405
msgstr ""
10400
10406
10401
#: serverguide/C/remote-administration.xml:397(title)
10407
#: serverguide/C/remote-administration.xml:437(title)
10402
10408
msgid "Zentyal"
10403
10409
msgstr ""
10404
10410
10405
#: serverguide/C/remote-administration.xml:399(para)
10411
#: serverguide/C/remote-administration.xml:439(para)
10406
10412
msgid ""
10407
10413
"<application>Zentyal</application> is a Linux small business server, that "
10408
10414
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10429
10435
"them."
10430
10436
msgstr ""
10431
10437
10432
#: serverguide/C/remote-administration.xml:427(para)
10438
#: serverguide/C/remote-administration.xml:467(para)
10433
10439
msgid ""
10434
10440
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10435
10441
"available are:"
10436
10442
msgstr ""
10437
10443
10438
#: serverguide/C/remote-administration.xml:434(para)
10444
#: serverguide/C/remote-administration.xml:474(para)
10439
10445
msgid ""
10440
10446
"zentyal-core & zentyal-common: the core of the "
10441
10447
"<application>Zentyal</application> interface and the common libraries of the "
10443
10449
"administrator an interface to view the logs and generate events from them."
10444
10450
msgstr ""
10445
10451
10446
#: serverguide/C/remote-administration.xml:443(para)
10452
#: serverguide/C/remote-administration.xml:483(para)
10447
10453
msgid ""
10448
10454
"zentyal-network: manages the configuration of the network. From the "
10449
10455
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10458
10464
"services (e.g. HTTP instead of 80/TCP)."
10459
10465
msgstr ""
10460
10466
10461
#: serverguide/C/remote-administration.xml:458(para)
10467
#: serverguide/C/remote-administration.xml:498(para)
10462
10468
msgid ""
10463
10469
"zentyal-firewall: configures the <application>iptables</application> rules "
10464
10470
"to block forbiden connections, NAT and port redirections."
10465
10471
msgstr ""
10466
10472
10467
#: serverguide/C/remote-administration.xml:464(para)
10473
#: serverguide/C/remote-administration.xml:504(para)
10468
10474
msgid ""
10469
10475
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10470
10476
"network clients to synchronize their clocks against the server."
10471
10477
msgstr ""
10472
10478
10473
#: serverguide/C/remote-administration.xml:470(para)
10479
#: serverguide/C/remote-administration.xml:510(para)
10474
10480
msgid ""
10475
10481
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10476
10482
"supporting network ranges, static leases and other advanced options like "
10477
10483
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10478
10484
msgstr ""
10479
10485
10480
#: serverguide/C/remote-administration.xml:477(para)
10486
#: serverguide/C/remote-administration.xml:517(para)
10481
10487
msgid ""
10482
10488
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10483
10489
"your server for caching local queries as a forwarder or as an authoritative "
10485
10491
"and SRV records."
10486
10492
msgstr ""
10487
10493
10488
#: serverguide/C/remote-administration.xml:485(para)
10494
#: serverguide/C/remote-administration.xml:525(para)
10489
10495
msgid ""
10490
10496
"zentyal-ca: integrates the management of a Certification Authority within "
10491
10497
"Zentyal so users can use certificates to authenticate against the services, "
10492
10498
"like with <application>OpenVPN</application>."
10493
10499
msgstr ""
10494
10500
10495
#: serverguide/C/remote-administration.xml:492(para)
10501
#: serverguide/C/remote-administration.xml:532(para)
10496
10502
msgid ""
10497
10503
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10498
10504
"<application>OpenVPN</application> with dynamic routing configuration using "
10499
10505
"<application>Quagga</application>."
10500
10506
msgstr ""
10501
10507
10502
#: serverguide/C/remote-administration.xml:499(para)
10508
#: serverguide/C/remote-administration.xml:539(para)
10503
10509
msgid ""
10504
10510
"zentyal-users: provides an interface to configure and manage users and "
10505
10511
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10508
10514
"<application>Microsoft Active Directory</application> domain."
10509
10515
msgstr ""
10510
10516
10511
#: serverguide/C/remote-administration.xml:509(para)
10517
#: serverguide/C/remote-administration.xml:549(para)
10512
10518
msgid ""
10513
10519
"zentyal-squid: configures <application>Squid</application> and "
10514
10520
"<application>Dansguardian</application> for speeding up browsing thanks to "
10515
10521
"the caching capabilities and content filtering."
10516
10522
msgstr ""
10517
10523
10518
#: serverguide/C/remote-administration.xml:516(para)
10524
#: serverguide/C/remote-administration.xml:556(para)
10519
10525
msgid ""
10520
10526
"zentyal-samba: allows <application>Samba</application> configuration and "
10521
10527
"integration with existing LDAP. From the same interface you can define "
10522
10528
"password policies, create shared resources and assign permissions."
10523
10529
msgstr ""
10524
10530
10525
#: serverguide/C/remote-administration.xml:524(para)
10531
#: serverguide/C/remote-administration.xml:564(para)
10526
10532
msgid ""
10527
10533
"zentyal-printers: integrates <application>CUPS</application> with "
10528
10534
"<application>Samba</application> and allows not only to configure the "
10529
10535
"printers but also give them permissions based on LDAP users and groups."
10530
10536
msgstr ""
10531
10537
10532
#: serverguide/C/remote-administration.xml:533(para)
10538
#: serverguide/C/remote-administration.xml:573(para)
10533
10539
msgid ""
10534
10540
"To install <application>Zentyal</application>, in a terminal on the "
10535
10541
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10536
10542
"the modules from the previous list):"
10537
10543
msgstr ""
10538
10544
10539
#: serverguide/C/remote-administration.xml:540(command)
10545
#: serverguide/C/remote-administration.xml:580(command)
10540
10546
msgid "sudo apt-get install <zentyal-module>"
10541
10547
msgstr ""
10542
10548
10543
#: serverguide/C/remote-administration.xml:544(para)
10549
#: serverguide/C/remote-administration.xml:584(para)
10544
10550
msgid ""
10545
10551
"<application>Zentyal</application> publishes one major stable release once a "
10546
10552
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10560
10566
"Personal Package Archive (PPA)</ulink>."
10561
10567
msgstr ""
10562
10568
10563
#: serverguide/C/remote-administration.xml:566(para)
10569
#: serverguide/C/remote-administration.xml:606(para)
10564
10570
msgid ""
10565
10571
"Not present on Ubuntu Universe repositories, but on <ulink "
10566
10572
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10567
10573
"find these other modules:"
10568
10574
msgstr ""
10569
10575
10570
#: serverguide/C/remote-administration.xml:573(para)
10576
#: serverguide/C/remote-administration.xml:613(para)
10571
10577
msgid ""
10572
10578
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10573
10579
"with other modules like the proxy, file sharing or mailfilter."
10574
10580
msgstr ""
10575
10581
10576
#: serverguide/C/remote-administration.xml:580(para)
10582
#: serverguide/C/remote-administration.xml:620(para)
10577
10583
msgid ""
10578
10584
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10579
10585
"a simple PBX with LDAP based authentication."
10580
10586
msgstr ""
10581
10587
10582
#: serverguide/C/remote-administration.xml:586(para)
10588
#: serverguide/C/remote-administration.xml:626(para)
10583
10589
msgid ""
10584
10590
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10585
10591
msgstr ""
10586
10592
10587
#: serverguide/C/remote-administration.xml:592(para)
10593
#: serverguide/C/remote-administration.xml:632(para)
10588
10594
msgid ""
10589
10595
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10590
10596
"LDAP users and groups."
10591
10597
msgstr ""
10592
10598
10593
#: serverguide/C/remote-administration.xml:598(para)
10599
#: serverguide/C/remote-administration.xml:638(para)
10594
10600
msgid ""
10595
10601
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10596
10602
"popular <application>duplicity</application> backup tool."
10597
10603
msgstr ""
10598
10604
10599
#: serverguide/C/remote-administration.xml:604(para)
10605
#: serverguide/C/remote-administration.xml:644(para)
10600
10606
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10601
10607
msgstr ""
10602
10608
10603
#: serverguide/C/remote-administration.xml:609(para)
10609
#: serverguide/C/remote-administration.xml:649(para)
10604
10610
msgid "zentyal-ids: integrates a network intrusion detection system."
10605
10611
msgstr ""
10606
10612
10607
#: serverguide/C/remote-administration.xml:614(para)
10613
#: serverguide/C/remote-administration.xml:654(para)
10608
10614
msgid ""
10609
10615
"zentyal-ipsec: allows to configure IPsec tunnels using "
10610
10616
"<application>OpenSwan</application>."
10611
10617
msgstr ""
10612
10618
10613
#: serverguide/C/remote-administration.xml:620(para)
10619
#: serverguide/C/remote-administration.xml:660(para)
10614
10620
msgid ""
10615
10621
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10616
10622
"with LDAP users and groups."
10617
10623
msgstr ""
10618
10624
10619
#: serverguide/C/remote-administration.xml:626(para)
10625
#: serverguide/C/remote-administration.xml:666(para)
10620
10626
msgid ""
10621
10627
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10622
10628
"solution."
10623
10629
msgstr ""
10624
10630
10625
#: serverguide/C/remote-administration.xml:632(para)
10631
#: serverguide/C/remote-administration.xml:672(para)
10626
10632
msgid ""
10627
10633
"zentyal-mail: a full mail stack including <application>Postfix "
10628
10634
"</application> and <application>Dovecot</application> with LDAP backend."
10629
10635
msgstr ""
10630
10636
10631
#: serverguide/C/remote-administration.xml:639(para)
10637
#: serverguide/C/remote-administration.xml:679(para)
10632
10638
msgid ""
10633
10639
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10634
10640
"stack to filter spam and attached virus."
10635
10641
msgstr ""
10636
10642
10637
#: serverguide/C/remote-administration.xml:645(para)
10643
#: serverguide/C/remote-administration.xml:685(para)
10638
10644
msgid ""
10639
10645
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10640
10646
"server performance and running services."
10641
10647
msgstr ""
10642
10648
10643
#: serverguide/C/remote-administration.xml:651(para)
10649
#: serverguide/C/remote-administration.xml:691(para)
10644
10650
msgid ""
10645
10651
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10646
10652
msgstr ""
10647
10653
10648
#: serverguide/C/remote-administration.xml:656(para)
10654
#: serverguide/C/remote-administration.xml:696(para)
10649
10655
msgid ""
10650
10656
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10651
10657
"users and groups."
10652
10658
msgstr ""
10653
10659
10654
#: serverguide/C/remote-administration.xml:662(para)
10660
#: serverguide/C/remote-administration.xml:702(para)
10655
10661
msgid ""
10656
10662
"zentyal-software: simple interface to manage installed "
10657
10663
"<application>Zentyal</application> modules and system updates."
10658
10664
msgstr ""
10659
10665
10660
#: serverguide/C/remote-administration.xml:668(para)
10666
#: serverguide/C/remote-administration.xml:708(para)
10661
10667
msgid ""
10662
10668
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10663
10669
"throttling and improve latency."
10664
10670
msgstr ""
10665
10671
10666
#: serverguide/C/remote-administration.xml:674(para)
10672
#: serverguide/C/remote-administration.xml:714(para)
10667
10673
msgid ""
10668
10674
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10669
10675
"web browser."
10670
10676
msgstr ""
10671
10677
10672
#: serverguide/C/remote-administration.xml:680(para)
10678
#: serverguide/C/remote-administration.xml:720(para)
10673
10679
msgid ""
10674
10680
"zentyal-virt: simple interface to create and manage virtual machines based "
10675
10681
"on <application>libvirt</application>."
10676
10682
msgstr ""
10677
10683
10678
#: serverguide/C/remote-administration.xml:686(para)
10684
#: serverguide/C/remote-administration.xml:726(para)
10679
10685
msgid ""
10680
10686
"zentyal-webmail: allows to access your mail using the popular "
10681
10687
"<application>Roundcube</application> webmail."
10682
10688
msgstr ""
10683
10689
10684
#: serverguide/C/remote-administration.xml:692(para)
10690
#: serverguide/C/remote-administration.xml:732(para)
10685
10691
msgid ""
10686
10692
"zentyal-webserver: configures <application>Apache</application> webserver to "
10687
10693
"host different sites on your machine."
10688
10694
msgstr ""
10689
10695
10690
#: serverguide/C/remote-administration.xml:698(para)
10696
#: serverguide/C/remote-administration.xml:738(para)
10691
10697
msgid ""
10692
10698
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10693
10699
"with <application>Zentyal</application> mail stack and LDAP."
10694
10700
msgstr ""
10695
10701
10696
#: serverguide/C/remote-administration.xml:710(title)
10702
#: serverguide/C/remote-administration.xml:750(title)
10697
10703
msgid "First steps"
10698
10704
msgstr ""
10699
10705
10700
#: serverguide/C/remote-administration.xml:712(para)
10706
#: serverguide/C/remote-administration.xml:752(para)
10701
10707
msgid ""
10702
10708
"Any system account belonging to the sudo group is allowed to log into "
10703
10709
"<application>Zentyal</application> web interface. If you are using the user "
10704
10710
"created during the installation, this should be in the sudo group by default."
10705
10711
msgstr ""
10706
10712
10707
#: serverguide/C/remote-administration.xml:720(para)
10713
#: serverguide/C/remote-administration.xml:760(para)
10708
10714
msgid "If you need to add another user to the sudo group, just execute:"
10709
10715
msgstr ""
10710
10716
10711
#: serverguide/C/remote-administration.xml:725(command)
10717
#: serverguide/C/remote-administration.xml:765(command)
10712
10718
msgid "sudo adduser username sudo"
10713
10719
msgstr ""
10714
10720
10715
#: serverguide/C/remote-administration.xml:729(para)
10721
#: serverguide/C/remote-administration.xml:769(para)
10716
10722
msgid ""
10717
10723
"To access <application>Zentyal</application> web interface, browse into "
10718
10724
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10720
10726
"exception on your browser."
10721
10727
msgstr ""
10722
10728
10723
#: serverguide/C/remote-administration.xml:736(para)
10729
#: serverguide/C/remote-administration.xml:776(para)
10724
10730
msgid ""
10725
10731
"Once logged in you will see the dashboard with an overview of your server. "
10726
10732
"To configure any of the features of your installed modules, go to the "
10734
10740
"files."
10735
10741
msgstr ""
10736
10742
10737
#: serverguide/C/remote-administration.xml:750(para)
10743
#: serverguide/C/remote-administration.xml:790(para)
10738
10744
msgid ""
10739
10745
"If you need to customize any configuration file or run certain actions "
10740
10746
"(scripts or commands) to configure features not available on "
10743
10749
"/etc/zentyal/hooks/<module>.<action>."
10744
10750
msgstr ""
10745
10751
10746
#: serverguide/C/remote-administration.xml:763(para)
10752
#: serverguide/C/remote-administration.xml:803(para)
10747
10753
msgid ""
10748
10754
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10749
10755
"</ulink> page."
10750
10756
msgstr ""
10751
10757
10752
#: serverguide/C/remote-administration.xml:767(para)
10758
#: serverguide/C/remote-administration.xml:807(para)
10753
10759
msgid ""
10754
10760
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10755
10761
"Community Documentation</ulink> page."
10756
10762
msgstr ""
10757
10763
10758
#: serverguide/C/remote-administration.xml:771(para)
10764
#: serverguide/C/remote-administration.xml:811(para)
10759
10765
msgid ""
10760
10766
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10761
10767
"</ulink> for community support, feedback, feature requests, etc."
10769
10775
msgid ""
10770
10776
"Ubuntu features a comprehensive package management system for installing, "
10771
10777
"upgrading, configuring, and removing software. In addition to providing "
10772
"access to an organized base of over 35,000 software packages for your Ubuntu "
10778
"access to an organized base of over 45,000 software packages for your Ubuntu "
10773
10779
"computer, the package management facilities also feature dependency "
10774
10780
"resolution capabilities and software update checking."
10775
10781
msgstr ""
10801
10807
10802
10808
#: serverguide/C/package-management.xml:25(para)
10803
10809
msgid ""
10804
"Many complex packages use the concept of <emphasis "
10810
"Many complex packages use <emphasis "
10805
10811
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10806
10812
"packages required by the principal package in order to function properly. "
10807
10813
"For example, the speech synthesis package "
11123
11129
"menu."
11124
11130
msgstr ""
11125
11131
11126
#: serverguide/C/package-management.xml:246(para)
11132
#: serverguide/C/package-management.xml:263(para)
11127
11133
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11128
11134
msgstr ""
11129
11135
11130
#: serverguide/C/package-management.xml:251(para)
11136
#: serverguide/C/package-management.xml:268(para)
11131
11137
msgid ""
11132
11138
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11133
11139
"configuration remains on system"
11134
11140
msgstr ""
11135
11141
11136
#: serverguide/C/package-management.xml:255(para)
11142
#: serverguide/C/package-management.xml:272(para)
11137
11143
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11138
11144
msgstr ""
11139
11145
11140
#: serverguide/C/package-management.xml:259(para)
11146
#: serverguide/C/package-management.xml:276(para)
11141
11147
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11142
11148
msgstr ""
11143
11149
11144
#: serverguide/C/package-management.xml:263(para)
11150
#: serverguide/C/package-management.xml:280(para)
11145
11151
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11146
11152
msgstr ""
11147
11153
11148
#: serverguide/C/package-management.xml:267(para)
11154
#: serverguide/C/package-management.xml:284(para)
11149
11155
msgid ""
11150
11156
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11151
11157
"configured"
11152
11158
msgstr ""
11153
11159
11154
#: serverguide/C/package-management.xml:271(para)
11160
#: serverguide/C/package-management.xml:288(para)
11155
11161
msgid ""
11156
11162
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11157
11163
"and requires fix"
11158
11164
msgstr ""
11159
11165
11160
#: serverguide/C/package-management.xml:275(para)
11166
#: serverguide/C/package-management.xml:292(para)
11161
11167
msgid ""
11162
11168
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11163
11169
"requires fix"
11164
11170
msgstr ""
11165
11171
11166
#: serverguide/C/package-management.xml:243(para)
11172
#: serverguide/C/package-management.xml:260(para)
11167
11173
msgid ""
11168
11174
"The first column of information displayed in the package list in the top "
11169
11175
"pane, when actually viewing packages lists the current state of the package, "
11171
11177
"<placeholder-1/>"
11172
11178
msgstr ""
11173
11179
11174
#: serverguide/C/package-management.xml:281(para)
11180
#: serverguide/C/package-management.xml:298(para)
11175
11181
msgid ""
11176
11182
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11177
11183
"wish to exit. Many other functions are available from the Aptitude menu by "
11178
11184
"pressing the <keycap>F10</keycap> key."
11179
11185
msgstr ""
11180
11186
11181
#: serverguide/C/package-management.xml:284(title)
11187
#: serverguide/C/package-management.xml:301(title)
11182
11188
msgid "Command Line Aptitude"
11183
11189
msgstr ""
11184
11190
11185
#: serverguide/C/package-management.xml:285(para)
11191
#: serverguide/C/package-management.xml:302(para)
11186
11192
msgid ""
11187
11193
"You can also use <application>Aptitude</application> as a command-line tool, "
11188
11194
"similar to <application>apt-get</application>. To install the "
11196
11202
"of command line options for <application>Aptitude</application>."
11197
11203
msgstr ""
11198
11204
11199
#: serverguide/C/package-management.xml:298(title)
11205
#: serverguide/C/package-management.xml:315(title)
11200
11206
msgid "Automatic Updates"
11201
11207
msgstr "Аўтаматычныя абнаўленьні"
11202
11208
11203
#: serverguide/C/package-management.xml:300(para)
11209
#: serverguide/C/package-management.xml:317(para)
11204
11210
msgid ""
11205
11211
"The <application>unattended-upgrades</application> package can be used to "
11206
11212
"automatically install updated packages, and can be configured to update all "
11208
11214
"entering the following in a terminal:"
11209
11215
msgstr ""
11210
11216
11211
#: serverguide/C/package-management.xml:306(command)
11217
#: serverguide/C/package-management.xml:323(command)
11212
11218
msgid "sudo apt-get install unattended-upgrades"
11213
11219
msgstr "sudo apt-get install unattended-upgrades"
11214
11220
11215
#: serverguide/C/package-management.xml:309(para)
11221
#: serverguide/C/package-management.xml:326(para)
11216
11222
msgid ""
11217
11223
"To configure <application>unattended-upgrades</application>, edit "
11218
11224
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11229
11235
"};\n"
11230
11236
msgstr ""
11231
11237
11232
#: serverguide/C/package-management.xml:321(para)
11238
#: serverguide/C/package-management.xml:338(para)
11233
11239
msgid ""
11234
11240
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11235
11241
"will not be automatically updated. To blacklist a package, add it to the "
11236
11242
"list:"
11237
11243
msgstr ""
11238
11244
11239
#: serverguide/C/package-management.xml:326(programlisting)
11245
#: serverguide/C/package-management.xml:343(programlisting)
11240
11246
#, no-wrap
11241
11247
msgid ""
11242
11248
"\n"
11248
11254
"};\n"
11249
11255
msgstr ""
11250
11256
11251
#: serverguide/C/package-management.xml:336(para)
11257
#: serverguide/C/package-management.xml:353(para)
11252
11258
msgid ""
11253
11259
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11254
11260
"whatever follows \"//\" will not be evaluated."
11255
11261
msgstr ""
11256
11262
11257
#: serverguide/C/package-management.xml:341(para)
11263
#: serverguide/C/package-management.xml:358(para)
11258
11264
msgid ""
11259
11265
"To enable automatic updates, edit "
11260
11266
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11261
11267
"<application>apt</application> configuration options:"
11262
11268
msgstr ""
11263
11269
11264
#: serverguide/C/package-management.xml:345(programlisting)
11270
#: serverguide/C/package-management.xml:362(programlisting)
11265
11271
#, no-wrap
11266
11272
msgid ""
11267
11273
"\n"
11271
11277
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11272
11278
msgstr ""
11273
11279
11274
#: serverguide/C/package-management.xml:352(para)
11280
#: serverguide/C/package-management.xml:369(para)
11275
11281
msgid ""
11276
11282
"The above configuration updates the package list, downloads, and installs "
11277
11283
"available upgrades every day. The local download archive is cleaned every "
11278
11284
"week."
11279
11285
msgstr ""
11280
11286
11281
#: serverguide/C/package-management.xml:358(para)
11287
#: serverguide/C/package-management.xml:375(para)
11282
11288
msgid ""
11283
11289
"You can read more about <application>apt</application> Periodic "
11284
11290
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11285
11291
"header."
11286
11292
msgstr ""
11287
11293
11288
#: serverguide/C/package-management.xml:363(para)
11294
#: serverguide/C/package-management.xml:380(para)
11289
11295
msgid ""
11290
11296
"The results of <application>unattended-upgrades</application> will be logged "
11291
11297
"to <filename>/var/log/unattended-upgrades</filename>."
11292
11298
msgstr ""
11293
11299
11294
#: serverguide/C/package-management.xml:368(title)
11300
#: serverguide/C/package-management.xml:385(title)
11295
11301
msgid "Notifications"
11296
11302
msgstr ""
11297
11303
11298
#: serverguide/C/package-management.xml:370(para)
11304
#: serverguide/C/package-management.xml:387(para)
11299
11305
msgid ""
11300
11306
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11301
11307
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11303
11309
"detailing any packages that need upgrading or have problems."
11304
11310
msgstr ""
11305
11311
11306
#: serverguide/C/package-management.xml:375(para)
11312
#: serverguide/C/package-management.xml:392(para)
11307
11313
msgid ""
11308
11314
"Another useful package is <application>apticron</application>. "
11309
11315
"<application>apticron</application> will configure a "
11312
11318
"summary of changes in each package."
11313
11319
msgstr ""
11314
11320
11315
#: serverguide/C/package-management.xml:381(para)
11321
#: serverguide/C/package-management.xml:398(para)
11316
11322
msgid ""
11317
11323
"To install the <application>apticron</application> package, in a terminal "
11318
11324
"enter:"
11319
11325
msgstr ""
11320
11326
11321
#: serverguide/C/package-management.xml:386(command)
11327
#: serverguide/C/package-management.xml:403(command)
11322
11328
msgid "sudo apt-get install apticron"
11323
11329
msgstr "sudo apt-get install apticron"
11324
11330
11325
#: serverguide/C/package-management.xml:389(para)
11331
#: serverguide/C/package-management.xml:406(para)
11326
11332
msgid ""
11327
11333
"Once the package is installed edit "
11328
11334
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11329
11335
"and other options:"
11330
11336
msgstr ""
11331
11337
11332
#: serverguide/C/package-management.xml:393(programlisting)
11338
#: serverguide/C/package-management.xml:410(programlisting)
11333
11339
#, no-wrap
11334
11340
msgid ""
11335
11341
"\n"
11338
11344
"\n"
11339
11345
"EMAIL=\"root@example.com\"\n"
11340
11346
11341
#: serverguide/C/package-management.xml:402(para)
11347
#: serverguide/C/package-management.xml:419(para)
11342
11348
msgid ""
11343
11349
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11344
11350
"system repositories is stored in the "
11348
11354
"repository references from the file."
11349
11355
msgstr ""
11350
11356
11351
#: serverguide/C/package-management.xml:411(para)
11357
#: serverguide/C/package-management.xml:424(para)
11352
11358
msgid ""
11353
11359
"You may edit the file to enable repositories or disable them. For example, "
11354
11360
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11365
11371
"main restricted\n"
11366
11372
msgstr ""
11367
11373
11368
#: serverguide/C/package-management.xml:422(title)
11374
#: serverguide/C/package-management.xml:435(title)
11369
11375
msgid "Extra Repositories"
11370
11376
msgstr ""
11371
11377
11372
#: serverguide/C/package-management.xml:423(para)
11378
#: serverguide/C/package-management.xml:436(para)
11373
11379
msgid ""
11374
11380
"In addition to the officially supported package repositories available for "
11375
11381
"Ubuntu, there exist additional community-maintained repositories which add "
11380
11386
"which are safe for use with your Ubuntu computer."
11381
11387
msgstr ""
11382
11388
11383
#: serverguide/C/package-management.xml:426(para)
11389
#: serverguide/C/package-management.xml:439(para)
11384
11390
msgid ""
11385
11391
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11386
11392
"licensing issues that prevent them from being distributed with a free "
11387
11393
"operating system, and they may be illegal in your locality."
11388
11394
msgstr ""
11389
11395
11390
#: serverguide/C/package-management.xml:428(para)
11396
#: serverguide/C/package-management.xml:441(para)
11391
11397
msgid ""
11392
11398
"Be advised that neither the <emphasis>Universe</emphasis> or "
11393
11399
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11395
11401
"packages."
11396
11402
msgstr ""
11397
11403
11398
#: serverguide/C/package-management.xml:432(para)
11404
#: serverguide/C/package-management.xml:445(para)
11399
11405
msgid ""
11400
11406
"Many other package sources are available, sometimes even offering only one "
11401
11407
"package, as in the case of package sources provided by the developer of a "
11406
11412
"functional in some respects."
11407
11413
msgstr ""
11408
11414
11409
#: serverguide/C/package-management.xml:435(para)
11415
#: serverguide/C/package-management.xml:448(para)
11410
11416
msgid ""
11411
11417
"By default, the <emphasis>Universe</emphasis> and "
11412
11418
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11437
11443
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11438
11444
msgstr ""
11439
11445
11440
#: serverguide/C/package-management.xml:468(para)
11446
#: serverguide/C/package-management.xml:481(para)
11441
11447
msgid ""
11442
11448
"Most of the material covered in this chapter is available in "
11443
11449
"<application>man</application> pages, many of which are available online."
11444
11450
msgstr ""
11445
11451
11446
#: serverguide/C/package-management.xml:475(para)
11452
#: serverguide/C/package-management.xml:488(para)
11447
11453
msgid ""
11448
11454
"The <ulink "
11449
11455
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11473
11479
"ude man page</ulink> for more <application>aptitude</application> options."
11474
11480
msgstr ""
11475
11481
11476
#: serverguide/C/package-management.xml:499(para)
11482
#: serverguide/C/package-management.xml:512(para)
11477
11483
msgid ""
11478
11484
"The <ulink "
11479
11485
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11540
11546
"reboots (e.g.: after a kernel upgrade)."
11541
11547
msgstr ""
11542
11548
11543
#: serverguide/C/other-apps.xml:44(para)
11549
#: serverguide/C/other-apps.xml:61(para)
11544
11550
msgid ""
11545
11551
"<application>pam_motd</application> executes the scripts in "
11546
11552
"<filename>/etc/update-motd.d</filename> in order based on the number "
11549
11555
"concatenated with <filename>/etc/motd.tail</filename>."
11550
11556
msgstr ""
11551
11557
11552
#: serverguide/C/other-apps.xml:50(para)
11558
#: serverguide/C/other-apps.xml:67(para)
11553
11559
msgid ""
11554
11560
"You can add your own dynamic information to the MOTD. For example, to add "
11555
11561
"local weather information:"
11556
11562
msgstr ""
11557
11563
11558
#: serverguide/C/other-apps.xml:56(para)
11564
#: serverguide/C/other-apps.xml:73(para)
11559
11565
msgid "First, install the <application>weather-util</application> package:"
11560
11566
msgstr "Спачатку ўстанавіце пакет <application>weather-util</application>:"
11561
11567
11562
#: serverguide/C/other-apps.xml:61(command)
11568
#: serverguide/C/other-apps.xml:78(command)
11563
11569
msgid "sudo apt-get install weather-util"
11564
11570
msgstr "sudo apt-get install weather-util"
11565
11571
11566
#: serverguide/C/other-apps.xml:66(para)
11572
#: serverguide/C/other-apps.xml:83(para)
11567
11573
msgid ""
11568
11574
"The <application>weather</application> utility uses METAR data from the "
11569
11575
"National Oceanic and Atmospheric Administration and forecasts from the "
11573
11579
"Weather Service</ulink> site."
11574
11580
msgstr ""
11575
11581
11576
#: serverguide/C/other-apps.xml:73(para)
11582
#: serverguide/C/other-apps.xml:90(para)
11577
11583
msgid ""
11578
11584
"Although the National Weather Service is a United States government agency "
11579
11585
"there are weather stations available world wide. However, local weather "
11580
11586
"information for all locations outside the U.S. may not be available."
11581
11587
msgstr ""
11582
11588
11583
#: serverguide/C/other-apps.xml:79(para)
11589
#: serverguide/C/other-apps.xml:96(para)
11584
11590
msgid ""
11585
11591
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11586
11592
"script to use <application>weather</application> with your local ICAO "
11587
11593
"indicator:"
11588
11594
msgstr ""
11589
11595
11590
#: serverguide/C/other-apps.xml:84(programlisting)
11596
#: serverguide/C/other-apps.xml:101(programlisting)
11591
11597
#, no-wrap
11592
11598
msgid ""
11593
11599
"\n"
11607
11613
"\n"
11608
11614
msgstr ""
11609
11615
11610
#: serverguide/C/other-apps.xml:102(para)
11616
#: serverguide/C/other-apps.xml:119(para)
11611
11617
msgid "Make the script executable:"
11612
11618
msgstr ""
11613
11619
11614
#: serverguide/C/other-apps.xml:107(command)
11620
#: serverguide/C/other-apps.xml:124(command)
11615
11621
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11616
11622
msgstr "sudo chmod 755 /usr/local/bin/local-weather"
11617
11623
11618
#: serverguide/C/other-apps.xml:111(para)
11624
#: serverguide/C/other-apps.xml:128(para)
11619
11625
msgid ""
11620
11626
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11621
11627
"weather</filename>:"
11622
11628
msgstr ""
11623
11629
11624
#: serverguide/C/other-apps.xml:116(command)
11630
#: serverguide/C/other-apps.xml:133(command)
11625
11631
msgid ""
11626
11632
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11627
11633
msgstr ""
11628
11634
11629
#: serverguide/C/other-apps.xml:120(para)
11635
#: serverguide/C/other-apps.xml:137(para)
11630
11636
msgid "Finally, exit the server and re-login to view the new MOTD."
11631
11637
msgstr ""
11632
11638
11633
#: serverguide/C/other-apps.xml:126(para)
11639
#: serverguide/C/other-apps.xml:143(para)
11634
11640
msgid ""
11635
11641
"You should now be greeted with some useful information, and some information "
11636
11642
"about the local weather that may not be quite so useful. Hopefully the "
11646
11652
"<application>update-motd</application>."
11647
11653
msgstr ""
11648
11654
11649
#: serverguide/C/other-apps.xml:338(para)
11655
#: serverguide/C/other-apps.xml:163(para)
11650
11656
msgid ""
11651
11657
"The Debian Package of the Day <ulink "
11652
11658
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11654
11660
"details about using the <application>weather</application>utility."
11655
11661
msgstr ""
11656
11662
11657
#: serverguide/C/other-apps.xml:134(title)
11663
#: serverguide/C/other-apps.xml:178(title)
11658
11664
msgid "etckeeper"
11659
11665
msgstr "etckeeper"
11660
11666
11670
11676
"possible."
11671
11677
msgstr ""
11672
11678
11673
#: serverguide/C/other-apps.xml:144(para)
11679
#: serverguide/C/other-apps.xml:188(para)
11674
11680
msgid ""
11675
11681
"Install <application>etckeeper</application> by entering the following in a "
11676
11682
"terminal:"
11678
11684
"Устанавіце <application>etckeeper</application>, для гэтага ўвядзіце ў "
11679
11685
"тэрмінале наступнае:"
11680
11686
11681
#: serverguide/C/other-apps.xml:149(command)
11687
#: serverguide/C/other-apps.xml:193(command)
11682
11688
msgid "sudo apt-get install etckeeper"
11683
11689
msgstr "sudo apt-get install etckeeper"
11684
11690
11693
11699
"It is possible to undo this by entering the following command:"
11694
11700
msgstr ""
11695
11701
11696
#: serverguide/C/other-apps.xml:162(command)
11702
#: serverguide/C/other-apps.xml:204(command)
11697
11703
msgid "sudo etckeeper uninit"
11698
11704
msgstr ""
11699
11705
11700
#: serverguide/C/other-apps.xml:165(para)
11706
#: serverguide/C/other-apps.xml:207(para)
11701
11707
msgid ""
11702
11708
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11703
11709
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11706
11712
"commit your changes manually, together with a commit message, using:"
11707
11713
msgstr ""
11708
11714
11709
#: serverguide/C/other-apps.xml:174(command)
11715
#: serverguide/C/other-apps.xml:214(command)
11710
11716
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11711
11717
msgstr ""
11712
11718
11714
11720
msgid "Using bzr's VCS commands you can view log information:"
11715
11721
msgstr ""
11716
11722
11717
#: serverguide/C/other-apps.xml:182(command)
11723
#: serverguide/C/other-apps.xml:222(command)
11718
11724
msgid "sudo bzr log /etc/passwd"
11719
11725
msgstr ""
11720
11726
11724
11730
"install <application>postfix</application>:"
11725
11731
msgstr ""
11726
11732
11727
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11733
#: serverguide/C/other-apps.xml:230(command) serverguide/C/mail.xml:43(command)
11728
11734
msgid "sudo apt-get install postfix"
11729
11735
msgstr "sudo apt-get install postfix"
11730
11736
11731
#: serverguide/C/other-apps.xml:193(para)
11737
#: serverguide/C/other-apps.xml:233(para)
11732
11738
msgid ""
11733
11739
"When the installation is finished, all the "
11734
11740
"<application>postfix</application> configuration files should be committed "
11735
11741
"to the repository:"
11736
11742
msgstr ""
11737
11743
11738
#: serverguide/C/other-apps.xml:199(computeroutput)
11744
#: serverguide/C/other-apps.xml:239(computeroutput)
11739
11745
#, no-wrap
11740
11746
msgid ""
11741
11747
"Committing to: /etc/\n"
11778
11784
"Committed revision 2."
11779
11785
msgstr ""
11780
11786
11781
#: serverguide/C/other-apps.xml:239(para)
11787
#: serverguide/C/other-apps.xml:279(para)
11782
11788
msgid ""
11783
11789
"For an example of how <application>etckeeper</application> tracks manual "
11784
11790
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11785
11791
"<application>bzr</application> you can see which files have been modified:"
11786
11792
msgstr ""
11787
11793
11788
#: serverguide/C/other-apps.xml:245(command)
11794
#: serverguide/C/other-apps.xml:285(command)
11789
11795
msgid "sudo bzr status /etc/"
11790
11796
msgstr "sudo bzr status /etc/"
11791
11797
11792
#: serverguide/C/other-apps.xml:246(computeroutput)
11798
#: serverguide/C/other-apps.xml:286(computeroutput)
11793
11799
#, no-wrap
11794
11800
msgid ""
11795
11801
"modified:\n"
11796
11802
" hosts"
11797
11803
msgstr ""
11798
11804
11799
#: serverguide/C/other-apps.xml:250(para)
11805
#: serverguide/C/other-apps.xml:290(para)
11800
11806
msgid "Now commit the changes:"
11801
11807
msgstr ""
11802
11808
11804
11810
msgid "sudo etckeeper commit \"added new host\""
11805
11811
msgstr ""
11806
11812
11807
#: serverguide/C/other-apps.xml:258(para)
11813
#: serverguide/C/other-apps.xml:298(para)
11808
11814
msgid ""
11809
11815
"For more information on <application>bzr</application> see <xref "
11810
11816
"linkend=\"bazaar\"/>."
11811
11817
msgstr ""
11812
11818
11813
#: serverguide/C/other-apps.xml:345(para)
11814
msgid ""
11815
"See the <ulink "
11816
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11817
"more details on using <application>etckeeper</application>."
11818
msgstr ""
11819
11820
#: serverguide/C/other-apps.xml:351(para)
11821
msgid ""
11822
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11823
"Ubuntu Wiki</ulink> page."
11824
msgstr ""
11825
11826
#: serverguide/C/other-apps.xml:356(para)
11819
#: serverguide/C/other-apps.xml:310(para)
11820
msgid ""
11821
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
11822
"site for more details on using <application>etckeeper</application>."
11823
msgstr ""
11824
11825
#: serverguide/C/other-apps.xml:317(para)
11827
11826
msgid ""
11828
11827
"For the latest news and information about <application>bzr</application> see "
11829
11828
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11830
11829
msgstr ""
11831
11830
11832
#: serverguide/C/other-apps.xml:264(title)
11831
#: serverguide/C/other-apps.xml:329(title)
11833
11832
msgid "Byobu"
11834
11833
msgstr ""
11835
11834
11836
#: serverguide/C/other-apps.xml:337(para)
11835
#: serverguide/C/other-apps.xml:331(para)
11837
11836
msgid ""
11838
11837
"One of the most useful applications for any system administrator is an xterm "
11839
11838
"multiplexor such as <application>screen</application> or "
11845
11844
"changed by the user."
11846
11845
msgstr ""
11847
11846
11848
#: serverguide/C/other-apps.xml:344(para)
11847
#: serverguide/C/other-apps.xml:338(para)
11849
11848
msgid "Invoke it simply with:"
11850
11849
msgstr ""
11851
11850
11852
#: serverguide/C/other-apps.xml:349(command)
11851
#: serverguide/C/other-apps.xml:343(command)
11853
11852
msgid "byobu"
11854
11853
msgstr ""
11855
11854
11856
#: serverguide/C/other-apps.xml:352(para)
11855
#: serverguide/C/other-apps.xml:346(para)
11857
11856
msgid ""
11858
11857
"Now bring up the configuration menu. By default this is done by pressing the "
11859
11858
"<emphasis>F9</emphasis> key. This will allow you to:"
11860
11859
msgstr ""
11861
11860
11862
#: serverguide/C/other-apps.xml:279(para)
11861
#: serverguide/C/other-apps.xml:351(para)
11863
11862
msgid "View the Help menu"
11864
11863
msgstr "Прагляд мэню Дапамогі"
11865
11864
11866
#: serverguide/C/other-apps.xml:280(para)
11865
#: serverguide/C/other-apps.xml:352(para)
11867
11866
msgid "Change Byobu's background color"
11868
11867
msgstr ""
11869
11868
11870
#: serverguide/C/other-apps.xml:281(para)
11869
#: serverguide/C/other-apps.xml:353(para)
11871
11870
msgid "Change Byobu's foreground color"
11872
11871
msgstr ""
11873
11872
11874
#: serverguide/C/other-apps.xml:282(para)
11873
#: serverguide/C/other-apps.xml:354(para)
11875
11874
msgid "Toggle status notifications"
11876
11875
msgstr ""
11877
11876
11878
#: serverguide/C/other-apps.xml:283(para)
11877
#: serverguide/C/other-apps.xml:355(para)
11879
11878
msgid "Change the key binding set"
11880
11879
msgstr ""
11881
11880
11882
#: serverguide/C/other-apps.xml:284(para)
11881
#: serverguide/C/other-apps.xml:356(para)
11883
11882
msgid "Change the escape sequence"
11884
11883
msgstr ""
11885
11884
11886
#: serverguide/C/other-apps.xml:285(para)
11885
#: serverguide/C/other-apps.xml:357(para)
11887
11886
msgid "Create new windows"
11888
11887
msgstr ""
11889
11888
11890
#: serverguide/C/other-apps.xml:286(para)
11889
#: serverguide/C/other-apps.xml:358(para)
11891
11890
msgid "Manage the default windows"
11892
11891
msgstr ""
11893
11892
11894
#: serverguide/C/other-apps.xml:287(para)
11893
#: serverguide/C/other-apps.xml:359(para)
11895
11894
msgid "Byobu currently does not launch at login (toggle on)"
11896
11895
msgstr ""
11897
11896
11898
#: serverguide/C/other-apps.xml:290(para)
11897
#: serverguide/C/other-apps.xml:362(para)
11899
11898
msgid ""
11900
11899
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11901
11900
"sequence, new window, change window, etc. There are two key binding sets to "
11904
11903
"<emphasis>none</emphasis> set."
11905
11904
msgstr ""
11906
11905
11907
#: serverguide/C/other-apps.xml:296(para)
11906
#: serverguide/C/other-apps.xml:368(para)
11908
11907
msgid ""
11909
11908
"<application>byobu</application> provides a menu which displays the Ubuntu "
11910
11909
"release, processor information, memory information, and the time and date. "
11911
11910
"The effect is similar to a desktop menu."
11912
11911
msgstr ""
11913
11912
11914
#: serverguide/C/other-apps.xml:301(para)
11913
#: serverguide/C/other-apps.xml:373(para)
11915
11914
msgid ""
11916
11915
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11917
11916
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11920
11919
"affect other users on the system."
11921
11920
msgstr ""
11922
11921
11923
#: serverguide/C/other-apps.xml:307(para)
11922
#: serverguide/C/other-apps.xml:379(para)
11924
11923
msgid ""
11925
11924
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11926
11925
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11928
11927
"commands. Here is a quick list of movement commands:"
11929
11928
msgstr ""
11930
11929
11931
#: serverguide/C/other-apps.xml:314(para)
11930
#: serverguide/C/other-apps.xml:386(para)
11932
11931
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11933
11932
msgstr ""
11934
11933
11935
#: serverguide/C/other-apps.xml:315(para)
11934
#: serverguide/C/other-apps.xml:387(para)
11936
11935
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11937
11936
msgstr ""
11938
11937
11939
#: serverguide/C/other-apps.xml:316(para)
11938
#: serverguide/C/other-apps.xml:388(para)
11940
11939
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11941
11940
msgstr ""
11942
11941
11943
#: serverguide/C/other-apps.xml:317(para)
11942
#: serverguide/C/other-apps.xml:389(para)
11944
11943
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11945
11944
msgstr ""
11946
11945
11947
#: serverguide/C/other-apps.xml:318(para)
11946
#: serverguide/C/other-apps.xml:390(para)
11948
11947
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11949
11948
msgstr ""
11950
11949
11951
#: serverguide/C/other-apps.xml:319(para)
11950
#: serverguide/C/other-apps.xml:391(para)
11952
11951
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11953
11952
msgstr ""
11954
11953
11955
#: serverguide/C/other-apps.xml:320(para)
11954
#: serverguide/C/other-apps.xml:392(para)
11956
11955
msgid ""
11957
11956
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11958
11957
"the buffer)"
11959
11958
msgstr ""
11960
11959
11961
#: serverguide/C/other-apps.xml:321(para)
11960
#: serverguide/C/other-apps.xml:393(para)
11962
11961
msgid "<emphasis>/</emphasis> - Search forward"
11963
11962
msgstr ""
11964
11963
11965
#: serverguide/C/other-apps.xml:322(para)
11964
#: serverguide/C/other-apps.xml:394(para)
11966
11965
msgid "<emphasis>?</emphasis> - Search backward"
11967
11966
msgstr ""
11968
11967
11969
#: serverguide/C/other-apps.xml:401(para)
11968
#: serverguide/C/other-apps.xml:395(para)
11970
11969
msgid ""
11971
11970
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11972
11971
msgstr ""
11973
11972
11974
#: serverguide/C/other-apps.xml:361(para)
11973
#: serverguide/C/other-apps.xml:403(para)
11975
11974
msgid ""
11976
11975
"For more information on <application>screen</application> see the <ulink "
11977
11976
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11978
11977
msgstr ""
11979
11978
11980
#: serverguide/C/other-apps.xml:366(para)
11979
#: serverguide/C/other-apps.xml:408(para)
11981
11980
msgid ""
11982
11981
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11983
11982
"screen</ulink> page."
11984
11983
msgstr ""
11985
11984
11986
#: serverguide/C/other-apps.xml:371(para)
11985
#: serverguide/C/other-apps.xml:413(para)
11987
11986
msgid ""
11988
11987
"Also, see the <application>byobu</application><ulink "
11989
11988
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12005
12004
"discussion of popular network protocols."
12006
12005
msgstr ""
12007
12006
12008
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
12007
#: serverguide/C/network-config.xml:25(title)
12009
12008
msgid "Network Configuration"
12010
12009
msgstr "Сеткавыя настаўленьні"
12011
12010
12288
12287
"persistent way to do DNS client configuration is in a following section."
12289
12288
msgstr ""
12290
12289
12291
#: serverguide/C/network-config.xml:224(programlisting)
12290
#: serverguide/C/network-config.xml:226(programlisting)
12292
12291
#, no-wrap
12293
12292
msgid ""
12294
12293
"\n"
12296
12295
"nameserver 8.8.4.4\n"
12297
12296
msgstr ""
12298
12297
12299
#: serverguide/C/network-config.xml:228(para)
12298
#: serverguide/C/network-config.xml:230(para)
12300
12299
msgid ""
12301
12300
"If you no longer need this configuration and wish to purge all IP "
12302
12301
"configuration from an interface, you can use the "
12303
12302
"<application>ip</application> command with the flush option as shown below."
12304
12303
msgstr ""
12305
12304
12306
#: serverguide/C/network-config.xml:234(command)
12305
#: serverguide/C/network-config.xml:236(command)
12307
12306
msgid "ip addr flush eth0"
12308
12307
msgstr ""
12309
12308
12317
12316
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12318
12317
msgstr ""
12319
12318
12320
#: serverguide/C/network-config.xml:245(title)
12319
#: serverguide/C/network-config.xml:249(title)
12321
12320
msgid "Dynamic IP Address Assignment (DHCP Client)"
12322
12321
msgstr ""
12323
12322
12324
#: serverguide/C/network-config.xml:246(para)
12323
#: serverguide/C/network-config.xml:250(para)
12325
12324
msgid ""
12326
12325
"To configure your server to use DHCP for dynamic address assignment, add the "
12327
12326
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12331
12330
"role=\"italic\">eth0</emphasis>."
12332
12331
msgstr ""
12333
12332
12334
#: serverguide/C/network-config.xml:253(programlisting)
12333
#: serverguide/C/network-config.xml:257(programlisting)
12335
12334
#, no-wrap
12336
12335
msgid ""
12337
12336
"\n"
12342
12341
"auto eth0\n"
12343
12342
"iface eth0 inet dhcp\n"
12344
12343
12345
#: serverguide/C/network-config.xml:257(para)
12344
#: serverguide/C/network-config.xml:261(para)
12346
12345
msgid ""
12347
12346
"By adding an interface configuration as shown above, you can manually enable "
12348
12347
"the interface through the <application>ifup</application> command which "
12349
12348
"initiates the DHCP process via <application>dhclient</application>."
12350
12349
msgstr ""
12351
12350
12352
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12351
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12353
12352
msgid "sudo ifup eth0"
12354
12353
msgstr ""
12355
12354
12356
#: serverguide/C/network-config.xml:265(para)
12355
#: serverguide/C/network-config.xml:269(para)
12357
12356
msgid ""
12358
12357
"To manually disable the interface, you can use the "
12359
12358
"<application>ifdown</application> command, which in turn will initiate the "
12360
12359
"DHCP release process and shut down the interface."
12361
12360
msgstr ""
12362
12361
12363
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12362
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12364
12363
msgid "sudo ifdown eth0"
12365
12364
msgstr ""
12366
12365
12367
#: serverguide/C/network-config.xml:276(title)
12366
#: serverguide/C/network-config.xml:280(title)
12368
12367
msgid "Static IP Address Assignment"
12369
12368
msgstr ""
12370
12369
12371
#: serverguide/C/network-config.xml:277(para)
12370
#: serverguide/C/network-config.xml:281(para)
12372
12371
msgid ""
12373
12372
"To configure your system to use a static IP address assignment, add the "
12374
12373
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12382
12381
"network."
12383
12382
msgstr ""
12384
12383
12385
#: serverguide/C/network-config.xml:286(programlisting)
12384
#: serverguide/C/network-config.xml:290(programlisting)
12386
12385
#, no-wrap
12387
12386
msgid ""
12388
12387
"\n"
12393
12392
"gateway 10.0.0.1\n"
12394
12393
msgstr ""
12395
12394
12396
#: serverguide/C/network-config.xml:293(para)
12395
#: serverguide/C/network-config.xml:297(para)
12397
12396
msgid ""
12398
12397
"By adding an interface configuration as shown above, you can manually enable "
12399
12398
"the interface through the <application>ifup</application> command."
12400
12399
msgstr ""
12401
12400
12402
#: serverguide/C/network-config.xml:300(para)
12401
#: serverguide/C/network-config.xml:304(para)
12403
12402
msgid ""
12404
12403
"To manually disable the interface, you can use the "
12405
12404
"<application>ifdown</application> command."
12406
12405
msgstr ""
12407
12406
12408
#: serverguide/C/network-config.xml:310(title)
12407
#: serverguide/C/network-config.xml:314(title)
12409
12408
msgid "Loopback Interface"
12410
12409
msgstr ""
12411
12410
12412
#: serverguide/C/network-config.xml:311(para)
12411
#: serverguide/C/network-config.xml:315(para)
12413
12412
msgid ""
12414
12413
"The loopback interface is identified by the system as <emphasis "
12415
12414
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12416
12415
"can be viewed using the ifconfig command."
12417
12416
msgstr ""
12418
12417
12419
#: serverguide/C/network-config.xml:316(command)
12418
#: serverguide/C/network-config.xml:320(command)
12420
12419
msgid "ifconfig lo"
12421
12420
msgstr ""
12422
12421
12423
#: serverguide/C/network-config.xml:317(computeroutput)
12422
#: serverguide/C/network-config.xml:321(computeroutput)
12424
12423
#, no-wrap
12425
12424
msgid ""
12426
12425
"lo Link encap:Local Loopback \n"
12433
12432
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12434
12433
msgstr ""
12435
12434
12436
#: serverguide/C/network-config.xml:326(para)
12435
#: serverguide/C/network-config.xml:330(para)
12437
12436
msgid ""
12438
12437
"By default, there should be two lines in "
12439
12438
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12442
12441
"example of the two default lines are shown below."
12443
12442
msgstr ""
12444
12443
12445
#: serverguide/C/network-config.xml:332(programlisting)
12444
#: serverguide/C/network-config.xml:336(programlisting)
12446
12445
#, no-wrap
12447
12446
msgid ""
12448
12447
"\n"
12450
12449
"iface lo inet loopback\n"
12451
12450
msgstr ""
12452
12451
12453
#: serverguide/C/network-config.xml:341(title)
12452
#: serverguide/C/network-config.xml:345(title)
12454
12453
msgid "Name Resolution"
12455
12454
msgstr ""
12456
12455
12457
#: serverguide/C/network-config.xml:342(para)
12456
#: serverguide/C/network-config.xml:346(para)
12458
12457
msgid ""
12459
12458
"Name resolution as it relates to IP networking is the process of mapping IP "
12460
12459
"addresses to hostnames, making it easier to identify resources on a network. "
12462
12461
"name resolution using DNS and static hostname records."
12463
12462
msgstr ""
12464
12463
12465
#: serverguide/C/network-config.xml:350(title)
12464
#: serverguide/C/network-config.xml:354(title)
12466
12465
msgid "DNS Client Configuration"
12467
12466
msgstr ""
12468
12467
12469
#: serverguide/C/network-config.xml:362(programlisting)
12468
#: serverguide/C/network-config.xml:366(programlisting)
12470
12469
#, no-wrap
12471
12470
msgid ""
12472
12471
"\n"
12499
12498
"following:"
12500
12499
msgstr ""
12501
12500
12502
#: serverguide/C/network-config.xml:373(programlisting)
12501
#: serverguide/C/network-config.xml:377(programlisting)
12503
12502
#, no-wrap
12504
12503
msgid ""
12505
12504
"\n"
12511
12510
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12512
12511
msgstr ""
12513
12512
12514
#: serverguide/C/network-config.xml:382(para)
12513
#: serverguide/C/network-config.xml:386(para)
12515
12514
msgid ""
12516
12515
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12517
12516
"multiple domain names so that DNS queries will be appended in the order in "
12522
12521
"role=\"italic\">dev.example.com</emphasis>."
12523
12522
msgstr ""
12524
12523
12525
#: serverguide/C/network-config.xml:389(para)
12524
#: serverguide/C/network-config.xml:393(para)
12526
12525
msgid ""
12527
12526
"If you have multiple domains you wish to search, your configuration might "
12528
12527
"look like the following:"
12529
12528
msgstr ""
12530
12529
12531
#: serverguide/C/network-config.xml:393(programlisting)
12530
#: serverguide/C/network-config.xml:397(programlisting)
12532
12531
#, no-wrap
12533
12532
msgid ""
12534
12533
"\n"
12540
12539
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12541
12540
msgstr ""
12542
12541
12543
#: serverguide/C/network-config.xml:402(para)
12542
#: serverguide/C/network-config.xml:406(para)
12544
12543
msgid ""
12545
12544
"If you try to ping a host with the name of <emphasis "
12546
12545
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12547
12546
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12548
12547
msgstr ""
12549
12548
12550
#: serverguide/C/network-config.xml:409(para)
12549
#: serverguide/C/network-config.xml:413(para)
12551
12550
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12552
12551
msgstr ""
12553
12552
12554
#: serverguide/C/network-config.xml:414(para)
12553
#: serverguide/C/network-config.xml:418(para)
12555
12554
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12556
12555
msgstr ""
12557
12556
12558
#: serverguide/C/network-config.xml:419(para)
12557
#: serverguide/C/network-config.xml:423(para)
12559
12558
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12560
12559
msgstr ""
12561
12560
12562
#: serverguide/C/network-config.xml:424(para)
12561
#: serverguide/C/network-config.xml:428(para)
12563
12562
msgid ""
12564
12563
"If no matches are found, the DNS server will provide a result of <emphasis "
12565
12564
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12566
12565
msgstr ""
12567
12566
12568
#: serverguide/C/network-config.xml:431(title)
12567
#: serverguide/C/network-config.xml:435(title)
12569
12568
msgid "Static Hostnames"
12570
12569
msgstr ""
12571
12570
12572
#: serverguide/C/network-config.xml:432(para)
12571
#: serverguide/C/network-config.xml:436(para)
12573
12572
msgid ""
12574
12573
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12575
12574
"file <filename>/etc/hosts</filename>. Entries in the "
12581
12580
"conveniently set to use static hostnames instead of DNS."
12582
12581
msgstr ""
12583
12582
12584
#: serverguide/C/network-config.xml:439(para)
12583
#: serverguide/C/network-config.xml:443(para)
12585
12584
msgid ""
12586
12585
"The following is an example of a <filename>hosts</filename> file where a "
12587
12586
"number of local servers have been identified by simple hostnames, aliases "
12588
12587
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12589
12588
msgstr ""
12590
12589
12591
#: serverguide/C/network-config.xml:443(programlisting)
12590
#: serverguide/C/network-config.xml:447(programlisting)
12592
12591
#, no-wrap
12593
12592
msgid ""
12594
12593
"\n"
12600
12599
"10.0.0.14\tserver4 server4.example.com file\n"
12601
12600
msgstr ""
12602
12601
12603
#: serverguide/C/network-config.xml:452(para)
12602
#: serverguide/C/network-config.xml:456(para)
12604
12603
msgid ""
12605
12604
"In the above example, notice that each of the servers have been given "
12606
12605
"aliases in addition to their proper names and FQDN's. <emphasis "
12613
12612
"role=\"italic\">file</emphasis>."
12614
12613
msgstr ""
12615
12614
12616
#: serverguide/C/network-config.xml:464(title)
12615
#: serverguide/C/network-config.xml:468(title)
12617
12616
msgid "Name Service Switch Configuration"
12618
12617
msgstr ""
12619
12618
12620
#: serverguide/C/network-config.xml:465(para)
12619
#: serverguide/C/network-config.xml:469(para)
12621
12620
msgid ""
12622
12621
"The order in which your system selects a method of resolving hostnames to IP "
12623
12622
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12628
12627
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12629
12628
msgstr ""
12630
12629
12631
#: serverguide/C/network-config.xml:473(programlisting)
12630
#: serverguide/C/network-config.xml:477(programlisting)
12632
12631
#, no-wrap
12633
12632
msgid ""
12634
12633
"\n"
12635
12634
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12636
12635
msgstr ""
12637
12636
12638
#: serverguide/C/network-config.xml:479(para)
12637
#: serverguide/C/network-config.xml:483(para)
12639
12638
msgid ""
12640
12639
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12641
12640
"hostnames located in <filename>/etc/hosts</filename>."
12642
12641
msgstr ""
12643
12642
12644
#: serverguide/C/network-config.xml:485(para)
12643
#: serverguide/C/network-config.xml:489(para)
12645
12644
msgid ""
12646
12645
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12647
12646
"name using Multicast DNS."
12648
12647
msgstr ""
12649
12648
12650
#: serverguide/C/network-config.xml:490(para)
12649
#: serverguide/C/network-config.xml:494(para)
12651
12650
msgid ""
12652
12651
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12653
12652
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12656
12655
"answer."
12657
12656
msgstr ""
12658
12657
12659
#: serverguide/C/network-config.xml:498(para)
12658
#: serverguide/C/network-config.xml:502(para)
12660
12659
msgid ""
12661
12660
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12662
12661
msgstr ""
12663
12662
12664
#: serverguide/C/network-config.xml:503(para)
12663
#: serverguide/C/network-config.xml:507(para)
12665
12664
msgid ""
12666
12665
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12667
12666
msgstr ""
12668
12667
12669
#: serverguide/C/network-config.xml:509(para)
12668
#: serverguide/C/network-config.xml:513(para)
12670
12669
msgid ""
12671
12670
"To modify the order of the above mentioned name resolution methods, you can "
12672
12671
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12675
12674
"<filename>/etc/nsswitch.conf</filename> as shown below."
12676
12675
msgstr ""
12677
12676
12678
#: serverguide/C/network-config.xml:516(programlisting)
12677
#: serverguide/C/network-config.xml:520(programlisting)
12679
12678
#, no-wrap
12680
12679
msgid ""
12681
12680
"\n"
12682
12681
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12683
12682
msgstr ""
12684
12683
12685
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12684
#: serverguide/C/network-config.xml:527(title)
12686
12685
msgid "Bridging"
12687
12686
msgstr ""
12688
12687
12689
#: serverguide/C/network-config.xml:525(para)
12688
#: serverguide/C/network-config.xml:529(para)
12690
12689
msgid ""
12691
12690
"Bridging multiple interfaces is a more advanced configuration, but is very "
12692
12691
"useful in multiple scenarios. One scenario is setting up a bridge with "
12696
12695
"The following example covers the latter scenario."
12697
12696
msgstr ""
12698
12697
12699
#: serverguide/C/network-config.xml:532(para)
12698
#: serverguide/C/network-config.xml:536(para)
12700
12699
msgid ""
12701
12700
"Before configuring a bridge you will need to install the <application>bridge-"
12702
12701
"utils</application> package. To install the package, in a terminal enter:"
12703
12702
msgstr ""
12704
12703
12705
#: serverguide/C/network-config.xml:541(para)
12704
#: serverguide/C/network-config.xml:545(para)
12706
12705
msgid ""
12707
12706
"Next, configure the bridge by editing "
12708
12707
"<filename>/etc/network/interfaces</filename>:"
12709
12708
msgstr ""
12710
12709
12711
#: serverguide/C/network-config.xml:545(programlisting)
12710
#: serverguide/C/network-config.xml:549(programlisting)
12712
12711
#, no-wrap
12713
12712
msgid ""
12714
12713
"\n"
12729
12728
" bridge_stp off\n"
12730
12729
msgstr ""
12731
12730
12732
#: serverguide/C/network-config.xml:564(para)
12731
#: serverguide/C/network-config.xml:568(para)
12733
12732
msgid "Enter the appropriate values for your physical interface and network."
12734
12733
msgstr ""
12735
12734
12741
12740
msgid "sudo ifup br0"
12742
12741
msgstr ""
12743
12742
12744
#: serverguide/C/network-config.xml:576(para)
12743
#: serverguide/C/network-config.xml:580(para)
12745
12744
msgid ""
12746
12745
"The new bridge interface should now be up and running. The "
12747
12746
"<application>brctl</application> provides useful information about the state "
12749
12748
"<command>man brctl</command> for more information."
12750
12749
msgstr ""
12751
12750
12752
#: serverguide/C/network-config.xml:592(para)
12751
#: serverguide/C/network-config.xml:596(para)
12753
12752
msgid ""
12754
12753
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12755
12754
"Network page</ulink> has links to articles covering more advanced network "
12756
12755
"configuration."
12757
12756
msgstr ""
12758
12757
12759
#: serverguide/C/network-config.xml:598(para)
12758
#: serverguide/C/network-config.xml:602(para)
12760
12759
msgid ""
12761
12760
"The <ulink "
12762
12761
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12763
12762
" man page</ulink> has more information on resolvconf."
12764
12763
msgstr ""
12765
12764
12766
#: serverguide/C/network-config.xml:604(para)
12765
#: serverguide/C/network-config.xml:608(para)
12767
12766
msgid ""
12768
12767
"The <ulink "
12769
12768
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12771
12770
"<filename>/etc/network/interfaces</filename>."
12772
12771
msgstr ""
12773
12772
12774
#: serverguide/C/network-config.xml:610(para)
12773
#: serverguide/C/network-config.xml:614(para)
12775
12774
msgid ""
12776
12775
"The <ulink "
12777
12776
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
12779
12778
"settings."
12780
12779
msgstr ""
12781
12780
12782
#: serverguide/C/network-config.xml:616(para)
12781
#: serverguide/C/network-config.xml:620(para)
12783
12782
msgid ""
12784
12783
"For more information on DNS client configuration see the <ulink "
12785
12784
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
12798
12797
"\">Networking-Bridge</ulink> page."
12799
12798
msgstr ""
12800
12799
12801
#: serverguide/C/network-config.xml:635(title)
12800
#: serverguide/C/network-config.xml:639(title)
12802
12801
msgid "TCP/IP"
12803
12802
msgstr "TCP/IP"
12804
12803
12805
#: serverguide/C/network-config.xml:636(para)
12804
#: serverguide/C/network-config.xml:640(para)
12806
12805
msgid ""
12807
12806
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12808
12807
"standard set of protocols developed in the late 1970s by the Defense "
12812
12811
"network protocols on Earth."
12813
12812
msgstr ""
12814
12813
12815
#: serverguide/C/network-config.xml:644(title)
12814
#: serverguide/C/network-config.xml:648(title)
12816
12815
msgid "TCP/IP Introduction"
12817
12816
msgstr ""
12818
12817
12819
#: serverguide/C/network-config.xml:645(para)
12818
#: serverguide/C/network-config.xml:649(para)
12820
12819
msgid ""
12821
12820
"The two protocol components of TCP/IP deal with different aspects of "
12822
12821
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12831
12830
"host."
12832
12831
msgstr ""
12833
12832
12834
#: serverguide/C/network-config.xml:658(title)
12833
#: serverguide/C/network-config.xml:662(title)
12835
12834
msgid "TCP/IP Configuration"
12836
12835
msgstr "Наладкі TCP/IP"
12837
12836
12838
#: serverguide/C/network-config.xml:659(para)
12837
#: serverguide/C/network-config.xml:663(para)
12839
12838
msgid ""
12840
12839
"The TCP/IP protocol configuration consists of several elements which must be "
12841
12840
"set by editing the appropriate configuration files, or deploying solutions "
12846
12845
"system."
12847
12846
msgstr ""
12848
12847
12849
#: serverguide/C/network-config.xml:671(para)
12848
#: serverguide/C/network-config.xml:675(para)
12850
12849
msgid ""
12851
12850
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12852
12851
"identifying string expressed as four decimal numbers ranging from zero (0) "
12856
12855
"<emphasis>dotted quad notation</emphasis>."
12857
12856
msgstr ""
12858
12857
12859
#: serverguide/C/network-config.xml:681(para)
12858
#: serverguide/C/network-config.xml:685(para)
12860
12859
msgid ""
12861
12860
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12862
12861
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12867
12866
"remain available for specifying hosts on the subnetwork."
12868
12867
msgstr ""
12869
12868
12870
#: serverguide/C/network-config.xml:692(para)
12869
#: serverguide/C/network-config.xml:696(para)
12871
12870
msgid ""
12872
12871
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12873
12872
"represents the bytes comprising the network portion of an IP address. For "
12880
12879
"network and a zero (0) for all the possible hosts on the network."
12881
12880
msgstr ""
12882
12881
12883
#: serverguide/C/network-config.xml:705(para)
12882
#: serverguide/C/network-config.xml:709(para)
12884
12883
msgid ""
12885
12884
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12886
12885
"is an IP address which allows network data to be sent simultaneously to all "
12894
12893
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12895
12894
msgstr ""
12896
12895
12897
#: serverguide/C/network-config.xml:718(para)
12896
#: serverguide/C/network-config.xml:722(para)
12898
12897
msgid ""
12899
12898
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12900
12899
"IP address through which a particular network, or host on a network, may be "
12907
12906
"not be able to reach any hosts beyond those on the same network."
12908
12907
msgstr ""
12909
12908
12910
#: serverguide/C/network-config.xml:729(para)
12909
#: serverguide/C/network-config.xml:733(para)
12911
12910
msgid ""
12912
12911
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12913
12912
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12933
12932
"command typed at a terminal prompt:"
12934
12933
msgstr ""
12935
12934
12936
#: serverguide/C/network-config.xml:750(para)
12935
#: serverguide/C/network-config.xml:754(para)
12937
12936
msgid ""
12938
12937
"Access the system manual page for <filename>interfaces</filename> with the "
12939
12938
"following command:"
12940
12939
msgstr ""
12941
12940
12942
#: serverguide/C/network-config.xml:755(command)
12941
#: serverguide/C/network-config.xml:759(command)
12943
12942
msgid "man interfaces"
12944
12943
msgstr ""
12945
12944
12946
#: serverguide/C/network-config.xml:667(para)
12945
#: serverguide/C/network-config.xml:671(para)
12947
12946
msgid ""
12948
12947
"The common configuration elements of TCP/IP and their purposes are as "
12949
12948
"follows: <placeholder-1/>"
12950
12949
msgstr ""
12951
12950
12952
#: serverguide/C/network-config.xml:771(title)
12951
#: serverguide/C/network-config.xml:767(title)
12953
12952
msgid "IP Routing"
12954
12953
msgstr ""
12955
12954
12956
#: serverguide/C/network-config.xml:772(para)
12955
#: serverguide/C/network-config.xml:768(para)
12957
12956
msgid ""
12958
12957
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12959
12958
"network along which network data may be sent. Routing uses a set of "
12964
12963
"<emphasis>Dynamic Routing.</emphasis>"
12965
12964
msgstr ""
12966
12965
12967
#: serverguide/C/network-config.xml:781(para)
12966
#: serverguide/C/network-config.xml:777(para)
12968
12967
msgid ""
12969
12968
"Static routing involves manually adding IP routes to the system's routing "
12970
12969
"table, and this is usually done by manipulating the routing table with the "
12979
12978
"and failures along the route due to the fixed nature of the route."
12980
12979
msgstr ""
12981
12980
12982
#: serverguide/C/network-config.xml:791(para)
12981
#: serverguide/C/network-config.xml:787(para)
12983
12982
msgid ""
12984
12983
"Dynamic routing depends on large networks with multiple possible IP routes "
12985
12984
"from a source to a destination and makes use of special routing protocols, "
12996
12995
"immediately benefit the end users, but still consumes network bandwidth."
12997
12996
msgstr ""
12998
12997
12999
#: serverguide/C/network-config.xml:805(title)
12998
#: serverguide/C/network-config.xml:801(title)
13000
12999
msgid "TCP and UDP"
13001
13000
msgstr "TCP і UDP"
13002
13001
13003
#: serverguide/C/network-config.xml:806(para)
13002
#: serverguide/C/network-config.xml:802(para)
13004
13003
msgid ""
13005
13004
"TCP is a connection-based protocol, offering error correction and guaranteed "
13006
13005
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13011
13010
"important information such as database transactions."
13012
13011
msgstr ""
13013
13012
13014
#: serverguide/C/network-config.xml:814(para)
13013
#: serverguide/C/network-config.xml:810(para)
13015
13014
msgid ""
13016
13015
"The User Datagram Protocol (UDP), on the other hand, is a "
13017
13016
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13022
13021
"loss of a few packets is not generally catastrophic."
13023
13022
msgstr ""
13024
13023
13025
#: serverguide/C/network-config.xml:824(title)
13024
#: serverguide/C/network-config.xml:820(title)
13026
13025
msgid "ICMP"
13027
13026
msgstr "ICMP"
13028
13027
13029
#: serverguide/C/network-config.xml:825(para)
13028
#: serverguide/C/network-config.xml:821(para)
13030
13029
msgid ""
13031
13030
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13032
13031
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13039
13038
"<emphasis>Time Exceeded</emphasis>."
13040
13039
msgstr ""
13041
13040
13042
#: serverguide/C/network-config.xml:835(title)
13041
#: serverguide/C/network-config.xml:831(title)
13043
13042
msgid "Daemons"
13044
13043
msgstr ""
13045
13044
13046
#: serverguide/C/network-config.xml:836(para)
13045
#: serverguide/C/network-config.xml:832(para)
13047
13046
msgid ""
13048
13047
"Daemons are special system applications which typically execute continuously "
13049
13048
"in the background and await requests for the functions they provide from "
13066
13065
"that contain more useful information."
13067
13066
msgstr ""
13068
13067
13069
#: serverguide/C/network-config.xml:857(para)
13068
#: serverguide/C/network-config.xml:853(para)
13070
13069
msgid ""
13071
13070
"Also, see the <ulink "
13072
13071
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13073
13072
"and Technical Overview</ulink> IBM Redbook."
13074
13073
msgstr ""
13075
13074
13076
#: serverguide/C/network-config.xml:863(para)
13075
#: serverguide/C/network-config.xml:859(para)
13077
13076
msgid ""
13078
13077
"Another resource is O'Reilly's <ulink "
13079
13078
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13080
13079
"Administration</ulink>."
13081
13080
msgstr ""
13082
13081
13083
#: serverguide/C/network-config.xml:872(title)
13082
#: serverguide/C/network-config.xml:868(title)
13084
13083
msgid "Dynamic Host Configuration Protocol (DHCP)"
13085
13084
msgstr ""
13086
13085
13087
#: serverguide/C/network-config.xml:873(para)
13086
#: serverguide/C/network-config.xml:869(para)
13088
13087
msgid ""
13089
13088
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13090
13089
"enables host computers to be automatically assigned settings from a server "
13093
13092
"DHCP server, and the configuration is transparent to the computer's user."
13094
13093
msgstr ""
13095
13094
13096
#: serverguide/C/network-config.xml:880(para)
13095
#: serverguide/C/network-config.xml:876(para)
13097
13096
msgid ""
13098
13097
"The most common settings provided by a DHCP server to DHCP clients include:"
13099
13098
msgstr ""
13100
13099
13101
#: serverguide/C/network-config.xml:885(para)
13100
#: serverguide/C/network-config.xml:881(para)
13102
13101
msgid "IP address and netmask"
13103
13102
msgstr ""
13104
13103
13105
#: serverguide/C/network-config.xml:888(para)
13104
#: serverguide/C/network-config.xml:884(para)
13106
13105
msgid "IP address of the default-gateway to use"
13107
13106
msgstr ""
13108
13107
13109
#: serverguide/C/network-config.xml:891(para)
13108
#: serverguide/C/network-config.xml:887(para)
13110
13109
msgid "IP adresses of the DNS servers to use"
13111
13110
msgstr ""
13112
13111
13113
#: serverguide/C/network-config.xml:894(para)
13112
#: serverguide/C/network-config.xml:890(para)
13114
13113
msgid ""
13115
13114
"However, a DHCP server can also supply configuration properties such as:"
13116
13115
msgstr ""
13117
13116
13118
#: serverguide/C/network-config.xml:899(para)
13117
#: serverguide/C/network-config.xml:895(para)
13119
13118
msgid "Host Name"
13120
13119
msgstr "Імя вузла"
13121
13120
13122
#: serverguide/C/network-config.xml:902(para)
13121
#: serverguide/C/network-config.xml:898(para)
13123
13122
msgid "Domain Name"
13124
13123
msgstr "Імя дамена"
13125
13124
13126
#: serverguide/C/network-config.xml:905(para)
13125
#: serverguide/C/network-config.xml:901(para)
13127
13126
msgid "Time Server"
13128
13127
msgstr ""
13129
13128
13130
#: serverguide/C/network-config.xml:911(para)
13129
#: serverguide/C/network-config.xml:907(para)
13131
13130
msgid ""
13132
13131
"The advantage of using DHCP is that changes to the network, for example a "
13133
13132
"change in the address of the DNS server, need only be changed at the DHCP "
13138
13137
"also reduced."
13139
13138
msgstr ""
13140
13139
13141
#: serverguide/C/network-config.xml:919(para)
13140
#: serverguide/C/network-config.xml:915(para)
13142
13141
msgid ""
13143
13142
"A DHCP server can provide configuration settings using the following methods:"
13144
13143
msgstr ""
13145
13144
13146
#: serverguide/C/network-config.xml:924(term)
13145
#: serverguide/C/network-config.xml:920(term)
13147
13146
msgid "Manual allocation (MAC address)"
13148
13147
msgstr ""
13149
13148
13150
#: serverguide/C/network-config.xml:926(para)
13149
#: serverguide/C/network-config.xml:922(para)
13151
13150
msgid ""
13152
13151
"This method entails using DHCP to identify the unique hardware address of "
13153
13152
"each network card connected to the network and then continually supplying a "
13156
13155
"assigned automatically to that network card, based on it's MAC address."
13157
13156
msgstr ""
13158
13157
13159
#: serverguide/C/network-config.xml:937(term)
13158
#: serverguide/C/network-config.xml:933(term)
13160
13159
msgid "Dynamic allocation (address pool)"
13161
13160
msgstr ""
13162
13161
13174
13173
"renegociate the lease with the server to maintain use of the address."
13175
13174
msgstr ""
13176
13175
13177
#: serverguide/C/network-config.xml:952(term)
13176
#: serverguide/C/network-config.xml:949(term)
13178
13177
msgid "Automatic allocation"
13179
13178
msgstr ""
13180
13179
13181
#: serverguide/C/network-config.xml:954(para)
13180
#: serverguide/C/network-config.xml:951(para)
13182
13181
msgid ""
13183
13182
"Using this method, the DHCP automatically assigns an IP address permanently "
13184
13183
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13200
13199
"and configure and will be automatically started at system boot."
13201
13200
msgstr ""
13202
13201
13203
#: serverguide/C/network-config.xml:976(para)
13202
#: serverguide/C/network-config.xml:974(para)
13204
13203
msgid ""
13205
13204
"At a terminal prompt, enter the following command to install "
13206
13205
"<application>dhcpd</application>:"
13207
13206
msgstr ""
13208
13207
13209
#: serverguide/C/network-config.xml:981(command)
13208
#: serverguide/C/network-config.xml:979(command)
13210
13209
msgid "sudo apt-get install isc-dhcp-server"
13211
13210
msgstr ""
13212
13211
13213
#: serverguide/C/network-config.xml:983(para)
13212
#: serverguide/C/network-config.xml:981(para)
13214
13213
msgid ""
13215
13214
"You will probably need to change the default configuration by editing "
13216
13215
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13217
13216
msgstr ""
13218
13217
13219
#: serverguide/C/network-config.xml:987(para)
13218
#: serverguide/C/network-config.xml:985(para)
13220
13219
msgid ""
13221
13220
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13222
13221
"interfaces dhcpd should listen to."
13223
13222
msgstr ""
13224
13223
13225
#: serverguide/C/network-config.xml:991(para)
13224
#: serverguide/C/network-config.xml:989(para)
13226
13225
msgid ""
13227
13226
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13228
13227
"messages."
13229
13228
msgstr ""
13230
13229
13231
#: serverguide/C/network-config.xml:998(para)
13230
#: serverguide/C/network-config.xml:996(para)
13232
13231
msgid ""
13233
13232
"The error message the installation ends with might be a little confusing, "
13234
13233
"but the following steps will help you configure the service:"
13235
13234
msgstr ""
13236
13235
13237
#: serverguide/C/network-config.xml:1002(para)
13236
#: serverguide/C/network-config.xml:1000(para)
13238
13237
msgid ""
13239
13238
"Most commonly, what you want to do is assign an IP address randomly. This "
13240
13239
"can be done with settings as follows:"
13241
13240
msgstr ""
13242
13241
13243
#: serverguide/C/network-config.xml:1006(programlisting)
13242
#: serverguide/C/network-config.xml:1004(programlisting)
13244
13243
#, no-wrap
13245
13244
msgid ""
13246
13245
"\n"
13256
13255
"} \n"
13257
13256
msgstr ""
13258
13257
13259
#: serverguide/C/network-config.xml:1018(para)
13258
#: serverguide/C/network-config.xml:1016(para)
13260
13259
msgid ""
13261
13260
"This will result in the DHCP server giving clients an IP address from the "
13262
13261
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13266
13265
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13267
13266
msgstr ""
13268
13267
13269
#: serverguide/C/network-config.xml:1026(para)
13268
#: serverguide/C/network-config.xml:1024(para)
13270
13269
msgid ""
13271
13270
"After changing the config file you have to restart the "
13272
13271
"<application>dhcpd</application>:"
13276
13275
msgid "sudo service isc-dhcp-server restart"
13277
13276
msgstr ""
13278
13277
13279
#: serverguide/C/network-config.xml:1039(para)
13278
#: serverguide/C/network-config.xml:1037(para)
13280
13279
msgid ""
13281
13280
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13282
13281
"server Ubuntu Wiki</ulink> page has more information."
13289
13288
"dhcpd.conf man page</ulink>."
13290
13289
msgstr ""
13291
13290
13292
#: serverguide/C/network-config.xml:1051(ulink)
13291
#: serverguide/C/network-config.xml:1049(ulink)
13293
13292
msgid "ISC dhcp-server"
13294
13293
msgstr ""
13295
13294
13296
#: serverguide/C/network-config.xml:1060(title)
13295
#: serverguide/C/network-config.xml:1058(title)
13297
13296
msgid "Time Synchronisation with NTP"
13298
13297
msgstr ""
13299
13298
13300
#: serverguide/C/network-config.xml:1061(para)
13299
#: serverguide/C/network-config.xml:1059(para)
13301
13300
msgid ""
13302
13301
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13303
13302
"client requests the current time from a server, and uses it to set its own "
13304
13303
"clock."
13305
13304
msgstr ""
13306
13305
13307
#: serverguide/C/network-config.xml:1064(para)
13306
#: serverguide/C/network-config.xml:1062(para)
13308
13307
msgid ""
13309
13308
"Behind this simple description, there is a lot of complexity - there are "
13310
13309
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13316
13315
"from you!"
13317
13316
msgstr ""
13318
13317
13319
#: serverguide/C/network-config.xml:1067(para)
13318
#: serverguide/C/network-config.xml:1065(para)
13320
13319
msgid "Ubuntu uses ntpdate and ntpd."
13321
13320
msgstr ""
13322
13321
13323
#: serverguide/C/network-config.xml:1072(title)
13322
#: serverguide/C/network-config.xml:1070(title)
13324
13323
msgid "ntpdate"
13325
13324
msgstr "ntpdate"
13326
13325
13327
#: serverguide/C/network-config.xml:1073(para)
13326
#: serverguide/C/network-config.xml:1071(para)
13328
13327
msgid ""
13329
13328
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13330
13329
"set up your time according to Ubuntu's NTP server."
13331
13330
msgstr ""
13332
13331
13333
#: serverguide/C/network-config.xml:1076(programlisting)
13332
#: serverguide/C/network-config.xml:1074(programlisting)
13334
13333
#, no-wrap
13335
13334
msgid ""
13336
13335
"\n"
13337
13336
"ntpdate -s ntp.ubuntu.com\n"
13338
13337
msgstr ""
13339
13338
13340
#: serverguide/C/network-config.xml:1082(title)
13339
#: serverguide/C/network-config.xml:1080(title)
13341
13340
msgid "ntpd"
13342
13341
msgstr "ntpd"
13343
13342
13344
#: serverguide/C/network-config.xml:1083(para)
13343
#: serverguide/C/network-config.xml:1081(para)
13345
13344
msgid ""
13346
13345
"The ntp daemon ntpd calculates the drift of your system clock and "
13347
13346
"continuously adjusts it, so there are no large corrections that could lead "
13349
13348
"memory, but for a modern server this is negligible."
13350
13349
msgstr ""
13351
13350
13352
#: serverguide/C/network-config.xml:1090(para)
13351
#: serverguide/C/network-config.xml:1088(para)
13353
13352
msgid "To install ntpd, from a terminal prompt enter:"
13354
13353
msgstr ""
13355
13354
13356
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13355
#: serverguide/C/network-config.xml:1093(command)
13357
13356
msgid "sudo apt-get install ntp"
13358
13357
msgstr ""
13359
13358
13360
#: serverguide/C/network-config.xml:1102(para)
13359
#: serverguide/C/network-config.xml:1100(para)
13361
13360
msgid ""
13362
13361
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13363
13362
"default these servers are configured:"
13364
13363
msgstr ""
13365
13364
13366
#: serverguide/C/network-config.xml:1107(programlisting)
13365
#: serverguide/C/network-config.xml:1105(programlisting)
13367
13366
#, no-wrap
13368
13367
msgid ""
13369
13368
"\n"
13376
13375
"server 3.ubuntu.pool.ntp.org\n"
13377
13376
msgstr ""
13378
13377
13379
#: serverguide/C/network-config.xml:1117(para)
13378
#: serverguide/C/network-config.xml:1115(para)
13380
13379
msgid ""
13381
13380
"After changing the config file you have to reload the "
13382
13381
"<application>ntpd</application>:"
13386
13385
msgid "sudo service ntp reload"
13387
13386
msgstr ""
13388
13387
13389
#: serverguide/C/network-config.xml:1126(title)
13388
#: serverguide/C/network-config.xml:1124(title)
13390
13389
msgid "View status"
13391
13390
msgstr ""
13392
13391
13394
13393
msgid "Use ntpq to see more info:"
13395
13394
msgstr ""
13396
13395
13397
#: serverguide/C/network-config.xml:1131(command)
13396
#: serverguide/C/network-config.xml:1129(command)
13398
13397
msgid "# sudo ntpq -p"
13399
13398
msgstr ""
13400
13399
13401
#: serverguide/C/network-config.xml:1132(computeroutput)
13400
#: serverguide/C/network-config.xml:1130(computeroutput)
13402
13401
#, no-wrap
13403
13402
msgid ""
13404
13403
" remote refid st t when poll reach delay offset "
13417
13416
"92.792"
13418
13417
msgstr ""
13419
13418
13420
#: serverguide/C/network-config.xml:1147(para)
13419
#: serverguide/C/network-config.xml:1145(para)
13421
13420
msgid ""
13422
13421
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13423
13422
"Time</ulink> wiki page for more information."
13424
13423
msgstr ""
13425
13424
13426
#: serverguide/C/network-config.xml:1153(ulink)
13425
#: serverguide/C/network-config.xml:1151(ulink)
13427
13426
msgid "ntp.org, home of the Network Time Protocol project"
13428
13427
msgstr ""
13429
13428
13445
13444
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13446
13445
"querying and modifying a X.500-based directory service running over TCP/IP. "
13447
13446
"The current LDAP version is LDAPv3, as defined in <ulink "
13448
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13449
"implementation used in Ubuntu is from OpenLDAP."
13447
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13448
"implementation in Ubuntu is OpenLDAP.\""
13450
13449
msgstr ""
13451
13450
13452
#: serverguide/C/network-auth.xml:27(para)
13451
#: serverguide/C/network-auth.xml:29(para)
13453
13452
msgid ""
13454
13453
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13455
13454
"and terms:"
13456
13455
msgstr ""
13457
13456
13458
#: serverguide/C/network-auth.xml:34(para)
13457
#: serverguide/C/network-auth.xml:36(para)
13459
13458
msgid ""
13460
13459
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13461
13460
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13462
13461
msgstr ""
13463
13462
13464
#: serverguide/C/network-auth.xml:41(para)
13463
#: serverguide/C/network-auth.xml:43(para)
13465
13464
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13466
13465
msgstr ""
13467
13466
13468
#: serverguide/C/network-auth.xml:47(para)
13467
#: serverguide/C/network-auth.xml:49(para)
13469
13468
msgid ""
13470
13469
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13471
13470
"more <emphasis>values</emphasis>."
13472
13471
msgstr ""
13473
13472
13474
#: serverguide/C/network-auth.xml:53(para)
13473
#: serverguide/C/network-auth.xml:55(para)
13475
13474
msgid ""
13476
13475
"Every attribute must be defined in at least one "
13477
13476
"<emphasis>objectClass</emphasis>."
13478
13477
msgstr ""
13479
13478
13480
#: serverguide/C/network-auth.xml:59(para)
13479
#: serverguide/C/network-auth.xml:61(para)
13481
13480
msgid ""
13482
13481
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13483
13482
"objectclass is actually considered as a special kind of attribute)."
13484
13483
msgstr ""
13485
13484
13486
#: serverguide/C/network-auth.xml:66(para)
13485
#: serverguide/C/network-auth.xml:68(para)
13487
13486
msgid ""
13488
13487
"Each entry has a unique identifier: its <emphasis>Distinguished "
13489
13488
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13490
13489
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13491
13490
msgstr ""
13492
13491
13493
#: serverguide/C/network-auth.xml:73(para)
13492
#: serverguide/C/network-auth.xml:75(para)
13494
13493
msgid ""
13495
13494
"The entry's DN is not an attribute. It is not considered part of the entry "
13496
13495
"itself."
13497
13496
msgstr ""
13498
13497
13499
#: serverguide/C/network-auth.xml:81(para)
13498
#: serverguide/C/network-auth.xml:83(para)
13500
13499
msgid ""
13501
13500
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13502
13501
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13504
13503
"term."
13505
13504
msgstr ""
13506
13505
13507
#: serverguide/C/network-auth.xml:87(para)
13506
#: serverguide/C/network-auth.xml:89(para)
13508
13507
msgid ""
13509
13508
"For example, below we have a single entry consisting of 11 attributes where "
13510
13509
"the following is true:"
13511
13510
msgstr ""
13512
13511
13513
#: serverguide/C/network-auth.xml:94(para)
13512
#: serverguide/C/network-auth.xml:96(para)
13514
13513
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13515
13514
msgstr ""
13516
13515
13517
#: serverguide/C/network-auth.xml:100(para)
13516
#: serverguide/C/network-auth.xml:102(para)
13518
13517
msgid "RDN is \"cn=John Doe\""
13519
13518
msgstr ""
13520
13519
13521
#: serverguide/C/network-auth.xml:106(para)
13520
#: serverguide/C/network-auth.xml:108(para)
13522
13521
msgid "parent DN is \"dc=example,dc=com\""
13523
13522
msgstr ""
13524
13523
13525
#: serverguide/C/network-auth.xml:113(programlisting)
13524
#: serverguide/C/network-auth.xml:115(programlisting)
13526
13525
#, no-wrap
13527
13526
msgid ""
13528
13527
"\n"
13540
13539
" objectClass: top\n"
13541
13540
msgstr ""
13542
13541
13543
#: serverguide/C/network-auth.xml:128(para)
13542
#: serverguide/C/network-auth.xml:130(para)
13544
13543
msgid ""
13545
13544
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13546
13545
"Interchange Format). Any information that you feed into your DIT must also "
13548
13547
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13549
13548
msgstr ""
13550
13549
13551
#: serverguide/C/network-auth.xml:133(para)
13550
#: serverguide/C/network-auth.xml:135(para)
13552
13551
msgid ""
13553
13552
"Although this guide will describe how to use it for central authentication, "
13554
13553
"LDAP is good for anything that involves a large number of access requests to "
13556
13555
"address book, a list of email addresses, and a mail server's configuration."
13557
13556
msgstr ""
13558
13557
13559
#: serverguide/C/network-auth.xml:142(para)
13558
#: serverguide/C/network-auth.xml:144(para)
13560
13559
msgid ""
13561
13560
"Install the OpenLDAP server daemon and the traditional LDAP management "
13562
13561
"utilities. These are found in packages <application>slapd</application> and "
13563
13562
"<application>ldap-utils</application> respectively."
13564
13563
msgstr ""
13565
13564
13566
#: serverguide/C/network-auth.xml:147(para)
13565
#: serverguide/C/network-auth.xml:149(para)
13567
13566
msgid ""
13568
13567
"The installation of slapd will create a working configuration. In "
13569
13568
"particular, it will create a database instance that you can use to store "
13575
13574
"a line similar to this:"
13576
13575
msgstr ""
13577
13576
13578
#: serverguide/C/network-auth.xml:155(programlisting)
13577
#: serverguide/C/network-auth.xml:157(programlisting)
13579
13578
#, no-wrap
13580
13579
msgid ""
13581
13580
"\n"
13582
13581
"127.0.1.1 hostname.example.com\thostname\n"
13583
13582
msgstr ""
13584
13583
13585
#: serverguide/C/network-auth.xml:159(para)
13584
#: serverguide/C/network-auth.xml:161(para)
13586
13585
msgid "You can revert the change after package installation."
13587
13586
msgstr ""
13588
13587
13589
#: serverguide/C/network-auth.xml:164(para)
13588
#: serverguide/C/network-auth.xml:166(para)
13590
13589
msgid ""
13591
13590
"This guide will use a database suffix of "
13592
13591
"<emphasis>dc=example,dc=com</emphasis>."
13593
13592
msgstr ""
13594
13593
13595
#: serverguide/C/network-auth.xml:169(para)
13594
#: serverguide/C/network-auth.xml:171(para)
13596
13595
msgid "Proceed with the install:"
13597
13596
msgstr ""
13598
13597
13599
#: serverguide/C/network-auth.xml:174(command)
13598
#: serverguide/C/network-auth.xml:176(command)
13600
13599
msgid "sudo apt-get install slapd ldap-utils"
13601
13600
msgstr "sudo apt-get install slapd ldap-utils"
13602
13601
13603
#: serverguide/C/network-auth.xml:177(para)
13602
#: serverguide/C/network-auth.xml:179(para)
13604
13603
msgid ""
13605
13604
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13606
13605
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13613
13612
"will be eventually phased out."
13614
13613
msgstr ""
13615
13614
13616
#: serverguide/C/network-auth.xml:186(para)
13615
#: serverguide/C/network-auth.xml:188(para)
13617
13616
msgid ""
13618
13617
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13619
13618
"configuration and this guide reflects that."
13620
13619
msgstr ""
13621
13620
13622
#: serverguide/C/network-auth.xml:192(para)
13621
#: serverguide/C/network-auth.xml:194(para)
13623
13622
msgid ""
13624
13623
"During the install you were prompted to define administrative credentials. "
13625
13624
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13630
13629
"will see how to do this later on."
13631
13630
msgstr ""
13632
13631
13633
#: serverguide/C/network-auth.xml:199(para)
13632
#: serverguide/C/network-auth.xml:201(para)
13634
13633
msgid ""
13635
13634
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13636
13635
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13637
13636
"schema to work."
13638
13637
msgstr ""
13639
13638
13640
#: serverguide/C/network-auth.xml:207(title)
13639
#: serverguide/C/network-auth.xml:209(title)
13641
13640
msgid "Post-install Inspection"
13642
13641
msgstr ""
13643
13642
13644
#: serverguide/C/network-auth.xml:209(para)
13643
#: serverguide/C/network-auth.xml:211(para)
13645
13644
msgid ""
13646
13645
"The installation process set up 2 DITs. One for slapd-config and one for "
13647
13646
"your own data (dc=example,dc=com). Let's take a look."
13648
13647
msgstr ""
13649
13648
13650
#: serverguide/C/network-auth.xml:216(para)
13649
#: serverguide/C/network-auth.xml:218(para)
13651
13650
msgid ""
13652
13651
"This is what the slapd-config database/DIT looks like. Recall that this "
13653
13652
"database is LDIF-based and lives under "
13654
13653
"<filename>/etc/ldap/slapd.d</filename>:"
13655
13654
msgstr ""
13656
13655
13657
#: serverguide/C/network-auth.xml:222(computeroutput)
13656
#: serverguide/C/network-auth.xml:224(computeroutput)
13658
13657
#, no-wrap
13659
13658
msgid ""
13660
13659
"\n"
13674
13673
" /etc/ldap/slapd.d/cn=config.ldif\n"
13675
13674
msgstr ""
13676
13675
13677
#: serverguide/C/network-auth.xml:242(para)
13676
#: serverguide/C/network-auth.xml:243(para)
13678
13677
msgid ""
13679
13678
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13680
13679
"protocol (utilities)."
13681
13680
msgstr ""
13682
13681
13683
#: serverguide/C/network-auth.xml:250(para)
13682
#: serverguide/C/network-auth.xml:251(para)
13684
13683
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13685
13684
msgstr ""
13686
13685
13687
#: serverguide/C/network-auth.xml:254(para)
13686
#: serverguide/C/network-auth.xml:256(para)
13688
13687
msgid ""
13689
13688
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13690
13689
"work due to a <ulink "
13692
13691
"ulink>"
13693
13692
msgstr ""
13694
13693
13695
#: serverguide/C/network-auth.xml:255(command)
13694
#: serverguide/C/network-auth.xml:262(command)
13696
13695
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13697
13696
msgstr ""
13698
13697
13699
#: serverguide/C/network-auth.xml:256(computeroutput)
13698
#: serverguide/C/network-auth.xml:263(computeroutput)
13700
13699
#, no-wrap
13701
13700
msgid ""
13702
13701
"\n"
13723
13722
"dn: olcDatabase={1}hdb,cn=config\n"
13724
13723
msgstr ""
13725
13724
13726
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13725
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13727
13726
msgid "Explanation of entries:"
13728
13727
msgstr ""
13729
13728
13730
#: serverguide/C/network-auth.xml:288(para)
13729
#: serverguide/C/network-auth.xml:295(para)
13731
13730
msgid "<emphasis>cn=config</emphasis>: global settings"
13732
13731
msgstr ""
13733
13732
13734
#: serverguide/C/network-auth.xml:294(para)
13733
#: serverguide/C/network-auth.xml:301(para)
13735
13734
msgid ""
13736
13735
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13737
13736
msgstr ""
13738
13737
13739
#: serverguide/C/network-auth.xml:300(para)
13738
#: serverguide/C/network-auth.xml:307(para)
13740
13739
msgid ""
13741
13740
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13742
13741
"schema"
13743
13742
msgstr ""
13744
13743
13745
#: serverguide/C/network-auth.xml:306(para)
13744
#: serverguide/C/network-auth.xml:313(para)
13746
13745
msgid ""
13747
13746
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13748
13747
"schema"
13749
13748
msgstr ""
13750
13749
13751
#: serverguide/C/network-auth.xml:312(para)
13750
#: serverguide/C/network-auth.xml:319(para)
13752
13751
msgid ""
13753
13752
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13754
13753
msgstr ""
13755
13754
13756
#: serverguide/C/network-auth.xml:318(para)
13755
#: serverguide/C/network-auth.xml:325(para)
13757
13756
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13758
13757
msgstr ""
13759
13758
13760
#: serverguide/C/network-auth.xml:324(para)
13759
#: serverguide/C/network-auth.xml:331(para)
13761
13760
msgid ""
13762
13761
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13763
13762
"inetorgperson schema"
13764
13763
msgstr ""
13765
13764
13766
#: serverguide/C/network-auth.xml:330(para)
13765
#: serverguide/C/network-auth.xml:337(para)
13767
13766
msgid ""
13768
13767
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13769
13768
"type"
13770
13769
msgstr ""
13771
13770
13772
#: serverguide/C/network-auth.xml:336(para)
13771
#: serverguide/C/network-auth.xml:343(para)
13773
13772
msgid ""
13774
13773
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13775
13774
"default settings for other databases"
13776
13775
msgstr ""
13777
13776
13778
#: serverguide/C/network-auth.xml:342(para)
13777
#: serverguide/C/network-auth.xml:349(para)
13779
13778
msgid ""
13780
13779
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13781
13780
"database (cn=config)"
13782
13781
msgstr ""
13783
13782
13784
#: serverguide/C/network-auth.xml:348(para)
13783
#: serverguide/C/network-auth.xml:355(para)
13785
13784
msgid ""
13786
13785
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13787
13786
"(dc=examle,dc=com)"
13788
13787
msgstr ""
13789
13788
13790
#: serverguide/C/network-auth.xml:359(para)
13789
#: serverguide/C/network-auth.xml:366(para)
13791
13790
msgid "This is what the dc=example,dc=com DIT looks like:"
13792
13791
msgstr ""
13793
13792
13794
#: serverguide/C/network-auth.xml:364(command)
13793
#: serverguide/C/network-auth.xml:371(command)
13795
13794
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13796
13795
msgstr ""
13797
13796
13798
#: serverguide/C/network-auth.xml:365(computeroutput)
13797
#: serverguide/C/network-auth.xml:372(computeroutput)
13799
13798
#, no-wrap
13800
13799
msgid ""
13801
13800
"\n"
13804
13803
"dn: cn=admin,dc=example,dc=com\n"
13805
13804
msgstr ""
13806
13805
13807
#: serverguide/C/network-auth.xml:379(para)
13806
#: serverguide/C/network-auth.xml:386(para)
13808
13807
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13809
13808
msgstr ""
13810
13809
13811
#: serverguide/C/network-auth.xml:385(para)
13810
#: serverguide/C/network-auth.xml:392(para)
13812
13811
msgid ""
13813
13812
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13814
13813
"this DIT (set up during package install)"
13815
13814
msgstr ""
13816
13815
13817
#: serverguide/C/network-auth.xml:399(title)
13816
#: serverguide/C/network-auth.xml:406(title)
13818
13817
msgid "Modifying/Populating your Database"
13819
13818
msgstr ""
13820
13819
13821
#: serverguide/C/network-auth.xml:401(para)
13820
#: serverguide/C/network-auth.xml:408(para)
13822
13821
msgid ""
13823
13822
"Let's introduce some content to our database. We will add the following:"
13824
13823
msgstr ""
13825
13824
13826
#: serverguide/C/network-auth.xml:408(para)
13825
#: serverguide/C/network-auth.xml:415(para)
13827
13826
msgid "a node called <emphasis>People</emphasis> (to store users)"
13828
13827
msgstr ""
13829
13828
13830
#: serverguide/C/network-auth.xml:414(para)
13829
#: serverguide/C/network-auth.xml:421(para)
13831
13830
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13832
13831
msgstr ""
13833
13832
13834
#: serverguide/C/network-auth.xml:420(para)
13833
#: serverguide/C/network-auth.xml:427(para)
13835
13834
msgid "a group called <emphasis>miners</emphasis>"
13836
13835
msgstr ""
13837
13836
13838
#: serverguide/C/network-auth.xml:426(para)
13837
#: serverguide/C/network-auth.xml:433(para)
13839
13838
msgid "a user called <emphasis>john</emphasis>"
13840
13839
msgstr ""
13841
13840
13842
#: serverguide/C/network-auth.xml:433(para)
13841
#: serverguide/C/network-auth.xml:440(para)
13843
13842
msgid ""
13844
13843
"Create the following LDIF file and call it "
13845
13844
"<filename>add_content.ldif</filename>:"
13846
13845
msgstr ""
13847
13846
13848
#: serverguide/C/network-auth.xml:437(programlisting)
13847
#: serverguide/C/network-auth.xml:444(programlisting)
13849
13848
#, no-wrap
13850
13849
msgid ""
13851
13850
"\n"
13879
13878
"homeDirectory: /home/john\n"
13880
13879
msgstr ""
13881
13880
13882
#: serverguide/C/network-auth.xml:469(para)
13881
#: serverguide/C/network-auth.xml:476(para)
13883
13882
msgid ""
13884
13883
"It's important that uid and gid values in your directory do not collide with "
13885
13884
"local values. Use high number ranges, such as starting at 5000. By setting "
13887
13886
"what can be done with a local user vs a ldap one. More on that later."
13888
13887
msgstr ""
13889
13888
13890
#: serverguide/C/network-auth.xml:477(para)
13889
#: serverguide/C/network-auth.xml:484(para)
13891
13890
msgid "Add the content:"
13892
13891
msgstr ""
13893
13892
13894
#: serverguide/C/network-auth.xml:482(command)
13893
#: serverguide/C/network-auth.xml:489(command)
13895
13894
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
13896
13895
msgstr ""
13897
13896
13898
#: serverguide/C/network-auth.xml:484(application)
13897
#: serverguide/C/network-auth.xml:491(application)
13899
13898
msgid "********"
13900
13899
msgstr ""
13901
13900
13902
#: serverguide/C/network-auth.xml:483(computeroutput)
13901
#: serverguide/C/network-auth.xml:490(computeroutput)
13903
13902
#, no-wrap
13904
13903
msgid ""
13905
13904
"\n"
13913
13912
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
13914
13913
msgstr ""
13915
13914
13916
#: serverguide/C/network-auth.xml:495(para)
13915
#: serverguide/C/network-auth.xml:502(para)
13917
13916
msgid ""
13918
13917
"We can check that the information has been correctly added with the "
13919
13918
"<application>ldapsearch</application> utility:"
13920
13919
msgstr ""
13921
13920
13922
#: serverguide/C/network-auth.xml:500(command)
13921
#: serverguide/C/network-auth.xml:507(command)
13923
13922
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
13924
13923
msgstr ""
13925
13924
13926
#: serverguide/C/network-auth.xml:501(computeroutput)
13925
#: serverguide/C/network-auth.xml:508(computeroutput)
13927
13926
#, no-wrap
13928
13927
msgid ""
13929
13928
"\n"
13932
13931
"gidNumber: 5000\n"
13933
13932
msgstr ""
13934
13933
13935
#: serverguide/C/network-auth.xml:508(para)
13934
#: serverguide/C/network-auth.xml:515(para)
13936
13935
msgid "Explanation of switches:"
13937
13936
msgstr ""
13938
13937
13939
#: serverguide/C/network-auth.xml:515(para)
13938
#: serverguide/C/network-auth.xml:522(para)
13940
13939
msgid ""
13941
13940
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
13942
13941
"method"
13943
13942
msgstr ""
13944
13943
13945
#: serverguide/C/network-auth.xml:521(para)
13944
#: serverguide/C/network-auth.xml:528(para)
13946
13945
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
13947
13946
msgstr ""
13948
13947
13949
#: serverguide/C/network-auth.xml:527(para)
13948
#: serverguide/C/network-auth.xml:534(para)
13950
13949
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
13951
13950
msgstr ""
13952
13951
13953
#: serverguide/C/network-auth.xml:533(para)
13952
#: serverguide/C/network-auth.xml:540(para)
13954
13953
msgid ""
13955
13954
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
13956
13955
"displayed (the default is to show all attributes)"
13957
13956
msgstr ""
13958
13957
13959
#: serverguide/C/network-auth.xml:543(title)
13958
#: serverguide/C/network-auth.xml:550(title)
13960
13959
msgid "Modifying the slapd Configuration Database"
13961
13960
msgstr ""
13962
13961
13963
#: serverguide/C/network-auth.xml:545(para)
13962
#: serverguide/C/network-auth.xml:552(para)
13964
13963
msgid ""
13965
13964
"The slapd-config DIT can also be queried and modified. Here are a few "
13966
13965
"examples."
13967
13966
msgstr ""
13968
13967
13969
#: serverguide/C/network-auth.xml:552(para)
13968
#: serverguide/C/network-auth.xml:559(para)
13970
13969
msgid ""
13971
13970
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
13972
13971
"attribute) to your <application>{1}hdb,cn=config</application> database "
13974
13973
"<filename>uid_index.ldif</filename>, with the following contents:"
13975
13974
msgstr ""
13976
13975
13977
#: serverguide/C/network-auth.xml:557(programlisting)
13976
#: serverguide/C/network-auth.xml:564(programlisting)
13978
13977
#, no-wrap
13979
13978
msgid ""
13980
13979
"\n"
13987
13986
"add: olcDbIndex\n"
13988
13987
"olcDbIndex: uid eq,pres,sub\n"
13989
13988
13990
#: serverguide/C/network-auth.xml:563(para)
13989
#: serverguide/C/network-auth.xml:570(para)
13991
13990
msgid "Then issue the command:"
13992
13991
msgstr ""
13993
13992
13994
#: serverguide/C/network-auth.xml:568(command)
13993
#: serverguide/C/network-auth.xml:575(command)
13995
13994
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13996
13995
msgstr ""
13997
13996
13998
#: serverguide/C/network-auth.xml:569(computeroutput)
13997
#: serverguide/C/network-auth.xml:576(computeroutput)
13999
13998
#, no-wrap
14000
13999
msgid ""
14001
14000
"\n"
14002
14001
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14003
14002
msgstr ""
14004
14003
14005
#: serverguide/C/network-auth.xml:574(para)
14004
#: serverguide/C/network-auth.xml:581(para)
14006
14005
msgid "You can confirm the change in this way:"
14007
14006
msgstr ""
14008
14007
14009
#: serverguide/C/network-auth.xml:579(command)
14008
#: serverguide/C/network-auth.xml:586(command)
14010
14009
msgid ""
14011
14010
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14012
14011
"'(olcDatabase={1}hdb)' olcDbIndex"
14013
14012
msgstr ""
14014
14013
14015
#: serverguide/C/network-auth.xml:581(computeroutput)
14014
#: serverguide/C/network-auth.xml:588(computeroutput)
14016
14015
#, no-wrap
14017
14016
msgid ""
14018
14017
"\n"
14021
14020
"olcDbIndex: uid eq,pres,sub\n"
14022
14021
msgstr ""
14023
14022
14024
#: serverguide/C/network-auth.xml:591(para)
14023
#: serverguide/C/network-auth.xml:598(para)
14025
14024
msgid ""
14026
14025
"Let's add a schema. It will first need to be converted to LDIF format. You "
14027
14026
"can find unconverted schemas in addition to converted ones in the <filename "
14028
14027
"role=\"directory\">/etc/ldap/schema</filename> directory."
14029
14028
msgstr ""
14030
14029
14031
#: serverguide/C/network-auth.xml:599(para)
14030
#: serverguide/C/network-auth.xml:606(para)
14032
14031
msgid ""
14033
14032
"It is not trivial to remove a schema from the slapd-config database. "
14034
14033
"Practice adding schemas on a test system."
14035
14034
msgstr ""
14036
14035
14037
#: serverguide/C/network-auth.xml:605(para)
14036
#: serverguide/C/network-auth.xml:612(para)
14038
14037
msgid ""
14039
14038
"Before adding any schema, you should check which schemas are already "
14040
14039
"installed (shown is a default, out-of-the-box output):"
14041
14040
msgstr ""
14042
14041
14043
#: serverguide/C/network-auth.xml:611(command)
14042
#: serverguide/C/network-auth.xml:618(command)
14044
14043
msgid ""
14045
14044
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
14046
14045
msgstr ""
14047
14046
14048
#: serverguide/C/network-auth.xml:613(computeroutput)
14047
#: serverguide/C/network-auth.xml:620(computeroutput)
14049
14048
#, no-wrap
14050
14049
msgid ""
14051
14050
"\n"
14060
14059
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14061
14060
msgstr ""
14062
14061
14063
#: serverguide/C/network-auth.xml:630(para)
14062
#: serverguide/C/network-auth.xml:637(para)
14064
14063
msgid "In the following example we'll add the CORBA schema."
14065
14064
msgstr ""
14066
14065
14067
#: serverguide/C/network-auth.xml:637(para)
14066
#: serverguide/C/network-auth.xml:644(para)
14068
14067
msgid ""
14069
14068
"Create the conversion configuration file "
14070
14069
"<filename>schema_convert.conf</filename> containing the following lines:"
14071
14070
msgstr ""
14072
14071
14073
#: serverguide/C/network-auth.xml:642(programlisting)
14072
#: serverguide/C/network-auth.xml:649(programlisting)
14074
14073
#, no-wrap
14075
14074
msgid ""
14076
14075
"\n"
14090
14089
"include /etc/ldap/schema/pmi.schema\n"
14091
14090
msgstr ""
14092
14091
14093
#: serverguide/C/network-auth.xml:662(para)
14092
#: serverguide/C/network-auth.xml:669(para)
14094
14093
msgid "Create the output directory <filename>ldif_output</filename>."
14095
14094
msgstr ""
14096
14095
14097
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14096
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14098
14097
msgid "Determine the index of the schema:"
14099
14098
msgstr ""
14100
14099
14101
#: serverguide/C/network-auth.xml:673(command)
14100
#: serverguide/C/network-auth.xml:680(command)
14102
14101
msgid ""
14103
14102
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14104
14103
msgstr ""
14105
14104
14106
#: serverguide/C/network-auth.xml:674(computeroutput)
14105
#: serverguide/C/network-auth.xml:681(computeroutput)
14107
14106
#, no-wrap
14108
14107
msgid ""
14109
14108
"\n"
14110
14109
"cn={1}corba,cn=schema,cn=config\n"
14111
14110
msgstr ""
14112
14111
14113
#: serverguide/C/network-auth.xml:685(para)
14112
#: serverguide/C/network-auth.xml:687(para)
14114
14113
msgid ""
14115
14114
"When slapd ingests objects with the same parent DN it will create an "
14116
14115
"<emphasis>index</emphasis> for that object. An index is contained within "
14117
14116
"braces: <application>{X}</application>."
14118
14117
msgstr ""
14119
14118
14120
#: serverguide/C/network-auth.xml:689(para)
14119
#: serverguide/C/network-auth.xml:696(para)
14121
14120
msgid "Use <application>slapcat</application> to perform the conversion:"
14122
14121
msgstr ""
14123
14122
14124
#: serverguide/C/network-auth.xml:694(command)
14123
#: serverguide/C/network-auth.xml:701(command)
14125
14124
msgid ""
14126
14125
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14127
14126
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14128
14127
msgstr ""
14129
14128
14130
#: serverguide/C/network-auth.xml:698(para)
14129
#: serverguide/C/network-auth.xml:705(para)
14131
14130
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14132
14131
msgstr ""
14133
14132
14134
#: serverguide/C/network-auth.xml:704(para)
14133
#: serverguide/C/network-auth.xml:711(para)
14135
14134
msgid ""
14136
14135
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14137
14136
"attributes:"
14138
14137
msgstr ""
14139
14138
14140
#: serverguide/C/network-auth.xml:708(programlisting)
14139
#: serverguide/C/network-auth.xml:715(programlisting)
14141
14140
#, no-wrap
14142
14141
msgid ""
14143
14142
"\n"
14146
14145
"cn: corba\n"
14147
14146
msgstr ""
14148
14147
14149
#: serverguide/C/network-auth.xml:714(para)
14148
#: serverguide/C/network-auth.xml:721(para)
14150
14149
msgid "Also remove the following lines from the bottom:"
14151
14150
msgstr ""
14152
14151
14153
#: serverguide/C/network-auth.xml:718(programlisting)
14152
#: serverguide/C/network-auth.xml:725(programlisting)
14154
14153
#, no-wrap
14155
14154
msgid ""
14156
14155
"\n"
14163
14162
"modifyTimestamp: 20110829165435Z\n"
14164
14163
msgstr ""
14165
14164
14166
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14165
#: serverguide/C/network-auth.xml:735(para) serverguide/C/network-auth.xml:2374(para)
14167
14166
msgid "Your attribute values will vary."
14168
14167
msgstr ""
14169
14168
14170
#: serverguide/C/network-auth.xml:734(para)
14169
#: serverguide/C/network-auth.xml:741(para)
14171
14170
msgid ""
14172
14171
"Finally, use <application>ldapadd</application> to add the new schema to the "
14173
14172
"slapd-config DIT:"
14174
14173
msgstr ""
14175
14174
14176
#: serverguide/C/network-auth.xml:739(command)
14175
#: serverguide/C/network-auth.xml:746(command)
14177
14176
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14178
14177
msgstr ""
14179
14178
14180
#: serverguide/C/network-auth.xml:740(computeroutput)
14179
#: serverguide/C/network-auth.xml:747(computeroutput)
14181
14180
#, no-wrap
14182
14181
msgid ""
14183
14182
"\n"
14184
14183
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14185
14184
msgstr ""
14186
14185
14187
#: serverguide/C/network-auth.xml:748(para)
14186
#: serverguide/C/network-auth.xml:755(para)
14188
14187
msgid "Confirm currently loaded schemas:"
14189
14188
msgstr ""
14190
14189
14191
#: serverguide/C/network-auth.xml:753(command)
14190
#: serverguide/C/network-auth.xml:760(command)
14192
14191
msgid ""
14193
14192
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14194
14193
msgstr ""
14195
14194
14196
#: serverguide/C/network-auth.xml:754(computeroutput)
14195
#: serverguide/C/network-auth.xml:761(computeroutput)
14197
14196
#, no-wrap
14198
14197
msgid ""
14199
14198
"\n"
14210
14209
"dn: cn={4}corba,cn=schema,cn=config\n"
14211
14210
msgstr ""
14212
14211
14213
#: serverguide/C/network-auth.xml:778(para)
14212
#: serverguide/C/network-auth.xml:785(para)
14214
14213
msgid ""
14215
14214
"For external applications and clients to authenticate using LDAP they will "
14216
14215
"each need to be specifically configured to do so. Refer to the appropriate "
14217
14216
"client-side documentation for details."
14218
14217
msgstr ""
14219
14218
14220
#: serverguide/C/network-auth.xml:789(para)
14219
#: serverguide/C/network-auth.xml:796(para)
14221
14220
msgid ""
14222
14221
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14223
14222
"based solution yet it must be manually enabled after software installation. "
14225
14224
"any other slapd configuration, is enabled via the slapd-config database."
14226
14225
msgstr ""
14227
14226
14228
#: serverguide/C/network-auth.xml:795(para)
14227
#: serverguide/C/network-auth.xml:802(para)
14229
14228
msgid ""
14230
14229
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14231
14230
"containing the lower one (additive). A good level to try is "
14235
14234
"different subsystems."
14236
14235
msgstr ""
14237
14236
14238
#: serverguide/C/network-auth.xml:801(para)
14237
#: serverguide/C/network-auth.xml:808(para)
14239
14238
msgid ""
14240
14239
"Create the file <filename>logging.ldif</filename> with the following "
14241
14240
"contents:"
14242
14241
msgstr ""
14243
14242
14244
#: serverguide/C/network-auth.xml:805(programlisting)
14243
#: serverguide/C/network-auth.xml:812(programlisting)
14245
14244
#, no-wrap
14246
14245
msgid ""
14247
14246
"\n"
14251
14250
"olcLogLevel: stats\n"
14252
14251
msgstr ""
14253
14252
14254
#: serverguide/C/network-auth.xml:812(para)
14253
#: serverguide/C/network-auth.xml:819(para)
14255
14254
msgid "Implement the change:"
14256
14255
msgstr ""
14257
14256
14258
#: serverguide/C/network-auth.xml:817(command)
14257
#: serverguide/C/network-auth.xml:824(command)
14259
14258
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14260
14259
msgstr ""
14261
14260
14262
#: serverguide/C/network-auth.xml:820(para)
14261
#: serverguide/C/network-auth.xml:827(para)
14263
14262
msgid ""
14264
14263
"This will produce a significant amount of logging and you will want to "
14265
14264
"throttle back to a less verbose level once your system is in production. "
14267
14266
"hard time keeping up and may drop messages:"
14268
14267
msgstr ""
14269
14268
14270
#: serverguide/C/network-auth.xml:826(programlisting)
14269
#: serverguide/C/network-auth.xml:833(programlisting)
14271
14270
#, no-wrap
14272
14271
msgid ""
14273
14272
"\n"
14275
14274
"limiting\n"
14276
14275
msgstr ""
14277
14276
14278
#: serverguide/C/network-auth.xml:830(para)
14277
#: serverguide/C/network-auth.xml:837(para)
14279
14278
msgid ""
14280
14279
"You may consider a change to rsyslog's configuration. In "
14281
14280
"<filename>/etc/rsyslog.conf</filename>, put:"
14282
14281
msgstr ""
14283
14282
14284
#: serverguide/C/network-auth.xml:834(programlisting)
14283
#: serverguide/C/network-auth.xml:841(programlisting)
14285
14284
#, no-wrap
14286
14285
msgid ""
14287
14286
"\n"
14290
14289
"$SystemLogRateLimitInterval 0\n"
14291
14290
msgstr ""
14292
14291
14293
#: serverguide/C/network-auth.xml:840(para)
14292
#: serverguide/C/network-auth.xml:847(para)
14294
14293
msgid "And then restart the rsyslog daemon:"
14295
14294
msgstr ""
14296
14295
14297
#: serverguide/C/network-auth.xml:845(command)
14296
#: serverguide/C/network-auth.xml:852(command)
14298
14297
msgid "sudo service rsyslog restart"
14299
14298
msgstr ""
14300
14299
14301
#: serverguide/C/network-auth.xml:851(title)
14300
#: serverguide/C/network-auth.xml:858(title)
14302
14301
msgid "Replication"
14303
14302
msgstr ""
14304
14303
14305
#: serverguide/C/network-auth.xml:853(para)
14304
#: serverguide/C/network-auth.xml:860(para)
14306
14305
msgid ""
14307
14306
"The LDAP service becomes increasingly important as more networked systems "
14308
14307
"begin to depend on it. In such an environment, it is standard practice to "
14311
14310
"replication</emphasis>."
14312
14311
msgstr ""
14313
14312
14314
#: serverguide/C/network-auth.xml:859(para)
14313
#: serverguide/C/network-auth.xml:866(para)
14315
14314
msgid ""
14316
14315
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14317
14316
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14323
14322
"be sent, not entire entries."
14324
14323
msgstr ""
14325
14324
14326
#: serverguide/C/network-auth.xml:868(title)
14325
#: serverguide/C/network-auth.xml:875(title)
14327
14326
msgid "Provider Configuration"
14328
14327
msgstr ""
14329
14328
14330
#: serverguide/C/network-auth.xml:870(para)
14329
#: serverguide/C/network-auth.xml:877(para)
14331
14330
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14332
14331
msgstr ""
14333
14332
14334
#: serverguide/C/network-auth.xml:877(para)
14333
#: serverguide/C/network-auth.xml:884(para)
14335
14334
msgid ""
14336
14335
"Create an LDIF file with the following contents and name it "
14337
14336
"<filename>provider_sync.ldif</filename>:"
14338
14337
msgstr ""
14339
14338
14340
#: serverguide/C/network-auth.xml:881(programlisting)
14339
#: serverguide/C/network-auth.xml:888(programlisting)
14341
14340
#, no-wrap
14342
14341
msgid ""
14343
14342
"\n"
14399
14398
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14400
14399
msgstr ""
14401
14400
14402
#: serverguide/C/network-auth.xml:940(para)
14401
#: serverguide/C/network-auth.xml:947(para)
14403
14402
msgid ""
14404
14403
"Change the rootDN in the LDIF file to match the one you have for your "
14405
14404
"directory."
14406
14405
msgstr ""
14407
14406
14408
#: serverguide/C/network-auth.xml:947(para)
14407
#: serverguide/C/network-auth.xml:954(para)
14409
14408
msgid ""
14410
14409
"The <application>apparmor</application> profile for slapd will not need to "
14411
14410
"be adjusted for the accesslog database location since "
14412
14411
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14413
14412
msgstr ""
14414
14413
14415
#: serverguide/C/network-auth.xml:952(programlisting)
14414
#: serverguide/C/network-auth.xml:959(programlisting)
14416
14415
#, no-wrap
14417
14416
msgid ""
14418
14417
"\n"
14420
14419
"/var/lib/ldap/** rwk,\n"
14421
14420
msgstr ""
14422
14421
14423
#: serverguide/C/network-auth.xml:957(para)
14422
#: serverguide/C/network-auth.xml:964(para)
14424
14423
msgid ""
14425
14424
"Create a directory, set up a databse config file, and reload the apparmor "
14426
14425
"profile:"
14427
14426
msgstr ""
14428
14427
14429
#: serverguide/C/network-auth.xml:962(command)
14428
#: serverguide/C/network-auth.xml:969(command)
14430
14429
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14431
14430
msgstr ""
14432
14431
14433
#: serverguide/C/network-auth.xml:963(command)
14432
#: serverguide/C/network-auth.xml:970(command)
14434
14433
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14435
14434
msgstr ""
14436
14435
14437
#: serverguide/C/network-auth.xml:970(para)
14436
#: serverguide/C/network-auth.xml:977(para)
14438
14437
msgid ""
14439
14438
"Add the new content and, due to the apparmor change, restart the daemon:"
14440
14439
msgstr ""
14441
14440
14442
#: serverguide/C/network-auth.xml:975(command)
14441
#: serverguide/C/network-auth.xml:982(command)
14443
14442
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14444
14443
msgstr ""
14445
14444
14446
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14445
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14447
14446
msgid "sudo service slapd restart"
14448
14447
msgstr ""
14449
14448
14450
#: serverguide/C/network-auth.xml:983(para)
14449
#: serverguide/C/network-auth.xml:990(para)
14451
14450
msgid "The Provider is now configured."
14452
14451
msgstr ""
14453
14452
14454
#: serverguide/C/network-auth.xml:990(title)
14453
#: serverguide/C/network-auth.xml:997(title)
14455
14454
msgid "Consumer Configuration"
14456
14455
msgstr ""
14457
14456
14458
#: serverguide/C/network-auth.xml:992(para)
14457
#: serverguide/C/network-auth.xml:999(para)
14459
14458
msgid "And now configure the <emphasis>Consumer</emphasis>."
14460
14459
msgstr ""
14461
14460
14462
#: serverguide/C/network-auth.xml:999(para)
14461
#: serverguide/C/network-auth.xml:1006(para)
14463
14462
msgid ""
14464
14463
"Install the software by going through <xref linkend=\"openldap-server-"
14465
14464
"installation\"/>. Make sure the slapd-config databse is identical to the "
14467
14466
"same."
14468
14467
msgstr ""
14469
14468
14470
#: serverguide/C/network-auth.xml:1006(para)
14469
#: serverguide/C/network-auth.xml:1013(para)
14471
14470
msgid ""
14472
14471
"Create an LDIF file with the following contents and name it "
14473
14472
"<filename>consumer_sync.ldif</filename>:"
14474
14473
msgstr ""
14475
14474
14476
#: serverguide/C/network-auth.xml:1010(programlisting)
14475
#: serverguide/C/network-auth.xml:1017(programlisting)
14477
14476
#, no-wrap
14478
14477
msgid ""
14479
14478
"\n"
14500
14499
"olcUpdateRef: ldap://ldap01.example.com\n"
14501
14500
msgstr ""
14502
14501
14503
#: serverguide/C/network-auth.xml:1031(para)
14502
#: serverguide/C/network-auth.xml:1038(para)
14504
14503
msgid "Ensure the following attributes have the correct values:"
14505
14504
msgstr ""
14506
14505
14507
#: serverguide/C/network-auth.xml:1036(para)
14506
#: serverguide/C/network-auth.xml:1043(para)
14508
14507
msgid ""
14509
14508
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14510
14509
"ldap01.example.com in this example -- or IP address)"
14511
14510
msgstr ""
14512
14511
14513
#: serverguide/C/network-auth.xml:1037(para)
14512
#: serverguide/C/network-auth.xml:1044(para)
14514
14513
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14515
14514
msgstr ""
14516
14515
14517
#: serverguide/C/network-auth.xml:1038(para)
14516
#: serverguide/C/network-auth.xml:1045(para)
14518
14517
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14519
14518
msgstr ""
14520
14519
14521
#: serverguide/C/network-auth.xml:1039(para)
14520
#: serverguide/C/network-auth.xml:1046(para)
14522
14521
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14523
14522
msgstr ""
14524
14523
14525
#: serverguide/C/network-auth.xml:1040(para)
14524
#: serverguide/C/network-auth.xml:1047(para)
14526
14525
msgid ""
14527
14526
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14528
14527
msgstr ""
14529
14528
14530
#: serverguide/C/network-auth.xml:1041(para)
14529
#: serverguide/C/network-auth.xml:1048(para)
14531
14530
msgid ""
14532
14531
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14533
14532
"replica. Each consumer should have at least one rid)"
14534
14533
msgstr ""
14535
14534
14536
#: serverguide/C/network-auth.xml:1050(para)
14535
#: serverguide/C/network-auth.xml:1057(para)
14537
14536
msgid "Add the new content:"
14538
14537
msgstr ""
14539
14538
14540
#: serverguide/C/network-auth.xml:1055(command)
14539
#: serverguide/C/network-auth.xml:1062(command)
14541
14540
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14542
14541
msgstr ""
14543
14542
14544
#: serverguide/C/network-auth.xml:1062(para)
14543
#: serverguide/C/network-auth.xml:1069(para)
14545
14544
msgid ""
14546
14545
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14547
14546
"synchronizing."
14548
14547
msgstr ""
14549
14548
14550
#: serverguide/C/network-auth.xml:1071(para)
14549
#: serverguide/C/network-auth.xml:1078(para)
14551
14550
msgid "Once replication starts, you can monitor it by running"
14552
14551
msgstr ""
14553
14552
14554
#: serverguide/C/network-auth.xml:1081(command)
14553
#: serverguide/C/network-auth.xml:1083(command)
14555
14554
msgid ""
14556
14555
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14557
14556
"contextCSN"
14558
14557
msgstr ""
14559
14558
14560
#: serverguide/C/network-auth.xml:1077(computeroutput)
14559
#: serverguide/C/network-auth.xml:1084(computeroutput)
14561
14560
#, no-wrap
14562
14561
msgid ""
14563
14562
"\n"
14565
14564
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14566
14565
msgstr ""
14567
14566
14568
#: serverguide/C/network-auth.xml:1083(para)
14567
#: serverguide/C/network-auth.xml:1090(para)
14569
14568
msgid ""
14570
14569
"on both the provider and the consumer. Once the output "
14571
14570
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14574
14573
"the one in the consumer(s)."
14575
14574
msgstr ""
14576
14575
14577
#: serverguide/C/network-auth.xml:1092(para)
14576
#: serverguide/C/network-auth.xml:1099(para)
14578
14577
msgid ""
14579
14578
"If your connection is slow and/or your ldap database large, it might take a "
14580
14579
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14582
14581
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14583
14582
msgstr ""
14584
14583
14585
#: serverguide/C/network-auth.xml:1100(para)
14584
#: serverguide/C/network-auth.xml:1107(para)
14586
14585
msgid ""
14587
14586
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14588
14587
"match the provider, you should stop and figure out the issue before "
14592
14591
"statements) return no errors."
14593
14592
msgstr ""
14594
14593
14595
#: serverguide/C/network-auth.xml:1109(para)
14594
#: serverguide/C/network-auth.xml:1116(para)
14596
14595
msgid ""
14597
14596
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14598
14597
msgstr ""
14599
14598
14600
#: serverguide/C/network-auth.xml:1114(command)
14599
#: serverguide/C/network-auth.xml:1121(command)
14601
14600
msgid ""
14602
14601
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14603
14602
msgstr ""
14604
14603
14605
#: serverguide/C/network-auth.xml:1117(para)
14604
#: serverguide/C/network-auth.xml:1124(para)
14606
14605
msgid ""
14607
14606
"You should see the user 'john' and the group 'miners' as well as the nodes "
14608
14607
"'People' and 'Groups'."
14609
14608
msgstr ""
14610
14609
14611
#: serverguide/C/network-auth.xml:1126(title)
14610
#: serverguide/C/network-auth.xml:1133(title)
14612
14611
msgid "Access Control"
14613
14612
msgstr ""
14614
14613
14615
#: serverguide/C/network-auth.xml:1128(para)
14614
#: serverguide/C/network-auth.xml:1135(para)
14616
14615
msgid ""
14617
14616
"The management of what type of access (read, write, etc) users should be "
14618
14617
"granted to resources is known as <emphasis>access control</emphasis>. The "
14620
14619
"lists</emphasis> or ACL."
14621
14620
msgstr ""
14622
14621
14623
#: serverguide/C/network-auth.xml:1133(para)
14622
#: serverguide/C/network-auth.xml:1140(para)
14624
14623
msgid ""
14625
14624
"When we installed the slapd package various ACL were set up automatically. "
14626
14625
"We will look at a few important consequences of those defaults and, in so "
14627
14626
"doing, we'll get an idea of how ACLs work and how they're configured."
14628
14627
msgstr ""
14629
14628
14630
#: serverguide/C/network-auth.xml:1138(para)
14629
#: serverguide/C/network-auth.xml:1145(para)
14631
14630
msgid ""
14632
14631
"To get the effective ACL for an LDAP query we need to look at the ACL "
14633
14632
"entries of the database being queried as well as those of the special "
14639
14638
"(\"dc=example,dc=com\") and those of the frontend database:"
14640
14639
msgstr ""
14641
14640
14642
#: serverguide/C/network-auth.xml:1147(command)
14641
#: serverguide/C/network-auth.xml:1154(command)
14643
14642
msgid ""
14644
14643
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14645
14644
"'(olcDatabase={1}hdb)' olcAccess"
14646
14645
msgstr ""
14647
14646
14648
#: serverguide/C/network-auth.xml:1149(computeroutput)
14647
#: serverguide/C/network-auth.xml:1156(computeroutput)
14649
14648
#, no-wrap
14650
14649
msgid ""
14651
14650
"\n"
14659
14658
" read\n"
14660
14659
msgstr ""
14661
14660
14662
#: serverguide/C/network-auth.xml:1160(para)
14661
#: serverguide/C/network-auth.xml:1167(para)
14663
14662
msgid ""
14664
14663
"The rootDN always has full rights to its database. Including it in an ACL "
14665
14664
"does provide an explicit configuration but it also causes slapd to incur a "
14666
14665
"performance penalty."
14667
14666
msgstr ""
14668
14667
14669
#: serverguide/C/network-auth.xml:1167(command)
14668
#: serverguide/C/network-auth.xml:1174(command)
14670
14669
msgid ""
14671
14670
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14672
14671
"'(olcDatabase={-1}frontend)' olcAccess"
14673
14672
msgstr ""
14674
14673
14675
#: serverguide/C/network-auth.xml:1169(computeroutput)
14674
#: serverguide/C/network-auth.xml:1176(computeroutput)
14676
14675
#, no-wrap
14677
14676
msgid ""
14678
14677
"\n"
14683
14682
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14684
14683
msgstr ""
14685
14684
14686
#: serverguide/C/network-auth.xml:1178(para)
14685
#: serverguide/C/network-auth.xml:1185(para)
14687
14686
msgid "The very first ACL is crucial:"
14688
14687
msgstr ""
14689
14688
14690
#: serverguide/C/network-auth.xml:1182(programlisting)
14689
#: serverguide/C/network-auth.xml:1189(programlisting)
14691
14690
#, no-wrap
14692
14691
msgid ""
14693
14692
"\n"
14696
14695
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14697
14696
msgstr ""
14698
14697
14699
#: serverguide/C/network-auth.xml:1187(para)
14698
#: serverguide/C/network-auth.xml:1194(para)
14700
14699
msgid "This can be represented differently for easier digestion:"
14701
14700
msgstr ""
14702
14701
14703
#: serverguide/C/network-auth.xml:1191(programlisting)
14702
#: serverguide/C/network-auth.xml:1198(programlisting)
14704
14703
#, no-wrap
14705
14704
msgid ""
14706
14705
"\n"
14717
14716
"\tby * none\n"
14718
14717
msgstr ""
14719
14718
14720
#: serverguide/C/network-auth.xml:1205(para)
14719
#: serverguide/C/network-auth.xml:1212(para)
14721
14720
msgid "This compound ACL (there are 2) enforces the following:"
14722
14721
msgstr ""
14723
14722
14724
#: serverguide/C/network-auth.xml:1212(para)
14723
#: serverguide/C/network-auth.xml:1219(para)
14725
14724
msgid ""
14726
14725
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14727
14726
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14730
14729
"occur (see next point)."
14731
14730
msgstr ""
14732
14731
14733
#: serverguide/C/network-auth.xml:1220(para)
14732
#: serverguide/C/network-auth.xml:1227(para)
14734
14733
msgid ""
14735
14734
"Authentication can happen because all users have 'read' (due to 'by self "
14736
14735
"write') access to the <emphasis>userPassword</emphasis> attribute."
14737
14736
msgstr ""
14738
14737
14739
#: serverguide/C/network-auth.xml:1226(para)
14738
#: serverguide/C/network-auth.xml:1233(para)
14740
14739
msgid ""
14741
14740
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14742
14741
"all other users, with the exception of the rootDN, who has complete access "
14743
14742
"to it."
14744
14743
msgstr ""
14745
14744
14746
#: serverguide/C/network-auth.xml:1233(para)
14745
#: serverguide/C/network-auth.xml:1240(para)
14747
14746
msgid ""
14748
14747
"In order for users to change their own password, using "
14749
14748
"<command>passwd</command> or other utilities, the "
14751
14750
"a user has authenticated."
14752
14751
msgstr ""
14753
14752
14754
#: serverguide/C/network-auth.xml:1241(para)
14753
#: serverguide/C/network-auth.xml:1248(para)
14755
14754
msgid ""
14756
14755
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14757
14756
msgstr ""
14758
14757
14759
#: serverguide/C/network-auth.xml:1245(programlisting)
14758
#: serverguide/C/network-auth.xml:1252(programlisting)
14760
14759
#, no-wrap
14761
14760
msgid ""
14762
14761
"\n"
14766
14765
"\tby * read\n"
14767
14766
msgstr ""
14768
14767
14769
#: serverguide/C/network-auth.xml:1252(para)
14768
#: serverguide/C/network-auth.xml:1259(para)
14770
14769
msgid ""
14771
14770
"If this is unwanted then you need to change the ACLs. To force "
14772
14771
"authentication during a bind request you can alternatively (or in "
14773
14772
"combination with the modified ACL) use the 'olcRequire: authc' directive."
14774
14773
msgstr ""
14775
14774
14776
#: serverguide/C/network-auth.xml:1257(para)
14775
#: serverguide/C/network-auth.xml:1264(para)
14777
14776
msgid ""
14778
14777
"As previously mentioned, there is no administrative account created for the "
14779
14778
"slapd-config database. There is, however, a SASL identity that is granted "
14781
14780
"it is:"
14782
14781
msgstr ""
14783
14782
14784
#: serverguide/C/network-auth.xml:1262(programlisting)
14783
#: serverguide/C/network-auth.xml:1269(programlisting)
14785
14784
#, no-wrap
14786
14785
msgid ""
14787
14786
"\n"
14788
14787
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
14789
14788
msgstr ""
14790
14789
14791
#: serverguide/C/network-auth.xml:1266(para)
14790
#: serverguide/C/network-auth.xml:1273(para)
14792
14791
msgid ""
14793
14792
"The following command will display the ACLs of the slapd-config database:"
14794
14793
msgstr ""
14795
14794
14796
#: serverguide/C/network-auth.xml:1271(command)
14795
#: serverguide/C/network-auth.xml:1278(command)
14797
14796
msgid ""
14798
14797
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14799
14798
"'(olcDatabase={0}config)' olcAccess"
14800
14799
msgstr ""
14801
14800
14802
#: serverguide/C/network-auth.xml:1273(computeroutput)
14801
#: serverguide/C/network-auth.xml:1280(computeroutput)
14803
14802
#, no-wrap
14804
14803
msgid ""
14805
14804
"\n"
14808
14807
" cn=external,cn=auth manage by * break\n"
14809
14808
msgstr ""
14810
14809
14811
#: serverguide/C/network-auth.xml:1285(para)
14810
#: serverguide/C/network-auth.xml:1287(para)
14812
14811
msgid ""
14813
14812
"Since this is a SASL identity we need to use a SASL "
14814
14813
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
14816
14815
"mechanism. See the previous command for an example. Note that:"
14817
14816
msgstr ""
14818
14817
14819
#: serverguide/C/network-auth.xml:1288(para)
14818
#: serverguide/C/network-auth.xml:1295(para)
14820
14819
msgid ""
14821
14820
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
14822
14821
"for the ACL to match."
14823
14822
msgstr ""
14824
14823
14825
#: serverguide/C/network-auth.xml:1294(para)
14824
#: serverguide/C/network-auth.xml:1301(para)
14826
14825
msgid ""
14827
14826
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
14828
14827
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
14829
14828
msgstr ""
14830
14829
14831
#: serverguide/C/network-auth.xml:1302(para)
14830
#: serverguide/C/network-auth.xml:1309(para)
14832
14831
msgid "A succinct way to get all the ACLs is like this:"
14833
14832
msgstr ""
14834
14833
14835
#: serverguide/C/network-auth.xml:1307(command)
14834
#: serverguide/C/network-auth.xml:1314(command)
14836
14835
msgid ""
14837
14836
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14838
14837
"'(olcAccess=*)' olcAccess olcSuffix"
14839
14838
msgstr ""
14840
14839
14841
#: serverguide/C/network-auth.xml:1311(para)
14840
#: serverguide/C/network-auth.xml:1318(para)
14842
14841
msgid ""
14843
14842
"There is much to say on the topic of access control. See the man page for "
14844
14843
"<ulink "
14846
14845
".access</ulink>."
14847
14846
msgstr ""
14848
14847
14849
#: serverguide/C/network-auth.xml:1319(title)
14848
#: serverguide/C/network-auth.xml:1326(title)
14850
14849
msgid "TLS"
14851
14850
msgstr ""
14852
14851
14853
#: serverguide/C/network-auth.xml:1321(para)
14852
#: serverguide/C/network-auth.xml:1328(para)
14854
14853
msgid ""
14855
14854
"When authenticating to an OpenLDAP server it is best to do so using an "
14856
14855
"encrypted session. This can be accomplished using Transport Layer Security "
14857
14856
"(TLS)."
14858
14857
msgstr ""
14859
14858
14860
#: serverguide/C/network-auth.xml:1326(para)
14859
#: serverguide/C/network-auth.xml:1333(para)
14861
14860
msgid ""
14862
14861
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
14863
14862
"create and sign our LDAP server certificate as that CA. Since "
14866
14865
"<application>certtool</application> utility to complete these tasks."
14867
14866
msgstr ""
14868
14867
14869
#: serverguide/C/network-auth.xml:1335(para)
14868
#: serverguide/C/network-auth.xml:1342(para)
14870
14869
msgid ""
14871
14870
"Install the <application>gnutls-bin</application> and <application>ssl-"
14872
14871
"cert</application> packages:"
14873
14872
msgstr ""
14874
14873
14875
#: serverguide/C/network-auth.xml:1340(command)
14874
#: serverguide/C/network-auth.xml:1347(command)
14876
14875
msgid "sudo apt-get install gnutls-bin ssl-cert"
14877
14876
msgstr ""
14878
14877
14879
#: serverguide/C/network-auth.xml:1346(para)
14878
#: serverguide/C/network-auth.xml:1353(para)
14880
14879
msgid "Create a private key for the Certificate Authority:"
14881
14880
msgstr ""
14882
14881
14883
#: serverguide/C/network-auth.xml:1351(command)
14882
#: serverguide/C/network-auth.xml:1358(command)
14884
14883
msgid ""
14885
14884
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14886
14885
msgstr ""
14887
14886
14888
#: serverguide/C/network-auth.xml:1357(para)
14887
#: serverguide/C/network-auth.xml:1364(para)
14889
14888
msgid ""
14890
14889
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
14891
14890
"CA:"
14892
14891
msgstr ""
14893
14892
14894
#: serverguide/C/network-auth.xml:1361(programlisting)
14893
#: serverguide/C/network-auth.xml:1368(programlisting)
14895
14894
#, no-wrap
14896
14895
msgid ""
14897
14896
"\n"
14900
14899
"cert_signing_key\n"
14901
14900
msgstr ""
14902
14901
14903
#: serverguide/C/network-auth.xml:1370(para)
14902
#: serverguide/C/network-auth.xml:1377(para)
14904
14903
msgid "Create the self-signed CA certificate:"
14905
14904
msgstr ""
14906
14905
14907
#: serverguide/C/network-auth.xml:1375(command)
14906
#: serverguide/C/network-auth.xml:1382(command)
14908
14907
msgid ""
14909
14908
"sudo certtool --generate-self-signed \\ --load-privkey "
14910
14909
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14911
14910
"/etc/ssl/certs/cacert.pem"
14912
14911
msgstr ""
14913
14912
14914
#: serverguide/C/network-auth.xml:1384(para)
14913
#: serverguide/C/network-auth.xml:1391(para)
14915
14914
msgid "Make a private key for the server:"
14916
14915
msgstr ""
14917
14916
14918
#: serverguide/C/network-auth.xml:1389(command)
14917
#: serverguide/C/network-auth.xml:1396(command)
14919
14918
msgid ""
14920
14919
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14921
14920
"/etc/ssl/private/ldap01_slapd_key.pem"
14922
14921
msgstr ""
14923
14922
14924
#: serverguide/C/network-auth.xml:1395(para)
14923
#: serverguide/C/network-auth.xml:1402(para)
14925
14924
msgid ""
14926
14925
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14927
14926
"hostname. Naming the certificate and key for the host and service that will "
14928
14927
"be using them will help keep things clear."
14929
14928
msgstr ""
14930
14929
14931
#: serverguide/C/network-auth.xml:1404(para)
14930
#: serverguide/C/network-auth.xml:1411(para)
14932
14931
msgid ""
14933
14932
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14934
14933
msgstr ""
14935
14934
14936
#: serverguide/C/network-auth.xml:1408(programlisting)
14935
#: serverguide/C/network-auth.xml:1415(programlisting)
14937
14936
#, no-wrap
14938
14937
msgid ""
14939
14938
"\n"
14945
14944
"expiration_days = 3650\n"
14946
14945
msgstr ""
14947
14946
14948
#: serverguide/C/network-auth.xml:1417(para)
14947
#: serverguide/C/network-auth.xml:1424(para)
14949
14948
msgid "The above certificate is good for 10 years. Adjust accordingly."
14950
14949
msgstr ""
14951
14950
14952
#: serverguide/C/network-auth.xml:1423(para)
14951
#: serverguide/C/network-auth.xml:1430(para)
14953
14952
msgid "Create the server's certificate:"
14954
14953
msgstr ""
14955
14954
14956
#: serverguide/C/network-auth.xml:1428(command)
14955
#: serverguide/C/network-auth.xml:1435(command)
14957
14956
msgid ""
14958
14957
"sudo certtool --generate-certificate \\ --load-privkey "
14959
14958
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
14962
14961
"/etc/ssl/certs/ldap01_slapd_cert.pem"
14963
14962
msgstr ""
14964
14963
14965
#: serverguide/C/network-auth.xml:1440(para)
14964
#: serverguide/C/network-auth.xml:1447(para)
14966
14965
msgid ""
14967
14966
"Create the file <filename>certinfo.ldif</filename> with the following "
14968
14967
"contents (adjust accordingly, our example assumes we created certs using "
14969
14968
"https://www.cacert.org):"
14970
14969
msgstr ""
14971
14970
14972
#: serverguide/C/network-auth.xml:1444(programlisting)
14971
#: serverguide/C/network-auth.xml:1451(programlisting)
14973
14972
#, no-wrap
14974
14973
msgid ""
14975
14974
"\n"
14984
14983
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
14985
14984
msgstr ""
14986
14985
14987
#: serverguide/C/network-auth.xml:1456(para)
14986
#: serverguide/C/network-auth.xml:1463(para)
14988
14987
msgid ""
14989
14988
"Use the <application>ldapmodify</application> command to tell slapd about "
14990
14989
"our TLS work via the slapd-config database:"
14991
14990
msgstr ""
14992
14991
14993
#: serverguide/C/network-auth.xml:1461(command)
14992
#: serverguide/C/network-auth.xml:1468(command)
14994
14993
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
14995
14994
msgstr ""
14996
14995
14997
#: serverguide/C/network-auth.xml:1464(para)
14996
#: serverguide/C/network-auth.xml:1471(para)
14998
14997
msgid ""
14999
14998
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
15000
14999
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
15001
15000
"should have just:"
15002
15001
msgstr ""
15003
15002
15004
#: serverguide/C/network-auth.xml:1469(programlisting)
15003
#: serverguide/C/network-auth.xml:1476(programlisting)
15005
15004
#, no-wrap
15006
15005
msgid ""
15007
15006
"\n"
15008
15007
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
15009
15008
msgstr ""
15010
15009
15011
#: serverguide/C/network-auth.xml:1474(para)
15010
#: serverguide/C/network-auth.xml:1481(para)
15012
15011
msgid ""
15013
15012
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
15014
15013
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
15017
15016
"over TCP port 636."
15018
15017
msgstr ""
15019
15018
15020
#: serverguide/C/network-auth.xml:1482(para)
15019
#: serverguide/C/network-auth.xml:1489(para)
15021
15020
msgid "Tighten up ownership and permissions:"
15022
15021
msgstr ""
15023
15022
15024
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15023
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15025
15024
msgid "sudo adduser openldap ssl-cert"
15026
15025
msgstr "sudo adduser openldap ssl-cert"
15027
15026
15028
#: serverguide/C/network-auth.xml:1488(command)
15027
#: serverguide/C/network-auth.xml:1495(command)
15029
15028
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15030
15029
msgstr ""
15031
15030
15032
#: serverguide/C/network-auth.xml:1489(command)
15031
#: serverguide/C/network-auth.xml:1496(command)
15033
15032
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15034
15033
msgstr ""
15035
15034
15036
#: serverguide/C/network-auth.xml:1490(command)
15035
#: serverguide/C/network-auth.xml:1497(command)
15037
15036
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15038
15037
msgstr ""
15039
15038
15040
#: serverguide/C/network-auth.xml:1493(para)
15039
#: serverguide/C/network-auth.xml:1500(para)
15041
15040
msgid "Restart OpenLDAP:"
15042
15041
msgstr ""
15043
15042
15044
#: serverguide/C/network-auth.xml:1501(para)
15043
#: serverguide/C/network-auth.xml:1508(para)
15045
15044
msgid ""
15046
15045
"Check your host's logs (/var/log/syslog) to see if the server has started "
15047
15046
"properly."
15048
15047
msgstr ""
15049
15048
15050
#: serverguide/C/network-auth.xml:1508(title)
15049
#: serverguide/C/network-auth.xml:1515(title)
15051
15050
msgid "Replication and TLS"
15052
15051
msgstr ""
15053
15052
15054
#: serverguide/C/network-auth.xml:1510(para)
15053
#: serverguide/C/network-auth.xml:1517(para)
15055
15054
msgid ""
15056
15055
"If you have set up replication between servers, it is common practice to "
15057
15056
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15059
15058
"section we will build on that TLS-authentication work."
15060
15059
msgstr ""
15061
15060
15062
#: serverguide/C/network-auth.xml:1516(para)
15061
#: serverguide/C/network-auth.xml:1523(para)
15063
15062
msgid ""
15064
15063
"The assumption here is that you have set up replication between Provider and "
15065
15064
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
15067
15066
"linkend=\"openldap-tls\"/>."
15068
15067
msgstr ""
15069
15068
15070
#: serverguide/C/network-auth.xml:1521(para)
15069
#: serverguide/C/network-auth.xml:1528(para)
15071
15070
msgid ""
15072
15071
"As previously stated, the objective (for us) with replication is high "
15073
15072
"availablity for the LDAP service. Since we have TLS for authentication on "
15079
15078
"material over to the Consumer."
15080
15079
msgstr ""
15081
15080
15082
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
15081
#: serverguide/C/network-auth.xml:1539(para) serverguide/C/network-auth.xml:1696(para)
15083
15082
msgid "On the Provider,"
15084
15083
msgstr ""
15085
15084
15086
#: serverguide/C/network-auth.xml:1536(para)
15085
#: serverguide/C/network-auth.xml:1543(para)
15087
15086
msgid ""
15088
15087
"Create a holding directory (which will be used for the eventual transfer) "
15089
15088
"and then the Consumer's private key:"
15090
15089
msgstr ""
15091
15090
15092
#: serverguide/C/network-auth.xml:1541(command)
15091
#: serverguide/C/network-auth.xml:1548(command)
15093
15092
msgid "mkdir ldap02-ssl"
15094
15093
msgstr ""
15095
15094
15096
#: serverguide/C/network-auth.xml:1542(command)
15095
#: serverguide/C/network-auth.xml:1549(command)
15097
15096
msgid "cd ldap02-ssl"
15098
15097
msgstr ""
15099
15098
15100
#: serverguide/C/network-auth.xml:1543(command)
15099
#: serverguide/C/network-auth.xml:1550(command)
15101
15100
msgid ""
15102
15101
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15103
15102
"ldap02_slapd_key.pem"
15104
15103
msgstr ""
15105
15104
15106
#: serverguide/C/network-auth.xml:1548(para)
15105
#: serverguide/C/network-auth.xml:1555(para)
15107
15106
msgid ""
15108
15107
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
15109
15108
"server, adjusting its values accordingly:"
15110
15109
msgstr ""
15111
15110
15112
#: serverguide/C/network-auth.xml:1552(programlisting)
15111
#: serverguide/C/network-auth.xml:1559(programlisting)
15113
15112
#, no-wrap
15114
15113
msgid ""
15115
15114
"\n"
15121
15120
"expiration_days = 3650\n"
15122
15121
msgstr ""
15123
15122
15124
#: serverguide/C/network-auth.xml:1561(para)
15123
#: serverguide/C/network-auth.xml:1568(para)
15125
15124
msgid "Create the Consumer's certificate:"
15126
15125
msgstr ""
15127
15126
15128
#: serverguide/C/network-auth.xml:1566(command)
15127
#: serverguide/C/network-auth.xml:1573(command)
15129
15128
msgid ""
15130
15129
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
15131
15130
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
15133
15132
"ldap02_slapd_cert.pem"
15134
15133
msgstr ""
15135
15134
15136
#: serverguide/C/network-auth.xml:1574(para)
15135
#: serverguide/C/network-auth.xml:1581(para)
15137
15136
msgid "Get a copy of the CA certificate:"
15138
15137
msgstr ""
15139
15138
15140
#: serverguide/C/network-auth.xml:1579(command)
15139
#: serverguide/C/network-auth.xml:1586(command)
15141
15140
msgid "cp /etc/ssl/certs/cacert.pem ."
15142
15141
msgstr ""
15143
15142
15144
#: serverguide/C/network-auth.xml:1582(para)
15143
#: serverguide/C/network-auth.xml:1589(para)
15145
15144
msgid ""
15146
15145
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15147
15146
"the Consumer. Here we use scp (adjust accordingly):"
15148
15147
msgstr ""
15149
15148
15150
#: serverguide/C/network-auth.xml:1587(command)
15149
#: serverguide/C/network-auth.xml:1594(command)
15151
15150
msgid "cd .."
15152
15151
msgstr ""
15153
15152
15154
#: serverguide/C/network-auth.xml:1588(command)
15153
#: serverguide/C/network-auth.xml:1595(command)
15155
15154
msgid "scp -r ldap02-ssl user@consumer:"
15156
15155
msgstr ""
15157
15156
15158
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15157
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15159
15158
msgid "On the Consumer,"
15160
15159
msgstr ""
15161
15160
15162
#: serverguide/C/network-auth.xml:1598(para)
15161
#: serverguide/C/network-auth.xml:1605(para)
15163
15162
msgid "Configure TLS authentication:"
15164
15163
msgstr ""
15165
15164
15166
#: serverguide/C/network-auth.xml:1603(command)
15165
#: serverguide/C/network-auth.xml:1610(command)
15167
15166
msgid "sudo apt-get install ssl-cert"
15168
15167
msgstr ""
15169
15168
15170
#: serverguide/C/network-auth.xml:1605(command)
15169
#: serverguide/C/network-auth.xml:1612(command)
15171
15170
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15172
15171
msgstr ""
15173
15172
15174
#: serverguide/C/network-auth.xml:1606(command)
15173
#: serverguide/C/network-auth.xml:1613(command)
15175
15174
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15176
15175
msgstr ""
15177
15176
15178
#: serverguide/C/network-auth.xml:1607(command)
15177
#: serverguide/C/network-auth.xml:1614(command)
15179
15178
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15180
15179
msgstr ""
15181
15180
15182
#: serverguide/C/network-auth.xml:1608(command)
15181
#: serverguide/C/network-auth.xml:1615(command)
15183
15182
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15184
15183
msgstr ""
15185
15184
15186
#: serverguide/C/network-auth.xml:1609(command)
15185
#: serverguide/C/network-auth.xml:1616(command)
15187
15186
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15188
15187
msgstr ""
15189
15188
15190
#: serverguide/C/network-auth.xml:1612(para)
15189
#: serverguide/C/network-auth.xml:1619(para)
15191
15190
msgid ""
15192
15191
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15193
15192
"following contents (adjust accordingly):"
15194
15193
msgstr ""
15195
15194
15196
#: serverguide/C/network-auth.xml:1616(programlisting)
15195
#: serverguide/C/network-auth.xml:1623(programlisting)
15197
15196
#, no-wrap
15198
15197
msgid ""
15199
15198
"\n"
15208
15207
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15209
15208
msgstr ""
15210
15209
15211
#: serverguide/C/network-auth.xml:1628(para)
15210
#: serverguide/C/network-auth.xml:1635(para)
15212
15211
msgid "Configure the slapd-config database:"
15213
15212
msgstr ""
15214
15213
15215
#: serverguide/C/network-auth.xml:1633(command)
15214
#: serverguide/C/network-auth.xml:1640(command)
15216
15215
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15217
15216
msgstr ""
15218
15217
15219
#: serverguide/C/network-auth.xml:1636(para)
15218
#: serverguide/C/network-auth.xml:1643(para)
15220
15219
msgid ""
15221
15220
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15222
15221
"(SLAPD_SERVICES)."
15223
15222
msgstr ""
15224
15223
15225
#: serverguide/C/network-auth.xml:1646(para)
15224
#: serverguide/C/network-auth.xml:1653(para)
15226
15225
msgid ""
15227
15226
"Configure TLS for Consumer-side replication. Modify the existing "
15228
15227
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15230
15229
"value(s)."
15231
15230
msgstr ""
15232
15231
15233
#: serverguide/C/network-auth.xml:1651(para)
15232
#: serverguide/C/network-auth.xml:1658(para)
15234
15233
msgid ""
15235
15234
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15236
15235
"following contents:"
15237
15236
msgstr ""
15238
15237
15239
#: serverguide/C/network-auth.xml:1660(programlisting)
15238
#: serverguide/C/network-auth.xml:1662(programlisting)
15240
15239
#, no-wrap
15241
15240
msgid ""
15242
15241
"\n"
15251
15250
" starttls=critical tls_reqcert=demand\n"
15252
15251
msgstr ""
15253
15252
15254
#: serverguide/C/network-auth.xml:1665(para)
15253
#: serverguide/C/network-auth.xml:1672(para)
15255
15254
msgid ""
15256
15255
"The extra options specify, respectively, that the consumer must use StartTLS "
15257
15256
"and that the CA certificate is required to verify the Provider's identity. "
15259
15258
"('replace')."
15260
15259
msgstr ""
15261
15260
15262
#: serverguide/C/network-auth.xml:1670(para)
15261
#: serverguide/C/network-auth.xml:1677(para)
15263
15262
msgid "Implement these changes:"
15264
15263
msgstr ""
15265
15264
15266
#: serverguide/C/network-auth.xml:1675(command)
15265
#: serverguide/C/network-auth.xml:1682(command)
15267
15266
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15268
15267
msgstr ""
15269
15268
15270
#: serverguide/C/network-auth.xml:1678(para)
15269
#: serverguide/C/network-auth.xml:1685(para)
15271
15270
msgid "And restart slapd:"
15272
15271
msgstr ""
15273
15272
15274
#: serverguide/C/network-auth.xml:1693(para)
15273
#: serverguide/C/network-auth.xml:1700(para)
15275
15274
msgid ""
15276
15275
"Check to see that a TLS session has been established. In "
15277
15276
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15278
15277
"logging set up, you should see messages similar to:"
15279
15278
msgstr ""
15280
15279
15281
#: serverguide/C/network-auth.xml:1698(programlisting)
15280
#: serverguide/C/network-auth.xml:1705(programlisting)
15282
15281
#, no-wrap
15283
15282
msgid ""
15284
15283
"\n"
15295
15294
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15296
15295
msgstr ""
15297
15296
15298
#: serverguide/C/network-auth.xml:1716(title)
15297
#: serverguide/C/network-auth.xml:1723(title)
15299
15298
msgid "LDAP Authentication"
15300
15299
msgstr ""
15301
15300
15302
#: serverguide/C/network-auth.xml:1723(para)
15301
#: serverguide/C/network-auth.xml:1725(para)
15303
15302
msgid ""
15304
15303
"Once you have a working LDAP server, you will need to install libraries on "
15305
15304
"the client that will know how and when to contact it. On Ubuntu, this has "
15308
15307
"assist you in the configuration step. Install this package now:"
15309
15308
msgstr ""
15310
15309
15311
#: serverguide/C/network-auth.xml:1725(command)
15310
#: serverguide/C/network-auth.xml:1732(command)
15312
15311
msgid "sudo apt-get install libnss-ldap"
15313
15312
msgstr "sudo apt-get install libnss-ldap"
15314
15313
15315
#: serverguide/C/network-auth.xml:1728(para)
15314
#: serverguide/C/network-auth.xml:1735(para)
15316
15315
msgid ""
15317
15316
"You will be prompted for details of your LDAP server. If you make a mistake "
15318
15317
"you can try again using:"
15319
15318
msgstr ""
15320
15319
15321
#: serverguide/C/network-auth.xml:1733(command)
15320
#: serverguide/C/network-auth.xml:1740(command)
15322
15321
msgid "sudo dpkg-reconfigure ldap-auth-config"
15323
15322
msgstr "sudo dpkg-reconfigure ldap-auth-config"
15324
15323
15325
#: serverguide/C/network-auth.xml:1736(para)
15324
#: serverguide/C/network-auth.xml:1743(para)
15326
15325
msgid ""
15327
15326
"The results of the dialog can be seen in "
15328
15327
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15329
15328
"covered in the menu edit this file accordingly."
15330
15329
msgstr ""
15331
15330
15332
#: serverguide/C/network-auth.xml:1741(para)
15331
#: serverguide/C/network-auth.xml:1748(para)
15333
15332
msgid "Now configure the LDAP profile for NSS:"
15334
15333
msgstr ""
15335
15334
15336
#: serverguide/C/network-auth.xml:1746(command)
15335
#: serverguide/C/network-auth.xml:1753(command)
15337
15336
msgid "sudo auth-client-config -t nss -p lac_ldap"
15338
15337
msgstr "sudo auth-client-config -t nss -p lac_ldap"
15339
15338
15340
#: serverguide/C/network-auth.xml:1749(para)
15339
#: serverguide/C/network-auth.xml:1756(para)
15341
15340
msgid "Configure the system to use LDAP for authentication:"
15342
15341
msgstr ""
15343
15342
15344
#: serverguide/C/network-auth.xml:1754(command)
15343
#: serverguide/C/network-auth.xml:1761(command)
15345
15344
msgid "sudo pam-auth-update"
15346
15345
msgstr ""
15347
15346
15348
#: serverguide/C/network-auth.xml:1757(para)
15347
#: serverguide/C/network-auth.xml:1764(para)
15349
15348
msgid ""
15350
15349
"From the menu, choose LDAP and any other authentication mechanisms you need."
15351
15350
msgstr ""
15352
15351
15353
#: serverguide/C/network-auth.xml:1761(para)
15352
#: serverguide/C/network-auth.xml:1768(para)
15354
15353
msgid "You should now be able to log in using LDAP-based credentials."
15355
15354
msgstr ""
15356
15355
15357
#: serverguide/C/network-auth.xml:1765(para)
15356
#: serverguide/C/network-auth.xml:1772(para)
15358
15357
msgid ""
15359
15358
"LDAP clients will need to refer to multiple servers if replication is in "
15360
15359
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15361
15360
msgstr ""
15362
15361
15363
#: serverguide/C/network-auth.xml:1770(programlisting)
15362
#: serverguide/C/network-auth.xml:1777(programlisting)
15364
15363
#, no-wrap
15365
15364
msgid ""
15366
15365
"\n"
15367
15366
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15368
15367
msgstr ""
15369
15368
15370
#: serverguide/C/network-auth.xml:1774(para)
15369
#: serverguide/C/network-auth.xml:1781(para)
15371
15370
msgid ""
15372
15371
"The request will time out and the Consumer (ldap02) will attempt to be "
15373
15372
"reached if the Provider (ldap01) becomes unresponsive."
15374
15373
msgstr ""
15375
15374
15376
#: serverguide/C/network-auth.xml:1778(para)
15375
#: serverguide/C/network-auth.xml:1785(para)
15377
15376
msgid ""
15378
15377
"If you are going to use LDAP to store Samba users you will need to configure "
15379
15378
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15380
15379
"ldap\"/> for details."
15381
15380
msgstr ""
15382
15381
15383
#: serverguide/C/network-auth.xml:1784(para)
15382
#: serverguide/C/network-auth.xml:1791(para)
15384
15383
msgid ""
15385
15384
"An alternative to the <application>libnss-ldap</application> package is the "
15386
15385
"<application>libnss-ldapd</application> package. This, however, will bring "
15388
15387
"wanted. Simply remove it afterwards."
15389
15388
msgstr ""
15390
15389
15391
#: serverguide/C/network-auth.xml:1794(title)
15390
#: serverguide/C/network-auth.xml:1801(title)
15392
15391
msgid "User and Group Management"
15393
15392
msgstr ""
15394
15393
15395
#: serverguide/C/network-auth.xml:1796(para)
15394
#: serverguide/C/network-auth.xml:1803(para)
15396
15395
msgid ""
15397
15396
"The <application>ldap-utils</application> package comes with enough "
15398
15397
"utilities to manage the directory but the long string of options needed can "
15401
15400
"easier to use."
15402
15401
msgstr ""
15403
15402
15404
#: serverguide/C/network-auth.xml:1802(para)
15403
#: serverguide/C/network-auth.xml:1809(para)
15405
15404
msgid "Install the package:"
15406
15405
msgstr ""
15407
15406
15408
#: serverguide/C/network-auth.xml:1807(command)
15407
#: serverguide/C/network-auth.xml:1814(command)
15409
15408
msgid "sudo apt-get install ldapscripts"
15410
15409
msgstr "sudo apt-get install ldapscripts"
15411
15410
15412
#: serverguide/C/network-auth.xml:1810(para)
15411
#: serverguide/C/network-auth.xml:1817(para)
15413
15412
msgid ""
15414
15413
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15415
15414
"arrive at something similar to the following:"
15416
15415
msgstr ""
15417
15416
15418
#: serverguide/C/network-auth.xml:1814(programlisting)
15417
#: serverguide/C/network-auth.xml:1821(programlisting)
15419
15418
#, no-wrap
15420
15419
msgid ""
15421
15420
"\n"
15442
15441
"UIDSTART=10000\n"
15443
15442
"MIDSTART=10000\n"
15444
15443
15445
#: serverguide/C/network-auth.xml:1827(para)
15444
#: serverguide/C/network-auth.xml:1834(para)
15446
15445
msgid ""
15447
15446
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15448
15447
"access to the directory:"
15449
15448
msgstr ""
15450
15449
15451
#: serverguide/C/network-auth.xml:1832(command)
15450
#: serverguide/C/network-auth.xml:1839(command)
15452
15451
msgid ""
15453
15452
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15454
15453
msgstr ""
15455
15454
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15456
15455
15457
#: serverguide/C/network-auth.xml:1833(command)
15456
#: serverguide/C/network-auth.xml:1840(command)
15458
15457
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15459
15458
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15460
15459
15461
#: serverguide/C/network-auth.xml:1837(para)
15460
#: serverguide/C/network-auth.xml:1844(para)
15462
15461
msgid ""
15463
15462
"Replace <quote>secret</quote> with the actual password for your database's "
15464
15463
"rootDN user."
15465
15464
msgstr ""
15466
15465
15467
#: serverguide/C/network-auth.xml:1842(para)
15466
#: serverguide/C/network-auth.xml:1849(para)
15468
15467
msgid ""
15469
15468
"The scripts are now ready to help manage your directory. Here are some "
15470
15469
"examples of how to use them:"
15471
15470
msgstr ""
15472
15471
15473
#: serverguide/C/network-auth.xml:1849(para)
15472
#: serverguide/C/network-auth.xml:1856(para)
15474
15473
msgid "Create a new user:"
15475
15474
msgstr "Стварыць новага карыстальніка:"
15476
15475
15477
#: serverguide/C/network-auth.xml:1854(command)
15476
#: serverguide/C/network-auth.xml:1861(command)
15478
15477
msgid "sudo ldapadduser george example"
15479
15478
msgstr "sudo ldapadduser george example"
15480
15479
15481
#: serverguide/C/network-auth.xml:1857(para)
15480
#: serverguide/C/network-auth.xml:1864(para)
15482
15481
msgid ""
15483
15482
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15484
15483
"and set the user's primary group (gid) to <emphasis "
15485
15484
"role=\"italic\">example</emphasis>"
15486
15485
msgstr ""
15487
15486
15488
#: serverguide/C/network-auth.xml:1864(para)
15487
#: serverguide/C/network-auth.xml:1871(para)
15489
15488
msgid "Change a user's password:"
15490
15489
msgstr "Зьмяніць пароль карыстальніка:"
15491
15490
15492
#: serverguide/C/network-auth.xml:1869(command)
15491
#: serverguide/C/network-auth.xml:1876(command)
15493
15492
msgid "sudo ldapsetpasswd george"
15494
15493
msgstr "sudo ldapsetpasswd george"
15495
15494
15496
#: serverguide/C/network-auth.xml:1870(computeroutput)
15495
#: serverguide/C/network-auth.xml:1877(computeroutput)
15497
15496
#, no-wrap
15498
15497
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15499
15498
msgstr ""
15500
15499
15501
#: serverguide/C/network-auth.xml:1871(userinput)
15500
#: serverguide/C/network-auth.xml:1878(userinput)
15502
15501
#, no-wrap
15503
15502
msgid "New Password: "
15504
15503
msgstr "Новы пароль: "
15505
15504
15506
#: serverguide/C/network-auth.xml:1872(userinput)
15505
#: serverguide/C/network-auth.xml:1879(userinput)
15507
15506
#, no-wrap
15508
15507
msgid "New Password (verify): "
15509
15508
msgstr ""
15510
15509
15511
#: serverguide/C/network-auth.xml:1878(para)
15510
#: serverguide/C/network-auth.xml:1885(para)
15512
15511
msgid "Delete a user:"
15513
15512
msgstr "Выдаліць карыстальніка:"
15514
15513
15515
#: serverguide/C/network-auth.xml:1883(command)
15514
#: serverguide/C/network-auth.xml:1890(command)
15516
15515
msgid "sudo ldapdeleteuser george"
15517
15516
msgstr "sudo ldapdeleteuser george"
15518
15517
15519
#: serverguide/C/network-auth.xml:1889(para)
15518
#: serverguide/C/network-auth.xml:1896(para)
15520
15519
msgid "Add a group:"
15521
15520
msgstr "Дадаць групу:"
15522
15521
15523
#: serverguide/C/network-auth.xml:1894(command)
15522
#: serverguide/C/network-auth.xml:1901(command)
15524
15523
msgid "sudo ldapaddgroup qa"
15525
15524
msgstr "sudo ldapaddgroup qa"
15526
15525
15527
#: serverguide/C/network-auth.xml:1900(para)
15526
#: serverguide/C/network-auth.xml:1907(para)
15528
15527
msgid "Delete a group:"
15529
15528
msgstr "Выдаліць групу:"
15530
15529
15531
#: serverguide/C/network-auth.xml:1905(command)
15530
#: serverguide/C/network-auth.xml:1912(command)
15532
15531
msgid "sudo ldapdeletegroup qa"
15533
15532
msgstr "sudo ldapdeletegroup qa"
15534
15533
15535
#: serverguide/C/network-auth.xml:1911(para)
15534
#: serverguide/C/network-auth.xml:1918(para)
15536
15535
msgid "Add a user to a group:"
15537
15536
msgstr "Дадаць карыстальніка ў групу:"
15538
15537
15539
#: serverguide/C/network-auth.xml:1916(command)
15538
#: serverguide/C/network-auth.xml:1923(command)
15540
15539
msgid "sudo ldapaddusertogroup george qa"
15541
15540
msgstr "sudo ldapaddusertogroup george qa"
15542
15541
15543
#: serverguide/C/network-auth.xml:1919(para)
15542
#: serverguide/C/network-auth.xml:1926(para)
15544
15543
msgid ""
15545
15544
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15546
15545
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15547
15546
"role=\"italic\">george</emphasis>."
15548
15547
msgstr ""
15549
15548
15550
#: serverguide/C/network-auth.xml:1926(para)
15549
#: serverguide/C/network-auth.xml:1933(para)
15551
15550
msgid "Remove a user from a group:"
15552
15551
msgstr "Выдаліць карыстальніка з групы:"
15553
15552
15554
#: serverguide/C/network-auth.xml:1931(command)
15553
#: serverguide/C/network-auth.xml:1938(command)
15555
15554
msgid "sudo ldapdeleteuserfromgroup george qa"
15556
15555
msgstr "sudo ldapdeleteuserfromgroup george qa"
15557
15556
15558
#: serverguide/C/network-auth.xml:1934(para)
15557
#: serverguide/C/network-auth.xml:1941(para)
15559
15558
msgid ""
15560
15559
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15561
15560
"<emphasis role=\"italic\">qa</emphasis> group."
15562
15561
msgstr ""
15563
15562
15564
#: serverguide/C/network-auth.xml:1941(para)
15563
#: serverguide/C/network-auth.xml:1948(para)
15565
15564
msgid ""
15566
15565
"The <application>ldapmodifyuser</application> script allows you to add, "
15567
15566
"remove, or replace a user's attributes. The script uses the same syntax as "
15568
15567
"the <application>ldapmodify</application> utility. For example:"
15569
15568
msgstr ""
15570
15569
15571
#: serverguide/C/network-auth.xml:1947(command)
15570
#: serverguide/C/network-auth.xml:1954(command)
15572
15571
msgid "sudo ldapmodifyuser george"
15573
15572
msgstr "sudo ldapmodifyuser george"
15574
15573
15575
#: serverguide/C/network-auth.xml:1948(computeroutput)
15574
#: serverguide/C/network-auth.xml:1955(computeroutput)
15576
15575
#, no-wrap
15577
15576
msgid ""
15578
15577
"# About to modify the following entry :\n"
15593
15592
"dn: uid=george,ou=People,dc=example,dc=com"
15594
15593
msgstr ""
15595
15594
15596
#: serverguide/C/network-auth.xml:1964(userinput)
15595
#: serverguide/C/network-auth.xml:1971(userinput)
15597
15596
#, no-wrap
15598
15597
msgid ""
15599
15598
"replace: gecos\n"
15600
15599
"gecos: George Carlin"
15601
15600
msgstr ""
15602
15601
15603
#: serverguide/C/network-auth.xml:1968(para)
15602
#: serverguide/C/network-auth.xml:1975(para)
15604
15603
msgid ""
15605
15604
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15606
15605
"Carlin</quote>."
15607
15606
msgstr ""
15608
15607
15609
#: serverguide/C/network-auth.xml:1979(para)
15608
#: serverguide/C/network-auth.xml:1981(para)
15610
15609
msgid ""
15611
15610
"A nice feature of <application>ldapscripts</application> is the template "
15612
15611
"system. Templates allow you to customize the attributes of user, group, and "
15615
15614
"changing:"
15616
15615
msgstr ""
15617
15616
15618
#: serverguide/C/network-auth.xml:1980(programlisting)
15617
#: serverguide/C/network-auth.xml:1987(programlisting)
15619
15618
#, no-wrap
15620
15619
msgid ""
15621
15620
"\n"
15624
15623
"\n"
15625
15624
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15626
15625
15627
#: serverguide/C/network-auth.xml:1984(para)
15626
#: serverguide/C/network-auth.xml:1991(para)
15628
15627
msgid ""
15629
15628
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15630
15629
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15632
15631
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15633
15632
msgstr ""
15634
15633
15635
#: serverguide/C/network-auth.xml:1991(command)
15634
#: serverguide/C/network-auth.xml:1998(command)
15636
15635
msgid ""
15637
15636
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15638
15637
"/etc/ldapscripts/ldapadduser.template"
15639
15638
msgstr ""
15640
15639
15641
#: serverguide/C/network-auth.xml:1995(para)
15640
#: serverguide/C/network-auth.xml:2002(para)
15642
15641
msgid ""
15643
15642
"Edit the new template to add the desired attributes. The following will "
15644
15643
"create new users with an objectClass of inetOrgPerson:"
15645
15644
msgstr ""
15646
15645
15647
#: serverguide/C/network-auth.xml:2000(programlisting)
15646
#: serverguide/C/network-auth.xml:2007(programlisting)
15648
15647
#, no-wrap
15649
15648
msgid ""
15650
15649
"\n"
15677
15676
"description: User account\n"
15678
15677
"title: Employee\n"
15679
15678
15680
#: serverguide/C/network-auth.xml:2016(para)
15679
#: serverguide/C/network-auth.xml:2023(para)
15681
15680
msgid ""
15682
15681
"Notice the <emphasis><ask></emphasis> option used for the "
15683
15682
"<emphasis>sn</emphasis> attribute. This will make "
15684
15683
"<application>ldapadduser</application> prompt you for its value."
15685
15684
msgstr ""
15686
15685
15687
#: serverguide/C/network-auth.xml:2024(para)
15686
#: serverguide/C/network-auth.xml:2031(para)
15688
15687
msgid ""
15689
15688
"There are utilities in the package that were not covered here. Here is a "
15690
15689
"complete list:"
15691
15690
msgstr ""
15692
15691
15693
#: serverguide/C/network-auth.xml:2029(ulink)
15692
#: serverguide/C/network-auth.xml:2036(ulink)
15694
15693
msgid "ldaprenamemachine"
15695
15694
msgstr ""
15696
15695
15697
#: serverguide/C/network-auth.xml:2030(ulink)
15696
#: serverguide/C/network-auth.xml:2037(ulink)
15698
15697
msgid "ldapadduser"
15699
15698
msgstr ""
15700
15699
15701
#: serverguide/C/network-auth.xml:2031(ulink)
15700
#: serverguide/C/network-auth.xml:2038(ulink)
15702
15701
msgid "ldapdeleteuserfromgroup"
15703
15702
msgstr ""
15704
15703
15705
#: serverguide/C/network-auth.xml:2032(ulink)
15704
#: serverguide/C/network-auth.xml:2039(ulink)
15706
15705
msgid "ldapfinger"
15707
15706
msgstr ""
15708
15707
15709
#: serverguide/C/network-auth.xml:2033(ulink)
15708
#: serverguide/C/network-auth.xml:2040(ulink)
15710
15709
msgid "ldapid"
15711
15710
msgstr ""
15712
15711
15713
#: serverguide/C/network-auth.xml:2034(ulink)
15712
#: serverguide/C/network-auth.xml:2041(ulink)
15714
15713
msgid "ldapgid"
15715
15714
msgstr ""
15716
15715
15717
#: serverguide/C/network-auth.xml:2035(ulink)
15716
#: serverguide/C/network-auth.xml:2042(ulink)
15718
15717
msgid "ldapmodifyuser"
15719
15718
msgstr ""
15720
15719
15721
#: serverguide/C/network-auth.xml:2036(ulink)
15720
#: serverguide/C/network-auth.xml:2043(ulink)
15722
15721
msgid "ldaprenameuser"
15723
15722
msgstr ""
15724
15723
15725
#: serverguide/C/network-auth.xml:2037(ulink)
15724
#: serverguide/C/network-auth.xml:2044(ulink)
15726
15725
msgid "lsldap"
15727
15726
msgstr ""
15728
15727
15729
#: serverguide/C/network-auth.xml:2038(ulink)
15728
#: serverguide/C/network-auth.xml:2045(ulink)
15730
15729
msgid "ldapaddusertogroup"
15731
15730
msgstr ""
15732
15731
15733
#: serverguide/C/network-auth.xml:2039(ulink)
15732
#: serverguide/C/network-auth.xml:2046(ulink)
15734
15733
msgid "ldapsetpasswd"
15735
15734
msgstr ""
15736
15735
15737
#: serverguide/C/network-auth.xml:2040(ulink)
15736
#: serverguide/C/network-auth.xml:2047(ulink)
15738
15737
msgid "ldapinit"
15739
15738
msgstr ""
15740
15739
15741
#: serverguide/C/network-auth.xml:2041(ulink)
15740
#: serverguide/C/network-auth.xml:2048(ulink)
15742
15741
msgid "ldapaddgroup"
15743
15742
msgstr ""
15744
15743
15745
#: serverguide/C/network-auth.xml:2042(ulink)
15744
#: serverguide/C/network-auth.xml:2049(ulink)
15746
15745
msgid "ldapdeletegroup"
15747
15746
msgstr ""
15748
15747
15749
#: serverguide/C/network-auth.xml:2043(ulink)
15748
#: serverguide/C/network-auth.xml:2050(ulink)
15750
15749
msgid "ldapmodifygroup"
15751
15750
msgstr ""
15752
15751
15753
#: serverguide/C/network-auth.xml:2044(ulink)
15752
#: serverguide/C/network-auth.xml:2051(ulink)
15754
15753
msgid "ldapdeletemachine"
15755
15754
msgstr ""
15756
15755
15757
#: serverguide/C/network-auth.xml:2045(ulink)
15756
#: serverguide/C/network-auth.xml:2052(ulink)
15758
15757
msgid "ldaprenamegroup"
15759
15758
msgstr ""
15760
15759
15761
#: serverguide/C/network-auth.xml:2046(ulink)
15760
#: serverguide/C/network-auth.xml:2053(ulink)
15762
15761
msgid "ldapaddmachine"
15763
15762
msgstr ""
15764
15763
15765
#: serverguide/C/network-auth.xml:2047(ulink)
15764
#: serverguide/C/network-auth.xml:2054(ulink)
15766
15765
msgid "ldapmodifymachine"
15767
15766
msgstr ""
15768
15767
15769
#: serverguide/C/network-auth.xml:2048(ulink)
15768
#: serverguide/C/network-auth.xml:2055(ulink)
15770
15769
msgid "ldapsetprimarygroup"
15771
15770
msgstr ""
15772
15771
15773
#: serverguide/C/network-auth.xml:2049(ulink)
15772
#: serverguide/C/network-auth.xml:2056(ulink)
15774
15773
msgid "ldapdeleteuser"
15775
15774
msgstr ""
15776
15775
15777
#: serverguide/C/network-auth.xml:2055(title)
15776
#: serverguide/C/network-auth.xml:2062(title)
15778
15777
msgid "Backup and Restore"
15779
15778
msgstr ""
15780
15779
15781
#: serverguide/C/network-auth.xml:2057(para)
15780
#: serverguide/C/network-auth.xml:2064(para)
15782
15781
msgid ""
15783
15782
"Now we have ldap running just the way we want, it is time to ensure we can "
15784
15783
"save all of our work and restore it as needed."
15785
15784
msgstr ""
15786
15785
15787
#: serverguide/C/network-auth.xml:2062(para)
15786
#: serverguide/C/network-auth.xml:2069(para)
15788
15787
msgid ""
15789
15788
"What we need is a way to backup the ldap database(s), specifically the "
15790
15789
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15793
15792
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15794
15793
msgstr ""
15795
15794
15796
#: serverguide/C/network-auth.xml:2072(programlisting)
15795
#: serverguide/C/network-auth.xml:2079(programlisting)
15797
15796
#, no-wrap
15798
15797
msgid ""
15799
15798
"\n"
15808
15807
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
15809
15808
msgstr ""
15810
15809
15811
#: serverguide/C/network-auth.xml:2085(para)
15810
#: serverguide/C/network-auth.xml:2092(para)
15812
15811
msgid ""
15813
15812
"These files are uncompressed text files containing everything in your ldap "
15814
15813
"databases including the tree layout, usernames, and every password. So, you "
15818
15817
"requirements."
15819
15818
msgstr ""
15820
15819
15821
#: serverguide/C/network-auth.xml:2096(para)
15820
#: serverguide/C/network-auth.xml:2103(para)
15822
15821
msgid ""
15823
15822
"Then, it is just a matter of having a cron script to run this program as "
15824
15823
"often as we feel comfortable with. For many, once a day suffices. For "
15827
15826
"22:45h:"
15828
15827
msgstr ""
15829
15828
15830
#: serverguide/C/network-auth.xml:2104(programlisting)
15829
#: serverguide/C/network-auth.xml:2111(programlisting)
15831
15830
#, no-wrap
15832
15831
msgid ""
15833
15832
"\n"
15835
15834
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15836
15835
msgstr ""
15837
15836
15838
#: serverguide/C/network-auth.xml:2109(para)
15837
#: serverguide/C/network-auth.xml:2116(para)
15839
15838
msgid "Now the files are created, they should be copied to a backup server."
15840
15839
msgstr ""
15841
15840
15842
#: serverguide/C/network-auth.xml:2114(para)
15841
#: serverguide/C/network-auth.xml:2121(para)
15843
15842
msgid ""
15844
15843
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15845
15844
"something like this:"
15846
15845
msgstr ""
15847
15846
15848
#: serverguide/C/network-auth.xml:2120(command)
15847
#: serverguide/C/network-auth.xml:2127(command)
15849
15848
msgid "sudo service slapd stop"
15850
15849
msgstr ""
15851
15850
15852
#: serverguide/C/network-auth.xml:2121(command)
15851
#: serverguide/C/network-auth.xml:2128(command)
15853
15852
msgid "sudo mkdir /var/lib/ldap/accesslog"
15854
15853
msgstr ""
15855
15854
15856
#: serverguide/C/network-auth.xml:2122(command)
15855
#: serverguide/C/network-auth.xml:2129(command)
15857
15856
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15858
15857
msgstr ""
15859
15858
15860
#: serverguide/C/network-auth.xml:2123(command)
15859
#: serverguide/C/network-auth.xml:2130(command)
15861
15860
msgid ""
15862
15861
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15863
15862
msgstr ""
15864
15863
15865
#: serverguide/C/network-auth.xml:2124(command)
15864
#: serverguide/C/network-auth.xml:2131(command)
15866
15865
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15867
15866
msgstr ""
15868
15867
15869
#: serverguide/C/network-auth.xml:2125(command)
15868
#: serverguide/C/network-auth.xml:2132(command)
15870
15869
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15871
15870
msgstr ""
15872
15871
15873
#: serverguide/C/network-auth.xml:2126(command)
15872
#: serverguide/C/network-auth.xml:2133(command)
15874
15873
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15875
15874
msgstr ""
15876
15875
15877
#: serverguide/C/network-auth.xml:2127(command)
15876
#: serverguide/C/network-auth.xml:2134(command)
15878
15877
msgid "sudo service slapd start"
15879
15878
msgstr ""
15880
15879
15881
#: serverguide/C/network-auth.xml:2138(para)
15880
#: serverguide/C/network-auth.xml:2145(para)
15882
15881
msgid ""
15883
15882
"The primary resource is the upstream documentation: <ulink "
15884
15883
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15885
15884
msgstr ""
15886
15885
15887
#: serverguide/C/network-auth.xml:2144(para)
15886
#: serverguide/C/network-auth.xml:2151(para)
15888
15887
msgid ""
15889
15888
"There are many man pages that come with the slapd package. Here are some "
15890
15889
"important ones, especially considering the material presented in this guide:"
15891
15890
msgstr ""
15892
15891
15893
#: serverguide/C/network-auth.xml:2150(ulink)
15892
#: serverguide/C/network-auth.xml:2157(ulink)
15894
15893
msgid "slapd"
15895
15894
msgstr ""
15896
15895
15897
#: serverguide/C/network-auth.xml:2151(ulink)
15896
#: serverguide/C/network-auth.xml:2158(ulink)
15898
15897
msgid "slapd-config"
15899
15898
msgstr ""
15900
15899
15901
#: serverguide/C/network-auth.xml:2152(ulink)
15900
#: serverguide/C/network-auth.xml:2159(ulink)
15902
15901
msgid "slapd.access"
15903
15902
msgstr ""
15904
15903
15905
#: serverguide/C/network-auth.xml:2153(ulink)
15904
#: serverguide/C/network-auth.xml:2160(ulink)
15906
15905
msgid "slapo-syncprov"
15907
15906
msgstr ""
15908
15907
15909
#: serverguide/C/network-auth.xml:2159(para)
15908
#: serverguide/C/network-auth.xml:2166(para)
15910
15909
msgid "Other man pages:"
15911
15910
msgstr ""
15912
15911
15913
#: serverguide/C/network-auth.xml:2164(ulink)
15912
#: serverguide/C/network-auth.xml:2171(ulink)
15914
15913
msgid "auth-client-config"
15915
15914
msgstr ""
15916
15915
15917
#: serverguide/C/network-auth.xml:2165(ulink)
15916
#: serverguide/C/network-auth.xml:2172(ulink)
15918
15917
msgid "pam-auth-update"
15919
15918
msgstr ""
15920
15919
15921
#: serverguide/C/network-auth.xml:2171(para)
15920
#: serverguide/C/network-auth.xml:2178(para)
15922
15921
msgid ""
15923
15922
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15924
15923
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15925
15924
msgstr ""
15926
15925
15927
#: serverguide/C/network-auth.xml:2177(para)
15926
#: serverguide/C/network-auth.xml:2184(para)
15928
15927
msgid ""
15929
15928
"A Ubuntu community <ulink "
15930
15929
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15931
15930
"wiki</ulink> page has a collection of notes"
15932
15931
msgstr ""
15933
15932
15934
#: serverguide/C/network-auth.xml:2183(para)
15933
#: serverguide/C/network-auth.xml:2190(para)
15935
15934
msgid ""
15936
15935
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15937
15936
"Administration</ulink> (textbook; 2003)"
15938
15937
msgstr ""
15939
15938
15940
#: serverguide/C/network-auth.xml:2189(para)
15939
#: serverguide/C/network-auth.xml:2196(para)
15941
15940
msgid ""
15942
15941
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15943
15942
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15944
15943
msgstr ""
15945
15944
15946
#: serverguide/C/network-auth.xml:2200(title)
15945
#: serverguide/C/network-auth.xml:2207(title)
15947
15946
msgid "Samba and LDAP"
15948
15947
msgstr "Samba і LDAP"
15949
15948
15950
#: serverguide/C/network-auth.xml:2202(para)
15949
#: serverguide/C/network-auth.xml:2209(para)
15951
15950
msgid ""
15952
15951
"This section covers the integration of Samba with LDAP. The Samba server's "
15953
15952
"role will be that of a \"standalone\" server and the LDAP directory will "
15960
15959
"specifically you want Samba to do for you and then configure it accordingly."
15961
15960
msgstr ""
15962
15961
15963
#: serverguide/C/network-auth.xml:2211(title)
15962
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:4000(title)
15964
15963
msgid "Software Installation"
15965
15964
msgstr ""
15966
15965
15967
#: serverguide/C/network-auth.xml:2213(para)
15966
#: serverguide/C/network-auth.xml:2220(para)
15968
15967
msgid ""
15969
15968
"There are three packages needed when integrating Samba with LDAP: "
15970
15969
"<application>samba</application>, <application>samba-doc</application>, and "
15971
15970
"<application>smbldap-tools</application> packages."
15972
15971
msgstr ""
15973
15972
15974
#: serverguide/C/network-auth.xml:2223(para)
15973
#: serverguide/C/network-auth.xml:2225(para)
15975
15974
msgid ""
15976
15975
"Strictly speaking, the <application>smbldap-tools</application> package "
15977
15976
"isn't needed, but unless you have some other way to manage the various Samba "
15979
15978
"install it."
15980
15979
msgstr ""
15981
15980
15982
#: serverguide/C/network-auth.xml:2223(para)
15981
#: serverguide/C/network-auth.xml:2230(para)
15983
15982
msgid "Install these packages now:"
15984
15983
msgstr ""
15985
15984
15986
#: serverguide/C/network-auth.xml:2228(command)
15985
#: serverguide/C/network-auth.xml:2235(command)
15987
15986
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15988
15987
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
15989
15988
15990
#: serverguide/C/network-auth.xml:2234(title)
15989
#: serverguide/C/network-auth.xml:2241(title)
15991
15990
msgid "LDAP Configuration"
15992
15991
msgstr ""
15993
15992
15994
#: serverguide/C/network-auth.xml:2236(para)
15993
#: serverguide/C/network-auth.xml:2243(para)
15995
15994
msgid ""
15996
15995
"We will now configure the LDAP server so that it can accomodate Samba data. "
15997
15996
"We will perform three tasks in this section:"
15998
15997
msgstr ""
15999
15998
16000
#: serverguide/C/network-auth.xml:2243(para)
15999
#: serverguide/C/network-auth.xml:2250(para)
16001
16000
msgid "Import a schema"
16002
16001
msgstr ""
16003
16002
16004
#: serverguide/C/network-auth.xml:2247(para)
16003
#: serverguide/C/network-auth.xml:2254(para)
16005
16004
msgid "Index some entries"
16006
16005
msgstr ""
16007
16006
16008
#: serverguide/C/network-auth.xml:2251(para)
16007
#: serverguide/C/network-auth.xml:2258(para)
16009
16008
msgid "Add objects"
16010
16009
msgstr ""
16011
16010
16012
#: serverguide/C/network-auth.xml:2257(title)
16011
#: serverguide/C/network-auth.xml:2264(title)
16013
16012
msgid "Samba schema"
16014
16013
msgstr ""
16015
16014
16016
#: serverguide/C/network-auth.xml:2259(para)
16015
#: serverguide/C/network-auth.xml:2266(para)
16017
16016
msgid ""
16018
16017
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16019
16018
"will need to use attributes that can properly describe Samba data. Such "
16021
16020
"now."
16022
16021
msgstr ""
16023
16022
16024
#: serverguide/C/network-auth.xml:2265(para)
16023
#: serverguide/C/network-auth.xml:2272(para)
16025
16024
msgid ""
16026
16025
"For more information on schemas and their installation see <xref "
16027
16026
"linkend=\"openldap-configuration\"/>."
16028
16027
msgstr ""
16029
16028
16030
#: serverguide/C/network-auth.xml:2273(para)
16029
#: serverguide/C/network-auth.xml:2280(para)
16031
16030
msgid ""
16032
16031
"The schema is found in the now-installed <application>samba-"
16033
16032
"doc</application> package. It needs to be unzipped and copied to the "
16034
16033
"<filename>/etc/ldap/schema</filename> directory:"
16035
16034
msgstr ""
16036
16035
16037
#: serverguide/C/network-auth.xml:2279(command)
16036
#: serverguide/C/network-auth.xml:2286(command)
16038
16037
msgid ""
16039
16038
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16040
16039
"/etc/ldap/schema"
16041
16040
msgstr ""
16042
16041
16043
#: serverguide/C/network-auth.xml:2280(command)
16042
#: serverguide/C/network-auth.xml:2287(command)
16044
16043
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16045
16044
msgstr "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16046
16045
16047
#: serverguide/C/network-auth.xml:2286(para)
16046
#: serverguide/C/network-auth.xml:2293(para)
16048
16047
msgid ""
16049
16048
"Have the configuration file <filename>schema_convert.conf</filename> that "
16050
16049
"contains the following lines:"
16051
16050
msgstr ""
16052
16051
16053
#: serverguide/C/network-auth.xml:2290(programlisting)
16052
#: serverguide/C/network-auth.xml:2297(programlisting)
16054
16053
#, no-wrap
16055
16054
msgid ""
16056
16055
"\n"
16071
16070
"include /etc/ldap/schema/samba.schema\n"
16072
16071
msgstr ""
16073
16072
16074
#: serverguide/C/network-auth.xml:2311(para)
16073
#: serverguide/C/network-auth.xml:2318(para)
16075
16074
msgid "Have the directory <filename>ldif_output</filename> hold output."
16076
16075
msgstr ""
16077
16076
16078
#: serverguide/C/network-auth.xml:2322(command)
16077
#: serverguide/C/network-auth.xml:2329(command)
16079
16078
msgid ""
16080
16079
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16081
16080
msgstr ""
16082
16081
16083
#: serverguide/C/network-auth.xml:2323(computeroutput)
16082
#: serverguide/C/network-auth.xml:2330(computeroutput)
16084
16083
#, no-wrap
16085
16084
msgid ""
16086
16085
"\n"
16087
16086
"dn: cn={14}samba,cn=schema,cn=config\n"
16088
16087
msgstr ""
16089
16088
16090
#: serverguide/C/network-auth.xml:2331(para)
16089
#: serverguide/C/network-auth.xml:2338(para)
16091
16090
msgid "Convert the schema to LDIF format:"
16092
16091
msgstr ""
16093
16092
16094
#: serverguide/C/network-auth.xml:2336(command)
16093
#: serverguide/C/network-auth.xml:2343(command)
16095
16094
msgid ""
16096
16095
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16097
16096
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16098
16097
msgstr ""
16099
16098
16100
#: serverguide/C/network-auth.xml:2343(para)
16099
#: serverguide/C/network-auth.xml:2350(para)
16101
16100
msgid ""
16102
16101
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16103
16102
"information to arrive at:"
16104
16103
msgstr ""
16105
16104
16106
#: serverguide/C/network-auth.xml:2347(programlisting)
16105
#: serverguide/C/network-auth.xml:2354(programlisting)
16107
16106
#, no-wrap
16108
16107
msgid ""
16109
16108
"\n"
16116
16115
"...\n"
16117
16116
"cn: samba\n"
16118
16117
16119
#: serverguide/C/network-auth.xml:2353(para)
16118
#: serverguide/C/network-auth.xml:2360(para)
16120
16119
msgid "Remove the bottom lines:"
16121
16120
msgstr ""
16122
16121
16123
#: serverguide/C/network-auth.xml:2357(programlisting)
16122
#: serverguide/C/network-auth.xml:2364(programlisting)
16124
16123
#, no-wrap
16125
16124
msgid ""
16126
16125
"\n"
16141
16140
"modifiersName: cn=config\n"
16142
16141
"modifyTimestamp: 20080827045234Z\n"
16143
16142
16144
#: serverguide/C/network-auth.xml:2373(para)
16143
#: serverguide/C/network-auth.xml:2380(para)
16145
16144
msgid "Add the new schema:"
16146
16145
msgstr ""
16147
16146
16148
#: serverguide/C/network-auth.xml:2378(command)
16147
#: serverguide/C/network-auth.xml:2385(command)
16149
16148
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16150
16149
msgstr ""
16151
16150
16152
#: serverguide/C/network-auth.xml:2381(para)
16151
#: serverguide/C/network-auth.xml:2388(para)
16153
16152
msgid "To query and view this new schema:"
16154
16153
msgstr ""
16155
16154
16156
#: serverguide/C/network-auth.xml:2386(command)
16155
#: serverguide/C/network-auth.xml:2393(command)
16157
16156
msgid ""
16158
16157
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16159
16158
"'cn=*samba*'"
16160
16159
msgstr ""
16161
16160
16162
#: serverguide/C/network-auth.xml:2396(title)
16161
#: serverguide/C/network-auth.xml:2403(title)
16163
16162
msgid "Samba indices"
16164
16163
msgstr ""
16165
16164
16166
#: serverguide/C/network-auth.xml:2398(para)
16165
#: serverguide/C/network-auth.xml:2405(para)
16167
16166
msgid ""
16168
16167
"Now that slapd knows about the Samba attributes, we can set up some indices "
16169
16168
"based on them. Indexing entries is a way to improve performance when a "
16170
16169
"client performs a filtered search on the DIT."
16171
16170
msgstr ""
16172
16171
16173
#: serverguide/C/network-auth.xml:2403(para)
16172
#: serverguide/C/network-auth.xml:2410(para)
16174
16173
msgid ""
16175
16174
"Create the file <filename>samba_indices.ldif</filename> with the following "
16176
16175
"contents:"
16177
16176
msgstr ""
16178
16177
16179
#: serverguide/C/network-auth.xml:2407(programlisting)
16178
#: serverguide/C/network-auth.xml:2414(programlisting)
16180
16179
#, no-wrap
16181
16180
msgid ""
16182
16181
"\n"
16213
16212
"olcDbIndex: sambaDomainName eq\n"
16214
16213
"olcDbIndex: default sub\n"
16215
16214
16216
#: serverguide/C/network-auth.xml:2425(para)
16215
#: serverguide/C/network-auth.xml:2432(para)
16217
16216
msgid ""
16218
16217
"Using the <application>ldapmodify</application> utility load the new indices:"
16219
16218
msgstr ""
16220
16219
16221
#: serverguide/C/network-auth.xml:2430(command)
16220
#: serverguide/C/network-auth.xml:2437(command)
16222
16221
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16223
16222
msgstr ""
16224
16223
16225
#: serverguide/C/network-auth.xml:2433(para)
16224
#: serverguide/C/network-auth.xml:2440(para)
16226
16225
msgid ""
16227
16226
"If all went well you should see the new indices using "
16228
16227
"<application>ldapsearch</application>:"
16229
16228
msgstr ""
16230
16229
16231
#: serverguide/C/network-auth.xml:2438(command)
16230
#: serverguide/C/network-auth.xml:2445(command)
16232
16231
msgid ""
16233
16232
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16234
16233
"olcDatabase={1}hdb olcDbIndex"
16235
16234
msgstr ""
16236
16235
16237
#: serverguide/C/network-auth.xml:2445(title)
16236
#: serverguide/C/network-auth.xml:2452(title)
16238
16237
msgid "Adding Samba LDAP objects"
16239
16238
msgstr ""
16240
16239
16241
#: serverguide/C/network-auth.xml:2452(para)
16240
#: serverguide/C/network-auth.xml:2454(para)
16242
16241
msgid ""
16243
16242
"Next, configure the <application>smbldap-tools</application> package to "
16244
16243
"match your environment. The package is supposed to come with a configuration "
16249
16248
"smbldap-tools')."
16250
16249
msgstr ""
16251
16250
16252
#: serverguide/C/network-auth.xml:2459(para)
16251
#: serverguide/C/network-auth.xml:2461(para)
16253
16252
msgid ""
16254
16253
"To manually configure the package, you need to create and edit the files "
16255
16254
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16256
16255
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16257
16256
msgstr ""
16258
16257
16259
#: serverguide/C/network-auth.xml:2464(para)
16258
#: serverguide/C/network-auth.xml:2466(para)
16260
16259
msgid ""
16261
16260
"The <application>smbldap-populate</application> script will then add the "
16262
16261
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16263
16262
"your DIT using <application>slapcat</application>:"
16264
16263
msgstr ""
16265
16264
16266
#: serverguide/C/network-auth.xml:2473(command)
16265
#: serverguide/C/network-auth.xml:2472(command)
16267
16266
msgid "sudo slapcat -l backup.ldif"
16268
16267
msgstr "sudo slapcat -l backup.ldif"
16269
16268
16270
#: serverguide/C/network-auth.xml:2476(para)
16269
#: serverguide/C/network-auth.xml:2475(para)
16271
16270
msgid "Once you have a backup proceed to populate your directory:"
16272
16271
msgstr ""
16273
16272
16274
#: serverguide/C/network-auth.xml:2481(command)
16273
#: serverguide/C/network-auth.xml:2480(command)
16275
16274
msgid "sudo smbldap-populate"
16276
16275
msgstr "sudo smbldap-populate"
16277
16276
16278
#: serverguide/C/network-auth.xml:2484(para)
16277
#: serverguide/C/network-auth.xml:2483(para)
16279
16278
msgid ""
16280
16279
"You can create a LDIF file containing the new Samba objects by executing "
16281
16280
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16284
16283
"and import its data per usual."
16285
16284
msgstr ""
16286
16285
16287
#: serverguide/C/network-auth.xml:2490(para)
16286
#: serverguide/C/network-auth.xml:2489(para)
16288
16287
msgid ""
16289
16288
"Your LDAP directory now has the necessary information to authenticate Samba "
16290
16289
"users."
16291
16290
msgstr ""
16292
16291
16293
#: serverguide/C/network-auth.xml:2499(title)
16292
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4032(title)
16294
16293
msgid "Samba Configuration"
16295
16294
msgstr "Наладкі Samba"
16296
16295
16297
#: serverguide/C/network-auth.xml:2498(para)
16296
#: serverguide/C/network-auth.xml:2500(para)
16298
16297
msgid ""
16299
16298
"There are multiple ways to configure Samba. For details on some common "
16300
16299
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16303
16302
"adding some ldap-related ones:"
16304
16303
msgstr ""
16305
16304
16306
#: serverguide/C/network-auth.xml:2507(programlisting)
16305
#: serverguide/C/network-auth.xml:2506(programlisting)
16307
16306
#, no-wrap
16308
16307
msgid ""
16309
16308
"\n"
16338
16337
"...\n"
16339
16338
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16340
16339
16341
#: serverguide/C/network-auth.xml:2524(para)
16340
#: serverguide/C/network-auth.xml:2523(para)
16342
16341
msgid "Change the values to match your environment."
16343
16342
msgstr ""
16344
16343
16345
#: serverguide/C/network-auth.xml:2528(para)
16344
#: serverguide/C/network-auth.xml:2527(para)
16346
16345
msgid "Restart <application>samba</application> to enable the new settings:"
16347
16346
msgstr ""
16348
16347
16349
#: serverguide/C/network-auth.xml:2537(para)
16348
#: serverguide/C/network-auth.xml:2536(para)
16350
16349
msgid ""
16351
16350
"Now inform Samba about the rootDN user's password (the one set during the "
16352
16351
"installation of the slapd package):"
16353
16352
msgstr ""
16354
16353
16355
#: serverguide/C/network-auth.xml:2542(command)
16354
#: serverguide/C/network-auth.xml:2541(command)
16356
16355
msgid "sudo smbpasswd -w password"
16357
16356
msgstr ""
16358
16357
16359
#: serverguide/C/network-auth.xml:2545(para)
16358
#: serverguide/C/network-auth.xml:2544(para)
16360
16359
msgid ""
16361
16360
"If you have existing LDAP users that you want to include in your new LDAP-"
16362
16361
"backed Samba they will, of course, also need to be given some of the extra "
16366
16365
"<application>libnss-ldap</application>):"
16367
16366
msgstr ""
16368
16367
16369
#: serverguide/C/network-auth.xml:2553(command)
16368
#: serverguide/C/network-auth.xml:2552(command)
16370
16369
msgid "sudo smbpasswd -a username"
16371
16370
msgstr "sudo smbpasswd -a username"
16372
16371
16373
#: serverguide/C/network-auth.xml:2556(para)
16372
#: serverguide/C/network-auth.xml:2555(para)
16374
16373
msgid ""
16375
16374
"You will prompted to enter a password. It will be considered as the new "
16376
16375
"password for that user. Making it the same as before is reasonable."
16377
16376
msgstr ""
16378
16377
16379
#: serverguide/C/network-auth.xml:2560(para)
16378
#: serverguide/C/network-auth.xml:2559(para)
16380
16379
msgid ""
16381
16380
"To manage user, group, and machine accounts use the utilities provided by "
16382
16381
"the <application>smbldap-tools</application> package. Here are some examples:"
16383
16382
msgstr ""
16384
16383
16385
#: serverguide/C/network-auth.xml:2568(para)
16384
#: serverguide/C/network-auth.xml:2567(para)
16386
16385
msgid "To add a new user:"
16387
16386
msgstr ""
16388
16387
16389
#: serverguide/C/network-auth.xml:2573(command)
16388
#: serverguide/C/network-auth.xml:2572(command)
16390
16389
msgid "sudo smbldap-useradd -a -P username"
16391
16390
msgstr ""
16392
16391
16393
#: serverguide/C/network-auth.xml:2576(para)
16392
#: serverguide/C/network-auth.xml:2575(para)
16394
16393
msgid ""
16395
16394
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16396
16395
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16398
16397
"a password for the user."
16399
16398
msgstr ""
16400
16399
16401
#: serverguide/C/network-auth.xml:2583(para)
16400
#: serverguide/C/network-auth.xml:2582(para)
16402
16401
msgid "To remove a user:"
16403
16402
msgstr ""
16404
16403
16405
#: serverguide/C/network-auth.xml:2588(command)
16404
#: serverguide/C/network-auth.xml:2587(command)
16406
16405
msgid "sudo smbldap-userdel username"
16407
16406
msgstr "sudo smbldap-userdel username"
16408
16407
16409
#: serverguide/C/network-auth.xml:2591(para)
16408
#: serverguide/C/network-auth.xml:2590(para)
16410
16409
msgid ""
16411
16410
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16412
16411
"user's home directory."
16413
16412
msgstr ""
16414
16413
16415
#: serverguide/C/network-auth.xml:2597(para)
16414
#: serverguide/C/network-auth.xml:2596(para)
16416
16415
msgid "To add a group:"
16417
16416
msgstr ""
16418
16417
16419
#: serverguide/C/network-auth.xml:2602(command)
16418
#: serverguide/C/network-auth.xml:2601(command)
16420
16419
msgid "sudo smbldap-groupadd -a groupname"
16421
16420
msgstr "sudo smbldap-groupadd -a groupname"
16422
16421
16423
#: serverguide/C/network-auth.xml:2605(para)
16422
#: serverguide/C/network-auth.xml:2604(para)
16424
16423
msgid ""
16425
16424
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16426
16425
"a</emphasis> adds the Samba attributes."
16427
16426
msgstr ""
16428
16427
16429
#: serverguide/C/network-auth.xml:2611(para)
16428
#: serverguide/C/network-auth.xml:2610(para)
16430
16429
msgid "To make an existing user a member of a group:"
16431
16430
msgstr ""
16432
16431
16433
#: serverguide/C/network-auth.xml:2616(command)
16432
#: serverguide/C/network-auth.xml:2615(command)
16434
16433
msgid "sudo smbldap-groupmod -m username groupname"
16435
16434
msgstr "sudo smbldap-groupmod -m username groupname"
16436
16435
16437
#: serverguide/C/network-auth.xml:2619(para)
16436
#: serverguide/C/network-auth.xml:2618(para)
16438
16437
msgid ""
16439
16438
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16440
16439
"listing them in comma-separated format."
16441
16440
msgstr ""
16442
16441
16443
#: serverguide/C/network-auth.xml:2625(para)
16442
#: serverguide/C/network-auth.xml:2624(para)
16444
16443
msgid "To remove a user from a group:"
16445
16444
msgstr ""
16446
16445
16447
#: serverguide/C/network-auth.xml:2630(command)
16446
#: serverguide/C/network-auth.xml:2629(command)
16448
16447
msgid "sudo smbldap-groupmod -x username groupname"
16449
16448
msgstr "sudo smbldap-groupmod -x username groupname"
16450
16449
16451
#: serverguide/C/network-auth.xml:2636(para)
16450
#: serverguide/C/network-auth.xml:2635(para)
16452
16451
msgid "To add a Samba machine account:"
16453
16452
msgstr ""
16454
16453
16455
#: serverguide/C/network-auth.xml:2641(command)
16454
#: serverguide/C/network-auth.xml:2640(command)
16456
16455
msgid "sudo smbldap-useradd -t 0 -w username"
16457
16456
msgstr "sudo smbldap-useradd -t 0 -w username"
16458
16457
16459
#: serverguide/C/network-auth.xml:2644(para)
16458
#: serverguide/C/network-auth.xml:2643(para)
16460
16459
msgid ""
16461
16460
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16462
16461
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16466
16465
"<application>smbldap-useradd</application>."
16467
16466
msgstr ""
16468
16467
16469
#: serverguide/C/network-auth.xml:2653(para)
16468
#: serverguide/C/network-auth.xml:2652(para)
16470
16469
msgid ""
16471
16470
"There are utilities in the <application>smbldap-tools</application> package "
16472
16471
"that were not covered here. Here is a complete list:"
16473
16472
msgstr ""
16474
16473
16474
#: serverguide/C/network-auth.xml:2657(ulink)
16475
msgid "smbldap-groupadd"
16476
msgstr ""
16477
16475
16478
#: serverguide/C/network-auth.xml:2658(ulink)
16476
msgid "smbldap-groupadd"
16479
msgid "smbldap-groupdel"
16477
16480
msgstr ""
16478
16481
16479
16482
#: serverguide/C/network-auth.xml:2659(ulink)
16480
msgid "smbldap-groupdel"
16483
msgid "smbldap-groupmod"
16481
16484
msgstr ""
16482
16485
16483
16486
#: serverguide/C/network-auth.xml:2660(ulink)
16484
msgid "smbldap-groupmod"
16487
msgid "smbldap-groupshow"
16485
16488
msgstr ""
16486
16489
16487
16490
#: serverguide/C/network-auth.xml:2661(ulink)
16488
msgid "smbldap-groupshow"
16491
msgid "smbldap-passwd"
16489
16492
msgstr ""
16490
16493
16491
16494
#: serverguide/C/network-auth.xml:2662(ulink)
16492
msgid "smbldap-passwd"
16495
msgid "smbldap-populate"
16493
16496
msgstr ""
16494
16497
16495
16498
#: serverguide/C/network-auth.xml:2663(ulink)
16496
msgid "smbldap-populate"
16499
msgid "smbldap-useradd"
16497
16500
msgstr ""
16498
16501
16499
16502
#: serverguide/C/network-auth.xml:2664(ulink)
16500
msgid "smbldap-useradd"
16503
msgid "smbldap-userdel"
16501
16504
msgstr ""
16502
16505
16503
16506
#: serverguide/C/network-auth.xml:2665(ulink)
16504
msgid "smbldap-userdel"
16507
msgid "smbldap-userinfo"
16505
16508
msgstr ""
16506
16509
16507
16510
#: serverguide/C/network-auth.xml:2666(ulink)
16508
msgid "smbldap-userinfo"
16511
msgid "smbldap-userlist"
16509
16512
msgstr ""
16510
16513
16511
16514
#: serverguide/C/network-auth.xml:2667(ulink)
16512
msgid "smbldap-userlist"
16515
msgid "smbldap-usermod"
16513
16516
msgstr ""
16514
16517
16515
16518
#: serverguide/C/network-auth.xml:2668(ulink)
16516
msgid "smbldap-usermod"
16517
msgstr ""
16518
16519
#: serverguide/C/network-auth.xml:2669(ulink)
16520
16519
msgid "smbldap-usershow"
16521
16520
msgstr ""
16522
16521
16523
#: serverguide/C/network-auth.xml:2677(para)
16522
#: serverguide/C/network-auth.xml:2679(para)
16524
16523
msgid ""
16525
16524
"For more information on installing and configuring Samba see <xref "
16526
16525
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16527
16526
msgstr ""
16528
16527
16529
#: serverguide/C/network-auth.xml:2686(para)
16528
#: serverguide/C/network-auth.xml:2685(para)
16530
16529
msgid ""
16531
16530
"There are multiple places where LDAP and Samba is documented in the upstream "
16532
16531
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16533
16532
"HOWTO Collection</ulink>."
16534
16533
msgstr ""
16535
16534
16536
#: serverguide/C/network-auth.xml:2693(para)
16535
#: serverguide/C/network-auth.xml:2692(para)
16537
16536
msgid ""
16538
16537
"Regarding the above, see specifically the <ulink "
16539
16538
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16540
16539
"Collection/passdb.html\">passdb section</ulink>."
16541
16540
msgstr ""
16542
16541
16543
#: serverguide/C/network-auth.xml:2699(para)
16542
#: serverguide/C/network-auth.xml:2698(para)
16544
16543
msgid ""
16545
16544
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16546
16545
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16547
16546
"valuable notes."
16548
16547
msgstr ""
16549
16548
16550
#: serverguide/C/network-auth.xml:2705(para)
16549
#: serverguide/C/network-auth.xml:2704(para)
16551
16550
msgid ""
16552
16551
"The main page of the <ulink "
16553
16552
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16555
16554
"prove useful."
16556
16555
msgstr ""
16557
16556
16558
#: serverguide/C/network-auth.xml:2718(title)
16557
#: serverguide/C/network-auth.xml:2717(title)
16559
16558
msgid "Kerberos"
16560
16559
msgstr "Kerberos"
16561
16560
16562
#: serverguide/C/network-auth.xml:2720(para)
16561
#: serverguide/C/network-auth.xml:2719(para)
16563
16562
msgid ""
16564
16563
"<application>Kerberos</application> is a network authentication system based "
16565
16564
"on the principal of a trusted third party. The other two parties being the "
16568
16567
"network environment one step closer to being Single Sign On (SSO)."
16569
16568
msgstr ""
16570
16569
16571
#: serverguide/C/network-auth.xml:2726(para)
16570
#: serverguide/C/network-auth.xml:2725(para)
16572
16571
msgid ""
16573
16572
"This section covers installation and configuration of a Kerberos server, and "
16574
16573
"some example client configurations."
16575
16574
msgstr ""
16576
16575
16577
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16576
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16578
16577
msgid "Overview"
16579
16578
msgstr ""
16580
16579
16581
#: serverguide/C/network-auth.xml:2733(para)
16580
#: serverguide/C/network-auth.xml:2732(para)
16582
16581
msgid ""
16583
16582
"If you are new to Kerberos there are a few terms that are good to understand "
16584
16583
"before setting up a Kerberos server. Most of the terms will relate to things "
16585
16584
"you may be familiar with in other environments:"
16586
16585
msgstr ""
16587
16586
16588
#: serverguide/C/network-auth.xml:2740(para)
16587
#: serverguide/C/network-auth.xml:2739(para)
16589
16588
msgid ""
16590
16589
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16591
16590
"by servers need to be defined as Kerberos Principals."
16592
16591
msgstr ""
16593
16592
16594
#: serverguide/C/network-auth.xml:2745(para)
16593
#: serverguide/C/network-auth.xml:2744(para)
16595
16594
msgid ""
16596
16595
"<emphasis>Instances:</emphasis> are used for service principals and special "
16597
16596
"administrative principals."
16598
16597
msgstr ""
16599
16598
16600
#: serverguide/C/network-auth.xml:2750(para)
16599
#: serverguide/C/network-auth.xml:2749(para)
16601
16600
msgid ""
16602
16601
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16603
16602
"Kerberos installation. Think of it as the domain or group your hosts and "
16606
16605
"as the realm."
16607
16606
msgstr ""
16608
16607
16609
#: serverguide/C/network-auth.xml:2759(para)
16608
#: serverguide/C/network-auth.xml:2758(para)
16610
16609
msgid ""
16611
16610
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16612
16611
"a database of all principals, the authentication server, and the ticket "
16613
16612
"granting server. For each realm there must be at least one KDC."
16614
16613
msgstr ""
16615
16614
16616
#: serverguide/C/network-auth.xml:2765(para)
16615
#: serverguide/C/network-auth.xml:2764(para)
16617
16616
msgid ""
16618
16617
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16619
16618
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16620
16619
"password which is known only to the user and the KDC."
16621
16620
msgstr ""
16622
16621
16623
#: serverguide/C/network-auth.xml:2771(para)
16622
#: serverguide/C/network-auth.xml:2770(para)
16624
16623
msgid ""
16625
16624
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16626
16625
"clients upon request."
16627
16626
msgstr ""
16628
16627
16629
#: serverguide/C/network-auth.xml:2776(para)
16628
#: serverguide/C/network-auth.xml:2775(para)
16630
16629
msgid ""
16631
16630
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16632
16631
"One principal being a user and the other a service requested by the user. "
16634
16633
"authenticated session."
16635
16634
msgstr ""
16636
16635
16637
#: serverguide/C/network-auth.xml:2782(para)
16636
#: serverguide/C/network-auth.xml:2781(para)
16638
16637
msgid ""
16639
16638
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16640
16639
"principal database and contain the encryption key for a service or host."
16641
16640
msgstr ""
16642
16641
16643
#: serverguide/C/network-auth.xml:2789(para)
16642
#: serverguide/C/network-auth.xml:2788(para)
16644
16643
msgid ""
16645
16644
"To put the pieces together, a Realm has at least one KDC, preferably more "
16646
16645
"for redundancy, which contains a database of Principals. When a user "
16652
16651
"entering another username and password."
16653
16652
msgstr ""
16654
16653
16655
#: serverguide/C/network-auth.xml:2798(title)
16654
#: serverguide/C/network-auth.xml:2797(title)
16656
16655
msgid "Kerberos Server"
16657
16656
msgstr "Сэрвер Kerberos"
16658
16657
16659
#: serverguide/C/network-auth.xml:2802(para)
16658
#: serverguide/C/network-auth.xml:2801(para)
16660
16659
msgid ""
16661
16660
"For this discussion, we will create a MIT Kerberos domain with the following "
16662
16661
"features (edit them to fit your needs):"
16663
16662
msgstr ""
16664
16663
16665
#: serverguide/C/network-auth.xml:2809(para)
16664
#: serverguide/C/network-auth.xml:2808(para)
16666
16665
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16667
16666
msgstr ""
16668
16667
16669
#: serverguide/C/network-auth.xml:2814(para)
16668
#: serverguide/C/network-auth.xml:2813(para)
16670
16669
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16671
16670
msgstr ""
16672
16671
16673
#: serverguide/C/network-auth.xml:2819(para)
16672
#: serverguide/C/network-auth.xml:2818(para)
16674
16673
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16675
16674
msgstr ""
16676
16675
16677
#: serverguide/C/network-auth.xml:2824(para)
16676
#: serverguide/C/network-auth.xml:2823(para)
16678
16677
msgid "<emphasis>User principal:</emphasis> steve"
16679
16678
msgstr ""
16680
16679
16681
#: serverguide/C/network-auth.xml:2829(para)
16680
#: serverguide/C/network-auth.xml:2828(para)
16682
16681
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16683
16682
msgstr ""
16684
16683
16685
#: serverguide/C/network-auth.xml:2836(para)
16684
#: serverguide/C/network-auth.xml:2835(para)
16686
16685
msgid ""
16687
16686
"It is <emphasis>strongly</emphasis> recommended that your network-"
16688
16687
"authenticated users have their uid in a different range (say, starting at "
16689
16688
"5000) than that of your local users."
16690
16689
msgstr ""
16691
16690
16692
#: serverguide/C/network-auth.xml:2842(para)
16691
#: serverguide/C/network-auth.xml:2841(para)
16693
16692
msgid ""
16694
16693
"Before installing the Kerberos server a properly configured DNS server is "
16695
16694
"needed for your domain. Since the Kerberos Realm by convention matches the "
16698
16697
"documentation."
16699
16698
msgstr ""
16700
16699
16701
#: serverguide/C/network-auth.xml:2848(para)
16700
#: serverguide/C/network-auth.xml:2847(para)
16702
16701
msgid ""
16703
16702
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16704
16703
"between a client machine and the server differs by more than five minutes "
16708
16707
"setting up NTP see <xref linkend=\"NTP\"/>."
16709
16708
msgstr ""
16710
16709
16711
#: serverguide/C/network-auth.xml:2856(para)
16710
#: serverguide/C/network-auth.xml:2855(para)
16712
16711
msgid ""
16713
16712
"The first step in creating a Kerberos Realm is to install the "
16714
16713
"<application>krb5-kdc</application> and <application>krb5-admin-"
16715
16714
"server</application> packages. From a terminal enter:"
16716
16715
msgstr ""
16717
16716
16718
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16717
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16719
16718
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16720
16719
msgstr "sudo apt-get install krb5-kdc krb5-admin-server"
16721
16720
16722
#: serverguide/C/network-auth.xml:2865(para)
16721
#: serverguide/C/network-auth.xml:2864(para)
16723
16722
msgid ""
16724
16723
"You will be asked at the end of the install to supply the hostname for the "
16725
16724
"Kerberos and Admin servers, which may or may not be the same server, for the "
16726
16725
"realm."
16727
16726
msgstr ""
16728
16727
16729
#: serverguide/C/network-auth.xml:2872(para)
16728
#: serverguide/C/network-auth.xml:2871(para)
16730
16729
msgid "By default the realm is created from the KDC's domain name."
16731
16730
msgstr ""
16732
16731
16733
#: serverguide/C/network-auth.xml:2877(para)
16732
#: serverguide/C/network-auth.xml:2876(para)
16734
16733
msgid ""
16735
16734
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16736
16735
"utility:"
16737
16736
msgstr ""
16738
16737
16739
#: serverguide/C/network-auth.xml:2882(command)
16738
#: serverguide/C/network-auth.xml:2881(command)
16740
16739
msgid "sudo krb5_newrealm"
16741
16740
msgstr "sudo krb5_newrealm"
16742
16741
16743
#: serverguide/C/network-auth.xml:2889(para)
16742
#: serverguide/C/network-auth.xml:2888(para)
16744
16743
msgid ""
16745
16744
"The questions asked during installation are used to configure the "
16746
16745
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16750
16749
"typing"
16751
16750
msgstr ""
16752
16751
16753
#: serverguide/C/network-auth.xml:2896(command)
16752
#: serverguide/C/network-auth.xml:2895(command)
16754
16753
msgid "sudo dpkg-reconfigure krb5-kdc"
16755
16754
msgstr ""
16756
16755
16757
#: serverguide/C/network-auth.xml:2902(para)
16756
#: serverguide/C/network-auth.xml:2901(para)
16758
16757
msgid ""
16759
16758
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16760
16759
"principal</emphasis> -- is needed. It is recommended to use a different "
16762
16761
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16763
16762
msgstr ""
16764
16763
16765
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16764
#: serverguide/C/network-auth.xml:2909(command) serverguide/C/network-auth.xml:3779(command)
16766
16765
msgid "sudo kadmin.local"
16767
16766
msgstr "sudo kadmin.local"
16768
16767
16769
#: serverguide/C/network-auth.xml:2911(computeroutput)
16768
#: serverguide/C/network-auth.xml:2910(computeroutput)
16770
16769
#, no-wrap
16771
16770
msgid ""
16772
16771
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16773
16772
"kadmin.local:"
16774
16773
msgstr ""
16775
16774
16776
#: serverguide/C/network-auth.xml:2912(userinput)
16775
#: serverguide/C/network-auth.xml:2911(userinput)
16777
16776
#, no-wrap
16778
16777
msgid " addprinc steve/admin"
16779
16778
msgstr " addprinc steve/admin"
16780
16779
16781
#: serverguide/C/network-auth.xml:2913(computeroutput)
16780
#: serverguide/C/network-auth.xml:2912(computeroutput)
16782
16781
#, no-wrap
16783
16782
msgid ""
16784
16783
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16789
16788
"kadmin.local:"
16790
16789
msgstr ""
16791
16790
16792
#: serverguide/C/network-auth.xml:2917(userinput)
16791
#: serverguide/C/network-auth.xml:2916(userinput)
16793
16792
#, no-wrap
16794
16793
msgid " quit"
16795
16794
msgstr " выхад"
16796
16795
16797
#: serverguide/C/network-auth.xml:2920(para)
16796
#: serverguide/C/network-auth.xml:2919(para)
16798
16797
msgid ""
16799
16798
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16800
16799
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16806
16805
"rights."
16807
16806
msgstr ""
16808
16807
16809
#: serverguide/C/network-auth.xml:2930(para)
16808
#: serverguide/C/network-auth.xml:2929(para)
16810
16809
msgid ""
16811
16810
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16812
16811
"your Realm and admin username."
16813
16812
msgstr ""
16814
16813
16815
#: serverguide/C/network-auth.xml:2938(para)
16814
#: serverguide/C/network-auth.xml:2937(para)
16816
16815
msgid ""
16817
16816
"Next, the new admin user needs to have the appropriate Access Control List "
16818
16817
"(ACL) permissions. The permissions are configured in the "
16819
16818
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16820
16819
msgstr ""
16821
16820
16822
#: serverguide/C/network-auth.xml:2943(programlisting)
16821
#: serverguide/C/network-auth.xml:2942(programlisting)
16823
16822
#, no-wrap
16824
16823
msgid ""
16825
16824
"\n"
16828
16827
"\n"
16829
16828
"steve/admin@EXAMPLE.COM *\n"
16830
16829
16831
#: serverguide/C/network-auth.xml:2947(para)
16830
#: serverguide/C/network-auth.xml:2946(para)
16832
16831
msgid ""
16833
16832
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16834
16833
"any operation on all principals in the realm. You can configure principals "
16837
16836
"<emphasis>kadm5.acl</emphasis> man page for details."
16838
16837
msgstr ""
16839
16838
16840
#: serverguide/C/network-auth.xml:2959(para)
16839
#: serverguide/C/network-auth.xml:2958(para)
16841
16840
msgid ""
16842
16841
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16843
16842
"to take affect:"
16844
16843
msgstr ""
16845
16844
16846
#: serverguide/C/network-auth.xml:2961(command)
16845
#: serverguide/C/network-auth.xml:2963(command)
16847
16846
msgid "sudo service krb5-admin-server restart"
16848
16847
msgstr ""
16849
16848
16850
#: serverguide/C/network-auth.xml:2970(para)
16849
#: serverguide/C/network-auth.xml:2969(para)
16851
16850
msgid ""
16852
16851
"The new user principal can be tested using the <application>kinit "
16853
16852
"utility</application>:"
16854
16853
msgstr ""
16855
16854
16856
#: serverguide/C/network-auth.xml:2975(command)
16855
#: serverguide/C/network-auth.xml:2974(command)
16857
16856
msgid "kinit steve/admin"
16858
16857
msgstr "kinit steve/admin"
16859
16858
16860
#: serverguide/C/network-auth.xml:2976(computeroutput)
16859
#: serverguide/C/network-auth.xml:2975(computeroutput)
16861
16860
#, no-wrap
16862
16861
msgid "steve/admin@EXAMPLE.COM's Password:"
16863
16862
msgstr "Пароль на steve/admin@EXAMPLE.COM:"
16864
16863
16865
#: serverguide/C/network-auth.xml:2979(para)
16864
#: serverguide/C/network-auth.xml:2978(para)
16866
16865
msgid ""
16867
16866
"After entering the password, use the <application>klist</application> "
16868
16867
"utility to view information about the Ticket Granting Ticket (TGT):"
16869
16868
msgstr ""
16870
16869
16871
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16870
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
16872
16871
msgid "klist"
16873
16872
msgstr "klist"
16874
16873
16875
#: serverguide/C/network-auth.xml:2986(computeroutput)
16874
#: serverguide/C/network-auth.xml:2985(computeroutput)
16876
16875
#, no-wrap
16877
16876
msgid ""
16878
16877
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16882
16881
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16883
16882
msgstr ""
16884
16883
16885
#: serverguide/C/network-auth.xml:2993(para)
16884
#: serverguide/C/network-auth.xml:2992(para)
16886
16885
msgid ""
16887
16886
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
16888
16887
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
16891
16890
"For example:"
16892
16891
msgstr ""
16893
16892
16894
#: serverguide/C/network-auth.xml:3002(programlisting)
16893
#: serverguide/C/network-auth.xml:3001(programlisting)
16895
16894
#, no-wrap
16896
16895
msgid ""
16897
16896
"\n"
16900
16899
"\n"
16901
16900
"192.168.0.1 kdc01.example.com kdc01\n"
16902
16901
16903
#: serverguide/C/network-auth.xml:3006(para)
16902
#: serverguide/C/network-auth.xml:3005(para)
16904
16903
msgid ""
16905
16904
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
16906
16905
"This usually happens when you have a Kerberos realm encompassing different "
16907
16906
"networks separated by routers."
16908
16907
msgstr ""
16909
16908
16910
#: serverguide/C/network-auth.xml:3015(para)
16909
#: serverguide/C/network-auth.xml:3014(para)
16911
16910
msgid ""
16912
16911
"The best way to allow clients to automatically determine the KDC for the "
16913
16912
"Realm is using DNS SRV records. Add the following to "
16914
16913
"<filename>/etc/named/db.example.com</filename>:"
16915
16914
msgstr ""
16916
16915
16917
#: serverguide/C/network-auth.xml:3021(programlisting)
16916
#: serverguide/C/network-auth.xml:3020(programlisting)
16918
16917
#, no-wrap
16919
16918
msgid ""
16920
16919
"\n"
16933
16932
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
16934
16933
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16935
16934
16936
#: serverguide/C/network-auth.xml:3031(para)
16935
#: serverguide/C/network-auth.xml:3030(para)
16937
16936
msgid ""
16938
16937
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16939
16938
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16940
16939
"KDC."
16941
16940
msgstr ""
16942
16941
16943
#: serverguide/C/network-auth.xml:3037(para)
16942
#: serverguide/C/network-auth.xml:3036(para)
16944
16943
msgid ""
16945
16944
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16946
16945
msgstr ""
16947
16946
16948
#: serverguide/C/network-auth.xml:3044(para)
16947
#: serverguide/C/network-auth.xml:3043(para)
16949
16948
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16950
16949
msgstr ""
16951
16950
16952
#: serverguide/C/network-auth.xml:3051(title)
16951
#: serverguide/C/network-auth.xml:3050(title)
16953
16952
msgid "Secondary KDC"
16954
16953
msgstr "Другасны KDC"
16955
16954
16956
#: serverguide/C/network-auth.xml:3053(para)
16955
#: serverguide/C/network-auth.xml:3052(para)
16957
16956
msgid ""
16958
16957
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16959
16958
"practice to have a Secondary KDC in case the primary becomes unavailable. "
16962
16961
"of those networks."
16963
16962
msgstr ""
16964
16963
16965
#: serverguide/C/network-auth.xml:3064(para)
16964
#: serverguide/C/network-auth.xml:3063(para)
16966
16965
msgid ""
16967
16966
"First, install the packages, and when asked for the Kerberos and Admin "
16968
16967
"server names enter the name of the Primary KDC:"
16969
16968
msgstr ""
16970
16969
16971
#: serverguide/C/network-auth.xml:3075(para)
16970
#: serverguide/C/network-auth.xml:3074(para)
16972
16971
msgid ""
16973
16972
"Once you have the packages installed, create the Secondary KDC's host "
16974
16973
"principal. From a terminal prompt, enter:"
16975
16974
msgstr ""
16976
16975
16977
#: serverguide/C/network-auth.xml:3080(command)
16976
#: serverguide/C/network-auth.xml:3079(command)
16978
16977
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16979
16978
msgstr "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16980
16979
16981
#: serverguide/C/network-auth.xml:3084(para)
16980
#: serverguide/C/network-auth.xml:3083(para)
16982
16981
msgid ""
16983
16982
"After, issuing any <application>kadmin</application> commands you will be "
16984
16983
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16985
16984
"password."
16986
16985
msgstr ""
16987
16986
16988
#: serverguide/C/network-auth.xml:3093(para)
16987
#: serverguide/C/network-auth.xml:3092(para)
16989
16988
msgid "Extract the <emphasis>keytab</emphasis> file:"
16990
16989
msgstr ""
16991
16990
16992
#: serverguide/C/network-auth.xml:3098(command)
16991
#: serverguide/C/network-auth.xml:3097(command)
16993
16992
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16994
16993
msgstr ""
16995
16994
16996
#: serverguide/C/network-auth.xml:3104(para)
16995
#: serverguide/C/network-auth.xml:3103(para)
16997
16996
msgid ""
16998
16997
"There should now be a <filename>keytab.kdc02</filename> in the current "
16999
16998
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17000
16999
msgstr ""
17001
17000
17002
#: serverguide/C/network-auth.xml:3110(command)
17001
#: serverguide/C/network-auth.xml:3109(command)
17003
17002
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17004
17003
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
17005
17004
17006
#: serverguide/C/network-auth.xml:3114(para)
17005
#: serverguide/C/network-auth.xml:3113(para)
17007
17006
msgid ""
17008
17007
"If the path to the <filename>keytab.kdc02</filename> file is different "
17009
17008
"adjust accordingly."
17010
17009
msgstr ""
17011
17010
17012
#: serverguide/C/network-auth.xml:3119(para)
17011
#: serverguide/C/network-auth.xml:3118(para)
17013
17012
msgid ""
17014
17013
"Also, you can list the principals in a Keytab file, which can be useful when "
17015
17014
"troubleshooting, using the <application>klist</application> utility:"
17016
17015
msgstr ""
17017
17016
17018
#: serverguide/C/network-auth.xml:3125(command)
17017
#: serverguide/C/network-auth.xml:3124(command)
17019
17018
msgid "sudo klist -k /etc/krb5.keytab"
17020
17019
msgstr "sudo klist -k /etc/krb5.keytab"
17021
17020
17022
#: serverguide/C/network-auth.xml:3128(para)
17021
#: serverguide/C/network-auth.xml:3127(para)
17023
17022
msgid ""
17024
17023
"The <application>-k</application> option indicates the file is a keytab file."
17025
17024
msgstr ""
17026
17025
17027
#: serverguide/C/network-auth.xml:3135(para)
17026
#: serverguide/C/network-auth.xml:3134(para)
17028
17027
msgid ""
17029
17028
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17030
17029
"that lists all KDCs for the Realm. For example, on both primary and "
17031
17030
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17032
17031
msgstr ""
17033
17032
17034
#: serverguide/C/network-auth.xml:3140(programlisting)
17033
#: serverguide/C/network-auth.xml:3139(programlisting)
17035
17034
#, no-wrap
17036
17035
msgid ""
17037
17036
"\n"
17042
17041
"host/kdc01.example.com@EXAMPLE.COM\n"
17043
17042
"host/kdc02.example.com@EXAMPLE.COM\n"
17044
17043
17045
#: serverguide/C/network-auth.xml:3148(para)
17044
#: serverguide/C/network-auth.xml:3147(para)
17046
17045
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17047
17046
msgstr ""
17048
17047
17049
#: serverguide/C/network-auth.xml:3153(command)
17048
#: serverguide/C/network-auth.xml:3152(command)
17050
17049
msgid "sudo kdb5_util -s create"
17051
17050
msgstr "sudo kdb5_util -s create"
17052
17051
17053
#: serverguide/C/network-auth.xml:3159(para)
17052
#: serverguide/C/network-auth.xml:3158(para)
17054
17053
msgid ""
17055
17054
"Now start the <application>kpropd</application> daemon, which listens for "
17056
17055
"connections from the <application>kprop</application> utility. "
17057
17056
"<application>kprop</application> is used to transfer dump files:"
17058
17057
msgstr ""
17059
17058
17060
#: serverguide/C/network-auth.xml:3166(command)
17059
#: serverguide/C/network-auth.xml:3165(command)
17061
17060
msgid "sudo kpropd -S"
17062
17061
msgstr "sudo kpropd -S"
17063
17062
17064
#: serverguide/C/network-auth.xml:3172(para)
17063
#: serverguide/C/network-auth.xml:3171(para)
17065
17064
msgid ""
17066
17065
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17067
17066
"of the principal database:"
17068
17067
msgstr ""
17069
17068
17070
#: serverguide/C/network-auth.xml:3177(command)
17069
#: serverguide/C/network-auth.xml:3176(command)
17071
17070
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17072
17071
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17073
17072
17074
#: serverguide/C/network-auth.xml:3183(para)
17073
#: serverguide/C/network-auth.xml:3182(para)
17075
17074
msgid ""
17076
17075
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17077
17076
"<filename>/etc/krb5.keytab</filename>:"
17078
17077
msgstr ""
17079
17078
17080
#: serverguide/C/network-auth.xml:3188(command)
17079
#: serverguide/C/network-auth.xml:3187(command)
17081
17080
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17082
17081
msgstr "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17083
17082
17084
#: serverguide/C/network-auth.xml:3189(command)
17083
#: serverguide/C/network-auth.xml:3188(command)
17085
17084
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17086
17085
msgstr ""
17087
17086
17088
#: serverguide/C/network-auth.xml:3193(para)
17087
#: serverguide/C/network-auth.xml:3192(para)
17089
17088
msgid ""
17090
17089
"Make sure there is a <emphasis>host</emphasis> for "
17091
17090
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17092
17091
msgstr ""
17093
17092
17094
#: serverguide/C/network-auth.xml:3201(para)
17093
#: serverguide/C/network-auth.xml:3200(para)
17095
17094
msgid ""
17096
17095
"Using the <application>kprop</application> utility push the database to the "
17097
17096
"Secondary KDC:"
17098
17097
msgstr ""
17099
17098
17100
#: serverguide/C/network-auth.xml:3206(command)
17099
#: serverguide/C/network-auth.xml:3205(command)
17101
17100
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17102
17101
msgstr "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17103
17102
17104
#: serverguide/C/network-auth.xml:3210(para)
17103
#: serverguide/C/network-auth.xml:3209(para)
17105
17104
msgid ""
17106
17105
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17107
17106
"worked. If there is an error message check "
17109
17108
"information."
17110
17109
msgstr ""
17111
17110
17112
#: serverguide/C/network-auth.xml:3216(para)
17111
#: serverguide/C/network-auth.xml:3215(para)
17113
17112
msgid ""
17114
17113
"You may also want to create a <application>cron</application> job to "
17115
17114
"periodically update the database on the Secondary KDC. For example, the "
17117
17116
"split to fit the format of this document):"
17118
17117
msgstr ""
17119
17118
17120
#: serverguide/C/network-auth.xml:3221(programlisting)
17119
#: serverguide/C/network-auth.xml:3220(programlisting)
17121
17120
#, no-wrap
17122
17121
msgid ""
17123
17122
"\n"
17126
17125
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
17127
17126
msgstr ""
17128
17127
17129
#: serverguide/C/network-auth.xml:3230(para)
17128
#: serverguide/C/network-auth.xml:3229(para)
17130
17129
msgid ""
17131
17130
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
17132
17131
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
17133
17132
msgstr ""
17134
17133
17135
#: serverguide/C/network-auth.xml:3236(command)
17134
#: serverguide/C/network-auth.xml:3235(command)
17136
17135
msgid "sudo kdb5_util stash"
17137
17136
msgstr "sudo kdb5_util stash"
17138
17137
17139
#: serverguide/C/network-auth.xml:3242(para)
17138
#: serverguide/C/network-auth.xml:3241(para)
17140
17139
msgid ""
17141
17140
"Finally, start the <application>krb5-kdc</application> daemon on the "
17142
17141
"Secondary KDC:"
17143
17142
msgstr ""
17144
17143
17145
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
17144
#: serverguide/C/network-auth.xml:3246(command) serverguide/C/network-auth.xml:3922(command)
17146
17145
msgid "sudo service krb5-kdc start"
17147
17146
msgstr ""
17148
17147
17149
#: serverguide/C/network-auth.xml:3253(para)
17148
#: serverguide/C/network-auth.xml:3252(para)
17150
17149
msgid ""
17151
17150
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
17152
17151
"for the Realm. You can test this by stopping the <application>krb5-"
17157
17156
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
17158
17157
msgstr ""
17159
17158
17160
#: serverguide/C/network-auth.xml:3264(title)
17159
#: serverguide/C/network-auth.xml:3263(title)
17161
17160
msgid "Kerberos Linux Client"
17162
17161
msgstr "Linux кліент Kerberos"
17163
17162
17164
#: serverguide/C/network-auth.xml:3266(para)
17163
#: serverguide/C/network-auth.xml:3265(para)
17165
17164
msgid ""
17166
17165
"This section covers configuring a Linux system as a "
17167
17166
"<application>Kerberos</application> client. This will allow access to any "
17168
17167
"kerberized services once a user has successfully logged into the system."
17169
17168
msgstr ""
17170
17169
17171
#: serverguide/C/network-auth.xml:3274(para)
17170
#: serverguide/C/network-auth.xml:3273(para)
17172
17171
msgid ""
17173
17172
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17174
17173
"user</application> and <application>libpam-krb5</application> packages are "
17177
17176
"prompt:"
17178
17177
msgstr ""
17179
17178
17180
#: serverguide/C/network-auth.xml:3281(command)
17179
#: serverguide/C/network-auth.xml:3280(command)
17181
17180
msgid ""
17182
17181
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17183
17182
msgstr ""
17184
17183
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17185
17184
17186
#: serverguide/C/network-auth.xml:3284(para)
17185
#: serverguide/C/network-auth.xml:3283(para)
17187
17186
msgid ""
17188
17187
"The <application>auth-client-config</application> package allows simple "
17189
17188
"configuration of PAM for authentication from multiple sources, and the "
17194
17193
"be accessed off the network as well."
17195
17194
msgstr ""
17196
17195
17197
#: serverguide/C/network-auth.xml:3295(para)
17196
#: serverguide/C/network-auth.xml:3294(para)
17198
17197
msgid "To configure the client in a terminal enter:"
17199
17198
msgstr ""
17200
17199
17201
#: serverguide/C/network-auth.xml:3300(command)
17200
#: serverguide/C/network-auth.xml:3299(command)
17202
17201
msgid "sudo dpkg-reconfigure krb5-config"
17203
17202
msgstr "sudo dpkg-reconfigure krb5-config"
17204
17203
17205
#: serverguide/C/network-auth.xml:3303(para)
17204
#: serverguide/C/network-auth.xml:3302(para)
17206
17205
msgid ""
17207
17206
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
17208
17207
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
17210
17209
"Center (KDC) and Realm Administration server."
17211
17210
msgstr ""
17212
17211
17213
#: serverguide/C/network-auth.xml:3309(para)
17212
#: serverguide/C/network-auth.xml:3308(para)
17214
17213
msgid ""
17215
17214
"The <application>dpkg-reconfigure</application> adds entries to the "
17216
17215
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
17217
17216
"entries similar to the following:"
17218
17217
msgstr ""
17219
17218
17220
#: serverguide/C/network-auth.xml:3311(programlisting)
17219
#: serverguide/C/network-auth.xml:3313(programlisting)
17221
17220
#, no-wrap
17222
17221
msgid ""
17223
17222
"\n"
17231
17230
" }\n"
17232
17231
msgstr ""
17233
17232
17234
#: serverguide/C/network-auth.xml:3326(para)
17233
#: serverguide/C/network-auth.xml:3325(para)
17235
17234
msgid ""
17236
17235
"If you set the uid of each of your network-authenticated users to start at "
17237
17236
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17239
17238
"> 5000:"
17240
17239
msgstr ""
17241
17240
17242
#: serverguide/C/network-auth.xml:3334(command)
17241
#: serverguide/C/network-auth.xml:3333(command)
17243
17242
msgid ""
17244
17243
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17245
17244
"for i in common-auth common-session common-account common-password; do sudo "
17247
17246
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17248
17247
msgstr ""
17249
17248
17250
#: serverguide/C/network-auth.xml:3341(para)
17249
#: serverguide/C/network-auth.xml:3340(para)
17251
17250
msgid ""
17252
17251
"This will avoid being asked for the (non-existent) Kerberos password of a "
17253
17252
"locally authenticated user when changing its password using "
17254
17253
"<command>passwd</command>."
17255
17254
msgstr ""
17256
17255
17257
#: serverguide/C/network-auth.xml:3348(para)
17256
#: serverguide/C/network-auth.xml:3347(para)
17258
17257
msgid ""
17259
17258
"You can test the configuration by requesting a ticket using the "
17260
17259
"<application>kinit</application> utility. For example:"
17261
17260
msgstr ""
17262
17261
17263
#: serverguide/C/network-auth.xml:3353(command)
17262
#: serverguide/C/network-auth.xml:3352(command)
17264
17263
msgid "kinit steve@EXAMPLE.COM"
17265
17264
msgstr "kinit steve@EXAMPLE.COM"
17266
17265
17267
#: serverguide/C/network-auth.xml:3354(computeroutput)
17266
#: serverguide/C/network-auth.xml:3353(computeroutput)
17268
17267
#, no-wrap
17269
17268
msgid "Password for steve@EXAMPLE.COM:"
17270
17269
msgstr "Пароль для steve@EXAMPLE.COM:"
17271
17270
17272
#: serverguide/C/network-auth.xml:3357(para)
17271
#: serverguide/C/network-auth.xml:3356(para)
17273
17272
msgid ""
17274
17273
"When a ticket has been granted, the details can be viewed using "
17275
17274
"<application>klist</application>:"
17276
17275
msgstr ""
17277
17276
17278
#: serverguide/C/network-auth.xml:3363(computeroutput)
17277
#: serverguide/C/network-auth.xml:3362(computeroutput)
17279
17278
#, no-wrap
17280
17279
msgid ""
17281
17280
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17290
17289
"klist: You have no tickets cached"
17291
17290
msgstr ""
17292
17291
17293
#: serverguide/C/network-auth.xml:3375(para)
17292
#: serverguide/C/network-auth.xml:3374(para)
17294
17293
msgid ""
17295
17294
"Next, use the <application>auth-client-config</application> to configure the "
17296
17295
"<application>libpam-krb5</application> module to request a ticket during "
17297
17296
"login:"
17298
17297
msgstr ""
17299
17298
17300
#: serverguide/C/network-auth.xml:3381(command)
17299
#: serverguide/C/network-auth.xml:3380(command)
17301
17300
msgid "sudo auth-client-config -a -p kerberos_example"
17302
17301
msgstr "sudo auth-client-config -a -p kerberos_example"
17303
17302
17304
#: serverguide/C/network-auth.xml:3384(para)
17303
#: serverguide/C/network-auth.xml:3383(para)
17305
17304
msgid ""
17306
17305
"You will should now receive a ticket upon successful login authentication."
17307
17306
msgstr ""
17308
17307
17309
#: serverguide/C/network-auth.xml:3395(para)
17308
#: serverguide/C/network-auth.xml:3394(para)
17310
17309
msgid ""
17311
17310
"For more information on MIT's version of Kerberos, see the <ulink "
17312
17311
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17313
17312
msgstr ""
17314
17313
17315
#: serverguide/C/network-auth.xml:3400(para)
17314
#: serverguide/C/network-auth.xml:3399(para)
17316
17315
msgid ""
17317
17316
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17318
17317
"Kerberos</ulink> page has more details."
17319
17318
msgstr ""
17320
17319
17321
#: serverguide/C/network-auth.xml:3405(para)
17320
#: serverguide/C/network-auth.xml:3404(para)
17322
17321
msgid ""
17323
17322
"O'Reilly's <ulink "
17324
17323
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17325
17324
"Guide</ulink> is a great reference when setting up Kerberos."
17326
17325
msgstr ""
17327
17326
17328
#: serverguide/C/network-auth.xml:3411(para)
17327
#: serverguide/C/network-auth.xml:3410(para)
17329
17328
msgid ""
17330
17329
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17331
17330
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17332
17331
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17333
17332
msgstr ""
17334
17333
17335
#: serverguide/C/network-auth.xml:3423(title)
17334
#: serverguide/C/network-auth.xml:3422(title)
17336
17335
msgid "Kerberos and LDAP"
17337
17336
msgstr "Kerberos і LDAP"
17338
17337
17339
#: serverguide/C/network-auth.xml:3425(para)
17338
#: serverguide/C/network-auth.xml:3424(para)
17340
17339
msgid ""
17341
17340
"Most people will not use Kerberos by itself; once an user is authenticated "
17342
17341
"(Kerberos), we need to figure out what this user can do (authorization). And "
17343
17342
"that would be the job of programs such as <application>LDAP</application>."
17344
17343
msgstr ""
17345
17344
17346
#: serverguide/C/network-auth.xml:3432(para)
17345
#: serverguide/C/network-auth.xml:3431(para)
17347
17346
msgid ""
17348
17347
"Replicating a Kerberos principal database between two servers can be "
17349
17348
"complicated, and adds an additional user database to your network. "
17353
17352
"<application>OpenLDAP</application> for the principal database."
17354
17353
msgstr ""
17355
17354
17356
#: serverguide/C/network-auth.xml:3440(para)
17355
#: serverguide/C/network-auth.xml:3439(para)
17357
17356
msgid ""
17358
17357
"The examples presented here assume <application>MIT Kerberos</application> "
17359
17358
"and <application>OpenLDAP</application>."
17360
17359
msgstr ""
17361
17360
17362
#: serverguide/C/network-auth.xml:3448(title)
17361
#: serverguide/C/network-auth.xml:3447(title)
17363
17362
msgid "Configuring OpenLDAP"
17364
17363
msgstr "Наладка OpenLDAP"
17365
17364
17366
#: serverguide/C/network-auth.xml:3450(para)
17365
#: serverguide/C/network-auth.xml:3449(para)
17367
17366
msgid ""
17368
17367
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17369
17368
"<application>OpenLDAP</application> server that has network connectivity to "
17372
17371
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17373
17372
msgstr ""
17374
17373
17375
#: serverguide/C/network-auth.xml:3456(para)
17374
#: serverguide/C/network-auth.xml:3455(para)
17376
17375
msgid ""
17377
17376
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17378
17377
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17379
17378
"linkend=\"openldap-tls\"/> for details."
17380
17379
msgstr ""
17381
17380
17382
#: serverguide/C/network-auth.xml:3462(para)
17381
#: serverguide/C/network-auth.xml:3461(para)
17383
17382
msgid ""
17384
17383
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17385
17384
"edit the ldap database. Many times it is the RootDN. Change its value to "
17386
17385
"reflect your setup."
17387
17386
msgstr ""
17388
17387
17389
#: serverguide/C/network-auth.xml:3471(para)
17388
#: serverguide/C/network-auth.xml:3470(para)
17390
17389
msgid ""
17391
17390
"To load the schema into LDAP, on the LDAP server install the "
17392
17391
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17393
17392
msgstr ""
17394
17393
17395
#: serverguide/C/network-auth.xml:3477(command)
17394
#: serverguide/C/network-auth.xml:3476(command)
17396
17395
msgid "sudo apt-get install krb5-kdc-ldap"
17397
17396
msgstr "sudo apt-get install krb5-kdc-ldap"
17398
17397
17399
#: serverguide/C/network-auth.xml:3482(para)
17398
#: serverguide/C/network-auth.xml:3481(para)
17400
17399
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17401
17400
msgstr ""
17402
17401
17403
#: serverguide/C/network-auth.xml:3487(command)
17402
#: serverguide/C/network-auth.xml:3486(command)
17404
17403
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17405
17404
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17406
17405
17407
#: serverguide/C/network-auth.xml:3488(command)
17406
#: serverguide/C/network-auth.xml:3487(command)
17408
17407
msgid ""
17409
17408
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17410
17409
msgstr ""
17411
17410
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17412
17411
17413
#: serverguide/C/network-auth.xml:3494(para)
17412
#: serverguide/C/network-auth.xml:3493(para)
17414
17413
msgid ""
17415
17414
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17416
17415
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17418
17417
"linkend=\"openldap-configuration\"/>."
17419
17418
msgstr ""
17420
17419
17421
#: serverguide/C/network-auth.xml:3502(para)
17420
#: serverguide/C/network-auth.xml:3501(para)
17422
17421
msgid ""
17423
17422
"First, create a configuration file named "
17424
17423
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17425
17424
"containing the following lines:"
17426
17425
msgstr ""
17427
17426
17428
#: serverguide/C/network-auth.xml:3507(programlisting)
17427
#: serverguide/C/network-auth.xml:3506(programlisting)
17429
17428
#, no-wrap
17430
17429
msgid ""
17431
17430
"\n"
17444
17443
"include /etc/ldap/schema/kerberos.schema\n"
17445
17444
msgstr ""
17446
17445
17447
#: serverguide/C/network-auth.xml:3527(para)
17446
#: serverguide/C/network-auth.xml:3526(para)
17448
17447
msgid "Create a temporary directory to hold the LDIF files:"
17449
17448
msgstr ""
17450
17449
17451
#: serverguide/C/network-auth.xml:3531(command)
17450
#: serverguide/C/network-auth.xml:3530(command)
17452
17451
msgid "mkdir /tmp/ldif_output"
17453
17452
msgstr "mkdir /tmp/ldif_output"
17454
17453
17455
#: serverguide/C/network-auth.xml:3537(para)
17454
#: serverguide/C/network-auth.xml:3536(para)
17456
17455
msgid ""
17457
17456
"Now use <application>slapcat</application> to convert the schema files:"
17458
17457
msgstr ""
17459
17458
17460
#: serverguide/C/network-auth.xml:3542(command)
17459
#: serverguide/C/network-auth.xml:3541(command)
17461
17460
msgid ""
17462
17461
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17463
17462
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17464
17463
msgstr ""
17465
17464
17466
#: serverguide/C/network-auth.xml:3546(para)
17465
#: serverguide/C/network-auth.xml:3545(para)
17467
17466
msgid ""
17468
17467
"Change the above file and path names to match your own if they are different."
17469
17468
msgstr ""
17470
17469
17471
#: serverguide/C/network-auth.xml:3553(para)
17470
#: serverguide/C/network-auth.xml:3552(para)
17472
17471
msgid ""
17473
17472
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17474
17473
"changing the following attributes:"
17475
17474
msgstr ""
17476
17475
17477
#: serverguide/C/network-auth.xml:3557(programlisting)
17476
#: serverguide/C/network-auth.xml:3556(programlisting)
17478
17477
#, no-wrap
17479
17478
msgid ""
17480
17479
"\n"
17487
17486
"...\n"
17488
17487
"cn: kerberos\n"
17489
17488
17490
#: serverguide/C/network-auth.xml:3563(para)
17489
#: serverguide/C/network-auth.xml:3562(para)
17491
17490
msgid "And remove the following lines from the end of the file:"
17492
17491
msgstr ""
17493
17492
17494
#: serverguide/C/network-auth.xml:3567(programlisting)
17493
#: serverguide/C/network-auth.xml:3566(programlisting)
17495
17494
#, no-wrap
17496
17495
msgid ""
17497
17496
"\n"
17512
17511
"modifiersName: cn=config\n"
17513
17512
"modifyTimestamp: 20090111203515Z\n"
17514
17513
17515
#: serverguide/C/network-auth.xml:3577(para)
17514
#: serverguide/C/network-auth.xml:3576(para)
17516
17515
msgid ""
17517
17516
"The attribute values will vary, just be sure the attributes are removed."
17518
17517
msgstr ""
17519
17518
17520
#: serverguide/C/network-auth.xml:3584(para)
17519
#: serverguide/C/network-auth.xml:3583(para)
17521
17520
msgid "Load the new schema with <application>ldapadd</application>:"
17522
17521
msgstr ""
17523
17522
17524
#: serverguide/C/network-auth.xml:3589(command)
17523
#: serverguide/C/network-auth.xml:3588(command)
17525
17524
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17526
17525
msgstr ""
17527
17526
17528
#: serverguide/C/network-auth.xml:3595(para)
17527
#: serverguide/C/network-auth.xml:3594(para)
17529
17528
msgid ""
17530
17529
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17531
17530
msgstr ""
17532
17531
17533
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17532
#: serverguide/C/network-auth.xml:3599(command) serverguide/C/network-auth.xml:3616(command)
17534
17533
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17535
17534
msgstr "ldapmodify -x -D cn=admin,cn=config -W"
17536
17535
17537
#: serverguide/C/network-auth.xml:3602(userinput)
17536
#: serverguide/C/network-auth.xml:3601(userinput)
17538
17537
#, no-wrap
17539
17538
msgid ""
17540
17539
"dn: olcDatabase={1}hdb,cn=config\n"
17545
17544
"add: olcDbIndex\n"
17546
17545
"olcDbIndex: krbPrincipalName eq,pres,sub"
17547
17546
17548
#: serverguide/C/network-auth.xml:3601(computeroutput)
17547
#: serverguide/C/network-auth.xml:3600(computeroutput)
17549
17548
#, no-wrap
17550
17549
msgid ""
17551
17550
"Enter LDAP Password:\n"
17554
17553
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17555
17554
msgstr ""
17556
17555
17557
#: serverguide/C/network-auth.xml:3612(para)
17556
#: serverguide/C/network-auth.xml:3611(para)
17558
17557
msgid "Finally, update the Access Control Lists (ACL):"
17559
17558
msgstr ""
17560
17559
17561
#: serverguide/C/network-auth.xml:3619(userinput)
17560
#: serverguide/C/network-auth.xml:3618(userinput)
17562
17561
#, no-wrap
17563
17562
msgid ""
17564
17563
"dn: olcDatabase={1}hdb,cn=config\n"
17574
17573
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17575
17574
msgstr ""
17576
17575
17577
#: serverguide/C/network-auth.xml:3618(computeroutput)
17576
#: serverguide/C/network-auth.xml:3617(computeroutput)
17578
17577
#, no-wrap
17579
17578
msgid ""
17580
17579
"Enter LDAP Password: \n"
17583
17582
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17584
17583
msgstr ""
17585
17584
17586
#: serverguide/C/network-auth.xml:3639(para)
17585
#: serverguide/C/network-auth.xml:3638(para)
17587
17586
msgid ""
17588
17587
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17589
17588
"database."
17590
17589
msgstr ""
17591
17590
17592
#: serverguide/C/network-auth.xml:3645(title)
17591
#: serverguide/C/network-auth.xml:3644(title)
17593
17592
msgid "Primary KDC Configuration"
17594
17593
msgstr ""
17595
17594
17596
#: serverguide/C/network-auth.xml:3647(para)
17595
#: serverguide/C/network-auth.xml:3646(para)
17597
17596
msgid ""
17598
17597
"With <application>OpenLDAP</application> configured it is time to configure "
17599
17598
"the KDC."
17600
17599
msgstr ""
17601
17600
17602
#: serverguide/C/network-auth.xml:3653(para)
17601
#: serverguide/C/network-auth.xml:3652(para)
17603
17602
msgid "First, install the necessary packages, from a terminal enter:"
17604
17603
msgstr ""
17605
17604
17606
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17605
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17607
17606
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17608
17607
msgstr "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17609
17608
17610
#: serverguide/C/network-auth.xml:3664(para)
17609
#: serverguide/C/network-auth.xml:3663(para)
17611
17610
msgid ""
17612
17611
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17613
17612
"under the appropriate sections:"
17614
17613
msgstr ""
17615
17614
17616
#: serverguide/C/network-auth.xml:3668(programlisting)
17615
#: serverguide/C/network-auth.xml:3667(programlisting)
17617
17616
#, no-wrap
17618
17617
msgid ""
17619
17618
"\n"
17663
17662
" }\n"
17664
17663
msgstr ""
17665
17664
17666
#: serverguide/C/network-auth.xml:3713(para)
17665
#: serverguide/C/network-auth.xml:3712(para)
17667
17666
msgid ""
17668
17667
"Change <emphasis>example.com</emphasis>, "
17669
17668
"<emphasis>dc=example,dc=com</emphasis>, "
17672
17671
"object, and LDAP server for your network."
17673
17672
msgstr ""
17674
17673
17675
#: serverguide/C/network-auth.xml:3722(para)
17674
#: serverguide/C/network-auth.xml:3721(para)
17676
17675
msgid ""
17677
17676
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17678
17677
"the realm:"
17679
17678
msgstr ""
17680
17679
17681
#: serverguide/C/network-auth.xml:3727(command)
17680
#: serverguide/C/network-auth.xml:3726(command)
17682
17681
msgid ""
17683
17682
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17684
17683
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17685
17684
msgstr ""
17686
17685
17687
#: serverguide/C/network-auth.xml:3734(para)
17686
#: serverguide/C/network-auth.xml:3733(para)
17688
17687
msgid ""
17689
17688
"Create a stash of the password used to bind to the LDAP server. This "
17690
17689
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17692
17691
"<filename>/etc/krb5.conf</filename>:"
17693
17692
msgstr ""
17694
17693
17695
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17694
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17696
17695
msgid ""
17697
17696
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17698
17697
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17699
17698
msgstr ""
17700
17699
17701
#: serverguide/C/network-auth.xml:3747(para)
17700
#: serverguide/C/network-auth.xml:3746(para)
17702
17701
msgid "Copy the CA certificate from the LDAP server:"
17703
17702
msgstr ""
17704
17703
17705
#: serverguide/C/network-auth.xml:3752(command)
17704
#: serverguide/C/network-auth.xml:3751(command)
17706
17705
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17707
17706
msgstr "scp ldap01:/etc/ssl/certs/cacert.pem ."
17708
17707
17709
#: serverguide/C/network-auth.xml:3753(command)
17708
#: serverguide/C/network-auth.xml:3752(command)
17710
17709
msgid "sudo cp cacert.pem /etc/ssl/certs"
17711
17710
msgstr "sudo cp cacert.pem /etc/ssl/certs"
17712
17711
17713
#: serverguide/C/network-auth.xml:3756(para)
17712
#: serverguide/C/network-auth.xml:3755(para)
17714
17713
msgid ""
17715
17714
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17716
17715
msgstr ""
17717
17716
17718
#: serverguide/C/network-auth.xml:3760(programlisting)
17717
#: serverguide/C/network-auth.xml:3759(programlisting)
17719
17718
#, no-wrap
17720
17719
msgid ""
17721
17720
"\n"
17724
17723
"\n"
17725
17724
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17726
17725
17727
#: serverguide/C/network-auth.xml:3765(para)
17726
#: serverguide/C/network-auth.xml:3764(para)
17728
17727
msgid ""
17729
17728
"The certificate will also need to be copied to the Secondary KDC, to allow "
17730
17729
"the connection to the LDAP servers using LDAPS."
17731
17730
msgstr ""
17732
17731
17733
#: serverguide/C/network-auth.xml:3774(para)
17732
#: serverguide/C/network-auth.xml:3773(para)
17734
17733
msgid ""
17735
17734
"You can now add Kerberos principals to the LDAP database, and they will be "
17736
17735
"copied to any other LDAP servers configured for replication. To add a "
17737
17736
"principal using the <application>kadmin.local</application> utility enter:"
17738
17737
msgstr ""
17739
17738
17740
#: serverguide/C/network-auth.xml:3782(userinput)
17739
#: serverguide/C/network-auth.xml:3781(userinput)
17741
17740
#, no-wrap
17742
17741
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17743
17742
msgstr "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17744
17743
17745
#: serverguide/C/network-auth.xml:3781(computeroutput)
17744
#: serverguide/C/network-auth.xml:3780(computeroutput)
17746
17745
#, no-wrap
17747
17746
msgid ""
17748
17747
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17753
17752
"Principal \"steve@EXAMPLE.COM\" created."
17754
17753
msgstr ""
17755
17754
17756
#: serverguide/C/network-auth.xml:3789(para)
17755
#: serverguide/C/network-auth.xml:3788(para)
17757
17756
msgid ""
17758
17757
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17759
17758
"krbExtraData attributes added to the "
17762
17761
"utilities to test that the user is indeed issued a ticket."
17763
17762
msgstr ""
17764
17763
17765
#: serverguide/C/network-auth.xml:3796(para)
17764
#: serverguide/C/network-auth.xml:3795(para)
17766
17765
msgid ""
17767
17766
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17768
17767
"option is needed to add the Kerberos attributes. Otherwise a new "
17769
17768
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17770
17769
msgstr ""
17771
17770
17772
#: serverguide/C/network-auth.xml:3804(title)
17771
#: serverguide/C/network-auth.xml:3803(title)
17773
17772
msgid "Secondary KDC Configuration"
17774
17773
msgstr ""
17775
17774
17776
#: serverguide/C/network-auth.xml:3806(para)
17775
#: serverguide/C/network-auth.xml:3805(para)
17777
17776
msgid ""
17778
17777
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17779
17778
"one using the normal Kerberos database."
17780
17779
msgstr ""
17781
17780
17782
#: serverguide/C/network-auth.xml:3812(para)
17781
#: serverguide/C/network-auth.xml:3811(para)
17783
17782
msgid "First, install the necessary packages. In a terminal enter:"
17784
17783
msgstr ""
17785
17784
17786
#: serverguide/C/network-auth.xml:3823(para)
17785
#: serverguide/C/network-auth.xml:3822(para)
17787
17786
msgid ""
17788
17787
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17789
17788
msgstr ""
17790
17789
17791
#: serverguide/C/network-auth.xml:3827(programlisting)
17790
#: serverguide/C/network-auth.xml:3826(programlisting)
17792
17791
#, no-wrap
17793
17792
msgid ""
17794
17793
"\n"
17837
17836
" }\n"
17838
17837
msgstr ""
17839
17838
17840
#: serverguide/C/network-auth.xml:3874(para)
17839
#: serverguide/C/network-auth.xml:3873(para)
17841
17840
msgid "Create the stash for the LDAP bind password:"
17842
17841
msgstr ""
17843
17842
17844
#: serverguide/C/network-auth.xml:3886(para)
17843
#: serverguide/C/network-auth.xml:3885(para)
17845
17844
msgid ""
17846
17845
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17847
17846
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17850
17849
"media."
17851
17850
msgstr ""
17852
17851
17853
#: serverguide/C/network-auth.xml:3893(command)
17852
#: serverguide/C/network-auth.xml:3892(command)
17854
17853
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17855
17854
msgstr "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17856
17855
17857
#: serverguide/C/network-auth.xml:3894(command)
17856
#: serverguide/C/network-auth.xml:3893(command)
17858
17857
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17859
17858
msgstr "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17860
17859
17861
#: serverguide/C/network-auth.xml:3898(para)
17860
#: serverguide/C/network-auth.xml:3897(para)
17862
17861
msgid ""
17863
17862
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17864
17863
msgstr ""
17865
17864
17866
#: serverguide/C/network-auth.xml:3906(para)
17865
#: serverguide/C/network-auth.xml:3905(para)
17867
17866
msgid ""
17868
17867
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17869
17868
"only,"
17870
17869
msgstr ""
17871
17870
17872
#: serverguide/C/network-auth.xml:3918(para)
17871
#: serverguide/C/network-auth.xml:3917(para)
17873
17872
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17874
17873
msgstr ""
17875
17874
17876
#: serverguide/C/network-auth.xml:3929(para)
17875
#: serverguide/C/network-auth.xml:3928(para)
17877
17876
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17878
17877
msgstr ""
17879
17878
17880
#: serverguide/C/network-auth.xml:3936(para)
17879
#: serverguide/C/network-auth.xml:3935(para)
17881
17880
msgid ""
17882
17881
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17883
17882
"you should be able to continue to authenticate users if one LDAP server, one "
17884
17883
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17885
17884
msgstr ""
17886
17885
17887
#: serverguide/C/network-auth.xml:3948(para)
17886
#: serverguide/C/network-auth.xml:3947(para)
17888
17887
msgid ""
17889
17888
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17890
17889
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17891
17890
"Guide</ulink> has some additional details."
17892
17891
msgstr ""
17893
17892
17894
#: serverguide/C/network-auth.xml:3951(para)
17893
#: serverguide/C/network-auth.xml:3953(para)
17895
17894
msgid ""
17896
17895
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17897
17896
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17901
17900
"l\">kdb5_ldap_util man page</ulink>."
17902
17901
msgstr ""
17903
17902
17904
#: serverguide/C/network-auth.xml:3959(para)
17903
#: serverguide/C/network-auth.xml:3961(para)
17905
17904
msgid ""
17906
17905
"Another useful link is the <ulink "
17907
17906
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17908
17907
"rb5.conf man page</ulink>."
17909
17908
msgstr ""
17910
17909
17911
#: serverguide/C/network-auth.xml:3967(para)
17910
#: serverguide/C/network-auth.xml:3966(para)
17912
17911
msgid ""
17913
17912
"Also, see the <ulink "
17914
17913
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17915
17914
"and LDAP</ulink> Ubuntu wiki page."
17916
17915
msgstr ""
17917
17916
17918
#: serverguide/C/network-auth.xml:3973(title)
17917
#: serverguide/C/network-auth.xml:3975(title)
17919
17918
msgid "SSSD and Active Directory"
17920
17919
msgstr ""
17921
17920
17922
#: serverguide/C/network-auth.xml:3974(para)
17921
#: serverguide/C/network-auth.xml:3976(para)
17923
17922
msgid ""
17924
17923
"This section describes the use of sssd to authenticate user logins against "
17925
17924
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17930
17929
"requires no modifications to the AD structure."
17931
17930
msgstr ""
17932
17931
17933
#: serverguide/C/network-auth.xml:3978(title)
17932
#: serverguide/C/network-auth.xml:3980(title)
17934
17933
msgid "Prerequisites, Assumptions, and Requirements"
17935
17934
msgstr ""
17936
17935
17937
#: serverguide/C/network-auth.xml:3981(para)
17936
#: serverguide/C/network-auth.xml:3983(para)
17938
17937
msgid ""
17939
17938
"This guide does not explain Active Directory, how it works, how to set one "
17940
17939
"up, or how to maintain it. It may not provide “best practices” for your "
17941
17940
"environment."
17942
17941
msgstr ""
17943
17942
17944
#: serverguide/C/network-auth.xml:3983(para)
17943
#: serverguide/C/network-auth.xml:3985(para)
17945
17944
msgid ""
17946
17945
"This guide assumes that a working Active Directory domain is already "
17947
17946
"configured."
17948
17947
msgstr ""
17949
17948
17950
#: serverguide/C/network-auth.xml:3985(para)
17949
#: serverguide/C/network-auth.xml:3987(para)
17951
17950
msgid ""
17952
17951
"The domain controller is acting as an authoritative DNS server for the "
17953
17952
"domain."
17954
17953
msgstr ""
17955
17954
17956
#: serverguide/C/network-auth.xml:3987(para)
17955
#: serverguide/C/network-auth.xml:3989(para)
17957
17956
msgid ""
17958
17957
"The domain controller is the primary DNS resolver as specified in "
17959
17958
"<filename>/etc/resolv.conf</filename>."
17960
17959
msgstr ""
17961
17960
17962
#: serverguide/C/network-auth.xml:3990(para)
17961
#: serverguide/C/network-auth.xml:3992(para)
17963
17962
msgid ""
17964
17963
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17965
17964
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17966
17965
"(see Resources section for external links)."
17967
17966
msgstr ""
17968
17967
17969
#: serverguide/C/network-auth.xml:3992(para)
17968
#: serverguide/C/network-auth.xml:3994(para)
17970
17969
msgid ""
17971
17970
"System time is synchronized on the domain controller (necessary for "
17972
17971
"Kerberos)."
17973
17972
msgstr ""
17974
17973
17975
#: serverguide/C/network-auth.xml:3994(para)
17974
#: serverguide/C/network-auth.xml:3996(para)
17976
17975
msgid ""
17977
17976
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17978
17977
"."
17979
17978
msgstr ""
17980
17979
17981
#: serverguide/C/network-auth.xml:3999(para)
17980
#: serverguide/C/network-auth.xml:4001(para)
17982
17981
msgid ""
17983
17982
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17984
17983
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17987
17986
"controllers are needed for this step."
17988
17987
msgstr ""
17989
17988
17990
#: serverguide/C/network-auth.xml:4000(para)
17989
#: serverguide/C/network-auth.xml:4002(para)
17991
17990
msgid "Install these packages now."
17992
17991
msgstr ""
17993
17992
17994
#: serverguide/C/network-auth.xml:4002(command)
17993
#: serverguide/C/network-auth.xml:4004(command)
17995
17994
msgid "sudo apt-get install krb5-user samba sssd ntp"
17996
17995
msgstr ""
17997
17996
17998
#: serverguide/C/network-auth.xml:4003(para)
17997
#: serverguide/C/network-auth.xml:4005(para)
17999
17998
msgid ""
18000
17999
"See the next section for the answers to the questions asked by the "
18001
18000
"<emphasis>krb5-user</emphasis> postinstall script."
18002
18001
msgstr ""
18003
18002
18004
#: serverguide/C/network-auth.xml:4006(title)
18003
#: serverguide/C/network-auth.xml:4008(title)
18005
18004
msgid "Kerberos Configuration"
18006
18005
msgstr ""
18007
18006
18008
#: serverguide/C/network-auth.xml:4007(para)
18007
#: serverguide/C/network-auth.xml:4009(para)
18009
18008
msgid ""
18010
18009
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
18011
18010
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
18015
18014
"not, then both are needed."
18016
18015
msgstr ""
18017
18016
18018
#: serverguide/C/network-auth.xml:4008(para)
18017
#: serverguide/C/network-auth.xml:4010(para)
18019
18018
msgid ""
18020
18019
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
18021
18020
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
18022
18021
msgstr ""
18023
18022
18024
#: serverguide/C/network-auth.xml:4011(para)
18023
#: serverguide/C/network-auth.xml:4013(para)
18025
18024
msgid ""
18026
18025
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
18027
18026
"settings to specify Kerberos ticket lifetime (these values are safe to use "
18028
18027
"as defaults):"
18029
18028
msgstr ""
18030
18029
18031
#: serverguide/C/network-auth.xml:4012(programlisting)
18030
#: serverguide/C/network-auth.xml:4014(programlisting)
18032
18031
#, no-wrap
18033
18032
msgid ""
18034
18033
"\n"
18040
18039
"\t\t"
18041
18040
msgstr ""
18042
18041
18043
#: serverguide/C/network-auth.xml:4020(para)
18042
#: serverguide/C/network-auth.xml:4022(para)
18044
18043
msgid ""
18045
18044
"If default_realm is not specified, it may be necessary to log in with "
18046
18045
"“username@domain” instead of “username”."
18047
18046
msgstr ""
18048
18047
18049
#: serverguide/C/network-auth.xml:4022(para)
18048
#: serverguide/C/network-auth.xml:4024(para)
18050
18049
msgid ""
18051
18050
"The system time on the Active Directory member needs to be consistent with "
18052
18051
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
18054
18053
"<filename>/etc/ntp.conf</filename>:"
18055
18054
msgstr ""
18056
18055
18057
#: serverguide/C/network-auth.xml:4024(programlisting)
18056
#: serverguide/C/network-auth.xml:4026(programlisting)
18058
18057
#, no-wrap
18059
18058
msgid ""
18060
18059
"\n"
18061
18060
"server dc.myubuntu.example.com\n"
18062
18061
msgstr ""
18063
18062
18064
#: serverguide/C/network-auth.xml:4031(para)
18063
#: serverguide/C/network-auth.xml:4033(para)
18065
18064
msgid ""
18066
18065
"Samba will be used to perform netbios/nmbd services related to Active "
18067
18066
"Directory authentication, even if no file shares are exported. Edit the file "
18069
18068
"<emphasis>[global]</emphasis> section:"
18070
18069
msgstr ""
18071
18070
18072
#: serverguide/C/network-auth.xml:4033(programlisting)
18071
#: serverguide/C/network-auth.xml:4035(programlisting)
18073
18072
#, no-wrap
18074
18073
msgid ""
18075
18074
"\n"
18083
18082
"security = ads\n"
18084
18083
msgstr ""
18085
18084
18086
#: serverguide/C/network-auth.xml:4044(para)
18085
#: serverguide/C/network-auth.xml:4046(para)
18087
18086
msgid ""
18088
18087
"Some guides specify that \"password server\" should be specified and pointed "
18089
18088
"to the domain controller. This is only necessary if DNS is not properly set "
18091
18090
"server\" is specified with \"security = ads\"."
18092
18091
msgstr ""
18093
18092
18094
#: serverguide/C/network-auth.xml:4049(title)
18093
#: serverguide/C/network-auth.xml:4051(title)
18095
18094
msgid "SSSD Configuration"
18096
18095
msgstr ""
18097
18096
18098
#: serverguide/C/network-auth.xml:4051(para)
18097
#: serverguide/C/network-auth.xml:4053(para)
18099
18098
msgid ""
18100
18099
"There is no default/example config file for "
18101
18100
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
18102
18101
"necessary to create one. This is a minimal working config file:"
18103
18102
msgstr ""
18104
18103
18105
#: serverguide/C/network-auth.xml:4053(programlisting)
18104
#: serverguide/C/network-auth.xml:4055(programlisting)
18106
18105
#, no-wrap
18107
18106
msgid ""
18108
18107
"\n"
18134
18133
"# enumerate = true\n"
18135
18134
msgstr ""
18136
18135
18137
#: serverguide/C/network-auth.xml:4080(para)
18136
#: serverguide/C/network-auth.xml:4082(para)
18138
18137
msgid ""
18139
18138
"After saving this file, set the ownership to root and the file permissions "
18140
18139
"to 600:"
18141
18140
msgstr ""
18142
18141
18143
#: serverguide/C/network-auth.xml:4081(command)
18142
#: serverguide/C/network-auth.xml:4083(command)
18144
18143
msgid "sudo chown root:root /etc/sssd/sssd.conf"
18145
18144
msgstr ""
18146
18145
18147
#: serverguide/C/network-auth.xml:4082(command)
18146
#: serverguide/C/network-auth.xml:4084(command)
18148
18147
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
18149
18148
msgstr ""
18150
18149
18151
#: serverguide/C/network-auth.xml:4084(para)
18150
#: serverguide/C/network-auth.xml:4086(para)
18152
18151
msgid ""
18153
18152
"If the ownership or permissions are not correct, sssd will refuse to start."
18154
18153
msgstr ""
18155
18154
18156
#: serverguide/C/network-auth.xml:4088(title)
18155
#: serverguide/C/network-auth.xml:4090(title)
18157
18156
msgid "Verify nsswitch.conf Configuration"
18158
18157
msgstr ""
18159
18158
18160
#: serverguide/C/network-auth.xml:4089(para)
18159
#: serverguide/C/network-auth.xml:4091(para)
18161
18160
msgid ""
18162
18161
"The post-install script for the sssd package makes some modifications to "
18163
18162
"/etc/nsswitch.conf automatically. It should look something like this:"
18164
18163
msgstr ""
18165
18164
18166
#: serverguide/C/network-auth.xml:4091(programlisting)
18165
#: serverguide/C/network-auth.xml:4093(programlisting)
18167
18166
#, no-wrap
18168
18167
msgid ""
18169
18168
"\n"
18174
18173
"sudoers: files sss\n"
18175
18174
msgstr ""
18176
18175
18177
#: serverguide/C/network-auth.xml:4101(title)
18176
#: serverguide/C/network-auth.xml:4103(title)
18178
18177
msgid "Modify /etc/hosts"
18179
18178
msgstr ""
18180
18179
18181
#: serverguide/C/network-auth.xml:4102(para)
18180
#: serverguide/C/network-auth.xml:4104(para)
18182
18181
msgid ""
18183
18182
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18184
18183
"example:"
18185
18184
msgstr ""
18186
18185
18187
#: serverguide/C/network-auth.xml:4103(programlisting)
18186
#: serverguide/C/network-auth.xml:4105(programlisting)
18188
18187
#, no-wrap
18189
18188
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18190
18189
msgstr ""
18191
18190
18192
#: serverguide/C/network-auth.xml:4105(para)
18191
#: serverguide/C/network-auth.xml:4107(para)
18193
18192
msgid "This is useful in conjunction with dynamic DNS updates."
18194
18193
msgstr ""
18195
18194
18196
#: serverguide/C/network-auth.xml:4109(title)
18195
#: serverguide/C/network-auth.xml:4111(title)
18197
18196
msgid "Join the Active Directory"
18198
18197
msgstr ""
18199
18198
18200
#: serverguide/C/network-auth.xml:4110(para)
18199
#: serverguide/C/network-auth.xml:4112(para)
18201
18200
msgid "Now, restart ntp and samba and start sssd."
18202
18201
msgstr ""
18203
18202
18204
#: serverguide/C/virtualization.xml:2208(command)
18203
#: serverguide/C/network-auth.xml:4113(command)
18205
18204
msgid "sudo service ntp restart"
18206
18205
msgstr ""
18207
18206
18208
#: serverguide/C/network-auth.xml:4114(command)
18207
#: serverguide/C/network-auth.xml:4116(command)
18209
18208
msgid "sudo start sssd"
18210
18209
msgstr ""
18211
18210
18212
#: serverguide/C/network-auth.xml:4116(para)
18211
#: serverguide/C/network-auth.xml:4118(para)
18213
18212
msgid "Test the configuration by obtaining a Kerberos ticket:"
18214
18213
msgstr ""
18215
18214
18216
#: serverguide/C/network-auth.xml:4118(command)
18215
#: serverguide/C/network-auth.xml:4120(command)
18217
18216
msgid "sudo kinit Administrator"
18218
18217
msgstr ""
18219
18218
18220
#: serverguide/C/network-auth.xml:4120(para)
18219
#: serverguide/C/network-auth.xml:4122(para)
18221
18220
msgid "Verify the ticket with:"
18222
18221
msgstr ""
18223
18222
18224
#: serverguide/C/network-auth.xml:4121(command)
18223
#: serverguide/C/network-auth.xml:4123(command)
18225
18224
msgid "sudo klist"
18226
18225
msgstr ""
18227
18226
18228
#: serverguide/C/network-auth.xml:4123(para)
18227
#: serverguide/C/network-auth.xml:4125(para)
18229
18228
msgid ""
18230
18229
"If there is a ticket with an expiration date listed, then it is time to join "
18231
18230
"the domain:"
18232
18231
msgstr ""
18233
18232
18234
#: serverguide/C/network-auth.xml:4125(command)
18233
#: serverguide/C/network-auth.xml:4127(command)
18235
18234
msgid "sudo net ads join -k"
18236
18235
msgstr ""
18237
18236
18238
#: serverguide/C/network-auth.xml:4127(para)
18237
#: serverguide/C/network-auth.xml:4129(para)
18239
18238
msgid ""
18240
18239
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18241
18240
"probably means that there is no (correct) alias in "
18245
18244
"\"Modify /etc/hosts\" above."
18246
18245
msgstr ""
18247
18246
18248
#: serverguide/C/network-auth.xml:4129(para)
18247
#: serverguide/C/network-auth.xml:4131(para)
18249
18248
msgid ""
18250
18249
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18251
18250
"something is incorrect. Review the prior steps before proceeding)."
18252
18251
msgstr ""
18253
18252
18254
#: serverguide/C/network-auth.xml:4131(para)
18253
#: serverguide/C/network-auth.xml:4133(para)
18255
18254
msgid ""
18256
18255
"Here are a couple of (optional) checks to verify that the domain join was "
18257
18256
"successful. Note that if the domain was successfully joined but one or both "
18259
18258
"Some of the changes appear to be asynchronous."
18260
18259
msgstr ""
18261
18260
18262
#: serverguide/C/network-auth.xml:4133(para)
18261
#: serverguide/C/network-auth.xml:4135(para)
18263
18262
msgid "Verification option #1:"
18264
18263
msgstr ""
18265
18264
18266
#: serverguide/C/network-auth.xml:4134(para)
18265
#: serverguide/C/network-auth.xml:4136(para)
18267
18266
msgid ""
18268
18267
"Check the default Organizational Unit for computer accounts in the Active "
18269
18268
"Directory to verify that the computer account was created. (Organizational "
18270
18269
"Units in Active Directory is a topic outside the scope of this guide)."
18271
18270
msgstr ""
18272
18271
18273
#: serverguide/C/network-auth.xml:4136(para)
18272
#: serverguide/C/network-auth.xml:4138(para)
18274
18273
msgid "Verification option #2"
18275
18274
msgstr ""
18276
18275
18277
#: serverguide/C/network-auth.xml:4137(para)
18276
#: serverguide/C/network-auth.xml:4139(para)
18278
18277
msgid "Execute this command for a specific AD user (e.g. administrator)"
18279
18278
msgstr ""
18280
18279
18281
#: serverguide/C/network-auth.xml:4138(command)
18280
#: serverguide/C/network-auth.xml:4140(command)
18282
18281
msgid "getent passwd username"
18283
18282
msgstr ""
18284
18283
18285
#: serverguide/C/network-auth.xml:4140(para)
18284
#: serverguide/C/network-auth.xml:4142(para)
18286
18285
msgid ""
18287
18286
"If <emphasis>enumerate = true</emphasis> is set in "
18288
18287
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18290
18289
"testing, but is slow and not recommended for production."
18291
18290
msgstr ""
18292
18291
18293
#: serverguide/C/network-auth.xml:4144(title)
18292
#: serverguide/C/network-auth.xml:4146(title)
18294
18293
msgid "Test Authentication"
18295
18294
msgstr ""
18296
18295
18297
#: serverguide/C/network-auth.xml:4145(para)
18296
#: serverguide/C/network-auth.xml:4147(para)
18298
18297
msgid ""
18299
18298
"It should now be possible to authenticate using an Active Directory User's "
18300
18299
"credentials:"
18301
18300
msgstr ""
18302
18301
18303
#: serverguide/C/network-auth.xml:4147(command)
18302
#: serverguide/C/network-auth.xml:4149(command)
18304
18303
msgid "su - username"
18305
18304
msgstr ""
18306
18305
18307
#: serverguide/C/network-auth.xml:4149(para)
18306
#: serverguide/C/network-auth.xml:4151(para)
18308
18307
msgid ""
18309
18308
"If this works, then other login methods (getty, ssh) should also work."
18310
18309
msgstr ""
18311
18310
18312
#: serverguide/C/network-auth.xml:4151(para)
18311
#: serverguide/C/network-auth.xml:4153(para)
18313
18312
msgid ""
18314
18313
"If the computer account was created, indicating that the system was "
18315
18314
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18318
18317
"earlier in this guide."
18319
18318
msgstr ""
18320
18319
18321
#: serverguide/C/network-auth.xml:4155(title)
18320
#: serverguide/C/network-auth.xml:4157(title)
18322
18321
msgid "Home directories with pam_mkhomedir (optional)"
18323
18322
msgstr ""
18324
18323
18325
#: serverguide/C/network-auth.xml:4156(para)
18324
#: serverguide/C/network-auth.xml:4158(para)
18326
18325
msgid ""
18327
18326
"When logging in using an Active Directory user account, it is likely that "
18328
18327
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18331
18330
"after <emphasis>session required pam_unix.so:</emphasis>"
18332
18331
msgstr ""
18333
18332
18334
#: serverguide/C/network-auth.xml:4157(programlisting)
18333
#: serverguide/C/network-auth.xml:4159(programlisting)
18335
18334
#, no-wrap
18336
18335
msgid ""
18337
18336
"\n"
18338
18337
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18339
18338
msgstr ""
18340
18339
18341
#: serverguide/C/network-auth.xml:4161(para)
18340
#: serverguide/C/network-auth.xml:4163(para)
18342
18341
msgid ""
18343
18342
"This may also need <emphasis>override_homedir</emphasis> in "
18344
18343
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18345
18344
"set."
18346
18345
msgstr ""
18347
18346
18348
#: serverguide/C/network-auth.xml:4165(title)
18347
#: serverguide/C/network-auth.xml:4167(title)
18349
18348
msgid "Desktop Ubuntu Authentication"
18350
18349
msgstr ""
18351
18350
18352
#: serverguide/C/network-auth.xml:4166(para)
18351
#: serverguide/C/network-auth.xml:4168(para)
18353
18352
msgid ""
18354
18353
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18355
18354
"Directory accounts. The AD accounts will not show up in the pick list with "
18358
18357
"append the following two lines:"
18359
18358
msgstr ""
18360
18359
18361
#: serverguide/C/network-auth.xml:4168(programlisting)
18360
#: serverguide/C/network-auth.xml:4170(programlisting)
18362
18361
#, no-wrap
18363
18362
msgid ""
18364
18363
"\n"
18366
18365
"greeter-hide-users=true\n"
18367
18366
msgstr ""
18368
18367
18369
#: serverguide/C/network-auth.xml:4173(para)
18368
#: serverguide/C/network-auth.xml:4175(para)
18370
18369
msgid ""
18371
18370
"Reboot to restart lightdm. It should now be possible to log in using a "
18372
18371
"domain account using either <emphasis>username</emphasis> or "
18373
18372
"<emphasis>username/username@domain</emphasis> format."
18374
18373
msgstr ""
18375
18374
18376
#: serverguide/C/network-auth.xml:4179(ulink)
18375
#: serverguide/C/network-auth.xml:4181(ulink)
18377
18376
msgid "SSSD Project"
18378
18377
msgstr ""
18379
18378
18380
#: serverguide/C/network-auth.xml:4180(ulink)
18379
#: serverguide/C/network-auth.xml:4182(ulink)
18381
18380
msgid "DNS Server Configuration guidelines"
18382
18381
msgstr ""
18383
18382
18384
#: serverguide/C/network-auth.xml:4181(ulink)
18383
#: serverguide/C/network-auth.xml:4183(ulink)
18385
18384
msgid "Active Directory DNS Zone Entries"
18386
18385
msgstr ""
18387
18386
18388
#: serverguide/C/network-auth.xml:4182(ulink)
18387
#: serverguide/C/network-auth.xml:4184(ulink)
18389
18388
msgid "Kerberos config options"
18390
18389
msgstr ""
18391
18390
18397
18396
msgid "Attribute"
18398
18397
msgstr ""
18399
18398
18400
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
18399
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18401
18400
msgid "Description"
18402
18401
msgstr ""
18403
18402
18531
18530
"levels are between 0 and 6. The default value is 2."
18532
18531
msgstr ""
18533
18532
18534
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
18533
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18535
18534
msgid "path_selector"
18536
18535
msgstr ""
18537
18536
18566
18565
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
18567
18566
msgstr ""
18568
18567
18569
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
18568
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18570
18569
msgid "path_grouping_policy"
18571
18570
msgstr ""
18572
18571
18609
18608
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
18610
18609
msgstr ""
18611
18610
18612
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
18611
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18613
18612
msgid "getuid_callout"
18614
18613
msgstr ""
18615
18614
18625
18624
"path identifier. An absolute path is required. <placeholder-1/>"
18626
18625
msgstr ""
18627
18626
18628
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
18627
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18629
18628
msgid "prio"
18630
18629
msgstr ""
18631
18630
18681
18680
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
18682
18681
msgstr ""
18683
18682
18684
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
18683
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18685
18684
msgid "prio_args"
18686
18685
msgstr ""
18687
18686
18693
18692
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
18694
18693
msgstr ""
18695
18694
18696
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
18695
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18697
18696
msgid "features"
18698
18697
msgstr ""
18699
18698
18701
18700
msgid "queue_if_no_path"
18702
18701
msgstr ""
18703
18702
18704
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
18703
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18705
18704
msgid "no_path_retry"
18706
18705
msgstr ""
18707
18706
18721
18720
"feature, see Section, <placeholder-4/>."
18722
18721
msgstr ""
18723
18722
18724
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
18723
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18725
18724
msgid "path_checker"
18726
18725
msgstr ""
18727
18726
18771
18770
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18772
18771
msgstr ""
18773
18772
18774
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18773
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18775
18774
msgid "failback"
18776
18775
msgstr ""
18777
18776
18802
18801
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18803
18802
msgstr ""
18804
18803
18805
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18804
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18806
18805
msgid "rr_min_io"
18807
18806
msgstr ""
18808
18807
18816
18815
"the next path in the current path group.<placeholder-1/>"
18817
18816
msgstr ""
18818
18817
18819
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18818
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18820
18819
msgid "rr_weight"
18821
18820
msgstr ""
18822
18821
18870
18869
msgid "alias"
18871
18870
msgstr ""
18872
18871
18873
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
18872
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
18874
18873
msgid "multipath"
18875
18874
msgstr ""
18876
18875
18907
18906
"devices when it is shut down. <placeholder-2/>"
18908
18907
msgstr ""
18909
18908
18910
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
18909
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
18911
18910
msgid "flush_on_last_del"
18912
18911
msgstr ""
18913
18912
18953
18952
"explicit timeout, in seconds. <placeholder-1/>"
18954
18953
msgstr ""
18955
18954
18956
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
18955
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
18957
18956
msgid "fast_io_fail_tmo"
18958
18957
msgstr ""
18959
18958
18969
18968
"this to off will disable the timeout. <placeholder-1/>"
18970
18969
msgstr ""
18971
18970
18972
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
18971
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
18973
18972
msgid "dev_loss_tmo"
18974
18973
msgstr ""
18975
18974
19651
19650
"IMAP server."
19652
19651
msgstr ""
19653
19652
19654
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
19653
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1577(title)
19655
19654
msgid "Postfix"
19656
19655
msgstr "Postfix"
19657
19656
19774
19773
"your Mail Delivery Agent (MDA) to use the same path."
19775
19774
msgstr ""
19776
19775
19777
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19776
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19778
19777
msgid "SMTP Authentication"
19779
19778
msgstr ""
19780
19779
19925
19924
"tls_random_source = dev:/dev/urandom\n"
19926
19925
msgstr ""
19927
19926
19928
#: serverguide/C/mail.xml:188(para)
19927
#: serverguide/C/mail.xml:229(para)
19929
19928
msgid ""
19930
19929
"The postfix initial configuration is complete. Run the following command to "
19931
19930
"restart the postfix daemon:"
19935
19934
msgid "sudo service postfix restart"
19936
19935
msgstr ""
19937
19936
19938
#: serverguide/C/mail.xml:197(para)
19937
#: serverguide/C/mail.xml:238(para)
19939
19938
msgid ""
19940
19939
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
19941
19940
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
19944
19943
"AUTH."
19945
19944
msgstr ""
19946
19945
19947
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
19946
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
19948
19947
msgid "Configuring SASL"
19949
19948
msgstr "Наладка SASL"
19950
19949
19951
#: serverguide/C/mail.xml:208(para)
19950
#: serverguide/C/mail.xml:249(para)
19952
19951
msgid ""
19953
19952
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
19954
19953
"enable Dovecot SASL the <application>dovecot-common</application> package "
19955
19954
"will need to be installed. From a terminal prompt enter the following:"
19956
19955
msgstr ""
19957
19956
19958
#: serverguide/C/mail.xml:214(command)
19957
#: serverguide/C/mail.xml:255(command)
19959
19958
msgid "sudo apt-get install dovecot-common"
19960
19959
msgstr ""
19961
19960
20017
20016
"auth_mechanisms = plain login\n"
20018
20017
msgstr ""
20019
20018
20020
#: serverguide/C/mail.xml:253(para)
20019
#: serverguide/C/mail.xml:298(para)
20021
20020
msgid ""
20022
20021
"Once you have <application>Dovecot</application> configured restart it with:"
20023
20022
msgstr ""
20026
20025
msgid "sudo service dovecot restart"
20027
20026
msgstr ""
20028
20027
20029
#: serverguide/C/mail.xml:262(title)
20028
#: serverguide/C/mail.xml:307(title)
20030
20029
msgid "Mail-Stack Delivery"
20031
20030
msgstr ""
20032
20031
20033
#: serverguide/C/mail.xml:264(para)
20032
#: serverguide/C/mail.xml:309(para)
20034
20033
msgid ""
20035
20034
"Another option for configuring <application>Postfix</application> for SMTP-"
20036
20035
"AUTH is using the <application>mail-stack-delivery</application> package "
20041
20040
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
20042
20041
msgstr ""
20043
20042
20044
#: serverguide/C/mail.xml:274(para)
20043
#: serverguide/C/mail.xml:319(para)
20045
20044
msgid ""
20046
20045
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
20047
20046
"server. For example, if you are configuring your server to be a mail "
20049
20048
"the above commands to configure Postfix for SMTP-AUTH."
20050
20049
msgstr ""
20051
20050
20052
#: serverguide/C/mail.xml:281(para)
20051
#: serverguide/C/mail.xml:326(para)
20053
20052
msgid "To install the package, from a terminal prompt enter:"
20054
20053
msgstr ""
20055
20054
20056
#: serverguide/C/mail.xml:286(command)
20055
#: serverguide/C/mail.xml:331(command)
20057
20056
msgid "sudo apt-get install mail-stack-delivery"
20058
20057
msgstr ""
20059
20058
20060
#: serverguide/C/mail.xml:289(para)
20059
#: serverguide/C/mail.xml:334(para)
20061
20060
msgid ""
20062
20061
"You should now have a working mail server, but there are a few options that "
20063
20062
"you may wish to further customize. For example, the package uses the "
20067
20066
"for more details."
20068
20067
msgstr ""
20069
20068
20070
#: serverguide/C/mail.xml:295(para)
20069
#: serverguide/C/mail.xml:340(para)
20071
20070
msgid ""
20072
20071
"Once you have a customized certificate and key for the host, change the "
20073
20072
"following options in <filename>/etc/postfix/main.cf</filename>:"
20074
20073
msgstr ""
20075
20074
20076
#: serverguide/C/mail.xml:299(programlisting)
20075
#: serverguide/C/mail.xml:344(programlisting)
20077
20076
#, no-wrap
20078
20077
msgid ""
20079
20078
"\n"
20084
20083
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
20085
20084
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
20086
20085
20087
#: serverguide/C/mail.xml:304(para)
20086
#: serverguide/C/mail.xml:349(para)
20088
20087
msgid "Then restart Postfix:"
20089
20088
msgstr "Пасьля перазапусьціце Postfix:"
20090
20089
20091
#: serverguide/C/mail.xml:315(para)
20090
#: serverguide/C/mail.xml:360(para)
20092
20091
msgid ""
20093
20092
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
20094
20093
msgstr ""
20095
20094
20096
#: serverguide/C/mail.xml:318(para)
20095
#: serverguide/C/mail.xml:363(para)
20097
20096
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
20098
20097
msgstr ""
20099
20098
20100
#: serverguide/C/mail.xml:323(command)
20099
#: serverguide/C/mail.xml:368(command)
20101
20100
msgid "telnet mail.example.com 25"
20102
20101
msgstr "telnet mail.example.com 25"
20103
20102
20104
#: serverguide/C/mail.xml:325(para)
20103
#: serverguide/C/mail.xml:370(para)
20105
20104
msgid ""
20106
20105
"After you have established the connection to the postfix mail server, type:"
20107
20106
msgstr ""
20108
20107
20109
#: serverguide/C/mail.xml:329(screen)
20108
#: serverguide/C/mail.xml:374(screen)
20110
20109
#, no-wrap
20111
20110
msgid ""
20112
20111
"\n"
20115
20114
"\n"
20116
20115
"ehlo mail.example.com\n"
20117
20116
20118
#: serverguide/C/mail.xml:332(para)
20117
#: serverguide/C/mail.xml:377(para)
20119
20118
msgid ""
20120
20119
"If you see the following lines among others, then everything is working "
20121
20120
"perfectly. Type <command>quit</command> to exit."
20122
20121
msgstr ""
20123
20122
20124
#: serverguide/C/mail.xml:336(programlisting)
20123
#: serverguide/C/mail.xml:381(programlisting)
20125
20124
#, no-wrap
20126
20125
msgid ""
20127
20126
"\n"
20136
20135
"250-AUTH=LOGIN PLAIN\n"
20137
20136
"250 8BITMIME\n"
20138
20137
20139
#: serverguide/C/mail.xml:346(para)
20138
#: serverguide/C/mail.xml:391(para)
20140
20139
msgid ""
20141
20140
"This section introduces some common ways to determine the cause if problems "
20142
20141
"arise."
20143
20142
msgstr ""
20144
20143
20145
#: serverguide/C/mail.xml:350(title)
20144
#: serverguide/C/mail.xml:395(title)
20146
20145
msgid "Escaping chroot"
20147
20146
msgstr ""
20148
20147
20149
#: serverguide/C/mail.xml:351(para)
20148
#: serverguide/C/mail.xml:396(para)
20150
20149
msgid ""
20151
20150
"The Ubuntu <application>postfix</application> package will by default "
20152
20151
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
20153
20152
"This can add greater complexity when troubleshooting problems."
20154
20153
msgstr ""
20155
20154
20156
#: serverguide/C/mail.xml:355(para)
20155
#: serverguide/C/mail.xml:400(para)
20157
20156
msgid ""
20158
20157
"To turn off the chroot operation locate for the following line in the "
20159
20158
"<filename>/etc/postfix/master.cf</filename> configuration file:"
20160
20159
msgstr ""
20161
20160
20162
#: serverguide/C/mail.xml:359(screen)
20161
#: serverguide/C/mail.xml:404(screen)
20163
20162
#, no-wrap
20164
20163
msgid ""
20165
20164
"\n"
20168
20167
"\n"
20169
20168
"smtp inet n - - - - smtpd\n"
20170
20169
20171
#: serverguide/C/mail.xml:362(para)
20170
#: serverguide/C/mail.xml:407(para)
20172
20171
msgid "and modify it as follows:"
20173
20172
msgstr "і зьміце наступным чынам:"
20174
20173
20175
#: serverguide/C/mail.xml:365(screen)
20174
#: serverguide/C/mail.xml:410(screen)
20176
20175
#, no-wrap
20177
20176
msgid ""
20178
20177
"\n"
20181
20180
"\n"
20182
20181
"smtp inet n - n - - smtpd\n"
20183
20182
20184
#: serverguide/C/mail.xml:368(para)
20183
#: serverguide/C/mail.xml:413(para)
20185
20184
msgid ""
20186
20185
"You will then need to restart Postfix to use the new configuration. From a "
20187
20186
"terminal prompt enter:"
20209
20208
"\t "
20210
20209
msgstr ""
20211
20210
20212
#: serverguide/C/mail.xml:376(title)
20211
#: serverguide/C/mail.xml:434(title)
20213
20212
msgid "Log Files"
20214
20213
msgstr ""
20215
20214
20216
#: serverguide/C/mail.xml:377(para)
20215
#: serverguide/C/mail.xml:435(para)
20217
20216
msgid ""
20218
20217
"<application>Postfix</application> sends all log messages to "
20219
20218
"<filename>/var/log/mail.log</filename>. However error and warning messages "
20222
20221
"<filename>/var/log/mail.warn</filename> respectively."
20223
20222
msgstr ""
20224
20223
20225
#: serverguide/C/mail.xml:382(para)
20224
#: serverguide/C/mail.xml:440(para)
20226
20225
msgid ""
20227
20226
"To see messages entered into the logs in real time you can use the "
20228
20227
"<application>tail -f</application> command:"
20229
20228
msgstr ""
20230
20229
20231
#: serverguide/C/mail.xml:387(command)
20230
#: serverguide/C/mail.xml:445(command)
20232
20231
msgid "tail -f /var/log/mail.err"
20233
20232
msgstr "tail -f /var/log/mail.err"
20234
20233
20235
#: serverguide/C/mail.xml:389(para)
20234
#: serverguide/C/mail.xml:447(para)
20236
20235
msgid ""
20237
20236
"The amount of detail that is recorded in the logs can be increased. Below "
20238
20237
"are some configuration options for increasing the log level for some of the "
20239
20238
"areas covered above."
20240
20239
msgstr ""
20241
20240
20242
#: serverguide/C/mail.xml:395(para)
20241
#: serverguide/C/mail.xml:453(para)
20243
20242
msgid ""
20244
20243
"To increase <emphasis>TLS</emphasis> activity logging set the "
20245
20244
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20246
20245
msgstr ""
20247
20246
20248
#: serverguide/C/mail.xml:399(command)
20247
#: serverguide/C/mail.xml:457(command)
20249
20248
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20250
20249
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20251
20250
20252
#: serverguide/C/mail.xml:403(para)
20251
#: serverguide/C/mail.xml:461(para)
20253
20252
msgid ""
20254
20253
"If you are having trouble sending or receiving mail from a specific domain "
20255
20254
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20256
20255
msgstr ""
20257
20256
20258
#: serverguide/C/mail.xml:408(command)
20257
#: serverguide/C/mail.xml:466(command)
20259
20258
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20260
20259
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
20261
20260
20262
#: serverguide/C/mail.xml:412(para)
20261
#: serverguide/C/mail.xml:470(para)
20263
20262
msgid ""
20264
20263
"You can increase the verbosity of any <application>Postfix</application> "
20265
20264
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20267
20266
"<emphasis>smtp</emphasis> entry:"
20268
20267
msgstr ""
20269
20268
20270
#: serverguide/C/mail.xml:416(programlisting)
20269
#: serverguide/C/mail.xml:474(programlisting)
20271
20270
#, no-wrap
20272
20271
msgid ""
20273
20272
"\n"
20291
20290
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
20292
20291
msgstr ""
20293
20292
20294
#: serverguide/C/mail.xml:433(programlisting)
20293
#: serverguide/C/mail.xml:491(programlisting)
20295
20294
#, no-wrap
20296
20295
msgid ""
20297
20296
"\n"
20309
20308
"reloaded: <command>sudo service dovecot reload</command>."
20310
20309
msgstr ""
20311
20310
20312
#: serverguide/C/mail.xml:446(para)
20311
#: serverguide/C/mail.xml:504(para)
20313
20312
msgid ""
20314
20313
"Some of the options above can drastically increase the amount of information "
20315
20314
"sent to the log files. Remember to return the log level back to normal after "
20317
20316
"new configuration to take affect."
20318
20317
msgstr ""
20319
20318
20320
#: serverguide/C/mail.xml:454(para)
20319
#: serverguide/C/mail.xml:512(para)
20321
20320
msgid ""
20322
20321
"Administering a <application>Postfix</application> server can be a very "
20323
20322
"complicated task. At some point you may need to turn to the Ubuntu community "
20324
20323
"for more experienced help."
20325
20324
msgstr ""
20326
20325
20327
#: serverguide/C/mail.xml:458(para)
20326
#: serverguide/C/mail.xml:516(para)
20328
20327
msgid ""
20329
20328
"A great place to ask for <application>Postfix</application> assistance, and "
20330
20329
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20334
20333
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
20335
20334
msgstr ""
20336
20335
20337
#: serverguide/C/mail.xml:463(para)
20336
#: serverguide/C/mail.xml:521(para)
20338
20337
msgid ""
20339
20338
"For in depth <application>Postfix</application> information Ubuntu "
20340
20339
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
20341
20340
"Book of Postfix</ulink>."
20342
20341
msgstr ""
20343
20342
20344
#: serverguide/C/mail.xml:467(para)
20343
#: serverguide/C/mail.xml:525(para)
20345
20344
msgid ""
20346
20345
"Finally, the <ulink "
20347
20346
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
20355
20354
"Wiki Postfix</ulink> page has more information."
20356
20355
msgstr ""
20357
20356
20358
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
20357
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20359
20358
msgid "Exim4"
20360
20359
msgstr "Exim4"
20361
20360
20362
#: serverguide/C/mail.xml:480(para)
20361
#: serverguide/C/mail.xml:538(para)
20363
20362
msgid ""
20364
20363
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
20365
20364
"developed at the University of Cambridge for use on Unix systems connected "
20369
20368
"<application>sendmail</application>."
20370
20369
msgstr ""
20371
20370
20372
#: serverguide/C/mail.xml:491(para)
20371
#: serverguide/C/mail.xml:549(para)
20373
20372
msgid ""
20374
20373
"To install <application>exim4</application>, run the following command: "
20375
20374
"<screen>\n"
20380
20379
"<command>sudo apt-get install exim4</command>\n"
20381
20380
"</screen>"
20382
20381
20383
#: serverguide/C/mail.xml:500(para)
20382
#: serverguide/C/mail.xml:558(para)
20384
20383
msgid ""
20385
20384
"To configure <application>Exim4</application>, run the following command:"
20386
20385
msgstr ""
20387
20386
20388
#: serverguide/C/mail.xml:504(command)
20387
#: serverguide/C/mail.xml:562(command)
20389
20388
msgid "sudo dpkg-reconfigure exim4-config"
20390
20389
msgstr "sudo dpkg-reconfigure exim4-config"
20391
20390
20392
#: serverguide/C/mail.xml:506(para)
20391
#: serverguide/C/mail.xml:564(para)
20393
20392
msgid ""
20394
20393
"The user interface will be displayed. The user interface lets you configure "
20395
20394
"many parameters. For example, In <application>Exim4</application> the "
20397
20396
"in one file you can configure accordingly in this user interface."
20398
20397
msgstr ""
20399
20398
20400
#: serverguide/C/mail.xml:514(para)
20399
#: serverguide/C/mail.xml:572(para)
20401
20400
msgid ""
20402
20401
"All the parameters you configure in the user interface are stored in "
20403
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20404
"configure, either you re-run the configuration wizard or manually edit this "
20405
"file using your favorite editor. Once you configure, you can run the "
20402
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20403
"re-configure, either you re-run the configuration wizard or manually edit "
20404
"this file using your favorite editor. Once you configure, you can run the "
20406
20405
"following command to generate the master configuration file:"
20407
20406
msgstr ""
20408
20407
20409
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20408
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20410
20409
msgid "sudo update-exim4.conf"
20411
20410
msgstr "sudo update-exim4.conf"
20412
20411
20413
#: serverguide/C/mail.xml:527(para)
20412
#: serverguide/C/mail.xml:585(para)
20414
20413
msgid ""
20415
20414
"The master configuration file, is generated and it is stored in "
20416
20415
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20417
20416
msgstr ""
20418
20417
20419
#: serverguide/C/mail.xml:533(para)
20418
#: serverguide/C/mail.xml:591(para)
20420
20419
msgid ""
20421
20420
"At any time, you should not edit the master configuration file, "
20422
20421
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20423
20422
"updated automatically every time you run <command>update-exim4.conf</command>"
20424
20423
msgstr ""
20425
20424
20426
#: serverguide/C/mail.xml:541(para)
20425
#: serverguide/C/mail.xml:599(para)
20427
20426
msgid ""
20428
20427
"You can run the following command to start <application>Exim4</application> "
20429
20428
"daemon."
20433
20432
msgid "sudo service exim4 start"
20434
20433
msgstr ""
20435
20434
20436
#: serverguide/C/mail.xml:551(para)
20435
#: serverguide/C/mail.xml:609(para)
20437
20436
msgid ""
20438
20437
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
20439
20438
msgstr ""
20440
20439
20441
#: serverguide/C/mail.xml:554(para)
20440
#: serverguide/C/mail.xml:612(para)
20442
20441
msgid ""
20443
20442
"The first step is to create a certificate for use with TLS. Enter the "
20444
20443
"following into a terminal prompt:"
20445
20444
msgstr ""
20446
20445
20447
#: serverguide/C/mail.xml:558(command)
20446
#: serverguide/C/mail.xml:616(command)
20448
20447
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20449
20448
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20450
20449
20451
#: serverguide/C/mail.xml:560(para)
20450
#: serverguide/C/mail.xml:618(para)
20452
20451
msgid ""
20453
20452
"Now Exim4 needs to be configured for TLS by editing "
20454
20453
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
20455
20454
"the following:"
20456
20455
msgstr ""
20457
20456
20458
#: serverguide/C/mail.xml:564(programlisting)
20457
#: serverguide/C/mail.xml:622(programlisting)
20459
20458
#, no-wrap
20460
20459
msgid ""
20461
20460
"\n"
20462
20461
"MAIN_TLS_ENABLE = yes\n"
20463
20462
msgstr ""
20464
20463
20465
#: serverguide/C/mail.xml:567(para)
20464
#: serverguide/C/mail.xml:625(para)
20466
20465
msgid ""
20467
20466
"Next you need to configure <application>Exim4</application> to use the "
20468
20467
"<application>saslauthd</application> for authentication. Edit "
20471
20470
"<emphasis>login_saslauthd_server</emphasis> sections:"
20472
20471
msgstr ""
20473
20472
20474
#: serverguide/C/mail.xml:572(programlisting)
20473
#: serverguide/C/mail.xml:630(programlisting)
20475
20474
#, no-wrap
20476
20475
msgid ""
20477
20476
"\n"
20497
20496
" .endif\n"
20498
20497
msgstr ""
20499
20498
20500
#: serverguide/C/mail.xml:594(para)
20499
#: serverguide/C/mail.xml:652(para)
20501
20500
msgid ""
20502
20501
"Additionally, in order for outside mail client to be able to connect to new "
20503
20502
"exim server, new user needs to be added into exim by using the following "
20508
20507
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
20509
20508
msgstr ""
20510
20509
20511
#: serverguide/C/mail.xml:600(para)
20510
#: serverguide/C/mail.xml:658(para)
20512
20511
msgid ""
20513
20512
"Users should protect the new exim password files with the following commands."
20514
20513
msgstr ""
20515
20514
20516
#: serverguide/C/mail.xml:602(command)
20515
#: serverguide/C/mail.xml:660(command)
20517
20516
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
20518
20517
msgstr ""
20519
20518
20520
#: serverguide/C/mail.xml:603(command)
20519
#: serverguide/C/mail.xml:661(command)
20521
20520
msgid "sudo chmod 640 /etc/exim4/passwd"
20522
20521
msgstr ""
20523
20522
20524
#: serverguide/C/mail.xml:605(para)
20523
#: serverguide/C/mail.xml:663(para)
20525
20524
msgid "Finally, update the Exim4 configuration and restart the service:"
20526
20525
msgstr ""
20527
20526
20529
20528
msgid "sudo service exim4 restart"
20530
20529
msgstr ""
20531
20530
20532
#: serverguide/C/mail.xml:615(para)
20531
#: serverguide/C/mail.xml:673(para)
20533
20532
msgid ""
20534
20533
"This section provides details on configuring the saslauthd to provide "
20535
20534
"authentication for <application>Exim4</application>."
20536
20535
msgstr ""
20537
20536
20538
#: serverguide/C/mail.xml:618(para)
20537
#: serverguide/C/mail.xml:676(para)
20539
20538
msgid ""
20540
20539
"The first step is to install the sasl2-bin package. From a terminal prompt "
20541
20540
"enter the following:"
20542
20541
msgstr ""
20543
20542
20544
#: serverguide/C/mail.xml:622(command)
20543
#: serverguide/C/mail.xml:680(command)
20545
20544
msgid "sudo apt-get install sasl2-bin"
20546
20545
msgstr "sudo apt-get install sasl2-bin"
20547
20546
20548
#: serverguide/C/mail.xml:624(para)
20547
#: serverguide/C/mail.xml:682(para)
20549
20548
msgid ""
20550
20549
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20551
20550
"and set START=no to:"
20552
20551
msgstr ""
20553
20552
20554
#: serverguide/C/mail.xml:630(para)
20553
#: serverguide/C/mail.xml:688(para)
20555
20554
msgid ""
20556
20555
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20557
20556
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20558
20557
"service:"
20559
20558
msgstr ""
20560
20559
20561
#: serverguide/C/mail.xml:635(command)
20560
#: serverguide/C/mail.xml:693(command)
20562
20561
msgid "sudo adduser Debian-exim sasl"
20563
20562
msgstr ""
20564
20563
20565
#: serverguide/C/mail.xml:637(para)
20564
#: serverguide/C/mail.xml:695(para)
20566
20565
msgid "Now start the <application>saslauthd</application> service:"
20567
20566
msgstr "Цяпер запусьціце сэрвіс <application>saslauthd</application>:"
20568
20567
20570
20569
msgid "sudo service saslauthd start"
20571
20570
msgstr ""
20572
20571
20573
#: serverguide/C/mail.xml:643(para)
20572
#: serverguide/C/mail.xml:701(para)
20574
20573
msgid ""
20575
20574
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20576
20575
"and SASL authentication."
20577
20576
msgstr ""
20578
20577
20579
#: serverguide/C/mail.xml:652(para)
20578
#: serverguide/C/mail.xml:710(para)
20580
20579
msgid ""
20581
20580
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20582
20581
"information."
20584
20583
"Глядзіце <ulink url=\"http://www.exim.org/\">exim.org</ulink> для больш "
20585
20584
"зьмястоўнай інфармацыі."
20586
20585
20587
#: serverguide/C/mail.xml:657(para)
20586
#: serverguide/C/mail.xml:715(para)
20588
20587
msgid ""
20589
20588
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20590
20589
"server\">Exim4 Book</ulink> available."
20592
20591
"Яшчэ даступная <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20593
20592
"server\">Кніга па Exim4</ulink>."
20594
20593
20595
#: serverguide/C/mail.xml:662(para)
20594
#: serverguide/C/mail.xml:720(para)
20596
20595
msgid ""
20597
20596
"Another resource is the <ulink "
20598
20597
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20599
20598
"page."
20600
20599
msgstr ""
20601
20600
20602
#: serverguide/C/mail.xml:671(title)
20601
#: serverguide/C/mail.xml:729(title)
20603
20602
msgid "Dovecot Server"
20604
20603
msgstr "Сэрвер Dovecot"
20605
20604
20606
#: serverguide/C/mail.xml:672(para)
20605
#: serverguide/C/mail.xml:730(para)
20607
20606
msgid ""
20608
20607
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20609
20608
"security primarily in mind. It supports the major mailbox formats: mbox or "
20610
20609
"Maildir. This section explain how to set it up as an imap or pop3 server."
20611
20610
msgstr ""
20612
20611
20613
#: serverguide/C/mail.xml:680(para)
20612
#: serverguide/C/mail.xml:738(para)
20614
20613
msgid ""
20615
20614
"To install <application>dovecot</application>, run the following command in "
20616
20615
"the command prompt:"
20618
20617
"Каб устанавіць <application>dovecot</application>, увядзіце наступнае ў "
20619
20618
"загадны радок:"
20620
20619
20621
#: serverguide/C/mail.xml:685(command)
20620
#: serverguide/C/mail.xml:743(command)
20622
20621
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20623
20622
msgstr "sudo apt-get install dovecot-imapd dovecot-pop3d"
20624
20623
20625
#: serverguide/C/mail.xml:690(para)
20624
#: serverguide/C/mail.xml:748(para)
20626
20625
msgid ""
20627
20626
"To configure <application>dovecot</application>, you can edit the file "
20628
20627
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20634
20633
"link>."
20635
20634
msgstr ""
20636
20635
20637
#: serverguide/C/mail.xml:700(para)
20636
#: serverguide/C/mail.xml:758(para)
20638
20637
msgid ""
20639
20638
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
20640
20639
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
20641
20640
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
20642
20641
msgstr ""
20643
20642
20644
#: serverguide/C/mail.xml:706(programlisting)
20643
#: serverguide/C/mail.xml:764(programlisting)
20645
20644
#, no-wrap
20646
20645
msgid ""
20647
20646
"\n"
20668
20667
"following line:"
20669
20668
msgstr ""
20670
20669
20671
#: serverguide/C/mail.xml:722(programlisting)
20670
#: serverguide/C/mail.xml:780(programlisting)
20672
20671
#, no-wrap
20673
20672
msgid ""
20674
20673
"\n"
20681
20680
"or\n"
20682
20681
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (для mbox)\n"
20683
20682
20684
#: serverguide/C/mail.xml:728(para)
20683
#: serverguide/C/mail.xml:786(para)
20685
20684
msgid ""
20686
20685
"You should configure your Mail Transport Agent (MTA) to transfer the "
20687
20686
"incoming mail to this type of mailbox if it is different from the one you "
20688
20687
"have configured."
20689
20688
msgstr ""
20690
20689
20691
#: serverguide/C/mail.xml:734(para)
20690
#: serverguide/C/mail.xml:792(para)
20692
20691
msgid ""
20693
20692
"Once you have configured dovecot, restart the "
20694
20693
"<application>dovecot</application> daemon in order to test your setup:"
20695
20694
msgstr ""
20696
20695
20697
#: serverguide/C/mail.xml:743(para)
20696
#: serverguide/C/mail.xml:801(para)
20698
20697
msgid ""
20699
20698
"If you have enabled imap, or pop3, you can also try to log in with the "
20700
20699
"commands <command>telnet localhost pop3</command> or <command>telnet "
20702
20701
"installation has been successful:"
20703
20702
msgstr ""
20704
20703
20705
#: serverguide/C/mail.xml:750(programlisting)
20704
#: serverguide/C/mail.xml:808(programlisting)
20706
20705
#, no-wrap
20707
20706
msgid ""
20708
20707
"\n"
20713
20712
"+OK Dovecot ready.\n"
20714
20713
msgstr ""
20715
20714
20716
#: serverguide/C/mail.xml:759(title)
20715
#: serverguide/C/mail.xml:817(title)
20717
20716
msgid "Dovecot SSL Configuration"
20718
20717
msgstr "Наладкі Dovecot SSL"
20719
20718
20736
20735
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
20737
20736
msgstr ""
20738
20737
20739
#: serverguide/C/mail.xml:786(title)
20738
#: serverguide/C/mail.xml:845(title)
20740
20739
msgid "Firewall Configuration for an Email Server"
20741
20740
msgstr "Наладкі брандмаўэра для сэрвера Email"
20742
20741
20743
#: serverguide/C/mail.xml:792(para)
20742
#: serverguide/C/mail.xml:851(para)
20744
20743
msgid "IMAP - 143"
20745
20744
msgstr "IMAP - 143"
20746
20745
20747
#: serverguide/C/mail.xml:793(para)
20746
#: serverguide/C/mail.xml:852(para)
20748
20747
msgid "IMAPS - 993"
20749
20748
msgstr "IMAPS - 993"
20750
20749
20751
#: serverguide/C/mail.xml:794(para)
20750
#: serverguide/C/mail.xml:853(para)
20752
20751
msgid "POP3 - 110"
20753
20752
msgstr "POP3 - 110"
20754
20753
20755
#: serverguide/C/mail.xml:795(para)
20754
#: serverguide/C/mail.xml:854(para)
20756
20755
msgid "POP3S - 995"
20757
20756
msgstr "POP3S - 995"
20758
20757
20759
#: serverguide/C/mail.xml:787(para)
20758
#: serverguide/C/mail.xml:846(para)
20760
20759
msgid ""
20761
20760
"To access your mail server from another computer, you must configure your "
20762
20761
"firewall to allow connections to the server on the necessary ports. "
20763
20762
"<placeholder-1/>"
20764
20763
msgstr ""
20765
20764
20766
#: serverguide/C/mail.xml:804(para)
20765
#: serverguide/C/mail.xml:863(para)
20767
20766
msgid ""
20768
20767
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20769
20768
"more information."
20771
20770
"Глядзіце <ulink url=\"http://www.dovecot.org/\">вэб-старонку Dovecot</ulink> "
20772
20771
"для больш зьмястоўнай інфармацыі."
20773
20772
20774
#: serverguide/C/mail.xml:809(para)
20773
#: serverguide/C/mail.xml:868(para)
20775
20774
msgid ""
20776
20775
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20777
20776
"Ubuntu Wiki</ulink> page has more details."
20778
20777
msgstr ""
20779
20778
20780
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20779
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20781
20780
msgid "Mailman"
20782
20781
msgstr ""
20783
20782
20784
#: serverguide/C/mail.xml:819(para)
20783
#: serverguide/C/mail.xml:878(para)
20785
20784
msgid ""
20786
20785
"Mailman is an open source program for managing electronic mail discussions "
20787
20786
"and e-newsletter lists. Many open source mailing lists (including all the "
20790
20789
"and maintain."
20791
20790
msgstr ""
20792
20791
20793
#: serverguide/C/mail.xml:829(para)
20792
#: serverguide/C/mail.xml:888(para)
20794
20793
msgid ""
20795
20794
"Mailman provides a web interface for the administrators and users, using an "
20796
20795
"external mail server to send and receive emails. It works perfectly with the "
20797
20796
"following mail servers:"
20798
20797
msgstr ""
20799
20798
20800
#: serverguide/C/mail.xml:840(application)
20799
#: serverguide/C/mail.xml:899(application)
20801
20800
msgid "Exim"
20802
20801
msgstr "Exim"
20803
20802
20804
#: serverguide/C/mail.xml:843(application)
20803
#: serverguide/C/mail.xml:902(application)
20805
20804
msgid "Sendmail"
20806
20805
msgstr "Sendmail"
20807
20806
20808
#: serverguide/C/mail.xml:846(application)
20807
#: serverguide/C/mail.xml:905(application)
20809
20808
msgid "Qmail"
20810
20809
msgstr "Qmail"
20811
20810
20812
#: serverguide/C/mail.xml:851(para)
20811
#: serverguide/C/mail.xml:910(para)
20813
20812
msgid ""
20814
20813
"We will see how to install and configure Mailman with, the Apache web "
20815
20814
"server, and either the Postfix or Exim mail server. If you wish to install "
20816
20815
"Mailman with a different mail server, please refer to the references section."
20817
20816
msgstr ""
20818
20817
20819
#: serverguide/C/mail.xml:858(para)
20818
#: serverguide/C/mail.xml:917(para)
20820
20819
msgid ""
20821
20820
"You only need to install one mail server and "
20822
20821
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20823
20822
msgstr ""
20824
20823
20825
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20824
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20826
20825
msgid "Apache2"
20827
20826
msgstr "Apache2"
20828
20827
20829
#: serverguide/C/mail.xml:864(para)
20828
#: serverguide/C/mail.xml:923(para)
20830
20829
msgid ""
20831
20830
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20832
20831
"details."
20833
20832
msgstr ""
20834
20833
20835
#: serverguide/C/mail.xml:870(para)
20834
#: serverguide/C/mail.xml:929(para)
20836
20835
msgid ""
20837
20836
"For instructions on installing and configuring Postfix refer to <xref "
20838
20837
"linkend=\"postfix\"/>"
20839
20838
msgstr ""
20840
20839
20841
#: serverguide/C/mail.xml:876(para)
20840
#: serverguide/C/mail.xml:935(para)
20842
20841
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20843
20842
msgstr ""
20844
20843
20845
#: serverguide/C/mail.xml:879(para)
20844
#: serverguide/C/mail.xml:938(para)
20846
20845
msgid ""
20847
20846
"Once exim4 is installed, the configuration files are stored in the "
20848
20847
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20851
20850
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20852
20851
msgstr ""
20853
20852
20854
#: serverguide/C/mail.xml:886(programlisting)
20853
#: serverguide/C/mail.xml:945(programlisting)
20855
20854
#, no-wrap
20856
20855
msgid ""
20857
20856
"\n"
20858
20857
"dc_use_split_config='true'\n"
20859
20858
msgstr ""
20860
20859
20861
#: serverguide/C/mail.xml:894(para)
20860
#: serverguide/C/mail.xml:953(para)
20862
20861
msgid ""
20863
20862
"To install <application>Mailman</application>, run following command at a "
20864
20863
"terminal prompt:"
20866
20865
"Каб устанавіць <application>Mailman</application>, увядзіце наступны загад у "
20867
20866
"тэрмінале:"
20868
20867
20869
#: serverguide/C/mail.xml:898(command)
20868
#: serverguide/C/mail.xml:957(command)
20870
20869
msgid "sudo apt-get install mailman"
20871
20870
msgstr "sudo apt-get install mailman"
20872
20871
20873
#: serverguide/C/mail.xml:900(para)
20872
#: serverguide/C/mail.xml:959(para)
20874
20873
msgid ""
20875
20874
"It copies the installation files in "
20876
20875
"<application>/var/lib/mailman</application> directory. It installs the CGI "
20880
20879
"this user."
20881
20880
msgstr ""
20882
20881
20883
#: serverguide/C/mail.xml:912(para)
20882
#: serverguide/C/mail.xml:971(para)
20884
20883
msgid ""
20885
20884
"This section assumes you have successfully installed "
20886
20885
"<application>mailman</application>, <application>apache2</application>, and "
20888
20887
"you just need to configure them."
20889
20888
msgstr ""
20890
20889
20891
#: serverguide/C/mail.xml:921(para)
20890
#: serverguide/C/mail.xml:980(para)
20892
20891
msgid ""
20893
20892
"An example Apache configuration file comes with "
20894
20893
"<application>Mailman</application> and is placed in "
20897
20896
"available</filename>:"
20898
20897
msgstr ""
20899
20898
20900
#: serverguide/C/mail.xml:927(command)
20899
#: serverguide/C/mail.xml:986(command)
20901
20900
msgid ""
20902
20901
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20903
20902
msgstr ""
20904
20903
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20905
20904
20906
#: serverguide/C/mail.xml:929(para)
20905
#: serverguide/C/mail.xml:988(para)
20907
20906
msgid ""
20908
20907
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
20909
20908
"Mailman administration site. Now enable the new configuration and restart "
20910
20909
"Apache:"
20911
20910
msgstr ""
20912
20911
20913
#: serverguide/C/mail.xml:934(command)
20912
#: serverguide/C/mail.xml:993(command)
20914
20913
msgid "sudo a2ensite mailman.conf"
20915
20914
msgstr "sudo a2ensite mailman.conf"
20916
20915
20917
#: serverguide/C/mail.xml:937(para)
20916
#: serverguide/C/mail.xml:996(para)
20918
20917
msgid ""
20919
20918
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
20920
20919
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
20923
20922
"available/mailman.conf</filename> file if you wish to change this behavior."
20924
20923
msgstr ""
20925
20924
20926
#: serverguide/C/mail.xml:948(para)
20925
#: serverguide/C/mail.xml:1007(para)
20927
20926
msgid ""
20928
20927
"For <application>Postfix</application> integration, we will associate the "
20929
20928
"domain lists.example.com with the mailing lists. Please replace "
20930
20929
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20931
20930
msgstr ""
20932
20931
20933
#: serverguide/C/mail.xml:952(para)
20932
#: serverguide/C/mail.xml:1011(para)
20934
20933
msgid ""
20935
20934
"You can use the postconf command to add the necessary configuration to "
20936
20935
"<filename>/etc/postfix/main.cf</filename>:"
20937
20936
msgstr ""
20938
20937
20939
#: serverguide/C/mail.xml:956(command)
20938
#: serverguide/C/mail.xml:1015(command)
20940
20939
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20941
20940
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
20942
20941
20943
#: serverguide/C/mail.xml:957(command)
20942
#: serverguide/C/mail.xml:1016(command)
20944
20943
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20945
20944
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20946
20945
20947
#: serverguide/C/mail.xml:958(command)
20946
#: serverguide/C/mail.xml:1017(command)
20948
20947
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20949
20948
msgstr ""
20950
20949
20951
#: serverguide/C/mail.xml:960(para)
20950
#: serverguide/C/mail.xml:1019(para)
20952
20951
msgid ""
20953
20952
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20954
20953
"the following transport:"
20955
20954
msgstr ""
20956
20955
20957
#: serverguide/C/mail.xml:963(programlisting)
20956
#: serverguide/C/mail.xml:1022(programlisting)
20958
20957
#, no-wrap
20959
20958
msgid ""
20960
20959
"\n"
20967
20966
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
20968
20967
" ${nexthop} ${user}\n"
20969
20968
20970
#: serverguide/C/mail.xml:968(para)
20969
#: serverguide/C/mail.xml:1027(para)
20971
20970
msgid ""
20972
20971
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20973
20972
"is delivered to a list."
20974
20973
msgstr ""
20975
20974
20976
#: serverguide/C/mail.xml:971(para)
20975
#: serverguide/C/mail.xml:1030(para)
20977
20976
msgid ""
20978
20977
"Associate the domain lists.example.com to the Mailman transport with the "
20979
20978
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20980
20979
msgstr ""
20981
20980
20982
#: serverguide/C/mail.xml:974(programlisting)
20981
#: serverguide/C/mail.xml:1033(programlisting)
20983
20982
#, no-wrap
20984
20983
msgid ""
20985
20984
"\n"
20988
20987
"\n"
20989
20988
"lists.example.com mailman:\n"
20990
20989
20991
#: serverguide/C/mail.xml:977(para)
20990
#: serverguide/C/mail.xml:1036(para)
20992
20991
msgid ""
20993
20992
"Now have <application>Postfix</application> build the transport map by "
20994
20993
"entering the following from a terminal prompt:"
20995
20994
msgstr ""
20996
20995
20997
#: serverguide/C/mail.xml:981(command)
20996
#: serverguide/C/mail.xml:1040(command)
20998
20997
msgid "sudo postmap -v /etc/postfix/transport"
20999
20998
msgstr "sudo postmap -v /etc/postfix/transport"
21000
20999
21001
#: serverguide/C/mail.xml:983(para)
21000
#: serverguide/C/mail.xml:1042(para)
21002
21001
msgid "Then restart Postfix to enable the new configurations:"
21003
21002
msgstr "Перазапусьціце Postfix каб ужыць новыя наладкі:"
21004
21003
21005
#: serverguide/C/mail.xml:992(para)
21004
#: serverguide/C/mail.xml:1051(para)
21006
21005
msgid ""
21007
21006
"Once Exim4 is installed, you can start the Exim server using the following "
21008
21007
"command from a terminal prompt:"
21009
21008
msgstr ""
21010
21009
21011
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21010
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21012
21011
msgid "Main"
21013
21012
msgstr ""
21014
21013
21015
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21014
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21016
21015
msgid "Transport"
21017
21016
msgstr ""
21018
21017
21019
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21018
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21020
21019
msgid "Router"
21021
21020
msgstr ""
21022
21021
21023
#: serverguide/C/mail.xml:999(para)
21022
#: serverguide/C/mail.xml:1058(para)
21024
21023
msgid ""
21025
21024
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21026
21025
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21032
21031
"is very important."
21033
21032
msgstr ""
21034
21033
21035
#: serverguide/C/mail.xml:1030(programlisting)
21034
#: serverguide/C/mail.xml:1089(programlisting)
21036
21035
#, no-wrap
21037
21036
msgid ""
21038
21037
"\n"
21066
21065
"# end\n"
21067
21066
msgstr ""
21068
21067
21069
#: serverguide/C/mail.xml:1024(para)
21068
#: serverguide/C/mail.xml:1083(para)
21070
21069
msgid ""
21071
21070
"All the configuration files belonging to the main type are stored in the "
21072
21071
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
21074
21073
"config_mailman</filename>: <placeholder-1/>"
21075
21074
msgstr ""
21076
21075
21077
#: serverguide/C/mail.xml:1070(programlisting)
21076
#: serverguide/C/mail.xml:1129(programlisting)
21078
21077
#, no-wrap
21079
21078
msgid ""
21080
21079
"\n"
21105
21104
" user = MM_UID\n"
21106
21105
" group = MM_GID\n"
21107
21106
21108
#: serverguide/C/mail.xml:1064(para)
21107
#: serverguide/C/mail.xml:1123(para)
21109
21108
msgid ""
21110
21109
"All the configuration files belonging to transport type are stored in the "
21111
21110
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
21113
21112
"config_mailman</filename>: <placeholder-1/>"
21114
21113
msgstr ""
21115
21114
21116
#: serverguide/C/mail.xml:1091(programlisting)
21115
#: serverguide/C/mail.xml:1150(programlisting)
21117
21116
#, no-wrap
21118
21117
msgid ""
21119
21118
"\n"
21136
21135
" -owner : -request : -admin\n"
21137
21136
" transport = mailman_transport\n"
21138
21137
21139
#: serverguide/C/mail.xml:1087(para)
21138
#: serverguide/C/mail.xml:1146(para)
21140
21139
msgid ""
21141
21140
"All the configuration files belonging to router type are stored in the "
21142
21141
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
21144
21143
"config_mailman</filename>: <placeholder-1/>"
21145
21144
msgstr ""
21146
21145
21147
#: serverguide/C/mail.xml:1104(para)
21146
#: serverguide/C/mail.xml:1163(para)
21148
21147
msgid ""
21149
21148
"The order of main and transport configuration files can be in any order. "
21150
21149
"But, the order of router configuration files must be the same. This "
21154
21153
"details, please refer to the references section."
21155
21154
msgstr ""
21156
21155
21157
#: serverguide/C/mail.xml:1117(para)
21156
#: serverguide/C/mail.xml:1176(para)
21158
21157
msgid ""
21159
21158
"Once mailman is installed, you can run it using the following command:"
21160
21159
msgstr ""
21163
21162
msgid "sudo service mailman start"
21164
21163
msgstr ""
21165
21164
21166
#: serverguide/C/mail.xml:1123(para)
21165
#: serverguide/C/mail.xml:1182(para)
21167
21166
msgid ""
21168
21167
"Once mailman is installed, you should create the default mailing list. Run "
21169
21168
"the following command to create the mailing list:"
21170
21169
msgstr ""
21171
21170
21172
#: serverguide/C/mail.xml:1129(command)
21171
#: serverguide/C/mail.xml:1188(command)
21173
21172
msgid "sudo /usr/sbin/newlist mailman"
21174
21173
msgstr "sudo /usr/sbin/newlist mailman"
21175
21174
21176
#: serverguide/C/mail.xml:1132(programlisting)
21175
#: serverguide/C/mail.xml:1191(programlisting)
21177
21176
#, no-wrap
21178
21177
msgid ""
21179
21178
"\n"
21204
21203
" # \n"
21205
21204
msgstr ""
21206
21205
21207
#: serverguide/C/mail.xml:1155(para)
21206
#: serverguide/C/mail.xml:1214(para)
21208
21207
msgid ""
21209
21208
"We have configured either Postfix or Exim4 to recognize all emails from "
21210
21209
"mailman. So, it is not mandatory to make any new entries in "
21213
21212
"continuing to next section."
21214
21213
msgstr ""
21215
21214
21216
#: serverguide/C/mail.xml:1163(para)
21215
#: serverguide/C/mail.xml:1222(para)
21217
21216
msgid ""
21218
21217
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
21219
21218
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
21221
21220
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
21222
21221
msgstr ""
21223
21222
21224
#: serverguide/C/mail.xml:1174(title)
21223
#: serverguide/C/mail.xml:1233(title)
21225
21224
msgid "Administration"
21226
21225
msgstr ""
21227
21226
21228
#: serverguide/C/mail.xml:1175(para)
21227
#: serverguide/C/mail.xml:1234(para)
21229
21228
msgid ""
21230
21229
"We assume you have a default installation. The mailman cgi scripts are still "
21231
21230
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
21233
21232
"point your browser to the following url:"
21234
21233
msgstr ""
21235
21234
21236
#: serverguide/C/mail.xml:1183(para)
21235
#: serverguide/C/mail.xml:1242(para)
21237
21236
msgid "http://hostname/cgi-bin/mailman/admin"
21238
21237
msgstr "http://hostname/cgi-bin/mailman/admin"
21239
21238
21240
#: serverguide/C/mail.xml:1187(para)
21239
#: serverguide/C/mail.xml:1246(para)
21241
21240
msgid ""
21242
21241
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21243
21242
"screen. If you click the mailing list name, it will ask for your "
21248
21247
"mailing list using the web interface."
21249
21248
msgstr ""
21250
21249
21251
#: serverguide/C/mail.xml:1200(title)
21250
#: serverguide/C/mail.xml:1259(title)
21252
21251
msgid "Users"
21253
21252
msgstr "Карыстальнікі"
21254
21253
21255
#: serverguide/C/mail.xml:1201(para)
21254
#: serverguide/C/mail.xml:1260(para)
21256
21255
msgid ""
21257
21256
"Mailman provides a web based interface for users. To access this page, point "
21258
21257
"your browser to the following url:"
21259
21258
msgstr ""
21260
21259
21261
#: serverguide/C/mail.xml:1206(para)
21260
#: serverguide/C/mail.xml:1265(para)
21262
21261
msgid "http://hostname/cgi-bin/mailman/listinfo"
21263
21262
msgstr "http://hostname/cgi-bin/mailman/listinfo"
21264
21263
21265
#: serverguide/C/mail.xml:1210(para)
21264
#: serverguide/C/mail.xml:1269(para)
21266
21265
msgid ""
21267
21266
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21268
21267
"screen. If you click the mailing list name, it will display the subscription "
21271
21270
"instructions in the email to subscribe."
21272
21271
msgstr ""
21273
21272
21274
#: serverguide/C/mail.xml:1222(ulink)
21273
#: serverguide/C/mail.xml:1281(ulink)
21275
21274
msgid "GNU Mailman - Installation Manual"
21276
21275
msgstr ""
21277
21276
21278
#: serverguide/C/mail.xml:1226(ulink)
21277
#: serverguide/C/mail.xml:1285(ulink)
21279
21278
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
21280
21279
msgstr ""
21281
21280
21282
#: serverguide/C/mail.xml:1229(para)
21281
#: serverguide/C/mail.xml:1288(para)
21283
21282
msgid ""
21284
21283
"Also, see the <ulink "
21285
21284
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
21286
21285
"Wiki</ulink> page."
21287
21286
msgstr ""
21288
21287
21289
#: serverguide/C/mail.xml:1235(title)
21288
#: serverguide/C/mail.xml:1294(title)
21290
21289
msgid "Mail Filtering"
21291
21290
msgstr ""
21292
21291
21293
#: serverguide/C/mail.xml:1236(para)
21292
#: serverguide/C/mail.xml:1295(para)
21294
21293
msgid ""
21295
21294
"One of the largest issues with email today is the problem of Unsolicited "
21296
21295
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
21298
21297
"the bulk of all email traffic on the Internet."
21299
21298
msgstr ""
21300
21299
21301
#: serverguide/C/mail.xml:1241(para)
21300
#: serverguide/C/mail.xml:1300(para)
21302
21301
msgid ""
21303
21302
"This section will cover integrating <application>Amavisd-new</application>, "
21304
21303
"<application>Spamassassin</application>, and "
21312
21311
"spf</application>."
21313
21312
msgstr ""
21314
21313
21315
#: serverguide/C/mail.xml:1251(para)
21314
#: serverguide/C/mail.xml:1310(para)
21316
21315
msgid ""
21317
21316
"<application>Amavisd-new</application> is a wrapper program that can call "
21318
21317
"any number of content filtering programs for spam detection, antivirus, etc."
21319
21318
msgstr ""
21320
21319
21321
#: serverguide/C/mail.xml:1257(para)
21320
#: serverguide/C/mail.xml:1316(para)
21322
21321
msgid ""
21323
21322
"<application>Spamassassin</application> uses a variety of mechanisms to "
21324
21323
"filter email based on the message content."
21325
21324
msgstr ""
21326
21325
21327
#: serverguide/C/mail.xml:1262(para)
21326
#: serverguide/C/mail.xml:1321(para)
21328
21327
msgid ""
21329
21328
"<application>ClamAV</application> is an open source antivirus application."
21330
21329
msgstr ""
21331
21330
21332
#: serverguide/C/mail.xml:1267(para)
21331
#: serverguide/C/mail.xml:1326(para)
21333
21332
msgid ""
21334
21333
"<application>opendkim</application> implements a Sendmail Mail Filter "
21335
21334
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21336
21335
msgstr ""
21337
21336
21338
#: serverguide/C/mail.xml:1273(para)
21337
#: serverguide/C/mail.xml:1332(para)
21339
21338
msgid ""
21340
21339
"<application>python-policyd-spf</application> enables Sender Policy "
21341
21340
"Framework (SPF) checking with <application>Postfix</application>."
21342
21341
msgstr ""
21343
21342
21344
#: serverguide/C/mail.xml:1278(para)
21343
#: serverguide/C/mail.xml:1337(para)
21345
21344
msgid "This is how the pieces fit together:"
21346
21345
msgstr ""
21347
21346
21348
#: serverguide/C/mail.xml:1283(para)
21347
#: serverguide/C/mail.xml:1342(para)
21349
21348
msgid "An email message is accepted by <application>Postfix</application>."
21350
21349
msgstr ""
21351
21350
21352
#: serverguide/C/mail.xml:1288(para)
21351
#: serverguide/C/mail.xml:1347(para)
21353
21352
msgid ""
21354
21353
"The message is passed through any external filters "
21355
21354
"<application>opendkim</application> and <application>python-policyd-"
21356
21355
"spf</application> in this case."
21357
21356
msgstr ""
21358
21357
21359
#: serverguide/C/mail.xml:1294(para)
21358
#: serverguide/C/mail.xml:1353(para)
21360
21359
msgid "<application>Amavisd-new</application> then processes the message."
21361
21360
msgstr ""
21362
21361
21363
#: serverguide/C/mail.xml:1299(para)
21362
#: serverguide/C/mail.xml:1358(para)
21364
21363
msgid ""
21365
21364
"<application>ClamAV</application> is used to scan the message. If the "
21366
21365
"message contains a virus <application>Postfix</application> will reject the "
21367
21366
"message."
21368
21367
msgstr ""
21369
21368
21370
#: serverguide/C/mail.xml:1305(para)
21369
#: serverguide/C/mail.xml:1364(para)
21371
21370
msgid ""
21372
21371
"Clean messages will then be analyzed by "
21373
21372
"<application>Spamassassin</application> to find out if the message is spam. "
21376
21375
"message."
21377
21376
msgstr ""
21378
21377
21379
#: serverguide/C/mail.xml:1312(para)
21378
#: serverguide/C/mail.xml:1371(para)
21380
21379
msgid ""
21381
21380
"For example, if a message has a Spam score of over fifty the message could "
21382
21381
"be automatically dropped from the queue without the recipient ever having to "
21385
21384
"see fit."
21386
21385
msgstr ""
21387
21386
21388
#: serverguide/C/mail.xml:1319(para)
21387
#: serverguide/C/mail.xml:1378(para)
21389
21388
msgid ""
21390
21389
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21391
21390
"configuring Postfix."
21392
21391
msgstr ""
21393
21392
21394
#: serverguide/C/mail.xml:1322(para)
21393
#: serverguide/C/mail.xml:1381(para)
21395
21394
msgid ""
21396
21395
"To install the rest of the applications enter the following from a terminal "
21397
21396
"prompt:"
21398
21397
msgstr ""
21399
21398
21400
#: serverguide/C/mail.xml:1326(command)
21399
#: serverguide/C/mail.xml:1385(command)
21401
21400
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21402
21401
msgstr "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21403
21402
21404
#: serverguide/C/mail.xml:1327(command)
21403
#: serverguide/C/mail.xml:1386(command)
21405
21404
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21406
21405
msgstr ""
21407
21406
21408
#: serverguide/C/mail.xml:1329(para)
21407
#: serverguide/C/mail.xml:1388(para)
21409
21408
msgid ""
21410
21409
"There are some optional packages that integrate with "
21411
21410
"<application>Spamassassin</application> for better spam detection:"
21412
21411
msgstr ""
21413
21412
21414
#: serverguide/C/mail.xml:1333(command)
21413
#: serverguide/C/mail.xml:1392(command)
21415
21414
msgid "sudo apt-get install pyzor razor"
21416
21415
msgstr "sudo apt-get install pyzor razor"
21417
21416
21418
#: serverguide/C/mail.xml:1335(para)
21417
#: serverguide/C/mail.xml:1394(para)
21419
21418
msgid ""
21420
21419
"Along with the main filtering applications compression utilities are needed "
21421
21420
"to process some email attachments:"
21422
21421
msgstr ""
21423
21422
21424
#: serverguide/C/mail.xml:1339(command)
21423
#: serverguide/C/mail.xml:1398(command)
21425
21424
msgid ""
21426
21425
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21427
21426
msgstr ""
21428
21427
21429
#: serverguide/C/mail.xml:1342(para)
21428
#: serverguide/C/mail.xml:1401(para)
21430
21429
msgid ""
21431
21430
"If some packages are not found, check that the "
21432
21431
"<emphasis>multiverse</emphasis> repository is enabled in "
21433
21432
"<filename>/etc/apt/sources.list</filename>"
21434
21433
msgstr ""
21435
21434
21436
#: serverguide/C/mail.xml:1343(para)
21435
#: serverguide/C/mail.xml:1402(para)
21437
21436
msgid ""
21438
21437
"If you make changes to the file, be sure to run <command>sudo apt-get "
21439
21438
"update</command> before trying to install again."
21440
21439
msgstr ""
21441
21440
21442
#: serverguide/C/mail.xml:1348(para)
21441
#: serverguide/C/mail.xml:1407(para)
21443
21442
msgid "Now configure everything to work together and filter email."
21444
21443
msgstr ""
21445
21444
21446
#: serverguide/C/mail.xml:1352(title)
21445
#: serverguide/C/mail.xml:1411(title)
21447
21446
msgid "ClamAV"
21448
21447
msgstr "ClamAV"
21449
21448
21450
#: serverguide/C/mail.xml:1353(para)
21449
#: serverguide/C/mail.xml:1412(para)
21451
21450
msgid ""
21452
21451
"The default behaviour of <application>ClamAV</application> will fit our "
21453
21452
"needs. For more ClamAV configuration options, check the configuration files "
21454
21453
"in <filename>/etc/clamav</filename>."
21455
21454
msgstr ""
21456
21455
21457
#: serverguide/C/mail.xml:1358(para)
21456
#: serverguide/C/mail.xml:1417(para)
21458
21457
msgid ""
21459
21458
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21460
21459
"group in order for <application>Amavisd-new</application> to have the "
21461
21460
"appropriate access to scan files:"
21462
21461
msgstr ""
21463
21462
21464
#: serverguide/C/mail.xml:1363(command)
21463
#: serverguide/C/mail.xml:1422(command)
21465
21464
msgid "sudo adduser clamav amavis"
21466
21465
msgstr "sudo adduser clamav amavis"
21467
21466
21468
#: serverguide/C/mail.xml:1364(command)
21467
#: serverguide/C/mail.xml:1423(command)
21469
21468
msgid "sudo adduser amavis clamav"
21470
21469
msgstr ""
21471
21470
21472
#: serverguide/C/mail.xml:1368(title)
21471
#: serverguide/C/mail.xml:1427(title)
21473
21472
msgid "Spamassassin"
21474
21473
msgstr ""
21475
21474
21476
#: serverguide/C/mail.xml:1369(para)
21475
#: serverguide/C/mail.xml:1428(para)
21477
21476
msgid ""
21478
21477
"Spamassassin automatically detects optional components and will use them if "
21479
21478
"they are present. This means that there is no need to configure "
21480
21479
"<application>pyzor</application> and <application>razor</application>."
21481
21480
msgstr ""
21482
21481
21483
#: serverguide/C/mail.xml:1373(para)
21482
#: serverguide/C/mail.xml:1432(para)
21484
21483
msgid ""
21485
21484
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21486
21485
"<application>Spamassassin</application> daemon. Change "
21487
21486
"<emphasis>ENABLED=0</emphasis> to:"
21488
21487
msgstr ""
21489
21488
21490
#: serverguide/C/mail.xml:1377(programlisting)
21489
#: serverguide/C/mail.xml:1436(programlisting)
21491
21490
#, no-wrap
21492
21491
msgid ""
21493
21492
"\n"
21496
21495
"\n"
21497
21496
"ENABLED=1\n"
21498
21497
21499
#: serverguide/C/mail.xml:1380(para)
21498
#: serverguide/C/mail.xml:1439(para)
21500
21499
msgid "Now start the daemon:"
21501
21500
msgstr ""
21502
21501
21504
21503
msgid "sudo service spamassassin start"
21505
21504
msgstr ""
21506
21505
21507
#: serverguide/C/mail.xml:1388(title)
21506
#: serverguide/C/mail.xml:1447(title)
21508
21507
msgid "Amavisd-new"
21509
21508
msgstr "Amavisd-new"
21510
21509
21511
#: serverguide/C/mail.xml:1389(para)
21510
#: serverguide/C/mail.xml:1448(para)
21512
21511
msgid ""
21513
21512
"First activate spam and antivirus detection in <application>Amavisd-"
21514
21513
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
21515
21514
"content_filter_mode</filename>:"
21516
21515
msgstr ""
21517
21516
21518
#: serverguide/C/mail.xml:1393(programlisting)
21517
#: serverguide/C/mail.xml:1452(programlisting)
21519
21518
#, no-wrap
21520
21519
msgid ""
21521
21520
"\n"
21546
21545
"1; # insure a defined return\n"
21547
21546
msgstr ""
21548
21547
21549
#: serverguide/C/mail.xml:1419(para)
21548
#: serverguide/C/mail.xml:1477(para)
21550
21549
msgid ""
21551
21550
"Bouncing spam can be a bad idea as the return address is often faked. The "
21552
21551
"default behaviour is to instead discard. This is configured in "
21555
21554
"D_BOUNCE."
21556
21555
msgstr ""
21557
21556
21558
#: serverguide/C/mail.xml:1425(para)
21557
#: serverguide/C/mail.xml:1483(para)
21559
21558
msgid ""
21560
21559
"Additionally, you may want to adjust the following options to flag more "
21561
21560
"messages as spam:"
21562
21561
msgstr ""
21563
21562
21564
#: serverguide/C/mail.xml:1429(programlisting)
21563
#: serverguide/C/mail.xml:1487(programlisting)
21565
21564
#, no-wrap
21566
21565
msgid ""
21567
21566
"\n"
21572
21571
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
21573
21572
msgstr ""
21574
21573
21575
#: serverguide/C/mail.xml:1436(para)
21574
#: serverguide/C/mail.xml:1494(para)
21576
21575
msgid ""
21577
21576
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
21578
21577
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
21581
21580
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
21582
21581
msgstr ""
21583
21582
21584
#: serverguide/C/mail.xml:1443(programlisting)
21583
#: serverguide/C/mail.xml:1501(programlisting)
21585
21584
#, no-wrap
21586
21585
msgid ""
21587
21586
"\n"
21592
21591
"$myhostname = 'mail.example.com';\n"
21593
21592
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
21594
21593
21595
#: serverguide/C/mail.xml:1448(para)
21594
#: serverguide/C/mail.xml:1506(para)
21596
21595
msgid ""
21597
21596
"If you want to cover multiple domains you can use the following in "
21598
21597
"the<filename>/etc/amavis/conf.d/50-user</filename>"
21599
21598
msgstr ""
21600
21599
21601
#: serverguide/C/mail.xml:1451(programlisting)
21600
#: serverguide/C/mail.xml:1509(programlisting)
21602
21601
#, no-wrap
21603
21602
msgid ""
21604
21603
"\n"
21605
21604
"@local_domains_acl = qw(.);\n"
21606
21605
msgstr ""
21607
21606
21608
#: serverguide/C/mail.xml:1455(para)
21607
#: serverguide/C/mail.xml:1513(para)
21609
21608
msgid ""
21610
21609
"After configuration <application>Amavisd-new</application> needs to be "
21611
21610
"restarted:"
21615
21614
msgid "sudo service amavis restart"
21616
21615
msgstr ""
21617
21616
21618
#: serverguide/C/mail.xml:1462(title)
21617
#: serverguide/C/mail.xml:1520(title)
21619
21618
msgid "DKIM Whitelist"
21620
21619
msgstr ""
21621
21620
21622
#: serverguide/C/mail.xml:1464(para)
21621
#: serverguide/C/mail.xml:1522(para)
21623
21622
msgid ""
21624
21623
"<application>Amavisd-new</application> can be configured to automatically "
21625
21624
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
21627
21626
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21628
21627
msgstr ""
21629
21628
21630
#: serverguide/C/mail.xml:1470(para)
21629
#: serverguide/C/mail.xml:1528(para)
21631
21630
msgid "There are multiple ways to configure the Whitelist for a domain:"
21632
21631
msgstr ""
21633
21632
21634
#: serverguide/C/mail.xml:1476(para)
21633
#: serverguide/C/mail.xml:1534(para)
21635
21634
msgid ""
21636
21635
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21637
21636
"address from the \"example.com\" domain."
21638
21637
msgstr ""
21639
21638
21640
#: serverguide/C/mail.xml:1481(para)
21639
#: serverguide/C/mail.xml:1539(para)
21641
21640
msgid ""
21642
21641
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21643
21642
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21644
21643
"have a valid signature."
21645
21644
msgstr ""
21646
21645
21647
#: serverguide/C/mail.xml:1487(para)
21646
#: serverguide/C/mail.xml:1545(para)
21648
21647
msgid ""
21649
21648
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21650
21649
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21651
21650
"role=\"italic\">example.com</emphasis> the parent domain."
21652
21651
msgstr ""
21653
21652
21654
#: serverguide/C/mail.xml:1493(para)
21653
#: serverguide/C/mail.xml:1551(para)
21655
21654
msgid ""
21656
21655
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21657
21656
"that have a valid signature from \"example.com\". This is usually used for "
21658
21657
"discussion groups that sign their messages."
21659
21658
msgstr ""
21660
21659
21661
#: serverguide/C/mail.xml:1500(para)
21660
#: serverguide/C/mail.xml:1558(para)
21662
21661
msgid ""
21663
21662
"A domain can also have multiple Whitelist configurations. After editing the "
21664
21663
"file, restart <application>amavisd-new</application>:"
21665
21664
msgstr ""
21666
21665
21667
#: serverguide/C/mail.xml:1510(para)
21666
#: serverguide/C/mail.xml:1568(para)
21668
21667
msgid ""
21669
21668
"In this context, once a domain has been added to the Whitelist the message "
21670
21669
"will not receive any anti-virus or spam filtering. This may or may not be "
21671
21670
"the intended behavior you wish for a domain."
21672
21671
msgstr ""
21673
21672
21674
#: serverguide/C/mail.xml:1520(para)
21673
#: serverguide/C/mail.xml:1578(para)
21675
21674
msgid ""
21676
21675
"For <application>Postfix</application> integration, enter the following from "
21677
21676
"a terminal prompt:"
21678
21677
msgstr ""
21679
21678
21680
#: serverguide/C/mail.xml:1524(command)
21679
#: serverguide/C/mail.xml:1582(command)
21681
21680
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21682
21681
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21683
21682
21684
#: serverguide/C/mail.xml:1526(para)
21683
#: serverguide/C/mail.xml:1584(para)
21685
21684
msgid ""
21686
21685
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21687
21686
"to the end of the file:"
21720
21719
"_milters\n"
21721
21720
msgstr ""
21722
21721
21723
#: serverguide/C/mail.xml:1556(para)
21722
#: serverguide/C/mail.xml:1614(para)
21724
21723
msgid ""
21725
21724
"Also add the following two lines immediately below the "
21726
21725
"<emphasis>\"pickup\"</emphasis> transport service:"
21727
21726
msgstr ""
21728
21727
21729
#: serverguide/C/mail.xml:1559(programlisting)
21728
#: serverguide/C/mail.xml:1617(programlisting)
21730
21729
#, no-wrap
21731
21730
msgid ""
21732
21731
"\n"
21737
21736
" -o content_filter=\n"
21738
21737
" -o receive_override_options=no_header_body_checks\n"
21739
21738
21740
#: serverguide/C/mail.xml:1563(para)
21739
#: serverguide/C/mail.xml:1621(para)
21741
21740
msgid ""
21742
21741
"This will prevent messages that are generated to report on spam from being "
21743
21742
"classified as spam."
21744
21743
msgstr ""
21745
21744
21746
#: serverguide/C/mail.xml:1566(para)
21745
#: serverguide/C/mail.xml:1624(para)
21747
21746
msgid "Now restart <application>Postfix</application>:"
21748
21747
msgstr ""
21749
21748
21750
#: serverguide/C/mail.xml:1572(para)
21749
#: serverguide/C/mail.xml:1630(para)
21751
21750
msgid "Content filtering with spam and virus detection is now enabled."
21752
21751
msgstr ""
21753
21752
21754
#: serverguide/C/mail.xml:1578(title)
21753
#: serverguide/C/mail.xml:1636(title)
21755
21754
msgid "Amavisd-new and Spamassassin"
21756
21755
msgstr ""
21757
21756
21758
#: serverguide/C/mail.xml:1580(para)
21757
#: serverguide/C/mail.xml:1638(para)
21759
21758
msgid ""
21760
21759
"When integrating <application>Amavisd-new</application> with "
21761
21760
"<application>Spamassassin</application>, if you choose to disable the bayes "
21766
21765
"<application>cron</application> job."
21767
21766
msgstr ""
21768
21767
21769
#: serverguide/C/mail.xml:1587(para)
21768
#: serverguide/C/mail.xml:1645(para)
21770
21769
msgid "There are several ways to handle this situation:"
21771
21770
msgstr ""
21772
21771
21773
#: serverguide/C/mail.xml:1593(para)
21772
#: serverguide/C/mail.xml:1651(para)
21774
21773
msgid "Configure your MDA to filter messages you do not wish to see."
21775
21774
msgstr ""
21776
21775
21777
#: serverguide/C/mail.xml:1598(para)
21776
#: serverguide/C/mail.xml:1656(para)
21778
21777
msgid ""
21779
21778
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
21780
21779
"<emphasis>use_bayes 0</emphasis>. For example, edit "
21782
21781
"the top before the <emphasis>test</emphasis> statements:"
21783
21782
msgstr ""
21784
21783
21785
#: serverguide/C/mail.xml:1602(programlisting)
21784
#: serverguide/C/mail.xml:1660(programlisting)
21786
21785
#, no-wrap
21787
21786
msgid ""
21788
21787
"\n"
21790
21789
"exit 0\n"
21791
21790
msgstr ""
21792
21791
21793
#: serverguide/C/mail.xml:1612(para)
21792
#: serverguide/C/mail.xml:1670(para)
21794
21793
msgid ""
21795
21794
"First, test that the <application>Amavisd-new</application> SMTP is "
21796
21795
"listening:"
21797
21796
msgstr ""
21798
21797
21799
#: serverguide/C/mail.xml:1615(programlisting)
21798
#: serverguide/C/mail.xml:1673(programlisting)
21800
21799
#, no-wrap
21801
21800
msgid ""
21802
21801
"\n"
21815
21814
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
21816
21815
"^]\n"
21817
21816
21818
#: serverguide/C/mail.xml:1623(para)
21817
#: serverguide/C/mail.xml:1681(para)
21819
21818
msgid ""
21820
21819
"In the Header of messages that go through the content filter you should see:"
21821
21820
msgstr ""
21822
21821
21823
#: serverguide/C/mail.xml:1626(programlisting)
21822
#: serverguide/C/mail.xml:1684(programlisting)
21824
21823
#, no-wrap
21825
21824
msgid ""
21826
21825
"\n"
21837
21836
"BAYES_00\n"
21838
21837
"X-Spam-Level: \n"
21839
21838
21840
#: serverguide/C/mail.xml:1633(para)
21839
#: serverguide/C/mail.xml:1691(para)
21841
21840
msgid ""
21842
21841
"Your output will vary, but the important thing is that there are <emphasis>X-"
21843
21842
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21844
21843
msgstr ""
21845
21844
21846
#: serverguide/C/mail.xml:1641(para)
21845
#: serverguide/C/mail.xml:1699(para)
21847
21846
msgid ""
21848
21847
"The best way to figure out why something is going wrong is to check the log "
21849
21848
"files."
21850
21849
msgstr ""
21851
21850
21852
#: serverguide/C/mail.xml:1646(para)
21851
#: serverguide/C/mail.xml:1704(para)
21853
21852
msgid ""
21854
21853
"For instructions on <application>Postfix</application> logging see the <xref "
21855
21854
"linkend=\"postfix-troubleshooting\"/> section."
21856
21855
msgstr ""
21857
21856
21858
#: serverguide/C/mail.xml:1652(para)
21857
#: serverguide/C/mail.xml:1710(para)
21859
21858
msgid ""
21860
21859
"<application>Amavisd-new</application> uses "
21861
21860
"<application>Syslog</application> to send messages to "
21865
21864
"1 to 5."
21866
21865
msgstr ""
21867
21866
21868
#: serverguide/C/mail.xml:1657(programlisting)
21867
#: serverguide/C/mail.xml:1715(programlisting)
21869
21868
#, no-wrap
21870
21869
msgid ""
21871
21870
"\n"
21874
21873
"\n"
21875
21874
"$log_level = 2;\n"
21876
21875
21877
#: serverguide/C/mail.xml:1661(para)
21876
#: serverguide/C/mail.xml:1719(para)
21878
21877
msgid ""
21879
21878
"When the <application>Amavisd-new</application> log output is increased "
21880
21879
"<application>Spamassassin</application> log output is also increased."
21881
21880
msgstr ""
21882
21881
21883
#: serverguide/C/mail.xml:1668(para)
21882
#: serverguide/C/mail.xml:1726(para)
21884
21883
msgid ""
21885
21884
"The <application>ClamAV</application> log level can be increased by editing "
21886
21885
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
21887
21886
msgstr ""
21888
21887
21889
#: serverguide/C/mail.xml:1672(programlisting)
21888
#: serverguide/C/mail.xml:1730(programlisting)
21890
21889
#, no-wrap
21891
21890
msgid ""
21892
21891
"\n"
21895
21894
"\n"
21896
21895
"LogVerbose true\n"
21897
21896
21898
#: serverguide/C/mail.xml:1675(para)
21897
#: serverguide/C/mail.xml:1733(para)
21899
21898
msgid ""
21900
21899
"By default <application>ClamAV</application> will send log messages to "
21901
21900
"<filename>/var/log/clamav/clamav.log</filename>."
21902
21901
msgstr ""
21903
21902
21904
#: serverguide/C/mail.xml:1681(para)
21903
#: serverguide/C/mail.xml:1739(para)
21905
21904
msgid ""
21906
21905
"After changing an applications log settings remember to restart the service "
21907
21906
"for the new settings to take affect. Also, once the issue you are "
21909
21908
"back to normal."
21910
21909
msgstr ""
21911
21910
21912
#: serverguide/C/mail.xml:1689(para)
21911
#: serverguide/C/mail.xml:1747(para)
21913
21912
msgid "For more information on filtering mail see the following links:"
21914
21913
msgstr ""
21915
21914
21916
#: serverguide/C/mail.xml:1695(ulink)
21915
#: serverguide/C/mail.xml:1753(ulink)
21917
21916
msgid "Amavisd-new Documentation"
21918
21917
msgstr ""
21919
21918
21920
#: serverguide/C/mail.xml:1699(para)
21919
#: serverguide/C/mail.xml:1757(para)
21921
21920
msgid ""
21922
21921
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21923
21922
"Documentation</ulink> and <ulink "
21924
21923
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21925
21924
msgstr ""
21926
21925
21927
#: serverguide/C/mail.xml:1706(ulink)
21926
#: serverguide/C/mail.xml:1764(ulink)
21928
21927
msgid "Spamassassin Wiki"
21929
21928
msgstr ""
21930
21929
21931
#: serverguide/C/mail.xml:1711(ulink)
21930
#: serverguide/C/mail.xml:1769(ulink)
21932
21931
msgid "Pyzor Homepage"
21933
21932
msgstr "Хатняя старонка Pyzor"
21934
21933
21935
#: serverguide/C/mail.xml:1716(ulink)
21934
#: serverguide/C/mail.xml:1774(ulink)
21936
21935
msgid "Razor Homepage"
21937
21936
msgstr "Хатняя старонка Razor"
21938
21937
21939
#: serverguide/C/mail.xml:1721(ulink)
21938
#: serverguide/C/mail.xml:1779(ulink)
21940
21939
msgid "DKIM.org"
21941
21940
msgstr "DKIM.org"
21942
21941
21943
#: serverguide/C/mail.xml:1726(ulink)
21942
#: serverguide/C/mail.xml:1784(ulink)
21944
21943
msgid "Postfix Amavis New"
21945
21944
msgstr ""
21946
21945
21947
#: serverguide/C/mail.xml:1730(para)
21946
#: serverguide/C/mail.xml:1788(para)
21948
21947
msgid ""
21949
21948
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21950
21949
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22049
22048
22050
22049
#: serverguide/C/lamp-applications.xml:104(para)
22051
22050
msgid ""
22052
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
22051
"MoinMoin is a wiki engine implemented in Python, based on the PikiPiki Wiki "
22053
22052
"engine, and licensed under the GNU GPL."
22054
22053
msgstr ""
22055
22054
22068
22067
#: serverguide/C/lamp-applications.xml:121(para)
22069
22068
msgid ""
22070
22069
"You should also install <application>apache2</application> web server. For "
22071
"installing <application>apache2</application> web server, please refer to "
22072
"<xref linkend=\"http-installation\"/> sub-section in <xref "
22070
"installing the <application>apache2</application> web server, please refer "
22071
"to <xref linkend=\"http-installation\"/> sub-section in <xref "
22073
22072
"linkend=\"httpd\"/> section."
22074
22073
msgstr ""
22075
22074
22076
22075
#: serverguide/C/lamp-applications.xml:132(para)
22077
22076
msgid ""
22078
"For configuring your first Wiki application, please run the following set of "
22079
"commands. Let us assume that you are creating a Wiki named "
22077
"To configure your first wiki application, please run the following set of "
22078
"commands. Let us assume that you are creating a wiki named "
22080
22079
"<emphasis>mywiki</emphasis>:"
22081
22080
msgstr ""
22082
22081
22115
22114
#: serverguide/C/lamp-applications.xml:149(para)
22116
22115
msgid ""
22117
22116
"Now you should configure <application>MoinMoin</application> to find your "
22118
"new Wiki <emphasis>mywiki</emphasis>. To configure "
22117
"new wiki <emphasis>mywiki</emphasis>. To configure "
22119
22118
"<application>MoinMoin</application>, open "
22120
22119
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
22121
22120
msgstr ""
22151
22150
22152
22151
#: serverguide/C/lamp-applications.xml:174(para)
22153
22152
msgid ""
22154
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
22153
"If the <filename>/etc/moin/mywiki.py</filename> file does not exist, you "
22155
22154
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
22156
22155
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
22157
22156
"mentioned change."
22159
22158
22160
22159
#: serverguide/C/lamp-applications.xml:182(para)
22161
22160
msgid ""
22162
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
22161
"If you have named your wiki as <emphasis>my_wiki_name</emphasis> you should "
22163
22162
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
22164
22163
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
22165
22164
"<quote>(\"mywiki\", r\".*\")</quote>."
22168
22167
#: serverguide/C/lamp-applications.xml:190(para)
22169
22168
msgid ""
22170
22169
"Once you have configured <application>MoinMoin</application> to find your "
22171
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
22172
"<application>apache2</application> and make it ready for your Wiki "
22173
"application."
22170
"first wiki application, <emphasis>mywiki</emphasis>, you should configure "
22171
"<application>apache2</application> and make it ready for your wiki."
22174
22172
msgstr ""
22175
22173
22176
22174
#: serverguide/C/lamp-applications.xml:197(para)
22186
22184
"\n"
22187
22185
"### moin\n"
22188
22186
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
22189
" alias /moin_static193 \"/usr/share/moin/htdocs\"\n"
22187
" alias /moin_static<version> \"/usr/share/moin/htdocs\"\n"
22190
22188
" <Directory /usr/share/moin/htdocs>\n"
22191
22189
" Order allow,deny\n"
22192
22190
" allow from all\n"
22195
22193
msgstr ""
22196
22194
22197
22195
#: serverguide/C/lamp-applications.xml:214(para)
22196
msgid "The version in the above example is determined by running:"
22197
msgstr ""
22198
22199
#: serverguide/C/lamp-applications.xml:218(programlisting)
22200
#, no-wrap
22201
msgid ""
22202
"\n"
22203
"$ moin --version\n"
22204
msgstr ""
22205
22206
#: serverguide/C/lamp-applications.xml:222(para)
22207
msgid "If the output shows version 1.9.7, your second line should be:"
22208
msgstr ""
22209
22210
#: serverguide/C/lamp-applications.xml:226(programlisting)
22211
#, no-wrap
22212
msgid ""
22213
"\n"
22214
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
22215
msgstr ""
22216
22217
#: serverguide/C/lamp-applications.xml:230(para)
22198
22218
msgid ""
22199
22219
"Once you configure the <application>apache2</application> web server and "
22200
"make it ready for your Wiki application, you should restart it. You can run "
22220
"make it ready for your wiki application, you should restart it. You can run "
22201
22221
"the following command to restart the <application>apache2</application> web "
22202
22222
"server:"
22203
22223
msgstr ""
22204
22224
22205
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
22225
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1315(title)
22206
22226
msgid "Verification"
22207
22227
msgstr ""
22208
22228
22209
#: serverguide/C/lamp-applications.xml:229(para)
22229
#: serverguide/C/lamp-applications.xml:245(para)
22210
22230
msgid ""
22211
22231
"You can verify the Wiki application and see if it works by pointing your web "
22212
22232
"browser to the following URL:"
22213
22233
msgstr ""
22214
22234
22215
#: serverguide/C/lamp-applications.xml:233(programlisting)
22235
#: serverguide/C/lamp-applications.xml:249(programlisting)
22216
22236
#, no-wrap
22217
22237
msgid ""
22218
22238
"\n"
22221
22241
"\n"
22222
22242
"http://localhost/mywiki\n"
22223
22243
22224
#: serverguide/C/lamp-applications.xml:237(para)
22244
#: serverguide/C/lamp-applications.xml:253(para)
22225
22245
msgid ""
22226
22246
"For more details, please refer to the <ulink "
22227
22247
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
22228
22248
msgstr ""
22229
22249
22230
#: serverguide/C/lamp-applications.xml:248(para)
22250
#: serverguide/C/lamp-applications.xml:264(para)
22231
22251
msgid ""
22232
22252
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
22233
22253
"Wiki</ulink>."
22234
22254
msgstr ""
22235
22255
22236
#: serverguide/C/lamp-applications.xml:253(para)
22256
#: serverguide/C/lamp-applications.xml:269(para)
22237
22257
msgid ""
22238
22258
"Also, see the <ulink "
22239
22259
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
22240
22260
"MoinMoin</ulink> page."
22241
22261
msgstr ""
22242
22262
22243
#: serverguide/C/lamp-applications.xml:262(title)
22263
#: serverguide/C/lamp-applications.xml:278(title)
22244
22264
msgid "MediaWiki"
22245
22265
msgstr "MediaWiki"
22246
22266
22247
#: serverguide/C/lamp-applications.xml:264(para)
22267
#: serverguide/C/lamp-applications.xml:280(para)
22248
22268
msgid ""
22249
22269
"MediaWiki is an web based Wiki software written in the PHP language. It can "
22250
22270
"either use <application>MySQL</application> or "
22251
22271
"<application>PostgreSQL</application> Database Management System."
22252
22272
msgstr ""
22253
22273
22254
#: serverguide/C/lamp-applications.xml:274(para)
22274
#: serverguide/C/lamp-applications.xml:290(para)
22255
22275
msgid ""
22256
22276
"Before installing <application>MediaWiki</application> you should also "
22257
22277
"install <application>Apache2</application>, the "
22262
22282
"installation instructions."
22263
22283
msgstr ""
22264
22284
22265
#: serverguide/C/lamp-applications.xml:282(para)
22285
#: serverguide/C/lamp-applications.xml:298(para)
22266
22286
msgid ""
22267
22287
"To install <application>MediaWiki</application>, run the following command "
22268
22288
"in the command prompt:"
22269
22289
msgstr ""
22270
22290
22271
#: serverguide/C/lamp-applications.xml:288(command)
22291
#: serverguide/C/lamp-applications.xml:304(command)
22272
22292
msgid "sudo apt-get install mediawiki php5-gd"
22273
22293
msgstr "sudo apt-get install mediawiki php5-gd"
22274
22294
22275
#: serverguide/C/lamp-applications.xml:291(para)
22295
#: serverguide/C/lamp-applications.xml:307(para)
22276
22296
msgid ""
22277
22297
"For additional <application>MediaWiki</application> functionality see the "
22278
22298
"<application>mediawiki-extensions</application> package."
22279
22299
msgstr ""
22280
22300
22281
#: serverguide/C/lamp-applications.xml:301(para)
22301
#: serverguide/C/lamp-applications.xml:317(para)
22282
22302
msgid ""
22283
22303
"The Apache configuration file <filename>mediawiki.conf</filename> for "
22284
22304
"<application>MediaWiki</application> is installed in "
22287
22307
"file."
22288
22308
msgstr ""
22289
22309
22290
#: serverguide/C/lamp-applications.xml:309(screen)
22310
#: serverguide/C/lamp-applications.xml:324(screen)
22291
22311
#, no-wrap
22292
22312
msgid ""
22293
22313
"\n"
22294
22314
"# Alias /mediawiki /var/lib/mediawiki\n"
22295
22315
msgstr ""
22296
22316
22297
#: serverguide/C/lamp-applications.xml:312(para)
22317
#: serverguide/C/lamp-applications.xml:328(para)
22298
22318
msgid ""
22299
22319
"The <application>MediaWiki</application> configuration also needs to be "
22300
22320
"enabled."
22301
22321
msgstr ""
22302
22322
22303
#: serverguide/C/lamp-applications.xml:316(command)
22323
#: serverguide/C/lamp-applications.xml:332(command)
22304
22324
msgid "sudo a2enconf mediawiki.conf"
22305
22325
msgstr ""
22306
22326
22307
#: serverguide/C/lamp-applications.xml:319(para)
22327
#: serverguide/C/lamp-applications.xml:335(para)
22308
22328
msgid "Restart Apache server."
22309
22329
msgstr ""
22310
22330
22311
#: serverguide/C/lamp-applications.xml:326(para)
22331
#: serverguide/C/lamp-applications.xml:342(para)
22312
22332
msgid ""
22313
22333
"Access <application>MediaWiki</application> by visiting <ulink "
22314
22334
"url=\"http://localhost/mediawiki/mw-"
22318
22338
"config/index.php</ulink> if your server has no GUI.)"
22319
22339
msgstr ""
22320
22340
22321
#: serverguide/C/lamp-applications.xml:334(para)
22341
#: serverguide/C/lamp-applications.xml:350(para)
22322
22342
msgid ""
22323
22343
"Please read the <quote>Environmental checks</quote> section of the "
22324
22344
"configuration page. You should be able to fix many issues by carefully "
22325
22345
"reading this section."
22326
22346
msgstr ""
22327
22347
22328
#: serverguide/C/lamp-applications.xml:330(para)
22348
#: serverguide/C/lamp-applications.xml:357(para)
22329
22349
msgid ""
22330
22350
"Once the configuration is complete, you should copy the "
22331
22351
"<filename>LocalSettings.php</filename> file to "
22332
22352
"<filename>/etc/mediawiki</filename> directory:"
22333
22353
msgstr ""
22334
22354
22335
#: serverguide/C/lamp-applications.xml:337(command)
22355
#: serverguide/C/lamp-applications.xml:364(command)
22336
22356
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22337
22357
msgstr ""
22338
22358
22339
#: serverguide/C/lamp-applications.xml:340(para)
22359
#: serverguide/C/lamp-applications.xml:367(para)
22340
22360
msgid ""
22341
22361
"You may also want to edit "
22342
22362
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22343
22363
"memory limit (disabled by default):"
22344
22364
msgstr ""
22345
22365
22346
#: serverguide/C/lamp-applications.xml:345(programlisting)
22366
#: serverguide/C/lamp-applications.xml:372(programlisting)
22347
22367
#, no-wrap
22348
22368
msgid ""
22349
22369
"\n"
22350
22370
"ini_set( 'memory_limit', '64M' );\n"
22351
22371
msgstr ""
22352
22372
22353
#: serverguide/C/lamp-applications.xml:352(title)
22373
#: serverguide/C/lamp-applications.xml:379(title)
22354
22374
msgid "Extensions"
22355
22375
msgstr ""
22356
22376
22357
#: serverguide/C/lamp-applications.xml:353(para)
22377
#: serverguide/C/lamp-applications.xml:380(para)
22358
22378
msgid ""
22359
22379
"The extensions add new features and enhancements for the MediaWiki "
22360
22380
"application. The extensions give wiki administrators and end users the "
22361
22381
"ability to customize MediaWiki to their requirements."
22362
22382
msgstr ""
22363
22383
22364
#: serverguide/C/lamp-applications.xml:359(para)
22384
#: serverguide/C/lamp-applications.xml:386(para)
22365
22385
msgid ""
22366
22386
"You can download MediaWiki extensions as an archive file or checkout from "
22367
22387
"the Subversion repository. You should copy it to "
22370
22390
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
22371
22391
msgstr ""
22372
22392
22373
#: serverguide/C/lamp-applications.xml:367(programlisting)
22393
#: serverguide/C/lamp-applications.xml:394(programlisting)
22374
22394
#, no-wrap
22375
22395
msgid ""
22376
22396
"\n"
22377
22397
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
22378
22398
msgstr ""
22379
22399
22380
#: serverguide/C/lamp-applications.xml:377(para)
22400
#: serverguide/C/lamp-applications.xml:404(para)
22381
22401
msgid ""
22382
22402
"For more details, please refer to the <ulink "
22383
22403
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22384
22404
msgstr ""
22385
22405
22386
#: serverguide/C/lamp-applications.xml:394(para)
22406
#: serverguide/C/lamp-applications.xml:410(para)
22387
22407
msgid ""
22388
22408
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22389
22409
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22390
22410
"new MediaWiki administrators."
22391
22411
msgstr ""
22392
22412
22393
#: serverguide/C/lamp-applications.xml:389(para)
22413
#: serverguide/C/lamp-applications.xml:416(para)
22394
22414
msgid ""
22395
22415
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
22396
22416
"Wiki MediaWiki</ulink> page is a good resource."
22397
22417
msgstr ""
22398
22418
22399
#: serverguide/C/lamp-applications.xml:399(title)
22419
#: serverguide/C/lamp-applications.xml:426(title)
22400
22420
msgid "phpMyAdmin"
22401
22421
msgstr "phpMyAdmin"
22402
22422
22403
#: serverguide/C/lamp-applications.xml:401(para)
22423
#: serverguide/C/lamp-applications.xml:428(para)
22404
22424
msgid ""
22405
22425
"<application>phpMyAdmin</application> is a LAMP application specifically "
22406
22426
"written for administering <application>MySQL</application> servers. Written "
22408
22428
"phpMyAdmin provides a graphical interface for database administration tasks."
22409
22429
msgstr ""
22410
22430
22411
#: serverguide/C/lamp-applications.xml:410(para)
22431
#: serverguide/C/lamp-applications.xml:437(para)
22412
22432
msgid ""
22413
22433
"Before installing <application>phpMyAdmin</application> you will need access "
22414
22434
"to a <application>MySQL</application> database either on the same host as "
22417
22437
"enter:"
22418
22438
msgstr ""
22419
22439
22420
#: serverguide/C/lamp-applications.xml:417(command)
22440
#: serverguide/C/lamp-applications.xml:444(command)
22421
22441
msgid "sudo apt-get install phpmyadmin"
22422
22442
msgstr "sudo apt-get install phpmyadmin"
22423
22443
22424
#: serverguide/C/lamp-applications.xml:420(para)
22444
#: serverguide/C/lamp-applications.xml:447(para)
22425
22445
msgid ""
22426
22446
"At the prompt choose which web server to be configured for "
22427
22447
"<application>phpMyAdmin</application>. The rest of this section will use "
22428
22448
"<application>Apache2</application> for the web server."
22429
22449
msgstr ""
22430
22450
22431
#: serverguide/C/lamp-applications.xml:436(para)
22451
#: serverguide/C/lamp-applications.xml:452(para)
22432
22452
msgid ""
22433
22453
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
22434
22454
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
22438
22458
"user's password."
22439
22459
msgstr ""
22440
22460
22441
#: serverguide/C/lamp-applications.xml:432(para)
22461
#: serverguide/C/lamp-applications.xml:459(para)
22442
22462
msgid ""
22443
22463
"Once logged in you can reset the <emphasis>root</emphasis> password if "
22444
22464
"needed, create users, create/destroy databases and tables, etc."
22445
22465
msgstr ""
22446
22466
22447
#: serverguide/C/lamp-applications.xml:440(para)
22467
#: serverguide/C/lamp-applications.xml:467(para)
22448
22468
msgid ""
22449
22469
"The configuration files for <application>phpMyAdmin</application> are "
22450
22470
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
22453
22473
"<application>phpMyAdmin</application>."
22454
22474
msgstr ""
22455
22475
22456
#: serverguide/C/lamp-applications.xml:446(para)
22476
#: serverguide/C/lamp-applications.xml:473(para)
22457
22477
msgid ""
22458
22478
"To use <application>phpMyAdmin</application> to administer a MySQL database "
22459
22479
"hosted on another server, adjust the following in "
22460
22480
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
22461
22481
msgstr ""
22462
22482
22463
#: serverguide/C/lamp-applications.xml:451(programlisting)
22483
#: serverguide/C/lamp-applications.xml:478(programlisting)
22464
22484
#, no-wrap
22465
22485
msgid ""
22466
22486
"\n"
22469
22489
"\n"
22470
22490
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
22471
22491
22472
#: serverguide/C/lamp-applications.xml:456(para)
22492
#: serverguide/C/lamp-applications.xml:483(para)
22473
22493
msgid ""
22474
22494
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
22475
22495
"remote database server name or IP address. Also, be sure that the "
22477
22497
"remote database."
22478
22498
msgstr ""
22479
22499
22480
#: serverguide/C/lamp-applications.xml:462(para)
22500
#: serverguide/C/lamp-applications.xml:489(para)
22481
22501
msgid ""
22482
22502
"Once configured, log out of <application>phpMyAdmin</application> and back "
22483
22503
"in, and you should be accessing the new server."
22484
22504
msgstr ""
22485
22505
22486
#: serverguide/C/lamp-applications.xml:466(para)
22506
#: serverguide/C/lamp-applications.xml:493(para)
22487
22507
msgid ""
22488
22508
"The <filename>config.header.inc.php</filename> and "
22489
22509
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22490
22510
"header and footer to <application>phpMyAdmin</application>."
22491
22511
msgstr ""
22492
22512
22493
#: serverguide/C/lamp-applications.xml:471(para)
22513
#: serverguide/C/lamp-applications.xml:498(para)
22494
22514
msgid ""
22495
22515
"Another important configuration file is "
22496
22516
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22497
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22498
"configure <application>Apache2</application> to serve the "
22499
"<application>phpMyAdmin</application> site. The file contains directives for "
22500
"loading <application>PHP</application>, directory permissions, etc. For more "
22501
"information on configuring <application>Apache2</application> see <xref "
22502
"linkend=\"httpd\"/>."
22503
msgstr ""
22504
22505
#: serverguide/C/lamp-applications.xml:485(para)
22517
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22518
"enabled, is used to configure <application>Apache2</application> to serve "
22519
"the <application>phpMyAdmin</application> site. The file contains directives "
22520
"for loading <application>PHP</application>, directory permissions, etc. From "
22521
"a terminal type:"
22522
msgstr ""
22523
22524
#: serverguide/C/lamp-applications.xml:506(command)
22525
msgid ""
22526
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22527
"available/phpmyadmin.conf"
22528
msgstr ""
22529
22530
#: serverguide/C/lamp-applications.xml:507(command)
22531
msgid "sudo a2enconf phpmyadmin.conf"
22532
msgstr ""
22533
22534
#: serverguide/C/lamp-applications.xml:511(para)
22535
msgid ""
22536
"For more information on configuring <application>Apache2</application> see "
22537
"<xref linkend=\"httpd\"/>."
22538
msgstr ""
22539
22540
#: serverguide/C/lamp-applications.xml:522(para)
22506
22541
msgid ""
22507
22542
"The <application>phpMyAdmin</application> documentation comes installed with "
22508
22543
"the package and can be accessed from the <emphasis>phpMyAdmin "
22511
22546
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22512
22547
msgstr ""
22513
22548
22514
#: serverguide/C/lamp-applications.xml:492(para)
22549
#: serverguide/C/lamp-applications.xml:529(para)
22515
22550
msgid ""
22516
22551
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22517
22552
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22518
22553
msgstr ""
22519
22554
22520
#: serverguide/C/lamp-applications.xml:497(para)
22555
#: serverguide/C/lamp-applications.xml:534(para)
22521
22556
msgid ""
22522
22557
"A third resource is the <ulink "
22523
22558
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22524
22559
"Wiki</ulink> page."
22525
22560
msgstr ""
22526
22561
22527
#: serverguide/C/lamp-applications.xml:517(title)
22562
#: serverguide/C/lamp-applications.xml:543(title)
22528
22563
msgid "WordPress"
22529
22564
msgstr ""
22530
22565
22531
#: serverguide/C/lamp-applications.xml:518(para)
22566
#: serverguide/C/lamp-applications.xml:544(para)
22532
22567
msgid ""
22533
22568
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22534
22569
"licensed under the GNU GPLv2."
22535
22570
msgstr ""
22536
22571
22537
#: serverguide/C/lamp-applications.xml:524(para)
22572
#: serverguide/C/lamp-applications.xml:550(para)
22538
22573
msgid ""
22539
22574
"To install <application>WordPress</application>, run the following comand in "
22540
22575
"the command prompt:"
22541
22576
msgstr ""
22542
22577
22543
#: serverguide/C/lamp-applications.xml:529(command)
22578
#: serverguide/C/lamp-applications.xml:555(command)
22544
22579
msgid "sudo apt-get install wordpress"
22545
22580
msgstr ""
22546
22581
22547
#: serverguide/C/lamp-applications.xml:532(para)
22582
#: serverguide/C/lamp-applications.xml:558(para)
22548
22583
msgid ""
22549
22584
"You should also install <application>apache2</application> web server and "
22550
22585
"<application>mysql</application> server. For installing "
22555
22590
"linkend=\"mysql\"/> section."
22556
22591
msgstr ""
22557
22592
22558
#: serverguide/C/lamp-applications.xml:546(para)
22593
#: serverguide/C/lamp-applications.xml:572(para)
22559
22594
msgid ""
22560
22595
"For configuring your first <application>WordPress</application> application, "
22561
22596
"configure an apache site. Open <filename>/etc/apache2/sites-"
22562
22597
"available/wordpress.conf</filename> and write the following lines:"
22563
22598
msgstr ""
22564
22599
22565
#: serverguide/C/lamp-applications.xml:553(programlisting)
22600
#: serverguide/C/lamp-applications.xml:579(programlisting)
22566
22601
#, no-wrap
22567
22602
msgid ""
22568
22603
"\n"
22582
22617
" "
22583
22618
msgstr ""
22584
22619
22585
#: serverguide/C/lamp-applications.xml:569(para)
22620
#: serverguide/C/lamp-applications.xml:595(para)
22586
22621
msgid "Enable this new <application>WordPress</application> site"
22587
22622
msgstr ""
22588
22623
22589
#: serverguide/C/lamp-applications.xml:572(command)
22624
#: serverguide/C/lamp-applications.xml:598(command)
22590
22625
msgid "sudo a2ensite wordpress"
22591
22626
msgstr ""
22592
22627
22593
#: serverguide/C/lamp-applications.xml:575(para)
22628
#: serverguide/C/lamp-applications.xml:601(para)
22594
22629
msgid ""
22595
22630
"Once you configure the <application>apache2</application> web server and "
22596
22631
"make it ready for your <application>WordPress</application> application, you "
22598
22633
"<application>apache2</application> web server:"
22599
22634
msgstr ""
22600
22635
22601
#: serverguide/C/lamp-applications.xml:587(para)
22636
#: serverguide/C/lamp-applications.xml:613(para)
22602
22637
msgid ""
22603
22638
"To facilitate multiple <application>WordPress</application> installations, "
22604
22639
"the name of this configuration file is based on the Host header of the HTTP "
22611
22646
"NAME_OF_YOUR_VIRTUAL_HOST.php."
22612
22647
msgstr ""
22613
22648
22614
#: serverguide/C/lamp-applications.xml:598(para)
22649
#: serverguide/C/lamp-applications.xml:624(para)
22615
22650
msgid ""
22616
22651
"Once the configuration file is written, it is up to you to choose a "
22617
22652
"convention for username and password to mysql for each "
22619
22654
"shows only one, localhost, example."
22620
22655
msgstr ""
22621
22656
22622
#: serverguide/C/lamp-applications.xml:605(para)
22657
#: serverguide/C/lamp-applications.xml:631(para)
22623
22658
msgid ""
22624
22659
"Now configure <application>WordPress</application> to use a mysql database. "
22625
22660
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
22626
22661
"the following lines:"
22627
22662
msgstr ""
22628
22663
22629
#: serverguide/C/lamp-applications.xml:611(programlisting)
22664
#: serverguide/C/lamp-applications.xml:637(programlisting)
22630
22665
#, no-wrap
22631
22666
msgid ""
22632
22667
"\n"
22639
22674
"?>\n"
22640
22675
msgstr ""
22641
22676
22642
#: serverguide/C/lamp-applications.xml:620(para)
22677
#: serverguide/C/lamp-applications.xml:646(para)
22643
22678
msgid ""
22644
22679
"Now create this mysql database. Open a temporary file with mysql commands "
22645
22680
"<filename>wordpress.sql</filename> and write the following lines:"
22646
22681
msgstr ""
22647
22682
22648
#: serverguide/C/lamp-applications.xml:623(programlisting)
22683
#: serverguide/C/lamp-applications.xml:649(programlisting)
22649
22684
#, no-wrap
22650
22685
msgid ""
22651
22686
"\n"
22657
22692
"FLUSH PRIVILEGES;\n"
22658
22693
msgstr ""
22659
22694
22660
#: serverguide/C/lamp-applications.xml:631(para)
22695
#: serverguide/C/lamp-applications.xml:657(para)
22661
22696
msgid "Execute these commands."
22662
22697
msgstr ""
22663
22698
22664
#: serverguide/C/lamp-applications.xml:633(command)
22699
#: serverguide/C/lamp-applications.xml:659(command)
22665
22700
msgid ""
22666
22701
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
22667
22702
msgstr ""
22668
22703
22669
#: serverguide/C/lamp-applications.xml:635(para)
22704
#: serverguide/C/lamp-applications.xml:661(para)
22670
22705
msgid ""
22671
22706
"Your new <application>WordPress</application> can now be configured by "
22672
22707
"visiting <ulink url=\"http://localhost/blog/wp-"
22679
22714
"mail and click Install WordPress."
22680
22715
msgstr ""
22681
22716
22682
#: serverguide/C/lamp-applications.xml:642(para)
22717
#: serverguide/C/lamp-applications.xml:668(para)
22683
22718
msgid ""
22684
22719
"Note the generated password (if applicable) and click the login password. "
22685
22720
"Your <application>WordPress</application> is now ready for use."
22686
22721
msgstr ""
22687
22722
22688
#: serverguide/C/lamp-applications.xml:652(ulink)
22723
#: serverguide/C/lamp-applications.xml:678(ulink)
22689
22724
msgid "WordPress.org Codex"
22690
22725
msgstr ""
22691
22726
22692
#: serverguide/C/lamp-applications.xml:657(ulink)
22727
#: serverguide/C/lamp-applications.xml:683(ulink)
22693
22728
msgid "Ubuntu Wiki WordPress"
22694
22729
msgstr ""
22695
22730
22726
22761
#: serverguide/C/introduction.xml:31(para)
22727
22762
msgid ""
22728
22763
"There are a couple of different ways that Ubuntu Server Edition is "
22729
"supported, commercial support and community support. The main commercial "
22730
"support (and development funding) is available from Canonical Ltd. They "
22731
"supply reasonably priced support contracts on a per desktop or per server "
22764
"supported: commercial support and community support. The main commercial "
22765
"support (and development funding) is available from Canonical, Ltd. They "
22766
"supply reasonably- priced support contracts on a per desktop or per server "
22732
22767
"basis. For more information see the <ulink "
22733
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22734
"page."
22768
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22735
22769
msgstr ""
22736
22770
22737
#: serverguide/C/introduction.xml:38(para)
22771
#: serverguide/C/introduction.xml:40(para)
22738
22772
msgid ""
22739
"Community support is also provided by dedicated individuals, and companies, "
22773
"Community support is also provided by dedicated individuals and companies "
22740
22774
"that wish to make Ubuntu the best distribution possible. Support is provided "
22741
22775
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22742
22776
"large amount of information available can be overwhelming, but a good search "
22784
22818
msgid "Install Type"
22785
22819
msgstr "Тып устаноўкі"
22786
22820
22787
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
22821
#: serverguide/C/installation.xml:36(para)
22788
22822
msgid "CPU"
22789
22823
msgstr ""
22790
22824
22816
22850
msgid "512 megabytes"
22817
22851
msgstr ""
22818
22852
22819
#: serverguide/C/installation.xml:51(para)
22853
#: serverguide/C/installation.xml:50(para)
22820
22854
msgid "1 gigabyte"
22821
22855
msgstr "1 Гб"
22822
22856
22828
22862
msgid "Server (Minimal)"
22829
22863
msgstr ""
22830
22864
22831
#: serverguide/C/installation.xml:48(para)
22865
#: serverguide/C/installation.xml:55(para)
22832
22866
msgid "300 megahertz"
22833
22867
msgstr ""
22834
22868
22844
22878
msgid "1.4 gigabytes"
22845
22879
msgstr ""
22846
22880
22847
#: serverguide/C/installation.xml:56(para)
22881
#: serverguide/C/installation.xml:64(para)
22848
22882
msgid ""
22849
22883
"The Server Edition provides a common base for all sorts of server "
22850
22884
"applications. It is a minimalist design providing a platform for the desired "
22851
22885
"services, such as file/print services, web hosting, email hosting, etc."
22852
22886
msgstr ""
22853
22887
22854
#: serverguide/C/installation.xml:70(title)
22888
#: serverguide/C/installation.xml:72(title)
22855
22889
msgid "Server and Desktop Differences"
22856
22890
msgstr ""
22857
22891
22858
#: serverguide/C/installation.xml:71(para)
22892
#: serverguide/C/installation.xml:73(para)
22859
22893
msgid ""
22860
22894
"There are a few differences between the <emphasis>Ubuntu Server "
22861
22895
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
22871
22905
"environment in the Server Edition and the installation process."
22872
22906
msgstr ""
22873
22907
22874
#: serverguide/C/installation.xml:84(title)
22908
#: serverguide/C/installation.xml:86(title)
22875
22909
msgid "Kernel Differences:"
22876
22910
msgstr ""
22877
22911
22878
#: serverguide/C/installation.xml:85(para)
22912
#: serverguide/C/installation.xml:87(para)
22879
22913
msgid ""
22880
22914
"Ubuntu version 10.10 and prior, actually had different kernels for the "
22881
22915
"server and desktop editions. Ubuntu no longer has separate -server and -"
22883
22917
"flavor to help reduce the maintenance burden over the life of the release."
22884
22918
msgstr ""
22885
22919
22886
#: serverguide/C/installation.xml:90(para)
22920
#: serverguide/C/installation.xml:92(para)
22887
22921
msgid ""
22888
22922
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
22889
22923
"limited by memory addressing space."
22897
22931
"great resource on the options available."
22898
22932
msgstr ""
22899
22933
22900
#: serverguide/C/installation.xml:104(title)
22934
#: serverguide/C/installation.xml:106(title)
22901
22935
msgid "Backing Up"
22902
22936
msgstr ""
22903
22937
22904
#: serverguide/C/installation.xml:107(para)
22938
#: serverguide/C/installation.xml:109(para)
22905
22939
msgid ""
22906
22940
"Before installing <application>Ubuntu Server Edition</application> you "
22907
22941
"should make sure all data on the system is backed up. See <xref "
22908
22942
"linkend=\"backups\"/> for backup options."
22909
22943
msgstr ""
22910
22944
22911
#: serverguide/C/installation.xml:111(para)
22945
#: serverguide/C/installation.xml:113(para)
22912
22946
msgid ""
22913
22947
"If this is not the first time an operating system has been installed on your "
22914
22948
"computer, it is likely you will need to re-partition your disk to make room "
22915
22949
"for Ubuntu."
22916
22950
msgstr ""
22917
22951
22918
#: serverguide/C/installation.xml:115(para)
22952
#: serverguide/C/installation.xml:117(para)
22919
22953
msgid ""
22920
22954
"Any time you partition your disk, you should be prepared to lose everything "
22921
22955
"on the disk should you make a mistake or something goes wrong during "
22923
22957
"have seen years of use, but they also perform destructive actions."
22924
22958
msgstr ""
22925
22959
22926
#: serverguide/C/installation.xml:127(title)
22960
#: serverguide/C/installation.xml:129(title)
22927
22961
msgid "Installing from CD"
22928
22962
msgstr "Устаноўка з дыска"
22929
22963
22930
#: serverguide/C/installation.xml:128(para)
22964
#: serverguide/C/installation.xml:130(para)
22931
22965
msgid ""
22932
22966
"The basic steps to install Ubuntu Server Edition from CD are the same as "
22933
22967
"those for installing any operating system from CD. Unlike the "
22936
22970
"Server Edition uses a console menu based process instead."
22937
22971
msgstr ""
22938
22972
22939
#: serverguide/C/installation.xml:135(para)
22973
#: serverguide/C/installation.xml:137(para)
22940
22974
msgid ""
22941
"First, download and burn the appropriate ISO file from the <ulink "
22975
"Download and burn the appropriate ISO file from the <ulink "
22942
22976
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
22943
22977
"site</ulink>."
22944
22978
msgstr ""
22945
22979
22946
#: serverguide/C/installation.xml:141(para)
22980
#: serverguide/C/installation.xml:143(para)
22947
22981
msgid "Boot the system from the CD-ROM drive."
22948
22982
msgstr "Загрузіць сыстэму з CD-ROMа."
22949
22983
22950
#: serverguide/C/installation.xml:146(para)
22984
#: serverguide/C/installation.xml:148(para)
22951
22985
msgid "At the boot prompt you will be asked to select a language."
22952
22986
msgstr ""
22953
22987
22954
#: serverguide/C/installation.xml:151(para)
22988
#: serverguide/C/installation.xml:153(para)
22955
22989
msgid ""
22956
22990
"From the main boot menu there are some additional options to install Ubuntu "
22957
22991
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
22960
22994
"install."
22961
22995
msgstr ""
22962
22996
22963
#: serverguide/C/installation.xml:158(para)
22997
#: serverguide/C/installation.xml:160(para)
22964
22998
msgid ""
22965
"The installer asks for which language it should use. Afterwards, you are "
22966
"asked to select your location."
22999
"The installer asks which language it should use. Afterwards, you are asked "
23000
"to select your location."
22967
23001
msgstr ""
22968
23002
22969
#: serverguide/C/installation.xml:164(para)
23003
#: serverguide/C/installation.xml:166(para)
22970
23004
msgid ""
22971
23005
"Next, the installation process begins by asking for your keyboard layout. "
22972
23006
"You can ask the installer to attempt auto-detecting it, or you can select it "
22973
23007
"manually from a list."
22974
23008
msgstr ""
22975
23009
22976
#: serverguide/C/installation.xml:170(para)
23010
#: serverguide/C/installation.xml:172(para)
22977
23011
msgid ""
22978
23012
"The installer then discovers your hardware configuration, and configures the "
22979
23013
"network settings using DHCP. If you do not wish to use DHCP at the next "
22985
23019
msgid "Next, the installer asks for the system's hostname."
22986
23020
msgstr ""
22987
23021
22988
#: serverguide/C/installation.xml:195(para)
23022
#: serverguide/C/installation.xml:184(para)
22989
23023
msgid ""
22990
23024
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22991
23025
"through the <application>sudo</application> utility."
22992
23026
msgstr ""
22993
23027
22994
#: serverguide/C/installation.xml:201(para)
23028
#: serverguide/C/installation.xml:190(para)
22995
23029
msgid ""
22996
"After the user settings have been completed, you will be asked to encrypt "
22997
"your <filename role=\"directory\">home</filename> directory."
23030
"After the user settings have been completed, you will be asked if you want "
23031
"to encrypt your <filename role=\"directory\">home</filename> directory."
22998
23032
msgstr ""
22999
23033
23000
23034
#: serverguide/C/installation.xml:196(para)
23001
23035
msgid "Next, the installer asks for the system's Time Zone."
23002
23036
msgstr ""
23003
23037
23004
#: serverguide/C/installation.xml:182(para)
23038
#: serverguide/C/installation.xml:201(para)
23005
23039
msgid ""
23006
23040
"You can then choose from several options to configure the hard drive layout. "
23007
"Afterwards you are asked for which disk to install to. You may get "
23008
"confirmation prompts before rewriting the partition table or setting up LVM "
23009
"depending on disk layout. If you choose LVM, you will be asked for the size "
23010
"of the root logical volume. For advanced disk options see <xref "
23011
"linkend=\"advanced-installation\"/>."
23041
"Afterwards you are asked which disk to install to. You may get confirmation "
23042
"prompts before rewriting the partition table or setting up LVM depending on "
23043
"disk layout. If you choose LVM, you will be asked for the size of the root "
23044
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
23045
"installation\"/>."
23012
23046
msgstr ""
23013
23047
23014
#: serverguide/C/installation.xml:190(para)
23048
#: serverguide/C/installation.xml:209(para)
23015
23049
msgid "The Ubuntu base system is then installed."
23016
23050
msgstr ""
23017
23051
23018
#: serverguide/C/installation.xml:207(para)
23052
#: serverguide/C/installation.xml:214(para)
23019
23053
msgid ""
23020
23054
"The next step in the installation process is to decide how you want to "
23021
23055
"update the system. There are three options:"
23022
23056
msgstr ""
23023
23057
23024
#: serverguide/C/installation.xml:213(para)
23058
#: serverguide/C/installation.xml:220(para)
23025
23059
msgid ""
23026
23060
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
23027
23061
"log into the machine and manually install updates."
23028
23062
msgstr ""
23029
23063
23030
#: serverguide/C/installation.xml:219(para)
23064
#: serverguide/C/installation.xml:226(para)
23031
23065
msgid ""
23032
23066
"<emphasis>Install security updates automatically</emphasis>: this will "
23033
23067
"install the <application>unattended-upgrades</application> package, which "
23035
23069
"For more details see <xref linkend=\"automatic-updates\"/>."
23036
23070
msgstr ""
23037
23071
23038
#: serverguide/C/installation.xml:226(para)
23072
#: serverguide/C/installation.xml:233(para)
23039
23073
msgid ""
23040
23074
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
23041
23075
"service provided by Canonical to help manage your Ubuntu machines. See the "
23042
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
23043
"site for details."
23076
"<ulink url=\"http://landscape.canonical.com/\">Landscape</ulink> site for "
23077
"details."
23044
23078
msgstr ""
23045
23079
23046
#: serverguide/C/installation.xml:235(para)
23080
#: serverguide/C/installation.xml:242(para)
23047
23081
msgid ""
23048
23082
"You now have the option to install, or not install, several package tasks. "
23049
23083
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
23051
23085
"install. For more information see <xref linkend=\"aptitude\"/>."
23052
23086
msgstr ""
23053
23087
23054
#: serverguide/C/installation.xml:243(para)
23088
#: serverguide/C/installation.xml:250(para)
23055
23089
msgid "Finally, the last step before rebooting is to set the clock to UTC."
23056
23090
msgstr "У канцы, апошні крок перад перазапускам - наладзіць час у UTC."
23057
23091
23058
#: serverguide/C/installation.xml:249(para)
23092
#: serverguide/C/installation.xml:256(para)
23059
23093
msgid ""
23060
23094
"If at any point during installation you are not satisfied by the default "
23061
23095
"setting, use the \"Go Back\" function at any prompt to be brought to a "
23063
23097
"settings."
23064
23098
msgstr ""
23065
23099
23066
#: serverguide/C/installation.xml:254(para)
23100
#: serverguide/C/installation.xml:261(para)
23067
23101
msgid ""
23068
23102
"At some point during the installation process you may want to read the help "
23069
23103
"screen provided by the installation system. To do this, press F1."
23076
23110
"Installation Guide</ulink>."
23077
23111
msgstr ""
23078
23112
23079
#: serverguide/C/installation.xml:265(title)
23113
#: serverguide/C/installation.xml:272(title)
23080
23114
msgid "Package Tasks"
23081
23115
msgstr ""
23082
23116
23083
#: serverguide/C/installation.xml:266(para)
23117
#: serverguide/C/installation.xml:273(para)
23084
23118
msgid ""
23085
23119
"During the Server Edition installation you have the option of installing "
23086
23120
"additional packages from the CD. The packages are grouped by the type of "
23087
23121
"service they provide."
23088
23122
msgstr ""
23089
23123
23090
#: serverguide/C/installation.xml:272(para)
23124
#: serverguide/C/installation.xml:279(para)
23091
23125
msgid "DNS server: Selects the BIND DNS server and its documentation."
23092
23126
msgstr ""
23093
23127
23094
#: serverguide/C/installation.xml:277(para)
23128
#: serverguide/C/installation.xml:284(para)
23095
23129
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23096
23130
msgstr ""
23097
23131
23098
#: serverguide/C/installation.xml:282(para)
23132
#: serverguide/C/installation.xml:289(para)
23099
23133
msgid ""
23100
23134
"Mail server: This task selects a variety of packages useful for a general "
23101
23135
"purpose mail server system."
23102
23136
msgstr ""
23103
23137
23104
#: serverguide/C/installation.xml:287(para)
23138
#: serverguide/C/installation.xml:294(para)
23105
23139
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23106
23140
msgstr ""
23107
23141
23108
#: serverguide/C/installation.xml:292(para)
23142
#: serverguide/C/installation.xml:299(para)
23109
23143
msgid ""
23110
23144
"PostgreSQL database: This task selects client and server packages for the "
23111
23145
"PostgreSQL database."
23112
23146
msgstr ""
23113
23147
23114
#: serverguide/C/installation.xml:297(para)
23148
#: serverguide/C/installation.xml:304(para)
23115
23149
msgid "Print server: This task sets up your system to be a print server."
23116
23150
msgstr ""
23117
23151
23118
#: serverguide/C/installation.xml:302(para)
23152
#: serverguide/C/installation.xml:309(para)
23119
23153
msgid ""
23120
23154
"Samba File server: This task sets up your system to be a Samba file server, "
23121
23155
"which is especially suitable in networks with both Windows and Linux systems."
23122
23156
msgstr ""
23123
23157
23124
#: serverguide/C/installation.xml:308(para)
23158
#: serverguide/C/installation.xml:315(para)
23125
23159
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23126
23160
msgstr ""
23127
23161
23128
#: serverguide/C/installation.xml:313(para)
23162
#: serverguide/C/installation.xml:320(para)
23129
23163
msgid ""
23130
23164
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23131
23165
msgstr ""
23132
23166
23133
#: serverguide/C/installation.xml:318(para)
23167
#: serverguide/C/installation.xml:325(para)
23134
23168
msgid ""
23135
23169
"Manually select packages: Executes <application>aptitude</application> "
23136
23170
"allowing you to individually select packages."
23137
23171
msgstr ""
23138
23172
23139
#: serverguide/C/installation.xml:323(para)
23173
#: serverguide/C/installation.xml:330(para)
23140
23174
msgid ""
23141
23175
"Installing the package groups is accomplished using the "
23142
23176
"<application>tasksel</application> utility. One of the important differences "
23147
23181
"a fully integrated service."
23148
23182
msgstr ""
23149
23183
23150
#: serverguide/C/installation.xml:330(para)
23184
#: serverguide/C/installation.xml:337(para)
23151
23185
msgid ""
23152
23186
"Once the installation process has finished you can view a list of available "
23153
23187
"tasks by entering the following from a terminal prompt:"
23154
23188
msgstr ""
23155
23189
23156
#: serverguide/C/installation.xml:335(command)
23190
#: serverguide/C/installation.xml:342(command)
23157
23191
msgid "tasksel --list-tasks"
23158
23192
msgstr "tasksel --list-tasks"
23159
23193
23160
#: serverguide/C/installation.xml:338(para)
23194
#: serverguide/C/installation.xml:345(para)
23161
23195
msgid ""
23162
23196
"The output will list tasks from other Ubuntu based distributions such as "
23163
23197
"Kubuntu and Edubuntu. Note that you can also invoke the "
23165
23199
"the different tasks available."
23166
23200
msgstr ""
23167
23201
23168
#: serverguide/C/installation.xml:344(para)
23202
#: serverguide/C/installation.xml:351(para)
23169
23203
msgid ""
23170
23204
"You can view a list of which packages are installed with each task using the "
23171
23205
"<emphasis>--task-packages</emphasis> option. For example, to list the "
23173
23207
"following:"
23174
23208
msgstr ""
23175
23209
23176
#: serverguide/C/installation.xml:349(command)
23210
#: serverguide/C/installation.xml:356(command)
23177
23211
msgid "tasksel --task-packages dns-server"
23178
23212
msgstr "tasksel --task-packages dns-server"
23179
23213
23180
#: serverguide/C/installation.xml:351(para)
23214
#: serverguide/C/installation.xml:358(para)
23181
23215
msgid "The output of the command should list:"
23182
23216
msgstr ""
23183
23217
23184
#: serverguide/C/installation.xml:354(programlisting)
23218
#: serverguide/C/installation.xml:361(programlisting)
23185
23219
#, no-wrap
23186
23220
msgid ""
23187
23221
"\n"
23190
23224
"bind9\n"
23191
23225
msgstr ""
23192
23226
23193
#: serverguide/C/installation.xml:359(para)
23227
#: serverguide/C/installation.xml:366(para)
23194
23228
msgid ""
23195
23229
"If you did not install one of the tasks during the installation process, but "
23196
23230
"for example you decide to make your new LAMP server a DNS server as well, "
23197
23231
"simply insert the installation CD and from a terminal:"
23198
23232
msgstr ""
23199
23233
23200
#: serverguide/C/installation.xml:364(command)
23234
#: serverguide/C/installation.xml:371(command)
23201
23235
msgid "sudo tasksel install dns-server"
23202
23236
msgstr "sudo tasksel install dns-server"
23203
23237
23204
#: serverguide/C/installation.xml:369(title)
23238
#: serverguide/C/installation.xml:376(title)
23205
23239
msgid "Upgrading"
23206
23240
msgstr "Абнаўленьне"
23207
23241
23208
#: serverguide/C/installation.xml:370(para)
23242
#: serverguide/C/installation.xml:377(para)
23209
23243
msgid ""
23210
23244
"There are several ways to upgrade from one Ubuntu release to another. This "
23211
23245
"section gives an overview of the recommended upgrade method."
23212
23246
msgstr ""
23213
23247
23214
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
23248
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
23215
23249
msgid "do-release-upgrade"
23216
23250
msgstr "do-release-upgrade"
23217
23251
23218
#: serverguide/C/installation.xml:375(para)
23252
#: serverguide/C/installation.xml:382(para)
23219
23253
msgid ""
23220
23254
"The recommended way to upgrade a Server Edition installation is to use the "
23221
23255
"<application>do-release-upgrade</application> utility. Part of the "
23223
23257
"graphical dependencies and is installed by default."
23224
23258
msgstr ""
23225
23259
23226
#: serverguide/C/installation.xml:380(para)
23260
#: serverguide/C/installation.xml:387(para)
23227
23261
msgid ""
23228
23262
"Debian based systems can also be upgraded by using <command>apt-get dist-"
23229
23263
"upgrade</command>. However, using <application>do-release-"
23231
23265
"system configuration changes sometimes needed between releases."
23232
23266
msgstr ""
23233
23267
23234
#: serverguide/C/installation.xml:385(para)
23268
#: serverguide/C/installation.xml:392(para)
23235
23269
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23236
23270
msgstr "Каб абнавіць да апошняга выпуску, увядзіце ў тэрмінале:"
23237
23271
23238
#: serverguide/C/installation.xml:391(para)
23272
#: serverguide/C/installation.xml:398(para)
23239
23273
msgid ""
23240
23274
"It is also possible to use <application>do-release-upgrade</application> to "
23241
23275
"upgrade to a development version of Ubuntu. To accomplish this use the "
23242
23276
"<emphasis>-d</emphasis> switch:"
23243
23277
msgstr ""
23244
23278
23245
#: serverguide/C/installation.xml:396(command)
23279
#: serverguide/C/installation.xml:403(command)
23246
23280
msgid "do-release-upgrade -d"
23247
23281
msgstr "do-release-upgrade -d"
23248
23282
23249
#: serverguide/C/installation.xml:399(para)
23283
#: serverguide/C/installation.xml:406(para)
23250
23284
msgid ""
23251
23285
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23252
23286
"for production environments."
23253
23287
msgstr ""
23254
23288
23255
#: serverguide/C/installation.xml:406(title)
23289
#: serverguide/C/installation.xml:413(title)
23256
23290
msgid "Advanced Installation"
23257
23291
msgstr ""
23258
23292
23259
#: serverguide/C/installation.xml:409(title)
23293
#: serverguide/C/installation.xml:416(title)
23260
23294
msgid "Software RAID"
23261
23295
msgstr ""
23262
23296
23263
#: serverguide/C/installation.xml:411(para)
23297
#: serverguide/C/installation.xml:418(para)
23264
23298
msgid ""
23265
23299
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23266
23300
"disks to provide different balances of increasing data reliability and/or "
23271
23305
"the drives 'invisibly')."
23272
23306
msgstr ""
23273
23307
23274
#: serverguide/C/installation.xml:419(para)
23308
#: serverguide/C/installation.xml:426(para)
23275
23309
msgid ""
23276
23310
"The RAID software included with current versions of Linux (and Ubuntu) is "
23277
23311
"based on the <application>'mdadm'</application> driver and works very well, "
23281
23315
"another for <emphasis>swap</emphasis>."
23282
23316
msgstr ""
23283
23317
23284
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23318
#: serverguide/C/installation.xml:434(title)
23285
23319
msgid "Partitioning"
23286
23320
msgstr ""
23287
23321
23288
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23322
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23289
23323
msgid ""
23290
23324
"Follow the installation steps until you get to the <emphasis>Partition "
23291
23325
"disks</emphasis> step, then:"
23292
23326
msgstr ""
23293
23327
23294
#: serverguide/C/installation.xml:436(para)
23328
#: serverguide/C/installation.xml:443(para)
23295
23329
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23296
23330
msgstr ""
23297
23331
23298
#: serverguide/C/installation.xml:443(para)
23332
#: serverguide/C/installation.xml:450(para)
23299
23333
msgid ""
23300
23334
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23301
23335
"partition table on this device?\"</emphasis>."
23302
23336
msgstr ""
23303
23337
23304
#: serverguide/C/installation.xml:447(para)
23338
#: serverguide/C/installation.xml:454(para)
23305
23339
msgid ""
23306
23340
"Repeat this step for each drive you wish to be part of the RAID array."
23307
23341
msgstr ""
23308
23342
23309
#: serverguide/C/installation.xml:454(para)
23343
#: serverguide/C/installation.xml:461(para)
23310
23344
msgid ""
23311
23345
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23312
23346
"select <emphasis>\"Create a new partition\"</emphasis>."
23313
23347
msgstr ""
23314
23348
23315
#: serverguide/C/installation.xml:461(para)
23349
#: serverguide/C/installation.xml:468(para)
23316
23350
msgid ""
23317
23351
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23318
23352
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23320
23354
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
23321
23355
msgstr ""
23322
23356
23323
#: serverguide/C/installation.xml:468(para)
23357
#: serverguide/C/installation.xml:475(para)
23324
23358
msgid ""
23325
23359
"A swap partition size of twice the available RAM capacity may not always be "
23326
23360
"desirable, especially on systems with large amounts of RAM. Calculating the "
23328
23362
"going to be used."
23329
23363
msgstr ""
23330
23364
23331
#: serverguide/C/installation.xml:477(para)
23365
#: serverguide/C/installation.xml:484(para)
23332
23366
msgid ""
23333
23367
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
23334
23368
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
23336
23370
"<emphasis>\"Done setting up partition\"</emphasis>."
23337
23371
msgstr ""
23338
23372
23339
#: serverguide/C/installation.xml:486(para)
23373
#: serverguide/C/installation.xml:493(para)
23340
23374
msgid ""
23341
23375
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
23342
23376
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
23343
23377
"partition\"</emphasis>."
23344
23378
msgstr ""
23345
23379
23346
#: serverguide/C/installation.xml:494(para)
23380
#: serverguide/C/installation.xml:501(para)
23347
23381
msgid ""
23348
23382
"Use the rest of the free space on the drive and choose "
23349
23383
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
23350
23384
msgstr ""
23351
23385
23352
#: serverguide/C/installation.xml:501(para)
23386
#: serverguide/C/installation.xml:508(para)
23353
23387
msgid ""
23354
23388
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
23355
23389
"at the top, changing it to <emphasis>\"physical volume for "
23358
23392
"<emphasis>\"Done setting up partition\"</emphasis>."
23359
23393
msgstr ""
23360
23394
23361
#: serverguide/C/installation.xml:511(para)
23395
#: serverguide/C/installation.xml:518(para)
23362
23396
msgid "Repeat steps three through eight for the other disk and partitions."
23363
23397
msgstr ""
23364
23398
23365
#: serverguide/C/installation.xml:520(title)
23399
#: serverguide/C/installation.xml:527(title)
23366
23400
msgid "RAID Configuration"
23367
23401
msgstr "Наладкі RAID"
23368
23402
23369
#: serverguide/C/installation.xml:522(para)
23403
#: serverguide/C/installation.xml:529(para)
23370
23404
msgid "With the partitions setup the arrays are ready to be configured:"
23371
23405
msgstr ""
23372
23406
23373
#: serverguide/C/installation.xml:529(para)
23407
#: serverguide/C/installation.xml:536(para)
23374
23408
msgid ""
23375
23409
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23376
23410
"Software RAID\"</emphasis> at the top."
23377
23411
msgstr ""
23378
23412
23379
#: serverguide/C/installation.xml:536(para)
23413
#: serverguide/C/installation.xml:543(para)
23380
23414
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23381
23415
msgstr ""
23382
23416
23383
#: serverguide/C/installation.xml:543(para)
23417
#: serverguide/C/installation.xml:550(para)
23384
23418
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23385
23419
msgstr ""
23386
23420
23387
#: serverguide/C/installation.xml:550(para)
23421
#: serverguide/C/installation.xml:557(para)
23388
23422
msgid ""
23389
23423
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23390
23424
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23391
23425
msgstr ""
23392
23426
23393
#: serverguide/C/installation.xml:556(para)
23427
#: serverguide/C/installation.xml:563(para)
23394
23428
msgid ""
23395
23429
"In order to use <emphasis>RAID5</emphasis> you need at least "
23396
23430
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23397
23431
"<emphasis>two</emphasis> drives are required."
23398
23432
msgstr ""
23399
23433
23400
#: serverguide/C/installation.xml:565(para)
23434
#: serverguide/C/installation.xml:572(para)
23401
23435
msgid ""
23402
23436
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23403
23437
"of hard drives you have, for the array. Then select "
23404
23438
"<emphasis>\"Continue\"</emphasis>."
23405
23439
msgstr ""
23406
23440
23407
#: serverguide/C/installation.xml:573(para)
23441
#: serverguide/C/installation.xml:580(para)
23408
23442
msgid ""
23409
23443
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23410
23444
"default, then choose <emphasis>\"Continue\"</emphasis>."
23411
23445
msgstr ""
23412
23446
23413
#: serverguide/C/installation.xml:580(para)
23447
#: serverguide/C/installation.xml:587(para)
23414
23448
msgid ""
23415
23449
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23416
23450
"etc. The numbers will usually match and the different letters correspond to "
23417
23451
"different hard drives."
23418
23452
msgstr ""
23419
23453
23420
#: serverguide/C/installation.xml:585(para)
23454
#: serverguide/C/installation.xml:592(para)
23421
23455
msgid ""
23422
23456
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23423
23457
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23424
23458
"go to the next step."
23425
23459
msgstr ""
23426
23460
23427
#: serverguide/C/installation.xml:593(para)
23461
#: serverguide/C/installation.xml:600(para)
23428
23462
msgid ""
23429
23463
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23430
23464
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23431
23465
"and <emphasis>sdb2</emphasis>."
23432
23466
msgstr ""
23433
23467
23434
#: serverguide/C/installation.xml:601(para)
23468
#: serverguide/C/installation.xml:608(para)
23435
23469
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23436
23470
msgstr ""
23437
23471
23438
#: serverguide/C/installation.xml:611(title)
23472
#: serverguide/C/installation.xml:618(title)
23439
23473
msgid "Formatting"
23440
23474
msgstr ""
23441
23475
23442
#: serverguide/C/installation.xml:613(para)
23476
#: serverguide/C/installation.xml:620(para)
23443
23477
msgid ""
23444
23478
"There should now be a list of hard drives and RAID devices. The next step is "
23445
23479
"to format and set the mount point for the RAID devices. Treat the RAID "
23446
23480
"device as a local hard drive, format and mount accordingly."
23447
23481
msgstr ""
23448
23482
23449
#: serverguide/C/installation.xml:621(para)
23483
#: serverguide/C/installation.xml:628(para)
23450
23484
msgid ""
23451
23485
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23452
23486
"#0\"</emphasis> partition."
23453
23487
msgstr ""
23454
23488
23455
#: serverguide/C/installation.xml:628(para)
23489
#: serverguide/C/installation.xml:635(para)
23456
23490
msgid ""
23457
23491
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23458
23492
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23459
23493
msgstr ""
23460
23494
23461
#: serverguide/C/installation.xml:636(para)
23495
#: serverguide/C/installation.xml:643(para)
23462
23496
msgid ""
23463
23497
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23464
23498
"#1\"</emphasis> partition."
23465
23499
msgstr ""
23466
23500
23467
#: serverguide/C/installation.xml:643(para)
23501
#: serverguide/C/installation.xml:650(para)
23468
23502
msgid ""
23469
23503
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23470
23504
"journaling file system\"</emphasis>."
23471
23505
msgstr ""
23472
23506
23473
#: serverguide/C/installation.xml:650(para)
23507
#: serverguide/C/installation.xml:657(para)
23474
23508
msgid ""
23475
23509
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23476
23510
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23478
23512
"partition\"</emphasis>."
23479
23513
msgstr ""
23480
23514
23481
#: serverguide/C/installation.xml:658(para)
23515
#: serverguide/C/installation.xml:665(para)
23482
23516
msgid ""
23483
23517
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23484
23518
"disk\"</emphasis>."
23485
23519
msgstr ""
23486
23520
23487
#: serverguide/C/installation.xml:665(para)
23521
#: serverguide/C/installation.xml:672(para)
23488
23522
msgid ""
23489
23523
"If you choose to place the root partition on a RAID array, the installer "
23490
23524
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23491
23525
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23492
23526
msgstr ""
23493
23527
23494
#: serverguide/C/installation.xml:670(para)
23528
#: serverguide/C/installation.xml:677(para)
23495
23529
msgid "The installation process will then continue normally."
23496
23530
msgstr ""
23497
23531
23498
#: serverguide/C/installation.xml:676(title)
23532
#: serverguide/C/installation.xml:683(title)
23499
23533
msgid "Degraded RAID"
23500
23534
msgstr ""
23501
23535
23502
#: serverguide/C/installation.xml:678(para)
23536
#: serverguide/C/installation.xml:685(para)
23503
23537
msgid ""
23504
23538
"At some point in the life of the computer a disk failure event may occur. "
23505
23539
"When this happens, using Software RAID, the operating system will place the "
23506
23540
"array into what is known as a <emphasis>degraded</emphasis> state."
23507
23541
msgstr ""
23508
23542
23509
#: serverguide/C/installation.xml:683(para)
23543
#: serverguide/C/installation.xml:690(para)
23510
23544
msgid ""
23511
23545
"If the array has become degraded, due to the chance of data corruption, by "
23512
23546
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23517
23551
"Booting to a degraded array can be configured several ways:"
23518
23552
msgstr ""
23519
23553
23520
#: serverguide/C/installation.xml:694(para)
23554
#: serverguide/C/installation.xml:701(para)
23521
23555
msgid ""
23522
23556
"The <application>dpkg-reconfigure</application> utility can be used to "
23523
23557
"configure the default behavior, and during the process you will be queried "
23526
23560
"following:"
23527
23561
msgstr ""
23528
23562
23529
#: serverguide/C/installation.xml:701(command)
23563
#: serverguide/C/installation.xml:708(command)
23530
23564
msgid "sudo dpkg-reconfigure mdadm"
23531
23565
msgstr "sudo dpkg-reconfigure mdadm"
23532
23566
23533
#: serverguide/C/installation.xml:707(para)
23567
#: serverguide/C/installation.xml:714(para)
23534
23568
msgid ""
23535
23569
"The <command>dpkg-reconfigure mdadm</command> process will change the "
23536
23570
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
23538
23572
"behavior, and can also be manually edited:"
23539
23573
msgstr ""
23540
23574
23541
#: serverguide/C/installation.xml:713(programlisting)
23575
#: serverguide/C/installation.xml:720(programlisting)
23542
23576
#, no-wrap
23543
23577
msgid ""
23544
23578
"\n"
23547
23581
"\n"
23548
23582
"BOOT_DEGRADED=true\n"
23549
23583
23550
#: serverguide/C/installation.xml:718(para)
23584
#: serverguide/C/installation.xml:725(para)
23551
23585
msgid "The configuration file can be overridden by using a Kernel argument."
23552
23586
msgstr ""
23553
23587
23554
#: serverguide/C/installation.xml:726(para)
23588
#: serverguide/C/installation.xml:733(para)
23555
23589
msgid ""
23556
23590
"Using a Kernel argument will allow the system to boot to a degraded array as "
23557
23591
"well:"
23558
23592
msgstr ""
23559
23593
23560
#: serverguide/C/installation.xml:732(para)
23594
#: serverguide/C/installation.xml:739(para)
23561
23595
msgid ""
23562
23596
"When the server is booting press <keycap>Shift</keycap> to open the "
23563
23597
"<application>Grub</application> menu."
23564
23598
msgstr ""
23565
23599
23566
#: serverguide/C/installation.xml:737(para)
23600
#: serverguide/C/installation.xml:744(para)
23567
23601
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23568
23602
msgstr ""
23569
23603
23570
#: serverguide/C/installation.xml:742(para)
23604
#: serverguide/C/installation.xml:749(para)
23571
23605
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23572
23606
msgstr ""
23573
23607
23574
#: serverguide/C/installation.xml:747(para)
23608
#: serverguide/C/installation.xml:754(para)
23575
23609
msgid ""
23576
23610
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23577
23611
"end of the line."
23578
23612
msgstr ""
23579
23613
23580
#: serverguide/C/installation.xml:752(para)
23614
#: serverguide/C/installation.xml:759(para)
23581
23615
msgid ""
23582
23616
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23583
23617
"the system."
23584
23618
msgstr ""
23585
23619
23586
#: serverguide/C/installation.xml:761(para)
23620
#: serverguide/C/installation.xml:768(para)
23587
23621
msgid ""
23588
23622
"Once the system has booted you can either repair the array see <xref "
23589
23623
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23590
23624
"another machine due to major hardware failure."
23591
23625
msgstr ""
23592
23626
23593
#: serverguide/C/installation.xml:768(title)
23627
#: serverguide/C/installation.xml:775(title)
23594
23628
msgid "RAID Maintenance"
23595
23629
msgstr ""
23596
23630
23597
#: serverguide/C/installation.xml:770(para)
23631
#: serverguide/C/installation.xml:777(para)
23598
23632
msgid ""
23599
23633
"The <application>mdadm</application> utility can be used to view the status "
23600
23634
"of an array, add disks to an array, remove disks, etc:"
23601
23635
msgstr ""
23602
23636
23603
#: serverguide/C/installation.xml:777(para)
23637
#: serverguide/C/installation.xml:784(para)
23604
23638
msgid "To view the status of an array, from a terminal prompt enter:"
23605
23639
msgstr ""
23606
23640
23607
#: serverguide/C/installation.xml:781(command)
23641
#: serverguide/C/installation.xml:788(command)
23608
23642
msgid "sudo mdadm -D /dev/md0"
23609
23643
msgstr "sudo mdadm -D /dev/md0"
23610
23644
23611
#: serverguide/C/installation.xml:784(para)
23645
#: serverguide/C/installation.xml:791(para)
23612
23646
msgid ""
23613
23647
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23614
23648
"display <emphasis>detailed</emphasis> information about the "
23616
23650
"with the appropriate RAID device."
23617
23651
msgstr ""
23618
23652
23619
#: serverguide/C/installation.xml:790(para)
23653
#: serverguide/C/installation.xml:797(para)
23620
23654
msgid "To view the status of a disk in an array:"
23621
23655
msgstr ""
23622
23656
23623
#: serverguide/C/installation.xml:794(command)
23657
#: serverguide/C/installation.xml:801(command)
23624
23658
msgid "sudo mdadm -E /dev/sda1"
23625
23659
msgstr "sudo mdadm -E /dev/sda1"
23626
23660
23627
#: serverguide/C/installation.xml:796(para)
23661
#: serverguide/C/installation.xml:803(para)
23628
23662
msgid ""
23629
23663
"The output if very similar to the <command>mdadm -D</command> command, "
23630
23664
"adjust <filename>/dev/sda1</filename> for each disk."
23631
23665
msgstr ""
23632
23666
23633
#: serverguide/C/installation.xml:801(para)
23667
#: serverguide/C/installation.xml:808(para)
23634
23668
msgid "If a disk fails and needs to be removed from an array enter:"
23635
23669
msgstr ""
23636
23670
23637
#: serverguide/C/installation.xml:805(command)
23671
#: serverguide/C/installation.xml:812(command)
23638
23672
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23639
23673
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
23640
23674
23641
#: serverguide/C/installation.xml:807(para)
23675
#: serverguide/C/installation.xml:814(para)
23642
23676
msgid ""
23643
23677
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23644
23678
"the appropriate RAID device and disk."
23645
23679
msgstr ""
23646
23680
23647
#: serverguide/C/installation.xml:812(para)
23681
#: serverguide/C/installation.xml:819(para)
23648
23682
msgid "Similarly, to add a new disk:"
23649
23683
msgstr ""
23650
23684
23651
#: serverguide/C/installation.xml:816(command)
23685
#: serverguide/C/installation.xml:823(command)
23652
23686
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23653
23687
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
23654
23688
23655
#: serverguide/C/installation.xml:821(para)
23689
#: serverguide/C/installation.xml:828(para)
23656
23690
msgid ""
23657
23691
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23658
23692
"though there is nothing physically wrong with the drive. It is usually "
23661
23695
"the array, it is a good indication of hardware failure."
23662
23696
msgstr ""
23663
23697
23664
#: serverguide/C/installation.xml:827(para)
23698
#: serverguide/C/installation.xml:834(para)
23665
23699
msgid ""
23666
23700
"The <filename>/proc/mdstat</filename> file also contains useful information "
23667
23701
"about the system's RAID devices:"
23668
23702
msgstr ""
23669
23703
23670
#: serverguide/C/installation.xml:832(command)
23704
#: serverguide/C/installation.xml:839(command)
23671
23705
msgid "cat /proc/mdstat"
23672
23706
msgstr "cat /proc/mdstat"
23673
23707
23674
#: serverguide/C/installation.xml:833(computeroutput)
23708
#: serverguide/C/installation.xml:840(computeroutput)
23675
23709
#, no-wrap
23676
23710
msgid ""
23677
23711
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
23682
23716
"unused devices: <none>"
23683
23717
msgstr ""
23684
23718
23685
#: serverguide/C/installation.xml:840(para)
23719
#: serverguide/C/installation.xml:847(para)
23686
23720
msgid ""
23687
23721
"The following command is great for watching the status of a syncing drive:"
23688
23722
msgstr ""
23689
23723
23690
#: serverguide/C/installation.xml:845(command)
23724
#: serverguide/C/installation.xml:852(command)
23691
23725
msgid "watch -n1 cat /proc/mdstat"
23692
23726
msgstr "watch -n1 cat /proc/mdstat"
23693
23727
23694
#: serverguide/C/installation.xml:848(para)
23728
#: serverguide/C/installation.xml:855(para)
23695
23729
msgid ""
23696
23730
"Press <emphasis>Ctrl+c</emphasis> to stop the "
23697
23731
"<application>watch</application> command."
23698
23732
msgstr ""
23699
23733
23700
#: serverguide/C/installation.xml:852(para)
23734
#: serverguide/C/installation.xml:859(para)
23701
23735
msgid ""
23702
23736
"If you do need to replace a faulty drive, after the drive has been replaced "
23703
23737
"and synced, <application>grub</application> will need to be installed. To "
23705
23739
"following:"
23706
23740
msgstr ""
23707
23741
23708
#: serverguide/C/installation.xml:858(command)
23742
#: serverguide/C/installation.xml:865(command)
23709
23743
msgid "sudo grub-install /dev/md0"
23710
23744
msgstr "sudo grub-install /dev/md0"
23711
23745
23712
#: serverguide/C/installation.xml:861(para)
23746
#: serverguide/C/installation.xml:868(para)
23713
23747
msgid ""
23714
23748
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23715
23749
msgstr ""
23716
23750
23717
#: serverguide/C/installation.xml:869(para)
23751
#: serverguide/C/installation.xml:876(para)
23718
23752
msgid ""
23719
23753
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23720
23754
"can be configured. Please see the following links for more information:"
23721
23755
msgstr ""
23722
23756
23723
#: serverguide/C/installation.xml:876(para)
23757
#: serverguide/C/installation.xml:883(para)
23724
23758
msgid ""
23725
23759
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23726
23760
"Wiki Articles on RAID</ulink>."
23727
23761
msgstr ""
23728
23762
23729
#: serverguide/C/installation.xml:882(ulink)
23763
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23730
23764
msgid "Software RAID HOWTO"
23731
23765
msgstr ""
23732
23766
23733
#: serverguide/C/installation.xml:887(ulink)
23767
#: serverguide/C/installation.xml:894(ulink)
23734
23768
msgid "Managing RAID on Linux"
23735
23769
msgstr ""
23736
23770
23737
#: serverguide/C/installation.xml:894(title)
23771
#: serverguide/C/installation.xml:901(title)
23738
23772
msgid "Logical Volume Manager (LVM)"
23739
23773
msgstr ""
23740
23774
23741
#: serverguide/C/installation.xml:896(para)
23775
#: serverguide/C/installation.xml:903(para)
23742
23776
msgid ""
23743
23777
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23744
23778
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23747
23781
"giving greater flexibility to systems as requirements change."
23748
23782
msgstr ""
23749
23783
23750
#: serverguide/C/installation.xml:905(para)
23784
#: serverguide/C/installation.xml:912(para)
23751
23785
msgid ""
23752
23786
"A side effect of LVM's power and flexibility is a greater degree of "
23753
23787
"complication. Before diving into the LVM installation process, it is best to "
23754
23788
"get familiar with some terms."
23755
23789
msgstr ""
23756
23790
23757
#: serverguide/C/installation.xml:912(para)
23791
#: serverguide/C/installation.xml:919(para)
23758
23792
msgid ""
23759
23793
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23760
23794
"partition or software RAID partition formatted as LVM PV."
23761
23795
msgstr ""
23762
23796
23763
#: serverguide/C/installation.xml:918(para)
23797
#: serverguide/C/installation.xml:925(para)
23764
23798
msgid ""
23765
23799
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23766
23800
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23767
23801
"disk drive, from which one or more logical volumes are carved."
23768
23802
msgstr ""
23769
23803
23770
#: serverguide/C/installation.xml:924(para)
23804
#: serverguide/C/installation.xml:931(para)
23771
23805
msgid ""
23772
23806
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23773
23807
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23774
23808
"etc), it is then available for mounting and data storage."
23775
23809
msgstr ""
23776
23810
23777
#: serverguide/C/installation.xml:935(para)
23811
#: serverguide/C/installation.xml:942(para)
23778
23812
msgid ""
23779
23813
"As an example this section covers installing Ubuntu Server Edition with "
23780
23814
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23783
23817
"can be extended."
23784
23818
msgstr ""
23785
23819
23786
#: serverguide/C/installation.xml:941(para)
23820
#: serverguide/C/installation.xml:948(para)
23787
23821
msgid ""
23788
23822
"There are several installation options for LVM, <emphasis>\"Guided - use the "
23789
23823
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
23794
23828
"the Manual approach."
23795
23829
msgstr ""
23796
23830
23797
#: serverguide/C/installation.xml:958(para)
23831
#: serverguide/C/installation.xml:965(para)
23798
23832
msgid ""
23799
23833
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
23800
23834
"<emphasis>\"Manual\"</emphasis>."
23801
23835
msgstr ""
23802
23836
23803
#: serverguide/C/installation.xml:965(para)
23837
#: serverguide/C/installation.xml:972(para)
23804
23838
msgid ""
23805
23839
"Select the hard disk and on the next screen choose \"yes\" to "
23806
23840
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
23807
23841
msgstr ""
23808
23842
23809
#: serverguide/C/installation.xml:972(para)
23843
#: serverguide/C/installation.xml:979(para)
23810
23844
msgid ""
23811
23845
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
23812
23846
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
23813
23847
msgstr ""
23814
23848
23815
#: serverguide/C/installation.xml:980(para)
23849
#: serverguide/C/installation.xml:987(para)
23816
23850
msgid ""
23817
23851
"For the LVM <emphasis>/srv</emphasis>, create a new "
23818
23852
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
23820
23854
"<emphasis>\"Done setting up the partition\"</emphasis>."
23821
23855
msgstr ""
23822
23856
23823
#: serverguide/C/installation.xml:988(para)
23857
#: serverguide/C/installation.xml:995(para)
23824
23858
msgid ""
23825
23859
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
23826
23860
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
23827
23861
"disk."
23828
23862
msgstr ""
23829
23863
23830
#: serverguide/C/installation.xml:996(para)
23864
#: serverguide/C/installation.xml:1003(para)
23831
23865
msgid ""
23832
23866
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
23833
23867
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
23836
23870
"<emphasis>\"Continue\"</emphasis>."
23837
23871
msgstr ""
23838
23872
23839
#: serverguide/C/installation.xml:1005(para)
23873
#: serverguide/C/installation.xml:1012(para)
23840
23874
msgid ""
23841
23875
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
23842
23876
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
23847
23881
"main <emphasis>\"Partition Disks\"</emphasis> screen."
23848
23882
msgstr ""
23849
23883
23850
#: serverguide/C/installation.xml:1015(para)
23884
#: serverguide/C/installation.xml:1022(para)
23851
23885
msgid ""
23852
23886
"Now add a filesystem to the new LVM. Select the partition under "
23853
23887
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
23856
23890
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23857
23891
msgstr ""
23858
23892
23859
#: serverguide/C/installation.xml:1024(para)
23893
#: serverguide/C/installation.xml:1031(para)
23860
23894
msgid ""
23861
23895
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23862
23896
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23863
23897
"the installation."
23864
23898
msgstr ""
23865
23899
23866
#: serverguide/C/installation.xml:1032(para)
23900
#: serverguide/C/installation.xml:1039(para)
23867
23901
msgid "There are some useful utilities to view information about LVM:"
23868
23902
msgstr ""
23869
23903
23870
#: serverguide/C/installation.xml:1037(para)
23904
#: serverguide/C/installation.xml:1044(para)
23871
23905
msgid ""
23872
23906
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23873
23907
msgstr ""
23874
23908
23875
#: serverguide/C/installation.xml:1038(para)
23909
#: serverguide/C/installation.xml:1045(para)
23876
23910
msgid ""
23877
23911
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23878
23912
msgstr ""
23879
23913
23880
#: serverguide/C/installation.xml:1039(para)
23914
#: serverguide/C/installation.xml:1046(para)
23881
23915
msgid ""
23882
23916
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23883
23917
msgstr ""
23884
23918
23885
#: serverguide/C/installation.xml:1044(title)
23919
#: serverguide/C/installation.xml:1051(title)
23886
23920
msgid "Extending Volume Groups"
23887
23921
msgstr ""
23888
23922
23889
#: serverguide/C/installation.xml:1046(para)
23923
#: serverguide/C/installation.xml:1053(para)
23890
23924
msgid ""
23891
23925
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23892
23926
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23898
23932
"partitions and use them as different physical volumes)"
23899
23933
msgstr ""
23900
23934
23901
#: serverguide/C/installation.xml:1054(para)
23935
#: serverguide/C/installation.xml:1061(para)
23902
23936
msgid ""
23903
23937
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23904
23938
"before issuing the commands below. You could lose some data if you issue "
23905
23939
"those commands on a non-empty disk."
23906
23940
msgstr ""
23907
23941
23908
#: serverguide/C/installation.xml:1062(para)
23942
#: serverguide/C/installation.xml:1069(para)
23909
23943
msgid "First, create the physical volume, in a terminal execute:"
23910
23944
msgstr ""
23911
23945
23912
#: serverguide/C/installation.xml:1067(command)
23946
#: serverguide/C/installation.xml:1074(command)
23913
23947
msgid "sudo pvcreate /dev/sdb"
23914
23948
msgstr ""
23915
23949
23916
#: serverguide/C/installation.xml:1073(para)
23950
#: serverguide/C/installation.xml:1080(para)
23917
23951
msgid "Now extend the Volume Group (VG):"
23918
23952
msgstr ""
23919
23953
23920
#: serverguide/C/installation.xml:1078(command)
23954
#: serverguide/C/installation.xml:1085(command)
23921
23955
msgid "sudo vgextend vg01 /dev/sdb"
23922
23956
msgstr "sudo vgextend vg01 /dev/sdb"
23923
23957
23924
#: serverguide/C/installation.xml:1084(para)
23958
#: serverguide/C/installation.xml:1091(para)
23925
23959
msgid ""
23926
23960
"Use <application>vgdisplay</application> to find out the free physical "
23927
23961
"extents - Free PE / size (the size you can allocate). We will assume a free "
23929
23963
"whole free space available. Use your own PE and/or free space."
23930
23964
msgstr ""
23931
23965
23932
#: serverguide/C/installation.xml:1090(para)
23966
#: serverguide/C/installation.xml:1097(para)
23933
23967
msgid ""
23934
23968
"The Logical Volume (LV) can now be extended by different methods, we will "
23935
23969
"only see how to use the PE to extend the LV:"
23936
23970
msgstr ""
23937
23971
23938
#: serverguide/C/installation.xml:1095(command)
23972
#: serverguide/C/installation.xml:1102(command)
23939
23973
msgid "sudo lvextend /dev/vg01/srv -l +511"
23940
23974
msgstr "sudo lvextend /dev/vg01/srv -l +511"
23941
23975
23942
#: serverguide/C/installation.xml:1098(para)
23976
#: serverguide/C/installation.xml:1105(para)
23943
23977
msgid ""
23944
23978
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
23945
23979
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
23946
23980
"Gig, Tera, etc bytes."
23947
23981
msgstr ""
23948
23982
23949
#: serverguide/C/installation.xml:1106(para)
23983
#: serverguide/C/installation.xml:1113(para)
23950
23984
msgid ""
23951
23985
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
23952
23986
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
23955
23989
"first is compulsory)."
23956
23990
msgstr ""
23957
23991
23958
#: serverguide/C/installation.xml:1112(para)
23992
#: serverguide/C/installation.xml:1119(para)
23959
23993
msgid ""
23960
23994
"The following commands are for an <emphasis>EXT3</emphasis> or "
23961
23995
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23962
23996
"there may be other utilities available."
23963
23997
msgstr ""
23964
23998
23965
#: serverguide/C/installation.xml:1119(command)
23966
msgid "sudo e2fsck -f /dev/vg01/srv"
23967
msgstr "sudo e2fsck -f /dev/vg01/srv"
23968
23969
#: serverguide/C/installation.xml:1122(para)
23970
msgid ""
23971
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23972
"forces checking even if the system seems clean."
23973
msgstr ""
23974
23975
#: serverguide/C/installation.xml:1129(para)
23976
msgid "Finally, resize the filesystem:"
23977
msgstr ""
23978
23979
#: serverguide/C/installation.xml:1134(command)
23980
msgid "sudo resize2fs /dev/vg01/srv"
23981
msgstr "sudo resize2fs /dev/vg01/srv"
23982
23983
#: serverguide/C/installation.xml:1140(para)
23999
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
23984
24000
msgid "Now mount the partition and check its size."
23985
24001
msgstr ""
23986
24002
23987
#: serverguide/C/installation.xml:1145(command)
24003
#: serverguide/C/installation.xml:1136(para)
24004
msgid ""
24005
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
24006
msgstr ""
24007
24008
#: serverguide/C/installation.xml:1141(command)
23988
24009
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23989
24010
msgstr "mount /dev/vg01/srv /srv && df -h /srv"
23990
24011
23991
#: serverguide/C/installation.xml:1157(para)
24012
#: serverguide/C/installation.xml:1153(para)
23992
24013
msgid ""
23993
24014
"See the <ulink "
23994
24015
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23995
24016
"Articles</ulink>."
23996
24017
msgstr ""
23997
24018
23998
#: serverguide/C/installation.xml:1162(para)
24019
#: serverguide/C/installation.xml:1158(para)
23999
24020
msgid ""
24000
24021
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
24001
24022
"HOWTO</ulink> for more information."
24002
24023
msgstr ""
24003
24024
24004
#: serverguide/C/installation.xml:1167(para)
24005
msgid ""
24006
"Another good article is <ulink "
24007
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
24008
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
24009
"linuxdevcenter.com site."
24010
msgstr ""
24011
24012
#: serverguide/C/installation.xml:1181(para)
24013
msgid ""
24014
"For more information on <application>fdisk</application> see the <ulink "
24015
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
24016
" man page</ulink>."
24017
msgstr ""
24018
24019
#: serverguide/C/installation.xml:1185(title)
24025
#: serverguide/C/installation.xml:1171(title)
24026
msgid "bla bla 4"
24027
msgstr ""
24028
24029
#: serverguide/C/installation.xml:1174(para)
24030
msgid "bla bla 4 para."
24031
msgstr ""
24032
24033
#: serverguide/C/installation.xml:1179(para)
24034
msgid "bla bla 5 para."
24035
msgstr ""
24036
24037
#: serverguide/C/installation.xml:1184(para)
24038
msgid "list item 1."
24039
msgstr ""
24040
24041
#: serverguide/C/installation.xml:1189(para)
24042
msgid "list item 2."
24043
msgstr ""
24044
24045
#: serverguide/C/installation.xml:1194(para)
24046
msgid "list item 3."
24047
msgstr ""
24048
24049
#: serverguide/C/installation.xml:1199(para)
24050
msgid "bla bla para"
24051
msgstr ""
24052
24053
#: serverguide/C/installation.xml:1204(para)
24054
msgid "bla bla 6 para."
24055
msgstr ""
24056
24057
#: serverguide/C/installation.xml:1209(para)
24058
msgid "bla bla 7 para."
24059
msgstr ""
24060
24061
#: serverguide/C/installation.xml:1214(para)
24062
msgid "bla bla 8 para."
24063
msgstr ""
24064
24065
#: serverguide/C/installation.xml:1219(para)
24066
msgid "bla bla 9 para."
24067
msgstr ""
24068
24069
#: serverguide/C/installation.xml:1226(title)
24070
msgid "bla bla 5"
24071
msgstr ""
24072
24073
#: serverguide/C/installation.xml:1229(title)
24074
msgid "bla bla 6"
24075
msgstr ""
24076
24077
#: serverguide/C/installation.xml:1232(title)
24078
msgid "bla bla 7"
24079
msgstr ""
24080
24081
#: serverguide/C/installation.xml:1235(title)
24082
msgid "bla bla 8"
24083
msgstr ""
24084
24085
#: serverguide/C/installation.xml:1238(title)
24086
msgid "bla bla 9"
24087
msgstr ""
24088
24089
#: serverguide/C/installation.xml:1241(title)
24090
msgid "bla bla a"
24091
msgstr ""
24092
24093
#: serverguide/C/installation.xml:1244(title)
24094
msgid "bla bla b"
24095
msgstr ""
24096
24097
#: serverguide/C/installation.xml:1247(title)
24098
msgid "bla bla c"
24099
msgstr ""
24100
24101
#: serverguide/C/installation.xml:1250(title)
24102
msgid "bla bla d"
24103
msgstr ""
24104
24105
#: serverguide/C/installation.xml:1253(title)
24106
msgid "bla bla e"
24107
msgstr ""
24108
24109
#: serverguide/C/installation.xml:1258(title)
24020
24110
msgid "Kernel Crash Dump"
24021
24111
msgstr ""
24022
24112
24023
#: serverguide/C/installation.xml:1192(para)
24113
#: serverguide/C/installation.xml:1265(para)
24024
24114
msgid "Kernel Panic"
24025
24115
msgstr ""
24026
24116
24027
#: serverguide/C/installation.xml:1193(para)
24117
#: serverguide/C/installation.xml:1266(para)
24028
24118
msgid "Non Maskable Interrupts (NMI)"
24029
24119
msgstr ""
24030
24120
24031
#: serverguide/C/installation.xml:1194(para)
24121
#: serverguide/C/installation.xml:1267(para)
24032
24122
msgid "Machine Check Exceptions (MCE)"
24033
24123
msgstr ""
24034
24124
24035
#: serverguide/C/installation.xml:1195(para)
24125
#: serverguide/C/installation.xml:1268(para)
24036
24126
msgid "Hardware failure"
24037
24127
msgstr ""
24038
24128
24039
#: serverguide/C/installation.xml:1196(para)
24129
#: serverguide/C/installation.xml:1269(para)
24040
24130
msgid "Manual intervention"
24041
24131
msgstr ""
24042
24132
24043
#: serverguide/C/installation.xml:1188(para)
24133
#: serverguide/C/installation.xml:1261(para)
24044
24134
msgid ""
24045
24135
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
24046
24136
"(RAM) that is copied to disk whenever the execution of the kernel is "
24054
24144
"memory contents."
24055
24145
msgstr ""
24056
24146
24057
#: serverguide/C/installation.xml:1205(title)
24147
#: serverguide/C/installation.xml:1278(title)
24058
24148
msgid "Kernel Crash Dump Mechanism"
24059
24149
msgstr ""
24060
24150
24061
#: serverguide/C/installation.xml:1207(para)
24151
#: serverguide/C/installation.xml:1280(para)
24062
24152
msgid ""
24063
24153
"When a kernel panic occurs, the kernel relies on the "
24064
24154
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
24067
24157
"untouched in order to safely copy its contents to storage."
24068
24158
msgstr ""
24069
24159
24070
#: serverguide/C/installation.xml:1216(para)
24160
#: serverguide/C/installation.xml:1289(para)
24071
24161
msgid ""
24072
24162
"The kernel crash dump utility is installed with the following command:"
24073
24163
msgstr ""
24074
24164
24075
#: serverguide/C/installation.xml:1221(command)
24165
#: serverguide/C/installation.xml:1294(command)
24076
24166
msgid "sudo apt-get install linux-crashdump"
24077
24167
msgstr ""
24078
24168
24079
#: serverguide/C/installation.xml:1230(programlisting)
24169
#: serverguide/C/installation.xml:1303(programlisting)
24080
24170
#, no-wrap
24081
24171
msgid ""
24082
24172
"\n"
24083
24173
"USE_KDUMP=1\n"
24084
24174
msgstr ""
24085
24175
24086
#: serverguide/C/installation.xml:1228(para)
24176
#: serverguide/C/installation.xml:1301(para)
24087
24177
msgid ""
24088
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
24089
"line: <placeholder-1/>"
24178
"Edit <filename>/etc/default/kdump-tools</filename> by including the "
24179
"following line: <placeholder-1/>"
24090
24180
msgstr ""
24091
24181
24092
#: serverguide/C/installation.xml:1235(para)
24182
#: serverguide/C/installation.xml:1308(para)
24093
24183
msgid "A reboot is then needed."
24094
24184
msgstr ""
24095
24185
24096
#: serverguide/C/installation.xml:1244(para)
24186
#: serverguide/C/installation.xml:1317(para)
24097
24187
msgid ""
24098
24188
"To confirm that the kernel dump mechanism is enabled, there are a few things "
24099
24189
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
24101
24191
"fit the format of this document:"
24102
24192
msgstr ""
24103
24193
24104
#: serverguide/C/installation.xml:1251(command)
24194
#: serverguide/C/installation.xml:1324(command)
24105
24195
msgid "cat /proc/cmdline"
24106
24196
msgstr ""
24107
24197
24108
#: serverguide/C/installation.xml:1252(computeroutput)
24198
#: serverguide/C/installation.xml:1325(computeroutput)
24109
24199
#, no-wrap
24110
24200
msgid ""
24111
24201
"\n"
24113
24203
" crashkernel=384M-2G:64M,2G-:128M\n"
24114
24204
msgstr ""
24115
24205
24116
#: serverguide/C/installation.xml:1260(programlisting)
24206
#: serverguide/C/installation.xml:1333(programlisting)
24117
24207
#, no-wrap
24118
24208
msgid ""
24119
24209
"\n"
24123
24213
" "
24124
24214
msgstr ""
24125
24215
24126
#: serverguide/C/installation.xml:1258(para)
24216
#: serverguide/C/installation.xml:1331(para)
24127
24217
msgid ""
24128
24218
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24129
24219
"<placeholder-1/>"
24130
24220
msgstr ""
24131
24221
24132
#: serverguide/C/installation.xml:1268(programlisting)
24222
#: serverguide/C/installation.xml:1341(programlisting)
24133
24223
#, no-wrap
24134
24224
msgid ""
24135
24225
"\n"
24136
24226
"crashkernel=384M-2G:64M,2G-:128M\n"
24137
24227
msgstr ""
24138
24228
24139
#: serverguide/C/installation.xml:1266(para)
24229
#: serverguide/C/installation.xml:1339(para)
24140
24230
msgid ""
24141
24231
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24142
24232
"we would have : <placeholder-1/>"
24143
24233
msgstr ""
24144
24234
24145
#: serverguide/C/installation.xml:1273(para)
24235
#: serverguide/C/installation.xml:1346(para)
24146
24236
msgid "The above value means:"
24147
24237
msgstr ""
24148
24238
24149
#: serverguide/C/installation.xml:1275(para)
24239
#: serverguide/C/installation.xml:1348(para)
24150
24240
msgid ""
24151
24241
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24152
24242
"\"rescue\" case)"
24153
24243
msgstr ""
24154
24244
24155
#: serverguide/C/installation.xml:1277(para)
24245
#: serverguide/C/installation.xml:1350(para)
24156
24246
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24157
24247
msgstr ""
24158
24248
24159
#: serverguide/C/installation.xml:1278(para)
24249
#: serverguide/C/installation.xml:1351(para)
24160
24250
msgid "if the RAM size is larger than 2G, then reserve 128M"
24161
24251
msgstr ""
24162
24252
24163
#: serverguide/C/installation.xml:1281(para)
24253
#: serverguide/C/installation.xml:1354(para)
24164
24254
msgid ""
24165
24255
"Second, verify that the kernel has reserved the requested memory area for "
24166
24256
"the kdump kernel by doing:"
24167
24257
msgstr ""
24168
24258
24169
#: serverguide/C/installation.xml:1286(command)
24259
#: serverguide/C/installation.xml:1359(command)
24170
24260
msgid "dmesg | grep -i crash"
24171
24261
msgstr ""
24172
24262
24173
#: serverguide/C/installation.xml:1287(computeroutput)
24263
#: serverguide/C/installation.xml:1360(computeroutput)
24174
24264
#, no-wrap
24175
24265
msgid ""
24176
24266
"\n"
24179
24269
"RAM: 1023MB)\n"
24180
24270
msgstr ""
24181
24271
24182
#: serverguide/C/installation.xml:1296(title)
24272
#: serverguide/C/installation.xml:1369(title)
24183
24273
msgid "Testing the Crash Dump Mechanism"
24184
24274
msgstr ""
24185
24275
24186
#: serverguide/C/installation.xml:1299(para)
24276
#: serverguide/C/installation.xml:1372(para)
24187
24277
msgid ""
24188
24278
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
24189
24279
"reboot.</emphasis> In certain situations, this can cause data loss if the "
24191
24281
"that the system is idle or under very light load."
24192
24282
msgstr ""
24193
24283
24194
#: serverguide/C/installation.xml:1306(para)
24284
#: serverguide/C/installation.xml:1379(para)
24195
24285
msgid ""
24196
24286
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
24197
24287
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
24198
24288
"parameter :"
24199
24289
msgstr ""
24200
24290
24201
#: serverguide/C/installation.xml:1312(command)
24291
#: serverguide/C/installation.xml:1385(command)
24202
24292
msgid "cat /proc/sys/kernel/sysrq"
24203
24293
msgstr ""
24204
24294
24205
#: serverguide/C/installation.xml:1315(para)
24295
#: serverguide/C/installation.xml:1388(para)
24206
24296
msgid ""
24207
24297
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
24208
24298
"Enable it with the following command :"
24209
24299
msgstr ""
24210
24300
24211
#: serverguide/C/installation.xml:1320(command)
24301
#: serverguide/C/installation.xml:1393(command)
24212
24302
msgid "sudo sysctl -w kernel.sysrq=1"
24213
24303
msgstr ""
24214
24304
24215
#: serverguide/C/installation.xml:1323(para)
24305
#: serverguide/C/installation.xml:1396(para)
24216
24306
msgid ""
24217
24307
"Once this is done, you must become root, as just using "
24218
24308
"<command>sudo</command> will not be sufficient. As the "
24223
24313
"the advantage of making the kernel dump process visible."
24224
24314
msgstr ""
24225
24315
24226
#: serverguide/C/installation.xml:1330(para)
24316
#: serverguide/C/installation.xml:1403(para)
24227
24317
msgid "A typical test output should look like the following :"
24228
24318
msgstr ""
24229
24319
24230
#: serverguide/C/installation.xml:1335(command)
24320
#: serverguide/C/installation.xml:1408(command)
24231
24321
msgid "sudo -s"
24232
24322
msgstr ""
24233
24323
24234
#: serverguide/C/installation.xml:1337(command)
24324
#: serverguide/C/installation.xml:1410(command)
24235
24325
msgid "echo c > /proc/sysrq-trigger"
24236
24326
msgstr ""
24237
24327
24238
#: serverguide/C/installation.xml:1334(screen)
24328
#: serverguide/C/installation.xml:1407(screen)
24239
24329
#, no-wrap
24240
24330
msgid ""
24241
24331
"\n"
24252
24342
"....\n"
24253
24343
msgstr ""
24254
24344
24255
#: serverguide/C/installation.xml:1347(para)
24345
#: serverguide/C/installation.xml:1420(para)
24256
24346
msgid ""
24257
24347
"The rest of the output is truncated, but you should see the system rebooting "
24258
24348
"and somewhere in the log, you will see the following line : <screen>Begin: "
24261
24351
"file in the <filename>/var/crash</filename> directory :"
24262
24352
msgstr ""
24263
24353
24264
#: serverguide/C/installation.xml:1354(command)
24354
#: serverguide/C/installation.xml:1427(command)
24265
24355
msgid "ls /var/crash"
24266
24356
msgstr ""
24267
24357
24268
#: serverguide/C/installation.xml:1353(screen)
24358
#: serverguide/C/installation.xml:1426(screen)
24269
24359
#, no-wrap
24270
24360
msgid ""
24271
24361
"\n"
24273
24363
"linux-image-3.0.0-12-server.0.crash\n"
24274
24364
msgstr ""
24275
24365
24276
#: serverguide/C/installation.xml:1363(para)
24366
#: serverguide/C/installation.xml:1436(para)
24277
24367
msgid ""
24278
24368
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
24279
24369
"kernel. You can find more information on the topic here :"
24280
24370
msgstr ""
24281
24371
24282
#: serverguide/C/installation.xml:1369(para)
24372
#: serverguide/C/installation.xml:1442(para)
24283
24373
msgid ""
24284
24374
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
24285
24375
"kernel documentation</ulink>."
24286
24376
msgstr ""
24287
24377
24288
#: serverguide/C/installation.xml:1375(ulink)
24378
#: serverguide/C/installation.xml:1448(ulink)
24289
24379
msgid "The crash tool"
24290
24380
msgstr ""
24291
24381
24292
#: serverguide/C/installation.xml:1379(para)
24382
#: serverguide/C/installation.xml:1452(para)
24293
24383
msgid ""
24294
24384
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
24295
24385
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
24780
24870
"as follows:"
24781
24871
msgstr ""
24782
24872
24783
#: serverguide/C/file-server.xml:430(programlisting)
24873
#: serverguide/C/file-server.xml:429(programlisting)
24784
24874
#, no-wrap
24785
24875
msgid ""
24786
24876
"\n"
24791
24881
"example.hostname.com:/ubuntu /local/ubuntu nfs "
24792
24882
"rsize=8192,wsize=8192,timeo=14,intr\n"
24793
24883
24794
#: serverguide/C/file-server.xml:434(para)
24884
#: serverguide/C/file-server.xml:433(para)
24795
24885
msgid ""
24796
24886
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
24797
24887
"common</application> package is installed on your client. To install "
24801
24891
"</screen>"
24802
24892
msgstr ""
24803
24893
24804
#: serverguide/C/file-server.xml:447(ulink)
24894
#: serverguide/C/file-server.xml:446(ulink)
24805
24895
msgid "Linux NFS faq"
24806
24896
msgstr ""
24807
24897
24808
#: serverguide/C/file-server.xml:449(ulink)
24898
#: serverguide/C/file-server.xml:448(ulink)
24809
24899
msgid "Ubuntu Wiki NFS Howto"
24810
24900
msgstr ""
24811
24901
24812
#: serverguide/C/file-server.xml:455(title)
24902
#: serverguide/C/file-server.xml:454(title)
24813
24903
msgid "iSCSI Initiator"
24814
24904
msgstr ""
24815
24905
24816
#: serverguide/C/file-server.xml:457(para)
24906
#: serverguide/C/file-server.xml:456(para)
24817
24907
msgid ""
24818
24908
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
24819
24909
"protocol that allows SCSI commands to be transmitted over a network. "
24833
24923
"your vendor documentation to configure your specific iSCSI target."
24834
24924
msgstr ""
24835
24925
24836
#: serverguide/C/file-server.xml:471(title)
24926
#: serverguide/C/file-server.xml:470(title)
24837
24927
msgid "iSCSI Initiator Install"
24838
24928
msgstr ""
24839
24929
24840
#: serverguide/C/file-server.xml:473(para)
24930
#: serverguide/C/file-server.xml:472(para)
24841
24931
msgid ""
24842
24932
"To configure Ubuntu Server as an iSCSI initiator install the "
24843
24933
"<application>open-iscsi</application> package. In a terminal enter:"
24844
24934
msgstr ""
24845
24935
24846
#: serverguide/C/file-server.xml:478(command)
24936
#: serverguide/C/file-server.xml:477(command)
24847
24937
msgid "sudo apt-get install open-iscsi"
24848
24938
msgstr ""
24849
24939
24850
#: serverguide/C/file-server.xml:483(title)
24940
#: serverguide/C/file-server.xml:482(title)
24851
24941
msgid "iSCSI Initiator Configuration"
24852
24942
msgstr ""
24853
24943
24854
#: serverguide/C/file-server.xml:485(para)
24944
#: serverguide/C/file-server.xml:484(para)
24855
24945
msgid ""
24856
24946
"Once the <application>open-iscsi</application> package is installed, edit "
24857
24947
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24858
24948
msgstr ""
24859
24949
24860
#: serverguide/C/file-server.xml:489(programlisting)
24950
#: serverguide/C/file-server.xml:488(programlisting)
24861
24951
#, no-wrap
24862
24952
msgid ""
24863
24953
"\n"
24864
24954
"node.startup = automatic\n"
24865
24955
msgstr ""
24866
24956
24867
#: serverguide/C/file-server.xml:493(para)
24957
#: serverguide/C/file-server.xml:492(para)
24868
24958
msgid ""
24869
24959
"You can check which targets are available by using the "
24870
24960
"<application>iscsiadm</application> utility. Enter the following in a "
24871
24961
"terminal:"
24872
24962
msgstr ""
24873
24963
24874
#: serverguide/C/file-server.xml:498(command)
24964
#: serverguide/C/file-server.xml:497(command)
24875
24965
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24876
24966
msgstr ""
24877
24967
24968
#: serverguide/C/file-server.xml:501(para)
24969
msgid ""
24970
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24971
msgstr ""
24972
24878
24973
#: serverguide/C/file-server.xml:502(para)
24879
msgid ""
24880
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24974
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24881
24975
msgstr ""
24882
24976
24883
24977
#: serverguide/C/file-server.xml:503(para)
24884
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24885
msgstr ""
24886
24887
#: serverguide/C/file-server.xml:504(para)
24888
24978
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24889
24979
msgstr ""
24890
24980
24891
#: serverguide/C/file-server.xml:508(para)
24981
#: serverguide/C/file-server.xml:507(para)
24892
24982
msgid ""
24893
24983
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24894
24984
"your network."
24895
24985
msgstr ""
24896
24986
24897
#: serverguide/C/file-server.xml:513(para)
24987
#: serverguide/C/file-server.xml:512(para)
24898
24988
msgid ""
24899
24989
"If the target is available you should see output similar to the following:"
24900
24990
msgstr ""
24901
24991
24902
#: serverguide/C/file-server.xml:518(computeroutput)
24992
#: serverguide/C/file-server.xml:517(computeroutput)
24903
24993
#, no-wrap
24904
24994
msgid ""
24905
24995
"\n"
24906
24996
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24907
24997
msgstr ""
24908
24998
24909
#: serverguide/C/file-server.xml:524(para)
24999
#: serverguide/C/file-server.xml:523(para)
24910
25000
msgid ""
24911
25001
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24912
25002
"on your hardware."
24913
25003
msgstr ""
24914
25004
24915
#: serverguide/C/file-server.xml:529(para)
25005
#: serverguide/C/file-server.xml:528(para)
24916
25006
msgid ""
24917
25007
"You should now be able to connect to the iSCSI target, and depending on your "
24918
25008
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24919
25009
msgstr ""
24920
25010
24921
#: serverguide/C/file-server.xml:535(command)
25011
#: serverguide/C/file-server.xml:534(command)
24922
25012
msgid "sudo iscsiadm -m node --login"
24923
25013
msgstr ""
24924
25014
24925
#: serverguide/C/file-server.xml:538(para)
25015
#: serverguide/C/file-server.xml:537(para)
24926
25016
msgid ""
24927
25017
"Check to make sure that the new disk has been detected using "
24928
25018
"<application>dmesg</application>:"
24929
25019
msgstr ""
24930
25020
24931
#: serverguide/C/file-server.xml:543(command)
25021
#: serverguide/C/file-server.xml:542(command)
24932
25022
msgid "dmesg | grep sd"
24933
25023
msgstr ""
24934
25024
24935
#: serverguide/C/file-server.xml:544(computeroutput)
25025
#: serverguide/C/file-server.xml:543(computeroutput)
24936
25026
#, no-wrap
24937
25027
msgid ""
24938
25028
"\n"
24961
25051
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
24962
25052
msgstr ""
24963
25053
24964
#: serverguide/C/file-server.xml:568(para)
25054
#: serverguide/C/file-server.xml:567(para)
24965
25055
msgid ""
24966
25056
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
24967
25057
"this is just an example; the output you see on your screen will vary."
24968
25058
msgstr ""
24969
25059
24970
#: serverguide/C/file-server.xml:573(para)
25060
#: serverguide/C/file-server.xml:572(para)
24971
25061
msgid ""
24972
25062
"Next, create a partition, format the file system, and mount the new iSCSI "
24973
25063
"disk. In a terminal enter:"
24974
25064
msgstr ""
24975
25065
25066
#: serverguide/C/file-server.xml:577(command)
25067
msgid "sudo fdisk /dev/sdb"
25068
msgstr ""
25069
24976
25070
#: serverguide/C/file-server.xml:578(command)
24977
msgid "sudo fdisk /dev/sdb"
25071
msgid "n"
24978
25072
msgstr ""
24979
25073
24980
25074
#: serverguide/C/file-server.xml:579(command)
24981
msgid "n"
25075
msgid "p"
24982
25076
msgstr ""
24983
25077
24984
25078
#: serverguide/C/file-server.xml:580(command)
24985
msgid "p"
25079
msgid "enter"
24986
25080
msgstr ""
24987
25081
24988
25082
#: serverguide/C/file-server.xml:581(command)
24989
msgid "enter"
24990
msgstr ""
24991
24992
#: serverguide/C/file-server.xml:582(command)
24993
25083
msgid "w"
24994
25084
msgstr ""
24995
25085
24996
#: serverguide/C/file-server.xml:586(para)
25086
#: serverguide/C/file-server.xml:585(para)
24997
25087
msgid ""
24998
25088
"The above commands are from inside the <application>fdisk</application> "
24999
25089
"utility; see <command>man fdisk</command> for more detailed instructions. "
25001
25091
"friendly."
25002
25092
msgstr ""
25003
25093
25004
#: serverguide/C/file-server.xml:592(para)
25094
#: serverguide/C/file-server.xml:591(para)
25005
25095
msgid ""
25006
25096
"Now format the file system and mount it to <filename>/srv</filename> as an "
25007
25097
"example:"
25008
25098
msgstr ""
25009
25099
25100
#: serverguide/C/file-server.xml:596(command)
25101
msgid "sudo mkfs.ext4 /dev/sdb1"
25102
msgstr ""
25103
25010
25104
#: serverguide/C/file-server.xml:597(command)
25011
msgid "sudo mkfs.ext4 /dev/sdb1"
25012
msgstr ""
25013
25014
#: serverguide/C/file-server.xml:598(command)
25015
25105
msgid "sudo mount /dev/sdb1 /srv"
25016
25106
msgstr ""
25017
25107
25018
#: serverguide/C/file-server.xml:602(para)
25108
#: serverguide/C/file-server.xml:601(para)
25019
25109
msgid ""
25020
25110
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
25021
25111
"drive during boot:"
25022
25112
msgstr ""
25023
25113
25024
#: serverguide/C/file-server.xml:606(programlisting)
25114
#: serverguide/C/file-server.xml:605(programlisting)
25025
25115
#, no-wrap
25026
25116
msgid ""
25027
25117
"\n"
25028
25118
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
25029
25119
msgstr ""
25030
25120
25031
#: serverguide/C/file-server.xml:610(para)
25121
#: serverguide/C/file-server.xml:609(para)
25032
25122
msgid ""
25033
25123
"It is a good idea to make sure everything is working as expected by "
25034
25124
"rebooting the server."
25035
25125
msgstr ""
25036
25126
25037
#: serverguide/C/file-server.xml:619(ulink)
25127
#: serverguide/C/file-server.xml:618(ulink)
25038
25128
msgid "Open-iSCSI Website"
25039
25129
msgstr ""
25040
25130
25041
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25131
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
25042
25132
msgid "Debian Open-iSCSI page"
25043
25133
msgstr ""
25044
25134
25045
#: serverguide/C/file-server.xml:629(title)
25135
#: serverguide/C/file-server.xml:628(title)
25046
25136
msgid "CUPS - Print Server"
25047
25137
msgstr "CUPS - Сэрвер друку"
25048
25138
25049
#: serverguide/C/file-server.xml:630(para)
25139
#: serverguide/C/file-server.xml:629(para)
25050
25140
msgid ""
25051
25141
"The primary mechanism for Ubuntu printing and print services is the "
25052
25142
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25054
25144
"become the new standard for printing in most Linux distributions."
25055
25145
msgstr ""
25056
25146
25057
#: serverguide/C/file-server.xml:637(para)
25147
#: serverguide/C/file-server.xml:636(para)
25058
25148
msgid ""
25059
25149
"CUPS manages print jobs and queues and provides network printing using the "
25060
25150
"standard Internet Printing Protocol (IPP), while offering support for a very "
25064
25154
"administration tool."
25065
25155
msgstr ""
25066
25156
25067
#: serverguide/C/file-server.xml:647(para)
25157
#: serverguide/C/file-server.xml:646(para)
25068
25158
msgid ""
25069
25159
"To install CUPS on your Ubuntu computer, simply use "
25070
25160
"<application>sudo</application> with the <application>apt-get</application> "
25074
25164
"CUPS:"
25075
25165
msgstr ""
25076
25166
25077
#: serverguide/C/file-server.xml:652(command)
25167
#: serverguide/C/file-server.xml:651(command)
25078
25168
msgid "sudo apt-get install cups"
25079
25169
msgstr ""
25080
25170
25081
#: serverguide/C/file-server.xml:655(para)
25171
#: serverguide/C/file-server.xml:654(para)
25082
25172
msgid ""
25083
25173
"Upon authenticating with your user password, the packages should be "
25084
25174
"downloaded and installed without error. Upon the conclusion of installation, "
25085
25175
"the CUPS server will be started automatically."
25086
25176
msgstr ""
25087
25177
25088
#: serverguide/C/file-server.xml:660(para)
25178
#: serverguide/C/file-server.xml:659(para)
25089
25179
msgid ""
25090
25180
"For troubleshooting purposes, you can access CUPS server errors via the "
25091
25181
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
25098
25188
"from becoming overly large."
25099
25189
msgstr ""
25100
25190
25101
#: serverguide/C/file-server.xml:673(para)
25191
#: serverguide/C/file-server.xml:672(para)
25102
25192
msgid ""
25103
25193
"The Common UNIX Printing System server's behavior is configured through the "
25104
25194
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
25109
25199
"initially will be presented here."
25110
25200
msgstr ""
25111
25201
25112
#: serverguide/C/file-server.xml:683(para)
25202
#: serverguide/C/file-server.xml:682(para)
25113
25203
msgid ""
25114
25204
"Prior to editing the configuration file, you should make a copy of the "
25115
25205
"original file and protect it from writing, so you will have the original "
25116
25206
"settings as a reference, and to reuse as necessary."
25117
25207
msgstr ""
25118
25208
25119
#: serverguide/C/file-server.xml:687(para)
25209
#: serverguide/C/file-server.xml:686(para)
25120
25210
msgid ""
25121
25211
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
25122
25212
"writing with the following commands, issued at a terminal prompt:"
25123
25213
msgstr ""
25124
25214
25125
#: serverguide/C/file-server.xml:693(command)
25215
#: serverguide/C/file-server.xml:692(command)
25126
25216
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25127
25217
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25128
25218
25129
#: serverguide/C/file-server.xml:694(command)
25219
#: serverguide/C/file-server.xml:693(command)
25130
25220
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
25131
25221
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
25132
25222
25133
#: serverguide/C/file-server.xml:699(para)
25223
#: serverguide/C/file-server.xml:698(para)
25134
25224
msgid ""
25135
25225
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
25136
25226
"address of the designated administrator of the CUPS server, simply edit the "
25142
25232
"as such:"
25143
25233
msgstr ""
25144
25234
25145
#: serverguide/C/file-server.xml:710(screen)
25235
#: serverguide/C/file-server.xml:709(screen)
25146
25236
#, no-wrap
25147
25237
msgid ""
25148
25238
"\n"
25149
25239
"ServerAdmin bjoy@somebigco.com\n"
25150
25240
msgstr ""
25151
25241
25152
#: serverguide/C/file-server.xml:716(para)
25242
#: serverguide/C/file-server.xml:715(para)
25153
25243
msgid ""
25154
25244
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
25155
25245
"server installation listens only on the loopback interface at IP address "
25164
25254
"such:"
25165
25255
msgstr ""
25166
25256
25167
#: serverguide/C/file-server.xml:730(screen)
25257
#: serverguide/C/file-server.xml:729(screen)
25168
25258
#, no-wrap
25169
25259
msgid ""
25170
25260
"\n"
25174
25264
"(IPP)\n"
25175
25265
msgstr ""
25176
25266
25177
#: serverguide/C/file-server.xml:736(para)
25267
#: serverguide/C/file-server.xml:735(para)
25178
25268
msgid ""
25179
25269
"In the example above, you may comment out or remove the reference to the "
25180
25270
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
25185
25275
"<emphasis>socrates</emphasis> as such:"
25186
25276
msgstr ""
25187
25277
25188
#: serverguide/C/file-server.xml:746(screen)
25278
#: serverguide/C/file-server.xml:745(screen)
25189
25279
#, no-wrap
25190
25280
msgid ""
25191
25281
"\n"
25192
25282
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
25193
25283
msgstr ""
25194
25284
25195
#: serverguide/C/file-server.xml:750(para)
25285
#: serverguide/C/file-server.xml:749(para)
25196
25286
msgid ""
25197
25287
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
25198
25288
"instead, as in:"
25199
25289
msgstr ""
25200
25290
25201
#: serverguide/C/file-server.xml:752(screen)
25291
#: serverguide/C/file-server.xml:751(screen)
25202
25292
#, no-wrap
25203
25293
msgid ""
25204
25294
"\n"
25205
25295
"Port 631 # Listen on port 631 on all interfaces\n"
25206
25296
msgstr ""
25207
25297
25208
#: serverguide/C/file-server.xml:759(para)
25298
#: serverguide/C/file-server.xml:758(para)
25209
25299
msgid ""
25210
25300
"For more examples of configuration directives in the CUPS server "
25211
25301
"configuration file, view the associated system manual page by entering the "
25212
25302
"following command at a terminal prompt:"
25213
25303
msgstr ""
25214
25304
25215
#: serverguide/C/file-server.xml:766(command)
25305
#: serverguide/C/file-server.xml:765(command)
25216
25306
msgid "man cupsd.conf"
25217
25307
msgstr "man cupsd.conf"
25218
25308
25219
#: serverguide/C/file-server.xml:770(para)
25309
#: serverguide/C/file-server.xml:769(para)
25220
25310
msgid ""
25221
25311
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
25222
25312
"configuration file, you'll need to restart the CUPS server by typing the "
25227
25317
msgid "sudo service cups restart"
25228
25318
msgstr ""
25229
25319
25230
#: serverguide/C/file-server.xml:782(title)
25320
#: serverguide/C/file-server.xml:781(title)
25231
25321
msgid "Web Interface"
25232
25322
msgstr ""
25233
25323
25234
#: serverguide/C/file-server.xml:784(para)
25324
#: serverguide/C/file-server.xml:783(para)
25235
25325
msgid ""
25236
25326
"CUPS can be configured and monitored using a web interface, which by default "
25237
25327
"is available at <ulink "
25239
25329
"web interface can be used to perform all printer management tasks."
25240
25330
msgstr ""
25241
25331
25242
#: serverguide/C/file-server.xml:788(para)
25332
#: serverguide/C/file-server.xml:787(para)
25243
25333
msgid ""
25244
25334
"In order to perform administrative tasks via the web interface, you must "
25245
25335
"either have the root account enabled on your server, or authenticate as a "
25247
25337
"reasons, CUPS won't authenticate a user that doesn't have a password."
25248
25338
msgstr ""
25249
25339
25250
#: serverguide/C/file-server.xml:791(para)
25340
#: serverguide/C/file-server.xml:790(para)
25251
25341
msgid ""
25252
25342
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
25253
25343
"at the terminal prompt: <screen>\n"
25255
25345
"</screen>"
25256
25346
msgstr ""
25257
25347
25258
#: serverguide/C/file-server.xml:797(para)
25348
#: serverguide/C/file-server.xml:796(para)
25259
25349
msgid ""
25260
25350
"Further documentation is available in the <emphasis "
25261
25351
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
25262
25352
msgstr ""
25263
25353
25264
#: serverguide/C/file-server.xml:805(ulink)
25354
#: serverguide/C/file-server.xml:804(ulink)
25265
25355
msgid "CUPS Website"
25266
25356
msgstr "Вэб-старонка CUPS"
25267
25357
25397
25487
"prompt:"
25398
25488
msgstr ""
25399
25489
25400
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
25490
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25401
25491
msgid "sudo service bind9 restart"
25402
25492
msgstr ""
25403
25493
25452
25542
"command below.)"
25453
25543
msgstr ""
25454
25544
25455
#: serverguide/C/dns.xml:141(para)
25545
#: serverguide/C/dns.xml:145(para)
25456
25546
msgid ""
25457
25547
"Now use an existing zone file as a template to create the "
25458
25548
"<filename>/etc/bind/db.example.com</filename> file:"
25459
25549
msgstr ""
25460
25550
25461
#: serverguide/C/dns.xml:145(command)
25551
#: serverguide/C/dns.xml:149(command)
25462
25552
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
25463
25553
msgstr "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
25464
25554
25465
#: serverguide/C/dns.xml:147(para)
25555
#: serverguide/C/dns.xml:151(para)
25466
25556
msgid ""
25467
25557
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
25468
25558
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
25473
25563
"this file is for."
25474
25564
msgstr ""
25475
25565
25476
#: serverguide/C/dns.xml:154(para)
25566
#: serverguide/C/dns.xml:158(para)
25477
25567
msgid ""
25478
25568
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
25479
25569
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
25481
25571
"the name server in this example:"
25482
25572
msgstr ""
25483
25573
25484
#: serverguide/C/dns.xml:159(programlisting)
25574
#: serverguide/C/dns.xml:163(programlisting)
25485
25575
#, no-wrap
25486
25576
msgid ""
25487
25577
"\n"
25503
25593
"ns IN A 192.168.1.10\n"
25504
25594
msgstr ""
25505
25595
25506
#: serverguide/C/dns.xml:177(para)
25596
#: serverguide/C/dns.xml:181(para)
25507
25597
msgid ""
25508
25598
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25509
25599
"make changes to the zone file. If you make multiple changes before "
25510
25600
"restarting BIND9, simply increment the Serial once."
25511
25601
msgstr ""
25512
25602
25513
#: serverguide/C/dns.xml:181(para)
25603
#: serverguide/C/dns.xml:185(para)
25514
25604
msgid ""
25515
25605
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25516
25606
"linkend=\"dns-record-types\"/> for details."
25517
25607
msgstr ""
25518
25608
25519
#: serverguide/C/dns.xml:185(para)
25609
#: serverguide/C/dns.xml:189(para)
25520
25610
msgid ""
25521
25611
"Many admins like to use the last date edited as the serial of a zone, such "
25522
25612
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25523
25613
"<emphasis>ss</emphasis> is the Serial Number)"
25524
25614
msgstr ""
25525
25615
25526
#: serverguide/C/dns.xml:190(para)
25616
#: serverguide/C/dns.xml:194(para)
25527
25617
msgid ""
25528
25618
"Once you have made changes to the zone file <application>BIND9</application> "
25529
25619
"needs to be restarted for the changes to take effect:"
25530
25620
msgstr ""
25531
25621
25532
#: serverguide/C/dns.xml:199(title)
25622
#: serverguide/C/dns.xml:203(title)
25533
25623
msgid "Reverse Zone File"
25534
25624
msgstr ""
25535
25625
25536
#: serverguide/C/dns.xml:200(para)
25626
#: serverguide/C/dns.xml:204(para)
25537
25627
msgid ""
25538
25628
"Now that the zone is setup and resolving names to IP Adresses a "
25539
25629
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25540
25630
"DNS to resolve an address to a name."
25541
25631
msgstr ""
25542
25632
25543
#: serverguide/C/dns.xml:204(para)
25633
#: serverguide/C/dns.xml:208(para)
25544
25634
msgid "Edit /etc/bind/named.conf.local and add the following:"
25545
25635
msgstr ""
25546
25636
25547
#: serverguide/C/dns.xml:207(programlisting)
25637
#: serverguide/C/dns.xml:211(programlisting)
25548
25638
#, no-wrap
25549
25639
msgid ""
25550
25640
"\n"
25554
25644
"};\n"
25555
25645
msgstr ""
25556
25646
25557
#: serverguide/C/dns.xml:214(para)
25647
#: serverguide/C/dns.xml:218(para)
25558
25648
msgid ""
25559
25649
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
25560
25650
"whatever network you are using. Also, name the zone file "
25562
25652
"first octet of your network."
25563
25653
msgstr ""
25564
25654
25565
#: serverguide/C/dns.xml:219(para)
25655
#: serverguide/C/dns.xml:223(para)
25566
25656
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
25567
25657
msgstr "Цяпер стварыце файл <filename>/etc/bind/db.192</filename>:"
25568
25658
25569
#: serverguide/C/dns.xml:223(command)
25659
#: serverguide/C/dns.xml:227(command)
25570
25660
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
25571
25661
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
25572
25662
25573
#: serverguide/C/dns.xml:225(para)
25663
#: serverguide/C/dns.xml:229(para)
25574
25664
msgid ""
25575
25665
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
25576
25666
"same options as <filename>/etc/bind/db.example.com</filename>:"
25577
25667
msgstr ""
25578
25668
25579
#: serverguide/C/dns.xml:229(programlisting)
25669
#: serverguide/C/dns.xml:233(programlisting)
25580
25670
#, no-wrap
25581
25671
msgid ""
25582
25672
"\n"
25595
25685
"10 IN PTR ns.example.com.\n"
25596
25686
msgstr ""
25597
25687
25598
#: serverguide/C/dns.xml:244(para)
25688
#: serverguide/C/dns.xml:248(para)
25599
25689
msgid ""
25600
25690
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
25601
25691
"incremented on each change as well. For each <emphasis>A record</emphasis> "
25604
25694
"<filename>/etc/bind/db.192</filename>."
25605
25695
msgstr ""
25606
25696
25607
#: serverguide/C/dns.xml:249(para)
25697
#: serverguide/C/dns.xml:253(para)
25608
25698
msgid ""
25609
25699
"After creating the reverse zone file restart "
25610
25700
"<application>BIND9</application>:"
25611
25701
msgstr ""
25612
25702
25613
#: serverguide/C/dns.xml:258(title)
25703
#: serverguide/C/dns.xml:262(title)
25614
25704
msgid "Secondary Master"
25615
25705
msgstr ""
25616
25706
25617
#: serverguide/C/dns.xml:259(para)
25707
#: serverguide/C/dns.xml:263(para)
25618
25708
msgid ""
25619
25709
"Once a <emphasis>Primary Master</emphasis> has been configured a "
25620
25710
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
25621
25711
"availability of the domain should the Primary become unavailable."
25622
25712
msgstr ""
25623
25713
25624
#: serverguide/C/dns.xml:263(para)
25714
#: serverguide/C/dns.xml:267(para)
25625
25715
msgid ""
25626
25716
"First, on the Primary Master server, the zone transfer needs to be allowed. "
25627
25717
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
25629
25719
"<filename>/etc/bind/named.conf.local</filename>:"
25630
25720
msgstr ""
25631
25721
25632
#: serverguide/C/dns.xml:267(programlisting)
25722
#: serverguide/C/dns.xml:271(programlisting)
25633
25723
#, no-wrap
25634
25724
msgid ""
25635
25725
"\n"
25646
25736
"};\n"
25647
25737
msgstr ""
25648
25738
25649
#: serverguide/C/dns.xml:281(para)
25739
#: serverguide/C/dns.xml:285(para)
25650
25740
msgid ""
25651
25741
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
25652
25742
"Secondary nameserver."
25653
25743
msgstr ""
25654
25744
25655
#: serverguide/C/dns.xml:285(para)
25745
#: serverguide/C/dns.xml:289(para)
25656
25746
msgid "Restart <application>BIND9</application> on the Primary Master:"
25657
25747
msgstr ""
25658
25748
25659
#: serverguide/C/dns.xml:291(para)
25749
#: serverguide/C/dns.xml:295(para)
25660
25750
msgid ""
25661
25751
"Next, on the Secondary Master, install the <application>bind9</application> "
25662
25752
"package the same way as on the Primary. Then edit the "
25664
25754
"declarations for the Forward and Reverse zones:"
25665
25755
msgstr ""
25666
25756
25667
#: serverguide/C/dns.xml:295(programlisting)
25757
#: serverguide/C/dns.xml:299(programlisting)
25668
25758
#, no-wrap
25669
25759
msgid ""
25670
25760
"\n"
25681
25771
"};\n"
25682
25772
msgstr ""
25683
25773
25684
#: serverguide/C/dns.xml:309(para)
25774
#: serverguide/C/dns.xml:313(para)
25685
25775
msgid ""
25686
25776
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
25687
25777
"Primary nameserver."
25688
25778
msgstr ""
25689
25779
25690
#: serverguide/C/dns.xml:313(para)
25780
#: serverguide/C/dns.xml:317(para)
25691
25781
msgid "Restart <application>BIND9</application> on the Secondary Master:"
25692
25782
msgstr ""
25693
25783
25694
#: serverguide/C/dns.xml:319(para)
25784
#: serverguide/C/dns.xml:323(para)
25695
25785
msgid ""
25696
25786
"In <filename>/var/log/syslog</filename> you should see something similar to "
25697
25787
"(some lines have been split to fit the format of this document):"
25698
25788
msgstr ""
25699
25789
25700
#: serverguide/C/dns.xml:322(programlisting)
25790
#: serverguide/C/dns.xml:326(programlisting)
25701
25791
#, no-wrap
25702
25792
msgid ""
25703
25793
"\n"
25722
25812
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
25723
25813
msgstr ""
25724
25814
25725
#: serverguide/C/dns.xml:341(para)
25815
#: serverguide/C/dns.xml:345(para)
25726
25816
msgid ""
25727
25817
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
25728
25818
"on the Primary is larger than the one on the Secondary. If you want to have "
25732
25822
"below:"
25733
25823
msgstr ""
25734
25824
25735
#: serverguide/C/dns.xml:345(programlisting)
25825
#: serverguide/C/dns.xml:349(programlisting)
25736
25826
#, no-wrap
25737
25827
msgid ""
25738
25828
"\n"
25752
25842
"\t"
25753
25843
msgstr ""
25754
25844
25755
#: serverguide/C/dns.xml:361(para)
25845
#: serverguide/C/dns.xml:365(para)
25756
25846
msgid ""
25757
25847
"The default directory for non-authoritative zone files is "
25758
25848
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
25761
25851
"on AppArmor see <xref linkend=\"apparmor\"/>."
25762
25852
msgstr ""
25763
25853
25764
#: serverguide/C/dns.xml:372(para)
25854
#: serverguide/C/dns.xml:376(para)
25765
25855
msgid ""
25766
25856
"This section covers ways to help determine the cause when problems happen "
25767
25857
"with DNS and <application>BIND9</application>."
25768
25858
msgstr ""
25769
25859
25770
#: serverguide/C/dns.xml:378(title)
25860
#: serverguide/C/dns.xml:382(title)
25771
25861
msgid "resolv.conf"
25772
25862
msgstr "resolv.conf"
25773
25863
25781
25871
"<filename>/etc/resolv.conf</filename> contains (for this example):"
25782
25872
msgstr ""
25783
25873
25784
#: serverguide/C/dns.xml:384(programlisting)
25874
#: serverguide/C/dns.xml:389(programlisting)
25785
25875
#, no-wrap
25786
25876
msgid ""
25787
25877
"\n"
25800
25890
"to RESOLVCONF=yes."
25801
25891
msgstr ""
25802
25892
25803
#: serverguide/C/dns.xml:389(para)
25893
#: serverguide/C/dns.xml:398(para)
25804
25894
msgid ""
25805
25895
"You should also add the IP Address of the Secondary nameserver in case the "
25806
25896
"Primary becomes unavailable."
25807
25897
msgstr ""
25808
25898
25809
#: serverguide/C/dns.xml:395(title)
25899
#: serverguide/C/dns.xml:404(title)
25810
25900
msgid "dig"
25811
25901
msgstr "dig"
25812
25902
25813
#: serverguide/C/dns.xml:396(para)
25903
#: serverguide/C/dns.xml:405(para)
25814
25904
msgid ""
25815
25905
"If you installed the <application>dnsutils</application> package you can "
25816
25906
"test your setup using the DNS lookup utility <application>dig</application>:"
25817
25907
msgstr ""
25818
25908
25819
#: serverguide/C/dns.xml:402(para)
25909
#: serverguide/C/dns.xml:411(para)
25820
25910
msgid ""
25821
25911
"After installing <application>BIND9</application> use "
25822
25912
"<application>dig</application> against the loopback interface to make sure "
25823
25913
"it is listening on port 53. From a terminal prompt:"
25824
25914
msgstr ""
25825
25915
25826
#: serverguide/C/dns.xml:407(command)
25916
#: serverguide/C/dns.xml:416(command)
25827
25917
msgid "dig -x 127.0.0.1"
25828
25918
msgstr "dig -x 127.0.0.1"
25829
25919
25830
#: serverguide/C/dns.xml:409(para)
25920
#: serverguide/C/dns.xml:418(para)
25831
25921
msgid "You should see lines similar to the following in the command output:"
25832
25922
msgstr ""
25833
25923
25834
#: serverguide/C/dns.xml:412(programlisting)
25924
#: serverguide/C/dns.xml:421(programlisting)
25835
25925
#, no-wrap
25836
25926
msgid ""
25837
25927
"\n"
25839
25929
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
25840
25930
msgstr ""
25841
25931
25842
#: serverguide/C/dns.xml:418(para)
25932
#: serverguide/C/dns.xml:427(para)
25843
25933
msgid ""
25844
25934
"If you have configured <application>BIND9</application> as a "
25845
25935
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
25846
25936
"the query time:"
25847
25937
msgstr ""
25848
25938
25849
#: serverguide/C/dns.xml:423(command)
25939
#: serverguide/C/dns.xml:432(command)
25850
25940
msgid "dig ubuntu.com"
25851
25941
msgstr "dig ubuntu.com"
25852
25942
25853
#: serverguide/C/dns.xml:425(para)
25943
#: serverguide/C/dns.xml:434(para)
25854
25944
msgid "Note the query time toward the end of the command output:"
25855
25945
msgstr ""
25856
25946
25857
#: serverguide/C/dns.xml:428(programlisting)
25947
#: serverguide/C/dns.xml:437(programlisting)
25858
25948
#, no-wrap
25859
25949
msgid ""
25860
25950
"\n"
25861
25951
";; Query time: 49 msec\n"
25862
25952
msgstr ""
25863
25953
25864
#: serverguide/C/dns.xml:431(para)
25954
#: serverguide/C/dns.xml:440(para)
25865
25955
msgid "After a second dig there should be improvement:"
25866
25956
msgstr ""
25867
25957
25868
#: serverguide/C/dns.xml:434(programlisting)
25958
#: serverguide/C/dns.xml:443(programlisting)
25869
25959
#, no-wrap
25870
25960
msgid ""
25871
25961
"\n"
25872
25962
";; Query time: 1 msec\n"
25873
25963
msgstr ""
25874
25964
25875
#: serverguide/C/dns.xml:441(title)
25965
#: serverguide/C/dns.xml:450(title)
25876
25966
msgid "ping"
25877
25967
msgstr "ping"
25878
25968
25879
#: serverguide/C/dns.xml:443(para)
25969
#: serverguide/C/dns.xml:452(para)
25880
25970
msgid ""
25881
25971
"Now to demonstrate how applications make use of DNS to resolve a host name "
25882
25972
"use the <application>ping</application> utility to send an ICMP echo "
25883
25973
"request. From a terminal prompt enter:"
25884
25974
msgstr ""
25885
25975
25886
#: serverguide/C/dns.xml:449(command)
25976
#: serverguide/C/dns.xml:458(command)
25887
25977
msgid "ping example.com"
25888
25978
msgstr "ping example.com"
25889
25979
25890
#: serverguide/C/dns.xml:451(para)
25980
#: serverguide/C/dns.xml:460(para)
25891
25981
msgid ""
25892
25982
"This tests if the nameserver can resolve the name "
25893
25983
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25894
25984
"should resemble:"
25895
25985
msgstr ""
25896
25986
25897
#: serverguide/C/dns.xml:455(programlisting)
25987
#: serverguide/C/dns.xml:464(programlisting)
25898
25988
#, no-wrap
25899
25989
msgid ""
25900
25990
"\n"
25907
25997
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
25908
25998
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
25909
25999
25910
#: serverguide/C/dns.xml:462(title)
26000
#: serverguide/C/dns.xml:471(title)
25911
26001
msgid "named-checkzone"
25912
26002
msgstr "named-checkzone"
25913
26003
25914
#: serverguide/C/dns.xml:463(para)
26004
#: serverguide/C/dns.xml:472(para)
25915
26005
msgid ""
25916
26006
"A great way to test your zone files is by using the <application>named-"
25917
26007
"checkzone</application> utility installed with the "
25920
26010
"<application>BIND9</application> and making the changes live."
25921
26011
msgstr ""
25922
26012
25923
#: serverguide/C/dns.xml:470(para)
26013
#: serverguide/C/dns.xml:479(para)
25924
26014
msgid ""
25925
26015
"To test our example Forward zone file enter the following from a command "
25926
26016
"prompt:"
25927
26017
msgstr ""
25928
26018
25929
#: serverguide/C/dns.xml:474(command)
26019
#: serverguide/C/dns.xml:483(command)
25930
26020
msgid "named-checkzone example.com /etc/bind/db.example.com"
25931
26021
msgstr ""
25932
26022
25933
#: serverguide/C/dns.xml:476(para)
26023
#: serverguide/C/dns.xml:485(para)
25934
26024
msgid ""
25935
26025
"If everything is configured correctly you should see output similar to:"
25936
26026
msgstr ""
25937
26027
25938
#: serverguide/C/dns.xml:479(programlisting)
26028
#: serverguide/C/dns.xml:488(programlisting)
25939
26029
#, no-wrap
25940
26030
msgid ""
25941
26031
"\n"
25943
26033
"OK\n"
25944
26034
msgstr ""
25945
26035
25946
#: serverguide/C/dns.xml:485(para)
26036
#: serverguide/C/dns.xml:494(para)
25947
26037
msgid "Similarly, to test the Reverse zone file enter the following:"
25948
26038
msgstr ""
25949
26039
25950
#: serverguide/C/dns.xml:489(command)
26040
#: serverguide/C/dns.xml:498(command)
25951
26041
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
25952
26042
msgstr ""
25953
26043
25954
#: serverguide/C/dns.xml:491(para)
26044
#: serverguide/C/dns.xml:500(para)
25955
26045
msgid "The output should be similar to:"
25956
26046
msgstr ""
25957
26047
25958
#: serverguide/C/dns.xml:494(programlisting)
26048
#: serverguide/C/dns.xml:503(programlisting)
25959
26049
#, no-wrap
25960
26050
msgid ""
25961
26051
"\n"
25963
26053
"OK\n"
25964
26054
msgstr ""
25965
26055
25966
#: serverguide/C/dns.xml:501(para)
26056
#: serverguide/C/dns.xml:510(para)
25967
26057
msgid ""
25968
26058
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
25969
26059
"different."
25970
26060
msgstr ""
25971
26061
25972
#: serverguide/C/dns.xml:509(para)
26062
#: serverguide/C/dns.xml:518(para)
25973
26063
msgid ""
25974
26064
"<application>BIND9</application> has a wide variety of logging configuration "
25975
26065
"options available. There are two main options. The "
25977
26067
"<emphasis>category</emphasis> option determines what information to log."
25978
26068
msgstr ""
25979
26069
25980
#: serverguide/C/dns.xml:513(para)
26070
#: serverguide/C/dns.xml:522(para)
25981
26071
msgid "If no logging option is configured the default option is:"
25982
26072
msgstr ""
25983
26073
25984
#: serverguide/C/dns.xml:516(programlisting)
26074
#: serverguide/C/dns.xml:525(programlisting)
25985
26075
#, no-wrap
25986
26076
msgid ""
25987
26077
"\n"
25996
26086
" category unmatched { null; };\n"
25997
26087
"};\n"
25998
26088
25999
#: serverguide/C/dns.xml:522(para)
26089
#: serverguide/C/dns.xml:531(para)
26000
26090
msgid ""
26001
26091
"This section covers configuring <application>BIND9</application> to send "
26002
26092
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
26003
26093
"file."
26004
26094
msgstr ""
26005
26095
26006
#: serverguide/C/dns.xml:527(para)
26096
#: serverguide/C/dns.xml:536(para)
26007
26097
msgid ""
26008
26098
"First, we need to configure a channel to specify which file to send the "
26009
26099
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
26010
26100
"the following:"
26011
26101
msgstr ""
26012
26102
26013
#: serverguide/C/dns.xml:531(programlisting)
26103
#: serverguide/C/dns.xml:540(programlisting)
26014
26104
#, no-wrap
26015
26105
msgid ""
26016
26106
"\n"
26029
26119
" }; \n"
26030
26120
"};\n"
26031
26121
26032
#: serverguide/C/dns.xml:541(para)
26122
#: serverguide/C/dns.xml:550(para)
26033
26123
msgid "Next, configure a category to send all DNS queries to the query file:"
26034
26124
msgstr ""
26035
26125
26036
#: serverguide/C/dns.xml:544(programlisting)
26126
#: serverguide/C/dns.xml:553(programlisting)
26037
26127
#, no-wrap
26038
26128
msgid ""
26039
26129
"\n"
26054
26144
" <emphasis>category queries { query.log; };</emphasis> \n"
26055
26145
"};\n"
26056
26146
26057
#: serverguide/C/dns.xml:556(para)
26147
#: serverguide/C/dns.xml:565(para)
26058
26148
msgid ""
26059
26149
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
26060
26150
"level isn't specified level 1 is the default."
26061
26151
msgstr ""
26062
26152
26063
#: serverguide/C/dns.xml:562(para)
26153
#: serverguide/C/dns.xml:571(para)
26064
26154
msgid ""
26065
26155
"Since the <emphasis>named daemon</emphasis> runs as the "
26066
26156
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
26067
26157
"file must be created and the ownership changed:"
26068
26158
msgstr ""
26069
26159
26070
#: serverguide/C/dns.xml:567(command)
26160
#: serverguide/C/dns.xml:576(command)
26071
26161
msgid "sudo touch /var/log/query.log"
26072
26162
msgstr "sudo touch /var/log/query.log"
26073
26163
26074
#: serverguide/C/dns.xml:568(command)
26164
#: serverguide/C/dns.xml:577(command)
26075
26165
msgid "sudo chown bind /var/log/query.log"
26076
26166
msgstr "sudo chown bind /var/log/query.log"
26077
26167
26078
#: serverguide/C/dns.xml:572(para)
26168
#: serverguide/C/dns.xml:581(para)
26079
26169
msgid ""
26080
26170
"Before <application>named</application> daemon can write to the new log file "
26081
26171
"the <application>AppArmor</application> profile must be updated. First, edit "
26082
26172
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
26083
26173
msgstr ""
26084
26174
26085
#: serverguide/C/dns.xml:576(programlisting)
26175
#: serverguide/C/dns.xml:585(programlisting)
26086
26176
#, no-wrap
26087
26177
msgid ""
26088
26178
"\n"
26091
26181
"\n"
26092
26182
"/var/log/query.log w,\n"
26093
26183
26094
#: serverguide/C/dns.xml:579(para)
26184
#: serverguide/C/dns.xml:588(para)
26095
26185
msgid "Next, reload the profile:"
26096
26186
msgstr "Далей перазапусьціце профіль:"
26097
26187
26098
#: serverguide/C/dns.xml:583(command)
26188
#: serverguide/C/dns.xml:592(command)
26099
26189
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
26100
26190
msgstr "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
26101
26191
26102
#: serverguide/C/dns.xml:585(para)
26192
#: serverguide/C/dns.xml:594(para)
26103
26193
msgid ""
26104
26194
"For more information on <application>AppArmor</application> see <xref "
26105
26195
"linkend=\"apparmor\"/>"
26107
26197
"Каб пабачыць боль зьвестак па <application>AppArmor</application> глядзіце "
26108
26198
"<xref linkend=\"apparmor\"/>"
26109
26199
26110
#: serverguide/C/dns.xml:590(para)
26200
#: serverguide/C/dns.xml:599(para)
26111
26201
msgid ""
26112
26202
"Now restart <application>BIND9</application> for the changes to take effect:"
26113
26203
msgstr ""
26114
26204
"Цяпер перазапусьціце <application>BIND9</application> каб ужыць зьмены:"
26115
26205
26116
#: serverguide/C/dns.xml:598(para)
26206
#: serverguide/C/dns.xml:607(para)
26117
26207
msgid ""
26118
26208
"You should see the file <filename>/var/log/query.log</filename> fill with "
26119
26209
"query information. This is a simple example of the "
26121
26211
"options see <xref linkend=\"dns-more-info\"/>."
26122
26212
msgstr ""
26123
26213
26124
#: serverguide/C/dns.xml:607(title)
26214
#: serverguide/C/dns.xml:616(title)
26125
26215
msgid "Common Record Types"
26126
26216
msgstr ""
26127
26217
26128
#: serverguide/C/dns.xml:608(para)
26218
#: serverguide/C/dns.xml:617(para)
26129
26219
msgid "This section covers some of the most common DNS record types."
26130
26220
msgstr ""
26131
26221
26132
#: serverguide/C/dns.xml:613(para)
26222
#: serverguide/C/dns.xml:622(para)
26133
26223
msgid ""
26134
26224
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26135
26225
msgstr ""
26136
26226
26137
#: serverguide/C/dns.xml:616(programlisting)
26227
#: serverguide/C/dns.xml:625(programlisting)
26138
26228
#, no-wrap
26139
26229
msgid ""
26140
26230
"\n"
26143
26233
"\n"
26144
26234
"www IN A 192.168.1.12\n"
26145
26235
26146
#: serverguide/C/dns.xml:621(para)
26236
#: serverguide/C/dns.xml:630(para)
26147
26237
msgid ""
26148
26238
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26149
26239
"record. You cannot create a CNAME record pointing to another CNAME record."
26150
26240
msgstr ""
26151
26241
26152
#: serverguide/C/dns.xml:624(programlisting)
26242
#: serverguide/C/dns.xml:633(programlisting)
26153
26243
#, no-wrap
26154
26244
msgid ""
26155
26245
"\n"
26158
26248
"\n"
26159
26249
"web IN CNAME www\n"
26160
26250
26161
#: serverguide/C/dns.xml:629(para)
26251
#: serverguide/C/dns.xml:638(para)
26162
26252
msgid ""
26163
26253
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26164
26254
"to. Must point to an A record, not a CNAME."
26165
26255
msgstr ""
26166
26256
26167
#: serverguide/C/dns.xml:632(programlisting)
26257
#: serverguide/C/dns.xml:641(programlisting)
26168
26258
#, no-wrap
26169
26259
msgid ""
26170
26260
"\n"
26172
26262
"mail IN A 192.168.1.13\n"
26173
26263
msgstr ""
26174
26264
26175
#: serverguide/C/dns.xml:638(para)
26265
#: serverguide/C/dns.xml:647(para)
26176
26266
msgid ""
26177
26267
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
26178
26268
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
26179
26269
"Secondary servers are defined."
26180
26270
msgstr ""
26181
26271
26182
#: serverguide/C/dns.xml:642(programlisting)
26272
#: serverguide/C/dns.xml:651(programlisting)
26183
26273
#, no-wrap
26184
26274
msgid ""
26185
26275
"\n"
26189
26279
"ns2 IN A 192.168.1.11\n"
26190
26280
msgstr ""
26191
26281
26192
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
26282
#: serverguide/C/dns.xml:661(title)
26193
26283
msgid "More Information"
26194
26284
msgstr "Больш зьвестак"
26195
26285
26220
26310
"BIND on IPv6</ulink> book."
26221
26311
msgstr ""
26222
26312
26223
#: serverguide/C/dns.xml:670(para)
26313
#: serverguide/C/dns.xml:684(para)
26224
26314
msgid ""
26225
26315
"A great place to ask for <application>BIND9</application> assistance, and "
26226
26316
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
26403
26493
"Components</link> describes the components of the DM-Multipath package."
26404
26494
msgstr ""
26405
26495
26406
#: serverguide/C/dm-multipath.xml:184(title)
26496
#: serverguide/C/dm-multipath.xml:183(title)
26407
26497
msgid "DM-Multipath Setup Overview"
26408
26498
msgstr ""
26409
26499
26410
#: serverguide/C/dm-multipath.xml:191(para)
26500
#: serverguide/C/dm-multipath.xml:190(para)
26411
26501
msgid ""
26412
26502
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26413
26503
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26414
26504
msgstr ""
26415
26505
26416
#: serverguide/C/dm-multipath.xml:197(para)
26506
#: serverguide/C/dm-multipath.xml:196(para)
26417
26507
msgid ""
26418
26508
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26419
26509
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26420
26510
msgstr ""
26421
26511
26422
#: serverguide/C/dm-multipath.xml:203(para)
26512
#: serverguide/C/dm-multipath.xml:202(para)
26423
26513
msgid ""
26424
26514
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26425
26515
"configuration file to modify default values and save the updated file."
26426
26516
msgstr ""
26427
26517
26428
#: serverguide/C/dm-multipath.xml:209(para)
26518
#: serverguide/C/dm-multipath.xml:208(para)
26429
26519
msgid "Start the multipath daemon"
26430
26520
msgstr ""
26431
26521
26432
#: serverguide/C/dm-multipath.xml:213(para)
26522
#: serverguide/C/dm-multipath.xml:212(para)
26433
26523
msgid "Update initial ramdisk"
26434
26524
msgstr ""
26435
26525
26436
#: serverguide/C/dm-multipath.xml:186(para)
26526
#: serverguide/C/dm-multipath.xml:185(para)
26437
26527
msgid ""
26438
26528
"DM-Multipath includes compiled-in default settings that are suitable for "
26439
26529
"common multipath configurations. Setting up DM-multipath is often a simple "
26443
26533
"overview\">Setting Up DM-Multipath</link>."
26444
26534
msgstr ""
26445
26535
26446
#: serverguide/C/dm-multipath.xml:223(title)
26536
#: serverguide/C/dm-multipath.xml:222(title)
26447
26537
msgid "Multipath Devices"
26448
26538
msgstr ""
26449
26539
26450
#: serverguide/C/dm-multipath.xml:225(para)
26540
#: serverguide/C/dm-multipath.xml:224(para)
26451
26541
msgid ""
26452
26542
"Without DM-Multipath, each path from a server node to a storage controller "
26453
26543
"is treated by the system as a separate device, even when the I/O path "
26456
26546
"multipath device on top of the underlying devices."
26457
26547
msgstr ""
26458
26548
26459
#: serverguide/C/dm-multipath.xml:233(title)
26549
#: serverguide/C/dm-multipath.xml:232(title)
26460
26550
msgid "Multipath Device Identifiers"
26461
26551
msgstr ""
26462
26552
26463
#: serverguide/C/dm-multipath.xml:261(para)
26553
#: serverguide/C/dm-multipath.xml:260(para)
26464
26554
msgid ""
26465
26555
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
26466
26556
"early in the boot process. Use these devices to access the multipathed "
26467
26557
"devices, for example when creating logical volumes."
26468
26558
msgstr ""
26469
26559
26470
#: serverguide/C/dm-multipath.xml:268(para)
26560
#: serverguide/C/dm-multipath.xml:267(para)
26471
26561
msgid ""
26472
26562
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
26473
26563
"internal use only and should never be used."
26513
26603
"Device Configuration Attributes</link>."
26514
26604
msgstr ""
26515
26605
26516
#: serverguide/C/dm-multipath.xml:289(title)
26606
#: serverguide/C/dm-multipath.xml:288(title)
26517
26607
msgid "Consistent Multipath Device Names in a Cluster"
26518
26608
msgstr ""
26519
26609
26520
#: serverguide/C/dm-multipath.xml:291(para)
26610
#: serverguide/C/dm-multipath.xml:290(para)
26521
26611
msgid ""
26522
26612
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26523
26613
"configuration option is set to yes, the name of the multipath device is "
26540
26630
"procedure:"
26541
26631
msgstr ""
26542
26632
26543
#: serverguide/C/dm-multipath.xml:313(para)
26633
#: serverguide/C/dm-multipath.xml:312(para)
26544
26634
msgid "Set up all of the multipath devices on one machine."
26545
26635
msgstr ""
26546
26636
26547
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26637
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26548
26638
msgid ""
26549
26639
"Disable all of your multipath devices on your other machines by running the "
26550
26640
"following commands:"
26551
26641
msgstr ""
26552
26642
26553
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26643
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26554
26644
#, no-wrap
26555
26645
msgid ""
26556
26646
"# service multipath-tools stop\n"
26557
26647
"# multipath -F\n"
26558
26648
msgstr ""
26559
26649
26560
#: serverguide/C/dm-multipath.xml:326(para)
26650
#: serverguide/C/dm-multipath.xml:325(para)
26561
26651
msgid ""
26562
26652
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26563
26653
"machine to all the other machines in the cluster."
26564
26654
msgstr ""
26565
26655
26566
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26656
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26567
26657
msgid ""
26568
26658
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26569
26659
"running the following command:"
26570
26660
msgstr ""
26571
26661
26572
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26662
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26573
26663
#, no-wrap
26574
26664
msgid "# service multipath-tools start"
26575
26665
msgstr ""
26576
26666
26577
#: serverguide/C/dm-multipath.xml:339(para)
26667
#: serverguide/C/dm-multipath.xml:338(para)
26578
26668
msgid "If you add a new device, you will need to repeat this process."
26579
26669
msgstr ""
26580
26670
26581
#: serverguide/C/dm-multipath.xml:342(para)
26671
#: serverguide/C/dm-multipath.xml:341(para)
26582
26672
msgid ""
26583
26673
"Similarly, if you configure an alias for a device that you would like to be "
26584
26674
"consistent across the nodes in the cluster, you should ensure that the "
26586
26676
"the cluster by following the same procedure:"
26587
26677
msgstr ""
26588
26678
26589
#: serverguide/C/dm-multipath.xml:349(para)
26679
#: serverguide/C/dm-multipath.xml:348(para)
26590
26680
msgid ""
26591
26681
"Configure the aliases for the multipath devices in the in the "
26592
26682
"<filename>multipath.conf</filename> file on one machine."
26593
26683
msgstr ""
26594
26684
26595
#: serverguide/C/dm-multipath.xml:363(para)
26685
#: serverguide/C/dm-multipath.xml:362(para)
26596
26686
msgid ""
26597
26687
"Copy the <filename>multipath.conf</filename> file from the first machine to "
26598
26688
"all the other machines in the cluster."
26599
26689
msgstr ""
26600
26690
26601
#: serverguide/C/dm-multipath.xml:375(para)
26691
#: serverguide/C/dm-multipath.xml:374(para)
26602
26692
msgid "When you add a new device you will need to repeat this process."
26603
26693
msgstr ""
26604
26694
26605
#: serverguide/C/dm-multipath.xml:380(title)
26695
#: serverguide/C/dm-multipath.xml:379(title)
26606
26696
msgid "Multipath Device attributes"
26607
26697
msgstr ""
26608
26698
26609
#: serverguide/C/dm-multipath.xml:382(para)
26699
#: serverguide/C/dm-multipath.xml:381(para)
26610
26700
msgid ""
26611
26701
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26612
26702
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
26619
26709
"linkend=\"multipath-config-multipath\"/>\"."
26620
26710
msgstr ""
26621
26711
26622
#: serverguide/C/dm-multipath.xml:395(title)
26712
#: serverguide/C/dm-multipath.xml:394(title)
26623
26713
msgid "Multipath Devices in Logical Volumes"
26624
26714
msgstr ""
26625
26715
26626
#: serverguide/C/dm-multipath.xml:397(para)
26716
#: serverguide/C/dm-multipath.xml:396(para)
26627
26717
msgid ""
26628
26718
"After creating multipath devices, you can use the multipath device names "
26629
26719
"just as you would use a physical device name when creating an LVM physical "
26634
26724
"you would use any other LVM physical device."
26635
26725
msgstr ""
26636
26726
26637
#: serverguide/C/dm-multipath.xml:406(para)
26727
#: serverguide/C/dm-multipath.xml:405(para)
26638
26728
msgid ""
26639
26729
"If you attempt to create an LVM physical volume on a whole device on which "
26640
26730
"you have configured partitions, the pvcreate command will fail."
26641
26731
msgstr ""
26642
26732
26643
#: serverguide/C/dm-multipath.xml:426(para)
26733
#: serverguide/C/dm-multipath.xml:425(para)
26644
26734
msgid ""
26645
26735
"Every time either <filename>/etc/lvm.conf</filename> or "
26646
26736
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
26648
26738
"filters are necessary to maintain a stable storage configuration."
26649
26739
msgstr ""
26650
26740
26651
#: serverguide/C/dm-multipath.xml:411(para)
26741
#: serverguide/C/dm-multipath.xml:410(para)
26652
26742
msgid ""
26653
26743
"When you create an LVM logical volume that uses active/passive multipath "
26654
26744
"arrays as the underlying physical devices, you should include filters in the "
26667
26757
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26668
26758
msgstr ""
26669
26759
26670
#: serverguide/C/dm-multipath.xml:436(title)
26760
#: serverguide/C/dm-multipath.xml:435(title)
26671
26761
msgid "Setting up DM-Multipath Overview"
26672
26762
msgstr ""
26673
26763
26674
#: serverguide/C/dm-multipath.xml:438(para)
26764
#: serverguide/C/dm-multipath.xml:437(para)
26675
26765
msgid ""
26676
26766
"This section provides step-by-step example procedures for configuring DM-"
26677
26767
"Multipath. It includes the following procedures:"
26678
26768
msgstr ""
26679
26769
26680
#: serverguide/C/dm-multipath.xml:443(para)
26770
#: serverguide/C/dm-multipath.xml:442(para)
26681
26771
msgid "Basic DM-Multipath setup"
26682
26772
msgstr ""
26683
26773
26684
#: serverguide/C/dm-multipath.xml:447(para)
26774
#: serverguide/C/dm-multipath.xml:446(para)
26685
26775
msgid "Ignoring local disks"
26686
26776
msgstr ""
26687
26777
26688
#: serverguide/C/dm-multipath.xml:451(para)
26778
#: serverguide/C/dm-multipath.xml:450(para)
26689
26779
msgid "Adding more devices to the configuration file"
26690
26780
msgstr ""
26691
26781
26692
#: serverguide/C/dm-multipath.xml:456(title)
26782
#: serverguide/C/dm-multipath.xml:455(title)
26693
26783
msgid "Setting Up DM-Multipath"
26694
26784
msgstr ""
26695
26785
26696
#: serverguide/C/dm-multipath.xml:458(para)
26786
#: serverguide/C/dm-multipath.xml:457(para)
26697
26787
msgid ""
26698
26788
"Before setting up DM-Multipath on your system, ensure that your system has "
26699
26789
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26702
26792
"boot</application></emphasis> package is also required."
26703
26793
msgstr ""
26704
26794
26705
#: serverguide/C/dm-multipath.xml:476(para)
26795
#: serverguide/C/dm-multipath.xml:475(para)
26706
26796
msgid ""
26707
26797
"To work around a quirk in multipathd, when an "
26708
26798
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
26719
26809
"database."
26720
26810
msgstr ""
26721
26811
26722
#: serverguide/C/dm-multipath.xml:465(para)
26812
#: serverguide/C/dm-multipath.xml:464(para)
26723
26813
msgid ""
26724
26814
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
26725
26815
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
26735
26825
"multipath.conf-live</screen><placeholder-1/>"
26736
26826
msgstr ""
26737
26827
26738
#: serverguide/C/dm-multipath.xml:493(title)
26828
#: serverguide/C/dm-multipath.xml:492(title)
26739
26829
msgid "Installing with Multipath Support"
26740
26830
msgstr ""
26741
26831
26742
#: serverguide/C/dm-multipath.xml:495(para)
26832
#: serverguide/C/dm-multipath.xml:494(para)
26743
26833
msgid ""
26744
26834
"To enable <ulink "
26745
26835
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
26749
26839
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
26750
26840
msgstr ""
26751
26841
26752
#: serverguide/C/dm-multipath.xml:504(title)
26842
#: serverguide/C/dm-multipath.xml:503(title)
26753
26843
msgid "Ignoring Local Disks When Generating Multipath Devices"
26754
26844
msgstr ""
26755
26845
26756
#: serverguide/C/dm-multipath.xml:506(para)
26846
#: serverguide/C/dm-multipath.xml:505(para)
26757
26847
msgid ""
26758
26848
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
26759
26849
"is not recommended for these devices. The following procedure shows how to "
26774
26864
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
26775
26865
msgstr ""
26776
26866
26777
#: serverguide/C/dm-multipath.xml:525(screen)
26867
#: serverguide/C/dm-multipath.xml:524(screen)
26778
26868
#, no-wrap
26779
26869
msgid ""
26780
26870
"\n"
26811
26901
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26812
26902
msgstr ""
26813
26903
26814
#: serverguide/C/dm-multipath.xml:561(para)
26904
#: serverguide/C/dm-multipath.xml:560(para)
26815
26905
msgid ""
26816
26906
"In order to prevent the device mapper from mapping <emphasis "
26817
26907
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
26828
26918
"the following in the <filename>/etc/multipath.conf</filename> file."
26829
26919
msgstr ""
26830
26920
26831
#: serverguide/C/dm-multipath.xml:576(screen)
26921
#: serverguide/C/dm-multipath.xml:575(screen)
26832
26922
#, no-wrap
26833
26923
msgid ""
26834
26924
"\n"
26837
26927
"}\n"
26838
26928
msgstr ""
26839
26929
26840
#: serverguide/C/dm-multipath.xml:584(para)
26930
#: serverguide/C/dm-multipath.xml:583(para)
26841
26931
msgid ""
26842
26932
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
26843
26933
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
26845
26935
"<filename>/etc/multipath.conf</filename> file."
26846
26936
msgstr ""
26847
26937
26848
#: serverguide/C/dm-multipath.xml:589(screen)
26938
#: serverguide/C/dm-multipath.xml:588(screen)
26849
26939
#, no-wrap
26850
26940
msgid "# service multipath-tools reload"
26851
26941
msgstr ""
26852
26942
26853
#: serverguide/C/dm-multipath.xml:593(para)
26943
#: serverguide/C/dm-multipath.xml:592(para)
26854
26944
msgid "Run the following command to remove the multipath device:"
26855
26945
msgstr ""
26856
26946
26857
#: serverguide/C/dm-multipath.xml:596(screen)
26947
#: serverguide/C/dm-multipath.xml:595(screen)
26858
26948
#, no-wrap
26859
26949
msgid ""
26860
26950
"\n"
26874
26964
"specify a <emphasis role=\"bold\">-v</emphasis> option."
26875
26965
msgstr ""
26876
26966
26877
#: serverguide/C/dm-multipath.xml:613(screen)
26967
#: serverguide/C/dm-multipath.xml:612(screen)
26878
26968
#, no-wrap
26879
26969
msgid ""
26880
26970
"\n"
26905
26995
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26906
26996
msgstr ""
26907
26997
26908
#: serverguide/C/dm-multipath.xml:645(title)
26998
#: serverguide/C/dm-multipath.xml:644(title)
26909
26999
msgid "Configuring Storage Devices"
26910
27000
msgstr ""
26911
27001
26912
#: serverguide/C/dm-multipath.xml:647(para)
27002
#: serverguide/C/dm-multipath.xml:646(para)
26913
27003
msgid ""
26914
27004
"By default, DM-Multipath includes support for the most common storage arrays "
26915
27005
"that support DM-Multipath. The default configuration values, including "
26917
27007
"<filename>multipath.conf.defaults</filename> file."
26918
27008
msgstr ""
26919
27009
26920
#: serverguide/C/dm-multipath.xml:652(para)
27010
#: serverguide/C/dm-multipath.xml:651(para)
26921
27011
msgid ""
26922
27012
"If you need to add a storage device that is not supported by default as a "
26923
27013
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
26924
27014
"file and insert the appropriate device information."
26925
27015
msgstr ""
26926
27016
26927
#: serverguide/C/dm-multipath.xml:656(para)
27017
#: serverguide/C/dm-multipath.xml:655(para)
26928
27018
msgid ""
26929
27019
"For example, to add information about the HP Open-V series the entry looks "
26930
27020
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
26931
27021
msgstr ""
26932
27022
26933
#: serverguide/C/dm-multipath.xml:660(screen)
27023
#: serverguide/C/dm-multipath.xml:659(screen)
26934
27024
#, no-wrap
26935
27025
msgid ""
26936
27026
"devices {\n"
26943
27033
"}\n"
26944
27034
msgstr ""
26945
27035
26946
#: serverguide/C/dm-multipath.xml:669(para)
27036
#: serverguide/C/dm-multipath.xml:668(para)
26947
27037
msgid ""
26948
27038
"For more information on the devices section of the configuration file, see "
26949
27039
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
26950
27040
"device\"/>."
26951
27041
msgstr ""
26952
27042
26953
#: serverguide/C/dm-multipath.xml:676(title)
27043
#: serverguide/C/dm-multipath.xml:675(title)
26954
27044
msgid "The DM-Multipath Configuration File"
26955
27045
msgstr ""
26956
27046
26957
#: serverguide/C/dm-multipath.xml:678(para)
27047
#: serverguide/C/dm-multipath.xml:677(para)
26958
27048
msgid ""
26959
27049
"By default, DM-Multipath provides configuration values for the most common "
26960
27050
"uses of multipathing. In addition, DM-Multipath includes support for the "
26963
27053
"<filename>multipath.conf.defaults</filename> file."
26964
27054
msgstr ""
26965
27055
26966
#: serverguide/C/dm-multipath.xml:684(para)
27056
#: serverguide/C/dm-multipath.xml:683(para)
26967
27057
msgid ""
26968
27058
"You can override the default configuration values for DM-Multipath by "
26969
27059
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
26973
27063
"on the following topics: <placeholder-1/>"
26974
27064
msgstr ""
26975
27065
26976
#: serverguide/C/dm-multipath.xml:716(para)
27066
#: serverguide/C/dm-multipath.xml:715(para)
26977
27067
msgid ""
26978
27068
"In the multipath configuration file, you need to specify only the sections "
26979
27069
"that you need for your configuration, or that you wish to change from the "
26983
27073
"can leave them commented out, as they are in the initial file."
26984
27074
msgstr ""
26985
27075
26986
#: serverguide/C/dm-multipath.xml:724(para)
27076
#: serverguide/C/dm-multipath.xml:723(para)
26987
27077
msgid "The configuration file allows regular expression description syntax."
26988
27078
msgstr ""
26989
27079
26990
#: serverguide/C/dm-multipath.xml:727(para)
27080
#: serverguide/C/dm-multipath.xml:726(para)
26991
27081
msgid ""
26992
27082
"An annotated version of the configuration file can be found in "
26993
27083
"<filename><filename>/usr/share/doc/multipath-"
26994
27084
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26995
27085
msgstr ""
26996
27086
26997
#: serverguide/C/dm-multipath.xml:731(title)
27087
#: serverguide/C/dm-multipath.xml:730(title)
26998
27088
msgid "Configuration File Overview"
26999
27089
msgstr ""
27000
27090
27001
#: serverguide/C/dm-multipath.xml:733(para)
27091
#: serverguide/C/dm-multipath.xml:732(para)
27002
27092
msgid ""
27003
27093
"The multipath configuration file is divided into the following sections:"
27004
27094
msgstr ""
27005
27095
27006
#: serverguide/C/dm-multipath.xml:738(emphasis)
27096
#: serverguide/C/dm-multipath.xml:737(emphasis)
27007
27097
msgid "blacklist"
27008
27098
msgstr ""
27009
27099
27010
#: serverguide/C/dm-multipath.xml:741(para)
27100
#: serverguide/C/dm-multipath.xml:740(para)
27011
27101
msgid ""
27012
27102
"Listing of specific devices that will not be considered for multipath."
27013
27103
msgstr ""
27014
27104
27015
#: serverguide/C/dm-multipath.xml:747(emphasis)
27105
#: serverguide/C/dm-multipath.xml:746(emphasis)
27016
27106
msgid "blacklist_exceptions"
27017
27107
msgstr ""
27018
27108
27019
#: serverguide/C/dm-multipath.xml:750(para)
27109
#: serverguide/C/dm-multipath.xml:749(para)
27020
27110
msgid ""
27021
27111
"Listing of multipath candidates that would otherwise be blacklisted "
27022
27112
"according to the parameters of the blacklist section."
27023
27113
msgstr ""
27024
27114
27025
#: serverguide/C/dm-multipath.xml:757(emphasis)
27115
#: serverguide/C/dm-multipath.xml:756(emphasis)
27026
27116
msgid "defaults"
27027
27117
msgstr ""
27028
27118
27029
#: serverguide/C/dm-multipath.xml:760(para)
27119
#: serverguide/C/dm-multipath.xml:759(para)
27030
27120
msgid "General default settings for DM-Multipath."
27031
27121
msgstr ""
27032
27122
27033
#: serverguide/C/dm-multipath.xml:768(para)
27123
#: serverguide/C/dm-multipath.xml:767(para)
27034
27124
msgid ""
27035
27125
"Settings for the characteristics of individual multipath devices. These "
27036
27126
"values overwrite what is specified in the <emphasis "
27038
27128
"role=\"bold\">devices</emphasis> sections of the configuration file."
27039
27129
msgstr ""
27040
27130
27041
#: serverguide/C/dm-multipath.xml:777(emphasis)
27131
#: serverguide/C/dm-multipath.xml:776(emphasis)
27042
27132
msgid "devices"
27043
27133
msgstr ""
27044
27134
27045
#: serverguide/C/dm-multipath.xml:780(para)
27135
#: serverguide/C/dm-multipath.xml:779(para)
27046
27136
msgid ""
27047
27137
"Settings for the individual storage controllers. These values overwrite what "
27048
27138
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
27051
27141
"array."
27052
27142
msgstr ""
27053
27143
27054
#: serverguide/C/dm-multipath.xml:789(para)
27144
#: serverguide/C/dm-multipath.xml:788(para)
27055
27145
msgid ""
27056
27146
"When the system determines the attributes of a multipath device, first it "
27057
27147
"checks the multipath settings, then the per devices settings, then the "
27058
27148
"multipath system defaults."
27059
27149
msgstr ""
27060
27150
27061
#: serverguide/C/dm-multipath.xml:795(title)
27151
#: serverguide/C/dm-multipath.xml:794(title)
27062
27152
msgid "Configuration File Blacklist"
27063
27153
msgstr ""
27064
27154
27065
#: serverguide/C/dm-multipath.xml:797(para)
27155
#: serverguide/C/dm-multipath.xml:796(para)
27066
27156
msgid ""
27067
27157
"The blacklist section of the multipath configuration file specifies the "
27068
27158
"devices that will not be used when the system configures multipath devices. "
27069
27159
"Devices that are blacklisted will not be grouped into a multipath device."
27070
27160
msgstr ""
27071
27161
27072
#: serverguide/C/dm-multipath.xml:804(para)
27162
#: serverguide/C/dm-multipath.xml:803(para)
27073
27163
msgid ""
27074
27164
"If you do need to blacklist devices, you can do so according to the "
27075
27165
"following criteria:"
27076
27166
msgstr ""
27077
27167
27078
#: serverguide/C/dm-multipath.xml:809(para)
27168
#: serverguide/C/dm-multipath.xml:808(para)
27079
27169
msgid ""
27080
27170
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
27081
27171
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
27082
27172
msgstr ""
27083
27173
27084
#: serverguide/C/dm-multipath.xml:815(para)
27174
#: serverguide/C/dm-multipath.xml:814(para)
27085
27175
msgid ""
27086
27176
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
27087
27177
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
27088
27178
msgstr ""
27089
27179
27090
#: serverguide/C/dm-multipath.xml:821(para)
27180
#: serverguide/C/dm-multipath.xml:820(para)
27091
27181
msgid ""
27092
27182
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
27093
27183
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
27094
27184
msgstr ""
27095
27185
27096
#: serverguide/C/dm-multipath.xml:827(para)
27186
#: serverguide/C/dm-multipath.xml:826(para)
27097
27187
msgid ""
27098
27188
"By default, a variety of device types are blacklisted, even after you "
27099
27189
"comment out the initial blacklist section of the configuration file. For "
27101
27191
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
27102
27192
msgstr ""
27103
27193
27104
#: serverguide/C/dm-multipath.xml:836(title)
27194
#: serverguide/C/dm-multipath.xml:835(title)
27105
27195
msgid "Blacklisting By WWID"
27106
27196
msgstr ""
27107
27197
27108
#: serverguide/C/dm-multipath.xml:839(para)
27198
#: serverguide/C/dm-multipath.xml:838(para)
27109
27199
msgid ""
27110
27200
"You can specify individual devices to blacklist by their World-Wide "
27111
27201
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
27113
27203
"file."
27114
27204
msgstr ""
27115
27205
27116
#: serverguide/C/dm-multipath.xml:844(para)
27206
#: serverguide/C/dm-multipath.xml:843(para)
27117
27207
msgid ""
27118
27208
"The following example shows the lines in the configuration file that would "
27119
27209
"blacklist a device with a WWID of 26353900f02796769."
27120
27210
msgstr ""
27121
27211
27122
#: serverguide/C/dm-multipath.xml:847(screen)
27212
#: serverguide/C/dm-multipath.xml:846(screen)
27123
27213
#, no-wrap
27124
27214
msgid ""
27125
27215
"\n"
27128
27218
"}\n"
27129
27219
msgstr ""
27130
27220
27131
#: serverguide/C/dm-multipath.xml:855(title)
27221
#: serverguide/C/dm-multipath.xml:854(title)
27132
27222
msgid "Blacklisting By Device Name"
27133
27223
msgstr ""
27134
27224
27135
#: serverguide/C/dm-multipath.xml:858(para)
27225
#: serverguide/C/dm-multipath.xml:857(para)
27136
27226
msgid ""
27137
27227
"You can blacklist device types by device name so that they will not be "
27138
27228
"grouped into a multipath device by specifying a <emphasis "
27140
27230
"role=\"bold\">blacklist</emphasis> section of the configuration file."
27141
27231
msgstr ""
27142
27232
27143
#: serverguide/C/dm-multipath.xml:864(para)
27233
#: serverguide/C/dm-multipath.xml:863(para)
27144
27234
msgid ""
27145
27235
"The following example shows the lines in the configuration file that would "
27146
27236
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
27149
27239
"}</screen>"
27150
27240
msgstr ""
27151
27241
27152
#: serverguide/C/dm-multipath.xml:871(para)
27242
#: serverguide/C/dm-multipath.xml:870(para)
27153
27243
msgid ""
27154
27244
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
27155
27245
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
27161
27251
"on reboot."
27162
27252
msgstr ""
27163
27253
27164
#: serverguide/C/dm-multipath.xml:881(para)
27254
#: serverguide/C/dm-multipath.xml:880(para)
27165
27255
msgid ""
27166
27256
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
27167
27257
"are compiled in the default blacklist; the devices that these entries "
27177
27267
"</screen>"
27178
27268
msgstr ""
27179
27269
27180
#: serverguide/C/dm-multipath.xml:898(title)
27270
#: serverguide/C/dm-multipath.xml:897(title)
27181
27271
msgid "Blacklisting By Device Type"
27182
27272
msgstr ""
27183
27273
27184
#: serverguide/C/dm-multipath.xml:901(para)
27274
#: serverguide/C/dm-multipath.xml:900(para)
27185
27275
msgid ""
27186
27276
"You can specify specific device types in the <emphasis "
27187
27277
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
27200
27290
"</screen>"
27201
27291
msgstr ""
27202
27292
27203
#: serverguide/C/dm-multipath.xml:919(title)
27293
#: serverguide/C/dm-multipath.xml:918(title)
27204
27294
msgid "Blacklist Exceptions"
27205
27295
msgstr ""
27206
27296
27207
#: serverguide/C/dm-multipath.xml:922(para)
27297
#: serverguide/C/dm-multipath.xml:921(para)
27208
27298
msgid ""
27209
27299
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
27210
27300
"section of the configuration file to enable multipathing on devices that "
27211
27301
"have been blacklisted by default."
27212
27302
msgstr ""
27213
27303
27214
#: serverguide/C/dm-multipath.xml:927(para)
27304
#: serverguide/C/dm-multipath.xml:926(para)
27215
27305
msgid ""
27216
27306
"For example, if you have a large number of devices and want to multipath "
27217
27307
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
27229
27319
"</screen>"
27230
27320
msgstr ""
27231
27321
27232
#: serverguide/C/dm-multipath.xml:942(para)
27322
#: serverguide/C/dm-multipath.xml:941(para)
27233
27323
msgid ""
27234
27324
"When specifying devices in the <emphasis "
27235
27325
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
27241
27331
"only to devnode entries, and device exceptions apply only to device entries."
27242
27332
msgstr ""
27243
27333
27244
#: serverguide/C/dm-multipath.xml:955(title)
27334
#: serverguide/C/dm-multipath.xml:954(title)
27245
27335
msgid "Configuration File Defaults"
27246
27336
msgstr ""
27247
27337
27248
#: serverguide/C/dm-multipath.xml:957(para)
27338
#: serverguide/C/dm-multipath.xml:956(para)
27249
27339
msgid ""
27250
27340
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
27251
27341
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
27253
27343
"role=\"bold\">yes</emphasis>, as follows."
27254
27344
msgstr ""
27255
27345
27256
#: serverguide/C/dm-multipath.xml:962(screen)
27346
#: serverguide/C/dm-multipath.xml:961(screen)
27257
27347
#, no-wrap
27258
27348
msgid ""
27259
27349
"\n"
27262
27352
"}\n"
27263
27353
msgstr ""
27264
27354
27265
#: serverguide/C/dm-multipath.xml:968(para)
27355
#: serverguide/C/dm-multipath.xml:967(para)
27266
27356
msgid ""
27267
27357
"This overwrites the default value of the <emphasis "
27268
27358
"role=\"bold\">user_friendly_names</emphasis> parameter."
27269
27359
msgstr ""
27270
27360
27271
#: serverguide/C/dm-multipath.xml:971(para)
27361
#: serverguide/C/dm-multipath.xml:970(para)
27272
27362
msgid ""
27273
27363
"The configuration file includes a template of configuration defaults. This "
27274
27364
"section is commented out, as follows."
27275
27365
msgstr ""
27276
27366
27277
#: serverguide/C/dm-multipath.xml:974(screen)
27367
#: serverguide/C/dm-multipath.xml:973(screen)
27278
27368
#, no-wrap
27279
27369
msgid ""
27280
27370
"\n"
27295
27385
"#}\n"
27296
27386
msgstr ""
27297
27387
27298
#: serverguide/C/dm-multipath.xml:991(para)
27388
#: serverguide/C/dm-multipath.xml:990(para)
27299
27389
msgid ""
27300
27390
"To overwrite the default value for any of the configuration parameters, you "
27301
27391
"can copy the relevant line from this template into the <emphasis "
27308
27398
"uncomment it, as follows."
27309
27399
msgstr ""
27310
27400
27311
#: serverguide/C/dm-multipath.xml:1002(screen)
27401
#: serverguide/C/dm-multipath.xml:1001(screen)
27312
27402
#, no-wrap
27313
27403
msgid ""
27314
27404
"\n"
27318
27408
"}\n"
27319
27409
msgstr ""
27320
27410
27321
#: serverguide/C/dm-multipath.xml:1009(para)
27411
#: serverguide/C/dm-multipath.xml:1008(para)
27322
27412
msgid ""
27323
27413
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
27324
27414
"config-defaults-table\"/> describes the attributes that are set in the "
27330
27420
"<filename>multipath.conf</filename> file."
27331
27421
msgstr ""
27332
27422
27333
#: serverguide/C/dm-multipath.xml:1023(title)
27423
#: serverguide/C/dm-multipath.xml:1022(title)
27334
27424
msgid "Configuration File Multipath Attributes"
27335
27425
msgstr ""
27336
27426
27337
#: serverguide/C/dm-multipath.xml:1026(para)
27427
#: serverguide/C/dm-multipath.xml:1025(para)
27338
27428
msgid ""
27339
27429
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
27340
27430
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
27346
27436
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
27347
27437
msgstr ""
27348
27438
27349
#: serverguide/C/dm-multipath.xml:1039(para)
27439
#: serverguide/C/dm-multipath.xml:1038(para)
27350
27440
msgid ""
27351
27441
"In addition, the following parameters may be overridden in this <emphasis "
27352
27442
"role=\"bold\">multipath</emphasis> section"
27353
27443
msgstr ""
27354
27444
27355
#: serverguide/C/dm-multipath.xml:1088(para)
27445
#: serverguide/C/dm-multipath.xml:1087(para)
27356
27446
msgid ""
27357
27447
"The following example shows multipath attributes specified in the "
27358
27448
"configuration file for two specific multipath devices. The first device has "
27367
27457
"are set to priorities."
27368
27458
msgstr ""
27369
27459
27370
#: serverguide/C/dm-multipath.xml:1098(screen)
27460
#: serverguide/C/dm-multipath.xml:1097(screen)
27371
27461
#, no-wrap
27372
27462
msgid ""
27373
27463
"\n"
27389
27479
"}\n"
27390
27480
msgstr ""
27391
27481
27392
#: serverguide/C/dm-multipath.xml:1119(title)
27482
#: serverguide/C/dm-multipath.xml:1118(title)
27393
27483
msgid "Configuration File Devices"
27394
27484
msgstr ""
27395
27485
27396
#: serverguide/C/dm-multipath.xml:1121(para)
27486
#: serverguide/C/dm-multipath.xml:1120(para)
27397
27487
msgid ""
27398
27488
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
27399
27489
"device-attributes-table\"/> shows the attributes that you can set for each "
27407
27497
"<filename>multipath.conf</filename> file."
27408
27498
msgstr ""
27409
27499
27410
#: serverguide/C/dm-multipath.xml:1132(para)
27500
#: serverguide/C/dm-multipath.xml:1131(para)
27411
27501
msgid ""
27412
27502
"Many devices that support multipathing are included by default in a "
27413
27503
"multipath configuration. The values for the devices that are supported by "
27421
27511
"the device and override the values that you want to change."
27422
27512
msgstr ""
27423
27513
27424
#: serverguide/C/dm-multipath.xml:1144(para)
27514
#: serverguide/C/dm-multipath.xml:1143(para)
27425
27515
msgid ""
27426
27516
"To add a device to this section of the configuration file that is not "
27427
27517
"configured automatically by default, you must set the <emphasis "
27433
27523
"device_name is the device to be multipathed, as in the following example:"
27434
27524
msgstr ""
27435
27525
27436
#: serverguide/C/dm-multipath.xml:1154(screen)
27526
#: serverguide/C/dm-multipath.xml:1153(screen)
27437
27527
#, no-wrap
27438
27528
msgid ""
27439
27529
"\n"
27443
27533
"SF2372\n"
27444
27534
msgstr ""
27445
27535
27446
#: serverguide/C/dm-multipath.xml:1161(para)
27536
#: serverguide/C/dm-multipath.xml:1160(para)
27447
27537
msgid ""
27448
27538
"The additional parameters to specify depend on your specific device. If the "
27449
27539
"device is active/active, you will usually not need to set additional "
27456
27546
"table\"/>."
27457
27547
msgstr ""
27458
27548
27459
#: serverguide/C/dm-multipath.xml:1171(para)
27549
#: serverguide/C/dm-multipath.xml:1170(para)
27460
27550
msgid ""
27461
27551
"If the device is active/passive, but it automatically switches paths with "
27462
27552
"I/O to the passive path, you need to change the checker function to one that "
27467
27557
"the Test Unit Ready command, which most do."
27468
27558
msgstr ""
27469
27559
27470
#: serverguide/C/dm-multipath.xml:1180(para)
27560
#: serverguide/C/dm-multipath.xml:1179(para)
27471
27561
msgid ""
27472
27562
"If the device needs a special command to switch paths, then configuring this "
27473
27563
"device for multipath requires a hardware handler kernel module. The current "
27475
27565
"device, you may not be able to configure the device for multipath."
27476
27566
msgstr ""
27477
27567
27478
#: serverguide/C/dm-multipath.xml:1189(para)
27568
#: serverguide/C/dm-multipath.xml:1188(para)
27479
27569
msgid ""
27480
27570
"In addition, the following parameters may be overridden in this <emphasis "
27481
27571
"role=\"bold\">device</emphasis> section"
27482
27572
msgstr ""
27483
27573
27484
#: serverguide/C/dm-multipath.xml:1264(para)
27574
#: serverguide/C/dm-multipath.xml:1263(para)
27485
27575
msgid ""
27486
27576
"Whenever a hardware_handler is specified, it is your responsibility to "
27487
27577
"ensure that the appropriate kernel module is loaded to support the specified "
27495
27585
"# update-initramfs -u -k all</screen>"
27496
27586
msgstr ""
27497
27587
27498
#: serverguide/C/dm-multipath.xml:1275(para)
27588
#: serverguide/C/dm-multipath.xml:1274(para)
27499
27589
msgid ""
27500
27590
"The following example shows a device entry in the multipath configuration "
27501
27591
"file."
27502
27592
msgstr ""
27503
27593
27504
#: serverguide/C/dm-multipath.xml:1278(screen)
27594
#: serverguide/C/dm-multipath.xml:1277(screen)
27505
27595
#, no-wrap
27506
27596
msgid ""
27507
27597
"\n"
27516
27606
"#}\n"
27517
27607
msgstr ""
27518
27608
27519
#: serverguide/C/dm-multipath.xml:1290(para)
27609
#: serverguide/C/dm-multipath.xml:1289(para)
27520
27610
msgid ""
27521
27611
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
27522
27612
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
27533
27623
"characters or spaces, as seen in the example above"
27534
27624
msgstr ""
27535
27625
27536
#: serverguide/C/dm-multipath.xml:1307(para)
27626
#: serverguide/C/dm-multipath.xml:1306(para)
27537
27627
msgid "vendor: 8 characters"
27538
27628
msgstr ""
27539
27629
27540
#: serverguide/C/dm-multipath.xml:1311(para)
27630
#: serverguide/C/dm-multipath.xml:1310(para)
27541
27631
msgid "product: 16 characters"
27542
27632
msgstr ""
27543
27633
27544
#: serverguide/C/dm-multipath.xml:1315(para)
27634
#: serverguide/C/dm-multipath.xml:1314(para)
27545
27635
msgid "revision: 4 characters"
27546
27636
msgstr ""
27547
27637
27548
#: serverguide/C/dm-multipath.xml:1319(para)
27638
#: serverguide/C/dm-multipath.xml:1318(para)
27549
27639
msgid ""
27550
27640
"To create a more robust configuration file, regular expressions can also be "
27551
27641
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
27554
27644
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27555
27645
msgstr ""
27556
27646
27557
#: serverguide/C/dm-multipath.xml:1326(screen)
27647
#: serverguide/C/dm-multipath.xml:1325(screen)
27558
27648
#, no-wrap
27559
27649
msgid "# echo 'show config' | multipathd -k"
27560
27650
msgstr ""
27561
27651
27562
#: serverguide/C/dm-multipath.xml:1331(title)
27652
#: serverguide/C/dm-multipath.xml:1330(title)
27563
27653
msgid "DM-Multipath Administration and Troubleshooting"
27564
27654
msgstr ""
27565
27655
27566
#: serverguide/C/dm-multipath.xml:1334(title)
27656
#: serverguide/C/dm-multipath.xml:1333(title)
27567
27657
msgid "Resizing an Online Multipath Device"
27568
27658
msgstr ""
27569
27659
27570
#: serverguide/C/dm-multipath.xml:1336(para)
27660
#: serverguide/C/dm-multipath.xml:1335(para)
27571
27661
msgid ""
27572
27662
"If you need to resize an online multipath device, use the following procedure"
27573
27663
msgstr ""
27574
27664
27575
#: serverguide/C/dm-multipath.xml:1341(para)
27665
#: serverguide/C/dm-multipath.xml:1340(para)
27576
27666
msgid "Resize your physical device. This is storage platform specific."
27577
27667
msgstr ""
27578
27668
27579
#: serverguide/C/dm-multipath.xml:1346(para)
27669
#: serverguide/C/dm-multipath.xml:1345(para)
27580
27670
msgid "Use the following command to find the paths to the LUN:"
27581
27671
msgstr ""
27582
27672
27583
#: serverguide/C/dm-multipath.xml:1348(screen)
27673
#: serverguide/C/dm-multipath.xml:1347(screen)
27584
27674
#, no-wrap
27585
27675
msgid "# multipath -l"
27586
27676
msgstr ""
27587
27677
27588
#: serverguide/C/dm-multipath.xml:1352(para)
27678
#: serverguide/C/dm-multipath.xml:1351(para)
27589
27679
msgid ""
27590
27680
"Resize your paths. For SCSI devices, writing 1 to the "
27591
27681
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27592
27682
"rescan, as in the following command:"
27593
27683
msgstr ""
27594
27684
27595
#: serverguide/C/dm-multipath.xml:1356(screen)
27685
#: serverguide/C/dm-multipath.xml:1355(screen)
27596
27686
#, no-wrap
27597
27687
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27598
27688
msgstr ""
27599
27689
27600
#: serverguide/C/dm-multipath.xml:1360(para)
27690
#: serverguide/C/dm-multipath.xml:1359(para)
27601
27691
msgid ""
27602
27692
"Resize your multipath device by running the multipathd resize command:"
27603
27693
msgstr ""
27604
27694
27605
#: serverguide/C/dm-multipath.xml:1363(screen)
27695
#: serverguide/C/dm-multipath.xml:1362(screen)
27606
27696
#, no-wrap
27607
27697
msgid "# multipathd -k 'resize map mpatha'"
27608
27698
msgstr ""
27609
27699
27610
#: serverguide/C/dm-multipath.xml:1367(para)
27700
#: serverguide/C/dm-multipath.xml:1366(para)
27611
27701
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27612
27702
msgstr ""
27613
27703
27614
#: serverguide/C/dm-multipath.xml:1370(screen)
27704
#: serverguide/C/dm-multipath.xml:1369(screen)
27615
27705
#, no-wrap
27616
27706
msgid "# resize2fs /dev/mapper/mpatha"
27617
27707
msgstr ""
27618
27708
27619
#: serverguide/C/dm-multipath.xml:1376(title)
27709
#: serverguide/C/dm-multipath.xml:1375(title)
27620
27710
msgid ""
27621
27711
"Moving root File Systems from a Single Path Device to a Multipath Device"
27622
27712
msgstr ""
27623
27713
27624
#: serverguide/C/dm-multipath.xml:1379(para)
27714
#: serverguide/C/dm-multipath.xml:1378(para)
27625
27715
msgid ""
27626
27716
"This is dramatically simplified by the use of UUIDs to identify devices as "
27627
27717
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27630
27720
"mounted by UUID."
27631
27721
msgstr ""
27632
27722
27633
#: serverguide/C/dm-multipath.xml:1386(para)
27723
#: serverguide/C/dm-multipath.xml:1385(para)
27634
27724
msgid ""
27635
27725
"Whenever <filename>multipath.conf</filename> is updated, so should the "
27636
27726
"initrd by executing <command>update-initramfs -u -k all</command>. The "
27639
27729
"blacklist and device sections."
27640
27730
msgstr ""
27641
27731
27642
#: serverguide/C/dm-multipath.xml:1395(title)
27732
#: serverguide/C/dm-multipath.xml:1394(title)
27643
27733
msgid ""
27644
27734
"Moving swap File Systems from a Single Path Device to a Multipath Device"
27645
27735
msgstr ""
27646
27736
27647
#: serverguide/C/dm-multipath.xml:1398(para)
27737
#: serverguide/C/dm-multipath.xml:1397(para)
27648
27738
msgid ""
27649
27739
"The procedure is exactly the same as illustrated in the previous section "
27650
27740
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
27652
27742
"Device</link>."
27653
27743
msgstr ""
27654
27744
27655
#: serverguide/C/dm-multipath.xml:1406(title)
27745
#: serverguide/C/dm-multipath.xml:1405(title)
27656
27746
msgid "The Multipath Daemon"
27657
27747
msgstr ""
27658
27748
27659
#: serverguide/C/dm-multipath.xml:1408(para)
27749
#: serverguide/C/dm-multipath.xml:1407(para)
27660
27750
msgid ""
27661
27751
"If you find you have trouble implementing a multipath configuration, you "
27662
27752
"should ensure the multipath daemon is running as described in <link "
27668
27758
"<command>multipathd</command> as a debugging aid."
27669
27759
msgstr ""
27670
27760
27671
#: serverguide/C/dm-multipath.xml:1448(title)
27761
#: serverguide/C/dm-multipath.xml:1447(title)
27672
27762
msgid "Issues with queue_if_no_path"
27673
27763
msgstr ""
27674
27764
27675
#: serverguide/C/dm-multipath.xml:1450(para)
27765
#: serverguide/C/dm-multipath.xml:1449(para)
27676
27766
msgid ""
27677
27767
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
27678
27768
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
27682
27772
"<filename>/etc/multipath.conf</filename>."
27683
27773
msgstr ""
27684
27774
27685
#: serverguide/C/dm-multipath.xml:1457(para)
27775
#: serverguide/C/dm-multipath.xml:1456(para)
27686
27776
msgid ""
27687
27777
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
27688
27778
"remove the <emphasis role=\"bold\">features \"1 "
27698
27788
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
27699
27789
msgstr ""
27700
27790
27701
#: serverguide/C/dm-multipath.xml:1471(para)
27791
#: serverguide/C/dm-multipath.xml:1470(para)
27702
27792
msgid ""
27703
27793
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
27704
27794
"option and you experience the issue noted here, use the "
27709
27799
"<option> \"fail_if_no_path\"</option>, execute the following command."
27710
27800
msgstr ""
27711
27801
27712
#: serverguide/C/dm-multipath.xml:1480(screen)
27802
#: serverguide/C/dm-multipath.xml:1479(screen)
27713
27803
#, no-wrap
27714
27804
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
27715
27805
msgstr ""
27716
27806
27717
#: serverguide/C/dm-multipath.xml:1483(para)
27807
#: serverguide/C/dm-multipath.xml:1482(para)
27718
27808
msgid ""
27719
27809
"You must specify the <filename>mpathN</filename> alias rather than the path"
27720
27810
msgstr ""
27721
27811
27722
#: serverguide/C/dm-multipath.xml:1489(title)
27812
#: serverguide/C/dm-multipath.xml:1488(title)
27723
27813
msgid "Multipath Command Output"
27724
27814
msgstr ""
27725
27815
27726
#: serverguide/C/dm-multipath.xml:1491(para)
27816
#: serverguide/C/dm-multipath.xml:1490(para)
27727
27817
msgid ""
27728
27818
"When you create, modify, or list a multipath device, you get a printout of "
27729
27819
"the current device setup. The format is as follows. For each multipath "
27730
27820
"device:"
27731
27821
msgstr ""
27732
27822
27733
#: serverguide/C/dm-multipath.xml:1495(screen)
27823
#: serverguide/C/dm-multipath.xml:1494(screen)
27734
27824
#, no-wrap
27735
27825
msgid ""
27736
27826
" action_if_any: alias (wwid_if_different_from_alias) "
27739
27829
"wp=write_permission_if_known"
27740
27830
msgstr ""
27741
27831
27742
#: serverguide/C/dm-multipath.xml:1498(para)
27832
#: serverguide/C/dm-multipath.xml:1497(para)
27743
27833
msgid "For each path group:"
27744
27834
msgstr ""
27745
27835
27746
#: serverguide/C/dm-multipath.xml:1500(screen)
27836
#: serverguide/C/dm-multipath.xml:1499(screen)
27747
27837
#, no-wrap
27748
27838
msgid ""
27749
27839
" -+- policy='scheduling_policy' prio=prio_if_known\n"
27750
27840
" status=path_group_status_if_known"
27751
27841
msgstr ""
27752
27842
27753
#: serverguide/C/dm-multipath.xml:1503(para)
27843
#: serverguide/C/dm-multipath.xml:1502(para)
27754
27844
msgid "For each path:"
27755
27845
msgstr ""
27756
27846
27757
#: serverguide/C/dm-multipath.xml:1505(screen)
27847
#: serverguide/C/dm-multipath.xml:1504(screen)
27758
27848
#, no-wrap
27759
27849
msgid ""
27760
27850
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
27762
27852
" online_status"
27763
27853
msgstr ""
27764
27854
27765
#: serverguide/C/dm-multipath.xml:1508(para)
27855
#: serverguide/C/dm-multipath.xml:1507(para)
27766
27856
msgid ""
27767
27857
"For example, the output of a multipath command might appear as follows:"
27768
27858
msgstr ""
27769
27859
27770
#: serverguide/C/dm-multipath.xml:1511(screen)
27860
#: serverguide/C/dm-multipath.xml:1510(screen)
27771
27861
#, no-wrap
27772
27862
msgid ""
27773
27863
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
27778
27868
" `- 7:0:0:0 sdf 8:80 active ready running"
27779
27869
msgstr ""
27780
27870
27781
#: serverguide/C/dm-multipath.xml:1518(para)
27871
#: serverguide/C/dm-multipath.xml:1517(para)
27782
27872
msgid ""
27783
27873
"If the path is up and ready for I/O, the status of the path is <emphasis "
27784
27874
"role=\"bold\">ready</emphasis> or <emphasis "
27789
27879
"defined in the <filename>/etc/multipath.conf</filename> file."
27790
27880
msgstr ""
27791
27881
27792
#: serverguide/C/dm-multipath.xml:1526(para)
27882
#: serverguide/C/dm-multipath.xml:1525(para)
27793
27883
msgid ""
27794
27884
"The dm status is similar to the path status, but from the kernel's point of "
27795
27885
"view. The dm status has two states: <emphasis "
27800
27890
"not agree."
27801
27891
msgstr ""
27802
27892
27803
#: serverguide/C/dm-multipath.xml:1534(para)
27893
#: serverguide/C/dm-multipath.xml:1533(para)
27804
27894
msgid ""
27805
27895
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
27806
27896
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
27809
27899
"disabled."
27810
27900
msgstr ""
27811
27901
27812
#: serverguide/C/dm-multipath.xml:1542(para)
27902
#: serverguide/C/dm-multipath.xml:1541(para)
27813
27903
msgid ""
27814
27904
"When a multipath device is being created or modified , the path group "
27815
27905
"status, the dm device name, the write permissions, and the dm status are not "
27816
27906
"known. Also, the features are not always correct"
27817
27907
msgstr ""
27818
27908
27819
#: serverguide/C/dm-multipath.xml:1549(title)
27909
#: serverguide/C/dm-multipath.xml:1548(title)
27820
27910
msgid "Multipath Queries with multipath Command"
27821
27911
msgstr ""
27822
27912
27823
#: serverguide/C/dm-multipath.xml:1551(para)
27913
#: serverguide/C/dm-multipath.xml:1550(para)
27824
27914
msgid ""
27825
27915
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
27826
27916
"role=\"bold\">-ll</emphasis> options of the <emphasis "
27832
27922
"available components of the system."
27833
27923
msgstr ""
27834
27924
27835
#: serverguide/C/dm-multipath.xml:1560(para)
27925
#: serverguide/C/dm-multipath.xml:1559(para)
27836
27926
msgid ""
27837
27927
"When displaying the multipath configuration, there are three verbosity "
27838
27928
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
27843
27933
"v2</emphasis> prints all detected paths, multipaths, and device maps."
27844
27934
msgstr ""
27845
27935
27846
#: serverguide/C/dm-multipath.xml:1570(para)
27936
#: serverguide/C/dm-multipath.xml:1569(para)
27847
27937
msgid ""
27848
27938
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
27849
27939
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
27852
27942
"of <filename>multipath.conf</filename>."
27853
27943
msgstr ""
27854
27944
27855
#: serverguide/C/dm-multipath.xml:1577(para)
27945
#: serverguide/C/dm-multipath.xml:1576(para)
27856
27946
msgid ""
27857
27947
"The following example shows the output of a <emphasis "
27858
27948
"role=\"bold\">multipath -l</emphasis> command."
27859
27949
msgstr ""
27860
27950
27861
#: serverguide/C/dm-multipath.xml:1580(screen)
27951
#: serverguide/C/dm-multipath.xml:1579(screen)
27862
27952
#, no-wrap
27863
27953
msgid ""
27864
27954
"# multipath -l\n"
27870
27960
" `- 7:0:0:0 sdf 8:80 active ready running"
27871
27961
msgstr ""
27872
27962
27873
#: serverguide/C/dm-multipath.xml:1588(para)
27963
#: serverguide/C/dm-multipath.xml:1587(para)
27874
27964
msgid ""
27875
27965
"The following example shows the output of a <emphasis "
27876
27966
"role=\"bold\">multipath -ll</emphasis> command."
27877
27967
msgstr ""
27878
27968
27879
#: serverguide/C/dm-multipath.xml:1591(screen)
27969
#: serverguide/C/dm-multipath.xml:1590(screen)
27880
27970
#, no-wrap
27881
27971
msgid ""
27882
27972
"# multipath -ll\n"
27893
27983
" `- 18:0:0:3 sdj 8:144 active ready running"
27894
27984
msgstr ""
27895
27985
27896
#: serverguide/C/dm-multipath.xml:1606(title)
27986
#: serverguide/C/dm-multipath.xml:1605(title)
27897
27987
msgid "Multipath Command Options"
27898
27988
msgstr ""
27899
27989
27900
#: serverguide/C/dm-multipath.xml:1608(para)
27990
#: serverguide/C/dm-multipath.xml:1607(para)
27901
27991
msgid ""
27902
27992
"Table <xref endterm=\"useful-multipath-command-options-title\" "
27903
27993
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
27905
27995
"useful."
27906
27996
msgstr ""
27907
27997
27908
#: serverguide/C/dm-multipath.xml:1614(title)
27998
#: serverguide/C/dm-multipath.xml:1613(title)
27909
27999
msgid "Useful multipath Command Options"
27910
28000
msgstr ""
27911
28001
27912
#: serverguide/C/dm-multipath.xml:1623(entry)
28002
#: serverguide/C/dm-multipath.xml:1622(entry)
27913
28003
msgid "Option"
27914
28004
msgstr ""
27915
28005
27916
#: serverguide/C/dm-multipath.xml:1630(emphasis)
28006
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27917
28007
msgid "-l"
27918
28008
msgstr ""
27919
28009
27920
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
28010
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27921
28011
msgid "sysfs"
27922
28012
msgstr ""
27923
28013
27924
#: serverguide/C/dm-multipath.xml:1631(entry)
28014
#: serverguide/C/dm-multipath.xml:1630(entry)
27925
28015
msgid ""
27926
28016
"Display the current multipath configuration gathered from <placeholder-1/> "
27927
28017
"and the device mapper."
27928
28018
msgstr ""
27929
28019
27930
#: serverguide/C/dm-multipath.xml:1637(emphasis)
28020
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27931
28021
msgid "-ll"
27932
28022
msgstr ""
27933
28023
27934
#: serverguide/C/dm-multipath.xml:1638(entry)
28024
#: serverguide/C/dm-multipath.xml:1637(entry)
27935
28025
msgid ""
27936
28026
"Display the current multipath configuration gathered from <placeholder-1/>, "
27937
28027
"the device mapper, and all other available components on the system."
27938
28028
msgstr ""
27939
28029
27940
#: serverguide/C/dm-multipath.xml:1644(emphasis)
28030
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27941
28031
msgid "-f device"
27942
28032
msgstr ""
27943
28033
27944
#: serverguide/C/dm-multipath.xml:1645(entry)
28034
#: serverguide/C/dm-multipath.xml:1644(entry)
27945
28035
msgid "Remove the named multipath device."
27946
28036
msgstr ""
27947
28037
27948
#: serverguide/C/dm-multipath.xml:1649(emphasis)
28038
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27949
28039
msgid "-F"
27950
28040
msgstr ""
27951
28041
27952
#: serverguide/C/dm-multipath.xml:1650(entry)
28042
#: serverguide/C/dm-multipath.xml:1649(entry)
27953
28043
msgid "Remove all unused multipath devices."
27954
28044
msgstr ""
27955
28045
27956
#: serverguide/C/dm-multipath.xml:1658(title)
28046
#: serverguide/C/dm-multipath.xml:1657(title)
27957
28047
msgid "Determining Device Mapper Entries with dmsetup Command"
27958
28048
msgstr ""
27959
28049
27960
#: serverguide/C/dm-multipath.xml:1660(para)
28050
#: serverguide/C/dm-multipath.xml:1659(para)
27961
28051
msgid ""
27962
28052
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27963
28053
"out which device mapper entries match the <emphasis "
27964
28054
"role=\"bold\">multipathed</emphasis> devices."
27965
28055
msgstr ""
27966
28056
27967
#: serverguide/C/dm-multipath.xml:1664(para)
28057
#: serverguide/C/dm-multipath.xml:1663(para)
27968
28058
msgid ""
27969
28059
"The following command displays all the device mapper devices and their major "
27970
28060
"and minor numbers. The minor numbers determine the name of the dm device. "
27973
28063
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
27974
28064
msgstr ""
27975
28065
27976
#: serverguide/C/dm-multipath.xml:1670(screen)
28066
#: serverguide/C/dm-multipath.xml:1669(screen)
27977
28067
#, no-wrap
27978
28068
msgid ""
27979
28069
"\n"
27996
28086
" "
27997
28087
msgstr ""
27998
28088
27999
#: serverguide/C/dm-multipath.xml:1691(title)
28089
#: serverguide/C/dm-multipath.xml:1690(title)
28000
28090
msgid "Troubleshooting with the multipathd interactive console"
28001
28091
msgstr ""
28002
28092
28003
#: serverguide/C/dm-multipath.xml:1693(para)
28093
#: serverguide/C/dm-multipath.xml:1692(para)
28004
28094
msgid ""
28005
28095
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
28006
28096
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
28010
28100
"role=\"bold\">CTRL-D</emphasis> to quit."
28011
28101
msgstr ""
28012
28102
28013
#: serverguide/C/dm-multipath.xml:1700(para)
28103
#: serverguide/C/dm-multipath.xml:1699(para)
28014
28104
msgid ""
28015
28105
"The multipathd interactive console can be used to troubleshoot problems you "
28016
28106
"may be having with your system. For example, the following command sequence "
28020
28110
"Multipathd\"</ulink> for more examples."
28021
28111
msgstr ""
28022
28112
28023
#: serverguide/C/dm-multipath.xml:1707(screen)
28113
#: serverguide/C/dm-multipath.xml:1706(screen)
28024
28114
#, no-wrap
28025
28115
msgid ""
28026
28116
"# multipathd -k\n"
28028
28118
" > > CTRL-D"
28029
28119
msgstr ""
28030
28120
28031
#: serverguide/C/dm-multipath.xml:1711(para)
28121
#: serverguide/C/dm-multipath.xml:1710(para)
28032
28122
msgid ""
28033
28123
"The following command sequence ensures that multipath has picked up any "
28034
28124
"changes to the multipath.conf,"
28035
28125
msgstr ""
28036
28126
28037
#: serverguide/C/dm-multipath.xml:1714(screen)
28127
#: serverguide/C/dm-multipath.xml:1713(screen)
28038
28128
#, no-wrap
28039
28129
msgid ""
28040
28130
"\n"
28043
28133
"> > CTRL-D\n"
28044
28134
msgstr ""
28045
28135
28046
#: serverguide/C/dm-multipath.xml:1720(para)
28136
#: serverguide/C/dm-multipath.xml:1719(para)
28047
28137
msgid ""
28048
28138
"Use the following command sequence to ensure that the path checker is "
28049
28139
"working properly."
28050
28140
msgstr ""
28051
28141
28052
#: serverguide/C/dm-multipath.xml:1723(screen)
28142
#: serverguide/C/dm-multipath.xml:1722(screen)
28053
28143
#, no-wrap
28054
28144
msgid ""
28055
28145
"\n"
28058
28148
"> > CTRL-D\n"
28059
28149
msgstr ""
28060
28150
28061
#: serverguide/C/dm-multipath.xml:1729(para)
28151
#: serverguide/C/dm-multipath.xml:1728(para)
28062
28152
msgid ""
28063
28153
"Commands can also be streamed into multipathd using stdin like so:<screen># "
28064
28154
"echo 'show config' | multipathd -k</screen>"
28072
28162
msgid "Ubuntu provides two popular database servers. They are:"
28073
28163
msgstr ""
28074
28164
28075
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
28165
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
28076
28166
msgid "MySQL"
28077
28167
msgstr "MySQL"
28078
28168
28079
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
28169
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
28080
28170
msgid "PostgreSQL"
28081
28171
msgstr "PostgreSQL"
28082
28172
28097
28187
msgid "To install MySQL, run the following command from a terminal prompt:"
28098
28188
msgstr "Каб устанавіць MySQL, запусьціце наступны загад у тэрмінале:"
28099
28189
28100
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
28190
#: serverguide/C/databases.xml:42(command)
28101
28191
msgid "sudo apt-get install mysql-server"
28102
28192
msgstr "sudo apt-get install mysql-server"
28103
28193
28104
#: serverguide/C/databases.xml:51(para)
28194
#: serverguide/C/databases.xml:44(para)
28105
28195
msgid ""
28106
28196
"During the installation process you will be prompted to enter a password for "
28107
28197
"the MySQL root user."
28108
28198
msgstr ""
28109
28199
28110
#: serverguide/C/databases.xml:55(para)
28200
#: serverguide/C/databases.xml:48(para)
28111
28201
msgid ""
28112
28202
"Once the installation is complete, the MySQL server should be started "
28113
28203
"automatically. You can run the following command from a terminal prompt to "
28114
28204
"check whether the MySQL server is running:"
28115
28205
msgstr ""
28116
28206
28117
#: serverguide/C/databases.xml:62(command)
28207
#: serverguide/C/databases.xml:55(command)
28118
28208
msgid "sudo netstat -tap | grep mysql"
28119
28209
msgstr "sudo netstat -tap | grep mysql"
28120
28210
28121
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
28211
#: serverguide/C/databases.xml:58(para)
28122
28212
msgid ""
28123
28213
"When you run this command, you should see the following line or something "
28124
28214
"similar:"
28125
28215
msgstr ""
28126
28216
28127
#: serverguide/C/databases.xml:69(programlisting)
28217
#: serverguide/C/databases.xml:62(programlisting)
28128
28218
#, no-wrap
28129
28219
msgid ""
28130
28220
"\n"
28132
28222
"2556/mysqld\n"
28133
28223
msgstr ""
28134
28224
28135
#: serverguide/C/databases.xml:72(para)
28225
#: serverguide/C/databases.xml:65(para)
28136
28226
msgid ""
28137
28227
"If the server is not running correctly, you can type the following command "
28138
28228
"to start it:"
28139
28229
msgstr ""
28140
28230
28141
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
28231
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
28142
28232
msgid "sudo service mysql restart"
28143
28233
msgstr ""
28144
28234
28145
#: serverguide/C/databases.xml:81(para)
28235
#: serverguide/C/databases.xml:74(para)
28146
28236
msgid ""
28147
28237
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
28148
28238
"the basic settings -- log file, port number, etc. For example, to configure "
28150
28240
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
28151
28241
msgstr ""
28152
28242
28153
#: serverguide/C/databases.xml:87(programlisting)
28243
#: serverguide/C/databases.xml:80(programlisting)
28154
28244
#, no-wrap
28155
28245
msgid ""
28156
28246
"\n"
28159
28249
"\n"
28160
28250
"bind-address = 192.168.0.5\n"
28161
28251
28162
#: serverguide/C/databases.xml:91(para)
28252
#: serverguide/C/databases.xml:84(para)
28163
28253
msgid "Replace 192.168.0.5 with the appropriate address."
28164
28254
msgstr ""
28165
28255
28166
#: serverguide/C/databases.xml:95(para)
28256
#: serverguide/C/databases.xml:88(para)
28167
28257
msgid ""
28168
28258
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28169
28259
"daemon will need to be restarted:"
28170
28260
msgstr ""
28171
28261
28172
#: serverguide/C/databases.xml:102(para)
28262
#: serverguide/C/databases.xml:95(para)
28173
28263
msgid ""
28174
28264
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28175
28265
"a terminal enter:"
28176
28266
msgstr ""
28177
28267
28178
#: serverguide/C/databases.xml:107(command)
28268
#: serverguide/C/databases.xml:100(command)
28179
28269
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28180
28270
msgstr ""
28181
28271
28182
#: serverguide/C/databases.xml:109(para)
28272
#: serverguide/C/databases.xml:102(para)
28183
28273
msgid ""
28184
28274
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28185
28275
"password."
28186
28276
msgstr ""
28187
28277
28188
#: serverguide/C/databases.xml:114(title)
28278
#: serverguide/C/databases.xml:107(title)
28189
28279
msgid "Database Engines"
28190
28280
msgstr ""
28191
28281
28192
#: serverguide/C/databases.xml:115(para)
28282
#: serverguide/C/databases.xml:108(para)
28193
28283
msgid ""
28194
28284
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28195
28285
"perfectly functional and performs well there are things you may wish to "
28196
28286
"consider before you proceed."
28197
28287
msgstr ""
28198
28288
28199
#: serverguide/C/databases.xml:119(para)
28289
#: serverguide/C/databases.xml:112(para)
28200
28290
msgid ""
28201
28291
"MySQL is designed to allow data to be stored in different ways. These "
28202
28292
"methods are referred to as either database or storage engines. There are two "
28206
28296
"use, you will interact with the database in the same way."
28207
28297
msgstr ""
28208
28298
28209
#: serverguide/C/databases.xml:126(para)
28299
#: serverguide/C/databases.xml:119(para)
28210
28300
msgid "Each engine has its own advantages and disadvantages."
28211
28301
msgstr ""
28212
28302
28213
#: serverguide/C/databases.xml:129(para)
28303
#: serverguide/C/databases.xml:122(para)
28214
28304
msgid ""
28215
28305
"While it is possible, and may be advantageous to mix and match database "
28216
28306
"engines on a table level, doing so reduces the effectiveness of the "
28218
28308
"two engines instead of dedicating them to one."
28219
28309
msgstr ""
28220
28310
28221
#: serverguide/C/databases.xml:136(para)
28311
#: serverguide/C/databases.xml:129(para)
28222
28312
msgid ""
28223
28313
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
28224
28314
"circumstances and favours a read only workload. Some web applications have "
28234
28324
"production/\">MyISAM on a production database</ulink>."
28235
28325
msgstr ""
28236
28326
28237
#: serverguide/C/databases.xml:150(para)
28327
#: serverguide/C/databases.xml:143(para)
28238
28328
msgid ""
28239
28329
"InnoDB is a more modern database engine, designed to be <ulink "
28240
28330
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
28247
28337
"reliable data recovery as data consistency can be checked."
28248
28338
msgstr ""
28249
28339
28250
#: serverguide/C/databases.xml:163(para)
28340
#: serverguide/C/databases.xml:156(para)
28251
28341
msgid ""
28252
28342
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
28253
28343
"MyISAM unless you have specific need for features unique to the engine."
28254
28344
msgstr ""
28255
28345
28256
#: serverguide/C/databases.xml:170(title)
28346
#: serverguide/C/databases.xml:163(title)
28257
28347
msgid "Creating a tuned my.cnf file"
28258
28348
msgstr ""
28259
28349
28260
#: serverguide/C/databases.xml:171(para)
28350
#: serverguide/C/databases.xml:164(para)
28261
28351
msgid ""
28262
28352
"There are a number of parameters that can be adjusted within MySQL's "
28263
28353
"configuration file that will allow you to improve the performance of the "
28310
28400
"</screen> Once that is complete all is good to go!"
28311
28401
msgstr ""
28312
28402
28313
#: serverguide/C/databases.xml:213(para)
28403
#: serverguide/C/databases.xml:206(para)
28314
28404
msgid ""
28315
28405
"This is not necessary for all my.cnf changes. Most of the variables you may "
28316
28406
"wish to change to improve performance are adjustable even whilst the server "
28318
28408
"files and data before making changes."
28319
28409
msgstr ""
28320
28410
28321
#: serverguide/C/databases.xml:222(title)
28411
#: serverguide/C/databases.xml:215(title)
28322
28412
msgid "MySQL Tuner"
28323
28413
msgstr ""
28324
28414
28325
#: serverguide/C/databases.xml:223(para)
28415
#: serverguide/C/databases.xml:216(para)
28326
28416
msgid ""
28327
28417
"<application>MySQL Tuner</application> is a useful tool that will connect to "
28328
28418
"a running MySQL instance and offer suggestions for how it can be best "
28354
28444
"</screen>"
28355
28445
msgstr ""
28356
28446
28357
#: serverguide/C/databases.xml:257(para)
28447
#: serverguide/C/databases.xml:250(para)
28358
28448
msgid ""
28359
28449
"One final comment on tuning databases: Whilst we can broadly say that "
28360
28450
"certain settings are the best, performance can vary from application to "
28369
28459
"either using more powerful hardware or by adding slave servers."
28370
28460
msgstr ""
28371
28461
28372
#: serverguide/C/databases.xml:274(para)
28462
#: serverguide/C/databases.xml:267(para)
28373
28463
msgid ""
28374
28464
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
28375
28465
"more information."
28376
28466
msgstr ""
28377
28467
28378
#: serverguide/C/databases.xml:279(para)
28468
#: serverguide/C/databases.xml:272(para)
28379
28469
msgid ""
28380
28470
"Full documentation is available in both online and offline formats from the "
28381
28471
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
28382
28472
msgstr ""
28383
28473
28384
#: serverguide/C/databases.xml:285(para)
28474
#: serverguide/C/databases.xml:278(para)
28385
28475
msgid ""
28386
28476
"For general SQL information see <ulink "
28387
28477
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
28388
28478
"SQL Special Edition</ulink> by Rafe Colburn."
28389
28479
msgstr ""
28390
28480
28391
#: serverguide/C/databases.xml:291(para)
28481
#: serverguide/C/databases.xml:284(para)
28392
28482
msgid ""
28393
28483
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
28394
28484
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
28407
28497
"in the command prompt:"
28408
28498
msgstr ""
28409
28499
28410
#: serverguide/C/databases.xml:314(command)
28500
#: serverguide/C/databases.xml:307(command)
28411
28501
msgid "sudo apt-get install postgresql"
28412
28502
msgstr "sudo apt-get install postgresql"
28413
28503
28454
28544
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
28455
28545
msgstr ""
28456
28546
28457
#: serverguide/C/databases.xml:346(para)
28547
#: serverguide/C/databases.xml:339(para)
28458
28548
msgid ""
28459
28549
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
28460
28550
"change it to:"
28486
28576
"default <application>PostgreSQL</application> template database:"
28487
28577
msgstr ""
28488
28578
28489
#: serverguide/C/databases.xml:370(command)
28579
#: serverguide/C/databases.xml:362(command)
28490
28580
msgid "sudo -u postgres psql template1"
28491
28581
msgstr "sudo -u postgres psql template1"
28492
28582
28500
28590
"user <emphasis role=\"italics\">postgres</emphasis>."
28501
28591
msgstr ""
28502
28592
28503
#: serverguide/C/databases.xml:380(command)
28593
#: serverguide/C/databases.xml:372(command)
28504
28594
msgid "ALTER USER postgres with encrypted password 'your_password';"
28505
28595
msgstr ""
28506
28596
28512
28602
"<emphasis>postgres</emphasis> user:"
28513
28603
msgstr ""
28514
28604
28515
#: serverguide/C/databases.xml:388(programlisting)
28605
#: serverguide/C/databases.xml:380(programlisting)
28516
28606
#, no-wrap
28517
28607
msgid ""
28518
28608
"\n"
28519
28609
"local all postgres md5\n"
28520
28610
msgstr ""
28521
28611
28522
#: serverguide/C/databases.xml:392(para)
28612
#: serverguide/C/databases.xml:384(para)
28523
28613
msgid ""
28524
28614
"Finally, you should restart the <application>PostgreSQL</application> "
28525
28615
"service to initialize the new configuration. From a terminal prompt enter "
28555
28645
msgid "Replace the domain name with your actual server domain name."
28556
28646
msgstr ""
28557
28647
28558
#: serverguide/C/backups.xml:11(title)
28648
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28559
28649
msgid "Backups"
28560
28650
msgstr ""
28561
28651
28586
28676
"9.1/html/index.html</command> into the address bar of your browser."
28587
28677
msgstr ""
28588
28678
28589
#: serverguide/C/databases.xml:426(para)
28679
#: serverguide/C/databases.xml:436(para)
28590
28680
msgid ""
28591
28681
"For general SQL information see <ulink "
28592
28682
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
28593
28683
"Special Edition</ulink> by Rafe Colburn."
28594
28684
msgstr ""
28595
28685
28596
#: serverguide/C/databases.xml:432(para)
28686
#: serverguide/C/databases.xml:442(para)
28597
28687
msgid ""
28598
28688
"Also, see the <ulink "
28599
28689
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
29228
29318
#: serverguide/C/cgroups.xml:113(para)
29229
29319
msgid ""
29230
29320
"and tasks can be moved into the new child cgroup by writing their process "
29231
"ids into the 'tasks' or 'cgroup.procs' file:"
29321
"IDs into the 'tasks' or 'cgroup.procs' file:"
29232
29322
msgstr ""
29233
29323
29234
29324
#: serverguide/C/cgroups.xml:118(command)
29235
msgid "sleep 100 echo $! > /cgroup1/child1/cgroup.procs"
29325
msgid "sleep 100 & echo $! > /cgroup1/child1/cgroup.procs"
29236
29326
msgstr ""
29237
29327
29238
29328
#: serverguide/C/cgroups.xml:123(para)
29396
29486
#, no-wrap
29397
29487
msgid ""
29398
29488
"\n"
29399
"#!/bin/sh\n"
29489
"#!/bin/bash\n"
29400
29490
"####################################\n"
29401
29491
"#\n"
29402
29492
"# Backup to NFS mount script.\n"
29521
29611
#: serverguide/C/backups.xml:153(para)
29522
29612
msgid ""
29523
29613
"The simplest way of executing the above backup script is to copy and paste "
29524
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29525
"from a terminal prompt:"
29614
"the contents into a file. <filename>backup.sh</filename> for example. The "
29615
"file must be made executable:"
29526
29616
msgstr ""
29527
29617
29528
29618
#: serverguide/C/backups.xml:158(command)
29529
msgid "sudo bash backup.sh"
29530
msgstr "sudo bash backup.sh"
29619
msgid "chmod u+x backup.sh"
29620
msgstr ""
29531
29621
29532
29622
#: serverguide/C/backups.xml:160(para)
29623
msgid "Then from a terminal prompt:"
29624
msgstr ""
29625
29626
#: serverguide/C/backups.xml:164(command)
29627
msgid "sudo ./backup.sh"
29628
msgstr ""
29629
29630
#: serverguide/C/backups.xml:166(para)
29533
29631
msgid ""
29534
29632
"This is a great way to test the script to make sure everything works as "
29535
29633
"expected."
29536
29634
msgstr ""
29537
29635
29538
#: serverguide/C/backups.xml:165(title)
29636
#: serverguide/C/backups.xml:171(title)
29539
29637
msgid "Executing with cron"
29540
29638
msgstr ""
29541
29639
29542
#: serverguide/C/backups.xml:166(para)
29640
#: serverguide/C/backups.xml:172(para)
29543
29641
msgid ""
29544
29642
"The <application>cron</application> utility can be used to automate the "
29545
29643
"script execution. The <application>cron</application> daemon allows the "
29546
29644
"execution of scripts, or commands, at a specified time and date."
29547
29645
msgstr ""
29548
29646
29549
#: serverguide/C/backups.xml:170(para)
29647
#: serverguide/C/backups.xml:176(para)
29550
29648
msgid ""
29551
29649
"<application>cron</application> is configured through entries in a "
29552
29650
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29553
29651
"separated into fields:"
29554
29652
msgstr ""
29555
29653
29556
#: serverguide/C/backups.xml:174(programlisting)
29654
#: serverguide/C/backups.xml:180(programlisting)
29557
29655
#, no-wrap
29558
29656
msgid ""
29559
29657
"\n"
29562
29660
"\n"
29563
29661
"# m h dom mon dow command\n"
29564
29662
29565
#: serverguide/C/backups.xml:179(para)
29663
#: serverguide/C/backups.xml:185(para)
29566
29664
msgid ""
29567
29665
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29568
29666
msgstr ""
29569
29667
29570
#: serverguide/C/backups.xml:184(para)
29668
#: serverguide/C/backups.xml:190(para)
29571
29669
msgid ""
29572
29670
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29573
29671
msgstr ""
29574
29672
29575
#: serverguide/C/backups.xml:189(para)
29673
#: serverguide/C/backups.xml:195(para)
29576
29674
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29577
29675
msgstr ""
29578
29676
29579
#: serverguide/C/backups.xml:194(para)
29677
#: serverguide/C/backups.xml:200(para)
29580
29678
msgid ""
29581
29679
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29582
29680
"12."
29583
29681
msgstr ""
29584
29682
29585
#: serverguide/C/backups.xml:199(para)
29683
#: serverguide/C/backups.xml:205(para)
29586
29684
msgid ""
29587
29685
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29588
29686
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29589
29687
"valid."
29590
29688
msgstr ""
29591
29689
29592
#: serverguide/C/backups.xml:204(para)
29690
#: serverguide/C/backups.xml:210(para)
29593
29691
msgid "<emphasis>command:</emphasis> the command to execute."
29594
29692
msgstr ""
29595
29693
29596
#: serverguide/C/backups.xml:209(para)
29694
#: serverguide/C/backups.xml:215(para)
29597
29695
msgid ""
29598
29696
"To add or change entries in a <filename>crontab</filename> file the "
29599
29697
"<application>crontab -e</application> command should be used. Also, the "
29601
29699
"<application>crontab -l</application> command."
29602
29700
msgstr ""
29603
29701
29604
#: serverguide/C/backups.xml:213(para)
29702
#: serverguide/C/backups.xml:219(para)
29605
29703
msgid ""
29606
29704
"To execute the <application>backup.sh</application> script listed above "
29607
29705
"using <application>cron</application>. Enter the following from a terminal "
29608
29706
"prompt:"
29609
29707
msgstr ""
29610
29708
29611
#: serverguide/C/backups.xml:218(command)
29709
#: serverguide/C/backups.xml:224(command)
29612
29710
msgid "sudo crontab -e"
29613
29711
msgstr "sudo crontab -e"
29614
29712
29615
#: serverguide/C/backups.xml:221(para)
29713
#: serverguide/C/backups.xml:227(para)
29616
29714
msgid ""
29617
29715
"Using <application>sudo</application> with the <application>crontab -"
29618
29716
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
29620
29718
"access to."
29621
29719
msgstr ""
29622
29720
29623
#: serverguide/C/backups.xml:226(para)
29721
#: serverguide/C/backups.xml:232(para)
29624
29722
msgid "Add the following entry to the <filename>crontab</filename> file:"
29625
29723
msgstr ""
29626
29724
29627
#: serverguide/C/backups.xml:229(programlisting)
29725
#: serverguide/C/backups.xml:235(programlisting)
29628
29726
#, no-wrap
29629
29727
msgid ""
29630
29728
"\n"
29635
29733
"# m h dom mon dow command\n"
29636
29734
"0 0 * * * bash /usr/local/bin/backup.sh\n"
29637
29735
29638
#: serverguide/C/backups.xml:233(para)
29736
#: serverguide/C/backups.xml:239(para)
29639
29737
msgid ""
29640
29738
"The <application>backup.sh</application> script will now be executed every "
29641
29739
"day at 12:00 am."
29642
29740
msgstr ""
29643
29741
29644
#: serverguide/C/backups.xml:237(para)
29742
#: serverguide/C/backups.xml:243(para)
29645
29743
msgid ""
29646
29744
"The <application>backup.sh</application> script will need to be copied to "
29647
29745
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
29649
29747
"simply change the script path appropriately."
29650
29748
msgstr ""
29651
29749
29652
#: serverguide/C/backups.xml:242(para)
29750
#: serverguide/C/backups.xml:248(para)
29653
29751
msgid ""
29654
29752
"For more in-depth <application>crontab</application> options see <xref "
29655
29753
"linkend=\"backup-shellscript-references\"/>."
29656
29754
msgstr ""
29657
29755
29658
#: serverguide/C/backups.xml:248(title)
29756
#: serverguide/C/backups.xml:254(title)
29659
29757
msgid "Restoring from the Archive"
29660
29758
msgstr ""
29661
29759
29662
#: serverguide/C/backups.xml:249(para)
29760
#: serverguide/C/backups.xml:255(para)
29663
29761
msgid ""
29664
29762
"Once an archive has been created it is important to test the archive. The "
29665
29763
"archive can be tested by listing the files it contains, but the best test is "
29666
29764
"to <emphasis>restore</emphasis> a file from the archive."
29667
29765
msgstr ""
29668
29766
29669
#: serverguide/C/backups.xml:255(para)
29767
#: serverguide/C/backups.xml:261(para)
29670
29768
msgid ""
29671
29769
"To see a listing of the archive contents. From a terminal prompt type:"
29672
29770
msgstr ""
29673
29771
29674
#: serverguide/C/backups.xml:259(command)
29772
#: serverguide/C/backups.xml:265(command)
29675
29773
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29676
29774
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
29677
29775
29678
#: serverguide/C/backups.xml:263(para)
29776
#: serverguide/C/backups.xml:269(para)
29679
29777
msgid "To restore a file from the archive to a different directory enter:"
29680
29778
msgstr ""
29681
29779
29682
#: serverguide/C/backups.xml:267(command)
29780
#: serverguide/C/backups.xml:273(command)
29683
29781
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29684
29782
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29685
29783
29686
#: serverguide/C/backups.xml:269(para)
29784
#: serverguide/C/backups.xml:275(para)
29687
29785
msgid ""
29688
29786
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29689
29787
"redirects the extracted files to the specified directory. The above example "
29692
29790
"recreates the directory structure that it contains."
29693
29791
msgstr ""
29694
29792
29695
#: serverguide/C/backups.xml:274(para)
29793
#: serverguide/C/backups.xml:280(para)
29696
29794
msgid ""
29697
29795
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29698
29796
"the file to restore."
29699
29797
msgstr ""
29700
29798
29701
#: serverguide/C/backups.xml:279(para)
29799
#: serverguide/C/backups.xml:285(para)
29702
29800
msgid "To restore all files in the archive enter the following:"
29703
29801
msgstr ""
29704
29802
29705
#: serverguide/C/backups.xml:283(command)
29803
#: serverguide/C/backups.xml:289(command)
29706
29804
msgid "cd /"
29707
29805
msgstr "cd /"
29708
29806
29709
#: serverguide/C/backups.xml:284(command)
29807
#: serverguide/C/backups.xml:290(command)
29710
29808
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29711
29809
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29712
29810
29713
#: serverguide/C/backups.xml:289(para)
29811
#: serverguide/C/backups.xml:295(para)
29714
29812
msgid "This will overwrite the files currently on the file system."
29715
29813
msgstr ""
29716
29814
29717
#: serverguide/C/backups.xml:298(para)
29815
#: serverguide/C/backups.xml:304(para)
29718
29816
msgid ""
29719
29817
"For more information on shell scripting see the <ulink "
29720
29818
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29721
29819
msgstr ""
29722
29820
29723
#: serverguide/C/backups.xml:303(para)
29821
#: serverguide/C/backups.xml:309(para)
29724
29822
msgid ""
29725
29823
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29726
29824
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29727
29825
"great resource for shell scripting."
29728
29826
msgstr ""
29729
29827
29730
#: serverguide/C/backups.xml:309(para)
29828
#: serverguide/C/backups.xml:315(para)
29731
29829
msgid ""
29732
29830
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29733
29831
"Wiki Page</ulink> contains details on advanced "
29734
29832
"<application>cron</application> options."
29735
29833
msgstr ""
29736
29834
29737
#: serverguide/C/backups.xml:316(para)
29835
#: serverguide/C/backups.xml:322(para)
29738
29836
msgid ""
29739
29837
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29740
29838
"tar Manual</ulink> for more <application>tar</application> options."
29741
29839
msgstr ""
29742
29840
29743
#: serverguide/C/backups.xml:322(para)
29841
#: serverguide/C/backups.xml:328(para)
29744
29842
msgid ""
29745
29843
"The Wikipedia <ulink "
29746
29844
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29747
29845
"Scheme</ulink> article contains information on other backup rotation schemes."
29748
29846
msgstr ""
29749
29847
29750
#: serverguide/C/backups.xml:328(para)
29848
#: serverguide/C/backups.xml:334(para)
29751
29849
msgid ""
29752
29850
"The shell script uses <application>tar</application> to create the archive, "
29753
29851
"but there many other command line utilities that can be used. For example:"
29754
29852
msgstr ""
29755
29853
29756
#: serverguide/C/backups.xml:334(para)
29854
#: serverguide/C/backups.xml:340(para)
29757
29855
msgid ""
29758
29856
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29759
29857
"files to and from archives."
29760
29858
msgstr ""
29761
29859
29762
#: serverguide/C/backups.xml:339(para)
29860
#: serverguide/C/backups.xml:345(para)
29763
29861
msgid ""
29764
29862
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29765
29863
"the <application>coreutils</application> package. A low level utility that "
29766
29864
"can copy data from one format to another."
29767
29865
msgstr ""
29768
29866
29769
#: serverguide/C/backups.xml:345(para)
29867
#: serverguide/C/backups.xml:351(para)
29770
29868
msgid ""
29771
29869
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29772
29870
"snapshot utility used to create copies of an entire file system."
29773
29871
msgstr ""
29774
29872
29775
#: serverguide/C/backups.xml:351(para)
29873
#: serverguide/C/backups.xml:357(para)
29776
29874
msgid ""
29777
29875
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29778
29876
"flexible utility used to create incremental copies of files."
29779
29877
msgstr ""
29780
29878
29781
#: serverguide/C/backups.xml:362(title)
29879
#: serverguide/C/backups.xml:368(title)
29782
29880
msgid "Archive Rotation"
29783
29881
msgstr ""
29784
29882
29785
#: serverguide/C/backups.xml:363(para)
29883
#: serverguide/C/backups.xml:369(para)
29786
29884
msgid ""
29787
29885
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29788
29886
"seven different archives. For a server whose data doesn't change often, this "
29790
29888
"rotation scheme should be used."
29791
29889
msgstr ""
29792
29890
29793
#: serverguide/C/backups.xml:369(title)
29891
#: serverguide/C/backups.xml:375(title)
29794
29892
msgid "Rotating NFS Archives"
29795
29893
msgstr ""
29796
29894
29797
#: serverguide/C/backups.xml:370(para)
29895
#: serverguide/C/backups.xml:376(para)
29798
29896
msgid ""
29799
29897
"In this section, the shell script will be slightly modified to implement a "
29800
29898
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29801
29899
msgstr ""
29802
29900
29803
#: serverguide/C/backups.xml:376(para)
29901
#: serverguide/C/backups.xml:382(para)
29804
29902
msgid ""
29805
29903
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29806
29904
"Friday."
29807
29905
msgstr ""
29808
29906
29809
#: serverguide/C/backups.xml:381(para)
29907
#: serverguide/C/backups.xml:387(para)
29810
29908
msgid ""
29811
29909
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29812
29910
"weekly backups a month."
29813
29911
msgstr ""
29814
29912
29815
#: serverguide/C/backups.xml:386(para)
29913
#: serverguide/C/backups.xml:392(para)
29816
29914
msgid ""
29817
29915
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29818
29916
"rotating two monthly backups based on if the month is odd or even."
29819
29917
msgstr ""
29820
29918
29821
#: serverguide/C/backups.xml:392(para)
29919
#: serverguide/C/backups.xml:398(para)
29822
29920
msgid "Here is the new script:"
29823
29921
msgstr ""
29824
29922
29825
#: serverguide/C/backups.xml:395(programlisting)
29923
#: serverguide/C/backups.xml:401(programlisting)
29826
29924
#, no-wrap
29827
29925
msgid ""
29828
29926
"\n"
29891
29989
"ls -lh $dest/\n"
29892
29990
msgstr ""
29893
29991
29894
#: serverguide/C/backups.xml:460(para)
29992
#: serverguide/C/backups.xml:466(para)
29895
29993
msgid ""
29896
29994
"The script can be executed using the same methods as in <xref "
29897
29995
"linkend=\"backup-executing-shellscript\"/>."
29898
29996
msgstr ""
29899
29997
29900
#: serverguide/C/backups.xml:463(para)
29998
#: serverguide/C/backups.xml:469(para)
29901
29999
msgid ""
29902
30000
"It is good practice to take backup media off-site in case of a disaster. In "
29903
30001
"the shell script example the backup media is another server providing an NFS "
29906
30004
"the archive file over a WAN link to a server in another location."
29907
30005
msgstr ""
29908
30006
29909
#: serverguide/C/backups.xml:469(para)
30007
#: serverguide/C/backups.xml:475(para)
29910
30008
msgid ""
29911
30009
"Another option is to copy the archive file to an external hard drive which "
29912
30010
"can then be taken off-site. Since the price of external hard drives continue "
29915
30013
"backup server and one in another location."
29916
30014
msgstr ""
29917
30015
29918
#: serverguide/C/backups.xml:476(title)
30016
#: serverguide/C/backups.xml:482(title)
29919
30017
msgid "Tape Drives"
29920
30018
msgstr ""
29921
30019
29922
#: serverguide/C/backups.xml:477(para)
30020
#: serverguide/C/backups.xml:483(para)
29923
30021
msgid ""
29924
30022
"A tape drive attached to the server can be used instead of an NFS share. "
29925
30023
"Using a tape drive simplifies archive rotation, and makes taking the media "
29926
30024
"off-site easier as well."
29927
30025
msgstr ""
29928
30026
29929
#: serverguide/C/backups.xml:481(para)
30027
#: serverguide/C/backups.xml:487(para)
29930
30028
msgid ""
29931
30029
"When using a tape drive, the filename portions of the script aren't needed "
29932
30030
"because the data is sent directly to the tape device. Some commands to "
29935
30033
"<application>cpio</application> package."
29936
30034
msgstr ""
29937
30035
29938
#: serverguide/C/backups.xml:486(para)
30036
#: serverguide/C/backups.xml:492(para)
29939
30037
msgid "Here is the shell script modified to use a tape drive:"
29940
30038
msgstr ""
29941
30039
29942
#: serverguide/C/backups.xml:489(programlisting)
30040
#: serverguide/C/backups.xml:495(programlisting)
29943
30041
#, no-wrap
29944
30042
msgid ""
29945
30043
"\n"
29976
30074
"date\n"
29977
30075
msgstr ""
29978
30076
29979
#: serverguide/C/backups.xml:523(para)
30077
#: serverguide/C/backups.xml:529(para)
29980
30078
msgid ""
29981
30079
"The default device name for a SCSI tape drive is "
29982
30080
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
29983
30081
"system."
29984
30082
msgstr ""
29985
30083
29986
#: serverguide/C/backups.xml:528(para)
30084
#: serverguide/C/backups.xml:534(para)
29987
30085
msgid ""
29988
30086
"Restoring from a tape drive is basically the same as restoring from a file. "
29989
30087
"Simply rewind the tape and use the device path instead of a file path. For "
29991
30089
"<filename>/tmp/etc/hosts</filename>:"
29992
30090
msgstr ""
29993
30091
29994
#: serverguide/C/backups.xml:533(command)
30092
#: serverguide/C/backups.xml:539(command)
29995
30093
msgid "mt -f /dev/st0 rewind"
29996
30094
msgstr "mt -f /dev/st0 rewind"
29997
30095
29998
#: serverguide/C/backups.xml:534(command)
30096
#: serverguide/C/backups.xml:540(command)
29999
30097
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
30000
30098
msgstr "tar -xzf /dev/st0 -C /tmp etc/hosts"
30001
30099
30002
#: serverguide/C/backups.xml:539(title)
30100
#: serverguide/C/backups.xml:545(title)
30003
30101
msgid "Bacula"
30004
30102
msgstr "Bacula"
30005
30103
30006
#: serverguide/C/backups.xml:540(para)
30104
#: serverguide/C/backups.xml:546(para)
30007
30105
msgid ""
30008
30106
"<application>Bacula</application> is a backup program enabling you to "
30009
30107
"backup, restore, and verify data across your network. There are Bacula "
30011
30109
"network wide solution."
30012
30110
msgstr ""
30013
30111
30014
#: serverguide/C/backups.xml:546(para)
30112
#: serverguide/C/backups.xml:552(para)
30015
30113
msgid ""
30016
30114
"<application>Bacula</application> is made up of several components and "
30017
30115
"services used to manage which files to backup and backup locations:"
30018
30116
msgstr ""
30019
30117
30020
#: serverguide/C/backups.xml:551(para)
30118
#: serverguide/C/backups.xml:557(para)
30021
30119
msgid ""
30022
30120
"<application>Bacula Director:</application> a service that controls all "
30023
30121
"backup, restore, verify, and archive operations."
30024
30122
msgstr ""
30025
30123
30026
#: serverguide/C/backups.xml:556(para)
30124
#: serverguide/C/backups.xml:562(para)
30027
30125
msgid ""
30028
30126
"<application>Bacula Console:</application> an application allowing "
30029
30127
"communication with the Director. There are three versions of the Console:"
30030
30128
msgstr ""
30031
30129
30032
#: serverguide/C/backups.xml:561(para)
30130
#: serverguide/C/backups.xml:567(para)
30033
30131
msgid "Text based command line version."
30034
30132
msgstr ""
30035
30133
30036
#: serverguide/C/backups.xml:562(para)
30134
#: serverguide/C/backups.xml:568(para)
30037
30135
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
30038
30136
msgstr ""
30039
30137
30040
#: serverguide/C/backups.xml:563(para)
30138
#: serverguide/C/backups.xml:569(para)
30041
30139
msgid "wxWidgets GUI interface."
30042
30140
msgstr ""
30043
30141
30044
#: serverguide/C/backups.xml:567(para)
30142
#: serverguide/C/backups.xml:573(para)
30045
30143
msgid ""
30046
30144
"<application>Bacula File:</application> also known as the "
30047
30145
"<application>Bacula Client</application> program. This application is "
30049
30147
"requested by the Director."
30050
30148
msgstr ""
30051
30149
30052
#: serverguide/C/backups.xml:573(para)
30150
#: serverguide/C/backups.xml:579(para)
30053
30151
msgid ""
30054
30152
"<application>Bacula Storage:</application> the programs that perform the "
30055
30153
"storage and recovery of data to the physical media."
30056
30154
msgstr ""
30057
30155
30058
#: serverguide/C/backups.xml:578(para)
30156
#: serverguide/C/backups.xml:584(para)
30059
30157
msgid ""
30060
30158
"<application>Bacula Catalog:</application> is responsible for maintaining "
30061
30159
"the file indexes and volume databases for all files backed up, enabling "
30063
30161
"different databases MySQL, PostgreSQL, and SQLite."
30064
30162
msgstr ""
30065
30163
30066
#: serverguide/C/backups.xml:584(para)
30164
#: serverguide/C/backups.xml:590(para)
30067
30165
msgid ""
30068
30166
"<application>Bacula Monitor:</application> allows the monitoring of the "
30069
30167
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
30070
30168
"available as a GTK+ GUI application."
30071
30169
msgstr ""
30072
30170
30073
#: serverguide/C/backups.xml:590(para)
30171
#: serverguide/C/backups.xml:596(para)
30074
30172
msgid ""
30075
30173
"These services and applications can be run on multiple servers and clients, "
30076
30174
"or they can be installed on one machine if backing up a single disk or "
30077
30175
"volume."
30078
30176
msgstr ""
30079
30177
30080
#: serverguide/C/backups.xml:598(para)
30178
#: serverguide/C/backups.xml:604(para)
30081
30179
msgid ""
30082
30180
"If using MySQL or PostgreSQL as your database, you should already have the "
30083
30181
"services available. <application>Bacula</application> will not install them "
30084
30182
"for you."
30085
30183
msgstr ""
30086
30184
30087
#: serverguide/C/backups.xml:603(para)
30185
#: serverguide/C/backups.xml:609(para)
30088
30186
msgid ""
30089
30187
"There are multiple packages containing the different "
30090
30188
"<application>Bacula</application> components. To install Bacula, from a "
30091
30189
"terminal prompt enter:"
30092
30190
msgstr ""
30093
30191
30094
#: serverguide/C/backups.xml:608(command)
30192
#: serverguide/C/backups.xml:614(command)
30095
30193
msgid "sudo apt-get install bacula"
30096
30194
msgstr "sudo apt-get install bacula"
30097
30195
30098
#: serverguide/C/backups.xml:610(para)
30196
#: serverguide/C/backups.xml:616(para)
30099
30197
msgid ""
30100
30198
"By default installing the <application>bacula</application> package will use "
30101
30199
"a <application>MySQL</application> database for the Catalog. If you want to "
30104
30202
"pgsql</application> respectively."
30105
30203
msgstr ""
30106
30204
30107
#: serverguide/C/backups.xml:616(para)
30205
#: serverguide/C/backups.xml:622(para)
30108
30206
msgid ""
30109
30207
"During the install process you will be asked to supply credentials for the "
30110
30208
"database <emphasis>administrator</emphasis> and the "
30113
30211
"database, see <xref linkend=\"mysql\"/> for more information."
30114
30212
msgstr ""
30115
30213
30116
#: serverguide/C/backups.xml:626(para)
30214
#: serverguide/C/backups.xml:632(para)
30117
30215
msgid ""
30118
30216
"<application>Bacula</application> configuration files are formatted based on "
30119
30217
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
30122
30220
"directory."
30123
30221
msgstr ""
30124
30222
30125
#: serverguide/C/backups.xml:631(para)
30223
#: serverguide/C/backups.xml:637(para)
30126
30224
msgid ""
30127
30225
"The various <application>Bacula</application> components must authorize "
30128
30226
"themselves to each other. This is accomplished using the "
30133
30231
"<filename>/etc/bacula/bacula-sd.conf</filename>."
30134
30232
msgstr ""
30135
30233
30136
#: serverguide/C/backups.xml:637(para)
30234
#: serverguide/C/backups.xml:643(para)
30137
30235
msgid ""
30138
30236
"By default the backup job named <emphasis>Client1</emphasis> is configured "
30139
30237
"to archive the <application>Bacula</application> Catalog. If you plan on "
30142
30240
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
30143
30241
msgstr ""
30144
30242
30145
#: serverguide/C/backups.xml:642(programlisting)
30243
#: serverguide/C/backups.xml:648(programlisting)
30146
30244
#, no-wrap
30147
30245
msgid ""
30148
30246
"\n"
30156
30254
"}\n"
30157
30255
msgstr ""
30158
30256
30159
#: serverguide/C/backups.xml:653(para)
30257
#: serverguide/C/backups.xml:659(para)
30160
30258
msgid ""
30161
30259
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
30162
30260
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
30163
30261
"your appropriate hostname, or other descriptive name."
30164
30262
msgstr ""
30165
30263
30166
#: serverguide/C/backups.xml:658(para)
30264
#: serverguide/C/backups.xml:664(para)
30167
30265
msgid ""
30168
30266
"The <emphasis>Console</emphasis> can be used to query the "
30169
30267
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
30172
30270
"the following from a terminal:"
30173
30271
msgstr ""
30174
30272
30175
#: serverguide/C/backups.xml:664(command)
30273
#: serverguide/C/backups.xml:670(command)
30176
30274
msgid "sudo adduser $username bacula"
30177
30275
msgstr "sudo adduser $username bacula"
30178
30276
30179
#: serverguide/C/backups.xml:667(para)
30277
#: serverguide/C/backups.xml:673(para)
30180
30278
msgid ""
30181
30279
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
30182
30280
"you are adding the current user to the group you should log out and back in "
30183
30281
"for the new permissions to take effect."
30184
30282
msgstr ""
30185
30283
30186
#: serverguide/C/backups.xml:674(title)
30284
#: serverguide/C/backups.xml:680(title)
30187
30285
msgid "Localhost Backup"
30188
30286
msgstr ""
30189
30287
30190
#: serverguide/C/backups.xml:675(para)
30288
#: serverguide/C/backups.xml:681(para)
30191
30289
msgid ""
30192
30290
"This section describes how to backup specified directories on a single host "
30193
30291
"to a local tape drive."
30194
30292
msgstr ""
30195
30293
30196
#: serverguide/C/backups.xml:680(para)
30294
#: serverguide/C/backups.xml:686(para)
30197
30295
msgid ""
30198
30296
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
30199
30297
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
30200
30298
msgstr ""
30201
30299
30202
#: serverguide/C/backups.xml:683(programlisting)
30300
#: serverguide/C/backups.xml:689(programlisting)
30203
30301
#, no-wrap
30204
30302
msgid ""
30205
30303
"\n"
30217
30315
"}\n"
30218
30316
msgstr ""
30219
30317
30220
#: serverguide/C/backups.xml:697(para)
30318
#: serverguide/C/backups.xml:703(para)
30221
30319
msgid ""
30222
30320
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
30223
30321
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
30224
30322
"hardware."
30225
30323
msgstr ""
30226
30324
30227
#: serverguide/C/backups.xml:700(para)
30325
#: serverguide/C/backups.xml:706(para)
30228
30326
msgid "You could also uncomment one of the other examples in the file."
30229
30327
msgstr ""
30230
30328
30231
#: serverguide/C/backups.xml:705(para)
30329
#: serverguide/C/backups.xml:711(para)
30232
30330
msgid ""
30233
30331
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
30234
30332
"<application>Storage</application> daemon will need to be restarted:"
30235
30333
msgstr ""
30236
30334
30237
#: serverguide/C/backups.xml:710(command)
30335
#: serverguide/C/backups.xml:716(command)
30238
30336
msgid "sudo service bacula-sd restart"
30239
30337
msgstr ""
30240
30338
30241
#: serverguide/C/backups.xml:714(para)
30339
#: serverguide/C/backups.xml:720(para)
30242
30340
msgid ""
30243
30341
"Now add a <emphasis>Storage</emphasis> resource in "
30244
30342
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
30245
30343
msgstr ""
30246
30344
30247
#: serverguide/C/backups.xml:717(programlisting)
30345
#: serverguide/C/backups.xml:723(programlisting)
30248
30346
#, no-wrap
30249
30347
msgid ""
30250
30348
"\n"
30261
30359
"}\n"
30262
30360
msgstr ""
30263
30361
30264
#: serverguide/C/backups.xml:729(para)
30362
#: serverguide/C/backups.xml:735(para)
30265
30363
msgid ""
30266
30364
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
30267
30365
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
30268
30366
"to the actual host name."
30269
30367
msgstr ""
30270
30368
30271
#: serverguide/C/backups.xml:733(para)
30369
#: serverguide/C/backups.xml:739(para)
30272
30370
msgid ""
30273
30371
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
30274
30372
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
30275
30373
msgstr ""
30276
30374
30277
#: serverguide/C/backups.xml:739(para)
30375
#: serverguide/C/backups.xml:745(para)
30278
30376
msgid ""
30279
30377
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
30280
30378
"directories to backup, by adding:"
30281
30379
msgstr ""
30282
30380
30283
#: serverguide/C/backups.xml:742(programlisting)
30381
#: serverguide/C/backups.xml:748(programlisting)
30284
30382
#, no-wrap
30285
30383
msgid ""
30286
30384
"\n"
30298
30396
"}\n"
30299
30397
msgstr ""
30300
30398
30301
#: serverguide/C/backups.xml:756(para)
30399
#: serverguide/C/backups.xml:762(para)
30302
30400
msgid ""
30303
30401
"This <emphasis>FileSet</emphasis> will backup the <filename "
30304
30402
"role=\"directory\">/etc</filename> and <filename "
30308
30406
"using GZIP."
30309
30407
msgstr ""
30310
30408
30311
#: serverguide/C/backups.xml:763(para)
30409
#: serverguide/C/backups.xml:769(para)
30312
30410
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
30313
30411
msgstr ""
30314
30412
30315
#: serverguide/C/backups.xml:766(programlisting)
30413
#: serverguide/C/backups.xml:772(programlisting)
30316
30414
#, no-wrap
30317
30415
msgid ""
30318
30416
"\n"
30323
30421
"}\n"
30324
30422
msgstr ""
30325
30423
30326
#: serverguide/C/backups.xml:773(para)
30424
#: serverguide/C/backups.xml:779(para)
30327
30425
msgid ""
30328
30426
"The job will run every day at 00:01 or 12:01 am. There are many other "
30329
30427
"scheduling options available."
30330
30428
msgstr ""
30331
30429
30332
#: serverguide/C/backups.xml:778(para)
30430
#: serverguide/C/backups.xml:784(para)
30333
30431
msgid "Finally create the <emphasis>Job</emphasis>:"
30334
30432
msgstr ""
30335
30433
30336
#: serverguide/C/backups.xml:781(programlisting)
30434
#: serverguide/C/backups.xml:787(programlisting)
30337
30435
#, no-wrap
30338
30436
msgid ""
30339
30437
"\n"
30350
30448
"} \n"
30351
30449
msgstr ""
30352
30450
30353
#: serverguide/C/backups.xml:794(para)
30451
#: serverguide/C/backups.xml:800(para)
30354
30452
msgid ""
30355
30453
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
30356
30454
"drive."
30357
30455
msgstr ""
30358
30456
30359
#: serverguide/C/backups.xml:799(para)
30457
#: serverguide/C/backups.xml:805(para)
30360
30458
msgid ""
30361
30459
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
30362
30460
"current tape does not have a label <application>Bacula</application> will "
30364
30462
"<application>Console</application> enter the following from a terminal:"
30365
30463
msgstr ""
30366
30464
30367
#: serverguide/C/backups.xml:805(command)
30465
#: serverguide/C/backups.xml:811(command)
30368
30466
msgid "bconsole"
30369
30467
msgstr ""
30370
30468
30371
#: serverguide/C/backups.xml:809(para)
30469
#: serverguide/C/backups.xml:815(para)
30372
30470
msgid "At the Bacula Console prompt enter:"
30373
30471
msgstr ""
30374
30472
30375
#: serverguide/C/backups.xml:813(command)
30473
#: serverguide/C/backups.xml:819(command)
30376
30474
msgid "label"
30377
30475
msgstr "метка"
30378
30476
30379
#: serverguide/C/backups.xml:817(para)
30477
#: serverguide/C/backups.xml:823(para)
30380
30478
msgid ""
30381
30479
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
30382
30480
msgstr ""
30383
30481
30384
#: serverguide/C/backups.xml:827(userinput)
30482
#: serverguide/C/backups.xml:833(userinput)
30385
30483
#, no-wrap
30386
30484
msgid "2"
30387
30485
msgstr "2"
30388
30486
30389
#: serverguide/C/backups.xml:821(computeroutput)
30487
#: serverguide/C/backups.xml:827(computeroutput)
30390
30488
#, no-wrap
30391
30489
msgid ""
30392
30490
"\n"
30398
30496
"Select Storage resource (1-2):<placeholder-1/>\n"
30399
30497
msgstr ""
30400
30498
30401
#: serverguide/C/backups.xml:832(para)
30499
#: serverguide/C/backups.xml:838(para)
30402
30500
msgid "Enter the new <emphasis>Volume</emphasis> name:"
30403
30501
msgstr ""
30404
30502
30405
#: serverguide/C/backups.xml:837(userinput)
30503
#: serverguide/C/backups.xml:843(userinput)
30406
30504
#, no-wrap
30407
30505
msgid "Sunday"
30408
30506
msgstr "Нядзеля"
30409
30507
30410
#: serverguide/C/backups.xml:836(computeroutput)
30508
#: serverguide/C/backups.xml:842(computeroutput)
30411
30509
#, no-wrap
30412
30510
msgid ""
30413
30511
"\n"
30417
30515
" 2: Scratch"
30418
30516
msgstr ""
30419
30517
30420
#: serverguide/C/backups.xml:842(para)
30518
#: serverguide/C/backups.xml:848(para)
30421
30519
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
30422
30520
msgstr ""
30423
30521
30424
#: serverguide/C/backups.xml:847(para)
30522
#: serverguide/C/backups.xml:853(para)
30425
30523
msgid "Now, select the <emphasis>Pool</emphasis>:"
30426
30524
msgstr ""
30427
30525
30428
#: serverguide/C/backups.xml:851(computeroutput)
30526
#: serverguide/C/backups.xml:857(computeroutput)
30429
30527
#, no-wrap
30430
30528
msgid ""
30431
30529
"\n"
30434
30532
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
30435
30533
msgstr ""
30436
30534
30437
#: serverguide/C/backups.xml:859(para)
30535
#: serverguide/C/backups.xml:865(para)
30438
30536
msgid ""
30439
30537
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
30440
30538
"backup the localhost to an attached tape drive."
30441
30539
msgstr ""
30442
30540
30443
#: serverguide/C/backups.xml:867(para)
30541
#: serverguide/C/backups.xml:873(para)
30444
30542
msgid ""
30445
30543
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
30446
30544
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
30447
30545
"Manual</ulink>"
30448
30546
msgstr ""
30449
30547
30450
#: serverguide/C/backups.xml:873(para)
30548
#: serverguide/C/backups.xml:879(para)
30451
30549
msgid ""
30452
30550
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
30453
30551
"the latest Bacula news and developments."
30455
30553
"<ulink url=\"http://www.bacula.org/\">Хатняя старонка Bacula</ulink> "
30456
30554
"зьмяшнае апошнія навіны і распрацоўкі."
30457
30555
30458
#: serverguide/C/backups.xml:878(para)
30556
#: serverguide/C/backups.xml:884(para)
30459
30557
msgid ""
30460
30558
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
30461
30559
"Ubuntu Wiki</ulink> page."
30496
30594
#~ msgstr ""
30497
30595
#~ "\n"
30498
30596
#~ "http://localhost/mediawiki/config/index.php\n"
30597
30598
#~ msgid "sudo e2fsck -f /dev/vg01/srv"
30599
#~ msgstr "sudo e2fsck -f /dev/vg01/srv"
30600
30601
#~ msgid "sudo resize2fs /dev/vg01/srv"
30602
#~ msgstr "sudo resize2fs /dev/vg01/srv"
30603
30604
#~ msgid "sudo bash backup.sh"
30605
#~ msgstr "sudo bash backup.sh"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1