« back to all changes in this revision
Viewing changes to serverguide/po/id.po
- browse files at revision 261
- compare with another revision
- download diff
- download tarball
- view history from revision 261
- Committer: Doug Smythies
- Date: 2016-01-05 22:55:10 UTC
- Revision ID: dsmythies@telus.net-20160105225510-2eg49ayn1hh6rk19
Updated the po files
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/id.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
10
"POT-Creation-Date: 2015-12-01 09:44-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Indonesian <id@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:34+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
17
"X-Launchpad-Export-Date: 2016-01-05 22:22+0000\n"
18
"X-Generator: Launchpad (build 17876)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
101
101
"(Linux, Apache, MySQL and Perl/Python/PHP) dan membentuk landasan yang kuat "
102
102
"dan cepat untuk pengembangan dan penerapan aplikasi berbasis Web."
103
103
104
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
104
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:853(title) serverguide/C/web-servers.xml:976(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:805(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2799(title) serverguide/C/network-auth.xml:3271(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1287(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:602(title)
105
105
msgid "Installation"
106
106
msgstr "Instalasi"
107
107
119
119
msgid "sudo apt-get install apache2"
120
120
msgstr ""
121
121
122
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
122
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:864(title) serverguide/C/web-servers.xml:1003(title) serverguide/C/web-servers.xml:1106(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2886(title) serverguide/C/network-auth.xml:3292(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1299(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:631(title)
123
123
msgid "Configuration"
124
124
msgstr "Konfigurasi"
125
125
161
161
"<application>apache2</application> is restarted."
162
162
msgstr ""
163
163
164
#: serverguide/C/web-servers.xml:93(para)
164
#: serverguide/C/web-servers.xml:108(para)
165
165
msgid ""
166
166
"<emphasis>envvars:</emphasis> file where Apache2 "
167
167
"<emphasis>environment</emphasis> variables are set."
168
168
msgstr ""
169
169
170
#: serverguide/C/web-servers.xml:106(para)
170
#: serverguide/C/web-servers.xml:113(para)
171
171
msgid ""
172
172
"<emphasis>mods-available:</emphasis> this directory contains configuration "
173
173
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
174
174
"modules will have specific configuration files, however."
175
175
msgstr ""
176
176
177
#: serverguide/C/web-servers.xml:112(para)
177
#: serverguide/C/web-servers.xml:119(para)
178
178
msgid ""
179
179
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
180
180
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
182
182
"<application>apache2</application> is restarted."
183
183
msgstr ""
184
184
185
#: serverguide/C/web-servers.xml:119(para)
185
#: serverguide/C/web-servers.xml:126(para)
186
186
msgid ""
187
187
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
188
188
"TCP ports Apache2 is listening on."
189
189
msgstr ""
190
190
191
#: serverguide/C/web-servers.xml:124(para)
191
#: serverguide/C/web-servers.xml:131(para)
192
192
msgid ""
193
193
"<emphasis>sites-available:</emphasis> this directory has configuration files "
194
194
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
195
195
"to be configured for multiple sites that have separate configurations."
196
196
msgstr ""
197
197
198
#: serverguide/C/web-servers.xml:130(para)
198
#: serverguide/C/web-servers.xml:138(para)
199
199
msgid ""
200
200
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
201
201
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
210
210
"the first few bytes of a file."
211
211
msgstr ""
212
212
213
#: serverguide/C/web-servers.xml:138(para)
213
#: serverguide/C/web-servers.xml:151(para)
214
214
msgid ""
215
215
"In addition, other configuration files may be added using the "
216
216
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
219
219
"recognized by Apache2 when it is started or restarted."
220
220
msgstr ""
221
221
222
#: serverguide/C/web-servers.xml:147(para)
222
#: serverguide/C/web-servers.xml:160(para)
223
223
msgid ""
224
224
"The server also reads a file containing mime document types; the filename is "
225
225
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
228
228
"by default."
229
229
msgstr ""
230
230
231
#: serverguide/C/web-servers.xml:155(title)
231
#: serverguide/C/web-servers.xml:168(title)
232
232
msgid "Basic Settings"
233
233
msgstr "Penataan Dasar"
234
234
252
252
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
253
253
msgstr ""
254
254
255
#: serverguide/C/web-servers.xml:177(para)
255
#: serverguide/C/web-servers.xml:190(para)
256
256
msgid ""
257
257
"The directives set for a virtual host only apply to that particular virtual "
258
258
"host. If a directive is set server-wide and not defined within the virtual "
261
261
"virtual host."
262
262
msgstr ""
263
263
264
#: serverguide/C/web-servers.xml:185(para)
264
#: serverguide/C/web-servers.xml:198(para)
265
265
msgid ""
266
266
"If you wish to configure a new virtual host or site, copy that file into the "
267
267
"same directory with a name you choose. For example:"
273
273
"available/mynewsite.conf"
274
274
msgstr ""
275
275
276
#: serverguide/C/web-servers.xml:194(para)
276
#: serverguide/C/web-servers.xml:207(para)
277
277
msgid ""
278
278
"Edit the new file to configure the new site using some of the directives "
279
279
"described below."
280
280
msgstr ""
281
281
282
#: serverguide/C/web-servers.xml:201(para)
282
#: serverguide/C/web-servers.xml:214(para)
283
283
msgid ""
284
284
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
285
285
"to be advertised for the server's administrator. The default value is "
290
290
"configuration file in /etc/apache2/sites-available."
291
291
msgstr ""
292
292
293
#: serverguide/C/web-servers.xml:212(para)
293
#: serverguide/C/web-servers.xml:225(para)
294
294
msgid ""
295
295
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
296
296
"the IP address, Apache2 should listen on. If the IP address is not "
316
316
"available/mynewsite.conf</filename>)."
317
317
msgstr ""
318
318
319
#: serverguide/C/web-servers.xml:237(para)
319
#: serverguide/C/web-servers.xml:250(para)
320
320
msgid ""
321
321
"You may also want your site to respond to www.ubunturocks.com, since many "
322
322
"users will assume the www prefix is appropriate. Use the "
324
324
"wildcards in the ServerAlias directive."
325
325
msgstr ""
326
326
327
#: serverguide/C/web-servers.xml:244(para)
327
#: serverguide/C/web-servers.xml:257(para)
328
328
msgid ""
329
329
"For example, the following configuration will cause your site to respond to "
330
330
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
331
331
msgstr ""
332
332
333
#: serverguide/C/web-servers.xml:250(programlisting)
333
#: serverguide/C/web-servers.xml:263(programlisting)
334
334
#, no-wrap
335
335
msgid ""
336
336
"\n"
346
346
"virtual host file, and remember to create that directory if necessary!"
347
347
msgstr ""
348
348
349
#: serverguide/C/web-servers.xml:265(para)
349
#: serverguide/C/web-servers.xml:278(para)
350
350
msgid ""
351
351
"Enable the new <emphasis>VirtualHost</emphasis> using the "
352
352
"<application>a2ensite</application> utility and restart Apache2:"
353
353
msgstr ""
354
354
355
#: serverguide/C/web-servers.xml:271(command)
355
#: serverguide/C/web-servers.xml:284(command)
356
356
msgid "sudo a2ensite mynewsite"
357
357
msgstr ""
358
358
359
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
359
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
360
360
msgid "sudo service apache2 restart"
361
361
msgstr ""
362
362
363
#: serverguide/C/web-servers.xml:276(para)
363
#: serverguide/C/web-servers.xml:289(para)
364
364
msgid ""
365
365
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
366
366
"name for the VirtualHost. One method is to name the file after the "
367
367
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
368
368
msgstr ""
369
369
370
#: serverguide/C/web-servers.xml:283(para)
370
#: serverguide/C/web-servers.xml:296(para)
371
371
msgid ""
372
372
"Similarly, use the <application>a2dissite</application> utility to disable "
373
373
"sites. This is can be useful when troubleshooting configuration problems "
374
374
"with multiple VirtualHosts:"
375
375
msgstr ""
376
376
377
#: serverguide/C/web-servers.xml:289(command)
377
#: serverguide/C/web-servers.xml:302(command)
378
378
msgid "sudo a2dissite mynewsite"
379
379
msgstr ""
380
380
381
#: serverguide/C/web-servers.xml:295(title)
381
#: serverguide/C/web-servers.xml:308(title)
382
382
msgid "Default Settings"
383
383
msgstr "Penataan Baku"
384
384
385
#: serverguide/C/web-servers.xml:297(para)
385
#: serverguide/C/web-servers.xml:310(para)
386
386
msgid ""
387
387
"This section explains configuration of the Apache2 server default settings. "
388
388
"For example, if you add a virtual host, the settings you configure for the "
390
390
"defined within the virtual host settings, the default value is used."
391
391
msgstr ""
392
392
393
#: serverguide/C/web-servers.xml:309(para)
393
#: serverguide/C/web-servers.xml:322(para)
394
394
msgid ""
395
395
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
396
396
"server when a user requests an index of a directory by specifying a forward "
397
397
"slash (/) at the end of the directory name."
398
398
msgstr ""
399
399
400
#: serverguide/C/web-servers.xml:316(para)
400
#: serverguide/C/web-servers.xml:329(para)
401
401
msgid ""
402
402
"For example, when a user requests the page "
403
403
"http://www.example.com/this_directory/, he or she will get either the "
425
425
"example files."
426
426
msgstr ""
427
427
428
#: serverguide/C/web-servers.xml:347(para)
428
#: serverguide/C/web-servers.xml:360(para)
429
429
msgid ""
430
430
"By default, the server writes the transfer log to the file "
431
431
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
432
432
"per-site basis in your virtual host configuration files with the "
433
433
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
434
"specified in <filename> /etc/apache2/conf.d/other-vhosts-access-"
435
"log</filename>. You may also specify the file to which errors are logged, "
436
"via the <emphasis>ErrorLog</emphasis> directive, whose default is "
434
"specified in <filename> /etc/apache2/conf-available/other-vhosts-access-"
435
"log.conf</filename>. You may also specify the file to which errors are "
436
"logged, via the <emphasis>ErrorLog</emphasis> directive, whose default is "
437
437
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
438
438
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
439
439
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
441
441
"/etc/apache2/apache2.conf</filename> for the default value)."
442
442
msgstr ""
443
443
444
#: serverguide/C/web-servers.xml:362(para)
444
#: serverguide/C/web-servers.xml:375(para)
445
445
msgid ""
446
446
"Some options are specified on a per-directory basis rather than per-server. "
447
447
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
457
457
"</Directory>\n"
458
458
msgstr ""
459
459
460
#: serverguide/C/web-servers.xml:374(para)
460
#: serverguide/C/web-servers.xml:387(para)
461
461
msgid ""
462
462
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
463
463
"one or more of the following values (among others), separated by spaces:"
464
464
msgstr ""
465
465
466
#: serverguide/C/web-servers.xml:386(para)
466
#: serverguide/C/web-servers.xml:399(para)
467
467
msgid ""
468
468
"Most files should not be executed as CGI scripts. This would be very "
469
469
"dangerous. CGI scripts should kept in a directory separate from and outside "
472
472
"<filename>/usr/lib/cgi-bin</filename>."
473
473
msgstr ""
474
474
475
#: serverguide/C/web-servers.xml:381(para)
475
#: serverguide/C/web-servers.xml:394(para)
476
476
msgid ""
477
477
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
478
478
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
480
480
"<emphasis role=\"bold\">ExecCGI</emphasis> - Memperbolehkan skrip CGI di "
481
481
"jalankan. jika ini tidah di pilih maka skrip CGI tidak akan di eksekusi"
482
482
483
#: serverguide/C/web-servers.xml:397(para)
483
#: serverguide/C/web-servers.xml:410(para)
484
484
msgid ""
485
485
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
486
486
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
489
489
"documentation (Ubuntu community)</ulink> for more information."
490
490
msgstr ""
491
491
492
#: serverguide/C/web-servers.xml:406(para)
492
#: serverguide/C/web-servers.xml:419(para)
493
493
msgid ""
494
494
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
495
495
"includes, but disable the <emphasis>#exec</emphasis> and "
496
496
"<emphasis>#include</emphasis> commands in CGI scripts."
497
497
msgstr ""
498
498
499
#: serverguide/C/web-servers.xml:418(para)
499
#: serverguide/C/web-servers.xml:431(para)
500
500
msgid ""
501
501
"For security reasons, this should usually not be set, and certainly should "
502
502
"not be set on your DocumentRoot directory. Enable this option carefully on a "
508
508
"ini secara hari-hati jika anda ingin pengguna tertentu untuk melihat seluruh "
509
509
"isi dari direktori"
510
510
511
#: serverguide/C/web-servers.xml:413(para)
511
#: serverguide/C/web-servers.xml:426(para)
512
512
msgid ""
513
513
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
514
514
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
524
524
"Apache2 documentation on this option</ulink>."
525
525
msgstr ""
526
526
527
#: serverguide/C/web-servers.xml:436(para)
527
#: serverguide/C/web-servers.xml:449(para)
528
528
msgid ""
529
529
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
530
530
"symbolic links if the target file or directory has the same owner as the "
531
531
"link."
532
532
msgstr ""
533
533
534
#: serverguide/C/web-servers.xml:448(title)
534
#: serverguide/C/web-servers.xml:461(title)
535
535
msgid "httpd Settings"
536
536
msgstr ""
537
537
538
#: serverguide/C/web-servers.xml:450(para)
538
#: serverguide/C/web-servers.xml:463(para)
539
539
msgid ""
540
540
"This section explains some basic <application>httpd</application> daemon "
541
541
"configuration settings."
542
542
msgstr ""
543
543
544
#: serverguide/C/web-servers.xml:454(para)
544
#: serverguide/C/web-servers.xml:467(para)
545
545
msgid ""
546
546
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
547
547
"the path to the lockfile used when the server is compiled with either "
552
552
"that is readable only by root."
553
553
msgstr ""
554
554
555
#: serverguide/C/web-servers.xml:463(para)
555
#: serverguide/C/web-servers.xml:476(para)
556
556
msgid ""
557
557
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
558
558
"file in which the server records its process ID (pid). This file should only "
559
559
"be readable by root. In most cases, it should be left to the default value."
560
560
msgstr ""
561
561
562
#: serverguide/C/web-servers.xml:469(para)
562
#: serverguide/C/web-servers.xml:482(para)
563
563
msgid ""
564
564
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
565
565
"used by the server to answer requests. This setting determines the server's "
567
567
"your website's visitors. The default value for User is \"www-data\"."
568
568
msgstr ""
569
569
570
#: serverguide/C/web-servers.xml:476(para)
570
#: serverguide/C/web-servers.xml:489(para)
571
571
msgid ""
572
572
"Unless you know exactly what you are doing, do not set the User directive to "
573
573
"root. Using root as the User will create large security holes for your Web "
574
574
"server."
575
575
msgstr ""
576
576
577
#: serverguide/C/web-servers.xml:482(para)
577
#: serverguide/C/web-servers.xml:495(para)
578
578
msgid ""
579
579
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
580
580
"the User directive. Group sets the group under which the server will answer "
581
581
"requests. The default group is also \"www-data\"."
582
582
msgstr ""
583
583
584
#: serverguide/C/web-servers.xml:489(title)
584
#: serverguide/C/web-servers.xml:502(title)
585
585
msgid "Apache2 Modules"
586
586
msgstr ""
587
587
588
#: serverguide/C/web-servers.xml:491(para)
588
#: serverguide/C/web-servers.xml:504(para)
589
589
msgid ""
590
590
"Apache2 is a modular server. This implies that only the most basic "
591
591
"functionality is included in the core server. Extended features are "
596
596
"Apache2 must be recompiled to add or remove modules."
597
597
msgstr ""
598
598
599
#: serverguide/C/web-servers.xml:503(para)
599
#: serverguide/C/web-servers.xml:516(para)
600
600
msgid ""
601
601
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
602
602
"Configuration directives may be conditionally included on the presence of a "
604
604
"<emphasis><IfModule></emphasis> block."
605
605
msgstr ""
606
606
607
#: serverguide/C/web-servers.xml:510(para)
607
#: serverguide/C/web-servers.xml:523(para)
608
608
msgid ""
609
609
"You can install additional Apache2 modules and use them with your Web "
610
610
"server. For example, run the following command from a terminal prompt to "
611
611
"install the <emphasis>MySQL Authentication</emphasis> module:"
612
612
msgstr ""
613
613
614
#: serverguide/C/web-servers.xml:517(command)
614
#: serverguide/C/web-servers.xml:530(command)
615
615
msgid "sudo apt-get install libapache2-mod-auth-mysql"
616
616
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
617
617
618
#: serverguide/C/web-servers.xml:520(para)
618
#: serverguide/C/web-servers.xml:533(para)
619
619
msgid ""
620
620
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
621
621
"additional modules."
622
622
msgstr ""
623
623
624
#: serverguide/C/web-servers.xml:524(para)
624
#: serverguide/C/web-servers.xml:537(para)
625
625
msgid ""
626
626
"Use the <application>a2enmod</application> utility to enable a module:"
627
627
msgstr ""
628
628
629
#: serverguide/C/web-servers.xml:530(command)
629
#: serverguide/C/web-servers.xml:543(command)
630
630
msgid "sudo a2enmod auth_mysql"
631
631
msgstr ""
632
632
633
#: serverguide/C/web-servers.xml:534(para)
633
#: serverguide/C/web-servers.xml:547(para)
634
634
msgid "Similarly, <application>a2dismod</application> will disable a module:"
635
635
msgstr ""
636
636
637
#: serverguide/C/web-servers.xml:539(command)
637
#: serverguide/C/web-servers.xml:552(command)
638
638
msgid "sudo a2dismod auth_mysql"
639
639
msgstr ""
640
640
641
#: serverguide/C/web-servers.xml:546(title)
641
#: serverguide/C/web-servers.xml:559(title)
642
642
msgid "HTTPS Configuration"
643
643
msgstr "Konfigurasi HTTPS"
644
644
645
#: serverguide/C/web-servers.xml:548(para)
645
#: serverguide/C/web-servers.xml:561(para)
646
646
msgid ""
647
647
"The <application>mod_ssl</application> module adds an important feature to "
648
648
"the Apache2 server - the ability to encrypt communications. Thus, when your "
651
651
"bar."
652
652
msgstr ""
653
653
654
#: serverguide/C/web-servers.xml:557(para)
654
#: serverguide/C/web-servers.xml:570(para)
655
655
msgid ""
656
656
"The <application>mod_ssl</application> module is available in "
657
657
"<application>apache2-common</application> package. Execute the following "
659
659
"<application>mod_ssl</application> module:"
660
660
msgstr ""
661
661
662
#: serverguide/C/web-servers.xml:564(command)
662
#: serverguide/C/web-servers.xml:577(command)
663
663
msgid "sudo a2enmod ssl"
664
664
msgstr "sudo a2enmod ssl"
665
665
677
677
"linkend=\"certificates-and-security\"/>"
678
678
msgstr ""
679
679
680
#: serverguide/C/web-servers.xml:577(para)
680
#: serverguide/C/web-servers.xml:590(para)
681
681
msgid ""
682
682
"To configure <application>Apache2</application> for HTTPS, enter the "
683
683
"following:"
684
684
msgstr ""
685
685
686
#: serverguide/C/web-servers.xml:582(command)
686
#: serverguide/C/web-servers.xml:595(command)
687
687
msgid "sudo a2ensite default-ssl"
688
688
msgstr ""
689
689
690
#: serverguide/C/web-servers.xml:586(para)
690
#: serverguide/C/web-servers.xml:599(para)
691
691
msgid ""
692
692
"The directories <filename>/etc/ssl/certs</filename> and "
693
693
"<filename>/etc/ssl/private</filename> are the default locations. If you "
696
696
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
697
697
msgstr ""
698
698
699
#: serverguide/C/web-servers.xml:593(para)
699
#: serverguide/C/web-servers.xml:606(para)
700
700
msgid ""
701
701
"With Apache2 now configured for HTTPS, restart the service to enable the new "
702
702
"settings:"
703
703
msgstr ""
704
704
705
#: serverguide/C/web-servers.xml:604(para)
705
#: serverguide/C/web-servers.xml:617(para)
706
706
msgid ""
707
707
"Depending on how you obtained your certificate you may need to enter a "
708
708
"passphrase when <application>Apache2</application> starts."
709
709
msgstr ""
710
710
711
#: serverguide/C/web-servers.xml:610(para)
711
#: serverguide/C/web-servers.xml:623(para)
712
712
msgid ""
713
713
"You can access the secure server pages by typing https://your_hostname/url/ "
714
714
"in your browser address bar."
715
715
msgstr ""
716
716
717
#: serverguide/C/web-servers.xml:617(title)
717
#: serverguide/C/web-servers.xml:630(title)
718
718
msgid "Sharing Write Permission"
719
719
msgstr ""
720
720
735
735
msgstr ""
736
736
737
737
#: serverguide/C/web-servers.xml:641(command)
738
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
739
msgstr ""
740
741
#: serverguide/C/web-servers.xml:632(para)
738
msgid "sudo find /var/www/html -type f -exec chmod g=rw \"{}\" \\;"
739
msgstr ""
740
741
#: serverguide/C/web-servers.xml:643(para)
742
msgid ""
743
"These commands recursively set the group permission on all files and "
744
"directories in /var/www/html to read write and set user id. This has the "
745
"effect of having the files and directories inherit their group and "
746
"permission from their parrent. Many admins find this useful for allowing "
747
"multiple users to edit files in a directory tree."
748
msgstr ""
749
750
#: serverguide/C/web-servers.xml:652(para)
742
751
msgid ""
743
752
"If access must be granted to more than one group per directory, enable "
744
753
"Access Control Lists (ACLs)."
745
754
msgstr ""
746
755
747
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
756
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:809(title) serverguide/C/web-servers.xml:958(title) serverguide/C/web-servers.xml:1053(title) serverguide/C/web-servers.xml:1278(title) serverguide/C/vpn.xml:843(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1217(title) serverguide/C/security.xml:1631(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:301(title)
748
757
msgid "References"
749
758
msgstr "Referensi"
750
759
751
#: serverguide/C/web-servers.xml:656(para)
760
#: serverguide/C/web-servers.xml:663(para)
752
761
msgid ""
753
762
"<ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
754
763
"Documentation</ulink> contains in depth information on Apache2 configuration "
756
765
"the official Apache2 docs."
757
766
msgstr ""
758
767
759
#: serverguide/C/web-servers.xml:650(para)
768
#: serverguide/C/web-servers.xml:670(para)
760
769
msgid ""
761
770
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
762
771
"Documentation</ulink> site for more SSL related information."
763
772
msgstr ""
764
773
765
#: serverguide/C/web-servers.xml:656(para)
774
#: serverguide/C/web-servers.xml:676(para)
766
775
msgid ""
767
776
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
768
777
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
769
778
"configurations."
770
779
msgstr ""
771
780
772
#: serverguide/C/web-servers.xml:662(para)
781
#: serverguide/C/web-servers.xml:682(para)
773
782
msgid ""
774
783
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
775
784
"server</emphasis> IRC channel on <ulink "
776
785
"url=\"http://freenode.net/\">freenode.net</ulink>."
777
786
msgstr ""
778
787
779
#: serverguide/C/web-servers.xml:668(para)
788
#: serverguide/C/web-servers.xml:688(para)
780
789
msgid ""
781
790
"Usually integrated with PHP and MySQL the <ulink "
782
791
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
783
792
"Ubuntu Wiki </ulink> page is a good resource."
784
793
msgstr ""
785
794
786
#: serverguide/C/web-servers.xml:679(title)
795
#: serverguide/C/web-servers.xml:699(title)
787
796
msgid "PHP5 - Scripting Language"
788
797
msgstr "PHP5 - Scripting Language"
789
798
790
#: serverguide/C/web-servers.xml:680(para)
799
#: serverguide/C/web-servers.xml:700(para)
791
800
msgid ""
792
801
"PHP is a general-purpose scripting language suited for Web development. The "
793
802
"PHP script can be embedded into HTML. This section explains how to install "
794
803
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
795
804
msgstr ""
796
805
797
#: serverguide/C/web-servers.xml:684(para)
806
#: serverguide/C/web-servers.xml:704(para)
798
807
msgid ""
799
808
"This section assumes you have installed and configured Apache2 Web Server "
800
809
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
802
811
"respectively."
803
812
msgstr ""
804
813
805
#: serverguide/C/web-servers.xml:691(para)
814
#: serverguide/C/web-servers.xml:711(para)
806
815
msgid ""
807
816
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
808
817
"installed in the base system, PHP must be added."
809
818
msgstr ""
810
819
811
#: serverguide/C/web-servers.xml:695(para)
820
#: serverguide/C/web-servers.xml:715(para)
812
821
msgid ""
813
822
"To install PHP5 you can enter the following command in the terminal prompt: "
814
823
"<screen>\n"
816
825
"</screen>"
817
826
msgstr ""
818
827
819
#: serverguide/C/web-servers.xml:704(para)
828
#: serverguide/C/web-servers.xml:724(para)
820
829
msgid ""
821
830
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
822
831
"line you should install <application>php5-cli</application> package. To "
826
835
"</screen>"
827
836
msgstr ""
828
837
829
#: serverguide/C/web-servers.xml:713(para)
838
#: serverguide/C/web-servers.xml:733(para)
830
839
msgid ""
831
840
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
832
841
"accomplish this, you should install <application>php5-cgi</application> "
836
845
"</screen>"
837
846
msgstr ""
838
847
839
#: serverguide/C/web-servers.xml:723(para)
848
#: serverguide/C/web-servers.xml:743(para)
840
849
msgid ""
841
850
"To use <application>MySQL</application> with PHP5 you should install "
842
851
"<application>php5-mysql</application> package. To install <application>php5-"
846
855
"</screen>"
847
856
msgstr ""
848
857
849
#: serverguide/C/web-servers.xml:731(para)
858
#: serverguide/C/web-servers.xml:751(para)
850
859
msgid ""
851
860
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
852
861
"install <application>php5-pgsql</application> package. To install "
856
865
"</screen>"
857
866
msgstr ""
858
867
859
#: serverguide/C/web-servers.xml:744(para)
868
#: serverguide/C/web-servers.xml:764(para)
860
869
msgid ""
861
870
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
862
871
"you have installed <application>php5-cli</application> package, you can run "
863
872
"PHP5 scripts from your command prompt."
864
873
msgstr ""
865
874
866
#: serverguide/C/web-servers.xml:751(para)
875
#: serverguide/C/web-servers.xml:771(para)
867
876
msgid ""
868
877
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
869
878
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
874
883
"command."
875
884
msgstr ""
876
885
877
#: serverguide/C/web-servers.xml:762(para)
886
#: serverguide/C/web-servers.xml:782(para)
878
887
msgid ""
879
888
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
880
889
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
882
891
"<screen><command>sudo service apache2 restart</command> </screen>"
883
892
msgstr ""
884
893
885
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
894
#: serverguide/C/web-servers.xml:790(title) serverguide/C/network-auth.xml:1076(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1669(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
886
895
msgid "Testing"
887
896
msgstr "Testing"
888
897
889
#: serverguide/C/web-servers.xml:771(para)
898
#: serverguide/C/web-servers.xml:791(para)
890
899
msgid ""
891
900
"To verify your installation, you can run following PHP5 phpinfo script:"
892
901
msgstr ""
893
902
"Untuk menguji instalasi, Anda dapat menjalankan skrip PHP5 phpinfo berikut:"
894
903
895
#: serverguide/C/web-servers.xml:774(programlisting)
904
#: serverguide/C/web-servers.xml:794(programlisting)
896
905
#, no-wrap
897
906
msgid ""
898
907
"\n"
901
910
"?>\n"
902
911
msgstr ""
903
912
904
#: serverguide/C/web-servers.xml:779(para)
913
#: serverguide/C/web-servers.xml:799(para)
905
914
msgid ""
906
915
"You can save the content in a file <filename>phpinfo.php</filename> and "
907
916
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
910
919
"various PHP5 configuration parameters."
911
920
msgstr ""
912
921
913
#: serverguide/C/web-servers.xml:793(para)
922
#: serverguide/C/web-servers.xml:813(para)
914
923
msgid ""
915
924
"For more in depth information see <ulink "
916
925
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
917
926
msgstr ""
918
927
919
#: serverguide/C/web-servers.xml:798(para)
928
#: serverguide/C/web-servers.xml:818(para)
920
929
msgid ""
921
930
"There are a plethora of books on PHP. Two good books from O'Reilly are "
922
931
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
924
933
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
925
934
msgstr ""
926
935
927
#: serverguide/C/web-servers.xml:805(para)
936
#: serverguide/C/web-servers.xml:825(para)
928
937
msgid ""
929
938
"Also, see the <ulink "
930
939
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
931
940
"Ubuntu Wiki</ulink> page for more information."
932
941
msgstr ""
933
942
934
#: serverguide/C/web-servers.xml:816(title)
943
#: serverguide/C/web-servers.xml:836(title)
935
944
msgid "Squid - Proxy Server"
936
945
msgstr "Squid - Server Proxy"
937
946
938
#: serverguide/C/web-servers.xml:830(para)
947
#: serverguide/C/web-servers.xml:837(para)
939
948
msgid ""
940
949
"Squid is a full-featured web proxy cache server application which provides "
941
950
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
948
957
"(WCCP)."
949
958
msgstr ""
950
959
951
#: serverguide/C/web-servers.xml:838(para)
960
#: serverguide/C/web-servers.xml:845(para)
952
961
msgid ""
953
962
"The Squid proxy cache server is an excellent solution to a variety of proxy "
954
963
"and caching server needs, and scales from the branch office to enterprise "
960
969
"for increased performance."
961
970
msgstr ""
962
971
963
#: serverguide/C/web-servers.xml:834(para)
972
#: serverguide/C/web-servers.xml:854(para)
964
973
msgid ""
965
974
"At a terminal prompt, enter the following command to install the Squid "
966
975
"server:"
968
977
"Pada terminal prompt, masukkan perintah berikut untuk menginstal server "
969
978
"Squid:"
970
979
971
#: serverguide/C/web-servers.xml:852(command)
980
#: serverguide/C/web-servers.xml:859(command)
972
981
msgid "sudo apt-get install squid3"
973
982
msgstr ""
974
983
975
#: serverguide/C/web-servers.xml:858(para)
984
#: serverguide/C/web-servers.xml:865(para)
976
985
msgid ""
977
986
"Squid is configured by editing the directives contained within the "
978
987
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
981
990
"of Squid, see the References section."
982
991
msgstr ""
983
992
984
#: serverguide/C/web-servers.xml:864(para)
993
#: serverguide/C/web-servers.xml:871(para)
985
994
msgid ""
986
995
"Prior to editing the configuration file, you should make a copy of the "
987
996
"original file and protect it from writing so you will have the original "
989
998
"protect it from writing using the following commands:"
990
999
msgstr ""
991
1000
992
#: serverguide/C/web-servers.xml:870(command)
1001
#: serverguide/C/web-servers.xml:877(command)
993
1002
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
994
1003
msgstr ""
995
1004
996
#: serverguide/C/web-servers.xml:871(command)
1005
#: serverguide/C/web-servers.xml:878(command)
997
1006
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
998
1007
msgstr ""
999
1008
1000
#: serverguide/C/web-servers.xml:866(para)
1009
#: serverguide/C/web-servers.xml:885(para)
1001
1010
msgid ""
1002
1011
"To set your Squid server to listen on TCP port 8888 instead of the default "
1003
1012
"TCP port 3128, change the http_port directive as such:"
1004
1013
msgstr ""
1005
1014
1006
#: serverguide/C/web-servers.xml:870(programlisting)
1015
#: serverguide/C/web-servers.xml:889(programlisting)
1007
1016
#, no-wrap
1008
1017
msgid ""
1009
1018
"\n"
1010
1019
"http_port 8888\n"
1011
1020
msgstr ""
1012
1021
1013
#: serverguide/C/web-servers.xml:875(para)
1022
#: serverguide/C/web-servers.xml:894(para)
1014
1023
msgid ""
1015
1024
"Change the visible_hostname directive in order to give the Squid server a "
1016
1025
"specific hostname. This hostname does not necessarily need to be the "
1017
1026
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
1018
1027
msgstr ""
1019
1028
1020
#: serverguide/C/web-servers.xml:879(programlisting)
1029
#: serverguide/C/web-servers.xml:898(programlisting)
1021
1030
#, no-wrap
1022
1031
msgid ""
1023
1032
"\n"
1024
1033
"visible_hostname weezie\n"
1025
1034
msgstr ""
1026
1035
1027
#: serverguide/C/web-servers.xml:884(para)
1036
#: serverguide/C/web-servers.xml:903(para)
1028
1037
msgid ""
1029
1038
"Using Squid's access control, you may configure use of Internet services "
1030
1039
"proxied by Squid to be available only users with certain Internet Protocol "
1032
1041
"192.168.42.0/24 subnetwork only:"
1033
1042
msgstr ""
1034
1043
1035
#: serverguide/C/web-servers.xml:901(para) serverguide/C/web-servers.xml:921(para)
1044
#: serverguide/C/web-servers.xml:908(para) serverguide/C/web-servers.xml:928(para)
1036
1045
msgid ""
1037
1046
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1038
1047
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1039
1048
msgstr ""
1040
1049
1041
#: serverguide/C/web-servers.xml:892(programlisting)
1050
#: serverguide/C/web-servers.xml:911(programlisting)
1042
1051
#, no-wrap
1043
1052
msgid ""
1044
1053
"\n"
1045
1054
"acl fortytwo_network src 192.168.42.0/24\n"
1046
1055
msgstr ""
1047
1056
1048
#: serverguide/C/web-servers.xml:907(para) serverguide/C/web-servers.xml:928(para)
1057
#: serverguide/C/web-servers.xml:914(para) serverguide/C/web-servers.xml:935(para)
1049
1058
msgid ""
1050
1059
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1051
1060
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1052
1061
msgstr ""
1053
1062
1054
#: serverguide/C/web-servers.xml:899(programlisting)
1063
#: serverguide/C/web-servers.xml:918(programlisting)
1055
1064
#, no-wrap
1056
1065
msgid ""
1057
1066
"\n"
1058
1067
"http_access allow fortytwo_network\n"
1059
1068
msgstr ""
1060
1069
1061
#: serverguide/C/web-servers.xml:916(para)
1070
#: serverguide/C/web-servers.xml:923(para)
1062
1071
msgid ""
1063
1072
"Using the excellent access control features of Squid, you may configure use "
1064
1073
"of Internet services proxied by Squid to be available only during normal "
1067
1076
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1068
1077
msgstr ""
1069
1078
1070
#: serverguide/C/web-servers.xml:912(programlisting)
1079
#: serverguide/C/web-servers.xml:931(programlisting)
1071
1080
#, no-wrap
1072
1081
msgid ""
1073
1082
"\n"
1075
1084
"acl biz_hours time M T W T F 9:00-17:00\n"
1076
1085
msgstr ""
1077
1086
1078
#: serverguide/C/web-servers.xml:920(programlisting)
1087
#: serverguide/C/web-servers.xml:939(programlisting)
1079
1088
#, no-wrap
1080
1089
msgid ""
1081
1090
"\n"
1082
1091
"http_access allow biz_network biz_hours\n"
1083
1092
msgstr ""
1084
1093
1085
#: serverguide/C/web-servers.xml:939(para)
1094
#: serverguide/C/web-servers.xml:946(para)
1086
1095
msgid ""
1087
1096
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1088
1097
"file, save the file and restart the <application>squid</application> server "
1090
1099
"terminal prompt:"
1091
1100
msgstr ""
1092
1101
1093
#: serverguide/C/web-servers.xml:945(command)
1102
#: serverguide/C/web-servers.xml:952(command)
1094
1103
msgid "sudo service squid3 restart"
1095
1104
msgstr ""
1096
1105
1097
#: serverguide/C/web-servers.xml:941(ulink)
1106
#: serverguide/C/web-servers.xml:960(ulink)
1098
1107
msgid "Squid Website"
1099
1108
msgstr "Situs Web Squid"
1100
1109
1101
#: serverguide/C/web-servers.xml:943(para)
1110
#: serverguide/C/web-servers.xml:962(para)
1102
1111
msgid ""
1103
1112
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1104
1113
"Squid</ulink> page."
1105
1114
msgstr ""
1106
1115
1107
#: serverguide/C/web-servers.xml:950(title)
1116
#: serverguide/C/web-servers.xml:969(title)
1108
1117
msgid "Ruby on Rails"
1109
1118
msgstr "Ruby dalam Rails"
1110
1119
1111
#: serverguide/C/web-servers.xml:951(para)
1120
#: serverguide/C/web-servers.xml:970(para)
1112
1121
msgid ""
1113
1122
"Ruby on Rails is an open source web framework for developing database backed "
1114
1123
"web applications. It is optimized for sustainable productivity of the "
1116
1125
"convention over configuration."
1117
1126
msgstr ""
1118
1127
1119
#: serverguide/C/web-servers.xml:958(para)
1128
#: serverguide/C/web-servers.xml:977(para)
1120
1129
msgid ""
1121
1130
"Before installing <application>Rails</application> you should install "
1122
1131
"<application>Apache</application> and <application>MySQL</application>. To "
1125
1134
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1126
1135
msgstr ""
1127
1136
1128
#: serverguide/C/web-servers.xml:966(para)
1137
#: serverguide/C/web-servers.xml:985(para)
1129
1138
msgid ""
1130
1139
"Once you have <application>Apache</application> and "
1131
1140
"<application>MySQL</application> packages installed, you are ready to "
1132
1141
"install <application>Ruby on Rails</application> package."
1133
1142
msgstr ""
1134
1143
1135
#: serverguide/C/web-servers.xml:973(para)
1144
#: serverguide/C/web-servers.xml:992(para)
1136
1145
msgid ""
1137
1146
"To install the <application>Ruby</application> base packages and "
1138
1147
"<application>Ruby on Rails</application>, you can enter the following "
1139
1148
"command in the terminal prompt:"
1140
1149
msgstr ""
1141
1150
1142
#: serverguide/C/web-servers.xml:979(command)
1151
#: serverguide/C/web-servers.xml:998(command)
1143
1152
msgid "sudo apt-get install rails"
1144
1153
msgstr ""
1145
1154
1146
#: serverguide/C/web-servers.xml:997(para)
1155
#: serverguide/C/web-servers.xml:1004(para)
1147
1156
msgid ""
1148
1157
"Modify the <filename>/etc/apache2/sites-available/000-"
1149
1158
"default.conf</filename> configuration file to setup your domains."
1150
1159
msgstr ""
1151
1160
1152
#: serverguide/C/web-servers.xml:989(para)
1161
#: serverguide/C/web-servers.xml:1008(para)
1153
1162
msgid ""
1154
1163
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1155
1164
msgstr ""
1156
1165
1157
#: serverguide/C/web-servers.xml:993(programlisting)
1166
#: serverguide/C/web-servers.xml:1012(programlisting)
1158
1167
#, no-wrap
1159
1168
msgid ""
1160
1169
"\n"
1161
1170
"DocumentRoot /path/to/rails/application/public\n"
1162
1171
msgstr ""
1163
1172
1164
#: serverguide/C/web-servers.xml:996(para)
1173
#: serverguide/C/web-servers.xml:1015(para)
1165
1174
msgid ""
1166
1175
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1167
1176
"directive:"
1168
1177
msgstr ""
1169
1178
1170
#: serverguide/C/web-servers.xml:1000(programlisting)
1179
#: serverguide/C/web-servers.xml:1019(programlisting)
1171
1180
#, no-wrap
1172
1181
msgid ""
1173
1182
"\n"
1180
1189
"</Directory>\n"
1181
1190
msgstr ""
1182
1191
1183
#: serverguide/C/web-servers.xml:1010(para)
1192
#: serverguide/C/web-servers.xml:1029(para)
1184
1193
msgid ""
1185
1194
"You should also enable the <application>mod_rewrite</application> module for "
1186
1195
"Apache. To enable <application>mod_rewrite</application> module, please "
1187
1196
"enter the following command in a terminal prompt:"
1188
1197
msgstr ""
1189
1198
1190
#: serverguide/C/web-servers.xml:1016(command)
1199
#: serverguide/C/web-servers.xml:1035(command)
1191
1200
msgid "sudo a2enmod rewrite"
1192
1201
msgstr ""
1193
1202
1194
#: serverguide/C/web-servers.xml:1019(para)
1203
#: serverguide/C/web-servers.xml:1038(para)
1195
1204
msgid ""
1196
1205
"Finally you will need to change the ownership of the "
1197
1206
"<filename>/path/to/rails/application/public</filename> and "
1199
1208
"used to run the <application>Apache</application> process:"
1200
1209
msgstr ""
1201
1210
1202
#: serverguide/C/web-servers.xml:1025(command)
1211
#: serverguide/C/web-servers.xml:1044(command)
1203
1212
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1204
1213
msgstr ""
1205
1214
1206
#: serverguide/C/web-servers.xml:1026(command)
1215
#: serverguide/C/web-servers.xml:1045(command)
1207
1216
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1208
1217
msgstr ""
1209
1218
1210
#: serverguide/C/web-servers.xml:1029(para)
1219
#: serverguide/C/web-servers.xml:1048(para)
1211
1220
msgid ""
1212
1221
"That's it! Now you have your Server ready for your <application>Ruby on "
1213
1222
"Rails</application> applications."
1214
1223
msgstr ""
1215
1224
1216
#: serverguide/C/web-servers.xml:1038(para)
1225
#: serverguide/C/web-servers.xml:1057(para)
1217
1226
msgid ""
1218
1227
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1219
1228
"for more information."
1220
1229
msgstr ""
1221
1230
1222
#: serverguide/C/web-servers.xml:1043(para)
1231
#: serverguide/C/web-servers.xml:1062(para)
1223
1232
msgid ""
1224
1233
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1225
1234
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1226
1235
"resource."
1227
1236
msgstr ""
1228
1237
1229
#: serverguide/C/web-servers.xml:1049(para)
1238
#: serverguide/C/web-servers.xml:1068(para)
1230
1239
msgid ""
1231
1240
"Another place for more information is the <ulink "
1232
1241
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1233
1242
"Wiki</ulink> page."
1234
1243
msgstr ""
1235
1244
1236
#: serverguide/C/web-servers.xml:1060(title)
1245
#: serverguide/C/web-servers.xml:1079(title)
1237
1246
msgid "Apache Tomcat"
1238
1247
msgstr ""
1239
1248
1240
#: serverguide/C/web-servers.xml:1061(para)
1249
#: serverguide/C/web-servers.xml:1080(para)
1241
1250
msgid ""
1242
1251
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1243
1252
"JSP (Java Server Pages) web applications."
1244
1253
msgstr ""
1245
1254
1246
#: serverguide/C/web-servers.xml:1075(para)
1255
#: serverguide/C/web-servers.xml:1082(para)
1247
1256
msgid ""
1248
1257
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1249
1258
"legacy version, and Tomcat 7 is the current version where new features are "
1251
1260
"but most configuration details are valid for both versions."
1252
1261
msgstr ""
1253
1262
1254
#: serverguide/C/web-servers.xml:1078(para)
1263
#: serverguide/C/web-servers.xml:1085(para)
1255
1264
msgid ""
1256
1265
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1257
1266
"You can install them as a classic unique system-wide instance, that will be "
1262
1271
"need to test on their own private Tomcat instances."
1263
1272
msgstr ""
1264
1273
1265
#: serverguide/C/web-servers.xml:1073(title)
1274
#: serverguide/C/web-servers.xml:1095(title)
1266
1275
msgid "System-wide installation"
1267
1276
msgstr ""
1268
1277
1269
#: serverguide/C/web-servers.xml:1074(para)
1278
#: serverguide/C/web-servers.xml:1096(para)
1270
1279
msgid ""
1271
1280
"To install the Tomcat server, you can enter the following command in the "
1272
1281
"terminal prompt:"
1273
1282
msgstr ""
1274
1283
1275
#: serverguide/C/web-servers.xml:1092(command)
1284
#: serverguide/C/web-servers.xml:1099(command)
1276
1285
msgid "sudo apt-get install tomcat7"
1277
1286
msgstr ""
1278
1287
1279
#: serverguide/C/web-servers.xml:1079(para)
1288
#: serverguide/C/web-servers.xml:1101(para)
1280
1289
msgid ""
1281
1290
"This will install a Tomcat server with just a default ROOT webapp that "
1282
1291
"displays a minimal \"It works\" page by default."
1283
1292
msgstr ""
1284
1293
1285
#: serverguide/C/web-servers.xml:1100(para)
1294
#: serverguide/C/web-servers.xml:1107(para)
1286
1295
msgid ""
1287
1296
"Tomcat configuration files can be found in "
1288
1297
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1291
1300
"documentation</ulink> for more."
1292
1301
msgstr ""
1293
1302
1294
#: serverguide/C/web-servers.xml:1091(title)
1303
#: serverguide/C/web-servers.xml:1113(title)
1295
1304
msgid "Changing default ports"
1296
1305
msgstr ""
1297
1306
1298
#: serverguide/C/web-servers.xml:1107(para)
1307
#: serverguide/C/web-servers.xml:1114(para)
1299
1308
msgid ""
1300
1309
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1301
1310
"port 8009. You might want to change those default ports to avoid conflict "
1303
1312
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1304
1313
msgstr ""
1305
1314
1306
#: serverguide/C/web-servers.xml:1097(programlisting)
1315
#: serverguide/C/web-servers.xml:1119(programlisting)
1307
1316
#, no-wrap
1308
1317
msgid ""
1309
1318
"\n"
1315
1324
"/>\n"
1316
1325
msgstr ""
1317
1326
1318
#: serverguide/C/web-servers.xml:1106(title)
1327
#: serverguide/C/web-servers.xml:1128(title)
1319
1328
msgid "Changing JVM used"
1320
1329
msgstr ""
1321
1330
1322
#: serverguide/C/web-servers.xml:1122(para)
1331
#: serverguide/C/web-servers.xml:1129(para)
1323
1332
msgid ""
1324
1333
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1325
1334
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1326
1335
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1327
1336
msgstr ""
1328
1337
1329
#: serverguide/C/web-servers.xml:1111(programlisting)
1338
#: serverguide/C/web-servers.xml:1133(programlisting)
1330
1339
#, no-wrap
1331
1340
msgid ""
1332
1341
"\n"
1333
1342
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1334
1343
msgstr ""
1335
1344
1336
#: serverguide/C/web-servers.xml:1116(title)
1345
#: serverguide/C/web-servers.xml:1138(title)
1337
1346
msgid "Declaring users and roles"
1338
1347
msgstr ""
1339
1348
1340
#: serverguide/C/web-servers.xml:1132(para)
1349
#: serverguide/C/web-servers.xml:1139(para)
1341
1350
msgid ""
1342
1351
"Usernames, passwords and roles (groups) can be defined centrally in a "
1343
1352
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1344
1353
"users.xml</filename> file:"
1345
1354
msgstr ""
1346
1355
1347
#: serverguide/C/web-servers.xml:1120(programlisting)
1356
#: serverguide/C/web-servers.xml:1142(programlisting)
1348
1357
#, no-wrap
1349
1358
msgid ""
1350
1359
"\n"
1352
1361
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1353
1362
msgstr ""
1354
1363
1355
#: serverguide/C/web-servers.xml:1128(title)
1364
#: serverguide/C/web-servers.xml:1150(title)
1356
1365
msgid "Using Tomcat standard webapps"
1357
1366
msgstr ""
1358
1367
1359
#: serverguide/C/web-servers.xml:1129(para)
1368
#: serverguide/C/web-servers.xml:1151(para)
1360
1369
msgid ""
1361
1370
"Tomcat is shipped with webapps that you can install for documentation, "
1362
1371
"administration or demo purposes."
1363
1372
msgstr ""
1364
1373
1365
#: serverguide/C/web-servers.xml:1132(title)
1374
#: serverguide/C/web-servers.xml:1154(title)
1366
1375
msgid "Tomcat documentation"
1367
1376
msgstr ""
1368
1377
1369
#: serverguide/C/web-servers.xml:1148(para)
1378
#: serverguide/C/web-servers.xml:1155(para)
1370
1379
msgid ""
1371
1380
"The <application>tomcat7-docs</application> package contains Tomcat "
1372
1381
"documentation, packaged as a webapp that you can access by default at "
1374
1383
"command in the terminal prompt:"
1375
1384
msgstr ""
1376
1385
1377
#: serverguide/C/web-servers.xml:1153(command)
1386
#: serverguide/C/web-servers.xml:1160(command)
1378
1387
msgid "sudo apt-get install tomcat7-docs"
1379
1388
msgstr ""
1380
1389
1381
#: serverguide/C/web-servers.xml:1142(title)
1390
#: serverguide/C/web-servers.xml:1164(title)
1382
1391
msgid "Tomcat administration webapps"
1383
1392
msgstr ""
1384
1393
1385
#: serverguide/C/web-servers.xml:1158(para)
1394
#: serverguide/C/web-servers.xml:1165(para)
1386
1395
msgid ""
1387
1396
"The <application>tomcat7-admin</application> package contains two webapps "
1388
1397
"that can be used to administer the Tomcat server using a web interface. You "
1389
1398
"can install them by entering the following command in the terminal prompt:"
1390
1399
msgstr ""
1391
1400
1392
#: serverguide/C/web-servers.xml:1163(command)
1401
#: serverguide/C/web-servers.xml:1170(command)
1393
1402
msgid "sudo apt-get install tomcat7-admin"
1394
1403
msgstr ""
1395
1404
1396
#: serverguide/C/web-servers.xml:1150(para)
1405
#: serverguide/C/web-servers.xml:1172(para)
1397
1406
msgid ""
1398
1407
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1399
1408
"access by default at http://yourserver:8080/manager/html. It is primarily "
1400
1409
"used to get server status and restart webapps."
1401
1410
msgstr ""
1402
1411
1403
#: serverguide/C/web-servers.xml:1168(para)
1412
#: serverguide/C/web-servers.xml:1175(para)
1404
1413
msgid ""
1405
1414
"Access to the <emphasis>manager</emphasis> application is protected by "
1406
1415
"default: you need to define a user with the role \"manager-gui\" in "
1407
1416
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1408
1417
msgstr ""
1409
1418
1410
#: serverguide/C/web-servers.xml:1157(para)
1419
#: serverguide/C/web-servers.xml:1179(para)
1411
1420
msgid ""
1412
1421
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1413
1422
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1414
1423
"used to create virtual hosts dynamically."
1415
1424
msgstr ""
1416
1425
1417
#: serverguide/C/web-servers.xml:1176(para)
1426
#: serverguide/C/web-servers.xml:1183(para)
1418
1427
msgid ""
1419
1428
"Access to the <emphasis>host-manager</emphasis> application is also "
1420
1429
"protected by default: you need to define a user with the role \"admin-gui\" "
1422
1431
"it."
1423
1432
msgstr ""
1424
1433
1425
#: serverguide/C/web-servers.xml:1181(para)
1434
#: serverguide/C/web-servers.xml:1188(para)
1426
1435
msgid ""
1427
1436
"For security reasons, the tomcat7 user cannot write to the "
1428
1437
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1431
1440
"the following, to give users in the tomcat7 group the necessary rights:"
1432
1441
msgstr ""
1433
1442
1434
#: serverguide/C/web-servers.xml:1188(command)
1443
#: serverguide/C/web-servers.xml:1195(command)
1435
1444
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1436
1445
msgstr ""
1437
1446
1438
#: serverguide/C/web-servers.xml:1189(command)
1447
#: serverguide/C/web-servers.xml:1196(command)
1439
1448
msgid "sudo chmod -R g+w /etc/tomcat7"
1440
1449
msgstr ""
1441
1450
1442
#: serverguide/C/web-servers.xml:1179(title)
1451
#: serverguide/C/web-servers.xml:1201(title)
1443
1452
msgid "Tomcat examples webapps"
1444
1453
msgstr ""
1445
1454
1446
#: serverguide/C/web-servers.xml:1195(para)
1455
#: serverguide/C/web-servers.xml:1202(para)
1447
1456
msgid ""
1448
1457
"The <application>tomcat7-examples</application> package contains two webapps "
1449
1458
"that can be used to test or demonstrate Servlets and JSP features, which you "
1451
1460
"install them by entering the following command in the terminal prompt:"
1452
1461
msgstr ""
1453
1462
1454
#: serverguide/C/web-servers.xml:1201(command)
1463
#: serverguide/C/web-servers.xml:1208(command)
1455
1464
msgid "sudo apt-get install tomcat7-examples"
1456
1465
msgstr ""
1457
1466
1458
#: serverguide/C/web-servers.xml:1192(title)
1467
#: serverguide/C/web-servers.xml:1214(title)
1459
1468
msgid "Using private instances"
1460
1469
msgstr ""
1461
1470
1462
#: serverguide/C/web-servers.xml:1208(para)
1471
#: serverguide/C/web-servers.xml:1215(para)
1463
1472
msgid ""
1464
1473
"Tomcat is heavily used in development and testing scenarios where using a "
1465
1474
"single system-wide instance doesn't meet the requirements of multiple users "
1469
1478
"system-installed libraries."
1470
1479
msgstr ""
1471
1480
1472
#: serverguide/C/web-servers.xml:1200(para)
1481
#: serverguide/C/web-servers.xml:1222(para)
1473
1482
msgid ""
1474
1483
"It is possible to run the system-wide instance and the private instances in "
1475
1484
"parallel, as long as they do not use the same TCP ports."
1476
1485
msgstr ""
1477
1486
1478
#: serverguide/C/web-servers.xml:1204(title)
1487
#: serverguide/C/web-servers.xml:1226(title)
1479
1488
msgid "Installing private instance support"
1480
1489
msgstr ""
1481
1490
1482
#: serverguide/C/web-servers.xml:1205(para)
1491
#: serverguide/C/web-servers.xml:1227(para)
1483
1492
msgid ""
1484
1493
"You can install everything necessary to run private instances by entering "
1485
1494
"the following command in the terminal prompt:"
1486
1495
msgstr ""
1487
1496
1488
#: serverguide/C/web-servers.xml:1223(command)
1497
#: serverguide/C/web-servers.xml:1230(command)
1489
1498
msgid "sudo apt-get install tomcat7-user"
1490
1499
msgstr ""
1491
1500
1492
#: serverguide/C/web-servers.xml:1212(title)
1501
#: serverguide/C/web-servers.xml:1234(title)
1493
1502
msgid "Creating a private instance"
1494
1503
msgstr ""
1495
1504
1496
#: serverguide/C/web-servers.xml:1213(para)
1505
#: serverguide/C/web-servers.xml:1235(para)
1497
1506
msgid ""
1498
1507
"You can create a private instance directory by entering the following "
1499
1508
"command in the terminal prompt:"
1500
1509
msgstr ""
1501
1510
1502
#: serverguide/C/web-servers.xml:1231(command)
1511
#: serverguide/C/web-servers.xml:1238(command)
1503
1512
msgid "tomcat7-instance-create my-instance"
1504
1513
msgstr ""
1505
1514
1506
#: serverguide/C/web-servers.xml:1218(para)
1515
#: serverguide/C/web-servers.xml:1240(para)
1507
1516
msgid ""
1508
1517
"This will create a new <filename>my-instance</filename> directory with all "
1509
1518
"the necessary subdirectories and scripts. You can for example install your "
1512
1521
"are deployed by default."
1513
1522
msgstr ""
1514
1523
1515
#: serverguide/C/web-servers.xml:1226(title)
1524
#: serverguide/C/web-servers.xml:1248(title)
1516
1525
msgid "Configuring your private instance"
1517
1526
msgstr ""
1518
1527
1519
#: serverguide/C/web-servers.xml:1227(para)
1528
#: serverguide/C/web-servers.xml:1249(para)
1520
1529
msgid ""
1521
1530
"You will find the classic Tomcat configuration files for your private "
1522
1531
"instance in the <filename>conf/</filename> subdirectory. You should for "
1525
1534
"conflict with other instances that might be running."
1526
1535
msgstr ""
1527
1536
1528
#: serverguide/C/web-servers.xml:1235(title)
1537
#: serverguide/C/web-servers.xml:1257(title)
1529
1538
msgid "Starting/stopping your private instance"
1530
1539
msgstr ""
1531
1540
1532
#: serverguide/C/web-servers.xml:1236(para)
1541
#: serverguide/C/web-servers.xml:1258(para)
1533
1542
msgid ""
1534
1543
"You can start your private instance by entering the following command in the "
1535
1544
"terminal prompt (supposing your instance is located in the <filename>my-"
1536
1545
"instance</filename> directory):"
1537
1546
msgstr ""
1538
1547
1539
#: serverguide/C/web-servers.xml:1240(command)
1548
#: serverguide/C/web-servers.xml:1262(command)
1540
1549
msgid "my-instance/bin/startup.sh"
1541
1550
msgstr ""
1542
1551
1543
#: serverguide/C/web-servers.xml:1242(para)
1552
#: serverguide/C/web-servers.xml:1264(para)
1544
1553
msgid ""
1545
1554
"You should check the <filename>logs/</filename> subdirectory for any error. "
1546
1555
"If you have a <emphasis>java.net.BindException: Address already in "
1548
1557
"is already taken and that you should change it."
1549
1558
msgstr ""
1550
1559
1551
#: serverguide/C/web-servers.xml:1247(para)
1560
#: serverguide/C/web-servers.xml:1269(para)
1552
1561
msgid ""
1553
1562
"You can stop your instance by entering the following command in the terminal "
1554
1563
"prompt (supposing your instance is located in the <filename>my-"
1555
1564
"instance</filename> directory):"
1556
1565
msgstr ""
1557
1566
1558
#: serverguide/C/web-servers.xml:1251(command)
1567
#: serverguide/C/web-servers.xml:1273(command)
1559
1568
msgid "my-instance/bin/shutdown.sh"
1560
1569
msgstr ""
1561
1570
1562
#: serverguide/C/web-servers.xml:1260(para)
1571
#: serverguide/C/web-servers.xml:1282(para)
1563
1572
msgid ""
1564
1573
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1565
1574
"website for more information."
1566
1575
msgstr ""
1567
1576
1568
#: serverguide/C/web-servers.xml:1280(para)
1577
#: serverguide/C/web-servers.xml:1287(para)
1569
1578
msgid ""
1570
1579
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1571
1580
"Definitive Guide</ulink> is a good resource for building web applications "
1572
1581
"with Tomcat."
1573
1582
msgstr ""
1574
1583
1575
#: serverguide/C/web-servers.xml:1271(para)
1584
#: serverguide/C/web-servers.xml:1293(para)
1576
1585
msgid ""
1577
1586
"For additional books see the <ulink "
1578
1587
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1703
1712
"\n"
1704
1713
msgstr ""
1705
1714
1706
#: serverguide/C/vpn.xml:90(para)
1715
#: serverguide/C/vpn.xml:94(para)
1707
1716
msgid ""
1708
1717
"Enter the following to generate the master Certificate Authority (CA) "
1709
1718
"certificate and key:"
1710
1719
msgstr ""
1711
1720
1712
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1721
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1713
1722
msgid "cd /etc/openvpn/easy-rsa/"
1714
1723
msgstr ""
1715
1724
1716
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1725
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1717
1726
msgid "source vars"
1718
1727
msgstr ""
1719
1728
1720
#: serverguide/C/vpn.xml:97(command)
1729
#: serverguide/C/vpn.xml:101(command)
1721
1730
msgid "./clean-all"
1722
1731
msgstr ""
1723
1732
1724
#: serverguide/C/vpn.xml:98(command)
1733
#: serverguide/C/vpn.xml:102(command)
1725
1734
msgid "./build-ca"
1726
1735
msgstr ""
1727
1736
1728
#: serverguide/C/vpn.xml:103(title)
1737
#: serverguide/C/vpn.xml:107(title)
1729
1738
msgid "Server Certificates"
1730
1739
msgstr ""
1731
1740
1732
#: serverguide/C/vpn.xml:105(para)
1741
#: serverguide/C/vpn.xml:109(para)
1733
1742
msgid "Next, we will generate a certificate and private key for the server:"
1734
1743
msgstr ""
1735
1744
1736
#: serverguide/C/vpn.xml:110(command)
1745
#: serverguide/C/vpn.xml:114(command)
1737
1746
msgid "./build-key-server myservername"
1738
1747
msgstr ""
1739
1748
1740
#: serverguide/C/vpn.xml:113(para)
1749
#: serverguide/C/vpn.xml:117(para)
1741
1750
msgid ""
1742
1751
"As in the previous step, most parameters can be defaulted. Two other queries "
1743
1752
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1744
1753
"certificate requests certified, commit? [y/n]\"."
1745
1754
msgstr ""
1746
1755
1747
#: serverguide/C/vpn.xml:117(para)
1756
#: serverguide/C/vpn.xml:121(para)
1748
1757
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1749
1758
msgstr ""
1750
1759
1751
#: serverguide/C/vpn.xml:122(command)
1760
#: serverguide/C/vpn.xml:126(command)
1752
1761
msgid "./build-dh"
1753
1762
msgstr ""
1754
1763
1755
#: serverguide/C/vpn.xml:125(para)
1764
#: serverguide/C/vpn.xml:129(para)
1756
1765
msgid ""
1757
1766
"All certificates and keys have been generated in the subdirectory keys/. "
1758
1767
"Common practice is to copy them to /etc/openvpn/:"
1759
1768
msgstr ""
1760
1769
1761
#: serverguide/C/vpn.xml:129(command)
1770
#: serverguide/C/vpn.xml:133(command)
1762
1771
msgid "cd keys/"
1763
1772
msgstr ""
1764
1773
1766
1775
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1767
1776
msgstr ""
1768
1777
1769
#: serverguide/C/vpn.xml:135(title)
1778
#: serverguide/C/vpn.xml:139(title)
1770
1779
msgid "Client Certificates"
1771
1780
msgstr ""
1772
1781
1773
#: serverguide/C/vpn.xml:137(para)
1782
#: serverguide/C/vpn.xml:141(para)
1774
1783
msgid ""
1775
1784
"The VPN client will also need a certificate to authenticate itself to the "
1776
1785
"server. Usually you create a different certificate for each client. To "
1778
1787
"root:"
1779
1788
msgstr ""
1780
1789
1781
#: serverguide/C/vpn.xml:145(command)
1790
#: serverguide/C/vpn.xml:149(command)
1782
1791
msgid "./build-key client1"
1783
1792
msgstr ""
1784
1793
1785
#: serverguide/C/vpn.xml:148(para)
1794
#: serverguide/C/vpn.xml:152(para)
1786
1795
msgid "Copy the following files to the client using a secure method:"
1787
1796
msgstr ""
1788
1797
1789
#: serverguide/C/vpn.xml:153(para)
1798
#: serverguide/C/vpn.xml:157(para)
1790
1799
msgid "/etc/openvpn/ca.crt"
1791
1800
msgstr ""
1792
1801
1793
#: serverguide/C/vpn.xml:154(para)
1802
#: serverguide/C/vpn.xml:158(para)
1794
1803
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1795
1804
msgstr ""
1796
1805
1797
#: serverguide/C/vpn.xml:155(para)
1806
#: serverguide/C/vpn.xml:159(para)
1798
1807
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1799
1808
msgstr ""
1800
1809
1801
#: serverguide/C/vpn.xml:158(para)
1810
#: serverguide/C/vpn.xml:162(para)
1802
1811
msgid ""
1803
1812
"As the client certificates and keys are only required on the client machine, "
1804
1813
"you should remove them from the server."
1805
1814
msgstr ""
1806
1815
1807
#: serverguide/C/vpn.xml:166(title)
1816
#: serverguide/C/vpn.xml:170(title)
1808
1817
msgid "Simple Server Configuration"
1809
1818
msgstr ""
1810
1819
1811
#: serverguide/C/vpn.xml:168(para)
1820
#: serverguide/C/vpn.xml:172(para)
1812
1821
msgid ""
1813
1822
"Along with your <application>OpenVPN</application> installation you got "
1814
1823
"these sample config files (and many more if if you check):"
1815
1824
msgstr ""
1816
1825
1817
#: serverguide/C/vpn.xml:172(programlisting)
1826
#: serverguide/C/vpn.xml:176(programlisting)
1818
1827
#, no-wrap
1819
1828
msgid ""
1820
1829
"\n"
1824
1833
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1825
1834
msgstr ""
1826
1835
1827
#: serverguide/C/vpn.xml:179(para)
1836
#: serverguide/C/vpn.xml:183(para)
1828
1837
msgid ""
1829
1838
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1830
1839
msgstr ""
1831
1840
1832
#: serverguide/C/vpn.xml:183(command)
1841
#: serverguide/C/vpn.xml:187(command)
1833
1842
msgid ""
1834
1843
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1835
1844
"/etc/openvpn/"
1836
1845
msgstr ""
1837
1846
1838
#: serverguide/C/vpn.xml:184(command)
1847
#: serverguide/C/vpn.xml:188(command)
1839
1848
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1840
1849
msgstr ""
1841
1850
1842
#: serverguide/C/vpn.xml:187(para)
1851
#: serverguide/C/vpn.xml:191(para)
1843
1852
msgid ""
1844
1853
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1845
1854
"following lines are pointing to the certificates and keys you created in the "
1877
1886
msgid "sudo sysctl -p /etc/sysctl.conf"
1878
1887
msgstr ""
1879
1888
1880
#: serverguide/C/vpn.xml:197(para)
1889
#: serverguide/C/vpn.xml:214(para)
1881
1890
msgid ""
1882
1891
"That is the minimum you have to configure to get a working OpenVPN server. "
1883
1892
"You can use all the default settings in the sample server.conf file. Now "
1893
1902
" * Autostarting VPN 'server' [ OK ]\n"
1894
1903
msgstr ""
1895
1904
1896
#: serverguide/C/vpn.xml:208(para)
1905
#: serverguide/C/vpn.xml:225(para)
1897
1906
msgid "Now check if OpenVPN created a tun0 interface:"
1898
1907
msgstr ""
1899
1908
1900
#: serverguide/C/vpn.xml:212(programlisting)
1909
#: serverguide/C/vpn.xml:229(programlisting)
1901
1910
#, no-wrap
1902
1911
msgid ""
1903
1912
"\n"
1909
1918
"[...]\n"
1910
1919
msgstr ""
1911
1920
1912
#: serverguide/C/vpn.xml:222(title)
1921
#: serverguide/C/vpn.xml:239(title)
1913
1922
msgid "Simple Client Configuration"
1914
1923
msgstr ""
1915
1924
1916
#: serverguide/C/vpn.xml:224(para)
1925
#: serverguide/C/vpn.xml:241(para)
1917
1926
msgid ""
1918
1927
"There are various different <application>OpenVPN</application> client "
1919
1928
"implementations with and without GUIs. You can read more about clients in a "
1922
1931
"install the openvpn package again on the client machine:"
1923
1932
msgstr ""
1924
1933
1925
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1934
#: serverguide/C/vpn.xml:248(command) serverguide/C/vpn.xml:616(command)
1926
1935
msgid "sudo apt-get install openvpn"
1927
1936
msgstr ""
1928
1937
1929
#: serverguide/C/vpn.xml:234(para)
1938
#: serverguide/C/vpn.xml:251(para)
1930
1939
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1931
1940
msgstr ""
1932
1941
1933
#: serverguide/C/vpn.xml:238(command)
1942
#: serverguide/C/vpn.xml:255(command)
1934
1943
msgid ""
1935
1944
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1936
1945
"/etc/openvpn/"
1937
1946
msgstr ""
1938
1947
1939
#: serverguide/C/vpn.xml:241(para)
1948
#: serverguide/C/vpn.xml:258(para)
1940
1949
msgid ""
1941
1950
"Copy the client keys and the certificate of the CA you created in the "
1942
1951
"section above to e.g. /etc/openvpn/ and edit "
1945
1954
"you can omit the path."
1946
1955
msgstr ""
1947
1956
1948
#: serverguide/C/vpn.xml:244(programlisting)
1957
#: serverguide/C/vpn.xml:261(programlisting) serverguide/C/vpn.xml:281(programlisting)
1949
1958
#, no-wrap
1950
1959
msgid ""
1951
1960
"\n"
1954
1963
"key client1.key\n"
1955
1964
msgstr ""
1956
1965
1957
#: serverguide/C/vpn.xml:250(para)
1966
#: serverguide/C/vpn.xml:267(para)
1958
1967
msgid ""
1959
1968
"And you have to at least specify the OpenVPN server name or address. Make "
1960
1969
"sure the keyword client is in the config. That's what enables client mode."
1961
1970
msgstr ""
1962
1971
1963
#: serverguide/C/vpn.xml:256(programlisting)
1972
#: serverguide/C/vpn.xml:273(programlisting)
1964
1973
#, no-wrap
1965
1974
msgid ""
1966
1975
"\n"
1973
1982
"Also, make sure you specify the keyfile names you copied from the server"
1974
1983
msgstr ""
1975
1984
1976
#: serverguide/C/vpn.xml:261(para)
1985
#: serverguide/C/vpn.xml:286(para)
1977
1986
msgid "Now start the OpenVPN client:"
1978
1987
msgstr ""
1979
1988
1986
1995
" * Autostarting VPN 'client' [ OK ] \n"
1987
1996
msgstr ""
1988
1997
1989
#: serverguide/C/vpn.xml:271(para)
1998
#: serverguide/C/vpn.xml:296(para)
1990
1999
msgid "Check if it created a tun0 interface:"
1991
2000
msgstr ""
1992
2001
1993
#: serverguide/C/vpn.xml:275(programlisting)
2002
#: serverguide/C/vpn.xml:300(programlisting)
1994
2003
#, no-wrap
1995
2004
msgid ""
1996
2005
"\n"
2001
2010
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
2002
2011
msgstr ""
2003
2012
2004
#: serverguide/C/vpn.xml:282(para)
2013
#: serverguide/C/vpn.xml:307(para)
2005
2014
msgid "Check if you can ping the OpenVPN server:"
2006
2015
msgstr ""
2007
2016
2008
#: serverguide/C/vpn.xml:285(programlisting)
2017
#: serverguide/C/vpn.xml:310(programlisting)
2009
2018
#, no-wrap
2010
2019
msgid ""
2011
2020
"\n"
2014
2023
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
2015
2024
msgstr ""
2016
2025
2017
#: serverguide/C/vpn.xml:292(para)
2026
#: serverguide/C/vpn.xml:317(para)
2018
2027
msgid ""
2019
2028
"The OpenVPN server always uses the first usable IP address in the client "
2020
2029
"network and only that IP is pingable. E.g. if you configured a /24 for the "
2022
2031
"in the ifconfig output above is usually not answering ping requests."
2023
2032
msgstr ""
2024
2033
2025
#: serverguide/C/vpn.xml:297(para)
2034
#: serverguide/C/vpn.xml:322(para)
2026
2035
msgid "Check out your routes:"
2027
2036
msgstr ""
2028
2037
2029
#: serverguide/C/vpn.xml:300(programlisting)
2038
#: serverguide/C/vpn.xml:325(programlisting)
2030
2039
#, no-wrap
2031
2040
msgid ""
2032
2041
"\n"
2044
2053
"eth0\n"
2045
2054
msgstr ""
2046
2055
2047
#: serverguide/C/vpn.xml:312(title)
2056
#: serverguide/C/vpn.xml:337(title)
2048
2057
msgid "First trouble shooting"
2049
2058
msgstr ""
2050
2059
2051
#: serverguide/C/vpn.xml:314(para)
2060
#: serverguide/C/vpn.xml:339(para)
2052
2061
msgid "If the above didn't work for you, check this:"
2053
2062
msgstr ""
2054
2063
2055
#: serverguide/C/vpn.xml:319(para)
2064
#: serverguide/C/vpn.xml:344(para)
2056
2065
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2057
2066
msgstr ""
2058
2067
2062
2071
"server.conf."
2063
2072
msgstr ""
2064
2073
2065
#: serverguide/C/vpn.xml:322(para)
2074
#: serverguide/C/vpn.xml:350(para)
2066
2075
msgid ""
2067
2076
"Can the client connect to the server machine? Maybe a firewall is blocking "
2068
2077
"access? Check syslog on server."
2069
2078
msgstr ""
2070
2079
2071
#: serverguide/C/vpn.xml:325(para)
2080
#: serverguide/C/vpn.xml:353(para)
2072
2081
msgid ""
2073
2082
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2074
2083
"port and proto config option"
2075
2084
msgstr ""
2076
2085
2077
#: serverguide/C/vpn.xml:328(para)
2086
#: serverguide/C/vpn.xml:356(para)
2078
2087
msgid ""
2079
2088
"Client and server must use same config regarding compression, see comp-lzo "
2080
2089
"config option"
2081
2090
msgstr ""
2082
2091
2083
#: serverguide/C/vpn.xml:331(para)
2092
#: serverguide/C/vpn.xml:359(para)
2084
2093
msgid ""
2085
2094
"Client and server must use same config regarding bridged vs routed mode, see "
2086
2095
"server vs server-bridge config option"
2087
2096
msgstr ""
2088
2097
2089
#: serverguide/C/databases.xml:168(title)
2098
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2090
2099
msgid "Advanced configuration"
2091
2100
msgstr ""
2092
2101
2093
#: serverguide/C/vpn.xml:342(title)
2102
#: serverguide/C/vpn.xml:369(title)
2094
2103
msgid "Advanced routed VPN configuration on server"
2095
2104
msgstr ""
2096
2105
2097
#: serverguide/C/vpn.xml:344(para)
2106
#: serverguide/C/vpn.xml:371(para)
2098
2107
msgid ""
2099
2108
"The above is a very simple working VPN. The client can access services on "
2100
2109
"the VPN server machine through an encrypted tunnel. If you want to reach "
2105
2114
"route to the VPN client-network."
2106
2115
msgstr ""
2107
2116
2108
#: serverguide/C/vpn.xml:348(para)
2117
#: serverguide/C/vpn.xml:375(para)
2109
2118
msgid ""
2110
2119
"Or you might push a default gateway to all the clients to send all their "
2111
2120
"internet traffic to the VPN gateway first and from there via the company "
2112
2121
"firewall into the internet. This section shows you some possible options."
2113
2122
msgstr ""
2114
2123
2115
#: serverguide/C/vpn.xml:352(para)
2124
#: serverguide/C/vpn.xml:379(para)
2116
2125
msgid ""
2117
2126
"Push routes to the client to allow it to reach other private subnets behind "
2118
2127
"the server. Remember that these private subnets will also need to know to "
2120
2129
"server."
2121
2130
msgstr ""
2122
2131
2123
#: serverguide/C/vpn.xml:361(programlisting)
2132
#: serverguide/C/vpn.xml:388(programlisting)
2124
2133
#, no-wrap
2125
2134
msgid ""
2126
2135
"\n"
2136
2145
"internet in order for this to work properly)."
2137
2146
msgstr ""
2138
2147
2139
#: serverguide/C/vpn.xml:374(programlisting)
2148
#: serverguide/C/vpn.xml:401(programlisting)
2140
2149
#, no-wrap
2141
2150
msgid ""
2142
2151
"\n"
2143
2152
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2144
2153
msgstr ""
2145
2154
2146
#: serverguide/C/vpn.xml:378(para)
2155
#: serverguide/C/vpn.xml:405(para)
2147
2156
msgid ""
2148
2157
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2149
2158
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2151
2160
"10.8.0.1. Comment this line out if you are ethernet bridging."
2152
2161
msgstr ""
2153
2162
2154
#: serverguide/C/vpn.xml:387(programlisting)
2163
#: serverguide/C/vpn.xml:414(programlisting)
2155
2164
#, no-wrap
2156
2165
msgid ""
2157
2166
"\n"
2158
2167
"server 10.8.0.0 255.255.255.0\n"
2159
2168
msgstr ""
2160
2169
2161
#: serverguide/C/vpn.xml:391(para)
2170
#: serverguide/C/vpn.xml:418(para)
2162
2171
msgid ""
2163
2172
"Maintain a record of client to virtual IP address associations in this file. "
2164
2173
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2165
2174
"the same virtual IP address from the pool that was previously assigned."
2166
2175
msgstr ""
2167
2176
2168
#: serverguide/C/vpn.xml:398(programlisting)
2177
#: serverguide/C/vpn.xml:425(programlisting)
2169
2178
#, no-wrap
2170
2179
msgid ""
2171
2180
"\n"
2172
2181
"ifconfig-pool-persist ipp.txt\n"
2173
2182
msgstr ""
2174
2183
2175
#: serverguide/C/vpn.xml:402(para)
2184
#: serverguide/C/vpn.xml:429(para)
2176
2185
msgid "Push DNS servers to the client."
2177
2186
msgstr ""
2178
2187
2179
#: serverguide/C/vpn.xml:405(programlisting)
2188
#: serverguide/C/vpn.xml:432(programlisting)
2180
2189
#, no-wrap
2181
2190
msgid ""
2182
2191
"\n"
2184
2193
"push \"dhcp-option DNS 10.1.0.2\"\n"
2185
2194
msgstr ""
2186
2195
2187
#: serverguide/C/vpn.xml:410(para)
2196
#: serverguide/C/vpn.xml:437(para)
2188
2197
msgid "Allow client to client communication."
2189
2198
msgstr ""
2190
2199
2191
#: serverguide/C/vpn.xml:413(programlisting)
2200
#: serverguide/C/vpn.xml:440(programlisting)
2192
2201
#, no-wrap
2193
2202
msgid ""
2194
2203
"\n"
2195
2204
"client-to-client\n"
2196
2205
msgstr ""
2197
2206
2198
#: serverguide/C/vpn.xml:417(para)
2207
#: serverguide/C/vpn.xml:444(para)
2199
2208
msgid "Enable compression on the VPN link."
2200
2209
msgstr ""
2201
2210
2202
#: serverguide/C/vpn.xml:420(programlisting)
2211
#: serverguide/C/vpn.xml:447(programlisting)
2203
2212
#, no-wrap
2204
2213
msgid ""
2205
2214
"\n"
2206
2215
"comp-lzo\n"
2207
2216
msgstr ""
2208
2217
2209
#: serverguide/C/vpn.xml:424(para)
2218
#: serverguide/C/vpn.xml:451(para)
2210
2219
msgid ""
2211
"The keepalive directive causes ping-like messages to be sent back and forth "
2212
"over the link so that each side knows when the other side has gone down. "
2213
"Ping every 1 second, assume that remote peer is down if no ping received "
2214
"during a 3 second time period."
2220
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2221
"sent back and forth over the link so that each side knows when the other "
2222
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2223
"no ping received during a 3 second time period."
2215
2224
msgstr ""
2216
2225
2217
#: serverguide/C/vpn.xml:433(programlisting)
2226
#: serverguide/C/vpn.xml:460(programlisting)
2218
2227
#, no-wrap
2219
2228
msgid ""
2220
2229
"\n"
2221
2230
"keepalive 1 3\n"
2222
2231
msgstr ""
2223
2232
2224
#: serverguide/C/vpn.xml:437(para)
2233
#: serverguide/C/vpn.xml:464(para)
2225
2234
msgid ""
2226
2235
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2227
2236
"initialization."
2228
2237
msgstr ""
2229
2238
2230
#: serverguide/C/vpn.xml:440(programlisting)
2239
#: serverguide/C/vpn.xml:467(programlisting)
2231
2240
#, no-wrap
2232
2241
msgid ""
2233
2242
"\n"
2235
2244
"group nogroup\n"
2236
2245
msgstr ""
2237
2246
2238
#: serverguide/C/vpn.xml:445(para)
2247
#: serverguide/C/vpn.xml:472(para)
2239
2248
msgid ""
2240
2249
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2241
2250
"obtain a username and password from a connecting client, and to use that "
2245
2254
"username/password, passing it on to the server over the secure TLS channel."
2246
2255
msgstr ""
2247
2256
2248
#: serverguide/C/vpn.xml:449(programlisting)
2257
#: serverguide/C/vpn.xml:476(programlisting)
2249
2258
#, no-wrap
2250
2259
msgid ""
2251
2260
"\n"
2253
2262
"auth-user-pass\n"
2254
2263
msgstr ""
2255
2264
2256
#: serverguide/C/vpn.xml:454(para)
2265
#: serverguide/C/vpn.xml:481(para)
2257
2266
msgid ""
2258
2267
"This will tell the OpenVPN server to validate the username/password entered "
2259
2268
"by clients using the login PAM module. Useful if you have centralized "
2267
2276
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2268
2277
msgstr ""
2269
2278
2270
#: serverguide/C/vpn.xml:463(para)
2279
#: serverguide/C/vpn.xml:490(para)
2271
2280
msgid ""
2272
2281
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2273
2282
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2274
2283
"for further security advice."
2275
2284
msgstr ""
2276
2285
2277
#: serverguide/C/vpn.xml:469(title)
2286
#: serverguide/C/vpn.xml:496(title)
2278
2287
msgid "Advanced bridged VPN configuration on server"
2279
2288
msgstr ""
2280
2289
2281
#: serverguide/C/vpn.xml:471(para)
2290
#: serverguide/C/vpn.xml:498(para)
2282
2291
msgid ""
2283
2292
"<application>OpenVPN</application> can be setup for either a routed or a "
2284
2293
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2290
2299
"be filtered."
2291
2300
msgstr ""
2292
2301
2293
#: serverguide/C/vpn.xml:477(title)
2302
#: serverguide/C/vpn.xml:504(title)
2294
2303
msgid "Prepare interface config for bridging on server"
2295
2304
msgstr ""
2296
2305
2297
#: serverguide/C/vpn.xml:479(para)
2306
#: serverguide/C/vpn.xml:506(para)
2298
2307
msgid "Make sure you have the bridge-utils package installed:"
2299
2308
msgstr ""
2300
2309
2301
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2310
#: serverguide/C/vpn.xml:510(command) serverguide/C/network-config.xml:542(command)
2302
2311
msgid "sudo apt-get install bridge-utils"
2303
2312
msgstr ""
2304
2313
2305
#: serverguide/C/vpn.xml:486(para)
2314
#: serverguide/C/vpn.xml:513(para)
2306
2315
msgid ""
2307
2316
"Before you setup OpenVPN in bridged mode you need to change your interface "
2308
2317
"configuration. Let's assume your server has an interface eth0 connected to "
2310
2319
"Your /etc/network/interfaces would like this:"
2311
2320
msgstr ""
2312
2321
2313
#: serverguide/C/vpn.xml:490(programlisting)
2322
#: serverguide/C/vpn.xml:517(programlisting)
2314
2323
#, no-wrap
2315
2324
msgid ""
2316
2325
"\n"
2326
2335
" netmask 255.255.255.0\n"
2327
2336
msgstr ""
2328
2337
2329
#: serverguide/C/vpn.xml:503(para)
2338
#: serverguide/C/vpn.xml:530(para)
2330
2339
msgid ""
2331
2340
"This straight forward interface config needs to be changed into a bridged "
2332
2341
"mode like where the config of interface eth1 moves to the new br0 interface. "
2335
2344
"interface to forward all ethernet frames to the IP stack."
2336
2345
msgstr ""
2337
2346
2338
#: serverguide/C/vpn.xml:507(programlisting)
2347
#: serverguide/C/vpn.xml:534(programlisting)
2339
2348
#, no-wrap
2340
2349
msgid ""
2341
2350
"\n"
2367
2376
msgid "sudo ifdown eth1 && sudo ifup -a"
2368
2377
msgstr ""
2369
2378
2370
#: serverguide/C/vpn.xml:534(title)
2379
#: serverguide/C/vpn.xml:561(title)
2371
2380
msgid "Prepare server config for bridging"
2372
2381
msgstr ""
2373
2382
2374
#: serverguide/C/vpn.xml:536(para)
2383
#: serverguide/C/vpn.xml:563(para)
2375
2384
msgid ""
2376
2385
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2377
2386
"options to:"
2378
2387
msgstr ""
2379
2388
2380
#: serverguide/C/vpn.xml:540(programlisting)
2389
#: serverguide/C/vpn.xml:567(programlisting)
2381
2390
#, no-wrap
2382
2391
msgid ""
2383
2392
"\n"
2388
2397
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2389
2398
msgstr ""
2390
2399
2391
#: serverguide/C/vpn.xml:548(para)
2400
#: serverguide/C/vpn.xml:575(para)
2392
2401
msgid ""
2393
2402
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2394
2403
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2395
2404
"<filename>/etc/openvpn/up.sh</filename>:"
2396
2405
msgstr ""
2397
2406
2398
#: serverguide/C/vpn.xml:552(programlisting)
2407
#: serverguide/C/vpn.xml:579(programlisting)
2399
2408
#, no-wrap
2400
2409
msgid ""
2401
2410
"\n"
2410
2419
"/sbin/brctl addif $BR $TAPDEV\n"
2411
2420
msgstr ""
2412
2421
2413
#: serverguide/C/vpn.xml:564(para)
2422
#: serverguide/C/vpn.xml:591(para)
2414
2423
msgid "Then make it executable:"
2415
2424
msgstr ""
2416
2425
2417
#: serverguide/C/vpn.xml:569(command)
2426
#: serverguide/C/vpn.xml:596(command)
2418
2427
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2419
2428
msgstr ""
2420
2429
2421
#: serverguide/C/vpn.xml:572(para)
2430
#: serverguide/C/vpn.xml:599(para)
2422
2431
msgid ""
2423
2432
"After configuring the server, restart <application>openvpn</application> by "
2424
2433
"entering:"
2428
2437
msgid "sudo service openvpn restart"
2429
2438
msgstr ""
2430
2439
2431
#: serverguide/C/vpn.xml:582(title)
2440
#: serverguide/C/vpn.xml:609(title)
2432
2441
msgid "Client Configuration"
2433
2442
msgstr ""
2434
2443
2435
#: serverguide/C/vpn.xml:584(para)
2444
#: serverguide/C/vpn.xml:611(para)
2436
2445
msgid "First, install <application>openvpn</application> on the client:"
2437
2446
msgstr ""
2438
2447
2439
#: serverguide/C/vpn.xml:592(para)
2448
#: serverguide/C/vpn.xml:619(para)
2440
2449
msgid ""
2441
2450
"Then with the server configured and the client certificates copied to the "
2442
2451
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2443
2452
"file by copying the example. In a terminal on the client machine enter:"
2444
2453
msgstr ""
2445
2454
2446
#: serverguide/C/vpn.xml:598(command)
2455
#: serverguide/C/vpn.xml:625(command)
2447
2456
msgid ""
2448
2457
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2449
2458
"/etc/openvpn"
2450
2459
msgstr ""
2451
2460
2452
#: serverguide/C/vpn.xml:601(para)
2461
#: serverguide/C/vpn.xml:628(para)
2453
2462
msgid ""
2454
2463
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2455
2464
"following options:"
2466
2475
"key client1.key\n"
2467
2476
msgstr ""
2468
2477
2469
#: serverguide/C/vpn.xml:610(para)
2478
#: serverguide/C/vpn.xml:640(para)
2470
2479
msgid "Finally, restart <application>openvpn</application>:"
2471
2480
msgstr ""
2472
2481
2473
#: serverguide/C/vpn.xml:618(para)
2482
#: serverguide/C/vpn.xml:648(para)
2474
2483
msgid "You should now be able to connect to the remote LAN through the VPN."
2475
2484
msgstr ""
2476
2485
2477
#: serverguide/C/vpn.xml:627(title)
2486
#: serverguide/C/vpn.xml:657(title)
2478
2487
msgid "Client software implementations"
2479
2488
msgstr ""
2480
2489
2481
#: serverguide/C/vpn.xml:630(title)
2490
#: serverguide/C/vpn.xml:660(title)
2482
2491
msgid "Linux Network-Manager GUI for OpenVPN"
2483
2492
msgstr ""
2484
2493
2485
#: serverguide/C/vpn.xml:632(para)
2494
#: serverguide/C/vpn.xml:662(para)
2486
2495
msgid ""
2487
2496
"Many Linux distributions including Ubuntu desktop variants come with Network "
2488
2497
"Manager, a nice GUI to configure your network settings. It also can manage "
2491
2500
"packages as well:"
2492
2501
msgstr ""
2493
2502
2494
#: serverguide/C/vpn.xml:637(programlisting)
2503
#: serverguide/C/vpn.xml:667(programlisting)
2495
2504
#, no-wrap
2496
2505
msgid ""
2497
2506
"\n"
2512
2521
"Do you want to continue [Y/n]? \n"
2513
2522
msgstr ""
2514
2523
2515
#: serverguide/C/vpn.xml:655(para)
2524
#: serverguide/C/vpn.xml:685(para)
2516
2525
msgid ""
2517
2526
"To inform network-manager about the new installed packages you will have to "
2518
2527
"restart it:"
2519
2528
msgstr ""
2520
2529
2521
#: serverguide/C/vpn.xml:659(programlisting)
2530
#: serverguide/C/vpn.xml:689(programlisting)
2522
2531
#, no-wrap
2523
2532
msgid ""
2524
2533
"\n"
2538
2547
"to establish your VPN."
2539
2548
msgstr ""
2540
2549
2541
#: serverguide/C/vpn.xml:676(title)
2550
#: serverguide/C/vpn.xml:706(title)
2542
2551
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2543
2552
msgstr ""
2544
2553
2545
#: serverguide/C/vpn.xml:678(para)
2554
#: serverguide/C/vpn.xml:708(para)
2546
2555
msgid ""
2547
2556
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2548
2557
"OpenVPN for OS X. The project's homepage is at <ulink "
2554
2563
"Application folder."
2555
2564
msgstr ""
2556
2565
2557
#: serverguide/C/vpn.xml:684(programlisting)
2566
#: serverguide/C/vpn.xml:714(programlisting)
2558
2567
#, no-wrap
2559
2568
msgid ""
2560
2569
"\n"
2577
2586
"key client.key\n"
2578
2587
msgstr ""
2579
2588
2580
#: serverguide/C/vpn.xml:706(title)
2589
#: serverguide/C/vpn.xml:736(title)
2581
2590
msgid "OpenVPN with GUI for Win 7"
2582
2591
msgstr ""
2583
2592
2590
2599
"binary installer."
2591
2600
msgstr ""
2592
2601
2593
#: serverguide/C/vpn.xml:714(para)
2602
#: serverguide/C/vpn.xml:743(para)
2594
2603
msgid ""
2595
2604
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2596
2605
"> Services and Applications > Services. Find the OpenVPN service and "
2599
2608
"click on it and you will see that option."
2600
2609
msgstr ""
2601
2610
2602
#: serverguide/C/vpn.xml:718(para)
2611
#: serverguide/C/vpn.xml:747(para)
2603
2612
msgid ""
2604
2613
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2605
2614
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2657
2666
msgid "You may want to set the Windows service to \"automatic\"."
2658
2667
msgstr ""
2659
2668
2660
#: serverguide/C/vpn.xml:747(title)
2669
#: serverguide/C/vpn.xml:790(title)
2661
2670
msgid "OpenVPN for OpenWRT"
2662
2671
msgstr ""
2663
2672
2664
#: serverguide/C/vpn.xml:749(para)
2673
#: serverguide/C/vpn.xml:792(para)
2665
2674
msgid ""
2666
2675
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2667
2676
"router. There are certain types of WLAN routers who can be flashed to run "
2674
2683
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2675
2684
msgstr ""
2676
2685
2677
#: serverguide/C/vpn.xml:758(para)
2686
#: serverguide/C/vpn.xml:801(para)
2678
2687
msgid "Log into your OpenWRT router and install OpenVPN:"
2679
2688
msgstr ""
2680
2689
2681
#: serverguide/C/vpn.xml:763(command)
2690
#: serverguide/C/vpn.xml:806(command)
2682
2691
msgid "opkg update"
2683
2692
msgstr ""
2684
2693
2685
#: serverguide/C/vpn.xml:764(command)
2694
#: serverguide/C/vpn.xml:807(command)
2686
2695
msgid "opkg install openvpn"
2687
2696
msgstr ""
2688
2697
2692
2701
"certificates and keys to /etc/openvpn/"
2693
2702
msgstr ""
2694
2703
2695
#: serverguide/C/vpn.xml:772(programlisting)
2704
#: serverguide/C/vpn.xml:815(programlisting)
2696
2705
#, no-wrap
2697
2706
msgid ""
2698
2707
"\n"
2708
2717
" option comp_lzo 1 \n"
2709
2718
msgstr ""
2710
2719
2711
#: serverguide/C/vpn.xml:785(para)
2720
#: serverguide/C/vpn.xml:828(para)
2712
2721
msgid "Restart OpenVPN:"
2713
2722
msgstr ""
2714
2723
2716
2725
msgid "service openvpn restart"
2717
2726
msgstr ""
2718
2727
2719
#: serverguide/C/vpn.xml:793(para)
2728
#: serverguide/C/vpn.xml:836(para)
2720
2729
msgid ""
2721
2730
"You will have to see if you need to adjust your router's routing and "
2722
2731
"firewall rules."
2723
2732
msgstr ""
2724
2733
2725
#: serverguide/C/vpn.xml:803(para)
2734
#: serverguide/C/vpn.xml:846(para)
2726
2735
msgid ""
2727
2736
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2728
2737
"additional information."
2729
2738
msgstr ""
2730
2739
2731
#: serverguide/C/vpn.xml:809(ulink)
2740
#: serverguide/C/vpn.xml:852(ulink)
2732
2741
msgid "OpenVPN hardening security guide"
2733
2742
msgstr ""
2734
2743
2735
#: serverguide/C/vpn.xml:813(para)
2744
#: serverguide/C/vpn.xml:856(para)
2736
2745
msgid ""
2737
2746
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2738
2747
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2742
2751
msgid "Virtualization"
2743
2752
msgstr ""
2744
2753
2745
#: serverguide/C/virtualization.xml:12(para)
2754
#: serverguide/C/virtualization.xml:13(para)
2746
2755
msgid ""
2747
2756
"Virtualization is being adopted in many different environments and "
2748
2757
"situations. If you are a developer, virtualization can provide you with a "
2752
2761
"services and move them around based on demand."
2753
2762
msgstr ""
2754
2763
2755
#: serverguide/C/virtualization.xml:18(para)
2764
#: serverguide/C/virtualization.xml:20(para)
2756
2765
msgid ""
2757
2766
"The default virtualization technology supported in Ubuntu is "
2758
2767
"<application>KVM</application>. KVM requires virtualization extensions built "
2763
2772
"hardware without virtualization extensions."
2764
2773
msgstr ""
2765
2774
2766
#: serverguide/C/virtualization.xml:26(title)
2775
#: serverguide/C/virtualization.xml:29(title)
2767
2776
msgid "libvirt"
2768
2777
msgstr ""
2769
2778
2770
#: serverguide/C/virtualization.xml:27(para)
2779
#: serverguide/C/virtualization.xml:31(para)
2771
2780
msgid ""
2772
2781
"The <application>libvirt</application> library is used to interface with "
2773
2782
"different virtualization technologies. Before getting started with "
2776
2785
"<application>KVM</application>. Enter the following from a terminal prompt:"
2777
2786
msgstr ""
2778
2787
2779
#: serverguide/C/virtualization.xml:34(command)
2788
#: serverguide/C/virtualization.xml:39(command)
2780
2789
msgid "kvm-ok"
2781
2790
msgstr ""
2782
2791
2783
#: serverguide/C/virtualization.xml:36(para)
2792
#: serverguide/C/virtualization.xml:42(para)
2784
2793
msgid ""
2785
2794
"A message will be printed informing you if your CPU "
2786
2795
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2794
2803
"it."
2795
2804
msgstr ""
2796
2805
2797
#: serverguide/C/virtualization.xml:46(title)
2806
#: serverguide/C/virtualization.xml:53(title)
2798
2807
msgid "Virtual Networking"
2799
2808
msgstr ""
2800
2809
2816
2825
"to the rest of the network."
2817
2826
msgstr ""
2818
2827
2819
#: serverguide/C/virtualization.xml:62(para)
2828
#: serverguide/C/virtualization.xml:72(para)
2820
2829
msgid "To install the necessary packages, from a terminal prompt enter:"
2821
2830
msgstr ""
2822
2831
2824
2833
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2825
2834
msgstr ""
2826
2835
2827
#: serverguide/C/virtualization.xml:68(para)
2836
#: serverguide/C/virtualization.xml:79(para)
2828
2837
msgid ""
2829
2838
"After installing <application>libvirt-bin</application>, the user used to "
2830
2839
"manage virtual machines will need to be added to the "
2832
2841
"the advanced networking options."
2833
2842
msgstr ""
2834
2843
2835
#: serverguide/C/virtualization.xml:72(para)
2844
#: serverguide/C/virtualization.xml:84(para)
2836
2845
msgid "In a terminal enter:"
2837
2846
msgstr ""
2838
2847
2839
#: serverguide/C/virtualization.xml:76(command)
2848
#: serverguide/C/virtualization.xml:87(command)
2840
2849
msgid "sudo adduser $USER libvirtd"
2841
2850
msgstr ""
2842
2851
2843
#: serverguide/C/virtualization.xml:79(para)
2852
#: serverguide/C/virtualization.xml:91(para)
2844
2853
msgid ""
2845
2854
"If the user chosen is the current user, you will need to log out and back in "
2846
2855
"for the new group membership to take effect."
2847
2856
msgstr ""
2848
2857
2849
#: serverguide/C/virtualization.xml:83(para)
2858
#: serverguide/C/virtualization.xml:95(para)
2850
2859
msgid ""
2851
2860
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2852
2861
"Installing a virtual machine follows the same process as installing the "
2855
2864
"physical machine."
2856
2865
msgstr ""
2857
2866
2858
#: serverguide/C/virtualization.xml:88(para)
2867
#: serverguide/C/virtualization.xml:101(para)
2859
2868
msgid ""
2860
2869
"In the case of virtual machines a Graphical User Interface (GUI) is "
2861
2870
"analogous to using a physical keyboard and mouse. Instead of installing a "
2875
2884
#: serverguide/C/virtualization.xml:113(para)
2876
2885
msgid ""
2877
2886
"Yet another way to install an Ubuntu virtual machine is to use "
2878
"<application>uvtool</application>. This application, available as of 14.04 "
2887
"<application>uvtool</application>. This application, available as of 14.04, "
2879
2888
"allows you to set up specific VM options, execute custom post-install "
2880
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2889
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2881
2890
msgstr ""
2882
2891
2883
#: serverguide/C/virtualization.xml:101(para)
2892
#: serverguide/C/virtualization.xml:119(para)
2884
2893
msgid ""
2885
2894
"Libvirt can also be configured work with <application>Xen</application>. For "
2886
2895
"details, see the Xen Ubuntu community page referenced below."
2887
2896
msgstr ""
2888
2897
2889
#: serverguide/C/virtualization.xml:106(title)
2898
#: serverguide/C/virtualization.xml:125(title)
2890
2899
msgid "virt-install"
2891
2900
msgstr ""
2892
2901
2893
#: serverguide/C/virtualization.xml:107(para)
2902
#: serverguide/C/virtualization.xml:127(para)
2894
2903
msgid ""
2895
2904
"<application>virt-install</application> is part of the "
2896
2905
"<application>virtinst</application> package. To install it, from a terminal "
2897
2906
"prompt enter:"
2898
2907
msgstr ""
2899
2908
2900
#: serverguide/C/virtualization.xml:111(command)
2909
#: serverguide/C/virtualization.xml:132(command)
2901
2910
msgid "sudo apt-get install virtinst"
2902
2911
msgstr ""
2903
2912
2904
#: serverguide/C/virtualization.xml:113(para)
2913
#: serverguide/C/virtualization.xml:135(para)
2905
2914
msgid ""
2906
2915
"There are several options available when using <application>virt-"
2907
2916
"install</application>. For example:"
2915
2924
"vnc,listen=0.0.0.0 --noautoconsole -v"
2916
2925
msgstr ""
2917
2926
2918
#: serverguide/C/virtualization.xml:124(para)
2927
#: serverguide/C/virtualization.xml:147(para)
2919
2928
msgid ""
2920
2929
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2921
2930
"be <emphasis>web_devel</emphasis> in this example."
2922
2931
msgstr ""
2923
2932
2924
#: serverguide/C/virtualization.xml:129(para)
2933
#: serverguide/C/virtualization.xml:153(para)
2925
2934
msgid ""
2926
2935
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2927
2936
"machine will use in megabytes."
2928
2937
msgstr ""
2929
2938
2930
#: serverguide/C/virtualization.xml:134(para)
2939
#: serverguide/C/virtualization.xml:158(para)
2931
2940
msgid ""
2932
2941
"<emphasis>--disk "
2933
2942
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2944
2953
"CDROM device."
2945
2954
msgstr ""
2946
2955
2947
#: serverguide/C/virtualization.xml:152(para)
2956
#: serverguide/C/virtualization.xml:174(para)
2948
2957
msgid ""
2949
2958
"<emphasis>--network</emphasis> provides details related to the VM's network "
2950
2959
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2959
2968
"connect via VNC to complete the installation."
2960
2969
msgstr ""
2961
2970
2962
#: serverguide/C/virtualization.xml:163(para)
2971
#: serverguide/C/virtualization.xml:189(para)
2963
2972
msgid ""
2964
2973
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2965
2974
"virtual machine's console."
2966
2975
msgstr ""
2967
2976
2968
#: serverguide/C/virtualization.xml:168(para)
2977
#: serverguide/C/virtualization.xml:194(para)
2969
2978
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2970
2979
msgstr ""
2971
2980
2973
2982
msgid ""
2974
2983
"After launching <application>virt-install</application> you can connect to "
2975
2984
"the virtual machine's console either locally using a GUI (if your server has "
2976
"a GUI), or via a remote VNC client from a GUI based computer."
2985
"a GUI), or via a remote VNC client from a GUI-based computer."
2977
2986
msgstr ""
2978
2987
2979
#: serverguide/C/virtualization.xml:179(title)
2988
#: serverguide/C/virtualization.xml:206(title)
2980
2989
msgid "virt-clone"
2981
2990
msgstr ""
2982
2991
2983
#: serverguide/C/virtualization.xml:180(para)
2992
#: serverguide/C/virtualization.xml:208(para)
2984
2993
msgid ""
2985
2994
"The <application>virt-clone</application> application can be used to copy "
2986
2995
"one virtual machine to another. For example:"
2987
2996
msgstr ""
2988
2997
2989
#: serverguide/C/virtualization.xml:184(command)
2998
#: serverguide/C/virtualization.xml:212(command)
2990
2999
msgid ""
2991
3000
"sudo virt-clone -o web_devel -n database_devel -f "
2992
3001
"/path/to/database_devel.img \\ --connect=qemu:///system"
2993
3002
msgstr ""
2994
3003
2995
#: serverguide/C/virtualization.xml:189(para)
3004
#: serverguide/C/virtualization.xml:218(para)
2996
3005
msgid "<emphasis>-o:</emphasis> original virtual machine."
2997
3006
msgstr ""
2998
3007
2999
#: serverguide/C/virtualization.xml:194(para)
3008
#: serverguide/C/virtualization.xml:222(para)
3000
3009
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3001
3010
msgstr ""
3002
3011
3003
#: serverguide/C/virtualization.xml:199(para)
3012
#: serverguide/C/virtualization.xml:227(para)
3004
3013
msgid ""
3005
3014
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3006
3015
"be used by the new virtual machine."
3007
3016
msgstr ""
3008
3017
3009
#: serverguide/C/virtualization.xml:204(para)
3018
#: serverguide/C/virtualization.xml:232(para)
3010
3019
msgid ""
3011
3020
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3012
3021
msgstr ""
3013
3022
3014
#: serverguide/C/virtualization.xml:209(para)
3023
#: serverguide/C/virtualization.xml:237(para)
3015
3024
msgid ""
3016
3025
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3017
3026
"help troubleshoot problems with <application>virt-clone</application>."
3018
3027
msgstr ""
3019
3028
3020
#: serverguide/C/virtualization.xml:214(para)
3029
#: serverguide/C/virtualization.xml:242(para)
3021
3030
msgid ""
3022
3031
"Replace <emphasis>web_devel</emphasis> and "
3023
3032
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3024
3033
msgstr ""
3025
3034
3026
#: serverguide/C/virtualization.xml:220(title)
3035
#: serverguide/C/virtualization.xml:249(title)
3027
3036
msgid "Virtual Machine Management"
3028
3037
msgstr ""
3029
3038
3030
#: serverguide/C/virtualization.xml:222(title)
3039
#: serverguide/C/virtualization.xml:252(title)
3031
3040
msgid "virsh"
3032
3041
msgstr ""
3033
3042
3034
#: serverguide/C/virtualization.xml:223(para)
3043
#: serverguide/C/virtualization.xml:254(para)
3035
3044
msgid ""
3036
3045
"There are several utilities available to manage virtual machines and "
3037
3046
"<application>libvirt</application>. The <application>virsh</application> "
3038
3047
"utility can be used from the command line. Some examples:"
3039
3048
msgstr ""
3040
3049
3041
#: serverguide/C/virtualization.xml:229(para)
3050
#: serverguide/C/virtualization.xml:261(para)
3042
3051
msgid "To list running virtual machines:"
3043
3052
msgstr ""
3044
3053
3045
#: serverguide/C/virtualization.xml:233(command)
3054
#: serverguide/C/virtualization.xml:264(command)
3046
3055
msgid "virsh -c qemu:///system list"
3047
3056
msgstr ""
3048
3057
3049
#: serverguide/C/virtualization.xml:237(para)
3058
#: serverguide/C/virtualization.xml:269(para)
3050
3059
msgid "To start a virtual machine:"
3051
3060
msgstr ""
3052
3061
3053
#: serverguide/C/virtualization.xml:241(command)
3062
#: serverguide/C/virtualization.xml:272(command)
3054
3063
msgid "virsh -c qemu:///system start web_devel"
3055
3064
msgstr ""
3056
3065
3057
#: serverguide/C/virtualization.xml:245(para)
3066
#: serverguide/C/virtualization.xml:277(para)
3058
3067
msgid "Similarly, to start a virtual machine at boot:"
3059
3068
msgstr ""
3060
3069
3061
#: serverguide/C/virtualization.xml:249(command)
3070
#: serverguide/C/virtualization.xml:280(command)
3062
3071
msgid "virsh -c qemu:///system autostart web_devel"
3063
3072
msgstr ""
3064
3073
3065
#: serverguide/C/virtualization.xml:253(para)
3074
#: serverguide/C/virtualization.xml:285(para)
3066
3075
msgid "Reboot a virtual machine with:"
3067
3076
msgstr ""
3068
3077
3069
#: serverguide/C/virtualization.xml:257(command)
3078
#: serverguide/C/virtualization.xml:288(command)
3070
3079
msgid "virsh -c qemu:///system reboot web_devel"
3071
3080
msgstr ""
3072
3081
3073
#: serverguide/C/virtualization.xml:261(para)
3082
#: serverguide/C/virtualization.xml:293(para)
3074
3083
msgid ""
3075
3084
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3076
3085
"order to be restored later. The following will save the virtual machine "
3077
3086
"state into a file named according to the date:"
3078
3087
msgstr ""
3079
3088
3080
#: serverguide/C/virtualization.xml:266(command)
3089
#: serverguide/C/virtualization.xml:299(command)
3081
3090
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3082
3091
msgstr ""
3083
3092
3084
#: serverguide/C/virtualization.xml:268(para)
3093
#: serverguide/C/virtualization.xml:302(para)
3085
3094
msgid "Once saved the virtual machine will no longer be running."
3086
3095
msgstr ""
3087
3096
3088
#: serverguide/C/virtualization.xml:273(para)
3097
#: serverguide/C/virtualization.xml:307(para)
3089
3098
msgid "A saved virtual machine can be restored using:"
3090
3099
msgstr ""
3091
3100
3092
#: serverguide/C/virtualization.xml:277(command)
3101
#: serverguide/C/virtualization.xml:310(command)
3093
3102
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3094
3103
msgstr ""
3095
3104
3096
#: serverguide/C/virtualization.xml:281(para)
3105
#: serverguide/C/virtualization.xml:315(para)
3097
3106
msgid "To shutdown a virtual machine do:"
3098
3107
msgstr ""
3099
3108
3100
#: serverguide/C/virtualization.xml:285(command)
3109
#: serverguide/C/virtualization.xml:318(command)
3101
3110
msgid "virsh -c qemu:///system shutdown web_devel"
3102
3111
msgstr ""
3103
3112
3104
#: serverguide/C/virtualization.xml:289(para)
3113
#: serverguide/C/virtualization.xml:323(para)
3105
3114
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3106
3115
msgstr ""
3107
3116
3108
#: serverguide/C/virtualization.xml:293(command)
3117
#: serverguide/C/virtualization.xml:327(command)
3109
3118
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3110
3119
msgstr ""
3111
3120
3112
#: serverguide/C/virtualization.xml:298(para)
3121
#: serverguide/C/virtualization.xml:333(para)
3113
3122
msgid ""
3114
3123
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3115
3124
"appropriate virtual machine name, and <filename>web_devel-"
3116
3125
"022708.state</filename> with a descriptive file name."
3117
3126
msgstr ""
3118
3127
3119
#: serverguide/C/virtualization.xml:305(title)
3128
#: serverguide/C/virtualization.xml:341(title)
3120
3129
msgid "Virtual Machine Manager"
3121
3130
msgstr ""
3122
3131
3123
#: serverguide/C/virtualization.xml:306(para)
3132
#: serverguide/C/virtualization.xml:343(para)
3124
3133
msgid ""
3125
3134
"The <application>virt-manager</application> package contains a graphical "
3126
3135
"utility to manage local and remote virtual machines. To install virt-manager "
3127
3136
"enter:"
3128
3137
msgstr ""
3129
3138
3130
#: serverguide/C/virtualization.xml:311(command)
3139
#: serverguide/C/virtualization.xml:348(command)
3131
3140
msgid "sudo apt-get install virt-manager"
3132
3141
msgstr ""
3133
3142
3134
#: serverguide/C/virtualization.xml:313(para)
3143
#: serverguide/C/virtualization.xml:351(para)
3135
3144
msgid ""
3136
3145
"Since <application>virt-manager</application> requires a Graphical User "
3137
3146
"Interface (GUI) environment it is recommended to be installed on a "
3139
3148
"the local <application>libvirt</application> service enter:"
3140
3149
msgstr ""
3141
3150
3142
#: serverguide/C/virtualization.xml:319(command)
3151
#: serverguide/C/virtualization.xml:358(command)
3143
3152
msgid "virt-manager -c qemu:///system"
3144
3153
msgstr ""
3145
3154
3146
#: serverguide/C/virtualization.xml:321(para)
3155
#: serverguide/C/virtualization.xml:361(para)
3147
3156
msgid ""
3148
3157
"You can connect to the <application>libvirt</application> service running on "
3149
3158
"another host by entering the following in a terminal prompt:"
3150
3159
msgstr ""
3151
3160
3152
#: serverguide/C/virtualization.xml:325(command)
3161
#: serverguide/C/virtualization.xml:366(command)
3153
3162
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3154
3163
msgstr ""
3155
3164
3156
#: serverguide/C/virtualization.xml:328(para)
3165
#: serverguide/C/virtualization.xml:370(para)
3157
3166
msgid ""
3158
3167
"The above example assumes that <application>SSH</application> connectivity "
3159
3168
"between the management system and virtnode1.mydomain.com has already been "
3164
3173
"linkend=\"openssh-server\"/>"
3165
3174
msgstr ""
3166
3175
3167
#: serverguide/C/virtualization.xml:338(title)
3176
#: serverguide/C/virtualization.xml:383(title)
3168
3177
msgid "Virtual Machine Viewer"
3169
3178
msgstr ""
3170
3179
3171
#: serverguide/C/virtualization.xml:339(para)
3180
#: serverguide/C/virtualization.xml:385(para)
3172
3181
msgid ""
3173
3182
"The <application>virt-viewer</application> application allows you to connect "
3174
3183
"to a virtual machine's console. <application>virt-viewer</application> does "
3176
3185
"machine."
3177
3186
msgstr ""
3178
3187
3179
#: serverguide/C/virtualization.xml:343(para)
3188
#: serverguide/C/virtualization.xml:390(para)
3180
3189
msgid ""
3181
3190
"To install <application>virt-viewer</application> from a terminal enter:"
3182
3191
msgstr ""
3183
3192
3184
#: serverguide/C/virtualization.xml:347(command)
3193
#: serverguide/C/virtualization.xml:394(command)
3185
3194
msgid "sudo apt-get install virt-viewer"
3186
3195
msgstr ""
3187
3196
3188
#: serverguide/C/virtualization.xml:349(para)
3197
#: serverguide/C/virtualization.xml:397(para)
3189
3198
msgid ""
3190
3199
"Once a virtual machine is installed and running you can connect to the "
3191
3200
"virtual machine's console by using:"
3192
3201
msgstr ""
3193
3202
3194
#: serverguide/C/virtualization.xml:353(command)
3203
#: serverguide/C/virtualization.xml:401(command)
3195
3204
msgid "virt-viewer -c qemu:///system web_devel"
3196
3205
msgstr ""
3197
3206
3198
#: serverguide/C/virtualization.xml:355(para)
3207
#: serverguide/C/virtualization.xml:404(para)
3199
3208
msgid ""
3200
3209
"Similar to <application>virt-manager</application>, <application>virt-"
3201
3210
"viewer</application> can connect to a remote host using "
3202
3211
"<emphasis>SSH</emphasis> with key authentication, as well:"
3203
3212
msgstr ""
3204
3213
3205
#: serverguide/C/virtualization.xml:360(command)
3214
#: serverguide/C/virtualization.xml:409(command)
3206
3215
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3207
3216
msgstr ""
3208
3217
3209
#: serverguide/C/virtualization.xml:362(para)
3218
#: serverguide/C/virtualization.xml:412(para)
3210
3219
msgid ""
3211
3220
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3212
3221
"appropriate virtual machine name."
3218
3227
"can also setup <application>SSH</application> access to the virtual machine."
3219
3228
msgstr ""
3220
3229
3221
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3230
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:659(title) serverguide/C/virtualization.xml:730(title) serverguide/C/virtualization.xml:1784(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2674(title) serverguide/C/network-auth.xml:3390(title) serverguide/C/network-auth.xml:3943(title) serverguide/C/network-auth.xml:4179(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1149(title) serverguide/C/installation.xml:1434(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3222
3231
msgid "Resources"
3223
3232
msgstr "Sumber Daya"
3224
3233
3228
3237
"more details."
3229
3238
msgstr ""
3230
3239
3231
#: serverguide/C/virtualization.xml:379(para)
3240
#: serverguide/C/virtualization.xml:430(para)
3232
3241
msgid ""
3233
3242
"For more information on <application>libvirt</application> see the <ulink "
3234
3243
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3235
3244
msgstr ""
3236
3245
3237
#: serverguide/C/virtualization.xml:384(para)
3246
#: serverguide/C/virtualization.xml:436(para)
3238
3247
msgid ""
3239
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3240
"Manager</ulink> site has more information on <application>virt-"
3241
"manager</application> development."
3248
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3249
"site has more information on <application>virt-manager</application> "
3250
"development."
3242
3251
msgstr ""
3243
3252
3244
#: serverguide/C/virtualization.xml:390(para)
3253
#: serverguide/C/virtualization.xml:442(para)
3245
3254
msgid ""
3246
3255
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3247
3256
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3248
3257
"technology in Ubuntu."
3249
3258
msgstr ""
3250
3259
3251
#: serverguide/C/virtualization.xml:396(para)
3260
#: serverguide/C/virtualization.xml:448(para)
3252
3261
msgid ""
3253
3262
"Another good resource is the <ulink "
3254
3263
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3255
3264
msgstr ""
3256
3265
3257
#: serverguide/C/virtualization.xml:401(para)
3266
#: serverguide/C/virtualization.xml:454(para)
3258
3267
msgid ""
3259
3268
"For information on Xen, including using Xen with libvirt, please see the "
3260
3269
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3265
3274
msgid "Cloud images and uvtool"
3266
3275
msgstr ""
3267
3276
3268
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3277
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3269
3278
msgid "Introduction"
3270
3279
msgstr "Pengenalan"
3271
3280
3272
3281
#: serverguide/C/virtualization.xml:469(para)
3273
3282
msgid ""
3274
"With Ubuntu being one of the most used operating systems on most of the "
3275
"cloud platforms, the availability of stable and secure cloud images has "
3276
"become very important. As of 12.04 the utilization of cloud images outside "
3277
"of a cloud infrastructure has been improved. It is now possible to use those "
3283
"With Ubuntu being one of the most used operating systems on many cloud "
3284
"platforms, the availability of stable and secure cloud images has become "
3285
"very important. As of 12.04 the utilization of cloud images outside of a "
3286
"cloud infrastructure has been improved. It is now possible to use those "
3278
3287
"images to create a virtual machine without the need of a complete "
3279
3288
"installation."
3280
3289
msgstr ""
3281
3290
3282
#: serverguide/C/virtualization.xml:478(title)
3291
#: serverguide/C/virtualization.xml:477(title)
3283
3292
msgid "Creating virtual machines using uvtool"
3284
3293
msgstr ""
3285
3294
3286
#: serverguide/C/virtualization.xml:480(para)
3295
#: serverguide/C/virtualization.xml:479(para)
3287
3296
msgid ""
3288
3297
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3289
3298
"of generating virtual machines (VM) using the cloud images. "
3291
3300
"synchronize cloud-images locally and use them to create new VMs in minutes."
3292
3301
msgstr ""
3293
3302
3294
#: serverguide/C/virtualization.xml:487(title)
3303
#: serverguide/C/virtualization.xml:486(title)
3295
3304
msgid "Uvtool packages"
3296
3305
msgstr ""
3297
3306
3298
#: serverguide/C/virtualization.xml:489(para)
3307
#: serverguide/C/virtualization.xml:488(para)
3299
3308
msgid ""
3300
"The following packages and their dependancies will be required in order to "
3309
"The following packages and their dependencies will be required in order to "
3301
3310
"use uvtool:"
3302
3311
msgstr ""
3303
3312
3304
#: serverguide/C/virtualization.xml:496(para)
3313
#: serverguide/C/virtualization.xml:495(para)
3305
3314
msgid "uvtool"
3306
3315
msgstr ""
3307
3316
3308
#: serverguide/C/virtualization.xml:500(para)
3317
#: serverguide/C/virtualization.xml:499(para)
3309
3318
msgid "uvtool-libvirt"
3310
3319
msgstr ""
3311
3320
3312
#: serverguide/C/virtualization.xml:505(para)
3313
msgid ""
3314
"Installation of <application>uvtool</application> is done the same as for "
3315
"any other application by using apt-get:"
3321
#: serverguide/C/virtualization.xml:504(para)
3322
msgid "To install <application>uvtool</application>, run:"
3316
3323
msgstr ""
3317
3324
3318
#: serverguide/C/virtualization.xml:507(programlisting)
3325
#: serverguide/C/virtualization.xml:505(programlisting)
3319
3326
#, no-wrap
3320
3327
msgid "$ apt-get -y install uvtool"
3321
3328
msgstr ""
3322
3329
3323
#: serverguide/C/virtualization.xml:509(para)
3330
#: serverguide/C/virtualization.xml:507(para)
3324
3331
msgid "This will install uvtool's main commands:"
3325
3332
msgstr ""
3326
3333
3327
#: serverguide/C/virtualization.xml:511(application)
3334
#: serverguide/C/virtualization.xml:509(application)
3328
3335
msgid "uvt-simplestreams-libvirt"
3329
3336
msgstr ""
3330
3337
3331
#: serverguide/C/virtualization.xml:512(application)
3338
#: serverguide/C/virtualization.xml:510(application)
3332
3339
msgid "uvt-kvm"
3333
3340
msgstr ""
3334
3341
3335
#: serverguide/C/virtualization.xml:517(title)
3342
#: serverguide/C/virtualization.xml:515(title)
3336
3343
msgid ""
3337
3344
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3338
3345
"libvirt</application>"
3339
3346
msgstr ""
3340
3347
3341
#: serverguide/C/virtualization.xml:519(para)
3348
#: serverguide/C/virtualization.xml:517(para)
3342
3349
msgid ""
3343
3350
"This is one of the major simplifications that "
3344
3351
"<application>uvtool</application> brings. It is aware of where to find the "
3347
3354
"architecture, the uvtool command would be:"
3348
3355
msgstr ""
3349
3356
3350
#: serverguide/C/virtualization.xml:524(programlisting)
3357
#: serverguide/C/virtualization.xml:522(programlisting)
3351
3358
#, no-wrap
3352
3359
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3353
3360
msgstr ""
3354
3361
3355
#: serverguide/C/virtualization.xml:526(para)
3362
#: serverguide/C/virtualization.xml:524(para)
3356
3363
msgid ""
3357
3364
"After an amount of time required to download all the images from the "
3358
"internet, you will have a complete set of cloud images stored locally. To "
3365
"Internet, you will have a complete set of cloud images stored locally. To "
3359
3366
"see what has been downloaded use the following command:"
3360
3367
msgstr ""
3361
3368
3362
#: serverguide/C/virtualization.xml:530(programlisting)
3369
#: serverguide/C/virtualization.xml:528(programlisting)
3363
3370
#, no-wrap
3364
3371
msgid ""
3365
3372
"$ uvt-simplestreams-libvirt query\n"
3370
3377
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3371
3378
msgstr ""
3372
3379
3373
#: serverguide/C/virtualization.xml:538(para)
3380
#: serverguide/C/virtualization.xml:536(para)
3374
3381
msgid ""
3375
3382
"In the case where you want to synchronize only one specific cloud-image, you "
3376
3383
"need to use the release= and arch= filters to identify which image needs to "
3377
3384
"be synchronized."
3378
3385
msgstr ""
3379
3386
3380
#: serverguide/C/virtualization.xml:541(programlisting)
3387
#: serverguide/C/virtualization.xml:539(programlisting)
3381
3388
#, no-wrap
3382
3389
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3383
3390
msgstr ""
3384
3391
3385
#: serverguide/C/virtualization.xml:546(title)
3392
#: serverguide/C/virtualization.xml:544(title)
3386
3393
msgid "Create the VM using uvt-kvm"
3387
3394
msgstr ""
3388
3395
3389
#: serverguide/C/virtualization.xml:548(para)
3396
#: serverguide/C/virtualization.xml:546(para)
3390
3397
msgid ""
3391
"In order to be able to connect to the virtual machine once it has been "
3392
"created, it is necessary to have a valid SSH key available for the ubuntu "
3393
"user. If your environment does not have a ssh key, you can easily create one "
3394
"using the following command:"
3398
"In order to connect to the virtual machine once it has been created, you "
3399
"must have a valid SSH key available for the Ubuntu user. If your environment "
3400
"does not have an SSH key, you can easily create one using the following "
3401
"command:"
3395
3402
msgstr ""
3396
3403
3397
#: serverguide/C/virtualization.xml:552(programlisting)
3404
#: serverguide/C/virtualization.xml:548(programlisting)
3398
3405
#, no-wrap
3399
3406
msgid ""
3400
3407
"\n"
3421
3428
"+-----------------+\n"
3422
3429
msgstr ""
3423
3430
3431
#: serverguide/C/virtualization.xml:571(para)
3432
msgid ""
3433
"To create of a new virtual machine using uvtool, run the following in a "
3434
"terminal:"
3435
msgstr ""
3436
3437
#: serverguide/C/virtualization.xml:573(programlisting)
3438
#, no-wrap
3439
msgid "$ uvt-kvm create firsttest"
3440
msgstr ""
3441
3424
3442
#: serverguide/C/virtualization.xml:575(para)
3425
3443
msgid ""
3426
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3427
"form, you only need to do:"
3428
msgstr ""
3429
3430
#: serverguide/C/virtualization.xml:578(programlisting)
3431
#, no-wrap
3432
msgid "$ uvt-kvm create firsttest"
3433
msgstr ""
3434
3435
#: serverguide/C/virtualization.xml:580(para)
3436
msgid ""
3437
3444
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3438
3445
"using the current LTS cloud image available locally. If you want to specify "
3439
3446
"a release to be used to create the VM, you need to use the <emphasis "
3440
"role=\"bold\">release=</emphasis> filter"
3447
"role=\"bold\">release=</emphasis> filter:"
3448
msgstr ""
3449
3450
#: serverguide/C/virtualization.xml:578(programlisting)
3451
#, no-wrap
3452
msgid "$ uvt-kvm create secondtest release=trusty"
3453
msgstr ""
3454
3455
#: serverguide/C/virtualization.xml:580(para)
3456
msgid ""
3457
"<application>uvt-kvm wait</application> can be used to wait until the "
3458
"creation of the VM has completed:"
3441
3459
msgstr ""
3442
3460
3443
3461
#: serverguide/C/virtualization.xml:583(programlisting)
3444
3462
#, no-wrap
3445
msgid "$ uvt-kvm create secondtest release=trusty"
3446
msgstr ""
3447
3448
#: serverguide/C/virtualization.xml:585(para)
3449
msgid ""
3450
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3451
"the creation of the VM has completed"
3452
msgstr ""
3453
3454
#: serverguide/C/virtualization.xml:588(programlisting)
3455
#, no-wrap
3456
3463
msgid ""
3457
3464
"$ uvt-kvm wait secondttest --insecure\n"
3458
3465
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3459
3466
msgstr ""
3460
3467
3461
#: serverguide/C/virtualization.xml:593(title)
3468
#: serverguide/C/virtualization.xml:588(title)
3462
3469
msgid "Connect to the running VM"
3463
3470
msgstr ""
3464
3471
3465
#: serverguide/C/virtualization.xml:594(para)
3472
#: serverguide/C/virtualization.xml:589(para)
3466
3473
msgid ""
3467
3474
"Once the virtual machine creation is completed, you can connect to it using "
3468
"ssh:"
3475
"SSH:"
3469
3476
msgstr ""
3470
3477
3471
#: serverguide/C/virtualization.xml:597(programlisting)
3478
#: serverguide/C/virtualization.xml:592(programlisting)
3472
3479
#, no-wrap
3473
3480
msgid "$ uvt-kvm ssh secondtest --insecure"
3474
3481
msgstr ""
3475
3482
3476
#: serverguide/C/virtualization.xml:599(para)
3483
#: serverguide/C/virtualization.xml:594(para)
3477
3484
msgid ""
3478
3485
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3479
"required so you should be using this mechanism to connect to your VM only if "
3480
"you completely trust your network infrastructure"
3486
"required, so use this mechanism to connect to your VM only if you completely "
3487
"trust your network infrastructure."
3481
3488
msgstr ""
3482
3489
3483
#: serverguide/C/virtualization.xml:602(para)
3490
#: serverguide/C/virtualization.xml:596(para)
3484
3491
msgid ""
3485
"You can also connect to your VM using a regular ssh session using the IP "
3492
"You can also connect to your VM using a regular SSH session using the IP "
3486
3493
"address of the VM. The address can be queried using the following command:"
3487
3494
msgstr ""
3488
3495
3489
#: serverguide/C/virtualization.xml:605(programlisting)
3496
#: serverguide/C/virtualization.xml:598(programlisting)
3490
3497
#, no-wrap
3491
3498
msgid ""
3492
3499
"\n"
3517
3524
"\n"
3518
3525
msgstr ""
3519
3526
3520
#: serverguide/C/virtualization.xml:631(title)
3527
#: serverguide/C/virtualization.xml:624(title)
3521
3528
msgid "Get the list of running VMs"
3522
3529
msgstr ""
3523
3530
3524
#: serverguide/C/virtualization.xml:632(para)
3525
msgid "You can get the list of VM running on your system with this command:"
3531
#: serverguide/C/virtualization.xml:625(para)
3532
msgid "You can get the list of VMs running on your system with this command:"
3526
3533
msgstr ""
3527
3534
3528
#: serverguide/C/virtualization.xml:634(programlisting)
3535
#: serverguide/C/virtualization.xml:627(programlisting)
3529
3536
#, no-wrap
3530
3537
msgid ""
3531
3538
"$ uvt-kvm list\n"
3532
3539
"secondtest\n"
3533
3540
msgstr ""
3534
3541
3535
#: serverguide/C/virtualization.xml:639(title)
3542
#: serverguide/C/virtualization.xml:632(title)
3536
3543
msgid "Destroy your VM"
3537
3544
msgstr ""
3538
3545
3539
#: serverguide/C/virtualization.xml:640(para)
3540
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3546
#: serverguide/C/virtualization.xml:633(para)
3547
msgid "Once you are done with your VM, you can destroy it with:"
3541
3548
msgstr ""
3542
3549
3543
#: serverguide/C/virtualization.xml:642(programlisting)
3550
#: serverguide/C/virtualization.xml:635(programlisting)
3544
3551
#, no-wrap
3545
3552
msgid "$ uvt-kvm destroy secondtest"
3546
3553
msgstr ""
3547
3554
3548
#: serverguide/C/virtualization.xml:644(title)
3555
#: serverguide/C/virtualization.xml:637(title)
3549
3556
msgid "More uvt-kvm options"
3550
3557
msgstr ""
3551
3558
3552
#: serverguide/C/virtualization.xml:646(para)
3559
#: serverguide/C/virtualization.xml:639(para)
3553
3560
msgid ""
3554
3561
"The following options can be used to change some of the characteristics of "
3555
"the virtual memory that you are creating"
3562
"the VM that you are creating:"
3563
msgstr ""
3564
3565
#: serverguide/C/virtualization.xml:642(para)
3566
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3567
msgstr ""
3568
3569
#: serverguide/C/virtualization.xml:643(para)
3570
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3571
msgstr ""
3572
3573
#: serverguide/C/virtualization.xml:644(para)
3574
msgid "--cpu : Number of CPU cores. Default: 1."
3575
msgstr ""
3576
3577
#: serverguide/C/virtualization.xml:647(para)
3578
msgid ""
3579
"Some other parameters will have an impact on the cloud-init configuration:"
3580
msgstr ""
3581
3582
#: serverguide/C/virtualization.xml:649(para)
3583
msgid ""
3584
"--password password : Allow login to the VM using the Ubuntu account and "
3585
"this provided password."
3556
3586
msgstr ""
3557
3587
3558
3588
#: serverguide/C/virtualization.xml:650(para)
3559
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3560
msgstr ""
3561
3562
#: serverguide/C/virtualization.xml:651(para)
3563
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3564
msgstr ""
3565
3566
#: serverguide/C/virtualization.xml:652(para)
3567
msgid "--cpu : Number of CPU cores. Default: 1"
3568
msgstr ""
3569
3570
#: serverguide/C/virtualization.xml:655(para)
3571
msgid ""
3572
"Some other parameters will have an impact on the cloud-init configuration"
3573
msgstr ""
3574
3575
#: serverguide/C/virtualization.xml:657(para)
3576
msgid ""
3577
"--password password : Allow login to the VM using the ubuntu account and "
3578
"this provided password"
3579
msgstr ""
3580
3581
#: serverguide/C/virtualization.xml:658(para)
3582
3589
msgid ""
3583
3590
"--run-script-once script_file : Run script_file as root on the VM the first "
3584
3591
"time it is booted, but never again."
3585
3592
msgstr ""
3586
3593
3587
#: serverguide/C/virtualization.xml:659(para)
3594
#: serverguide/C/virtualization.xml:651(para)
3588
3595
msgid ""
3589
3596
"--packages package_list : Install the comma-separated packages specified in "
3590
3597
"package_list on first boot."
3591
3598
msgstr ""
3592
3599
3593
#: serverguide/C/virtualization.xml:662(para)
3600
#: serverguide/C/virtualization.xml:654(para)
3594
3601
msgid ""
3595
3602
"A complete description of all available modifiers is available in the "
3596
"manpage of uvt-kvm"
3603
"manpage of uvt-kvm."
3597
3604
msgstr ""
3598
3605
3599
#: serverguide/C/virtualization.xml:1073(para)
3606
#: serverguide/C/virtualization.xml:661(para)
3600
3607
msgid ""
3601
3608
"If you are interested in learning more, have questions or suggestions, "
3602
3609
"please contact the Ubuntu Server Team at:"
3603
3610
msgstr ""
3604
3611
3605
#: serverguide/C/virtualization.xml:1078(para)
3612
#: serverguide/C/virtualization.xml:666(para)
3606
3613
msgid "IRC: #ubuntu-server on freenode"
3607
3614
msgstr ""
3608
3615
3609
#: serverguide/C/virtualization.xml:1083(para)
3616
#: serverguide/C/virtualization.xml:670(para)
3610
3617
msgid ""
3611
3618
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3612
3619
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3613
3620
msgstr ""
3614
3621
3615
#: serverguide/C/virtualization.xml:2121(title)
3622
#: serverguide/C/virtualization.xml:679(title)
3616
3623
msgid "Ubuntu Cloud"
3617
3624
msgstr ""
3618
3625
3619
#: serverguide/C/virtualization.xml:2122(para)
3626
#: serverguide/C/virtualization.xml:681(para)
3620
3627
msgid ""
3621
3628
"<application>Cloud computing</application> is a computing model that allows "
3622
3629
"vast pools of resources to be allocated on-demand. These resources such as "
3628
3635
"build highly scalable, cloud computing for both public and private clouds."
3629
3636
msgstr ""
3630
3637
3631
#: serverguide/C/virtualization.xml:700(title)
3638
#: serverguide/C/virtualization.xml:692(title)
3632
3639
msgid "Installation and Configuration"
3633
3640
msgstr ""
3634
3641
3635
#: serverguide/C/virtualization.xml:702(para)
3642
#: serverguide/C/virtualization.xml:694(para)
3636
3643
msgid ""
3637
3644
"Due to the current high rate of development of this complex technology we "
3638
3645
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3640
3647
"concerning installation and configuration."
3641
3648
msgstr ""
3642
3649
3643
#: serverguide/C/virtualization.xml:2452(title)
3650
#: serverguide/C/virtualization.xml:703(title)
3644
3651
msgid "Support and Troubleshooting"
3645
3652
msgstr ""
3646
3653
3647
#: serverguide/C/virtualization.xml:2453(para)
3654
#: serverguide/C/virtualization.xml:705(para)
3648
3655
msgid "Community Support"
3649
3656
msgstr ""
3650
3657
3651
#: serverguide/C/virtualization.xml:2457(ulink)
3658
#: serverguide/C/virtualization.xml:709(ulink)
3652
3659
msgid "OpenStack Mailing list"
3653
3660
msgstr ""
3654
3661
3655
#: serverguide/C/virtualization.xml:2462(ulink)
3662
#: serverguide/C/virtualization.xml:714(ulink)
3656
3663
msgid "The OpenStack Wiki search"
3657
3664
msgstr ""
3658
3665
3659
#: serverguide/C/virtualization.xml:2468(ulink)
3666
#: serverguide/C/virtualization.xml:719(ulink)
3660
3667
msgid "Launchpad bugs area"
3661
3668
msgstr ""
3662
3669
3663
#: serverguide/C/virtualization.xml:2472(para)
3670
#: serverguide/C/virtualization.xml:724(para)
3664
3671
msgid "Join the IRC channel #openstack on freenode."
3665
3672
msgstr ""
3666
3673
3667
#: serverguide/C/virtualization.xml:2486(ulink)
3674
#: serverguide/C/virtualization.xml:735(ulink)
3668
3675
msgid "Cloud Computing - Service models"
3669
3676
msgstr ""
3670
3677
3671
#: serverguide/C/virtualization.xml:2491(ulink)
3678
#: serverguide/C/virtualization.xml:741(ulink)
3672
3679
msgid "OpenStack Compute"
3673
3680
msgstr ""
3674
3681
3675
#: serverguide/C/virtualization.xml:2496(ulink)
3682
#: serverguide/C/virtualization.xml:747(ulink)
3676
3683
msgid "OpenStack Image Service"
3677
3684
msgstr ""
3678
3685
3679
#: serverguide/C/virtualization.xml:2501(ulink)
3686
#: serverguide/C/virtualization.xml:753(ulink)
3680
3687
msgid "OpenStack Object Storage Administration Guide"
3681
3688
msgstr ""
3682
3689
3683
#: serverguide/C/virtualization.xml:2506(ulink)
3690
#: serverguide/C/virtualization.xml:759(ulink)
3684
3691
msgid "Installing OpenStack Object Storage on Ubuntu"
3685
3692
msgstr ""
3686
3693
3687
#: serverguide/C/virtualization.xml:2511(ulink)
3694
#: serverguide/C/virtualization.xml:765(ulink)
3688
3695
msgid "http://cloudglossary.com/"
3689
3696
msgstr ""
3690
3697
3691
#: serverguide/C/virtualization.xml:2586(title)
3698
#: serverguide/C/virtualization.xml:775(title)
3692
3699
msgid "LXC"
3693
3700
msgstr ""
3694
3701
3695
#: serverguide/C/virtualization.xml:785(para)
3702
#: serverguide/C/virtualization.xml:777(para)
3696
3703
msgid ""
3697
3704
"Containers are a lightweight virtualization technology. They are more akin "
3698
3705
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3704
3711
"and OpenVZ functionality."
3705
3712
msgstr ""
3706
3713
3707
#: serverguide/C/virtualization.xml:2602(para)
3714
#: serverguide/C/virtualization.xml:787(para)
3708
3715
msgid ""
3709
3716
"There are two user-space implementations of containers, each exploiting the "
3710
3717
"same kernel features. Libvirt allows the use of containers through the LXC "
3715
3722
"there are peculiarities which can cause confusion."
3716
3723
msgstr ""
3717
3724
3718
#: serverguide/C/virtualization.xml:804(para)
3725
#: serverguide/C/virtualization.xml:796(para)
3719
3726
msgid ""
3720
3727
"In this document we will mainly describe the <application>lxc</application> "
3721
3728
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
3722
3729
"Apparmor protection for libvirt-lxc containers."
3723
3730
msgstr ""
3724
3731
3725
#: serverguide/C/virtualization.xml:2618(para)
3732
#: serverguide/C/virtualization.xml:801(para)
3726
3733
msgid "In this document, a container name will be shown as CN, C1, or C2."
3727
3734
msgstr ""
3728
3735
3729
#: serverguide/C/virtualization.xml:2624(para)
3736
#: serverguide/C/virtualization.xml:807(para)
3730
3737
msgid "The <application>lxc</application> package can be installed using"
3731
3738
msgstr ""
3732
3739
3733
#: serverguide/C/virtualization.xml:2629(command)
3740
#: serverguide/C/virtualization.xml:811(command)
3734
3741
msgid "sudo apt-get install lxc"
3735
3742
msgstr ""
3736
3743
3737
#: serverguide/C/virtualization.xml:824(para)
3744
#: serverguide/C/virtualization.xml:816(para)
3738
3745
msgid ""
3739
3746
"This will pull in the required and recommended dependencies, as well as set "
3740
3747
"up a network bridge for containers to use. If you wish to use unprivileged "
3743
3750
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
3744
3751
msgstr ""
3745
3752
3746
#: serverguide/C/virtualization.xml:834(title) serverguide/C/vcs.xml:104(title)
3753
#: serverguide/C/virtualization.xml:826(title) serverguide/C/vcs.xml:111(title)
3747
3754
msgid "Basic usage"
3748
3755
msgstr ""
3749
3756
3750
#: serverguide/C/virtualization.xml:835(para)
3757
#: serverguide/C/virtualization.xml:827(para)
3751
3758
msgid ""
3752
3759
"LXC can be used in two distinct ways - privileged, by running the lxc "
3753
3760
"commands as the root user; or unprivileged, by running the lxc commands as a "
3758
3765
"in the container is mapped to a non-root userid on the host."
3759
3766
msgstr ""
3760
3767
3761
#: serverguide/C/virtualization.xml:847(title)
3768
#: serverguide/C/virtualization.xml:839(title)
3762
3769
msgid "Basic privileged usage"
3763
3770
msgstr ""
3764
3771
3765
#: serverguide/C/virtualization.xml:848(para)
3766
msgid "To create a privileged container, you can simply to"
3772
#: serverguide/C/virtualization.xml:840(para)
3773
msgid "To create a privileged container, you can simply do:"
3767
3774
msgstr ""
3768
3775
3769
#: serverguide/C/virtualization.xml:852(command)
3776
#: serverguide/C/virtualization.xml:844(command)
3770
3777
msgid "sudo lxc-create --template download --name u1"
3771
3778
msgstr ""
3772
3779
3773
#: serverguide/C/virtualization.xml:856(command)
3780
#: serverguide/C/virtualization.xml:848(command)
3774
3781
msgid "sudo lxc-create -t download -n u1"
3775
3782
msgstr ""
3776
3783
3777
#: serverguide/C/virtualization.xml:851(screen)
3784
#: serverguide/C/virtualization.xml:843(screen)
3778
3785
#, no-wrap
3779
3786
msgid ""
3780
3787
"\n"
3783
3790
"<placeholder-2/>\n"
3784
3791
msgstr ""
3785
3792
3786
#: serverguide/C/virtualization.xml:860(para)
3793
#: serverguide/C/virtualization.xml:852(para)
3787
3794
msgid ""
3788
3795
"This will interactively ask for a container root filesystem type to download "
3789
3796
"- in particular the distribution, release, and architecture. To create the "
3791
3798
"line:"
3792
3799
msgstr ""
3793
3800
3794
#: serverguide/C/virtualization.xml:867(command)
3801
#: serverguide/C/virtualization.xml:859(command)
3795
3802
msgid ""
3796
3803
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release trusty --arch "
3797
3804
"amd64"
3798
3805
msgstr ""
3799
3806
3800
#: serverguide/C/virtualization.xml:871(command)
3807
#: serverguide/C/virtualization.xml:863(command)
3801
3808
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64"
3802
3809
msgstr ""
3803
3810
3804
#: serverguide/C/virtualization.xml:866(screen)
3811
#: serverguide/C/virtualization.xml:858(screen)
3805
3812
#, no-wrap
3806
3813
msgid ""
3807
3814
"\n"
3810
3817
"<placeholder-2/>\n"
3811
3818
msgstr ""
3812
3819
3813
#: serverguide/C/virtualization.xml:876(para)
3820
#: serverguide/C/virtualization.xml:868(para)
3814
3821
msgid ""
3815
3822
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
3816
3823
"info</command> to obtain detailed container information, <command>lxc-"
3822
3829
"look like:"
3823
3830
msgstr ""
3824
3831
3825
#: serverguide/C/virtualization.xml:887(command)
3832
#: serverguide/C/virtualization.xml:879(command)
3826
3833
msgid ""
3827
3834
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
3828
3835
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
3829
3836
msgstr ""
3830
3837
3831
#: serverguide/C/virtualization.xml:899(title)
3838
#: serverguide/C/virtualization.xml:891(title)
3832
3839
msgid "User namespaces"
3833
3840
msgstr ""
3834
3841
3835
#: serverguide/C/virtualization.xml:900(para)
3842
#: serverguide/C/virtualization.xml:892(para)
3836
3843
msgid ""
3837
3844
"Unprivileged containers allow users to create and administer containers "
3838
3845
"without having any root privilege. The feature underpinning this is called "
3849
3856
"convention started at id 100000 to avoid conflicting with system users."
3850
3857
msgstr ""
3851
3858
3852
#: serverguide/C/virtualization.xml:918(para)
3859
#: serverguide/C/virtualization.xml:910(para)
3853
3860
msgid ""
3854
3861
"If a user was created on an earlier release, it can be granted a range of "
3855
3862
"ids using <command>usermod</command>, as follows:"
3856
3863
msgstr ""
3857
3864
3858
#: serverguide/C/virtualization.xml:923(command)
3865
#: serverguide/C/virtualization.xml:915(command)
3859
3866
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
3860
3867
msgstr ""
3861
3868
3862
#: serverguide/C/virtualization.xml:928(para)
3869
#: serverguide/C/virtualization.xml:920(para)
3863
3870
msgid ""
3864
3871
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
3865
3872
"are setuid-root programs in the <filename>uidmap</filename> package, which "
3868
3875
"authorized by the host configuration."
3869
3876
msgstr ""
3870
3877
3871
#: serverguide/C/virtualization.xml:939(title)
3878
#: serverguide/C/virtualization.xml:931(title)
3872
3879
msgid "Basic unprivileged usage"
3873
3880
msgstr ""
3874
3881
3875
#: serverguide/C/virtualization.xml:943(para)
3882
#: serverguide/C/virtualization.xml:935(para)
3876
3883
msgid ""
3877
3884
"To create unprivileged containers, a few first steps are needed. You will "
3878
3885
"need to create a default container configuration file, specifying your "
3881
3888
"assumes that your mapped user and group id ranges are 100000-165536."
3882
3889
msgstr ""
3883
3890
3884
#: serverguide/C/virtualization.xml:952(command)
3891
#: serverguide/C/virtualization.xml:944(command)
3885
3892
msgid ""
3886
3893
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
3887
3894
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
3891
3898
"/etc/lxc/lxc-usernet"
3892
3899
msgstr ""
3893
3900
3894
#: serverguide/C/virtualization.xml:962(para)
3901
#: serverguide/C/virtualization.xml:954(para)
3895
3902
msgid ""
3896
3903
"After this, you can create unprivileged containers the same way as "
3897
3904
"privileged ones, simply without using sudo."
3898
3905
msgstr ""
3899
3906
3900
#: serverguide/C/virtualization.xml:967(command)
3907
#: serverguide/C/virtualization.xml:959(command)
3901
3908
msgid ""
3902
3909
"lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64 lxc-start -n u1 "
3903
3910
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
3904
3911
msgstr ""
3905
3912
3906
#: serverguide/C/virtualization.xml:978(title)
3913
#: serverguide/C/virtualization.xml:970(title)
3907
3914
msgid "Nesting"
3908
3915
msgstr ""
3909
3916
3910
#: serverguide/C/virtualization.xml:979(para)
3917
#: serverguide/C/virtualization.xml:971(para)
3911
3918
msgid ""
3912
3919
"In order to run containers inside containers - referred to as nested "
3913
3920
"containers - two lines must be present in the parent container configuration "
3924
3931
"information."
3925
3932
msgstr ""
3926
3933
3927
#: serverguide/C/virtualization.xml:1001(title)
3934
#: serverguide/C/virtualization.xml:993(title)
3928
3935
msgid "Global configuration"
3929
3936
msgstr ""
3930
3937
3931
#: serverguide/C/virtualization.xml:1008(para)
3938
#: serverguide/C/virtualization.xml:1000(para)
3932
3939
msgid ""
3933
3940
"<filename>lxc.conf</filename> may optionally specify alternate values for "
3934
3941
"several lxc settings, including the lxcpath, the default configuration, "
3936
3943
"lvm and zfs."
3937
3944
msgstr ""
3938
3945
3939
#: serverguide/C/virtualization.xml:1015(para)
3946
#: serverguide/C/virtualization.xml:1007(para)
3940
3947
msgid ""
3941
3948
"<filename>default.conf</filename> specifies configuration which every newly "
3942
3949
"created container should contain. This usually contains at least a network "
3943
3950
"section, and, for unprivileged users, an id mapping section"
3944
3951
msgstr ""
3945
3952
3946
#: serverguide/C/virtualization.xml:1022(para)
3953
#: serverguide/C/virtualization.xml:1014(para)
3947
3954
msgid ""
3948
3955
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3949
3956
"connect their containers to the host-owned network."
3950
3957
msgstr ""
3951
3958
3952
#: serverguide/C/virtualization.xml:1002(para)
3959
#: serverguide/C/virtualization.xml:994(para)
3953
3960
msgid ""
3954
3961
"The following configuration files are consulted by LXC. For privileged use, "
3955
3962
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3956
3963
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3957
3964
msgstr ""
3958
3965
3959
#: serverguide/C/virtualization.xml:1028(para)
3966
#: serverguide/C/virtualization.xml:1020(para)
3960
3967
msgid ""
3961
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3962
"exist both under <filename>/etc/lxc</filename> and "
3968
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3969
"under <filename>/etc/lxc</filename> and "
3963
3970
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3964
3971
"usernet.conf</filename> is only host-wide."
3965
3972
msgstr ""
3966
3973
3967
#: serverguide/C/virtualization.xml:1033(para)
3974
#: serverguide/C/virtualization.xml:1025(para)
3968
3975
msgid ""
3969
3976
"By default, containers are located under /var/lib/lxc for the root user, and "
3970
3977
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3971
3978
"commands using the \"-P|--lxcpath\" argument."
3972
3979
msgstr ""
3973
3980
3974
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3981
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3975
3982
msgid "Networking"
3976
3983
msgstr "Jaringan"
3977
3984
3978
#: serverguide/C/virtualization.xml:1043(para)
3985
#: serverguide/C/virtualization.xml:1035(para)
3979
3986
msgid ""
3980
3987
"By default LXC creates a private network namespace for each container, which "
3981
3988
"includes a layer 2 networking stack. Containers usually connect to the "
3987
3994
"container is not usable on the host."
3988
3995
msgstr ""
3989
3996
3990
#: serverguide/C/virtualization.xml:1051(para)
3997
#: serverguide/C/virtualization.xml:1043(para)
3991
3998
msgid ""
3992
3999
"It is possible to create a container without a private network namespace. In "
3993
4000
"this case, the container will have access to the host networking like any "
3997
4004
"Unix domain socket to the host's upstart, and shut down the host."
3998
4005
msgstr ""
3999
4006
4000
#: serverguide/C/virtualization.xml:1057(para)
4007
#: serverguide/C/virtualization.xml:1049(para)
4001
4008
msgid ""
4002
4009
"To give containers on lxcbr0 a persistent ip address based on domain name, "
4003
4010
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
4007
4014
"</screen>"
4008
4015
msgstr ""
4009
4016
4010
#: serverguide/C/virtualization.xml:1065(para)
4017
#: serverguide/C/virtualization.xml:1057(para)
4011
4018
msgid ""
4012
4019
"If it is desirable for the container to be publicly accessible, there are a "
4013
4020
"few ways to go about it. One is to use <command>iptables</command> to "
4026
4033
"are preferred and more commonly used."
4027
4034
msgstr ""
4028
4035
4029
#: serverguide/C/virtualization.xml:1086(para)
4036
#: serverguide/C/virtualization.xml:1078(para)
4030
4037
msgid ""
4031
4038
"There are several ways to determine the ip address for a container. First, "
4032
4039
"you can use <command>lxc-ls --fancy</command> which will print the ip "
4042
4049
"</screen>"
4043
4050
msgstr ""
4044
4051
4045
#: serverguide/C/virtualization.xml:1101(para)
4052
#: serverguide/C/virtualization.xml:1093(para)
4046
4053
msgid ""
4047
4054
"For more information, see the lxc.conf manpage as well as the example "
4048
4055
"network configurations under "
4049
4056
"<filename>/usr/share/doc/lxc/examples/</filename>."
4050
4057
msgstr ""
4051
4058
4052
#: serverguide/C/virtualization.xml:1107(title)
4059
#: serverguide/C/virtualization.xml:1099(title)
4053
4060
msgid "LXC startup"
4054
4061
msgstr ""
4055
4062
4056
#: serverguide/C/virtualization.xml:1109(para)
4063
#: serverguide/C/virtualization.xml:1101(para)
4057
4064
msgid ""
4058
4065
"LXC does not have a long-running daemon. However it does have three upstart "
4059
4066
"jobs."
4060
4067
msgstr ""
4061
4068
4062
#: serverguide/C/virtualization.xml:1115(para)
4069
#: serverguide/C/virtualization.xml:1107(para)
4063
4070
msgid ""
4064
4071
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
4065
4072
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
4066
4073
"(true by default). It sets up a NATed bridge for containers to use."
4067
4074
msgstr ""
4068
4075
4069
#: serverguide/C/virtualization.xml:1123(para)
4076
#: serverguide/C/virtualization.xml:1115(para)
4070
4077
msgid ""
4071
4078
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
4072
4079
"optionally starts any autostart containers. The autostart containers will be "
4075
4082
"more information on autostarted containers."
4076
4083
msgstr ""
4077
4084
4078
#: serverguide/C/virtualization.xml:1133(para)
4085
#: serverguide/C/virtualization.xml:1125(para)
4079
4086
msgid ""
4080
"<filename>/etc/init/lxc-instance.conf:</filename> is used by "
4087
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
4081
4088
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4082
4089
msgstr ""
4083
4090
4084
#: serverguide/C/virtualization.xml:3232(title)
4091
#: serverguide/C/virtualization.xml:1134(title)
4085
4092
msgid "Backing Stores"
4086
4093
msgstr ""
4087
4094
4088
#: serverguide/C/virtualization.xml:1143(para)
4095
#: serverguide/C/virtualization.xml:1135(para)
4089
4096
msgid ""
4090
4097
"LXC supports several backing stores for container root filesystems. The "
4091
4098
"default is a simple directory backing store, because it requires no prior "
4100
4107
"<filename>$lxcpath/C1/rootfs</filename>."
4101
4108
msgstr ""
4102
4109
4103
#: serverguide/C/virtualization.xml:1157(para)
4110
#: serverguide/C/virtualization.xml:1149(para)
4104
4111
msgid ""
4105
4112
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
4106
4113
"backed container, with a rootfs called "
4108
4115
" Other backing store types include loop, btrfs, LVM and zfs."
4109
4116
msgstr ""
4110
4117
4111
#: serverguide/C/virtualization.xml:1165(para)
4118
#: serverguide/C/virtualization.xml:1157(para)
4112
4119
msgid ""
4113
4120
"A btrfs backed container mostly looks like a directory backed container, "
4114
4121
"with its root filesystem in the same location. However, the root filesystem "
4116
4123
"snapshot."
4117
4124
msgstr ""
4118
4125
4119
#: serverguide/C/virtualization.xml:1172(para)
4126
#: serverguide/C/virtualization.xml:1164(para)
4120
4127
msgid ""
4121
4128
"The root filesystem for an LVM backed container can be any separate LV. The "
4122
4129
"default VG name can be specified in lxc.conf. The filesystem type and size "
4123
4130
"are configurable per-container using lxc-create."
4124
4131
msgstr ""
4125
4132
4126
#: serverguide/C/virtualization.xml:1178(para)
4133
#: serverguide/C/virtualization.xml:1170(para)
4127
4134
msgid ""
4128
4135
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
4129
4136
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
4131
4138
"in lxc.system.conf."
4132
4139
msgstr ""
4133
4140
4134
#: serverguide/C/virtualization.xml:1185(para)
4141
#: serverguide/C/virtualization.xml:1177(para)
4135
4142
msgid ""
4136
4143
"More information on creating containers with the various backing stores can "
4137
4144
"be found in the lxc-create manual page."
4138
4145
msgstr ""
4139
4146
4140
#: serverguide/C/virtualization.xml:1192(title)
4147
#: serverguide/C/virtualization.xml:1184(title)
4141
4148
msgid "Templates"
4142
4149
msgstr ""
4143
4150
4144
#: serverguide/C/virtualization.xml:1193(para)
4151
#: serverguide/C/virtualization.xml:1185(para)
4145
4152
msgid ""
4146
4153
"Creating a container generally involves creating a root filesystem for the "
4147
4154
"container. <command>lxc-create</command> delegates this work to "
4152
4159
"others."
4153
4160
msgstr ""
4154
4161
4155
#: serverguide/C/virtualization.xml:1202(para)
4162
#: serverguide/C/virtualization.xml:1194(para)
4156
4163
msgid ""
4157
4164
"Creating distribution images in most cases requires the ability to create "
4158
4165
"device nodes, often requires tools which are not available in other "
4163
4170
"could not for instance easily run the <command>debootstrap</command> command."
4164
4171
msgstr ""
4165
4172
4166
#: serverguide/C/virtualization.xml:1212(para)
4173
#: serverguide/C/virtualization.xml:1204(para)
4167
4174
msgid ""
4168
4175
"When running <command>lxc-create</command>, all options which come after "
4169
4176
"<emphasis>--</emphasis> are passed to the template. In the following "
4176
4183
"</screen>"
4177
4184
msgstr ""
4178
4185
4179
#: serverguide/C/virtualization.xml:1224(para)
4186
#: serverguide/C/virtualization.xml:1216(para)
4180
4187
msgid ""
4181
4188
"You can obtain help for the options supported by any particular container by "
4182
4189
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
4183
4190
"create</command>. For instance, for help with the download template,"
4184
4191
msgstr ""
4185
4192
4186
#: serverguide/C/virtualization.xml:1231(command)
4193
#: serverguide/C/virtualization.xml:1223(command)
4187
4194
msgid "lxc-create --template download --help"
4188
4195
msgstr ""
4189
4196
4190
#: serverguide/C/virtualization.xml:1237(title)
4197
#: serverguide/C/virtualization.xml:1229(title)
4191
4198
msgid "Autostart"
4192
4199
msgstr ""
4193
4200
4194
#: serverguide/C/virtualization.xml:1238(para)
4201
#: serverguide/C/virtualization.xml:1230(para)
4195
4202
msgid ""
4196
4203
"LXC supports marking containers to be started at system boot. Prior to "
4197
4204
"Ubuntu 14.04, this was done using symbolic links under the directory "
4208
4215
"lxc.container.conf for more information."
4209
4216
msgstr ""
4210
4217
4211
#: serverguide/C/virtualization.xml:2859(title)
4218
#: serverguide/C/virtualization.xml:1248(title)
4212
4219
msgid "Apparmor"
4213
4220
msgstr ""
4214
4221
4215
#: serverguide/C/virtualization.xml:1258(para)
4222
#: serverguide/C/virtualization.xml:1250(para)
4216
4223
msgid ""
4217
4224
"LXC ships with a default Apparmor profile intended to protect the host from "
4218
4225
"accidental misuses of privilege inside the container. For instance, the "
4220
4227
"trigger</filename> or to most <filename>/sys</filename> files."
4221
4228
msgstr ""
4222
4229
4223
#: serverguide/C/virtualization.xml:2867(para)
4230
#: serverguide/C/virtualization.xml:1256(para)
4224
4231
msgid ""
4225
4232
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4226
4233
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4233
4240
"dangerous paths, and from mounting most filesystems."
4234
4241
msgstr ""
4235
4242
4236
#: serverguide/C/virtualization.xml:1275(para)
4243
#: serverguide/C/virtualization.xml:1267(para)
4237
4244
msgid ""
4238
4245
"Programs in a container cannot be further confined - for instance, MySQL "
4239
4246
"runs under the container profile (protecting the host) but will not be able "
4240
4247
"to enter the MySQL profile (to protect the container)."
4241
4248
msgstr ""
4242
4249
4243
#: serverguide/C/virtualization.xml:2926(para)
4250
#: serverguide/C/virtualization.xml:1272(para)
4244
4251
msgid ""
4245
4252
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4246
4253
"container it spawns will be confined."
4247
4254
msgstr ""
4248
4255
4249
#: serverguide/C/virtualization.xml:1283(title)
4256
#: serverguide/C/virtualization.xml:1275(title)
4250
4257
msgid "Customizing container policies"
4251
4258
msgstr ""
4252
4259
4253
#: serverguide/C/virtualization.xml:2879(para)
4260
#: serverguide/C/virtualization.xml:1276(para)
4254
4261
msgid ""
4255
4262
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4256
4263
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4257
4264
"start profile by doing:"
4258
4265
msgstr ""
4259
4266
4260
#: serverguide/C/virtualization.xml:2885(screen)
4267
#: serverguide/C/virtualization.xml:1280(screen)
4261
4268
#, no-wrap
4262
4269
msgid ""
4263
4270
"\n"
4265
4272
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4266
4273
msgstr ""
4267
4274
4268
#: serverguide/C/virtualization.xml:2890(para)
4275
#: serverguide/C/virtualization.xml:1285(para)
4269
4276
msgid ""
4270
4277
"This will make <command>lxc-start</command> run unconfined, but continue to "
4271
4278
"confine the container itself. If you also wish to disable confinement of the "
4273
4280
"start</filename> profile, you must add:"
4274
4281
msgstr ""
4275
4282
4276
#: serverguide/C/virtualization.xml:2897(screen)
4283
#: serverguide/C/virtualization.xml:1290(screen)
4277
4284
#, no-wrap
4278
4285
msgid ""
4279
4286
"\n"
4280
4287
"lxc.aa_profile = unconfined\n"
4281
4288
msgstr ""
4282
4289
4283
#: serverguide/C/virtualization.xml:1302(para)
4290
#: serverguide/C/virtualization.xml:1294(para)
4284
4291
msgid "to the container's configuration file."
4285
4292
msgstr ""
4286
4293
4287
#: serverguide/C/virtualization.xml:1304(para)
4294
#: serverguide/C/virtualization.xml:1296(para)
4288
4295
msgid ""
4289
4296
"LXC ships with a few alternate policies for containers. If you wish to run "
4290
4297
"containers inside containers (nesting), then you can use the lxc-container-"
4293
4300
"lxc.aa_profile = lxc-container-default-with-nesting\n"
4294
4301
"\t</screen> If you wish to use libvirt inside containers, then you will need "
4295
4302
"to edit that policy (which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
4296
"default-with-nesting</filename>) to uncomment the following line <screen>\n"
4303
"default-with-nesting</filename>) by uncommenting the following line: "
4304
"<screen>\n"
4297
4305
"mount fstype=cgroup -> /sys/fs/cgroup/**,\n"
4298
4306
"\t</screen> and re-load the policy."
4299
4307
msgstr ""
4300
4308
4301
#: serverguide/C/virtualization.xml:1321(para)
4309
#: serverguide/C/virtualization.xml:1313(para)
4302
4310
msgid ""
4303
4311
"Note that the nesting policy with privileged containers is far less safe "
4304
4312
"than the default policy, as it allows containers to re-mount "
4308
4316
"<filename>proc</filename> and <filename>sys</filename> files."
4309
4317
msgstr ""
4310
4318
4311
#: serverguide/C/virtualization.xml:1329(para)
4319
#: serverguide/C/virtualization.xml:1321(para)
4312
4320
msgid ""
4313
4321
"Another profile shipped with lxc allows containers to mount block filesystem "
4314
4322
"types like ext4. This can be useful in some cases like maas provisioning, "
4316
4324
"have not been audited for safe handling of untrusted input."
4317
4325
msgstr ""
4318
4326
4319
#: serverguide/C/virtualization.xml:1335(para)
4327
#: serverguide/C/virtualization.xml:1327(para)
4320
4328
msgid ""
4321
4329
"If you need to run a container in a custom profile, you can create a new "
4322
4330
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
4328
4336
"permissions at the bottom of your policy."
4329
4337
msgstr ""
4330
4338
4331
#: serverguide/C/virtualization.xml:1346(para)
4339
#: serverguide/C/virtualization.xml:1338(para)
4332
4340
msgid "After creating the policy, load it using:"
4333
4341
msgstr ""
4334
4342
4335
#: serverguide/C/virtualization.xml:2910(screen)
4343
#: serverguide/C/virtualization.xml:1340(screen)
4336
4344
#, no-wrap
4337
4345
msgid ""
4338
4346
"\n"
4339
4347
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4340
4348
msgstr ""
4341
4349
4342
#: serverguide/C/virtualization.xml:2914(para)
4350
#: serverguide/C/virtualization.xml:1344(para)
4343
4351
msgid ""
4344
4352
"The profile will automatically be loaded after a reboot, because it is "
4345
4353
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4348
4356
"configuration file:"
4349
4357
msgstr ""
4350
4358
4351
#: serverguide/C/virtualization.xml:2922(screen)
4359
#: serverguide/C/virtualization.xml:1351(screen)
4352
4360
#, no-wrap
4353
4361
msgid ""
4354
4362
"\n"
4355
4363
"lxc.aa_profile = lxc-CN-profile\n"
4356
4364
msgstr ""
4357
4365
4358
#: serverguide/C/virtualization.xml:2934(title)
4366
#: serverguide/C/virtualization.xml:1359(title) serverguide/C/cgroups.xml:11(title)
4359
4367
msgid "Control Groups"
4360
4368
msgstr ""
4361
4369
4362
#: serverguide/C/virtualization.xml:1369(para)
4370
#: serverguide/C/virtualization.xml:1361(para)
4363
4371
msgid ""
4364
4372
"Control groups (cgroups) are a kernel feature providing hierarchical task "
4365
4373
"grouping and per-cgroup resource accounting and limits. They are used in "
4368
4376
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4369
4377
msgstr ""
4370
4378
4371
#: serverguide/C/virtualization.xml:1377(para)
4379
#: serverguide/C/virtualization.xml:1369(para)
4372
4380
msgid ""
4373
"By default, a privileged container CN will be assigned a cgroup called "
4381
"By default, a privileged container CN will be assigned to a cgroup called "
4374
4382
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4375
4383
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4376
4384
"at 0, will be appended to the cgroup name."
4377
4385
msgstr ""
4378
4386
4379
#: serverguide/C/virtualization.xml:1383(para)
4387
#: serverguide/C/virtualization.xml:1375(para)
4380
4388
msgid ""
4381
"By default, a privileged container CN will be assigned a cgroup called "
4389
"By default, a privileged container CN will be assigned to a cgroup called "
4382
4390
"<filename>CN</filename> under the cgroup of the task which started the "
4383
4391
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4384
4392
"The container root will be given group ownership of the directory (but not "
4385
4393
"all files) so that it is allowed to create new child cgroups."
4386
4394
msgstr ""
4387
4395
4388
#: serverguide/C/virtualization.xml:1390(para)
4396
#: serverguide/C/virtualization.xml:1382(para)
4389
4397
msgid ""
4390
4398
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4391
4399
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4392
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4400
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4393
4401
"nested containers, the line <screen>\n"
4394
4402
"<command>\n"
4395
4403
"lxc.mount.auto = cgroup\n"
4406
4414
"requests for which they are not authorized."
4407
4415
msgstr ""
4408
4416
4409
#: serverguide/C/virtualization.xml:3262(title)
4417
#: serverguide/C/virtualization.xml:1406(title)
4410
4418
msgid "Cloning"
4411
4419
msgstr ""
4412
4420
4413
#: serverguide/C/virtualization.xml:1416(para)
4421
#: serverguide/C/virtualization.xml:1408(para)
4414
4422
msgid ""
4415
4423
"For rapid provisioning, you may wish to customize a canonical container "
4416
4424
"according to your needs and then make multiple copies of it. This can be "
4417
4425
"done with the <command>lxc-clone</command> program."
4418
4426
msgstr ""
4419
4427
4420
#: serverguide/C/virtualization.xml:1420(para)
4428
#: serverguide/C/virtualization.xml:1412(para)
4421
4429
msgid ""
4422
4430
"Clones are either snapshots or copies of another container. A copy is a new "
4423
4431
"container copied from the original, and takes as much space on the host as "
4433
4441
"and apt-get to be slower."
4434
4442
msgstr ""
4435
4443
4436
#: serverguide/C/virtualization.xml:1434(para)
4444
#: serverguide/C/virtualization.xml:1426(para)
4437
4445
msgid ""
4438
4446
"Snapshots of directory-packed containers are created using the overlay "
4439
4447
"filesystem. For instance, a privileged directory-backed container C1 will "
4445
4453
"container, and to only use its snapshots."
4446
4454
msgstr ""
4447
4455
4448
#: serverguide/C/virtualization.xml:1446(para)
4456
#: serverguide/C/virtualization.xml:1438(para)
4449
4457
msgid "Given an existing container called C1, a copy can be created using:"
4450
4458
msgstr ""
4451
4459
4452
#: serverguide/C/virtualization.xml:3274(command)
4460
#: serverguide/C/virtualization.xml:1442(command)
4453
4461
msgid "sudo lxc-clone -o C1 -n C2"
4454
4462
msgstr ""
4455
4463
4456
#: serverguide/C/virtualization.xml:1455(para)
4457
msgid "A snapshot can be created using"
4464
#: serverguide/C/virtualization.xml:1447(para)
4465
msgid "A snapshot can be created using:"
4458
4466
msgstr ""
4459
4467
4460
#: serverguide/C/virtualization.xml:3288(command)
4468
#: serverguide/C/virtualization.xml:1449(command)
4461
4469
msgid "sudo lxc-clone -s -o C1 -n C2"
4462
4470
msgstr ""
4463
4471
4464
#: serverguide/C/virtualization.xml:1461(para)
4472
#: serverguide/C/virtualization.xml:1453(para)
4465
4473
msgid "See the lxc-clone manpage for more information."
4466
4474
msgstr ""
4467
4475
4468
#: serverguide/C/virtualization.xml:1464(title)
4476
#: serverguide/C/virtualization.xml:1456(title)
4469
4477
msgid "Snapshots"
4470
4478
msgstr ""
4471
4479
4472
#: serverguide/C/virtualization.xml:1465(para)
4480
#: serverguide/C/virtualization.xml:1457(para)
4473
4481
msgid ""
4474
4482
"To more easily support the use of snapshot clones for iterative container "
4475
4483
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4487
4495
"is erased and replaced with the snap1 snapshot."
4488
4496
msgstr ""
4489
4497
4490
#: serverguide/C/virtualization.xml:1484(para)
4498
#: serverguide/C/virtualization.xml:1476(para)
4491
4499
msgid ""
4492
4500
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
4493
4501
"lxc-snapshot is called on a directory-backed container, an error will be "
4508
4516
"</screen>"
4509
4517
msgstr ""
4510
4518
4511
#: serverguide/C/virtualization.xml:1508(title)
4519
#: serverguide/C/virtualization.xml:1500(title)
4512
4520
msgid "Ephemeral Containers"
4513
4521
msgstr ""
4514
4522
4515
#: serverguide/C/virtualization.xml:1509(para)
4523
#: serverguide/C/virtualization.xml:1501(para)
4516
4524
msgid ""
4517
4525
"While snapshots are useful for longer-term incremental development of "
4518
4526
"images, ephemeral containers utilize snapshots for quick, single-use "
4527
4535
"page for more options."
4528
4536
msgstr ""
4529
4537
4530
#: serverguide/C/virtualization.xml:1527(title)
4538
#: serverguide/C/virtualization.xml:1519(title)
4531
4539
msgid "Lifecycle management hooks"
4532
4540
msgstr ""
4533
4541
4534
#: serverguide/C/virtualization.xml:1529(para)
4542
#: serverguide/C/virtualization.xml:1521(para)
4535
4543
msgid ""
4536
4544
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4537
4545
"at specific points in a container's lifetime:"
4538
4546
msgstr ""
4539
4547
4540
#: serverguide/C/virtualization.xml:1534(para)
4548
#: serverguide/C/virtualization.xml:1526(para)
4541
4549
msgid ""
4542
4550
"Pre-start hooks are run in the host's namespace before the container ttys, "
4543
4551
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4544
4552
"be cleaned up in the post-stop hook."
4545
4553
msgstr ""
4546
4554
4547
#: serverguide/C/virtualization.xml:1541(para)
4555
#: serverguide/C/virtualization.xml:1533(para)
4548
4556
msgid ""
4549
4557
"Pre-mount hooks are run in the container's namespaces, but before the root "
4550
4558
"filesystem has been mounted. Mounts done in this hook will be automatically "
4551
4559
"cleaned up when the container shuts down."
4552
4560
msgstr ""
4553
4561
4554
#: serverguide/C/virtualization.xml:1548(para)
4562
#: serverguide/C/virtualization.xml:1540(para)
4555
4563
msgid ""
4556
4564
"Mount hooks are run after the container filesystems have been mounted, but "
4557
4565
"before the container has called <command>pivot_root</command> to change its "
4558
4566
"root filesystem."
4559
4567
msgstr ""
4560
4568
4561
#: serverguide/C/virtualization.xml:1555(para)
4569
#: serverguide/C/virtualization.xml:1547(para)
4562
4570
msgid ""
4563
4571
"Start hooks are run immediately before executing the container's init. Since "
4564
4572
"these are executed after pivoting into the container's filesystem, the "
4565
4573
"command to be executed must be copied into the container's filesystem."
4566
4574
msgstr ""
4567
4575
4568
#: serverguide/C/virtualization.xml:1562(para)
4576
#: serverguide/C/virtualization.xml:1554(para)
4569
4577
msgid "Post-stop hooks are executed after the container has been shut down."
4570
4578
msgstr ""
4571
4579
4572
#: serverguide/C/virtualization.xml:1567(para)
4580
#: serverguide/C/virtualization.xml:1559(para)
4573
4581
msgid ""
4574
4582
"If any hook returns an error, the container's run will be aborted. Any "
4575
4583
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4576
4584
"generated by the script will be logged at the debug priority."
4577
4585
msgstr ""
4578
4586
4579
#: serverguide/C/virtualization.xml:1572(para)
4587
#: serverguide/C/virtualization.xml:1564(para)
4580
4588
msgid ""
4581
4589
"Please see the lxc.container.conf manual page for the configuration file "
4582
4590
"format with which to specify hooks. Some sample hooks are shipped with the "
4583
4591
"lxc package to serve as an example of how to write and use such hooks."
4584
4592
msgstr ""
4585
4593
4586
#: serverguide/C/virtualization.xml:3452(title)
4594
#: serverguide/C/virtualization.xml:1571(title)
4587
4595
msgid "Consoles"
4588
4596
msgstr ""
4589
4597
4590
#: serverguide/C/virtualization.xml:1581(para)
4598
#: serverguide/C/virtualization.xml:1573(para)
4591
4599
msgid ""
4592
4600
"Containers have a configurable number of consoles. One always exists on the "
4593
4601
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4598
4606
"The number of extra consoles is specified by the <command>lxc.tty</command> "
4599
4607
"variable, and is usually set to 4. Those consoles are shown on "
4600
4608
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
4601
"3 from the host, use"
4609
"3 from the host, use:"
4602
4610
msgstr ""
4603
4611
4604
#: serverguide/C/virtualization.xml:3467(command)
4612
#: serverguide/C/virtualization.xml:1586(command)
4605
4613
msgid "sudo lxc-console -n container -t 3"
4606
4614
msgstr ""
4607
4615
4608
#: serverguide/C/virtualization.xml:3472(para)
4616
#: serverguide/C/virtualization.xml:1591(para)
4609
4617
msgid ""
4610
4618
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4611
4619
"console will be automatically chosen. To exit the console, use the escape "
4614
4622
"d</emphasis> option."
4615
4623
msgstr ""
4616
4624
4617
#: serverguide/C/virtualization.xml:3480(para)
4625
#: serverguide/C/virtualization.xml:1597(para)
4618
4626
msgid ""
4619
4627
"Each container console is actually a Unix98 pty in the host's (not the "
4620
4628
"guest's) pty mount, bind-mounted over the guest's "
4627
4635
"<filename>/dev</filename>."
4628
4636
msgstr ""
4629
4637
4630
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4638
#: serverguide/C/virtualization.xml:1609(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4631
4639
msgid "Troubleshooting"
4632
4640
msgstr ""
4633
4641
4634
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4642
#: serverguide/C/virtualization.xml:1611(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
4635
4643
msgid "Logging"
4636
4644
msgstr ""
4637
4645
4638
#: serverguide/C/virtualization.xml:1620(para)
4646
#: serverguide/C/virtualization.xml:1612(para)
4639
4647
msgid ""
4640
4648
"If something goes wrong when starting a container, the first step should be "
4641
4649
"to get full logging from LXC: <screen>\n"
4648
4656
"new log information will be appended."
4649
4657
msgstr ""
4650
4658
4651
#: serverguide/C/virtualization.xml:3414(title)
4659
#: serverguide/C/virtualization.xml:1627(title)
4652
4660
msgid "Monitoring container status"
4653
4661
msgstr ""
4654
4662
4655
#: serverguide/C/virtualization.xml:3416(para)
4663
#: serverguide/C/virtualization.xml:1629(para)
4656
4664
msgid ""
4657
4665
"Two commands are available to monitor container state changes. <command>lxc-"
4658
4666
"monitor</command> monitors one or more containers for any state changes. It "
4664
4672
"instance,"
4665
4673
msgstr ""
4666
4674
4667
#: serverguide/C/virtualization.xml:3429(command)
4675
#: serverguide/C/virtualization.xml:1639(command)
4668
4676
msgid "sudo lxc-monitor -n cont[0-5]*"
4669
4677
msgstr ""
4670
4678
4671
#: serverguide/C/virtualization.xml:3434(para)
4679
#: serverguide/C/virtualization.xml:1644(para)
4672
4680
msgid ""
4673
4681
"would print all state changes to any containers matching the listed regular "
4674
4682
"expression, whereas"
4675
4683
msgstr ""
4676
4684
4677
#: serverguide/C/virtualization.xml:3440(command)
4685
#: serverguide/C/virtualization.xml:1648(command)
4678
4686
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4679
4687
msgstr ""
4680
4688
4681
#: serverguide/C/virtualization.xml:3445(para)
4689
#: serverguide/C/virtualization.xml:1653(para)
4682
4690
msgid ""
4683
4691
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4684
4692
"then exit."
4685
4693
msgstr ""
4686
4694
4687
#: serverguide/C/virtualization.xml:1666(title)
4695
#: serverguide/C/virtualization.xml:1658(title)
4688
4696
msgid "Attach"
4689
4697
msgstr ""
4690
4698
4691
#: serverguide/C/virtualization.xml:1667(para)
4699
#: serverguide/C/virtualization.xml:1659(para)
4692
4700
msgid ""
4693
4701
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
4694
4702
"The simplest case is to simply do <screen>\n"
4701
4709
"context. See the manual page for more information."
4702
4710
msgstr ""
4703
4711
4704
#: serverguide/C/virtualization.xml:1683(title)
4712
#: serverguide/C/virtualization.xml:1675(title)
4705
4713
msgid "Container init verbosity"
4706
4714
msgstr ""
4707
4715
4708
#: serverguide/C/virtualization.xml:1684(para)
4716
#: serverguide/C/virtualization.xml:1676(para)
4709
4717
msgid ""
4710
4718
"If LXC completes the container startup, but the container init fails to "
4711
4719
"complete (for instance, no login prompt is shown), it can be useful to "
4724
4732
"</screen>"
4725
4733
msgstr ""
4726
4734
4727
#: serverguide/C/virtualization.xml:1708(title)
4735
#: serverguide/C/virtualization.xml:1700(title)
4728
4736
msgid "LXC API"
4729
4737
msgstr ""
4730
4738
4731
#: serverguide/C/virtualization.xml:1710(para)
4739
#: serverguide/C/virtualization.xml:1702(para)
4732
4740
msgid ""
4733
4741
"Most of the LXC functionality can now be accessed through an API exported by "
4734
4742
"<filename>liblxc</filename> for which bindings are available in several "
4735
4743
"languages, including Python, lua, ruby, and go."
4736
4744
msgstr ""
4737
4745
4738
#: serverguide/C/virtualization.xml:1714(para)
4746
#: serverguide/C/virtualization.xml:1706(para)
4739
4747
msgid ""
4740
4748
"Below is an example using the python bindings (which are available in the "
4741
4749
"<application>python3-lxc</application> package) which creates and starts a "
4742
4750
"container, then waits until it has been shut down:"
4743
4751
msgstr ""
4744
4752
4745
#: serverguide/C/virtualization.xml:1720(programlisting)
4753
#: serverguide/C/virtualization.xml:1712(programlisting)
4746
4754
#, no-wrap
4747
4755
msgid ""
4748
4756
"\n"
4764
4772
"True\n"
4765
4773
msgstr ""
4766
4774
4767
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4775
#: serverguide/C/virtualization.xml:1732(title) serverguide/C/security.xml:11(title)
4768
4776
msgid "Security"
4769
4777
msgstr "Keamanan"
4770
4778
4771
#: serverguide/C/virtualization.xml:4351(para)
4779
#: serverguide/C/virtualization.xml:1734(para)
4772
4780
msgid ""
4773
4781
"A namespace maps ids to resources. By not providing a container any id with "
4774
4782
"which to reference a resource, the resource can be protected. This is the "
4779
4787
"host."
4780
4788
msgstr ""
4781
4789
4782
#: serverguide/C/virtualization.xml:1751(para)
4790
#: serverguide/C/virtualization.xml:1743(para)
4783
4791
msgid ""
4784
4792
"By default, LXC containers are started under a Apparmor policy to restrict "
4785
4793
"some actions. The details of AppArmor integration with lxc are in section "
4790
4798
"host."
4791
4799
msgstr ""
4792
4800
4793
#: serverguide/C/virtualization.xml:4375(title)
4801
#: serverguide/C/virtualization.xml:1754(title)
4794
4802
msgid "Exploitable system calls"
4795
4803
msgstr ""
4796
4804
4797
#: serverguide/C/virtualization.xml:1764(para)
4805
#: serverguide/C/virtualization.xml:1756(para)
4798
4806
msgid ""
4799
4807
"It is a core container feature that containers share a kernel with the host. "
4800
4808
"Therefore if the kernel contains any exploitable system calls the container "
4802
4810
"fully control any resource known to the host."
4803
4811
msgstr ""
4804
4812
4805
#: serverguide/C/virtualization.xml:1770(para)
4813
#: serverguide/C/virtualization.xml:1762(para)
4806
4814
msgid ""
4807
4815
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
4808
4816
"seccomp filter. Seccomp is a new kernel feature which filters the system "
4814
4822
"by a list of numbers, one per line."
4815
4823
msgstr ""
4816
4824
4817
#: serverguide/C/virtualization.xml:1780(para)
4825
#: serverguide/C/virtualization.xml:1772(para)
4818
4826
msgid ""
4819
4827
"In general to run a full distribution container a large number of system "
4820
4828
"calls will be needed. However for application containers it may be possible "
4826
4834
"loaded."
4827
4835
msgstr ""
4828
4836
4829
#: serverguide/C/virtualization.xml:4392(para)
4837
#: serverguide/C/virtualization.xml:1788(para)
4830
4838
msgid ""
4831
4839
"The DeveloperWorks article <ulink "
4832
4840
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4834
4842
"to the use of containers."
4835
4843
msgstr ""
4836
4844
4837
#: serverguide/C/virtualization.xml:4398(para)
4845
#: serverguide/C/virtualization.xml:1795(para)
4838
4846
msgid ""
4839
4847
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4840
4848
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4841
4849
"use of security modules to make containers more secure."
4842
4850
msgstr ""
4843
4851
4844
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4852
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4845
4853
msgid "Manual pages referenced above can be found at:"
4846
4854
msgstr ""
4847
4855
4848
#: serverguide/C/virtualization.xml:4407(ulink)
4856
#: serverguide/C/virtualization.xml:1804(ulink)
4849
4857
msgid "capabilities"
4850
4858
msgstr ""
4851
4859
4852
#: serverguide/C/virtualization.xml:4408(ulink)
4860
#: serverguide/C/virtualization.xml:1805(ulink)
4853
4861
msgid "lxc.conf"
4854
4862
msgstr ""
4855
4863
4856
#: serverguide/C/virtualization.xml:1818(para)
4864
#: serverguide/C/virtualization.xml:1810(para)
4857
4865
msgid ""
4858
4866
"The upstream LXC project is hosted at <ulink "
4859
4867
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4860
4868
msgstr ""
4861
4869
4862
#: serverguide/C/virtualization.xml:4420(para)
4870
#: serverguide/C/virtualization.xml:1815(para)
4863
4871
msgid ""
4864
4872
"LXC security issues are listed and discussed at <ulink "
4865
4873
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4866
4874
msgstr ""
4867
4875
4868
#: serverguide/C/virtualization.xml:1829(para)
4876
#: serverguide/C/virtualization.xml:1821(para)
4869
4877
msgid ""
4870
4878
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4871
4879
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4886
4894
"to manage information that changes often, there is room for version control."
4887
4895
msgstr ""
4888
4896
4889
#: serverguide/C/vcs.xml:15(title)
4897
#: serverguide/C/vcs.xml:22(title)
4890
4898
msgid "Bazaar"
4891
4899
msgstr ""
4892
4900
4893
#: serverguide/C/vcs.xml:16(para)
4901
#: serverguide/C/vcs.xml:23(para)
4894
4902
msgid ""
4895
4903
"Bazaar is a new version control system sponsored by Canonical, the "
4896
4904
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
4900
4908
"maximize the level of community participation in open source projects."
4901
4909
msgstr ""
4902
4910
4903
#: serverguide/C/vcs.xml:27(para)
4911
#: serverguide/C/vcs.xml:34(para)
4904
4912
msgid ""
4905
4913
"At a terminal prompt, enter the following command to install "
4906
4914
"<application>bzr</application>: <screen>\n"
4908
4916
"</screen>"
4909
4917
msgstr ""
4910
4918
4911
#: serverguide/C/vcs.xml:38(para)
4919
#: serverguide/C/vcs.xml:45(para)
4912
4920
msgid ""
4913
4921
"To introduce yourself to <application>bzr</application>, use the "
4914
4922
"<emphasis>whoami</emphasis> command like this: <screen>\n"
4916
4924
"</screen>"
4917
4925
msgstr ""
4918
4926
4919
#: serverguide/C/vcs.xml:47(title)
4927
#: serverguide/C/vcs.xml:54(title)
4920
4928
msgid "Learning Bazaar"
4921
4929
msgstr ""
4922
4930
4923
#: serverguide/C/vcs.xml:48(para)
4931
#: serverguide/C/vcs.xml:55(para)
4924
4932
msgid ""
4925
4933
"Bazaar comes with bundled documentation installed into "
4926
4934
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
4930
4938
"</screen>"
4931
4939
msgstr ""
4932
4940
4933
#: serverguide/C/vcs.xml:58(para)
4941
#: serverguide/C/vcs.xml:65(para)
4934
4942
msgid ""
4935
4943
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
4936
4944
"<command>$ bzr help foo</command>\n"
4937
4945
"</screen>"
4938
4946
msgstr ""
4939
4947
4940
#: serverguide/C/vcs.xml:66(title)
4948
#: serverguide/C/vcs.xml:73(title)
4941
4949
msgid "Launchpad Integration"
4942
4950
msgstr ""
4943
4951
4944
#: serverguide/C/vcs.xml:67(para)
4952
#: serverguide/C/vcs.xml:74(para)
4945
4953
msgid ""
4946
4954
"While highly useful as a stand-alone system, Bazaar has good, optional "
4947
4955
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
4952
4960
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
4953
4961
msgstr ""
4954
4962
4955
#: serverguide/C/vcs.xml:80(title)
4963
#: serverguide/C/vcs.xml:87(title)
4956
4964
msgid "Git"
4957
4965
msgstr ""
4958
4966
4959
#: serverguide/C/vcs.xml:82(para)
4967
#: serverguide/C/vcs.xml:89(para)
4960
4968
msgid ""
4961
4969
"Git is an open source distributed version control system originally "
4962
4970
"developped by Linus Torvalds to support the development of the linux kernel. "
4965
4973
"access or a central server."
4966
4974
msgstr ""
4967
4975
4968
#: serverguide/C/vcs.xml:88(para)
4976
#: serverguide/C/vcs.xml:95(para)
4969
4977
msgid ""
4970
4978
"The <application>git</application> version control system is installed with "
4971
4979
"the following command"
4972
4980
msgstr ""
4973
4981
4974
#: serverguide/C/vcs.xml:92(command)
4982
#: serverguide/C/vcs.xml:99(command)
4975
4983
msgid "sudo apt-get install git"
4976
4984
msgstr ""
4977
4985
4978
#: serverguide/C/vcs.xml:97(para)
4986
#: serverguide/C/vcs.xml:104(para)
4979
4987
msgid ""
4980
4988
"Every git user should first introduce himself to git, by running these two "
4981
4989
"commands:"
4982
4990
msgstr ""
4983
4991
4984
#: serverguide/C/vcs.xml:99(command)
4992
#: serverguide/C/vcs.xml:106(command)
4985
4993
msgid "git config --global user.email \"you@example.com\""
4986
4994
msgstr ""
4987
4995
4988
#: serverguide/C/vcs.xml:100(command)
4996
#: serverguide/C/vcs.xml:107(command)
4989
4997
msgid "git config --global user.name \"Your Name\""
4990
4998
msgstr ""
4991
4999
4992
#: serverguide/C/vcs.xml:105(para)
5000
#: serverguide/C/vcs.xml:112(para)
4993
5001
msgid ""
4994
5002
"The above is already sufficient to use git in a distributed and secure way, "
4995
5003
"provided users have access to the machine assuming the server role via SSH. "
4996
"On the server machine, creating a new repository can be done with"
5004
"On the server machine, creating a new repository can be done with:"
4997
5005
msgstr ""
4998
5006
4999
#: serverguide/C/vcs.xml:108(command)
5007
#: serverguide/C/vcs.xml:119(command)
5000
5008
msgid "git init --bare /path/to/repository"
5001
5009
msgstr ""
5002
5010
5003
#: serverguide/C/vcs.xml:110(para)
5011
#: serverguide/C/vcs.xml:121(para)
5004
5012
msgid ""
5005
5013
"This creates a bare repository, that cannot be used to edit files directly. "
5006
5014
"If you would rather have a working copy of the contents of the repository on "
5007
5015
"the server, ommit the <emphasis>--bare</emphasis> option."
5008
5016
msgstr ""
5009
5017
5010
#: serverguide/C/vcs.xml:111(para)
5018
#: serverguide/C/vcs.xml:122(para)
5011
5019
msgid ""
5012
"Any client with ssh access to the machine can from then on clone the "
5013
"repository with"
5020
"Any client with SSH access to the machine can then clone the repository with:"
5014
5021
msgstr ""
5015
5022
5016
#: serverguide/C/vcs.xml:113(command)
5023
#: serverguide/C/vcs.xml:127(command)
5017
5024
msgid "git clone username@hostname:/path/to/repository"
5018
5025
msgstr ""
5019
5026
5020
#: serverguide/C/vcs.xml:115(para)
5027
#: serverguide/C/vcs.xml:129(para)
5021
5028
msgid ""
5022
5029
"Once cloned to the client's machine, the client can edit files, then commit "
5023
5030
"and share them with:"
5024
5031
msgstr ""
5025
5032
5026
#: serverguide/C/vcs.xml:119(command)
5033
#: serverguide/C/vcs.xml:133(command)
5027
5034
msgid "cd /path/to/repository"
5028
5035
msgstr ""
5029
5036
5030
#: serverguide/C/vcs.xml:120(command)
5037
#: serverguide/C/vcs.xml:134(command)
5031
5038
msgid "#(edit some files"
5032
5039
msgstr ""
5033
5040
5034
#: serverguide/C/vcs.xml:121(command)
5041
#: serverguide/C/vcs.xml:135(command)
5035
5042
msgid ""
5036
5043
"git commit -a # Commit all changes to the local version of the repository"
5037
5044
msgstr ""
5038
5045
5039
#: serverguide/C/vcs.xml:122(command)
5046
#: serverguide/C/vcs.xml:136(command)
5040
5047
msgid ""
5041
5048
"git push origin master # Push changes to the server's version of the "
5042
5049
"repository"
5043
5050
msgstr ""
5044
5051
5045
#: serverguide/C/vcs.xml:127(title)
5052
#: serverguide/C/vcs.xml:141(title)
5046
5053
msgid "Installing a gitolite server"
5047
5054
msgstr ""
5048
5055
5049
#: serverguide/C/vcs.xml:128(para)
5056
#: serverguide/C/vcs.xml:142(para)
5050
5057
msgid ""
5051
5058
"While the above is sufficient to create, clone and edit repositories, users "
5052
5059
"wanting to install git on a server will most likely want to have git work "
5055
5062
"<application>gitolite</application> with the following command:"
5056
5063
msgstr ""
5057
5064
5058
#: serverguide/C/vcs.xml:134(command)
5065
#: serverguide/C/vcs.xml:148(command)
5059
5066
msgid "sudo apt-get install gitolite"
5060
5067
msgstr ""
5061
5068
5062
#: serverguide/C/vcs.xml:139(title)
5069
#: serverguide/C/vcs.xml:153(title)
5063
5070
msgid "Gitolite configuration"
5064
5071
msgstr ""
5065
5072
5066
#: serverguide/C/vcs.xml:140(para)
5073
#: serverguide/C/vcs.xml:154(para)
5067
5074
msgid ""
5068
5075
"Configuration of the <application>gitolite</application> server is a little "
5069
5076
"different that most other servers on Unix-like systems. Instead of the "
5072
5079
"therefore to allow access to the configuration repository."
5073
5080
msgstr ""
5074
5081
5075
#: serverguide/C/vcs.xml:145(para)
5082
#: serverguide/C/vcs.xml:159(para)
5076
5083
msgid "First of all, let's create a user for gitolite to be accessed as."
5077
5084
msgstr ""
5078
5085
5079
#: serverguide/C/vcs.xml:149(command)
5086
#: serverguide/C/vcs.xml:163(command)
5080
5087
msgid ""
5081
5088
"sudo adduser --system --shell /bin/bash --group --disabled-password --home "
5082
5089
"/home/git git"
5083
5090
msgstr ""
5084
5091
5085
#: serverguide/C/vcs.xml:151(para)
5092
#: serverguide/C/vcs.xml:165(para)
5086
5093
msgid ""
5087
5094
"Now we want to let gitolite know about the repository administrator's public "
5088
5095
"SSH key. This assumes that the current user is the repository administrator. "
5090
5097
"keys\"/>"
5091
5098
msgstr ""
5092
5099
5093
#: serverguide/C/vcs.xml:156(command)
5100
#: serverguide/C/vcs.xml:170(command)
5094
5101
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5095
5102
msgstr ""
5096
5103
5097
#: serverguide/C/vcs.xml:158(para)
5104
#: serverguide/C/vcs.xml:172(para)
5098
5105
msgid ""
5099
5106
"Let's switch to the git user and import the administrator's key into "
5100
5107
"gitolite."
5101
5108
msgstr ""
5102
5109
5103
#: serverguide/C/vcs.xml:162(command)
5110
#: serverguide/C/vcs.xml:176(command)
5104
5111
msgid "sudo su - git"
5105
5112
msgstr ""
5106
5113
5107
#: serverguide/C/vcs.xml:163(command)
5114
#: serverguide/C/vcs.xml:177(command)
5108
5115
msgid "gl-setup /tmp/*.pub"
5109
5116
msgstr ""
5110
5117
5111
#: serverguide/C/vcs.xml:165(para)
5118
#: serverguide/C/vcs.xml:179(para)
5112
5119
msgid ""
5113
5120
"Gitolite will allow you to make initial changes to its configuration file "
5114
5121
"during the setup process. You can now clone and modify the gitolite "
5117
5124
"configuration repository:"
5118
5125
msgstr ""
5119
5126
5120
#: serverguide/C/vcs.xml:169(command)
5127
#: serverguide/C/vcs.xml:183(command)
5121
5128
msgid "exit"
5122
5129
msgstr ""
5123
5130
5124
#: serverguide/C/vcs.xml:170(command)
5131
#: serverguide/C/vcs.xml:184(command)
5125
5132
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5126
5133
msgstr ""
5127
5134
5128
#: serverguide/C/vcs.xml:171(command)
5135
#: serverguide/C/vcs.xml:185(command)
5129
5136
msgid "cd gitolite-admin"
5130
5137
msgstr ""
5131
5138
5132
#: serverguide/C/vcs.xml:173(para)
5139
#: serverguide/C/vcs.xml:187(para)
5133
5140
msgid ""
5134
5141
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5135
5142
"configuration files are in the conf dir, and the keydir directory contains "
5136
5143
"the list of user's public SSH keys."
5137
5144
msgstr ""
5138
5145
5139
#: serverguide/C/vcs.xml:176(title)
5146
#: serverguide/C/vcs.xml:190(title)
5140
5147
msgid "Managing gitolite users and repositories"
5141
5148
msgstr ""
5142
5149
5143
#: serverguide/C/vcs.xml:177(para)
5150
#: serverguide/C/vcs.xml:191(para)
5144
5151
msgid ""
5145
5152
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5146
5153
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5151
5158
"server with"
5152
5159
msgstr ""
5153
5160
5154
#: serverguide/C/vcs.xml:179(command)
5161
#: serverguide/C/vcs.xml:193(command)
5155
5162
msgid "git commit -a"
5156
5163
msgstr ""
5157
5164
5158
#: serverguide/C/vcs.xml:180(command)
5165
#: serverguide/C/vcs.xml:194(command)
5159
5166
msgid "git push origin master"
5160
5167
msgstr ""
5161
5168
5162
#: serverguide/C/vcs.xml:182(para)
5169
#: serverguide/C/vcs.xml:196(para)
5163
5170
msgid ""
5164
5171
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5165
5172
"is space separated, and simply specifies the list of repositories followed "
5166
5173
"by some access rules. The following is a default example"
5167
5174
msgstr ""
5168
5175
5169
#: serverguide/C/vcs.xml:183(programlisting)
5176
#: serverguide/C/vcs.xml:197(programlisting)
5170
5177
#, no-wrap
5171
5178
msgid ""
5172
5179
"\n"
5180
5187
" R = denise\n"
5181
5188
msgstr ""
5182
5189
5183
#: serverguide/C/vcs.xml:195(title)
5190
#: serverguide/C/vcs.xml:209(title)
5184
5191
msgid "Using your server"
5185
5192
msgstr ""
5186
5193
5187
#: serverguide/C/vcs.xml:196(para)
5194
#: serverguide/C/vcs.xml:210(para)
5188
5195
msgid ""
5189
5196
"To use the newly created server, users have to have the gitolite admin "
5190
5197
"import their public key into the gitolite configuration repository, they can "
5191
5198
"then access any project they have access to with the following command:"
5192
5199
msgstr ""
5193
5200
5194
#: serverguide/C/vcs.xml:198(command)
5201
#: serverguide/C/vcs.xml:212(command)
5195
5202
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5196
5203
msgstr ""
5197
5204
5198
#: serverguide/C/vcs.xml:200(para)
5205
#: serverguide/C/vcs.xml:214(para)
5199
5206
msgid ""
5200
5207
"Or add the server's project as a remote for an existing git repository:"
5201
5208
msgstr ""
5202
5209
5203
#: serverguide/C/vcs.xml:202(command)
5210
#: serverguide/C/vcs.xml:216(command)
5204
5211
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5205
5212
msgstr ""
5206
5213
5207
#: serverguide/C/vcs.xml:79(title)
5214
#: serverguide/C/vcs.xml:221(title)
5208
5215
msgid "Subversion"
5209
5216
msgstr "Subversion"
5210
5217
5211
#: serverguide/C/vcs.xml:80(para)
5218
#: serverguide/C/vcs.xml:222(para)
5212
5219
msgid ""
5213
5220
"Subversion is an open source version control system. Using Subversion, you "
5214
5221
"can record the history of source files and documents. It manages files and "
5217
5224
"remembers every change ever made to files and directories."
5218
5225
msgstr ""
5219
5226
5220
#: serverguide/C/vcs.xml:85(para)
5227
#: serverguide/C/vcs.xml:227(para)
5221
5228
msgid ""
5222
5229
"To access Subversion repository using the HTTP protocol, you must install "
5223
5230
"and configure a web server. Apache2 is proven to work with Subversion. "
5228
5235
"section to install and configure the digital certificate."
5229
5236
msgstr ""
5230
5237
5231
#: serverguide/C/vcs.xml:94(para)
5238
#: serverguide/C/vcs.xml:236(para)
5232
5239
msgid ""
5233
5240
"To install Subversion, run the following command from a terminal prompt:"
5234
5241
msgstr ""
5235
5242
"Untuk menginstal Subversion, jalankan perintah berikut dari terminal prompt:"
5236
5243
5237
#: serverguide/C/vcs.xml:227(command)
5244
#: serverguide/C/vcs.xml:241(command)
5238
5245
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5239
5246
msgstr ""
5240
5247
5241
#: serverguide/C/vcs.xml:105(title)
5248
#: serverguide/C/vcs.xml:247(title)
5242
5249
msgid "Server Configuration"
5243
5250
msgstr "Konfigurasi Server"
5244
5251
5245
#: serverguide/C/vcs.xml:106(para)
5252
#: serverguide/C/vcs.xml:248(para)
5246
5253
msgid ""
5247
5254
"This step assumes you have installed above mentioned packages on your "
5248
5255
"system. This section explains how to create a Subversion repository and "
5249
5256
"access the project."
5250
5257
msgstr ""
5251
5258
5252
#: serverguide/C/vcs.xml:109(title)
5259
#: serverguide/C/vcs.xml:251(title)
5253
5260
msgid "Create Subversion Repository"
5254
5261
msgstr "Membuat Gudang Subversion"
5255
5262
5256
#: serverguide/C/vcs.xml:110(para)
5263
#: serverguide/C/vcs.xml:252(para)
5257
5264
msgid ""
5258
5265
"The Subversion repository can be created using the following command from a "
5259
5266
"terminal prompt:"
5261
5268
"Repository Subversion dapat di buat dengan mengikuti perintah berikut dalam "
5262
5269
"terminal prompt:"
5263
5270
5264
#: serverguide/C/vcs.xml:114(command)
5271
#: serverguide/C/vcs.xml:256(command)
5265
5272
msgid "svnadmin create /path/to/repos/project"
5266
5273
msgstr "svnadmin create /path/to/repos/project"
5267
5274
5268
#: serverguide/C/vcs.xml:119(title)
5275
#: serverguide/C/vcs.xml:261(title)
5269
5276
msgid "Importing Files"
5270
5277
msgstr "Mengimpor File"
5271
5278
5272
#: serverguide/C/vcs.xml:120(para)
5279
#: serverguide/C/vcs.xml:262(para)
5273
5280
msgid ""
5274
5281
"Once you create the repository you can <emphasis>import</emphasis> files "
5275
5282
"into the repository. To import a directory, enter the following from a "
5279
5286
"</screen>"
5280
5287
msgstr ""
5281
5288
5282
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5289
#: serverguide/C/vcs.xml:274(title) serverguide/C/vcs.xml:279(title)
5283
5290
msgid "Access Methods"
5284
5291
msgstr "Metode Akses"
5285
5292
5286
#: serverguide/C/vcs.xml:133(para)
5293
#: serverguide/C/vcs.xml:275(para)
5287
5294
msgid ""
5288
5295
"Subversion repositories can be accessed (checked out) through many different "
5289
5296
"methods --on local disk, or through various network protocols. A repository "
5291
5298
"schemes map to the available access methods."
5292
5299
msgstr ""
5293
5300
5294
#: serverguide/C/vcs.xml:144(para)
5301
#: serverguide/C/vcs.xml:286(para)
5295
5302
msgid "Schema"
5296
5303
msgstr "Skema"
5297
5304
5298
#: serverguide/C/vcs.xml:145(para)
5305
#: serverguide/C/vcs.xml:287(para)
5299
5306
msgid "Access Method"
5300
5307
msgstr "Metode Akses"
5301
5308
5302
#: serverguide/C/vcs.xml:150(para)
5309
#: serverguide/C/vcs.xml:292(para)
5303
5310
msgid "file://"
5304
5311
msgstr "file://"
5305
5312
5306
#: serverguide/C/vcs.xml:151(para)
5313
#: serverguide/C/vcs.xml:293(para)
5307
5314
msgid "direct repository access (on local disk)"
5308
5315
msgstr "akses langsung ke gudang (pada cakram lokal)"
5309
5316
5310
#: serverguide/C/vcs.xml:154(para)
5317
#: serverguide/C/vcs.xml:296(para)
5311
5318
msgid "http://"
5312
5319
msgstr "http://"
5313
5320
5314
#: serverguide/C/vcs.xml:155(para)
5321
#: serverguide/C/vcs.xml:297(para)
5315
5322
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5316
5323
msgstr ""
5317
5324
"Akses lewat protokol WebDAV ke server web Apache dengan modul Subversion"
5318
5325
5319
#: serverguide/C/vcs.xml:158(para)
5326
#: serverguide/C/vcs.xml:300(para)
5320
5327
msgid "https://"
5321
5328
msgstr "https://"
5322
5329
5323
#: serverguide/C/vcs.xml:159(para)
5330
#: serverguide/C/vcs.xml:301(para)
5324
5331
msgid "Same as http://, but with SSL encryption"
5325
5332
msgstr "Sama seperti http://, namun dengan enkripsi SSL"
5326
5333
5327
#: serverguide/C/vcs.xml:162(para)
5334
#: serverguide/C/vcs.xml:304(para)
5328
5335
msgid "svn://"
5329
5336
msgstr "svn://"
5330
5337
5331
#: serverguide/C/vcs.xml:163(para)
5338
#: serverguide/C/vcs.xml:305(para)
5332
5339
msgid "Access via custom protocol to an svnserve server"
5333
5340
msgstr "Akses lewat protokol custom ke server svnserve"
5334
5341
5335
#: serverguide/C/vcs.xml:166(para)
5342
#: serverguide/C/vcs.xml:308(para)
5336
5343
msgid "svn+ssh://"
5337
5344
msgstr "svn+ssh://"
5338
5345
5339
#: serverguide/C/vcs.xml:167(para)
5346
#: serverguide/C/vcs.xml:309(para)
5340
5347
msgid "Same as svn://, but through an SSH tunnel"
5341
5348
msgstr "Sama seperti svn://, namun melalui tunnel SSH"
5342
5349
5343
#: serverguide/C/vcs.xml:173(para)
5350
#: serverguide/C/vcs.xml:315(para)
5344
5351
msgid ""
5345
5352
"In this section, we will see how to configure Subversion for all these "
5346
5353
"access methods. Here, we cover the basics. For more advanced usage details, "
5347
5354
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5348
5355
msgstr ""
5349
5356
5350
#: serverguide/C/vcs.xml:180(title)
5357
#: serverguide/C/vcs.xml:322(title)
5351
5358
msgid "Direct repository access (file://)"
5352
5359
msgstr "Akses langsung ke repositori (file://)"
5353
5360
5354
#: serverguide/C/vcs.xml:181(para)
5361
#: serverguide/C/vcs.xml:323(para)
5355
5362
msgid ""
5356
5363
"This is the simplest of all access methods. It does not require any "
5357
5364
"Subversion server process to be running. This access method is used to "
5359
5366
"at a terminal prompt, is as follows:"
5360
5367
msgstr ""
5361
5368
5362
#: serverguide/C/vcs.xml:188(command)
5369
#: serverguide/C/vcs.xml:330(command)
5363
5370
msgid "svn co file:///path/to/repos/project"
5364
5371
msgstr "svn co file:///path/to/repos/project"
5365
5372
5366
#: serverguide/C/vcs.xml:191(para)
5373
#: serverguide/C/vcs.xml:333(para)
5367
5374
msgid "or"
5368
5375
msgstr "atau"
5369
5376
5370
#: serverguide/C/vcs.xml:194(command)
5377
#: serverguide/C/vcs.xml:336(command)
5371
5378
msgid "svn co file://localhost/path/to/repos/project"
5372
5379
msgstr "svn co file://localhost/path/to/repos/project"
5373
5380
5374
#: serverguide/C/vcs.xml:198(para)
5381
#: serverguide/C/vcs.xml:340(para)
5375
5382
msgid ""
5376
5383
"If you do not specify the hostname, there are three forward slashes (///) -- "
5377
5384
"two for the protocol (file, in this case) plus the leading slash in the "
5378
5385
"path. If you specify the hostname, you must use two forward slashes (//)."
5379
5386
msgstr ""
5380
5387
5381
#: serverguide/C/vcs.xml:200(para)
5388
#: serverguide/C/vcs.xml:342(para)
5382
5389
msgid ""
5383
5390
"The repository permissions depend on filesystem permissions. If the user has "
5384
5391
"read/write permission, he can checkout from and commit to the repository."
5385
5392
msgstr ""
5386
5393
5387
#: serverguide/C/vcs.xml:203(title)
5394
#: serverguide/C/vcs.xml:345(title)
5388
5395
msgid "Access via WebDAV protocol (http://)"
5389
5396
msgstr "Akses melalui protokol WebDAV (http://)"
5390
5397
5391
#: serverguide/C/vcs.xml:332(para)
5398
#: serverguide/C/vcs.xml:346(para)
5392
5399
msgid ""
5393
5400
"To access the Subversion repository via WebDAV protocol, you must configure "
5394
5401
"your Apache 2 web server. Add the following snippet between the "
5398
5405
"another VirtualHost file:"
5399
5406
msgstr ""
5400
5407
5401
#: serverguide/C/vcs.xml:338(programlisting)
5408
#: serverguide/C/vcs.xml:352(programlisting)
5402
5409
#, no-wrap
5403
5410
msgid ""
5404
5411
"\n"
5412
5419
" </Location> \n"
5413
5420
msgstr ""
5414
5421
5415
#: serverguide/C/vcs.xml:349(para)
5422
#: serverguide/C/vcs.xml:363(para)
5416
5423
msgid ""
5417
5424
"The above configuration snippet assumes that Subversion repositories are "
5418
5425
"created under <filename>/path/to/repos</filename> directory using "
5421
5428
"<command>http://hostname/svn/repos_name</command> url."
5422
5429
msgstr ""
5423
5430
5424
#: serverguide/C/vcs.xml:355(para)
5431
#: serverguide/C/vcs.xml:369(para)
5425
5432
msgid ""
5426
5433
"Changing the apache configuration like the above requires to reload the "
5427
5434
"service with the following command"
5428
5435
msgstr ""
5429
5436
5430
#: serverguide/C/vcs.xml:360(command)
5437
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
5431
5438
msgid "sudo service apache2 reload"
5432
5439
msgstr ""
5433
5440
5434
#: serverguide/C/vcs.xml:362(para)
5441
#: serverguide/C/vcs.xml:376(para)
5435
5442
msgid ""
5436
5443
"To import or commit files to your Subversion repository over HTTP, the "
5437
5444
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5439
5446
"repository files enter the following command from terminal prompt:"
5440
5447
msgstr ""
5441
5448
5442
#: serverguide/C/vcs.xml:236(command)
5449
#: serverguide/C/vcs.xml:385(command)
5443
5450
msgid "sudo chown -R www-data:www-data /path/to/repos"
5444
5451
msgstr "sudo chown -R www-data:www-data /path/to/repos"
5445
5452
5446
#: serverguide/C/vcs.xml:239(para)
5453
#: serverguide/C/vcs.xml:388(para)
5447
5454
msgid ""
5448
5455
"By changing the ownership of repository as <command>www-data</command> you "
5449
5456
"will not be able to import or commit files into the repository by running "
5451
5458
"<command>www-data</command>."
5452
5459
msgstr ""
5453
5460
5454
#: serverguide/C/vcs.xml:248(para)
5461
#: serverguide/C/vcs.xml:397(para)
5455
5462
msgid ""
5456
5463
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5457
5464
"that will contain user authentication details. To create a file issue the "
5459
5466
"the first user):"
5460
5467
msgstr ""
5461
5468
5462
#: serverguide/C/vcs.xml:254(command)
5469
#: serverguide/C/vcs.xml:403(command)
5463
5470
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5464
5471
msgstr "sudo htpasswd -c /etc/subversion/passwd nama_user"
5465
5472
5466
#: serverguide/C/vcs.xml:257(para)
5473
#: serverguide/C/vcs.xml:406(para)
5467
5474
msgid ""
5468
5475
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5469
5476
"option replaces the old file. Instead use this form:"
5470
5477
msgstr ""
5471
5478
5472
#: serverguide/C/vcs.xml:262(command)
5479
#: serverguide/C/vcs.xml:411(command)
5473
5480
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5474
5481
msgstr ""
5475
5482
5476
#: serverguide/C/vcs.xml:266(para)
5483
#: serverguide/C/vcs.xml:415(para)
5477
5484
msgid ""
5478
5485
"This command will prompt you to enter the password. Once you enter the "
5479
5486
"password, the user is added. Now, to access the repository you can run the "
5483
5490
"Anda memasukkan kata sandi, pengguna akan dibuat. Sekarang, untuk mengakses "
5484
5491
"repositori Anda dapat menjalankan perintah berikut:"
5485
5492
5486
#: serverguide/C/vcs.xml:267(command)
5493
#: serverguide/C/vcs.xml:416(command)
5487
5494
msgid "svn co http://servername/svn"
5488
5495
msgstr "svn co http://servername/svn"
5489
5496
5490
#: serverguide/C/vcs.xml:269(para)
5497
#: serverguide/C/vcs.xml:418(para)
5491
5498
msgid ""
5492
5499
"The password is transmitted as plain text. If you are worried about password "
5493
5500
"snooping, you are advised to use SSL encryption. For details, please refer "
5494
5501
"next section."
5495
5502
msgstr ""
5496
5503
5497
#: serverguide/C/vcs.xml:275(title)
5504
#: serverguide/C/vcs.xml:424(title)
5498
5505
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5499
5506
msgstr "Akses melalui protokol WebDAV dengan enkripsi SSL (https://)"
5500
5507
5501
#: serverguide/C/vcs.xml:411(para)
5508
#: serverguide/C/vcs.xml:425(para)
5502
5509
msgid ""
5503
5510
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5504
5511
"(https://) is similar to http:// except that you must install and configure "
5509
5516
"configuration\"/>."
5510
5517
msgstr ""
5511
5518
5512
#: serverguide/C/vcs.xml:285(para)
5519
#: serverguide/C/vcs.xml:434(para)
5513
5520
msgid ""
5514
5521
"You can install a digital certificate issued by a signing authority. "
5515
5522
"Alternatively, you can install your own self-signed certificate."
5516
5523
msgstr ""
5517
5524
5518
#: serverguide/C/vcs.xml:290(para)
5525
#: serverguide/C/vcs.xml:439(para)
5519
5526
msgid ""
5520
5527
"This step assumes you have installed and configured a digital certificate in "
5521
5528
"your Apache 2 web server. Now, to access the Subversion repository, please "
5523
5530
"the protocol. You must use https:// to access the Subversion repository."
5524
5531
msgstr ""
5525
5532
5526
#: serverguide/C/vcs.xml:300(title)
5533
#: serverguide/C/vcs.xml:449(title)
5527
5534
msgid "Access via custom protocol (svn://)"
5528
5535
msgstr "Akses melalui protokol custom (svn://)"
5529
5536
5530
#: serverguide/C/vcs.xml:301(para)
5537
#: serverguide/C/vcs.xml:450(para)
5531
5538
msgid ""
5532
5539
"Once the Subversion repository is created, you can configure the access "
5533
5540
"control. You can edit the <filename> "
5536
5543
"following lines in the configuration file:"
5537
5544
msgstr ""
5538
5545
5539
#: serverguide/C/vcs.xml:308(programlisting)
5546
#: serverguide/C/vcs.xml:457(programlisting)
5540
5547
#, no-wrap
5541
5548
msgid ""
5542
5549
"# [general]\n"
5545
5552
"# [general]\n"
5546
5553
"# password-db = passwd"
5547
5554
5548
#: serverguide/C/vcs.xml:311(para)
5555
#: serverguide/C/vcs.xml:460(para)
5549
5556
msgid ""
5550
5557
"After uncommenting the above lines, you can maintain the user list in the "
5551
5558
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5552
5559
"directory and add the new user. The syntax is as follows:"
5553
5560
msgstr ""
5554
5561
5555
#: serverguide/C/vcs.xml:317(programlisting)
5562
#: serverguide/C/vcs.xml:466(programlisting)
5556
5563
#, no-wrap
5557
5564
msgid "username = password"
5558
5565
msgstr "username = password"
5559
5566
5560
#: serverguide/C/vcs.xml:318(para)
5567
#: serverguide/C/vcs.xml:467(para)
5561
5568
msgid "For more details, please refer to the file."
5562
5569
msgstr "Untuk keterangan lebih lanjut, silakan lihat berkas tersebut."
5563
5570
5564
#: serverguide/C/vcs.xml:322(para)
5571
#: serverguide/C/vcs.xml:471(para)
5565
5572
msgid ""
5566
5573
"Now, to access Subversion via the svn:// custom protocol, either from the "
5567
5574
"same machine or a different machine, you can run svnserver using svnserve "
5568
5575
"command. The syntax is as follows:"
5569
5576
msgstr ""
5570
5577
5571
#: serverguide/C/vcs.xml:327(programlisting)
5578
#: serverguide/C/vcs.xml:476(programlisting)
5572
5579
#, no-wrap
5573
5580
msgid ""
5574
5581
"$ svnserve -d --foreground -r /path/to/repos\n"
5587
5594
"For more usage details, please refer to:\n"
5588
5595
"$ svnserve --help"
5589
5596
5590
#: serverguide/C/vcs.xml:335(para)
5597
#: serverguide/C/vcs.xml:484(para)
5591
5598
msgid ""
5592
5599
"Once you run this command, Subversion starts listening on default port "
5593
5600
"(3690). To access the project repository, you must run the following command "
5594
5601
"from a terminal prompt:"
5595
5602
msgstr ""
5596
5603
5597
#: serverguide/C/vcs.xml:338(command)
5604
#: serverguide/C/vcs.xml:487(command)
5598
5605
msgid "svn co svn://hostname/project project --username user_name"
5599
5606
msgstr "svn co svn://hostname/project project --username user_name"
5600
5607
5601
#: serverguide/C/vcs.xml:341(para)
5608
#: serverguide/C/vcs.xml:490(para)
5602
5609
msgid ""
5603
5610
"Based on server configuration, it prompts for password. Once you are "
5604
5611
"authenticated, it checks out the code from Subversion repository. To "
5607
5614
"a terminal prompt, is as follows:"
5608
5615
msgstr ""
5609
5616
5610
#: serverguide/C/vcs.xml:349(command)
5617
#: serverguide/C/vcs.xml:498(command)
5611
5618
msgid "cd project_dir ; svn update"
5612
5619
msgstr "cd project_dir ; svn update"
5613
5620
5614
#: serverguide/C/vcs.xml:352(para)
5621
#: serverguide/C/vcs.xml:501(para)
5615
5622
msgid ""
5616
5623
"For more details about using each Subversion sub-command, you can refer to "
5617
5624
"the manual. For example, to learn more about the co (checkout) command, "
5618
5625
"please run the following command from a terminal prompt:"
5619
5626
msgstr ""
5620
5627
5621
#: serverguide/C/vcs.xml:356(command)
5628
#: serverguide/C/vcs.xml:505(command)
5622
5629
msgid "svn co help"
5623
5630
msgstr "svn co help"
5624
5631
5625
#: serverguide/C/vcs.xml:495(title)
5632
#: serverguide/C/vcs.xml:509(title)
5626
5633
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5627
5634
msgstr ""
5628
5635
5629
#: serverguide/C/vcs.xml:361(para)
5636
#: serverguide/C/vcs.xml:510(para)
5630
5637
msgid ""
5631
5638
"The configuration and server process is same as in the svn:// method. For "
5632
5639
"details, please refer to the above section. This step assumes you have "
5634
5641
"<application>svnserve</application> command."
5635
5642
msgstr ""
5636
5643
5637
#: serverguide/C/vcs.xml:367(para)
5644
#: serverguide/C/vcs.xml:516(para)
5638
5645
msgid ""
5639
5646
"It is also assumed that the ssh server is running on that machine and that "
5640
5647
"it is allowing incoming connections. To confirm, please try to login to that "
5642
5649
"login, please address it before continuing further."
5643
5650
msgstr ""
5644
5651
5645
#: serverguide/C/vcs.xml:373(para)
5652
#: serverguide/C/vcs.xml:522(para)
5646
5653
msgid ""
5647
5654
"The svn+ssh:// protocol is used to access the Subversion repository using "
5648
5655
"SSL encryption. The data transfer is encrypted using this method. To access "
5650
5657
"following command syntax:"
5651
5658
msgstr ""
5652
5659
5653
#: serverguide/C/vcs.xml:515(command)
5660
#: serverguide/C/vcs.xml:529(command)
5654
5661
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5655
5662
msgstr ""
5656
5663
5657
#: serverguide/C/vcs.xml:384(para)
5664
#: serverguide/C/vcs.xml:533(para)
5658
5665
msgid ""
5659
5666
"You must use the full path (/path/to/repos/project) to access the Subversion "
5660
5667
"repository using this access method."
5662
5669
"Anda harus menggunakan path penuh (/path/to/repos/project) untuk mengakses "
5663
5670
"repositori Subversion menggunakan metode akses ini."
5664
5671
5665
#: serverguide/C/vcs.xml:387(para)
5672
#: serverguide/C/vcs.xml:536(para)
5666
5673
msgid ""
5667
5674
"Based on server configuration, it prompts for password. You must enter the "
5668
5675
"password you use to login via ssh. Once you are authenticated, it checks out "
5669
5676
"the code from the Subversion repository."
5670
5677
msgstr ""
5671
5678
5672
#: serverguide/C/vcs.xml:539(ulink)
5679
#: serverguide/C/vcs.xml:551(ulink)
5673
5680
msgid "Bazaar Home Page"
5674
5681
msgstr "Halaman web Bazaar"
5675
5682
5676
#: serverguide/C/vcs.xml:540(ulink)
5683
#: serverguide/C/vcs.xml:556(ulink)
5677
5684
msgid "Launchpad"
5678
5685
msgstr "Launchpad"
5679
5686
5680
#: serverguide/C/vcs.xml:547(ulink)
5687
#: serverguide/C/vcs.xml:561(ulink)
5681
5688
msgid "Git homepage"
5682
5689
msgstr ""
5683
5690
5684
#: serverguide/C/vcs.xml:552(ulink)
5691
#: serverguide/C/vcs.xml:566(ulink)
5685
5692
msgid "Gitolite"
5686
5693
msgstr ""
5687
5694
5688
#: serverguide/C/vcs.xml:541(ulink)
5695
#: serverguide/C/vcs.xml:571(ulink)
5689
5696
msgid "Subversion Home Page"
5690
5697
msgstr "Laman Subversion"
5691
5698
5692
#: serverguide/C/vcs.xml:542(ulink)
5699
#: serverguide/C/vcs.xml:576(ulink)
5693
5700
msgid "Subversion Book"
5694
5701
msgstr "Buku Subversion"
5695
5702
5696
#: serverguide/C/vcs.xml:545(ulink)
5703
#: serverguide/C/vcs.xml:581(ulink)
5697
5704
msgid "Easy Bazaar Ubuntu Wiki page"
5698
5705
msgstr ""
5699
5706
5700
#: serverguide/C/vcs.xml:546(ulink)
5707
#: serverguide/C/vcs.xml:586(ulink)
5701
5708
msgid "Ubuntu Wiki Subversion page"
5702
5709
msgstr ""
5703
5710
5804
5811
"Security should always be considered when installing, deploying, and using "
5805
5812
"any type of computer system. Although a fresh installation of Ubuntu is "
5806
5813
"relatively safe for immediate use on the Internet, it is important to have a "
5807
"balanced understanding of your systems security posture based on how it will "
5808
"be used after deployment."
5814
"balanced understanding of your system's security posture based on how it "
5815
"will be used after deployment."
5809
5816
msgstr ""
5810
5817
5811
5818
#: serverguide/C/security.xml:15(para)
5812
5819
msgid ""
5813
"This chapter provides an overview of security related topics as they pertain "
5820
"This chapter provides an overview of security-related topics as they pertain "
5814
5821
"to Ubuntu 14.04 LTS Server Edition, and outlines simple measures you may use "
5815
5822
"to protect your server and network from any number of potential security "
5816
5823
"threats."
5864
5871
msgid "Configurations with root passwords are not supported."
5865
5872
msgstr ""
5866
5873
5867
#: serverguide/C/security.xml:37(command)
5874
#: serverguide/C/security.xml:42(command)
5868
5875
msgid "sudo passwd"
5869
5876
msgstr ""
5870
5877
5871
#: serverguide/C/security.xml:39(para)
5878
#: serverguide/C/security.xml:44(para)
5872
5879
msgid ""
5873
5880
"Sudo will prompt you for your password, and then ask you to supply a new "
5874
5881
"password for root as shown below:"
5875
5882
msgstr ""
5876
5883
5877
#: serverguide/C/security.xml:42(computeroutput)
5884
#: serverguide/C/security.xml:47(computeroutput)
5878
5885
#, no-wrap
5879
5886
msgid "[sudo] password for username:"
5880
5887
msgstr ""
5881
5888
5882
#: serverguide/C/security.xml:42(userinput)
5889
#: serverguide/C/security.xml:47(userinput)
5883
5890
#, no-wrap
5884
5891
msgid "(enter your own password)"
5885
5892
msgstr ""
5886
5893
5887
#: serverguide/C/security.xml:43(computeroutput)
5894
#: serverguide/C/security.xml:48(computeroutput)
5888
5895
#, no-wrap
5889
5896
msgid "Enter new UNIX password:"
5890
5897
msgstr ""
5891
5898
5892
#: serverguide/C/security.xml:43(userinput)
5899
#: serverguide/C/security.xml:48(userinput)
5893
5900
#, no-wrap
5894
5901
msgid "(enter a new password for root)"
5895
5902
msgstr ""
5896
5903
5897
#: serverguide/C/security.xml:44(computeroutput)
5904
#: serverguide/C/security.xml:49(computeroutput)
5898
5905
#, no-wrap
5899
5906
msgid "Retype new UNIX password:"
5900
5907
msgstr ""
5901
5908
5902
#: serverguide/C/security.xml:44(userinput)
5909
#: serverguide/C/security.xml:49(userinput)
5903
5910
#, no-wrap
5904
5911
msgid "(repeat new password for root)"
5905
5912
msgstr ""
5906
5913
5907
#: serverguide/C/security.xml:45(computeroutput)
5914
#: serverguide/C/security.xml:50(computeroutput)
5908
5915
#, no-wrap
5909
5916
msgid "passwd: password updated successfully"
5910
5917
msgstr ""
5914
5921
"To disable the root account password, use the following passwd syntax:"
5915
5922
msgstr ""
5916
5923
5917
#: serverguide/C/security.xml:53(command)
5924
#: serverguide/C/security.xml:58(command)
5918
5925
msgid "sudo passwd -l root"
5919
5926
msgstr ""
5920
5927
5927
5934
msgid "usermod --expiredate 1"
5928
5935
msgstr ""
5929
5936
5930
#: serverguide/C/security.xml:57(para)
5937
#: serverguide/C/security.xml:68(para)
5931
5938
msgid ""
5932
"You should read more on <application>Sudo</application> by checking out it's "
5933
"man page:"
5939
"You should read more on <application>Sudo</application> by reading the man "
5940
"page:"
5934
5941
msgstr ""
5935
5942
5936
#: serverguide/C/security.xml:61(command)
5943
#: serverguide/C/security.xml:72(command)
5937
5944
msgid "man sudo"
5938
5945
msgstr ""
5939
5946
5947
5954
"<emphasis>sudo</emphasis> group."
5948
5955
msgstr ""
5949
5956
5950
#: serverguide/C/security.xml:71(title)
5957
#: serverguide/C/security.xml:82(title)
5951
5958
msgid "Adding and Deleting Users"
5952
5959
msgstr ""
5953
5960
5954
#: serverguide/C/security.xml:72(para)
5961
#: serverguide/C/security.xml:83(para)
5955
5962
msgid ""
5956
"The process for managing local users and groups is straight forward and "
5963
"The process for managing local users and groups is straightforward and "
5957
5964
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5958
"other Debian based distributions, encourage the use of the \"adduser\" "
5965
"other Debian based distributions encourage the use of the \"adduser\" "
5959
5966
"package for account management."
5960
5967
msgstr ""
5961
5968
5962
#: serverguide/C/security.xml:77(para)
5969
#: serverguide/C/security.xml:88(para)
5963
5970
msgid ""
5964
5971
"To add a user account, use the following syntax, and follow the prompts to "
5965
"give the account a password and identifiable characteristics such as a full "
5972
"give the account a password and identifiable characteristics, such as a full "
5966
5973
"name, phone number, etc."
5967
5974
msgstr ""
5968
5975
5969
#: serverguide/C/security.xml:81(command)
5976
#: serverguide/C/security.xml:92(command)
5970
5977
msgid "sudo adduser username"
5971
5978
msgstr ""
5972
5979
5973
#: serverguide/C/security.xml:85(para)
5980
#: serverguide/C/security.xml:96(para)
5974
5981
msgid ""
5975
5982
"To delete a user account and its primary group, use the following syntax:"
5976
5983
msgstr ""
5977
5984
5978
#: serverguide/C/security.xml:89(command)
5985
#: serverguide/C/security.xml:100(command)
5979
5986
msgid "sudo deluser username"
5980
5987
msgstr ""
5981
5988
5982
#: serverguide/C/security.xml:91(para)
5989
#: serverguide/C/security.xml:102(para)
5983
5990
msgid ""
5984
5991
"Deleting an account does not remove their respective home folder. It is up "
5985
5992
"to you whether or not you wish to delete the folder manually or keep it "
5986
5993
"according to your desired retention policies."
5987
5994
msgstr ""
5988
5995
5989
#: serverguide/C/security.xml:94(para)
5996
#: serverguide/C/security.xml:105(para)
5990
5997
msgid ""
5991
5998
"Remember, any user added later on with the same UID/GID as the previous "
5992
5999
"owner will now have access to this folder if you have not taken the "
5993
6000
"necessary precautions."
5994
6001
msgstr ""
5995
6002
5996
#: serverguide/C/security.xml:97(para)
6003
#: serverguide/C/security.xml:108(para)
5997
6004
msgid ""
5998
6005
"You may want to change these UID/GID values to something more appropriate, "
5999
6006
"such as the root account, and perhaps even relocate the folder to avoid "
6000
6007
"future conflicts:"
6001
6008
msgstr ""
6002
6009
6003
#: serverguide/C/security.xml:101(command)
6010
#: serverguide/C/security.xml:112(command)
6004
6011
msgid "sudo chown -R root:root /home/username/"
6005
6012
msgstr ""
6006
6013
6007
#: serverguide/C/security.xml:102(command)
6014
#: serverguide/C/security.xml:113(command)
6008
6015
msgid "sudo mkdir /home/archived_users/"
6009
6016
msgstr ""
6010
6017
6011
#: serverguide/C/security.xml:103(command)
6018
#: serverguide/C/security.xml:114(command)
6012
6019
msgid "sudo mv /home/username /home/archived_users/"
6013
6020
msgstr ""
6014
6021
6015
#: serverguide/C/security.xml:107(para)
6022
#: serverguide/C/security.xml:118(para)
6016
6023
msgid ""
6017
6024
"To temporarily lock or unlock a user account, use the following syntax, "
6018
6025
"respectively:"
6019
6026
msgstr ""
6020
6027
6021
#: serverguide/C/security.xml:111(command)
6028
#: serverguide/C/security.xml:122(command)
6022
6029
msgid "sudo passwd -l username"
6023
6030
msgstr ""
6024
6031
6025
#: serverguide/C/security.xml:112(command)
6032
#: serverguide/C/security.xml:123(command)
6026
6033
msgid "sudo passwd -u username"
6027
6034
msgstr ""
6028
6035
6029
#: serverguide/C/security.xml:116(para)
6036
#: serverguide/C/security.xml:127(para)
6030
6037
msgid ""
6031
6038
"To add or delete a personalized group, use the following syntax, "
6032
6039
"respectively:"
6033
6040
msgstr ""
6034
6041
6035
#: serverguide/C/security.xml:120(command)
6042
#: serverguide/C/security.xml:131(command)
6036
6043
msgid "sudo addgroup groupname"
6037
6044
msgstr ""
6038
6045
6039
#: serverguide/C/security.xml:121(command)
6046
#: serverguide/C/security.xml:132(command)
6040
6047
msgid "sudo delgroup groupname"
6041
6048
msgstr ""
6042
6049
6043
#: serverguide/C/security.xml:125(para)
6050
#: serverguide/C/security.xml:136(para)
6044
6051
msgid "To add a user to a group, use the following syntax:"
6045
6052
msgstr ""
6046
6053
6047
#: serverguide/C/security.xml:129(command)
6054
#: serverguide/C/security.xml:140(command)
6048
6055
msgid "sudo adduser username groupname"
6049
6056
msgstr ""
6050
6057
6051
#: serverguide/C/security.xml:136(title)
6058
#: serverguide/C/security.xml:147(title)
6052
6059
msgid "User Profile Security"
6053
6060
msgstr ""
6054
6061
6055
#: serverguide/C/security.xml:137(para)
6062
#: serverguide/C/security.xml:148(para)
6056
6063
msgid ""
6057
6064
"When a new user is created, the adduser utility creates a brand new home "
6058
"directory named <filename class=\"directory\">/home/username</filename>, "
6059
"respectively. The default profile is modeled after the contents found in the "
6060
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6061
"includes all profile basics."
6065
"directory named <filename class=\"directory\">/home/username</filename>. The "
6066
"default profile is modeled after the contents found in the directory of "
6067
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6068
"profile basics."
6062
6069
msgstr ""
6063
6070
6064
#: serverguide/C/security.xml:140(para)
6071
#: serverguide/C/security.xml:151(para)
6065
6072
msgid ""
6066
6073
"If your server will be home to multiple users, you should pay close "
6067
6074
"attention to the user home directory permissions to ensure confidentiality. "
6071
6078
"your environment."
6072
6079
msgstr ""
6073
6080
6074
#: serverguide/C/security.xml:145(para)
6081
#: serverguide/C/security.xml:156(para)
6075
6082
msgid ""
6076
"To verify your current users home directory permissions, use the following "
6083
"To verify your current user home directory permissions, use the following "
6077
6084
"syntax:"
6078
6085
msgstr ""
6079
6086
6080
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6087
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6081
6088
msgid "ls -ld /home/username"
6082
6089
msgstr ""
6083
6090
6084
#: serverguide/C/security.xml:151(para)
6091
#: serverguide/C/security.xml:162(para)
6085
6092
msgid ""
6086
6093
"The following output shows that the directory <filename "
6087
"class=\"directory\">/home/username</filename> has world readable permissions:"
6094
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6088
6095
msgstr ""
6089
6096
6090
#: serverguide/C/security.xml:154(computeroutput)
6097
#: serverguide/C/security.xml:165(computeroutput)
6091
6098
#, no-wrap
6092
6099
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6093
6100
msgstr ""
6094
6101
6095
#: serverguide/C/security.xml:158(para)
6102
#: serverguide/C/security.xml:169(para)
6096
6103
msgid ""
6097
"You can remove the world readable permissions using the following syntax:"
6104
"You can remove the world readable-permissions using the following syntax:"
6098
6105
msgstr ""
6099
6106
6100
#: serverguide/C/security.xml:162(command)
6107
#: serverguide/C/security.xml:173(command)
6101
6108
msgid "sudo chmod 0750 /home/username"
6102
6109
msgstr ""
6103
6110
6104
#: serverguide/C/security.xml:165(para)
6111
#: serverguide/C/security.xml:176(para)
6105
6112
msgid ""
6106
6113
"Some people tend to use the recursive option (-R) indiscriminately which "
6107
6114
"modifies all child folders and files, but this is not necessary, and may "
6109
6116
"for preventing unauthorized access to anything below the parent."
6110
6117
msgstr ""
6111
6118
6112
#: serverguide/C/security.xml:169(para)
6119
#: serverguide/C/security.xml:180(para)
6113
6120
msgid ""
6114
6121
"A much more efficient approach to the matter would be to modify the "
6115
6122
"<application>adduser</application> global default permissions when creating "
6119
6126
"new home directories will receive the correct permissions."
6120
6127
msgstr ""
6121
6128
6122
#: serverguide/C/security.xml:172(programlisting)
6129
#: serverguide/C/security.xml:183(programlisting)
6123
6130
#, no-wrap
6124
6131
msgid ""
6125
6132
"\n"
6126
6133
"DIR_MODE=0750\n"
6127
6134
msgstr ""
6128
6135
6129
#: serverguide/C/security.xml:177(para)
6136
#: serverguide/C/security.xml:188(para)
6130
6137
msgid ""
6131
6138
"After correcting the directory permissions using any of the previously "
6132
6139
"mentioned techniques, verify the results using the following syntax:"
6133
6140
msgstr ""
6134
6141
6135
#: serverguide/C/security.xml:183(para)
6142
#: serverguide/C/security.xml:194(para)
6136
6143
msgid ""
6137
"The results below show that world readable permissions have been removed:"
6144
"The results below show that world-readable permissions have been removed:"
6138
6145
msgstr ""
6139
6146
6140
#: serverguide/C/security.xml:186(computeroutput)
6147
#: serverguide/C/security.xml:197(computeroutput)
6141
6148
#, no-wrap
6142
6149
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6143
6150
msgstr ""
6144
6151
6145
#: serverguide/C/security.xml:193(title)
6152
#: serverguide/C/security.xml:204(title)
6146
6153
msgid "Password Policy"
6147
6154
msgstr ""
6148
6155
6149
#: serverguide/C/security.xml:194(para)
6156
#: serverguide/C/security.xml:205(para)
6150
6157
msgid ""
6151
6158
"A strong password policy is one of the most important aspects of your "
6152
6159
"security posture. Many successful security breaches involve simple brute "
6156
6163
"password lifetimes, and frequent audits of your authentication systems."
6157
6164
msgstr ""
6158
6165
6159
#: serverguide/C/security.xml:198(title)
6166
#: serverguide/C/security.xml:209(title)
6160
6167
msgid "Minimum Password Length"
6161
6168
msgstr ""
6162
6169
6163
#: serverguide/C/security.xml:199(para)
6170
#: serverguide/C/security.xml:210(para)
6164
6171
msgid ""
6165
6172
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6166
6173
"well as some basic entropy checks. These values are controlled in the file "
6174
6181
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6175
6182
msgstr ""
6176
6183
6177
#: serverguide/C/security.xml:205(para)
6184
#: serverguide/C/security.xml:216(para)
6178
6185
msgid ""
6179
6186
"If you would like to adjust the minimum length to 8 characters, change the "
6180
6187
"appropriate variable to min=8. The modification is outlined below."
6188
6195
"minlen=8\n"
6189
6196
msgstr ""
6190
6197
6191
#: serverguide/C/security.xml:212(para)
6198
#: serverguide/C/security.xml:223(para)
6192
6199
msgid ""
6193
6200
"Basic password entropy checks and minimum length rules do not apply to the "
6194
6201
"administrator using sudo level commands to setup a new user."
6195
6202
msgstr ""
6196
6203
6197
#: serverguide/C/security.xml:218(title)
6204
#: serverguide/C/security.xml:229(title)
6198
6205
msgid "Password Expiration"
6199
6206
msgstr ""
6200
6207
6201
#: serverguide/C/security.xml:219(para)
6208
#: serverguide/C/security.xml:230(para)
6202
6209
msgid ""
6203
6210
"When creating user accounts, you should make it a policy to have a minimum "
6204
6211
"and maximum password age forcing users to change their passwords when they "
6205
6212
"expire."
6206
6213
msgstr ""
6207
6214
6208
#: serverguide/C/security.xml:224(para)
6215
#: serverguide/C/security.xml:235(para)
6209
6216
msgid ""
6210
6217
"To easily view the current status of a user account, use the following "
6211
6218
"syntax:"
6212
6219
msgstr ""
6213
6220
6214
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6221
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6215
6222
msgid "sudo chage -l username"
6216
6223
msgstr ""
6217
6224
6218
#: serverguide/C/security.xml:230(para)
6225
#: serverguide/C/security.xml:241(para)
6219
6226
msgid ""
6220
6227
"The output below shows interesting facts about the user account, namely that "
6221
6228
"there are no policies applied:"
6222
6229
msgstr ""
6223
6230
6224
#: serverguide/C/security.xml:233(computeroutput)
6231
#: serverguide/C/security.xml:244(computeroutput)
6225
6232
#, no-wrap
6226
6233
msgid ""
6227
"Last password change : Jan 20, 2008\n"
6234
"Last password change : Jan 20, 2015\n"
6228
6235
"Password expires : never\n"
6229
6236
"Password inactive : never\n"
6230
6237
"Account expires : never\n"
6233
6240
"Number of days of warning before password expires : 7"
6234
6241
msgstr ""
6235
6242
6236
#: serverguide/C/security.xml:243(para)
6243
#: serverguide/C/security.xml:254(para)
6237
6244
msgid ""
6238
6245
"To set any of these values, simply use the following syntax, and follow the "
6239
6246
"interactive prompts:"
6240
6247
msgstr ""
6241
6248
6242
#: serverguide/C/security.xml:247(command)
6249
#: serverguide/C/security.xml:258(command)
6243
6250
msgid "sudo chage username"
6244
6251
msgstr ""
6245
6252
6246
#: serverguide/C/security.xml:249(para)
6253
#: serverguide/C/security.xml:260(para)
6247
6254
msgid ""
6248
6255
"The following is also an example of how you can manually change the explicit "
6249
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6256
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6250
6257
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6251
6258
"password expiration, and a warning time period (-W) of 14 days before "
6252
"password expiration."
6253
msgstr ""
6254
6255
#: serverguide/C/security.xml:253(command)
6256
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6257
msgstr ""
6258
6259
#: serverguide/C/security.xml:257(para)
6259
"password expiration:"
6260
msgstr ""
6261
6262
#: serverguide/C/security.xml:264(command)
6263
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6264
msgstr ""
6265
6266
#: serverguide/C/security.xml:268(para)
6260
6267
msgid "To verify changes, use the same syntax as mentioned previously:"
6261
6268
msgstr ""
6262
6269
6263
#: serverguide/C/security.xml:263(para)
6270
#: serverguide/C/security.xml:274(para)
6264
6271
msgid ""
6265
6272
"The output below shows the new policies that have been established for the "
6266
6273
"account:"
6267
6274
msgstr ""
6268
6275
6269
#: serverguide/C/security.xml:266(computeroutput)
6276
#: serverguide/C/security.xml:277(computeroutput)
6270
6277
#, no-wrap
6271
6278
msgid ""
6272
"Last password change : Jan 20, 2008\n"
6273
"Password expires : Apr 19, 2008\n"
6274
"Password inactive : May 19, 2008\n"
6275
"Account expires : Jan 31, 2008\n"
6279
"Last password change : Jan 20, 2015\n"
6280
"Password expires : Apr 19, 2015\n"
6281
"Password inactive : May 19, 2015\n"
6282
"Account expires : Jan 31, 2015\n"
6276
6283
"Minimum number of days between password change : 5\n"
6277
6284
"Maximum number of days between password change : 90\n"
6278
6285
"Number of days of warning before password expires : 14"
6279
6286
msgstr ""
6280
6287
6281
#: serverguide/C/security.xml:282(title)
6288
#: serverguide/C/security.xml:293(title)
6282
6289
msgid "Other Security Considerations"
6283
6290
msgstr ""
6284
6291
6285
#: serverguide/C/security.xml:283(para)
6292
#: serverguide/C/security.xml:294(para)
6286
6293
msgid ""
6287
6294
"Many applications use alternate authentication mechanisms that can be easily "
6288
6295
"overlooked by even experienced system administrators. Therefore, it is "
6290
6297
"to services and applications on your server."
6291
6298
msgstr ""
6292
6299
6293
#: serverguide/C/security.xml:288(title)
6300
#: serverguide/C/security.xml:299(title)
6294
6301
msgid "SSH Access by Disabled Users"
6295
6302
msgstr ""
6296
6303
6297
#: serverguide/C/security.xml:289(para)
6304
#: serverguide/C/security.xml:300(para)
6298
6305
msgid ""
6299
6306
"Simply disabling/locking a user account will not prevent a user from logging "
6300
6307
"into your server remotely if they have previously set up RSA public key "
6301
6308
"authentication. They will still be able to gain shell access to the server, "
6302
6309
"without the need for any password. Remember to check the users home "
6303
6310
"directory for files that will allow for this type of authenticated SSH "
6304
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6311
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6305
6312
msgstr ""
6306
6313
6307
#: serverguide/C/security.xml:292(para)
6314
#: serverguide/C/security.xml:303(para)
6308
6315
msgid ""
6309
6316
"Remove or rename the directory <filename "
6310
6317
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6311
6318
"further SSH authentication capabilities."
6312
6319
msgstr ""
6313
6320
6314
#: serverguide/C/security.xml:295(para)
6321
#: serverguide/C/security.xml:306(para)
6315
6322
msgid ""
6316
6323
"Be sure to check for any established SSH connections by the disabled user, "
6317
6324
"as it is possible they may have existing inbound or outbound connections. "
6319
6326
msgstr ""
6320
6327
6321
6328
#: serverguide/C/security.xml:310(command)
6322
msgid "who |grep username"
6329
msgid "who | grep username"
6323
6330
msgstr ""
6324
6331
6325
6332
#: serverguide/C/security.xml:311(command)
6334
6341
"<placeholder-2/>\n"
6335
6342
msgstr ""
6336
6343
6337
#: serverguide/C/security.xml:298(para)
6344
#: serverguide/C/security.xml:313(para)
6338
6345
msgid ""
6339
6346
"Restrict SSH access to only user accounts that should have it. For example, "
6340
6347
"you may create a group called \"sshlogin\" and add the group name as the "
6342
6349
"the file <filename>/etc/ssh/sshd_config</filename>."
6343
6350
msgstr ""
6344
6351
6345
#: serverguide/C/security.xml:301(programlisting)
6352
#: serverguide/C/security.xml:316(programlisting)
6346
6353
#, no-wrap
6347
6354
msgid ""
6348
6355
"\n"
6349
6356
"AllowGroups sshlogin\n"
6350
6357
msgstr ""
6351
6358
6352
#: serverguide/C/security.xml:304(para)
6359
#: serverguide/C/security.xml:319(para)
6353
6360
msgid ""
6354
6361
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6355
6362
"SSH service."
6356
6363
msgstr ""
6357
6364
6358
#: serverguide/C/security.xml:308(command)
6365
#: serverguide/C/security.xml:323(command)
6359
6366
msgid "sudo adduser username sshlogin"
6360
6367
msgstr ""
6361
6368
6362
#: serverguide/C/security.xml:309(command)
6369
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6363
6370
msgid "sudo service ssh restart"
6364
6371
msgstr ""
6365
6372
6366
#: serverguide/C/security.xml:313(title)
6373
#: serverguide/C/security.xml:328(title)
6367
6374
msgid "External User Database Authentication"
6368
6375
msgstr ""
6369
6376
6370
#: serverguide/C/security.xml:314(para)
6377
#: serverguide/C/security.xml:329(para)
6371
6378
msgid ""
6372
6379
"Most enterprise networks require centralized authentication and access "
6373
6380
"controls for all system resources. If you have configured your server to "
6374
6381
"authenticate users against external databases, be sure to disable the user "
6375
"accounts both externally and locally, this way you ensure that local "
6382
"accounts both externally and locally. This way you ensure that local "
6376
6383
"fallback authentication is not possible."
6377
6384
msgstr ""
6378
6385
6379
#: serverguide/C/security.xml:323(title)
6386
#: serverguide/C/security.xml:338(title)
6380
6387
msgid "Console Security"
6381
6388
msgstr ""
6382
6389
6383
#: serverguide/C/security.xml:324(para)
6390
#: serverguide/C/security.xml:339(para)
6384
6391
msgid ""
6385
6392
"As with any other security barrier you put in place to protect your server, "
6386
6393
"it is pretty tough to defend against untold damage caused by someone with "
6392
6399
"basic precautions with regard to console security."
6393
6400
msgstr ""
6394
6401
6395
#: serverguide/C/security.xml:327(para)
6402
#: serverguide/C/security.xml:342(para)
6396
6403
msgid ""
6397
6404
"The following instructions will help defend your server against issues that "
6398
6405
"could otherwise yield very serious consequences."
6399
6406
msgstr ""
6400
6407
6401
#: serverguide/C/security.xml:332(title)
6408
#: serverguide/C/security.xml:347(title)
6402
6409
msgid "Disable Ctrl+Alt+Delete"
6403
6410
msgstr ""
6404
6411
6405
#: serverguide/C/security.xml:333(para)
6412
#: serverguide/C/security.xml:348(para)
6406
6413
msgid ""
6407
"First and foremost, anyone that has physical access to the keyboard can "
6408
"simply use the "
6414
"Anyone that has physical access to the keyboard can simply use the "
6409
6415
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6410
6416
"eycombo> key combination to reboot the server without having to log on. "
6411
"Sure, someone could simply unplug the power source, but you should still "
6412
"prevent the use of this key combination on a production server. This forces "
6413
"an attacker to take more drastic measures to reboot the server, and will "
6417
"While someone could simply unplug the power source, you should still prevent "
6418
"the use of this key combination on a production server. This forces an "
6419
"attacker to take more drastic measures to reboot the server, and will "
6414
6420
"prevent accidental reboots at the same time."
6415
6421
msgstr ""
6416
6422
6417
#: serverguide/C/security.xml:338(para)
6423
#: serverguide/C/security.xml:353(para)
6418
6424
msgid ""
6419
6425
"To disable the reboot action taken by pressing the "
6420
6426
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6421
6427
"eycombo> key combination, comment out the following line in the file "
6422
"<filename>/etc/init/control-alt-delete.conf</filename>."
6428
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6423
6429
msgstr ""
6424
6430
6425
#: serverguide/C/security.xml:341(programlisting)
6431
#: serverguide/C/security.xml:356(programlisting)
6426
6432
#, no-wrap
6427
6433
msgid ""
6428
6434
"\n"
6429
6435
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6430
6436
msgstr ""
6431
6437
6432
#: serverguide/C/security.xml:350(title)
6438
#: serverguide/C/security.xml:365(title)
6433
6439
msgid "Firewall"
6434
6440
msgstr ""
6435
6441
6436
#: serverguide/C/security.xml:353(para)
6442
#: serverguide/C/security.xml:368(para)
6437
6443
msgid ""
6438
6444
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6439
6445
"which is used to manipulate or decide the fate of network traffic headed "
6441
6447
"system for packet filtering."
6442
6448
msgstr ""
6443
6449
6444
#: serverguide/C/security.xml:358(para)
6450
#: serverguide/C/security.xml:373(para)
6445
6451
msgid ""
6446
6452
"The kernel's packet filtering system would be of little use to "
6447
6453
"administrators without a userspace interface to manage it. This is the "
6448
"purpose of iptables. When a packet reaches your server, it will be handed "
6454
"purpose of iptables: When a packet reaches your server, it will be handed "
6449
6455
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6450
6456
"based on the rules supplied to it from userspace via iptables. Thus, "
6451
"iptables is all you need to manage your firewall if you're familiar with it, "
6452
"but many frontends are available to simplify the task."
6457
"iptables is all you need to manage your firewall, if you're familiar with "
6458
"it, but many frontends are available to simplify the task."
6453
6459
msgstr ""
6454
6460
6455
#: serverguide/C/security.xml:368(title)
6461
#: serverguide/C/security.xml:383(title)
6456
6462
msgid "ufw - Uncomplicated Firewall"
6457
6463
msgstr ""
6458
6464
6459
#: serverguide/C/security.xml:369(para)
6465
#: serverguide/C/security.xml:384(para)
6460
6466
msgid ""
6461
6467
"The default firewall configuration tool for Ubuntu is "
6462
6468
"<application>ufw</application>. Developed to ease iptables firewall "
6463
"configuration, <application>ufw</application> provides a user friendly way "
6469
"configuration, <application>ufw</application> provides a user-friendly way "
6464
6470
"to create an IPv4 or IPv6 host-based firewall."
6465
6471
msgstr ""
6466
6472
6467
#: serverguide/C/security.xml:373(para)
6473
#: serverguide/C/security.xml:388(para)
6468
6474
msgid ""
6469
6475
"<application>ufw</application> by default is initially disabled. From the "
6470
6476
"<application>ufw</application> man page:"
6471
6477
msgstr ""
6472
6478
6473
#: serverguide/C/security.xml:377(quote)
6479
#: serverguide/C/security.xml:392(quote)
6474
6480
msgid ""
6475
6481
"ufw is not intended to provide complete firewall functionality via its "
6476
6482
"command interface, but instead provides an easy way to add or remove simple "
6477
6483
"rules. It is currently mainly used for host-based firewalls."
6478
6484
msgstr ""
6479
6485
6480
#: serverguide/C/security.xml:381(para)
6486
#: serverguide/C/security.xml:396(para)
6481
6487
msgid ""
6482
6488
"The following are some examples of how to use <application>ufw</application>:"
6483
6489
msgstr ""
6484
6490
6485
#: serverguide/C/security.xml:386(para)
6491
#: serverguide/C/security.xml:401(para)
6486
6492
msgid ""
6487
6493
"First, <application>ufw</application> needs to be enabled. From a terminal "
6488
6494
"prompt enter:"
6489
6495
msgstr ""
6490
6496
6491
#: serverguide/C/security.xml:390(command)
6497
#: serverguide/C/security.xml:405(command)
6492
6498
msgid "sudo ufw enable"
6493
6499
msgstr ""
6494
6500
6495
#: serverguide/C/security.xml:394(para)
6496
msgid "To open a port (ssh in this example):"
6501
#: serverguide/C/security.xml:409(para)
6502
msgid "To open a port (SSH in this example):"
6497
6503
msgstr ""
6498
6504
6499
#: serverguide/C/security.xml:398(command)
6505
#: serverguide/C/security.xml:413(command)
6500
6506
msgid "sudo ufw allow 22"
6501
6507
msgstr ""
6502
6508
6503
#: serverguide/C/security.xml:402(para)
6509
#: serverguide/C/security.xml:417(para)
6504
6510
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6505
6511
msgstr ""
6506
6512
6507
#: serverguide/C/security.xml:406(command)
6513
#: serverguide/C/security.xml:421(command)
6508
6514
msgid "sudo ufw insert 1 allow 80"
6509
6515
msgstr ""
6510
6516
6511
#: serverguide/C/security.xml:410(para)
6517
#: serverguide/C/security.xml:425(para)
6512
6518
msgid "Similarly, to close an opened port:"
6513
6519
msgstr ""
6514
6520
6515
#: serverguide/C/security.xml:414(command)
6521
#: serverguide/C/security.xml:429(command)
6516
6522
msgid "sudo ufw deny 22"
6517
6523
msgstr ""
6518
6524
6519
#: serverguide/C/security.xml:418(para)
6525
#: serverguide/C/security.xml:433(para)
6520
6526
msgid "To remove a rule, use delete followed by the rule:"
6521
6527
msgstr ""
6522
6528
6523
#: serverguide/C/security.xml:422(command)
6529
#: serverguide/C/security.xml:437(command)
6524
6530
msgid "sudo ufw delete deny 22"
6525
6531
msgstr ""
6526
6532
6527
#: serverguide/C/security.xml:426(para)
6533
#: serverguide/C/security.xml:441(para)
6528
6534
msgid ""
6529
6535
"It is also possible to allow access from specific hosts or networks to a "
6530
"port. The following example allows ssh access from host 192.168.0.2 to any "
6531
"ip address on this host:"
6536
"port. The following example allows SSH access from host 192.168.0.2 to any "
6537
"IP address on this host:"
6532
6538
msgstr ""
6533
6539
6534
#: serverguide/C/security.xml:431(command)
6540
#: serverguide/C/security.xml:446(command)
6535
6541
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6536
6542
msgstr ""
6537
6543
6538
#: serverguide/C/security.xml:433(para)
6544
#: serverguide/C/security.xml:448(para)
6539
6545
msgid ""
6540
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6546
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6541
6547
"subnet."
6542
6548
msgstr ""
6543
6549
6544
#: serverguide/C/security.xml:439(para)
6550
#: serverguide/C/security.xml:454(para)
6545
6551
msgid ""
6546
6552
"Adding the <emphasis>--dry-run</emphasis> option to a "
6547
6553
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6549
6555
"the HTTP port:"
6550
6556
msgstr ""
6551
6557
6552
#: serverguide/C/security.xml:445(command)
6558
#: serverguide/C/security.xml:460(command)
6553
6559
msgid "sudo ufw --dry-run allow http"
6554
6560
msgstr ""
6555
6561
6556
#: serverguide/C/security.xml:449(computeroutput)
6562
#: serverguide/C/security.xml:464(computeroutput)
6557
6563
#, no-wrap
6558
6564
msgid ""
6559
6565
"*filter\n"
6579
6585
"Rules updated"
6580
6586
msgstr ""
6581
6587
6582
#: serverguide/C/security.xml:473(para)
6588
#: serverguide/C/security.xml:488(para)
6583
6589
msgid "<application>ufw</application> can be disabled by:"
6584
6590
msgstr ""
6585
6591
6586
#: serverguide/C/security.xml:477(command)
6592
#: serverguide/C/security.xml:492(command)
6587
6593
msgid "sudo ufw disable"
6588
6594
msgstr ""
6589
6595
6590
#: serverguide/C/security.xml:481(para)
6596
#: serverguide/C/security.xml:496(para)
6591
6597
msgid "To see the firewall status, enter:"
6592
6598
msgstr ""
6593
6599
6594
#: serverguide/C/security.xml:485(command)
6600
#: serverguide/C/security.xml:500(command)
6595
6601
msgid "sudo ufw status"
6596
6602
msgstr ""
6597
6603
6598
#: serverguide/C/security.xml:489(para)
6604
#: serverguide/C/security.xml:504(para)
6599
6605
msgid "And for more verbose status information use:"
6600
6606
msgstr ""
6601
6607
6602
#: serverguide/C/security.xml:493(command)
6608
#: serverguide/C/security.xml:508(command)
6603
6609
msgid "sudo ufw status verbose"
6604
6610
msgstr ""
6605
6611
6606
#: serverguide/C/security.xml:497(para)
6612
#: serverguide/C/security.xml:512(para)
6607
6613
msgid "To view the <emphasis>numbered</emphasis> format:"
6608
6614
msgstr ""
6609
6615
6610
#: serverguide/C/security.xml:501(command)
6616
#: serverguide/C/security.xml:516(command)
6611
6617
msgid "sudo ufw status numbered"
6612
6618
msgstr ""
6613
6619
6614
#: serverguide/C/security.xml:506(para)
6620
#: serverguide/C/security.xml:521(para)
6615
6621
msgid ""
6616
6622
"If the port you want to open or close is defined in "
6617
6623
"<filename>/etc/services</filename>, you can use the port name instead of the "
6619
6625
"<emphasis>ssh</emphasis>."
6620
6626
msgstr ""
6621
6627
6622
#: serverguide/C/security.xml:512(para)
6628
#: serverguide/C/security.xml:527(para)
6623
6629
msgid ""
6624
6630
"This is a quick introduction to using <application>ufw</application>. Please "
6625
6631
"refer to the <application>ufw</application> man page for more information."
6626
6632
msgstr ""
6627
6633
6628
#: serverguide/C/security.xml:518(title)
6634
#: serverguide/C/security.xml:533(title)
6629
6635
msgid "ufw Application Integration"
6630
6636
msgstr ""
6631
6637
6632
#: serverguide/C/security.xml:520(para)
6638
#: serverguide/C/security.xml:535(para)
6633
6639
msgid ""
6634
6640
"Applications that open ports can include an <application>ufw</application> "
6635
6641
"profile, which details the ports needed for the application to function "
6638
6644
"the default ports have been changed."
6639
6645
msgstr ""
6640
6646
6641
#: serverguide/C/security.xml:529(para)
6647
#: serverguide/C/security.xml:544(para)
6642
6648
msgid ""
6643
6649
"To view which applications have installed a profile, enter the following in "
6644
6650
"a terminal:"
6645
6651
msgstr ""
6646
6652
6647
#: serverguide/C/security.xml:534(command)
6653
#: serverguide/C/security.xml:549(command)
6648
6654
msgid "sudo ufw app list"
6649
6655
msgstr ""
6650
6656
6651
#: serverguide/C/security.xml:540(para)
6657
#: serverguide/C/security.xml:555(para)
6652
6658
msgid ""
6653
6659
"Similar to allowing traffic to a port, using an application profile is "
6654
6660
"accomplished by entering:"
6655
6661
msgstr ""
6656
6662
6657
#: serverguide/C/security.xml:545(command)
6663
#: serverguide/C/security.xml:560(command)
6658
6664
msgid "sudo ufw allow Samba"
6659
6665
msgstr ""
6660
6666
6661
#: serverguide/C/security.xml:551(para)
6667
#: serverguide/C/security.xml:566(para)
6662
6668
msgid "An extended syntax is available as well:"
6663
6669
msgstr ""
6664
6670
6665
#: serverguide/C/security.xml:556(command)
6671
#: serverguide/C/security.xml:571(command)
6666
6672
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6667
6673
msgstr ""
6668
6674
6669
#: serverguide/C/security.xml:559(para)
6675
#: serverguide/C/security.xml:574(para)
6670
6676
msgid ""
6671
6677
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6672
6678
"with the application profile you are using and the IP range for your network."
6673
6679
msgstr ""
6674
6680
6675
#: serverguide/C/security.xml:565(para)
6681
#: serverguide/C/security.xml:580(para)
6676
6682
msgid ""
6677
6683
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6678
6684
"application, because that information is detailed in the profile. Also, note "
6680
6686
"<emphasis>port</emphasis> number."
6681
6687
msgstr ""
6682
6688
6683
#: serverguide/C/security.xml:574(para)
6689
#: serverguide/C/security.xml:589(para)
6684
6690
msgid ""
6685
"To view details about which ports, protocols, etc are defined for an "
6691
"To view details about which ports, protocols, etc., are defined for an "
6686
6692
"application, enter:"
6687
6693
msgstr ""
6688
6694
6689
#: serverguide/C/security.xml:579(command)
6695
#: serverguide/C/security.xml:594(command)
6690
6696
msgid "sudo ufw app info Samba"
6691
6697
msgstr ""
6692
6698
6693
#: serverguide/C/security.xml:585(para)
6699
#: serverguide/C/security.xml:600(para)
6694
6700
msgid ""
6695
6701
"Not all applications that require opening a network port come with "
6696
6702
"<application>ufw</application> profiles, but if you have profiled an "
6698
6704
"bug against the package in Launchpad."
6699
6705
msgstr ""
6700
6706
6701
#: serverguide/C/security.xml:591(command)
6707
#: serverguide/C/security.xml:606(command)
6702
6708
msgid "ubuntu-bug nameofpackage"
6703
6709
msgstr ""
6704
6710
6705
#: serverguide/C/security.xml:597(title)
6711
#: serverguide/C/security.xml:612(title)
6706
6712
msgid "IP Masquerading"
6707
6713
msgstr "IP Masquerading"
6708
6714
6709
#: serverguide/C/security.xml:598(para)
6715
#: serverguide/C/security.xml:613(para)
6710
6716
msgid ""
6711
6717
"The purpose of IP Masquerading is to allow machines with private, non-"
6712
6718
"routable IP addresses on your network to access the Internet through the "
6723
6729
"to in Microsoft documentation as Internet Connection Sharing."
6724
6730
msgstr ""
6725
6731
6726
#: serverguide/C/security.xml:614(title)
6732
#: serverguide/C/security.xml:629(title)
6727
6733
msgid "ufw Masquerading"
6728
6734
msgstr ""
6729
6735
6730
#: serverguide/C/security.xml:615(para)
6736
#: serverguide/C/security.xml:630(para)
6731
6737
msgid ""
6732
6738
"IP Masquerading can be achieved using custom <application>ufw</application> "
6733
6739
"rules. This is possible because the current back-end for "
6738
6744
"that are more network gateway or bridge related."
6739
6745
msgstr ""
6740
6746
6741
#: serverguide/C/security.xml:621(para)
6747
#: serverguide/C/security.xml:636(para)
6742
6748
msgid ""
6743
6749
"The rules are split into two different files, rules that should be executed "
6744
6750
"before <application>ufw</application> command line rules, and rules that are "
6745
6751
"executed after <application>ufw</application> command line rules."
6746
6752
msgstr ""
6747
6753
6748
#: serverguide/C/security.xml:627(para)
6754
#: serverguide/C/security.xml:642(para)
6749
6755
msgid ""
6750
6756
"First, packet forwarding needs to be enabled in "
6751
6757
"<application>ufw</application>. Two configuration files will need to be "
6753
6759
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6754
6760
msgstr ""
6755
6761
6756
#: serverguide/C/security.xml:631(programlisting)
6762
#: serverguide/C/security.xml:646(programlisting)
6757
6763
#, no-wrap
6758
6764
msgid ""
6759
6765
"\n"
6760
6766
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6761
6767
msgstr ""
6762
6768
6763
#: serverguide/C/security.xml:634(para)
6769
#: serverguide/C/security.xml:649(para)
6764
6770
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6765
6771
msgstr ""
6766
6772
6767
#: serverguide/C/security.xml:637(programlisting)
6773
#: serverguide/C/security.xml:652(programlisting)
6768
6774
#, no-wrap
6769
6775
msgid ""
6770
6776
"\n"
6771
6777
"net/ipv4/ip_forward=1\n"
6772
6778
msgstr ""
6773
6779
6774
#: serverguide/C/security.xml:640(para)
6780
#: serverguide/C/security.xml:655(para)
6775
6781
msgid "Similarly, for IPv6 forwarding uncomment:"
6776
6782
msgstr ""
6777
6783
6778
#: serverguide/C/security.xml:643(programlisting)
6784
#: serverguide/C/security.xml:658(programlisting)
6779
6785
#, no-wrap
6780
6786
msgid ""
6781
6787
"\n"
6782
6788
"net/ipv6/conf/default/forwarding=1\n"
6783
6789
msgstr ""
6784
6790
6785
#: serverguide/C/security.xml:648(para)
6791
#: serverguide/C/security.xml:663(para)
6786
6792
msgid ""
6787
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6788
"file. The default rules only configure the <emphasis>filter</emphasis> "
6789
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6790
"need to be configured. Add the following to the top of the file just after "
6791
"the header comments:"
6793
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6794
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6795
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6796
"configured. Add the following to the top of the file just after the header "
6797
"comments:"
6792
6798
msgstr ""
6793
6799
6794
#: serverguide/C/security.xml:653(programlisting)
6800
#: serverguide/C/security.xml:668(programlisting)
6795
6801
#, no-wrap
6796
6802
msgid ""
6797
6803
"\n"
6807
6813
"COMMIT\n"
6808
6814
msgstr ""
6809
6815
6810
#: serverguide/C/security.xml:664(para)
6816
#: serverguide/C/security.xml:679(para)
6811
6817
msgid ""
6812
6818
"The comments are not strictly necessary, but it is considered good practice "
6813
6819
"to document your configuration. Also, when modifying any of the "
6816
6822
"line for each table modified:"
6817
6823
msgstr ""
6818
6824
6819
#: serverguide/C/security.xml:670(programlisting)
6825
#: serverguide/C/security.xml:685(programlisting)
6820
6826
#, no-wrap
6821
6827
msgid ""
6822
6828
"\n"
6824
6830
"COMMIT\n"
6825
6831
msgstr ""
6826
6832
6827
#: serverguide/C/security.xml:675(para)
6833
#: serverguide/C/security.xml:690(para)
6828
6834
msgid ""
6829
6835
"For each <emphasis>Table</emphasis> a corresponding "
6830
6836
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6833
6839
"<emphasis>mangle</emphasis> tables."
6834
6840
msgstr ""
6835
6841
6836
#: serverguide/C/security.xml:682(para)
6842
#: serverguide/C/security.xml:697(para)
6837
6843
msgid ""
6838
6844
"In the above example replace <emphasis>eth0</emphasis>, "
6839
6845
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6840
6846
"appropriate interfaces and IP range for your network."
6841
6847
msgstr ""
6842
6848
6843
#: serverguide/C/security.xml:690(para)
6849
#: serverguide/C/security.xml:705(para)
6844
6850
msgid ""
6845
6851
"Finally, disable and re-enable <application>ufw</application> to apply the "
6846
6852
"changes:"
6847
6853
msgstr ""
6848
6854
6849
#: serverguide/C/security.xml:694(command)
6855
#: serverguide/C/security.xml:709(command)
6850
6856
msgid "sudo ufw disable && sudo ufw enable"
6851
6857
msgstr ""
6852
6858
6853
#: serverguide/C/security.xml:698(para)
6859
#: serverguide/C/security.xml:713(para)
6854
6860
msgid ""
6855
6861
"IP Masquerading should now be enabled. You can also add any additional "
6856
6862
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6858
6864
"forward</emphasis> chain."
6859
6865
msgstr ""
6860
6866
6861
#: serverguide/C/security.xml:705(title)
6867
#: serverguide/C/security.xml:720(title)
6862
6868
msgid "iptables Masquerading"
6863
6869
msgstr ""
6864
6870
6865
#: serverguide/C/security.xml:706(para)
6871
#: serverguide/C/security.xml:721(para)
6866
6872
msgid ""
6867
6873
"<application>iptables</application> can also be used to enable Masquerading."
6868
6874
msgstr ""
6869
6875
6870
#: serverguide/C/security.xml:711(para)
6876
#: serverguide/C/security.xml:726(para)
6871
6877
msgid ""
6872
6878
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6873
6879
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6874
"uncomment the following line"
6880
"uncomment the following line:"
6875
6881
msgstr ""
6876
6882
6877
#: serverguide/C/security.xml:715(programlisting)
6883
#: serverguide/C/security.xml:730(programlisting)
6878
6884
#, no-wrap
6879
6885
msgid ""
6880
6886
"\n"
6881
6887
"net.ipv4.ip_forward=1\n"
6882
6888
msgstr ""
6883
6889
6884
#: serverguide/C/security.xml:718(para)
6890
#: serverguide/C/security.xml:733(para)
6885
6891
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6886
6892
msgstr ""
6887
6893
6888
#: serverguide/C/security.xml:721(programlisting)
6894
#: serverguide/C/security.xml:736(programlisting)
6889
6895
#, no-wrap
6890
6896
msgid ""
6891
6897
"\n"
6892
6898
"net.ipv6.conf.default.forwarding=1\n"
6893
6899
msgstr ""
6894
6900
6895
#: serverguide/C/security.xml:726(para)
6901
#: serverguide/C/security.xml:741(para)
6896
6902
msgid ""
6897
6903
"Next, execute the <application>sysctl</application> command to enable the "
6898
6904
"new settings in the configuration file:"
6899
6905
msgstr ""
6900
6906
6901
#: serverguide/C/security.xml:730(command)
6907
#: serverguide/C/security.xml:745(command)
6902
6908
msgid "sudo sysctl -p"
6903
6909
msgstr ""
6904
6910
6905
#: serverguide/C/security.xml:734(para)
6911
#: serverguide/C/security.xml:749(para)
6906
6912
msgid ""
6907
6913
"IP Masquerading can now be accomplished with a single iptables rule, which "
6908
6914
"may differ slightly based on your network configuration:"
6909
6915
msgstr ""
6910
6916
6911
#: serverguide/C/security.xml:737(screen)
6917
#: serverguide/C/security.xml:752(screen)
6912
6918
#, no-wrap
6913
6919
msgid ""
6914
6920
"\n"
6915
6921
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6916
6922
msgstr ""
6917
6923
6918
#: serverguide/C/security.xml:740(para)
6924
#: serverguide/C/security.xml:755(para)
6919
6925
msgid ""
6920
6926
"The above command assumes that your private address space is 192.168.0.0/16 "
6921
6927
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6922
6928
"follows:"
6923
6929
msgstr ""
6924
6930
6925
#: serverguide/C/security.xml:745(para)
6931
#: serverguide/C/security.xml:760(para)
6926
6932
msgid "-t nat -- the rule is to go into the nat table"
6927
6933
msgstr "-t nat -- aturan ini menuju ke tabel at"
6928
6934
6929
#: serverguide/C/security.xml:746(para)
6935
#: serverguide/C/security.xml:761(para)
6930
6936
msgid ""
6931
6937
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6932
6938
msgstr ""
6933
6939
"-A POSTROUTING -- aturan ini akan ditambahkan (-A) ke aturan POSTROUTING"
6934
6940
6935
#: serverguide/C/security.xml:747(para)
6941
#: serverguide/C/security.xml:762(para)
6936
6942
msgid ""
6937
6943
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6938
6944
"specified address space"
6940
6946
"-s 192.168.0.0/16 -- aturan ini berfungsi terhadap aliran data yang berasal "
6941
6947
"dari alamat network yang disebutkan"
6942
6948
6943
#: serverguide/C/security.xml:748(para)
6949
#: serverguide/C/security.xml:763(para)
6944
6950
msgid ""
6945
6951
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6946
6952
"specified network device"
6948
6954
"-o ppp0 -- aturan ini berfungis untuk mengatur aliran data agar di teruskan "
6949
6955
"melalui perangkat network tertentu"
6950
6956
6951
#: serverguide/C/security.xml:750(para)
6957
#: serverguide/C/security.xml:765(para)
6952
6958
msgid ""
6953
6959
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6954
6960
"MASQUERADE target to be manipulated as described above"
6956
6962
"-j MASQUERADE -- aliran data yang sesuai dengan aturan ini akan di \"jump\" "
6957
6963
"(-j) ke MASQUERADE target untuk di manipulasi seperti di deskripsikan di atas"
6958
6964
6959
#: serverguide/C/security.xml:758(para)
6965
#: serverguide/C/security.xml:773(para)
6960
6966
msgid ""
6961
6967
"Also, each chain in the filter table (the default table, and where most or "
6962
6968
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6966
6972
"above rule to work:"
6967
6973
msgstr ""
6968
6974
6969
#: serverguide/C/security.xml:765(screen)
6975
#: serverguide/C/security.xml:780(screen)
6970
6976
#, no-wrap
6971
6977
msgid ""
6972
6978
"\n"
6975
6981
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6976
6982
msgstr ""
6977
6983
6978
#: serverguide/C/security.xml:770(para)
6984
#: serverguide/C/security.xml:785(para)
6979
6985
msgid ""
6980
6986
"The above commands will allow all connections from your local network to the "
6981
6987
"Internet and all traffic related to those connections to return to the "
6982
6988
"machine that initiated them."
6983
6989
msgstr ""
6984
6990
6985
#: serverguide/C/security.xml:777(para)
6991
#: serverguide/C/security.xml:792(para)
6986
6992
msgid ""
6987
6993
"If you want masquerading to be enabled on reboot, which you probably do, "
6988
6994
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6989
6995
"example add the first command with no filtering:"
6990
6996
msgstr ""
6991
6997
6992
#: serverguide/C/security.xml:781(screen)
6998
#: serverguide/C/security.xml:796(screen)
6993
6999
#, no-wrap
6994
7000
msgid ""
6995
7001
"\n"
6996
7002
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6997
7003
msgstr ""
6998
7004
6999
#: serverguide/C/security.xml:789(title)
7005
#: serverguide/C/security.xml:804(title)
7000
7006
msgid "Logs"
7001
7007
msgstr "Log"
7002
7008
7003
#: serverguide/C/security.xml:790(para)
7009
#: serverguide/C/security.xml:805(para)
7004
7010
msgid ""
7005
7011
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7006
7012
"firewall rules, and noticing unusual activity on your network. You must "
7010
7016
"REJECT)."
7011
7017
msgstr ""
7012
7018
7013
#: serverguide/C/security.xml:797(para)
7019
#: serverguide/C/security.xml:812(para)
7014
7020
msgid ""
7015
7021
"If you are using <application>ufw</application>, you can turn on logging by "
7016
7022
"entering the following in a terminal:"
7017
7023
msgstr ""
7018
7024
7019
#: serverguide/C/security.xml:801(command)
7025
#: serverguide/C/security.xml:816(command)
7020
7026
msgid "sudo ufw logging on"
7021
7027
msgstr ""
7022
7028
7023
#: serverguide/C/security.xml:803(para)
7029
#: serverguide/C/security.xml:818(para)
7024
7030
msgid ""
7025
7031
"To turn logging off in <application>ufw</application>, simply replace "
7026
7032
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7027
7033
"role=\"italic\">off</emphasis> in the above command."
7028
7034
msgstr ""
7029
7035
7030
#: serverguide/C/security.xml:806(para)
7036
#: serverguide/C/security.xml:821(para)
7031
7037
msgid ""
7032
7038
"If using <application>iptables</application> instead of "
7033
7039
"<application>ufw</application>, enter:"
7034
7040
msgstr ""
7035
7041
7036
#: serverguide/C/security.xml:809(screen)
7042
#: serverguide/C/security.xml:824(screen)
7037
7043
#, no-wrap
7038
7044
msgid ""
7039
7045
"\n"
7041
7047
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
7042
7048
msgstr ""
7043
7049
7044
#: serverguide/C/security.xml:813(para)
7050
#: serverguide/C/security.xml:828(para)
7045
7051
msgid ""
7046
7052
"A request on port 80 from the local machine, then, would generate a log in "
7047
7053
"dmesg that looks like this (single line split into 3 to fit this document):"
7057
7063
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
7058
7064
msgstr ""
7059
7065
7060
#: serverguide/C/security.xml:822(para)
7066
#: serverguide/C/security.xml:836(para)
7061
7067
msgid ""
7062
7068
"The above log will also appear in <filename>/var/log/messages</filename>, "
7063
7069
"<filename>/var/log/syslog</filename>, and "
7074
7080
"or <application>lire</application>."
7075
7081
msgstr ""
7076
7082
7077
#: serverguide/C/security.xml:837(title)
7083
#: serverguide/C/security.xml:851(title)
7078
7084
msgid "Other Tools"
7079
7085
msgstr ""
7080
7086
7081
#: serverguide/C/security.xml:838(para)
7087
#: serverguide/C/security.xml:852(para)
7082
7088
msgid ""
7083
7089
"There are many tools available to help you construct a complete firewall "
7084
7090
"without intimate knowledge of iptables. For the GUI-inclined:"
7085
7091
msgstr ""
7086
7092
7087
#: serverguide/C/security.xml:844(para)
7093
#: serverguide/C/security.xml:858(para)
7088
7094
msgid ""
7089
7095
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7090
7096
"and will look familiar to an administrator who has used a commercial "
7091
7097
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7092
7098
msgstr ""
7093
7099
7094
#: serverguide/C/security.xml:850(para)
7100
#: serverguide/C/security.xml:864(para)
7095
7101
msgid ""
7096
7102
"If you prefer a command-line tool with plain-text configuration files:"
7097
7103
msgstr ""
7098
7104
7099
#: serverguide/C/security.xml:855(para)
7105
#: serverguide/C/security.xml:869(para)
7100
7106
msgid ""
7101
7107
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7102
7108
"powerful solution to help you configure an advanced firewall for any network."
7103
7109
msgstr ""
7104
7110
7105
#: serverguide/C/security.xml:866(para)
7111
#: serverguide/C/security.xml:880(para)
7106
7112
msgid ""
7107
7113
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7108
7114
"Firewall</ulink> wiki page contains information on the development of "
7109
7115
"<application>ufw</application>."
7110
7116
msgstr ""
7111
7117
7112
#: serverguide/C/security.xml:872(para)
7118
#: serverguide/C/security.xml:886(para)
7113
7119
msgid ""
7114
7120
"Also, the <application>ufw</application> manual page contains some very "
7115
7121
"useful information: <command>man ufw</command>."
7116
7122
msgstr ""
7117
7123
7118
#: serverguide/C/security.xml:877(para)
7124
#: serverguide/C/security.xml:891(para)
7119
7125
msgid ""
7120
7126
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7121
7127
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7122
7128
"on using <application>iptables</application>."
7123
7129
msgstr ""
7124
7130
7125
#: serverguide/C/security.xml:883(para)
7131
#: serverguide/C/security.xml:897(para)
7126
7132
msgid ""
7127
7133
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7128
7134
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7129
7135
msgstr ""
7130
7136
7131
#: serverguide/C/security.xml:889(para)
7137
#: serverguide/C/security.xml:903(para)
7132
7138
msgid ""
7133
7139
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7134
7140
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7135
7141
msgstr ""
7136
7142
7137
#: serverguide/C/security.xml:897(title)
7143
#: serverguide/C/security.xml:911(title)
7138
7144
msgid "AppArmor"
7139
7145
msgstr ""
7140
7146
7141
#: serverguide/C/security.xml:898(para)
7147
#: serverguide/C/security.xml:912(para)
7142
7148
msgid ""
7143
7149
"<application>AppArmor</application> is a Linux Security Module "
7144
7150
"implementation of name-based mandatory access controls. AppArmor confines "
7146
7152
"capabilities."
7147
7153
msgstr ""
7148
7154
7149
#: serverguide/C/security.xml:902(para)
7155
#: serverguide/C/security.xml:916(para)
7150
7156
msgid ""
7151
7157
"<application>AppArmor</application> is installed and loaded by default. It "
7152
7158
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7155
7161
"<application>apparmor-profiles</application> package."
7156
7162
msgstr ""
7157
7163
7158
#: serverguide/C/security.xml:907(para)
7164
#: serverguide/C/security.xml:921(para)
7159
7165
msgid ""
7160
7166
"To install the <application>apparmor-profiles</application> package from a "
7161
7167
"terminal prompt:"
7162
7168
msgstr ""
7163
7169
7164
#: serverguide/C/security.xml:911(command)
7170
#: serverguide/C/security.xml:925(command)
7165
7171
msgid "sudo apt-get install apparmor-profiles"
7166
7172
msgstr "sudo apt-get install apparmor-profiles"
7167
7173
7168
#: serverguide/C/security.xml:913(para)
7174
#: serverguide/C/security.xml:927(para)
7169
7175
msgid "AppArmor profiles have two modes of execution:"
7170
7176
msgstr ""
7171
7177
7172
#: serverguide/C/security.xml:918(para)
7178
#: serverguide/C/security.xml:932(para)
7173
7179
msgid ""
7174
7180
"Complaining/Learning: profile violations are permitted and logged. Useful "
7175
7181
"for testing and developing new profiles."
7176
7182
msgstr ""
7177
7183
7178
#: serverguide/C/security.xml:923(para)
7184
#: serverguide/C/security.xml:937(para)
7179
7185
msgid ""
7180
7186
"Enforced/Confined: enforces profile policy as well as logging the violation."
7181
7187
msgstr ""
7182
7188
7183
#: serverguide/C/security.xml:929(title)
7189
#: serverguide/C/security.xml:943(title)
7184
7190
msgid "Using AppArmor"
7185
7191
msgstr ""
7186
7192
7191
7197
"#1304134</ulink>) and instructions will not work as advertised."
7192
7198
msgstr ""
7193
7199
7194
#: serverguide/C/security.xml:930(para)
7200
#: serverguide/C/security.xml:950(para)
7195
7201
msgid ""
7196
7202
"The <application>apparmor-utils</application> package contains command line "
7197
7203
"utilities that you can use to change the <application>AppArmor</application> "
7198
7204
"execution mode, find the status of a profile, create new profiles, etc."
7199
7205
msgstr ""
7200
7206
7201
#: serverguide/C/security.xml:936(para)
7207
#: serverguide/C/security.xml:956(para)
7202
7208
msgid ""
7203
7209
"<application>apparmor_status</application> is used to view the current "
7204
7210
"status of AppArmor profiles."
7205
7211
msgstr ""
7206
7212
7207
#: serverguide/C/security.xml:940(command)
7213
#: serverguide/C/security.xml:960(command)
7208
7214
msgid "sudo apparmor_status"
7209
7215
msgstr ""
7210
7216
7211
#: serverguide/C/security.xml:944(para)
7217
#: serverguide/C/security.xml:964(para)
7212
7218
msgid ""
7213
7219
"<application>aa-complain</application> places a profile into "
7214
7220
"<emphasis>complain</emphasis> mode."
7215
7221
msgstr ""
7216
7222
7217
#: serverguide/C/security.xml:948(command)
7223
#: serverguide/C/security.xml:968(command)
7218
7224
msgid "sudo aa-complain /path/to/bin"
7219
7225
msgstr ""
7220
7226
7221
#: serverguide/C/security.xml:952(para)
7227
#: serverguide/C/security.xml:972(para)
7222
7228
msgid ""
7223
7229
"<application>aa-enforce</application> places a profile into "
7224
7230
"<emphasis>enforce</emphasis> mode."
7225
7231
msgstr ""
7226
7232
7227
#: serverguide/C/security.xml:956(command)
7233
#: serverguide/C/security.xml:976(command)
7228
7234
msgid "sudo aa-enforce /path/to/bin"
7229
7235
msgstr ""
7230
7236
7231
#: serverguide/C/security.xml:960(para)
7237
#: serverguide/C/security.xml:980(para)
7232
7238
msgid ""
7233
7239
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7234
7240
"profiles are located. It can be used to manipulate the "
7235
7241
"<emphasis>mode</emphasis> of all profiles."
7236
7242
msgstr ""
7237
7243
7238
#: serverguide/C/security.xml:964(para)
7244
#: serverguide/C/security.xml:984(para)
7239
7245
msgid "Enter the following to place all profiles into complain mode:"
7240
7246
msgstr ""
7241
7247
7242
#: serverguide/C/security.xml:968(command)
7248
#: serverguide/C/security.xml:988(command)
7243
7249
msgid "sudo aa-complain /etc/apparmor.d/*"
7244
7250
msgstr ""
7245
7251
7246
#: serverguide/C/security.xml:970(para)
7252
#: serverguide/C/security.xml:990(para)
7247
7253
msgid "To place all profiles in enforce mode:"
7248
7254
msgstr ""
7249
7255
7250
#: serverguide/C/security.xml:974(command)
7256
#: serverguide/C/security.xml:994(command)
7251
7257
msgid "sudo aa-enforce /etc/apparmor.d/*"
7252
7258
msgstr ""
7253
7259
7254
#: serverguide/C/security.xml:978(para)
7260
#: serverguide/C/security.xml:998(para)
7255
7261
msgid ""
7256
7262
"<application>apparmor_parser</application> is used to load a profile into "
7257
7263
"the kernel. It can also be used to reload a currently loaded profile using "
7258
7264
"the <emphasis>-r</emphasis> option. To load a profile:"
7259
7265
msgstr ""
7260
7266
7261
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7267
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7262
7268
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7263
7269
msgstr ""
7264
7270
7265
#: serverguide/C/security.xml:985(para)
7271
#: serverguide/C/security.xml:1005(para)
7266
7272
msgid "To reload a profile:"
7267
7273
msgstr ""
7268
7274
7269
#: serverguide/C/security.xml:989(command)
7275
#: serverguide/C/security.xml:1009(command)
7270
7276
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7271
7277
msgstr ""
7272
7278
7276
7282
"<emphasis>reload</emphasis> all profiles:"
7277
7283
msgstr ""
7278
7284
7279
#: serverguide/C/network-auth.xml:964(command)
7285
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7280
7286
msgid "sudo service apparmor reload"
7281
7287
msgstr ""
7282
7288
7283
#: serverguide/C/security.xml:1001(para)
7289
#: serverguide/C/security.xml:1021(para)
7284
7290
msgid ""
7285
7291
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7286
7292
"with the <application>apparmor_parser -R</application> option to "
7287
7293
"<emphasis>disable</emphasis> a profile."
7288
7294
msgstr ""
7289
7295
7290
#: serverguide/C/security.xml:1006(command)
7296
#: serverguide/C/security.xml:1026(command)
7291
7297
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7292
7298
msgstr ""
7293
7299
7294
#: serverguide/C/security.xml:1007(command)
7300
#: serverguide/C/security.xml:1027(command)
7295
7301
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7296
7302
msgstr ""
7297
7303
7298
#: serverguide/C/security.xml:1009(para)
7304
#: serverguide/C/security.xml:1029(para)
7299
7305
msgid ""
7300
7306
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7301
7307
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7302
7308
"load the profile using the <emphasis>-a</emphasis> option."
7303
7309
msgstr ""
7304
7310
7305
#: serverguide/C/security.xml:1014(command)
7311
#: serverguide/C/security.xml:1034(command)
7306
7312
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7307
7313
msgstr ""
7308
7314
7309
#: serverguide/C/security.xml:1019(para)
7315
#: serverguide/C/security.xml:1039(para)
7310
7316
msgid ""
7311
7317
"<application>AppArmor</application> can be disabled, and the kernel module "
7312
7318
"unloaded by entering the following:"
7316
7322
msgid "sudo service apparmor stop"
7317
7323
msgstr ""
7318
7324
7319
#: serverguide/C/security.xml:1024(command)
7325
#: serverguide/C/security.xml:1044(command)
7320
7326
msgid "sudo update-rc.d -f apparmor remove"
7321
7327
msgstr ""
7322
7328
7323
#: serverguide/C/security.xml:1028(para)
7329
#: serverguide/C/security.xml:1048(para)
7324
7330
msgid "To re-enable <application>AppArmor</application> enter:"
7325
7331
msgstr ""
7326
7332
7328
7334
msgid "sudo service apparmor start"
7329
7335
msgstr ""
7330
7336
7331
#: serverguide/C/security.xml:1033(command)
7337
#: serverguide/C/security.xml:1053(command)
7332
7338
msgid "sudo update-rc.d apparmor defaults"
7333
7339
msgstr ""
7334
7340
7335
#: serverguide/C/security.xml:1038(para)
7341
#: serverguide/C/security.xml:1058(para)
7336
7342
msgid ""
7337
7343
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7338
7344
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7340
7346
"<application>ping</application> command use <filename>/bin/ping</filename>"
7341
7347
msgstr ""
7342
7348
7343
#: serverguide/C/security.xml:1046(title)
7349
#: serverguide/C/security.xml:1066(title)
7344
7350
msgid "Profiles"
7345
7351
msgstr ""
7346
7352
7347
#: serverguide/C/security.xml:1047(para)
7353
#: serverguide/C/security.xml:1067(para)
7348
7354
msgid ""
7349
7355
"<application>AppArmor</application> profiles are simple text files located "
7350
7356
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7353
7359
"profile for the <filename>/bin/ping</filename> command."
7354
7360
msgstr ""
7355
7361
7356
#: serverguide/C/security.xml:1053(para)
7362
#: serverguide/C/security.xml:1073(para)
7357
7363
msgid "There are two main type of rules used in profiles:"
7358
7364
msgstr ""
7359
7365
7360
#: serverguide/C/security.xml:1058(para)
7366
#: serverguide/C/security.xml:1078(para)
7361
7367
msgid ""
7362
"<emphasis>Path entries:</emphasis> which detail which files an application "
7363
"can access in the file system."
7368
"<emphasis>Path entries:</emphasis> detail which files an application can "
7369
"access in the file system."
7364
7370
msgstr ""
7365
7371
7366
#: serverguide/C/security.xml:1063(para)
7372
#: serverguide/C/security.xml:1083(para)
7367
7373
msgid ""
7368
7374
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7369
7375
"confined process is allowed to use."
7370
7376
msgstr ""
7371
7377
7372
#: serverguide/C/security.xml:1068(para)
7378
#: serverguide/C/security.xml:1088(para)
7373
7379
msgid ""
7374
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7380
"As an example, take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7375
7381
msgstr ""
7376
7382
7377
#: serverguide/C/security.xml:1071(programlisting)
7383
#: serverguide/C/security.xml:1091(programlisting)
7378
7384
#, no-wrap
7379
7385
msgid ""
7380
7386
"\n"
7393
7399
"}\n"
7394
7400
msgstr ""
7395
7401
7396
#: serverguide/C/security.xml:1088(para)
7402
#: serverguide/C/security.xml:1108(para)
7397
7403
msgid ""
7398
7404
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7399
7405
"from other files. This allows statements pertaining to multiple applications "
7400
7406
"to be placed in a common file."
7401
7407
msgstr ""
7402
7408
7403
#: serverguide/C/security.xml:1094(para)
7409
#: serverguide/C/security.xml:1114(para)
7404
7410
msgid ""
7405
7411
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7406
7412
"program, also setting the mode to <emphasis>complain</emphasis>."
7407
7413
msgstr ""
7408
7414
7409
#: serverguide/C/security.xml:1100(para)
7415
#: serverguide/C/security.xml:1120(para)
7410
7416
msgid ""
7411
7417
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7412
7418
"the CAP_NET_RAW Posix.1e capability."
7413
7419
msgstr ""
7414
7420
7415
#: serverguide/C/security.xml:1105(para)
7421
#: serverguide/C/security.xml:1125(para)
7416
7422
msgid ""
7417
7423
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7418
7424
"execute access to the file."
7419
7425
msgstr ""
7420
7426
7421
#: serverguide/C/security.xml:1111(para)
7427
#: serverguide/C/security.xml:1131(para)
7422
7428
msgid ""
7423
7429
"After editing a profile file the profile must be reloaded. See <xref "
7424
7430
"linkend=\"apparmor-usage\"/> for details."
7425
7431
msgstr ""
7426
7432
7427
#: serverguide/C/security.xml:1116(title)
7433
#: serverguide/C/security.xml:1136(title)
7428
7434
msgid "Creating a Profile"
7429
7435
msgstr ""
7430
7436
7431
#: serverguide/C/security.xml:1119(para)
7437
#: serverguide/C/security.xml:1139(para)
7432
7438
msgid ""
7433
7439
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7434
7440
"application should be exercised. The test plan should be divided into small "
7436
7442
"steps to follow."
7437
7443
msgstr ""
7438
7444
7439
#: serverguide/C/security.xml:1123(para)
7445
#: serverguide/C/security.xml:1143(para)
7440
7446
msgid "Some standard test cases are:"
7441
7447
msgstr ""
7442
7448
7443
#: serverguide/C/security.xml:1128(para)
7449
#: serverguide/C/security.xml:1148(para)
7444
7450
msgid "Starting the program."
7445
7451
msgstr ""
7446
7452
7447
#: serverguide/C/security.xml:1133(para)
7453
#: serverguide/C/security.xml:1153(para)
7448
7454
msgid "Stopping the program."
7449
7455
msgstr ""
7450
7456
7451
#: serverguide/C/security.xml:1138(para)
7457
#: serverguide/C/security.xml:1158(para)
7452
7458
msgid "Reloading the program."
7453
7459
msgstr ""
7454
7460
7455
#: serverguide/C/security.xml:1143(para)
7461
#: serverguide/C/security.xml:1163(para)
7456
7462
msgid "Testing all the commands supported by the init script."
7457
7463
msgstr ""
7458
7464
7459
#: serverguide/C/security.xml:1150(para)
7465
#: serverguide/C/security.xml:1170(para)
7460
7466
msgid ""
7461
7467
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7462
7468
"genprof</application> to generate a new profile. From a terminal:"
7463
7469
msgstr ""
7464
7470
7465
#: serverguide/C/security.xml:1155(command)
7471
#: serverguide/C/security.xml:1175(command)
7466
7472
msgid "sudo aa-genprof executable"
7467
7473
msgstr ""
7468
7474
7469
#: serverguide/C/security.xml:1157(para)
7475
#: serverguide/C/security.xml:1177(para)
7470
7476
msgid "For example:"
7471
7477
msgstr ""
7472
7478
7473
#: serverguide/C/security.xml:1161(command)
7479
#: serverguide/C/security.xml:1181(command)
7474
7480
msgid "sudo aa-genprof slapd"
7475
7481
msgstr ""
7476
7482
7477
#: serverguide/C/security.xml:1165(para)
7483
#: serverguide/C/security.xml:1185(para)
7478
7484
msgid ""
7479
7485
"To get your new profile included in the <application>apparmor-"
7480
7486
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7483
7489
"/ulink> package:"
7484
7490
msgstr ""
7485
7491
7486
#: serverguide/C/security.xml:1172(para)
7492
#: serverguide/C/security.xml:1192(para)
7487
7493
msgid "Include your test plan and test cases."
7488
7494
msgstr ""
7489
7495
7490
#: serverguide/C/security.xml:1177(para)
7496
#: serverguide/C/security.xml:1197(para)
7491
7497
msgid "Attach your new profile to the bug."
7492
7498
msgstr ""
7493
7499
7494
#: serverguide/C/security.xml:1186(title)
7500
#: serverguide/C/security.xml:1206(title)
7495
7501
msgid "Updating Profiles"
7496
7502
msgstr ""
7497
7503
7498
#: serverguide/C/security.xml:1187(para)
7504
#: serverguide/C/security.xml:1207(para)
7499
7505
msgid ""
7500
7506
"When the program is misbehaving, audit messages are sent to the log files. "
7501
7507
"The program <application>aa-logprof</application> can be used to scan log "
7503
7509
"and update the profiles. From a terminal:"
7504
7510
msgstr ""
7505
7511
7506
#: serverguide/C/security.xml:1192(command)
7512
#: serverguide/C/security.xml:1212(command)
7507
7513
msgid "sudo aa-logprof"
7508
7514
msgstr ""
7509
7515
7510
#: serverguide/C/security.xml:1200(para)
7516
#: serverguide/C/security.xml:1220(para)
7511
7517
msgid ""
7512
7518
"See the <ulink "
7513
7519
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7516
7522
"configuration options."
7517
7523
msgstr ""
7518
7524
7519
#: serverguide/C/security.xml:1207(para)
7525
#: serverguide/C/security.xml:1227(para)
7520
7526
msgid ""
7521
7527
"For details using AppArmor with other Ubuntu releases see the <ulink "
7522
7528
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7523
7529
"Wiki</ulink> page."
7524
7530
msgstr ""
7525
7531
7526
#: serverguide/C/security.xml:1215(para)
7532
#: serverguide/C/security.xml:1235(para)
7527
7533
msgid ""
7528
7534
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7529
7535
"AppArmor</ulink> page is another introduction to AppArmor."
7530
7536
msgstr ""
7531
7537
7532
#: serverguide/C/security.xml:1222(para)
7538
#: serverguide/C/security.xml:1242(para)
7533
7539
msgid ""
7534
7540
"A great place to ask for <application>AppArmor</application> assistance, and "
7535
7541
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7537
7543
"url=\"http://freenode.net\">freenode</ulink>."
7538
7544
msgstr ""
7539
7545
7540
#: serverguide/C/security.xml:1232(title)
7546
#: serverguide/C/security.xml:1252(title)
7541
7547
msgid "Certificates"
7542
7548
msgstr ""
7543
7549
7544
#: serverguide/C/security.xml:1233(para)
7550
#: serverguide/C/security.xml:1253(para)
7545
7551
msgid ""
7546
7552
"One of the most common forms of cryptography today is <emphasis>public-"
7547
7553
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7551
7557
"the private key."
7552
7558
msgstr ""
7553
7559
7554
#: serverguide/C/security.xml:1239(para)
7560
#: serverguide/C/security.xml:1259(para)
7555
7561
msgid ""
7556
7562
"A common use for public-key cryptography is encrypting application traffic "
7557
7563
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7558
"connection. For example, configuring Apache to provide "
7564
"connection. One example: configuring Apache to provide "
7559
7565
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7560
7566
"encrypt traffic using a protocol that does not itself provide encryption."
7561
7567
msgstr ""
7562
7568
7563
#: serverguide/C/security.xml:1244(para)
7569
#: serverguide/C/security.xml:1264(para)
7564
7570
msgid ""
7565
7571
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7566
7572
"<emphasis>public key</emphasis> and other information about a server and the "
7567
7573
"organization who is responsible for it. Certificates can be digitally signed "
7568
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7574
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7569
7575
"third party that has confirmed that the information contained in the "
7570
7576
"certificate is accurate."
7571
7577
msgstr ""
7572
7578
7573
#: serverguide/C/security.xml:1251(title)
7579
#: serverguide/C/security.xml:1271(title)
7574
7580
msgid "Types of Certificates"
7575
7581
msgstr "Tipe Sertifikat"
7576
7582
7577
#: serverguide/C/security.xml:1252(para)
7583
#: serverguide/C/security.xml:1272(para)
7578
7584
msgid ""
7579
7585
"To set up a secure server using public-key cryptography, in most cases, you "
7580
7586
"send your certificate request (including your public key), proof of your "
7584
7590
"signed</emphasis> certificate."
7585
7591
msgstr ""
7586
7592
7587
#: serverguide/C/security.xml:1262(para)
7593
#: serverguide/C/security.xml:1282(para)
7588
7594
msgid ""
7589
"Note, that self-signed certificates should not be used in most production "
7595
"Note that self-signed certificates should not be used in most production "
7590
7596
"environments."
7591
7597
msgstr ""
7592
7598
7593
#: serverguide/C/security.xml:1266(para)
7599
#: serverguide/C/security.xml:1286(para)
7594
7600
msgid ""
7595
7601
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7596
7602
"capabilities that a self-signed certificate does not:"
7597
7603
msgstr ""
7598
7604
7599
#: serverguide/C/security.xml:1273(para)
7605
#: serverguide/C/security.xml:1293(para)
7600
7606
msgid ""
7601
7607
"Browsers (usually) automatically recognize the certificate and allow a "
7602
7608
"secure connection to be made without prompting the user."
7603
7609
msgstr ""
7604
7610
7605
#: serverguide/C/security.xml:1280(para)
7611
#: serverguide/C/security.xml:1300(para)
7606
7612
msgid ""
7607
7613
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7608
7614
"the organization that is providing the web pages to the browser."
7617
7623
"may generate an error message when using a self-signed certificate."
7618
7624
msgstr ""
7619
7625
7620
#: serverguide/C/security.xml:1296(para)
7626
#: serverguide/C/security.xml:1316(para)
7621
7627
msgid ""
7622
7628
"The process of getting a certificate from a CA is fairly easy. A quick "
7623
7629
"overview is as follows:"
7624
7630
msgstr ""
7625
7631
7626
#: serverguide/C/security.xml:1303(para)
7632
#: serverguide/C/security.xml:1323(para)
7627
7633
msgid "Create a private and public encryption key pair."
7628
7634
msgstr "Buat pasangan kunci enkripsi private dan public."
7629
7635
7630
#: serverguide/C/security.xml:1306(para)
7636
#: serverguide/C/security.xml:1326(para)
7631
7637
msgid ""
7632
7638
"Create a certificate request based on the public key. The certificate "
7633
7639
"request contains information about your server and the company hosting it."
7635
7641
"Membuat permintaan sertifikat yang berbasiskan kunci publik. Sertifikat ini "
7636
7642
"mengandung permintaan tentang server anda dan perusahaan yang menghosting"
7637
7643
7638
#: serverguide/C/security.xml:1311(para)
7644
#: serverguide/C/security.xml:1331(para)
7639
7645
msgid ""
7640
7646
"Send the certificate request, along with documents proving your identity, to "
7641
7647
"a CA. We cannot tell you which certificate authority to choose. Your "
7643
7649
"your friends or colleagues, or purely on monetary factors."
7644
7650
msgstr ""
7645
7651
7646
#: serverguide/C/security.xml:1317(para)
7652
#: serverguide/C/security.xml:1337(para)
7647
7653
msgid ""
7648
7654
"Once you have decided upon a CA, you need to follow the instructions they "
7649
7655
"provide on how to obtain a certificate from them."
7650
7656
msgstr ""
7651
7657
7652
#: serverguide/C/security.xml:1322(para)
7658
#: serverguide/C/security.xml:1342(para)
7653
7659
msgid ""
7654
7660
"When the CA is satisfied that you are indeed who you claim to be, they send "
7655
7661
"you a digital certificate."
7656
7662
msgstr ""
7657
7663
7658
#: serverguide/C/security.xml:1326(para)
7664
#: serverguide/C/security.xml:1346(para)
7659
7665
msgid ""
7660
7666
"Install this certificate on your secure server, and configure the "
7661
7667
"appropriate applications to use the certificate."
7662
7668
msgstr ""
7663
7669
7664
#: serverguide/C/security.xml:1335(title)
7670
#: serverguide/C/security.xml:1355(title)
7665
7671
msgid "Generating a Certificate Signing Request (CSR)"
7666
7672
msgstr "Men-generate Certificate Signing Request (CSR)"
7667
7673
7668
#: serverguide/C/security.xml:1337(para)
7674
#: serverguide/C/security.xml:1357(para)
7669
7675
msgid ""
7670
7676
"Whether you are getting a certificate from a CA or generating your own self-"
7671
7677
"signed certificate, the first step is to generate a key."
7672
7678
msgstr ""
7673
7679
7674
#: serverguide/C/security.xml:1342(para)
7680
#: serverguide/C/security.xml:1362(para)
7675
7681
msgid ""
7676
7682
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7677
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7683
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7678
7684
"passphrase allows the services to start without manual intervention, usually "
7679
7685
"the preferred way to start a daemon."
7680
7686
msgstr ""
7681
7687
7682
#: serverguide/C/security.xml:1348(para)
7688
#: serverguide/C/security.xml:1368(para)
7683
7689
msgid ""
7684
7690
"This section will cover generating a key with a passphrase, and one without. "
7685
7691
"The non-passphrase key will then be used to generate a certificate that can "
7686
7692
"be used with various service daemons."
7687
7693
msgstr ""
7688
7694
7689
#: serverguide/C/security.xml:1354(para)
7695
#: serverguide/C/security.xml:1374(para)
7690
7696
msgid ""
7691
7697
"Running your secure service without a passphrase is convenient because you "
7692
7698
"will not need to enter the passphrase every time you start your secure "
7694
7700
"of the server as well."
7695
7701
msgstr ""
7696
7702
7697
#: serverguide/C/security.xml:1361(para)
7703
#: serverguide/C/security.xml:1381(para)
7698
7704
msgid ""
7699
7705
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7700
7706
"Request (CSR) run the following command from a terminal prompt:"
7701
7707
msgstr ""
7702
7708
7703
#: serverguide/C/security.xml:1367(command)
7709
#: serverguide/C/security.xml:1387(command)
7704
7710
msgid "openssl genrsa -des3 -out server.key 2048"
7705
7711
msgstr ""
7706
7712
7707
#: serverguide/C/security.xml:1370(programlisting)
7713
#: serverguide/C/security.xml:1390(programlisting)
7708
7714
#, no-wrap
7709
7715
msgid ""
7710
7716
"\n"
7715
7721
"Enter pass phrase for server.key:\n"
7716
7722
msgstr ""
7717
7723
7718
#: serverguide/C/security.xml:1378(para)
7724
#: serverguide/C/security.xml:1398(para)
7719
7725
msgid ""
7720
7726
"You can now enter your passphrase. For best security, it should at least "
7721
7727
"contain eight characters. The minimum length when specifying -des3 is four "
7723
7729
"in a dictionary. Also remember that your passphrase is case-sensitive."
7724
7730
msgstr ""
7725
7731
7726
#: serverguide/C/security.xml:1386(para)
7732
#: serverguide/C/security.xml:1406(para)
7727
7733
msgid ""
7728
7734
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7729
7735
"server key is generated and stored in the <filename>server.key</filename> "
7730
7736
"file."
7731
7737
msgstr ""
7732
7738
7733
#: serverguide/C/security.xml:1392(para)
7739
#: serverguide/C/security.xml:1412(para)
7734
7740
msgid ""
7735
7741
"Now create the insecure key, the one without a passphrase, and shuffle the "
7736
7742
"key names:"
7737
7743
msgstr ""
7738
7744
7739
#: serverguide/C/security.xml:1398(command)
7745
#: serverguide/C/security.xml:1418(command)
7740
7746
msgid "openssl rsa -in server.key -out server.key.insecure"
7741
7747
msgstr "openssl rsa -in server.key -out server.key.insecure"
7742
7748
7743
#: serverguide/C/security.xml:1399(command)
7749
#: serverguide/C/security.xml:1419(command)
7744
7750
msgid "mv server.key server.key.secure"
7745
7751
msgstr ""
7746
7752
7747
#: serverguide/C/security.xml:1400(command)
7753
#: serverguide/C/security.xml:1420(command)
7748
7754
msgid "mv server.key.insecure server.key"
7749
7755
msgstr ""
7750
7756
7751
#: serverguide/C/security.xml:1403(para)
7757
#: serverguide/C/security.xml:1423(para)
7752
7758
msgid ""
7753
7759
"The insecure key is now named <filename>server.key</filename>, and you can "
7754
7760
"use this file to generate the CSR without passphrase."
7755
7761
msgstr ""
7756
7762
7757
#: serverguide/C/security.xml:1408(para)
7763
#: serverguide/C/security.xml:1428(para)
7758
7764
msgid "To create the CSR, run the following command at a terminal prompt:"
7759
7765
msgstr "Untuk membuat CSR, jalankan perintah berikut pada terminal prompt:"
7760
7766
7761
#: serverguide/C/security.xml:1413(command)
7767
#: serverguide/C/security.xml:1433(command)
7762
7768
msgid "openssl req -new -key server.key -out server.csr"
7763
7769
msgstr "openssl req -new -key server.key -out server.csr"
7764
7770
7765
#: serverguide/C/security.xml:1416(para)
7771
#: serverguide/C/security.xml:1436(para)
7766
7772
msgid ""
7767
7773
"It will prompt you enter the passphrase. If you enter the correct "
7768
7774
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7770
7776
"be stored in the <filename>server.csr</filename> file."
7771
7777
msgstr ""
7772
7778
7773
#: serverguide/C/security.xml:1424(para)
7779
#: serverguide/C/security.xml:1444(para)
7774
7780
msgid ""
7775
7781
"You can now submit this CSR file to a CA for processing. The CA will use "
7776
7782
"this CSR file and issue the certificate. On the other hand, you can create "
7777
7783
"self-signed certificate using this CSR."
7778
7784
msgstr ""
7779
7785
7780
#: serverguide/C/security.xml:1432(title)
7786
#: serverguide/C/security.xml:1452(title)
7781
7787
msgid "Creating a Self-Signed Certificate"
7782
7788
msgstr "Membuat Self-Signed Certificate"
7783
7789
7784
#: serverguide/C/security.xml:1433(para)
7790
#: serverguide/C/security.xml:1453(para)
7785
7791
msgid ""
7786
7792
"To create the self-signed certificate, run the following command at a "
7787
7793
"terminal prompt:"
7789
7795
"Untuk membuat self-signed certificate, jalankan perintah berikut pada "
7790
7796
"terminal prompt:"
7791
7797
7792
#: serverguide/C/security.xml:1438(command)
7798
#: serverguide/C/security.xml:1458(command)
7793
7799
msgid ""
7794
7800
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7795
7801
"server.crt"
7797
7803
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7798
7804
"server.crt"
7799
7805
7800
#: serverguide/C/security.xml:1441(para)
7806
#: serverguide/C/security.xml:1461(para)
7801
7807
msgid ""
7802
7808
"The above command will prompt you to enter the passphrase. Once you enter "
7803
7809
"the correct passphrase, your certificate will be created and it will be "
7804
7810
"stored in the <filename>server.crt</filename> file."
7805
7811
msgstr ""
7806
7812
7807
#: serverguide/C/security.xml:1446(para)
7813
#: serverguide/C/security.xml:1466(para)
7808
7814
msgid ""
7809
7815
"If your secure server is to be used in a production environment, you "
7810
7816
"probably need a CA-signed certificate. It is not recommended to use self-"
7811
7817
"signed certificate."
7812
7818
msgstr ""
7813
7819
7814
#: serverguide/C/security.xml:1454(title)
7820
#: serverguide/C/security.xml:1474(title)
7815
7821
msgid "Installing the Certificate"
7816
7822
msgstr "Menginstal Certificate"
7817
7823
7818
#: serverguide/C/security.xml:1456(para)
7824
#: serverguide/C/security.xml:1476(para)
7819
7825
msgid ""
7820
7826
"You can install the key file <filename>server.key</filename> and certificate "
7821
7827
"file <filename>server.crt</filename>, or the certificate file issued by your "
7822
7828
"CA, by running following commands at a terminal prompt:"
7823
7829
msgstr ""
7824
7830
7825
#: serverguide/C/security.xml:1462(command)
7831
#: serverguide/C/security.xml:1482(command)
7826
7832
msgid "sudo cp server.crt /etc/ssl/certs"
7827
7833
msgstr "sudo cp server.crt /etc/ssl/certs"
7828
7834
7829
#: serverguide/C/security.xml:1463(command)
7835
#: serverguide/C/security.xml:1483(command)
7830
7836
msgid "sudo cp server.key /etc/ssl/private"
7831
7837
msgstr "sudo cp server.key /etc/ssl/private"
7832
7838
7833
#: serverguide/C/security.xml:1465(para)
7839
#: serverguide/C/security.xml:1485(para)
7834
7840
msgid ""
7835
7841
"Now simply configure any applications, with the ability to use public-key "
7836
7842
"cryptography, to use the <emphasis>certificate</emphasis> and "
7839
7845
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7840
7846
msgstr ""
7841
7847
7842
#: serverguide/C/security.xml:1472(title)
7848
#: serverguide/C/security.xml:1492(title)
7843
7849
msgid "Certification Authority"
7844
7850
msgstr ""
7845
7851
7846
#: serverguide/C/security.xml:1474(para)
7852
#: serverguide/C/security.xml:1494(para)
7847
7853
msgid ""
7848
7854
"If the services on your network require more than a few self-signed "
7849
7855
"certificates it may be worth the additional effort to setup your own "
7853
7859
"the same CA."
7854
7860
msgstr ""
7855
7861
7856
#: serverguide/C/security.xml:1484(para)
7862
#: serverguide/C/security.xml:1504(para)
7857
7863
msgid ""
7858
7864
"First, create the directories to hold the CA certificate and related files:"
7859
7865
msgstr ""
7860
7866
7861
#: serverguide/C/security.xml:1489(command)
7867
#: serverguide/C/security.xml:1509(command)
7862
7868
msgid "sudo mkdir /etc/ssl/CA"
7863
7869
msgstr ""
7864
7870
7865
#: serverguide/C/security.xml:1490(command)
7871
#: serverguide/C/security.xml:1510(command)
7866
7872
msgid "sudo mkdir /etc/ssl/newcerts"
7867
7873
msgstr ""
7868
7874
7869
#: serverguide/C/security.xml:1496(para)
7875
#: serverguide/C/security.xml:1516(para)
7870
7876
msgid ""
7871
7877
"The CA needs a few additional files to operate, one to keep track of the "
7872
7878
"last serial number used by the CA, each certificate must have a unique "
7874
7880
"issued:"
7875
7881
msgstr ""
7876
7882
7877
#: serverguide/C/security.xml:1503(command)
7883
#: serverguide/C/security.xml:1523(command)
7878
7884
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7879
7885
msgstr ""
7880
7886
7881
#: serverguide/C/security.xml:1504(command)
7887
#: serverguide/C/security.xml:1524(command)
7882
7888
msgid "sudo touch /etc/ssl/CA/index.txt"
7883
7889
msgstr ""
7884
7890
7885
#: serverguide/C/security.xml:1510(para)
7891
#: serverguide/C/security.xml:1530(para)
7886
7892
msgid ""
7887
7893
"The third file is a CA configuration file. Though not strictly necessary, it "
7888
7894
"is very convenient when issuing multiple certificates. Edit "
7890
7896
"]</emphasis> change:"
7891
7897
msgstr ""
7892
7898
7893
#: serverguide/C/security.xml:1516(programlisting)
7899
#: serverguide/C/security.xml:1536(programlisting)
7894
7900
#, no-wrap
7895
7901
msgid ""
7896
7902
"\n"
7905
7911
msgid "Next, create the self-signed root certificate:"
7906
7912
msgstr ""
7907
7913
7908
#: serverguide/C/security.xml:1532(command)
7914
#: serverguide/C/security.xml:1552(command)
7909
7915
msgid ""
7910
7916
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7911
7917
"days 3650"
7912
7918
msgstr ""
7913
7919
7914
#: serverguide/C/security.xml:1535(para)
7920
#: serverguide/C/security.xml:1555(para)
7915
7921
msgid "You will then be asked to enter the details about the certificate."
7916
7922
msgstr ""
7917
7923
7918
#: serverguide/C/security.xml:1542(para)
7924
#: serverguide/C/security.xml:1562(para)
7919
7925
msgid "Now install the root certificate and key:"
7920
7926
msgstr ""
7921
7927
7922
#: serverguide/C/security.xml:1547(command)
7928
#: serverguide/C/security.xml:1567(command)
7923
7929
msgid "sudo mv cakey.pem /etc/ssl/private/"
7924
7930
msgstr ""
7925
7931
7926
#: serverguide/C/security.xml:1548(command)
7932
#: serverguide/C/security.xml:1568(command)
7927
7933
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7928
7934
msgstr ""
7929
7935
7930
#: serverguide/C/security.xml:1554(para)
7936
#: serverguide/C/security.xml:1574(para)
7931
7937
msgid ""
7932
7938
"You are now ready to start signing certificates. The first item needed is a "
7933
7939
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7935
7941
"certificate signed by the CA:"
7936
7942
msgstr ""
7937
7943
7938
#: serverguide/C/security.xml:1561(command)
7944
#: serverguide/C/security.xml:1581(command)
7939
7945
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7940
7946
msgstr ""
7941
7947
7942
#: serverguide/C/security.xml:1564(para)
7948
#: serverguide/C/security.xml:1584(para)
7943
7949
msgid ""
7944
7950
"After entering the password for the CA key, you will be prompted to sign the "
7945
7951
"certificate, and again to commit the new certificate. You should then see a "
7946
7952
"somewhat large amount of output related to the certificate creation."
7947
7953
msgstr ""
7948
7954
7949
#: serverguide/C/security.xml:1573(para)
7955
#: serverguide/C/security.xml:1593(para)
7950
7956
msgid ""
7951
7957
"There should now be a new file, "
7952
7958
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7957
7963
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7958
7964
msgstr ""
7959
7965
7960
#: serverguide/C/security.xml:1581(para)
7966
#: serverguide/C/security.xml:1601(para)
7961
7967
msgid ""
7962
7968
"Subsequent certificates will be named <filename>02.pem</filename>, "
7963
7969
"<filename>03.pem</filename>, etc."
7964
7970
msgstr ""
7965
7971
7966
#: serverguide/C/security.xml:1586(para)
7972
#: serverguide/C/security.xml:1606(para)
7967
7973
msgid ""
7968
7974
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7969
7975
"name."
7970
7976
msgstr ""
7971
7977
7972
#: serverguide/C/security.xml:1594(para)
7978
#: serverguide/C/security.xml:1614(para)
7973
7979
msgid ""
7974
7980
"Finally, copy the new certificate to the host that needs it, and configure "
7975
7981
"the appropriate applications to use it. The default location to install "
7978
7984
"complicated file permissions."
7979
7985
msgstr ""
7980
7986
7981
#: serverguide/C/security.xml:1600(para)
7987
#: serverguide/C/security.xml:1620(para)
7982
7988
msgid ""
7983
7989
"For applications that can be configured to use a CA certificate, you should "
7984
7990
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7986
7992
"server."
7987
7993
msgstr ""
7988
7994
7989
#: serverguide/C/security.xml:1614(para)
7995
#: serverguide/C/security.xml:1634(para)
7990
7996
msgid ""
7991
7997
"For more detailed instructions on using cryptography see the <ulink "
7992
7998
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7993
"Certificates HOWTO</ulink> by tldp.org"
7999
"Certificates HOWTO</ulink> by tldp.org:"
7994
8000
msgstr ""
7995
8001
7996
#: serverguide/C/security.xml:1620(para)
8002
#: serverguide/C/security.xml:1640(para)
7997
8003
msgid ""
7998
8004
"The Wikipedia <ulink "
7999
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8005
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
8000
8006
"information regarding HTTPS."
8001
8007
msgstr ""
8002
8008
8003
#: serverguide/C/security.xml:1625(para)
8009
#: serverguide/C/security.xml:1645(para)
8004
8010
msgid ""
8005
8011
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8006
8012
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8007
8013
msgstr ""
8008
8014
8009
#: serverguide/C/security.xml:1630(para)
8015
#: serverguide/C/security.xml:1650(para)
8010
8016
msgid ""
8011
8017
"Also, O'Reilly's <ulink "
8012
8018
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8013
"OpenSSL</ulink> is a good in depth reference."
8019
"OpenSSL</ulink> is a good in-depth reference."
8014
8020
msgstr ""
8015
8021
8016
#: serverguide/C/security.xml:1639(title)
8022
#: serverguide/C/security.xml:1659(title)
8017
8023
msgid "eCryptfs"
8018
8024
msgstr ""
8019
8025
8025
8031
"filesystem, partition type, etc."
8026
8032
msgstr ""
8027
8033
8028
#: serverguide/C/security.xml:1647(para)
8034
#: serverguide/C/security.xml:1667(para)
8029
8035
msgid ""
8030
8036
"During installation there is an option to encrypt the <filename "
8031
8037
"role=\"directory\">/home</filename> partition. This will automatically "
8032
8038
"configure everything needed to encrypt and mount the partition."
8033
8039
msgstr ""
8034
8040
8035
#: serverguide/C/security.xml:1652(para)
8041
#: serverguide/C/security.xml:1672(para)
8036
8042
msgid ""
8037
8043
"As an example, this section will cover configuring <filename "
8038
8044
"role=\"directory\">/srv</filename> to be encrypted using "
8039
8045
"<emphasis>eCryptfs</emphasis>."
8040
8046
msgstr ""
8041
8047
8042
#: serverguide/C/security.xml:1657(title)
8048
#: serverguide/C/security.xml:1677(title)
8043
8049
msgid "Using eCryptfs"
8044
8050
msgstr ""
8045
8051
8046
#: serverguide/C/security.xml:1659(para)
8052
#: serverguide/C/security.xml:1679(para)
8047
8053
msgid "First, install the necessary packages. From a terminal prompt enter:"
8048
8054
msgstr ""
8049
8055
8050
#: serverguide/C/security.xml:1664(command)
8056
#: serverguide/C/security.xml:1684(command)
8051
8057
msgid "sudo apt-get install ecryptfs-utils"
8052
8058
msgstr ""
8053
8059
8054
#: serverguide/C/security.xml:1667(para)
8060
#: serverguide/C/security.xml:1687(para)
8055
8061
msgid "Now mount the partition to be encrypted:"
8056
8062
msgstr ""
8057
8063
8058
#: serverguide/C/security.xml:1672(command)
8064
#: serverguide/C/security.xml:1692(command)
8059
8065
msgid "sudo mount -t ecryptfs /srv /srv"
8060
8066
msgstr ""
8061
8067
8062
#: serverguide/C/security.xml:1675(para)
8068
#: serverguide/C/security.xml:1695(para)
8063
8069
msgid ""
8064
8070
"You will then be prompted for some details on how "
8065
8071
"<application>ecryptfs</application> should encrypt the data."
8066
8072
msgstr ""
8067
8073
8068
#: serverguide/C/security.xml:1679(para)
8074
#: serverguide/C/security.xml:1699(para)
8069
8075
msgid ""
8070
8076
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8071
8077
"copy the <filename>/etc/default</filename> folder to "
8072
8078
"<filename>/srv</filename>:"
8073
8079
msgstr ""
8074
8080
8075
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8081
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8076
8082
msgid "sudo cp -r /etc/default /srv"
8077
8083
msgstr ""
8078
8084
8079
#: serverguide/C/security.xml:1688(para)
8085
#: serverguide/C/security.xml:1708(para)
8080
8086
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8081
8087
msgstr ""
8082
8088
8083
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8089
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8084
8090
msgid "sudo umount /srv"
8085
8091
msgstr ""
8086
8092
8087
#: serverguide/C/security.xml:1694(command)
8093
#: serverguide/C/security.xml:1714(command)
8088
8094
msgid "cat /srv/default/cron"
8089
8095
msgstr ""
8090
8096
8091
#: serverguide/C/security.xml:1697(para)
8097
#: serverguide/C/security.xml:1717(para)
8092
8098
msgid ""
8093
8099
"Remounting <filename>/srv</filename> using "
8094
8100
"<application>ecryptfs</application> will make the data viewable once again."
8095
8101
msgstr ""
8096
8102
8097
#: serverguide/C/security.xml:1703(title)
8103
#: serverguide/C/security.xml:1723(title)
8098
8104
msgid "Automatically Mounting Encrypted Partitions"
8099
8105
msgstr ""
8100
8106
8101
#: serverguide/C/security.xml:1705(para)
8107
#: serverguide/C/security.xml:1725(para)
8102
8108
msgid ""
8103
8109
"There are a couple of ways to automatically mount an "
8104
8110
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8106
8112
"mount options, along with a passphrase file residing on a USB key."
8107
8113
msgstr ""
8108
8114
8109
#: serverguide/C/security.xml:1711(para)
8115
#: serverguide/C/security.xml:1731(para)
8110
8116
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8111
8117
msgstr ""
8112
8118
8113
#: serverguide/C/security.xml:1715(programlisting)
8119
#: serverguide/C/security.xml:1735(programlisting)
8114
8120
#, no-wrap
8115
8121
msgid ""
8116
8122
"\n"
8122
8128
"ecryptfs_enable_filename_crypto=n\n"
8123
8129
msgstr ""
8124
8130
8125
#: serverguide/C/security.xml:1725(para)
8131
#: serverguide/C/security.xml:1745(para)
8126
8132
msgid ""
8127
8133
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8128
8134
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8129
8135
msgstr ""
8130
8136
8131
#: serverguide/C/security.xml:1730(para)
8137
#: serverguide/C/security.xml:1750(para)
8132
8138
msgid ""
8133
8139
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8134
8140
"file:"
8135
8141
msgstr ""
8136
8142
8137
#: serverguide/C/security.xml:1734(programlisting)
8143
#: serverguide/C/security.xml:1754(programlisting)
8138
8144
#, no-wrap
8139
8145
msgid ""
8140
8146
"\n"
8141
8147
"passphrase_passwd=[secrets]\n"
8142
8148
msgstr ""
8143
8149
8144
#: serverguide/C/security.xml:1738(para)
8150
#: serverguide/C/security.xml:1758(para)
8145
8151
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8146
8152
msgstr ""
8147
8153
8148
#: serverguide/C/security.xml:1742(programlisting)
8154
#: serverguide/C/security.xml:1762(programlisting)
8149
8155
#, no-wrap
8150
8156
msgid ""
8151
8157
"\n"
8153
8159
"/srv /srv ecryptfs defaults 0 0\n"
8154
8160
msgstr ""
8155
8161
8156
#: serverguide/C/security.xml:1747(para)
8162
#: serverguide/C/security.xml:1767(para)
8157
8163
msgid "Make sure the USB drive is mounted before the encrypted partition."
8158
8164
msgstr ""
8159
8165
8160
#: serverguide/C/security.xml:1751(para)
8166
#: serverguide/C/security.xml:1771(para)
8161
8167
msgid ""
8162
8168
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8163
8169
"<emphasis>eCryptfs</emphasis>."
8164
8170
msgstr ""
8165
8171
8166
#: serverguide/C/security.xml:1757(title)
8172
#: serverguide/C/security.xml:1777(title)
8167
8173
msgid "Other Utilities"
8168
8174
msgstr "Peralatan Lain"
8169
8175
8170
#: serverguide/C/security.xml:1759(para)
8176
#: serverguide/C/security.xml:1779(para)
8171
8177
msgid ""
8172
8178
"The <application>ecryptfs-utils</application> package includes several other "
8173
8179
"useful utilities:"
8174
8180
msgstr ""
8175
8181
8176
#: serverguide/C/security.xml:1765(para)
8182
#: serverguide/C/security.xml:1785(para)
8177
8183
msgid ""
8178
8184
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8179
8185
"<filename>~/Private</filename> directory to contain encrypted information. "
8181
8187
"other users on the system."
8182
8188
msgstr ""
8183
8189
8184
#: serverguide/C/security.xml:1772(para)
8190
#: serverguide/C/security.xml:1792(para)
8185
8191
msgid ""
8186
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8187
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8188
"directory."
8192
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8193
"private</emphasis> will mount and unmount a user's "
8194
"<filename>~/Private</filename> directory."
8189
8195
msgstr ""
8190
8196
8191
#: serverguide/C/security.xml:1778(para)
8197
#: serverguide/C/security.xml:1798(para)
8192
8198
msgid ""
8193
8199
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8194
8200
"kernel keyring."
8195
8201
msgstr ""
8196
8202
8197
#: serverguide/C/security.xml:1783(para)
8203
#: serverguide/C/security.xml:1803(para)
8198
8204
msgid ""
8199
8205
"<emphasis>ecryptfs-manager:</emphasis> manages "
8200
8206
"<application>eCryptfs</application> objects such as keys."
8201
8207
msgstr ""
8202
8208
8203
#: serverguide/C/security.xml:1788(para)
8209
#: serverguide/C/security.xml:1808(para)
8204
8210
msgid ""
8205
8211
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8206
8212
"<application>ecryptfs</application> meta information for a file."
8207
8213
msgstr ""
8208
8214
8209
#: serverguide/C/security.xml:1801(para)
8215
#: serverguide/C/security.xml:1821(para)
8210
8216
msgid ""
8211
8217
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8212
8218
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8213
8219
msgstr ""
8214
8220
8215
#: serverguide/C/security.xml:1806(para)
8221
#: serverguide/C/security.xml:1826(para)
8216
8222
msgid ""
8217
8223
"There is also a <ulink "
8218
8224
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8231
8237
msgid "Samba"
8232
8238
msgstr ""
8233
8239
8234
#: serverguide/C/windows-networking.xml:13(para)
8240
#: serverguide/C/samba.xml:13(para)
8235
8241
msgid ""
8236
8242
"Computer networks are often comprised of diverse systems, and while "
8237
8243
"operating a network made up entirely of Ubuntu desktop and server computers "
8253
8259
"mengonfigurasi Server Ubuntu anda agar dapat melakukan pembagian sumber daya "
8254
8260
"jaringan dengan komputer yang menggunakan sistem operasi Windows."
8255
8261
8256
#: serverguide/C/windows-networking.xml:25(para)
8262
#: serverguide/C/samba.xml:25(para)
8257
8263
msgid ""
8258
8264
"Successfully networking your Ubuntu system with Windows clients involves "
8259
8265
"providing and integrating with services common to Windows environments. Such "
8267
8273
"dan pengguna yang terhubung kedalam jaringan, dan dapat diklasifikasikan "
8268
8274
"dibawah tiga kategori utama berdasarkan fungsionalitasnya:"
8269
8275
8270
#: serverguide/C/windows-networking.xml:33(para)
8276
#: serverguide/C/samba.xml:33(para)
8271
8277
msgid ""
8272
8278
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8273
8279
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8277
8283
"Menggunakan protocol Blok Pesan Server (SMB) sebagai fasilitas untuk berbagi "
8278
8284
"berkas, folder, volume, dan berbagi pencetak keseluruh jaringan."
8279
8285
8280
#: serverguide/C/windows-networking.xml:39(para)
8286
#: serverguide/C/samba.xml:39(para)
8281
8287
msgid ""
8282
8288
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8283
8289
"information about the computers and users of the network with such "
8289
8295
"seperti Protokol Akses Direktori Ringan (LDAP) dan Microsoft <trademark "
8290
8296
"class=\"registered\">Active Directory</trademark>."
8291
8297
8292
#: serverguide/C/windows-networking.xml:46(para)
8298
#: serverguide/C/samba.xml:46(para)
8293
8299
msgid ""
8294
8300
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8295
8301
"the identity of a computer or user of the network and determining the "
8304
8310
"file), kebijakan kelompok (group policies), dan layanan pembuktian keaslian "
8305
8311
"Kerberos (the Kerberos authentication service)."
8306
8312
8307
#: serverguide/C/windows-networking.xml:54(para)
8313
#: serverguide/C/samba.xml:54(para)
8308
8314
msgid ""
8309
8315
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8310
8316
"clients and share network resources among them. One of the principal pieces "
8317
8323
"sistem Ubuntu anda untuk jaringan Windows adalah paket Samba dari aplikasi "
8318
8324
"dan perlengkapan SMB server."
8319
8325
8320
#: serverguide/C/windows-networking.xml:60(para)
8326
#: serverguide/C/samba.xml:60(para)
8321
8327
msgid ""
8322
8328
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8323
8329
"of the common Samba use cases, and how to install and configure the "
8335
8341
msgid "File Server"
8336
8342
msgstr ""
8337
8343
8338
#: serverguide/C/windows-networking.xml:70(para)
8344
#: serverguide/C/samba.xml:70(para)
8339
8345
msgid ""
8340
8346
"One of the most common ways to network Ubuntu and Windows computers is to "
8341
8347
"configure Samba as a File Server. This section covers setting up a "
8346
8352
"meliputi tentang cara menyiapkan server <application>Samba</application> "
8347
8353
"untuk berbagi file dengan klien Windows."
8348
8354
8349
#: serverguide/C/windows-networking.xml:75(para)
8355
#: serverguide/C/samba.xml:75(para)
8350
8356
msgid ""
8351
8357
"The server will be configured to share files with any client on the network "
8352
8358
"without prompting for a password. If your environment requires stricter "
8357
8363
"Kontrol Akses yang lebih ketat lihat <xref linkend=\"samba-fileprint-"
8358
8364
"security\"/>"
8359
8365
8360
#: serverguide/C/windows-networking.xml:83(para)
8366
#: serverguide/C/samba.xml:83(para)
8361
8367
msgid ""
8362
8368
"The first step is to install the <application>samba</application> package. "
8363
8369
"From a terminal prompt enter:"
8365
8371
"Tahap pertama dari pemasangan paket <application>samba</application>. Dari "
8366
8372
"terminal ketikkan:"
8367
8373
8368
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8374
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8369
8375
msgid "sudo apt-get install samba"
8370
8376
msgstr "sudo apt-get install samba"
8371
8377
8372
#: serverguide/C/windows-networking.xml:91(para)
8378
#: serverguide/C/samba.xml:91(para)
8373
8379
msgid ""
8374
8380
"That's all there is to it; you are now ready to configure Samba to share "
8375
8381
"files."
8377
8383
"Itu saja yang diperlukan, Anda sekarang siap untuk mengkonfigurasikan Samba "
8378
8384
"untuk berbagi file."
8379
8385
8380
#: serverguide/C/windows-networking.xml:99(para)
8386
#: serverguide/C/samba.xml:99(para)
8381
8387
msgid ""
8382
8388
"The main Samba configuration file is located in "
8383
8389
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8389
8395
"memiliki sejumlah besar komentar untuk mendokumentasikan berbagai perintah "
8390
8396
"konfigurasi."
8391
8397
8392
#: serverguide/C/windows-networking.xml:104(para)
8398
#: serverguide/C/samba.xml:104(para)
8393
8399
msgid ""
8394
8400
"Not all the available options are included in the default configuration "
8395
8401
"file. See the <filename>smb.conf</filename><application>man</application> "
8401
8407
"atau <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
8402
8408
"Collection/\">Samba HOWTO Collection</ulink> untuk lebih jelasnya."
8403
8409
8404
#: serverguide/C/windows-networking.xml:113(para)
8410
#: serverguide/C/samba.xml:113(para)
8405
8411
msgid ""
8406
8412
"First, edit the following key/value pairs in the "
8407
8413
"<emphasis>[global]</emphasis> section of "
8408
8414
"<filename>/etc/samba/smb.conf</filename>:"
8409
8415
msgstr ""
8410
8416
8411
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8417
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8412
8418
#, no-wrap
8413
8419
msgid ""
8414
8420
"\n"
8421
8427
" ...\n"
8422
8428
" security = user\n"
8423
8429
8424
#: serverguide/C/windows-networking.xml:124(para)
8430
#: serverguide/C/samba.xml:124(para)
8425
8431
msgid ""
8426
8432
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8427
8433
"section, and is commented by default. Also, change "
8428
8434
"<emphasis>EXAMPLE</emphasis> to better match your environment."
8429
8435
msgstr ""
8430
8436
8431
#: serverguide/C/windows-networking.xml:132(para)
8437
#: serverguide/C/samba.xml:132(para)
8432
8438
msgid ""
8433
8439
"Create a new section at the bottom of the file, or uncomment one of the "
8434
8440
"examples, for the directory to be shared:"
8436
8442
"Membuat bagian baru di bagian bawah file, atau hilangkan tanda komentar "
8437
8443
"salah satu contoh, untuk direktori yang akan dibagi:"
8438
8444
8439
#: serverguide/C/windows-networking.xml:136(programlisting)
8445
#: serverguide/C/samba.xml:136(programlisting)
8440
8446
#, no-wrap
8441
8447
msgid ""
8442
8448
"\n"
8457
8463
" read only = no\n"
8458
8464
" create mask = 0755\n"
8459
8465
8460
#: serverguide/C/windows-networking.xml:148(para)
8466
#: serverguide/C/samba.xml:148(para)
8461
8467
msgid ""
8462
8468
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8463
8469
"fit your needs."
8465
8471
"<emphasis>comment:</emphasis> sebuah deskripsi singkat. Sesuaikan dengan "
8466
8472
"kebutuhan."
8467
8473
8468
#: serverguide/C/windows-networking.xml:153(para)
8474
#: serverguide/C/samba.xml:153(para)
8469
8475
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8470
8476
msgstr "<emphasis>path:</emphasis> Lokasi dari direktori yang akan dibagikan"
8471
8477
8472
#: serverguide/C/windows-networking.xml:156(para)
8478
#: serverguide/C/samba.xml:156(para)
8473
8479
msgid ""
8474
8480
"This example uses <filename>/srv/samba/sharename</filename> because, "
8475
8481
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8480
8486
"adhering to standards is recommended."
8481
8487
msgstr ""
8482
8488
8483
#: serverguide/C/windows-networking.xml:165(para)
8489
#: serverguide/C/samba.xml:165(para)
8484
8490
msgid ""
8485
8491
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8486
8492
"directory using <application>Windows Explorer</application>."
8488
8494
"<emphasis>browsable:</emphasis> mengaktifkan klien windows untuk menjelajah "
8489
8495
"direktori bagi menggunakan <application>Windows Explorer</application>."
8490
8496
8491
#: serverguide/C/windows-networking.xml:171(para)
8497
#: serverguide/C/samba.xml:171(para)
8492
8498
msgid ""
8493
8499
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8494
8500
"without supplying a password."
8496
8502
"<emphasis>guest ok:</emphasis> mengijinkan klien untuk terhubung dengan "
8497
8503
"share tanpa kata sandi"
8498
8504
8499
#: serverguide/C/windows-networking.xml:176(para)
8505
#: serverguide/C/samba.xml:176(para)
8500
8506
msgid ""
8501
8507
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8502
8508
"write privileges are granted. Write privileges are allowed only when the "
8509
8515
"yang terlihat dalam contoh ini. Jika nilai <emphasis>yas</ emphasis>, maka "
8510
8516
"akses ke berkas tersebut hanya baca saja."
8511
8517
8512
#: serverguide/C/windows-networking.xml:181(para)
8518
#: serverguide/C/samba.xml:181(para)
8513
8519
msgid ""
8514
8520
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8515
8521
"have when created."
8517
8523
"<emphasis>create mask:</emphasis> menetapkan perijinan dari berkas baru "
8518
8524
"ketika dibuat"
8519
8525
8520
#: serverguide/C/windows-networking.xml:190(para)
8526
#: serverguide/C/samba.xml:190(para)
8521
8527
msgid ""
8522
8528
"Now that <application>Samba</application> is configured, the directory needs "
8523
8529
"to be created and the permissions changed. From a terminal enter:"
8525
8531
"Sekarang <application>Samba</application> telah di atur, direktori harus "
8526
8532
"dibuat dan perijinan diubah. Dari terminal ketikkan:"
8527
8533
8528
#: serverguide/C/windows-networking.xml:196(command)
8534
#: serverguide/C/samba.xml:196(command)
8529
8535
msgid "sudo mkdir -p /srv/samba/share"
8530
8536
msgstr "sudo mkdir -p /srv/samba/share"
8531
8537
8532
#: serverguide/C/windows-networking.xml:197(command)
8538
#: serverguide/C/samba.xml:197(command)
8533
8539
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8534
8540
msgstr ""
8535
8541
8536
#: serverguide/C/windows-networking.xml:201(para)
8542
#: serverguide/C/samba.xml:201(para)
8537
8543
msgid ""
8538
8544
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8539
8545
"directory tree if it doesn't exist."
8541
8547
"<emphasis>-p</emphasis> memberitahu mkdir untuk membuat direktori model "
8542
8548
"pohon semuanya jika tidak ada."
8543
8549
8544
#: serverguide/C/windows-networking.xml:209(para)
8550
#: serverguide/C/samba.xml:209(para)
8545
8551
msgid ""
8546
8552
"Finally, restart the <application>samba</application> services to enable the "
8547
8553
"new configuration:"
8549
8555
"Terakhir, restart layanan <application>samba</application> untuk "
8550
8556
"mengaktifkan pengaturan baru:"
8551
8557
8552
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8558
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4114(command)
8553
8559
msgid "sudo restart smbd"
8554
8560
msgstr "sudo restart smbd"
8555
8561
8556
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8562
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2533(command) serverguide/C/network-auth.xml:4115(command)
8557
8563
msgid "sudo restart nmbd"
8558
8564
msgstr "sudo restart nmbd"
8559
8565
8560
#: serverguide/C/windows-networking.xml:222(para)
8566
#: serverguide/C/samba.xml:222(para)
8561
8567
msgid ""
8562
8568
"Once again, the above configuration gives all access to any client on the "
8563
8569
"local network. For a more secure configuration see <xref linkend=\"samba-"
8567
8573
"jaringan lokal. Untuk pengaturan yang lebih aman lihat <xref linkend=\"samba-"
8568
8574
"fileprint-security\"/>."
8569
8575
8570
#: serverguide/C/windows-networking.xml:228(para)
8576
#: serverguide/C/samba.xml:228(para)
8571
8577
msgid ""
8572
8578
"From a Windows client you should now be able to browse to the Ubuntu file "
8573
8579
"server and see the shared directory. If your client doesn't show your share "
8581
8587
"berdasarkan alamat IP-nya (misal 192.168.1.1) pada jendela Windows Explorer. "
8582
8588
"Untuk memeriksa bahwa semuanya berjalan coba buat direktori dari Windows."
8583
8589
8584
#: serverguide/C/windows-networking.xml:232(para)
8590
#: serverguide/C/samba.xml:232(para)
8585
8591
msgid ""
8586
8592
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8587
8593
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8589
8595
"share actually exists and the permissions are correct."
8590
8596
msgstr ""
8591
8597
8592
#: serverguide/C/windows-networking.xml:239(para)
8598
#: serverguide/C/samba.xml:239(para)
8593
8599
msgid ""
8594
8600
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8595
8601
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8599
8605
"<filename>/srv/samba/qa</filename>."
8600
8606
msgstr ""
8601
8607
8602
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8608
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8603
8609
msgid ""
8604
8610
"For in depth Samba configurations see the <ulink "
8605
8611
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8609
8615
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8610
8616
"Collection</ulink>"
8611
8617
8612
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8618
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8613
8619
msgid ""
8614
8620
"The guide is also available in <ulink "
8615
8621
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8619
8625
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8620
8626
"format</ulink>."
8621
8627
8622
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8628
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8623
8629
msgid ""
8624
8630
"O'Reilly's <ulink "
8625
8631
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8629
8635
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> "
8630
8636
"adalah panduan lain yang baik"
8631
8637
8632
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8638
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8633
8639
msgid ""
8634
8640
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8635
8641
"</ulink> page."
8637
8643
"Halaman <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki "
8638
8644
"Samba </ulink>"
8639
8645
8640
#: serverguide/C/network-config.xml:908(para)
8646
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8641
8647
msgid "Print Server"
8642
8648
msgstr "Print Server"
8643
8649
8644
#: serverguide/C/windows-networking.xml:281(para)
8650
#: serverguide/C/samba.xml:281(para)
8645
8651
msgid ""
8646
8652
"Another common use of Samba is to configure it to share printers installed, "
8647
8653
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8656
8662
"semua klien di jaringan lokal untuk menggunakan printer secara bersama yang "
8657
8663
"telah terpasang tanpa meminta username dan password lagi."
8658
8664
8659
#: serverguide/C/windows-networking.xml:287(para)
8665
#: serverguide/C/samba.xml:287(para)
8660
8666
msgid ""
8661
8667
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8662
8668
"security\"/>."
8664
8670
"Untuk pengaturan lebih aman lihat <xref linkend=\"samba-fileprint-"
8665
8671
"security\"/>."
8666
8672
8667
#: serverguide/C/windows-networking.xml:294(para)
8673
#: serverguide/C/samba.xml:294(para)
8668
8674
msgid ""
8669
8675
"Before installing and configuring Samba it is best to already have a working "
8670
8676
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8674
8680
"<application>CUPS</application>. Lihat <xref linkend=\"cups\"/> untuk lebih "
8675
8681
"detil."
8676
8682
8677
#: serverguide/C/windows-networking.xml:299(para)
8683
#: serverguide/C/samba.xml:299(para)
8678
8684
msgid ""
8679
8685
"To install the <application>samba</application> package, from a terminal "
8680
8686
"enter:"
8681
8687
msgstr "Untuk memasang paket samba, dari terminal masukan:"
8682
8688
8683
#: serverguide/C/windows-networking.xml:310(para)
8689
#: serverguide/C/samba.xml:310(para)
8684
8690
msgid ""
8685
8691
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8686
8692
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8688
8694
"role=\"italic\">user</emphasis>:"
8689
8695
msgstr ""
8690
8696
8691
#: serverguide/C/windows-networking.xml:322(para)
8697
#: serverguide/C/samba.xml:322(para)
8692
8698
msgid ""
8693
8699
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8694
8700
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8695
8701
msgstr ""
8696
8702
8697
#: serverguide/C/windows-networking.xml:326(programlisting)
8703
#: serverguide/C/samba.xml:326(programlisting)
8698
8704
#, no-wrap
8699
8705
msgid ""
8700
8706
"\n"
8705
8711
" browsable = yes\n"
8706
8712
" guest ok = yes\n"
8707
8713
8708
#: serverguide/C/windows-networking.xml:331(para)
8714
#: serverguide/C/samba.xml:331(para)
8709
8715
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8710
8716
msgstr "Setelah menyunting <filename>smb.conf</filename> restart Samba:"
8711
8717
8712
#: serverguide/C/windows-networking.xml:340(para)
8718
#: serverguide/C/samba.xml:340(para)
8713
8719
msgid ""
8714
8720
"The default Samba configuration will automatically share any printers "
8715
8721
"installed. Simply install the printer locally on your Windows clients."
8718
8724
"yang dipasang. Anda cukup menginstal printer secara lokal pada klien "
8719
8725
"Windows."
8720
8726
8721
#: serverguide/C/windows-networking.xml:369(para)
8727
#: serverguide/C/samba.xml:369(para)
8722
8728
msgid ""
8723
8729
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8724
8730
"more information on configuring CUPS."
8730
8736
msgid "Securing File and Print Server"
8731
8737
msgstr ""
8732
8738
8733
#: serverguide/C/windows-networking.xml:386(title)
8739
#: serverguide/C/samba.xml:386(title)
8734
8740
msgid "Samba Security Modes"
8735
8741
msgstr "Mode Keamanan Samba"
8736
8742
8737
#: serverguide/C/windows-networking.xml:388(para)
8743
#: serverguide/C/samba.xml:388(para)
8738
8744
msgid ""
8739
8745
"There are two security levels available to the Common Internet Filesystem "
8740
8746
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8743
8749
"security and one way to implement share-level:"
8744
8750
msgstr ""
8745
8751
8746
#: serverguide/C/windows-networking.xml:397(para)
8752
#: serverguide/C/samba.xml:397(para)
8747
8753
msgid ""
8748
8754
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8749
8755
"and password to connect to shares. Samba user accounts are separate from "
8751
8757
"will sync system users and passwords with the Samba user database."
8752
8758
msgstr ""
8753
8759
8754
#: serverguide/C/windows-networking.xml:404(para)
8760
#: serverguide/C/samba.xml:404(para)
8755
8761
msgid ""
8756
8762
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8757
8763
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8759
8765
"linkend=\"samba-dc\"/> for further information."
8760
8766
msgstr ""
8761
8767
8762
#: serverguide/C/windows-networking.xml:411(para)
8768
#: serverguide/C/samba.xml:411(para)
8763
8769
msgid ""
8764
8770
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8765
8771
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8766
8772
"integration\"/> for details."
8767
8773
msgstr ""
8768
8774
8769
#: serverguide/C/windows-networking.xml:417(para)
8775
#: serverguide/C/samba.xml:417(para)
8770
8776
msgid ""
8771
8777
"<emphasis>security = server:</emphasis> this mode is left over from before "
8772
8778
"Samba could become a member server, and due to some security issues should "
8775
8781
"of the Samba guide for more details."
8776
8782
msgstr ""
8777
8783
8778
#: serverguide/C/windows-networking.xml:425(para)
8784
#: serverguide/C/samba.xml:425(para)
8779
8785
msgid ""
8780
8786
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8781
8787
"without supplying a username and password."
8782
8788
msgstr ""
8783
8789
8784
#: serverguide/C/windows-networking.xml:432(para)
8790
#: serverguide/C/samba.xml:432(para)
8785
8791
msgid ""
8786
8792
"The security mode you choose will depend on your environment and what you "
8787
8793
"need the Samba server to accomplish."
8789
8795
"Modus keamanan yang anda pilih akan tergantung pada lingkungan dan "
8790
8796
"konfgurasi anda pada server Samba."
8791
8797
8792
#: serverguide/C/windows-networking.xml:438(title)
8798
#: serverguide/C/samba.xml:438(title)
8793
8799
msgid "Security = User"
8794
8800
msgstr "Security = User"
8795
8801
8796
#: serverguide/C/windows-networking.xml:440(para)
8802
#: serverguide/C/samba.xml:440(para)
8797
8803
msgid ""
8798
8804
"This section will reconfigure the Samba file and print server, from <xref "
8799
8805
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8803
8809
"<xref linkend=\"samba-fileserver\"/> dan <xref linkend=\"samba-"
8804
8810
"printserver\"/>, membutuhkan otentikasi."
8805
8811
8806
#: serverguide/C/windows-networking.xml:445(para)
8812
#: serverguide/C/samba.xml:445(para)
8807
8813
msgid ""
8808
8814
"First, install the <application>libpam-smbpass</application> package which "
8809
8815
"will sync the system users to the Samba user database:"
8811
8817
"Pertama, instal paket <application>libpam-smbpass</application> yang akan "
8812
8818
"melakukan sinkronisasi antara pengguna sistem dengan database Samba:"
8813
8819
8814
#: serverguide/C/windows-networking.xml:451(command)
8820
#: serverguide/C/samba.xml:451(command)
8815
8821
msgid "sudo apt-get install libpam-smbpass"
8816
8822
msgstr "sudo apt-get install libpam-smbpass"
8817
8823
8818
#: serverguide/C/windows-networking.xml:455(para)
8824
#: serverguide/C/samba.xml:455(para)
8819
8825
msgid ""
8820
8826
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8821
8827
"<application>libpam-smbpass</application> is already installed."
8822
8828
msgstr ""
8823
8829
8824
#: serverguide/C/windows-networking.xml:461(para)
8830
#: serverguide/C/samba.xml:461(para)
8825
8831
msgid ""
8826
8832
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8827
8833
"<emphasis>[share]</emphasis> section change:"
8828
8834
msgstr ""
8829
8835
8830
#: serverguide/C/windows-networking.xml:465(programlisting)
8836
#: serverguide/C/samba.xml:465(programlisting)
8831
8837
#, no-wrap
8832
8838
msgid ""
8833
8839
"\n"
8836
8842
"\n"
8837
8843
" guest ok = no\n"
8838
8844
8839
#: serverguide/C/windows-networking.xml:469(para)
8845
#: serverguide/C/samba.xml:469(para)
8840
8846
msgid "Finally, restart Samba for the new settings to take effect:"
8841
8847
msgstr ""
8842
8848
"Terakhir, restart Samba untuk melihan perubahan pada pengaturan yang baru."
8843
8849
8844
#: serverguide/C/windows-networking.xml:478(para)
8850
#: serverguide/C/samba.xml:478(para)
8845
8851
msgid ""
8846
8852
"Now when connecting to the shared directories or printers you should be "
8847
8853
"prompted for a username and password."
8849
8855
"Sekarang saat menghubungkan ke direktori-bersama atau printer, anda akan "
8850
8856
"ditanyai username dan password."
8851
8857
8852
#: serverguide/C/windows-networking.xml:483(para)
8858
#: serverguide/C/samba.xml:483(para)
8853
8859
msgid ""
8854
8860
"If you choose to map a network drive to the share you can check the "
8855
8861
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8860
8866
"anda untuk hanya memasukkan username dan password sekali saja, sampai ada "
8861
8867
"perubahan password yang baru."
8862
8868
8863
#: serverguide/C/windows-networking.xml:491(title)
8869
#: serverguide/C/samba.xml:491(title)
8864
8870
msgid "Share Security"
8865
8871
msgstr "Keamanan Berbagi"
8866
8872
8867
#: serverguide/C/windows-networking.xml:493(para)
8873
#: serverguide/C/samba.xml:493(para)
8868
8874
msgid ""
8869
8875
"There are several options available to increase the security for each "
8870
8876
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8874
8880
"direktori bersama. Menggunakan contoh <emphasis>[share]</emphasis>, bagian "
8875
8881
"ini akan membahas beberapa pilihan umum."
8876
8882
8877
#: serverguide/C/windows-networking.xml:499(title)
8883
#: serverguide/C/samba.xml:499(title)
8878
8884
msgid "Groups"
8879
8885
msgstr "Grup"
8880
8886
8881
#: serverguide/C/windows-networking.xml:501(para)
8887
#: serverguide/C/samba.xml:501(para)
8882
8888
msgid ""
8883
8889
"Groups define a collection of computers or users which have a common level "
8884
8890
"of access to particular network resources and offer a level of granularity "
8920
8926
"memiliki akses ke sumberdaya yang secara eksplisit mengizinkan grup dimana "
8921
8927
"mereka menjadi bagian."
8922
8928
8923
#: serverguide/C/windows-networking.xml:515(para)
8929
#: serverguide/C/samba.xml:515(para)
8924
8930
msgid ""
8925
8931
"By default Samba looks for the local system groups defined in "
8926
8932
"<filename>/etc/group</filename> to determine which users belong to which "
8933
8939
"menghapus pengguna dari kelompok lihat <xref linkend=\"adding-deleting-"
8934
8940
"users\"/>."
8935
8941
8936
#: serverguide/C/windows-networking.xml:521(para)
8942
#: serverguide/C/samba.xml:521(para)
8937
8943
msgid ""
8938
8944
"When defining groups in the Samba configuration file, "
8939
8945
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8944
8950
"role=\"bold\">@sysadmin</emphasis>."
8945
8951
msgstr ""
8946
8952
8947
#: serverguide/C/windows-networking.xml:530(title)
8953
#: serverguide/C/samba.xml:530(title)
8948
8954
msgid "File Permissions"
8949
8955
msgstr "Pengijinan Data"
8950
8956
8951
#: serverguide/C/windows-networking.xml:532(para)
8957
#: serverguide/C/samba.xml:532(para)
8952
8958
msgid ""
8953
8959
"File Permissions define the explicit rights a computer or user has to a "
8954
8960
"particular directory, file, or set of files. Such permissions may be defined "
8960
8966
"didefinisikan dengan mengedit file <filename>/etc/samba/smb.conf</filename> "
8961
8967
"dan menentukan izin eksplisit dari berbagi-file tersebut."
8962
8968
8963
#: serverguide/C/windows-networking.xml:538(para)
8969
#: serverguide/C/samba.xml:538(para)
8964
8970
msgid ""
8965
8971
"For example, if you have defined a Samba share called "
8966
8972
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8972
8978
"under the <emphasis>[share]</emphasis> entry:"
8973
8979
msgstr ""
8974
8980
8975
#: serverguide/C/windows-networking.xml:547(programlisting)
8981
#: serverguide/C/samba.xml:547(programlisting)
8976
8982
#, no-wrap
8977
8983
msgid ""
8978
8984
"\n"
8983
8989
" read list = @qa\n"
8984
8990
" write list = @sysadmin, vincent\n"
8985
8991
8986
#: serverguide/C/windows-networking.xml:552(para)
8992
#: serverguide/C/samba.xml:552(para)
8987
8993
msgid ""
8988
8994
"Another possible Samba permission is to declare "
8989
8995
"<emphasis>administrative</emphasis> permissions to a particular shared "
8992
8998
"administrative permissions to."
8993
8999
msgstr ""
8994
9000
8995
#: serverguide/C/windows-networking.xml:558(para)
9001
#: serverguide/C/samba.xml:558(para)
8996
9002
msgid ""
8997
9003
"For example, if you wanted to give the user <emphasis "
8998
9004
"role=\"italic\">melissa</emphasis> administrative permissions to the "
9001
9007
"under the <emphasis>[share]</emphasis> entry:"
9002
9008
msgstr ""
9003
9009
9004
#: serverguide/C/windows-networking.xml:565(programlisting)
9010
#: serverguide/C/samba.xml:565(programlisting)
9005
9011
#, no-wrap
9006
9012
msgid ""
9007
9013
"\n"
9010
9016
"\n"
9011
9017
" admin users = melissa\n"
9012
9018
9013
#: serverguide/C/windows-networking.xml:569(para)
9019
#: serverguide/C/samba.xml:569(para)
9014
9020
msgid ""
9015
9021
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
9016
9022
"the changes to take effect:"
9018
9024
"Setelah mengedit <filename>/etc/samba/smb.conf</filename>, restart Samba "
9019
9025
"untuk melihat perubahannya."
9020
9026
9021
#: serverguide/C/windows-networking.xml:579(para)
9027
#: serverguide/C/samba.xml:579(para)
9022
9028
msgid ""
9023
9029
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
9024
9030
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
9025
9031
"<emphasis role=\"italic\">security = share</emphasis>"
9026
9032
msgstr ""
9027
9033
9028
#: serverguide/C/windows-networking.xml:585(para)
9034
#: serverguide/C/samba.xml:585(para)
9029
9035
msgid ""
9030
9036
"Now that Samba has been configured to limit which groups have access to the "
9031
9037
"shared directory, the filesystem permissions need to be updated."
9032
9038
msgstr ""
9033
9039
9034
#: serverguide/C/windows-networking.xml:590(para)
9040
#: serverguide/C/samba.xml:590(para)
9035
9041
msgid ""
9036
9042
"Traditional Linux file permissions do not map well to Windows NT Access "
9037
9043
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
9040
9046
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
9041
9047
msgstr ""
9042
9048
9043
#: serverguide/C/windows-networking.xml:597(programlisting)
9049
#: serverguide/C/samba.xml:597(programlisting)
9044
9050
#, no-wrap
9045
9051
msgid ""
9046
9052
"\n"
9051
9057
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0 "
9052
9058
"1\n"
9053
9059
9054
#: serverguide/C/windows-networking.xml:601(para)
9060
#: serverguide/C/samba.xml:601(para)
9055
9061
msgid "Then remount the partition:"
9056
9062
msgstr ""
9057
9063
9058
#: serverguide/C/windows-networking.xml:606(command)
9064
#: serverguide/C/samba.xml:606(command)
9059
9065
msgid "sudo mount -v -o remount /srv"
9060
9066
msgstr "sudo mount -v -o remount /srv"
9061
9067
9062
#: serverguide/C/windows-networking.xml:610(para)
9068
#: serverguide/C/samba.xml:610(para)
9063
9069
msgid ""
9064
9070
"The above example assumes <filename>/srv</filename> on a separate partition. "
9065
9071
"If <filename>/srv</filename>, or wherever you have configured your share "
9067
9073
"required."
9068
9074
msgstr ""
9069
9075
9070
#: serverguide/C/windows-networking.xml:617(para)
9076
#: serverguide/C/samba.xml:617(para)
9071
9077
msgid ""
9072
9078
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
9073
9079
"group will be given read, write, and execute permissions to "
9076
9082
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
9077
9083
msgstr ""
9078
9084
9079
#: serverguide/C/windows-networking.xml:625(command)
9085
#: serverguide/C/samba.xml:625(command)
9080
9086
msgid "sudo chown -R melissa /srv/samba/share/"
9081
9087
msgstr "sudo chown -R melissa /srv/samba/share/"
9082
9088
9083
#: serverguide/C/windows-networking.xml:626(command)
9089
#: serverguide/C/samba.xml:626(command)
9084
9090
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
9085
9091
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
9086
9092
9087
#: serverguide/C/windows-networking.xml:627(command)
9093
#: serverguide/C/samba.xml:627(command)
9088
9094
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
9089
9095
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
9090
9096
9091
#: serverguide/C/windows-networking.xml:631(para)
9097
#: serverguide/C/samba.xml:631(para)
9092
9098
msgid ""
9093
9099
"The <application>setfacl</application> command above gives "
9094
9100
"<emphasis>execute</emphasis> permissions to all files in the "
9096
9102
"want."
9097
9103
msgstr ""
9098
9104
9099
#: serverguide/C/windows-networking.xml:637(para)
9105
#: serverguide/C/samba.xml:637(para)
9100
9106
msgid ""
9101
9107
"Now from a Windows client you should notice the new file permissions are "
9102
9108
"implemented. See the <application>acl</application> and "
9104
9110
"ACLs."
9105
9111
msgstr ""
9106
9112
9107
#: serverguide/C/windows-networking.xml:645(title)
9113
#: serverguide/C/samba.xml:645(title)
9108
9114
msgid "Samba AppArmor Profile"
9109
9115
msgstr "Profil Samba AppArmor"
9110
9116
9111
#: serverguide/C/windows-networking.xml:647(para)
9117
#: serverguide/C/samba.xml:647(para)
9112
9118
msgid ""
9113
9119
"Ubuntu comes with the <application>AppArmor</application> security module, "
9114
9120
"which provides mandatory access controls. The default AppArmor profile for "
9116
9122
"using AppArmor see <xref linkend=\"apparmor\"/>."
9117
9123
msgstr ""
9118
9124
9119
#: serverguide/C/windows-networking.xml:653(para)
9125
#: serverguide/C/samba.xml:653(para)
9120
9126
msgid ""
9121
9127
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
9122
9128
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
9124
9130
"package, from a terminal prompt enter:"
9125
9131
msgstr ""
9126
9132
9127
#: serverguide/C/windows-networking.xml:660(command)
9133
#: serverguide/C/samba.xml:660(command)
9128
9134
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
9129
9135
msgstr "sudo apt-get install apparmor-profiles apparmor-utils"
9130
9136
9131
#: serverguide/C/windows-networking.xml:664(para)
9137
#: serverguide/C/samba.xml:664(para)
9132
9138
msgid "This package contains profiles for several other binaries."
9133
9139
msgstr "Paket ini berisi profil untuk biner lainnya."
9134
9140
9135
#: serverguide/C/windows-networking.xml:669(para)
9141
#: serverguide/C/samba.xml:669(para)
9136
9142
msgid ""
9137
9143
"By default the profiles for <application>smbd</application> and "
9138
9144
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
9142
9148
"profile will need to be modified to reflect any directories that are shared."
9143
9149
msgstr ""
9144
9150
9145
#: serverguide/C/windows-networking.xml:676(para)
9151
#: serverguide/C/samba.xml:676(para)
9146
9152
msgid ""
9147
9153
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
9148
9154
"for <emphasis>[share]</emphasis> from the file server example:"
9150
9156
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> tambah informasi "
9151
9157
"pada <emphasis>[share]</emphasis> dari contoh file server:"
9152
9158
9153
#: serverguide/C/windows-networking.xml:681(programlisting)
9159
#: serverguide/C/samba.xml:681(programlisting)
9154
9160
#, no-wrap
9155
9161
msgid ""
9156
9162
"\n"
9161
9167
" /srv/samba/share/ r,\n"
9162
9168
" /srv/samba/share/** rwkix,\n"
9163
9169
9164
#: serverguide/C/windows-networking.xml:686(para)
9170
#: serverguide/C/samba.xml:686(para)
9165
9171
msgid ""
9166
9172
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
9167
9173
msgstr ""
9168
9174
9169
#: serverguide/C/windows-networking.xml:691(command)
9175
#: serverguide/C/samba.xml:691(command)
9170
9176
msgid "sudo aa-enforce /usr/sbin/smbd"
9171
9177
msgstr "sudo aa-enforce /usr/sbin/smbd"
9172
9178
9173
#: serverguide/C/windows-networking.xml:692(command)
9179
#: serverguide/C/samba.xml:692(command)
9174
9180
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
9175
9181
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
9176
9182
9177
#: serverguide/C/windows-networking.xml:695(para)
9183
#: serverguide/C/samba.xml:695(para)
9178
9184
msgid ""
9179
9185
"You should now be able to read, write, and execute files in the shared "
9180
9186
"directory as normal, and the <application>smbd</application> binary will "
9183
9189
"will be logged to <filename>/var/log/syslog</filename>."
9184
9190
msgstr ""
9185
9191
9186
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
9192
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
9187
9193
msgid ""
9188
9194
"O'Reilly's <ulink "
9189
9195
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
9190
9196
"also a good reference."
9191
9197
msgstr ""
9192
9198
9193
#: serverguide/C/windows-networking.xml:726(para)
9199
#: serverguide/C/samba.xml:726(para)
9194
9200
msgid ""
9195
9201
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
9196
9202
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
9200
9206
"samba.html\">Bab 18</ulink> dari Samba HOWTO Collection yang dikhususkan "
9201
9207
"untuk keamanan."
9202
9208
9203
#: serverguide/C/windows-networking.xml:732(para)
9209
#: serverguide/C/samba.xml:732(para)
9204
9210
msgid ""
9205
9211
"For more information on Samba and ACLs see the <ulink "
9206
9212
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9214
9220
msgid "As a Domain Controller"
9215
9221
msgstr ""
9216
9222
9217
#: serverguide/C/windows-networking.xml:750(para)
9223
#: serverguide/C/samba.xml:750(para)
9218
9224
msgid ""
9219
9225
"Although it cannot act as an Active Directory Primary Domain Controller "
9220
9226
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
9223
9229
"backends to store the user information."
9224
9230
msgstr ""
9225
9231
9226
#: serverguide/C/windows-networking.xml:757(title)
9232
#: serverguide/C/samba.xml:757(title)
9227
9233
msgid "Primary Domain Controller"
9228
9234
msgstr "Pengatur Domain Utama"
9229
9235
9230
#: serverguide/C/windows-networking.xml:759(para)
9236
#: serverguide/C/samba.xml:759(para)
9231
9237
msgid ""
9232
9238
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
9233
9239
"using the default smbpasswd backend."
9234
9240
msgstr ""
9235
9241
9236
#: serverguide/C/windows-networking.xml:766(para)
9242
#: serverguide/C/samba.xml:766(para)
9237
9243
msgid ""
9238
9244
"First, install Samba, and <application>libpam-smbpass</application> to sync "
9239
9245
"the user accounts, by entering the following in a terminal prompt:"
9242
9248
"melakukan sinkronisasi account pengguna dengan memasukkan perintah berikut "
9243
9249
"di terminal:"
9244
9250
9245
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
9251
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
9246
9252
msgid "sudo apt-get install samba libpam-smbpass"
9247
9253
msgstr "sudo apt-get install samba libpam-smbpass"
9248
9254
9249
#: serverguide/C/windows-networking.xml:778(para)
9255
#: serverguide/C/samba.xml:778(para)
9250
9256
msgid ""
9251
9257
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
9252
9258
"The <emphasis>security</emphasis> mode should be set to <emphasis "
9254
9260
"should relate to your organization:"
9255
9261
msgstr ""
9256
9262
9257
#: serverguide/C/windows-networking.xml:793(para)
9263
#: serverguide/C/samba.xml:793(para)
9258
9264
msgid ""
9259
9265
"In the commented <quote>Domains</quote> section add or uncomment the "
9260
9266
"following (the last line has been split to fit the format of this document):"
9261
9267
msgstr ""
9262
9268
9263
#: serverguide/C/windows-networking.xml:797(programlisting)
9269
#: serverguide/C/samba.xml:797(programlisting)
9264
9270
#, no-wrap
9265
9271
msgid ""
9266
9272
"\n"
9282
9288
"d\n"
9283
9289
" /var/lib/samba -s /bin/false %u\n"
9284
9290
9285
#: serverguide/C/windows-networking.xml:808(para)
9291
#: serverguide/C/samba.xml:808(para)
9286
9292
msgid ""
9287
9293
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
9288
9294
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
9289
9295
"commented."
9290
9296
msgstr ""
9291
9297
9292
#: serverguide/C/windows-networking.xml:816(para)
9298
#: serverguide/C/samba.xml:816(para)
9293
9299
msgid ""
9294
9300
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
9295
9301
"Samba to act as a domain controller."
9296
9302
msgstr ""
9297
9303
9298
#: serverguide/C/windows-networking.xml:821(para)
9304
#: serverguide/C/samba.xml:821(para)
9299
9305
msgid ""
9300
9306
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9301
9307
"their home directory. It is also possible to configure a "
9303
9309
"directory."
9304
9310
msgstr ""
9305
9311
9306
#: serverguide/C/windows-networking.xml:827(para)
9312
#: serverguide/C/samba.xml:827(para)
9307
9313
msgid ""
9308
9314
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9309
9315
msgstr ""
9310
9316
9311
#: serverguide/C/windows-networking.xml:832(para)
9317
#: serverguide/C/samba.xml:832(para)
9312
9318
msgid ""
9313
9319
"<emphasis>logon home:</emphasis> specifies the home directory location."
9314
9320
msgstr ""
9315
9321
9316
#: serverguide/C/windows-networking.xml:837(para)
9322
#: serverguide/C/samba.xml:837(para)
9317
9323
msgid ""
9318
9324
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9319
9325
"once a user has logged in. The script needs to be placed in the "
9320
9326
"<emphasis>[netlogon]</emphasis> share."
9321
9327
msgstr ""
9322
9328
9323
#: serverguide/C/windows-networking.xml:843(para)
9329
#: serverguide/C/samba.xml:843(para)
9324
9330
msgid ""
9325
9331
"<emphasis>add machine script:</emphasis> a script that will automatically "
9326
9332
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9327
9333
"workstation to join the domain."
9328
9334
msgstr ""
9329
9335
9330
#: serverguide/C/windows-networking.xml:847(para)
9336
#: serverguide/C/samba.xml:847(para)
9331
9337
msgid ""
9332
9338
"In this example the <emphasis>machines</emphasis> group will need to be "
9333
9339
"created using the <application>addgroup</application> utility see <xref "
9334
9340
"linkend=\"adding-deleting-users\"/> for details."
9335
9341
msgstr ""
9336
9342
9337
#: serverguide/C/windows-networking.xml:858(para)
9343
#: serverguide/C/samba.xml:858(para)
9338
9344
msgid ""
9339
9345
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9340
9346
"role=\"italic\">logon home</emphasis> to be mapped:"
9341
9347
msgstr ""
9342
9348
9343
#: serverguide/C/windows-networking.xml:863(programlisting)
9349
#: serverguide/C/samba.xml:863(programlisting)
9344
9350
#, no-wrap
9345
9351
msgid ""
9346
9352
"\n"
9361
9367
" directory mask = 0700\n"
9362
9368
" valid users = %S\n"
9363
9369
9364
#: serverguide/C/windows-networking.xml:876(para)
9370
#: serverguide/C/samba.xml:876(para)
9365
9371
msgid ""
9366
9372
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9367
9373
"share needs to be configured. To enable the share, uncomment:"
9368
9374
msgstr ""
9369
9375
9370
#: serverguide/C/windows-networking.xml:881(programlisting)
9376
#: serverguide/C/samba.xml:881(programlisting)
9371
9377
#, no-wrap
9372
9378
msgid ""
9373
9379
"\n"
9386
9392
" read only = yes\n"
9387
9393
" share modes = no\n"
9388
9394
9389
#: serverguide/C/windows-networking.xml:891(para)
9395
#: serverguide/C/samba.xml:891(para)
9390
9396
msgid ""
9391
9397
"The original <emphasis>netlogon</emphasis> share path is "
9392
9398
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9395
9401
"location for site-specific data provided by the system."
9396
9402
msgstr ""
9397
9403
9398
#: serverguide/C/windows-networking.xml:902(para)
9404
#: serverguide/C/samba.xml:902(para)
9399
9405
msgid ""
9400
9406
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9401
9407
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9402
9408
msgstr ""
9403
9409
9404
#: serverguide/C/windows-networking.xml:908(command)
9410
#: serverguide/C/samba.xml:908(command)
9405
9411
msgid "sudo mkdir -p /srv/samba/netlogon"
9406
9412
msgstr "Copy text \t sudo mkdir -p /srv/samba/netlogon"
9407
9413
9408
#: serverguide/C/windows-networking.xml:909(command)
9414
#: serverguide/C/samba.xml:909(command)
9409
9415
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9410
9416
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9411
9417
9412
#: serverguide/C/windows-networking.xml:912(para)
9418
#: serverguide/C/samba.xml:912(para)
9413
9419
msgid ""
9414
9420
"You can enter any normal Windows logon script commands in "
9415
9421
"<filename>logon.cmd</filename> to customize the client's environment."
9416
9422
msgstr ""
9417
9423
9418
#: serverguide/C/windows-networking.xml:920(para)
9424
#: serverguide/C/samba.xml:920(para)
9419
9425
msgid "Restart Samba to enable the new domain controller:"
9420
9426
msgstr ""
9421
9427
9422
#: serverguide/C/windows-networking.xml:932(para)
9428
#: serverguide/C/samba.xml:932(para)
9423
9429
msgid ""
9424
9430
"Lastly, there are a few additional commands needed to setup the appropriate "
9425
9431
"rights."
9426
9432
msgstr ""
9427
9433
9428
#: serverguide/C/windows-networking.xml:936(para)
9434
#: serverguide/C/samba.xml:936(para)
9429
9435
msgid ""
9430
9436
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9431
9437
"workstation to the domain, a system group needs to be mapped to the Windows "
9433
9439
"<application>net</application> utility, from a terminal enter:"
9434
9440
msgstr ""
9435
9441
9436
#: serverguide/C/windows-networking.xml:943(command)
9442
#: serverguide/C/samba.xml:943(command)
9437
9443
msgid ""
9438
9444
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9439
9445
"type=d"
9441
9447
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9442
9448
"type=d"
9443
9449
9444
#: serverguide/C/windows-networking.xml:947(para)
9450
#: serverguide/C/samba.xml:947(para)
9445
9451
msgid ""
9446
9452
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9447
9453
"prefer. Also, the user used to join the domain needs to be a member of the "
9450
9456
"allows <application>sudo</application> use."
9451
9457
msgstr ""
9452
9458
9453
#: serverguide/C/windows-networking.xml:953(para)
9459
#: serverguide/C/samba.xml:953(para)
9454
9460
msgid ""
9455
9461
"If the user does not have Samba credentials yet, you can add them with the "
9456
9462
"<application>smbpasswd</application> utility, change the "
9459
9465
"</screen>"
9460
9466
msgstr ""
9461
9467
9462
#: serverguide/C/windows-networking.xml:963(para)
9468
#: serverguide/C/samba.xml:963(para)
9463
9469
msgid ""
9464
9470
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9465
9471
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9466
9472
"(and other admin functions) to work. This is achieved by executing:"
9467
9473
msgstr ""
9468
9474
9469
#: serverguide/C/windows-networking.xml:968(command)
9475
#: serverguide/C/samba.xml:968(command)
9470
9476
msgid ""
9471
9477
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9472
9478
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9473
9479
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9474
9480
msgstr ""
9475
9481
9476
#: serverguide/C/windows-networking.xml:976(para)
9482
#: serverguide/C/samba.xml:976(para)
9477
9483
msgid ""
9478
9484
"You should now be able to join Windows clients to the Domain in the same "
9479
9485
"manner as joining them to an NT4 domain running on a Windows server."
9480
9486
msgstr ""
9481
9487
9482
#: serverguide/C/windows-networking.xml:986(title)
9488
#: serverguide/C/samba.xml:986(title)
9483
9489
msgid "Backup Domain Controller"
9484
9490
msgstr ""
9485
9491
9486
#: serverguide/C/windows-networking.xml:988(para)
9492
#: serverguide/C/samba.xml:988(para)
9487
9493
msgid ""
9488
9494
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9489
9495
"Backup Domain Controller (BDC) as well. This will allow clients to "
9490
9496
"authenticate in case the PDC becomes unavailable."
9491
9497
msgstr ""
9492
9498
9493
#: serverguide/C/windows-networking.xml:993(para)
9499
#: serverguide/C/samba.xml:993(para)
9494
9500
msgid ""
9495
9501
"When configuring Samba as a BDC you need a way to sync account information "
9496
9502
"with the PDC. There are multiple ways of accomplishing this "
9499
9505
"backend</emphasis>."
9500
9506
msgstr ""
9501
9507
9502
#: serverguide/C/windows-networking.xml:999(para)
9508
#: serverguide/C/samba.xml:999(para)
9503
9509
msgid ""
9504
9510
"Using LDAP is the most robust way to sync account information, because both "
9505
9511
"domain controllers can use the same information in real time. However, "
9507
9513
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9508
9514
msgstr ""
9509
9515
9510
#: serverguide/C/windows-networking.xml:1008(para)
9516
#: serverguide/C/samba.xml:1008(para)
9511
9517
msgid ""
9512
9518
"First, install <application>samba</application> and <application>libpam-"
9513
9519
"smbpass</application>. From a terminal enter:"
9514
9520
msgstr ""
9515
9521
9516
#: serverguide/C/windows-networking.xml:1019(para)
9522
#: serverguide/C/samba.xml:1019(para)
9517
9523
msgid ""
9518
9524
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9519
9525
"following in the <emphasis>[global]</emphasis>:"
9520
9526
msgstr ""
9521
9527
9522
#: serverguide/C/windows-networking.xml:1032(para)
9528
#: serverguide/C/samba.xml:1032(para)
9523
9529
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9524
9530
msgstr ""
9525
9531
9526
#: serverguide/C/windows-networking.xml:1036(programlisting)
9532
#: serverguide/C/samba.xml:1036(programlisting)
9527
9533
#, no-wrap
9528
9534
msgid ""
9529
9535
"\n"
9531
9537
" domain master = no\n"
9532
9538
msgstr ""
9533
9539
9534
#: serverguide/C/windows-networking.xml:1044(para)
9540
#: serverguide/C/samba.xml:1044(para)
9535
9541
msgid ""
9536
9542
"Make sure a user has rights to read the files in "
9537
9543
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9539
9545
"files, enter:"
9540
9546
msgstr ""
9541
9547
9542
#: serverguide/C/windows-networking.xml:1050(command)
9548
#: serverguide/C/samba.xml:1050(command)
9543
9549
msgid "sudo chgrp -R admin /var/lib/samba"
9544
9550
msgstr "sudo chgrp -R admin /var/lib/samba"
9545
9551
9546
#: serverguide/C/windows-networking.xml:1056(para)
9552
#: serverguide/C/samba.xml:1056(para)
9547
9553
msgid ""
9548
9554
"Next, sync the user accounts, using <application>scp</application> to copy "
9549
9555
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9550
9556
msgstr ""
9551
9557
9552
#: serverguide/C/windows-networking.xml:1062(command)
9558
#: serverguide/C/samba.xml:1062(command)
9553
9559
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9554
9560
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9555
9561
9556
#: serverguide/C/windows-networking.xml:1066(para)
9562
#: serverguide/C/samba.xml:1066(para)
9557
9563
msgid ""
9558
9564
"Replace <emphasis>username</emphasis> with a valid username and "
9559
9565
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9560
9566
msgstr ""
9561
9567
9562
#: serverguide/C/windows-networking.xml:1075(para)
9568
#: serverguide/C/samba.xml:1075(para)
9563
9569
msgid "Finally, restart <application>samba</application>:"
9564
9570
msgstr ""
9565
9571
9566
#: serverguide/C/windows-networking.xml:1087(para)
9572
#: serverguide/C/samba.xml:1087(para)
9567
9573
msgid ""
9568
9574
"You can test that your Backup Domain controller is working by stopping the "
9569
9575
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9570
9576
"the domain."
9571
9577
msgstr ""
9572
9578
9573
#: serverguide/C/windows-networking.xml:1092(para)
9579
#: serverguide/C/samba.xml:1092(para)
9574
9580
msgid ""
9575
9581
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9576
9582
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9579
9585
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9580
9586
msgstr ""
9581
9587
9582
#: serverguide/C/windows-networking.xml:1122(para)
9588
#: serverguide/C/samba.xml:1122(para)
9583
9589
msgid ""
9584
9590
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9585
9591
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9586
9592
"up a Primary Domain Controller."
9587
9593
msgstr ""
9588
9594
9589
#: serverguide/C/windows-networking.xml:1128(para)
9595
#: serverguide/C/samba.xml:1128(para)
9590
9596
msgid ""
9591
9597
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9592
9598
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9597
9603
msgid "Active Directory Integration"
9598
9604
msgstr ""
9599
9605
9600
#: serverguide/C/windows-networking.xml:1146(title)
9606
#: serverguide/C/samba.xml:1146(title)
9601
9607
msgid "Accessing a Samba Share"
9602
9608
msgstr ""
9603
9609
9604
#: serverguide/C/windows-networking.xml:1148(para)
9610
#: serverguide/C/samba.xml:1148(para)
9605
9611
msgid ""
9606
9612
"Another, use for Samba is to integrate into an existing Windows network. "
9607
9613
"Once part of an Active Directory domain, Samba can provide file and print "
9617
9623
"Likewise Open documentation</ulink>."
9618
9624
msgstr ""
9619
9625
9620
#: serverguide/C/windows-networking.xml:1159(para)
9626
#: serverguide/C/samba.xml:1159(para)
9621
9627
msgid ""
9622
9628
"Once part of the Active Directory domain, enter the following command in the "
9623
9629
"terminal prompt:"
9624
9630
msgstr ""
9625
9631
9626
#: serverguide/C/windows-networking.xml:1164(command)
9632
#: serverguide/C/samba.xml:1164(command)
9627
9633
msgid "sudo apt-get install samba smbfs smbclient"
9628
9634
msgstr ""
9629
9635
9630
#: serverguide/C/windows-networking.xml:1167(para)
9636
#: serverguide/C/samba.xml:1167(para)
9631
9637
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9632
9638
msgstr ""
9633
9639
9634
#: serverguide/C/windows-networking.xml:1171(programlisting)
9640
#: serverguide/C/samba.xml:1171(programlisting)
9635
9641
#, no-wrap
9636
9642
msgid ""
9637
9643
"\n"
9645
9651
" idmap gid = 50-9999999999\n"
9646
9652
msgstr ""
9647
9653
9648
#: serverguide/C/windows-networking.xml:1182(para)
9654
#: serverguide/C/samba.xml:1182(para)
9649
9655
msgid ""
9650
9656
"Restart <application>samba</application> for the new settings to take effect:"
9651
9657
msgstr ""
9652
9658
9653
#: serverguide/C/windows-networking.xml:1191(para)
9659
#: serverguide/C/samba.xml:1191(para)
9654
9660
msgid ""
9655
9661
"You should now be able to access any <application>Samba</application> shares "
9656
9662
"from a Windows client. However, be sure to give the appropriate AD users or "
9658
9664
"security\"/> for more details."
9659
9665
msgstr ""
9660
9666
9661
#: serverguide/C/windows-networking.xml:1199(title)
9667
#: serverguide/C/samba.xml:1199(title)
9662
9668
msgid "Accessing a Windows Share"
9663
9669
msgstr ""
9664
9670
9665
#: serverguide/C/windows-networking.xml:1201(para)
9671
#: serverguide/C/samba.xml:1201(para)
9666
9672
msgid ""
9667
9673
"Now that the Samba server is part of the Active Directory domain you can "
9668
9674
"access any Windows server shares:"
9669
9675
msgstr ""
9670
9676
9671
#: serverguide/C/windows-networking.xml:1208(para)
9677
#: serverguide/C/samba.xml:1208(para)
9672
9678
msgid ""
9673
9679
"To mount a Windows file share enter the following in a terminal prompt:"
9674
9680
msgstr ""
9675
9681
9676
#: serverguide/C/windows-networking.xml:1212(command)
9682
#: serverguide/C/samba.xml:1212(command)
9677
9683
msgid "mount.cifs //fs01.example.com/share mount_point"
9678
9684
msgstr ""
9679
9685
9680
#: serverguide/C/windows-networking.xml:1215(para)
9686
#: serverguide/C/samba.xml:1215(para)
9681
9687
msgid ""
9682
9688
"It is also possible to access shares on computers not part of an AD domain, "
9683
9689
"but a username and password will need to be provided."
9684
9690
msgstr ""
9685
9691
9686
#: serverguide/C/windows-networking.xml:1223(para)
9692
#: serverguide/C/samba.xml:1223(para)
9687
9693
msgid ""
9688
9694
"To mount the share during boot place an entry in "
9689
9695
"<filename>/etc/fstab</filename>, for example:"
9690
9696
msgstr ""
9691
9697
9692
#: serverguide/C/windows-networking.xml:1227(programlisting)
9698
#: serverguide/C/samba.xml:1227(programlisting)
9693
9699
#, no-wrap
9694
9700
msgid ""
9695
9701
"\n"
9697
9703
"0 0\n"
9698
9704
msgstr ""
9699
9705
9700
#: serverguide/C/windows-networking.xml:1234(para)
9706
#: serverguide/C/samba.xml:1234(para)
9701
9707
msgid ""
9702
9708
"Another way to copy files from a Windows server is to use the "
9703
9709
"<application>smbclient</application> utility. To list the files in a Windows "
9704
9710
"share:"
9705
9711
msgstr ""
9706
9712
9707
#: serverguide/C/windows-networking.xml:1240(command)
9713
#: serverguide/C/samba.xml:1240(command)
9708
9714
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9709
9715
msgstr ""
9710
9716
9711
#: serverguide/C/windows-networking.xml:1246(para)
9717
#: serverguide/C/samba.xml:1246(para)
9712
9718
msgid "To copy a file from the share, enter:"
9713
9719
msgstr ""
9714
9720
9715
#: serverguide/C/windows-networking.xml:1251(command)
9721
#: serverguide/C/samba.xml:1251(command)
9716
9722
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9717
9723
msgstr ""
9718
9724
9719
#: serverguide/C/windows-networking.xml:1254(para)
9725
#: serverguide/C/samba.xml:1254(para)
9720
9726
msgid ""
9721
9727
"This will copy the <filename>file.txt</filename> into the current directory."
9722
9728
msgstr ""
9723
9729
9724
#: serverguide/C/windows-networking.xml:1261(para)
9730
#: serverguide/C/samba.xml:1261(para)
9725
9731
msgid "And to copy a file to the share:"
9726
9732
msgstr ""
9727
9733
9728
#: serverguide/C/windows-networking.xml:1266(command)
9734
#: serverguide/C/samba.xml:1266(command)
9729
9735
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9730
9736
msgstr ""
9731
9737
9732
#: serverguide/C/windows-networking.xml:1269(para)
9738
#: serverguide/C/samba.xml:1269(para)
9733
9739
msgid ""
9734
9740
"This will copy the <filename>/etc/hosts</filename> to "
9735
9741
"<filename>//fs01.example.com/share/hosts</filename>."
9736
9742
msgstr ""
9737
9743
9738
#: serverguide/C/windows-networking.xml:1276(para)
9744
#: serverguide/C/samba.xml:1276(para)
9739
9745
msgid ""
9740
9746
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9741
9747
"<application>smbclient</application> command all at once. This is useful for "
9744
9750
"and directory commands, simply execute:"
9745
9751
msgstr ""
9746
9752
9747
#: serverguide/C/windows-networking.xml:1283(command)
9753
#: serverguide/C/samba.xml:1283(command)
9748
9754
msgid "smbclient //fs01.example.com/share -k"
9749
9755
msgstr ""
9750
9756
9751
#: serverguide/C/windows-networking.xml:1290(para)
9757
#: serverguide/C/samba.xml:1290(para)
9752
9758
msgid ""
9753
9759
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9754
9760
"<emphasis>//192.168.0.5/share</emphasis>, "
9879
9885
"given the opportunity to describe the bug in your own words."
9880
9886
msgstr ""
9881
9887
9882
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:852(userinput)
9888
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:858(userinput)
9883
9889
#, no-wrap
9884
9890
msgid "1"
9885
9891
msgstr ""
10095
10101
"<application>Zentyal</application>."
10096
10102
msgstr ""
10097
10103
10098
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
10104
#: serverguide/C/remote-administration.xml:16(title)
10099
10105
msgid "OpenSSH Server"
10100
10106
msgstr "Server OpenSSH"
10101
10107
10378
10384
msgid "Preconfiguration"
10379
10385
msgstr ""
10380
10386
10381
#: serverguide/C/remote-administration.xml:256(para)
10387
#: serverguide/C/remote-administration.xml:236(para)
10382
10388
msgid ""
10383
10389
"Prior to configuring <application>puppet</application> you may want to add a "
10384
10390
"DNS <emphasis>CNAME</emphasis> record for "
10389
10395
"linkend=\"dns\"/> for more DNS details."
10390
10396
msgstr ""
10391
10397
10392
#: serverguide/C/remote-administration.xml:263(para)
10398
#: serverguide/C/remote-administration.xml:243(para)
10393
10399
msgid ""
10394
10400
"If you do not wish to use DNS, you can add entries to the server and client "
10395
10401
"<filename>/etc/hosts</filename> file. For example, in the "
10405
10411
"192.168.1.17 puppetclient.example.com puppetclient\n"
10406
10412
msgstr ""
10407
10413
10408
#: serverguide/C/remote-administration.xml:273(para)
10414
#: serverguide/C/remote-administration.xml:253(para)
10409
10415
msgid ""
10410
10416
"On each <application>Puppet</application> client, add an entry for the "
10411
10417
"server:"
10418
10424
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10419
10425
msgstr ""
10420
10426
10421
#: serverguide/C/remote-administration.xml:282(para)
10427
#: serverguide/C/remote-administration.xml:262(para)
10422
10428
msgid ""
10423
10429
"Replace the example IP addresses and domain names above with your actual "
10424
10430
"server and client addresses and domain names."
10425
10431
msgstr ""
10426
10432
10427
#: serverguide/C/remote-administration.xml:236(para)
10433
#: serverguide/C/remote-administration.xml:271(para)
10428
10434
msgid ""
10429
10435
"To install <application>Puppet</application>, in a terminal on the "
10430
10436
"<emphasis>server</emphasis> enter:"
10431
10437
msgstr ""
10432
10438
10433
#: serverguide/C/remote-administration.xml:241(command)
10439
#: serverguide/C/remote-administration.xml:276(command)
10434
10440
msgid "sudo apt-get install puppetmaster"
10435
10441
msgstr ""
10436
10442
10437
#: serverguide/C/remote-administration.xml:244(para)
10443
#: serverguide/C/remote-administration.xml:279(para)
10438
10444
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10439
10445
msgstr ""
10440
10446
10441
#: serverguide/C/remote-administration.xml:249(command)
10447
#: serverguide/C/remote-administration.xml:284(command)
10442
10448
msgid "sudo apt-get install puppet"
10443
10449
msgstr ""
10444
10450
10495
10501
"<application>Puppet</application> client's host name."
10496
10502
msgstr ""
10497
10503
10498
#: serverguide/C/remote-administration.xml:323(para)
10504
#: serverguide/C/remote-administration.xml:337(para)
10499
10505
msgid ""
10500
10506
"The final step for this simple <application>Puppet</application> server is "
10501
10507
"to restart the daemon:"
10505
10511
msgid "sudo service puppetmaster restart"
10506
10512
msgstr ""
10507
10513
10508
#: serverguide/C/remote-administration.xml:331(para)
10514
#: serverguide/C/remote-administration.xml:345(para)
10509
10515
msgid ""
10510
10516
"Now everything is configured on the <application>Puppet</application> "
10511
10517
"server, it is time to configure the client."
10518
10524
"<emphasis>START</emphasis> to yes:"
10519
10525
msgstr ""
10520
10526
10521
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10527
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10522
10528
#, no-wrap
10523
10529
msgid ""
10524
10530
"\n"
10525
10531
"START=yes\n"
10526
10532
msgstr ""
10527
10533
10528
#: serverguide/C/remote-administration.xml:344(para)
10534
#: serverguide/C/remote-administration.xml:358(para)
10529
10535
msgid "Then start the service:"
10530
10536
msgstr ""
10531
10537
10580
10586
"<application>Puppet</application> client."
10581
10587
msgstr ""
10582
10588
10583
#: serverguide/C/remote-administration.xml:366(para)
10589
#: serverguide/C/remote-administration.xml:406(para)
10584
10590
msgid ""
10585
10591
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10586
10592
"many of <application>Puppet</application>'s features and benefits. For more "
10587
10593
"information see <xref linkend=\"puppet-resources\"/>."
10588
10594
msgstr ""
10589
10595
10590
#: serverguide/C/remote-administration.xml:378(para)
10596
#: serverguide/C/remote-administration.xml:418(para)
10591
10597
msgid ""
10592
10598
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10593
10599
"Documentation</ulink> web site."
10599
10605
"online repository of puppet modules."
10600
10606
msgstr ""
10601
10607
10602
#: serverguide/C/remote-administration.xml:383(para)
10608
#: serverguide/C/remote-administration.xml:428(para)
10603
10609
msgid ""
10604
10610
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10605
10611
"Puppet</ulink>."
10606
10612
msgstr ""
10607
10613
10608
#: serverguide/C/remote-administration.xml:397(title)
10614
#: serverguide/C/remote-administration.xml:437(title)
10609
10615
msgid "Zentyal"
10610
10616
msgstr ""
10611
10617
10612
#: serverguide/C/remote-administration.xml:399(para)
10618
#: serverguide/C/remote-administration.xml:439(para)
10613
10619
msgid ""
10614
10620
"<application>Zentyal</application> is a Linux small business server, that "
10615
10621
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10636
10642
"them."
10637
10643
msgstr ""
10638
10644
10639
#: serverguide/C/remote-administration.xml:427(para)
10645
#: serverguide/C/remote-administration.xml:467(para)
10640
10646
msgid ""
10641
10647
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10642
10648
"available are:"
10643
10649
msgstr ""
10644
10650
10645
#: serverguide/C/remote-administration.xml:434(para)
10651
#: serverguide/C/remote-administration.xml:474(para)
10646
10652
msgid ""
10647
10653
"zentyal-core & zentyal-common: the core of the "
10648
10654
"<application>Zentyal</application> interface and the common libraries of the "
10650
10656
"administrator an interface to view the logs and generate events from them."
10651
10657
msgstr ""
10652
10658
10653
#: serverguide/C/remote-administration.xml:443(para)
10659
#: serverguide/C/remote-administration.xml:483(para)
10654
10660
msgid ""
10655
10661
"zentyal-network: manages the configuration of the network. From the "
10656
10662
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10665
10671
"services (e.g. HTTP instead of 80/TCP)."
10666
10672
msgstr ""
10667
10673
10668
#: serverguide/C/remote-administration.xml:458(para)
10674
#: serverguide/C/remote-administration.xml:498(para)
10669
10675
msgid ""
10670
10676
"zentyal-firewall: configures the <application>iptables</application> rules "
10671
10677
"to block forbiden connections, NAT and port redirections."
10672
10678
msgstr ""
10673
10679
10674
#: serverguide/C/remote-administration.xml:464(para)
10680
#: serverguide/C/remote-administration.xml:504(para)
10675
10681
msgid ""
10676
10682
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10677
10683
"network clients to synchronize their clocks against the server."
10678
10684
msgstr ""
10679
10685
10680
#: serverguide/C/remote-administration.xml:470(para)
10686
#: serverguide/C/remote-administration.xml:510(para)
10681
10687
msgid ""
10682
10688
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10683
10689
"supporting network ranges, static leases and other advanced options like "
10684
10690
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10685
10691
msgstr ""
10686
10692
10687
#: serverguide/C/remote-administration.xml:477(para)
10693
#: serverguide/C/remote-administration.xml:517(para)
10688
10694
msgid ""
10689
10695
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10690
10696
"your server for caching local queries as a forwarder or as an authoritative "
10692
10698
"and SRV records."
10693
10699
msgstr ""
10694
10700
10695
#: serverguide/C/remote-administration.xml:485(para)
10701
#: serverguide/C/remote-administration.xml:525(para)
10696
10702
msgid ""
10697
10703
"zentyal-ca: integrates the management of a Certification Authority within "
10698
10704
"Zentyal so users can use certificates to authenticate against the services, "
10699
10705
"like with <application>OpenVPN</application>."
10700
10706
msgstr ""
10701
10707
10702
#: serverguide/C/remote-administration.xml:492(para)
10708
#: serverguide/C/remote-administration.xml:532(para)
10703
10709
msgid ""
10704
10710
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10705
10711
"<application>OpenVPN</application> with dynamic routing configuration using "
10706
10712
"<application>Quagga</application>."
10707
10713
msgstr ""
10708
10714
10709
#: serverguide/C/remote-administration.xml:499(para)
10715
#: serverguide/C/remote-administration.xml:539(para)
10710
10716
msgid ""
10711
10717
"zentyal-users: provides an interface to configure and manage users and "
10712
10718
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10715
10721
"<application>Microsoft Active Directory</application> domain."
10716
10722
msgstr ""
10717
10723
10718
#: serverguide/C/remote-administration.xml:509(para)
10724
#: serverguide/C/remote-administration.xml:549(para)
10719
10725
msgid ""
10720
10726
"zentyal-squid: configures <application>Squid</application> and "
10721
10727
"<application>Dansguardian</application> for speeding up browsing thanks to "
10722
10728
"the caching capabilities and content filtering."
10723
10729
msgstr ""
10724
10730
10725
#: serverguide/C/remote-administration.xml:516(para)
10731
#: serverguide/C/remote-administration.xml:556(para)
10726
10732
msgid ""
10727
10733
"zentyal-samba: allows <application>Samba</application> configuration and "
10728
10734
"integration with existing LDAP. From the same interface you can define "
10729
10735
"password policies, create shared resources and assign permissions."
10730
10736
msgstr ""
10731
10737
10732
#: serverguide/C/remote-administration.xml:524(para)
10738
#: serverguide/C/remote-administration.xml:564(para)
10733
10739
msgid ""
10734
10740
"zentyal-printers: integrates <application>CUPS</application> with "
10735
10741
"<application>Samba</application> and allows not only to configure the "
10736
10742
"printers but also give them permissions based on LDAP users and groups."
10737
10743
msgstr ""
10738
10744
10739
#: serverguide/C/remote-administration.xml:533(para)
10745
#: serverguide/C/remote-administration.xml:573(para)
10740
10746
msgid ""
10741
10747
"To install <application>Zentyal</application>, in a terminal on the "
10742
10748
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10743
10749
"the modules from the previous list):"
10744
10750
msgstr ""
10745
10751
10746
#: serverguide/C/remote-administration.xml:540(command)
10752
#: serverguide/C/remote-administration.xml:580(command)
10747
10753
msgid "sudo apt-get install <zentyal-module>"
10748
10754
msgstr ""
10749
10755
10750
#: serverguide/C/remote-administration.xml:544(para)
10756
#: serverguide/C/remote-administration.xml:584(para)
10751
10757
msgid ""
10752
10758
"<application>Zentyal</application> publishes one major stable release once a "
10753
10759
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10767
10773
"Personal Package Archive (PPA)</ulink>."
10768
10774
msgstr ""
10769
10775
10770
#: serverguide/C/remote-administration.xml:566(para)
10776
#: serverguide/C/remote-administration.xml:606(para)
10771
10777
msgid ""
10772
10778
"Not present on Ubuntu Universe repositories, but on <ulink "
10773
10779
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10774
10780
"find these other modules:"
10775
10781
msgstr ""
10776
10782
10777
#: serverguide/C/remote-administration.xml:573(para)
10783
#: serverguide/C/remote-administration.xml:613(para)
10778
10784
msgid ""
10779
10785
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10780
10786
"with other modules like the proxy, file sharing or mailfilter."
10781
10787
msgstr ""
10782
10788
10783
#: serverguide/C/remote-administration.xml:580(para)
10789
#: serverguide/C/remote-administration.xml:620(para)
10784
10790
msgid ""
10785
10791
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10786
10792
"a simple PBX with LDAP based authentication."
10787
10793
msgstr ""
10788
10794
10789
#: serverguide/C/remote-administration.xml:586(para)
10795
#: serverguide/C/remote-administration.xml:626(para)
10790
10796
msgid ""
10791
10797
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10792
10798
msgstr ""
10793
10799
10794
#: serverguide/C/remote-administration.xml:592(para)
10800
#: serverguide/C/remote-administration.xml:632(para)
10795
10801
msgid ""
10796
10802
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10797
10803
"LDAP users and groups."
10798
10804
msgstr ""
10799
10805
10800
#: serverguide/C/remote-administration.xml:598(para)
10806
#: serverguide/C/remote-administration.xml:638(para)
10801
10807
msgid ""
10802
10808
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10803
10809
"popular <application>duplicity</application> backup tool."
10804
10810
msgstr ""
10805
10811
10806
#: serverguide/C/remote-administration.xml:604(para)
10812
#: serverguide/C/remote-administration.xml:644(para)
10807
10813
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10808
10814
msgstr ""
10809
10815
10810
#: serverguide/C/remote-administration.xml:609(para)
10816
#: serverguide/C/remote-administration.xml:649(para)
10811
10817
msgid "zentyal-ids: integrates a network intrusion detection system."
10812
10818
msgstr ""
10813
10819
10814
#: serverguide/C/remote-administration.xml:614(para)
10820
#: serverguide/C/remote-administration.xml:654(para)
10815
10821
msgid ""
10816
10822
"zentyal-ipsec: allows to configure IPsec tunnels using "
10817
10823
"<application>OpenSwan</application>."
10818
10824
msgstr ""
10819
10825
10820
#: serverguide/C/remote-administration.xml:620(para)
10826
#: serverguide/C/remote-administration.xml:660(para)
10821
10827
msgid ""
10822
10828
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10823
10829
"with LDAP users and groups."
10824
10830
msgstr ""
10825
10831
10826
#: serverguide/C/remote-administration.xml:626(para)
10832
#: serverguide/C/remote-administration.xml:666(para)
10827
10833
msgid ""
10828
10834
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10829
10835
"solution."
10830
10836
msgstr ""
10831
10837
10832
#: serverguide/C/remote-administration.xml:632(para)
10838
#: serverguide/C/remote-administration.xml:672(para)
10833
10839
msgid ""
10834
10840
"zentyal-mail: a full mail stack including <application>Postfix "
10835
10841
"</application> and <application>Dovecot</application> with LDAP backend."
10836
10842
msgstr ""
10837
10843
10838
#: serverguide/C/remote-administration.xml:639(para)
10844
#: serverguide/C/remote-administration.xml:679(para)
10839
10845
msgid ""
10840
10846
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10841
10847
"stack to filter spam and attached virus."
10842
10848
msgstr ""
10843
10849
10844
#: serverguide/C/remote-administration.xml:645(para)
10850
#: serverguide/C/remote-administration.xml:685(para)
10845
10851
msgid ""
10846
10852
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10847
10853
"server performance and running services."
10848
10854
msgstr ""
10849
10855
10850
#: serverguide/C/remote-administration.xml:651(para)
10856
#: serverguide/C/remote-administration.xml:691(para)
10851
10857
msgid ""
10852
10858
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10853
10859
msgstr ""
10854
10860
10855
#: serverguide/C/remote-administration.xml:656(para)
10861
#: serverguide/C/remote-administration.xml:696(para)
10856
10862
msgid ""
10857
10863
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10858
10864
"users and groups."
10859
10865
msgstr ""
10860
10866
10861
#: serverguide/C/remote-administration.xml:662(para)
10867
#: serverguide/C/remote-administration.xml:702(para)
10862
10868
msgid ""
10863
10869
"zentyal-software: simple interface to manage installed "
10864
10870
"<application>Zentyal</application> modules and system updates."
10865
10871
msgstr ""
10866
10872
10867
#: serverguide/C/remote-administration.xml:668(para)
10873
#: serverguide/C/remote-administration.xml:708(para)
10868
10874
msgid ""
10869
10875
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10870
10876
"throttling and improve latency."
10871
10877
msgstr ""
10872
10878
10873
#: serverguide/C/remote-administration.xml:674(para)
10879
#: serverguide/C/remote-administration.xml:714(para)
10874
10880
msgid ""
10875
10881
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10876
10882
"web browser."
10877
10883
msgstr ""
10878
10884
10879
#: serverguide/C/remote-administration.xml:680(para)
10885
#: serverguide/C/remote-administration.xml:720(para)
10880
10886
msgid ""
10881
10887
"zentyal-virt: simple interface to create and manage virtual machines based "
10882
10888
"on <application>libvirt</application>."
10883
10889
msgstr ""
10884
10890
10885
#: serverguide/C/remote-administration.xml:686(para)
10891
#: serverguide/C/remote-administration.xml:726(para)
10886
10892
msgid ""
10887
10893
"zentyal-webmail: allows to access your mail using the popular "
10888
10894
"<application>Roundcube</application> webmail."
10889
10895
msgstr ""
10890
10896
10891
#: serverguide/C/remote-administration.xml:692(para)
10897
#: serverguide/C/remote-administration.xml:732(para)
10892
10898
msgid ""
10893
10899
"zentyal-webserver: configures <application>Apache</application> webserver to "
10894
10900
"host different sites on your machine."
10895
10901
msgstr ""
10896
10902
10897
#: serverguide/C/remote-administration.xml:698(para)
10903
#: serverguide/C/remote-administration.xml:738(para)
10898
10904
msgid ""
10899
10905
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10900
10906
"with <application>Zentyal</application> mail stack and LDAP."
10901
10907
msgstr ""
10902
10908
10903
#: serverguide/C/remote-administration.xml:710(title)
10909
#: serverguide/C/remote-administration.xml:750(title)
10904
10910
msgid "First steps"
10905
10911
msgstr ""
10906
10912
10907
#: serverguide/C/remote-administration.xml:712(para)
10913
#: serverguide/C/remote-administration.xml:752(para)
10908
10914
msgid ""
10909
10915
"Any system account belonging to the sudo group is allowed to log into "
10910
10916
"<application>Zentyal</application> web interface. If you are using the user "
10911
10917
"created during the installation, this should be in the sudo group by default."
10912
10918
msgstr ""
10913
10919
10914
#: serverguide/C/remote-administration.xml:720(para)
10920
#: serverguide/C/remote-administration.xml:760(para)
10915
10921
msgid "If you need to add another user to the sudo group, just execute:"
10916
10922
msgstr ""
10917
10923
10918
#: serverguide/C/remote-administration.xml:725(command)
10924
#: serverguide/C/remote-administration.xml:765(command)
10919
10925
msgid "sudo adduser username sudo"
10920
10926
msgstr ""
10921
10927
10922
#: serverguide/C/remote-administration.xml:729(para)
10928
#: serverguide/C/remote-administration.xml:769(para)
10923
10929
msgid ""
10924
10930
"To access <application>Zentyal</application> web interface, browse into "
10925
10931
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10927
10933
"exception on your browser."
10928
10934
msgstr ""
10929
10935
10930
#: serverguide/C/remote-administration.xml:736(para)
10936
#: serverguide/C/remote-administration.xml:776(para)
10931
10937
msgid ""
10932
10938
"Once logged in you will see the dashboard with an overview of your server. "
10933
10939
"To configure any of the features of your installed modules, go to the "
10941
10947
"files."
10942
10948
msgstr ""
10943
10949
10944
#: serverguide/C/remote-administration.xml:750(para)
10950
#: serverguide/C/remote-administration.xml:790(para)
10945
10951
msgid ""
10946
10952
"If you need to customize any configuration file or run certain actions "
10947
10953
"(scripts or commands) to configure features not available on "
10950
10956
"/etc/zentyal/hooks/<module>.<action>."
10951
10957
msgstr ""
10952
10958
10953
#: serverguide/C/remote-administration.xml:763(para)
10959
#: serverguide/C/remote-administration.xml:803(para)
10954
10960
msgid ""
10955
10961
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10956
10962
"</ulink> page."
10957
10963
msgstr ""
10958
10964
10959
#: serverguide/C/remote-administration.xml:767(para)
10965
#: serverguide/C/remote-administration.xml:807(para)
10960
10966
msgid ""
10961
10967
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10962
10968
"Community Documentation</ulink> page."
10963
10969
msgstr ""
10964
10970
10965
#: serverguide/C/remote-administration.xml:771(para)
10971
#: serverguide/C/remote-administration.xml:811(para)
10966
10972
msgid ""
10967
10973
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10968
10974
"</ulink> for community support, feedback, feature requests, etc."
10976
10982
msgid ""
10977
10983
"Ubuntu features a comprehensive package management system for installing, "
10978
10984
"upgrading, configuring, and removing software. In addition to providing "
10979
"access to an organized base of over 35,000 software packages for your Ubuntu "
10985
"access to an organized base of over 45,000 software packages for your Ubuntu "
10980
10986
"computer, the package management facilities also feature dependency "
10981
10987
"resolution capabilities and software update checking."
10982
10988
msgstr ""
11008
11014
11009
11015
#: serverguide/C/package-management.xml:25(para)
11010
11016
msgid ""
11011
"Many complex packages use the concept of <emphasis "
11017
"Many complex packages use <emphasis "
11012
11018
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
11013
11019
"packages required by the principal package in order to function properly. "
11014
11020
"For example, the speech synthesis package "
11336
11342
"menu."
11337
11343
msgstr ""
11338
11344
11339
#: serverguide/C/package-management.xml:246(para)
11345
#: serverguide/C/package-management.xml:263(para)
11340
11346
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11341
11347
msgstr "<emphasis role=\"bold\">i</emphasis>: Paket Terinstall"
11342
11348
11343
#: serverguide/C/package-management.xml:251(para)
11349
#: serverguide/C/package-management.xml:268(para)
11344
11350
msgid ""
11345
11351
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11346
11352
"configuration remains on system"
11348
11354
"<emphasis role=\"bold\">c</emphasis>: Paket tidak diinstal, tetapi "
11349
11355
"konfigurasi paket tetap ada pada sisten"
11350
11356
11351
#: serverguide/C/package-management.xml:255(para)
11357
#: serverguide/C/package-management.xml:272(para)
11352
11358
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11353
11359
msgstr "<emphasis role=\"bold\">p</emphasis>: Bersihkan dari sistem"
11354
11360
11355
#: serverguide/C/package-management.xml:259(para)
11361
#: serverguide/C/package-management.xml:276(para)
11356
11362
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11357
11363
msgstr "<emphasis role=\"bold\">v</emphasis>: paket Maya"
11358
11364
11359
#: serverguide/C/package-management.xml:263(para)
11365
#: serverguide/C/package-management.xml:280(para)
11360
11366
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11361
11367
msgstr "<emphasis role=\"bold\">B</emphasis>: paket Patah"
11362
11368
11363
#: serverguide/C/package-management.xml:267(para)
11369
#: serverguide/C/package-management.xml:284(para)
11364
11370
msgid ""
11365
11371
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11366
11372
"configured"
11368
11374
"<emphasis role=\"bold\">u</emphasis>: Berkas belum dibongkar, tetapi paket "
11369
11375
"belum dikonfigurasi"
11370
11376
11371
#: serverguide/C/package-management.xml:271(para)
11377
#: serverguide/C/package-management.xml:288(para)
11372
11378
msgid ""
11373
11379
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11374
11380
"and requires fix"
11376
11382
"<emphasis role=\"bold\">C</emphasis>: Setengah terkonfigurasi - Konfigurasi "
11377
11383
"gagal dan butuh perbaikan"
11378
11384
11379
#: serverguide/C/package-management.xml:275(para)
11385
#: serverguide/C/package-management.xml:292(para)
11380
11386
msgid ""
11381
11387
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11382
11388
"requires fix"
11384
11390
"<emphasis role=\"bold\">C</emphasis>: Setengah terkonfigurasi - Penghapusan "
11385
11391
"gagal dan perlu perbaikan"
11386
11392
11387
#: serverguide/C/package-management.xml:243(para)
11393
#: serverguide/C/package-management.xml:260(para)
11388
11394
msgid ""
11389
11395
"The first column of information displayed in the package list in the top "
11390
11396
"pane, when actually viewing packages lists the current state of the package, "
11392
11398
"<placeholder-1/>"
11393
11399
msgstr ""
11394
11400
11395
#: serverguide/C/package-management.xml:281(para)
11401
#: serverguide/C/package-management.xml:298(para)
11396
11402
msgid ""
11397
11403
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11398
11404
"wish to exit. Many other functions are available from the Aptitude menu by "
11402
11408
"konfirmasikan jika anda ingin keluar. Banyak fungsi yang tersedia pada menu "
11403
11409
"Aptitude dengan menekan tombol <keycap>F10</keycap>"
11404
11410
11405
#: serverguide/C/package-management.xml:284(title)
11411
#: serverguide/C/package-management.xml:301(title)
11406
11412
msgid "Command Line Aptitude"
11407
11413
msgstr ""
11408
11414
11409
#: serverguide/C/package-management.xml:285(para)
11415
#: serverguide/C/package-management.xml:302(para)
11410
11416
msgid ""
11411
11417
"You can also use <application>Aptitude</application> as a command-line tool, "
11412
11418
"similar to <application>apt-get</application>. To install the "
11420
11426
"of command line options for <application>Aptitude</application>."
11421
11427
msgstr ""
11422
11428
11423
#: serverguide/C/package-management.xml:298(title)
11429
#: serverguide/C/package-management.xml:315(title)
11424
11430
msgid "Automatic Updates"
11425
11431
msgstr ""
11426
11432
11427
#: serverguide/C/package-management.xml:300(para)
11433
#: serverguide/C/package-management.xml:317(para)
11428
11434
msgid ""
11429
11435
"The <application>unattended-upgrades</application> package can be used to "
11430
11436
"automatically install updated packages, and can be configured to update all "
11432
11438
"entering the following in a terminal:"
11433
11439
msgstr ""
11434
11440
11435
#: serverguide/C/package-management.xml:306(command)
11441
#: serverguide/C/package-management.xml:323(command)
11436
11442
msgid "sudo apt-get install unattended-upgrades"
11437
11443
msgstr ""
11438
11444
11439
#: serverguide/C/package-management.xml:309(para)
11445
#: serverguide/C/package-management.xml:326(para)
11440
11446
msgid ""
11441
11447
"To configure <application>unattended-upgrades</application>, edit "
11442
11448
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11453
11459
"};\n"
11454
11460
msgstr ""
11455
11461
11456
#: serverguide/C/package-management.xml:321(para)
11462
#: serverguide/C/package-management.xml:338(para)
11457
11463
msgid ""
11458
11464
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11459
11465
"will not be automatically updated. To blacklist a package, add it to the "
11460
11466
"list:"
11461
11467
msgstr ""
11462
11468
11463
#: serverguide/C/package-management.xml:326(programlisting)
11469
#: serverguide/C/package-management.xml:343(programlisting)
11464
11470
#, no-wrap
11465
11471
msgid ""
11466
11472
"\n"
11472
11478
"};\n"
11473
11479
msgstr ""
11474
11480
11475
#: serverguide/C/package-management.xml:336(para)
11481
#: serverguide/C/package-management.xml:353(para)
11476
11482
msgid ""
11477
11483
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11478
11484
"whatever follows \"//\" will not be evaluated."
11479
11485
msgstr ""
11480
11486
11481
#: serverguide/C/package-management.xml:341(para)
11487
#: serverguide/C/package-management.xml:358(para)
11482
11488
msgid ""
11483
11489
"To enable automatic updates, edit "
11484
11490
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11485
11491
"<application>apt</application> configuration options:"
11486
11492
msgstr ""
11487
11493
11488
#: serverguide/C/package-management.xml:345(programlisting)
11494
#: serverguide/C/package-management.xml:362(programlisting)
11489
11495
#, no-wrap
11490
11496
msgid ""
11491
11497
"\n"
11495
11501
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11496
11502
msgstr ""
11497
11503
11498
#: serverguide/C/package-management.xml:352(para)
11504
#: serverguide/C/package-management.xml:369(para)
11499
11505
msgid ""
11500
11506
"The above configuration updates the package list, downloads, and installs "
11501
11507
"available upgrades every day. The local download archive is cleaned every "
11502
11508
"week."
11503
11509
msgstr ""
11504
11510
11505
#: serverguide/C/package-management.xml:358(para)
11511
#: serverguide/C/package-management.xml:375(para)
11506
11512
msgid ""
11507
11513
"You can read more about <application>apt</application> Periodic "
11508
11514
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11509
11515
"header."
11510
11516
msgstr ""
11511
11517
11512
#: serverguide/C/package-management.xml:363(para)
11518
#: serverguide/C/package-management.xml:380(para)
11513
11519
msgid ""
11514
11520
"The results of <application>unattended-upgrades</application> will be logged "
11515
11521
"to <filename>/var/log/unattended-upgrades</filename>."
11516
11522
msgstr ""
11517
11523
11518
#: serverguide/C/package-management.xml:368(title)
11524
#: serverguide/C/package-management.xml:385(title)
11519
11525
msgid "Notifications"
11520
11526
msgstr ""
11521
11527
11522
#: serverguide/C/package-management.xml:370(para)
11528
#: serverguide/C/package-management.xml:387(para)
11523
11529
msgid ""
11524
11530
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11525
11531
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11527
11533
"detailing any packages that need upgrading or have problems."
11528
11534
msgstr ""
11529
11535
11530
#: serverguide/C/package-management.xml:375(para)
11536
#: serverguide/C/package-management.xml:392(para)
11531
11537
msgid ""
11532
11538
"Another useful package is <application>apticron</application>. "
11533
11539
"<application>apticron</application> will configure a "
11536
11542
"summary of changes in each package."
11537
11543
msgstr ""
11538
11544
11539
#: serverguide/C/package-management.xml:381(para)
11545
#: serverguide/C/package-management.xml:398(para)
11540
11546
msgid ""
11541
11547
"To install the <application>apticron</application> package, in a terminal "
11542
11548
"enter:"
11543
11549
msgstr ""
11544
11550
11545
#: serverguide/C/package-management.xml:386(command)
11551
#: serverguide/C/package-management.xml:403(command)
11546
11552
msgid "sudo apt-get install apticron"
11547
11553
msgstr ""
11548
11554
11549
#: serverguide/C/package-management.xml:389(para)
11555
#: serverguide/C/package-management.xml:406(para)
11550
11556
msgid ""
11551
11557
"Once the package is installed edit "
11552
11558
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11553
11559
"and other options:"
11554
11560
msgstr ""
11555
11561
11556
#: serverguide/C/package-management.xml:393(programlisting)
11562
#: serverguide/C/package-management.xml:410(programlisting)
11557
11563
#, no-wrap
11558
11564
msgid ""
11559
11565
"\n"
11560
11566
"EMAIL=\"root@example.com\"\n"
11561
11567
msgstr ""
11562
11568
11563
#: serverguide/C/package-management.xml:402(para)
11569
#: serverguide/C/package-management.xml:419(para)
11564
11570
msgid ""
11565
11571
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11566
11572
"system repositories is stored in the "
11570
11576
"repository references from the file."
11571
11577
msgstr ""
11572
11578
11573
#: serverguide/C/package-management.xml:411(para)
11579
#: serverguide/C/package-management.xml:424(para)
11574
11580
msgid ""
11575
11581
"You may edit the file to enable repositories or disable them. For example, "
11576
11582
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11591
11597
"main restricted\n"
11592
11598
msgstr ""
11593
11599
11594
#: serverguide/C/package-management.xml:422(title)
11600
#: serverguide/C/package-management.xml:435(title)
11595
11601
msgid "Extra Repositories"
11596
11602
msgstr "Gudang Tambahan"
11597
11603
11598
#: serverguide/C/package-management.xml:423(para)
11604
#: serverguide/C/package-management.xml:436(para)
11599
11605
msgid ""
11600
11606
"In addition to the officially supported package repositories available for "
11601
11607
"Ubuntu, there exist additional community-maintained repositories which add "
11606
11612
"which are safe for use with your Ubuntu computer."
11607
11613
msgstr ""
11608
11614
11609
#: serverguide/C/package-management.xml:426(para)
11615
#: serverguide/C/package-management.xml:439(para)
11610
11616
msgid ""
11611
11617
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11612
11618
"licensing issues that prevent them from being distributed with a free "
11613
11619
"operating system, and they may be illegal in your locality."
11614
11620
msgstr ""
11615
11621
11616
#: serverguide/C/package-management.xml:428(para)
11622
#: serverguide/C/package-management.xml:441(para)
11617
11623
msgid ""
11618
11624
"Be advised that neither the <emphasis>Universe</emphasis> or "
11619
11625
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11621
11627
"packages."
11622
11628
msgstr ""
11623
11629
11624
#: serverguide/C/package-management.xml:432(para)
11630
#: serverguide/C/package-management.xml:445(para)
11625
11631
msgid ""
11626
11632
"Many other package sources are available, sometimes even offering only one "
11627
11633
"package, as in the case of package sources provided by the developer of a "
11632
11638
"functional in some respects."
11633
11639
msgstr ""
11634
11640
11635
#: serverguide/C/package-management.xml:435(para)
11641
#: serverguide/C/package-management.xml:448(para)
11636
11642
msgid ""
11637
11643
"By default, the <emphasis>Universe</emphasis> and "
11638
11644
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11663
11669
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11664
11670
msgstr ""
11665
11671
11666
#: serverguide/C/package-management.xml:468(para)
11672
#: serverguide/C/package-management.xml:481(para)
11667
11673
msgid ""
11668
11674
"Most of the material covered in this chapter is available in "
11669
11675
"<application>man</application> pages, many of which are available online."
11670
11676
msgstr ""
11671
11677
11672
#: serverguide/C/package-management.xml:475(para)
11678
#: serverguide/C/package-management.xml:488(para)
11673
11679
msgid ""
11674
11680
"The <ulink "
11675
11681
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11699
11705
"ude man page</ulink> for more <application>aptitude</application> options."
11700
11706
msgstr ""
11701
11707
11702
#: serverguide/C/package-management.xml:499(para)
11708
#: serverguide/C/package-management.xml:512(para)
11703
11709
msgid ""
11704
11710
"The <ulink "
11705
11711
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11766
11772
"reboots (e.g.: after a kernel upgrade)."
11767
11773
msgstr ""
11768
11774
11769
#: serverguide/C/other-apps.xml:44(para)
11775
#: serverguide/C/other-apps.xml:61(para)
11770
11776
msgid ""
11771
11777
"<application>pam_motd</application> executes the scripts in "
11772
11778
"<filename>/etc/update-motd.d</filename> in order based on the number "
11775
11781
"concatenated with <filename>/etc/motd.tail</filename>."
11776
11782
msgstr ""
11777
11783
11778
#: serverguide/C/other-apps.xml:50(para)
11784
#: serverguide/C/other-apps.xml:67(para)
11779
11785
msgid ""
11780
11786
"You can add your own dynamic information to the MOTD. For example, to add "
11781
11787
"local weather information:"
11782
11788
msgstr ""
11783
11789
11784
#: serverguide/C/other-apps.xml:56(para)
11790
#: serverguide/C/other-apps.xml:73(para)
11785
11791
msgid "First, install the <application>weather-util</application> package:"
11786
11792
msgstr ""
11787
11793
11788
#: serverguide/C/other-apps.xml:61(command)
11794
#: serverguide/C/other-apps.xml:78(command)
11789
11795
msgid "sudo apt-get install weather-util"
11790
11796
msgstr ""
11791
11797
11792
#: serverguide/C/other-apps.xml:66(para)
11798
#: serverguide/C/other-apps.xml:83(para)
11793
11799
msgid ""
11794
11800
"The <application>weather</application> utility uses METAR data from the "
11795
11801
"National Oceanic and Atmospheric Administration and forecasts from the "
11799
11805
"Weather Service</ulink> site."
11800
11806
msgstr ""
11801
11807
11802
#: serverguide/C/other-apps.xml:73(para)
11808
#: serverguide/C/other-apps.xml:90(para)
11803
11809
msgid ""
11804
11810
"Although the National Weather Service is a United States government agency "
11805
11811
"there are weather stations available world wide. However, local weather "
11806
11812
"information for all locations outside the U.S. may not be available."
11807
11813
msgstr ""
11808
11814
11809
#: serverguide/C/other-apps.xml:79(para)
11815
#: serverguide/C/other-apps.xml:96(para)
11810
11816
msgid ""
11811
11817
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11812
11818
"script to use <application>weather</application> with your local ICAO "
11813
11819
"indicator:"
11814
11820
msgstr ""
11815
11821
11816
#: serverguide/C/other-apps.xml:84(programlisting)
11822
#: serverguide/C/other-apps.xml:101(programlisting)
11817
11823
#, no-wrap
11818
11824
msgid ""
11819
11825
"\n"
11833
11839
"\n"
11834
11840
msgstr ""
11835
11841
11836
#: serverguide/C/other-apps.xml:102(para)
11842
#: serverguide/C/other-apps.xml:119(para)
11837
11843
msgid "Make the script executable:"
11838
11844
msgstr ""
11839
11845
11840
#: serverguide/C/other-apps.xml:107(command)
11846
#: serverguide/C/other-apps.xml:124(command)
11841
11847
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11842
11848
msgstr ""
11843
11849
11844
#: serverguide/C/other-apps.xml:111(para)
11850
#: serverguide/C/other-apps.xml:128(para)
11845
11851
msgid ""
11846
11852
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11847
11853
"weather</filename>:"
11848
11854
msgstr ""
11849
11855
11850
#: serverguide/C/other-apps.xml:116(command)
11856
#: serverguide/C/other-apps.xml:133(command)
11851
11857
msgid ""
11852
11858
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11853
11859
msgstr ""
11854
11860
11855
#: serverguide/C/other-apps.xml:120(para)
11861
#: serverguide/C/other-apps.xml:137(para)
11856
11862
msgid "Finally, exit the server and re-login to view the new MOTD."
11857
11863
msgstr ""
11858
11864
11859
#: serverguide/C/other-apps.xml:126(para)
11865
#: serverguide/C/other-apps.xml:143(para)
11860
11866
msgid ""
11861
11867
"You should now be greeted with some useful information, and some information "
11862
11868
"about the local weather that may not be quite so useful. Hopefully the "
11872
11878
"<application>update-motd</application>."
11873
11879
msgstr ""
11874
11880
11875
#: serverguide/C/other-apps.xml:338(para)
11881
#: serverguide/C/other-apps.xml:163(para)
11876
11882
msgid ""
11877
11883
"The Debian Package of the Day <ulink "
11878
11884
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11880
11886
"details about using the <application>weather</application>utility."
11881
11887
msgstr ""
11882
11888
11883
#: serverguide/C/other-apps.xml:134(title)
11889
#: serverguide/C/other-apps.xml:178(title)
11884
11890
msgid "etckeeper"
11885
11891
msgstr ""
11886
11892
11896
11902
"possible."
11897
11903
msgstr ""
11898
11904
11899
#: serverguide/C/other-apps.xml:144(para)
11905
#: serverguide/C/other-apps.xml:188(para)
11900
11906
msgid ""
11901
11907
"Install <application>etckeeper</application> by entering the following in a "
11902
11908
"terminal:"
11903
11909
msgstr ""
11904
11910
11905
#: serverguide/C/other-apps.xml:149(command)
11911
#: serverguide/C/other-apps.xml:193(command)
11906
11912
msgid "sudo apt-get install etckeeper"
11907
11913
msgstr ""
11908
11914
11917
11923
"It is possible to undo this by entering the following command:"
11918
11924
msgstr ""
11919
11925
11920
#: serverguide/C/other-apps.xml:162(command)
11926
#: serverguide/C/other-apps.xml:204(command)
11921
11927
msgid "sudo etckeeper uninit"
11922
11928
msgstr ""
11923
11929
11924
#: serverguide/C/other-apps.xml:165(para)
11930
#: serverguide/C/other-apps.xml:207(para)
11925
11931
msgid ""
11926
11932
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11927
11933
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11930
11936
"commit your changes manually, together with a commit message, using:"
11931
11937
msgstr ""
11932
11938
11933
#: serverguide/C/other-apps.xml:174(command)
11939
#: serverguide/C/other-apps.xml:214(command)
11934
11940
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11935
11941
msgstr ""
11936
11942
11938
11944
msgid "Using bzr's VCS commands you can view log information:"
11939
11945
msgstr ""
11940
11946
11941
#: serverguide/C/other-apps.xml:182(command)
11947
#: serverguide/C/other-apps.xml:222(command)
11942
11948
msgid "sudo bzr log /etc/passwd"
11943
11949
msgstr ""
11944
11950
11948
11954
"install <application>postfix</application>:"
11949
11955
msgstr ""
11950
11956
11951
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11957
#: serverguide/C/other-apps.xml:230(command) serverguide/C/mail.xml:43(command)
11952
11958
msgid "sudo apt-get install postfix"
11953
11959
msgstr ""
11954
11960
11955
#: serverguide/C/other-apps.xml:193(para)
11961
#: serverguide/C/other-apps.xml:233(para)
11956
11962
msgid ""
11957
11963
"When the installation is finished, all the "
11958
11964
"<application>postfix</application> configuration files should be committed "
11959
11965
"to the repository:"
11960
11966
msgstr ""
11961
11967
11962
#: serverguide/C/other-apps.xml:199(computeroutput)
11968
#: serverguide/C/other-apps.xml:239(computeroutput)
11963
11969
#, no-wrap
11964
11970
msgid ""
11965
11971
"Committing to: /etc/\n"
12002
12008
"Committed revision 2."
12003
12009
msgstr ""
12004
12010
12005
#: serverguide/C/other-apps.xml:239(para)
12011
#: serverguide/C/other-apps.xml:279(para)
12006
12012
msgid ""
12007
12013
"For an example of how <application>etckeeper</application> tracks manual "
12008
12014
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
12009
12015
"<application>bzr</application> you can see which files have been modified:"
12010
12016
msgstr ""
12011
12017
12012
#: serverguide/C/other-apps.xml:245(command)
12018
#: serverguide/C/other-apps.xml:285(command)
12013
12019
msgid "sudo bzr status /etc/"
12014
12020
msgstr ""
12015
12021
12016
#: serverguide/C/other-apps.xml:246(computeroutput)
12022
#: serverguide/C/other-apps.xml:286(computeroutput)
12017
12023
#, no-wrap
12018
12024
msgid ""
12019
12025
"modified:\n"
12020
12026
" hosts"
12021
12027
msgstr ""
12022
12028
12023
#: serverguide/C/other-apps.xml:250(para)
12029
#: serverguide/C/other-apps.xml:290(para)
12024
12030
msgid "Now commit the changes:"
12025
12031
msgstr ""
12026
12032
12028
12034
msgid "sudo etckeeper commit \"added new host\""
12029
12035
msgstr ""
12030
12036
12031
#: serverguide/C/other-apps.xml:258(para)
12037
#: serverguide/C/other-apps.xml:298(para)
12032
12038
msgid ""
12033
12039
"For more information on <application>bzr</application> see <xref "
12034
12040
"linkend=\"bazaar\"/>."
12035
12041
msgstr ""
12036
12042
12037
#: serverguide/C/other-apps.xml:345(para)
12038
msgid ""
12039
"See the <ulink "
12040
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12041
"more details on using <application>etckeeper</application>."
12042
msgstr ""
12043
12044
#: serverguide/C/other-apps.xml:351(para)
12045
msgid ""
12046
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12047
"Ubuntu Wiki</ulink> page."
12048
msgstr ""
12049
12050
#: serverguide/C/other-apps.xml:356(para)
12043
#: serverguide/C/other-apps.xml:310(para)
12044
msgid ""
12045
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
12046
"site for more details on using <application>etckeeper</application>."
12047
msgstr ""
12048
12049
#: serverguide/C/other-apps.xml:317(para)
12051
12050
msgid ""
12052
12051
"For the latest news and information about <application>bzr</application> see "
12053
12052
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12054
12053
msgstr ""
12055
12054
12056
#: serverguide/C/other-apps.xml:264(title)
12055
#: serverguide/C/other-apps.xml:329(title)
12057
12056
msgid "Byobu"
12058
12057
msgstr ""
12059
12058
12060
#: serverguide/C/other-apps.xml:337(para)
12059
#: serverguide/C/other-apps.xml:331(para)
12061
12060
msgid ""
12062
12061
"One of the most useful applications for any system administrator is an xterm "
12063
12062
"multiplexor such as <application>screen</application> or "
12069
12068
"changed by the user."
12070
12069
msgstr ""
12071
12070
12072
#: serverguide/C/other-apps.xml:344(para)
12071
#: serverguide/C/other-apps.xml:338(para)
12073
12072
msgid "Invoke it simply with:"
12074
12073
msgstr ""
12075
12074
12076
#: serverguide/C/other-apps.xml:349(command)
12075
#: serverguide/C/other-apps.xml:343(command)
12077
12076
msgid "byobu"
12078
12077
msgstr ""
12079
12078
12080
#: serverguide/C/other-apps.xml:352(para)
12079
#: serverguide/C/other-apps.xml:346(para)
12081
12080
msgid ""
12082
12081
"Now bring up the configuration menu. By default this is done by pressing the "
12083
12082
"<emphasis>F9</emphasis> key. This will allow you to:"
12084
12083
msgstr ""
12085
12084
12086
#: serverguide/C/other-apps.xml:279(para)
12085
#: serverguide/C/other-apps.xml:351(para)
12087
12086
msgid "View the Help menu"
12088
12087
msgstr ""
12089
12088
12090
#: serverguide/C/other-apps.xml:280(para)
12089
#: serverguide/C/other-apps.xml:352(para)
12091
12090
msgid "Change Byobu's background color"
12092
12091
msgstr ""
12093
12092
12094
#: serverguide/C/other-apps.xml:281(para)
12093
#: serverguide/C/other-apps.xml:353(para)
12095
12094
msgid "Change Byobu's foreground color"
12096
12095
msgstr ""
12097
12096
12098
#: serverguide/C/other-apps.xml:282(para)
12097
#: serverguide/C/other-apps.xml:354(para)
12099
12098
msgid "Toggle status notifications"
12100
12099
msgstr ""
12101
12100
12102
#: serverguide/C/other-apps.xml:283(para)
12101
#: serverguide/C/other-apps.xml:355(para)
12103
12102
msgid "Change the key binding set"
12104
12103
msgstr ""
12105
12104
12106
#: serverguide/C/other-apps.xml:284(para)
12105
#: serverguide/C/other-apps.xml:356(para)
12107
12106
msgid "Change the escape sequence"
12108
12107
msgstr ""
12109
12108
12110
#: serverguide/C/other-apps.xml:285(para)
12109
#: serverguide/C/other-apps.xml:357(para)
12111
12110
msgid "Create new windows"
12112
12111
msgstr ""
12113
12112
12114
#: serverguide/C/other-apps.xml:286(para)
12113
#: serverguide/C/other-apps.xml:358(para)
12115
12114
msgid "Manage the default windows"
12116
12115
msgstr ""
12117
12116
12118
#: serverguide/C/other-apps.xml:287(para)
12117
#: serverguide/C/other-apps.xml:359(para)
12119
12118
msgid "Byobu currently does not launch at login (toggle on)"
12120
12119
msgstr ""
12121
12120
12122
#: serverguide/C/other-apps.xml:290(para)
12121
#: serverguide/C/other-apps.xml:362(para)
12123
12122
msgid ""
12124
12123
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12125
12124
"sequence, new window, change window, etc. There are two key binding sets to "
12128
12127
"<emphasis>none</emphasis> set."
12129
12128
msgstr ""
12130
12129
12131
#: serverguide/C/other-apps.xml:296(para)
12130
#: serverguide/C/other-apps.xml:368(para)
12132
12131
msgid ""
12133
12132
"<application>byobu</application> provides a menu which displays the Ubuntu "
12134
12133
"release, processor information, memory information, and the time and date. "
12135
12134
"The effect is similar to a desktop menu."
12136
12135
msgstr ""
12137
12136
12138
#: serverguide/C/other-apps.xml:301(para)
12137
#: serverguide/C/other-apps.xml:373(para)
12139
12138
msgid ""
12140
12139
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12141
12140
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12144
12143
"affect other users on the system."
12145
12144
msgstr ""
12146
12145
12147
#: serverguide/C/other-apps.xml:307(para)
12146
#: serverguide/C/other-apps.xml:379(para)
12148
12147
msgid ""
12149
12148
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12150
12149
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12152
12151
"commands. Here is a quick list of movement commands:"
12153
12152
msgstr ""
12154
12153
12155
#: serverguide/C/other-apps.xml:314(para)
12154
#: serverguide/C/other-apps.xml:386(para)
12156
12155
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12157
12156
msgstr ""
12158
12157
12159
#: serverguide/C/other-apps.xml:315(para)
12158
#: serverguide/C/other-apps.xml:387(para)
12160
12159
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12161
12160
msgstr ""
12162
12161
12163
#: serverguide/C/other-apps.xml:316(para)
12162
#: serverguide/C/other-apps.xml:388(para)
12164
12163
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12165
12164
msgstr ""
12166
12165
12167
#: serverguide/C/other-apps.xml:317(para)
12166
#: serverguide/C/other-apps.xml:389(para)
12168
12167
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12169
12168
msgstr ""
12170
12169
12171
#: serverguide/C/other-apps.xml:318(para)
12170
#: serverguide/C/other-apps.xml:390(para)
12172
12171
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12173
12172
msgstr ""
12174
12173
12175
#: serverguide/C/other-apps.xml:319(para)
12174
#: serverguide/C/other-apps.xml:391(para)
12176
12175
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12177
12176
msgstr ""
12178
12177
12179
#: serverguide/C/other-apps.xml:320(para)
12178
#: serverguide/C/other-apps.xml:392(para)
12180
12179
msgid ""
12181
12180
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12182
12181
"the buffer)"
12183
12182
msgstr ""
12184
12183
12185
#: serverguide/C/other-apps.xml:321(para)
12184
#: serverguide/C/other-apps.xml:393(para)
12186
12185
msgid "<emphasis>/</emphasis> - Search forward"
12187
12186
msgstr ""
12188
12187
12189
#: serverguide/C/other-apps.xml:322(para)
12188
#: serverguide/C/other-apps.xml:394(para)
12190
12189
msgid "<emphasis>?</emphasis> - Search backward"
12191
12190
msgstr ""
12192
12191
12193
#: serverguide/C/other-apps.xml:401(para)
12192
#: serverguide/C/other-apps.xml:395(para)
12194
12193
msgid ""
12195
12194
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
12196
12195
msgstr ""
12197
12196
12198
#: serverguide/C/other-apps.xml:361(para)
12197
#: serverguide/C/other-apps.xml:403(para)
12199
12198
msgid ""
12200
12199
"For more information on <application>screen</application> see the <ulink "
12201
12200
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12202
12201
msgstr ""
12203
12202
12204
#: serverguide/C/other-apps.xml:366(para)
12203
#: serverguide/C/other-apps.xml:408(para)
12205
12204
msgid ""
12206
12205
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12207
12206
"screen</ulink> page."
12208
12207
msgstr ""
12209
12208
12210
#: serverguide/C/other-apps.xml:371(para)
12209
#: serverguide/C/other-apps.xml:413(para)
12211
12210
msgid ""
12212
12211
"Also, see the <application>byobu</application><ulink "
12213
12212
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12229
12228
"discussion of popular network protocols."
12230
12229
msgstr ""
12231
12230
12232
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
12231
#: serverguide/C/network-config.xml:25(title)
12233
12232
msgid "Network Configuration"
12234
12233
msgstr "Konfigurasi Jaringan"
12235
12234
12516
12515
"persistent way to do DNS client configuration is in a following section."
12517
12516
msgstr ""
12518
12517
12519
#: serverguide/C/network-config.xml:224(programlisting)
12518
#: serverguide/C/network-config.xml:226(programlisting)
12520
12519
#, no-wrap
12521
12520
msgid ""
12522
12521
"\n"
12524
12523
"nameserver 8.8.4.4\n"
12525
12524
msgstr ""
12526
12525
12527
#: serverguide/C/network-config.xml:228(para)
12526
#: serverguide/C/network-config.xml:230(para)
12528
12527
msgid ""
12529
12528
"If you no longer need this configuration and wish to purge all IP "
12530
12529
"configuration from an interface, you can use the "
12531
12530
"<application>ip</application> command with the flush option as shown below."
12532
12531
msgstr ""
12533
12532
12534
#: serverguide/C/network-config.xml:234(command)
12533
#: serverguide/C/network-config.xml:236(command)
12535
12534
msgid "ip addr flush eth0"
12536
12535
msgstr ""
12537
12536
12545
12544
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12546
12545
msgstr ""
12547
12546
12548
#: serverguide/C/network-config.xml:245(title)
12547
#: serverguide/C/network-config.xml:249(title)
12549
12548
msgid "Dynamic IP Address Assignment (DHCP Client)"
12550
12549
msgstr ""
12551
12550
12552
#: serverguide/C/network-config.xml:246(para)
12551
#: serverguide/C/network-config.xml:250(para)
12553
12552
msgid ""
12554
12553
"To configure your server to use DHCP for dynamic address assignment, add the "
12555
12554
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12559
12558
"role=\"italic\">eth0</emphasis>."
12560
12559
msgstr ""
12561
12560
12562
#: serverguide/C/network-config.xml:253(programlisting)
12561
#: serverguide/C/network-config.xml:257(programlisting)
12563
12562
#, no-wrap
12564
12563
msgid ""
12565
12564
"\n"
12567
12566
"iface eth0 inet dhcp\n"
12568
12567
msgstr ""
12569
12568
12570
#: serverguide/C/network-config.xml:257(para)
12569
#: serverguide/C/network-config.xml:261(para)
12571
12570
msgid ""
12572
12571
"By adding an interface configuration as shown above, you can manually enable "
12573
12572
"the interface through the <application>ifup</application> command which "
12574
12573
"initiates the DHCP process via <application>dhclient</application>."
12575
12574
msgstr ""
12576
12575
12577
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12576
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12578
12577
msgid "sudo ifup eth0"
12579
12578
msgstr ""
12580
12579
12581
#: serverguide/C/network-config.xml:265(para)
12580
#: serverguide/C/network-config.xml:269(para)
12582
12581
msgid ""
12583
12582
"To manually disable the interface, you can use the "
12584
12583
"<application>ifdown</application> command, which in turn will initiate the "
12585
12584
"DHCP release process and shut down the interface."
12586
12585
msgstr ""
12587
12586
12588
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12587
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12589
12588
msgid "sudo ifdown eth0"
12590
12589
msgstr ""
12591
12590
12592
#: serverguide/C/network-config.xml:276(title)
12591
#: serverguide/C/network-config.xml:280(title)
12593
12592
msgid "Static IP Address Assignment"
12594
12593
msgstr ""
12595
12594
12596
#: serverguide/C/network-config.xml:277(para)
12595
#: serverguide/C/network-config.xml:281(para)
12597
12596
msgid ""
12598
12597
"To configure your system to use a static IP address assignment, add the "
12599
12598
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12607
12606
"network."
12608
12607
msgstr ""
12609
12608
12610
#: serverguide/C/network-config.xml:286(programlisting)
12609
#: serverguide/C/network-config.xml:290(programlisting)
12611
12610
#, no-wrap
12612
12611
msgid ""
12613
12612
"\n"
12618
12617
"gateway 10.0.0.1\n"
12619
12618
msgstr ""
12620
12619
12621
#: serverguide/C/network-config.xml:293(para)
12620
#: serverguide/C/network-config.xml:297(para)
12622
12621
msgid ""
12623
12622
"By adding an interface configuration as shown above, you can manually enable "
12624
12623
"the interface through the <application>ifup</application> command."
12625
12624
msgstr ""
12626
12625
12627
#: serverguide/C/network-config.xml:300(para)
12626
#: serverguide/C/network-config.xml:304(para)
12628
12627
msgid ""
12629
12628
"To manually disable the interface, you can use the "
12630
12629
"<application>ifdown</application> command."
12631
12630
msgstr ""
12632
12631
12633
#: serverguide/C/network-config.xml:310(title)
12632
#: serverguide/C/network-config.xml:314(title)
12634
12633
msgid "Loopback Interface"
12635
12634
msgstr ""
12636
12635
12637
#: serverguide/C/network-config.xml:311(para)
12636
#: serverguide/C/network-config.xml:315(para)
12638
12637
msgid ""
12639
12638
"The loopback interface is identified by the system as <emphasis "
12640
12639
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12641
12640
"can be viewed using the ifconfig command."
12642
12641
msgstr ""
12643
12642
12644
#: serverguide/C/network-config.xml:316(command)
12643
#: serverguide/C/network-config.xml:320(command)
12645
12644
msgid "ifconfig lo"
12646
12645
msgstr ""
12647
12646
12648
#: serverguide/C/network-config.xml:317(computeroutput)
12647
#: serverguide/C/network-config.xml:321(computeroutput)
12649
12648
#, no-wrap
12650
12649
msgid ""
12651
12650
"lo Link encap:Local Loopback \n"
12658
12657
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12659
12658
msgstr ""
12660
12659
12661
#: serverguide/C/network-config.xml:326(para)
12660
#: serverguide/C/network-config.xml:330(para)
12662
12661
msgid ""
12663
12662
"By default, there should be two lines in "
12664
12663
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12667
12666
"example of the two default lines are shown below."
12668
12667
msgstr ""
12669
12668
12670
#: serverguide/C/network-config.xml:332(programlisting)
12669
#: serverguide/C/network-config.xml:336(programlisting)
12671
12670
#, no-wrap
12672
12671
msgid ""
12673
12672
"\n"
12675
12674
"iface lo inet loopback\n"
12676
12675
msgstr ""
12677
12676
12678
#: serverguide/C/network-config.xml:341(title)
12677
#: serverguide/C/network-config.xml:345(title)
12679
12678
msgid "Name Resolution"
12680
12679
msgstr ""
12681
12680
12682
#: serverguide/C/network-config.xml:342(para)
12681
#: serverguide/C/network-config.xml:346(para)
12683
12682
msgid ""
12684
12683
"Name resolution as it relates to IP networking is the process of mapping IP "
12685
12684
"addresses to hostnames, making it easier to identify resources on a network. "
12687
12686
"name resolution using DNS and static hostname records."
12688
12687
msgstr ""
12689
12688
12690
#: serverguide/C/network-config.xml:350(title)
12689
#: serverguide/C/network-config.xml:354(title)
12691
12690
msgid "DNS Client Configuration"
12692
12691
msgstr ""
12693
12692
12694
#: serverguide/C/network-config.xml:362(programlisting)
12693
#: serverguide/C/network-config.xml:366(programlisting)
12695
12694
#, no-wrap
12696
12695
msgid ""
12697
12696
"\n"
12724
12723
"following:"
12725
12724
msgstr ""
12726
12725
12727
#: serverguide/C/network-config.xml:373(programlisting)
12726
#: serverguide/C/network-config.xml:377(programlisting)
12728
12727
#, no-wrap
12729
12728
msgid ""
12730
12729
"\n"
12736
12735
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12737
12736
msgstr ""
12738
12737
12739
#: serverguide/C/network-config.xml:382(para)
12738
#: serverguide/C/network-config.xml:386(para)
12740
12739
msgid ""
12741
12740
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12742
12741
"multiple domain names so that DNS queries will be appended in the order in "
12747
12746
"role=\"italic\">dev.example.com</emphasis>."
12748
12747
msgstr ""
12749
12748
12750
#: serverguide/C/network-config.xml:389(para)
12749
#: serverguide/C/network-config.xml:393(para)
12751
12750
msgid ""
12752
12751
"If you have multiple domains you wish to search, your configuration might "
12753
12752
"look like the following:"
12754
12753
msgstr ""
12755
12754
12756
#: serverguide/C/network-config.xml:393(programlisting)
12755
#: serverguide/C/network-config.xml:397(programlisting)
12757
12756
#, no-wrap
12758
12757
msgid ""
12759
12758
"\n"
12765
12764
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12766
12765
msgstr ""
12767
12766
12768
#: serverguide/C/network-config.xml:402(para)
12767
#: serverguide/C/network-config.xml:406(para)
12769
12768
msgid ""
12770
12769
"If you try to ping a host with the name of <emphasis "
12771
12770
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12772
12771
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12773
12772
msgstr ""
12774
12773
12775
#: serverguide/C/network-config.xml:409(para)
12774
#: serverguide/C/network-config.xml:413(para)
12776
12775
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12777
12776
msgstr ""
12778
12777
12779
#: serverguide/C/network-config.xml:414(para)
12778
#: serverguide/C/network-config.xml:418(para)
12780
12779
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12781
12780
msgstr ""
12782
12781
12783
#: serverguide/C/network-config.xml:419(para)
12782
#: serverguide/C/network-config.xml:423(para)
12784
12783
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12785
12784
msgstr ""
12786
12785
12787
#: serverguide/C/network-config.xml:424(para)
12786
#: serverguide/C/network-config.xml:428(para)
12788
12787
msgid ""
12789
12788
"If no matches are found, the DNS server will provide a result of <emphasis "
12790
12789
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12791
12790
msgstr ""
12792
12791
12793
#: serverguide/C/network-config.xml:431(title)
12792
#: serverguide/C/network-config.xml:435(title)
12794
12793
msgid "Static Hostnames"
12795
12794
msgstr ""
12796
12795
12797
#: serverguide/C/network-config.xml:432(para)
12796
#: serverguide/C/network-config.xml:436(para)
12798
12797
msgid ""
12799
12798
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12800
12799
"file <filename>/etc/hosts</filename>. Entries in the "
12806
12805
"conveniently set to use static hostnames instead of DNS."
12807
12806
msgstr ""
12808
12807
12809
#: serverguide/C/network-config.xml:439(para)
12808
#: serverguide/C/network-config.xml:443(para)
12810
12809
msgid ""
12811
12810
"The following is an example of a <filename>hosts</filename> file where a "
12812
12811
"number of local servers have been identified by simple hostnames, aliases "
12813
12812
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12814
12813
msgstr ""
12815
12814
12816
#: serverguide/C/network-config.xml:443(programlisting)
12815
#: serverguide/C/network-config.xml:447(programlisting)
12817
12816
#, no-wrap
12818
12817
msgid ""
12819
12818
"\n"
12825
12824
"10.0.0.14\tserver4 server4.example.com file\n"
12826
12825
msgstr ""
12827
12826
12828
#: serverguide/C/network-config.xml:452(para)
12827
#: serverguide/C/network-config.xml:456(para)
12829
12828
msgid ""
12830
12829
"In the above example, notice that each of the servers have been given "
12831
12830
"aliases in addition to their proper names and FQDN's. <emphasis "
12838
12837
"role=\"italic\">file</emphasis>."
12839
12838
msgstr ""
12840
12839
12841
#: serverguide/C/network-config.xml:464(title)
12840
#: serverguide/C/network-config.xml:468(title)
12842
12841
msgid "Name Service Switch Configuration"
12843
12842
msgstr ""
12844
12843
12845
#: serverguide/C/network-config.xml:465(para)
12844
#: serverguide/C/network-config.xml:469(para)
12846
12845
msgid ""
12847
12846
"The order in which your system selects a method of resolving hostnames to IP "
12848
12847
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12853
12852
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12854
12853
msgstr ""
12855
12854
12856
#: serverguide/C/network-config.xml:473(programlisting)
12855
#: serverguide/C/network-config.xml:477(programlisting)
12857
12856
#, no-wrap
12858
12857
msgid ""
12859
12858
"\n"
12860
12859
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12861
12860
msgstr ""
12862
12861
12863
#: serverguide/C/network-config.xml:479(para)
12862
#: serverguide/C/network-config.xml:483(para)
12864
12863
msgid ""
12865
12864
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12866
12865
"hostnames located in <filename>/etc/hosts</filename>."
12867
12866
msgstr ""
12868
12867
12869
#: serverguide/C/network-config.xml:485(para)
12868
#: serverguide/C/network-config.xml:489(para)
12870
12869
msgid ""
12871
12870
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12872
12871
"name using Multicast DNS."
12873
12872
msgstr ""
12874
12873
12875
#: serverguide/C/network-config.xml:490(para)
12874
#: serverguide/C/network-config.xml:494(para)
12876
12875
msgid ""
12877
12876
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12878
12877
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12881
12880
"answer."
12882
12881
msgstr ""
12883
12882
12884
#: serverguide/C/network-config.xml:498(para)
12883
#: serverguide/C/network-config.xml:502(para)
12885
12884
msgid ""
12886
12885
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12887
12886
msgstr ""
12888
12887
12889
#: serverguide/C/network-config.xml:503(para)
12888
#: serverguide/C/network-config.xml:507(para)
12890
12889
msgid ""
12891
12890
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12892
12891
msgstr ""
12893
12892
12894
#: serverguide/C/network-config.xml:509(para)
12893
#: serverguide/C/network-config.xml:513(para)
12895
12894
msgid ""
12896
12895
"To modify the order of the above mentioned name resolution methods, you can "
12897
12896
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12900
12899
"<filename>/etc/nsswitch.conf</filename> as shown below."
12901
12900
msgstr ""
12902
12901
12903
#: serverguide/C/network-config.xml:516(programlisting)
12902
#: serverguide/C/network-config.xml:520(programlisting)
12904
12903
#, no-wrap
12905
12904
msgid ""
12906
12905
"\n"
12907
12906
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12908
12907
msgstr ""
12909
12908
12910
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12909
#: serverguide/C/network-config.xml:527(title)
12911
12910
msgid "Bridging"
12912
12911
msgstr ""
12913
12912
12914
#: serverguide/C/network-config.xml:525(para)
12913
#: serverguide/C/network-config.xml:529(para)
12915
12914
msgid ""
12916
12915
"Bridging multiple interfaces is a more advanced configuration, but is very "
12917
12916
"useful in multiple scenarios. One scenario is setting up a bridge with "
12921
12920
"The following example covers the latter scenario."
12922
12921
msgstr ""
12923
12922
12924
#: serverguide/C/network-config.xml:532(para)
12923
#: serverguide/C/network-config.xml:536(para)
12925
12924
msgid ""
12926
12925
"Before configuring a bridge you will need to install the <application>bridge-"
12927
12926
"utils</application> package. To install the package, in a terminal enter:"
12928
12927
msgstr ""
12929
12928
12930
#: serverguide/C/network-config.xml:541(para)
12929
#: serverguide/C/network-config.xml:545(para)
12931
12930
msgid ""
12932
12931
"Next, configure the bridge by editing "
12933
12932
"<filename>/etc/network/interfaces</filename>:"
12934
12933
msgstr ""
12935
12934
12936
#: serverguide/C/network-config.xml:545(programlisting)
12935
#: serverguide/C/network-config.xml:549(programlisting)
12937
12936
#, no-wrap
12938
12937
msgid ""
12939
12938
"\n"
12954
12953
" bridge_stp off\n"
12955
12954
msgstr ""
12956
12955
12957
#: serverguide/C/network-config.xml:564(para)
12956
#: serverguide/C/network-config.xml:568(para)
12958
12957
msgid "Enter the appropriate values for your physical interface and network."
12959
12958
msgstr ""
12960
12959
12966
12965
msgid "sudo ifup br0"
12967
12966
msgstr ""
12968
12967
12969
#: serverguide/C/network-config.xml:576(para)
12968
#: serverguide/C/network-config.xml:580(para)
12970
12969
msgid ""
12971
12970
"The new bridge interface should now be up and running. The "
12972
12971
"<application>brctl</application> provides useful information about the state "
12974
12973
"<command>man brctl</command> for more information."
12975
12974
msgstr ""
12976
12975
12977
#: serverguide/C/network-config.xml:592(para)
12976
#: serverguide/C/network-config.xml:596(para)
12978
12977
msgid ""
12979
12978
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12980
12979
"Network page</ulink> has links to articles covering more advanced network "
12981
12980
"configuration."
12982
12981
msgstr ""
12983
12982
12984
#: serverguide/C/network-config.xml:598(para)
12983
#: serverguide/C/network-config.xml:602(para)
12985
12984
msgid ""
12986
12985
"The <ulink "
12987
12986
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12988
12987
" man page</ulink> has more information on resolvconf."
12989
12988
msgstr ""
12990
12989
12991
#: serverguide/C/network-config.xml:604(para)
12990
#: serverguide/C/network-config.xml:608(para)
12992
12991
msgid ""
12993
12992
"The <ulink "
12994
12993
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12996
12995
"<filename>/etc/network/interfaces</filename>."
12997
12996
msgstr ""
12998
12997
12999
#: serverguide/C/network-config.xml:610(para)
12998
#: serverguide/C/network-config.xml:614(para)
13000
12999
msgid ""
13001
13000
"The <ulink "
13002
13001
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
13004
13003
"settings."
13005
13004
msgstr ""
13006
13005
13007
#: serverguide/C/network-config.xml:616(para)
13006
#: serverguide/C/network-config.xml:620(para)
13008
13007
msgid ""
13009
13008
"For more information on DNS client configuration see the <ulink "
13010
13009
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
13023
13022
"\">Networking-Bridge</ulink> page."
13024
13023
msgstr ""
13025
13024
13026
#: serverguide/C/network-config.xml:635(title)
13025
#: serverguide/C/network-config.xml:639(title)
13027
13026
msgid "TCP/IP"
13028
13027
msgstr "TCP/IP"
13029
13028
13030
#: serverguide/C/network-config.xml:636(para)
13029
#: serverguide/C/network-config.xml:640(para)
13031
13030
msgid ""
13032
13031
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
13033
13032
"standard set of protocols developed in the late 1970s by the Defense "
13037
13036
"network protocols on Earth."
13038
13037
msgstr ""
13039
13038
13040
#: serverguide/C/network-config.xml:644(title)
13039
#: serverguide/C/network-config.xml:648(title)
13041
13040
msgid "TCP/IP Introduction"
13042
13041
msgstr "Pengenalan TCP/IP"
13043
13042
13044
#: serverguide/C/network-config.xml:645(para)
13043
#: serverguide/C/network-config.xml:649(para)
13045
13044
msgid ""
13046
13045
"The two protocol components of TCP/IP deal with different aspects of "
13047
13046
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
13056
13055
"host."
13057
13056
msgstr ""
13058
13057
13059
#: serverguide/C/network-config.xml:658(title)
13058
#: serverguide/C/network-config.xml:662(title)
13060
13059
msgid "TCP/IP Configuration"
13061
13060
msgstr "Konfigurasi TCP/IP"
13062
13061
13063
#: serverguide/C/network-config.xml:659(para)
13062
#: serverguide/C/network-config.xml:663(para)
13064
13063
msgid ""
13065
13064
"The TCP/IP protocol configuration consists of several elements which must be "
13066
13065
"set by editing the appropriate configuration files, or deploying solutions "
13071
13070
"system."
13072
13071
msgstr ""
13073
13072
13074
#: serverguide/C/network-config.xml:671(para)
13073
#: serverguide/C/network-config.xml:675(para)
13075
13074
msgid ""
13076
13075
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
13077
13076
"identifying string expressed as four decimal numbers ranging from zero (0) "
13081
13080
"<emphasis>dotted quad notation</emphasis>."
13082
13081
msgstr ""
13083
13082
13084
#: serverguide/C/network-config.xml:681(para)
13083
#: serverguide/C/network-config.xml:685(para)
13085
13084
msgid ""
13086
13085
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13087
13086
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13092
13091
"remain available for specifying hosts on the subnetwork."
13093
13092
msgstr ""
13094
13093
13095
#: serverguide/C/network-config.xml:692(para)
13094
#: serverguide/C/network-config.xml:696(para)
13096
13095
msgid ""
13097
13096
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13098
13097
"represents the bytes comprising the network portion of an IP address. For "
13105
13104
"network and a zero (0) for all the possible hosts on the network."
13106
13105
msgstr ""
13107
13106
13108
#: serverguide/C/network-config.xml:705(para)
13107
#: serverguide/C/network-config.xml:709(para)
13109
13108
msgid ""
13110
13109
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13111
13110
"is an IP address which allows network data to be sent simultaneously to all "
13119
13118
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
13120
13119
msgstr ""
13121
13120
13122
#: serverguide/C/network-config.xml:718(para)
13121
#: serverguide/C/network-config.xml:722(para)
13123
13122
msgid ""
13124
13123
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13125
13124
"IP address through which a particular network, or host on a network, may be "
13132
13131
"not be able to reach any hosts beyond those on the same network."
13133
13132
msgstr ""
13134
13133
13135
#: serverguide/C/network-config.xml:729(para)
13134
#: serverguide/C/network-config.xml:733(para)
13136
13135
msgid ""
13137
13136
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13138
13137
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13158
13157
"command typed at a terminal prompt:"
13159
13158
msgstr ""
13160
13159
13161
#: serverguide/C/network-config.xml:750(para)
13160
#: serverguide/C/network-config.xml:754(para)
13162
13161
msgid ""
13163
13162
"Access the system manual page for <filename>interfaces</filename> with the "
13164
13163
"following command:"
13166
13165
"Jalanan perintah berikut untuk mengakses sistem halaman manual untuk "
13167
13166
"<filename>interfaces</filename>:"
13168
13167
13169
#: serverguide/C/network-config.xml:755(command)
13168
#: serverguide/C/network-config.xml:759(command)
13170
13169
msgid "man interfaces"
13171
13170
msgstr "man interfaces"
13172
13171
13173
#: serverguide/C/network-config.xml:667(para)
13172
#: serverguide/C/network-config.xml:671(para)
13174
13173
msgid ""
13175
13174
"The common configuration elements of TCP/IP and their purposes are as "
13176
13175
"follows: <placeholder-1/>"
13178
13177
"Komponen-komponen umum konfigurasi TCP/IP dan kegunaannya adalah sebagai "
13179
13178
"berikut: <placeholder-1/>"
13180
13179
13181
#: serverguide/C/network-config.xml:771(title)
13180
#: serverguide/C/network-config.xml:767(title)
13182
13181
msgid "IP Routing"
13183
13182
msgstr "Routing IP"
13184
13183
13185
#: serverguide/C/network-config.xml:772(para)
13184
#: serverguide/C/network-config.xml:768(para)
13186
13185
msgid ""
13187
13186
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13188
13187
"network along which network data may be sent. Routing uses a set of "
13193
13192
"<emphasis>Dynamic Routing.</emphasis>"
13194
13193
msgstr ""
13195
13194
13196
#: serverguide/C/network-config.xml:781(para)
13195
#: serverguide/C/network-config.xml:777(para)
13197
13196
msgid ""
13198
13197
"Static routing involves manually adding IP routes to the system's routing "
13199
13198
"table, and this is usually done by manipulating the routing table with the "
13208
13207
"and failures along the route due to the fixed nature of the route."
13209
13208
msgstr ""
13210
13209
13211
#: serverguide/C/network-config.xml:791(para)
13210
#: serverguide/C/network-config.xml:787(para)
13212
13211
msgid ""
13213
13212
"Dynamic routing depends on large networks with multiple possible IP routes "
13214
13213
"from a source to a destination and makes use of special routing protocols, "
13225
13224
"immediately benefit the end users, but still consumes network bandwidth."
13226
13225
msgstr ""
13227
13226
13228
#: serverguide/C/network-config.xml:805(title)
13227
#: serverguide/C/network-config.xml:801(title)
13229
13228
msgid "TCP and UDP"
13230
13229
msgstr "TCP dan UDP"
13231
13230
13232
#: serverguide/C/network-config.xml:806(para)
13231
#: serverguide/C/network-config.xml:802(para)
13233
13232
msgid ""
13234
13233
"TCP is a connection-based protocol, offering error correction and guaranteed "
13235
13234
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13240
13239
"important information such as database transactions."
13241
13240
msgstr ""
13242
13241
13243
#: serverguide/C/network-config.xml:814(para)
13242
#: serverguide/C/network-config.xml:810(para)
13244
13243
msgid ""
13245
13244
"The User Datagram Protocol (UDP), on the other hand, is a "
13246
13245
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13251
13250
"loss of a few packets is not generally catastrophic."
13252
13251
msgstr ""
13253
13252
13254
#: serverguide/C/network-config.xml:824(title)
13253
#: serverguide/C/network-config.xml:820(title)
13255
13254
msgid "ICMP"
13256
13255
msgstr "ICMP"
13257
13256
13258
#: serverguide/C/network-config.xml:825(para)
13257
#: serverguide/C/network-config.xml:821(para)
13259
13258
msgid ""
13260
13259
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13261
13260
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13268
13267
"<emphasis>Time Exceeded</emphasis>."
13269
13268
msgstr ""
13270
13269
13271
#: serverguide/C/network-config.xml:835(title)
13270
#: serverguide/C/network-config.xml:831(title)
13272
13271
msgid "Daemons"
13273
13272
msgstr "Daemons"
13274
13273
13275
#: serverguide/C/network-config.xml:836(para)
13274
#: serverguide/C/network-config.xml:832(para)
13276
13275
msgid ""
13277
13276
"Daemons are special system applications which typically execute continuously "
13278
13277
"in the background and await requests for the functions they provide from "
13295
13294
"that contain more useful information."
13296
13295
msgstr ""
13297
13296
13298
#: serverguide/C/network-config.xml:857(para)
13297
#: serverguide/C/network-config.xml:853(para)
13299
13298
msgid ""
13300
13299
"Also, see the <ulink "
13301
13300
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13302
13301
"and Technical Overview</ulink> IBM Redbook."
13303
13302
msgstr ""
13304
13303
13305
#: serverguide/C/network-config.xml:863(para)
13304
#: serverguide/C/network-config.xml:859(para)
13306
13305
msgid ""
13307
13306
"Another resource is O'Reilly's <ulink "
13308
13307
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13309
13308
"Administration</ulink>."
13310
13309
msgstr ""
13311
13310
13312
#: serverguide/C/network-config.xml:872(title)
13311
#: serverguide/C/network-config.xml:868(title)
13313
13312
msgid "Dynamic Host Configuration Protocol (DHCP)"
13314
13313
msgstr "Dynamic Host Configuration Protocol (DHCP)"
13315
13314
13316
#: serverguide/C/network-config.xml:873(para)
13315
#: serverguide/C/network-config.xml:869(para)
13317
13316
msgid ""
13318
13317
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13319
13318
"enables host computers to be automatically assigned settings from a server "
13322
13321
"DHCP server, and the configuration is transparent to the computer's user."
13323
13322
msgstr ""
13324
13323
13325
#: serverguide/C/network-config.xml:880(para)
13324
#: serverguide/C/network-config.xml:876(para)
13326
13325
msgid ""
13327
13326
"The most common settings provided by a DHCP server to DHCP clients include:"
13328
13327
msgstr ""
13329
13328
"Pengaturan umum yang di sediakan oleh server DHCP kepada klient DHCP "
13330
13329
"termasuk:"
13331
13330
13332
#: serverguide/C/network-config.xml:885(para)
13331
#: serverguide/C/network-config.xml:881(para)
13333
13332
msgid "IP address and netmask"
13334
13333
msgstr ""
13335
13334
13336
#: serverguide/C/network-config.xml:888(para)
13335
#: serverguide/C/network-config.xml:884(para)
13337
13336
msgid "IP address of the default-gateway to use"
13338
13337
msgstr ""
13339
13338
13340
#: serverguide/C/network-config.xml:891(para)
13339
#: serverguide/C/network-config.xml:887(para)
13341
13340
msgid "IP adresses of the DNS servers to use"
13342
13341
msgstr ""
13343
13342
13344
#: serverguide/C/network-config.xml:894(para)
13343
#: serverguide/C/network-config.xml:890(para)
13345
13344
msgid ""
13346
13345
"However, a DHCP server can also supply configuration properties such as:"
13347
13346
msgstr ""
13348
13347
"Akan tetapi, server DHCP juga dapat menyediakan properti konfigurasi seperti:"
13349
13348
13350
#: serverguide/C/network-config.xml:899(para)
13349
#: serverguide/C/network-config.xml:895(para)
13351
13350
msgid "Host Name"
13352
13351
msgstr "Host Name"
13353
13352
13354
#: serverguide/C/network-config.xml:902(para)
13353
#: serverguide/C/network-config.xml:898(para)
13355
13354
msgid "Domain Name"
13356
13355
msgstr "Nama Domain"
13357
13356
13358
#: serverguide/C/network-config.xml:905(para)
13357
#: serverguide/C/network-config.xml:901(para)
13359
13358
msgid "Time Server"
13360
13359
msgstr "Time Server"
13361
13360
13362
#: serverguide/C/network-config.xml:911(para)
13361
#: serverguide/C/network-config.xml:907(para)
13363
13362
msgid ""
13364
13363
"The advantage of using DHCP is that changes to the network, for example a "
13365
13364
"change in the address of the DNS server, need only be changed at the DHCP "
13370
13369
"also reduced."
13371
13370
msgstr ""
13372
13371
13373
#: serverguide/C/network-config.xml:919(para)
13372
#: serverguide/C/network-config.xml:915(para)
13374
13373
msgid ""
13375
13374
"A DHCP server can provide configuration settings using the following methods:"
13376
13375
msgstr ""
13377
13376
13378
#: serverguide/C/network-config.xml:924(term)
13377
#: serverguide/C/network-config.xml:920(term)
13379
13378
msgid "Manual allocation (MAC address)"
13380
13379
msgstr ""
13381
13380
13382
#: serverguide/C/network-config.xml:926(para)
13381
#: serverguide/C/network-config.xml:922(para)
13383
13382
msgid ""
13384
13383
"This method entails using DHCP to identify the unique hardware address of "
13385
13384
"each network card connected to the network and then continually supplying a "
13388
13387
"assigned automatically to that network card, based on it's MAC address."
13389
13388
msgstr ""
13390
13389
13391
#: serverguide/C/network-config.xml:937(term)
13390
#: serverguide/C/network-config.xml:933(term)
13392
13391
msgid "Dynamic allocation (address pool)"
13393
13392
msgstr ""
13394
13393
13406
13405
"renegociate the lease with the server to maintain use of the address."
13407
13406
msgstr ""
13408
13407
13409
#: serverguide/C/network-config.xml:952(term)
13408
#: serverguide/C/network-config.xml:949(term)
13410
13409
msgid "Automatic allocation"
13411
13410
msgstr ""
13412
13411
13413
#: serverguide/C/network-config.xml:954(para)
13412
#: serverguide/C/network-config.xml:951(para)
13414
13413
msgid ""
13415
13414
"Using this method, the DHCP automatically assigns an IP address permanently "
13416
13415
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13432
13431
"and configure and will be automatically started at system boot."
13433
13432
msgstr ""
13434
13433
13435
#: serverguide/C/network-config.xml:976(para)
13434
#: serverguide/C/network-config.xml:974(para)
13436
13435
msgid ""
13437
13436
"At a terminal prompt, enter the following command to install "
13438
13437
"<application>dhcpd</application>:"
13440
13439
"Dalam terminal promp, masukkan perintah berikut untuk menginstall "
13441
13440
"<application>dhcpd</application>:"
13442
13441
13443
#: serverguide/C/network-config.xml:981(command)
13442
#: serverguide/C/network-config.xml:979(command)
13444
13443
msgid "sudo apt-get install isc-dhcp-server"
13445
13444
msgstr ""
13446
13445
13447
#: serverguide/C/network-config.xml:983(para)
13446
#: serverguide/C/network-config.xml:981(para)
13448
13447
msgid ""
13449
13448
"You will probably need to change the default configuration by editing "
13450
13449
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13451
13450
msgstr ""
13452
13451
13453
#: serverguide/C/network-config.xml:987(para)
13452
#: serverguide/C/network-config.xml:985(para)
13454
13453
msgid ""
13455
13454
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13456
13455
"interfaces dhcpd should listen to."
13457
13456
msgstr ""
13458
13457
13459
#: serverguide/C/network-config.xml:991(para)
13458
#: serverguide/C/network-config.xml:989(para)
13460
13459
msgid ""
13461
13460
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13462
13461
"messages."
13463
13462
msgstr ""
13464
13463
13465
#: serverguide/C/network-config.xml:998(para)
13464
#: serverguide/C/network-config.xml:996(para)
13466
13465
msgid ""
13467
13466
"The error message the installation ends with might be a little confusing, "
13468
13467
"but the following steps will help you configure the service:"
13469
13468
msgstr ""
13470
13469
13471
#: serverguide/C/network-config.xml:1002(para)
13470
#: serverguide/C/network-config.xml:1000(para)
13472
13471
msgid ""
13473
13472
"Most commonly, what you want to do is assign an IP address randomly. This "
13474
13473
"can be done with settings as follows:"
13475
13474
msgstr ""
13476
13475
13477
#: serverguide/C/network-config.xml:1006(programlisting)
13476
#: serverguide/C/network-config.xml:1004(programlisting)
13478
13477
#, no-wrap
13479
13478
msgid ""
13480
13479
"\n"
13490
13489
"} \n"
13491
13490
msgstr ""
13492
13491
13493
#: serverguide/C/network-config.xml:1018(para)
13492
#: serverguide/C/network-config.xml:1016(para)
13494
13493
msgid ""
13495
13494
"This will result in the DHCP server giving clients an IP address from the "
13496
13495
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13500
13499
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13501
13500
msgstr ""
13502
13501
13503
#: serverguide/C/network-config.xml:1026(para)
13502
#: serverguide/C/network-config.xml:1024(para)
13504
13503
msgid ""
13505
13504
"After changing the config file you have to restart the "
13506
13505
"<application>dhcpd</application>:"
13510
13509
msgid "sudo service isc-dhcp-server restart"
13511
13510
msgstr ""
13512
13511
13513
#: serverguide/C/network-config.xml:1039(para)
13512
#: serverguide/C/network-config.xml:1037(para)
13514
13513
msgid ""
13515
13514
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13516
13515
"server Ubuntu Wiki</ulink> page has more information."
13523
13522
"dhcpd.conf man page</ulink>."
13524
13523
msgstr ""
13525
13524
13526
#: serverguide/C/network-config.xml:1051(ulink)
13525
#: serverguide/C/network-config.xml:1049(ulink)
13527
13526
msgid "ISC dhcp-server"
13528
13527
msgstr ""
13529
13528
13530
#: serverguide/C/network-config.xml:1060(title)
13529
#: serverguide/C/network-config.xml:1058(title)
13531
13530
msgid "Time Synchronisation with NTP"
13532
13531
msgstr "Sinkhronisasi Waktu dengan NTP"
13533
13532
13534
#: serverguide/C/network-config.xml:1061(para)
13533
#: serverguide/C/network-config.xml:1059(para)
13535
13534
msgid ""
13536
13535
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13537
13536
"client requests the current time from a server, and uses it to set its own "
13541
13540
"mendasar dari sisi klien meminta nilai waktu di server, dan diset di "
13542
13541
"komputer sisi klien."
13543
13542
13544
#: serverguide/C/network-config.xml:1064(para)
13543
#: serverguide/C/network-config.xml:1062(para)
13545
13544
msgid ""
13546
13545
"Behind this simple description, there is a lot of complexity - there are "
13547
13546
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13553
13552
"from you!"
13554
13553
msgstr ""
13555
13554
13556
#: serverguide/C/network-config.xml:1067(para)
13555
#: serverguide/C/network-config.xml:1065(para)
13557
13556
msgid "Ubuntu uses ntpdate and ntpd."
13558
13557
msgstr ""
13559
13558
13560
#: serverguide/C/network-config.xml:1072(title)
13559
#: serverguide/C/network-config.xml:1070(title)
13561
13560
msgid "ntpdate"
13562
13561
msgstr "ntpdate"
13563
13562
13564
#: serverguide/C/network-config.xml:1073(para)
13563
#: serverguide/C/network-config.xml:1071(para)
13565
13564
msgid ""
13566
13565
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13567
13566
"set up your time according to Ubuntu's NTP server."
13568
13567
msgstr ""
13569
13568
13570
#: serverguide/C/network-config.xml:1076(programlisting)
13569
#: serverguide/C/network-config.xml:1074(programlisting)
13571
13570
#, no-wrap
13572
13571
msgid ""
13573
13572
"\n"
13574
13573
"ntpdate -s ntp.ubuntu.com\n"
13575
13574
msgstr ""
13576
13575
13577
#: serverguide/C/network-config.xml:1082(title)
13576
#: serverguide/C/network-config.xml:1080(title)
13578
13577
msgid "ntpd"
13579
13578
msgstr "ntpd"
13580
13579
13581
#: serverguide/C/network-config.xml:1083(para)
13580
#: serverguide/C/network-config.xml:1081(para)
13582
13581
msgid ""
13583
13582
"The ntp daemon ntpd calculates the drift of your system clock and "
13584
13583
"continuously adjusts it, so there are no large corrections that could lead "
13586
13585
"memory, but for a modern server this is negligible."
13587
13586
msgstr ""
13588
13587
13589
#: serverguide/C/network-config.xml:1090(para)
13588
#: serverguide/C/network-config.xml:1088(para)
13590
13589
msgid "To install ntpd, from a terminal prompt enter:"
13591
13590
msgstr ""
13592
13591
13593
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13592
#: serverguide/C/network-config.xml:1093(command)
13594
13593
msgid "sudo apt-get install ntp"
13595
13594
msgstr ""
13596
13595
13597
#: serverguide/C/network-config.xml:1102(para)
13596
#: serverguide/C/network-config.xml:1100(para)
13598
13597
msgid ""
13599
13598
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13600
13599
"default these servers are configured:"
13601
13600
msgstr ""
13602
13601
13603
#: serverguide/C/network-config.xml:1107(programlisting)
13602
#: serverguide/C/network-config.xml:1105(programlisting)
13604
13603
#, no-wrap
13605
13604
msgid ""
13606
13605
"\n"
13613
13612
"server 3.ubuntu.pool.ntp.org\n"
13614
13613
msgstr ""
13615
13614
13616
#: serverguide/C/network-config.xml:1117(para)
13615
#: serverguide/C/network-config.xml:1115(para)
13617
13616
msgid ""
13618
13617
"After changing the config file you have to reload the "
13619
13618
"<application>ntpd</application>:"
13623
13622
msgid "sudo service ntp reload"
13624
13623
msgstr ""
13625
13624
13626
#: serverguide/C/network-config.xml:1126(title)
13625
#: serverguide/C/network-config.xml:1124(title)
13627
13626
msgid "View status"
13628
13627
msgstr ""
13629
13628
13631
13630
msgid "Use ntpq to see more info:"
13632
13631
msgstr ""
13633
13632
13634
#: serverguide/C/network-config.xml:1131(command)
13633
#: serverguide/C/network-config.xml:1129(command)
13635
13634
msgid "# sudo ntpq -p"
13636
13635
msgstr ""
13637
13636
13638
#: serverguide/C/network-config.xml:1132(computeroutput)
13637
#: serverguide/C/network-config.xml:1130(computeroutput)
13639
13638
#, no-wrap
13640
13639
msgid ""
13641
13640
" remote refid st t when poll reach delay offset "
13654
13653
"92.792"
13655
13654
msgstr ""
13656
13655
13657
#: serverguide/C/network-config.xml:1147(para)
13656
#: serverguide/C/network-config.xml:1145(para)
13658
13657
msgid ""
13659
13658
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13660
13659
"Time</ulink> wiki page for more information."
13661
13660
msgstr ""
13662
13661
13663
#: serverguide/C/network-config.xml:1153(ulink)
13662
#: serverguide/C/network-config.xml:1151(ulink)
13664
13663
msgid "ntp.org, home of the Network Time Protocol project"
13665
13664
msgstr ""
13666
13665
13682
13681
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13683
13682
"querying and modifying a X.500-based directory service running over TCP/IP. "
13684
13683
"The current LDAP version is LDAPv3, as defined in <ulink "
13685
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13686
"implementation used in Ubuntu is from OpenLDAP."
13684
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13685
"implementation in Ubuntu is OpenLDAP.\""
13687
13686
msgstr ""
13688
13687
13689
#: serverguide/C/network-auth.xml:27(para)
13688
#: serverguide/C/network-auth.xml:29(para)
13690
13689
msgid ""
13691
13690
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13692
13691
"and terms:"
13693
13692
msgstr ""
13694
13693
13695
#: serverguide/C/network-auth.xml:34(para)
13694
#: serverguide/C/network-auth.xml:36(para)
13696
13695
msgid ""
13697
13696
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13698
13697
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13699
13698
msgstr ""
13700
13699
13701
#: serverguide/C/network-auth.xml:41(para)
13700
#: serverguide/C/network-auth.xml:43(para)
13702
13701
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13703
13702
msgstr ""
13704
13703
13705
#: serverguide/C/network-auth.xml:47(para)
13704
#: serverguide/C/network-auth.xml:49(para)
13706
13705
msgid ""
13707
13706
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13708
13707
"more <emphasis>values</emphasis>."
13709
13708
msgstr ""
13710
13709
13711
#: serverguide/C/network-auth.xml:53(para)
13710
#: serverguide/C/network-auth.xml:55(para)
13712
13711
msgid ""
13713
13712
"Every attribute must be defined in at least one "
13714
13713
"<emphasis>objectClass</emphasis>."
13715
13714
msgstr ""
13716
13715
13717
#: serverguide/C/network-auth.xml:59(para)
13716
#: serverguide/C/network-auth.xml:61(para)
13718
13717
msgid ""
13719
13718
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13720
13719
"objectclass is actually considered as a special kind of attribute)."
13721
13720
msgstr ""
13722
13721
13723
#: serverguide/C/network-auth.xml:66(para)
13722
#: serverguide/C/network-auth.xml:68(para)
13724
13723
msgid ""
13725
13724
"Each entry has a unique identifier: its <emphasis>Distinguished "
13726
13725
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13727
13726
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13728
13727
msgstr ""
13729
13728
13730
#: serverguide/C/network-auth.xml:73(para)
13729
#: serverguide/C/network-auth.xml:75(para)
13731
13730
msgid ""
13732
13731
"The entry's DN is not an attribute. It is not considered part of the entry "
13733
13732
"itself."
13734
13733
msgstr ""
13735
13734
13736
#: serverguide/C/network-auth.xml:81(para)
13735
#: serverguide/C/network-auth.xml:83(para)
13737
13736
msgid ""
13738
13737
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13739
13738
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13741
13740
"term."
13742
13741
msgstr ""
13743
13742
13744
#: serverguide/C/network-auth.xml:87(para)
13743
#: serverguide/C/network-auth.xml:89(para)
13745
13744
msgid ""
13746
13745
"For example, below we have a single entry consisting of 11 attributes where "
13747
13746
"the following is true:"
13748
13747
msgstr ""
13749
13748
13750
#: serverguide/C/network-auth.xml:94(para)
13749
#: serverguide/C/network-auth.xml:96(para)
13751
13750
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13752
13751
msgstr ""
13753
13752
13754
#: serverguide/C/network-auth.xml:100(para)
13753
#: serverguide/C/network-auth.xml:102(para)
13755
13754
msgid "RDN is \"cn=John Doe\""
13756
13755
msgstr ""
13757
13756
13758
#: serverguide/C/network-auth.xml:106(para)
13757
#: serverguide/C/network-auth.xml:108(para)
13759
13758
msgid "parent DN is \"dc=example,dc=com\""
13760
13759
msgstr ""
13761
13760
13762
#: serverguide/C/network-auth.xml:113(programlisting)
13761
#: serverguide/C/network-auth.xml:115(programlisting)
13763
13762
#, no-wrap
13764
13763
msgid ""
13765
13764
"\n"
13777
13776
" objectClass: top\n"
13778
13777
msgstr ""
13779
13778
13780
#: serverguide/C/network-auth.xml:128(para)
13779
#: serverguide/C/network-auth.xml:130(para)
13781
13780
msgid ""
13782
13781
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13783
13782
"Interchange Format). Any information that you feed into your DIT must also "
13785
13784
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13786
13785
msgstr ""
13787
13786
13788
#: serverguide/C/network-auth.xml:133(para)
13787
#: serverguide/C/network-auth.xml:135(para)
13789
13788
msgid ""
13790
13789
"Although this guide will describe how to use it for central authentication, "
13791
13790
"LDAP is good for anything that involves a large number of access requests to "
13793
13792
"address book, a list of email addresses, and a mail server's configuration."
13794
13793
msgstr ""
13795
13794
13796
#: serverguide/C/network-auth.xml:142(para)
13795
#: serverguide/C/network-auth.xml:144(para)
13797
13796
msgid ""
13798
13797
"Install the OpenLDAP server daemon and the traditional LDAP management "
13799
13798
"utilities. These are found in packages <application>slapd</application> and "
13800
13799
"<application>ldap-utils</application> respectively."
13801
13800
msgstr ""
13802
13801
13803
#: serverguide/C/network-auth.xml:147(para)
13802
#: serverguide/C/network-auth.xml:149(para)
13804
13803
msgid ""
13805
13804
"The installation of slapd will create a working configuration. In "
13806
13805
"particular, it will create a database instance that you can use to store "
13812
13811
"a line similar to this:"
13813
13812
msgstr ""
13814
13813
13815
#: serverguide/C/network-auth.xml:155(programlisting)
13814
#: serverguide/C/network-auth.xml:157(programlisting)
13816
13815
#, no-wrap
13817
13816
msgid ""
13818
13817
"\n"
13819
13818
"127.0.1.1 hostname.example.com\thostname\n"
13820
13819
msgstr ""
13821
13820
13822
#: serverguide/C/network-auth.xml:159(para)
13821
#: serverguide/C/network-auth.xml:161(para)
13823
13822
msgid "You can revert the change after package installation."
13824
13823
msgstr ""
13825
13824
13826
#: serverguide/C/network-auth.xml:164(para)
13825
#: serverguide/C/network-auth.xml:166(para)
13827
13826
msgid ""
13828
13827
"This guide will use a database suffix of "
13829
13828
"<emphasis>dc=example,dc=com</emphasis>."
13830
13829
msgstr ""
13831
13830
13832
#: serverguide/C/network-auth.xml:169(para)
13831
#: serverguide/C/network-auth.xml:171(para)
13833
13832
msgid "Proceed with the install:"
13834
13833
msgstr ""
13835
13834
13836
#: serverguide/C/network-auth.xml:174(command)
13835
#: serverguide/C/network-auth.xml:176(command)
13837
13836
msgid "sudo apt-get install slapd ldap-utils"
13838
13837
msgstr ""
13839
13838
13840
#: serverguide/C/network-auth.xml:177(para)
13839
#: serverguide/C/network-auth.xml:179(para)
13841
13840
msgid ""
13842
13841
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13843
13842
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13850
13849
"will be eventually phased out."
13851
13850
msgstr ""
13852
13851
13853
#: serverguide/C/network-auth.xml:186(para)
13852
#: serverguide/C/network-auth.xml:188(para)
13854
13853
msgid ""
13855
13854
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13856
13855
"configuration and this guide reflects that."
13857
13856
msgstr ""
13858
13857
13859
#: serverguide/C/network-auth.xml:192(para)
13858
#: serverguide/C/network-auth.xml:194(para)
13860
13859
msgid ""
13861
13860
"During the install you were prompted to define administrative credentials. "
13862
13861
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13867
13866
"will see how to do this later on."
13868
13867
msgstr ""
13869
13868
13870
#: serverguide/C/network-auth.xml:199(para)
13869
#: serverguide/C/network-auth.xml:201(para)
13871
13870
msgid ""
13872
13871
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13873
13872
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13874
13873
"schema to work."
13875
13874
msgstr ""
13876
13875
13877
#: serverguide/C/network-auth.xml:207(title)
13876
#: serverguide/C/network-auth.xml:209(title)
13878
13877
msgid "Post-install Inspection"
13879
13878
msgstr ""
13880
13879
13881
#: serverguide/C/network-auth.xml:209(para)
13880
#: serverguide/C/network-auth.xml:211(para)
13882
13881
msgid ""
13883
13882
"The installation process set up 2 DITs. One for slapd-config and one for "
13884
13883
"your own data (dc=example,dc=com). Let's take a look."
13885
13884
msgstr ""
13886
13885
13887
#: serverguide/C/network-auth.xml:216(para)
13886
#: serverguide/C/network-auth.xml:218(para)
13888
13887
msgid ""
13889
13888
"This is what the slapd-config database/DIT looks like. Recall that this "
13890
13889
"database is LDIF-based and lives under "
13891
13890
"<filename>/etc/ldap/slapd.d</filename>:"
13892
13891
msgstr ""
13893
13892
13894
#: serverguide/C/network-auth.xml:222(computeroutput)
13893
#: serverguide/C/network-auth.xml:224(computeroutput)
13895
13894
#, no-wrap
13896
13895
msgid ""
13897
13896
"\n"
13911
13910
" /etc/ldap/slapd.d/cn=config.ldif\n"
13912
13911
msgstr ""
13913
13912
13914
#: serverguide/C/network-auth.xml:242(para)
13913
#: serverguide/C/network-auth.xml:243(para)
13915
13914
msgid ""
13916
13915
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13917
13916
"protocol (utilities)."
13918
13917
msgstr ""
13919
13918
13920
#: serverguide/C/network-auth.xml:250(para)
13919
#: serverguide/C/network-auth.xml:251(para)
13921
13920
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13922
13921
msgstr ""
13923
13922
13924
#: serverguide/C/network-auth.xml:254(para)
13923
#: serverguide/C/network-auth.xml:256(para)
13925
13924
msgid ""
13926
13925
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13927
13926
"work due to a <ulink "
13929
13928
"ulink>"
13930
13929
msgstr ""
13931
13930
13932
#: serverguide/C/network-auth.xml:255(command)
13931
#: serverguide/C/network-auth.xml:262(command)
13933
13932
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13934
13933
msgstr ""
13935
13934
13936
#: serverguide/C/network-auth.xml:256(computeroutput)
13935
#: serverguide/C/network-auth.xml:263(computeroutput)
13937
13936
#, no-wrap
13938
13937
msgid ""
13939
13938
"\n"
13960
13959
"dn: olcDatabase={1}hdb,cn=config\n"
13961
13960
msgstr ""
13962
13961
13963
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13962
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13964
13963
msgid "Explanation of entries:"
13965
13964
msgstr ""
13966
13965
13967
#: serverguide/C/network-auth.xml:288(para)
13966
#: serverguide/C/network-auth.xml:295(para)
13968
13967
msgid "<emphasis>cn=config</emphasis>: global settings"
13969
13968
msgstr ""
13970
13969
13971
#: serverguide/C/network-auth.xml:294(para)
13970
#: serverguide/C/network-auth.xml:301(para)
13972
13971
msgid ""
13973
13972
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13974
13973
msgstr ""
13975
13974
13976
#: serverguide/C/network-auth.xml:300(para)
13975
#: serverguide/C/network-auth.xml:307(para)
13977
13976
msgid ""
13978
13977
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13979
13978
"schema"
13980
13979
msgstr ""
13981
13980
13982
#: serverguide/C/network-auth.xml:306(para)
13981
#: serverguide/C/network-auth.xml:313(para)
13983
13982
msgid ""
13984
13983
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13985
13984
"schema"
13986
13985
msgstr ""
13987
13986
13988
#: serverguide/C/network-auth.xml:312(para)
13987
#: serverguide/C/network-auth.xml:319(para)
13989
13988
msgid ""
13990
13989
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13991
13990
msgstr ""
13992
13991
13993
#: serverguide/C/network-auth.xml:318(para)
13992
#: serverguide/C/network-auth.xml:325(para)
13994
13993
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13995
13994
msgstr ""
13996
13995
13997
#: serverguide/C/network-auth.xml:324(para)
13996
#: serverguide/C/network-auth.xml:331(para)
13998
13997
msgid ""
13999
13998
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
14000
13999
"inetorgperson schema"
14001
14000
msgstr ""
14002
14001
14003
#: serverguide/C/network-auth.xml:330(para)
14002
#: serverguide/C/network-auth.xml:337(para)
14004
14003
msgid ""
14005
14004
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
14006
14005
"type"
14007
14006
msgstr ""
14008
14007
14009
#: serverguide/C/network-auth.xml:336(para)
14008
#: serverguide/C/network-auth.xml:343(para)
14010
14009
msgid ""
14011
14010
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
14012
14011
"default settings for other databases"
14013
14012
msgstr ""
14014
14013
14015
#: serverguide/C/network-auth.xml:342(para)
14014
#: serverguide/C/network-auth.xml:349(para)
14016
14015
msgid ""
14017
14016
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
14018
14017
"database (cn=config)"
14019
14018
msgstr ""
14020
14019
14021
#: serverguide/C/network-auth.xml:348(para)
14020
#: serverguide/C/network-auth.xml:355(para)
14022
14021
msgid ""
14023
14022
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
14024
14023
"(dc=examle,dc=com)"
14025
14024
msgstr ""
14026
14025
14027
#: serverguide/C/network-auth.xml:359(para)
14026
#: serverguide/C/network-auth.xml:366(para)
14028
14027
msgid "This is what the dc=example,dc=com DIT looks like:"
14029
14028
msgstr ""
14030
14029
14031
#: serverguide/C/network-auth.xml:364(command)
14030
#: serverguide/C/network-auth.xml:371(command)
14032
14031
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
14033
14032
msgstr ""
14034
14033
14035
#: serverguide/C/network-auth.xml:365(computeroutput)
14034
#: serverguide/C/network-auth.xml:372(computeroutput)
14036
14035
#, no-wrap
14037
14036
msgid ""
14038
14037
"\n"
14041
14040
"dn: cn=admin,dc=example,dc=com\n"
14042
14041
msgstr ""
14043
14042
14044
#: serverguide/C/network-auth.xml:379(para)
14043
#: serverguide/C/network-auth.xml:386(para)
14045
14044
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
14046
14045
msgstr ""
14047
14046
14048
#: serverguide/C/network-auth.xml:385(para)
14047
#: serverguide/C/network-auth.xml:392(para)
14049
14048
msgid ""
14050
14049
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
14051
14050
"this DIT (set up during package install)"
14052
14051
msgstr ""
14053
14052
14054
#: serverguide/C/network-auth.xml:399(title)
14053
#: serverguide/C/network-auth.xml:406(title)
14055
14054
msgid "Modifying/Populating your Database"
14056
14055
msgstr ""
14057
14056
14058
#: serverguide/C/network-auth.xml:401(para)
14057
#: serverguide/C/network-auth.xml:408(para)
14059
14058
msgid ""
14060
14059
"Let's introduce some content to our database. We will add the following:"
14061
14060
msgstr ""
14062
14061
14063
#: serverguide/C/network-auth.xml:408(para)
14062
#: serverguide/C/network-auth.xml:415(para)
14064
14063
msgid "a node called <emphasis>People</emphasis> (to store users)"
14065
14064
msgstr ""
14066
14065
14067
#: serverguide/C/network-auth.xml:414(para)
14066
#: serverguide/C/network-auth.xml:421(para)
14068
14067
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
14069
14068
msgstr ""
14070
14069
14071
#: serverguide/C/network-auth.xml:420(para)
14070
#: serverguide/C/network-auth.xml:427(para)
14072
14071
msgid "a group called <emphasis>miners</emphasis>"
14073
14072
msgstr ""
14074
14073
14075
#: serverguide/C/network-auth.xml:426(para)
14074
#: serverguide/C/network-auth.xml:433(para)
14076
14075
msgid "a user called <emphasis>john</emphasis>"
14077
14076
msgstr ""
14078
14077
14079
#: serverguide/C/network-auth.xml:433(para)
14078
#: serverguide/C/network-auth.xml:440(para)
14080
14079
msgid ""
14081
14080
"Create the following LDIF file and call it "
14082
14081
"<filename>add_content.ldif</filename>:"
14083
14082
msgstr ""
14084
14083
14085
#: serverguide/C/network-auth.xml:437(programlisting)
14084
#: serverguide/C/network-auth.xml:444(programlisting)
14086
14085
#, no-wrap
14087
14086
msgid ""
14088
14087
"\n"
14116
14115
"homeDirectory: /home/john\n"
14117
14116
msgstr ""
14118
14117
14119
#: serverguide/C/network-auth.xml:469(para)
14118
#: serverguide/C/network-auth.xml:476(para)
14120
14119
msgid ""
14121
14120
"It's important that uid and gid values in your directory do not collide with "
14122
14121
"local values. Use high number ranges, such as starting at 5000. By setting "
14124
14123
"what can be done with a local user vs a ldap one. More on that later."
14125
14124
msgstr ""
14126
14125
14127
#: serverguide/C/network-auth.xml:477(para)
14126
#: serverguide/C/network-auth.xml:484(para)
14128
14127
msgid "Add the content:"
14129
14128
msgstr ""
14130
14129
14131
#: serverguide/C/network-auth.xml:482(command)
14130
#: serverguide/C/network-auth.xml:489(command)
14132
14131
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
14133
14132
msgstr ""
14134
14133
14135
#: serverguide/C/network-auth.xml:484(application)
14134
#: serverguide/C/network-auth.xml:491(application)
14136
14135
msgid "********"
14137
14136
msgstr ""
14138
14137
14139
#: serverguide/C/network-auth.xml:483(computeroutput)
14138
#: serverguide/C/network-auth.xml:490(computeroutput)
14140
14139
#, no-wrap
14141
14140
msgid ""
14142
14141
"\n"
14150
14149
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
14151
14150
msgstr ""
14152
14151
14153
#: serverguide/C/network-auth.xml:495(para)
14152
#: serverguide/C/network-auth.xml:502(para)
14154
14153
msgid ""
14155
14154
"We can check that the information has been correctly added with the "
14156
14155
"<application>ldapsearch</application> utility:"
14157
14156
msgstr ""
14158
14157
14159
#: serverguide/C/network-auth.xml:500(command)
14158
#: serverguide/C/network-auth.xml:507(command)
14160
14159
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
14161
14160
msgstr ""
14162
14161
14163
#: serverguide/C/network-auth.xml:501(computeroutput)
14162
#: serverguide/C/network-auth.xml:508(computeroutput)
14164
14163
#, no-wrap
14165
14164
msgid ""
14166
14165
"\n"
14169
14168
"gidNumber: 5000\n"
14170
14169
msgstr ""
14171
14170
14172
#: serverguide/C/network-auth.xml:508(para)
14171
#: serverguide/C/network-auth.xml:515(para)
14173
14172
msgid "Explanation of switches:"
14174
14173
msgstr ""
14175
14174
14176
#: serverguide/C/network-auth.xml:515(para)
14175
#: serverguide/C/network-auth.xml:522(para)
14177
14176
msgid ""
14178
14177
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
14179
14178
"method"
14180
14179
msgstr ""
14181
14180
14182
#: serverguide/C/network-auth.xml:521(para)
14181
#: serverguide/C/network-auth.xml:528(para)
14183
14182
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
14184
14183
msgstr ""
14185
14184
14186
#: serverguide/C/network-auth.xml:527(para)
14185
#: serverguide/C/network-auth.xml:534(para)
14187
14186
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
14188
14187
msgstr ""
14189
14188
14190
#: serverguide/C/network-auth.xml:533(para)
14189
#: serverguide/C/network-auth.xml:540(para)
14191
14190
msgid ""
14192
14191
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
14193
14192
"displayed (the default is to show all attributes)"
14194
14193
msgstr ""
14195
14194
14196
#: serverguide/C/network-auth.xml:543(title)
14195
#: serverguide/C/network-auth.xml:550(title)
14197
14196
msgid "Modifying the slapd Configuration Database"
14198
14197
msgstr ""
14199
14198
14200
#: serverguide/C/network-auth.xml:545(para)
14199
#: serverguide/C/network-auth.xml:552(para)
14201
14200
msgid ""
14202
14201
"The slapd-config DIT can also be queried and modified. Here are a few "
14203
14202
"examples."
14204
14203
msgstr ""
14205
14204
14206
#: serverguide/C/network-auth.xml:552(para)
14205
#: serverguide/C/network-auth.xml:559(para)
14207
14206
msgid ""
14208
14207
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
14209
14208
"attribute) to your <application>{1}hdb,cn=config</application> database "
14211
14210
"<filename>uid_index.ldif</filename>, with the following contents:"
14212
14211
msgstr ""
14213
14212
14214
#: serverguide/C/network-auth.xml:557(programlisting)
14213
#: serverguide/C/network-auth.xml:564(programlisting)
14215
14214
#, no-wrap
14216
14215
msgid ""
14217
14216
"\n"
14220
14219
"olcDbIndex: uid eq,pres,sub\n"
14221
14220
msgstr ""
14222
14221
14223
#: serverguide/C/network-auth.xml:563(para)
14222
#: serverguide/C/network-auth.xml:570(para)
14224
14223
msgid "Then issue the command:"
14225
14224
msgstr ""
14226
14225
14227
#: serverguide/C/network-auth.xml:568(command)
14226
#: serverguide/C/network-auth.xml:575(command)
14228
14227
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14229
14228
msgstr ""
14230
14229
14231
#: serverguide/C/network-auth.xml:569(computeroutput)
14230
#: serverguide/C/network-auth.xml:576(computeroutput)
14232
14231
#, no-wrap
14233
14232
msgid ""
14234
14233
"\n"
14235
14234
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14236
14235
msgstr ""
14237
14236
14238
#: serverguide/C/network-auth.xml:574(para)
14237
#: serverguide/C/network-auth.xml:581(para)
14239
14238
msgid "You can confirm the change in this way:"
14240
14239
msgstr ""
14241
14240
14242
#: serverguide/C/network-auth.xml:579(command)
14241
#: serverguide/C/network-auth.xml:586(command)
14243
14242
msgid ""
14244
14243
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14245
14244
"'(olcDatabase={1}hdb)' olcDbIndex"
14246
14245
msgstr ""
14247
14246
14248
#: serverguide/C/network-auth.xml:581(computeroutput)
14247
#: serverguide/C/network-auth.xml:588(computeroutput)
14249
14248
#, no-wrap
14250
14249
msgid ""
14251
14250
"\n"
14254
14253
"olcDbIndex: uid eq,pres,sub\n"
14255
14254
msgstr ""
14256
14255
14257
#: serverguide/C/network-auth.xml:591(para)
14256
#: serverguide/C/network-auth.xml:598(para)
14258
14257
msgid ""
14259
14258
"Let's add a schema. It will first need to be converted to LDIF format. You "
14260
14259
"can find unconverted schemas in addition to converted ones in the <filename "
14261
14260
"role=\"directory\">/etc/ldap/schema</filename> directory."
14262
14261
msgstr ""
14263
14262
14264
#: serverguide/C/network-auth.xml:599(para)
14263
#: serverguide/C/network-auth.xml:606(para)
14265
14264
msgid ""
14266
14265
"It is not trivial to remove a schema from the slapd-config database. "
14267
14266
"Practice adding schemas on a test system."
14268
14267
msgstr ""
14269
14268
14270
#: serverguide/C/network-auth.xml:605(para)
14269
#: serverguide/C/network-auth.xml:612(para)
14271
14270
msgid ""
14272
14271
"Before adding any schema, you should check which schemas are already "
14273
14272
"installed (shown is a default, out-of-the-box output):"
14274
14273
msgstr ""
14275
14274
14276
#: serverguide/C/network-auth.xml:611(command)
14275
#: serverguide/C/network-auth.xml:618(command)
14277
14276
msgid ""
14278
14277
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
14279
14278
msgstr ""
14280
14279
14281
#: serverguide/C/network-auth.xml:613(computeroutput)
14280
#: serverguide/C/network-auth.xml:620(computeroutput)
14282
14281
#, no-wrap
14283
14282
msgid ""
14284
14283
"\n"
14293
14292
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14294
14293
msgstr ""
14295
14294
14296
#: serverguide/C/network-auth.xml:630(para)
14295
#: serverguide/C/network-auth.xml:637(para)
14297
14296
msgid "In the following example we'll add the CORBA schema."
14298
14297
msgstr ""
14299
14298
14300
#: serverguide/C/network-auth.xml:637(para)
14299
#: serverguide/C/network-auth.xml:644(para)
14301
14300
msgid ""
14302
14301
"Create the conversion configuration file "
14303
14302
"<filename>schema_convert.conf</filename> containing the following lines:"
14304
14303
msgstr ""
14305
14304
14306
#: serverguide/C/network-auth.xml:642(programlisting)
14305
#: serverguide/C/network-auth.xml:649(programlisting)
14307
14306
#, no-wrap
14308
14307
msgid ""
14309
14308
"\n"
14323
14322
"include /etc/ldap/schema/pmi.schema\n"
14324
14323
msgstr ""
14325
14324
14326
#: serverguide/C/network-auth.xml:662(para)
14325
#: serverguide/C/network-auth.xml:669(para)
14327
14326
msgid "Create the output directory <filename>ldif_output</filename>."
14328
14327
msgstr ""
14329
14328
14330
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14329
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14331
14330
msgid "Determine the index of the schema:"
14332
14331
msgstr ""
14333
14332
14334
#: serverguide/C/network-auth.xml:673(command)
14333
#: serverguide/C/network-auth.xml:680(command)
14335
14334
msgid ""
14336
14335
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14337
14336
msgstr ""
14338
14337
14339
#: serverguide/C/network-auth.xml:674(computeroutput)
14338
#: serverguide/C/network-auth.xml:681(computeroutput)
14340
14339
#, no-wrap
14341
14340
msgid ""
14342
14341
"\n"
14343
14342
"cn={1}corba,cn=schema,cn=config\n"
14344
14343
msgstr ""
14345
14344
14346
#: serverguide/C/network-auth.xml:685(para)
14345
#: serverguide/C/network-auth.xml:687(para)
14347
14346
msgid ""
14348
14347
"When slapd ingests objects with the same parent DN it will create an "
14349
14348
"<emphasis>index</emphasis> for that object. An index is contained within "
14350
14349
"braces: <application>{X}</application>."
14351
14350
msgstr ""
14352
14351
14353
#: serverguide/C/network-auth.xml:689(para)
14352
#: serverguide/C/network-auth.xml:696(para)
14354
14353
msgid "Use <application>slapcat</application> to perform the conversion:"
14355
14354
msgstr ""
14356
14355
14357
#: serverguide/C/network-auth.xml:694(command)
14356
#: serverguide/C/network-auth.xml:701(command)
14358
14357
msgid ""
14359
14358
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14360
14359
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14361
14360
msgstr ""
14362
14361
14363
#: serverguide/C/network-auth.xml:698(para)
14362
#: serverguide/C/network-auth.xml:705(para)
14364
14363
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14365
14364
msgstr ""
14366
14365
14367
#: serverguide/C/network-auth.xml:704(para)
14366
#: serverguide/C/network-auth.xml:711(para)
14368
14367
msgid ""
14369
14368
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14370
14369
"attributes:"
14371
14370
msgstr ""
14372
14371
14373
#: serverguide/C/network-auth.xml:708(programlisting)
14372
#: serverguide/C/network-auth.xml:715(programlisting)
14374
14373
#, no-wrap
14375
14374
msgid ""
14376
14375
"\n"
14379
14378
"cn: corba\n"
14380
14379
msgstr ""
14381
14380
14382
#: serverguide/C/network-auth.xml:714(para)
14381
#: serverguide/C/network-auth.xml:721(para)
14383
14382
msgid "Also remove the following lines from the bottom:"
14384
14383
msgstr ""
14385
14384
14386
#: serverguide/C/network-auth.xml:718(programlisting)
14385
#: serverguide/C/network-auth.xml:725(programlisting)
14387
14386
#, no-wrap
14388
14387
msgid ""
14389
14388
"\n"
14396
14395
"modifyTimestamp: 20110829165435Z\n"
14397
14396
msgstr ""
14398
14397
14399
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14398
#: serverguide/C/network-auth.xml:735(para) serverguide/C/network-auth.xml:2374(para)
14400
14399
msgid "Your attribute values will vary."
14401
14400
msgstr ""
14402
14401
14403
#: serverguide/C/network-auth.xml:734(para)
14402
#: serverguide/C/network-auth.xml:741(para)
14404
14403
msgid ""
14405
14404
"Finally, use <application>ldapadd</application> to add the new schema to the "
14406
14405
"slapd-config DIT:"
14407
14406
msgstr ""
14408
14407
14409
#: serverguide/C/network-auth.xml:739(command)
14408
#: serverguide/C/network-auth.xml:746(command)
14410
14409
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14411
14410
msgstr ""
14412
14411
14413
#: serverguide/C/network-auth.xml:740(computeroutput)
14412
#: serverguide/C/network-auth.xml:747(computeroutput)
14414
14413
#, no-wrap
14415
14414
msgid ""
14416
14415
"\n"
14417
14416
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14418
14417
msgstr ""
14419
14418
14420
#: serverguide/C/network-auth.xml:748(para)
14419
#: serverguide/C/network-auth.xml:755(para)
14421
14420
msgid "Confirm currently loaded schemas:"
14422
14421
msgstr ""
14423
14422
14424
#: serverguide/C/network-auth.xml:753(command)
14423
#: serverguide/C/network-auth.xml:760(command)
14425
14424
msgid ""
14426
14425
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14427
14426
msgstr ""
14428
14427
14429
#: serverguide/C/network-auth.xml:754(computeroutput)
14428
#: serverguide/C/network-auth.xml:761(computeroutput)
14430
14429
#, no-wrap
14431
14430
msgid ""
14432
14431
"\n"
14443
14442
"dn: cn={4}corba,cn=schema,cn=config\n"
14444
14443
msgstr ""
14445
14444
14446
#: serverguide/C/network-auth.xml:778(para)
14445
#: serverguide/C/network-auth.xml:785(para)
14447
14446
msgid ""
14448
14447
"For external applications and clients to authenticate using LDAP they will "
14449
14448
"each need to be specifically configured to do so. Refer to the appropriate "
14450
14449
"client-side documentation for details."
14451
14450
msgstr ""
14452
14451
14453
#: serverguide/C/network-auth.xml:789(para)
14452
#: serverguide/C/network-auth.xml:796(para)
14454
14453
msgid ""
14455
14454
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14456
14455
"based solution yet it must be manually enabled after software installation. "
14458
14457
"any other slapd configuration, is enabled via the slapd-config database."
14459
14458
msgstr ""
14460
14459
14461
#: serverguide/C/network-auth.xml:795(para)
14460
#: serverguide/C/network-auth.xml:802(para)
14462
14461
msgid ""
14463
14462
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14464
14463
"containing the lower one (additive). A good level to try is "
14468
14467
"different subsystems."
14469
14468
msgstr ""
14470
14469
14471
#: serverguide/C/network-auth.xml:801(para)
14470
#: serverguide/C/network-auth.xml:808(para)
14472
14471
msgid ""
14473
14472
"Create the file <filename>logging.ldif</filename> with the following "
14474
14473
"contents:"
14475
14474
msgstr ""
14476
14475
14477
#: serverguide/C/network-auth.xml:805(programlisting)
14476
#: serverguide/C/network-auth.xml:812(programlisting)
14478
14477
#, no-wrap
14479
14478
msgid ""
14480
14479
"\n"
14484
14483
"olcLogLevel: stats\n"
14485
14484
msgstr ""
14486
14485
14487
#: serverguide/C/network-auth.xml:812(para)
14486
#: serverguide/C/network-auth.xml:819(para)
14488
14487
msgid "Implement the change:"
14489
14488
msgstr ""
14490
14489
14491
#: serverguide/C/network-auth.xml:817(command)
14490
#: serverguide/C/network-auth.xml:824(command)
14492
14491
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14493
14492
msgstr ""
14494
14493
14495
#: serverguide/C/network-auth.xml:820(para)
14494
#: serverguide/C/network-auth.xml:827(para)
14496
14495
msgid ""
14497
14496
"This will produce a significant amount of logging and you will want to "
14498
14497
"throttle back to a less verbose level once your system is in production. "
14500
14499
"hard time keeping up and may drop messages:"
14501
14500
msgstr ""
14502
14501
14503
#: serverguide/C/network-auth.xml:826(programlisting)
14502
#: serverguide/C/network-auth.xml:833(programlisting)
14504
14503
#, no-wrap
14505
14504
msgid ""
14506
14505
"\n"
14508
14507
"limiting\n"
14509
14508
msgstr ""
14510
14509
14511
#: serverguide/C/network-auth.xml:830(para)
14510
#: serverguide/C/network-auth.xml:837(para)
14512
14511
msgid ""
14513
14512
"You may consider a change to rsyslog's configuration. In "
14514
14513
"<filename>/etc/rsyslog.conf</filename>, put:"
14515
14514
msgstr ""
14516
14515
14517
#: serverguide/C/network-auth.xml:834(programlisting)
14516
#: serverguide/C/network-auth.xml:841(programlisting)
14518
14517
#, no-wrap
14519
14518
msgid ""
14520
14519
"\n"
14523
14522
"$SystemLogRateLimitInterval 0\n"
14524
14523
msgstr ""
14525
14524
14526
#: serverguide/C/network-auth.xml:840(para)
14525
#: serverguide/C/network-auth.xml:847(para)
14527
14526
msgid "And then restart the rsyslog daemon:"
14528
14527
msgstr ""
14529
14528
14530
#: serverguide/C/network-auth.xml:845(command)
14529
#: serverguide/C/network-auth.xml:852(command)
14531
14530
msgid "sudo service rsyslog restart"
14532
14531
msgstr ""
14533
14532
14534
#: serverguide/C/network-auth.xml:851(title)
14533
#: serverguide/C/network-auth.xml:858(title)
14535
14534
msgid "Replication"
14536
14535
msgstr ""
14537
14536
14538
#: serverguide/C/network-auth.xml:853(para)
14537
#: serverguide/C/network-auth.xml:860(para)
14539
14538
msgid ""
14540
14539
"The LDAP service becomes increasingly important as more networked systems "
14541
14540
"begin to depend on it. In such an environment, it is standard practice to "
14544
14543
"replication</emphasis>."
14545
14544
msgstr ""
14546
14545
14547
#: serverguide/C/network-auth.xml:859(para)
14546
#: serverguide/C/network-auth.xml:866(para)
14548
14547
msgid ""
14549
14548
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14550
14549
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14556
14555
"be sent, not entire entries."
14557
14556
msgstr ""
14558
14557
14559
#: serverguide/C/network-auth.xml:868(title)
14558
#: serverguide/C/network-auth.xml:875(title)
14560
14559
msgid "Provider Configuration"
14561
14560
msgstr ""
14562
14561
14563
#: serverguide/C/network-auth.xml:870(para)
14562
#: serverguide/C/network-auth.xml:877(para)
14564
14563
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14565
14564
msgstr ""
14566
14565
14567
#: serverguide/C/network-auth.xml:877(para)
14566
#: serverguide/C/network-auth.xml:884(para)
14568
14567
msgid ""
14569
14568
"Create an LDIF file with the following contents and name it "
14570
14569
"<filename>provider_sync.ldif</filename>:"
14571
14570
msgstr ""
14572
14571
14573
#: serverguide/C/network-auth.xml:881(programlisting)
14572
#: serverguide/C/network-auth.xml:888(programlisting)
14574
14573
#, no-wrap
14575
14574
msgid ""
14576
14575
"\n"
14632
14631
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14633
14632
msgstr ""
14634
14633
14635
#: serverguide/C/network-auth.xml:940(para)
14634
#: serverguide/C/network-auth.xml:947(para)
14636
14635
msgid ""
14637
14636
"Change the rootDN in the LDIF file to match the one you have for your "
14638
14637
"directory."
14639
14638
msgstr ""
14640
14639
14641
#: serverguide/C/network-auth.xml:947(para)
14640
#: serverguide/C/network-auth.xml:954(para)
14642
14641
msgid ""
14643
14642
"The <application>apparmor</application> profile for slapd will not need to "
14644
14643
"be adjusted for the accesslog database location since "
14645
14644
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14646
14645
msgstr ""
14647
14646
14648
#: serverguide/C/network-auth.xml:952(programlisting)
14647
#: serverguide/C/network-auth.xml:959(programlisting)
14649
14648
#, no-wrap
14650
14649
msgid ""
14651
14650
"\n"
14653
14652
"/var/lib/ldap/** rwk,\n"
14654
14653
msgstr ""
14655
14654
14656
#: serverguide/C/network-auth.xml:957(para)
14655
#: serverguide/C/network-auth.xml:964(para)
14657
14656
msgid ""
14658
14657
"Create a directory, set up a databse config file, and reload the apparmor "
14659
14658
"profile:"
14660
14659
msgstr ""
14661
14660
14662
#: serverguide/C/network-auth.xml:962(command)
14661
#: serverguide/C/network-auth.xml:969(command)
14663
14662
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14664
14663
msgstr ""
14665
14664
14666
#: serverguide/C/network-auth.xml:963(command)
14665
#: serverguide/C/network-auth.xml:970(command)
14667
14666
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14668
14667
msgstr ""
14669
14668
14670
#: serverguide/C/network-auth.xml:970(para)
14669
#: serverguide/C/network-auth.xml:977(para)
14671
14670
msgid ""
14672
14671
"Add the new content and, due to the apparmor change, restart the daemon:"
14673
14672
msgstr ""
14674
14673
14675
#: serverguide/C/network-auth.xml:975(command)
14674
#: serverguide/C/network-auth.xml:982(command)
14676
14675
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14677
14676
msgstr ""
14678
14677
14679
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14678
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14680
14679
msgid "sudo service slapd restart"
14681
14680
msgstr ""
14682
14681
14683
#: serverguide/C/network-auth.xml:983(para)
14682
#: serverguide/C/network-auth.xml:990(para)
14684
14683
msgid "The Provider is now configured."
14685
14684
msgstr ""
14686
14685
14687
#: serverguide/C/network-auth.xml:990(title)
14686
#: serverguide/C/network-auth.xml:997(title)
14688
14687
msgid "Consumer Configuration"
14689
14688
msgstr ""
14690
14689
14691
#: serverguide/C/network-auth.xml:992(para)
14690
#: serverguide/C/network-auth.xml:999(para)
14692
14691
msgid "And now configure the <emphasis>Consumer</emphasis>."
14693
14692
msgstr ""
14694
14693
14695
#: serverguide/C/network-auth.xml:999(para)
14694
#: serverguide/C/network-auth.xml:1006(para)
14696
14695
msgid ""
14697
14696
"Install the software by going through <xref linkend=\"openldap-server-"
14698
14697
"installation\"/>. Make sure the slapd-config databse is identical to the "
14700
14699
"same."
14701
14700
msgstr ""
14702
14701
14703
#: serverguide/C/network-auth.xml:1006(para)
14702
#: serverguide/C/network-auth.xml:1013(para)
14704
14703
msgid ""
14705
14704
"Create an LDIF file with the following contents and name it "
14706
14705
"<filename>consumer_sync.ldif</filename>:"
14707
14706
msgstr ""
14708
14707
14709
#: serverguide/C/network-auth.xml:1010(programlisting)
14708
#: serverguide/C/network-auth.xml:1017(programlisting)
14710
14709
#, no-wrap
14711
14710
msgid ""
14712
14711
"\n"
14733
14732
"olcUpdateRef: ldap://ldap01.example.com\n"
14734
14733
msgstr ""
14735
14734
14736
#: serverguide/C/network-auth.xml:1031(para)
14735
#: serverguide/C/network-auth.xml:1038(para)
14737
14736
msgid "Ensure the following attributes have the correct values:"
14738
14737
msgstr ""
14739
14738
14740
#: serverguide/C/network-auth.xml:1036(para)
14739
#: serverguide/C/network-auth.xml:1043(para)
14741
14740
msgid ""
14742
14741
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14743
14742
"ldap01.example.com in this example -- or IP address)"
14744
14743
msgstr ""
14745
14744
14746
#: serverguide/C/network-auth.xml:1037(para)
14745
#: serverguide/C/network-auth.xml:1044(para)
14747
14746
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14748
14747
msgstr ""
14749
14748
14750
#: serverguide/C/network-auth.xml:1038(para)
14749
#: serverguide/C/network-auth.xml:1045(para)
14751
14750
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14752
14751
msgstr ""
14753
14752
14754
#: serverguide/C/network-auth.xml:1039(para)
14753
#: serverguide/C/network-auth.xml:1046(para)
14755
14754
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14756
14755
msgstr ""
14757
14756
14758
#: serverguide/C/network-auth.xml:1040(para)
14757
#: serverguide/C/network-auth.xml:1047(para)
14759
14758
msgid ""
14760
14759
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14761
14760
msgstr ""
14762
14761
14763
#: serverguide/C/network-auth.xml:1041(para)
14762
#: serverguide/C/network-auth.xml:1048(para)
14764
14763
msgid ""
14765
14764
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14766
14765
"replica. Each consumer should have at least one rid)"
14767
14766
msgstr ""
14768
14767
14769
#: serverguide/C/network-auth.xml:1050(para)
14768
#: serverguide/C/network-auth.xml:1057(para)
14770
14769
msgid "Add the new content:"
14771
14770
msgstr ""
14772
14771
14773
#: serverguide/C/network-auth.xml:1055(command)
14772
#: serverguide/C/network-auth.xml:1062(command)
14774
14773
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14775
14774
msgstr ""
14776
14775
14777
#: serverguide/C/network-auth.xml:1062(para)
14776
#: serverguide/C/network-auth.xml:1069(para)
14778
14777
msgid ""
14779
14778
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14780
14779
"synchronizing."
14781
14780
msgstr ""
14782
14781
14783
#: serverguide/C/network-auth.xml:1071(para)
14782
#: serverguide/C/network-auth.xml:1078(para)
14784
14783
msgid "Once replication starts, you can monitor it by running"
14785
14784
msgstr ""
14786
14785
14787
#: serverguide/C/network-auth.xml:1081(command)
14786
#: serverguide/C/network-auth.xml:1083(command)
14788
14787
msgid ""
14789
14788
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14790
14789
"contextCSN"
14791
14790
msgstr ""
14792
14791
14793
#: serverguide/C/network-auth.xml:1077(computeroutput)
14792
#: serverguide/C/network-auth.xml:1084(computeroutput)
14794
14793
#, no-wrap
14795
14794
msgid ""
14796
14795
"\n"
14798
14797
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14799
14798
msgstr ""
14800
14799
14801
#: serverguide/C/network-auth.xml:1083(para)
14800
#: serverguide/C/network-auth.xml:1090(para)
14802
14801
msgid ""
14803
14802
"on both the provider and the consumer. Once the output "
14804
14803
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14807
14806
"the one in the consumer(s)."
14808
14807
msgstr ""
14809
14808
14810
#: serverguide/C/network-auth.xml:1092(para)
14809
#: serverguide/C/network-auth.xml:1099(para)
14811
14810
msgid ""
14812
14811
"If your connection is slow and/or your ldap database large, it might take a "
14813
14812
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14815
14814
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14816
14815
msgstr ""
14817
14816
14818
#: serverguide/C/network-auth.xml:1100(para)
14817
#: serverguide/C/network-auth.xml:1107(para)
14819
14818
msgid ""
14820
14819
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14821
14820
"match the provider, you should stop and figure out the issue before "
14825
14824
"statements) return no errors."
14826
14825
msgstr ""
14827
14826
14828
#: serverguide/C/network-auth.xml:1109(para)
14827
#: serverguide/C/network-auth.xml:1116(para)
14829
14828
msgid ""
14830
14829
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14831
14830
msgstr ""
14832
14831
14833
#: serverguide/C/network-auth.xml:1114(command)
14832
#: serverguide/C/network-auth.xml:1121(command)
14834
14833
msgid ""
14835
14834
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14836
14835
msgstr ""
14837
14836
14838
#: serverguide/C/network-auth.xml:1117(para)
14837
#: serverguide/C/network-auth.xml:1124(para)
14839
14838
msgid ""
14840
14839
"You should see the user 'john' and the group 'miners' as well as the nodes "
14841
14840
"'People' and 'Groups'."
14842
14841
msgstr ""
14843
14842
14844
#: serverguide/C/network-auth.xml:1126(title)
14843
#: serverguide/C/network-auth.xml:1133(title)
14845
14844
msgid "Access Control"
14846
14845
msgstr ""
14847
14846
14848
#: serverguide/C/network-auth.xml:1128(para)
14847
#: serverguide/C/network-auth.xml:1135(para)
14849
14848
msgid ""
14850
14849
"The management of what type of access (read, write, etc) users should be "
14851
14850
"granted to resources is known as <emphasis>access control</emphasis>. The "
14853
14852
"lists</emphasis> or ACL."
14854
14853
msgstr ""
14855
14854
14856
#: serverguide/C/network-auth.xml:1133(para)
14855
#: serverguide/C/network-auth.xml:1140(para)
14857
14856
msgid ""
14858
14857
"When we installed the slapd package various ACL were set up automatically. "
14859
14858
"We will look at a few important consequences of those defaults and, in so "
14860
14859
"doing, we'll get an idea of how ACLs work and how they're configured."
14861
14860
msgstr ""
14862
14861
14863
#: serverguide/C/network-auth.xml:1138(para)
14862
#: serverguide/C/network-auth.xml:1145(para)
14864
14863
msgid ""
14865
14864
"To get the effective ACL for an LDAP query we need to look at the ACL "
14866
14865
"entries of the database being queried as well as those of the special "
14872
14871
"(\"dc=example,dc=com\") and those of the frontend database:"
14873
14872
msgstr ""
14874
14873
14875
#: serverguide/C/network-auth.xml:1147(command)
14874
#: serverguide/C/network-auth.xml:1154(command)
14876
14875
msgid ""
14877
14876
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14878
14877
"'(olcDatabase={1}hdb)' olcAccess"
14879
14878
msgstr ""
14880
14879
14881
#: serverguide/C/network-auth.xml:1149(computeroutput)
14880
#: serverguide/C/network-auth.xml:1156(computeroutput)
14882
14881
#, no-wrap
14883
14882
msgid ""
14884
14883
"\n"
14892
14891
" read\n"
14893
14892
msgstr ""
14894
14893
14895
#: serverguide/C/network-auth.xml:1160(para)
14894
#: serverguide/C/network-auth.xml:1167(para)
14896
14895
msgid ""
14897
14896
"The rootDN always has full rights to its database. Including it in an ACL "
14898
14897
"does provide an explicit configuration but it also causes slapd to incur a "
14899
14898
"performance penalty."
14900
14899
msgstr ""
14901
14900
14902
#: serverguide/C/network-auth.xml:1167(command)
14901
#: serverguide/C/network-auth.xml:1174(command)
14903
14902
msgid ""
14904
14903
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14905
14904
"'(olcDatabase={-1}frontend)' olcAccess"
14906
14905
msgstr ""
14907
14906
14908
#: serverguide/C/network-auth.xml:1169(computeroutput)
14907
#: serverguide/C/network-auth.xml:1176(computeroutput)
14909
14908
#, no-wrap
14910
14909
msgid ""
14911
14910
"\n"
14916
14915
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14917
14916
msgstr ""
14918
14917
14919
#: serverguide/C/network-auth.xml:1178(para)
14918
#: serverguide/C/network-auth.xml:1185(para)
14920
14919
msgid "The very first ACL is crucial:"
14921
14920
msgstr ""
14922
14921
14923
#: serverguide/C/network-auth.xml:1182(programlisting)
14922
#: serverguide/C/network-auth.xml:1189(programlisting)
14924
14923
#, no-wrap
14925
14924
msgid ""
14926
14925
"\n"
14929
14928
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14930
14929
msgstr ""
14931
14930
14932
#: serverguide/C/network-auth.xml:1187(para)
14931
#: serverguide/C/network-auth.xml:1194(para)
14933
14932
msgid "This can be represented differently for easier digestion:"
14934
14933
msgstr ""
14935
14934
14936
#: serverguide/C/network-auth.xml:1191(programlisting)
14935
#: serverguide/C/network-auth.xml:1198(programlisting)
14937
14936
#, no-wrap
14938
14937
msgid ""
14939
14938
"\n"
14950
14949
"\tby * none\n"
14951
14950
msgstr ""
14952
14951
14953
#: serverguide/C/network-auth.xml:1205(para)
14952
#: serverguide/C/network-auth.xml:1212(para)
14954
14953
msgid "This compound ACL (there are 2) enforces the following:"
14955
14954
msgstr ""
14956
14955
14957
#: serverguide/C/network-auth.xml:1212(para)
14956
#: serverguide/C/network-auth.xml:1219(para)
14958
14957
msgid ""
14959
14958
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14960
14959
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14963
14962
"occur (see next point)."
14964
14963
msgstr ""
14965
14964
14966
#: serverguide/C/network-auth.xml:1220(para)
14965
#: serverguide/C/network-auth.xml:1227(para)
14967
14966
msgid ""
14968
14967
"Authentication can happen because all users have 'read' (due to 'by self "
14969
14968
"write') access to the <emphasis>userPassword</emphasis> attribute."
14970
14969
msgstr ""
14971
14970
14972
#: serverguide/C/network-auth.xml:1226(para)
14971
#: serverguide/C/network-auth.xml:1233(para)
14973
14972
msgid ""
14974
14973
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14975
14974
"all other users, with the exception of the rootDN, who has complete access "
14976
14975
"to it."
14977
14976
msgstr ""
14978
14977
14979
#: serverguide/C/network-auth.xml:1233(para)
14978
#: serverguide/C/network-auth.xml:1240(para)
14980
14979
msgid ""
14981
14980
"In order for users to change their own password, using "
14982
14981
"<command>passwd</command> or other utilities, the "
14984
14983
"a user has authenticated."
14985
14984
msgstr ""
14986
14985
14987
#: serverguide/C/network-auth.xml:1241(para)
14986
#: serverguide/C/network-auth.xml:1248(para)
14988
14987
msgid ""
14989
14988
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14990
14989
msgstr ""
14991
14990
14992
#: serverguide/C/network-auth.xml:1245(programlisting)
14991
#: serverguide/C/network-auth.xml:1252(programlisting)
14993
14992
#, no-wrap
14994
14993
msgid ""
14995
14994
"\n"
14999
14998
"\tby * read\n"
15000
14999
msgstr ""
15001
15000
15002
#: serverguide/C/network-auth.xml:1252(para)
15001
#: serverguide/C/network-auth.xml:1259(para)
15003
15002
msgid ""
15004
15003
"If this is unwanted then you need to change the ACLs. To force "
15005
15004
"authentication during a bind request you can alternatively (or in "
15006
15005
"combination with the modified ACL) use the 'olcRequire: authc' directive."
15007
15006
msgstr ""
15008
15007
15009
#: serverguide/C/network-auth.xml:1257(para)
15008
#: serverguide/C/network-auth.xml:1264(para)
15010
15009
msgid ""
15011
15010
"As previously mentioned, there is no administrative account created for the "
15012
15011
"slapd-config database. There is, however, a SASL identity that is granted "
15014
15013
"it is:"
15015
15014
msgstr ""
15016
15015
15017
#: serverguide/C/network-auth.xml:1262(programlisting)
15016
#: serverguide/C/network-auth.xml:1269(programlisting)
15018
15017
#, no-wrap
15019
15018
msgid ""
15020
15019
"\n"
15021
15020
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
15022
15021
msgstr ""
15023
15022
15024
#: serverguide/C/network-auth.xml:1266(para)
15023
#: serverguide/C/network-auth.xml:1273(para)
15025
15024
msgid ""
15026
15025
"The following command will display the ACLs of the slapd-config database:"
15027
15026
msgstr ""
15028
15027
15029
#: serverguide/C/network-auth.xml:1271(command)
15028
#: serverguide/C/network-auth.xml:1278(command)
15030
15029
msgid ""
15031
15030
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
15032
15031
"'(olcDatabase={0}config)' olcAccess"
15033
15032
msgstr ""
15034
15033
15035
#: serverguide/C/network-auth.xml:1273(computeroutput)
15034
#: serverguide/C/network-auth.xml:1280(computeroutput)
15036
15035
#, no-wrap
15037
15036
msgid ""
15038
15037
"\n"
15041
15040
" cn=external,cn=auth manage by * break\n"
15042
15041
msgstr ""
15043
15042
15044
#: serverguide/C/network-auth.xml:1285(para)
15043
#: serverguide/C/network-auth.xml:1287(para)
15045
15044
msgid ""
15046
15045
"Since this is a SASL identity we need to use a SASL "
15047
15046
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
15049
15048
"mechanism. See the previous command for an example. Note that:"
15050
15049
msgstr ""
15051
15050
15052
#: serverguide/C/network-auth.xml:1288(para)
15051
#: serverguide/C/network-auth.xml:1295(para)
15053
15052
msgid ""
15054
15053
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
15055
15054
"for the ACL to match."
15056
15055
msgstr ""
15057
15056
15058
#: serverguide/C/network-auth.xml:1294(para)
15057
#: serverguide/C/network-auth.xml:1301(para)
15059
15058
msgid ""
15060
15059
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
15061
15060
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
15062
15061
msgstr ""
15063
15062
15064
#: serverguide/C/network-auth.xml:1302(para)
15063
#: serverguide/C/network-auth.xml:1309(para)
15065
15064
msgid "A succinct way to get all the ACLs is like this:"
15066
15065
msgstr ""
15067
15066
15068
#: serverguide/C/network-auth.xml:1307(command)
15067
#: serverguide/C/network-auth.xml:1314(command)
15069
15068
msgid ""
15070
15069
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
15071
15070
"'(olcAccess=*)' olcAccess olcSuffix"
15072
15071
msgstr ""
15073
15072
15074
#: serverguide/C/network-auth.xml:1311(para)
15073
#: serverguide/C/network-auth.xml:1318(para)
15075
15074
msgid ""
15076
15075
"There is much to say on the topic of access control. See the man page for "
15077
15076
"<ulink "
15079
15078
".access</ulink>."
15080
15079
msgstr ""
15081
15080
15082
#: serverguide/C/network-auth.xml:1319(title)
15081
#: serverguide/C/network-auth.xml:1326(title)
15083
15082
msgid "TLS"
15084
15083
msgstr ""
15085
15084
15086
#: serverguide/C/network-auth.xml:1321(para)
15085
#: serverguide/C/network-auth.xml:1328(para)
15087
15086
msgid ""
15088
15087
"When authenticating to an OpenLDAP server it is best to do so using an "
15089
15088
"encrypted session. This can be accomplished using Transport Layer Security "
15090
15089
"(TLS)."
15091
15090
msgstr ""
15092
15091
15093
#: serverguide/C/network-auth.xml:1326(para)
15092
#: serverguide/C/network-auth.xml:1333(para)
15094
15093
msgid ""
15095
15094
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
15096
15095
"create and sign our LDAP server certificate as that CA. Since "
15099
15098
"<application>certtool</application> utility to complete these tasks."
15100
15099
msgstr ""
15101
15100
15102
#: serverguide/C/network-auth.xml:1335(para)
15101
#: serverguide/C/network-auth.xml:1342(para)
15103
15102
msgid ""
15104
15103
"Install the <application>gnutls-bin</application> and <application>ssl-"
15105
15104
"cert</application> packages:"
15106
15105
msgstr ""
15107
15106
15108
#: serverguide/C/network-auth.xml:1340(command)
15107
#: serverguide/C/network-auth.xml:1347(command)
15109
15108
msgid "sudo apt-get install gnutls-bin ssl-cert"
15110
15109
msgstr ""
15111
15110
15112
#: serverguide/C/network-auth.xml:1346(para)
15111
#: serverguide/C/network-auth.xml:1353(para)
15113
15112
msgid "Create a private key for the Certificate Authority:"
15114
15113
msgstr ""
15115
15114
15116
#: serverguide/C/network-auth.xml:1351(command)
15115
#: serverguide/C/network-auth.xml:1358(command)
15117
15116
msgid ""
15118
15117
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
15119
15118
msgstr ""
15120
15119
15121
#: serverguide/C/network-auth.xml:1357(para)
15120
#: serverguide/C/network-auth.xml:1364(para)
15122
15121
msgid ""
15123
15122
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
15124
15123
"CA:"
15125
15124
msgstr ""
15126
15125
15127
#: serverguide/C/network-auth.xml:1361(programlisting)
15126
#: serverguide/C/network-auth.xml:1368(programlisting)
15128
15127
#, no-wrap
15129
15128
msgid ""
15130
15129
"\n"
15133
15132
"cert_signing_key\n"
15134
15133
msgstr ""
15135
15134
15136
#: serverguide/C/network-auth.xml:1370(para)
15135
#: serverguide/C/network-auth.xml:1377(para)
15137
15136
msgid "Create the self-signed CA certificate:"
15138
15137
msgstr ""
15139
15138
15140
#: serverguide/C/network-auth.xml:1375(command)
15139
#: serverguide/C/network-auth.xml:1382(command)
15141
15140
msgid ""
15142
15141
"sudo certtool --generate-self-signed \\ --load-privkey "
15143
15142
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
15144
15143
"/etc/ssl/certs/cacert.pem"
15145
15144
msgstr ""
15146
15145
15147
#: serverguide/C/network-auth.xml:1384(para)
15146
#: serverguide/C/network-auth.xml:1391(para)
15148
15147
msgid "Make a private key for the server:"
15149
15148
msgstr ""
15150
15149
15151
#: serverguide/C/network-auth.xml:1389(command)
15150
#: serverguide/C/network-auth.xml:1396(command)
15152
15151
msgid ""
15153
15152
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15154
15153
"/etc/ssl/private/ldap01_slapd_key.pem"
15155
15154
msgstr ""
15156
15155
15157
#: serverguide/C/network-auth.xml:1395(para)
15156
#: serverguide/C/network-auth.xml:1402(para)
15158
15157
msgid ""
15159
15158
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15160
15159
"hostname. Naming the certificate and key for the host and service that will "
15161
15160
"be using them will help keep things clear."
15162
15161
msgstr ""
15163
15162
15164
#: serverguide/C/network-auth.xml:1404(para)
15163
#: serverguide/C/network-auth.xml:1411(para)
15165
15164
msgid ""
15166
15165
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
15167
15166
msgstr ""
15168
15167
15169
#: serverguide/C/network-auth.xml:1408(programlisting)
15168
#: serverguide/C/network-auth.xml:1415(programlisting)
15170
15169
#, no-wrap
15171
15170
msgid ""
15172
15171
"\n"
15178
15177
"expiration_days = 3650\n"
15179
15178
msgstr ""
15180
15179
15181
#: serverguide/C/network-auth.xml:1417(para)
15180
#: serverguide/C/network-auth.xml:1424(para)
15182
15181
msgid "The above certificate is good for 10 years. Adjust accordingly."
15183
15182
msgstr ""
15184
15183
15185
#: serverguide/C/network-auth.xml:1423(para)
15184
#: serverguide/C/network-auth.xml:1430(para)
15186
15185
msgid "Create the server's certificate:"
15187
15186
msgstr ""
15188
15187
15189
#: serverguide/C/network-auth.xml:1428(command)
15188
#: serverguide/C/network-auth.xml:1435(command)
15190
15189
msgid ""
15191
15190
"sudo certtool --generate-certificate \\ --load-privkey "
15192
15191
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
15195
15194
"/etc/ssl/certs/ldap01_slapd_cert.pem"
15196
15195
msgstr ""
15197
15196
15198
#: serverguide/C/network-auth.xml:1440(para)
15197
#: serverguide/C/network-auth.xml:1447(para)
15199
15198
msgid ""
15200
15199
"Create the file <filename>certinfo.ldif</filename> with the following "
15201
15200
"contents (adjust accordingly, our example assumes we created certs using "
15202
15201
"https://www.cacert.org):"
15203
15202
msgstr ""
15204
15203
15205
#: serverguide/C/network-auth.xml:1444(programlisting)
15204
#: serverguide/C/network-auth.xml:1451(programlisting)
15206
15205
#, no-wrap
15207
15206
msgid ""
15208
15207
"\n"
15217
15216
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
15218
15217
msgstr ""
15219
15218
15220
#: serverguide/C/network-auth.xml:1456(para)
15219
#: serverguide/C/network-auth.xml:1463(para)
15221
15220
msgid ""
15222
15221
"Use the <application>ldapmodify</application> command to tell slapd about "
15223
15222
"our TLS work via the slapd-config database:"
15224
15223
msgstr ""
15225
15224
15226
#: serverguide/C/network-auth.xml:1461(command)
15225
#: serverguide/C/network-auth.xml:1468(command)
15227
15226
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
15228
15227
msgstr ""
15229
15228
15230
#: serverguide/C/network-auth.xml:1464(para)
15229
#: serverguide/C/network-auth.xml:1471(para)
15231
15230
msgid ""
15232
15231
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
15233
15232
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
15234
15233
"should have just:"
15235
15234
msgstr ""
15236
15235
15237
#: serverguide/C/network-auth.xml:1469(programlisting)
15236
#: serverguide/C/network-auth.xml:1476(programlisting)
15238
15237
#, no-wrap
15239
15238
msgid ""
15240
15239
"\n"
15241
15240
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
15242
15241
msgstr ""
15243
15242
15244
#: serverguide/C/network-auth.xml:1474(para)
15243
#: serverguide/C/network-auth.xml:1481(para)
15245
15244
msgid ""
15246
15245
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
15247
15246
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
15250
15249
"over TCP port 636."
15251
15250
msgstr ""
15252
15251
15253
#: serverguide/C/network-auth.xml:1482(para)
15252
#: serverguide/C/network-auth.xml:1489(para)
15254
15253
msgid "Tighten up ownership and permissions:"
15255
15254
msgstr ""
15256
15255
15257
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15256
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15258
15257
msgid "sudo adduser openldap ssl-cert"
15259
15258
msgstr ""
15260
15259
15261
#: serverguide/C/network-auth.xml:1488(command)
15260
#: serverguide/C/network-auth.xml:1495(command)
15262
15261
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15263
15262
msgstr ""
15264
15263
15265
#: serverguide/C/network-auth.xml:1489(command)
15264
#: serverguide/C/network-auth.xml:1496(command)
15266
15265
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15267
15266
msgstr ""
15268
15267
15269
#: serverguide/C/network-auth.xml:1490(command)
15268
#: serverguide/C/network-auth.xml:1497(command)
15270
15269
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15271
15270
msgstr ""
15272
15271
15273
#: serverguide/C/network-auth.xml:1493(para)
15272
#: serverguide/C/network-auth.xml:1500(para)
15274
15273
msgid "Restart OpenLDAP:"
15275
15274
msgstr ""
15276
15275
15277
#: serverguide/C/network-auth.xml:1501(para)
15276
#: serverguide/C/network-auth.xml:1508(para)
15278
15277
msgid ""
15279
15278
"Check your host's logs (/var/log/syslog) to see if the server has started "
15280
15279
"properly."
15281
15280
msgstr ""
15282
15281
15283
#: serverguide/C/network-auth.xml:1508(title)
15282
#: serverguide/C/network-auth.xml:1515(title)
15284
15283
msgid "Replication and TLS"
15285
15284
msgstr ""
15286
15285
15287
#: serverguide/C/network-auth.xml:1510(para)
15286
#: serverguide/C/network-auth.xml:1517(para)
15288
15287
msgid ""
15289
15288
"If you have set up replication between servers, it is common practice to "
15290
15289
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15292
15291
"section we will build on that TLS-authentication work."
15293
15292
msgstr ""
15294
15293
15295
#: serverguide/C/network-auth.xml:1516(para)
15294
#: serverguide/C/network-auth.xml:1523(para)
15296
15295
msgid ""
15297
15296
"The assumption here is that you have set up replication between Provider and "
15298
15297
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
15300
15299
"linkend=\"openldap-tls\"/>."
15301
15300
msgstr ""
15302
15301
15303
#: serverguide/C/network-auth.xml:1521(para)
15302
#: serverguide/C/network-auth.xml:1528(para)
15304
15303
msgid ""
15305
15304
"As previously stated, the objective (for us) with replication is high "
15306
15305
"availablity for the LDAP service. Since we have TLS for authentication on "
15312
15311
"material over to the Consumer."
15313
15312
msgstr ""
15314
15313
15315
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
15314
#: serverguide/C/network-auth.xml:1539(para) serverguide/C/network-auth.xml:1696(para)
15316
15315
msgid "On the Provider,"
15317
15316
msgstr ""
15318
15317
15319
#: serverguide/C/network-auth.xml:1536(para)
15318
#: serverguide/C/network-auth.xml:1543(para)
15320
15319
msgid ""
15321
15320
"Create a holding directory (which will be used for the eventual transfer) "
15322
15321
"and then the Consumer's private key:"
15323
15322
msgstr ""
15324
15323
15325
#: serverguide/C/network-auth.xml:1541(command)
15324
#: serverguide/C/network-auth.xml:1548(command)
15326
15325
msgid "mkdir ldap02-ssl"
15327
15326
msgstr ""
15328
15327
15329
#: serverguide/C/network-auth.xml:1542(command)
15328
#: serverguide/C/network-auth.xml:1549(command)
15330
15329
msgid "cd ldap02-ssl"
15331
15330
msgstr ""
15332
15331
15333
#: serverguide/C/network-auth.xml:1543(command)
15332
#: serverguide/C/network-auth.xml:1550(command)
15334
15333
msgid ""
15335
15334
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15336
15335
"ldap02_slapd_key.pem"
15337
15336
msgstr ""
15338
15337
15339
#: serverguide/C/network-auth.xml:1548(para)
15338
#: serverguide/C/network-auth.xml:1555(para)
15340
15339
msgid ""
15341
15340
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
15342
15341
"server, adjusting its values accordingly:"
15343
15342
msgstr ""
15344
15343
15345
#: serverguide/C/network-auth.xml:1552(programlisting)
15344
#: serverguide/C/network-auth.xml:1559(programlisting)
15346
15345
#, no-wrap
15347
15346
msgid ""
15348
15347
"\n"
15354
15353
"expiration_days = 3650\n"
15355
15354
msgstr ""
15356
15355
15357
#: serverguide/C/network-auth.xml:1561(para)
15356
#: serverguide/C/network-auth.xml:1568(para)
15358
15357
msgid "Create the Consumer's certificate:"
15359
15358
msgstr ""
15360
15359
15361
#: serverguide/C/network-auth.xml:1566(command)
15360
#: serverguide/C/network-auth.xml:1573(command)
15362
15361
msgid ""
15363
15362
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
15364
15363
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
15366
15365
"ldap02_slapd_cert.pem"
15367
15366
msgstr ""
15368
15367
15369
#: serverguide/C/network-auth.xml:1574(para)
15368
#: serverguide/C/network-auth.xml:1581(para)
15370
15369
msgid "Get a copy of the CA certificate:"
15371
15370
msgstr ""
15372
15371
15373
#: serverguide/C/network-auth.xml:1579(command)
15372
#: serverguide/C/network-auth.xml:1586(command)
15374
15373
msgid "cp /etc/ssl/certs/cacert.pem ."
15375
15374
msgstr ""
15376
15375
15377
#: serverguide/C/network-auth.xml:1582(para)
15376
#: serverguide/C/network-auth.xml:1589(para)
15378
15377
msgid ""
15379
15378
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15380
15379
"the Consumer. Here we use scp (adjust accordingly):"
15381
15380
msgstr ""
15382
15381
15383
#: serverguide/C/network-auth.xml:1587(command)
15382
#: serverguide/C/network-auth.xml:1594(command)
15384
15383
msgid "cd .."
15385
15384
msgstr ""
15386
15385
15387
#: serverguide/C/network-auth.xml:1588(command)
15386
#: serverguide/C/network-auth.xml:1595(command)
15388
15387
msgid "scp -r ldap02-ssl user@consumer:"
15389
15388
msgstr ""
15390
15389
15391
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15390
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15392
15391
msgid "On the Consumer,"
15393
15392
msgstr ""
15394
15393
15395
#: serverguide/C/network-auth.xml:1598(para)
15394
#: serverguide/C/network-auth.xml:1605(para)
15396
15395
msgid "Configure TLS authentication:"
15397
15396
msgstr ""
15398
15397
15399
#: serverguide/C/network-auth.xml:1603(command)
15398
#: serverguide/C/network-auth.xml:1610(command)
15400
15399
msgid "sudo apt-get install ssl-cert"
15401
15400
msgstr ""
15402
15401
15403
#: serverguide/C/network-auth.xml:1605(command)
15402
#: serverguide/C/network-auth.xml:1612(command)
15404
15403
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15405
15404
msgstr ""
15406
15405
15407
#: serverguide/C/network-auth.xml:1606(command)
15406
#: serverguide/C/network-auth.xml:1613(command)
15408
15407
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15409
15408
msgstr ""
15410
15409
15411
#: serverguide/C/network-auth.xml:1607(command)
15410
#: serverguide/C/network-auth.xml:1614(command)
15412
15411
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15413
15412
msgstr ""
15414
15413
15415
#: serverguide/C/network-auth.xml:1608(command)
15414
#: serverguide/C/network-auth.xml:1615(command)
15416
15415
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15417
15416
msgstr ""
15418
15417
15419
#: serverguide/C/network-auth.xml:1609(command)
15418
#: serverguide/C/network-auth.xml:1616(command)
15420
15419
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15421
15420
msgstr ""
15422
15421
15423
#: serverguide/C/network-auth.xml:1612(para)
15422
#: serverguide/C/network-auth.xml:1619(para)
15424
15423
msgid ""
15425
15424
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15426
15425
"following contents (adjust accordingly):"
15427
15426
msgstr ""
15428
15427
15429
#: serverguide/C/network-auth.xml:1616(programlisting)
15428
#: serverguide/C/network-auth.xml:1623(programlisting)
15430
15429
#, no-wrap
15431
15430
msgid ""
15432
15431
"\n"
15441
15440
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15442
15441
msgstr ""
15443
15442
15444
#: serverguide/C/network-auth.xml:1628(para)
15443
#: serverguide/C/network-auth.xml:1635(para)
15445
15444
msgid "Configure the slapd-config database:"
15446
15445
msgstr ""
15447
15446
15448
#: serverguide/C/network-auth.xml:1633(command)
15447
#: serverguide/C/network-auth.xml:1640(command)
15449
15448
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15450
15449
msgstr ""
15451
15450
15452
#: serverguide/C/network-auth.xml:1636(para)
15451
#: serverguide/C/network-auth.xml:1643(para)
15453
15452
msgid ""
15454
15453
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15455
15454
"(SLAPD_SERVICES)."
15456
15455
msgstr ""
15457
15456
15458
#: serverguide/C/network-auth.xml:1646(para)
15457
#: serverguide/C/network-auth.xml:1653(para)
15459
15458
msgid ""
15460
15459
"Configure TLS for Consumer-side replication. Modify the existing "
15461
15460
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15463
15462
"value(s)."
15464
15463
msgstr ""
15465
15464
15466
#: serverguide/C/network-auth.xml:1651(para)
15465
#: serverguide/C/network-auth.xml:1658(para)
15467
15466
msgid ""
15468
15467
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15469
15468
"following contents:"
15470
15469
msgstr ""
15471
15470
15472
#: serverguide/C/network-auth.xml:1660(programlisting)
15471
#: serverguide/C/network-auth.xml:1662(programlisting)
15473
15472
#, no-wrap
15474
15473
msgid ""
15475
15474
"\n"
15484
15483
" starttls=critical tls_reqcert=demand\n"
15485
15484
msgstr ""
15486
15485
15487
#: serverguide/C/network-auth.xml:1665(para)
15486
#: serverguide/C/network-auth.xml:1672(para)
15488
15487
msgid ""
15489
15488
"The extra options specify, respectively, that the consumer must use StartTLS "
15490
15489
"and that the CA certificate is required to verify the Provider's identity. "
15492
15491
"('replace')."
15493
15492
msgstr ""
15494
15493
15495
#: serverguide/C/network-auth.xml:1670(para)
15494
#: serverguide/C/network-auth.xml:1677(para)
15496
15495
msgid "Implement these changes:"
15497
15496
msgstr ""
15498
15497
15499
#: serverguide/C/network-auth.xml:1675(command)
15498
#: serverguide/C/network-auth.xml:1682(command)
15500
15499
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15501
15500
msgstr ""
15502
15501
15503
#: serverguide/C/network-auth.xml:1678(para)
15502
#: serverguide/C/network-auth.xml:1685(para)
15504
15503
msgid "And restart slapd:"
15505
15504
msgstr ""
15506
15505
15507
#: serverguide/C/network-auth.xml:1693(para)
15506
#: serverguide/C/network-auth.xml:1700(para)
15508
15507
msgid ""
15509
15508
"Check to see that a TLS session has been established. In "
15510
15509
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15511
15510
"logging set up, you should see messages similar to:"
15512
15511
msgstr ""
15513
15512
15514
#: serverguide/C/network-auth.xml:1698(programlisting)
15513
#: serverguide/C/network-auth.xml:1705(programlisting)
15515
15514
#, no-wrap
15516
15515
msgid ""
15517
15516
"\n"
15528
15527
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15529
15528
msgstr ""
15530
15529
15531
#: serverguide/C/network-auth.xml:1716(title)
15530
#: serverguide/C/network-auth.xml:1723(title)
15532
15531
msgid "LDAP Authentication"
15533
15532
msgstr ""
15534
15533
15535
#: serverguide/C/network-auth.xml:1723(para)
15534
#: serverguide/C/network-auth.xml:1725(para)
15536
15535
msgid ""
15537
15536
"Once you have a working LDAP server, you will need to install libraries on "
15538
15537
"the client that will know how and when to contact it. On Ubuntu, this has "
15541
15540
"assist you in the configuration step. Install this package now:"
15542
15541
msgstr ""
15543
15542
15544
#: serverguide/C/network-auth.xml:1725(command)
15543
#: serverguide/C/network-auth.xml:1732(command)
15545
15544
msgid "sudo apt-get install libnss-ldap"
15546
15545
msgstr ""
15547
15546
15548
#: serverguide/C/network-auth.xml:1728(para)
15547
#: serverguide/C/network-auth.xml:1735(para)
15549
15548
msgid ""
15550
15549
"You will be prompted for details of your LDAP server. If you make a mistake "
15551
15550
"you can try again using:"
15552
15551
msgstr ""
15553
15552
15554
#: serverguide/C/network-auth.xml:1733(command)
15553
#: serverguide/C/network-auth.xml:1740(command)
15555
15554
msgid "sudo dpkg-reconfigure ldap-auth-config"
15556
15555
msgstr ""
15557
15556
15558
#: serverguide/C/network-auth.xml:1736(para)
15557
#: serverguide/C/network-auth.xml:1743(para)
15559
15558
msgid ""
15560
15559
"The results of the dialog can be seen in "
15561
15560
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15562
15561
"covered in the menu edit this file accordingly."
15563
15562
msgstr ""
15564
15563
15565
#: serverguide/C/network-auth.xml:1741(para)
15564
#: serverguide/C/network-auth.xml:1748(para)
15566
15565
msgid "Now configure the LDAP profile for NSS:"
15567
15566
msgstr ""
15568
15567
15569
#: serverguide/C/network-auth.xml:1746(command)
15568
#: serverguide/C/network-auth.xml:1753(command)
15570
15569
msgid "sudo auth-client-config -t nss -p lac_ldap"
15571
15570
msgstr ""
15572
15571
15573
#: serverguide/C/network-auth.xml:1749(para)
15572
#: serverguide/C/network-auth.xml:1756(para)
15574
15573
msgid "Configure the system to use LDAP for authentication:"
15575
15574
msgstr ""
15576
15575
15577
#: serverguide/C/network-auth.xml:1754(command)
15576
#: serverguide/C/network-auth.xml:1761(command)
15578
15577
msgid "sudo pam-auth-update"
15579
15578
msgstr ""
15580
15579
15581
#: serverguide/C/network-auth.xml:1757(para)
15580
#: serverguide/C/network-auth.xml:1764(para)
15582
15581
msgid ""
15583
15582
"From the menu, choose LDAP and any other authentication mechanisms you need."
15584
15583
msgstr ""
15585
15584
15586
#: serverguide/C/network-auth.xml:1761(para)
15585
#: serverguide/C/network-auth.xml:1768(para)
15587
15586
msgid "You should now be able to log in using LDAP-based credentials."
15588
15587
msgstr ""
15589
15588
15590
#: serverguide/C/network-auth.xml:1765(para)
15589
#: serverguide/C/network-auth.xml:1772(para)
15591
15590
msgid ""
15592
15591
"LDAP clients will need to refer to multiple servers if replication is in "
15593
15592
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15594
15593
msgstr ""
15595
15594
15596
#: serverguide/C/network-auth.xml:1770(programlisting)
15595
#: serverguide/C/network-auth.xml:1777(programlisting)
15597
15596
#, no-wrap
15598
15597
msgid ""
15599
15598
"\n"
15600
15599
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15601
15600
msgstr ""
15602
15601
15603
#: serverguide/C/network-auth.xml:1774(para)
15602
#: serverguide/C/network-auth.xml:1781(para)
15604
15603
msgid ""
15605
15604
"The request will time out and the Consumer (ldap02) will attempt to be "
15606
15605
"reached if the Provider (ldap01) becomes unresponsive."
15607
15606
msgstr ""
15608
15607
15609
#: serverguide/C/network-auth.xml:1778(para)
15608
#: serverguide/C/network-auth.xml:1785(para)
15610
15609
msgid ""
15611
15610
"If you are going to use LDAP to store Samba users you will need to configure "
15612
15611
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15613
15612
"ldap\"/> for details."
15614
15613
msgstr ""
15615
15614
15616
#: serverguide/C/network-auth.xml:1784(para)
15615
#: serverguide/C/network-auth.xml:1791(para)
15617
15616
msgid ""
15618
15617
"An alternative to the <application>libnss-ldap</application> package is the "
15619
15618
"<application>libnss-ldapd</application> package. This, however, will bring "
15621
15620
"wanted. Simply remove it afterwards."
15622
15621
msgstr ""
15623
15622
15624
#: serverguide/C/network-auth.xml:1794(title)
15623
#: serverguide/C/network-auth.xml:1801(title)
15625
15624
msgid "User and Group Management"
15626
15625
msgstr ""
15627
15626
15628
#: serverguide/C/network-auth.xml:1796(para)
15627
#: serverguide/C/network-auth.xml:1803(para)
15629
15628
msgid ""
15630
15629
"The <application>ldap-utils</application> package comes with enough "
15631
15630
"utilities to manage the directory but the long string of options needed can "
15634
15633
"easier to use."
15635
15634
msgstr ""
15636
15635
15637
#: serverguide/C/network-auth.xml:1802(para)
15636
#: serverguide/C/network-auth.xml:1809(para)
15638
15637
msgid "Install the package:"
15639
15638
msgstr ""
15640
15639
15641
#: serverguide/C/network-auth.xml:1807(command)
15640
#: serverguide/C/network-auth.xml:1814(command)
15642
15641
msgid "sudo apt-get install ldapscripts"
15643
15642
msgstr ""
15644
15643
15645
#: serverguide/C/network-auth.xml:1810(para)
15644
#: serverguide/C/network-auth.xml:1817(para)
15646
15645
msgid ""
15647
15646
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15648
15647
"arrive at something similar to the following:"
15649
15648
msgstr ""
15650
15649
15651
#: serverguide/C/network-auth.xml:1814(programlisting)
15650
#: serverguide/C/network-auth.xml:1821(programlisting)
15652
15651
#, no-wrap
15653
15652
msgid ""
15654
15653
"\n"
15664
15663
"MIDSTART=10000\n"
15665
15664
msgstr ""
15666
15665
15667
#: serverguide/C/network-auth.xml:1827(para)
15666
#: serverguide/C/network-auth.xml:1834(para)
15668
15667
msgid ""
15669
15668
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15670
15669
"access to the directory:"
15671
15670
msgstr ""
15672
15671
15673
#: serverguide/C/network-auth.xml:1832(command)
15672
#: serverguide/C/network-auth.xml:1839(command)
15674
15673
msgid ""
15675
15674
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15676
15675
msgstr ""
15677
15676
15678
#: serverguide/C/network-auth.xml:1833(command)
15677
#: serverguide/C/network-auth.xml:1840(command)
15679
15678
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15680
15679
msgstr ""
15681
15680
15682
#: serverguide/C/network-auth.xml:1837(para)
15681
#: serverguide/C/network-auth.xml:1844(para)
15683
15682
msgid ""
15684
15683
"Replace <quote>secret</quote> with the actual password for your database's "
15685
15684
"rootDN user."
15686
15685
msgstr ""
15687
15686
15688
#: serverguide/C/network-auth.xml:1842(para)
15687
#: serverguide/C/network-auth.xml:1849(para)
15689
15688
msgid ""
15690
15689
"The scripts are now ready to help manage your directory. Here are some "
15691
15690
"examples of how to use them:"
15692
15691
msgstr ""
15693
15692
15694
#: serverguide/C/network-auth.xml:1849(para)
15693
#: serverguide/C/network-auth.xml:1856(para)
15695
15694
msgid "Create a new user:"
15696
15695
msgstr ""
15697
15696
15698
#: serverguide/C/network-auth.xml:1854(command)
15697
#: serverguide/C/network-auth.xml:1861(command)
15699
15698
msgid "sudo ldapadduser george example"
15700
15699
msgstr ""
15701
15700
15702
#: serverguide/C/network-auth.xml:1857(para)
15701
#: serverguide/C/network-auth.xml:1864(para)
15703
15702
msgid ""
15704
15703
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15705
15704
"and set the user's primary group (gid) to <emphasis "
15706
15705
"role=\"italic\">example</emphasis>"
15707
15706
msgstr ""
15708
15707
15709
#: serverguide/C/network-auth.xml:1864(para)
15708
#: serverguide/C/network-auth.xml:1871(para)
15710
15709
msgid "Change a user's password:"
15711
15710
msgstr ""
15712
15711
15713
#: serverguide/C/network-auth.xml:1869(command)
15712
#: serverguide/C/network-auth.xml:1876(command)
15714
15713
msgid "sudo ldapsetpasswd george"
15715
15714
msgstr ""
15716
15715
15717
#: serverguide/C/network-auth.xml:1870(computeroutput)
15716
#: serverguide/C/network-auth.xml:1877(computeroutput)
15718
15717
#, no-wrap
15719
15718
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15720
15719
msgstr ""
15721
15720
15722
#: serverguide/C/network-auth.xml:1871(userinput)
15721
#: serverguide/C/network-auth.xml:1878(userinput)
15723
15722
#, no-wrap
15724
15723
msgid "New Password: "
15725
15724
msgstr ""
15726
15725
15727
#: serverguide/C/network-auth.xml:1872(userinput)
15726
#: serverguide/C/network-auth.xml:1879(userinput)
15728
15727
#, no-wrap
15729
15728
msgid "New Password (verify): "
15730
15729
msgstr ""
15731
15730
15732
#: serverguide/C/network-auth.xml:1878(para)
15731
#: serverguide/C/network-auth.xml:1885(para)
15733
15732
msgid "Delete a user:"
15734
15733
msgstr ""
15735
15734
15736
#: serverguide/C/network-auth.xml:1883(command)
15735
#: serverguide/C/network-auth.xml:1890(command)
15737
15736
msgid "sudo ldapdeleteuser george"
15738
15737
msgstr ""
15739
15738
15740
#: serverguide/C/network-auth.xml:1889(para)
15739
#: serverguide/C/network-auth.xml:1896(para)
15741
15740
msgid "Add a group:"
15742
15741
msgstr ""
15743
15742
15744
#: serverguide/C/network-auth.xml:1894(command)
15743
#: serverguide/C/network-auth.xml:1901(command)
15745
15744
msgid "sudo ldapaddgroup qa"
15746
15745
msgstr ""
15747
15746
15748
#: serverguide/C/network-auth.xml:1900(para)
15747
#: serverguide/C/network-auth.xml:1907(para)
15749
15748
msgid "Delete a group:"
15750
15749
msgstr ""
15751
15750
15752
#: serverguide/C/network-auth.xml:1905(command)
15751
#: serverguide/C/network-auth.xml:1912(command)
15753
15752
msgid "sudo ldapdeletegroup qa"
15754
15753
msgstr ""
15755
15754
15756
#: serverguide/C/network-auth.xml:1911(para)
15755
#: serverguide/C/network-auth.xml:1918(para)
15757
15756
msgid "Add a user to a group:"
15758
15757
msgstr ""
15759
15758
15760
#: serverguide/C/network-auth.xml:1916(command)
15759
#: serverguide/C/network-auth.xml:1923(command)
15761
15760
msgid "sudo ldapaddusertogroup george qa"
15762
15761
msgstr ""
15763
15762
15764
#: serverguide/C/network-auth.xml:1919(para)
15763
#: serverguide/C/network-auth.xml:1926(para)
15765
15764
msgid ""
15766
15765
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15767
15766
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15768
15767
"role=\"italic\">george</emphasis>."
15769
15768
msgstr ""
15770
15769
15771
#: serverguide/C/network-auth.xml:1926(para)
15770
#: serverguide/C/network-auth.xml:1933(para)
15772
15771
msgid "Remove a user from a group:"
15773
15772
msgstr ""
15774
15773
15775
#: serverguide/C/network-auth.xml:1931(command)
15774
#: serverguide/C/network-auth.xml:1938(command)
15776
15775
msgid "sudo ldapdeleteuserfromgroup george qa"
15777
15776
msgstr ""
15778
15777
15779
#: serverguide/C/network-auth.xml:1934(para)
15778
#: serverguide/C/network-auth.xml:1941(para)
15780
15779
msgid ""
15781
15780
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15782
15781
"<emphasis role=\"italic\">qa</emphasis> group."
15783
15782
msgstr ""
15784
15783
15785
#: serverguide/C/network-auth.xml:1941(para)
15784
#: serverguide/C/network-auth.xml:1948(para)
15786
15785
msgid ""
15787
15786
"The <application>ldapmodifyuser</application> script allows you to add, "
15788
15787
"remove, or replace a user's attributes. The script uses the same syntax as "
15789
15788
"the <application>ldapmodify</application> utility. For example:"
15790
15789
msgstr ""
15791
15790
15792
#: serverguide/C/network-auth.xml:1947(command)
15791
#: serverguide/C/network-auth.xml:1954(command)
15793
15792
msgid "sudo ldapmodifyuser george"
15794
15793
msgstr ""
15795
15794
15796
#: serverguide/C/network-auth.xml:1948(computeroutput)
15795
#: serverguide/C/network-auth.xml:1955(computeroutput)
15797
15796
#, no-wrap
15798
15797
msgid ""
15799
15798
"# About to modify the following entry :\n"
15814
15813
"dn: uid=george,ou=People,dc=example,dc=com"
15815
15814
msgstr ""
15816
15815
15817
#: serverguide/C/network-auth.xml:1964(userinput)
15816
#: serverguide/C/network-auth.xml:1971(userinput)
15818
15817
#, no-wrap
15819
15818
msgid ""
15820
15819
"replace: gecos\n"
15821
15820
"gecos: George Carlin"
15822
15821
msgstr ""
15823
15822
15824
#: serverguide/C/network-auth.xml:1968(para)
15823
#: serverguide/C/network-auth.xml:1975(para)
15825
15824
msgid ""
15826
15825
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15827
15826
"Carlin</quote>."
15828
15827
msgstr ""
15829
15828
15830
#: serverguide/C/network-auth.xml:1979(para)
15829
#: serverguide/C/network-auth.xml:1981(para)
15831
15830
msgid ""
15832
15831
"A nice feature of <application>ldapscripts</application> is the template "
15833
15832
"system. Templates allow you to customize the attributes of user, group, and "
15836
15835
"changing:"
15837
15836
msgstr ""
15838
15837
15839
#: serverguide/C/network-auth.xml:1980(programlisting)
15838
#: serverguide/C/network-auth.xml:1987(programlisting)
15840
15839
#, no-wrap
15841
15840
msgid ""
15842
15841
"\n"
15843
15842
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15844
15843
msgstr ""
15845
15844
15846
#: serverguide/C/network-auth.xml:1984(para)
15845
#: serverguide/C/network-auth.xml:1991(para)
15847
15846
msgid ""
15848
15847
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15849
15848
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15851
15850
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15852
15851
msgstr ""
15853
15852
15854
#: serverguide/C/network-auth.xml:1991(command)
15853
#: serverguide/C/network-auth.xml:1998(command)
15855
15854
msgid ""
15856
15855
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15857
15856
"/etc/ldapscripts/ldapadduser.template"
15858
15857
msgstr ""
15859
15858
15860
#: serverguide/C/network-auth.xml:1995(para)
15859
#: serverguide/C/network-auth.xml:2002(para)
15861
15860
msgid ""
15862
15861
"Edit the new template to add the desired attributes. The following will "
15863
15862
"create new users with an objectClass of inetOrgPerson:"
15864
15863
msgstr ""
15865
15864
15866
#: serverguide/C/network-auth.xml:2000(programlisting)
15865
#: serverguide/C/network-auth.xml:2007(programlisting)
15867
15866
#, no-wrap
15868
15867
msgid ""
15869
15868
"\n"
15882
15881
"title: Employee\n"
15883
15882
msgstr ""
15884
15883
15885
#: serverguide/C/network-auth.xml:2016(para)
15884
#: serverguide/C/network-auth.xml:2023(para)
15886
15885
msgid ""
15887
15886
"Notice the <emphasis><ask></emphasis> option used for the "
15888
15887
"<emphasis>sn</emphasis> attribute. This will make "
15889
15888
"<application>ldapadduser</application> prompt you for its value."
15890
15889
msgstr ""
15891
15890
15892
#: serverguide/C/network-auth.xml:2024(para)
15891
#: serverguide/C/network-auth.xml:2031(para)
15893
15892
msgid ""
15894
15893
"There are utilities in the package that were not covered here. Here is a "
15895
15894
"complete list:"
15896
15895
msgstr ""
15897
15896
15898
#: serverguide/C/network-auth.xml:2029(ulink)
15897
#: serverguide/C/network-auth.xml:2036(ulink)
15899
15898
msgid "ldaprenamemachine"
15900
15899
msgstr ""
15901
15900
15902
#: serverguide/C/network-auth.xml:2030(ulink)
15901
#: serverguide/C/network-auth.xml:2037(ulink)
15903
15902
msgid "ldapadduser"
15904
15903
msgstr ""
15905
15904
15906
#: serverguide/C/network-auth.xml:2031(ulink)
15905
#: serverguide/C/network-auth.xml:2038(ulink)
15907
15906
msgid "ldapdeleteuserfromgroup"
15908
15907
msgstr ""
15909
15908
15910
#: serverguide/C/network-auth.xml:2032(ulink)
15909
#: serverguide/C/network-auth.xml:2039(ulink)
15911
15910
msgid "ldapfinger"
15912
15911
msgstr ""
15913
15912
15914
#: serverguide/C/network-auth.xml:2033(ulink)
15913
#: serverguide/C/network-auth.xml:2040(ulink)
15915
15914
msgid "ldapid"
15916
15915
msgstr ""
15917
15916
15918
#: serverguide/C/network-auth.xml:2034(ulink)
15917
#: serverguide/C/network-auth.xml:2041(ulink)
15919
15918
msgid "ldapgid"
15920
15919
msgstr ""
15921
15920
15922
#: serverguide/C/network-auth.xml:2035(ulink)
15921
#: serverguide/C/network-auth.xml:2042(ulink)
15923
15922
msgid "ldapmodifyuser"
15924
15923
msgstr ""
15925
15924
15926
#: serverguide/C/network-auth.xml:2036(ulink)
15925
#: serverguide/C/network-auth.xml:2043(ulink)
15927
15926
msgid "ldaprenameuser"
15928
15927
msgstr ""
15929
15928
15930
#: serverguide/C/network-auth.xml:2037(ulink)
15929
#: serverguide/C/network-auth.xml:2044(ulink)
15931
15930
msgid "lsldap"
15932
15931
msgstr ""
15933
15932
15934
#: serverguide/C/network-auth.xml:2038(ulink)
15933
#: serverguide/C/network-auth.xml:2045(ulink)
15935
15934
msgid "ldapaddusertogroup"
15936
15935
msgstr ""
15937
15936
15938
#: serverguide/C/network-auth.xml:2039(ulink)
15937
#: serverguide/C/network-auth.xml:2046(ulink)
15939
15938
msgid "ldapsetpasswd"
15940
15939
msgstr ""
15941
15940
15942
#: serverguide/C/network-auth.xml:2040(ulink)
15941
#: serverguide/C/network-auth.xml:2047(ulink)
15943
15942
msgid "ldapinit"
15944
15943
msgstr ""
15945
15944
15946
#: serverguide/C/network-auth.xml:2041(ulink)
15945
#: serverguide/C/network-auth.xml:2048(ulink)
15947
15946
msgid "ldapaddgroup"
15948
15947
msgstr ""
15949
15948
15950
#: serverguide/C/network-auth.xml:2042(ulink)
15949
#: serverguide/C/network-auth.xml:2049(ulink)
15951
15950
msgid "ldapdeletegroup"
15952
15951
msgstr ""
15953
15952
15954
#: serverguide/C/network-auth.xml:2043(ulink)
15953
#: serverguide/C/network-auth.xml:2050(ulink)
15955
15954
msgid "ldapmodifygroup"
15956
15955
msgstr ""
15957
15956
15958
#: serverguide/C/network-auth.xml:2044(ulink)
15957
#: serverguide/C/network-auth.xml:2051(ulink)
15959
15958
msgid "ldapdeletemachine"
15960
15959
msgstr ""
15961
15960
15962
#: serverguide/C/network-auth.xml:2045(ulink)
15961
#: serverguide/C/network-auth.xml:2052(ulink)
15963
15962
msgid "ldaprenamegroup"
15964
15963
msgstr ""
15965
15964
15966
#: serverguide/C/network-auth.xml:2046(ulink)
15965
#: serverguide/C/network-auth.xml:2053(ulink)
15967
15966
msgid "ldapaddmachine"
15968
15967
msgstr ""
15969
15968
15970
#: serverguide/C/network-auth.xml:2047(ulink)
15969
#: serverguide/C/network-auth.xml:2054(ulink)
15971
15970
msgid "ldapmodifymachine"
15972
15971
msgstr ""
15973
15972
15974
#: serverguide/C/network-auth.xml:2048(ulink)
15973
#: serverguide/C/network-auth.xml:2055(ulink)
15975
15974
msgid "ldapsetprimarygroup"
15976
15975
msgstr ""
15977
15976
15978
#: serverguide/C/network-auth.xml:2049(ulink)
15977
#: serverguide/C/network-auth.xml:2056(ulink)
15979
15978
msgid "ldapdeleteuser"
15980
15979
msgstr ""
15981
15980
15982
#: serverguide/C/network-auth.xml:2055(title)
15981
#: serverguide/C/network-auth.xml:2062(title)
15983
15982
msgid "Backup and Restore"
15984
15983
msgstr ""
15985
15984
15986
#: serverguide/C/network-auth.xml:2057(para)
15985
#: serverguide/C/network-auth.xml:2064(para)
15987
15986
msgid ""
15988
15987
"Now we have ldap running just the way we want, it is time to ensure we can "
15989
15988
"save all of our work and restore it as needed."
15990
15989
msgstr ""
15991
15990
15992
#: serverguide/C/network-auth.xml:2062(para)
15991
#: serverguide/C/network-auth.xml:2069(para)
15993
15992
msgid ""
15994
15993
"What we need is a way to backup the ldap database(s), specifically the "
15995
15994
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15998
15997
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15999
15998
msgstr ""
16000
15999
16001
#: serverguide/C/network-auth.xml:2072(programlisting)
16000
#: serverguide/C/network-auth.xml:2079(programlisting)
16002
16001
#, no-wrap
16003
16002
msgid ""
16004
16003
"\n"
16013
16012
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
16014
16013
msgstr ""
16015
16014
16016
#: serverguide/C/network-auth.xml:2085(para)
16015
#: serverguide/C/network-auth.xml:2092(para)
16017
16016
msgid ""
16018
16017
"These files are uncompressed text files containing everything in your ldap "
16019
16018
"databases including the tree layout, usernames, and every password. So, you "
16023
16022
"requirements."
16024
16023
msgstr ""
16025
16024
16026
#: serverguide/C/network-auth.xml:2096(para)
16025
#: serverguide/C/network-auth.xml:2103(para)
16027
16026
msgid ""
16028
16027
"Then, it is just a matter of having a cron script to run this program as "
16029
16028
"often as we feel comfortable with. For many, once a day suffices. For "
16032
16031
"22:45h:"
16033
16032
msgstr ""
16034
16033
16035
#: serverguide/C/network-auth.xml:2104(programlisting)
16034
#: serverguide/C/network-auth.xml:2111(programlisting)
16036
16035
#, no-wrap
16037
16036
msgid ""
16038
16037
"\n"
16040
16039
"45 22 * * * root /usr/local/bin/ldapbackup\n"
16041
16040
msgstr ""
16042
16041
16043
#: serverguide/C/network-auth.xml:2109(para)
16042
#: serverguide/C/network-auth.xml:2116(para)
16044
16043
msgid "Now the files are created, they should be copied to a backup server."
16045
16044
msgstr ""
16046
16045
16047
#: serverguide/C/network-auth.xml:2114(para)
16046
#: serverguide/C/network-auth.xml:2121(para)
16048
16047
msgid ""
16049
16048
"Assuming we did a fresh reinstall of ldap, the restore process could be "
16050
16049
"something like this:"
16051
16050
msgstr ""
16052
16051
16053
#: serverguide/C/network-auth.xml:2120(command)
16052
#: serverguide/C/network-auth.xml:2127(command)
16054
16053
msgid "sudo service slapd stop"
16055
16054
msgstr ""
16056
16055
16057
#: serverguide/C/network-auth.xml:2121(command)
16056
#: serverguide/C/network-auth.xml:2128(command)
16058
16057
msgid "sudo mkdir /var/lib/ldap/accesslog"
16059
16058
msgstr ""
16060
16059
16061
#: serverguide/C/network-auth.xml:2122(command)
16060
#: serverguide/C/network-auth.xml:2129(command)
16062
16061
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
16063
16062
msgstr ""
16064
16063
16065
#: serverguide/C/network-auth.xml:2123(command)
16064
#: serverguide/C/network-auth.xml:2130(command)
16066
16065
msgid ""
16067
16066
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
16068
16067
msgstr ""
16069
16068
16070
#: serverguide/C/network-auth.xml:2124(command)
16069
#: serverguide/C/network-auth.xml:2131(command)
16071
16070
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
16072
16071
msgstr ""
16073
16072
16074
#: serverguide/C/network-auth.xml:2125(command)
16073
#: serverguide/C/network-auth.xml:2132(command)
16075
16074
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
16076
16075
msgstr ""
16077
16076
16078
#: serverguide/C/network-auth.xml:2126(command)
16077
#: serverguide/C/network-auth.xml:2133(command)
16079
16078
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
16080
16079
msgstr ""
16081
16080
16082
#: serverguide/C/network-auth.xml:2127(command)
16081
#: serverguide/C/network-auth.xml:2134(command)
16083
16082
msgid "sudo service slapd start"
16084
16083
msgstr ""
16085
16084
16086
#: serverguide/C/network-auth.xml:2138(para)
16085
#: serverguide/C/network-auth.xml:2145(para)
16087
16086
msgid ""
16088
16087
"The primary resource is the upstream documentation: <ulink "
16089
16088
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
16090
16089
msgstr ""
16091
16090
16092
#: serverguide/C/network-auth.xml:2144(para)
16091
#: serverguide/C/network-auth.xml:2151(para)
16093
16092
msgid ""
16094
16093
"There are many man pages that come with the slapd package. Here are some "
16095
16094
"important ones, especially considering the material presented in this guide:"
16096
16095
msgstr ""
16097
16096
16098
#: serverguide/C/network-auth.xml:2150(ulink)
16097
#: serverguide/C/network-auth.xml:2157(ulink)
16099
16098
msgid "slapd"
16100
16099
msgstr ""
16101
16100
16102
#: serverguide/C/network-auth.xml:2151(ulink)
16101
#: serverguide/C/network-auth.xml:2158(ulink)
16103
16102
msgid "slapd-config"
16104
16103
msgstr ""
16105
16104
16106
#: serverguide/C/network-auth.xml:2152(ulink)
16105
#: serverguide/C/network-auth.xml:2159(ulink)
16107
16106
msgid "slapd.access"
16108
16107
msgstr ""
16109
16108
16110
#: serverguide/C/network-auth.xml:2153(ulink)
16109
#: serverguide/C/network-auth.xml:2160(ulink)
16111
16110
msgid "slapo-syncprov"
16112
16111
msgstr ""
16113
16112
16114
#: serverguide/C/network-auth.xml:2159(para)
16113
#: serverguide/C/network-auth.xml:2166(para)
16115
16114
msgid "Other man pages:"
16116
16115
msgstr ""
16117
16116
16118
#: serverguide/C/network-auth.xml:2164(ulink)
16117
#: serverguide/C/network-auth.xml:2171(ulink)
16119
16118
msgid "auth-client-config"
16120
16119
msgstr ""
16121
16120
16122
#: serverguide/C/network-auth.xml:2165(ulink)
16121
#: serverguide/C/network-auth.xml:2172(ulink)
16123
16122
msgid "pam-auth-update"
16124
16123
msgstr ""
16125
16124
16126
#: serverguide/C/network-auth.xml:2171(para)
16125
#: serverguide/C/network-auth.xml:2178(para)
16127
16126
msgid ""
16128
16127
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
16129
16128
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
16130
16129
msgstr ""
16131
16130
16132
#: serverguide/C/network-auth.xml:2177(para)
16131
#: serverguide/C/network-auth.xml:2184(para)
16133
16132
msgid ""
16134
16133
"A Ubuntu community <ulink "
16135
16134
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16136
16135
"wiki</ulink> page has a collection of notes"
16137
16136
msgstr ""
16138
16137
16139
#: serverguide/C/network-auth.xml:2183(para)
16138
#: serverguide/C/network-auth.xml:2190(para)
16140
16139
msgid ""
16141
16140
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16142
16141
"Administration</ulink> (textbook; 2003)"
16143
16142
msgstr ""
16144
16143
16145
#: serverguide/C/network-auth.xml:2189(para)
16144
#: serverguide/C/network-auth.xml:2196(para)
16146
16145
msgid ""
16147
16146
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16148
16147
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
16149
16148
msgstr ""
16150
16149
16151
#: serverguide/C/network-auth.xml:2200(title)
16150
#: serverguide/C/network-auth.xml:2207(title)
16152
16151
msgid "Samba and LDAP"
16153
16152
msgstr ""
16154
16153
16155
#: serverguide/C/network-auth.xml:2202(para)
16154
#: serverguide/C/network-auth.xml:2209(para)
16156
16155
msgid ""
16157
16156
"This section covers the integration of Samba with LDAP. The Samba server's "
16158
16157
"role will be that of a \"standalone\" server and the LDAP directory will "
16165
16164
"specifically you want Samba to do for you and then configure it accordingly."
16166
16165
msgstr ""
16167
16166
16168
#: serverguide/C/network-auth.xml:2211(title)
16167
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:4000(title)
16169
16168
msgid "Software Installation"
16170
16169
msgstr ""
16171
16170
16172
#: serverguide/C/network-auth.xml:2213(para)
16171
#: serverguide/C/network-auth.xml:2220(para)
16173
16172
msgid ""
16174
16173
"There are three packages needed when integrating Samba with LDAP: "
16175
16174
"<application>samba</application>, <application>samba-doc</application>, and "
16176
16175
"<application>smbldap-tools</application> packages."
16177
16176
msgstr ""
16178
16177
16179
#: serverguide/C/network-auth.xml:2223(para)
16178
#: serverguide/C/network-auth.xml:2225(para)
16180
16179
msgid ""
16181
16180
"Strictly speaking, the <application>smbldap-tools</application> package "
16182
16181
"isn't needed, but unless you have some other way to manage the various Samba "
16184
16183
"install it."
16185
16184
msgstr ""
16186
16185
16187
#: serverguide/C/network-auth.xml:2223(para)
16186
#: serverguide/C/network-auth.xml:2230(para)
16188
16187
msgid "Install these packages now:"
16189
16188
msgstr ""
16190
16189
16191
#: serverguide/C/network-auth.xml:2228(command)
16190
#: serverguide/C/network-auth.xml:2235(command)
16192
16191
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16193
16192
msgstr ""
16194
16193
16195
#: serverguide/C/network-auth.xml:2234(title)
16194
#: serverguide/C/network-auth.xml:2241(title)
16196
16195
msgid "LDAP Configuration"
16197
16196
msgstr ""
16198
16197
16199
#: serverguide/C/network-auth.xml:2236(para)
16198
#: serverguide/C/network-auth.xml:2243(para)
16200
16199
msgid ""
16201
16200
"We will now configure the LDAP server so that it can accomodate Samba data. "
16202
16201
"We will perform three tasks in this section:"
16203
16202
msgstr ""
16204
16203
16205
#: serverguide/C/network-auth.xml:2243(para)
16204
#: serverguide/C/network-auth.xml:2250(para)
16206
16205
msgid "Import a schema"
16207
16206
msgstr ""
16208
16207
16209
#: serverguide/C/network-auth.xml:2247(para)
16208
#: serverguide/C/network-auth.xml:2254(para)
16210
16209
msgid "Index some entries"
16211
16210
msgstr ""
16212
16211
16213
#: serverguide/C/network-auth.xml:2251(para)
16212
#: serverguide/C/network-auth.xml:2258(para)
16214
16213
msgid "Add objects"
16215
16214
msgstr ""
16216
16215
16217
#: serverguide/C/network-auth.xml:2257(title)
16216
#: serverguide/C/network-auth.xml:2264(title)
16218
16217
msgid "Samba schema"
16219
16218
msgstr ""
16220
16219
16221
#: serverguide/C/network-auth.xml:2259(para)
16220
#: serverguide/C/network-auth.xml:2266(para)
16222
16221
msgid ""
16223
16222
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16224
16223
"will need to use attributes that can properly describe Samba data. Such "
16226
16225
"now."
16227
16226
msgstr ""
16228
16227
16229
#: serverguide/C/network-auth.xml:2265(para)
16228
#: serverguide/C/network-auth.xml:2272(para)
16230
16229
msgid ""
16231
16230
"For more information on schemas and their installation see <xref "
16232
16231
"linkend=\"openldap-configuration\"/>."
16233
16232
msgstr ""
16234
16233
16235
#: serverguide/C/network-auth.xml:2273(para)
16234
#: serverguide/C/network-auth.xml:2280(para)
16236
16235
msgid ""
16237
16236
"The schema is found in the now-installed <application>samba-"
16238
16237
"doc</application> package. It needs to be unzipped and copied to the "
16239
16238
"<filename>/etc/ldap/schema</filename> directory:"
16240
16239
msgstr ""
16241
16240
16242
#: serverguide/C/network-auth.xml:2279(command)
16241
#: serverguide/C/network-auth.xml:2286(command)
16243
16242
msgid ""
16244
16243
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16245
16244
"/etc/ldap/schema"
16246
16245
msgstr ""
16247
16246
16248
#: serverguide/C/network-auth.xml:2280(command)
16247
#: serverguide/C/network-auth.xml:2287(command)
16249
16248
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16250
16249
msgstr ""
16251
16250
16252
#: serverguide/C/network-auth.xml:2286(para)
16251
#: serverguide/C/network-auth.xml:2293(para)
16253
16252
msgid ""
16254
16253
"Have the configuration file <filename>schema_convert.conf</filename> that "
16255
16254
"contains the following lines:"
16256
16255
msgstr ""
16257
16256
16258
#: serverguide/C/network-auth.xml:2290(programlisting)
16257
#: serverguide/C/network-auth.xml:2297(programlisting)
16259
16258
#, no-wrap
16260
16259
msgid ""
16261
16260
"\n"
16276
16275
"include /etc/ldap/schema/samba.schema\n"
16277
16276
msgstr ""
16278
16277
16279
#: serverguide/C/network-auth.xml:2311(para)
16278
#: serverguide/C/network-auth.xml:2318(para)
16280
16279
msgid "Have the directory <filename>ldif_output</filename> hold output."
16281
16280
msgstr ""
16282
16281
16283
#: serverguide/C/network-auth.xml:2322(command)
16282
#: serverguide/C/network-auth.xml:2329(command)
16284
16283
msgid ""
16285
16284
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16286
16285
msgstr ""
16287
16286
16288
#: serverguide/C/network-auth.xml:2323(computeroutput)
16287
#: serverguide/C/network-auth.xml:2330(computeroutput)
16289
16288
#, no-wrap
16290
16289
msgid ""
16291
16290
"\n"
16292
16291
"dn: cn={14}samba,cn=schema,cn=config\n"
16293
16292
msgstr ""
16294
16293
16295
#: serverguide/C/network-auth.xml:2331(para)
16294
#: serverguide/C/network-auth.xml:2338(para)
16296
16295
msgid "Convert the schema to LDIF format:"
16297
16296
msgstr ""
16298
16297
16299
#: serverguide/C/network-auth.xml:2336(command)
16298
#: serverguide/C/network-auth.xml:2343(command)
16300
16299
msgid ""
16301
16300
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16302
16301
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16303
16302
msgstr ""
16304
16303
16305
#: serverguide/C/network-auth.xml:2343(para)
16304
#: serverguide/C/network-auth.xml:2350(para)
16306
16305
msgid ""
16307
16306
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16308
16307
"information to arrive at:"
16309
16308
msgstr ""
16310
16309
16311
#: serverguide/C/network-auth.xml:2347(programlisting)
16310
#: serverguide/C/network-auth.xml:2354(programlisting)
16312
16311
#, no-wrap
16313
16312
msgid ""
16314
16313
"\n"
16317
16316
"cn: samba\n"
16318
16317
msgstr ""
16319
16318
16320
#: serverguide/C/network-auth.xml:2353(para)
16319
#: serverguide/C/network-auth.xml:2360(para)
16321
16320
msgid "Remove the bottom lines:"
16322
16321
msgstr ""
16323
16322
16324
#: serverguide/C/network-auth.xml:2357(programlisting)
16323
#: serverguide/C/network-auth.xml:2364(programlisting)
16325
16324
#, no-wrap
16326
16325
msgid ""
16327
16326
"\n"
16334
16333
"modifyTimestamp: 20080827045234Z\n"
16335
16334
msgstr ""
16336
16335
16337
#: serverguide/C/network-auth.xml:2373(para)
16336
#: serverguide/C/network-auth.xml:2380(para)
16338
16337
msgid "Add the new schema:"
16339
16338
msgstr ""
16340
16339
16341
#: serverguide/C/network-auth.xml:2378(command)
16340
#: serverguide/C/network-auth.xml:2385(command)
16342
16341
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16343
16342
msgstr ""
16344
16343
16345
#: serverguide/C/network-auth.xml:2381(para)
16344
#: serverguide/C/network-auth.xml:2388(para)
16346
16345
msgid "To query and view this new schema:"
16347
16346
msgstr ""
16348
16347
16349
#: serverguide/C/network-auth.xml:2386(command)
16348
#: serverguide/C/network-auth.xml:2393(command)
16350
16349
msgid ""
16351
16350
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16352
16351
"'cn=*samba*'"
16353
16352
msgstr ""
16354
16353
16355
#: serverguide/C/network-auth.xml:2396(title)
16354
#: serverguide/C/network-auth.xml:2403(title)
16356
16355
msgid "Samba indices"
16357
16356
msgstr ""
16358
16357
16359
#: serverguide/C/network-auth.xml:2398(para)
16358
#: serverguide/C/network-auth.xml:2405(para)
16360
16359
msgid ""
16361
16360
"Now that slapd knows about the Samba attributes, we can set up some indices "
16362
16361
"based on them. Indexing entries is a way to improve performance when a "
16363
16362
"client performs a filtered search on the DIT."
16364
16363
msgstr ""
16365
16364
16366
#: serverguide/C/network-auth.xml:2403(para)
16365
#: serverguide/C/network-auth.xml:2410(para)
16367
16366
msgid ""
16368
16367
"Create the file <filename>samba_indices.ldif</filename> with the following "
16369
16368
"contents:"
16370
16369
msgstr ""
16371
16370
16372
#: serverguide/C/network-auth.xml:2407(programlisting)
16371
#: serverguide/C/network-auth.xml:2414(programlisting)
16373
16372
#, no-wrap
16374
16373
msgid ""
16375
16374
"\n"
16390
16389
"olcDbIndex: default sub\n"
16391
16390
msgstr ""
16392
16391
16393
#: serverguide/C/network-auth.xml:2425(para)
16392
#: serverguide/C/network-auth.xml:2432(para)
16394
16393
msgid ""
16395
16394
"Using the <application>ldapmodify</application> utility load the new indices:"
16396
16395
msgstr ""
16397
16396
16398
#: serverguide/C/network-auth.xml:2430(command)
16397
#: serverguide/C/network-auth.xml:2437(command)
16399
16398
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16400
16399
msgstr ""
16401
16400
16402
#: serverguide/C/network-auth.xml:2433(para)
16401
#: serverguide/C/network-auth.xml:2440(para)
16403
16402
msgid ""
16404
16403
"If all went well you should see the new indices using "
16405
16404
"<application>ldapsearch</application>:"
16406
16405
msgstr ""
16407
16406
16408
#: serverguide/C/network-auth.xml:2438(command)
16407
#: serverguide/C/network-auth.xml:2445(command)
16409
16408
msgid ""
16410
16409
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16411
16410
"olcDatabase={1}hdb olcDbIndex"
16412
16411
msgstr ""
16413
16412
16414
#: serverguide/C/network-auth.xml:2445(title)
16413
#: serverguide/C/network-auth.xml:2452(title)
16415
16414
msgid "Adding Samba LDAP objects"
16416
16415
msgstr ""
16417
16416
16418
#: serverguide/C/network-auth.xml:2452(para)
16417
#: serverguide/C/network-auth.xml:2454(para)
16419
16418
msgid ""
16420
16419
"Next, configure the <application>smbldap-tools</application> package to "
16421
16420
"match your environment. The package is supposed to come with a configuration "
16426
16425
"smbldap-tools')."
16427
16426
msgstr ""
16428
16427
16429
#: serverguide/C/network-auth.xml:2459(para)
16428
#: serverguide/C/network-auth.xml:2461(para)
16430
16429
msgid ""
16431
16430
"To manually configure the package, you need to create and edit the files "
16432
16431
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16433
16432
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16434
16433
msgstr ""
16435
16434
16436
#: serverguide/C/network-auth.xml:2464(para)
16435
#: serverguide/C/network-auth.xml:2466(para)
16437
16436
msgid ""
16438
16437
"The <application>smbldap-populate</application> script will then add the "
16439
16438
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16440
16439
"your DIT using <application>slapcat</application>:"
16441
16440
msgstr ""
16442
16441
16443
#: serverguide/C/network-auth.xml:2473(command)
16442
#: serverguide/C/network-auth.xml:2472(command)
16444
16443
msgid "sudo slapcat -l backup.ldif"
16445
16444
msgstr ""
16446
16445
16447
#: serverguide/C/network-auth.xml:2476(para)
16446
#: serverguide/C/network-auth.xml:2475(para)
16448
16447
msgid "Once you have a backup proceed to populate your directory:"
16449
16448
msgstr ""
16450
16449
16451
#: serverguide/C/network-auth.xml:2481(command)
16450
#: serverguide/C/network-auth.xml:2480(command)
16452
16451
msgid "sudo smbldap-populate"
16453
16452
msgstr ""
16454
16453
16455
#: serverguide/C/network-auth.xml:2484(para)
16454
#: serverguide/C/network-auth.xml:2483(para)
16456
16455
msgid ""
16457
16456
"You can create a LDIF file containing the new Samba objects by executing "
16458
16457
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16461
16460
"and import its data per usual."
16462
16461
msgstr ""
16463
16462
16464
#: serverguide/C/network-auth.xml:2490(para)
16463
#: serverguide/C/network-auth.xml:2489(para)
16465
16464
msgid ""
16466
16465
"Your LDAP directory now has the necessary information to authenticate Samba "
16467
16466
"users."
16468
16467
msgstr ""
16469
16468
16470
#: serverguide/C/network-auth.xml:2499(title)
16469
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4032(title)
16471
16470
msgid "Samba Configuration"
16472
16471
msgstr ""
16473
16472
16474
#: serverguide/C/network-auth.xml:2498(para)
16473
#: serverguide/C/network-auth.xml:2500(para)
16475
16474
msgid ""
16476
16475
"There are multiple ways to configure Samba. For details on some common "
16477
16476
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16480
16479
"adding some ldap-related ones:"
16481
16480
msgstr ""
16482
16481
16483
#: serverguide/C/network-auth.xml:2507(programlisting)
16482
#: serverguide/C/network-auth.xml:2506(programlisting)
16484
16483
#, no-wrap
16485
16484
msgid ""
16486
16485
"\n"
16500
16499
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16501
16500
msgstr ""
16502
16501
16503
#: serverguide/C/network-auth.xml:2524(para)
16502
#: serverguide/C/network-auth.xml:2523(para)
16504
16503
msgid "Change the values to match your environment."
16505
16504
msgstr ""
16506
16505
16507
#: serverguide/C/network-auth.xml:2528(para)
16506
#: serverguide/C/network-auth.xml:2527(para)
16508
16507
msgid "Restart <application>samba</application> to enable the new settings:"
16509
16508
msgstr ""
16510
16509
16511
#: serverguide/C/network-auth.xml:2537(para)
16510
#: serverguide/C/network-auth.xml:2536(para)
16512
16511
msgid ""
16513
16512
"Now inform Samba about the rootDN user's password (the one set during the "
16514
16513
"installation of the slapd package):"
16515
16514
msgstr ""
16516
16515
16517
#: serverguide/C/network-auth.xml:2542(command)
16516
#: serverguide/C/network-auth.xml:2541(command)
16518
16517
msgid "sudo smbpasswd -w password"
16519
16518
msgstr ""
16520
16519
16521
#: serverguide/C/network-auth.xml:2545(para)
16520
#: serverguide/C/network-auth.xml:2544(para)
16522
16521
msgid ""
16523
16522
"If you have existing LDAP users that you want to include in your new LDAP-"
16524
16523
"backed Samba they will, of course, also need to be given some of the extra "
16528
16527
"<application>libnss-ldap</application>):"
16529
16528
msgstr ""
16530
16529
16531
#: serverguide/C/network-auth.xml:2553(command)
16530
#: serverguide/C/network-auth.xml:2552(command)
16532
16531
msgid "sudo smbpasswd -a username"
16533
16532
msgstr ""
16534
16533
16535
#: serverguide/C/network-auth.xml:2556(para)
16534
#: serverguide/C/network-auth.xml:2555(para)
16536
16535
msgid ""
16537
16536
"You will prompted to enter a password. It will be considered as the new "
16538
16537
"password for that user. Making it the same as before is reasonable."
16539
16538
msgstr ""
16540
16539
16541
#: serverguide/C/network-auth.xml:2560(para)
16540
#: serverguide/C/network-auth.xml:2559(para)
16542
16541
msgid ""
16543
16542
"To manage user, group, and machine accounts use the utilities provided by "
16544
16543
"the <application>smbldap-tools</application> package. Here are some examples:"
16545
16544
msgstr ""
16546
16545
16547
#: serverguide/C/network-auth.xml:2568(para)
16546
#: serverguide/C/network-auth.xml:2567(para)
16548
16547
msgid "To add a new user:"
16549
16548
msgstr ""
16550
16549
16551
#: serverguide/C/network-auth.xml:2573(command)
16550
#: serverguide/C/network-auth.xml:2572(command)
16552
16551
msgid "sudo smbldap-useradd -a -P username"
16553
16552
msgstr ""
16554
16553
16555
#: serverguide/C/network-auth.xml:2576(para)
16554
#: serverguide/C/network-auth.xml:2575(para)
16556
16555
msgid ""
16557
16556
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16558
16557
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16560
16559
"a password for the user."
16561
16560
msgstr ""
16562
16561
16563
#: serverguide/C/network-auth.xml:2583(para)
16562
#: serverguide/C/network-auth.xml:2582(para)
16564
16563
msgid "To remove a user:"
16565
16564
msgstr ""
16566
16565
16567
#: serverguide/C/network-auth.xml:2588(command)
16566
#: serverguide/C/network-auth.xml:2587(command)
16568
16567
msgid "sudo smbldap-userdel username"
16569
16568
msgstr ""
16570
16569
16571
#: serverguide/C/network-auth.xml:2591(para)
16570
#: serverguide/C/network-auth.xml:2590(para)
16572
16571
msgid ""
16573
16572
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16574
16573
"user's home directory."
16575
16574
msgstr ""
16576
16575
16577
#: serverguide/C/network-auth.xml:2597(para)
16576
#: serverguide/C/network-auth.xml:2596(para)
16578
16577
msgid "To add a group:"
16579
16578
msgstr ""
16580
16579
16581
#: serverguide/C/network-auth.xml:2602(command)
16580
#: serverguide/C/network-auth.xml:2601(command)
16582
16581
msgid "sudo smbldap-groupadd -a groupname"
16583
16582
msgstr ""
16584
16583
16585
#: serverguide/C/network-auth.xml:2605(para)
16584
#: serverguide/C/network-auth.xml:2604(para)
16586
16585
msgid ""
16587
16586
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16588
16587
"a</emphasis> adds the Samba attributes."
16589
16588
msgstr ""
16590
16589
16591
#: serverguide/C/network-auth.xml:2611(para)
16590
#: serverguide/C/network-auth.xml:2610(para)
16592
16591
msgid "To make an existing user a member of a group:"
16593
16592
msgstr ""
16594
16593
16595
#: serverguide/C/network-auth.xml:2616(command)
16594
#: serverguide/C/network-auth.xml:2615(command)
16596
16595
msgid "sudo smbldap-groupmod -m username groupname"
16597
16596
msgstr ""
16598
16597
16599
#: serverguide/C/network-auth.xml:2619(para)
16598
#: serverguide/C/network-auth.xml:2618(para)
16600
16599
msgid ""
16601
16600
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16602
16601
"listing them in comma-separated format."
16603
16602
msgstr ""
16604
16603
16605
#: serverguide/C/network-auth.xml:2625(para)
16604
#: serverguide/C/network-auth.xml:2624(para)
16606
16605
msgid "To remove a user from a group:"
16607
16606
msgstr ""
16608
16607
16609
#: serverguide/C/network-auth.xml:2630(command)
16608
#: serverguide/C/network-auth.xml:2629(command)
16610
16609
msgid "sudo smbldap-groupmod -x username groupname"
16611
16610
msgstr ""
16612
16611
16613
#: serverguide/C/network-auth.xml:2636(para)
16612
#: serverguide/C/network-auth.xml:2635(para)
16614
16613
msgid "To add a Samba machine account:"
16615
16614
msgstr ""
16616
16615
16617
#: serverguide/C/network-auth.xml:2641(command)
16616
#: serverguide/C/network-auth.xml:2640(command)
16618
16617
msgid "sudo smbldap-useradd -t 0 -w username"
16619
16618
msgstr ""
16620
16619
16621
#: serverguide/C/network-auth.xml:2644(para)
16620
#: serverguide/C/network-auth.xml:2643(para)
16622
16621
msgid ""
16623
16622
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16624
16623
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16628
16627
"<application>smbldap-useradd</application>."
16629
16628
msgstr ""
16630
16629
16631
#: serverguide/C/network-auth.xml:2653(para)
16630
#: serverguide/C/network-auth.xml:2652(para)
16632
16631
msgid ""
16633
16632
"There are utilities in the <application>smbldap-tools</application> package "
16634
16633
"that were not covered here. Here is a complete list:"
16635
16634
msgstr ""
16636
16635
16636
#: serverguide/C/network-auth.xml:2657(ulink)
16637
msgid "smbldap-groupadd"
16638
msgstr ""
16639
16637
16640
#: serverguide/C/network-auth.xml:2658(ulink)
16638
msgid "smbldap-groupadd"
16641
msgid "smbldap-groupdel"
16639
16642
msgstr ""
16640
16643
16641
16644
#: serverguide/C/network-auth.xml:2659(ulink)
16642
msgid "smbldap-groupdel"
16645
msgid "smbldap-groupmod"
16643
16646
msgstr ""
16644
16647
16645
16648
#: serverguide/C/network-auth.xml:2660(ulink)
16646
msgid "smbldap-groupmod"
16649
msgid "smbldap-groupshow"
16647
16650
msgstr ""
16648
16651
16649
16652
#: serverguide/C/network-auth.xml:2661(ulink)
16650
msgid "smbldap-groupshow"
16653
msgid "smbldap-passwd"
16651
16654
msgstr ""
16652
16655
16653
16656
#: serverguide/C/network-auth.xml:2662(ulink)
16654
msgid "smbldap-passwd"
16657
msgid "smbldap-populate"
16655
16658
msgstr ""
16656
16659
16657
16660
#: serverguide/C/network-auth.xml:2663(ulink)
16658
msgid "smbldap-populate"
16661
msgid "smbldap-useradd"
16659
16662
msgstr ""
16660
16663
16661
16664
#: serverguide/C/network-auth.xml:2664(ulink)
16662
msgid "smbldap-useradd"
16665
msgid "smbldap-userdel"
16663
16666
msgstr ""
16664
16667
16665
16668
#: serverguide/C/network-auth.xml:2665(ulink)
16666
msgid "smbldap-userdel"
16669
msgid "smbldap-userinfo"
16667
16670
msgstr ""
16668
16671
16669
16672
#: serverguide/C/network-auth.xml:2666(ulink)
16670
msgid "smbldap-userinfo"
16673
msgid "smbldap-userlist"
16671
16674
msgstr ""
16672
16675
16673
16676
#: serverguide/C/network-auth.xml:2667(ulink)
16674
msgid "smbldap-userlist"
16677
msgid "smbldap-usermod"
16675
16678
msgstr ""
16676
16679
16677
16680
#: serverguide/C/network-auth.xml:2668(ulink)
16678
msgid "smbldap-usermod"
16679
msgstr ""
16680
16681
#: serverguide/C/network-auth.xml:2669(ulink)
16682
16681
msgid "smbldap-usershow"
16683
16682
msgstr ""
16684
16683
16685
#: serverguide/C/network-auth.xml:2677(para)
16684
#: serverguide/C/network-auth.xml:2679(para)
16686
16685
msgid ""
16687
16686
"For more information on installing and configuring Samba see <xref "
16688
16687
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16689
16688
msgstr ""
16690
16689
16691
#: serverguide/C/network-auth.xml:2686(para)
16690
#: serverguide/C/network-auth.xml:2685(para)
16692
16691
msgid ""
16693
16692
"There are multiple places where LDAP and Samba is documented in the upstream "
16694
16693
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16695
16694
"HOWTO Collection</ulink>."
16696
16695
msgstr ""
16697
16696
16698
#: serverguide/C/network-auth.xml:2693(para)
16697
#: serverguide/C/network-auth.xml:2692(para)
16699
16698
msgid ""
16700
16699
"Regarding the above, see specifically the <ulink "
16701
16700
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16702
16701
"Collection/passdb.html\">passdb section</ulink>."
16703
16702
msgstr ""
16704
16703
16705
#: serverguide/C/network-auth.xml:2699(para)
16704
#: serverguide/C/network-auth.xml:2698(para)
16706
16705
msgid ""
16707
16706
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16708
16707
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16709
16708
"valuable notes."
16710
16709
msgstr ""
16711
16710
16712
#: serverguide/C/network-auth.xml:2705(para)
16711
#: serverguide/C/network-auth.xml:2704(para)
16713
16712
msgid ""
16714
16713
"The main page of the <ulink "
16715
16714
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16717
16716
"prove useful."
16718
16717
msgstr ""
16719
16718
16720
#: serverguide/C/network-auth.xml:2718(title)
16719
#: serverguide/C/network-auth.xml:2717(title)
16721
16720
msgid "Kerberos"
16722
16721
msgstr "Kerberos"
16723
16722
16724
#: serverguide/C/network-auth.xml:2720(para)
16723
#: serverguide/C/network-auth.xml:2719(para)
16725
16724
msgid ""
16726
16725
"<application>Kerberos</application> is a network authentication system based "
16727
16726
"on the principal of a trusted third party. The other two parties being the "
16730
16729
"network environment one step closer to being Single Sign On (SSO)."
16731
16730
msgstr ""
16732
16731
16733
#: serverguide/C/network-auth.xml:2726(para)
16732
#: serverguide/C/network-auth.xml:2725(para)
16734
16733
msgid ""
16735
16734
"This section covers installation and configuration of a Kerberos server, and "
16736
16735
"some example client configurations."
16737
16736
msgstr ""
16738
16737
16739
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16738
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16740
16739
msgid "Overview"
16741
16740
msgstr ""
16742
16741
16743
#: serverguide/C/network-auth.xml:2733(para)
16742
#: serverguide/C/network-auth.xml:2732(para)
16744
16743
msgid ""
16745
16744
"If you are new to Kerberos there are a few terms that are good to understand "
16746
16745
"before setting up a Kerberos server. Most of the terms will relate to things "
16747
16746
"you may be familiar with in other environments:"
16748
16747
msgstr ""
16749
16748
16750
#: serverguide/C/network-auth.xml:2740(para)
16749
#: serverguide/C/network-auth.xml:2739(para)
16751
16750
msgid ""
16752
16751
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16753
16752
"by servers need to be defined as Kerberos Principals."
16754
16753
msgstr ""
16755
16754
16756
#: serverguide/C/network-auth.xml:2745(para)
16755
#: serverguide/C/network-auth.xml:2744(para)
16757
16756
msgid ""
16758
16757
"<emphasis>Instances:</emphasis> are used for service principals and special "
16759
16758
"administrative principals."
16760
16759
msgstr ""
16761
16760
16762
#: serverguide/C/network-auth.xml:2750(para)
16761
#: serverguide/C/network-auth.xml:2749(para)
16763
16762
msgid ""
16764
16763
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16765
16764
"Kerberos installation. Think of it as the domain or group your hosts and "
16768
16767
"as the realm."
16769
16768
msgstr ""
16770
16769
16771
#: serverguide/C/network-auth.xml:2759(para)
16770
#: serverguide/C/network-auth.xml:2758(para)
16772
16771
msgid ""
16773
16772
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16774
16773
"a database of all principals, the authentication server, and the ticket "
16775
16774
"granting server. For each realm there must be at least one KDC."
16776
16775
msgstr ""
16777
16776
16778
#: serverguide/C/network-auth.xml:2765(para)
16777
#: serverguide/C/network-auth.xml:2764(para)
16779
16778
msgid ""
16780
16779
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16781
16780
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16782
16781
"password which is known only to the user and the KDC."
16783
16782
msgstr ""
16784
16783
16785
#: serverguide/C/network-auth.xml:2771(para)
16784
#: serverguide/C/network-auth.xml:2770(para)
16786
16785
msgid ""
16787
16786
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16788
16787
"clients upon request."
16789
16788
msgstr ""
16790
16789
16791
#: serverguide/C/network-auth.xml:2776(para)
16790
#: serverguide/C/network-auth.xml:2775(para)
16792
16791
msgid ""
16793
16792
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16794
16793
"One principal being a user and the other a service requested by the user. "
16796
16795
"authenticated session."
16797
16796
msgstr ""
16798
16797
16799
#: serverguide/C/network-auth.xml:2782(para)
16798
#: serverguide/C/network-auth.xml:2781(para)
16800
16799
msgid ""
16801
16800
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16802
16801
"principal database and contain the encryption key for a service or host."
16803
16802
msgstr ""
16804
16803
16805
#: serverguide/C/network-auth.xml:2789(para)
16804
#: serverguide/C/network-auth.xml:2788(para)
16806
16805
msgid ""
16807
16806
"To put the pieces together, a Realm has at least one KDC, preferably more "
16808
16807
"for redundancy, which contains a database of Principals. When a user "
16814
16813
"entering another username and password."
16815
16814
msgstr ""
16816
16815
16817
#: serverguide/C/network-auth.xml:2798(title)
16816
#: serverguide/C/network-auth.xml:2797(title)
16818
16817
msgid "Kerberos Server"
16819
16818
msgstr ""
16820
16819
16821
#: serverguide/C/network-auth.xml:2802(para)
16820
#: serverguide/C/network-auth.xml:2801(para)
16822
16821
msgid ""
16823
16822
"For this discussion, we will create a MIT Kerberos domain with the following "
16824
16823
"features (edit them to fit your needs):"
16825
16824
msgstr ""
16826
16825
16827
#: serverguide/C/network-auth.xml:2809(para)
16826
#: serverguide/C/network-auth.xml:2808(para)
16828
16827
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16829
16828
msgstr ""
16830
16829
16831
#: serverguide/C/network-auth.xml:2814(para)
16830
#: serverguide/C/network-auth.xml:2813(para)
16832
16831
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16833
16832
msgstr ""
16834
16833
16835
#: serverguide/C/network-auth.xml:2819(para)
16834
#: serverguide/C/network-auth.xml:2818(para)
16836
16835
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16837
16836
msgstr ""
16838
16837
16839
#: serverguide/C/network-auth.xml:2824(para)
16838
#: serverguide/C/network-auth.xml:2823(para)
16840
16839
msgid "<emphasis>User principal:</emphasis> steve"
16841
16840
msgstr ""
16842
16841
16843
#: serverguide/C/network-auth.xml:2829(para)
16842
#: serverguide/C/network-auth.xml:2828(para)
16844
16843
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16845
16844
msgstr ""
16846
16845
16847
#: serverguide/C/network-auth.xml:2836(para)
16846
#: serverguide/C/network-auth.xml:2835(para)
16848
16847
msgid ""
16849
16848
"It is <emphasis>strongly</emphasis> recommended that your network-"
16850
16849
"authenticated users have their uid in a different range (say, starting at "
16851
16850
"5000) than that of your local users."
16852
16851
msgstr ""
16853
16852
16854
#: serverguide/C/network-auth.xml:2842(para)
16853
#: serverguide/C/network-auth.xml:2841(para)
16855
16854
msgid ""
16856
16855
"Before installing the Kerberos server a properly configured DNS server is "
16857
16856
"needed for your domain. Since the Kerberos Realm by convention matches the "
16860
16859
"documentation."
16861
16860
msgstr ""
16862
16861
16863
#: serverguide/C/network-auth.xml:2848(para)
16862
#: serverguide/C/network-auth.xml:2847(para)
16864
16863
msgid ""
16865
16864
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16866
16865
"between a client machine and the server differs by more than five minutes "
16870
16869
"setting up NTP see <xref linkend=\"NTP\"/>."
16871
16870
msgstr ""
16872
16871
16873
#: serverguide/C/network-auth.xml:2856(para)
16872
#: serverguide/C/network-auth.xml:2855(para)
16874
16873
msgid ""
16875
16874
"The first step in creating a Kerberos Realm is to install the "
16876
16875
"<application>krb5-kdc</application> and <application>krb5-admin-"
16877
16876
"server</application> packages. From a terminal enter:"
16878
16877
msgstr ""
16879
16878
16880
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16879
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16881
16880
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16882
16881
msgstr ""
16883
16882
16884
#: serverguide/C/network-auth.xml:2865(para)
16883
#: serverguide/C/network-auth.xml:2864(para)
16885
16884
msgid ""
16886
16885
"You will be asked at the end of the install to supply the hostname for the "
16887
16886
"Kerberos and Admin servers, which may or may not be the same server, for the "
16888
16887
"realm."
16889
16888
msgstr ""
16890
16889
16891
#: serverguide/C/network-auth.xml:2872(para)
16890
#: serverguide/C/network-auth.xml:2871(para)
16892
16891
msgid "By default the realm is created from the KDC's domain name."
16893
16892
msgstr ""
16894
16893
16895
#: serverguide/C/network-auth.xml:2877(para)
16894
#: serverguide/C/network-auth.xml:2876(para)
16896
16895
msgid ""
16897
16896
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16898
16897
"utility:"
16899
16898
msgstr ""
16900
16899
16901
#: serverguide/C/network-auth.xml:2882(command)
16900
#: serverguide/C/network-auth.xml:2881(command)
16902
16901
msgid "sudo krb5_newrealm"
16903
16902
msgstr ""
16904
16903
16905
#: serverguide/C/network-auth.xml:2889(para)
16904
#: serverguide/C/network-auth.xml:2888(para)
16906
16905
msgid ""
16907
16906
"The questions asked during installation are used to configure the "
16908
16907
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16912
16911
"typing"
16913
16912
msgstr ""
16914
16913
16915
#: serverguide/C/network-auth.xml:2896(command)
16914
#: serverguide/C/network-auth.xml:2895(command)
16916
16915
msgid "sudo dpkg-reconfigure krb5-kdc"
16917
16916
msgstr ""
16918
16917
16919
#: serverguide/C/network-auth.xml:2902(para)
16918
#: serverguide/C/network-auth.xml:2901(para)
16920
16919
msgid ""
16921
16920
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16922
16921
"principal</emphasis> -- is needed. It is recommended to use a different "
16924
16923
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16925
16924
msgstr ""
16926
16925
16927
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16926
#: serverguide/C/network-auth.xml:2909(command) serverguide/C/network-auth.xml:3779(command)
16928
16927
msgid "sudo kadmin.local"
16929
16928
msgstr ""
16930
16929
16931
#: serverguide/C/network-auth.xml:2911(computeroutput)
16930
#: serverguide/C/network-auth.xml:2910(computeroutput)
16932
16931
#, no-wrap
16933
16932
msgid ""
16934
16933
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16935
16934
"kadmin.local:"
16936
16935
msgstr ""
16937
16936
16938
#: serverguide/C/network-auth.xml:2912(userinput)
16937
#: serverguide/C/network-auth.xml:2911(userinput)
16939
16938
#, no-wrap
16940
16939
msgid " addprinc steve/admin"
16941
16940
msgstr ""
16942
16941
16943
#: serverguide/C/network-auth.xml:2913(computeroutput)
16942
#: serverguide/C/network-auth.xml:2912(computeroutput)
16944
16943
#, no-wrap
16945
16944
msgid ""
16946
16945
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16951
16950
"kadmin.local:"
16952
16951
msgstr ""
16953
16952
16954
#: serverguide/C/network-auth.xml:2917(userinput)
16953
#: serverguide/C/network-auth.xml:2916(userinput)
16955
16954
#, no-wrap
16956
16955
msgid " quit"
16957
16956
msgstr ""
16958
16957
16959
#: serverguide/C/network-auth.xml:2920(para)
16958
#: serverguide/C/network-auth.xml:2919(para)
16960
16959
msgid ""
16961
16960
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16962
16961
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16968
16967
"rights."
16969
16968
msgstr ""
16970
16969
16971
#: serverguide/C/network-auth.xml:2930(para)
16970
#: serverguide/C/network-auth.xml:2929(para)
16972
16971
msgid ""
16973
16972
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16974
16973
"your Realm and admin username."
16975
16974
msgstr ""
16976
16975
16977
#: serverguide/C/network-auth.xml:2938(para)
16976
#: serverguide/C/network-auth.xml:2937(para)
16978
16977
msgid ""
16979
16978
"Next, the new admin user needs to have the appropriate Access Control List "
16980
16979
"(ACL) permissions. The permissions are configured in the "
16981
16980
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16982
16981
msgstr ""
16983
16982
16984
#: serverguide/C/network-auth.xml:2943(programlisting)
16983
#: serverguide/C/network-auth.xml:2942(programlisting)
16985
16984
#, no-wrap
16986
16985
msgid ""
16987
16986
"\n"
16988
16987
"steve/admin@EXAMPLE.COM *\n"
16989
16988
msgstr ""
16990
16989
16991
#: serverguide/C/network-auth.xml:2947(para)
16990
#: serverguide/C/network-auth.xml:2946(para)
16992
16991
msgid ""
16993
16992
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16994
16993
"any operation on all principals in the realm. You can configure principals "
16997
16996
"<emphasis>kadm5.acl</emphasis> man page for details."
16998
16997
msgstr ""
16999
16998
17000
#: serverguide/C/network-auth.xml:2959(para)
16999
#: serverguide/C/network-auth.xml:2958(para)
17001
17000
msgid ""
17002
17001
"Now restart the <application>krb5-admin-server</application> for the new ACL "
17003
17002
"to take affect:"
17004
17003
msgstr ""
17005
17004
17006
#: serverguide/C/network-auth.xml:2961(command)
17005
#: serverguide/C/network-auth.xml:2963(command)
17007
17006
msgid "sudo service krb5-admin-server restart"
17008
17007
msgstr ""
17009
17008
17010
#: serverguide/C/network-auth.xml:2970(para)
17009
#: serverguide/C/network-auth.xml:2969(para)
17011
17010
msgid ""
17012
17011
"The new user principal can be tested using the <application>kinit "
17013
17012
"utility</application>:"
17014
17013
msgstr ""
17015
17014
17016
#: serverguide/C/network-auth.xml:2975(command)
17015
#: serverguide/C/network-auth.xml:2974(command)
17017
17016
msgid "kinit steve/admin"
17018
17017
msgstr ""
17019
17018
17020
#: serverguide/C/network-auth.xml:2976(computeroutput)
17019
#: serverguide/C/network-auth.xml:2975(computeroutput)
17021
17020
#, no-wrap
17022
17021
msgid "steve/admin@EXAMPLE.COM's Password:"
17023
17022
msgstr ""
17024
17023
17025
#: serverguide/C/network-auth.xml:2979(para)
17024
#: serverguide/C/network-auth.xml:2978(para)
17026
17025
msgid ""
17027
17026
"After entering the password, use the <application>klist</application> "
17028
17027
"utility to view information about the Ticket Granting Ticket (TGT):"
17029
17028
msgstr ""
17030
17029
17031
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
17030
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
17032
17031
msgid "klist"
17033
17032
msgstr ""
17034
17033
17035
#: serverguide/C/network-auth.xml:2986(computeroutput)
17034
#: serverguide/C/network-auth.xml:2985(computeroutput)
17036
17035
#, no-wrap
17037
17036
msgid ""
17038
17037
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
17042
17041
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
17043
17042
msgstr ""
17044
17043
17045
#: serverguide/C/network-auth.xml:2993(para)
17044
#: serverguide/C/network-auth.xml:2992(para)
17046
17045
msgid ""
17047
17046
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
17048
17047
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
17051
17050
"For example:"
17052
17051
msgstr ""
17053
17052
17054
#: serverguide/C/network-auth.xml:3002(programlisting)
17053
#: serverguide/C/network-auth.xml:3001(programlisting)
17055
17054
#, no-wrap
17056
17055
msgid ""
17057
17056
"\n"
17058
17057
"192.168.0.1 kdc01.example.com kdc01\n"
17059
17058
msgstr ""
17060
17059
17061
#: serverguide/C/network-auth.xml:3006(para)
17060
#: serverguide/C/network-auth.xml:3005(para)
17062
17061
msgid ""
17063
17062
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
17064
17063
"This usually happens when you have a Kerberos realm encompassing different "
17065
17064
"networks separated by routers."
17066
17065
msgstr ""
17067
17066
17068
#: serverguide/C/network-auth.xml:3015(para)
17067
#: serverguide/C/network-auth.xml:3014(para)
17069
17068
msgid ""
17070
17069
"The best way to allow clients to automatically determine the KDC for the "
17071
17070
"Realm is using DNS SRV records. Add the following to "
17072
17071
"<filename>/etc/named/db.example.com</filename>:"
17073
17072
msgstr ""
17074
17073
17075
#: serverguide/C/network-auth.xml:3021(programlisting)
17074
#: serverguide/C/network-auth.xml:3020(programlisting)
17076
17075
#, no-wrap
17077
17076
msgid ""
17078
17077
"\n"
17084
17083
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
17085
17084
msgstr ""
17086
17085
17087
#: serverguide/C/network-auth.xml:3031(para)
17086
#: serverguide/C/network-auth.xml:3030(para)
17088
17087
msgid ""
17089
17088
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
17090
17089
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
17091
17090
"KDC."
17092
17091
msgstr ""
17093
17092
17094
#: serverguide/C/network-auth.xml:3037(para)
17093
#: serverguide/C/network-auth.xml:3036(para)
17095
17094
msgid ""
17096
17095
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
17097
17096
msgstr ""
17098
17097
17099
#: serverguide/C/network-auth.xml:3044(para)
17098
#: serverguide/C/network-auth.xml:3043(para)
17100
17099
msgid "Your new Kerberos Realm is now ready to authenticate clients."
17101
17100
msgstr ""
17102
17101
17103
#: serverguide/C/network-auth.xml:3051(title)
17102
#: serverguide/C/network-auth.xml:3050(title)
17104
17103
msgid "Secondary KDC"
17105
17104
msgstr ""
17106
17105
17107
#: serverguide/C/network-auth.xml:3053(para)
17106
#: serverguide/C/network-auth.xml:3052(para)
17108
17107
msgid ""
17109
17108
"Once you have one Key Distribution Center (KDC) on your network, it is good "
17110
17109
"practice to have a Secondary KDC in case the primary becomes unavailable. "
17113
17112
"of those networks."
17114
17113
msgstr ""
17115
17114
17116
#: serverguide/C/network-auth.xml:3064(para)
17115
#: serverguide/C/network-auth.xml:3063(para)
17117
17116
msgid ""
17118
17117
"First, install the packages, and when asked for the Kerberos and Admin "
17119
17118
"server names enter the name of the Primary KDC:"
17120
17119
msgstr ""
17121
17120
17122
#: serverguide/C/network-auth.xml:3075(para)
17121
#: serverguide/C/network-auth.xml:3074(para)
17123
17122
msgid ""
17124
17123
"Once you have the packages installed, create the Secondary KDC's host "
17125
17124
"principal. From a terminal prompt, enter:"
17126
17125
msgstr ""
17127
17126
17128
#: serverguide/C/network-auth.xml:3080(command)
17127
#: serverguide/C/network-auth.xml:3079(command)
17129
17128
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
17130
17129
msgstr ""
17131
17130
17132
#: serverguide/C/network-auth.xml:3084(para)
17131
#: serverguide/C/network-auth.xml:3083(para)
17133
17132
msgid ""
17134
17133
"After, issuing any <application>kadmin</application> commands you will be "
17135
17134
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
17136
17135
"password."
17137
17136
msgstr ""
17138
17137
17139
#: serverguide/C/network-auth.xml:3093(para)
17138
#: serverguide/C/network-auth.xml:3092(para)
17140
17139
msgid "Extract the <emphasis>keytab</emphasis> file:"
17141
17140
msgstr ""
17142
17141
17143
#: serverguide/C/network-auth.xml:3098(command)
17142
#: serverguide/C/network-auth.xml:3097(command)
17144
17143
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
17145
17144
msgstr ""
17146
17145
17147
#: serverguide/C/network-auth.xml:3104(para)
17146
#: serverguide/C/network-auth.xml:3103(para)
17148
17147
msgid ""
17149
17148
"There should now be a <filename>keytab.kdc02</filename> in the current "
17150
17149
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17151
17150
msgstr ""
17152
17151
17153
#: serverguide/C/network-auth.xml:3110(command)
17152
#: serverguide/C/network-auth.xml:3109(command)
17154
17153
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17155
17154
msgstr ""
17156
17155
17157
#: serverguide/C/network-auth.xml:3114(para)
17156
#: serverguide/C/network-auth.xml:3113(para)
17158
17157
msgid ""
17159
17158
"If the path to the <filename>keytab.kdc02</filename> file is different "
17160
17159
"adjust accordingly."
17161
17160
msgstr ""
17162
17161
17163
#: serverguide/C/network-auth.xml:3119(para)
17162
#: serverguide/C/network-auth.xml:3118(para)
17164
17163
msgid ""
17165
17164
"Also, you can list the principals in a Keytab file, which can be useful when "
17166
17165
"troubleshooting, using the <application>klist</application> utility:"
17167
17166
msgstr ""
17168
17167
17169
#: serverguide/C/network-auth.xml:3125(command)
17168
#: serverguide/C/network-auth.xml:3124(command)
17170
17169
msgid "sudo klist -k /etc/krb5.keytab"
17171
17170
msgstr ""
17172
17171
17173
#: serverguide/C/network-auth.xml:3128(para)
17172
#: serverguide/C/network-auth.xml:3127(para)
17174
17173
msgid ""
17175
17174
"The <application>-k</application> option indicates the file is a keytab file."
17176
17175
msgstr ""
17177
17176
17178
#: serverguide/C/network-auth.xml:3135(para)
17177
#: serverguide/C/network-auth.xml:3134(para)
17179
17178
msgid ""
17180
17179
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17181
17180
"that lists all KDCs for the Realm. For example, on both primary and "
17182
17181
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17183
17182
msgstr ""
17184
17183
17185
#: serverguide/C/network-auth.xml:3140(programlisting)
17184
#: serverguide/C/network-auth.xml:3139(programlisting)
17186
17185
#, no-wrap
17187
17186
msgid ""
17188
17187
"\n"
17190
17189
"host/kdc02.example.com@EXAMPLE.COM\n"
17191
17190
msgstr ""
17192
17191
17193
#: serverguide/C/network-auth.xml:3148(para)
17192
#: serverguide/C/network-auth.xml:3147(para)
17194
17193
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17195
17194
msgstr ""
17196
17195
17197
#: serverguide/C/network-auth.xml:3153(command)
17196
#: serverguide/C/network-auth.xml:3152(command)
17198
17197
msgid "sudo kdb5_util -s create"
17199
17198
msgstr ""
17200
17199
17201
#: serverguide/C/network-auth.xml:3159(para)
17200
#: serverguide/C/network-auth.xml:3158(para)
17202
17201
msgid ""
17203
17202
"Now start the <application>kpropd</application> daemon, which listens for "
17204
17203
"connections from the <application>kprop</application> utility. "
17205
17204
"<application>kprop</application> is used to transfer dump files:"
17206
17205
msgstr ""
17207
17206
17208
#: serverguide/C/network-auth.xml:3166(command)
17207
#: serverguide/C/network-auth.xml:3165(command)
17209
17208
msgid "sudo kpropd -S"
17210
17209
msgstr ""
17211
17210
17212
#: serverguide/C/network-auth.xml:3172(para)
17211
#: serverguide/C/network-auth.xml:3171(para)
17213
17212
msgid ""
17214
17213
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17215
17214
"of the principal database:"
17216
17215
msgstr ""
17217
17216
17218
#: serverguide/C/network-auth.xml:3177(command)
17217
#: serverguide/C/network-auth.xml:3176(command)
17219
17218
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17220
17219
msgstr ""
17221
17220
17222
#: serverguide/C/network-auth.xml:3183(para)
17221
#: serverguide/C/network-auth.xml:3182(para)
17223
17222
msgid ""
17224
17223
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17225
17224
"<filename>/etc/krb5.keytab</filename>:"
17226
17225
msgstr ""
17227
17226
17227
#: serverguide/C/network-auth.xml:3187(command)
17228
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17229
msgstr ""
17230
17228
17231
#: serverguide/C/network-auth.xml:3188(command)
17229
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17230
msgstr ""
17231
17232
#: serverguide/C/network-auth.xml:3189(command)
17233
17232
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17234
17233
msgstr ""
17235
17234
17236
#: serverguide/C/network-auth.xml:3193(para)
17235
#: serverguide/C/network-auth.xml:3192(para)
17237
17236
msgid ""
17238
17237
"Make sure there is a <emphasis>host</emphasis> for "
17239
17238
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17240
17239
msgstr ""
17241
17240
17242
#: serverguide/C/network-auth.xml:3201(para)
17241
#: serverguide/C/network-auth.xml:3200(para)
17243
17242
msgid ""
17244
17243
"Using the <application>kprop</application> utility push the database to the "
17245
17244
"Secondary KDC:"
17246
17245
msgstr ""
17247
17246
17248
#: serverguide/C/network-auth.xml:3206(command)
17247
#: serverguide/C/network-auth.xml:3205(command)
17249
17248
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17250
17249
msgstr ""
17251
17250
17252
#: serverguide/C/network-auth.xml:3210(para)
17251
#: serverguide/C/network-auth.xml:3209(para)
17253
17252
msgid ""
17254
17253
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17255
17254
"worked. If there is an error message check "
17257
17256
"information."
17258
17257
msgstr ""
17259
17258
17260
#: serverguide/C/network-auth.xml:3216(para)
17259
#: serverguide/C/network-auth.xml:3215(para)
17261
17260
msgid ""
17262
17261
"You may also want to create a <application>cron</application> job to "
17263
17262
"periodically update the database on the Secondary KDC. For example, the "
17265
17264
"split to fit the format of this document):"
17266
17265
msgstr ""
17267
17266
17268
#: serverguide/C/network-auth.xml:3221(programlisting)
17267
#: serverguide/C/network-auth.xml:3220(programlisting)
17269
17268
#, no-wrap
17270
17269
msgid ""
17271
17270
"\n"
17274
17273
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
17275
17274
msgstr ""
17276
17275
17277
#: serverguide/C/network-auth.xml:3230(para)
17276
#: serverguide/C/network-auth.xml:3229(para)
17278
17277
msgid ""
17279
17278
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
17280
17279
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
17281
17280
msgstr ""
17282
17281
17283
#: serverguide/C/network-auth.xml:3236(command)
17282
#: serverguide/C/network-auth.xml:3235(command)
17284
17283
msgid "sudo kdb5_util stash"
17285
17284
msgstr ""
17286
17285
17287
#: serverguide/C/network-auth.xml:3242(para)
17286
#: serverguide/C/network-auth.xml:3241(para)
17288
17287
msgid ""
17289
17288
"Finally, start the <application>krb5-kdc</application> daemon on the "
17290
17289
"Secondary KDC:"
17291
17290
msgstr ""
17292
17291
17293
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
17292
#: serverguide/C/network-auth.xml:3246(command) serverguide/C/network-auth.xml:3922(command)
17294
17293
msgid "sudo service krb5-kdc start"
17295
17294
msgstr ""
17296
17295
17297
#: serverguide/C/network-auth.xml:3253(para)
17296
#: serverguide/C/network-auth.xml:3252(para)
17298
17297
msgid ""
17299
17298
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
17300
17299
"for the Realm. You can test this by stopping the <application>krb5-"
17305
17304
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
17306
17305
msgstr ""
17307
17306
17308
#: serverguide/C/network-auth.xml:3264(title)
17307
#: serverguide/C/network-auth.xml:3263(title)
17309
17308
msgid "Kerberos Linux Client"
17310
17309
msgstr ""
17311
17310
17312
#: serverguide/C/network-auth.xml:3266(para)
17311
#: serverguide/C/network-auth.xml:3265(para)
17313
17312
msgid ""
17314
17313
"This section covers configuring a Linux system as a "
17315
17314
"<application>Kerberos</application> client. This will allow access to any "
17316
17315
"kerberized services once a user has successfully logged into the system."
17317
17316
msgstr ""
17318
17317
17319
#: serverguide/C/network-auth.xml:3274(para)
17318
#: serverguide/C/network-auth.xml:3273(para)
17320
17319
msgid ""
17321
17320
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17322
17321
"user</application> and <application>libpam-krb5</application> packages are "
17325
17324
"prompt:"
17326
17325
msgstr ""
17327
17326
17328
#: serverguide/C/network-auth.xml:3281(command)
17327
#: serverguide/C/network-auth.xml:3280(command)
17329
17328
msgid ""
17330
17329
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17331
17330
msgstr ""
17332
17331
17333
#: serverguide/C/network-auth.xml:3284(para)
17332
#: serverguide/C/network-auth.xml:3283(para)
17334
17333
msgid ""
17335
17334
"The <application>auth-client-config</application> package allows simple "
17336
17335
"configuration of PAM for authentication from multiple sources, and the "
17341
17340
"be accessed off the network as well."
17342
17341
msgstr ""
17343
17342
17344
#: serverguide/C/network-auth.xml:3295(para)
17343
#: serverguide/C/network-auth.xml:3294(para)
17345
17344
msgid "To configure the client in a terminal enter:"
17346
17345
msgstr ""
17347
17346
17348
#: serverguide/C/network-auth.xml:3300(command)
17347
#: serverguide/C/network-auth.xml:3299(command)
17349
17348
msgid "sudo dpkg-reconfigure krb5-config"
17350
17349
msgstr ""
17351
17350
17352
#: serverguide/C/network-auth.xml:3303(para)
17351
#: serverguide/C/network-auth.xml:3302(para)
17353
17352
msgid ""
17354
17353
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
17355
17354
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
17357
17356
"Center (KDC) and Realm Administration server."
17358
17357
msgstr ""
17359
17358
17360
#: serverguide/C/network-auth.xml:3309(para)
17359
#: serverguide/C/network-auth.xml:3308(para)
17361
17360
msgid ""
17362
17361
"The <application>dpkg-reconfigure</application> adds entries to the "
17363
17362
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
17364
17363
"entries similar to the following:"
17365
17364
msgstr ""
17366
17365
17367
#: serverguide/C/network-auth.xml:3311(programlisting)
17366
#: serverguide/C/network-auth.xml:3313(programlisting)
17368
17367
#, no-wrap
17369
17368
msgid ""
17370
17369
"\n"
17378
17377
" }\n"
17379
17378
msgstr ""
17380
17379
17381
#: serverguide/C/network-auth.xml:3326(para)
17380
#: serverguide/C/network-auth.xml:3325(para)
17382
17381
msgid ""
17383
17382
"If you set the uid of each of your network-authenticated users to start at "
17384
17383
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17386
17385
"> 5000:"
17387
17386
msgstr ""
17388
17387
17389
#: serverguide/C/network-auth.xml:3334(command)
17388
#: serverguide/C/network-auth.xml:3333(command)
17390
17389
msgid ""
17391
17390
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17392
17391
"for i in common-auth common-session common-account common-password; do sudo "
17394
17393
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17395
17394
msgstr ""
17396
17395
17397
#: serverguide/C/network-auth.xml:3341(para)
17396
#: serverguide/C/network-auth.xml:3340(para)
17398
17397
msgid ""
17399
17398
"This will avoid being asked for the (non-existent) Kerberos password of a "
17400
17399
"locally authenticated user when changing its password using "
17401
17400
"<command>passwd</command>."
17402
17401
msgstr ""
17403
17402
17404
#: serverguide/C/network-auth.xml:3348(para)
17403
#: serverguide/C/network-auth.xml:3347(para)
17405
17404
msgid ""
17406
17405
"You can test the configuration by requesting a ticket using the "
17407
17406
"<application>kinit</application> utility. For example:"
17408
17407
msgstr ""
17409
17408
17410
#: serverguide/C/network-auth.xml:3353(command)
17409
#: serverguide/C/network-auth.xml:3352(command)
17411
17410
msgid "kinit steve@EXAMPLE.COM"
17412
17411
msgstr ""
17413
17412
17414
#: serverguide/C/network-auth.xml:3354(computeroutput)
17413
#: serverguide/C/network-auth.xml:3353(computeroutput)
17415
17414
#, no-wrap
17416
17415
msgid "Password for steve@EXAMPLE.COM:"
17417
17416
msgstr ""
17418
17417
17419
#: serverguide/C/network-auth.xml:3357(para)
17418
#: serverguide/C/network-auth.xml:3356(para)
17420
17419
msgid ""
17421
17420
"When a ticket has been granted, the details can be viewed using "
17422
17421
"<application>klist</application>:"
17423
17422
msgstr ""
17424
17423
17425
#: serverguide/C/network-auth.xml:3363(computeroutput)
17424
#: serverguide/C/network-auth.xml:3362(computeroutput)
17426
17425
#, no-wrap
17427
17426
msgid ""
17428
17427
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17437
17436
"klist: You have no tickets cached"
17438
17437
msgstr ""
17439
17438
17440
#: serverguide/C/network-auth.xml:3375(para)
17439
#: serverguide/C/network-auth.xml:3374(para)
17441
17440
msgid ""
17442
17441
"Next, use the <application>auth-client-config</application> to configure the "
17443
17442
"<application>libpam-krb5</application> module to request a ticket during "
17444
17443
"login:"
17445
17444
msgstr ""
17446
17445
17447
#: serverguide/C/network-auth.xml:3381(command)
17446
#: serverguide/C/network-auth.xml:3380(command)
17448
17447
msgid "sudo auth-client-config -a -p kerberos_example"
17449
17448
msgstr ""
17450
17449
17451
#: serverguide/C/network-auth.xml:3384(para)
17450
#: serverguide/C/network-auth.xml:3383(para)
17452
17451
msgid ""
17453
17452
"You will should now receive a ticket upon successful login authentication."
17454
17453
msgstr ""
17455
17454
17456
#: serverguide/C/network-auth.xml:3395(para)
17455
#: serverguide/C/network-auth.xml:3394(para)
17457
17456
msgid ""
17458
17457
"For more information on MIT's version of Kerberos, see the <ulink "
17459
17458
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17460
17459
msgstr ""
17461
17460
17462
#: serverguide/C/network-auth.xml:3400(para)
17461
#: serverguide/C/network-auth.xml:3399(para)
17463
17462
msgid ""
17464
17463
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17465
17464
"Kerberos</ulink> page has more details."
17466
17465
msgstr ""
17467
17466
17468
#: serverguide/C/network-auth.xml:3405(para)
17467
#: serverguide/C/network-auth.xml:3404(para)
17469
17468
msgid ""
17470
17469
"O'Reilly's <ulink "
17471
17470
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17472
17471
"Guide</ulink> is a great reference when setting up Kerberos."
17473
17472
msgstr ""
17474
17473
17475
#: serverguide/C/network-auth.xml:3411(para)
17474
#: serverguide/C/network-auth.xml:3410(para)
17476
17475
msgid ""
17477
17476
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17478
17477
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17479
17478
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17480
17479
msgstr ""
17481
17480
17482
#: serverguide/C/network-auth.xml:3423(title)
17481
#: serverguide/C/network-auth.xml:3422(title)
17483
17482
msgid "Kerberos and LDAP"
17484
17483
msgstr ""
17485
17484
17486
#: serverguide/C/network-auth.xml:3425(para)
17485
#: serverguide/C/network-auth.xml:3424(para)
17487
17486
msgid ""
17488
17487
"Most people will not use Kerberos by itself; once an user is authenticated "
17489
17488
"(Kerberos), we need to figure out what this user can do (authorization). And "
17490
17489
"that would be the job of programs such as <application>LDAP</application>."
17491
17490
msgstr ""
17492
17491
17493
#: serverguide/C/network-auth.xml:3432(para)
17492
#: serverguide/C/network-auth.xml:3431(para)
17494
17493
msgid ""
17495
17494
"Replicating a Kerberos principal database between two servers can be "
17496
17495
"complicated, and adds an additional user database to your network. "
17500
17499
"<application>OpenLDAP</application> for the principal database."
17501
17500
msgstr ""
17502
17501
17503
#: serverguide/C/network-auth.xml:3440(para)
17502
#: serverguide/C/network-auth.xml:3439(para)
17504
17503
msgid ""
17505
17504
"The examples presented here assume <application>MIT Kerberos</application> "
17506
17505
"and <application>OpenLDAP</application>."
17507
17506
msgstr ""
17508
17507
17509
#: serverguide/C/network-auth.xml:3448(title)
17508
#: serverguide/C/network-auth.xml:3447(title)
17510
17509
msgid "Configuring OpenLDAP"
17511
17510
msgstr ""
17512
17511
17513
#: serverguide/C/network-auth.xml:3450(para)
17512
#: serverguide/C/network-auth.xml:3449(para)
17514
17513
msgid ""
17515
17514
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17516
17515
"<application>OpenLDAP</application> server that has network connectivity to "
17519
17518
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17520
17519
msgstr ""
17521
17520
17522
#: serverguide/C/network-auth.xml:3456(para)
17521
#: serverguide/C/network-auth.xml:3455(para)
17523
17522
msgid ""
17524
17523
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17525
17524
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17526
17525
"linkend=\"openldap-tls\"/> for details."
17527
17526
msgstr ""
17528
17527
17529
#: serverguide/C/network-auth.xml:3462(para)
17528
#: serverguide/C/network-auth.xml:3461(para)
17530
17529
msgid ""
17531
17530
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17532
17531
"edit the ldap database. Many times it is the RootDN. Change its value to "
17533
17532
"reflect your setup."
17534
17533
msgstr ""
17535
17534
17536
#: serverguide/C/network-auth.xml:3471(para)
17535
#: serverguide/C/network-auth.xml:3470(para)
17537
17536
msgid ""
17538
17537
"To load the schema into LDAP, on the LDAP server install the "
17539
17538
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17540
17539
msgstr ""
17541
17540
17542
#: serverguide/C/network-auth.xml:3477(command)
17541
#: serverguide/C/network-auth.xml:3476(command)
17543
17542
msgid "sudo apt-get install krb5-kdc-ldap"
17544
17543
msgstr ""
17545
17544
17546
#: serverguide/C/network-auth.xml:3482(para)
17545
#: serverguide/C/network-auth.xml:3481(para)
17547
17546
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17548
17547
msgstr ""
17549
17548
17549
#: serverguide/C/network-auth.xml:3486(command)
17550
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17551
msgstr ""
17552
17550
17553
#: serverguide/C/network-auth.xml:3487(command)
17551
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17552
msgstr ""
17553
17554
#: serverguide/C/network-auth.xml:3488(command)
17555
17554
msgid ""
17556
17555
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17557
17556
msgstr ""
17558
17557
17559
#: serverguide/C/network-auth.xml:3494(para)
17558
#: serverguide/C/network-auth.xml:3493(para)
17560
17559
msgid ""
17561
17560
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17562
17561
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17564
17563
"linkend=\"openldap-configuration\"/>."
17565
17564
msgstr ""
17566
17565
17567
#: serverguide/C/network-auth.xml:3502(para)
17566
#: serverguide/C/network-auth.xml:3501(para)
17568
17567
msgid ""
17569
17568
"First, create a configuration file named "
17570
17569
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17571
17570
"containing the following lines:"
17572
17571
msgstr ""
17573
17572
17574
#: serverguide/C/network-auth.xml:3507(programlisting)
17573
#: serverguide/C/network-auth.xml:3506(programlisting)
17575
17574
#, no-wrap
17576
17575
msgid ""
17577
17576
"\n"
17590
17589
"include /etc/ldap/schema/kerberos.schema\n"
17591
17590
msgstr ""
17592
17591
17593
#: serverguide/C/network-auth.xml:3527(para)
17592
#: serverguide/C/network-auth.xml:3526(para)
17594
17593
msgid "Create a temporary directory to hold the LDIF files:"
17595
17594
msgstr ""
17596
17595
17597
#: serverguide/C/network-auth.xml:3531(command)
17596
#: serverguide/C/network-auth.xml:3530(command)
17598
17597
msgid "mkdir /tmp/ldif_output"
17599
17598
msgstr ""
17600
17599
17601
#: serverguide/C/network-auth.xml:3537(para)
17600
#: serverguide/C/network-auth.xml:3536(para)
17602
17601
msgid ""
17603
17602
"Now use <application>slapcat</application> to convert the schema files:"
17604
17603
msgstr ""
17605
17604
17606
#: serverguide/C/network-auth.xml:3542(command)
17605
#: serverguide/C/network-auth.xml:3541(command)
17607
17606
msgid ""
17608
17607
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17609
17608
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17610
17609
msgstr ""
17611
17610
17612
#: serverguide/C/network-auth.xml:3546(para)
17611
#: serverguide/C/network-auth.xml:3545(para)
17613
17612
msgid ""
17614
17613
"Change the above file and path names to match your own if they are different."
17615
17614
msgstr ""
17616
17615
17617
#: serverguide/C/network-auth.xml:3553(para)
17616
#: serverguide/C/network-auth.xml:3552(para)
17618
17617
msgid ""
17619
17618
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17620
17619
"changing the following attributes:"
17621
17620
msgstr ""
17622
17621
17623
#: serverguide/C/network-auth.xml:3557(programlisting)
17622
#: serverguide/C/network-auth.xml:3556(programlisting)
17624
17623
#, no-wrap
17625
17624
msgid ""
17626
17625
"\n"
17629
17628
"cn: kerberos\n"
17630
17629
msgstr ""
17631
17630
17632
#: serverguide/C/network-auth.xml:3563(para)
17631
#: serverguide/C/network-auth.xml:3562(para)
17633
17632
msgid "And remove the following lines from the end of the file:"
17634
17633
msgstr ""
17635
17634
17636
#: serverguide/C/network-auth.xml:3567(programlisting)
17635
#: serverguide/C/network-auth.xml:3566(programlisting)
17637
17636
#, no-wrap
17638
17637
msgid ""
17639
17638
"\n"
17646
17645
"modifyTimestamp: 20090111203515Z\n"
17647
17646
msgstr ""
17648
17647
17649
#: serverguide/C/network-auth.xml:3577(para)
17648
#: serverguide/C/network-auth.xml:3576(para)
17650
17649
msgid ""
17651
17650
"The attribute values will vary, just be sure the attributes are removed."
17652
17651
msgstr ""
17653
17652
17654
#: serverguide/C/network-auth.xml:3584(para)
17653
#: serverguide/C/network-auth.xml:3583(para)
17655
17654
msgid "Load the new schema with <application>ldapadd</application>:"
17656
17655
msgstr ""
17657
17656
17658
#: serverguide/C/network-auth.xml:3589(command)
17657
#: serverguide/C/network-auth.xml:3588(command)
17659
17658
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17660
17659
msgstr ""
17661
17660
17662
#: serverguide/C/network-auth.xml:3595(para)
17661
#: serverguide/C/network-auth.xml:3594(para)
17663
17662
msgid ""
17664
17663
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17665
17664
msgstr ""
17666
17665
17667
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17666
#: serverguide/C/network-auth.xml:3599(command) serverguide/C/network-auth.xml:3616(command)
17668
17667
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17669
17668
msgstr ""
17670
17669
17671
#: serverguide/C/network-auth.xml:3602(userinput)
17670
#: serverguide/C/network-auth.xml:3601(userinput)
17672
17671
#, no-wrap
17673
17672
msgid ""
17674
17673
"dn: olcDatabase={1}hdb,cn=config\n"
17676
17675
"olcDbIndex: krbPrincipalName eq,pres,sub"
17677
17676
msgstr ""
17678
17677
17679
#: serverguide/C/network-auth.xml:3601(computeroutput)
17678
#: serverguide/C/network-auth.xml:3600(computeroutput)
17680
17679
#, no-wrap
17681
17680
msgid ""
17682
17681
"Enter LDAP Password:\n"
17685
17684
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17686
17685
msgstr ""
17687
17686
17688
#: serverguide/C/network-auth.xml:3612(para)
17687
#: serverguide/C/network-auth.xml:3611(para)
17689
17688
msgid "Finally, update the Access Control Lists (ACL):"
17690
17689
msgstr ""
17691
17690
17692
#: serverguide/C/network-auth.xml:3619(userinput)
17691
#: serverguide/C/network-auth.xml:3618(userinput)
17693
17692
#, no-wrap
17694
17693
msgid ""
17695
17694
"dn: olcDatabase={1}hdb,cn=config\n"
17705
17704
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17706
17705
msgstr ""
17707
17706
17708
#: serverguide/C/network-auth.xml:3618(computeroutput)
17707
#: serverguide/C/network-auth.xml:3617(computeroutput)
17709
17708
#, no-wrap
17710
17709
msgid ""
17711
17710
"Enter LDAP Password: \n"
17714
17713
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17715
17714
msgstr ""
17716
17715
17717
#: serverguide/C/network-auth.xml:3639(para)
17716
#: serverguide/C/network-auth.xml:3638(para)
17718
17717
msgid ""
17719
17718
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17720
17719
"database."
17721
17720
msgstr ""
17722
17721
17723
#: serverguide/C/network-auth.xml:3645(title)
17722
#: serverguide/C/network-auth.xml:3644(title)
17724
17723
msgid "Primary KDC Configuration"
17725
17724
msgstr ""
17726
17725
17727
#: serverguide/C/network-auth.xml:3647(para)
17726
#: serverguide/C/network-auth.xml:3646(para)
17728
17727
msgid ""
17729
17728
"With <application>OpenLDAP</application> configured it is time to configure "
17730
17729
"the KDC."
17731
17730
msgstr ""
17732
17731
17733
#: serverguide/C/network-auth.xml:3653(para)
17732
#: serverguide/C/network-auth.xml:3652(para)
17734
17733
msgid "First, install the necessary packages, from a terminal enter:"
17735
17734
msgstr ""
17736
17735
17737
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17736
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17738
17737
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17739
17738
msgstr ""
17740
17739
17741
#: serverguide/C/network-auth.xml:3664(para)
17740
#: serverguide/C/network-auth.xml:3663(para)
17742
17741
msgid ""
17743
17742
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17744
17743
"under the appropriate sections:"
17745
17744
msgstr ""
17746
17745
17747
#: serverguide/C/network-auth.xml:3668(programlisting)
17746
#: serverguide/C/network-auth.xml:3667(programlisting)
17748
17747
#, no-wrap
17749
17748
msgid ""
17750
17749
"\n"
17794
17793
" }\n"
17795
17794
msgstr ""
17796
17795
17797
#: serverguide/C/network-auth.xml:3713(para)
17796
#: serverguide/C/network-auth.xml:3712(para)
17798
17797
msgid ""
17799
17798
"Change <emphasis>example.com</emphasis>, "
17800
17799
"<emphasis>dc=example,dc=com</emphasis>, "
17803
17802
"object, and LDAP server for your network."
17804
17803
msgstr ""
17805
17804
17806
#: serverguide/C/network-auth.xml:3722(para)
17805
#: serverguide/C/network-auth.xml:3721(para)
17807
17806
msgid ""
17808
17807
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17809
17808
"the realm:"
17810
17809
msgstr ""
17811
17810
17812
#: serverguide/C/network-auth.xml:3727(command)
17811
#: serverguide/C/network-auth.xml:3726(command)
17813
17812
msgid ""
17814
17813
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17815
17814
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17816
17815
msgstr ""
17817
17816
17818
#: serverguide/C/network-auth.xml:3734(para)
17817
#: serverguide/C/network-auth.xml:3733(para)
17819
17818
msgid ""
17820
17819
"Create a stash of the password used to bind to the LDAP server. This "
17821
17820
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17823
17822
"<filename>/etc/krb5.conf</filename>:"
17824
17823
msgstr ""
17825
17824
17826
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17825
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17827
17826
msgid ""
17828
17827
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17829
17828
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17830
17829
msgstr ""
17831
17830
17832
#: serverguide/C/network-auth.xml:3747(para)
17831
#: serverguide/C/network-auth.xml:3746(para)
17833
17832
msgid "Copy the CA certificate from the LDAP server:"
17834
17833
msgstr ""
17835
17834
17835
#: serverguide/C/network-auth.xml:3751(command)
17836
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17837
msgstr ""
17838
17836
17839
#: serverguide/C/network-auth.xml:3752(command)
17837
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17838
msgstr ""
17839
17840
#: serverguide/C/network-auth.xml:3753(command)
17841
17840
msgid "sudo cp cacert.pem /etc/ssl/certs"
17842
17841
msgstr ""
17843
17842
17844
#: serverguide/C/network-auth.xml:3756(para)
17843
#: serverguide/C/network-auth.xml:3755(para)
17845
17844
msgid ""
17846
17845
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17847
17846
msgstr ""
17848
17847
17849
#: serverguide/C/network-auth.xml:3760(programlisting)
17848
#: serverguide/C/network-auth.xml:3759(programlisting)
17850
17849
#, no-wrap
17851
17850
msgid ""
17852
17851
"\n"
17853
17852
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17854
17853
msgstr ""
17855
17854
17856
#: serverguide/C/network-auth.xml:3765(para)
17855
#: serverguide/C/network-auth.xml:3764(para)
17857
17856
msgid ""
17858
17857
"The certificate will also need to be copied to the Secondary KDC, to allow "
17859
17858
"the connection to the LDAP servers using LDAPS."
17860
17859
msgstr ""
17861
17860
17862
#: serverguide/C/network-auth.xml:3774(para)
17861
#: serverguide/C/network-auth.xml:3773(para)
17863
17862
msgid ""
17864
17863
"You can now add Kerberos principals to the LDAP database, and they will be "
17865
17864
"copied to any other LDAP servers configured for replication. To add a "
17866
17865
"principal using the <application>kadmin.local</application> utility enter:"
17867
17866
msgstr ""
17868
17867
17869
#: serverguide/C/network-auth.xml:3782(userinput)
17868
#: serverguide/C/network-auth.xml:3781(userinput)
17870
17869
#, no-wrap
17871
17870
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17872
17871
msgstr ""
17873
17872
17874
#: serverguide/C/network-auth.xml:3781(computeroutput)
17873
#: serverguide/C/network-auth.xml:3780(computeroutput)
17875
17874
#, no-wrap
17876
17875
msgid ""
17877
17876
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17882
17881
"Principal \"steve@EXAMPLE.COM\" created."
17883
17882
msgstr ""
17884
17883
17885
#: serverguide/C/network-auth.xml:3789(para)
17884
#: serverguide/C/network-auth.xml:3788(para)
17886
17885
msgid ""
17887
17886
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17888
17887
"krbExtraData attributes added to the "
17891
17890
"utilities to test that the user is indeed issued a ticket."
17892
17891
msgstr ""
17893
17892
17894
#: serverguide/C/network-auth.xml:3796(para)
17893
#: serverguide/C/network-auth.xml:3795(para)
17895
17894
msgid ""
17896
17895
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17897
17896
"option is needed to add the Kerberos attributes. Otherwise a new "
17898
17897
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17899
17898
msgstr ""
17900
17899
17901
#: serverguide/C/network-auth.xml:3804(title)
17900
#: serverguide/C/network-auth.xml:3803(title)
17902
17901
msgid "Secondary KDC Configuration"
17903
17902
msgstr ""
17904
17903
17905
#: serverguide/C/network-auth.xml:3806(para)
17904
#: serverguide/C/network-auth.xml:3805(para)
17906
17905
msgid ""
17907
17906
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17908
17907
"one using the normal Kerberos database."
17909
17908
msgstr ""
17910
17909
17911
#: serverguide/C/network-auth.xml:3812(para)
17910
#: serverguide/C/network-auth.xml:3811(para)
17912
17911
msgid "First, install the necessary packages. In a terminal enter:"
17913
17912
msgstr ""
17914
17913
17915
#: serverguide/C/network-auth.xml:3823(para)
17914
#: serverguide/C/network-auth.xml:3822(para)
17916
17915
msgid ""
17917
17916
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17918
17917
msgstr ""
17919
17918
17920
#: serverguide/C/network-auth.xml:3827(programlisting)
17919
#: serverguide/C/network-auth.xml:3826(programlisting)
17921
17920
#, no-wrap
17922
17921
msgid ""
17923
17922
"\n"
17966
17965
" }\n"
17967
17966
msgstr ""
17968
17967
17969
#: serverguide/C/network-auth.xml:3874(para)
17968
#: serverguide/C/network-auth.xml:3873(para)
17970
17969
msgid "Create the stash for the LDAP bind password:"
17971
17970
msgstr ""
17972
17971
17973
#: serverguide/C/network-auth.xml:3886(para)
17972
#: serverguide/C/network-auth.xml:3885(para)
17974
17973
msgid ""
17975
17974
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17976
17975
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17979
17978
"media."
17980
17979
msgstr ""
17981
17980
17981
#: serverguide/C/network-auth.xml:3892(command)
17982
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17983
msgstr ""
17984
17982
17985
#: serverguide/C/network-auth.xml:3893(command)
17983
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17984
msgstr ""
17985
17986
#: serverguide/C/network-auth.xml:3894(command)
17987
17986
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17988
17987
msgstr ""
17989
17988
17990
#: serverguide/C/network-auth.xml:3898(para)
17989
#: serverguide/C/network-auth.xml:3897(para)
17991
17990
msgid ""
17992
17991
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17993
17992
msgstr ""
17994
17993
17995
#: serverguide/C/network-auth.xml:3906(para)
17994
#: serverguide/C/network-auth.xml:3905(para)
17996
17995
msgid ""
17997
17996
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17998
17997
"only,"
17999
17998
msgstr ""
18000
17999
18001
#: serverguide/C/network-auth.xml:3918(para)
18000
#: serverguide/C/network-auth.xml:3917(para)
18002
18001
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
18003
18002
msgstr ""
18004
18003
18005
#: serverguide/C/network-auth.xml:3929(para)
18004
#: serverguide/C/network-auth.xml:3928(para)
18006
18005
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
18007
18006
msgstr ""
18008
18007
18009
#: serverguide/C/network-auth.xml:3936(para)
18008
#: serverguide/C/network-auth.xml:3935(para)
18010
18009
msgid ""
18011
18010
"You now have redundant KDCs on your network, and with redundant LDAP servers "
18012
18011
"you should be able to continue to authenticate users if one LDAP server, one "
18013
18012
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
18014
18013
msgstr ""
18015
18014
18016
#: serverguide/C/network-auth.xml:3948(para)
18015
#: serverguide/C/network-auth.xml:3947(para)
18017
18016
msgid ""
18018
18017
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18019
18018
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
18020
18019
"Guide</ulink> has some additional details."
18021
18020
msgstr ""
18022
18021
18023
#: serverguide/C/network-auth.xml:3951(para)
18022
#: serverguide/C/network-auth.xml:3953(para)
18024
18023
msgid ""
18025
18024
"For more information on <application>kdb5_ldap_util</application> see <ulink "
18026
18025
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18030
18029
"l\">kdb5_ldap_util man page</ulink>."
18031
18030
msgstr ""
18032
18031
18033
#: serverguide/C/network-auth.xml:3959(para)
18032
#: serverguide/C/network-auth.xml:3961(para)
18034
18033
msgid ""
18035
18034
"Another useful link is the <ulink "
18036
18035
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
18037
18036
"rb5.conf man page</ulink>."
18038
18037
msgstr ""
18039
18038
18040
#: serverguide/C/network-auth.xml:3967(para)
18039
#: serverguide/C/network-auth.xml:3966(para)
18041
18040
msgid ""
18042
18041
"Also, see the <ulink "
18043
18042
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
18044
18043
"and LDAP</ulink> Ubuntu wiki page."
18045
18044
msgstr ""
18046
18045
18047
#: serverguide/C/network-auth.xml:3973(title)
18046
#: serverguide/C/network-auth.xml:3975(title)
18048
18047
msgid "SSSD and Active Directory"
18049
18048
msgstr ""
18050
18049
18051
#: serverguide/C/network-auth.xml:3974(para)
18050
#: serverguide/C/network-auth.xml:3976(para)
18052
18051
msgid ""
18053
18052
"This section describes the use of sssd to authenticate user logins against "
18054
18053
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
18059
18058
"requires no modifications to the AD structure."
18060
18059
msgstr ""
18061
18060
18062
#: serverguide/C/network-auth.xml:3978(title)
18061
#: serverguide/C/network-auth.xml:3980(title)
18063
18062
msgid "Prerequisites, Assumptions, and Requirements"
18064
18063
msgstr ""
18065
18064
18066
#: serverguide/C/network-auth.xml:3981(para)
18065
#: serverguide/C/network-auth.xml:3983(para)
18067
18066
msgid ""
18068
18067
"This guide does not explain Active Directory, how it works, how to set one "
18069
18068
"up, or how to maintain it. It may not provide “best practices” for your "
18070
18069
"environment."
18071
18070
msgstr ""
18072
18071
18073
#: serverguide/C/network-auth.xml:3983(para)
18072
#: serverguide/C/network-auth.xml:3985(para)
18074
18073
msgid ""
18075
18074
"This guide assumes that a working Active Directory domain is already "
18076
18075
"configured."
18077
18076
msgstr ""
18078
18077
18079
#: serverguide/C/network-auth.xml:3985(para)
18078
#: serverguide/C/network-auth.xml:3987(para)
18080
18079
msgid ""
18081
18080
"The domain controller is acting as an authoritative DNS server for the "
18082
18081
"domain."
18083
18082
msgstr ""
18084
18083
18085
#: serverguide/C/network-auth.xml:3987(para)
18084
#: serverguide/C/network-auth.xml:3989(para)
18086
18085
msgid ""
18087
18086
"The domain controller is the primary DNS resolver as specified in "
18088
18087
"<filename>/etc/resolv.conf</filename>."
18089
18088
msgstr ""
18090
18089
18091
#: serverguide/C/network-auth.xml:3990(para)
18090
#: serverguide/C/network-auth.xml:3992(para)
18092
18091
msgid ""
18093
18092
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
18094
18093
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
18095
18094
"(see Resources section for external links)."
18096
18095
msgstr ""
18097
18096
18098
#: serverguide/C/network-auth.xml:3992(para)
18097
#: serverguide/C/network-auth.xml:3994(para)
18099
18098
msgid ""
18100
18099
"System time is synchronized on the domain controller (necessary for "
18101
18100
"Kerberos)."
18102
18101
msgstr ""
18103
18102
18104
#: serverguide/C/network-auth.xml:3994(para)
18103
#: serverguide/C/network-auth.xml:3996(para)
18105
18104
msgid ""
18106
18105
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
18107
18106
"."
18108
18107
msgstr ""
18109
18108
18110
#: serverguide/C/network-auth.xml:3999(para)
18109
#: serverguide/C/network-auth.xml:4001(para)
18111
18110
msgid ""
18112
18111
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
18113
18112
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18116
18115
"controllers are needed for this step."
18117
18116
msgstr ""
18118
18117
18119
#: serverguide/C/network-auth.xml:4000(para)
18118
#: serverguide/C/network-auth.xml:4002(para)
18120
18119
msgid "Install these packages now."
18121
18120
msgstr ""
18122
18121
18123
#: serverguide/C/network-auth.xml:4002(command)
18122
#: serverguide/C/network-auth.xml:4004(command)
18124
18123
msgid "sudo apt-get install krb5-user samba sssd ntp"
18125
18124
msgstr ""
18126
18125
18127
#: serverguide/C/network-auth.xml:4003(para)
18126
#: serverguide/C/network-auth.xml:4005(para)
18128
18127
msgid ""
18129
18128
"See the next section for the answers to the questions asked by the "
18130
18129
"<emphasis>krb5-user</emphasis> postinstall script."
18131
18130
msgstr ""
18132
18131
18133
#: serverguide/C/network-auth.xml:4006(title)
18132
#: serverguide/C/network-auth.xml:4008(title)
18134
18133
msgid "Kerberos Configuration"
18135
18134
msgstr ""
18136
18135
18137
#: serverguide/C/network-auth.xml:4007(para)
18136
#: serverguide/C/network-auth.xml:4009(para)
18138
18137
msgid ""
18139
18138
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
18140
18139
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
18144
18143
"not, then both are needed."
18145
18144
msgstr ""
18146
18145
18147
#: serverguide/C/network-auth.xml:4008(para)
18146
#: serverguide/C/network-auth.xml:4010(para)
18148
18147
msgid ""
18149
18148
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
18150
18149
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
18151
18150
msgstr ""
18152
18151
18153
#: serverguide/C/network-auth.xml:4011(para)
18152
#: serverguide/C/network-auth.xml:4013(para)
18154
18153
msgid ""
18155
18154
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
18156
18155
"settings to specify Kerberos ticket lifetime (these values are safe to use "
18157
18156
"as defaults):"
18158
18157
msgstr ""
18159
18158
18160
#: serverguide/C/network-auth.xml:4012(programlisting)
18159
#: serverguide/C/network-auth.xml:4014(programlisting)
18161
18160
#, no-wrap
18162
18161
msgid ""
18163
18162
"\n"
18169
18168
"\t\t"
18170
18169
msgstr ""
18171
18170
18172
#: serverguide/C/network-auth.xml:4020(para)
18171
#: serverguide/C/network-auth.xml:4022(para)
18173
18172
msgid ""
18174
18173
"If default_realm is not specified, it may be necessary to log in with "
18175
18174
"“username@domain” instead of “username”."
18176
18175
msgstr ""
18177
18176
18178
#: serverguide/C/network-auth.xml:4022(para)
18177
#: serverguide/C/network-auth.xml:4024(para)
18179
18178
msgid ""
18180
18179
"The system time on the Active Directory member needs to be consistent with "
18181
18180
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
18183
18182
"<filename>/etc/ntp.conf</filename>:"
18184
18183
msgstr ""
18185
18184
18186
#: serverguide/C/network-auth.xml:4024(programlisting)
18185
#: serverguide/C/network-auth.xml:4026(programlisting)
18187
18186
#, no-wrap
18188
18187
msgid ""
18189
18188
"\n"
18190
18189
"server dc.myubuntu.example.com\n"
18191
18190
msgstr ""
18192
18191
18193
#: serverguide/C/network-auth.xml:4031(para)
18192
#: serverguide/C/network-auth.xml:4033(para)
18194
18193
msgid ""
18195
18194
"Samba will be used to perform netbios/nmbd services related to Active "
18196
18195
"Directory authentication, even if no file shares are exported. Edit the file "
18198
18197
"<emphasis>[global]</emphasis> section:"
18199
18198
msgstr ""
18200
18199
18201
#: serverguide/C/network-auth.xml:4033(programlisting)
18200
#: serverguide/C/network-auth.xml:4035(programlisting)
18202
18201
#, no-wrap
18203
18202
msgid ""
18204
18203
"\n"
18212
18211
"security = ads\n"
18213
18212
msgstr ""
18214
18213
18215
#: serverguide/C/network-auth.xml:4044(para)
18214
#: serverguide/C/network-auth.xml:4046(para)
18216
18215
msgid ""
18217
18216
"Some guides specify that \"password server\" should be specified and pointed "
18218
18217
"to the domain controller. This is only necessary if DNS is not properly set "
18220
18219
"server\" is specified with \"security = ads\"."
18221
18220
msgstr ""
18222
18221
18223
#: serverguide/C/network-auth.xml:4049(title)
18222
#: serverguide/C/network-auth.xml:4051(title)
18224
18223
msgid "SSSD Configuration"
18225
18224
msgstr ""
18226
18225
18227
#: serverguide/C/network-auth.xml:4051(para)
18226
#: serverguide/C/network-auth.xml:4053(para)
18228
18227
msgid ""
18229
18228
"There is no default/example config file for "
18230
18229
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
18231
18230
"necessary to create one. This is a minimal working config file:"
18232
18231
msgstr ""
18233
18232
18234
#: serverguide/C/network-auth.xml:4053(programlisting)
18233
#: serverguide/C/network-auth.xml:4055(programlisting)
18235
18234
#, no-wrap
18236
18235
msgid ""
18237
18236
"\n"
18263
18262
"# enumerate = true\n"
18264
18263
msgstr ""
18265
18264
18266
#: serverguide/C/network-auth.xml:4080(para)
18265
#: serverguide/C/network-auth.xml:4082(para)
18267
18266
msgid ""
18268
18267
"After saving this file, set the ownership to root and the file permissions "
18269
18268
"to 600:"
18270
18269
msgstr ""
18271
18270
18272
#: serverguide/C/network-auth.xml:4081(command)
18271
#: serverguide/C/network-auth.xml:4083(command)
18273
18272
msgid "sudo chown root:root /etc/sssd/sssd.conf"
18274
18273
msgstr ""
18275
18274
18276
#: serverguide/C/network-auth.xml:4082(command)
18275
#: serverguide/C/network-auth.xml:4084(command)
18277
18276
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
18278
18277
msgstr ""
18279
18278
18280
#: serverguide/C/network-auth.xml:4084(para)
18279
#: serverguide/C/network-auth.xml:4086(para)
18281
18280
msgid ""
18282
18281
"If the ownership or permissions are not correct, sssd will refuse to start."
18283
18282
msgstr ""
18284
18283
18285
#: serverguide/C/network-auth.xml:4088(title)
18284
#: serverguide/C/network-auth.xml:4090(title)
18286
18285
msgid "Verify nsswitch.conf Configuration"
18287
18286
msgstr ""
18288
18287
18289
#: serverguide/C/network-auth.xml:4089(para)
18288
#: serverguide/C/network-auth.xml:4091(para)
18290
18289
msgid ""
18291
18290
"The post-install script for the sssd package makes some modifications to "
18292
18291
"/etc/nsswitch.conf automatically. It should look something like this:"
18293
18292
msgstr ""
18294
18293
18295
#: serverguide/C/network-auth.xml:4091(programlisting)
18294
#: serverguide/C/network-auth.xml:4093(programlisting)
18296
18295
#, no-wrap
18297
18296
msgid ""
18298
18297
"\n"
18303
18302
"sudoers: files sss\n"
18304
18303
msgstr ""
18305
18304
18306
#: serverguide/C/network-auth.xml:4101(title)
18305
#: serverguide/C/network-auth.xml:4103(title)
18307
18306
msgid "Modify /etc/hosts"
18308
18307
msgstr ""
18309
18308
18310
#: serverguide/C/network-auth.xml:4102(para)
18309
#: serverguide/C/network-auth.xml:4104(para)
18311
18310
msgid ""
18312
18311
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18313
18312
"example:"
18314
18313
msgstr ""
18315
18314
18316
#: serverguide/C/network-auth.xml:4103(programlisting)
18315
#: serverguide/C/network-auth.xml:4105(programlisting)
18317
18316
#, no-wrap
18318
18317
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18319
18318
msgstr ""
18320
18319
18321
#: serverguide/C/network-auth.xml:4105(para)
18320
#: serverguide/C/network-auth.xml:4107(para)
18322
18321
msgid "This is useful in conjunction with dynamic DNS updates."
18323
18322
msgstr ""
18324
18323
18325
#: serverguide/C/network-auth.xml:4109(title)
18324
#: serverguide/C/network-auth.xml:4111(title)
18326
18325
msgid "Join the Active Directory"
18327
18326
msgstr ""
18328
18327
18329
#: serverguide/C/network-auth.xml:4110(para)
18328
#: serverguide/C/network-auth.xml:4112(para)
18330
18329
msgid "Now, restart ntp and samba and start sssd."
18331
18330
msgstr ""
18332
18331
18333
#: serverguide/C/virtualization.xml:2208(command)
18332
#: serverguide/C/network-auth.xml:4113(command)
18334
18333
msgid "sudo service ntp restart"
18335
18334
msgstr ""
18336
18335
18337
#: serverguide/C/network-auth.xml:4114(command)
18336
#: serverguide/C/network-auth.xml:4116(command)
18338
18337
msgid "sudo start sssd"
18339
18338
msgstr ""
18340
18339
18341
#: serverguide/C/network-auth.xml:4116(para)
18340
#: serverguide/C/network-auth.xml:4118(para)
18342
18341
msgid "Test the configuration by obtaining a Kerberos ticket:"
18343
18342
msgstr ""
18344
18343
18345
#: serverguide/C/network-auth.xml:4118(command)
18344
#: serverguide/C/network-auth.xml:4120(command)
18346
18345
msgid "sudo kinit Administrator"
18347
18346
msgstr ""
18348
18347
18349
#: serverguide/C/network-auth.xml:4120(para)
18348
#: serverguide/C/network-auth.xml:4122(para)
18350
18349
msgid "Verify the ticket with:"
18351
18350
msgstr ""
18352
18351
18353
#: serverguide/C/network-auth.xml:4121(command)
18352
#: serverguide/C/network-auth.xml:4123(command)
18354
18353
msgid "sudo klist"
18355
18354
msgstr ""
18356
18355
18357
#: serverguide/C/network-auth.xml:4123(para)
18356
#: serverguide/C/network-auth.xml:4125(para)
18358
18357
msgid ""
18359
18358
"If there is a ticket with an expiration date listed, then it is time to join "
18360
18359
"the domain:"
18361
18360
msgstr ""
18362
18361
18363
#: serverguide/C/network-auth.xml:4125(command)
18362
#: serverguide/C/network-auth.xml:4127(command)
18364
18363
msgid "sudo net ads join -k"
18365
18364
msgstr ""
18366
18365
18367
#: serverguide/C/network-auth.xml:4127(para)
18366
#: serverguide/C/network-auth.xml:4129(para)
18368
18367
msgid ""
18369
18368
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18370
18369
"probably means that there is no (correct) alias in "
18374
18373
"\"Modify /etc/hosts\" above."
18375
18374
msgstr ""
18376
18375
18377
#: serverguide/C/network-auth.xml:4129(para)
18376
#: serverguide/C/network-auth.xml:4131(para)
18378
18377
msgid ""
18379
18378
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18380
18379
"something is incorrect. Review the prior steps before proceeding)."
18381
18380
msgstr ""
18382
18381
18383
#: serverguide/C/network-auth.xml:4131(para)
18382
#: serverguide/C/network-auth.xml:4133(para)
18384
18383
msgid ""
18385
18384
"Here are a couple of (optional) checks to verify that the domain join was "
18386
18385
"successful. Note that if the domain was successfully joined but one or both "
18388
18387
"Some of the changes appear to be asynchronous."
18389
18388
msgstr ""
18390
18389
18391
#: serverguide/C/network-auth.xml:4133(para)
18390
#: serverguide/C/network-auth.xml:4135(para)
18392
18391
msgid "Verification option #1:"
18393
18392
msgstr ""
18394
18393
18395
#: serverguide/C/network-auth.xml:4134(para)
18394
#: serverguide/C/network-auth.xml:4136(para)
18396
18395
msgid ""
18397
18396
"Check the default Organizational Unit for computer accounts in the Active "
18398
18397
"Directory to verify that the computer account was created. (Organizational "
18399
18398
"Units in Active Directory is a topic outside the scope of this guide)."
18400
18399
msgstr ""
18401
18400
18402
#: serverguide/C/network-auth.xml:4136(para)
18401
#: serverguide/C/network-auth.xml:4138(para)
18403
18402
msgid "Verification option #2"
18404
18403
msgstr ""
18405
18404
18406
#: serverguide/C/network-auth.xml:4137(para)
18405
#: serverguide/C/network-auth.xml:4139(para)
18407
18406
msgid "Execute this command for a specific AD user (e.g. administrator)"
18408
18407
msgstr ""
18409
18408
18410
#: serverguide/C/network-auth.xml:4138(command)
18409
#: serverguide/C/network-auth.xml:4140(command)
18411
18410
msgid "getent passwd username"
18412
18411
msgstr ""
18413
18412
18414
#: serverguide/C/network-auth.xml:4140(para)
18413
#: serverguide/C/network-auth.xml:4142(para)
18415
18414
msgid ""
18416
18415
"If <emphasis>enumerate = true</emphasis> is set in "
18417
18416
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18419
18418
"testing, but is slow and not recommended for production."
18420
18419
msgstr ""
18421
18420
18422
#: serverguide/C/network-auth.xml:4144(title)
18421
#: serverguide/C/network-auth.xml:4146(title)
18423
18422
msgid "Test Authentication"
18424
18423
msgstr ""
18425
18424
18426
#: serverguide/C/network-auth.xml:4145(para)
18425
#: serverguide/C/network-auth.xml:4147(para)
18427
18426
msgid ""
18428
18427
"It should now be possible to authenticate using an Active Directory User's "
18429
18428
"credentials:"
18430
18429
msgstr ""
18431
18430
18432
#: serverguide/C/network-auth.xml:4147(command)
18431
#: serverguide/C/network-auth.xml:4149(command)
18433
18432
msgid "su - username"
18434
18433
msgstr ""
18435
18434
18436
#: serverguide/C/network-auth.xml:4149(para)
18435
#: serverguide/C/network-auth.xml:4151(para)
18437
18436
msgid ""
18438
18437
"If this works, then other login methods (getty, ssh) should also work."
18439
18438
msgstr ""
18440
18439
18441
#: serverguide/C/network-auth.xml:4151(para)
18440
#: serverguide/C/network-auth.xml:4153(para)
18442
18441
msgid ""
18443
18442
"If the computer account was created, indicating that the system was "
18444
18443
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18447
18446
"earlier in this guide."
18448
18447
msgstr ""
18449
18448
18450
#: serverguide/C/network-auth.xml:4155(title)
18449
#: serverguide/C/network-auth.xml:4157(title)
18451
18450
msgid "Home directories with pam_mkhomedir (optional)"
18452
18451
msgstr ""
18453
18452
18454
#: serverguide/C/network-auth.xml:4156(para)
18453
#: serverguide/C/network-auth.xml:4158(para)
18455
18454
msgid ""
18456
18455
"When logging in using an Active Directory user account, it is likely that "
18457
18456
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18460
18459
"after <emphasis>session required pam_unix.so:</emphasis>"
18461
18460
msgstr ""
18462
18461
18463
#: serverguide/C/network-auth.xml:4157(programlisting)
18462
#: serverguide/C/network-auth.xml:4159(programlisting)
18464
18463
#, no-wrap
18465
18464
msgid ""
18466
18465
"\n"
18467
18466
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18468
18467
msgstr ""
18469
18468
18470
#: serverguide/C/network-auth.xml:4161(para)
18469
#: serverguide/C/network-auth.xml:4163(para)
18471
18470
msgid ""
18472
18471
"This may also need <emphasis>override_homedir</emphasis> in "
18473
18472
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18474
18473
"set."
18475
18474
msgstr ""
18476
18475
18477
#: serverguide/C/network-auth.xml:4165(title)
18476
#: serverguide/C/network-auth.xml:4167(title)
18478
18477
msgid "Desktop Ubuntu Authentication"
18479
18478
msgstr ""
18480
18479
18481
#: serverguide/C/network-auth.xml:4166(para)
18480
#: serverguide/C/network-auth.xml:4168(para)
18482
18481
msgid ""
18483
18482
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18484
18483
"Directory accounts. The AD accounts will not show up in the pick list with "
18487
18486
"append the following two lines:"
18488
18487
msgstr ""
18489
18488
18490
#: serverguide/C/network-auth.xml:4168(programlisting)
18489
#: serverguide/C/network-auth.xml:4170(programlisting)
18491
18490
#, no-wrap
18492
18491
msgid ""
18493
18492
"\n"
18495
18494
"greeter-hide-users=true\n"
18496
18495
msgstr ""
18497
18496
18498
#: serverguide/C/network-auth.xml:4173(para)
18497
#: serverguide/C/network-auth.xml:4175(para)
18499
18498
msgid ""
18500
18499
"Reboot to restart lightdm. It should now be possible to log in using a "
18501
18500
"domain account using either <emphasis>username</emphasis> or "
18502
18501
"<emphasis>username/username@domain</emphasis> format."
18503
18502
msgstr ""
18504
18503
18505
#: serverguide/C/network-auth.xml:4179(ulink)
18504
#: serverguide/C/network-auth.xml:4181(ulink)
18506
18505
msgid "SSSD Project"
18507
18506
msgstr ""
18508
18507
18509
#: serverguide/C/network-auth.xml:4180(ulink)
18508
#: serverguide/C/network-auth.xml:4182(ulink)
18510
18509
msgid "DNS Server Configuration guidelines"
18511
18510
msgstr ""
18512
18511
18513
#: serverguide/C/network-auth.xml:4181(ulink)
18512
#: serverguide/C/network-auth.xml:4183(ulink)
18514
18513
msgid "Active Directory DNS Zone Entries"
18515
18514
msgstr ""
18516
18515
18517
#: serverguide/C/network-auth.xml:4182(ulink)
18516
#: serverguide/C/network-auth.xml:4184(ulink)
18518
18517
msgid "Kerberos config options"
18519
18518
msgstr ""
18520
18519
18526
18525
msgid "Attribute"
18527
18526
msgstr ""
18528
18527
18529
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
18528
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18530
18529
msgid "Description"
18531
18530
msgstr ""
18532
18531
18660
18659
"levels are between 0 and 6. The default value is 2."
18661
18660
msgstr ""
18662
18661
18663
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
18662
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18664
18663
msgid "path_selector"
18665
18664
msgstr ""
18666
18665
18695
18694
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
18696
18695
msgstr ""
18697
18696
18698
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
18697
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18699
18698
msgid "path_grouping_policy"
18700
18699
msgstr ""
18701
18700
18738
18737
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
18739
18738
msgstr ""
18740
18739
18741
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
18740
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18742
18741
msgid "getuid_callout"
18743
18742
msgstr ""
18744
18743
18754
18753
"path identifier. An absolute path is required. <placeholder-1/>"
18755
18754
msgstr ""
18756
18755
18757
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
18756
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18758
18757
msgid "prio"
18759
18758
msgstr ""
18760
18759
18810
18809
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
18811
18810
msgstr ""
18812
18811
18813
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
18812
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18814
18813
msgid "prio_args"
18815
18814
msgstr ""
18816
18815
18822
18821
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
18823
18822
msgstr ""
18824
18823
18825
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
18824
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18826
18825
msgid "features"
18827
18826
msgstr ""
18828
18827
18830
18829
msgid "queue_if_no_path"
18831
18830
msgstr ""
18832
18831
18833
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
18832
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18834
18833
msgid "no_path_retry"
18835
18834
msgstr ""
18836
18835
18850
18849
"feature, see Section, <placeholder-4/>."
18851
18850
msgstr ""
18852
18851
18853
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
18852
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18854
18853
msgid "path_checker"
18855
18854
msgstr ""
18856
18855
18900
18899
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18901
18900
msgstr ""
18902
18901
18903
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18902
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18904
18903
msgid "failback"
18905
18904
msgstr ""
18906
18905
18931
18930
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18932
18931
msgstr ""
18933
18932
18934
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18933
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18935
18934
msgid "rr_min_io"
18936
18935
msgstr ""
18937
18936
18945
18944
"the next path in the current path group.<placeholder-1/>"
18946
18945
msgstr ""
18947
18946
18948
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18947
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18949
18948
msgid "rr_weight"
18950
18949
msgstr ""
18951
18950
18999
18998
msgid "alias"
19000
18999
msgstr ""
19001
19000
19002
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
19001
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
19003
19002
msgid "multipath"
19004
19003
msgstr ""
19005
19004
19036
19035
"devices when it is shut down. <placeholder-2/>"
19037
19036
msgstr ""
19038
19037
19039
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
19038
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
19040
19039
msgid "flush_on_last_del"
19041
19040
msgstr ""
19042
19041
19082
19081
"explicit timeout, in seconds. <placeholder-1/>"
19083
19082
msgstr ""
19084
19083
19085
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
19084
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
19086
19085
msgid "fast_io_fail_tmo"
19087
19086
msgstr ""
19088
19087
19098
19097
"this to off will disable the timeout. <placeholder-1/>"
19099
19098
msgstr ""
19100
19099
19101
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
19100
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
19102
19101
msgid "dev_loss_tmo"
19103
19102
msgstr ""
19104
19103
19780
19779
"IMAP server."
19781
19780
msgstr ""
19782
19781
19783
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
19782
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1577(title)
19784
19783
msgid "Postfix"
19785
19784
msgstr "Postfix"
19786
19785
19903
19902
"your Mail Delivery Agent (MDA) to use the same path."
19904
19903
msgstr ""
19905
19904
19906
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19905
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19907
19906
msgid "SMTP Authentication"
19908
19907
msgstr "Autentifikasi SMTP"
19909
19908
20054
20053
"tls_random_source = dev:/dev/urandom\n"
20055
20054
msgstr ""
20056
20055
20057
#: serverguide/C/mail.xml:188(para)
20056
#: serverguide/C/mail.xml:229(para)
20058
20057
msgid ""
20059
20058
"The postfix initial configuration is complete. Run the following command to "
20060
20059
"restart the postfix daemon:"
20064
20063
msgid "sudo service postfix restart"
20065
20064
msgstr ""
20066
20065
20067
#: serverguide/C/mail.xml:197(para)
20066
#: serverguide/C/mail.xml:238(para)
20068
20067
msgid ""
20069
20068
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
20070
20069
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
20073
20072
"AUTH."
20074
20073
msgstr ""
20075
20074
20076
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
20075
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
20077
20076
msgid "Configuring SASL"
20078
20077
msgstr "Mengkonfigurasi SASL"
20079
20078
20080
#: serverguide/C/mail.xml:208(para)
20079
#: serverguide/C/mail.xml:249(para)
20081
20080
msgid ""
20082
20081
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
20083
20082
"enable Dovecot SASL the <application>dovecot-common</application> package "
20084
20083
"will need to be installed. From a terminal prompt enter the following:"
20085
20084
msgstr ""
20086
20085
20087
#: serverguide/C/mail.xml:214(command)
20086
#: serverguide/C/mail.xml:255(command)
20088
20087
msgid "sudo apt-get install dovecot-common"
20089
20088
msgstr ""
20090
20089
20146
20145
"auth_mechanisms = plain login\n"
20147
20146
msgstr ""
20148
20147
20149
#: serverguide/C/mail.xml:253(para)
20148
#: serverguide/C/mail.xml:298(para)
20150
20149
msgid ""
20151
20150
"Once you have <application>Dovecot</application> configured restart it with:"
20152
20151
msgstr ""
20155
20154
msgid "sudo service dovecot restart"
20156
20155
msgstr ""
20157
20156
20158
#: serverguide/C/mail.xml:262(title)
20157
#: serverguide/C/mail.xml:307(title)
20159
20158
msgid "Mail-Stack Delivery"
20160
20159
msgstr ""
20161
20160
20162
#: serverguide/C/mail.xml:264(para)
20161
#: serverguide/C/mail.xml:309(para)
20163
20162
msgid ""
20164
20163
"Another option for configuring <application>Postfix</application> for SMTP-"
20165
20164
"AUTH is using the <application>mail-stack-delivery</application> package "
20170
20169
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
20171
20170
msgstr ""
20172
20171
20173
#: serverguide/C/mail.xml:274(para)
20172
#: serverguide/C/mail.xml:319(para)
20174
20173
msgid ""
20175
20174
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
20176
20175
"server. For example, if you are configuring your server to be a mail "
20178
20177
"the above commands to configure Postfix for SMTP-AUTH."
20179
20178
msgstr ""
20180
20179
20181
#: serverguide/C/mail.xml:281(para)
20180
#: serverguide/C/mail.xml:326(para)
20182
20181
msgid "To install the package, from a terminal prompt enter:"
20183
20182
msgstr ""
20184
20183
20185
#: serverguide/C/mail.xml:286(command)
20184
#: serverguide/C/mail.xml:331(command)
20186
20185
msgid "sudo apt-get install mail-stack-delivery"
20187
20186
msgstr ""
20188
20187
20189
#: serverguide/C/mail.xml:289(para)
20188
#: serverguide/C/mail.xml:334(para)
20190
20189
msgid ""
20191
20190
"You should now have a working mail server, but there are a few options that "
20192
20191
"you may wish to further customize. For example, the package uses the "
20196
20195
"for more details."
20197
20196
msgstr ""
20198
20197
20199
#: serverguide/C/mail.xml:295(para)
20198
#: serverguide/C/mail.xml:340(para)
20200
20199
msgid ""
20201
20200
"Once you have a customized certificate and key for the host, change the "
20202
20201
"following options in <filename>/etc/postfix/main.cf</filename>:"
20203
20202
msgstr ""
20204
20203
20205
#: serverguide/C/mail.xml:299(programlisting)
20204
#: serverguide/C/mail.xml:344(programlisting)
20206
20205
#, no-wrap
20207
20206
msgid ""
20208
20207
"\n"
20210
20209
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
20211
20210
msgstr ""
20212
20211
20213
#: serverguide/C/mail.xml:304(para)
20212
#: serverguide/C/mail.xml:349(para)
20214
20213
msgid "Then restart Postfix:"
20215
20214
msgstr ""
20216
20215
20217
#: serverguide/C/mail.xml:315(para)
20216
#: serverguide/C/mail.xml:360(para)
20218
20217
msgid ""
20219
20218
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
20220
20219
msgstr ""
20221
20220
20222
#: serverguide/C/mail.xml:318(para)
20221
#: serverguide/C/mail.xml:363(para)
20223
20222
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
20224
20223
msgstr ""
20225
20224
20226
#: serverguide/C/mail.xml:323(command)
20225
#: serverguide/C/mail.xml:368(command)
20227
20226
msgid "telnet mail.example.com 25"
20228
20227
msgstr ""
20229
20228
20230
#: serverguide/C/mail.xml:325(para)
20229
#: serverguide/C/mail.xml:370(para)
20231
20230
msgid ""
20232
20231
"After you have established the connection to the postfix mail server, type:"
20233
20232
msgstr ""
20234
20233
20235
#: serverguide/C/mail.xml:329(screen)
20234
#: serverguide/C/mail.xml:374(screen)
20236
20235
#, no-wrap
20237
20236
msgid ""
20238
20237
"\n"
20239
20238
"ehlo mail.example.com\n"
20240
20239
msgstr ""
20241
20240
20242
#: serverguide/C/mail.xml:332(para)
20241
#: serverguide/C/mail.xml:377(para)
20243
20242
msgid ""
20244
20243
"If you see the following lines among others, then everything is working "
20245
20244
"perfectly. Type <command>quit</command> to exit."
20246
20245
msgstr ""
20247
20246
20248
#: serverguide/C/mail.xml:336(programlisting)
20247
#: serverguide/C/mail.xml:381(programlisting)
20249
20248
#, no-wrap
20250
20249
msgid ""
20251
20250
"\n"
20260
20259
"250-AUTH=LOGIN PLAIN\n"
20261
20260
"250 8BITMIME\n"
20262
20261
20263
#: serverguide/C/mail.xml:346(para)
20262
#: serverguide/C/mail.xml:391(para)
20264
20263
msgid ""
20265
20264
"This section introduces some common ways to determine the cause if problems "
20266
20265
"arise."
20267
20266
msgstr ""
20268
20267
20269
#: serverguide/C/mail.xml:350(title)
20268
#: serverguide/C/mail.xml:395(title)
20270
20269
msgid "Escaping chroot"
20271
20270
msgstr ""
20272
20271
20273
#: serverguide/C/mail.xml:351(para)
20272
#: serverguide/C/mail.xml:396(para)
20274
20273
msgid ""
20275
20274
"The Ubuntu <application>postfix</application> package will by default "
20276
20275
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
20277
20276
"This can add greater complexity when troubleshooting problems."
20278
20277
msgstr ""
20279
20278
20280
#: serverguide/C/mail.xml:355(para)
20279
#: serverguide/C/mail.xml:400(para)
20281
20280
msgid ""
20282
20281
"To turn off the chroot operation locate for the following line in the "
20283
20282
"<filename>/etc/postfix/master.cf</filename> configuration file:"
20284
20283
msgstr ""
20285
20284
20286
#: serverguide/C/mail.xml:359(screen)
20285
#: serverguide/C/mail.xml:404(screen)
20287
20286
#, no-wrap
20288
20287
msgid ""
20289
20288
"\n"
20292
20291
"\n"
20293
20292
"smtp inet n - - - - smtpd\n"
20294
20293
20295
#: serverguide/C/mail.xml:362(para)
20294
#: serverguide/C/mail.xml:407(para)
20296
20295
msgid "and modify it as follows:"
20297
20296
msgstr ""
20298
20297
20299
#: serverguide/C/mail.xml:365(screen)
20298
#: serverguide/C/mail.xml:410(screen)
20300
20299
#, no-wrap
20301
20300
msgid ""
20302
20301
"\n"
20305
20304
"\n"
20306
20305
"smtp inet n - n - - smtpd\n"
20307
20306
20308
#: serverguide/C/mail.xml:368(para)
20307
#: serverguide/C/mail.xml:413(para)
20309
20308
msgid ""
20310
20309
"You will then need to restart Postfix to use the new configuration. From a "
20311
20310
"terminal prompt enter:"
20333
20332
"\t "
20334
20333
msgstr ""
20335
20334
20336
#: serverguide/C/mail.xml:376(title)
20335
#: serverguide/C/mail.xml:434(title)
20337
20336
msgid "Log Files"
20338
20337
msgstr ""
20339
20338
20340
#: serverguide/C/mail.xml:377(para)
20339
#: serverguide/C/mail.xml:435(para)
20341
20340
msgid ""
20342
20341
"<application>Postfix</application> sends all log messages to "
20343
20342
"<filename>/var/log/mail.log</filename>. However error and warning messages "
20346
20345
"<filename>/var/log/mail.warn</filename> respectively."
20347
20346
msgstr ""
20348
20347
20349
#: serverguide/C/mail.xml:382(para)
20348
#: serverguide/C/mail.xml:440(para)
20350
20349
msgid ""
20351
20350
"To see messages entered into the logs in real time you can use the "
20352
20351
"<application>tail -f</application> command:"
20353
20352
msgstr ""
20354
20353
20355
#: serverguide/C/mail.xml:387(command)
20354
#: serverguide/C/mail.xml:445(command)
20356
20355
msgid "tail -f /var/log/mail.err"
20357
20356
msgstr ""
20358
20357
20359
#: serverguide/C/mail.xml:389(para)
20358
#: serverguide/C/mail.xml:447(para)
20360
20359
msgid ""
20361
20360
"The amount of detail that is recorded in the logs can be increased. Below "
20362
20361
"are some configuration options for increasing the log level for some of the "
20363
20362
"areas covered above."
20364
20363
msgstr ""
20365
20364
20366
#: serverguide/C/mail.xml:395(para)
20365
#: serverguide/C/mail.xml:453(para)
20367
20366
msgid ""
20368
20367
"To increase <emphasis>TLS</emphasis> activity logging set the "
20369
20368
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20370
20369
msgstr ""
20371
20370
20372
#: serverguide/C/mail.xml:399(command)
20371
#: serverguide/C/mail.xml:457(command)
20373
20372
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20374
20373
msgstr ""
20375
20374
20376
#: serverguide/C/mail.xml:403(para)
20375
#: serverguide/C/mail.xml:461(para)
20377
20376
msgid ""
20378
20377
"If you are having trouble sending or receiving mail from a specific domain "
20379
20378
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20380
20379
msgstr ""
20381
20380
20382
#: serverguide/C/mail.xml:408(command)
20381
#: serverguide/C/mail.xml:466(command)
20383
20382
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20384
20383
msgstr ""
20385
20384
20386
#: serverguide/C/mail.xml:412(para)
20385
#: serverguide/C/mail.xml:470(para)
20387
20386
msgid ""
20388
20387
"You can increase the verbosity of any <application>Postfix</application> "
20389
20388
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20391
20390
"<emphasis>smtp</emphasis> entry:"
20392
20391
msgstr ""
20393
20392
20394
#: serverguide/C/mail.xml:416(programlisting)
20393
#: serverguide/C/mail.xml:474(programlisting)
20395
20394
#, no-wrap
20396
20395
msgid ""
20397
20396
"\n"
20413
20412
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
20414
20413
msgstr ""
20415
20414
20416
#: serverguide/C/mail.xml:433(programlisting)
20415
#: serverguide/C/mail.xml:491(programlisting)
20417
20416
#, no-wrap
20418
20417
msgid ""
20419
20418
"\n"
20428
20427
"reloaded: <command>sudo service dovecot reload</command>."
20429
20428
msgstr ""
20430
20429
20431
#: serverguide/C/mail.xml:446(para)
20430
#: serverguide/C/mail.xml:504(para)
20432
20431
msgid ""
20433
20432
"Some of the options above can drastically increase the amount of information "
20434
20433
"sent to the log files. Remember to return the log level back to normal after "
20436
20435
"new configuration to take affect."
20437
20436
msgstr ""
20438
20437
20439
#: serverguide/C/mail.xml:454(para)
20438
#: serverguide/C/mail.xml:512(para)
20440
20439
msgid ""
20441
20440
"Administering a <application>Postfix</application> server can be a very "
20442
20441
"complicated task. At some point you may need to turn to the Ubuntu community "
20443
20442
"for more experienced help."
20444
20443
msgstr ""
20445
20444
20446
#: serverguide/C/mail.xml:458(para)
20445
#: serverguide/C/mail.xml:516(para)
20447
20446
msgid ""
20448
20447
"A great place to ask for <application>Postfix</application> assistance, and "
20449
20448
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20453
20452
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
20454
20453
msgstr ""
20455
20454
20456
#: serverguide/C/mail.xml:463(para)
20455
#: serverguide/C/mail.xml:521(para)
20457
20456
msgid ""
20458
20457
"For in depth <application>Postfix</application> information Ubuntu "
20459
20458
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
20460
20459
"Book of Postfix</ulink>."
20461
20460
msgstr ""
20462
20461
20463
#: serverguide/C/mail.xml:467(para)
20462
#: serverguide/C/mail.xml:525(para)
20464
20463
msgid ""
20465
20464
"Finally, the <ulink "
20466
20465
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
20474
20473
"Wiki Postfix</ulink> page has more information."
20475
20474
msgstr ""
20476
20475
20477
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
20476
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20478
20477
msgid "Exim4"
20479
20478
msgstr "Exim4"
20480
20479
20481
#: serverguide/C/mail.xml:480(para)
20480
#: serverguide/C/mail.xml:538(para)
20482
20481
msgid ""
20483
20482
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
20484
20483
"developed at the University of Cambridge for use on Unix systems connected "
20488
20487
"<application>sendmail</application>."
20489
20488
msgstr ""
20490
20489
20491
#: serverguide/C/mail.xml:491(para)
20490
#: serverguide/C/mail.xml:549(para)
20492
20491
msgid ""
20493
20492
"To install <application>exim4</application>, run the following command: "
20494
20493
"<screen>\n"
20496
20495
"</screen>"
20497
20496
msgstr ""
20498
20497
20499
#: serverguide/C/mail.xml:500(para)
20498
#: serverguide/C/mail.xml:558(para)
20500
20499
msgid ""
20501
20500
"To configure <application>Exim4</application>, run the following command:"
20502
20501
msgstr ""
20503
20502
20504
#: serverguide/C/mail.xml:504(command)
20503
#: serverguide/C/mail.xml:562(command)
20505
20504
msgid "sudo dpkg-reconfigure exim4-config"
20506
20505
msgstr ""
20507
20506
20508
#: serverguide/C/mail.xml:506(para)
20507
#: serverguide/C/mail.xml:564(para)
20509
20508
msgid ""
20510
20509
"The user interface will be displayed. The user interface lets you configure "
20511
20510
"many parameters. For example, In <application>Exim4</application> the "
20513
20512
"in one file you can configure accordingly in this user interface."
20514
20513
msgstr ""
20515
20514
20516
#: serverguide/C/mail.xml:514(para)
20515
#: serverguide/C/mail.xml:572(para)
20517
20516
msgid ""
20518
20517
"All the parameters you configure in the user interface are stored in "
20519
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20520
"configure, either you re-run the configuration wizard or manually edit this "
20521
"file using your favorite editor. Once you configure, you can run the "
20518
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20519
"re-configure, either you re-run the configuration wizard or manually edit "
20520
"this file using your favorite editor. Once you configure, you can run the "
20522
20521
"following command to generate the master configuration file:"
20523
20522
msgstr ""
20524
20523
20525
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20524
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20526
20525
msgid "sudo update-exim4.conf"
20527
20526
msgstr ""
20528
20527
20529
#: serverguide/C/mail.xml:527(para)
20528
#: serverguide/C/mail.xml:585(para)
20530
20529
msgid ""
20531
20530
"The master configuration file, is generated and it is stored in "
20532
20531
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20533
20532
msgstr ""
20534
20533
20535
#: serverguide/C/mail.xml:533(para)
20534
#: serverguide/C/mail.xml:591(para)
20536
20535
msgid ""
20537
20536
"At any time, you should not edit the master configuration file, "
20538
20537
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20539
20538
"updated automatically every time you run <command>update-exim4.conf</command>"
20540
20539
msgstr ""
20541
20540
20542
#: serverguide/C/mail.xml:541(para)
20541
#: serverguide/C/mail.xml:599(para)
20543
20542
msgid ""
20544
20543
"You can run the following command to start <application>Exim4</application> "
20545
20544
"daemon."
20549
20548
msgid "sudo service exim4 start"
20550
20549
msgstr ""
20551
20550
20552
#: serverguide/C/mail.xml:551(para)
20551
#: serverguide/C/mail.xml:609(para)
20553
20552
msgid ""
20554
20553
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
20555
20554
msgstr ""
20556
20555
20557
#: serverguide/C/mail.xml:554(para)
20556
#: serverguide/C/mail.xml:612(para)
20558
20557
msgid ""
20559
20558
"The first step is to create a certificate for use with TLS. Enter the "
20560
20559
"following into a terminal prompt:"
20561
20560
msgstr ""
20562
20561
20563
#: serverguide/C/mail.xml:558(command)
20562
#: serverguide/C/mail.xml:616(command)
20564
20563
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20565
20564
msgstr ""
20566
20565
20567
#: serverguide/C/mail.xml:560(para)
20566
#: serverguide/C/mail.xml:618(para)
20568
20567
msgid ""
20569
20568
"Now Exim4 needs to be configured for TLS by editing "
20570
20569
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
20571
20570
"the following:"
20572
20571
msgstr ""
20573
20572
20574
#: serverguide/C/mail.xml:564(programlisting)
20573
#: serverguide/C/mail.xml:622(programlisting)
20575
20574
#, no-wrap
20576
20575
msgid ""
20577
20576
"\n"
20578
20577
"MAIN_TLS_ENABLE = yes\n"
20579
20578
msgstr ""
20580
20579
20581
#: serverguide/C/mail.xml:567(para)
20580
#: serverguide/C/mail.xml:625(para)
20582
20581
msgid ""
20583
20582
"Next you need to configure <application>Exim4</application> to use the "
20584
20583
"<application>saslauthd</application> for authentication. Edit "
20587
20586
"<emphasis>login_saslauthd_server</emphasis> sections:"
20588
20587
msgstr ""
20589
20588
20590
#: serverguide/C/mail.xml:572(programlisting)
20589
#: serverguide/C/mail.xml:630(programlisting)
20591
20590
#, no-wrap
20592
20591
msgid ""
20593
20592
"\n"
20613
20612
" .endif\n"
20614
20613
msgstr ""
20615
20614
20616
#: serverguide/C/mail.xml:594(para)
20615
#: serverguide/C/mail.xml:652(para)
20617
20616
msgid ""
20618
20617
"Additionally, in order for outside mail client to be able to connect to new "
20619
20618
"exim server, new user needs to be added into exim by using the following "
20624
20623
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
20625
20624
msgstr ""
20626
20625
20627
#: serverguide/C/mail.xml:600(para)
20626
#: serverguide/C/mail.xml:658(para)
20628
20627
msgid ""
20629
20628
"Users should protect the new exim password files with the following commands."
20630
20629
msgstr ""
20631
20630
20632
#: serverguide/C/mail.xml:602(command)
20631
#: serverguide/C/mail.xml:660(command)
20633
20632
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
20634
20633
msgstr ""
20635
20634
20636
#: serverguide/C/mail.xml:603(command)
20635
#: serverguide/C/mail.xml:661(command)
20637
20636
msgid "sudo chmod 640 /etc/exim4/passwd"
20638
20637
msgstr ""
20639
20638
20640
#: serverguide/C/mail.xml:605(para)
20639
#: serverguide/C/mail.xml:663(para)
20641
20640
msgid "Finally, update the Exim4 configuration and restart the service:"
20642
20641
msgstr ""
20643
20642
20645
20644
msgid "sudo service exim4 restart"
20646
20645
msgstr ""
20647
20646
20648
#: serverguide/C/mail.xml:615(para)
20647
#: serverguide/C/mail.xml:673(para)
20649
20648
msgid ""
20650
20649
"This section provides details on configuring the saslauthd to provide "
20651
20650
"authentication for <application>Exim4</application>."
20652
20651
msgstr ""
20653
20652
20654
#: serverguide/C/mail.xml:618(para)
20653
#: serverguide/C/mail.xml:676(para)
20655
20654
msgid ""
20656
20655
"The first step is to install the sasl2-bin package. From a terminal prompt "
20657
20656
"enter the following:"
20658
20657
msgstr ""
20659
20658
20660
#: serverguide/C/mail.xml:622(command)
20659
#: serverguide/C/mail.xml:680(command)
20661
20660
msgid "sudo apt-get install sasl2-bin"
20662
20661
msgstr ""
20663
20662
20664
#: serverguide/C/mail.xml:624(para)
20663
#: serverguide/C/mail.xml:682(para)
20665
20664
msgid ""
20666
20665
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20667
20666
"and set START=no to:"
20668
20667
msgstr ""
20669
20668
20670
#: serverguide/C/mail.xml:630(para)
20669
#: serverguide/C/mail.xml:688(para)
20671
20670
msgid ""
20672
20671
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20673
20672
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20674
20673
"service:"
20675
20674
msgstr ""
20676
20675
20677
#: serverguide/C/mail.xml:635(command)
20676
#: serverguide/C/mail.xml:693(command)
20678
20677
msgid "sudo adduser Debian-exim sasl"
20679
20678
msgstr ""
20680
20679
20681
#: serverguide/C/mail.xml:637(para)
20680
#: serverguide/C/mail.xml:695(para)
20682
20681
msgid "Now start the <application>saslauthd</application> service:"
20683
20682
msgstr ""
20684
20683
20686
20685
msgid "sudo service saslauthd start"
20687
20686
msgstr ""
20688
20687
20689
#: serverguide/C/mail.xml:643(para)
20688
#: serverguide/C/mail.xml:701(para)
20690
20689
msgid ""
20691
20690
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20692
20691
"and SASL authentication."
20693
20692
msgstr ""
20694
20693
20695
#: serverguide/C/mail.xml:652(para)
20694
#: serverguide/C/mail.xml:710(para)
20696
20695
msgid ""
20697
20696
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20698
20697
"information."
20699
20698
msgstr ""
20700
20699
20701
#: serverguide/C/mail.xml:657(para)
20700
#: serverguide/C/mail.xml:715(para)
20702
20701
msgid ""
20703
20702
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20704
20703
"server\">Exim4 Book</ulink> available."
20705
20704
msgstr ""
20706
20705
20707
#: serverguide/C/mail.xml:662(para)
20706
#: serverguide/C/mail.xml:720(para)
20708
20707
msgid ""
20709
20708
"Another resource is the <ulink "
20710
20709
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20711
20710
"page."
20712
20711
msgstr ""
20713
20712
20714
#: serverguide/C/mail.xml:671(title)
20713
#: serverguide/C/mail.xml:729(title)
20715
20714
msgid "Dovecot Server"
20716
20715
msgstr "Server Dovecot"
20717
20716
20718
#: serverguide/C/mail.xml:672(para)
20717
#: serverguide/C/mail.xml:730(para)
20719
20718
msgid ""
20720
20719
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20721
20720
"security primarily in mind. It supports the major mailbox formats: mbox or "
20722
20721
"Maildir. This section explain how to set it up as an imap or pop3 server."
20723
20722
msgstr ""
20724
20723
20725
#: serverguide/C/mail.xml:680(para)
20724
#: serverguide/C/mail.xml:738(para)
20726
20725
msgid ""
20727
20726
"To install <application>dovecot</application>, run the following command in "
20728
20727
"the command prompt:"
20729
20728
msgstr ""
20730
20729
20731
#: serverguide/C/mail.xml:685(command)
20730
#: serverguide/C/mail.xml:743(command)
20732
20731
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20733
20732
msgstr ""
20734
20733
20735
#: serverguide/C/mail.xml:690(para)
20734
#: serverguide/C/mail.xml:748(para)
20736
20735
msgid ""
20737
20736
"To configure <application>dovecot</application>, you can edit the file "
20738
20737
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20744
20743
"link>."
20745
20744
msgstr ""
20746
20745
20747
#: serverguide/C/mail.xml:700(para)
20746
#: serverguide/C/mail.xml:758(para)
20748
20747
msgid ""
20749
20748
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
20750
20749
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
20751
20750
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
20752
20751
msgstr ""
20753
20752
20754
#: serverguide/C/mail.xml:706(programlisting)
20753
#: serverguide/C/mail.xml:764(programlisting)
20755
20754
#, no-wrap
20756
20755
msgid ""
20757
20756
"\n"
20778
20777
"following line:"
20779
20778
msgstr ""
20780
20779
20781
#: serverguide/C/mail.xml:722(programlisting)
20780
#: serverguide/C/mail.xml:780(programlisting)
20782
20781
#, no-wrap
20783
20782
msgid ""
20784
20783
"\n"
20791
20790
"or\n"
20792
20791
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
20793
20792
20794
#: serverguide/C/mail.xml:728(para)
20793
#: serverguide/C/mail.xml:786(para)
20795
20794
msgid ""
20796
20795
"You should configure your Mail Transport Agent (MTA) to transfer the "
20797
20796
"incoming mail to this type of mailbox if it is different from the one you "
20798
20797
"have configured."
20799
20798
msgstr ""
20800
20799
20801
#: serverguide/C/mail.xml:734(para)
20800
#: serverguide/C/mail.xml:792(para)
20802
20801
msgid ""
20803
20802
"Once you have configured dovecot, restart the "
20804
20803
"<application>dovecot</application> daemon in order to test your setup:"
20805
20804
msgstr ""
20806
20805
20807
#: serverguide/C/mail.xml:743(para)
20806
#: serverguide/C/mail.xml:801(para)
20808
20807
msgid ""
20809
20808
"If you have enabled imap, or pop3, you can also try to log in with the "
20810
20809
"commands <command>telnet localhost pop3</command> or <command>telnet "
20812
20811
"installation has been successful:"
20813
20812
msgstr ""
20814
20813
20815
#: serverguide/C/mail.xml:750(programlisting)
20814
#: serverguide/C/mail.xml:808(programlisting)
20816
20815
#, no-wrap
20817
20816
msgid ""
20818
20817
"\n"
20829
20828
"Escape character is '^]'.\n"
20830
20829
"+OK Dovecot ready.\n"
20831
20830
20832
#: serverguide/C/mail.xml:759(title)
20831
#: serverguide/C/mail.xml:817(title)
20833
20832
msgid "Dovecot SSL Configuration"
20834
20833
msgstr "Konfigurasi SSL Dovecot"
20835
20834
20852
20851
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
20853
20852
msgstr ""
20854
20853
20855
#: serverguide/C/mail.xml:786(title)
20854
#: serverguide/C/mail.xml:845(title)
20856
20855
msgid "Firewall Configuration for an Email Server"
20857
20856
msgstr "Konfigurasi Firewall untuk Server Imel"
20858
20857
20859
#: serverguide/C/mail.xml:792(para)
20858
#: serverguide/C/mail.xml:851(para)
20860
20859
msgid "IMAP - 143"
20861
20860
msgstr "IMAP - 143"
20862
20861
20863
#: serverguide/C/mail.xml:793(para)
20862
#: serverguide/C/mail.xml:852(para)
20864
20863
msgid "IMAPS - 993"
20865
20864
msgstr "IMAPS - 993"
20866
20865
20867
#: serverguide/C/mail.xml:794(para)
20866
#: serverguide/C/mail.xml:853(para)
20868
20867
msgid "POP3 - 110"
20869
20868
msgstr "POP3 - 110"
20870
20869
20871
#: serverguide/C/mail.xml:795(para)
20870
#: serverguide/C/mail.xml:854(para)
20872
20871
msgid "POP3S - 995"
20873
20872
msgstr "POP3S - 995"
20874
20873
20875
#: serverguide/C/mail.xml:787(para)
20874
#: serverguide/C/mail.xml:846(para)
20876
20875
msgid ""
20877
20876
"To access your mail server from another computer, you must configure your "
20878
20877
"firewall to allow connections to the server on the necessary ports. "
20882
20881
"firewall agar mengizinkan koneksi ke server pada port yang diperlukan. "
20883
20882
"<placeholder-1/>"
20884
20883
20885
#: serverguide/C/mail.xml:804(para)
20884
#: serverguide/C/mail.xml:863(para)
20886
20885
msgid ""
20887
20886
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20888
20887
"more information."
20889
20888
msgstr ""
20890
20889
20891
#: serverguide/C/mail.xml:809(para)
20890
#: serverguide/C/mail.xml:868(para)
20892
20891
msgid ""
20893
20892
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20894
20893
"Ubuntu Wiki</ulink> page has more details."
20895
20894
msgstr ""
20896
20895
20897
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20896
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20898
20897
msgid "Mailman"
20899
20898
msgstr "Mailman"
20900
20899
20901
#: serverguide/C/mail.xml:819(para)
20900
#: serverguide/C/mail.xml:878(para)
20902
20901
msgid ""
20903
20902
"Mailman is an open source program for managing electronic mail discussions "
20904
20903
"and e-newsletter lists. Many open source mailing lists (including all the "
20912
20911
"Mailman sebagai perangkat lunak untuk milis mereka. Mailman sangat handal "
20913
20912
"dan mudah untuk diinstal dan dikelola."
20914
20913
20915
#: serverguide/C/mail.xml:829(para)
20914
#: serverguide/C/mail.xml:888(para)
20916
20915
msgid ""
20917
20916
"Mailman provides a web interface for the administrators and users, using an "
20918
20917
"external mail server to send and receive emails. It works perfectly with the "
20919
20918
"following mail servers:"
20920
20919
msgstr ""
20921
20920
20922
#: serverguide/C/mail.xml:840(application)
20921
#: serverguide/C/mail.xml:899(application)
20923
20922
msgid "Exim"
20924
20923
msgstr "Exim"
20925
20924
20926
#: serverguide/C/mail.xml:843(application)
20925
#: serverguide/C/mail.xml:902(application)
20927
20926
msgid "Sendmail"
20928
20927
msgstr "Sendmail"
20929
20928
20930
#: serverguide/C/mail.xml:846(application)
20929
#: serverguide/C/mail.xml:905(application)
20931
20930
msgid "Qmail"
20932
20931
msgstr "Qmail"
20933
20932
20934
#: serverguide/C/mail.xml:851(para)
20933
#: serverguide/C/mail.xml:910(para)
20935
20934
msgid ""
20936
20935
"We will see how to install and configure Mailman with, the Apache web "
20937
20936
"server, and either the Postfix or Exim mail server. If you wish to install "
20938
20937
"Mailman with a different mail server, please refer to the references section."
20939
20938
msgstr ""
20940
20939
20941
#: serverguide/C/mail.xml:858(para)
20940
#: serverguide/C/mail.xml:917(para)
20942
20941
msgid ""
20943
20942
"You only need to install one mail server and "
20944
20943
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20945
20944
msgstr ""
20946
20945
20947
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20946
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20948
20947
msgid "Apache2"
20949
20948
msgstr "Apache2"
20950
20949
20951
#: serverguide/C/mail.xml:864(para)
20950
#: serverguide/C/mail.xml:923(para)
20952
20951
msgid ""
20953
20952
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20954
20953
"details."
20955
20954
msgstr ""
20956
20955
20957
#: serverguide/C/mail.xml:870(para)
20956
#: serverguide/C/mail.xml:929(para)
20958
20957
msgid ""
20959
20958
"For instructions on installing and configuring Postfix refer to <xref "
20960
20959
"linkend=\"postfix\"/>"
20961
20960
msgstr ""
20962
20961
20963
#: serverguide/C/mail.xml:876(para)
20962
#: serverguide/C/mail.xml:935(para)
20964
20963
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20965
20964
msgstr ""
20966
20965
20967
#: serverguide/C/mail.xml:879(para)
20966
#: serverguide/C/mail.xml:938(para)
20968
20967
msgid ""
20969
20968
"Once exim4 is installed, the configuration files are stored in the "
20970
20969
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20973
20972
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20974
20973
msgstr ""
20975
20974
20976
#: serverguide/C/mail.xml:886(programlisting)
20975
#: serverguide/C/mail.xml:945(programlisting)
20977
20976
#, no-wrap
20978
20977
msgid ""
20979
20978
"\n"
20980
20979
"dc_use_split_config='true'\n"
20981
20980
msgstr ""
20982
20981
20983
#: serverguide/C/mail.xml:894(para)
20982
#: serverguide/C/mail.xml:953(para)
20984
20983
msgid ""
20985
20984
"To install <application>Mailman</application>, run following command at a "
20986
20985
"terminal prompt:"
20987
20986
msgstr ""
20988
20987
20989
#: serverguide/C/mail.xml:898(command)
20988
#: serverguide/C/mail.xml:957(command)
20990
20989
msgid "sudo apt-get install mailman"
20991
20990
msgstr ""
20992
20991
20993
#: serverguide/C/mail.xml:900(para)
20992
#: serverguide/C/mail.xml:959(para)
20994
20993
msgid ""
20995
20994
"It copies the installation files in "
20996
20995
"<application>/var/lib/mailman</application> directory. It installs the CGI "
21000
20999
"this user."
21001
21000
msgstr ""
21002
21001
21003
#: serverguide/C/mail.xml:912(para)
21002
#: serverguide/C/mail.xml:971(para)
21004
21003
msgid ""
21005
21004
"This section assumes you have successfully installed "
21006
21005
"<application>mailman</application>, <application>apache2</application>, and "
21008
21007
"you just need to configure them."
21009
21008
msgstr ""
21010
21009
21011
#: serverguide/C/mail.xml:921(para)
21010
#: serverguide/C/mail.xml:980(para)
21012
21011
msgid ""
21013
21012
"An example Apache configuration file comes with "
21014
21013
"<application>Mailman</application> and is placed in "
21017
21016
"available</filename>:"
21018
21017
msgstr ""
21019
21018
21020
#: serverguide/C/mail.xml:927(command)
21019
#: serverguide/C/mail.xml:986(command)
21021
21020
msgid ""
21022
21021
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
21023
21022
msgstr ""
21024
21023
21025
#: serverguide/C/mail.xml:929(para)
21024
#: serverguide/C/mail.xml:988(para)
21026
21025
msgid ""
21027
21026
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
21028
21027
"Mailman administration site. Now enable the new configuration and restart "
21029
21028
"Apache:"
21030
21029
msgstr ""
21031
21030
21032
#: serverguide/C/mail.xml:934(command)
21031
#: serverguide/C/mail.xml:993(command)
21033
21032
msgid "sudo a2ensite mailman.conf"
21034
21033
msgstr ""
21035
21034
21036
#: serverguide/C/mail.xml:937(para)
21035
#: serverguide/C/mail.xml:996(para)
21037
21036
msgid ""
21038
21037
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
21039
21038
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
21042
21041
"available/mailman.conf</filename> file if you wish to change this behavior."
21043
21042
msgstr ""
21044
21043
21045
#: serverguide/C/mail.xml:948(para)
21044
#: serverguide/C/mail.xml:1007(para)
21046
21045
msgid ""
21047
21046
"For <application>Postfix</application> integration, we will associate the "
21048
21047
"domain lists.example.com with the mailing lists. Please replace "
21049
21048
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
21050
21049
msgstr ""
21051
21050
21052
#: serverguide/C/mail.xml:952(para)
21051
#: serverguide/C/mail.xml:1011(para)
21053
21052
msgid ""
21054
21053
"You can use the postconf command to add the necessary configuration to "
21055
21054
"<filename>/etc/postfix/main.cf</filename>:"
21056
21055
msgstr ""
21057
21056
21058
#: serverguide/C/mail.xml:956(command)
21057
#: serverguide/C/mail.xml:1015(command)
21059
21058
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
21060
21059
msgstr ""
21061
21060
21062
#: serverguide/C/mail.xml:957(command)
21061
#: serverguide/C/mail.xml:1016(command)
21063
21062
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
21064
21063
msgstr ""
21065
21064
21066
#: serverguide/C/mail.xml:958(command)
21065
#: serverguide/C/mail.xml:1017(command)
21067
21066
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
21068
21067
msgstr ""
21069
21068
21070
#: serverguide/C/mail.xml:960(para)
21069
#: serverguide/C/mail.xml:1019(para)
21071
21070
msgid ""
21072
21071
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
21073
21072
"the following transport:"
21074
21073
msgstr ""
21075
21074
21076
#: serverguide/C/mail.xml:963(programlisting)
21075
#: serverguide/C/mail.xml:1022(programlisting)
21077
21076
#, no-wrap
21078
21077
msgid ""
21079
21078
"\n"
21082
21081
" ${nexthop} ${user}\n"
21083
21082
msgstr ""
21084
21083
21085
#: serverguide/C/mail.xml:968(para)
21084
#: serverguide/C/mail.xml:1027(para)
21086
21085
msgid ""
21087
21086
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
21088
21087
"is delivered to a list."
21089
21088
msgstr ""
21090
21089
21091
#: serverguide/C/mail.xml:971(para)
21090
#: serverguide/C/mail.xml:1030(para)
21092
21091
msgid ""
21093
21092
"Associate the domain lists.example.com to the Mailman transport with the "
21094
21093
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
21095
21094
msgstr ""
21096
21095
21097
#: serverguide/C/mail.xml:974(programlisting)
21096
#: serverguide/C/mail.xml:1033(programlisting)
21098
21097
#, no-wrap
21099
21098
msgid ""
21100
21099
"\n"
21101
21100
"lists.example.com mailman:\n"
21102
21101
msgstr ""
21103
21102
21104
#: serverguide/C/mail.xml:977(para)
21103
#: serverguide/C/mail.xml:1036(para)
21105
21104
msgid ""
21106
21105
"Now have <application>Postfix</application> build the transport map by "
21107
21106
"entering the following from a terminal prompt:"
21108
21107
msgstr ""
21109
21108
21110
#: serverguide/C/mail.xml:981(command)
21109
#: serverguide/C/mail.xml:1040(command)
21111
21110
msgid "sudo postmap -v /etc/postfix/transport"
21112
21111
msgstr ""
21113
21112
21114
#: serverguide/C/mail.xml:983(para)
21113
#: serverguide/C/mail.xml:1042(para)
21115
21114
msgid "Then restart Postfix to enable the new configurations:"
21116
21115
msgstr ""
21117
21116
21118
#: serverguide/C/mail.xml:992(para)
21117
#: serverguide/C/mail.xml:1051(para)
21119
21118
msgid ""
21120
21119
"Once Exim4 is installed, you can start the Exim server using the following "
21121
21120
"command from a terminal prompt:"
21122
21121
msgstr ""
21123
21122
21124
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21123
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21125
21124
msgid "Main"
21126
21125
msgstr "Main"
21127
21126
21128
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21127
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21129
21128
msgid "Transport"
21130
21129
msgstr "Transport"
21131
21130
21132
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21131
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21133
21132
msgid "Router"
21134
21133
msgstr "Router"
21135
21134
21136
#: serverguide/C/mail.xml:999(para)
21135
#: serverguide/C/mail.xml:1058(para)
21137
21136
msgid ""
21138
21137
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21139
21138
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21145
21144
"is very important."
21146
21145
msgstr ""
21147
21146
21148
#: serverguide/C/mail.xml:1030(programlisting)
21147
#: serverguide/C/mail.xml:1089(programlisting)
21149
21148
#, no-wrap
21150
21149
msgid ""
21151
21150
"\n"
21208
21207
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
21209
21208
"# end\n"
21210
21209
21211
#: serverguide/C/mail.xml:1024(para)
21210
#: serverguide/C/mail.xml:1083(para)
21212
21211
msgid ""
21213
21212
"All the configuration files belonging to the main type are stored in the "
21214
21213
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
21216
21215
"config_mailman</filename>: <placeholder-1/>"
21217
21216
msgstr ""
21218
21217
21219
#: serverguide/C/mail.xml:1070(programlisting)
21218
#: serverguide/C/mail.xml:1129(programlisting)
21220
21219
#, no-wrap
21221
21220
msgid ""
21222
21221
"\n"
21247
21246
" user = MM_UID\n"
21248
21247
" group = MM_GID\n"
21249
21248
21250
#: serverguide/C/mail.xml:1064(para)
21249
#: serverguide/C/mail.xml:1123(para)
21251
21250
msgid ""
21252
21251
"All the configuration files belonging to transport type are stored in the "
21253
21252
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
21255
21254
"config_mailman</filename>: <placeholder-1/>"
21256
21255
msgstr ""
21257
21256
21258
#: serverguide/C/mail.xml:1091(programlisting)
21257
#: serverguide/C/mail.xml:1150(programlisting)
21259
21258
#, no-wrap
21260
21259
msgid ""
21261
21260
"\n"
21278
21277
" -owner : -request : -admin\n"
21279
21278
" transport = mailman_transport\n"
21280
21279
21281
#: serverguide/C/mail.xml:1087(para)
21280
#: serverguide/C/mail.xml:1146(para)
21282
21281
msgid ""
21283
21282
"All the configuration files belonging to router type are stored in the "
21284
21283
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
21286
21285
"config_mailman</filename>: <placeholder-1/>"
21287
21286
msgstr ""
21288
21287
21289
#: serverguide/C/mail.xml:1104(para)
21288
#: serverguide/C/mail.xml:1163(para)
21290
21289
msgid ""
21291
21290
"The order of main and transport configuration files can be in any order. "
21292
21291
"But, the order of router configuration files must be the same. This "
21296
21295
"details, please refer to the references section."
21297
21296
msgstr ""
21298
21297
21299
#: serverguide/C/mail.xml:1117(para)
21298
#: serverguide/C/mail.xml:1176(para)
21300
21299
msgid ""
21301
21300
"Once mailman is installed, you can run it using the following command:"
21302
21301
msgstr ""
21305
21304
msgid "sudo service mailman start"
21306
21305
msgstr ""
21307
21306
21308
#: serverguide/C/mail.xml:1123(para)
21307
#: serverguide/C/mail.xml:1182(para)
21309
21308
msgid ""
21310
21309
"Once mailman is installed, you should create the default mailing list. Run "
21311
21310
"the following command to create the mailing list:"
21312
21311
msgstr ""
21313
21312
21314
#: serverguide/C/mail.xml:1129(command)
21313
#: serverguide/C/mail.xml:1188(command)
21315
21314
msgid "sudo /usr/sbin/newlist mailman"
21316
21315
msgstr ""
21317
21316
21318
#: serverguide/C/mail.xml:1132(programlisting)
21317
#: serverguide/C/mail.xml:1191(programlisting)
21319
21318
#, no-wrap
21320
21319
msgid ""
21321
21320
"\n"
21372
21371
"\n"
21373
21372
" # \n"
21374
21373
21375
#: serverguide/C/mail.xml:1155(para)
21374
#: serverguide/C/mail.xml:1214(para)
21376
21375
msgid ""
21377
21376
"We have configured either Postfix or Exim4 to recognize all emails from "
21378
21377
"mailman. So, it is not mandatory to make any new entries in "
21381
21380
"continuing to next section."
21382
21381
msgstr ""
21383
21382
21384
#: serverguide/C/mail.xml:1163(para)
21383
#: serverguide/C/mail.xml:1222(para)
21385
21384
msgid ""
21386
21385
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
21387
21386
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
21389
21388
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
21390
21389
msgstr ""
21391
21390
21392
#: serverguide/C/mail.xml:1174(title)
21391
#: serverguide/C/mail.xml:1233(title)
21393
21392
msgid "Administration"
21394
21393
msgstr "Administrasi"
21395
21394
21396
#: serverguide/C/mail.xml:1175(para)
21395
#: serverguide/C/mail.xml:1234(para)
21397
21396
msgid ""
21398
21397
"We assume you have a default installation. The mailman cgi scripts are still "
21399
21398
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
21401
21400
"point your browser to the following url:"
21402
21401
msgstr ""
21403
21402
21404
#: serverguide/C/mail.xml:1183(para)
21403
#: serverguide/C/mail.xml:1242(para)
21405
21404
msgid "http://hostname/cgi-bin/mailman/admin"
21406
21405
msgstr "http://hostname/cgi-bin/mailman/admin"
21407
21406
21408
#: serverguide/C/mail.xml:1187(para)
21407
#: serverguide/C/mail.xml:1246(para)
21409
21408
msgid ""
21410
21409
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21411
21410
"screen. If you click the mailing list name, it will ask for your "
21416
21415
"mailing list using the web interface."
21417
21416
msgstr ""
21418
21417
21419
#: serverguide/C/mail.xml:1200(title)
21418
#: serverguide/C/mail.xml:1259(title)
21420
21419
msgid "Users"
21421
21420
msgstr "Pengguna"
21422
21421
21423
#: serverguide/C/mail.xml:1201(para)
21422
#: serverguide/C/mail.xml:1260(para)
21424
21423
msgid ""
21425
21424
"Mailman provides a web based interface for users. To access this page, point "
21426
21425
"your browser to the following url:"
21428
21427
"Mailman menyediakan antarmuka untuk pengguna yang berbasis web. Untuk "
21429
21428
"mengakses halaman ini, arahkan browser Anda ke url berikut:"
21430
21429
21431
#: serverguide/C/mail.xml:1206(para)
21430
#: serverguide/C/mail.xml:1265(para)
21432
21431
msgid "http://hostname/cgi-bin/mailman/listinfo"
21433
21432
msgstr "http://hostname/cgi-bin/mailman/listinfo"
21434
21433
21435
#: serverguide/C/mail.xml:1210(para)
21434
#: serverguide/C/mail.xml:1269(para)
21436
21435
msgid ""
21437
21436
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21438
21437
"screen. If you click the mailing list name, it will display the subscription "
21441
21440
"instructions in the email to subscribe."
21442
21441
msgstr ""
21443
21442
21444
#: serverguide/C/mail.xml:1222(ulink)
21443
#: serverguide/C/mail.xml:1281(ulink)
21445
21444
msgid "GNU Mailman - Installation Manual"
21446
21445
msgstr "GNU Mailman - Manual Instalasi"
21447
21446
21448
#: serverguide/C/mail.xml:1226(ulink)
21447
#: serverguide/C/mail.xml:1285(ulink)
21449
21448
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
21450
21449
msgstr "HOWTO - Menggunakan Exim 4 dan Mailman 2.1 secara bersamaan"
21451
21450
21452
#: serverguide/C/mail.xml:1229(para)
21451
#: serverguide/C/mail.xml:1288(para)
21453
21452
msgid ""
21454
21453
"Also, see the <ulink "
21455
21454
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
21456
21455
"Wiki</ulink> page."
21457
21456
msgstr ""
21458
21457
21459
#: serverguide/C/mail.xml:1235(title)
21458
#: serverguide/C/mail.xml:1294(title)
21460
21459
msgid "Mail Filtering"
21461
21460
msgstr ""
21462
21461
21463
#: serverguide/C/mail.xml:1236(para)
21462
#: serverguide/C/mail.xml:1295(para)
21464
21463
msgid ""
21465
21464
"One of the largest issues with email today is the problem of Unsolicited "
21466
21465
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
21468
21467
"the bulk of all email traffic on the Internet."
21469
21468
msgstr ""
21470
21469
21471
#: serverguide/C/mail.xml:1241(para)
21470
#: serverguide/C/mail.xml:1300(para)
21472
21471
msgid ""
21473
21472
"This section will cover integrating <application>Amavisd-new</application>, "
21474
21473
"<application>Spamassassin</application>, and "
21482
21481
"spf</application>."
21483
21482
msgstr ""
21484
21483
21485
#: serverguide/C/mail.xml:1251(para)
21484
#: serverguide/C/mail.xml:1310(para)
21486
21485
msgid ""
21487
21486
"<application>Amavisd-new</application> is a wrapper program that can call "
21488
21487
"any number of content filtering programs for spam detection, antivirus, etc."
21489
21488
msgstr ""
21490
21489
21491
#: serverguide/C/mail.xml:1257(para)
21490
#: serverguide/C/mail.xml:1316(para)
21492
21491
msgid ""
21493
21492
"<application>Spamassassin</application> uses a variety of mechanisms to "
21494
21493
"filter email based on the message content."
21495
21494
msgstr ""
21496
21495
21497
#: serverguide/C/mail.xml:1262(para)
21496
#: serverguide/C/mail.xml:1321(para)
21498
21497
msgid ""
21499
21498
"<application>ClamAV</application> is an open source antivirus application."
21500
21499
msgstr ""
21501
21500
21502
#: serverguide/C/mail.xml:1267(para)
21501
#: serverguide/C/mail.xml:1326(para)
21503
21502
msgid ""
21504
21503
"<application>opendkim</application> implements a Sendmail Mail Filter "
21505
21504
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21506
21505
msgstr ""
21507
21506
21508
#: serverguide/C/mail.xml:1273(para)
21507
#: serverguide/C/mail.xml:1332(para)
21509
21508
msgid ""
21510
21509
"<application>python-policyd-spf</application> enables Sender Policy "
21511
21510
"Framework (SPF) checking with <application>Postfix</application>."
21512
21511
msgstr ""
21513
21512
21514
#: serverguide/C/mail.xml:1278(para)
21513
#: serverguide/C/mail.xml:1337(para)
21515
21514
msgid "This is how the pieces fit together:"
21516
21515
msgstr ""
21517
21516
21518
#: serverguide/C/mail.xml:1283(para)
21517
#: serverguide/C/mail.xml:1342(para)
21519
21518
msgid "An email message is accepted by <application>Postfix</application>."
21520
21519
msgstr ""
21521
21520
21522
#: serverguide/C/mail.xml:1288(para)
21521
#: serverguide/C/mail.xml:1347(para)
21523
21522
msgid ""
21524
21523
"The message is passed through any external filters "
21525
21524
"<application>opendkim</application> and <application>python-policyd-"
21526
21525
"spf</application> in this case."
21527
21526
msgstr ""
21528
21527
21529
#: serverguide/C/mail.xml:1294(para)
21528
#: serverguide/C/mail.xml:1353(para)
21530
21529
msgid "<application>Amavisd-new</application> then processes the message."
21531
21530
msgstr ""
21532
21531
21533
#: serverguide/C/mail.xml:1299(para)
21532
#: serverguide/C/mail.xml:1358(para)
21534
21533
msgid ""
21535
21534
"<application>ClamAV</application> is used to scan the message. If the "
21536
21535
"message contains a virus <application>Postfix</application> will reject the "
21537
21536
"message."
21538
21537
msgstr ""
21539
21538
21540
#: serverguide/C/mail.xml:1305(para)
21539
#: serverguide/C/mail.xml:1364(para)
21541
21540
msgid ""
21542
21541
"Clean messages will then be analyzed by "
21543
21542
"<application>Spamassassin</application> to find out if the message is spam. "
21546
21545
"message."
21547
21546
msgstr ""
21548
21547
21549
#: serverguide/C/mail.xml:1312(para)
21548
#: serverguide/C/mail.xml:1371(para)
21550
21549
msgid ""
21551
21550
"For example, if a message has a Spam score of over fifty the message could "
21552
21551
"be automatically dropped from the queue without the recipient ever having to "
21555
21554
"see fit."
21556
21555
msgstr ""
21557
21556
21558
#: serverguide/C/mail.xml:1319(para)
21557
#: serverguide/C/mail.xml:1378(para)
21559
21558
msgid ""
21560
21559
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21561
21560
"configuring Postfix."
21562
21561
msgstr ""
21563
21562
21564
#: serverguide/C/mail.xml:1322(para)
21563
#: serverguide/C/mail.xml:1381(para)
21565
21564
msgid ""
21566
21565
"To install the rest of the applications enter the following from a terminal "
21567
21566
"prompt:"
21568
21567
msgstr ""
21569
21568
21570
#: serverguide/C/mail.xml:1326(command)
21569
#: serverguide/C/mail.xml:1385(command)
21571
21570
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21572
21571
msgstr ""
21573
21572
21574
#: serverguide/C/mail.xml:1327(command)
21573
#: serverguide/C/mail.xml:1386(command)
21575
21574
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21576
21575
msgstr ""
21577
21576
21578
#: serverguide/C/mail.xml:1329(para)
21577
#: serverguide/C/mail.xml:1388(para)
21579
21578
msgid ""
21580
21579
"There are some optional packages that integrate with "
21581
21580
"<application>Spamassassin</application> for better spam detection:"
21582
21581
msgstr ""
21583
21582
21584
#: serverguide/C/mail.xml:1333(command)
21583
#: serverguide/C/mail.xml:1392(command)
21585
21584
msgid "sudo apt-get install pyzor razor"
21586
21585
msgstr ""
21587
21586
21588
#: serverguide/C/mail.xml:1335(para)
21587
#: serverguide/C/mail.xml:1394(para)
21589
21588
msgid ""
21590
21589
"Along with the main filtering applications compression utilities are needed "
21591
21590
"to process some email attachments:"
21592
21591
msgstr ""
21593
21592
21594
#: serverguide/C/mail.xml:1339(command)
21593
#: serverguide/C/mail.xml:1398(command)
21595
21594
msgid ""
21596
21595
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21597
21596
msgstr ""
21598
21597
21599
#: serverguide/C/mail.xml:1342(para)
21598
#: serverguide/C/mail.xml:1401(para)
21600
21599
msgid ""
21601
21600
"If some packages are not found, check that the "
21602
21601
"<emphasis>multiverse</emphasis> repository is enabled in "
21603
21602
"<filename>/etc/apt/sources.list</filename>"
21604
21603
msgstr ""
21605
21604
21606
#: serverguide/C/mail.xml:1343(para)
21605
#: serverguide/C/mail.xml:1402(para)
21607
21606
msgid ""
21608
21607
"If you make changes to the file, be sure to run <command>sudo apt-get "
21609
21608
"update</command> before trying to install again."
21610
21609
msgstr ""
21611
21610
21612
#: serverguide/C/mail.xml:1348(para)
21611
#: serverguide/C/mail.xml:1407(para)
21613
21612
msgid "Now configure everything to work together and filter email."
21614
21613
msgstr ""
21615
21614
21616
#: serverguide/C/mail.xml:1352(title)
21615
#: serverguide/C/mail.xml:1411(title)
21617
21616
msgid "ClamAV"
21618
21617
msgstr ""
21619
21618
21620
#: serverguide/C/mail.xml:1353(para)
21619
#: serverguide/C/mail.xml:1412(para)
21621
21620
msgid ""
21622
21621
"The default behaviour of <application>ClamAV</application> will fit our "
21623
21622
"needs. For more ClamAV configuration options, check the configuration files "
21624
21623
"in <filename>/etc/clamav</filename>."
21625
21624
msgstr ""
21626
21625
21627
#: serverguide/C/mail.xml:1358(para)
21626
#: serverguide/C/mail.xml:1417(para)
21628
21627
msgid ""
21629
21628
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21630
21629
"group in order for <application>Amavisd-new</application> to have the "
21631
21630
"appropriate access to scan files:"
21632
21631
msgstr ""
21633
21632
21634
#: serverguide/C/mail.xml:1363(command)
21633
#: serverguide/C/mail.xml:1422(command)
21635
21634
msgid "sudo adduser clamav amavis"
21636
21635
msgstr ""
21637
21636
21638
#: serverguide/C/mail.xml:1364(command)
21637
#: serverguide/C/mail.xml:1423(command)
21639
21638
msgid "sudo adduser amavis clamav"
21640
21639
msgstr ""
21641
21640
21642
#: serverguide/C/mail.xml:1368(title)
21641
#: serverguide/C/mail.xml:1427(title)
21643
21642
msgid "Spamassassin"
21644
21643
msgstr ""
21645
21644
21646
#: serverguide/C/mail.xml:1369(para)
21645
#: serverguide/C/mail.xml:1428(para)
21647
21646
msgid ""
21648
21647
"Spamassassin automatically detects optional components and will use them if "
21649
21648
"they are present. This means that there is no need to configure "
21650
21649
"<application>pyzor</application> and <application>razor</application>."
21651
21650
msgstr ""
21652
21651
21653
#: serverguide/C/mail.xml:1373(para)
21652
#: serverguide/C/mail.xml:1432(para)
21654
21653
msgid ""
21655
21654
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21656
21655
"<application>Spamassassin</application> daemon. Change "
21657
21656
"<emphasis>ENABLED=0</emphasis> to:"
21658
21657
msgstr ""
21659
21658
21660
#: serverguide/C/mail.xml:1377(programlisting)
21659
#: serverguide/C/mail.xml:1436(programlisting)
21661
21660
#, no-wrap
21662
21661
msgid ""
21663
21662
"\n"
21664
21663
"ENABLED=1\n"
21665
21664
msgstr ""
21666
21665
21667
#: serverguide/C/mail.xml:1380(para)
21666
#: serverguide/C/mail.xml:1439(para)
21668
21667
msgid "Now start the daemon:"
21669
21668
msgstr ""
21670
21669
21672
21671
msgid "sudo service spamassassin start"
21673
21672
msgstr ""
21674
21673
21675
#: serverguide/C/mail.xml:1388(title)
21674
#: serverguide/C/mail.xml:1447(title)
21676
21675
msgid "Amavisd-new"
21677
21676
msgstr ""
21678
21677
21679
#: serverguide/C/mail.xml:1389(para)
21678
#: serverguide/C/mail.xml:1448(para)
21680
21679
msgid ""
21681
21680
"First activate spam and antivirus detection in <application>Amavisd-"
21682
21681
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
21683
21682
"content_filter_mode</filename>:"
21684
21683
msgstr ""
21685
21684
21686
#: serverguide/C/mail.xml:1393(programlisting)
21685
#: serverguide/C/mail.xml:1452(programlisting)
21687
21686
#, no-wrap
21688
21687
msgid ""
21689
21688
"\n"
21714
21713
"1; # insure a defined return\n"
21715
21714
msgstr ""
21716
21715
21717
#: serverguide/C/mail.xml:1419(para)
21716
#: serverguide/C/mail.xml:1477(para)
21718
21717
msgid ""
21719
21718
"Bouncing spam can be a bad idea as the return address is often faked. The "
21720
21719
"default behaviour is to instead discard. This is configured in "
21723
21722
"D_BOUNCE."
21724
21723
msgstr ""
21725
21724
21726
#: serverguide/C/mail.xml:1425(para)
21725
#: serverguide/C/mail.xml:1483(para)
21727
21726
msgid ""
21728
21727
"Additionally, you may want to adjust the following options to flag more "
21729
21728
"messages as spam:"
21730
21729
msgstr ""
21731
21730
21732
#: serverguide/C/mail.xml:1429(programlisting)
21731
#: serverguide/C/mail.xml:1487(programlisting)
21733
21732
#, no-wrap
21734
21733
msgid ""
21735
21734
"\n"
21740
21739
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
21741
21740
msgstr ""
21742
21741
21743
#: serverguide/C/mail.xml:1436(para)
21742
#: serverguide/C/mail.xml:1494(para)
21744
21743
msgid ""
21745
21744
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
21746
21745
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
21749
21748
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
21750
21749
msgstr ""
21751
21750
21752
#: serverguide/C/mail.xml:1443(programlisting)
21751
#: serverguide/C/mail.xml:1501(programlisting)
21753
21752
#, no-wrap
21754
21753
msgid ""
21755
21754
"\n"
21757
21756
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
21758
21757
msgstr ""
21759
21758
21760
#: serverguide/C/mail.xml:1448(para)
21759
#: serverguide/C/mail.xml:1506(para)
21761
21760
msgid ""
21762
21761
"If you want to cover multiple domains you can use the following in "
21763
21762
"the<filename>/etc/amavis/conf.d/50-user</filename>"
21764
21763
msgstr ""
21765
21764
21766
#: serverguide/C/mail.xml:1451(programlisting)
21765
#: serverguide/C/mail.xml:1509(programlisting)
21767
21766
#, no-wrap
21768
21767
msgid ""
21769
21768
"\n"
21770
21769
"@local_domains_acl = qw(.);\n"
21771
21770
msgstr ""
21772
21771
21773
#: serverguide/C/mail.xml:1455(para)
21772
#: serverguide/C/mail.xml:1513(para)
21774
21773
msgid ""
21775
21774
"After configuration <application>Amavisd-new</application> needs to be "
21776
21775
"restarted:"
21780
21779
msgid "sudo service amavis restart"
21781
21780
msgstr ""
21782
21781
21783
#: serverguide/C/mail.xml:1462(title)
21782
#: serverguide/C/mail.xml:1520(title)
21784
21783
msgid "DKIM Whitelist"
21785
21784
msgstr ""
21786
21785
21787
#: serverguide/C/mail.xml:1464(para)
21786
#: serverguide/C/mail.xml:1522(para)
21788
21787
msgid ""
21789
21788
"<application>Amavisd-new</application> can be configured to automatically "
21790
21789
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
21792
21791
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21793
21792
msgstr ""
21794
21793
21795
#: serverguide/C/mail.xml:1470(para)
21794
#: serverguide/C/mail.xml:1528(para)
21796
21795
msgid "There are multiple ways to configure the Whitelist for a domain:"
21797
21796
msgstr ""
21798
21797
21799
#: serverguide/C/mail.xml:1476(para)
21798
#: serverguide/C/mail.xml:1534(para)
21800
21799
msgid ""
21801
21800
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21802
21801
"address from the \"example.com\" domain."
21803
21802
msgstr ""
21804
21803
21805
#: serverguide/C/mail.xml:1481(para)
21804
#: serverguide/C/mail.xml:1539(para)
21806
21805
msgid ""
21807
21806
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21808
21807
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21809
21808
"have a valid signature."
21810
21809
msgstr ""
21811
21810
21812
#: serverguide/C/mail.xml:1487(para)
21811
#: serverguide/C/mail.xml:1545(para)
21813
21812
msgid ""
21814
21813
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21815
21814
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21816
21815
"role=\"italic\">example.com</emphasis> the parent domain."
21817
21816
msgstr ""
21818
21817
21819
#: serverguide/C/mail.xml:1493(para)
21818
#: serverguide/C/mail.xml:1551(para)
21820
21819
msgid ""
21821
21820
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21822
21821
"that have a valid signature from \"example.com\". This is usually used for "
21823
21822
"discussion groups that sign their messages."
21824
21823
msgstr ""
21825
21824
21826
#: serverguide/C/mail.xml:1500(para)
21825
#: serverguide/C/mail.xml:1558(para)
21827
21826
msgid ""
21828
21827
"A domain can also have multiple Whitelist configurations. After editing the "
21829
21828
"file, restart <application>amavisd-new</application>:"
21830
21829
msgstr ""
21831
21830
21832
#: serverguide/C/mail.xml:1510(para)
21831
#: serverguide/C/mail.xml:1568(para)
21833
21832
msgid ""
21834
21833
"In this context, once a domain has been added to the Whitelist the message "
21835
21834
"will not receive any anti-virus or spam filtering. This may or may not be "
21836
21835
"the intended behavior you wish for a domain."
21837
21836
msgstr ""
21838
21837
21839
#: serverguide/C/mail.xml:1520(para)
21838
#: serverguide/C/mail.xml:1578(para)
21840
21839
msgid ""
21841
21840
"For <application>Postfix</application> integration, enter the following from "
21842
21841
"a terminal prompt:"
21843
21842
msgstr ""
21844
21843
21845
#: serverguide/C/mail.xml:1524(command)
21844
#: serverguide/C/mail.xml:1582(command)
21846
21845
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21847
21846
msgstr ""
21848
21847
21849
#: serverguide/C/mail.xml:1526(para)
21848
#: serverguide/C/mail.xml:1584(para)
21850
21849
msgid ""
21851
21850
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21852
21851
"to the end of the file:"
21885
21884
"_milters\n"
21886
21885
msgstr ""
21887
21886
21888
#: serverguide/C/mail.xml:1556(para)
21887
#: serverguide/C/mail.xml:1614(para)
21889
21888
msgid ""
21890
21889
"Also add the following two lines immediately below the "
21891
21890
"<emphasis>\"pickup\"</emphasis> transport service:"
21892
21891
msgstr ""
21893
21892
21894
#: serverguide/C/mail.xml:1559(programlisting)
21893
#: serverguide/C/mail.xml:1617(programlisting)
21895
21894
#, no-wrap
21896
21895
msgid ""
21897
21896
"\n"
21899
21898
" -o receive_override_options=no_header_body_checks\n"
21900
21899
msgstr ""
21901
21900
21902
#: serverguide/C/mail.xml:1563(para)
21901
#: serverguide/C/mail.xml:1621(para)
21903
21902
msgid ""
21904
21903
"This will prevent messages that are generated to report on spam from being "
21905
21904
"classified as spam."
21906
21905
msgstr ""
21907
21906
21908
#: serverguide/C/mail.xml:1566(para)
21907
#: serverguide/C/mail.xml:1624(para)
21909
21908
msgid "Now restart <application>Postfix</application>:"
21910
21909
msgstr ""
21911
21910
21912
#: serverguide/C/mail.xml:1572(para)
21911
#: serverguide/C/mail.xml:1630(para)
21913
21912
msgid "Content filtering with spam and virus detection is now enabled."
21914
21913
msgstr ""
21915
21914
21916
#: serverguide/C/mail.xml:1578(title)
21915
#: serverguide/C/mail.xml:1636(title)
21917
21916
msgid "Amavisd-new and Spamassassin"
21918
21917
msgstr ""
21919
21918
21920
#: serverguide/C/mail.xml:1580(para)
21919
#: serverguide/C/mail.xml:1638(para)
21921
21920
msgid ""
21922
21921
"When integrating <application>Amavisd-new</application> with "
21923
21922
"<application>Spamassassin</application>, if you choose to disable the bayes "
21928
21927
"<application>cron</application> job."
21929
21928
msgstr ""
21930
21929
21931
#: serverguide/C/mail.xml:1587(para)
21930
#: serverguide/C/mail.xml:1645(para)
21932
21931
msgid "There are several ways to handle this situation:"
21933
21932
msgstr ""
21934
21933
21935
#: serverguide/C/mail.xml:1593(para)
21934
#: serverguide/C/mail.xml:1651(para)
21936
21935
msgid "Configure your MDA to filter messages you do not wish to see."
21937
21936
msgstr ""
21938
21937
21939
#: serverguide/C/mail.xml:1598(para)
21938
#: serverguide/C/mail.xml:1656(para)
21940
21939
msgid ""
21941
21940
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
21942
21941
"<emphasis>use_bayes 0</emphasis>. For example, edit "
21944
21943
"the top before the <emphasis>test</emphasis> statements:"
21945
21944
msgstr ""
21946
21945
21947
#: serverguide/C/mail.xml:1602(programlisting)
21946
#: serverguide/C/mail.xml:1660(programlisting)
21948
21947
#, no-wrap
21949
21948
msgid ""
21950
21949
"\n"
21952
21951
"exit 0\n"
21953
21952
msgstr ""
21954
21953
21955
#: serverguide/C/mail.xml:1612(para)
21954
#: serverguide/C/mail.xml:1670(para)
21956
21955
msgid ""
21957
21956
"First, test that the <application>Amavisd-new</application> SMTP is "
21958
21957
"listening:"
21959
21958
msgstr ""
21960
21959
21961
#: serverguide/C/mail.xml:1615(programlisting)
21960
#: serverguide/C/mail.xml:1673(programlisting)
21962
21961
#, no-wrap
21963
21962
msgid ""
21964
21963
"\n"
21970
21969
"^]\n"
21971
21970
msgstr ""
21972
21971
21973
#: serverguide/C/mail.xml:1623(para)
21972
#: serverguide/C/mail.xml:1681(para)
21974
21973
msgid ""
21975
21974
"In the Header of messages that go through the content filter you should see:"
21976
21975
msgstr ""
21977
21976
21978
#: serverguide/C/mail.xml:1626(programlisting)
21977
#: serverguide/C/mail.xml:1684(programlisting)
21979
21978
#, no-wrap
21980
21979
msgid ""
21981
21980
"\n"
21986
21985
"X-Spam-Level: \n"
21987
21986
msgstr ""
21988
21987
21989
#: serverguide/C/mail.xml:1633(para)
21988
#: serverguide/C/mail.xml:1691(para)
21990
21989
msgid ""
21991
21990
"Your output will vary, but the important thing is that there are <emphasis>X-"
21992
21991
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21993
21992
msgstr ""
21994
21993
21995
#: serverguide/C/mail.xml:1641(para)
21994
#: serverguide/C/mail.xml:1699(para)
21996
21995
msgid ""
21997
21996
"The best way to figure out why something is going wrong is to check the log "
21998
21997
"files."
21999
21998
msgstr ""
22000
21999
22001
#: serverguide/C/mail.xml:1646(para)
22000
#: serverguide/C/mail.xml:1704(para)
22002
22001
msgid ""
22003
22002
"For instructions on <application>Postfix</application> logging see the <xref "
22004
22003
"linkend=\"postfix-troubleshooting\"/> section."
22005
22004
msgstr ""
22006
22005
22007
#: serverguide/C/mail.xml:1652(para)
22006
#: serverguide/C/mail.xml:1710(para)
22008
22007
msgid ""
22009
22008
"<application>Amavisd-new</application> uses "
22010
22009
"<application>Syslog</application> to send messages to "
22014
22013
"1 to 5."
22015
22014
msgstr ""
22016
22015
22017
#: serverguide/C/mail.xml:1657(programlisting)
22016
#: serverguide/C/mail.xml:1715(programlisting)
22018
22017
#, no-wrap
22019
22018
msgid ""
22020
22019
"\n"
22021
22020
"$log_level = 2;\n"
22022
22021
msgstr ""
22023
22022
22024
#: serverguide/C/mail.xml:1661(para)
22023
#: serverguide/C/mail.xml:1719(para)
22025
22024
msgid ""
22026
22025
"When the <application>Amavisd-new</application> log output is increased "
22027
22026
"<application>Spamassassin</application> log output is also increased."
22028
22027
msgstr ""
22029
22028
22030
#: serverguide/C/mail.xml:1668(para)
22029
#: serverguide/C/mail.xml:1726(para)
22031
22030
msgid ""
22032
22031
"The <application>ClamAV</application> log level can be increased by editing "
22033
22032
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
22034
22033
msgstr ""
22035
22034
22036
#: serverguide/C/mail.xml:1672(programlisting)
22035
#: serverguide/C/mail.xml:1730(programlisting)
22037
22036
#, no-wrap
22038
22037
msgid ""
22039
22038
"\n"
22040
22039
"LogVerbose true\n"
22041
22040
msgstr ""
22042
22041
22043
#: serverguide/C/mail.xml:1675(para)
22042
#: serverguide/C/mail.xml:1733(para)
22044
22043
msgid ""
22045
22044
"By default <application>ClamAV</application> will send log messages to "
22046
22045
"<filename>/var/log/clamav/clamav.log</filename>."
22047
22046
msgstr ""
22048
22047
22049
#: serverguide/C/mail.xml:1681(para)
22048
#: serverguide/C/mail.xml:1739(para)
22050
22049
msgid ""
22051
22050
"After changing an applications log settings remember to restart the service "
22052
22051
"for the new settings to take affect. Also, once the issue you are "
22054
22053
"back to normal."
22055
22054
msgstr ""
22056
22055
22057
#: serverguide/C/mail.xml:1689(para)
22056
#: serverguide/C/mail.xml:1747(para)
22058
22057
msgid "For more information on filtering mail see the following links:"
22059
22058
msgstr ""
22060
22059
22061
#: serverguide/C/mail.xml:1695(ulink)
22060
#: serverguide/C/mail.xml:1753(ulink)
22062
22061
msgid "Amavisd-new Documentation"
22063
22062
msgstr ""
22064
22063
22065
#: serverguide/C/mail.xml:1699(para)
22064
#: serverguide/C/mail.xml:1757(para)
22066
22065
msgid ""
22067
22066
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
22068
22067
"Documentation</ulink> and <ulink "
22069
22068
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
22070
22069
msgstr ""
22071
22070
22072
#: serverguide/C/mail.xml:1706(ulink)
22071
#: serverguide/C/mail.xml:1764(ulink)
22073
22072
msgid "Spamassassin Wiki"
22074
22073
msgstr ""
22075
22074
22076
#: serverguide/C/mail.xml:1711(ulink)
22075
#: serverguide/C/mail.xml:1769(ulink)
22077
22076
msgid "Pyzor Homepage"
22078
22077
msgstr ""
22079
22078
22080
#: serverguide/C/mail.xml:1716(ulink)
22079
#: serverguide/C/mail.xml:1774(ulink)
22081
22080
msgid "Razor Homepage"
22082
22081
msgstr ""
22083
22082
22084
#: serverguide/C/mail.xml:1721(ulink)
22083
#: serverguide/C/mail.xml:1779(ulink)
22085
22084
msgid "DKIM.org"
22086
22085
msgstr ""
22087
22086
22088
#: serverguide/C/mail.xml:1726(ulink)
22087
#: serverguide/C/mail.xml:1784(ulink)
22089
22088
msgid "Postfix Amavis New"
22090
22089
msgstr ""
22091
22090
22092
#: serverguide/C/mail.xml:1730(para)
22091
#: serverguide/C/mail.xml:1788(para)
22093
22092
msgid ""
22094
22093
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
22095
22094
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22194
22193
22195
22194
#: serverguide/C/lamp-applications.xml:104(para)
22196
22195
msgid ""
22197
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
22196
"MoinMoin is a wiki engine implemented in Python, based on the PikiPiki Wiki "
22198
22197
"engine, and licensed under the GNU GPL."
22199
22198
msgstr ""
22200
"MoinMoin adalah sebuah sistem Wiki yang diimplementasikan menggunakan "
22201
"Python, berdasarkan sistem Wiki PikiPiki, dan berlisensi GNU GPL."
22202
22199
22203
22200
#: serverguide/C/lamp-applications.xml:112(para)
22204
22201
msgid ""
22215
22212
#: serverguide/C/lamp-applications.xml:121(para)
22216
22213
msgid ""
22217
22214
"You should also install <application>apache2</application> web server. For "
22218
"installing <application>apache2</application> web server, please refer to "
22219
"<xref linkend=\"http-installation\"/> sub-section in <xref "
22215
"installing the <application>apache2</application> web server, please refer "
22216
"to <xref linkend=\"http-installation\"/> sub-section in <xref "
22220
22217
"linkend=\"httpd\"/> section."
22221
22218
msgstr ""
22222
"Anda juga sebaiknya menginstal server web<application>apache2</application>. "
22223
"Untuk menginstal server web <application>apache2</application>, silakan "
22224
"ikuti sub-seksi <xref linkend=\"http-installation\"/> di bagian <xref "
22225
"linkend=\"httpd\"/>."
22226
22219
22227
22220
#: serverguide/C/lamp-applications.xml:132(para)
22228
22221
msgid ""
22229
"For configuring your first Wiki application, please run the following set of "
22230
"commands. Let us assume that you are creating a Wiki named "
22222
"To configure your first wiki application, please run the following set of "
22223
"commands. Let us assume that you are creating a wiki named "
22231
22224
"<emphasis>mywiki</emphasis>:"
22232
22225
msgstr ""
22233
"Untuk mengkonfigurasi aplikasi Wiki anda yang pertama, jalankan beberapa "
22234
"perintah berikut ini. Diasumsikan <emphasis>mywiki</emphasis> adalah nama "
22235
"Wiki yang anda buat :"
22236
22226
22237
22227
#: serverguide/C/lamp-applications.xml:139(command)
22238
22228
msgid "cd /usr/share/moin"
22269
22259
#: serverguide/C/lamp-applications.xml:149(para)
22270
22260
msgid ""
22271
22261
"Now you should configure <application>MoinMoin</application> to find your "
22272
"new Wiki <emphasis>mywiki</emphasis>. To configure "
22262
"new wiki <emphasis>mywiki</emphasis>. To configure "
22273
22263
"<application>MoinMoin</application>, open "
22274
22264
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
22275
22265
msgstr ""
22276
"Kini anda dapat mengkonfigurasi <application>MoinMoin</application> untuk "
22277
"menemukan Wiki <emphasis>mywiki</emphasis> baru anda. Untuk mengkonfigurasi "
22278
"<application>MoinMoin</application>, buka file "
22279
"<filename>/etc/moin/mywiki.py</filename> dan sesuaikan beberapa baris "
22280
"berikut ini :"
22281
22266
22282
22267
#: serverguide/C/lamp-applications.xml:157(programlisting)
22283
22268
#, no-wrap
22308
22293
22309
22294
#: serverguide/C/lamp-applications.xml:174(para)
22310
22295
msgid ""
22311
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
22296
"If the <filename>/etc/moin/mywiki.py</filename> file does not exist, you "
22312
22297
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
22313
22298
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
22314
22299
"mentioned change."
22316
22301
22317
22302
#: serverguide/C/lamp-applications.xml:182(para)
22318
22303
msgid ""
22319
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
22304
"If you have named your wiki as <emphasis>my_wiki_name</emphasis> you should "
22320
22305
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
22321
22306
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
22322
22307
"<quote>(\"mywiki\", r\".*\")</quote>."
22323
22308
msgstr ""
22324
"Jika anda telah memberi nama Wiki anda dengan "
22325
"<emphasis>my_wiki_name</emphasis> anda harus menambahkan baris "
22326
"<quote>(\"my_wiki_name\", r\".*\")</quote> pada file "
22327
"<filename>/etc/moin/farmconfig.py</filename> setelah baris "
22328
"<quote>(\"mywiki\", r\".*\")</quote>."
22329
22309
22330
22310
#: serverguide/C/lamp-applications.xml:190(para)
22331
22311
msgid ""
22332
22312
"Once you have configured <application>MoinMoin</application> to find your "
22333
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
22334
"<application>apache2</application> and make it ready for your Wiki "
22335
"application."
22313
"first wiki application, <emphasis>mywiki</emphasis>, you should configure "
22314
"<application>apache2</application> and make it ready for your wiki."
22336
22315
msgstr ""
22337
"Setelah anda mengkonfigurasi <application>MoinMoin</application> untuk dapat "
22338
"menggunakan aplikasi Wiki <emphasis>mywiki</emphasis> anda yang pertama, "
22339
"anda juga harus mengkonfigurasi <application>apache2</application> dan "
22340
"membuatnya siap digunakan untuk aplikasi Wiki anda."
22341
22316
22342
22317
#: serverguide/C/lamp-applications.xml:197(para)
22343
22318
msgid ""
22352
22327
"\n"
22353
22328
"### moin\n"
22354
22329
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
22355
" alias /moin_static193 \"/usr/share/moin/htdocs\"\n"
22330
" alias /moin_static<version> \"/usr/share/moin/htdocs\"\n"
22356
22331
" <Directory /usr/share/moin/htdocs>\n"
22357
22332
" Order allow,deny\n"
22358
22333
" allow from all\n"
22361
22336
msgstr ""
22362
22337
22363
22338
#: serverguide/C/lamp-applications.xml:214(para)
22339
msgid "The version in the above example is determined by running:"
22340
msgstr ""
22341
22342
#: serverguide/C/lamp-applications.xml:218(programlisting)
22343
#, no-wrap
22344
msgid ""
22345
"\n"
22346
"$ moin --version\n"
22347
msgstr ""
22348
22349
#: serverguide/C/lamp-applications.xml:222(para)
22350
msgid "If the output shows version 1.9.7, your second line should be:"
22351
msgstr ""
22352
22353
#: serverguide/C/lamp-applications.xml:226(programlisting)
22354
#, no-wrap
22355
msgid ""
22356
"\n"
22357
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
22358
msgstr ""
22359
22360
#: serverguide/C/lamp-applications.xml:230(para)
22364
22361
msgid ""
22365
22362
"Once you configure the <application>apache2</application> web server and "
22366
"make it ready for your Wiki application, you should restart it. You can run "
22363
"make it ready for your wiki application, you should restart it. You can run "
22367
22364
"the following command to restart the <application>apache2</application> web "
22368
22365
"server:"
22369
22366
msgstr ""
22370
"Setelah anda mengonfigurasi server web <application>apache2</application> "
22371
"dan membuatnya siap untuk aplikasi Wiki anda, maka langkah selanjutnya anda "
22372
"harus start ulang. Anda dapat menjalankan perintah ini untuk start ulang "
22373
"server server<application>apache2</application>."
22374
22367
22375
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
22368
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1315(title)
22376
22369
msgid "Verification"
22377
22370
msgstr "Memastikan"
22378
22371
22379
#: serverguide/C/lamp-applications.xml:229(para)
22372
#: serverguide/C/lamp-applications.xml:245(para)
22380
22373
msgid ""
22381
22374
"You can verify the Wiki application and see if it works by pointing your web "
22382
22375
"browser to the following URL:"
22384
22377
"Anda dapat memastikan bahwa Aplikasi Wiki anda telah berjalan dengan cara "
22385
22378
"mengakses URL berikut ini pada web browser anda :"
22386
22379
22387
#: serverguide/C/lamp-applications.xml:233(programlisting)
22380
#: serverguide/C/lamp-applications.xml:249(programlisting)
22388
22381
#, no-wrap
22389
22382
msgid ""
22390
22383
"\n"
22393
22386
"\n"
22394
22387
"http://localhost/mywiki\n"
22395
22388
22396
#: serverguide/C/lamp-applications.xml:237(para)
22389
#: serverguide/C/lamp-applications.xml:253(para)
22397
22390
msgid ""
22398
22391
"For more details, please refer to the <ulink "
22399
22392
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
22400
22393
msgstr ""
22401
22394
22402
#: serverguide/C/lamp-applications.xml:248(para)
22395
#: serverguide/C/lamp-applications.xml:264(para)
22403
22396
msgid ""
22404
22397
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
22405
22398
"Wiki</ulink>."
22406
22399
msgstr ""
22407
22400
22408
#: serverguide/C/lamp-applications.xml:253(para)
22401
#: serverguide/C/lamp-applications.xml:269(para)
22409
22402
msgid ""
22410
22403
"Also, see the <ulink "
22411
22404
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
22412
22405
"MoinMoin</ulink> page."
22413
22406
msgstr ""
22414
22407
22415
#: serverguide/C/lamp-applications.xml:262(title)
22408
#: serverguide/C/lamp-applications.xml:278(title)
22416
22409
msgid "MediaWiki"
22417
22410
msgstr "MediaWiki"
22418
22411
22419
#: serverguide/C/lamp-applications.xml:264(para)
22412
#: serverguide/C/lamp-applications.xml:280(para)
22420
22413
msgid ""
22421
22414
"MediaWiki is an web based Wiki software written in the PHP language. It can "
22422
22415
"either use <application>MySQL</application> or "
22426
22419
"bahasa PHP. MediaWiki dapat menggunakan Sistem Manajemen Basisdata "
22427
22420
"<application>MySQL</application> atau <application>PostgreSQL</application>."
22428
22421
22429
#: serverguide/C/lamp-applications.xml:274(para)
22422
#: serverguide/C/lamp-applications.xml:290(para)
22430
22423
msgid ""
22431
22424
"Before installing <application>MediaWiki</application> you should also "
22432
22425
"install <application>Apache2</application>, the "
22437
22430
"installation instructions."
22438
22431
msgstr ""
22439
22432
22440
#: serverguide/C/lamp-applications.xml:282(para)
22433
#: serverguide/C/lamp-applications.xml:298(para)
22441
22434
msgid ""
22442
22435
"To install <application>MediaWiki</application>, run the following command "
22443
22436
"in the command prompt:"
22445
22438
"Untuk menginstal <application>MediaWiki</application>, jalankan perintah "
22446
22439
"berikut ini pada baris perintah :"
22447
22440
22448
#: serverguide/C/lamp-applications.xml:288(command)
22441
#: serverguide/C/lamp-applications.xml:304(command)
22449
22442
msgid "sudo apt-get install mediawiki php5-gd"
22450
22443
msgstr "sudo apt-get install mediawiki php5-gd"
22451
22444
22452
#: serverguide/C/lamp-applications.xml:291(para)
22445
#: serverguide/C/lamp-applications.xml:307(para)
22453
22446
msgid ""
22454
22447
"For additional <application>MediaWiki</application> functionality see the "
22455
22448
"<application>mediawiki-extensions</application> package."
22456
22449
msgstr ""
22457
22450
22458
#: serverguide/C/lamp-applications.xml:301(para)
22451
#: serverguide/C/lamp-applications.xml:317(para)
22459
22452
msgid ""
22460
22453
"The Apache configuration file <filename>mediawiki.conf</filename> for "
22461
22454
"<application>MediaWiki</application> is installed in "
22464
22457
"file."
22465
22458
msgstr ""
22466
22459
22467
#: serverguide/C/lamp-applications.xml:309(screen)
22460
#: serverguide/C/lamp-applications.xml:324(screen)
22468
22461
#, no-wrap
22469
22462
msgid ""
22470
22463
"\n"
22471
22464
"# Alias /mediawiki /var/lib/mediawiki\n"
22472
22465
msgstr ""
22473
22466
22474
#: serverguide/C/lamp-applications.xml:312(para)
22467
#: serverguide/C/lamp-applications.xml:328(para)
22475
22468
msgid ""
22476
22469
"The <application>MediaWiki</application> configuration also needs to be "
22477
22470
"enabled."
22478
22471
msgstr ""
22479
22472
22480
#: serverguide/C/lamp-applications.xml:316(command)
22473
#: serverguide/C/lamp-applications.xml:332(command)
22481
22474
msgid "sudo a2enconf mediawiki.conf"
22482
22475
msgstr ""
22483
22476
22484
#: serverguide/C/lamp-applications.xml:319(para)
22477
#: serverguide/C/lamp-applications.xml:335(para)
22485
22478
msgid "Restart Apache server."
22486
22479
msgstr ""
22487
22480
22488
#: serverguide/C/lamp-applications.xml:326(para)
22481
#: serverguide/C/lamp-applications.xml:342(para)
22489
22482
msgid ""
22490
22483
"Access <application>MediaWiki</application> by visiting <ulink "
22491
22484
"url=\"http://localhost/mediawiki/mw-"
22495
22488
"config/index.php</ulink> if your server has no GUI.)"
22496
22489
msgstr ""
22497
22490
22498
#: serverguide/C/lamp-applications.xml:334(para)
22491
#: serverguide/C/lamp-applications.xml:350(para)
22499
22492
msgid ""
22500
22493
"Please read the <quote>Environmental checks</quote> section of the "
22501
22494
"configuration page. You should be able to fix many issues by carefully "
22502
22495
"reading this section."
22503
22496
msgstr ""
22504
22497
22505
#: serverguide/C/lamp-applications.xml:330(para)
22498
#: serverguide/C/lamp-applications.xml:357(para)
22506
22499
msgid ""
22507
22500
"Once the configuration is complete, you should copy the "
22508
22501
"<filename>LocalSettings.php</filename> file to "
22509
22502
"<filename>/etc/mediawiki</filename> directory:"
22510
22503
msgstr ""
22511
22504
22512
#: serverguide/C/lamp-applications.xml:337(command)
22505
#: serverguide/C/lamp-applications.xml:364(command)
22513
22506
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22514
22507
msgstr ""
22515
22508
22516
#: serverguide/C/lamp-applications.xml:340(para)
22509
#: serverguide/C/lamp-applications.xml:367(para)
22517
22510
msgid ""
22518
22511
"You may also want to edit "
22519
22512
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22520
22513
"memory limit (disabled by default):"
22521
22514
msgstr ""
22522
22515
22523
#: serverguide/C/lamp-applications.xml:345(programlisting)
22516
#: serverguide/C/lamp-applications.xml:372(programlisting)
22524
22517
#, no-wrap
22525
22518
msgid ""
22526
22519
"\n"
22527
22520
"ini_set( 'memory_limit', '64M' );\n"
22528
22521
msgstr ""
22529
22522
22530
#: serverguide/C/lamp-applications.xml:352(title)
22523
#: serverguide/C/lamp-applications.xml:379(title)
22531
22524
msgid "Extensions"
22532
22525
msgstr ""
22533
22526
22534
#: serverguide/C/lamp-applications.xml:353(para)
22527
#: serverguide/C/lamp-applications.xml:380(para)
22535
22528
msgid ""
22536
22529
"The extensions add new features and enhancements for the MediaWiki "
22537
22530
"application. The extensions give wiki administrators and end users the "
22538
22531
"ability to customize MediaWiki to their requirements."
22539
22532
msgstr ""
22540
22533
22541
#: serverguide/C/lamp-applications.xml:359(para)
22534
#: serverguide/C/lamp-applications.xml:386(para)
22542
22535
msgid ""
22543
22536
"You can download MediaWiki extensions as an archive file or checkout from "
22544
22537
"the Subversion repository. You should copy it to "
22547
22540
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
22548
22541
msgstr ""
22549
22542
22550
#: serverguide/C/lamp-applications.xml:367(programlisting)
22543
#: serverguide/C/lamp-applications.xml:394(programlisting)
22551
22544
#, no-wrap
22552
22545
msgid ""
22553
22546
"\n"
22554
22547
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
22555
22548
msgstr ""
22556
22549
22557
#: serverguide/C/lamp-applications.xml:377(para)
22550
#: serverguide/C/lamp-applications.xml:404(para)
22558
22551
msgid ""
22559
22552
"For more details, please refer to the <ulink "
22560
22553
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22562
22555
"Untuk detail lebih lanjut, silakan merujuk ke website <ulink "
22563
22556
"url=\"http://www.mediawiki.org\">MediaWiki</ulink>"
22564
22557
22565
#: serverguide/C/lamp-applications.xml:394(para)
22558
#: serverguide/C/lamp-applications.xml:410(para)
22566
22559
msgid ""
22567
22560
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22568
22561
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22569
22562
"new MediaWiki administrators."
22570
22563
msgstr ""
22571
22564
22572
#: serverguide/C/lamp-applications.xml:389(para)
22565
#: serverguide/C/lamp-applications.xml:416(para)
22573
22566
msgid ""
22574
22567
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
22575
22568
"Wiki MediaWiki</ulink> page is a good resource."
22576
22569
msgstr ""
22577
22570
22578
#: serverguide/C/lamp-applications.xml:399(title)
22571
#: serverguide/C/lamp-applications.xml:426(title)
22579
22572
msgid "phpMyAdmin"
22580
22573
msgstr ""
22581
22574
22582
#: serverguide/C/lamp-applications.xml:401(para)
22575
#: serverguide/C/lamp-applications.xml:428(para)
22583
22576
msgid ""
22584
22577
"<application>phpMyAdmin</application> is a LAMP application specifically "
22585
22578
"written for administering <application>MySQL</application> servers. Written "
22587
22580
"phpMyAdmin provides a graphical interface for database administration tasks."
22588
22581
msgstr ""
22589
22582
22590
#: serverguide/C/lamp-applications.xml:410(para)
22583
#: serverguide/C/lamp-applications.xml:437(para)
22591
22584
msgid ""
22592
22585
"Before installing <application>phpMyAdmin</application> you will need access "
22593
22586
"to a <application>MySQL</application> database either on the same host as "
22596
22589
"enter:"
22597
22590
msgstr ""
22598
22591
22599
#: serverguide/C/lamp-applications.xml:417(command)
22592
#: serverguide/C/lamp-applications.xml:444(command)
22600
22593
msgid "sudo apt-get install phpmyadmin"
22601
22594
msgstr ""
22602
22595
22603
#: serverguide/C/lamp-applications.xml:420(para)
22596
#: serverguide/C/lamp-applications.xml:447(para)
22604
22597
msgid ""
22605
22598
"At the prompt choose which web server to be configured for "
22606
22599
"<application>phpMyAdmin</application>. The rest of this section will use "
22607
22600
"<application>Apache2</application> for the web server."
22608
22601
msgstr ""
22609
22602
22610
#: serverguide/C/lamp-applications.xml:436(para)
22603
#: serverguide/C/lamp-applications.xml:452(para)
22611
22604
msgid ""
22612
22605
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
22613
22606
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
22617
22610
"user's password."
22618
22611
msgstr ""
22619
22612
22620
#: serverguide/C/lamp-applications.xml:432(para)
22613
#: serverguide/C/lamp-applications.xml:459(para)
22621
22614
msgid ""
22622
22615
"Once logged in you can reset the <emphasis>root</emphasis> password if "
22623
22616
"needed, create users, create/destroy databases and tables, etc."
22624
22617
msgstr ""
22625
22618
22626
#: serverguide/C/lamp-applications.xml:440(para)
22619
#: serverguide/C/lamp-applications.xml:467(para)
22627
22620
msgid ""
22628
22621
"The configuration files for <application>phpMyAdmin</application> are "
22629
22622
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
22632
22625
"<application>phpMyAdmin</application>."
22633
22626
msgstr ""
22634
22627
22635
#: serverguide/C/lamp-applications.xml:446(para)
22628
#: serverguide/C/lamp-applications.xml:473(para)
22636
22629
msgid ""
22637
22630
"To use <application>phpMyAdmin</application> to administer a MySQL database "
22638
22631
"hosted on another server, adjust the following in "
22639
22632
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
22640
22633
msgstr ""
22641
22634
22642
#: serverguide/C/lamp-applications.xml:451(programlisting)
22635
#: serverguide/C/lamp-applications.xml:478(programlisting)
22643
22636
#, no-wrap
22644
22637
msgid ""
22645
22638
"\n"
22646
22639
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
22647
22640
msgstr ""
22648
22641
22649
#: serverguide/C/lamp-applications.xml:456(para)
22642
#: serverguide/C/lamp-applications.xml:483(para)
22650
22643
msgid ""
22651
22644
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
22652
22645
"remote database server name or IP address. Also, be sure that the "
22654
22647
"remote database."
22655
22648
msgstr ""
22656
22649
22657
#: serverguide/C/lamp-applications.xml:462(para)
22650
#: serverguide/C/lamp-applications.xml:489(para)
22658
22651
msgid ""
22659
22652
"Once configured, log out of <application>phpMyAdmin</application> and back "
22660
22653
"in, and you should be accessing the new server."
22661
22654
msgstr ""
22662
22655
22663
#: serverguide/C/lamp-applications.xml:466(para)
22656
#: serverguide/C/lamp-applications.xml:493(para)
22664
22657
msgid ""
22665
22658
"The <filename>config.header.inc.php</filename> and "
22666
22659
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22667
22660
"header and footer to <application>phpMyAdmin</application>."
22668
22661
msgstr ""
22669
22662
22670
#: serverguide/C/lamp-applications.xml:471(para)
22663
#: serverguide/C/lamp-applications.xml:498(para)
22671
22664
msgid ""
22672
22665
"Another important configuration file is "
22673
22666
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22674
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22675
"configure <application>Apache2</application> to serve the "
22676
"<application>phpMyAdmin</application> site. The file contains directives for "
22677
"loading <application>PHP</application>, directory permissions, etc. For more "
22678
"information on configuring <application>Apache2</application> see <xref "
22679
"linkend=\"httpd\"/>."
22680
msgstr ""
22681
22682
#: serverguide/C/lamp-applications.xml:485(para)
22667
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22668
"enabled, is used to configure <application>Apache2</application> to serve "
22669
"the <application>phpMyAdmin</application> site. The file contains directives "
22670
"for loading <application>PHP</application>, directory permissions, etc. From "
22671
"a terminal type:"
22672
msgstr ""
22673
22674
#: serverguide/C/lamp-applications.xml:506(command)
22675
msgid ""
22676
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22677
"available/phpmyadmin.conf"
22678
msgstr ""
22679
22680
#: serverguide/C/lamp-applications.xml:507(command)
22681
msgid "sudo a2enconf phpmyadmin.conf"
22682
msgstr ""
22683
22684
#: serverguide/C/lamp-applications.xml:511(para)
22685
msgid ""
22686
"For more information on configuring <application>Apache2</application> see "
22687
"<xref linkend=\"httpd\"/>."
22688
msgstr ""
22689
22690
#: serverguide/C/lamp-applications.xml:522(para)
22683
22691
msgid ""
22684
22692
"The <application>phpMyAdmin</application> documentation comes installed with "
22685
22693
"the package and can be accessed from the <emphasis>phpMyAdmin "
22688
22696
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22689
22697
msgstr ""
22690
22698
22691
#: serverguide/C/lamp-applications.xml:492(para)
22699
#: serverguide/C/lamp-applications.xml:529(para)
22692
22700
msgid ""
22693
22701
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22694
22702
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22695
22703
msgstr ""
22696
22704
22697
#: serverguide/C/lamp-applications.xml:497(para)
22705
#: serverguide/C/lamp-applications.xml:534(para)
22698
22706
msgid ""
22699
22707
"A third resource is the <ulink "
22700
22708
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22701
22709
"Wiki</ulink> page."
22702
22710
msgstr ""
22703
22711
22704
#: serverguide/C/lamp-applications.xml:517(title)
22712
#: serverguide/C/lamp-applications.xml:543(title)
22705
22713
msgid "WordPress"
22706
22714
msgstr ""
22707
22715
22708
#: serverguide/C/lamp-applications.xml:518(para)
22716
#: serverguide/C/lamp-applications.xml:544(para)
22709
22717
msgid ""
22710
22718
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22711
22719
"licensed under the GNU GPLv2."
22712
22720
msgstr ""
22713
22721
22714
#: serverguide/C/lamp-applications.xml:524(para)
22722
#: serverguide/C/lamp-applications.xml:550(para)
22715
22723
msgid ""
22716
22724
"To install <application>WordPress</application>, run the following comand in "
22717
22725
"the command prompt:"
22718
22726
msgstr ""
22719
22727
22720
#: serverguide/C/lamp-applications.xml:529(command)
22728
#: serverguide/C/lamp-applications.xml:555(command)
22721
22729
msgid "sudo apt-get install wordpress"
22722
22730
msgstr ""
22723
22731
22724
#: serverguide/C/lamp-applications.xml:532(para)
22732
#: serverguide/C/lamp-applications.xml:558(para)
22725
22733
msgid ""
22726
22734
"You should also install <application>apache2</application> web server and "
22727
22735
"<application>mysql</application> server. For installing "
22732
22740
"linkend=\"mysql\"/> section."
22733
22741
msgstr ""
22734
22742
22735
#: serverguide/C/lamp-applications.xml:546(para)
22743
#: serverguide/C/lamp-applications.xml:572(para)
22736
22744
msgid ""
22737
22745
"For configuring your first <application>WordPress</application> application, "
22738
22746
"configure an apache site. Open <filename>/etc/apache2/sites-"
22739
22747
"available/wordpress.conf</filename> and write the following lines:"
22740
22748
msgstr ""
22741
22749
22742
#: serverguide/C/lamp-applications.xml:553(programlisting)
22750
#: serverguide/C/lamp-applications.xml:579(programlisting)
22743
22751
#, no-wrap
22744
22752
msgid ""
22745
22753
"\n"
22759
22767
" "
22760
22768
msgstr ""
22761
22769
22762
#: serverguide/C/lamp-applications.xml:569(para)
22770
#: serverguide/C/lamp-applications.xml:595(para)
22763
22771
msgid "Enable this new <application>WordPress</application> site"
22764
22772
msgstr ""
22765
22773
22766
#: serverguide/C/lamp-applications.xml:572(command)
22774
#: serverguide/C/lamp-applications.xml:598(command)
22767
22775
msgid "sudo a2ensite wordpress"
22768
22776
msgstr ""
22769
22777
22770
#: serverguide/C/lamp-applications.xml:575(para)
22778
#: serverguide/C/lamp-applications.xml:601(para)
22771
22779
msgid ""
22772
22780
"Once you configure the <application>apache2</application> web server and "
22773
22781
"make it ready for your <application>WordPress</application> application, you "
22775
22783
"<application>apache2</application> web server:"
22776
22784
msgstr ""
22777
22785
22778
#: serverguide/C/lamp-applications.xml:587(para)
22786
#: serverguide/C/lamp-applications.xml:613(para)
22779
22787
msgid ""
22780
22788
"To facilitate multiple <application>WordPress</application> installations, "
22781
22789
"the name of this configuration file is based on the Host header of the HTTP "
22788
22796
"NAME_OF_YOUR_VIRTUAL_HOST.php."
22789
22797
msgstr ""
22790
22798
22791
#: serverguide/C/lamp-applications.xml:598(para)
22799
#: serverguide/C/lamp-applications.xml:624(para)
22792
22800
msgid ""
22793
22801
"Once the configuration file is written, it is up to you to choose a "
22794
22802
"convention for username and password to mysql for each "
22796
22804
"shows only one, localhost, example."
22797
22805
msgstr ""
22798
22806
22799
#: serverguide/C/lamp-applications.xml:605(para)
22807
#: serverguide/C/lamp-applications.xml:631(para)
22800
22808
msgid ""
22801
22809
"Now configure <application>WordPress</application> to use a mysql database. "
22802
22810
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
22803
22811
"the following lines:"
22804
22812
msgstr ""
22805
22813
22806
#: serverguide/C/lamp-applications.xml:611(programlisting)
22814
#: serverguide/C/lamp-applications.xml:637(programlisting)
22807
22815
#, no-wrap
22808
22816
msgid ""
22809
22817
"\n"
22816
22824
"?>\n"
22817
22825
msgstr ""
22818
22826
22819
#: serverguide/C/lamp-applications.xml:620(para)
22827
#: serverguide/C/lamp-applications.xml:646(para)
22820
22828
msgid ""
22821
22829
"Now create this mysql database. Open a temporary file with mysql commands "
22822
22830
"<filename>wordpress.sql</filename> and write the following lines:"
22823
22831
msgstr ""
22824
22832
22825
#: serverguide/C/lamp-applications.xml:623(programlisting)
22833
#: serverguide/C/lamp-applications.xml:649(programlisting)
22826
22834
#, no-wrap
22827
22835
msgid ""
22828
22836
"\n"
22834
22842
"FLUSH PRIVILEGES;\n"
22835
22843
msgstr ""
22836
22844
22837
#: serverguide/C/lamp-applications.xml:631(para)
22845
#: serverguide/C/lamp-applications.xml:657(para)
22838
22846
msgid "Execute these commands."
22839
22847
msgstr ""
22840
22848
22841
#: serverguide/C/lamp-applications.xml:633(command)
22849
#: serverguide/C/lamp-applications.xml:659(command)
22842
22850
msgid ""
22843
22851
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
22844
22852
msgstr ""
22845
22853
22846
#: serverguide/C/lamp-applications.xml:635(para)
22854
#: serverguide/C/lamp-applications.xml:661(para)
22847
22855
msgid ""
22848
22856
"Your new <application>WordPress</application> can now be configured by "
22849
22857
"visiting <ulink url=\"http://localhost/blog/wp-"
22856
22864
"mail and click Install WordPress."
22857
22865
msgstr ""
22858
22866
22859
#: serverguide/C/lamp-applications.xml:642(para)
22867
#: serverguide/C/lamp-applications.xml:668(para)
22860
22868
msgid ""
22861
22869
"Note the generated password (if applicable) and click the login password. "
22862
22870
"Your <application>WordPress</application> is now ready for use."
22863
22871
msgstr ""
22864
22872
22865
#: serverguide/C/lamp-applications.xml:652(ulink)
22873
#: serverguide/C/lamp-applications.xml:678(ulink)
22866
22874
msgid "WordPress.org Codex"
22867
22875
msgstr ""
22868
22876
22869
#: serverguide/C/lamp-applications.xml:657(ulink)
22877
#: serverguide/C/lamp-applications.xml:683(ulink)
22870
22878
msgid "Ubuntu Wiki WordPress"
22871
22879
msgstr ""
22872
22880
22903
22911
#: serverguide/C/introduction.xml:31(para)
22904
22912
msgid ""
22905
22913
"There are a couple of different ways that Ubuntu Server Edition is "
22906
"supported, commercial support and community support. The main commercial "
22907
"support (and development funding) is available from Canonical Ltd. They "
22908
"supply reasonably priced support contracts on a per desktop or per server "
22914
"supported: commercial support and community support. The main commercial "
22915
"support (and development funding) is available from Canonical, Ltd. They "
22916
"supply reasonably- priced support contracts on a per desktop or per server "
22909
22917
"basis. For more information see the <ulink "
22910
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22911
"page."
22918
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22912
22919
msgstr ""
22913
22920
22914
#: serverguide/C/introduction.xml:38(para)
22921
#: serverguide/C/introduction.xml:40(para)
22915
22922
msgid ""
22916
"Community support is also provided by dedicated individuals, and companies, "
22923
"Community support is also provided by dedicated individuals and companies "
22917
22924
"that wish to make Ubuntu the best distribution possible. Support is provided "
22918
22925
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22919
22926
"large amount of information available can be overwhelming, but a good search "
22963
22970
msgid "Install Type"
22964
22971
msgstr "Jenis Instalasi"
22965
22972
22966
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
22973
#: serverguide/C/installation.xml:36(para)
22967
22974
msgid "CPU"
22968
22975
msgstr ""
22969
22976
22995
23002
msgid "512 megabytes"
22996
23003
msgstr ""
22997
23004
22998
#: serverguide/C/installation.xml:51(para)
23005
#: serverguide/C/installation.xml:50(para)
22999
23006
msgid "1 gigabyte"
23000
23007
msgstr ""
23001
23008
23007
23014
msgid "Server (Minimal)"
23008
23015
msgstr ""
23009
23016
23010
#: serverguide/C/installation.xml:48(para)
23017
#: serverguide/C/installation.xml:55(para)
23011
23018
msgid "300 megahertz"
23012
23019
msgstr ""
23013
23020
23023
23030
msgid "1.4 gigabytes"
23024
23031
msgstr ""
23025
23032
23026
#: serverguide/C/installation.xml:56(para)
23033
#: serverguide/C/installation.xml:64(para)
23027
23034
msgid ""
23028
23035
"The Server Edition provides a common base for all sorts of server "
23029
23036
"applications. It is a minimalist design providing a platform for the desired "
23030
23037
"services, such as file/print services, web hosting, email hosting, etc."
23031
23038
msgstr ""
23032
23039
23033
#: serverguide/C/installation.xml:70(title)
23040
#: serverguide/C/installation.xml:72(title)
23034
23041
msgid "Server and Desktop Differences"
23035
23042
msgstr ""
23036
23043
23037
#: serverguide/C/installation.xml:71(para)
23044
#: serverguide/C/installation.xml:73(para)
23038
23045
msgid ""
23039
23046
"There are a few differences between the <emphasis>Ubuntu Server "
23040
23047
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
23050
23057
"environment in the Server Edition and the installation process."
23051
23058
msgstr ""
23052
23059
23053
#: serverguide/C/installation.xml:84(title)
23060
#: serverguide/C/installation.xml:86(title)
23054
23061
msgid "Kernel Differences:"
23055
23062
msgstr ""
23056
23063
23057
#: serverguide/C/installation.xml:85(para)
23064
#: serverguide/C/installation.xml:87(para)
23058
23065
msgid ""
23059
23066
"Ubuntu version 10.10 and prior, actually had different kernels for the "
23060
23067
"server and desktop editions. Ubuntu no longer has separate -server and -"
23062
23069
"flavor to help reduce the maintenance burden over the life of the release."
23063
23070
msgstr ""
23064
23071
23065
#: serverguide/C/installation.xml:90(para)
23072
#: serverguide/C/installation.xml:92(para)
23066
23073
msgid ""
23067
23074
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
23068
23075
"limited by memory addressing space."
23076
23083
"great resource on the options available."
23077
23084
msgstr ""
23078
23085
23079
#: serverguide/C/installation.xml:104(title)
23086
#: serverguide/C/installation.xml:106(title)
23080
23087
msgid "Backing Up"
23081
23088
msgstr "Membuat Backup"
23082
23089
23083
#: serverguide/C/installation.xml:107(para)
23090
#: serverguide/C/installation.xml:109(para)
23084
23091
msgid ""
23085
23092
"Before installing <application>Ubuntu Server Edition</application> you "
23086
23093
"should make sure all data on the system is backed up. See <xref "
23087
23094
"linkend=\"backups\"/> for backup options."
23088
23095
msgstr ""
23089
23096
23090
#: serverguide/C/installation.xml:111(para)
23097
#: serverguide/C/installation.xml:113(para)
23091
23098
msgid ""
23092
23099
"If this is not the first time an operating system has been installed on your "
23093
23100
"computer, it is likely you will need to re-partition your disk to make room "
23094
23101
"for Ubuntu."
23095
23102
msgstr ""
23096
23103
23097
#: serverguide/C/installation.xml:115(para)
23104
#: serverguide/C/installation.xml:117(para)
23098
23105
msgid ""
23099
23106
"Any time you partition your disk, you should be prepared to lose everything "
23100
23107
"on the disk should you make a mistake or something goes wrong during "
23102
23109
"have seen years of use, but they also perform destructive actions."
23103
23110
msgstr ""
23104
23111
23105
#: serverguide/C/installation.xml:127(title)
23112
#: serverguide/C/installation.xml:129(title)
23106
23113
msgid "Installing from CD"
23107
23114
msgstr "Instalasi dari CD"
23108
23115
23109
#: serverguide/C/installation.xml:128(para)
23116
#: serverguide/C/installation.xml:130(para)
23110
23117
msgid ""
23111
23118
"The basic steps to install Ubuntu Server Edition from CD are the same as "
23112
23119
"those for installing any operating system from CD. Unlike the "
23115
23122
"Server Edition uses a console menu based process instead."
23116
23123
msgstr ""
23117
23124
23118
#: serverguide/C/installation.xml:135(para)
23125
#: serverguide/C/installation.xml:137(para)
23119
23126
msgid ""
23120
"First, download and burn the appropriate ISO file from the <ulink "
23127
"Download and burn the appropriate ISO file from the <ulink "
23121
23128
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
23122
23129
"site</ulink>."
23123
23130
msgstr ""
23124
23131
23125
#: serverguide/C/installation.xml:141(para)
23132
#: serverguide/C/installation.xml:143(para)
23126
23133
msgid "Boot the system from the CD-ROM drive."
23127
23134
msgstr ""
23128
23135
23129
#: serverguide/C/installation.xml:146(para)
23136
#: serverguide/C/installation.xml:148(para)
23130
23137
msgid "At the boot prompt you will be asked to select a language."
23131
23138
msgstr ""
23132
23139
23133
#: serverguide/C/installation.xml:151(para)
23140
#: serverguide/C/installation.xml:153(para)
23134
23141
msgid ""
23135
23142
"From the main boot menu there are some additional options to install Ubuntu "
23136
23143
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
23139
23146
"install."
23140
23147
msgstr ""
23141
23148
23142
#: serverguide/C/installation.xml:158(para)
23149
#: serverguide/C/installation.xml:160(para)
23143
23150
msgid ""
23144
"The installer asks for which language it should use. Afterwards, you are "
23145
"asked to select your location."
23151
"The installer asks which language it should use. Afterwards, you are asked "
23152
"to select your location."
23146
23153
msgstr ""
23147
23154
23148
#: serverguide/C/installation.xml:164(para)
23155
#: serverguide/C/installation.xml:166(para)
23149
23156
msgid ""
23150
23157
"Next, the installation process begins by asking for your keyboard layout. "
23151
23158
"You can ask the installer to attempt auto-detecting it, or you can select it "
23152
23159
"manually from a list."
23153
23160
msgstr ""
23154
23161
23155
#: serverguide/C/installation.xml:170(para)
23162
#: serverguide/C/installation.xml:172(para)
23156
23163
msgid ""
23157
23164
"The installer then discovers your hardware configuration, and configures the "
23158
23165
"network settings using DHCP. If you do not wish to use DHCP at the next "
23164
23171
msgid "Next, the installer asks for the system's hostname."
23165
23172
msgstr ""
23166
23173
23167
#: serverguide/C/installation.xml:195(para)
23174
#: serverguide/C/installation.xml:184(para)
23168
23175
msgid ""
23169
23176
"A new user is set up; this user will have <emphasis>root</emphasis> access "
23170
23177
"through the <application>sudo</application> utility."
23171
23178
msgstr ""
23172
23179
23173
#: serverguide/C/installation.xml:201(para)
23180
#: serverguide/C/installation.xml:190(para)
23174
23181
msgid ""
23175
"After the user settings have been completed, you will be asked to encrypt "
23176
"your <filename role=\"directory\">home</filename> directory."
23182
"After the user settings have been completed, you will be asked if you want "
23183
"to encrypt your <filename role=\"directory\">home</filename> directory."
23177
23184
msgstr ""
23178
23185
23179
23186
#: serverguide/C/installation.xml:196(para)
23180
23187
msgid "Next, the installer asks for the system's Time Zone."
23181
23188
msgstr ""
23182
23189
23183
#: serverguide/C/installation.xml:182(para)
23190
#: serverguide/C/installation.xml:201(para)
23184
23191
msgid ""
23185
23192
"You can then choose from several options to configure the hard drive layout. "
23186
"Afterwards you are asked for which disk to install to. You may get "
23187
"confirmation prompts before rewriting the partition table or setting up LVM "
23188
"depending on disk layout. If you choose LVM, you will be asked for the size "
23189
"of the root logical volume. For advanced disk options see <xref "
23190
"linkend=\"advanced-installation\"/>."
23193
"Afterwards you are asked which disk to install to. You may get confirmation "
23194
"prompts before rewriting the partition table or setting up LVM depending on "
23195
"disk layout. If you choose LVM, you will be asked for the size of the root "
23196
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
23197
"installation\"/>."
23191
23198
msgstr ""
23192
23199
23193
#: serverguide/C/installation.xml:190(para)
23200
#: serverguide/C/installation.xml:209(para)
23194
23201
msgid "The Ubuntu base system is then installed."
23195
23202
msgstr ""
23196
23203
23197
#: serverguide/C/installation.xml:207(para)
23204
#: serverguide/C/installation.xml:214(para)
23198
23205
msgid ""
23199
23206
"The next step in the installation process is to decide how you want to "
23200
23207
"update the system. There are three options:"
23201
23208
msgstr ""
23202
23209
23203
#: serverguide/C/installation.xml:213(para)
23210
#: serverguide/C/installation.xml:220(para)
23204
23211
msgid ""
23205
23212
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
23206
23213
"log into the machine and manually install updates."
23207
23214
msgstr ""
23208
23215
23209
#: serverguide/C/installation.xml:219(para)
23216
#: serverguide/C/installation.xml:226(para)
23210
23217
msgid ""
23211
23218
"<emphasis>Install security updates automatically</emphasis>: this will "
23212
23219
"install the <application>unattended-upgrades</application> package, which "
23214
23221
"For more details see <xref linkend=\"automatic-updates\"/>."
23215
23222
msgstr ""
23216
23223
23217
#: serverguide/C/installation.xml:226(para)
23224
#: serverguide/C/installation.xml:233(para)
23218
23225
msgid ""
23219
23226
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
23220
23227
"service provided by Canonical to help manage your Ubuntu machines. See the "
23221
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
23222
"site for details."
23228
"<ulink url=\"http://landscape.canonical.com/\">Landscape</ulink> site for "
23229
"details."
23223
23230
msgstr ""
23224
23231
23225
#: serverguide/C/installation.xml:235(para)
23232
#: serverguide/C/installation.xml:242(para)
23226
23233
msgid ""
23227
23234
"You now have the option to install, or not install, several package tasks. "
23228
23235
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
23230
23237
"install. For more information see <xref linkend=\"aptitude\"/>."
23231
23238
msgstr ""
23232
23239
23233
#: serverguide/C/installation.xml:243(para)
23240
#: serverguide/C/installation.xml:250(para)
23234
23241
msgid "Finally, the last step before rebooting is to set the clock to UTC."
23235
23242
msgstr ""
23236
23243
23237
#: serverguide/C/installation.xml:249(para)
23244
#: serverguide/C/installation.xml:256(para)
23238
23245
msgid ""
23239
23246
"If at any point during installation you are not satisfied by the default "
23240
23247
"setting, use the \"Go Back\" function at any prompt to be brought to a "
23242
23249
"settings."
23243
23250
msgstr ""
23244
23251
23245
#: serverguide/C/installation.xml:254(para)
23252
#: serverguide/C/installation.xml:261(para)
23246
23253
msgid ""
23247
23254
"At some point during the installation process you may want to read the help "
23248
23255
"screen provided by the installation system. To do this, press F1."
23255
23262
"Installation Guide</ulink>."
23256
23263
msgstr ""
23257
23264
23258
#: serverguide/C/installation.xml:265(title)
23265
#: serverguide/C/installation.xml:272(title)
23259
23266
msgid "Package Tasks"
23260
23267
msgstr ""
23261
23268
23262
#: serverguide/C/installation.xml:266(para)
23269
#: serverguide/C/installation.xml:273(para)
23263
23270
msgid ""
23264
23271
"During the Server Edition installation you have the option of installing "
23265
23272
"additional packages from the CD. The packages are grouped by the type of "
23266
23273
"service they provide."
23267
23274
msgstr ""
23268
23275
23269
#: serverguide/C/installation.xml:272(para)
23276
#: serverguide/C/installation.xml:279(para)
23270
23277
msgid "DNS server: Selects the BIND DNS server and its documentation."
23271
23278
msgstr ""
23272
23279
23273
#: serverguide/C/installation.xml:277(para)
23280
#: serverguide/C/installation.xml:284(para)
23274
23281
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23275
23282
msgstr ""
23276
23283
23277
#: serverguide/C/installation.xml:282(para)
23284
#: serverguide/C/installation.xml:289(para)
23278
23285
msgid ""
23279
23286
"Mail server: This task selects a variety of packages useful for a general "
23280
23287
"purpose mail server system."
23281
23288
msgstr ""
23282
23289
23283
#: serverguide/C/installation.xml:287(para)
23290
#: serverguide/C/installation.xml:294(para)
23284
23291
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23285
23292
msgstr ""
23286
23293
23287
#: serverguide/C/installation.xml:292(para)
23294
#: serverguide/C/installation.xml:299(para)
23288
23295
msgid ""
23289
23296
"PostgreSQL database: This task selects client and server packages for the "
23290
23297
"PostgreSQL database."
23291
23298
msgstr ""
23292
23299
23293
#: serverguide/C/installation.xml:297(para)
23300
#: serverguide/C/installation.xml:304(para)
23294
23301
msgid "Print server: This task sets up your system to be a print server."
23295
23302
msgstr ""
23296
23303
23297
#: serverguide/C/installation.xml:302(para)
23304
#: serverguide/C/installation.xml:309(para)
23298
23305
msgid ""
23299
23306
"Samba File server: This task sets up your system to be a Samba file server, "
23300
23307
"which is especially suitable in networks with both Windows and Linux systems."
23301
23308
msgstr ""
23302
23309
23303
#: serverguide/C/installation.xml:308(para)
23310
#: serverguide/C/installation.xml:315(para)
23304
23311
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23305
23312
msgstr ""
23306
23313
23307
#: serverguide/C/installation.xml:313(para)
23314
#: serverguide/C/installation.xml:320(para)
23308
23315
msgid ""
23309
23316
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23310
23317
msgstr ""
23311
23318
23312
#: serverguide/C/installation.xml:318(para)
23319
#: serverguide/C/installation.xml:325(para)
23313
23320
msgid ""
23314
23321
"Manually select packages: Executes <application>aptitude</application> "
23315
23322
"allowing you to individually select packages."
23316
23323
msgstr ""
23317
23324
23318
#: serverguide/C/installation.xml:323(para)
23325
#: serverguide/C/installation.xml:330(para)
23319
23326
msgid ""
23320
23327
"Installing the package groups is accomplished using the "
23321
23328
"<application>tasksel</application> utility. One of the important differences "
23326
23333
"a fully integrated service."
23327
23334
msgstr ""
23328
23335
23329
#: serverguide/C/installation.xml:330(para)
23336
#: serverguide/C/installation.xml:337(para)
23330
23337
msgid ""
23331
23338
"Once the installation process has finished you can view a list of available "
23332
23339
"tasks by entering the following from a terminal prompt:"
23333
23340
msgstr ""
23334
23341
23335
#: serverguide/C/installation.xml:335(command)
23342
#: serverguide/C/installation.xml:342(command)
23336
23343
msgid "tasksel --list-tasks"
23337
23344
msgstr ""
23338
23345
23339
#: serverguide/C/installation.xml:338(para)
23346
#: serverguide/C/installation.xml:345(para)
23340
23347
msgid ""
23341
23348
"The output will list tasks from other Ubuntu based distributions such as "
23342
23349
"Kubuntu and Edubuntu. Note that you can also invoke the "
23344
23351
"the different tasks available."
23345
23352
msgstr ""
23346
23353
23347
#: serverguide/C/installation.xml:344(para)
23354
#: serverguide/C/installation.xml:351(para)
23348
23355
msgid ""
23349
23356
"You can view a list of which packages are installed with each task using the "
23350
23357
"<emphasis>--task-packages</emphasis> option. For example, to list the "
23352
23359
"following:"
23353
23360
msgstr ""
23354
23361
23355
#: serverguide/C/installation.xml:349(command)
23362
#: serverguide/C/installation.xml:356(command)
23356
23363
msgid "tasksel --task-packages dns-server"
23357
23364
msgstr ""
23358
23365
23359
#: serverguide/C/installation.xml:351(para)
23366
#: serverguide/C/installation.xml:358(para)
23360
23367
msgid "The output of the command should list:"
23361
23368
msgstr ""
23362
23369
23363
#: serverguide/C/installation.xml:354(programlisting)
23370
#: serverguide/C/installation.xml:361(programlisting)
23364
23371
#, no-wrap
23365
23372
msgid ""
23366
23373
"\n"
23369
23376
"bind9\n"
23370
23377
msgstr ""
23371
23378
23372
#: serverguide/C/installation.xml:359(para)
23379
#: serverguide/C/installation.xml:366(para)
23373
23380
msgid ""
23374
23381
"If you did not install one of the tasks during the installation process, but "
23375
23382
"for example you decide to make your new LAMP server a DNS server as well, "
23376
23383
"simply insert the installation CD and from a terminal:"
23377
23384
msgstr ""
23378
23385
23379
#: serverguide/C/installation.xml:364(command)
23386
#: serverguide/C/installation.xml:371(command)
23380
23387
msgid "sudo tasksel install dns-server"
23381
23388
msgstr ""
23382
23389
23383
#: serverguide/C/installation.xml:369(title)
23390
#: serverguide/C/installation.xml:376(title)
23384
23391
msgid "Upgrading"
23385
23392
msgstr ""
23386
23393
23387
#: serverguide/C/installation.xml:370(para)
23394
#: serverguide/C/installation.xml:377(para)
23388
23395
msgid ""
23389
23396
"There are several ways to upgrade from one Ubuntu release to another. This "
23390
23397
"section gives an overview of the recommended upgrade method."
23391
23398
msgstr ""
23392
23399
23393
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
23400
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
23394
23401
msgid "do-release-upgrade"
23395
23402
msgstr ""
23396
23403
23397
#: serverguide/C/installation.xml:375(para)
23404
#: serverguide/C/installation.xml:382(para)
23398
23405
msgid ""
23399
23406
"The recommended way to upgrade a Server Edition installation is to use the "
23400
23407
"<application>do-release-upgrade</application> utility. Part of the "
23402
23409
"graphical dependencies and is installed by default."
23403
23410
msgstr ""
23404
23411
23405
#: serverguide/C/installation.xml:380(para)
23412
#: serverguide/C/installation.xml:387(para)
23406
23413
msgid ""
23407
23414
"Debian based systems can also be upgraded by using <command>apt-get dist-"
23408
23415
"upgrade</command>. However, using <application>do-release-"
23410
23417
"system configuration changes sometimes needed between releases."
23411
23418
msgstr ""
23412
23419
23413
#: serverguide/C/installation.xml:385(para)
23420
#: serverguide/C/installation.xml:392(para)
23414
23421
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23415
23422
msgstr ""
23416
23423
23417
#: serverguide/C/installation.xml:391(para)
23424
#: serverguide/C/installation.xml:398(para)
23418
23425
msgid ""
23419
23426
"It is also possible to use <application>do-release-upgrade</application> to "
23420
23427
"upgrade to a development version of Ubuntu. To accomplish this use the "
23421
23428
"<emphasis>-d</emphasis> switch:"
23422
23429
msgstr ""
23423
23430
23424
#: serverguide/C/installation.xml:396(command)
23431
#: serverguide/C/installation.xml:403(command)
23425
23432
msgid "do-release-upgrade -d"
23426
23433
msgstr ""
23427
23434
23428
#: serverguide/C/installation.xml:399(para)
23435
#: serverguide/C/installation.xml:406(para)
23429
23436
msgid ""
23430
23437
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23431
23438
"for production environments."
23432
23439
msgstr ""
23433
23440
23434
#: serverguide/C/installation.xml:406(title)
23441
#: serverguide/C/installation.xml:413(title)
23435
23442
msgid "Advanced Installation"
23436
23443
msgstr ""
23437
23444
23438
#: serverguide/C/installation.xml:409(title)
23445
#: serverguide/C/installation.xml:416(title)
23439
23446
msgid "Software RAID"
23440
23447
msgstr ""
23441
23448
23442
#: serverguide/C/installation.xml:411(para)
23449
#: serverguide/C/installation.xml:418(para)
23443
23450
msgid ""
23444
23451
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23445
23452
"disks to provide different balances of increasing data reliability and/or "
23450
23457
"the drives 'invisibly')."
23451
23458
msgstr ""
23452
23459
23453
#: serverguide/C/installation.xml:419(para)
23460
#: serverguide/C/installation.xml:426(para)
23454
23461
msgid ""
23455
23462
"The RAID software included with current versions of Linux (and Ubuntu) is "
23456
23463
"based on the <application>'mdadm'</application> driver and works very well, "
23460
23467
"another for <emphasis>swap</emphasis>."
23461
23468
msgstr ""
23462
23469
23463
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23470
#: serverguide/C/installation.xml:434(title)
23464
23471
msgid "Partitioning"
23465
23472
msgstr ""
23466
23473
23467
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23474
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23468
23475
msgid ""
23469
23476
"Follow the installation steps until you get to the <emphasis>Partition "
23470
23477
"disks</emphasis> step, then:"
23471
23478
msgstr ""
23472
23479
23473
#: serverguide/C/installation.xml:436(para)
23480
#: serverguide/C/installation.xml:443(para)
23474
23481
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23475
23482
msgstr ""
23476
23483
23477
#: serverguide/C/installation.xml:443(para)
23484
#: serverguide/C/installation.xml:450(para)
23478
23485
msgid ""
23479
23486
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23480
23487
"partition table on this device?\"</emphasis>."
23481
23488
msgstr ""
23482
23489
23483
#: serverguide/C/installation.xml:447(para)
23490
#: serverguide/C/installation.xml:454(para)
23484
23491
msgid ""
23485
23492
"Repeat this step for each drive you wish to be part of the RAID array."
23486
23493
msgstr ""
23487
23494
23488
#: serverguide/C/installation.xml:454(para)
23495
#: serverguide/C/installation.xml:461(para)
23489
23496
msgid ""
23490
23497
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23491
23498
"select <emphasis>\"Create a new partition\"</emphasis>."
23492
23499
msgstr ""
23493
23500
23494
#: serverguide/C/installation.xml:461(para)
23501
#: serverguide/C/installation.xml:468(para)
23495
23502
msgid ""
23496
23503
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23497
23504
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23499
23506
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
23500
23507
msgstr ""
23501
23508
23502
#: serverguide/C/installation.xml:468(para)
23509
#: serverguide/C/installation.xml:475(para)
23503
23510
msgid ""
23504
23511
"A swap partition size of twice the available RAM capacity may not always be "
23505
23512
"desirable, especially on systems with large amounts of RAM. Calculating the "
23507
23514
"going to be used."
23508
23515
msgstr ""
23509
23516
23510
#: serverguide/C/installation.xml:477(para)
23517
#: serverguide/C/installation.xml:484(para)
23511
23518
msgid ""
23512
23519
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
23513
23520
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
23515
23522
"<emphasis>\"Done setting up partition\"</emphasis>."
23516
23523
msgstr ""
23517
23524
23518
#: serverguide/C/installation.xml:486(para)
23525
#: serverguide/C/installation.xml:493(para)
23519
23526
msgid ""
23520
23527
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
23521
23528
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
23522
23529
"partition\"</emphasis>."
23523
23530
msgstr ""
23524
23531
23525
#: serverguide/C/installation.xml:494(para)
23532
#: serverguide/C/installation.xml:501(para)
23526
23533
msgid ""
23527
23534
"Use the rest of the free space on the drive and choose "
23528
23535
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
23529
23536
msgstr ""
23530
23537
23531
#: serverguide/C/installation.xml:501(para)
23538
#: serverguide/C/installation.xml:508(para)
23532
23539
msgid ""
23533
23540
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
23534
23541
"at the top, changing it to <emphasis>\"physical volume for "
23537
23544
"<emphasis>\"Done setting up partition\"</emphasis>."
23538
23545
msgstr ""
23539
23546
23540
#: serverguide/C/installation.xml:511(para)
23547
#: serverguide/C/installation.xml:518(para)
23541
23548
msgid "Repeat steps three through eight for the other disk and partitions."
23542
23549
msgstr ""
23543
23550
23544
#: serverguide/C/installation.xml:520(title)
23551
#: serverguide/C/installation.xml:527(title)
23545
23552
msgid "RAID Configuration"
23546
23553
msgstr ""
23547
23554
23548
#: serverguide/C/installation.xml:522(para)
23555
#: serverguide/C/installation.xml:529(para)
23549
23556
msgid "With the partitions setup the arrays are ready to be configured:"
23550
23557
msgstr ""
23551
23558
23552
#: serverguide/C/installation.xml:529(para)
23559
#: serverguide/C/installation.xml:536(para)
23553
23560
msgid ""
23554
23561
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23555
23562
"Software RAID\"</emphasis> at the top."
23556
23563
msgstr ""
23557
23564
23558
#: serverguide/C/installation.xml:536(para)
23565
#: serverguide/C/installation.xml:543(para)
23559
23566
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23560
23567
msgstr ""
23561
23568
23562
#: serverguide/C/installation.xml:543(para)
23569
#: serverguide/C/installation.xml:550(para)
23563
23570
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23564
23571
msgstr ""
23565
23572
23566
#: serverguide/C/installation.xml:550(para)
23573
#: serverguide/C/installation.xml:557(para)
23567
23574
msgid ""
23568
23575
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23569
23576
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23570
23577
msgstr ""
23571
23578
23572
#: serverguide/C/installation.xml:556(para)
23579
#: serverguide/C/installation.xml:563(para)
23573
23580
msgid ""
23574
23581
"In order to use <emphasis>RAID5</emphasis> you need at least "
23575
23582
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23576
23583
"<emphasis>two</emphasis> drives are required."
23577
23584
msgstr ""
23578
23585
23579
#: serverguide/C/installation.xml:565(para)
23586
#: serverguide/C/installation.xml:572(para)
23580
23587
msgid ""
23581
23588
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23582
23589
"of hard drives you have, for the array. Then select "
23583
23590
"<emphasis>\"Continue\"</emphasis>."
23584
23591
msgstr ""
23585
23592
23586
#: serverguide/C/installation.xml:573(para)
23593
#: serverguide/C/installation.xml:580(para)
23587
23594
msgid ""
23588
23595
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23589
23596
"default, then choose <emphasis>\"Continue\"</emphasis>."
23590
23597
msgstr ""
23591
23598
23592
#: serverguide/C/installation.xml:580(para)
23599
#: serverguide/C/installation.xml:587(para)
23593
23600
msgid ""
23594
23601
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23595
23602
"etc. The numbers will usually match and the different letters correspond to "
23596
23603
"different hard drives."
23597
23604
msgstr ""
23598
23605
23599
#: serverguide/C/installation.xml:585(para)
23606
#: serverguide/C/installation.xml:592(para)
23600
23607
msgid ""
23601
23608
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23602
23609
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23603
23610
"go to the next step."
23604
23611
msgstr ""
23605
23612
23606
#: serverguide/C/installation.xml:593(para)
23613
#: serverguide/C/installation.xml:600(para)
23607
23614
msgid ""
23608
23615
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23609
23616
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23610
23617
"and <emphasis>sdb2</emphasis>."
23611
23618
msgstr ""
23612
23619
23613
#: serverguide/C/installation.xml:601(para)
23620
#: serverguide/C/installation.xml:608(para)
23614
23621
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23615
23622
msgstr ""
23616
23623
23617
#: serverguide/C/installation.xml:611(title)
23624
#: serverguide/C/installation.xml:618(title)
23618
23625
msgid "Formatting"
23619
23626
msgstr ""
23620
23627
23621
#: serverguide/C/installation.xml:613(para)
23628
#: serverguide/C/installation.xml:620(para)
23622
23629
msgid ""
23623
23630
"There should now be a list of hard drives and RAID devices. The next step is "
23624
23631
"to format and set the mount point for the RAID devices. Treat the RAID "
23625
23632
"device as a local hard drive, format and mount accordingly."
23626
23633
msgstr ""
23627
23634
23628
#: serverguide/C/installation.xml:621(para)
23635
#: serverguide/C/installation.xml:628(para)
23629
23636
msgid ""
23630
23637
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23631
23638
"#0\"</emphasis> partition."
23632
23639
msgstr ""
23633
23640
23634
#: serverguide/C/installation.xml:628(para)
23641
#: serverguide/C/installation.xml:635(para)
23635
23642
msgid ""
23636
23643
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23637
23644
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23638
23645
msgstr ""
23639
23646
23640
#: serverguide/C/installation.xml:636(para)
23647
#: serverguide/C/installation.xml:643(para)
23641
23648
msgid ""
23642
23649
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23643
23650
"#1\"</emphasis> partition."
23644
23651
msgstr ""
23645
23652
23646
#: serverguide/C/installation.xml:643(para)
23653
#: serverguide/C/installation.xml:650(para)
23647
23654
msgid ""
23648
23655
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23649
23656
"journaling file system\"</emphasis>."
23650
23657
msgstr ""
23651
23658
23652
#: serverguide/C/installation.xml:650(para)
23659
#: serverguide/C/installation.xml:657(para)
23653
23660
msgid ""
23654
23661
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23655
23662
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23657
23664
"partition\"</emphasis>."
23658
23665
msgstr ""
23659
23666
23660
#: serverguide/C/installation.xml:658(para)
23667
#: serverguide/C/installation.xml:665(para)
23661
23668
msgid ""
23662
23669
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23663
23670
"disk\"</emphasis>."
23664
23671
msgstr ""
23665
23672
23666
#: serverguide/C/installation.xml:665(para)
23673
#: serverguide/C/installation.xml:672(para)
23667
23674
msgid ""
23668
23675
"If you choose to place the root partition on a RAID array, the installer "
23669
23676
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23670
23677
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23671
23678
msgstr ""
23672
23679
23673
#: serverguide/C/installation.xml:670(para)
23680
#: serverguide/C/installation.xml:677(para)
23674
23681
msgid "The installation process will then continue normally."
23675
23682
msgstr ""
23676
23683
23677
#: serverguide/C/installation.xml:676(title)
23684
#: serverguide/C/installation.xml:683(title)
23678
23685
msgid "Degraded RAID"
23679
23686
msgstr ""
23680
23687
23681
#: serverguide/C/installation.xml:678(para)
23688
#: serverguide/C/installation.xml:685(para)
23682
23689
msgid ""
23683
23690
"At some point in the life of the computer a disk failure event may occur. "
23684
23691
"When this happens, using Software RAID, the operating system will place the "
23685
23692
"array into what is known as a <emphasis>degraded</emphasis> state."
23686
23693
msgstr ""
23687
23694
23688
#: serverguide/C/installation.xml:683(para)
23695
#: serverguide/C/installation.xml:690(para)
23689
23696
msgid ""
23690
23697
"If the array has become degraded, due to the chance of data corruption, by "
23691
23698
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23696
23703
"Booting to a degraded array can be configured several ways:"
23697
23704
msgstr ""
23698
23705
23699
#: serverguide/C/installation.xml:694(para)
23706
#: serverguide/C/installation.xml:701(para)
23700
23707
msgid ""
23701
23708
"The <application>dpkg-reconfigure</application> utility can be used to "
23702
23709
"configure the default behavior, and during the process you will be queried "
23705
23712
"following:"
23706
23713
msgstr ""
23707
23714
23708
#: serverguide/C/installation.xml:701(command)
23715
#: serverguide/C/installation.xml:708(command)
23709
23716
msgid "sudo dpkg-reconfigure mdadm"
23710
23717
msgstr ""
23711
23718
23712
#: serverguide/C/installation.xml:707(para)
23719
#: serverguide/C/installation.xml:714(para)
23713
23720
msgid ""
23714
23721
"The <command>dpkg-reconfigure mdadm</command> process will change the "
23715
23722
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
23717
23724
"behavior, and can also be manually edited:"
23718
23725
msgstr ""
23719
23726
23720
#: serverguide/C/installation.xml:713(programlisting)
23727
#: serverguide/C/installation.xml:720(programlisting)
23721
23728
#, no-wrap
23722
23729
msgid ""
23723
23730
"\n"
23724
23731
"BOOT_DEGRADED=true\n"
23725
23732
msgstr ""
23726
23733
23727
#: serverguide/C/installation.xml:718(para)
23734
#: serverguide/C/installation.xml:725(para)
23728
23735
msgid "The configuration file can be overridden by using a Kernel argument."
23729
23736
msgstr ""
23730
23737
23731
#: serverguide/C/installation.xml:726(para)
23738
#: serverguide/C/installation.xml:733(para)
23732
23739
msgid ""
23733
23740
"Using a Kernel argument will allow the system to boot to a degraded array as "
23734
23741
"well:"
23735
23742
msgstr ""
23736
23743
23737
#: serverguide/C/installation.xml:732(para)
23744
#: serverguide/C/installation.xml:739(para)
23738
23745
msgid ""
23739
23746
"When the server is booting press <keycap>Shift</keycap> to open the "
23740
23747
"<application>Grub</application> menu."
23741
23748
msgstr ""
23742
23749
23743
#: serverguide/C/installation.xml:737(para)
23750
#: serverguide/C/installation.xml:744(para)
23744
23751
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23745
23752
msgstr ""
23746
23753
23747
#: serverguide/C/installation.xml:742(para)
23754
#: serverguide/C/installation.xml:749(para)
23748
23755
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23749
23756
msgstr ""
23750
23757
23751
#: serverguide/C/installation.xml:747(para)
23758
#: serverguide/C/installation.xml:754(para)
23752
23759
msgid ""
23753
23760
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23754
23761
"end of the line."
23755
23762
msgstr ""
23756
23763
23757
#: serverguide/C/installation.xml:752(para)
23764
#: serverguide/C/installation.xml:759(para)
23758
23765
msgid ""
23759
23766
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23760
23767
"the system."
23761
23768
msgstr ""
23762
23769
23763
#: serverguide/C/installation.xml:761(para)
23770
#: serverguide/C/installation.xml:768(para)
23764
23771
msgid ""
23765
23772
"Once the system has booted you can either repair the array see <xref "
23766
23773
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23767
23774
"another machine due to major hardware failure."
23768
23775
msgstr ""
23769
23776
23770
#: serverguide/C/installation.xml:768(title)
23777
#: serverguide/C/installation.xml:775(title)
23771
23778
msgid "RAID Maintenance"
23772
23779
msgstr ""
23773
23780
23774
#: serverguide/C/installation.xml:770(para)
23781
#: serverguide/C/installation.xml:777(para)
23775
23782
msgid ""
23776
23783
"The <application>mdadm</application> utility can be used to view the status "
23777
23784
"of an array, add disks to an array, remove disks, etc:"
23778
23785
msgstr ""
23779
23786
23780
#: serverguide/C/installation.xml:777(para)
23787
#: serverguide/C/installation.xml:784(para)
23781
23788
msgid "To view the status of an array, from a terminal prompt enter:"
23782
23789
msgstr ""
23783
23790
23784
#: serverguide/C/installation.xml:781(command)
23791
#: serverguide/C/installation.xml:788(command)
23785
23792
msgid "sudo mdadm -D /dev/md0"
23786
23793
msgstr ""
23787
23794
23788
#: serverguide/C/installation.xml:784(para)
23795
#: serverguide/C/installation.xml:791(para)
23789
23796
msgid ""
23790
23797
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23791
23798
"display <emphasis>detailed</emphasis> information about the "
23793
23800
"with the appropriate RAID device."
23794
23801
msgstr ""
23795
23802
23796
#: serverguide/C/installation.xml:790(para)
23803
#: serverguide/C/installation.xml:797(para)
23797
23804
msgid "To view the status of a disk in an array:"
23798
23805
msgstr ""
23799
23806
23800
#: serverguide/C/installation.xml:794(command)
23807
#: serverguide/C/installation.xml:801(command)
23801
23808
msgid "sudo mdadm -E /dev/sda1"
23802
23809
msgstr ""
23803
23810
23804
#: serverguide/C/installation.xml:796(para)
23811
#: serverguide/C/installation.xml:803(para)
23805
23812
msgid ""
23806
23813
"The output if very similar to the <command>mdadm -D</command> command, "
23807
23814
"adjust <filename>/dev/sda1</filename> for each disk."
23808
23815
msgstr ""
23809
23816
23810
#: serverguide/C/installation.xml:801(para)
23817
#: serverguide/C/installation.xml:808(para)
23811
23818
msgid "If a disk fails and needs to be removed from an array enter:"
23812
23819
msgstr ""
23813
23820
23814
#: serverguide/C/installation.xml:805(command)
23821
#: serverguide/C/installation.xml:812(command)
23815
23822
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23816
23823
msgstr ""
23817
23824
23818
#: serverguide/C/installation.xml:807(para)
23825
#: serverguide/C/installation.xml:814(para)
23819
23826
msgid ""
23820
23827
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23821
23828
"the appropriate RAID device and disk."
23822
23829
msgstr ""
23823
23830
23824
#: serverguide/C/installation.xml:812(para)
23831
#: serverguide/C/installation.xml:819(para)
23825
23832
msgid "Similarly, to add a new disk:"
23826
23833
msgstr ""
23827
23834
23828
#: serverguide/C/installation.xml:816(command)
23835
#: serverguide/C/installation.xml:823(command)
23829
23836
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23830
23837
msgstr ""
23831
23838
23832
#: serverguide/C/installation.xml:821(para)
23839
#: serverguide/C/installation.xml:828(para)
23833
23840
msgid ""
23834
23841
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23835
23842
"though there is nothing physically wrong with the drive. It is usually "
23838
23845
"the array, it is a good indication of hardware failure."
23839
23846
msgstr ""
23840
23847
23841
#: serverguide/C/installation.xml:827(para)
23848
#: serverguide/C/installation.xml:834(para)
23842
23849
msgid ""
23843
23850
"The <filename>/proc/mdstat</filename> file also contains useful information "
23844
23851
"about the system's RAID devices:"
23845
23852
msgstr ""
23846
23853
23847
#: serverguide/C/installation.xml:832(command)
23854
#: serverguide/C/installation.xml:839(command)
23848
23855
msgid "cat /proc/mdstat"
23849
23856
msgstr ""
23850
23857
23851
#: serverguide/C/installation.xml:833(computeroutput)
23858
#: serverguide/C/installation.xml:840(computeroutput)
23852
23859
#, no-wrap
23853
23860
msgid ""
23854
23861
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
23859
23866
"unused devices: <none>"
23860
23867
msgstr ""
23861
23868
23862
#: serverguide/C/installation.xml:840(para)
23869
#: serverguide/C/installation.xml:847(para)
23863
23870
msgid ""
23864
23871
"The following command is great for watching the status of a syncing drive:"
23865
23872
msgstr ""
23866
23873
23867
#: serverguide/C/installation.xml:845(command)
23874
#: serverguide/C/installation.xml:852(command)
23868
23875
msgid "watch -n1 cat /proc/mdstat"
23869
23876
msgstr ""
23870
23877
23871
#: serverguide/C/installation.xml:848(para)
23878
#: serverguide/C/installation.xml:855(para)
23872
23879
msgid ""
23873
23880
"Press <emphasis>Ctrl+c</emphasis> to stop the "
23874
23881
"<application>watch</application> command."
23875
23882
msgstr ""
23876
23883
23877
#: serverguide/C/installation.xml:852(para)
23884
#: serverguide/C/installation.xml:859(para)
23878
23885
msgid ""
23879
23886
"If you do need to replace a faulty drive, after the drive has been replaced "
23880
23887
"and synced, <application>grub</application> will need to be installed. To "
23882
23889
"following:"
23883
23890
msgstr ""
23884
23891
23885
#: serverguide/C/installation.xml:858(command)
23892
#: serverguide/C/installation.xml:865(command)
23886
23893
msgid "sudo grub-install /dev/md0"
23887
23894
msgstr ""
23888
23895
23889
#: serverguide/C/installation.xml:861(para)
23896
#: serverguide/C/installation.xml:868(para)
23890
23897
msgid ""
23891
23898
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23892
23899
msgstr ""
23893
23900
23894
#: serverguide/C/installation.xml:869(para)
23901
#: serverguide/C/installation.xml:876(para)
23895
23902
msgid ""
23896
23903
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23897
23904
"can be configured. Please see the following links for more information:"
23898
23905
msgstr ""
23899
23906
23900
#: serverguide/C/installation.xml:876(para)
23907
#: serverguide/C/installation.xml:883(para)
23901
23908
msgid ""
23902
23909
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23903
23910
"Wiki Articles on RAID</ulink>."
23904
23911
msgstr ""
23905
23912
23906
#: serverguide/C/installation.xml:882(ulink)
23913
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23907
23914
msgid "Software RAID HOWTO"
23908
23915
msgstr ""
23909
23916
23910
#: serverguide/C/installation.xml:887(ulink)
23917
#: serverguide/C/installation.xml:894(ulink)
23911
23918
msgid "Managing RAID on Linux"
23912
23919
msgstr ""
23913
23920
23914
#: serverguide/C/installation.xml:894(title)
23921
#: serverguide/C/installation.xml:901(title)
23915
23922
msgid "Logical Volume Manager (LVM)"
23916
23923
msgstr ""
23917
23924
23918
#: serverguide/C/installation.xml:896(para)
23925
#: serverguide/C/installation.xml:903(para)
23919
23926
msgid ""
23920
23927
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23921
23928
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23924
23931
"giving greater flexibility to systems as requirements change."
23925
23932
msgstr ""
23926
23933
23927
#: serverguide/C/installation.xml:905(para)
23934
#: serverguide/C/installation.xml:912(para)
23928
23935
msgid ""
23929
23936
"A side effect of LVM's power and flexibility is a greater degree of "
23930
23937
"complication. Before diving into the LVM installation process, it is best to "
23931
23938
"get familiar with some terms."
23932
23939
msgstr ""
23933
23940
23934
#: serverguide/C/installation.xml:912(para)
23941
#: serverguide/C/installation.xml:919(para)
23935
23942
msgid ""
23936
23943
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23937
23944
"partition or software RAID partition formatted as LVM PV."
23938
23945
msgstr ""
23939
23946
23940
#: serverguide/C/installation.xml:918(para)
23947
#: serverguide/C/installation.xml:925(para)
23941
23948
msgid ""
23942
23949
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23943
23950
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23944
23951
"disk drive, from which one or more logical volumes are carved."
23945
23952
msgstr ""
23946
23953
23947
#: serverguide/C/installation.xml:924(para)
23954
#: serverguide/C/installation.xml:931(para)
23948
23955
msgid ""
23949
23956
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23950
23957
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23951
23958
"etc), it is then available for mounting and data storage."
23952
23959
msgstr ""
23953
23960
23954
#: serverguide/C/installation.xml:935(para)
23961
#: serverguide/C/installation.xml:942(para)
23955
23962
msgid ""
23956
23963
"As an example this section covers installing Ubuntu Server Edition with "
23957
23964
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23960
23967
"can be extended."
23961
23968
msgstr ""
23962
23969
23963
#: serverguide/C/installation.xml:941(para)
23970
#: serverguide/C/installation.xml:948(para)
23964
23971
msgid ""
23965
23972
"There are several installation options for LVM, <emphasis>\"Guided - use the "
23966
23973
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
23971
23978
"the Manual approach."
23972
23979
msgstr ""
23973
23980
23974
#: serverguide/C/installation.xml:958(para)
23981
#: serverguide/C/installation.xml:965(para)
23975
23982
msgid ""
23976
23983
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
23977
23984
"<emphasis>\"Manual\"</emphasis>."
23978
23985
msgstr ""
23979
23986
23980
#: serverguide/C/installation.xml:965(para)
23987
#: serverguide/C/installation.xml:972(para)
23981
23988
msgid ""
23982
23989
"Select the hard disk and on the next screen choose \"yes\" to "
23983
23990
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
23984
23991
msgstr ""
23985
23992
23986
#: serverguide/C/installation.xml:972(para)
23993
#: serverguide/C/installation.xml:979(para)
23987
23994
msgid ""
23988
23995
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
23989
23996
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
23990
23997
msgstr ""
23991
23998
23992
#: serverguide/C/installation.xml:980(para)
23999
#: serverguide/C/installation.xml:987(para)
23993
24000
msgid ""
23994
24001
"For the LVM <emphasis>/srv</emphasis>, create a new "
23995
24002
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
23997
24004
"<emphasis>\"Done setting up the partition\"</emphasis>."
23998
24005
msgstr ""
23999
24006
24000
#: serverguide/C/installation.xml:988(para)
24007
#: serverguide/C/installation.xml:995(para)
24001
24008
msgid ""
24002
24009
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
24003
24010
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
24004
24011
"disk."
24005
24012
msgstr ""
24006
24013
24007
#: serverguide/C/installation.xml:996(para)
24014
#: serverguide/C/installation.xml:1003(para)
24008
24015
msgid ""
24009
24016
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
24010
24017
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
24013
24020
"<emphasis>\"Continue\"</emphasis>."
24014
24021
msgstr ""
24015
24022
24016
#: serverguide/C/installation.xml:1005(para)
24023
#: serverguide/C/installation.xml:1012(para)
24017
24024
msgid ""
24018
24025
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
24019
24026
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
24024
24031
"main <emphasis>\"Partition Disks\"</emphasis> screen."
24025
24032
msgstr ""
24026
24033
24027
#: serverguide/C/installation.xml:1015(para)
24034
#: serverguide/C/installation.xml:1022(para)
24028
24035
msgid ""
24029
24036
"Now add a filesystem to the new LVM. Select the partition under "
24030
24037
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
24033
24040
"select <emphasis>\"Done setting up the partition\"</emphasis>."
24034
24041
msgstr ""
24035
24042
24036
#: serverguide/C/installation.xml:1024(para)
24043
#: serverguide/C/installation.xml:1031(para)
24037
24044
msgid ""
24038
24045
"Finally, select <emphasis>\"Finish partitioning and write changes to "
24039
24046
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
24040
24047
"the installation."
24041
24048
msgstr ""
24042
24049
24043
#: serverguide/C/installation.xml:1032(para)
24050
#: serverguide/C/installation.xml:1039(para)
24044
24051
msgid "There are some useful utilities to view information about LVM:"
24045
24052
msgstr ""
24046
24053
24047
#: serverguide/C/installation.xml:1037(para)
24054
#: serverguide/C/installation.xml:1044(para)
24048
24055
msgid ""
24049
24056
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
24050
24057
msgstr ""
24051
24058
24052
#: serverguide/C/installation.xml:1038(para)
24059
#: serverguide/C/installation.xml:1045(para)
24053
24060
msgid ""
24054
24061
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
24055
24062
msgstr ""
24056
24063
24057
#: serverguide/C/installation.xml:1039(para)
24064
#: serverguide/C/installation.xml:1046(para)
24058
24065
msgid ""
24059
24066
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
24060
24067
msgstr ""
24061
24068
24062
#: serverguide/C/installation.xml:1044(title)
24069
#: serverguide/C/installation.xml:1051(title)
24063
24070
msgid "Extending Volume Groups"
24064
24071
msgstr ""
24065
24072
24066
#: serverguide/C/installation.xml:1046(para)
24073
#: serverguide/C/installation.xml:1053(para)
24067
24074
msgid ""
24068
24075
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
24069
24076
"section covers adding a second hard disk, creating a Physical Volume (PV), "
24075
24082
"partitions and use them as different physical volumes)"
24076
24083
msgstr ""
24077
24084
24078
#: serverguide/C/installation.xml:1054(para)
24085
#: serverguide/C/installation.xml:1061(para)
24079
24086
msgid ""
24080
24087
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
24081
24088
"before issuing the commands below. You could lose some data if you issue "
24082
24089
"those commands on a non-empty disk."
24083
24090
msgstr ""
24084
24091
24085
#: serverguide/C/installation.xml:1062(para)
24092
#: serverguide/C/installation.xml:1069(para)
24086
24093
msgid "First, create the physical volume, in a terminal execute:"
24087
24094
msgstr ""
24088
24095
24089
#: serverguide/C/installation.xml:1067(command)
24096
#: serverguide/C/installation.xml:1074(command)
24090
24097
msgid "sudo pvcreate /dev/sdb"
24091
24098
msgstr ""
24092
24099
24093
#: serverguide/C/installation.xml:1073(para)
24100
#: serverguide/C/installation.xml:1080(para)
24094
24101
msgid "Now extend the Volume Group (VG):"
24095
24102
msgstr ""
24096
24103
24097
#: serverguide/C/installation.xml:1078(command)
24104
#: serverguide/C/installation.xml:1085(command)
24098
24105
msgid "sudo vgextend vg01 /dev/sdb"
24099
24106
msgstr ""
24100
24107
24101
#: serverguide/C/installation.xml:1084(para)
24108
#: serverguide/C/installation.xml:1091(para)
24102
24109
msgid ""
24103
24110
"Use <application>vgdisplay</application> to find out the free physical "
24104
24111
"extents - Free PE / size (the size you can allocate). We will assume a free "
24106
24113
"whole free space available. Use your own PE and/or free space."
24107
24114
msgstr ""
24108
24115
24109
#: serverguide/C/installation.xml:1090(para)
24116
#: serverguide/C/installation.xml:1097(para)
24110
24117
msgid ""
24111
24118
"The Logical Volume (LV) can now be extended by different methods, we will "
24112
24119
"only see how to use the PE to extend the LV:"
24113
24120
msgstr ""
24114
24121
24115
#: serverguide/C/installation.xml:1095(command)
24122
#: serverguide/C/installation.xml:1102(command)
24116
24123
msgid "sudo lvextend /dev/vg01/srv -l +511"
24117
24124
msgstr ""
24118
24125
24119
#: serverguide/C/installation.xml:1098(para)
24126
#: serverguide/C/installation.xml:1105(para)
24120
24127
msgid ""
24121
24128
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
24122
24129
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
24123
24130
"Gig, Tera, etc bytes."
24124
24131
msgstr ""
24125
24132
24126
#: serverguide/C/installation.xml:1106(para)
24133
#: serverguide/C/installation.xml:1113(para)
24127
24134
msgid ""
24128
24135
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
24129
24136
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
24132
24139
"first is compulsory)."
24133
24140
msgstr ""
24134
24141
24135
#: serverguide/C/installation.xml:1112(para)
24142
#: serverguide/C/installation.xml:1119(para)
24136
24143
msgid ""
24137
24144
"The following commands are for an <emphasis>EXT3</emphasis> or "
24138
24145
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
24139
24146
"there may be other utilities available."
24140
24147
msgstr ""
24141
24148
24142
#: serverguide/C/installation.xml:1119(command)
24143
msgid "sudo e2fsck -f /dev/vg01/srv"
24144
msgstr ""
24145
24146
#: serverguide/C/installation.xml:1122(para)
24147
msgid ""
24148
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
24149
"forces checking even if the system seems clean."
24150
msgstr ""
24151
24152
#: serverguide/C/installation.xml:1129(para)
24153
msgid "Finally, resize the filesystem:"
24154
msgstr ""
24155
24156
#: serverguide/C/installation.xml:1134(command)
24157
msgid "sudo resize2fs /dev/vg01/srv"
24158
msgstr ""
24159
24160
#: serverguide/C/installation.xml:1140(para)
24149
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
24161
24150
msgid "Now mount the partition and check its size."
24162
24151
msgstr ""
24163
24152
24164
#: serverguide/C/installation.xml:1145(command)
24153
#: serverguide/C/installation.xml:1136(para)
24154
msgid ""
24155
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
24156
msgstr ""
24157
24158
#: serverguide/C/installation.xml:1141(command)
24165
24159
msgid "mount /dev/vg01/srv /srv && df -h /srv"
24166
24160
msgstr ""
24167
24161
24168
#: serverguide/C/installation.xml:1157(para)
24162
#: serverguide/C/installation.xml:1153(para)
24169
24163
msgid ""
24170
24164
"See the <ulink "
24171
24165
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
24172
24166
"Articles</ulink>."
24173
24167
msgstr ""
24174
24168
24175
#: serverguide/C/installation.xml:1162(para)
24169
#: serverguide/C/installation.xml:1158(para)
24176
24170
msgid ""
24177
24171
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
24178
24172
"HOWTO</ulink> for more information."
24179
24173
msgstr ""
24180
24174
24181
#: serverguide/C/installation.xml:1167(para)
24182
msgid ""
24183
"Another good article is <ulink "
24184
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
24185
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
24186
"linuxdevcenter.com site."
24187
msgstr ""
24188
24189
#: serverguide/C/installation.xml:1181(para)
24190
msgid ""
24191
"For more information on <application>fdisk</application> see the <ulink "
24192
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
24193
" man page</ulink>."
24194
msgstr ""
24195
24196
#: serverguide/C/installation.xml:1185(title)
24175
#: serverguide/C/installation.xml:1171(title)
24176
msgid "bla bla 4"
24177
msgstr ""
24178
24179
#: serverguide/C/installation.xml:1174(para)
24180
msgid "bla bla 4 para."
24181
msgstr ""
24182
24183
#: serverguide/C/installation.xml:1179(para)
24184
msgid "bla bla 5 para."
24185
msgstr ""
24186
24187
#: serverguide/C/installation.xml:1184(para)
24188
msgid "list item 1."
24189
msgstr ""
24190
24191
#: serverguide/C/installation.xml:1189(para)
24192
msgid "list item 2."
24193
msgstr ""
24194
24195
#: serverguide/C/installation.xml:1194(para)
24196
msgid "list item 3."
24197
msgstr ""
24198
24199
#: serverguide/C/installation.xml:1199(para)
24200
msgid "bla bla para"
24201
msgstr ""
24202
24203
#: serverguide/C/installation.xml:1204(para)
24204
msgid "bla bla 6 para."
24205
msgstr ""
24206
24207
#: serverguide/C/installation.xml:1209(para)
24208
msgid "bla bla 7 para."
24209
msgstr ""
24210
24211
#: serverguide/C/installation.xml:1214(para)
24212
msgid "bla bla 8 para."
24213
msgstr ""
24214
24215
#: serverguide/C/installation.xml:1219(para)
24216
msgid "bla bla 9 para."
24217
msgstr ""
24218
24219
#: serverguide/C/installation.xml:1226(title)
24220
msgid "bla bla 5"
24221
msgstr ""
24222
24223
#: serverguide/C/installation.xml:1229(title)
24224
msgid "bla bla 6"
24225
msgstr ""
24226
24227
#: serverguide/C/installation.xml:1232(title)
24228
msgid "bla bla 7"
24229
msgstr ""
24230
24231
#: serverguide/C/installation.xml:1235(title)
24232
msgid "bla bla 8"
24233
msgstr ""
24234
24235
#: serverguide/C/installation.xml:1238(title)
24236
msgid "bla bla 9"
24237
msgstr ""
24238
24239
#: serverguide/C/installation.xml:1241(title)
24240
msgid "bla bla a"
24241
msgstr ""
24242
24243
#: serverguide/C/installation.xml:1244(title)
24244
msgid "bla bla b"
24245
msgstr ""
24246
24247
#: serverguide/C/installation.xml:1247(title)
24248
msgid "bla bla c"
24249
msgstr ""
24250
24251
#: serverguide/C/installation.xml:1250(title)
24252
msgid "bla bla d"
24253
msgstr ""
24254
24255
#: serverguide/C/installation.xml:1253(title)
24256
msgid "bla bla e"
24257
msgstr ""
24258
24259
#: serverguide/C/installation.xml:1258(title)
24197
24260
msgid "Kernel Crash Dump"
24198
24261
msgstr ""
24199
24262
24200
#: serverguide/C/installation.xml:1192(para)
24263
#: serverguide/C/installation.xml:1265(para)
24201
24264
msgid "Kernel Panic"
24202
24265
msgstr ""
24203
24266
24204
#: serverguide/C/installation.xml:1193(para)
24267
#: serverguide/C/installation.xml:1266(para)
24205
24268
msgid "Non Maskable Interrupts (NMI)"
24206
24269
msgstr ""
24207
24270
24208
#: serverguide/C/installation.xml:1194(para)
24271
#: serverguide/C/installation.xml:1267(para)
24209
24272
msgid "Machine Check Exceptions (MCE)"
24210
24273
msgstr ""
24211
24274
24212
#: serverguide/C/installation.xml:1195(para)
24275
#: serverguide/C/installation.xml:1268(para)
24213
24276
msgid "Hardware failure"
24214
24277
msgstr ""
24215
24278
24216
#: serverguide/C/installation.xml:1196(para)
24279
#: serverguide/C/installation.xml:1269(para)
24217
24280
msgid "Manual intervention"
24218
24281
msgstr ""
24219
24282
24220
#: serverguide/C/installation.xml:1188(para)
24283
#: serverguide/C/installation.xml:1261(para)
24221
24284
msgid ""
24222
24285
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
24223
24286
"(RAM) that is copied to disk whenever the execution of the kernel is "
24231
24294
"memory contents."
24232
24295
msgstr ""
24233
24296
24234
#: serverguide/C/installation.xml:1205(title)
24297
#: serverguide/C/installation.xml:1278(title)
24235
24298
msgid "Kernel Crash Dump Mechanism"
24236
24299
msgstr ""
24237
24300
24238
#: serverguide/C/installation.xml:1207(para)
24301
#: serverguide/C/installation.xml:1280(para)
24239
24302
msgid ""
24240
24303
"When a kernel panic occurs, the kernel relies on the "
24241
24304
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
24244
24307
"untouched in order to safely copy its contents to storage."
24245
24308
msgstr ""
24246
24309
24247
#: serverguide/C/installation.xml:1216(para)
24310
#: serverguide/C/installation.xml:1289(para)
24248
24311
msgid ""
24249
24312
"The kernel crash dump utility is installed with the following command:"
24250
24313
msgstr ""
24251
24314
24252
#: serverguide/C/installation.xml:1221(command)
24315
#: serverguide/C/installation.xml:1294(command)
24253
24316
msgid "sudo apt-get install linux-crashdump"
24254
24317
msgstr ""
24255
24318
24256
#: serverguide/C/installation.xml:1230(programlisting)
24319
#: serverguide/C/installation.xml:1303(programlisting)
24257
24320
#, no-wrap
24258
24321
msgid ""
24259
24322
"\n"
24260
24323
"USE_KDUMP=1\n"
24261
24324
msgstr ""
24262
24325
24263
#: serverguide/C/installation.xml:1228(para)
24326
#: serverguide/C/installation.xml:1301(para)
24264
24327
msgid ""
24265
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
24266
"line: <placeholder-1/>"
24328
"Edit <filename>/etc/default/kdump-tools</filename> by including the "
24329
"following line: <placeholder-1/>"
24267
24330
msgstr ""
24268
24331
24269
#: serverguide/C/installation.xml:1235(para)
24332
#: serverguide/C/installation.xml:1308(para)
24270
24333
msgid "A reboot is then needed."
24271
24334
msgstr ""
24272
24335
24273
#: serverguide/C/installation.xml:1244(para)
24336
#: serverguide/C/installation.xml:1317(para)
24274
24337
msgid ""
24275
24338
"To confirm that the kernel dump mechanism is enabled, there are a few things "
24276
24339
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
24278
24341
"fit the format of this document:"
24279
24342
msgstr ""
24280
24343
24281
#: serverguide/C/installation.xml:1251(command)
24344
#: serverguide/C/installation.xml:1324(command)
24282
24345
msgid "cat /proc/cmdline"
24283
24346
msgstr ""
24284
24347
24285
#: serverguide/C/installation.xml:1252(computeroutput)
24348
#: serverguide/C/installation.xml:1325(computeroutput)
24286
24349
#, no-wrap
24287
24350
msgid ""
24288
24351
"\n"
24290
24353
" crashkernel=384M-2G:64M,2G-:128M\n"
24291
24354
msgstr ""
24292
24355
24293
#: serverguide/C/installation.xml:1260(programlisting)
24356
#: serverguide/C/installation.xml:1333(programlisting)
24294
24357
#, no-wrap
24295
24358
msgid ""
24296
24359
"\n"
24300
24363
" "
24301
24364
msgstr ""
24302
24365
24303
#: serverguide/C/installation.xml:1258(para)
24366
#: serverguide/C/installation.xml:1331(para)
24304
24367
msgid ""
24305
24368
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24306
24369
"<placeholder-1/>"
24307
24370
msgstr ""
24308
24371
24309
#: serverguide/C/installation.xml:1268(programlisting)
24372
#: serverguide/C/installation.xml:1341(programlisting)
24310
24373
#, no-wrap
24311
24374
msgid ""
24312
24375
"\n"
24313
24376
"crashkernel=384M-2G:64M,2G-:128M\n"
24314
24377
msgstr ""
24315
24378
24316
#: serverguide/C/installation.xml:1266(para)
24379
#: serverguide/C/installation.xml:1339(para)
24317
24380
msgid ""
24318
24381
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24319
24382
"we would have : <placeholder-1/>"
24320
24383
msgstr ""
24321
24384
24322
#: serverguide/C/installation.xml:1273(para)
24385
#: serverguide/C/installation.xml:1346(para)
24323
24386
msgid "The above value means:"
24324
24387
msgstr ""
24325
24388
24326
#: serverguide/C/installation.xml:1275(para)
24389
#: serverguide/C/installation.xml:1348(para)
24327
24390
msgid ""
24328
24391
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24329
24392
"\"rescue\" case)"
24330
24393
msgstr ""
24331
24394
24332
#: serverguide/C/installation.xml:1277(para)
24395
#: serverguide/C/installation.xml:1350(para)
24333
24396
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24334
24397
msgstr ""
24335
24398
24336
#: serverguide/C/installation.xml:1278(para)
24399
#: serverguide/C/installation.xml:1351(para)
24337
24400
msgid "if the RAM size is larger than 2G, then reserve 128M"
24338
24401
msgstr ""
24339
24402
24340
#: serverguide/C/installation.xml:1281(para)
24403
#: serverguide/C/installation.xml:1354(para)
24341
24404
msgid ""
24342
24405
"Second, verify that the kernel has reserved the requested memory area for "
24343
24406
"the kdump kernel by doing:"
24344
24407
msgstr ""
24345
24408
24346
#: serverguide/C/installation.xml:1286(command)
24409
#: serverguide/C/installation.xml:1359(command)
24347
24410
msgid "dmesg | grep -i crash"
24348
24411
msgstr ""
24349
24412
24350
#: serverguide/C/installation.xml:1287(computeroutput)
24413
#: serverguide/C/installation.xml:1360(computeroutput)
24351
24414
#, no-wrap
24352
24415
msgid ""
24353
24416
"\n"
24356
24419
"RAM: 1023MB)\n"
24357
24420
msgstr ""
24358
24421
24359
#: serverguide/C/installation.xml:1296(title)
24422
#: serverguide/C/installation.xml:1369(title)
24360
24423
msgid "Testing the Crash Dump Mechanism"
24361
24424
msgstr ""
24362
24425
24363
#: serverguide/C/installation.xml:1299(para)
24426
#: serverguide/C/installation.xml:1372(para)
24364
24427
msgid ""
24365
24428
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
24366
24429
"reboot.</emphasis> In certain situations, this can cause data loss if the "
24368
24431
"that the system is idle or under very light load."
24369
24432
msgstr ""
24370
24433
24371
#: serverguide/C/installation.xml:1306(para)
24434
#: serverguide/C/installation.xml:1379(para)
24372
24435
msgid ""
24373
24436
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
24374
24437
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
24375
24438
"parameter :"
24376
24439
msgstr ""
24377
24440
24378
#: serverguide/C/installation.xml:1312(command)
24441
#: serverguide/C/installation.xml:1385(command)
24379
24442
msgid "cat /proc/sys/kernel/sysrq"
24380
24443
msgstr ""
24381
24444
24382
#: serverguide/C/installation.xml:1315(para)
24445
#: serverguide/C/installation.xml:1388(para)
24383
24446
msgid ""
24384
24447
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
24385
24448
"Enable it with the following command :"
24386
24449
msgstr ""
24387
24450
24388
#: serverguide/C/installation.xml:1320(command)
24451
#: serverguide/C/installation.xml:1393(command)
24389
24452
msgid "sudo sysctl -w kernel.sysrq=1"
24390
24453
msgstr ""
24391
24454
24392
#: serverguide/C/installation.xml:1323(para)
24455
#: serverguide/C/installation.xml:1396(para)
24393
24456
msgid ""
24394
24457
"Once this is done, you must become root, as just using "
24395
24458
"<command>sudo</command> will not be sufficient. As the "
24400
24463
"the advantage of making the kernel dump process visible."
24401
24464
msgstr ""
24402
24465
24403
#: serverguide/C/installation.xml:1330(para)
24466
#: serverguide/C/installation.xml:1403(para)
24404
24467
msgid "A typical test output should look like the following :"
24405
24468
msgstr ""
24406
24469
24407
#: serverguide/C/installation.xml:1335(command)
24470
#: serverguide/C/installation.xml:1408(command)
24408
24471
msgid "sudo -s"
24409
24472
msgstr ""
24410
24473
24411
#: serverguide/C/installation.xml:1337(command)
24474
#: serverguide/C/installation.xml:1410(command)
24412
24475
msgid "echo c > /proc/sysrq-trigger"
24413
24476
msgstr ""
24414
24477
24415
#: serverguide/C/installation.xml:1334(screen)
24478
#: serverguide/C/installation.xml:1407(screen)
24416
24479
#, no-wrap
24417
24480
msgid ""
24418
24481
"\n"
24429
24492
"....\n"
24430
24493
msgstr ""
24431
24494
24432
#: serverguide/C/installation.xml:1347(para)
24495
#: serverguide/C/installation.xml:1420(para)
24433
24496
msgid ""
24434
24497
"The rest of the output is truncated, but you should see the system rebooting "
24435
24498
"and somewhere in the log, you will see the following line : <screen>Begin: "
24438
24501
"file in the <filename>/var/crash</filename> directory :"
24439
24502
msgstr ""
24440
24503
24441
#: serverguide/C/installation.xml:1354(command)
24504
#: serverguide/C/installation.xml:1427(command)
24442
24505
msgid "ls /var/crash"
24443
24506
msgstr ""
24444
24507
24445
#: serverguide/C/installation.xml:1353(screen)
24508
#: serverguide/C/installation.xml:1426(screen)
24446
24509
#, no-wrap
24447
24510
msgid ""
24448
24511
"\n"
24450
24513
"linux-image-3.0.0-12-server.0.crash\n"
24451
24514
msgstr ""
24452
24515
24453
#: serverguide/C/installation.xml:1363(para)
24516
#: serverguide/C/installation.xml:1436(para)
24454
24517
msgid ""
24455
24518
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
24456
24519
"kernel. You can find more information on the topic here :"
24457
24520
msgstr ""
24458
24521
24459
#: serverguide/C/installation.xml:1369(para)
24522
#: serverguide/C/installation.xml:1442(para)
24460
24523
msgid ""
24461
24524
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
24462
24525
"kernel documentation</ulink>."
24463
24526
msgstr ""
24464
24527
24465
#: serverguide/C/installation.xml:1375(ulink)
24528
#: serverguide/C/installation.xml:1448(ulink)
24466
24529
msgid "The crash tool"
24467
24530
msgstr ""
24468
24531
24469
#: serverguide/C/installation.xml:1379(para)
24532
#: serverguide/C/installation.xml:1452(para)
24470
24533
msgid ""
24471
24534
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
24472
24535
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
24945
25008
"as follows:"
24946
25009
msgstr ""
24947
25010
24948
#: serverguide/C/file-server.xml:430(programlisting)
25011
#: serverguide/C/file-server.xml:429(programlisting)
24949
25012
#, no-wrap
24950
25013
msgid ""
24951
25014
"\n"
24956
25019
"example.hostname.com:/ubuntu /local/ubuntu nfs "
24957
25020
"rsize=8192,wsize=8192,timeo=14,intr\n"
24958
25021
24959
#: serverguide/C/file-server.xml:434(para)
25022
#: serverguide/C/file-server.xml:433(para)
24960
25023
msgid ""
24961
25024
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
24962
25025
"common</application> package is installed on your client. To install "
24966
25029
"</screen>"
24967
25030
msgstr ""
24968
25031
24969
#: serverguide/C/file-server.xml:447(ulink)
25032
#: serverguide/C/file-server.xml:446(ulink)
24970
25033
msgid "Linux NFS faq"
24971
25034
msgstr "Faq NFS Linux"
24972
25035
24973
#: serverguide/C/file-server.xml:449(ulink)
25036
#: serverguide/C/file-server.xml:448(ulink)
24974
25037
msgid "Ubuntu Wiki NFS Howto"
24975
25038
msgstr ""
24976
25039
24977
#: serverguide/C/file-server.xml:455(title)
25040
#: serverguide/C/file-server.xml:454(title)
24978
25041
msgid "iSCSI Initiator"
24979
25042
msgstr ""
24980
25043
24981
#: serverguide/C/file-server.xml:457(para)
25044
#: serverguide/C/file-server.xml:456(para)
24982
25045
msgid ""
24983
25046
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
24984
25047
"protocol that allows SCSI commands to be transmitted over a network. "
24998
25061
"your vendor documentation to configure your specific iSCSI target."
24999
25062
msgstr ""
25000
25063
25001
#: serverguide/C/file-server.xml:471(title)
25064
#: serverguide/C/file-server.xml:470(title)
25002
25065
msgid "iSCSI Initiator Install"
25003
25066
msgstr ""
25004
25067
25005
#: serverguide/C/file-server.xml:473(para)
25068
#: serverguide/C/file-server.xml:472(para)
25006
25069
msgid ""
25007
25070
"To configure Ubuntu Server as an iSCSI initiator install the "
25008
25071
"<application>open-iscsi</application> package. In a terminal enter:"
25009
25072
msgstr ""
25010
25073
25011
#: serverguide/C/file-server.xml:478(command)
25074
#: serverguide/C/file-server.xml:477(command)
25012
25075
msgid "sudo apt-get install open-iscsi"
25013
25076
msgstr ""
25014
25077
25015
#: serverguide/C/file-server.xml:483(title)
25078
#: serverguide/C/file-server.xml:482(title)
25016
25079
msgid "iSCSI Initiator Configuration"
25017
25080
msgstr ""
25018
25081
25019
#: serverguide/C/file-server.xml:485(para)
25082
#: serverguide/C/file-server.xml:484(para)
25020
25083
msgid ""
25021
25084
"Once the <application>open-iscsi</application> package is installed, edit "
25022
25085
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
25023
25086
msgstr ""
25024
25087
25025
#: serverguide/C/file-server.xml:489(programlisting)
25088
#: serverguide/C/file-server.xml:488(programlisting)
25026
25089
#, no-wrap
25027
25090
msgid ""
25028
25091
"\n"
25029
25092
"node.startup = automatic\n"
25030
25093
msgstr ""
25031
25094
25032
#: serverguide/C/file-server.xml:493(para)
25095
#: serverguide/C/file-server.xml:492(para)
25033
25096
msgid ""
25034
25097
"You can check which targets are available by using the "
25035
25098
"<application>iscsiadm</application> utility. Enter the following in a "
25036
25099
"terminal:"
25037
25100
msgstr ""
25038
25101
25039
#: serverguide/C/file-server.xml:498(command)
25102
#: serverguide/C/file-server.xml:497(command)
25040
25103
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
25041
25104
msgstr ""
25042
25105
25106
#: serverguide/C/file-server.xml:501(para)
25107
msgid ""
25108
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
25109
msgstr ""
25110
25043
25111
#: serverguide/C/file-server.xml:502(para)
25044
msgid ""
25045
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
25112
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
25046
25113
msgstr ""
25047
25114
25048
25115
#: serverguide/C/file-server.xml:503(para)
25049
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
25050
msgstr ""
25051
25052
#: serverguide/C/file-server.xml:504(para)
25053
25116
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
25054
25117
msgstr ""
25055
25118
25056
#: serverguide/C/file-server.xml:508(para)
25119
#: serverguide/C/file-server.xml:507(para)
25057
25120
msgid ""
25058
25121
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
25059
25122
"your network."
25060
25123
msgstr ""
25061
25124
25062
#: serverguide/C/file-server.xml:513(para)
25125
#: serverguide/C/file-server.xml:512(para)
25063
25126
msgid ""
25064
25127
"If the target is available you should see output similar to the following:"
25065
25128
msgstr ""
25066
25129
25067
#: serverguide/C/file-server.xml:518(computeroutput)
25130
#: serverguide/C/file-server.xml:517(computeroutput)
25068
25131
#, no-wrap
25069
25132
msgid ""
25070
25133
"\n"
25071
25134
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
25072
25135
msgstr ""
25073
25136
25074
#: serverguide/C/file-server.xml:524(para)
25137
#: serverguide/C/file-server.xml:523(para)
25075
25138
msgid ""
25076
25139
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
25077
25140
"on your hardware."
25078
25141
msgstr ""
25079
25142
25080
#: serverguide/C/file-server.xml:529(para)
25143
#: serverguide/C/file-server.xml:528(para)
25081
25144
msgid ""
25082
25145
"You should now be able to connect to the iSCSI target, and depending on your "
25083
25146
"target setup you may have to enter user credentials. Login to the iSCSI node:"
25084
25147
msgstr ""
25085
25148
25086
#: serverguide/C/file-server.xml:535(command)
25149
#: serverguide/C/file-server.xml:534(command)
25087
25150
msgid "sudo iscsiadm -m node --login"
25088
25151
msgstr ""
25089
25152
25090
#: serverguide/C/file-server.xml:538(para)
25153
#: serverguide/C/file-server.xml:537(para)
25091
25154
msgid ""
25092
25155
"Check to make sure that the new disk has been detected using "
25093
25156
"<application>dmesg</application>:"
25094
25157
msgstr ""
25095
25158
25096
#: serverguide/C/file-server.xml:543(command)
25159
#: serverguide/C/file-server.xml:542(command)
25097
25160
msgid "dmesg | grep sd"
25098
25161
msgstr ""
25099
25162
25100
#: serverguide/C/file-server.xml:544(computeroutput)
25163
#: serverguide/C/file-server.xml:543(computeroutput)
25101
25164
#, no-wrap
25102
25165
msgid ""
25103
25166
"\n"
25126
25189
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
25127
25190
msgstr ""
25128
25191
25129
#: serverguide/C/file-server.xml:568(para)
25192
#: serverguide/C/file-server.xml:567(para)
25130
25193
msgid ""
25131
25194
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
25132
25195
"this is just an example; the output you see on your screen will vary."
25133
25196
msgstr ""
25134
25197
25135
#: serverguide/C/file-server.xml:573(para)
25198
#: serverguide/C/file-server.xml:572(para)
25136
25199
msgid ""
25137
25200
"Next, create a partition, format the file system, and mount the new iSCSI "
25138
25201
"disk. In a terminal enter:"
25139
25202
msgstr ""
25140
25203
25204
#: serverguide/C/file-server.xml:577(command)
25205
msgid "sudo fdisk /dev/sdb"
25206
msgstr ""
25207
25141
25208
#: serverguide/C/file-server.xml:578(command)
25142
msgid "sudo fdisk /dev/sdb"
25209
msgid "n"
25143
25210
msgstr ""
25144
25211
25145
25212
#: serverguide/C/file-server.xml:579(command)
25146
msgid "n"
25213
msgid "p"
25147
25214
msgstr ""
25148
25215
25149
25216
#: serverguide/C/file-server.xml:580(command)
25150
msgid "p"
25217
msgid "enter"
25151
25218
msgstr ""
25152
25219
25153
25220
#: serverguide/C/file-server.xml:581(command)
25154
msgid "enter"
25155
msgstr ""
25156
25157
#: serverguide/C/file-server.xml:582(command)
25158
25221
msgid "w"
25159
25222
msgstr ""
25160
25223
25161
#: serverguide/C/file-server.xml:586(para)
25224
#: serverguide/C/file-server.xml:585(para)
25162
25225
msgid ""
25163
25226
"The above commands are from inside the <application>fdisk</application> "
25164
25227
"utility; see <command>man fdisk</command> for more detailed instructions. "
25166
25229
"friendly."
25167
25230
msgstr ""
25168
25231
25169
#: serverguide/C/file-server.xml:592(para)
25232
#: serverguide/C/file-server.xml:591(para)
25170
25233
msgid ""
25171
25234
"Now format the file system and mount it to <filename>/srv</filename> as an "
25172
25235
"example:"
25173
25236
msgstr ""
25174
25237
25238
#: serverguide/C/file-server.xml:596(command)
25239
msgid "sudo mkfs.ext4 /dev/sdb1"
25240
msgstr ""
25241
25175
25242
#: serverguide/C/file-server.xml:597(command)
25176
msgid "sudo mkfs.ext4 /dev/sdb1"
25177
msgstr ""
25178
25179
#: serverguide/C/file-server.xml:598(command)
25180
25243
msgid "sudo mount /dev/sdb1 /srv"
25181
25244
msgstr ""
25182
25245
25183
#: serverguide/C/file-server.xml:602(para)
25246
#: serverguide/C/file-server.xml:601(para)
25184
25247
msgid ""
25185
25248
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
25186
25249
"drive during boot:"
25187
25250
msgstr ""
25188
25251
25189
#: serverguide/C/file-server.xml:606(programlisting)
25252
#: serverguide/C/file-server.xml:605(programlisting)
25190
25253
#, no-wrap
25191
25254
msgid ""
25192
25255
"\n"
25193
25256
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
25194
25257
msgstr ""
25195
25258
25196
#: serverguide/C/file-server.xml:610(para)
25259
#: serverguide/C/file-server.xml:609(para)
25197
25260
msgid ""
25198
25261
"It is a good idea to make sure everything is working as expected by "
25199
25262
"rebooting the server."
25200
25263
msgstr ""
25201
25264
25202
#: serverguide/C/file-server.xml:619(ulink)
25265
#: serverguide/C/file-server.xml:618(ulink)
25203
25266
msgid "Open-iSCSI Website"
25204
25267
msgstr ""
25205
25268
25206
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25269
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
25207
25270
msgid "Debian Open-iSCSI page"
25208
25271
msgstr ""
25209
25272
25210
#: serverguide/C/file-server.xml:629(title)
25273
#: serverguide/C/file-server.xml:628(title)
25211
25274
msgid "CUPS - Print Server"
25212
25275
msgstr "CUPS - Server Print"
25213
25276
25214
#: serverguide/C/file-server.xml:630(para)
25277
#: serverguide/C/file-server.xml:629(para)
25215
25278
msgid ""
25216
25279
"The primary mechanism for Ubuntu printing and print services is the "
25217
25280
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25219
25282
"become the new standard for printing in most Linux distributions."
25220
25283
msgstr ""
25221
25284
25222
#: serverguide/C/file-server.xml:637(para)
25285
#: serverguide/C/file-server.xml:636(para)
25223
25286
msgid ""
25224
25287
"CUPS manages print jobs and queues and provides network printing using the "
25225
25288
"standard Internet Printing Protocol (IPP), while offering support for a very "
25229
25292
"administration tool."
25230
25293
msgstr ""
25231
25294
25232
#: serverguide/C/file-server.xml:647(para)
25295
#: serverguide/C/file-server.xml:646(para)
25233
25296
msgid ""
25234
25297
"To install CUPS on your Ubuntu computer, simply use "
25235
25298
"<application>sudo</application> with the <application>apt-get</application> "
25239
25302
"CUPS:"
25240
25303
msgstr ""
25241
25304
25242
#: serverguide/C/file-server.xml:652(command)
25305
#: serverguide/C/file-server.xml:651(command)
25243
25306
msgid "sudo apt-get install cups"
25244
25307
msgstr ""
25245
25308
25246
#: serverguide/C/file-server.xml:655(para)
25309
#: serverguide/C/file-server.xml:654(para)
25247
25310
msgid ""
25248
25311
"Upon authenticating with your user password, the packages should be "
25249
25312
"downloaded and installed without error. Upon the conclusion of installation, "
25250
25313
"the CUPS server will be started automatically."
25251
25314
msgstr ""
25252
25315
25253
#: serverguide/C/file-server.xml:660(para)
25316
#: serverguide/C/file-server.xml:659(para)
25254
25317
msgid ""
25255
25318
"For troubleshooting purposes, you can access CUPS server errors via the "
25256
25319
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
25263
25326
"from becoming overly large."
25264
25327
msgstr ""
25265
25328
25266
#: serverguide/C/file-server.xml:673(para)
25329
#: serverguide/C/file-server.xml:672(para)
25267
25330
msgid ""
25268
25331
"The Common UNIX Printing System server's behavior is configured through the "
25269
25332
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
25274
25337
"initially will be presented here."
25275
25338
msgstr ""
25276
25339
25277
#: serverguide/C/file-server.xml:683(para)
25340
#: serverguide/C/file-server.xml:682(para)
25278
25341
msgid ""
25279
25342
"Prior to editing the configuration file, you should make a copy of the "
25280
25343
"original file and protect it from writing, so you will have the original "
25281
25344
"settings as a reference, and to reuse as necessary."
25282
25345
msgstr ""
25283
25346
25284
#: serverguide/C/file-server.xml:687(para)
25347
#: serverguide/C/file-server.xml:686(para)
25285
25348
msgid ""
25286
25349
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
25287
25350
"writing with the following commands, issued at a terminal prompt:"
25289
25352
"Salin berkas <filename>/etc/cups/cupsd.conf</filename> dan lindungi dari "
25290
25353
"penulisan dengan menjalankan perintah berikut pada terminal prompt:"
25291
25354
25292
#: serverguide/C/file-server.xml:693(command)
25355
#: serverguide/C/file-server.xml:692(command)
25293
25356
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25294
25357
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25295
25358
25296
#: serverguide/C/file-server.xml:694(command)
25359
#: serverguide/C/file-server.xml:693(command)
25297
25360
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
25298
25361
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
25299
25362
25300
#: serverguide/C/file-server.xml:699(para)
25363
#: serverguide/C/file-server.xml:698(para)
25301
25364
msgid ""
25302
25365
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
25303
25366
"address of the designated administrator of the CUPS server, simply edit the "
25309
25372
"as such:"
25310
25373
msgstr ""
25311
25374
25312
#: serverguide/C/file-server.xml:710(screen)
25375
#: serverguide/C/file-server.xml:709(screen)
25313
25376
#, no-wrap
25314
25377
msgid ""
25315
25378
"\n"
25318
25381
"\n"
25319
25382
"ServerAdmin bjoy@somebigco.com\n"
25320
25383
25321
#: serverguide/C/file-server.xml:716(para)
25384
#: serverguide/C/file-server.xml:715(para)
25322
25385
msgid ""
25323
25386
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
25324
25387
"server installation listens only on the loopback interface at IP address "
25333
25396
"such:"
25334
25397
msgstr ""
25335
25398
25336
#: serverguide/C/file-server.xml:730(screen)
25399
#: serverguide/C/file-server.xml:729(screen)
25337
25400
#, no-wrap
25338
25401
msgid ""
25339
25402
"\n"
25348
25411
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
25349
25412
"(IPP)\n"
25350
25413
25351
#: serverguide/C/file-server.xml:736(para)
25414
#: serverguide/C/file-server.xml:735(para)
25352
25415
msgid ""
25353
25416
"In the example above, you may comment out or remove the reference to the "
25354
25417
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
25359
25422
"<emphasis>socrates</emphasis> as such:"
25360
25423
msgstr ""
25361
25424
25362
#: serverguide/C/file-server.xml:746(screen)
25425
#: serverguide/C/file-server.xml:745(screen)
25363
25426
#, no-wrap
25364
25427
msgid ""
25365
25428
"\n"
25368
25431
"\n"
25369
25432
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
25370
25433
25371
#: serverguide/C/file-server.xml:750(para)
25434
#: serverguide/C/file-server.xml:749(para)
25372
25435
msgid ""
25373
25436
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
25374
25437
"instead, as in:"
25375
25438
msgstr ""
25376
25439
25377
#: serverguide/C/file-server.xml:752(screen)
25440
#: serverguide/C/file-server.xml:751(screen)
25378
25441
#, no-wrap
25379
25442
msgid ""
25380
25443
"\n"
25383
25446
"\n"
25384
25447
"Port 631 # Listen on port 631 on all interfaces\n"
25385
25448
25386
#: serverguide/C/file-server.xml:759(para)
25449
#: serverguide/C/file-server.xml:758(para)
25387
25450
msgid ""
25388
25451
"For more examples of configuration directives in the CUPS server "
25389
25452
"configuration file, view the associated system manual page by entering the "
25390
25453
"following command at a terminal prompt:"
25391
25454
msgstr ""
25392
25455
25393
#: serverguide/C/file-server.xml:766(command)
25456
#: serverguide/C/file-server.xml:765(command)
25394
25457
msgid "man cupsd.conf"
25395
25458
msgstr "man cupsd.conf"
25396
25459
25397
#: serverguide/C/file-server.xml:770(para)
25460
#: serverguide/C/file-server.xml:769(para)
25398
25461
msgid ""
25399
25462
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
25400
25463
"configuration file, you'll need to restart the CUPS server by typing the "
25405
25468
msgid "sudo service cups restart"
25406
25469
msgstr ""
25407
25470
25408
#: serverguide/C/file-server.xml:782(title)
25471
#: serverguide/C/file-server.xml:781(title)
25409
25472
msgid "Web Interface"
25410
25473
msgstr ""
25411
25474
25412
#: serverguide/C/file-server.xml:784(para)
25475
#: serverguide/C/file-server.xml:783(para)
25413
25476
msgid ""
25414
25477
"CUPS can be configured and monitored using a web interface, which by default "
25415
25478
"is available at <ulink "
25417
25480
"web interface can be used to perform all printer management tasks."
25418
25481
msgstr ""
25419
25482
25420
#: serverguide/C/file-server.xml:788(para)
25483
#: serverguide/C/file-server.xml:787(para)
25421
25484
msgid ""
25422
25485
"In order to perform administrative tasks via the web interface, you must "
25423
25486
"either have the root account enabled on your server, or authenticate as a "
25425
25488
"reasons, CUPS won't authenticate a user that doesn't have a password."
25426
25489
msgstr ""
25427
25490
25428
#: serverguide/C/file-server.xml:791(para)
25491
#: serverguide/C/file-server.xml:790(para)
25429
25492
msgid ""
25430
25493
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
25431
25494
"at the terminal prompt: <screen>\n"
25433
25496
"</screen>"
25434
25497
msgstr ""
25435
25498
25436
#: serverguide/C/file-server.xml:797(para)
25499
#: serverguide/C/file-server.xml:796(para)
25437
25500
msgid ""
25438
25501
"Further documentation is available in the <emphasis "
25439
25502
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
25440
25503
msgstr ""
25441
25504
25442
#: serverguide/C/file-server.xml:805(ulink)
25505
#: serverguide/C/file-server.xml:804(ulink)
25443
25506
msgid "CUPS Website"
25444
25507
msgstr "Situs Web CUPS"
25445
25508
25572
25635
"prompt:"
25573
25636
msgstr ""
25574
25637
25575
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
25638
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25576
25639
msgid "sudo service bind9 restart"
25577
25640
msgstr ""
25578
25641
25622
25685
"command below.)"
25623
25686
msgstr ""
25624
25687
25625
#: serverguide/C/dns.xml:141(para)
25688
#: serverguide/C/dns.xml:145(para)
25626
25689
msgid ""
25627
25690
"Now use an existing zone file as a template to create the "
25628
25691
"<filename>/etc/bind/db.example.com</filename> file:"
25629
25692
msgstr ""
25630
25693
25631
#: serverguide/C/dns.xml:145(command)
25694
#: serverguide/C/dns.xml:149(command)
25632
25695
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
25633
25696
msgstr ""
25634
25697
25635
#: serverguide/C/dns.xml:147(para)
25698
#: serverguide/C/dns.xml:151(para)
25636
25699
msgid ""
25637
25700
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
25638
25701
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
25643
25706
"this file is for."
25644
25707
msgstr ""
25645
25708
25646
#: serverguide/C/dns.xml:154(para)
25709
#: serverguide/C/dns.xml:158(para)
25647
25710
msgid ""
25648
25711
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
25649
25712
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
25651
25714
"the name server in this example:"
25652
25715
msgstr ""
25653
25716
25654
#: serverguide/C/dns.xml:159(programlisting)
25717
#: serverguide/C/dns.xml:163(programlisting)
25655
25718
#, no-wrap
25656
25719
msgid ""
25657
25720
"\n"
25673
25736
"ns IN A 192.168.1.10\n"
25674
25737
msgstr ""
25675
25738
25676
#: serverguide/C/dns.xml:177(para)
25739
#: serverguide/C/dns.xml:181(para)
25677
25740
msgid ""
25678
25741
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25679
25742
"make changes to the zone file. If you make multiple changes before "
25680
25743
"restarting BIND9, simply increment the Serial once."
25681
25744
msgstr ""
25682
25745
25683
#: serverguide/C/dns.xml:181(para)
25746
#: serverguide/C/dns.xml:185(para)
25684
25747
msgid ""
25685
25748
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25686
25749
"linkend=\"dns-record-types\"/> for details."
25687
25750
msgstr ""
25688
25751
25689
#: serverguide/C/dns.xml:185(para)
25752
#: serverguide/C/dns.xml:189(para)
25690
25753
msgid ""
25691
25754
"Many admins like to use the last date edited as the serial of a zone, such "
25692
25755
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25693
25756
"<emphasis>ss</emphasis> is the Serial Number)"
25694
25757
msgstr ""
25695
25758
25696
#: serverguide/C/dns.xml:190(para)
25759
#: serverguide/C/dns.xml:194(para)
25697
25760
msgid ""
25698
25761
"Once you have made changes to the zone file <application>BIND9</application> "
25699
25762
"needs to be restarted for the changes to take effect:"
25700
25763
msgstr ""
25701
25764
25702
#: serverguide/C/dns.xml:199(title)
25765
#: serverguide/C/dns.xml:203(title)
25703
25766
msgid "Reverse Zone File"
25704
25767
msgstr ""
25705
25768
25706
#: serverguide/C/dns.xml:200(para)
25769
#: serverguide/C/dns.xml:204(para)
25707
25770
msgid ""
25708
25771
"Now that the zone is setup and resolving names to IP Adresses a "
25709
25772
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25710
25773
"DNS to resolve an address to a name."
25711
25774
msgstr ""
25712
25775
25713
#: serverguide/C/dns.xml:204(para)
25776
#: serverguide/C/dns.xml:208(para)
25714
25777
msgid "Edit /etc/bind/named.conf.local and add the following:"
25715
25778
msgstr ""
25716
25779
25717
#: serverguide/C/dns.xml:207(programlisting)
25780
#: serverguide/C/dns.xml:211(programlisting)
25718
25781
#, no-wrap
25719
25782
msgid ""
25720
25783
"\n"
25724
25787
"};\n"
25725
25788
msgstr ""
25726
25789
25727
#: serverguide/C/dns.xml:214(para)
25790
#: serverguide/C/dns.xml:218(para)
25728
25791
msgid ""
25729
25792
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
25730
25793
"whatever network you are using. Also, name the zone file "
25732
25795
"first octet of your network."
25733
25796
msgstr ""
25734
25797
25735
#: serverguide/C/dns.xml:219(para)
25798
#: serverguide/C/dns.xml:223(para)
25736
25799
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
25737
25800
msgstr ""
25738
25801
25739
#: serverguide/C/dns.xml:223(command)
25802
#: serverguide/C/dns.xml:227(command)
25740
25803
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
25741
25804
msgstr ""
25742
25805
25743
#: serverguide/C/dns.xml:225(para)
25806
#: serverguide/C/dns.xml:229(para)
25744
25807
msgid ""
25745
25808
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
25746
25809
"same options as <filename>/etc/bind/db.example.com</filename>:"
25747
25810
msgstr ""
25748
25811
25749
#: serverguide/C/dns.xml:229(programlisting)
25812
#: serverguide/C/dns.xml:233(programlisting)
25750
25813
#, no-wrap
25751
25814
msgid ""
25752
25815
"\n"
25765
25828
"10 IN PTR ns.example.com.\n"
25766
25829
msgstr ""
25767
25830
25768
#: serverguide/C/dns.xml:244(para)
25831
#: serverguide/C/dns.xml:248(para)
25769
25832
msgid ""
25770
25833
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
25771
25834
"incremented on each change as well. For each <emphasis>A record</emphasis> "
25774
25837
"<filename>/etc/bind/db.192</filename>."
25775
25838
msgstr ""
25776
25839
25777
#: serverguide/C/dns.xml:249(para)
25840
#: serverguide/C/dns.xml:253(para)
25778
25841
msgid ""
25779
25842
"After creating the reverse zone file restart "
25780
25843
"<application>BIND9</application>:"
25781
25844
msgstr ""
25782
25845
25783
#: serverguide/C/dns.xml:258(title)
25846
#: serverguide/C/dns.xml:262(title)
25784
25847
msgid "Secondary Master"
25785
25848
msgstr ""
25786
25849
25787
#: serverguide/C/dns.xml:259(para)
25850
#: serverguide/C/dns.xml:263(para)
25788
25851
msgid ""
25789
25852
"Once a <emphasis>Primary Master</emphasis> has been configured a "
25790
25853
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
25791
25854
"availability of the domain should the Primary become unavailable."
25792
25855
msgstr ""
25793
25856
25794
#: serverguide/C/dns.xml:263(para)
25857
#: serverguide/C/dns.xml:267(para)
25795
25858
msgid ""
25796
25859
"First, on the Primary Master server, the zone transfer needs to be allowed. "
25797
25860
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
25799
25862
"<filename>/etc/bind/named.conf.local</filename>:"
25800
25863
msgstr ""
25801
25864
25802
#: serverguide/C/dns.xml:267(programlisting)
25865
#: serverguide/C/dns.xml:271(programlisting)
25803
25866
#, no-wrap
25804
25867
msgid ""
25805
25868
"\n"
25816
25879
"};\n"
25817
25880
msgstr ""
25818
25881
25819
#: serverguide/C/dns.xml:281(para)
25882
#: serverguide/C/dns.xml:285(para)
25820
25883
msgid ""
25821
25884
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
25822
25885
"Secondary nameserver."
25823
25886
msgstr ""
25824
25887
25825
#: serverguide/C/dns.xml:285(para)
25888
#: serverguide/C/dns.xml:289(para)
25826
25889
msgid "Restart <application>BIND9</application> on the Primary Master:"
25827
25890
msgstr ""
25828
25891
25829
#: serverguide/C/dns.xml:291(para)
25892
#: serverguide/C/dns.xml:295(para)
25830
25893
msgid ""
25831
25894
"Next, on the Secondary Master, install the <application>bind9</application> "
25832
25895
"package the same way as on the Primary. Then edit the "
25834
25897
"declarations for the Forward and Reverse zones:"
25835
25898
msgstr ""
25836
25899
25837
#: serverguide/C/dns.xml:295(programlisting)
25900
#: serverguide/C/dns.xml:299(programlisting)
25838
25901
#, no-wrap
25839
25902
msgid ""
25840
25903
"\n"
25851
25914
"};\n"
25852
25915
msgstr ""
25853
25916
25854
#: serverguide/C/dns.xml:309(para)
25917
#: serverguide/C/dns.xml:313(para)
25855
25918
msgid ""
25856
25919
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
25857
25920
"Primary nameserver."
25858
25921
msgstr ""
25859
25922
25860
#: serverguide/C/dns.xml:313(para)
25923
#: serverguide/C/dns.xml:317(para)
25861
25924
msgid "Restart <application>BIND9</application> on the Secondary Master:"
25862
25925
msgstr ""
25863
25926
25864
#: serverguide/C/dns.xml:319(para)
25927
#: serverguide/C/dns.xml:323(para)
25865
25928
msgid ""
25866
25929
"In <filename>/var/log/syslog</filename> you should see something similar to "
25867
25930
"(some lines have been split to fit the format of this document):"
25868
25931
msgstr ""
25869
25932
25870
#: serverguide/C/dns.xml:322(programlisting)
25933
#: serverguide/C/dns.xml:326(programlisting)
25871
25934
#, no-wrap
25872
25935
msgid ""
25873
25936
"\n"
25892
25955
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
25893
25956
msgstr ""
25894
25957
25895
#: serverguide/C/dns.xml:341(para)
25958
#: serverguide/C/dns.xml:345(para)
25896
25959
msgid ""
25897
25960
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
25898
25961
"on the Primary is larger than the one on the Secondary. If you want to have "
25902
25965
"below:"
25903
25966
msgstr ""
25904
25967
25905
#: serverguide/C/dns.xml:345(programlisting)
25968
#: serverguide/C/dns.xml:349(programlisting)
25906
25969
#, no-wrap
25907
25970
msgid ""
25908
25971
"\n"
25922
25985
"\t"
25923
25986
msgstr ""
25924
25987
25925
#: serverguide/C/dns.xml:361(para)
25988
#: serverguide/C/dns.xml:365(para)
25926
25989
msgid ""
25927
25990
"The default directory for non-authoritative zone files is "
25928
25991
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
25931
25994
"on AppArmor see <xref linkend=\"apparmor\"/>."
25932
25995
msgstr ""
25933
25996
25934
#: serverguide/C/dns.xml:372(para)
25997
#: serverguide/C/dns.xml:376(para)
25935
25998
msgid ""
25936
25999
"This section covers ways to help determine the cause when problems happen "
25937
26000
"with DNS and <application>BIND9</application>."
25938
26001
msgstr ""
25939
26002
25940
#: serverguide/C/dns.xml:378(title)
26003
#: serverguide/C/dns.xml:382(title)
25941
26004
msgid "resolv.conf"
25942
26005
msgstr ""
25943
26006
25951
26014
"<filename>/etc/resolv.conf</filename> contains (for this example):"
25952
26015
msgstr ""
25953
26016
25954
#: serverguide/C/dns.xml:384(programlisting)
26017
#: serverguide/C/dns.xml:389(programlisting)
25955
26018
#, no-wrap
25956
26019
msgid ""
25957
26020
"\n"
25967
26030
"to RESOLVCONF=yes."
25968
26031
msgstr ""
25969
26032
25970
#: serverguide/C/dns.xml:389(para)
26033
#: serverguide/C/dns.xml:398(para)
25971
26034
msgid ""
25972
26035
"You should also add the IP Address of the Secondary nameserver in case the "
25973
26036
"Primary becomes unavailable."
25974
26037
msgstr ""
25975
26038
25976
#: serverguide/C/dns.xml:395(title)
26039
#: serverguide/C/dns.xml:404(title)
25977
26040
msgid "dig"
25978
26041
msgstr ""
25979
26042
25980
#: serverguide/C/dns.xml:396(para)
26043
#: serverguide/C/dns.xml:405(para)
25981
26044
msgid ""
25982
26045
"If you installed the <application>dnsutils</application> package you can "
25983
26046
"test your setup using the DNS lookup utility <application>dig</application>:"
25984
26047
msgstr ""
25985
26048
25986
#: serverguide/C/dns.xml:402(para)
26049
#: serverguide/C/dns.xml:411(para)
25987
26050
msgid ""
25988
26051
"After installing <application>BIND9</application> use "
25989
26052
"<application>dig</application> against the loopback interface to make sure "
25990
26053
"it is listening on port 53. From a terminal prompt:"
25991
26054
msgstr ""
25992
26055
25993
#: serverguide/C/dns.xml:407(command)
26056
#: serverguide/C/dns.xml:416(command)
25994
26057
msgid "dig -x 127.0.0.1"
25995
26058
msgstr ""
25996
26059
25997
#: serverguide/C/dns.xml:409(para)
26060
#: serverguide/C/dns.xml:418(para)
25998
26061
msgid "You should see lines similar to the following in the command output:"
25999
26062
msgstr ""
26000
26063
26001
#: serverguide/C/dns.xml:412(programlisting)
26064
#: serverguide/C/dns.xml:421(programlisting)
26002
26065
#, no-wrap
26003
26066
msgid ""
26004
26067
"\n"
26006
26069
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
26007
26070
msgstr ""
26008
26071
26009
#: serverguide/C/dns.xml:418(para)
26072
#: serverguide/C/dns.xml:427(para)
26010
26073
msgid ""
26011
26074
"If you have configured <application>BIND9</application> as a "
26012
26075
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
26013
26076
"the query time:"
26014
26077
msgstr ""
26015
26078
26016
#: serverguide/C/dns.xml:423(command)
26079
#: serverguide/C/dns.xml:432(command)
26017
26080
msgid "dig ubuntu.com"
26018
26081
msgstr ""
26019
26082
26020
#: serverguide/C/dns.xml:425(para)
26083
#: serverguide/C/dns.xml:434(para)
26021
26084
msgid "Note the query time toward the end of the command output:"
26022
26085
msgstr ""
26023
26086
26024
#: serverguide/C/dns.xml:428(programlisting)
26087
#: serverguide/C/dns.xml:437(programlisting)
26025
26088
#, no-wrap
26026
26089
msgid ""
26027
26090
"\n"
26028
26091
";; Query time: 49 msec\n"
26029
26092
msgstr ""
26030
26093
26031
#: serverguide/C/dns.xml:431(para)
26094
#: serverguide/C/dns.xml:440(para)
26032
26095
msgid "After a second dig there should be improvement:"
26033
26096
msgstr ""
26034
26097
26035
#: serverguide/C/dns.xml:434(programlisting)
26098
#: serverguide/C/dns.xml:443(programlisting)
26036
26099
#, no-wrap
26037
26100
msgid ""
26038
26101
"\n"
26039
26102
";; Query time: 1 msec\n"
26040
26103
msgstr ""
26041
26104
26042
#: serverguide/C/dns.xml:441(title)
26105
#: serverguide/C/dns.xml:450(title)
26043
26106
msgid "ping"
26044
26107
msgstr ""
26045
26108
26046
#: serverguide/C/dns.xml:443(para)
26109
#: serverguide/C/dns.xml:452(para)
26047
26110
msgid ""
26048
26111
"Now to demonstrate how applications make use of DNS to resolve a host name "
26049
26112
"use the <application>ping</application> utility to send an ICMP echo "
26050
26113
"request. From a terminal prompt enter:"
26051
26114
msgstr ""
26052
26115
26053
#: serverguide/C/dns.xml:449(command)
26116
#: serverguide/C/dns.xml:458(command)
26054
26117
msgid "ping example.com"
26055
26118
msgstr ""
26056
26119
26057
#: serverguide/C/dns.xml:451(para)
26120
#: serverguide/C/dns.xml:460(para)
26058
26121
msgid ""
26059
26122
"This tests if the nameserver can resolve the name "
26060
26123
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
26061
26124
"should resemble:"
26062
26125
msgstr ""
26063
26126
26064
#: serverguide/C/dns.xml:455(programlisting)
26127
#: serverguide/C/dns.xml:464(programlisting)
26065
26128
#, no-wrap
26066
26129
msgid ""
26067
26130
"\n"
26070
26133
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
26071
26134
msgstr ""
26072
26135
26073
#: serverguide/C/dns.xml:462(title)
26136
#: serverguide/C/dns.xml:471(title)
26074
26137
msgid "named-checkzone"
26075
26138
msgstr ""
26076
26139
26077
#: serverguide/C/dns.xml:463(para)
26140
#: serverguide/C/dns.xml:472(para)
26078
26141
msgid ""
26079
26142
"A great way to test your zone files is by using the <application>named-"
26080
26143
"checkzone</application> utility installed with the "
26083
26146
"<application>BIND9</application> and making the changes live."
26084
26147
msgstr ""
26085
26148
26086
#: serverguide/C/dns.xml:470(para)
26149
#: serverguide/C/dns.xml:479(para)
26087
26150
msgid ""
26088
26151
"To test our example Forward zone file enter the following from a command "
26089
26152
"prompt:"
26090
26153
msgstr ""
26091
26154
26092
#: serverguide/C/dns.xml:474(command)
26155
#: serverguide/C/dns.xml:483(command)
26093
26156
msgid "named-checkzone example.com /etc/bind/db.example.com"
26094
26157
msgstr ""
26095
26158
26096
#: serverguide/C/dns.xml:476(para)
26159
#: serverguide/C/dns.xml:485(para)
26097
26160
msgid ""
26098
26161
"If everything is configured correctly you should see output similar to:"
26099
26162
msgstr ""
26100
26163
26101
#: serverguide/C/dns.xml:479(programlisting)
26164
#: serverguide/C/dns.xml:488(programlisting)
26102
26165
#, no-wrap
26103
26166
msgid ""
26104
26167
"\n"
26106
26169
"OK\n"
26107
26170
msgstr ""
26108
26171
26109
#: serverguide/C/dns.xml:485(para)
26172
#: serverguide/C/dns.xml:494(para)
26110
26173
msgid "Similarly, to test the Reverse zone file enter the following:"
26111
26174
msgstr ""
26112
26175
26113
#: serverguide/C/dns.xml:489(command)
26176
#: serverguide/C/dns.xml:498(command)
26114
26177
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
26115
26178
msgstr ""
26116
26179
26117
#: serverguide/C/dns.xml:491(para)
26180
#: serverguide/C/dns.xml:500(para)
26118
26181
msgid "The output should be similar to:"
26119
26182
msgstr ""
26120
26183
26121
#: serverguide/C/dns.xml:494(programlisting)
26184
#: serverguide/C/dns.xml:503(programlisting)
26122
26185
#, no-wrap
26123
26186
msgid ""
26124
26187
"\n"
26126
26189
"OK\n"
26127
26190
msgstr ""
26128
26191
26129
#: serverguide/C/dns.xml:501(para)
26192
#: serverguide/C/dns.xml:510(para)
26130
26193
msgid ""
26131
26194
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
26132
26195
"different."
26133
26196
msgstr ""
26134
26197
26135
#: serverguide/C/dns.xml:509(para)
26198
#: serverguide/C/dns.xml:518(para)
26136
26199
msgid ""
26137
26200
"<application>BIND9</application> has a wide variety of logging configuration "
26138
26201
"options available. There are two main options. The "
26140
26203
"<emphasis>category</emphasis> option determines what information to log."
26141
26204
msgstr ""
26142
26205
26143
#: serverguide/C/dns.xml:513(para)
26206
#: serverguide/C/dns.xml:522(para)
26144
26207
msgid "If no logging option is configured the default option is:"
26145
26208
msgstr ""
26146
26209
26147
#: serverguide/C/dns.xml:516(programlisting)
26210
#: serverguide/C/dns.xml:525(programlisting)
26148
26211
#, no-wrap
26149
26212
msgid ""
26150
26213
"\n"
26154
26217
"};\n"
26155
26218
msgstr ""
26156
26219
26157
#: serverguide/C/dns.xml:522(para)
26220
#: serverguide/C/dns.xml:531(para)
26158
26221
msgid ""
26159
26222
"This section covers configuring <application>BIND9</application> to send "
26160
26223
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
26161
26224
"file."
26162
26225
msgstr ""
26163
26226
26164
#: serverguide/C/dns.xml:527(para)
26227
#: serverguide/C/dns.xml:536(para)
26165
26228
msgid ""
26166
26229
"First, we need to configure a channel to specify which file to send the "
26167
26230
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
26168
26231
"the following:"
26169
26232
msgstr ""
26170
26233
26171
#: serverguide/C/dns.xml:531(programlisting)
26234
#: serverguide/C/dns.xml:540(programlisting)
26172
26235
#, no-wrap
26173
26236
msgid ""
26174
26237
"\n"
26180
26243
"};\n"
26181
26244
msgstr ""
26182
26245
26183
#: serverguide/C/dns.xml:541(para)
26246
#: serverguide/C/dns.xml:550(para)
26184
26247
msgid "Next, configure a category to send all DNS queries to the query file:"
26185
26248
msgstr ""
26186
26249
26187
#: serverguide/C/dns.xml:544(programlisting)
26250
#: serverguide/C/dns.xml:553(programlisting)
26188
26251
#, no-wrap
26189
26252
msgid ""
26190
26253
"\n"
26197
26260
"};\n"
26198
26261
msgstr ""
26199
26262
26200
#: serverguide/C/dns.xml:556(para)
26263
#: serverguide/C/dns.xml:565(para)
26201
26264
msgid ""
26202
26265
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
26203
26266
"level isn't specified level 1 is the default."
26204
26267
msgstr ""
26205
26268
26206
#: serverguide/C/dns.xml:562(para)
26269
#: serverguide/C/dns.xml:571(para)
26207
26270
msgid ""
26208
26271
"Since the <emphasis>named daemon</emphasis> runs as the "
26209
26272
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
26210
26273
"file must be created and the ownership changed:"
26211
26274
msgstr ""
26212
26275
26213
#: serverguide/C/dns.xml:567(command)
26276
#: serverguide/C/dns.xml:576(command)
26214
26277
msgid "sudo touch /var/log/query.log"
26215
26278
msgstr ""
26216
26279
26217
#: serverguide/C/dns.xml:568(command)
26280
#: serverguide/C/dns.xml:577(command)
26218
26281
msgid "sudo chown bind /var/log/query.log"
26219
26282
msgstr ""
26220
26283
26221
#: serverguide/C/dns.xml:572(para)
26284
#: serverguide/C/dns.xml:581(para)
26222
26285
msgid ""
26223
26286
"Before <application>named</application> daemon can write to the new log file "
26224
26287
"the <application>AppArmor</application> profile must be updated. First, edit "
26225
26288
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
26226
26289
msgstr ""
26227
26290
26228
#: serverguide/C/dns.xml:576(programlisting)
26291
#: serverguide/C/dns.xml:585(programlisting)
26229
26292
#, no-wrap
26230
26293
msgid ""
26231
26294
"\n"
26232
26295
"/var/log/query.log w,\n"
26233
26296
msgstr ""
26234
26297
26235
#: serverguide/C/dns.xml:579(para)
26298
#: serverguide/C/dns.xml:588(para)
26236
26299
msgid "Next, reload the profile:"
26237
26300
msgstr ""
26238
26301
26239
#: serverguide/C/dns.xml:583(command)
26302
#: serverguide/C/dns.xml:592(command)
26240
26303
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
26241
26304
msgstr ""
26242
26305
26243
#: serverguide/C/dns.xml:585(para)
26306
#: serverguide/C/dns.xml:594(para)
26244
26307
msgid ""
26245
26308
"For more information on <application>AppArmor</application> see <xref "
26246
26309
"linkend=\"apparmor\"/>"
26247
26310
msgstr ""
26248
26311
26249
#: serverguide/C/dns.xml:590(para)
26312
#: serverguide/C/dns.xml:599(para)
26250
26313
msgid ""
26251
26314
"Now restart <application>BIND9</application> for the changes to take effect:"
26252
26315
msgstr ""
26253
26316
26254
#: serverguide/C/dns.xml:598(para)
26317
#: serverguide/C/dns.xml:607(para)
26255
26318
msgid ""
26256
26319
"You should see the file <filename>/var/log/query.log</filename> fill with "
26257
26320
"query information. This is a simple example of the "
26259
26322
"options see <xref linkend=\"dns-more-info\"/>."
26260
26323
msgstr ""
26261
26324
26262
#: serverguide/C/dns.xml:607(title)
26325
#: serverguide/C/dns.xml:616(title)
26263
26326
msgid "Common Record Types"
26264
26327
msgstr ""
26265
26328
26266
#: serverguide/C/dns.xml:608(para)
26329
#: serverguide/C/dns.xml:617(para)
26267
26330
msgid "This section covers some of the most common DNS record types."
26268
26331
msgstr ""
26269
26332
26270
#: serverguide/C/dns.xml:613(para)
26333
#: serverguide/C/dns.xml:622(para)
26271
26334
msgid ""
26272
26335
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26273
26336
msgstr ""
26274
26337
26275
#: serverguide/C/dns.xml:616(programlisting)
26338
#: serverguide/C/dns.xml:625(programlisting)
26276
26339
#, no-wrap
26277
26340
msgid ""
26278
26341
"\n"
26279
26342
"www IN A 192.168.1.12\n"
26280
26343
msgstr ""
26281
26344
26282
#: serverguide/C/dns.xml:621(para)
26345
#: serverguide/C/dns.xml:630(para)
26283
26346
msgid ""
26284
26347
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26285
26348
"record. You cannot create a CNAME record pointing to another CNAME record."
26286
26349
msgstr ""
26287
26350
26288
#: serverguide/C/dns.xml:624(programlisting)
26351
#: serverguide/C/dns.xml:633(programlisting)
26289
26352
#, no-wrap
26290
26353
msgid ""
26291
26354
"\n"
26292
26355
"web IN CNAME www\n"
26293
26356
msgstr ""
26294
26357
26295
#: serverguide/C/dns.xml:629(para)
26358
#: serverguide/C/dns.xml:638(para)
26296
26359
msgid ""
26297
26360
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26298
26361
"to. Must point to an A record, not a CNAME."
26299
26362
msgstr ""
26300
26363
26301
#: serverguide/C/dns.xml:632(programlisting)
26364
#: serverguide/C/dns.xml:641(programlisting)
26302
26365
#, no-wrap
26303
26366
msgid ""
26304
26367
"\n"
26306
26369
"mail IN A 192.168.1.13\n"
26307
26370
msgstr ""
26308
26371
26309
#: serverguide/C/dns.xml:638(para)
26372
#: serverguide/C/dns.xml:647(para)
26310
26373
msgid ""
26311
26374
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
26312
26375
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
26313
26376
"Secondary servers are defined."
26314
26377
msgstr ""
26315
26378
26316
#: serverguide/C/dns.xml:642(programlisting)
26379
#: serverguide/C/dns.xml:651(programlisting)
26317
26380
#, no-wrap
26318
26381
msgid ""
26319
26382
"\n"
26323
26386
"ns2 IN A 192.168.1.11\n"
26324
26387
msgstr ""
26325
26388
26326
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
26389
#: serverguide/C/dns.xml:661(title)
26327
26390
msgid "More Information"
26328
26391
msgstr ""
26329
26392
26354
26417
"BIND on IPv6</ulink> book."
26355
26418
msgstr ""
26356
26419
26357
#: serverguide/C/dns.xml:670(para)
26420
#: serverguide/C/dns.xml:684(para)
26358
26421
msgid ""
26359
26422
"A great place to ask for <application>BIND9</application> assistance, and "
26360
26423
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
26537
26600
"Components</link> describes the components of the DM-Multipath package."
26538
26601
msgstr ""
26539
26602
26540
#: serverguide/C/dm-multipath.xml:184(title)
26603
#: serverguide/C/dm-multipath.xml:183(title)
26541
26604
msgid "DM-Multipath Setup Overview"
26542
26605
msgstr ""
26543
26606
26544
#: serverguide/C/dm-multipath.xml:191(para)
26607
#: serverguide/C/dm-multipath.xml:190(para)
26545
26608
msgid ""
26546
26609
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26547
26610
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26548
26611
msgstr ""
26549
26612
26550
#: serverguide/C/dm-multipath.xml:197(para)
26613
#: serverguide/C/dm-multipath.xml:196(para)
26551
26614
msgid ""
26552
26615
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26553
26616
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26554
26617
msgstr ""
26555
26618
26556
#: serverguide/C/dm-multipath.xml:203(para)
26619
#: serverguide/C/dm-multipath.xml:202(para)
26557
26620
msgid ""
26558
26621
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26559
26622
"configuration file to modify default values and save the updated file."
26560
26623
msgstr ""
26561
26624
26562
#: serverguide/C/dm-multipath.xml:209(para)
26625
#: serverguide/C/dm-multipath.xml:208(para)
26563
26626
msgid "Start the multipath daemon"
26564
26627
msgstr ""
26565
26628
26566
#: serverguide/C/dm-multipath.xml:213(para)
26629
#: serverguide/C/dm-multipath.xml:212(para)
26567
26630
msgid "Update initial ramdisk"
26568
26631
msgstr ""
26569
26632
26570
#: serverguide/C/dm-multipath.xml:186(para)
26633
#: serverguide/C/dm-multipath.xml:185(para)
26571
26634
msgid ""
26572
26635
"DM-Multipath includes compiled-in default settings that are suitable for "
26573
26636
"common multipath configurations. Setting up DM-multipath is often a simple "
26577
26640
"overview\">Setting Up DM-Multipath</link>."
26578
26641
msgstr ""
26579
26642
26580
#: serverguide/C/dm-multipath.xml:223(title)
26643
#: serverguide/C/dm-multipath.xml:222(title)
26581
26644
msgid "Multipath Devices"
26582
26645
msgstr ""
26583
26646
26584
#: serverguide/C/dm-multipath.xml:225(para)
26647
#: serverguide/C/dm-multipath.xml:224(para)
26585
26648
msgid ""
26586
26649
"Without DM-Multipath, each path from a server node to a storage controller "
26587
26650
"is treated by the system as a separate device, even when the I/O path "
26590
26653
"multipath device on top of the underlying devices."
26591
26654
msgstr ""
26592
26655
26593
#: serverguide/C/dm-multipath.xml:233(title)
26656
#: serverguide/C/dm-multipath.xml:232(title)
26594
26657
msgid "Multipath Device Identifiers"
26595
26658
msgstr ""
26596
26659
26597
#: serverguide/C/dm-multipath.xml:261(para)
26660
#: serverguide/C/dm-multipath.xml:260(para)
26598
26661
msgid ""
26599
26662
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
26600
26663
"early in the boot process. Use these devices to access the multipathed "
26601
26664
"devices, for example when creating logical volumes."
26602
26665
msgstr ""
26603
26666
26604
#: serverguide/C/dm-multipath.xml:268(para)
26667
#: serverguide/C/dm-multipath.xml:267(para)
26605
26668
msgid ""
26606
26669
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
26607
26670
"internal use only and should never be used."
26647
26710
"Device Configuration Attributes</link>."
26648
26711
msgstr ""
26649
26712
26650
#: serverguide/C/dm-multipath.xml:289(title)
26713
#: serverguide/C/dm-multipath.xml:288(title)
26651
26714
msgid "Consistent Multipath Device Names in a Cluster"
26652
26715
msgstr ""
26653
26716
26654
#: serverguide/C/dm-multipath.xml:291(para)
26717
#: serverguide/C/dm-multipath.xml:290(para)
26655
26718
msgid ""
26656
26719
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26657
26720
"configuration option is set to yes, the name of the multipath device is "
26674
26737
"procedure:"
26675
26738
msgstr ""
26676
26739
26677
#: serverguide/C/dm-multipath.xml:313(para)
26740
#: serverguide/C/dm-multipath.xml:312(para)
26678
26741
msgid "Set up all of the multipath devices on one machine."
26679
26742
msgstr ""
26680
26743
26681
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26744
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26682
26745
msgid ""
26683
26746
"Disable all of your multipath devices on your other machines by running the "
26684
26747
"following commands:"
26685
26748
msgstr ""
26686
26749
26687
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26750
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26688
26751
#, no-wrap
26689
26752
msgid ""
26690
26753
"# service multipath-tools stop\n"
26691
26754
"# multipath -F\n"
26692
26755
msgstr ""
26693
26756
26694
#: serverguide/C/dm-multipath.xml:326(para)
26757
#: serverguide/C/dm-multipath.xml:325(para)
26695
26758
msgid ""
26696
26759
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26697
26760
"machine to all the other machines in the cluster."
26698
26761
msgstr ""
26699
26762
26700
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26763
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26701
26764
msgid ""
26702
26765
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26703
26766
"running the following command:"
26704
26767
msgstr ""
26705
26768
26706
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26769
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26707
26770
#, no-wrap
26708
26771
msgid "# service multipath-tools start"
26709
26772
msgstr ""
26710
26773
26711
#: serverguide/C/dm-multipath.xml:339(para)
26774
#: serverguide/C/dm-multipath.xml:338(para)
26712
26775
msgid "If you add a new device, you will need to repeat this process."
26713
26776
msgstr ""
26714
26777
26715
#: serverguide/C/dm-multipath.xml:342(para)
26778
#: serverguide/C/dm-multipath.xml:341(para)
26716
26779
msgid ""
26717
26780
"Similarly, if you configure an alias for a device that you would like to be "
26718
26781
"consistent across the nodes in the cluster, you should ensure that the "
26720
26783
"the cluster by following the same procedure:"
26721
26784
msgstr ""
26722
26785
26723
#: serverguide/C/dm-multipath.xml:349(para)
26786
#: serverguide/C/dm-multipath.xml:348(para)
26724
26787
msgid ""
26725
26788
"Configure the aliases for the multipath devices in the in the "
26726
26789
"<filename>multipath.conf</filename> file on one machine."
26727
26790
msgstr ""
26728
26791
26729
#: serverguide/C/dm-multipath.xml:363(para)
26792
#: serverguide/C/dm-multipath.xml:362(para)
26730
26793
msgid ""
26731
26794
"Copy the <filename>multipath.conf</filename> file from the first machine to "
26732
26795
"all the other machines in the cluster."
26733
26796
msgstr ""
26734
26797
26735
#: serverguide/C/dm-multipath.xml:375(para)
26798
#: serverguide/C/dm-multipath.xml:374(para)
26736
26799
msgid "When you add a new device you will need to repeat this process."
26737
26800
msgstr ""
26738
26801
26739
#: serverguide/C/dm-multipath.xml:380(title)
26802
#: serverguide/C/dm-multipath.xml:379(title)
26740
26803
msgid "Multipath Device attributes"
26741
26804
msgstr ""
26742
26805
26743
#: serverguide/C/dm-multipath.xml:382(para)
26806
#: serverguide/C/dm-multipath.xml:381(para)
26744
26807
msgid ""
26745
26808
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26746
26809
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
26753
26816
"linkend=\"multipath-config-multipath\"/>\"."
26754
26817
msgstr ""
26755
26818
26756
#: serverguide/C/dm-multipath.xml:395(title)
26819
#: serverguide/C/dm-multipath.xml:394(title)
26757
26820
msgid "Multipath Devices in Logical Volumes"
26758
26821
msgstr ""
26759
26822
26760
#: serverguide/C/dm-multipath.xml:397(para)
26823
#: serverguide/C/dm-multipath.xml:396(para)
26761
26824
msgid ""
26762
26825
"After creating multipath devices, you can use the multipath device names "
26763
26826
"just as you would use a physical device name when creating an LVM physical "
26768
26831
"you would use any other LVM physical device."
26769
26832
msgstr ""
26770
26833
26771
#: serverguide/C/dm-multipath.xml:406(para)
26834
#: serverguide/C/dm-multipath.xml:405(para)
26772
26835
msgid ""
26773
26836
"If you attempt to create an LVM physical volume on a whole device on which "
26774
26837
"you have configured partitions, the pvcreate command will fail."
26775
26838
msgstr ""
26776
26839
26777
#: serverguide/C/dm-multipath.xml:426(para)
26840
#: serverguide/C/dm-multipath.xml:425(para)
26778
26841
msgid ""
26779
26842
"Every time either <filename>/etc/lvm.conf</filename> or "
26780
26843
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
26782
26845
"filters are necessary to maintain a stable storage configuration."
26783
26846
msgstr ""
26784
26847
26785
#: serverguide/C/dm-multipath.xml:411(para)
26848
#: serverguide/C/dm-multipath.xml:410(para)
26786
26849
msgid ""
26787
26850
"When you create an LVM logical volume that uses active/passive multipath "
26788
26851
"arrays as the underlying physical devices, you should include filters in the "
26801
26864
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26802
26865
msgstr ""
26803
26866
26804
#: serverguide/C/dm-multipath.xml:436(title)
26867
#: serverguide/C/dm-multipath.xml:435(title)
26805
26868
msgid "Setting up DM-Multipath Overview"
26806
26869
msgstr ""
26807
26870
26808
#: serverguide/C/dm-multipath.xml:438(para)
26871
#: serverguide/C/dm-multipath.xml:437(para)
26809
26872
msgid ""
26810
26873
"This section provides step-by-step example procedures for configuring DM-"
26811
26874
"Multipath. It includes the following procedures:"
26812
26875
msgstr ""
26813
26876
26814
#: serverguide/C/dm-multipath.xml:443(para)
26877
#: serverguide/C/dm-multipath.xml:442(para)
26815
26878
msgid "Basic DM-Multipath setup"
26816
26879
msgstr ""
26817
26880
26818
#: serverguide/C/dm-multipath.xml:447(para)
26881
#: serverguide/C/dm-multipath.xml:446(para)
26819
26882
msgid "Ignoring local disks"
26820
26883
msgstr ""
26821
26884
26822
#: serverguide/C/dm-multipath.xml:451(para)
26885
#: serverguide/C/dm-multipath.xml:450(para)
26823
26886
msgid "Adding more devices to the configuration file"
26824
26887
msgstr ""
26825
26888
26826
#: serverguide/C/dm-multipath.xml:456(title)
26889
#: serverguide/C/dm-multipath.xml:455(title)
26827
26890
msgid "Setting Up DM-Multipath"
26828
26891
msgstr ""
26829
26892
26830
#: serverguide/C/dm-multipath.xml:458(para)
26893
#: serverguide/C/dm-multipath.xml:457(para)
26831
26894
msgid ""
26832
26895
"Before setting up DM-Multipath on your system, ensure that your system has "
26833
26896
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26836
26899
"boot</application></emphasis> package is also required."
26837
26900
msgstr ""
26838
26901
26839
#: serverguide/C/dm-multipath.xml:476(para)
26902
#: serverguide/C/dm-multipath.xml:475(para)
26840
26903
msgid ""
26841
26904
"To work around a quirk in multipathd, when an "
26842
26905
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
26853
26916
"database."
26854
26917
msgstr ""
26855
26918
26856
#: serverguide/C/dm-multipath.xml:465(para)
26919
#: serverguide/C/dm-multipath.xml:464(para)
26857
26920
msgid ""
26858
26921
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
26859
26922
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
26869
26932
"multipath.conf-live</screen><placeholder-1/>"
26870
26933
msgstr ""
26871
26934
26872
#: serverguide/C/dm-multipath.xml:493(title)
26935
#: serverguide/C/dm-multipath.xml:492(title)
26873
26936
msgid "Installing with Multipath Support"
26874
26937
msgstr ""
26875
26938
26876
#: serverguide/C/dm-multipath.xml:495(para)
26939
#: serverguide/C/dm-multipath.xml:494(para)
26877
26940
msgid ""
26878
26941
"To enable <ulink "
26879
26942
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
26883
26946
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
26884
26947
msgstr ""
26885
26948
26886
#: serverguide/C/dm-multipath.xml:504(title)
26949
#: serverguide/C/dm-multipath.xml:503(title)
26887
26950
msgid "Ignoring Local Disks When Generating Multipath Devices"
26888
26951
msgstr ""
26889
26952
26890
#: serverguide/C/dm-multipath.xml:506(para)
26953
#: serverguide/C/dm-multipath.xml:505(para)
26891
26954
msgid ""
26892
26955
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
26893
26956
"is not recommended for these devices. The following procedure shows how to "
26908
26971
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
26909
26972
msgstr ""
26910
26973
26911
#: serverguide/C/dm-multipath.xml:525(screen)
26974
#: serverguide/C/dm-multipath.xml:524(screen)
26912
26975
#, no-wrap
26913
26976
msgid ""
26914
26977
"\n"
26945
27008
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26946
27009
msgstr ""
26947
27010
26948
#: serverguide/C/dm-multipath.xml:561(para)
27011
#: serverguide/C/dm-multipath.xml:560(para)
26949
27012
msgid ""
26950
27013
"In order to prevent the device mapper from mapping <emphasis "
26951
27014
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
26962
27025
"the following in the <filename>/etc/multipath.conf</filename> file."
26963
27026
msgstr ""
26964
27027
26965
#: serverguide/C/dm-multipath.xml:576(screen)
27028
#: serverguide/C/dm-multipath.xml:575(screen)
26966
27029
#, no-wrap
26967
27030
msgid ""
26968
27031
"\n"
26971
27034
"}\n"
26972
27035
msgstr ""
26973
27036
26974
#: serverguide/C/dm-multipath.xml:584(para)
27037
#: serverguide/C/dm-multipath.xml:583(para)
26975
27038
msgid ""
26976
27039
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
26977
27040
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
26979
27042
"<filename>/etc/multipath.conf</filename> file."
26980
27043
msgstr ""
26981
27044
26982
#: serverguide/C/dm-multipath.xml:589(screen)
27045
#: serverguide/C/dm-multipath.xml:588(screen)
26983
27046
#, no-wrap
26984
27047
msgid "# service multipath-tools reload"
26985
27048
msgstr ""
26986
27049
26987
#: serverguide/C/dm-multipath.xml:593(para)
27050
#: serverguide/C/dm-multipath.xml:592(para)
26988
27051
msgid "Run the following command to remove the multipath device:"
26989
27052
msgstr ""
26990
27053
26991
#: serverguide/C/dm-multipath.xml:596(screen)
27054
#: serverguide/C/dm-multipath.xml:595(screen)
26992
27055
#, no-wrap
26993
27056
msgid ""
26994
27057
"\n"
27008
27071
"specify a <emphasis role=\"bold\">-v</emphasis> option."
27009
27072
msgstr ""
27010
27073
27011
#: serverguide/C/dm-multipath.xml:613(screen)
27074
#: serverguide/C/dm-multipath.xml:612(screen)
27012
27075
#, no-wrap
27013
27076
msgid ""
27014
27077
"\n"
27039
27102
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
27040
27103
msgstr ""
27041
27104
27042
#: serverguide/C/dm-multipath.xml:645(title)
27105
#: serverguide/C/dm-multipath.xml:644(title)
27043
27106
msgid "Configuring Storage Devices"
27044
27107
msgstr ""
27045
27108
27046
#: serverguide/C/dm-multipath.xml:647(para)
27109
#: serverguide/C/dm-multipath.xml:646(para)
27047
27110
msgid ""
27048
27111
"By default, DM-Multipath includes support for the most common storage arrays "
27049
27112
"that support DM-Multipath. The default configuration values, including "
27051
27114
"<filename>multipath.conf.defaults</filename> file."
27052
27115
msgstr ""
27053
27116
27054
#: serverguide/C/dm-multipath.xml:652(para)
27117
#: serverguide/C/dm-multipath.xml:651(para)
27055
27118
msgid ""
27056
27119
"If you need to add a storage device that is not supported by default as a "
27057
27120
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
27058
27121
"file and insert the appropriate device information."
27059
27122
msgstr ""
27060
27123
27061
#: serverguide/C/dm-multipath.xml:656(para)
27124
#: serverguide/C/dm-multipath.xml:655(para)
27062
27125
msgid ""
27063
27126
"For example, to add information about the HP Open-V series the entry looks "
27064
27127
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
27065
27128
msgstr ""
27066
27129
27067
#: serverguide/C/dm-multipath.xml:660(screen)
27130
#: serverguide/C/dm-multipath.xml:659(screen)
27068
27131
#, no-wrap
27069
27132
msgid ""
27070
27133
"devices {\n"
27077
27140
"}\n"
27078
27141
msgstr ""
27079
27142
27080
#: serverguide/C/dm-multipath.xml:669(para)
27143
#: serverguide/C/dm-multipath.xml:668(para)
27081
27144
msgid ""
27082
27145
"For more information on the devices section of the configuration file, see "
27083
27146
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
27084
27147
"device\"/>."
27085
27148
msgstr ""
27086
27149
27087
#: serverguide/C/dm-multipath.xml:676(title)
27150
#: serverguide/C/dm-multipath.xml:675(title)
27088
27151
msgid "The DM-Multipath Configuration File"
27089
27152
msgstr ""
27090
27153
27091
#: serverguide/C/dm-multipath.xml:678(para)
27154
#: serverguide/C/dm-multipath.xml:677(para)
27092
27155
msgid ""
27093
27156
"By default, DM-Multipath provides configuration values for the most common "
27094
27157
"uses of multipathing. In addition, DM-Multipath includes support for the "
27097
27160
"<filename>multipath.conf.defaults</filename> file."
27098
27161
msgstr ""
27099
27162
27100
#: serverguide/C/dm-multipath.xml:684(para)
27163
#: serverguide/C/dm-multipath.xml:683(para)
27101
27164
msgid ""
27102
27165
"You can override the default configuration values for DM-Multipath by "
27103
27166
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
27107
27170
"on the following topics: <placeholder-1/>"
27108
27171
msgstr ""
27109
27172
27110
#: serverguide/C/dm-multipath.xml:716(para)
27173
#: serverguide/C/dm-multipath.xml:715(para)
27111
27174
msgid ""
27112
27175
"In the multipath configuration file, you need to specify only the sections "
27113
27176
"that you need for your configuration, or that you wish to change from the "
27117
27180
"can leave them commented out, as they are in the initial file."
27118
27181
msgstr ""
27119
27182
27120
#: serverguide/C/dm-multipath.xml:724(para)
27183
#: serverguide/C/dm-multipath.xml:723(para)
27121
27184
msgid "The configuration file allows regular expression description syntax."
27122
27185
msgstr ""
27123
27186
27124
#: serverguide/C/dm-multipath.xml:727(para)
27187
#: serverguide/C/dm-multipath.xml:726(para)
27125
27188
msgid ""
27126
27189
"An annotated version of the configuration file can be found in "
27127
27190
"<filename><filename>/usr/share/doc/multipath-"
27128
27191
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
27129
27192
msgstr ""
27130
27193
27131
#: serverguide/C/dm-multipath.xml:731(title)
27194
#: serverguide/C/dm-multipath.xml:730(title)
27132
27195
msgid "Configuration File Overview"
27133
27196
msgstr ""
27134
27197
27135
#: serverguide/C/dm-multipath.xml:733(para)
27198
#: serverguide/C/dm-multipath.xml:732(para)
27136
27199
msgid ""
27137
27200
"The multipath configuration file is divided into the following sections:"
27138
27201
msgstr ""
27139
27202
27140
#: serverguide/C/dm-multipath.xml:738(emphasis)
27203
#: serverguide/C/dm-multipath.xml:737(emphasis)
27141
27204
msgid "blacklist"
27142
27205
msgstr ""
27143
27206
27144
#: serverguide/C/dm-multipath.xml:741(para)
27207
#: serverguide/C/dm-multipath.xml:740(para)
27145
27208
msgid ""
27146
27209
"Listing of specific devices that will not be considered for multipath."
27147
27210
msgstr ""
27148
27211
27149
#: serverguide/C/dm-multipath.xml:747(emphasis)
27212
#: serverguide/C/dm-multipath.xml:746(emphasis)
27150
27213
msgid "blacklist_exceptions"
27151
27214
msgstr ""
27152
27215
27153
#: serverguide/C/dm-multipath.xml:750(para)
27216
#: serverguide/C/dm-multipath.xml:749(para)
27154
27217
msgid ""
27155
27218
"Listing of multipath candidates that would otherwise be blacklisted "
27156
27219
"according to the parameters of the blacklist section."
27157
27220
msgstr ""
27158
27221
27159
#: serverguide/C/dm-multipath.xml:757(emphasis)
27222
#: serverguide/C/dm-multipath.xml:756(emphasis)
27160
27223
msgid "defaults"
27161
27224
msgstr ""
27162
27225
27163
#: serverguide/C/dm-multipath.xml:760(para)
27226
#: serverguide/C/dm-multipath.xml:759(para)
27164
27227
msgid "General default settings for DM-Multipath."
27165
27228
msgstr ""
27166
27229
27167
#: serverguide/C/dm-multipath.xml:768(para)
27230
#: serverguide/C/dm-multipath.xml:767(para)
27168
27231
msgid ""
27169
27232
"Settings for the characteristics of individual multipath devices. These "
27170
27233
"values overwrite what is specified in the <emphasis "
27172
27235
"role=\"bold\">devices</emphasis> sections of the configuration file."
27173
27236
msgstr ""
27174
27237
27175
#: serverguide/C/dm-multipath.xml:777(emphasis)
27238
#: serverguide/C/dm-multipath.xml:776(emphasis)
27176
27239
msgid "devices"
27177
27240
msgstr ""
27178
27241
27179
#: serverguide/C/dm-multipath.xml:780(para)
27242
#: serverguide/C/dm-multipath.xml:779(para)
27180
27243
msgid ""
27181
27244
"Settings for the individual storage controllers. These values overwrite what "
27182
27245
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
27185
27248
"array."
27186
27249
msgstr ""
27187
27250
27188
#: serverguide/C/dm-multipath.xml:789(para)
27251
#: serverguide/C/dm-multipath.xml:788(para)
27189
27252
msgid ""
27190
27253
"When the system determines the attributes of a multipath device, first it "
27191
27254
"checks the multipath settings, then the per devices settings, then the "
27192
27255
"multipath system defaults."
27193
27256
msgstr ""
27194
27257
27195
#: serverguide/C/dm-multipath.xml:795(title)
27258
#: serverguide/C/dm-multipath.xml:794(title)
27196
27259
msgid "Configuration File Blacklist"
27197
27260
msgstr ""
27198
27261
27199
#: serverguide/C/dm-multipath.xml:797(para)
27262
#: serverguide/C/dm-multipath.xml:796(para)
27200
27263
msgid ""
27201
27264
"The blacklist section of the multipath configuration file specifies the "
27202
27265
"devices that will not be used when the system configures multipath devices. "
27203
27266
"Devices that are blacklisted will not be grouped into a multipath device."
27204
27267
msgstr ""
27205
27268
27206
#: serverguide/C/dm-multipath.xml:804(para)
27269
#: serverguide/C/dm-multipath.xml:803(para)
27207
27270
msgid ""
27208
27271
"If you do need to blacklist devices, you can do so according to the "
27209
27272
"following criteria:"
27210
27273
msgstr ""
27211
27274
27212
#: serverguide/C/dm-multipath.xml:809(para)
27275
#: serverguide/C/dm-multipath.xml:808(para)
27213
27276
msgid ""
27214
27277
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
27215
27278
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
27216
27279
msgstr ""
27217
27280
27218
#: serverguide/C/dm-multipath.xml:815(para)
27281
#: serverguide/C/dm-multipath.xml:814(para)
27219
27282
msgid ""
27220
27283
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
27221
27284
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
27222
27285
msgstr ""
27223
27286
27224
#: serverguide/C/dm-multipath.xml:821(para)
27287
#: serverguide/C/dm-multipath.xml:820(para)
27225
27288
msgid ""
27226
27289
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
27227
27290
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
27228
27291
msgstr ""
27229
27292
27230
#: serverguide/C/dm-multipath.xml:827(para)
27293
#: serverguide/C/dm-multipath.xml:826(para)
27231
27294
msgid ""
27232
27295
"By default, a variety of device types are blacklisted, even after you "
27233
27296
"comment out the initial blacklist section of the configuration file. For "
27235
27298
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
27236
27299
msgstr ""
27237
27300
27238
#: serverguide/C/dm-multipath.xml:836(title)
27301
#: serverguide/C/dm-multipath.xml:835(title)
27239
27302
msgid "Blacklisting By WWID"
27240
27303
msgstr ""
27241
27304
27242
#: serverguide/C/dm-multipath.xml:839(para)
27305
#: serverguide/C/dm-multipath.xml:838(para)
27243
27306
msgid ""
27244
27307
"You can specify individual devices to blacklist by their World-Wide "
27245
27308
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
27247
27310
"file."
27248
27311
msgstr ""
27249
27312
27250
#: serverguide/C/dm-multipath.xml:844(para)
27313
#: serverguide/C/dm-multipath.xml:843(para)
27251
27314
msgid ""
27252
27315
"The following example shows the lines in the configuration file that would "
27253
27316
"blacklist a device with a WWID of 26353900f02796769."
27254
27317
msgstr ""
27255
27318
27256
#: serverguide/C/dm-multipath.xml:847(screen)
27319
#: serverguide/C/dm-multipath.xml:846(screen)
27257
27320
#, no-wrap
27258
27321
msgid ""
27259
27322
"\n"
27262
27325
"}\n"
27263
27326
msgstr ""
27264
27327
27265
#: serverguide/C/dm-multipath.xml:855(title)
27328
#: serverguide/C/dm-multipath.xml:854(title)
27266
27329
msgid "Blacklisting By Device Name"
27267
27330
msgstr ""
27268
27331
27269
#: serverguide/C/dm-multipath.xml:858(para)
27332
#: serverguide/C/dm-multipath.xml:857(para)
27270
27333
msgid ""
27271
27334
"You can blacklist device types by device name so that they will not be "
27272
27335
"grouped into a multipath device by specifying a <emphasis "
27274
27337
"role=\"bold\">blacklist</emphasis> section of the configuration file."
27275
27338
msgstr ""
27276
27339
27277
#: serverguide/C/dm-multipath.xml:864(para)
27340
#: serverguide/C/dm-multipath.xml:863(para)
27278
27341
msgid ""
27279
27342
"The following example shows the lines in the configuration file that would "
27280
27343
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
27283
27346
"}</screen>"
27284
27347
msgstr ""
27285
27348
27286
#: serverguide/C/dm-multipath.xml:871(para)
27349
#: serverguide/C/dm-multipath.xml:870(para)
27287
27350
msgid ""
27288
27351
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
27289
27352
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
27295
27358
"on reboot."
27296
27359
msgstr ""
27297
27360
27298
#: serverguide/C/dm-multipath.xml:881(para)
27361
#: serverguide/C/dm-multipath.xml:880(para)
27299
27362
msgid ""
27300
27363
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
27301
27364
"are compiled in the default blacklist; the devices that these entries "
27311
27374
"</screen>"
27312
27375
msgstr ""
27313
27376
27314
#: serverguide/C/dm-multipath.xml:898(title)
27377
#: serverguide/C/dm-multipath.xml:897(title)
27315
27378
msgid "Blacklisting By Device Type"
27316
27379
msgstr ""
27317
27380
27318
#: serverguide/C/dm-multipath.xml:901(para)
27381
#: serverguide/C/dm-multipath.xml:900(para)
27319
27382
msgid ""
27320
27383
"You can specify specific device types in the <emphasis "
27321
27384
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
27334
27397
"</screen>"
27335
27398
msgstr ""
27336
27399
27337
#: serverguide/C/dm-multipath.xml:919(title)
27400
#: serverguide/C/dm-multipath.xml:918(title)
27338
27401
msgid "Blacklist Exceptions"
27339
27402
msgstr ""
27340
27403
27341
#: serverguide/C/dm-multipath.xml:922(para)
27404
#: serverguide/C/dm-multipath.xml:921(para)
27342
27405
msgid ""
27343
27406
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
27344
27407
"section of the configuration file to enable multipathing on devices that "
27345
27408
"have been blacklisted by default."
27346
27409
msgstr ""
27347
27410
27348
#: serverguide/C/dm-multipath.xml:927(para)
27411
#: serverguide/C/dm-multipath.xml:926(para)
27349
27412
msgid ""
27350
27413
"For example, if you have a large number of devices and want to multipath "
27351
27414
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
27363
27426
"</screen>"
27364
27427
msgstr ""
27365
27428
27366
#: serverguide/C/dm-multipath.xml:942(para)
27429
#: serverguide/C/dm-multipath.xml:941(para)
27367
27430
msgid ""
27368
27431
"When specifying devices in the <emphasis "
27369
27432
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
27375
27438
"only to devnode entries, and device exceptions apply only to device entries."
27376
27439
msgstr ""
27377
27440
27378
#: serverguide/C/dm-multipath.xml:955(title)
27441
#: serverguide/C/dm-multipath.xml:954(title)
27379
27442
msgid "Configuration File Defaults"
27380
27443
msgstr ""
27381
27444
27382
#: serverguide/C/dm-multipath.xml:957(para)
27445
#: serverguide/C/dm-multipath.xml:956(para)
27383
27446
msgid ""
27384
27447
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
27385
27448
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
27387
27450
"role=\"bold\">yes</emphasis>, as follows."
27388
27451
msgstr ""
27389
27452
27390
#: serverguide/C/dm-multipath.xml:962(screen)
27453
#: serverguide/C/dm-multipath.xml:961(screen)
27391
27454
#, no-wrap
27392
27455
msgid ""
27393
27456
"\n"
27396
27459
"}\n"
27397
27460
msgstr ""
27398
27461
27399
#: serverguide/C/dm-multipath.xml:968(para)
27462
#: serverguide/C/dm-multipath.xml:967(para)
27400
27463
msgid ""
27401
27464
"This overwrites the default value of the <emphasis "
27402
27465
"role=\"bold\">user_friendly_names</emphasis> parameter."
27403
27466
msgstr ""
27404
27467
27405
#: serverguide/C/dm-multipath.xml:971(para)
27468
#: serverguide/C/dm-multipath.xml:970(para)
27406
27469
msgid ""
27407
27470
"The configuration file includes a template of configuration defaults. This "
27408
27471
"section is commented out, as follows."
27409
27472
msgstr ""
27410
27473
27411
#: serverguide/C/dm-multipath.xml:974(screen)
27474
#: serverguide/C/dm-multipath.xml:973(screen)
27412
27475
#, no-wrap
27413
27476
msgid ""
27414
27477
"\n"
27429
27492
"#}\n"
27430
27493
msgstr ""
27431
27494
27432
#: serverguide/C/dm-multipath.xml:991(para)
27495
#: serverguide/C/dm-multipath.xml:990(para)
27433
27496
msgid ""
27434
27497
"To overwrite the default value for any of the configuration parameters, you "
27435
27498
"can copy the relevant line from this template into the <emphasis "
27442
27505
"uncomment it, as follows."
27443
27506
msgstr ""
27444
27507
27445
#: serverguide/C/dm-multipath.xml:1002(screen)
27508
#: serverguide/C/dm-multipath.xml:1001(screen)
27446
27509
#, no-wrap
27447
27510
msgid ""
27448
27511
"\n"
27452
27515
"}\n"
27453
27516
msgstr ""
27454
27517
27455
#: serverguide/C/dm-multipath.xml:1009(para)
27518
#: serverguide/C/dm-multipath.xml:1008(para)
27456
27519
msgid ""
27457
27520
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
27458
27521
"config-defaults-table\"/> describes the attributes that are set in the "
27464
27527
"<filename>multipath.conf</filename> file."
27465
27528
msgstr ""
27466
27529
27467
#: serverguide/C/dm-multipath.xml:1023(title)
27530
#: serverguide/C/dm-multipath.xml:1022(title)
27468
27531
msgid "Configuration File Multipath Attributes"
27469
27532
msgstr ""
27470
27533
27471
#: serverguide/C/dm-multipath.xml:1026(para)
27534
#: serverguide/C/dm-multipath.xml:1025(para)
27472
27535
msgid ""
27473
27536
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
27474
27537
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
27480
27543
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
27481
27544
msgstr ""
27482
27545
27483
#: serverguide/C/dm-multipath.xml:1039(para)
27546
#: serverguide/C/dm-multipath.xml:1038(para)
27484
27547
msgid ""
27485
27548
"In addition, the following parameters may be overridden in this <emphasis "
27486
27549
"role=\"bold\">multipath</emphasis> section"
27487
27550
msgstr ""
27488
27551
27489
#: serverguide/C/dm-multipath.xml:1088(para)
27552
#: serverguide/C/dm-multipath.xml:1087(para)
27490
27553
msgid ""
27491
27554
"The following example shows multipath attributes specified in the "
27492
27555
"configuration file for two specific multipath devices. The first device has "
27501
27564
"are set to priorities."
27502
27565
msgstr ""
27503
27566
27504
#: serverguide/C/dm-multipath.xml:1098(screen)
27567
#: serverguide/C/dm-multipath.xml:1097(screen)
27505
27568
#, no-wrap
27506
27569
msgid ""
27507
27570
"\n"
27523
27586
"}\n"
27524
27587
msgstr ""
27525
27588
27526
#: serverguide/C/dm-multipath.xml:1119(title)
27589
#: serverguide/C/dm-multipath.xml:1118(title)
27527
27590
msgid "Configuration File Devices"
27528
27591
msgstr ""
27529
27592
27530
#: serverguide/C/dm-multipath.xml:1121(para)
27593
#: serverguide/C/dm-multipath.xml:1120(para)
27531
27594
msgid ""
27532
27595
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
27533
27596
"device-attributes-table\"/> shows the attributes that you can set for each "
27541
27604
"<filename>multipath.conf</filename> file."
27542
27605
msgstr ""
27543
27606
27544
#: serverguide/C/dm-multipath.xml:1132(para)
27607
#: serverguide/C/dm-multipath.xml:1131(para)
27545
27608
msgid ""
27546
27609
"Many devices that support multipathing are included by default in a "
27547
27610
"multipath configuration. The values for the devices that are supported by "
27555
27618
"the device and override the values that you want to change."
27556
27619
msgstr ""
27557
27620
27558
#: serverguide/C/dm-multipath.xml:1144(para)
27621
#: serverguide/C/dm-multipath.xml:1143(para)
27559
27622
msgid ""
27560
27623
"To add a device to this section of the configuration file that is not "
27561
27624
"configured automatically by default, you must set the <emphasis "
27567
27630
"device_name is the device to be multipathed, as in the following example:"
27568
27631
msgstr ""
27569
27632
27570
#: serverguide/C/dm-multipath.xml:1154(screen)
27633
#: serverguide/C/dm-multipath.xml:1153(screen)
27571
27634
#, no-wrap
27572
27635
msgid ""
27573
27636
"\n"
27577
27640
"SF2372\n"
27578
27641
msgstr ""
27579
27642
27580
#: serverguide/C/dm-multipath.xml:1161(para)
27643
#: serverguide/C/dm-multipath.xml:1160(para)
27581
27644
msgid ""
27582
27645
"The additional parameters to specify depend on your specific device. If the "
27583
27646
"device is active/active, you will usually not need to set additional "
27590
27653
"table\"/>."
27591
27654
msgstr ""
27592
27655
27593
#: serverguide/C/dm-multipath.xml:1171(para)
27656
#: serverguide/C/dm-multipath.xml:1170(para)
27594
27657
msgid ""
27595
27658
"If the device is active/passive, but it automatically switches paths with "
27596
27659
"I/O to the passive path, you need to change the checker function to one that "
27601
27664
"the Test Unit Ready command, which most do."
27602
27665
msgstr ""
27603
27666
27604
#: serverguide/C/dm-multipath.xml:1180(para)
27667
#: serverguide/C/dm-multipath.xml:1179(para)
27605
27668
msgid ""
27606
27669
"If the device needs a special command to switch paths, then configuring this "
27607
27670
"device for multipath requires a hardware handler kernel module. The current "
27609
27672
"device, you may not be able to configure the device for multipath."
27610
27673
msgstr ""
27611
27674
27612
#: serverguide/C/dm-multipath.xml:1189(para)
27675
#: serverguide/C/dm-multipath.xml:1188(para)
27613
27676
msgid ""
27614
27677
"In addition, the following parameters may be overridden in this <emphasis "
27615
27678
"role=\"bold\">device</emphasis> section"
27616
27679
msgstr ""
27617
27680
27618
#: serverguide/C/dm-multipath.xml:1264(para)
27681
#: serverguide/C/dm-multipath.xml:1263(para)
27619
27682
msgid ""
27620
27683
"Whenever a hardware_handler is specified, it is your responsibility to "
27621
27684
"ensure that the appropriate kernel module is loaded to support the specified "
27629
27692
"# update-initramfs -u -k all</screen>"
27630
27693
msgstr ""
27631
27694
27632
#: serverguide/C/dm-multipath.xml:1275(para)
27695
#: serverguide/C/dm-multipath.xml:1274(para)
27633
27696
msgid ""
27634
27697
"The following example shows a device entry in the multipath configuration "
27635
27698
"file."
27636
27699
msgstr ""
27637
27700
27638
#: serverguide/C/dm-multipath.xml:1278(screen)
27701
#: serverguide/C/dm-multipath.xml:1277(screen)
27639
27702
#, no-wrap
27640
27703
msgid ""
27641
27704
"\n"
27650
27713
"#}\n"
27651
27714
msgstr ""
27652
27715
27653
#: serverguide/C/dm-multipath.xml:1290(para)
27716
#: serverguide/C/dm-multipath.xml:1289(para)
27654
27717
msgid ""
27655
27718
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
27656
27719
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
27667
27730
"characters or spaces, as seen in the example above"
27668
27731
msgstr ""
27669
27732
27670
#: serverguide/C/dm-multipath.xml:1307(para)
27733
#: serverguide/C/dm-multipath.xml:1306(para)
27671
27734
msgid "vendor: 8 characters"
27672
27735
msgstr ""
27673
27736
27674
#: serverguide/C/dm-multipath.xml:1311(para)
27737
#: serverguide/C/dm-multipath.xml:1310(para)
27675
27738
msgid "product: 16 characters"
27676
27739
msgstr ""
27677
27740
27678
#: serverguide/C/dm-multipath.xml:1315(para)
27741
#: serverguide/C/dm-multipath.xml:1314(para)
27679
27742
msgid "revision: 4 characters"
27680
27743
msgstr ""
27681
27744
27682
#: serverguide/C/dm-multipath.xml:1319(para)
27745
#: serverguide/C/dm-multipath.xml:1318(para)
27683
27746
msgid ""
27684
27747
"To create a more robust configuration file, regular expressions can also be "
27685
27748
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
27688
27751
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27689
27752
msgstr ""
27690
27753
27691
#: serverguide/C/dm-multipath.xml:1326(screen)
27754
#: serverguide/C/dm-multipath.xml:1325(screen)
27692
27755
#, no-wrap
27693
27756
msgid "# echo 'show config' | multipathd -k"
27694
27757
msgstr ""
27695
27758
27696
#: serverguide/C/dm-multipath.xml:1331(title)
27759
#: serverguide/C/dm-multipath.xml:1330(title)
27697
27760
msgid "DM-Multipath Administration and Troubleshooting"
27698
27761
msgstr ""
27699
27762
27700
#: serverguide/C/dm-multipath.xml:1334(title)
27763
#: serverguide/C/dm-multipath.xml:1333(title)
27701
27764
msgid "Resizing an Online Multipath Device"
27702
27765
msgstr ""
27703
27766
27704
#: serverguide/C/dm-multipath.xml:1336(para)
27767
#: serverguide/C/dm-multipath.xml:1335(para)
27705
27768
msgid ""
27706
27769
"If you need to resize an online multipath device, use the following procedure"
27707
27770
msgstr ""
27708
27771
27709
#: serverguide/C/dm-multipath.xml:1341(para)
27772
#: serverguide/C/dm-multipath.xml:1340(para)
27710
27773
msgid "Resize your physical device. This is storage platform specific."
27711
27774
msgstr ""
27712
27775
27713
#: serverguide/C/dm-multipath.xml:1346(para)
27776
#: serverguide/C/dm-multipath.xml:1345(para)
27714
27777
msgid "Use the following command to find the paths to the LUN:"
27715
27778
msgstr ""
27716
27779
27717
#: serverguide/C/dm-multipath.xml:1348(screen)
27780
#: serverguide/C/dm-multipath.xml:1347(screen)
27718
27781
#, no-wrap
27719
27782
msgid "# multipath -l"
27720
27783
msgstr ""
27721
27784
27722
#: serverguide/C/dm-multipath.xml:1352(para)
27785
#: serverguide/C/dm-multipath.xml:1351(para)
27723
27786
msgid ""
27724
27787
"Resize your paths. For SCSI devices, writing 1 to the "
27725
27788
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27726
27789
"rescan, as in the following command:"
27727
27790
msgstr ""
27728
27791
27729
#: serverguide/C/dm-multipath.xml:1356(screen)
27792
#: serverguide/C/dm-multipath.xml:1355(screen)
27730
27793
#, no-wrap
27731
27794
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27732
27795
msgstr ""
27733
27796
27734
#: serverguide/C/dm-multipath.xml:1360(para)
27797
#: serverguide/C/dm-multipath.xml:1359(para)
27735
27798
msgid ""
27736
27799
"Resize your multipath device by running the multipathd resize command:"
27737
27800
msgstr ""
27738
27801
27739
#: serverguide/C/dm-multipath.xml:1363(screen)
27802
#: serverguide/C/dm-multipath.xml:1362(screen)
27740
27803
#, no-wrap
27741
27804
msgid "# multipathd -k 'resize map mpatha'"
27742
27805
msgstr ""
27743
27806
27744
#: serverguide/C/dm-multipath.xml:1367(para)
27807
#: serverguide/C/dm-multipath.xml:1366(para)
27745
27808
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27746
27809
msgstr ""
27747
27810
27748
#: serverguide/C/dm-multipath.xml:1370(screen)
27811
#: serverguide/C/dm-multipath.xml:1369(screen)
27749
27812
#, no-wrap
27750
27813
msgid "# resize2fs /dev/mapper/mpatha"
27751
27814
msgstr ""
27752
27815
27753
#: serverguide/C/dm-multipath.xml:1376(title)
27816
#: serverguide/C/dm-multipath.xml:1375(title)
27754
27817
msgid ""
27755
27818
"Moving root File Systems from a Single Path Device to a Multipath Device"
27756
27819
msgstr ""
27757
27820
27758
#: serverguide/C/dm-multipath.xml:1379(para)
27821
#: serverguide/C/dm-multipath.xml:1378(para)
27759
27822
msgid ""
27760
27823
"This is dramatically simplified by the use of UUIDs to identify devices as "
27761
27824
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27764
27827
"mounted by UUID."
27765
27828
msgstr ""
27766
27829
27767
#: serverguide/C/dm-multipath.xml:1386(para)
27830
#: serverguide/C/dm-multipath.xml:1385(para)
27768
27831
msgid ""
27769
27832
"Whenever <filename>multipath.conf</filename> is updated, so should the "
27770
27833
"initrd by executing <command>update-initramfs -u -k all</command>. The "
27773
27836
"blacklist and device sections."
27774
27837
msgstr ""
27775
27838
27776
#: serverguide/C/dm-multipath.xml:1395(title)
27839
#: serverguide/C/dm-multipath.xml:1394(title)
27777
27840
msgid ""
27778
27841
"Moving swap File Systems from a Single Path Device to a Multipath Device"
27779
27842
msgstr ""
27780
27843
27781
#: serverguide/C/dm-multipath.xml:1398(para)
27844
#: serverguide/C/dm-multipath.xml:1397(para)
27782
27845
msgid ""
27783
27846
"The procedure is exactly the same as illustrated in the previous section "
27784
27847
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
27786
27849
"Device</link>."
27787
27850
msgstr ""
27788
27851
27789
#: serverguide/C/dm-multipath.xml:1406(title)
27852
#: serverguide/C/dm-multipath.xml:1405(title)
27790
27853
msgid "The Multipath Daemon"
27791
27854
msgstr ""
27792
27855
27793
#: serverguide/C/dm-multipath.xml:1408(para)
27856
#: serverguide/C/dm-multipath.xml:1407(para)
27794
27857
msgid ""
27795
27858
"If you find you have trouble implementing a multipath configuration, you "
27796
27859
"should ensure the multipath daemon is running as described in <link "
27802
27865
"<command>multipathd</command> as a debugging aid."
27803
27866
msgstr ""
27804
27867
27805
#: serverguide/C/dm-multipath.xml:1448(title)
27868
#: serverguide/C/dm-multipath.xml:1447(title)
27806
27869
msgid "Issues with queue_if_no_path"
27807
27870
msgstr ""
27808
27871
27809
#: serverguide/C/dm-multipath.xml:1450(para)
27872
#: serverguide/C/dm-multipath.xml:1449(para)
27810
27873
msgid ""
27811
27874
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
27812
27875
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
27816
27879
"<filename>/etc/multipath.conf</filename>."
27817
27880
msgstr ""
27818
27881
27819
#: serverguide/C/dm-multipath.xml:1457(para)
27882
#: serverguide/C/dm-multipath.xml:1456(para)
27820
27883
msgid ""
27821
27884
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
27822
27885
"remove the <emphasis role=\"bold\">features \"1 "
27832
27895
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
27833
27896
msgstr ""
27834
27897
27835
#: serverguide/C/dm-multipath.xml:1471(para)
27898
#: serverguide/C/dm-multipath.xml:1470(para)
27836
27899
msgid ""
27837
27900
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
27838
27901
"option and you experience the issue noted here, use the "
27843
27906
"<option> \"fail_if_no_path\"</option>, execute the following command."
27844
27907
msgstr ""
27845
27908
27846
#: serverguide/C/dm-multipath.xml:1480(screen)
27909
#: serverguide/C/dm-multipath.xml:1479(screen)
27847
27910
#, no-wrap
27848
27911
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
27849
27912
msgstr ""
27850
27913
27851
#: serverguide/C/dm-multipath.xml:1483(para)
27914
#: serverguide/C/dm-multipath.xml:1482(para)
27852
27915
msgid ""
27853
27916
"You must specify the <filename>mpathN</filename> alias rather than the path"
27854
27917
msgstr ""
27855
27918
27856
#: serverguide/C/dm-multipath.xml:1489(title)
27919
#: serverguide/C/dm-multipath.xml:1488(title)
27857
27920
msgid "Multipath Command Output"
27858
27921
msgstr ""
27859
27922
27860
#: serverguide/C/dm-multipath.xml:1491(para)
27923
#: serverguide/C/dm-multipath.xml:1490(para)
27861
27924
msgid ""
27862
27925
"When you create, modify, or list a multipath device, you get a printout of "
27863
27926
"the current device setup. The format is as follows. For each multipath "
27864
27927
"device:"
27865
27928
msgstr ""
27866
27929
27867
#: serverguide/C/dm-multipath.xml:1495(screen)
27930
#: serverguide/C/dm-multipath.xml:1494(screen)
27868
27931
#, no-wrap
27869
27932
msgid ""
27870
27933
" action_if_any: alias (wwid_if_different_from_alias) "
27873
27936
"wp=write_permission_if_known"
27874
27937
msgstr ""
27875
27938
27876
#: serverguide/C/dm-multipath.xml:1498(para)
27939
#: serverguide/C/dm-multipath.xml:1497(para)
27877
27940
msgid "For each path group:"
27878
27941
msgstr ""
27879
27942
27880
#: serverguide/C/dm-multipath.xml:1500(screen)
27943
#: serverguide/C/dm-multipath.xml:1499(screen)
27881
27944
#, no-wrap
27882
27945
msgid ""
27883
27946
" -+- policy='scheduling_policy' prio=prio_if_known\n"
27884
27947
" status=path_group_status_if_known"
27885
27948
msgstr ""
27886
27949
27887
#: serverguide/C/dm-multipath.xml:1503(para)
27950
#: serverguide/C/dm-multipath.xml:1502(para)
27888
27951
msgid "For each path:"
27889
27952
msgstr ""
27890
27953
27891
#: serverguide/C/dm-multipath.xml:1505(screen)
27954
#: serverguide/C/dm-multipath.xml:1504(screen)
27892
27955
#, no-wrap
27893
27956
msgid ""
27894
27957
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
27896
27959
" online_status"
27897
27960
msgstr ""
27898
27961
27899
#: serverguide/C/dm-multipath.xml:1508(para)
27962
#: serverguide/C/dm-multipath.xml:1507(para)
27900
27963
msgid ""
27901
27964
"For example, the output of a multipath command might appear as follows:"
27902
27965
msgstr ""
27903
27966
27904
#: serverguide/C/dm-multipath.xml:1511(screen)
27967
#: serverguide/C/dm-multipath.xml:1510(screen)
27905
27968
#, no-wrap
27906
27969
msgid ""
27907
27970
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
27912
27975
" `- 7:0:0:0 sdf 8:80 active ready running"
27913
27976
msgstr ""
27914
27977
27915
#: serverguide/C/dm-multipath.xml:1518(para)
27978
#: serverguide/C/dm-multipath.xml:1517(para)
27916
27979
msgid ""
27917
27980
"If the path is up and ready for I/O, the status of the path is <emphasis "
27918
27981
"role=\"bold\">ready</emphasis> or <emphasis "
27923
27986
"defined in the <filename>/etc/multipath.conf</filename> file."
27924
27987
msgstr ""
27925
27988
27926
#: serverguide/C/dm-multipath.xml:1526(para)
27989
#: serverguide/C/dm-multipath.xml:1525(para)
27927
27990
msgid ""
27928
27991
"The dm status is similar to the path status, but from the kernel's point of "
27929
27992
"view. The dm status has two states: <emphasis "
27934
27997
"not agree."
27935
27998
msgstr ""
27936
27999
27937
#: serverguide/C/dm-multipath.xml:1534(para)
28000
#: serverguide/C/dm-multipath.xml:1533(para)
27938
28001
msgid ""
27939
28002
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
27940
28003
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
27943
28006
"disabled."
27944
28007
msgstr ""
27945
28008
27946
#: serverguide/C/dm-multipath.xml:1542(para)
28009
#: serverguide/C/dm-multipath.xml:1541(para)
27947
28010
msgid ""
27948
28011
"When a multipath device is being created or modified , the path group "
27949
28012
"status, the dm device name, the write permissions, and the dm status are not "
27950
28013
"known. Also, the features are not always correct"
27951
28014
msgstr ""
27952
28015
27953
#: serverguide/C/dm-multipath.xml:1549(title)
28016
#: serverguide/C/dm-multipath.xml:1548(title)
27954
28017
msgid "Multipath Queries with multipath Command"
27955
28018
msgstr ""
27956
28019
27957
#: serverguide/C/dm-multipath.xml:1551(para)
28020
#: serverguide/C/dm-multipath.xml:1550(para)
27958
28021
msgid ""
27959
28022
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
27960
28023
"role=\"bold\">-ll</emphasis> options of the <emphasis "
27966
28029
"available components of the system."
27967
28030
msgstr ""
27968
28031
27969
#: serverguide/C/dm-multipath.xml:1560(para)
28032
#: serverguide/C/dm-multipath.xml:1559(para)
27970
28033
msgid ""
27971
28034
"When displaying the multipath configuration, there are three verbosity "
27972
28035
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
27977
28040
"v2</emphasis> prints all detected paths, multipaths, and device maps."
27978
28041
msgstr ""
27979
28042
27980
#: serverguide/C/dm-multipath.xml:1570(para)
28043
#: serverguide/C/dm-multipath.xml:1569(para)
27981
28044
msgid ""
27982
28045
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
27983
28046
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
27986
28049
"of <filename>multipath.conf</filename>."
27987
28050
msgstr ""
27988
28051
27989
#: serverguide/C/dm-multipath.xml:1577(para)
28052
#: serverguide/C/dm-multipath.xml:1576(para)
27990
28053
msgid ""
27991
28054
"The following example shows the output of a <emphasis "
27992
28055
"role=\"bold\">multipath -l</emphasis> command."
27993
28056
msgstr ""
27994
28057
27995
#: serverguide/C/dm-multipath.xml:1580(screen)
28058
#: serverguide/C/dm-multipath.xml:1579(screen)
27996
28059
#, no-wrap
27997
28060
msgid ""
27998
28061
"# multipath -l\n"
28004
28067
" `- 7:0:0:0 sdf 8:80 active ready running"
28005
28068
msgstr ""
28006
28069
28007
#: serverguide/C/dm-multipath.xml:1588(para)
28070
#: serverguide/C/dm-multipath.xml:1587(para)
28008
28071
msgid ""
28009
28072
"The following example shows the output of a <emphasis "
28010
28073
"role=\"bold\">multipath -ll</emphasis> command."
28011
28074
msgstr ""
28012
28075
28013
#: serverguide/C/dm-multipath.xml:1591(screen)
28076
#: serverguide/C/dm-multipath.xml:1590(screen)
28014
28077
#, no-wrap
28015
28078
msgid ""
28016
28079
"# multipath -ll\n"
28027
28090
" `- 18:0:0:3 sdj 8:144 active ready running"
28028
28091
msgstr ""
28029
28092
28030
#: serverguide/C/dm-multipath.xml:1606(title)
28093
#: serverguide/C/dm-multipath.xml:1605(title)
28031
28094
msgid "Multipath Command Options"
28032
28095
msgstr ""
28033
28096
28034
#: serverguide/C/dm-multipath.xml:1608(para)
28097
#: serverguide/C/dm-multipath.xml:1607(para)
28035
28098
msgid ""
28036
28099
"Table <xref endterm=\"useful-multipath-command-options-title\" "
28037
28100
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
28039
28102
"useful."
28040
28103
msgstr ""
28041
28104
28042
#: serverguide/C/dm-multipath.xml:1614(title)
28105
#: serverguide/C/dm-multipath.xml:1613(title)
28043
28106
msgid "Useful multipath Command Options"
28044
28107
msgstr ""
28045
28108
28046
#: serverguide/C/dm-multipath.xml:1623(entry)
28109
#: serverguide/C/dm-multipath.xml:1622(entry)
28047
28110
msgid "Option"
28048
28111
msgstr ""
28049
28112
28050
#: serverguide/C/dm-multipath.xml:1630(emphasis)
28113
#: serverguide/C/dm-multipath.xml:1629(emphasis)
28051
28114
msgid "-l"
28052
28115
msgstr ""
28053
28116
28054
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
28117
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
28055
28118
msgid "sysfs"
28056
28119
msgstr ""
28057
28120
28058
#: serverguide/C/dm-multipath.xml:1631(entry)
28121
#: serverguide/C/dm-multipath.xml:1630(entry)
28059
28122
msgid ""
28060
28123
"Display the current multipath configuration gathered from <placeholder-1/> "
28061
28124
"and the device mapper."
28062
28125
msgstr ""
28063
28126
28064
#: serverguide/C/dm-multipath.xml:1637(emphasis)
28127
#: serverguide/C/dm-multipath.xml:1636(emphasis)
28065
28128
msgid "-ll"
28066
28129
msgstr ""
28067
28130
28068
#: serverguide/C/dm-multipath.xml:1638(entry)
28131
#: serverguide/C/dm-multipath.xml:1637(entry)
28069
28132
msgid ""
28070
28133
"Display the current multipath configuration gathered from <placeholder-1/>, "
28071
28134
"the device mapper, and all other available components on the system."
28072
28135
msgstr ""
28073
28136
28074
#: serverguide/C/dm-multipath.xml:1644(emphasis)
28137
#: serverguide/C/dm-multipath.xml:1643(emphasis)
28075
28138
msgid "-f device"
28076
28139
msgstr ""
28077
28140
28078
#: serverguide/C/dm-multipath.xml:1645(entry)
28141
#: serverguide/C/dm-multipath.xml:1644(entry)
28079
28142
msgid "Remove the named multipath device."
28080
28143
msgstr ""
28081
28144
28082
#: serverguide/C/dm-multipath.xml:1649(emphasis)
28145
#: serverguide/C/dm-multipath.xml:1648(emphasis)
28083
28146
msgid "-F"
28084
28147
msgstr ""
28085
28148
28086
#: serverguide/C/dm-multipath.xml:1650(entry)
28149
#: serverguide/C/dm-multipath.xml:1649(entry)
28087
28150
msgid "Remove all unused multipath devices."
28088
28151
msgstr ""
28089
28152
28090
#: serverguide/C/dm-multipath.xml:1658(title)
28153
#: serverguide/C/dm-multipath.xml:1657(title)
28091
28154
msgid "Determining Device Mapper Entries with dmsetup Command"
28092
28155
msgstr ""
28093
28156
28094
#: serverguide/C/dm-multipath.xml:1660(para)
28157
#: serverguide/C/dm-multipath.xml:1659(para)
28095
28158
msgid ""
28096
28159
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
28097
28160
"out which device mapper entries match the <emphasis "
28098
28161
"role=\"bold\">multipathed</emphasis> devices."
28099
28162
msgstr ""
28100
28163
28101
#: serverguide/C/dm-multipath.xml:1664(para)
28164
#: serverguide/C/dm-multipath.xml:1663(para)
28102
28165
msgid ""
28103
28166
"The following command displays all the device mapper devices and their major "
28104
28167
"and minor numbers. The minor numbers determine the name of the dm device. "
28107
28170
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
28108
28171
msgstr ""
28109
28172
28110
#: serverguide/C/dm-multipath.xml:1670(screen)
28173
#: serverguide/C/dm-multipath.xml:1669(screen)
28111
28174
#, no-wrap
28112
28175
msgid ""
28113
28176
"\n"
28130
28193
" "
28131
28194
msgstr ""
28132
28195
28133
#: serverguide/C/dm-multipath.xml:1691(title)
28196
#: serverguide/C/dm-multipath.xml:1690(title)
28134
28197
msgid "Troubleshooting with the multipathd interactive console"
28135
28198
msgstr ""
28136
28199
28137
#: serverguide/C/dm-multipath.xml:1693(para)
28200
#: serverguide/C/dm-multipath.xml:1692(para)
28138
28201
msgid ""
28139
28202
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
28140
28203
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
28144
28207
"role=\"bold\">CTRL-D</emphasis> to quit."
28145
28208
msgstr ""
28146
28209
28147
#: serverguide/C/dm-multipath.xml:1700(para)
28210
#: serverguide/C/dm-multipath.xml:1699(para)
28148
28211
msgid ""
28149
28212
"The multipathd interactive console can be used to troubleshoot problems you "
28150
28213
"may be having with your system. For example, the following command sequence "
28154
28217
"Multipathd\"</ulink> for more examples."
28155
28218
msgstr ""
28156
28219
28157
#: serverguide/C/dm-multipath.xml:1707(screen)
28220
#: serverguide/C/dm-multipath.xml:1706(screen)
28158
28221
#, no-wrap
28159
28222
msgid ""
28160
28223
"# multipathd -k\n"
28162
28225
" > > CTRL-D"
28163
28226
msgstr ""
28164
28227
28165
#: serverguide/C/dm-multipath.xml:1711(para)
28228
#: serverguide/C/dm-multipath.xml:1710(para)
28166
28229
msgid ""
28167
28230
"The following command sequence ensures that multipath has picked up any "
28168
28231
"changes to the multipath.conf,"
28169
28232
msgstr ""
28170
28233
28171
#: serverguide/C/dm-multipath.xml:1714(screen)
28234
#: serverguide/C/dm-multipath.xml:1713(screen)
28172
28235
#, no-wrap
28173
28236
msgid ""
28174
28237
"\n"
28177
28240
"> > CTRL-D\n"
28178
28241
msgstr ""
28179
28242
28180
#: serverguide/C/dm-multipath.xml:1720(para)
28243
#: serverguide/C/dm-multipath.xml:1719(para)
28181
28244
msgid ""
28182
28245
"Use the following command sequence to ensure that the path checker is "
28183
28246
"working properly."
28184
28247
msgstr ""
28185
28248
28186
#: serverguide/C/dm-multipath.xml:1723(screen)
28249
#: serverguide/C/dm-multipath.xml:1722(screen)
28187
28250
#, no-wrap
28188
28251
msgid ""
28189
28252
"\n"
28192
28255
"> > CTRL-D\n"
28193
28256
msgstr ""
28194
28257
28195
#: serverguide/C/dm-multipath.xml:1729(para)
28258
#: serverguide/C/dm-multipath.xml:1728(para)
28196
28259
msgid ""
28197
28260
"Commands can also be streamed into multipathd using stdin like so:<screen># "
28198
28261
"echo 'show config' | multipathd -k</screen>"
28206
28269
msgid "Ubuntu provides two popular database servers. They are:"
28207
28270
msgstr ""
28208
28271
28209
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
28272
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
28210
28273
msgid "MySQL"
28211
28274
msgstr "MySQL"
28212
28275
28213
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
28276
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
28214
28277
msgid "PostgreSQL"
28215
28278
msgstr "PostgreSQL"
28216
28279
28232
28295
msgstr ""
28233
28296
"Untuk menginstal MySQL, jalankan perintah berikut dari terminal prompt:"
28234
28297
28235
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
28298
#: serverguide/C/databases.xml:42(command)
28236
28299
msgid "sudo apt-get install mysql-server"
28237
28300
msgstr ""
28238
28301
28239
#: serverguide/C/databases.xml:51(para)
28302
#: serverguide/C/databases.xml:44(para)
28240
28303
msgid ""
28241
28304
"During the installation process you will be prompted to enter a password for "
28242
28305
"the MySQL root user."
28243
28306
msgstr ""
28244
28307
28245
#: serverguide/C/databases.xml:55(para)
28308
#: serverguide/C/databases.xml:48(para)
28246
28309
msgid ""
28247
28310
"Once the installation is complete, the MySQL server should be started "
28248
28311
"automatically. You can run the following command from a terminal prompt to "
28249
28312
"check whether the MySQL server is running:"
28250
28313
msgstr ""
28251
28314
28252
#: serverguide/C/databases.xml:62(command)
28315
#: serverguide/C/databases.xml:55(command)
28253
28316
msgid "sudo netstat -tap | grep mysql"
28254
28317
msgstr "sudo netstat -tap | grep mysql"
28255
28318
28256
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
28319
#: serverguide/C/databases.xml:58(para)
28257
28320
msgid ""
28258
28321
"When you run this command, you should see the following line or something "
28259
28322
"similar:"
28261
28324
"Ketika Anda menjalankan perintah ini, Anda akan melihat baris berikut atau "
28262
28325
"yang agak mirip:"
28263
28326
28264
#: serverguide/C/databases.xml:69(programlisting)
28327
#: serverguide/C/databases.xml:62(programlisting)
28265
28328
#, no-wrap
28266
28329
msgid ""
28267
28330
"\n"
28269
28332
"2556/mysqld\n"
28270
28333
msgstr ""
28271
28334
28272
#: serverguide/C/databases.xml:72(para)
28335
#: serverguide/C/databases.xml:65(para)
28273
28336
msgid ""
28274
28337
"If the server is not running correctly, you can type the following command "
28275
28338
"to start it:"
28277
28340
"Jika server tidak berjalan dengan benar, Anda dapat mengetik perintah "
28278
28341
"berikut untuk menjalankannya:"
28279
28342
28280
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
28343
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
28281
28344
msgid "sudo service mysql restart"
28282
28345
msgstr ""
28283
28346
28284
#: serverguide/C/databases.xml:81(para)
28347
#: serverguide/C/databases.xml:74(para)
28285
28348
msgid ""
28286
28349
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
28287
28350
"the basic settings -- log file, port number, etc. For example, to configure "
28289
28352
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
28290
28353
msgstr ""
28291
28354
28292
#: serverguide/C/databases.xml:87(programlisting)
28355
#: serverguide/C/databases.xml:80(programlisting)
28293
28356
#, no-wrap
28294
28357
msgid ""
28295
28358
"\n"
28296
28359
"bind-address = 192.168.0.5\n"
28297
28360
msgstr ""
28298
28361
28299
#: serverguide/C/databases.xml:91(para)
28362
#: serverguide/C/databases.xml:84(para)
28300
28363
msgid "Replace 192.168.0.5 with the appropriate address."
28301
28364
msgstr ""
28302
28365
28303
#: serverguide/C/databases.xml:95(para)
28366
#: serverguide/C/databases.xml:88(para)
28304
28367
msgid ""
28305
28368
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28306
28369
"daemon will need to be restarted:"
28307
28370
msgstr ""
28308
28371
28309
#: serverguide/C/databases.xml:102(para)
28372
#: serverguide/C/databases.xml:95(para)
28310
28373
msgid ""
28311
28374
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28312
28375
"a terminal enter:"
28313
28376
msgstr ""
28314
28377
28315
#: serverguide/C/databases.xml:107(command)
28378
#: serverguide/C/databases.xml:100(command)
28316
28379
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28317
28380
msgstr ""
28318
28381
28319
#: serverguide/C/databases.xml:109(para)
28382
#: serverguide/C/databases.xml:102(para)
28320
28383
msgid ""
28321
28384
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28322
28385
"password."
28323
28386
msgstr ""
28324
28387
28325
#: serverguide/C/databases.xml:114(title)
28388
#: serverguide/C/databases.xml:107(title)
28326
28389
msgid "Database Engines"
28327
28390
msgstr ""
28328
28391
28329
#: serverguide/C/databases.xml:115(para)
28392
#: serverguide/C/databases.xml:108(para)
28330
28393
msgid ""
28331
28394
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28332
28395
"perfectly functional and performs well there are things you may wish to "
28333
28396
"consider before you proceed."
28334
28397
msgstr ""
28335
28398
28336
#: serverguide/C/databases.xml:119(para)
28399
#: serverguide/C/databases.xml:112(para)
28337
28400
msgid ""
28338
28401
"MySQL is designed to allow data to be stored in different ways. These "
28339
28402
"methods are referred to as either database or storage engines. There are two "
28343
28406
"use, you will interact with the database in the same way."
28344
28407
msgstr ""
28345
28408
28346
#: serverguide/C/databases.xml:126(para)
28409
#: serverguide/C/databases.xml:119(para)
28347
28410
msgid "Each engine has its own advantages and disadvantages."
28348
28411
msgstr ""
28349
28412
28350
#: serverguide/C/databases.xml:129(para)
28413
#: serverguide/C/databases.xml:122(para)
28351
28414
msgid ""
28352
28415
"While it is possible, and may be advantageous to mix and match database "
28353
28416
"engines on a table level, doing so reduces the effectiveness of the "
28355
28418
"two engines instead of dedicating them to one."
28356
28419
msgstr ""
28357
28420
28358
#: serverguide/C/databases.xml:136(para)
28421
#: serverguide/C/databases.xml:129(para)
28359
28422
msgid ""
28360
28423
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
28361
28424
"circumstances and favours a read only workload. Some web applications have "
28371
28434
"production/\">MyISAM on a production database</ulink>."
28372
28435
msgstr ""
28373
28436
28374
#: serverguide/C/databases.xml:150(para)
28437
#: serverguide/C/databases.xml:143(para)
28375
28438
msgid ""
28376
28439
"InnoDB is a more modern database engine, designed to be <ulink "
28377
28440
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
28384
28447
"reliable data recovery as data consistency can be checked."
28385
28448
msgstr ""
28386
28449
28387
#: serverguide/C/databases.xml:163(para)
28450
#: serverguide/C/databases.xml:156(para)
28388
28451
msgid ""
28389
28452
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
28390
28453
"MyISAM unless you have specific need for features unique to the engine."
28391
28454
msgstr ""
28392
28455
28393
#: serverguide/C/databases.xml:170(title)
28456
#: serverguide/C/databases.xml:163(title)
28394
28457
msgid "Creating a tuned my.cnf file"
28395
28458
msgstr ""
28396
28459
28397
#: serverguide/C/databases.xml:171(para)
28460
#: serverguide/C/databases.xml:164(para)
28398
28461
msgid ""
28399
28462
"There are a number of parameters that can be adjusted within MySQL's "
28400
28463
"configuration file that will allow you to improve the performance of the "
28447
28510
"</screen> Once that is complete all is good to go!"
28448
28511
msgstr ""
28449
28512
28450
#: serverguide/C/databases.xml:213(para)
28513
#: serverguide/C/databases.xml:206(para)
28451
28514
msgid ""
28452
28515
"This is not necessary for all my.cnf changes. Most of the variables you may "
28453
28516
"wish to change to improve performance are adjustable even whilst the server "
28455
28518
"files and data before making changes."
28456
28519
msgstr ""
28457
28520
28458
#: serverguide/C/databases.xml:222(title)
28521
#: serverguide/C/databases.xml:215(title)
28459
28522
msgid "MySQL Tuner"
28460
28523
msgstr ""
28461
28524
28462
#: serverguide/C/databases.xml:223(para)
28525
#: serverguide/C/databases.xml:216(para)
28463
28526
msgid ""
28464
28527
"<application>MySQL Tuner</application> is a useful tool that will connect to "
28465
28528
"a running MySQL instance and offer suggestions for how it can be best "
28491
28554
"</screen>"
28492
28555
msgstr ""
28493
28556
28494
#: serverguide/C/databases.xml:257(para)
28557
#: serverguide/C/databases.xml:250(para)
28495
28558
msgid ""
28496
28559
"One final comment on tuning databases: Whilst we can broadly say that "
28497
28560
"certain settings are the best, performance can vary from application to "
28506
28569
"either using more powerful hardware or by adding slave servers."
28507
28570
msgstr ""
28508
28571
28509
#: serverguide/C/databases.xml:274(para)
28572
#: serverguide/C/databases.xml:267(para)
28510
28573
msgid ""
28511
28574
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
28512
28575
"more information."
28513
28576
msgstr ""
28514
28577
28515
#: serverguide/C/databases.xml:279(para)
28578
#: serverguide/C/databases.xml:272(para)
28516
28579
msgid ""
28517
28580
"Full documentation is available in both online and offline formats from the "
28518
28581
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
28519
28582
msgstr ""
28520
28583
28521
#: serverguide/C/databases.xml:285(para)
28584
#: serverguide/C/databases.xml:278(para)
28522
28585
msgid ""
28523
28586
"For general SQL information see <ulink "
28524
28587
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
28525
28588
"SQL Special Edition</ulink> by Rafe Colburn."
28526
28589
msgstr ""
28527
28590
28528
#: serverguide/C/databases.xml:291(para)
28591
#: serverguide/C/databases.xml:284(para)
28529
28592
msgid ""
28530
28593
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
28531
28594
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
28544
28607
"in the command prompt:"
28545
28608
msgstr ""
28546
28609
28547
#: serverguide/C/databases.xml:314(command)
28610
#: serverguide/C/databases.xml:307(command)
28548
28611
msgid "sudo apt-get install postgresql"
28549
28612
msgstr "sudo apt-get install postgresql"
28550
28613
28591
28654
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
28592
28655
msgstr ""
28593
28656
28594
#: serverguide/C/databases.xml:346(para)
28657
#: serverguide/C/databases.xml:339(para)
28595
28658
msgid ""
28596
28659
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
28597
28660
"change it to:"
28623
28686
"default <application>PostgreSQL</application> template database:"
28624
28687
msgstr ""
28625
28688
28626
#: serverguide/C/databases.xml:370(command)
28689
#: serverguide/C/databases.xml:362(command)
28627
28690
msgid "sudo -u postgres psql template1"
28628
28691
msgstr ""
28629
28692
28637
28700
"user <emphasis role=\"italics\">postgres</emphasis>."
28638
28701
msgstr ""
28639
28702
28640
#: serverguide/C/databases.xml:380(command)
28703
#: serverguide/C/databases.xml:372(command)
28641
28704
msgid "ALTER USER postgres with encrypted password 'your_password';"
28642
28705
msgstr ""
28643
28706
28649
28712
"<emphasis>postgres</emphasis> user:"
28650
28713
msgstr ""
28651
28714
28652
#: serverguide/C/databases.xml:388(programlisting)
28715
#: serverguide/C/databases.xml:380(programlisting)
28653
28716
#, no-wrap
28654
28717
msgid ""
28655
28718
"\n"
28656
28719
"local all postgres md5\n"
28657
28720
msgstr ""
28658
28721
28659
#: serverguide/C/databases.xml:392(para)
28722
#: serverguide/C/databases.xml:384(para)
28660
28723
msgid ""
28661
28724
"Finally, you should restart the <application>PostgreSQL</application> "
28662
28725
"service to initialize the new configuration. From a terminal prompt enter "
28692
28755
msgid "Replace the domain name with your actual server domain name."
28693
28756
msgstr ""
28694
28757
28695
#: serverguide/C/backups.xml:11(title)
28758
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28696
28759
msgid "Backups"
28697
28760
msgstr ""
28698
28761
28723
28786
"9.1/html/index.html</command> into the address bar of your browser."
28724
28787
msgstr ""
28725
28788
28726
#: serverguide/C/databases.xml:426(para)
28789
#: serverguide/C/databases.xml:436(para)
28727
28790
msgid ""
28728
28791
"For general SQL information see <ulink "
28729
28792
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
28730
28793
"Special Edition</ulink> by Rafe Colburn."
28731
28794
msgstr ""
28732
28795
28733
#: serverguide/C/databases.xml:432(para)
28796
#: serverguide/C/databases.xml:442(para)
28734
28797
msgid ""
28735
28798
"Also, see the <ulink "
28736
28799
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
29363
29426
#: serverguide/C/cgroups.xml:113(para)
29364
29427
msgid ""
29365
29428
"and tasks can be moved into the new child cgroup by writing their process "
29366
"ids into the 'tasks' or 'cgroup.procs' file:"
29429
"IDs into the 'tasks' or 'cgroup.procs' file:"
29367
29430
msgstr ""
29368
29431
29369
29432
#: serverguide/C/cgroups.xml:118(command)
29370
msgid "sleep 100 echo $! > /cgroup1/child1/cgroup.procs"
29433
msgid "sleep 100 & echo $! > /cgroup1/child1/cgroup.procs"
29371
29434
msgstr ""
29372
29435
29373
29436
#: serverguide/C/cgroups.xml:123(para)
29531
29594
#, no-wrap
29532
29595
msgid ""
29533
29596
"\n"
29534
"#!/bin/sh\n"
29597
"#!/bin/bash\n"
29535
29598
"####################################\n"
29536
29599
"#\n"
29537
29600
"# Backup to NFS mount script.\n"
29656
29719
#: serverguide/C/backups.xml:153(para)
29657
29720
msgid ""
29658
29721
"The simplest way of executing the above backup script is to copy and paste "
29659
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29660
"from a terminal prompt:"
29722
"the contents into a file. <filename>backup.sh</filename> for example. The "
29723
"file must be made executable:"
29661
29724
msgstr ""
29662
29725
29663
29726
#: serverguide/C/backups.xml:158(command)
29664
msgid "sudo bash backup.sh"
29727
msgid "chmod u+x backup.sh"
29665
29728
msgstr ""
29666
29729
29667
29730
#: serverguide/C/backups.xml:160(para)
29731
msgid "Then from a terminal prompt:"
29732
msgstr ""
29733
29734
#: serverguide/C/backups.xml:164(command)
29735
msgid "sudo ./backup.sh"
29736
msgstr ""
29737
29738
#: serverguide/C/backups.xml:166(para)
29668
29739
msgid ""
29669
29740
"This is a great way to test the script to make sure everything works as "
29670
29741
"expected."
29671
29742
msgstr ""
29672
29743
29673
#: serverguide/C/backups.xml:165(title)
29744
#: serverguide/C/backups.xml:171(title)
29674
29745
msgid "Executing with cron"
29675
29746
msgstr ""
29676
29747
29677
#: serverguide/C/backups.xml:166(para)
29748
#: serverguide/C/backups.xml:172(para)
29678
29749
msgid ""
29679
29750
"The <application>cron</application> utility can be used to automate the "
29680
29751
"script execution. The <application>cron</application> daemon allows the "
29681
29752
"execution of scripts, or commands, at a specified time and date."
29682
29753
msgstr ""
29683
29754
29684
#: serverguide/C/backups.xml:170(para)
29755
#: serverguide/C/backups.xml:176(para)
29685
29756
msgid ""
29686
29757
"<application>cron</application> is configured through entries in a "
29687
29758
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29688
29759
"separated into fields:"
29689
29760
msgstr ""
29690
29761
29691
#: serverguide/C/backups.xml:174(programlisting)
29762
#: serverguide/C/backups.xml:180(programlisting)
29692
29763
#, no-wrap
29693
29764
msgid ""
29694
29765
"\n"
29695
29766
"# m h dom mon dow command\n"
29696
29767
msgstr ""
29697
29768
29698
#: serverguide/C/backups.xml:179(para)
29769
#: serverguide/C/backups.xml:185(para)
29699
29770
msgid ""
29700
29771
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29701
29772
msgstr ""
29702
29773
29703
#: serverguide/C/backups.xml:184(para)
29774
#: serverguide/C/backups.xml:190(para)
29704
29775
msgid ""
29705
29776
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29706
29777
msgstr ""
29707
29778
29708
#: serverguide/C/backups.xml:189(para)
29779
#: serverguide/C/backups.xml:195(para)
29709
29780
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29710
29781
msgstr ""
29711
29782
29712
#: serverguide/C/backups.xml:194(para)
29783
#: serverguide/C/backups.xml:200(para)
29713
29784
msgid ""
29714
29785
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29715
29786
"12."
29716
29787
msgstr ""
29717
29788
29718
#: serverguide/C/backups.xml:199(para)
29789
#: serverguide/C/backups.xml:205(para)
29719
29790
msgid ""
29720
29791
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29721
29792
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29722
29793
"valid."
29723
29794
msgstr ""
29724
29795
29725
#: serverguide/C/backups.xml:204(para)
29796
#: serverguide/C/backups.xml:210(para)
29726
29797
msgid "<emphasis>command:</emphasis> the command to execute."
29727
29798
msgstr ""
29728
29799
29729
#: serverguide/C/backups.xml:209(para)
29800
#: serverguide/C/backups.xml:215(para)
29730
29801
msgid ""
29731
29802
"To add or change entries in a <filename>crontab</filename> file the "
29732
29803
"<application>crontab -e</application> command should be used. Also, the "
29734
29805
"<application>crontab -l</application> command."
29735
29806
msgstr ""
29736
29807
29737
#: serverguide/C/backups.xml:213(para)
29808
#: serverguide/C/backups.xml:219(para)
29738
29809
msgid ""
29739
29810
"To execute the <application>backup.sh</application> script listed above "
29740
29811
"using <application>cron</application>. Enter the following from a terminal "
29741
29812
"prompt:"
29742
29813
msgstr ""
29743
29814
29744
#: serverguide/C/backups.xml:218(command)
29815
#: serverguide/C/backups.xml:224(command)
29745
29816
msgid "sudo crontab -e"
29746
29817
msgstr ""
29747
29818
29748
#: serverguide/C/backups.xml:221(para)
29819
#: serverguide/C/backups.xml:227(para)
29749
29820
msgid ""
29750
29821
"Using <application>sudo</application> with the <application>crontab -"
29751
29822
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
29753
29824
"access to."
29754
29825
msgstr ""
29755
29826
29756
#: serverguide/C/backups.xml:226(para)
29827
#: serverguide/C/backups.xml:232(para)
29757
29828
msgid "Add the following entry to the <filename>crontab</filename> file:"
29758
29829
msgstr ""
29759
29830
29760
#: serverguide/C/backups.xml:229(programlisting)
29831
#: serverguide/C/backups.xml:235(programlisting)
29761
29832
#, no-wrap
29762
29833
msgid ""
29763
29834
"\n"
29765
29836
"0 0 * * * bash /usr/local/bin/backup.sh\n"
29766
29837
msgstr ""
29767
29838
29768
#: serverguide/C/backups.xml:233(para)
29839
#: serverguide/C/backups.xml:239(para)
29769
29840
msgid ""
29770
29841
"The <application>backup.sh</application> script will now be executed every "
29771
29842
"day at 12:00 am."
29772
29843
msgstr ""
29773
29844
29774
#: serverguide/C/backups.xml:237(para)
29845
#: serverguide/C/backups.xml:243(para)
29775
29846
msgid ""
29776
29847
"The <application>backup.sh</application> script will need to be copied to "
29777
29848
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
29779
29850
"simply change the script path appropriately."
29780
29851
msgstr ""
29781
29852
29782
#: serverguide/C/backups.xml:242(para)
29853
#: serverguide/C/backups.xml:248(para)
29783
29854
msgid ""
29784
29855
"For more in-depth <application>crontab</application> options see <xref "
29785
29856
"linkend=\"backup-shellscript-references\"/>."
29786
29857
msgstr ""
29787
29858
29788
#: serverguide/C/backups.xml:248(title)
29859
#: serverguide/C/backups.xml:254(title)
29789
29860
msgid "Restoring from the Archive"
29790
29861
msgstr ""
29791
29862
29792
#: serverguide/C/backups.xml:249(para)
29863
#: serverguide/C/backups.xml:255(para)
29793
29864
msgid ""
29794
29865
"Once an archive has been created it is important to test the archive. The "
29795
29866
"archive can be tested by listing the files it contains, but the best test is "
29796
29867
"to <emphasis>restore</emphasis> a file from the archive."
29797
29868
msgstr ""
29798
29869
29799
#: serverguide/C/backups.xml:255(para)
29870
#: serverguide/C/backups.xml:261(para)
29800
29871
msgid ""
29801
29872
"To see a listing of the archive contents. From a terminal prompt type:"
29802
29873
msgstr ""
29803
29874
29804
#: serverguide/C/backups.xml:259(command)
29875
#: serverguide/C/backups.xml:265(command)
29805
29876
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29806
29877
msgstr ""
29807
29878
29808
#: serverguide/C/backups.xml:263(para)
29879
#: serverguide/C/backups.xml:269(para)
29809
29880
msgid "To restore a file from the archive to a different directory enter:"
29810
29881
msgstr ""
29811
29882
29812
#: serverguide/C/backups.xml:267(command)
29883
#: serverguide/C/backups.xml:273(command)
29813
29884
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29814
29885
msgstr ""
29815
29886
29816
#: serverguide/C/backups.xml:269(para)
29887
#: serverguide/C/backups.xml:275(para)
29817
29888
msgid ""
29818
29889
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29819
29890
"redirects the extracted files to the specified directory. The above example "
29822
29893
"recreates the directory structure that it contains."
29823
29894
msgstr ""
29824
29895
29825
#: serverguide/C/backups.xml:274(para)
29896
#: serverguide/C/backups.xml:280(para)
29826
29897
msgid ""
29827
29898
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29828
29899
"the file to restore."
29829
29900
msgstr ""
29830
29901
29831
#: serverguide/C/backups.xml:279(para)
29902
#: serverguide/C/backups.xml:285(para)
29832
29903
msgid "To restore all files in the archive enter the following:"
29833
29904
msgstr ""
29834
29905
29835
#: serverguide/C/backups.xml:283(command)
29906
#: serverguide/C/backups.xml:289(command)
29836
29907
msgid "cd /"
29837
29908
msgstr ""
29838
29909
29839
#: serverguide/C/backups.xml:284(command)
29910
#: serverguide/C/backups.xml:290(command)
29840
29911
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29841
29912
msgstr ""
29842
29913
29843
#: serverguide/C/backups.xml:289(para)
29914
#: serverguide/C/backups.xml:295(para)
29844
29915
msgid "This will overwrite the files currently on the file system."
29845
29916
msgstr ""
29846
29917
29847
#: serverguide/C/backups.xml:298(para)
29918
#: serverguide/C/backups.xml:304(para)
29848
29919
msgid ""
29849
29920
"For more information on shell scripting see the <ulink "
29850
29921
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29851
29922
msgstr ""
29852
29923
29853
#: serverguide/C/backups.xml:303(para)
29924
#: serverguide/C/backups.xml:309(para)
29854
29925
msgid ""
29855
29926
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29856
29927
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29857
29928
"great resource for shell scripting."
29858
29929
msgstr ""
29859
29930
29860
#: serverguide/C/backups.xml:309(para)
29931
#: serverguide/C/backups.xml:315(para)
29861
29932
msgid ""
29862
29933
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29863
29934
"Wiki Page</ulink> contains details on advanced "
29864
29935
"<application>cron</application> options."
29865
29936
msgstr ""
29866
29937
29867
#: serverguide/C/backups.xml:316(para)
29938
#: serverguide/C/backups.xml:322(para)
29868
29939
msgid ""
29869
29940
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29870
29941
"tar Manual</ulink> for more <application>tar</application> options."
29871
29942
msgstr ""
29872
29943
29873
#: serverguide/C/backups.xml:322(para)
29944
#: serverguide/C/backups.xml:328(para)
29874
29945
msgid ""
29875
29946
"The Wikipedia <ulink "
29876
29947
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29877
29948
"Scheme</ulink> article contains information on other backup rotation schemes."
29878
29949
msgstr ""
29879
29950
29880
#: serverguide/C/backups.xml:328(para)
29951
#: serverguide/C/backups.xml:334(para)
29881
29952
msgid ""
29882
29953
"The shell script uses <application>tar</application> to create the archive, "
29883
29954
"but there many other command line utilities that can be used. For example:"
29884
29955
msgstr ""
29885
29956
29886
#: serverguide/C/backups.xml:334(para)
29957
#: serverguide/C/backups.xml:340(para)
29887
29958
msgid ""
29888
29959
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29889
29960
"files to and from archives."
29890
29961
msgstr ""
29891
29962
29892
#: serverguide/C/backups.xml:339(para)
29963
#: serverguide/C/backups.xml:345(para)
29893
29964
msgid ""
29894
29965
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29895
29966
"the <application>coreutils</application> package. A low level utility that "
29896
29967
"can copy data from one format to another."
29897
29968
msgstr ""
29898
29969
29899
#: serverguide/C/backups.xml:345(para)
29970
#: serverguide/C/backups.xml:351(para)
29900
29971
msgid ""
29901
29972
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29902
29973
"snapshot utility used to create copies of an entire file system."
29903
29974
msgstr ""
29904
29975
29905
#: serverguide/C/backups.xml:351(para)
29976
#: serverguide/C/backups.xml:357(para)
29906
29977
msgid ""
29907
29978
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29908
29979
"flexible utility used to create incremental copies of files."
29909
29980
msgstr ""
29910
29981
29911
#: serverguide/C/backups.xml:362(title)
29982
#: serverguide/C/backups.xml:368(title)
29912
29983
msgid "Archive Rotation"
29913
29984
msgstr ""
29914
29985
29915
#: serverguide/C/backups.xml:363(para)
29986
#: serverguide/C/backups.xml:369(para)
29916
29987
msgid ""
29917
29988
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29918
29989
"seven different archives. For a server whose data doesn't change often, this "
29920
29991
"rotation scheme should be used."
29921
29992
msgstr ""
29922
29993
29923
#: serverguide/C/backups.xml:369(title)
29994
#: serverguide/C/backups.xml:375(title)
29924
29995
msgid "Rotating NFS Archives"
29925
29996
msgstr ""
29926
29997
29927
#: serverguide/C/backups.xml:370(para)
29998
#: serverguide/C/backups.xml:376(para)
29928
29999
msgid ""
29929
30000
"In this section, the shell script will be slightly modified to implement a "
29930
30001
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29931
30002
msgstr ""
29932
30003
29933
#: serverguide/C/backups.xml:376(para)
30004
#: serverguide/C/backups.xml:382(para)
29934
30005
msgid ""
29935
30006
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29936
30007
"Friday."
29937
30008
msgstr ""
29938
30009
29939
#: serverguide/C/backups.xml:381(para)
30010
#: serverguide/C/backups.xml:387(para)
29940
30011
msgid ""
29941
30012
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29942
30013
"weekly backups a month."
29943
30014
msgstr ""
29944
30015
29945
#: serverguide/C/backups.xml:386(para)
30016
#: serverguide/C/backups.xml:392(para)
29946
30017
msgid ""
29947
30018
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29948
30019
"rotating two monthly backups based on if the month is odd or even."
29949
30020
msgstr ""
29950
30021
29951
#: serverguide/C/backups.xml:392(para)
30022
#: serverguide/C/backups.xml:398(para)
29952
30023
msgid "Here is the new script:"
29953
30024
msgstr ""
29954
30025
29955
#: serverguide/C/backups.xml:395(programlisting)
30026
#: serverguide/C/backups.xml:401(programlisting)
29956
30027
#, no-wrap
29957
30028
msgid ""
29958
30029
"\n"
30021
30092
"ls -lh $dest/\n"
30022
30093
msgstr ""
30023
30094
30024
#: serverguide/C/backups.xml:460(para)
30095
#: serverguide/C/backups.xml:466(para)
30025
30096
msgid ""
30026
30097
"The script can be executed using the same methods as in <xref "
30027
30098
"linkend=\"backup-executing-shellscript\"/>."
30028
30099
msgstr ""
30029
30100
30030
#: serverguide/C/backups.xml:463(para)
30101
#: serverguide/C/backups.xml:469(para)
30031
30102
msgid ""
30032
30103
"It is good practice to take backup media off-site in case of a disaster. In "
30033
30104
"the shell script example the backup media is another server providing an NFS "
30036
30107
"the archive file over a WAN link to a server in another location."
30037
30108
msgstr ""
30038
30109
30039
#: serverguide/C/backups.xml:469(para)
30110
#: serverguide/C/backups.xml:475(para)
30040
30111
msgid ""
30041
30112
"Another option is to copy the archive file to an external hard drive which "
30042
30113
"can then be taken off-site. Since the price of external hard drives continue "
30045
30116
"backup server and one in another location."
30046
30117
msgstr ""
30047
30118
30048
#: serverguide/C/backups.xml:476(title)
30119
#: serverguide/C/backups.xml:482(title)
30049
30120
msgid "Tape Drives"
30050
30121
msgstr ""
30051
30122
30052
#: serverguide/C/backups.xml:477(para)
30123
#: serverguide/C/backups.xml:483(para)
30053
30124
msgid ""
30054
30125
"A tape drive attached to the server can be used instead of an NFS share. "
30055
30126
"Using a tape drive simplifies archive rotation, and makes taking the media "
30056
30127
"off-site easier as well."
30057
30128
msgstr ""
30058
30129
30059
#: serverguide/C/backups.xml:481(para)
30130
#: serverguide/C/backups.xml:487(para)
30060
30131
msgid ""
30061
30132
"When using a tape drive, the filename portions of the script aren't needed "
30062
30133
"because the data is sent directly to the tape device. Some commands to "
30065
30136
"<application>cpio</application> package."
30066
30137
msgstr ""
30067
30138
30068
#: serverguide/C/backups.xml:486(para)
30139
#: serverguide/C/backups.xml:492(para)
30069
30140
msgid "Here is the shell script modified to use a tape drive:"
30070
30141
msgstr ""
30071
30142
30072
#: serverguide/C/backups.xml:489(programlisting)
30143
#: serverguide/C/backups.xml:495(programlisting)
30073
30144
#, no-wrap
30074
30145
msgid ""
30075
30146
"\n"
30106
30177
"date\n"
30107
30178
msgstr ""
30108
30179
30109
#: serverguide/C/backups.xml:523(para)
30180
#: serverguide/C/backups.xml:529(para)
30110
30181
msgid ""
30111
30182
"The default device name for a SCSI tape drive is "
30112
30183
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
30113
30184
"system."
30114
30185
msgstr ""
30115
30186
30116
#: serverguide/C/backups.xml:528(para)
30187
#: serverguide/C/backups.xml:534(para)
30117
30188
msgid ""
30118
30189
"Restoring from a tape drive is basically the same as restoring from a file. "
30119
30190
"Simply rewind the tape and use the device path instead of a file path. For "
30121
30192
"<filename>/tmp/etc/hosts</filename>:"
30122
30193
msgstr ""
30123
30194
30124
#: serverguide/C/backups.xml:533(command)
30195
#: serverguide/C/backups.xml:539(command)
30125
30196
msgid "mt -f /dev/st0 rewind"
30126
30197
msgstr ""
30127
30198
30128
#: serverguide/C/backups.xml:534(command)
30199
#: serverguide/C/backups.xml:540(command)
30129
30200
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
30130
30201
msgstr ""
30131
30202
30132
#: serverguide/C/backups.xml:539(title)
30203
#: serverguide/C/backups.xml:545(title)
30133
30204
msgid "Bacula"
30134
30205
msgstr ""
30135
30206
30136
#: serverguide/C/backups.xml:540(para)
30207
#: serverguide/C/backups.xml:546(para)
30137
30208
msgid ""
30138
30209
"<application>Bacula</application> is a backup program enabling you to "
30139
30210
"backup, restore, and verify data across your network. There are Bacula "
30141
30212
"network wide solution."
30142
30213
msgstr ""
30143
30214
30144
#: serverguide/C/backups.xml:546(para)
30215
#: serverguide/C/backups.xml:552(para)
30145
30216
msgid ""
30146
30217
"<application>Bacula</application> is made up of several components and "
30147
30218
"services used to manage which files to backup and backup locations:"
30148
30219
msgstr ""
30149
30220
30150
#: serverguide/C/backups.xml:551(para)
30221
#: serverguide/C/backups.xml:557(para)
30151
30222
msgid ""
30152
30223
"<application>Bacula Director:</application> a service that controls all "
30153
30224
"backup, restore, verify, and archive operations."
30154
30225
msgstr ""
30155
30226
30156
#: serverguide/C/backups.xml:556(para)
30227
#: serverguide/C/backups.xml:562(para)
30157
30228
msgid ""
30158
30229
"<application>Bacula Console:</application> an application allowing "
30159
30230
"communication with the Director. There are three versions of the Console:"
30160
30231
msgstr ""
30161
30232
30162
#: serverguide/C/backups.xml:561(para)
30233
#: serverguide/C/backups.xml:567(para)
30163
30234
msgid "Text based command line version."
30164
30235
msgstr ""
30165
30236
30166
#: serverguide/C/backups.xml:562(para)
30237
#: serverguide/C/backups.xml:568(para)
30167
30238
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
30168
30239
msgstr ""
30169
30240
30170
#: serverguide/C/backups.xml:563(para)
30241
#: serverguide/C/backups.xml:569(para)
30171
30242
msgid "wxWidgets GUI interface."
30172
30243
msgstr ""
30173
30244
30174
#: serverguide/C/backups.xml:567(para)
30245
#: serverguide/C/backups.xml:573(para)
30175
30246
msgid ""
30176
30247
"<application>Bacula File:</application> also known as the "
30177
30248
"<application>Bacula Client</application> program. This application is "
30179
30250
"requested by the Director."
30180
30251
msgstr ""
30181
30252
30182
#: serverguide/C/backups.xml:573(para)
30253
#: serverguide/C/backups.xml:579(para)
30183
30254
msgid ""
30184
30255
"<application>Bacula Storage:</application> the programs that perform the "
30185
30256
"storage and recovery of data to the physical media."
30186
30257
msgstr ""
30187
30258
30188
#: serverguide/C/backups.xml:578(para)
30259
#: serverguide/C/backups.xml:584(para)
30189
30260
msgid ""
30190
30261
"<application>Bacula Catalog:</application> is responsible for maintaining "
30191
30262
"the file indexes and volume databases for all files backed up, enabling "
30193
30264
"different databases MySQL, PostgreSQL, and SQLite."
30194
30265
msgstr ""
30195
30266
30196
#: serverguide/C/backups.xml:584(para)
30267
#: serverguide/C/backups.xml:590(para)
30197
30268
msgid ""
30198
30269
"<application>Bacula Monitor:</application> allows the monitoring of the "
30199
30270
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
30200
30271
"available as a GTK+ GUI application."
30201
30272
msgstr ""
30202
30273
30203
#: serverguide/C/backups.xml:590(para)
30274
#: serverguide/C/backups.xml:596(para)
30204
30275
msgid ""
30205
30276
"These services and applications can be run on multiple servers and clients, "
30206
30277
"or they can be installed on one machine if backing up a single disk or "
30207
30278
"volume."
30208
30279
msgstr ""
30209
30280
30210
#: serverguide/C/backups.xml:598(para)
30281
#: serverguide/C/backups.xml:604(para)
30211
30282
msgid ""
30212
30283
"If using MySQL or PostgreSQL as your database, you should already have the "
30213
30284
"services available. <application>Bacula</application> will not install them "
30214
30285
"for you."
30215
30286
msgstr ""
30216
30287
30217
#: serverguide/C/backups.xml:603(para)
30288
#: serverguide/C/backups.xml:609(para)
30218
30289
msgid ""
30219
30290
"There are multiple packages containing the different "
30220
30291
"<application>Bacula</application> components. To install Bacula, from a "
30221
30292
"terminal prompt enter:"
30222
30293
msgstr ""
30223
30294
30224
#: serverguide/C/backups.xml:608(command)
30295
#: serverguide/C/backups.xml:614(command)
30225
30296
msgid "sudo apt-get install bacula"
30226
30297
msgstr ""
30227
30298
30228
#: serverguide/C/backups.xml:610(para)
30299
#: serverguide/C/backups.xml:616(para)
30229
30300
msgid ""
30230
30301
"By default installing the <application>bacula</application> package will use "
30231
30302
"a <application>MySQL</application> database for the Catalog. If you want to "
30234
30305
"pgsql</application> respectively."
30235
30306
msgstr ""
30236
30307
30237
#: serverguide/C/backups.xml:616(para)
30308
#: serverguide/C/backups.xml:622(para)
30238
30309
msgid ""
30239
30310
"During the install process you will be asked to supply credentials for the "
30240
30311
"database <emphasis>administrator</emphasis> and the "
30243
30314
"database, see <xref linkend=\"mysql\"/> for more information."
30244
30315
msgstr ""
30245
30316
30246
#: serverguide/C/backups.xml:626(para)
30317
#: serverguide/C/backups.xml:632(para)
30247
30318
msgid ""
30248
30319
"<application>Bacula</application> configuration files are formatted based on "
30249
30320
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
30252
30323
"directory."
30253
30324
msgstr ""
30254
30325
30255
#: serverguide/C/backups.xml:631(para)
30326
#: serverguide/C/backups.xml:637(para)
30256
30327
msgid ""
30257
30328
"The various <application>Bacula</application> components must authorize "
30258
30329
"themselves to each other. This is accomplished using the "
30263
30334
"<filename>/etc/bacula/bacula-sd.conf</filename>."
30264
30335
msgstr ""
30265
30336
30266
#: serverguide/C/backups.xml:637(para)
30337
#: serverguide/C/backups.xml:643(para)
30267
30338
msgid ""
30268
30339
"By default the backup job named <emphasis>Client1</emphasis> is configured "
30269
30340
"to archive the <application>Bacula</application> Catalog. If you plan on "
30272
30343
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
30273
30344
msgstr ""
30274
30345
30275
#: serverguide/C/backups.xml:642(programlisting)
30346
#: serverguide/C/backups.xml:648(programlisting)
30276
30347
#, no-wrap
30277
30348
msgid ""
30278
30349
"\n"
30286
30357
"}\n"
30287
30358
msgstr ""
30288
30359
30289
#: serverguide/C/backups.xml:653(para)
30360
#: serverguide/C/backups.xml:659(para)
30290
30361
msgid ""
30291
30362
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
30292
30363
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
30293
30364
"your appropriate hostname, or other descriptive name."
30294
30365
msgstr ""
30295
30366
30296
#: serverguide/C/backups.xml:658(para)
30367
#: serverguide/C/backups.xml:664(para)
30297
30368
msgid ""
30298
30369
"The <emphasis>Console</emphasis> can be used to query the "
30299
30370
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
30302
30373
"the following from a terminal:"
30303
30374
msgstr ""
30304
30375
30305
#: serverguide/C/backups.xml:664(command)
30376
#: serverguide/C/backups.xml:670(command)
30306
30377
msgid "sudo adduser $username bacula"
30307
30378
msgstr ""
30308
30379
30309
#: serverguide/C/backups.xml:667(para)
30380
#: serverguide/C/backups.xml:673(para)
30310
30381
msgid ""
30311
30382
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
30312
30383
"you are adding the current user to the group you should log out and back in "
30313
30384
"for the new permissions to take effect."
30314
30385
msgstr ""
30315
30386
30316
#: serverguide/C/backups.xml:674(title)
30387
#: serverguide/C/backups.xml:680(title)
30317
30388
msgid "Localhost Backup"
30318
30389
msgstr ""
30319
30390
30320
#: serverguide/C/backups.xml:675(para)
30391
#: serverguide/C/backups.xml:681(para)
30321
30392
msgid ""
30322
30393
"This section describes how to backup specified directories on a single host "
30323
30394
"to a local tape drive."
30324
30395
msgstr ""
30325
30396
30326
#: serverguide/C/backups.xml:680(para)
30397
#: serverguide/C/backups.xml:686(para)
30327
30398
msgid ""
30328
30399
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
30329
30400
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
30330
30401
msgstr ""
30331
30402
30332
#: serverguide/C/backups.xml:683(programlisting)
30403
#: serverguide/C/backups.xml:689(programlisting)
30333
30404
#, no-wrap
30334
30405
msgid ""
30335
30406
"\n"
30347
30418
"}\n"
30348
30419
msgstr ""
30349
30420
30350
#: serverguide/C/backups.xml:697(para)
30421
#: serverguide/C/backups.xml:703(para)
30351
30422
msgid ""
30352
30423
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
30353
30424
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
30354
30425
"hardware."
30355
30426
msgstr ""
30356
30427
30357
#: serverguide/C/backups.xml:700(para)
30428
#: serverguide/C/backups.xml:706(para)
30358
30429
msgid "You could also uncomment one of the other examples in the file."
30359
30430
msgstr ""
30360
30431
30361
#: serverguide/C/backups.xml:705(para)
30432
#: serverguide/C/backups.xml:711(para)
30362
30433
msgid ""
30363
30434
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
30364
30435
"<application>Storage</application> daemon will need to be restarted:"
30365
30436
msgstr ""
30366
30437
30367
#: serverguide/C/backups.xml:710(command)
30438
#: serverguide/C/backups.xml:716(command)
30368
30439
msgid "sudo service bacula-sd restart"
30369
30440
msgstr ""
30370
30441
30371
#: serverguide/C/backups.xml:714(para)
30442
#: serverguide/C/backups.xml:720(para)
30372
30443
msgid ""
30373
30444
"Now add a <emphasis>Storage</emphasis> resource in "
30374
30445
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
30375
30446
msgstr ""
30376
30447
30377
#: serverguide/C/backups.xml:717(programlisting)
30448
#: serverguide/C/backups.xml:723(programlisting)
30378
30449
#, no-wrap
30379
30450
msgid ""
30380
30451
"\n"
30391
30462
"}\n"
30392
30463
msgstr ""
30393
30464
30394
#: serverguide/C/backups.xml:729(para)
30465
#: serverguide/C/backups.xml:735(para)
30395
30466
msgid ""
30396
30467
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
30397
30468
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
30398
30469
"to the actual host name."
30399
30470
msgstr ""
30400
30471
30401
#: serverguide/C/backups.xml:733(para)
30472
#: serverguide/C/backups.xml:739(para)
30402
30473
msgid ""
30403
30474
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
30404
30475
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
30405
30476
msgstr ""
30406
30477
30407
#: serverguide/C/backups.xml:739(para)
30478
#: serverguide/C/backups.xml:745(para)
30408
30479
msgid ""
30409
30480
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
30410
30481
"directories to backup, by adding:"
30411
30482
msgstr ""
30412
30483
30413
#: serverguide/C/backups.xml:742(programlisting)
30484
#: serverguide/C/backups.xml:748(programlisting)
30414
30485
#, no-wrap
30415
30486
msgid ""
30416
30487
"\n"
30428
30499
"}\n"
30429
30500
msgstr ""
30430
30501
30431
#: serverguide/C/backups.xml:756(para)
30502
#: serverguide/C/backups.xml:762(para)
30432
30503
msgid ""
30433
30504
"This <emphasis>FileSet</emphasis> will backup the <filename "
30434
30505
"role=\"directory\">/etc</filename> and <filename "
30438
30509
"using GZIP."
30439
30510
msgstr ""
30440
30511
30441
#: serverguide/C/backups.xml:763(para)
30512
#: serverguide/C/backups.xml:769(para)
30442
30513
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
30443
30514
msgstr ""
30444
30515
30445
#: serverguide/C/backups.xml:766(programlisting)
30516
#: serverguide/C/backups.xml:772(programlisting)
30446
30517
#, no-wrap
30447
30518
msgid ""
30448
30519
"\n"
30453
30524
"}\n"
30454
30525
msgstr ""
30455
30526
30456
#: serverguide/C/backups.xml:773(para)
30527
#: serverguide/C/backups.xml:779(para)
30457
30528
msgid ""
30458
30529
"The job will run every day at 00:01 or 12:01 am. There are many other "
30459
30530
"scheduling options available."
30460
30531
msgstr ""
30461
30532
30462
#: serverguide/C/backups.xml:778(para)
30533
#: serverguide/C/backups.xml:784(para)
30463
30534
msgid "Finally create the <emphasis>Job</emphasis>:"
30464
30535
msgstr ""
30465
30536
30466
#: serverguide/C/backups.xml:781(programlisting)
30537
#: serverguide/C/backups.xml:787(programlisting)
30467
30538
#, no-wrap
30468
30539
msgid ""
30469
30540
"\n"
30480
30551
"} \n"
30481
30552
msgstr ""
30482
30553
30483
#: serverguide/C/backups.xml:794(para)
30554
#: serverguide/C/backups.xml:800(para)
30484
30555
msgid ""
30485
30556
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
30486
30557
"drive."
30487
30558
msgstr ""
30488
30559
30489
#: serverguide/C/backups.xml:799(para)
30560
#: serverguide/C/backups.xml:805(para)
30490
30561
msgid ""
30491
30562
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
30492
30563
"current tape does not have a label <application>Bacula</application> will "
30494
30565
"<application>Console</application> enter the following from a terminal:"
30495
30566
msgstr ""
30496
30567
30497
#: serverguide/C/backups.xml:805(command)
30568
#: serverguide/C/backups.xml:811(command)
30498
30569
msgid "bconsole"
30499
30570
msgstr ""
30500
30571
30501
#: serverguide/C/backups.xml:809(para)
30572
#: serverguide/C/backups.xml:815(para)
30502
30573
msgid "At the Bacula Console prompt enter:"
30503
30574
msgstr ""
30504
30575
30505
#: serverguide/C/backups.xml:813(command)
30576
#: serverguide/C/backups.xml:819(command)
30506
30577
msgid "label"
30507
30578
msgstr ""
30508
30579
30509
#: serverguide/C/backups.xml:817(para)
30580
#: serverguide/C/backups.xml:823(para)
30510
30581
msgid ""
30511
30582
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
30512
30583
msgstr ""
30513
30584
30514
#: serverguide/C/backups.xml:827(userinput)
30585
#: serverguide/C/backups.xml:833(userinput)
30515
30586
#, no-wrap
30516
30587
msgid "2"
30517
30588
msgstr ""
30518
30589
30519
#: serverguide/C/backups.xml:821(computeroutput)
30590
#: serverguide/C/backups.xml:827(computeroutput)
30520
30591
#, no-wrap
30521
30592
msgid ""
30522
30593
"\n"
30528
30599
"Select Storage resource (1-2):<placeholder-1/>\n"
30529
30600
msgstr ""
30530
30601
30531
#: serverguide/C/backups.xml:832(para)
30602
#: serverguide/C/backups.xml:838(para)
30532
30603
msgid "Enter the new <emphasis>Volume</emphasis> name:"
30533
30604
msgstr ""
30534
30605
30535
#: serverguide/C/backups.xml:837(userinput)
30606
#: serverguide/C/backups.xml:843(userinput)
30536
30607
#, no-wrap
30537
30608
msgid "Sunday"
30538
30609
msgstr ""
30539
30610
30540
#: serverguide/C/backups.xml:836(computeroutput)
30611
#: serverguide/C/backups.xml:842(computeroutput)
30541
30612
#, no-wrap
30542
30613
msgid ""
30543
30614
"\n"
30547
30618
" 2: Scratch"
30548
30619
msgstr ""
30549
30620
30550
#: serverguide/C/backups.xml:842(para)
30621
#: serverguide/C/backups.xml:848(para)
30551
30622
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
30552
30623
msgstr ""
30553
30624
30554
#: serverguide/C/backups.xml:847(para)
30625
#: serverguide/C/backups.xml:853(para)
30555
30626
msgid "Now, select the <emphasis>Pool</emphasis>:"
30556
30627
msgstr ""
30557
30628
30558
#: serverguide/C/backups.xml:851(computeroutput)
30629
#: serverguide/C/backups.xml:857(computeroutput)
30559
30630
#, no-wrap
30560
30631
msgid ""
30561
30632
"\n"
30564
30635
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
30565
30636
msgstr ""
30566
30637
30567
#: serverguide/C/backups.xml:859(para)
30638
#: serverguide/C/backups.xml:865(para)
30568
30639
msgid ""
30569
30640
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
30570
30641
"backup the localhost to an attached tape drive."
30571
30642
msgstr ""
30572
30643
30573
#: serverguide/C/backups.xml:867(para)
30644
#: serverguide/C/backups.xml:873(para)
30574
30645
msgid ""
30575
30646
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
30576
30647
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
30577
30648
"Manual</ulink>"
30578
30649
msgstr ""
30579
30650
30580
#: serverguide/C/backups.xml:873(para)
30651
#: serverguide/C/backups.xml:879(para)
30581
30652
msgid ""
30582
30653
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
30583
30654
"the latest Bacula news and developments."
30584
30655
msgstr ""
30585
30656
30586
#: serverguide/C/backups.xml:878(para)
30657
#: serverguide/C/backups.xml:884(para)
30587
30658
msgid ""
30588
30659
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
30589
30660
"Ubuntu Wiki</ulink> page."
30600
30671
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
30601
30672
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
30602
30673
30674
#~ msgid ""
30675
#~ "MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
30676
#~ "engine, and licensed under the GNU GPL."
30677
#~ msgstr ""
30678
#~ "MoinMoin adalah sebuah sistem Wiki yang diimplementasikan menggunakan "
30679
#~ "Python, berdasarkan sistem Wiki PikiPiki, dan berlisensi GNU GPL."
30680
30681
#~ msgid ""
30682
#~ "You should also install <application>apache2</application> web server. For "
30683
#~ "installing <application>apache2</application> web server, please refer to "
30684
#~ "<xref linkend=\"http-installation\"/> sub-section in <xref "
30685
#~ "linkend=\"httpd\"/> section."
30686
#~ msgstr ""
30687
#~ "Anda juga sebaiknya menginstal server web<application>apache2</application>. "
30688
#~ "Untuk menginstal server web <application>apache2</application>, silakan "
30689
#~ "ikuti sub-seksi <xref linkend=\"http-installation\"/> di bagian <xref "
30690
#~ "linkend=\"httpd\"/>."
30691
30692
#~ msgid ""
30693
#~ "For configuring your first Wiki application, please run the following set of "
30694
#~ "commands. Let us assume that you are creating a Wiki named "
30695
#~ "<emphasis>mywiki</emphasis>:"
30696
#~ msgstr ""
30697
#~ "Untuk mengkonfigurasi aplikasi Wiki anda yang pertama, jalankan beberapa "
30698
#~ "perintah berikut ini. Diasumsikan <emphasis>mywiki</emphasis> adalah nama "
30699
#~ "Wiki yang anda buat :"
30700
30701
#~ msgid ""
30702
#~ "Now you should configure <application>MoinMoin</application> to find your "
30703
#~ "new Wiki <emphasis>mywiki</emphasis>. To configure "
30704
#~ "<application>MoinMoin</application>, open "
30705
#~ "<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
30706
#~ msgstr ""
30707
#~ "Kini anda dapat mengkonfigurasi <application>MoinMoin</application> untuk "
30708
#~ "menemukan Wiki <emphasis>mywiki</emphasis> baru anda. Untuk mengkonfigurasi "
30709
#~ "<application>MoinMoin</application>, buka file "
30710
#~ "<filename>/etc/moin/mywiki.py</filename> dan sesuaikan beberapa baris "
30711
#~ "berikut ini :"
30712
30713
#~ msgid ""
30714
#~ "If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
30715
#~ "insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
30716
#~ "<filename>/etc/moin/farmconfig.py</filename> file after the line "
30717
#~ "<quote>(\"mywiki\", r\".*\")</quote>."
30718
#~ msgstr ""
30719
#~ "Jika anda telah memberi nama Wiki anda dengan "
30720
#~ "<emphasis>my_wiki_name</emphasis> anda harus menambahkan baris "
30721
#~ "<quote>(\"my_wiki_name\", r\".*\")</quote> pada file "
30722
#~ "<filename>/etc/moin/farmconfig.py</filename> setelah baris "
30723
#~ "<quote>(\"mywiki\", r\".*\")</quote>."
30724
30725
#~ msgid ""
30726
#~ "Once you have configured <application>MoinMoin</application> to find your "
30727
#~ "first Wiki application <emphasis>mywiki</emphasis>, you should configure "
30728
#~ "<application>apache2</application> and make it ready for your Wiki "
30729
#~ "application."
30730
#~ msgstr ""
30731
#~ "Setelah anda mengkonfigurasi <application>MoinMoin</application> untuk dapat "
30732
#~ "menggunakan aplikasi Wiki <emphasis>mywiki</emphasis> anda yang pertama, "
30733
#~ "anda juga harus mengkonfigurasi <application>apache2</application> dan "
30734
#~ "membuatnya siap digunakan untuk aplikasi Wiki anda."
30735
30736
#~ msgid ""
30737
#~ "Once you configure the <application>apache2</application> web server and "
30738
#~ "make it ready for your Wiki application, you should restart it. You can run "
30739
#~ "the following command to restart the <application>apache2</application> web "
30740
#~ "server:"
30741
#~ msgstr ""
30742
#~ "Setelah anda mengonfigurasi server web <application>apache2</application> "
30743
#~ "dan membuatnya siap untuk aplikasi Wiki anda, maka langkah selanjutnya anda "
30744
#~ "harus start ulang. Anda dapat menjalankan perintah ini untuk start ulang "
30745
#~ "server server<application>apache2</application>."
30746
30603
30747
#, no-wrap
30604
30748
#~ msgid ""
30605
30749
#~ "\n"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1