« back to all changes in this revision
Viewing changes to serverguide/po/bg.po
- browse files at revision 261
- compare with another revision
- download diff
- download tarball
- view history from revision 261
- Committer: Doug Smythies
- Date: 2016-01-05 22:55:10 UTC
- Revision ID: dsmythies@telus.net-20160105225510-2eg49ayn1hh6rk19
Updated the po files
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/bg.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
10
"POT-Creation-Date: 2015-12-01 09:44-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: Doug Smythies <Unknown>\n"
13
13
"Language-Team: Bulgarian <bg@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:33+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
17
"X-Launchpad-Export-Date: 2016-01-05 22:21+0000\n"
18
"X-Generator: Launchpad (build 17876)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
86
86
"for the development and deployment of Web-based applications."
87
87
msgstr ""
88
88
89
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
89
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:853(title) serverguide/C/web-servers.xml:976(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:805(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2799(title) serverguide/C/network-auth.xml:3271(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1287(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:602(title)
90
90
msgid "Installation"
91
91
msgstr "Инсталиране"
92
92
104
104
msgid "sudo apt-get install apache2"
105
105
msgstr "sudo apt-get install apache2"
106
106
107
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
107
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:864(title) serverguide/C/web-servers.xml:1003(title) serverguide/C/web-servers.xml:1106(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2886(title) serverguide/C/network-auth.xml:3292(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1299(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:631(title)
108
108
msgid "Configuration"
109
109
msgstr "Настройка"
110
110
146
146
"<application>apache2</application> is restarted."
147
147
msgstr ""
148
148
149
#: serverguide/C/web-servers.xml:93(para)
149
#: serverguide/C/web-servers.xml:108(para)
150
150
msgid ""
151
151
"<emphasis>envvars:</emphasis> file where Apache2 "
152
152
"<emphasis>environment</emphasis> variables are set."
153
153
msgstr ""
154
154
155
#: serverguide/C/web-servers.xml:106(para)
155
#: serverguide/C/web-servers.xml:113(para)
156
156
msgid ""
157
157
"<emphasis>mods-available:</emphasis> this directory contains configuration "
158
158
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
159
159
"modules will have specific configuration files, however."
160
160
msgstr ""
161
161
162
#: serverguide/C/web-servers.xml:112(para)
162
#: serverguide/C/web-servers.xml:119(para)
163
163
msgid ""
164
164
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
165
165
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
167
167
"<application>apache2</application> is restarted."
168
168
msgstr ""
169
169
170
#: serverguide/C/web-servers.xml:119(para)
170
#: serverguide/C/web-servers.xml:126(para)
171
171
msgid ""
172
172
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
173
173
"TCP ports Apache2 is listening on."
174
174
msgstr ""
175
175
176
#: serverguide/C/web-servers.xml:124(para)
176
#: serverguide/C/web-servers.xml:131(para)
177
177
msgid ""
178
178
"<emphasis>sites-available:</emphasis> this directory has configuration files "
179
179
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
180
180
"to be configured for multiple sites that have separate configurations."
181
181
msgstr ""
182
182
183
#: serverguide/C/web-servers.xml:130(para)
183
#: serverguide/C/web-servers.xml:138(para)
184
184
msgid ""
185
185
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
186
186
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
195
195
"the first few bytes of a file."
196
196
msgstr ""
197
197
198
#: serverguide/C/web-servers.xml:138(para)
198
#: serverguide/C/web-servers.xml:151(para)
199
199
msgid ""
200
200
"In addition, other configuration files may be added using the "
201
201
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
204
204
"recognized by Apache2 when it is started or restarted."
205
205
msgstr ""
206
206
207
#: serverguide/C/web-servers.xml:147(para)
207
#: serverguide/C/web-servers.xml:160(para)
208
208
msgid ""
209
209
"The server also reads a file containing mime document types; the filename is "
210
210
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
213
213
"by default."
214
214
msgstr ""
215
215
216
#: serverguide/C/web-servers.xml:155(title)
216
#: serverguide/C/web-servers.xml:168(title)
217
217
msgid "Basic Settings"
218
218
msgstr "Основни настройки"
219
219
237
237
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
238
238
msgstr ""
239
239
240
#: serverguide/C/web-servers.xml:177(para)
240
#: serverguide/C/web-servers.xml:190(para)
241
241
msgid ""
242
242
"The directives set for a virtual host only apply to that particular virtual "
243
243
"host. If a directive is set server-wide and not defined within the virtual "
246
246
"virtual host."
247
247
msgstr ""
248
248
249
#: serverguide/C/web-servers.xml:185(para)
249
#: serverguide/C/web-servers.xml:198(para)
250
250
msgid ""
251
251
"If you wish to configure a new virtual host or site, copy that file into the "
252
252
"same directory with a name you choose. For example:"
258
258
"available/mynewsite.conf"
259
259
msgstr ""
260
260
261
#: serverguide/C/web-servers.xml:194(para)
261
#: serverguide/C/web-servers.xml:207(para)
262
262
msgid ""
263
263
"Edit the new file to configure the new site using some of the directives "
264
264
"described below."
265
265
msgstr ""
266
266
267
#: serverguide/C/web-servers.xml:201(para)
267
#: serverguide/C/web-servers.xml:214(para)
268
268
msgid ""
269
269
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
270
270
"to be advertised for the server's administrator. The default value is "
275
275
"configuration file in /etc/apache2/sites-available."
276
276
msgstr ""
277
277
278
#: serverguide/C/web-servers.xml:212(para)
278
#: serverguide/C/web-servers.xml:225(para)
279
279
msgid ""
280
280
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
281
281
"the IP address, Apache2 should listen on. If the IP address is not "
301
301
"available/mynewsite.conf</filename>)."
302
302
msgstr ""
303
303
304
#: serverguide/C/web-servers.xml:237(para)
304
#: serverguide/C/web-servers.xml:250(para)
305
305
msgid ""
306
306
"You may also want your site to respond to www.ubunturocks.com, since many "
307
307
"users will assume the www prefix is appropriate. Use the "
309
309
"wildcards in the ServerAlias directive."
310
310
msgstr ""
311
311
312
#: serverguide/C/web-servers.xml:244(para)
312
#: serverguide/C/web-servers.xml:257(para)
313
313
msgid ""
314
314
"For example, the following configuration will cause your site to respond to "
315
315
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
316
316
msgstr ""
317
317
318
#: serverguide/C/web-servers.xml:250(programlisting)
318
#: serverguide/C/web-servers.xml:263(programlisting)
319
319
#, no-wrap
320
320
msgid ""
321
321
"\n"
333
333
"virtual host file, and remember to create that directory if necessary!"
334
334
msgstr ""
335
335
336
#: serverguide/C/web-servers.xml:265(para)
336
#: serverguide/C/web-servers.xml:278(para)
337
337
msgid ""
338
338
"Enable the new <emphasis>VirtualHost</emphasis> using the "
339
339
"<application>a2ensite</application> utility and restart Apache2:"
340
340
msgstr ""
341
341
342
#: serverguide/C/web-servers.xml:271(command)
342
#: serverguide/C/web-servers.xml:284(command)
343
343
msgid "sudo a2ensite mynewsite"
344
344
msgstr "sudo a2ensite mynewsite"
345
345
346
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
346
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
347
347
msgid "sudo service apache2 restart"
348
348
msgstr "sudo service apache2 restart"
349
349
350
#: serverguide/C/web-servers.xml:276(para)
350
#: serverguide/C/web-servers.xml:289(para)
351
351
msgid ""
352
352
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
353
353
"name for the VirtualHost. One method is to name the file after the "
354
354
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
355
355
msgstr ""
356
356
357
#: serverguide/C/web-servers.xml:283(para)
357
#: serverguide/C/web-servers.xml:296(para)
358
358
msgid ""
359
359
"Similarly, use the <application>a2dissite</application> utility to disable "
360
360
"sites. This is can be useful when troubleshooting configuration problems "
361
361
"with multiple VirtualHosts:"
362
362
msgstr ""
363
363
364
#: serverguide/C/web-servers.xml:289(command)
364
#: serverguide/C/web-servers.xml:302(command)
365
365
msgid "sudo a2dissite mynewsite"
366
366
msgstr "sudo a2dissite mynewsite"
367
367
368
#: serverguide/C/web-servers.xml:295(title)
368
#: serverguide/C/web-servers.xml:308(title)
369
369
msgid "Default Settings"
370
370
msgstr "Настройки по подразбиране"
371
371
372
#: serverguide/C/web-servers.xml:297(para)
372
#: serverguide/C/web-servers.xml:310(para)
373
373
msgid ""
374
374
"This section explains configuration of the Apache2 server default settings. "
375
375
"For example, if you add a virtual host, the settings you configure for the "
377
377
"defined within the virtual host settings, the default value is used."
378
378
msgstr ""
379
379
380
#: serverguide/C/web-servers.xml:309(para)
380
#: serverguide/C/web-servers.xml:322(para)
381
381
msgid ""
382
382
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
383
383
"server when a user requests an index of a directory by specifying a forward "
384
384
"slash (/) at the end of the directory name."
385
385
msgstr ""
386
386
387
#: serverguide/C/web-servers.xml:316(para)
387
#: serverguide/C/web-servers.xml:329(para)
388
388
msgid ""
389
389
"For example, when a user requests the page "
390
390
"http://www.example.com/this_directory/, he or she will get either the "
412
412
"example files."
413
413
msgstr ""
414
414
415
#: serverguide/C/web-servers.xml:347(para)
415
#: serverguide/C/web-servers.xml:360(para)
416
416
msgid ""
417
417
"By default, the server writes the transfer log to the file "
418
418
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
419
419
"per-site basis in your virtual host configuration files with the "
420
420
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
421
"specified in <filename> /etc/apache2/conf.d/other-vhosts-access-"
422
"log</filename>. You may also specify the file to which errors are logged, "
423
"via the <emphasis>ErrorLog</emphasis> directive, whose default is "
421
"specified in <filename> /etc/apache2/conf-available/other-vhosts-access-"
422
"log.conf</filename>. You may also specify the file to which errors are "
423
"logged, via the <emphasis>ErrorLog</emphasis> directive, whose default is "
424
424
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
425
425
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
426
426
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
428
428
"/etc/apache2/apache2.conf</filename> for the default value)."
429
429
msgstr ""
430
430
431
#: serverguide/C/web-servers.xml:362(para)
431
#: serverguide/C/web-servers.xml:375(para)
432
432
msgid ""
433
433
"Some options are specified on a per-directory basis rather than per-server. "
434
434
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
444
444
"</Directory>\n"
445
445
msgstr ""
446
446
447
#: serverguide/C/web-servers.xml:374(para)
447
#: serverguide/C/web-servers.xml:387(para)
448
448
msgid ""
449
449
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
450
450
"one or more of the following values (among others), separated by spaces:"
451
451
msgstr ""
452
452
453
#: serverguide/C/web-servers.xml:386(para)
453
#: serverguide/C/web-servers.xml:399(para)
454
454
msgid ""
455
455
"Most files should not be executed as CGI scripts. This would be very "
456
456
"dangerous. CGI scripts should kept in a directory separate from and outside "
459
459
"<filename>/usr/lib/cgi-bin</filename>."
460
460
msgstr ""
461
461
462
#: serverguide/C/web-servers.xml:381(para)
462
#: serverguide/C/web-servers.xml:394(para)
463
463
msgid ""
464
464
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
465
465
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
466
466
msgstr ""
467
467
468
#: serverguide/C/web-servers.xml:397(para)
468
#: serverguide/C/web-servers.xml:410(para)
469
469
msgid ""
470
470
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
471
471
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
474
474
"documentation (Ubuntu community)</ulink> for more information."
475
475
msgstr ""
476
476
477
#: serverguide/C/web-servers.xml:406(para)
477
#: serverguide/C/web-servers.xml:419(para)
478
478
msgid ""
479
479
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
480
480
"includes, but disable the <emphasis>#exec</emphasis> and "
481
481
"<emphasis>#include</emphasis> commands in CGI scripts."
482
482
msgstr ""
483
483
484
#: serverguide/C/web-servers.xml:418(para)
484
#: serverguide/C/web-servers.xml:431(para)
485
485
msgid ""
486
486
"For security reasons, this should usually not be set, and certainly should "
487
487
"not be set on your DocumentRoot directory. Enable this option carefully on a "
489
489
"contents of the directory."
490
490
msgstr ""
491
491
492
#: serverguide/C/web-servers.xml:413(para)
492
#: serverguide/C/web-servers.xml:426(para)
493
493
msgid ""
494
494
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
495
495
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
505
505
"Apache2 documentation on this option</ulink>."
506
506
msgstr ""
507
507
508
#: serverguide/C/web-servers.xml:436(para)
508
#: serverguide/C/web-servers.xml:449(para)
509
509
msgid ""
510
510
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
511
511
"symbolic links if the target file or directory has the same owner as the "
512
512
"link."
513
513
msgstr ""
514
514
515
#: serverguide/C/web-servers.xml:448(title)
515
#: serverguide/C/web-servers.xml:461(title)
516
516
msgid "httpd Settings"
517
517
msgstr "httpd настройки"
518
518
519
#: serverguide/C/web-servers.xml:450(para)
519
#: serverguide/C/web-servers.xml:463(para)
520
520
msgid ""
521
521
"This section explains some basic <application>httpd</application> daemon "
522
522
"configuration settings."
523
523
msgstr ""
524
524
525
#: serverguide/C/web-servers.xml:454(para)
525
#: serverguide/C/web-servers.xml:467(para)
526
526
msgid ""
527
527
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
528
528
"the path to the lockfile used when the server is compiled with either "
533
533
"that is readable only by root."
534
534
msgstr ""
535
535
536
#: serverguide/C/web-servers.xml:463(para)
536
#: serverguide/C/web-servers.xml:476(para)
537
537
msgid ""
538
538
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
539
539
"file in which the server records its process ID (pid). This file should only "
540
540
"be readable by root. In most cases, it should be left to the default value."
541
541
msgstr ""
542
542
543
#: serverguide/C/web-servers.xml:469(para)
543
#: serverguide/C/web-servers.xml:482(para)
544
544
msgid ""
545
545
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
546
546
"used by the server to answer requests. This setting determines the server's "
548
548
"your website's visitors. The default value for User is \"www-data\"."
549
549
msgstr ""
550
550
551
#: serverguide/C/web-servers.xml:476(para)
551
#: serverguide/C/web-servers.xml:489(para)
552
552
msgid ""
553
553
"Unless you know exactly what you are doing, do not set the User directive to "
554
554
"root. Using root as the User will create large security holes for your Web "
555
555
"server."
556
556
msgstr ""
557
557
558
#: serverguide/C/web-servers.xml:482(para)
558
#: serverguide/C/web-servers.xml:495(para)
559
559
msgid ""
560
560
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
561
561
"the User directive. Group sets the group under which the server will answer "
562
562
"requests. The default group is also \"www-data\"."
563
563
msgstr ""
564
564
565
#: serverguide/C/web-servers.xml:489(title)
565
#: serverguide/C/web-servers.xml:502(title)
566
566
msgid "Apache2 Modules"
567
567
msgstr "Apache2 модули"
568
568
569
#: serverguide/C/web-servers.xml:491(para)
569
#: serverguide/C/web-servers.xml:504(para)
570
570
msgid ""
571
571
"Apache2 is a modular server. This implies that only the most basic "
572
572
"functionality is included in the core server. Extended features are "
577
577
"Apache2 must be recompiled to add or remove modules."
578
578
msgstr ""
579
579
580
#: serverguide/C/web-servers.xml:503(para)
580
#: serverguide/C/web-servers.xml:516(para)
581
581
msgid ""
582
582
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
583
583
"Configuration directives may be conditionally included on the presence of a "
585
585
"<emphasis><IfModule></emphasis> block."
586
586
msgstr ""
587
587
588
#: serverguide/C/web-servers.xml:510(para)
588
#: serverguide/C/web-servers.xml:523(para)
589
589
msgid ""
590
590
"You can install additional Apache2 modules and use them with your Web "
591
591
"server. For example, run the following command from a terminal prompt to "
592
592
"install the <emphasis>MySQL Authentication</emphasis> module:"
593
593
msgstr ""
594
594
595
#: serverguide/C/web-servers.xml:517(command)
595
#: serverguide/C/web-servers.xml:530(command)
596
596
msgid "sudo apt-get install libapache2-mod-auth-mysql"
597
597
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
598
598
599
#: serverguide/C/web-servers.xml:520(para)
599
#: serverguide/C/web-servers.xml:533(para)
600
600
msgid ""
601
601
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
602
602
"additional modules."
603
603
msgstr ""
604
604
605
#: serverguide/C/web-servers.xml:524(para)
605
#: serverguide/C/web-servers.xml:537(para)
606
606
msgid ""
607
607
"Use the <application>a2enmod</application> utility to enable a module:"
608
608
msgstr ""
609
609
610
#: serverguide/C/web-servers.xml:530(command)
610
#: serverguide/C/web-servers.xml:543(command)
611
611
msgid "sudo a2enmod auth_mysql"
612
612
msgstr "sudo a2enmod auth_mysql"
613
613
614
#: serverguide/C/web-servers.xml:534(para)
614
#: serverguide/C/web-servers.xml:547(para)
615
615
msgid "Similarly, <application>a2dismod</application> will disable a module:"
616
616
msgstr ""
617
617
618
#: serverguide/C/web-servers.xml:539(command)
618
#: serverguide/C/web-servers.xml:552(command)
619
619
msgid "sudo a2dismod auth_mysql"
620
620
msgstr "sudo a2dismod auth_mysql"
621
621
622
#: serverguide/C/web-servers.xml:546(title)
622
#: serverguide/C/web-servers.xml:559(title)
623
623
msgid "HTTPS Configuration"
624
624
msgstr "HTTPS настройка"
625
625
626
#: serverguide/C/web-servers.xml:548(para)
626
#: serverguide/C/web-servers.xml:561(para)
627
627
msgid ""
628
628
"The <application>mod_ssl</application> module adds an important feature to "
629
629
"the Apache2 server - the ability to encrypt communications. Thus, when your "
632
632
"bar."
633
633
msgstr ""
634
634
635
#: serverguide/C/web-servers.xml:557(para)
635
#: serverguide/C/web-servers.xml:570(para)
636
636
msgid ""
637
637
"The <application>mod_ssl</application> module is available in "
638
638
"<application>apache2-common</application> package. Execute the following "
640
640
"<application>mod_ssl</application> module:"
641
641
msgstr ""
642
642
643
#: serverguide/C/web-servers.xml:564(command)
643
#: serverguide/C/web-servers.xml:577(command)
644
644
msgid "sudo a2enmod ssl"
645
645
msgstr "sudo a2enmod ssl"
646
646
658
658
"linkend=\"certificates-and-security\"/>"
659
659
msgstr ""
660
660
661
#: serverguide/C/web-servers.xml:577(para)
661
#: serverguide/C/web-servers.xml:590(para)
662
662
msgid ""
663
663
"To configure <application>Apache2</application> for HTTPS, enter the "
664
664
"following:"
665
665
msgstr ""
666
666
667
#: serverguide/C/web-servers.xml:582(command)
667
#: serverguide/C/web-servers.xml:595(command)
668
668
msgid "sudo a2ensite default-ssl"
669
669
msgstr "sudo a2ensite default-ssl"
670
670
671
#: serverguide/C/web-servers.xml:586(para)
671
#: serverguide/C/web-servers.xml:599(para)
672
672
msgid ""
673
673
"The directories <filename>/etc/ssl/certs</filename> and "
674
674
"<filename>/etc/ssl/private</filename> are the default locations. If you "
677
677
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
678
678
msgstr ""
679
679
680
#: serverguide/C/web-servers.xml:593(para)
680
#: serverguide/C/web-servers.xml:606(para)
681
681
msgid ""
682
682
"With Apache2 now configured for HTTPS, restart the service to enable the new "
683
683
"settings:"
684
684
msgstr ""
685
685
686
#: serverguide/C/web-servers.xml:604(para)
686
#: serverguide/C/web-servers.xml:617(para)
687
687
msgid ""
688
688
"Depending on how you obtained your certificate you may need to enter a "
689
689
"passphrase when <application>Apache2</application> starts."
690
690
msgstr ""
691
691
692
#: serverguide/C/web-servers.xml:610(para)
692
#: serverguide/C/web-servers.xml:623(para)
693
693
msgid ""
694
694
"You can access the secure server pages by typing https://your_hostname/url/ "
695
695
"in your browser address bar."
696
696
msgstr ""
697
697
698
#: serverguide/C/web-servers.xml:617(title)
698
#: serverguide/C/web-servers.xml:630(title)
699
699
msgid "Sharing Write Permission"
700
700
msgstr ""
701
701
716
716
msgstr ""
717
717
718
718
#: serverguide/C/web-servers.xml:641(command)
719
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
720
msgstr ""
721
722
#: serverguide/C/web-servers.xml:632(para)
719
msgid "sudo find /var/www/html -type f -exec chmod g=rw \"{}\" \\;"
720
msgstr ""
721
722
#: serverguide/C/web-servers.xml:643(para)
723
msgid ""
724
"These commands recursively set the group permission on all files and "
725
"directories in /var/www/html to read write and set user id. This has the "
726
"effect of having the files and directories inherit their group and "
727
"permission from their parrent. Many admins find this useful for allowing "
728
"multiple users to edit files in a directory tree."
729
msgstr ""
730
731
#: serverguide/C/web-servers.xml:652(para)
723
732
msgid ""
724
733
"If access must be granted to more than one group per directory, enable "
725
734
"Access Control Lists (ACLs)."
726
735
msgstr ""
727
736
728
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
737
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:809(title) serverguide/C/web-servers.xml:958(title) serverguide/C/web-servers.xml:1053(title) serverguide/C/web-servers.xml:1278(title) serverguide/C/vpn.xml:843(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1217(title) serverguide/C/security.xml:1631(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:301(title)
729
738
msgid "References"
730
739
msgstr ""
731
740
732
#: serverguide/C/web-servers.xml:656(para)
741
#: serverguide/C/web-servers.xml:663(para)
733
742
msgid ""
734
743
"<ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
735
744
"Documentation</ulink> contains in depth information on Apache2 configuration "
737
746
"the official Apache2 docs."
738
747
msgstr ""
739
748
740
#: serverguide/C/web-servers.xml:650(para)
749
#: serverguide/C/web-servers.xml:670(para)
741
750
msgid ""
742
751
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
743
752
"Documentation</ulink> site for more SSL related information."
744
753
msgstr ""
745
754
746
#: serverguide/C/web-servers.xml:656(para)
755
#: serverguide/C/web-servers.xml:676(para)
747
756
msgid ""
748
757
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
749
758
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
750
759
"configurations."
751
760
msgstr ""
752
761
753
#: serverguide/C/web-servers.xml:662(para)
762
#: serverguide/C/web-servers.xml:682(para)
754
763
msgid ""
755
764
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
756
765
"server</emphasis> IRC channel on <ulink "
757
766
"url=\"http://freenode.net/\">freenode.net</ulink>."
758
767
msgstr ""
759
768
760
#: serverguide/C/web-servers.xml:668(para)
769
#: serverguide/C/web-servers.xml:688(para)
761
770
msgid ""
762
771
"Usually integrated with PHP and MySQL the <ulink "
763
772
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
764
773
"Ubuntu Wiki </ulink> page is a good resource."
765
774
msgstr ""
766
775
767
#: serverguide/C/web-servers.xml:679(title)
776
#: serverguide/C/web-servers.xml:699(title)
768
777
msgid "PHP5 - Scripting Language"
769
778
msgstr ""
770
779
771
#: serverguide/C/web-servers.xml:680(para)
780
#: serverguide/C/web-servers.xml:700(para)
772
781
msgid ""
773
782
"PHP is a general-purpose scripting language suited for Web development. The "
774
783
"PHP script can be embedded into HTML. This section explains how to install "
775
784
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
776
785
msgstr ""
777
786
778
#: serverguide/C/web-servers.xml:684(para)
787
#: serverguide/C/web-servers.xml:704(para)
779
788
msgid ""
780
789
"This section assumes you have installed and configured Apache2 Web Server "
781
790
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
783
792
"respectively."
784
793
msgstr ""
785
794
786
#: serverguide/C/web-servers.xml:691(para)
795
#: serverguide/C/web-servers.xml:711(para)
787
796
msgid ""
788
797
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
789
798
"installed in the base system, PHP must be added."
790
799
msgstr ""
791
800
792
#: serverguide/C/web-servers.xml:695(para)
801
#: serverguide/C/web-servers.xml:715(para)
793
802
msgid ""
794
803
"To install PHP5 you can enter the following command in the terminal prompt: "
795
804
"<screen>\n"
797
806
"</screen>"
798
807
msgstr ""
799
808
800
#: serverguide/C/web-servers.xml:704(para)
809
#: serverguide/C/web-servers.xml:724(para)
801
810
msgid ""
802
811
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
803
812
"line you should install <application>php5-cli</application> package. To "
807
816
"</screen>"
808
817
msgstr ""
809
818
810
#: serverguide/C/web-servers.xml:713(para)
819
#: serverguide/C/web-servers.xml:733(para)
811
820
msgid ""
812
821
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
813
822
"accomplish this, you should install <application>php5-cgi</application> "
817
826
"</screen>"
818
827
msgstr ""
819
828
820
#: serverguide/C/web-servers.xml:723(para)
829
#: serverguide/C/web-servers.xml:743(para)
821
830
msgid ""
822
831
"To use <application>MySQL</application> with PHP5 you should install "
823
832
"<application>php5-mysql</application> package. To install <application>php5-"
827
836
"</screen>"
828
837
msgstr ""
829
838
830
#: serverguide/C/web-servers.xml:731(para)
839
#: serverguide/C/web-servers.xml:751(para)
831
840
msgid ""
832
841
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
833
842
"install <application>php5-pgsql</application> package. To install "
837
846
"</screen>"
838
847
msgstr ""
839
848
840
#: serverguide/C/web-servers.xml:744(para)
849
#: serverguide/C/web-servers.xml:764(para)
841
850
msgid ""
842
851
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
843
852
"you have installed <application>php5-cli</application> package, you can run "
844
853
"PHP5 scripts from your command prompt."
845
854
msgstr ""
846
855
847
#: serverguide/C/web-servers.xml:751(para)
856
#: serverguide/C/web-servers.xml:771(para)
848
857
msgid ""
849
858
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
850
859
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
855
864
"command."
856
865
msgstr ""
857
866
858
#: serverguide/C/web-servers.xml:762(para)
867
#: serverguide/C/web-servers.xml:782(para)
859
868
msgid ""
860
869
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
861
870
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
863
872
"<screen><command>sudo service apache2 restart</command> </screen>"
864
873
msgstr ""
865
874
866
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
875
#: serverguide/C/web-servers.xml:790(title) serverguide/C/network-auth.xml:1076(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1669(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
867
876
msgid "Testing"
868
877
msgstr ""
869
878
870
#: serverguide/C/web-servers.xml:771(para)
879
#: serverguide/C/web-servers.xml:791(para)
871
880
msgid ""
872
881
"To verify your installation, you can run following PHP5 phpinfo script:"
873
882
msgstr ""
874
883
875
#: serverguide/C/web-servers.xml:774(programlisting)
884
#: serverguide/C/web-servers.xml:794(programlisting)
876
885
#, no-wrap
877
886
msgid ""
878
887
"\n"
881
890
"?>\n"
882
891
msgstr ""
883
892
884
#: serverguide/C/web-servers.xml:779(para)
893
#: serverguide/C/web-servers.xml:799(para)
885
894
msgid ""
886
895
"You can save the content in a file <filename>phpinfo.php</filename> and "
887
896
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
890
899
"various PHP5 configuration parameters."
891
900
msgstr ""
892
901
893
#: serverguide/C/web-servers.xml:793(para)
902
#: serverguide/C/web-servers.xml:813(para)
894
903
msgid ""
895
904
"For more in depth information see <ulink "
896
905
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
897
906
msgstr ""
898
907
899
#: serverguide/C/web-servers.xml:798(para)
908
#: serverguide/C/web-servers.xml:818(para)
900
909
msgid ""
901
910
"There are a plethora of books on PHP. Two good books from O'Reilly are "
902
911
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
904
913
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
905
914
msgstr ""
906
915
907
#: serverguide/C/web-servers.xml:805(para)
916
#: serverguide/C/web-servers.xml:825(para)
908
917
msgid ""
909
918
"Also, see the <ulink "
910
919
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
911
920
"Ubuntu Wiki</ulink> page for more information."
912
921
msgstr ""
913
922
914
#: serverguide/C/web-servers.xml:816(title)
923
#: serverguide/C/web-servers.xml:836(title)
915
924
msgid "Squid - Proxy Server"
916
925
msgstr ""
917
926
918
#: serverguide/C/web-servers.xml:830(para)
927
#: serverguide/C/web-servers.xml:837(para)
919
928
msgid ""
920
929
"Squid is a full-featured web proxy cache server application which provides "
921
930
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
928
937
"(WCCP)."
929
938
msgstr ""
930
939
931
#: serverguide/C/web-servers.xml:838(para)
940
#: serverguide/C/web-servers.xml:845(para)
932
941
msgid ""
933
942
"The Squid proxy cache server is an excellent solution to a variety of proxy "
934
943
"and caching server needs, and scales from the branch office to enterprise "
940
949
"for increased performance."
941
950
msgstr ""
942
951
943
#: serverguide/C/web-servers.xml:834(para)
952
#: serverguide/C/web-servers.xml:854(para)
944
953
msgid ""
945
954
"At a terminal prompt, enter the following command to install the Squid "
946
955
"server:"
947
956
msgstr ""
948
957
949
#: serverguide/C/web-servers.xml:852(command)
958
#: serverguide/C/web-servers.xml:859(command)
950
959
msgid "sudo apt-get install squid3"
951
960
msgstr ""
952
961
953
#: serverguide/C/web-servers.xml:858(para)
962
#: serverguide/C/web-servers.xml:865(para)
954
963
msgid ""
955
964
"Squid is configured by editing the directives contained within the "
956
965
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
959
968
"of Squid, see the References section."
960
969
msgstr ""
961
970
962
#: serverguide/C/web-servers.xml:864(para)
971
#: serverguide/C/web-servers.xml:871(para)
963
972
msgid ""
964
973
"Prior to editing the configuration file, you should make a copy of the "
965
974
"original file and protect it from writing so you will have the original "
967
976
"protect it from writing using the following commands:"
968
977
msgstr ""
969
978
970
#: serverguide/C/web-servers.xml:870(command)
979
#: serverguide/C/web-servers.xml:877(command)
971
980
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
972
981
msgstr ""
973
982
974
#: serverguide/C/web-servers.xml:871(command)
983
#: serverguide/C/web-servers.xml:878(command)
975
984
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
976
985
msgstr ""
977
986
978
#: serverguide/C/web-servers.xml:866(para)
987
#: serverguide/C/web-servers.xml:885(para)
979
988
msgid ""
980
989
"To set your Squid server to listen on TCP port 8888 instead of the default "
981
990
"TCP port 3128, change the http_port directive as such:"
982
991
msgstr ""
983
992
984
#: serverguide/C/web-servers.xml:870(programlisting)
993
#: serverguide/C/web-servers.xml:889(programlisting)
985
994
#, no-wrap
986
995
msgid ""
987
996
"\n"
988
997
"http_port 8888\n"
989
998
msgstr ""
990
999
991
#: serverguide/C/web-servers.xml:875(para)
1000
#: serverguide/C/web-servers.xml:894(para)
992
1001
msgid ""
993
1002
"Change the visible_hostname directive in order to give the Squid server a "
994
1003
"specific hostname. This hostname does not necessarily need to be the "
995
1004
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
996
1005
msgstr ""
997
1006
998
#: serverguide/C/web-servers.xml:879(programlisting)
1007
#: serverguide/C/web-servers.xml:898(programlisting)
999
1008
#, no-wrap
1000
1009
msgid ""
1001
1010
"\n"
1002
1011
"visible_hostname weezie\n"
1003
1012
msgstr ""
1004
1013
1005
#: serverguide/C/web-servers.xml:884(para)
1014
#: serverguide/C/web-servers.xml:903(para)
1006
1015
msgid ""
1007
1016
"Using Squid's access control, you may configure use of Internet services "
1008
1017
"proxied by Squid to be available only users with certain Internet Protocol "
1010
1019
"192.168.42.0/24 subnetwork only:"
1011
1020
msgstr ""
1012
1021
1013
#: serverguide/C/web-servers.xml:901(para) serverguide/C/web-servers.xml:921(para)
1022
#: serverguide/C/web-servers.xml:908(para) serverguide/C/web-servers.xml:928(para)
1014
1023
msgid ""
1015
1024
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1016
1025
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1017
1026
msgstr ""
1018
1027
1019
#: serverguide/C/web-servers.xml:892(programlisting)
1028
#: serverguide/C/web-servers.xml:911(programlisting)
1020
1029
#, no-wrap
1021
1030
msgid ""
1022
1031
"\n"
1023
1032
"acl fortytwo_network src 192.168.42.0/24\n"
1024
1033
msgstr ""
1025
1034
1026
#: serverguide/C/web-servers.xml:907(para) serverguide/C/web-servers.xml:928(para)
1035
#: serverguide/C/web-servers.xml:914(para) serverguide/C/web-servers.xml:935(para)
1027
1036
msgid ""
1028
1037
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1029
1038
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1030
1039
msgstr ""
1031
1040
1032
#: serverguide/C/web-servers.xml:899(programlisting)
1041
#: serverguide/C/web-servers.xml:918(programlisting)
1033
1042
#, no-wrap
1034
1043
msgid ""
1035
1044
"\n"
1036
1045
"http_access allow fortytwo_network\n"
1037
1046
msgstr ""
1038
1047
1039
#: serverguide/C/web-servers.xml:916(para)
1048
#: serverguide/C/web-servers.xml:923(para)
1040
1049
msgid ""
1041
1050
"Using the excellent access control features of Squid, you may configure use "
1042
1051
"of Internet services proxied by Squid to be available only during normal "
1045
1054
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1046
1055
msgstr ""
1047
1056
1048
#: serverguide/C/web-servers.xml:912(programlisting)
1057
#: serverguide/C/web-servers.xml:931(programlisting)
1049
1058
#, no-wrap
1050
1059
msgid ""
1051
1060
"\n"
1053
1062
"acl biz_hours time M T W T F 9:00-17:00\n"
1054
1063
msgstr ""
1055
1064
1056
#: serverguide/C/web-servers.xml:920(programlisting)
1065
#: serverguide/C/web-servers.xml:939(programlisting)
1057
1066
#, no-wrap
1058
1067
msgid ""
1059
1068
"\n"
1060
1069
"http_access allow biz_network biz_hours\n"
1061
1070
msgstr ""
1062
1071
1063
#: serverguide/C/web-servers.xml:939(para)
1072
#: serverguide/C/web-servers.xml:946(para)
1064
1073
msgid ""
1065
1074
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1066
1075
"file, save the file and restart the <application>squid</application> server "
1068
1077
"terminal prompt:"
1069
1078
msgstr ""
1070
1079
1071
#: serverguide/C/web-servers.xml:945(command)
1080
#: serverguide/C/web-servers.xml:952(command)
1072
1081
msgid "sudo service squid3 restart"
1073
1082
msgstr ""
1074
1083
1075
#: serverguide/C/web-servers.xml:941(ulink)
1084
#: serverguide/C/web-servers.xml:960(ulink)
1076
1085
msgid "Squid Website"
1077
1086
msgstr ""
1078
1087
1079
#: serverguide/C/web-servers.xml:943(para)
1088
#: serverguide/C/web-servers.xml:962(para)
1080
1089
msgid ""
1081
1090
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1082
1091
"Squid</ulink> page."
1083
1092
msgstr ""
1084
1093
1085
#: serverguide/C/web-servers.xml:950(title)
1094
#: serverguide/C/web-servers.xml:969(title)
1086
1095
msgid "Ruby on Rails"
1087
1096
msgstr ""
1088
1097
1089
#: serverguide/C/web-servers.xml:951(para)
1098
#: serverguide/C/web-servers.xml:970(para)
1090
1099
msgid ""
1091
1100
"Ruby on Rails is an open source web framework for developing database backed "
1092
1101
"web applications. It is optimized for sustainable productivity of the "
1094
1103
"convention over configuration."
1095
1104
msgstr ""
1096
1105
1097
#: serverguide/C/web-servers.xml:958(para)
1106
#: serverguide/C/web-servers.xml:977(para)
1098
1107
msgid ""
1099
1108
"Before installing <application>Rails</application> you should install "
1100
1109
"<application>Apache</application> and <application>MySQL</application>. To "
1103
1112
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1104
1113
msgstr ""
1105
1114
1106
#: serverguide/C/web-servers.xml:966(para)
1115
#: serverguide/C/web-servers.xml:985(para)
1107
1116
msgid ""
1108
1117
"Once you have <application>Apache</application> and "
1109
1118
"<application>MySQL</application> packages installed, you are ready to "
1110
1119
"install <application>Ruby on Rails</application> package."
1111
1120
msgstr ""
1112
1121
1113
#: serverguide/C/web-servers.xml:973(para)
1122
#: serverguide/C/web-servers.xml:992(para)
1114
1123
msgid ""
1115
1124
"To install the <application>Ruby</application> base packages and "
1116
1125
"<application>Ruby on Rails</application>, you can enter the following "
1117
1126
"command in the terminal prompt:"
1118
1127
msgstr ""
1119
1128
1120
#: serverguide/C/web-servers.xml:979(command)
1129
#: serverguide/C/web-servers.xml:998(command)
1121
1130
msgid "sudo apt-get install rails"
1122
1131
msgstr ""
1123
1132
1124
#: serverguide/C/web-servers.xml:997(para)
1133
#: serverguide/C/web-servers.xml:1004(para)
1125
1134
msgid ""
1126
1135
"Modify the <filename>/etc/apache2/sites-available/000-"
1127
1136
"default.conf</filename> configuration file to setup your domains."
1128
1137
msgstr ""
1129
1138
1130
#: serverguide/C/web-servers.xml:989(para)
1139
#: serverguide/C/web-servers.xml:1008(para)
1131
1140
msgid ""
1132
1141
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1133
1142
msgstr ""
1134
1143
1135
#: serverguide/C/web-servers.xml:993(programlisting)
1144
#: serverguide/C/web-servers.xml:1012(programlisting)
1136
1145
#, no-wrap
1137
1146
msgid ""
1138
1147
"\n"
1139
1148
"DocumentRoot /path/to/rails/application/public\n"
1140
1149
msgstr ""
1141
1150
1142
#: serverguide/C/web-servers.xml:996(para)
1151
#: serverguide/C/web-servers.xml:1015(para)
1143
1152
msgid ""
1144
1153
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1145
1154
"directive:"
1146
1155
msgstr ""
1147
1156
1148
#: serverguide/C/web-servers.xml:1000(programlisting)
1157
#: serverguide/C/web-servers.xml:1019(programlisting)
1149
1158
#, no-wrap
1150
1159
msgid ""
1151
1160
"\n"
1158
1167
"</Directory>\n"
1159
1168
msgstr ""
1160
1169
1161
#: serverguide/C/web-servers.xml:1010(para)
1170
#: serverguide/C/web-servers.xml:1029(para)
1162
1171
msgid ""
1163
1172
"You should also enable the <application>mod_rewrite</application> module for "
1164
1173
"Apache. To enable <application>mod_rewrite</application> module, please "
1165
1174
"enter the following command in a terminal prompt:"
1166
1175
msgstr ""
1167
1176
1168
#: serverguide/C/web-servers.xml:1016(command)
1177
#: serverguide/C/web-servers.xml:1035(command)
1169
1178
msgid "sudo a2enmod rewrite"
1170
1179
msgstr ""
1171
1180
1172
#: serverguide/C/web-servers.xml:1019(para)
1181
#: serverguide/C/web-servers.xml:1038(para)
1173
1182
msgid ""
1174
1183
"Finally you will need to change the ownership of the "
1175
1184
"<filename>/path/to/rails/application/public</filename> and "
1177
1186
"used to run the <application>Apache</application> process:"
1178
1187
msgstr ""
1179
1188
1180
#: serverguide/C/web-servers.xml:1025(command)
1189
#: serverguide/C/web-servers.xml:1044(command)
1181
1190
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1182
1191
msgstr ""
1183
1192
1184
#: serverguide/C/web-servers.xml:1026(command)
1193
#: serverguide/C/web-servers.xml:1045(command)
1185
1194
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1186
1195
msgstr ""
1187
1196
1188
#: serverguide/C/web-servers.xml:1029(para)
1197
#: serverguide/C/web-servers.xml:1048(para)
1189
1198
msgid ""
1190
1199
"That's it! Now you have your Server ready for your <application>Ruby on "
1191
1200
"Rails</application> applications."
1192
1201
msgstr ""
1193
1202
1194
#: serverguide/C/web-servers.xml:1038(para)
1203
#: serverguide/C/web-servers.xml:1057(para)
1195
1204
msgid ""
1196
1205
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1197
1206
"for more information."
1198
1207
msgstr ""
1199
1208
1200
#: serverguide/C/web-servers.xml:1043(para)
1209
#: serverguide/C/web-servers.xml:1062(para)
1201
1210
msgid ""
1202
1211
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1203
1212
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1204
1213
"resource."
1205
1214
msgstr ""
1206
1215
1207
#: serverguide/C/web-servers.xml:1049(para)
1216
#: serverguide/C/web-servers.xml:1068(para)
1208
1217
msgid ""
1209
1218
"Another place for more information is the <ulink "
1210
1219
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1211
1220
"Wiki</ulink> page."
1212
1221
msgstr ""
1213
1222
1214
#: serverguide/C/web-servers.xml:1060(title)
1223
#: serverguide/C/web-servers.xml:1079(title)
1215
1224
msgid "Apache Tomcat"
1216
1225
msgstr ""
1217
1226
1218
#: serverguide/C/web-servers.xml:1061(para)
1227
#: serverguide/C/web-servers.xml:1080(para)
1219
1228
msgid ""
1220
1229
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1221
1230
"JSP (Java Server Pages) web applications."
1222
1231
msgstr ""
1223
1232
1224
#: serverguide/C/web-servers.xml:1075(para)
1233
#: serverguide/C/web-servers.xml:1082(para)
1225
1234
msgid ""
1226
1235
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1227
1236
"legacy version, and Tomcat 7 is the current version where new features are "
1229
1238
"but most configuration details are valid for both versions."
1230
1239
msgstr ""
1231
1240
1232
#: serverguide/C/web-servers.xml:1078(para)
1241
#: serverguide/C/web-servers.xml:1085(para)
1233
1242
msgid ""
1234
1243
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1235
1244
"You can install them as a classic unique system-wide instance, that will be "
1240
1249
"need to test on their own private Tomcat instances."
1241
1250
msgstr ""
1242
1251
1243
#: serverguide/C/web-servers.xml:1073(title)
1252
#: serverguide/C/web-servers.xml:1095(title)
1244
1253
msgid "System-wide installation"
1245
1254
msgstr ""
1246
1255
1247
#: serverguide/C/web-servers.xml:1074(para)
1256
#: serverguide/C/web-servers.xml:1096(para)
1248
1257
msgid ""
1249
1258
"To install the Tomcat server, you can enter the following command in the "
1250
1259
"terminal prompt:"
1251
1260
msgstr ""
1252
1261
1253
#: serverguide/C/web-servers.xml:1092(command)
1262
#: serverguide/C/web-servers.xml:1099(command)
1254
1263
msgid "sudo apt-get install tomcat7"
1255
1264
msgstr ""
1256
1265
1257
#: serverguide/C/web-servers.xml:1079(para)
1266
#: serverguide/C/web-servers.xml:1101(para)
1258
1267
msgid ""
1259
1268
"This will install a Tomcat server with just a default ROOT webapp that "
1260
1269
"displays a minimal \"It works\" page by default."
1261
1270
msgstr ""
1262
1271
1263
#: serverguide/C/web-servers.xml:1100(para)
1272
#: serverguide/C/web-servers.xml:1107(para)
1264
1273
msgid ""
1265
1274
"Tomcat configuration files can be found in "
1266
1275
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1269
1278
"documentation</ulink> for more."
1270
1279
msgstr ""
1271
1280
1272
#: serverguide/C/web-servers.xml:1091(title)
1281
#: serverguide/C/web-servers.xml:1113(title)
1273
1282
msgid "Changing default ports"
1274
1283
msgstr ""
1275
1284
1276
#: serverguide/C/web-servers.xml:1107(para)
1285
#: serverguide/C/web-servers.xml:1114(para)
1277
1286
msgid ""
1278
1287
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1279
1288
"port 8009. You might want to change those default ports to avoid conflict "
1281
1290
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1282
1291
msgstr ""
1283
1292
1284
#: serverguide/C/web-servers.xml:1097(programlisting)
1293
#: serverguide/C/web-servers.xml:1119(programlisting)
1285
1294
#, no-wrap
1286
1295
msgid ""
1287
1296
"\n"
1293
1302
"/>\n"
1294
1303
msgstr ""
1295
1304
1296
#: serverguide/C/web-servers.xml:1106(title)
1305
#: serverguide/C/web-servers.xml:1128(title)
1297
1306
msgid "Changing JVM used"
1298
1307
msgstr ""
1299
1308
1300
#: serverguide/C/web-servers.xml:1122(para)
1309
#: serverguide/C/web-servers.xml:1129(para)
1301
1310
msgid ""
1302
1311
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1303
1312
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1304
1313
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1305
1314
msgstr ""
1306
1315
1307
#: serverguide/C/web-servers.xml:1111(programlisting)
1316
#: serverguide/C/web-servers.xml:1133(programlisting)
1308
1317
#, no-wrap
1309
1318
msgid ""
1310
1319
"\n"
1311
1320
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1312
1321
msgstr ""
1313
1322
1314
#: serverguide/C/web-servers.xml:1116(title)
1323
#: serverguide/C/web-servers.xml:1138(title)
1315
1324
msgid "Declaring users and roles"
1316
1325
msgstr ""
1317
1326
1318
#: serverguide/C/web-servers.xml:1132(para)
1327
#: serverguide/C/web-servers.xml:1139(para)
1319
1328
msgid ""
1320
1329
"Usernames, passwords and roles (groups) can be defined centrally in a "
1321
1330
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1322
1331
"users.xml</filename> file:"
1323
1332
msgstr ""
1324
1333
1325
#: serverguide/C/web-servers.xml:1120(programlisting)
1334
#: serverguide/C/web-servers.xml:1142(programlisting)
1326
1335
#, no-wrap
1327
1336
msgid ""
1328
1337
"\n"
1330
1339
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1331
1340
msgstr ""
1332
1341
1333
#: serverguide/C/web-servers.xml:1128(title)
1342
#: serverguide/C/web-servers.xml:1150(title)
1334
1343
msgid "Using Tomcat standard webapps"
1335
1344
msgstr ""
1336
1345
1337
#: serverguide/C/web-servers.xml:1129(para)
1346
#: serverguide/C/web-servers.xml:1151(para)
1338
1347
msgid ""
1339
1348
"Tomcat is shipped with webapps that you can install for documentation, "
1340
1349
"administration or demo purposes."
1341
1350
msgstr ""
1342
1351
1343
#: serverguide/C/web-servers.xml:1132(title)
1352
#: serverguide/C/web-servers.xml:1154(title)
1344
1353
msgid "Tomcat documentation"
1345
1354
msgstr ""
1346
1355
1347
#: serverguide/C/web-servers.xml:1148(para)
1356
#: serverguide/C/web-servers.xml:1155(para)
1348
1357
msgid ""
1349
1358
"The <application>tomcat7-docs</application> package contains Tomcat "
1350
1359
"documentation, packaged as a webapp that you can access by default at "
1352
1361
"command in the terminal prompt:"
1353
1362
msgstr ""
1354
1363
1355
#: serverguide/C/web-servers.xml:1153(command)
1364
#: serverguide/C/web-servers.xml:1160(command)
1356
1365
msgid "sudo apt-get install tomcat7-docs"
1357
1366
msgstr ""
1358
1367
1359
#: serverguide/C/web-servers.xml:1142(title)
1368
#: serverguide/C/web-servers.xml:1164(title)
1360
1369
msgid "Tomcat administration webapps"
1361
1370
msgstr ""
1362
1371
1363
#: serverguide/C/web-servers.xml:1158(para)
1372
#: serverguide/C/web-servers.xml:1165(para)
1364
1373
msgid ""
1365
1374
"The <application>tomcat7-admin</application> package contains two webapps "
1366
1375
"that can be used to administer the Tomcat server using a web interface. You "
1367
1376
"can install them by entering the following command in the terminal prompt:"
1368
1377
msgstr ""
1369
1378
1370
#: serverguide/C/web-servers.xml:1163(command)
1379
#: serverguide/C/web-servers.xml:1170(command)
1371
1380
msgid "sudo apt-get install tomcat7-admin"
1372
1381
msgstr ""
1373
1382
1374
#: serverguide/C/web-servers.xml:1150(para)
1383
#: serverguide/C/web-servers.xml:1172(para)
1375
1384
msgid ""
1376
1385
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1377
1386
"access by default at http://yourserver:8080/manager/html. It is primarily "
1378
1387
"used to get server status and restart webapps."
1379
1388
msgstr ""
1380
1389
1381
#: serverguide/C/web-servers.xml:1168(para)
1390
#: serverguide/C/web-servers.xml:1175(para)
1382
1391
msgid ""
1383
1392
"Access to the <emphasis>manager</emphasis> application is protected by "
1384
1393
"default: you need to define a user with the role \"manager-gui\" in "
1385
1394
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1386
1395
msgstr ""
1387
1396
1388
#: serverguide/C/web-servers.xml:1157(para)
1397
#: serverguide/C/web-servers.xml:1179(para)
1389
1398
msgid ""
1390
1399
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1391
1400
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1392
1401
"used to create virtual hosts dynamically."
1393
1402
msgstr ""
1394
1403
1395
#: serverguide/C/web-servers.xml:1176(para)
1404
#: serverguide/C/web-servers.xml:1183(para)
1396
1405
msgid ""
1397
1406
"Access to the <emphasis>host-manager</emphasis> application is also "
1398
1407
"protected by default: you need to define a user with the role \"admin-gui\" "
1400
1409
"it."
1401
1410
msgstr ""
1402
1411
1403
#: serverguide/C/web-servers.xml:1181(para)
1412
#: serverguide/C/web-servers.xml:1188(para)
1404
1413
msgid ""
1405
1414
"For security reasons, the tomcat7 user cannot write to the "
1406
1415
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1409
1418
"the following, to give users in the tomcat7 group the necessary rights:"
1410
1419
msgstr ""
1411
1420
1412
#: serverguide/C/web-servers.xml:1188(command)
1421
#: serverguide/C/web-servers.xml:1195(command)
1413
1422
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1414
1423
msgstr ""
1415
1424
1416
#: serverguide/C/web-servers.xml:1189(command)
1425
#: serverguide/C/web-servers.xml:1196(command)
1417
1426
msgid "sudo chmod -R g+w /etc/tomcat7"
1418
1427
msgstr ""
1419
1428
1420
#: serverguide/C/web-servers.xml:1179(title)
1429
#: serverguide/C/web-servers.xml:1201(title)
1421
1430
msgid "Tomcat examples webapps"
1422
1431
msgstr ""
1423
1432
1424
#: serverguide/C/web-servers.xml:1195(para)
1433
#: serverguide/C/web-servers.xml:1202(para)
1425
1434
msgid ""
1426
1435
"The <application>tomcat7-examples</application> package contains two webapps "
1427
1436
"that can be used to test or demonstrate Servlets and JSP features, which you "
1429
1438
"install them by entering the following command in the terminal prompt:"
1430
1439
msgstr ""
1431
1440
1432
#: serverguide/C/web-servers.xml:1201(command)
1441
#: serverguide/C/web-servers.xml:1208(command)
1433
1442
msgid "sudo apt-get install tomcat7-examples"
1434
1443
msgstr ""
1435
1444
1436
#: serverguide/C/web-servers.xml:1192(title)
1445
#: serverguide/C/web-servers.xml:1214(title)
1437
1446
msgid "Using private instances"
1438
1447
msgstr ""
1439
1448
1440
#: serverguide/C/web-servers.xml:1208(para)
1449
#: serverguide/C/web-servers.xml:1215(para)
1441
1450
msgid ""
1442
1451
"Tomcat is heavily used in development and testing scenarios where using a "
1443
1452
"single system-wide instance doesn't meet the requirements of multiple users "
1447
1456
"system-installed libraries."
1448
1457
msgstr ""
1449
1458
1450
#: serverguide/C/web-servers.xml:1200(para)
1459
#: serverguide/C/web-servers.xml:1222(para)
1451
1460
msgid ""
1452
1461
"It is possible to run the system-wide instance and the private instances in "
1453
1462
"parallel, as long as they do not use the same TCP ports."
1454
1463
msgstr ""
1455
1464
1456
#: serverguide/C/web-servers.xml:1204(title)
1465
#: serverguide/C/web-servers.xml:1226(title)
1457
1466
msgid "Installing private instance support"
1458
1467
msgstr ""
1459
1468
1460
#: serverguide/C/web-servers.xml:1205(para)
1469
#: serverguide/C/web-servers.xml:1227(para)
1461
1470
msgid ""
1462
1471
"You can install everything necessary to run private instances by entering "
1463
1472
"the following command in the terminal prompt:"
1464
1473
msgstr ""
1465
1474
1466
#: serverguide/C/web-servers.xml:1223(command)
1475
#: serverguide/C/web-servers.xml:1230(command)
1467
1476
msgid "sudo apt-get install tomcat7-user"
1468
1477
msgstr ""
1469
1478
1470
#: serverguide/C/web-servers.xml:1212(title)
1479
#: serverguide/C/web-servers.xml:1234(title)
1471
1480
msgid "Creating a private instance"
1472
1481
msgstr ""
1473
1482
1474
#: serverguide/C/web-servers.xml:1213(para)
1483
#: serverguide/C/web-servers.xml:1235(para)
1475
1484
msgid ""
1476
1485
"You can create a private instance directory by entering the following "
1477
1486
"command in the terminal prompt:"
1478
1487
msgstr ""
1479
1488
1480
#: serverguide/C/web-servers.xml:1231(command)
1489
#: serverguide/C/web-servers.xml:1238(command)
1481
1490
msgid "tomcat7-instance-create my-instance"
1482
1491
msgstr ""
1483
1492
1484
#: serverguide/C/web-servers.xml:1218(para)
1493
#: serverguide/C/web-servers.xml:1240(para)
1485
1494
msgid ""
1486
1495
"This will create a new <filename>my-instance</filename> directory with all "
1487
1496
"the necessary subdirectories and scripts. You can for example install your "
1490
1499
"are deployed by default."
1491
1500
msgstr ""
1492
1501
1493
#: serverguide/C/web-servers.xml:1226(title)
1502
#: serverguide/C/web-servers.xml:1248(title)
1494
1503
msgid "Configuring your private instance"
1495
1504
msgstr ""
1496
1505
1497
#: serverguide/C/web-servers.xml:1227(para)
1506
#: serverguide/C/web-servers.xml:1249(para)
1498
1507
msgid ""
1499
1508
"You will find the classic Tomcat configuration files for your private "
1500
1509
"instance in the <filename>conf/</filename> subdirectory. You should for "
1503
1512
"conflict with other instances that might be running."
1504
1513
msgstr ""
1505
1514
1506
#: serverguide/C/web-servers.xml:1235(title)
1515
#: serverguide/C/web-servers.xml:1257(title)
1507
1516
msgid "Starting/stopping your private instance"
1508
1517
msgstr ""
1509
1518
1510
#: serverguide/C/web-servers.xml:1236(para)
1519
#: serverguide/C/web-servers.xml:1258(para)
1511
1520
msgid ""
1512
1521
"You can start your private instance by entering the following command in the "
1513
1522
"terminal prompt (supposing your instance is located in the <filename>my-"
1514
1523
"instance</filename> directory):"
1515
1524
msgstr ""
1516
1525
1517
#: serverguide/C/web-servers.xml:1240(command)
1526
#: serverguide/C/web-servers.xml:1262(command)
1518
1527
msgid "my-instance/bin/startup.sh"
1519
1528
msgstr ""
1520
1529
1521
#: serverguide/C/web-servers.xml:1242(para)
1530
#: serverguide/C/web-servers.xml:1264(para)
1522
1531
msgid ""
1523
1532
"You should check the <filename>logs/</filename> subdirectory for any error. "
1524
1533
"If you have a <emphasis>java.net.BindException: Address already in "
1526
1535
"is already taken and that you should change it."
1527
1536
msgstr ""
1528
1537
1529
#: serverguide/C/web-servers.xml:1247(para)
1538
#: serverguide/C/web-servers.xml:1269(para)
1530
1539
msgid ""
1531
1540
"You can stop your instance by entering the following command in the terminal "
1532
1541
"prompt (supposing your instance is located in the <filename>my-"
1533
1542
"instance</filename> directory):"
1534
1543
msgstr ""
1535
1544
1536
#: serverguide/C/web-servers.xml:1251(command)
1545
#: serverguide/C/web-servers.xml:1273(command)
1537
1546
msgid "my-instance/bin/shutdown.sh"
1538
1547
msgstr ""
1539
1548
1540
#: serverguide/C/web-servers.xml:1260(para)
1549
#: serverguide/C/web-servers.xml:1282(para)
1541
1550
msgid ""
1542
1551
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1543
1552
"website for more information."
1544
1553
msgstr ""
1545
1554
1546
#: serverguide/C/web-servers.xml:1280(para)
1555
#: serverguide/C/web-servers.xml:1287(para)
1547
1556
msgid ""
1548
1557
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1549
1558
"Definitive Guide</ulink> is a good resource for building web applications "
1550
1559
"with Tomcat."
1551
1560
msgstr ""
1552
1561
1553
#: serverguide/C/web-servers.xml:1271(para)
1562
#: serverguide/C/web-servers.xml:1293(para)
1554
1563
msgid ""
1555
1564
"For additional books see the <ulink "
1556
1565
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1681
1690
"\n"
1682
1691
msgstr ""
1683
1692
1684
#: serverguide/C/vpn.xml:90(para)
1693
#: serverguide/C/vpn.xml:94(para)
1685
1694
msgid ""
1686
1695
"Enter the following to generate the master Certificate Authority (CA) "
1687
1696
"certificate and key:"
1688
1697
msgstr ""
1689
1698
1690
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1699
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1691
1700
msgid "cd /etc/openvpn/easy-rsa/"
1692
1701
msgstr ""
1693
1702
1694
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1703
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1695
1704
msgid "source vars"
1696
1705
msgstr ""
1697
1706
1698
#: serverguide/C/vpn.xml:97(command)
1707
#: serverguide/C/vpn.xml:101(command)
1699
1708
msgid "./clean-all"
1700
1709
msgstr ""
1701
1710
1702
#: serverguide/C/vpn.xml:98(command)
1711
#: serverguide/C/vpn.xml:102(command)
1703
1712
msgid "./build-ca"
1704
1713
msgstr ""
1705
1714
1706
#: serverguide/C/vpn.xml:103(title)
1715
#: serverguide/C/vpn.xml:107(title)
1707
1716
msgid "Server Certificates"
1708
1717
msgstr ""
1709
1718
1710
#: serverguide/C/vpn.xml:105(para)
1719
#: serverguide/C/vpn.xml:109(para)
1711
1720
msgid "Next, we will generate a certificate and private key for the server:"
1712
1721
msgstr ""
1713
1722
1714
#: serverguide/C/vpn.xml:110(command)
1723
#: serverguide/C/vpn.xml:114(command)
1715
1724
msgid "./build-key-server myservername"
1716
1725
msgstr ""
1717
1726
1718
#: serverguide/C/vpn.xml:113(para)
1727
#: serverguide/C/vpn.xml:117(para)
1719
1728
msgid ""
1720
1729
"As in the previous step, most parameters can be defaulted. Two other queries "
1721
1730
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1722
1731
"certificate requests certified, commit? [y/n]\"."
1723
1732
msgstr ""
1724
1733
1725
#: serverguide/C/vpn.xml:117(para)
1734
#: serverguide/C/vpn.xml:121(para)
1726
1735
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1727
1736
msgstr ""
1728
1737
1729
#: serverguide/C/vpn.xml:122(command)
1738
#: serverguide/C/vpn.xml:126(command)
1730
1739
msgid "./build-dh"
1731
1740
msgstr ""
1732
1741
1733
#: serverguide/C/vpn.xml:125(para)
1742
#: serverguide/C/vpn.xml:129(para)
1734
1743
msgid ""
1735
1744
"All certificates and keys have been generated in the subdirectory keys/. "
1736
1745
"Common practice is to copy them to /etc/openvpn/:"
1737
1746
msgstr ""
1738
1747
1739
#: serverguide/C/vpn.xml:129(command)
1748
#: serverguide/C/vpn.xml:133(command)
1740
1749
msgid "cd keys/"
1741
1750
msgstr ""
1742
1751
1744
1753
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1745
1754
msgstr ""
1746
1755
1747
#: serverguide/C/vpn.xml:135(title)
1756
#: serverguide/C/vpn.xml:139(title)
1748
1757
msgid "Client Certificates"
1749
1758
msgstr ""
1750
1759
1751
#: serverguide/C/vpn.xml:137(para)
1760
#: serverguide/C/vpn.xml:141(para)
1752
1761
msgid ""
1753
1762
"The VPN client will also need a certificate to authenticate itself to the "
1754
1763
"server. Usually you create a different certificate for each client. To "
1756
1765
"root:"
1757
1766
msgstr ""
1758
1767
1759
#: serverguide/C/vpn.xml:145(command)
1768
#: serverguide/C/vpn.xml:149(command)
1760
1769
msgid "./build-key client1"
1761
1770
msgstr ""
1762
1771
1763
#: serverguide/C/vpn.xml:148(para)
1772
#: serverguide/C/vpn.xml:152(para)
1764
1773
msgid "Copy the following files to the client using a secure method:"
1765
1774
msgstr ""
1766
1775
1767
#: serverguide/C/vpn.xml:153(para)
1776
#: serverguide/C/vpn.xml:157(para)
1768
1777
msgid "/etc/openvpn/ca.crt"
1769
1778
msgstr ""
1770
1779
1771
#: serverguide/C/vpn.xml:154(para)
1780
#: serverguide/C/vpn.xml:158(para)
1772
1781
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1773
1782
msgstr ""
1774
1783
1775
#: serverguide/C/vpn.xml:155(para)
1784
#: serverguide/C/vpn.xml:159(para)
1776
1785
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1777
1786
msgstr ""
1778
1787
1779
#: serverguide/C/vpn.xml:158(para)
1788
#: serverguide/C/vpn.xml:162(para)
1780
1789
msgid ""
1781
1790
"As the client certificates and keys are only required on the client machine, "
1782
1791
"you should remove them from the server."
1783
1792
msgstr ""
1784
1793
1785
#: serverguide/C/vpn.xml:166(title)
1794
#: serverguide/C/vpn.xml:170(title)
1786
1795
msgid "Simple Server Configuration"
1787
1796
msgstr ""
1788
1797
1789
#: serverguide/C/vpn.xml:168(para)
1798
#: serverguide/C/vpn.xml:172(para)
1790
1799
msgid ""
1791
1800
"Along with your <application>OpenVPN</application> installation you got "
1792
1801
"these sample config files (and many more if if you check):"
1793
1802
msgstr ""
1794
1803
1795
#: serverguide/C/vpn.xml:172(programlisting)
1804
#: serverguide/C/vpn.xml:176(programlisting)
1796
1805
#, no-wrap
1797
1806
msgid ""
1798
1807
"\n"
1802
1811
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1803
1812
msgstr ""
1804
1813
1805
#: serverguide/C/vpn.xml:179(para)
1814
#: serverguide/C/vpn.xml:183(para)
1806
1815
msgid ""
1807
1816
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1808
1817
msgstr ""
1809
1818
1810
#: serverguide/C/vpn.xml:183(command)
1819
#: serverguide/C/vpn.xml:187(command)
1811
1820
msgid ""
1812
1821
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1813
1822
"/etc/openvpn/"
1814
1823
msgstr ""
1815
1824
1816
#: serverguide/C/vpn.xml:184(command)
1825
#: serverguide/C/vpn.xml:188(command)
1817
1826
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1818
1827
msgstr ""
1819
1828
1820
#: serverguide/C/vpn.xml:187(para)
1829
#: serverguide/C/vpn.xml:191(para)
1821
1830
msgid ""
1822
1831
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1823
1832
"following lines are pointing to the certificates and keys you created in the "
1855
1864
msgid "sudo sysctl -p /etc/sysctl.conf"
1856
1865
msgstr ""
1857
1866
1858
#: serverguide/C/vpn.xml:197(para)
1867
#: serverguide/C/vpn.xml:214(para)
1859
1868
msgid ""
1860
1869
"That is the minimum you have to configure to get a working OpenVPN server. "
1861
1870
"You can use all the default settings in the sample server.conf file. Now "
1871
1880
" * Autostarting VPN 'server' [ OK ]\n"
1872
1881
msgstr ""
1873
1882
1874
#: serverguide/C/vpn.xml:208(para)
1883
#: serverguide/C/vpn.xml:225(para)
1875
1884
msgid "Now check if OpenVPN created a tun0 interface:"
1876
1885
msgstr ""
1877
1886
1878
#: serverguide/C/vpn.xml:212(programlisting)
1887
#: serverguide/C/vpn.xml:229(programlisting)
1879
1888
#, no-wrap
1880
1889
msgid ""
1881
1890
"\n"
1887
1896
"[...]\n"
1888
1897
msgstr ""
1889
1898
1890
#: serverguide/C/vpn.xml:222(title)
1899
#: serverguide/C/vpn.xml:239(title)
1891
1900
msgid "Simple Client Configuration"
1892
1901
msgstr ""
1893
1902
1894
#: serverguide/C/vpn.xml:224(para)
1903
#: serverguide/C/vpn.xml:241(para)
1895
1904
msgid ""
1896
1905
"There are various different <application>OpenVPN</application> client "
1897
1906
"implementations with and without GUIs. You can read more about clients in a "
1900
1909
"install the openvpn package again on the client machine:"
1901
1910
msgstr ""
1902
1911
1903
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1912
#: serverguide/C/vpn.xml:248(command) serverguide/C/vpn.xml:616(command)
1904
1913
msgid "sudo apt-get install openvpn"
1905
1914
msgstr ""
1906
1915
1907
#: serverguide/C/vpn.xml:234(para)
1916
#: serverguide/C/vpn.xml:251(para)
1908
1917
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1909
1918
msgstr ""
1910
1919
1911
#: serverguide/C/vpn.xml:238(command)
1920
#: serverguide/C/vpn.xml:255(command)
1912
1921
msgid ""
1913
1922
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1914
1923
"/etc/openvpn/"
1915
1924
msgstr ""
1916
1925
1917
#: serverguide/C/vpn.xml:241(para)
1926
#: serverguide/C/vpn.xml:258(para)
1918
1927
msgid ""
1919
1928
"Copy the client keys and the certificate of the CA you created in the "
1920
1929
"section above to e.g. /etc/openvpn/ and edit "
1923
1932
"you can omit the path."
1924
1933
msgstr ""
1925
1934
1926
#: serverguide/C/vpn.xml:244(programlisting)
1935
#: serverguide/C/vpn.xml:261(programlisting) serverguide/C/vpn.xml:281(programlisting)
1927
1936
#, no-wrap
1928
1937
msgid ""
1929
1938
"\n"
1932
1941
"key client1.key\n"
1933
1942
msgstr ""
1934
1943
1935
#: serverguide/C/vpn.xml:250(para)
1944
#: serverguide/C/vpn.xml:267(para)
1936
1945
msgid ""
1937
1946
"And you have to at least specify the OpenVPN server name or address. Make "
1938
1947
"sure the keyword client is in the config. That's what enables client mode."
1939
1948
msgstr ""
1940
1949
1941
#: serverguide/C/vpn.xml:256(programlisting)
1950
#: serverguide/C/vpn.xml:273(programlisting)
1942
1951
#, no-wrap
1943
1952
msgid ""
1944
1953
"\n"
1951
1960
"Also, make sure you specify the keyfile names you copied from the server"
1952
1961
msgstr ""
1953
1962
1954
#: serverguide/C/vpn.xml:261(para)
1963
#: serverguide/C/vpn.xml:286(para)
1955
1964
msgid "Now start the OpenVPN client:"
1956
1965
msgstr ""
1957
1966
1964
1973
" * Autostarting VPN 'client' [ OK ] \n"
1965
1974
msgstr ""
1966
1975
1967
#: serverguide/C/vpn.xml:271(para)
1976
#: serverguide/C/vpn.xml:296(para)
1968
1977
msgid "Check if it created a tun0 interface:"
1969
1978
msgstr ""
1970
1979
1971
#: serverguide/C/vpn.xml:275(programlisting)
1980
#: serverguide/C/vpn.xml:300(programlisting)
1972
1981
#, no-wrap
1973
1982
msgid ""
1974
1983
"\n"
1979
1988
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
1980
1989
msgstr ""
1981
1990
1982
#: serverguide/C/vpn.xml:282(para)
1991
#: serverguide/C/vpn.xml:307(para)
1983
1992
msgid "Check if you can ping the OpenVPN server:"
1984
1993
msgstr ""
1985
1994
1986
#: serverguide/C/vpn.xml:285(programlisting)
1995
#: serverguide/C/vpn.xml:310(programlisting)
1987
1996
#, no-wrap
1988
1997
msgid ""
1989
1998
"\n"
1992
2001
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
1993
2002
msgstr ""
1994
2003
1995
#: serverguide/C/vpn.xml:292(para)
2004
#: serverguide/C/vpn.xml:317(para)
1996
2005
msgid ""
1997
2006
"The OpenVPN server always uses the first usable IP address in the client "
1998
2007
"network and only that IP is pingable. E.g. if you configured a /24 for the "
2000
2009
"in the ifconfig output above is usually not answering ping requests."
2001
2010
msgstr ""
2002
2011
2003
#: serverguide/C/vpn.xml:297(para)
2012
#: serverguide/C/vpn.xml:322(para)
2004
2013
msgid "Check out your routes:"
2005
2014
msgstr ""
2006
2015
2007
#: serverguide/C/vpn.xml:300(programlisting)
2016
#: serverguide/C/vpn.xml:325(programlisting)
2008
2017
#, no-wrap
2009
2018
msgid ""
2010
2019
"\n"
2022
2031
"eth0\n"
2023
2032
msgstr ""
2024
2033
2025
#: serverguide/C/vpn.xml:312(title)
2034
#: serverguide/C/vpn.xml:337(title)
2026
2035
msgid "First trouble shooting"
2027
2036
msgstr ""
2028
2037
2029
#: serverguide/C/vpn.xml:314(para)
2038
#: serverguide/C/vpn.xml:339(para)
2030
2039
msgid "If the above didn't work for you, check this:"
2031
2040
msgstr ""
2032
2041
2033
#: serverguide/C/vpn.xml:319(para)
2042
#: serverguide/C/vpn.xml:344(para)
2034
2043
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2035
2044
msgstr ""
2036
2045
2040
2049
"server.conf."
2041
2050
msgstr ""
2042
2051
2043
#: serverguide/C/vpn.xml:322(para)
2052
#: serverguide/C/vpn.xml:350(para)
2044
2053
msgid ""
2045
2054
"Can the client connect to the server machine? Maybe a firewall is blocking "
2046
2055
"access? Check syslog on server."
2047
2056
msgstr ""
2048
2057
2049
#: serverguide/C/vpn.xml:325(para)
2058
#: serverguide/C/vpn.xml:353(para)
2050
2059
msgid ""
2051
2060
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2052
2061
"port and proto config option"
2053
2062
msgstr ""
2054
2063
2055
#: serverguide/C/vpn.xml:328(para)
2064
#: serverguide/C/vpn.xml:356(para)
2056
2065
msgid ""
2057
2066
"Client and server must use same config regarding compression, see comp-lzo "
2058
2067
"config option"
2059
2068
msgstr ""
2060
2069
2061
#: serverguide/C/vpn.xml:331(para)
2070
#: serverguide/C/vpn.xml:359(para)
2062
2071
msgid ""
2063
2072
"Client and server must use same config regarding bridged vs routed mode, see "
2064
2073
"server vs server-bridge config option"
2065
2074
msgstr ""
2066
2075
2067
#: serverguide/C/databases.xml:168(title)
2076
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2068
2077
msgid "Advanced configuration"
2069
2078
msgstr ""
2070
2079
2071
#: serverguide/C/vpn.xml:342(title)
2080
#: serverguide/C/vpn.xml:369(title)
2072
2081
msgid "Advanced routed VPN configuration on server"
2073
2082
msgstr ""
2074
2083
2075
#: serverguide/C/vpn.xml:344(para)
2084
#: serverguide/C/vpn.xml:371(para)
2076
2085
msgid ""
2077
2086
"The above is a very simple working VPN. The client can access services on "
2078
2087
"the VPN server machine through an encrypted tunnel. If you want to reach "
2083
2092
"route to the VPN client-network."
2084
2093
msgstr ""
2085
2094
2086
#: serverguide/C/vpn.xml:348(para)
2095
#: serverguide/C/vpn.xml:375(para)
2087
2096
msgid ""
2088
2097
"Or you might push a default gateway to all the clients to send all their "
2089
2098
"internet traffic to the VPN gateway first and from there via the company "
2090
2099
"firewall into the internet. This section shows you some possible options."
2091
2100
msgstr ""
2092
2101
2093
#: serverguide/C/vpn.xml:352(para)
2102
#: serverguide/C/vpn.xml:379(para)
2094
2103
msgid ""
2095
2104
"Push routes to the client to allow it to reach other private subnets behind "
2096
2105
"the server. Remember that these private subnets will also need to know to "
2098
2107
"server."
2099
2108
msgstr ""
2100
2109
2101
#: serverguide/C/vpn.xml:361(programlisting)
2110
#: serverguide/C/vpn.xml:388(programlisting)
2102
2111
#, no-wrap
2103
2112
msgid ""
2104
2113
"\n"
2114
2123
"internet in order for this to work properly)."
2115
2124
msgstr ""
2116
2125
2117
#: serverguide/C/vpn.xml:374(programlisting)
2126
#: serverguide/C/vpn.xml:401(programlisting)
2118
2127
#, no-wrap
2119
2128
msgid ""
2120
2129
"\n"
2121
2130
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2122
2131
msgstr ""
2123
2132
2124
#: serverguide/C/vpn.xml:378(para)
2133
#: serverguide/C/vpn.xml:405(para)
2125
2134
msgid ""
2126
2135
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2127
2136
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2129
2138
"10.8.0.1. Comment this line out if you are ethernet bridging."
2130
2139
msgstr ""
2131
2140
2132
#: serverguide/C/vpn.xml:387(programlisting)
2141
#: serverguide/C/vpn.xml:414(programlisting)
2133
2142
#, no-wrap
2134
2143
msgid ""
2135
2144
"\n"
2136
2145
"server 10.8.0.0 255.255.255.0\n"
2137
2146
msgstr ""
2138
2147
2139
#: serverguide/C/vpn.xml:391(para)
2148
#: serverguide/C/vpn.xml:418(para)
2140
2149
msgid ""
2141
2150
"Maintain a record of client to virtual IP address associations in this file. "
2142
2151
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2143
2152
"the same virtual IP address from the pool that was previously assigned."
2144
2153
msgstr ""
2145
2154
2146
#: serverguide/C/vpn.xml:398(programlisting)
2155
#: serverguide/C/vpn.xml:425(programlisting)
2147
2156
#, no-wrap
2148
2157
msgid ""
2149
2158
"\n"
2150
2159
"ifconfig-pool-persist ipp.txt\n"
2151
2160
msgstr ""
2152
2161
2153
#: serverguide/C/vpn.xml:402(para)
2162
#: serverguide/C/vpn.xml:429(para)
2154
2163
msgid "Push DNS servers to the client."
2155
2164
msgstr ""
2156
2165
2157
#: serverguide/C/vpn.xml:405(programlisting)
2166
#: serverguide/C/vpn.xml:432(programlisting)
2158
2167
#, no-wrap
2159
2168
msgid ""
2160
2169
"\n"
2162
2171
"push \"dhcp-option DNS 10.1.0.2\"\n"
2163
2172
msgstr ""
2164
2173
2165
#: serverguide/C/vpn.xml:410(para)
2174
#: serverguide/C/vpn.xml:437(para)
2166
2175
msgid "Allow client to client communication."
2167
2176
msgstr ""
2168
2177
2169
#: serverguide/C/vpn.xml:413(programlisting)
2178
#: serverguide/C/vpn.xml:440(programlisting)
2170
2179
#, no-wrap
2171
2180
msgid ""
2172
2181
"\n"
2173
2182
"client-to-client\n"
2174
2183
msgstr ""
2175
2184
2176
#: serverguide/C/vpn.xml:417(para)
2185
#: serverguide/C/vpn.xml:444(para)
2177
2186
msgid "Enable compression on the VPN link."
2178
2187
msgstr ""
2179
2188
2180
#: serverguide/C/vpn.xml:420(programlisting)
2189
#: serverguide/C/vpn.xml:447(programlisting)
2181
2190
#, no-wrap
2182
2191
msgid ""
2183
2192
"\n"
2184
2193
"comp-lzo\n"
2185
2194
msgstr ""
2186
2195
2187
#: serverguide/C/vpn.xml:424(para)
2196
#: serverguide/C/vpn.xml:451(para)
2188
2197
msgid ""
2189
"The keepalive directive causes ping-like messages to be sent back and forth "
2190
"over the link so that each side knows when the other side has gone down. "
2191
"Ping every 1 second, assume that remote peer is down if no ping received "
2192
"during a 3 second time period."
2198
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2199
"sent back and forth over the link so that each side knows when the other "
2200
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2201
"no ping received during a 3 second time period."
2193
2202
msgstr ""
2194
2203
2195
#: serverguide/C/vpn.xml:433(programlisting)
2204
#: serverguide/C/vpn.xml:460(programlisting)
2196
2205
#, no-wrap
2197
2206
msgid ""
2198
2207
"\n"
2199
2208
"keepalive 1 3\n"
2200
2209
msgstr ""
2201
2210
2202
#: serverguide/C/vpn.xml:437(para)
2211
#: serverguide/C/vpn.xml:464(para)
2203
2212
msgid ""
2204
2213
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2205
2214
"initialization."
2206
2215
msgstr ""
2207
2216
2208
#: serverguide/C/vpn.xml:440(programlisting)
2217
#: serverguide/C/vpn.xml:467(programlisting)
2209
2218
#, no-wrap
2210
2219
msgid ""
2211
2220
"\n"
2213
2222
"group nogroup\n"
2214
2223
msgstr ""
2215
2224
2216
#: serverguide/C/vpn.xml:445(para)
2225
#: serverguide/C/vpn.xml:472(para)
2217
2226
msgid ""
2218
2227
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2219
2228
"obtain a username and password from a connecting client, and to use that "
2223
2232
"username/password, passing it on to the server over the secure TLS channel."
2224
2233
msgstr ""
2225
2234
2226
#: serverguide/C/vpn.xml:449(programlisting)
2235
#: serverguide/C/vpn.xml:476(programlisting)
2227
2236
#, no-wrap
2228
2237
msgid ""
2229
2238
"\n"
2231
2240
"auth-user-pass\n"
2232
2241
msgstr ""
2233
2242
2234
#: serverguide/C/vpn.xml:454(para)
2243
#: serverguide/C/vpn.xml:481(para)
2235
2244
msgid ""
2236
2245
"This will tell the OpenVPN server to validate the username/password entered "
2237
2246
"by clients using the login PAM module. Useful if you have centralized "
2245
2254
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2246
2255
msgstr ""
2247
2256
2248
#: serverguide/C/vpn.xml:463(para)
2257
#: serverguide/C/vpn.xml:490(para)
2249
2258
msgid ""
2250
2259
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2251
2260
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2252
2261
"for further security advice."
2253
2262
msgstr ""
2254
2263
2255
#: serverguide/C/vpn.xml:469(title)
2264
#: serverguide/C/vpn.xml:496(title)
2256
2265
msgid "Advanced bridged VPN configuration on server"
2257
2266
msgstr ""
2258
2267
2259
#: serverguide/C/vpn.xml:471(para)
2268
#: serverguide/C/vpn.xml:498(para)
2260
2269
msgid ""
2261
2270
"<application>OpenVPN</application> can be setup for either a routed or a "
2262
2271
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2268
2277
"be filtered."
2269
2278
msgstr ""
2270
2279
2271
#: serverguide/C/vpn.xml:477(title)
2280
#: serverguide/C/vpn.xml:504(title)
2272
2281
msgid "Prepare interface config for bridging on server"
2273
2282
msgstr ""
2274
2283
2275
#: serverguide/C/vpn.xml:479(para)
2284
#: serverguide/C/vpn.xml:506(para)
2276
2285
msgid "Make sure you have the bridge-utils package installed:"
2277
2286
msgstr ""
2278
2287
2279
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2288
#: serverguide/C/vpn.xml:510(command) serverguide/C/network-config.xml:542(command)
2280
2289
msgid "sudo apt-get install bridge-utils"
2281
2290
msgstr ""
2282
2291
2283
#: serverguide/C/vpn.xml:486(para)
2292
#: serverguide/C/vpn.xml:513(para)
2284
2293
msgid ""
2285
2294
"Before you setup OpenVPN in bridged mode you need to change your interface "
2286
2295
"configuration. Let's assume your server has an interface eth0 connected to "
2288
2297
"Your /etc/network/interfaces would like this:"
2289
2298
msgstr ""
2290
2299
2291
#: serverguide/C/vpn.xml:490(programlisting)
2300
#: serverguide/C/vpn.xml:517(programlisting)
2292
2301
#, no-wrap
2293
2302
msgid ""
2294
2303
"\n"
2304
2313
" netmask 255.255.255.0\n"
2305
2314
msgstr ""
2306
2315
2307
#: serverguide/C/vpn.xml:503(para)
2316
#: serverguide/C/vpn.xml:530(para)
2308
2317
msgid ""
2309
2318
"This straight forward interface config needs to be changed into a bridged "
2310
2319
"mode like where the config of interface eth1 moves to the new br0 interface. "
2313
2322
"interface to forward all ethernet frames to the IP stack."
2314
2323
msgstr ""
2315
2324
2316
#: serverguide/C/vpn.xml:507(programlisting)
2325
#: serverguide/C/vpn.xml:534(programlisting)
2317
2326
#, no-wrap
2318
2327
msgid ""
2319
2328
"\n"
2345
2354
msgid "sudo ifdown eth1 && sudo ifup -a"
2346
2355
msgstr ""
2347
2356
2348
#: serverguide/C/vpn.xml:534(title)
2357
#: serverguide/C/vpn.xml:561(title)
2349
2358
msgid "Prepare server config for bridging"
2350
2359
msgstr ""
2351
2360
2352
#: serverguide/C/vpn.xml:536(para)
2361
#: serverguide/C/vpn.xml:563(para)
2353
2362
msgid ""
2354
2363
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2355
2364
"options to:"
2356
2365
msgstr ""
2357
2366
2358
#: serverguide/C/vpn.xml:540(programlisting)
2367
#: serverguide/C/vpn.xml:567(programlisting)
2359
2368
#, no-wrap
2360
2369
msgid ""
2361
2370
"\n"
2366
2375
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2367
2376
msgstr ""
2368
2377
2369
#: serverguide/C/vpn.xml:548(para)
2378
#: serverguide/C/vpn.xml:575(para)
2370
2379
msgid ""
2371
2380
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2372
2381
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2373
2382
"<filename>/etc/openvpn/up.sh</filename>:"
2374
2383
msgstr ""
2375
2384
2376
#: serverguide/C/vpn.xml:552(programlisting)
2385
#: serverguide/C/vpn.xml:579(programlisting)
2377
2386
#, no-wrap
2378
2387
msgid ""
2379
2388
"\n"
2388
2397
"/sbin/brctl addif $BR $TAPDEV\n"
2389
2398
msgstr ""
2390
2399
2391
#: serverguide/C/vpn.xml:564(para)
2400
#: serverguide/C/vpn.xml:591(para)
2392
2401
msgid "Then make it executable:"
2393
2402
msgstr ""
2394
2403
2395
#: serverguide/C/vpn.xml:569(command)
2404
#: serverguide/C/vpn.xml:596(command)
2396
2405
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2397
2406
msgstr ""
2398
2407
2399
#: serverguide/C/vpn.xml:572(para)
2408
#: serverguide/C/vpn.xml:599(para)
2400
2409
msgid ""
2401
2410
"After configuring the server, restart <application>openvpn</application> by "
2402
2411
"entering:"
2406
2415
msgid "sudo service openvpn restart"
2407
2416
msgstr ""
2408
2417
2409
#: serverguide/C/vpn.xml:582(title)
2418
#: serverguide/C/vpn.xml:609(title)
2410
2419
msgid "Client Configuration"
2411
2420
msgstr ""
2412
2421
2413
#: serverguide/C/vpn.xml:584(para)
2422
#: serverguide/C/vpn.xml:611(para)
2414
2423
msgid "First, install <application>openvpn</application> on the client:"
2415
2424
msgstr ""
2416
2425
2417
#: serverguide/C/vpn.xml:592(para)
2426
#: serverguide/C/vpn.xml:619(para)
2418
2427
msgid ""
2419
2428
"Then with the server configured and the client certificates copied to the "
2420
2429
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2421
2430
"file by copying the example. In a terminal on the client machine enter:"
2422
2431
msgstr ""
2423
2432
2424
#: serverguide/C/vpn.xml:598(command)
2433
#: serverguide/C/vpn.xml:625(command)
2425
2434
msgid ""
2426
2435
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2427
2436
"/etc/openvpn"
2428
2437
msgstr ""
2429
2438
2430
#: serverguide/C/vpn.xml:601(para)
2439
#: serverguide/C/vpn.xml:628(para)
2431
2440
msgid ""
2432
2441
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2433
2442
"following options:"
2444
2453
"key client1.key\n"
2445
2454
msgstr ""
2446
2455
2447
#: serverguide/C/vpn.xml:610(para)
2456
#: serverguide/C/vpn.xml:640(para)
2448
2457
msgid "Finally, restart <application>openvpn</application>:"
2449
2458
msgstr ""
2450
2459
2451
#: serverguide/C/vpn.xml:618(para)
2460
#: serverguide/C/vpn.xml:648(para)
2452
2461
msgid "You should now be able to connect to the remote LAN through the VPN."
2453
2462
msgstr ""
2454
2463
2455
#: serverguide/C/vpn.xml:627(title)
2464
#: serverguide/C/vpn.xml:657(title)
2456
2465
msgid "Client software implementations"
2457
2466
msgstr ""
2458
2467
2459
#: serverguide/C/vpn.xml:630(title)
2468
#: serverguide/C/vpn.xml:660(title)
2460
2469
msgid "Linux Network-Manager GUI for OpenVPN"
2461
2470
msgstr ""
2462
2471
2463
#: serverguide/C/vpn.xml:632(para)
2472
#: serverguide/C/vpn.xml:662(para)
2464
2473
msgid ""
2465
2474
"Many Linux distributions including Ubuntu desktop variants come with Network "
2466
2475
"Manager, a nice GUI to configure your network settings. It also can manage "
2469
2478
"packages as well:"
2470
2479
msgstr ""
2471
2480
2472
#: serverguide/C/vpn.xml:637(programlisting)
2481
#: serverguide/C/vpn.xml:667(programlisting)
2473
2482
#, no-wrap
2474
2483
msgid ""
2475
2484
"\n"
2490
2499
"Do you want to continue [Y/n]? \n"
2491
2500
msgstr ""
2492
2501
2493
#: serverguide/C/vpn.xml:655(para)
2502
#: serverguide/C/vpn.xml:685(para)
2494
2503
msgid ""
2495
2504
"To inform network-manager about the new installed packages you will have to "
2496
2505
"restart it:"
2497
2506
msgstr ""
2498
2507
2499
#: serverguide/C/vpn.xml:659(programlisting)
2508
#: serverguide/C/vpn.xml:689(programlisting)
2500
2509
#, no-wrap
2501
2510
msgid ""
2502
2511
"\n"
2516
2525
"to establish your VPN."
2517
2526
msgstr ""
2518
2527
2519
#: serverguide/C/vpn.xml:676(title)
2528
#: serverguide/C/vpn.xml:706(title)
2520
2529
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2521
2530
msgstr ""
2522
2531
2523
#: serverguide/C/vpn.xml:678(para)
2532
#: serverguide/C/vpn.xml:708(para)
2524
2533
msgid ""
2525
2534
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2526
2535
"OpenVPN for OS X. The project's homepage is at <ulink "
2532
2541
"Application folder."
2533
2542
msgstr ""
2534
2543
2535
#: serverguide/C/vpn.xml:684(programlisting)
2544
#: serverguide/C/vpn.xml:714(programlisting)
2536
2545
#, no-wrap
2537
2546
msgid ""
2538
2547
"\n"
2555
2564
"key client.key\n"
2556
2565
msgstr ""
2557
2566
2558
#: serverguide/C/vpn.xml:706(title)
2567
#: serverguide/C/vpn.xml:736(title)
2559
2568
msgid "OpenVPN with GUI for Win 7"
2560
2569
msgstr ""
2561
2570
2568
2577
"binary installer."
2569
2578
msgstr ""
2570
2579
2571
#: serverguide/C/vpn.xml:714(para)
2580
#: serverguide/C/vpn.xml:743(para)
2572
2581
msgid ""
2573
2582
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2574
2583
"> Services and Applications > Services. Find the OpenVPN service and "
2577
2586
"click on it and you will see that option."
2578
2587
msgstr ""
2579
2588
2580
#: serverguide/C/vpn.xml:718(para)
2589
#: serverguide/C/vpn.xml:747(para)
2581
2590
msgid ""
2582
2591
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2583
2592
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2635
2644
msgid "You may want to set the Windows service to \"automatic\"."
2636
2645
msgstr ""
2637
2646
2638
#: serverguide/C/vpn.xml:747(title)
2647
#: serverguide/C/vpn.xml:790(title)
2639
2648
msgid "OpenVPN for OpenWRT"
2640
2649
msgstr ""
2641
2650
2642
#: serverguide/C/vpn.xml:749(para)
2651
#: serverguide/C/vpn.xml:792(para)
2643
2652
msgid ""
2644
2653
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2645
2654
"router. There are certain types of WLAN routers who can be flashed to run "
2652
2661
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2653
2662
msgstr ""
2654
2663
2655
#: serverguide/C/vpn.xml:758(para)
2664
#: serverguide/C/vpn.xml:801(para)
2656
2665
msgid "Log into your OpenWRT router and install OpenVPN:"
2657
2666
msgstr ""
2658
2667
2659
#: serverguide/C/vpn.xml:763(command)
2668
#: serverguide/C/vpn.xml:806(command)
2660
2669
msgid "opkg update"
2661
2670
msgstr ""
2662
2671
2663
#: serverguide/C/vpn.xml:764(command)
2672
#: serverguide/C/vpn.xml:807(command)
2664
2673
msgid "opkg install openvpn"
2665
2674
msgstr ""
2666
2675
2670
2679
"certificates and keys to /etc/openvpn/"
2671
2680
msgstr ""
2672
2681
2673
#: serverguide/C/vpn.xml:772(programlisting)
2682
#: serverguide/C/vpn.xml:815(programlisting)
2674
2683
#, no-wrap
2675
2684
msgid ""
2676
2685
"\n"
2686
2695
" option comp_lzo 1 \n"
2687
2696
msgstr ""
2688
2697
2689
#: serverguide/C/vpn.xml:785(para)
2698
#: serverguide/C/vpn.xml:828(para)
2690
2699
msgid "Restart OpenVPN:"
2691
2700
msgstr ""
2692
2701
2694
2703
msgid "service openvpn restart"
2695
2704
msgstr ""
2696
2705
2697
#: serverguide/C/vpn.xml:793(para)
2706
#: serverguide/C/vpn.xml:836(para)
2698
2707
msgid ""
2699
2708
"You will have to see if you need to adjust your router's routing and "
2700
2709
"firewall rules."
2701
2710
msgstr ""
2702
2711
2703
#: serverguide/C/vpn.xml:803(para)
2712
#: serverguide/C/vpn.xml:846(para)
2704
2713
msgid ""
2705
2714
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2706
2715
"additional information."
2707
2716
msgstr ""
2708
2717
2709
#: serverguide/C/vpn.xml:809(ulink)
2718
#: serverguide/C/vpn.xml:852(ulink)
2710
2719
msgid "OpenVPN hardening security guide"
2711
2720
msgstr ""
2712
2721
2713
#: serverguide/C/vpn.xml:813(para)
2722
#: serverguide/C/vpn.xml:856(para)
2714
2723
msgid ""
2715
2724
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2716
2725
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2720
2729
msgid "Virtualization"
2721
2730
msgstr ""
2722
2731
2723
#: serverguide/C/virtualization.xml:12(para)
2732
#: serverguide/C/virtualization.xml:13(para)
2724
2733
msgid ""
2725
2734
"Virtualization is being adopted in many different environments and "
2726
2735
"situations. If you are a developer, virtualization can provide you with a "
2730
2739
"services and move them around based on demand."
2731
2740
msgstr ""
2732
2741
2733
#: serverguide/C/virtualization.xml:18(para)
2742
#: serverguide/C/virtualization.xml:20(para)
2734
2743
msgid ""
2735
2744
"The default virtualization technology supported in Ubuntu is "
2736
2745
"<application>KVM</application>. KVM requires virtualization extensions built "
2741
2750
"hardware without virtualization extensions."
2742
2751
msgstr ""
2743
2752
2744
#: serverguide/C/virtualization.xml:26(title)
2753
#: serverguide/C/virtualization.xml:29(title)
2745
2754
msgid "libvirt"
2746
2755
msgstr ""
2747
2756
2748
#: serverguide/C/virtualization.xml:27(para)
2757
#: serverguide/C/virtualization.xml:31(para)
2749
2758
msgid ""
2750
2759
"The <application>libvirt</application> library is used to interface with "
2751
2760
"different virtualization technologies. Before getting started with "
2754
2763
"<application>KVM</application>. Enter the following from a terminal prompt:"
2755
2764
msgstr ""
2756
2765
2757
#: serverguide/C/virtualization.xml:34(command)
2766
#: serverguide/C/virtualization.xml:39(command)
2758
2767
msgid "kvm-ok"
2759
2768
msgstr ""
2760
2769
2761
#: serverguide/C/virtualization.xml:36(para)
2770
#: serverguide/C/virtualization.xml:42(para)
2762
2771
msgid ""
2763
2772
"A message will be printed informing you if your CPU "
2764
2773
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2772
2781
"it."
2773
2782
msgstr ""
2774
2783
2775
#: serverguide/C/virtualization.xml:46(title)
2784
#: serverguide/C/virtualization.xml:53(title)
2776
2785
msgid "Virtual Networking"
2777
2786
msgstr ""
2778
2787
2794
2803
"to the rest of the network."
2795
2804
msgstr ""
2796
2805
2797
#: serverguide/C/virtualization.xml:62(para)
2806
#: serverguide/C/virtualization.xml:72(para)
2798
2807
msgid "To install the necessary packages, from a terminal prompt enter:"
2799
2808
msgstr ""
2800
2809
2802
2811
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2803
2812
msgstr ""
2804
2813
2805
#: serverguide/C/virtualization.xml:68(para)
2814
#: serverguide/C/virtualization.xml:79(para)
2806
2815
msgid ""
2807
2816
"After installing <application>libvirt-bin</application>, the user used to "
2808
2817
"manage virtual machines will need to be added to the "
2810
2819
"the advanced networking options."
2811
2820
msgstr ""
2812
2821
2813
#: serverguide/C/virtualization.xml:72(para)
2822
#: serverguide/C/virtualization.xml:84(para)
2814
2823
msgid "In a terminal enter:"
2815
2824
msgstr ""
2816
2825
2817
#: serverguide/C/virtualization.xml:76(command)
2826
#: serverguide/C/virtualization.xml:87(command)
2818
2827
msgid "sudo adduser $USER libvirtd"
2819
2828
msgstr ""
2820
2829
2821
#: serverguide/C/virtualization.xml:79(para)
2830
#: serverguide/C/virtualization.xml:91(para)
2822
2831
msgid ""
2823
2832
"If the user chosen is the current user, you will need to log out and back in "
2824
2833
"for the new group membership to take effect."
2825
2834
msgstr ""
2826
2835
2827
#: serverguide/C/virtualization.xml:83(para)
2836
#: serverguide/C/virtualization.xml:95(para)
2828
2837
msgid ""
2829
2838
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2830
2839
"Installing a virtual machine follows the same process as installing the "
2833
2842
"physical machine."
2834
2843
msgstr ""
2835
2844
2836
#: serverguide/C/virtualization.xml:88(para)
2845
#: serverguide/C/virtualization.xml:101(para)
2837
2846
msgid ""
2838
2847
"In the case of virtual machines a Graphical User Interface (GUI) is "
2839
2848
"analogous to using a physical keyboard and mouse. Instead of installing a "
2853
2862
#: serverguide/C/virtualization.xml:113(para)
2854
2863
msgid ""
2855
2864
"Yet another way to install an Ubuntu virtual machine is to use "
2856
"<application>uvtool</application>. This application, available as of 14.04 "
2865
"<application>uvtool</application>. This application, available as of 14.04, "
2857
2866
"allows you to set up specific VM options, execute custom post-install "
2858
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2867
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2859
2868
msgstr ""
2860
2869
2861
#: serverguide/C/virtualization.xml:101(para)
2870
#: serverguide/C/virtualization.xml:119(para)
2862
2871
msgid ""
2863
2872
"Libvirt can also be configured work with <application>Xen</application>. For "
2864
2873
"details, see the Xen Ubuntu community page referenced below."
2865
2874
msgstr ""
2866
2875
2867
#: serverguide/C/virtualization.xml:106(title)
2876
#: serverguide/C/virtualization.xml:125(title)
2868
2877
msgid "virt-install"
2869
2878
msgstr ""
2870
2879
2871
#: serverguide/C/virtualization.xml:107(para)
2880
#: serverguide/C/virtualization.xml:127(para)
2872
2881
msgid ""
2873
2882
"<application>virt-install</application> is part of the "
2874
2883
"<application>virtinst</application> package. To install it, from a terminal "
2875
2884
"prompt enter:"
2876
2885
msgstr ""
2877
2886
2878
#: serverguide/C/virtualization.xml:111(command)
2887
#: serverguide/C/virtualization.xml:132(command)
2879
2888
msgid "sudo apt-get install virtinst"
2880
2889
msgstr ""
2881
2890
2882
#: serverguide/C/virtualization.xml:113(para)
2891
#: serverguide/C/virtualization.xml:135(para)
2883
2892
msgid ""
2884
2893
"There are several options available when using <application>virt-"
2885
2894
"install</application>. For example:"
2893
2902
"vnc,listen=0.0.0.0 --noautoconsole -v"
2894
2903
msgstr ""
2895
2904
2896
#: serverguide/C/virtualization.xml:124(para)
2905
#: serverguide/C/virtualization.xml:147(para)
2897
2906
msgid ""
2898
2907
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2899
2908
"be <emphasis>web_devel</emphasis> in this example."
2900
2909
msgstr ""
2901
2910
2902
#: serverguide/C/virtualization.xml:129(para)
2911
#: serverguide/C/virtualization.xml:153(para)
2903
2912
msgid ""
2904
2913
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2905
2914
"machine will use in megabytes."
2906
2915
msgstr ""
2907
2916
2908
#: serverguide/C/virtualization.xml:134(para)
2917
#: serverguide/C/virtualization.xml:158(para)
2909
2918
msgid ""
2910
2919
"<emphasis>--disk "
2911
2920
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2922
2931
"CDROM device."
2923
2932
msgstr ""
2924
2933
2925
#: serverguide/C/virtualization.xml:152(para)
2934
#: serverguide/C/virtualization.xml:174(para)
2926
2935
msgid ""
2927
2936
"<emphasis>--network</emphasis> provides details related to the VM's network "
2928
2937
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2937
2946
"connect via VNC to complete the installation."
2938
2947
msgstr ""
2939
2948
2940
#: serverguide/C/virtualization.xml:163(para)
2949
#: serverguide/C/virtualization.xml:189(para)
2941
2950
msgid ""
2942
2951
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2943
2952
"virtual machine's console."
2944
2953
msgstr ""
2945
2954
2946
#: serverguide/C/virtualization.xml:168(para)
2955
#: serverguide/C/virtualization.xml:194(para)
2947
2956
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2948
2957
msgstr ""
2949
2958
2951
2960
msgid ""
2952
2961
"After launching <application>virt-install</application> you can connect to "
2953
2962
"the virtual machine's console either locally using a GUI (if your server has "
2954
"a GUI), or via a remote VNC client from a GUI based computer."
2963
"a GUI), or via a remote VNC client from a GUI-based computer."
2955
2964
msgstr ""
2956
2965
2957
#: serverguide/C/virtualization.xml:179(title)
2966
#: serverguide/C/virtualization.xml:206(title)
2958
2967
msgid "virt-clone"
2959
2968
msgstr ""
2960
2969
2961
#: serverguide/C/virtualization.xml:180(para)
2970
#: serverguide/C/virtualization.xml:208(para)
2962
2971
msgid ""
2963
2972
"The <application>virt-clone</application> application can be used to copy "
2964
2973
"one virtual machine to another. For example:"
2965
2974
msgstr ""
2966
2975
2967
#: serverguide/C/virtualization.xml:184(command)
2976
#: serverguide/C/virtualization.xml:212(command)
2968
2977
msgid ""
2969
2978
"sudo virt-clone -o web_devel -n database_devel -f "
2970
2979
"/path/to/database_devel.img \\ --connect=qemu:///system"
2971
2980
msgstr ""
2972
2981
2973
#: serverguide/C/virtualization.xml:189(para)
2982
#: serverguide/C/virtualization.xml:218(para)
2974
2983
msgid "<emphasis>-o:</emphasis> original virtual machine."
2975
2984
msgstr ""
2976
2985
2977
#: serverguide/C/virtualization.xml:194(para)
2986
#: serverguide/C/virtualization.xml:222(para)
2978
2987
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2979
2988
msgstr ""
2980
2989
2981
#: serverguide/C/virtualization.xml:199(para)
2990
#: serverguide/C/virtualization.xml:227(para)
2982
2991
msgid ""
2983
2992
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2984
2993
"be used by the new virtual machine."
2985
2994
msgstr ""
2986
2995
2987
#: serverguide/C/virtualization.xml:204(para)
2996
#: serverguide/C/virtualization.xml:232(para)
2988
2997
msgid ""
2989
2998
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2990
2999
msgstr ""
2991
3000
2992
#: serverguide/C/virtualization.xml:209(para)
3001
#: serverguide/C/virtualization.xml:237(para)
2993
3002
msgid ""
2994
3003
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2995
3004
"help troubleshoot problems with <application>virt-clone</application>."
2996
3005
msgstr ""
2997
3006
2998
#: serverguide/C/virtualization.xml:214(para)
3007
#: serverguide/C/virtualization.xml:242(para)
2999
3008
msgid ""
3000
3009
"Replace <emphasis>web_devel</emphasis> and "
3001
3010
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3002
3011
msgstr ""
3003
3012
3004
#: serverguide/C/virtualization.xml:220(title)
3013
#: serverguide/C/virtualization.xml:249(title)
3005
3014
msgid "Virtual Machine Management"
3006
3015
msgstr ""
3007
3016
3008
#: serverguide/C/virtualization.xml:222(title)
3017
#: serverguide/C/virtualization.xml:252(title)
3009
3018
msgid "virsh"
3010
3019
msgstr ""
3011
3020
3012
#: serverguide/C/virtualization.xml:223(para)
3021
#: serverguide/C/virtualization.xml:254(para)
3013
3022
msgid ""
3014
3023
"There are several utilities available to manage virtual machines and "
3015
3024
"<application>libvirt</application>. The <application>virsh</application> "
3016
3025
"utility can be used from the command line. Some examples:"
3017
3026
msgstr ""
3018
3027
3019
#: serverguide/C/virtualization.xml:229(para)
3028
#: serverguide/C/virtualization.xml:261(para)
3020
3029
msgid "To list running virtual machines:"
3021
3030
msgstr ""
3022
3031
3023
#: serverguide/C/virtualization.xml:233(command)
3032
#: serverguide/C/virtualization.xml:264(command)
3024
3033
msgid "virsh -c qemu:///system list"
3025
3034
msgstr ""
3026
3035
3027
#: serverguide/C/virtualization.xml:237(para)
3036
#: serverguide/C/virtualization.xml:269(para)
3028
3037
msgid "To start a virtual machine:"
3029
3038
msgstr ""
3030
3039
3031
#: serverguide/C/virtualization.xml:241(command)
3040
#: serverguide/C/virtualization.xml:272(command)
3032
3041
msgid "virsh -c qemu:///system start web_devel"
3033
3042
msgstr ""
3034
3043
3035
#: serverguide/C/virtualization.xml:245(para)
3044
#: serverguide/C/virtualization.xml:277(para)
3036
3045
msgid "Similarly, to start a virtual machine at boot:"
3037
3046
msgstr ""
3038
3047
3039
#: serverguide/C/virtualization.xml:249(command)
3048
#: serverguide/C/virtualization.xml:280(command)
3040
3049
msgid "virsh -c qemu:///system autostart web_devel"
3041
3050
msgstr ""
3042
3051
3043
#: serverguide/C/virtualization.xml:253(para)
3052
#: serverguide/C/virtualization.xml:285(para)
3044
3053
msgid "Reboot a virtual machine with:"
3045
3054
msgstr ""
3046
3055
3047
#: serverguide/C/virtualization.xml:257(command)
3056
#: serverguide/C/virtualization.xml:288(command)
3048
3057
msgid "virsh -c qemu:///system reboot web_devel"
3049
3058
msgstr ""
3050
3059
3051
#: serverguide/C/virtualization.xml:261(para)
3060
#: serverguide/C/virtualization.xml:293(para)
3052
3061
msgid ""
3053
3062
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3054
3063
"order to be restored later. The following will save the virtual machine "
3055
3064
"state into a file named according to the date:"
3056
3065
msgstr ""
3057
3066
3058
#: serverguide/C/virtualization.xml:266(command)
3067
#: serverguide/C/virtualization.xml:299(command)
3059
3068
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3060
3069
msgstr ""
3061
3070
3062
#: serverguide/C/virtualization.xml:268(para)
3071
#: serverguide/C/virtualization.xml:302(para)
3063
3072
msgid "Once saved the virtual machine will no longer be running."
3064
3073
msgstr ""
3065
3074
3066
#: serverguide/C/virtualization.xml:273(para)
3075
#: serverguide/C/virtualization.xml:307(para)
3067
3076
msgid "A saved virtual machine can be restored using:"
3068
3077
msgstr ""
3069
3078
3070
#: serverguide/C/virtualization.xml:277(command)
3079
#: serverguide/C/virtualization.xml:310(command)
3071
3080
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3072
3081
msgstr ""
3073
3082
3074
#: serverguide/C/virtualization.xml:281(para)
3083
#: serverguide/C/virtualization.xml:315(para)
3075
3084
msgid "To shutdown a virtual machine do:"
3076
3085
msgstr ""
3077
3086
3078
#: serverguide/C/virtualization.xml:285(command)
3087
#: serverguide/C/virtualization.xml:318(command)
3079
3088
msgid "virsh -c qemu:///system shutdown web_devel"
3080
3089
msgstr ""
3081
3090
3082
#: serverguide/C/virtualization.xml:289(para)
3091
#: serverguide/C/virtualization.xml:323(para)
3083
3092
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3084
3093
msgstr ""
3085
3094
3086
#: serverguide/C/virtualization.xml:293(command)
3095
#: serverguide/C/virtualization.xml:327(command)
3087
3096
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3088
3097
msgstr ""
3089
3098
3090
#: serverguide/C/virtualization.xml:298(para)
3099
#: serverguide/C/virtualization.xml:333(para)
3091
3100
msgid ""
3092
3101
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3093
3102
"appropriate virtual machine name, and <filename>web_devel-"
3094
3103
"022708.state</filename> with a descriptive file name."
3095
3104
msgstr ""
3096
3105
3097
#: serverguide/C/virtualization.xml:305(title)
3106
#: serverguide/C/virtualization.xml:341(title)
3098
3107
msgid "Virtual Machine Manager"
3099
3108
msgstr ""
3100
3109
3101
#: serverguide/C/virtualization.xml:306(para)
3110
#: serverguide/C/virtualization.xml:343(para)
3102
3111
msgid ""
3103
3112
"The <application>virt-manager</application> package contains a graphical "
3104
3113
"utility to manage local and remote virtual machines. To install virt-manager "
3105
3114
"enter:"
3106
3115
msgstr ""
3107
3116
3108
#: serverguide/C/virtualization.xml:311(command)
3117
#: serverguide/C/virtualization.xml:348(command)
3109
3118
msgid "sudo apt-get install virt-manager"
3110
3119
msgstr ""
3111
3120
3112
#: serverguide/C/virtualization.xml:313(para)
3121
#: serverguide/C/virtualization.xml:351(para)
3113
3122
msgid ""
3114
3123
"Since <application>virt-manager</application> requires a Graphical User "
3115
3124
"Interface (GUI) environment it is recommended to be installed on a "
3117
3126
"the local <application>libvirt</application> service enter:"
3118
3127
msgstr ""
3119
3128
3120
#: serverguide/C/virtualization.xml:319(command)
3129
#: serverguide/C/virtualization.xml:358(command)
3121
3130
msgid "virt-manager -c qemu:///system"
3122
3131
msgstr ""
3123
3132
3124
#: serverguide/C/virtualization.xml:321(para)
3133
#: serverguide/C/virtualization.xml:361(para)
3125
3134
msgid ""
3126
3135
"You can connect to the <application>libvirt</application> service running on "
3127
3136
"another host by entering the following in a terminal prompt:"
3128
3137
msgstr ""
3129
3138
3130
#: serverguide/C/virtualization.xml:325(command)
3139
#: serverguide/C/virtualization.xml:366(command)
3131
3140
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3132
3141
msgstr ""
3133
3142
3134
#: serverguide/C/virtualization.xml:328(para)
3143
#: serverguide/C/virtualization.xml:370(para)
3135
3144
msgid ""
3136
3145
"The above example assumes that <application>SSH</application> connectivity "
3137
3146
"between the management system and virtnode1.mydomain.com has already been "
3142
3151
"linkend=\"openssh-server\"/>"
3143
3152
msgstr ""
3144
3153
3145
#: serverguide/C/virtualization.xml:338(title)
3154
#: serverguide/C/virtualization.xml:383(title)
3146
3155
msgid "Virtual Machine Viewer"
3147
3156
msgstr ""
3148
3157
3149
#: serverguide/C/virtualization.xml:339(para)
3158
#: serverguide/C/virtualization.xml:385(para)
3150
3159
msgid ""
3151
3160
"The <application>virt-viewer</application> application allows you to connect "
3152
3161
"to a virtual machine's console. <application>virt-viewer</application> does "
3154
3163
"machine."
3155
3164
msgstr ""
3156
3165
3157
#: serverguide/C/virtualization.xml:343(para)
3166
#: serverguide/C/virtualization.xml:390(para)
3158
3167
msgid ""
3159
3168
"To install <application>virt-viewer</application> from a terminal enter:"
3160
3169
msgstr ""
3161
3170
3162
#: serverguide/C/virtualization.xml:347(command)
3171
#: serverguide/C/virtualization.xml:394(command)
3163
3172
msgid "sudo apt-get install virt-viewer"
3164
3173
msgstr ""
3165
3174
3166
#: serverguide/C/virtualization.xml:349(para)
3175
#: serverguide/C/virtualization.xml:397(para)
3167
3176
msgid ""
3168
3177
"Once a virtual machine is installed and running you can connect to the "
3169
3178
"virtual machine's console by using:"
3170
3179
msgstr ""
3171
3180
3172
#: serverguide/C/virtualization.xml:353(command)
3181
#: serverguide/C/virtualization.xml:401(command)
3173
3182
msgid "virt-viewer -c qemu:///system web_devel"
3174
3183
msgstr ""
3175
3184
3176
#: serverguide/C/virtualization.xml:355(para)
3185
#: serverguide/C/virtualization.xml:404(para)
3177
3186
msgid ""
3178
3187
"Similar to <application>virt-manager</application>, <application>virt-"
3179
3188
"viewer</application> can connect to a remote host using "
3180
3189
"<emphasis>SSH</emphasis> with key authentication, as well:"
3181
3190
msgstr ""
3182
3191
3183
#: serverguide/C/virtualization.xml:360(command)
3192
#: serverguide/C/virtualization.xml:409(command)
3184
3193
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3185
3194
msgstr ""
3186
3195
3187
#: serverguide/C/virtualization.xml:362(para)
3196
#: serverguide/C/virtualization.xml:412(para)
3188
3197
msgid ""
3189
3198
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3190
3199
"appropriate virtual machine name."
3196
3205
"can also setup <application>SSH</application> access to the virtual machine."
3197
3206
msgstr ""
3198
3207
3199
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3208
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:659(title) serverguide/C/virtualization.xml:730(title) serverguide/C/virtualization.xml:1784(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2674(title) serverguide/C/network-auth.xml:3390(title) serverguide/C/network-auth.xml:3943(title) serverguide/C/network-auth.xml:4179(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1149(title) serverguide/C/installation.xml:1434(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3200
3209
msgid "Resources"
3201
3210
msgstr ""
3202
3211
3206
3215
"more details."
3207
3216
msgstr ""
3208
3217
3209
#: serverguide/C/virtualization.xml:379(para)
3218
#: serverguide/C/virtualization.xml:430(para)
3210
3219
msgid ""
3211
3220
"For more information on <application>libvirt</application> see the <ulink "
3212
3221
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3213
3222
msgstr ""
3214
3223
3215
#: serverguide/C/virtualization.xml:384(para)
3224
#: serverguide/C/virtualization.xml:436(para)
3216
3225
msgid ""
3217
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3218
"Manager</ulink> site has more information on <application>virt-"
3219
"manager</application> development."
3226
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3227
"site has more information on <application>virt-manager</application> "
3228
"development."
3220
3229
msgstr ""
3221
3230
3222
#: serverguide/C/virtualization.xml:390(para)
3231
#: serverguide/C/virtualization.xml:442(para)
3223
3232
msgid ""
3224
3233
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3225
3234
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3226
3235
"technology in Ubuntu."
3227
3236
msgstr ""
3228
3237
3229
#: serverguide/C/virtualization.xml:396(para)
3238
#: serverguide/C/virtualization.xml:448(para)
3230
3239
msgid ""
3231
3240
"Another good resource is the <ulink "
3232
3241
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3233
3242
msgstr ""
3234
3243
3235
#: serverguide/C/virtualization.xml:401(para)
3244
#: serverguide/C/virtualization.xml:454(para)
3236
3245
msgid ""
3237
3246
"For information on Xen, including using Xen with libvirt, please see the "
3238
3247
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3243
3252
msgid "Cloud images and uvtool"
3244
3253
msgstr ""
3245
3254
3246
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3255
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3247
3256
msgid "Introduction"
3248
3257
msgstr "Въведение"
3249
3258
3250
3259
#: serverguide/C/virtualization.xml:469(para)
3251
3260
msgid ""
3252
"With Ubuntu being one of the most used operating systems on most of the "
3253
"cloud platforms, the availability of stable and secure cloud images has "
3254
"become very important. As of 12.04 the utilization of cloud images outside "
3255
"of a cloud infrastructure has been improved. It is now possible to use those "
3261
"With Ubuntu being one of the most used operating systems on many cloud "
3262
"platforms, the availability of stable and secure cloud images has become "
3263
"very important. As of 12.04 the utilization of cloud images outside of a "
3264
"cloud infrastructure has been improved. It is now possible to use those "
3256
3265
"images to create a virtual machine without the need of a complete "
3257
3266
"installation."
3258
3267
msgstr ""
3259
3268
3260
#: serverguide/C/virtualization.xml:478(title)
3269
#: serverguide/C/virtualization.xml:477(title)
3261
3270
msgid "Creating virtual machines using uvtool"
3262
3271
msgstr ""
3263
3272
3264
#: serverguide/C/virtualization.xml:480(para)
3273
#: serverguide/C/virtualization.xml:479(para)
3265
3274
msgid ""
3266
3275
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3267
3276
"of generating virtual machines (VM) using the cloud images. "
3269
3278
"synchronize cloud-images locally and use them to create new VMs in minutes."
3270
3279
msgstr ""
3271
3280
3272
#: serverguide/C/virtualization.xml:487(title)
3281
#: serverguide/C/virtualization.xml:486(title)
3273
3282
msgid "Uvtool packages"
3274
3283
msgstr ""
3275
3284
3276
#: serverguide/C/virtualization.xml:489(para)
3285
#: serverguide/C/virtualization.xml:488(para)
3277
3286
msgid ""
3278
"The following packages and their dependancies will be required in order to "
3287
"The following packages and their dependencies will be required in order to "
3279
3288
"use uvtool:"
3280
3289
msgstr ""
3281
3290
3282
#: serverguide/C/virtualization.xml:496(para)
3291
#: serverguide/C/virtualization.xml:495(para)
3283
3292
msgid "uvtool"
3284
3293
msgstr ""
3285
3294
3286
#: serverguide/C/virtualization.xml:500(para)
3295
#: serverguide/C/virtualization.xml:499(para)
3287
3296
msgid "uvtool-libvirt"
3288
3297
msgstr ""
3289
3298
3290
#: serverguide/C/virtualization.xml:505(para)
3291
msgid ""
3292
"Installation of <application>uvtool</application> is done the same as for "
3293
"any other application by using apt-get:"
3299
#: serverguide/C/virtualization.xml:504(para)
3300
msgid "To install <application>uvtool</application>, run:"
3294
3301
msgstr ""
3295
3302
3296
#: serverguide/C/virtualization.xml:507(programlisting)
3303
#: serverguide/C/virtualization.xml:505(programlisting)
3297
3304
#, no-wrap
3298
3305
msgid "$ apt-get -y install uvtool"
3299
3306
msgstr ""
3300
3307
3301
#: serverguide/C/virtualization.xml:509(para)
3308
#: serverguide/C/virtualization.xml:507(para)
3302
3309
msgid "This will install uvtool's main commands:"
3303
3310
msgstr ""
3304
3311
3305
#: serverguide/C/virtualization.xml:511(application)
3312
#: serverguide/C/virtualization.xml:509(application)
3306
3313
msgid "uvt-simplestreams-libvirt"
3307
3314
msgstr ""
3308
3315
3309
#: serverguide/C/virtualization.xml:512(application)
3316
#: serverguide/C/virtualization.xml:510(application)
3310
3317
msgid "uvt-kvm"
3311
3318
msgstr ""
3312
3319
3313
#: serverguide/C/virtualization.xml:517(title)
3320
#: serverguide/C/virtualization.xml:515(title)
3314
3321
msgid ""
3315
3322
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3316
3323
"libvirt</application>"
3317
3324
msgstr ""
3318
3325
3319
#: serverguide/C/virtualization.xml:519(para)
3326
#: serverguide/C/virtualization.xml:517(para)
3320
3327
msgid ""
3321
3328
"This is one of the major simplifications that "
3322
3329
"<application>uvtool</application> brings. It is aware of where to find the "
3325
3332
"architecture, the uvtool command would be:"
3326
3333
msgstr ""
3327
3334
3328
#: serverguide/C/virtualization.xml:524(programlisting)
3335
#: serverguide/C/virtualization.xml:522(programlisting)
3329
3336
#, no-wrap
3330
3337
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3331
3338
msgstr ""
3332
3339
3333
#: serverguide/C/virtualization.xml:526(para)
3340
#: serverguide/C/virtualization.xml:524(para)
3334
3341
msgid ""
3335
3342
"After an amount of time required to download all the images from the "
3336
"internet, you will have a complete set of cloud images stored locally. To "
3343
"Internet, you will have a complete set of cloud images stored locally. To "
3337
3344
"see what has been downloaded use the following command:"
3338
3345
msgstr ""
3339
3346
3340
#: serverguide/C/virtualization.xml:530(programlisting)
3347
#: serverguide/C/virtualization.xml:528(programlisting)
3341
3348
#, no-wrap
3342
3349
msgid ""
3343
3350
"$ uvt-simplestreams-libvirt query\n"
3348
3355
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3349
3356
msgstr ""
3350
3357
3351
#: serverguide/C/virtualization.xml:538(para)
3358
#: serverguide/C/virtualization.xml:536(para)
3352
3359
msgid ""
3353
3360
"In the case where you want to synchronize only one specific cloud-image, you "
3354
3361
"need to use the release= and arch= filters to identify which image needs to "
3355
3362
"be synchronized."
3356
3363
msgstr ""
3357
3364
3358
#: serverguide/C/virtualization.xml:541(programlisting)
3365
#: serverguide/C/virtualization.xml:539(programlisting)
3359
3366
#, no-wrap
3360
3367
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3361
3368
msgstr ""
3362
3369
3363
#: serverguide/C/virtualization.xml:546(title)
3370
#: serverguide/C/virtualization.xml:544(title)
3364
3371
msgid "Create the VM using uvt-kvm"
3365
3372
msgstr ""
3366
3373
3367
#: serverguide/C/virtualization.xml:548(para)
3374
#: serverguide/C/virtualization.xml:546(para)
3368
3375
msgid ""
3369
"In order to be able to connect to the virtual machine once it has been "
3370
"created, it is necessary to have a valid SSH key available for the ubuntu "
3371
"user. If your environment does not have a ssh key, you can easily create one "
3372
"using the following command:"
3376
"In order to connect to the virtual machine once it has been created, you "
3377
"must have a valid SSH key available for the Ubuntu user. If your environment "
3378
"does not have an SSH key, you can easily create one using the following "
3379
"command:"
3373
3380
msgstr ""
3374
3381
3375
#: serverguide/C/virtualization.xml:552(programlisting)
3382
#: serverguide/C/virtualization.xml:548(programlisting)
3376
3383
#, no-wrap
3377
3384
msgid ""
3378
3385
"\n"
3399
3406
"+-----------------+\n"
3400
3407
msgstr ""
3401
3408
3409
#: serverguide/C/virtualization.xml:571(para)
3410
msgid ""
3411
"To create of a new virtual machine using uvtool, run the following in a "
3412
"terminal:"
3413
msgstr ""
3414
3415
#: serverguide/C/virtualization.xml:573(programlisting)
3416
#, no-wrap
3417
msgid "$ uvt-kvm create firsttest"
3418
msgstr ""
3419
3402
3420
#: serverguide/C/virtualization.xml:575(para)
3403
3421
msgid ""
3404
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3405
"form, you only need to do:"
3406
msgstr ""
3407
3408
#: serverguide/C/virtualization.xml:578(programlisting)
3409
#, no-wrap
3410
msgid "$ uvt-kvm create firsttest"
3411
msgstr ""
3412
3413
#: serverguide/C/virtualization.xml:580(para)
3414
msgid ""
3415
3422
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3416
3423
"using the current LTS cloud image available locally. If you want to specify "
3417
3424
"a release to be used to create the VM, you need to use the <emphasis "
3418
"role=\"bold\">release=</emphasis> filter"
3425
"role=\"bold\">release=</emphasis> filter:"
3426
msgstr ""
3427
3428
#: serverguide/C/virtualization.xml:578(programlisting)
3429
#, no-wrap
3430
msgid "$ uvt-kvm create secondtest release=trusty"
3431
msgstr ""
3432
3433
#: serverguide/C/virtualization.xml:580(para)
3434
msgid ""
3435
"<application>uvt-kvm wait</application> can be used to wait until the "
3436
"creation of the VM has completed:"
3419
3437
msgstr ""
3420
3438
3421
3439
#: serverguide/C/virtualization.xml:583(programlisting)
3422
3440
#, no-wrap
3423
msgid "$ uvt-kvm create secondtest release=trusty"
3424
msgstr ""
3425
3426
#: serverguide/C/virtualization.xml:585(para)
3427
msgid ""
3428
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3429
"the creation of the VM has completed"
3430
msgstr ""
3431
3432
#: serverguide/C/virtualization.xml:588(programlisting)
3433
#, no-wrap
3434
3441
msgid ""
3435
3442
"$ uvt-kvm wait secondttest --insecure\n"
3436
3443
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3437
3444
msgstr ""
3438
3445
3439
#: serverguide/C/virtualization.xml:593(title)
3446
#: serverguide/C/virtualization.xml:588(title)
3440
3447
msgid "Connect to the running VM"
3441
3448
msgstr ""
3442
3449
3443
#: serverguide/C/virtualization.xml:594(para)
3450
#: serverguide/C/virtualization.xml:589(para)
3444
3451
msgid ""
3445
3452
"Once the virtual machine creation is completed, you can connect to it using "
3446
"ssh:"
3453
"SSH:"
3447
3454
msgstr ""
3448
3455
3449
#: serverguide/C/virtualization.xml:597(programlisting)
3456
#: serverguide/C/virtualization.xml:592(programlisting)
3450
3457
#, no-wrap
3451
3458
msgid "$ uvt-kvm ssh secondtest --insecure"
3452
3459
msgstr ""
3453
3460
3454
#: serverguide/C/virtualization.xml:599(para)
3461
#: serverguide/C/virtualization.xml:594(para)
3455
3462
msgid ""
3456
3463
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3457
"required so you should be using this mechanism to connect to your VM only if "
3458
"you completely trust your network infrastructure"
3464
"required, so use this mechanism to connect to your VM only if you completely "
3465
"trust your network infrastructure."
3459
3466
msgstr ""
3460
3467
3461
#: serverguide/C/virtualization.xml:602(para)
3468
#: serverguide/C/virtualization.xml:596(para)
3462
3469
msgid ""
3463
"You can also connect to your VM using a regular ssh session using the IP "
3470
"You can also connect to your VM using a regular SSH session using the IP "
3464
3471
"address of the VM. The address can be queried using the following command:"
3465
3472
msgstr ""
3466
3473
3467
#: serverguide/C/virtualization.xml:605(programlisting)
3474
#: serverguide/C/virtualization.xml:598(programlisting)
3468
3475
#, no-wrap
3469
3476
msgid ""
3470
3477
"\n"
3495
3502
"\n"
3496
3503
msgstr ""
3497
3504
3498
#: serverguide/C/virtualization.xml:631(title)
3505
#: serverguide/C/virtualization.xml:624(title)
3499
3506
msgid "Get the list of running VMs"
3500
3507
msgstr ""
3501
3508
3502
#: serverguide/C/virtualization.xml:632(para)
3503
msgid "You can get the list of VM running on your system with this command:"
3509
#: serverguide/C/virtualization.xml:625(para)
3510
msgid "You can get the list of VMs running on your system with this command:"
3504
3511
msgstr ""
3505
3512
3506
#: serverguide/C/virtualization.xml:634(programlisting)
3513
#: serverguide/C/virtualization.xml:627(programlisting)
3507
3514
#, no-wrap
3508
3515
msgid ""
3509
3516
"$ uvt-kvm list\n"
3510
3517
"secondtest\n"
3511
3518
msgstr ""
3512
3519
3513
#: serverguide/C/virtualization.xml:639(title)
3520
#: serverguide/C/virtualization.xml:632(title)
3514
3521
msgid "Destroy your VM"
3515
3522
msgstr ""
3516
3523
3517
#: serverguide/C/virtualization.xml:640(para)
3518
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3524
#: serverguide/C/virtualization.xml:633(para)
3525
msgid "Once you are done with your VM, you can destroy it with:"
3519
3526
msgstr ""
3520
3527
3521
#: serverguide/C/virtualization.xml:642(programlisting)
3528
#: serverguide/C/virtualization.xml:635(programlisting)
3522
3529
#, no-wrap
3523
3530
msgid "$ uvt-kvm destroy secondtest"
3524
3531
msgstr ""
3525
3532
3526
#: serverguide/C/virtualization.xml:644(title)
3533
#: serverguide/C/virtualization.xml:637(title)
3527
3534
msgid "More uvt-kvm options"
3528
3535
msgstr ""
3529
3536
3530
#: serverguide/C/virtualization.xml:646(para)
3537
#: serverguide/C/virtualization.xml:639(para)
3531
3538
msgid ""
3532
3539
"The following options can be used to change some of the characteristics of "
3533
"the virtual memory that you are creating"
3540
"the VM that you are creating:"
3541
msgstr ""
3542
3543
#: serverguide/C/virtualization.xml:642(para)
3544
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3545
msgstr ""
3546
3547
#: serverguide/C/virtualization.xml:643(para)
3548
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3549
msgstr ""
3550
3551
#: serverguide/C/virtualization.xml:644(para)
3552
msgid "--cpu : Number of CPU cores. Default: 1."
3553
msgstr ""
3554
3555
#: serverguide/C/virtualization.xml:647(para)
3556
msgid ""
3557
"Some other parameters will have an impact on the cloud-init configuration:"
3558
msgstr ""
3559
3560
#: serverguide/C/virtualization.xml:649(para)
3561
msgid ""
3562
"--password password : Allow login to the VM using the Ubuntu account and "
3563
"this provided password."
3534
3564
msgstr ""
3535
3565
3536
3566
#: serverguide/C/virtualization.xml:650(para)
3537
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3538
msgstr ""
3539
3540
#: serverguide/C/virtualization.xml:651(para)
3541
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3542
msgstr ""
3543
3544
#: serverguide/C/virtualization.xml:652(para)
3545
msgid "--cpu : Number of CPU cores. Default: 1"
3546
msgstr ""
3547
3548
#: serverguide/C/virtualization.xml:655(para)
3549
msgid ""
3550
"Some other parameters will have an impact on the cloud-init configuration"
3551
msgstr ""
3552
3553
#: serverguide/C/virtualization.xml:657(para)
3554
msgid ""
3555
"--password password : Allow login to the VM using the ubuntu account and "
3556
"this provided password"
3557
msgstr ""
3558
3559
#: serverguide/C/virtualization.xml:658(para)
3560
3567
msgid ""
3561
3568
"--run-script-once script_file : Run script_file as root on the VM the first "
3562
3569
"time it is booted, but never again."
3563
3570
msgstr ""
3564
3571
3565
#: serverguide/C/virtualization.xml:659(para)
3572
#: serverguide/C/virtualization.xml:651(para)
3566
3573
msgid ""
3567
3574
"--packages package_list : Install the comma-separated packages specified in "
3568
3575
"package_list on first boot."
3569
3576
msgstr ""
3570
3577
3571
#: serverguide/C/virtualization.xml:662(para)
3578
#: serverguide/C/virtualization.xml:654(para)
3572
3579
msgid ""
3573
3580
"A complete description of all available modifiers is available in the "
3574
"manpage of uvt-kvm"
3581
"manpage of uvt-kvm."
3575
3582
msgstr ""
3576
3583
3577
#: serverguide/C/virtualization.xml:1073(para)
3584
#: serverguide/C/virtualization.xml:661(para)
3578
3585
msgid ""
3579
3586
"If you are interested in learning more, have questions or suggestions, "
3580
3587
"please contact the Ubuntu Server Team at:"
3581
3588
msgstr ""
3582
3589
3583
#: serverguide/C/virtualization.xml:1078(para)
3590
#: serverguide/C/virtualization.xml:666(para)
3584
3591
msgid "IRC: #ubuntu-server on freenode"
3585
3592
msgstr ""
3586
3593
3587
#: serverguide/C/virtualization.xml:1083(para)
3594
#: serverguide/C/virtualization.xml:670(para)
3588
3595
msgid ""
3589
3596
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3590
3597
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3591
3598
msgstr ""
3592
3599
3593
#: serverguide/C/virtualization.xml:2121(title)
3600
#: serverguide/C/virtualization.xml:679(title)
3594
3601
msgid "Ubuntu Cloud"
3595
3602
msgstr ""
3596
3603
3597
#: serverguide/C/virtualization.xml:2122(para)
3604
#: serverguide/C/virtualization.xml:681(para)
3598
3605
msgid ""
3599
3606
"<application>Cloud computing</application> is a computing model that allows "
3600
3607
"vast pools of resources to be allocated on-demand. These resources such as "
3606
3613
"build highly scalable, cloud computing for both public and private clouds."
3607
3614
msgstr ""
3608
3615
3609
#: serverguide/C/virtualization.xml:700(title)
3616
#: serverguide/C/virtualization.xml:692(title)
3610
3617
msgid "Installation and Configuration"
3611
3618
msgstr ""
3612
3619
3613
#: serverguide/C/virtualization.xml:702(para)
3620
#: serverguide/C/virtualization.xml:694(para)
3614
3621
msgid ""
3615
3622
"Due to the current high rate of development of this complex technology we "
3616
3623
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3618
3625
"concerning installation and configuration."
3619
3626
msgstr ""
3620
3627
3621
#: serverguide/C/virtualization.xml:2452(title)
3628
#: serverguide/C/virtualization.xml:703(title)
3622
3629
msgid "Support and Troubleshooting"
3623
3630
msgstr ""
3624
3631
3625
#: serverguide/C/virtualization.xml:2453(para)
3632
#: serverguide/C/virtualization.xml:705(para)
3626
3633
msgid "Community Support"
3627
3634
msgstr ""
3628
3635
3629
#: serverguide/C/virtualization.xml:2457(ulink)
3636
#: serverguide/C/virtualization.xml:709(ulink)
3630
3637
msgid "OpenStack Mailing list"
3631
3638
msgstr ""
3632
3639
3633
#: serverguide/C/virtualization.xml:2462(ulink)
3640
#: serverguide/C/virtualization.xml:714(ulink)
3634
3641
msgid "The OpenStack Wiki search"
3635
3642
msgstr ""
3636
3643
3637
#: serverguide/C/virtualization.xml:2468(ulink)
3644
#: serverguide/C/virtualization.xml:719(ulink)
3638
3645
msgid "Launchpad bugs area"
3639
3646
msgstr ""
3640
3647
3641
#: serverguide/C/virtualization.xml:2472(para)
3648
#: serverguide/C/virtualization.xml:724(para)
3642
3649
msgid "Join the IRC channel #openstack on freenode."
3643
3650
msgstr ""
3644
3651
3645
#: serverguide/C/virtualization.xml:2486(ulink)
3652
#: serverguide/C/virtualization.xml:735(ulink)
3646
3653
msgid "Cloud Computing - Service models"
3647
3654
msgstr ""
3648
3655
3649
#: serverguide/C/virtualization.xml:2491(ulink)
3656
#: serverguide/C/virtualization.xml:741(ulink)
3650
3657
msgid "OpenStack Compute"
3651
3658
msgstr ""
3652
3659
3653
#: serverguide/C/virtualization.xml:2496(ulink)
3660
#: serverguide/C/virtualization.xml:747(ulink)
3654
3661
msgid "OpenStack Image Service"
3655
3662
msgstr ""
3656
3663
3657
#: serverguide/C/virtualization.xml:2501(ulink)
3664
#: serverguide/C/virtualization.xml:753(ulink)
3658
3665
msgid "OpenStack Object Storage Administration Guide"
3659
3666
msgstr ""
3660
3667
3661
#: serverguide/C/virtualization.xml:2506(ulink)
3668
#: serverguide/C/virtualization.xml:759(ulink)
3662
3669
msgid "Installing OpenStack Object Storage on Ubuntu"
3663
3670
msgstr ""
3664
3671
3665
#: serverguide/C/virtualization.xml:2511(ulink)
3672
#: serverguide/C/virtualization.xml:765(ulink)
3666
3673
msgid "http://cloudglossary.com/"
3667
3674
msgstr ""
3668
3675
3669
#: serverguide/C/virtualization.xml:2586(title)
3676
#: serverguide/C/virtualization.xml:775(title)
3670
3677
msgid "LXC"
3671
3678
msgstr ""
3672
3679
3673
#: serverguide/C/virtualization.xml:785(para)
3680
#: serverguide/C/virtualization.xml:777(para)
3674
3681
msgid ""
3675
3682
"Containers are a lightweight virtualization technology. They are more akin "
3676
3683
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3682
3689
"and OpenVZ functionality."
3683
3690
msgstr ""
3684
3691
3685
#: serverguide/C/virtualization.xml:2602(para)
3692
#: serverguide/C/virtualization.xml:787(para)
3686
3693
msgid ""
3687
3694
"There are two user-space implementations of containers, each exploiting the "
3688
3695
"same kernel features. Libvirt allows the use of containers through the LXC "
3693
3700
"there are peculiarities which can cause confusion."
3694
3701
msgstr ""
3695
3702
3696
#: serverguide/C/virtualization.xml:804(para)
3703
#: serverguide/C/virtualization.xml:796(para)
3697
3704
msgid ""
3698
3705
"In this document we will mainly describe the <application>lxc</application> "
3699
3706
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
3700
3707
"Apparmor protection for libvirt-lxc containers."
3701
3708
msgstr ""
3702
3709
3703
#: serverguide/C/virtualization.xml:2618(para)
3710
#: serverguide/C/virtualization.xml:801(para)
3704
3711
msgid "In this document, a container name will be shown as CN, C1, or C2."
3705
3712
msgstr ""
3706
3713
3707
#: serverguide/C/virtualization.xml:2624(para)
3714
#: serverguide/C/virtualization.xml:807(para)
3708
3715
msgid "The <application>lxc</application> package can be installed using"
3709
3716
msgstr ""
3710
3717
3711
#: serverguide/C/virtualization.xml:2629(command)
3718
#: serverguide/C/virtualization.xml:811(command)
3712
3719
msgid "sudo apt-get install lxc"
3713
3720
msgstr ""
3714
3721
3715
#: serverguide/C/virtualization.xml:824(para)
3722
#: serverguide/C/virtualization.xml:816(para)
3716
3723
msgid ""
3717
3724
"This will pull in the required and recommended dependencies, as well as set "
3718
3725
"up a network bridge for containers to use. If you wish to use unprivileged "
3721
3728
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
3722
3729
msgstr ""
3723
3730
3724
#: serverguide/C/virtualization.xml:834(title) serverguide/C/vcs.xml:104(title)
3731
#: serverguide/C/virtualization.xml:826(title) serverguide/C/vcs.xml:111(title)
3725
3732
msgid "Basic usage"
3726
3733
msgstr ""
3727
3734
3728
#: serverguide/C/virtualization.xml:835(para)
3735
#: serverguide/C/virtualization.xml:827(para)
3729
3736
msgid ""
3730
3737
"LXC can be used in two distinct ways - privileged, by running the lxc "
3731
3738
"commands as the root user; or unprivileged, by running the lxc commands as a "
3736
3743
"in the container is mapped to a non-root userid on the host."
3737
3744
msgstr ""
3738
3745
3739
#: serverguide/C/virtualization.xml:847(title)
3746
#: serverguide/C/virtualization.xml:839(title)
3740
3747
msgid "Basic privileged usage"
3741
3748
msgstr ""
3742
3749
3743
#: serverguide/C/virtualization.xml:848(para)
3744
msgid "To create a privileged container, you can simply to"
3750
#: serverguide/C/virtualization.xml:840(para)
3751
msgid "To create a privileged container, you can simply do:"
3745
3752
msgstr ""
3746
3753
3747
#: serverguide/C/virtualization.xml:852(command)
3754
#: serverguide/C/virtualization.xml:844(command)
3748
3755
msgid "sudo lxc-create --template download --name u1"
3749
3756
msgstr ""
3750
3757
3751
#: serverguide/C/virtualization.xml:856(command)
3758
#: serverguide/C/virtualization.xml:848(command)
3752
3759
msgid "sudo lxc-create -t download -n u1"
3753
3760
msgstr ""
3754
3761
3755
#: serverguide/C/virtualization.xml:851(screen)
3762
#: serverguide/C/virtualization.xml:843(screen)
3756
3763
#, no-wrap
3757
3764
msgid ""
3758
3765
"\n"
3761
3768
"<placeholder-2/>\n"
3762
3769
msgstr ""
3763
3770
3764
#: serverguide/C/virtualization.xml:860(para)
3771
#: serverguide/C/virtualization.xml:852(para)
3765
3772
msgid ""
3766
3773
"This will interactively ask for a container root filesystem type to download "
3767
3774
"- in particular the distribution, release, and architecture. To create the "
3769
3776
"line:"
3770
3777
msgstr ""
3771
3778
3772
#: serverguide/C/virtualization.xml:867(command)
3779
#: serverguide/C/virtualization.xml:859(command)
3773
3780
msgid ""
3774
3781
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release trusty --arch "
3775
3782
"amd64"
3776
3783
msgstr ""
3777
3784
3778
#: serverguide/C/virtualization.xml:871(command)
3785
#: serverguide/C/virtualization.xml:863(command)
3779
3786
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64"
3780
3787
msgstr ""
3781
3788
3782
#: serverguide/C/virtualization.xml:866(screen)
3789
#: serverguide/C/virtualization.xml:858(screen)
3783
3790
#, no-wrap
3784
3791
msgid ""
3785
3792
"\n"
3788
3795
"<placeholder-2/>\n"
3789
3796
msgstr ""
3790
3797
3791
#: serverguide/C/virtualization.xml:876(para)
3798
#: serverguide/C/virtualization.xml:868(para)
3792
3799
msgid ""
3793
3800
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
3794
3801
"info</command> to obtain detailed container information, <command>lxc-"
3800
3807
"look like:"
3801
3808
msgstr ""
3802
3809
3803
#: serverguide/C/virtualization.xml:887(command)
3810
#: serverguide/C/virtualization.xml:879(command)
3804
3811
msgid ""
3805
3812
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
3806
3813
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
3807
3814
msgstr ""
3808
3815
3809
#: serverguide/C/virtualization.xml:899(title)
3816
#: serverguide/C/virtualization.xml:891(title)
3810
3817
msgid "User namespaces"
3811
3818
msgstr ""
3812
3819
3813
#: serverguide/C/virtualization.xml:900(para)
3820
#: serverguide/C/virtualization.xml:892(para)
3814
3821
msgid ""
3815
3822
"Unprivileged containers allow users to create and administer containers "
3816
3823
"without having any root privilege. The feature underpinning this is called "
3827
3834
"convention started at id 100000 to avoid conflicting with system users."
3828
3835
msgstr ""
3829
3836
3830
#: serverguide/C/virtualization.xml:918(para)
3837
#: serverguide/C/virtualization.xml:910(para)
3831
3838
msgid ""
3832
3839
"If a user was created on an earlier release, it can be granted a range of "
3833
3840
"ids using <command>usermod</command>, as follows:"
3834
3841
msgstr ""
3835
3842
3836
#: serverguide/C/virtualization.xml:923(command)
3843
#: serverguide/C/virtualization.xml:915(command)
3837
3844
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
3838
3845
msgstr ""
3839
3846
3840
#: serverguide/C/virtualization.xml:928(para)
3847
#: serverguide/C/virtualization.xml:920(para)
3841
3848
msgid ""
3842
3849
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
3843
3850
"are setuid-root programs in the <filename>uidmap</filename> package, which "
3846
3853
"authorized by the host configuration."
3847
3854
msgstr ""
3848
3855
3849
#: serverguide/C/virtualization.xml:939(title)
3856
#: serverguide/C/virtualization.xml:931(title)
3850
3857
msgid "Basic unprivileged usage"
3851
3858
msgstr ""
3852
3859
3853
#: serverguide/C/virtualization.xml:943(para)
3860
#: serverguide/C/virtualization.xml:935(para)
3854
3861
msgid ""
3855
3862
"To create unprivileged containers, a few first steps are needed. You will "
3856
3863
"need to create a default container configuration file, specifying your "
3859
3866
"assumes that your mapped user and group id ranges are 100000-165536."
3860
3867
msgstr ""
3861
3868
3862
#: serverguide/C/virtualization.xml:952(command)
3869
#: serverguide/C/virtualization.xml:944(command)
3863
3870
msgid ""
3864
3871
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
3865
3872
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
3869
3876
"/etc/lxc/lxc-usernet"
3870
3877
msgstr ""
3871
3878
3872
#: serverguide/C/virtualization.xml:962(para)
3879
#: serverguide/C/virtualization.xml:954(para)
3873
3880
msgid ""
3874
3881
"After this, you can create unprivileged containers the same way as "
3875
3882
"privileged ones, simply without using sudo."
3876
3883
msgstr ""
3877
3884
3878
#: serverguide/C/virtualization.xml:967(command)
3885
#: serverguide/C/virtualization.xml:959(command)
3879
3886
msgid ""
3880
3887
"lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64 lxc-start -n u1 "
3881
3888
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
3882
3889
msgstr ""
3883
3890
3884
#: serverguide/C/virtualization.xml:978(title)
3891
#: serverguide/C/virtualization.xml:970(title)
3885
3892
msgid "Nesting"
3886
3893
msgstr ""
3887
3894
3888
#: serverguide/C/virtualization.xml:979(para)
3895
#: serverguide/C/virtualization.xml:971(para)
3889
3896
msgid ""
3890
3897
"In order to run containers inside containers - referred to as nested "
3891
3898
"containers - two lines must be present in the parent container configuration "
3902
3909
"information."
3903
3910
msgstr ""
3904
3911
3905
#: serverguide/C/virtualization.xml:1001(title)
3912
#: serverguide/C/virtualization.xml:993(title)
3906
3913
msgid "Global configuration"
3907
3914
msgstr ""
3908
3915
3909
#: serverguide/C/virtualization.xml:1008(para)
3916
#: serverguide/C/virtualization.xml:1000(para)
3910
3917
msgid ""
3911
3918
"<filename>lxc.conf</filename> may optionally specify alternate values for "
3912
3919
"several lxc settings, including the lxcpath, the default configuration, "
3914
3921
"lvm and zfs."
3915
3922
msgstr ""
3916
3923
3917
#: serverguide/C/virtualization.xml:1015(para)
3924
#: serverguide/C/virtualization.xml:1007(para)
3918
3925
msgid ""
3919
3926
"<filename>default.conf</filename> specifies configuration which every newly "
3920
3927
"created container should contain. This usually contains at least a network "
3921
3928
"section, and, for unprivileged users, an id mapping section"
3922
3929
msgstr ""
3923
3930
3924
#: serverguide/C/virtualization.xml:1022(para)
3931
#: serverguide/C/virtualization.xml:1014(para)
3925
3932
msgid ""
3926
3933
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3927
3934
"connect their containers to the host-owned network."
3928
3935
msgstr ""
3929
3936
3930
#: serverguide/C/virtualization.xml:1002(para)
3937
#: serverguide/C/virtualization.xml:994(para)
3931
3938
msgid ""
3932
3939
"The following configuration files are consulted by LXC. For privileged use, "
3933
3940
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3934
3941
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3935
3942
msgstr ""
3936
3943
3937
#: serverguide/C/virtualization.xml:1028(para)
3944
#: serverguide/C/virtualization.xml:1020(para)
3938
3945
msgid ""
3939
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3940
"exist both under <filename>/etc/lxc</filename> and "
3946
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3947
"under <filename>/etc/lxc</filename> and "
3941
3948
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3942
3949
"usernet.conf</filename> is only host-wide."
3943
3950
msgstr ""
3944
3951
3945
#: serverguide/C/virtualization.xml:1033(para)
3952
#: serverguide/C/virtualization.xml:1025(para)
3946
3953
msgid ""
3947
3954
"By default, containers are located under /var/lib/lxc for the root user, and "
3948
3955
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3949
3956
"commands using the \"-P|--lxcpath\" argument."
3950
3957
msgstr ""
3951
3958
3952
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3959
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3953
3960
msgid "Networking"
3954
3961
msgstr ""
3955
3962
3956
#: serverguide/C/virtualization.xml:1043(para)
3963
#: serverguide/C/virtualization.xml:1035(para)
3957
3964
msgid ""
3958
3965
"By default LXC creates a private network namespace for each container, which "
3959
3966
"includes a layer 2 networking stack. Containers usually connect to the "
3965
3972
"container is not usable on the host."
3966
3973
msgstr ""
3967
3974
3968
#: serverguide/C/virtualization.xml:1051(para)
3975
#: serverguide/C/virtualization.xml:1043(para)
3969
3976
msgid ""
3970
3977
"It is possible to create a container without a private network namespace. In "
3971
3978
"this case, the container will have access to the host networking like any "
3975
3982
"Unix domain socket to the host's upstart, and shut down the host."
3976
3983
msgstr ""
3977
3984
3978
#: serverguide/C/virtualization.xml:1057(para)
3985
#: serverguide/C/virtualization.xml:1049(para)
3979
3986
msgid ""
3980
3987
"To give containers on lxcbr0 a persistent ip address based on domain name, "
3981
3988
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
3985
3992
"</screen>"
3986
3993
msgstr ""
3987
3994
3988
#: serverguide/C/virtualization.xml:1065(para)
3995
#: serverguide/C/virtualization.xml:1057(para)
3989
3996
msgid ""
3990
3997
"If it is desirable for the container to be publicly accessible, there are a "
3991
3998
"few ways to go about it. One is to use <command>iptables</command> to "
4004
4011
"are preferred and more commonly used."
4005
4012
msgstr ""
4006
4013
4007
#: serverguide/C/virtualization.xml:1086(para)
4014
#: serverguide/C/virtualization.xml:1078(para)
4008
4015
msgid ""
4009
4016
"There are several ways to determine the ip address for a container. First, "
4010
4017
"you can use <command>lxc-ls --fancy</command> which will print the ip "
4020
4027
"</screen>"
4021
4028
msgstr ""
4022
4029
4023
#: serverguide/C/virtualization.xml:1101(para)
4030
#: serverguide/C/virtualization.xml:1093(para)
4024
4031
msgid ""
4025
4032
"For more information, see the lxc.conf manpage as well as the example "
4026
4033
"network configurations under "
4027
4034
"<filename>/usr/share/doc/lxc/examples/</filename>."
4028
4035
msgstr ""
4029
4036
4030
#: serverguide/C/virtualization.xml:1107(title)
4037
#: serverguide/C/virtualization.xml:1099(title)
4031
4038
msgid "LXC startup"
4032
4039
msgstr ""
4033
4040
4034
#: serverguide/C/virtualization.xml:1109(para)
4041
#: serverguide/C/virtualization.xml:1101(para)
4035
4042
msgid ""
4036
4043
"LXC does not have a long-running daemon. However it does have three upstart "
4037
4044
"jobs."
4038
4045
msgstr ""
4039
4046
4040
#: serverguide/C/virtualization.xml:1115(para)
4047
#: serverguide/C/virtualization.xml:1107(para)
4041
4048
msgid ""
4042
4049
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
4043
4050
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
4044
4051
"(true by default). It sets up a NATed bridge for containers to use."
4045
4052
msgstr ""
4046
4053
4047
#: serverguide/C/virtualization.xml:1123(para)
4054
#: serverguide/C/virtualization.xml:1115(para)
4048
4055
msgid ""
4049
4056
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
4050
4057
"optionally starts any autostart containers. The autostart containers will be "
4053
4060
"more information on autostarted containers."
4054
4061
msgstr ""
4055
4062
4056
#: serverguide/C/virtualization.xml:1133(para)
4063
#: serverguide/C/virtualization.xml:1125(para)
4057
4064
msgid ""
4058
"<filename>/etc/init/lxc-instance.conf:</filename> is used by "
4065
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
4059
4066
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4060
4067
msgstr ""
4061
4068
4062
#: serverguide/C/virtualization.xml:3232(title)
4069
#: serverguide/C/virtualization.xml:1134(title)
4063
4070
msgid "Backing Stores"
4064
4071
msgstr ""
4065
4072
4066
#: serverguide/C/virtualization.xml:1143(para)
4073
#: serverguide/C/virtualization.xml:1135(para)
4067
4074
msgid ""
4068
4075
"LXC supports several backing stores for container root filesystems. The "
4069
4076
"default is a simple directory backing store, because it requires no prior "
4078
4085
"<filename>$lxcpath/C1/rootfs</filename>."
4079
4086
msgstr ""
4080
4087
4081
#: serverguide/C/virtualization.xml:1157(para)
4088
#: serverguide/C/virtualization.xml:1149(para)
4082
4089
msgid ""
4083
4090
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
4084
4091
"backed container, with a rootfs called "
4086
4093
" Other backing store types include loop, btrfs, LVM and zfs."
4087
4094
msgstr ""
4088
4095
4089
#: serverguide/C/virtualization.xml:1165(para)
4096
#: serverguide/C/virtualization.xml:1157(para)
4090
4097
msgid ""
4091
4098
"A btrfs backed container mostly looks like a directory backed container, "
4092
4099
"with its root filesystem in the same location. However, the root filesystem "
4094
4101
"snapshot."
4095
4102
msgstr ""
4096
4103
4097
#: serverguide/C/virtualization.xml:1172(para)
4104
#: serverguide/C/virtualization.xml:1164(para)
4098
4105
msgid ""
4099
4106
"The root filesystem for an LVM backed container can be any separate LV. The "
4100
4107
"default VG name can be specified in lxc.conf. The filesystem type and size "
4101
4108
"are configurable per-container using lxc-create."
4102
4109
msgstr ""
4103
4110
4104
#: serverguide/C/virtualization.xml:1178(para)
4111
#: serverguide/C/virtualization.xml:1170(para)
4105
4112
msgid ""
4106
4113
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
4107
4114
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
4109
4116
"in lxc.system.conf."
4110
4117
msgstr ""
4111
4118
4112
#: serverguide/C/virtualization.xml:1185(para)
4119
#: serverguide/C/virtualization.xml:1177(para)
4113
4120
msgid ""
4114
4121
"More information on creating containers with the various backing stores can "
4115
4122
"be found in the lxc-create manual page."
4116
4123
msgstr ""
4117
4124
4118
#: serverguide/C/virtualization.xml:1192(title)
4125
#: serverguide/C/virtualization.xml:1184(title)
4119
4126
msgid "Templates"
4120
4127
msgstr ""
4121
4128
4122
#: serverguide/C/virtualization.xml:1193(para)
4129
#: serverguide/C/virtualization.xml:1185(para)
4123
4130
msgid ""
4124
4131
"Creating a container generally involves creating a root filesystem for the "
4125
4132
"container. <command>lxc-create</command> delegates this work to "
4130
4137
"others."
4131
4138
msgstr ""
4132
4139
4133
#: serverguide/C/virtualization.xml:1202(para)
4140
#: serverguide/C/virtualization.xml:1194(para)
4134
4141
msgid ""
4135
4142
"Creating distribution images in most cases requires the ability to create "
4136
4143
"device nodes, often requires tools which are not available in other "
4141
4148
"could not for instance easily run the <command>debootstrap</command> command."
4142
4149
msgstr ""
4143
4150
4144
#: serverguide/C/virtualization.xml:1212(para)
4151
#: serverguide/C/virtualization.xml:1204(para)
4145
4152
msgid ""
4146
4153
"When running <command>lxc-create</command>, all options which come after "
4147
4154
"<emphasis>--</emphasis> are passed to the template. In the following "
4154
4161
"</screen>"
4155
4162
msgstr ""
4156
4163
4157
#: serverguide/C/virtualization.xml:1224(para)
4164
#: serverguide/C/virtualization.xml:1216(para)
4158
4165
msgid ""
4159
4166
"You can obtain help for the options supported by any particular container by "
4160
4167
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
4161
4168
"create</command>. For instance, for help with the download template,"
4162
4169
msgstr ""
4163
4170
4164
#: serverguide/C/virtualization.xml:1231(command)
4171
#: serverguide/C/virtualization.xml:1223(command)
4165
4172
msgid "lxc-create --template download --help"
4166
4173
msgstr ""
4167
4174
4168
#: serverguide/C/virtualization.xml:1237(title)
4175
#: serverguide/C/virtualization.xml:1229(title)
4169
4176
msgid "Autostart"
4170
4177
msgstr ""
4171
4178
4172
#: serverguide/C/virtualization.xml:1238(para)
4179
#: serverguide/C/virtualization.xml:1230(para)
4173
4180
msgid ""
4174
4181
"LXC supports marking containers to be started at system boot. Prior to "
4175
4182
"Ubuntu 14.04, this was done using symbolic links under the directory "
4186
4193
"lxc.container.conf for more information."
4187
4194
msgstr ""
4188
4195
4189
#: serverguide/C/virtualization.xml:2859(title)
4196
#: serverguide/C/virtualization.xml:1248(title)
4190
4197
msgid "Apparmor"
4191
4198
msgstr ""
4192
4199
4193
#: serverguide/C/virtualization.xml:1258(para)
4200
#: serverguide/C/virtualization.xml:1250(para)
4194
4201
msgid ""
4195
4202
"LXC ships with a default Apparmor profile intended to protect the host from "
4196
4203
"accidental misuses of privilege inside the container. For instance, the "
4198
4205
"trigger</filename> or to most <filename>/sys</filename> files."
4199
4206
msgstr ""
4200
4207
4201
#: serverguide/C/virtualization.xml:2867(para)
4208
#: serverguide/C/virtualization.xml:1256(para)
4202
4209
msgid ""
4203
4210
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4204
4211
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4211
4218
"dangerous paths, and from mounting most filesystems."
4212
4219
msgstr ""
4213
4220
4214
#: serverguide/C/virtualization.xml:1275(para)
4221
#: serverguide/C/virtualization.xml:1267(para)
4215
4222
msgid ""
4216
4223
"Programs in a container cannot be further confined - for instance, MySQL "
4217
4224
"runs under the container profile (protecting the host) but will not be able "
4218
4225
"to enter the MySQL profile (to protect the container)."
4219
4226
msgstr ""
4220
4227
4221
#: serverguide/C/virtualization.xml:2926(para)
4228
#: serverguide/C/virtualization.xml:1272(para)
4222
4229
msgid ""
4223
4230
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4224
4231
"container it spawns will be confined."
4225
4232
msgstr ""
4226
4233
4227
#: serverguide/C/virtualization.xml:1283(title)
4234
#: serverguide/C/virtualization.xml:1275(title)
4228
4235
msgid "Customizing container policies"
4229
4236
msgstr ""
4230
4237
4231
#: serverguide/C/virtualization.xml:2879(para)
4238
#: serverguide/C/virtualization.xml:1276(para)
4232
4239
msgid ""
4233
4240
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4234
4241
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4235
4242
"start profile by doing:"
4236
4243
msgstr ""
4237
4244
4238
#: serverguide/C/virtualization.xml:2885(screen)
4245
#: serverguide/C/virtualization.xml:1280(screen)
4239
4246
#, no-wrap
4240
4247
msgid ""
4241
4248
"\n"
4243
4250
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4244
4251
msgstr ""
4245
4252
4246
#: serverguide/C/virtualization.xml:2890(para)
4253
#: serverguide/C/virtualization.xml:1285(para)
4247
4254
msgid ""
4248
4255
"This will make <command>lxc-start</command> run unconfined, but continue to "
4249
4256
"confine the container itself. If you also wish to disable confinement of the "
4251
4258
"start</filename> profile, you must add:"
4252
4259
msgstr ""
4253
4260
4254
#: serverguide/C/virtualization.xml:2897(screen)
4261
#: serverguide/C/virtualization.xml:1290(screen)
4255
4262
#, no-wrap
4256
4263
msgid ""
4257
4264
"\n"
4258
4265
"lxc.aa_profile = unconfined\n"
4259
4266
msgstr ""
4260
4267
4261
#: serverguide/C/virtualization.xml:1302(para)
4268
#: serverguide/C/virtualization.xml:1294(para)
4262
4269
msgid "to the container's configuration file."
4263
4270
msgstr ""
4264
4271
4265
#: serverguide/C/virtualization.xml:1304(para)
4272
#: serverguide/C/virtualization.xml:1296(para)
4266
4273
msgid ""
4267
4274
"LXC ships with a few alternate policies for containers. If you wish to run "
4268
4275
"containers inside containers (nesting), then you can use the lxc-container-"
4271
4278
"lxc.aa_profile = lxc-container-default-with-nesting\n"
4272
4279
"\t</screen> If you wish to use libvirt inside containers, then you will need "
4273
4280
"to edit that policy (which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
4274
"default-with-nesting</filename>) to uncomment the following line <screen>\n"
4281
"default-with-nesting</filename>) by uncommenting the following line: "
4282
"<screen>\n"
4275
4283
"mount fstype=cgroup -> /sys/fs/cgroup/**,\n"
4276
4284
"\t</screen> and re-load the policy."
4277
4285
msgstr ""
4278
4286
4279
#: serverguide/C/virtualization.xml:1321(para)
4287
#: serverguide/C/virtualization.xml:1313(para)
4280
4288
msgid ""
4281
4289
"Note that the nesting policy with privileged containers is far less safe "
4282
4290
"than the default policy, as it allows containers to re-mount "
4286
4294
"<filename>proc</filename> and <filename>sys</filename> files."
4287
4295
msgstr ""
4288
4296
4289
#: serverguide/C/virtualization.xml:1329(para)
4297
#: serverguide/C/virtualization.xml:1321(para)
4290
4298
msgid ""
4291
4299
"Another profile shipped with lxc allows containers to mount block filesystem "
4292
4300
"types like ext4. This can be useful in some cases like maas provisioning, "
4294
4302
"have not been audited for safe handling of untrusted input."
4295
4303
msgstr ""
4296
4304
4297
#: serverguide/C/virtualization.xml:1335(para)
4305
#: serverguide/C/virtualization.xml:1327(para)
4298
4306
msgid ""
4299
4307
"If you need to run a container in a custom profile, you can create a new "
4300
4308
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
4306
4314
"permissions at the bottom of your policy."
4307
4315
msgstr ""
4308
4316
4309
#: serverguide/C/virtualization.xml:1346(para)
4317
#: serverguide/C/virtualization.xml:1338(para)
4310
4318
msgid "After creating the policy, load it using:"
4311
4319
msgstr ""
4312
4320
4313
#: serverguide/C/virtualization.xml:2910(screen)
4321
#: serverguide/C/virtualization.xml:1340(screen)
4314
4322
#, no-wrap
4315
4323
msgid ""
4316
4324
"\n"
4317
4325
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4318
4326
msgstr ""
4319
4327
4320
#: serverguide/C/virtualization.xml:2914(para)
4328
#: serverguide/C/virtualization.xml:1344(para)
4321
4329
msgid ""
4322
4330
"The profile will automatically be loaded after a reboot, because it is "
4323
4331
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4326
4334
"configuration file:"
4327
4335
msgstr ""
4328
4336
4329
#: serverguide/C/virtualization.xml:2922(screen)
4337
#: serverguide/C/virtualization.xml:1351(screen)
4330
4338
#, no-wrap
4331
4339
msgid ""
4332
4340
"\n"
4333
4341
"lxc.aa_profile = lxc-CN-profile\n"
4334
4342
msgstr ""
4335
4343
4336
#: serverguide/C/virtualization.xml:2934(title)
4344
#: serverguide/C/virtualization.xml:1359(title) serverguide/C/cgroups.xml:11(title)
4337
4345
msgid "Control Groups"
4338
4346
msgstr ""
4339
4347
4340
#: serverguide/C/virtualization.xml:1369(para)
4348
#: serverguide/C/virtualization.xml:1361(para)
4341
4349
msgid ""
4342
4350
"Control groups (cgroups) are a kernel feature providing hierarchical task "
4343
4351
"grouping and per-cgroup resource accounting and limits. They are used in "
4346
4354
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4347
4355
msgstr ""
4348
4356
4349
#: serverguide/C/virtualization.xml:1377(para)
4357
#: serverguide/C/virtualization.xml:1369(para)
4350
4358
msgid ""
4351
"By default, a privileged container CN will be assigned a cgroup called "
4359
"By default, a privileged container CN will be assigned to a cgroup called "
4352
4360
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4353
4361
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4354
4362
"at 0, will be appended to the cgroup name."
4355
4363
msgstr ""
4356
4364
4357
#: serverguide/C/virtualization.xml:1383(para)
4365
#: serverguide/C/virtualization.xml:1375(para)
4358
4366
msgid ""
4359
"By default, a privileged container CN will be assigned a cgroup called "
4367
"By default, a privileged container CN will be assigned to a cgroup called "
4360
4368
"<filename>CN</filename> under the cgroup of the task which started the "
4361
4369
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4362
4370
"The container root will be given group ownership of the directory (but not "
4363
4371
"all files) so that it is allowed to create new child cgroups."
4364
4372
msgstr ""
4365
4373
4366
#: serverguide/C/virtualization.xml:1390(para)
4374
#: serverguide/C/virtualization.xml:1382(para)
4367
4375
msgid ""
4368
4376
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4369
4377
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4370
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4378
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4371
4379
"nested containers, the line <screen>\n"
4372
4380
"<command>\n"
4373
4381
"lxc.mount.auto = cgroup\n"
4384
4392
"requests for which they are not authorized."
4385
4393
msgstr ""
4386
4394
4387
#: serverguide/C/virtualization.xml:3262(title)
4395
#: serverguide/C/virtualization.xml:1406(title)
4388
4396
msgid "Cloning"
4389
4397
msgstr ""
4390
4398
4391
#: serverguide/C/virtualization.xml:1416(para)
4399
#: serverguide/C/virtualization.xml:1408(para)
4392
4400
msgid ""
4393
4401
"For rapid provisioning, you may wish to customize a canonical container "
4394
4402
"according to your needs and then make multiple copies of it. This can be "
4395
4403
"done with the <command>lxc-clone</command> program."
4396
4404
msgstr ""
4397
4405
4398
#: serverguide/C/virtualization.xml:1420(para)
4406
#: serverguide/C/virtualization.xml:1412(para)
4399
4407
msgid ""
4400
4408
"Clones are either snapshots or copies of another container. A copy is a new "
4401
4409
"container copied from the original, and takes as much space on the host as "
4411
4419
"and apt-get to be slower."
4412
4420
msgstr ""
4413
4421
4414
#: serverguide/C/virtualization.xml:1434(para)
4422
#: serverguide/C/virtualization.xml:1426(para)
4415
4423
msgid ""
4416
4424
"Snapshots of directory-packed containers are created using the overlay "
4417
4425
"filesystem. For instance, a privileged directory-backed container C1 will "
4423
4431
"container, and to only use its snapshots."
4424
4432
msgstr ""
4425
4433
4426
#: serverguide/C/virtualization.xml:1446(para)
4434
#: serverguide/C/virtualization.xml:1438(para)
4427
4435
msgid "Given an existing container called C1, a copy can be created using:"
4428
4436
msgstr ""
4429
4437
4430
#: serverguide/C/virtualization.xml:3274(command)
4438
#: serverguide/C/virtualization.xml:1442(command)
4431
4439
msgid "sudo lxc-clone -o C1 -n C2"
4432
4440
msgstr ""
4433
4441
4434
#: serverguide/C/virtualization.xml:1455(para)
4435
msgid "A snapshot can be created using"
4442
#: serverguide/C/virtualization.xml:1447(para)
4443
msgid "A snapshot can be created using:"
4436
4444
msgstr ""
4437
4445
4438
#: serverguide/C/virtualization.xml:3288(command)
4446
#: serverguide/C/virtualization.xml:1449(command)
4439
4447
msgid "sudo lxc-clone -s -o C1 -n C2"
4440
4448
msgstr ""
4441
4449
4442
#: serverguide/C/virtualization.xml:1461(para)
4450
#: serverguide/C/virtualization.xml:1453(para)
4443
4451
msgid "See the lxc-clone manpage for more information."
4444
4452
msgstr ""
4445
4453
4446
#: serverguide/C/virtualization.xml:1464(title)
4454
#: serverguide/C/virtualization.xml:1456(title)
4447
4455
msgid "Snapshots"
4448
4456
msgstr ""
4449
4457
4450
#: serverguide/C/virtualization.xml:1465(para)
4458
#: serverguide/C/virtualization.xml:1457(para)
4451
4459
msgid ""
4452
4460
"To more easily support the use of snapshot clones for iterative container "
4453
4461
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4465
4473
"is erased and replaced with the snap1 snapshot."
4466
4474
msgstr ""
4467
4475
4468
#: serverguide/C/virtualization.xml:1484(para)
4476
#: serverguide/C/virtualization.xml:1476(para)
4469
4477
msgid ""
4470
4478
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
4471
4479
"lxc-snapshot is called on a directory-backed container, an error will be "
4486
4494
"</screen>"
4487
4495
msgstr ""
4488
4496
4489
#: serverguide/C/virtualization.xml:1508(title)
4497
#: serverguide/C/virtualization.xml:1500(title)
4490
4498
msgid "Ephemeral Containers"
4491
4499
msgstr ""
4492
4500
4493
#: serverguide/C/virtualization.xml:1509(para)
4501
#: serverguide/C/virtualization.xml:1501(para)
4494
4502
msgid ""
4495
4503
"While snapshots are useful for longer-term incremental development of "
4496
4504
"images, ephemeral containers utilize snapshots for quick, single-use "
4505
4513
"page for more options."
4506
4514
msgstr ""
4507
4515
4508
#: serverguide/C/virtualization.xml:1527(title)
4516
#: serverguide/C/virtualization.xml:1519(title)
4509
4517
msgid "Lifecycle management hooks"
4510
4518
msgstr ""
4511
4519
4512
#: serverguide/C/virtualization.xml:1529(para)
4520
#: serverguide/C/virtualization.xml:1521(para)
4513
4521
msgid ""
4514
4522
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4515
4523
"at specific points in a container's lifetime:"
4516
4524
msgstr ""
4517
4525
4518
#: serverguide/C/virtualization.xml:1534(para)
4526
#: serverguide/C/virtualization.xml:1526(para)
4519
4527
msgid ""
4520
4528
"Pre-start hooks are run in the host's namespace before the container ttys, "
4521
4529
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4522
4530
"be cleaned up in the post-stop hook."
4523
4531
msgstr ""
4524
4532
4525
#: serverguide/C/virtualization.xml:1541(para)
4533
#: serverguide/C/virtualization.xml:1533(para)
4526
4534
msgid ""
4527
4535
"Pre-mount hooks are run in the container's namespaces, but before the root "
4528
4536
"filesystem has been mounted. Mounts done in this hook will be automatically "
4529
4537
"cleaned up when the container shuts down."
4530
4538
msgstr ""
4531
4539
4532
#: serverguide/C/virtualization.xml:1548(para)
4540
#: serverguide/C/virtualization.xml:1540(para)
4533
4541
msgid ""
4534
4542
"Mount hooks are run after the container filesystems have been mounted, but "
4535
4543
"before the container has called <command>pivot_root</command> to change its "
4536
4544
"root filesystem."
4537
4545
msgstr ""
4538
4546
4539
#: serverguide/C/virtualization.xml:1555(para)
4547
#: serverguide/C/virtualization.xml:1547(para)
4540
4548
msgid ""
4541
4549
"Start hooks are run immediately before executing the container's init. Since "
4542
4550
"these are executed after pivoting into the container's filesystem, the "
4543
4551
"command to be executed must be copied into the container's filesystem."
4544
4552
msgstr ""
4545
4553
4546
#: serverguide/C/virtualization.xml:1562(para)
4554
#: serverguide/C/virtualization.xml:1554(para)
4547
4555
msgid "Post-stop hooks are executed after the container has been shut down."
4548
4556
msgstr ""
4549
4557
4550
#: serverguide/C/virtualization.xml:1567(para)
4558
#: serverguide/C/virtualization.xml:1559(para)
4551
4559
msgid ""
4552
4560
"If any hook returns an error, the container's run will be aborted. Any "
4553
4561
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4554
4562
"generated by the script will be logged at the debug priority."
4555
4563
msgstr ""
4556
4564
4557
#: serverguide/C/virtualization.xml:1572(para)
4565
#: serverguide/C/virtualization.xml:1564(para)
4558
4566
msgid ""
4559
4567
"Please see the lxc.container.conf manual page for the configuration file "
4560
4568
"format with which to specify hooks. Some sample hooks are shipped with the "
4561
4569
"lxc package to serve as an example of how to write and use such hooks."
4562
4570
msgstr ""
4563
4571
4564
#: serverguide/C/virtualization.xml:3452(title)
4572
#: serverguide/C/virtualization.xml:1571(title)
4565
4573
msgid "Consoles"
4566
4574
msgstr ""
4567
4575
4568
#: serverguide/C/virtualization.xml:1581(para)
4576
#: serverguide/C/virtualization.xml:1573(para)
4569
4577
msgid ""
4570
4578
"Containers have a configurable number of consoles. One always exists on the "
4571
4579
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4576
4584
"The number of extra consoles is specified by the <command>lxc.tty</command> "
4577
4585
"variable, and is usually set to 4. Those consoles are shown on "
4578
4586
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
4579
"3 from the host, use"
4587
"3 from the host, use:"
4580
4588
msgstr ""
4581
4589
4582
#: serverguide/C/virtualization.xml:3467(command)
4590
#: serverguide/C/virtualization.xml:1586(command)
4583
4591
msgid "sudo lxc-console -n container -t 3"
4584
4592
msgstr ""
4585
4593
4586
#: serverguide/C/virtualization.xml:3472(para)
4594
#: serverguide/C/virtualization.xml:1591(para)
4587
4595
msgid ""
4588
4596
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4589
4597
"console will be automatically chosen. To exit the console, use the escape "
4592
4600
"d</emphasis> option."
4593
4601
msgstr ""
4594
4602
4595
#: serverguide/C/virtualization.xml:3480(para)
4603
#: serverguide/C/virtualization.xml:1597(para)
4596
4604
msgid ""
4597
4605
"Each container console is actually a Unix98 pty in the host's (not the "
4598
4606
"guest's) pty mount, bind-mounted over the guest's "
4605
4613
"<filename>/dev</filename>."
4606
4614
msgstr ""
4607
4615
4608
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4616
#: serverguide/C/virtualization.xml:1609(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4609
4617
msgid "Troubleshooting"
4610
4618
msgstr ""
4611
4619
4612
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4620
#: serverguide/C/virtualization.xml:1611(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
4613
4621
msgid "Logging"
4614
4622
msgstr ""
4615
4623
4616
#: serverguide/C/virtualization.xml:1620(para)
4624
#: serverguide/C/virtualization.xml:1612(para)
4617
4625
msgid ""
4618
4626
"If something goes wrong when starting a container, the first step should be "
4619
4627
"to get full logging from LXC: <screen>\n"
4626
4634
"new log information will be appended."
4627
4635
msgstr ""
4628
4636
4629
#: serverguide/C/virtualization.xml:3414(title)
4637
#: serverguide/C/virtualization.xml:1627(title)
4630
4638
msgid "Monitoring container status"
4631
4639
msgstr ""
4632
4640
4633
#: serverguide/C/virtualization.xml:3416(para)
4641
#: serverguide/C/virtualization.xml:1629(para)
4634
4642
msgid ""
4635
4643
"Two commands are available to monitor container state changes. <command>lxc-"
4636
4644
"monitor</command> monitors one or more containers for any state changes. It "
4642
4650
"instance,"
4643
4651
msgstr ""
4644
4652
4645
#: serverguide/C/virtualization.xml:3429(command)
4653
#: serverguide/C/virtualization.xml:1639(command)
4646
4654
msgid "sudo lxc-monitor -n cont[0-5]*"
4647
4655
msgstr ""
4648
4656
4649
#: serverguide/C/virtualization.xml:3434(para)
4657
#: serverguide/C/virtualization.xml:1644(para)
4650
4658
msgid ""
4651
4659
"would print all state changes to any containers matching the listed regular "
4652
4660
"expression, whereas"
4653
4661
msgstr ""
4654
4662
4655
#: serverguide/C/virtualization.xml:3440(command)
4663
#: serverguide/C/virtualization.xml:1648(command)
4656
4664
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4657
4665
msgstr ""
4658
4666
4659
#: serverguide/C/virtualization.xml:3445(para)
4667
#: serverguide/C/virtualization.xml:1653(para)
4660
4668
msgid ""
4661
4669
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4662
4670
"then exit."
4663
4671
msgstr ""
4664
4672
4665
#: serverguide/C/virtualization.xml:1666(title)
4673
#: serverguide/C/virtualization.xml:1658(title)
4666
4674
msgid "Attach"
4667
4675
msgstr ""
4668
4676
4669
#: serverguide/C/virtualization.xml:1667(para)
4677
#: serverguide/C/virtualization.xml:1659(para)
4670
4678
msgid ""
4671
4679
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
4672
4680
"The simplest case is to simply do <screen>\n"
4679
4687
"context. See the manual page for more information."
4680
4688
msgstr ""
4681
4689
4682
#: serverguide/C/virtualization.xml:1683(title)
4690
#: serverguide/C/virtualization.xml:1675(title)
4683
4691
msgid "Container init verbosity"
4684
4692
msgstr ""
4685
4693
4686
#: serverguide/C/virtualization.xml:1684(para)
4694
#: serverguide/C/virtualization.xml:1676(para)
4687
4695
msgid ""
4688
4696
"If LXC completes the container startup, but the container init fails to "
4689
4697
"complete (for instance, no login prompt is shown), it can be useful to "
4702
4710
"</screen>"
4703
4711
msgstr ""
4704
4712
4705
#: serverguide/C/virtualization.xml:1708(title)
4713
#: serverguide/C/virtualization.xml:1700(title)
4706
4714
msgid "LXC API"
4707
4715
msgstr ""
4708
4716
4709
#: serverguide/C/virtualization.xml:1710(para)
4717
#: serverguide/C/virtualization.xml:1702(para)
4710
4718
msgid ""
4711
4719
"Most of the LXC functionality can now be accessed through an API exported by "
4712
4720
"<filename>liblxc</filename> for which bindings are available in several "
4713
4721
"languages, including Python, lua, ruby, and go."
4714
4722
msgstr ""
4715
4723
4716
#: serverguide/C/virtualization.xml:1714(para)
4724
#: serverguide/C/virtualization.xml:1706(para)
4717
4725
msgid ""
4718
4726
"Below is an example using the python bindings (which are available in the "
4719
4727
"<application>python3-lxc</application> package) which creates and starts a "
4720
4728
"container, then waits until it has been shut down:"
4721
4729
msgstr ""
4722
4730
4723
#: serverguide/C/virtualization.xml:1720(programlisting)
4731
#: serverguide/C/virtualization.xml:1712(programlisting)
4724
4732
#, no-wrap
4725
4733
msgid ""
4726
4734
"\n"
4742
4750
"True\n"
4743
4751
msgstr ""
4744
4752
4745
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4753
#: serverguide/C/virtualization.xml:1732(title) serverguide/C/security.xml:11(title)
4746
4754
msgid "Security"
4747
4755
msgstr ""
4748
4756
4749
#: serverguide/C/virtualization.xml:4351(para)
4757
#: serverguide/C/virtualization.xml:1734(para)
4750
4758
msgid ""
4751
4759
"A namespace maps ids to resources. By not providing a container any id with "
4752
4760
"which to reference a resource, the resource can be protected. This is the "
4757
4765
"host."
4758
4766
msgstr ""
4759
4767
4760
#: serverguide/C/virtualization.xml:1751(para)
4768
#: serverguide/C/virtualization.xml:1743(para)
4761
4769
msgid ""
4762
4770
"By default, LXC containers are started under a Apparmor policy to restrict "
4763
4771
"some actions. The details of AppArmor integration with lxc are in section "
4768
4776
"host."
4769
4777
msgstr ""
4770
4778
4771
#: serverguide/C/virtualization.xml:4375(title)
4779
#: serverguide/C/virtualization.xml:1754(title)
4772
4780
msgid "Exploitable system calls"
4773
4781
msgstr ""
4774
4782
4775
#: serverguide/C/virtualization.xml:1764(para)
4783
#: serverguide/C/virtualization.xml:1756(para)
4776
4784
msgid ""
4777
4785
"It is a core container feature that containers share a kernel with the host. "
4778
4786
"Therefore if the kernel contains any exploitable system calls the container "
4780
4788
"fully control any resource known to the host."
4781
4789
msgstr ""
4782
4790
4783
#: serverguide/C/virtualization.xml:1770(para)
4791
#: serverguide/C/virtualization.xml:1762(para)
4784
4792
msgid ""
4785
4793
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
4786
4794
"seccomp filter. Seccomp is a new kernel feature which filters the system "
4792
4800
"by a list of numbers, one per line."
4793
4801
msgstr ""
4794
4802
4795
#: serverguide/C/virtualization.xml:1780(para)
4803
#: serverguide/C/virtualization.xml:1772(para)
4796
4804
msgid ""
4797
4805
"In general to run a full distribution container a large number of system "
4798
4806
"calls will be needed. However for application containers it may be possible "
4804
4812
"loaded."
4805
4813
msgstr ""
4806
4814
4807
#: serverguide/C/virtualization.xml:4392(para)
4815
#: serverguide/C/virtualization.xml:1788(para)
4808
4816
msgid ""
4809
4817
"The DeveloperWorks article <ulink "
4810
4818
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4812
4820
"to the use of containers."
4813
4821
msgstr ""
4814
4822
4815
#: serverguide/C/virtualization.xml:4398(para)
4823
#: serverguide/C/virtualization.xml:1795(para)
4816
4824
msgid ""
4817
4825
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4818
4826
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4819
4827
"use of security modules to make containers more secure."
4820
4828
msgstr ""
4821
4829
4822
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4830
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4823
4831
msgid "Manual pages referenced above can be found at:"
4824
4832
msgstr ""
4825
4833
4826
#: serverguide/C/virtualization.xml:4407(ulink)
4834
#: serverguide/C/virtualization.xml:1804(ulink)
4827
4835
msgid "capabilities"
4828
4836
msgstr ""
4829
4837
4830
#: serverguide/C/virtualization.xml:4408(ulink)
4838
#: serverguide/C/virtualization.xml:1805(ulink)
4831
4839
msgid "lxc.conf"
4832
4840
msgstr ""
4833
4841
4834
#: serverguide/C/virtualization.xml:1818(para)
4842
#: serverguide/C/virtualization.xml:1810(para)
4835
4843
msgid ""
4836
4844
"The upstream LXC project is hosted at <ulink "
4837
4845
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4838
4846
msgstr ""
4839
4847
4840
#: serverguide/C/virtualization.xml:4420(para)
4848
#: serverguide/C/virtualization.xml:1815(para)
4841
4849
msgid ""
4842
4850
"LXC security issues are listed and discussed at <ulink "
4843
4851
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4844
4852
msgstr ""
4845
4853
4846
#: serverguide/C/virtualization.xml:1829(para)
4854
#: serverguide/C/virtualization.xml:1821(para)
4847
4855
msgid ""
4848
4856
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4849
4857
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4864
4872
"to manage information that changes often, there is room for version control."
4865
4873
msgstr ""
4866
4874
4867
#: serverguide/C/vcs.xml:15(title)
4875
#: serverguide/C/vcs.xml:22(title)
4868
4876
msgid "Bazaar"
4869
4877
msgstr ""
4870
4878
4871
#: serverguide/C/vcs.xml:16(para)
4879
#: serverguide/C/vcs.xml:23(para)
4872
4880
msgid ""
4873
4881
"Bazaar is a new version control system sponsored by Canonical, the "
4874
4882
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
4878
4886
"maximize the level of community participation in open source projects."
4879
4887
msgstr ""
4880
4888
4881
#: serverguide/C/vcs.xml:27(para)
4889
#: serverguide/C/vcs.xml:34(para)
4882
4890
msgid ""
4883
4891
"At a terminal prompt, enter the following command to install "
4884
4892
"<application>bzr</application>: <screen>\n"
4886
4894
"</screen>"
4887
4895
msgstr ""
4888
4896
4889
#: serverguide/C/vcs.xml:38(para)
4897
#: serverguide/C/vcs.xml:45(para)
4890
4898
msgid ""
4891
4899
"To introduce yourself to <application>bzr</application>, use the "
4892
4900
"<emphasis>whoami</emphasis> command like this: <screen>\n"
4894
4902
"</screen>"
4895
4903
msgstr ""
4896
4904
4897
#: serverguide/C/vcs.xml:47(title)
4905
#: serverguide/C/vcs.xml:54(title)
4898
4906
msgid "Learning Bazaar"
4899
4907
msgstr ""
4900
4908
4901
#: serverguide/C/vcs.xml:48(para)
4909
#: serverguide/C/vcs.xml:55(para)
4902
4910
msgid ""
4903
4911
"Bazaar comes with bundled documentation installed into "
4904
4912
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
4908
4916
"</screen>"
4909
4917
msgstr ""
4910
4918
4911
#: serverguide/C/vcs.xml:58(para)
4919
#: serverguide/C/vcs.xml:65(para)
4912
4920
msgid ""
4913
4921
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
4914
4922
"<command>$ bzr help foo</command>\n"
4915
4923
"</screen>"
4916
4924
msgstr ""
4917
4925
4918
#: serverguide/C/vcs.xml:66(title)
4926
#: serverguide/C/vcs.xml:73(title)
4919
4927
msgid "Launchpad Integration"
4920
4928
msgstr ""
4921
4929
4922
#: serverguide/C/vcs.xml:67(para)
4930
#: serverguide/C/vcs.xml:74(para)
4923
4931
msgid ""
4924
4932
"While highly useful as a stand-alone system, Bazaar has good, optional "
4925
4933
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
4930
4938
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
4931
4939
msgstr ""
4932
4940
4933
#: serverguide/C/vcs.xml:80(title)
4941
#: serverguide/C/vcs.xml:87(title)
4934
4942
msgid "Git"
4935
4943
msgstr ""
4936
4944
4937
#: serverguide/C/vcs.xml:82(para)
4945
#: serverguide/C/vcs.xml:89(para)
4938
4946
msgid ""
4939
4947
"Git is an open source distributed version control system originally "
4940
4948
"developped by Linus Torvalds to support the development of the linux kernel. "
4943
4951
"access or a central server."
4944
4952
msgstr ""
4945
4953
4946
#: serverguide/C/vcs.xml:88(para)
4954
#: serverguide/C/vcs.xml:95(para)
4947
4955
msgid ""
4948
4956
"The <application>git</application> version control system is installed with "
4949
4957
"the following command"
4950
4958
msgstr ""
4951
4959
4952
#: serverguide/C/vcs.xml:92(command)
4960
#: serverguide/C/vcs.xml:99(command)
4953
4961
msgid "sudo apt-get install git"
4954
4962
msgstr ""
4955
4963
4956
#: serverguide/C/vcs.xml:97(para)
4964
#: serverguide/C/vcs.xml:104(para)
4957
4965
msgid ""
4958
4966
"Every git user should first introduce himself to git, by running these two "
4959
4967
"commands:"
4960
4968
msgstr ""
4961
4969
4962
#: serverguide/C/vcs.xml:99(command)
4970
#: serverguide/C/vcs.xml:106(command)
4963
4971
msgid "git config --global user.email \"you@example.com\""
4964
4972
msgstr ""
4965
4973
4966
#: serverguide/C/vcs.xml:100(command)
4974
#: serverguide/C/vcs.xml:107(command)
4967
4975
msgid "git config --global user.name \"Your Name\""
4968
4976
msgstr ""
4969
4977
4970
#: serverguide/C/vcs.xml:105(para)
4978
#: serverguide/C/vcs.xml:112(para)
4971
4979
msgid ""
4972
4980
"The above is already sufficient to use git in a distributed and secure way, "
4973
4981
"provided users have access to the machine assuming the server role via SSH. "
4974
"On the server machine, creating a new repository can be done with"
4982
"On the server machine, creating a new repository can be done with:"
4975
4983
msgstr ""
4976
4984
4977
#: serverguide/C/vcs.xml:108(command)
4985
#: serverguide/C/vcs.xml:119(command)
4978
4986
msgid "git init --bare /path/to/repository"
4979
4987
msgstr ""
4980
4988
4981
#: serverguide/C/vcs.xml:110(para)
4989
#: serverguide/C/vcs.xml:121(para)
4982
4990
msgid ""
4983
4991
"This creates a bare repository, that cannot be used to edit files directly. "
4984
4992
"If you would rather have a working copy of the contents of the repository on "
4985
4993
"the server, ommit the <emphasis>--bare</emphasis> option."
4986
4994
msgstr ""
4987
4995
4988
#: serverguide/C/vcs.xml:111(para)
4996
#: serverguide/C/vcs.xml:122(para)
4989
4997
msgid ""
4990
"Any client with ssh access to the machine can from then on clone the "
4991
"repository with"
4998
"Any client with SSH access to the machine can then clone the repository with:"
4992
4999
msgstr ""
4993
5000
4994
#: serverguide/C/vcs.xml:113(command)
5001
#: serverguide/C/vcs.xml:127(command)
4995
5002
msgid "git clone username@hostname:/path/to/repository"
4996
5003
msgstr ""
4997
5004
4998
#: serverguide/C/vcs.xml:115(para)
5005
#: serverguide/C/vcs.xml:129(para)
4999
5006
msgid ""
5000
5007
"Once cloned to the client's machine, the client can edit files, then commit "
5001
5008
"and share them with:"
5002
5009
msgstr ""
5003
5010
5004
#: serverguide/C/vcs.xml:119(command)
5011
#: serverguide/C/vcs.xml:133(command)
5005
5012
msgid "cd /path/to/repository"
5006
5013
msgstr ""
5007
5014
5008
#: serverguide/C/vcs.xml:120(command)
5015
#: serverguide/C/vcs.xml:134(command)
5009
5016
msgid "#(edit some files"
5010
5017
msgstr ""
5011
5018
5012
#: serverguide/C/vcs.xml:121(command)
5019
#: serverguide/C/vcs.xml:135(command)
5013
5020
msgid ""
5014
5021
"git commit -a # Commit all changes to the local version of the repository"
5015
5022
msgstr ""
5016
5023
5017
#: serverguide/C/vcs.xml:122(command)
5024
#: serverguide/C/vcs.xml:136(command)
5018
5025
msgid ""
5019
5026
"git push origin master # Push changes to the server's version of the "
5020
5027
"repository"
5021
5028
msgstr ""
5022
5029
5023
#: serverguide/C/vcs.xml:127(title)
5030
#: serverguide/C/vcs.xml:141(title)
5024
5031
msgid "Installing a gitolite server"
5025
5032
msgstr ""
5026
5033
5027
#: serverguide/C/vcs.xml:128(para)
5034
#: serverguide/C/vcs.xml:142(para)
5028
5035
msgid ""
5029
5036
"While the above is sufficient to create, clone and edit repositories, users "
5030
5037
"wanting to install git on a server will most likely want to have git work "
5033
5040
"<application>gitolite</application> with the following command:"
5034
5041
msgstr ""
5035
5042
5036
#: serverguide/C/vcs.xml:134(command)
5043
#: serverguide/C/vcs.xml:148(command)
5037
5044
msgid "sudo apt-get install gitolite"
5038
5045
msgstr ""
5039
5046
5040
#: serverguide/C/vcs.xml:139(title)
5047
#: serverguide/C/vcs.xml:153(title)
5041
5048
msgid "Gitolite configuration"
5042
5049
msgstr ""
5043
5050
5044
#: serverguide/C/vcs.xml:140(para)
5051
#: serverguide/C/vcs.xml:154(para)
5045
5052
msgid ""
5046
5053
"Configuration of the <application>gitolite</application> server is a little "
5047
5054
"different that most other servers on Unix-like systems. Instead of the "
5050
5057
"therefore to allow access to the configuration repository."
5051
5058
msgstr ""
5052
5059
5053
#: serverguide/C/vcs.xml:145(para)
5060
#: serverguide/C/vcs.xml:159(para)
5054
5061
msgid "First of all, let's create a user for gitolite to be accessed as."
5055
5062
msgstr ""
5056
5063
5057
#: serverguide/C/vcs.xml:149(command)
5064
#: serverguide/C/vcs.xml:163(command)
5058
5065
msgid ""
5059
5066
"sudo adduser --system --shell /bin/bash --group --disabled-password --home "
5060
5067
"/home/git git"
5061
5068
msgstr ""
5062
5069
5063
#: serverguide/C/vcs.xml:151(para)
5070
#: serverguide/C/vcs.xml:165(para)
5064
5071
msgid ""
5065
5072
"Now we want to let gitolite know about the repository administrator's public "
5066
5073
"SSH key. This assumes that the current user is the repository administrator. "
5068
5075
"keys\"/>"
5069
5076
msgstr ""
5070
5077
5071
#: serverguide/C/vcs.xml:156(command)
5078
#: serverguide/C/vcs.xml:170(command)
5072
5079
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5073
5080
msgstr ""
5074
5081
5075
#: serverguide/C/vcs.xml:158(para)
5082
#: serverguide/C/vcs.xml:172(para)
5076
5083
msgid ""
5077
5084
"Let's switch to the git user and import the administrator's key into "
5078
5085
"gitolite."
5079
5086
msgstr ""
5080
5087
5081
#: serverguide/C/vcs.xml:162(command)
5088
#: serverguide/C/vcs.xml:176(command)
5082
5089
msgid "sudo su - git"
5083
5090
msgstr ""
5084
5091
5085
#: serverguide/C/vcs.xml:163(command)
5092
#: serverguide/C/vcs.xml:177(command)
5086
5093
msgid "gl-setup /tmp/*.pub"
5087
5094
msgstr ""
5088
5095
5089
#: serverguide/C/vcs.xml:165(para)
5096
#: serverguide/C/vcs.xml:179(para)
5090
5097
msgid ""
5091
5098
"Gitolite will allow you to make initial changes to its configuration file "
5092
5099
"during the setup process. You can now clone and modify the gitolite "
5095
5102
"configuration repository:"
5096
5103
msgstr ""
5097
5104
5098
#: serverguide/C/vcs.xml:169(command)
5105
#: serverguide/C/vcs.xml:183(command)
5099
5106
msgid "exit"
5100
5107
msgstr ""
5101
5108
5102
#: serverguide/C/vcs.xml:170(command)
5109
#: serverguide/C/vcs.xml:184(command)
5103
5110
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5104
5111
msgstr ""
5105
5112
5106
#: serverguide/C/vcs.xml:171(command)
5113
#: serverguide/C/vcs.xml:185(command)
5107
5114
msgid "cd gitolite-admin"
5108
5115
msgstr ""
5109
5116
5110
#: serverguide/C/vcs.xml:173(para)
5117
#: serverguide/C/vcs.xml:187(para)
5111
5118
msgid ""
5112
5119
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5113
5120
"configuration files are in the conf dir, and the keydir directory contains "
5114
5121
"the list of user's public SSH keys."
5115
5122
msgstr ""
5116
5123
5117
#: serverguide/C/vcs.xml:176(title)
5124
#: serverguide/C/vcs.xml:190(title)
5118
5125
msgid "Managing gitolite users and repositories"
5119
5126
msgstr ""
5120
5127
5121
#: serverguide/C/vcs.xml:177(para)
5128
#: serverguide/C/vcs.xml:191(para)
5122
5129
msgid ""
5123
5130
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5124
5131
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5129
5136
"server with"
5130
5137
msgstr ""
5131
5138
5132
#: serverguide/C/vcs.xml:179(command)
5139
#: serverguide/C/vcs.xml:193(command)
5133
5140
msgid "git commit -a"
5134
5141
msgstr ""
5135
5142
5136
#: serverguide/C/vcs.xml:180(command)
5143
#: serverguide/C/vcs.xml:194(command)
5137
5144
msgid "git push origin master"
5138
5145
msgstr ""
5139
5146
5140
#: serverguide/C/vcs.xml:182(para)
5147
#: serverguide/C/vcs.xml:196(para)
5141
5148
msgid ""
5142
5149
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5143
5150
"is space separated, and simply specifies the list of repositories followed "
5144
5151
"by some access rules. The following is a default example"
5145
5152
msgstr ""
5146
5153
5147
#: serverguide/C/vcs.xml:183(programlisting)
5154
#: serverguide/C/vcs.xml:197(programlisting)
5148
5155
#, no-wrap
5149
5156
msgid ""
5150
5157
"\n"
5158
5165
" R = denise\n"
5159
5166
msgstr ""
5160
5167
5161
#: serverguide/C/vcs.xml:195(title)
5168
#: serverguide/C/vcs.xml:209(title)
5162
5169
msgid "Using your server"
5163
5170
msgstr ""
5164
5171
5165
#: serverguide/C/vcs.xml:196(para)
5172
#: serverguide/C/vcs.xml:210(para)
5166
5173
msgid ""
5167
5174
"To use the newly created server, users have to have the gitolite admin "
5168
5175
"import their public key into the gitolite configuration repository, they can "
5169
5176
"then access any project they have access to with the following command:"
5170
5177
msgstr ""
5171
5178
5172
#: serverguide/C/vcs.xml:198(command)
5179
#: serverguide/C/vcs.xml:212(command)
5173
5180
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5174
5181
msgstr ""
5175
5182
5176
#: serverguide/C/vcs.xml:200(para)
5183
#: serverguide/C/vcs.xml:214(para)
5177
5184
msgid ""
5178
5185
"Or add the server's project as a remote for an existing git repository:"
5179
5186
msgstr ""
5180
5187
5181
#: serverguide/C/vcs.xml:202(command)
5188
#: serverguide/C/vcs.xml:216(command)
5182
5189
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5183
5190
msgstr ""
5184
5191
5185
#: serverguide/C/vcs.xml:79(title)
5192
#: serverguide/C/vcs.xml:221(title)
5186
5193
msgid "Subversion"
5187
5194
msgstr ""
5188
5195
5189
#: serverguide/C/vcs.xml:80(para)
5196
#: serverguide/C/vcs.xml:222(para)
5190
5197
msgid ""
5191
5198
"Subversion is an open source version control system. Using Subversion, you "
5192
5199
"can record the history of source files and documents. It manages files and "
5195
5202
"remembers every change ever made to files and directories."
5196
5203
msgstr ""
5197
5204
5198
#: serverguide/C/vcs.xml:85(para)
5205
#: serverguide/C/vcs.xml:227(para)
5199
5206
msgid ""
5200
5207
"To access Subversion repository using the HTTP protocol, you must install "
5201
5208
"and configure a web server. Apache2 is proven to work with Subversion. "
5206
5213
"section to install and configure the digital certificate."
5207
5214
msgstr ""
5208
5215
5209
#: serverguide/C/vcs.xml:94(para)
5216
#: serverguide/C/vcs.xml:236(para)
5210
5217
msgid ""
5211
5218
"To install Subversion, run the following command from a terminal prompt:"
5212
5219
msgstr ""
5213
5220
5214
#: serverguide/C/vcs.xml:227(command)
5221
#: serverguide/C/vcs.xml:241(command)
5215
5222
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5216
5223
msgstr ""
5217
5224
5218
#: serverguide/C/vcs.xml:105(title)
5225
#: serverguide/C/vcs.xml:247(title)
5219
5226
msgid "Server Configuration"
5220
5227
msgstr ""
5221
5228
5222
#: serverguide/C/vcs.xml:106(para)
5229
#: serverguide/C/vcs.xml:248(para)
5223
5230
msgid ""
5224
5231
"This step assumes you have installed above mentioned packages on your "
5225
5232
"system. This section explains how to create a Subversion repository and "
5226
5233
"access the project."
5227
5234
msgstr ""
5228
5235
5229
#: serverguide/C/vcs.xml:109(title)
5236
#: serverguide/C/vcs.xml:251(title)
5230
5237
msgid "Create Subversion Repository"
5231
5238
msgstr ""
5232
5239
5233
#: serverguide/C/vcs.xml:110(para)
5240
#: serverguide/C/vcs.xml:252(para)
5234
5241
msgid ""
5235
5242
"The Subversion repository can be created using the following command from a "
5236
5243
"terminal prompt:"
5237
5244
msgstr ""
5238
5245
5239
#: serverguide/C/vcs.xml:114(command)
5246
#: serverguide/C/vcs.xml:256(command)
5240
5247
msgid "svnadmin create /path/to/repos/project"
5241
5248
msgstr ""
5242
5249
5243
#: serverguide/C/vcs.xml:119(title)
5250
#: serverguide/C/vcs.xml:261(title)
5244
5251
msgid "Importing Files"
5245
5252
msgstr ""
5246
5253
5247
#: serverguide/C/vcs.xml:120(para)
5254
#: serverguide/C/vcs.xml:262(para)
5248
5255
msgid ""
5249
5256
"Once you create the repository you can <emphasis>import</emphasis> files "
5250
5257
"into the repository. To import a directory, enter the following from a "
5254
5261
"</screen>"
5255
5262
msgstr ""
5256
5263
5257
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5264
#: serverguide/C/vcs.xml:274(title) serverguide/C/vcs.xml:279(title)
5258
5265
msgid "Access Methods"
5259
5266
msgstr ""
5260
5267
5261
#: serverguide/C/vcs.xml:133(para)
5268
#: serverguide/C/vcs.xml:275(para)
5262
5269
msgid ""
5263
5270
"Subversion repositories can be accessed (checked out) through many different "
5264
5271
"methods --on local disk, or through various network protocols. A repository "
5266
5273
"schemes map to the available access methods."
5267
5274
msgstr ""
5268
5275
5269
#: serverguide/C/vcs.xml:144(para)
5276
#: serverguide/C/vcs.xml:286(para)
5270
5277
msgid "Schema"
5271
5278
msgstr ""
5272
5279
5273
#: serverguide/C/vcs.xml:145(para)
5280
#: serverguide/C/vcs.xml:287(para)
5274
5281
msgid "Access Method"
5275
5282
msgstr ""
5276
5283
5277
#: serverguide/C/vcs.xml:150(para)
5284
#: serverguide/C/vcs.xml:292(para)
5278
5285
msgid "file://"
5279
5286
msgstr ""
5280
5287
5281
#: serverguide/C/vcs.xml:151(para)
5288
#: serverguide/C/vcs.xml:293(para)
5282
5289
msgid "direct repository access (on local disk)"
5283
5290
msgstr ""
5284
5291
5285
#: serverguide/C/vcs.xml:154(para)
5292
#: serverguide/C/vcs.xml:296(para)
5286
5293
msgid "http://"
5287
5294
msgstr ""
5288
5295
5289
#: serverguide/C/vcs.xml:155(para)
5296
#: serverguide/C/vcs.xml:297(para)
5290
5297
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5291
5298
msgstr ""
5292
5299
5293
#: serverguide/C/vcs.xml:158(para)
5300
#: serverguide/C/vcs.xml:300(para)
5294
5301
msgid "https://"
5295
5302
msgstr ""
5296
5303
5297
#: serverguide/C/vcs.xml:159(para)
5304
#: serverguide/C/vcs.xml:301(para)
5298
5305
msgid "Same as http://, but with SSL encryption"
5299
5306
msgstr ""
5300
5307
5301
#: serverguide/C/vcs.xml:162(para)
5308
#: serverguide/C/vcs.xml:304(para)
5302
5309
msgid "svn://"
5303
5310
msgstr ""
5304
5311
5305
#: serverguide/C/vcs.xml:163(para)
5312
#: serverguide/C/vcs.xml:305(para)
5306
5313
msgid "Access via custom protocol to an svnserve server"
5307
5314
msgstr ""
5308
5315
5309
#: serverguide/C/vcs.xml:166(para)
5316
#: serverguide/C/vcs.xml:308(para)
5310
5317
msgid "svn+ssh://"
5311
5318
msgstr ""
5312
5319
5313
#: serverguide/C/vcs.xml:167(para)
5320
#: serverguide/C/vcs.xml:309(para)
5314
5321
msgid "Same as svn://, but through an SSH tunnel"
5315
5322
msgstr ""
5316
5323
5317
#: serverguide/C/vcs.xml:173(para)
5324
#: serverguide/C/vcs.xml:315(para)
5318
5325
msgid ""
5319
5326
"In this section, we will see how to configure Subversion for all these "
5320
5327
"access methods. Here, we cover the basics. For more advanced usage details, "
5321
5328
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5322
5329
msgstr ""
5323
5330
5324
#: serverguide/C/vcs.xml:180(title)
5331
#: serverguide/C/vcs.xml:322(title)
5325
5332
msgid "Direct repository access (file://)"
5326
5333
msgstr ""
5327
5334
5328
#: serverguide/C/vcs.xml:181(para)
5335
#: serverguide/C/vcs.xml:323(para)
5329
5336
msgid ""
5330
5337
"This is the simplest of all access methods. It does not require any "
5331
5338
"Subversion server process to be running. This access method is used to "
5333
5340
"at a terminal prompt, is as follows:"
5334
5341
msgstr ""
5335
5342
5336
#: serverguide/C/vcs.xml:188(command)
5343
#: serverguide/C/vcs.xml:330(command)
5337
5344
msgid "svn co file:///path/to/repos/project"
5338
5345
msgstr ""
5339
5346
5340
#: serverguide/C/vcs.xml:191(para)
5347
#: serverguide/C/vcs.xml:333(para)
5341
5348
msgid "or"
5342
5349
msgstr ""
5343
5350
5344
#: serverguide/C/vcs.xml:194(command)
5351
#: serverguide/C/vcs.xml:336(command)
5345
5352
msgid "svn co file://localhost/path/to/repos/project"
5346
5353
msgstr ""
5347
5354
5348
#: serverguide/C/vcs.xml:198(para)
5355
#: serverguide/C/vcs.xml:340(para)
5349
5356
msgid ""
5350
5357
"If you do not specify the hostname, there are three forward slashes (///) -- "
5351
5358
"two for the protocol (file, in this case) plus the leading slash in the "
5352
5359
"path. If you specify the hostname, you must use two forward slashes (//)."
5353
5360
msgstr ""
5354
5361
5355
#: serverguide/C/vcs.xml:200(para)
5362
#: serverguide/C/vcs.xml:342(para)
5356
5363
msgid ""
5357
5364
"The repository permissions depend on filesystem permissions. If the user has "
5358
5365
"read/write permission, he can checkout from and commit to the repository."
5359
5366
msgstr ""
5360
5367
5361
#: serverguide/C/vcs.xml:203(title)
5368
#: serverguide/C/vcs.xml:345(title)
5362
5369
msgid "Access via WebDAV protocol (http://)"
5363
5370
msgstr ""
5364
5371
5365
#: serverguide/C/vcs.xml:332(para)
5372
#: serverguide/C/vcs.xml:346(para)
5366
5373
msgid ""
5367
5374
"To access the Subversion repository via WebDAV protocol, you must configure "
5368
5375
"your Apache 2 web server. Add the following snippet between the "
5372
5379
"another VirtualHost file:"
5373
5380
msgstr ""
5374
5381
5375
#: serverguide/C/vcs.xml:338(programlisting)
5382
#: serverguide/C/vcs.xml:352(programlisting)
5376
5383
#, no-wrap
5377
5384
msgid ""
5378
5385
"\n"
5386
5393
" </Location> \n"
5387
5394
msgstr ""
5388
5395
5389
#: serverguide/C/vcs.xml:349(para)
5396
#: serverguide/C/vcs.xml:363(para)
5390
5397
msgid ""
5391
5398
"The above configuration snippet assumes that Subversion repositories are "
5392
5399
"created under <filename>/path/to/repos</filename> directory using "
5395
5402
"<command>http://hostname/svn/repos_name</command> url."
5396
5403
msgstr ""
5397
5404
5398
#: serverguide/C/vcs.xml:355(para)
5405
#: serverguide/C/vcs.xml:369(para)
5399
5406
msgid ""
5400
5407
"Changing the apache configuration like the above requires to reload the "
5401
5408
"service with the following command"
5402
5409
msgstr ""
5403
5410
5404
#: serverguide/C/vcs.xml:360(command)
5411
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
5405
5412
msgid "sudo service apache2 reload"
5406
5413
msgstr ""
5407
5414
5408
#: serverguide/C/vcs.xml:362(para)
5415
#: serverguide/C/vcs.xml:376(para)
5409
5416
msgid ""
5410
5417
"To import or commit files to your Subversion repository over HTTP, the "
5411
5418
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5413
5420
"repository files enter the following command from terminal prompt:"
5414
5421
msgstr ""
5415
5422
5416
#: serverguide/C/vcs.xml:236(command)
5423
#: serverguide/C/vcs.xml:385(command)
5417
5424
msgid "sudo chown -R www-data:www-data /path/to/repos"
5418
5425
msgstr ""
5419
5426
5420
#: serverguide/C/vcs.xml:239(para)
5427
#: serverguide/C/vcs.xml:388(para)
5421
5428
msgid ""
5422
5429
"By changing the ownership of repository as <command>www-data</command> you "
5423
5430
"will not be able to import or commit files into the repository by running "
5425
5432
"<command>www-data</command>."
5426
5433
msgstr ""
5427
5434
5428
#: serverguide/C/vcs.xml:248(para)
5435
#: serverguide/C/vcs.xml:397(para)
5429
5436
msgid ""
5430
5437
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5431
5438
"that will contain user authentication details. To create a file issue the "
5433
5440
"the first user):"
5434
5441
msgstr ""
5435
5442
5436
#: serverguide/C/vcs.xml:254(command)
5443
#: serverguide/C/vcs.xml:403(command)
5437
5444
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5438
5445
msgstr ""
5439
5446
5440
#: serverguide/C/vcs.xml:257(para)
5447
#: serverguide/C/vcs.xml:406(para)
5441
5448
msgid ""
5442
5449
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5443
5450
"option replaces the old file. Instead use this form:"
5444
5451
msgstr ""
5445
5452
5446
#: serverguide/C/vcs.xml:262(command)
5453
#: serverguide/C/vcs.xml:411(command)
5447
5454
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5448
5455
msgstr ""
5449
5456
5450
#: serverguide/C/vcs.xml:266(para)
5457
#: serverguide/C/vcs.xml:415(para)
5451
5458
msgid ""
5452
5459
"This command will prompt you to enter the password. Once you enter the "
5453
5460
"password, the user is added. Now, to access the repository you can run the "
5454
5461
"following command:"
5455
5462
msgstr ""
5456
5463
5457
#: serverguide/C/vcs.xml:267(command)
5464
#: serverguide/C/vcs.xml:416(command)
5458
5465
msgid "svn co http://servername/svn"
5459
5466
msgstr ""
5460
5467
5461
#: serverguide/C/vcs.xml:269(para)
5468
#: serverguide/C/vcs.xml:418(para)
5462
5469
msgid ""
5463
5470
"The password is transmitted as plain text. If you are worried about password "
5464
5471
"snooping, you are advised to use SSL encryption. For details, please refer "
5465
5472
"next section."
5466
5473
msgstr ""
5467
5474
5468
#: serverguide/C/vcs.xml:275(title)
5475
#: serverguide/C/vcs.xml:424(title)
5469
5476
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5470
5477
msgstr ""
5471
5478
5472
#: serverguide/C/vcs.xml:411(para)
5479
#: serverguide/C/vcs.xml:425(para)
5473
5480
msgid ""
5474
5481
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5475
5482
"(https://) is similar to http:// except that you must install and configure "
5480
5487
"configuration\"/>."
5481
5488
msgstr ""
5482
5489
5483
#: serverguide/C/vcs.xml:285(para)
5490
#: serverguide/C/vcs.xml:434(para)
5484
5491
msgid ""
5485
5492
"You can install a digital certificate issued by a signing authority. "
5486
5493
"Alternatively, you can install your own self-signed certificate."
5487
5494
msgstr ""
5488
5495
5489
#: serverguide/C/vcs.xml:290(para)
5496
#: serverguide/C/vcs.xml:439(para)
5490
5497
msgid ""
5491
5498
"This step assumes you have installed and configured a digital certificate in "
5492
5499
"your Apache 2 web server. Now, to access the Subversion repository, please "
5494
5501
"the protocol. You must use https:// to access the Subversion repository."
5495
5502
msgstr ""
5496
5503
5497
#: serverguide/C/vcs.xml:300(title)
5504
#: serverguide/C/vcs.xml:449(title)
5498
5505
msgid "Access via custom protocol (svn://)"
5499
5506
msgstr ""
5500
5507
5501
#: serverguide/C/vcs.xml:301(para)
5508
#: serverguide/C/vcs.xml:450(para)
5502
5509
msgid ""
5503
5510
"Once the Subversion repository is created, you can configure the access "
5504
5511
"control. You can edit the <filename> "
5507
5514
"following lines in the configuration file:"
5508
5515
msgstr ""
5509
5516
5510
#: serverguide/C/vcs.xml:308(programlisting)
5517
#: serverguide/C/vcs.xml:457(programlisting)
5511
5518
#, no-wrap
5512
5519
msgid ""
5513
5520
"# [general]\n"
5514
5521
"# password-db = passwd"
5515
5522
msgstr ""
5516
5523
5517
#: serverguide/C/vcs.xml:311(para)
5524
#: serverguide/C/vcs.xml:460(para)
5518
5525
msgid ""
5519
5526
"After uncommenting the above lines, you can maintain the user list in the "
5520
5527
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5521
5528
"directory and add the new user. The syntax is as follows:"
5522
5529
msgstr ""
5523
5530
5524
#: serverguide/C/vcs.xml:317(programlisting)
5531
#: serverguide/C/vcs.xml:466(programlisting)
5525
5532
#, no-wrap
5526
5533
msgid "username = password"
5527
5534
msgstr ""
5528
5535
5529
#: serverguide/C/vcs.xml:318(para)
5536
#: serverguide/C/vcs.xml:467(para)
5530
5537
msgid "For more details, please refer to the file."
5531
5538
msgstr ""
5532
5539
5533
#: serverguide/C/vcs.xml:322(para)
5540
#: serverguide/C/vcs.xml:471(para)
5534
5541
msgid ""
5535
5542
"Now, to access Subversion via the svn:// custom protocol, either from the "
5536
5543
"same machine or a different machine, you can run svnserver using svnserve "
5537
5544
"command. The syntax is as follows:"
5538
5545
msgstr ""
5539
5546
5540
#: serverguide/C/vcs.xml:327(programlisting)
5547
#: serverguide/C/vcs.xml:476(programlisting)
5541
5548
#, no-wrap
5542
5549
msgid ""
5543
5550
"$ svnserve -d --foreground -r /path/to/repos\n"
5549
5556
"$ svnserve --help"
5550
5557
msgstr ""
5551
5558
5552
#: serverguide/C/vcs.xml:335(para)
5559
#: serverguide/C/vcs.xml:484(para)
5553
5560
msgid ""
5554
5561
"Once you run this command, Subversion starts listening on default port "
5555
5562
"(3690). To access the project repository, you must run the following command "
5556
5563
"from a terminal prompt:"
5557
5564
msgstr ""
5558
5565
5559
#: serverguide/C/vcs.xml:338(command)
5566
#: serverguide/C/vcs.xml:487(command)
5560
5567
msgid "svn co svn://hostname/project project --username user_name"
5561
5568
msgstr ""
5562
5569
5563
#: serverguide/C/vcs.xml:341(para)
5570
#: serverguide/C/vcs.xml:490(para)
5564
5571
msgid ""
5565
5572
"Based on server configuration, it prompts for password. Once you are "
5566
5573
"authenticated, it checks out the code from Subversion repository. To "
5569
5576
"a terminal prompt, is as follows:"
5570
5577
msgstr ""
5571
5578
5572
#: serverguide/C/vcs.xml:349(command)
5579
#: serverguide/C/vcs.xml:498(command)
5573
5580
msgid "cd project_dir ; svn update"
5574
5581
msgstr ""
5575
5582
5576
#: serverguide/C/vcs.xml:352(para)
5583
#: serverguide/C/vcs.xml:501(para)
5577
5584
msgid ""
5578
5585
"For more details about using each Subversion sub-command, you can refer to "
5579
5586
"the manual. For example, to learn more about the co (checkout) command, "
5580
5587
"please run the following command from a terminal prompt:"
5581
5588
msgstr ""
5582
5589
5583
#: serverguide/C/vcs.xml:356(command)
5590
#: serverguide/C/vcs.xml:505(command)
5584
5591
msgid "svn co help"
5585
5592
msgstr ""
5586
5593
5587
#: serverguide/C/vcs.xml:495(title)
5594
#: serverguide/C/vcs.xml:509(title)
5588
5595
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5589
5596
msgstr ""
5590
5597
5591
#: serverguide/C/vcs.xml:361(para)
5598
#: serverguide/C/vcs.xml:510(para)
5592
5599
msgid ""
5593
5600
"The configuration and server process is same as in the svn:// method. For "
5594
5601
"details, please refer to the above section. This step assumes you have "
5596
5603
"<application>svnserve</application> command."
5597
5604
msgstr ""
5598
5605
5599
#: serverguide/C/vcs.xml:367(para)
5606
#: serverguide/C/vcs.xml:516(para)
5600
5607
msgid ""
5601
5608
"It is also assumed that the ssh server is running on that machine and that "
5602
5609
"it is allowing incoming connections. To confirm, please try to login to that "
5604
5611
"login, please address it before continuing further."
5605
5612
msgstr ""
5606
5613
5607
#: serverguide/C/vcs.xml:373(para)
5614
#: serverguide/C/vcs.xml:522(para)
5608
5615
msgid ""
5609
5616
"The svn+ssh:// protocol is used to access the Subversion repository using "
5610
5617
"SSL encryption. The data transfer is encrypted using this method. To access "
5612
5619
"following command syntax:"
5613
5620
msgstr ""
5614
5621
5615
#: serverguide/C/vcs.xml:515(command)
5622
#: serverguide/C/vcs.xml:529(command)
5616
5623
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5617
5624
msgstr ""
5618
5625
5619
#: serverguide/C/vcs.xml:384(para)
5626
#: serverguide/C/vcs.xml:533(para)
5620
5627
msgid ""
5621
5628
"You must use the full path (/path/to/repos/project) to access the Subversion "
5622
5629
"repository using this access method."
5623
5630
msgstr ""
5624
5631
5625
#: serverguide/C/vcs.xml:387(para)
5632
#: serverguide/C/vcs.xml:536(para)
5626
5633
msgid ""
5627
5634
"Based on server configuration, it prompts for password. You must enter the "
5628
5635
"password you use to login via ssh. Once you are authenticated, it checks out "
5629
5636
"the code from the Subversion repository."
5630
5637
msgstr ""
5631
5638
5632
#: serverguide/C/vcs.xml:539(ulink)
5639
#: serverguide/C/vcs.xml:551(ulink)
5633
5640
msgid "Bazaar Home Page"
5634
5641
msgstr ""
5635
5642
5636
#: serverguide/C/vcs.xml:540(ulink)
5643
#: serverguide/C/vcs.xml:556(ulink)
5637
5644
msgid "Launchpad"
5638
5645
msgstr ""
5639
5646
5640
#: serverguide/C/vcs.xml:547(ulink)
5647
#: serverguide/C/vcs.xml:561(ulink)
5641
5648
msgid "Git homepage"
5642
5649
msgstr ""
5643
5650
5644
#: serverguide/C/vcs.xml:552(ulink)
5651
#: serverguide/C/vcs.xml:566(ulink)
5645
5652
msgid "Gitolite"
5646
5653
msgstr ""
5647
5654
5648
#: serverguide/C/vcs.xml:541(ulink)
5655
#: serverguide/C/vcs.xml:571(ulink)
5649
5656
msgid "Subversion Home Page"
5650
5657
msgstr ""
5651
5658
5652
#: serverguide/C/vcs.xml:542(ulink)
5659
#: serverguide/C/vcs.xml:576(ulink)
5653
5660
msgid "Subversion Book"
5654
5661
msgstr ""
5655
5662
5656
#: serverguide/C/vcs.xml:545(ulink)
5663
#: serverguide/C/vcs.xml:581(ulink)
5657
5664
msgid "Easy Bazaar Ubuntu Wiki page"
5658
5665
msgstr ""
5659
5666
5660
#: serverguide/C/vcs.xml:546(ulink)
5667
#: serverguide/C/vcs.xml:586(ulink)
5661
5668
msgid "Ubuntu Wiki Subversion page"
5662
5669
msgstr ""
5663
5670
5758
5765
"Security should always be considered when installing, deploying, and using "
5759
5766
"any type of computer system. Although a fresh installation of Ubuntu is "
5760
5767
"relatively safe for immediate use on the Internet, it is important to have a "
5761
"balanced understanding of your systems security posture based on how it will "
5762
"be used after deployment."
5768
"balanced understanding of your system's security posture based on how it "
5769
"will be used after deployment."
5763
5770
msgstr ""
5764
5771
5765
5772
#: serverguide/C/security.xml:15(para)
5766
5773
msgid ""
5767
"This chapter provides an overview of security related topics as they pertain "
5774
"This chapter provides an overview of security-related topics as they pertain "
5768
5775
"to Ubuntu 14.04 LTS Server Edition, and outlines simple measures you may use "
5769
5776
"to protect your server and network from any number of potential security "
5770
5777
"threats."
5818
5825
msgid "Configurations with root passwords are not supported."
5819
5826
msgstr ""
5820
5827
5821
#: serverguide/C/security.xml:37(command)
5828
#: serverguide/C/security.xml:42(command)
5822
5829
msgid "sudo passwd"
5823
5830
msgstr ""
5824
5831
5825
#: serverguide/C/security.xml:39(para)
5832
#: serverguide/C/security.xml:44(para)
5826
5833
msgid ""
5827
5834
"Sudo will prompt you for your password, and then ask you to supply a new "
5828
5835
"password for root as shown below:"
5829
5836
msgstr ""
5830
5837
5831
#: serverguide/C/security.xml:42(computeroutput)
5838
#: serverguide/C/security.xml:47(computeroutput)
5832
5839
#, no-wrap
5833
5840
msgid "[sudo] password for username:"
5834
5841
msgstr ""
5835
5842
5836
#: serverguide/C/security.xml:42(userinput)
5843
#: serverguide/C/security.xml:47(userinput)
5837
5844
#, no-wrap
5838
5845
msgid "(enter your own password)"
5839
5846
msgstr ""
5840
5847
5841
#: serverguide/C/security.xml:43(computeroutput)
5848
#: serverguide/C/security.xml:48(computeroutput)
5842
5849
#, no-wrap
5843
5850
msgid "Enter new UNIX password:"
5844
5851
msgstr ""
5845
5852
5846
#: serverguide/C/security.xml:43(userinput)
5853
#: serverguide/C/security.xml:48(userinput)
5847
5854
#, no-wrap
5848
5855
msgid "(enter a new password for root)"
5849
5856
msgstr ""
5850
5857
5851
#: serverguide/C/security.xml:44(computeroutput)
5858
#: serverguide/C/security.xml:49(computeroutput)
5852
5859
#, no-wrap
5853
5860
msgid "Retype new UNIX password:"
5854
5861
msgstr ""
5855
5862
5856
#: serverguide/C/security.xml:44(userinput)
5863
#: serverguide/C/security.xml:49(userinput)
5857
5864
#, no-wrap
5858
5865
msgid "(repeat new password for root)"
5859
5866
msgstr ""
5860
5867
5861
#: serverguide/C/security.xml:45(computeroutput)
5868
#: serverguide/C/security.xml:50(computeroutput)
5862
5869
#, no-wrap
5863
5870
msgid "passwd: password updated successfully"
5864
5871
msgstr ""
5868
5875
"To disable the root account password, use the following passwd syntax:"
5869
5876
msgstr ""
5870
5877
5871
#: serverguide/C/security.xml:53(command)
5878
#: serverguide/C/security.xml:58(command)
5872
5879
msgid "sudo passwd -l root"
5873
5880
msgstr ""
5874
5881
5881
5888
msgid "usermod --expiredate 1"
5882
5889
msgstr ""
5883
5890
5884
#: serverguide/C/security.xml:57(para)
5891
#: serverguide/C/security.xml:68(para)
5885
5892
msgid ""
5886
"You should read more on <application>Sudo</application> by checking out it's "
5887
"man page:"
5893
"You should read more on <application>Sudo</application> by reading the man "
5894
"page:"
5888
5895
msgstr ""
5889
5896
5890
#: serverguide/C/security.xml:61(command)
5897
#: serverguide/C/security.xml:72(command)
5891
5898
msgid "man sudo"
5892
5899
msgstr ""
5893
5900
5901
5908
"<emphasis>sudo</emphasis> group."
5902
5909
msgstr ""
5903
5910
5904
#: serverguide/C/security.xml:71(title)
5911
#: serverguide/C/security.xml:82(title)
5905
5912
msgid "Adding and Deleting Users"
5906
5913
msgstr ""
5907
5914
5908
#: serverguide/C/security.xml:72(para)
5915
#: serverguide/C/security.xml:83(para)
5909
5916
msgid ""
5910
"The process for managing local users and groups is straight forward and "
5917
"The process for managing local users and groups is straightforward and "
5911
5918
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5912
"other Debian based distributions, encourage the use of the \"adduser\" "
5919
"other Debian based distributions encourage the use of the \"adduser\" "
5913
5920
"package for account management."
5914
5921
msgstr ""
5915
5922
5916
#: serverguide/C/security.xml:77(para)
5923
#: serverguide/C/security.xml:88(para)
5917
5924
msgid ""
5918
5925
"To add a user account, use the following syntax, and follow the prompts to "
5919
"give the account a password and identifiable characteristics such as a full "
5926
"give the account a password and identifiable characteristics, such as a full "
5920
5927
"name, phone number, etc."
5921
5928
msgstr ""
5922
5929
5923
#: serverguide/C/security.xml:81(command)
5930
#: serverguide/C/security.xml:92(command)
5924
5931
msgid "sudo adduser username"
5925
5932
msgstr ""
5926
5933
5927
#: serverguide/C/security.xml:85(para)
5934
#: serverguide/C/security.xml:96(para)
5928
5935
msgid ""
5929
5936
"To delete a user account and its primary group, use the following syntax:"
5930
5937
msgstr ""
5931
5938
5932
#: serverguide/C/security.xml:89(command)
5939
#: serverguide/C/security.xml:100(command)
5933
5940
msgid "sudo deluser username"
5934
5941
msgstr ""
5935
5942
5936
#: serverguide/C/security.xml:91(para)
5943
#: serverguide/C/security.xml:102(para)
5937
5944
msgid ""
5938
5945
"Deleting an account does not remove their respective home folder. It is up "
5939
5946
"to you whether or not you wish to delete the folder manually or keep it "
5940
5947
"according to your desired retention policies."
5941
5948
msgstr ""
5942
5949
5943
#: serverguide/C/security.xml:94(para)
5950
#: serverguide/C/security.xml:105(para)
5944
5951
msgid ""
5945
5952
"Remember, any user added later on with the same UID/GID as the previous "
5946
5953
"owner will now have access to this folder if you have not taken the "
5947
5954
"necessary precautions."
5948
5955
msgstr ""
5949
5956
5950
#: serverguide/C/security.xml:97(para)
5957
#: serverguide/C/security.xml:108(para)
5951
5958
msgid ""
5952
5959
"You may want to change these UID/GID values to something more appropriate, "
5953
5960
"such as the root account, and perhaps even relocate the folder to avoid "
5954
5961
"future conflicts:"
5955
5962
msgstr ""
5956
5963
5957
#: serverguide/C/security.xml:101(command)
5964
#: serverguide/C/security.xml:112(command)
5958
5965
msgid "sudo chown -R root:root /home/username/"
5959
5966
msgstr ""
5960
5967
5961
#: serverguide/C/security.xml:102(command)
5968
#: serverguide/C/security.xml:113(command)
5962
5969
msgid "sudo mkdir /home/archived_users/"
5963
5970
msgstr ""
5964
5971
5965
#: serverguide/C/security.xml:103(command)
5972
#: serverguide/C/security.xml:114(command)
5966
5973
msgid "sudo mv /home/username /home/archived_users/"
5967
5974
msgstr ""
5968
5975
5969
#: serverguide/C/security.xml:107(para)
5976
#: serverguide/C/security.xml:118(para)
5970
5977
msgid ""
5971
5978
"To temporarily lock or unlock a user account, use the following syntax, "
5972
5979
"respectively:"
5973
5980
msgstr ""
5974
5981
5975
#: serverguide/C/security.xml:111(command)
5982
#: serverguide/C/security.xml:122(command)
5976
5983
msgid "sudo passwd -l username"
5977
5984
msgstr ""
5978
5985
5979
#: serverguide/C/security.xml:112(command)
5986
#: serverguide/C/security.xml:123(command)
5980
5987
msgid "sudo passwd -u username"
5981
5988
msgstr ""
5982
5989
5983
#: serverguide/C/security.xml:116(para)
5990
#: serverguide/C/security.xml:127(para)
5984
5991
msgid ""
5985
5992
"To add or delete a personalized group, use the following syntax, "
5986
5993
"respectively:"
5987
5994
msgstr ""
5988
5995
5989
#: serverguide/C/security.xml:120(command)
5996
#: serverguide/C/security.xml:131(command)
5990
5997
msgid "sudo addgroup groupname"
5991
5998
msgstr ""
5992
5999
5993
#: serverguide/C/security.xml:121(command)
6000
#: serverguide/C/security.xml:132(command)
5994
6001
msgid "sudo delgroup groupname"
5995
6002
msgstr ""
5996
6003
5997
#: serverguide/C/security.xml:125(para)
6004
#: serverguide/C/security.xml:136(para)
5998
6005
msgid "To add a user to a group, use the following syntax:"
5999
6006
msgstr ""
6000
6007
6001
#: serverguide/C/security.xml:129(command)
6008
#: serverguide/C/security.xml:140(command)
6002
6009
msgid "sudo adduser username groupname"
6003
6010
msgstr ""
6004
6011
6005
#: serverguide/C/security.xml:136(title)
6012
#: serverguide/C/security.xml:147(title)
6006
6013
msgid "User Profile Security"
6007
6014
msgstr ""
6008
6015
6009
#: serverguide/C/security.xml:137(para)
6016
#: serverguide/C/security.xml:148(para)
6010
6017
msgid ""
6011
6018
"When a new user is created, the adduser utility creates a brand new home "
6012
"directory named <filename class=\"directory\">/home/username</filename>, "
6013
"respectively. The default profile is modeled after the contents found in the "
6014
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6015
"includes all profile basics."
6019
"directory named <filename class=\"directory\">/home/username</filename>. The "
6020
"default profile is modeled after the contents found in the directory of "
6021
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6022
"profile basics."
6016
6023
msgstr ""
6017
6024
6018
#: serverguide/C/security.xml:140(para)
6025
#: serverguide/C/security.xml:151(para)
6019
6026
msgid ""
6020
6027
"If your server will be home to multiple users, you should pay close "
6021
6028
"attention to the user home directory permissions to ensure confidentiality. "
6025
6032
"your environment."
6026
6033
msgstr ""
6027
6034
6028
#: serverguide/C/security.xml:145(para)
6035
#: serverguide/C/security.xml:156(para)
6029
6036
msgid ""
6030
"To verify your current users home directory permissions, use the following "
6037
"To verify your current user home directory permissions, use the following "
6031
6038
"syntax:"
6032
6039
msgstr ""
6033
6040
6034
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6041
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6035
6042
msgid "ls -ld /home/username"
6036
6043
msgstr ""
6037
6044
6038
#: serverguide/C/security.xml:151(para)
6045
#: serverguide/C/security.xml:162(para)
6039
6046
msgid ""
6040
6047
"The following output shows that the directory <filename "
6041
"class=\"directory\">/home/username</filename> has world readable permissions:"
6048
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6042
6049
msgstr ""
6043
6050
6044
#: serverguide/C/security.xml:154(computeroutput)
6051
#: serverguide/C/security.xml:165(computeroutput)
6045
6052
#, no-wrap
6046
6053
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6047
6054
msgstr ""
6048
6055
6049
#: serverguide/C/security.xml:158(para)
6056
#: serverguide/C/security.xml:169(para)
6050
6057
msgid ""
6051
"You can remove the world readable permissions using the following syntax:"
6058
"You can remove the world readable-permissions using the following syntax:"
6052
6059
msgstr ""
6053
6060
6054
#: serverguide/C/security.xml:162(command)
6061
#: serverguide/C/security.xml:173(command)
6055
6062
msgid "sudo chmod 0750 /home/username"
6056
6063
msgstr ""
6057
6064
6058
#: serverguide/C/security.xml:165(para)
6065
#: serverguide/C/security.xml:176(para)
6059
6066
msgid ""
6060
6067
"Some people tend to use the recursive option (-R) indiscriminately which "
6061
6068
"modifies all child folders and files, but this is not necessary, and may "
6063
6070
"for preventing unauthorized access to anything below the parent."
6064
6071
msgstr ""
6065
6072
6066
#: serverguide/C/security.xml:169(para)
6073
#: serverguide/C/security.xml:180(para)
6067
6074
msgid ""
6068
6075
"A much more efficient approach to the matter would be to modify the "
6069
6076
"<application>adduser</application> global default permissions when creating "
6073
6080
"new home directories will receive the correct permissions."
6074
6081
msgstr ""
6075
6082
6076
#: serverguide/C/security.xml:172(programlisting)
6083
#: serverguide/C/security.xml:183(programlisting)
6077
6084
#, no-wrap
6078
6085
msgid ""
6079
6086
"\n"
6080
6087
"DIR_MODE=0750\n"
6081
6088
msgstr ""
6082
6089
6083
#: serverguide/C/security.xml:177(para)
6090
#: serverguide/C/security.xml:188(para)
6084
6091
msgid ""
6085
6092
"After correcting the directory permissions using any of the previously "
6086
6093
"mentioned techniques, verify the results using the following syntax:"
6087
6094
msgstr ""
6088
6095
6089
#: serverguide/C/security.xml:183(para)
6096
#: serverguide/C/security.xml:194(para)
6090
6097
msgid ""
6091
"The results below show that world readable permissions have been removed:"
6098
"The results below show that world-readable permissions have been removed:"
6092
6099
msgstr ""
6093
6100
6094
#: serverguide/C/security.xml:186(computeroutput)
6101
#: serverguide/C/security.xml:197(computeroutput)
6095
6102
#, no-wrap
6096
6103
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6097
6104
msgstr ""
6098
6105
6099
#: serverguide/C/security.xml:193(title)
6106
#: serverguide/C/security.xml:204(title)
6100
6107
msgid "Password Policy"
6101
6108
msgstr ""
6102
6109
6103
#: serverguide/C/security.xml:194(para)
6110
#: serverguide/C/security.xml:205(para)
6104
6111
msgid ""
6105
6112
"A strong password policy is one of the most important aspects of your "
6106
6113
"security posture. Many successful security breaches involve simple brute "
6110
6117
"password lifetimes, and frequent audits of your authentication systems."
6111
6118
msgstr ""
6112
6119
6113
#: serverguide/C/security.xml:198(title)
6120
#: serverguide/C/security.xml:209(title)
6114
6121
msgid "Minimum Password Length"
6115
6122
msgstr ""
6116
6123
6117
#: serverguide/C/security.xml:199(para)
6124
#: serverguide/C/security.xml:210(para)
6118
6125
msgid ""
6119
6126
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6120
6127
"well as some basic entropy checks. These values are controlled in the file "
6128
6135
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6129
6136
msgstr ""
6130
6137
6131
#: serverguide/C/security.xml:205(para)
6138
#: serverguide/C/security.xml:216(para)
6132
6139
msgid ""
6133
6140
"If you would like to adjust the minimum length to 8 characters, change the "
6134
6141
"appropriate variable to min=8. The modification is outlined below."
6142
6149
"minlen=8\n"
6143
6150
msgstr ""
6144
6151
6145
#: serverguide/C/security.xml:212(para)
6152
#: serverguide/C/security.xml:223(para)
6146
6153
msgid ""
6147
6154
"Basic password entropy checks and minimum length rules do not apply to the "
6148
6155
"administrator using sudo level commands to setup a new user."
6149
6156
msgstr ""
6150
6157
6151
#: serverguide/C/security.xml:218(title)
6158
#: serverguide/C/security.xml:229(title)
6152
6159
msgid "Password Expiration"
6153
6160
msgstr ""
6154
6161
6155
#: serverguide/C/security.xml:219(para)
6162
#: serverguide/C/security.xml:230(para)
6156
6163
msgid ""
6157
6164
"When creating user accounts, you should make it a policy to have a minimum "
6158
6165
"and maximum password age forcing users to change their passwords when they "
6159
6166
"expire."
6160
6167
msgstr ""
6161
6168
6162
#: serverguide/C/security.xml:224(para)
6169
#: serverguide/C/security.xml:235(para)
6163
6170
msgid ""
6164
6171
"To easily view the current status of a user account, use the following "
6165
6172
"syntax:"
6166
6173
msgstr ""
6167
6174
6168
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6175
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6169
6176
msgid "sudo chage -l username"
6170
6177
msgstr ""
6171
6178
6172
#: serverguide/C/security.xml:230(para)
6179
#: serverguide/C/security.xml:241(para)
6173
6180
msgid ""
6174
6181
"The output below shows interesting facts about the user account, namely that "
6175
6182
"there are no policies applied:"
6176
6183
msgstr ""
6177
6184
6178
#: serverguide/C/security.xml:233(computeroutput)
6185
#: serverguide/C/security.xml:244(computeroutput)
6179
6186
#, no-wrap
6180
6187
msgid ""
6181
"Last password change : Jan 20, 2008\n"
6188
"Last password change : Jan 20, 2015\n"
6182
6189
"Password expires : never\n"
6183
6190
"Password inactive : never\n"
6184
6191
"Account expires : never\n"
6187
6194
"Number of days of warning before password expires : 7"
6188
6195
msgstr ""
6189
6196
6190
#: serverguide/C/security.xml:243(para)
6197
#: serverguide/C/security.xml:254(para)
6191
6198
msgid ""
6192
6199
"To set any of these values, simply use the following syntax, and follow the "
6193
6200
"interactive prompts:"
6194
6201
msgstr ""
6195
6202
6196
#: serverguide/C/security.xml:247(command)
6203
#: serverguide/C/security.xml:258(command)
6197
6204
msgid "sudo chage username"
6198
6205
msgstr ""
6199
6206
6200
#: serverguide/C/security.xml:249(para)
6207
#: serverguide/C/security.xml:260(para)
6201
6208
msgid ""
6202
6209
"The following is also an example of how you can manually change the explicit "
6203
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6210
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6204
6211
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6205
6212
"password expiration, and a warning time period (-W) of 14 days before "
6206
"password expiration."
6207
msgstr ""
6208
6209
#: serverguide/C/security.xml:253(command)
6210
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6211
msgstr ""
6212
6213
#: serverguide/C/security.xml:257(para)
6213
"password expiration:"
6214
msgstr ""
6215
6216
#: serverguide/C/security.xml:264(command)
6217
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6218
msgstr ""
6219
6220
#: serverguide/C/security.xml:268(para)
6214
6221
msgid "To verify changes, use the same syntax as mentioned previously:"
6215
6222
msgstr ""
6216
6223
6217
#: serverguide/C/security.xml:263(para)
6224
#: serverguide/C/security.xml:274(para)
6218
6225
msgid ""
6219
6226
"The output below shows the new policies that have been established for the "
6220
6227
"account:"
6221
6228
msgstr ""
6222
6229
6223
#: serverguide/C/security.xml:266(computeroutput)
6230
#: serverguide/C/security.xml:277(computeroutput)
6224
6231
#, no-wrap
6225
6232
msgid ""
6226
"Last password change : Jan 20, 2008\n"
6227
"Password expires : Apr 19, 2008\n"
6228
"Password inactive : May 19, 2008\n"
6229
"Account expires : Jan 31, 2008\n"
6233
"Last password change : Jan 20, 2015\n"
6234
"Password expires : Apr 19, 2015\n"
6235
"Password inactive : May 19, 2015\n"
6236
"Account expires : Jan 31, 2015\n"
6230
6237
"Minimum number of days between password change : 5\n"
6231
6238
"Maximum number of days between password change : 90\n"
6232
6239
"Number of days of warning before password expires : 14"
6233
6240
msgstr ""
6234
6241
6235
#: serverguide/C/security.xml:282(title)
6242
#: serverguide/C/security.xml:293(title)
6236
6243
msgid "Other Security Considerations"
6237
6244
msgstr ""
6238
6245
6239
#: serverguide/C/security.xml:283(para)
6246
#: serverguide/C/security.xml:294(para)
6240
6247
msgid ""
6241
6248
"Many applications use alternate authentication mechanisms that can be easily "
6242
6249
"overlooked by even experienced system administrators. Therefore, it is "
6244
6251
"to services and applications on your server."
6245
6252
msgstr ""
6246
6253
6247
#: serverguide/C/security.xml:288(title)
6254
#: serverguide/C/security.xml:299(title)
6248
6255
msgid "SSH Access by Disabled Users"
6249
6256
msgstr ""
6250
6257
6251
#: serverguide/C/security.xml:289(para)
6258
#: serverguide/C/security.xml:300(para)
6252
6259
msgid ""
6253
6260
"Simply disabling/locking a user account will not prevent a user from logging "
6254
6261
"into your server remotely if they have previously set up RSA public key "
6255
6262
"authentication. They will still be able to gain shell access to the server, "
6256
6263
"without the need for any password. Remember to check the users home "
6257
6264
"directory for files that will allow for this type of authenticated SSH "
6258
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6265
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6259
6266
msgstr ""
6260
6267
6261
#: serverguide/C/security.xml:292(para)
6268
#: serverguide/C/security.xml:303(para)
6262
6269
msgid ""
6263
6270
"Remove or rename the directory <filename "
6264
6271
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6265
6272
"further SSH authentication capabilities."
6266
6273
msgstr ""
6267
6274
6268
#: serverguide/C/security.xml:295(para)
6275
#: serverguide/C/security.xml:306(para)
6269
6276
msgid ""
6270
6277
"Be sure to check for any established SSH connections by the disabled user, "
6271
6278
"as it is possible they may have existing inbound or outbound connections. "
6273
6280
msgstr ""
6274
6281
6275
6282
#: serverguide/C/security.xml:310(command)
6276
msgid "who |grep username"
6283
msgid "who | grep username"
6277
6284
msgstr ""
6278
6285
6279
6286
#: serverguide/C/security.xml:311(command)
6288
6295
"<placeholder-2/>\n"
6289
6296
msgstr ""
6290
6297
6291
#: serverguide/C/security.xml:298(para)
6298
#: serverguide/C/security.xml:313(para)
6292
6299
msgid ""
6293
6300
"Restrict SSH access to only user accounts that should have it. For example, "
6294
6301
"you may create a group called \"sshlogin\" and add the group name as the "
6296
6303
"the file <filename>/etc/ssh/sshd_config</filename>."
6297
6304
msgstr ""
6298
6305
6299
#: serverguide/C/security.xml:301(programlisting)
6306
#: serverguide/C/security.xml:316(programlisting)
6300
6307
#, no-wrap
6301
6308
msgid ""
6302
6309
"\n"
6303
6310
"AllowGroups sshlogin\n"
6304
6311
msgstr ""
6305
6312
6306
#: serverguide/C/security.xml:304(para)
6313
#: serverguide/C/security.xml:319(para)
6307
6314
msgid ""
6308
6315
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6309
6316
"SSH service."
6310
6317
msgstr ""
6311
6318
6312
#: serverguide/C/security.xml:308(command)
6319
#: serverguide/C/security.xml:323(command)
6313
6320
msgid "sudo adduser username sshlogin"
6314
6321
msgstr ""
6315
6322
6316
#: serverguide/C/security.xml:309(command)
6323
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6317
6324
msgid "sudo service ssh restart"
6318
6325
msgstr ""
6319
6326
6320
#: serverguide/C/security.xml:313(title)
6327
#: serverguide/C/security.xml:328(title)
6321
6328
msgid "External User Database Authentication"
6322
6329
msgstr ""
6323
6330
6324
#: serverguide/C/security.xml:314(para)
6331
#: serverguide/C/security.xml:329(para)
6325
6332
msgid ""
6326
6333
"Most enterprise networks require centralized authentication and access "
6327
6334
"controls for all system resources. If you have configured your server to "
6328
6335
"authenticate users against external databases, be sure to disable the user "
6329
"accounts both externally and locally, this way you ensure that local "
6336
"accounts both externally and locally. This way you ensure that local "
6330
6337
"fallback authentication is not possible."
6331
6338
msgstr ""
6332
6339
6333
#: serverguide/C/security.xml:323(title)
6340
#: serverguide/C/security.xml:338(title)
6334
6341
msgid "Console Security"
6335
6342
msgstr ""
6336
6343
6337
#: serverguide/C/security.xml:324(para)
6344
#: serverguide/C/security.xml:339(para)
6338
6345
msgid ""
6339
6346
"As with any other security barrier you put in place to protect your server, "
6340
6347
"it is pretty tough to defend against untold damage caused by someone with "
6346
6353
"basic precautions with regard to console security."
6347
6354
msgstr ""
6348
6355
6349
#: serverguide/C/security.xml:327(para)
6356
#: serverguide/C/security.xml:342(para)
6350
6357
msgid ""
6351
6358
"The following instructions will help defend your server against issues that "
6352
6359
"could otherwise yield very serious consequences."
6353
6360
msgstr ""
6354
6361
6355
#: serverguide/C/security.xml:332(title)
6362
#: serverguide/C/security.xml:347(title)
6356
6363
msgid "Disable Ctrl+Alt+Delete"
6357
6364
msgstr ""
6358
6365
6359
#: serverguide/C/security.xml:333(para)
6366
#: serverguide/C/security.xml:348(para)
6360
6367
msgid ""
6361
"First and foremost, anyone that has physical access to the keyboard can "
6362
"simply use the "
6368
"Anyone that has physical access to the keyboard can simply use the "
6363
6369
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6364
6370
"eycombo> key combination to reboot the server without having to log on. "
6365
"Sure, someone could simply unplug the power source, but you should still "
6366
"prevent the use of this key combination on a production server. This forces "
6367
"an attacker to take more drastic measures to reboot the server, and will "
6371
"While someone could simply unplug the power source, you should still prevent "
6372
"the use of this key combination on a production server. This forces an "
6373
"attacker to take more drastic measures to reboot the server, and will "
6368
6374
"prevent accidental reboots at the same time."
6369
6375
msgstr ""
6370
6376
6371
#: serverguide/C/security.xml:338(para)
6377
#: serverguide/C/security.xml:353(para)
6372
6378
msgid ""
6373
6379
"To disable the reboot action taken by pressing the "
6374
6380
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6375
6381
"eycombo> key combination, comment out the following line in the file "
6376
"<filename>/etc/init/control-alt-delete.conf</filename>."
6382
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6377
6383
msgstr ""
6378
6384
6379
#: serverguide/C/security.xml:341(programlisting)
6385
#: serverguide/C/security.xml:356(programlisting)
6380
6386
#, no-wrap
6381
6387
msgid ""
6382
6388
"\n"
6383
6389
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6384
6390
msgstr ""
6385
6391
6386
#: serverguide/C/security.xml:350(title)
6392
#: serverguide/C/security.xml:365(title)
6387
6393
msgid "Firewall"
6388
6394
msgstr ""
6389
6395
6390
#: serverguide/C/security.xml:353(para)
6396
#: serverguide/C/security.xml:368(para)
6391
6397
msgid ""
6392
6398
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6393
6399
"which is used to manipulate or decide the fate of network traffic headed "
6395
6401
"system for packet filtering."
6396
6402
msgstr ""
6397
6403
6398
#: serverguide/C/security.xml:358(para)
6404
#: serverguide/C/security.xml:373(para)
6399
6405
msgid ""
6400
6406
"The kernel's packet filtering system would be of little use to "
6401
6407
"administrators without a userspace interface to manage it. This is the "
6402
"purpose of iptables. When a packet reaches your server, it will be handed "
6408
"purpose of iptables: When a packet reaches your server, it will be handed "
6403
6409
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6404
6410
"based on the rules supplied to it from userspace via iptables. Thus, "
6405
"iptables is all you need to manage your firewall if you're familiar with it, "
6406
"but many frontends are available to simplify the task."
6411
"iptables is all you need to manage your firewall, if you're familiar with "
6412
"it, but many frontends are available to simplify the task."
6407
6413
msgstr ""
6408
6414
6409
#: serverguide/C/security.xml:368(title)
6415
#: serverguide/C/security.xml:383(title)
6410
6416
msgid "ufw - Uncomplicated Firewall"
6411
6417
msgstr ""
6412
6418
6413
#: serverguide/C/security.xml:369(para)
6419
#: serverguide/C/security.xml:384(para)
6414
6420
msgid ""
6415
6421
"The default firewall configuration tool for Ubuntu is "
6416
6422
"<application>ufw</application>. Developed to ease iptables firewall "
6417
"configuration, <application>ufw</application> provides a user friendly way "
6423
"configuration, <application>ufw</application> provides a user-friendly way "
6418
6424
"to create an IPv4 or IPv6 host-based firewall."
6419
6425
msgstr ""
6420
6426
6421
#: serverguide/C/security.xml:373(para)
6427
#: serverguide/C/security.xml:388(para)
6422
6428
msgid ""
6423
6429
"<application>ufw</application> by default is initially disabled. From the "
6424
6430
"<application>ufw</application> man page:"
6425
6431
msgstr ""
6426
6432
6427
#: serverguide/C/security.xml:377(quote)
6433
#: serverguide/C/security.xml:392(quote)
6428
6434
msgid ""
6429
6435
"ufw is not intended to provide complete firewall functionality via its "
6430
6436
"command interface, but instead provides an easy way to add or remove simple "
6431
6437
"rules. It is currently mainly used for host-based firewalls."
6432
6438
msgstr ""
6433
6439
6434
#: serverguide/C/security.xml:381(para)
6440
#: serverguide/C/security.xml:396(para)
6435
6441
msgid ""
6436
6442
"The following are some examples of how to use <application>ufw</application>:"
6437
6443
msgstr ""
6438
6444
6439
#: serverguide/C/security.xml:386(para)
6445
#: serverguide/C/security.xml:401(para)
6440
6446
msgid ""
6441
6447
"First, <application>ufw</application> needs to be enabled. From a terminal "
6442
6448
"prompt enter:"
6443
6449
msgstr ""
6444
6450
6445
#: serverguide/C/security.xml:390(command)
6451
#: serverguide/C/security.xml:405(command)
6446
6452
msgid "sudo ufw enable"
6447
6453
msgstr ""
6448
6454
6449
#: serverguide/C/security.xml:394(para)
6450
msgid "To open a port (ssh in this example):"
6455
#: serverguide/C/security.xml:409(para)
6456
msgid "To open a port (SSH in this example):"
6451
6457
msgstr ""
6452
6458
6453
#: serverguide/C/security.xml:398(command)
6459
#: serverguide/C/security.xml:413(command)
6454
6460
msgid "sudo ufw allow 22"
6455
6461
msgstr ""
6456
6462
6457
#: serverguide/C/security.xml:402(para)
6463
#: serverguide/C/security.xml:417(para)
6458
6464
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6459
6465
msgstr ""
6460
6466
6461
#: serverguide/C/security.xml:406(command)
6467
#: serverguide/C/security.xml:421(command)
6462
6468
msgid "sudo ufw insert 1 allow 80"
6463
6469
msgstr ""
6464
6470
6465
#: serverguide/C/security.xml:410(para)
6471
#: serverguide/C/security.xml:425(para)
6466
6472
msgid "Similarly, to close an opened port:"
6467
6473
msgstr ""
6468
6474
6469
#: serverguide/C/security.xml:414(command)
6475
#: serverguide/C/security.xml:429(command)
6470
6476
msgid "sudo ufw deny 22"
6471
6477
msgstr ""
6472
6478
6473
#: serverguide/C/security.xml:418(para)
6479
#: serverguide/C/security.xml:433(para)
6474
6480
msgid "To remove a rule, use delete followed by the rule:"
6475
6481
msgstr ""
6476
6482
6477
#: serverguide/C/security.xml:422(command)
6483
#: serverguide/C/security.xml:437(command)
6478
6484
msgid "sudo ufw delete deny 22"
6479
6485
msgstr ""
6480
6486
6481
#: serverguide/C/security.xml:426(para)
6487
#: serverguide/C/security.xml:441(para)
6482
6488
msgid ""
6483
6489
"It is also possible to allow access from specific hosts or networks to a "
6484
"port. The following example allows ssh access from host 192.168.0.2 to any "
6485
"ip address on this host:"
6490
"port. The following example allows SSH access from host 192.168.0.2 to any "
6491
"IP address on this host:"
6486
6492
msgstr ""
6487
6493
6488
#: serverguide/C/security.xml:431(command)
6494
#: serverguide/C/security.xml:446(command)
6489
6495
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6490
6496
msgstr ""
6491
6497
6492
#: serverguide/C/security.xml:433(para)
6498
#: serverguide/C/security.xml:448(para)
6493
6499
msgid ""
6494
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6500
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6495
6501
"subnet."
6496
6502
msgstr ""
6497
6503
6498
#: serverguide/C/security.xml:439(para)
6504
#: serverguide/C/security.xml:454(para)
6499
6505
msgid ""
6500
6506
"Adding the <emphasis>--dry-run</emphasis> option to a "
6501
6507
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6503
6509
"the HTTP port:"
6504
6510
msgstr ""
6505
6511
6506
#: serverguide/C/security.xml:445(command)
6512
#: serverguide/C/security.xml:460(command)
6507
6513
msgid "sudo ufw --dry-run allow http"
6508
6514
msgstr ""
6509
6515
6510
#: serverguide/C/security.xml:449(computeroutput)
6516
#: serverguide/C/security.xml:464(computeroutput)
6511
6517
#, no-wrap
6512
6518
msgid ""
6513
6519
"*filter\n"
6533
6539
"Rules updated"
6534
6540
msgstr ""
6535
6541
6536
#: serverguide/C/security.xml:473(para)
6542
#: serverguide/C/security.xml:488(para)
6537
6543
msgid "<application>ufw</application> can be disabled by:"
6538
6544
msgstr ""
6539
6545
6540
#: serverguide/C/security.xml:477(command)
6546
#: serverguide/C/security.xml:492(command)
6541
6547
msgid "sudo ufw disable"
6542
6548
msgstr ""
6543
6549
6544
#: serverguide/C/security.xml:481(para)
6550
#: serverguide/C/security.xml:496(para)
6545
6551
msgid "To see the firewall status, enter:"
6546
6552
msgstr ""
6547
6553
6548
#: serverguide/C/security.xml:485(command)
6554
#: serverguide/C/security.xml:500(command)
6549
6555
msgid "sudo ufw status"
6550
6556
msgstr ""
6551
6557
6552
#: serverguide/C/security.xml:489(para)
6558
#: serverguide/C/security.xml:504(para)
6553
6559
msgid "And for more verbose status information use:"
6554
6560
msgstr ""
6555
6561
6556
#: serverguide/C/security.xml:493(command)
6562
#: serverguide/C/security.xml:508(command)
6557
6563
msgid "sudo ufw status verbose"
6558
6564
msgstr ""
6559
6565
6560
#: serverguide/C/security.xml:497(para)
6566
#: serverguide/C/security.xml:512(para)
6561
6567
msgid "To view the <emphasis>numbered</emphasis> format:"
6562
6568
msgstr ""
6563
6569
6564
#: serverguide/C/security.xml:501(command)
6570
#: serverguide/C/security.xml:516(command)
6565
6571
msgid "sudo ufw status numbered"
6566
6572
msgstr ""
6567
6573
6568
#: serverguide/C/security.xml:506(para)
6574
#: serverguide/C/security.xml:521(para)
6569
6575
msgid ""
6570
6576
"If the port you want to open or close is defined in "
6571
6577
"<filename>/etc/services</filename>, you can use the port name instead of the "
6573
6579
"<emphasis>ssh</emphasis>."
6574
6580
msgstr ""
6575
6581
6576
#: serverguide/C/security.xml:512(para)
6582
#: serverguide/C/security.xml:527(para)
6577
6583
msgid ""
6578
6584
"This is a quick introduction to using <application>ufw</application>. Please "
6579
6585
"refer to the <application>ufw</application> man page for more information."
6580
6586
msgstr ""
6581
6587
6582
#: serverguide/C/security.xml:518(title)
6588
#: serverguide/C/security.xml:533(title)
6583
6589
msgid "ufw Application Integration"
6584
6590
msgstr ""
6585
6591
6586
#: serverguide/C/security.xml:520(para)
6592
#: serverguide/C/security.xml:535(para)
6587
6593
msgid ""
6588
6594
"Applications that open ports can include an <application>ufw</application> "
6589
6595
"profile, which details the ports needed for the application to function "
6592
6598
"the default ports have been changed."
6593
6599
msgstr ""
6594
6600
6595
#: serverguide/C/security.xml:529(para)
6601
#: serverguide/C/security.xml:544(para)
6596
6602
msgid ""
6597
6603
"To view which applications have installed a profile, enter the following in "
6598
6604
"a terminal:"
6599
6605
msgstr ""
6600
6606
6601
#: serverguide/C/security.xml:534(command)
6607
#: serverguide/C/security.xml:549(command)
6602
6608
msgid "sudo ufw app list"
6603
6609
msgstr ""
6604
6610
6605
#: serverguide/C/security.xml:540(para)
6611
#: serverguide/C/security.xml:555(para)
6606
6612
msgid ""
6607
6613
"Similar to allowing traffic to a port, using an application profile is "
6608
6614
"accomplished by entering:"
6609
6615
msgstr ""
6610
6616
6611
#: serverguide/C/security.xml:545(command)
6617
#: serverguide/C/security.xml:560(command)
6612
6618
msgid "sudo ufw allow Samba"
6613
6619
msgstr ""
6614
6620
6615
#: serverguide/C/security.xml:551(para)
6621
#: serverguide/C/security.xml:566(para)
6616
6622
msgid "An extended syntax is available as well:"
6617
6623
msgstr ""
6618
6624
6619
#: serverguide/C/security.xml:556(command)
6625
#: serverguide/C/security.xml:571(command)
6620
6626
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6621
6627
msgstr ""
6622
6628
6623
#: serverguide/C/security.xml:559(para)
6629
#: serverguide/C/security.xml:574(para)
6624
6630
msgid ""
6625
6631
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6626
6632
"with the application profile you are using and the IP range for your network."
6627
6633
msgstr ""
6628
6634
6629
#: serverguide/C/security.xml:565(para)
6635
#: serverguide/C/security.xml:580(para)
6630
6636
msgid ""
6631
6637
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6632
6638
"application, because that information is detailed in the profile. Also, note "
6634
6640
"<emphasis>port</emphasis> number."
6635
6641
msgstr ""
6636
6642
6637
#: serverguide/C/security.xml:574(para)
6643
#: serverguide/C/security.xml:589(para)
6638
6644
msgid ""
6639
"To view details about which ports, protocols, etc are defined for an "
6645
"To view details about which ports, protocols, etc., are defined for an "
6640
6646
"application, enter:"
6641
6647
msgstr ""
6642
6648
6643
#: serverguide/C/security.xml:579(command)
6649
#: serverguide/C/security.xml:594(command)
6644
6650
msgid "sudo ufw app info Samba"
6645
6651
msgstr ""
6646
6652
6647
#: serverguide/C/security.xml:585(para)
6653
#: serverguide/C/security.xml:600(para)
6648
6654
msgid ""
6649
6655
"Not all applications that require opening a network port come with "
6650
6656
"<application>ufw</application> profiles, but if you have profiled an "
6652
6658
"bug against the package in Launchpad."
6653
6659
msgstr ""
6654
6660
6655
#: serverguide/C/security.xml:591(command)
6661
#: serverguide/C/security.xml:606(command)
6656
6662
msgid "ubuntu-bug nameofpackage"
6657
6663
msgstr ""
6658
6664
6659
#: serverguide/C/security.xml:597(title)
6665
#: serverguide/C/security.xml:612(title)
6660
6666
msgid "IP Masquerading"
6661
6667
msgstr ""
6662
6668
6663
#: serverguide/C/security.xml:598(para)
6669
#: serverguide/C/security.xml:613(para)
6664
6670
msgid ""
6665
6671
"The purpose of IP Masquerading is to allow machines with private, non-"
6666
6672
"routable IP addresses on your network to access the Internet through the "
6677
6683
"to in Microsoft documentation as Internet Connection Sharing."
6678
6684
msgstr ""
6679
6685
6680
#: serverguide/C/security.xml:614(title)
6686
#: serverguide/C/security.xml:629(title)
6681
6687
msgid "ufw Masquerading"
6682
6688
msgstr ""
6683
6689
6684
#: serverguide/C/security.xml:615(para)
6690
#: serverguide/C/security.xml:630(para)
6685
6691
msgid ""
6686
6692
"IP Masquerading can be achieved using custom <application>ufw</application> "
6687
6693
"rules. This is possible because the current back-end for "
6692
6698
"that are more network gateway or bridge related."
6693
6699
msgstr ""
6694
6700
6695
#: serverguide/C/security.xml:621(para)
6701
#: serverguide/C/security.xml:636(para)
6696
6702
msgid ""
6697
6703
"The rules are split into two different files, rules that should be executed "
6698
6704
"before <application>ufw</application> command line rules, and rules that are "
6699
6705
"executed after <application>ufw</application> command line rules."
6700
6706
msgstr ""
6701
6707
6702
#: serverguide/C/security.xml:627(para)
6708
#: serverguide/C/security.xml:642(para)
6703
6709
msgid ""
6704
6710
"First, packet forwarding needs to be enabled in "
6705
6711
"<application>ufw</application>. Two configuration files will need to be "
6707
6713
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6708
6714
msgstr ""
6709
6715
6710
#: serverguide/C/security.xml:631(programlisting)
6716
#: serverguide/C/security.xml:646(programlisting)
6711
6717
#, no-wrap
6712
6718
msgid ""
6713
6719
"\n"
6714
6720
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6715
6721
msgstr ""
6716
6722
6717
#: serverguide/C/security.xml:634(para)
6723
#: serverguide/C/security.xml:649(para)
6718
6724
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6719
6725
msgstr ""
6720
6726
6721
#: serverguide/C/security.xml:637(programlisting)
6727
#: serverguide/C/security.xml:652(programlisting)
6722
6728
#, no-wrap
6723
6729
msgid ""
6724
6730
"\n"
6725
6731
"net/ipv4/ip_forward=1\n"
6726
6732
msgstr ""
6727
6733
6728
#: serverguide/C/security.xml:640(para)
6734
#: serverguide/C/security.xml:655(para)
6729
6735
msgid "Similarly, for IPv6 forwarding uncomment:"
6730
6736
msgstr ""
6731
6737
6732
#: serverguide/C/security.xml:643(programlisting)
6738
#: serverguide/C/security.xml:658(programlisting)
6733
6739
#, no-wrap
6734
6740
msgid ""
6735
6741
"\n"
6736
6742
"net/ipv6/conf/default/forwarding=1\n"
6737
6743
msgstr ""
6738
6744
6739
#: serverguide/C/security.xml:648(para)
6745
#: serverguide/C/security.xml:663(para)
6740
6746
msgid ""
6741
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6742
"file. The default rules only configure the <emphasis>filter</emphasis> "
6743
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6744
"need to be configured. Add the following to the top of the file just after "
6745
"the header comments:"
6747
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6748
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6749
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6750
"configured. Add the following to the top of the file just after the header "
6751
"comments:"
6746
6752
msgstr ""
6747
6753
6748
#: serverguide/C/security.xml:653(programlisting)
6754
#: serverguide/C/security.xml:668(programlisting)
6749
6755
#, no-wrap
6750
6756
msgid ""
6751
6757
"\n"
6761
6767
"COMMIT\n"
6762
6768
msgstr ""
6763
6769
6764
#: serverguide/C/security.xml:664(para)
6770
#: serverguide/C/security.xml:679(para)
6765
6771
msgid ""
6766
6772
"The comments are not strictly necessary, but it is considered good practice "
6767
6773
"to document your configuration. Also, when modifying any of the "
6770
6776
"line for each table modified:"
6771
6777
msgstr ""
6772
6778
6773
#: serverguide/C/security.xml:670(programlisting)
6779
#: serverguide/C/security.xml:685(programlisting)
6774
6780
#, no-wrap
6775
6781
msgid ""
6776
6782
"\n"
6778
6784
"COMMIT\n"
6779
6785
msgstr ""
6780
6786
6781
#: serverguide/C/security.xml:675(para)
6787
#: serverguide/C/security.xml:690(para)
6782
6788
msgid ""
6783
6789
"For each <emphasis>Table</emphasis> a corresponding "
6784
6790
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6787
6793
"<emphasis>mangle</emphasis> tables."
6788
6794
msgstr ""
6789
6795
6790
#: serverguide/C/security.xml:682(para)
6796
#: serverguide/C/security.xml:697(para)
6791
6797
msgid ""
6792
6798
"In the above example replace <emphasis>eth0</emphasis>, "
6793
6799
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6794
6800
"appropriate interfaces and IP range for your network."
6795
6801
msgstr ""
6796
6802
6797
#: serverguide/C/security.xml:690(para)
6803
#: serverguide/C/security.xml:705(para)
6798
6804
msgid ""
6799
6805
"Finally, disable and re-enable <application>ufw</application> to apply the "
6800
6806
"changes:"
6801
6807
msgstr ""
6802
6808
6803
#: serverguide/C/security.xml:694(command)
6809
#: serverguide/C/security.xml:709(command)
6804
6810
msgid "sudo ufw disable && sudo ufw enable"
6805
6811
msgstr ""
6806
6812
6807
#: serverguide/C/security.xml:698(para)
6813
#: serverguide/C/security.xml:713(para)
6808
6814
msgid ""
6809
6815
"IP Masquerading should now be enabled. You can also add any additional "
6810
6816
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6812
6818
"forward</emphasis> chain."
6813
6819
msgstr ""
6814
6820
6815
#: serverguide/C/security.xml:705(title)
6821
#: serverguide/C/security.xml:720(title)
6816
6822
msgid "iptables Masquerading"
6817
6823
msgstr ""
6818
6824
6819
#: serverguide/C/security.xml:706(para)
6825
#: serverguide/C/security.xml:721(para)
6820
6826
msgid ""
6821
6827
"<application>iptables</application> can also be used to enable Masquerading."
6822
6828
msgstr ""
6823
6829
6824
#: serverguide/C/security.xml:711(para)
6830
#: serverguide/C/security.xml:726(para)
6825
6831
msgid ""
6826
6832
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6827
6833
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6828
"uncomment the following line"
6834
"uncomment the following line:"
6829
6835
msgstr ""
6830
6836
6831
#: serverguide/C/security.xml:715(programlisting)
6837
#: serverguide/C/security.xml:730(programlisting)
6832
6838
#, no-wrap
6833
6839
msgid ""
6834
6840
"\n"
6835
6841
"net.ipv4.ip_forward=1\n"
6836
6842
msgstr ""
6837
6843
6838
#: serverguide/C/security.xml:718(para)
6844
#: serverguide/C/security.xml:733(para)
6839
6845
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6840
6846
msgstr ""
6841
6847
6842
#: serverguide/C/security.xml:721(programlisting)
6848
#: serverguide/C/security.xml:736(programlisting)
6843
6849
#, no-wrap
6844
6850
msgid ""
6845
6851
"\n"
6846
6852
"net.ipv6.conf.default.forwarding=1\n"
6847
6853
msgstr ""
6848
6854
6849
#: serverguide/C/security.xml:726(para)
6855
#: serverguide/C/security.xml:741(para)
6850
6856
msgid ""
6851
6857
"Next, execute the <application>sysctl</application> command to enable the "
6852
6858
"new settings in the configuration file:"
6853
6859
msgstr ""
6854
6860
6855
#: serverguide/C/security.xml:730(command)
6861
#: serverguide/C/security.xml:745(command)
6856
6862
msgid "sudo sysctl -p"
6857
6863
msgstr ""
6858
6864
6859
#: serverguide/C/security.xml:734(para)
6865
#: serverguide/C/security.xml:749(para)
6860
6866
msgid ""
6861
6867
"IP Masquerading can now be accomplished with a single iptables rule, which "
6862
6868
"may differ slightly based on your network configuration:"
6863
6869
msgstr ""
6864
6870
6865
#: serverguide/C/security.xml:737(screen)
6871
#: serverguide/C/security.xml:752(screen)
6866
6872
#, no-wrap
6867
6873
msgid ""
6868
6874
"\n"
6869
6875
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6870
6876
msgstr ""
6871
6877
6872
#: serverguide/C/security.xml:740(para)
6878
#: serverguide/C/security.xml:755(para)
6873
6879
msgid ""
6874
6880
"The above command assumes that your private address space is 192.168.0.0/16 "
6875
6881
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6876
6882
"follows:"
6877
6883
msgstr ""
6878
6884
6879
#: serverguide/C/security.xml:745(para)
6885
#: serverguide/C/security.xml:760(para)
6880
6886
msgid "-t nat -- the rule is to go into the nat table"
6881
6887
msgstr ""
6882
6888
6883
#: serverguide/C/security.xml:746(para)
6889
#: serverguide/C/security.xml:761(para)
6884
6890
msgid ""
6885
6891
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6886
6892
msgstr ""
6887
6893
6888
#: serverguide/C/security.xml:747(para)
6894
#: serverguide/C/security.xml:762(para)
6889
6895
msgid ""
6890
6896
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6891
6897
"specified address space"
6892
6898
msgstr ""
6893
6899
6894
#: serverguide/C/security.xml:748(para)
6900
#: serverguide/C/security.xml:763(para)
6895
6901
msgid ""
6896
6902
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6897
6903
"specified network device"
6898
6904
msgstr ""
6899
6905
6900
#: serverguide/C/security.xml:750(para)
6906
#: serverguide/C/security.xml:765(para)
6901
6907
msgid ""
6902
6908
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6903
6909
"MASQUERADE target to be manipulated as described above"
6904
6910
msgstr ""
6905
6911
6906
#: serverguide/C/security.xml:758(para)
6912
#: serverguide/C/security.xml:773(para)
6907
6913
msgid ""
6908
6914
"Also, each chain in the filter table (the default table, and where most or "
6909
6915
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6913
6919
"above rule to work:"
6914
6920
msgstr ""
6915
6921
6916
#: serverguide/C/security.xml:765(screen)
6922
#: serverguide/C/security.xml:780(screen)
6917
6923
#, no-wrap
6918
6924
msgid ""
6919
6925
"\n"
6922
6928
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6923
6929
msgstr ""
6924
6930
6925
#: serverguide/C/security.xml:770(para)
6931
#: serverguide/C/security.xml:785(para)
6926
6932
msgid ""
6927
6933
"The above commands will allow all connections from your local network to the "
6928
6934
"Internet and all traffic related to those connections to return to the "
6929
6935
"machine that initiated them."
6930
6936
msgstr ""
6931
6937
6932
#: serverguide/C/security.xml:777(para)
6938
#: serverguide/C/security.xml:792(para)
6933
6939
msgid ""
6934
6940
"If you want masquerading to be enabled on reboot, which you probably do, "
6935
6941
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6936
6942
"example add the first command with no filtering:"
6937
6943
msgstr ""
6938
6944
6939
#: serverguide/C/security.xml:781(screen)
6945
#: serverguide/C/security.xml:796(screen)
6940
6946
#, no-wrap
6941
6947
msgid ""
6942
6948
"\n"
6943
6949
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6944
6950
msgstr ""
6945
6951
6946
#: serverguide/C/security.xml:789(title)
6952
#: serverguide/C/security.xml:804(title)
6947
6953
msgid "Logs"
6948
6954
msgstr ""
6949
6955
6950
#: serverguide/C/security.xml:790(para)
6956
#: serverguide/C/security.xml:805(para)
6951
6957
msgid ""
6952
6958
"Firewall logs are essential for recognizing attacks, troubleshooting your "
6953
6959
"firewall rules, and noticing unusual activity on your network. You must "
6957
6963
"REJECT)."
6958
6964
msgstr ""
6959
6965
6960
#: serverguide/C/security.xml:797(para)
6966
#: serverguide/C/security.xml:812(para)
6961
6967
msgid ""
6962
6968
"If you are using <application>ufw</application>, you can turn on logging by "
6963
6969
"entering the following in a terminal:"
6964
6970
msgstr ""
6965
6971
6966
#: serverguide/C/security.xml:801(command)
6972
#: serverguide/C/security.xml:816(command)
6967
6973
msgid "sudo ufw logging on"
6968
6974
msgstr ""
6969
6975
6970
#: serverguide/C/security.xml:803(para)
6976
#: serverguide/C/security.xml:818(para)
6971
6977
msgid ""
6972
6978
"To turn logging off in <application>ufw</application>, simply replace "
6973
6979
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
6974
6980
"role=\"italic\">off</emphasis> in the above command."
6975
6981
msgstr ""
6976
6982
6977
#: serverguide/C/security.xml:806(para)
6983
#: serverguide/C/security.xml:821(para)
6978
6984
msgid ""
6979
6985
"If using <application>iptables</application> instead of "
6980
6986
"<application>ufw</application>, enter:"
6981
6987
msgstr ""
6982
6988
6983
#: serverguide/C/security.xml:809(screen)
6989
#: serverguide/C/security.xml:824(screen)
6984
6990
#, no-wrap
6985
6991
msgid ""
6986
6992
"\n"
6988
6994
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
6989
6995
msgstr ""
6990
6996
6991
#: serverguide/C/security.xml:813(para)
6997
#: serverguide/C/security.xml:828(para)
6992
6998
msgid ""
6993
6999
"A request on port 80 from the local machine, then, would generate a log in "
6994
7000
"dmesg that looks like this (single line split into 3 to fit this document):"
7004
7010
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
7005
7011
msgstr ""
7006
7012
7007
#: serverguide/C/security.xml:822(para)
7013
#: serverguide/C/security.xml:836(para)
7008
7014
msgid ""
7009
7015
"The above log will also appear in <filename>/var/log/messages</filename>, "
7010
7016
"<filename>/var/log/syslog</filename>, and "
7021
7027
"or <application>lire</application>."
7022
7028
msgstr ""
7023
7029
7024
#: serverguide/C/security.xml:837(title)
7030
#: serverguide/C/security.xml:851(title)
7025
7031
msgid "Other Tools"
7026
7032
msgstr ""
7027
7033
7028
#: serverguide/C/security.xml:838(para)
7034
#: serverguide/C/security.xml:852(para)
7029
7035
msgid ""
7030
7036
"There are many tools available to help you construct a complete firewall "
7031
7037
"without intimate knowledge of iptables. For the GUI-inclined:"
7032
7038
msgstr ""
7033
7039
7034
#: serverguide/C/security.xml:844(para)
7040
#: serverguide/C/security.xml:858(para)
7035
7041
msgid ""
7036
7042
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7037
7043
"and will look familiar to an administrator who has used a commercial "
7038
7044
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7039
7045
msgstr ""
7040
7046
7041
#: serverguide/C/security.xml:850(para)
7047
#: serverguide/C/security.xml:864(para)
7042
7048
msgid ""
7043
7049
"If you prefer a command-line tool with plain-text configuration files:"
7044
7050
msgstr ""
7045
7051
7046
#: serverguide/C/security.xml:855(para)
7052
#: serverguide/C/security.xml:869(para)
7047
7053
msgid ""
7048
7054
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7049
7055
"powerful solution to help you configure an advanced firewall for any network."
7050
7056
msgstr ""
7051
7057
7052
#: serverguide/C/security.xml:866(para)
7058
#: serverguide/C/security.xml:880(para)
7053
7059
msgid ""
7054
7060
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7055
7061
"Firewall</ulink> wiki page contains information on the development of "
7056
7062
"<application>ufw</application>."
7057
7063
msgstr ""
7058
7064
7059
#: serverguide/C/security.xml:872(para)
7065
#: serverguide/C/security.xml:886(para)
7060
7066
msgid ""
7061
7067
"Also, the <application>ufw</application> manual page contains some very "
7062
7068
"useful information: <command>man ufw</command>."
7063
7069
msgstr ""
7064
7070
7065
#: serverguide/C/security.xml:877(para)
7071
#: serverguide/C/security.xml:891(para)
7066
7072
msgid ""
7067
7073
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7068
7074
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7069
7075
"on using <application>iptables</application>."
7070
7076
msgstr ""
7071
7077
7072
#: serverguide/C/security.xml:883(para)
7078
#: serverguide/C/security.xml:897(para)
7073
7079
msgid ""
7074
7080
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7075
7081
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7076
7082
msgstr ""
7077
7083
7078
#: serverguide/C/security.xml:889(para)
7084
#: serverguide/C/security.xml:903(para)
7079
7085
msgid ""
7080
7086
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7081
7087
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7082
7088
msgstr ""
7083
7089
7084
#: serverguide/C/security.xml:897(title)
7090
#: serverguide/C/security.xml:911(title)
7085
7091
msgid "AppArmor"
7086
7092
msgstr ""
7087
7093
7088
#: serverguide/C/security.xml:898(para)
7094
#: serverguide/C/security.xml:912(para)
7089
7095
msgid ""
7090
7096
"<application>AppArmor</application> is a Linux Security Module "
7091
7097
"implementation of name-based mandatory access controls. AppArmor confines "
7093
7099
"capabilities."
7094
7100
msgstr ""
7095
7101
7096
#: serverguide/C/security.xml:902(para)
7102
#: serverguide/C/security.xml:916(para)
7097
7103
msgid ""
7098
7104
"<application>AppArmor</application> is installed and loaded by default. It "
7099
7105
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7102
7108
"<application>apparmor-profiles</application> package."
7103
7109
msgstr ""
7104
7110
7105
#: serverguide/C/security.xml:907(para)
7111
#: serverguide/C/security.xml:921(para)
7106
7112
msgid ""
7107
7113
"To install the <application>apparmor-profiles</application> package from a "
7108
7114
"terminal prompt:"
7109
7115
msgstr ""
7110
7116
7111
#: serverguide/C/security.xml:911(command)
7117
#: serverguide/C/security.xml:925(command)
7112
7118
msgid "sudo apt-get install apparmor-profiles"
7113
7119
msgstr ""
7114
7120
7115
#: serverguide/C/security.xml:913(para)
7121
#: serverguide/C/security.xml:927(para)
7116
7122
msgid "AppArmor profiles have two modes of execution:"
7117
7123
msgstr ""
7118
7124
7119
#: serverguide/C/security.xml:918(para)
7125
#: serverguide/C/security.xml:932(para)
7120
7126
msgid ""
7121
7127
"Complaining/Learning: profile violations are permitted and logged. Useful "
7122
7128
"for testing and developing new profiles."
7123
7129
msgstr ""
7124
7130
7125
#: serverguide/C/security.xml:923(para)
7131
#: serverguide/C/security.xml:937(para)
7126
7132
msgid ""
7127
7133
"Enforced/Confined: enforces profile policy as well as logging the violation."
7128
7134
msgstr ""
7129
7135
7130
#: serverguide/C/security.xml:929(title)
7136
#: serverguide/C/security.xml:943(title)
7131
7137
msgid "Using AppArmor"
7132
7138
msgstr ""
7133
7139
7138
7144
"#1304134</ulink>) and instructions will not work as advertised."
7139
7145
msgstr ""
7140
7146
7141
#: serverguide/C/security.xml:930(para)
7147
#: serverguide/C/security.xml:950(para)
7142
7148
msgid ""
7143
7149
"The <application>apparmor-utils</application> package contains command line "
7144
7150
"utilities that you can use to change the <application>AppArmor</application> "
7145
7151
"execution mode, find the status of a profile, create new profiles, etc."
7146
7152
msgstr ""
7147
7153
7148
#: serverguide/C/security.xml:936(para)
7154
#: serverguide/C/security.xml:956(para)
7149
7155
msgid ""
7150
7156
"<application>apparmor_status</application> is used to view the current "
7151
7157
"status of AppArmor profiles."
7152
7158
msgstr ""
7153
7159
7154
#: serverguide/C/security.xml:940(command)
7160
#: serverguide/C/security.xml:960(command)
7155
7161
msgid "sudo apparmor_status"
7156
7162
msgstr ""
7157
7163
7158
#: serverguide/C/security.xml:944(para)
7164
#: serverguide/C/security.xml:964(para)
7159
7165
msgid ""
7160
7166
"<application>aa-complain</application> places a profile into "
7161
7167
"<emphasis>complain</emphasis> mode."
7162
7168
msgstr ""
7163
7169
7164
#: serverguide/C/security.xml:948(command)
7170
#: serverguide/C/security.xml:968(command)
7165
7171
msgid "sudo aa-complain /path/to/bin"
7166
7172
msgstr ""
7167
7173
7168
#: serverguide/C/security.xml:952(para)
7174
#: serverguide/C/security.xml:972(para)
7169
7175
msgid ""
7170
7176
"<application>aa-enforce</application> places a profile into "
7171
7177
"<emphasis>enforce</emphasis> mode."
7172
7178
msgstr ""
7173
7179
7174
#: serverguide/C/security.xml:956(command)
7180
#: serverguide/C/security.xml:976(command)
7175
7181
msgid "sudo aa-enforce /path/to/bin"
7176
7182
msgstr ""
7177
7183
7178
#: serverguide/C/security.xml:960(para)
7184
#: serverguide/C/security.xml:980(para)
7179
7185
msgid ""
7180
7186
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7181
7187
"profiles are located. It can be used to manipulate the "
7182
7188
"<emphasis>mode</emphasis> of all profiles."
7183
7189
msgstr ""
7184
7190
7185
#: serverguide/C/security.xml:964(para)
7191
#: serverguide/C/security.xml:984(para)
7186
7192
msgid "Enter the following to place all profiles into complain mode:"
7187
7193
msgstr ""
7188
7194
7189
#: serverguide/C/security.xml:968(command)
7195
#: serverguide/C/security.xml:988(command)
7190
7196
msgid "sudo aa-complain /etc/apparmor.d/*"
7191
7197
msgstr ""
7192
7198
7193
#: serverguide/C/security.xml:970(para)
7199
#: serverguide/C/security.xml:990(para)
7194
7200
msgid "To place all profiles in enforce mode:"
7195
7201
msgstr ""
7196
7202
7197
#: serverguide/C/security.xml:974(command)
7203
#: serverguide/C/security.xml:994(command)
7198
7204
msgid "sudo aa-enforce /etc/apparmor.d/*"
7199
7205
msgstr ""
7200
7206
7201
#: serverguide/C/security.xml:978(para)
7207
#: serverguide/C/security.xml:998(para)
7202
7208
msgid ""
7203
7209
"<application>apparmor_parser</application> is used to load a profile into "
7204
7210
"the kernel. It can also be used to reload a currently loaded profile using "
7205
7211
"the <emphasis>-r</emphasis> option. To load a profile:"
7206
7212
msgstr ""
7207
7213
7208
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7214
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7209
7215
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7210
7216
msgstr ""
7211
7217
7212
#: serverguide/C/security.xml:985(para)
7218
#: serverguide/C/security.xml:1005(para)
7213
7219
msgid "To reload a profile:"
7214
7220
msgstr ""
7215
7221
7216
#: serverguide/C/security.xml:989(command)
7222
#: serverguide/C/security.xml:1009(command)
7217
7223
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7218
7224
msgstr ""
7219
7225
7223
7229
"<emphasis>reload</emphasis> all profiles:"
7224
7230
msgstr ""
7225
7231
7226
#: serverguide/C/network-auth.xml:964(command)
7232
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7227
7233
msgid "sudo service apparmor reload"
7228
7234
msgstr ""
7229
7235
7230
#: serverguide/C/security.xml:1001(para)
7236
#: serverguide/C/security.xml:1021(para)
7231
7237
msgid ""
7232
7238
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7233
7239
"with the <application>apparmor_parser -R</application> option to "
7234
7240
"<emphasis>disable</emphasis> a profile."
7235
7241
msgstr ""
7236
7242
7237
#: serverguide/C/security.xml:1006(command)
7243
#: serverguide/C/security.xml:1026(command)
7238
7244
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7239
7245
msgstr ""
7240
7246
7241
#: serverguide/C/security.xml:1007(command)
7247
#: serverguide/C/security.xml:1027(command)
7242
7248
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7243
7249
msgstr ""
7244
7250
7245
#: serverguide/C/security.xml:1009(para)
7251
#: serverguide/C/security.xml:1029(para)
7246
7252
msgid ""
7247
7253
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7248
7254
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7249
7255
"load the profile using the <emphasis>-a</emphasis> option."
7250
7256
msgstr ""
7251
7257
7252
#: serverguide/C/security.xml:1014(command)
7258
#: serverguide/C/security.xml:1034(command)
7253
7259
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7254
7260
msgstr ""
7255
7261
7256
#: serverguide/C/security.xml:1019(para)
7262
#: serverguide/C/security.xml:1039(para)
7257
7263
msgid ""
7258
7264
"<application>AppArmor</application> can be disabled, and the kernel module "
7259
7265
"unloaded by entering the following:"
7263
7269
msgid "sudo service apparmor stop"
7264
7270
msgstr ""
7265
7271
7266
#: serverguide/C/security.xml:1024(command)
7272
#: serverguide/C/security.xml:1044(command)
7267
7273
msgid "sudo update-rc.d -f apparmor remove"
7268
7274
msgstr ""
7269
7275
7270
#: serverguide/C/security.xml:1028(para)
7276
#: serverguide/C/security.xml:1048(para)
7271
7277
msgid "To re-enable <application>AppArmor</application> enter:"
7272
7278
msgstr ""
7273
7279
7275
7281
msgid "sudo service apparmor start"
7276
7282
msgstr ""
7277
7283
7278
#: serverguide/C/security.xml:1033(command)
7284
#: serverguide/C/security.xml:1053(command)
7279
7285
msgid "sudo update-rc.d apparmor defaults"
7280
7286
msgstr ""
7281
7287
7282
#: serverguide/C/security.xml:1038(para)
7288
#: serverguide/C/security.xml:1058(para)
7283
7289
msgid ""
7284
7290
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7285
7291
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7287
7293
"<application>ping</application> command use <filename>/bin/ping</filename>"
7288
7294
msgstr ""
7289
7295
7290
#: serverguide/C/security.xml:1046(title)
7296
#: serverguide/C/security.xml:1066(title)
7291
7297
msgid "Profiles"
7292
7298
msgstr ""
7293
7299
7294
#: serverguide/C/security.xml:1047(para)
7300
#: serverguide/C/security.xml:1067(para)
7295
7301
msgid ""
7296
7302
"<application>AppArmor</application> profiles are simple text files located "
7297
7303
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7300
7306
"profile for the <filename>/bin/ping</filename> command."
7301
7307
msgstr ""
7302
7308
7303
#: serverguide/C/security.xml:1053(para)
7309
#: serverguide/C/security.xml:1073(para)
7304
7310
msgid "There are two main type of rules used in profiles:"
7305
7311
msgstr ""
7306
7312
7307
#: serverguide/C/security.xml:1058(para)
7313
#: serverguide/C/security.xml:1078(para)
7308
7314
msgid ""
7309
"<emphasis>Path entries:</emphasis> which detail which files an application "
7310
"can access in the file system."
7315
"<emphasis>Path entries:</emphasis> detail which files an application can "
7316
"access in the file system."
7311
7317
msgstr ""
7312
7318
7313
#: serverguide/C/security.xml:1063(para)
7319
#: serverguide/C/security.xml:1083(para)
7314
7320
msgid ""
7315
7321
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7316
7322
"confined process is allowed to use."
7317
7323
msgstr ""
7318
7324
7319
#: serverguide/C/security.xml:1068(para)
7325
#: serverguide/C/security.xml:1088(para)
7320
7326
msgid ""
7321
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7327
"As an example, take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7322
7328
msgstr ""
7323
7329
7324
#: serverguide/C/security.xml:1071(programlisting)
7330
#: serverguide/C/security.xml:1091(programlisting)
7325
7331
#, no-wrap
7326
7332
msgid ""
7327
7333
"\n"
7340
7346
"}\n"
7341
7347
msgstr ""
7342
7348
7343
#: serverguide/C/security.xml:1088(para)
7349
#: serverguide/C/security.xml:1108(para)
7344
7350
msgid ""
7345
7351
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7346
7352
"from other files. This allows statements pertaining to multiple applications "
7347
7353
"to be placed in a common file."
7348
7354
msgstr ""
7349
7355
7350
#: serverguide/C/security.xml:1094(para)
7356
#: serverguide/C/security.xml:1114(para)
7351
7357
msgid ""
7352
7358
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7353
7359
"program, also setting the mode to <emphasis>complain</emphasis>."
7354
7360
msgstr ""
7355
7361
7356
#: serverguide/C/security.xml:1100(para)
7362
#: serverguide/C/security.xml:1120(para)
7357
7363
msgid ""
7358
7364
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7359
7365
"the CAP_NET_RAW Posix.1e capability."
7360
7366
msgstr ""
7361
7367
7362
#: serverguide/C/security.xml:1105(para)
7368
#: serverguide/C/security.xml:1125(para)
7363
7369
msgid ""
7364
7370
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7365
7371
"execute access to the file."
7366
7372
msgstr ""
7367
7373
7368
#: serverguide/C/security.xml:1111(para)
7374
#: serverguide/C/security.xml:1131(para)
7369
7375
msgid ""
7370
7376
"After editing a profile file the profile must be reloaded. See <xref "
7371
7377
"linkend=\"apparmor-usage\"/> for details."
7372
7378
msgstr ""
7373
7379
7374
#: serverguide/C/security.xml:1116(title)
7380
#: serverguide/C/security.xml:1136(title)
7375
7381
msgid "Creating a Profile"
7376
7382
msgstr ""
7377
7383
7378
#: serverguide/C/security.xml:1119(para)
7384
#: serverguide/C/security.xml:1139(para)
7379
7385
msgid ""
7380
7386
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7381
7387
"application should be exercised. The test plan should be divided into small "
7383
7389
"steps to follow."
7384
7390
msgstr ""
7385
7391
7386
#: serverguide/C/security.xml:1123(para)
7392
#: serverguide/C/security.xml:1143(para)
7387
7393
msgid "Some standard test cases are:"
7388
7394
msgstr ""
7389
7395
7390
#: serverguide/C/security.xml:1128(para)
7396
#: serverguide/C/security.xml:1148(para)
7391
7397
msgid "Starting the program."
7392
7398
msgstr ""
7393
7399
7394
#: serverguide/C/security.xml:1133(para)
7400
#: serverguide/C/security.xml:1153(para)
7395
7401
msgid "Stopping the program."
7396
7402
msgstr ""
7397
7403
7398
#: serverguide/C/security.xml:1138(para)
7404
#: serverguide/C/security.xml:1158(para)
7399
7405
msgid "Reloading the program."
7400
7406
msgstr ""
7401
7407
7402
#: serverguide/C/security.xml:1143(para)
7408
#: serverguide/C/security.xml:1163(para)
7403
7409
msgid "Testing all the commands supported by the init script."
7404
7410
msgstr ""
7405
7411
7406
#: serverguide/C/security.xml:1150(para)
7412
#: serverguide/C/security.xml:1170(para)
7407
7413
msgid ""
7408
7414
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7409
7415
"genprof</application> to generate a new profile. From a terminal:"
7410
7416
msgstr ""
7411
7417
7412
#: serverguide/C/security.xml:1155(command)
7418
#: serverguide/C/security.xml:1175(command)
7413
7419
msgid "sudo aa-genprof executable"
7414
7420
msgstr ""
7415
7421
7416
#: serverguide/C/security.xml:1157(para)
7422
#: serverguide/C/security.xml:1177(para)
7417
7423
msgid "For example:"
7418
7424
msgstr ""
7419
7425
7420
#: serverguide/C/security.xml:1161(command)
7426
#: serverguide/C/security.xml:1181(command)
7421
7427
msgid "sudo aa-genprof slapd"
7422
7428
msgstr ""
7423
7429
7424
#: serverguide/C/security.xml:1165(para)
7430
#: serverguide/C/security.xml:1185(para)
7425
7431
msgid ""
7426
7432
"To get your new profile included in the <application>apparmor-"
7427
7433
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7430
7436
"/ulink> package:"
7431
7437
msgstr ""
7432
7438
7433
#: serverguide/C/security.xml:1172(para)
7439
#: serverguide/C/security.xml:1192(para)
7434
7440
msgid "Include your test plan and test cases."
7435
7441
msgstr ""
7436
7442
7437
#: serverguide/C/security.xml:1177(para)
7443
#: serverguide/C/security.xml:1197(para)
7438
7444
msgid "Attach your new profile to the bug."
7439
7445
msgstr ""
7440
7446
7441
#: serverguide/C/security.xml:1186(title)
7447
#: serverguide/C/security.xml:1206(title)
7442
7448
msgid "Updating Profiles"
7443
7449
msgstr ""
7444
7450
7445
#: serverguide/C/security.xml:1187(para)
7451
#: serverguide/C/security.xml:1207(para)
7446
7452
msgid ""
7447
7453
"When the program is misbehaving, audit messages are sent to the log files. "
7448
7454
"The program <application>aa-logprof</application> can be used to scan log "
7450
7456
"and update the profiles. From a terminal:"
7451
7457
msgstr ""
7452
7458
7453
#: serverguide/C/security.xml:1192(command)
7459
#: serverguide/C/security.xml:1212(command)
7454
7460
msgid "sudo aa-logprof"
7455
7461
msgstr ""
7456
7462
7457
#: serverguide/C/security.xml:1200(para)
7463
#: serverguide/C/security.xml:1220(para)
7458
7464
msgid ""
7459
7465
"See the <ulink "
7460
7466
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7463
7469
"configuration options."
7464
7470
msgstr ""
7465
7471
7466
#: serverguide/C/security.xml:1207(para)
7472
#: serverguide/C/security.xml:1227(para)
7467
7473
msgid ""
7468
7474
"For details using AppArmor with other Ubuntu releases see the <ulink "
7469
7475
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7470
7476
"Wiki</ulink> page."
7471
7477
msgstr ""
7472
7478
7473
#: serverguide/C/security.xml:1215(para)
7479
#: serverguide/C/security.xml:1235(para)
7474
7480
msgid ""
7475
7481
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7476
7482
"AppArmor</ulink> page is another introduction to AppArmor."
7477
7483
msgstr ""
7478
7484
7479
#: serverguide/C/security.xml:1222(para)
7485
#: serverguide/C/security.xml:1242(para)
7480
7486
msgid ""
7481
7487
"A great place to ask for <application>AppArmor</application> assistance, and "
7482
7488
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7484
7490
"url=\"http://freenode.net\">freenode</ulink>."
7485
7491
msgstr ""
7486
7492
7487
#: serverguide/C/security.xml:1232(title)
7493
#: serverguide/C/security.xml:1252(title)
7488
7494
msgid "Certificates"
7489
7495
msgstr ""
7490
7496
7491
#: serverguide/C/security.xml:1233(para)
7497
#: serverguide/C/security.xml:1253(para)
7492
7498
msgid ""
7493
7499
"One of the most common forms of cryptography today is <emphasis>public-"
7494
7500
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7498
7504
"the private key."
7499
7505
msgstr ""
7500
7506
7501
#: serverguide/C/security.xml:1239(para)
7507
#: serverguide/C/security.xml:1259(para)
7502
7508
msgid ""
7503
7509
"A common use for public-key cryptography is encrypting application traffic "
7504
7510
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7505
"connection. For example, configuring Apache to provide "
7511
"connection. One example: configuring Apache to provide "
7506
7512
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7507
7513
"encrypt traffic using a protocol that does not itself provide encryption."
7508
7514
msgstr ""
7509
7515
7510
#: serverguide/C/security.xml:1244(para)
7516
#: serverguide/C/security.xml:1264(para)
7511
7517
msgid ""
7512
7518
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7513
7519
"<emphasis>public key</emphasis> and other information about a server and the "
7514
7520
"organization who is responsible for it. Certificates can be digitally signed "
7515
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7521
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7516
7522
"third party that has confirmed that the information contained in the "
7517
7523
"certificate is accurate."
7518
7524
msgstr ""
7519
7525
7520
#: serverguide/C/security.xml:1251(title)
7526
#: serverguide/C/security.xml:1271(title)
7521
7527
msgid "Types of Certificates"
7522
7528
msgstr ""
7523
7529
7524
#: serverguide/C/security.xml:1252(para)
7530
#: serverguide/C/security.xml:1272(para)
7525
7531
msgid ""
7526
7532
"To set up a secure server using public-key cryptography, in most cases, you "
7527
7533
"send your certificate request (including your public key), proof of your "
7531
7537
"signed</emphasis> certificate."
7532
7538
msgstr ""
7533
7539
7534
#: serverguide/C/security.xml:1262(para)
7540
#: serverguide/C/security.xml:1282(para)
7535
7541
msgid ""
7536
"Note, that self-signed certificates should not be used in most production "
7542
"Note that self-signed certificates should not be used in most production "
7537
7543
"environments."
7538
7544
msgstr ""
7539
7545
7540
#: serverguide/C/security.xml:1266(para)
7546
#: serverguide/C/security.xml:1286(para)
7541
7547
msgid ""
7542
7548
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7543
7549
"capabilities that a self-signed certificate does not:"
7544
7550
msgstr ""
7545
7551
7546
#: serverguide/C/security.xml:1273(para)
7552
#: serverguide/C/security.xml:1293(para)
7547
7553
msgid ""
7548
7554
"Browsers (usually) automatically recognize the certificate and allow a "
7549
7555
"secure connection to be made without prompting the user."
7550
7556
msgstr ""
7551
7557
7552
#: serverguide/C/security.xml:1280(para)
7558
#: serverguide/C/security.xml:1300(para)
7553
7559
msgid ""
7554
7560
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7555
7561
"the organization that is providing the web pages to the browser."
7564
7570
"may generate an error message when using a self-signed certificate."
7565
7571
msgstr ""
7566
7572
7567
#: serverguide/C/security.xml:1296(para)
7573
#: serverguide/C/security.xml:1316(para)
7568
7574
msgid ""
7569
7575
"The process of getting a certificate from a CA is fairly easy. A quick "
7570
7576
"overview is as follows:"
7571
7577
msgstr ""
7572
7578
7573
#: serverguide/C/security.xml:1303(para)
7579
#: serverguide/C/security.xml:1323(para)
7574
7580
msgid "Create a private and public encryption key pair."
7575
7581
msgstr ""
7576
7582
7577
#: serverguide/C/security.xml:1306(para)
7583
#: serverguide/C/security.xml:1326(para)
7578
7584
msgid ""
7579
7585
"Create a certificate request based on the public key. The certificate "
7580
7586
"request contains information about your server and the company hosting it."
7581
7587
msgstr ""
7582
7588
7583
#: serverguide/C/security.xml:1311(para)
7589
#: serverguide/C/security.xml:1331(para)
7584
7590
msgid ""
7585
7591
"Send the certificate request, along with documents proving your identity, to "
7586
7592
"a CA. We cannot tell you which certificate authority to choose. Your "
7588
7594
"your friends or colleagues, or purely on monetary factors."
7589
7595
msgstr ""
7590
7596
7591
#: serverguide/C/security.xml:1317(para)
7597
#: serverguide/C/security.xml:1337(para)
7592
7598
msgid ""
7593
7599
"Once you have decided upon a CA, you need to follow the instructions they "
7594
7600
"provide on how to obtain a certificate from them."
7595
7601
msgstr ""
7596
7602
7597
#: serverguide/C/security.xml:1322(para)
7603
#: serverguide/C/security.xml:1342(para)
7598
7604
msgid ""
7599
7605
"When the CA is satisfied that you are indeed who you claim to be, they send "
7600
7606
"you a digital certificate."
7601
7607
msgstr ""
7602
7608
7603
#: serverguide/C/security.xml:1326(para)
7609
#: serverguide/C/security.xml:1346(para)
7604
7610
msgid ""
7605
7611
"Install this certificate on your secure server, and configure the "
7606
7612
"appropriate applications to use the certificate."
7607
7613
msgstr ""
7608
7614
7609
#: serverguide/C/security.xml:1335(title)
7615
#: serverguide/C/security.xml:1355(title)
7610
7616
msgid "Generating a Certificate Signing Request (CSR)"
7611
7617
msgstr ""
7612
7618
7613
#: serverguide/C/security.xml:1337(para)
7619
#: serverguide/C/security.xml:1357(para)
7614
7620
msgid ""
7615
7621
"Whether you are getting a certificate from a CA or generating your own self-"
7616
7622
"signed certificate, the first step is to generate a key."
7617
7623
msgstr ""
7618
7624
7619
#: serverguide/C/security.xml:1342(para)
7625
#: serverguide/C/security.xml:1362(para)
7620
7626
msgid ""
7621
7627
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7622
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7628
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7623
7629
"passphrase allows the services to start without manual intervention, usually "
7624
7630
"the preferred way to start a daemon."
7625
7631
msgstr ""
7626
7632
7627
#: serverguide/C/security.xml:1348(para)
7633
#: serverguide/C/security.xml:1368(para)
7628
7634
msgid ""
7629
7635
"This section will cover generating a key with a passphrase, and one without. "
7630
7636
"The non-passphrase key will then be used to generate a certificate that can "
7631
7637
"be used with various service daemons."
7632
7638
msgstr ""
7633
7639
7634
#: serverguide/C/security.xml:1354(para)
7640
#: serverguide/C/security.xml:1374(para)
7635
7641
msgid ""
7636
7642
"Running your secure service without a passphrase is convenient because you "
7637
7643
"will not need to enter the passphrase every time you start your secure "
7639
7645
"of the server as well."
7640
7646
msgstr ""
7641
7647
7642
#: serverguide/C/security.xml:1361(para)
7648
#: serverguide/C/security.xml:1381(para)
7643
7649
msgid ""
7644
7650
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7645
7651
"Request (CSR) run the following command from a terminal prompt:"
7646
7652
msgstr ""
7647
7653
7648
#: serverguide/C/security.xml:1367(command)
7654
#: serverguide/C/security.xml:1387(command)
7649
7655
msgid "openssl genrsa -des3 -out server.key 2048"
7650
7656
msgstr ""
7651
7657
7652
#: serverguide/C/security.xml:1370(programlisting)
7658
#: serverguide/C/security.xml:1390(programlisting)
7653
7659
#, no-wrap
7654
7660
msgid ""
7655
7661
"\n"
7660
7666
"Enter pass phrase for server.key:\n"
7661
7667
msgstr ""
7662
7668
7663
#: serverguide/C/security.xml:1378(para)
7669
#: serverguide/C/security.xml:1398(para)
7664
7670
msgid ""
7665
7671
"You can now enter your passphrase. For best security, it should at least "
7666
7672
"contain eight characters. The minimum length when specifying -des3 is four "
7668
7674
"in a dictionary. Also remember that your passphrase is case-sensitive."
7669
7675
msgstr ""
7670
7676
7671
#: serverguide/C/security.xml:1386(para)
7677
#: serverguide/C/security.xml:1406(para)
7672
7678
msgid ""
7673
7679
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7674
7680
"server key is generated and stored in the <filename>server.key</filename> "
7675
7681
"file."
7676
7682
msgstr ""
7677
7683
7678
#: serverguide/C/security.xml:1392(para)
7684
#: serverguide/C/security.xml:1412(para)
7679
7685
msgid ""
7680
7686
"Now create the insecure key, the one without a passphrase, and shuffle the "
7681
7687
"key names:"
7682
7688
msgstr ""
7683
7689
7684
#: serverguide/C/security.xml:1398(command)
7690
#: serverguide/C/security.xml:1418(command)
7685
7691
msgid "openssl rsa -in server.key -out server.key.insecure"
7686
7692
msgstr ""
7687
7693
7688
#: serverguide/C/security.xml:1399(command)
7694
#: serverguide/C/security.xml:1419(command)
7689
7695
msgid "mv server.key server.key.secure"
7690
7696
msgstr ""
7691
7697
7692
#: serverguide/C/security.xml:1400(command)
7698
#: serverguide/C/security.xml:1420(command)
7693
7699
msgid "mv server.key.insecure server.key"
7694
7700
msgstr ""
7695
7701
7696
#: serverguide/C/security.xml:1403(para)
7702
#: serverguide/C/security.xml:1423(para)
7697
7703
msgid ""
7698
7704
"The insecure key is now named <filename>server.key</filename>, and you can "
7699
7705
"use this file to generate the CSR without passphrase."
7700
7706
msgstr ""
7701
7707
7702
#: serverguide/C/security.xml:1408(para)
7708
#: serverguide/C/security.xml:1428(para)
7703
7709
msgid "To create the CSR, run the following command at a terminal prompt:"
7704
7710
msgstr ""
7705
7711
7706
#: serverguide/C/security.xml:1413(command)
7712
#: serverguide/C/security.xml:1433(command)
7707
7713
msgid "openssl req -new -key server.key -out server.csr"
7708
7714
msgstr ""
7709
7715
7710
#: serverguide/C/security.xml:1416(para)
7716
#: serverguide/C/security.xml:1436(para)
7711
7717
msgid ""
7712
7718
"It will prompt you enter the passphrase. If you enter the correct "
7713
7719
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7715
7721
"be stored in the <filename>server.csr</filename> file."
7716
7722
msgstr ""
7717
7723
7718
#: serverguide/C/security.xml:1424(para)
7724
#: serverguide/C/security.xml:1444(para)
7719
7725
msgid ""
7720
7726
"You can now submit this CSR file to a CA for processing. The CA will use "
7721
7727
"this CSR file and issue the certificate. On the other hand, you can create "
7722
7728
"self-signed certificate using this CSR."
7723
7729
msgstr ""
7724
7730
7725
#: serverguide/C/security.xml:1432(title)
7731
#: serverguide/C/security.xml:1452(title)
7726
7732
msgid "Creating a Self-Signed Certificate"
7727
7733
msgstr ""
7728
7734
7729
#: serverguide/C/security.xml:1433(para)
7735
#: serverguide/C/security.xml:1453(para)
7730
7736
msgid ""
7731
7737
"To create the self-signed certificate, run the following command at a "
7732
7738
"terminal prompt:"
7733
7739
msgstr ""
7734
7740
7735
#: serverguide/C/security.xml:1438(command)
7741
#: serverguide/C/security.xml:1458(command)
7736
7742
msgid ""
7737
7743
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7738
7744
"server.crt"
7739
7745
msgstr ""
7740
7746
7741
#: serverguide/C/security.xml:1441(para)
7747
#: serverguide/C/security.xml:1461(para)
7742
7748
msgid ""
7743
7749
"The above command will prompt you to enter the passphrase. Once you enter "
7744
7750
"the correct passphrase, your certificate will be created and it will be "
7745
7751
"stored in the <filename>server.crt</filename> file."
7746
7752
msgstr ""
7747
7753
7748
#: serverguide/C/security.xml:1446(para)
7754
#: serverguide/C/security.xml:1466(para)
7749
7755
msgid ""
7750
7756
"If your secure server is to be used in a production environment, you "
7751
7757
"probably need a CA-signed certificate. It is not recommended to use self-"
7752
7758
"signed certificate."
7753
7759
msgstr ""
7754
7760
7755
#: serverguide/C/security.xml:1454(title)
7761
#: serverguide/C/security.xml:1474(title)
7756
7762
msgid "Installing the Certificate"
7757
7763
msgstr ""
7758
7764
7759
#: serverguide/C/security.xml:1456(para)
7765
#: serverguide/C/security.xml:1476(para)
7760
7766
msgid ""
7761
7767
"You can install the key file <filename>server.key</filename> and certificate "
7762
7768
"file <filename>server.crt</filename>, or the certificate file issued by your "
7763
7769
"CA, by running following commands at a terminal prompt:"
7764
7770
msgstr ""
7765
7771
7766
#: serverguide/C/security.xml:1462(command)
7772
#: serverguide/C/security.xml:1482(command)
7767
7773
msgid "sudo cp server.crt /etc/ssl/certs"
7768
7774
msgstr ""
7769
7775
7770
#: serverguide/C/security.xml:1463(command)
7776
#: serverguide/C/security.xml:1483(command)
7771
7777
msgid "sudo cp server.key /etc/ssl/private"
7772
7778
msgstr ""
7773
7779
7774
#: serverguide/C/security.xml:1465(para)
7780
#: serverguide/C/security.xml:1485(para)
7775
7781
msgid ""
7776
7782
"Now simply configure any applications, with the ability to use public-key "
7777
7783
"cryptography, to use the <emphasis>certificate</emphasis> and "
7780
7786
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7781
7787
msgstr ""
7782
7788
7783
#: serverguide/C/security.xml:1472(title)
7789
#: serverguide/C/security.xml:1492(title)
7784
7790
msgid "Certification Authority"
7785
7791
msgstr ""
7786
7792
7787
#: serverguide/C/security.xml:1474(para)
7793
#: serverguide/C/security.xml:1494(para)
7788
7794
msgid ""
7789
7795
"If the services on your network require more than a few self-signed "
7790
7796
"certificates it may be worth the additional effort to setup your own "
7794
7800
"the same CA."
7795
7801
msgstr ""
7796
7802
7797
#: serverguide/C/security.xml:1484(para)
7803
#: serverguide/C/security.xml:1504(para)
7798
7804
msgid ""
7799
7805
"First, create the directories to hold the CA certificate and related files:"
7800
7806
msgstr ""
7801
7807
7802
#: serverguide/C/security.xml:1489(command)
7808
#: serverguide/C/security.xml:1509(command)
7803
7809
msgid "sudo mkdir /etc/ssl/CA"
7804
7810
msgstr ""
7805
7811
7806
#: serverguide/C/security.xml:1490(command)
7812
#: serverguide/C/security.xml:1510(command)
7807
7813
msgid "sudo mkdir /etc/ssl/newcerts"
7808
7814
msgstr ""
7809
7815
7810
#: serverguide/C/security.xml:1496(para)
7816
#: serverguide/C/security.xml:1516(para)
7811
7817
msgid ""
7812
7818
"The CA needs a few additional files to operate, one to keep track of the "
7813
7819
"last serial number used by the CA, each certificate must have a unique "
7815
7821
"issued:"
7816
7822
msgstr ""
7817
7823
7818
#: serverguide/C/security.xml:1503(command)
7824
#: serverguide/C/security.xml:1523(command)
7819
7825
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7820
7826
msgstr ""
7821
7827
7822
#: serverguide/C/security.xml:1504(command)
7828
#: serverguide/C/security.xml:1524(command)
7823
7829
msgid "sudo touch /etc/ssl/CA/index.txt"
7824
7830
msgstr ""
7825
7831
7826
#: serverguide/C/security.xml:1510(para)
7832
#: serverguide/C/security.xml:1530(para)
7827
7833
msgid ""
7828
7834
"The third file is a CA configuration file. Though not strictly necessary, it "
7829
7835
"is very convenient when issuing multiple certificates. Edit "
7831
7837
"]</emphasis> change:"
7832
7838
msgstr ""
7833
7839
7834
#: serverguide/C/security.xml:1516(programlisting)
7840
#: serverguide/C/security.xml:1536(programlisting)
7835
7841
#, no-wrap
7836
7842
msgid ""
7837
7843
"\n"
7846
7852
msgid "Next, create the self-signed root certificate:"
7847
7853
msgstr ""
7848
7854
7849
#: serverguide/C/security.xml:1532(command)
7855
#: serverguide/C/security.xml:1552(command)
7850
7856
msgid ""
7851
7857
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7852
7858
"days 3650"
7853
7859
msgstr ""
7854
7860
7855
#: serverguide/C/security.xml:1535(para)
7861
#: serverguide/C/security.xml:1555(para)
7856
7862
msgid "You will then be asked to enter the details about the certificate."
7857
7863
msgstr ""
7858
7864
7859
#: serverguide/C/security.xml:1542(para)
7865
#: serverguide/C/security.xml:1562(para)
7860
7866
msgid "Now install the root certificate and key:"
7861
7867
msgstr ""
7862
7868
7863
#: serverguide/C/security.xml:1547(command)
7869
#: serverguide/C/security.xml:1567(command)
7864
7870
msgid "sudo mv cakey.pem /etc/ssl/private/"
7865
7871
msgstr ""
7866
7872
7867
#: serverguide/C/security.xml:1548(command)
7873
#: serverguide/C/security.xml:1568(command)
7868
7874
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7869
7875
msgstr ""
7870
7876
7871
#: serverguide/C/security.xml:1554(para)
7877
#: serverguide/C/security.xml:1574(para)
7872
7878
msgid ""
7873
7879
"You are now ready to start signing certificates. The first item needed is a "
7874
7880
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7876
7882
"certificate signed by the CA:"
7877
7883
msgstr ""
7878
7884
7879
#: serverguide/C/security.xml:1561(command)
7885
#: serverguide/C/security.xml:1581(command)
7880
7886
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7881
7887
msgstr ""
7882
7888
7883
#: serverguide/C/security.xml:1564(para)
7889
#: serverguide/C/security.xml:1584(para)
7884
7890
msgid ""
7885
7891
"After entering the password for the CA key, you will be prompted to sign the "
7886
7892
"certificate, and again to commit the new certificate. You should then see a "
7887
7893
"somewhat large amount of output related to the certificate creation."
7888
7894
msgstr ""
7889
7895
7890
#: serverguide/C/security.xml:1573(para)
7896
#: serverguide/C/security.xml:1593(para)
7891
7897
msgid ""
7892
7898
"There should now be a new file, "
7893
7899
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7898
7904
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7899
7905
msgstr ""
7900
7906
7901
#: serverguide/C/security.xml:1581(para)
7907
#: serverguide/C/security.xml:1601(para)
7902
7908
msgid ""
7903
7909
"Subsequent certificates will be named <filename>02.pem</filename>, "
7904
7910
"<filename>03.pem</filename>, etc."
7905
7911
msgstr ""
7906
7912
7907
#: serverguide/C/security.xml:1586(para)
7913
#: serverguide/C/security.xml:1606(para)
7908
7914
msgid ""
7909
7915
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7910
7916
"name."
7911
7917
msgstr ""
7912
7918
7913
#: serverguide/C/security.xml:1594(para)
7919
#: serverguide/C/security.xml:1614(para)
7914
7920
msgid ""
7915
7921
"Finally, copy the new certificate to the host that needs it, and configure "
7916
7922
"the appropriate applications to use it. The default location to install "
7919
7925
"complicated file permissions."
7920
7926
msgstr ""
7921
7927
7922
#: serverguide/C/security.xml:1600(para)
7928
#: serverguide/C/security.xml:1620(para)
7923
7929
msgid ""
7924
7930
"For applications that can be configured to use a CA certificate, you should "
7925
7931
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7927
7933
"server."
7928
7934
msgstr ""
7929
7935
7930
#: serverguide/C/security.xml:1614(para)
7936
#: serverguide/C/security.xml:1634(para)
7931
7937
msgid ""
7932
7938
"For more detailed instructions on using cryptography see the <ulink "
7933
7939
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7934
"Certificates HOWTO</ulink> by tldp.org"
7940
"Certificates HOWTO</ulink> by tldp.org:"
7935
7941
msgstr ""
7936
7942
7937
#: serverguide/C/security.xml:1620(para)
7943
#: serverguide/C/security.xml:1640(para)
7938
7944
msgid ""
7939
7945
"The Wikipedia <ulink "
7940
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7946
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
7941
7947
"information regarding HTTPS."
7942
7948
msgstr ""
7943
7949
7944
#: serverguide/C/security.xml:1625(para)
7950
#: serverguide/C/security.xml:1645(para)
7945
7951
msgid ""
7946
7952
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7947
7953
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7948
7954
msgstr ""
7949
7955
7950
#: serverguide/C/security.xml:1630(para)
7956
#: serverguide/C/security.xml:1650(para)
7951
7957
msgid ""
7952
7958
"Also, O'Reilly's <ulink "
7953
7959
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7954
"OpenSSL</ulink> is a good in depth reference."
7960
"OpenSSL</ulink> is a good in-depth reference."
7955
7961
msgstr ""
7956
7962
7957
#: serverguide/C/security.xml:1639(title)
7963
#: serverguide/C/security.xml:1659(title)
7958
7964
msgid "eCryptfs"
7959
7965
msgstr ""
7960
7966
7966
7972
"filesystem, partition type, etc."
7967
7973
msgstr ""
7968
7974
7969
#: serverguide/C/security.xml:1647(para)
7975
#: serverguide/C/security.xml:1667(para)
7970
7976
msgid ""
7971
7977
"During installation there is an option to encrypt the <filename "
7972
7978
"role=\"directory\">/home</filename> partition. This will automatically "
7973
7979
"configure everything needed to encrypt and mount the partition."
7974
7980
msgstr ""
7975
7981
7976
#: serverguide/C/security.xml:1652(para)
7982
#: serverguide/C/security.xml:1672(para)
7977
7983
msgid ""
7978
7984
"As an example, this section will cover configuring <filename "
7979
7985
"role=\"directory\">/srv</filename> to be encrypted using "
7980
7986
"<emphasis>eCryptfs</emphasis>."
7981
7987
msgstr ""
7982
7988
7983
#: serverguide/C/security.xml:1657(title)
7989
#: serverguide/C/security.xml:1677(title)
7984
7990
msgid "Using eCryptfs"
7985
7991
msgstr ""
7986
7992
7987
#: serverguide/C/security.xml:1659(para)
7993
#: serverguide/C/security.xml:1679(para)
7988
7994
msgid "First, install the necessary packages. From a terminal prompt enter:"
7989
7995
msgstr ""
7990
7996
7991
#: serverguide/C/security.xml:1664(command)
7997
#: serverguide/C/security.xml:1684(command)
7992
7998
msgid "sudo apt-get install ecryptfs-utils"
7993
7999
msgstr ""
7994
8000
7995
#: serverguide/C/security.xml:1667(para)
8001
#: serverguide/C/security.xml:1687(para)
7996
8002
msgid "Now mount the partition to be encrypted:"
7997
8003
msgstr ""
7998
8004
7999
#: serverguide/C/security.xml:1672(command)
8005
#: serverguide/C/security.xml:1692(command)
8000
8006
msgid "sudo mount -t ecryptfs /srv /srv"
8001
8007
msgstr ""
8002
8008
8003
#: serverguide/C/security.xml:1675(para)
8009
#: serverguide/C/security.xml:1695(para)
8004
8010
msgid ""
8005
8011
"You will then be prompted for some details on how "
8006
8012
"<application>ecryptfs</application> should encrypt the data."
8007
8013
msgstr ""
8008
8014
8009
#: serverguide/C/security.xml:1679(para)
8015
#: serverguide/C/security.xml:1699(para)
8010
8016
msgid ""
8011
8017
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8012
8018
"copy the <filename>/etc/default</filename> folder to "
8013
8019
"<filename>/srv</filename>:"
8014
8020
msgstr ""
8015
8021
8016
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8022
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8017
8023
msgid "sudo cp -r /etc/default /srv"
8018
8024
msgstr ""
8019
8025
8020
#: serverguide/C/security.xml:1688(para)
8026
#: serverguide/C/security.xml:1708(para)
8021
8027
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8022
8028
msgstr ""
8023
8029
8024
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8030
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8025
8031
msgid "sudo umount /srv"
8026
8032
msgstr ""
8027
8033
8028
#: serverguide/C/security.xml:1694(command)
8034
#: serverguide/C/security.xml:1714(command)
8029
8035
msgid "cat /srv/default/cron"
8030
8036
msgstr ""
8031
8037
8032
#: serverguide/C/security.xml:1697(para)
8038
#: serverguide/C/security.xml:1717(para)
8033
8039
msgid ""
8034
8040
"Remounting <filename>/srv</filename> using "
8035
8041
"<application>ecryptfs</application> will make the data viewable once again."
8036
8042
msgstr ""
8037
8043
8038
#: serverguide/C/security.xml:1703(title)
8044
#: serverguide/C/security.xml:1723(title)
8039
8045
msgid "Automatically Mounting Encrypted Partitions"
8040
8046
msgstr ""
8041
8047
8042
#: serverguide/C/security.xml:1705(para)
8048
#: serverguide/C/security.xml:1725(para)
8043
8049
msgid ""
8044
8050
"There are a couple of ways to automatically mount an "
8045
8051
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8047
8053
"mount options, along with a passphrase file residing on a USB key."
8048
8054
msgstr ""
8049
8055
8050
#: serverguide/C/security.xml:1711(para)
8056
#: serverguide/C/security.xml:1731(para)
8051
8057
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8052
8058
msgstr ""
8053
8059
8054
#: serverguide/C/security.xml:1715(programlisting)
8060
#: serverguide/C/security.xml:1735(programlisting)
8055
8061
#, no-wrap
8056
8062
msgid ""
8057
8063
"\n"
8063
8069
"ecryptfs_enable_filename_crypto=n\n"
8064
8070
msgstr ""
8065
8071
8066
#: serverguide/C/security.xml:1725(para)
8072
#: serverguide/C/security.xml:1745(para)
8067
8073
msgid ""
8068
8074
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8069
8075
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8070
8076
msgstr ""
8071
8077
8072
#: serverguide/C/security.xml:1730(para)
8078
#: serverguide/C/security.xml:1750(para)
8073
8079
msgid ""
8074
8080
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8075
8081
"file:"
8076
8082
msgstr ""
8077
8083
8078
#: serverguide/C/security.xml:1734(programlisting)
8084
#: serverguide/C/security.xml:1754(programlisting)
8079
8085
#, no-wrap
8080
8086
msgid ""
8081
8087
"\n"
8082
8088
"passphrase_passwd=[secrets]\n"
8083
8089
msgstr ""
8084
8090
8085
#: serverguide/C/security.xml:1738(para)
8091
#: serverguide/C/security.xml:1758(para)
8086
8092
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8087
8093
msgstr ""
8088
8094
8089
#: serverguide/C/security.xml:1742(programlisting)
8095
#: serverguide/C/security.xml:1762(programlisting)
8090
8096
#, no-wrap
8091
8097
msgid ""
8092
8098
"\n"
8094
8100
"/srv /srv ecryptfs defaults 0 0\n"
8095
8101
msgstr ""
8096
8102
8097
#: serverguide/C/security.xml:1747(para)
8103
#: serverguide/C/security.xml:1767(para)
8098
8104
msgid "Make sure the USB drive is mounted before the encrypted partition."
8099
8105
msgstr ""
8100
8106
8101
#: serverguide/C/security.xml:1751(para)
8107
#: serverguide/C/security.xml:1771(para)
8102
8108
msgid ""
8103
8109
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8104
8110
"<emphasis>eCryptfs</emphasis>."
8105
8111
msgstr ""
8106
8112
8107
#: serverguide/C/security.xml:1757(title)
8113
#: serverguide/C/security.xml:1777(title)
8108
8114
msgid "Other Utilities"
8109
8115
msgstr ""
8110
8116
8111
#: serverguide/C/security.xml:1759(para)
8117
#: serverguide/C/security.xml:1779(para)
8112
8118
msgid ""
8113
8119
"The <application>ecryptfs-utils</application> package includes several other "
8114
8120
"useful utilities:"
8115
8121
msgstr ""
8116
8122
8117
#: serverguide/C/security.xml:1765(para)
8123
#: serverguide/C/security.xml:1785(para)
8118
8124
msgid ""
8119
8125
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8120
8126
"<filename>~/Private</filename> directory to contain encrypted information. "
8122
8128
"other users on the system."
8123
8129
msgstr ""
8124
8130
8125
#: serverguide/C/security.xml:1772(para)
8131
#: serverguide/C/security.xml:1792(para)
8126
8132
msgid ""
8127
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8128
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8129
"directory."
8133
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8134
"private</emphasis> will mount and unmount a user's "
8135
"<filename>~/Private</filename> directory."
8130
8136
msgstr ""
8131
8137
8132
#: serverguide/C/security.xml:1778(para)
8138
#: serverguide/C/security.xml:1798(para)
8133
8139
msgid ""
8134
8140
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8135
8141
"kernel keyring."
8136
8142
msgstr ""
8137
8143
8138
#: serverguide/C/security.xml:1783(para)
8144
#: serverguide/C/security.xml:1803(para)
8139
8145
msgid ""
8140
8146
"<emphasis>ecryptfs-manager:</emphasis> manages "
8141
8147
"<application>eCryptfs</application> objects such as keys."
8142
8148
msgstr ""
8143
8149
8144
#: serverguide/C/security.xml:1788(para)
8150
#: serverguide/C/security.xml:1808(para)
8145
8151
msgid ""
8146
8152
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8147
8153
"<application>ecryptfs</application> meta information for a file."
8148
8154
msgstr ""
8149
8155
8150
#: serverguide/C/security.xml:1801(para)
8156
#: serverguide/C/security.xml:1821(para)
8151
8157
msgid ""
8152
8158
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8153
8159
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8154
8160
msgstr ""
8155
8161
8156
#: serverguide/C/security.xml:1806(para)
8162
#: serverguide/C/security.xml:1826(para)
8157
8163
msgid ""
8158
8164
"There is also a <ulink "
8159
8165
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8172
8178
msgid "Samba"
8173
8179
msgstr ""
8174
8180
8175
#: serverguide/C/windows-networking.xml:13(para)
8181
#: serverguide/C/samba.xml:13(para)
8176
8182
msgid ""
8177
8183
"Computer networks are often comprised of diverse systems, and while "
8178
8184
"operating a network made up entirely of Ubuntu desktop and server computers "
8193
8199
"използват за конфигуриране на вашия Ubuntu Server за споделяне на мрежови "
8194
8200
"ресурси с Windows компютри."
8195
8201
8196
#: serverguide/C/windows-networking.xml:25(para)
8202
#: serverguide/C/samba.xml:25(para)
8197
8203
msgid ""
8198
8204
"Successfully networking your Ubuntu system with Windows clients involves "
8199
8205
"providing and integrating with services common to Windows environments. Such "
8202
8208
"categories of functionality:"
8203
8209
msgstr ""
8204
8210
8205
#: serverguide/C/windows-networking.xml:33(para)
8211
#: serverguide/C/samba.xml:33(para)
8206
8212
msgid ""
8207
8213
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8208
8214
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8209
8215
"folders, volumes, and the sharing of printers throughout the network."
8210
8216
msgstr ""
8211
8217
8212
#: serverguide/C/windows-networking.xml:39(para)
8218
#: serverguide/C/samba.xml:39(para)
8213
8219
msgid ""
8214
8220
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8215
8221
"information about the computers and users of the network with such "
8217
8223
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
8218
8224
msgstr ""
8219
8225
8220
#: serverguide/C/windows-networking.xml:46(para)
8226
#: serverguide/C/samba.xml:46(para)
8221
8227
msgid ""
8222
8228
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8223
8229
"the identity of a computer or user of the network and determining the "
8226
8232
"Kerberos authentication service."
8227
8233
msgstr ""
8228
8234
8229
#: serverguide/C/windows-networking.xml:54(para)
8235
#: serverguide/C/samba.xml:54(para)
8230
8236
msgid ""
8231
8237
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8232
8238
"clients and share network resources among them. One of the principal pieces "
8234
8240
"suite of SMB server applications and tools."
8235
8241
msgstr ""
8236
8242
8237
#: serverguide/C/windows-networking.xml:60(para)
8243
#: serverguide/C/samba.xml:60(para)
8238
8244
msgid ""
8239
8245
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8240
8246
"of the common Samba use cases, and how to install and configure the "
8247
8253
msgid "File Server"
8248
8254
msgstr ""
8249
8255
8250
#: serverguide/C/windows-networking.xml:70(para)
8256
#: serverguide/C/samba.xml:70(para)
8251
8257
msgid ""
8252
8258
"One of the most common ways to network Ubuntu and Windows computers is to "
8253
8259
"configure Samba as a File Server. This section covers setting up a "
8254
8260
"<application>Samba</application> server to share files with Windows clients."
8255
8261
msgstr ""
8256
8262
8257
#: serverguide/C/windows-networking.xml:75(para)
8263
#: serverguide/C/samba.xml:75(para)
8258
8264
msgid ""
8259
8265
"The server will be configured to share files with any client on the network "
8260
8266
"without prompting for a password. If your environment requires stricter "
8261
8267
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
8262
8268
msgstr ""
8263
8269
8264
#: serverguide/C/windows-networking.xml:83(para)
8270
#: serverguide/C/samba.xml:83(para)
8265
8271
msgid ""
8266
8272
"The first step is to install the <application>samba</application> package. "
8267
8273
"From a terminal prompt enter:"
8269
8275
"Първата стъпка е да инсталирате пакета <application>samba</application> "
8270
8276
"package. В терминал напишете:"
8271
8277
8272
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8278
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8273
8279
msgid "sudo apt-get install samba"
8274
8280
msgstr "sudo apt-get install samba"
8275
8281
8276
#: serverguide/C/windows-networking.xml:91(para)
8282
#: serverguide/C/samba.xml:91(para)
8277
8283
msgid ""
8278
8284
"That's all there is to it; you are now ready to configure Samba to share "
8279
8285
"files."
8281
8287
"Това е всичко; сега сте готови да конфигурирате Samba за споделяне на "
8282
8288
"файлове."
8283
8289
8284
#: serverguide/C/windows-networking.xml:99(para)
8290
#: serverguide/C/samba.xml:99(para)
8285
8291
msgid ""
8286
8292
"The main Samba configuration file is located in "
8287
8293
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8289
8295
"directives."
8290
8296
msgstr ""
8291
8297
8292
#: serverguide/C/windows-networking.xml:104(para)
8298
#: serverguide/C/samba.xml:104(para)
8293
8299
msgid ""
8294
8300
"Not all the available options are included in the default configuration "
8295
8301
"file. See the <filename>smb.conf</filename><application>man</application> "
8297
8303
"Collection/\">Samba HOWTO Collection</ulink> for more details."
8298
8304
msgstr ""
8299
8305
8300
#: serverguide/C/windows-networking.xml:113(para)
8306
#: serverguide/C/samba.xml:113(para)
8301
8307
msgid ""
8302
8308
"First, edit the following key/value pairs in the "
8303
8309
"<emphasis>[global]</emphasis> section of "
8304
8310
"<filename>/etc/samba/smb.conf</filename>:"
8305
8311
msgstr ""
8306
8312
8307
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8313
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8308
8314
#, no-wrap
8309
8315
msgid ""
8310
8316
"\n"
8313
8319
" security = user\n"
8314
8320
msgstr ""
8315
8321
8316
#: serverguide/C/windows-networking.xml:124(para)
8322
#: serverguide/C/samba.xml:124(para)
8317
8323
msgid ""
8318
8324
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8319
8325
"section, and is commented by default. Also, change "
8320
8326
"<emphasis>EXAMPLE</emphasis> to better match your environment."
8321
8327
msgstr ""
8322
8328
8323
#: serverguide/C/windows-networking.xml:132(para)
8329
#: serverguide/C/samba.xml:132(para)
8324
8330
msgid ""
8325
8331
"Create a new section at the bottom of the file, or uncomment one of the "
8326
8332
"examples, for the directory to be shared:"
8327
8333
msgstr ""
8328
8334
8329
#: serverguide/C/windows-networking.xml:136(programlisting)
8335
#: serverguide/C/samba.xml:136(programlisting)
8330
8336
#, no-wrap
8331
8337
msgid ""
8332
8338
"\n"
8339
8345
" create mask = 0755\n"
8340
8346
msgstr ""
8341
8347
8342
#: serverguide/C/windows-networking.xml:148(para)
8348
#: serverguide/C/samba.xml:148(para)
8343
8349
msgid ""
8344
8350
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8345
8351
"fit your needs."
8346
8352
msgstr ""
8347
8353
8348
#: serverguide/C/windows-networking.xml:153(para)
8354
#: serverguide/C/samba.xml:153(para)
8349
8355
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8350
8356
msgstr ""
8351
8357
8352
#: serverguide/C/windows-networking.xml:156(para)
8358
#: serverguide/C/samba.xml:156(para)
8353
8359
msgid ""
8354
8360
"This example uses <filename>/srv/samba/sharename</filename> because, "
8355
8361
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8360
8366
"adhering to standards is recommended."
8361
8367
msgstr ""
8362
8368
8363
#: serverguide/C/windows-networking.xml:165(para)
8369
#: serverguide/C/samba.xml:165(para)
8364
8370
msgid ""
8365
8371
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8366
8372
"directory using <application>Windows Explorer</application>."
8367
8373
msgstr ""
8368
8374
8369
#: serverguide/C/windows-networking.xml:171(para)
8375
#: serverguide/C/samba.xml:171(para)
8370
8376
msgid ""
8371
8377
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8372
8378
"without supplying a password."
8373
8379
msgstr ""
8374
8380
8375
#: serverguide/C/windows-networking.xml:176(para)
8381
#: serverguide/C/samba.xml:176(para)
8376
8382
msgid ""
8377
8383
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8378
8384
"write privileges are granted. Write privileges are allowed only when the "
8380
8386
"is <emphasis>yes</emphasis>, then access to the share is read only."
8381
8387
msgstr ""
8382
8388
8383
#: serverguide/C/windows-networking.xml:181(para)
8389
#: serverguide/C/samba.xml:181(para)
8384
8390
msgid ""
8385
8391
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8386
8392
"have when created."
8387
8393
msgstr ""
8388
8394
8389
#: serverguide/C/windows-networking.xml:190(para)
8395
#: serverguide/C/samba.xml:190(para)
8390
8396
msgid ""
8391
8397
"Now that <application>Samba</application> is configured, the directory needs "
8392
8398
"to be created and the permissions changed. From a terminal enter:"
8393
8399
msgstr ""
8394
8400
8395
#: serverguide/C/windows-networking.xml:196(command)
8401
#: serverguide/C/samba.xml:196(command)
8396
8402
msgid "sudo mkdir -p /srv/samba/share"
8397
8403
msgstr ""
8398
8404
8399
#: serverguide/C/windows-networking.xml:197(command)
8405
#: serverguide/C/samba.xml:197(command)
8400
8406
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8401
8407
msgstr ""
8402
8408
8403
#: serverguide/C/windows-networking.xml:201(para)
8409
#: serverguide/C/samba.xml:201(para)
8404
8410
msgid ""
8405
8411
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8406
8412
"directory tree if it doesn't exist."
8407
8413
msgstr ""
8408
8414
8409
#: serverguide/C/windows-networking.xml:209(para)
8415
#: serverguide/C/samba.xml:209(para)
8410
8416
msgid ""
8411
8417
"Finally, restart the <application>samba</application> services to enable the "
8412
8418
"new configuration:"
8413
8419
msgstr ""
8414
8420
8415
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8421
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4114(command)
8416
8422
msgid "sudo restart smbd"
8417
8423
msgstr ""
8418
8424
8419
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8425
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2533(command) serverguide/C/network-auth.xml:4115(command)
8420
8426
msgid "sudo restart nmbd"
8421
8427
msgstr ""
8422
8428
8423
#: serverguide/C/windows-networking.xml:222(para)
8429
#: serverguide/C/samba.xml:222(para)
8424
8430
msgid ""
8425
8431
"Once again, the above configuration gives all access to any client on the "
8426
8432
"local network. For a more secure configuration see <xref linkend=\"samba-"
8427
8433
"fileprint-security\"/>."
8428
8434
msgstr ""
8429
8435
8430
#: serverguide/C/windows-networking.xml:228(para)
8436
#: serverguide/C/samba.xml:228(para)
8431
8437
msgid ""
8432
8438
"From a Windows client you should now be able to browse to the Ubuntu file "
8433
8439
"server and see the shared directory. If your client doesn't show your share "
8436
8442
"working try creating a directory from Windows."
8437
8443
msgstr ""
8438
8444
8439
#: serverguide/C/windows-networking.xml:232(para)
8445
#: serverguide/C/samba.xml:232(para)
8440
8446
msgid ""
8441
8447
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8442
8448
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8444
8450
"share actually exists and the permissions are correct."
8445
8451
msgstr ""
8446
8452
8447
#: serverguide/C/windows-networking.xml:239(para)
8453
#: serverguide/C/samba.xml:239(para)
8448
8454
msgid ""
8449
8455
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8450
8456
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8454
8460
"<filename>/srv/samba/qa</filename>."
8455
8461
msgstr ""
8456
8462
8457
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8463
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8458
8464
msgid ""
8459
8465
"For in depth Samba configurations see the <ulink "
8460
8466
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8461
8467
"Collection</ulink>"
8462
8468
msgstr ""
8463
8469
8464
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8470
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8465
8471
msgid ""
8466
8472
"The guide is also available in <ulink "
8467
8473
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8468
8474
"format</ulink>."
8469
8475
msgstr ""
8470
8476
8471
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8477
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8472
8478
msgid ""
8473
8479
"O'Reilly's <ulink "
8474
8480
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8475
8481
"another good reference."
8476
8482
msgstr ""
8477
8483
8478
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8484
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8479
8485
msgid ""
8480
8486
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8481
8487
"</ulink> page."
8482
8488
msgstr ""
8483
8489
8484
#: serverguide/C/network-config.xml:908(para)
8490
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8485
8491
msgid "Print Server"
8486
8492
msgstr ""
8487
8493
8488
#: serverguide/C/windows-networking.xml:281(para)
8494
#: serverguide/C/samba.xml:281(para)
8489
8495
msgid ""
8490
8496
"Another common use of Samba is to configure it to share printers installed, "
8491
8497
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8494
8500
"prompting for a username and password."
8495
8501
msgstr ""
8496
8502
8497
#: serverguide/C/windows-networking.xml:287(para)
8503
#: serverguide/C/samba.xml:287(para)
8498
8504
msgid ""
8499
8505
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8500
8506
"security\"/>."
8501
8507
msgstr ""
8502
8508
8503
#: serverguide/C/windows-networking.xml:294(para)
8509
#: serverguide/C/samba.xml:294(para)
8504
8510
msgid ""
8505
8511
"Before installing and configuring Samba it is best to already have a working "
8506
8512
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8507
8513
"for details."
8508
8514
msgstr ""
8509
8515
8510
#: serverguide/C/windows-networking.xml:299(para)
8516
#: serverguide/C/samba.xml:299(para)
8511
8517
msgid ""
8512
8518
"To install the <application>samba</application> package, from a terminal "
8513
8519
"enter:"
8514
8520
msgstr ""
8515
8521
8516
#: serverguide/C/windows-networking.xml:310(para)
8522
#: serverguide/C/samba.xml:310(para)
8517
8523
msgid ""
8518
8524
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8519
8525
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8521
8527
"role=\"italic\">user</emphasis>:"
8522
8528
msgstr ""
8523
8529
8524
#: serverguide/C/windows-networking.xml:322(para)
8530
#: serverguide/C/samba.xml:322(para)
8525
8531
msgid ""
8526
8532
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8527
8533
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8528
8534
msgstr ""
8529
8535
8530
#: serverguide/C/windows-networking.xml:326(programlisting)
8536
#: serverguide/C/samba.xml:326(programlisting)
8531
8537
#, no-wrap
8532
8538
msgid ""
8533
8539
"\n"
8535
8541
" guest ok = yes\n"
8536
8542
msgstr ""
8537
8543
8538
#: serverguide/C/windows-networking.xml:331(para)
8544
#: serverguide/C/samba.xml:331(para)
8539
8545
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8540
8546
msgstr ""
8541
8547
8542
#: serverguide/C/windows-networking.xml:340(para)
8548
#: serverguide/C/samba.xml:340(para)
8543
8549
msgid ""
8544
8550
"The default Samba configuration will automatically share any printers "
8545
8551
"installed. Simply install the printer locally on your Windows clients."
8546
8552
msgstr ""
8547
8553
8548
#: serverguide/C/windows-networking.xml:369(para)
8554
#: serverguide/C/samba.xml:369(para)
8549
8555
msgid ""
8550
8556
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8551
8557
"more information on configuring CUPS."
8555
8561
msgid "Securing File and Print Server"
8556
8562
msgstr ""
8557
8563
8558
#: serverguide/C/windows-networking.xml:386(title)
8564
#: serverguide/C/samba.xml:386(title)
8559
8565
msgid "Samba Security Modes"
8560
8566
msgstr ""
8561
8567
8562
#: serverguide/C/windows-networking.xml:388(para)
8568
#: serverguide/C/samba.xml:388(para)
8563
8569
msgid ""
8564
8570
"There are two security levels available to the Common Internet Filesystem "
8565
8571
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8568
8574
"security and one way to implement share-level:"
8569
8575
msgstr ""
8570
8576
8571
#: serverguide/C/windows-networking.xml:397(para)
8577
#: serverguide/C/samba.xml:397(para)
8572
8578
msgid ""
8573
8579
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8574
8580
"and password to connect to shares. Samba user accounts are separate from "
8576
8582
"will sync system users and passwords with the Samba user database."
8577
8583
msgstr ""
8578
8584
8579
#: serverguide/C/windows-networking.xml:404(para)
8585
#: serverguide/C/samba.xml:404(para)
8580
8586
msgid ""
8581
8587
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8582
8588
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8584
8590
"linkend=\"samba-dc\"/> for further information."
8585
8591
msgstr ""
8586
8592
8587
#: serverguide/C/windows-networking.xml:411(para)
8593
#: serverguide/C/samba.xml:411(para)
8588
8594
msgid ""
8589
8595
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8590
8596
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8591
8597
"integration\"/> for details."
8592
8598
msgstr ""
8593
8599
8594
#: serverguide/C/windows-networking.xml:417(para)
8600
#: serverguide/C/samba.xml:417(para)
8595
8601
msgid ""
8596
8602
"<emphasis>security = server:</emphasis> this mode is left over from before "
8597
8603
"Samba could become a member server, and due to some security issues should "
8600
8606
"of the Samba guide for more details."
8601
8607
msgstr ""
8602
8608
8603
#: serverguide/C/windows-networking.xml:425(para)
8609
#: serverguide/C/samba.xml:425(para)
8604
8610
msgid ""
8605
8611
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8606
8612
"without supplying a username and password."
8607
8613
msgstr ""
8608
8614
8609
#: serverguide/C/windows-networking.xml:432(para)
8615
#: serverguide/C/samba.xml:432(para)
8610
8616
msgid ""
8611
8617
"The security mode you choose will depend on your environment and what you "
8612
8618
"need the Samba server to accomplish."
8613
8619
msgstr ""
8614
8620
8615
#: serverguide/C/windows-networking.xml:438(title)
8621
#: serverguide/C/samba.xml:438(title)
8616
8622
msgid "Security = User"
8617
8623
msgstr ""
8618
8624
8619
#: serverguide/C/windows-networking.xml:440(para)
8625
#: serverguide/C/samba.xml:440(para)
8620
8626
msgid ""
8621
8627
"This section will reconfigure the Samba file and print server, from <xref "
8622
8628
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8623
8629
"require authentication."
8624
8630
msgstr ""
8625
8631
8626
#: serverguide/C/windows-networking.xml:445(para)
8632
#: serverguide/C/samba.xml:445(para)
8627
8633
msgid ""
8628
8634
"First, install the <application>libpam-smbpass</application> package which "
8629
8635
"will sync the system users to the Samba user database:"
8630
8636
msgstr ""
8631
8637
8632
#: serverguide/C/windows-networking.xml:451(command)
8638
#: serverguide/C/samba.xml:451(command)
8633
8639
msgid "sudo apt-get install libpam-smbpass"
8634
8640
msgstr ""
8635
8641
8636
#: serverguide/C/windows-networking.xml:455(para)
8642
#: serverguide/C/samba.xml:455(para)
8637
8643
msgid ""
8638
8644
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8639
8645
"<application>libpam-smbpass</application> is already installed."
8640
8646
msgstr ""
8641
8647
8642
#: serverguide/C/windows-networking.xml:461(para)
8648
#: serverguide/C/samba.xml:461(para)
8643
8649
msgid ""
8644
8650
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8645
8651
"<emphasis>[share]</emphasis> section change:"
8646
8652
msgstr ""
8647
8653
8648
#: serverguide/C/windows-networking.xml:465(programlisting)
8654
#: serverguide/C/samba.xml:465(programlisting)
8649
8655
#, no-wrap
8650
8656
msgid ""
8651
8657
"\n"
8652
8658
" guest ok = no\n"
8653
8659
msgstr ""
8654
8660
8655
#: serverguide/C/windows-networking.xml:469(para)
8661
#: serverguide/C/samba.xml:469(para)
8656
8662
msgid "Finally, restart Samba for the new settings to take effect:"
8657
8663
msgstr ""
8658
8664
8659
#: serverguide/C/windows-networking.xml:478(para)
8665
#: serverguide/C/samba.xml:478(para)
8660
8666
msgid ""
8661
8667
"Now when connecting to the shared directories or printers you should be "
8662
8668
"prompted for a username and password."
8663
8669
msgstr ""
8664
8670
8665
#: serverguide/C/windows-networking.xml:483(para)
8671
#: serverguide/C/samba.xml:483(para)
8666
8672
msgid ""
8667
8673
"If you choose to map a network drive to the share you can check the "
8668
8674
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8669
8675
"enter the username and password once, at least until the password changes."
8670
8676
msgstr ""
8671
8677
8672
#: serverguide/C/windows-networking.xml:491(title)
8678
#: serverguide/C/samba.xml:491(title)
8673
8679
msgid "Share Security"
8674
8680
msgstr ""
8675
8681
8676
#: serverguide/C/windows-networking.xml:493(para)
8682
#: serverguide/C/samba.xml:493(para)
8677
8683
msgid ""
8678
8684
"There are several options available to increase the security for each "
8679
8685
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8680
8686
"this section will cover some common options."
8681
8687
msgstr ""
8682
8688
8683
#: serverguide/C/windows-networking.xml:499(title)
8689
#: serverguide/C/samba.xml:499(title)
8684
8690
msgid "Groups"
8685
8691
msgstr ""
8686
8692
8687
#: serverguide/C/windows-networking.xml:501(para)
8693
#: serverguide/C/samba.xml:501(para)
8688
8694
msgid ""
8689
8695
"Groups define a collection of computers or users which have a common level "
8690
8696
"of access to particular network resources and offer a level of granularity "
8706
8712
"have only access to resources explicitly allowing the group they are part of."
8707
8713
msgstr ""
8708
8714
8709
#: serverguide/C/windows-networking.xml:515(para)
8715
#: serverguide/C/samba.xml:515(para)
8710
8716
msgid ""
8711
8717
"By default Samba looks for the local system groups defined in "
8712
8718
"<filename>/etc/group</filename> to determine which users belong to which "
8714
8720
"<xref linkend=\"adding-deleting-users\"/>."
8715
8721
msgstr ""
8716
8722
8717
#: serverguide/C/windows-networking.xml:521(para)
8723
#: serverguide/C/samba.xml:521(para)
8718
8724
msgid ""
8719
8725
"When defining groups in the Samba configuration file, "
8720
8726
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8725
8731
"role=\"bold\">@sysadmin</emphasis>."
8726
8732
msgstr ""
8727
8733
8728
#: serverguide/C/windows-networking.xml:530(title)
8734
#: serverguide/C/samba.xml:530(title)
8729
8735
msgid "File Permissions"
8730
8736
msgstr ""
8731
8737
8732
#: serverguide/C/windows-networking.xml:532(para)
8738
#: serverguide/C/samba.xml:532(para)
8733
8739
msgid ""
8734
8740
"File Permissions define the explicit rights a computer or user has to a "
8735
8741
"particular directory, file, or set of files. Such permissions may be defined "
8737
8743
"the explicit permissions of a defined file share."
8738
8744
msgstr ""
8739
8745
8740
#: serverguide/C/windows-networking.xml:538(para)
8746
#: serverguide/C/samba.xml:538(para)
8741
8747
msgid ""
8742
8748
"For example, if you have defined a Samba share called "
8743
8749
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8749
8755
"under the <emphasis>[share]</emphasis> entry:"
8750
8756
msgstr ""
8751
8757
8752
#: serverguide/C/windows-networking.xml:547(programlisting)
8758
#: serverguide/C/samba.xml:547(programlisting)
8753
8759
#, no-wrap
8754
8760
msgid ""
8755
8761
"\n"
8757
8763
" write list = @sysadmin, vincent\n"
8758
8764
msgstr ""
8759
8765
8760
#: serverguide/C/windows-networking.xml:552(para)
8766
#: serverguide/C/samba.xml:552(para)
8761
8767
msgid ""
8762
8768
"Another possible Samba permission is to declare "
8763
8769
"<emphasis>administrative</emphasis> permissions to a particular shared "
8766
8772
"administrative permissions to."
8767
8773
msgstr ""
8768
8774
8769
#: serverguide/C/windows-networking.xml:558(para)
8775
#: serverguide/C/samba.xml:558(para)
8770
8776
msgid ""
8771
8777
"For example, if you wanted to give the user <emphasis "
8772
8778
"role=\"italic\">melissa</emphasis> administrative permissions to the "
8775
8781
"under the <emphasis>[share]</emphasis> entry:"
8776
8782
msgstr ""
8777
8783
8778
#: serverguide/C/windows-networking.xml:565(programlisting)
8784
#: serverguide/C/samba.xml:565(programlisting)
8779
8785
#, no-wrap
8780
8786
msgid ""
8781
8787
"\n"
8782
8788
" admin users = melissa\n"
8783
8789
msgstr ""
8784
8790
8785
#: serverguide/C/windows-networking.xml:569(para)
8791
#: serverguide/C/samba.xml:569(para)
8786
8792
msgid ""
8787
8793
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
8788
8794
"the changes to take effect:"
8789
8795
msgstr ""
8790
8796
8791
#: serverguide/C/windows-networking.xml:579(para)
8797
#: serverguide/C/samba.xml:579(para)
8792
8798
msgid ""
8793
8799
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
8794
8800
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
8795
8801
"<emphasis role=\"italic\">security = share</emphasis>"
8796
8802
msgstr ""
8797
8803
8798
#: serverguide/C/windows-networking.xml:585(para)
8804
#: serverguide/C/samba.xml:585(para)
8799
8805
msgid ""
8800
8806
"Now that Samba has been configured to limit which groups have access to the "
8801
8807
"shared directory, the filesystem permissions need to be updated."
8802
8808
msgstr ""
8803
8809
8804
#: serverguide/C/windows-networking.xml:590(para)
8810
#: serverguide/C/samba.xml:590(para)
8805
8811
msgid ""
8806
8812
"Traditional Linux file permissions do not map well to Windows NT Access "
8807
8813
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
8810
8816
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
8811
8817
msgstr ""
8812
8818
8813
#: serverguide/C/windows-networking.xml:597(programlisting)
8819
#: serverguide/C/samba.xml:597(programlisting)
8814
8820
#, no-wrap
8815
8821
msgid ""
8816
8822
"\n"
8818
8824
"0 1\n"
8819
8825
msgstr ""
8820
8826
8821
#: serverguide/C/windows-networking.xml:601(para)
8827
#: serverguide/C/samba.xml:601(para)
8822
8828
msgid "Then remount the partition:"
8823
8829
msgstr ""
8824
8830
8825
#: serverguide/C/windows-networking.xml:606(command)
8831
#: serverguide/C/samba.xml:606(command)
8826
8832
msgid "sudo mount -v -o remount /srv"
8827
8833
msgstr ""
8828
8834
8829
#: serverguide/C/windows-networking.xml:610(para)
8835
#: serverguide/C/samba.xml:610(para)
8830
8836
msgid ""
8831
8837
"The above example assumes <filename>/srv</filename> on a separate partition. "
8832
8838
"If <filename>/srv</filename>, or wherever you have configured your share "
8834
8840
"required."
8835
8841
msgstr ""
8836
8842
8837
#: serverguide/C/windows-networking.xml:617(para)
8843
#: serverguide/C/samba.xml:617(para)
8838
8844
msgid ""
8839
8845
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
8840
8846
"group will be given read, write, and execute permissions to "
8843
8849
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
8844
8850
msgstr ""
8845
8851
8846
#: serverguide/C/windows-networking.xml:625(command)
8852
#: serverguide/C/samba.xml:625(command)
8847
8853
msgid "sudo chown -R melissa /srv/samba/share/"
8848
8854
msgstr ""
8849
8855
8850
#: serverguide/C/windows-networking.xml:626(command)
8856
#: serverguide/C/samba.xml:626(command)
8851
8857
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
8852
8858
msgstr ""
8853
8859
8854
#: serverguide/C/windows-networking.xml:627(command)
8860
#: serverguide/C/samba.xml:627(command)
8855
8861
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
8856
8862
msgstr ""
8857
8863
8858
#: serverguide/C/windows-networking.xml:631(para)
8864
#: serverguide/C/samba.xml:631(para)
8859
8865
msgid ""
8860
8866
"The <application>setfacl</application> command above gives "
8861
8867
"<emphasis>execute</emphasis> permissions to all files in the "
8863
8869
"want."
8864
8870
msgstr ""
8865
8871
8866
#: serverguide/C/windows-networking.xml:637(para)
8872
#: serverguide/C/samba.xml:637(para)
8867
8873
msgid ""
8868
8874
"Now from a Windows client you should notice the new file permissions are "
8869
8875
"implemented. See the <application>acl</application> and "
8871
8877
"ACLs."
8872
8878
msgstr ""
8873
8879
8874
#: serverguide/C/windows-networking.xml:645(title)
8880
#: serverguide/C/samba.xml:645(title)
8875
8881
msgid "Samba AppArmor Profile"
8876
8882
msgstr ""
8877
8883
8878
#: serverguide/C/windows-networking.xml:647(para)
8884
#: serverguide/C/samba.xml:647(para)
8879
8885
msgid ""
8880
8886
"Ubuntu comes with the <application>AppArmor</application> security module, "
8881
8887
"which provides mandatory access controls. The default AppArmor profile for "
8883
8889
"using AppArmor see <xref linkend=\"apparmor\"/>."
8884
8890
msgstr ""
8885
8891
8886
#: serverguide/C/windows-networking.xml:653(para)
8892
#: serverguide/C/samba.xml:653(para)
8887
8893
msgid ""
8888
8894
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
8889
8895
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
8891
8897
"package, from a terminal prompt enter:"
8892
8898
msgstr ""
8893
8899
8894
#: serverguide/C/windows-networking.xml:660(command)
8900
#: serverguide/C/samba.xml:660(command)
8895
8901
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
8896
8902
msgstr ""
8897
8903
8898
#: serverguide/C/windows-networking.xml:664(para)
8904
#: serverguide/C/samba.xml:664(para)
8899
8905
msgid "This package contains profiles for several other binaries."
8900
8906
msgstr ""
8901
8907
8902
#: serverguide/C/windows-networking.xml:669(para)
8908
#: serverguide/C/samba.xml:669(para)
8903
8909
msgid ""
8904
8910
"By default the profiles for <application>smbd</application> and "
8905
8911
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
8909
8915
"profile will need to be modified to reflect any directories that are shared."
8910
8916
msgstr ""
8911
8917
8912
#: serverguide/C/windows-networking.xml:676(para)
8918
#: serverguide/C/samba.xml:676(para)
8913
8919
msgid ""
8914
8920
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
8915
8921
"for <emphasis>[share]</emphasis> from the file server example:"
8916
8922
msgstr ""
8917
8923
8918
#: serverguide/C/windows-networking.xml:681(programlisting)
8924
#: serverguide/C/samba.xml:681(programlisting)
8919
8925
#, no-wrap
8920
8926
msgid ""
8921
8927
"\n"
8923
8929
" /srv/samba/share/** rwkix,\n"
8924
8930
msgstr ""
8925
8931
8926
#: serverguide/C/windows-networking.xml:686(para)
8932
#: serverguide/C/samba.xml:686(para)
8927
8933
msgid ""
8928
8934
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
8929
8935
msgstr ""
8930
8936
8931
#: serverguide/C/windows-networking.xml:691(command)
8937
#: serverguide/C/samba.xml:691(command)
8932
8938
msgid "sudo aa-enforce /usr/sbin/smbd"
8933
8939
msgstr ""
8934
8940
8935
#: serverguide/C/windows-networking.xml:692(command)
8941
#: serverguide/C/samba.xml:692(command)
8936
8942
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
8937
8943
msgstr ""
8938
8944
8939
#: serverguide/C/windows-networking.xml:695(para)
8945
#: serverguide/C/samba.xml:695(para)
8940
8946
msgid ""
8941
8947
"You should now be able to read, write, and execute files in the shared "
8942
8948
"directory as normal, and the <application>smbd</application> binary will "
8945
8951
"will be logged to <filename>/var/log/syslog</filename>."
8946
8952
msgstr ""
8947
8953
8948
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
8954
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
8949
8955
msgid ""
8950
8956
"O'Reilly's <ulink "
8951
8957
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8952
8958
"also a good reference."
8953
8959
msgstr ""
8954
8960
8955
#: serverguide/C/windows-networking.xml:726(para)
8961
#: serverguide/C/samba.xml:726(para)
8956
8962
msgid ""
8957
8963
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
8958
8964
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
8959
8965
"security."
8960
8966
msgstr ""
8961
8967
8962
#: serverguide/C/windows-networking.xml:732(para)
8968
#: serverguide/C/samba.xml:732(para)
8963
8969
msgid ""
8964
8970
"For more information on Samba and ACLs see the <ulink "
8965
8971
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
8970
8976
msgid "As a Domain Controller"
8971
8977
msgstr ""
8972
8978
8973
#: serverguide/C/windows-networking.xml:750(para)
8979
#: serverguide/C/samba.xml:750(para)
8974
8980
msgid ""
8975
8981
"Although it cannot act as an Active Directory Primary Domain Controller "
8976
8982
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
8979
8985
"backends to store the user information."
8980
8986
msgstr ""
8981
8987
8982
#: serverguide/C/windows-networking.xml:757(title)
8988
#: serverguide/C/samba.xml:757(title)
8983
8989
msgid "Primary Domain Controller"
8984
8990
msgstr ""
8985
8991
8986
#: serverguide/C/windows-networking.xml:759(para)
8992
#: serverguide/C/samba.xml:759(para)
8987
8993
msgid ""
8988
8994
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
8989
8995
"using the default smbpasswd backend."
8990
8996
msgstr ""
8991
8997
8992
#: serverguide/C/windows-networking.xml:766(para)
8998
#: serverguide/C/samba.xml:766(para)
8993
8999
msgid ""
8994
9000
"First, install Samba, and <application>libpam-smbpass</application> to sync "
8995
9001
"the user accounts, by entering the following in a terminal prompt:"
8996
9002
msgstr ""
8997
9003
8998
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
9004
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
8999
9005
msgid "sudo apt-get install samba libpam-smbpass"
9000
9006
msgstr ""
9001
9007
9002
#: serverguide/C/windows-networking.xml:778(para)
9008
#: serverguide/C/samba.xml:778(para)
9003
9009
msgid ""
9004
9010
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
9005
9011
"The <emphasis>security</emphasis> mode should be set to <emphasis "
9007
9013
"should relate to your organization:"
9008
9014
msgstr ""
9009
9015
9010
#: serverguide/C/windows-networking.xml:793(para)
9016
#: serverguide/C/samba.xml:793(para)
9011
9017
msgid ""
9012
9018
"In the commented <quote>Domains</quote> section add or uncomment the "
9013
9019
"following (the last line has been split to fit the format of this document):"
9014
9020
msgstr ""
9015
9021
9016
#: serverguide/C/windows-networking.xml:797(programlisting)
9022
#: serverguide/C/samba.xml:797(programlisting)
9017
9023
#, no-wrap
9018
9024
msgid ""
9019
9025
"\n"
9026
9032
" /var/lib/samba -s /bin/false %u\n"
9027
9033
msgstr ""
9028
9034
9029
#: serverguide/C/windows-networking.xml:808(para)
9035
#: serverguide/C/samba.xml:808(para)
9030
9036
msgid ""
9031
9037
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
9032
9038
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
9033
9039
"commented."
9034
9040
msgstr ""
9035
9041
9036
#: serverguide/C/windows-networking.xml:816(para)
9042
#: serverguide/C/samba.xml:816(para)
9037
9043
msgid ""
9038
9044
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
9039
9045
"Samba to act as a domain controller."
9040
9046
msgstr ""
9041
9047
9042
#: serverguide/C/windows-networking.xml:821(para)
9048
#: serverguide/C/samba.xml:821(para)
9043
9049
msgid ""
9044
9050
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9045
9051
"their home directory. It is also possible to configure a "
9047
9053
"directory."
9048
9054
msgstr ""
9049
9055
9050
#: serverguide/C/windows-networking.xml:827(para)
9056
#: serverguide/C/samba.xml:827(para)
9051
9057
msgid ""
9052
9058
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9053
9059
msgstr ""
9054
9060
9055
#: serverguide/C/windows-networking.xml:832(para)
9061
#: serverguide/C/samba.xml:832(para)
9056
9062
msgid ""
9057
9063
"<emphasis>logon home:</emphasis> specifies the home directory location."
9058
9064
msgstr ""
9059
9065
9060
#: serverguide/C/windows-networking.xml:837(para)
9066
#: serverguide/C/samba.xml:837(para)
9061
9067
msgid ""
9062
9068
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9063
9069
"once a user has logged in. The script needs to be placed in the "
9064
9070
"<emphasis>[netlogon]</emphasis> share."
9065
9071
msgstr ""
9066
9072
9067
#: serverguide/C/windows-networking.xml:843(para)
9073
#: serverguide/C/samba.xml:843(para)
9068
9074
msgid ""
9069
9075
"<emphasis>add machine script:</emphasis> a script that will automatically "
9070
9076
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9071
9077
"workstation to join the domain."
9072
9078
msgstr ""
9073
9079
9074
#: serverguide/C/windows-networking.xml:847(para)
9080
#: serverguide/C/samba.xml:847(para)
9075
9081
msgid ""
9076
9082
"In this example the <emphasis>machines</emphasis> group will need to be "
9077
9083
"created using the <application>addgroup</application> utility see <xref "
9078
9084
"linkend=\"adding-deleting-users\"/> for details."
9079
9085
msgstr ""
9080
9086
9081
#: serverguide/C/windows-networking.xml:858(para)
9087
#: serverguide/C/samba.xml:858(para)
9082
9088
msgid ""
9083
9089
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9084
9090
"role=\"italic\">logon home</emphasis> to be mapped:"
9085
9091
msgstr ""
9086
9092
9087
#: serverguide/C/windows-networking.xml:863(programlisting)
9093
#: serverguide/C/samba.xml:863(programlisting)
9088
9094
#, no-wrap
9089
9095
msgid ""
9090
9096
"\n"
9097
9103
" valid users = %S\n"
9098
9104
msgstr ""
9099
9105
9100
#: serverguide/C/windows-networking.xml:876(para)
9106
#: serverguide/C/samba.xml:876(para)
9101
9107
msgid ""
9102
9108
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9103
9109
"share needs to be configured. To enable the share, uncomment:"
9104
9110
msgstr ""
9105
9111
9106
#: serverguide/C/windows-networking.xml:881(programlisting)
9112
#: serverguide/C/samba.xml:881(programlisting)
9107
9113
#, no-wrap
9108
9114
msgid ""
9109
9115
"\n"
9115
9121
" share modes = no\n"
9116
9122
msgstr ""
9117
9123
9118
#: serverguide/C/windows-networking.xml:891(para)
9124
#: serverguide/C/samba.xml:891(para)
9119
9125
msgid ""
9120
9126
"The original <emphasis>netlogon</emphasis> share path is "
9121
9127
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9124
9130
"location for site-specific data provided by the system."
9125
9131
msgstr ""
9126
9132
9127
#: serverguide/C/windows-networking.xml:902(para)
9133
#: serverguide/C/samba.xml:902(para)
9128
9134
msgid ""
9129
9135
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9130
9136
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9131
9137
msgstr ""
9132
9138
9133
#: serverguide/C/windows-networking.xml:908(command)
9139
#: serverguide/C/samba.xml:908(command)
9134
9140
msgid "sudo mkdir -p /srv/samba/netlogon"
9135
9141
msgstr ""
9136
9142
9137
#: serverguide/C/windows-networking.xml:909(command)
9143
#: serverguide/C/samba.xml:909(command)
9138
9144
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9139
9145
msgstr ""
9140
9146
9141
#: serverguide/C/windows-networking.xml:912(para)
9147
#: serverguide/C/samba.xml:912(para)
9142
9148
msgid ""
9143
9149
"You can enter any normal Windows logon script commands in "
9144
9150
"<filename>logon.cmd</filename> to customize the client's environment."
9145
9151
msgstr ""
9146
9152
9147
#: serverguide/C/windows-networking.xml:920(para)
9153
#: serverguide/C/samba.xml:920(para)
9148
9154
msgid "Restart Samba to enable the new domain controller:"
9149
9155
msgstr ""
9150
9156
9151
#: serverguide/C/windows-networking.xml:932(para)
9157
#: serverguide/C/samba.xml:932(para)
9152
9158
msgid ""
9153
9159
"Lastly, there are a few additional commands needed to setup the appropriate "
9154
9160
"rights."
9155
9161
msgstr ""
9156
9162
9157
#: serverguide/C/windows-networking.xml:936(para)
9163
#: serverguide/C/samba.xml:936(para)
9158
9164
msgid ""
9159
9165
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9160
9166
"workstation to the domain, a system group needs to be mapped to the Windows "
9162
9168
"<application>net</application> utility, from a terminal enter:"
9163
9169
msgstr ""
9164
9170
9165
#: serverguide/C/windows-networking.xml:943(command)
9171
#: serverguide/C/samba.xml:943(command)
9166
9172
msgid ""
9167
9173
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9168
9174
"type=d"
9169
9175
msgstr ""
9170
9176
9171
#: serverguide/C/windows-networking.xml:947(para)
9177
#: serverguide/C/samba.xml:947(para)
9172
9178
msgid ""
9173
9179
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9174
9180
"prefer. Also, the user used to join the domain needs to be a member of the "
9177
9183
"allows <application>sudo</application> use."
9178
9184
msgstr ""
9179
9185
9180
#: serverguide/C/windows-networking.xml:953(para)
9186
#: serverguide/C/samba.xml:953(para)
9181
9187
msgid ""
9182
9188
"If the user does not have Samba credentials yet, you can add them with the "
9183
9189
"<application>smbpasswd</application> utility, change the "
9186
9192
"</screen>"
9187
9193
msgstr ""
9188
9194
9189
#: serverguide/C/windows-networking.xml:963(para)
9195
#: serverguide/C/samba.xml:963(para)
9190
9196
msgid ""
9191
9197
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9192
9198
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9193
9199
"(and other admin functions) to work. This is achieved by executing:"
9194
9200
msgstr ""
9195
9201
9196
#: serverguide/C/windows-networking.xml:968(command)
9202
#: serverguide/C/samba.xml:968(command)
9197
9203
msgid ""
9198
9204
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9199
9205
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9200
9206
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9201
9207
msgstr ""
9202
9208
9203
#: serverguide/C/windows-networking.xml:976(para)
9209
#: serverguide/C/samba.xml:976(para)
9204
9210
msgid ""
9205
9211
"You should now be able to join Windows clients to the Domain in the same "
9206
9212
"manner as joining them to an NT4 domain running on a Windows server."
9207
9213
msgstr ""
9208
9214
9209
#: serverguide/C/windows-networking.xml:986(title)
9215
#: serverguide/C/samba.xml:986(title)
9210
9216
msgid "Backup Domain Controller"
9211
9217
msgstr ""
9212
9218
9213
#: serverguide/C/windows-networking.xml:988(para)
9219
#: serverguide/C/samba.xml:988(para)
9214
9220
msgid ""
9215
9221
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9216
9222
"Backup Domain Controller (BDC) as well. This will allow clients to "
9217
9223
"authenticate in case the PDC becomes unavailable."
9218
9224
msgstr ""
9219
9225
9220
#: serverguide/C/windows-networking.xml:993(para)
9226
#: serverguide/C/samba.xml:993(para)
9221
9227
msgid ""
9222
9228
"When configuring Samba as a BDC you need a way to sync account information "
9223
9229
"with the PDC. There are multiple ways of accomplishing this "
9226
9232
"backend</emphasis>."
9227
9233
msgstr ""
9228
9234
9229
#: serverguide/C/windows-networking.xml:999(para)
9235
#: serverguide/C/samba.xml:999(para)
9230
9236
msgid ""
9231
9237
"Using LDAP is the most robust way to sync account information, because both "
9232
9238
"domain controllers can use the same information in real time. However, "
9234
9240
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9235
9241
msgstr ""
9236
9242
9237
#: serverguide/C/windows-networking.xml:1008(para)
9243
#: serverguide/C/samba.xml:1008(para)
9238
9244
msgid ""
9239
9245
"First, install <application>samba</application> and <application>libpam-"
9240
9246
"smbpass</application>. From a terminal enter:"
9241
9247
msgstr ""
9242
9248
9243
#: serverguide/C/windows-networking.xml:1019(para)
9249
#: serverguide/C/samba.xml:1019(para)
9244
9250
msgid ""
9245
9251
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9246
9252
"following in the <emphasis>[global]</emphasis>:"
9247
9253
msgstr ""
9248
9254
9249
#: serverguide/C/windows-networking.xml:1032(para)
9255
#: serverguide/C/samba.xml:1032(para)
9250
9256
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9251
9257
msgstr ""
9252
9258
9253
#: serverguide/C/windows-networking.xml:1036(programlisting)
9259
#: serverguide/C/samba.xml:1036(programlisting)
9254
9260
#, no-wrap
9255
9261
msgid ""
9256
9262
"\n"
9258
9264
" domain master = no\n"
9259
9265
msgstr ""
9260
9266
9261
#: serverguide/C/windows-networking.xml:1044(para)
9267
#: serverguide/C/samba.xml:1044(para)
9262
9268
msgid ""
9263
9269
"Make sure a user has rights to read the files in "
9264
9270
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9266
9272
"files, enter:"
9267
9273
msgstr ""
9268
9274
9269
#: serverguide/C/windows-networking.xml:1050(command)
9275
#: serverguide/C/samba.xml:1050(command)
9270
9276
msgid "sudo chgrp -R admin /var/lib/samba"
9271
9277
msgstr ""
9272
9278
9273
#: serverguide/C/windows-networking.xml:1056(para)
9279
#: serverguide/C/samba.xml:1056(para)
9274
9280
msgid ""
9275
9281
"Next, sync the user accounts, using <application>scp</application> to copy "
9276
9282
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9277
9283
msgstr ""
9278
9284
9279
#: serverguide/C/windows-networking.xml:1062(command)
9285
#: serverguide/C/samba.xml:1062(command)
9280
9286
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9281
9287
msgstr ""
9282
9288
9283
#: serverguide/C/windows-networking.xml:1066(para)
9289
#: serverguide/C/samba.xml:1066(para)
9284
9290
msgid ""
9285
9291
"Replace <emphasis>username</emphasis> with a valid username and "
9286
9292
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9287
9293
msgstr ""
9288
9294
9289
#: serverguide/C/windows-networking.xml:1075(para)
9295
#: serverguide/C/samba.xml:1075(para)
9290
9296
msgid "Finally, restart <application>samba</application>:"
9291
9297
msgstr ""
9292
9298
9293
#: serverguide/C/windows-networking.xml:1087(para)
9299
#: serverguide/C/samba.xml:1087(para)
9294
9300
msgid ""
9295
9301
"You can test that your Backup Domain controller is working by stopping the "
9296
9302
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9297
9303
"the domain."
9298
9304
msgstr ""
9299
9305
9300
#: serverguide/C/windows-networking.xml:1092(para)
9306
#: serverguide/C/samba.xml:1092(para)
9301
9307
msgid ""
9302
9308
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9303
9309
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9306
9312
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9307
9313
msgstr ""
9308
9314
9309
#: serverguide/C/windows-networking.xml:1122(para)
9315
#: serverguide/C/samba.xml:1122(para)
9310
9316
msgid ""
9311
9317
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9312
9318
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9313
9319
"up a Primary Domain Controller."
9314
9320
msgstr ""
9315
9321
9316
#: serverguide/C/windows-networking.xml:1128(para)
9322
#: serverguide/C/samba.xml:1128(para)
9317
9323
msgid ""
9318
9324
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9319
9325
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9324
9330
msgid "Active Directory Integration"
9325
9331
msgstr ""
9326
9332
9327
#: serverguide/C/windows-networking.xml:1146(title)
9333
#: serverguide/C/samba.xml:1146(title)
9328
9334
msgid "Accessing a Samba Share"
9329
9335
msgstr ""
9330
9336
9331
#: serverguide/C/windows-networking.xml:1148(para)
9337
#: serverguide/C/samba.xml:1148(para)
9332
9338
msgid ""
9333
9339
"Another, use for Samba is to integrate into an existing Windows network. "
9334
9340
"Once part of an Active Directory domain, Samba can provide file and print "
9344
9350
"Likewise Open documentation</ulink>."
9345
9351
msgstr ""
9346
9352
9347
#: serverguide/C/windows-networking.xml:1159(para)
9353
#: serverguide/C/samba.xml:1159(para)
9348
9354
msgid ""
9349
9355
"Once part of the Active Directory domain, enter the following command in the "
9350
9356
"terminal prompt:"
9351
9357
msgstr ""
9352
9358
9353
#: serverguide/C/windows-networking.xml:1164(command)
9359
#: serverguide/C/samba.xml:1164(command)
9354
9360
msgid "sudo apt-get install samba smbfs smbclient"
9355
9361
msgstr ""
9356
9362
9357
#: serverguide/C/windows-networking.xml:1167(para)
9363
#: serverguide/C/samba.xml:1167(para)
9358
9364
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9359
9365
msgstr ""
9360
9366
9361
#: serverguide/C/windows-networking.xml:1171(programlisting)
9367
#: serverguide/C/samba.xml:1171(programlisting)
9362
9368
#, no-wrap
9363
9369
msgid ""
9364
9370
"\n"
9372
9378
" idmap gid = 50-9999999999\n"
9373
9379
msgstr ""
9374
9380
9375
#: serverguide/C/windows-networking.xml:1182(para)
9381
#: serverguide/C/samba.xml:1182(para)
9376
9382
msgid ""
9377
9383
"Restart <application>samba</application> for the new settings to take effect:"
9378
9384
msgstr ""
9379
9385
9380
#: serverguide/C/windows-networking.xml:1191(para)
9386
#: serverguide/C/samba.xml:1191(para)
9381
9387
msgid ""
9382
9388
"You should now be able to access any <application>Samba</application> shares "
9383
9389
"from a Windows client. However, be sure to give the appropriate AD users or "
9385
9391
"security\"/> for more details."
9386
9392
msgstr ""
9387
9393
9388
#: serverguide/C/windows-networking.xml:1199(title)
9394
#: serverguide/C/samba.xml:1199(title)
9389
9395
msgid "Accessing a Windows Share"
9390
9396
msgstr ""
9391
9397
9392
#: serverguide/C/windows-networking.xml:1201(para)
9398
#: serverguide/C/samba.xml:1201(para)
9393
9399
msgid ""
9394
9400
"Now that the Samba server is part of the Active Directory domain you can "
9395
9401
"access any Windows server shares:"
9396
9402
msgstr ""
9397
9403
9398
#: serverguide/C/windows-networking.xml:1208(para)
9404
#: serverguide/C/samba.xml:1208(para)
9399
9405
msgid ""
9400
9406
"To mount a Windows file share enter the following in a terminal prompt:"
9401
9407
msgstr ""
9402
9408
9403
#: serverguide/C/windows-networking.xml:1212(command)
9409
#: serverguide/C/samba.xml:1212(command)
9404
9410
msgid "mount.cifs //fs01.example.com/share mount_point"
9405
9411
msgstr ""
9406
9412
9407
#: serverguide/C/windows-networking.xml:1215(para)
9413
#: serverguide/C/samba.xml:1215(para)
9408
9414
msgid ""
9409
9415
"It is also possible to access shares on computers not part of an AD domain, "
9410
9416
"but a username and password will need to be provided."
9411
9417
msgstr ""
9412
9418
9413
#: serverguide/C/windows-networking.xml:1223(para)
9419
#: serverguide/C/samba.xml:1223(para)
9414
9420
msgid ""
9415
9421
"To mount the share during boot place an entry in "
9416
9422
"<filename>/etc/fstab</filename>, for example:"
9417
9423
msgstr ""
9418
9424
9419
#: serverguide/C/windows-networking.xml:1227(programlisting)
9425
#: serverguide/C/samba.xml:1227(programlisting)
9420
9426
#, no-wrap
9421
9427
msgid ""
9422
9428
"\n"
9424
9430
"0 0\n"
9425
9431
msgstr ""
9426
9432
9427
#: serverguide/C/windows-networking.xml:1234(para)
9433
#: serverguide/C/samba.xml:1234(para)
9428
9434
msgid ""
9429
9435
"Another way to copy files from a Windows server is to use the "
9430
9436
"<application>smbclient</application> utility. To list the files in a Windows "
9431
9437
"share:"
9432
9438
msgstr ""
9433
9439
9434
#: serverguide/C/windows-networking.xml:1240(command)
9440
#: serverguide/C/samba.xml:1240(command)
9435
9441
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9436
9442
msgstr ""
9437
9443
9438
#: serverguide/C/windows-networking.xml:1246(para)
9444
#: serverguide/C/samba.xml:1246(para)
9439
9445
msgid "To copy a file from the share, enter:"
9440
9446
msgstr ""
9441
9447
9442
#: serverguide/C/windows-networking.xml:1251(command)
9448
#: serverguide/C/samba.xml:1251(command)
9443
9449
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9444
9450
msgstr ""
9445
9451
9446
#: serverguide/C/windows-networking.xml:1254(para)
9452
#: serverguide/C/samba.xml:1254(para)
9447
9453
msgid ""
9448
9454
"This will copy the <filename>file.txt</filename> into the current directory."
9449
9455
msgstr ""
9450
9456
9451
#: serverguide/C/windows-networking.xml:1261(para)
9457
#: serverguide/C/samba.xml:1261(para)
9452
9458
msgid "And to copy a file to the share:"
9453
9459
msgstr ""
9454
9460
9455
#: serverguide/C/windows-networking.xml:1266(command)
9461
#: serverguide/C/samba.xml:1266(command)
9456
9462
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9457
9463
msgstr ""
9458
9464
9459
#: serverguide/C/windows-networking.xml:1269(para)
9465
#: serverguide/C/samba.xml:1269(para)
9460
9466
msgid ""
9461
9467
"This will copy the <filename>/etc/hosts</filename> to "
9462
9468
"<filename>//fs01.example.com/share/hosts</filename>."
9463
9469
msgstr ""
9464
9470
9465
#: serverguide/C/windows-networking.xml:1276(para)
9471
#: serverguide/C/samba.xml:1276(para)
9466
9472
msgid ""
9467
9473
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9468
9474
"<application>smbclient</application> command all at once. This is useful for "
9471
9477
"and directory commands, simply execute:"
9472
9478
msgstr ""
9473
9479
9474
#: serverguide/C/windows-networking.xml:1283(command)
9480
#: serverguide/C/samba.xml:1283(command)
9475
9481
msgid "smbclient //fs01.example.com/share -k"
9476
9482
msgstr ""
9477
9483
9478
#: serverguide/C/windows-networking.xml:1290(para)
9484
#: serverguide/C/samba.xml:1290(para)
9479
9485
msgid ""
9480
9486
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9481
9487
"<emphasis>//192.168.0.5/share</emphasis>, "
9606
9612
"given the opportunity to describe the bug in your own words."
9607
9613
msgstr ""
9608
9614
9609
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:852(userinput)
9615
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:858(userinput)
9610
9616
#, no-wrap
9611
9617
msgid "1"
9612
9618
msgstr ""
9822
9828
"<application>Zentyal</application>."
9823
9829
msgstr ""
9824
9830
9825
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
9831
#: serverguide/C/remote-administration.xml:16(title)
9826
9832
msgid "OpenSSH Server"
9827
9833
msgstr ""
9828
9834
10097
10103
msgid "Preconfiguration"
10098
10104
msgstr ""
10099
10105
10100
#: serverguide/C/remote-administration.xml:256(para)
10106
#: serverguide/C/remote-administration.xml:236(para)
10101
10107
msgid ""
10102
10108
"Prior to configuring <application>puppet</application> you may want to add a "
10103
10109
"DNS <emphasis>CNAME</emphasis> record for "
10108
10114
"linkend=\"dns\"/> for more DNS details."
10109
10115
msgstr ""
10110
10116
10111
#: serverguide/C/remote-administration.xml:263(para)
10117
#: serverguide/C/remote-administration.xml:243(para)
10112
10118
msgid ""
10113
10119
"If you do not wish to use DNS, you can add entries to the server and client "
10114
10120
"<filename>/etc/hosts</filename> file. For example, in the "
10124
10130
"192.168.1.17 puppetclient.example.com puppetclient\n"
10125
10131
msgstr ""
10126
10132
10127
#: serverguide/C/remote-administration.xml:273(para)
10133
#: serverguide/C/remote-administration.xml:253(para)
10128
10134
msgid ""
10129
10135
"On each <application>Puppet</application> client, add an entry for the "
10130
10136
"server:"
10137
10143
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10138
10144
msgstr ""
10139
10145
10140
#: serverguide/C/remote-administration.xml:282(para)
10146
#: serverguide/C/remote-administration.xml:262(para)
10141
10147
msgid ""
10142
10148
"Replace the example IP addresses and domain names above with your actual "
10143
10149
"server and client addresses and domain names."
10144
10150
msgstr ""
10145
10151
10146
#: serverguide/C/remote-administration.xml:236(para)
10152
#: serverguide/C/remote-administration.xml:271(para)
10147
10153
msgid ""
10148
10154
"To install <application>Puppet</application>, in a terminal on the "
10149
10155
"<emphasis>server</emphasis> enter:"
10150
10156
msgstr ""
10151
10157
10152
#: serverguide/C/remote-administration.xml:241(command)
10158
#: serverguide/C/remote-administration.xml:276(command)
10153
10159
msgid "sudo apt-get install puppetmaster"
10154
10160
msgstr ""
10155
10161
10156
#: serverguide/C/remote-administration.xml:244(para)
10162
#: serverguide/C/remote-administration.xml:279(para)
10157
10163
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10158
10164
msgstr ""
10159
10165
10160
#: serverguide/C/remote-administration.xml:249(command)
10166
#: serverguide/C/remote-administration.xml:284(command)
10161
10167
msgid "sudo apt-get install puppet"
10162
10168
msgstr ""
10163
10169
10214
10220
"<application>Puppet</application> client's host name."
10215
10221
msgstr ""
10216
10222
10217
#: serverguide/C/remote-administration.xml:323(para)
10223
#: serverguide/C/remote-administration.xml:337(para)
10218
10224
msgid ""
10219
10225
"The final step for this simple <application>Puppet</application> server is "
10220
10226
"to restart the daemon:"
10224
10230
msgid "sudo service puppetmaster restart"
10225
10231
msgstr ""
10226
10232
10227
#: serverguide/C/remote-administration.xml:331(para)
10233
#: serverguide/C/remote-administration.xml:345(para)
10228
10234
msgid ""
10229
10235
"Now everything is configured on the <application>Puppet</application> "
10230
10236
"server, it is time to configure the client."
10237
10243
"<emphasis>START</emphasis> to yes:"
10238
10244
msgstr ""
10239
10245
10240
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10246
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10241
10247
#, no-wrap
10242
10248
msgid ""
10243
10249
"\n"
10244
10250
"START=yes\n"
10245
10251
msgstr ""
10246
10252
10247
#: serverguide/C/remote-administration.xml:344(para)
10253
#: serverguide/C/remote-administration.xml:358(para)
10248
10254
msgid "Then start the service:"
10249
10255
msgstr ""
10250
10256
10299
10305
"<application>Puppet</application> client."
10300
10306
msgstr ""
10301
10307
10302
#: serverguide/C/remote-administration.xml:366(para)
10308
#: serverguide/C/remote-administration.xml:406(para)
10303
10309
msgid ""
10304
10310
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10305
10311
"many of <application>Puppet</application>'s features and benefits. For more "
10306
10312
"information see <xref linkend=\"puppet-resources\"/>."
10307
10313
msgstr ""
10308
10314
10309
#: serverguide/C/remote-administration.xml:378(para)
10315
#: serverguide/C/remote-administration.xml:418(para)
10310
10316
msgid ""
10311
10317
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10312
10318
"Documentation</ulink> web site."
10318
10324
"online repository of puppet modules."
10319
10325
msgstr ""
10320
10326
10321
#: serverguide/C/remote-administration.xml:383(para)
10327
#: serverguide/C/remote-administration.xml:428(para)
10322
10328
msgid ""
10323
10329
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10324
10330
"Puppet</ulink>."
10325
10331
msgstr ""
10326
10332
10327
#: serverguide/C/remote-administration.xml:397(title)
10333
#: serverguide/C/remote-administration.xml:437(title)
10328
10334
msgid "Zentyal"
10329
10335
msgstr ""
10330
10336
10331
#: serverguide/C/remote-administration.xml:399(para)
10337
#: serverguide/C/remote-administration.xml:439(para)
10332
10338
msgid ""
10333
10339
"<application>Zentyal</application> is a Linux small business server, that "
10334
10340
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10355
10361
"them."
10356
10362
msgstr ""
10357
10363
10358
#: serverguide/C/remote-administration.xml:427(para)
10364
#: serverguide/C/remote-administration.xml:467(para)
10359
10365
msgid ""
10360
10366
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10361
10367
"available are:"
10362
10368
msgstr ""
10363
10369
10364
#: serverguide/C/remote-administration.xml:434(para)
10370
#: serverguide/C/remote-administration.xml:474(para)
10365
10371
msgid ""
10366
10372
"zentyal-core & zentyal-common: the core of the "
10367
10373
"<application>Zentyal</application> interface and the common libraries of the "
10369
10375
"administrator an interface to view the logs and generate events from them."
10370
10376
msgstr ""
10371
10377
10372
#: serverguide/C/remote-administration.xml:443(para)
10378
#: serverguide/C/remote-administration.xml:483(para)
10373
10379
msgid ""
10374
10380
"zentyal-network: manages the configuration of the network. From the "
10375
10381
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10384
10390
"services (e.g. HTTP instead of 80/TCP)."
10385
10391
msgstr ""
10386
10392
10387
#: serverguide/C/remote-administration.xml:458(para)
10393
#: serverguide/C/remote-administration.xml:498(para)
10388
10394
msgid ""
10389
10395
"zentyal-firewall: configures the <application>iptables</application> rules "
10390
10396
"to block forbiden connections, NAT and port redirections."
10391
10397
msgstr ""
10392
10398
10393
#: serverguide/C/remote-administration.xml:464(para)
10399
#: serverguide/C/remote-administration.xml:504(para)
10394
10400
msgid ""
10395
10401
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10396
10402
"network clients to synchronize their clocks against the server."
10397
10403
msgstr ""
10398
10404
10399
#: serverguide/C/remote-administration.xml:470(para)
10405
#: serverguide/C/remote-administration.xml:510(para)
10400
10406
msgid ""
10401
10407
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10402
10408
"supporting network ranges, static leases and other advanced options like "
10403
10409
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10404
10410
msgstr ""
10405
10411
10406
#: serverguide/C/remote-administration.xml:477(para)
10412
#: serverguide/C/remote-administration.xml:517(para)
10407
10413
msgid ""
10408
10414
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10409
10415
"your server for caching local queries as a forwarder or as an authoritative "
10411
10417
"and SRV records."
10412
10418
msgstr ""
10413
10419
10414
#: serverguide/C/remote-administration.xml:485(para)
10420
#: serverguide/C/remote-administration.xml:525(para)
10415
10421
msgid ""
10416
10422
"zentyal-ca: integrates the management of a Certification Authority within "
10417
10423
"Zentyal so users can use certificates to authenticate against the services, "
10418
10424
"like with <application>OpenVPN</application>."
10419
10425
msgstr ""
10420
10426
10421
#: serverguide/C/remote-administration.xml:492(para)
10427
#: serverguide/C/remote-administration.xml:532(para)
10422
10428
msgid ""
10423
10429
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10424
10430
"<application>OpenVPN</application> with dynamic routing configuration using "
10425
10431
"<application>Quagga</application>."
10426
10432
msgstr ""
10427
10433
10428
#: serverguide/C/remote-administration.xml:499(para)
10434
#: serverguide/C/remote-administration.xml:539(para)
10429
10435
msgid ""
10430
10436
"zentyal-users: provides an interface to configure and manage users and "
10431
10437
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10434
10440
"<application>Microsoft Active Directory</application> domain."
10435
10441
msgstr ""
10436
10442
10437
#: serverguide/C/remote-administration.xml:509(para)
10443
#: serverguide/C/remote-administration.xml:549(para)
10438
10444
msgid ""
10439
10445
"zentyal-squid: configures <application>Squid</application> and "
10440
10446
"<application>Dansguardian</application> for speeding up browsing thanks to "
10441
10447
"the caching capabilities and content filtering."
10442
10448
msgstr ""
10443
10449
10444
#: serverguide/C/remote-administration.xml:516(para)
10450
#: serverguide/C/remote-administration.xml:556(para)
10445
10451
msgid ""
10446
10452
"zentyal-samba: allows <application>Samba</application> configuration and "
10447
10453
"integration with existing LDAP. From the same interface you can define "
10448
10454
"password policies, create shared resources and assign permissions."
10449
10455
msgstr ""
10450
10456
10451
#: serverguide/C/remote-administration.xml:524(para)
10457
#: serverguide/C/remote-administration.xml:564(para)
10452
10458
msgid ""
10453
10459
"zentyal-printers: integrates <application>CUPS</application> with "
10454
10460
"<application>Samba</application> and allows not only to configure the "
10455
10461
"printers but also give them permissions based on LDAP users and groups."
10456
10462
msgstr ""
10457
10463
10458
#: serverguide/C/remote-administration.xml:533(para)
10464
#: serverguide/C/remote-administration.xml:573(para)
10459
10465
msgid ""
10460
10466
"To install <application>Zentyal</application>, in a terminal on the "
10461
10467
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10462
10468
"the modules from the previous list):"
10463
10469
msgstr ""
10464
10470
10465
#: serverguide/C/remote-administration.xml:540(command)
10471
#: serverguide/C/remote-administration.xml:580(command)
10466
10472
msgid "sudo apt-get install <zentyal-module>"
10467
10473
msgstr ""
10468
10474
10469
#: serverguide/C/remote-administration.xml:544(para)
10475
#: serverguide/C/remote-administration.xml:584(para)
10470
10476
msgid ""
10471
10477
"<application>Zentyal</application> publishes one major stable release once a "
10472
10478
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10486
10492
"Personal Package Archive (PPA)</ulink>."
10487
10493
msgstr ""
10488
10494
10489
#: serverguide/C/remote-administration.xml:566(para)
10495
#: serverguide/C/remote-administration.xml:606(para)
10490
10496
msgid ""
10491
10497
"Not present on Ubuntu Universe repositories, but on <ulink "
10492
10498
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10493
10499
"find these other modules:"
10494
10500
msgstr ""
10495
10501
10496
#: serverguide/C/remote-administration.xml:573(para)
10502
#: serverguide/C/remote-administration.xml:613(para)
10497
10503
msgid ""
10498
10504
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10499
10505
"with other modules like the proxy, file sharing or mailfilter."
10500
10506
msgstr ""
10501
10507
10502
#: serverguide/C/remote-administration.xml:580(para)
10508
#: serverguide/C/remote-administration.xml:620(para)
10503
10509
msgid ""
10504
10510
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10505
10511
"a simple PBX with LDAP based authentication."
10506
10512
msgstr ""
10507
10513
10508
#: serverguide/C/remote-administration.xml:586(para)
10514
#: serverguide/C/remote-administration.xml:626(para)
10509
10515
msgid ""
10510
10516
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10511
10517
msgstr ""
10512
10518
10513
#: serverguide/C/remote-administration.xml:592(para)
10519
#: serverguide/C/remote-administration.xml:632(para)
10514
10520
msgid ""
10515
10521
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10516
10522
"LDAP users and groups."
10517
10523
msgstr ""
10518
10524
10519
#: serverguide/C/remote-administration.xml:598(para)
10525
#: serverguide/C/remote-administration.xml:638(para)
10520
10526
msgid ""
10521
10527
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10522
10528
"popular <application>duplicity</application> backup tool."
10523
10529
msgstr ""
10524
10530
10525
#: serverguide/C/remote-administration.xml:604(para)
10531
#: serverguide/C/remote-administration.xml:644(para)
10526
10532
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10527
10533
msgstr ""
10528
10534
10529
#: serverguide/C/remote-administration.xml:609(para)
10535
#: serverguide/C/remote-administration.xml:649(para)
10530
10536
msgid "zentyal-ids: integrates a network intrusion detection system."
10531
10537
msgstr ""
10532
10538
10533
#: serverguide/C/remote-administration.xml:614(para)
10539
#: serverguide/C/remote-administration.xml:654(para)
10534
10540
msgid ""
10535
10541
"zentyal-ipsec: allows to configure IPsec tunnels using "
10536
10542
"<application>OpenSwan</application>."
10537
10543
msgstr ""
10538
10544
10539
#: serverguide/C/remote-administration.xml:620(para)
10545
#: serverguide/C/remote-administration.xml:660(para)
10540
10546
msgid ""
10541
10547
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10542
10548
"with LDAP users and groups."
10543
10549
msgstr ""
10544
10550
10545
#: serverguide/C/remote-administration.xml:626(para)
10551
#: serverguide/C/remote-administration.xml:666(para)
10546
10552
msgid ""
10547
10553
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10548
10554
"solution."
10549
10555
msgstr ""
10550
10556
10551
#: serverguide/C/remote-administration.xml:632(para)
10557
#: serverguide/C/remote-administration.xml:672(para)
10552
10558
msgid ""
10553
10559
"zentyal-mail: a full mail stack including <application>Postfix "
10554
10560
"</application> and <application>Dovecot</application> with LDAP backend."
10555
10561
msgstr ""
10556
10562
10557
#: serverguide/C/remote-administration.xml:639(para)
10563
#: serverguide/C/remote-administration.xml:679(para)
10558
10564
msgid ""
10559
10565
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10560
10566
"stack to filter spam and attached virus."
10561
10567
msgstr ""
10562
10568
10563
#: serverguide/C/remote-administration.xml:645(para)
10569
#: serverguide/C/remote-administration.xml:685(para)
10564
10570
msgid ""
10565
10571
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10566
10572
"server performance and running services."
10567
10573
msgstr ""
10568
10574
10569
#: serverguide/C/remote-administration.xml:651(para)
10575
#: serverguide/C/remote-administration.xml:691(para)
10570
10576
msgid ""
10571
10577
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10572
10578
msgstr ""
10573
10579
10574
#: serverguide/C/remote-administration.xml:656(para)
10580
#: serverguide/C/remote-administration.xml:696(para)
10575
10581
msgid ""
10576
10582
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10577
10583
"users and groups."
10578
10584
msgstr ""
10579
10585
10580
#: serverguide/C/remote-administration.xml:662(para)
10586
#: serverguide/C/remote-administration.xml:702(para)
10581
10587
msgid ""
10582
10588
"zentyal-software: simple interface to manage installed "
10583
10589
"<application>Zentyal</application> modules and system updates."
10584
10590
msgstr ""
10585
10591
10586
#: serverguide/C/remote-administration.xml:668(para)
10592
#: serverguide/C/remote-administration.xml:708(para)
10587
10593
msgid ""
10588
10594
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10589
10595
"throttling and improve latency."
10590
10596
msgstr ""
10591
10597
10592
#: serverguide/C/remote-administration.xml:674(para)
10598
#: serverguide/C/remote-administration.xml:714(para)
10593
10599
msgid ""
10594
10600
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10595
10601
"web browser."
10596
10602
msgstr ""
10597
10603
10598
#: serverguide/C/remote-administration.xml:680(para)
10604
#: serverguide/C/remote-administration.xml:720(para)
10599
10605
msgid ""
10600
10606
"zentyal-virt: simple interface to create and manage virtual machines based "
10601
10607
"on <application>libvirt</application>."
10602
10608
msgstr ""
10603
10609
10604
#: serverguide/C/remote-administration.xml:686(para)
10610
#: serverguide/C/remote-administration.xml:726(para)
10605
10611
msgid ""
10606
10612
"zentyal-webmail: allows to access your mail using the popular "
10607
10613
"<application>Roundcube</application> webmail."
10608
10614
msgstr ""
10609
10615
10610
#: serverguide/C/remote-administration.xml:692(para)
10616
#: serverguide/C/remote-administration.xml:732(para)
10611
10617
msgid ""
10612
10618
"zentyal-webserver: configures <application>Apache</application> webserver to "
10613
10619
"host different sites on your machine."
10614
10620
msgstr ""
10615
10621
10616
#: serverguide/C/remote-administration.xml:698(para)
10622
#: serverguide/C/remote-administration.xml:738(para)
10617
10623
msgid ""
10618
10624
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10619
10625
"with <application>Zentyal</application> mail stack and LDAP."
10620
10626
msgstr ""
10621
10627
10622
#: serverguide/C/remote-administration.xml:710(title)
10628
#: serverguide/C/remote-administration.xml:750(title)
10623
10629
msgid "First steps"
10624
10630
msgstr ""
10625
10631
10626
#: serverguide/C/remote-administration.xml:712(para)
10632
#: serverguide/C/remote-administration.xml:752(para)
10627
10633
msgid ""
10628
10634
"Any system account belonging to the sudo group is allowed to log into "
10629
10635
"<application>Zentyal</application> web interface. If you are using the user "
10630
10636
"created during the installation, this should be in the sudo group by default."
10631
10637
msgstr ""
10632
10638
10633
#: serverguide/C/remote-administration.xml:720(para)
10639
#: serverguide/C/remote-administration.xml:760(para)
10634
10640
msgid "If you need to add another user to the sudo group, just execute:"
10635
10641
msgstr ""
10636
10642
10637
#: serverguide/C/remote-administration.xml:725(command)
10643
#: serverguide/C/remote-administration.xml:765(command)
10638
10644
msgid "sudo adduser username sudo"
10639
10645
msgstr ""
10640
10646
10641
#: serverguide/C/remote-administration.xml:729(para)
10647
#: serverguide/C/remote-administration.xml:769(para)
10642
10648
msgid ""
10643
10649
"To access <application>Zentyal</application> web interface, browse into "
10644
10650
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10646
10652
"exception on your browser."
10647
10653
msgstr ""
10648
10654
10649
#: serverguide/C/remote-administration.xml:736(para)
10655
#: serverguide/C/remote-administration.xml:776(para)
10650
10656
msgid ""
10651
10657
"Once logged in you will see the dashboard with an overview of your server. "
10652
10658
"To configure any of the features of your installed modules, go to the "
10660
10666
"files."
10661
10667
msgstr ""
10662
10668
10663
#: serverguide/C/remote-administration.xml:750(para)
10669
#: serverguide/C/remote-administration.xml:790(para)
10664
10670
msgid ""
10665
10671
"If you need to customize any configuration file or run certain actions "
10666
10672
"(scripts or commands) to configure features not available on "
10669
10675
"/etc/zentyal/hooks/<module>.<action>."
10670
10676
msgstr ""
10671
10677
10672
#: serverguide/C/remote-administration.xml:763(para)
10678
#: serverguide/C/remote-administration.xml:803(para)
10673
10679
msgid ""
10674
10680
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10675
10681
"</ulink> page."
10676
10682
msgstr ""
10677
10683
10678
#: serverguide/C/remote-administration.xml:767(para)
10684
#: serverguide/C/remote-administration.xml:807(para)
10679
10685
msgid ""
10680
10686
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10681
10687
"Community Documentation</ulink> page."
10682
10688
msgstr ""
10683
10689
10684
#: serverguide/C/remote-administration.xml:771(para)
10690
#: serverguide/C/remote-administration.xml:811(para)
10685
10691
msgid ""
10686
10692
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10687
10693
"</ulink> for community support, feedback, feature requests, etc."
10695
10701
msgid ""
10696
10702
"Ubuntu features a comprehensive package management system for installing, "
10697
10703
"upgrading, configuring, and removing software. In addition to providing "
10698
"access to an organized base of over 35,000 software packages for your Ubuntu "
10704
"access to an organized base of over 45,000 software packages for your Ubuntu "
10699
10705
"computer, the package management facilities also feature dependency "
10700
10706
"resolution capabilities and software update checking."
10701
10707
msgstr ""
10727
10733
10728
10734
#: serverguide/C/package-management.xml:25(para)
10729
10735
msgid ""
10730
"Many complex packages use the concept of <emphasis "
10736
"Many complex packages use <emphasis "
10731
10737
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10732
10738
"packages required by the principal package in order to function properly. "
10733
10739
"For example, the speech synthesis package "
11049
11055
"menu."
11050
11056
msgstr ""
11051
11057
11052
#: serverguide/C/package-management.xml:246(para)
11058
#: serverguide/C/package-management.xml:263(para)
11053
11059
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11054
11060
msgstr ""
11055
11061
11056
#: serverguide/C/package-management.xml:251(para)
11062
#: serverguide/C/package-management.xml:268(para)
11057
11063
msgid ""
11058
11064
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11059
11065
"configuration remains on system"
11060
11066
msgstr ""
11061
11067
11062
#: serverguide/C/package-management.xml:255(para)
11068
#: serverguide/C/package-management.xml:272(para)
11063
11069
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11064
11070
msgstr ""
11065
11071
11066
#: serverguide/C/package-management.xml:259(para)
11072
#: serverguide/C/package-management.xml:276(para)
11067
11073
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11068
11074
msgstr ""
11069
11075
11070
#: serverguide/C/package-management.xml:263(para)
11076
#: serverguide/C/package-management.xml:280(para)
11071
11077
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11072
11078
msgstr ""
11073
11079
11074
#: serverguide/C/package-management.xml:267(para)
11080
#: serverguide/C/package-management.xml:284(para)
11075
11081
msgid ""
11076
11082
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11077
11083
"configured"
11078
11084
msgstr ""
11079
11085
11080
#: serverguide/C/package-management.xml:271(para)
11086
#: serverguide/C/package-management.xml:288(para)
11081
11087
msgid ""
11082
11088
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11083
11089
"and requires fix"
11084
11090
msgstr ""
11085
11091
11086
#: serverguide/C/package-management.xml:275(para)
11092
#: serverguide/C/package-management.xml:292(para)
11087
11093
msgid ""
11088
11094
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11089
11095
"requires fix"
11090
11096
msgstr ""
11091
11097
11092
#: serverguide/C/package-management.xml:243(para)
11098
#: serverguide/C/package-management.xml:260(para)
11093
11099
msgid ""
11094
11100
"The first column of information displayed in the package list in the top "
11095
11101
"pane, when actually viewing packages lists the current state of the package, "
11097
11103
"<placeholder-1/>"
11098
11104
msgstr ""
11099
11105
11100
#: serverguide/C/package-management.xml:281(para)
11106
#: serverguide/C/package-management.xml:298(para)
11101
11107
msgid ""
11102
11108
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11103
11109
"wish to exit. Many other functions are available from the Aptitude menu by "
11104
11110
"pressing the <keycap>F10</keycap> key."
11105
11111
msgstr ""
11106
11112
11107
#: serverguide/C/package-management.xml:284(title)
11113
#: serverguide/C/package-management.xml:301(title)
11108
11114
msgid "Command Line Aptitude"
11109
11115
msgstr ""
11110
11116
11111
#: serverguide/C/package-management.xml:285(para)
11117
#: serverguide/C/package-management.xml:302(para)
11112
11118
msgid ""
11113
11119
"You can also use <application>Aptitude</application> as a command-line tool, "
11114
11120
"similar to <application>apt-get</application>. To install the "
11122
11128
"of command line options for <application>Aptitude</application>."
11123
11129
msgstr ""
11124
11130
11125
#: serverguide/C/package-management.xml:298(title)
11131
#: serverguide/C/package-management.xml:315(title)
11126
11132
msgid "Automatic Updates"
11127
11133
msgstr ""
11128
11134
11129
#: serverguide/C/package-management.xml:300(para)
11135
#: serverguide/C/package-management.xml:317(para)
11130
11136
msgid ""
11131
11137
"The <application>unattended-upgrades</application> package can be used to "
11132
11138
"automatically install updated packages, and can be configured to update all "
11134
11140
"entering the following in a terminal:"
11135
11141
msgstr ""
11136
11142
11137
#: serverguide/C/package-management.xml:306(command)
11143
#: serverguide/C/package-management.xml:323(command)
11138
11144
msgid "sudo apt-get install unattended-upgrades"
11139
11145
msgstr ""
11140
11146
11141
#: serverguide/C/package-management.xml:309(para)
11147
#: serverguide/C/package-management.xml:326(para)
11142
11148
msgid ""
11143
11149
"To configure <application>unattended-upgrades</application>, edit "
11144
11150
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11155
11161
"};\n"
11156
11162
msgstr ""
11157
11163
11158
#: serverguide/C/package-management.xml:321(para)
11164
#: serverguide/C/package-management.xml:338(para)
11159
11165
msgid ""
11160
11166
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11161
11167
"will not be automatically updated. To blacklist a package, add it to the "
11162
11168
"list:"
11163
11169
msgstr ""
11164
11170
11165
#: serverguide/C/package-management.xml:326(programlisting)
11171
#: serverguide/C/package-management.xml:343(programlisting)
11166
11172
#, no-wrap
11167
11173
msgid ""
11168
11174
"\n"
11174
11180
"};\n"
11175
11181
msgstr ""
11176
11182
11177
#: serverguide/C/package-management.xml:336(para)
11183
#: serverguide/C/package-management.xml:353(para)
11178
11184
msgid ""
11179
11185
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11180
11186
"whatever follows \"//\" will not be evaluated."
11181
11187
msgstr ""
11182
11188
11183
#: serverguide/C/package-management.xml:341(para)
11189
#: serverguide/C/package-management.xml:358(para)
11184
11190
msgid ""
11185
11191
"To enable automatic updates, edit "
11186
11192
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11187
11193
"<application>apt</application> configuration options:"
11188
11194
msgstr ""
11189
11195
11190
#: serverguide/C/package-management.xml:345(programlisting)
11196
#: serverguide/C/package-management.xml:362(programlisting)
11191
11197
#, no-wrap
11192
11198
msgid ""
11193
11199
"\n"
11197
11203
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11198
11204
msgstr ""
11199
11205
11200
#: serverguide/C/package-management.xml:352(para)
11206
#: serverguide/C/package-management.xml:369(para)
11201
11207
msgid ""
11202
11208
"The above configuration updates the package list, downloads, and installs "
11203
11209
"available upgrades every day. The local download archive is cleaned every "
11204
11210
"week."
11205
11211
msgstr ""
11206
11212
11207
#: serverguide/C/package-management.xml:358(para)
11213
#: serverguide/C/package-management.xml:375(para)
11208
11214
msgid ""
11209
11215
"You can read more about <application>apt</application> Periodic "
11210
11216
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11211
11217
"header."
11212
11218
msgstr ""
11213
11219
11214
#: serverguide/C/package-management.xml:363(para)
11220
#: serverguide/C/package-management.xml:380(para)
11215
11221
msgid ""
11216
11222
"The results of <application>unattended-upgrades</application> will be logged "
11217
11223
"to <filename>/var/log/unattended-upgrades</filename>."
11218
11224
msgstr ""
11219
11225
11220
#: serverguide/C/package-management.xml:368(title)
11226
#: serverguide/C/package-management.xml:385(title)
11221
11227
msgid "Notifications"
11222
11228
msgstr ""
11223
11229
11224
#: serverguide/C/package-management.xml:370(para)
11230
#: serverguide/C/package-management.xml:387(para)
11225
11231
msgid ""
11226
11232
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11227
11233
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11229
11235
"detailing any packages that need upgrading or have problems."
11230
11236
msgstr ""
11231
11237
11232
#: serverguide/C/package-management.xml:375(para)
11238
#: serverguide/C/package-management.xml:392(para)
11233
11239
msgid ""
11234
11240
"Another useful package is <application>apticron</application>. "
11235
11241
"<application>apticron</application> will configure a "
11238
11244
"summary of changes in each package."
11239
11245
msgstr ""
11240
11246
11241
#: serverguide/C/package-management.xml:381(para)
11247
#: serverguide/C/package-management.xml:398(para)
11242
11248
msgid ""
11243
11249
"To install the <application>apticron</application> package, in a terminal "
11244
11250
"enter:"
11245
11251
msgstr ""
11246
11252
11247
#: serverguide/C/package-management.xml:386(command)
11253
#: serverguide/C/package-management.xml:403(command)
11248
11254
msgid "sudo apt-get install apticron"
11249
11255
msgstr ""
11250
11256
11251
#: serverguide/C/package-management.xml:389(para)
11257
#: serverguide/C/package-management.xml:406(para)
11252
11258
msgid ""
11253
11259
"Once the package is installed edit "
11254
11260
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11255
11261
"and other options:"
11256
11262
msgstr ""
11257
11263
11258
#: serverguide/C/package-management.xml:393(programlisting)
11264
#: serverguide/C/package-management.xml:410(programlisting)
11259
11265
#, no-wrap
11260
11266
msgid ""
11261
11267
"\n"
11262
11268
"EMAIL=\"root@example.com\"\n"
11263
11269
msgstr ""
11264
11270
11265
#: serverguide/C/package-management.xml:402(para)
11271
#: serverguide/C/package-management.xml:419(para)
11266
11272
msgid ""
11267
11273
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11268
11274
"system repositories is stored in the "
11272
11278
"repository references from the file."
11273
11279
msgstr ""
11274
11280
11275
#: serverguide/C/package-management.xml:411(para)
11281
#: serverguide/C/package-management.xml:424(para)
11276
11282
msgid ""
11277
11283
"You may edit the file to enable repositories or disable them. For example, "
11278
11284
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11289
11295
"main restricted\n"
11290
11296
msgstr ""
11291
11297
11292
#: serverguide/C/package-management.xml:422(title)
11298
#: serverguide/C/package-management.xml:435(title)
11293
11299
msgid "Extra Repositories"
11294
11300
msgstr ""
11295
11301
11296
#: serverguide/C/package-management.xml:423(para)
11302
#: serverguide/C/package-management.xml:436(para)
11297
11303
msgid ""
11298
11304
"In addition to the officially supported package repositories available for "
11299
11305
"Ubuntu, there exist additional community-maintained repositories which add "
11304
11310
"which are safe for use with your Ubuntu computer."
11305
11311
msgstr ""
11306
11312
11307
#: serverguide/C/package-management.xml:426(para)
11313
#: serverguide/C/package-management.xml:439(para)
11308
11314
msgid ""
11309
11315
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11310
11316
"licensing issues that prevent them from being distributed with a free "
11311
11317
"operating system, and they may be illegal in your locality."
11312
11318
msgstr ""
11313
11319
11314
#: serverguide/C/package-management.xml:428(para)
11320
#: serverguide/C/package-management.xml:441(para)
11315
11321
msgid ""
11316
11322
"Be advised that neither the <emphasis>Universe</emphasis> or "
11317
11323
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11319
11325
"packages."
11320
11326
msgstr ""
11321
11327
11322
#: serverguide/C/package-management.xml:432(para)
11328
#: serverguide/C/package-management.xml:445(para)
11323
11329
msgid ""
11324
11330
"Many other package sources are available, sometimes even offering only one "
11325
11331
"package, as in the case of package sources provided by the developer of a "
11330
11336
"functional in some respects."
11331
11337
msgstr ""
11332
11338
11333
#: serverguide/C/package-management.xml:435(para)
11339
#: serverguide/C/package-management.xml:448(para)
11334
11340
msgid ""
11335
11341
"By default, the <emphasis>Universe</emphasis> and "
11336
11342
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11361
11367
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11362
11368
msgstr ""
11363
11369
11364
#: serverguide/C/package-management.xml:468(para)
11370
#: serverguide/C/package-management.xml:481(para)
11365
11371
msgid ""
11366
11372
"Most of the material covered in this chapter is available in "
11367
11373
"<application>man</application> pages, many of which are available online."
11368
11374
msgstr ""
11369
11375
11370
#: serverguide/C/package-management.xml:475(para)
11376
#: serverguide/C/package-management.xml:488(para)
11371
11377
msgid ""
11372
11378
"The <ulink "
11373
11379
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11397
11403
"ude man page</ulink> for more <application>aptitude</application> options."
11398
11404
msgstr ""
11399
11405
11400
#: serverguide/C/package-management.xml:499(para)
11406
#: serverguide/C/package-management.xml:512(para)
11401
11407
msgid ""
11402
11408
"The <ulink "
11403
11409
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11464
11470
"reboots (e.g.: after a kernel upgrade)."
11465
11471
msgstr ""
11466
11472
11467
#: serverguide/C/other-apps.xml:44(para)
11473
#: serverguide/C/other-apps.xml:61(para)
11468
11474
msgid ""
11469
11475
"<application>pam_motd</application> executes the scripts in "
11470
11476
"<filename>/etc/update-motd.d</filename> in order based on the number "
11473
11479
"concatenated with <filename>/etc/motd.tail</filename>."
11474
11480
msgstr ""
11475
11481
11476
#: serverguide/C/other-apps.xml:50(para)
11482
#: serverguide/C/other-apps.xml:67(para)
11477
11483
msgid ""
11478
11484
"You can add your own dynamic information to the MOTD. For example, to add "
11479
11485
"local weather information:"
11480
11486
msgstr ""
11481
11487
11482
#: serverguide/C/other-apps.xml:56(para)
11488
#: serverguide/C/other-apps.xml:73(para)
11483
11489
msgid "First, install the <application>weather-util</application> package:"
11484
11490
msgstr ""
11485
11491
11486
#: serverguide/C/other-apps.xml:61(command)
11492
#: serverguide/C/other-apps.xml:78(command)
11487
11493
msgid "sudo apt-get install weather-util"
11488
11494
msgstr ""
11489
11495
11490
#: serverguide/C/other-apps.xml:66(para)
11496
#: serverguide/C/other-apps.xml:83(para)
11491
11497
msgid ""
11492
11498
"The <application>weather</application> utility uses METAR data from the "
11493
11499
"National Oceanic and Atmospheric Administration and forecasts from the "
11497
11503
"Weather Service</ulink> site."
11498
11504
msgstr ""
11499
11505
11500
#: serverguide/C/other-apps.xml:73(para)
11506
#: serverguide/C/other-apps.xml:90(para)
11501
11507
msgid ""
11502
11508
"Although the National Weather Service is a United States government agency "
11503
11509
"there are weather stations available world wide. However, local weather "
11504
11510
"information for all locations outside the U.S. may not be available."
11505
11511
msgstr ""
11506
11512
11507
#: serverguide/C/other-apps.xml:79(para)
11513
#: serverguide/C/other-apps.xml:96(para)
11508
11514
msgid ""
11509
11515
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11510
11516
"script to use <application>weather</application> with your local ICAO "
11511
11517
"indicator:"
11512
11518
msgstr ""
11513
11519
11514
#: serverguide/C/other-apps.xml:84(programlisting)
11520
#: serverguide/C/other-apps.xml:101(programlisting)
11515
11521
#, no-wrap
11516
11522
msgid ""
11517
11523
"\n"
11531
11537
"\n"
11532
11538
msgstr ""
11533
11539
11534
#: serverguide/C/other-apps.xml:102(para)
11540
#: serverguide/C/other-apps.xml:119(para)
11535
11541
msgid "Make the script executable:"
11536
11542
msgstr ""
11537
11543
11538
#: serverguide/C/other-apps.xml:107(command)
11544
#: serverguide/C/other-apps.xml:124(command)
11539
11545
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11540
11546
msgstr ""
11541
11547
11542
#: serverguide/C/other-apps.xml:111(para)
11548
#: serverguide/C/other-apps.xml:128(para)
11543
11549
msgid ""
11544
11550
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11545
11551
"weather</filename>:"
11546
11552
msgstr ""
11547
11553
11548
#: serverguide/C/other-apps.xml:116(command)
11554
#: serverguide/C/other-apps.xml:133(command)
11549
11555
msgid ""
11550
11556
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11551
11557
msgstr ""
11552
11558
11553
#: serverguide/C/other-apps.xml:120(para)
11559
#: serverguide/C/other-apps.xml:137(para)
11554
11560
msgid "Finally, exit the server and re-login to view the new MOTD."
11555
11561
msgstr ""
11556
11562
11557
#: serverguide/C/other-apps.xml:126(para)
11563
#: serverguide/C/other-apps.xml:143(para)
11558
11564
msgid ""
11559
11565
"You should now be greeted with some useful information, and some information "
11560
11566
"about the local weather that may not be quite so useful. Hopefully the "
11570
11576
"<application>update-motd</application>."
11571
11577
msgstr ""
11572
11578
11573
#: serverguide/C/other-apps.xml:338(para)
11579
#: serverguide/C/other-apps.xml:163(para)
11574
11580
msgid ""
11575
11581
"The Debian Package of the Day <ulink "
11576
11582
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11578
11584
"details about using the <application>weather</application>utility."
11579
11585
msgstr ""
11580
11586
11581
#: serverguide/C/other-apps.xml:134(title)
11587
#: serverguide/C/other-apps.xml:178(title)
11582
11588
msgid "etckeeper"
11583
11589
msgstr ""
11584
11590
11594
11600
"possible."
11595
11601
msgstr ""
11596
11602
11597
#: serverguide/C/other-apps.xml:144(para)
11603
#: serverguide/C/other-apps.xml:188(para)
11598
11604
msgid ""
11599
11605
"Install <application>etckeeper</application> by entering the following in a "
11600
11606
"terminal:"
11601
11607
msgstr ""
11602
11608
11603
#: serverguide/C/other-apps.xml:149(command)
11609
#: serverguide/C/other-apps.xml:193(command)
11604
11610
msgid "sudo apt-get install etckeeper"
11605
11611
msgstr ""
11606
11612
11615
11621
"It is possible to undo this by entering the following command:"
11616
11622
msgstr ""
11617
11623
11618
#: serverguide/C/other-apps.xml:162(command)
11624
#: serverguide/C/other-apps.xml:204(command)
11619
11625
msgid "sudo etckeeper uninit"
11620
11626
msgstr ""
11621
11627
11622
#: serverguide/C/other-apps.xml:165(para)
11628
#: serverguide/C/other-apps.xml:207(para)
11623
11629
msgid ""
11624
11630
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11625
11631
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11628
11634
"commit your changes manually, together with a commit message, using:"
11629
11635
msgstr ""
11630
11636
11631
#: serverguide/C/other-apps.xml:174(command)
11637
#: serverguide/C/other-apps.xml:214(command)
11632
11638
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11633
11639
msgstr ""
11634
11640
11636
11642
msgid "Using bzr's VCS commands you can view log information:"
11637
11643
msgstr ""
11638
11644
11639
#: serverguide/C/other-apps.xml:182(command)
11645
#: serverguide/C/other-apps.xml:222(command)
11640
11646
msgid "sudo bzr log /etc/passwd"
11641
11647
msgstr ""
11642
11648
11646
11652
"install <application>postfix</application>:"
11647
11653
msgstr ""
11648
11654
11649
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11655
#: serverguide/C/other-apps.xml:230(command) serverguide/C/mail.xml:43(command)
11650
11656
msgid "sudo apt-get install postfix"
11651
11657
msgstr ""
11652
11658
11653
#: serverguide/C/other-apps.xml:193(para)
11659
#: serverguide/C/other-apps.xml:233(para)
11654
11660
msgid ""
11655
11661
"When the installation is finished, all the "
11656
11662
"<application>postfix</application> configuration files should be committed "
11657
11663
"to the repository:"
11658
11664
msgstr ""
11659
11665
11660
#: serverguide/C/other-apps.xml:199(computeroutput)
11666
#: serverguide/C/other-apps.xml:239(computeroutput)
11661
11667
#, no-wrap
11662
11668
msgid ""
11663
11669
"Committing to: /etc/\n"
11700
11706
"Committed revision 2."
11701
11707
msgstr ""
11702
11708
11703
#: serverguide/C/other-apps.xml:239(para)
11709
#: serverguide/C/other-apps.xml:279(para)
11704
11710
msgid ""
11705
11711
"For an example of how <application>etckeeper</application> tracks manual "
11706
11712
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11707
11713
"<application>bzr</application> you can see which files have been modified:"
11708
11714
msgstr ""
11709
11715
11710
#: serverguide/C/other-apps.xml:245(command)
11716
#: serverguide/C/other-apps.xml:285(command)
11711
11717
msgid "sudo bzr status /etc/"
11712
11718
msgstr ""
11713
11719
11714
#: serverguide/C/other-apps.xml:246(computeroutput)
11720
#: serverguide/C/other-apps.xml:286(computeroutput)
11715
11721
#, no-wrap
11716
11722
msgid ""
11717
11723
"modified:\n"
11718
11724
" hosts"
11719
11725
msgstr ""
11720
11726
11721
#: serverguide/C/other-apps.xml:250(para)
11727
#: serverguide/C/other-apps.xml:290(para)
11722
11728
msgid "Now commit the changes:"
11723
11729
msgstr ""
11724
11730
11726
11732
msgid "sudo etckeeper commit \"added new host\""
11727
11733
msgstr ""
11728
11734
11729
#: serverguide/C/other-apps.xml:258(para)
11735
#: serverguide/C/other-apps.xml:298(para)
11730
11736
msgid ""
11731
11737
"For more information on <application>bzr</application> see <xref "
11732
11738
"linkend=\"bazaar\"/>."
11733
11739
msgstr ""
11734
11740
11735
#: serverguide/C/other-apps.xml:345(para)
11736
msgid ""
11737
"See the <ulink "
11738
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11739
"more details on using <application>etckeeper</application>."
11740
msgstr ""
11741
11742
#: serverguide/C/other-apps.xml:351(para)
11743
msgid ""
11744
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11745
"Ubuntu Wiki</ulink> page."
11746
msgstr ""
11747
11748
#: serverguide/C/other-apps.xml:356(para)
11741
#: serverguide/C/other-apps.xml:310(para)
11742
msgid ""
11743
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
11744
"site for more details on using <application>etckeeper</application>."
11745
msgstr ""
11746
11747
#: serverguide/C/other-apps.xml:317(para)
11749
11748
msgid ""
11750
11749
"For the latest news and information about <application>bzr</application> see "
11751
11750
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11752
11751
msgstr ""
11753
11752
11754
#: serverguide/C/other-apps.xml:264(title)
11753
#: serverguide/C/other-apps.xml:329(title)
11755
11754
msgid "Byobu"
11756
11755
msgstr ""
11757
11756
11758
#: serverguide/C/other-apps.xml:337(para)
11757
#: serverguide/C/other-apps.xml:331(para)
11759
11758
msgid ""
11760
11759
"One of the most useful applications for any system administrator is an xterm "
11761
11760
"multiplexor such as <application>screen</application> or "
11767
11766
"changed by the user."
11768
11767
msgstr ""
11769
11768
11770
#: serverguide/C/other-apps.xml:344(para)
11769
#: serverguide/C/other-apps.xml:338(para)
11771
11770
msgid "Invoke it simply with:"
11772
11771
msgstr ""
11773
11772
11774
#: serverguide/C/other-apps.xml:349(command)
11773
#: serverguide/C/other-apps.xml:343(command)
11775
11774
msgid "byobu"
11776
11775
msgstr ""
11777
11776
11778
#: serverguide/C/other-apps.xml:352(para)
11777
#: serverguide/C/other-apps.xml:346(para)
11779
11778
msgid ""
11780
11779
"Now bring up the configuration menu. By default this is done by pressing the "
11781
11780
"<emphasis>F9</emphasis> key. This will allow you to:"
11782
11781
msgstr ""
11783
11782
11784
#: serverguide/C/other-apps.xml:279(para)
11783
#: serverguide/C/other-apps.xml:351(para)
11785
11784
msgid "View the Help menu"
11786
11785
msgstr ""
11787
11786
11788
#: serverguide/C/other-apps.xml:280(para)
11787
#: serverguide/C/other-apps.xml:352(para)
11789
11788
msgid "Change Byobu's background color"
11790
11789
msgstr ""
11791
11790
11792
#: serverguide/C/other-apps.xml:281(para)
11791
#: serverguide/C/other-apps.xml:353(para)
11793
11792
msgid "Change Byobu's foreground color"
11794
11793
msgstr ""
11795
11794
11796
#: serverguide/C/other-apps.xml:282(para)
11795
#: serverguide/C/other-apps.xml:354(para)
11797
11796
msgid "Toggle status notifications"
11798
11797
msgstr ""
11799
11798
11800
#: serverguide/C/other-apps.xml:283(para)
11799
#: serverguide/C/other-apps.xml:355(para)
11801
11800
msgid "Change the key binding set"
11802
11801
msgstr ""
11803
11802
11804
#: serverguide/C/other-apps.xml:284(para)
11803
#: serverguide/C/other-apps.xml:356(para)
11805
11804
msgid "Change the escape sequence"
11806
11805
msgstr ""
11807
11806
11808
#: serverguide/C/other-apps.xml:285(para)
11807
#: serverguide/C/other-apps.xml:357(para)
11809
11808
msgid "Create new windows"
11810
11809
msgstr ""
11811
11810
11812
#: serverguide/C/other-apps.xml:286(para)
11811
#: serverguide/C/other-apps.xml:358(para)
11813
11812
msgid "Manage the default windows"
11814
11813
msgstr ""
11815
11814
11816
#: serverguide/C/other-apps.xml:287(para)
11815
#: serverguide/C/other-apps.xml:359(para)
11817
11816
msgid "Byobu currently does not launch at login (toggle on)"
11818
11817
msgstr ""
11819
11818
11820
#: serverguide/C/other-apps.xml:290(para)
11819
#: serverguide/C/other-apps.xml:362(para)
11821
11820
msgid ""
11822
11821
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11823
11822
"sequence, new window, change window, etc. There are two key binding sets to "
11826
11825
"<emphasis>none</emphasis> set."
11827
11826
msgstr ""
11828
11827
11829
#: serverguide/C/other-apps.xml:296(para)
11828
#: serverguide/C/other-apps.xml:368(para)
11830
11829
msgid ""
11831
11830
"<application>byobu</application> provides a menu which displays the Ubuntu "
11832
11831
"release, processor information, memory information, and the time and date. "
11833
11832
"The effect is similar to a desktop menu."
11834
11833
msgstr ""
11835
11834
11836
#: serverguide/C/other-apps.xml:301(para)
11835
#: serverguide/C/other-apps.xml:373(para)
11837
11836
msgid ""
11838
11837
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11839
11838
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11842
11841
"affect other users on the system."
11843
11842
msgstr ""
11844
11843
11845
#: serverguide/C/other-apps.xml:307(para)
11844
#: serverguide/C/other-apps.xml:379(para)
11846
11845
msgid ""
11847
11846
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11848
11847
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11850
11849
"commands. Here is a quick list of movement commands:"
11851
11850
msgstr ""
11852
11851
11853
#: serverguide/C/other-apps.xml:314(para)
11852
#: serverguide/C/other-apps.xml:386(para)
11854
11853
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11855
11854
msgstr ""
11856
11855
11857
#: serverguide/C/other-apps.xml:315(para)
11856
#: serverguide/C/other-apps.xml:387(para)
11858
11857
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11859
11858
msgstr ""
11860
11859
11861
#: serverguide/C/other-apps.xml:316(para)
11860
#: serverguide/C/other-apps.xml:388(para)
11862
11861
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11863
11862
msgstr ""
11864
11863
11865
#: serverguide/C/other-apps.xml:317(para)
11864
#: serverguide/C/other-apps.xml:389(para)
11866
11865
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11867
11866
msgstr ""
11868
11867
11869
#: serverguide/C/other-apps.xml:318(para)
11868
#: serverguide/C/other-apps.xml:390(para)
11870
11869
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11871
11870
msgstr ""
11872
11871
11873
#: serverguide/C/other-apps.xml:319(para)
11872
#: serverguide/C/other-apps.xml:391(para)
11874
11873
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11875
11874
msgstr ""
11876
11875
11877
#: serverguide/C/other-apps.xml:320(para)
11876
#: serverguide/C/other-apps.xml:392(para)
11878
11877
msgid ""
11879
11878
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11880
11879
"the buffer)"
11881
11880
msgstr ""
11882
11881
11883
#: serverguide/C/other-apps.xml:321(para)
11882
#: serverguide/C/other-apps.xml:393(para)
11884
11883
msgid "<emphasis>/</emphasis> - Search forward"
11885
11884
msgstr ""
11886
11885
11887
#: serverguide/C/other-apps.xml:322(para)
11886
#: serverguide/C/other-apps.xml:394(para)
11888
11887
msgid "<emphasis>?</emphasis> - Search backward"
11889
11888
msgstr ""
11890
11889
11891
#: serverguide/C/other-apps.xml:401(para)
11890
#: serverguide/C/other-apps.xml:395(para)
11892
11891
msgid ""
11893
11892
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11894
11893
msgstr ""
11895
11894
11896
#: serverguide/C/other-apps.xml:361(para)
11895
#: serverguide/C/other-apps.xml:403(para)
11897
11896
msgid ""
11898
11897
"For more information on <application>screen</application> see the <ulink "
11899
11898
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11900
11899
msgstr ""
11901
11900
11902
#: serverguide/C/other-apps.xml:366(para)
11901
#: serverguide/C/other-apps.xml:408(para)
11903
11902
msgid ""
11904
11903
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11905
11904
"screen</ulink> page."
11906
11905
msgstr ""
11907
11906
11908
#: serverguide/C/other-apps.xml:371(para)
11907
#: serverguide/C/other-apps.xml:413(para)
11909
11908
msgid ""
11910
11909
"Also, see the <application>byobu</application><ulink "
11911
11910
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11927
11926
"discussion of popular network protocols."
11928
11927
msgstr ""
11929
11928
11930
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
11929
#: serverguide/C/network-config.xml:25(title)
11931
11930
msgid "Network Configuration"
11932
11931
msgstr ""
11933
11932
12210
12209
"persistent way to do DNS client configuration is in a following section."
12211
12210
msgstr ""
12212
12211
12213
#: serverguide/C/network-config.xml:224(programlisting)
12212
#: serverguide/C/network-config.xml:226(programlisting)
12214
12213
#, no-wrap
12215
12214
msgid ""
12216
12215
"\n"
12218
12217
"nameserver 8.8.4.4\n"
12219
12218
msgstr ""
12220
12219
12221
#: serverguide/C/network-config.xml:228(para)
12220
#: serverguide/C/network-config.xml:230(para)
12222
12221
msgid ""
12223
12222
"If you no longer need this configuration and wish to purge all IP "
12224
12223
"configuration from an interface, you can use the "
12225
12224
"<application>ip</application> command with the flush option as shown below."
12226
12225
msgstr ""
12227
12226
12228
#: serverguide/C/network-config.xml:234(command)
12227
#: serverguide/C/network-config.xml:236(command)
12229
12228
msgid "ip addr flush eth0"
12230
12229
msgstr ""
12231
12230
12239
12238
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12240
12239
msgstr ""
12241
12240
12242
#: serverguide/C/network-config.xml:245(title)
12241
#: serverguide/C/network-config.xml:249(title)
12243
12242
msgid "Dynamic IP Address Assignment (DHCP Client)"
12244
12243
msgstr ""
12245
12244
12246
#: serverguide/C/network-config.xml:246(para)
12245
#: serverguide/C/network-config.xml:250(para)
12247
12246
msgid ""
12248
12247
"To configure your server to use DHCP for dynamic address assignment, add the "
12249
12248
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12253
12252
"role=\"italic\">eth0</emphasis>."
12254
12253
msgstr ""
12255
12254
12256
#: serverguide/C/network-config.xml:253(programlisting)
12255
#: serverguide/C/network-config.xml:257(programlisting)
12257
12256
#, no-wrap
12258
12257
msgid ""
12259
12258
"\n"
12261
12260
"iface eth0 inet dhcp\n"
12262
12261
msgstr ""
12263
12262
12264
#: serverguide/C/network-config.xml:257(para)
12263
#: serverguide/C/network-config.xml:261(para)
12265
12264
msgid ""
12266
12265
"By adding an interface configuration as shown above, you can manually enable "
12267
12266
"the interface through the <application>ifup</application> command which "
12268
12267
"initiates the DHCP process via <application>dhclient</application>."
12269
12268
msgstr ""
12270
12269
12271
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12270
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12272
12271
msgid "sudo ifup eth0"
12273
12272
msgstr ""
12274
12273
12275
#: serverguide/C/network-config.xml:265(para)
12274
#: serverguide/C/network-config.xml:269(para)
12276
12275
msgid ""
12277
12276
"To manually disable the interface, you can use the "
12278
12277
"<application>ifdown</application> command, which in turn will initiate the "
12279
12278
"DHCP release process and shut down the interface."
12280
12279
msgstr ""
12281
12280
12282
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12281
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12283
12282
msgid "sudo ifdown eth0"
12284
12283
msgstr ""
12285
12284
12286
#: serverguide/C/network-config.xml:276(title)
12285
#: serverguide/C/network-config.xml:280(title)
12287
12286
msgid "Static IP Address Assignment"
12288
12287
msgstr ""
12289
12288
12290
#: serverguide/C/network-config.xml:277(para)
12289
#: serverguide/C/network-config.xml:281(para)
12291
12290
msgid ""
12292
12291
"To configure your system to use a static IP address assignment, add the "
12293
12292
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12301
12300
"network."
12302
12301
msgstr ""
12303
12302
12304
#: serverguide/C/network-config.xml:286(programlisting)
12303
#: serverguide/C/network-config.xml:290(programlisting)
12305
12304
#, no-wrap
12306
12305
msgid ""
12307
12306
"\n"
12312
12311
"gateway 10.0.0.1\n"
12313
12312
msgstr ""
12314
12313
12315
#: serverguide/C/network-config.xml:293(para)
12314
#: serverguide/C/network-config.xml:297(para)
12316
12315
msgid ""
12317
12316
"By adding an interface configuration as shown above, you can manually enable "
12318
12317
"the interface through the <application>ifup</application> command."
12319
12318
msgstr ""
12320
12319
12321
#: serverguide/C/network-config.xml:300(para)
12320
#: serverguide/C/network-config.xml:304(para)
12322
12321
msgid ""
12323
12322
"To manually disable the interface, you can use the "
12324
12323
"<application>ifdown</application> command."
12325
12324
msgstr ""
12326
12325
12327
#: serverguide/C/network-config.xml:310(title)
12326
#: serverguide/C/network-config.xml:314(title)
12328
12327
msgid "Loopback Interface"
12329
12328
msgstr ""
12330
12329
12331
#: serverguide/C/network-config.xml:311(para)
12330
#: serverguide/C/network-config.xml:315(para)
12332
12331
msgid ""
12333
12332
"The loopback interface is identified by the system as <emphasis "
12334
12333
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12335
12334
"can be viewed using the ifconfig command."
12336
12335
msgstr ""
12337
12336
12338
#: serverguide/C/network-config.xml:316(command)
12337
#: serverguide/C/network-config.xml:320(command)
12339
12338
msgid "ifconfig lo"
12340
12339
msgstr ""
12341
12340
12342
#: serverguide/C/network-config.xml:317(computeroutput)
12341
#: serverguide/C/network-config.xml:321(computeroutput)
12343
12342
#, no-wrap
12344
12343
msgid ""
12345
12344
"lo Link encap:Local Loopback \n"
12352
12351
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12353
12352
msgstr ""
12354
12353
12355
#: serverguide/C/network-config.xml:326(para)
12354
#: serverguide/C/network-config.xml:330(para)
12356
12355
msgid ""
12357
12356
"By default, there should be two lines in "
12358
12357
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12361
12360
"example of the two default lines are shown below."
12362
12361
msgstr ""
12363
12362
12364
#: serverguide/C/network-config.xml:332(programlisting)
12363
#: serverguide/C/network-config.xml:336(programlisting)
12365
12364
#, no-wrap
12366
12365
msgid ""
12367
12366
"\n"
12369
12368
"iface lo inet loopback\n"
12370
12369
msgstr ""
12371
12370
12372
#: serverguide/C/network-config.xml:341(title)
12371
#: serverguide/C/network-config.xml:345(title)
12373
12372
msgid "Name Resolution"
12374
12373
msgstr ""
12375
12374
12376
#: serverguide/C/network-config.xml:342(para)
12375
#: serverguide/C/network-config.xml:346(para)
12377
12376
msgid ""
12378
12377
"Name resolution as it relates to IP networking is the process of mapping IP "
12379
12378
"addresses to hostnames, making it easier to identify resources on a network. "
12381
12380
"name resolution using DNS and static hostname records."
12382
12381
msgstr ""
12383
12382
12384
#: serverguide/C/network-config.xml:350(title)
12383
#: serverguide/C/network-config.xml:354(title)
12385
12384
msgid "DNS Client Configuration"
12386
12385
msgstr ""
12387
12386
12388
#: serverguide/C/network-config.xml:362(programlisting)
12387
#: serverguide/C/network-config.xml:366(programlisting)
12389
12388
#, no-wrap
12390
12389
msgid ""
12391
12390
"\n"
12418
12417
"following:"
12419
12418
msgstr ""
12420
12419
12421
#: serverguide/C/network-config.xml:373(programlisting)
12420
#: serverguide/C/network-config.xml:377(programlisting)
12422
12421
#, no-wrap
12423
12422
msgid ""
12424
12423
"\n"
12430
12429
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12431
12430
msgstr ""
12432
12431
12433
#: serverguide/C/network-config.xml:382(para)
12432
#: serverguide/C/network-config.xml:386(para)
12434
12433
msgid ""
12435
12434
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12436
12435
"multiple domain names so that DNS queries will be appended in the order in "
12441
12440
"role=\"italic\">dev.example.com</emphasis>."
12442
12441
msgstr ""
12443
12442
12444
#: serverguide/C/network-config.xml:389(para)
12443
#: serverguide/C/network-config.xml:393(para)
12445
12444
msgid ""
12446
12445
"If you have multiple domains you wish to search, your configuration might "
12447
12446
"look like the following:"
12448
12447
msgstr ""
12449
12448
12450
#: serverguide/C/network-config.xml:393(programlisting)
12449
#: serverguide/C/network-config.xml:397(programlisting)
12451
12450
#, no-wrap
12452
12451
msgid ""
12453
12452
"\n"
12459
12458
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12460
12459
msgstr ""
12461
12460
12462
#: serverguide/C/network-config.xml:402(para)
12461
#: serverguide/C/network-config.xml:406(para)
12463
12462
msgid ""
12464
12463
"If you try to ping a host with the name of <emphasis "
12465
12464
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12466
12465
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12467
12466
msgstr ""
12468
12467
12469
#: serverguide/C/network-config.xml:409(para)
12468
#: serverguide/C/network-config.xml:413(para)
12470
12469
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12471
12470
msgstr ""
12472
12471
12473
#: serverguide/C/network-config.xml:414(para)
12472
#: serverguide/C/network-config.xml:418(para)
12474
12473
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12475
12474
msgstr ""
12476
12475
12477
#: serverguide/C/network-config.xml:419(para)
12476
#: serverguide/C/network-config.xml:423(para)
12478
12477
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12479
12478
msgstr ""
12480
12479
12481
#: serverguide/C/network-config.xml:424(para)
12480
#: serverguide/C/network-config.xml:428(para)
12482
12481
msgid ""
12483
12482
"If no matches are found, the DNS server will provide a result of <emphasis "
12484
12483
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12485
12484
msgstr ""
12486
12485
12487
#: serverguide/C/network-config.xml:431(title)
12486
#: serverguide/C/network-config.xml:435(title)
12488
12487
msgid "Static Hostnames"
12489
12488
msgstr ""
12490
12489
12491
#: serverguide/C/network-config.xml:432(para)
12490
#: serverguide/C/network-config.xml:436(para)
12492
12491
msgid ""
12493
12492
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12494
12493
"file <filename>/etc/hosts</filename>. Entries in the "
12500
12499
"conveniently set to use static hostnames instead of DNS."
12501
12500
msgstr ""
12502
12501
12503
#: serverguide/C/network-config.xml:439(para)
12502
#: serverguide/C/network-config.xml:443(para)
12504
12503
msgid ""
12505
12504
"The following is an example of a <filename>hosts</filename> file where a "
12506
12505
"number of local servers have been identified by simple hostnames, aliases "
12507
12506
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12508
12507
msgstr ""
12509
12508
12510
#: serverguide/C/network-config.xml:443(programlisting)
12509
#: serverguide/C/network-config.xml:447(programlisting)
12511
12510
#, no-wrap
12512
12511
msgid ""
12513
12512
"\n"
12519
12518
"10.0.0.14\tserver4 server4.example.com file\n"
12520
12519
msgstr ""
12521
12520
12522
#: serverguide/C/network-config.xml:452(para)
12521
#: serverguide/C/network-config.xml:456(para)
12523
12522
msgid ""
12524
12523
"In the above example, notice that each of the servers have been given "
12525
12524
"aliases in addition to their proper names and FQDN's. <emphasis "
12532
12531
"role=\"italic\">file</emphasis>."
12533
12532
msgstr ""
12534
12533
12535
#: serverguide/C/network-config.xml:464(title)
12534
#: serverguide/C/network-config.xml:468(title)
12536
12535
msgid "Name Service Switch Configuration"
12537
12536
msgstr ""
12538
12537
12539
#: serverguide/C/network-config.xml:465(para)
12538
#: serverguide/C/network-config.xml:469(para)
12540
12539
msgid ""
12541
12540
"The order in which your system selects a method of resolving hostnames to IP "
12542
12541
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12547
12546
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12548
12547
msgstr ""
12549
12548
12550
#: serverguide/C/network-config.xml:473(programlisting)
12549
#: serverguide/C/network-config.xml:477(programlisting)
12551
12550
#, no-wrap
12552
12551
msgid ""
12553
12552
"\n"
12554
12553
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12555
12554
msgstr ""
12556
12555
12557
#: serverguide/C/network-config.xml:479(para)
12556
#: serverguide/C/network-config.xml:483(para)
12558
12557
msgid ""
12559
12558
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12560
12559
"hostnames located in <filename>/etc/hosts</filename>."
12561
12560
msgstr ""
12562
12561
12563
#: serverguide/C/network-config.xml:485(para)
12562
#: serverguide/C/network-config.xml:489(para)
12564
12563
msgid ""
12565
12564
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12566
12565
"name using Multicast DNS."
12567
12566
msgstr ""
12568
12567
12569
#: serverguide/C/network-config.xml:490(para)
12568
#: serverguide/C/network-config.xml:494(para)
12570
12569
msgid ""
12571
12570
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12572
12571
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12575
12574
"answer."
12576
12575
msgstr ""
12577
12576
12578
#: serverguide/C/network-config.xml:498(para)
12577
#: serverguide/C/network-config.xml:502(para)
12579
12578
msgid ""
12580
12579
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12581
12580
msgstr ""
12582
12581
12583
#: serverguide/C/network-config.xml:503(para)
12582
#: serverguide/C/network-config.xml:507(para)
12584
12583
msgid ""
12585
12584
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12586
12585
msgstr ""
12587
12586
12588
#: serverguide/C/network-config.xml:509(para)
12587
#: serverguide/C/network-config.xml:513(para)
12589
12588
msgid ""
12590
12589
"To modify the order of the above mentioned name resolution methods, you can "
12591
12590
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12594
12593
"<filename>/etc/nsswitch.conf</filename> as shown below."
12595
12594
msgstr ""
12596
12595
12597
#: serverguide/C/network-config.xml:516(programlisting)
12596
#: serverguide/C/network-config.xml:520(programlisting)
12598
12597
#, no-wrap
12599
12598
msgid ""
12600
12599
"\n"
12601
12600
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12602
12601
msgstr ""
12603
12602
12604
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12603
#: serverguide/C/network-config.xml:527(title)
12605
12604
msgid "Bridging"
12606
12605
msgstr ""
12607
12606
12608
#: serverguide/C/network-config.xml:525(para)
12607
#: serverguide/C/network-config.xml:529(para)
12609
12608
msgid ""
12610
12609
"Bridging multiple interfaces is a more advanced configuration, but is very "
12611
12610
"useful in multiple scenarios. One scenario is setting up a bridge with "
12615
12614
"The following example covers the latter scenario."
12616
12615
msgstr ""
12617
12616
12618
#: serverguide/C/network-config.xml:532(para)
12617
#: serverguide/C/network-config.xml:536(para)
12619
12618
msgid ""
12620
12619
"Before configuring a bridge you will need to install the <application>bridge-"
12621
12620
"utils</application> package. To install the package, in a terminal enter:"
12622
12621
msgstr ""
12623
12622
12624
#: serverguide/C/network-config.xml:541(para)
12623
#: serverguide/C/network-config.xml:545(para)
12625
12624
msgid ""
12626
12625
"Next, configure the bridge by editing "
12627
12626
"<filename>/etc/network/interfaces</filename>:"
12628
12627
msgstr ""
12629
12628
12630
#: serverguide/C/network-config.xml:545(programlisting)
12629
#: serverguide/C/network-config.xml:549(programlisting)
12631
12630
#, no-wrap
12632
12631
msgid ""
12633
12632
"\n"
12648
12647
" bridge_stp off\n"
12649
12648
msgstr ""
12650
12649
12651
#: serverguide/C/network-config.xml:564(para)
12650
#: serverguide/C/network-config.xml:568(para)
12652
12651
msgid "Enter the appropriate values for your physical interface and network."
12653
12652
msgstr ""
12654
12653
12660
12659
msgid "sudo ifup br0"
12661
12660
msgstr ""
12662
12661
12663
#: serverguide/C/network-config.xml:576(para)
12662
#: serverguide/C/network-config.xml:580(para)
12664
12663
msgid ""
12665
12664
"The new bridge interface should now be up and running. The "
12666
12665
"<application>brctl</application> provides useful information about the state "
12668
12667
"<command>man brctl</command> for more information."
12669
12668
msgstr ""
12670
12669
12671
#: serverguide/C/network-config.xml:592(para)
12670
#: serverguide/C/network-config.xml:596(para)
12672
12671
msgid ""
12673
12672
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12674
12673
"Network page</ulink> has links to articles covering more advanced network "
12675
12674
"configuration."
12676
12675
msgstr ""
12677
12676
12678
#: serverguide/C/network-config.xml:598(para)
12677
#: serverguide/C/network-config.xml:602(para)
12679
12678
msgid ""
12680
12679
"The <ulink "
12681
12680
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12682
12681
" man page</ulink> has more information on resolvconf."
12683
12682
msgstr ""
12684
12683
12685
#: serverguide/C/network-config.xml:604(para)
12684
#: serverguide/C/network-config.xml:608(para)
12686
12685
msgid ""
12687
12686
"The <ulink "
12688
12687
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12690
12689
"<filename>/etc/network/interfaces</filename>."
12691
12690
msgstr ""
12692
12691
12693
#: serverguide/C/network-config.xml:610(para)
12692
#: serverguide/C/network-config.xml:614(para)
12694
12693
msgid ""
12695
12694
"The <ulink "
12696
12695
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
12698
12697
"settings."
12699
12698
msgstr ""
12700
12699
12701
#: serverguide/C/network-config.xml:616(para)
12700
#: serverguide/C/network-config.xml:620(para)
12702
12701
msgid ""
12703
12702
"For more information on DNS client configuration see the <ulink "
12704
12703
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
12717
12716
"\">Networking-Bridge</ulink> page."
12718
12717
msgstr ""
12719
12718
12720
#: serverguide/C/network-config.xml:635(title)
12719
#: serverguide/C/network-config.xml:639(title)
12721
12720
msgid "TCP/IP"
12722
12721
msgstr ""
12723
12722
12724
#: serverguide/C/network-config.xml:636(para)
12723
#: serverguide/C/network-config.xml:640(para)
12725
12724
msgid ""
12726
12725
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12727
12726
"standard set of protocols developed in the late 1970s by the Defense "
12731
12730
"network protocols on Earth."
12732
12731
msgstr ""
12733
12732
12734
#: serverguide/C/network-config.xml:644(title)
12733
#: serverguide/C/network-config.xml:648(title)
12735
12734
msgid "TCP/IP Introduction"
12736
12735
msgstr ""
12737
12736
12738
#: serverguide/C/network-config.xml:645(para)
12737
#: serverguide/C/network-config.xml:649(para)
12739
12738
msgid ""
12740
12739
"The two protocol components of TCP/IP deal with different aspects of "
12741
12740
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12750
12749
"host."
12751
12750
msgstr ""
12752
12751
12753
#: serverguide/C/network-config.xml:658(title)
12752
#: serverguide/C/network-config.xml:662(title)
12754
12753
msgid "TCP/IP Configuration"
12755
12754
msgstr ""
12756
12755
12757
#: serverguide/C/network-config.xml:659(para)
12756
#: serverguide/C/network-config.xml:663(para)
12758
12757
msgid ""
12759
12758
"The TCP/IP protocol configuration consists of several elements which must be "
12760
12759
"set by editing the appropriate configuration files, or deploying solutions "
12765
12764
"system."
12766
12765
msgstr ""
12767
12766
12768
#: serverguide/C/network-config.xml:671(para)
12767
#: serverguide/C/network-config.xml:675(para)
12769
12768
msgid ""
12770
12769
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12771
12770
"identifying string expressed as four decimal numbers ranging from zero (0) "
12775
12774
"<emphasis>dotted quad notation</emphasis>."
12776
12775
msgstr ""
12777
12776
12778
#: serverguide/C/network-config.xml:681(para)
12777
#: serverguide/C/network-config.xml:685(para)
12779
12778
msgid ""
12780
12779
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12781
12780
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12786
12785
"remain available for specifying hosts on the subnetwork."
12787
12786
msgstr ""
12788
12787
12789
#: serverguide/C/network-config.xml:692(para)
12788
#: serverguide/C/network-config.xml:696(para)
12790
12789
msgid ""
12791
12790
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12792
12791
"represents the bytes comprising the network portion of an IP address. For "
12799
12798
"network and a zero (0) for all the possible hosts on the network."
12800
12799
msgstr ""
12801
12800
12802
#: serverguide/C/network-config.xml:705(para)
12801
#: serverguide/C/network-config.xml:709(para)
12803
12802
msgid ""
12804
12803
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12805
12804
"is an IP address which allows network data to be sent simultaneously to all "
12813
12812
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12814
12813
msgstr ""
12815
12814
12816
#: serverguide/C/network-config.xml:718(para)
12815
#: serverguide/C/network-config.xml:722(para)
12817
12816
msgid ""
12818
12817
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12819
12818
"IP address through which a particular network, or host on a network, may be "
12826
12825
"not be able to reach any hosts beyond those on the same network."
12827
12826
msgstr ""
12828
12827
12829
#: serverguide/C/network-config.xml:729(para)
12828
#: serverguide/C/network-config.xml:733(para)
12830
12829
msgid ""
12831
12830
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12832
12831
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12852
12851
"command typed at a terminal prompt:"
12853
12852
msgstr ""
12854
12853
12855
#: serverguide/C/network-config.xml:750(para)
12854
#: serverguide/C/network-config.xml:754(para)
12856
12855
msgid ""
12857
12856
"Access the system manual page for <filename>interfaces</filename> with the "
12858
12857
"following command:"
12859
12858
msgstr ""
12860
12859
12861
#: serverguide/C/network-config.xml:755(command)
12860
#: serverguide/C/network-config.xml:759(command)
12862
12861
msgid "man interfaces"
12863
12862
msgstr ""
12864
12863
12865
#: serverguide/C/network-config.xml:667(para)
12864
#: serverguide/C/network-config.xml:671(para)
12866
12865
msgid ""
12867
12866
"The common configuration elements of TCP/IP and their purposes are as "
12868
12867
"follows: <placeholder-1/>"
12869
12868
msgstr ""
12870
12869
12871
#: serverguide/C/network-config.xml:771(title)
12870
#: serverguide/C/network-config.xml:767(title)
12872
12871
msgid "IP Routing"
12873
12872
msgstr ""
12874
12873
12875
#: serverguide/C/network-config.xml:772(para)
12874
#: serverguide/C/network-config.xml:768(para)
12876
12875
msgid ""
12877
12876
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12878
12877
"network along which network data may be sent. Routing uses a set of "
12883
12882
"<emphasis>Dynamic Routing.</emphasis>"
12884
12883
msgstr ""
12885
12884
12886
#: serverguide/C/network-config.xml:781(para)
12885
#: serverguide/C/network-config.xml:777(para)
12887
12886
msgid ""
12888
12887
"Static routing involves manually adding IP routes to the system's routing "
12889
12888
"table, and this is usually done by manipulating the routing table with the "
12898
12897
"and failures along the route due to the fixed nature of the route."
12899
12898
msgstr ""
12900
12899
12901
#: serverguide/C/network-config.xml:791(para)
12900
#: serverguide/C/network-config.xml:787(para)
12902
12901
msgid ""
12903
12902
"Dynamic routing depends on large networks with multiple possible IP routes "
12904
12903
"from a source to a destination and makes use of special routing protocols, "
12915
12914
"immediately benefit the end users, but still consumes network bandwidth."
12916
12915
msgstr ""
12917
12916
12918
#: serverguide/C/network-config.xml:805(title)
12917
#: serverguide/C/network-config.xml:801(title)
12919
12918
msgid "TCP and UDP"
12920
12919
msgstr ""
12921
12920
12922
#: serverguide/C/network-config.xml:806(para)
12921
#: serverguide/C/network-config.xml:802(para)
12923
12922
msgid ""
12924
12923
"TCP is a connection-based protocol, offering error correction and guaranteed "
12925
12924
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12930
12929
"important information such as database transactions."
12931
12930
msgstr ""
12932
12931
12933
#: serverguide/C/network-config.xml:814(para)
12932
#: serverguide/C/network-config.xml:810(para)
12934
12933
msgid ""
12935
12934
"The User Datagram Protocol (UDP), on the other hand, is a "
12936
12935
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12941
12940
"loss of a few packets is not generally catastrophic."
12942
12941
msgstr ""
12943
12942
12944
#: serverguide/C/network-config.xml:824(title)
12943
#: serverguide/C/network-config.xml:820(title)
12945
12944
msgid "ICMP"
12946
12945
msgstr ""
12947
12946
12948
#: serverguide/C/network-config.xml:825(para)
12947
#: serverguide/C/network-config.xml:821(para)
12949
12948
msgid ""
12950
12949
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12951
12950
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12958
12957
"<emphasis>Time Exceeded</emphasis>."
12959
12958
msgstr ""
12960
12959
12961
#: serverguide/C/network-config.xml:835(title)
12960
#: serverguide/C/network-config.xml:831(title)
12962
12961
msgid "Daemons"
12963
12962
msgstr ""
12964
12963
12965
#: serverguide/C/network-config.xml:836(para)
12964
#: serverguide/C/network-config.xml:832(para)
12966
12965
msgid ""
12967
12966
"Daemons are special system applications which typically execute continuously "
12968
12967
"in the background and await requests for the functions they provide from "
12985
12984
"that contain more useful information."
12986
12985
msgstr ""
12987
12986
12988
#: serverguide/C/network-config.xml:857(para)
12987
#: serverguide/C/network-config.xml:853(para)
12989
12988
msgid ""
12990
12989
"Also, see the <ulink "
12991
12990
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12992
12991
"and Technical Overview</ulink> IBM Redbook."
12993
12992
msgstr ""
12994
12993
12995
#: serverguide/C/network-config.xml:863(para)
12994
#: serverguide/C/network-config.xml:859(para)
12996
12995
msgid ""
12997
12996
"Another resource is O'Reilly's <ulink "
12998
12997
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12999
12998
"Administration</ulink>."
13000
12999
msgstr ""
13001
13000
13002
#: serverguide/C/network-config.xml:872(title)
13001
#: serverguide/C/network-config.xml:868(title)
13003
13002
msgid "Dynamic Host Configuration Protocol (DHCP)"
13004
13003
msgstr ""
13005
13004
13006
#: serverguide/C/network-config.xml:873(para)
13005
#: serverguide/C/network-config.xml:869(para)
13007
13006
msgid ""
13008
13007
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13009
13008
"enables host computers to be automatically assigned settings from a server "
13012
13011
"DHCP server, and the configuration is transparent to the computer's user."
13013
13012
msgstr ""
13014
13013
13015
#: serverguide/C/network-config.xml:880(para)
13014
#: serverguide/C/network-config.xml:876(para)
13016
13015
msgid ""
13017
13016
"The most common settings provided by a DHCP server to DHCP clients include:"
13018
13017
msgstr ""
13019
13018
13020
#: serverguide/C/network-config.xml:885(para)
13019
#: serverguide/C/network-config.xml:881(para)
13021
13020
msgid "IP address and netmask"
13022
13021
msgstr ""
13023
13022
13024
#: serverguide/C/network-config.xml:888(para)
13023
#: serverguide/C/network-config.xml:884(para)
13025
13024
msgid "IP address of the default-gateway to use"
13026
13025
msgstr ""
13027
13026
13028
#: serverguide/C/network-config.xml:891(para)
13027
#: serverguide/C/network-config.xml:887(para)
13029
13028
msgid "IP adresses of the DNS servers to use"
13030
13029
msgstr ""
13031
13030
13032
#: serverguide/C/network-config.xml:894(para)
13031
#: serverguide/C/network-config.xml:890(para)
13033
13032
msgid ""
13034
13033
"However, a DHCP server can also supply configuration properties such as:"
13035
13034
msgstr ""
13036
13035
13037
#: serverguide/C/network-config.xml:899(para)
13036
#: serverguide/C/network-config.xml:895(para)
13038
13037
msgid "Host Name"
13039
13038
msgstr ""
13040
13039
13041
#: serverguide/C/network-config.xml:902(para)
13040
#: serverguide/C/network-config.xml:898(para)
13042
13041
msgid "Domain Name"
13043
13042
msgstr ""
13044
13043
13045
#: serverguide/C/network-config.xml:905(para)
13044
#: serverguide/C/network-config.xml:901(para)
13046
13045
msgid "Time Server"
13047
13046
msgstr ""
13048
13047
13049
#: serverguide/C/network-config.xml:911(para)
13048
#: serverguide/C/network-config.xml:907(para)
13050
13049
msgid ""
13051
13050
"The advantage of using DHCP is that changes to the network, for example a "
13052
13051
"change in the address of the DNS server, need only be changed at the DHCP "
13057
13056
"also reduced."
13058
13057
msgstr ""
13059
13058
13060
#: serverguide/C/network-config.xml:919(para)
13059
#: serverguide/C/network-config.xml:915(para)
13061
13060
msgid ""
13062
13061
"A DHCP server can provide configuration settings using the following methods:"
13063
13062
msgstr ""
13064
13063
13065
#: serverguide/C/network-config.xml:924(term)
13064
#: serverguide/C/network-config.xml:920(term)
13066
13065
msgid "Manual allocation (MAC address)"
13067
13066
msgstr ""
13068
13067
13069
#: serverguide/C/network-config.xml:926(para)
13068
#: serverguide/C/network-config.xml:922(para)
13070
13069
msgid ""
13071
13070
"This method entails using DHCP to identify the unique hardware address of "
13072
13071
"each network card connected to the network and then continually supplying a "
13075
13074
"assigned automatically to that network card, based on it's MAC address."
13076
13075
msgstr ""
13077
13076
13078
#: serverguide/C/network-config.xml:937(term)
13077
#: serverguide/C/network-config.xml:933(term)
13079
13078
msgid "Dynamic allocation (address pool)"
13080
13079
msgstr ""
13081
13080
13093
13092
"renegociate the lease with the server to maintain use of the address."
13094
13093
msgstr ""
13095
13094
13096
#: serverguide/C/network-config.xml:952(term)
13095
#: serverguide/C/network-config.xml:949(term)
13097
13096
msgid "Automatic allocation"
13098
13097
msgstr ""
13099
13098
13100
#: serverguide/C/network-config.xml:954(para)
13099
#: serverguide/C/network-config.xml:951(para)
13101
13100
msgid ""
13102
13101
"Using this method, the DHCP automatically assigns an IP address permanently "
13103
13102
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13119
13118
"and configure and will be automatically started at system boot."
13120
13119
msgstr ""
13121
13120
13122
#: serverguide/C/network-config.xml:976(para)
13121
#: serverguide/C/network-config.xml:974(para)
13123
13122
msgid ""
13124
13123
"At a terminal prompt, enter the following command to install "
13125
13124
"<application>dhcpd</application>:"
13126
13125
msgstr ""
13127
13126
13128
#: serverguide/C/network-config.xml:981(command)
13127
#: serverguide/C/network-config.xml:979(command)
13129
13128
msgid "sudo apt-get install isc-dhcp-server"
13130
13129
msgstr ""
13131
13130
13132
#: serverguide/C/network-config.xml:983(para)
13131
#: serverguide/C/network-config.xml:981(para)
13133
13132
msgid ""
13134
13133
"You will probably need to change the default configuration by editing "
13135
13134
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13136
13135
msgstr ""
13137
13136
13138
#: serverguide/C/network-config.xml:987(para)
13137
#: serverguide/C/network-config.xml:985(para)
13139
13138
msgid ""
13140
13139
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13141
13140
"interfaces dhcpd should listen to."
13142
13141
msgstr ""
13143
13142
13144
#: serverguide/C/network-config.xml:991(para)
13143
#: serverguide/C/network-config.xml:989(para)
13145
13144
msgid ""
13146
13145
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13147
13146
"messages."
13148
13147
msgstr ""
13149
13148
13150
#: serverguide/C/network-config.xml:998(para)
13149
#: serverguide/C/network-config.xml:996(para)
13151
13150
msgid ""
13152
13151
"The error message the installation ends with might be a little confusing, "
13153
13152
"but the following steps will help you configure the service:"
13154
13153
msgstr ""
13155
13154
13156
#: serverguide/C/network-config.xml:1002(para)
13155
#: serverguide/C/network-config.xml:1000(para)
13157
13156
msgid ""
13158
13157
"Most commonly, what you want to do is assign an IP address randomly. This "
13159
13158
"can be done with settings as follows:"
13160
13159
msgstr ""
13161
13160
13162
#: serverguide/C/network-config.xml:1006(programlisting)
13161
#: serverguide/C/network-config.xml:1004(programlisting)
13163
13162
#, no-wrap
13164
13163
msgid ""
13165
13164
"\n"
13175
13174
"} \n"
13176
13175
msgstr ""
13177
13176
13178
#: serverguide/C/network-config.xml:1018(para)
13177
#: serverguide/C/network-config.xml:1016(para)
13179
13178
msgid ""
13180
13179
"This will result in the DHCP server giving clients an IP address from the "
13181
13180
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13185
13184
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13186
13185
msgstr ""
13187
13186
13188
#: serverguide/C/network-config.xml:1026(para)
13187
#: serverguide/C/network-config.xml:1024(para)
13189
13188
msgid ""
13190
13189
"After changing the config file you have to restart the "
13191
13190
"<application>dhcpd</application>:"
13195
13194
msgid "sudo service isc-dhcp-server restart"
13196
13195
msgstr ""
13197
13196
13198
#: serverguide/C/network-config.xml:1039(para)
13197
#: serverguide/C/network-config.xml:1037(para)
13199
13198
msgid ""
13200
13199
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13201
13200
"server Ubuntu Wiki</ulink> page has more information."
13208
13207
"dhcpd.conf man page</ulink>."
13209
13208
msgstr ""
13210
13209
13211
#: serverguide/C/network-config.xml:1051(ulink)
13210
#: serverguide/C/network-config.xml:1049(ulink)
13212
13211
msgid "ISC dhcp-server"
13213
13212
msgstr ""
13214
13213
13215
#: serverguide/C/network-config.xml:1060(title)
13214
#: serverguide/C/network-config.xml:1058(title)
13216
13215
msgid "Time Synchronisation with NTP"
13217
13216
msgstr ""
13218
13217
13219
#: serverguide/C/network-config.xml:1061(para)
13218
#: serverguide/C/network-config.xml:1059(para)
13220
13219
msgid ""
13221
13220
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13222
13221
"client requests the current time from a server, and uses it to set its own "
13223
13222
"clock."
13224
13223
msgstr ""
13225
13224
13226
#: serverguide/C/network-config.xml:1064(para)
13225
#: serverguide/C/network-config.xml:1062(para)
13227
13226
msgid ""
13228
13227
"Behind this simple description, there is a lot of complexity - there are "
13229
13228
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13235
13234
"from you!"
13236
13235
msgstr ""
13237
13236
13238
#: serverguide/C/network-config.xml:1067(para)
13237
#: serverguide/C/network-config.xml:1065(para)
13239
13238
msgid "Ubuntu uses ntpdate and ntpd."
13240
13239
msgstr ""
13241
13240
13242
#: serverguide/C/network-config.xml:1072(title)
13241
#: serverguide/C/network-config.xml:1070(title)
13243
13242
msgid "ntpdate"
13244
13243
msgstr ""
13245
13244
13246
#: serverguide/C/network-config.xml:1073(para)
13245
#: serverguide/C/network-config.xml:1071(para)
13247
13246
msgid ""
13248
13247
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13249
13248
"set up your time according to Ubuntu's NTP server."
13250
13249
msgstr ""
13251
13250
13252
#: serverguide/C/network-config.xml:1076(programlisting)
13251
#: serverguide/C/network-config.xml:1074(programlisting)
13253
13252
#, no-wrap
13254
13253
msgid ""
13255
13254
"\n"
13256
13255
"ntpdate -s ntp.ubuntu.com\n"
13257
13256
msgstr ""
13258
13257
13259
#: serverguide/C/network-config.xml:1082(title)
13258
#: serverguide/C/network-config.xml:1080(title)
13260
13259
msgid "ntpd"
13261
13260
msgstr ""
13262
13261
13263
#: serverguide/C/network-config.xml:1083(para)
13262
#: serverguide/C/network-config.xml:1081(para)
13264
13263
msgid ""
13265
13264
"The ntp daemon ntpd calculates the drift of your system clock and "
13266
13265
"continuously adjusts it, so there are no large corrections that could lead "
13268
13267
"memory, but for a modern server this is negligible."
13269
13268
msgstr ""
13270
13269
13271
#: serverguide/C/network-config.xml:1090(para)
13270
#: serverguide/C/network-config.xml:1088(para)
13272
13271
msgid "To install ntpd, from a terminal prompt enter:"
13273
13272
msgstr ""
13274
13273
13275
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13274
#: serverguide/C/network-config.xml:1093(command)
13276
13275
msgid "sudo apt-get install ntp"
13277
13276
msgstr ""
13278
13277
13279
#: serverguide/C/network-config.xml:1102(para)
13278
#: serverguide/C/network-config.xml:1100(para)
13280
13279
msgid ""
13281
13280
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13282
13281
"default these servers are configured:"
13283
13282
msgstr ""
13284
13283
13285
#: serverguide/C/network-config.xml:1107(programlisting)
13284
#: serverguide/C/network-config.xml:1105(programlisting)
13286
13285
#, no-wrap
13287
13286
msgid ""
13288
13287
"\n"
13295
13294
"server 3.ubuntu.pool.ntp.org\n"
13296
13295
msgstr ""
13297
13296
13298
#: serverguide/C/network-config.xml:1117(para)
13297
#: serverguide/C/network-config.xml:1115(para)
13299
13298
msgid ""
13300
13299
"After changing the config file you have to reload the "
13301
13300
"<application>ntpd</application>:"
13305
13304
msgid "sudo service ntp reload"
13306
13305
msgstr ""
13307
13306
13308
#: serverguide/C/network-config.xml:1126(title)
13307
#: serverguide/C/network-config.xml:1124(title)
13309
13308
msgid "View status"
13310
13309
msgstr ""
13311
13310
13313
13312
msgid "Use ntpq to see more info:"
13314
13313
msgstr ""
13315
13314
13316
#: serverguide/C/network-config.xml:1131(command)
13315
#: serverguide/C/network-config.xml:1129(command)
13317
13316
msgid "# sudo ntpq -p"
13318
13317
msgstr ""
13319
13318
13320
#: serverguide/C/network-config.xml:1132(computeroutput)
13319
#: serverguide/C/network-config.xml:1130(computeroutput)
13321
13320
#, no-wrap
13322
13321
msgid ""
13323
13322
" remote refid st t when poll reach delay offset "
13336
13335
"92.792"
13337
13336
msgstr ""
13338
13337
13339
#: serverguide/C/network-config.xml:1147(para)
13338
#: serverguide/C/network-config.xml:1145(para)
13340
13339
msgid ""
13341
13340
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13342
13341
"Time</ulink> wiki page for more information."
13343
13342
msgstr ""
13344
13343
13345
#: serverguide/C/network-config.xml:1153(ulink)
13344
#: serverguide/C/network-config.xml:1151(ulink)
13346
13345
msgid "ntp.org, home of the Network Time Protocol project"
13347
13346
msgstr ""
13348
13347
13364
13363
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13365
13364
"querying and modifying a X.500-based directory service running over TCP/IP. "
13366
13365
"The current LDAP version is LDAPv3, as defined in <ulink "
13367
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13368
"implementation used in Ubuntu is from OpenLDAP."
13366
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13367
"implementation in Ubuntu is OpenLDAP.\""
13369
13368
msgstr ""
13370
13369
13371
#: serverguide/C/network-auth.xml:27(para)
13370
#: serverguide/C/network-auth.xml:29(para)
13372
13371
msgid ""
13373
13372
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13374
13373
"and terms:"
13375
13374
msgstr ""
13376
13375
13377
#: serverguide/C/network-auth.xml:34(para)
13376
#: serverguide/C/network-auth.xml:36(para)
13378
13377
msgid ""
13379
13378
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13380
13379
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13381
13380
msgstr ""
13382
13381
13383
#: serverguide/C/network-auth.xml:41(para)
13382
#: serverguide/C/network-auth.xml:43(para)
13384
13383
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13385
13384
msgstr ""
13386
13385
13387
#: serverguide/C/network-auth.xml:47(para)
13386
#: serverguide/C/network-auth.xml:49(para)
13388
13387
msgid ""
13389
13388
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13390
13389
"more <emphasis>values</emphasis>."
13391
13390
msgstr ""
13392
13391
13393
#: serverguide/C/network-auth.xml:53(para)
13392
#: serverguide/C/network-auth.xml:55(para)
13394
13393
msgid ""
13395
13394
"Every attribute must be defined in at least one "
13396
13395
"<emphasis>objectClass</emphasis>."
13397
13396
msgstr ""
13398
13397
13399
#: serverguide/C/network-auth.xml:59(para)
13398
#: serverguide/C/network-auth.xml:61(para)
13400
13399
msgid ""
13401
13400
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13402
13401
"objectclass is actually considered as a special kind of attribute)."
13403
13402
msgstr ""
13404
13403
13405
#: serverguide/C/network-auth.xml:66(para)
13404
#: serverguide/C/network-auth.xml:68(para)
13406
13405
msgid ""
13407
13406
"Each entry has a unique identifier: its <emphasis>Distinguished "
13408
13407
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13409
13408
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13410
13409
msgstr ""
13411
13410
13412
#: serverguide/C/network-auth.xml:73(para)
13411
#: serverguide/C/network-auth.xml:75(para)
13413
13412
msgid ""
13414
13413
"The entry's DN is not an attribute. It is not considered part of the entry "
13415
13414
"itself."
13416
13415
msgstr ""
13417
13416
13418
#: serverguide/C/network-auth.xml:81(para)
13417
#: serverguide/C/network-auth.xml:83(para)
13419
13418
msgid ""
13420
13419
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13421
13420
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13423
13422
"term."
13424
13423
msgstr ""
13425
13424
13426
#: serverguide/C/network-auth.xml:87(para)
13425
#: serverguide/C/network-auth.xml:89(para)
13427
13426
msgid ""
13428
13427
"For example, below we have a single entry consisting of 11 attributes where "
13429
13428
"the following is true:"
13430
13429
msgstr ""
13431
13430
13432
#: serverguide/C/network-auth.xml:94(para)
13431
#: serverguide/C/network-auth.xml:96(para)
13433
13432
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13434
13433
msgstr ""
13435
13434
13436
#: serverguide/C/network-auth.xml:100(para)
13435
#: serverguide/C/network-auth.xml:102(para)
13437
13436
msgid "RDN is \"cn=John Doe\""
13438
13437
msgstr ""
13439
13438
13440
#: serverguide/C/network-auth.xml:106(para)
13439
#: serverguide/C/network-auth.xml:108(para)
13441
13440
msgid "parent DN is \"dc=example,dc=com\""
13442
13441
msgstr ""
13443
13442
13444
#: serverguide/C/network-auth.xml:113(programlisting)
13443
#: serverguide/C/network-auth.xml:115(programlisting)
13445
13444
#, no-wrap
13446
13445
msgid ""
13447
13446
"\n"
13459
13458
" objectClass: top\n"
13460
13459
msgstr ""
13461
13460
13462
#: serverguide/C/network-auth.xml:128(para)
13461
#: serverguide/C/network-auth.xml:130(para)
13463
13462
msgid ""
13464
13463
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13465
13464
"Interchange Format). Any information that you feed into your DIT must also "
13467
13466
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13468
13467
msgstr ""
13469
13468
13470
#: serverguide/C/network-auth.xml:133(para)
13469
#: serverguide/C/network-auth.xml:135(para)
13471
13470
msgid ""
13472
13471
"Although this guide will describe how to use it for central authentication, "
13473
13472
"LDAP is good for anything that involves a large number of access requests to "
13475
13474
"address book, a list of email addresses, and a mail server's configuration."
13476
13475
msgstr ""
13477
13476
13478
#: serverguide/C/network-auth.xml:142(para)
13477
#: serverguide/C/network-auth.xml:144(para)
13479
13478
msgid ""
13480
13479
"Install the OpenLDAP server daemon and the traditional LDAP management "
13481
13480
"utilities. These are found in packages <application>slapd</application> and "
13482
13481
"<application>ldap-utils</application> respectively."
13483
13482
msgstr ""
13484
13483
13485
#: serverguide/C/network-auth.xml:147(para)
13484
#: serverguide/C/network-auth.xml:149(para)
13486
13485
msgid ""
13487
13486
"The installation of slapd will create a working configuration. In "
13488
13487
"particular, it will create a database instance that you can use to store "
13494
13493
"a line similar to this:"
13495
13494
msgstr ""
13496
13495
13497
#: serverguide/C/network-auth.xml:155(programlisting)
13496
#: serverguide/C/network-auth.xml:157(programlisting)
13498
13497
#, no-wrap
13499
13498
msgid ""
13500
13499
"\n"
13501
13500
"127.0.1.1 hostname.example.com\thostname\n"
13502
13501
msgstr ""
13503
13502
13504
#: serverguide/C/network-auth.xml:159(para)
13503
#: serverguide/C/network-auth.xml:161(para)
13505
13504
msgid "You can revert the change after package installation."
13506
13505
msgstr ""
13507
13506
13508
#: serverguide/C/network-auth.xml:164(para)
13507
#: serverguide/C/network-auth.xml:166(para)
13509
13508
msgid ""
13510
13509
"This guide will use a database suffix of "
13511
13510
"<emphasis>dc=example,dc=com</emphasis>."
13512
13511
msgstr ""
13513
13512
13514
#: serverguide/C/network-auth.xml:169(para)
13513
#: serverguide/C/network-auth.xml:171(para)
13515
13514
msgid "Proceed with the install:"
13516
13515
msgstr ""
13517
13516
13518
#: serverguide/C/network-auth.xml:174(command)
13517
#: serverguide/C/network-auth.xml:176(command)
13519
13518
msgid "sudo apt-get install slapd ldap-utils"
13520
13519
msgstr ""
13521
13520
13522
#: serverguide/C/network-auth.xml:177(para)
13521
#: serverguide/C/network-auth.xml:179(para)
13523
13522
msgid ""
13524
13523
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13525
13524
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13532
13531
"will be eventually phased out."
13533
13532
msgstr ""
13534
13533
13535
#: serverguide/C/network-auth.xml:186(para)
13534
#: serverguide/C/network-auth.xml:188(para)
13536
13535
msgid ""
13537
13536
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13538
13537
"configuration and this guide reflects that."
13539
13538
msgstr ""
13540
13539
13541
#: serverguide/C/network-auth.xml:192(para)
13540
#: serverguide/C/network-auth.xml:194(para)
13542
13541
msgid ""
13543
13542
"During the install you were prompted to define administrative credentials. "
13544
13543
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13549
13548
"will see how to do this later on."
13550
13549
msgstr ""
13551
13550
13552
#: serverguide/C/network-auth.xml:199(para)
13551
#: serverguide/C/network-auth.xml:201(para)
13553
13552
msgid ""
13554
13553
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13555
13554
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13556
13555
"schema to work."
13557
13556
msgstr ""
13558
13557
13559
#: serverguide/C/network-auth.xml:207(title)
13558
#: serverguide/C/network-auth.xml:209(title)
13560
13559
msgid "Post-install Inspection"
13561
13560
msgstr ""
13562
13561
13563
#: serverguide/C/network-auth.xml:209(para)
13562
#: serverguide/C/network-auth.xml:211(para)
13564
13563
msgid ""
13565
13564
"The installation process set up 2 DITs. One for slapd-config and one for "
13566
13565
"your own data (dc=example,dc=com). Let's take a look."
13567
13566
msgstr ""
13568
13567
13569
#: serverguide/C/network-auth.xml:216(para)
13568
#: serverguide/C/network-auth.xml:218(para)
13570
13569
msgid ""
13571
13570
"This is what the slapd-config database/DIT looks like. Recall that this "
13572
13571
"database is LDIF-based and lives under "
13573
13572
"<filename>/etc/ldap/slapd.d</filename>:"
13574
13573
msgstr ""
13575
13574
13576
#: serverguide/C/network-auth.xml:222(computeroutput)
13575
#: serverguide/C/network-auth.xml:224(computeroutput)
13577
13576
#, no-wrap
13578
13577
msgid ""
13579
13578
"\n"
13593
13592
" /etc/ldap/slapd.d/cn=config.ldif\n"
13594
13593
msgstr ""
13595
13594
13596
#: serverguide/C/network-auth.xml:242(para)
13595
#: serverguide/C/network-auth.xml:243(para)
13597
13596
msgid ""
13598
13597
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13599
13598
"protocol (utilities)."
13600
13599
msgstr ""
13601
13600
13602
#: serverguide/C/network-auth.xml:250(para)
13601
#: serverguide/C/network-auth.xml:251(para)
13603
13602
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13604
13603
msgstr ""
13605
13604
13606
#: serverguide/C/network-auth.xml:254(para)
13605
#: serverguide/C/network-auth.xml:256(para)
13607
13606
msgid ""
13608
13607
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13609
13608
"work due to a <ulink "
13611
13610
"ulink>"
13612
13611
msgstr ""
13613
13612
13614
#: serverguide/C/network-auth.xml:255(command)
13613
#: serverguide/C/network-auth.xml:262(command)
13615
13614
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13616
13615
msgstr ""
13617
13616
13618
#: serverguide/C/network-auth.xml:256(computeroutput)
13617
#: serverguide/C/network-auth.xml:263(computeroutput)
13619
13618
#, no-wrap
13620
13619
msgid ""
13621
13620
"\n"
13642
13641
"dn: olcDatabase={1}hdb,cn=config\n"
13643
13642
msgstr ""
13644
13643
13645
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13644
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13646
13645
msgid "Explanation of entries:"
13647
13646
msgstr ""
13648
13647
13649
#: serverguide/C/network-auth.xml:288(para)
13648
#: serverguide/C/network-auth.xml:295(para)
13650
13649
msgid "<emphasis>cn=config</emphasis>: global settings"
13651
13650
msgstr ""
13652
13651
13653
#: serverguide/C/network-auth.xml:294(para)
13652
#: serverguide/C/network-auth.xml:301(para)
13654
13653
msgid ""
13655
13654
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13656
13655
msgstr ""
13657
13656
13658
#: serverguide/C/network-auth.xml:300(para)
13657
#: serverguide/C/network-auth.xml:307(para)
13659
13658
msgid ""
13660
13659
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13661
13660
"schema"
13662
13661
msgstr ""
13663
13662
13664
#: serverguide/C/network-auth.xml:306(para)
13663
#: serverguide/C/network-auth.xml:313(para)
13665
13664
msgid ""
13666
13665
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13667
13666
"schema"
13668
13667
msgstr ""
13669
13668
13670
#: serverguide/C/network-auth.xml:312(para)
13669
#: serverguide/C/network-auth.xml:319(para)
13671
13670
msgid ""
13672
13671
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13673
13672
msgstr ""
13674
13673
13675
#: serverguide/C/network-auth.xml:318(para)
13674
#: serverguide/C/network-auth.xml:325(para)
13676
13675
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13677
13676
msgstr ""
13678
13677
13679
#: serverguide/C/network-auth.xml:324(para)
13678
#: serverguide/C/network-auth.xml:331(para)
13680
13679
msgid ""
13681
13680
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13682
13681
"inetorgperson schema"
13683
13682
msgstr ""
13684
13683
13685
#: serverguide/C/network-auth.xml:330(para)
13684
#: serverguide/C/network-auth.xml:337(para)
13686
13685
msgid ""
13687
13686
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13688
13687
"type"
13689
13688
msgstr ""
13690
13689
13691
#: serverguide/C/network-auth.xml:336(para)
13690
#: serverguide/C/network-auth.xml:343(para)
13692
13691
msgid ""
13693
13692
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13694
13693
"default settings for other databases"
13695
13694
msgstr ""
13696
13695
13697
#: serverguide/C/network-auth.xml:342(para)
13696
#: serverguide/C/network-auth.xml:349(para)
13698
13697
msgid ""
13699
13698
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13700
13699
"database (cn=config)"
13701
13700
msgstr ""
13702
13701
13703
#: serverguide/C/network-auth.xml:348(para)
13702
#: serverguide/C/network-auth.xml:355(para)
13704
13703
msgid ""
13705
13704
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13706
13705
"(dc=examle,dc=com)"
13707
13706
msgstr ""
13708
13707
13709
#: serverguide/C/network-auth.xml:359(para)
13708
#: serverguide/C/network-auth.xml:366(para)
13710
13709
msgid "This is what the dc=example,dc=com DIT looks like:"
13711
13710
msgstr ""
13712
13711
13713
#: serverguide/C/network-auth.xml:364(command)
13712
#: serverguide/C/network-auth.xml:371(command)
13714
13713
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13715
13714
msgstr ""
13716
13715
13717
#: serverguide/C/network-auth.xml:365(computeroutput)
13716
#: serverguide/C/network-auth.xml:372(computeroutput)
13718
13717
#, no-wrap
13719
13718
msgid ""
13720
13719
"\n"
13723
13722
"dn: cn=admin,dc=example,dc=com\n"
13724
13723
msgstr ""
13725
13724
13726
#: serverguide/C/network-auth.xml:379(para)
13725
#: serverguide/C/network-auth.xml:386(para)
13727
13726
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13728
13727
msgstr ""
13729
13728
13730
#: serverguide/C/network-auth.xml:385(para)
13729
#: serverguide/C/network-auth.xml:392(para)
13731
13730
msgid ""
13732
13731
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13733
13732
"this DIT (set up during package install)"
13734
13733
msgstr ""
13735
13734
13736
#: serverguide/C/network-auth.xml:399(title)
13735
#: serverguide/C/network-auth.xml:406(title)
13737
13736
msgid "Modifying/Populating your Database"
13738
13737
msgstr ""
13739
13738
13740
#: serverguide/C/network-auth.xml:401(para)
13739
#: serverguide/C/network-auth.xml:408(para)
13741
13740
msgid ""
13742
13741
"Let's introduce some content to our database. We will add the following:"
13743
13742
msgstr ""
13744
13743
13745
#: serverguide/C/network-auth.xml:408(para)
13744
#: serverguide/C/network-auth.xml:415(para)
13746
13745
msgid "a node called <emphasis>People</emphasis> (to store users)"
13747
13746
msgstr ""
13748
13747
13749
#: serverguide/C/network-auth.xml:414(para)
13748
#: serverguide/C/network-auth.xml:421(para)
13750
13749
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13751
13750
msgstr ""
13752
13751
13753
#: serverguide/C/network-auth.xml:420(para)
13752
#: serverguide/C/network-auth.xml:427(para)
13754
13753
msgid "a group called <emphasis>miners</emphasis>"
13755
13754
msgstr ""
13756
13755
13757
#: serverguide/C/network-auth.xml:426(para)
13756
#: serverguide/C/network-auth.xml:433(para)
13758
13757
msgid "a user called <emphasis>john</emphasis>"
13759
13758
msgstr ""
13760
13759
13761
#: serverguide/C/network-auth.xml:433(para)
13760
#: serverguide/C/network-auth.xml:440(para)
13762
13761
msgid ""
13763
13762
"Create the following LDIF file and call it "
13764
13763
"<filename>add_content.ldif</filename>:"
13765
13764
msgstr ""
13766
13765
13767
#: serverguide/C/network-auth.xml:437(programlisting)
13766
#: serverguide/C/network-auth.xml:444(programlisting)
13768
13767
#, no-wrap
13769
13768
msgid ""
13770
13769
"\n"
13798
13797
"homeDirectory: /home/john\n"
13799
13798
msgstr ""
13800
13799
13801
#: serverguide/C/network-auth.xml:469(para)
13800
#: serverguide/C/network-auth.xml:476(para)
13802
13801
msgid ""
13803
13802
"It's important that uid and gid values in your directory do not collide with "
13804
13803
"local values. Use high number ranges, such as starting at 5000. By setting "
13806
13805
"what can be done with a local user vs a ldap one. More on that later."
13807
13806
msgstr ""
13808
13807
13809
#: serverguide/C/network-auth.xml:477(para)
13808
#: serverguide/C/network-auth.xml:484(para)
13810
13809
msgid "Add the content:"
13811
13810
msgstr ""
13812
13811
13813
#: serverguide/C/network-auth.xml:482(command)
13812
#: serverguide/C/network-auth.xml:489(command)
13814
13813
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
13815
13814
msgstr ""
13816
13815
13817
#: serverguide/C/network-auth.xml:484(application)
13816
#: serverguide/C/network-auth.xml:491(application)
13818
13817
msgid "********"
13819
13818
msgstr ""
13820
13819
13821
#: serverguide/C/network-auth.xml:483(computeroutput)
13820
#: serverguide/C/network-auth.xml:490(computeroutput)
13822
13821
#, no-wrap
13823
13822
msgid ""
13824
13823
"\n"
13832
13831
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
13833
13832
msgstr ""
13834
13833
13835
#: serverguide/C/network-auth.xml:495(para)
13834
#: serverguide/C/network-auth.xml:502(para)
13836
13835
msgid ""
13837
13836
"We can check that the information has been correctly added with the "
13838
13837
"<application>ldapsearch</application> utility:"
13839
13838
msgstr ""
13840
13839
13841
#: serverguide/C/network-auth.xml:500(command)
13840
#: serverguide/C/network-auth.xml:507(command)
13842
13841
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
13843
13842
msgstr ""
13844
13843
13845
#: serverguide/C/network-auth.xml:501(computeroutput)
13844
#: serverguide/C/network-auth.xml:508(computeroutput)
13846
13845
#, no-wrap
13847
13846
msgid ""
13848
13847
"\n"
13851
13850
"gidNumber: 5000\n"
13852
13851
msgstr ""
13853
13852
13854
#: serverguide/C/network-auth.xml:508(para)
13853
#: serverguide/C/network-auth.xml:515(para)
13855
13854
msgid "Explanation of switches:"
13856
13855
msgstr ""
13857
13856
13858
#: serverguide/C/network-auth.xml:515(para)
13857
#: serverguide/C/network-auth.xml:522(para)
13859
13858
msgid ""
13860
13859
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
13861
13860
"method"
13862
13861
msgstr ""
13863
13862
13864
#: serverguide/C/network-auth.xml:521(para)
13863
#: serverguide/C/network-auth.xml:528(para)
13865
13864
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
13866
13865
msgstr ""
13867
13866
13868
#: serverguide/C/network-auth.xml:527(para)
13867
#: serverguide/C/network-auth.xml:534(para)
13869
13868
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
13870
13869
msgstr ""
13871
13870
13872
#: serverguide/C/network-auth.xml:533(para)
13871
#: serverguide/C/network-auth.xml:540(para)
13873
13872
msgid ""
13874
13873
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
13875
13874
"displayed (the default is to show all attributes)"
13876
13875
msgstr ""
13877
13876
13878
#: serverguide/C/network-auth.xml:543(title)
13877
#: serverguide/C/network-auth.xml:550(title)
13879
13878
msgid "Modifying the slapd Configuration Database"
13880
13879
msgstr ""
13881
13880
13882
#: serverguide/C/network-auth.xml:545(para)
13881
#: serverguide/C/network-auth.xml:552(para)
13883
13882
msgid ""
13884
13883
"The slapd-config DIT can also be queried and modified. Here are a few "
13885
13884
"examples."
13886
13885
msgstr ""
13887
13886
13888
#: serverguide/C/network-auth.xml:552(para)
13887
#: serverguide/C/network-auth.xml:559(para)
13889
13888
msgid ""
13890
13889
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
13891
13890
"attribute) to your <application>{1}hdb,cn=config</application> database "
13893
13892
"<filename>uid_index.ldif</filename>, with the following contents:"
13894
13893
msgstr ""
13895
13894
13896
#: serverguide/C/network-auth.xml:557(programlisting)
13895
#: serverguide/C/network-auth.xml:564(programlisting)
13897
13896
#, no-wrap
13898
13897
msgid ""
13899
13898
"\n"
13902
13901
"olcDbIndex: uid eq,pres,sub\n"
13903
13902
msgstr ""
13904
13903
13905
#: serverguide/C/network-auth.xml:563(para)
13904
#: serverguide/C/network-auth.xml:570(para)
13906
13905
msgid "Then issue the command:"
13907
13906
msgstr ""
13908
13907
13909
#: serverguide/C/network-auth.xml:568(command)
13908
#: serverguide/C/network-auth.xml:575(command)
13910
13909
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13911
13910
msgstr ""
13912
13911
13913
#: serverguide/C/network-auth.xml:569(computeroutput)
13912
#: serverguide/C/network-auth.xml:576(computeroutput)
13914
13913
#, no-wrap
13915
13914
msgid ""
13916
13915
"\n"
13917
13916
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13918
13917
msgstr ""
13919
13918
13920
#: serverguide/C/network-auth.xml:574(para)
13919
#: serverguide/C/network-auth.xml:581(para)
13921
13920
msgid "You can confirm the change in this way:"
13922
13921
msgstr ""
13923
13922
13924
#: serverguide/C/network-auth.xml:579(command)
13923
#: serverguide/C/network-auth.xml:586(command)
13925
13924
msgid ""
13926
13925
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
13927
13926
"'(olcDatabase={1}hdb)' olcDbIndex"
13928
13927
msgstr ""
13929
13928
13930
#: serverguide/C/network-auth.xml:581(computeroutput)
13929
#: serverguide/C/network-auth.xml:588(computeroutput)
13931
13930
#, no-wrap
13932
13931
msgid ""
13933
13932
"\n"
13936
13935
"olcDbIndex: uid eq,pres,sub\n"
13937
13936
msgstr ""
13938
13937
13939
#: serverguide/C/network-auth.xml:591(para)
13938
#: serverguide/C/network-auth.xml:598(para)
13940
13939
msgid ""
13941
13940
"Let's add a schema. It will first need to be converted to LDIF format. You "
13942
13941
"can find unconverted schemas in addition to converted ones in the <filename "
13943
13942
"role=\"directory\">/etc/ldap/schema</filename> directory."
13944
13943
msgstr ""
13945
13944
13946
#: serverguide/C/network-auth.xml:599(para)
13945
#: serverguide/C/network-auth.xml:606(para)
13947
13946
msgid ""
13948
13947
"It is not trivial to remove a schema from the slapd-config database. "
13949
13948
"Practice adding schemas on a test system."
13950
13949
msgstr ""
13951
13950
13952
#: serverguide/C/network-auth.xml:605(para)
13951
#: serverguide/C/network-auth.xml:612(para)
13953
13952
msgid ""
13954
13953
"Before adding any schema, you should check which schemas are already "
13955
13954
"installed (shown is a default, out-of-the-box output):"
13956
13955
msgstr ""
13957
13956
13958
#: serverguide/C/network-auth.xml:611(command)
13957
#: serverguide/C/network-auth.xml:618(command)
13959
13958
msgid ""
13960
13959
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
13961
13960
msgstr ""
13962
13961
13963
#: serverguide/C/network-auth.xml:613(computeroutput)
13962
#: serverguide/C/network-auth.xml:620(computeroutput)
13964
13963
#, no-wrap
13965
13964
msgid ""
13966
13965
"\n"
13975
13974
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13976
13975
msgstr ""
13977
13976
13978
#: serverguide/C/network-auth.xml:630(para)
13977
#: serverguide/C/network-auth.xml:637(para)
13979
13978
msgid "In the following example we'll add the CORBA schema."
13980
13979
msgstr ""
13981
13980
13982
#: serverguide/C/network-auth.xml:637(para)
13981
#: serverguide/C/network-auth.xml:644(para)
13983
13982
msgid ""
13984
13983
"Create the conversion configuration file "
13985
13984
"<filename>schema_convert.conf</filename> containing the following lines:"
13986
13985
msgstr ""
13987
13986
13988
#: serverguide/C/network-auth.xml:642(programlisting)
13987
#: serverguide/C/network-auth.xml:649(programlisting)
13989
13988
#, no-wrap
13990
13989
msgid ""
13991
13990
"\n"
14005
14004
"include /etc/ldap/schema/pmi.schema\n"
14006
14005
msgstr ""
14007
14006
14008
#: serverguide/C/network-auth.xml:662(para)
14007
#: serverguide/C/network-auth.xml:669(para)
14009
14008
msgid "Create the output directory <filename>ldif_output</filename>."
14010
14009
msgstr ""
14011
14010
14012
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14011
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14013
14012
msgid "Determine the index of the schema:"
14014
14013
msgstr ""
14015
14014
14016
#: serverguide/C/network-auth.xml:673(command)
14015
#: serverguide/C/network-auth.xml:680(command)
14017
14016
msgid ""
14018
14017
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14019
14018
msgstr ""
14020
14019
14021
#: serverguide/C/network-auth.xml:674(computeroutput)
14020
#: serverguide/C/network-auth.xml:681(computeroutput)
14022
14021
#, no-wrap
14023
14022
msgid ""
14024
14023
"\n"
14025
14024
"cn={1}corba,cn=schema,cn=config\n"
14026
14025
msgstr ""
14027
14026
14028
#: serverguide/C/network-auth.xml:685(para)
14027
#: serverguide/C/network-auth.xml:687(para)
14029
14028
msgid ""
14030
14029
"When slapd ingests objects with the same parent DN it will create an "
14031
14030
"<emphasis>index</emphasis> for that object. An index is contained within "
14032
14031
"braces: <application>{X}</application>."
14033
14032
msgstr ""
14034
14033
14035
#: serverguide/C/network-auth.xml:689(para)
14034
#: serverguide/C/network-auth.xml:696(para)
14036
14035
msgid "Use <application>slapcat</application> to perform the conversion:"
14037
14036
msgstr ""
14038
14037
14039
#: serverguide/C/network-auth.xml:694(command)
14038
#: serverguide/C/network-auth.xml:701(command)
14040
14039
msgid ""
14041
14040
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14042
14041
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14043
14042
msgstr ""
14044
14043
14045
#: serverguide/C/network-auth.xml:698(para)
14044
#: serverguide/C/network-auth.xml:705(para)
14046
14045
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14047
14046
msgstr ""
14048
14047
14049
#: serverguide/C/network-auth.xml:704(para)
14048
#: serverguide/C/network-auth.xml:711(para)
14050
14049
msgid ""
14051
14050
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14052
14051
"attributes:"
14053
14052
msgstr ""
14054
14053
14055
#: serverguide/C/network-auth.xml:708(programlisting)
14054
#: serverguide/C/network-auth.xml:715(programlisting)
14056
14055
#, no-wrap
14057
14056
msgid ""
14058
14057
"\n"
14061
14060
"cn: corba\n"
14062
14061
msgstr ""
14063
14062
14064
#: serverguide/C/network-auth.xml:714(para)
14063
#: serverguide/C/network-auth.xml:721(para)
14065
14064
msgid "Also remove the following lines from the bottom:"
14066
14065
msgstr ""
14067
14066
14068
#: serverguide/C/network-auth.xml:718(programlisting)
14067
#: serverguide/C/network-auth.xml:725(programlisting)
14069
14068
#, no-wrap
14070
14069
msgid ""
14071
14070
"\n"
14078
14077
"modifyTimestamp: 20110829165435Z\n"
14079
14078
msgstr ""
14080
14079
14081
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14080
#: serverguide/C/network-auth.xml:735(para) serverguide/C/network-auth.xml:2374(para)
14082
14081
msgid "Your attribute values will vary."
14083
14082
msgstr ""
14084
14083
14085
#: serverguide/C/network-auth.xml:734(para)
14084
#: serverguide/C/network-auth.xml:741(para)
14086
14085
msgid ""
14087
14086
"Finally, use <application>ldapadd</application> to add the new schema to the "
14088
14087
"slapd-config DIT:"
14089
14088
msgstr ""
14090
14089
14091
#: serverguide/C/network-auth.xml:739(command)
14090
#: serverguide/C/network-auth.xml:746(command)
14092
14091
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14093
14092
msgstr ""
14094
14093
14095
#: serverguide/C/network-auth.xml:740(computeroutput)
14094
#: serverguide/C/network-auth.xml:747(computeroutput)
14096
14095
#, no-wrap
14097
14096
msgid ""
14098
14097
"\n"
14099
14098
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14100
14099
msgstr ""
14101
14100
14102
#: serverguide/C/network-auth.xml:748(para)
14101
#: serverguide/C/network-auth.xml:755(para)
14103
14102
msgid "Confirm currently loaded schemas:"
14104
14103
msgstr ""
14105
14104
14106
#: serverguide/C/network-auth.xml:753(command)
14105
#: serverguide/C/network-auth.xml:760(command)
14107
14106
msgid ""
14108
14107
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14109
14108
msgstr ""
14110
14109
14111
#: serverguide/C/network-auth.xml:754(computeroutput)
14110
#: serverguide/C/network-auth.xml:761(computeroutput)
14112
14111
#, no-wrap
14113
14112
msgid ""
14114
14113
"\n"
14125
14124
"dn: cn={4}corba,cn=schema,cn=config\n"
14126
14125
msgstr ""
14127
14126
14128
#: serverguide/C/network-auth.xml:778(para)
14127
#: serverguide/C/network-auth.xml:785(para)
14129
14128
msgid ""
14130
14129
"For external applications and clients to authenticate using LDAP they will "
14131
14130
"each need to be specifically configured to do so. Refer to the appropriate "
14132
14131
"client-side documentation for details."
14133
14132
msgstr ""
14134
14133
14135
#: serverguide/C/network-auth.xml:789(para)
14134
#: serverguide/C/network-auth.xml:796(para)
14136
14135
msgid ""
14137
14136
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14138
14137
"based solution yet it must be manually enabled after software installation. "
14140
14139
"any other slapd configuration, is enabled via the slapd-config database."
14141
14140
msgstr ""
14142
14141
14143
#: serverguide/C/network-auth.xml:795(para)
14142
#: serverguide/C/network-auth.xml:802(para)
14144
14143
msgid ""
14145
14144
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14146
14145
"containing the lower one (additive). A good level to try is "
14150
14149
"different subsystems."
14151
14150
msgstr ""
14152
14151
14153
#: serverguide/C/network-auth.xml:801(para)
14152
#: serverguide/C/network-auth.xml:808(para)
14154
14153
msgid ""
14155
14154
"Create the file <filename>logging.ldif</filename> with the following "
14156
14155
"contents:"
14157
14156
msgstr ""
14158
14157
14159
#: serverguide/C/network-auth.xml:805(programlisting)
14158
#: serverguide/C/network-auth.xml:812(programlisting)
14160
14159
#, no-wrap
14161
14160
msgid ""
14162
14161
"\n"
14166
14165
"olcLogLevel: stats\n"
14167
14166
msgstr ""
14168
14167
14169
#: serverguide/C/network-auth.xml:812(para)
14168
#: serverguide/C/network-auth.xml:819(para)
14170
14169
msgid "Implement the change:"
14171
14170
msgstr ""
14172
14171
14173
#: serverguide/C/network-auth.xml:817(command)
14172
#: serverguide/C/network-auth.xml:824(command)
14174
14173
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14175
14174
msgstr ""
14176
14175
14177
#: serverguide/C/network-auth.xml:820(para)
14176
#: serverguide/C/network-auth.xml:827(para)
14178
14177
msgid ""
14179
14178
"This will produce a significant amount of logging and you will want to "
14180
14179
"throttle back to a less verbose level once your system is in production. "
14182
14181
"hard time keeping up and may drop messages:"
14183
14182
msgstr ""
14184
14183
14185
#: serverguide/C/network-auth.xml:826(programlisting)
14184
#: serverguide/C/network-auth.xml:833(programlisting)
14186
14185
#, no-wrap
14187
14186
msgid ""
14188
14187
"\n"
14190
14189
"limiting\n"
14191
14190
msgstr ""
14192
14191
14193
#: serverguide/C/network-auth.xml:830(para)
14192
#: serverguide/C/network-auth.xml:837(para)
14194
14193
msgid ""
14195
14194
"You may consider a change to rsyslog's configuration. In "
14196
14195
"<filename>/etc/rsyslog.conf</filename>, put:"
14197
14196
msgstr ""
14198
14197
14199
#: serverguide/C/network-auth.xml:834(programlisting)
14198
#: serverguide/C/network-auth.xml:841(programlisting)
14200
14199
#, no-wrap
14201
14200
msgid ""
14202
14201
"\n"
14205
14204
"$SystemLogRateLimitInterval 0\n"
14206
14205
msgstr ""
14207
14206
14208
#: serverguide/C/network-auth.xml:840(para)
14207
#: serverguide/C/network-auth.xml:847(para)
14209
14208
msgid "And then restart the rsyslog daemon:"
14210
14209
msgstr ""
14211
14210
14212
#: serverguide/C/network-auth.xml:845(command)
14211
#: serverguide/C/network-auth.xml:852(command)
14213
14212
msgid "sudo service rsyslog restart"
14214
14213
msgstr ""
14215
14214
14216
#: serverguide/C/network-auth.xml:851(title)
14215
#: serverguide/C/network-auth.xml:858(title)
14217
14216
msgid "Replication"
14218
14217
msgstr ""
14219
14218
14220
#: serverguide/C/network-auth.xml:853(para)
14219
#: serverguide/C/network-auth.xml:860(para)
14221
14220
msgid ""
14222
14221
"The LDAP service becomes increasingly important as more networked systems "
14223
14222
"begin to depend on it. In such an environment, it is standard practice to "
14226
14225
"replication</emphasis>."
14227
14226
msgstr ""
14228
14227
14229
#: serverguide/C/network-auth.xml:859(para)
14228
#: serverguide/C/network-auth.xml:866(para)
14230
14229
msgid ""
14231
14230
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14232
14231
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14238
14237
"be sent, not entire entries."
14239
14238
msgstr ""
14240
14239
14241
#: serverguide/C/network-auth.xml:868(title)
14240
#: serverguide/C/network-auth.xml:875(title)
14242
14241
msgid "Provider Configuration"
14243
14242
msgstr ""
14244
14243
14245
#: serverguide/C/network-auth.xml:870(para)
14244
#: serverguide/C/network-auth.xml:877(para)
14246
14245
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14247
14246
msgstr ""
14248
14247
14249
#: serverguide/C/network-auth.xml:877(para)
14248
#: serverguide/C/network-auth.xml:884(para)
14250
14249
msgid ""
14251
14250
"Create an LDIF file with the following contents and name it "
14252
14251
"<filename>provider_sync.ldif</filename>:"
14253
14252
msgstr ""
14254
14253
14255
#: serverguide/C/network-auth.xml:881(programlisting)
14254
#: serverguide/C/network-auth.xml:888(programlisting)
14256
14255
#, no-wrap
14257
14256
msgid ""
14258
14257
"\n"
14314
14313
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14315
14314
msgstr ""
14316
14315
14317
#: serverguide/C/network-auth.xml:940(para)
14316
#: serverguide/C/network-auth.xml:947(para)
14318
14317
msgid ""
14319
14318
"Change the rootDN in the LDIF file to match the one you have for your "
14320
14319
"directory."
14321
14320
msgstr ""
14322
14321
14323
#: serverguide/C/network-auth.xml:947(para)
14322
#: serverguide/C/network-auth.xml:954(para)
14324
14323
msgid ""
14325
14324
"The <application>apparmor</application> profile for slapd will not need to "
14326
14325
"be adjusted for the accesslog database location since "
14327
14326
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14328
14327
msgstr ""
14329
14328
14330
#: serverguide/C/network-auth.xml:952(programlisting)
14329
#: serverguide/C/network-auth.xml:959(programlisting)
14331
14330
#, no-wrap
14332
14331
msgid ""
14333
14332
"\n"
14335
14334
"/var/lib/ldap/** rwk,\n"
14336
14335
msgstr ""
14337
14336
14338
#: serverguide/C/network-auth.xml:957(para)
14337
#: serverguide/C/network-auth.xml:964(para)
14339
14338
msgid ""
14340
14339
"Create a directory, set up a databse config file, and reload the apparmor "
14341
14340
"profile:"
14342
14341
msgstr ""
14343
14342
14344
#: serverguide/C/network-auth.xml:962(command)
14343
#: serverguide/C/network-auth.xml:969(command)
14345
14344
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14346
14345
msgstr ""
14347
14346
14348
#: serverguide/C/network-auth.xml:963(command)
14347
#: serverguide/C/network-auth.xml:970(command)
14349
14348
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14350
14349
msgstr ""
14351
14350
14352
#: serverguide/C/network-auth.xml:970(para)
14351
#: serverguide/C/network-auth.xml:977(para)
14353
14352
msgid ""
14354
14353
"Add the new content and, due to the apparmor change, restart the daemon:"
14355
14354
msgstr ""
14356
14355
14357
#: serverguide/C/network-auth.xml:975(command)
14356
#: serverguide/C/network-auth.xml:982(command)
14358
14357
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14359
14358
msgstr ""
14360
14359
14361
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14360
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14362
14361
msgid "sudo service slapd restart"
14363
14362
msgstr ""
14364
14363
14365
#: serverguide/C/network-auth.xml:983(para)
14364
#: serverguide/C/network-auth.xml:990(para)
14366
14365
msgid "The Provider is now configured."
14367
14366
msgstr ""
14368
14367
14369
#: serverguide/C/network-auth.xml:990(title)
14368
#: serverguide/C/network-auth.xml:997(title)
14370
14369
msgid "Consumer Configuration"
14371
14370
msgstr ""
14372
14371
14373
#: serverguide/C/network-auth.xml:992(para)
14372
#: serverguide/C/network-auth.xml:999(para)
14374
14373
msgid "And now configure the <emphasis>Consumer</emphasis>."
14375
14374
msgstr ""
14376
14375
14377
#: serverguide/C/network-auth.xml:999(para)
14376
#: serverguide/C/network-auth.xml:1006(para)
14378
14377
msgid ""
14379
14378
"Install the software by going through <xref linkend=\"openldap-server-"
14380
14379
"installation\"/>. Make sure the slapd-config databse is identical to the "
14382
14381
"same."
14383
14382
msgstr ""
14384
14383
14385
#: serverguide/C/network-auth.xml:1006(para)
14384
#: serverguide/C/network-auth.xml:1013(para)
14386
14385
msgid ""
14387
14386
"Create an LDIF file with the following contents and name it "
14388
14387
"<filename>consumer_sync.ldif</filename>:"
14389
14388
msgstr ""
14390
14389
14391
#: serverguide/C/network-auth.xml:1010(programlisting)
14390
#: serverguide/C/network-auth.xml:1017(programlisting)
14392
14391
#, no-wrap
14393
14392
msgid ""
14394
14393
"\n"
14415
14414
"olcUpdateRef: ldap://ldap01.example.com\n"
14416
14415
msgstr ""
14417
14416
14418
#: serverguide/C/network-auth.xml:1031(para)
14417
#: serverguide/C/network-auth.xml:1038(para)
14419
14418
msgid "Ensure the following attributes have the correct values:"
14420
14419
msgstr ""
14421
14420
14422
#: serverguide/C/network-auth.xml:1036(para)
14421
#: serverguide/C/network-auth.xml:1043(para)
14423
14422
msgid ""
14424
14423
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14425
14424
"ldap01.example.com in this example -- or IP address)"
14426
14425
msgstr ""
14427
14426
14428
#: serverguide/C/network-auth.xml:1037(para)
14427
#: serverguide/C/network-auth.xml:1044(para)
14429
14428
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14430
14429
msgstr ""
14431
14430
14432
#: serverguide/C/network-auth.xml:1038(para)
14431
#: serverguide/C/network-auth.xml:1045(para)
14433
14432
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14434
14433
msgstr ""
14435
14434
14436
#: serverguide/C/network-auth.xml:1039(para)
14435
#: serverguide/C/network-auth.xml:1046(para)
14437
14436
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14438
14437
msgstr ""
14439
14438
14440
#: serverguide/C/network-auth.xml:1040(para)
14439
#: serverguide/C/network-auth.xml:1047(para)
14441
14440
msgid ""
14442
14441
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14443
14442
msgstr ""
14444
14443
14445
#: serverguide/C/network-auth.xml:1041(para)
14444
#: serverguide/C/network-auth.xml:1048(para)
14446
14445
msgid ""
14447
14446
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14448
14447
"replica. Each consumer should have at least one rid)"
14449
14448
msgstr ""
14450
14449
14451
#: serverguide/C/network-auth.xml:1050(para)
14450
#: serverguide/C/network-auth.xml:1057(para)
14452
14451
msgid "Add the new content:"
14453
14452
msgstr ""
14454
14453
14455
#: serverguide/C/network-auth.xml:1055(command)
14454
#: serverguide/C/network-auth.xml:1062(command)
14456
14455
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14457
14456
msgstr ""
14458
14457
14459
#: serverguide/C/network-auth.xml:1062(para)
14458
#: serverguide/C/network-auth.xml:1069(para)
14460
14459
msgid ""
14461
14460
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14462
14461
"synchronizing."
14463
14462
msgstr ""
14464
14463
14465
#: serverguide/C/network-auth.xml:1071(para)
14464
#: serverguide/C/network-auth.xml:1078(para)
14466
14465
msgid "Once replication starts, you can monitor it by running"
14467
14466
msgstr ""
14468
14467
14469
#: serverguide/C/network-auth.xml:1081(command)
14468
#: serverguide/C/network-auth.xml:1083(command)
14470
14469
msgid ""
14471
14470
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14472
14471
"contextCSN"
14473
14472
msgstr ""
14474
14473
14475
#: serverguide/C/network-auth.xml:1077(computeroutput)
14474
#: serverguide/C/network-auth.xml:1084(computeroutput)
14476
14475
#, no-wrap
14477
14476
msgid ""
14478
14477
"\n"
14480
14479
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14481
14480
msgstr ""
14482
14481
14483
#: serverguide/C/network-auth.xml:1083(para)
14482
#: serverguide/C/network-auth.xml:1090(para)
14484
14483
msgid ""
14485
14484
"on both the provider and the consumer. Once the output "
14486
14485
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14489
14488
"the one in the consumer(s)."
14490
14489
msgstr ""
14491
14490
14492
#: serverguide/C/network-auth.xml:1092(para)
14491
#: serverguide/C/network-auth.xml:1099(para)
14493
14492
msgid ""
14494
14493
"If your connection is slow and/or your ldap database large, it might take a "
14495
14494
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14497
14496
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14498
14497
msgstr ""
14499
14498
14500
#: serverguide/C/network-auth.xml:1100(para)
14499
#: serverguide/C/network-auth.xml:1107(para)
14501
14500
msgid ""
14502
14501
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14503
14502
"match the provider, you should stop and figure out the issue before "
14507
14506
"statements) return no errors."
14508
14507
msgstr ""
14509
14508
14510
#: serverguide/C/network-auth.xml:1109(para)
14509
#: serverguide/C/network-auth.xml:1116(para)
14511
14510
msgid ""
14512
14511
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14513
14512
msgstr ""
14514
14513
14515
#: serverguide/C/network-auth.xml:1114(command)
14514
#: serverguide/C/network-auth.xml:1121(command)
14516
14515
msgid ""
14517
14516
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14518
14517
msgstr ""
14519
14518
14520
#: serverguide/C/network-auth.xml:1117(para)
14519
#: serverguide/C/network-auth.xml:1124(para)
14521
14520
msgid ""
14522
14521
"You should see the user 'john' and the group 'miners' as well as the nodes "
14523
14522
"'People' and 'Groups'."
14524
14523
msgstr ""
14525
14524
14526
#: serverguide/C/network-auth.xml:1126(title)
14525
#: serverguide/C/network-auth.xml:1133(title)
14527
14526
msgid "Access Control"
14528
14527
msgstr ""
14529
14528
14530
#: serverguide/C/network-auth.xml:1128(para)
14529
#: serverguide/C/network-auth.xml:1135(para)
14531
14530
msgid ""
14532
14531
"The management of what type of access (read, write, etc) users should be "
14533
14532
"granted to resources is known as <emphasis>access control</emphasis>. The "
14535
14534
"lists</emphasis> or ACL."
14536
14535
msgstr ""
14537
14536
14538
#: serverguide/C/network-auth.xml:1133(para)
14537
#: serverguide/C/network-auth.xml:1140(para)
14539
14538
msgid ""
14540
14539
"When we installed the slapd package various ACL were set up automatically. "
14541
14540
"We will look at a few important consequences of those defaults and, in so "
14542
14541
"doing, we'll get an idea of how ACLs work and how they're configured."
14543
14542
msgstr ""
14544
14543
14545
#: serverguide/C/network-auth.xml:1138(para)
14544
#: serverguide/C/network-auth.xml:1145(para)
14546
14545
msgid ""
14547
14546
"To get the effective ACL for an LDAP query we need to look at the ACL "
14548
14547
"entries of the database being queried as well as those of the special "
14554
14553
"(\"dc=example,dc=com\") and those of the frontend database:"
14555
14554
msgstr ""
14556
14555
14557
#: serverguide/C/network-auth.xml:1147(command)
14556
#: serverguide/C/network-auth.xml:1154(command)
14558
14557
msgid ""
14559
14558
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14560
14559
"'(olcDatabase={1}hdb)' olcAccess"
14561
14560
msgstr ""
14562
14561
14563
#: serverguide/C/network-auth.xml:1149(computeroutput)
14562
#: serverguide/C/network-auth.xml:1156(computeroutput)
14564
14563
#, no-wrap
14565
14564
msgid ""
14566
14565
"\n"
14574
14573
" read\n"
14575
14574
msgstr ""
14576
14575
14577
#: serverguide/C/network-auth.xml:1160(para)
14576
#: serverguide/C/network-auth.xml:1167(para)
14578
14577
msgid ""
14579
14578
"The rootDN always has full rights to its database. Including it in an ACL "
14580
14579
"does provide an explicit configuration but it also causes slapd to incur a "
14581
14580
"performance penalty."
14582
14581
msgstr ""
14583
14582
14584
#: serverguide/C/network-auth.xml:1167(command)
14583
#: serverguide/C/network-auth.xml:1174(command)
14585
14584
msgid ""
14586
14585
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14587
14586
"'(olcDatabase={-1}frontend)' olcAccess"
14588
14587
msgstr ""
14589
14588
14590
#: serverguide/C/network-auth.xml:1169(computeroutput)
14589
#: serverguide/C/network-auth.xml:1176(computeroutput)
14591
14590
#, no-wrap
14592
14591
msgid ""
14593
14592
"\n"
14598
14597
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14599
14598
msgstr ""
14600
14599
14601
#: serverguide/C/network-auth.xml:1178(para)
14600
#: serverguide/C/network-auth.xml:1185(para)
14602
14601
msgid "The very first ACL is crucial:"
14603
14602
msgstr ""
14604
14603
14605
#: serverguide/C/network-auth.xml:1182(programlisting)
14604
#: serverguide/C/network-auth.xml:1189(programlisting)
14606
14605
#, no-wrap
14607
14606
msgid ""
14608
14607
"\n"
14611
14610
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14612
14611
msgstr ""
14613
14612
14614
#: serverguide/C/network-auth.xml:1187(para)
14613
#: serverguide/C/network-auth.xml:1194(para)
14615
14614
msgid "This can be represented differently for easier digestion:"
14616
14615
msgstr ""
14617
14616
14618
#: serverguide/C/network-auth.xml:1191(programlisting)
14617
#: serverguide/C/network-auth.xml:1198(programlisting)
14619
14618
#, no-wrap
14620
14619
msgid ""
14621
14620
"\n"
14632
14631
"\tby * none\n"
14633
14632
msgstr ""
14634
14633
14635
#: serverguide/C/network-auth.xml:1205(para)
14634
#: serverguide/C/network-auth.xml:1212(para)
14636
14635
msgid "This compound ACL (there are 2) enforces the following:"
14637
14636
msgstr ""
14638
14637
14639
#: serverguide/C/network-auth.xml:1212(para)
14638
#: serverguide/C/network-auth.xml:1219(para)
14640
14639
msgid ""
14641
14640
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14642
14641
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14645
14644
"occur (see next point)."
14646
14645
msgstr ""
14647
14646
14648
#: serverguide/C/network-auth.xml:1220(para)
14647
#: serverguide/C/network-auth.xml:1227(para)
14649
14648
msgid ""
14650
14649
"Authentication can happen because all users have 'read' (due to 'by self "
14651
14650
"write') access to the <emphasis>userPassword</emphasis> attribute."
14652
14651
msgstr ""
14653
14652
14654
#: serverguide/C/network-auth.xml:1226(para)
14653
#: serverguide/C/network-auth.xml:1233(para)
14655
14654
msgid ""
14656
14655
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14657
14656
"all other users, with the exception of the rootDN, who has complete access "
14658
14657
"to it."
14659
14658
msgstr ""
14660
14659
14661
#: serverguide/C/network-auth.xml:1233(para)
14660
#: serverguide/C/network-auth.xml:1240(para)
14662
14661
msgid ""
14663
14662
"In order for users to change their own password, using "
14664
14663
"<command>passwd</command> or other utilities, the "
14666
14665
"a user has authenticated."
14667
14666
msgstr ""
14668
14667
14669
#: serverguide/C/network-auth.xml:1241(para)
14668
#: serverguide/C/network-auth.xml:1248(para)
14670
14669
msgid ""
14671
14670
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14672
14671
msgstr ""
14673
14672
14674
#: serverguide/C/network-auth.xml:1245(programlisting)
14673
#: serverguide/C/network-auth.xml:1252(programlisting)
14675
14674
#, no-wrap
14676
14675
msgid ""
14677
14676
"\n"
14681
14680
"\tby * read\n"
14682
14681
msgstr ""
14683
14682
14684
#: serverguide/C/network-auth.xml:1252(para)
14683
#: serverguide/C/network-auth.xml:1259(para)
14685
14684
msgid ""
14686
14685
"If this is unwanted then you need to change the ACLs. To force "
14687
14686
"authentication during a bind request you can alternatively (or in "
14688
14687
"combination with the modified ACL) use the 'olcRequire: authc' directive."
14689
14688
msgstr ""
14690
14689
14691
#: serverguide/C/network-auth.xml:1257(para)
14690
#: serverguide/C/network-auth.xml:1264(para)
14692
14691
msgid ""
14693
14692
"As previously mentioned, there is no administrative account created for the "
14694
14693
"slapd-config database. There is, however, a SASL identity that is granted "
14696
14695
"it is:"
14697
14696
msgstr ""
14698
14697
14699
#: serverguide/C/network-auth.xml:1262(programlisting)
14698
#: serverguide/C/network-auth.xml:1269(programlisting)
14700
14699
#, no-wrap
14701
14700
msgid ""
14702
14701
"\n"
14703
14702
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
14704
14703
msgstr ""
14705
14704
14706
#: serverguide/C/network-auth.xml:1266(para)
14705
#: serverguide/C/network-auth.xml:1273(para)
14707
14706
msgid ""
14708
14707
"The following command will display the ACLs of the slapd-config database:"
14709
14708
msgstr ""
14710
14709
14711
#: serverguide/C/network-auth.xml:1271(command)
14710
#: serverguide/C/network-auth.xml:1278(command)
14712
14711
msgid ""
14713
14712
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14714
14713
"'(olcDatabase={0}config)' olcAccess"
14715
14714
msgstr ""
14716
14715
14717
#: serverguide/C/network-auth.xml:1273(computeroutput)
14716
#: serverguide/C/network-auth.xml:1280(computeroutput)
14718
14717
#, no-wrap
14719
14718
msgid ""
14720
14719
"\n"
14723
14722
" cn=external,cn=auth manage by * break\n"
14724
14723
msgstr ""
14725
14724
14726
#: serverguide/C/network-auth.xml:1285(para)
14725
#: serverguide/C/network-auth.xml:1287(para)
14727
14726
msgid ""
14728
14727
"Since this is a SASL identity we need to use a SASL "
14729
14728
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
14731
14730
"mechanism. See the previous command for an example. Note that:"
14732
14731
msgstr ""
14733
14732
14734
#: serverguide/C/network-auth.xml:1288(para)
14733
#: serverguide/C/network-auth.xml:1295(para)
14735
14734
msgid ""
14736
14735
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
14737
14736
"for the ACL to match."
14738
14737
msgstr ""
14739
14738
14740
#: serverguide/C/network-auth.xml:1294(para)
14739
#: serverguide/C/network-auth.xml:1301(para)
14741
14740
msgid ""
14742
14741
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
14743
14742
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
14744
14743
msgstr ""
14745
14744
14746
#: serverguide/C/network-auth.xml:1302(para)
14745
#: serverguide/C/network-auth.xml:1309(para)
14747
14746
msgid "A succinct way to get all the ACLs is like this:"
14748
14747
msgstr ""
14749
14748
14750
#: serverguide/C/network-auth.xml:1307(command)
14749
#: serverguide/C/network-auth.xml:1314(command)
14751
14750
msgid ""
14752
14751
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14753
14752
"'(olcAccess=*)' olcAccess olcSuffix"
14754
14753
msgstr ""
14755
14754
14756
#: serverguide/C/network-auth.xml:1311(para)
14755
#: serverguide/C/network-auth.xml:1318(para)
14757
14756
msgid ""
14758
14757
"There is much to say on the topic of access control. See the man page for "
14759
14758
"<ulink "
14761
14760
".access</ulink>."
14762
14761
msgstr ""
14763
14762
14764
#: serverguide/C/network-auth.xml:1319(title)
14763
#: serverguide/C/network-auth.xml:1326(title)
14765
14764
msgid "TLS"
14766
14765
msgstr ""
14767
14766
14768
#: serverguide/C/network-auth.xml:1321(para)
14767
#: serverguide/C/network-auth.xml:1328(para)
14769
14768
msgid ""
14770
14769
"When authenticating to an OpenLDAP server it is best to do so using an "
14771
14770
"encrypted session. This can be accomplished using Transport Layer Security "
14772
14771
"(TLS)."
14773
14772
msgstr ""
14774
14773
14775
#: serverguide/C/network-auth.xml:1326(para)
14774
#: serverguide/C/network-auth.xml:1333(para)
14776
14775
msgid ""
14777
14776
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
14778
14777
"create and sign our LDAP server certificate as that CA. Since "
14781
14780
"<application>certtool</application> utility to complete these tasks."
14782
14781
msgstr ""
14783
14782
14784
#: serverguide/C/network-auth.xml:1335(para)
14783
#: serverguide/C/network-auth.xml:1342(para)
14785
14784
msgid ""
14786
14785
"Install the <application>gnutls-bin</application> and <application>ssl-"
14787
14786
"cert</application> packages:"
14788
14787
msgstr ""
14789
14788
14790
#: serverguide/C/network-auth.xml:1340(command)
14789
#: serverguide/C/network-auth.xml:1347(command)
14791
14790
msgid "sudo apt-get install gnutls-bin ssl-cert"
14792
14791
msgstr ""
14793
14792
14794
#: serverguide/C/network-auth.xml:1346(para)
14793
#: serverguide/C/network-auth.xml:1353(para)
14795
14794
msgid "Create a private key for the Certificate Authority:"
14796
14795
msgstr ""
14797
14796
14798
#: serverguide/C/network-auth.xml:1351(command)
14797
#: serverguide/C/network-auth.xml:1358(command)
14799
14798
msgid ""
14800
14799
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14801
14800
msgstr ""
14802
14801
14803
#: serverguide/C/network-auth.xml:1357(para)
14802
#: serverguide/C/network-auth.xml:1364(para)
14804
14803
msgid ""
14805
14804
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
14806
14805
"CA:"
14807
14806
msgstr ""
14808
14807
14809
#: serverguide/C/network-auth.xml:1361(programlisting)
14808
#: serverguide/C/network-auth.xml:1368(programlisting)
14810
14809
#, no-wrap
14811
14810
msgid ""
14812
14811
"\n"
14815
14814
"cert_signing_key\n"
14816
14815
msgstr ""
14817
14816
14818
#: serverguide/C/network-auth.xml:1370(para)
14817
#: serverguide/C/network-auth.xml:1377(para)
14819
14818
msgid "Create the self-signed CA certificate:"
14820
14819
msgstr ""
14821
14820
14822
#: serverguide/C/network-auth.xml:1375(command)
14821
#: serverguide/C/network-auth.xml:1382(command)
14823
14822
msgid ""
14824
14823
"sudo certtool --generate-self-signed \\ --load-privkey "
14825
14824
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14826
14825
"/etc/ssl/certs/cacert.pem"
14827
14826
msgstr ""
14828
14827
14829
#: serverguide/C/network-auth.xml:1384(para)
14828
#: serverguide/C/network-auth.xml:1391(para)
14830
14829
msgid "Make a private key for the server:"
14831
14830
msgstr ""
14832
14831
14833
#: serverguide/C/network-auth.xml:1389(command)
14832
#: serverguide/C/network-auth.xml:1396(command)
14834
14833
msgid ""
14835
14834
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
14836
14835
"/etc/ssl/private/ldap01_slapd_key.pem"
14837
14836
msgstr ""
14838
14837
14839
#: serverguide/C/network-auth.xml:1395(para)
14838
#: serverguide/C/network-auth.xml:1402(para)
14840
14839
msgid ""
14841
14840
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14842
14841
"hostname. Naming the certificate and key for the host and service that will "
14843
14842
"be using them will help keep things clear."
14844
14843
msgstr ""
14845
14844
14846
#: serverguide/C/network-auth.xml:1404(para)
14845
#: serverguide/C/network-auth.xml:1411(para)
14847
14846
msgid ""
14848
14847
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14849
14848
msgstr ""
14850
14849
14851
#: serverguide/C/network-auth.xml:1408(programlisting)
14850
#: serverguide/C/network-auth.xml:1415(programlisting)
14852
14851
#, no-wrap
14853
14852
msgid ""
14854
14853
"\n"
14860
14859
"expiration_days = 3650\n"
14861
14860
msgstr ""
14862
14861
14863
#: serverguide/C/network-auth.xml:1417(para)
14862
#: serverguide/C/network-auth.xml:1424(para)
14864
14863
msgid "The above certificate is good for 10 years. Adjust accordingly."
14865
14864
msgstr ""
14866
14865
14867
#: serverguide/C/network-auth.xml:1423(para)
14866
#: serverguide/C/network-auth.xml:1430(para)
14868
14867
msgid "Create the server's certificate:"
14869
14868
msgstr ""
14870
14869
14871
#: serverguide/C/network-auth.xml:1428(command)
14870
#: serverguide/C/network-auth.xml:1435(command)
14872
14871
msgid ""
14873
14872
"sudo certtool --generate-certificate \\ --load-privkey "
14874
14873
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
14877
14876
"/etc/ssl/certs/ldap01_slapd_cert.pem"
14878
14877
msgstr ""
14879
14878
14880
#: serverguide/C/network-auth.xml:1440(para)
14879
#: serverguide/C/network-auth.xml:1447(para)
14881
14880
msgid ""
14882
14881
"Create the file <filename>certinfo.ldif</filename> with the following "
14883
14882
"contents (adjust accordingly, our example assumes we created certs using "
14884
14883
"https://www.cacert.org):"
14885
14884
msgstr ""
14886
14885
14887
#: serverguide/C/network-auth.xml:1444(programlisting)
14886
#: serverguide/C/network-auth.xml:1451(programlisting)
14888
14887
#, no-wrap
14889
14888
msgid ""
14890
14889
"\n"
14899
14898
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
14900
14899
msgstr ""
14901
14900
14902
#: serverguide/C/network-auth.xml:1456(para)
14901
#: serverguide/C/network-auth.xml:1463(para)
14903
14902
msgid ""
14904
14903
"Use the <application>ldapmodify</application> command to tell slapd about "
14905
14904
"our TLS work via the slapd-config database:"
14906
14905
msgstr ""
14907
14906
14908
#: serverguide/C/network-auth.xml:1461(command)
14907
#: serverguide/C/network-auth.xml:1468(command)
14909
14908
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
14910
14909
msgstr ""
14911
14910
14912
#: serverguide/C/network-auth.xml:1464(para)
14911
#: serverguide/C/network-auth.xml:1471(para)
14913
14912
msgid ""
14914
14913
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
14915
14914
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
14916
14915
"should have just:"
14917
14916
msgstr ""
14918
14917
14919
#: serverguide/C/network-auth.xml:1469(programlisting)
14918
#: serverguide/C/network-auth.xml:1476(programlisting)
14920
14919
#, no-wrap
14921
14920
msgid ""
14922
14921
"\n"
14923
14922
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
14924
14923
msgstr ""
14925
14924
14926
#: serverguide/C/network-auth.xml:1474(para)
14925
#: serverguide/C/network-auth.xml:1481(para)
14927
14926
msgid ""
14928
14927
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
14929
14928
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
14932
14931
"over TCP port 636."
14933
14932
msgstr ""
14934
14933
14935
#: serverguide/C/network-auth.xml:1482(para)
14934
#: serverguide/C/network-auth.xml:1489(para)
14936
14935
msgid "Tighten up ownership and permissions:"
14937
14936
msgstr ""
14938
14937
14939
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
14938
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
14940
14939
msgid "sudo adduser openldap ssl-cert"
14941
14940
msgstr ""
14942
14941
14943
#: serverguide/C/network-auth.xml:1488(command)
14942
#: serverguide/C/network-auth.xml:1495(command)
14944
14943
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14945
14944
msgstr ""
14946
14945
14947
#: serverguide/C/network-auth.xml:1489(command)
14946
#: serverguide/C/network-auth.xml:1496(command)
14948
14947
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14949
14948
msgstr ""
14950
14949
14951
#: serverguide/C/network-auth.xml:1490(command)
14950
#: serverguide/C/network-auth.xml:1497(command)
14952
14951
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
14953
14952
msgstr ""
14954
14953
14955
#: serverguide/C/network-auth.xml:1493(para)
14954
#: serverguide/C/network-auth.xml:1500(para)
14956
14955
msgid "Restart OpenLDAP:"
14957
14956
msgstr ""
14958
14957
14959
#: serverguide/C/network-auth.xml:1501(para)
14958
#: serverguide/C/network-auth.xml:1508(para)
14960
14959
msgid ""
14961
14960
"Check your host's logs (/var/log/syslog) to see if the server has started "
14962
14961
"properly."
14963
14962
msgstr ""
14964
14963
14965
#: serverguide/C/network-auth.xml:1508(title)
14964
#: serverguide/C/network-auth.xml:1515(title)
14966
14965
msgid "Replication and TLS"
14967
14966
msgstr ""
14968
14967
14969
#: serverguide/C/network-auth.xml:1510(para)
14968
#: serverguide/C/network-auth.xml:1517(para)
14970
14969
msgid ""
14971
14970
"If you have set up replication between servers, it is common practice to "
14972
14971
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
14974
14973
"section we will build on that TLS-authentication work."
14975
14974
msgstr ""
14976
14975
14977
#: serverguide/C/network-auth.xml:1516(para)
14976
#: serverguide/C/network-auth.xml:1523(para)
14978
14977
msgid ""
14979
14978
"The assumption here is that you have set up replication between Provider and "
14980
14979
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
14982
14981
"linkend=\"openldap-tls\"/>."
14983
14982
msgstr ""
14984
14983
14985
#: serverguide/C/network-auth.xml:1521(para)
14984
#: serverguide/C/network-auth.xml:1528(para)
14986
14985
msgid ""
14987
14986
"As previously stated, the objective (for us) with replication is high "
14988
14987
"availablity for the LDAP service. Since we have TLS for authentication on "
14994
14993
"material over to the Consumer."
14995
14994
msgstr ""
14996
14995
14997
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
14996
#: serverguide/C/network-auth.xml:1539(para) serverguide/C/network-auth.xml:1696(para)
14998
14997
msgid "On the Provider,"
14999
14998
msgstr ""
15000
14999
15001
#: serverguide/C/network-auth.xml:1536(para)
15000
#: serverguide/C/network-auth.xml:1543(para)
15002
15001
msgid ""
15003
15002
"Create a holding directory (which will be used for the eventual transfer) "
15004
15003
"and then the Consumer's private key:"
15005
15004
msgstr ""
15006
15005
15007
#: serverguide/C/network-auth.xml:1541(command)
15006
#: serverguide/C/network-auth.xml:1548(command)
15008
15007
msgid "mkdir ldap02-ssl"
15009
15008
msgstr ""
15010
15009
15011
#: serverguide/C/network-auth.xml:1542(command)
15010
#: serverguide/C/network-auth.xml:1549(command)
15012
15011
msgid "cd ldap02-ssl"
15013
15012
msgstr ""
15014
15013
15015
#: serverguide/C/network-auth.xml:1543(command)
15014
#: serverguide/C/network-auth.xml:1550(command)
15016
15015
msgid ""
15017
15016
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15018
15017
"ldap02_slapd_key.pem"
15019
15018
msgstr ""
15020
15019
15021
#: serverguide/C/network-auth.xml:1548(para)
15020
#: serverguide/C/network-auth.xml:1555(para)
15022
15021
msgid ""
15023
15022
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
15024
15023
"server, adjusting its values accordingly:"
15025
15024
msgstr ""
15026
15025
15027
#: serverguide/C/network-auth.xml:1552(programlisting)
15026
#: serverguide/C/network-auth.xml:1559(programlisting)
15028
15027
#, no-wrap
15029
15028
msgid ""
15030
15029
"\n"
15036
15035
"expiration_days = 3650\n"
15037
15036
msgstr ""
15038
15037
15039
#: serverguide/C/network-auth.xml:1561(para)
15038
#: serverguide/C/network-auth.xml:1568(para)
15040
15039
msgid "Create the Consumer's certificate:"
15041
15040
msgstr ""
15042
15041
15043
#: serverguide/C/network-auth.xml:1566(command)
15042
#: serverguide/C/network-auth.xml:1573(command)
15044
15043
msgid ""
15045
15044
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
15046
15045
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
15048
15047
"ldap02_slapd_cert.pem"
15049
15048
msgstr ""
15050
15049
15051
#: serverguide/C/network-auth.xml:1574(para)
15050
#: serverguide/C/network-auth.xml:1581(para)
15052
15051
msgid "Get a copy of the CA certificate:"
15053
15052
msgstr ""
15054
15053
15055
#: serverguide/C/network-auth.xml:1579(command)
15054
#: serverguide/C/network-auth.xml:1586(command)
15056
15055
msgid "cp /etc/ssl/certs/cacert.pem ."
15057
15056
msgstr ""
15058
15057
15059
#: serverguide/C/network-auth.xml:1582(para)
15058
#: serverguide/C/network-auth.xml:1589(para)
15060
15059
msgid ""
15061
15060
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15062
15061
"the Consumer. Here we use scp (adjust accordingly):"
15063
15062
msgstr ""
15064
15063
15065
#: serverguide/C/network-auth.xml:1587(command)
15064
#: serverguide/C/network-auth.xml:1594(command)
15066
15065
msgid "cd .."
15067
15066
msgstr ""
15068
15067
15069
#: serverguide/C/network-auth.xml:1588(command)
15068
#: serverguide/C/network-auth.xml:1595(command)
15070
15069
msgid "scp -r ldap02-ssl user@consumer:"
15071
15070
msgstr ""
15072
15071
15073
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15072
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15074
15073
msgid "On the Consumer,"
15075
15074
msgstr ""
15076
15075
15077
#: serverguide/C/network-auth.xml:1598(para)
15076
#: serverguide/C/network-auth.xml:1605(para)
15078
15077
msgid "Configure TLS authentication:"
15079
15078
msgstr ""
15080
15079
15081
#: serverguide/C/network-auth.xml:1603(command)
15080
#: serverguide/C/network-auth.xml:1610(command)
15082
15081
msgid "sudo apt-get install ssl-cert"
15083
15082
msgstr ""
15084
15083
15085
#: serverguide/C/network-auth.xml:1605(command)
15084
#: serverguide/C/network-auth.xml:1612(command)
15086
15085
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15087
15086
msgstr ""
15088
15087
15089
#: serverguide/C/network-auth.xml:1606(command)
15088
#: serverguide/C/network-auth.xml:1613(command)
15090
15089
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15091
15090
msgstr ""
15092
15091
15093
#: serverguide/C/network-auth.xml:1607(command)
15092
#: serverguide/C/network-auth.xml:1614(command)
15094
15093
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15095
15094
msgstr ""
15096
15095
15097
#: serverguide/C/network-auth.xml:1608(command)
15096
#: serverguide/C/network-auth.xml:1615(command)
15098
15097
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15099
15098
msgstr ""
15100
15099
15101
#: serverguide/C/network-auth.xml:1609(command)
15100
#: serverguide/C/network-auth.xml:1616(command)
15102
15101
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15103
15102
msgstr ""
15104
15103
15105
#: serverguide/C/network-auth.xml:1612(para)
15104
#: serverguide/C/network-auth.xml:1619(para)
15106
15105
msgid ""
15107
15106
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15108
15107
"following contents (adjust accordingly):"
15109
15108
msgstr ""
15110
15109
15111
#: serverguide/C/network-auth.xml:1616(programlisting)
15110
#: serverguide/C/network-auth.xml:1623(programlisting)
15112
15111
#, no-wrap
15113
15112
msgid ""
15114
15113
"\n"
15123
15122
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15124
15123
msgstr ""
15125
15124
15126
#: serverguide/C/network-auth.xml:1628(para)
15125
#: serverguide/C/network-auth.xml:1635(para)
15127
15126
msgid "Configure the slapd-config database:"
15128
15127
msgstr ""
15129
15128
15130
#: serverguide/C/network-auth.xml:1633(command)
15129
#: serverguide/C/network-auth.xml:1640(command)
15131
15130
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15132
15131
msgstr ""
15133
15132
15134
#: serverguide/C/network-auth.xml:1636(para)
15133
#: serverguide/C/network-auth.xml:1643(para)
15135
15134
msgid ""
15136
15135
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15137
15136
"(SLAPD_SERVICES)."
15138
15137
msgstr ""
15139
15138
15140
#: serverguide/C/network-auth.xml:1646(para)
15139
#: serverguide/C/network-auth.xml:1653(para)
15141
15140
msgid ""
15142
15141
"Configure TLS for Consumer-side replication. Modify the existing "
15143
15142
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15145
15144
"value(s)."
15146
15145
msgstr ""
15147
15146
15148
#: serverguide/C/network-auth.xml:1651(para)
15147
#: serverguide/C/network-auth.xml:1658(para)
15149
15148
msgid ""
15150
15149
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15151
15150
"following contents:"
15152
15151
msgstr ""
15153
15152
15154
#: serverguide/C/network-auth.xml:1660(programlisting)
15153
#: serverguide/C/network-auth.xml:1662(programlisting)
15155
15154
#, no-wrap
15156
15155
msgid ""
15157
15156
"\n"
15166
15165
" starttls=critical tls_reqcert=demand\n"
15167
15166
msgstr ""
15168
15167
15169
#: serverguide/C/network-auth.xml:1665(para)
15168
#: serverguide/C/network-auth.xml:1672(para)
15170
15169
msgid ""
15171
15170
"The extra options specify, respectively, that the consumer must use StartTLS "
15172
15171
"and that the CA certificate is required to verify the Provider's identity. "
15174
15173
"('replace')."
15175
15174
msgstr ""
15176
15175
15177
#: serverguide/C/network-auth.xml:1670(para)
15176
#: serverguide/C/network-auth.xml:1677(para)
15178
15177
msgid "Implement these changes:"
15179
15178
msgstr ""
15180
15179
15181
#: serverguide/C/network-auth.xml:1675(command)
15180
#: serverguide/C/network-auth.xml:1682(command)
15182
15181
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15183
15182
msgstr ""
15184
15183
15185
#: serverguide/C/network-auth.xml:1678(para)
15184
#: serverguide/C/network-auth.xml:1685(para)
15186
15185
msgid "And restart slapd:"
15187
15186
msgstr ""
15188
15187
15189
#: serverguide/C/network-auth.xml:1693(para)
15188
#: serverguide/C/network-auth.xml:1700(para)
15190
15189
msgid ""
15191
15190
"Check to see that a TLS session has been established. In "
15192
15191
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15193
15192
"logging set up, you should see messages similar to:"
15194
15193
msgstr ""
15195
15194
15196
#: serverguide/C/network-auth.xml:1698(programlisting)
15195
#: serverguide/C/network-auth.xml:1705(programlisting)
15197
15196
#, no-wrap
15198
15197
msgid ""
15199
15198
"\n"
15210
15209
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15211
15210
msgstr ""
15212
15211
15213
#: serverguide/C/network-auth.xml:1716(title)
15212
#: serverguide/C/network-auth.xml:1723(title)
15214
15213
msgid "LDAP Authentication"
15215
15214
msgstr ""
15216
15215
15217
#: serverguide/C/network-auth.xml:1723(para)
15216
#: serverguide/C/network-auth.xml:1725(para)
15218
15217
msgid ""
15219
15218
"Once you have a working LDAP server, you will need to install libraries on "
15220
15219
"the client that will know how and when to contact it. On Ubuntu, this has "
15223
15222
"assist you in the configuration step. Install this package now:"
15224
15223
msgstr ""
15225
15224
15226
#: serverguide/C/network-auth.xml:1725(command)
15225
#: serverguide/C/network-auth.xml:1732(command)
15227
15226
msgid "sudo apt-get install libnss-ldap"
15228
15227
msgstr ""
15229
15228
15230
#: serverguide/C/network-auth.xml:1728(para)
15229
#: serverguide/C/network-auth.xml:1735(para)
15231
15230
msgid ""
15232
15231
"You will be prompted for details of your LDAP server. If you make a mistake "
15233
15232
"you can try again using:"
15234
15233
msgstr ""
15235
15234
15236
#: serverguide/C/network-auth.xml:1733(command)
15235
#: serverguide/C/network-auth.xml:1740(command)
15237
15236
msgid "sudo dpkg-reconfigure ldap-auth-config"
15238
15237
msgstr ""
15239
15238
15240
#: serverguide/C/network-auth.xml:1736(para)
15239
#: serverguide/C/network-auth.xml:1743(para)
15241
15240
msgid ""
15242
15241
"The results of the dialog can be seen in "
15243
15242
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15244
15243
"covered in the menu edit this file accordingly."
15245
15244
msgstr ""
15246
15245
15247
#: serverguide/C/network-auth.xml:1741(para)
15246
#: serverguide/C/network-auth.xml:1748(para)
15248
15247
msgid "Now configure the LDAP profile for NSS:"
15249
15248
msgstr ""
15250
15249
15251
#: serverguide/C/network-auth.xml:1746(command)
15250
#: serverguide/C/network-auth.xml:1753(command)
15252
15251
msgid "sudo auth-client-config -t nss -p lac_ldap"
15253
15252
msgstr ""
15254
15253
15255
#: serverguide/C/network-auth.xml:1749(para)
15254
#: serverguide/C/network-auth.xml:1756(para)
15256
15255
msgid "Configure the system to use LDAP for authentication:"
15257
15256
msgstr ""
15258
15257
15259
#: serverguide/C/network-auth.xml:1754(command)
15258
#: serverguide/C/network-auth.xml:1761(command)
15260
15259
msgid "sudo pam-auth-update"
15261
15260
msgstr ""
15262
15261
15263
#: serverguide/C/network-auth.xml:1757(para)
15262
#: serverguide/C/network-auth.xml:1764(para)
15264
15263
msgid ""
15265
15264
"From the menu, choose LDAP and any other authentication mechanisms you need."
15266
15265
msgstr ""
15267
15266
15268
#: serverguide/C/network-auth.xml:1761(para)
15267
#: serverguide/C/network-auth.xml:1768(para)
15269
15268
msgid "You should now be able to log in using LDAP-based credentials."
15270
15269
msgstr ""
15271
15270
15272
#: serverguide/C/network-auth.xml:1765(para)
15271
#: serverguide/C/network-auth.xml:1772(para)
15273
15272
msgid ""
15274
15273
"LDAP clients will need to refer to multiple servers if replication is in "
15275
15274
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15276
15275
msgstr ""
15277
15276
15278
#: serverguide/C/network-auth.xml:1770(programlisting)
15277
#: serverguide/C/network-auth.xml:1777(programlisting)
15279
15278
#, no-wrap
15280
15279
msgid ""
15281
15280
"\n"
15282
15281
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15283
15282
msgstr ""
15284
15283
15285
#: serverguide/C/network-auth.xml:1774(para)
15284
#: serverguide/C/network-auth.xml:1781(para)
15286
15285
msgid ""
15287
15286
"The request will time out and the Consumer (ldap02) will attempt to be "
15288
15287
"reached if the Provider (ldap01) becomes unresponsive."
15289
15288
msgstr ""
15290
15289
15291
#: serverguide/C/network-auth.xml:1778(para)
15290
#: serverguide/C/network-auth.xml:1785(para)
15292
15291
msgid ""
15293
15292
"If you are going to use LDAP to store Samba users you will need to configure "
15294
15293
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15295
15294
"ldap\"/> for details."
15296
15295
msgstr ""
15297
15296
15298
#: serverguide/C/network-auth.xml:1784(para)
15297
#: serverguide/C/network-auth.xml:1791(para)
15299
15298
msgid ""
15300
15299
"An alternative to the <application>libnss-ldap</application> package is the "
15301
15300
"<application>libnss-ldapd</application> package. This, however, will bring "
15303
15302
"wanted. Simply remove it afterwards."
15304
15303
msgstr ""
15305
15304
15306
#: serverguide/C/network-auth.xml:1794(title)
15305
#: serverguide/C/network-auth.xml:1801(title)
15307
15306
msgid "User and Group Management"
15308
15307
msgstr ""
15309
15308
15310
#: serverguide/C/network-auth.xml:1796(para)
15309
#: serverguide/C/network-auth.xml:1803(para)
15311
15310
msgid ""
15312
15311
"The <application>ldap-utils</application> package comes with enough "
15313
15312
"utilities to manage the directory but the long string of options needed can "
15316
15315
"easier to use."
15317
15316
msgstr ""
15318
15317
15319
#: serverguide/C/network-auth.xml:1802(para)
15318
#: serverguide/C/network-auth.xml:1809(para)
15320
15319
msgid "Install the package:"
15321
15320
msgstr ""
15322
15321
15323
#: serverguide/C/network-auth.xml:1807(command)
15322
#: serverguide/C/network-auth.xml:1814(command)
15324
15323
msgid "sudo apt-get install ldapscripts"
15325
15324
msgstr ""
15326
15325
15327
#: serverguide/C/network-auth.xml:1810(para)
15326
#: serverguide/C/network-auth.xml:1817(para)
15328
15327
msgid ""
15329
15328
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15330
15329
"arrive at something similar to the following:"
15331
15330
msgstr ""
15332
15331
15333
#: serverguide/C/network-auth.xml:1814(programlisting)
15332
#: serverguide/C/network-auth.xml:1821(programlisting)
15334
15333
#, no-wrap
15335
15334
msgid ""
15336
15335
"\n"
15346
15345
"MIDSTART=10000\n"
15347
15346
msgstr ""
15348
15347
15349
#: serverguide/C/network-auth.xml:1827(para)
15348
#: serverguide/C/network-auth.xml:1834(para)
15350
15349
msgid ""
15351
15350
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15352
15351
"access to the directory:"
15353
15352
msgstr ""
15354
15353
15355
#: serverguide/C/network-auth.xml:1832(command)
15354
#: serverguide/C/network-auth.xml:1839(command)
15356
15355
msgid ""
15357
15356
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15358
15357
msgstr ""
15359
15358
15360
#: serverguide/C/network-auth.xml:1833(command)
15359
#: serverguide/C/network-auth.xml:1840(command)
15361
15360
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15362
15361
msgstr ""
15363
15362
15364
#: serverguide/C/network-auth.xml:1837(para)
15363
#: serverguide/C/network-auth.xml:1844(para)
15365
15364
msgid ""
15366
15365
"Replace <quote>secret</quote> with the actual password for your database's "
15367
15366
"rootDN user."
15368
15367
msgstr ""
15369
15368
15370
#: serverguide/C/network-auth.xml:1842(para)
15369
#: serverguide/C/network-auth.xml:1849(para)
15371
15370
msgid ""
15372
15371
"The scripts are now ready to help manage your directory. Here are some "
15373
15372
"examples of how to use them:"
15374
15373
msgstr ""
15375
15374
15376
#: serverguide/C/network-auth.xml:1849(para)
15375
#: serverguide/C/network-auth.xml:1856(para)
15377
15376
msgid "Create a new user:"
15378
15377
msgstr ""
15379
15378
15380
#: serverguide/C/network-auth.xml:1854(command)
15379
#: serverguide/C/network-auth.xml:1861(command)
15381
15380
msgid "sudo ldapadduser george example"
15382
15381
msgstr ""
15383
15382
15384
#: serverguide/C/network-auth.xml:1857(para)
15383
#: serverguide/C/network-auth.xml:1864(para)
15385
15384
msgid ""
15386
15385
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15387
15386
"and set the user's primary group (gid) to <emphasis "
15388
15387
"role=\"italic\">example</emphasis>"
15389
15388
msgstr ""
15390
15389
15391
#: serverguide/C/network-auth.xml:1864(para)
15390
#: serverguide/C/network-auth.xml:1871(para)
15392
15391
msgid "Change a user's password:"
15393
15392
msgstr ""
15394
15393
15395
#: serverguide/C/network-auth.xml:1869(command)
15394
#: serverguide/C/network-auth.xml:1876(command)
15396
15395
msgid "sudo ldapsetpasswd george"
15397
15396
msgstr ""
15398
15397
15399
#: serverguide/C/network-auth.xml:1870(computeroutput)
15398
#: serverguide/C/network-auth.xml:1877(computeroutput)
15400
15399
#, no-wrap
15401
15400
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15402
15401
msgstr ""
15403
15402
15404
#: serverguide/C/network-auth.xml:1871(userinput)
15403
#: serverguide/C/network-auth.xml:1878(userinput)
15405
15404
#, no-wrap
15406
15405
msgid "New Password: "
15407
15406
msgstr ""
15408
15407
15409
#: serverguide/C/network-auth.xml:1872(userinput)
15408
#: serverguide/C/network-auth.xml:1879(userinput)
15410
15409
#, no-wrap
15411
15410
msgid "New Password (verify): "
15412
15411
msgstr ""
15413
15412
15414
#: serverguide/C/network-auth.xml:1878(para)
15413
#: serverguide/C/network-auth.xml:1885(para)
15415
15414
msgid "Delete a user:"
15416
15415
msgstr ""
15417
15416
15418
#: serverguide/C/network-auth.xml:1883(command)
15417
#: serverguide/C/network-auth.xml:1890(command)
15419
15418
msgid "sudo ldapdeleteuser george"
15420
15419
msgstr ""
15421
15420
15422
#: serverguide/C/network-auth.xml:1889(para)
15421
#: serverguide/C/network-auth.xml:1896(para)
15423
15422
msgid "Add a group:"
15424
15423
msgstr ""
15425
15424
15426
#: serverguide/C/network-auth.xml:1894(command)
15425
#: serverguide/C/network-auth.xml:1901(command)
15427
15426
msgid "sudo ldapaddgroup qa"
15428
15427
msgstr ""
15429
15428
15430
#: serverguide/C/network-auth.xml:1900(para)
15429
#: serverguide/C/network-auth.xml:1907(para)
15431
15430
msgid "Delete a group:"
15432
15431
msgstr ""
15433
15432
15434
#: serverguide/C/network-auth.xml:1905(command)
15433
#: serverguide/C/network-auth.xml:1912(command)
15435
15434
msgid "sudo ldapdeletegroup qa"
15436
15435
msgstr ""
15437
15436
15438
#: serverguide/C/network-auth.xml:1911(para)
15437
#: serverguide/C/network-auth.xml:1918(para)
15439
15438
msgid "Add a user to a group:"
15440
15439
msgstr ""
15441
15440
15442
#: serverguide/C/network-auth.xml:1916(command)
15441
#: serverguide/C/network-auth.xml:1923(command)
15443
15442
msgid "sudo ldapaddusertogroup george qa"
15444
15443
msgstr ""
15445
15444
15446
#: serverguide/C/network-auth.xml:1919(para)
15445
#: serverguide/C/network-auth.xml:1926(para)
15447
15446
msgid ""
15448
15447
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15449
15448
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15450
15449
"role=\"italic\">george</emphasis>."
15451
15450
msgstr ""
15452
15451
15453
#: serverguide/C/network-auth.xml:1926(para)
15452
#: serverguide/C/network-auth.xml:1933(para)
15454
15453
msgid "Remove a user from a group:"
15455
15454
msgstr ""
15456
15455
15457
#: serverguide/C/network-auth.xml:1931(command)
15456
#: serverguide/C/network-auth.xml:1938(command)
15458
15457
msgid "sudo ldapdeleteuserfromgroup george qa"
15459
15458
msgstr ""
15460
15459
15461
#: serverguide/C/network-auth.xml:1934(para)
15460
#: serverguide/C/network-auth.xml:1941(para)
15462
15461
msgid ""
15463
15462
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15464
15463
"<emphasis role=\"italic\">qa</emphasis> group."
15465
15464
msgstr ""
15466
15465
15467
#: serverguide/C/network-auth.xml:1941(para)
15466
#: serverguide/C/network-auth.xml:1948(para)
15468
15467
msgid ""
15469
15468
"The <application>ldapmodifyuser</application> script allows you to add, "
15470
15469
"remove, or replace a user's attributes. The script uses the same syntax as "
15471
15470
"the <application>ldapmodify</application> utility. For example:"
15472
15471
msgstr ""
15473
15472
15474
#: serverguide/C/network-auth.xml:1947(command)
15473
#: serverguide/C/network-auth.xml:1954(command)
15475
15474
msgid "sudo ldapmodifyuser george"
15476
15475
msgstr ""
15477
15476
15478
#: serverguide/C/network-auth.xml:1948(computeroutput)
15477
#: serverguide/C/network-auth.xml:1955(computeroutput)
15479
15478
#, no-wrap
15480
15479
msgid ""
15481
15480
"# About to modify the following entry :\n"
15496
15495
"dn: uid=george,ou=People,dc=example,dc=com"
15497
15496
msgstr ""
15498
15497
15499
#: serverguide/C/network-auth.xml:1964(userinput)
15498
#: serverguide/C/network-auth.xml:1971(userinput)
15500
15499
#, no-wrap
15501
15500
msgid ""
15502
15501
"replace: gecos\n"
15503
15502
"gecos: George Carlin"
15504
15503
msgstr ""
15505
15504
15506
#: serverguide/C/network-auth.xml:1968(para)
15505
#: serverguide/C/network-auth.xml:1975(para)
15507
15506
msgid ""
15508
15507
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15509
15508
"Carlin</quote>."
15510
15509
msgstr ""
15511
15510
15512
#: serverguide/C/network-auth.xml:1979(para)
15511
#: serverguide/C/network-auth.xml:1981(para)
15513
15512
msgid ""
15514
15513
"A nice feature of <application>ldapscripts</application> is the template "
15515
15514
"system. Templates allow you to customize the attributes of user, group, and "
15518
15517
"changing:"
15519
15518
msgstr ""
15520
15519
15521
#: serverguide/C/network-auth.xml:1980(programlisting)
15520
#: serverguide/C/network-auth.xml:1987(programlisting)
15522
15521
#, no-wrap
15523
15522
msgid ""
15524
15523
"\n"
15525
15524
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15526
15525
msgstr ""
15527
15526
15528
#: serverguide/C/network-auth.xml:1984(para)
15527
#: serverguide/C/network-auth.xml:1991(para)
15529
15528
msgid ""
15530
15529
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15531
15530
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15533
15532
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15534
15533
msgstr ""
15535
15534
15536
#: serverguide/C/network-auth.xml:1991(command)
15535
#: serverguide/C/network-auth.xml:1998(command)
15537
15536
msgid ""
15538
15537
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15539
15538
"/etc/ldapscripts/ldapadduser.template"
15540
15539
msgstr ""
15541
15540
15542
#: serverguide/C/network-auth.xml:1995(para)
15541
#: serverguide/C/network-auth.xml:2002(para)
15543
15542
msgid ""
15544
15543
"Edit the new template to add the desired attributes. The following will "
15545
15544
"create new users with an objectClass of inetOrgPerson:"
15546
15545
msgstr ""
15547
15546
15548
#: serverguide/C/network-auth.xml:2000(programlisting)
15547
#: serverguide/C/network-auth.xml:2007(programlisting)
15549
15548
#, no-wrap
15550
15549
msgid ""
15551
15550
"\n"
15564
15563
"title: Employee\n"
15565
15564
msgstr ""
15566
15565
15567
#: serverguide/C/network-auth.xml:2016(para)
15566
#: serverguide/C/network-auth.xml:2023(para)
15568
15567
msgid ""
15569
15568
"Notice the <emphasis><ask></emphasis> option used for the "
15570
15569
"<emphasis>sn</emphasis> attribute. This will make "
15571
15570
"<application>ldapadduser</application> prompt you for its value."
15572
15571
msgstr ""
15573
15572
15574
#: serverguide/C/network-auth.xml:2024(para)
15573
#: serverguide/C/network-auth.xml:2031(para)
15575
15574
msgid ""
15576
15575
"There are utilities in the package that were not covered here. Here is a "
15577
15576
"complete list:"
15578
15577
msgstr ""
15579
15578
15580
#: serverguide/C/network-auth.xml:2029(ulink)
15579
#: serverguide/C/network-auth.xml:2036(ulink)
15581
15580
msgid "ldaprenamemachine"
15582
15581
msgstr ""
15583
15582
15584
#: serverguide/C/network-auth.xml:2030(ulink)
15583
#: serverguide/C/network-auth.xml:2037(ulink)
15585
15584
msgid "ldapadduser"
15586
15585
msgstr ""
15587
15586
15588
#: serverguide/C/network-auth.xml:2031(ulink)
15587
#: serverguide/C/network-auth.xml:2038(ulink)
15589
15588
msgid "ldapdeleteuserfromgroup"
15590
15589
msgstr ""
15591
15590
15592
#: serverguide/C/network-auth.xml:2032(ulink)
15591
#: serverguide/C/network-auth.xml:2039(ulink)
15593
15592
msgid "ldapfinger"
15594
15593
msgstr ""
15595
15594
15596
#: serverguide/C/network-auth.xml:2033(ulink)
15595
#: serverguide/C/network-auth.xml:2040(ulink)
15597
15596
msgid "ldapid"
15598
15597
msgstr ""
15599
15598
15600
#: serverguide/C/network-auth.xml:2034(ulink)
15599
#: serverguide/C/network-auth.xml:2041(ulink)
15601
15600
msgid "ldapgid"
15602
15601
msgstr ""
15603
15602
15604
#: serverguide/C/network-auth.xml:2035(ulink)
15603
#: serverguide/C/network-auth.xml:2042(ulink)
15605
15604
msgid "ldapmodifyuser"
15606
15605
msgstr ""
15607
15606
15608
#: serverguide/C/network-auth.xml:2036(ulink)
15607
#: serverguide/C/network-auth.xml:2043(ulink)
15609
15608
msgid "ldaprenameuser"
15610
15609
msgstr ""
15611
15610
15612
#: serverguide/C/network-auth.xml:2037(ulink)
15611
#: serverguide/C/network-auth.xml:2044(ulink)
15613
15612
msgid "lsldap"
15614
15613
msgstr ""
15615
15614
15616
#: serverguide/C/network-auth.xml:2038(ulink)
15615
#: serverguide/C/network-auth.xml:2045(ulink)
15617
15616
msgid "ldapaddusertogroup"
15618
15617
msgstr ""
15619
15618
15620
#: serverguide/C/network-auth.xml:2039(ulink)
15619
#: serverguide/C/network-auth.xml:2046(ulink)
15621
15620
msgid "ldapsetpasswd"
15622
15621
msgstr ""
15623
15622
15624
#: serverguide/C/network-auth.xml:2040(ulink)
15623
#: serverguide/C/network-auth.xml:2047(ulink)
15625
15624
msgid "ldapinit"
15626
15625
msgstr ""
15627
15626
15628
#: serverguide/C/network-auth.xml:2041(ulink)
15627
#: serverguide/C/network-auth.xml:2048(ulink)
15629
15628
msgid "ldapaddgroup"
15630
15629
msgstr ""
15631
15630
15632
#: serverguide/C/network-auth.xml:2042(ulink)
15631
#: serverguide/C/network-auth.xml:2049(ulink)
15633
15632
msgid "ldapdeletegroup"
15634
15633
msgstr ""
15635
15634
15636
#: serverguide/C/network-auth.xml:2043(ulink)
15635
#: serverguide/C/network-auth.xml:2050(ulink)
15637
15636
msgid "ldapmodifygroup"
15638
15637
msgstr ""
15639
15638
15640
#: serverguide/C/network-auth.xml:2044(ulink)
15639
#: serverguide/C/network-auth.xml:2051(ulink)
15641
15640
msgid "ldapdeletemachine"
15642
15641
msgstr ""
15643
15642
15644
#: serverguide/C/network-auth.xml:2045(ulink)
15643
#: serverguide/C/network-auth.xml:2052(ulink)
15645
15644
msgid "ldaprenamegroup"
15646
15645
msgstr ""
15647
15646
15648
#: serverguide/C/network-auth.xml:2046(ulink)
15647
#: serverguide/C/network-auth.xml:2053(ulink)
15649
15648
msgid "ldapaddmachine"
15650
15649
msgstr ""
15651
15650
15652
#: serverguide/C/network-auth.xml:2047(ulink)
15651
#: serverguide/C/network-auth.xml:2054(ulink)
15653
15652
msgid "ldapmodifymachine"
15654
15653
msgstr ""
15655
15654
15656
#: serverguide/C/network-auth.xml:2048(ulink)
15655
#: serverguide/C/network-auth.xml:2055(ulink)
15657
15656
msgid "ldapsetprimarygroup"
15658
15657
msgstr ""
15659
15658
15660
#: serverguide/C/network-auth.xml:2049(ulink)
15659
#: serverguide/C/network-auth.xml:2056(ulink)
15661
15660
msgid "ldapdeleteuser"
15662
15661
msgstr ""
15663
15662
15664
#: serverguide/C/network-auth.xml:2055(title)
15663
#: serverguide/C/network-auth.xml:2062(title)
15665
15664
msgid "Backup and Restore"
15666
15665
msgstr ""
15667
15666
15668
#: serverguide/C/network-auth.xml:2057(para)
15667
#: serverguide/C/network-auth.xml:2064(para)
15669
15668
msgid ""
15670
15669
"Now we have ldap running just the way we want, it is time to ensure we can "
15671
15670
"save all of our work and restore it as needed."
15672
15671
msgstr ""
15673
15672
15674
#: serverguide/C/network-auth.xml:2062(para)
15673
#: serverguide/C/network-auth.xml:2069(para)
15675
15674
msgid ""
15676
15675
"What we need is a way to backup the ldap database(s), specifically the "
15677
15676
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15680
15679
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15681
15680
msgstr ""
15682
15681
15683
#: serverguide/C/network-auth.xml:2072(programlisting)
15682
#: serverguide/C/network-auth.xml:2079(programlisting)
15684
15683
#, no-wrap
15685
15684
msgid ""
15686
15685
"\n"
15695
15694
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
15696
15695
msgstr ""
15697
15696
15698
#: serverguide/C/network-auth.xml:2085(para)
15697
#: serverguide/C/network-auth.xml:2092(para)
15699
15698
msgid ""
15700
15699
"These files are uncompressed text files containing everything in your ldap "
15701
15700
"databases including the tree layout, usernames, and every password. So, you "
15705
15704
"requirements."
15706
15705
msgstr ""
15707
15706
15708
#: serverguide/C/network-auth.xml:2096(para)
15707
#: serverguide/C/network-auth.xml:2103(para)
15709
15708
msgid ""
15710
15709
"Then, it is just a matter of having a cron script to run this program as "
15711
15710
"often as we feel comfortable with. For many, once a day suffices. For "
15714
15713
"22:45h:"
15715
15714
msgstr ""
15716
15715
15717
#: serverguide/C/network-auth.xml:2104(programlisting)
15716
#: serverguide/C/network-auth.xml:2111(programlisting)
15718
15717
#, no-wrap
15719
15718
msgid ""
15720
15719
"\n"
15722
15721
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15723
15722
msgstr ""
15724
15723
15725
#: serverguide/C/network-auth.xml:2109(para)
15724
#: serverguide/C/network-auth.xml:2116(para)
15726
15725
msgid "Now the files are created, they should be copied to a backup server."
15727
15726
msgstr ""
15728
15727
15729
#: serverguide/C/network-auth.xml:2114(para)
15728
#: serverguide/C/network-auth.xml:2121(para)
15730
15729
msgid ""
15731
15730
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15732
15731
"something like this:"
15733
15732
msgstr ""
15734
15733
15735
#: serverguide/C/network-auth.xml:2120(command)
15734
#: serverguide/C/network-auth.xml:2127(command)
15736
15735
msgid "sudo service slapd stop"
15737
15736
msgstr ""
15738
15737
15739
#: serverguide/C/network-auth.xml:2121(command)
15738
#: serverguide/C/network-auth.xml:2128(command)
15740
15739
msgid "sudo mkdir /var/lib/ldap/accesslog"
15741
15740
msgstr ""
15742
15741
15743
#: serverguide/C/network-auth.xml:2122(command)
15742
#: serverguide/C/network-auth.xml:2129(command)
15744
15743
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15745
15744
msgstr ""
15746
15745
15747
#: serverguide/C/network-auth.xml:2123(command)
15746
#: serverguide/C/network-auth.xml:2130(command)
15748
15747
msgid ""
15749
15748
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15750
15749
msgstr ""
15751
15750
15752
#: serverguide/C/network-auth.xml:2124(command)
15751
#: serverguide/C/network-auth.xml:2131(command)
15753
15752
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15754
15753
msgstr ""
15755
15754
15756
#: serverguide/C/network-auth.xml:2125(command)
15755
#: serverguide/C/network-auth.xml:2132(command)
15757
15756
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15758
15757
msgstr ""
15759
15758
15760
#: serverguide/C/network-auth.xml:2126(command)
15759
#: serverguide/C/network-auth.xml:2133(command)
15761
15760
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15762
15761
msgstr ""
15763
15762
15764
#: serverguide/C/network-auth.xml:2127(command)
15763
#: serverguide/C/network-auth.xml:2134(command)
15765
15764
msgid "sudo service slapd start"
15766
15765
msgstr ""
15767
15766
15768
#: serverguide/C/network-auth.xml:2138(para)
15767
#: serverguide/C/network-auth.xml:2145(para)
15769
15768
msgid ""
15770
15769
"The primary resource is the upstream documentation: <ulink "
15771
15770
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15772
15771
msgstr ""
15773
15772
15774
#: serverguide/C/network-auth.xml:2144(para)
15773
#: serverguide/C/network-auth.xml:2151(para)
15775
15774
msgid ""
15776
15775
"There are many man pages that come with the slapd package. Here are some "
15777
15776
"important ones, especially considering the material presented in this guide:"
15778
15777
msgstr ""
15779
15778
15780
#: serverguide/C/network-auth.xml:2150(ulink)
15779
#: serverguide/C/network-auth.xml:2157(ulink)
15781
15780
msgid "slapd"
15782
15781
msgstr ""
15783
15782
15784
#: serverguide/C/network-auth.xml:2151(ulink)
15783
#: serverguide/C/network-auth.xml:2158(ulink)
15785
15784
msgid "slapd-config"
15786
15785
msgstr ""
15787
15786
15788
#: serverguide/C/network-auth.xml:2152(ulink)
15787
#: serverguide/C/network-auth.xml:2159(ulink)
15789
15788
msgid "slapd.access"
15790
15789
msgstr ""
15791
15790
15792
#: serverguide/C/network-auth.xml:2153(ulink)
15791
#: serverguide/C/network-auth.xml:2160(ulink)
15793
15792
msgid "slapo-syncprov"
15794
15793
msgstr ""
15795
15794
15796
#: serverguide/C/network-auth.xml:2159(para)
15795
#: serverguide/C/network-auth.xml:2166(para)
15797
15796
msgid "Other man pages:"
15798
15797
msgstr ""
15799
15798
15800
#: serverguide/C/network-auth.xml:2164(ulink)
15799
#: serverguide/C/network-auth.xml:2171(ulink)
15801
15800
msgid "auth-client-config"
15802
15801
msgstr ""
15803
15802
15804
#: serverguide/C/network-auth.xml:2165(ulink)
15803
#: serverguide/C/network-auth.xml:2172(ulink)
15805
15804
msgid "pam-auth-update"
15806
15805
msgstr ""
15807
15806
15808
#: serverguide/C/network-auth.xml:2171(para)
15807
#: serverguide/C/network-auth.xml:2178(para)
15809
15808
msgid ""
15810
15809
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15811
15810
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15812
15811
msgstr ""
15813
15812
15814
#: serverguide/C/network-auth.xml:2177(para)
15813
#: serverguide/C/network-auth.xml:2184(para)
15815
15814
msgid ""
15816
15815
"A Ubuntu community <ulink "
15817
15816
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15818
15817
"wiki</ulink> page has a collection of notes"
15819
15818
msgstr ""
15820
15819
15821
#: serverguide/C/network-auth.xml:2183(para)
15820
#: serverguide/C/network-auth.xml:2190(para)
15822
15821
msgid ""
15823
15822
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15824
15823
"Administration</ulink> (textbook; 2003)"
15825
15824
msgstr ""
15826
15825
15827
#: serverguide/C/network-auth.xml:2189(para)
15826
#: serverguide/C/network-auth.xml:2196(para)
15828
15827
msgid ""
15829
15828
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15830
15829
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15831
15830
msgstr ""
15832
15831
15833
#: serverguide/C/network-auth.xml:2200(title)
15832
#: serverguide/C/network-auth.xml:2207(title)
15834
15833
msgid "Samba and LDAP"
15835
15834
msgstr ""
15836
15835
15837
#: serverguide/C/network-auth.xml:2202(para)
15836
#: serverguide/C/network-auth.xml:2209(para)
15838
15837
msgid ""
15839
15838
"This section covers the integration of Samba with LDAP. The Samba server's "
15840
15839
"role will be that of a \"standalone\" server and the LDAP directory will "
15847
15846
"specifically you want Samba to do for you and then configure it accordingly."
15848
15847
msgstr ""
15849
15848
15850
#: serverguide/C/network-auth.xml:2211(title)
15849
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:4000(title)
15851
15850
msgid "Software Installation"
15852
15851
msgstr ""
15853
15852
15854
#: serverguide/C/network-auth.xml:2213(para)
15853
#: serverguide/C/network-auth.xml:2220(para)
15855
15854
msgid ""
15856
15855
"There are three packages needed when integrating Samba with LDAP: "
15857
15856
"<application>samba</application>, <application>samba-doc</application>, and "
15858
15857
"<application>smbldap-tools</application> packages."
15859
15858
msgstr ""
15860
15859
15861
#: serverguide/C/network-auth.xml:2223(para)
15860
#: serverguide/C/network-auth.xml:2225(para)
15862
15861
msgid ""
15863
15862
"Strictly speaking, the <application>smbldap-tools</application> package "
15864
15863
"isn't needed, but unless you have some other way to manage the various Samba "
15866
15865
"install it."
15867
15866
msgstr ""
15868
15867
15869
#: serverguide/C/network-auth.xml:2223(para)
15868
#: serverguide/C/network-auth.xml:2230(para)
15870
15869
msgid "Install these packages now:"
15871
15870
msgstr ""
15872
15871
15873
#: serverguide/C/network-auth.xml:2228(command)
15872
#: serverguide/C/network-auth.xml:2235(command)
15874
15873
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15875
15874
msgstr ""
15876
15875
15877
#: serverguide/C/network-auth.xml:2234(title)
15876
#: serverguide/C/network-auth.xml:2241(title)
15878
15877
msgid "LDAP Configuration"
15879
15878
msgstr ""
15880
15879
15881
#: serverguide/C/network-auth.xml:2236(para)
15880
#: serverguide/C/network-auth.xml:2243(para)
15882
15881
msgid ""
15883
15882
"We will now configure the LDAP server so that it can accomodate Samba data. "
15884
15883
"We will perform three tasks in this section:"
15885
15884
msgstr ""
15886
15885
15887
#: serverguide/C/network-auth.xml:2243(para)
15886
#: serverguide/C/network-auth.xml:2250(para)
15888
15887
msgid "Import a schema"
15889
15888
msgstr ""
15890
15889
15891
#: serverguide/C/network-auth.xml:2247(para)
15890
#: serverguide/C/network-auth.xml:2254(para)
15892
15891
msgid "Index some entries"
15893
15892
msgstr ""
15894
15893
15895
#: serverguide/C/network-auth.xml:2251(para)
15894
#: serverguide/C/network-auth.xml:2258(para)
15896
15895
msgid "Add objects"
15897
15896
msgstr ""
15898
15897
15899
#: serverguide/C/network-auth.xml:2257(title)
15898
#: serverguide/C/network-auth.xml:2264(title)
15900
15899
msgid "Samba schema"
15901
15900
msgstr ""
15902
15901
15903
#: serverguide/C/network-auth.xml:2259(para)
15902
#: serverguide/C/network-auth.xml:2266(para)
15904
15903
msgid ""
15905
15904
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
15906
15905
"will need to use attributes that can properly describe Samba data. Such "
15908
15907
"now."
15909
15908
msgstr ""
15910
15909
15911
#: serverguide/C/network-auth.xml:2265(para)
15910
#: serverguide/C/network-auth.xml:2272(para)
15912
15911
msgid ""
15913
15912
"For more information on schemas and their installation see <xref "
15914
15913
"linkend=\"openldap-configuration\"/>."
15915
15914
msgstr ""
15916
15915
15917
#: serverguide/C/network-auth.xml:2273(para)
15916
#: serverguide/C/network-auth.xml:2280(para)
15918
15917
msgid ""
15919
15918
"The schema is found in the now-installed <application>samba-"
15920
15919
"doc</application> package. It needs to be unzipped and copied to the "
15921
15920
"<filename>/etc/ldap/schema</filename> directory:"
15922
15921
msgstr ""
15923
15922
15924
#: serverguide/C/network-auth.xml:2279(command)
15923
#: serverguide/C/network-auth.xml:2286(command)
15925
15924
msgid ""
15926
15925
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15927
15926
"/etc/ldap/schema"
15928
15927
msgstr ""
15929
15928
15930
#: serverguide/C/network-auth.xml:2280(command)
15929
#: serverguide/C/network-auth.xml:2287(command)
15931
15930
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15932
15931
msgstr ""
15933
15932
15934
#: serverguide/C/network-auth.xml:2286(para)
15933
#: serverguide/C/network-auth.xml:2293(para)
15935
15934
msgid ""
15936
15935
"Have the configuration file <filename>schema_convert.conf</filename> that "
15937
15936
"contains the following lines:"
15938
15937
msgstr ""
15939
15938
15940
#: serverguide/C/network-auth.xml:2290(programlisting)
15939
#: serverguide/C/network-auth.xml:2297(programlisting)
15941
15940
#, no-wrap
15942
15941
msgid ""
15943
15942
"\n"
15958
15957
"include /etc/ldap/schema/samba.schema\n"
15959
15958
msgstr ""
15960
15959
15961
#: serverguide/C/network-auth.xml:2311(para)
15960
#: serverguide/C/network-auth.xml:2318(para)
15962
15961
msgid "Have the directory <filename>ldif_output</filename> hold output."
15963
15962
msgstr ""
15964
15963
15965
#: serverguide/C/network-auth.xml:2322(command)
15964
#: serverguide/C/network-auth.xml:2329(command)
15966
15965
msgid ""
15967
15966
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
15968
15967
msgstr ""
15969
15968
15970
#: serverguide/C/network-auth.xml:2323(computeroutput)
15969
#: serverguide/C/network-auth.xml:2330(computeroutput)
15971
15970
#, no-wrap
15972
15971
msgid ""
15973
15972
"\n"
15974
15973
"dn: cn={14}samba,cn=schema,cn=config\n"
15975
15974
msgstr ""
15976
15975
15977
#: serverguide/C/network-auth.xml:2331(para)
15976
#: serverguide/C/network-auth.xml:2338(para)
15978
15977
msgid "Convert the schema to LDIF format:"
15979
15978
msgstr ""
15980
15979
15981
#: serverguide/C/network-auth.xml:2336(command)
15980
#: serverguide/C/network-auth.xml:2343(command)
15982
15981
msgid ""
15983
15982
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
15984
15983
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
15985
15984
msgstr ""
15986
15985
15987
#: serverguide/C/network-auth.xml:2343(para)
15986
#: serverguide/C/network-auth.xml:2350(para)
15988
15987
msgid ""
15989
15988
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
15990
15989
"information to arrive at:"
15991
15990
msgstr ""
15992
15991
15993
#: serverguide/C/network-auth.xml:2347(programlisting)
15992
#: serverguide/C/network-auth.xml:2354(programlisting)
15994
15993
#, no-wrap
15995
15994
msgid ""
15996
15995
"\n"
15999
15998
"cn: samba\n"
16000
15999
msgstr ""
16001
16000
16002
#: serverguide/C/network-auth.xml:2353(para)
16001
#: serverguide/C/network-auth.xml:2360(para)
16003
16002
msgid "Remove the bottom lines:"
16004
16003
msgstr ""
16005
16004
16006
#: serverguide/C/network-auth.xml:2357(programlisting)
16005
#: serverguide/C/network-auth.xml:2364(programlisting)
16007
16006
#, no-wrap
16008
16007
msgid ""
16009
16008
"\n"
16016
16015
"modifyTimestamp: 20080827045234Z\n"
16017
16016
msgstr ""
16018
16017
16019
#: serverguide/C/network-auth.xml:2373(para)
16018
#: serverguide/C/network-auth.xml:2380(para)
16020
16019
msgid "Add the new schema:"
16021
16020
msgstr ""
16022
16021
16023
#: serverguide/C/network-auth.xml:2378(command)
16022
#: serverguide/C/network-auth.xml:2385(command)
16024
16023
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16025
16024
msgstr ""
16026
16025
16027
#: serverguide/C/network-auth.xml:2381(para)
16026
#: serverguide/C/network-auth.xml:2388(para)
16028
16027
msgid "To query and view this new schema:"
16029
16028
msgstr ""
16030
16029
16031
#: serverguide/C/network-auth.xml:2386(command)
16030
#: serverguide/C/network-auth.xml:2393(command)
16032
16031
msgid ""
16033
16032
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16034
16033
"'cn=*samba*'"
16035
16034
msgstr ""
16036
16035
16037
#: serverguide/C/network-auth.xml:2396(title)
16036
#: serverguide/C/network-auth.xml:2403(title)
16038
16037
msgid "Samba indices"
16039
16038
msgstr ""
16040
16039
16041
#: serverguide/C/network-auth.xml:2398(para)
16040
#: serverguide/C/network-auth.xml:2405(para)
16042
16041
msgid ""
16043
16042
"Now that slapd knows about the Samba attributes, we can set up some indices "
16044
16043
"based on them. Indexing entries is a way to improve performance when a "
16045
16044
"client performs a filtered search on the DIT."
16046
16045
msgstr ""
16047
16046
16048
#: serverguide/C/network-auth.xml:2403(para)
16047
#: serverguide/C/network-auth.xml:2410(para)
16049
16048
msgid ""
16050
16049
"Create the file <filename>samba_indices.ldif</filename> with the following "
16051
16050
"contents:"
16052
16051
msgstr ""
16053
16052
16054
#: serverguide/C/network-auth.xml:2407(programlisting)
16053
#: serverguide/C/network-auth.xml:2414(programlisting)
16055
16054
#, no-wrap
16056
16055
msgid ""
16057
16056
"\n"
16072
16071
"olcDbIndex: default sub\n"
16073
16072
msgstr ""
16074
16073
16075
#: serverguide/C/network-auth.xml:2425(para)
16074
#: serverguide/C/network-auth.xml:2432(para)
16076
16075
msgid ""
16077
16076
"Using the <application>ldapmodify</application> utility load the new indices:"
16078
16077
msgstr ""
16079
16078
16080
#: serverguide/C/network-auth.xml:2430(command)
16079
#: serverguide/C/network-auth.xml:2437(command)
16081
16080
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16082
16081
msgstr ""
16083
16082
16084
#: serverguide/C/network-auth.xml:2433(para)
16083
#: serverguide/C/network-auth.xml:2440(para)
16085
16084
msgid ""
16086
16085
"If all went well you should see the new indices using "
16087
16086
"<application>ldapsearch</application>:"
16088
16087
msgstr ""
16089
16088
16090
#: serverguide/C/network-auth.xml:2438(command)
16089
#: serverguide/C/network-auth.xml:2445(command)
16091
16090
msgid ""
16092
16091
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16093
16092
"olcDatabase={1}hdb olcDbIndex"
16094
16093
msgstr ""
16095
16094
16096
#: serverguide/C/network-auth.xml:2445(title)
16095
#: serverguide/C/network-auth.xml:2452(title)
16097
16096
msgid "Adding Samba LDAP objects"
16098
16097
msgstr ""
16099
16098
16100
#: serverguide/C/network-auth.xml:2452(para)
16099
#: serverguide/C/network-auth.xml:2454(para)
16101
16100
msgid ""
16102
16101
"Next, configure the <application>smbldap-tools</application> package to "
16103
16102
"match your environment. The package is supposed to come with a configuration "
16108
16107
"smbldap-tools')."
16109
16108
msgstr ""
16110
16109
16111
#: serverguide/C/network-auth.xml:2459(para)
16110
#: serverguide/C/network-auth.xml:2461(para)
16112
16111
msgid ""
16113
16112
"To manually configure the package, you need to create and edit the files "
16114
16113
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16115
16114
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16116
16115
msgstr ""
16117
16116
16118
#: serverguide/C/network-auth.xml:2464(para)
16117
#: serverguide/C/network-auth.xml:2466(para)
16119
16118
msgid ""
16120
16119
"The <application>smbldap-populate</application> script will then add the "
16121
16120
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16122
16121
"your DIT using <application>slapcat</application>:"
16123
16122
msgstr ""
16124
16123
16125
#: serverguide/C/network-auth.xml:2473(command)
16124
#: serverguide/C/network-auth.xml:2472(command)
16126
16125
msgid "sudo slapcat -l backup.ldif"
16127
16126
msgstr ""
16128
16127
16129
#: serverguide/C/network-auth.xml:2476(para)
16128
#: serverguide/C/network-auth.xml:2475(para)
16130
16129
msgid "Once you have a backup proceed to populate your directory:"
16131
16130
msgstr ""
16132
16131
16133
#: serverguide/C/network-auth.xml:2481(command)
16132
#: serverguide/C/network-auth.xml:2480(command)
16134
16133
msgid "sudo smbldap-populate"
16135
16134
msgstr ""
16136
16135
16137
#: serverguide/C/network-auth.xml:2484(para)
16136
#: serverguide/C/network-auth.xml:2483(para)
16138
16137
msgid ""
16139
16138
"You can create a LDIF file containing the new Samba objects by executing "
16140
16139
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16143
16142
"and import its data per usual."
16144
16143
msgstr ""
16145
16144
16146
#: serverguide/C/network-auth.xml:2490(para)
16145
#: serverguide/C/network-auth.xml:2489(para)
16147
16146
msgid ""
16148
16147
"Your LDAP directory now has the necessary information to authenticate Samba "
16149
16148
"users."
16150
16149
msgstr ""
16151
16150
16152
#: serverguide/C/network-auth.xml:2499(title)
16151
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4032(title)
16153
16152
msgid "Samba Configuration"
16154
16153
msgstr ""
16155
16154
16156
#: serverguide/C/network-auth.xml:2498(para)
16155
#: serverguide/C/network-auth.xml:2500(para)
16157
16156
msgid ""
16158
16157
"There are multiple ways to configure Samba. For details on some common "
16159
16158
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16162
16161
"adding some ldap-related ones:"
16163
16162
msgstr ""
16164
16163
16165
#: serverguide/C/network-auth.xml:2507(programlisting)
16164
#: serverguide/C/network-auth.xml:2506(programlisting)
16166
16165
#, no-wrap
16167
16166
msgid ""
16168
16167
"\n"
16182
16181
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16183
16182
msgstr ""
16184
16183
16185
#: serverguide/C/network-auth.xml:2524(para)
16184
#: serverguide/C/network-auth.xml:2523(para)
16186
16185
msgid "Change the values to match your environment."
16187
16186
msgstr ""
16188
16187
16189
#: serverguide/C/network-auth.xml:2528(para)
16188
#: serverguide/C/network-auth.xml:2527(para)
16190
16189
msgid "Restart <application>samba</application> to enable the new settings:"
16191
16190
msgstr ""
16192
16191
16193
#: serverguide/C/network-auth.xml:2537(para)
16192
#: serverguide/C/network-auth.xml:2536(para)
16194
16193
msgid ""
16195
16194
"Now inform Samba about the rootDN user's password (the one set during the "
16196
16195
"installation of the slapd package):"
16197
16196
msgstr ""
16198
16197
16199
#: serverguide/C/network-auth.xml:2542(command)
16198
#: serverguide/C/network-auth.xml:2541(command)
16200
16199
msgid "sudo smbpasswd -w password"
16201
16200
msgstr ""
16202
16201
16203
#: serverguide/C/network-auth.xml:2545(para)
16202
#: serverguide/C/network-auth.xml:2544(para)
16204
16203
msgid ""
16205
16204
"If you have existing LDAP users that you want to include in your new LDAP-"
16206
16205
"backed Samba they will, of course, also need to be given some of the extra "
16210
16209
"<application>libnss-ldap</application>):"
16211
16210
msgstr ""
16212
16211
16213
#: serverguide/C/network-auth.xml:2553(command)
16212
#: serverguide/C/network-auth.xml:2552(command)
16214
16213
msgid "sudo smbpasswd -a username"
16215
16214
msgstr ""
16216
16215
16217
#: serverguide/C/network-auth.xml:2556(para)
16216
#: serverguide/C/network-auth.xml:2555(para)
16218
16217
msgid ""
16219
16218
"You will prompted to enter a password. It will be considered as the new "
16220
16219
"password for that user. Making it the same as before is reasonable."
16221
16220
msgstr ""
16222
16221
16223
#: serverguide/C/network-auth.xml:2560(para)
16222
#: serverguide/C/network-auth.xml:2559(para)
16224
16223
msgid ""
16225
16224
"To manage user, group, and machine accounts use the utilities provided by "
16226
16225
"the <application>smbldap-tools</application> package. Here are some examples:"
16227
16226
msgstr ""
16228
16227
16229
#: serverguide/C/network-auth.xml:2568(para)
16228
#: serverguide/C/network-auth.xml:2567(para)
16230
16229
msgid "To add a new user:"
16231
16230
msgstr ""
16232
16231
16233
#: serverguide/C/network-auth.xml:2573(command)
16232
#: serverguide/C/network-auth.xml:2572(command)
16234
16233
msgid "sudo smbldap-useradd -a -P username"
16235
16234
msgstr ""
16236
16235
16237
#: serverguide/C/network-auth.xml:2576(para)
16236
#: serverguide/C/network-auth.xml:2575(para)
16238
16237
msgid ""
16239
16238
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16240
16239
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16242
16241
"a password for the user."
16243
16242
msgstr ""
16244
16243
16245
#: serverguide/C/network-auth.xml:2583(para)
16244
#: serverguide/C/network-auth.xml:2582(para)
16246
16245
msgid "To remove a user:"
16247
16246
msgstr ""
16248
16247
16249
#: serverguide/C/network-auth.xml:2588(command)
16248
#: serverguide/C/network-auth.xml:2587(command)
16250
16249
msgid "sudo smbldap-userdel username"
16251
16250
msgstr ""
16252
16251
16253
#: serverguide/C/network-auth.xml:2591(para)
16252
#: serverguide/C/network-auth.xml:2590(para)
16254
16253
msgid ""
16255
16254
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16256
16255
"user's home directory."
16257
16256
msgstr ""
16258
16257
16259
#: serverguide/C/network-auth.xml:2597(para)
16258
#: serverguide/C/network-auth.xml:2596(para)
16260
16259
msgid "To add a group:"
16261
16260
msgstr ""
16262
16261
16263
#: serverguide/C/network-auth.xml:2602(command)
16262
#: serverguide/C/network-auth.xml:2601(command)
16264
16263
msgid "sudo smbldap-groupadd -a groupname"
16265
16264
msgstr ""
16266
16265
16267
#: serverguide/C/network-auth.xml:2605(para)
16266
#: serverguide/C/network-auth.xml:2604(para)
16268
16267
msgid ""
16269
16268
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16270
16269
"a</emphasis> adds the Samba attributes."
16271
16270
msgstr ""
16272
16271
16273
#: serverguide/C/network-auth.xml:2611(para)
16272
#: serverguide/C/network-auth.xml:2610(para)
16274
16273
msgid "To make an existing user a member of a group:"
16275
16274
msgstr ""
16276
16275
16277
#: serverguide/C/network-auth.xml:2616(command)
16276
#: serverguide/C/network-auth.xml:2615(command)
16278
16277
msgid "sudo smbldap-groupmod -m username groupname"
16279
16278
msgstr ""
16280
16279
16281
#: serverguide/C/network-auth.xml:2619(para)
16280
#: serverguide/C/network-auth.xml:2618(para)
16282
16281
msgid ""
16283
16282
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16284
16283
"listing them in comma-separated format."
16285
16284
msgstr ""
16286
16285
16287
#: serverguide/C/network-auth.xml:2625(para)
16286
#: serverguide/C/network-auth.xml:2624(para)
16288
16287
msgid "To remove a user from a group:"
16289
16288
msgstr ""
16290
16289
16291
#: serverguide/C/network-auth.xml:2630(command)
16290
#: serverguide/C/network-auth.xml:2629(command)
16292
16291
msgid "sudo smbldap-groupmod -x username groupname"
16293
16292
msgstr ""
16294
16293
16295
#: serverguide/C/network-auth.xml:2636(para)
16294
#: serverguide/C/network-auth.xml:2635(para)
16296
16295
msgid "To add a Samba machine account:"
16297
16296
msgstr ""
16298
16297
16299
#: serverguide/C/network-auth.xml:2641(command)
16298
#: serverguide/C/network-auth.xml:2640(command)
16300
16299
msgid "sudo smbldap-useradd -t 0 -w username"
16301
16300
msgstr ""
16302
16301
16303
#: serverguide/C/network-auth.xml:2644(para)
16302
#: serverguide/C/network-auth.xml:2643(para)
16304
16303
msgid ""
16305
16304
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16306
16305
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16310
16309
"<application>smbldap-useradd</application>."
16311
16310
msgstr ""
16312
16311
16313
#: serverguide/C/network-auth.xml:2653(para)
16312
#: serverguide/C/network-auth.xml:2652(para)
16314
16313
msgid ""
16315
16314
"There are utilities in the <application>smbldap-tools</application> package "
16316
16315
"that were not covered here. Here is a complete list:"
16317
16316
msgstr ""
16318
16317
16318
#: serverguide/C/network-auth.xml:2657(ulink)
16319
msgid "smbldap-groupadd"
16320
msgstr ""
16321
16319
16322
#: serverguide/C/network-auth.xml:2658(ulink)
16320
msgid "smbldap-groupadd"
16323
msgid "smbldap-groupdel"
16321
16324
msgstr ""
16322
16325
16323
16326
#: serverguide/C/network-auth.xml:2659(ulink)
16324
msgid "smbldap-groupdel"
16327
msgid "smbldap-groupmod"
16325
16328
msgstr ""
16326
16329
16327
16330
#: serverguide/C/network-auth.xml:2660(ulink)
16328
msgid "smbldap-groupmod"
16331
msgid "smbldap-groupshow"
16329
16332
msgstr ""
16330
16333
16331
16334
#: serverguide/C/network-auth.xml:2661(ulink)
16332
msgid "smbldap-groupshow"
16335
msgid "smbldap-passwd"
16333
16336
msgstr ""
16334
16337
16335
16338
#: serverguide/C/network-auth.xml:2662(ulink)
16336
msgid "smbldap-passwd"
16339
msgid "smbldap-populate"
16337
16340
msgstr ""
16338
16341
16339
16342
#: serverguide/C/network-auth.xml:2663(ulink)
16340
msgid "smbldap-populate"
16343
msgid "smbldap-useradd"
16341
16344
msgstr ""
16342
16345
16343
16346
#: serverguide/C/network-auth.xml:2664(ulink)
16344
msgid "smbldap-useradd"
16347
msgid "smbldap-userdel"
16345
16348
msgstr ""
16346
16349
16347
16350
#: serverguide/C/network-auth.xml:2665(ulink)
16348
msgid "smbldap-userdel"
16351
msgid "smbldap-userinfo"
16349
16352
msgstr ""
16350
16353
16351
16354
#: serverguide/C/network-auth.xml:2666(ulink)
16352
msgid "smbldap-userinfo"
16355
msgid "smbldap-userlist"
16353
16356
msgstr ""
16354
16357
16355
16358
#: serverguide/C/network-auth.xml:2667(ulink)
16356
msgid "smbldap-userlist"
16359
msgid "smbldap-usermod"
16357
16360
msgstr ""
16358
16361
16359
16362
#: serverguide/C/network-auth.xml:2668(ulink)
16360
msgid "smbldap-usermod"
16361
msgstr ""
16362
16363
#: serverguide/C/network-auth.xml:2669(ulink)
16364
16363
msgid "smbldap-usershow"
16365
16364
msgstr ""
16366
16365
16367
#: serverguide/C/network-auth.xml:2677(para)
16366
#: serverguide/C/network-auth.xml:2679(para)
16368
16367
msgid ""
16369
16368
"For more information on installing and configuring Samba see <xref "
16370
16369
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16371
16370
msgstr ""
16372
16371
16373
#: serverguide/C/network-auth.xml:2686(para)
16372
#: serverguide/C/network-auth.xml:2685(para)
16374
16373
msgid ""
16375
16374
"There are multiple places where LDAP and Samba is documented in the upstream "
16376
16375
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16377
16376
"HOWTO Collection</ulink>."
16378
16377
msgstr ""
16379
16378
16380
#: serverguide/C/network-auth.xml:2693(para)
16379
#: serverguide/C/network-auth.xml:2692(para)
16381
16380
msgid ""
16382
16381
"Regarding the above, see specifically the <ulink "
16383
16382
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16384
16383
"Collection/passdb.html\">passdb section</ulink>."
16385
16384
msgstr ""
16386
16385
16387
#: serverguide/C/network-auth.xml:2699(para)
16386
#: serverguide/C/network-auth.xml:2698(para)
16388
16387
msgid ""
16389
16388
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16390
16389
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16391
16390
"valuable notes."
16392
16391
msgstr ""
16393
16392
16394
#: serverguide/C/network-auth.xml:2705(para)
16393
#: serverguide/C/network-auth.xml:2704(para)
16395
16394
msgid ""
16396
16395
"The main page of the <ulink "
16397
16396
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16399
16398
"prove useful."
16400
16399
msgstr ""
16401
16400
16402
#: serverguide/C/network-auth.xml:2718(title)
16401
#: serverguide/C/network-auth.xml:2717(title)
16403
16402
msgid "Kerberos"
16404
16403
msgstr ""
16405
16404
16406
#: serverguide/C/network-auth.xml:2720(para)
16405
#: serverguide/C/network-auth.xml:2719(para)
16407
16406
msgid ""
16408
16407
"<application>Kerberos</application> is a network authentication system based "
16409
16408
"on the principal of a trusted third party. The other two parties being the "
16412
16411
"network environment one step closer to being Single Sign On (SSO)."
16413
16412
msgstr ""
16414
16413
16415
#: serverguide/C/network-auth.xml:2726(para)
16414
#: serverguide/C/network-auth.xml:2725(para)
16416
16415
msgid ""
16417
16416
"This section covers installation and configuration of a Kerberos server, and "
16418
16417
"some example client configurations."
16419
16418
msgstr ""
16420
16419
16421
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16420
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16422
16421
msgid "Overview"
16423
16422
msgstr ""
16424
16423
16425
#: serverguide/C/network-auth.xml:2733(para)
16424
#: serverguide/C/network-auth.xml:2732(para)
16426
16425
msgid ""
16427
16426
"If you are new to Kerberos there are a few terms that are good to understand "
16428
16427
"before setting up a Kerberos server. Most of the terms will relate to things "
16429
16428
"you may be familiar with in other environments:"
16430
16429
msgstr ""
16431
16430
16432
#: serverguide/C/network-auth.xml:2740(para)
16431
#: serverguide/C/network-auth.xml:2739(para)
16433
16432
msgid ""
16434
16433
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16435
16434
"by servers need to be defined as Kerberos Principals."
16436
16435
msgstr ""
16437
16436
16438
#: serverguide/C/network-auth.xml:2745(para)
16437
#: serverguide/C/network-auth.xml:2744(para)
16439
16438
msgid ""
16440
16439
"<emphasis>Instances:</emphasis> are used for service principals and special "
16441
16440
"administrative principals."
16442
16441
msgstr ""
16443
16442
16444
#: serverguide/C/network-auth.xml:2750(para)
16443
#: serverguide/C/network-auth.xml:2749(para)
16445
16444
msgid ""
16446
16445
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16447
16446
"Kerberos installation. Think of it as the domain or group your hosts and "
16450
16449
"as the realm."
16451
16450
msgstr ""
16452
16451
16453
#: serverguide/C/network-auth.xml:2759(para)
16452
#: serverguide/C/network-auth.xml:2758(para)
16454
16453
msgid ""
16455
16454
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16456
16455
"a database of all principals, the authentication server, and the ticket "
16457
16456
"granting server. For each realm there must be at least one KDC."
16458
16457
msgstr ""
16459
16458
16460
#: serverguide/C/network-auth.xml:2765(para)
16459
#: serverguide/C/network-auth.xml:2764(para)
16461
16460
msgid ""
16462
16461
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16463
16462
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16464
16463
"password which is known only to the user and the KDC."
16465
16464
msgstr ""
16466
16465
16467
#: serverguide/C/network-auth.xml:2771(para)
16466
#: serverguide/C/network-auth.xml:2770(para)
16468
16467
msgid ""
16469
16468
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16470
16469
"clients upon request."
16471
16470
msgstr ""
16472
16471
16473
#: serverguide/C/network-auth.xml:2776(para)
16472
#: serverguide/C/network-auth.xml:2775(para)
16474
16473
msgid ""
16475
16474
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16476
16475
"One principal being a user and the other a service requested by the user. "
16478
16477
"authenticated session."
16479
16478
msgstr ""
16480
16479
16481
#: serverguide/C/network-auth.xml:2782(para)
16480
#: serverguide/C/network-auth.xml:2781(para)
16482
16481
msgid ""
16483
16482
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16484
16483
"principal database and contain the encryption key for a service or host."
16485
16484
msgstr ""
16486
16485
16487
#: serverguide/C/network-auth.xml:2789(para)
16486
#: serverguide/C/network-auth.xml:2788(para)
16488
16487
msgid ""
16489
16488
"To put the pieces together, a Realm has at least one KDC, preferably more "
16490
16489
"for redundancy, which contains a database of Principals. When a user "
16496
16495
"entering another username and password."
16497
16496
msgstr ""
16498
16497
16499
#: serverguide/C/network-auth.xml:2798(title)
16498
#: serverguide/C/network-auth.xml:2797(title)
16500
16499
msgid "Kerberos Server"
16501
16500
msgstr ""
16502
16501
16503
#: serverguide/C/network-auth.xml:2802(para)
16502
#: serverguide/C/network-auth.xml:2801(para)
16504
16503
msgid ""
16505
16504
"For this discussion, we will create a MIT Kerberos domain with the following "
16506
16505
"features (edit them to fit your needs):"
16507
16506
msgstr ""
16508
16507
16509
#: serverguide/C/network-auth.xml:2809(para)
16508
#: serverguide/C/network-auth.xml:2808(para)
16510
16509
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16511
16510
msgstr ""
16512
16511
16513
#: serverguide/C/network-auth.xml:2814(para)
16512
#: serverguide/C/network-auth.xml:2813(para)
16514
16513
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16515
16514
msgstr ""
16516
16515
16517
#: serverguide/C/network-auth.xml:2819(para)
16516
#: serverguide/C/network-auth.xml:2818(para)
16518
16517
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16519
16518
msgstr ""
16520
16519
16521
#: serverguide/C/network-auth.xml:2824(para)
16520
#: serverguide/C/network-auth.xml:2823(para)
16522
16521
msgid "<emphasis>User principal:</emphasis> steve"
16523
16522
msgstr ""
16524
16523
16525
#: serverguide/C/network-auth.xml:2829(para)
16524
#: serverguide/C/network-auth.xml:2828(para)
16526
16525
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16527
16526
msgstr ""
16528
16527
16529
#: serverguide/C/network-auth.xml:2836(para)
16528
#: serverguide/C/network-auth.xml:2835(para)
16530
16529
msgid ""
16531
16530
"It is <emphasis>strongly</emphasis> recommended that your network-"
16532
16531
"authenticated users have their uid in a different range (say, starting at "
16533
16532
"5000) than that of your local users."
16534
16533
msgstr ""
16535
16534
16536
#: serverguide/C/network-auth.xml:2842(para)
16535
#: serverguide/C/network-auth.xml:2841(para)
16537
16536
msgid ""
16538
16537
"Before installing the Kerberos server a properly configured DNS server is "
16539
16538
"needed for your domain. Since the Kerberos Realm by convention matches the "
16542
16541
"documentation."
16543
16542
msgstr ""
16544
16543
16545
#: serverguide/C/network-auth.xml:2848(para)
16544
#: serverguide/C/network-auth.xml:2847(para)
16546
16545
msgid ""
16547
16546
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16548
16547
"between a client machine and the server differs by more than five minutes "
16552
16551
"setting up NTP see <xref linkend=\"NTP\"/>."
16553
16552
msgstr ""
16554
16553
16555
#: serverguide/C/network-auth.xml:2856(para)
16554
#: serverguide/C/network-auth.xml:2855(para)
16556
16555
msgid ""
16557
16556
"The first step in creating a Kerberos Realm is to install the "
16558
16557
"<application>krb5-kdc</application> and <application>krb5-admin-"
16559
16558
"server</application> packages. From a terminal enter:"
16560
16559
msgstr ""
16561
16560
16562
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16561
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16563
16562
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16564
16563
msgstr ""
16565
16564
16566
#: serverguide/C/network-auth.xml:2865(para)
16565
#: serverguide/C/network-auth.xml:2864(para)
16567
16566
msgid ""
16568
16567
"You will be asked at the end of the install to supply the hostname for the "
16569
16568
"Kerberos and Admin servers, which may or may not be the same server, for the "
16570
16569
"realm."
16571
16570
msgstr ""
16572
16571
16573
#: serverguide/C/network-auth.xml:2872(para)
16572
#: serverguide/C/network-auth.xml:2871(para)
16574
16573
msgid "By default the realm is created from the KDC's domain name."
16575
16574
msgstr ""
16576
16575
16577
#: serverguide/C/network-auth.xml:2877(para)
16576
#: serverguide/C/network-auth.xml:2876(para)
16578
16577
msgid ""
16579
16578
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16580
16579
"utility:"
16581
16580
msgstr ""
16582
16581
16583
#: serverguide/C/network-auth.xml:2882(command)
16582
#: serverguide/C/network-auth.xml:2881(command)
16584
16583
msgid "sudo krb5_newrealm"
16585
16584
msgstr ""
16586
16585
16587
#: serverguide/C/network-auth.xml:2889(para)
16586
#: serverguide/C/network-auth.xml:2888(para)
16588
16587
msgid ""
16589
16588
"The questions asked during installation are used to configure the "
16590
16589
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16594
16593
"typing"
16595
16594
msgstr ""
16596
16595
16597
#: serverguide/C/network-auth.xml:2896(command)
16596
#: serverguide/C/network-auth.xml:2895(command)
16598
16597
msgid "sudo dpkg-reconfigure krb5-kdc"
16599
16598
msgstr ""
16600
16599
16601
#: serverguide/C/network-auth.xml:2902(para)
16600
#: serverguide/C/network-auth.xml:2901(para)
16602
16601
msgid ""
16603
16602
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16604
16603
"principal</emphasis> -- is needed. It is recommended to use a different "
16606
16605
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16607
16606
msgstr ""
16608
16607
16609
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16608
#: serverguide/C/network-auth.xml:2909(command) serverguide/C/network-auth.xml:3779(command)
16610
16609
msgid "sudo kadmin.local"
16611
16610
msgstr ""
16612
16611
16613
#: serverguide/C/network-auth.xml:2911(computeroutput)
16612
#: serverguide/C/network-auth.xml:2910(computeroutput)
16614
16613
#, no-wrap
16615
16614
msgid ""
16616
16615
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16617
16616
"kadmin.local:"
16618
16617
msgstr ""
16619
16618
16620
#: serverguide/C/network-auth.xml:2912(userinput)
16619
#: serverguide/C/network-auth.xml:2911(userinput)
16621
16620
#, no-wrap
16622
16621
msgid " addprinc steve/admin"
16623
16622
msgstr ""
16624
16623
16625
#: serverguide/C/network-auth.xml:2913(computeroutput)
16624
#: serverguide/C/network-auth.xml:2912(computeroutput)
16626
16625
#, no-wrap
16627
16626
msgid ""
16628
16627
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16633
16632
"kadmin.local:"
16634
16633
msgstr ""
16635
16634
16636
#: serverguide/C/network-auth.xml:2917(userinput)
16635
#: serverguide/C/network-auth.xml:2916(userinput)
16637
16636
#, no-wrap
16638
16637
msgid " quit"
16639
16638
msgstr ""
16640
16639
16641
#: serverguide/C/network-auth.xml:2920(para)
16640
#: serverguide/C/network-auth.xml:2919(para)
16642
16641
msgid ""
16643
16642
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16644
16643
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16650
16649
"rights."
16651
16650
msgstr ""
16652
16651
16653
#: serverguide/C/network-auth.xml:2930(para)
16652
#: serverguide/C/network-auth.xml:2929(para)
16654
16653
msgid ""
16655
16654
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16656
16655
"your Realm and admin username."
16657
16656
msgstr ""
16658
16657
16659
#: serverguide/C/network-auth.xml:2938(para)
16658
#: serverguide/C/network-auth.xml:2937(para)
16660
16659
msgid ""
16661
16660
"Next, the new admin user needs to have the appropriate Access Control List "
16662
16661
"(ACL) permissions. The permissions are configured in the "
16663
16662
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16664
16663
msgstr ""
16665
16664
16666
#: serverguide/C/network-auth.xml:2943(programlisting)
16665
#: serverguide/C/network-auth.xml:2942(programlisting)
16667
16666
#, no-wrap
16668
16667
msgid ""
16669
16668
"\n"
16670
16669
"steve/admin@EXAMPLE.COM *\n"
16671
16670
msgstr ""
16672
16671
16673
#: serverguide/C/network-auth.xml:2947(para)
16672
#: serverguide/C/network-auth.xml:2946(para)
16674
16673
msgid ""
16675
16674
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16676
16675
"any operation on all principals in the realm. You can configure principals "
16679
16678
"<emphasis>kadm5.acl</emphasis> man page for details."
16680
16679
msgstr ""
16681
16680
16682
#: serverguide/C/network-auth.xml:2959(para)
16681
#: serverguide/C/network-auth.xml:2958(para)
16683
16682
msgid ""
16684
16683
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16685
16684
"to take affect:"
16686
16685
msgstr ""
16687
16686
16688
#: serverguide/C/network-auth.xml:2961(command)
16687
#: serverguide/C/network-auth.xml:2963(command)
16689
16688
msgid "sudo service krb5-admin-server restart"
16690
16689
msgstr ""
16691
16690
16692
#: serverguide/C/network-auth.xml:2970(para)
16691
#: serverguide/C/network-auth.xml:2969(para)
16693
16692
msgid ""
16694
16693
"The new user principal can be tested using the <application>kinit "
16695
16694
"utility</application>:"
16696
16695
msgstr ""
16697
16696
16698
#: serverguide/C/network-auth.xml:2975(command)
16697
#: serverguide/C/network-auth.xml:2974(command)
16699
16698
msgid "kinit steve/admin"
16700
16699
msgstr ""
16701
16700
16702
#: serverguide/C/network-auth.xml:2976(computeroutput)
16701
#: serverguide/C/network-auth.xml:2975(computeroutput)
16703
16702
#, no-wrap
16704
16703
msgid "steve/admin@EXAMPLE.COM's Password:"
16705
16704
msgstr ""
16706
16705
16707
#: serverguide/C/network-auth.xml:2979(para)
16706
#: serverguide/C/network-auth.xml:2978(para)
16708
16707
msgid ""
16709
16708
"After entering the password, use the <application>klist</application> "
16710
16709
"utility to view information about the Ticket Granting Ticket (TGT):"
16711
16710
msgstr ""
16712
16711
16713
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16712
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
16714
16713
msgid "klist"
16715
16714
msgstr ""
16716
16715
16717
#: serverguide/C/network-auth.xml:2986(computeroutput)
16716
#: serverguide/C/network-auth.xml:2985(computeroutput)
16718
16717
#, no-wrap
16719
16718
msgid ""
16720
16719
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16724
16723
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16725
16724
msgstr ""
16726
16725
16727
#: serverguide/C/network-auth.xml:2993(para)
16726
#: serverguide/C/network-auth.xml:2992(para)
16728
16727
msgid ""
16729
16728
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
16730
16729
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
16733
16732
"For example:"
16734
16733
msgstr ""
16735
16734
16736
#: serverguide/C/network-auth.xml:3002(programlisting)
16735
#: serverguide/C/network-auth.xml:3001(programlisting)
16737
16736
#, no-wrap
16738
16737
msgid ""
16739
16738
"\n"
16740
16739
"192.168.0.1 kdc01.example.com kdc01\n"
16741
16740
msgstr ""
16742
16741
16743
#: serverguide/C/network-auth.xml:3006(para)
16742
#: serverguide/C/network-auth.xml:3005(para)
16744
16743
msgid ""
16745
16744
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
16746
16745
"This usually happens when you have a Kerberos realm encompassing different "
16747
16746
"networks separated by routers."
16748
16747
msgstr ""
16749
16748
16750
#: serverguide/C/network-auth.xml:3015(para)
16749
#: serverguide/C/network-auth.xml:3014(para)
16751
16750
msgid ""
16752
16751
"The best way to allow clients to automatically determine the KDC for the "
16753
16752
"Realm is using DNS SRV records. Add the following to "
16754
16753
"<filename>/etc/named/db.example.com</filename>:"
16755
16754
msgstr ""
16756
16755
16757
#: serverguide/C/network-auth.xml:3021(programlisting)
16756
#: serverguide/C/network-auth.xml:3020(programlisting)
16758
16757
#, no-wrap
16759
16758
msgid ""
16760
16759
"\n"
16766
16765
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16767
16766
msgstr ""
16768
16767
16769
#: serverguide/C/network-auth.xml:3031(para)
16768
#: serverguide/C/network-auth.xml:3030(para)
16770
16769
msgid ""
16771
16770
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16772
16771
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16773
16772
"KDC."
16774
16773
msgstr ""
16775
16774
16776
#: serverguide/C/network-auth.xml:3037(para)
16775
#: serverguide/C/network-auth.xml:3036(para)
16777
16776
msgid ""
16778
16777
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16779
16778
msgstr ""
16780
16779
16781
#: serverguide/C/network-auth.xml:3044(para)
16780
#: serverguide/C/network-auth.xml:3043(para)
16782
16781
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16783
16782
msgstr ""
16784
16783
16785
#: serverguide/C/network-auth.xml:3051(title)
16784
#: serverguide/C/network-auth.xml:3050(title)
16786
16785
msgid "Secondary KDC"
16787
16786
msgstr ""
16788
16787
16789
#: serverguide/C/network-auth.xml:3053(para)
16788
#: serverguide/C/network-auth.xml:3052(para)
16790
16789
msgid ""
16791
16790
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16792
16791
"practice to have a Secondary KDC in case the primary becomes unavailable. "
16795
16794
"of those networks."
16796
16795
msgstr ""
16797
16796
16798
#: serverguide/C/network-auth.xml:3064(para)
16797
#: serverguide/C/network-auth.xml:3063(para)
16799
16798
msgid ""
16800
16799
"First, install the packages, and when asked for the Kerberos and Admin "
16801
16800
"server names enter the name of the Primary KDC:"
16802
16801
msgstr ""
16803
16802
16804
#: serverguide/C/network-auth.xml:3075(para)
16803
#: serverguide/C/network-auth.xml:3074(para)
16805
16804
msgid ""
16806
16805
"Once you have the packages installed, create the Secondary KDC's host "
16807
16806
"principal. From a terminal prompt, enter:"
16808
16807
msgstr ""
16809
16808
16810
#: serverguide/C/network-auth.xml:3080(command)
16809
#: serverguide/C/network-auth.xml:3079(command)
16811
16810
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16812
16811
msgstr ""
16813
16812
16814
#: serverguide/C/network-auth.xml:3084(para)
16813
#: serverguide/C/network-auth.xml:3083(para)
16815
16814
msgid ""
16816
16815
"After, issuing any <application>kadmin</application> commands you will be "
16817
16816
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16818
16817
"password."
16819
16818
msgstr ""
16820
16819
16821
#: serverguide/C/network-auth.xml:3093(para)
16820
#: serverguide/C/network-auth.xml:3092(para)
16822
16821
msgid "Extract the <emphasis>keytab</emphasis> file:"
16823
16822
msgstr ""
16824
16823
16825
#: serverguide/C/network-auth.xml:3098(command)
16824
#: serverguide/C/network-auth.xml:3097(command)
16826
16825
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16827
16826
msgstr ""
16828
16827
16829
#: serverguide/C/network-auth.xml:3104(para)
16828
#: serverguide/C/network-auth.xml:3103(para)
16830
16829
msgid ""
16831
16830
"There should now be a <filename>keytab.kdc02</filename> in the current "
16832
16831
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16833
16832
msgstr ""
16834
16833
16835
#: serverguide/C/network-auth.xml:3110(command)
16834
#: serverguide/C/network-auth.xml:3109(command)
16836
16835
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16837
16836
msgstr ""
16838
16837
16839
#: serverguide/C/network-auth.xml:3114(para)
16838
#: serverguide/C/network-auth.xml:3113(para)
16840
16839
msgid ""
16841
16840
"If the path to the <filename>keytab.kdc02</filename> file is different "
16842
16841
"adjust accordingly."
16843
16842
msgstr ""
16844
16843
16845
#: serverguide/C/network-auth.xml:3119(para)
16844
#: serverguide/C/network-auth.xml:3118(para)
16846
16845
msgid ""
16847
16846
"Also, you can list the principals in a Keytab file, which can be useful when "
16848
16847
"troubleshooting, using the <application>klist</application> utility:"
16849
16848
msgstr ""
16850
16849
16851
#: serverguide/C/network-auth.xml:3125(command)
16850
#: serverguide/C/network-auth.xml:3124(command)
16852
16851
msgid "sudo klist -k /etc/krb5.keytab"
16853
16852
msgstr ""
16854
16853
16855
#: serverguide/C/network-auth.xml:3128(para)
16854
#: serverguide/C/network-auth.xml:3127(para)
16856
16855
msgid ""
16857
16856
"The <application>-k</application> option indicates the file is a keytab file."
16858
16857
msgstr ""
16859
16858
16860
#: serverguide/C/network-auth.xml:3135(para)
16859
#: serverguide/C/network-auth.xml:3134(para)
16861
16860
msgid ""
16862
16861
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16863
16862
"that lists all KDCs for the Realm. For example, on both primary and "
16864
16863
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16865
16864
msgstr ""
16866
16865
16867
#: serverguide/C/network-auth.xml:3140(programlisting)
16866
#: serverguide/C/network-auth.xml:3139(programlisting)
16868
16867
#, no-wrap
16869
16868
msgid ""
16870
16869
"\n"
16872
16871
"host/kdc02.example.com@EXAMPLE.COM\n"
16873
16872
msgstr ""
16874
16873
16875
#: serverguide/C/network-auth.xml:3148(para)
16874
#: serverguide/C/network-auth.xml:3147(para)
16876
16875
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16877
16876
msgstr ""
16878
16877
16879
#: serverguide/C/network-auth.xml:3153(command)
16878
#: serverguide/C/network-auth.xml:3152(command)
16880
16879
msgid "sudo kdb5_util -s create"
16881
16880
msgstr ""
16882
16881
16883
#: serverguide/C/network-auth.xml:3159(para)
16882
#: serverguide/C/network-auth.xml:3158(para)
16884
16883
msgid ""
16885
16884
"Now start the <application>kpropd</application> daemon, which listens for "
16886
16885
"connections from the <application>kprop</application> utility. "
16887
16886
"<application>kprop</application> is used to transfer dump files:"
16888
16887
msgstr ""
16889
16888
16890
#: serverguide/C/network-auth.xml:3166(command)
16889
#: serverguide/C/network-auth.xml:3165(command)
16891
16890
msgid "sudo kpropd -S"
16892
16891
msgstr ""
16893
16892
16894
#: serverguide/C/network-auth.xml:3172(para)
16893
#: serverguide/C/network-auth.xml:3171(para)
16895
16894
msgid ""
16896
16895
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16897
16896
"of the principal database:"
16898
16897
msgstr ""
16899
16898
16900
#: serverguide/C/network-auth.xml:3177(command)
16899
#: serverguide/C/network-auth.xml:3176(command)
16901
16900
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16902
16901
msgstr ""
16903
16902
16904
#: serverguide/C/network-auth.xml:3183(para)
16903
#: serverguide/C/network-auth.xml:3182(para)
16905
16904
msgid ""
16906
16905
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16907
16906
"<filename>/etc/krb5.keytab</filename>:"
16908
16907
msgstr ""
16909
16908
16909
#: serverguide/C/network-auth.xml:3187(command)
16910
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16911
msgstr ""
16912
16910
16913
#: serverguide/C/network-auth.xml:3188(command)
16911
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16912
msgstr ""
16913
16914
#: serverguide/C/network-auth.xml:3189(command)
16915
16914
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16916
16915
msgstr ""
16917
16916
16918
#: serverguide/C/network-auth.xml:3193(para)
16917
#: serverguide/C/network-auth.xml:3192(para)
16919
16918
msgid ""
16920
16919
"Make sure there is a <emphasis>host</emphasis> for "
16921
16920
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16922
16921
msgstr ""
16923
16922
16924
#: serverguide/C/network-auth.xml:3201(para)
16923
#: serverguide/C/network-auth.xml:3200(para)
16925
16924
msgid ""
16926
16925
"Using the <application>kprop</application> utility push the database to the "
16927
16926
"Secondary KDC:"
16928
16927
msgstr ""
16929
16928
16930
#: serverguide/C/network-auth.xml:3206(command)
16929
#: serverguide/C/network-auth.xml:3205(command)
16931
16930
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16932
16931
msgstr ""
16933
16932
16934
#: serverguide/C/network-auth.xml:3210(para)
16933
#: serverguide/C/network-auth.xml:3209(para)
16935
16934
msgid ""
16936
16935
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16937
16936
"worked. If there is an error message check "
16939
16938
"information."
16940
16939
msgstr ""
16941
16940
16942
#: serverguide/C/network-auth.xml:3216(para)
16941
#: serverguide/C/network-auth.xml:3215(para)
16943
16942
msgid ""
16944
16943
"You may also want to create a <application>cron</application> job to "
16945
16944
"periodically update the database on the Secondary KDC. For example, the "
16947
16946
"split to fit the format of this document):"
16948
16947
msgstr ""
16949
16948
16950
#: serverguide/C/network-auth.xml:3221(programlisting)
16949
#: serverguide/C/network-auth.xml:3220(programlisting)
16951
16950
#, no-wrap
16952
16951
msgid ""
16953
16952
"\n"
16956
16955
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16957
16956
msgstr ""
16958
16957
16959
#: serverguide/C/network-auth.xml:3230(para)
16958
#: serverguide/C/network-auth.xml:3229(para)
16960
16959
msgid ""
16961
16960
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16962
16961
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16963
16962
msgstr ""
16964
16963
16965
#: serverguide/C/network-auth.xml:3236(command)
16964
#: serverguide/C/network-auth.xml:3235(command)
16966
16965
msgid "sudo kdb5_util stash"
16967
16966
msgstr ""
16968
16967
16969
#: serverguide/C/network-auth.xml:3242(para)
16968
#: serverguide/C/network-auth.xml:3241(para)
16970
16969
msgid ""
16971
16970
"Finally, start the <application>krb5-kdc</application> daemon on the "
16972
16971
"Secondary KDC:"
16973
16972
msgstr ""
16974
16973
16975
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
16974
#: serverguide/C/network-auth.xml:3246(command) serverguide/C/network-auth.xml:3922(command)
16976
16975
msgid "sudo service krb5-kdc start"
16977
16976
msgstr ""
16978
16977
16979
#: serverguide/C/network-auth.xml:3253(para)
16978
#: serverguide/C/network-auth.xml:3252(para)
16980
16979
msgid ""
16981
16980
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16982
16981
"for the Realm. You can test this by stopping the <application>krb5-"
16987
16986
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
16988
16987
msgstr ""
16989
16988
16990
#: serverguide/C/network-auth.xml:3264(title)
16989
#: serverguide/C/network-auth.xml:3263(title)
16991
16990
msgid "Kerberos Linux Client"
16992
16991
msgstr ""
16993
16992
16994
#: serverguide/C/network-auth.xml:3266(para)
16993
#: serverguide/C/network-auth.xml:3265(para)
16995
16994
msgid ""
16996
16995
"This section covers configuring a Linux system as a "
16997
16996
"<application>Kerberos</application> client. This will allow access to any "
16998
16997
"kerberized services once a user has successfully logged into the system."
16999
16998
msgstr ""
17000
16999
17001
#: serverguide/C/network-auth.xml:3274(para)
17000
#: serverguide/C/network-auth.xml:3273(para)
17002
17001
msgid ""
17003
17002
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17004
17003
"user</application> and <application>libpam-krb5</application> packages are "
17007
17006
"prompt:"
17008
17007
msgstr ""
17009
17008
17010
#: serverguide/C/network-auth.xml:3281(command)
17009
#: serverguide/C/network-auth.xml:3280(command)
17011
17010
msgid ""
17012
17011
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17013
17012
msgstr ""
17014
17013
17015
#: serverguide/C/network-auth.xml:3284(para)
17014
#: serverguide/C/network-auth.xml:3283(para)
17016
17015
msgid ""
17017
17016
"The <application>auth-client-config</application> package allows simple "
17018
17017
"configuration of PAM for authentication from multiple sources, and the "
17023
17022
"be accessed off the network as well."
17024
17023
msgstr ""
17025
17024
17026
#: serverguide/C/network-auth.xml:3295(para)
17025
#: serverguide/C/network-auth.xml:3294(para)
17027
17026
msgid "To configure the client in a terminal enter:"
17028
17027
msgstr ""
17029
17028
17030
#: serverguide/C/network-auth.xml:3300(command)
17029
#: serverguide/C/network-auth.xml:3299(command)
17031
17030
msgid "sudo dpkg-reconfigure krb5-config"
17032
17031
msgstr ""
17033
17032
17034
#: serverguide/C/network-auth.xml:3303(para)
17033
#: serverguide/C/network-auth.xml:3302(para)
17035
17034
msgid ""
17036
17035
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
17037
17036
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
17039
17038
"Center (KDC) and Realm Administration server."
17040
17039
msgstr ""
17041
17040
17042
#: serverguide/C/network-auth.xml:3309(para)
17041
#: serverguide/C/network-auth.xml:3308(para)
17043
17042
msgid ""
17044
17043
"The <application>dpkg-reconfigure</application> adds entries to the "
17045
17044
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
17046
17045
"entries similar to the following:"
17047
17046
msgstr ""
17048
17047
17049
#: serverguide/C/network-auth.xml:3311(programlisting)
17048
#: serverguide/C/network-auth.xml:3313(programlisting)
17050
17049
#, no-wrap
17051
17050
msgid ""
17052
17051
"\n"
17060
17059
" }\n"
17061
17060
msgstr ""
17062
17061
17063
#: serverguide/C/network-auth.xml:3326(para)
17062
#: serverguide/C/network-auth.xml:3325(para)
17064
17063
msgid ""
17065
17064
"If you set the uid of each of your network-authenticated users to start at "
17066
17065
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17068
17067
"> 5000:"
17069
17068
msgstr ""
17070
17069
17071
#: serverguide/C/network-auth.xml:3334(command)
17070
#: serverguide/C/network-auth.xml:3333(command)
17072
17071
msgid ""
17073
17072
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17074
17073
"for i in common-auth common-session common-account common-password; do sudo "
17076
17075
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17077
17076
msgstr ""
17078
17077
17079
#: serverguide/C/network-auth.xml:3341(para)
17078
#: serverguide/C/network-auth.xml:3340(para)
17080
17079
msgid ""
17081
17080
"This will avoid being asked for the (non-existent) Kerberos password of a "
17082
17081
"locally authenticated user when changing its password using "
17083
17082
"<command>passwd</command>."
17084
17083
msgstr ""
17085
17084
17086
#: serverguide/C/network-auth.xml:3348(para)
17085
#: serverguide/C/network-auth.xml:3347(para)
17087
17086
msgid ""
17088
17087
"You can test the configuration by requesting a ticket using the "
17089
17088
"<application>kinit</application> utility. For example:"
17090
17089
msgstr ""
17091
17090
17092
#: serverguide/C/network-auth.xml:3353(command)
17091
#: serverguide/C/network-auth.xml:3352(command)
17093
17092
msgid "kinit steve@EXAMPLE.COM"
17094
17093
msgstr ""
17095
17094
17096
#: serverguide/C/network-auth.xml:3354(computeroutput)
17095
#: serverguide/C/network-auth.xml:3353(computeroutput)
17097
17096
#, no-wrap
17098
17097
msgid "Password for steve@EXAMPLE.COM:"
17099
17098
msgstr ""
17100
17099
17101
#: serverguide/C/network-auth.xml:3357(para)
17100
#: serverguide/C/network-auth.xml:3356(para)
17102
17101
msgid ""
17103
17102
"When a ticket has been granted, the details can be viewed using "
17104
17103
"<application>klist</application>:"
17105
17104
msgstr ""
17106
17105
17107
#: serverguide/C/network-auth.xml:3363(computeroutput)
17106
#: serverguide/C/network-auth.xml:3362(computeroutput)
17108
17107
#, no-wrap
17109
17108
msgid ""
17110
17109
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17119
17118
"klist: You have no tickets cached"
17120
17119
msgstr ""
17121
17120
17122
#: serverguide/C/network-auth.xml:3375(para)
17121
#: serverguide/C/network-auth.xml:3374(para)
17123
17122
msgid ""
17124
17123
"Next, use the <application>auth-client-config</application> to configure the "
17125
17124
"<application>libpam-krb5</application> module to request a ticket during "
17126
17125
"login:"
17127
17126
msgstr ""
17128
17127
17129
#: serverguide/C/network-auth.xml:3381(command)
17128
#: serverguide/C/network-auth.xml:3380(command)
17130
17129
msgid "sudo auth-client-config -a -p kerberos_example"
17131
17130
msgstr ""
17132
17131
17133
#: serverguide/C/network-auth.xml:3384(para)
17132
#: serverguide/C/network-auth.xml:3383(para)
17134
17133
msgid ""
17135
17134
"You will should now receive a ticket upon successful login authentication."
17136
17135
msgstr ""
17137
17136
17138
#: serverguide/C/network-auth.xml:3395(para)
17137
#: serverguide/C/network-auth.xml:3394(para)
17139
17138
msgid ""
17140
17139
"For more information on MIT's version of Kerberos, see the <ulink "
17141
17140
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17142
17141
msgstr ""
17143
17142
17144
#: serverguide/C/network-auth.xml:3400(para)
17143
#: serverguide/C/network-auth.xml:3399(para)
17145
17144
msgid ""
17146
17145
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17147
17146
"Kerberos</ulink> page has more details."
17148
17147
msgstr ""
17149
17148
17150
#: serverguide/C/network-auth.xml:3405(para)
17149
#: serverguide/C/network-auth.xml:3404(para)
17151
17150
msgid ""
17152
17151
"O'Reilly's <ulink "
17153
17152
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17154
17153
"Guide</ulink> is a great reference when setting up Kerberos."
17155
17154
msgstr ""
17156
17155
17157
#: serverguide/C/network-auth.xml:3411(para)
17156
#: serverguide/C/network-auth.xml:3410(para)
17158
17157
msgid ""
17159
17158
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17160
17159
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17161
17160
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17162
17161
msgstr ""
17163
17162
17164
#: serverguide/C/network-auth.xml:3423(title)
17163
#: serverguide/C/network-auth.xml:3422(title)
17165
17164
msgid "Kerberos and LDAP"
17166
17165
msgstr ""
17167
17166
17168
#: serverguide/C/network-auth.xml:3425(para)
17167
#: serverguide/C/network-auth.xml:3424(para)
17169
17168
msgid ""
17170
17169
"Most people will not use Kerberos by itself; once an user is authenticated "
17171
17170
"(Kerberos), we need to figure out what this user can do (authorization). And "
17172
17171
"that would be the job of programs such as <application>LDAP</application>."
17173
17172
msgstr ""
17174
17173
17175
#: serverguide/C/network-auth.xml:3432(para)
17174
#: serverguide/C/network-auth.xml:3431(para)
17176
17175
msgid ""
17177
17176
"Replicating a Kerberos principal database between two servers can be "
17178
17177
"complicated, and adds an additional user database to your network. "
17182
17181
"<application>OpenLDAP</application> for the principal database."
17183
17182
msgstr ""
17184
17183
17185
#: serverguide/C/network-auth.xml:3440(para)
17184
#: serverguide/C/network-auth.xml:3439(para)
17186
17185
msgid ""
17187
17186
"The examples presented here assume <application>MIT Kerberos</application> "
17188
17187
"and <application>OpenLDAP</application>."
17189
17188
msgstr ""
17190
17189
17191
#: serverguide/C/network-auth.xml:3448(title)
17190
#: serverguide/C/network-auth.xml:3447(title)
17192
17191
msgid "Configuring OpenLDAP"
17193
17192
msgstr ""
17194
17193
17195
#: serverguide/C/network-auth.xml:3450(para)
17194
#: serverguide/C/network-auth.xml:3449(para)
17196
17195
msgid ""
17197
17196
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17198
17197
"<application>OpenLDAP</application> server that has network connectivity to "
17201
17200
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17202
17201
msgstr ""
17203
17202
17204
#: serverguide/C/network-auth.xml:3456(para)
17203
#: serverguide/C/network-auth.xml:3455(para)
17205
17204
msgid ""
17206
17205
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17207
17206
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17208
17207
"linkend=\"openldap-tls\"/> for details."
17209
17208
msgstr ""
17210
17209
17211
#: serverguide/C/network-auth.xml:3462(para)
17210
#: serverguide/C/network-auth.xml:3461(para)
17212
17211
msgid ""
17213
17212
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17214
17213
"edit the ldap database. Many times it is the RootDN. Change its value to "
17215
17214
"reflect your setup."
17216
17215
msgstr ""
17217
17216
17218
#: serverguide/C/network-auth.xml:3471(para)
17217
#: serverguide/C/network-auth.xml:3470(para)
17219
17218
msgid ""
17220
17219
"To load the schema into LDAP, on the LDAP server install the "
17221
17220
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17222
17221
msgstr ""
17223
17222
17224
#: serverguide/C/network-auth.xml:3477(command)
17223
#: serverguide/C/network-auth.xml:3476(command)
17225
17224
msgid "sudo apt-get install krb5-kdc-ldap"
17226
17225
msgstr ""
17227
17226
17228
#: serverguide/C/network-auth.xml:3482(para)
17227
#: serverguide/C/network-auth.xml:3481(para)
17229
17228
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17230
17229
msgstr ""
17231
17230
17231
#: serverguide/C/network-auth.xml:3486(command)
17232
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17233
msgstr ""
17234
17232
17235
#: serverguide/C/network-auth.xml:3487(command)
17233
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17234
msgstr ""
17235
17236
#: serverguide/C/network-auth.xml:3488(command)
17237
17236
msgid ""
17238
17237
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17239
17238
msgstr ""
17240
17239
17241
#: serverguide/C/network-auth.xml:3494(para)
17240
#: serverguide/C/network-auth.xml:3493(para)
17242
17241
msgid ""
17243
17242
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17244
17243
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17246
17245
"linkend=\"openldap-configuration\"/>."
17247
17246
msgstr ""
17248
17247
17249
#: serverguide/C/network-auth.xml:3502(para)
17248
#: serverguide/C/network-auth.xml:3501(para)
17250
17249
msgid ""
17251
17250
"First, create a configuration file named "
17252
17251
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17253
17252
"containing the following lines:"
17254
17253
msgstr ""
17255
17254
17256
#: serverguide/C/network-auth.xml:3507(programlisting)
17255
#: serverguide/C/network-auth.xml:3506(programlisting)
17257
17256
#, no-wrap
17258
17257
msgid ""
17259
17258
"\n"
17272
17271
"include /etc/ldap/schema/kerberos.schema\n"
17273
17272
msgstr ""
17274
17273
17275
#: serverguide/C/network-auth.xml:3527(para)
17274
#: serverguide/C/network-auth.xml:3526(para)
17276
17275
msgid "Create a temporary directory to hold the LDIF files:"
17277
17276
msgstr ""
17278
17277
17279
#: serverguide/C/network-auth.xml:3531(command)
17278
#: serverguide/C/network-auth.xml:3530(command)
17280
17279
msgid "mkdir /tmp/ldif_output"
17281
17280
msgstr ""
17282
17281
17283
#: serverguide/C/network-auth.xml:3537(para)
17282
#: serverguide/C/network-auth.xml:3536(para)
17284
17283
msgid ""
17285
17284
"Now use <application>slapcat</application> to convert the schema files:"
17286
17285
msgstr ""
17287
17286
17288
#: serverguide/C/network-auth.xml:3542(command)
17287
#: serverguide/C/network-auth.xml:3541(command)
17289
17288
msgid ""
17290
17289
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17291
17290
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17292
17291
msgstr ""
17293
17292
17294
#: serverguide/C/network-auth.xml:3546(para)
17293
#: serverguide/C/network-auth.xml:3545(para)
17295
17294
msgid ""
17296
17295
"Change the above file and path names to match your own if they are different."
17297
17296
msgstr ""
17298
17297
17299
#: serverguide/C/network-auth.xml:3553(para)
17298
#: serverguide/C/network-auth.xml:3552(para)
17300
17299
msgid ""
17301
17300
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17302
17301
"changing the following attributes:"
17303
17302
msgstr ""
17304
17303
17305
#: serverguide/C/network-auth.xml:3557(programlisting)
17304
#: serverguide/C/network-auth.xml:3556(programlisting)
17306
17305
#, no-wrap
17307
17306
msgid ""
17308
17307
"\n"
17311
17310
"cn: kerberos\n"
17312
17311
msgstr ""
17313
17312
17314
#: serverguide/C/network-auth.xml:3563(para)
17313
#: serverguide/C/network-auth.xml:3562(para)
17315
17314
msgid "And remove the following lines from the end of the file:"
17316
17315
msgstr ""
17317
17316
17318
#: serverguide/C/network-auth.xml:3567(programlisting)
17317
#: serverguide/C/network-auth.xml:3566(programlisting)
17319
17318
#, no-wrap
17320
17319
msgid ""
17321
17320
"\n"
17328
17327
"modifyTimestamp: 20090111203515Z\n"
17329
17328
msgstr ""
17330
17329
17331
#: serverguide/C/network-auth.xml:3577(para)
17330
#: serverguide/C/network-auth.xml:3576(para)
17332
17331
msgid ""
17333
17332
"The attribute values will vary, just be sure the attributes are removed."
17334
17333
msgstr ""
17335
17334
17336
#: serverguide/C/network-auth.xml:3584(para)
17335
#: serverguide/C/network-auth.xml:3583(para)
17337
17336
msgid "Load the new schema with <application>ldapadd</application>:"
17338
17337
msgstr ""
17339
17338
17340
#: serverguide/C/network-auth.xml:3589(command)
17339
#: serverguide/C/network-auth.xml:3588(command)
17341
17340
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17342
17341
msgstr ""
17343
17342
17344
#: serverguide/C/network-auth.xml:3595(para)
17343
#: serverguide/C/network-auth.xml:3594(para)
17345
17344
msgid ""
17346
17345
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17347
17346
msgstr ""
17348
17347
17349
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17348
#: serverguide/C/network-auth.xml:3599(command) serverguide/C/network-auth.xml:3616(command)
17350
17349
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17351
17350
msgstr ""
17352
17351
17353
#: serverguide/C/network-auth.xml:3602(userinput)
17352
#: serverguide/C/network-auth.xml:3601(userinput)
17354
17353
#, no-wrap
17355
17354
msgid ""
17356
17355
"dn: olcDatabase={1}hdb,cn=config\n"
17358
17357
"olcDbIndex: krbPrincipalName eq,pres,sub"
17359
17358
msgstr ""
17360
17359
17361
#: serverguide/C/network-auth.xml:3601(computeroutput)
17360
#: serverguide/C/network-auth.xml:3600(computeroutput)
17362
17361
#, no-wrap
17363
17362
msgid ""
17364
17363
"Enter LDAP Password:\n"
17367
17366
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17368
17367
msgstr ""
17369
17368
17370
#: serverguide/C/network-auth.xml:3612(para)
17369
#: serverguide/C/network-auth.xml:3611(para)
17371
17370
msgid "Finally, update the Access Control Lists (ACL):"
17372
17371
msgstr ""
17373
17372
17374
#: serverguide/C/network-auth.xml:3619(userinput)
17373
#: serverguide/C/network-auth.xml:3618(userinput)
17375
17374
#, no-wrap
17376
17375
msgid ""
17377
17376
"dn: olcDatabase={1}hdb,cn=config\n"
17387
17386
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17388
17387
msgstr ""
17389
17388
17390
#: serverguide/C/network-auth.xml:3618(computeroutput)
17389
#: serverguide/C/network-auth.xml:3617(computeroutput)
17391
17390
#, no-wrap
17392
17391
msgid ""
17393
17392
"Enter LDAP Password: \n"
17396
17395
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17397
17396
msgstr ""
17398
17397
17399
#: serverguide/C/network-auth.xml:3639(para)
17398
#: serverguide/C/network-auth.xml:3638(para)
17400
17399
msgid ""
17401
17400
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17402
17401
"database."
17403
17402
msgstr ""
17404
17403
17405
#: serverguide/C/network-auth.xml:3645(title)
17404
#: serverguide/C/network-auth.xml:3644(title)
17406
17405
msgid "Primary KDC Configuration"
17407
17406
msgstr ""
17408
17407
17409
#: serverguide/C/network-auth.xml:3647(para)
17408
#: serverguide/C/network-auth.xml:3646(para)
17410
17409
msgid ""
17411
17410
"With <application>OpenLDAP</application> configured it is time to configure "
17412
17411
"the KDC."
17413
17412
msgstr ""
17414
17413
17415
#: serverguide/C/network-auth.xml:3653(para)
17414
#: serverguide/C/network-auth.xml:3652(para)
17416
17415
msgid "First, install the necessary packages, from a terminal enter:"
17417
17416
msgstr ""
17418
17417
17419
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17418
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17420
17419
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17421
17420
msgstr ""
17422
17421
17423
#: serverguide/C/network-auth.xml:3664(para)
17422
#: serverguide/C/network-auth.xml:3663(para)
17424
17423
msgid ""
17425
17424
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17426
17425
"under the appropriate sections:"
17427
17426
msgstr ""
17428
17427
17429
#: serverguide/C/network-auth.xml:3668(programlisting)
17428
#: serverguide/C/network-auth.xml:3667(programlisting)
17430
17429
#, no-wrap
17431
17430
msgid ""
17432
17431
"\n"
17476
17475
" }\n"
17477
17476
msgstr ""
17478
17477
17479
#: serverguide/C/network-auth.xml:3713(para)
17478
#: serverguide/C/network-auth.xml:3712(para)
17480
17479
msgid ""
17481
17480
"Change <emphasis>example.com</emphasis>, "
17482
17481
"<emphasis>dc=example,dc=com</emphasis>, "
17485
17484
"object, and LDAP server for your network."
17486
17485
msgstr ""
17487
17486
17488
#: serverguide/C/network-auth.xml:3722(para)
17487
#: serverguide/C/network-auth.xml:3721(para)
17489
17488
msgid ""
17490
17489
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17491
17490
"the realm:"
17492
17491
msgstr ""
17493
17492
17494
#: serverguide/C/network-auth.xml:3727(command)
17493
#: serverguide/C/network-auth.xml:3726(command)
17495
17494
msgid ""
17496
17495
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17497
17496
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17498
17497
msgstr ""
17499
17498
17500
#: serverguide/C/network-auth.xml:3734(para)
17499
#: serverguide/C/network-auth.xml:3733(para)
17501
17500
msgid ""
17502
17501
"Create a stash of the password used to bind to the LDAP server. This "
17503
17502
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17505
17504
"<filename>/etc/krb5.conf</filename>:"
17506
17505
msgstr ""
17507
17506
17508
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17507
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17509
17508
msgid ""
17510
17509
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17511
17510
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17512
17511
msgstr ""
17513
17512
17514
#: serverguide/C/network-auth.xml:3747(para)
17513
#: serverguide/C/network-auth.xml:3746(para)
17515
17514
msgid "Copy the CA certificate from the LDAP server:"
17516
17515
msgstr ""
17517
17516
17517
#: serverguide/C/network-auth.xml:3751(command)
17518
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17519
msgstr ""
17520
17518
17521
#: serverguide/C/network-auth.xml:3752(command)
17519
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17520
msgstr ""
17521
17522
#: serverguide/C/network-auth.xml:3753(command)
17523
17522
msgid "sudo cp cacert.pem /etc/ssl/certs"
17524
17523
msgstr ""
17525
17524
17526
#: serverguide/C/network-auth.xml:3756(para)
17525
#: serverguide/C/network-auth.xml:3755(para)
17527
17526
msgid ""
17528
17527
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17529
17528
msgstr ""
17530
17529
17531
#: serverguide/C/network-auth.xml:3760(programlisting)
17530
#: serverguide/C/network-auth.xml:3759(programlisting)
17532
17531
#, no-wrap
17533
17532
msgid ""
17534
17533
"\n"
17535
17534
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17536
17535
msgstr ""
17537
17536
17538
#: serverguide/C/network-auth.xml:3765(para)
17537
#: serverguide/C/network-auth.xml:3764(para)
17539
17538
msgid ""
17540
17539
"The certificate will also need to be copied to the Secondary KDC, to allow "
17541
17540
"the connection to the LDAP servers using LDAPS."
17542
17541
msgstr ""
17543
17542
17544
#: serverguide/C/network-auth.xml:3774(para)
17543
#: serverguide/C/network-auth.xml:3773(para)
17545
17544
msgid ""
17546
17545
"You can now add Kerberos principals to the LDAP database, and they will be "
17547
17546
"copied to any other LDAP servers configured for replication. To add a "
17548
17547
"principal using the <application>kadmin.local</application> utility enter:"
17549
17548
msgstr ""
17550
17549
17551
#: serverguide/C/network-auth.xml:3782(userinput)
17550
#: serverguide/C/network-auth.xml:3781(userinput)
17552
17551
#, no-wrap
17553
17552
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17554
17553
msgstr ""
17555
17554
17556
#: serverguide/C/network-auth.xml:3781(computeroutput)
17555
#: serverguide/C/network-auth.xml:3780(computeroutput)
17557
17556
#, no-wrap
17558
17557
msgid ""
17559
17558
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17564
17563
"Principal \"steve@EXAMPLE.COM\" created."
17565
17564
msgstr ""
17566
17565
17567
#: serverguide/C/network-auth.xml:3789(para)
17566
#: serverguide/C/network-auth.xml:3788(para)
17568
17567
msgid ""
17569
17568
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17570
17569
"krbExtraData attributes added to the "
17573
17572
"utilities to test that the user is indeed issued a ticket."
17574
17573
msgstr ""
17575
17574
17576
#: serverguide/C/network-auth.xml:3796(para)
17575
#: serverguide/C/network-auth.xml:3795(para)
17577
17576
msgid ""
17578
17577
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17579
17578
"option is needed to add the Kerberos attributes. Otherwise a new "
17580
17579
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17581
17580
msgstr ""
17582
17581
17583
#: serverguide/C/network-auth.xml:3804(title)
17582
#: serverguide/C/network-auth.xml:3803(title)
17584
17583
msgid "Secondary KDC Configuration"
17585
17584
msgstr ""
17586
17585
17587
#: serverguide/C/network-auth.xml:3806(para)
17586
#: serverguide/C/network-auth.xml:3805(para)
17588
17587
msgid ""
17589
17588
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17590
17589
"one using the normal Kerberos database."
17591
17590
msgstr ""
17592
17591
17593
#: serverguide/C/network-auth.xml:3812(para)
17592
#: serverguide/C/network-auth.xml:3811(para)
17594
17593
msgid "First, install the necessary packages. In a terminal enter:"
17595
17594
msgstr ""
17596
17595
17597
#: serverguide/C/network-auth.xml:3823(para)
17596
#: serverguide/C/network-auth.xml:3822(para)
17598
17597
msgid ""
17599
17598
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17600
17599
msgstr ""
17601
17600
17602
#: serverguide/C/network-auth.xml:3827(programlisting)
17601
#: serverguide/C/network-auth.xml:3826(programlisting)
17603
17602
#, no-wrap
17604
17603
msgid ""
17605
17604
"\n"
17648
17647
" }\n"
17649
17648
msgstr ""
17650
17649
17651
#: serverguide/C/network-auth.xml:3874(para)
17650
#: serverguide/C/network-auth.xml:3873(para)
17652
17651
msgid "Create the stash for the LDAP bind password:"
17653
17652
msgstr ""
17654
17653
17655
#: serverguide/C/network-auth.xml:3886(para)
17654
#: serverguide/C/network-auth.xml:3885(para)
17656
17655
msgid ""
17657
17656
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17658
17657
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17661
17660
"media."
17662
17661
msgstr ""
17663
17662
17663
#: serverguide/C/network-auth.xml:3892(command)
17664
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17665
msgstr ""
17666
17664
17667
#: serverguide/C/network-auth.xml:3893(command)
17665
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17666
msgstr ""
17667
17668
#: serverguide/C/network-auth.xml:3894(command)
17669
17668
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17670
17669
msgstr ""
17671
17670
17672
#: serverguide/C/network-auth.xml:3898(para)
17671
#: serverguide/C/network-auth.xml:3897(para)
17673
17672
msgid ""
17674
17673
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17675
17674
msgstr ""
17676
17675
17677
#: serverguide/C/network-auth.xml:3906(para)
17676
#: serverguide/C/network-auth.xml:3905(para)
17678
17677
msgid ""
17679
17678
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17680
17679
"only,"
17681
17680
msgstr ""
17682
17681
17683
#: serverguide/C/network-auth.xml:3918(para)
17682
#: serverguide/C/network-auth.xml:3917(para)
17684
17683
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17685
17684
msgstr ""
17686
17685
17687
#: serverguide/C/network-auth.xml:3929(para)
17686
#: serverguide/C/network-auth.xml:3928(para)
17688
17687
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17689
17688
msgstr ""
17690
17689
17691
#: serverguide/C/network-auth.xml:3936(para)
17690
#: serverguide/C/network-auth.xml:3935(para)
17692
17691
msgid ""
17693
17692
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17694
17693
"you should be able to continue to authenticate users if one LDAP server, one "
17695
17694
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17696
17695
msgstr ""
17697
17696
17698
#: serverguide/C/network-auth.xml:3948(para)
17697
#: serverguide/C/network-auth.xml:3947(para)
17699
17698
msgid ""
17700
17699
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17701
17700
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17702
17701
"Guide</ulink> has some additional details."
17703
17702
msgstr ""
17704
17703
17705
#: serverguide/C/network-auth.xml:3951(para)
17704
#: serverguide/C/network-auth.xml:3953(para)
17706
17705
msgid ""
17707
17706
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17708
17707
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17712
17711
"l\">kdb5_ldap_util man page</ulink>."
17713
17712
msgstr ""
17714
17713
17715
#: serverguide/C/network-auth.xml:3959(para)
17714
#: serverguide/C/network-auth.xml:3961(para)
17716
17715
msgid ""
17717
17716
"Another useful link is the <ulink "
17718
17717
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17719
17718
"rb5.conf man page</ulink>."
17720
17719
msgstr ""
17721
17720
17722
#: serverguide/C/network-auth.xml:3967(para)
17721
#: serverguide/C/network-auth.xml:3966(para)
17723
17722
msgid ""
17724
17723
"Also, see the <ulink "
17725
17724
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17726
17725
"and LDAP</ulink> Ubuntu wiki page."
17727
17726
msgstr ""
17728
17727
17729
#: serverguide/C/network-auth.xml:3973(title)
17728
#: serverguide/C/network-auth.xml:3975(title)
17730
17729
msgid "SSSD and Active Directory"
17731
17730
msgstr ""
17732
17731
17733
#: serverguide/C/network-auth.xml:3974(para)
17732
#: serverguide/C/network-auth.xml:3976(para)
17734
17733
msgid ""
17735
17734
"This section describes the use of sssd to authenticate user logins against "
17736
17735
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17741
17740
"requires no modifications to the AD structure."
17742
17741
msgstr ""
17743
17742
17744
#: serverguide/C/network-auth.xml:3978(title)
17743
#: serverguide/C/network-auth.xml:3980(title)
17745
17744
msgid "Prerequisites, Assumptions, and Requirements"
17746
17745
msgstr ""
17747
17746
17748
#: serverguide/C/network-auth.xml:3981(para)
17747
#: serverguide/C/network-auth.xml:3983(para)
17749
17748
msgid ""
17750
17749
"This guide does not explain Active Directory, how it works, how to set one "
17751
17750
"up, or how to maintain it. It may not provide “best practices” for your "
17752
17751
"environment."
17753
17752
msgstr ""
17754
17753
17755
#: serverguide/C/network-auth.xml:3983(para)
17754
#: serverguide/C/network-auth.xml:3985(para)
17756
17755
msgid ""
17757
17756
"This guide assumes that a working Active Directory domain is already "
17758
17757
"configured."
17759
17758
msgstr ""
17760
17759
17761
#: serverguide/C/network-auth.xml:3985(para)
17760
#: serverguide/C/network-auth.xml:3987(para)
17762
17761
msgid ""
17763
17762
"The domain controller is acting as an authoritative DNS server for the "
17764
17763
"domain."
17765
17764
msgstr ""
17766
17765
17767
#: serverguide/C/network-auth.xml:3987(para)
17766
#: serverguide/C/network-auth.xml:3989(para)
17768
17767
msgid ""
17769
17768
"The domain controller is the primary DNS resolver as specified in "
17770
17769
"<filename>/etc/resolv.conf</filename>."
17771
17770
msgstr ""
17772
17771
17773
#: serverguide/C/network-auth.xml:3990(para)
17772
#: serverguide/C/network-auth.xml:3992(para)
17774
17773
msgid ""
17775
17774
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17776
17775
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17777
17776
"(see Resources section for external links)."
17778
17777
msgstr ""
17779
17778
17780
#: serverguide/C/network-auth.xml:3992(para)
17779
#: serverguide/C/network-auth.xml:3994(para)
17781
17780
msgid ""
17782
17781
"System time is synchronized on the domain controller (necessary for "
17783
17782
"Kerberos)."
17784
17783
msgstr ""
17785
17784
17786
#: serverguide/C/network-auth.xml:3994(para)
17785
#: serverguide/C/network-auth.xml:3996(para)
17787
17786
msgid ""
17788
17787
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17789
17788
"."
17790
17789
msgstr ""
17791
17790
17792
#: serverguide/C/network-auth.xml:3999(para)
17791
#: serverguide/C/network-auth.xml:4001(para)
17793
17792
msgid ""
17794
17793
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17795
17794
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17798
17797
"controllers are needed for this step."
17799
17798
msgstr ""
17800
17799
17801
#: serverguide/C/network-auth.xml:4000(para)
17800
#: serverguide/C/network-auth.xml:4002(para)
17802
17801
msgid "Install these packages now."
17803
17802
msgstr ""
17804
17803
17805
#: serverguide/C/network-auth.xml:4002(command)
17804
#: serverguide/C/network-auth.xml:4004(command)
17806
17805
msgid "sudo apt-get install krb5-user samba sssd ntp"
17807
17806
msgstr ""
17808
17807
17809
#: serverguide/C/network-auth.xml:4003(para)
17808
#: serverguide/C/network-auth.xml:4005(para)
17810
17809
msgid ""
17811
17810
"See the next section for the answers to the questions asked by the "
17812
17811
"<emphasis>krb5-user</emphasis> postinstall script."
17813
17812
msgstr ""
17814
17813
17815
#: serverguide/C/network-auth.xml:4006(title)
17814
#: serverguide/C/network-auth.xml:4008(title)
17816
17815
msgid "Kerberos Configuration"
17817
17816
msgstr ""
17818
17817
17819
#: serverguide/C/network-auth.xml:4007(para)
17818
#: serverguide/C/network-auth.xml:4009(para)
17820
17819
msgid ""
17821
17820
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17822
17821
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17826
17825
"not, then both are needed."
17827
17826
msgstr ""
17828
17827
17829
#: serverguide/C/network-auth.xml:4008(para)
17828
#: serverguide/C/network-auth.xml:4010(para)
17830
17829
msgid ""
17831
17830
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17832
17831
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17833
17832
msgstr ""
17834
17833
17835
#: serverguide/C/network-auth.xml:4011(para)
17834
#: serverguide/C/network-auth.xml:4013(para)
17836
17835
msgid ""
17837
17836
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17838
17837
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17839
17838
"as defaults):"
17840
17839
msgstr ""
17841
17840
17842
#: serverguide/C/network-auth.xml:4012(programlisting)
17841
#: serverguide/C/network-auth.xml:4014(programlisting)
17843
17842
#, no-wrap
17844
17843
msgid ""
17845
17844
"\n"
17851
17850
"\t\t"
17852
17851
msgstr ""
17853
17852
17854
#: serverguide/C/network-auth.xml:4020(para)
17853
#: serverguide/C/network-auth.xml:4022(para)
17855
17854
msgid ""
17856
17855
"If default_realm is not specified, it may be necessary to log in with "
17857
17856
"“username@domain” instead of “username”."
17858
17857
msgstr ""
17859
17858
17860
#: serverguide/C/network-auth.xml:4022(para)
17859
#: serverguide/C/network-auth.xml:4024(para)
17861
17860
msgid ""
17862
17861
"The system time on the Active Directory member needs to be consistent with "
17863
17862
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17865
17864
"<filename>/etc/ntp.conf</filename>:"
17866
17865
msgstr ""
17867
17866
17868
#: serverguide/C/network-auth.xml:4024(programlisting)
17867
#: serverguide/C/network-auth.xml:4026(programlisting)
17869
17868
#, no-wrap
17870
17869
msgid ""
17871
17870
"\n"
17872
17871
"server dc.myubuntu.example.com\n"
17873
17872
msgstr ""
17874
17873
17875
#: serverguide/C/network-auth.xml:4031(para)
17874
#: serverguide/C/network-auth.xml:4033(para)
17876
17875
msgid ""
17877
17876
"Samba will be used to perform netbios/nmbd services related to Active "
17878
17877
"Directory authentication, even if no file shares are exported. Edit the file "
17880
17879
"<emphasis>[global]</emphasis> section:"
17881
17880
msgstr ""
17882
17881
17883
#: serverguide/C/network-auth.xml:4033(programlisting)
17882
#: serverguide/C/network-auth.xml:4035(programlisting)
17884
17883
#, no-wrap
17885
17884
msgid ""
17886
17885
"\n"
17894
17893
"security = ads\n"
17895
17894
msgstr ""
17896
17895
17897
#: serverguide/C/network-auth.xml:4044(para)
17896
#: serverguide/C/network-auth.xml:4046(para)
17898
17897
msgid ""
17899
17898
"Some guides specify that \"password server\" should be specified and pointed "
17900
17899
"to the domain controller. This is only necessary if DNS is not properly set "
17902
17901
"server\" is specified with \"security = ads\"."
17903
17902
msgstr ""
17904
17903
17905
#: serverguide/C/network-auth.xml:4049(title)
17904
#: serverguide/C/network-auth.xml:4051(title)
17906
17905
msgid "SSSD Configuration"
17907
17906
msgstr ""
17908
17907
17909
#: serverguide/C/network-auth.xml:4051(para)
17908
#: serverguide/C/network-auth.xml:4053(para)
17910
17909
msgid ""
17911
17910
"There is no default/example config file for "
17912
17911
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17913
17912
"necessary to create one. This is a minimal working config file:"
17914
17913
msgstr ""
17915
17914
17916
#: serverguide/C/network-auth.xml:4053(programlisting)
17915
#: serverguide/C/network-auth.xml:4055(programlisting)
17917
17916
#, no-wrap
17918
17917
msgid ""
17919
17918
"\n"
17945
17944
"# enumerate = true\n"
17946
17945
msgstr ""
17947
17946
17948
#: serverguide/C/network-auth.xml:4080(para)
17947
#: serverguide/C/network-auth.xml:4082(para)
17949
17948
msgid ""
17950
17949
"After saving this file, set the ownership to root and the file permissions "
17951
17950
"to 600:"
17952
17951
msgstr ""
17953
17952
17954
#: serverguide/C/network-auth.xml:4081(command)
17953
#: serverguide/C/network-auth.xml:4083(command)
17955
17954
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17956
17955
msgstr ""
17957
17956
17958
#: serverguide/C/network-auth.xml:4082(command)
17957
#: serverguide/C/network-auth.xml:4084(command)
17959
17958
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17960
17959
msgstr ""
17961
17960
17962
#: serverguide/C/network-auth.xml:4084(para)
17961
#: serverguide/C/network-auth.xml:4086(para)
17963
17962
msgid ""
17964
17963
"If the ownership or permissions are not correct, sssd will refuse to start."
17965
17964
msgstr ""
17966
17965
17967
#: serverguide/C/network-auth.xml:4088(title)
17966
#: serverguide/C/network-auth.xml:4090(title)
17968
17967
msgid "Verify nsswitch.conf Configuration"
17969
17968
msgstr ""
17970
17969
17971
#: serverguide/C/network-auth.xml:4089(para)
17970
#: serverguide/C/network-auth.xml:4091(para)
17972
17971
msgid ""
17973
17972
"The post-install script for the sssd package makes some modifications to "
17974
17973
"/etc/nsswitch.conf automatically. It should look something like this:"
17975
17974
msgstr ""
17976
17975
17977
#: serverguide/C/network-auth.xml:4091(programlisting)
17976
#: serverguide/C/network-auth.xml:4093(programlisting)
17978
17977
#, no-wrap
17979
17978
msgid ""
17980
17979
"\n"
17985
17984
"sudoers: files sss\n"
17986
17985
msgstr ""
17987
17986
17988
#: serverguide/C/network-auth.xml:4101(title)
17987
#: serverguide/C/network-auth.xml:4103(title)
17989
17988
msgid "Modify /etc/hosts"
17990
17989
msgstr ""
17991
17990
17992
#: serverguide/C/network-auth.xml:4102(para)
17991
#: serverguide/C/network-auth.xml:4104(para)
17993
17992
msgid ""
17994
17993
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17995
17994
"example:"
17996
17995
msgstr ""
17997
17996
17998
#: serverguide/C/network-auth.xml:4103(programlisting)
17997
#: serverguide/C/network-auth.xml:4105(programlisting)
17999
17998
#, no-wrap
18000
17999
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18001
18000
msgstr ""
18002
18001
18003
#: serverguide/C/network-auth.xml:4105(para)
18002
#: serverguide/C/network-auth.xml:4107(para)
18004
18003
msgid "This is useful in conjunction with dynamic DNS updates."
18005
18004
msgstr ""
18006
18005
18007
#: serverguide/C/network-auth.xml:4109(title)
18006
#: serverguide/C/network-auth.xml:4111(title)
18008
18007
msgid "Join the Active Directory"
18009
18008
msgstr ""
18010
18009
18011
#: serverguide/C/network-auth.xml:4110(para)
18010
#: serverguide/C/network-auth.xml:4112(para)
18012
18011
msgid "Now, restart ntp and samba and start sssd."
18013
18012
msgstr ""
18014
18013
18015
#: serverguide/C/virtualization.xml:2208(command)
18014
#: serverguide/C/network-auth.xml:4113(command)
18016
18015
msgid "sudo service ntp restart"
18017
18016
msgstr ""
18018
18017
18019
#: serverguide/C/network-auth.xml:4114(command)
18018
#: serverguide/C/network-auth.xml:4116(command)
18020
18019
msgid "sudo start sssd"
18021
18020
msgstr ""
18022
18021
18023
#: serverguide/C/network-auth.xml:4116(para)
18022
#: serverguide/C/network-auth.xml:4118(para)
18024
18023
msgid "Test the configuration by obtaining a Kerberos ticket:"
18025
18024
msgstr ""
18026
18025
18027
#: serverguide/C/network-auth.xml:4118(command)
18026
#: serverguide/C/network-auth.xml:4120(command)
18028
18027
msgid "sudo kinit Administrator"
18029
18028
msgstr ""
18030
18029
18031
#: serverguide/C/network-auth.xml:4120(para)
18030
#: serverguide/C/network-auth.xml:4122(para)
18032
18031
msgid "Verify the ticket with:"
18033
18032
msgstr ""
18034
18033
18035
#: serverguide/C/network-auth.xml:4121(command)
18034
#: serverguide/C/network-auth.xml:4123(command)
18036
18035
msgid "sudo klist"
18037
18036
msgstr ""
18038
18037
18039
#: serverguide/C/network-auth.xml:4123(para)
18038
#: serverguide/C/network-auth.xml:4125(para)
18040
18039
msgid ""
18041
18040
"If there is a ticket with an expiration date listed, then it is time to join "
18042
18041
"the domain:"
18043
18042
msgstr ""
18044
18043
18045
#: serverguide/C/network-auth.xml:4125(command)
18044
#: serverguide/C/network-auth.xml:4127(command)
18046
18045
msgid "sudo net ads join -k"
18047
18046
msgstr ""
18048
18047
18049
#: serverguide/C/network-auth.xml:4127(para)
18048
#: serverguide/C/network-auth.xml:4129(para)
18050
18049
msgid ""
18051
18050
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18052
18051
"probably means that there is no (correct) alias in "
18056
18055
"\"Modify /etc/hosts\" above."
18057
18056
msgstr ""
18058
18057
18059
#: serverguide/C/network-auth.xml:4129(para)
18058
#: serverguide/C/network-auth.xml:4131(para)
18060
18059
msgid ""
18061
18060
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18062
18061
"something is incorrect. Review the prior steps before proceeding)."
18063
18062
msgstr ""
18064
18063
18065
#: serverguide/C/network-auth.xml:4131(para)
18064
#: serverguide/C/network-auth.xml:4133(para)
18066
18065
msgid ""
18067
18066
"Here are a couple of (optional) checks to verify that the domain join was "
18068
18067
"successful. Note that if the domain was successfully joined but one or both "
18070
18069
"Some of the changes appear to be asynchronous."
18071
18070
msgstr ""
18072
18071
18073
#: serverguide/C/network-auth.xml:4133(para)
18072
#: serverguide/C/network-auth.xml:4135(para)
18074
18073
msgid "Verification option #1:"
18075
18074
msgstr ""
18076
18075
18077
#: serverguide/C/network-auth.xml:4134(para)
18076
#: serverguide/C/network-auth.xml:4136(para)
18078
18077
msgid ""
18079
18078
"Check the default Organizational Unit for computer accounts in the Active "
18080
18079
"Directory to verify that the computer account was created. (Organizational "
18081
18080
"Units in Active Directory is a topic outside the scope of this guide)."
18082
18081
msgstr ""
18083
18082
18084
#: serverguide/C/network-auth.xml:4136(para)
18083
#: serverguide/C/network-auth.xml:4138(para)
18085
18084
msgid "Verification option #2"
18086
18085
msgstr ""
18087
18086
18088
#: serverguide/C/network-auth.xml:4137(para)
18087
#: serverguide/C/network-auth.xml:4139(para)
18089
18088
msgid "Execute this command for a specific AD user (e.g. administrator)"
18090
18089
msgstr ""
18091
18090
18092
#: serverguide/C/network-auth.xml:4138(command)
18091
#: serverguide/C/network-auth.xml:4140(command)
18093
18092
msgid "getent passwd username"
18094
18093
msgstr ""
18095
18094
18096
#: serverguide/C/network-auth.xml:4140(para)
18095
#: serverguide/C/network-auth.xml:4142(para)
18097
18096
msgid ""
18098
18097
"If <emphasis>enumerate = true</emphasis> is set in "
18099
18098
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18101
18100
"testing, but is slow and not recommended for production."
18102
18101
msgstr ""
18103
18102
18104
#: serverguide/C/network-auth.xml:4144(title)
18103
#: serverguide/C/network-auth.xml:4146(title)
18105
18104
msgid "Test Authentication"
18106
18105
msgstr ""
18107
18106
18108
#: serverguide/C/network-auth.xml:4145(para)
18107
#: serverguide/C/network-auth.xml:4147(para)
18109
18108
msgid ""
18110
18109
"It should now be possible to authenticate using an Active Directory User's "
18111
18110
"credentials:"
18112
18111
msgstr ""
18113
18112
18114
#: serverguide/C/network-auth.xml:4147(command)
18113
#: serverguide/C/network-auth.xml:4149(command)
18115
18114
msgid "su - username"
18116
18115
msgstr ""
18117
18116
18118
#: serverguide/C/network-auth.xml:4149(para)
18117
#: serverguide/C/network-auth.xml:4151(para)
18119
18118
msgid ""
18120
18119
"If this works, then other login methods (getty, ssh) should also work."
18121
18120
msgstr ""
18122
18121
18123
#: serverguide/C/network-auth.xml:4151(para)
18122
#: serverguide/C/network-auth.xml:4153(para)
18124
18123
msgid ""
18125
18124
"If the computer account was created, indicating that the system was "
18126
18125
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18129
18128
"earlier in this guide."
18130
18129
msgstr ""
18131
18130
18132
#: serverguide/C/network-auth.xml:4155(title)
18131
#: serverguide/C/network-auth.xml:4157(title)
18133
18132
msgid "Home directories with pam_mkhomedir (optional)"
18134
18133
msgstr ""
18135
18134
18136
#: serverguide/C/network-auth.xml:4156(para)
18135
#: serverguide/C/network-auth.xml:4158(para)
18137
18136
msgid ""
18138
18137
"When logging in using an Active Directory user account, it is likely that "
18139
18138
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18142
18141
"after <emphasis>session required pam_unix.so:</emphasis>"
18143
18142
msgstr ""
18144
18143
18145
#: serverguide/C/network-auth.xml:4157(programlisting)
18144
#: serverguide/C/network-auth.xml:4159(programlisting)
18146
18145
#, no-wrap
18147
18146
msgid ""
18148
18147
"\n"
18149
18148
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18150
18149
msgstr ""
18151
18150
18152
#: serverguide/C/network-auth.xml:4161(para)
18151
#: serverguide/C/network-auth.xml:4163(para)
18153
18152
msgid ""
18154
18153
"This may also need <emphasis>override_homedir</emphasis> in "
18155
18154
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18156
18155
"set."
18157
18156
msgstr ""
18158
18157
18159
#: serverguide/C/network-auth.xml:4165(title)
18158
#: serverguide/C/network-auth.xml:4167(title)
18160
18159
msgid "Desktop Ubuntu Authentication"
18161
18160
msgstr ""
18162
18161
18163
#: serverguide/C/network-auth.xml:4166(para)
18162
#: serverguide/C/network-auth.xml:4168(para)
18164
18163
msgid ""
18165
18164
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18166
18165
"Directory accounts. The AD accounts will not show up in the pick list with "
18169
18168
"append the following two lines:"
18170
18169
msgstr ""
18171
18170
18172
#: serverguide/C/network-auth.xml:4168(programlisting)
18171
#: serverguide/C/network-auth.xml:4170(programlisting)
18173
18172
#, no-wrap
18174
18173
msgid ""
18175
18174
"\n"
18177
18176
"greeter-hide-users=true\n"
18178
18177
msgstr ""
18179
18178
18180
#: serverguide/C/network-auth.xml:4173(para)
18179
#: serverguide/C/network-auth.xml:4175(para)
18181
18180
msgid ""
18182
18181
"Reboot to restart lightdm. It should now be possible to log in using a "
18183
18182
"domain account using either <emphasis>username</emphasis> or "
18184
18183
"<emphasis>username/username@domain</emphasis> format."
18185
18184
msgstr ""
18186
18185
18187
#: serverguide/C/network-auth.xml:4179(ulink)
18186
#: serverguide/C/network-auth.xml:4181(ulink)
18188
18187
msgid "SSSD Project"
18189
18188
msgstr ""
18190
18189
18191
#: serverguide/C/network-auth.xml:4180(ulink)
18190
#: serverguide/C/network-auth.xml:4182(ulink)
18192
18191
msgid "DNS Server Configuration guidelines"
18193
18192
msgstr ""
18194
18193
18195
#: serverguide/C/network-auth.xml:4181(ulink)
18194
#: serverguide/C/network-auth.xml:4183(ulink)
18196
18195
msgid "Active Directory DNS Zone Entries"
18197
18196
msgstr ""
18198
18197
18199
#: serverguide/C/network-auth.xml:4182(ulink)
18198
#: serverguide/C/network-auth.xml:4184(ulink)
18200
18199
msgid "Kerberos config options"
18201
18200
msgstr ""
18202
18201
18208
18207
msgid "Attribute"
18209
18208
msgstr ""
18210
18209
18211
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
18210
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18212
18211
msgid "Description"
18213
18212
msgstr ""
18214
18213
18342
18341
"levels are between 0 and 6. The default value is 2."
18343
18342
msgstr ""
18344
18343
18345
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
18344
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18346
18345
msgid "path_selector"
18347
18346
msgstr ""
18348
18347
18377
18376
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
18378
18377
msgstr ""
18379
18378
18380
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
18379
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18381
18380
msgid "path_grouping_policy"
18382
18381
msgstr ""
18383
18382
18420
18419
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
18421
18420
msgstr ""
18422
18421
18423
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
18422
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18424
18423
msgid "getuid_callout"
18425
18424
msgstr ""
18426
18425
18436
18435
"path identifier. An absolute path is required. <placeholder-1/>"
18437
18436
msgstr ""
18438
18437
18439
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
18438
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18440
18439
msgid "prio"
18441
18440
msgstr ""
18442
18441
18492
18491
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
18493
18492
msgstr ""
18494
18493
18495
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
18494
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18496
18495
msgid "prio_args"
18497
18496
msgstr ""
18498
18497
18504
18503
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
18505
18504
msgstr ""
18506
18505
18507
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
18506
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18508
18507
msgid "features"
18509
18508
msgstr ""
18510
18509
18512
18511
msgid "queue_if_no_path"
18513
18512
msgstr ""
18514
18513
18515
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
18514
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18516
18515
msgid "no_path_retry"
18517
18516
msgstr ""
18518
18517
18532
18531
"feature, see Section, <placeholder-4/>."
18533
18532
msgstr ""
18534
18533
18535
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
18534
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18536
18535
msgid "path_checker"
18537
18536
msgstr ""
18538
18537
18582
18581
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18583
18582
msgstr ""
18584
18583
18585
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18584
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18586
18585
msgid "failback"
18587
18586
msgstr ""
18588
18587
18613
18612
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18614
18613
msgstr ""
18615
18614
18616
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18615
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18617
18616
msgid "rr_min_io"
18618
18617
msgstr ""
18619
18618
18627
18626
"the next path in the current path group.<placeholder-1/>"
18628
18627
msgstr ""
18629
18628
18630
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18629
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18631
18630
msgid "rr_weight"
18632
18631
msgstr ""
18633
18632
18681
18680
msgid "alias"
18682
18681
msgstr ""
18683
18682
18684
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
18683
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
18685
18684
msgid "multipath"
18686
18685
msgstr ""
18687
18686
18718
18717
"devices when it is shut down. <placeholder-2/>"
18719
18718
msgstr ""
18720
18719
18721
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
18720
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
18722
18721
msgid "flush_on_last_del"
18723
18722
msgstr ""
18724
18723
18764
18763
"explicit timeout, in seconds. <placeholder-1/>"
18765
18764
msgstr ""
18766
18765
18767
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
18766
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
18768
18767
msgid "fast_io_fail_tmo"
18769
18768
msgstr ""
18770
18769
18780
18779
"this to off will disable the timeout. <placeholder-1/>"
18781
18780
msgstr ""
18782
18781
18783
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
18782
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
18784
18783
msgid "dev_loss_tmo"
18785
18784
msgstr ""
18786
18785
19462
19461
"IMAP server."
19463
19462
msgstr ""
19464
19463
19465
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
19464
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1577(title)
19466
19465
msgid "Postfix"
19467
19466
msgstr ""
19468
19467
19585
19584
"your Mail Delivery Agent (MDA) to use the same path."
19586
19585
msgstr ""
19587
19586
19588
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19587
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19589
19588
msgid "SMTP Authentication"
19590
19589
msgstr ""
19591
19590
19736
19735
"tls_random_source = dev:/dev/urandom\n"
19737
19736
msgstr ""
19738
19737
19739
#: serverguide/C/mail.xml:188(para)
19738
#: serverguide/C/mail.xml:229(para)
19740
19739
msgid ""
19741
19740
"The postfix initial configuration is complete. Run the following command to "
19742
19741
"restart the postfix daemon:"
19746
19745
msgid "sudo service postfix restart"
19747
19746
msgstr ""
19748
19747
19749
#: serverguide/C/mail.xml:197(para)
19748
#: serverguide/C/mail.xml:238(para)
19750
19749
msgid ""
19751
19750
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
19752
19751
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
19755
19754
"AUTH."
19756
19755
msgstr ""
19757
19756
19758
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
19757
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
19759
19758
msgid "Configuring SASL"
19760
19759
msgstr ""
19761
19760
19762
#: serverguide/C/mail.xml:208(para)
19761
#: serverguide/C/mail.xml:249(para)
19763
19762
msgid ""
19764
19763
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
19765
19764
"enable Dovecot SASL the <application>dovecot-common</application> package "
19766
19765
"will need to be installed. From a terminal prompt enter the following:"
19767
19766
msgstr ""
19768
19767
19769
#: serverguide/C/mail.xml:214(command)
19768
#: serverguide/C/mail.xml:255(command)
19770
19769
msgid "sudo apt-get install dovecot-common"
19771
19770
msgstr ""
19772
19771
19828
19827
"auth_mechanisms = plain login\n"
19829
19828
msgstr ""
19830
19829
19831
#: serverguide/C/mail.xml:253(para)
19830
#: serverguide/C/mail.xml:298(para)
19832
19831
msgid ""
19833
19832
"Once you have <application>Dovecot</application> configured restart it with:"
19834
19833
msgstr ""
19837
19836
msgid "sudo service dovecot restart"
19838
19837
msgstr ""
19839
19838
19840
#: serverguide/C/mail.xml:262(title)
19839
#: serverguide/C/mail.xml:307(title)
19841
19840
msgid "Mail-Stack Delivery"
19842
19841
msgstr ""
19843
19842
19844
#: serverguide/C/mail.xml:264(para)
19843
#: serverguide/C/mail.xml:309(para)
19845
19844
msgid ""
19846
19845
"Another option for configuring <application>Postfix</application> for SMTP-"
19847
19846
"AUTH is using the <application>mail-stack-delivery</application> package "
19852
19851
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
19853
19852
msgstr ""
19854
19853
19855
#: serverguide/C/mail.xml:274(para)
19854
#: serverguide/C/mail.xml:319(para)
19856
19855
msgid ""
19857
19856
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
19858
19857
"server. For example, if you are configuring your server to be a mail "
19860
19859
"the above commands to configure Postfix for SMTP-AUTH."
19861
19860
msgstr ""
19862
19861
19863
#: serverguide/C/mail.xml:281(para)
19862
#: serverguide/C/mail.xml:326(para)
19864
19863
msgid "To install the package, from a terminal prompt enter:"
19865
19864
msgstr ""
19866
19865
19867
#: serverguide/C/mail.xml:286(command)
19866
#: serverguide/C/mail.xml:331(command)
19868
19867
msgid "sudo apt-get install mail-stack-delivery"
19869
19868
msgstr ""
19870
19869
19871
#: serverguide/C/mail.xml:289(para)
19870
#: serverguide/C/mail.xml:334(para)
19872
19871
msgid ""
19873
19872
"You should now have a working mail server, but there are a few options that "
19874
19873
"you may wish to further customize. For example, the package uses the "
19878
19877
"for more details."
19879
19878
msgstr ""
19880
19879
19881
#: serverguide/C/mail.xml:295(para)
19880
#: serverguide/C/mail.xml:340(para)
19882
19881
msgid ""
19883
19882
"Once you have a customized certificate and key for the host, change the "
19884
19883
"following options in <filename>/etc/postfix/main.cf</filename>:"
19885
19884
msgstr ""
19886
19885
19887
#: serverguide/C/mail.xml:299(programlisting)
19886
#: serverguide/C/mail.xml:344(programlisting)
19888
19887
#, no-wrap
19889
19888
msgid ""
19890
19889
"\n"
19892
19891
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
19893
19892
msgstr ""
19894
19893
19895
#: serverguide/C/mail.xml:304(para)
19894
#: serverguide/C/mail.xml:349(para)
19896
19895
msgid "Then restart Postfix:"
19897
19896
msgstr ""
19898
19897
19899
#: serverguide/C/mail.xml:315(para)
19898
#: serverguide/C/mail.xml:360(para)
19900
19899
msgid ""
19901
19900
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
19902
19901
msgstr ""
19903
19902
19904
#: serverguide/C/mail.xml:318(para)
19903
#: serverguide/C/mail.xml:363(para)
19905
19904
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
19906
19905
msgstr ""
19907
19906
19908
#: serverguide/C/mail.xml:323(command)
19907
#: serverguide/C/mail.xml:368(command)
19909
19908
msgid "telnet mail.example.com 25"
19910
19909
msgstr ""
19911
19910
19912
#: serverguide/C/mail.xml:325(para)
19911
#: serverguide/C/mail.xml:370(para)
19913
19912
msgid ""
19914
19913
"After you have established the connection to the postfix mail server, type:"
19915
19914
msgstr ""
19916
19915
19917
#: serverguide/C/mail.xml:329(screen)
19916
#: serverguide/C/mail.xml:374(screen)
19918
19917
#, no-wrap
19919
19918
msgid ""
19920
19919
"\n"
19921
19920
"ehlo mail.example.com\n"
19922
19921
msgstr ""
19923
19922
19924
#: serverguide/C/mail.xml:332(para)
19923
#: serverguide/C/mail.xml:377(para)
19925
19924
msgid ""
19926
19925
"If you see the following lines among others, then everything is working "
19927
19926
"perfectly. Type <command>quit</command> to exit."
19928
19927
msgstr ""
19929
19928
19930
#: serverguide/C/mail.xml:336(programlisting)
19929
#: serverguide/C/mail.xml:381(programlisting)
19931
19930
#, no-wrap
19932
19931
msgid ""
19933
19932
"\n"
19937
19936
"250 8BITMIME\n"
19938
19937
msgstr ""
19939
19938
19940
#: serverguide/C/mail.xml:346(para)
19939
#: serverguide/C/mail.xml:391(para)
19941
19940
msgid ""
19942
19941
"This section introduces some common ways to determine the cause if problems "
19943
19942
"arise."
19944
19943
msgstr ""
19945
19944
19946
#: serverguide/C/mail.xml:350(title)
19945
#: serverguide/C/mail.xml:395(title)
19947
19946
msgid "Escaping chroot"
19948
19947
msgstr ""
19949
19948
19950
#: serverguide/C/mail.xml:351(para)
19949
#: serverguide/C/mail.xml:396(para)
19951
19950
msgid ""
19952
19951
"The Ubuntu <application>postfix</application> package will by default "
19953
19952
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
19954
19953
"This can add greater complexity when troubleshooting problems."
19955
19954
msgstr ""
19956
19955
19957
#: serverguide/C/mail.xml:355(para)
19956
#: serverguide/C/mail.xml:400(para)
19958
19957
msgid ""
19959
19958
"To turn off the chroot operation locate for the following line in the "
19960
19959
"<filename>/etc/postfix/master.cf</filename> configuration file:"
19961
19960
msgstr ""
19962
19961
19963
#: serverguide/C/mail.xml:359(screen)
19962
#: serverguide/C/mail.xml:404(screen)
19964
19963
#, no-wrap
19965
19964
msgid ""
19966
19965
"\n"
19967
19966
"smtp inet n - - - - smtpd\n"
19968
19967
msgstr ""
19969
19968
19970
#: serverguide/C/mail.xml:362(para)
19969
#: serverguide/C/mail.xml:407(para)
19971
19970
msgid "and modify it as follows:"
19972
19971
msgstr ""
19973
19972
19974
#: serverguide/C/mail.xml:365(screen)
19973
#: serverguide/C/mail.xml:410(screen)
19975
19974
#, no-wrap
19976
19975
msgid ""
19977
19976
"\n"
19978
19977
"smtp inet n - n - - smtpd\n"
19979
19978
msgstr ""
19980
19979
19981
#: serverguide/C/mail.xml:368(para)
19980
#: serverguide/C/mail.xml:413(para)
19982
19981
msgid ""
19983
19982
"You will then need to restart Postfix to use the new configuration. From a "
19984
19983
"terminal prompt enter:"
20006
20005
"\t "
20007
20006
msgstr ""
20008
20007
20009
#: serverguide/C/mail.xml:376(title)
20008
#: serverguide/C/mail.xml:434(title)
20010
20009
msgid "Log Files"
20011
20010
msgstr ""
20012
20011
20013
#: serverguide/C/mail.xml:377(para)
20012
#: serverguide/C/mail.xml:435(para)
20014
20013
msgid ""
20015
20014
"<application>Postfix</application> sends all log messages to "
20016
20015
"<filename>/var/log/mail.log</filename>. However error and warning messages "
20019
20018
"<filename>/var/log/mail.warn</filename> respectively."
20020
20019
msgstr ""
20021
20020
20022
#: serverguide/C/mail.xml:382(para)
20021
#: serverguide/C/mail.xml:440(para)
20023
20022
msgid ""
20024
20023
"To see messages entered into the logs in real time you can use the "
20025
20024
"<application>tail -f</application> command:"
20026
20025
msgstr ""
20027
20026
20028
#: serverguide/C/mail.xml:387(command)
20027
#: serverguide/C/mail.xml:445(command)
20029
20028
msgid "tail -f /var/log/mail.err"
20030
20029
msgstr ""
20031
20030
20032
#: serverguide/C/mail.xml:389(para)
20031
#: serverguide/C/mail.xml:447(para)
20033
20032
msgid ""
20034
20033
"The amount of detail that is recorded in the logs can be increased. Below "
20035
20034
"are some configuration options for increasing the log level for some of the "
20036
20035
"areas covered above."
20037
20036
msgstr ""
20038
20037
20039
#: serverguide/C/mail.xml:395(para)
20038
#: serverguide/C/mail.xml:453(para)
20040
20039
msgid ""
20041
20040
"To increase <emphasis>TLS</emphasis> activity logging set the "
20042
20041
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20043
20042
msgstr ""
20044
20043
20045
#: serverguide/C/mail.xml:399(command)
20044
#: serverguide/C/mail.xml:457(command)
20046
20045
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20047
20046
msgstr ""
20048
20047
20049
#: serverguide/C/mail.xml:403(para)
20048
#: serverguide/C/mail.xml:461(para)
20050
20049
msgid ""
20051
20050
"If you are having trouble sending or receiving mail from a specific domain "
20052
20051
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20053
20052
msgstr ""
20054
20053
20055
#: serverguide/C/mail.xml:408(command)
20054
#: serverguide/C/mail.xml:466(command)
20056
20055
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20057
20056
msgstr ""
20058
20057
20059
#: serverguide/C/mail.xml:412(para)
20058
#: serverguide/C/mail.xml:470(para)
20060
20059
msgid ""
20061
20060
"You can increase the verbosity of any <application>Postfix</application> "
20062
20061
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20064
20063
"<emphasis>smtp</emphasis> entry:"
20065
20064
msgstr ""
20066
20065
20067
#: serverguide/C/mail.xml:416(programlisting)
20066
#: serverguide/C/mail.xml:474(programlisting)
20068
20067
#, no-wrap
20069
20068
msgid ""
20070
20069
"\n"
20086
20085
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
20087
20086
msgstr ""
20088
20087
20089
#: serverguide/C/mail.xml:433(programlisting)
20088
#: serverguide/C/mail.xml:491(programlisting)
20090
20089
#, no-wrap
20091
20090
msgid ""
20092
20091
"\n"
20101
20100
"reloaded: <command>sudo service dovecot reload</command>."
20102
20101
msgstr ""
20103
20102
20104
#: serverguide/C/mail.xml:446(para)
20103
#: serverguide/C/mail.xml:504(para)
20105
20104
msgid ""
20106
20105
"Some of the options above can drastically increase the amount of information "
20107
20106
"sent to the log files. Remember to return the log level back to normal after "
20109
20108
"new configuration to take affect."
20110
20109
msgstr ""
20111
20110
20112
#: serverguide/C/mail.xml:454(para)
20111
#: serverguide/C/mail.xml:512(para)
20113
20112
msgid ""
20114
20113
"Administering a <application>Postfix</application> server can be a very "
20115
20114
"complicated task. At some point you may need to turn to the Ubuntu community "
20116
20115
"for more experienced help."
20117
20116
msgstr ""
20118
20117
20119
#: serverguide/C/mail.xml:458(para)
20118
#: serverguide/C/mail.xml:516(para)
20120
20119
msgid ""
20121
20120
"A great place to ask for <application>Postfix</application> assistance, and "
20122
20121
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20126
20125
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
20127
20126
msgstr ""
20128
20127
20129
#: serverguide/C/mail.xml:463(para)
20128
#: serverguide/C/mail.xml:521(para)
20130
20129
msgid ""
20131
20130
"For in depth <application>Postfix</application> information Ubuntu "
20132
20131
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
20133
20132
"Book of Postfix</ulink>."
20134
20133
msgstr ""
20135
20134
20136
#: serverguide/C/mail.xml:467(para)
20135
#: serverguide/C/mail.xml:525(para)
20137
20136
msgid ""
20138
20137
"Finally, the <ulink "
20139
20138
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
20147
20146
"Wiki Postfix</ulink> page has more information."
20148
20147
msgstr ""
20149
20148
20150
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
20149
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20151
20150
msgid "Exim4"
20152
20151
msgstr ""
20153
20152
20154
#: serverguide/C/mail.xml:480(para)
20153
#: serverguide/C/mail.xml:538(para)
20155
20154
msgid ""
20156
20155
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
20157
20156
"developed at the University of Cambridge for use on Unix systems connected "
20161
20160
"<application>sendmail</application>."
20162
20161
msgstr ""
20163
20162
20164
#: serverguide/C/mail.xml:491(para)
20163
#: serverguide/C/mail.xml:549(para)
20165
20164
msgid ""
20166
20165
"To install <application>exim4</application>, run the following command: "
20167
20166
"<screen>\n"
20169
20168
"</screen>"
20170
20169
msgstr ""
20171
20170
20172
#: serverguide/C/mail.xml:500(para)
20171
#: serverguide/C/mail.xml:558(para)
20173
20172
msgid ""
20174
20173
"To configure <application>Exim4</application>, run the following command:"
20175
20174
msgstr ""
20176
20175
20177
#: serverguide/C/mail.xml:504(command)
20176
#: serverguide/C/mail.xml:562(command)
20178
20177
msgid "sudo dpkg-reconfigure exim4-config"
20179
20178
msgstr ""
20180
20179
20181
#: serverguide/C/mail.xml:506(para)
20180
#: serverguide/C/mail.xml:564(para)
20182
20181
msgid ""
20183
20182
"The user interface will be displayed. The user interface lets you configure "
20184
20183
"many parameters. For example, In <application>Exim4</application> the "
20186
20185
"in one file you can configure accordingly in this user interface."
20187
20186
msgstr ""
20188
20187
20189
#: serverguide/C/mail.xml:514(para)
20188
#: serverguide/C/mail.xml:572(para)
20190
20189
msgid ""
20191
20190
"All the parameters you configure in the user interface are stored in "
20192
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20193
"configure, either you re-run the configuration wizard or manually edit this "
20194
"file using your favorite editor. Once you configure, you can run the "
20191
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20192
"re-configure, either you re-run the configuration wizard or manually edit "
20193
"this file using your favorite editor. Once you configure, you can run the "
20195
20194
"following command to generate the master configuration file:"
20196
20195
msgstr ""
20197
20196
20198
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20197
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20199
20198
msgid "sudo update-exim4.conf"
20200
20199
msgstr ""
20201
20200
20202
#: serverguide/C/mail.xml:527(para)
20201
#: serverguide/C/mail.xml:585(para)
20203
20202
msgid ""
20204
20203
"The master configuration file, is generated and it is stored in "
20205
20204
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20206
20205
msgstr ""
20207
20206
20208
#: serverguide/C/mail.xml:533(para)
20207
#: serverguide/C/mail.xml:591(para)
20209
20208
msgid ""
20210
20209
"At any time, you should not edit the master configuration file, "
20211
20210
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20212
20211
"updated automatically every time you run <command>update-exim4.conf</command>"
20213
20212
msgstr ""
20214
20213
20215
#: serverguide/C/mail.xml:541(para)
20214
#: serverguide/C/mail.xml:599(para)
20216
20215
msgid ""
20217
20216
"You can run the following command to start <application>Exim4</application> "
20218
20217
"daemon."
20222
20221
msgid "sudo service exim4 start"
20223
20222
msgstr ""
20224
20223
20225
#: serverguide/C/mail.xml:551(para)
20224
#: serverguide/C/mail.xml:609(para)
20226
20225
msgid ""
20227
20226
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
20228
20227
msgstr ""
20229
20228
20230
#: serverguide/C/mail.xml:554(para)
20229
#: serverguide/C/mail.xml:612(para)
20231
20230
msgid ""
20232
20231
"The first step is to create a certificate for use with TLS. Enter the "
20233
20232
"following into a terminal prompt:"
20234
20233
msgstr ""
20235
20234
20236
#: serverguide/C/mail.xml:558(command)
20235
#: serverguide/C/mail.xml:616(command)
20237
20236
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20238
20237
msgstr ""
20239
20238
20240
#: serverguide/C/mail.xml:560(para)
20239
#: serverguide/C/mail.xml:618(para)
20241
20240
msgid ""
20242
20241
"Now Exim4 needs to be configured for TLS by editing "
20243
20242
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
20244
20243
"the following:"
20245
20244
msgstr ""
20246
20245
20247
#: serverguide/C/mail.xml:564(programlisting)
20246
#: serverguide/C/mail.xml:622(programlisting)
20248
20247
#, no-wrap
20249
20248
msgid ""
20250
20249
"\n"
20251
20250
"MAIN_TLS_ENABLE = yes\n"
20252
20251
msgstr ""
20253
20252
20254
#: serverguide/C/mail.xml:567(para)
20253
#: serverguide/C/mail.xml:625(para)
20255
20254
msgid ""
20256
20255
"Next you need to configure <application>Exim4</application> to use the "
20257
20256
"<application>saslauthd</application> for authentication. Edit "
20260
20259
"<emphasis>login_saslauthd_server</emphasis> sections:"
20261
20260
msgstr ""
20262
20261
20263
#: serverguide/C/mail.xml:572(programlisting)
20262
#: serverguide/C/mail.xml:630(programlisting)
20264
20263
#, no-wrap
20265
20264
msgid ""
20266
20265
"\n"
20286
20285
" .endif\n"
20287
20286
msgstr ""
20288
20287
20289
#: serverguide/C/mail.xml:594(para)
20288
#: serverguide/C/mail.xml:652(para)
20290
20289
msgid ""
20291
20290
"Additionally, in order for outside mail client to be able to connect to new "
20292
20291
"exim server, new user needs to be added into exim by using the following "
20297
20296
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
20298
20297
msgstr ""
20299
20298
20300
#: serverguide/C/mail.xml:600(para)
20299
#: serverguide/C/mail.xml:658(para)
20301
20300
msgid ""
20302
20301
"Users should protect the new exim password files with the following commands."
20303
20302
msgstr ""
20304
20303
20305
#: serverguide/C/mail.xml:602(command)
20304
#: serverguide/C/mail.xml:660(command)
20306
20305
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
20307
20306
msgstr ""
20308
20307
20309
#: serverguide/C/mail.xml:603(command)
20308
#: serverguide/C/mail.xml:661(command)
20310
20309
msgid "sudo chmod 640 /etc/exim4/passwd"
20311
20310
msgstr ""
20312
20311
20313
#: serverguide/C/mail.xml:605(para)
20312
#: serverguide/C/mail.xml:663(para)
20314
20313
msgid "Finally, update the Exim4 configuration and restart the service:"
20315
20314
msgstr ""
20316
20315
20318
20317
msgid "sudo service exim4 restart"
20319
20318
msgstr ""
20320
20319
20321
#: serverguide/C/mail.xml:615(para)
20320
#: serverguide/C/mail.xml:673(para)
20322
20321
msgid ""
20323
20322
"This section provides details on configuring the saslauthd to provide "
20324
20323
"authentication for <application>Exim4</application>."
20325
20324
msgstr ""
20326
20325
20327
#: serverguide/C/mail.xml:618(para)
20326
#: serverguide/C/mail.xml:676(para)
20328
20327
msgid ""
20329
20328
"The first step is to install the sasl2-bin package. From a terminal prompt "
20330
20329
"enter the following:"
20331
20330
msgstr ""
20332
20331
20333
#: serverguide/C/mail.xml:622(command)
20332
#: serverguide/C/mail.xml:680(command)
20334
20333
msgid "sudo apt-get install sasl2-bin"
20335
20334
msgstr ""
20336
20335
20337
#: serverguide/C/mail.xml:624(para)
20336
#: serverguide/C/mail.xml:682(para)
20338
20337
msgid ""
20339
20338
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20340
20339
"and set START=no to:"
20341
20340
msgstr ""
20342
20341
20343
#: serverguide/C/mail.xml:630(para)
20342
#: serverguide/C/mail.xml:688(para)
20344
20343
msgid ""
20345
20344
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20346
20345
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20347
20346
"service:"
20348
20347
msgstr ""
20349
20348
20350
#: serverguide/C/mail.xml:635(command)
20349
#: serverguide/C/mail.xml:693(command)
20351
20350
msgid "sudo adduser Debian-exim sasl"
20352
20351
msgstr ""
20353
20352
20354
#: serverguide/C/mail.xml:637(para)
20353
#: serverguide/C/mail.xml:695(para)
20355
20354
msgid "Now start the <application>saslauthd</application> service:"
20356
20355
msgstr ""
20357
20356
20359
20358
msgid "sudo service saslauthd start"
20360
20359
msgstr ""
20361
20360
20362
#: serverguide/C/mail.xml:643(para)
20361
#: serverguide/C/mail.xml:701(para)
20363
20362
msgid ""
20364
20363
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20365
20364
"and SASL authentication."
20366
20365
msgstr ""
20367
20366
20368
#: serverguide/C/mail.xml:652(para)
20367
#: serverguide/C/mail.xml:710(para)
20369
20368
msgid ""
20370
20369
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20371
20370
"information."
20372
20371
msgstr ""
20373
20372
20374
#: serverguide/C/mail.xml:657(para)
20373
#: serverguide/C/mail.xml:715(para)
20375
20374
msgid ""
20376
20375
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20377
20376
"server\">Exim4 Book</ulink> available."
20378
20377
msgstr ""
20379
20378
20380
#: serverguide/C/mail.xml:662(para)
20379
#: serverguide/C/mail.xml:720(para)
20381
20380
msgid ""
20382
20381
"Another resource is the <ulink "
20383
20382
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20384
20383
"page."
20385
20384
msgstr ""
20386
20385
20387
#: serverguide/C/mail.xml:671(title)
20386
#: serverguide/C/mail.xml:729(title)
20388
20387
msgid "Dovecot Server"
20389
20388
msgstr ""
20390
20389
20391
#: serverguide/C/mail.xml:672(para)
20390
#: serverguide/C/mail.xml:730(para)
20392
20391
msgid ""
20393
20392
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20394
20393
"security primarily in mind. It supports the major mailbox formats: mbox or "
20395
20394
"Maildir. This section explain how to set it up as an imap or pop3 server."
20396
20395
msgstr ""
20397
20396
20398
#: serverguide/C/mail.xml:680(para)
20397
#: serverguide/C/mail.xml:738(para)
20399
20398
msgid ""
20400
20399
"To install <application>dovecot</application>, run the following command in "
20401
20400
"the command prompt:"
20402
20401
msgstr ""
20403
20402
20404
#: serverguide/C/mail.xml:685(command)
20403
#: serverguide/C/mail.xml:743(command)
20405
20404
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20406
20405
msgstr ""
20407
20406
20408
#: serverguide/C/mail.xml:690(para)
20407
#: serverguide/C/mail.xml:748(para)
20409
20408
msgid ""
20410
20409
"To configure <application>dovecot</application>, you can edit the file "
20411
20410
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20417
20416
"link>."
20418
20417
msgstr ""
20419
20418
20420
#: serverguide/C/mail.xml:700(para)
20419
#: serverguide/C/mail.xml:758(para)
20421
20420
msgid ""
20422
20421
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
20423
20422
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
20424
20423
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
20425
20424
msgstr ""
20426
20425
20427
#: serverguide/C/mail.xml:706(programlisting)
20426
#: serverguide/C/mail.xml:764(programlisting)
20428
20427
#, no-wrap
20429
20428
msgid ""
20430
20429
"\n"
20449
20448
"following line:"
20450
20449
msgstr ""
20451
20450
20452
#: serverguide/C/mail.xml:722(programlisting)
20451
#: serverguide/C/mail.xml:780(programlisting)
20453
20452
#, no-wrap
20454
20453
msgid ""
20455
20454
"\n"
20458
20457
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
20459
20458
msgstr ""
20460
20459
20461
#: serverguide/C/mail.xml:728(para)
20460
#: serverguide/C/mail.xml:786(para)
20462
20461
msgid ""
20463
20462
"You should configure your Mail Transport Agent (MTA) to transfer the "
20464
20463
"incoming mail to this type of mailbox if it is different from the one you "
20465
20464
"have configured."
20466
20465
msgstr ""
20467
20466
20468
#: serverguide/C/mail.xml:734(para)
20467
#: serverguide/C/mail.xml:792(para)
20469
20468
msgid ""
20470
20469
"Once you have configured dovecot, restart the "
20471
20470
"<application>dovecot</application> daemon in order to test your setup:"
20472
20471
msgstr ""
20473
20472
20474
#: serverguide/C/mail.xml:743(para)
20473
#: serverguide/C/mail.xml:801(para)
20475
20474
msgid ""
20476
20475
"If you have enabled imap, or pop3, you can also try to log in with the "
20477
20476
"commands <command>telnet localhost pop3</command> or <command>telnet "
20479
20478
"installation has been successful:"
20480
20479
msgstr ""
20481
20480
20482
#: serverguide/C/mail.xml:750(programlisting)
20481
#: serverguide/C/mail.xml:808(programlisting)
20483
20482
#, no-wrap
20484
20483
msgid ""
20485
20484
"\n"
20490
20489
"+OK Dovecot ready.\n"
20491
20490
msgstr ""
20492
20491
20493
#: serverguide/C/mail.xml:759(title)
20492
#: serverguide/C/mail.xml:817(title)
20494
20493
msgid "Dovecot SSL Configuration"
20495
20494
msgstr ""
20496
20495
20513
20512
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
20514
20513
msgstr ""
20515
20514
20516
#: serverguide/C/mail.xml:786(title)
20515
#: serverguide/C/mail.xml:845(title)
20517
20516
msgid "Firewall Configuration for an Email Server"
20518
20517
msgstr ""
20519
20518
20520
#: serverguide/C/mail.xml:792(para)
20519
#: serverguide/C/mail.xml:851(para)
20521
20520
msgid "IMAP - 143"
20522
20521
msgstr ""
20523
20522
20524
#: serverguide/C/mail.xml:793(para)
20523
#: serverguide/C/mail.xml:852(para)
20525
20524
msgid "IMAPS - 993"
20526
20525
msgstr ""
20527
20526
20528
#: serverguide/C/mail.xml:794(para)
20527
#: serverguide/C/mail.xml:853(para)
20529
20528
msgid "POP3 - 110"
20530
20529
msgstr ""
20531
20530
20532
#: serverguide/C/mail.xml:795(para)
20531
#: serverguide/C/mail.xml:854(para)
20533
20532
msgid "POP3S - 995"
20534
20533
msgstr ""
20535
20534
20536
#: serverguide/C/mail.xml:787(para)
20535
#: serverguide/C/mail.xml:846(para)
20537
20536
msgid ""
20538
20537
"To access your mail server from another computer, you must configure your "
20539
20538
"firewall to allow connections to the server on the necessary ports. "
20540
20539
"<placeholder-1/>"
20541
20540
msgstr ""
20542
20541
20543
#: serverguide/C/mail.xml:804(para)
20542
#: serverguide/C/mail.xml:863(para)
20544
20543
msgid ""
20545
20544
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20546
20545
"more information."
20547
20546
msgstr ""
20548
20547
20549
#: serverguide/C/mail.xml:809(para)
20548
#: serverguide/C/mail.xml:868(para)
20550
20549
msgid ""
20551
20550
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20552
20551
"Ubuntu Wiki</ulink> page has more details."
20553
20552
msgstr ""
20554
20553
20555
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20554
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20556
20555
msgid "Mailman"
20557
20556
msgstr ""
20558
20557
20559
#: serverguide/C/mail.xml:819(para)
20558
#: serverguide/C/mail.xml:878(para)
20560
20559
msgid ""
20561
20560
"Mailman is an open source program for managing electronic mail discussions "
20562
20561
"and e-newsletter lists. Many open source mailing lists (including all the "
20565
20564
"and maintain."
20566
20565
msgstr ""
20567
20566
20568
#: serverguide/C/mail.xml:829(para)
20567
#: serverguide/C/mail.xml:888(para)
20569
20568
msgid ""
20570
20569
"Mailman provides a web interface for the administrators and users, using an "
20571
20570
"external mail server to send and receive emails. It works perfectly with the "
20572
20571
"following mail servers:"
20573
20572
msgstr ""
20574
20573
20575
#: serverguide/C/mail.xml:840(application)
20574
#: serverguide/C/mail.xml:899(application)
20576
20575
msgid "Exim"
20577
20576
msgstr ""
20578
20577
20579
#: serverguide/C/mail.xml:843(application)
20578
#: serverguide/C/mail.xml:902(application)
20580
20579
msgid "Sendmail"
20581
20580
msgstr ""
20582
20581
20583
#: serverguide/C/mail.xml:846(application)
20582
#: serverguide/C/mail.xml:905(application)
20584
20583
msgid "Qmail"
20585
20584
msgstr ""
20586
20585
20587
#: serverguide/C/mail.xml:851(para)
20586
#: serverguide/C/mail.xml:910(para)
20588
20587
msgid ""
20589
20588
"We will see how to install and configure Mailman with, the Apache web "
20590
20589
"server, and either the Postfix or Exim mail server. If you wish to install "
20591
20590
"Mailman with a different mail server, please refer to the references section."
20592
20591
msgstr ""
20593
20592
20594
#: serverguide/C/mail.xml:858(para)
20593
#: serverguide/C/mail.xml:917(para)
20595
20594
msgid ""
20596
20595
"You only need to install one mail server and "
20597
20596
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20598
20597
msgstr ""
20599
20598
20600
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20599
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20601
20600
msgid "Apache2"
20602
20601
msgstr ""
20603
20602
20604
#: serverguide/C/mail.xml:864(para)
20603
#: serverguide/C/mail.xml:923(para)
20605
20604
msgid ""
20606
20605
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20607
20606
"details."
20608
20607
msgstr ""
20609
20608
20610
#: serverguide/C/mail.xml:870(para)
20609
#: serverguide/C/mail.xml:929(para)
20611
20610
msgid ""
20612
20611
"For instructions on installing and configuring Postfix refer to <xref "
20613
20612
"linkend=\"postfix\"/>"
20614
20613
msgstr ""
20615
20614
20616
#: serverguide/C/mail.xml:876(para)
20615
#: serverguide/C/mail.xml:935(para)
20617
20616
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20618
20617
msgstr ""
20619
20618
20620
#: serverguide/C/mail.xml:879(para)
20619
#: serverguide/C/mail.xml:938(para)
20621
20620
msgid ""
20622
20621
"Once exim4 is installed, the configuration files are stored in the "
20623
20622
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20626
20625
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20627
20626
msgstr ""
20628
20627
20629
#: serverguide/C/mail.xml:886(programlisting)
20628
#: serverguide/C/mail.xml:945(programlisting)
20630
20629
#, no-wrap
20631
20630
msgid ""
20632
20631
"\n"
20633
20632
"dc_use_split_config='true'\n"
20634
20633
msgstr ""
20635
20634
20636
#: serverguide/C/mail.xml:894(para)
20635
#: serverguide/C/mail.xml:953(para)
20637
20636
msgid ""
20638
20637
"To install <application>Mailman</application>, run following command at a "
20639
20638
"terminal prompt:"
20640
20639
msgstr ""
20641
20640
20642
#: serverguide/C/mail.xml:898(command)
20641
#: serverguide/C/mail.xml:957(command)
20643
20642
msgid "sudo apt-get install mailman"
20644
20643
msgstr ""
20645
20644
20646
#: serverguide/C/mail.xml:900(para)
20645
#: serverguide/C/mail.xml:959(para)
20647
20646
msgid ""
20648
20647
"It copies the installation files in "
20649
20648
"<application>/var/lib/mailman</application> directory. It installs the CGI "
20653
20652
"this user."
20654
20653
msgstr ""
20655
20654
20656
#: serverguide/C/mail.xml:912(para)
20655
#: serverguide/C/mail.xml:971(para)
20657
20656
msgid ""
20658
20657
"This section assumes you have successfully installed "
20659
20658
"<application>mailman</application>, <application>apache2</application>, and "
20661
20660
"you just need to configure them."
20662
20661
msgstr ""
20663
20662
20664
#: serverguide/C/mail.xml:921(para)
20663
#: serverguide/C/mail.xml:980(para)
20665
20664
msgid ""
20666
20665
"An example Apache configuration file comes with "
20667
20666
"<application>Mailman</application> and is placed in "
20670
20669
"available</filename>:"
20671
20670
msgstr ""
20672
20671
20673
#: serverguide/C/mail.xml:927(command)
20672
#: serverguide/C/mail.xml:986(command)
20674
20673
msgid ""
20675
20674
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20676
20675
msgstr ""
20677
20676
20678
#: serverguide/C/mail.xml:929(para)
20677
#: serverguide/C/mail.xml:988(para)
20679
20678
msgid ""
20680
20679
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
20681
20680
"Mailman administration site. Now enable the new configuration and restart "
20682
20681
"Apache:"
20683
20682
msgstr ""
20684
20683
20685
#: serverguide/C/mail.xml:934(command)
20684
#: serverguide/C/mail.xml:993(command)
20686
20685
msgid "sudo a2ensite mailman.conf"
20687
20686
msgstr ""
20688
20687
20689
#: serverguide/C/mail.xml:937(para)
20688
#: serverguide/C/mail.xml:996(para)
20690
20689
msgid ""
20691
20690
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
20692
20691
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
20695
20694
"available/mailman.conf</filename> file if you wish to change this behavior."
20696
20695
msgstr ""
20697
20696
20698
#: serverguide/C/mail.xml:948(para)
20697
#: serverguide/C/mail.xml:1007(para)
20699
20698
msgid ""
20700
20699
"For <application>Postfix</application> integration, we will associate the "
20701
20700
"domain lists.example.com with the mailing lists. Please replace "
20702
20701
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20703
20702
msgstr ""
20704
20703
20705
#: serverguide/C/mail.xml:952(para)
20704
#: serverguide/C/mail.xml:1011(para)
20706
20705
msgid ""
20707
20706
"You can use the postconf command to add the necessary configuration to "
20708
20707
"<filename>/etc/postfix/main.cf</filename>:"
20709
20708
msgstr ""
20710
20709
20711
#: serverguide/C/mail.xml:956(command)
20710
#: serverguide/C/mail.xml:1015(command)
20712
20711
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20713
20712
msgstr ""
20714
20713
20715
#: serverguide/C/mail.xml:957(command)
20714
#: serverguide/C/mail.xml:1016(command)
20716
20715
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20717
20716
msgstr ""
20718
20717
20719
#: serverguide/C/mail.xml:958(command)
20718
#: serverguide/C/mail.xml:1017(command)
20720
20719
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20721
20720
msgstr ""
20722
20721
20723
#: serverguide/C/mail.xml:960(para)
20722
#: serverguide/C/mail.xml:1019(para)
20724
20723
msgid ""
20725
20724
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20726
20725
"the following transport:"
20727
20726
msgstr ""
20728
20727
20729
#: serverguide/C/mail.xml:963(programlisting)
20728
#: serverguide/C/mail.xml:1022(programlisting)
20730
20729
#, no-wrap
20731
20730
msgid ""
20732
20731
"\n"
20735
20734
" ${nexthop} ${user}\n"
20736
20735
msgstr ""
20737
20736
20738
#: serverguide/C/mail.xml:968(para)
20737
#: serverguide/C/mail.xml:1027(para)
20739
20738
msgid ""
20740
20739
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20741
20740
"is delivered to a list."
20742
20741
msgstr ""
20743
20742
20744
#: serverguide/C/mail.xml:971(para)
20743
#: serverguide/C/mail.xml:1030(para)
20745
20744
msgid ""
20746
20745
"Associate the domain lists.example.com to the Mailman transport with the "
20747
20746
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20748
20747
msgstr ""
20749
20748
20750
#: serverguide/C/mail.xml:974(programlisting)
20749
#: serverguide/C/mail.xml:1033(programlisting)
20751
20750
#, no-wrap
20752
20751
msgid ""
20753
20752
"\n"
20754
20753
"lists.example.com mailman:\n"
20755
20754
msgstr ""
20756
20755
20757
#: serverguide/C/mail.xml:977(para)
20756
#: serverguide/C/mail.xml:1036(para)
20758
20757
msgid ""
20759
20758
"Now have <application>Postfix</application> build the transport map by "
20760
20759
"entering the following from a terminal prompt:"
20761
20760
msgstr ""
20762
20761
20763
#: serverguide/C/mail.xml:981(command)
20762
#: serverguide/C/mail.xml:1040(command)
20764
20763
msgid "sudo postmap -v /etc/postfix/transport"
20765
20764
msgstr ""
20766
20765
20767
#: serverguide/C/mail.xml:983(para)
20766
#: serverguide/C/mail.xml:1042(para)
20768
20767
msgid "Then restart Postfix to enable the new configurations:"
20769
20768
msgstr ""
20770
20769
20771
#: serverguide/C/mail.xml:992(para)
20770
#: serverguide/C/mail.xml:1051(para)
20772
20771
msgid ""
20773
20772
"Once Exim4 is installed, you can start the Exim server using the following "
20774
20773
"command from a terminal prompt:"
20775
20774
msgstr ""
20776
20775
20777
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
20776
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
20778
20777
msgid "Main"
20779
20778
msgstr ""
20780
20779
20781
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
20780
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
20782
20781
msgid "Transport"
20783
20782
msgstr ""
20784
20783
20785
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
20784
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
20786
20785
msgid "Router"
20787
20786
msgstr ""
20788
20787
20789
#: serverguide/C/mail.xml:999(para)
20788
#: serverguide/C/mail.xml:1058(para)
20790
20789
msgid ""
20791
20790
"In order to make mailman work with Exim4, you need to configure Exim4. As "
20792
20791
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
20798
20797
"is very important."
20799
20798
msgstr ""
20800
20799
20801
#: serverguide/C/mail.xml:1030(programlisting)
20800
#: serverguide/C/mail.xml:1089(programlisting)
20802
20801
#, no-wrap
20803
20802
msgid ""
20804
20803
"\n"
20832
20831
"# end\n"
20833
20832
msgstr ""
20834
20833
20835
#: serverguide/C/mail.xml:1024(para)
20834
#: serverguide/C/mail.xml:1083(para)
20836
20835
msgid ""
20837
20836
"All the configuration files belonging to the main type are stored in the "
20838
20837
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
20840
20839
"config_mailman</filename>: <placeholder-1/>"
20841
20840
msgstr ""
20842
20841
20843
#: serverguide/C/mail.xml:1070(programlisting)
20842
#: serverguide/C/mail.xml:1129(programlisting)
20844
20843
#, no-wrap
20845
20844
msgid ""
20846
20845
"\n"
20858
20857
" group = MM_GID\n"
20859
20858
msgstr ""
20860
20859
20861
#: serverguide/C/mail.xml:1064(para)
20860
#: serverguide/C/mail.xml:1123(para)
20862
20861
msgid ""
20863
20862
"All the configuration files belonging to transport type are stored in the "
20864
20863
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
20866
20865
"config_mailman</filename>: <placeholder-1/>"
20867
20866
msgstr ""
20868
20867
20869
#: serverguide/C/mail.xml:1091(programlisting)
20868
#: serverguide/C/mail.xml:1150(programlisting)
20870
20869
#, no-wrap
20871
20870
msgid ""
20872
20871
"\n"
20880
20879
" transport = mailman_transport\n"
20881
20880
msgstr ""
20882
20881
20883
#: serverguide/C/mail.xml:1087(para)
20882
#: serverguide/C/mail.xml:1146(para)
20884
20883
msgid ""
20885
20884
"All the configuration files belonging to router type are stored in the "
20886
20885
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
20888
20887
"config_mailman</filename>: <placeholder-1/>"
20889
20888
msgstr ""
20890
20889
20891
#: serverguide/C/mail.xml:1104(para)
20890
#: serverguide/C/mail.xml:1163(para)
20892
20891
msgid ""
20893
20892
"The order of main and transport configuration files can be in any order. "
20894
20893
"But, the order of router configuration files must be the same. This "
20898
20897
"details, please refer to the references section."
20899
20898
msgstr ""
20900
20899
20901
#: serverguide/C/mail.xml:1117(para)
20900
#: serverguide/C/mail.xml:1176(para)
20902
20901
msgid ""
20903
20902
"Once mailman is installed, you can run it using the following command:"
20904
20903
msgstr ""
20907
20906
msgid "sudo service mailman start"
20908
20907
msgstr ""
20909
20908
20910
#: serverguide/C/mail.xml:1123(para)
20909
#: serverguide/C/mail.xml:1182(para)
20911
20910
msgid ""
20912
20911
"Once mailman is installed, you should create the default mailing list. Run "
20913
20912
"the following command to create the mailing list:"
20914
20913
msgstr ""
20915
20914
20916
#: serverguide/C/mail.xml:1129(command)
20915
#: serverguide/C/mail.xml:1188(command)
20917
20916
msgid "sudo /usr/sbin/newlist mailman"
20918
20917
msgstr ""
20919
20918
20920
#: serverguide/C/mail.xml:1132(programlisting)
20919
#: serverguide/C/mail.xml:1191(programlisting)
20921
20920
#, no-wrap
20922
20921
msgid ""
20923
20922
"\n"
20948
20947
" # \n"
20949
20948
msgstr ""
20950
20949
20951
#: serverguide/C/mail.xml:1155(para)
20950
#: serverguide/C/mail.xml:1214(para)
20952
20951
msgid ""
20953
20952
"We have configured either Postfix or Exim4 to recognize all emails from "
20954
20953
"mailman. So, it is not mandatory to make any new entries in "
20957
20956
"continuing to next section."
20958
20957
msgstr ""
20959
20958
20960
#: serverguide/C/mail.xml:1163(para)
20959
#: serverguide/C/mail.xml:1222(para)
20961
20960
msgid ""
20962
20961
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
20963
20962
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
20965
20964
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
20966
20965
msgstr ""
20967
20966
20968
#: serverguide/C/mail.xml:1174(title)
20967
#: serverguide/C/mail.xml:1233(title)
20969
20968
msgid "Administration"
20970
20969
msgstr ""
20971
20970
20972
#: serverguide/C/mail.xml:1175(para)
20971
#: serverguide/C/mail.xml:1234(para)
20973
20972
msgid ""
20974
20973
"We assume you have a default installation. The mailman cgi scripts are still "
20975
20974
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
20977
20976
"point your browser to the following url:"
20978
20977
msgstr ""
20979
20978
20980
#: serverguide/C/mail.xml:1183(para)
20979
#: serverguide/C/mail.xml:1242(para)
20981
20980
msgid "http://hostname/cgi-bin/mailman/admin"
20982
20981
msgstr ""
20983
20982
20984
#: serverguide/C/mail.xml:1187(para)
20983
#: serverguide/C/mail.xml:1246(para)
20985
20984
msgid ""
20986
20985
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20987
20986
"screen. If you click the mailing list name, it will ask for your "
20992
20991
"mailing list using the web interface."
20993
20992
msgstr ""
20994
20993
20995
#: serverguide/C/mail.xml:1200(title)
20994
#: serverguide/C/mail.xml:1259(title)
20996
20995
msgid "Users"
20997
20996
msgstr ""
20998
20997
20999
#: serverguide/C/mail.xml:1201(para)
20998
#: serverguide/C/mail.xml:1260(para)
21000
20999
msgid ""
21001
21000
"Mailman provides a web based interface for users. To access this page, point "
21002
21001
"your browser to the following url:"
21003
21002
msgstr ""
21004
21003
21005
#: serverguide/C/mail.xml:1206(para)
21004
#: serverguide/C/mail.xml:1265(para)
21006
21005
msgid "http://hostname/cgi-bin/mailman/listinfo"
21007
21006
msgstr ""
21008
21007
21009
#: serverguide/C/mail.xml:1210(para)
21008
#: serverguide/C/mail.xml:1269(para)
21010
21009
msgid ""
21011
21010
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21012
21011
"screen. If you click the mailing list name, it will display the subscription "
21015
21014
"instructions in the email to subscribe."
21016
21015
msgstr ""
21017
21016
21018
#: serverguide/C/mail.xml:1222(ulink)
21017
#: serverguide/C/mail.xml:1281(ulink)
21019
21018
msgid "GNU Mailman - Installation Manual"
21020
21019
msgstr ""
21021
21020
21022
#: serverguide/C/mail.xml:1226(ulink)
21021
#: serverguide/C/mail.xml:1285(ulink)
21023
21022
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
21024
21023
msgstr ""
21025
21024
21026
#: serverguide/C/mail.xml:1229(para)
21025
#: serverguide/C/mail.xml:1288(para)
21027
21026
msgid ""
21028
21027
"Also, see the <ulink "
21029
21028
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
21030
21029
"Wiki</ulink> page."
21031
21030
msgstr ""
21032
21031
21033
#: serverguide/C/mail.xml:1235(title)
21032
#: serverguide/C/mail.xml:1294(title)
21034
21033
msgid "Mail Filtering"
21035
21034
msgstr ""
21036
21035
21037
#: serverguide/C/mail.xml:1236(para)
21036
#: serverguide/C/mail.xml:1295(para)
21038
21037
msgid ""
21039
21038
"One of the largest issues with email today is the problem of Unsolicited "
21040
21039
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
21042
21041
"the bulk of all email traffic on the Internet."
21043
21042
msgstr ""
21044
21043
21045
#: serverguide/C/mail.xml:1241(para)
21044
#: serverguide/C/mail.xml:1300(para)
21046
21045
msgid ""
21047
21046
"This section will cover integrating <application>Amavisd-new</application>, "
21048
21047
"<application>Spamassassin</application>, and "
21056
21055
"spf</application>."
21057
21056
msgstr ""
21058
21057
21059
#: serverguide/C/mail.xml:1251(para)
21058
#: serverguide/C/mail.xml:1310(para)
21060
21059
msgid ""
21061
21060
"<application>Amavisd-new</application> is a wrapper program that can call "
21062
21061
"any number of content filtering programs for spam detection, antivirus, etc."
21063
21062
msgstr ""
21064
21063
21065
#: serverguide/C/mail.xml:1257(para)
21064
#: serverguide/C/mail.xml:1316(para)
21066
21065
msgid ""
21067
21066
"<application>Spamassassin</application> uses a variety of mechanisms to "
21068
21067
"filter email based on the message content."
21069
21068
msgstr ""
21070
21069
21071
#: serverguide/C/mail.xml:1262(para)
21070
#: serverguide/C/mail.xml:1321(para)
21072
21071
msgid ""
21073
21072
"<application>ClamAV</application> is an open source antivirus application."
21074
21073
msgstr ""
21075
21074
21076
#: serverguide/C/mail.xml:1267(para)
21075
#: serverguide/C/mail.xml:1326(para)
21077
21076
msgid ""
21078
21077
"<application>opendkim</application> implements a Sendmail Mail Filter "
21079
21078
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21080
21079
msgstr ""
21081
21080
21082
#: serverguide/C/mail.xml:1273(para)
21081
#: serverguide/C/mail.xml:1332(para)
21083
21082
msgid ""
21084
21083
"<application>python-policyd-spf</application> enables Sender Policy "
21085
21084
"Framework (SPF) checking with <application>Postfix</application>."
21086
21085
msgstr ""
21087
21086
21088
#: serverguide/C/mail.xml:1278(para)
21087
#: serverguide/C/mail.xml:1337(para)
21089
21088
msgid "This is how the pieces fit together:"
21090
21089
msgstr ""
21091
21090
21092
#: serverguide/C/mail.xml:1283(para)
21091
#: serverguide/C/mail.xml:1342(para)
21093
21092
msgid "An email message is accepted by <application>Postfix</application>."
21094
21093
msgstr ""
21095
21094
21096
#: serverguide/C/mail.xml:1288(para)
21095
#: serverguide/C/mail.xml:1347(para)
21097
21096
msgid ""
21098
21097
"The message is passed through any external filters "
21099
21098
"<application>opendkim</application> and <application>python-policyd-"
21100
21099
"spf</application> in this case."
21101
21100
msgstr ""
21102
21101
21103
#: serverguide/C/mail.xml:1294(para)
21102
#: serverguide/C/mail.xml:1353(para)
21104
21103
msgid "<application>Amavisd-new</application> then processes the message."
21105
21104
msgstr ""
21106
21105
21107
#: serverguide/C/mail.xml:1299(para)
21106
#: serverguide/C/mail.xml:1358(para)
21108
21107
msgid ""
21109
21108
"<application>ClamAV</application> is used to scan the message. If the "
21110
21109
"message contains a virus <application>Postfix</application> will reject the "
21111
21110
"message."
21112
21111
msgstr ""
21113
21112
21114
#: serverguide/C/mail.xml:1305(para)
21113
#: serverguide/C/mail.xml:1364(para)
21115
21114
msgid ""
21116
21115
"Clean messages will then be analyzed by "
21117
21116
"<application>Spamassassin</application> to find out if the message is spam. "
21120
21119
"message."
21121
21120
msgstr ""
21122
21121
21123
#: serverguide/C/mail.xml:1312(para)
21122
#: serverguide/C/mail.xml:1371(para)
21124
21123
msgid ""
21125
21124
"For example, if a message has a Spam score of over fifty the message could "
21126
21125
"be automatically dropped from the queue without the recipient ever having to "
21129
21128
"see fit."
21130
21129
msgstr ""
21131
21130
21132
#: serverguide/C/mail.xml:1319(para)
21131
#: serverguide/C/mail.xml:1378(para)
21133
21132
msgid ""
21134
21133
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21135
21134
"configuring Postfix."
21136
21135
msgstr ""
21137
21136
21138
#: serverguide/C/mail.xml:1322(para)
21137
#: serverguide/C/mail.xml:1381(para)
21139
21138
msgid ""
21140
21139
"To install the rest of the applications enter the following from a terminal "
21141
21140
"prompt:"
21142
21141
msgstr ""
21143
21142
21144
#: serverguide/C/mail.xml:1326(command)
21143
#: serverguide/C/mail.xml:1385(command)
21145
21144
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21146
21145
msgstr ""
21147
21146
21148
#: serverguide/C/mail.xml:1327(command)
21147
#: serverguide/C/mail.xml:1386(command)
21149
21148
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21150
21149
msgstr ""
21151
21150
21152
#: serverguide/C/mail.xml:1329(para)
21151
#: serverguide/C/mail.xml:1388(para)
21153
21152
msgid ""
21154
21153
"There are some optional packages that integrate with "
21155
21154
"<application>Spamassassin</application> for better spam detection:"
21156
21155
msgstr ""
21157
21156
21158
#: serverguide/C/mail.xml:1333(command)
21157
#: serverguide/C/mail.xml:1392(command)
21159
21158
msgid "sudo apt-get install pyzor razor"
21160
21159
msgstr ""
21161
21160
21162
#: serverguide/C/mail.xml:1335(para)
21161
#: serverguide/C/mail.xml:1394(para)
21163
21162
msgid ""
21164
21163
"Along with the main filtering applications compression utilities are needed "
21165
21164
"to process some email attachments:"
21166
21165
msgstr ""
21167
21166
21168
#: serverguide/C/mail.xml:1339(command)
21167
#: serverguide/C/mail.xml:1398(command)
21169
21168
msgid ""
21170
21169
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21171
21170
msgstr ""
21172
21171
21173
#: serverguide/C/mail.xml:1342(para)
21172
#: serverguide/C/mail.xml:1401(para)
21174
21173
msgid ""
21175
21174
"If some packages are not found, check that the "
21176
21175
"<emphasis>multiverse</emphasis> repository is enabled in "
21177
21176
"<filename>/etc/apt/sources.list</filename>"
21178
21177
msgstr ""
21179
21178
21180
#: serverguide/C/mail.xml:1343(para)
21179
#: serverguide/C/mail.xml:1402(para)
21181
21180
msgid ""
21182
21181
"If you make changes to the file, be sure to run <command>sudo apt-get "
21183
21182
"update</command> before trying to install again."
21184
21183
msgstr ""
21185
21184
21186
#: serverguide/C/mail.xml:1348(para)
21185
#: serverguide/C/mail.xml:1407(para)
21187
21186
msgid "Now configure everything to work together and filter email."
21188
21187
msgstr ""
21189
21188
21190
#: serverguide/C/mail.xml:1352(title)
21189
#: serverguide/C/mail.xml:1411(title)
21191
21190
msgid "ClamAV"
21192
21191
msgstr ""
21193
21192
21194
#: serverguide/C/mail.xml:1353(para)
21193
#: serverguide/C/mail.xml:1412(para)
21195
21194
msgid ""
21196
21195
"The default behaviour of <application>ClamAV</application> will fit our "
21197
21196
"needs. For more ClamAV configuration options, check the configuration files "
21198
21197
"in <filename>/etc/clamav</filename>."
21199
21198
msgstr ""
21200
21199
21201
#: serverguide/C/mail.xml:1358(para)
21200
#: serverguide/C/mail.xml:1417(para)
21202
21201
msgid ""
21203
21202
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21204
21203
"group in order for <application>Amavisd-new</application> to have the "
21205
21204
"appropriate access to scan files:"
21206
21205
msgstr ""
21207
21206
21208
#: serverguide/C/mail.xml:1363(command)
21207
#: serverguide/C/mail.xml:1422(command)
21209
21208
msgid "sudo adduser clamav amavis"
21210
21209
msgstr ""
21211
21210
21212
#: serverguide/C/mail.xml:1364(command)
21211
#: serverguide/C/mail.xml:1423(command)
21213
21212
msgid "sudo adduser amavis clamav"
21214
21213
msgstr ""
21215
21214
21216
#: serverguide/C/mail.xml:1368(title)
21215
#: serverguide/C/mail.xml:1427(title)
21217
21216
msgid "Spamassassin"
21218
21217
msgstr ""
21219
21218
21220
#: serverguide/C/mail.xml:1369(para)
21219
#: serverguide/C/mail.xml:1428(para)
21221
21220
msgid ""
21222
21221
"Spamassassin automatically detects optional components and will use them if "
21223
21222
"they are present. This means that there is no need to configure "
21224
21223
"<application>pyzor</application> and <application>razor</application>."
21225
21224
msgstr ""
21226
21225
21227
#: serverguide/C/mail.xml:1373(para)
21226
#: serverguide/C/mail.xml:1432(para)
21228
21227
msgid ""
21229
21228
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21230
21229
"<application>Spamassassin</application> daemon. Change "
21231
21230
"<emphasis>ENABLED=0</emphasis> to:"
21232
21231
msgstr ""
21233
21232
21234
#: serverguide/C/mail.xml:1377(programlisting)
21233
#: serverguide/C/mail.xml:1436(programlisting)
21235
21234
#, no-wrap
21236
21235
msgid ""
21237
21236
"\n"
21238
21237
"ENABLED=1\n"
21239
21238
msgstr ""
21240
21239
21241
#: serverguide/C/mail.xml:1380(para)
21240
#: serverguide/C/mail.xml:1439(para)
21242
21241
msgid "Now start the daemon:"
21243
21242
msgstr ""
21244
21243
21246
21245
msgid "sudo service spamassassin start"
21247
21246
msgstr ""
21248
21247
21249
#: serverguide/C/mail.xml:1388(title)
21248
#: serverguide/C/mail.xml:1447(title)
21250
21249
msgid "Amavisd-new"
21251
21250
msgstr ""
21252
21251
21253
#: serverguide/C/mail.xml:1389(para)
21252
#: serverguide/C/mail.xml:1448(para)
21254
21253
msgid ""
21255
21254
"First activate spam and antivirus detection in <application>Amavisd-"
21256
21255
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
21257
21256
"content_filter_mode</filename>:"
21258
21257
msgstr ""
21259
21258
21260
#: serverguide/C/mail.xml:1393(programlisting)
21259
#: serverguide/C/mail.xml:1452(programlisting)
21261
21260
#, no-wrap
21262
21261
msgid ""
21263
21262
"\n"
21288
21287
"1; # insure a defined return\n"
21289
21288
msgstr ""
21290
21289
21291
#: serverguide/C/mail.xml:1419(para)
21290
#: serverguide/C/mail.xml:1477(para)
21292
21291
msgid ""
21293
21292
"Bouncing spam can be a bad idea as the return address is often faked. The "
21294
21293
"default behaviour is to instead discard. This is configured in "
21297
21296
"D_BOUNCE."
21298
21297
msgstr ""
21299
21298
21300
#: serverguide/C/mail.xml:1425(para)
21299
#: serverguide/C/mail.xml:1483(para)
21301
21300
msgid ""
21302
21301
"Additionally, you may want to adjust the following options to flag more "
21303
21302
"messages as spam:"
21304
21303
msgstr ""
21305
21304
21306
#: serverguide/C/mail.xml:1429(programlisting)
21305
#: serverguide/C/mail.xml:1487(programlisting)
21307
21306
#, no-wrap
21308
21307
msgid ""
21309
21308
"\n"
21314
21313
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
21315
21314
msgstr ""
21316
21315
21317
#: serverguide/C/mail.xml:1436(para)
21316
#: serverguide/C/mail.xml:1494(para)
21318
21317
msgid ""
21319
21318
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
21320
21319
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
21323
21322
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
21324
21323
msgstr ""
21325
21324
21326
#: serverguide/C/mail.xml:1443(programlisting)
21325
#: serverguide/C/mail.xml:1501(programlisting)
21327
21326
#, no-wrap
21328
21327
msgid ""
21329
21328
"\n"
21331
21330
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
21332
21331
msgstr ""
21333
21332
21334
#: serverguide/C/mail.xml:1448(para)
21333
#: serverguide/C/mail.xml:1506(para)
21335
21334
msgid ""
21336
21335
"If you want to cover multiple domains you can use the following in "
21337
21336
"the<filename>/etc/amavis/conf.d/50-user</filename>"
21338
21337
msgstr ""
21339
21338
21340
#: serverguide/C/mail.xml:1451(programlisting)
21339
#: serverguide/C/mail.xml:1509(programlisting)
21341
21340
#, no-wrap
21342
21341
msgid ""
21343
21342
"\n"
21344
21343
"@local_domains_acl = qw(.);\n"
21345
21344
msgstr ""
21346
21345
21347
#: serverguide/C/mail.xml:1455(para)
21346
#: serverguide/C/mail.xml:1513(para)
21348
21347
msgid ""
21349
21348
"After configuration <application>Amavisd-new</application> needs to be "
21350
21349
"restarted:"
21354
21353
msgid "sudo service amavis restart"
21355
21354
msgstr ""
21356
21355
21357
#: serverguide/C/mail.xml:1462(title)
21356
#: serverguide/C/mail.xml:1520(title)
21358
21357
msgid "DKIM Whitelist"
21359
21358
msgstr ""
21360
21359
21361
#: serverguide/C/mail.xml:1464(para)
21360
#: serverguide/C/mail.xml:1522(para)
21362
21361
msgid ""
21363
21362
"<application>Amavisd-new</application> can be configured to automatically "
21364
21363
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
21366
21365
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21367
21366
msgstr ""
21368
21367
21369
#: serverguide/C/mail.xml:1470(para)
21368
#: serverguide/C/mail.xml:1528(para)
21370
21369
msgid "There are multiple ways to configure the Whitelist for a domain:"
21371
21370
msgstr ""
21372
21371
21373
#: serverguide/C/mail.xml:1476(para)
21372
#: serverguide/C/mail.xml:1534(para)
21374
21373
msgid ""
21375
21374
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21376
21375
"address from the \"example.com\" domain."
21377
21376
msgstr ""
21378
21377
21379
#: serverguide/C/mail.xml:1481(para)
21378
#: serverguide/C/mail.xml:1539(para)
21380
21379
msgid ""
21381
21380
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21382
21381
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21383
21382
"have a valid signature."
21384
21383
msgstr ""
21385
21384
21386
#: serverguide/C/mail.xml:1487(para)
21385
#: serverguide/C/mail.xml:1545(para)
21387
21386
msgid ""
21388
21387
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21389
21388
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21390
21389
"role=\"italic\">example.com</emphasis> the parent domain."
21391
21390
msgstr ""
21392
21391
21393
#: serverguide/C/mail.xml:1493(para)
21392
#: serverguide/C/mail.xml:1551(para)
21394
21393
msgid ""
21395
21394
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21396
21395
"that have a valid signature from \"example.com\". This is usually used for "
21397
21396
"discussion groups that sign their messages."
21398
21397
msgstr ""
21399
21398
21400
#: serverguide/C/mail.xml:1500(para)
21399
#: serverguide/C/mail.xml:1558(para)
21401
21400
msgid ""
21402
21401
"A domain can also have multiple Whitelist configurations. After editing the "
21403
21402
"file, restart <application>amavisd-new</application>:"
21404
21403
msgstr ""
21405
21404
21406
#: serverguide/C/mail.xml:1510(para)
21405
#: serverguide/C/mail.xml:1568(para)
21407
21406
msgid ""
21408
21407
"In this context, once a domain has been added to the Whitelist the message "
21409
21408
"will not receive any anti-virus or spam filtering. This may or may not be "
21410
21409
"the intended behavior you wish for a domain."
21411
21410
msgstr ""
21412
21411
21413
#: serverguide/C/mail.xml:1520(para)
21412
#: serverguide/C/mail.xml:1578(para)
21414
21413
msgid ""
21415
21414
"For <application>Postfix</application> integration, enter the following from "
21416
21415
"a terminal prompt:"
21417
21416
msgstr ""
21418
21417
21419
#: serverguide/C/mail.xml:1524(command)
21418
#: serverguide/C/mail.xml:1582(command)
21420
21419
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21421
21420
msgstr ""
21422
21421
21423
#: serverguide/C/mail.xml:1526(para)
21422
#: serverguide/C/mail.xml:1584(para)
21424
21423
msgid ""
21425
21424
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21426
21425
"to the end of the file:"
21459
21458
"_milters\n"
21460
21459
msgstr ""
21461
21460
21462
#: serverguide/C/mail.xml:1556(para)
21461
#: serverguide/C/mail.xml:1614(para)
21463
21462
msgid ""
21464
21463
"Also add the following two lines immediately below the "
21465
21464
"<emphasis>\"pickup\"</emphasis> transport service:"
21466
21465
msgstr ""
21467
21466
21468
#: serverguide/C/mail.xml:1559(programlisting)
21467
#: serverguide/C/mail.xml:1617(programlisting)
21469
21468
#, no-wrap
21470
21469
msgid ""
21471
21470
"\n"
21473
21472
" -o receive_override_options=no_header_body_checks\n"
21474
21473
msgstr ""
21475
21474
21476
#: serverguide/C/mail.xml:1563(para)
21475
#: serverguide/C/mail.xml:1621(para)
21477
21476
msgid ""
21478
21477
"This will prevent messages that are generated to report on spam from being "
21479
21478
"classified as spam."
21480
21479
msgstr ""
21481
21480
21482
#: serverguide/C/mail.xml:1566(para)
21481
#: serverguide/C/mail.xml:1624(para)
21483
21482
msgid "Now restart <application>Postfix</application>:"
21484
21483
msgstr ""
21485
21484
21486
#: serverguide/C/mail.xml:1572(para)
21485
#: serverguide/C/mail.xml:1630(para)
21487
21486
msgid "Content filtering with spam and virus detection is now enabled."
21488
21487
msgstr ""
21489
21488
21490
#: serverguide/C/mail.xml:1578(title)
21489
#: serverguide/C/mail.xml:1636(title)
21491
21490
msgid "Amavisd-new and Spamassassin"
21492
21491
msgstr ""
21493
21492
21494
#: serverguide/C/mail.xml:1580(para)
21493
#: serverguide/C/mail.xml:1638(para)
21495
21494
msgid ""
21496
21495
"When integrating <application>Amavisd-new</application> with "
21497
21496
"<application>Spamassassin</application>, if you choose to disable the bayes "
21502
21501
"<application>cron</application> job."
21503
21502
msgstr ""
21504
21503
21505
#: serverguide/C/mail.xml:1587(para)
21504
#: serverguide/C/mail.xml:1645(para)
21506
21505
msgid "There are several ways to handle this situation:"
21507
21506
msgstr ""
21508
21507
21509
#: serverguide/C/mail.xml:1593(para)
21508
#: serverguide/C/mail.xml:1651(para)
21510
21509
msgid "Configure your MDA to filter messages you do not wish to see."
21511
21510
msgstr ""
21512
21511
21513
#: serverguide/C/mail.xml:1598(para)
21512
#: serverguide/C/mail.xml:1656(para)
21514
21513
msgid ""
21515
21514
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
21516
21515
"<emphasis>use_bayes 0</emphasis>. For example, edit "
21518
21517
"the top before the <emphasis>test</emphasis> statements:"
21519
21518
msgstr ""
21520
21519
21521
#: serverguide/C/mail.xml:1602(programlisting)
21520
#: serverguide/C/mail.xml:1660(programlisting)
21522
21521
#, no-wrap
21523
21522
msgid ""
21524
21523
"\n"
21526
21525
"exit 0\n"
21527
21526
msgstr ""
21528
21527
21529
#: serverguide/C/mail.xml:1612(para)
21528
#: serverguide/C/mail.xml:1670(para)
21530
21529
msgid ""
21531
21530
"First, test that the <application>Amavisd-new</application> SMTP is "
21532
21531
"listening:"
21533
21532
msgstr ""
21534
21533
21535
#: serverguide/C/mail.xml:1615(programlisting)
21534
#: serverguide/C/mail.xml:1673(programlisting)
21536
21535
#, no-wrap
21537
21536
msgid ""
21538
21537
"\n"
21544
21543
"^]\n"
21545
21544
msgstr ""
21546
21545
21547
#: serverguide/C/mail.xml:1623(para)
21546
#: serverguide/C/mail.xml:1681(para)
21548
21547
msgid ""
21549
21548
"In the Header of messages that go through the content filter you should see:"
21550
21549
msgstr ""
21551
21550
21552
#: serverguide/C/mail.xml:1626(programlisting)
21551
#: serverguide/C/mail.xml:1684(programlisting)
21553
21552
#, no-wrap
21554
21553
msgid ""
21555
21554
"\n"
21560
21559
"X-Spam-Level: \n"
21561
21560
msgstr ""
21562
21561
21563
#: serverguide/C/mail.xml:1633(para)
21562
#: serverguide/C/mail.xml:1691(para)
21564
21563
msgid ""
21565
21564
"Your output will vary, but the important thing is that there are <emphasis>X-"
21566
21565
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21567
21566
msgstr ""
21568
21567
21569
#: serverguide/C/mail.xml:1641(para)
21568
#: serverguide/C/mail.xml:1699(para)
21570
21569
msgid ""
21571
21570
"The best way to figure out why something is going wrong is to check the log "
21572
21571
"files."
21573
21572
msgstr ""
21574
21573
21575
#: serverguide/C/mail.xml:1646(para)
21574
#: serverguide/C/mail.xml:1704(para)
21576
21575
msgid ""
21577
21576
"For instructions on <application>Postfix</application> logging see the <xref "
21578
21577
"linkend=\"postfix-troubleshooting\"/> section."
21579
21578
msgstr ""
21580
21579
21581
#: serverguide/C/mail.xml:1652(para)
21580
#: serverguide/C/mail.xml:1710(para)
21582
21581
msgid ""
21583
21582
"<application>Amavisd-new</application> uses "
21584
21583
"<application>Syslog</application> to send messages to "
21588
21587
"1 to 5."
21589
21588
msgstr ""
21590
21589
21591
#: serverguide/C/mail.xml:1657(programlisting)
21590
#: serverguide/C/mail.xml:1715(programlisting)
21592
21591
#, no-wrap
21593
21592
msgid ""
21594
21593
"\n"
21595
21594
"$log_level = 2;\n"
21596
21595
msgstr ""
21597
21596
21598
#: serverguide/C/mail.xml:1661(para)
21597
#: serverguide/C/mail.xml:1719(para)
21599
21598
msgid ""
21600
21599
"When the <application>Amavisd-new</application> log output is increased "
21601
21600
"<application>Spamassassin</application> log output is also increased."
21602
21601
msgstr ""
21603
21602
21604
#: serverguide/C/mail.xml:1668(para)
21603
#: serverguide/C/mail.xml:1726(para)
21605
21604
msgid ""
21606
21605
"The <application>ClamAV</application> log level can be increased by editing "
21607
21606
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
21608
21607
msgstr ""
21609
21608
21610
#: serverguide/C/mail.xml:1672(programlisting)
21609
#: serverguide/C/mail.xml:1730(programlisting)
21611
21610
#, no-wrap
21612
21611
msgid ""
21613
21612
"\n"
21614
21613
"LogVerbose true\n"
21615
21614
msgstr ""
21616
21615
21617
#: serverguide/C/mail.xml:1675(para)
21616
#: serverguide/C/mail.xml:1733(para)
21618
21617
msgid ""
21619
21618
"By default <application>ClamAV</application> will send log messages to "
21620
21619
"<filename>/var/log/clamav/clamav.log</filename>."
21621
21620
msgstr ""
21622
21621
21623
#: serverguide/C/mail.xml:1681(para)
21622
#: serverguide/C/mail.xml:1739(para)
21624
21623
msgid ""
21625
21624
"After changing an applications log settings remember to restart the service "
21626
21625
"for the new settings to take affect. Also, once the issue you are "
21628
21627
"back to normal."
21629
21628
msgstr ""
21630
21629
21631
#: serverguide/C/mail.xml:1689(para)
21630
#: serverguide/C/mail.xml:1747(para)
21632
21631
msgid "For more information on filtering mail see the following links:"
21633
21632
msgstr ""
21634
21633
21635
#: serverguide/C/mail.xml:1695(ulink)
21634
#: serverguide/C/mail.xml:1753(ulink)
21636
21635
msgid "Amavisd-new Documentation"
21637
21636
msgstr ""
21638
21637
21639
#: serverguide/C/mail.xml:1699(para)
21638
#: serverguide/C/mail.xml:1757(para)
21640
21639
msgid ""
21641
21640
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21642
21641
"Documentation</ulink> and <ulink "
21643
21642
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21644
21643
msgstr ""
21645
21644
21646
#: serverguide/C/mail.xml:1706(ulink)
21645
#: serverguide/C/mail.xml:1764(ulink)
21647
21646
msgid "Spamassassin Wiki"
21648
21647
msgstr ""
21649
21648
21650
#: serverguide/C/mail.xml:1711(ulink)
21649
#: serverguide/C/mail.xml:1769(ulink)
21651
21650
msgid "Pyzor Homepage"
21652
21651
msgstr ""
21653
21652
21654
#: serverguide/C/mail.xml:1716(ulink)
21653
#: serverguide/C/mail.xml:1774(ulink)
21655
21654
msgid "Razor Homepage"
21656
21655
msgstr ""
21657
21656
21658
#: serverguide/C/mail.xml:1721(ulink)
21657
#: serverguide/C/mail.xml:1779(ulink)
21659
21658
msgid "DKIM.org"
21660
21659
msgstr ""
21661
21660
21662
#: serverguide/C/mail.xml:1726(ulink)
21661
#: serverguide/C/mail.xml:1784(ulink)
21663
21662
msgid "Postfix Amavis New"
21664
21663
msgstr ""
21665
21664
21666
#: serverguide/C/mail.xml:1730(para)
21665
#: serverguide/C/mail.xml:1788(para)
21667
21666
msgid ""
21668
21667
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21669
21668
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
21768
21767
21769
21768
#: serverguide/C/lamp-applications.xml:104(para)
21770
21769
msgid ""
21771
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
21770
"MoinMoin is a wiki engine implemented in Python, based on the PikiPiki Wiki "
21772
21771
"engine, and licensed under the GNU GPL."
21773
21772
msgstr ""
21774
21773
21785
21784
#: serverguide/C/lamp-applications.xml:121(para)
21786
21785
msgid ""
21787
21786
"You should also install <application>apache2</application> web server. For "
21788
"installing <application>apache2</application> web server, please refer to "
21789
"<xref linkend=\"http-installation\"/> sub-section in <xref "
21787
"installing the <application>apache2</application> web server, please refer "
21788
"to <xref linkend=\"http-installation\"/> sub-section in <xref "
21790
21789
"linkend=\"httpd\"/> section."
21791
21790
msgstr ""
21792
21791
21793
21792
#: serverguide/C/lamp-applications.xml:132(para)
21794
21793
msgid ""
21795
"For configuring your first Wiki application, please run the following set of "
21796
"commands. Let us assume that you are creating a Wiki named "
21794
"To configure your first wiki application, please run the following set of "
21795
"commands. Let us assume that you are creating a wiki named "
21797
21796
"<emphasis>mywiki</emphasis>:"
21798
21797
msgstr ""
21799
21798
21832
21831
#: serverguide/C/lamp-applications.xml:149(para)
21833
21832
msgid ""
21834
21833
"Now you should configure <application>MoinMoin</application> to find your "
21835
"new Wiki <emphasis>mywiki</emphasis>. To configure "
21834
"new wiki <emphasis>mywiki</emphasis>. To configure "
21836
21835
"<application>MoinMoin</application>, open "
21837
21836
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
21838
21837
msgstr ""
21866
21865
21867
21866
#: serverguide/C/lamp-applications.xml:174(para)
21868
21867
msgid ""
21869
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
21868
"If the <filename>/etc/moin/mywiki.py</filename> file does not exist, you "
21870
21869
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
21871
21870
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
21872
21871
"mentioned change."
21874
21873
21875
21874
#: serverguide/C/lamp-applications.xml:182(para)
21876
21875
msgid ""
21877
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
21876
"If you have named your wiki as <emphasis>my_wiki_name</emphasis> you should "
21878
21877
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
21879
21878
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
21880
21879
"<quote>(\"mywiki\", r\".*\")</quote>."
21883
21882
#: serverguide/C/lamp-applications.xml:190(para)
21884
21883
msgid ""
21885
21884
"Once you have configured <application>MoinMoin</application> to find your "
21886
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
21887
"<application>apache2</application> and make it ready for your Wiki "
21888
"application."
21885
"first wiki application, <emphasis>mywiki</emphasis>, you should configure "
21886
"<application>apache2</application> and make it ready for your wiki."
21889
21887
msgstr ""
21890
21888
21891
21889
#: serverguide/C/lamp-applications.xml:197(para)
21901
21899
"\n"
21902
21900
"### moin\n"
21903
21901
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
21904
" alias /moin_static193 \"/usr/share/moin/htdocs\"\n"
21902
" alias /moin_static<version> \"/usr/share/moin/htdocs\"\n"
21905
21903
" <Directory /usr/share/moin/htdocs>\n"
21906
21904
" Order allow,deny\n"
21907
21905
" allow from all\n"
21910
21908
msgstr ""
21911
21909
21912
21910
#: serverguide/C/lamp-applications.xml:214(para)
21911
msgid "The version in the above example is determined by running:"
21912
msgstr ""
21913
21914
#: serverguide/C/lamp-applications.xml:218(programlisting)
21915
#, no-wrap
21916
msgid ""
21917
"\n"
21918
"$ moin --version\n"
21919
msgstr ""
21920
21921
#: serverguide/C/lamp-applications.xml:222(para)
21922
msgid "If the output shows version 1.9.7, your second line should be:"
21923
msgstr ""
21924
21925
#: serverguide/C/lamp-applications.xml:226(programlisting)
21926
#, no-wrap
21927
msgid ""
21928
"\n"
21929
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
21930
msgstr ""
21931
21932
#: serverguide/C/lamp-applications.xml:230(para)
21913
21933
msgid ""
21914
21934
"Once you configure the <application>apache2</application> web server and "
21915
"make it ready for your Wiki application, you should restart it. You can run "
21935
"make it ready for your wiki application, you should restart it. You can run "
21916
21936
"the following command to restart the <application>apache2</application> web "
21917
21937
"server:"
21918
21938
msgstr ""
21919
21939
21920
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
21940
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1315(title)
21921
21941
msgid "Verification"
21922
21942
msgstr ""
21923
21943
21924
#: serverguide/C/lamp-applications.xml:229(para)
21944
#: serverguide/C/lamp-applications.xml:245(para)
21925
21945
msgid ""
21926
21946
"You can verify the Wiki application and see if it works by pointing your web "
21927
21947
"browser to the following URL:"
21928
21948
msgstr ""
21929
21949
21930
#: serverguide/C/lamp-applications.xml:233(programlisting)
21950
#: serverguide/C/lamp-applications.xml:249(programlisting)
21931
21951
#, no-wrap
21932
21952
msgid ""
21933
21953
"\n"
21934
21954
"http://localhost/mywiki\n"
21935
21955
msgstr ""
21936
21956
21937
#: serverguide/C/lamp-applications.xml:237(para)
21957
#: serverguide/C/lamp-applications.xml:253(para)
21938
21958
msgid ""
21939
21959
"For more details, please refer to the <ulink "
21940
21960
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
21941
21961
msgstr ""
21942
21962
21943
#: serverguide/C/lamp-applications.xml:248(para)
21963
#: serverguide/C/lamp-applications.xml:264(para)
21944
21964
msgid ""
21945
21965
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
21946
21966
"Wiki</ulink>."
21947
21967
msgstr ""
21948
21968
21949
#: serverguide/C/lamp-applications.xml:253(para)
21969
#: serverguide/C/lamp-applications.xml:269(para)
21950
21970
msgid ""
21951
21971
"Also, see the <ulink "
21952
21972
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
21953
21973
"MoinMoin</ulink> page."
21954
21974
msgstr ""
21955
21975
21956
#: serverguide/C/lamp-applications.xml:262(title)
21976
#: serverguide/C/lamp-applications.xml:278(title)
21957
21977
msgid "MediaWiki"
21958
21978
msgstr ""
21959
21979
21960
#: serverguide/C/lamp-applications.xml:264(para)
21980
#: serverguide/C/lamp-applications.xml:280(para)
21961
21981
msgid ""
21962
21982
"MediaWiki is an web based Wiki software written in the PHP language. It can "
21963
21983
"either use <application>MySQL</application> or "
21964
21984
"<application>PostgreSQL</application> Database Management System."
21965
21985
msgstr ""
21966
21986
21967
#: serverguide/C/lamp-applications.xml:274(para)
21987
#: serverguide/C/lamp-applications.xml:290(para)
21968
21988
msgid ""
21969
21989
"Before installing <application>MediaWiki</application> you should also "
21970
21990
"install <application>Apache2</application>, the "
21975
21995
"installation instructions."
21976
21996
msgstr ""
21977
21997
21978
#: serverguide/C/lamp-applications.xml:282(para)
21998
#: serverguide/C/lamp-applications.xml:298(para)
21979
21999
msgid ""
21980
22000
"To install <application>MediaWiki</application>, run the following command "
21981
22001
"in the command prompt:"
21982
22002
msgstr ""
21983
22003
21984
#: serverguide/C/lamp-applications.xml:288(command)
22004
#: serverguide/C/lamp-applications.xml:304(command)
21985
22005
msgid "sudo apt-get install mediawiki php5-gd"
21986
22006
msgstr ""
21987
22007
21988
#: serverguide/C/lamp-applications.xml:291(para)
22008
#: serverguide/C/lamp-applications.xml:307(para)
21989
22009
msgid ""
21990
22010
"For additional <application>MediaWiki</application> functionality see the "
21991
22011
"<application>mediawiki-extensions</application> package."
21992
22012
msgstr ""
21993
22013
21994
#: serverguide/C/lamp-applications.xml:301(para)
22014
#: serverguide/C/lamp-applications.xml:317(para)
21995
22015
msgid ""
21996
22016
"The Apache configuration file <filename>mediawiki.conf</filename> for "
21997
22017
"<application>MediaWiki</application> is installed in "
22000
22020
"file."
22001
22021
msgstr ""
22002
22022
22003
#: serverguide/C/lamp-applications.xml:309(screen)
22023
#: serverguide/C/lamp-applications.xml:324(screen)
22004
22024
#, no-wrap
22005
22025
msgid ""
22006
22026
"\n"
22007
22027
"# Alias /mediawiki /var/lib/mediawiki\n"
22008
22028
msgstr ""
22009
22029
22010
#: serverguide/C/lamp-applications.xml:312(para)
22030
#: serverguide/C/lamp-applications.xml:328(para)
22011
22031
msgid ""
22012
22032
"The <application>MediaWiki</application> configuration also needs to be "
22013
22033
"enabled."
22014
22034
msgstr ""
22015
22035
22016
#: serverguide/C/lamp-applications.xml:316(command)
22036
#: serverguide/C/lamp-applications.xml:332(command)
22017
22037
msgid "sudo a2enconf mediawiki.conf"
22018
22038
msgstr ""
22019
22039
22020
#: serverguide/C/lamp-applications.xml:319(para)
22040
#: serverguide/C/lamp-applications.xml:335(para)
22021
22041
msgid "Restart Apache server."
22022
22042
msgstr ""
22023
22043
22024
#: serverguide/C/lamp-applications.xml:326(para)
22044
#: serverguide/C/lamp-applications.xml:342(para)
22025
22045
msgid ""
22026
22046
"Access <application>MediaWiki</application> by visiting <ulink "
22027
22047
"url=\"http://localhost/mediawiki/mw-"
22031
22051
"config/index.php</ulink> if your server has no GUI.)"
22032
22052
msgstr ""
22033
22053
22034
#: serverguide/C/lamp-applications.xml:334(para)
22054
#: serverguide/C/lamp-applications.xml:350(para)
22035
22055
msgid ""
22036
22056
"Please read the <quote>Environmental checks</quote> section of the "
22037
22057
"configuration page. You should be able to fix many issues by carefully "
22038
22058
"reading this section."
22039
22059
msgstr ""
22040
22060
22041
#: serverguide/C/lamp-applications.xml:330(para)
22061
#: serverguide/C/lamp-applications.xml:357(para)
22042
22062
msgid ""
22043
22063
"Once the configuration is complete, you should copy the "
22044
22064
"<filename>LocalSettings.php</filename> file to "
22045
22065
"<filename>/etc/mediawiki</filename> directory:"
22046
22066
msgstr ""
22047
22067
22048
#: serverguide/C/lamp-applications.xml:337(command)
22068
#: serverguide/C/lamp-applications.xml:364(command)
22049
22069
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22050
22070
msgstr ""
22051
22071
22052
#: serverguide/C/lamp-applications.xml:340(para)
22072
#: serverguide/C/lamp-applications.xml:367(para)
22053
22073
msgid ""
22054
22074
"You may also want to edit "
22055
22075
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22056
22076
"memory limit (disabled by default):"
22057
22077
msgstr ""
22058
22078
22059
#: serverguide/C/lamp-applications.xml:345(programlisting)
22079
#: serverguide/C/lamp-applications.xml:372(programlisting)
22060
22080
#, no-wrap
22061
22081
msgid ""
22062
22082
"\n"
22063
22083
"ini_set( 'memory_limit', '64M' );\n"
22064
22084
msgstr ""
22065
22085
22066
#: serverguide/C/lamp-applications.xml:352(title)
22086
#: serverguide/C/lamp-applications.xml:379(title)
22067
22087
msgid "Extensions"
22068
22088
msgstr ""
22069
22089
22070
#: serverguide/C/lamp-applications.xml:353(para)
22090
#: serverguide/C/lamp-applications.xml:380(para)
22071
22091
msgid ""
22072
22092
"The extensions add new features and enhancements for the MediaWiki "
22073
22093
"application. The extensions give wiki administrators and end users the "
22074
22094
"ability to customize MediaWiki to their requirements."
22075
22095
msgstr ""
22076
22096
22077
#: serverguide/C/lamp-applications.xml:359(para)
22097
#: serverguide/C/lamp-applications.xml:386(para)
22078
22098
msgid ""
22079
22099
"You can download MediaWiki extensions as an archive file or checkout from "
22080
22100
"the Subversion repository. You should copy it to "
22083
22103
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
22084
22104
msgstr ""
22085
22105
22086
#: serverguide/C/lamp-applications.xml:367(programlisting)
22106
#: serverguide/C/lamp-applications.xml:394(programlisting)
22087
22107
#, no-wrap
22088
22108
msgid ""
22089
22109
"\n"
22090
22110
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
22091
22111
msgstr ""
22092
22112
22093
#: serverguide/C/lamp-applications.xml:377(para)
22113
#: serverguide/C/lamp-applications.xml:404(para)
22094
22114
msgid ""
22095
22115
"For more details, please refer to the <ulink "
22096
22116
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22097
22117
msgstr ""
22098
22118
22099
#: serverguide/C/lamp-applications.xml:394(para)
22119
#: serverguide/C/lamp-applications.xml:410(para)
22100
22120
msgid ""
22101
22121
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22102
22122
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22103
22123
"new MediaWiki administrators."
22104
22124
msgstr ""
22105
22125
22106
#: serverguide/C/lamp-applications.xml:389(para)
22126
#: serverguide/C/lamp-applications.xml:416(para)
22107
22127
msgid ""
22108
22128
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
22109
22129
"Wiki MediaWiki</ulink> page is a good resource."
22110
22130
msgstr ""
22111
22131
22112
#: serverguide/C/lamp-applications.xml:399(title)
22132
#: serverguide/C/lamp-applications.xml:426(title)
22113
22133
msgid "phpMyAdmin"
22114
22134
msgstr ""
22115
22135
22116
#: serverguide/C/lamp-applications.xml:401(para)
22136
#: serverguide/C/lamp-applications.xml:428(para)
22117
22137
msgid ""
22118
22138
"<application>phpMyAdmin</application> is a LAMP application specifically "
22119
22139
"written for administering <application>MySQL</application> servers. Written "
22121
22141
"phpMyAdmin provides a graphical interface for database administration tasks."
22122
22142
msgstr ""
22123
22143
22124
#: serverguide/C/lamp-applications.xml:410(para)
22144
#: serverguide/C/lamp-applications.xml:437(para)
22125
22145
msgid ""
22126
22146
"Before installing <application>phpMyAdmin</application> you will need access "
22127
22147
"to a <application>MySQL</application> database either on the same host as "
22130
22150
"enter:"
22131
22151
msgstr ""
22132
22152
22133
#: serverguide/C/lamp-applications.xml:417(command)
22153
#: serverguide/C/lamp-applications.xml:444(command)
22134
22154
msgid "sudo apt-get install phpmyadmin"
22135
22155
msgstr ""
22136
22156
22137
#: serverguide/C/lamp-applications.xml:420(para)
22157
#: serverguide/C/lamp-applications.xml:447(para)
22138
22158
msgid ""
22139
22159
"At the prompt choose which web server to be configured for "
22140
22160
"<application>phpMyAdmin</application>. The rest of this section will use "
22141
22161
"<application>Apache2</application> for the web server."
22142
22162
msgstr ""
22143
22163
22144
#: serverguide/C/lamp-applications.xml:436(para)
22164
#: serverguide/C/lamp-applications.xml:452(para)
22145
22165
msgid ""
22146
22166
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
22147
22167
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
22151
22171
"user's password."
22152
22172
msgstr ""
22153
22173
22154
#: serverguide/C/lamp-applications.xml:432(para)
22174
#: serverguide/C/lamp-applications.xml:459(para)
22155
22175
msgid ""
22156
22176
"Once logged in you can reset the <emphasis>root</emphasis> password if "
22157
22177
"needed, create users, create/destroy databases and tables, etc."
22158
22178
msgstr ""
22159
22179
22160
#: serverguide/C/lamp-applications.xml:440(para)
22180
#: serverguide/C/lamp-applications.xml:467(para)
22161
22181
msgid ""
22162
22182
"The configuration files for <application>phpMyAdmin</application> are "
22163
22183
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
22166
22186
"<application>phpMyAdmin</application>."
22167
22187
msgstr ""
22168
22188
22169
#: serverguide/C/lamp-applications.xml:446(para)
22189
#: serverguide/C/lamp-applications.xml:473(para)
22170
22190
msgid ""
22171
22191
"To use <application>phpMyAdmin</application> to administer a MySQL database "
22172
22192
"hosted on another server, adjust the following in "
22173
22193
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
22174
22194
msgstr ""
22175
22195
22176
#: serverguide/C/lamp-applications.xml:451(programlisting)
22196
#: serverguide/C/lamp-applications.xml:478(programlisting)
22177
22197
#, no-wrap
22178
22198
msgid ""
22179
22199
"\n"
22180
22200
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
22181
22201
msgstr ""
22182
22202
22183
#: serverguide/C/lamp-applications.xml:456(para)
22203
#: serverguide/C/lamp-applications.xml:483(para)
22184
22204
msgid ""
22185
22205
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
22186
22206
"remote database server name or IP address. Also, be sure that the "
22188
22208
"remote database."
22189
22209
msgstr ""
22190
22210
22191
#: serverguide/C/lamp-applications.xml:462(para)
22211
#: serverguide/C/lamp-applications.xml:489(para)
22192
22212
msgid ""
22193
22213
"Once configured, log out of <application>phpMyAdmin</application> and back "
22194
22214
"in, and you should be accessing the new server."
22195
22215
msgstr ""
22196
22216
22197
#: serverguide/C/lamp-applications.xml:466(para)
22217
#: serverguide/C/lamp-applications.xml:493(para)
22198
22218
msgid ""
22199
22219
"The <filename>config.header.inc.php</filename> and "
22200
22220
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22201
22221
"header and footer to <application>phpMyAdmin</application>."
22202
22222
msgstr ""
22203
22223
22204
#: serverguide/C/lamp-applications.xml:471(para)
22224
#: serverguide/C/lamp-applications.xml:498(para)
22205
22225
msgid ""
22206
22226
"Another important configuration file is "
22207
22227
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22208
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22209
"configure <application>Apache2</application> to serve the "
22210
"<application>phpMyAdmin</application> site. The file contains directives for "
22211
"loading <application>PHP</application>, directory permissions, etc. For more "
22212
"information on configuring <application>Apache2</application> see <xref "
22213
"linkend=\"httpd\"/>."
22214
msgstr ""
22215
22216
#: serverguide/C/lamp-applications.xml:485(para)
22228
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22229
"enabled, is used to configure <application>Apache2</application> to serve "
22230
"the <application>phpMyAdmin</application> site. The file contains directives "
22231
"for loading <application>PHP</application>, directory permissions, etc. From "
22232
"a terminal type:"
22233
msgstr ""
22234
22235
#: serverguide/C/lamp-applications.xml:506(command)
22236
msgid ""
22237
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22238
"available/phpmyadmin.conf"
22239
msgstr ""
22240
22241
#: serverguide/C/lamp-applications.xml:507(command)
22242
msgid "sudo a2enconf phpmyadmin.conf"
22243
msgstr ""
22244
22245
#: serverguide/C/lamp-applications.xml:511(para)
22246
msgid ""
22247
"For more information on configuring <application>Apache2</application> see "
22248
"<xref linkend=\"httpd\"/>."
22249
msgstr ""
22250
22251
#: serverguide/C/lamp-applications.xml:522(para)
22217
22252
msgid ""
22218
22253
"The <application>phpMyAdmin</application> documentation comes installed with "
22219
22254
"the package and can be accessed from the <emphasis>phpMyAdmin "
22222
22257
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22223
22258
msgstr ""
22224
22259
22225
#: serverguide/C/lamp-applications.xml:492(para)
22260
#: serverguide/C/lamp-applications.xml:529(para)
22226
22261
msgid ""
22227
22262
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22228
22263
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22229
22264
msgstr ""
22230
22265
22231
#: serverguide/C/lamp-applications.xml:497(para)
22266
#: serverguide/C/lamp-applications.xml:534(para)
22232
22267
msgid ""
22233
22268
"A third resource is the <ulink "
22234
22269
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22235
22270
"Wiki</ulink> page."
22236
22271
msgstr ""
22237
22272
22238
#: serverguide/C/lamp-applications.xml:517(title)
22273
#: serverguide/C/lamp-applications.xml:543(title)
22239
22274
msgid "WordPress"
22240
22275
msgstr ""
22241
22276
22242
#: serverguide/C/lamp-applications.xml:518(para)
22277
#: serverguide/C/lamp-applications.xml:544(para)
22243
22278
msgid ""
22244
22279
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22245
22280
"licensed under the GNU GPLv2."
22246
22281
msgstr ""
22247
22282
22248
#: serverguide/C/lamp-applications.xml:524(para)
22283
#: serverguide/C/lamp-applications.xml:550(para)
22249
22284
msgid ""
22250
22285
"To install <application>WordPress</application>, run the following comand in "
22251
22286
"the command prompt:"
22252
22287
msgstr ""
22253
22288
22254
#: serverguide/C/lamp-applications.xml:529(command)
22289
#: serverguide/C/lamp-applications.xml:555(command)
22255
22290
msgid "sudo apt-get install wordpress"
22256
22291
msgstr ""
22257
22292
22258
#: serverguide/C/lamp-applications.xml:532(para)
22293
#: serverguide/C/lamp-applications.xml:558(para)
22259
22294
msgid ""
22260
22295
"You should also install <application>apache2</application> web server and "
22261
22296
"<application>mysql</application> server. For installing "
22266
22301
"linkend=\"mysql\"/> section."
22267
22302
msgstr ""
22268
22303
22269
#: serverguide/C/lamp-applications.xml:546(para)
22304
#: serverguide/C/lamp-applications.xml:572(para)
22270
22305
msgid ""
22271
22306
"For configuring your first <application>WordPress</application> application, "
22272
22307
"configure an apache site. Open <filename>/etc/apache2/sites-"
22273
22308
"available/wordpress.conf</filename> and write the following lines:"
22274
22309
msgstr ""
22275
22310
22276
#: serverguide/C/lamp-applications.xml:553(programlisting)
22311
#: serverguide/C/lamp-applications.xml:579(programlisting)
22277
22312
#, no-wrap
22278
22313
msgid ""
22279
22314
"\n"
22293
22328
" "
22294
22329
msgstr ""
22295
22330
22296
#: serverguide/C/lamp-applications.xml:569(para)
22331
#: serverguide/C/lamp-applications.xml:595(para)
22297
22332
msgid "Enable this new <application>WordPress</application> site"
22298
22333
msgstr ""
22299
22334
22300
#: serverguide/C/lamp-applications.xml:572(command)
22335
#: serverguide/C/lamp-applications.xml:598(command)
22301
22336
msgid "sudo a2ensite wordpress"
22302
22337
msgstr ""
22303
22338
22304
#: serverguide/C/lamp-applications.xml:575(para)
22339
#: serverguide/C/lamp-applications.xml:601(para)
22305
22340
msgid ""
22306
22341
"Once you configure the <application>apache2</application> web server and "
22307
22342
"make it ready for your <application>WordPress</application> application, you "
22309
22344
"<application>apache2</application> web server:"
22310
22345
msgstr ""
22311
22346
22312
#: serverguide/C/lamp-applications.xml:587(para)
22347
#: serverguide/C/lamp-applications.xml:613(para)
22313
22348
msgid ""
22314
22349
"To facilitate multiple <application>WordPress</application> installations, "
22315
22350
"the name of this configuration file is based on the Host header of the HTTP "
22322
22357
"NAME_OF_YOUR_VIRTUAL_HOST.php."
22323
22358
msgstr ""
22324
22359
22325
#: serverguide/C/lamp-applications.xml:598(para)
22360
#: serverguide/C/lamp-applications.xml:624(para)
22326
22361
msgid ""
22327
22362
"Once the configuration file is written, it is up to you to choose a "
22328
22363
"convention for username and password to mysql for each "
22330
22365
"shows only one, localhost, example."
22331
22366
msgstr ""
22332
22367
22333
#: serverguide/C/lamp-applications.xml:605(para)
22368
#: serverguide/C/lamp-applications.xml:631(para)
22334
22369
msgid ""
22335
22370
"Now configure <application>WordPress</application> to use a mysql database. "
22336
22371
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
22337
22372
"the following lines:"
22338
22373
msgstr ""
22339
22374
22340
#: serverguide/C/lamp-applications.xml:611(programlisting)
22375
#: serverguide/C/lamp-applications.xml:637(programlisting)
22341
22376
#, no-wrap
22342
22377
msgid ""
22343
22378
"\n"
22350
22385
"?>\n"
22351
22386
msgstr ""
22352
22387
22353
#: serverguide/C/lamp-applications.xml:620(para)
22388
#: serverguide/C/lamp-applications.xml:646(para)
22354
22389
msgid ""
22355
22390
"Now create this mysql database. Open a temporary file with mysql commands "
22356
22391
"<filename>wordpress.sql</filename> and write the following lines:"
22357
22392
msgstr ""
22358
22393
22359
#: serverguide/C/lamp-applications.xml:623(programlisting)
22394
#: serverguide/C/lamp-applications.xml:649(programlisting)
22360
22395
#, no-wrap
22361
22396
msgid ""
22362
22397
"\n"
22368
22403
"FLUSH PRIVILEGES;\n"
22369
22404
msgstr ""
22370
22405
22371
#: serverguide/C/lamp-applications.xml:631(para)
22406
#: serverguide/C/lamp-applications.xml:657(para)
22372
22407
msgid "Execute these commands."
22373
22408
msgstr ""
22374
22409
22375
#: serverguide/C/lamp-applications.xml:633(command)
22410
#: serverguide/C/lamp-applications.xml:659(command)
22376
22411
msgid ""
22377
22412
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
22378
22413
msgstr ""
22379
22414
22380
#: serverguide/C/lamp-applications.xml:635(para)
22415
#: serverguide/C/lamp-applications.xml:661(para)
22381
22416
msgid ""
22382
22417
"Your new <application>WordPress</application> can now be configured by "
22383
22418
"visiting <ulink url=\"http://localhost/blog/wp-"
22390
22425
"mail and click Install WordPress."
22391
22426
msgstr ""
22392
22427
22393
#: serverguide/C/lamp-applications.xml:642(para)
22428
#: serverguide/C/lamp-applications.xml:668(para)
22394
22429
msgid ""
22395
22430
"Note the generated password (if applicable) and click the login password. "
22396
22431
"Your <application>WordPress</application> is now ready for use."
22397
22432
msgstr ""
22398
22433
22399
#: serverguide/C/lamp-applications.xml:652(ulink)
22434
#: serverguide/C/lamp-applications.xml:678(ulink)
22400
22435
msgid "WordPress.org Codex"
22401
22436
msgstr ""
22402
22437
22403
#: serverguide/C/lamp-applications.xml:657(ulink)
22438
#: serverguide/C/lamp-applications.xml:683(ulink)
22404
22439
msgid "Ubuntu Wiki WordPress"
22405
22440
msgstr ""
22406
22441
22437
22472
#: serverguide/C/introduction.xml:31(para)
22438
22473
msgid ""
22439
22474
"There are a couple of different ways that Ubuntu Server Edition is "
22440
"supported, commercial support and community support. The main commercial "
22441
"support (and development funding) is available from Canonical Ltd. They "
22442
"supply reasonably priced support contracts on a per desktop or per server "
22475
"supported: commercial support and community support. The main commercial "
22476
"support (and development funding) is available from Canonical, Ltd. They "
22477
"supply reasonably- priced support contracts on a per desktop or per server "
22443
22478
"basis. For more information see the <ulink "
22444
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22445
"page."
22479
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22446
22480
msgstr ""
22447
22481
22448
#: serverguide/C/introduction.xml:38(para)
22482
#: serverguide/C/introduction.xml:40(para)
22449
22483
msgid ""
22450
"Community support is also provided by dedicated individuals, and companies, "
22484
"Community support is also provided by dedicated individuals and companies "
22451
22485
"that wish to make Ubuntu the best distribution possible. Support is provided "
22452
22486
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22453
22487
"large amount of information available can be overwhelming, but a good search "
22495
22529
msgid "Install Type"
22496
22530
msgstr ""
22497
22531
22498
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
22532
#: serverguide/C/installation.xml:36(para)
22499
22533
msgid "CPU"
22500
22534
msgstr ""
22501
22535
22527
22561
msgid "512 megabytes"
22528
22562
msgstr ""
22529
22563
22530
#: serverguide/C/installation.xml:51(para)
22564
#: serverguide/C/installation.xml:50(para)
22531
22565
msgid "1 gigabyte"
22532
22566
msgstr ""
22533
22567
22539
22573
msgid "Server (Minimal)"
22540
22574
msgstr ""
22541
22575
22542
#: serverguide/C/installation.xml:48(para)
22576
#: serverguide/C/installation.xml:55(para)
22543
22577
msgid "300 megahertz"
22544
22578
msgstr ""
22545
22579
22555
22589
msgid "1.4 gigabytes"
22556
22590
msgstr ""
22557
22591
22558
#: serverguide/C/installation.xml:56(para)
22592
#: serverguide/C/installation.xml:64(para)
22559
22593
msgid ""
22560
22594
"The Server Edition provides a common base for all sorts of server "
22561
22595
"applications. It is a minimalist design providing a platform for the desired "
22562
22596
"services, such as file/print services, web hosting, email hosting, etc."
22563
22597
msgstr ""
22564
22598
22565
#: serverguide/C/installation.xml:70(title)
22599
#: serverguide/C/installation.xml:72(title)
22566
22600
msgid "Server and Desktop Differences"
22567
22601
msgstr ""
22568
22602
22569
#: serverguide/C/installation.xml:71(para)
22603
#: serverguide/C/installation.xml:73(para)
22570
22604
msgid ""
22571
22605
"There are a few differences between the <emphasis>Ubuntu Server "
22572
22606
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
22582
22616
"environment in the Server Edition and the installation process."
22583
22617
msgstr ""
22584
22618
22585
#: serverguide/C/installation.xml:84(title)
22619
#: serverguide/C/installation.xml:86(title)
22586
22620
msgid "Kernel Differences:"
22587
22621
msgstr ""
22588
22622
22589
#: serverguide/C/installation.xml:85(para)
22623
#: serverguide/C/installation.xml:87(para)
22590
22624
msgid ""
22591
22625
"Ubuntu version 10.10 and prior, actually had different kernels for the "
22592
22626
"server and desktop editions. Ubuntu no longer has separate -server and -"
22594
22628
"flavor to help reduce the maintenance burden over the life of the release."
22595
22629
msgstr ""
22596
22630
22597
#: serverguide/C/installation.xml:90(para)
22631
#: serverguide/C/installation.xml:92(para)
22598
22632
msgid ""
22599
22633
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
22600
22634
"limited by memory addressing space."
22608
22642
"great resource on the options available."
22609
22643
msgstr ""
22610
22644
22611
#: serverguide/C/installation.xml:104(title)
22645
#: serverguide/C/installation.xml:106(title)
22612
22646
msgid "Backing Up"
22613
22647
msgstr ""
22614
22648
22615
#: serverguide/C/installation.xml:107(para)
22649
#: serverguide/C/installation.xml:109(para)
22616
22650
msgid ""
22617
22651
"Before installing <application>Ubuntu Server Edition</application> you "
22618
22652
"should make sure all data on the system is backed up. See <xref "
22619
22653
"linkend=\"backups\"/> for backup options."
22620
22654
msgstr ""
22621
22655
22622
#: serverguide/C/installation.xml:111(para)
22656
#: serverguide/C/installation.xml:113(para)
22623
22657
msgid ""
22624
22658
"If this is not the first time an operating system has been installed on your "
22625
22659
"computer, it is likely you will need to re-partition your disk to make room "
22626
22660
"for Ubuntu."
22627
22661
msgstr ""
22628
22662
22629
#: serverguide/C/installation.xml:115(para)
22663
#: serverguide/C/installation.xml:117(para)
22630
22664
msgid ""
22631
22665
"Any time you partition your disk, you should be prepared to lose everything "
22632
22666
"on the disk should you make a mistake or something goes wrong during "
22634
22668
"have seen years of use, but they also perform destructive actions."
22635
22669
msgstr ""
22636
22670
22637
#: serverguide/C/installation.xml:127(title)
22671
#: serverguide/C/installation.xml:129(title)
22638
22672
msgid "Installing from CD"
22639
22673
msgstr ""
22640
22674
22641
#: serverguide/C/installation.xml:128(para)
22675
#: serverguide/C/installation.xml:130(para)
22642
22676
msgid ""
22643
22677
"The basic steps to install Ubuntu Server Edition from CD are the same as "
22644
22678
"those for installing any operating system from CD. Unlike the "
22647
22681
"Server Edition uses a console menu based process instead."
22648
22682
msgstr ""
22649
22683
22650
#: serverguide/C/installation.xml:135(para)
22684
#: serverguide/C/installation.xml:137(para)
22651
22685
msgid ""
22652
"First, download and burn the appropriate ISO file from the <ulink "
22686
"Download and burn the appropriate ISO file from the <ulink "
22653
22687
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
22654
22688
"site</ulink>."
22655
22689
msgstr ""
22656
22690
22657
#: serverguide/C/installation.xml:141(para)
22691
#: serverguide/C/installation.xml:143(para)
22658
22692
msgid "Boot the system from the CD-ROM drive."
22659
22693
msgstr ""
22660
22694
22661
#: serverguide/C/installation.xml:146(para)
22695
#: serverguide/C/installation.xml:148(para)
22662
22696
msgid "At the boot prompt you will be asked to select a language."
22663
22697
msgstr ""
22664
22698
22665
#: serverguide/C/installation.xml:151(para)
22699
#: serverguide/C/installation.xml:153(para)
22666
22700
msgid ""
22667
22701
"From the main boot menu there are some additional options to install Ubuntu "
22668
22702
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
22671
22705
"install."
22672
22706
msgstr ""
22673
22707
22674
#: serverguide/C/installation.xml:158(para)
22708
#: serverguide/C/installation.xml:160(para)
22675
22709
msgid ""
22676
"The installer asks for which language it should use. Afterwards, you are "
22677
"asked to select your location."
22710
"The installer asks which language it should use. Afterwards, you are asked "
22711
"to select your location."
22678
22712
msgstr ""
22679
22713
22680
#: serverguide/C/installation.xml:164(para)
22714
#: serverguide/C/installation.xml:166(para)
22681
22715
msgid ""
22682
22716
"Next, the installation process begins by asking for your keyboard layout. "
22683
22717
"You can ask the installer to attempt auto-detecting it, or you can select it "
22684
22718
"manually from a list."
22685
22719
msgstr ""
22686
22720
22687
#: serverguide/C/installation.xml:170(para)
22721
#: serverguide/C/installation.xml:172(para)
22688
22722
msgid ""
22689
22723
"The installer then discovers your hardware configuration, and configures the "
22690
22724
"network settings using DHCP. If you do not wish to use DHCP at the next "
22696
22730
msgid "Next, the installer asks for the system's hostname."
22697
22731
msgstr ""
22698
22732
22699
#: serverguide/C/installation.xml:195(para)
22733
#: serverguide/C/installation.xml:184(para)
22700
22734
msgid ""
22701
22735
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22702
22736
"through the <application>sudo</application> utility."
22703
22737
msgstr ""
22704
22738
22705
#: serverguide/C/installation.xml:201(para)
22739
#: serverguide/C/installation.xml:190(para)
22706
22740
msgid ""
22707
"After the user settings have been completed, you will be asked to encrypt "
22708
"your <filename role=\"directory\">home</filename> directory."
22741
"After the user settings have been completed, you will be asked if you want "
22742
"to encrypt your <filename role=\"directory\">home</filename> directory."
22709
22743
msgstr ""
22710
22744
22711
22745
#: serverguide/C/installation.xml:196(para)
22712
22746
msgid "Next, the installer asks for the system's Time Zone."
22713
22747
msgstr ""
22714
22748
22715
#: serverguide/C/installation.xml:182(para)
22749
#: serverguide/C/installation.xml:201(para)
22716
22750
msgid ""
22717
22751
"You can then choose from several options to configure the hard drive layout. "
22718
"Afterwards you are asked for which disk to install to. You may get "
22719
"confirmation prompts before rewriting the partition table or setting up LVM "
22720
"depending on disk layout. If you choose LVM, you will be asked for the size "
22721
"of the root logical volume. For advanced disk options see <xref "
22722
"linkend=\"advanced-installation\"/>."
22752
"Afterwards you are asked which disk to install to. You may get confirmation "
22753
"prompts before rewriting the partition table or setting up LVM depending on "
22754
"disk layout. If you choose LVM, you will be asked for the size of the root "
22755
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
22756
"installation\"/>."
22723
22757
msgstr ""
22724
22758
22725
#: serverguide/C/installation.xml:190(para)
22759
#: serverguide/C/installation.xml:209(para)
22726
22760
msgid "The Ubuntu base system is then installed."
22727
22761
msgstr ""
22728
22762
22729
#: serverguide/C/installation.xml:207(para)
22763
#: serverguide/C/installation.xml:214(para)
22730
22764
msgid ""
22731
22765
"The next step in the installation process is to decide how you want to "
22732
22766
"update the system. There are three options:"
22733
22767
msgstr ""
22734
22768
22735
#: serverguide/C/installation.xml:213(para)
22769
#: serverguide/C/installation.xml:220(para)
22736
22770
msgid ""
22737
22771
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
22738
22772
"log into the machine and manually install updates."
22739
22773
msgstr ""
22740
22774
22741
#: serverguide/C/installation.xml:219(para)
22775
#: serverguide/C/installation.xml:226(para)
22742
22776
msgid ""
22743
22777
"<emphasis>Install security updates automatically</emphasis>: this will "
22744
22778
"install the <application>unattended-upgrades</application> package, which "
22746
22780
"For more details see <xref linkend=\"automatic-updates\"/>."
22747
22781
msgstr ""
22748
22782
22749
#: serverguide/C/installation.xml:226(para)
22783
#: serverguide/C/installation.xml:233(para)
22750
22784
msgid ""
22751
22785
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
22752
22786
"service provided by Canonical to help manage your Ubuntu machines. See the "
22753
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
22754
"site for details."
22787
"<ulink url=\"http://landscape.canonical.com/\">Landscape</ulink> site for "
22788
"details."
22755
22789
msgstr ""
22756
22790
22757
#: serverguide/C/installation.xml:235(para)
22791
#: serverguide/C/installation.xml:242(para)
22758
22792
msgid ""
22759
22793
"You now have the option to install, or not install, several package tasks. "
22760
22794
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
22762
22796
"install. For more information see <xref linkend=\"aptitude\"/>."
22763
22797
msgstr ""
22764
22798
22765
#: serverguide/C/installation.xml:243(para)
22799
#: serverguide/C/installation.xml:250(para)
22766
22800
msgid "Finally, the last step before rebooting is to set the clock to UTC."
22767
22801
msgstr ""
22768
22802
22769
#: serverguide/C/installation.xml:249(para)
22803
#: serverguide/C/installation.xml:256(para)
22770
22804
msgid ""
22771
22805
"If at any point during installation you are not satisfied by the default "
22772
22806
"setting, use the \"Go Back\" function at any prompt to be brought to a "
22774
22808
"settings."
22775
22809
msgstr ""
22776
22810
22777
#: serverguide/C/installation.xml:254(para)
22811
#: serverguide/C/installation.xml:261(para)
22778
22812
msgid ""
22779
22813
"At some point during the installation process you may want to read the help "
22780
22814
"screen provided by the installation system. To do this, press F1."
22787
22821
"Installation Guide</ulink>."
22788
22822
msgstr ""
22789
22823
22790
#: serverguide/C/installation.xml:265(title)
22824
#: serverguide/C/installation.xml:272(title)
22791
22825
msgid "Package Tasks"
22792
22826
msgstr ""
22793
22827
22794
#: serverguide/C/installation.xml:266(para)
22828
#: serverguide/C/installation.xml:273(para)
22795
22829
msgid ""
22796
22830
"During the Server Edition installation you have the option of installing "
22797
22831
"additional packages from the CD. The packages are grouped by the type of "
22798
22832
"service they provide."
22799
22833
msgstr ""
22800
22834
22801
#: serverguide/C/installation.xml:272(para)
22835
#: serverguide/C/installation.xml:279(para)
22802
22836
msgid "DNS server: Selects the BIND DNS server and its documentation."
22803
22837
msgstr ""
22804
22838
22805
#: serverguide/C/installation.xml:277(para)
22839
#: serverguide/C/installation.xml:284(para)
22806
22840
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
22807
22841
msgstr ""
22808
22842
22809
#: serverguide/C/installation.xml:282(para)
22843
#: serverguide/C/installation.xml:289(para)
22810
22844
msgid ""
22811
22845
"Mail server: This task selects a variety of packages useful for a general "
22812
22846
"purpose mail server system."
22813
22847
msgstr ""
22814
22848
22815
#: serverguide/C/installation.xml:287(para)
22849
#: serverguide/C/installation.xml:294(para)
22816
22850
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
22817
22851
msgstr ""
22818
22852
22819
#: serverguide/C/installation.xml:292(para)
22853
#: serverguide/C/installation.xml:299(para)
22820
22854
msgid ""
22821
22855
"PostgreSQL database: This task selects client and server packages for the "
22822
22856
"PostgreSQL database."
22823
22857
msgstr ""
22824
22858
22825
#: serverguide/C/installation.xml:297(para)
22859
#: serverguide/C/installation.xml:304(para)
22826
22860
msgid "Print server: This task sets up your system to be a print server."
22827
22861
msgstr ""
22828
22862
22829
#: serverguide/C/installation.xml:302(para)
22863
#: serverguide/C/installation.xml:309(para)
22830
22864
msgid ""
22831
22865
"Samba File server: This task sets up your system to be a Samba file server, "
22832
22866
"which is especially suitable in networks with both Windows and Linux systems."
22833
22867
msgstr ""
22834
22868
22835
#: serverguide/C/installation.xml:308(para)
22869
#: serverguide/C/installation.xml:315(para)
22836
22870
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
22837
22871
msgstr ""
22838
22872
22839
#: serverguide/C/installation.xml:313(para)
22873
#: serverguide/C/installation.xml:320(para)
22840
22874
msgid ""
22841
22875
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
22842
22876
msgstr ""
22843
22877
22844
#: serverguide/C/installation.xml:318(para)
22878
#: serverguide/C/installation.xml:325(para)
22845
22879
msgid ""
22846
22880
"Manually select packages: Executes <application>aptitude</application> "
22847
22881
"allowing you to individually select packages."
22848
22882
msgstr ""
22849
22883
22850
#: serverguide/C/installation.xml:323(para)
22884
#: serverguide/C/installation.xml:330(para)
22851
22885
msgid ""
22852
22886
"Installing the package groups is accomplished using the "
22853
22887
"<application>tasksel</application> utility. One of the important differences "
22858
22892
"a fully integrated service."
22859
22893
msgstr ""
22860
22894
22861
#: serverguide/C/installation.xml:330(para)
22895
#: serverguide/C/installation.xml:337(para)
22862
22896
msgid ""
22863
22897
"Once the installation process has finished you can view a list of available "
22864
22898
"tasks by entering the following from a terminal prompt:"
22865
22899
msgstr ""
22866
22900
22867
#: serverguide/C/installation.xml:335(command)
22901
#: serverguide/C/installation.xml:342(command)
22868
22902
msgid "tasksel --list-tasks"
22869
22903
msgstr ""
22870
22904
22871
#: serverguide/C/installation.xml:338(para)
22905
#: serverguide/C/installation.xml:345(para)
22872
22906
msgid ""
22873
22907
"The output will list tasks from other Ubuntu based distributions such as "
22874
22908
"Kubuntu and Edubuntu. Note that you can also invoke the "
22876
22910
"the different tasks available."
22877
22911
msgstr ""
22878
22912
22879
#: serverguide/C/installation.xml:344(para)
22913
#: serverguide/C/installation.xml:351(para)
22880
22914
msgid ""
22881
22915
"You can view a list of which packages are installed with each task using the "
22882
22916
"<emphasis>--task-packages</emphasis> option. For example, to list the "
22884
22918
"following:"
22885
22919
msgstr ""
22886
22920
22887
#: serverguide/C/installation.xml:349(command)
22921
#: serverguide/C/installation.xml:356(command)
22888
22922
msgid "tasksel --task-packages dns-server"
22889
22923
msgstr ""
22890
22924
22891
#: serverguide/C/installation.xml:351(para)
22925
#: serverguide/C/installation.xml:358(para)
22892
22926
msgid "The output of the command should list:"
22893
22927
msgstr ""
22894
22928
22895
#: serverguide/C/installation.xml:354(programlisting)
22929
#: serverguide/C/installation.xml:361(programlisting)
22896
22930
#, no-wrap
22897
22931
msgid ""
22898
22932
"\n"
22901
22935
"bind9\n"
22902
22936
msgstr ""
22903
22937
22904
#: serverguide/C/installation.xml:359(para)
22938
#: serverguide/C/installation.xml:366(para)
22905
22939
msgid ""
22906
22940
"If you did not install one of the tasks during the installation process, but "
22907
22941
"for example you decide to make your new LAMP server a DNS server as well, "
22908
22942
"simply insert the installation CD and from a terminal:"
22909
22943
msgstr ""
22910
22944
22911
#: serverguide/C/installation.xml:364(command)
22945
#: serverguide/C/installation.xml:371(command)
22912
22946
msgid "sudo tasksel install dns-server"
22913
22947
msgstr ""
22914
22948
22915
#: serverguide/C/installation.xml:369(title)
22949
#: serverguide/C/installation.xml:376(title)
22916
22950
msgid "Upgrading"
22917
22951
msgstr ""
22918
22952
22919
#: serverguide/C/installation.xml:370(para)
22953
#: serverguide/C/installation.xml:377(para)
22920
22954
msgid ""
22921
22955
"There are several ways to upgrade from one Ubuntu release to another. This "
22922
22956
"section gives an overview of the recommended upgrade method."
22923
22957
msgstr ""
22924
22958
22925
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
22959
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
22926
22960
msgid "do-release-upgrade"
22927
22961
msgstr ""
22928
22962
22929
#: serverguide/C/installation.xml:375(para)
22963
#: serverguide/C/installation.xml:382(para)
22930
22964
msgid ""
22931
22965
"The recommended way to upgrade a Server Edition installation is to use the "
22932
22966
"<application>do-release-upgrade</application> utility. Part of the "
22934
22968
"graphical dependencies and is installed by default."
22935
22969
msgstr ""
22936
22970
22937
#: serverguide/C/installation.xml:380(para)
22971
#: serverguide/C/installation.xml:387(para)
22938
22972
msgid ""
22939
22973
"Debian based systems can also be upgraded by using <command>apt-get dist-"
22940
22974
"upgrade</command>. However, using <application>do-release-"
22942
22976
"system configuration changes sometimes needed between releases."
22943
22977
msgstr ""
22944
22978
22945
#: serverguide/C/installation.xml:385(para)
22979
#: serverguide/C/installation.xml:392(para)
22946
22980
msgid "To upgrade to a newer release, from a terminal prompt enter:"
22947
22981
msgstr ""
22948
22982
22949
#: serverguide/C/installation.xml:391(para)
22983
#: serverguide/C/installation.xml:398(para)
22950
22984
msgid ""
22951
22985
"It is also possible to use <application>do-release-upgrade</application> to "
22952
22986
"upgrade to a development version of Ubuntu. To accomplish this use the "
22953
22987
"<emphasis>-d</emphasis> switch:"
22954
22988
msgstr ""
22955
22989
22956
#: serverguide/C/installation.xml:396(command)
22990
#: serverguide/C/installation.xml:403(command)
22957
22991
msgid "do-release-upgrade -d"
22958
22992
msgstr ""
22959
22993
22960
#: serverguide/C/installation.xml:399(para)
22994
#: serverguide/C/installation.xml:406(para)
22961
22995
msgid ""
22962
22996
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
22963
22997
"for production environments."
22964
22998
msgstr ""
22965
22999
22966
#: serverguide/C/installation.xml:406(title)
23000
#: serverguide/C/installation.xml:413(title)
22967
23001
msgid "Advanced Installation"
22968
23002
msgstr ""
22969
23003
22970
#: serverguide/C/installation.xml:409(title)
23004
#: serverguide/C/installation.xml:416(title)
22971
23005
msgid "Software RAID"
22972
23006
msgstr ""
22973
23007
22974
#: serverguide/C/installation.xml:411(para)
23008
#: serverguide/C/installation.xml:418(para)
22975
23009
msgid ""
22976
23010
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
22977
23011
"disks to provide different balances of increasing data reliability and/or "
22982
23016
"the drives 'invisibly')."
22983
23017
msgstr ""
22984
23018
22985
#: serverguide/C/installation.xml:419(para)
23019
#: serverguide/C/installation.xml:426(para)
22986
23020
msgid ""
22987
23021
"The RAID software included with current versions of Linux (and Ubuntu) is "
22988
23022
"based on the <application>'mdadm'</application> driver and works very well, "
22992
23026
"another for <emphasis>swap</emphasis>."
22993
23027
msgstr ""
22994
23028
22995
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23029
#: serverguide/C/installation.xml:434(title)
22996
23030
msgid "Partitioning"
22997
23031
msgstr ""
22998
23032
22999
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23033
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23000
23034
msgid ""
23001
23035
"Follow the installation steps until you get to the <emphasis>Partition "
23002
23036
"disks</emphasis> step, then:"
23003
23037
msgstr ""
23004
23038
23005
#: serverguide/C/installation.xml:436(para)
23039
#: serverguide/C/installation.xml:443(para)
23006
23040
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23007
23041
msgstr ""
23008
23042
23009
#: serverguide/C/installation.xml:443(para)
23043
#: serverguide/C/installation.xml:450(para)
23010
23044
msgid ""
23011
23045
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23012
23046
"partition table on this device?\"</emphasis>."
23013
23047
msgstr ""
23014
23048
23015
#: serverguide/C/installation.xml:447(para)
23049
#: serverguide/C/installation.xml:454(para)
23016
23050
msgid ""
23017
23051
"Repeat this step for each drive you wish to be part of the RAID array."
23018
23052
msgstr ""
23019
23053
23020
#: serverguide/C/installation.xml:454(para)
23054
#: serverguide/C/installation.xml:461(para)
23021
23055
msgid ""
23022
23056
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23023
23057
"select <emphasis>\"Create a new partition\"</emphasis>."
23024
23058
msgstr ""
23025
23059
23026
#: serverguide/C/installation.xml:461(para)
23060
#: serverguide/C/installation.xml:468(para)
23027
23061
msgid ""
23028
23062
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23029
23063
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23031
23065
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
23032
23066
msgstr ""
23033
23067
23034
#: serverguide/C/installation.xml:468(para)
23068
#: serverguide/C/installation.xml:475(para)
23035
23069
msgid ""
23036
23070
"A swap partition size of twice the available RAM capacity may not always be "
23037
23071
"desirable, especially on systems with large amounts of RAM. Calculating the "
23039
23073
"going to be used."
23040
23074
msgstr ""
23041
23075
23042
#: serverguide/C/installation.xml:477(para)
23076
#: serverguide/C/installation.xml:484(para)
23043
23077
msgid ""
23044
23078
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
23045
23079
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
23047
23081
"<emphasis>\"Done setting up partition\"</emphasis>."
23048
23082
msgstr ""
23049
23083
23050
#: serverguide/C/installation.xml:486(para)
23084
#: serverguide/C/installation.xml:493(para)
23051
23085
msgid ""
23052
23086
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
23053
23087
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
23054
23088
"partition\"</emphasis>."
23055
23089
msgstr ""
23056
23090
23057
#: serverguide/C/installation.xml:494(para)
23091
#: serverguide/C/installation.xml:501(para)
23058
23092
msgid ""
23059
23093
"Use the rest of the free space on the drive and choose "
23060
23094
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
23061
23095
msgstr ""
23062
23096
23063
#: serverguide/C/installation.xml:501(para)
23097
#: serverguide/C/installation.xml:508(para)
23064
23098
msgid ""
23065
23099
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
23066
23100
"at the top, changing it to <emphasis>\"physical volume for "
23069
23103
"<emphasis>\"Done setting up partition\"</emphasis>."
23070
23104
msgstr ""
23071
23105
23072
#: serverguide/C/installation.xml:511(para)
23106
#: serverguide/C/installation.xml:518(para)
23073
23107
msgid "Repeat steps three through eight for the other disk and partitions."
23074
23108
msgstr ""
23075
23109
23076
#: serverguide/C/installation.xml:520(title)
23110
#: serverguide/C/installation.xml:527(title)
23077
23111
msgid "RAID Configuration"
23078
23112
msgstr ""
23079
23113
23080
#: serverguide/C/installation.xml:522(para)
23114
#: serverguide/C/installation.xml:529(para)
23081
23115
msgid "With the partitions setup the arrays are ready to be configured:"
23082
23116
msgstr ""
23083
23117
23084
#: serverguide/C/installation.xml:529(para)
23118
#: serverguide/C/installation.xml:536(para)
23085
23119
msgid ""
23086
23120
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23087
23121
"Software RAID\"</emphasis> at the top."
23088
23122
msgstr ""
23089
23123
23090
#: serverguide/C/installation.xml:536(para)
23124
#: serverguide/C/installation.xml:543(para)
23091
23125
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23092
23126
msgstr ""
23093
23127
23094
#: serverguide/C/installation.xml:543(para)
23128
#: serverguide/C/installation.xml:550(para)
23095
23129
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23096
23130
msgstr ""
23097
23131
23098
#: serverguide/C/installation.xml:550(para)
23132
#: serverguide/C/installation.xml:557(para)
23099
23133
msgid ""
23100
23134
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23101
23135
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23102
23136
msgstr ""
23103
23137
23104
#: serverguide/C/installation.xml:556(para)
23138
#: serverguide/C/installation.xml:563(para)
23105
23139
msgid ""
23106
23140
"In order to use <emphasis>RAID5</emphasis> you need at least "
23107
23141
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23108
23142
"<emphasis>two</emphasis> drives are required."
23109
23143
msgstr ""
23110
23144
23111
#: serverguide/C/installation.xml:565(para)
23145
#: serverguide/C/installation.xml:572(para)
23112
23146
msgid ""
23113
23147
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23114
23148
"of hard drives you have, for the array. Then select "
23115
23149
"<emphasis>\"Continue\"</emphasis>."
23116
23150
msgstr ""
23117
23151
23118
#: serverguide/C/installation.xml:573(para)
23152
#: serverguide/C/installation.xml:580(para)
23119
23153
msgid ""
23120
23154
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23121
23155
"default, then choose <emphasis>\"Continue\"</emphasis>."
23122
23156
msgstr ""
23123
23157
23124
#: serverguide/C/installation.xml:580(para)
23158
#: serverguide/C/installation.xml:587(para)
23125
23159
msgid ""
23126
23160
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23127
23161
"etc. The numbers will usually match and the different letters correspond to "
23128
23162
"different hard drives."
23129
23163
msgstr ""
23130
23164
23131
#: serverguide/C/installation.xml:585(para)
23165
#: serverguide/C/installation.xml:592(para)
23132
23166
msgid ""
23133
23167
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23134
23168
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23135
23169
"go to the next step."
23136
23170
msgstr ""
23137
23171
23138
#: serverguide/C/installation.xml:593(para)
23172
#: serverguide/C/installation.xml:600(para)
23139
23173
msgid ""
23140
23174
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23141
23175
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23142
23176
"and <emphasis>sdb2</emphasis>."
23143
23177
msgstr ""
23144
23178
23145
#: serverguide/C/installation.xml:601(para)
23179
#: serverguide/C/installation.xml:608(para)
23146
23180
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23147
23181
msgstr ""
23148
23182
23149
#: serverguide/C/installation.xml:611(title)
23183
#: serverguide/C/installation.xml:618(title)
23150
23184
msgid "Formatting"
23151
23185
msgstr ""
23152
23186
23153
#: serverguide/C/installation.xml:613(para)
23187
#: serverguide/C/installation.xml:620(para)
23154
23188
msgid ""
23155
23189
"There should now be a list of hard drives and RAID devices. The next step is "
23156
23190
"to format and set the mount point for the RAID devices. Treat the RAID "
23157
23191
"device as a local hard drive, format and mount accordingly."
23158
23192
msgstr ""
23159
23193
23160
#: serverguide/C/installation.xml:621(para)
23194
#: serverguide/C/installation.xml:628(para)
23161
23195
msgid ""
23162
23196
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23163
23197
"#0\"</emphasis> partition."
23164
23198
msgstr ""
23165
23199
23166
#: serverguide/C/installation.xml:628(para)
23200
#: serverguide/C/installation.xml:635(para)
23167
23201
msgid ""
23168
23202
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23169
23203
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23170
23204
msgstr ""
23171
23205
23172
#: serverguide/C/installation.xml:636(para)
23206
#: serverguide/C/installation.xml:643(para)
23173
23207
msgid ""
23174
23208
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23175
23209
"#1\"</emphasis> partition."
23176
23210
msgstr ""
23177
23211
23178
#: serverguide/C/installation.xml:643(para)
23212
#: serverguide/C/installation.xml:650(para)
23179
23213
msgid ""
23180
23214
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23181
23215
"journaling file system\"</emphasis>."
23182
23216
msgstr ""
23183
23217
23184
#: serverguide/C/installation.xml:650(para)
23218
#: serverguide/C/installation.xml:657(para)
23185
23219
msgid ""
23186
23220
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23187
23221
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23189
23223
"partition\"</emphasis>."
23190
23224
msgstr ""
23191
23225
23192
#: serverguide/C/installation.xml:658(para)
23226
#: serverguide/C/installation.xml:665(para)
23193
23227
msgid ""
23194
23228
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23195
23229
"disk\"</emphasis>."
23196
23230
msgstr ""
23197
23231
23198
#: serverguide/C/installation.xml:665(para)
23232
#: serverguide/C/installation.xml:672(para)
23199
23233
msgid ""
23200
23234
"If you choose to place the root partition on a RAID array, the installer "
23201
23235
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23202
23236
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23203
23237
msgstr ""
23204
23238
23205
#: serverguide/C/installation.xml:670(para)
23239
#: serverguide/C/installation.xml:677(para)
23206
23240
msgid "The installation process will then continue normally."
23207
23241
msgstr ""
23208
23242
23209
#: serverguide/C/installation.xml:676(title)
23243
#: serverguide/C/installation.xml:683(title)
23210
23244
msgid "Degraded RAID"
23211
23245
msgstr ""
23212
23246
23213
#: serverguide/C/installation.xml:678(para)
23247
#: serverguide/C/installation.xml:685(para)
23214
23248
msgid ""
23215
23249
"At some point in the life of the computer a disk failure event may occur. "
23216
23250
"When this happens, using Software RAID, the operating system will place the "
23217
23251
"array into what is known as a <emphasis>degraded</emphasis> state."
23218
23252
msgstr ""
23219
23253
23220
#: serverguide/C/installation.xml:683(para)
23254
#: serverguide/C/installation.xml:690(para)
23221
23255
msgid ""
23222
23256
"If the array has become degraded, due to the chance of data corruption, by "
23223
23257
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23228
23262
"Booting to a degraded array can be configured several ways:"
23229
23263
msgstr ""
23230
23264
23231
#: serverguide/C/installation.xml:694(para)
23265
#: serverguide/C/installation.xml:701(para)
23232
23266
msgid ""
23233
23267
"The <application>dpkg-reconfigure</application> utility can be used to "
23234
23268
"configure the default behavior, and during the process you will be queried "
23237
23271
"following:"
23238
23272
msgstr ""
23239
23273
23240
#: serverguide/C/installation.xml:701(command)
23274
#: serverguide/C/installation.xml:708(command)
23241
23275
msgid "sudo dpkg-reconfigure mdadm"
23242
23276
msgstr ""
23243
23277
23244
#: serverguide/C/installation.xml:707(para)
23278
#: serverguide/C/installation.xml:714(para)
23245
23279
msgid ""
23246
23280
"The <command>dpkg-reconfigure mdadm</command> process will change the "
23247
23281
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
23249
23283
"behavior, and can also be manually edited:"
23250
23284
msgstr ""
23251
23285
23252
#: serverguide/C/installation.xml:713(programlisting)
23286
#: serverguide/C/installation.xml:720(programlisting)
23253
23287
#, no-wrap
23254
23288
msgid ""
23255
23289
"\n"
23256
23290
"BOOT_DEGRADED=true\n"
23257
23291
msgstr ""
23258
23292
23259
#: serverguide/C/installation.xml:718(para)
23293
#: serverguide/C/installation.xml:725(para)
23260
23294
msgid "The configuration file can be overridden by using a Kernel argument."
23261
23295
msgstr ""
23262
23296
23263
#: serverguide/C/installation.xml:726(para)
23297
#: serverguide/C/installation.xml:733(para)
23264
23298
msgid ""
23265
23299
"Using a Kernel argument will allow the system to boot to a degraded array as "
23266
23300
"well:"
23267
23301
msgstr ""
23268
23302
23269
#: serverguide/C/installation.xml:732(para)
23303
#: serverguide/C/installation.xml:739(para)
23270
23304
msgid ""
23271
23305
"When the server is booting press <keycap>Shift</keycap> to open the "
23272
23306
"<application>Grub</application> menu."
23273
23307
msgstr ""
23274
23308
23275
#: serverguide/C/installation.xml:737(para)
23309
#: serverguide/C/installation.xml:744(para)
23276
23310
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23277
23311
msgstr ""
23278
23312
23279
#: serverguide/C/installation.xml:742(para)
23313
#: serverguide/C/installation.xml:749(para)
23280
23314
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23281
23315
msgstr ""
23282
23316
23283
#: serverguide/C/installation.xml:747(para)
23317
#: serverguide/C/installation.xml:754(para)
23284
23318
msgid ""
23285
23319
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23286
23320
"end of the line."
23287
23321
msgstr ""
23288
23322
23289
#: serverguide/C/installation.xml:752(para)
23323
#: serverguide/C/installation.xml:759(para)
23290
23324
msgid ""
23291
23325
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23292
23326
"the system."
23293
23327
msgstr ""
23294
23328
23295
#: serverguide/C/installation.xml:761(para)
23329
#: serverguide/C/installation.xml:768(para)
23296
23330
msgid ""
23297
23331
"Once the system has booted you can either repair the array see <xref "
23298
23332
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23299
23333
"another machine due to major hardware failure."
23300
23334
msgstr ""
23301
23335
23302
#: serverguide/C/installation.xml:768(title)
23336
#: serverguide/C/installation.xml:775(title)
23303
23337
msgid "RAID Maintenance"
23304
23338
msgstr ""
23305
23339
23306
#: serverguide/C/installation.xml:770(para)
23340
#: serverguide/C/installation.xml:777(para)
23307
23341
msgid ""
23308
23342
"The <application>mdadm</application> utility can be used to view the status "
23309
23343
"of an array, add disks to an array, remove disks, etc:"
23310
23344
msgstr ""
23311
23345
23312
#: serverguide/C/installation.xml:777(para)
23346
#: serverguide/C/installation.xml:784(para)
23313
23347
msgid "To view the status of an array, from a terminal prompt enter:"
23314
23348
msgstr ""
23315
23349
23316
#: serverguide/C/installation.xml:781(command)
23350
#: serverguide/C/installation.xml:788(command)
23317
23351
msgid "sudo mdadm -D /dev/md0"
23318
23352
msgstr ""
23319
23353
23320
#: serverguide/C/installation.xml:784(para)
23354
#: serverguide/C/installation.xml:791(para)
23321
23355
msgid ""
23322
23356
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23323
23357
"display <emphasis>detailed</emphasis> information about the "
23325
23359
"with the appropriate RAID device."
23326
23360
msgstr ""
23327
23361
23328
#: serverguide/C/installation.xml:790(para)
23362
#: serverguide/C/installation.xml:797(para)
23329
23363
msgid "To view the status of a disk in an array:"
23330
23364
msgstr ""
23331
23365
23332
#: serverguide/C/installation.xml:794(command)
23366
#: serverguide/C/installation.xml:801(command)
23333
23367
msgid "sudo mdadm -E /dev/sda1"
23334
23368
msgstr ""
23335
23369
23336
#: serverguide/C/installation.xml:796(para)
23370
#: serverguide/C/installation.xml:803(para)
23337
23371
msgid ""
23338
23372
"The output if very similar to the <command>mdadm -D</command> command, "
23339
23373
"adjust <filename>/dev/sda1</filename> for each disk."
23340
23374
msgstr ""
23341
23375
23342
#: serverguide/C/installation.xml:801(para)
23376
#: serverguide/C/installation.xml:808(para)
23343
23377
msgid "If a disk fails and needs to be removed from an array enter:"
23344
23378
msgstr ""
23345
23379
23346
#: serverguide/C/installation.xml:805(command)
23380
#: serverguide/C/installation.xml:812(command)
23347
23381
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23348
23382
msgstr ""
23349
23383
23350
#: serverguide/C/installation.xml:807(para)
23384
#: serverguide/C/installation.xml:814(para)
23351
23385
msgid ""
23352
23386
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23353
23387
"the appropriate RAID device and disk."
23354
23388
msgstr ""
23355
23389
23356
#: serverguide/C/installation.xml:812(para)
23390
#: serverguide/C/installation.xml:819(para)
23357
23391
msgid "Similarly, to add a new disk:"
23358
23392
msgstr ""
23359
23393
23360
#: serverguide/C/installation.xml:816(command)
23394
#: serverguide/C/installation.xml:823(command)
23361
23395
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23362
23396
msgstr ""
23363
23397
23364
#: serverguide/C/installation.xml:821(para)
23398
#: serverguide/C/installation.xml:828(para)
23365
23399
msgid ""
23366
23400
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23367
23401
"though there is nothing physically wrong with the drive. It is usually "
23370
23404
"the array, it is a good indication of hardware failure."
23371
23405
msgstr ""
23372
23406
23373
#: serverguide/C/installation.xml:827(para)
23407
#: serverguide/C/installation.xml:834(para)
23374
23408
msgid ""
23375
23409
"The <filename>/proc/mdstat</filename> file also contains useful information "
23376
23410
"about the system's RAID devices:"
23377
23411
msgstr ""
23378
23412
23379
#: serverguide/C/installation.xml:832(command)
23413
#: serverguide/C/installation.xml:839(command)
23380
23414
msgid "cat /proc/mdstat"
23381
23415
msgstr ""
23382
23416
23383
#: serverguide/C/installation.xml:833(computeroutput)
23417
#: serverguide/C/installation.xml:840(computeroutput)
23384
23418
#, no-wrap
23385
23419
msgid ""
23386
23420
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
23391
23425
"unused devices: <none>"
23392
23426
msgstr ""
23393
23427
23394
#: serverguide/C/installation.xml:840(para)
23428
#: serverguide/C/installation.xml:847(para)
23395
23429
msgid ""
23396
23430
"The following command is great for watching the status of a syncing drive:"
23397
23431
msgstr ""
23398
23432
23399
#: serverguide/C/installation.xml:845(command)
23433
#: serverguide/C/installation.xml:852(command)
23400
23434
msgid "watch -n1 cat /proc/mdstat"
23401
23435
msgstr ""
23402
23436
23403
#: serverguide/C/installation.xml:848(para)
23437
#: serverguide/C/installation.xml:855(para)
23404
23438
msgid ""
23405
23439
"Press <emphasis>Ctrl+c</emphasis> to stop the "
23406
23440
"<application>watch</application> command."
23407
23441
msgstr ""
23408
23442
23409
#: serverguide/C/installation.xml:852(para)
23443
#: serverguide/C/installation.xml:859(para)
23410
23444
msgid ""
23411
23445
"If you do need to replace a faulty drive, after the drive has been replaced "
23412
23446
"and synced, <application>grub</application> will need to be installed. To "
23414
23448
"following:"
23415
23449
msgstr ""
23416
23450
23417
#: serverguide/C/installation.xml:858(command)
23451
#: serverguide/C/installation.xml:865(command)
23418
23452
msgid "sudo grub-install /dev/md0"
23419
23453
msgstr ""
23420
23454
23421
#: serverguide/C/installation.xml:861(para)
23455
#: serverguide/C/installation.xml:868(para)
23422
23456
msgid ""
23423
23457
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23424
23458
msgstr ""
23425
23459
23426
#: serverguide/C/installation.xml:869(para)
23460
#: serverguide/C/installation.xml:876(para)
23427
23461
msgid ""
23428
23462
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23429
23463
"can be configured. Please see the following links for more information:"
23430
23464
msgstr ""
23431
23465
23432
#: serverguide/C/installation.xml:876(para)
23466
#: serverguide/C/installation.xml:883(para)
23433
23467
msgid ""
23434
23468
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23435
23469
"Wiki Articles on RAID</ulink>."
23436
23470
msgstr ""
23437
23471
23438
#: serverguide/C/installation.xml:882(ulink)
23472
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23439
23473
msgid "Software RAID HOWTO"
23440
23474
msgstr ""
23441
23475
23442
#: serverguide/C/installation.xml:887(ulink)
23476
#: serverguide/C/installation.xml:894(ulink)
23443
23477
msgid "Managing RAID on Linux"
23444
23478
msgstr ""
23445
23479
23446
#: serverguide/C/installation.xml:894(title)
23480
#: serverguide/C/installation.xml:901(title)
23447
23481
msgid "Logical Volume Manager (LVM)"
23448
23482
msgstr ""
23449
23483
23450
#: serverguide/C/installation.xml:896(para)
23484
#: serverguide/C/installation.xml:903(para)
23451
23485
msgid ""
23452
23486
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23453
23487
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23456
23490
"giving greater flexibility to systems as requirements change."
23457
23491
msgstr ""
23458
23492
23459
#: serverguide/C/installation.xml:905(para)
23493
#: serverguide/C/installation.xml:912(para)
23460
23494
msgid ""
23461
23495
"A side effect of LVM's power and flexibility is a greater degree of "
23462
23496
"complication. Before diving into the LVM installation process, it is best to "
23463
23497
"get familiar with some terms."
23464
23498
msgstr ""
23465
23499
23466
#: serverguide/C/installation.xml:912(para)
23500
#: serverguide/C/installation.xml:919(para)
23467
23501
msgid ""
23468
23502
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23469
23503
"partition or software RAID partition formatted as LVM PV."
23470
23504
msgstr ""
23471
23505
23472
#: serverguide/C/installation.xml:918(para)
23506
#: serverguide/C/installation.xml:925(para)
23473
23507
msgid ""
23474
23508
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23475
23509
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23476
23510
"disk drive, from which one or more logical volumes are carved."
23477
23511
msgstr ""
23478
23512
23479
#: serverguide/C/installation.xml:924(para)
23513
#: serverguide/C/installation.xml:931(para)
23480
23514
msgid ""
23481
23515
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23482
23516
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23483
23517
"etc), it is then available for mounting and data storage."
23484
23518
msgstr ""
23485
23519
23486
#: serverguide/C/installation.xml:935(para)
23520
#: serverguide/C/installation.xml:942(para)
23487
23521
msgid ""
23488
23522
"As an example this section covers installing Ubuntu Server Edition with "
23489
23523
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23492
23526
"can be extended."
23493
23527
msgstr ""
23494
23528
23495
#: serverguide/C/installation.xml:941(para)
23529
#: serverguide/C/installation.xml:948(para)
23496
23530
msgid ""
23497
23531
"There are several installation options for LVM, <emphasis>\"Guided - use the "
23498
23532
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
23503
23537
"the Manual approach."
23504
23538
msgstr ""
23505
23539
23506
#: serverguide/C/installation.xml:958(para)
23540
#: serverguide/C/installation.xml:965(para)
23507
23541
msgid ""
23508
23542
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
23509
23543
"<emphasis>\"Manual\"</emphasis>."
23510
23544
msgstr ""
23511
23545
23512
#: serverguide/C/installation.xml:965(para)
23546
#: serverguide/C/installation.xml:972(para)
23513
23547
msgid ""
23514
23548
"Select the hard disk and on the next screen choose \"yes\" to "
23515
23549
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
23516
23550
msgstr ""
23517
23551
23518
#: serverguide/C/installation.xml:972(para)
23552
#: serverguide/C/installation.xml:979(para)
23519
23553
msgid ""
23520
23554
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
23521
23555
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
23522
23556
msgstr ""
23523
23557
23524
#: serverguide/C/installation.xml:980(para)
23558
#: serverguide/C/installation.xml:987(para)
23525
23559
msgid ""
23526
23560
"For the LVM <emphasis>/srv</emphasis>, create a new "
23527
23561
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
23529
23563
"<emphasis>\"Done setting up the partition\"</emphasis>."
23530
23564
msgstr ""
23531
23565
23532
#: serverguide/C/installation.xml:988(para)
23566
#: serverguide/C/installation.xml:995(para)
23533
23567
msgid ""
23534
23568
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
23535
23569
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
23536
23570
"disk."
23537
23571
msgstr ""
23538
23572
23539
#: serverguide/C/installation.xml:996(para)
23573
#: serverguide/C/installation.xml:1003(para)
23540
23574
msgid ""
23541
23575
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
23542
23576
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
23545
23579
"<emphasis>\"Continue\"</emphasis>."
23546
23580
msgstr ""
23547
23581
23548
#: serverguide/C/installation.xml:1005(para)
23582
#: serverguide/C/installation.xml:1012(para)
23549
23583
msgid ""
23550
23584
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
23551
23585
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
23556
23590
"main <emphasis>\"Partition Disks\"</emphasis> screen."
23557
23591
msgstr ""
23558
23592
23559
#: serverguide/C/installation.xml:1015(para)
23593
#: serverguide/C/installation.xml:1022(para)
23560
23594
msgid ""
23561
23595
"Now add a filesystem to the new LVM. Select the partition under "
23562
23596
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
23565
23599
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23566
23600
msgstr ""
23567
23601
23568
#: serverguide/C/installation.xml:1024(para)
23602
#: serverguide/C/installation.xml:1031(para)
23569
23603
msgid ""
23570
23604
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23571
23605
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23572
23606
"the installation."
23573
23607
msgstr ""
23574
23608
23575
#: serverguide/C/installation.xml:1032(para)
23609
#: serverguide/C/installation.xml:1039(para)
23576
23610
msgid "There are some useful utilities to view information about LVM:"
23577
23611
msgstr ""
23578
23612
23579
#: serverguide/C/installation.xml:1037(para)
23613
#: serverguide/C/installation.xml:1044(para)
23580
23614
msgid ""
23581
23615
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23582
23616
msgstr ""
23583
23617
23584
#: serverguide/C/installation.xml:1038(para)
23618
#: serverguide/C/installation.xml:1045(para)
23585
23619
msgid ""
23586
23620
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23587
23621
msgstr ""
23588
23622
23589
#: serverguide/C/installation.xml:1039(para)
23623
#: serverguide/C/installation.xml:1046(para)
23590
23624
msgid ""
23591
23625
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23592
23626
msgstr ""
23593
23627
23594
#: serverguide/C/installation.xml:1044(title)
23628
#: serverguide/C/installation.xml:1051(title)
23595
23629
msgid "Extending Volume Groups"
23596
23630
msgstr ""
23597
23631
23598
#: serverguide/C/installation.xml:1046(para)
23632
#: serverguide/C/installation.xml:1053(para)
23599
23633
msgid ""
23600
23634
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23601
23635
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23607
23641
"partitions and use them as different physical volumes)"
23608
23642
msgstr ""
23609
23643
23610
#: serverguide/C/installation.xml:1054(para)
23644
#: serverguide/C/installation.xml:1061(para)
23611
23645
msgid ""
23612
23646
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23613
23647
"before issuing the commands below. You could lose some data if you issue "
23614
23648
"those commands on a non-empty disk."
23615
23649
msgstr ""
23616
23650
23617
#: serverguide/C/installation.xml:1062(para)
23651
#: serverguide/C/installation.xml:1069(para)
23618
23652
msgid "First, create the physical volume, in a terminal execute:"
23619
23653
msgstr ""
23620
23654
23621
#: serverguide/C/installation.xml:1067(command)
23655
#: serverguide/C/installation.xml:1074(command)
23622
23656
msgid "sudo pvcreate /dev/sdb"
23623
23657
msgstr ""
23624
23658
23625
#: serverguide/C/installation.xml:1073(para)
23659
#: serverguide/C/installation.xml:1080(para)
23626
23660
msgid "Now extend the Volume Group (VG):"
23627
23661
msgstr ""
23628
23662
23629
#: serverguide/C/installation.xml:1078(command)
23663
#: serverguide/C/installation.xml:1085(command)
23630
23664
msgid "sudo vgextend vg01 /dev/sdb"
23631
23665
msgstr ""
23632
23666
23633
#: serverguide/C/installation.xml:1084(para)
23667
#: serverguide/C/installation.xml:1091(para)
23634
23668
msgid ""
23635
23669
"Use <application>vgdisplay</application> to find out the free physical "
23636
23670
"extents - Free PE / size (the size you can allocate). We will assume a free "
23638
23672
"whole free space available. Use your own PE and/or free space."
23639
23673
msgstr ""
23640
23674
23641
#: serverguide/C/installation.xml:1090(para)
23675
#: serverguide/C/installation.xml:1097(para)
23642
23676
msgid ""
23643
23677
"The Logical Volume (LV) can now be extended by different methods, we will "
23644
23678
"only see how to use the PE to extend the LV:"
23645
23679
msgstr ""
23646
23680
23647
#: serverguide/C/installation.xml:1095(command)
23681
#: serverguide/C/installation.xml:1102(command)
23648
23682
msgid "sudo lvextend /dev/vg01/srv -l +511"
23649
23683
msgstr ""
23650
23684
23651
#: serverguide/C/installation.xml:1098(para)
23685
#: serverguide/C/installation.xml:1105(para)
23652
23686
msgid ""
23653
23687
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
23654
23688
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
23655
23689
"Gig, Tera, etc bytes."
23656
23690
msgstr ""
23657
23691
23658
#: serverguide/C/installation.xml:1106(para)
23692
#: serverguide/C/installation.xml:1113(para)
23659
23693
msgid ""
23660
23694
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
23661
23695
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
23664
23698
"first is compulsory)."
23665
23699
msgstr ""
23666
23700
23667
#: serverguide/C/installation.xml:1112(para)
23701
#: serverguide/C/installation.xml:1119(para)
23668
23702
msgid ""
23669
23703
"The following commands are for an <emphasis>EXT3</emphasis> or "
23670
23704
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23671
23705
"there may be other utilities available."
23672
23706
msgstr ""
23673
23707
23674
#: serverguide/C/installation.xml:1119(command)
23675
msgid "sudo e2fsck -f /dev/vg01/srv"
23676
msgstr ""
23677
23678
#: serverguide/C/installation.xml:1122(para)
23679
msgid ""
23680
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23681
"forces checking even if the system seems clean."
23682
msgstr ""
23683
23684
#: serverguide/C/installation.xml:1129(para)
23685
msgid "Finally, resize the filesystem:"
23686
msgstr ""
23687
23688
#: serverguide/C/installation.xml:1134(command)
23689
msgid "sudo resize2fs /dev/vg01/srv"
23690
msgstr ""
23691
23692
#: serverguide/C/installation.xml:1140(para)
23708
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
23693
23709
msgid "Now mount the partition and check its size."
23694
23710
msgstr ""
23695
23711
23696
#: serverguide/C/installation.xml:1145(command)
23712
#: serverguide/C/installation.xml:1136(para)
23713
msgid ""
23714
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
23715
msgstr ""
23716
23717
#: serverguide/C/installation.xml:1141(command)
23697
23718
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23698
23719
msgstr ""
23699
23720
23700
#: serverguide/C/installation.xml:1157(para)
23721
#: serverguide/C/installation.xml:1153(para)
23701
23722
msgid ""
23702
23723
"See the <ulink "
23703
23724
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23704
23725
"Articles</ulink>."
23705
23726
msgstr ""
23706
23727
23707
#: serverguide/C/installation.xml:1162(para)
23728
#: serverguide/C/installation.xml:1158(para)
23708
23729
msgid ""
23709
23730
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
23710
23731
"HOWTO</ulink> for more information."
23711
23732
msgstr ""
23712
23733
23713
#: serverguide/C/installation.xml:1167(para)
23714
msgid ""
23715
"Another good article is <ulink "
23716
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
23717
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
23718
"linuxdevcenter.com site."
23719
msgstr ""
23720
23721
#: serverguide/C/installation.xml:1181(para)
23722
msgid ""
23723
"For more information on <application>fdisk</application> see the <ulink "
23724
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
23725
" man page</ulink>."
23726
msgstr ""
23727
23728
#: serverguide/C/installation.xml:1185(title)
23734
#: serverguide/C/installation.xml:1171(title)
23735
msgid "bla bla 4"
23736
msgstr ""
23737
23738
#: serverguide/C/installation.xml:1174(para)
23739
msgid "bla bla 4 para."
23740
msgstr ""
23741
23742
#: serverguide/C/installation.xml:1179(para)
23743
msgid "bla bla 5 para."
23744
msgstr ""
23745
23746
#: serverguide/C/installation.xml:1184(para)
23747
msgid "list item 1."
23748
msgstr ""
23749
23750
#: serverguide/C/installation.xml:1189(para)
23751
msgid "list item 2."
23752
msgstr ""
23753
23754
#: serverguide/C/installation.xml:1194(para)
23755
msgid "list item 3."
23756
msgstr ""
23757
23758
#: serverguide/C/installation.xml:1199(para)
23759
msgid "bla bla para"
23760
msgstr ""
23761
23762
#: serverguide/C/installation.xml:1204(para)
23763
msgid "bla bla 6 para."
23764
msgstr ""
23765
23766
#: serverguide/C/installation.xml:1209(para)
23767
msgid "bla bla 7 para."
23768
msgstr ""
23769
23770
#: serverguide/C/installation.xml:1214(para)
23771
msgid "bla bla 8 para."
23772
msgstr ""
23773
23774
#: serverguide/C/installation.xml:1219(para)
23775
msgid "bla bla 9 para."
23776
msgstr ""
23777
23778
#: serverguide/C/installation.xml:1226(title)
23779
msgid "bla bla 5"
23780
msgstr ""
23781
23782
#: serverguide/C/installation.xml:1229(title)
23783
msgid "bla bla 6"
23784
msgstr ""
23785
23786
#: serverguide/C/installation.xml:1232(title)
23787
msgid "bla bla 7"
23788
msgstr ""
23789
23790
#: serverguide/C/installation.xml:1235(title)
23791
msgid "bla bla 8"
23792
msgstr ""
23793
23794
#: serverguide/C/installation.xml:1238(title)
23795
msgid "bla bla 9"
23796
msgstr ""
23797
23798
#: serverguide/C/installation.xml:1241(title)
23799
msgid "bla bla a"
23800
msgstr ""
23801
23802
#: serverguide/C/installation.xml:1244(title)
23803
msgid "bla bla b"
23804
msgstr ""
23805
23806
#: serverguide/C/installation.xml:1247(title)
23807
msgid "bla bla c"
23808
msgstr ""
23809
23810
#: serverguide/C/installation.xml:1250(title)
23811
msgid "bla bla d"
23812
msgstr ""
23813
23814
#: serverguide/C/installation.xml:1253(title)
23815
msgid "bla bla e"
23816
msgstr ""
23817
23818
#: serverguide/C/installation.xml:1258(title)
23729
23819
msgid "Kernel Crash Dump"
23730
23820
msgstr ""
23731
23821
23732
#: serverguide/C/installation.xml:1192(para)
23822
#: serverguide/C/installation.xml:1265(para)
23733
23823
msgid "Kernel Panic"
23734
23824
msgstr ""
23735
23825
23736
#: serverguide/C/installation.xml:1193(para)
23826
#: serverguide/C/installation.xml:1266(para)
23737
23827
msgid "Non Maskable Interrupts (NMI)"
23738
23828
msgstr ""
23739
23829
23740
#: serverguide/C/installation.xml:1194(para)
23830
#: serverguide/C/installation.xml:1267(para)
23741
23831
msgid "Machine Check Exceptions (MCE)"
23742
23832
msgstr ""
23743
23833
23744
#: serverguide/C/installation.xml:1195(para)
23834
#: serverguide/C/installation.xml:1268(para)
23745
23835
msgid "Hardware failure"
23746
23836
msgstr ""
23747
23837
23748
#: serverguide/C/installation.xml:1196(para)
23838
#: serverguide/C/installation.xml:1269(para)
23749
23839
msgid "Manual intervention"
23750
23840
msgstr ""
23751
23841
23752
#: serverguide/C/installation.xml:1188(para)
23842
#: serverguide/C/installation.xml:1261(para)
23753
23843
msgid ""
23754
23844
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
23755
23845
"(RAM) that is copied to disk whenever the execution of the kernel is "
23763
23853
"memory contents."
23764
23854
msgstr ""
23765
23855
23766
#: serverguide/C/installation.xml:1205(title)
23856
#: serverguide/C/installation.xml:1278(title)
23767
23857
msgid "Kernel Crash Dump Mechanism"
23768
23858
msgstr ""
23769
23859
23770
#: serverguide/C/installation.xml:1207(para)
23860
#: serverguide/C/installation.xml:1280(para)
23771
23861
msgid ""
23772
23862
"When a kernel panic occurs, the kernel relies on the "
23773
23863
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
23776
23866
"untouched in order to safely copy its contents to storage."
23777
23867
msgstr ""
23778
23868
23779
#: serverguide/C/installation.xml:1216(para)
23869
#: serverguide/C/installation.xml:1289(para)
23780
23870
msgid ""
23781
23871
"The kernel crash dump utility is installed with the following command:"
23782
23872
msgstr ""
23783
23873
23784
#: serverguide/C/installation.xml:1221(command)
23874
#: serverguide/C/installation.xml:1294(command)
23785
23875
msgid "sudo apt-get install linux-crashdump"
23786
23876
msgstr ""
23787
23877
23788
#: serverguide/C/installation.xml:1230(programlisting)
23878
#: serverguide/C/installation.xml:1303(programlisting)
23789
23879
#, no-wrap
23790
23880
msgid ""
23791
23881
"\n"
23792
23882
"USE_KDUMP=1\n"
23793
23883
msgstr ""
23794
23884
23795
#: serverguide/C/installation.xml:1228(para)
23885
#: serverguide/C/installation.xml:1301(para)
23796
23886
msgid ""
23797
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
23798
"line: <placeholder-1/>"
23887
"Edit <filename>/etc/default/kdump-tools</filename> by including the "
23888
"following line: <placeholder-1/>"
23799
23889
msgstr ""
23800
23890
23801
#: serverguide/C/installation.xml:1235(para)
23891
#: serverguide/C/installation.xml:1308(para)
23802
23892
msgid "A reboot is then needed."
23803
23893
msgstr ""
23804
23894
23805
#: serverguide/C/installation.xml:1244(para)
23895
#: serverguide/C/installation.xml:1317(para)
23806
23896
msgid ""
23807
23897
"To confirm that the kernel dump mechanism is enabled, there are a few things "
23808
23898
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
23810
23900
"fit the format of this document:"
23811
23901
msgstr ""
23812
23902
23813
#: serverguide/C/installation.xml:1251(command)
23903
#: serverguide/C/installation.xml:1324(command)
23814
23904
msgid "cat /proc/cmdline"
23815
23905
msgstr ""
23816
23906
23817
#: serverguide/C/installation.xml:1252(computeroutput)
23907
#: serverguide/C/installation.xml:1325(computeroutput)
23818
23908
#, no-wrap
23819
23909
msgid ""
23820
23910
"\n"
23822
23912
" crashkernel=384M-2G:64M,2G-:128M\n"
23823
23913
msgstr ""
23824
23914
23825
#: serverguide/C/installation.xml:1260(programlisting)
23915
#: serverguide/C/installation.xml:1333(programlisting)
23826
23916
#, no-wrap
23827
23917
msgid ""
23828
23918
"\n"
23832
23922
" "
23833
23923
msgstr ""
23834
23924
23835
#: serverguide/C/installation.xml:1258(para)
23925
#: serverguide/C/installation.xml:1331(para)
23836
23926
msgid ""
23837
23927
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
23838
23928
"<placeholder-1/>"
23839
23929
msgstr ""
23840
23930
23841
#: serverguide/C/installation.xml:1268(programlisting)
23931
#: serverguide/C/installation.xml:1341(programlisting)
23842
23932
#, no-wrap
23843
23933
msgid ""
23844
23934
"\n"
23845
23935
"crashkernel=384M-2G:64M,2G-:128M\n"
23846
23936
msgstr ""
23847
23937
23848
#: serverguide/C/installation.xml:1266(para)
23938
#: serverguide/C/installation.xml:1339(para)
23849
23939
msgid ""
23850
23940
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
23851
23941
"we would have : <placeholder-1/>"
23852
23942
msgstr ""
23853
23943
23854
#: serverguide/C/installation.xml:1273(para)
23944
#: serverguide/C/installation.xml:1346(para)
23855
23945
msgid "The above value means:"
23856
23946
msgstr ""
23857
23947
23858
#: serverguide/C/installation.xml:1275(para)
23948
#: serverguide/C/installation.xml:1348(para)
23859
23949
msgid ""
23860
23950
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
23861
23951
"\"rescue\" case)"
23862
23952
msgstr ""
23863
23953
23864
#: serverguide/C/installation.xml:1277(para)
23954
#: serverguide/C/installation.xml:1350(para)
23865
23955
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
23866
23956
msgstr ""
23867
23957
23868
#: serverguide/C/installation.xml:1278(para)
23958
#: serverguide/C/installation.xml:1351(para)
23869
23959
msgid "if the RAM size is larger than 2G, then reserve 128M"
23870
23960
msgstr ""
23871
23961
23872
#: serverguide/C/installation.xml:1281(para)
23962
#: serverguide/C/installation.xml:1354(para)
23873
23963
msgid ""
23874
23964
"Second, verify that the kernel has reserved the requested memory area for "
23875
23965
"the kdump kernel by doing:"
23876
23966
msgstr ""
23877
23967
23878
#: serverguide/C/installation.xml:1286(command)
23968
#: serverguide/C/installation.xml:1359(command)
23879
23969
msgid "dmesg | grep -i crash"
23880
23970
msgstr ""
23881
23971
23882
#: serverguide/C/installation.xml:1287(computeroutput)
23972
#: serverguide/C/installation.xml:1360(computeroutput)
23883
23973
#, no-wrap
23884
23974
msgid ""
23885
23975
"\n"
23888
23978
"RAM: 1023MB)\n"
23889
23979
msgstr ""
23890
23980
23891
#: serverguide/C/installation.xml:1296(title)
23981
#: serverguide/C/installation.xml:1369(title)
23892
23982
msgid "Testing the Crash Dump Mechanism"
23893
23983
msgstr ""
23894
23984
23895
#: serverguide/C/installation.xml:1299(para)
23985
#: serverguide/C/installation.xml:1372(para)
23896
23986
msgid ""
23897
23987
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
23898
23988
"reboot.</emphasis> In certain situations, this can cause data loss if the "
23900
23990
"that the system is idle or under very light load."
23901
23991
msgstr ""
23902
23992
23903
#: serverguide/C/installation.xml:1306(para)
23993
#: serverguide/C/installation.xml:1379(para)
23904
23994
msgid ""
23905
23995
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
23906
23996
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
23907
23997
"parameter :"
23908
23998
msgstr ""
23909
23999
23910
#: serverguide/C/installation.xml:1312(command)
24000
#: serverguide/C/installation.xml:1385(command)
23911
24001
msgid "cat /proc/sys/kernel/sysrq"
23912
24002
msgstr ""
23913
24003
23914
#: serverguide/C/installation.xml:1315(para)
24004
#: serverguide/C/installation.xml:1388(para)
23915
24005
msgid ""
23916
24006
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
23917
24007
"Enable it with the following command :"
23918
24008
msgstr ""
23919
24009
23920
#: serverguide/C/installation.xml:1320(command)
24010
#: serverguide/C/installation.xml:1393(command)
23921
24011
msgid "sudo sysctl -w kernel.sysrq=1"
23922
24012
msgstr ""
23923
24013
23924
#: serverguide/C/installation.xml:1323(para)
24014
#: serverguide/C/installation.xml:1396(para)
23925
24015
msgid ""
23926
24016
"Once this is done, you must become root, as just using "
23927
24017
"<command>sudo</command> will not be sufficient. As the "
23932
24022
"the advantage of making the kernel dump process visible."
23933
24023
msgstr ""
23934
24024
23935
#: serverguide/C/installation.xml:1330(para)
24025
#: serverguide/C/installation.xml:1403(para)
23936
24026
msgid "A typical test output should look like the following :"
23937
24027
msgstr ""
23938
24028
23939
#: serverguide/C/installation.xml:1335(command)
24029
#: serverguide/C/installation.xml:1408(command)
23940
24030
msgid "sudo -s"
23941
24031
msgstr ""
23942
24032
23943
#: serverguide/C/installation.xml:1337(command)
24033
#: serverguide/C/installation.xml:1410(command)
23944
24034
msgid "echo c > /proc/sysrq-trigger"
23945
24035
msgstr ""
23946
24036
23947
#: serverguide/C/installation.xml:1334(screen)
24037
#: serverguide/C/installation.xml:1407(screen)
23948
24038
#, no-wrap
23949
24039
msgid ""
23950
24040
"\n"
23961
24051
"....\n"
23962
24052
msgstr ""
23963
24053
23964
#: serverguide/C/installation.xml:1347(para)
24054
#: serverguide/C/installation.xml:1420(para)
23965
24055
msgid ""
23966
24056
"The rest of the output is truncated, but you should see the system rebooting "
23967
24057
"and somewhere in the log, you will see the following line : <screen>Begin: "
23970
24060
"file in the <filename>/var/crash</filename> directory :"
23971
24061
msgstr ""
23972
24062
23973
#: serverguide/C/installation.xml:1354(command)
24063
#: serverguide/C/installation.xml:1427(command)
23974
24064
msgid "ls /var/crash"
23975
24065
msgstr ""
23976
24066
23977
#: serverguide/C/installation.xml:1353(screen)
24067
#: serverguide/C/installation.xml:1426(screen)
23978
24068
#, no-wrap
23979
24069
msgid ""
23980
24070
"\n"
23982
24072
"linux-image-3.0.0-12-server.0.crash\n"
23983
24073
msgstr ""
23984
24074
23985
#: serverguide/C/installation.xml:1363(para)
24075
#: serverguide/C/installation.xml:1436(para)
23986
24076
msgid ""
23987
24077
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
23988
24078
"kernel. You can find more information on the topic here :"
23989
24079
msgstr ""
23990
24080
23991
#: serverguide/C/installation.xml:1369(para)
24081
#: serverguide/C/installation.xml:1442(para)
23992
24082
msgid ""
23993
24083
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
23994
24084
"kernel documentation</ulink>."
23995
24085
msgstr ""
23996
24086
23997
#: serverguide/C/installation.xml:1375(ulink)
24087
#: serverguide/C/installation.xml:1448(ulink)
23998
24088
msgid "The crash tool"
23999
24089
msgstr ""
24000
24090
24001
#: serverguide/C/installation.xml:1379(para)
24091
#: serverguide/C/installation.xml:1452(para)
24002
24092
msgid ""
24003
24093
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
24004
24094
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
24472
24562
"as follows:"
24473
24563
msgstr ""
24474
24564
24475
#: serverguide/C/file-server.xml:430(programlisting)
24565
#: serverguide/C/file-server.xml:429(programlisting)
24476
24566
#, no-wrap
24477
24567
msgid ""
24478
24568
"\n"
24480
24570
"rsize=8192,wsize=8192,timeo=14,intr\n"
24481
24571
msgstr ""
24482
24572
24483
#: serverguide/C/file-server.xml:434(para)
24573
#: serverguide/C/file-server.xml:433(para)
24484
24574
msgid ""
24485
24575
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
24486
24576
"common</application> package is installed on your client. To install "
24490
24580
"</screen>"
24491
24581
msgstr ""
24492
24582
24493
#: serverguide/C/file-server.xml:447(ulink)
24583
#: serverguide/C/file-server.xml:446(ulink)
24494
24584
msgid "Linux NFS faq"
24495
24585
msgstr ""
24496
24586
24497
#: serverguide/C/file-server.xml:449(ulink)
24587
#: serverguide/C/file-server.xml:448(ulink)
24498
24588
msgid "Ubuntu Wiki NFS Howto"
24499
24589
msgstr ""
24500
24590
24501
#: serverguide/C/file-server.xml:455(title)
24591
#: serverguide/C/file-server.xml:454(title)
24502
24592
msgid "iSCSI Initiator"
24503
24593
msgstr ""
24504
24594
24505
#: serverguide/C/file-server.xml:457(para)
24595
#: serverguide/C/file-server.xml:456(para)
24506
24596
msgid ""
24507
24597
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
24508
24598
"protocol that allows SCSI commands to be transmitted over a network. "
24522
24612
"your vendor documentation to configure your specific iSCSI target."
24523
24613
msgstr ""
24524
24614
24525
#: serverguide/C/file-server.xml:471(title)
24615
#: serverguide/C/file-server.xml:470(title)
24526
24616
msgid "iSCSI Initiator Install"
24527
24617
msgstr ""
24528
24618
24529
#: serverguide/C/file-server.xml:473(para)
24619
#: serverguide/C/file-server.xml:472(para)
24530
24620
msgid ""
24531
24621
"To configure Ubuntu Server as an iSCSI initiator install the "
24532
24622
"<application>open-iscsi</application> package. In a terminal enter:"
24533
24623
msgstr ""
24534
24624
24535
#: serverguide/C/file-server.xml:478(command)
24625
#: serverguide/C/file-server.xml:477(command)
24536
24626
msgid "sudo apt-get install open-iscsi"
24537
24627
msgstr ""
24538
24628
24539
#: serverguide/C/file-server.xml:483(title)
24629
#: serverguide/C/file-server.xml:482(title)
24540
24630
msgid "iSCSI Initiator Configuration"
24541
24631
msgstr ""
24542
24632
24543
#: serverguide/C/file-server.xml:485(para)
24633
#: serverguide/C/file-server.xml:484(para)
24544
24634
msgid ""
24545
24635
"Once the <application>open-iscsi</application> package is installed, edit "
24546
24636
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24547
24637
msgstr ""
24548
24638
24549
#: serverguide/C/file-server.xml:489(programlisting)
24639
#: serverguide/C/file-server.xml:488(programlisting)
24550
24640
#, no-wrap
24551
24641
msgid ""
24552
24642
"\n"
24553
24643
"node.startup = automatic\n"
24554
24644
msgstr ""
24555
24645
24556
#: serverguide/C/file-server.xml:493(para)
24646
#: serverguide/C/file-server.xml:492(para)
24557
24647
msgid ""
24558
24648
"You can check which targets are available by using the "
24559
24649
"<application>iscsiadm</application> utility. Enter the following in a "
24560
24650
"terminal:"
24561
24651
msgstr ""
24562
24652
24563
#: serverguide/C/file-server.xml:498(command)
24653
#: serverguide/C/file-server.xml:497(command)
24564
24654
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24565
24655
msgstr ""
24566
24656
24657
#: serverguide/C/file-server.xml:501(para)
24658
msgid ""
24659
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24660
msgstr ""
24661
24567
24662
#: serverguide/C/file-server.xml:502(para)
24568
msgid ""
24569
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24663
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24570
24664
msgstr ""
24571
24665
24572
24666
#: serverguide/C/file-server.xml:503(para)
24573
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24574
msgstr ""
24575
24576
#: serverguide/C/file-server.xml:504(para)
24577
24667
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24578
24668
msgstr ""
24579
24669
24580
#: serverguide/C/file-server.xml:508(para)
24670
#: serverguide/C/file-server.xml:507(para)
24581
24671
msgid ""
24582
24672
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24583
24673
"your network."
24584
24674
msgstr ""
24585
24675
24586
#: serverguide/C/file-server.xml:513(para)
24676
#: serverguide/C/file-server.xml:512(para)
24587
24677
msgid ""
24588
24678
"If the target is available you should see output similar to the following:"
24589
24679
msgstr ""
24590
24680
24591
#: serverguide/C/file-server.xml:518(computeroutput)
24681
#: serverguide/C/file-server.xml:517(computeroutput)
24592
24682
#, no-wrap
24593
24683
msgid ""
24594
24684
"\n"
24595
24685
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24596
24686
msgstr ""
24597
24687
24598
#: serverguide/C/file-server.xml:524(para)
24688
#: serverguide/C/file-server.xml:523(para)
24599
24689
msgid ""
24600
24690
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24601
24691
"on your hardware."
24602
24692
msgstr ""
24603
24693
24604
#: serverguide/C/file-server.xml:529(para)
24694
#: serverguide/C/file-server.xml:528(para)
24605
24695
msgid ""
24606
24696
"You should now be able to connect to the iSCSI target, and depending on your "
24607
24697
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24608
24698
msgstr ""
24609
24699
24610
#: serverguide/C/file-server.xml:535(command)
24700
#: serverguide/C/file-server.xml:534(command)
24611
24701
msgid "sudo iscsiadm -m node --login"
24612
24702
msgstr ""
24613
24703
24614
#: serverguide/C/file-server.xml:538(para)
24704
#: serverguide/C/file-server.xml:537(para)
24615
24705
msgid ""
24616
24706
"Check to make sure that the new disk has been detected using "
24617
24707
"<application>dmesg</application>:"
24618
24708
msgstr ""
24619
24709
24620
#: serverguide/C/file-server.xml:543(command)
24710
#: serverguide/C/file-server.xml:542(command)
24621
24711
msgid "dmesg | grep sd"
24622
24712
msgstr ""
24623
24713
24624
#: serverguide/C/file-server.xml:544(computeroutput)
24714
#: serverguide/C/file-server.xml:543(computeroutput)
24625
24715
#, no-wrap
24626
24716
msgid ""
24627
24717
"\n"
24650
24740
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
24651
24741
msgstr ""
24652
24742
24653
#: serverguide/C/file-server.xml:568(para)
24743
#: serverguide/C/file-server.xml:567(para)
24654
24744
msgid ""
24655
24745
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
24656
24746
"this is just an example; the output you see on your screen will vary."
24657
24747
msgstr ""
24658
24748
24659
#: serverguide/C/file-server.xml:573(para)
24749
#: serverguide/C/file-server.xml:572(para)
24660
24750
msgid ""
24661
24751
"Next, create a partition, format the file system, and mount the new iSCSI "
24662
24752
"disk. In a terminal enter:"
24663
24753
msgstr ""
24664
24754
24755
#: serverguide/C/file-server.xml:577(command)
24756
msgid "sudo fdisk /dev/sdb"
24757
msgstr ""
24758
24665
24759
#: serverguide/C/file-server.xml:578(command)
24666
msgid "sudo fdisk /dev/sdb"
24760
msgid "n"
24667
24761
msgstr ""
24668
24762
24669
24763
#: serverguide/C/file-server.xml:579(command)
24670
msgid "n"
24764
msgid "p"
24671
24765
msgstr ""
24672
24766
24673
24767
#: serverguide/C/file-server.xml:580(command)
24674
msgid "p"
24768
msgid "enter"
24675
24769
msgstr ""
24676
24770
24677
24771
#: serverguide/C/file-server.xml:581(command)
24678
msgid "enter"
24679
msgstr ""
24680
24681
#: serverguide/C/file-server.xml:582(command)
24682
24772
msgid "w"
24683
24773
msgstr ""
24684
24774
24685
#: serverguide/C/file-server.xml:586(para)
24775
#: serverguide/C/file-server.xml:585(para)
24686
24776
msgid ""
24687
24777
"The above commands are from inside the <application>fdisk</application> "
24688
24778
"utility; see <command>man fdisk</command> for more detailed instructions. "
24690
24780
"friendly."
24691
24781
msgstr ""
24692
24782
24693
#: serverguide/C/file-server.xml:592(para)
24783
#: serverguide/C/file-server.xml:591(para)
24694
24784
msgid ""
24695
24785
"Now format the file system and mount it to <filename>/srv</filename> as an "
24696
24786
"example:"
24697
24787
msgstr ""
24698
24788
24789
#: serverguide/C/file-server.xml:596(command)
24790
msgid "sudo mkfs.ext4 /dev/sdb1"
24791
msgstr ""
24792
24699
24793
#: serverguide/C/file-server.xml:597(command)
24700
msgid "sudo mkfs.ext4 /dev/sdb1"
24701
msgstr ""
24702
24703
#: serverguide/C/file-server.xml:598(command)
24704
24794
msgid "sudo mount /dev/sdb1 /srv"
24705
24795
msgstr ""
24706
24796
24707
#: serverguide/C/file-server.xml:602(para)
24797
#: serverguide/C/file-server.xml:601(para)
24708
24798
msgid ""
24709
24799
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
24710
24800
"drive during boot:"
24711
24801
msgstr ""
24712
24802
24713
#: serverguide/C/file-server.xml:606(programlisting)
24803
#: serverguide/C/file-server.xml:605(programlisting)
24714
24804
#, no-wrap
24715
24805
msgid ""
24716
24806
"\n"
24717
24807
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
24718
24808
msgstr ""
24719
24809
24720
#: serverguide/C/file-server.xml:610(para)
24810
#: serverguide/C/file-server.xml:609(para)
24721
24811
msgid ""
24722
24812
"It is a good idea to make sure everything is working as expected by "
24723
24813
"rebooting the server."
24724
24814
msgstr ""
24725
24815
24726
#: serverguide/C/file-server.xml:619(ulink)
24816
#: serverguide/C/file-server.xml:618(ulink)
24727
24817
msgid "Open-iSCSI Website"
24728
24818
msgstr ""
24729
24819
24730
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
24820
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
24731
24821
msgid "Debian Open-iSCSI page"
24732
24822
msgstr ""
24733
24823
24734
#: serverguide/C/file-server.xml:629(title)
24824
#: serverguide/C/file-server.xml:628(title)
24735
24825
msgid "CUPS - Print Server"
24736
24826
msgstr ""
24737
24827
24738
#: serverguide/C/file-server.xml:630(para)
24828
#: serverguide/C/file-server.xml:629(para)
24739
24829
msgid ""
24740
24830
"The primary mechanism for Ubuntu printing and print services is the "
24741
24831
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
24743
24833
"become the new standard for printing in most Linux distributions."
24744
24834
msgstr ""
24745
24835
24746
#: serverguide/C/file-server.xml:637(para)
24836
#: serverguide/C/file-server.xml:636(para)
24747
24837
msgid ""
24748
24838
"CUPS manages print jobs and queues and provides network printing using the "
24749
24839
"standard Internet Printing Protocol (IPP), while offering support for a very "
24753
24843
"administration tool."
24754
24844
msgstr ""
24755
24845
24756
#: serverguide/C/file-server.xml:647(para)
24846
#: serverguide/C/file-server.xml:646(para)
24757
24847
msgid ""
24758
24848
"To install CUPS on your Ubuntu computer, simply use "
24759
24849
"<application>sudo</application> with the <application>apt-get</application> "
24763
24853
"CUPS:"
24764
24854
msgstr ""
24765
24855
24766
#: serverguide/C/file-server.xml:652(command)
24856
#: serverguide/C/file-server.xml:651(command)
24767
24857
msgid "sudo apt-get install cups"
24768
24858
msgstr ""
24769
24859
24770
#: serverguide/C/file-server.xml:655(para)
24860
#: serverguide/C/file-server.xml:654(para)
24771
24861
msgid ""
24772
24862
"Upon authenticating with your user password, the packages should be "
24773
24863
"downloaded and installed without error. Upon the conclusion of installation, "
24774
24864
"the CUPS server will be started automatically."
24775
24865
msgstr ""
24776
24866
24777
#: serverguide/C/file-server.xml:660(para)
24867
#: serverguide/C/file-server.xml:659(para)
24778
24868
msgid ""
24779
24869
"For troubleshooting purposes, you can access CUPS server errors via the "
24780
24870
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
24787
24877
"from becoming overly large."
24788
24878
msgstr ""
24789
24879
24790
#: serverguide/C/file-server.xml:673(para)
24880
#: serverguide/C/file-server.xml:672(para)
24791
24881
msgid ""
24792
24882
"The Common UNIX Printing System server's behavior is configured through the "
24793
24883
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
24798
24888
"initially will be presented here."
24799
24889
msgstr ""
24800
24890
24801
#: serverguide/C/file-server.xml:683(para)
24891
#: serverguide/C/file-server.xml:682(para)
24802
24892
msgid ""
24803
24893
"Prior to editing the configuration file, you should make a copy of the "
24804
24894
"original file and protect it from writing, so you will have the original "
24805
24895
"settings as a reference, and to reuse as necessary."
24806
24896
msgstr ""
24807
24897
24808
#: serverguide/C/file-server.xml:687(para)
24898
#: serverguide/C/file-server.xml:686(para)
24809
24899
msgid ""
24810
24900
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
24811
24901
"writing with the following commands, issued at a terminal prompt:"
24812
24902
msgstr ""
24813
24903
24904
#: serverguide/C/file-server.xml:692(command)
24905
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
24906
msgstr ""
24907
24814
24908
#: serverguide/C/file-server.xml:693(command)
24815
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
24816
msgstr ""
24817
24818
#: serverguide/C/file-server.xml:694(command)
24819
24909
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
24820
24910
msgstr ""
24821
24911
24822
#: serverguide/C/file-server.xml:699(para)
24912
#: serverguide/C/file-server.xml:698(para)
24823
24913
msgid ""
24824
24914
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
24825
24915
"address of the designated administrator of the CUPS server, simply edit the "
24831
24921
"as such:"
24832
24922
msgstr ""
24833
24923
24834
#: serverguide/C/file-server.xml:710(screen)
24924
#: serverguide/C/file-server.xml:709(screen)
24835
24925
#, no-wrap
24836
24926
msgid ""
24837
24927
"\n"
24838
24928
"ServerAdmin bjoy@somebigco.com\n"
24839
24929
msgstr ""
24840
24930
24841
#: serverguide/C/file-server.xml:716(para)
24931
#: serverguide/C/file-server.xml:715(para)
24842
24932
msgid ""
24843
24933
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
24844
24934
"server installation listens only on the loopback interface at IP address "
24853
24943
"such:"
24854
24944
msgstr ""
24855
24945
24856
#: serverguide/C/file-server.xml:730(screen)
24946
#: serverguide/C/file-server.xml:729(screen)
24857
24947
#, no-wrap
24858
24948
msgid ""
24859
24949
"\n"
24863
24953
"(IPP)\n"
24864
24954
msgstr ""
24865
24955
24866
#: serverguide/C/file-server.xml:736(para)
24956
#: serverguide/C/file-server.xml:735(para)
24867
24957
msgid ""
24868
24958
"In the example above, you may comment out or remove the reference to the "
24869
24959
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
24874
24964
"<emphasis>socrates</emphasis> as such:"
24875
24965
msgstr ""
24876
24966
24877
#: serverguide/C/file-server.xml:746(screen)
24967
#: serverguide/C/file-server.xml:745(screen)
24878
24968
#, no-wrap
24879
24969
msgid ""
24880
24970
"\n"
24881
24971
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
24882
24972
msgstr ""
24883
24973
24884
#: serverguide/C/file-server.xml:750(para)
24974
#: serverguide/C/file-server.xml:749(para)
24885
24975
msgid ""
24886
24976
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
24887
24977
"instead, as in:"
24888
24978
msgstr ""
24889
24979
24890
#: serverguide/C/file-server.xml:752(screen)
24980
#: serverguide/C/file-server.xml:751(screen)
24891
24981
#, no-wrap
24892
24982
msgid ""
24893
24983
"\n"
24894
24984
"Port 631 # Listen on port 631 on all interfaces\n"
24895
24985
msgstr ""
24896
24986
24897
#: serverguide/C/file-server.xml:759(para)
24987
#: serverguide/C/file-server.xml:758(para)
24898
24988
msgid ""
24899
24989
"For more examples of configuration directives in the CUPS server "
24900
24990
"configuration file, view the associated system manual page by entering the "
24901
24991
"following command at a terminal prompt:"
24902
24992
msgstr ""
24903
24993
24904
#: serverguide/C/file-server.xml:766(command)
24994
#: serverguide/C/file-server.xml:765(command)
24905
24995
msgid "man cupsd.conf"
24906
24996
msgstr ""
24907
24997
24908
#: serverguide/C/file-server.xml:770(para)
24998
#: serverguide/C/file-server.xml:769(para)
24909
24999
msgid ""
24910
25000
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
24911
25001
"configuration file, you'll need to restart the CUPS server by typing the "
24916
25006
msgid "sudo service cups restart"
24917
25007
msgstr ""
24918
25008
24919
#: serverguide/C/file-server.xml:782(title)
25009
#: serverguide/C/file-server.xml:781(title)
24920
25010
msgid "Web Interface"
24921
25011
msgstr ""
24922
25012
24923
#: serverguide/C/file-server.xml:784(para)
25013
#: serverguide/C/file-server.xml:783(para)
24924
25014
msgid ""
24925
25015
"CUPS can be configured and monitored using a web interface, which by default "
24926
25016
"is available at <ulink "
24928
25018
"web interface can be used to perform all printer management tasks."
24929
25019
msgstr ""
24930
25020
24931
#: serverguide/C/file-server.xml:788(para)
25021
#: serverguide/C/file-server.xml:787(para)
24932
25022
msgid ""
24933
25023
"In order to perform administrative tasks via the web interface, you must "
24934
25024
"either have the root account enabled on your server, or authenticate as a "
24936
25026
"reasons, CUPS won't authenticate a user that doesn't have a password."
24937
25027
msgstr ""
24938
25028
24939
#: serverguide/C/file-server.xml:791(para)
25029
#: serverguide/C/file-server.xml:790(para)
24940
25030
msgid ""
24941
25031
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
24942
25032
"at the terminal prompt: <screen>\n"
24944
25034
"</screen>"
24945
25035
msgstr ""
24946
25036
24947
#: serverguide/C/file-server.xml:797(para)
25037
#: serverguide/C/file-server.xml:796(para)
24948
25038
msgid ""
24949
25039
"Further documentation is available in the <emphasis "
24950
25040
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
24951
25041
msgstr ""
24952
25042
24953
#: serverguide/C/file-server.xml:805(ulink)
25043
#: serverguide/C/file-server.xml:804(ulink)
24954
25044
msgid "CUPS Website"
24955
25045
msgstr ""
24956
25046
25081
25171
"prompt:"
25082
25172
msgstr ""
25083
25173
25084
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
25174
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25085
25175
msgid "sudo service bind9 restart"
25086
25176
msgstr ""
25087
25177
25131
25221
"command below.)"
25132
25222
msgstr ""
25133
25223
25134
#: serverguide/C/dns.xml:141(para)
25224
#: serverguide/C/dns.xml:145(para)
25135
25225
msgid ""
25136
25226
"Now use an existing zone file as a template to create the "
25137
25227
"<filename>/etc/bind/db.example.com</filename> file:"
25138
25228
msgstr ""
25139
25229
25140
#: serverguide/C/dns.xml:145(command)
25230
#: serverguide/C/dns.xml:149(command)
25141
25231
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
25142
25232
msgstr ""
25143
25233
25144
#: serverguide/C/dns.xml:147(para)
25234
#: serverguide/C/dns.xml:151(para)
25145
25235
msgid ""
25146
25236
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
25147
25237
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
25152
25242
"this file is for."
25153
25243
msgstr ""
25154
25244
25155
#: serverguide/C/dns.xml:154(para)
25245
#: serverguide/C/dns.xml:158(para)
25156
25246
msgid ""
25157
25247
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
25158
25248
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
25160
25250
"the name server in this example:"
25161
25251
msgstr ""
25162
25252
25163
#: serverguide/C/dns.xml:159(programlisting)
25253
#: serverguide/C/dns.xml:163(programlisting)
25164
25254
#, no-wrap
25165
25255
msgid ""
25166
25256
"\n"
25182
25272
"ns IN A 192.168.1.10\n"
25183
25273
msgstr ""
25184
25274
25185
#: serverguide/C/dns.xml:177(para)
25275
#: serverguide/C/dns.xml:181(para)
25186
25276
msgid ""
25187
25277
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25188
25278
"make changes to the zone file. If you make multiple changes before "
25189
25279
"restarting BIND9, simply increment the Serial once."
25190
25280
msgstr ""
25191
25281
25192
#: serverguide/C/dns.xml:181(para)
25282
#: serverguide/C/dns.xml:185(para)
25193
25283
msgid ""
25194
25284
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25195
25285
"linkend=\"dns-record-types\"/> for details."
25196
25286
msgstr ""
25197
25287
25198
#: serverguide/C/dns.xml:185(para)
25288
#: serverguide/C/dns.xml:189(para)
25199
25289
msgid ""
25200
25290
"Many admins like to use the last date edited as the serial of a zone, such "
25201
25291
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25202
25292
"<emphasis>ss</emphasis> is the Serial Number)"
25203
25293
msgstr ""
25204
25294
25205
#: serverguide/C/dns.xml:190(para)
25295
#: serverguide/C/dns.xml:194(para)
25206
25296
msgid ""
25207
25297
"Once you have made changes to the zone file <application>BIND9</application> "
25208
25298
"needs to be restarted for the changes to take effect:"
25209
25299
msgstr ""
25210
25300
25211
#: serverguide/C/dns.xml:199(title)
25301
#: serverguide/C/dns.xml:203(title)
25212
25302
msgid "Reverse Zone File"
25213
25303
msgstr ""
25214
25304
25215
#: serverguide/C/dns.xml:200(para)
25305
#: serverguide/C/dns.xml:204(para)
25216
25306
msgid ""
25217
25307
"Now that the zone is setup and resolving names to IP Adresses a "
25218
25308
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25219
25309
"DNS to resolve an address to a name."
25220
25310
msgstr ""
25221
25311
25222
#: serverguide/C/dns.xml:204(para)
25312
#: serverguide/C/dns.xml:208(para)
25223
25313
msgid "Edit /etc/bind/named.conf.local and add the following:"
25224
25314
msgstr ""
25225
25315
25226
#: serverguide/C/dns.xml:207(programlisting)
25316
#: serverguide/C/dns.xml:211(programlisting)
25227
25317
#, no-wrap
25228
25318
msgid ""
25229
25319
"\n"
25233
25323
"};\n"
25234
25324
msgstr ""
25235
25325
25236
#: serverguide/C/dns.xml:214(para)
25326
#: serverguide/C/dns.xml:218(para)
25237
25327
msgid ""
25238
25328
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
25239
25329
"whatever network you are using. Also, name the zone file "
25241
25331
"first octet of your network."
25242
25332
msgstr ""
25243
25333
25244
#: serverguide/C/dns.xml:219(para)
25334
#: serverguide/C/dns.xml:223(para)
25245
25335
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
25246
25336
msgstr ""
25247
25337
25248
#: serverguide/C/dns.xml:223(command)
25338
#: serverguide/C/dns.xml:227(command)
25249
25339
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
25250
25340
msgstr ""
25251
25341
25252
#: serverguide/C/dns.xml:225(para)
25342
#: serverguide/C/dns.xml:229(para)
25253
25343
msgid ""
25254
25344
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
25255
25345
"same options as <filename>/etc/bind/db.example.com</filename>:"
25256
25346
msgstr ""
25257
25347
25258
#: serverguide/C/dns.xml:229(programlisting)
25348
#: serverguide/C/dns.xml:233(programlisting)
25259
25349
#, no-wrap
25260
25350
msgid ""
25261
25351
"\n"
25274
25364
"10 IN PTR ns.example.com.\n"
25275
25365
msgstr ""
25276
25366
25277
#: serverguide/C/dns.xml:244(para)
25367
#: serverguide/C/dns.xml:248(para)
25278
25368
msgid ""
25279
25369
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
25280
25370
"incremented on each change as well. For each <emphasis>A record</emphasis> "
25283
25373
"<filename>/etc/bind/db.192</filename>."
25284
25374
msgstr ""
25285
25375
25286
#: serverguide/C/dns.xml:249(para)
25376
#: serverguide/C/dns.xml:253(para)
25287
25377
msgid ""
25288
25378
"After creating the reverse zone file restart "
25289
25379
"<application>BIND9</application>:"
25290
25380
msgstr ""
25291
25381
25292
#: serverguide/C/dns.xml:258(title)
25382
#: serverguide/C/dns.xml:262(title)
25293
25383
msgid "Secondary Master"
25294
25384
msgstr ""
25295
25385
25296
#: serverguide/C/dns.xml:259(para)
25386
#: serverguide/C/dns.xml:263(para)
25297
25387
msgid ""
25298
25388
"Once a <emphasis>Primary Master</emphasis> has been configured a "
25299
25389
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
25300
25390
"availability of the domain should the Primary become unavailable."
25301
25391
msgstr ""
25302
25392
25303
#: serverguide/C/dns.xml:263(para)
25393
#: serverguide/C/dns.xml:267(para)
25304
25394
msgid ""
25305
25395
"First, on the Primary Master server, the zone transfer needs to be allowed. "
25306
25396
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
25308
25398
"<filename>/etc/bind/named.conf.local</filename>:"
25309
25399
msgstr ""
25310
25400
25311
#: serverguide/C/dns.xml:267(programlisting)
25401
#: serverguide/C/dns.xml:271(programlisting)
25312
25402
#, no-wrap
25313
25403
msgid ""
25314
25404
"\n"
25325
25415
"};\n"
25326
25416
msgstr ""
25327
25417
25328
#: serverguide/C/dns.xml:281(para)
25418
#: serverguide/C/dns.xml:285(para)
25329
25419
msgid ""
25330
25420
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
25331
25421
"Secondary nameserver."
25332
25422
msgstr ""
25333
25423
25334
#: serverguide/C/dns.xml:285(para)
25424
#: serverguide/C/dns.xml:289(para)
25335
25425
msgid "Restart <application>BIND9</application> on the Primary Master:"
25336
25426
msgstr ""
25337
25427
25338
#: serverguide/C/dns.xml:291(para)
25428
#: serverguide/C/dns.xml:295(para)
25339
25429
msgid ""
25340
25430
"Next, on the Secondary Master, install the <application>bind9</application> "
25341
25431
"package the same way as on the Primary. Then edit the "
25343
25433
"declarations for the Forward and Reverse zones:"
25344
25434
msgstr ""
25345
25435
25346
#: serverguide/C/dns.xml:295(programlisting)
25436
#: serverguide/C/dns.xml:299(programlisting)
25347
25437
#, no-wrap
25348
25438
msgid ""
25349
25439
"\n"
25360
25450
"};\n"
25361
25451
msgstr ""
25362
25452
25363
#: serverguide/C/dns.xml:309(para)
25453
#: serverguide/C/dns.xml:313(para)
25364
25454
msgid ""
25365
25455
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
25366
25456
"Primary nameserver."
25367
25457
msgstr ""
25368
25458
25369
#: serverguide/C/dns.xml:313(para)
25459
#: serverguide/C/dns.xml:317(para)
25370
25460
msgid "Restart <application>BIND9</application> on the Secondary Master:"
25371
25461
msgstr ""
25372
25462
25373
#: serverguide/C/dns.xml:319(para)
25463
#: serverguide/C/dns.xml:323(para)
25374
25464
msgid ""
25375
25465
"In <filename>/var/log/syslog</filename> you should see something similar to "
25376
25466
"(some lines have been split to fit the format of this document):"
25377
25467
msgstr ""
25378
25468
25379
#: serverguide/C/dns.xml:322(programlisting)
25469
#: serverguide/C/dns.xml:326(programlisting)
25380
25470
#, no-wrap
25381
25471
msgid ""
25382
25472
"\n"
25401
25491
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
25402
25492
msgstr ""
25403
25493
25404
#: serverguide/C/dns.xml:341(para)
25494
#: serverguide/C/dns.xml:345(para)
25405
25495
msgid ""
25406
25496
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
25407
25497
"on the Primary is larger than the one on the Secondary. If you want to have "
25411
25501
"below:"
25412
25502
msgstr ""
25413
25503
25414
#: serverguide/C/dns.xml:345(programlisting)
25504
#: serverguide/C/dns.xml:349(programlisting)
25415
25505
#, no-wrap
25416
25506
msgid ""
25417
25507
"\n"
25431
25521
"\t"
25432
25522
msgstr ""
25433
25523
25434
#: serverguide/C/dns.xml:361(para)
25524
#: serverguide/C/dns.xml:365(para)
25435
25525
msgid ""
25436
25526
"The default directory for non-authoritative zone files is "
25437
25527
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
25440
25530
"on AppArmor see <xref linkend=\"apparmor\"/>."
25441
25531
msgstr ""
25442
25532
25443
#: serverguide/C/dns.xml:372(para)
25533
#: serverguide/C/dns.xml:376(para)
25444
25534
msgid ""
25445
25535
"This section covers ways to help determine the cause when problems happen "
25446
25536
"with DNS and <application>BIND9</application>."
25447
25537
msgstr ""
25448
25538
25449
#: serverguide/C/dns.xml:378(title)
25539
#: serverguide/C/dns.xml:382(title)
25450
25540
msgid "resolv.conf"
25451
25541
msgstr ""
25452
25542
25460
25550
"<filename>/etc/resolv.conf</filename> contains (for this example):"
25461
25551
msgstr ""
25462
25552
25463
#: serverguide/C/dns.xml:384(programlisting)
25553
#: serverguide/C/dns.xml:389(programlisting)
25464
25554
#, no-wrap
25465
25555
msgid ""
25466
25556
"\n"
25476
25566
"to RESOLVCONF=yes."
25477
25567
msgstr ""
25478
25568
25479
#: serverguide/C/dns.xml:389(para)
25569
#: serverguide/C/dns.xml:398(para)
25480
25570
msgid ""
25481
25571
"You should also add the IP Address of the Secondary nameserver in case the "
25482
25572
"Primary becomes unavailable."
25483
25573
msgstr ""
25484
25574
25485
#: serverguide/C/dns.xml:395(title)
25575
#: serverguide/C/dns.xml:404(title)
25486
25576
msgid "dig"
25487
25577
msgstr ""
25488
25578
25489
#: serverguide/C/dns.xml:396(para)
25579
#: serverguide/C/dns.xml:405(para)
25490
25580
msgid ""
25491
25581
"If you installed the <application>dnsutils</application> package you can "
25492
25582
"test your setup using the DNS lookup utility <application>dig</application>:"
25493
25583
msgstr ""
25494
25584
25495
#: serverguide/C/dns.xml:402(para)
25585
#: serverguide/C/dns.xml:411(para)
25496
25586
msgid ""
25497
25587
"After installing <application>BIND9</application> use "
25498
25588
"<application>dig</application> against the loopback interface to make sure "
25499
25589
"it is listening on port 53. From a terminal prompt:"
25500
25590
msgstr ""
25501
25591
25502
#: serverguide/C/dns.xml:407(command)
25592
#: serverguide/C/dns.xml:416(command)
25503
25593
msgid "dig -x 127.0.0.1"
25504
25594
msgstr ""
25505
25595
25506
#: serverguide/C/dns.xml:409(para)
25596
#: serverguide/C/dns.xml:418(para)
25507
25597
msgid "You should see lines similar to the following in the command output:"
25508
25598
msgstr ""
25509
25599
25510
#: serverguide/C/dns.xml:412(programlisting)
25600
#: serverguide/C/dns.xml:421(programlisting)
25511
25601
#, no-wrap
25512
25602
msgid ""
25513
25603
"\n"
25515
25605
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
25516
25606
msgstr ""
25517
25607
25518
#: serverguide/C/dns.xml:418(para)
25608
#: serverguide/C/dns.xml:427(para)
25519
25609
msgid ""
25520
25610
"If you have configured <application>BIND9</application> as a "
25521
25611
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
25522
25612
"the query time:"
25523
25613
msgstr ""
25524
25614
25525
#: serverguide/C/dns.xml:423(command)
25615
#: serverguide/C/dns.xml:432(command)
25526
25616
msgid "dig ubuntu.com"
25527
25617
msgstr ""
25528
25618
25529
#: serverguide/C/dns.xml:425(para)
25619
#: serverguide/C/dns.xml:434(para)
25530
25620
msgid "Note the query time toward the end of the command output:"
25531
25621
msgstr ""
25532
25622
25533
#: serverguide/C/dns.xml:428(programlisting)
25623
#: serverguide/C/dns.xml:437(programlisting)
25534
25624
#, no-wrap
25535
25625
msgid ""
25536
25626
"\n"
25537
25627
";; Query time: 49 msec\n"
25538
25628
msgstr ""
25539
25629
25540
#: serverguide/C/dns.xml:431(para)
25630
#: serverguide/C/dns.xml:440(para)
25541
25631
msgid "After a second dig there should be improvement:"
25542
25632
msgstr ""
25543
25633
25544
#: serverguide/C/dns.xml:434(programlisting)
25634
#: serverguide/C/dns.xml:443(programlisting)
25545
25635
#, no-wrap
25546
25636
msgid ""
25547
25637
"\n"
25548
25638
";; Query time: 1 msec\n"
25549
25639
msgstr ""
25550
25640
25551
#: serverguide/C/dns.xml:441(title)
25641
#: serverguide/C/dns.xml:450(title)
25552
25642
msgid "ping"
25553
25643
msgstr ""
25554
25644
25555
#: serverguide/C/dns.xml:443(para)
25645
#: serverguide/C/dns.xml:452(para)
25556
25646
msgid ""
25557
25647
"Now to demonstrate how applications make use of DNS to resolve a host name "
25558
25648
"use the <application>ping</application> utility to send an ICMP echo "
25559
25649
"request. From a terminal prompt enter:"
25560
25650
msgstr ""
25561
25651
25562
#: serverguide/C/dns.xml:449(command)
25652
#: serverguide/C/dns.xml:458(command)
25563
25653
msgid "ping example.com"
25564
25654
msgstr ""
25565
25655
25566
#: serverguide/C/dns.xml:451(para)
25656
#: serverguide/C/dns.xml:460(para)
25567
25657
msgid ""
25568
25658
"This tests if the nameserver can resolve the name "
25569
25659
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25570
25660
"should resemble:"
25571
25661
msgstr ""
25572
25662
25573
#: serverguide/C/dns.xml:455(programlisting)
25663
#: serverguide/C/dns.xml:464(programlisting)
25574
25664
#, no-wrap
25575
25665
msgid ""
25576
25666
"\n"
25579
25669
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
25580
25670
msgstr ""
25581
25671
25582
#: serverguide/C/dns.xml:462(title)
25672
#: serverguide/C/dns.xml:471(title)
25583
25673
msgid "named-checkzone"
25584
25674
msgstr ""
25585
25675
25586
#: serverguide/C/dns.xml:463(para)
25676
#: serverguide/C/dns.xml:472(para)
25587
25677
msgid ""
25588
25678
"A great way to test your zone files is by using the <application>named-"
25589
25679
"checkzone</application> utility installed with the "
25592
25682
"<application>BIND9</application> and making the changes live."
25593
25683
msgstr ""
25594
25684
25595
#: serverguide/C/dns.xml:470(para)
25685
#: serverguide/C/dns.xml:479(para)
25596
25686
msgid ""
25597
25687
"To test our example Forward zone file enter the following from a command "
25598
25688
"prompt:"
25599
25689
msgstr ""
25600
25690
25601
#: serverguide/C/dns.xml:474(command)
25691
#: serverguide/C/dns.xml:483(command)
25602
25692
msgid "named-checkzone example.com /etc/bind/db.example.com"
25603
25693
msgstr ""
25604
25694
25605
#: serverguide/C/dns.xml:476(para)
25695
#: serverguide/C/dns.xml:485(para)
25606
25696
msgid ""
25607
25697
"If everything is configured correctly you should see output similar to:"
25608
25698
msgstr ""
25609
25699
25610
#: serverguide/C/dns.xml:479(programlisting)
25700
#: serverguide/C/dns.xml:488(programlisting)
25611
25701
#, no-wrap
25612
25702
msgid ""
25613
25703
"\n"
25615
25705
"OK\n"
25616
25706
msgstr ""
25617
25707
25618
#: serverguide/C/dns.xml:485(para)
25708
#: serverguide/C/dns.xml:494(para)
25619
25709
msgid "Similarly, to test the Reverse zone file enter the following:"
25620
25710
msgstr ""
25621
25711
25622
#: serverguide/C/dns.xml:489(command)
25712
#: serverguide/C/dns.xml:498(command)
25623
25713
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
25624
25714
msgstr ""
25625
25715
25626
#: serverguide/C/dns.xml:491(para)
25716
#: serverguide/C/dns.xml:500(para)
25627
25717
msgid "The output should be similar to:"
25628
25718
msgstr ""
25629
25719
25630
#: serverguide/C/dns.xml:494(programlisting)
25720
#: serverguide/C/dns.xml:503(programlisting)
25631
25721
#, no-wrap
25632
25722
msgid ""
25633
25723
"\n"
25635
25725
"OK\n"
25636
25726
msgstr ""
25637
25727
25638
#: serverguide/C/dns.xml:501(para)
25728
#: serverguide/C/dns.xml:510(para)
25639
25729
msgid ""
25640
25730
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
25641
25731
"different."
25642
25732
msgstr ""
25643
25733
25644
#: serverguide/C/dns.xml:509(para)
25734
#: serverguide/C/dns.xml:518(para)
25645
25735
msgid ""
25646
25736
"<application>BIND9</application> has a wide variety of logging configuration "
25647
25737
"options available. There are two main options. The "
25649
25739
"<emphasis>category</emphasis> option determines what information to log."
25650
25740
msgstr ""
25651
25741
25652
#: serverguide/C/dns.xml:513(para)
25742
#: serverguide/C/dns.xml:522(para)
25653
25743
msgid "If no logging option is configured the default option is:"
25654
25744
msgstr ""
25655
25745
25656
#: serverguide/C/dns.xml:516(programlisting)
25746
#: serverguide/C/dns.xml:525(programlisting)
25657
25747
#, no-wrap
25658
25748
msgid ""
25659
25749
"\n"
25663
25753
"};\n"
25664
25754
msgstr ""
25665
25755
25666
#: serverguide/C/dns.xml:522(para)
25756
#: serverguide/C/dns.xml:531(para)
25667
25757
msgid ""
25668
25758
"This section covers configuring <application>BIND9</application> to send "
25669
25759
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
25670
25760
"file."
25671
25761
msgstr ""
25672
25762
25673
#: serverguide/C/dns.xml:527(para)
25763
#: serverguide/C/dns.xml:536(para)
25674
25764
msgid ""
25675
25765
"First, we need to configure a channel to specify which file to send the "
25676
25766
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
25677
25767
"the following:"
25678
25768
msgstr ""
25679
25769
25680
#: serverguide/C/dns.xml:531(programlisting)
25770
#: serverguide/C/dns.xml:540(programlisting)
25681
25771
#, no-wrap
25682
25772
msgid ""
25683
25773
"\n"
25689
25779
"};\n"
25690
25780
msgstr ""
25691
25781
25692
#: serverguide/C/dns.xml:541(para)
25782
#: serverguide/C/dns.xml:550(para)
25693
25783
msgid "Next, configure a category to send all DNS queries to the query file:"
25694
25784
msgstr ""
25695
25785
25696
#: serverguide/C/dns.xml:544(programlisting)
25786
#: serverguide/C/dns.xml:553(programlisting)
25697
25787
#, no-wrap
25698
25788
msgid ""
25699
25789
"\n"
25706
25796
"};\n"
25707
25797
msgstr ""
25708
25798
25709
#: serverguide/C/dns.xml:556(para)
25799
#: serverguide/C/dns.xml:565(para)
25710
25800
msgid ""
25711
25801
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
25712
25802
"level isn't specified level 1 is the default."
25713
25803
msgstr ""
25714
25804
25715
#: serverguide/C/dns.xml:562(para)
25805
#: serverguide/C/dns.xml:571(para)
25716
25806
msgid ""
25717
25807
"Since the <emphasis>named daemon</emphasis> runs as the "
25718
25808
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
25719
25809
"file must be created and the ownership changed:"
25720
25810
msgstr ""
25721
25811
25722
#: serverguide/C/dns.xml:567(command)
25812
#: serverguide/C/dns.xml:576(command)
25723
25813
msgid "sudo touch /var/log/query.log"
25724
25814
msgstr ""
25725
25815
25726
#: serverguide/C/dns.xml:568(command)
25816
#: serverguide/C/dns.xml:577(command)
25727
25817
msgid "sudo chown bind /var/log/query.log"
25728
25818
msgstr ""
25729
25819
25730
#: serverguide/C/dns.xml:572(para)
25820
#: serverguide/C/dns.xml:581(para)
25731
25821
msgid ""
25732
25822
"Before <application>named</application> daemon can write to the new log file "
25733
25823
"the <application>AppArmor</application> profile must be updated. First, edit "
25734
25824
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
25735
25825
msgstr ""
25736
25826
25737
#: serverguide/C/dns.xml:576(programlisting)
25827
#: serverguide/C/dns.xml:585(programlisting)
25738
25828
#, no-wrap
25739
25829
msgid ""
25740
25830
"\n"
25741
25831
"/var/log/query.log w,\n"
25742
25832
msgstr ""
25743
25833
25744
#: serverguide/C/dns.xml:579(para)
25834
#: serverguide/C/dns.xml:588(para)
25745
25835
msgid "Next, reload the profile:"
25746
25836
msgstr ""
25747
25837
25748
#: serverguide/C/dns.xml:583(command)
25838
#: serverguide/C/dns.xml:592(command)
25749
25839
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
25750
25840
msgstr ""
25751
25841
25752
#: serverguide/C/dns.xml:585(para)
25842
#: serverguide/C/dns.xml:594(para)
25753
25843
msgid ""
25754
25844
"For more information on <application>AppArmor</application> see <xref "
25755
25845
"linkend=\"apparmor\"/>"
25756
25846
msgstr ""
25757
25847
25758
#: serverguide/C/dns.xml:590(para)
25848
#: serverguide/C/dns.xml:599(para)
25759
25849
msgid ""
25760
25850
"Now restart <application>BIND9</application> for the changes to take effect:"
25761
25851
msgstr ""
25762
25852
25763
#: serverguide/C/dns.xml:598(para)
25853
#: serverguide/C/dns.xml:607(para)
25764
25854
msgid ""
25765
25855
"You should see the file <filename>/var/log/query.log</filename> fill with "
25766
25856
"query information. This is a simple example of the "
25768
25858
"options see <xref linkend=\"dns-more-info\"/>."
25769
25859
msgstr ""
25770
25860
25771
#: serverguide/C/dns.xml:607(title)
25861
#: serverguide/C/dns.xml:616(title)
25772
25862
msgid "Common Record Types"
25773
25863
msgstr ""
25774
25864
25775
#: serverguide/C/dns.xml:608(para)
25865
#: serverguide/C/dns.xml:617(para)
25776
25866
msgid "This section covers some of the most common DNS record types."
25777
25867
msgstr ""
25778
25868
25779
#: serverguide/C/dns.xml:613(para)
25869
#: serverguide/C/dns.xml:622(para)
25780
25870
msgid ""
25781
25871
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
25782
25872
msgstr ""
25783
25873
25784
#: serverguide/C/dns.xml:616(programlisting)
25874
#: serverguide/C/dns.xml:625(programlisting)
25785
25875
#, no-wrap
25786
25876
msgid ""
25787
25877
"\n"
25788
25878
"www IN A 192.168.1.12\n"
25789
25879
msgstr ""
25790
25880
25791
#: serverguide/C/dns.xml:621(para)
25881
#: serverguide/C/dns.xml:630(para)
25792
25882
msgid ""
25793
25883
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
25794
25884
"record. You cannot create a CNAME record pointing to another CNAME record."
25795
25885
msgstr ""
25796
25886
25797
#: serverguide/C/dns.xml:624(programlisting)
25887
#: serverguide/C/dns.xml:633(programlisting)
25798
25888
#, no-wrap
25799
25889
msgid ""
25800
25890
"\n"
25801
25891
"web IN CNAME www\n"
25802
25892
msgstr ""
25803
25893
25804
#: serverguide/C/dns.xml:629(para)
25894
#: serverguide/C/dns.xml:638(para)
25805
25895
msgid ""
25806
25896
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
25807
25897
"to. Must point to an A record, not a CNAME."
25808
25898
msgstr ""
25809
25899
25810
#: serverguide/C/dns.xml:632(programlisting)
25900
#: serverguide/C/dns.xml:641(programlisting)
25811
25901
#, no-wrap
25812
25902
msgid ""
25813
25903
"\n"
25815
25905
"mail IN A 192.168.1.13\n"
25816
25906
msgstr ""
25817
25907
25818
#: serverguide/C/dns.xml:638(para)
25908
#: serverguide/C/dns.xml:647(para)
25819
25909
msgid ""
25820
25910
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
25821
25911
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
25822
25912
"Secondary servers are defined."
25823
25913
msgstr ""
25824
25914
25825
#: serverguide/C/dns.xml:642(programlisting)
25915
#: serverguide/C/dns.xml:651(programlisting)
25826
25916
#, no-wrap
25827
25917
msgid ""
25828
25918
"\n"
25832
25922
"ns2 IN A 192.168.1.11\n"
25833
25923
msgstr ""
25834
25924
25835
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
25925
#: serverguide/C/dns.xml:661(title)
25836
25926
msgid "More Information"
25837
25927
msgstr ""
25838
25928
25863
25953
"BIND on IPv6</ulink> book."
25864
25954
msgstr ""
25865
25955
25866
#: serverguide/C/dns.xml:670(para)
25956
#: serverguide/C/dns.xml:684(para)
25867
25957
msgid ""
25868
25958
"A great place to ask for <application>BIND9</application> assistance, and "
25869
25959
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
26046
26136
"Components</link> describes the components of the DM-Multipath package."
26047
26137
msgstr ""
26048
26138
26049
#: serverguide/C/dm-multipath.xml:184(title)
26139
#: serverguide/C/dm-multipath.xml:183(title)
26050
26140
msgid "DM-Multipath Setup Overview"
26051
26141
msgstr ""
26052
26142
26053
#: serverguide/C/dm-multipath.xml:191(para)
26143
#: serverguide/C/dm-multipath.xml:190(para)
26054
26144
msgid ""
26055
26145
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26056
26146
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26057
26147
msgstr ""
26058
26148
26059
#: serverguide/C/dm-multipath.xml:197(para)
26149
#: serverguide/C/dm-multipath.xml:196(para)
26060
26150
msgid ""
26061
26151
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26062
26152
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26063
26153
msgstr ""
26064
26154
26065
#: serverguide/C/dm-multipath.xml:203(para)
26155
#: serverguide/C/dm-multipath.xml:202(para)
26066
26156
msgid ""
26067
26157
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26068
26158
"configuration file to modify default values and save the updated file."
26069
26159
msgstr ""
26070
26160
26071
#: serverguide/C/dm-multipath.xml:209(para)
26161
#: serverguide/C/dm-multipath.xml:208(para)
26072
26162
msgid "Start the multipath daemon"
26073
26163
msgstr ""
26074
26164
26075
#: serverguide/C/dm-multipath.xml:213(para)
26165
#: serverguide/C/dm-multipath.xml:212(para)
26076
26166
msgid "Update initial ramdisk"
26077
26167
msgstr ""
26078
26168
26079
#: serverguide/C/dm-multipath.xml:186(para)
26169
#: serverguide/C/dm-multipath.xml:185(para)
26080
26170
msgid ""
26081
26171
"DM-Multipath includes compiled-in default settings that are suitable for "
26082
26172
"common multipath configurations. Setting up DM-multipath is often a simple "
26086
26176
"overview\">Setting Up DM-Multipath</link>."
26087
26177
msgstr ""
26088
26178
26089
#: serverguide/C/dm-multipath.xml:223(title)
26179
#: serverguide/C/dm-multipath.xml:222(title)
26090
26180
msgid "Multipath Devices"
26091
26181
msgstr ""
26092
26182
26093
#: serverguide/C/dm-multipath.xml:225(para)
26183
#: serverguide/C/dm-multipath.xml:224(para)
26094
26184
msgid ""
26095
26185
"Without DM-Multipath, each path from a server node to a storage controller "
26096
26186
"is treated by the system as a separate device, even when the I/O path "
26099
26189
"multipath device on top of the underlying devices."
26100
26190
msgstr ""
26101
26191
26102
#: serverguide/C/dm-multipath.xml:233(title)
26192
#: serverguide/C/dm-multipath.xml:232(title)
26103
26193
msgid "Multipath Device Identifiers"
26104
26194
msgstr ""
26105
26195
26106
#: serverguide/C/dm-multipath.xml:261(para)
26196
#: serverguide/C/dm-multipath.xml:260(para)
26107
26197
msgid ""
26108
26198
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
26109
26199
"early in the boot process. Use these devices to access the multipathed "
26110
26200
"devices, for example when creating logical volumes."
26111
26201
msgstr ""
26112
26202
26113
#: serverguide/C/dm-multipath.xml:268(para)
26203
#: serverguide/C/dm-multipath.xml:267(para)
26114
26204
msgid ""
26115
26205
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
26116
26206
"internal use only and should never be used."
26156
26246
"Device Configuration Attributes</link>."
26157
26247
msgstr ""
26158
26248
26159
#: serverguide/C/dm-multipath.xml:289(title)
26249
#: serverguide/C/dm-multipath.xml:288(title)
26160
26250
msgid "Consistent Multipath Device Names in a Cluster"
26161
26251
msgstr ""
26162
26252
26163
#: serverguide/C/dm-multipath.xml:291(para)
26253
#: serverguide/C/dm-multipath.xml:290(para)
26164
26254
msgid ""
26165
26255
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26166
26256
"configuration option is set to yes, the name of the multipath device is "
26183
26273
"procedure:"
26184
26274
msgstr ""
26185
26275
26186
#: serverguide/C/dm-multipath.xml:313(para)
26276
#: serverguide/C/dm-multipath.xml:312(para)
26187
26277
msgid "Set up all of the multipath devices on one machine."
26188
26278
msgstr ""
26189
26279
26190
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26280
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26191
26281
msgid ""
26192
26282
"Disable all of your multipath devices on your other machines by running the "
26193
26283
"following commands:"
26194
26284
msgstr ""
26195
26285
26196
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26286
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26197
26287
#, no-wrap
26198
26288
msgid ""
26199
26289
"# service multipath-tools stop\n"
26200
26290
"# multipath -F\n"
26201
26291
msgstr ""
26202
26292
26203
#: serverguide/C/dm-multipath.xml:326(para)
26293
#: serverguide/C/dm-multipath.xml:325(para)
26204
26294
msgid ""
26205
26295
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26206
26296
"machine to all the other machines in the cluster."
26207
26297
msgstr ""
26208
26298
26209
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26299
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26210
26300
msgid ""
26211
26301
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26212
26302
"running the following command:"
26213
26303
msgstr ""
26214
26304
26215
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26305
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26216
26306
#, no-wrap
26217
26307
msgid "# service multipath-tools start"
26218
26308
msgstr ""
26219
26309
26220
#: serverguide/C/dm-multipath.xml:339(para)
26310
#: serverguide/C/dm-multipath.xml:338(para)
26221
26311
msgid "If you add a new device, you will need to repeat this process."
26222
26312
msgstr ""
26223
26313
26224
#: serverguide/C/dm-multipath.xml:342(para)
26314
#: serverguide/C/dm-multipath.xml:341(para)
26225
26315
msgid ""
26226
26316
"Similarly, if you configure an alias for a device that you would like to be "
26227
26317
"consistent across the nodes in the cluster, you should ensure that the "
26229
26319
"the cluster by following the same procedure:"
26230
26320
msgstr ""
26231
26321
26232
#: serverguide/C/dm-multipath.xml:349(para)
26322
#: serverguide/C/dm-multipath.xml:348(para)
26233
26323
msgid ""
26234
26324
"Configure the aliases for the multipath devices in the in the "
26235
26325
"<filename>multipath.conf</filename> file on one machine."
26236
26326
msgstr ""
26237
26327
26238
#: serverguide/C/dm-multipath.xml:363(para)
26328
#: serverguide/C/dm-multipath.xml:362(para)
26239
26329
msgid ""
26240
26330
"Copy the <filename>multipath.conf</filename> file from the first machine to "
26241
26331
"all the other machines in the cluster."
26242
26332
msgstr ""
26243
26333
26244
#: serverguide/C/dm-multipath.xml:375(para)
26334
#: serverguide/C/dm-multipath.xml:374(para)
26245
26335
msgid "When you add a new device you will need to repeat this process."
26246
26336
msgstr ""
26247
26337
26248
#: serverguide/C/dm-multipath.xml:380(title)
26338
#: serverguide/C/dm-multipath.xml:379(title)
26249
26339
msgid "Multipath Device attributes"
26250
26340
msgstr ""
26251
26341
26252
#: serverguide/C/dm-multipath.xml:382(para)
26342
#: serverguide/C/dm-multipath.xml:381(para)
26253
26343
msgid ""
26254
26344
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26255
26345
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
26262
26352
"linkend=\"multipath-config-multipath\"/>\"."
26263
26353
msgstr ""
26264
26354
26265
#: serverguide/C/dm-multipath.xml:395(title)
26355
#: serverguide/C/dm-multipath.xml:394(title)
26266
26356
msgid "Multipath Devices in Logical Volumes"
26267
26357
msgstr ""
26268
26358
26269
#: serverguide/C/dm-multipath.xml:397(para)
26359
#: serverguide/C/dm-multipath.xml:396(para)
26270
26360
msgid ""
26271
26361
"After creating multipath devices, you can use the multipath device names "
26272
26362
"just as you would use a physical device name when creating an LVM physical "
26277
26367
"you would use any other LVM physical device."
26278
26368
msgstr ""
26279
26369
26280
#: serverguide/C/dm-multipath.xml:406(para)
26370
#: serverguide/C/dm-multipath.xml:405(para)
26281
26371
msgid ""
26282
26372
"If you attempt to create an LVM physical volume on a whole device on which "
26283
26373
"you have configured partitions, the pvcreate command will fail."
26284
26374
msgstr ""
26285
26375
26286
#: serverguide/C/dm-multipath.xml:426(para)
26376
#: serverguide/C/dm-multipath.xml:425(para)
26287
26377
msgid ""
26288
26378
"Every time either <filename>/etc/lvm.conf</filename> or "
26289
26379
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
26291
26381
"filters are necessary to maintain a stable storage configuration."
26292
26382
msgstr ""
26293
26383
26294
#: serverguide/C/dm-multipath.xml:411(para)
26384
#: serverguide/C/dm-multipath.xml:410(para)
26295
26385
msgid ""
26296
26386
"When you create an LVM logical volume that uses active/passive multipath "
26297
26387
"arrays as the underlying physical devices, you should include filters in the "
26310
26400
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26311
26401
msgstr ""
26312
26402
26313
#: serverguide/C/dm-multipath.xml:436(title)
26403
#: serverguide/C/dm-multipath.xml:435(title)
26314
26404
msgid "Setting up DM-Multipath Overview"
26315
26405
msgstr ""
26316
26406
26317
#: serverguide/C/dm-multipath.xml:438(para)
26407
#: serverguide/C/dm-multipath.xml:437(para)
26318
26408
msgid ""
26319
26409
"This section provides step-by-step example procedures for configuring DM-"
26320
26410
"Multipath. It includes the following procedures:"
26321
26411
msgstr ""
26322
26412
26323
#: serverguide/C/dm-multipath.xml:443(para)
26413
#: serverguide/C/dm-multipath.xml:442(para)
26324
26414
msgid "Basic DM-Multipath setup"
26325
26415
msgstr ""
26326
26416
26327
#: serverguide/C/dm-multipath.xml:447(para)
26417
#: serverguide/C/dm-multipath.xml:446(para)
26328
26418
msgid "Ignoring local disks"
26329
26419
msgstr ""
26330
26420
26331
#: serverguide/C/dm-multipath.xml:451(para)
26421
#: serverguide/C/dm-multipath.xml:450(para)
26332
26422
msgid "Adding more devices to the configuration file"
26333
26423
msgstr ""
26334
26424
26335
#: serverguide/C/dm-multipath.xml:456(title)
26425
#: serverguide/C/dm-multipath.xml:455(title)
26336
26426
msgid "Setting Up DM-Multipath"
26337
26427
msgstr ""
26338
26428
26339
#: serverguide/C/dm-multipath.xml:458(para)
26429
#: serverguide/C/dm-multipath.xml:457(para)
26340
26430
msgid ""
26341
26431
"Before setting up DM-Multipath on your system, ensure that your system has "
26342
26432
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26345
26435
"boot</application></emphasis> package is also required."
26346
26436
msgstr ""
26347
26437
26348
#: serverguide/C/dm-multipath.xml:476(para)
26438
#: serverguide/C/dm-multipath.xml:475(para)
26349
26439
msgid ""
26350
26440
"To work around a quirk in multipathd, when an "
26351
26441
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
26362
26452
"database."
26363
26453
msgstr ""
26364
26454
26365
#: serverguide/C/dm-multipath.xml:465(para)
26455
#: serverguide/C/dm-multipath.xml:464(para)
26366
26456
msgid ""
26367
26457
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
26368
26458
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
26378
26468
"multipath.conf-live</screen><placeholder-1/>"
26379
26469
msgstr ""
26380
26470
26381
#: serverguide/C/dm-multipath.xml:493(title)
26471
#: serverguide/C/dm-multipath.xml:492(title)
26382
26472
msgid "Installing with Multipath Support"
26383
26473
msgstr ""
26384
26474
26385
#: serverguide/C/dm-multipath.xml:495(para)
26475
#: serverguide/C/dm-multipath.xml:494(para)
26386
26476
msgid ""
26387
26477
"To enable <ulink "
26388
26478
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
26392
26482
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
26393
26483
msgstr ""
26394
26484
26395
#: serverguide/C/dm-multipath.xml:504(title)
26485
#: serverguide/C/dm-multipath.xml:503(title)
26396
26486
msgid "Ignoring Local Disks When Generating Multipath Devices"
26397
26487
msgstr ""
26398
26488
26399
#: serverguide/C/dm-multipath.xml:506(para)
26489
#: serverguide/C/dm-multipath.xml:505(para)
26400
26490
msgid ""
26401
26491
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
26402
26492
"is not recommended for these devices. The following procedure shows how to "
26417
26507
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
26418
26508
msgstr ""
26419
26509
26420
#: serverguide/C/dm-multipath.xml:525(screen)
26510
#: serverguide/C/dm-multipath.xml:524(screen)
26421
26511
#, no-wrap
26422
26512
msgid ""
26423
26513
"\n"
26454
26544
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26455
26545
msgstr ""
26456
26546
26457
#: serverguide/C/dm-multipath.xml:561(para)
26547
#: serverguide/C/dm-multipath.xml:560(para)
26458
26548
msgid ""
26459
26549
"In order to prevent the device mapper from mapping <emphasis "
26460
26550
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
26471
26561
"the following in the <filename>/etc/multipath.conf</filename> file."
26472
26562
msgstr ""
26473
26563
26474
#: serverguide/C/dm-multipath.xml:576(screen)
26564
#: serverguide/C/dm-multipath.xml:575(screen)
26475
26565
#, no-wrap
26476
26566
msgid ""
26477
26567
"\n"
26480
26570
"}\n"
26481
26571
msgstr ""
26482
26572
26483
#: serverguide/C/dm-multipath.xml:584(para)
26573
#: serverguide/C/dm-multipath.xml:583(para)
26484
26574
msgid ""
26485
26575
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
26486
26576
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
26488
26578
"<filename>/etc/multipath.conf</filename> file."
26489
26579
msgstr ""
26490
26580
26491
#: serverguide/C/dm-multipath.xml:589(screen)
26581
#: serverguide/C/dm-multipath.xml:588(screen)
26492
26582
#, no-wrap
26493
26583
msgid "# service multipath-tools reload"
26494
26584
msgstr ""
26495
26585
26496
#: serverguide/C/dm-multipath.xml:593(para)
26586
#: serverguide/C/dm-multipath.xml:592(para)
26497
26587
msgid "Run the following command to remove the multipath device:"
26498
26588
msgstr ""
26499
26589
26500
#: serverguide/C/dm-multipath.xml:596(screen)
26590
#: serverguide/C/dm-multipath.xml:595(screen)
26501
26591
#, no-wrap
26502
26592
msgid ""
26503
26593
"\n"
26517
26607
"specify a <emphasis role=\"bold\">-v</emphasis> option."
26518
26608
msgstr ""
26519
26609
26520
#: serverguide/C/dm-multipath.xml:613(screen)
26610
#: serverguide/C/dm-multipath.xml:612(screen)
26521
26611
#, no-wrap
26522
26612
msgid ""
26523
26613
"\n"
26548
26638
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26549
26639
msgstr ""
26550
26640
26551
#: serverguide/C/dm-multipath.xml:645(title)
26641
#: serverguide/C/dm-multipath.xml:644(title)
26552
26642
msgid "Configuring Storage Devices"
26553
26643
msgstr ""
26554
26644
26555
#: serverguide/C/dm-multipath.xml:647(para)
26645
#: serverguide/C/dm-multipath.xml:646(para)
26556
26646
msgid ""
26557
26647
"By default, DM-Multipath includes support for the most common storage arrays "
26558
26648
"that support DM-Multipath. The default configuration values, including "
26560
26650
"<filename>multipath.conf.defaults</filename> file."
26561
26651
msgstr ""
26562
26652
26563
#: serverguide/C/dm-multipath.xml:652(para)
26653
#: serverguide/C/dm-multipath.xml:651(para)
26564
26654
msgid ""
26565
26655
"If you need to add a storage device that is not supported by default as a "
26566
26656
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
26567
26657
"file and insert the appropriate device information."
26568
26658
msgstr ""
26569
26659
26570
#: serverguide/C/dm-multipath.xml:656(para)
26660
#: serverguide/C/dm-multipath.xml:655(para)
26571
26661
msgid ""
26572
26662
"For example, to add information about the HP Open-V series the entry looks "
26573
26663
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
26574
26664
msgstr ""
26575
26665
26576
#: serverguide/C/dm-multipath.xml:660(screen)
26666
#: serverguide/C/dm-multipath.xml:659(screen)
26577
26667
#, no-wrap
26578
26668
msgid ""
26579
26669
"devices {\n"
26586
26676
"}\n"
26587
26677
msgstr ""
26588
26678
26589
#: serverguide/C/dm-multipath.xml:669(para)
26679
#: serverguide/C/dm-multipath.xml:668(para)
26590
26680
msgid ""
26591
26681
"For more information on the devices section of the configuration file, see "
26592
26682
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
26593
26683
"device\"/>."
26594
26684
msgstr ""
26595
26685
26596
#: serverguide/C/dm-multipath.xml:676(title)
26686
#: serverguide/C/dm-multipath.xml:675(title)
26597
26687
msgid "The DM-Multipath Configuration File"
26598
26688
msgstr ""
26599
26689
26600
#: serverguide/C/dm-multipath.xml:678(para)
26690
#: serverguide/C/dm-multipath.xml:677(para)
26601
26691
msgid ""
26602
26692
"By default, DM-Multipath provides configuration values for the most common "
26603
26693
"uses of multipathing. In addition, DM-Multipath includes support for the "
26606
26696
"<filename>multipath.conf.defaults</filename> file."
26607
26697
msgstr ""
26608
26698
26609
#: serverguide/C/dm-multipath.xml:684(para)
26699
#: serverguide/C/dm-multipath.xml:683(para)
26610
26700
msgid ""
26611
26701
"You can override the default configuration values for DM-Multipath by "
26612
26702
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
26616
26706
"on the following topics: <placeholder-1/>"
26617
26707
msgstr ""
26618
26708
26619
#: serverguide/C/dm-multipath.xml:716(para)
26709
#: serverguide/C/dm-multipath.xml:715(para)
26620
26710
msgid ""
26621
26711
"In the multipath configuration file, you need to specify only the sections "
26622
26712
"that you need for your configuration, or that you wish to change from the "
26626
26716
"can leave them commented out, as they are in the initial file."
26627
26717
msgstr ""
26628
26718
26629
#: serverguide/C/dm-multipath.xml:724(para)
26719
#: serverguide/C/dm-multipath.xml:723(para)
26630
26720
msgid "The configuration file allows regular expression description syntax."
26631
26721
msgstr ""
26632
26722
26633
#: serverguide/C/dm-multipath.xml:727(para)
26723
#: serverguide/C/dm-multipath.xml:726(para)
26634
26724
msgid ""
26635
26725
"An annotated version of the configuration file can be found in "
26636
26726
"<filename><filename>/usr/share/doc/multipath-"
26637
26727
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26638
26728
msgstr ""
26639
26729
26640
#: serverguide/C/dm-multipath.xml:731(title)
26730
#: serverguide/C/dm-multipath.xml:730(title)
26641
26731
msgid "Configuration File Overview"
26642
26732
msgstr ""
26643
26733
26644
#: serverguide/C/dm-multipath.xml:733(para)
26734
#: serverguide/C/dm-multipath.xml:732(para)
26645
26735
msgid ""
26646
26736
"The multipath configuration file is divided into the following sections:"
26647
26737
msgstr ""
26648
26738
26649
#: serverguide/C/dm-multipath.xml:738(emphasis)
26739
#: serverguide/C/dm-multipath.xml:737(emphasis)
26650
26740
msgid "blacklist"
26651
26741
msgstr ""
26652
26742
26653
#: serverguide/C/dm-multipath.xml:741(para)
26743
#: serverguide/C/dm-multipath.xml:740(para)
26654
26744
msgid ""
26655
26745
"Listing of specific devices that will not be considered for multipath."
26656
26746
msgstr ""
26657
26747
26658
#: serverguide/C/dm-multipath.xml:747(emphasis)
26748
#: serverguide/C/dm-multipath.xml:746(emphasis)
26659
26749
msgid "blacklist_exceptions"
26660
26750
msgstr ""
26661
26751
26662
#: serverguide/C/dm-multipath.xml:750(para)
26752
#: serverguide/C/dm-multipath.xml:749(para)
26663
26753
msgid ""
26664
26754
"Listing of multipath candidates that would otherwise be blacklisted "
26665
26755
"according to the parameters of the blacklist section."
26666
26756
msgstr ""
26667
26757
26668
#: serverguide/C/dm-multipath.xml:757(emphasis)
26758
#: serverguide/C/dm-multipath.xml:756(emphasis)
26669
26759
msgid "defaults"
26670
26760
msgstr ""
26671
26761
26672
#: serverguide/C/dm-multipath.xml:760(para)
26762
#: serverguide/C/dm-multipath.xml:759(para)
26673
26763
msgid "General default settings for DM-Multipath."
26674
26764
msgstr ""
26675
26765
26676
#: serverguide/C/dm-multipath.xml:768(para)
26766
#: serverguide/C/dm-multipath.xml:767(para)
26677
26767
msgid ""
26678
26768
"Settings for the characteristics of individual multipath devices. These "
26679
26769
"values overwrite what is specified in the <emphasis "
26681
26771
"role=\"bold\">devices</emphasis> sections of the configuration file."
26682
26772
msgstr ""
26683
26773
26684
#: serverguide/C/dm-multipath.xml:777(emphasis)
26774
#: serverguide/C/dm-multipath.xml:776(emphasis)
26685
26775
msgid "devices"
26686
26776
msgstr ""
26687
26777
26688
#: serverguide/C/dm-multipath.xml:780(para)
26778
#: serverguide/C/dm-multipath.xml:779(para)
26689
26779
msgid ""
26690
26780
"Settings for the individual storage controllers. These values overwrite what "
26691
26781
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
26694
26784
"array."
26695
26785
msgstr ""
26696
26786
26697
#: serverguide/C/dm-multipath.xml:789(para)
26787
#: serverguide/C/dm-multipath.xml:788(para)
26698
26788
msgid ""
26699
26789
"When the system determines the attributes of a multipath device, first it "
26700
26790
"checks the multipath settings, then the per devices settings, then the "
26701
26791
"multipath system defaults."
26702
26792
msgstr ""
26703
26793
26704
#: serverguide/C/dm-multipath.xml:795(title)
26794
#: serverguide/C/dm-multipath.xml:794(title)
26705
26795
msgid "Configuration File Blacklist"
26706
26796
msgstr ""
26707
26797
26708
#: serverguide/C/dm-multipath.xml:797(para)
26798
#: serverguide/C/dm-multipath.xml:796(para)
26709
26799
msgid ""
26710
26800
"The blacklist section of the multipath configuration file specifies the "
26711
26801
"devices that will not be used when the system configures multipath devices. "
26712
26802
"Devices that are blacklisted will not be grouped into a multipath device."
26713
26803
msgstr ""
26714
26804
26715
#: serverguide/C/dm-multipath.xml:804(para)
26805
#: serverguide/C/dm-multipath.xml:803(para)
26716
26806
msgid ""
26717
26807
"If you do need to blacklist devices, you can do so according to the "
26718
26808
"following criteria:"
26719
26809
msgstr ""
26720
26810
26721
#: serverguide/C/dm-multipath.xml:809(para)
26811
#: serverguide/C/dm-multipath.xml:808(para)
26722
26812
msgid ""
26723
26813
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
26724
26814
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
26725
26815
msgstr ""
26726
26816
26727
#: serverguide/C/dm-multipath.xml:815(para)
26817
#: serverguide/C/dm-multipath.xml:814(para)
26728
26818
msgid ""
26729
26819
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
26730
26820
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
26731
26821
msgstr ""
26732
26822
26733
#: serverguide/C/dm-multipath.xml:821(para)
26823
#: serverguide/C/dm-multipath.xml:820(para)
26734
26824
msgid ""
26735
26825
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
26736
26826
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
26737
26827
msgstr ""
26738
26828
26739
#: serverguide/C/dm-multipath.xml:827(para)
26829
#: serverguide/C/dm-multipath.xml:826(para)
26740
26830
msgid ""
26741
26831
"By default, a variety of device types are blacklisted, even after you "
26742
26832
"comment out the initial blacklist section of the configuration file. For "
26744
26834
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
26745
26835
msgstr ""
26746
26836
26747
#: serverguide/C/dm-multipath.xml:836(title)
26837
#: serverguide/C/dm-multipath.xml:835(title)
26748
26838
msgid "Blacklisting By WWID"
26749
26839
msgstr ""
26750
26840
26751
#: serverguide/C/dm-multipath.xml:839(para)
26841
#: serverguide/C/dm-multipath.xml:838(para)
26752
26842
msgid ""
26753
26843
"You can specify individual devices to blacklist by their World-Wide "
26754
26844
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
26756
26846
"file."
26757
26847
msgstr ""
26758
26848
26759
#: serverguide/C/dm-multipath.xml:844(para)
26849
#: serverguide/C/dm-multipath.xml:843(para)
26760
26850
msgid ""
26761
26851
"The following example shows the lines in the configuration file that would "
26762
26852
"blacklist a device with a WWID of 26353900f02796769."
26763
26853
msgstr ""
26764
26854
26765
#: serverguide/C/dm-multipath.xml:847(screen)
26855
#: serverguide/C/dm-multipath.xml:846(screen)
26766
26856
#, no-wrap
26767
26857
msgid ""
26768
26858
"\n"
26771
26861
"}\n"
26772
26862
msgstr ""
26773
26863
26774
#: serverguide/C/dm-multipath.xml:855(title)
26864
#: serverguide/C/dm-multipath.xml:854(title)
26775
26865
msgid "Blacklisting By Device Name"
26776
26866
msgstr ""
26777
26867
26778
#: serverguide/C/dm-multipath.xml:858(para)
26868
#: serverguide/C/dm-multipath.xml:857(para)
26779
26869
msgid ""
26780
26870
"You can blacklist device types by device name so that they will not be "
26781
26871
"grouped into a multipath device by specifying a <emphasis "
26783
26873
"role=\"bold\">blacklist</emphasis> section of the configuration file."
26784
26874
msgstr ""
26785
26875
26786
#: serverguide/C/dm-multipath.xml:864(para)
26876
#: serverguide/C/dm-multipath.xml:863(para)
26787
26877
msgid ""
26788
26878
"The following example shows the lines in the configuration file that would "
26789
26879
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
26792
26882
"}</screen>"
26793
26883
msgstr ""
26794
26884
26795
#: serverguide/C/dm-multipath.xml:871(para)
26885
#: serverguide/C/dm-multipath.xml:870(para)
26796
26886
msgid ""
26797
26887
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
26798
26888
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
26804
26894
"on reboot."
26805
26895
msgstr ""
26806
26896
26807
#: serverguide/C/dm-multipath.xml:881(para)
26897
#: serverguide/C/dm-multipath.xml:880(para)
26808
26898
msgid ""
26809
26899
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
26810
26900
"are compiled in the default blacklist; the devices that these entries "
26820
26910
"</screen>"
26821
26911
msgstr ""
26822
26912
26823
#: serverguide/C/dm-multipath.xml:898(title)
26913
#: serverguide/C/dm-multipath.xml:897(title)
26824
26914
msgid "Blacklisting By Device Type"
26825
26915
msgstr ""
26826
26916
26827
#: serverguide/C/dm-multipath.xml:901(para)
26917
#: serverguide/C/dm-multipath.xml:900(para)
26828
26918
msgid ""
26829
26919
"You can specify specific device types in the <emphasis "
26830
26920
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
26843
26933
"</screen>"
26844
26934
msgstr ""
26845
26935
26846
#: serverguide/C/dm-multipath.xml:919(title)
26936
#: serverguide/C/dm-multipath.xml:918(title)
26847
26937
msgid "Blacklist Exceptions"
26848
26938
msgstr ""
26849
26939
26850
#: serverguide/C/dm-multipath.xml:922(para)
26940
#: serverguide/C/dm-multipath.xml:921(para)
26851
26941
msgid ""
26852
26942
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
26853
26943
"section of the configuration file to enable multipathing on devices that "
26854
26944
"have been blacklisted by default."
26855
26945
msgstr ""
26856
26946
26857
#: serverguide/C/dm-multipath.xml:927(para)
26947
#: serverguide/C/dm-multipath.xml:926(para)
26858
26948
msgid ""
26859
26949
"For example, if you have a large number of devices and want to multipath "
26860
26950
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
26872
26962
"</screen>"
26873
26963
msgstr ""
26874
26964
26875
#: serverguide/C/dm-multipath.xml:942(para)
26965
#: serverguide/C/dm-multipath.xml:941(para)
26876
26966
msgid ""
26877
26967
"When specifying devices in the <emphasis "
26878
26968
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
26884
26974
"only to devnode entries, and device exceptions apply only to device entries."
26885
26975
msgstr ""
26886
26976
26887
#: serverguide/C/dm-multipath.xml:955(title)
26977
#: serverguide/C/dm-multipath.xml:954(title)
26888
26978
msgid "Configuration File Defaults"
26889
26979
msgstr ""
26890
26980
26891
#: serverguide/C/dm-multipath.xml:957(para)
26981
#: serverguide/C/dm-multipath.xml:956(para)
26892
26982
msgid ""
26893
26983
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
26894
26984
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
26896
26986
"role=\"bold\">yes</emphasis>, as follows."
26897
26987
msgstr ""
26898
26988
26899
#: serverguide/C/dm-multipath.xml:962(screen)
26989
#: serverguide/C/dm-multipath.xml:961(screen)
26900
26990
#, no-wrap
26901
26991
msgid ""
26902
26992
"\n"
26905
26995
"}\n"
26906
26996
msgstr ""
26907
26997
26908
#: serverguide/C/dm-multipath.xml:968(para)
26998
#: serverguide/C/dm-multipath.xml:967(para)
26909
26999
msgid ""
26910
27000
"This overwrites the default value of the <emphasis "
26911
27001
"role=\"bold\">user_friendly_names</emphasis> parameter."
26912
27002
msgstr ""
26913
27003
26914
#: serverguide/C/dm-multipath.xml:971(para)
27004
#: serverguide/C/dm-multipath.xml:970(para)
26915
27005
msgid ""
26916
27006
"The configuration file includes a template of configuration defaults. This "
26917
27007
"section is commented out, as follows."
26918
27008
msgstr ""
26919
27009
26920
#: serverguide/C/dm-multipath.xml:974(screen)
27010
#: serverguide/C/dm-multipath.xml:973(screen)
26921
27011
#, no-wrap
26922
27012
msgid ""
26923
27013
"\n"
26938
27028
"#}\n"
26939
27029
msgstr ""
26940
27030
26941
#: serverguide/C/dm-multipath.xml:991(para)
27031
#: serverguide/C/dm-multipath.xml:990(para)
26942
27032
msgid ""
26943
27033
"To overwrite the default value for any of the configuration parameters, you "
26944
27034
"can copy the relevant line from this template into the <emphasis "
26951
27041
"uncomment it, as follows."
26952
27042
msgstr ""
26953
27043
26954
#: serverguide/C/dm-multipath.xml:1002(screen)
27044
#: serverguide/C/dm-multipath.xml:1001(screen)
26955
27045
#, no-wrap
26956
27046
msgid ""
26957
27047
"\n"
26961
27051
"}\n"
26962
27052
msgstr ""
26963
27053
26964
#: serverguide/C/dm-multipath.xml:1009(para)
27054
#: serverguide/C/dm-multipath.xml:1008(para)
26965
27055
msgid ""
26966
27056
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
26967
27057
"config-defaults-table\"/> describes the attributes that are set in the "
26973
27063
"<filename>multipath.conf</filename> file."
26974
27064
msgstr ""
26975
27065
26976
#: serverguide/C/dm-multipath.xml:1023(title)
27066
#: serverguide/C/dm-multipath.xml:1022(title)
26977
27067
msgid "Configuration File Multipath Attributes"
26978
27068
msgstr ""
26979
27069
26980
#: serverguide/C/dm-multipath.xml:1026(para)
27070
#: serverguide/C/dm-multipath.xml:1025(para)
26981
27071
msgid ""
26982
27072
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
26983
27073
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
26989
27079
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
26990
27080
msgstr ""
26991
27081
26992
#: serverguide/C/dm-multipath.xml:1039(para)
27082
#: serverguide/C/dm-multipath.xml:1038(para)
26993
27083
msgid ""
26994
27084
"In addition, the following parameters may be overridden in this <emphasis "
26995
27085
"role=\"bold\">multipath</emphasis> section"
26996
27086
msgstr ""
26997
27087
26998
#: serverguide/C/dm-multipath.xml:1088(para)
27088
#: serverguide/C/dm-multipath.xml:1087(para)
26999
27089
msgid ""
27000
27090
"The following example shows multipath attributes specified in the "
27001
27091
"configuration file for two specific multipath devices. The first device has "
27010
27100
"are set to priorities."
27011
27101
msgstr ""
27012
27102
27013
#: serverguide/C/dm-multipath.xml:1098(screen)
27103
#: serverguide/C/dm-multipath.xml:1097(screen)
27014
27104
#, no-wrap
27015
27105
msgid ""
27016
27106
"\n"
27032
27122
"}\n"
27033
27123
msgstr ""
27034
27124
27035
#: serverguide/C/dm-multipath.xml:1119(title)
27125
#: serverguide/C/dm-multipath.xml:1118(title)
27036
27126
msgid "Configuration File Devices"
27037
27127
msgstr ""
27038
27128
27039
#: serverguide/C/dm-multipath.xml:1121(para)
27129
#: serverguide/C/dm-multipath.xml:1120(para)
27040
27130
msgid ""
27041
27131
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
27042
27132
"device-attributes-table\"/> shows the attributes that you can set for each "
27050
27140
"<filename>multipath.conf</filename> file."
27051
27141
msgstr ""
27052
27142
27053
#: serverguide/C/dm-multipath.xml:1132(para)
27143
#: serverguide/C/dm-multipath.xml:1131(para)
27054
27144
msgid ""
27055
27145
"Many devices that support multipathing are included by default in a "
27056
27146
"multipath configuration. The values for the devices that are supported by "
27064
27154
"the device and override the values that you want to change."
27065
27155
msgstr ""
27066
27156
27067
#: serverguide/C/dm-multipath.xml:1144(para)
27157
#: serverguide/C/dm-multipath.xml:1143(para)
27068
27158
msgid ""
27069
27159
"To add a device to this section of the configuration file that is not "
27070
27160
"configured automatically by default, you must set the <emphasis "
27076
27166
"device_name is the device to be multipathed, as in the following example:"
27077
27167
msgstr ""
27078
27168
27079
#: serverguide/C/dm-multipath.xml:1154(screen)
27169
#: serverguide/C/dm-multipath.xml:1153(screen)
27080
27170
#, no-wrap
27081
27171
msgid ""
27082
27172
"\n"
27086
27176
"SF2372\n"
27087
27177
msgstr ""
27088
27178
27089
#: serverguide/C/dm-multipath.xml:1161(para)
27179
#: serverguide/C/dm-multipath.xml:1160(para)
27090
27180
msgid ""
27091
27181
"The additional parameters to specify depend on your specific device. If the "
27092
27182
"device is active/active, you will usually not need to set additional "
27099
27189
"table\"/>."
27100
27190
msgstr ""
27101
27191
27102
#: serverguide/C/dm-multipath.xml:1171(para)
27192
#: serverguide/C/dm-multipath.xml:1170(para)
27103
27193
msgid ""
27104
27194
"If the device is active/passive, but it automatically switches paths with "
27105
27195
"I/O to the passive path, you need to change the checker function to one that "
27110
27200
"the Test Unit Ready command, which most do."
27111
27201
msgstr ""
27112
27202
27113
#: serverguide/C/dm-multipath.xml:1180(para)
27203
#: serverguide/C/dm-multipath.xml:1179(para)
27114
27204
msgid ""
27115
27205
"If the device needs a special command to switch paths, then configuring this "
27116
27206
"device for multipath requires a hardware handler kernel module. The current "
27118
27208
"device, you may not be able to configure the device for multipath."
27119
27209
msgstr ""
27120
27210
27121
#: serverguide/C/dm-multipath.xml:1189(para)
27211
#: serverguide/C/dm-multipath.xml:1188(para)
27122
27212
msgid ""
27123
27213
"In addition, the following parameters may be overridden in this <emphasis "
27124
27214
"role=\"bold\">device</emphasis> section"
27125
27215
msgstr ""
27126
27216
27127
#: serverguide/C/dm-multipath.xml:1264(para)
27217
#: serverguide/C/dm-multipath.xml:1263(para)
27128
27218
msgid ""
27129
27219
"Whenever a hardware_handler is specified, it is your responsibility to "
27130
27220
"ensure that the appropriate kernel module is loaded to support the specified "
27138
27228
"# update-initramfs -u -k all</screen>"
27139
27229
msgstr ""
27140
27230
27141
#: serverguide/C/dm-multipath.xml:1275(para)
27231
#: serverguide/C/dm-multipath.xml:1274(para)
27142
27232
msgid ""
27143
27233
"The following example shows a device entry in the multipath configuration "
27144
27234
"file."
27145
27235
msgstr ""
27146
27236
27147
#: serverguide/C/dm-multipath.xml:1278(screen)
27237
#: serverguide/C/dm-multipath.xml:1277(screen)
27148
27238
#, no-wrap
27149
27239
msgid ""
27150
27240
"\n"
27159
27249
"#}\n"
27160
27250
msgstr ""
27161
27251
27162
#: serverguide/C/dm-multipath.xml:1290(para)
27252
#: serverguide/C/dm-multipath.xml:1289(para)
27163
27253
msgid ""
27164
27254
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
27165
27255
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
27176
27266
"characters or spaces, as seen in the example above"
27177
27267
msgstr ""
27178
27268
27179
#: serverguide/C/dm-multipath.xml:1307(para)
27269
#: serverguide/C/dm-multipath.xml:1306(para)
27180
27270
msgid "vendor: 8 characters"
27181
27271
msgstr ""
27182
27272
27183
#: serverguide/C/dm-multipath.xml:1311(para)
27273
#: serverguide/C/dm-multipath.xml:1310(para)
27184
27274
msgid "product: 16 characters"
27185
27275
msgstr ""
27186
27276
27187
#: serverguide/C/dm-multipath.xml:1315(para)
27277
#: serverguide/C/dm-multipath.xml:1314(para)
27188
27278
msgid "revision: 4 characters"
27189
27279
msgstr ""
27190
27280
27191
#: serverguide/C/dm-multipath.xml:1319(para)
27281
#: serverguide/C/dm-multipath.xml:1318(para)
27192
27282
msgid ""
27193
27283
"To create a more robust configuration file, regular expressions can also be "
27194
27284
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
27197
27287
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27198
27288
msgstr ""
27199
27289
27200
#: serverguide/C/dm-multipath.xml:1326(screen)
27290
#: serverguide/C/dm-multipath.xml:1325(screen)
27201
27291
#, no-wrap
27202
27292
msgid "# echo 'show config' | multipathd -k"
27203
27293
msgstr ""
27204
27294
27205
#: serverguide/C/dm-multipath.xml:1331(title)
27295
#: serverguide/C/dm-multipath.xml:1330(title)
27206
27296
msgid "DM-Multipath Administration and Troubleshooting"
27207
27297
msgstr ""
27208
27298
27209
#: serverguide/C/dm-multipath.xml:1334(title)
27299
#: serverguide/C/dm-multipath.xml:1333(title)
27210
27300
msgid "Resizing an Online Multipath Device"
27211
27301
msgstr ""
27212
27302
27213
#: serverguide/C/dm-multipath.xml:1336(para)
27303
#: serverguide/C/dm-multipath.xml:1335(para)
27214
27304
msgid ""
27215
27305
"If you need to resize an online multipath device, use the following procedure"
27216
27306
msgstr ""
27217
27307
27218
#: serverguide/C/dm-multipath.xml:1341(para)
27308
#: serverguide/C/dm-multipath.xml:1340(para)
27219
27309
msgid "Resize your physical device. This is storage platform specific."
27220
27310
msgstr ""
27221
27311
27222
#: serverguide/C/dm-multipath.xml:1346(para)
27312
#: serverguide/C/dm-multipath.xml:1345(para)
27223
27313
msgid "Use the following command to find the paths to the LUN:"
27224
27314
msgstr ""
27225
27315
27226
#: serverguide/C/dm-multipath.xml:1348(screen)
27316
#: serverguide/C/dm-multipath.xml:1347(screen)
27227
27317
#, no-wrap
27228
27318
msgid "# multipath -l"
27229
27319
msgstr ""
27230
27320
27231
#: serverguide/C/dm-multipath.xml:1352(para)
27321
#: serverguide/C/dm-multipath.xml:1351(para)
27232
27322
msgid ""
27233
27323
"Resize your paths. For SCSI devices, writing 1 to the "
27234
27324
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27235
27325
"rescan, as in the following command:"
27236
27326
msgstr ""
27237
27327
27238
#: serverguide/C/dm-multipath.xml:1356(screen)
27328
#: serverguide/C/dm-multipath.xml:1355(screen)
27239
27329
#, no-wrap
27240
27330
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27241
27331
msgstr ""
27242
27332
27243
#: serverguide/C/dm-multipath.xml:1360(para)
27333
#: serverguide/C/dm-multipath.xml:1359(para)
27244
27334
msgid ""
27245
27335
"Resize your multipath device by running the multipathd resize command:"
27246
27336
msgstr ""
27247
27337
27248
#: serverguide/C/dm-multipath.xml:1363(screen)
27338
#: serverguide/C/dm-multipath.xml:1362(screen)
27249
27339
#, no-wrap
27250
27340
msgid "# multipathd -k 'resize map mpatha'"
27251
27341
msgstr ""
27252
27342
27253
#: serverguide/C/dm-multipath.xml:1367(para)
27343
#: serverguide/C/dm-multipath.xml:1366(para)
27254
27344
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27255
27345
msgstr ""
27256
27346
27257
#: serverguide/C/dm-multipath.xml:1370(screen)
27347
#: serverguide/C/dm-multipath.xml:1369(screen)
27258
27348
#, no-wrap
27259
27349
msgid "# resize2fs /dev/mapper/mpatha"
27260
27350
msgstr ""
27261
27351
27262
#: serverguide/C/dm-multipath.xml:1376(title)
27352
#: serverguide/C/dm-multipath.xml:1375(title)
27263
27353
msgid ""
27264
27354
"Moving root File Systems from a Single Path Device to a Multipath Device"
27265
27355
msgstr ""
27266
27356
27267
#: serverguide/C/dm-multipath.xml:1379(para)
27357
#: serverguide/C/dm-multipath.xml:1378(para)
27268
27358
msgid ""
27269
27359
"This is dramatically simplified by the use of UUIDs to identify devices as "
27270
27360
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27273
27363
"mounted by UUID."
27274
27364
msgstr ""
27275
27365
27276
#: serverguide/C/dm-multipath.xml:1386(para)
27366
#: serverguide/C/dm-multipath.xml:1385(para)
27277
27367
msgid ""
27278
27368
"Whenever <filename>multipath.conf</filename> is updated, so should the "
27279
27369
"initrd by executing <command>update-initramfs -u -k all</command>. The "
27282
27372
"blacklist and device sections."
27283
27373
msgstr ""
27284
27374
27285
#: serverguide/C/dm-multipath.xml:1395(title)
27375
#: serverguide/C/dm-multipath.xml:1394(title)
27286
27376
msgid ""
27287
27377
"Moving swap File Systems from a Single Path Device to a Multipath Device"
27288
27378
msgstr ""
27289
27379
27290
#: serverguide/C/dm-multipath.xml:1398(para)
27380
#: serverguide/C/dm-multipath.xml:1397(para)
27291
27381
msgid ""
27292
27382
"The procedure is exactly the same as illustrated in the previous section "
27293
27383
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
27295
27385
"Device</link>."
27296
27386
msgstr ""
27297
27387
27298
#: serverguide/C/dm-multipath.xml:1406(title)
27388
#: serverguide/C/dm-multipath.xml:1405(title)
27299
27389
msgid "The Multipath Daemon"
27300
27390
msgstr ""
27301
27391
27302
#: serverguide/C/dm-multipath.xml:1408(para)
27392
#: serverguide/C/dm-multipath.xml:1407(para)
27303
27393
msgid ""
27304
27394
"If you find you have trouble implementing a multipath configuration, you "
27305
27395
"should ensure the multipath daemon is running as described in <link "
27311
27401
"<command>multipathd</command> as a debugging aid."
27312
27402
msgstr ""
27313
27403
27314
#: serverguide/C/dm-multipath.xml:1448(title)
27404
#: serverguide/C/dm-multipath.xml:1447(title)
27315
27405
msgid "Issues with queue_if_no_path"
27316
27406
msgstr ""
27317
27407
27318
#: serverguide/C/dm-multipath.xml:1450(para)
27408
#: serverguide/C/dm-multipath.xml:1449(para)
27319
27409
msgid ""
27320
27410
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
27321
27411
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
27325
27415
"<filename>/etc/multipath.conf</filename>."
27326
27416
msgstr ""
27327
27417
27328
#: serverguide/C/dm-multipath.xml:1457(para)
27418
#: serverguide/C/dm-multipath.xml:1456(para)
27329
27419
msgid ""
27330
27420
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
27331
27421
"remove the <emphasis role=\"bold\">features \"1 "
27341
27431
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
27342
27432
msgstr ""
27343
27433
27344
#: serverguide/C/dm-multipath.xml:1471(para)
27434
#: serverguide/C/dm-multipath.xml:1470(para)
27345
27435
msgid ""
27346
27436
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
27347
27437
"option and you experience the issue noted here, use the "
27352
27442
"<option> \"fail_if_no_path\"</option>, execute the following command."
27353
27443
msgstr ""
27354
27444
27355
#: serverguide/C/dm-multipath.xml:1480(screen)
27445
#: serverguide/C/dm-multipath.xml:1479(screen)
27356
27446
#, no-wrap
27357
27447
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
27358
27448
msgstr ""
27359
27449
27360
#: serverguide/C/dm-multipath.xml:1483(para)
27450
#: serverguide/C/dm-multipath.xml:1482(para)
27361
27451
msgid ""
27362
27452
"You must specify the <filename>mpathN</filename> alias rather than the path"
27363
27453
msgstr ""
27364
27454
27365
#: serverguide/C/dm-multipath.xml:1489(title)
27455
#: serverguide/C/dm-multipath.xml:1488(title)
27366
27456
msgid "Multipath Command Output"
27367
27457
msgstr ""
27368
27458
27369
#: serverguide/C/dm-multipath.xml:1491(para)
27459
#: serverguide/C/dm-multipath.xml:1490(para)
27370
27460
msgid ""
27371
27461
"When you create, modify, or list a multipath device, you get a printout of "
27372
27462
"the current device setup. The format is as follows. For each multipath "
27373
27463
"device:"
27374
27464
msgstr ""
27375
27465
27376
#: serverguide/C/dm-multipath.xml:1495(screen)
27466
#: serverguide/C/dm-multipath.xml:1494(screen)
27377
27467
#, no-wrap
27378
27468
msgid ""
27379
27469
" action_if_any: alias (wwid_if_different_from_alias) "
27382
27472
"wp=write_permission_if_known"
27383
27473
msgstr ""
27384
27474
27385
#: serverguide/C/dm-multipath.xml:1498(para)
27475
#: serverguide/C/dm-multipath.xml:1497(para)
27386
27476
msgid "For each path group:"
27387
27477
msgstr ""
27388
27478
27389
#: serverguide/C/dm-multipath.xml:1500(screen)
27479
#: serverguide/C/dm-multipath.xml:1499(screen)
27390
27480
#, no-wrap
27391
27481
msgid ""
27392
27482
" -+- policy='scheduling_policy' prio=prio_if_known\n"
27393
27483
" status=path_group_status_if_known"
27394
27484
msgstr ""
27395
27485
27396
#: serverguide/C/dm-multipath.xml:1503(para)
27486
#: serverguide/C/dm-multipath.xml:1502(para)
27397
27487
msgid "For each path:"
27398
27488
msgstr ""
27399
27489
27400
#: serverguide/C/dm-multipath.xml:1505(screen)
27490
#: serverguide/C/dm-multipath.xml:1504(screen)
27401
27491
#, no-wrap
27402
27492
msgid ""
27403
27493
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
27405
27495
" online_status"
27406
27496
msgstr ""
27407
27497
27408
#: serverguide/C/dm-multipath.xml:1508(para)
27498
#: serverguide/C/dm-multipath.xml:1507(para)
27409
27499
msgid ""
27410
27500
"For example, the output of a multipath command might appear as follows:"
27411
27501
msgstr ""
27412
27502
27413
#: serverguide/C/dm-multipath.xml:1511(screen)
27503
#: serverguide/C/dm-multipath.xml:1510(screen)
27414
27504
#, no-wrap
27415
27505
msgid ""
27416
27506
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
27421
27511
" `- 7:0:0:0 sdf 8:80 active ready running"
27422
27512
msgstr ""
27423
27513
27424
#: serverguide/C/dm-multipath.xml:1518(para)
27514
#: serverguide/C/dm-multipath.xml:1517(para)
27425
27515
msgid ""
27426
27516
"If the path is up and ready for I/O, the status of the path is <emphasis "
27427
27517
"role=\"bold\">ready</emphasis> or <emphasis "
27432
27522
"defined in the <filename>/etc/multipath.conf</filename> file."
27433
27523
msgstr ""
27434
27524
27435
#: serverguide/C/dm-multipath.xml:1526(para)
27525
#: serverguide/C/dm-multipath.xml:1525(para)
27436
27526
msgid ""
27437
27527
"The dm status is similar to the path status, but from the kernel's point of "
27438
27528
"view. The dm status has two states: <emphasis "
27443
27533
"not agree."
27444
27534
msgstr ""
27445
27535
27446
#: serverguide/C/dm-multipath.xml:1534(para)
27536
#: serverguide/C/dm-multipath.xml:1533(para)
27447
27537
msgid ""
27448
27538
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
27449
27539
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
27452
27542
"disabled."
27453
27543
msgstr ""
27454
27544
27455
#: serverguide/C/dm-multipath.xml:1542(para)
27545
#: serverguide/C/dm-multipath.xml:1541(para)
27456
27546
msgid ""
27457
27547
"When a multipath device is being created or modified , the path group "
27458
27548
"status, the dm device name, the write permissions, and the dm status are not "
27459
27549
"known. Also, the features are not always correct"
27460
27550
msgstr ""
27461
27551
27462
#: serverguide/C/dm-multipath.xml:1549(title)
27552
#: serverguide/C/dm-multipath.xml:1548(title)
27463
27553
msgid "Multipath Queries with multipath Command"
27464
27554
msgstr ""
27465
27555
27466
#: serverguide/C/dm-multipath.xml:1551(para)
27556
#: serverguide/C/dm-multipath.xml:1550(para)
27467
27557
msgid ""
27468
27558
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
27469
27559
"role=\"bold\">-ll</emphasis> options of the <emphasis "
27475
27565
"available components of the system."
27476
27566
msgstr ""
27477
27567
27478
#: serverguide/C/dm-multipath.xml:1560(para)
27568
#: serverguide/C/dm-multipath.xml:1559(para)
27479
27569
msgid ""
27480
27570
"When displaying the multipath configuration, there are three verbosity "
27481
27571
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
27486
27576
"v2</emphasis> prints all detected paths, multipaths, and device maps."
27487
27577
msgstr ""
27488
27578
27489
#: serverguide/C/dm-multipath.xml:1570(para)
27579
#: serverguide/C/dm-multipath.xml:1569(para)
27490
27580
msgid ""
27491
27581
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
27492
27582
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
27495
27585
"of <filename>multipath.conf</filename>."
27496
27586
msgstr ""
27497
27587
27498
#: serverguide/C/dm-multipath.xml:1577(para)
27588
#: serverguide/C/dm-multipath.xml:1576(para)
27499
27589
msgid ""
27500
27590
"The following example shows the output of a <emphasis "
27501
27591
"role=\"bold\">multipath -l</emphasis> command."
27502
27592
msgstr ""
27503
27593
27504
#: serverguide/C/dm-multipath.xml:1580(screen)
27594
#: serverguide/C/dm-multipath.xml:1579(screen)
27505
27595
#, no-wrap
27506
27596
msgid ""
27507
27597
"# multipath -l\n"
27513
27603
" `- 7:0:0:0 sdf 8:80 active ready running"
27514
27604
msgstr ""
27515
27605
27516
#: serverguide/C/dm-multipath.xml:1588(para)
27606
#: serverguide/C/dm-multipath.xml:1587(para)
27517
27607
msgid ""
27518
27608
"The following example shows the output of a <emphasis "
27519
27609
"role=\"bold\">multipath -ll</emphasis> command."
27520
27610
msgstr ""
27521
27611
27522
#: serverguide/C/dm-multipath.xml:1591(screen)
27612
#: serverguide/C/dm-multipath.xml:1590(screen)
27523
27613
#, no-wrap
27524
27614
msgid ""
27525
27615
"# multipath -ll\n"
27536
27626
" `- 18:0:0:3 sdj 8:144 active ready running"
27537
27627
msgstr ""
27538
27628
27539
#: serverguide/C/dm-multipath.xml:1606(title)
27629
#: serverguide/C/dm-multipath.xml:1605(title)
27540
27630
msgid "Multipath Command Options"
27541
27631
msgstr ""
27542
27632
27543
#: serverguide/C/dm-multipath.xml:1608(para)
27633
#: serverguide/C/dm-multipath.xml:1607(para)
27544
27634
msgid ""
27545
27635
"Table <xref endterm=\"useful-multipath-command-options-title\" "
27546
27636
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
27548
27638
"useful."
27549
27639
msgstr ""
27550
27640
27551
#: serverguide/C/dm-multipath.xml:1614(title)
27641
#: serverguide/C/dm-multipath.xml:1613(title)
27552
27642
msgid "Useful multipath Command Options"
27553
27643
msgstr ""
27554
27644
27555
#: serverguide/C/dm-multipath.xml:1623(entry)
27645
#: serverguide/C/dm-multipath.xml:1622(entry)
27556
27646
msgid "Option"
27557
27647
msgstr ""
27558
27648
27559
#: serverguide/C/dm-multipath.xml:1630(emphasis)
27649
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27560
27650
msgid "-l"
27561
27651
msgstr ""
27562
27652
27563
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
27653
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27564
27654
msgid "sysfs"
27565
27655
msgstr ""
27566
27656
27567
#: serverguide/C/dm-multipath.xml:1631(entry)
27657
#: serverguide/C/dm-multipath.xml:1630(entry)
27568
27658
msgid ""
27569
27659
"Display the current multipath configuration gathered from <placeholder-1/> "
27570
27660
"and the device mapper."
27571
27661
msgstr ""
27572
27662
27573
#: serverguide/C/dm-multipath.xml:1637(emphasis)
27663
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27574
27664
msgid "-ll"
27575
27665
msgstr ""
27576
27666
27577
#: serverguide/C/dm-multipath.xml:1638(entry)
27667
#: serverguide/C/dm-multipath.xml:1637(entry)
27578
27668
msgid ""
27579
27669
"Display the current multipath configuration gathered from <placeholder-1/>, "
27580
27670
"the device mapper, and all other available components on the system."
27581
27671
msgstr ""
27582
27672
27583
#: serverguide/C/dm-multipath.xml:1644(emphasis)
27673
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27584
27674
msgid "-f device"
27585
27675
msgstr ""
27586
27676
27587
#: serverguide/C/dm-multipath.xml:1645(entry)
27677
#: serverguide/C/dm-multipath.xml:1644(entry)
27588
27678
msgid "Remove the named multipath device."
27589
27679
msgstr ""
27590
27680
27591
#: serverguide/C/dm-multipath.xml:1649(emphasis)
27681
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27592
27682
msgid "-F"
27593
27683
msgstr ""
27594
27684
27595
#: serverguide/C/dm-multipath.xml:1650(entry)
27685
#: serverguide/C/dm-multipath.xml:1649(entry)
27596
27686
msgid "Remove all unused multipath devices."
27597
27687
msgstr ""
27598
27688
27599
#: serverguide/C/dm-multipath.xml:1658(title)
27689
#: serverguide/C/dm-multipath.xml:1657(title)
27600
27690
msgid "Determining Device Mapper Entries with dmsetup Command"
27601
27691
msgstr ""
27602
27692
27603
#: serverguide/C/dm-multipath.xml:1660(para)
27693
#: serverguide/C/dm-multipath.xml:1659(para)
27604
27694
msgid ""
27605
27695
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27606
27696
"out which device mapper entries match the <emphasis "
27607
27697
"role=\"bold\">multipathed</emphasis> devices."
27608
27698
msgstr ""
27609
27699
27610
#: serverguide/C/dm-multipath.xml:1664(para)
27700
#: serverguide/C/dm-multipath.xml:1663(para)
27611
27701
msgid ""
27612
27702
"The following command displays all the device mapper devices and their major "
27613
27703
"and minor numbers. The minor numbers determine the name of the dm device. "
27616
27706
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
27617
27707
msgstr ""
27618
27708
27619
#: serverguide/C/dm-multipath.xml:1670(screen)
27709
#: serverguide/C/dm-multipath.xml:1669(screen)
27620
27710
#, no-wrap
27621
27711
msgid ""
27622
27712
"\n"
27639
27729
" "
27640
27730
msgstr ""
27641
27731
27642
#: serverguide/C/dm-multipath.xml:1691(title)
27732
#: serverguide/C/dm-multipath.xml:1690(title)
27643
27733
msgid "Troubleshooting with the multipathd interactive console"
27644
27734
msgstr ""
27645
27735
27646
#: serverguide/C/dm-multipath.xml:1693(para)
27736
#: serverguide/C/dm-multipath.xml:1692(para)
27647
27737
msgid ""
27648
27738
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
27649
27739
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
27653
27743
"role=\"bold\">CTRL-D</emphasis> to quit."
27654
27744
msgstr ""
27655
27745
27656
#: serverguide/C/dm-multipath.xml:1700(para)
27746
#: serverguide/C/dm-multipath.xml:1699(para)
27657
27747
msgid ""
27658
27748
"The multipathd interactive console can be used to troubleshoot problems you "
27659
27749
"may be having with your system. For example, the following command sequence "
27663
27753
"Multipathd\"</ulink> for more examples."
27664
27754
msgstr ""
27665
27755
27666
#: serverguide/C/dm-multipath.xml:1707(screen)
27756
#: serverguide/C/dm-multipath.xml:1706(screen)
27667
27757
#, no-wrap
27668
27758
msgid ""
27669
27759
"# multipathd -k\n"
27671
27761
" > > CTRL-D"
27672
27762
msgstr ""
27673
27763
27674
#: serverguide/C/dm-multipath.xml:1711(para)
27764
#: serverguide/C/dm-multipath.xml:1710(para)
27675
27765
msgid ""
27676
27766
"The following command sequence ensures that multipath has picked up any "
27677
27767
"changes to the multipath.conf,"
27678
27768
msgstr ""
27679
27769
27680
#: serverguide/C/dm-multipath.xml:1714(screen)
27770
#: serverguide/C/dm-multipath.xml:1713(screen)
27681
27771
#, no-wrap
27682
27772
msgid ""
27683
27773
"\n"
27686
27776
"> > CTRL-D\n"
27687
27777
msgstr ""
27688
27778
27689
#: serverguide/C/dm-multipath.xml:1720(para)
27779
#: serverguide/C/dm-multipath.xml:1719(para)
27690
27780
msgid ""
27691
27781
"Use the following command sequence to ensure that the path checker is "
27692
27782
"working properly."
27693
27783
msgstr ""
27694
27784
27695
#: serverguide/C/dm-multipath.xml:1723(screen)
27785
#: serverguide/C/dm-multipath.xml:1722(screen)
27696
27786
#, no-wrap
27697
27787
msgid ""
27698
27788
"\n"
27701
27791
"> > CTRL-D\n"
27702
27792
msgstr ""
27703
27793
27704
#: serverguide/C/dm-multipath.xml:1729(para)
27794
#: serverguide/C/dm-multipath.xml:1728(para)
27705
27795
msgid ""
27706
27796
"Commands can also be streamed into multipathd using stdin like so:<screen># "
27707
27797
"echo 'show config' | multipathd -k</screen>"
27715
27805
msgid "Ubuntu provides two popular database servers. They are:"
27716
27806
msgstr ""
27717
27807
27718
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27808
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27719
27809
msgid "MySQL"
27720
27810
msgstr ""
27721
27811
27722
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
27812
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
27723
27813
msgid "PostgreSQL"
27724
27814
msgstr ""
27725
27815
27740
27830
msgid "To install MySQL, run the following command from a terminal prompt:"
27741
27831
msgstr ""
27742
27832
27743
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
27833
#: serverguide/C/databases.xml:42(command)
27744
27834
msgid "sudo apt-get install mysql-server"
27745
27835
msgstr ""
27746
27836
27747
#: serverguide/C/databases.xml:51(para)
27837
#: serverguide/C/databases.xml:44(para)
27748
27838
msgid ""
27749
27839
"During the installation process you will be prompted to enter a password for "
27750
27840
"the MySQL root user."
27751
27841
msgstr ""
27752
27842
27753
#: serverguide/C/databases.xml:55(para)
27843
#: serverguide/C/databases.xml:48(para)
27754
27844
msgid ""
27755
27845
"Once the installation is complete, the MySQL server should be started "
27756
27846
"automatically. You can run the following command from a terminal prompt to "
27757
27847
"check whether the MySQL server is running:"
27758
27848
msgstr ""
27759
27849
27760
#: serverguide/C/databases.xml:62(command)
27850
#: serverguide/C/databases.xml:55(command)
27761
27851
msgid "sudo netstat -tap | grep mysql"
27762
27852
msgstr ""
27763
27853
27764
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
27854
#: serverguide/C/databases.xml:58(para)
27765
27855
msgid ""
27766
27856
"When you run this command, you should see the following line or something "
27767
27857
"similar:"
27768
27858
msgstr ""
27769
27859
27770
#: serverguide/C/databases.xml:69(programlisting)
27860
#: serverguide/C/databases.xml:62(programlisting)
27771
27861
#, no-wrap
27772
27862
msgid ""
27773
27863
"\n"
27775
27865
"2556/mysqld\n"
27776
27866
msgstr ""
27777
27867
27778
#: serverguide/C/databases.xml:72(para)
27868
#: serverguide/C/databases.xml:65(para)
27779
27869
msgid ""
27780
27870
"If the server is not running correctly, you can type the following command "
27781
27871
"to start it:"
27782
27872
msgstr ""
27783
27873
27784
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
27874
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
27785
27875
msgid "sudo service mysql restart"
27786
27876
msgstr ""
27787
27877
27788
#: serverguide/C/databases.xml:81(para)
27878
#: serverguide/C/databases.xml:74(para)
27789
27879
msgid ""
27790
27880
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
27791
27881
"the basic settings -- log file, port number, etc. For example, to configure "
27793
27883
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
27794
27884
msgstr ""
27795
27885
27796
#: serverguide/C/databases.xml:87(programlisting)
27886
#: serverguide/C/databases.xml:80(programlisting)
27797
27887
#, no-wrap
27798
27888
msgid ""
27799
27889
"\n"
27800
27890
"bind-address = 192.168.0.5\n"
27801
27891
msgstr ""
27802
27892
27803
#: serverguide/C/databases.xml:91(para)
27893
#: serverguide/C/databases.xml:84(para)
27804
27894
msgid "Replace 192.168.0.5 with the appropriate address."
27805
27895
msgstr ""
27806
27896
27807
#: serverguide/C/databases.xml:95(para)
27897
#: serverguide/C/databases.xml:88(para)
27808
27898
msgid ""
27809
27899
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
27810
27900
"daemon will need to be restarted:"
27811
27901
msgstr ""
27812
27902
27813
#: serverguide/C/databases.xml:102(para)
27903
#: serverguide/C/databases.xml:95(para)
27814
27904
msgid ""
27815
27905
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
27816
27906
"a terminal enter:"
27817
27907
msgstr ""
27818
27908
27819
#: serverguide/C/databases.xml:107(command)
27909
#: serverguide/C/databases.xml:100(command)
27820
27910
msgid "sudo dpkg-reconfigure mysql-server-5.5"
27821
27911
msgstr ""
27822
27912
27823
#: serverguide/C/databases.xml:109(para)
27913
#: serverguide/C/databases.xml:102(para)
27824
27914
msgid ""
27825
27915
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
27826
27916
"password."
27827
27917
msgstr ""
27828
27918
27829
#: serverguide/C/databases.xml:114(title)
27919
#: serverguide/C/databases.xml:107(title)
27830
27920
msgid "Database Engines"
27831
27921
msgstr ""
27832
27922
27833
#: serverguide/C/databases.xml:115(para)
27923
#: serverguide/C/databases.xml:108(para)
27834
27924
msgid ""
27835
27925
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
27836
27926
"perfectly functional and performs well there are things you may wish to "
27837
27927
"consider before you proceed."
27838
27928
msgstr ""
27839
27929
27840
#: serverguide/C/databases.xml:119(para)
27930
#: serverguide/C/databases.xml:112(para)
27841
27931
msgid ""
27842
27932
"MySQL is designed to allow data to be stored in different ways. These "
27843
27933
"methods are referred to as either database or storage engines. There are two "
27847
27937
"use, you will interact with the database in the same way."
27848
27938
msgstr ""
27849
27939
27850
#: serverguide/C/databases.xml:126(para)
27940
#: serverguide/C/databases.xml:119(para)
27851
27941
msgid "Each engine has its own advantages and disadvantages."
27852
27942
msgstr ""
27853
27943
27854
#: serverguide/C/databases.xml:129(para)
27944
#: serverguide/C/databases.xml:122(para)
27855
27945
msgid ""
27856
27946
"While it is possible, and may be advantageous to mix and match database "
27857
27947
"engines on a table level, doing so reduces the effectiveness of the "
27859
27949
"two engines instead of dedicating them to one."
27860
27950
msgstr ""
27861
27951
27862
#: serverguide/C/databases.xml:136(para)
27952
#: serverguide/C/databases.xml:129(para)
27863
27953
msgid ""
27864
27954
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
27865
27955
"circumstances and favours a read only workload. Some web applications have "
27875
27965
"production/\">MyISAM on a production database</ulink>."
27876
27966
msgstr ""
27877
27967
27878
#: serverguide/C/databases.xml:150(para)
27968
#: serverguide/C/databases.xml:143(para)
27879
27969
msgid ""
27880
27970
"InnoDB is a more modern database engine, designed to be <ulink "
27881
27971
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
27888
27978
"reliable data recovery as data consistency can be checked."
27889
27979
msgstr ""
27890
27980
27891
#: serverguide/C/databases.xml:163(para)
27981
#: serverguide/C/databases.xml:156(para)
27892
27982
msgid ""
27893
27983
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
27894
27984
"MyISAM unless you have specific need for features unique to the engine."
27895
27985
msgstr ""
27896
27986
27897
#: serverguide/C/databases.xml:170(title)
27987
#: serverguide/C/databases.xml:163(title)
27898
27988
msgid "Creating a tuned my.cnf file"
27899
27989
msgstr ""
27900
27990
27901
#: serverguide/C/databases.xml:171(para)
27991
#: serverguide/C/databases.xml:164(para)
27902
27992
msgid ""
27903
27993
"There are a number of parameters that can be adjusted within MySQL's "
27904
27994
"configuration file that will allow you to improve the performance of the "
27951
28041
"</screen> Once that is complete all is good to go!"
27952
28042
msgstr ""
27953
28043
27954
#: serverguide/C/databases.xml:213(para)
28044
#: serverguide/C/databases.xml:206(para)
27955
28045
msgid ""
27956
28046
"This is not necessary for all my.cnf changes. Most of the variables you may "
27957
28047
"wish to change to improve performance are adjustable even whilst the server "
27959
28049
"files and data before making changes."
27960
28050
msgstr ""
27961
28051
27962
#: serverguide/C/databases.xml:222(title)
28052
#: serverguide/C/databases.xml:215(title)
27963
28053
msgid "MySQL Tuner"
27964
28054
msgstr ""
27965
28055
27966
#: serverguide/C/databases.xml:223(para)
28056
#: serverguide/C/databases.xml:216(para)
27967
28057
msgid ""
27968
28058
"<application>MySQL Tuner</application> is a useful tool that will connect to "
27969
28059
"a running MySQL instance and offer suggestions for how it can be best "
27995
28085
"</screen>"
27996
28086
msgstr ""
27997
28087
27998
#: serverguide/C/databases.xml:257(para)
28088
#: serverguide/C/databases.xml:250(para)
27999
28089
msgid ""
28000
28090
"One final comment on tuning databases: Whilst we can broadly say that "
28001
28091
"certain settings are the best, performance can vary from application to "
28010
28100
"either using more powerful hardware or by adding slave servers."
28011
28101
msgstr ""
28012
28102
28013
#: serverguide/C/databases.xml:274(para)
28103
#: serverguide/C/databases.xml:267(para)
28014
28104
msgid ""
28015
28105
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
28016
28106
"more information."
28017
28107
msgstr ""
28018
28108
28019
#: serverguide/C/databases.xml:279(para)
28109
#: serverguide/C/databases.xml:272(para)
28020
28110
msgid ""
28021
28111
"Full documentation is available in both online and offline formats from the "
28022
28112
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
28023
28113
msgstr ""
28024
28114
28025
#: serverguide/C/databases.xml:285(para)
28115
#: serverguide/C/databases.xml:278(para)
28026
28116
msgid ""
28027
28117
"For general SQL information see <ulink "
28028
28118
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
28029
28119
"SQL Special Edition</ulink> by Rafe Colburn."
28030
28120
msgstr ""
28031
28121
28032
#: serverguide/C/databases.xml:291(para)
28122
#: serverguide/C/databases.xml:284(para)
28033
28123
msgid ""
28034
28124
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
28035
28125
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
28048
28138
"in the command prompt:"
28049
28139
msgstr ""
28050
28140
28051
#: serverguide/C/databases.xml:314(command)
28141
#: serverguide/C/databases.xml:307(command)
28052
28142
msgid "sudo apt-get install postgresql"
28053
28143
msgstr ""
28054
28144
28095
28185
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
28096
28186
msgstr ""
28097
28187
28098
#: serverguide/C/databases.xml:346(para)
28188
#: serverguide/C/databases.xml:339(para)
28099
28189
msgid ""
28100
28190
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
28101
28191
"change it to:"
28127
28217
"default <application>PostgreSQL</application> template database:"
28128
28218
msgstr ""
28129
28219
28130
#: serverguide/C/databases.xml:370(command)
28220
#: serverguide/C/databases.xml:362(command)
28131
28221
msgid "sudo -u postgres psql template1"
28132
28222
msgstr ""
28133
28223
28141
28231
"user <emphasis role=\"italics\">postgres</emphasis>."
28142
28232
msgstr ""
28143
28233
28144
#: serverguide/C/databases.xml:380(command)
28234
#: serverguide/C/databases.xml:372(command)
28145
28235
msgid "ALTER USER postgres with encrypted password 'your_password';"
28146
28236
msgstr ""
28147
28237
28153
28243
"<emphasis>postgres</emphasis> user:"
28154
28244
msgstr ""
28155
28245
28156
#: serverguide/C/databases.xml:388(programlisting)
28246
#: serverguide/C/databases.xml:380(programlisting)
28157
28247
#, no-wrap
28158
28248
msgid ""
28159
28249
"\n"
28160
28250
"local all postgres md5\n"
28161
28251
msgstr ""
28162
28252
28163
#: serverguide/C/databases.xml:392(para)
28253
#: serverguide/C/databases.xml:384(para)
28164
28254
msgid ""
28165
28255
"Finally, you should restart the <application>PostgreSQL</application> "
28166
28256
"service to initialize the new configuration. From a terminal prompt enter "
28196
28286
msgid "Replace the domain name with your actual server domain name."
28197
28287
msgstr ""
28198
28288
28199
#: serverguide/C/backups.xml:11(title)
28289
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28200
28290
msgid "Backups"
28201
28291
msgstr ""
28202
28292
28227
28317
"9.1/html/index.html</command> into the address bar of your browser."
28228
28318
msgstr ""
28229
28319
28230
#: serverguide/C/databases.xml:426(para)
28320
#: serverguide/C/databases.xml:436(para)
28231
28321
msgid ""
28232
28322
"For general SQL information see <ulink "
28233
28323
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
28234
28324
"Special Edition</ulink> by Rafe Colburn."
28235
28325
msgstr ""
28236
28326
28237
#: serverguide/C/databases.xml:432(para)
28327
#: serverguide/C/databases.xml:442(para)
28238
28328
msgid ""
28239
28329
"Also, see the <ulink "
28240
28330
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
28867
28957
#: serverguide/C/cgroups.xml:113(para)
28868
28958
msgid ""
28869
28959
"and tasks can be moved into the new child cgroup by writing their process "
28870
"ids into the 'tasks' or 'cgroup.procs' file:"
28960
"IDs into the 'tasks' or 'cgroup.procs' file:"
28871
28961
msgstr ""
28872
28962
28873
28963
#: serverguide/C/cgroups.xml:118(command)
28874
msgid "sleep 100 echo $! > /cgroup1/child1/cgroup.procs"
28964
msgid "sleep 100 & echo $! > /cgroup1/child1/cgroup.procs"
28875
28965
msgstr ""
28876
28966
28877
28967
#: serverguide/C/cgroups.xml:123(para)
29035
29125
#, no-wrap
29036
29126
msgid ""
29037
29127
"\n"
29038
"#!/bin/sh\n"
29128
"#!/bin/bash\n"
29039
29129
"####################################\n"
29040
29130
"#\n"
29041
29131
"# Backup to NFS mount script.\n"
29160
29250
#: serverguide/C/backups.xml:153(para)
29161
29251
msgid ""
29162
29252
"The simplest way of executing the above backup script is to copy and paste "
29163
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29164
"from a terminal prompt:"
29253
"the contents into a file. <filename>backup.sh</filename> for example. The "
29254
"file must be made executable:"
29165
29255
msgstr ""
29166
29256
29167
29257
#: serverguide/C/backups.xml:158(command)
29168
msgid "sudo bash backup.sh"
29258
msgid "chmod u+x backup.sh"
29169
29259
msgstr ""
29170
29260
29171
29261
#: serverguide/C/backups.xml:160(para)
29262
msgid "Then from a terminal prompt:"
29263
msgstr ""
29264
29265
#: serverguide/C/backups.xml:164(command)
29266
msgid "sudo ./backup.sh"
29267
msgstr ""
29268
29269
#: serverguide/C/backups.xml:166(para)
29172
29270
msgid ""
29173
29271
"This is a great way to test the script to make sure everything works as "
29174
29272
"expected."
29175
29273
msgstr ""
29176
29274
29177
#: serverguide/C/backups.xml:165(title)
29275
#: serverguide/C/backups.xml:171(title)
29178
29276
msgid "Executing with cron"
29179
29277
msgstr ""
29180
29278
29181
#: serverguide/C/backups.xml:166(para)
29279
#: serverguide/C/backups.xml:172(para)
29182
29280
msgid ""
29183
29281
"The <application>cron</application> utility can be used to automate the "
29184
29282
"script execution. The <application>cron</application> daemon allows the "
29185
29283
"execution of scripts, or commands, at a specified time and date."
29186
29284
msgstr ""
29187
29285
29188
#: serverguide/C/backups.xml:170(para)
29286
#: serverguide/C/backups.xml:176(para)
29189
29287
msgid ""
29190
29288
"<application>cron</application> is configured through entries in a "
29191
29289
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29192
29290
"separated into fields:"
29193
29291
msgstr ""
29194
29292
29195
#: serverguide/C/backups.xml:174(programlisting)
29293
#: serverguide/C/backups.xml:180(programlisting)
29196
29294
#, no-wrap
29197
29295
msgid ""
29198
29296
"\n"
29199
29297
"# m h dom mon dow command\n"
29200
29298
msgstr ""
29201
29299
29202
#: serverguide/C/backups.xml:179(para)
29300
#: serverguide/C/backups.xml:185(para)
29203
29301
msgid ""
29204
29302
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29205
29303
msgstr ""
29206
29304
29207
#: serverguide/C/backups.xml:184(para)
29305
#: serverguide/C/backups.xml:190(para)
29208
29306
msgid ""
29209
29307
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29210
29308
msgstr ""
29211
29309
29212
#: serverguide/C/backups.xml:189(para)
29310
#: serverguide/C/backups.xml:195(para)
29213
29311
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29214
29312
msgstr ""
29215
29313
29216
#: serverguide/C/backups.xml:194(para)
29314
#: serverguide/C/backups.xml:200(para)
29217
29315
msgid ""
29218
29316
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29219
29317
"12."
29220
29318
msgstr ""
29221
29319
29222
#: serverguide/C/backups.xml:199(para)
29320
#: serverguide/C/backups.xml:205(para)
29223
29321
msgid ""
29224
29322
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29225
29323
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29226
29324
"valid."
29227
29325
msgstr ""
29228
29326
29229
#: serverguide/C/backups.xml:204(para)
29327
#: serverguide/C/backups.xml:210(para)
29230
29328
msgid "<emphasis>command:</emphasis> the command to execute."
29231
29329
msgstr ""
29232
29330
29233
#: serverguide/C/backups.xml:209(para)
29331
#: serverguide/C/backups.xml:215(para)
29234
29332
msgid ""
29235
29333
"To add or change entries in a <filename>crontab</filename> file the "
29236
29334
"<application>crontab -e</application> command should be used. Also, the "
29238
29336
"<application>crontab -l</application> command."
29239
29337
msgstr ""
29240
29338
29241
#: serverguide/C/backups.xml:213(para)
29339
#: serverguide/C/backups.xml:219(para)
29242
29340
msgid ""
29243
29341
"To execute the <application>backup.sh</application> script listed above "
29244
29342
"using <application>cron</application>. Enter the following from a terminal "
29245
29343
"prompt:"
29246
29344
msgstr ""
29247
29345
29248
#: serverguide/C/backups.xml:218(command)
29346
#: serverguide/C/backups.xml:224(command)
29249
29347
msgid "sudo crontab -e"
29250
29348
msgstr ""
29251
29349
29252
#: serverguide/C/backups.xml:221(para)
29350
#: serverguide/C/backups.xml:227(para)
29253
29351
msgid ""
29254
29352
"Using <application>sudo</application> with the <application>crontab -"
29255
29353
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
29257
29355
"access to."
29258
29356
msgstr ""
29259
29357
29260
#: serverguide/C/backups.xml:226(para)
29358
#: serverguide/C/backups.xml:232(para)
29261
29359
msgid "Add the following entry to the <filename>crontab</filename> file:"
29262
29360
msgstr ""
29263
29361
29264
#: serverguide/C/backups.xml:229(programlisting)
29362
#: serverguide/C/backups.xml:235(programlisting)
29265
29363
#, no-wrap
29266
29364
msgid ""
29267
29365
"\n"
29269
29367
"0 0 * * * bash /usr/local/bin/backup.sh\n"
29270
29368
msgstr ""
29271
29369
29272
#: serverguide/C/backups.xml:233(para)
29370
#: serverguide/C/backups.xml:239(para)
29273
29371
msgid ""
29274
29372
"The <application>backup.sh</application> script will now be executed every "
29275
29373
"day at 12:00 am."
29276
29374
msgstr ""
29277
29375
29278
#: serverguide/C/backups.xml:237(para)
29376
#: serverguide/C/backups.xml:243(para)
29279
29377
msgid ""
29280
29378
"The <application>backup.sh</application> script will need to be copied to "
29281
29379
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
29283
29381
"simply change the script path appropriately."
29284
29382
msgstr ""
29285
29383
29286
#: serverguide/C/backups.xml:242(para)
29384
#: serverguide/C/backups.xml:248(para)
29287
29385
msgid ""
29288
29386
"For more in-depth <application>crontab</application> options see <xref "
29289
29387
"linkend=\"backup-shellscript-references\"/>."
29290
29388
msgstr ""
29291
29389
29292
#: serverguide/C/backups.xml:248(title)
29390
#: serverguide/C/backups.xml:254(title)
29293
29391
msgid "Restoring from the Archive"
29294
29392
msgstr ""
29295
29393
29296
#: serverguide/C/backups.xml:249(para)
29394
#: serverguide/C/backups.xml:255(para)
29297
29395
msgid ""
29298
29396
"Once an archive has been created it is important to test the archive. The "
29299
29397
"archive can be tested by listing the files it contains, but the best test is "
29300
29398
"to <emphasis>restore</emphasis> a file from the archive."
29301
29399
msgstr ""
29302
29400
29303
#: serverguide/C/backups.xml:255(para)
29401
#: serverguide/C/backups.xml:261(para)
29304
29402
msgid ""
29305
29403
"To see a listing of the archive contents. From a terminal prompt type:"
29306
29404
msgstr ""
29307
29405
29308
#: serverguide/C/backups.xml:259(command)
29406
#: serverguide/C/backups.xml:265(command)
29309
29407
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29310
29408
msgstr ""
29311
29409
29312
#: serverguide/C/backups.xml:263(para)
29410
#: serverguide/C/backups.xml:269(para)
29313
29411
msgid "To restore a file from the archive to a different directory enter:"
29314
29412
msgstr ""
29315
29413
29316
#: serverguide/C/backups.xml:267(command)
29414
#: serverguide/C/backups.xml:273(command)
29317
29415
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29318
29416
msgstr ""
29319
29417
29320
#: serverguide/C/backups.xml:269(para)
29418
#: serverguide/C/backups.xml:275(para)
29321
29419
msgid ""
29322
29420
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29323
29421
"redirects the extracted files to the specified directory. The above example "
29326
29424
"recreates the directory structure that it contains."
29327
29425
msgstr ""
29328
29426
29329
#: serverguide/C/backups.xml:274(para)
29427
#: serverguide/C/backups.xml:280(para)
29330
29428
msgid ""
29331
29429
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29332
29430
"the file to restore."
29333
29431
msgstr ""
29334
29432
29335
#: serverguide/C/backups.xml:279(para)
29433
#: serverguide/C/backups.xml:285(para)
29336
29434
msgid "To restore all files in the archive enter the following:"
29337
29435
msgstr ""
29338
29436
29339
#: serverguide/C/backups.xml:283(command)
29437
#: serverguide/C/backups.xml:289(command)
29340
29438
msgid "cd /"
29341
29439
msgstr ""
29342
29440
29343
#: serverguide/C/backups.xml:284(command)
29441
#: serverguide/C/backups.xml:290(command)
29344
29442
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29345
29443
msgstr ""
29346
29444
29347
#: serverguide/C/backups.xml:289(para)
29445
#: serverguide/C/backups.xml:295(para)
29348
29446
msgid "This will overwrite the files currently on the file system."
29349
29447
msgstr ""
29350
29448
29351
#: serverguide/C/backups.xml:298(para)
29449
#: serverguide/C/backups.xml:304(para)
29352
29450
msgid ""
29353
29451
"For more information on shell scripting see the <ulink "
29354
29452
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29355
29453
msgstr ""
29356
29454
29357
#: serverguide/C/backups.xml:303(para)
29455
#: serverguide/C/backups.xml:309(para)
29358
29456
msgid ""
29359
29457
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29360
29458
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29361
29459
"great resource for shell scripting."
29362
29460
msgstr ""
29363
29461
29364
#: serverguide/C/backups.xml:309(para)
29462
#: serverguide/C/backups.xml:315(para)
29365
29463
msgid ""
29366
29464
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29367
29465
"Wiki Page</ulink> contains details on advanced "
29368
29466
"<application>cron</application> options."
29369
29467
msgstr ""
29370
29468
29371
#: serverguide/C/backups.xml:316(para)
29469
#: serverguide/C/backups.xml:322(para)
29372
29470
msgid ""
29373
29471
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29374
29472
"tar Manual</ulink> for more <application>tar</application> options."
29375
29473
msgstr ""
29376
29474
29377
#: serverguide/C/backups.xml:322(para)
29475
#: serverguide/C/backups.xml:328(para)
29378
29476
msgid ""
29379
29477
"The Wikipedia <ulink "
29380
29478
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29381
29479
"Scheme</ulink> article contains information on other backup rotation schemes."
29382
29480
msgstr ""
29383
29481
29384
#: serverguide/C/backups.xml:328(para)
29482
#: serverguide/C/backups.xml:334(para)
29385
29483
msgid ""
29386
29484
"The shell script uses <application>tar</application> to create the archive, "
29387
29485
"but there many other command line utilities that can be used. For example:"
29388
29486
msgstr ""
29389
29487
29390
#: serverguide/C/backups.xml:334(para)
29488
#: serverguide/C/backups.xml:340(para)
29391
29489
msgid ""
29392
29490
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29393
29491
"files to and from archives."
29394
29492
msgstr ""
29395
29493
29396
#: serverguide/C/backups.xml:339(para)
29494
#: serverguide/C/backups.xml:345(para)
29397
29495
msgid ""
29398
29496
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29399
29497
"the <application>coreutils</application> package. A low level utility that "
29400
29498
"can copy data from one format to another."
29401
29499
msgstr ""
29402
29500
29403
#: serverguide/C/backups.xml:345(para)
29501
#: serverguide/C/backups.xml:351(para)
29404
29502
msgid ""
29405
29503
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29406
29504
"snapshot utility used to create copies of an entire file system."
29407
29505
msgstr ""
29408
29506
29409
#: serverguide/C/backups.xml:351(para)
29507
#: serverguide/C/backups.xml:357(para)
29410
29508
msgid ""
29411
29509
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29412
29510
"flexible utility used to create incremental copies of files."
29413
29511
msgstr ""
29414
29512
29415
#: serverguide/C/backups.xml:362(title)
29513
#: serverguide/C/backups.xml:368(title)
29416
29514
msgid "Archive Rotation"
29417
29515
msgstr ""
29418
29516
29419
#: serverguide/C/backups.xml:363(para)
29517
#: serverguide/C/backups.xml:369(para)
29420
29518
msgid ""
29421
29519
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29422
29520
"seven different archives. For a server whose data doesn't change often, this "
29424
29522
"rotation scheme should be used."
29425
29523
msgstr ""
29426
29524
29427
#: serverguide/C/backups.xml:369(title)
29525
#: serverguide/C/backups.xml:375(title)
29428
29526
msgid "Rotating NFS Archives"
29429
29527
msgstr ""
29430
29528
29431
#: serverguide/C/backups.xml:370(para)
29529
#: serverguide/C/backups.xml:376(para)
29432
29530
msgid ""
29433
29531
"In this section, the shell script will be slightly modified to implement a "
29434
29532
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29435
29533
msgstr ""
29436
29534
29437
#: serverguide/C/backups.xml:376(para)
29535
#: serverguide/C/backups.xml:382(para)
29438
29536
msgid ""
29439
29537
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29440
29538
"Friday."
29441
29539
msgstr ""
29442
29540
29443
#: serverguide/C/backups.xml:381(para)
29541
#: serverguide/C/backups.xml:387(para)
29444
29542
msgid ""
29445
29543
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29446
29544
"weekly backups a month."
29447
29545
msgstr ""
29448
29546
29449
#: serverguide/C/backups.xml:386(para)
29547
#: serverguide/C/backups.xml:392(para)
29450
29548
msgid ""
29451
29549
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29452
29550
"rotating two monthly backups based on if the month is odd or even."
29453
29551
msgstr ""
29454
29552
29455
#: serverguide/C/backups.xml:392(para)
29553
#: serverguide/C/backups.xml:398(para)
29456
29554
msgid "Here is the new script:"
29457
29555
msgstr ""
29458
29556
29459
#: serverguide/C/backups.xml:395(programlisting)
29557
#: serverguide/C/backups.xml:401(programlisting)
29460
29558
#, no-wrap
29461
29559
msgid ""
29462
29560
"\n"
29525
29623
"ls -lh $dest/\n"
29526
29624
msgstr ""
29527
29625
29528
#: serverguide/C/backups.xml:460(para)
29626
#: serverguide/C/backups.xml:466(para)
29529
29627
msgid ""
29530
29628
"The script can be executed using the same methods as in <xref "
29531
29629
"linkend=\"backup-executing-shellscript\"/>."
29532
29630
msgstr ""
29533
29631
29534
#: serverguide/C/backups.xml:463(para)
29632
#: serverguide/C/backups.xml:469(para)
29535
29633
msgid ""
29536
29634
"It is good practice to take backup media off-site in case of a disaster. In "
29537
29635
"the shell script example the backup media is another server providing an NFS "
29540
29638
"the archive file over a WAN link to a server in another location."
29541
29639
msgstr ""
29542
29640
29543
#: serverguide/C/backups.xml:469(para)
29641
#: serverguide/C/backups.xml:475(para)
29544
29642
msgid ""
29545
29643
"Another option is to copy the archive file to an external hard drive which "
29546
29644
"can then be taken off-site. Since the price of external hard drives continue "
29549
29647
"backup server and one in another location."
29550
29648
msgstr ""
29551
29649
29552
#: serverguide/C/backups.xml:476(title)
29650
#: serverguide/C/backups.xml:482(title)
29553
29651
msgid "Tape Drives"
29554
29652
msgstr ""
29555
29653
29556
#: serverguide/C/backups.xml:477(para)
29654
#: serverguide/C/backups.xml:483(para)
29557
29655
msgid ""
29558
29656
"A tape drive attached to the server can be used instead of an NFS share. "
29559
29657
"Using a tape drive simplifies archive rotation, and makes taking the media "
29560
29658
"off-site easier as well."
29561
29659
msgstr ""
29562
29660
29563
#: serverguide/C/backups.xml:481(para)
29661
#: serverguide/C/backups.xml:487(para)
29564
29662
msgid ""
29565
29663
"When using a tape drive, the filename portions of the script aren't needed "
29566
29664
"because the data is sent directly to the tape device. Some commands to "
29569
29667
"<application>cpio</application> package."
29570
29668
msgstr ""
29571
29669
29572
#: serverguide/C/backups.xml:486(para)
29670
#: serverguide/C/backups.xml:492(para)
29573
29671
msgid "Here is the shell script modified to use a tape drive:"
29574
29672
msgstr ""
29575
29673
29576
#: serverguide/C/backups.xml:489(programlisting)
29674
#: serverguide/C/backups.xml:495(programlisting)
29577
29675
#, no-wrap
29578
29676
msgid ""
29579
29677
"\n"
29610
29708
"date\n"
29611
29709
msgstr ""
29612
29710
29613
#: serverguide/C/backups.xml:523(para)
29711
#: serverguide/C/backups.xml:529(para)
29614
29712
msgid ""
29615
29713
"The default device name for a SCSI tape drive is "
29616
29714
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
29617
29715
"system."
29618
29716
msgstr ""
29619
29717
29620
#: serverguide/C/backups.xml:528(para)
29718
#: serverguide/C/backups.xml:534(para)
29621
29719
msgid ""
29622
29720
"Restoring from a tape drive is basically the same as restoring from a file. "
29623
29721
"Simply rewind the tape and use the device path instead of a file path. For "
29625
29723
"<filename>/tmp/etc/hosts</filename>:"
29626
29724
msgstr ""
29627
29725
29628
#: serverguide/C/backups.xml:533(command)
29726
#: serverguide/C/backups.xml:539(command)
29629
29727
msgid "mt -f /dev/st0 rewind"
29630
29728
msgstr ""
29631
29729
29632
#: serverguide/C/backups.xml:534(command)
29730
#: serverguide/C/backups.xml:540(command)
29633
29731
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
29634
29732
msgstr ""
29635
29733
29636
#: serverguide/C/backups.xml:539(title)
29734
#: serverguide/C/backups.xml:545(title)
29637
29735
msgid "Bacula"
29638
29736
msgstr ""
29639
29737
29640
#: serverguide/C/backups.xml:540(para)
29738
#: serverguide/C/backups.xml:546(para)
29641
29739
msgid ""
29642
29740
"<application>Bacula</application> is a backup program enabling you to "
29643
29741
"backup, restore, and verify data across your network. There are Bacula "
29645
29743
"network wide solution."
29646
29744
msgstr ""
29647
29745
29648
#: serverguide/C/backups.xml:546(para)
29746
#: serverguide/C/backups.xml:552(para)
29649
29747
msgid ""
29650
29748
"<application>Bacula</application> is made up of several components and "
29651
29749
"services used to manage which files to backup and backup locations:"
29652
29750
msgstr ""
29653
29751
29654
#: serverguide/C/backups.xml:551(para)
29752
#: serverguide/C/backups.xml:557(para)
29655
29753
msgid ""
29656
29754
"<application>Bacula Director:</application> a service that controls all "
29657
29755
"backup, restore, verify, and archive operations."
29658
29756
msgstr ""
29659
29757
29660
#: serverguide/C/backups.xml:556(para)
29758
#: serverguide/C/backups.xml:562(para)
29661
29759
msgid ""
29662
29760
"<application>Bacula Console:</application> an application allowing "
29663
29761
"communication with the Director. There are three versions of the Console:"
29664
29762
msgstr ""
29665
29763
29666
#: serverguide/C/backups.xml:561(para)
29764
#: serverguide/C/backups.xml:567(para)
29667
29765
msgid "Text based command line version."
29668
29766
msgstr ""
29669
29767
29670
#: serverguide/C/backups.xml:562(para)
29768
#: serverguide/C/backups.xml:568(para)
29671
29769
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
29672
29770
msgstr ""
29673
29771
29674
#: serverguide/C/backups.xml:563(para)
29772
#: serverguide/C/backups.xml:569(para)
29675
29773
msgid "wxWidgets GUI interface."
29676
29774
msgstr ""
29677
29775
29678
#: serverguide/C/backups.xml:567(para)
29776
#: serverguide/C/backups.xml:573(para)
29679
29777
msgid ""
29680
29778
"<application>Bacula File:</application> also known as the "
29681
29779
"<application>Bacula Client</application> program. This application is "
29683
29781
"requested by the Director."
29684
29782
msgstr ""
29685
29783
29686
#: serverguide/C/backups.xml:573(para)
29784
#: serverguide/C/backups.xml:579(para)
29687
29785
msgid ""
29688
29786
"<application>Bacula Storage:</application> the programs that perform the "
29689
29787
"storage and recovery of data to the physical media."
29690
29788
msgstr ""
29691
29789
29692
#: serverguide/C/backups.xml:578(para)
29790
#: serverguide/C/backups.xml:584(para)
29693
29791
msgid ""
29694
29792
"<application>Bacula Catalog:</application> is responsible for maintaining "
29695
29793
"the file indexes and volume databases for all files backed up, enabling "
29697
29795
"different databases MySQL, PostgreSQL, and SQLite."
29698
29796
msgstr ""
29699
29797
29700
#: serverguide/C/backups.xml:584(para)
29798
#: serverguide/C/backups.xml:590(para)
29701
29799
msgid ""
29702
29800
"<application>Bacula Monitor:</application> allows the monitoring of the "
29703
29801
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
29704
29802
"available as a GTK+ GUI application."
29705
29803
msgstr ""
29706
29804
29707
#: serverguide/C/backups.xml:590(para)
29805
#: serverguide/C/backups.xml:596(para)
29708
29806
msgid ""
29709
29807
"These services and applications can be run on multiple servers and clients, "
29710
29808
"or they can be installed on one machine if backing up a single disk or "
29711
29809
"volume."
29712
29810
msgstr ""
29713
29811
29714
#: serverguide/C/backups.xml:598(para)
29812
#: serverguide/C/backups.xml:604(para)
29715
29813
msgid ""
29716
29814
"If using MySQL or PostgreSQL as your database, you should already have the "
29717
29815
"services available. <application>Bacula</application> will not install them "
29718
29816
"for you."
29719
29817
msgstr ""
29720
29818
29721
#: serverguide/C/backups.xml:603(para)
29819
#: serverguide/C/backups.xml:609(para)
29722
29820
msgid ""
29723
29821
"There are multiple packages containing the different "
29724
29822
"<application>Bacula</application> components. To install Bacula, from a "
29725
29823
"terminal prompt enter:"
29726
29824
msgstr ""
29727
29825
29728
#: serverguide/C/backups.xml:608(command)
29826
#: serverguide/C/backups.xml:614(command)
29729
29827
msgid "sudo apt-get install bacula"
29730
29828
msgstr ""
29731
29829
29732
#: serverguide/C/backups.xml:610(para)
29830
#: serverguide/C/backups.xml:616(para)
29733
29831
msgid ""
29734
29832
"By default installing the <application>bacula</application> package will use "
29735
29833
"a <application>MySQL</application> database for the Catalog. If you want to "
29738
29836
"pgsql</application> respectively."
29739
29837
msgstr ""
29740
29838
29741
#: serverguide/C/backups.xml:616(para)
29839
#: serverguide/C/backups.xml:622(para)
29742
29840
msgid ""
29743
29841
"During the install process you will be asked to supply credentials for the "
29744
29842
"database <emphasis>administrator</emphasis> and the "
29747
29845
"database, see <xref linkend=\"mysql\"/> for more information."
29748
29846
msgstr ""
29749
29847
29750
#: serverguide/C/backups.xml:626(para)
29848
#: serverguide/C/backups.xml:632(para)
29751
29849
msgid ""
29752
29850
"<application>Bacula</application> configuration files are formatted based on "
29753
29851
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
29756
29854
"directory."
29757
29855
msgstr ""
29758
29856
29759
#: serverguide/C/backups.xml:631(para)
29857
#: serverguide/C/backups.xml:637(para)
29760
29858
msgid ""
29761
29859
"The various <application>Bacula</application> components must authorize "
29762
29860
"themselves to each other. This is accomplished using the "
29767
29865
"<filename>/etc/bacula/bacula-sd.conf</filename>."
29768
29866
msgstr ""
29769
29867
29770
#: serverguide/C/backups.xml:637(para)
29868
#: serverguide/C/backups.xml:643(para)
29771
29869
msgid ""
29772
29870
"By default the backup job named <emphasis>Client1</emphasis> is configured "
29773
29871
"to archive the <application>Bacula</application> Catalog. If you plan on "
29776
29874
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
29777
29875
msgstr ""
29778
29876
29779
#: serverguide/C/backups.xml:642(programlisting)
29877
#: serverguide/C/backups.xml:648(programlisting)
29780
29878
#, no-wrap
29781
29879
msgid ""
29782
29880
"\n"
29790
29888
"}\n"
29791
29889
msgstr ""
29792
29890
29793
#: serverguide/C/backups.xml:653(para)
29891
#: serverguide/C/backups.xml:659(para)
29794
29892
msgid ""
29795
29893
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
29796
29894
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
29797
29895
"your appropriate hostname, or other descriptive name."
29798
29896
msgstr ""
29799
29897
29800
#: serverguide/C/backups.xml:658(para)
29898
#: serverguide/C/backups.xml:664(para)
29801
29899
msgid ""
29802
29900
"The <emphasis>Console</emphasis> can be used to query the "
29803
29901
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
29806
29904
"the following from a terminal:"
29807
29905
msgstr ""
29808
29906
29809
#: serverguide/C/backups.xml:664(command)
29907
#: serverguide/C/backups.xml:670(command)
29810
29908
msgid "sudo adduser $username bacula"
29811
29909
msgstr ""
29812
29910
29813
#: serverguide/C/backups.xml:667(para)
29911
#: serverguide/C/backups.xml:673(para)
29814
29912
msgid ""
29815
29913
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
29816
29914
"you are adding the current user to the group you should log out and back in "
29817
29915
"for the new permissions to take effect."
29818
29916
msgstr ""
29819
29917
29820
#: serverguide/C/backups.xml:674(title)
29918
#: serverguide/C/backups.xml:680(title)
29821
29919
msgid "Localhost Backup"
29822
29920
msgstr ""
29823
29921
29824
#: serverguide/C/backups.xml:675(para)
29922
#: serverguide/C/backups.xml:681(para)
29825
29923
msgid ""
29826
29924
"This section describes how to backup specified directories on a single host "
29827
29925
"to a local tape drive."
29828
29926
msgstr ""
29829
29927
29830
#: serverguide/C/backups.xml:680(para)
29928
#: serverguide/C/backups.xml:686(para)
29831
29929
msgid ""
29832
29930
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
29833
29931
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
29834
29932
msgstr ""
29835
29933
29836
#: serverguide/C/backups.xml:683(programlisting)
29934
#: serverguide/C/backups.xml:689(programlisting)
29837
29935
#, no-wrap
29838
29936
msgid ""
29839
29937
"\n"
29851
29949
"}\n"
29852
29950
msgstr ""
29853
29951
29854
#: serverguide/C/backups.xml:697(para)
29952
#: serverguide/C/backups.xml:703(para)
29855
29953
msgid ""
29856
29954
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
29857
29955
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
29858
29956
"hardware."
29859
29957
msgstr ""
29860
29958
29861
#: serverguide/C/backups.xml:700(para)
29959
#: serverguide/C/backups.xml:706(para)
29862
29960
msgid "You could also uncomment one of the other examples in the file."
29863
29961
msgstr ""
29864
29962
29865
#: serverguide/C/backups.xml:705(para)
29963
#: serverguide/C/backups.xml:711(para)
29866
29964
msgid ""
29867
29965
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
29868
29966
"<application>Storage</application> daemon will need to be restarted:"
29869
29967
msgstr ""
29870
29968
29871
#: serverguide/C/backups.xml:710(command)
29969
#: serverguide/C/backups.xml:716(command)
29872
29970
msgid "sudo service bacula-sd restart"
29873
29971
msgstr ""
29874
29972
29875
#: serverguide/C/backups.xml:714(para)
29973
#: serverguide/C/backups.xml:720(para)
29876
29974
msgid ""
29877
29975
"Now add a <emphasis>Storage</emphasis> resource in "
29878
29976
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
29879
29977
msgstr ""
29880
29978
29881
#: serverguide/C/backups.xml:717(programlisting)
29979
#: serverguide/C/backups.xml:723(programlisting)
29882
29980
#, no-wrap
29883
29981
msgid ""
29884
29982
"\n"
29895
29993
"}\n"
29896
29994
msgstr ""
29897
29995
29898
#: serverguide/C/backups.xml:729(para)
29996
#: serverguide/C/backups.xml:735(para)
29899
29997
msgid ""
29900
29998
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
29901
29999
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
29902
30000
"to the actual host name."
29903
30001
msgstr ""
29904
30002
29905
#: serverguide/C/backups.xml:733(para)
30003
#: serverguide/C/backups.xml:739(para)
29906
30004
msgid ""
29907
30005
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
29908
30006
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
29909
30007
msgstr ""
29910
30008
29911
#: serverguide/C/backups.xml:739(para)
30009
#: serverguide/C/backups.xml:745(para)
29912
30010
msgid ""
29913
30011
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
29914
30012
"directories to backup, by adding:"
29915
30013
msgstr ""
29916
30014
29917
#: serverguide/C/backups.xml:742(programlisting)
30015
#: serverguide/C/backups.xml:748(programlisting)
29918
30016
#, no-wrap
29919
30017
msgid ""
29920
30018
"\n"
29932
30030
"}\n"
29933
30031
msgstr ""
29934
30032
29935
#: serverguide/C/backups.xml:756(para)
30033
#: serverguide/C/backups.xml:762(para)
29936
30034
msgid ""
29937
30035
"This <emphasis>FileSet</emphasis> will backup the <filename "
29938
30036
"role=\"directory\">/etc</filename> and <filename "
29942
30040
"using GZIP."
29943
30041
msgstr ""
29944
30042
29945
#: serverguide/C/backups.xml:763(para)
30043
#: serverguide/C/backups.xml:769(para)
29946
30044
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
29947
30045
msgstr ""
29948
30046
29949
#: serverguide/C/backups.xml:766(programlisting)
30047
#: serverguide/C/backups.xml:772(programlisting)
29950
30048
#, no-wrap
29951
30049
msgid ""
29952
30050
"\n"
29957
30055
"}\n"
29958
30056
msgstr ""
29959
30057
29960
#: serverguide/C/backups.xml:773(para)
30058
#: serverguide/C/backups.xml:779(para)
29961
30059
msgid ""
29962
30060
"The job will run every day at 00:01 or 12:01 am. There are many other "
29963
30061
"scheduling options available."
29964
30062
msgstr ""
29965
30063
29966
#: serverguide/C/backups.xml:778(para)
30064
#: serverguide/C/backups.xml:784(para)
29967
30065
msgid "Finally create the <emphasis>Job</emphasis>:"
29968
30066
msgstr ""
29969
30067
29970
#: serverguide/C/backups.xml:781(programlisting)
30068
#: serverguide/C/backups.xml:787(programlisting)
29971
30069
#, no-wrap
29972
30070
msgid ""
29973
30071
"\n"
29984
30082
"} \n"
29985
30083
msgstr ""
29986
30084
29987
#: serverguide/C/backups.xml:794(para)
30085
#: serverguide/C/backups.xml:800(para)
29988
30086
msgid ""
29989
30087
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
29990
30088
"drive."
29991
30089
msgstr ""
29992
30090
29993
#: serverguide/C/backups.xml:799(para)
30091
#: serverguide/C/backups.xml:805(para)
29994
30092
msgid ""
29995
30093
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
29996
30094
"current tape does not have a label <application>Bacula</application> will "
29998
30096
"<application>Console</application> enter the following from a terminal:"
29999
30097
msgstr ""
30000
30098
30001
#: serverguide/C/backups.xml:805(command)
30099
#: serverguide/C/backups.xml:811(command)
30002
30100
msgid "bconsole"
30003
30101
msgstr ""
30004
30102
30005
#: serverguide/C/backups.xml:809(para)
30103
#: serverguide/C/backups.xml:815(para)
30006
30104
msgid "At the Bacula Console prompt enter:"
30007
30105
msgstr ""
30008
30106
30009
#: serverguide/C/backups.xml:813(command)
30107
#: serverguide/C/backups.xml:819(command)
30010
30108
msgid "label"
30011
30109
msgstr ""
30012
30110
30013
#: serverguide/C/backups.xml:817(para)
30111
#: serverguide/C/backups.xml:823(para)
30014
30112
msgid ""
30015
30113
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
30016
30114
msgstr ""
30017
30115
30018
#: serverguide/C/backups.xml:827(userinput)
30116
#: serverguide/C/backups.xml:833(userinput)
30019
30117
#, no-wrap
30020
30118
msgid "2"
30021
30119
msgstr ""
30022
30120
30023
#: serverguide/C/backups.xml:821(computeroutput)
30121
#: serverguide/C/backups.xml:827(computeroutput)
30024
30122
#, no-wrap
30025
30123
msgid ""
30026
30124
"\n"
30032
30130
"Select Storage resource (1-2):<placeholder-1/>\n"
30033
30131
msgstr ""
30034
30132
30035
#: serverguide/C/backups.xml:832(para)
30133
#: serverguide/C/backups.xml:838(para)
30036
30134
msgid "Enter the new <emphasis>Volume</emphasis> name:"
30037
30135
msgstr ""
30038
30136
30039
#: serverguide/C/backups.xml:837(userinput)
30137
#: serverguide/C/backups.xml:843(userinput)
30040
30138
#, no-wrap
30041
30139
msgid "Sunday"
30042
30140
msgstr ""
30043
30141
30044
#: serverguide/C/backups.xml:836(computeroutput)
30142
#: serverguide/C/backups.xml:842(computeroutput)
30045
30143
#, no-wrap
30046
30144
msgid ""
30047
30145
"\n"
30051
30149
" 2: Scratch"
30052
30150
msgstr ""
30053
30151
30054
#: serverguide/C/backups.xml:842(para)
30152
#: serverguide/C/backups.xml:848(para)
30055
30153
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
30056
30154
msgstr ""
30057
30155
30058
#: serverguide/C/backups.xml:847(para)
30156
#: serverguide/C/backups.xml:853(para)
30059
30157
msgid "Now, select the <emphasis>Pool</emphasis>:"
30060
30158
msgstr ""
30061
30159
30062
#: serverguide/C/backups.xml:851(computeroutput)
30160
#: serverguide/C/backups.xml:857(computeroutput)
30063
30161
#, no-wrap
30064
30162
msgid ""
30065
30163
"\n"
30068
30166
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
30069
30167
msgstr ""
30070
30168
30071
#: serverguide/C/backups.xml:859(para)
30169
#: serverguide/C/backups.xml:865(para)
30072
30170
msgid ""
30073
30171
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
30074
30172
"backup the localhost to an attached tape drive."
30075
30173
msgstr ""
30076
30174
30077
#: serverguide/C/backups.xml:867(para)
30175
#: serverguide/C/backups.xml:873(para)
30078
30176
msgid ""
30079
30177
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
30080
30178
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
30081
30179
"Manual</ulink>"
30082
30180
msgstr ""
30083
30181
30084
#: serverguide/C/backups.xml:873(para)
30182
#: serverguide/C/backups.xml:879(para)
30085
30183
msgid ""
30086
30184
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
30087
30185
"the latest Bacula news and developments."
30088
30186
msgstr ""
30089
30187
30090
#: serverguide/C/backups.xml:878(para)
30188
#: serverguide/C/backups.xml:884(para)
30091
30189
msgid ""
30092
30190
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
30093
30191
"Ubuntu Wiki</ulink> page."
Loggerhead is a web-based interface for Breezy
Version: 2.0.1