346
346
"virtual host file, and remember to create that directory if necessary!"
349
#: serverguide/C/web-servers.xml:265(para)
349
#: serverguide/C/web-servers.xml:278(para)
351
351
"Enable the new <emphasis>VirtualHost</emphasis> using the "
352
352
"<application>a2ensite</application> utility and restart Apache2:"
355
#: serverguide/C/web-servers.xml:271(command)
355
#: serverguide/C/web-servers.xml:284(command)
356
356
msgid "sudo a2ensite mynewsite"
359
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
359
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
360
360
msgid "sudo service apache2 restart"
363
#: serverguide/C/web-servers.xml:276(para)
363
#: serverguide/C/web-servers.xml:289(para)
365
365
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
366
366
"name for the VirtualHost. One method is to name the file after the "
367
367
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
370
#: serverguide/C/web-servers.xml:283(para)
370
#: serverguide/C/web-servers.xml:296(para)
372
372
"Similarly, use the <application>a2dissite</application> utility to disable "
373
373
"sites. This is can be useful when troubleshooting configuration problems "
374
374
"with multiple VirtualHosts:"
377
#: serverguide/C/web-servers.xml:289(command)
377
#: serverguide/C/web-servers.xml:302(command)
378
378
msgid "sudo a2dissite mynewsite"
381
#: serverguide/C/web-servers.xml:295(title)
381
#: serverguide/C/web-servers.xml:308(title)
382
382
msgid "Default Settings"
383
383
msgstr "Penataan Baku"
385
#: serverguide/C/web-servers.xml:297(para)
385
#: serverguide/C/web-servers.xml:310(para)
387
387
"This section explains configuration of the Apache2 server default settings. "
388
388
"For example, if you add a virtual host, the settings you configure for the "
604
604
"<emphasis><IfModule></emphasis> block."
607
#: serverguide/C/web-servers.xml:510(para)
607
#: serverguide/C/web-servers.xml:523(para)
609
609
"You can install additional Apache2 modules and use them with your Web "
610
610
"server. For example, run the following command from a terminal prompt to "
611
611
"install the <emphasis>MySQL Authentication</emphasis> module:"
614
#: serverguide/C/web-servers.xml:517(command)
614
#: serverguide/C/web-servers.xml:530(command)
615
615
msgid "sudo apt-get install libapache2-mod-auth-mysql"
616
616
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
618
#: serverguide/C/web-servers.xml:520(para)
618
#: serverguide/C/web-servers.xml:533(para)
620
620
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
621
621
"additional modules."
624
#: serverguide/C/web-servers.xml:524(para)
624
#: serverguide/C/web-servers.xml:537(para)
626
626
"Use the <application>a2enmod</application> utility to enable a module:"
629
#: serverguide/C/web-servers.xml:530(command)
629
#: serverguide/C/web-servers.xml:543(command)
630
630
msgid "sudo a2enmod auth_mysql"
633
#: serverguide/C/web-servers.xml:534(para)
633
#: serverguide/C/web-servers.xml:547(para)
634
634
msgid "Similarly, <application>a2dismod</application> will disable a module:"
637
#: serverguide/C/web-servers.xml:539(command)
637
#: serverguide/C/web-servers.xml:552(command)
638
638
msgid "sudo a2dismod auth_mysql"
641
#: serverguide/C/web-servers.xml:546(title)
641
#: serverguide/C/web-servers.xml:559(title)
642
642
msgid "HTTPS Configuration"
643
643
msgstr "Konfigurasi HTTPS"
645
#: serverguide/C/web-servers.xml:548(para)
645
#: serverguide/C/web-servers.xml:561(para)
647
647
"The <application>mod_ssl</application> module adds an important feature to "
648
648
"the Apache2 server - the ability to encrypt communications. Thus, when your "
737
737
#: serverguide/C/web-servers.xml:641(command)
738
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
741
#: serverguide/C/web-servers.xml:632(para)
738
msgid "sudo find /var/www/html -type f -exec chmod g=rw \"{}\" \\;"
741
#: serverguide/C/web-servers.xml:643(para)
743
"These commands recursively set the group permission on all files and "
744
"directories in /var/www/html to read write and set user id. This has the "
745
"effect of having the files and directories inherit their group and "
746
"permission from their parrent. Many admins find this useful for allowing "
747
"multiple users to edit files in a directory tree."
750
#: serverguide/C/web-servers.xml:652(para)
743
752
"If access must be granted to more than one group per directory, enable "
744
753
"Access Control Lists (ACLs)."
747
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
756
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:809(title) serverguide/C/web-servers.xml:958(title) serverguide/C/web-servers.xml:1053(title) serverguide/C/web-servers.xml:1278(title) serverguide/C/vpn.xml:843(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1217(title) serverguide/C/security.xml:1631(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:301(title)
748
757
msgid "References"
749
758
msgstr "Referensi"
751
#: serverguide/C/web-servers.xml:656(para)
760
#: serverguide/C/web-servers.xml:663(para)
753
762
"<ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
754
763
"Documentation</ulink> contains in depth information on Apache2 configuration "
756
765
"the official Apache2 docs."
759
#: serverguide/C/web-servers.xml:650(para)
768
#: serverguide/C/web-servers.xml:670(para)
761
770
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
762
771
"Documentation</ulink> site for more SSL related information."
765
#: serverguide/C/web-servers.xml:656(para)
774
#: serverguide/C/web-servers.xml:676(para)
767
776
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
768
777
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
769
778
"configurations."
772
#: serverguide/C/web-servers.xml:662(para)
781
#: serverguide/C/web-servers.xml:682(para)
774
783
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
775
784
"server</emphasis> IRC channel on <ulink "
776
785
"url=\"http://freenode.net/\">freenode.net</ulink>."
779
#: serverguide/C/web-servers.xml:668(para)
788
#: serverguide/C/web-servers.xml:688(para)
781
790
"Usually integrated with PHP and MySQL the <ulink "
782
791
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
783
792
"Ubuntu Wiki </ulink> page is a good resource."
786
#: serverguide/C/web-servers.xml:679(title)
795
#: serverguide/C/web-servers.xml:699(title)
787
796
msgid "PHP5 - Scripting Language"
788
797
msgstr "PHP5 - Scripting Language"
790
#: serverguide/C/web-servers.xml:680(para)
799
#: serverguide/C/web-servers.xml:700(para)
792
801
"PHP is a general-purpose scripting language suited for Web development. The "
793
802
"PHP script can be embedded into HTML. This section explains how to install "
794
803
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
797
#: serverguide/C/web-servers.xml:684(para)
806
#: serverguide/C/web-servers.xml:704(para)
799
808
"This section assumes you have installed and configured Apache2 Web Server "
800
809
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
989
998
"protect it from writing using the following commands:"
992
#: serverguide/C/web-servers.xml:870(command)
1001
#: serverguide/C/web-servers.xml:877(command)
993
1002
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
996
#: serverguide/C/web-servers.xml:871(command)
1005
#: serverguide/C/web-servers.xml:878(command)
997
1006
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
1000
#: serverguide/C/web-servers.xml:866(para)
1009
#: serverguide/C/web-servers.xml:885(para)
1002
1011
"To set your Squid server to listen on TCP port 8888 instead of the default "
1003
1012
"TCP port 3128, change the http_port directive as such:"
1006
#: serverguide/C/web-servers.xml:870(programlisting)
1015
#: serverguide/C/web-servers.xml:889(programlisting)
1010
1019
"http_port 8888\n"
1013
#: serverguide/C/web-servers.xml:875(para)
1022
#: serverguide/C/web-servers.xml:894(para)
1015
1024
"Change the visible_hostname directive in order to give the Squid server a "
1016
1025
"specific hostname. This hostname does not necessarily need to be the "
1017
1026
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
1020
#: serverguide/C/web-servers.xml:879(programlisting)
1029
#: serverguide/C/web-servers.xml:898(programlisting)
1024
1033
"visible_hostname weezie\n"
1027
#: serverguide/C/web-servers.xml:884(para)
1036
#: serverguide/C/web-servers.xml:903(para)
1029
1038
"Using Squid's access control, you may configure use of Internet services "
1030
1039
"proxied by Squid to be available only users with certain Internet Protocol "
1125
1134
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1128
#: serverguide/C/web-servers.xml:966(para)
1137
#: serverguide/C/web-servers.xml:985(para)
1130
1139
"Once you have <application>Apache</application> and "
1131
1140
"<application>MySQL</application> packages installed, you are ready to "
1132
1141
"install <application>Ruby on Rails</application> package."
1135
#: serverguide/C/web-servers.xml:973(para)
1144
#: serverguide/C/web-servers.xml:992(para)
1137
1146
"To install the <application>Ruby</application> base packages and "
1138
1147
"<application>Ruby on Rails</application>, you can enter the following "
1139
1148
"command in the terminal prompt:"
1142
#: serverguide/C/web-servers.xml:979(command)
1151
#: serverguide/C/web-servers.xml:998(command)
1143
1152
msgid "sudo apt-get install rails"
1146
#: serverguide/C/web-servers.xml:997(para)
1155
#: serverguide/C/web-servers.xml:1004(para)
1148
1157
"Modify the <filename>/etc/apache2/sites-available/000-"
1149
1158
"default.conf</filename> configuration file to setup your domains."
1152
#: serverguide/C/web-servers.xml:989(para)
1161
#: serverguide/C/web-servers.xml:1008(para)
1154
1163
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1157
#: serverguide/C/web-servers.xml:993(programlisting)
1166
#: serverguide/C/web-servers.xml:1012(programlisting)
1161
1170
"DocumentRoot /path/to/rails/application/public\n"
1164
#: serverguide/C/web-servers.xml:996(para)
1173
#: serverguide/C/web-servers.xml:1015(para)
1166
1175
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1170
#: serverguide/C/web-servers.xml:1000(programlisting)
1179
#: serverguide/C/web-servers.xml:1019(programlisting)
1199
1208
"used to run the <application>Apache</application> process:"
1202
#: serverguide/C/web-servers.xml:1025(command)
1211
#: serverguide/C/web-servers.xml:1044(command)
1203
1212
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1206
#: serverguide/C/web-servers.xml:1026(command)
1215
#: serverguide/C/web-servers.xml:1045(command)
1207
1216
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1210
#: serverguide/C/web-servers.xml:1029(para)
1219
#: serverguide/C/web-servers.xml:1048(para)
1212
1221
"That's it! Now you have your Server ready for your <application>Ruby on "
1213
1222
"Rails</application> applications."
1216
#: serverguide/C/web-servers.xml:1038(para)
1225
#: serverguide/C/web-servers.xml:1057(para)
1218
1227
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1219
1228
"for more information."
1222
#: serverguide/C/web-servers.xml:1043(para)
1231
#: serverguide/C/web-servers.xml:1062(para)
1224
1233
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1225
1234
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1229
#: serverguide/C/web-servers.xml:1049(para)
1238
#: serverguide/C/web-servers.xml:1068(para)
1231
1240
"Another place for more information is the <ulink "
1232
1241
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1233
1242
"Wiki</ulink> page."
1236
#: serverguide/C/web-servers.xml:1060(title)
1245
#: serverguide/C/web-servers.xml:1079(title)
1237
1246
msgid "Apache Tomcat"
1240
#: serverguide/C/web-servers.xml:1061(para)
1249
#: serverguide/C/web-servers.xml:1080(para)
1242
1251
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1243
1252
"JSP (Java Server Pages) web applications."
1246
#: serverguide/C/web-servers.xml:1075(para)
1255
#: serverguide/C/web-servers.xml:1082(para)
1248
1257
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1249
1258
"legacy version, and Tomcat 7 is the current version where new features are "
1318
#: serverguide/C/web-servers.xml:1106(title)
1327
#: serverguide/C/web-servers.xml:1128(title)
1319
1328
msgid "Changing JVM used"
1322
#: serverguide/C/web-servers.xml:1122(para)
1331
#: serverguide/C/web-servers.xml:1129(para)
1324
1333
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1325
1334
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1326
1335
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1329
#: serverguide/C/web-servers.xml:1111(programlisting)
1338
#: serverguide/C/web-servers.xml:1133(programlisting)
1333
1342
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1336
#: serverguide/C/web-servers.xml:1116(title)
1345
#: serverguide/C/web-servers.xml:1138(title)
1337
1346
msgid "Declaring users and roles"
1340
#: serverguide/C/web-servers.xml:1132(para)
1349
#: serverguide/C/web-servers.xml:1139(para)
1342
1351
"Usernames, passwords and roles (groups) can be defined centrally in a "
1343
1352
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1344
1353
"users.xml</filename> file:"
1347
#: serverguide/C/web-servers.xml:1120(programlisting)
1356
#: serverguide/C/web-servers.xml:1142(programlisting)
1374
1383
"command in the terminal prompt:"
1377
#: serverguide/C/web-servers.xml:1153(command)
1386
#: serverguide/C/web-servers.xml:1160(command)
1378
1387
msgid "sudo apt-get install tomcat7-docs"
1381
#: serverguide/C/web-servers.xml:1142(title)
1390
#: serverguide/C/web-servers.xml:1164(title)
1382
1391
msgid "Tomcat administration webapps"
1385
#: serverguide/C/web-servers.xml:1158(para)
1394
#: serverguide/C/web-servers.xml:1165(para)
1387
1396
"The <application>tomcat7-admin</application> package contains two webapps "
1388
1397
"that can be used to administer the Tomcat server using a web interface. You "
1389
1398
"can install them by entering the following command in the terminal prompt:"
1392
#: serverguide/C/web-servers.xml:1163(command)
1401
#: serverguide/C/web-servers.xml:1170(command)
1393
1402
msgid "sudo apt-get install tomcat7-admin"
1396
#: serverguide/C/web-servers.xml:1150(para)
1405
#: serverguide/C/web-servers.xml:1172(para)
1398
1407
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1399
1408
"access by default at http://yourserver:8080/manager/html. It is primarily "
1400
1409
"used to get server status and restart webapps."
1403
#: serverguide/C/web-servers.xml:1168(para)
1412
#: serverguide/C/web-servers.xml:1175(para)
1405
1414
"Access to the <emphasis>manager</emphasis> application is protected by "
1406
1415
"default: you need to define a user with the role \"manager-gui\" in "
1407
1416
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1410
#: serverguide/C/web-servers.xml:1157(para)
1419
#: serverguide/C/web-servers.xml:1179(para)
1412
1421
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1413
1422
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1414
1423
"used to create virtual hosts dynamically."
1417
#: serverguide/C/web-servers.xml:1176(para)
1426
#: serverguide/C/web-servers.xml:1183(para)
1419
1428
"Access to the <emphasis>host-manager</emphasis> application is also "
1420
1429
"protected by default: you need to define a user with the role \"admin-gui\" "
1469
1478
"system-installed libraries."
1472
#: serverguide/C/web-servers.xml:1200(para)
1481
#: serverguide/C/web-servers.xml:1222(para)
1474
1483
"It is possible to run the system-wide instance and the private instances in "
1475
1484
"parallel, as long as they do not use the same TCP ports."
1478
#: serverguide/C/web-servers.xml:1204(title)
1487
#: serverguide/C/web-servers.xml:1226(title)
1479
1488
msgid "Installing private instance support"
1482
#: serverguide/C/web-servers.xml:1205(para)
1491
#: serverguide/C/web-servers.xml:1227(para)
1484
1493
"You can install everything necessary to run private instances by entering "
1485
1494
"the following command in the terminal prompt:"
1488
#: serverguide/C/web-servers.xml:1223(command)
1497
#: serverguide/C/web-servers.xml:1230(command)
1489
1498
msgid "sudo apt-get install tomcat7-user"
1492
#: serverguide/C/web-servers.xml:1212(title)
1501
#: serverguide/C/web-servers.xml:1234(title)
1493
1502
msgid "Creating a private instance"
1496
#: serverguide/C/web-servers.xml:1213(para)
1505
#: serverguide/C/web-servers.xml:1235(para)
1498
1507
"You can create a private instance directory by entering the following "
1499
1508
"command in the terminal prompt:"
1502
#: serverguide/C/web-servers.xml:1231(command)
1511
#: serverguide/C/web-servers.xml:1238(command)
1503
1512
msgid "tomcat7-instance-create my-instance"
1506
#: serverguide/C/web-servers.xml:1218(para)
1515
#: serverguide/C/web-servers.xml:1240(para)
1508
1517
"This will create a new <filename>my-instance</filename> directory with all "
1509
1518
"the necessary subdirectories and scripts. You can for example install your "
1548
1557
"is already taken and that you should change it."
1551
#: serverguide/C/web-servers.xml:1247(para)
1560
#: serverguide/C/web-servers.xml:1269(para)
1553
1562
"You can stop your instance by entering the following command in the terminal "
1554
1563
"prompt (supposing your instance is located in the <filename>my-"
1555
1564
"instance</filename> directory):"
1558
#: serverguide/C/web-servers.xml:1251(command)
1567
#: serverguide/C/web-servers.xml:1273(command)
1559
1568
msgid "my-instance/bin/shutdown.sh"
1562
#: serverguide/C/web-servers.xml:1260(para)
1571
#: serverguide/C/web-servers.xml:1282(para)
1564
1573
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1565
1574
"website for more information."
1568
#: serverguide/C/web-servers.xml:1280(para)
1577
#: serverguide/C/web-servers.xml:1287(para)
1570
1579
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1571
1580
"Definitive Guide</ulink> is a good resource for building web applications "
1575
#: serverguide/C/web-servers.xml:1271(para)
1584
#: serverguide/C/web-servers.xml:1293(para)
1577
1586
"For additional books see the <ulink "
1578
1587
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1706
#: serverguide/C/vpn.xml:90(para)
1715
#: serverguide/C/vpn.xml:94(para)
1708
1717
"Enter the following to generate the master Certificate Authority (CA) "
1709
1718
"certificate and key:"
1712
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1721
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1713
1722
msgid "cd /etc/openvpn/easy-rsa/"
1716
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1725
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1717
1726
msgid "source vars"
1720
#: serverguide/C/vpn.xml:97(command)
1729
#: serverguide/C/vpn.xml:101(command)
1721
1730
msgid "./clean-all"
1724
#: serverguide/C/vpn.xml:98(command)
1733
#: serverguide/C/vpn.xml:102(command)
1725
1734
msgid "./build-ca"
1728
#: serverguide/C/vpn.xml:103(title)
1737
#: serverguide/C/vpn.xml:107(title)
1729
1738
msgid "Server Certificates"
1732
#: serverguide/C/vpn.xml:105(para)
1741
#: serverguide/C/vpn.xml:109(para)
1733
1742
msgid "Next, we will generate a certificate and private key for the server:"
1736
#: serverguide/C/vpn.xml:110(command)
1745
#: serverguide/C/vpn.xml:114(command)
1737
1746
msgid "./build-key-server myservername"
1740
#: serverguide/C/vpn.xml:113(para)
1749
#: serverguide/C/vpn.xml:117(para)
1742
1751
"As in the previous step, most parameters can be defaulted. Two other queries "
1743
1752
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1744
1753
"certificate requests certified, commit? [y/n]\"."
1747
#: serverguide/C/vpn.xml:117(para)
1756
#: serverguide/C/vpn.xml:121(para)
1748
1757
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1751
#: serverguide/C/vpn.xml:122(command)
1760
#: serverguide/C/vpn.xml:126(command)
1752
1761
msgid "./build-dh"
1755
#: serverguide/C/vpn.xml:125(para)
1764
#: serverguide/C/vpn.xml:129(para)
1757
1766
"All certificates and keys have been generated in the subdirectory keys/. "
1758
1767
"Common practice is to copy them to /etc/openvpn/:"
1761
#: serverguide/C/vpn.xml:129(command)
1770
#: serverguide/C/vpn.xml:133(command)
1762
1771
msgid "cd keys/"
1781
#: serverguide/C/vpn.xml:145(command)
1790
#: serverguide/C/vpn.xml:149(command)
1782
1791
msgid "./build-key client1"
1785
#: serverguide/C/vpn.xml:148(para)
1794
#: serverguide/C/vpn.xml:152(para)
1786
1795
msgid "Copy the following files to the client using a secure method:"
1789
#: serverguide/C/vpn.xml:153(para)
1798
#: serverguide/C/vpn.xml:157(para)
1790
1799
msgid "/etc/openvpn/ca.crt"
1793
#: serverguide/C/vpn.xml:154(para)
1802
#: serverguide/C/vpn.xml:158(para)
1794
1803
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1797
#: serverguide/C/vpn.xml:155(para)
1806
#: serverguide/C/vpn.xml:159(para)
1798
1807
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1801
#: serverguide/C/vpn.xml:158(para)
1810
#: serverguide/C/vpn.xml:162(para)
1803
1812
"As the client certificates and keys are only required on the client machine, "
1804
1813
"you should remove them from the server."
1807
#: serverguide/C/vpn.xml:166(title)
1816
#: serverguide/C/vpn.xml:170(title)
1808
1817
msgid "Simple Server Configuration"
1811
#: serverguide/C/vpn.xml:168(para)
1820
#: serverguide/C/vpn.xml:172(para)
1813
1822
"Along with your <application>OpenVPN</application> installation you got "
1814
1823
"these sample config files (and many more if if you check):"
1817
#: serverguide/C/vpn.xml:172(programlisting)
1826
#: serverguide/C/vpn.xml:176(programlisting)
2065
#: serverguide/C/vpn.xml:322(para)
2074
#: serverguide/C/vpn.xml:350(para)
2067
2076
"Can the client connect to the server machine? Maybe a firewall is blocking "
2068
2077
"access? Check syslog on server."
2071
#: serverguide/C/vpn.xml:325(para)
2080
#: serverguide/C/vpn.xml:353(para)
2073
2082
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2074
2083
"port and proto config option"
2077
#: serverguide/C/vpn.xml:328(para)
2086
#: serverguide/C/vpn.xml:356(para)
2079
2088
"Client and server must use same config regarding compression, see comp-lzo "
2080
2089
"config option"
2083
#: serverguide/C/vpn.xml:331(para)
2092
#: serverguide/C/vpn.xml:359(para)
2085
2094
"Client and server must use same config regarding bridged vs routed mode, see "
2086
2095
"server vs server-bridge config option"
2089
#: serverguide/C/databases.xml:168(title)
2098
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2090
2099
msgid "Advanced configuration"
2093
#: serverguide/C/vpn.xml:342(title)
2102
#: serverguide/C/vpn.xml:369(title)
2094
2103
msgid "Advanced routed VPN configuration on server"
2097
#: serverguide/C/vpn.xml:344(para)
2106
#: serverguide/C/vpn.xml:371(para)
2099
2108
"The above is a very simple working VPN. The client can access services on "
2100
2109
"the VPN server machine through an encrypted tunnel. If you want to reach "
2184
2193
"push \"dhcp-option DNS 10.1.0.2\"\n"
2187
#: serverguide/C/vpn.xml:410(para)
2196
#: serverguide/C/vpn.xml:437(para)
2188
2197
msgid "Allow client to client communication."
2191
#: serverguide/C/vpn.xml:413(programlisting)
2200
#: serverguide/C/vpn.xml:440(programlisting)
2195
2204
"client-to-client\n"
2198
#: serverguide/C/vpn.xml:417(para)
2207
#: serverguide/C/vpn.xml:444(para)
2199
2208
msgid "Enable compression on the VPN link."
2202
#: serverguide/C/vpn.xml:420(programlisting)
2211
#: serverguide/C/vpn.xml:447(programlisting)
2209
#: serverguide/C/vpn.xml:424(para)
2218
#: serverguide/C/vpn.xml:451(para)
2211
"The keepalive directive causes ping-like messages to be sent back and forth "
2212
"over the link so that each side knows when the other side has gone down. "
2213
"Ping every 1 second, assume that remote peer is down if no ping received "
2214
"during a 3 second time period."
2220
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2221
"sent back and forth over the link so that each side knows when the other "
2222
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2223
"no ping received during a 3 second time period."
2217
#: serverguide/C/vpn.xml:433(programlisting)
2226
#: serverguide/C/vpn.xml:460(programlisting)
2221
2230
"keepalive 1 3\n"
2224
#: serverguide/C/vpn.xml:437(para)
2233
#: serverguide/C/vpn.xml:464(para)
2226
2235
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2227
2236
"initialization."
2230
#: serverguide/C/vpn.xml:440(programlisting)
2239
#: serverguide/C/vpn.xml:467(programlisting)
2875
2884
#: serverguide/C/virtualization.xml:113(para)
2877
2886
"Yet another way to install an Ubuntu virtual machine is to use "
2878
"<application>uvtool</application>. This application, available as of 14.04 "
2887
"<application>uvtool</application>. This application, available as of 14.04, "
2879
2888
"allows you to set up specific VM options, execute custom post-install "
2880
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2889
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2883
#: serverguide/C/virtualization.xml:101(para)
2892
#: serverguide/C/virtualization.xml:119(para)
2885
2894
"Libvirt can also be configured work with <application>Xen</application>. For "
2886
2895
"details, see the Xen Ubuntu community page referenced below."
2889
#: serverguide/C/virtualization.xml:106(title)
2898
#: serverguide/C/virtualization.xml:125(title)
2890
2899
msgid "virt-install"
2893
#: serverguide/C/virtualization.xml:107(para)
2902
#: serverguide/C/virtualization.xml:127(para)
2895
2904
"<application>virt-install</application> is part of the "
2896
2905
"<application>virtinst</application> package. To install it, from a terminal "
2897
2906
"prompt enter:"
2900
#: serverguide/C/virtualization.xml:111(command)
2909
#: serverguide/C/virtualization.xml:132(command)
2901
2910
msgid "sudo apt-get install virtinst"
2904
#: serverguide/C/virtualization.xml:113(para)
2913
#: serverguide/C/virtualization.xml:135(para)
2906
2915
"There are several options available when using <application>virt-"
2907
2916
"install</application>. For example:"
2974
2983
"After launching <application>virt-install</application> you can connect to "
2975
2984
"the virtual machine's console either locally using a GUI (if your server has "
2976
"a GUI), or via a remote VNC client from a GUI based computer."
2985
"a GUI), or via a remote VNC client from a GUI-based computer."
2979
#: serverguide/C/virtualization.xml:179(title)
2988
#: serverguide/C/virtualization.xml:206(title)
2980
2989
msgid "virt-clone"
2983
#: serverguide/C/virtualization.xml:180(para)
2992
#: serverguide/C/virtualization.xml:208(para)
2985
2994
"The <application>virt-clone</application> application can be used to copy "
2986
2995
"one virtual machine to another. For example:"
2989
#: serverguide/C/virtualization.xml:184(command)
2998
#: serverguide/C/virtualization.xml:212(command)
2991
3000
"sudo virt-clone -o web_devel -n database_devel -f "
2992
3001
"/path/to/database_devel.img \\ --connect=qemu:///system"
2995
#: serverguide/C/virtualization.xml:189(para)
3004
#: serverguide/C/virtualization.xml:218(para)
2996
3005
msgid "<emphasis>-o:</emphasis> original virtual machine."
2999
#: serverguide/C/virtualization.xml:194(para)
3008
#: serverguide/C/virtualization.xml:222(para)
3000
3009
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3003
#: serverguide/C/virtualization.xml:199(para)
3012
#: serverguide/C/virtualization.xml:227(para)
3005
3014
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3006
3015
"be used by the new virtual machine."
3009
#: serverguide/C/virtualization.xml:204(para)
3018
#: serverguide/C/virtualization.xml:232(para)
3011
3020
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3014
#: serverguide/C/virtualization.xml:209(para)
3023
#: serverguide/C/virtualization.xml:237(para)
3016
3025
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3017
3026
"help troubleshoot problems with <application>virt-clone</application>."
3020
#: serverguide/C/virtualization.xml:214(para)
3029
#: serverguide/C/virtualization.xml:242(para)
3022
3031
"Replace <emphasis>web_devel</emphasis> and "
3023
3032
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3026
#: serverguide/C/virtualization.xml:220(title)
3035
#: serverguide/C/virtualization.xml:249(title)
3027
3036
msgid "Virtual Machine Management"
3030
#: serverguide/C/virtualization.xml:222(title)
3039
#: serverguide/C/virtualization.xml:252(title)
3034
#: serverguide/C/virtualization.xml:223(para)
3043
#: serverguide/C/virtualization.xml:254(para)
3036
3045
"There are several utilities available to manage virtual machines and "
3037
3046
"<application>libvirt</application>. The <application>virsh</application> "
3038
3047
"utility can be used from the command line. Some examples:"
3041
#: serverguide/C/virtualization.xml:229(para)
3050
#: serverguide/C/virtualization.xml:261(para)
3042
3051
msgid "To list running virtual machines:"
3045
#: serverguide/C/virtualization.xml:233(command)
3054
#: serverguide/C/virtualization.xml:264(command)
3046
3055
msgid "virsh -c qemu:///system list"
3049
#: serverguide/C/virtualization.xml:237(para)
3058
#: serverguide/C/virtualization.xml:269(para)
3050
3059
msgid "To start a virtual machine:"
3053
#: serverguide/C/virtualization.xml:241(command)
3062
#: serverguide/C/virtualization.xml:272(command)
3054
3063
msgid "virsh -c qemu:///system start web_devel"
3057
#: serverguide/C/virtualization.xml:245(para)
3066
#: serverguide/C/virtualization.xml:277(para)
3058
3067
msgid "Similarly, to start a virtual machine at boot:"
3061
#: serverguide/C/virtualization.xml:249(command)
3070
#: serverguide/C/virtualization.xml:280(command)
3062
3071
msgid "virsh -c qemu:///system autostart web_devel"
3065
#: serverguide/C/virtualization.xml:253(para)
3074
#: serverguide/C/virtualization.xml:285(para)
3066
3075
msgid "Reboot a virtual machine with:"
3069
#: serverguide/C/virtualization.xml:257(command)
3078
#: serverguide/C/virtualization.xml:288(command)
3070
3079
msgid "virsh -c qemu:///system reboot web_devel"
3073
#: serverguide/C/virtualization.xml:261(para)
3082
#: serverguide/C/virtualization.xml:293(para)
3075
3084
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3076
3085
"order to be restored later. The following will save the virtual machine "
3077
3086
"state into a file named according to the date:"
3080
#: serverguide/C/virtualization.xml:266(command)
3089
#: serverguide/C/virtualization.xml:299(command)
3081
3090
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3084
#: serverguide/C/virtualization.xml:268(para)
3093
#: serverguide/C/virtualization.xml:302(para)
3085
3094
msgid "Once saved the virtual machine will no longer be running."
3088
#: serverguide/C/virtualization.xml:273(para)
3097
#: serverguide/C/virtualization.xml:307(para)
3089
3098
msgid "A saved virtual machine can be restored using:"
3092
#: serverguide/C/virtualization.xml:277(command)
3101
#: serverguide/C/virtualization.xml:310(command)
3093
3102
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3096
#: serverguide/C/virtualization.xml:281(para)
3105
#: serverguide/C/virtualization.xml:315(para)
3097
3106
msgid "To shutdown a virtual machine do:"
3100
#: serverguide/C/virtualization.xml:285(command)
3109
#: serverguide/C/virtualization.xml:318(command)
3101
3110
msgid "virsh -c qemu:///system shutdown web_devel"
3104
#: serverguide/C/virtualization.xml:289(para)
3113
#: serverguide/C/virtualization.xml:323(para)
3105
3114
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3108
#: serverguide/C/virtualization.xml:293(command)
3117
#: serverguide/C/virtualization.xml:327(command)
3109
3118
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3112
#: serverguide/C/virtualization.xml:298(para)
3121
#: serverguide/C/virtualization.xml:333(para)
3114
3123
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3115
3124
"appropriate virtual machine name, and <filename>web_devel-"
3116
3125
"022708.state</filename> with a descriptive file name."
3119
#: serverguide/C/virtualization.xml:305(title)
3128
#: serverguide/C/virtualization.xml:341(title)
3120
3129
msgid "Virtual Machine Manager"
3123
#: serverguide/C/virtualization.xml:306(para)
3132
#: serverguide/C/virtualization.xml:343(para)
3125
3134
"The <application>virt-manager</application> package contains a graphical "
3126
3135
"utility to manage local and remote virtual machines. To install virt-manager "
3130
#: serverguide/C/virtualization.xml:311(command)
3139
#: serverguide/C/virtualization.xml:348(command)
3131
3140
msgid "sudo apt-get install virt-manager"
3134
#: serverguide/C/virtualization.xml:313(para)
3143
#: serverguide/C/virtualization.xml:351(para)
3136
3145
"Since <application>virt-manager</application> requires a Graphical User "
3137
3146
"Interface (GUI) environment it is recommended to be installed on a "
3179
#: serverguide/C/virtualization.xml:343(para)
3188
#: serverguide/C/virtualization.xml:390(para)
3181
3190
"To install <application>virt-viewer</application> from a terminal enter:"
3184
#: serverguide/C/virtualization.xml:347(command)
3193
#: serverguide/C/virtualization.xml:394(command)
3185
3194
msgid "sudo apt-get install virt-viewer"
3188
#: serverguide/C/virtualization.xml:349(para)
3197
#: serverguide/C/virtualization.xml:397(para)
3190
3199
"Once a virtual machine is installed and running you can connect to the "
3191
3200
"virtual machine's console by using:"
3194
#: serverguide/C/virtualization.xml:353(command)
3203
#: serverguide/C/virtualization.xml:401(command)
3195
3204
msgid "virt-viewer -c qemu:///system web_devel"
3198
#: serverguide/C/virtualization.xml:355(para)
3207
#: serverguide/C/virtualization.xml:404(para)
3200
3209
"Similar to <application>virt-manager</application>, <application>virt-"
3201
3210
"viewer</application> can connect to a remote host using "
3202
3211
"<emphasis>SSH</emphasis> with key authentication, as well:"
3205
#: serverguide/C/virtualization.xml:360(command)
3214
#: serverguide/C/virtualization.xml:409(command)
3206
3215
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3209
#: serverguide/C/virtualization.xml:362(para)
3218
#: serverguide/C/virtualization.xml:412(para)
3211
3220
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3212
3221
"appropriate virtual machine name."
3228
3237
"more details."
3231
#: serverguide/C/virtualization.xml:379(para)
3240
#: serverguide/C/virtualization.xml:430(para)
3233
3242
"For more information on <application>libvirt</application> see the <ulink "
3234
3243
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3237
#: serverguide/C/virtualization.xml:384(para)
3246
#: serverguide/C/virtualization.xml:436(para)
3239
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3240
"Manager</ulink> site has more information on <application>virt-"
3241
"manager</application> development."
3248
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3249
"site has more information on <application>virt-manager</application> "
3244
#: serverguide/C/virtualization.xml:390(para)
3253
#: serverguide/C/virtualization.xml:442(para)
3246
3255
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3247
3256
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3248
3257
"technology in Ubuntu."
3251
#: serverguide/C/virtualization.xml:396(para)
3260
#: serverguide/C/virtualization.xml:448(para)
3253
3262
"Another good resource is the <ulink "
3254
3263
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3257
#: serverguide/C/virtualization.xml:401(para)
3266
#: serverguide/C/virtualization.xml:454(para)
3259
3268
"For information on Xen, including using Xen with libvirt, please see the "
3260
3269
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3265
3274
msgid "Cloud images and uvtool"
3268
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3277
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3269
3278
msgid "Introduction"
3270
3279
msgstr "Pengenalan"
3272
3281
#: serverguide/C/virtualization.xml:469(para)
3274
"With Ubuntu being one of the most used operating systems on most of the "
3275
"cloud platforms, the availability of stable and secure cloud images has "
3276
"become very important. As of 12.04 the utilization of cloud images outside "
3277
"of a cloud infrastructure has been improved. It is now possible to use those "
3283
"With Ubuntu being one of the most used operating systems on many cloud "
3284
"platforms, the availability of stable and secure cloud images has become "
3285
"very important. As of 12.04 the utilization of cloud images outside of a "
3286
"cloud infrastructure has been improved. It is now possible to use those "
3278
3287
"images to create a virtual machine without the need of a complete "
3279
3288
"installation."
3282
#: serverguide/C/virtualization.xml:478(title)
3291
#: serverguide/C/virtualization.xml:477(title)
3283
3292
msgid "Creating virtual machines using uvtool"
3286
#: serverguide/C/virtualization.xml:480(para)
3295
#: serverguide/C/virtualization.xml:479(para)
3288
3297
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3289
3298
"of generating virtual machines (VM) using the cloud images. "
3291
3300
"synchronize cloud-images locally and use them to create new VMs in minutes."
3294
#: serverguide/C/virtualization.xml:487(title)
3303
#: serverguide/C/virtualization.xml:486(title)
3295
3304
msgid "Uvtool packages"
3298
#: serverguide/C/virtualization.xml:489(para)
3307
#: serverguide/C/virtualization.xml:488(para)
3300
"The following packages and their dependancies will be required in order to "
3309
"The following packages and their dependencies will be required in order to "
3304
#: serverguide/C/virtualization.xml:496(para)
3313
#: serverguide/C/virtualization.xml:495(para)
3308
#: serverguide/C/virtualization.xml:500(para)
3317
#: serverguide/C/virtualization.xml:499(para)
3309
3318
msgid "uvtool-libvirt"
3312
#: serverguide/C/virtualization.xml:505(para)
3314
"Installation of <application>uvtool</application> is done the same as for "
3315
"any other application by using apt-get:"
3321
#: serverguide/C/virtualization.xml:504(para)
3322
msgid "To install <application>uvtool</application>, run:"
3318
#: serverguide/C/virtualization.xml:507(programlisting)
3325
#: serverguide/C/virtualization.xml:505(programlisting)
3320
3327
msgid "$ apt-get -y install uvtool"
3323
#: serverguide/C/virtualization.xml:509(para)
3330
#: serverguide/C/virtualization.xml:507(para)
3324
3331
msgid "This will install uvtool's main commands:"
3327
#: serverguide/C/virtualization.xml:511(application)
3334
#: serverguide/C/virtualization.xml:509(application)
3328
3335
msgid "uvt-simplestreams-libvirt"
3331
#: serverguide/C/virtualization.xml:512(application)
3338
#: serverguide/C/virtualization.xml:510(application)
3332
3339
msgid "uvt-kvm"
3335
#: serverguide/C/virtualization.xml:517(title)
3342
#: serverguide/C/virtualization.xml:515(title)
3337
3344
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3338
3345
"libvirt</application>"
3341
#: serverguide/C/virtualization.xml:519(para)
3348
#: serverguide/C/virtualization.xml:517(para)
3343
3350
"This is one of the major simplifications that "
3344
3351
"<application>uvtool</application> brings. It is aware of where to find the "
3370
3377
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3373
#: serverguide/C/virtualization.xml:538(para)
3380
#: serverguide/C/virtualization.xml:536(para)
3375
3382
"In the case where you want to synchronize only one specific cloud-image, you "
3376
3383
"need to use the release= and arch= filters to identify which image needs to "
3377
3384
"be synchronized."
3380
#: serverguide/C/virtualization.xml:541(programlisting)
3387
#: serverguide/C/virtualization.xml:539(programlisting)
3382
3389
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3385
#: serverguide/C/virtualization.xml:546(title)
3392
#: serverguide/C/virtualization.xml:544(title)
3386
3393
msgid "Create the VM using uvt-kvm"
3389
#: serverguide/C/virtualization.xml:548(para)
3396
#: serverguide/C/virtualization.xml:546(para)
3391
"In order to be able to connect to the virtual machine once it has been "
3392
"created, it is necessary to have a valid SSH key available for the ubuntu "
3393
"user. If your environment does not have a ssh key, you can easily create one "
3394
"using the following command:"
3398
"In order to connect to the virtual machine once it has been created, you "
3399
"must have a valid SSH key available for the Ubuntu user. If your environment "
3400
"does not have an SSH key, you can easily create one using the following "
3397
#: serverguide/C/virtualization.xml:552(programlisting)
3404
#: serverguide/C/virtualization.xml:548(programlisting)
3421
3428
"+-----------------+\n"
3431
#: serverguide/C/virtualization.xml:571(para)
3433
"To create of a new virtual machine using uvtool, run the following in a "
3437
#: serverguide/C/virtualization.xml:573(programlisting)
3439
msgid "$ uvt-kvm create firsttest"
3424
3442
#: serverguide/C/virtualization.xml:575(para)
3426
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3427
"form, you only need to do:"
3430
#: serverguide/C/virtualization.xml:578(programlisting)
3432
msgid "$ uvt-kvm create firsttest"
3435
#: serverguide/C/virtualization.xml:580(para)
3437
3444
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3438
3445
"using the current LTS cloud image available locally. If you want to specify "
3439
3446
"a release to be used to create the VM, you need to use the <emphasis "
3440
"role=\"bold\">release=</emphasis> filter"
3447
"role=\"bold\">release=</emphasis> filter:"
3450
#: serverguide/C/virtualization.xml:578(programlisting)
3452
msgid "$ uvt-kvm create secondtest release=trusty"
3455
#: serverguide/C/virtualization.xml:580(para)
3457
"<application>uvt-kvm wait</application> can be used to wait until the "
3458
"creation of the VM has completed:"
3443
3461
#: serverguide/C/virtualization.xml:583(programlisting)
3445
msgid "$ uvt-kvm create secondtest release=trusty"
3448
#: serverguide/C/virtualization.xml:585(para)
3450
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3451
"the creation of the VM has completed"
3454
#: serverguide/C/virtualization.xml:588(programlisting)
3457
3464
"$ uvt-kvm wait secondttest --insecure\n"
3458
3465
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3461
#: serverguide/C/virtualization.xml:593(title)
3468
#: serverguide/C/virtualization.xml:588(title)
3462
3469
msgid "Connect to the running VM"
3465
#: serverguide/C/virtualization.xml:594(para)
3472
#: serverguide/C/virtualization.xml:589(para)
3467
3474
"Once the virtual machine creation is completed, you can connect to it using "
3471
#: serverguide/C/virtualization.xml:597(programlisting)
3478
#: serverguide/C/virtualization.xml:592(programlisting)
3473
3480
msgid "$ uvt-kvm ssh secondtest --insecure"
3476
#: serverguide/C/virtualization.xml:599(para)
3483
#: serverguide/C/virtualization.xml:594(para)
3478
3485
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3479
"required so you should be using this mechanism to connect to your VM only if "
3480
"you completely trust your network infrastructure"
3486
"required, so use this mechanism to connect to your VM only if you completely "
3487
"trust your network infrastructure."
3483
#: serverguide/C/virtualization.xml:602(para)
3490
#: serverguide/C/virtualization.xml:596(para)
3485
"You can also connect to your VM using a regular ssh session using the IP "
3492
"You can also connect to your VM using a regular SSH session using the IP "
3486
3493
"address of the VM. The address can be queried using the following command:"
3489
#: serverguide/C/virtualization.xml:605(programlisting)
3496
#: serverguide/C/virtualization.xml:598(programlisting)
3520
#: serverguide/C/virtualization.xml:631(title)
3527
#: serverguide/C/virtualization.xml:624(title)
3521
3528
msgid "Get the list of running VMs"
3524
#: serverguide/C/virtualization.xml:632(para)
3525
msgid "You can get the list of VM running on your system with this command:"
3531
#: serverguide/C/virtualization.xml:625(para)
3532
msgid "You can get the list of VMs running on your system with this command:"
3528
#: serverguide/C/virtualization.xml:634(programlisting)
3535
#: serverguide/C/virtualization.xml:627(programlisting)
3531
3538
"$ uvt-kvm list\n"
3535
#: serverguide/C/virtualization.xml:639(title)
3542
#: serverguide/C/virtualization.xml:632(title)
3536
3543
msgid "Destroy your VM"
3539
#: serverguide/C/virtualization.xml:640(para)
3540
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3546
#: serverguide/C/virtualization.xml:633(para)
3547
msgid "Once you are done with your VM, you can destroy it with:"
3543
#: serverguide/C/virtualization.xml:642(programlisting)
3550
#: serverguide/C/virtualization.xml:635(programlisting)
3545
3552
msgid "$ uvt-kvm destroy secondtest"
3548
#: serverguide/C/virtualization.xml:644(title)
3555
#: serverguide/C/virtualization.xml:637(title)
3549
3556
msgid "More uvt-kvm options"
3552
#: serverguide/C/virtualization.xml:646(para)
3559
#: serverguide/C/virtualization.xml:639(para)
3554
3561
"The following options can be used to change some of the characteristics of "
3555
"the virtual memory that you are creating"
3562
"the VM that you are creating:"
3565
#: serverguide/C/virtualization.xml:642(para)
3566
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3569
#: serverguide/C/virtualization.xml:643(para)
3570
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3573
#: serverguide/C/virtualization.xml:644(para)
3574
msgid "--cpu : Number of CPU cores. Default: 1."
3577
#: serverguide/C/virtualization.xml:647(para)
3579
"Some other parameters will have an impact on the cloud-init configuration:"
3582
#: serverguide/C/virtualization.xml:649(para)
3584
"--password password : Allow login to the VM using the Ubuntu account and "
3585
"this provided password."
3558
3588
#: serverguide/C/virtualization.xml:650(para)
3559
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3562
#: serverguide/C/virtualization.xml:651(para)
3563
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3566
#: serverguide/C/virtualization.xml:652(para)
3567
msgid "--cpu : Number of CPU cores. Default: 1"
3570
#: serverguide/C/virtualization.xml:655(para)
3572
"Some other parameters will have an impact on the cloud-init configuration"
3575
#: serverguide/C/virtualization.xml:657(para)
3577
"--password password : Allow login to the VM using the ubuntu account and "
3578
"this provided password"
3581
#: serverguide/C/virtualization.xml:658(para)
3583
3590
"--run-script-once script_file : Run script_file as root on the VM the first "
3584
3591
"time it is booted, but never again."
3587
#: serverguide/C/virtualization.xml:659(para)
3594
#: serverguide/C/virtualization.xml:651(para)
3589
3596
"--packages package_list : Install the comma-separated packages specified in "
3590
3597
"package_list on first boot."
3593
#: serverguide/C/virtualization.xml:662(para)
3600
#: serverguide/C/virtualization.xml:654(para)
3595
3602
"A complete description of all available modifiers is available in the "
3596
"manpage of uvt-kvm"
3603
"manpage of uvt-kvm."
3599
#: serverguide/C/virtualization.xml:1073(para)
3606
#: serverguide/C/virtualization.xml:661(para)
3601
3608
"If you are interested in learning more, have questions or suggestions, "
3602
3609
"please contact the Ubuntu Server Team at:"
3605
#: serverguide/C/virtualization.xml:1078(para)
3612
#: serverguide/C/virtualization.xml:666(para)
3606
3613
msgid "IRC: #ubuntu-server on freenode"
3609
#: serverguide/C/virtualization.xml:1083(para)
3616
#: serverguide/C/virtualization.xml:670(para)
3611
3618
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3612
3619
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3615
#: serverguide/C/virtualization.xml:2121(title)
3622
#: serverguide/C/virtualization.xml:679(title)
3616
3623
msgid "Ubuntu Cloud"
3619
#: serverguide/C/virtualization.xml:2122(para)
3626
#: serverguide/C/virtualization.xml:681(para)
3621
3628
"<application>Cloud computing</application> is a computing model that allows "
3622
3629
"vast pools of resources to be allocated on-demand. These resources such as "
3640
3647
"concerning installation and configuration."
3643
#: serverguide/C/virtualization.xml:2452(title)
3650
#: serverguide/C/virtualization.xml:703(title)
3644
3651
msgid "Support and Troubleshooting"
3647
#: serverguide/C/virtualization.xml:2453(para)
3654
#: serverguide/C/virtualization.xml:705(para)
3648
3655
msgid "Community Support"
3651
#: serverguide/C/virtualization.xml:2457(ulink)
3658
#: serverguide/C/virtualization.xml:709(ulink)
3652
3659
msgid "OpenStack Mailing list"
3655
#: serverguide/C/virtualization.xml:2462(ulink)
3662
#: serverguide/C/virtualization.xml:714(ulink)
3656
3663
msgid "The OpenStack Wiki search"
3659
#: serverguide/C/virtualization.xml:2468(ulink)
3666
#: serverguide/C/virtualization.xml:719(ulink)
3660
3667
msgid "Launchpad bugs area"
3663
#: serverguide/C/virtualization.xml:2472(para)
3670
#: serverguide/C/virtualization.xml:724(para)
3664
3671
msgid "Join the IRC channel #openstack on freenode."
3667
#: serverguide/C/virtualization.xml:2486(ulink)
3674
#: serverguide/C/virtualization.xml:735(ulink)
3668
3675
msgid "Cloud Computing - Service models"
3671
#: serverguide/C/virtualization.xml:2491(ulink)
3678
#: serverguide/C/virtualization.xml:741(ulink)
3672
3679
msgid "OpenStack Compute"
3675
#: serverguide/C/virtualization.xml:2496(ulink)
3682
#: serverguide/C/virtualization.xml:747(ulink)
3676
3683
msgid "OpenStack Image Service"
3679
#: serverguide/C/virtualization.xml:2501(ulink)
3686
#: serverguide/C/virtualization.xml:753(ulink)
3680
3687
msgid "OpenStack Object Storage Administration Guide"
3683
#: serverguide/C/virtualization.xml:2506(ulink)
3690
#: serverguide/C/virtualization.xml:759(ulink)
3684
3691
msgid "Installing OpenStack Object Storage on Ubuntu"
3687
#: serverguide/C/virtualization.xml:2511(ulink)
3694
#: serverguide/C/virtualization.xml:765(ulink)
3688
3695
msgid "http://cloudglossary.com/"
3691
#: serverguide/C/virtualization.xml:2586(title)
3698
#: serverguide/C/virtualization.xml:775(title)
3695
#: serverguide/C/virtualization.xml:785(para)
3702
#: serverguide/C/virtualization.xml:777(para)
3697
3704
"Containers are a lightweight virtualization technology. They are more akin "
3698
3705
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3715
3722
"there are peculiarities which can cause confusion."
3718
#: serverguide/C/virtualization.xml:804(para)
3725
#: serverguide/C/virtualization.xml:796(para)
3720
3727
"In this document we will mainly describe the <application>lxc</application> "
3721
3728
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
3722
3729
"Apparmor protection for libvirt-lxc containers."
3725
#: serverguide/C/virtualization.xml:2618(para)
3732
#: serverguide/C/virtualization.xml:801(para)
3726
3733
msgid "In this document, a container name will be shown as CN, C1, or C2."
3729
#: serverguide/C/virtualization.xml:2624(para)
3736
#: serverguide/C/virtualization.xml:807(para)
3730
3737
msgid "The <application>lxc</application> package can be installed using"
3733
#: serverguide/C/virtualization.xml:2629(command)
3740
#: serverguide/C/virtualization.xml:811(command)
3734
3741
msgid "sudo apt-get install lxc"
3737
#: serverguide/C/virtualization.xml:824(para)
3744
#: serverguide/C/virtualization.xml:816(para)
3739
3746
"This will pull in the required and recommended dependencies, as well as set "
3740
3747
"up a network bridge for containers to use. If you wish to use unprivileged "
3939
#: serverguide/C/virtualization.xml:1015(para)
3946
#: serverguide/C/virtualization.xml:1007(para)
3941
3948
"<filename>default.conf</filename> specifies configuration which every newly "
3942
3949
"created container should contain. This usually contains at least a network "
3943
3950
"section, and, for unprivileged users, an id mapping section"
3946
#: serverguide/C/virtualization.xml:1022(para)
3953
#: serverguide/C/virtualization.xml:1014(para)
3948
3955
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3949
3956
"connect their containers to the host-owned network."
3952
#: serverguide/C/virtualization.xml:1002(para)
3959
#: serverguide/C/virtualization.xml:994(para)
3954
3961
"The following configuration files are consulted by LXC. For privileged use, "
3955
3962
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3956
3963
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3959
#: serverguide/C/virtualization.xml:1028(para)
3966
#: serverguide/C/virtualization.xml:1020(para)
3961
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3962
"exist both under <filename>/etc/lxc</filename> and "
3968
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3969
"under <filename>/etc/lxc</filename> and "
3963
3970
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3964
3971
"usernet.conf</filename> is only host-wide."
3967
#: serverguide/C/virtualization.xml:1033(para)
3974
#: serverguide/C/virtualization.xml:1025(para)
3969
3976
"By default, containers are located under /var/lib/lxc for the root user, and "
3970
3977
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3971
3978
"commands using the \"-P|--lxcpath\" argument."
3974
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3981
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3975
3982
msgid "Networking"
3976
3983
msgstr "Jaringan"
3978
#: serverguide/C/virtualization.xml:1043(para)
3985
#: serverguide/C/virtualization.xml:1035(para)
3980
3987
"By default LXC creates a private network namespace for each container, which "
3981
3988
"includes a layer 2 networking stack. Containers usually connect to the "
4233
4240
"dangerous paths, and from mounting most filesystems."
4236
#: serverguide/C/virtualization.xml:1275(para)
4243
#: serverguide/C/virtualization.xml:1267(para)
4238
4245
"Programs in a container cannot be further confined - for instance, MySQL "
4239
4246
"runs under the container profile (protecting the host) but will not be able "
4240
4247
"to enter the MySQL profile (to protect the container)."
4243
#: serverguide/C/virtualization.xml:2926(para)
4250
#: serverguide/C/virtualization.xml:1272(para)
4245
4252
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4246
4253
"container it spawns will be confined."
4249
#: serverguide/C/virtualization.xml:1283(title)
4256
#: serverguide/C/virtualization.xml:1275(title)
4250
4257
msgid "Customizing container policies"
4253
#: serverguide/C/virtualization.xml:2879(para)
4260
#: serverguide/C/virtualization.xml:1276(para)
4255
4262
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4256
4263
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4257
4264
"start profile by doing:"
4260
#: serverguide/C/virtualization.xml:2885(screen)
4267
#: serverguide/C/virtualization.xml:1280(screen)
4368
4376
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4371
#: serverguide/C/virtualization.xml:1377(para)
4379
#: serverguide/C/virtualization.xml:1369(para)
4373
"By default, a privileged container CN will be assigned a cgroup called "
4381
"By default, a privileged container CN will be assigned to a cgroup called "
4374
4382
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4375
4383
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4376
4384
"at 0, will be appended to the cgroup name."
4379
#: serverguide/C/virtualization.xml:1383(para)
4387
#: serverguide/C/virtualization.xml:1375(para)
4381
"By default, a privileged container CN will be assigned a cgroup called "
4389
"By default, a privileged container CN will be assigned to a cgroup called "
4382
4390
"<filename>CN</filename> under the cgroup of the task which started the "
4383
4391
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4384
4392
"The container root will be given group ownership of the directory (but not "
4385
4393
"all files) so that it is allowed to create new child cgroups."
4388
#: serverguide/C/virtualization.xml:1390(para)
4396
#: serverguide/C/virtualization.xml:1382(para)
4390
4398
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4391
4399
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4392
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4400
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4393
4401
"nested containers, the line <screen>\n"
4395
4403
"lxc.mount.auto = cgroup\n"
4445
4453
"container, and to only use its snapshots."
4448
#: serverguide/C/virtualization.xml:1446(para)
4456
#: serverguide/C/virtualization.xml:1438(para)
4449
4457
msgid "Given an existing container called C1, a copy can be created using:"
4452
#: serverguide/C/virtualization.xml:3274(command)
4460
#: serverguide/C/virtualization.xml:1442(command)
4453
4461
msgid "sudo lxc-clone -o C1 -n C2"
4456
#: serverguide/C/virtualization.xml:1455(para)
4457
msgid "A snapshot can be created using"
4464
#: serverguide/C/virtualization.xml:1447(para)
4465
msgid "A snapshot can be created using:"
4460
#: serverguide/C/virtualization.xml:3288(command)
4468
#: serverguide/C/virtualization.xml:1449(command)
4461
4469
msgid "sudo lxc-clone -s -o C1 -n C2"
4464
#: serverguide/C/virtualization.xml:1461(para)
4472
#: serverguide/C/virtualization.xml:1453(para)
4465
4473
msgid "See the lxc-clone manpage for more information."
4468
#: serverguide/C/virtualization.xml:1464(title)
4476
#: serverguide/C/virtualization.xml:1456(title)
4469
4477
msgid "Snapshots"
4472
#: serverguide/C/virtualization.xml:1465(para)
4480
#: serverguide/C/virtualization.xml:1457(para)
4474
4482
"To more easily support the use of snapshot clones for iterative container "
4475
4483
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4527
4535
"page for more options."
4530
#: serverguide/C/virtualization.xml:1527(title)
4538
#: serverguide/C/virtualization.xml:1519(title)
4531
4539
msgid "Lifecycle management hooks"
4534
#: serverguide/C/virtualization.xml:1529(para)
4542
#: serverguide/C/virtualization.xml:1521(para)
4536
4544
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4537
4545
"at specific points in a container's lifetime:"
4540
#: serverguide/C/virtualization.xml:1534(para)
4548
#: serverguide/C/virtualization.xml:1526(para)
4542
4550
"Pre-start hooks are run in the host's namespace before the container ttys, "
4543
4551
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4544
4552
"be cleaned up in the post-stop hook."
4547
#: serverguide/C/virtualization.xml:1541(para)
4555
#: serverguide/C/virtualization.xml:1533(para)
4549
4557
"Pre-mount hooks are run in the container's namespaces, but before the root "
4550
4558
"filesystem has been mounted. Mounts done in this hook will be automatically "
4551
4559
"cleaned up when the container shuts down."
4554
#: serverguide/C/virtualization.xml:1548(para)
4562
#: serverguide/C/virtualization.xml:1540(para)
4556
4564
"Mount hooks are run after the container filesystems have been mounted, but "
4557
4565
"before the container has called <command>pivot_root</command> to change its "
4558
4566
"root filesystem."
4561
#: serverguide/C/virtualization.xml:1555(para)
4569
#: serverguide/C/virtualization.xml:1547(para)
4563
4571
"Start hooks are run immediately before executing the container's init. Since "
4564
4572
"these are executed after pivoting into the container's filesystem, the "
4565
4573
"command to be executed must be copied into the container's filesystem."
4568
#: serverguide/C/virtualization.xml:1562(para)
4576
#: serverguide/C/virtualization.xml:1554(para)
4569
4577
msgid "Post-stop hooks are executed after the container has been shut down."
4572
#: serverguide/C/virtualization.xml:1567(para)
4580
#: serverguide/C/virtualization.xml:1559(para)
4574
4582
"If any hook returns an error, the container's run will be aborted. Any "
4575
4583
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4576
4584
"generated by the script will be logged at the debug priority."
4579
#: serverguide/C/virtualization.xml:1572(para)
4587
#: serverguide/C/virtualization.xml:1564(para)
4581
4589
"Please see the lxc.container.conf manual page for the configuration file "
4582
4590
"format with which to specify hooks. Some sample hooks are shipped with the "
4583
4591
"lxc package to serve as an example of how to write and use such hooks."
4586
#: serverguide/C/virtualization.xml:3452(title)
4594
#: serverguide/C/virtualization.xml:1571(title)
4587
4595
msgid "Consoles"
4590
#: serverguide/C/virtualization.xml:1581(para)
4598
#: serverguide/C/virtualization.xml:1573(para)
4592
4600
"Containers have a configurable number of consoles. One always exists on the "
4593
4601
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4834
4842
"to the use of containers."
4837
#: serverguide/C/virtualization.xml:4398(para)
4845
#: serverguide/C/virtualization.xml:1795(para)
4839
4847
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4840
4848
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4841
4849
"use of security modules to make containers more secure."
4844
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4852
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4845
4853
msgid "Manual pages referenced above can be found at:"
4848
#: serverguide/C/virtualization.xml:4407(ulink)
4856
#: serverguide/C/virtualization.xml:1804(ulink)
4849
4857
msgid "capabilities"
4852
#: serverguide/C/virtualization.xml:4408(ulink)
4860
#: serverguide/C/virtualization.xml:1805(ulink)
4853
4861
msgid "lxc.conf"
4856
#: serverguide/C/virtualization.xml:1818(para)
4864
#: serverguide/C/virtualization.xml:1810(para)
4858
4866
"The upstream LXC project is hosted at <ulink "
4859
4867
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4862
#: serverguide/C/virtualization.xml:4420(para)
4870
#: serverguide/C/virtualization.xml:1815(para)
4864
4872
"LXC security issues are listed and discussed at <ulink "
4865
4873
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4868
#: serverguide/C/virtualization.xml:1829(para)
4876
#: serverguide/C/virtualization.xml:1821(para)
4870
4878
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4871
4879
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4965
4973
"access or a central server."
4968
#: serverguide/C/vcs.xml:88(para)
4976
#: serverguide/C/vcs.xml:95(para)
4970
4978
"The <application>git</application> version control system is installed with "
4971
4979
"the following command"
4974
#: serverguide/C/vcs.xml:92(command)
4982
#: serverguide/C/vcs.xml:99(command)
4975
4983
msgid "sudo apt-get install git"
4978
#: serverguide/C/vcs.xml:97(para)
4986
#: serverguide/C/vcs.xml:104(para)
4980
4988
"Every git user should first introduce himself to git, by running these two "
4984
#: serverguide/C/vcs.xml:99(command)
4992
#: serverguide/C/vcs.xml:106(command)
4985
4993
msgid "git config --global user.email \"you@example.com\""
4988
#: serverguide/C/vcs.xml:100(command)
4996
#: serverguide/C/vcs.xml:107(command)
4989
4997
msgid "git config --global user.name \"Your Name\""
4992
#: serverguide/C/vcs.xml:105(para)
5000
#: serverguide/C/vcs.xml:112(para)
4994
5002
"The above is already sufficient to use git in a distributed and secure way, "
4995
5003
"provided users have access to the machine assuming the server role via SSH. "
4996
"On the server machine, creating a new repository can be done with"
5004
"On the server machine, creating a new repository can be done with:"
4999
#: serverguide/C/vcs.xml:108(command)
5007
#: serverguide/C/vcs.xml:119(command)
5000
5008
msgid "git init --bare /path/to/repository"
5003
#: serverguide/C/vcs.xml:110(para)
5011
#: serverguide/C/vcs.xml:121(para)
5005
5013
"This creates a bare repository, that cannot be used to edit files directly. "
5006
5014
"If you would rather have a working copy of the contents of the repository on "
5007
5015
"the server, ommit the <emphasis>--bare</emphasis> option."
5010
#: serverguide/C/vcs.xml:111(para)
5018
#: serverguide/C/vcs.xml:122(para)
5012
"Any client with ssh access to the machine can from then on clone the "
5020
"Any client with SSH access to the machine can then clone the repository with:"
5016
#: serverguide/C/vcs.xml:113(command)
5023
#: serverguide/C/vcs.xml:127(command)
5017
5024
msgid "git clone username@hostname:/path/to/repository"
5020
#: serverguide/C/vcs.xml:115(para)
5027
#: serverguide/C/vcs.xml:129(para)
5022
5029
"Once cloned to the client's machine, the client can edit files, then commit "
5023
5030
"and share them with:"
5026
#: serverguide/C/vcs.xml:119(command)
5033
#: serverguide/C/vcs.xml:133(command)
5027
5034
msgid "cd /path/to/repository"
5030
#: serverguide/C/vcs.xml:120(command)
5037
#: serverguide/C/vcs.xml:134(command)
5031
5038
msgid "#(edit some files"
5034
#: serverguide/C/vcs.xml:121(command)
5041
#: serverguide/C/vcs.xml:135(command)
5036
5043
"git commit -a # Commit all changes to the local version of the repository"
5039
#: serverguide/C/vcs.xml:122(command)
5046
#: serverguide/C/vcs.xml:136(command)
5041
5048
"git push origin master # Push changes to the server's version of the "
5045
#: serverguide/C/vcs.xml:127(title)
5052
#: serverguide/C/vcs.xml:141(title)
5046
5053
msgid "Installing a gitolite server"
5049
#: serverguide/C/vcs.xml:128(para)
5056
#: serverguide/C/vcs.xml:142(para)
5051
5058
"While the above is sufficient to create, clone and edit repositories, users "
5052
5059
"wanting to install git on a server will most likely want to have git work "
5117
5124
"configuration repository:"
5120
#: serverguide/C/vcs.xml:169(command)
5127
#: serverguide/C/vcs.xml:183(command)
5124
#: serverguide/C/vcs.xml:170(command)
5131
#: serverguide/C/vcs.xml:184(command)
5125
5132
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5128
#: serverguide/C/vcs.xml:171(command)
5135
#: serverguide/C/vcs.xml:185(command)
5129
5136
msgid "cd gitolite-admin"
5132
#: serverguide/C/vcs.xml:173(para)
5139
#: serverguide/C/vcs.xml:187(para)
5134
5141
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5135
5142
"configuration files are in the conf dir, and the keydir directory contains "
5136
5143
"the list of user's public SSH keys."
5139
#: serverguide/C/vcs.xml:176(title)
5146
#: serverguide/C/vcs.xml:190(title)
5140
5147
msgid "Managing gitolite users and repositories"
5143
#: serverguide/C/vcs.xml:177(para)
5150
#: serverguide/C/vcs.xml:191(para)
5145
5152
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5146
5153
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5180
5187
" R = denise\n"
5183
#: serverguide/C/vcs.xml:195(title)
5190
#: serverguide/C/vcs.xml:209(title)
5184
5191
msgid "Using your server"
5187
#: serverguide/C/vcs.xml:196(para)
5194
#: serverguide/C/vcs.xml:210(para)
5189
5196
"To use the newly created server, users have to have the gitolite admin "
5190
5197
"import their public key into the gitolite configuration repository, they can "
5191
5198
"then access any project they have access to with the following command:"
5194
#: serverguide/C/vcs.xml:198(command)
5201
#: serverguide/C/vcs.xml:212(command)
5195
5202
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5198
#: serverguide/C/vcs.xml:200(para)
5205
#: serverguide/C/vcs.xml:214(para)
5200
5207
"Or add the server's project as a remote for an existing git repository:"
5203
#: serverguide/C/vcs.xml:202(command)
5210
#: serverguide/C/vcs.xml:216(command)
5204
5211
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5207
#: serverguide/C/vcs.xml:79(title)
5214
#: serverguide/C/vcs.xml:221(title)
5208
5215
msgid "Subversion"
5209
5216
msgstr "Subversion"
5211
#: serverguide/C/vcs.xml:80(para)
5218
#: serverguide/C/vcs.xml:222(para)
5213
5220
"Subversion is an open source version control system. Using Subversion, you "
5214
5221
"can record the history of source files and documents. It manages files and "
5228
5235
"section to install and configure the digital certificate."
5231
#: serverguide/C/vcs.xml:94(para)
5238
#: serverguide/C/vcs.xml:236(para)
5233
5240
"To install Subversion, run the following command from a terminal prompt:"
5235
5242
"Untuk menginstal Subversion, jalankan perintah berikut dari terminal prompt:"
5237
#: serverguide/C/vcs.xml:227(command)
5244
#: serverguide/C/vcs.xml:241(command)
5238
5245
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5241
#: serverguide/C/vcs.xml:105(title)
5248
#: serverguide/C/vcs.xml:247(title)
5242
5249
msgid "Server Configuration"
5243
5250
msgstr "Konfigurasi Server"
5245
#: serverguide/C/vcs.xml:106(para)
5252
#: serverguide/C/vcs.xml:248(para)
5247
5254
"This step assumes you have installed above mentioned packages on your "
5248
5255
"system. This section explains how to create a Subversion repository and "
5249
5256
"access the project."
5252
#: serverguide/C/vcs.xml:109(title)
5259
#: serverguide/C/vcs.xml:251(title)
5253
5260
msgid "Create Subversion Repository"
5254
5261
msgstr "Membuat Gudang Subversion"
5256
#: serverguide/C/vcs.xml:110(para)
5263
#: serverguide/C/vcs.xml:252(para)
5258
5265
"The Subversion repository can be created using the following command from a "
5259
5266
"terminal prompt:"
5291
5298
"schemes map to the available access methods."
5294
#: serverguide/C/vcs.xml:144(para)
5301
#: serverguide/C/vcs.xml:286(para)
5298
#: serverguide/C/vcs.xml:145(para)
5305
#: serverguide/C/vcs.xml:287(para)
5299
5306
msgid "Access Method"
5300
5307
msgstr "Metode Akses"
5302
#: serverguide/C/vcs.xml:150(para)
5309
#: serverguide/C/vcs.xml:292(para)
5303
5310
msgid "file://"
5304
5311
msgstr "file://"
5306
#: serverguide/C/vcs.xml:151(para)
5313
#: serverguide/C/vcs.xml:293(para)
5307
5314
msgid "direct repository access (on local disk)"
5308
5315
msgstr "akses langsung ke gudang (pada cakram lokal)"
5310
#: serverguide/C/vcs.xml:154(para)
5317
#: serverguide/C/vcs.xml:296(para)
5311
5318
msgid "http://"
5312
5319
msgstr "http://"
5314
#: serverguide/C/vcs.xml:155(para)
5321
#: serverguide/C/vcs.xml:297(para)
5315
5322
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5317
5324
"Akses lewat protokol WebDAV ke server web Apache dengan modul Subversion"
5319
#: serverguide/C/vcs.xml:158(para)
5326
#: serverguide/C/vcs.xml:300(para)
5320
5327
msgid "https://"
5321
5328
msgstr "https://"
5323
#: serverguide/C/vcs.xml:159(para)
5330
#: serverguide/C/vcs.xml:301(para)
5324
5331
msgid "Same as http://, but with SSL encryption"
5325
5332
msgstr "Sama seperti http://, namun dengan enkripsi SSL"
5327
#: serverguide/C/vcs.xml:162(para)
5334
#: serverguide/C/vcs.xml:304(para)
5329
5336
msgstr "svn://"
5331
#: serverguide/C/vcs.xml:163(para)
5338
#: serverguide/C/vcs.xml:305(para)
5332
5339
msgid "Access via custom protocol to an svnserve server"
5333
5340
msgstr "Akses lewat protokol custom ke server svnserve"
5335
#: serverguide/C/vcs.xml:166(para)
5342
#: serverguide/C/vcs.xml:308(para)
5336
5343
msgid "svn+ssh://"
5337
5344
msgstr "svn+ssh://"
5339
#: serverguide/C/vcs.xml:167(para)
5346
#: serverguide/C/vcs.xml:309(para)
5340
5347
msgid "Same as svn://, but through an SSH tunnel"
5341
5348
msgstr "Sama seperti svn://, namun melalui tunnel SSH"
5343
#: serverguide/C/vcs.xml:173(para)
5350
#: serverguide/C/vcs.xml:315(para)
5345
5352
"In this section, we will see how to configure Subversion for all these "
5346
5353
"access methods. Here, we cover the basics. For more advanced usage details, "
5347
5354
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5350
#: serverguide/C/vcs.xml:180(title)
5357
#: serverguide/C/vcs.xml:322(title)
5351
5358
msgid "Direct repository access (file://)"
5352
5359
msgstr "Akses langsung ke repositori (file://)"
5354
#: serverguide/C/vcs.xml:181(para)
5361
#: serverguide/C/vcs.xml:323(para)
5356
5363
"This is the simplest of all access methods. It does not require any "
5357
5364
"Subversion server process to be running. This access method is used to "
5359
5366
"at a terminal prompt, is as follows:"
5362
#: serverguide/C/vcs.xml:188(command)
5369
#: serverguide/C/vcs.xml:330(command)
5363
5370
msgid "svn co file:///path/to/repos/project"
5364
5371
msgstr "svn co file:///path/to/repos/project"
5366
#: serverguide/C/vcs.xml:191(para)
5373
#: serverguide/C/vcs.xml:333(para)
5370
#: serverguide/C/vcs.xml:194(command)
5377
#: serverguide/C/vcs.xml:336(command)
5371
5378
msgid "svn co file://localhost/path/to/repos/project"
5372
5379
msgstr "svn co file://localhost/path/to/repos/project"
5374
#: serverguide/C/vcs.xml:198(para)
5381
#: serverguide/C/vcs.xml:340(para)
5376
5383
"If you do not specify the hostname, there are three forward slashes (///) -- "
5377
5384
"two for the protocol (file, in this case) plus the leading slash in the "
5378
5385
"path. If you specify the hostname, you must use two forward slashes (//)."
5381
#: serverguide/C/vcs.xml:200(para)
5388
#: serverguide/C/vcs.xml:342(para)
5383
5390
"The repository permissions depend on filesystem permissions. If the user has "
5384
5391
"read/write permission, he can checkout from and commit to the repository."
5387
#: serverguide/C/vcs.xml:203(title)
5394
#: serverguide/C/vcs.xml:345(title)
5388
5395
msgid "Access via WebDAV protocol (http://)"
5389
5396
msgstr "Akses melalui protokol WebDAV (http://)"
5391
#: serverguide/C/vcs.xml:332(para)
5398
#: serverguide/C/vcs.xml:346(para)
5393
5400
"To access the Subversion repository via WebDAV protocol, you must configure "
5394
5401
"your Apache 2 web server. Add the following snippet between the "
5545
5552
"# [general]\n"
5546
5553
"# password-db = passwd"
5548
#: serverguide/C/vcs.xml:311(para)
5555
#: serverguide/C/vcs.xml:460(para)
5550
5557
"After uncommenting the above lines, you can maintain the user list in the "
5551
5558
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5552
5559
"directory and add the new user. The syntax is as follows:"
5555
#: serverguide/C/vcs.xml:317(programlisting)
5562
#: serverguide/C/vcs.xml:466(programlisting)
5557
5564
msgid "username = password"
5558
5565
msgstr "username = password"
5560
#: serverguide/C/vcs.xml:318(para)
5567
#: serverguide/C/vcs.xml:467(para)
5561
5568
msgid "For more details, please refer to the file."
5562
5569
msgstr "Untuk keterangan lebih lanjut, silakan lihat berkas tersebut."
5564
#: serverguide/C/vcs.xml:322(para)
5571
#: serverguide/C/vcs.xml:471(para)
5566
5573
"Now, to access Subversion via the svn:// custom protocol, either from the "
5567
5574
"same machine or a different machine, you can run svnserver using svnserve "
5568
5575
"command. The syntax is as follows:"
5571
#: serverguide/C/vcs.xml:327(programlisting)
5578
#: serverguide/C/vcs.xml:476(programlisting)
5574
5581
"$ svnserve -d --foreground -r /path/to/repos\n"
5662
5669
"Anda harus menggunakan path penuh (/path/to/repos/project) untuk mengakses "
5663
5670
"repositori Subversion menggunakan metode akses ini."
5665
#: serverguide/C/vcs.xml:387(para)
5672
#: serverguide/C/vcs.xml:536(para)
5667
5674
"Based on server configuration, it prompts for password. You must enter the "
5668
5675
"password you use to login via ssh. Once you are authenticated, it checks out "
5669
5676
"the code from the Subversion repository."
5672
#: serverguide/C/vcs.xml:539(ulink)
5679
#: serverguide/C/vcs.xml:551(ulink)
5673
5680
msgid "Bazaar Home Page"
5674
5681
msgstr "Halaman web Bazaar"
5676
#: serverguide/C/vcs.xml:540(ulink)
5683
#: serverguide/C/vcs.xml:556(ulink)
5677
5684
msgid "Launchpad"
5678
5685
msgstr "Launchpad"
5680
#: serverguide/C/vcs.xml:547(ulink)
5687
#: serverguide/C/vcs.xml:561(ulink)
5681
5688
msgid "Git homepage"
5684
#: serverguide/C/vcs.xml:552(ulink)
5691
#: serverguide/C/vcs.xml:566(ulink)
5685
5692
msgid "Gitolite"
5688
#: serverguide/C/vcs.xml:541(ulink)
5695
#: serverguide/C/vcs.xml:571(ulink)
5689
5696
msgid "Subversion Home Page"
5690
5697
msgstr "Laman Subversion"
5692
#: serverguide/C/vcs.xml:542(ulink)
5699
#: serverguide/C/vcs.xml:576(ulink)
5693
5700
msgid "Subversion Book"
5694
5701
msgstr "Buku Subversion"
5696
#: serverguide/C/vcs.xml:545(ulink)
5703
#: serverguide/C/vcs.xml:581(ulink)
5697
5704
msgid "Easy Bazaar Ubuntu Wiki page"
5700
#: serverguide/C/vcs.xml:546(ulink)
5707
#: serverguide/C/vcs.xml:586(ulink)
5701
5708
msgid "Ubuntu Wiki Subversion page"
5864
5871
msgid "Configurations with root passwords are not supported."
5867
#: serverguide/C/security.xml:37(command)
5874
#: serverguide/C/security.xml:42(command)
5868
5875
msgid "sudo passwd"
5871
#: serverguide/C/security.xml:39(para)
5878
#: serverguide/C/security.xml:44(para)
5873
5880
"Sudo will prompt you for your password, and then ask you to supply a new "
5874
5881
"password for root as shown below:"
5877
#: serverguide/C/security.xml:42(computeroutput)
5884
#: serverguide/C/security.xml:47(computeroutput)
5879
5886
msgid "[sudo] password for username:"
5882
#: serverguide/C/security.xml:42(userinput)
5889
#: serverguide/C/security.xml:47(userinput)
5884
5891
msgid "(enter your own password)"
5887
#: serverguide/C/security.xml:43(computeroutput)
5894
#: serverguide/C/security.xml:48(computeroutput)
5889
5896
msgid "Enter new UNIX password:"
5892
#: serverguide/C/security.xml:43(userinput)
5899
#: serverguide/C/security.xml:48(userinput)
5894
5901
msgid "(enter a new password for root)"
5897
#: serverguide/C/security.xml:44(computeroutput)
5904
#: serverguide/C/security.xml:49(computeroutput)
5899
5906
msgid "Retype new UNIX password:"
5902
#: serverguide/C/security.xml:44(userinput)
5909
#: serverguide/C/security.xml:49(userinput)
5904
5911
msgid "(repeat new password for root)"
5907
#: serverguide/C/security.xml:45(computeroutput)
5914
#: serverguide/C/security.xml:50(computeroutput)
5909
5916
msgid "passwd: password updated successfully"
5947
5954
"<emphasis>sudo</emphasis> group."
5950
#: serverguide/C/security.xml:71(title)
5957
#: serverguide/C/security.xml:82(title)
5951
5958
msgid "Adding and Deleting Users"
5954
#: serverguide/C/security.xml:72(para)
5961
#: serverguide/C/security.xml:83(para)
5956
"The process for managing local users and groups is straight forward and "
5963
"The process for managing local users and groups is straightforward and "
5957
5964
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5958
"other Debian based distributions, encourage the use of the \"adduser\" "
5965
"other Debian based distributions encourage the use of the \"adduser\" "
5959
5966
"package for account management."
5962
#: serverguide/C/security.xml:77(para)
5969
#: serverguide/C/security.xml:88(para)
5964
5971
"To add a user account, use the following syntax, and follow the prompts to "
5965
"give the account a password and identifiable characteristics such as a full "
5972
"give the account a password and identifiable characteristics, such as a full "
5966
5973
"name, phone number, etc."
5969
#: serverguide/C/security.xml:81(command)
5976
#: serverguide/C/security.xml:92(command)
5970
5977
msgid "sudo adduser username"
5973
#: serverguide/C/security.xml:85(para)
5980
#: serverguide/C/security.xml:96(para)
5975
5982
"To delete a user account and its primary group, use the following syntax:"
5978
#: serverguide/C/security.xml:89(command)
5985
#: serverguide/C/security.xml:100(command)
5979
5986
msgid "sudo deluser username"
5982
#: serverguide/C/security.xml:91(para)
5989
#: serverguide/C/security.xml:102(para)
5984
5991
"Deleting an account does not remove their respective home folder. It is up "
5985
5992
"to you whether or not you wish to delete the folder manually or keep it "
5986
5993
"according to your desired retention policies."
5989
#: serverguide/C/security.xml:94(para)
5996
#: serverguide/C/security.xml:105(para)
5991
5998
"Remember, any user added later on with the same UID/GID as the previous "
5992
5999
"owner will now have access to this folder if you have not taken the "
5993
6000
"necessary precautions."
5996
#: serverguide/C/security.xml:97(para)
6003
#: serverguide/C/security.xml:108(para)
5998
6005
"You may want to change these UID/GID values to something more appropriate, "
5999
6006
"such as the root account, and perhaps even relocate the folder to avoid "
6000
6007
"future conflicts:"
6003
#: serverguide/C/security.xml:101(command)
6010
#: serverguide/C/security.xml:112(command)
6004
6011
msgid "sudo chown -R root:root /home/username/"
6007
#: serverguide/C/security.xml:102(command)
6014
#: serverguide/C/security.xml:113(command)
6008
6015
msgid "sudo mkdir /home/archived_users/"
6011
#: serverguide/C/security.xml:103(command)
6018
#: serverguide/C/security.xml:114(command)
6012
6019
msgid "sudo mv /home/username /home/archived_users/"
6015
#: serverguide/C/security.xml:107(para)
6022
#: serverguide/C/security.xml:118(para)
6017
6024
"To temporarily lock or unlock a user account, use the following syntax, "
6018
6025
"respectively:"
6021
#: serverguide/C/security.xml:111(command)
6028
#: serverguide/C/security.xml:122(command)
6022
6029
msgid "sudo passwd -l username"
6025
#: serverguide/C/security.xml:112(command)
6032
#: serverguide/C/security.xml:123(command)
6026
6033
msgid "sudo passwd -u username"
6029
#: serverguide/C/security.xml:116(para)
6036
#: serverguide/C/security.xml:127(para)
6031
6038
"To add or delete a personalized group, use the following syntax, "
6032
6039
"respectively:"
6035
#: serverguide/C/security.xml:120(command)
6042
#: serverguide/C/security.xml:131(command)
6036
6043
msgid "sudo addgroup groupname"
6039
#: serverguide/C/security.xml:121(command)
6046
#: serverguide/C/security.xml:132(command)
6040
6047
msgid "sudo delgroup groupname"
6043
#: serverguide/C/security.xml:125(para)
6050
#: serverguide/C/security.xml:136(para)
6044
6051
msgid "To add a user to a group, use the following syntax:"
6047
#: serverguide/C/security.xml:129(command)
6054
#: serverguide/C/security.xml:140(command)
6048
6055
msgid "sudo adduser username groupname"
6051
#: serverguide/C/security.xml:136(title)
6058
#: serverguide/C/security.xml:147(title)
6052
6059
msgid "User Profile Security"
6055
#: serverguide/C/security.xml:137(para)
6062
#: serverguide/C/security.xml:148(para)
6057
6064
"When a new user is created, the adduser utility creates a brand new home "
6058
"directory named <filename class=\"directory\">/home/username</filename>, "
6059
"respectively. The default profile is modeled after the contents found in the "
6060
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6061
"includes all profile basics."
6065
"directory named <filename class=\"directory\">/home/username</filename>. The "
6066
"default profile is modeled after the contents found in the directory of "
6067
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6064
#: serverguide/C/security.xml:140(para)
6071
#: serverguide/C/security.xml:151(para)
6066
6073
"If your server will be home to multiple users, you should pay close "
6067
6074
"attention to the user home directory permissions to ensure confidentiality. "
6071
6078
"your environment."
6074
#: serverguide/C/security.xml:145(para)
6081
#: serverguide/C/security.xml:156(para)
6076
"To verify your current users home directory permissions, use the following "
6083
"To verify your current user home directory permissions, use the following "
6080
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6087
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6081
6088
msgid "ls -ld /home/username"
6084
#: serverguide/C/security.xml:151(para)
6091
#: serverguide/C/security.xml:162(para)
6086
6093
"The following output shows that the directory <filename "
6087
"class=\"directory\">/home/username</filename> has world readable permissions:"
6094
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6090
#: serverguide/C/security.xml:154(computeroutput)
6097
#: serverguide/C/security.xml:165(computeroutput)
6092
6099
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6095
#: serverguide/C/security.xml:158(para)
6102
#: serverguide/C/security.xml:169(para)
6097
"You can remove the world readable permissions using the following syntax:"
6104
"You can remove the world readable-permissions using the following syntax:"
6100
#: serverguide/C/security.xml:162(command)
6107
#: serverguide/C/security.xml:173(command)
6101
6108
msgid "sudo chmod 0750 /home/username"
6104
#: serverguide/C/security.xml:165(para)
6111
#: serverguide/C/security.xml:176(para)
6106
6113
"Some people tend to use the recursive option (-R) indiscriminately which "
6107
6114
"modifies all child folders and files, but this is not necessary, and may "
6191
#: serverguide/C/security.xml:212(para)
6198
#: serverguide/C/security.xml:223(para)
6193
6200
"Basic password entropy checks and minimum length rules do not apply to the "
6194
6201
"administrator using sudo level commands to setup a new user."
6197
#: serverguide/C/security.xml:218(title)
6204
#: serverguide/C/security.xml:229(title)
6198
6205
msgid "Password Expiration"
6201
#: serverguide/C/security.xml:219(para)
6208
#: serverguide/C/security.xml:230(para)
6203
6210
"When creating user accounts, you should make it a policy to have a minimum "
6204
6211
"and maximum password age forcing users to change their passwords when they "
6208
#: serverguide/C/security.xml:224(para)
6215
#: serverguide/C/security.xml:235(para)
6210
6217
"To easily view the current status of a user account, use the following "
6214
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6221
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6215
6222
msgid "sudo chage -l username"
6218
#: serverguide/C/security.xml:230(para)
6225
#: serverguide/C/security.xml:241(para)
6220
6227
"The output below shows interesting facts about the user account, namely that "
6221
6228
"there are no policies applied:"
6224
#: serverguide/C/security.xml:233(computeroutput)
6231
#: serverguide/C/security.xml:244(computeroutput)
6227
"Last password change : Jan 20, 2008\n"
6234
"Last password change : Jan 20, 2015\n"
6228
6235
"Password expires : never\n"
6229
6236
"Password inactive : never\n"
6230
6237
"Account expires : never\n"
6233
6240
"Number of days of warning before password expires : 7"
6236
#: serverguide/C/security.xml:243(para)
6243
#: serverguide/C/security.xml:254(para)
6238
6245
"To set any of these values, simply use the following syntax, and follow the "
6239
6246
"interactive prompts:"
6242
#: serverguide/C/security.xml:247(command)
6249
#: serverguide/C/security.xml:258(command)
6243
6250
msgid "sudo chage username"
6246
#: serverguide/C/security.xml:249(para)
6253
#: serverguide/C/security.xml:260(para)
6248
6255
"The following is also an example of how you can manually change the explicit "
6249
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6256
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6250
6257
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6251
6258
"password expiration, and a warning time period (-W) of 14 days before "
6252
"password expiration."
6255
#: serverguide/C/security.xml:253(command)
6256
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6259
#: serverguide/C/security.xml:257(para)
6259
"password expiration:"
6262
#: serverguide/C/security.xml:264(command)
6263
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6266
#: serverguide/C/security.xml:268(para)
6260
6267
msgid "To verify changes, use the same syntax as mentioned previously:"
6263
#: serverguide/C/security.xml:263(para)
6270
#: serverguide/C/security.xml:274(para)
6265
6272
"The output below shows the new policies that have been established for the "
6269
#: serverguide/C/security.xml:266(computeroutput)
6276
#: serverguide/C/security.xml:277(computeroutput)
6272
"Last password change : Jan 20, 2008\n"
6273
"Password expires : Apr 19, 2008\n"
6274
"Password inactive : May 19, 2008\n"
6275
"Account expires : Jan 31, 2008\n"
6279
"Last password change : Jan 20, 2015\n"
6280
"Password expires : Apr 19, 2015\n"
6281
"Password inactive : May 19, 2015\n"
6282
"Account expires : Jan 31, 2015\n"
6276
6283
"Minimum number of days between password change : 5\n"
6277
6284
"Maximum number of days between password change : 90\n"
6278
6285
"Number of days of warning before password expires : 14"
6281
#: serverguide/C/security.xml:282(title)
6288
#: serverguide/C/security.xml:293(title)
6282
6289
msgid "Other Security Considerations"
6285
#: serverguide/C/security.xml:283(para)
6292
#: serverguide/C/security.xml:294(para)
6287
6294
"Many applications use alternate authentication mechanisms that can be easily "
6288
6295
"overlooked by even experienced system administrators. Therefore, it is "
6290
6297
"to services and applications on your server."
6293
#: serverguide/C/security.xml:288(title)
6300
#: serverguide/C/security.xml:299(title)
6294
6301
msgid "SSH Access by Disabled Users"
6297
#: serverguide/C/security.xml:289(para)
6304
#: serverguide/C/security.xml:300(para)
6299
6306
"Simply disabling/locking a user account will not prevent a user from logging "
6300
6307
"into your server remotely if they have previously set up RSA public key "
6301
6308
"authentication. They will still be able to gain shell access to the server, "
6302
6309
"without the need for any password. Remember to check the users home "
6303
6310
"directory for files that will allow for this type of authenticated SSH "
6304
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6311
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6307
#: serverguide/C/security.xml:292(para)
6314
#: serverguide/C/security.xml:303(para)
6309
6316
"Remove or rename the directory <filename "
6310
6317
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6311
6318
"further SSH authentication capabilities."
6314
#: serverguide/C/security.xml:295(para)
6321
#: serverguide/C/security.xml:306(para)
6316
6323
"Be sure to check for any established SSH connections by the disabled user, "
6317
6324
"as it is possible they may have existing inbound or outbound connections. "
6342
6349
"the file <filename>/etc/ssh/sshd_config</filename>."
6345
#: serverguide/C/security.xml:301(programlisting)
6352
#: serverguide/C/security.xml:316(programlisting)
6349
6356
"AllowGroups sshlogin\n"
6352
#: serverguide/C/security.xml:304(para)
6359
#: serverguide/C/security.xml:319(para)
6354
6361
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6358
#: serverguide/C/security.xml:308(command)
6365
#: serverguide/C/security.xml:323(command)
6359
6366
msgid "sudo adduser username sshlogin"
6362
#: serverguide/C/security.xml:309(command)
6369
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6363
6370
msgid "sudo service ssh restart"
6366
#: serverguide/C/security.xml:313(title)
6373
#: serverguide/C/security.xml:328(title)
6367
6374
msgid "External User Database Authentication"
6370
#: serverguide/C/security.xml:314(para)
6377
#: serverguide/C/security.xml:329(para)
6372
6379
"Most enterprise networks require centralized authentication and access "
6373
6380
"controls for all system resources. If you have configured your server to "
6374
6381
"authenticate users against external databases, be sure to disable the user "
6375
"accounts both externally and locally, this way you ensure that local "
6382
"accounts both externally and locally. This way you ensure that local "
6376
6383
"fallback authentication is not possible."
6379
#: serverguide/C/security.xml:323(title)
6386
#: serverguide/C/security.xml:338(title)
6380
6387
msgid "Console Security"
6383
#: serverguide/C/security.xml:324(para)
6390
#: serverguide/C/security.xml:339(para)
6385
6392
"As with any other security barrier you put in place to protect your server, "
6386
6393
"it is pretty tough to defend against untold damage caused by someone with "
6392
6399
"basic precautions with regard to console security."
6395
#: serverguide/C/security.xml:327(para)
6402
#: serverguide/C/security.xml:342(para)
6397
6404
"The following instructions will help defend your server against issues that "
6398
6405
"could otherwise yield very serious consequences."
6401
#: serverguide/C/security.xml:332(title)
6408
#: serverguide/C/security.xml:347(title)
6402
6409
msgid "Disable Ctrl+Alt+Delete"
6405
#: serverguide/C/security.xml:333(para)
6412
#: serverguide/C/security.xml:348(para)
6407
"First and foremost, anyone that has physical access to the keyboard can "
6414
"Anyone that has physical access to the keyboard can simply use the "
6409
6415
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6410
6416
"eycombo> key combination to reboot the server without having to log on. "
6411
"Sure, someone could simply unplug the power source, but you should still "
6412
"prevent the use of this key combination on a production server. This forces "
6413
"an attacker to take more drastic measures to reboot the server, and will "
6417
"While someone could simply unplug the power source, you should still prevent "
6418
"the use of this key combination on a production server. This forces an "
6419
"attacker to take more drastic measures to reboot the server, and will "
6414
6420
"prevent accidental reboots at the same time."
6417
#: serverguide/C/security.xml:338(para)
6423
#: serverguide/C/security.xml:353(para)
6419
6425
"To disable the reboot action taken by pressing the "
6420
6426
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6421
6427
"eycombo> key combination, comment out the following line in the file "
6422
"<filename>/etc/init/control-alt-delete.conf</filename>."
6428
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6425
#: serverguide/C/security.xml:341(programlisting)
6431
#: serverguide/C/security.xml:356(programlisting)
6429
6435
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6432
#: serverguide/C/security.xml:350(title)
6438
#: serverguide/C/security.xml:365(title)
6433
6439
msgid "Firewall"
6436
#: serverguide/C/security.xml:353(para)
6442
#: serverguide/C/security.xml:368(para)
6438
6444
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6439
6445
"which is used to manipulate or decide the fate of network traffic headed "
6441
6447
"system for packet filtering."
6444
#: serverguide/C/security.xml:358(para)
6450
#: serverguide/C/security.xml:373(para)
6446
6452
"The kernel's packet filtering system would be of little use to "
6447
6453
"administrators without a userspace interface to manage it. This is the "
6448
"purpose of iptables. When a packet reaches your server, it will be handed "
6454
"purpose of iptables: When a packet reaches your server, it will be handed "
6449
6455
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6450
6456
"based on the rules supplied to it from userspace via iptables. Thus, "
6451
"iptables is all you need to manage your firewall if you're familiar with it, "
6452
"but many frontends are available to simplify the task."
6457
"iptables is all you need to manage your firewall, if you're familiar with "
6458
"it, but many frontends are available to simplify the task."
6455
#: serverguide/C/security.xml:368(title)
6461
#: serverguide/C/security.xml:383(title)
6456
6462
msgid "ufw - Uncomplicated Firewall"
6459
#: serverguide/C/security.xml:369(para)
6465
#: serverguide/C/security.xml:384(para)
6461
6467
"The default firewall configuration tool for Ubuntu is "
6462
6468
"<application>ufw</application>. Developed to ease iptables firewall "
6463
"configuration, <application>ufw</application> provides a user friendly way "
6469
"configuration, <application>ufw</application> provides a user-friendly way "
6464
6470
"to create an IPv4 or IPv6 host-based firewall."
6467
#: serverguide/C/security.xml:373(para)
6473
#: serverguide/C/security.xml:388(para)
6469
6475
"<application>ufw</application> by default is initially disabled. From the "
6470
6476
"<application>ufw</application> man page:"
6473
#: serverguide/C/security.xml:377(quote)
6479
#: serverguide/C/security.xml:392(quote)
6475
6481
"ufw is not intended to provide complete firewall functionality via its "
6476
6482
"command interface, but instead provides an easy way to add or remove simple "
6477
6483
"rules. It is currently mainly used for host-based firewalls."
6480
#: serverguide/C/security.xml:381(para)
6486
#: serverguide/C/security.xml:396(para)
6482
6488
"The following are some examples of how to use <application>ufw</application>:"
6485
#: serverguide/C/security.xml:386(para)
6491
#: serverguide/C/security.xml:401(para)
6487
6493
"First, <application>ufw</application> needs to be enabled. From a terminal "
6488
6494
"prompt enter:"
6491
#: serverguide/C/security.xml:390(command)
6497
#: serverguide/C/security.xml:405(command)
6492
6498
msgid "sudo ufw enable"
6495
#: serverguide/C/security.xml:394(para)
6496
msgid "To open a port (ssh in this example):"
6501
#: serverguide/C/security.xml:409(para)
6502
msgid "To open a port (SSH in this example):"
6499
#: serverguide/C/security.xml:398(command)
6505
#: serverguide/C/security.xml:413(command)
6500
6506
msgid "sudo ufw allow 22"
6503
#: serverguide/C/security.xml:402(para)
6509
#: serverguide/C/security.xml:417(para)
6504
6510
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6507
#: serverguide/C/security.xml:406(command)
6513
#: serverguide/C/security.xml:421(command)
6508
6514
msgid "sudo ufw insert 1 allow 80"
6511
#: serverguide/C/security.xml:410(para)
6517
#: serverguide/C/security.xml:425(para)
6512
6518
msgid "Similarly, to close an opened port:"
6515
#: serverguide/C/security.xml:414(command)
6521
#: serverguide/C/security.xml:429(command)
6516
6522
msgid "sudo ufw deny 22"
6519
#: serverguide/C/security.xml:418(para)
6525
#: serverguide/C/security.xml:433(para)
6520
6526
msgid "To remove a rule, use delete followed by the rule:"
6523
#: serverguide/C/security.xml:422(command)
6529
#: serverguide/C/security.xml:437(command)
6524
6530
msgid "sudo ufw delete deny 22"
6527
#: serverguide/C/security.xml:426(para)
6533
#: serverguide/C/security.xml:441(para)
6529
6535
"It is also possible to allow access from specific hosts or networks to a "
6530
"port. The following example allows ssh access from host 192.168.0.2 to any "
6531
"ip address on this host:"
6536
"port. The following example allows SSH access from host 192.168.0.2 to any "
6537
"IP address on this host:"
6534
#: serverguide/C/security.xml:431(command)
6540
#: serverguide/C/security.xml:446(command)
6535
6541
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6538
#: serverguide/C/security.xml:433(para)
6544
#: serverguide/C/security.xml:448(para)
6540
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6546
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6544
#: serverguide/C/security.xml:439(para)
6550
#: serverguide/C/security.xml:454(para)
6546
6552
"Adding the <emphasis>--dry-run</emphasis> option to a "
6547
6553
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6579
6585
"Rules updated"
6582
#: serverguide/C/security.xml:473(para)
6588
#: serverguide/C/security.xml:488(para)
6583
6589
msgid "<application>ufw</application> can be disabled by:"
6586
#: serverguide/C/security.xml:477(command)
6592
#: serverguide/C/security.xml:492(command)
6587
6593
msgid "sudo ufw disable"
6590
#: serverguide/C/security.xml:481(para)
6596
#: serverguide/C/security.xml:496(para)
6591
6597
msgid "To see the firewall status, enter:"
6594
#: serverguide/C/security.xml:485(command)
6600
#: serverguide/C/security.xml:500(command)
6595
6601
msgid "sudo ufw status"
6598
#: serverguide/C/security.xml:489(para)
6604
#: serverguide/C/security.xml:504(para)
6599
6605
msgid "And for more verbose status information use:"
6602
#: serverguide/C/security.xml:493(command)
6608
#: serverguide/C/security.xml:508(command)
6603
6609
msgid "sudo ufw status verbose"
6606
#: serverguide/C/security.xml:497(para)
6612
#: serverguide/C/security.xml:512(para)
6607
6613
msgid "To view the <emphasis>numbered</emphasis> format:"
6610
#: serverguide/C/security.xml:501(command)
6616
#: serverguide/C/security.xml:516(command)
6611
6617
msgid "sudo ufw status numbered"
6614
#: serverguide/C/security.xml:506(para)
6620
#: serverguide/C/security.xml:521(para)
6616
6622
"If the port you want to open or close is defined in "
6617
6623
"<filename>/etc/services</filename>, you can use the port name instead of the "
6638
6644
"the default ports have been changed."
6641
#: serverguide/C/security.xml:529(para)
6647
#: serverguide/C/security.xml:544(para)
6643
6649
"To view which applications have installed a profile, enter the following in "
6647
#: serverguide/C/security.xml:534(command)
6653
#: serverguide/C/security.xml:549(command)
6648
6654
msgid "sudo ufw app list"
6651
#: serverguide/C/security.xml:540(para)
6657
#: serverguide/C/security.xml:555(para)
6653
6659
"Similar to allowing traffic to a port, using an application profile is "
6654
6660
"accomplished by entering:"
6657
#: serverguide/C/security.xml:545(command)
6663
#: serverguide/C/security.xml:560(command)
6658
6664
msgid "sudo ufw allow Samba"
6661
#: serverguide/C/security.xml:551(para)
6667
#: serverguide/C/security.xml:566(para)
6662
6668
msgid "An extended syntax is available as well:"
6665
#: serverguide/C/security.xml:556(command)
6671
#: serverguide/C/security.xml:571(command)
6666
6672
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6669
#: serverguide/C/security.xml:559(para)
6675
#: serverguide/C/security.xml:574(para)
6671
6677
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6672
6678
"with the application profile you are using and the IP range for your network."
6675
#: serverguide/C/security.xml:565(para)
6681
#: serverguide/C/security.xml:580(para)
6677
6683
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6678
6684
"application, because that information is detailed in the profile. Also, note "
6753
6759
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6756
#: serverguide/C/security.xml:631(programlisting)
6762
#: serverguide/C/security.xml:646(programlisting)
6760
6766
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6763
#: serverguide/C/security.xml:634(para)
6769
#: serverguide/C/security.xml:649(para)
6764
6770
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6767
#: serverguide/C/security.xml:637(programlisting)
6773
#: serverguide/C/security.xml:652(programlisting)
6771
6777
"net/ipv4/ip_forward=1\n"
6774
#: serverguide/C/security.xml:640(para)
6780
#: serverguide/C/security.xml:655(para)
6775
6781
msgid "Similarly, for IPv6 forwarding uncomment:"
6778
#: serverguide/C/security.xml:643(programlisting)
6784
#: serverguide/C/security.xml:658(programlisting)
6782
6788
"net/ipv6/conf/default/forwarding=1\n"
6785
#: serverguide/C/security.xml:648(para)
6791
#: serverguide/C/security.xml:663(para)
6787
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6788
"file. The default rules only configure the <emphasis>filter</emphasis> "
6789
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6790
"need to be configured. Add the following to the top of the file just after "
6791
"the header comments:"
6793
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6794
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6795
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6796
"configured. Add the following to the top of the file just after the header "
6794
#: serverguide/C/security.xml:653(programlisting)
6800
#: serverguide/C/security.xml:668(programlisting)
6858
6864
"forward</emphasis> chain."
6861
#: serverguide/C/security.xml:705(title)
6867
#: serverguide/C/security.xml:720(title)
6862
6868
msgid "iptables Masquerading"
6865
#: serverguide/C/security.xml:706(para)
6871
#: serverguide/C/security.xml:721(para)
6867
6873
"<application>iptables</application> can also be used to enable Masquerading."
6870
#: serverguide/C/security.xml:711(para)
6876
#: serverguide/C/security.xml:726(para)
6872
6878
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6873
6879
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6874
"uncomment the following line"
6880
"uncomment the following line:"
6877
#: serverguide/C/security.xml:715(programlisting)
6883
#: serverguide/C/security.xml:730(programlisting)
6881
6887
"net.ipv4.ip_forward=1\n"
6884
#: serverguide/C/security.xml:718(para)
6890
#: serverguide/C/security.xml:733(para)
6885
6891
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6888
#: serverguide/C/security.xml:721(programlisting)
6894
#: serverguide/C/security.xml:736(programlisting)
6892
6898
"net.ipv6.conf.default.forwarding=1\n"
6895
#: serverguide/C/security.xml:726(para)
6901
#: serverguide/C/security.xml:741(para)
6897
6903
"Next, execute the <application>sysctl</application> command to enable the "
6898
6904
"new settings in the configuration file:"
6901
#: serverguide/C/security.xml:730(command)
6907
#: serverguide/C/security.xml:745(command)
6902
6908
msgid "sudo sysctl -p"
6905
#: serverguide/C/security.xml:734(para)
6911
#: serverguide/C/security.xml:749(para)
6907
6913
"IP Masquerading can now be accomplished with a single iptables rule, which "
6908
6914
"may differ slightly based on your network configuration:"
6911
#: serverguide/C/security.xml:737(screen)
6917
#: serverguide/C/security.xml:752(screen)
6915
6921
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6918
#: serverguide/C/security.xml:740(para)
6924
#: serverguide/C/security.xml:755(para)
6920
6926
"The above command assumes that your private address space is 192.168.0.0/16 "
6921
6927
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6925
#: serverguide/C/security.xml:745(para)
6931
#: serverguide/C/security.xml:760(para)
6926
6932
msgid "-t nat -- the rule is to go into the nat table"
6927
6933
msgstr "-t nat -- aturan ini menuju ke tabel at"
6929
#: serverguide/C/security.xml:746(para)
6935
#: serverguide/C/security.xml:761(para)
6931
6937
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6933
6939
"-A POSTROUTING -- aturan ini akan ditambahkan (-A) ke aturan POSTROUTING"
6935
#: serverguide/C/security.xml:747(para)
6941
#: serverguide/C/security.xml:762(para)
6937
6943
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6938
6944
"specified address space"
6975
6981
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6978
#: serverguide/C/security.xml:770(para)
6984
#: serverguide/C/security.xml:785(para)
6980
6986
"The above commands will allow all connections from your local network to the "
6981
6987
"Internet and all traffic related to those connections to return to the "
6982
6988
"machine that initiated them."
6985
#: serverguide/C/security.xml:777(para)
6991
#: serverguide/C/security.xml:792(para)
6987
6993
"If you want masquerading to be enabled on reboot, which you probably do, "
6988
6994
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6989
6995
"example add the first command with no filtering:"
6992
#: serverguide/C/security.xml:781(screen)
6998
#: serverguide/C/security.xml:796(screen)
6996
7002
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6999
#: serverguide/C/security.xml:789(title)
7005
#: serverguide/C/security.xml:804(title)
7003
#: serverguide/C/security.xml:790(para)
7009
#: serverguide/C/security.xml:805(para)
7005
7011
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7006
7012
"firewall rules, and noticing unusual activity on your network. You must "
7074
7080
"or <application>lire</application>."
7077
#: serverguide/C/security.xml:837(title)
7083
#: serverguide/C/security.xml:851(title)
7078
7084
msgid "Other Tools"
7081
#: serverguide/C/security.xml:838(para)
7087
#: serverguide/C/security.xml:852(para)
7083
7089
"There are many tools available to help you construct a complete firewall "
7084
7090
"without intimate knowledge of iptables. For the GUI-inclined:"
7087
#: serverguide/C/security.xml:844(para)
7093
#: serverguide/C/security.xml:858(para)
7089
7095
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7090
7096
"and will look familiar to an administrator who has used a commercial "
7091
7097
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7094
#: serverguide/C/security.xml:850(para)
7100
#: serverguide/C/security.xml:864(para)
7096
7102
"If you prefer a command-line tool with plain-text configuration files:"
7099
#: serverguide/C/security.xml:855(para)
7105
#: serverguide/C/security.xml:869(para)
7101
7107
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7102
7108
"powerful solution to help you configure an advanced firewall for any network."
7105
#: serverguide/C/security.xml:866(para)
7111
#: serverguide/C/security.xml:880(para)
7107
7113
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7108
7114
"Firewall</ulink> wiki page contains information on the development of "
7109
7115
"<application>ufw</application>."
7112
#: serverguide/C/security.xml:872(para)
7118
#: serverguide/C/security.xml:886(para)
7114
7120
"Also, the <application>ufw</application> manual page contains some very "
7115
7121
"useful information: <command>man ufw</command>."
7118
#: serverguide/C/security.xml:877(para)
7124
#: serverguide/C/security.xml:891(para)
7120
7126
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7121
7127
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7122
7128
"on using <application>iptables</application>."
7125
#: serverguide/C/security.xml:883(para)
7131
#: serverguide/C/security.xml:897(para)
7127
7133
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7128
7134
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7131
#: serverguide/C/security.xml:889(para)
7137
#: serverguide/C/security.xml:903(para)
7133
7139
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7134
7140
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7137
#: serverguide/C/security.xml:897(title)
7143
#: serverguide/C/security.xml:911(title)
7138
7144
msgid "AppArmor"
7141
#: serverguide/C/security.xml:898(para)
7147
#: serverguide/C/security.xml:912(para)
7143
7149
"<application>AppArmor</application> is a Linux Security Module "
7144
7150
"implementation of name-based mandatory access controls. AppArmor confines "
7191
7197
"#1304134</ulink>) and instructions will not work as advertised."
7194
#: serverguide/C/security.xml:930(para)
7200
#: serverguide/C/security.xml:950(para)
7196
7202
"The <application>apparmor-utils</application> package contains command line "
7197
7203
"utilities that you can use to change the <application>AppArmor</application> "
7198
7204
"execution mode, find the status of a profile, create new profiles, etc."
7201
#: serverguide/C/security.xml:936(para)
7207
#: serverguide/C/security.xml:956(para)
7203
7209
"<application>apparmor_status</application> is used to view the current "
7204
7210
"status of AppArmor profiles."
7207
#: serverguide/C/security.xml:940(command)
7213
#: serverguide/C/security.xml:960(command)
7208
7214
msgid "sudo apparmor_status"
7211
#: serverguide/C/security.xml:944(para)
7217
#: serverguide/C/security.xml:964(para)
7213
7219
"<application>aa-complain</application> places a profile into "
7214
7220
"<emphasis>complain</emphasis> mode."
7217
#: serverguide/C/security.xml:948(command)
7223
#: serverguide/C/security.xml:968(command)
7218
7224
msgid "sudo aa-complain /path/to/bin"
7221
#: serverguide/C/security.xml:952(para)
7227
#: serverguide/C/security.xml:972(para)
7223
7229
"<application>aa-enforce</application> places a profile into "
7224
7230
"<emphasis>enforce</emphasis> mode."
7227
#: serverguide/C/security.xml:956(command)
7233
#: serverguide/C/security.xml:976(command)
7228
7234
msgid "sudo aa-enforce /path/to/bin"
7231
#: serverguide/C/security.xml:960(para)
7237
#: serverguide/C/security.xml:980(para)
7233
7239
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7234
7240
"profiles are located. It can be used to manipulate the "
7235
7241
"<emphasis>mode</emphasis> of all profiles."
7238
#: serverguide/C/security.xml:964(para)
7244
#: serverguide/C/security.xml:984(para)
7239
7245
msgid "Enter the following to place all profiles into complain mode:"
7242
#: serverguide/C/security.xml:968(command)
7248
#: serverguide/C/security.xml:988(command)
7243
7249
msgid "sudo aa-complain /etc/apparmor.d/*"
7246
#: serverguide/C/security.xml:970(para)
7252
#: serverguide/C/security.xml:990(para)
7247
7253
msgid "To place all profiles in enforce mode:"
7250
#: serverguide/C/security.xml:974(command)
7256
#: serverguide/C/security.xml:994(command)
7251
7257
msgid "sudo aa-enforce /etc/apparmor.d/*"
7254
#: serverguide/C/security.xml:978(para)
7260
#: serverguide/C/security.xml:998(para)
7256
7262
"<application>apparmor_parser</application> is used to load a profile into "
7257
7263
"the kernel. It can also be used to reload a currently loaded profile using "
7258
7264
"the <emphasis>-r</emphasis> option. To load a profile:"
7261
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7267
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7262
7268
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7265
#: serverguide/C/security.xml:985(para)
7271
#: serverguide/C/security.xml:1005(para)
7266
7272
msgid "To reload a profile:"
7269
#: serverguide/C/security.xml:989(command)
7275
#: serverguide/C/security.xml:1009(command)
7270
7276
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7276
7282
"<emphasis>reload</emphasis> all profiles:"
7279
#: serverguide/C/network-auth.xml:964(command)
7285
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7280
7286
msgid "sudo service apparmor reload"
7283
#: serverguide/C/security.xml:1001(para)
7289
#: serverguide/C/security.xml:1021(para)
7285
7291
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7286
7292
"with the <application>apparmor_parser -R</application> option to "
7287
7293
"<emphasis>disable</emphasis> a profile."
7290
#: serverguide/C/security.xml:1006(command)
7296
#: serverguide/C/security.xml:1026(command)
7291
7297
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7294
#: serverguide/C/security.xml:1007(command)
7300
#: serverguide/C/security.xml:1027(command)
7295
7301
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7298
#: serverguide/C/security.xml:1009(para)
7304
#: serverguide/C/security.xml:1029(para)
7300
7306
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7301
7307
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7302
7308
"load the profile using the <emphasis>-a</emphasis> option."
7305
#: serverguide/C/security.xml:1014(command)
7311
#: serverguide/C/security.xml:1034(command)
7306
7312
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7309
#: serverguide/C/security.xml:1019(para)
7315
#: serverguide/C/security.xml:1039(para)
7311
7317
"<application>AppArmor</application> can be disabled, and the kernel module "
7312
7318
"unloaded by entering the following:"
7396
#: serverguide/C/security.xml:1088(para)
7402
#: serverguide/C/security.xml:1108(para)
7398
7404
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7399
7405
"from other files. This allows statements pertaining to multiple applications "
7400
7406
"to be placed in a common file."
7403
#: serverguide/C/security.xml:1094(para)
7409
#: serverguide/C/security.xml:1114(para)
7405
7411
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7406
7412
"program, also setting the mode to <emphasis>complain</emphasis>."
7409
#: serverguide/C/security.xml:1100(para)
7415
#: serverguide/C/security.xml:1120(para)
7411
7417
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7412
7418
"the CAP_NET_RAW Posix.1e capability."
7415
#: serverguide/C/security.xml:1105(para)
7421
#: serverguide/C/security.xml:1125(para)
7417
7423
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7418
7424
"execute access to the file."
7421
#: serverguide/C/security.xml:1111(para)
7427
#: serverguide/C/security.xml:1131(para)
7423
7429
"After editing a profile file the profile must be reloaded. See <xref "
7424
7430
"linkend=\"apparmor-usage\"/> for details."
7427
#: serverguide/C/security.xml:1116(title)
7433
#: serverguide/C/security.xml:1136(title)
7428
7434
msgid "Creating a Profile"
7431
#: serverguide/C/security.xml:1119(para)
7437
#: serverguide/C/security.xml:1139(para)
7433
7439
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7434
7440
"application should be exercised. The test plan should be divided into small "
7436
7442
"steps to follow."
7439
#: serverguide/C/security.xml:1123(para)
7445
#: serverguide/C/security.xml:1143(para)
7440
7446
msgid "Some standard test cases are:"
7443
#: serverguide/C/security.xml:1128(para)
7449
#: serverguide/C/security.xml:1148(para)
7444
7450
msgid "Starting the program."
7447
#: serverguide/C/security.xml:1133(para)
7453
#: serverguide/C/security.xml:1153(para)
7448
7454
msgid "Stopping the program."
7451
#: serverguide/C/security.xml:1138(para)
7457
#: serverguide/C/security.xml:1158(para)
7452
7458
msgid "Reloading the program."
7455
#: serverguide/C/security.xml:1143(para)
7461
#: serverguide/C/security.xml:1163(para)
7456
7462
msgid "Testing all the commands supported by the init script."
7459
#: serverguide/C/security.xml:1150(para)
7465
#: serverguide/C/security.xml:1170(para)
7461
7467
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7462
7468
"genprof</application> to generate a new profile. From a terminal:"
7465
#: serverguide/C/security.xml:1155(command)
7471
#: serverguide/C/security.xml:1175(command)
7466
7472
msgid "sudo aa-genprof executable"
7469
#: serverguide/C/security.xml:1157(para)
7475
#: serverguide/C/security.xml:1177(para)
7470
7476
msgid "For example:"
7473
#: serverguide/C/security.xml:1161(command)
7479
#: serverguide/C/security.xml:1181(command)
7474
7480
msgid "sudo aa-genprof slapd"
7477
#: serverguide/C/security.xml:1165(para)
7483
#: serverguide/C/security.xml:1185(para)
7479
7485
"To get your new profile included in the <application>apparmor-"
7480
7486
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7551
7557
"the private key."
7554
#: serverguide/C/security.xml:1239(para)
7560
#: serverguide/C/security.xml:1259(para)
7556
7562
"A common use for public-key cryptography is encrypting application traffic "
7557
7563
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7558
"connection. For example, configuring Apache to provide "
7564
"connection. One example: configuring Apache to provide "
7559
7565
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7560
7566
"encrypt traffic using a protocol that does not itself provide encryption."
7563
#: serverguide/C/security.xml:1244(para)
7569
#: serverguide/C/security.xml:1264(para)
7565
7571
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7566
7572
"<emphasis>public key</emphasis> and other information about a server and the "
7567
7573
"organization who is responsible for it. Certificates can be digitally signed "
7568
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7574
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7569
7575
"third party that has confirmed that the information contained in the "
7570
7576
"certificate is accurate."
7573
#: serverguide/C/security.xml:1251(title)
7579
#: serverguide/C/security.xml:1271(title)
7574
7580
msgid "Types of Certificates"
7575
7581
msgstr "Tipe Sertifikat"
7577
#: serverguide/C/security.xml:1252(para)
7583
#: serverguide/C/security.xml:1272(para)
7579
7585
"To set up a secure server using public-key cryptography, in most cases, you "
7580
7586
"send your certificate request (including your public key), proof of your "
7643
7649
"your friends or colleagues, or purely on monetary factors."
7646
#: serverguide/C/security.xml:1317(para)
7652
#: serverguide/C/security.xml:1337(para)
7648
7654
"Once you have decided upon a CA, you need to follow the instructions they "
7649
7655
"provide on how to obtain a certificate from them."
7652
#: serverguide/C/security.xml:1322(para)
7658
#: serverguide/C/security.xml:1342(para)
7654
7660
"When the CA is satisfied that you are indeed who you claim to be, they send "
7655
7661
"you a digital certificate."
7658
#: serverguide/C/security.xml:1326(para)
7664
#: serverguide/C/security.xml:1346(para)
7660
7666
"Install this certificate on your secure server, and configure the "
7661
7667
"appropriate applications to use the certificate."
7664
#: serverguide/C/security.xml:1335(title)
7670
#: serverguide/C/security.xml:1355(title)
7665
7671
msgid "Generating a Certificate Signing Request (CSR)"
7666
7672
msgstr "Men-generate Certificate Signing Request (CSR)"
7668
#: serverguide/C/security.xml:1337(para)
7674
#: serverguide/C/security.xml:1357(para)
7670
7676
"Whether you are getting a certificate from a CA or generating your own self-"
7671
7677
"signed certificate, the first step is to generate a key."
7674
#: serverguide/C/security.xml:1342(para)
7680
#: serverguide/C/security.xml:1362(para)
7676
7682
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7677
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7683
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7678
7684
"passphrase allows the services to start without manual intervention, usually "
7679
7685
"the preferred way to start a daemon."
7682
#: serverguide/C/security.xml:1348(para)
7688
#: serverguide/C/security.xml:1368(para)
7684
7690
"This section will cover generating a key with a passphrase, and one without. "
7685
7691
"The non-passphrase key will then be used to generate a certificate that can "
7686
7692
"be used with various service daemons."
7689
#: serverguide/C/security.xml:1354(para)
7695
#: serverguide/C/security.xml:1374(para)
7691
7697
"Running your secure service without a passphrase is convenient because you "
7692
7698
"will not need to enter the passphrase every time you start your secure "
7723
7729
"in a dictionary. Also remember that your passphrase is case-sensitive."
7726
#: serverguide/C/security.xml:1386(para)
7732
#: serverguide/C/security.xml:1406(para)
7728
7734
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7729
7735
"server key is generated and stored in the <filename>server.key</filename> "
7733
#: serverguide/C/security.xml:1392(para)
7739
#: serverguide/C/security.xml:1412(para)
7735
7741
"Now create the insecure key, the one without a passphrase, and shuffle the "
7739
#: serverguide/C/security.xml:1398(command)
7745
#: serverguide/C/security.xml:1418(command)
7740
7746
msgid "openssl rsa -in server.key -out server.key.insecure"
7741
7747
msgstr "openssl rsa -in server.key -out server.key.insecure"
7743
#: serverguide/C/security.xml:1399(command)
7749
#: serverguide/C/security.xml:1419(command)
7744
7750
msgid "mv server.key server.key.secure"
7747
#: serverguide/C/security.xml:1400(command)
7753
#: serverguide/C/security.xml:1420(command)
7748
7754
msgid "mv server.key.insecure server.key"
7751
#: serverguide/C/security.xml:1403(para)
7757
#: serverguide/C/security.xml:1423(para)
7753
7759
"The insecure key is now named <filename>server.key</filename>, and you can "
7754
7760
"use this file to generate the CSR without passphrase."
7757
#: serverguide/C/security.xml:1408(para)
7763
#: serverguide/C/security.xml:1428(para)
7758
7764
msgid "To create the CSR, run the following command at a terminal prompt:"
7759
7765
msgstr "Untuk membuat CSR, jalankan perintah berikut pada terminal prompt:"
7761
#: serverguide/C/security.xml:1413(command)
7767
#: serverguide/C/security.xml:1433(command)
7762
7768
msgid "openssl req -new -key server.key -out server.csr"
7763
7769
msgstr "openssl req -new -key server.key -out server.csr"
7765
#: serverguide/C/security.xml:1416(para)
7771
#: serverguide/C/security.xml:1436(para)
7767
7773
"It will prompt you enter the passphrase. If you enter the correct "
7768
7774
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7797
7803
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7800
#: serverguide/C/security.xml:1441(para)
7806
#: serverguide/C/security.xml:1461(para)
7802
7808
"The above command will prompt you to enter the passphrase. Once you enter "
7803
7809
"the correct passphrase, your certificate will be created and it will be "
7804
7810
"stored in the <filename>server.crt</filename> file."
7807
#: serverguide/C/security.xml:1446(para)
7813
#: serverguide/C/security.xml:1466(para)
7809
7815
"If your secure server is to be used in a production environment, you "
7810
7816
"probably need a CA-signed certificate. It is not recommended to use self-"
7811
7817
"signed certificate."
7814
#: serverguide/C/security.xml:1454(title)
7820
#: serverguide/C/security.xml:1474(title)
7815
7821
msgid "Installing the Certificate"
7816
7822
msgstr "Menginstal Certificate"
7818
#: serverguide/C/security.xml:1456(para)
7824
#: serverguide/C/security.xml:1476(para)
7820
7826
"You can install the key file <filename>server.key</filename> and certificate "
7821
7827
"file <filename>server.crt</filename>, or the certificate file issued by your "
7822
7828
"CA, by running following commands at a terminal prompt:"
7825
#: serverguide/C/security.xml:1462(command)
7831
#: serverguide/C/security.xml:1482(command)
7826
7832
msgid "sudo cp server.crt /etc/ssl/certs"
7827
7833
msgstr "sudo cp server.crt /etc/ssl/certs"
7829
#: serverguide/C/security.xml:1463(command)
7835
#: serverguide/C/security.xml:1483(command)
7830
7836
msgid "sudo cp server.key /etc/ssl/private"
7831
7837
msgstr "sudo cp server.key /etc/ssl/private"
7833
#: serverguide/C/security.xml:1465(para)
7839
#: serverguide/C/security.xml:1485(para)
7835
7841
"Now simply configure any applications, with the ability to use public-key "
7836
7842
"cryptography, to use the <emphasis>certificate</emphasis> and "
7989
#: serverguide/C/security.xml:1614(para)
7995
#: serverguide/C/security.xml:1634(para)
7991
7997
"For more detailed instructions on using cryptography see the <ulink "
7992
7998
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7993
"Certificates HOWTO</ulink> by tldp.org"
7999
"Certificates HOWTO</ulink> by tldp.org:"
7996
#: serverguide/C/security.xml:1620(para)
8002
#: serverguide/C/security.xml:1640(para)
7998
8004
"The Wikipedia <ulink "
7999
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8005
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
8000
8006
"information regarding HTTPS."
8003
#: serverguide/C/security.xml:1625(para)
8009
#: serverguide/C/security.xml:1645(para)
8005
8011
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8006
8012
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8009
#: serverguide/C/security.xml:1630(para)
8015
#: serverguide/C/security.xml:1650(para)
8011
8017
"Also, O'Reilly's <ulink "
8012
8018
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8013
"OpenSSL</ulink> is a good in depth reference."
8019
"OpenSSL</ulink> is a good in-depth reference."
8016
#: serverguide/C/security.xml:1639(title)
8022
#: serverguide/C/security.xml:1659(title)
8017
8023
msgid "eCryptfs"
8025
8031
"filesystem, partition type, etc."
8028
#: serverguide/C/security.xml:1647(para)
8034
#: serverguide/C/security.xml:1667(para)
8030
8036
"During installation there is an option to encrypt the <filename "
8031
8037
"role=\"directory\">/home</filename> partition. This will automatically "
8032
8038
"configure everything needed to encrypt and mount the partition."
8035
#: serverguide/C/security.xml:1652(para)
8041
#: serverguide/C/security.xml:1672(para)
8037
8043
"As an example, this section will cover configuring <filename "
8038
8044
"role=\"directory\">/srv</filename> to be encrypted using "
8039
8045
"<emphasis>eCryptfs</emphasis>."
8042
#: serverguide/C/security.xml:1657(title)
8048
#: serverguide/C/security.xml:1677(title)
8043
8049
msgid "Using eCryptfs"
8046
#: serverguide/C/security.xml:1659(para)
8052
#: serverguide/C/security.xml:1679(para)
8047
8053
msgid "First, install the necessary packages. From a terminal prompt enter:"
8050
#: serverguide/C/security.xml:1664(command)
8056
#: serverguide/C/security.xml:1684(command)
8051
8057
msgid "sudo apt-get install ecryptfs-utils"
8054
#: serverguide/C/security.xml:1667(para)
8060
#: serverguide/C/security.xml:1687(para)
8055
8061
msgid "Now mount the partition to be encrypted:"
8058
#: serverguide/C/security.xml:1672(command)
8064
#: serverguide/C/security.xml:1692(command)
8059
8065
msgid "sudo mount -t ecryptfs /srv /srv"
8062
#: serverguide/C/security.xml:1675(para)
8068
#: serverguide/C/security.xml:1695(para)
8064
8070
"You will then be prompted for some details on how "
8065
8071
"<application>ecryptfs</application> should encrypt the data."
8068
#: serverguide/C/security.xml:1679(para)
8074
#: serverguide/C/security.xml:1699(para)
8070
8076
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8071
8077
"copy the <filename>/etc/default</filename> folder to "
8072
8078
"<filename>/srv</filename>:"
8075
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8081
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8076
8082
msgid "sudo cp -r /etc/default /srv"
8079
#: serverguide/C/security.xml:1688(para)
8085
#: serverguide/C/security.xml:1708(para)
8080
8086
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8083
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8089
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8084
8090
msgid "sudo umount /srv"
8087
#: serverguide/C/security.xml:1694(command)
8093
#: serverguide/C/security.xml:1714(command)
8088
8094
msgid "cat /srv/default/cron"
8091
#: serverguide/C/security.xml:1697(para)
8097
#: serverguide/C/security.xml:1717(para)
8093
8099
"Remounting <filename>/srv</filename> using "
8094
8100
"<application>ecryptfs</application> will make the data viewable once again."
8097
#: serverguide/C/security.xml:1703(title)
8103
#: serverguide/C/security.xml:1723(title)
8098
8104
msgid "Automatically Mounting Encrypted Partitions"
8101
#: serverguide/C/security.xml:1705(para)
8107
#: serverguide/C/security.xml:1725(para)
8103
8109
"There are a couple of ways to automatically mount an "
8104
8110
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8181
8187
"other users on the system."
8184
#: serverguide/C/security.xml:1772(para)
8190
#: serverguide/C/security.xml:1792(para)
8186
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8187
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8192
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8193
"private</emphasis> will mount and unmount a user's "
8194
"<filename>~/Private</filename> directory."
8191
#: serverguide/C/security.xml:1778(para)
8197
#: serverguide/C/security.xml:1798(para)
8193
8199
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8194
8200
"kernel keyring."
8197
#: serverguide/C/security.xml:1783(para)
8203
#: serverguide/C/security.xml:1803(para)
8199
8205
"<emphasis>ecryptfs-manager:</emphasis> manages "
8200
8206
"<application>eCryptfs</application> objects such as keys."
8203
#: serverguide/C/security.xml:1788(para)
8209
#: serverguide/C/security.xml:1808(para)
8205
8211
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8206
8212
"<application>ecryptfs</application> meta information for a file."
8209
#: serverguide/C/security.xml:1801(para)
8215
#: serverguide/C/security.xml:1821(para)
8211
8217
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8212
8218
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8215
#: serverguide/C/security.xml:1806(para)
8221
#: serverguide/C/security.xml:1826(para)
8217
8223
"There is also a <ulink "
8218
8224
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9306
#: serverguide/C/windows-networking.xml:827(para)
9312
#: serverguide/C/samba.xml:827(para)
9308
9314
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9311
#: serverguide/C/windows-networking.xml:832(para)
9317
#: serverguide/C/samba.xml:832(para)
9313
9319
"<emphasis>logon home:</emphasis> specifies the home directory location."
9316
#: serverguide/C/windows-networking.xml:837(para)
9322
#: serverguide/C/samba.xml:837(para)
9318
9324
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9319
9325
"once a user has logged in. The script needs to be placed in the "
9320
9326
"<emphasis>[netlogon]</emphasis> share."
9323
#: serverguide/C/windows-networking.xml:843(para)
9329
#: serverguide/C/samba.xml:843(para)
9325
9331
"<emphasis>add machine script:</emphasis> a script that will automatically "
9326
9332
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9327
9333
"workstation to join the domain."
9330
#: serverguide/C/windows-networking.xml:847(para)
9336
#: serverguide/C/samba.xml:847(para)
9332
9338
"In this example the <emphasis>machines</emphasis> group will need to be "
9333
9339
"created using the <application>addgroup</application> utility see <xref "
9334
9340
"linkend=\"adding-deleting-users\"/> for details."
9337
#: serverguide/C/windows-networking.xml:858(para)
9343
#: serverguide/C/samba.xml:858(para)
9339
9345
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9340
9346
"role=\"italic\">logon home</emphasis> to be mapped:"
9343
#: serverguide/C/windows-networking.xml:863(programlisting)
9349
#: serverguide/C/samba.xml:863(programlisting)
9395
9401
"location for site-specific data provided by the system."
9398
#: serverguide/C/windows-networking.xml:902(para)
9404
#: serverguide/C/samba.xml:902(para)
9400
9406
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9401
9407
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9404
#: serverguide/C/windows-networking.xml:908(command)
9410
#: serverguide/C/samba.xml:908(command)
9405
9411
msgid "sudo mkdir -p /srv/samba/netlogon"
9406
9412
msgstr "Copy text \t sudo mkdir -p /srv/samba/netlogon"
9408
#: serverguide/C/windows-networking.xml:909(command)
9414
#: serverguide/C/samba.xml:909(command)
9409
9415
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9410
9416
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9412
#: serverguide/C/windows-networking.xml:912(para)
9418
#: serverguide/C/samba.xml:912(para)
9414
9420
"You can enter any normal Windows logon script commands in "
9415
9421
"<filename>logon.cmd</filename> to customize the client's environment."
9418
#: serverguide/C/windows-networking.xml:920(para)
9424
#: serverguide/C/samba.xml:920(para)
9419
9425
msgid "Restart Samba to enable the new domain controller:"
9422
#: serverguide/C/windows-networking.xml:932(para)
9428
#: serverguide/C/samba.xml:932(para)
9424
9430
"Lastly, there are a few additional commands needed to setup the appropriate "
9428
#: serverguide/C/windows-networking.xml:936(para)
9434
#: serverguide/C/samba.xml:936(para)
9430
9436
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9431
9437
"workstation to the domain, a system group needs to be mapped to the Windows "
9462
#: serverguide/C/windows-networking.xml:963(para)
9468
#: serverguide/C/samba.xml:963(para)
9464
9470
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9465
9471
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9466
9472
"(and other admin functions) to work. This is achieved by executing:"
9469
#: serverguide/C/windows-networking.xml:968(command)
9475
#: serverguide/C/samba.xml:968(command)
9471
9477
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9472
9478
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9473
9479
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9476
#: serverguide/C/windows-networking.xml:976(para)
9482
#: serverguide/C/samba.xml:976(para)
9478
9484
"You should now be able to join Windows clients to the Domain in the same "
9479
9485
"manner as joining them to an NT4 domain running on a Windows server."
9482
#: serverguide/C/windows-networking.xml:986(title)
9488
#: serverguide/C/samba.xml:986(title)
9483
9489
msgid "Backup Domain Controller"
9486
#: serverguide/C/windows-networking.xml:988(para)
9492
#: serverguide/C/samba.xml:988(para)
9488
9494
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9489
9495
"Backup Domain Controller (BDC) as well. This will allow clients to "
9490
9496
"authenticate in case the PDC becomes unavailable."
9493
#: serverguide/C/windows-networking.xml:993(para)
9499
#: serverguide/C/samba.xml:993(para)
9495
9501
"When configuring Samba as a BDC you need a way to sync account information "
9496
9502
"with the PDC. There are multiple ways of accomplishing this "
9539
9545
"files, enter:"
9542
#: serverguide/C/windows-networking.xml:1050(command)
9548
#: serverguide/C/samba.xml:1050(command)
9543
9549
msgid "sudo chgrp -R admin /var/lib/samba"
9544
9550
msgstr "sudo chgrp -R admin /var/lib/samba"
9546
#: serverguide/C/windows-networking.xml:1056(para)
9552
#: serverguide/C/samba.xml:1056(para)
9548
9554
"Next, sync the user accounts, using <application>scp</application> to copy "
9549
9555
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9552
#: serverguide/C/windows-networking.xml:1062(command)
9558
#: serverguide/C/samba.xml:1062(command)
9553
9559
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9554
9560
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9556
#: serverguide/C/windows-networking.xml:1066(para)
9562
#: serverguide/C/samba.xml:1066(para)
9558
9564
"Replace <emphasis>username</emphasis> with a valid username and "
9559
9565
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9562
#: serverguide/C/windows-networking.xml:1075(para)
9568
#: serverguide/C/samba.xml:1075(para)
9563
9569
msgid "Finally, restart <application>samba</application>:"
9566
#: serverguide/C/windows-networking.xml:1087(para)
9572
#: serverguide/C/samba.xml:1087(para)
9568
9574
"You can test that your Backup Domain controller is working by stopping the "
9569
9575
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9573
#: serverguide/C/windows-networking.xml:1092(para)
9579
#: serverguide/C/samba.xml:1092(para)
9575
9581
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9576
9582
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9658
9664
"security\"/> for more details."
9661
#: serverguide/C/windows-networking.xml:1199(title)
9667
#: serverguide/C/samba.xml:1199(title)
9662
9668
msgid "Accessing a Windows Share"
9665
#: serverguide/C/windows-networking.xml:1201(para)
9671
#: serverguide/C/samba.xml:1201(para)
9667
9673
"Now that the Samba server is part of the Active Directory domain you can "
9668
9674
"access any Windows server shares:"
9671
#: serverguide/C/windows-networking.xml:1208(para)
9677
#: serverguide/C/samba.xml:1208(para)
9673
9679
"To mount a Windows file share enter the following in a terminal prompt:"
9676
#: serverguide/C/windows-networking.xml:1212(command)
9682
#: serverguide/C/samba.xml:1212(command)
9677
9683
msgid "mount.cifs //fs01.example.com/share mount_point"
9680
#: serverguide/C/windows-networking.xml:1215(para)
9686
#: serverguide/C/samba.xml:1215(para)
9682
9688
"It is also possible to access shares on computers not part of an AD domain, "
9683
9689
"but a username and password will need to be provided."
9686
#: serverguide/C/windows-networking.xml:1223(para)
9692
#: serverguide/C/samba.xml:1223(para)
9688
9694
"To mount the share during boot place an entry in "
9689
9695
"<filename>/etc/fstab</filename>, for example:"
9692
#: serverguide/C/windows-networking.xml:1227(programlisting)
9698
#: serverguide/C/samba.xml:1227(programlisting)
9700
#: serverguide/C/windows-networking.xml:1234(para)
9706
#: serverguide/C/samba.xml:1234(para)
9702
9708
"Another way to copy files from a Windows server is to use the "
9703
9709
"<application>smbclient</application> utility. To list the files in a Windows "
9707
#: serverguide/C/windows-networking.xml:1240(command)
9713
#: serverguide/C/samba.xml:1240(command)
9708
9714
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9711
#: serverguide/C/windows-networking.xml:1246(para)
9717
#: serverguide/C/samba.xml:1246(para)
9712
9718
msgid "To copy a file from the share, enter:"
9715
#: serverguide/C/windows-networking.xml:1251(command)
9721
#: serverguide/C/samba.xml:1251(command)
9716
9722
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9719
#: serverguide/C/windows-networking.xml:1254(para)
9725
#: serverguide/C/samba.xml:1254(para)
9721
9727
"This will copy the <filename>file.txt</filename> into the current directory."
9724
#: serverguide/C/windows-networking.xml:1261(para)
9730
#: serverguide/C/samba.xml:1261(para)
9725
9731
msgid "And to copy a file to the share:"
9728
#: serverguide/C/windows-networking.xml:1266(command)
9734
#: serverguide/C/samba.xml:1266(command)
9729
9735
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9732
#: serverguide/C/windows-networking.xml:1269(para)
9738
#: serverguide/C/samba.xml:1269(para)
9734
9740
"This will copy the <filename>/etc/hosts</filename> to "
9735
9741
"<filename>//fs01.example.com/share/hosts</filename>."
9738
#: serverguide/C/windows-networking.xml:1276(para)
9744
#: serverguide/C/samba.xml:1276(para)
9740
9746
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9741
9747
"<application>smbclient</application> command all at once. This is useful for "
10715
10721
"<application>Microsoft Active Directory</application> domain."
10718
#: serverguide/C/remote-administration.xml:509(para)
10724
#: serverguide/C/remote-administration.xml:549(para)
10720
10726
"zentyal-squid: configures <application>Squid</application> and "
10721
10727
"<application>Dansguardian</application> for speeding up browsing thanks to "
10722
10728
"the caching capabilities and content filtering."
10725
#: serverguide/C/remote-administration.xml:516(para)
10731
#: serverguide/C/remote-administration.xml:556(para)
10727
10733
"zentyal-samba: allows <application>Samba</application> configuration and "
10728
10734
"integration with existing LDAP. From the same interface you can define "
10729
10735
"password policies, create shared resources and assign permissions."
10732
#: serverguide/C/remote-administration.xml:524(para)
10738
#: serverguide/C/remote-administration.xml:564(para)
10734
10740
"zentyal-printers: integrates <application>CUPS</application> with "
10735
10741
"<application>Samba</application> and allows not only to configure the "
10736
10742
"printers but also give them permissions based on LDAP users and groups."
10739
#: serverguide/C/remote-administration.xml:533(para)
10745
#: serverguide/C/remote-administration.xml:573(para)
10741
10747
"To install <application>Zentyal</application>, in a terminal on the "
10742
10748
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10743
10749
"the modules from the previous list):"
10746
#: serverguide/C/remote-administration.xml:540(command)
10752
#: serverguide/C/remote-administration.xml:580(command)
10747
10753
msgid "sudo apt-get install <zentyal-module>"
10750
#: serverguide/C/remote-administration.xml:544(para)
10756
#: serverguide/C/remote-administration.xml:584(para)
10752
10758
"<application>Zentyal</application> publishes one major stable release once a "
10753
10759
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10767
10773
"Personal Package Archive (PPA)</ulink>."
10770
#: serverguide/C/remote-administration.xml:566(para)
10776
#: serverguide/C/remote-administration.xml:606(para)
10772
10778
"Not present on Ubuntu Universe repositories, but on <ulink "
10773
10779
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10774
10780
"find these other modules:"
10777
#: serverguide/C/remote-administration.xml:573(para)
10783
#: serverguide/C/remote-administration.xml:613(para)
10779
10785
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10780
10786
"with other modules like the proxy, file sharing or mailfilter."
10783
#: serverguide/C/remote-administration.xml:580(para)
10789
#: serverguide/C/remote-administration.xml:620(para)
10785
10791
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10786
10792
"a simple PBX with LDAP based authentication."
10789
#: serverguide/C/remote-administration.xml:586(para)
10795
#: serverguide/C/remote-administration.xml:626(para)
10791
10797
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10794
#: serverguide/C/remote-administration.xml:592(para)
10800
#: serverguide/C/remote-administration.xml:632(para)
10796
10802
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10797
10803
"LDAP users and groups."
10800
#: serverguide/C/remote-administration.xml:598(para)
10806
#: serverguide/C/remote-administration.xml:638(para)
10802
10808
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10803
10809
"popular <application>duplicity</application> backup tool."
10806
#: serverguide/C/remote-administration.xml:604(para)
10812
#: serverguide/C/remote-administration.xml:644(para)
10807
10813
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10810
#: serverguide/C/remote-administration.xml:609(para)
10816
#: serverguide/C/remote-administration.xml:649(para)
10811
10817
msgid "zentyal-ids: integrates a network intrusion detection system."
10814
#: serverguide/C/remote-administration.xml:614(para)
10820
#: serverguide/C/remote-administration.xml:654(para)
10816
10822
"zentyal-ipsec: allows to configure IPsec tunnels using "
10817
10823
"<application>OpenSwan</application>."
10820
#: serverguide/C/remote-administration.xml:620(para)
10826
#: serverguide/C/remote-administration.xml:660(para)
10822
10828
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10823
10829
"with LDAP users and groups."
10826
#: serverguide/C/remote-administration.xml:626(para)
10832
#: serverguide/C/remote-administration.xml:666(para)
10828
10834
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10832
#: serverguide/C/remote-administration.xml:632(para)
10838
#: serverguide/C/remote-administration.xml:672(para)
10834
10840
"zentyal-mail: a full mail stack including <application>Postfix "
10835
10841
"</application> and <application>Dovecot</application> with LDAP backend."
10838
#: serverguide/C/remote-administration.xml:639(para)
10844
#: serverguide/C/remote-administration.xml:679(para)
10840
10846
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10841
10847
"stack to filter spam and attached virus."
10844
#: serverguide/C/remote-administration.xml:645(para)
10850
#: serverguide/C/remote-administration.xml:685(para)
10846
10852
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10847
10853
"server performance and running services."
10850
#: serverguide/C/remote-administration.xml:651(para)
10856
#: serverguide/C/remote-administration.xml:691(para)
10852
10858
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10855
#: serverguide/C/remote-administration.xml:656(para)
10861
#: serverguide/C/remote-administration.xml:696(para)
10857
10863
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10858
10864
"users and groups."
10861
#: serverguide/C/remote-administration.xml:662(para)
10867
#: serverguide/C/remote-administration.xml:702(para)
10863
10869
"zentyal-software: simple interface to manage installed "
10864
10870
"<application>Zentyal</application> modules and system updates."
10867
#: serverguide/C/remote-administration.xml:668(para)
10873
#: serverguide/C/remote-administration.xml:708(para)
10869
10875
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10870
10876
"throttling and improve latency."
10873
#: serverguide/C/remote-administration.xml:674(para)
10879
#: serverguide/C/remote-administration.xml:714(para)
10875
10881
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10876
10882
"web browser."
10879
#: serverguide/C/remote-administration.xml:680(para)
10885
#: serverguide/C/remote-administration.xml:720(para)
10881
10887
"zentyal-virt: simple interface to create and manage virtual machines based "
10882
10888
"on <application>libvirt</application>."
10885
#: serverguide/C/remote-administration.xml:686(para)
10891
#: serverguide/C/remote-administration.xml:726(para)
10887
10893
"zentyal-webmail: allows to access your mail using the popular "
10888
10894
"<application>Roundcube</application> webmail."
10891
#: serverguide/C/remote-administration.xml:692(para)
10897
#: serverguide/C/remote-administration.xml:732(para)
10893
10899
"zentyal-webserver: configures <application>Apache</application> webserver to "
10894
10900
"host different sites on your machine."
10897
#: serverguide/C/remote-administration.xml:698(para)
10903
#: serverguide/C/remote-administration.xml:738(para)
10899
10905
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10900
10906
"with <application>Zentyal</application> mail stack and LDAP."
10903
#: serverguide/C/remote-administration.xml:710(title)
10909
#: serverguide/C/remote-administration.xml:750(title)
10904
10910
msgid "First steps"
10907
#: serverguide/C/remote-administration.xml:712(para)
10913
#: serverguide/C/remote-administration.xml:752(para)
10909
10915
"Any system account belonging to the sudo group is allowed to log into "
10910
10916
"<application>Zentyal</application> web interface. If you are using the user "
10911
10917
"created during the installation, this should be in the sudo group by default."
10914
#: serverguide/C/remote-administration.xml:720(para)
10920
#: serverguide/C/remote-administration.xml:760(para)
10915
10921
msgid "If you need to add another user to the sudo group, just execute:"
10918
#: serverguide/C/remote-administration.xml:725(command)
10924
#: serverguide/C/remote-administration.xml:765(command)
10919
10925
msgid "sudo adduser username sudo"
10922
#: serverguide/C/remote-administration.xml:729(para)
10928
#: serverguide/C/remote-administration.xml:769(para)
10924
10930
"To access <application>Zentyal</application> web interface, browse into "
10925
10931
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
12028
12034
msgid "sudo etckeeper commit \"added new host\""
12031
#: serverguide/C/other-apps.xml:258(para)
12037
#: serverguide/C/other-apps.xml:298(para)
12033
12039
"For more information on <application>bzr</application> see <xref "
12034
12040
"linkend=\"bazaar\"/>."
12037
#: serverguide/C/other-apps.xml:345(para)
12040
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12041
"more details on using <application>etckeeper</application>."
12044
#: serverguide/C/other-apps.xml:351(para)
12046
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12047
"Ubuntu Wiki</ulink> page."
12050
#: serverguide/C/other-apps.xml:356(para)
12043
#: serverguide/C/other-apps.xml:310(para)
12045
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
12046
"site for more details on using <application>etckeeper</application>."
12049
#: serverguide/C/other-apps.xml:317(para)
12052
12051
"For the latest news and information about <application>bzr</application> see "
12053
12052
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12056
#: serverguide/C/other-apps.xml:264(title)
12055
#: serverguide/C/other-apps.xml:329(title)
12057
12056
msgid "Byobu"
12060
#: serverguide/C/other-apps.xml:337(para)
12059
#: serverguide/C/other-apps.xml:331(para)
12062
12061
"One of the most useful applications for any system administrator is an xterm "
12063
12062
"multiplexor such as <application>screen</application> or "
12069
12068
"changed by the user."
12072
#: serverguide/C/other-apps.xml:344(para)
12071
#: serverguide/C/other-apps.xml:338(para)
12073
12072
msgid "Invoke it simply with:"
12076
#: serverguide/C/other-apps.xml:349(command)
12075
#: serverguide/C/other-apps.xml:343(command)
12077
12076
msgid "byobu"
12080
#: serverguide/C/other-apps.xml:352(para)
12079
#: serverguide/C/other-apps.xml:346(para)
12082
12081
"Now bring up the configuration menu. By default this is done by pressing the "
12083
12082
"<emphasis>F9</emphasis> key. This will allow you to:"
12086
#: serverguide/C/other-apps.xml:279(para)
12085
#: serverguide/C/other-apps.xml:351(para)
12087
12086
msgid "View the Help menu"
12090
#: serverguide/C/other-apps.xml:280(para)
12089
#: serverguide/C/other-apps.xml:352(para)
12091
12090
msgid "Change Byobu's background color"
12094
#: serverguide/C/other-apps.xml:281(para)
12093
#: serverguide/C/other-apps.xml:353(para)
12095
12094
msgid "Change Byobu's foreground color"
12098
#: serverguide/C/other-apps.xml:282(para)
12097
#: serverguide/C/other-apps.xml:354(para)
12099
12098
msgid "Toggle status notifications"
12102
#: serverguide/C/other-apps.xml:283(para)
12101
#: serverguide/C/other-apps.xml:355(para)
12103
12102
msgid "Change the key binding set"
12106
#: serverguide/C/other-apps.xml:284(para)
12105
#: serverguide/C/other-apps.xml:356(para)
12107
12106
msgid "Change the escape sequence"
12110
#: serverguide/C/other-apps.xml:285(para)
12109
#: serverguide/C/other-apps.xml:357(para)
12111
12110
msgid "Create new windows"
12114
#: serverguide/C/other-apps.xml:286(para)
12113
#: serverguide/C/other-apps.xml:358(para)
12115
12114
msgid "Manage the default windows"
12118
#: serverguide/C/other-apps.xml:287(para)
12117
#: serverguide/C/other-apps.xml:359(para)
12119
12118
msgid "Byobu currently does not launch at login (toggle on)"
12122
#: serverguide/C/other-apps.xml:290(para)
12121
#: serverguide/C/other-apps.xml:362(para)
12124
12123
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12125
12124
"sequence, new window, change window, etc. There are two key binding sets to "
12152
12151
"commands. Here is a quick list of movement commands:"
12155
#: serverguide/C/other-apps.xml:314(para)
12154
#: serverguide/C/other-apps.xml:386(para)
12156
12155
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12159
#: serverguide/C/other-apps.xml:315(para)
12158
#: serverguide/C/other-apps.xml:387(para)
12160
12159
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12163
#: serverguide/C/other-apps.xml:316(para)
12162
#: serverguide/C/other-apps.xml:388(para)
12164
12163
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12167
#: serverguide/C/other-apps.xml:317(para)
12166
#: serverguide/C/other-apps.xml:389(para)
12168
12167
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12171
#: serverguide/C/other-apps.xml:318(para)
12170
#: serverguide/C/other-apps.xml:390(para)
12172
12171
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12175
#: serverguide/C/other-apps.xml:319(para)
12174
#: serverguide/C/other-apps.xml:391(para)
12176
12175
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12179
#: serverguide/C/other-apps.xml:320(para)
12178
#: serverguide/C/other-apps.xml:392(para)
12181
12180
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12182
12181
"the buffer)"
12185
#: serverguide/C/other-apps.xml:321(para)
12184
#: serverguide/C/other-apps.xml:393(para)
12186
12185
msgid "<emphasis>/</emphasis> - Search forward"
12189
#: serverguide/C/other-apps.xml:322(para)
12188
#: serverguide/C/other-apps.xml:394(para)
12190
12189
msgid "<emphasis>?</emphasis> - Search backward"
12193
#: serverguide/C/other-apps.xml:401(para)
12192
#: serverguide/C/other-apps.xml:395(para)
12195
12194
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
12198
#: serverguide/C/other-apps.xml:361(para)
12197
#: serverguide/C/other-apps.xml:403(para)
12200
12199
"For more information on <application>screen</application> see the <ulink "
12201
12200
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12204
#: serverguide/C/other-apps.xml:366(para)
12203
#: serverguide/C/other-apps.xml:408(para)
12206
12205
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12207
12206
"screen</ulink> page."
12210
#: serverguide/C/other-apps.xml:371(para)
12209
#: serverguide/C/other-apps.xml:413(para)
12212
12211
"Also, see the <application>byobu</application><ulink "
12213
12212
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12567
12566
"iface eth0 inet dhcp\n"
12570
#: serverguide/C/network-config.xml:257(para)
12569
#: serverguide/C/network-config.xml:261(para)
12572
12571
"By adding an interface configuration as shown above, you can manually enable "
12573
12572
"the interface through the <application>ifup</application> command which "
12574
12573
"initiates the DHCP process via <application>dhclient</application>."
12577
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12576
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12578
12577
msgid "sudo ifup eth0"
12581
#: serverguide/C/network-config.xml:265(para)
12580
#: serverguide/C/network-config.xml:269(para)
12583
12582
"To manually disable the interface, you can use the "
12584
12583
"<application>ifdown</application> command, which in turn will initiate the "
12585
12584
"DHCP release process and shut down the interface."
12588
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12587
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12589
12588
msgid "sudo ifdown eth0"
12592
#: serverguide/C/network-config.xml:276(title)
12591
#: serverguide/C/network-config.xml:280(title)
12593
12592
msgid "Static IP Address Assignment"
12596
#: serverguide/C/network-config.xml:277(para)
12595
#: serverguide/C/network-config.xml:281(para)
12598
12597
"To configure your system to use a static IP address assignment, add the "
12599
12598
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12618
12617
"gateway 10.0.0.1\n"
12621
#: serverguide/C/network-config.xml:293(para)
12620
#: serverguide/C/network-config.xml:297(para)
12623
12622
"By adding an interface configuration as shown above, you can manually enable "
12624
12623
"the interface through the <application>ifup</application> command."
12627
#: serverguide/C/network-config.xml:300(para)
12626
#: serverguide/C/network-config.xml:304(para)
12629
12628
"To manually disable the interface, you can use the "
12630
12629
"<application>ifdown</application> command."
12633
#: serverguide/C/network-config.xml:310(title)
12632
#: serverguide/C/network-config.xml:314(title)
12634
12633
msgid "Loopback Interface"
12637
#: serverguide/C/network-config.xml:311(para)
12636
#: serverguide/C/network-config.xml:315(para)
12639
12638
"The loopback interface is identified by the system as <emphasis "
12640
12639
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12641
12640
"can be viewed using the ifconfig command."
12644
#: serverguide/C/network-config.xml:316(command)
12643
#: serverguide/C/network-config.xml:320(command)
12645
12644
msgid "ifconfig lo"
12648
#: serverguide/C/network-config.xml:317(computeroutput)
12647
#: serverguide/C/network-config.xml:321(computeroutput)
12651
12650
"lo Link encap:Local Loopback \n"
12765
12764
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12768
#: serverguide/C/network-config.xml:402(para)
12767
#: serverguide/C/network-config.xml:406(para)
12770
12769
"If you try to ping a host with the name of <emphasis "
12771
12770
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12772
12771
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12775
#: serverguide/C/network-config.xml:409(para)
12774
#: serverguide/C/network-config.xml:413(para)
12776
12775
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12779
#: serverguide/C/network-config.xml:414(para)
12778
#: serverguide/C/network-config.xml:418(para)
12780
12779
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12783
#: serverguide/C/network-config.xml:419(para)
12782
#: serverguide/C/network-config.xml:423(para)
12784
12783
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12787
#: serverguide/C/network-config.xml:424(para)
12786
#: serverguide/C/network-config.xml:428(para)
12789
12788
"If no matches are found, the DNS server will provide a result of <emphasis "
12790
12789
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12793
#: serverguide/C/network-config.xml:431(title)
12792
#: serverguide/C/network-config.xml:435(title)
12794
12793
msgid "Static Hostnames"
12797
#: serverguide/C/network-config.xml:432(para)
12796
#: serverguide/C/network-config.xml:436(para)
12799
12798
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12800
12799
"file <filename>/etc/hosts</filename>. Entries in the "
13322
13321
"DHCP server, and the configuration is transparent to the computer's user."
13325
#: serverguide/C/network-config.xml:880(para)
13324
#: serverguide/C/network-config.xml:876(para)
13327
13326
"The most common settings provided by a DHCP server to DHCP clients include:"
13329
13328
"Pengaturan umum yang di sediakan oleh server DHCP kepada klient DHCP "
13332
#: serverguide/C/network-config.xml:885(para)
13331
#: serverguide/C/network-config.xml:881(para)
13333
13332
msgid "IP address and netmask"
13336
#: serverguide/C/network-config.xml:888(para)
13335
#: serverguide/C/network-config.xml:884(para)
13337
13336
msgid "IP address of the default-gateway to use"
13340
#: serverguide/C/network-config.xml:891(para)
13339
#: serverguide/C/network-config.xml:887(para)
13341
13340
msgid "IP adresses of the DNS servers to use"
13344
#: serverguide/C/network-config.xml:894(para)
13343
#: serverguide/C/network-config.xml:890(para)
13346
13345
"However, a DHCP server can also supply configuration properties such as:"
13348
13347
"Akan tetapi, server DHCP juga dapat menyediakan properti konfigurasi seperti:"
13350
#: serverguide/C/network-config.xml:899(para)
13349
#: serverguide/C/network-config.xml:895(para)
13351
13350
msgid "Host Name"
13352
13351
msgstr "Host Name"
13354
#: serverguide/C/network-config.xml:902(para)
13353
#: serverguide/C/network-config.xml:898(para)
13355
13354
msgid "Domain Name"
13356
13355
msgstr "Nama Domain"
13358
#: serverguide/C/network-config.xml:905(para)
13357
#: serverguide/C/network-config.xml:901(para)
13359
13358
msgid "Time Server"
13360
13359
msgstr "Time Server"
13362
#: serverguide/C/network-config.xml:911(para)
13361
#: serverguide/C/network-config.xml:907(para)
13364
13363
"The advantage of using DHCP is that changes to the network, for example a "
13365
13364
"change in the address of the DNS server, need only be changed at the DHCP "
13440
13439
"Dalam terminal promp, masukkan perintah berikut untuk menginstall "
13441
13440
"<application>dhcpd</application>:"
13443
#: serverguide/C/network-config.xml:981(command)
13442
#: serverguide/C/network-config.xml:979(command)
13444
13443
msgid "sudo apt-get install isc-dhcp-server"
13447
#: serverguide/C/network-config.xml:983(para)
13446
#: serverguide/C/network-config.xml:981(para)
13449
13448
"You will probably need to change the default configuration by editing "
13450
13449
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13453
#: serverguide/C/network-config.xml:987(para)
13452
#: serverguide/C/network-config.xml:985(para)
13455
13454
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13456
13455
"interfaces dhcpd should listen to."
13459
#: serverguide/C/network-config.xml:991(para)
13458
#: serverguide/C/network-config.xml:989(para)
13461
13460
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13465
#: serverguide/C/network-config.xml:998(para)
13464
#: serverguide/C/network-config.xml:996(para)
13467
13466
"The error message the installation ends with might be a little confusing, "
13468
13467
"but the following steps will help you configure the service:"
13471
#: serverguide/C/network-config.xml:1002(para)
13470
#: serverguide/C/network-config.xml:1000(para)
13473
13472
"Most commonly, what you want to do is assign an IP address randomly. This "
13474
13473
"can be done with settings as follows:"
13477
#: serverguide/C/network-config.xml:1006(programlisting)
13476
#: serverguide/C/network-config.xml:1004(programlisting)
13682
13681
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13683
13682
"querying and modifying a X.500-based directory service running over TCP/IP. "
13684
13683
"The current LDAP version is LDAPv3, as defined in <ulink "
13685
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13686
"implementation used in Ubuntu is from OpenLDAP."
13684
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13685
"implementation in Ubuntu is OpenLDAP.\""
13689
#: serverguide/C/network-auth.xml:27(para)
13688
#: serverguide/C/network-auth.xml:29(para)
13691
13690
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13695
#: serverguide/C/network-auth.xml:34(para)
13694
#: serverguide/C/network-auth.xml:36(para)
13697
13696
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13698
13697
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13701
#: serverguide/C/network-auth.xml:41(para)
13700
#: serverguide/C/network-auth.xml:43(para)
13702
13701
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13705
#: serverguide/C/network-auth.xml:47(para)
13704
#: serverguide/C/network-auth.xml:49(para)
13707
13706
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13708
13707
"more <emphasis>values</emphasis>."
13711
#: serverguide/C/network-auth.xml:53(para)
13710
#: serverguide/C/network-auth.xml:55(para)
13713
13712
"Every attribute must be defined in at least one "
13714
13713
"<emphasis>objectClass</emphasis>."
13717
#: serverguide/C/network-auth.xml:59(para)
13716
#: serverguide/C/network-auth.xml:61(para)
13719
13718
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13720
13719
"objectclass is actually considered as a special kind of attribute)."
13723
#: serverguide/C/network-auth.xml:66(para)
13722
#: serverguide/C/network-auth.xml:68(para)
13725
13724
"Each entry has a unique identifier: its <emphasis>Distinguished "
13726
13725
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13727
13726
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13730
#: serverguide/C/network-auth.xml:73(para)
13729
#: serverguide/C/network-auth.xml:75(para)
13732
13731
"The entry's DN is not an attribute. It is not considered part of the entry "
13736
#: serverguide/C/network-auth.xml:81(para)
13735
#: serverguide/C/network-auth.xml:83(para)
13738
13737
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13739
13738
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13812
13811
"a line similar to this:"
13815
#: serverguide/C/network-auth.xml:155(programlisting)
13814
#: serverguide/C/network-auth.xml:157(programlisting)
13819
13818
"127.0.1.1 hostname.example.com\thostname\n"
13822
#: serverguide/C/network-auth.xml:159(para)
13821
#: serverguide/C/network-auth.xml:161(para)
13823
13822
msgid "You can revert the change after package installation."
13826
#: serverguide/C/network-auth.xml:164(para)
13825
#: serverguide/C/network-auth.xml:166(para)
13828
13827
"This guide will use a database suffix of "
13829
13828
"<emphasis>dc=example,dc=com</emphasis>."
13832
#: serverguide/C/network-auth.xml:169(para)
13831
#: serverguide/C/network-auth.xml:171(para)
13833
13832
msgid "Proceed with the install:"
13836
#: serverguide/C/network-auth.xml:174(command)
13835
#: serverguide/C/network-auth.xml:176(command)
13837
13836
msgid "sudo apt-get install slapd ldap-utils"
13840
#: serverguide/C/network-auth.xml:177(para)
13839
#: serverguide/C/network-auth.xml:179(para)
13842
13841
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13843
13842
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13960
13959
"dn: olcDatabase={1}hdb,cn=config\n"
13963
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13962
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13964
13963
msgid "Explanation of entries:"
13967
#: serverguide/C/network-auth.xml:288(para)
13966
#: serverguide/C/network-auth.xml:295(para)
13968
13967
msgid "<emphasis>cn=config</emphasis>: global settings"
13971
#: serverguide/C/network-auth.xml:294(para)
13970
#: serverguide/C/network-auth.xml:301(para)
13973
13972
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13976
#: serverguide/C/network-auth.xml:300(para)
13975
#: serverguide/C/network-auth.xml:307(para)
13978
13977
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13982
#: serverguide/C/network-auth.xml:306(para)
13981
#: serverguide/C/network-auth.xml:313(para)
13984
13983
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13988
#: serverguide/C/network-auth.xml:312(para)
13987
#: serverguide/C/network-auth.xml:319(para)
13990
13989
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13993
#: serverguide/C/network-auth.xml:318(para)
13992
#: serverguide/C/network-auth.xml:325(para)
13994
13993
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13997
#: serverguide/C/network-auth.xml:324(para)
13996
#: serverguide/C/network-auth.xml:331(para)
13999
13998
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
14000
13999
"inetorgperson schema"
14003
#: serverguide/C/network-auth.xml:330(para)
14002
#: serverguide/C/network-auth.xml:337(para)
14005
14004
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
14009
#: serverguide/C/network-auth.xml:336(para)
14008
#: serverguide/C/network-auth.xml:343(para)
14011
14010
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
14012
14011
"default settings for other databases"
14015
#: serverguide/C/network-auth.xml:342(para)
14014
#: serverguide/C/network-auth.xml:349(para)
14017
14016
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
14018
14017
"database (cn=config)"
14021
#: serverguide/C/network-auth.xml:348(para)
14020
#: serverguide/C/network-auth.xml:355(para)
14023
14022
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
14024
14023
"(dc=examle,dc=com)"
14027
#: serverguide/C/network-auth.xml:359(para)
14026
#: serverguide/C/network-auth.xml:366(para)
14028
14027
msgid "This is what the dc=example,dc=com DIT looks like:"
14031
#: serverguide/C/network-auth.xml:364(command)
14030
#: serverguide/C/network-auth.xml:371(command)
14032
14031
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
14035
#: serverguide/C/network-auth.xml:365(computeroutput)
14034
#: serverguide/C/network-auth.xml:372(computeroutput)
14041
14040
"dn: cn=admin,dc=example,dc=com\n"
14044
#: serverguide/C/network-auth.xml:379(para)
14043
#: serverguide/C/network-auth.xml:386(para)
14045
14044
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
14048
#: serverguide/C/network-auth.xml:385(para)
14047
#: serverguide/C/network-auth.xml:392(para)
14050
14049
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
14051
14050
"this DIT (set up during package install)"
14054
#: serverguide/C/network-auth.xml:399(title)
14053
#: serverguide/C/network-auth.xml:406(title)
14055
14054
msgid "Modifying/Populating your Database"
14058
#: serverguide/C/network-auth.xml:401(para)
14057
#: serverguide/C/network-auth.xml:408(para)
14060
14059
"Let's introduce some content to our database. We will add the following:"
14063
#: serverguide/C/network-auth.xml:408(para)
14062
#: serverguide/C/network-auth.xml:415(para)
14064
14063
msgid "a node called <emphasis>People</emphasis> (to store users)"
14067
#: serverguide/C/network-auth.xml:414(para)
14066
#: serverguide/C/network-auth.xml:421(para)
14068
14067
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
14071
#: serverguide/C/network-auth.xml:420(para)
14070
#: serverguide/C/network-auth.xml:427(para)
14072
14071
msgid "a group called <emphasis>miners</emphasis>"
14075
#: serverguide/C/network-auth.xml:426(para)
14074
#: serverguide/C/network-auth.xml:433(para)
14076
14075
msgid "a user called <emphasis>john</emphasis>"
14079
#: serverguide/C/network-auth.xml:433(para)
14078
#: serverguide/C/network-auth.xml:440(para)
14081
14080
"Create the following LDIF file and call it "
14082
14081
"<filename>add_content.ldif</filename>:"
14085
#: serverguide/C/network-auth.xml:437(programlisting)
14084
#: serverguide/C/network-auth.xml:444(programlisting)
14169
14168
"gidNumber: 5000\n"
14172
#: serverguide/C/network-auth.xml:508(para)
14171
#: serverguide/C/network-auth.xml:515(para)
14173
14172
msgid "Explanation of switches:"
14176
#: serverguide/C/network-auth.xml:515(para)
14175
#: serverguide/C/network-auth.xml:522(para)
14178
14177
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
14182
#: serverguide/C/network-auth.xml:521(para)
14181
#: serverguide/C/network-auth.xml:528(para)
14183
14182
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
14186
#: serverguide/C/network-auth.xml:527(para)
14185
#: serverguide/C/network-auth.xml:534(para)
14187
14186
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
14190
#: serverguide/C/network-auth.xml:533(para)
14189
#: serverguide/C/network-auth.xml:540(para)
14192
14191
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
14193
14192
"displayed (the default is to show all attributes)"
14196
#: serverguide/C/network-auth.xml:543(title)
14195
#: serverguide/C/network-auth.xml:550(title)
14197
14196
msgid "Modifying the slapd Configuration Database"
14200
#: serverguide/C/network-auth.xml:545(para)
14199
#: serverguide/C/network-auth.xml:552(para)
14202
14201
"The slapd-config DIT can also be queried and modified. Here are a few "
14206
#: serverguide/C/network-auth.xml:552(para)
14205
#: serverguide/C/network-auth.xml:559(para)
14208
14207
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
14209
14208
"attribute) to your <application>{1}hdb,cn=config</application> database "
14254
14253
"olcDbIndex: uid eq,pres,sub\n"
14257
#: serverguide/C/network-auth.xml:591(para)
14256
#: serverguide/C/network-auth.xml:598(para)
14259
14258
"Let's add a schema. It will first need to be converted to LDIF format. You "
14260
14259
"can find unconverted schemas in addition to converted ones in the <filename "
14261
14260
"role=\"directory\">/etc/ldap/schema</filename> directory."
14264
#: serverguide/C/network-auth.xml:599(para)
14263
#: serverguide/C/network-auth.xml:606(para)
14266
14265
"It is not trivial to remove a schema from the slapd-config database. "
14267
14266
"Practice adding schemas on a test system."
14270
#: serverguide/C/network-auth.xml:605(para)
14269
#: serverguide/C/network-auth.xml:612(para)
14272
14271
"Before adding any schema, you should check which schemas are already "
14273
14272
"installed (shown is a default, out-of-the-box output):"
14276
#: serverguide/C/network-auth.xml:611(command)
14275
#: serverguide/C/network-auth.xml:618(command)
14278
14277
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
14281
#: serverguide/C/network-auth.xml:613(computeroutput)
14280
#: serverguide/C/network-auth.xml:620(computeroutput)
14323
14322
"include /etc/ldap/schema/pmi.schema\n"
14326
#: serverguide/C/network-auth.xml:662(para)
14325
#: serverguide/C/network-auth.xml:669(para)
14327
14326
msgid "Create the output directory <filename>ldif_output</filename>."
14330
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14329
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14331
14330
msgid "Determine the index of the schema:"
14334
#: serverguide/C/network-auth.xml:673(command)
14333
#: serverguide/C/network-auth.xml:680(command)
14336
14335
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14339
#: serverguide/C/network-auth.xml:674(computeroutput)
14338
#: serverguide/C/network-auth.xml:681(computeroutput)
14343
14342
"cn={1}corba,cn=schema,cn=config\n"
14346
#: serverguide/C/network-auth.xml:685(para)
14345
#: serverguide/C/network-auth.xml:687(para)
14348
14347
"When slapd ingests objects with the same parent DN it will create an "
14349
14348
"<emphasis>index</emphasis> for that object. An index is contained within "
14350
14349
"braces: <application>{X}</application>."
14353
#: serverguide/C/network-auth.xml:689(para)
14352
#: serverguide/C/network-auth.xml:696(para)
14354
14353
msgid "Use <application>slapcat</application> to perform the conversion:"
14357
#: serverguide/C/network-auth.xml:694(command)
14356
#: serverguide/C/network-auth.xml:701(command)
14359
14358
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14360
14359
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14363
#: serverguide/C/network-auth.xml:698(para)
14362
#: serverguide/C/network-auth.xml:705(para)
14364
14363
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14367
#: serverguide/C/network-auth.xml:704(para)
14366
#: serverguide/C/network-auth.xml:711(para)
14369
14368
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14370
14369
"attributes:"
14373
#: serverguide/C/network-auth.xml:708(programlisting)
14372
#: serverguide/C/network-auth.xml:715(programlisting)
14396
14395
"modifyTimestamp: 20110829165435Z\n"
14399
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14398
#: serverguide/C/network-auth.xml:735(para) serverguide/C/network-auth.xml:2374(para)
14400
14399
msgid "Your attribute values will vary."
14403
#: serverguide/C/network-auth.xml:734(para)
14402
#: serverguide/C/network-auth.xml:741(para)
14405
14404
"Finally, use <application>ldapadd</application> to add the new schema to the "
14406
14405
"slapd-config DIT:"
14409
#: serverguide/C/network-auth.xml:739(command)
14408
#: serverguide/C/network-auth.xml:746(command)
14410
14409
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14413
#: serverguide/C/network-auth.xml:740(computeroutput)
14412
#: serverguide/C/network-auth.xml:747(computeroutput)
14417
14416
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14420
#: serverguide/C/network-auth.xml:748(para)
14419
#: serverguide/C/network-auth.xml:755(para)
14421
14420
msgid "Confirm currently loaded schemas:"
14424
#: serverguide/C/network-auth.xml:753(command)
14423
#: serverguide/C/network-auth.xml:760(command)
14426
14425
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14429
#: serverguide/C/network-auth.xml:754(computeroutput)
14428
#: serverguide/C/network-auth.xml:761(computeroutput)
14653
14652
"/var/lib/ldap/** rwk,\n"
14656
#: serverguide/C/network-auth.xml:957(para)
14655
#: serverguide/C/network-auth.xml:964(para)
14658
14657
"Create a directory, set up a databse config file, and reload the apparmor "
14662
#: serverguide/C/network-auth.xml:962(command)
14661
#: serverguide/C/network-auth.xml:969(command)
14663
14662
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14666
#: serverguide/C/network-auth.xml:963(command)
14665
#: serverguide/C/network-auth.xml:970(command)
14667
14666
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14670
#: serverguide/C/network-auth.xml:970(para)
14669
#: serverguide/C/network-auth.xml:977(para)
14672
14671
"Add the new content and, due to the apparmor change, restart the daemon:"
14675
#: serverguide/C/network-auth.xml:975(command)
14674
#: serverguide/C/network-auth.xml:982(command)
14676
14675
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14679
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14678
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14680
14679
msgid "sudo service slapd restart"
14683
#: serverguide/C/network-auth.xml:983(para)
14682
#: serverguide/C/network-auth.xml:990(para)
14684
14683
msgid "The Provider is now configured."
14687
#: serverguide/C/network-auth.xml:990(title)
14686
#: serverguide/C/network-auth.xml:997(title)
14688
14687
msgid "Consumer Configuration"
14691
#: serverguide/C/network-auth.xml:992(para)
14690
#: serverguide/C/network-auth.xml:999(para)
14692
14691
msgid "And now configure the <emphasis>Consumer</emphasis>."
14695
#: serverguide/C/network-auth.xml:999(para)
14694
#: serverguide/C/network-auth.xml:1006(para)
14697
14696
"Install the software by going through <xref linkend=\"openldap-server-"
14698
14697
"installation\"/>. Make sure the slapd-config databse is identical to the "
14733
14732
"olcUpdateRef: ldap://ldap01.example.com\n"
14736
#: serverguide/C/network-auth.xml:1031(para)
14735
#: serverguide/C/network-auth.xml:1038(para)
14737
14736
msgid "Ensure the following attributes have the correct values:"
14740
#: serverguide/C/network-auth.xml:1036(para)
14739
#: serverguide/C/network-auth.xml:1043(para)
14742
14741
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14743
14742
"ldap01.example.com in this example -- or IP address)"
14746
#: serverguide/C/network-auth.xml:1037(para)
14745
#: serverguide/C/network-auth.xml:1044(para)
14747
14746
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14750
#: serverguide/C/network-auth.xml:1038(para)
14749
#: serverguide/C/network-auth.xml:1045(para)
14751
14750
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14754
#: serverguide/C/network-auth.xml:1039(para)
14753
#: serverguide/C/network-auth.xml:1046(para)
14755
14754
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14758
#: serverguide/C/network-auth.xml:1040(para)
14757
#: serverguide/C/network-auth.xml:1047(para)
14760
14759
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14763
#: serverguide/C/network-auth.xml:1041(para)
14762
#: serverguide/C/network-auth.xml:1048(para)
14765
14764
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14766
14765
"replica. Each consumer should have at least one rid)"
14769
#: serverguide/C/network-auth.xml:1050(para)
14768
#: serverguide/C/network-auth.xml:1057(para)
14770
14769
msgid "Add the new content:"
14773
#: serverguide/C/network-auth.xml:1055(command)
14772
#: serverguide/C/network-auth.xml:1062(command)
14774
14773
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14777
#: serverguide/C/network-auth.xml:1062(para)
14776
#: serverguide/C/network-auth.xml:1069(para)
14779
14778
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14780
14779
"synchronizing."
14783
#: serverguide/C/network-auth.xml:1071(para)
14782
#: serverguide/C/network-auth.xml:1078(para)
14784
14783
msgid "Once replication starts, you can monitor it by running"
14787
#: serverguide/C/network-auth.xml:1081(command)
14786
#: serverguide/C/network-auth.xml:1083(command)
14789
14788
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14793
#: serverguide/C/network-auth.xml:1077(computeroutput)
14792
#: serverguide/C/network-auth.xml:1084(computeroutput)
15133
15132
"cert_signing_key\n"
15136
#: serverguide/C/network-auth.xml:1370(para)
15135
#: serverguide/C/network-auth.xml:1377(para)
15137
15136
msgid "Create the self-signed CA certificate:"
15140
#: serverguide/C/network-auth.xml:1375(command)
15139
#: serverguide/C/network-auth.xml:1382(command)
15142
15141
"sudo certtool --generate-self-signed \\ --load-privkey "
15143
15142
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
15144
15143
"/etc/ssl/certs/cacert.pem"
15147
#: serverguide/C/network-auth.xml:1384(para)
15146
#: serverguide/C/network-auth.xml:1391(para)
15148
15147
msgid "Make a private key for the server:"
15151
#: serverguide/C/network-auth.xml:1389(command)
15150
#: serverguide/C/network-auth.xml:1396(command)
15153
15152
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15154
15153
"/etc/ssl/private/ldap01_slapd_key.pem"
15157
#: serverguide/C/network-auth.xml:1395(para)
15156
#: serverguide/C/network-auth.xml:1402(para)
15159
15158
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15160
15159
"hostname. Naming the certificate and key for the host and service that will "
15161
15160
"be using them will help keep things clear."
15164
#: serverguide/C/network-auth.xml:1404(para)
15163
#: serverguide/C/network-auth.xml:1411(para)
15166
15165
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
15169
#: serverguide/C/network-auth.xml:1408(programlisting)
15168
#: serverguide/C/network-auth.xml:1415(programlisting)
15250
15249
"over TCP port 636."
15253
#: serverguide/C/network-auth.xml:1482(para)
15252
#: serverguide/C/network-auth.xml:1489(para)
15254
15253
msgid "Tighten up ownership and permissions:"
15257
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15256
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15258
15257
msgid "sudo adduser openldap ssl-cert"
15261
#: serverguide/C/network-auth.xml:1488(command)
15260
#: serverguide/C/network-auth.xml:1495(command)
15262
15261
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15265
#: serverguide/C/network-auth.xml:1489(command)
15264
#: serverguide/C/network-auth.xml:1496(command)
15266
15265
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15269
#: serverguide/C/network-auth.xml:1490(command)
15268
#: serverguide/C/network-auth.xml:1497(command)
15270
15269
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15273
#: serverguide/C/network-auth.xml:1493(para)
15272
#: serverguide/C/network-auth.xml:1500(para)
15274
15273
msgid "Restart OpenLDAP:"
15277
#: serverguide/C/network-auth.xml:1501(para)
15276
#: serverguide/C/network-auth.xml:1508(para)
15279
15278
"Check your host's logs (/var/log/syslog) to see if the server has started "
15283
#: serverguide/C/network-auth.xml:1508(title)
15282
#: serverguide/C/network-auth.xml:1515(title)
15284
15283
msgid "Replication and TLS"
15287
#: serverguide/C/network-auth.xml:1510(para)
15286
#: serverguide/C/network-auth.xml:1517(para)
15289
15288
"If you have set up replication between servers, it is common practice to "
15290
15289
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15312
15311
"material over to the Consumer."
15315
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
15314
#: serverguide/C/network-auth.xml:1539(para) serverguide/C/network-auth.xml:1696(para)
15316
15315
msgid "On the Provider,"
15319
#: serverguide/C/network-auth.xml:1536(para)
15318
#: serverguide/C/network-auth.xml:1543(para)
15321
15320
"Create a holding directory (which will be used for the eventual transfer) "
15322
15321
"and then the Consumer's private key:"
15325
#: serverguide/C/network-auth.xml:1541(command)
15324
#: serverguide/C/network-auth.xml:1548(command)
15326
15325
msgid "mkdir ldap02-ssl"
15329
#: serverguide/C/network-auth.xml:1542(command)
15328
#: serverguide/C/network-auth.xml:1549(command)
15330
15329
msgid "cd ldap02-ssl"
15333
#: serverguide/C/network-auth.xml:1543(command)
15332
#: serverguide/C/network-auth.xml:1550(command)
15335
15334
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15336
15335
"ldap02_slapd_key.pem"
15339
#: serverguide/C/network-auth.xml:1548(para)
15338
#: serverguide/C/network-auth.xml:1555(para)
15341
15340
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
15342
15341
"server, adjusting its values accordingly:"
15345
#: serverguide/C/network-auth.xml:1552(programlisting)
15344
#: serverguide/C/network-auth.xml:1559(programlisting)
15366
15365
"ldap02_slapd_cert.pem"
15369
#: serverguide/C/network-auth.xml:1574(para)
15368
#: serverguide/C/network-auth.xml:1581(para)
15370
15369
msgid "Get a copy of the CA certificate:"
15373
#: serverguide/C/network-auth.xml:1579(command)
15372
#: serverguide/C/network-auth.xml:1586(command)
15374
15373
msgid "cp /etc/ssl/certs/cacert.pem ."
15377
#: serverguide/C/network-auth.xml:1582(para)
15376
#: serverguide/C/network-auth.xml:1589(para)
15379
15378
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15380
15379
"the Consumer. Here we use scp (adjust accordingly):"
15383
#: serverguide/C/network-auth.xml:1587(command)
15382
#: serverguide/C/network-auth.xml:1594(command)
15384
15383
msgid "cd .."
15387
#: serverguide/C/network-auth.xml:1588(command)
15386
#: serverguide/C/network-auth.xml:1595(command)
15388
15387
msgid "scp -r ldap02-ssl user@consumer:"
15391
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15390
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15392
15391
msgid "On the Consumer,"
15395
#: serverguide/C/network-auth.xml:1598(para)
15394
#: serverguide/C/network-auth.xml:1605(para)
15396
15395
msgid "Configure TLS authentication:"
15399
#: serverguide/C/network-auth.xml:1603(command)
15398
#: serverguide/C/network-auth.xml:1610(command)
15400
15399
msgid "sudo apt-get install ssl-cert"
15403
#: serverguide/C/network-auth.xml:1605(command)
15402
#: serverguide/C/network-auth.xml:1612(command)
15404
15403
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15407
#: serverguide/C/network-auth.xml:1606(command)
15406
#: serverguide/C/network-auth.xml:1613(command)
15408
15407
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15411
#: serverguide/C/network-auth.xml:1607(command)
15410
#: serverguide/C/network-auth.xml:1614(command)
15412
15411
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15415
#: serverguide/C/network-auth.xml:1608(command)
15414
#: serverguide/C/network-auth.xml:1615(command)
15416
15415
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15419
#: serverguide/C/network-auth.xml:1609(command)
15418
#: serverguide/C/network-auth.xml:1616(command)
15420
15419
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15423
#: serverguide/C/network-auth.xml:1612(para)
15422
#: serverguide/C/network-auth.xml:1619(para)
15425
15424
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15426
15425
"following contents (adjust accordingly):"
15429
#: serverguide/C/network-auth.xml:1616(programlisting)
15428
#: serverguide/C/network-auth.xml:1623(programlisting)
15541
15540
"assist you in the configuration step. Install this package now:"
15544
#: serverguide/C/network-auth.xml:1725(command)
15543
#: serverguide/C/network-auth.xml:1732(command)
15545
15544
msgid "sudo apt-get install libnss-ldap"
15548
#: serverguide/C/network-auth.xml:1728(para)
15547
#: serverguide/C/network-auth.xml:1735(para)
15550
15549
"You will be prompted for details of your LDAP server. If you make a mistake "
15551
15550
"you can try again using:"
15554
#: serverguide/C/network-auth.xml:1733(command)
15553
#: serverguide/C/network-auth.xml:1740(command)
15555
15554
msgid "sudo dpkg-reconfigure ldap-auth-config"
15558
#: serverguide/C/network-auth.xml:1736(para)
15557
#: serverguide/C/network-auth.xml:1743(para)
15560
15559
"The results of the dialog can be seen in "
15561
15560
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15562
15561
"covered in the menu edit this file accordingly."
15565
#: serverguide/C/network-auth.xml:1741(para)
15564
#: serverguide/C/network-auth.xml:1748(para)
15566
15565
msgid "Now configure the LDAP profile for NSS:"
15569
#: serverguide/C/network-auth.xml:1746(command)
15568
#: serverguide/C/network-auth.xml:1753(command)
15570
15569
msgid "sudo auth-client-config -t nss -p lac_ldap"
15573
#: serverguide/C/network-auth.xml:1749(para)
15572
#: serverguide/C/network-auth.xml:1756(para)
15574
15573
msgid "Configure the system to use LDAP for authentication:"
15577
#: serverguide/C/network-auth.xml:1754(command)
15576
#: serverguide/C/network-auth.xml:1761(command)
15578
15577
msgid "sudo pam-auth-update"
15581
#: serverguide/C/network-auth.xml:1757(para)
15580
#: serverguide/C/network-auth.xml:1764(para)
15583
15582
"From the menu, choose LDAP and any other authentication mechanisms you need."
15586
#: serverguide/C/network-auth.xml:1761(para)
15585
#: serverguide/C/network-auth.xml:1768(para)
15587
15586
msgid "You should now be able to log in using LDAP-based credentials."
15590
#: serverguide/C/network-auth.xml:1765(para)
15589
#: serverguide/C/network-auth.xml:1772(para)
15592
15591
"LDAP clients will need to refer to multiple servers if replication is in "
15593
15592
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15596
#: serverguide/C/network-auth.xml:1770(programlisting)
15595
#: serverguide/C/network-auth.xml:1777(programlisting)
15600
15599
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15603
#: serverguide/C/network-auth.xml:1774(para)
15602
#: serverguide/C/network-auth.xml:1781(para)
15605
15604
"The request will time out and the Consumer (ldap02) will attempt to be "
15606
15605
"reached if the Provider (ldap01) becomes unresponsive."
15609
#: serverguide/C/network-auth.xml:1778(para)
15608
#: serverguide/C/network-auth.xml:1785(para)
15611
15610
"If you are going to use LDAP to store Samba users you will need to configure "
15612
15611
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15613
15612
"ldap\"/> for details."
15616
#: serverguide/C/network-auth.xml:1784(para)
15615
#: serverguide/C/network-auth.xml:1791(para)
15618
15617
"An alternative to the <application>libnss-ldap</application> package is the "
15619
15618
"<application>libnss-ldapd</application> package. This, however, will bring "
15664
15663
"MIDSTART=10000\n"
15667
#: serverguide/C/network-auth.xml:1827(para)
15666
#: serverguide/C/network-auth.xml:1834(para)
15669
15668
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15670
15669
"access to the directory:"
15673
#: serverguide/C/network-auth.xml:1832(command)
15672
#: serverguide/C/network-auth.xml:1839(command)
15675
15674
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15678
#: serverguide/C/network-auth.xml:1833(command)
15677
#: serverguide/C/network-auth.xml:1840(command)
15679
15678
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15682
#: serverguide/C/network-auth.xml:1837(para)
15681
#: serverguide/C/network-auth.xml:1844(para)
15684
15683
"Replace <quote>secret</quote> with the actual password for your database's "
15685
15684
"rootDN user."
15688
#: serverguide/C/network-auth.xml:1842(para)
15687
#: serverguide/C/network-auth.xml:1849(para)
15690
15689
"The scripts are now ready to help manage your directory. Here are some "
15691
15690
"examples of how to use them:"
15694
#: serverguide/C/network-auth.xml:1849(para)
15693
#: serverguide/C/network-auth.xml:1856(para)
15695
15694
msgid "Create a new user:"
15698
#: serverguide/C/network-auth.xml:1854(command)
15697
#: serverguide/C/network-auth.xml:1861(command)
15699
15698
msgid "sudo ldapadduser george example"
15702
#: serverguide/C/network-auth.xml:1857(para)
15701
#: serverguide/C/network-auth.xml:1864(para)
15704
15703
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15705
15704
"and set the user's primary group (gid) to <emphasis "
15706
15705
"role=\"italic\">example</emphasis>"
15709
#: serverguide/C/network-auth.xml:1864(para)
15708
#: serverguide/C/network-auth.xml:1871(para)
15710
15709
msgid "Change a user's password:"
15713
#: serverguide/C/network-auth.xml:1869(command)
15712
#: serverguide/C/network-auth.xml:1876(command)
15714
15713
msgid "sudo ldapsetpasswd george"
15717
#: serverguide/C/network-auth.xml:1870(computeroutput)
15716
#: serverguide/C/network-auth.xml:1877(computeroutput)
15719
15718
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15722
#: serverguide/C/network-auth.xml:1871(userinput)
15721
#: serverguide/C/network-auth.xml:1878(userinput)
15724
15723
msgid "New Password: "
15727
#: serverguide/C/network-auth.xml:1872(userinput)
15726
#: serverguide/C/network-auth.xml:1879(userinput)
15729
15728
msgid "New Password (verify): "
15732
#: serverguide/C/network-auth.xml:1878(para)
15731
#: serverguide/C/network-auth.xml:1885(para)
15733
15732
msgid "Delete a user:"
15736
#: serverguide/C/network-auth.xml:1883(command)
15735
#: serverguide/C/network-auth.xml:1890(command)
15737
15736
msgid "sudo ldapdeleteuser george"
15740
#: serverguide/C/network-auth.xml:1889(para)
15739
#: serverguide/C/network-auth.xml:1896(para)
15741
15740
msgid "Add a group:"
15744
#: serverguide/C/network-auth.xml:1894(command)
15743
#: serverguide/C/network-auth.xml:1901(command)
15745
15744
msgid "sudo ldapaddgroup qa"
15748
#: serverguide/C/network-auth.xml:1900(para)
15747
#: serverguide/C/network-auth.xml:1907(para)
15749
15748
msgid "Delete a group:"
15752
#: serverguide/C/network-auth.xml:1905(command)
15751
#: serverguide/C/network-auth.xml:1912(command)
15753
15752
msgid "sudo ldapdeletegroup qa"
15756
#: serverguide/C/network-auth.xml:1911(para)
15755
#: serverguide/C/network-auth.xml:1918(para)
15757
15756
msgid "Add a user to a group:"
15760
#: serverguide/C/network-auth.xml:1916(command)
15759
#: serverguide/C/network-auth.xml:1923(command)
15761
15760
msgid "sudo ldapaddusertogroup george qa"
15764
#: serverguide/C/network-auth.xml:1919(para)
15763
#: serverguide/C/network-auth.xml:1926(para)
15766
15765
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15767
15766
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15768
15767
"role=\"italic\">george</emphasis>."
15771
#: serverguide/C/network-auth.xml:1926(para)
15770
#: serverguide/C/network-auth.xml:1933(para)
15772
15771
msgid "Remove a user from a group:"
15775
#: serverguide/C/network-auth.xml:1931(command)
15774
#: serverguide/C/network-auth.xml:1938(command)
15776
15775
msgid "sudo ldapdeleteuserfromgroup george qa"
15779
#: serverguide/C/network-auth.xml:1934(para)
15778
#: serverguide/C/network-auth.xml:1941(para)
15781
15780
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15782
15781
"<emphasis role=\"italic\">qa</emphasis> group."
15785
#: serverguide/C/network-auth.xml:1941(para)
15784
#: serverguide/C/network-auth.xml:1948(para)
15787
15786
"The <application>ldapmodifyuser</application> script allows you to add, "
15788
15787
"remove, or replace a user's attributes. The script uses the same syntax as "
15789
15788
"the <application>ldapmodify</application> utility. For example:"
15792
#: serverguide/C/network-auth.xml:1947(command)
15791
#: serverguide/C/network-auth.xml:1954(command)
15793
15792
msgid "sudo ldapmodifyuser george"
15796
#: serverguide/C/network-auth.xml:1948(computeroutput)
15795
#: serverguide/C/network-auth.xml:1955(computeroutput)
15799
15798
"# About to modify the following entry :\n"
15882
15881
"title: Employee\n"
15885
#: serverguide/C/network-auth.xml:2016(para)
15884
#: serverguide/C/network-auth.xml:2023(para)
15887
15886
"Notice the <emphasis><ask></emphasis> option used for the "
15888
15887
"<emphasis>sn</emphasis> attribute. This will make "
15889
15888
"<application>ldapadduser</application> prompt you for its value."
15892
#: serverguide/C/network-auth.xml:2024(para)
15891
#: serverguide/C/network-auth.xml:2031(para)
15894
15893
"There are utilities in the package that were not covered here. Here is a "
15895
15894
"complete list:"
15898
#: serverguide/C/network-auth.xml:2029(ulink)
15897
#: serverguide/C/network-auth.xml:2036(ulink)
15899
15898
msgid "ldaprenamemachine"
15902
#: serverguide/C/network-auth.xml:2030(ulink)
15901
#: serverguide/C/network-auth.xml:2037(ulink)
15903
15902
msgid "ldapadduser"
15906
#: serverguide/C/network-auth.xml:2031(ulink)
15905
#: serverguide/C/network-auth.xml:2038(ulink)
15907
15906
msgid "ldapdeleteuserfromgroup"
15910
#: serverguide/C/network-auth.xml:2032(ulink)
15909
#: serverguide/C/network-auth.xml:2039(ulink)
15911
15910
msgid "ldapfinger"
15914
#: serverguide/C/network-auth.xml:2033(ulink)
15913
#: serverguide/C/network-auth.xml:2040(ulink)
15915
15914
msgid "ldapid"
15918
#: serverguide/C/network-auth.xml:2034(ulink)
15917
#: serverguide/C/network-auth.xml:2041(ulink)
15919
15918
msgid "ldapgid"
15922
#: serverguide/C/network-auth.xml:2035(ulink)
15921
#: serverguide/C/network-auth.xml:2042(ulink)
15923
15922
msgid "ldapmodifyuser"
15926
#: serverguide/C/network-auth.xml:2036(ulink)
15925
#: serverguide/C/network-auth.xml:2043(ulink)
15927
15926
msgid "ldaprenameuser"
15930
#: serverguide/C/network-auth.xml:2037(ulink)
15929
#: serverguide/C/network-auth.xml:2044(ulink)
15931
15930
msgid "lsldap"
15934
#: serverguide/C/network-auth.xml:2038(ulink)
15933
#: serverguide/C/network-auth.xml:2045(ulink)
15935
15934
msgid "ldapaddusertogroup"
15938
#: serverguide/C/network-auth.xml:2039(ulink)
15937
#: serverguide/C/network-auth.xml:2046(ulink)
15939
15938
msgid "ldapsetpasswd"
15942
#: serverguide/C/network-auth.xml:2040(ulink)
15941
#: serverguide/C/network-auth.xml:2047(ulink)
15943
15942
msgid "ldapinit"
15946
#: serverguide/C/network-auth.xml:2041(ulink)
15945
#: serverguide/C/network-auth.xml:2048(ulink)
15947
15946
msgid "ldapaddgroup"
15950
#: serverguide/C/network-auth.xml:2042(ulink)
15949
#: serverguide/C/network-auth.xml:2049(ulink)
15951
15950
msgid "ldapdeletegroup"
15954
#: serverguide/C/network-auth.xml:2043(ulink)
15953
#: serverguide/C/network-auth.xml:2050(ulink)
15955
15954
msgid "ldapmodifygroup"
15958
#: serverguide/C/network-auth.xml:2044(ulink)
15957
#: serverguide/C/network-auth.xml:2051(ulink)
15959
15958
msgid "ldapdeletemachine"
15962
#: serverguide/C/network-auth.xml:2045(ulink)
15961
#: serverguide/C/network-auth.xml:2052(ulink)
15963
15962
msgid "ldaprenamegroup"
15966
#: serverguide/C/network-auth.xml:2046(ulink)
15965
#: serverguide/C/network-auth.xml:2053(ulink)
15967
15966
msgid "ldapaddmachine"
15970
#: serverguide/C/network-auth.xml:2047(ulink)
15969
#: serverguide/C/network-auth.xml:2054(ulink)
15971
15970
msgid "ldapmodifymachine"
15974
#: serverguide/C/network-auth.xml:2048(ulink)
15973
#: serverguide/C/network-auth.xml:2055(ulink)
15975
15974
msgid "ldapsetprimarygroup"
15978
#: serverguide/C/network-auth.xml:2049(ulink)
15977
#: serverguide/C/network-auth.xml:2056(ulink)
15979
15978
msgid "ldapdeleteuser"
15982
#: serverguide/C/network-auth.xml:2055(title)
15981
#: serverguide/C/network-auth.xml:2062(title)
15983
15982
msgid "Backup and Restore"
15986
#: serverguide/C/network-auth.xml:2057(para)
15985
#: serverguide/C/network-auth.xml:2064(para)
15988
15987
"Now we have ldap running just the way we want, it is time to ensure we can "
15989
15988
"save all of our work and restore it as needed."
15992
#: serverguide/C/network-auth.xml:2062(para)
15991
#: serverguide/C/network-auth.xml:2069(para)
15994
15993
"What we need is a way to backup the ldap database(s), specifically the "
15995
15994
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
16040
16039
"45 22 * * * root /usr/local/bin/ldapbackup\n"
16043
#: serverguide/C/network-auth.xml:2109(para)
16042
#: serverguide/C/network-auth.xml:2116(para)
16044
16043
msgid "Now the files are created, they should be copied to a backup server."
16047
#: serverguide/C/network-auth.xml:2114(para)
16046
#: serverguide/C/network-auth.xml:2121(para)
16049
16048
"Assuming we did a fresh reinstall of ldap, the restore process could be "
16050
16049
"something like this:"
16053
#: serverguide/C/network-auth.xml:2120(command)
16052
#: serverguide/C/network-auth.xml:2127(command)
16054
16053
msgid "sudo service slapd stop"
16057
#: serverguide/C/network-auth.xml:2121(command)
16056
#: serverguide/C/network-auth.xml:2128(command)
16058
16057
msgid "sudo mkdir /var/lib/ldap/accesslog"
16061
#: serverguide/C/network-auth.xml:2122(command)
16060
#: serverguide/C/network-auth.xml:2129(command)
16062
16061
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
16065
#: serverguide/C/network-auth.xml:2123(command)
16064
#: serverguide/C/network-auth.xml:2130(command)
16067
16066
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
16070
#: serverguide/C/network-auth.xml:2124(command)
16069
#: serverguide/C/network-auth.xml:2131(command)
16071
16070
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
16074
#: serverguide/C/network-auth.xml:2125(command)
16073
#: serverguide/C/network-auth.xml:2132(command)
16075
16074
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
16078
#: serverguide/C/network-auth.xml:2126(command)
16077
#: serverguide/C/network-auth.xml:2133(command)
16079
16078
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
16082
#: serverguide/C/network-auth.xml:2127(command)
16081
#: serverguide/C/network-auth.xml:2134(command)
16083
16082
msgid "sudo service slapd start"
16086
#: serverguide/C/network-auth.xml:2138(para)
16085
#: serverguide/C/network-auth.xml:2145(para)
16088
16087
"The primary resource is the upstream documentation: <ulink "
16089
16088
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
16092
#: serverguide/C/network-auth.xml:2144(para)
16091
#: serverguide/C/network-auth.xml:2151(para)
16094
16093
"There are many man pages that come with the slapd package. Here are some "
16095
16094
"important ones, especially considering the material presented in this guide:"
16098
#: serverguide/C/network-auth.xml:2150(ulink)
16097
#: serverguide/C/network-auth.xml:2157(ulink)
16099
16098
msgid "slapd"
16102
#: serverguide/C/network-auth.xml:2151(ulink)
16101
#: serverguide/C/network-auth.xml:2158(ulink)
16103
16102
msgid "slapd-config"
16106
#: serverguide/C/network-auth.xml:2152(ulink)
16105
#: serverguide/C/network-auth.xml:2159(ulink)
16107
16106
msgid "slapd.access"
16110
#: serverguide/C/network-auth.xml:2153(ulink)
16109
#: serverguide/C/network-auth.xml:2160(ulink)
16111
16110
msgid "slapo-syncprov"
16114
#: serverguide/C/network-auth.xml:2159(para)
16113
#: serverguide/C/network-auth.xml:2166(para)
16115
16114
msgid "Other man pages:"
16118
#: serverguide/C/network-auth.xml:2164(ulink)
16117
#: serverguide/C/network-auth.xml:2171(ulink)
16119
16118
msgid "auth-client-config"
16122
#: serverguide/C/network-auth.xml:2165(ulink)
16121
#: serverguide/C/network-auth.xml:2172(ulink)
16123
16122
msgid "pam-auth-update"
16126
#: serverguide/C/network-auth.xml:2171(para)
16125
#: serverguide/C/network-auth.xml:2178(para)
16128
16127
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
16129
16128
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
16132
#: serverguide/C/network-auth.xml:2177(para)
16131
#: serverguide/C/network-auth.xml:2184(para)
16134
16133
"A Ubuntu community <ulink "
16135
16134
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16136
16135
"wiki</ulink> page has a collection of notes"
16139
#: serverguide/C/network-auth.xml:2183(para)
16138
#: serverguide/C/network-auth.xml:2190(para)
16141
16140
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16142
16141
"Administration</ulink> (textbook; 2003)"
16145
#: serverguide/C/network-auth.xml:2189(para)
16144
#: serverguide/C/network-auth.xml:2196(para)
16147
16146
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16148
16147
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
16151
#: serverguide/C/network-auth.xml:2200(title)
16150
#: serverguide/C/network-auth.xml:2207(title)
16152
16151
msgid "Samba and LDAP"
16155
#: serverguide/C/network-auth.xml:2202(para)
16154
#: serverguide/C/network-auth.xml:2209(para)
16157
16156
"This section covers the integration of Samba with LDAP. The Samba server's "
16158
16157
"role will be that of a \"standalone\" server and the LDAP directory will "
16184
16183
"install it."
16187
#: serverguide/C/network-auth.xml:2223(para)
16186
#: serverguide/C/network-auth.xml:2230(para)
16188
16187
msgid "Install these packages now:"
16191
#: serverguide/C/network-auth.xml:2228(command)
16190
#: serverguide/C/network-auth.xml:2235(command)
16192
16191
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16195
#: serverguide/C/network-auth.xml:2234(title)
16194
#: serverguide/C/network-auth.xml:2241(title)
16196
16195
msgid "LDAP Configuration"
16199
#: serverguide/C/network-auth.xml:2236(para)
16198
#: serverguide/C/network-auth.xml:2243(para)
16201
16200
"We will now configure the LDAP server so that it can accomodate Samba data. "
16202
16201
"We will perform three tasks in this section:"
16205
#: serverguide/C/network-auth.xml:2243(para)
16204
#: serverguide/C/network-auth.xml:2250(para)
16206
16205
msgid "Import a schema"
16209
#: serverguide/C/network-auth.xml:2247(para)
16208
#: serverguide/C/network-auth.xml:2254(para)
16210
16209
msgid "Index some entries"
16213
#: serverguide/C/network-auth.xml:2251(para)
16212
#: serverguide/C/network-auth.xml:2258(para)
16214
16213
msgid "Add objects"
16217
#: serverguide/C/network-auth.xml:2257(title)
16216
#: serverguide/C/network-auth.xml:2264(title)
16218
16217
msgid "Samba schema"
16221
#: serverguide/C/network-auth.xml:2259(para)
16220
#: serverguide/C/network-auth.xml:2266(para)
16223
16222
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16224
16223
"will need to use attributes that can properly describe Samba data. Such "
16229
#: serverguide/C/network-auth.xml:2265(para)
16228
#: serverguide/C/network-auth.xml:2272(para)
16231
16230
"For more information on schemas and their installation see <xref "
16232
16231
"linkend=\"openldap-configuration\"/>."
16235
#: serverguide/C/network-auth.xml:2273(para)
16234
#: serverguide/C/network-auth.xml:2280(para)
16237
16236
"The schema is found in the now-installed <application>samba-"
16238
16237
"doc</application> package. It needs to be unzipped and copied to the "
16239
16238
"<filename>/etc/ldap/schema</filename> directory:"
16242
#: serverguide/C/network-auth.xml:2279(command)
16241
#: serverguide/C/network-auth.xml:2286(command)
16244
16243
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16245
16244
"/etc/ldap/schema"
16248
#: serverguide/C/network-auth.xml:2280(command)
16247
#: serverguide/C/network-auth.xml:2287(command)
16249
16248
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16252
#: serverguide/C/network-auth.xml:2286(para)
16251
#: serverguide/C/network-auth.xml:2293(para)
16254
16253
"Have the configuration file <filename>schema_convert.conf</filename> that "
16255
16254
"contains the following lines:"
16258
#: serverguide/C/network-auth.xml:2290(programlisting)
16257
#: serverguide/C/network-auth.xml:2297(programlisting)
16276
16275
"include /etc/ldap/schema/samba.schema\n"
16279
#: serverguide/C/network-auth.xml:2311(para)
16278
#: serverguide/C/network-auth.xml:2318(para)
16280
16279
msgid "Have the directory <filename>ldif_output</filename> hold output."
16283
#: serverguide/C/network-auth.xml:2322(command)
16282
#: serverguide/C/network-auth.xml:2329(command)
16285
16284
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16288
#: serverguide/C/network-auth.xml:2323(computeroutput)
16287
#: serverguide/C/network-auth.xml:2330(computeroutput)
16292
16291
"dn: cn={14}samba,cn=schema,cn=config\n"
16295
#: serverguide/C/network-auth.xml:2331(para)
16294
#: serverguide/C/network-auth.xml:2338(para)
16296
16295
msgid "Convert the schema to LDIF format:"
16299
#: serverguide/C/network-auth.xml:2336(command)
16298
#: serverguide/C/network-auth.xml:2343(command)
16301
16300
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16302
16301
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16305
#: serverguide/C/network-auth.xml:2343(para)
16304
#: serverguide/C/network-auth.xml:2350(para)
16307
16306
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16308
16307
"information to arrive at:"
16311
#: serverguide/C/network-auth.xml:2347(programlisting)
16310
#: serverguide/C/network-auth.xml:2354(programlisting)
16334
16333
"modifyTimestamp: 20080827045234Z\n"
16337
#: serverguide/C/network-auth.xml:2373(para)
16336
#: serverguide/C/network-auth.xml:2380(para)
16338
16337
msgid "Add the new schema:"
16341
#: serverguide/C/network-auth.xml:2378(command)
16340
#: serverguide/C/network-auth.xml:2385(command)
16342
16341
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16345
#: serverguide/C/network-auth.xml:2381(para)
16344
#: serverguide/C/network-auth.xml:2388(para)
16346
16345
msgid "To query and view this new schema:"
16349
#: serverguide/C/network-auth.xml:2386(command)
16348
#: serverguide/C/network-auth.xml:2393(command)
16351
16350
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16352
16351
"'cn=*samba*'"
16355
#: serverguide/C/network-auth.xml:2396(title)
16354
#: serverguide/C/network-auth.xml:2403(title)
16356
16355
msgid "Samba indices"
16359
#: serverguide/C/network-auth.xml:2398(para)
16358
#: serverguide/C/network-auth.xml:2405(para)
16361
16360
"Now that slapd knows about the Samba attributes, we can set up some indices "
16362
16361
"based on them. Indexing entries is a way to improve performance when a "
16363
16362
"client performs a filtered search on the DIT."
16366
#: serverguide/C/network-auth.xml:2403(para)
16365
#: serverguide/C/network-auth.xml:2410(para)
16368
16367
"Create the file <filename>samba_indices.ldif</filename> with the following "
16372
#: serverguide/C/network-auth.xml:2407(programlisting)
16371
#: serverguide/C/network-auth.xml:2414(programlisting)
16390
16389
"olcDbIndex: default sub\n"
16393
#: serverguide/C/network-auth.xml:2425(para)
16392
#: serverguide/C/network-auth.xml:2432(para)
16395
16394
"Using the <application>ldapmodify</application> utility load the new indices:"
16398
#: serverguide/C/network-auth.xml:2430(command)
16397
#: serverguide/C/network-auth.xml:2437(command)
16399
16398
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16402
#: serverguide/C/network-auth.xml:2433(para)
16401
#: serverguide/C/network-auth.xml:2440(para)
16404
16403
"If all went well you should see the new indices using "
16405
16404
"<application>ldapsearch</application>:"
16408
#: serverguide/C/network-auth.xml:2438(command)
16407
#: serverguide/C/network-auth.xml:2445(command)
16410
16409
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16411
16410
"olcDatabase={1}hdb olcDbIndex"
16414
#: serverguide/C/network-auth.xml:2445(title)
16413
#: serverguide/C/network-auth.xml:2452(title)
16415
16414
msgid "Adding Samba LDAP objects"
16418
#: serverguide/C/network-auth.xml:2452(para)
16417
#: serverguide/C/network-auth.xml:2454(para)
16420
16419
"Next, configure the <application>smbldap-tools</application> package to "
16421
16420
"match your environment. The package is supposed to come with a configuration "
16426
16425
"smbldap-tools')."
16429
#: serverguide/C/network-auth.xml:2459(para)
16428
#: serverguide/C/network-auth.xml:2461(para)
16431
16430
"To manually configure the package, you need to create and edit the files "
16432
16431
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16433
16432
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16436
#: serverguide/C/network-auth.xml:2464(para)
16435
#: serverguide/C/network-auth.xml:2466(para)
16438
16437
"The <application>smbldap-populate</application> script will then add the "
16439
16438
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16440
16439
"your DIT using <application>slapcat</application>:"
16443
#: serverguide/C/network-auth.xml:2473(command)
16442
#: serverguide/C/network-auth.xml:2472(command)
16444
16443
msgid "sudo slapcat -l backup.ldif"
16447
#: serverguide/C/network-auth.xml:2476(para)
16446
#: serverguide/C/network-auth.xml:2475(para)
16448
16447
msgid "Once you have a backup proceed to populate your directory:"
16451
#: serverguide/C/network-auth.xml:2481(command)
16450
#: serverguide/C/network-auth.xml:2480(command)
16452
16451
msgid "sudo smbldap-populate"
16455
#: serverguide/C/network-auth.xml:2484(para)
16454
#: serverguide/C/network-auth.xml:2483(para)
16457
16456
"You can create a LDIF file containing the new Samba objects by executing "
16458
16457
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16528
16527
"<application>libnss-ldap</application>):"
16531
#: serverguide/C/network-auth.xml:2553(command)
16530
#: serverguide/C/network-auth.xml:2552(command)
16532
16531
msgid "sudo smbpasswd -a username"
16535
#: serverguide/C/network-auth.xml:2556(para)
16534
#: serverguide/C/network-auth.xml:2555(para)
16537
16536
"You will prompted to enter a password. It will be considered as the new "
16538
16537
"password for that user. Making it the same as before is reasonable."
16541
#: serverguide/C/network-auth.xml:2560(para)
16540
#: serverguide/C/network-auth.xml:2559(para)
16543
16542
"To manage user, group, and machine accounts use the utilities provided by "
16544
16543
"the <application>smbldap-tools</application> package. Here are some examples:"
16547
#: serverguide/C/network-auth.xml:2568(para)
16546
#: serverguide/C/network-auth.xml:2567(para)
16548
16547
msgid "To add a new user:"
16551
#: serverguide/C/network-auth.xml:2573(command)
16550
#: serverguide/C/network-auth.xml:2572(command)
16552
16551
msgid "sudo smbldap-useradd -a -P username"
16555
#: serverguide/C/network-auth.xml:2576(para)
16554
#: serverguide/C/network-auth.xml:2575(para)
16557
16556
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16558
16557
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16560
16559
"a password for the user."
16563
#: serverguide/C/network-auth.xml:2583(para)
16562
#: serverguide/C/network-auth.xml:2582(para)
16564
16563
msgid "To remove a user:"
16567
#: serverguide/C/network-auth.xml:2588(command)
16566
#: serverguide/C/network-auth.xml:2587(command)
16568
16567
msgid "sudo smbldap-userdel username"
16571
#: serverguide/C/network-auth.xml:2591(para)
16570
#: serverguide/C/network-auth.xml:2590(para)
16573
16572
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16574
16573
"user's home directory."
16577
#: serverguide/C/network-auth.xml:2597(para)
16576
#: serverguide/C/network-auth.xml:2596(para)
16578
16577
msgid "To add a group:"
16581
#: serverguide/C/network-auth.xml:2602(command)
16580
#: serverguide/C/network-auth.xml:2601(command)
16582
16581
msgid "sudo smbldap-groupadd -a groupname"
16585
#: serverguide/C/network-auth.xml:2605(para)
16584
#: serverguide/C/network-auth.xml:2604(para)
16587
16586
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16588
16587
"a</emphasis> adds the Samba attributes."
16591
#: serverguide/C/network-auth.xml:2611(para)
16590
#: serverguide/C/network-auth.xml:2610(para)
16592
16591
msgid "To make an existing user a member of a group:"
16595
#: serverguide/C/network-auth.xml:2616(command)
16594
#: serverguide/C/network-auth.xml:2615(command)
16596
16595
msgid "sudo smbldap-groupmod -m username groupname"
16599
#: serverguide/C/network-auth.xml:2619(para)
16598
#: serverguide/C/network-auth.xml:2618(para)
16601
16600
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16602
16601
"listing them in comma-separated format."
16605
#: serverguide/C/network-auth.xml:2625(para)
16604
#: serverguide/C/network-auth.xml:2624(para)
16606
16605
msgid "To remove a user from a group:"
16609
#: serverguide/C/network-auth.xml:2630(command)
16608
#: serverguide/C/network-auth.xml:2629(command)
16610
16609
msgid "sudo smbldap-groupmod -x username groupname"
16613
#: serverguide/C/network-auth.xml:2636(para)
16612
#: serverguide/C/network-auth.xml:2635(para)
16614
16613
msgid "To add a Samba machine account:"
16617
#: serverguide/C/network-auth.xml:2641(command)
16616
#: serverguide/C/network-auth.xml:2640(command)
16618
16617
msgid "sudo smbldap-useradd -t 0 -w username"
16621
#: serverguide/C/network-auth.xml:2644(para)
16620
#: serverguide/C/network-auth.xml:2643(para)
16623
16622
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16624
16623
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16628
16627
"<application>smbldap-useradd</application>."
16631
#: serverguide/C/network-auth.xml:2653(para)
16630
#: serverguide/C/network-auth.xml:2652(para)
16633
16632
"There are utilities in the <application>smbldap-tools</application> package "
16634
16633
"that were not covered here. Here is a complete list:"
16636
#: serverguide/C/network-auth.xml:2657(ulink)
16637
msgid "smbldap-groupadd"
16637
16640
#: serverguide/C/network-auth.xml:2658(ulink)
16638
msgid "smbldap-groupadd"
16641
msgid "smbldap-groupdel"
16641
16644
#: serverguide/C/network-auth.xml:2659(ulink)
16642
msgid "smbldap-groupdel"
16645
msgid "smbldap-groupmod"
16645
16648
#: serverguide/C/network-auth.xml:2660(ulink)
16646
msgid "smbldap-groupmod"
16649
msgid "smbldap-groupshow"
16649
16652
#: serverguide/C/network-auth.xml:2661(ulink)
16650
msgid "smbldap-groupshow"
16653
msgid "smbldap-passwd"
16653
16656
#: serverguide/C/network-auth.xml:2662(ulink)
16654
msgid "smbldap-passwd"
16657
msgid "smbldap-populate"
16657
16660
#: serverguide/C/network-auth.xml:2663(ulink)
16658
msgid "smbldap-populate"
16661
msgid "smbldap-useradd"
16661
16664
#: serverguide/C/network-auth.xml:2664(ulink)
16662
msgid "smbldap-useradd"
16665
msgid "smbldap-userdel"
16665
16668
#: serverguide/C/network-auth.xml:2665(ulink)
16666
msgid "smbldap-userdel"
16669
msgid "smbldap-userinfo"
16669
16672
#: serverguide/C/network-auth.xml:2666(ulink)
16670
msgid "smbldap-userinfo"
16673
msgid "smbldap-userlist"
16673
16676
#: serverguide/C/network-auth.xml:2667(ulink)
16674
msgid "smbldap-userlist"
16677
msgid "smbldap-usermod"
16677
16680
#: serverguide/C/network-auth.xml:2668(ulink)
16678
msgid "smbldap-usermod"
16681
#: serverguide/C/network-auth.xml:2669(ulink)
16682
16681
msgid "smbldap-usershow"
16685
#: serverguide/C/network-auth.xml:2677(para)
16684
#: serverguide/C/network-auth.xml:2679(para)
16687
16686
"For more information on installing and configuring Samba see <xref "
16688
16687
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16691
#: serverguide/C/network-auth.xml:2686(para)
16690
#: serverguide/C/network-auth.xml:2685(para)
16693
16692
"There are multiple places where LDAP and Samba is documented in the upstream "
16694
16693
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16695
16694
"HOWTO Collection</ulink>."
16698
#: serverguide/C/network-auth.xml:2693(para)
16697
#: serverguide/C/network-auth.xml:2692(para)
16700
16699
"Regarding the above, see specifically the <ulink "
16701
16700
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16702
16701
"Collection/passdb.html\">passdb section</ulink>."
16705
#: serverguide/C/network-auth.xml:2699(para)
16704
#: serverguide/C/network-auth.xml:2698(para)
16707
16706
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16708
16707
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16709
16708
"valuable notes."
16712
#: serverguide/C/network-auth.xml:2705(para)
16711
#: serverguide/C/network-auth.xml:2704(para)
16714
16713
"The main page of the <ulink "
16715
16714
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16730
16729
"network environment one step closer to being Single Sign On (SSO)."
16733
#: serverguide/C/network-auth.xml:2726(para)
16732
#: serverguide/C/network-auth.xml:2725(para)
16735
16734
"This section covers installation and configuration of a Kerberos server, and "
16736
16735
"some example client configurations."
16739
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16738
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16740
16739
msgid "Overview"
16743
#: serverguide/C/network-auth.xml:2733(para)
16742
#: serverguide/C/network-auth.xml:2732(para)
16745
16744
"If you are new to Kerberos there are a few terms that are good to understand "
16746
16745
"before setting up a Kerberos server. Most of the terms will relate to things "
16747
16746
"you may be familiar with in other environments:"
16750
#: serverguide/C/network-auth.xml:2740(para)
16749
#: serverguide/C/network-auth.xml:2739(para)
16752
16751
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16753
16752
"by servers need to be defined as Kerberos Principals."
16756
#: serverguide/C/network-auth.xml:2745(para)
16755
#: serverguide/C/network-auth.xml:2744(para)
16758
16757
"<emphasis>Instances:</emphasis> are used for service principals and special "
16759
16758
"administrative principals."
16762
#: serverguide/C/network-auth.xml:2750(para)
16761
#: serverguide/C/network-auth.xml:2749(para)
16764
16763
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16765
16764
"Kerberos installation. Think of it as the domain or group your hosts and "
16814
16813
"entering another username and password."
16817
#: serverguide/C/network-auth.xml:2798(title)
16816
#: serverguide/C/network-auth.xml:2797(title)
16818
16817
msgid "Kerberos Server"
16821
#: serverguide/C/network-auth.xml:2802(para)
16820
#: serverguide/C/network-auth.xml:2801(para)
16823
16822
"For this discussion, we will create a MIT Kerberos domain with the following "
16824
16823
"features (edit them to fit your needs):"
16827
#: serverguide/C/network-auth.xml:2809(para)
16826
#: serverguide/C/network-auth.xml:2808(para)
16828
16827
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16831
#: serverguide/C/network-auth.xml:2814(para)
16830
#: serverguide/C/network-auth.xml:2813(para)
16832
16831
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16835
#: serverguide/C/network-auth.xml:2819(para)
16834
#: serverguide/C/network-auth.xml:2818(para)
16836
16835
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16839
#: serverguide/C/network-auth.xml:2824(para)
16838
#: serverguide/C/network-auth.xml:2823(para)
16840
16839
msgid "<emphasis>User principal:</emphasis> steve"
16843
#: serverguide/C/network-auth.xml:2829(para)
16842
#: serverguide/C/network-auth.xml:2828(para)
16844
16843
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16847
#: serverguide/C/network-auth.xml:2836(para)
16846
#: serverguide/C/network-auth.xml:2835(para)
16849
16848
"It is <emphasis>strongly</emphasis> recommended that your network-"
16850
16849
"authenticated users have their uid in a different range (say, starting at "
16851
16850
"5000) than that of your local users."
16854
#: serverguide/C/network-auth.xml:2842(para)
16853
#: serverguide/C/network-auth.xml:2841(para)
16856
16855
"Before installing the Kerberos server a properly configured DNS server is "
16857
16856
"needed for your domain. Since the Kerberos Realm by convention matches the "
16870
16869
"setting up NTP see <xref linkend=\"NTP\"/>."
16873
#: serverguide/C/network-auth.xml:2856(para)
16872
#: serverguide/C/network-auth.xml:2855(para)
16875
16874
"The first step in creating a Kerberos Realm is to install the "
16876
16875
"<application>krb5-kdc</application> and <application>krb5-admin-"
16877
16876
"server</application> packages. From a terminal enter:"
16880
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16879
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16881
16880
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16884
#: serverguide/C/network-auth.xml:2865(para)
16883
#: serverguide/C/network-auth.xml:2864(para)
16886
16885
"You will be asked at the end of the install to supply the hostname for the "
16887
16886
"Kerberos and Admin servers, which may or may not be the same server, for the "
16891
#: serverguide/C/network-auth.xml:2872(para)
16890
#: serverguide/C/network-auth.xml:2871(para)
16892
16891
msgid "By default the realm is created from the KDC's domain name."
16895
#: serverguide/C/network-auth.xml:2877(para)
16894
#: serverguide/C/network-auth.xml:2876(para)
16897
16896
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16901
#: serverguide/C/network-auth.xml:2882(command)
16900
#: serverguide/C/network-auth.xml:2881(command)
16902
16901
msgid "sudo krb5_newrealm"
16905
#: serverguide/C/network-auth.xml:2889(para)
16904
#: serverguide/C/network-auth.xml:2888(para)
16907
16906
"The questions asked during installation are used to configure the "
16908
16907
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16997
16996
"<emphasis>kadm5.acl</emphasis> man page for details."
17000
#: serverguide/C/network-auth.xml:2959(para)
16999
#: serverguide/C/network-auth.xml:2958(para)
17002
17001
"Now restart the <application>krb5-admin-server</application> for the new ACL "
17003
17002
"to take affect:"
17006
#: serverguide/C/network-auth.xml:2961(command)
17005
#: serverguide/C/network-auth.xml:2963(command)
17007
17006
msgid "sudo service krb5-admin-server restart"
17010
#: serverguide/C/network-auth.xml:2970(para)
17009
#: serverguide/C/network-auth.xml:2969(para)
17012
17011
"The new user principal can be tested using the <application>kinit "
17013
17012
"utility</application>:"
17016
#: serverguide/C/network-auth.xml:2975(command)
17015
#: serverguide/C/network-auth.xml:2974(command)
17017
17016
msgid "kinit steve/admin"
17020
#: serverguide/C/network-auth.xml:2976(computeroutput)
17019
#: serverguide/C/network-auth.xml:2975(computeroutput)
17022
17021
msgid "steve/admin@EXAMPLE.COM's Password:"
17025
#: serverguide/C/network-auth.xml:2979(para)
17024
#: serverguide/C/network-auth.xml:2978(para)
17027
17026
"After entering the password, use the <application>klist</application> "
17028
17027
"utility to view information about the Ticket Granting Ticket (TGT):"
17031
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
17030
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
17032
17031
msgid "klist"
17035
#: serverguide/C/network-auth.xml:2986(computeroutput)
17034
#: serverguide/C/network-auth.xml:2985(computeroutput)
17038
17037
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
17113
17112
"of those networks."
17116
#: serverguide/C/network-auth.xml:3064(para)
17115
#: serverguide/C/network-auth.xml:3063(para)
17118
17117
"First, install the packages, and when asked for the Kerberos and Admin "
17119
17118
"server names enter the name of the Primary KDC:"
17122
#: serverguide/C/network-auth.xml:3075(para)
17121
#: serverguide/C/network-auth.xml:3074(para)
17124
17123
"Once you have the packages installed, create the Secondary KDC's host "
17125
17124
"principal. From a terminal prompt, enter:"
17128
#: serverguide/C/network-auth.xml:3080(command)
17127
#: serverguide/C/network-auth.xml:3079(command)
17129
17128
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
17132
#: serverguide/C/network-auth.xml:3084(para)
17131
#: serverguide/C/network-auth.xml:3083(para)
17134
17133
"After, issuing any <application>kadmin</application> commands you will be "
17135
17134
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
17139
#: serverguide/C/network-auth.xml:3093(para)
17138
#: serverguide/C/network-auth.xml:3092(para)
17140
17139
msgid "Extract the <emphasis>keytab</emphasis> file:"
17143
#: serverguide/C/network-auth.xml:3098(command)
17142
#: serverguide/C/network-auth.xml:3097(command)
17144
17143
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
17147
#: serverguide/C/network-auth.xml:3104(para)
17146
#: serverguide/C/network-auth.xml:3103(para)
17149
17148
"There should now be a <filename>keytab.kdc02</filename> in the current "
17150
17149
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17153
#: serverguide/C/network-auth.xml:3110(command)
17152
#: serverguide/C/network-auth.xml:3109(command)
17154
17153
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17157
#: serverguide/C/network-auth.xml:3114(para)
17156
#: serverguide/C/network-auth.xml:3113(para)
17159
17158
"If the path to the <filename>keytab.kdc02</filename> file is different "
17160
17159
"adjust accordingly."
17163
#: serverguide/C/network-auth.xml:3119(para)
17162
#: serverguide/C/network-auth.xml:3118(para)
17165
17164
"Also, you can list the principals in a Keytab file, which can be useful when "
17166
17165
"troubleshooting, using the <application>klist</application> utility:"
17169
#: serverguide/C/network-auth.xml:3125(command)
17168
#: serverguide/C/network-auth.xml:3124(command)
17170
17169
msgid "sudo klist -k /etc/krb5.keytab"
17173
#: serverguide/C/network-auth.xml:3128(para)
17172
#: serverguide/C/network-auth.xml:3127(para)
17175
17174
"The <application>-k</application> option indicates the file is a keytab file."
17178
#: serverguide/C/network-auth.xml:3135(para)
17177
#: serverguide/C/network-auth.xml:3134(para)
17180
17179
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17181
17180
"that lists all KDCs for the Realm. For example, on both primary and "
17182
17181
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17185
#: serverguide/C/network-auth.xml:3140(programlisting)
17184
#: serverguide/C/network-auth.xml:3139(programlisting)
17190
17189
"host/kdc02.example.com@EXAMPLE.COM\n"
17193
#: serverguide/C/network-auth.xml:3148(para)
17192
#: serverguide/C/network-auth.xml:3147(para)
17194
17193
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17197
#: serverguide/C/network-auth.xml:3153(command)
17196
#: serverguide/C/network-auth.xml:3152(command)
17198
17197
msgid "sudo kdb5_util -s create"
17201
#: serverguide/C/network-auth.xml:3159(para)
17200
#: serverguide/C/network-auth.xml:3158(para)
17203
17202
"Now start the <application>kpropd</application> daemon, which listens for "
17204
17203
"connections from the <application>kprop</application> utility. "
17205
17204
"<application>kprop</application> is used to transfer dump files:"
17208
#: serverguide/C/network-auth.xml:3166(command)
17207
#: serverguide/C/network-auth.xml:3165(command)
17209
17208
msgid "sudo kpropd -S"
17212
#: serverguide/C/network-auth.xml:3172(para)
17211
#: serverguide/C/network-auth.xml:3171(para)
17214
17213
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17215
17214
"of the principal database:"
17218
#: serverguide/C/network-auth.xml:3177(command)
17217
#: serverguide/C/network-auth.xml:3176(command)
17219
17218
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17222
#: serverguide/C/network-auth.xml:3183(para)
17221
#: serverguide/C/network-auth.xml:3182(para)
17224
17223
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17225
17224
"<filename>/etc/krb5.keytab</filename>:"
17227
#: serverguide/C/network-auth.xml:3187(command)
17228
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17228
17231
#: serverguide/C/network-auth.xml:3188(command)
17229
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17232
#: serverguide/C/network-auth.xml:3189(command)
17233
17232
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17236
#: serverguide/C/network-auth.xml:3193(para)
17235
#: serverguide/C/network-auth.xml:3192(para)
17238
17237
"Make sure there is a <emphasis>host</emphasis> for "
17239
17238
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17242
#: serverguide/C/network-auth.xml:3201(para)
17241
#: serverguide/C/network-auth.xml:3200(para)
17244
17243
"Using the <application>kprop</application> utility push the database to the "
17245
17244
"Secondary KDC:"
17248
#: serverguide/C/network-auth.xml:3206(command)
17247
#: serverguide/C/network-auth.xml:3205(command)
17249
17248
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17252
#: serverguide/C/network-auth.xml:3210(para)
17251
#: serverguide/C/network-auth.xml:3209(para)
17254
17253
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17255
17254
"worked. If there is an error message check "
17394
17393
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17397
#: serverguide/C/network-auth.xml:3341(para)
17396
#: serverguide/C/network-auth.xml:3340(para)
17399
17398
"This will avoid being asked for the (non-existent) Kerberos password of a "
17400
17399
"locally authenticated user when changing its password using "
17401
17400
"<command>passwd</command>."
17404
#: serverguide/C/network-auth.xml:3348(para)
17403
#: serverguide/C/network-auth.xml:3347(para)
17406
17405
"You can test the configuration by requesting a ticket using the "
17407
17406
"<application>kinit</application> utility. For example:"
17410
#: serverguide/C/network-auth.xml:3353(command)
17409
#: serverguide/C/network-auth.xml:3352(command)
17411
17410
msgid "kinit steve@EXAMPLE.COM"
17414
#: serverguide/C/network-auth.xml:3354(computeroutput)
17413
#: serverguide/C/network-auth.xml:3353(computeroutput)
17416
17415
msgid "Password for steve@EXAMPLE.COM:"
17419
#: serverguide/C/network-auth.xml:3357(para)
17418
#: serverguide/C/network-auth.xml:3356(para)
17421
17420
"When a ticket has been granted, the details can be viewed using "
17422
17421
"<application>klist</application>:"
17425
#: serverguide/C/network-auth.xml:3363(computeroutput)
17424
#: serverguide/C/network-auth.xml:3362(computeroutput)
17428
17427
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17437
17436
"klist: You have no tickets cached"
17440
#: serverguide/C/network-auth.xml:3375(para)
17439
#: serverguide/C/network-auth.xml:3374(para)
17442
17441
"Next, use the <application>auth-client-config</application> to configure the "
17443
17442
"<application>libpam-krb5</application> module to request a ticket during "
17447
#: serverguide/C/network-auth.xml:3381(command)
17446
#: serverguide/C/network-auth.xml:3380(command)
17448
17447
msgid "sudo auth-client-config -a -p kerberos_example"
17451
#: serverguide/C/network-auth.xml:3384(para)
17450
#: serverguide/C/network-auth.xml:3383(para)
17453
17452
"You will should now receive a ticket upon successful login authentication."
17456
#: serverguide/C/network-auth.xml:3395(para)
17455
#: serverguide/C/network-auth.xml:3394(para)
17458
17457
"For more information on MIT's version of Kerberos, see the <ulink "
17459
17458
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17462
#: serverguide/C/network-auth.xml:3400(para)
17461
#: serverguide/C/network-auth.xml:3399(para)
17464
17463
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17465
17464
"Kerberos</ulink> page has more details."
17468
#: serverguide/C/network-auth.xml:3405(para)
17467
#: serverguide/C/network-auth.xml:3404(para)
17470
17469
"O'Reilly's <ulink "
17471
17470
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17472
17471
"Guide</ulink> is a great reference when setting up Kerberos."
17475
#: serverguide/C/network-auth.xml:3411(para)
17474
#: serverguide/C/network-auth.xml:3410(para)
17477
17476
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17478
17477
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17479
17478
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17482
#: serverguide/C/network-auth.xml:3423(title)
17481
#: serverguide/C/network-auth.xml:3422(title)
17483
17482
msgid "Kerberos and LDAP"
17486
#: serverguide/C/network-auth.xml:3425(para)
17485
#: serverguide/C/network-auth.xml:3424(para)
17488
17487
"Most people will not use Kerberos by itself; once an user is authenticated "
17489
17488
"(Kerberos), we need to figure out what this user can do (authorization). And "
17490
17489
"that would be the job of programs such as <application>LDAP</application>."
17493
#: serverguide/C/network-auth.xml:3432(para)
17492
#: serverguide/C/network-auth.xml:3431(para)
17495
17494
"Replicating a Kerberos principal database between two servers can be "
17496
17495
"complicated, and adds an additional user database to your network. "
17519
17518
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17522
#: serverguide/C/network-auth.xml:3456(para)
17521
#: serverguide/C/network-auth.xml:3455(para)
17524
17523
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17525
17524
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17526
17525
"linkend=\"openldap-tls\"/> for details."
17529
#: serverguide/C/network-auth.xml:3462(para)
17528
#: serverguide/C/network-auth.xml:3461(para)
17531
17530
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17532
17531
"edit the ldap database. Many times it is the RootDN. Change its value to "
17533
17532
"reflect your setup."
17536
#: serverguide/C/network-auth.xml:3471(para)
17535
#: serverguide/C/network-auth.xml:3470(para)
17538
17537
"To load the schema into LDAP, on the LDAP server install the "
17539
17538
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17542
#: serverguide/C/network-auth.xml:3477(command)
17541
#: serverguide/C/network-auth.xml:3476(command)
17543
17542
msgid "sudo apt-get install krb5-kdc-ldap"
17546
#: serverguide/C/network-auth.xml:3482(para)
17545
#: serverguide/C/network-auth.xml:3481(para)
17547
17546
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17549
#: serverguide/C/network-auth.xml:3486(command)
17550
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17550
17553
#: serverguide/C/network-auth.xml:3487(command)
17551
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17554
#: serverguide/C/network-auth.xml:3488(command)
17556
17555
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17559
#: serverguide/C/network-auth.xml:3494(para)
17558
#: serverguide/C/network-auth.xml:3493(para)
17561
17560
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17562
17561
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17590
17589
"include /etc/ldap/schema/kerberos.schema\n"
17593
#: serverguide/C/network-auth.xml:3527(para)
17592
#: serverguide/C/network-auth.xml:3526(para)
17594
17593
msgid "Create a temporary directory to hold the LDIF files:"
17597
#: serverguide/C/network-auth.xml:3531(command)
17596
#: serverguide/C/network-auth.xml:3530(command)
17598
17597
msgid "mkdir /tmp/ldif_output"
17601
#: serverguide/C/network-auth.xml:3537(para)
17600
#: serverguide/C/network-auth.xml:3536(para)
17603
17602
"Now use <application>slapcat</application> to convert the schema files:"
17606
#: serverguide/C/network-auth.xml:3542(command)
17605
#: serverguide/C/network-auth.xml:3541(command)
17608
17607
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17609
17608
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17612
#: serverguide/C/network-auth.xml:3546(para)
17611
#: serverguide/C/network-auth.xml:3545(para)
17614
17613
"Change the above file and path names to match your own if they are different."
17617
#: serverguide/C/network-auth.xml:3553(para)
17616
#: serverguide/C/network-auth.xml:3552(para)
17619
17618
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17620
17619
"changing the following attributes:"
17623
#: serverguide/C/network-auth.xml:3557(programlisting)
17622
#: serverguide/C/network-auth.xml:3556(programlisting)
17646
17645
"modifyTimestamp: 20090111203515Z\n"
17649
#: serverguide/C/network-auth.xml:3577(para)
17648
#: serverguide/C/network-auth.xml:3576(para)
17651
17650
"The attribute values will vary, just be sure the attributes are removed."
17654
#: serverguide/C/network-auth.xml:3584(para)
17653
#: serverguide/C/network-auth.xml:3583(para)
17655
17654
msgid "Load the new schema with <application>ldapadd</application>:"
17658
#: serverguide/C/network-auth.xml:3589(command)
17657
#: serverguide/C/network-auth.xml:3588(command)
17659
17658
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17662
#: serverguide/C/network-auth.xml:3595(para)
17661
#: serverguide/C/network-auth.xml:3594(para)
17664
17663
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17667
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17666
#: serverguide/C/network-auth.xml:3599(command) serverguide/C/network-auth.xml:3616(command)
17668
17667
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17671
#: serverguide/C/network-auth.xml:3602(userinput)
17670
#: serverguide/C/network-auth.xml:3601(userinput)
17674
17673
"dn: olcDatabase={1}hdb,cn=config\n"
17714
17713
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17717
#: serverguide/C/network-auth.xml:3639(para)
17716
#: serverguide/C/network-auth.xml:3638(para)
17719
17718
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17723
#: serverguide/C/network-auth.xml:3645(title)
17722
#: serverguide/C/network-auth.xml:3644(title)
17724
17723
msgid "Primary KDC Configuration"
17727
#: serverguide/C/network-auth.xml:3647(para)
17726
#: serverguide/C/network-auth.xml:3646(para)
17729
17728
"With <application>OpenLDAP</application> configured it is time to configure "
17733
#: serverguide/C/network-auth.xml:3653(para)
17732
#: serverguide/C/network-auth.xml:3652(para)
17734
17733
msgid "First, install the necessary packages, from a terminal enter:"
17737
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17736
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17738
17737
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17741
#: serverguide/C/network-auth.xml:3664(para)
17740
#: serverguide/C/network-auth.xml:3663(para)
17743
17742
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17744
17743
"under the appropriate sections:"
17747
#: serverguide/C/network-auth.xml:3668(programlisting)
17746
#: serverguide/C/network-auth.xml:3667(programlisting)
17823
17822
"<filename>/etc/krb5.conf</filename>:"
17826
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17825
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17828
17827
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17829
17828
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17832
#: serverguide/C/network-auth.xml:3747(para)
17831
#: serverguide/C/network-auth.xml:3746(para)
17833
17832
msgid "Copy the CA certificate from the LDAP server:"
17835
#: serverguide/C/network-auth.xml:3751(command)
17836
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17836
17839
#: serverguide/C/network-auth.xml:3752(command)
17837
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17840
#: serverguide/C/network-auth.xml:3753(command)
17841
17840
msgid "sudo cp cacert.pem /etc/ssl/certs"
17844
#: serverguide/C/network-auth.xml:3756(para)
17843
#: serverguide/C/network-auth.xml:3755(para)
17846
17845
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17849
#: serverguide/C/network-auth.xml:3760(programlisting)
17848
#: serverguide/C/network-auth.xml:3759(programlisting)
17853
17852
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17856
#: serverguide/C/network-auth.xml:3765(para)
17855
#: serverguide/C/network-auth.xml:3764(para)
17858
17857
"The certificate will also need to be copied to the Secondary KDC, to allow "
17859
17858
"the connection to the LDAP servers using LDAPS."
17862
#: serverguide/C/network-auth.xml:3774(para)
17861
#: serverguide/C/network-auth.xml:3773(para)
17864
17863
"You can now add Kerberos principals to the LDAP database, and they will be "
17865
17864
"copied to any other LDAP servers configured for replication. To add a "
17866
17865
"principal using the <application>kadmin.local</application> utility enter:"
17869
#: serverguide/C/network-auth.xml:3782(userinput)
17868
#: serverguide/C/network-auth.xml:3781(userinput)
17871
17870
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17874
#: serverguide/C/network-auth.xml:3781(computeroutput)
17873
#: serverguide/C/network-auth.xml:3780(computeroutput)
17877
17876
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17891
17890
"utilities to test that the user is indeed issued a ticket."
17894
#: serverguide/C/network-auth.xml:3796(para)
17893
#: serverguide/C/network-auth.xml:3795(para)
17896
17895
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17897
17896
"option is needed to add the Kerberos attributes. Otherwise a new "
17898
17897
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17901
#: serverguide/C/network-auth.xml:3804(title)
17900
#: serverguide/C/network-auth.xml:3803(title)
17902
17901
msgid "Secondary KDC Configuration"
17905
#: serverguide/C/network-auth.xml:3806(para)
17904
#: serverguide/C/network-auth.xml:3805(para)
17907
17906
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17908
17907
"one using the normal Kerberos database."
17911
#: serverguide/C/network-auth.xml:3812(para)
17910
#: serverguide/C/network-auth.xml:3811(para)
17912
17911
msgid "First, install the necessary packages. In a terminal enter:"
17915
#: serverguide/C/network-auth.xml:3823(para)
17914
#: serverguide/C/network-auth.xml:3822(para)
17917
17916
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17920
#: serverguide/C/network-auth.xml:3827(programlisting)
17919
#: serverguide/C/network-auth.xml:3826(programlisting)
17981
#: serverguide/C/network-auth.xml:3892(command)
17982
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17982
17985
#: serverguide/C/network-auth.xml:3893(command)
17983
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17986
#: serverguide/C/network-auth.xml:3894(command)
17987
17986
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17990
#: serverguide/C/network-auth.xml:3898(para)
17989
#: serverguide/C/network-auth.xml:3897(para)
17992
17991
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17995
#: serverguide/C/network-auth.xml:3906(para)
17994
#: serverguide/C/network-auth.xml:3905(para)
17997
17996
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
18001
#: serverguide/C/network-auth.xml:3918(para)
18000
#: serverguide/C/network-auth.xml:3917(para)
18002
18001
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
18005
#: serverguide/C/network-auth.xml:3929(para)
18004
#: serverguide/C/network-auth.xml:3928(para)
18006
18005
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
18009
#: serverguide/C/network-auth.xml:3936(para)
18008
#: serverguide/C/network-auth.xml:3935(para)
18011
18010
"You now have redundant KDCs on your network, and with redundant LDAP servers "
18012
18011
"you should be able to continue to authenticate users if one LDAP server, one "
18013
18012
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
18016
#: serverguide/C/network-auth.xml:3948(para)
18015
#: serverguide/C/network-auth.xml:3947(para)
18018
18017
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18019
18018
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
18020
18019
"Guide</ulink> has some additional details."
18023
#: serverguide/C/network-auth.xml:3951(para)
18022
#: serverguide/C/network-auth.xml:3953(para)
18025
18024
"For more information on <application>kdb5_ldap_util</application> see <ulink "
18026
18025
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18059
18058
"requires no modifications to the AD structure."
18062
#: serverguide/C/network-auth.xml:3978(title)
18061
#: serverguide/C/network-auth.xml:3980(title)
18063
18062
msgid "Prerequisites, Assumptions, and Requirements"
18066
#: serverguide/C/network-auth.xml:3981(para)
18065
#: serverguide/C/network-auth.xml:3983(para)
18068
18067
"This guide does not explain Active Directory, how it works, how to set one "
18069
18068
"up, or how to maintain it. It may not provide “best practices” for your "
18070
18069
"environment."
18073
#: serverguide/C/network-auth.xml:3983(para)
18072
#: serverguide/C/network-auth.xml:3985(para)
18075
18074
"This guide assumes that a working Active Directory domain is already "
18076
18075
"configured."
18079
#: serverguide/C/network-auth.xml:3985(para)
18078
#: serverguide/C/network-auth.xml:3987(para)
18081
18080
"The domain controller is acting as an authoritative DNS server for the "
18085
#: serverguide/C/network-auth.xml:3987(para)
18084
#: serverguide/C/network-auth.xml:3989(para)
18087
18086
"The domain controller is the primary DNS resolver as specified in "
18088
18087
"<filename>/etc/resolv.conf</filename>."
18091
#: serverguide/C/network-auth.xml:3990(para)
18090
#: serverguide/C/network-auth.xml:3992(para)
18093
18092
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
18094
18093
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
18095
18094
"(see Resources section for external links)."
18098
#: serverguide/C/network-auth.xml:3992(para)
18097
#: serverguide/C/network-auth.xml:3994(para)
18100
18099
"System time is synchronized on the domain controller (necessary for "
18104
#: serverguide/C/network-auth.xml:3994(para)
18103
#: serverguide/C/network-auth.xml:3996(para)
18106
18105
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
18110
#: serverguide/C/network-auth.xml:3999(para)
18109
#: serverguide/C/network-auth.xml:4001(para)
18112
18111
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
18113
18112
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18263
18262
"# enumerate = true\n"
18266
#: serverguide/C/network-auth.xml:4080(para)
18265
#: serverguide/C/network-auth.xml:4082(para)
18268
18267
"After saving this file, set the ownership to root and the file permissions "
18272
#: serverguide/C/network-auth.xml:4081(command)
18271
#: serverguide/C/network-auth.xml:4083(command)
18273
18272
msgid "sudo chown root:root /etc/sssd/sssd.conf"
18276
#: serverguide/C/network-auth.xml:4082(command)
18275
#: serverguide/C/network-auth.xml:4084(command)
18277
18276
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
18280
#: serverguide/C/network-auth.xml:4084(para)
18279
#: serverguide/C/network-auth.xml:4086(para)
18282
18281
"If the ownership or permissions are not correct, sssd will refuse to start."
18285
#: serverguide/C/network-auth.xml:4088(title)
18284
#: serverguide/C/network-auth.xml:4090(title)
18286
18285
msgid "Verify nsswitch.conf Configuration"
18289
#: serverguide/C/network-auth.xml:4089(para)
18288
#: serverguide/C/network-auth.xml:4091(para)
18291
18290
"The post-install script for the sssd package makes some modifications to "
18292
18291
"/etc/nsswitch.conf automatically. It should look something like this:"
18295
#: serverguide/C/network-auth.xml:4091(programlisting)
18294
#: serverguide/C/network-auth.xml:4093(programlisting)
18303
18302
"sudoers: files sss\n"
18306
#: serverguide/C/network-auth.xml:4101(title)
18305
#: serverguide/C/network-auth.xml:4103(title)
18307
18306
msgid "Modify /etc/hosts"
18310
#: serverguide/C/network-auth.xml:4102(para)
18309
#: serverguide/C/network-auth.xml:4104(para)
18312
18311
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18316
#: serverguide/C/network-auth.xml:4103(programlisting)
18315
#: serverguide/C/network-auth.xml:4105(programlisting)
18318
18317
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18321
#: serverguide/C/network-auth.xml:4105(para)
18320
#: serverguide/C/network-auth.xml:4107(para)
18322
18321
msgid "This is useful in conjunction with dynamic DNS updates."
18325
#: serverguide/C/network-auth.xml:4109(title)
18324
#: serverguide/C/network-auth.xml:4111(title)
18326
18325
msgid "Join the Active Directory"
18329
#: serverguide/C/network-auth.xml:4110(para)
18328
#: serverguide/C/network-auth.xml:4112(para)
18330
18329
msgid "Now, restart ntp and samba and start sssd."
18333
#: serverguide/C/virtualization.xml:2208(command)
18332
#: serverguide/C/network-auth.xml:4113(command)
18334
18333
msgid "sudo service ntp restart"
18337
#: serverguide/C/network-auth.xml:4114(command)
18336
#: serverguide/C/network-auth.xml:4116(command)
18338
18337
msgid "sudo start sssd"
18341
#: serverguide/C/network-auth.xml:4116(para)
18340
#: serverguide/C/network-auth.xml:4118(para)
18342
18341
msgid "Test the configuration by obtaining a Kerberos ticket:"
18345
#: serverguide/C/network-auth.xml:4118(command)
18344
#: serverguide/C/network-auth.xml:4120(command)
18346
18345
msgid "sudo kinit Administrator"
18349
#: serverguide/C/network-auth.xml:4120(para)
18348
#: serverguide/C/network-auth.xml:4122(para)
18350
18349
msgid "Verify the ticket with:"
18353
#: serverguide/C/network-auth.xml:4121(command)
18352
#: serverguide/C/network-auth.xml:4123(command)
18354
18353
msgid "sudo klist"
18357
#: serverguide/C/network-auth.xml:4123(para)
18356
#: serverguide/C/network-auth.xml:4125(para)
18359
18358
"If there is a ticket with an expiration date listed, then it is time to join "
18360
18359
"the domain:"
18363
#: serverguide/C/network-auth.xml:4125(command)
18362
#: serverguide/C/network-auth.xml:4127(command)
18364
18363
msgid "sudo net ads join -k"
18367
#: serverguide/C/network-auth.xml:4127(para)
18366
#: serverguide/C/network-auth.xml:4129(para)
18369
18368
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18370
18369
"probably means that there is no (correct) alias in "
18388
18387
"Some of the changes appear to be asynchronous."
18391
#: serverguide/C/network-auth.xml:4133(para)
18390
#: serverguide/C/network-auth.xml:4135(para)
18392
18391
msgid "Verification option #1:"
18395
#: serverguide/C/network-auth.xml:4134(para)
18394
#: serverguide/C/network-auth.xml:4136(para)
18397
18396
"Check the default Organizational Unit for computer accounts in the Active "
18398
18397
"Directory to verify that the computer account was created. (Organizational "
18399
18398
"Units in Active Directory is a topic outside the scope of this guide)."
18402
#: serverguide/C/network-auth.xml:4136(para)
18401
#: serverguide/C/network-auth.xml:4138(para)
18403
18402
msgid "Verification option #2"
18406
#: serverguide/C/network-auth.xml:4137(para)
18405
#: serverguide/C/network-auth.xml:4139(para)
18407
18406
msgid "Execute this command for a specific AD user (e.g. administrator)"
18410
#: serverguide/C/network-auth.xml:4138(command)
18409
#: serverguide/C/network-auth.xml:4140(command)
18411
18410
msgid "getent passwd username"
18414
#: serverguide/C/network-auth.xml:4140(para)
18413
#: serverguide/C/network-auth.xml:4142(para)
18416
18415
"If <emphasis>enumerate = true</emphasis> is set in "
18417
18416
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
20210
20209
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
20213
#: serverguide/C/mail.xml:304(para)
20212
#: serverguide/C/mail.xml:349(para)
20214
20213
msgid "Then restart Postfix:"
20217
#: serverguide/C/mail.xml:315(para)
20216
#: serverguide/C/mail.xml:360(para)
20219
20218
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
20222
#: serverguide/C/mail.xml:318(para)
20221
#: serverguide/C/mail.xml:363(para)
20223
20222
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
20226
#: serverguide/C/mail.xml:323(command)
20225
#: serverguide/C/mail.xml:368(command)
20227
20226
msgid "telnet mail.example.com 25"
20230
#: serverguide/C/mail.xml:325(para)
20229
#: serverguide/C/mail.xml:370(para)
20232
20231
"After you have established the connection to the postfix mail server, type:"
20235
#: serverguide/C/mail.xml:329(screen)
20234
#: serverguide/C/mail.xml:374(screen)
20239
20238
"ehlo mail.example.com\n"
20242
#: serverguide/C/mail.xml:332(para)
20241
#: serverguide/C/mail.xml:377(para)
20244
20243
"If you see the following lines among others, then everything is working "
20245
20244
"perfectly. Type <command>quit</command> to exit."
20248
#: serverguide/C/mail.xml:336(programlisting)
20247
#: serverguide/C/mail.xml:381(programlisting)
20346
20345
"<filename>/var/log/mail.warn</filename> respectively."
20349
#: serverguide/C/mail.xml:382(para)
20348
#: serverguide/C/mail.xml:440(para)
20351
20350
"To see messages entered into the logs in real time you can use the "
20352
20351
"<application>tail -f</application> command:"
20355
#: serverguide/C/mail.xml:387(command)
20354
#: serverguide/C/mail.xml:445(command)
20356
20355
msgid "tail -f /var/log/mail.err"
20359
#: serverguide/C/mail.xml:389(para)
20358
#: serverguide/C/mail.xml:447(para)
20361
20360
"The amount of detail that is recorded in the logs can be increased. Below "
20362
20361
"are some configuration options for increasing the log level for some of the "
20363
20362
"areas covered above."
20366
#: serverguide/C/mail.xml:395(para)
20365
#: serverguide/C/mail.xml:453(para)
20368
20367
"To increase <emphasis>TLS</emphasis> activity logging set the "
20369
20368
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20372
#: serverguide/C/mail.xml:399(command)
20371
#: serverguide/C/mail.xml:457(command)
20373
20372
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20376
#: serverguide/C/mail.xml:403(para)
20375
#: serverguide/C/mail.xml:461(para)
20378
20377
"If you are having trouble sending or receiving mail from a specific domain "
20379
20378
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20382
#: serverguide/C/mail.xml:408(command)
20381
#: serverguide/C/mail.xml:466(command)
20383
20382
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20386
#: serverguide/C/mail.xml:412(para)
20385
#: serverguide/C/mail.xml:470(para)
20388
20387
"You can increase the verbosity of any <application>Postfix</application> "
20389
20388
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20513
20512
"in one file you can configure accordingly in this user interface."
20516
#: serverguide/C/mail.xml:514(para)
20515
#: serverguide/C/mail.xml:572(para)
20518
20517
"All the parameters you configure in the user interface are stored in "
20519
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20520
"configure, either you re-run the configuration wizard or manually edit this "
20521
"file using your favorite editor. Once you configure, you can run the "
20518
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20519
"re-configure, either you re-run the configuration wizard or manually edit "
20520
"this file using your favorite editor. Once you configure, you can run the "
20522
20521
"following command to generate the master configuration file:"
20525
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20524
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20526
20525
msgid "sudo update-exim4.conf"
20529
#: serverguide/C/mail.xml:527(para)
20528
#: serverguide/C/mail.xml:585(para)
20531
20530
"The master configuration file, is generated and it is stored in "
20532
20531
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20535
#: serverguide/C/mail.xml:533(para)
20534
#: serverguide/C/mail.xml:591(para)
20537
20536
"At any time, you should not edit the master configuration file, "
20538
20537
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20539
20538
"updated automatically every time you run <command>update-exim4.conf</command>"
20542
#: serverguide/C/mail.xml:541(para)
20541
#: serverguide/C/mail.xml:599(para)
20544
20543
"You can run the following command to start <application>Exim4</application> "
20549
20548
msgid "sudo service exim4 start"
20552
#: serverguide/C/mail.xml:551(para)
20551
#: serverguide/C/mail.xml:609(para)
20554
20553
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
20557
#: serverguide/C/mail.xml:554(para)
20556
#: serverguide/C/mail.xml:612(para)
20559
20558
"The first step is to create a certificate for use with TLS. Enter the "
20560
20559
"following into a terminal prompt:"
20563
#: serverguide/C/mail.xml:558(command)
20562
#: serverguide/C/mail.xml:616(command)
20564
20563
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20567
#: serverguide/C/mail.xml:560(para)
20566
#: serverguide/C/mail.xml:618(para)
20569
20568
"Now Exim4 needs to be configured for TLS by editing "
20570
20569
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
20571
20570
"the following:"
20574
#: serverguide/C/mail.xml:564(programlisting)
20573
#: serverguide/C/mail.xml:622(programlisting)
20578
20577
"MAIN_TLS_ENABLE = yes\n"
20581
#: serverguide/C/mail.xml:567(para)
20580
#: serverguide/C/mail.xml:625(para)
20583
20582
"Next you need to configure <application>Exim4</application> to use the "
20584
20583
"<application>saslauthd</application> for authentication. Edit "
20645
20644
msgid "sudo service exim4 restart"
20648
#: serverguide/C/mail.xml:615(para)
20647
#: serverguide/C/mail.xml:673(para)
20650
20649
"This section provides details on configuring the saslauthd to provide "
20651
20650
"authentication for <application>Exim4</application>."
20654
#: serverguide/C/mail.xml:618(para)
20653
#: serverguide/C/mail.xml:676(para)
20656
20655
"The first step is to install the sasl2-bin package. From a terminal prompt "
20657
20656
"enter the following:"
20660
#: serverguide/C/mail.xml:622(command)
20659
#: serverguide/C/mail.xml:680(command)
20661
20660
msgid "sudo apt-get install sasl2-bin"
20664
#: serverguide/C/mail.xml:624(para)
20663
#: serverguide/C/mail.xml:682(para)
20666
20665
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20667
20666
"and set START=no to:"
20670
#: serverguide/C/mail.xml:630(para)
20669
#: serverguide/C/mail.xml:688(para)
20672
20671
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20673
20672
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20677
#: serverguide/C/mail.xml:635(command)
20676
#: serverguide/C/mail.xml:693(command)
20678
20677
msgid "sudo adduser Debian-exim sasl"
20681
#: serverguide/C/mail.xml:637(para)
20680
#: serverguide/C/mail.xml:695(para)
20682
20681
msgid "Now start the <application>saslauthd</application> service:"
20686
20685
msgid "sudo service saslauthd start"
20689
#: serverguide/C/mail.xml:643(para)
20688
#: serverguide/C/mail.xml:701(para)
20691
20690
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20692
20691
"and SASL authentication."
20695
#: serverguide/C/mail.xml:652(para)
20694
#: serverguide/C/mail.xml:710(para)
20697
20696
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20698
20697
"information."
20701
#: serverguide/C/mail.xml:657(para)
20700
#: serverguide/C/mail.xml:715(para)
20703
20702
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20704
20703
"server\">Exim4 Book</ulink> available."
20707
#: serverguide/C/mail.xml:662(para)
20706
#: serverguide/C/mail.xml:720(para)
20709
20708
"Another resource is the <ulink "
20710
20709
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20714
#: serverguide/C/mail.xml:671(title)
20713
#: serverguide/C/mail.xml:729(title)
20715
20714
msgid "Dovecot Server"
20716
20715
msgstr "Server Dovecot"
20718
#: serverguide/C/mail.xml:672(para)
20717
#: serverguide/C/mail.xml:730(para)
20720
20719
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20721
20720
"security primarily in mind. It supports the major mailbox formats: mbox or "
20722
20721
"Maildir. This section explain how to set it up as an imap or pop3 server."
20725
#: serverguide/C/mail.xml:680(para)
20724
#: serverguide/C/mail.xml:738(para)
20727
20726
"To install <application>dovecot</application>, run the following command in "
20728
20727
"the command prompt:"
20731
#: serverguide/C/mail.xml:685(command)
20730
#: serverguide/C/mail.xml:743(command)
20732
20731
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20735
#: serverguide/C/mail.xml:690(para)
20734
#: serverguide/C/mail.xml:748(para)
20737
20736
"To configure <application>dovecot</application>, you can edit the file "
20738
20737
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20912
20911
"Mailman sebagai perangkat lunak untuk milis mereka. Mailman sangat handal "
20913
20912
"dan mudah untuk diinstal dan dikelola."
20915
#: serverguide/C/mail.xml:829(para)
20914
#: serverguide/C/mail.xml:888(para)
20917
20916
"Mailman provides a web interface for the administrators and users, using an "
20918
20917
"external mail server to send and receive emails. It works perfectly with the "
20919
20918
"following mail servers:"
20922
#: serverguide/C/mail.xml:840(application)
20921
#: serverguide/C/mail.xml:899(application)
20924
20923
msgstr "Exim"
20926
#: serverguide/C/mail.xml:843(application)
20925
#: serverguide/C/mail.xml:902(application)
20927
20926
msgid "Sendmail"
20928
20927
msgstr "Sendmail"
20930
#: serverguide/C/mail.xml:846(application)
20929
#: serverguide/C/mail.xml:905(application)
20931
20930
msgid "Qmail"
20932
20931
msgstr "Qmail"
20934
#: serverguide/C/mail.xml:851(para)
20933
#: serverguide/C/mail.xml:910(para)
20936
20935
"We will see how to install and configure Mailman with, the Apache web "
20937
20936
"server, and either the Postfix or Exim mail server. If you wish to install "
20938
20937
"Mailman with a different mail server, please refer to the references section."
20941
#: serverguide/C/mail.xml:858(para)
20940
#: serverguide/C/mail.xml:917(para)
20943
20942
"You only need to install one mail server and "
20944
20943
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20947
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20946
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20948
20947
msgid "Apache2"
20949
20948
msgstr "Apache2"
20951
#: serverguide/C/mail.xml:864(para)
20950
#: serverguide/C/mail.xml:923(para)
20953
20952
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20957
#: serverguide/C/mail.xml:870(para)
20956
#: serverguide/C/mail.xml:929(para)
20959
20958
"For instructions on installing and configuring Postfix refer to <xref "
20960
20959
"linkend=\"postfix\"/>"
20963
#: serverguide/C/mail.xml:876(para)
20962
#: serverguide/C/mail.xml:935(para)
20964
20963
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20967
#: serverguide/C/mail.xml:879(para)
20966
#: serverguide/C/mail.xml:938(para)
20969
20968
"Once exim4 is installed, the configuration files are stored in the "
20970
20969
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
21042
21041
"available/mailman.conf</filename> file if you wish to change this behavior."
21045
#: serverguide/C/mail.xml:948(para)
21044
#: serverguide/C/mail.xml:1007(para)
21047
21046
"For <application>Postfix</application> integration, we will associate the "
21048
21047
"domain lists.example.com with the mailing lists. Please replace "
21049
21048
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
21052
#: serverguide/C/mail.xml:952(para)
21051
#: serverguide/C/mail.xml:1011(para)
21054
21053
"You can use the postconf command to add the necessary configuration to "
21055
21054
"<filename>/etc/postfix/main.cf</filename>:"
21058
#: serverguide/C/mail.xml:956(command)
21057
#: serverguide/C/mail.xml:1015(command)
21059
21058
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
21062
#: serverguide/C/mail.xml:957(command)
21061
#: serverguide/C/mail.xml:1016(command)
21063
21062
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
21066
#: serverguide/C/mail.xml:958(command)
21065
#: serverguide/C/mail.xml:1017(command)
21067
21066
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
21070
#: serverguide/C/mail.xml:960(para)
21069
#: serverguide/C/mail.xml:1019(para)
21072
21071
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
21073
21072
"the following transport:"
21076
#: serverguide/C/mail.xml:963(programlisting)
21075
#: serverguide/C/mail.xml:1022(programlisting)
21082
21081
" ${nexthop} ${user}\n"
21085
#: serverguide/C/mail.xml:968(para)
21084
#: serverguide/C/mail.xml:1027(para)
21087
21086
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
21088
21087
"is delivered to a list."
21091
#: serverguide/C/mail.xml:971(para)
21090
#: serverguide/C/mail.xml:1030(para)
21093
21092
"Associate the domain lists.example.com to the Mailman transport with the "
21094
21093
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
21097
#: serverguide/C/mail.xml:974(programlisting)
21096
#: serverguide/C/mail.xml:1033(programlisting)
21101
21100
"lists.example.com mailman:\n"
21104
#: serverguide/C/mail.xml:977(para)
21103
#: serverguide/C/mail.xml:1036(para)
21106
21105
"Now have <application>Postfix</application> build the transport map by "
21107
21106
"entering the following from a terminal prompt:"
21110
#: serverguide/C/mail.xml:981(command)
21109
#: serverguide/C/mail.xml:1040(command)
21111
21110
msgid "sudo postmap -v /etc/postfix/transport"
21114
#: serverguide/C/mail.xml:983(para)
21113
#: serverguide/C/mail.xml:1042(para)
21115
21114
msgid "Then restart Postfix to enable the new configurations:"
21118
#: serverguide/C/mail.xml:992(para)
21117
#: serverguide/C/mail.xml:1051(para)
21120
21119
"Once Exim4 is installed, you can start the Exim server using the following "
21121
21120
"command from a terminal prompt:"
21124
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21123
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21126
21125
msgstr "Main"
21128
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21127
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21129
21128
msgid "Transport"
21130
21129
msgstr "Transport"
21132
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21131
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21133
21132
msgid "Router"
21134
21133
msgstr "Router"
21136
#: serverguide/C/mail.xml:999(para)
21135
#: serverguide/C/mail.xml:1058(para)
21138
21137
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21139
21138
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21482
21481
"spf</application>."
21485
#: serverguide/C/mail.xml:1251(para)
21484
#: serverguide/C/mail.xml:1310(para)
21487
21486
"<application>Amavisd-new</application> is a wrapper program that can call "
21488
21487
"any number of content filtering programs for spam detection, antivirus, etc."
21491
#: serverguide/C/mail.xml:1257(para)
21490
#: serverguide/C/mail.xml:1316(para)
21493
21492
"<application>Spamassassin</application> uses a variety of mechanisms to "
21494
21493
"filter email based on the message content."
21497
#: serverguide/C/mail.xml:1262(para)
21496
#: serverguide/C/mail.xml:1321(para)
21499
21498
"<application>ClamAV</application> is an open source antivirus application."
21502
#: serverguide/C/mail.xml:1267(para)
21501
#: serverguide/C/mail.xml:1326(para)
21504
21503
"<application>opendkim</application> implements a Sendmail Mail Filter "
21505
21504
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21508
#: serverguide/C/mail.xml:1273(para)
21507
#: serverguide/C/mail.xml:1332(para)
21510
21509
"<application>python-policyd-spf</application> enables Sender Policy "
21511
21510
"Framework (SPF) checking with <application>Postfix</application>."
21514
#: serverguide/C/mail.xml:1278(para)
21513
#: serverguide/C/mail.xml:1337(para)
21515
21514
msgid "This is how the pieces fit together:"
21518
#: serverguide/C/mail.xml:1283(para)
21517
#: serverguide/C/mail.xml:1342(para)
21519
21518
msgid "An email message is accepted by <application>Postfix</application>."
21522
#: serverguide/C/mail.xml:1288(para)
21521
#: serverguide/C/mail.xml:1347(para)
21524
21523
"The message is passed through any external filters "
21525
21524
"<application>opendkim</application> and <application>python-policyd-"
21526
21525
"spf</application> in this case."
21529
#: serverguide/C/mail.xml:1294(para)
21528
#: serverguide/C/mail.xml:1353(para)
21530
21529
msgid "<application>Amavisd-new</application> then processes the message."
21533
#: serverguide/C/mail.xml:1299(para)
21532
#: serverguide/C/mail.xml:1358(para)
21535
21534
"<application>ClamAV</application> is used to scan the message. If the "
21536
21535
"message contains a virus <application>Postfix</application> will reject the "
21540
#: serverguide/C/mail.xml:1305(para)
21539
#: serverguide/C/mail.xml:1364(para)
21542
21541
"Clean messages will then be analyzed by "
21543
21542
"<application>Spamassassin</application> to find out if the message is spam. "
21558
#: serverguide/C/mail.xml:1319(para)
21557
#: serverguide/C/mail.xml:1378(para)
21560
21559
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21561
21560
"configuring Postfix."
21564
#: serverguide/C/mail.xml:1322(para)
21563
#: serverguide/C/mail.xml:1381(para)
21566
21565
"To install the rest of the applications enter the following from a terminal "
21570
#: serverguide/C/mail.xml:1326(command)
21569
#: serverguide/C/mail.xml:1385(command)
21571
21570
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21574
#: serverguide/C/mail.xml:1327(command)
21573
#: serverguide/C/mail.xml:1386(command)
21575
21574
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21578
#: serverguide/C/mail.xml:1329(para)
21577
#: serverguide/C/mail.xml:1388(para)
21580
21579
"There are some optional packages that integrate with "
21581
21580
"<application>Spamassassin</application> for better spam detection:"
21584
#: serverguide/C/mail.xml:1333(command)
21583
#: serverguide/C/mail.xml:1392(command)
21585
21584
msgid "sudo apt-get install pyzor razor"
21588
#: serverguide/C/mail.xml:1335(para)
21587
#: serverguide/C/mail.xml:1394(para)
21590
21589
"Along with the main filtering applications compression utilities are needed "
21591
21590
"to process some email attachments:"
21594
#: serverguide/C/mail.xml:1339(command)
21593
#: serverguide/C/mail.xml:1398(command)
21596
21595
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21599
#: serverguide/C/mail.xml:1342(para)
21598
#: serverguide/C/mail.xml:1401(para)
21601
21600
"If some packages are not found, check that the "
21602
21601
"<emphasis>multiverse</emphasis> repository is enabled in "
21603
21602
"<filename>/etc/apt/sources.list</filename>"
21606
#: serverguide/C/mail.xml:1343(para)
21605
#: serverguide/C/mail.xml:1402(para)
21608
21607
"If you make changes to the file, be sure to run <command>sudo apt-get "
21609
21608
"update</command> before trying to install again."
21612
#: serverguide/C/mail.xml:1348(para)
21611
#: serverguide/C/mail.xml:1407(para)
21613
21612
msgid "Now configure everything to work together and filter email."
21616
#: serverguide/C/mail.xml:1352(title)
21615
#: serverguide/C/mail.xml:1411(title)
21617
21616
msgid "ClamAV"
21620
#: serverguide/C/mail.xml:1353(para)
21619
#: serverguide/C/mail.xml:1412(para)
21622
21621
"The default behaviour of <application>ClamAV</application> will fit our "
21623
21622
"needs. For more ClamAV configuration options, check the configuration files "
21624
21623
"in <filename>/etc/clamav</filename>."
21627
#: serverguide/C/mail.xml:1358(para)
21626
#: serverguide/C/mail.xml:1417(para)
21629
21628
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21630
21629
"group in order for <application>Amavisd-new</application> to have the "
21631
21630
"appropriate access to scan files:"
21634
#: serverguide/C/mail.xml:1363(command)
21633
#: serverguide/C/mail.xml:1422(command)
21635
21634
msgid "sudo adduser clamav amavis"
21638
#: serverguide/C/mail.xml:1364(command)
21637
#: serverguide/C/mail.xml:1423(command)
21639
21638
msgid "sudo adduser amavis clamav"
21642
#: serverguide/C/mail.xml:1368(title)
21641
#: serverguide/C/mail.xml:1427(title)
21643
21642
msgid "Spamassassin"
21646
#: serverguide/C/mail.xml:1369(para)
21645
#: serverguide/C/mail.xml:1428(para)
21648
21647
"Spamassassin automatically detects optional components and will use them if "
21649
21648
"they are present. This means that there is no need to configure "
21650
21649
"<application>pyzor</application> and <application>razor</application>."
21653
#: serverguide/C/mail.xml:1373(para)
21652
#: serverguide/C/mail.xml:1432(para)
21655
21654
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21656
21655
"<application>Spamassassin</application> daemon. Change "
21657
21656
"<emphasis>ENABLED=0</emphasis> to:"
21660
#: serverguide/C/mail.xml:1377(programlisting)
21659
#: serverguide/C/mail.xml:1436(programlisting)
21664
21663
"ENABLED=1\n"
21667
#: serverguide/C/mail.xml:1380(para)
21666
#: serverguide/C/mail.xml:1439(para)
21668
21667
msgid "Now start the daemon:"
21792
21791
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21795
#: serverguide/C/mail.xml:1470(para)
21794
#: serverguide/C/mail.xml:1528(para)
21796
21795
msgid "There are multiple ways to configure the Whitelist for a domain:"
21799
#: serverguide/C/mail.xml:1476(para)
21798
#: serverguide/C/mail.xml:1534(para)
21801
21800
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21802
21801
"address from the \"example.com\" domain."
21805
#: serverguide/C/mail.xml:1481(para)
21804
#: serverguide/C/mail.xml:1539(para)
21807
21806
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21808
21807
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21809
21808
"have a valid signature."
21812
#: serverguide/C/mail.xml:1487(para)
21811
#: serverguide/C/mail.xml:1545(para)
21814
21813
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21815
21814
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21816
21815
"role=\"italic\">example.com</emphasis> the parent domain."
21819
#: serverguide/C/mail.xml:1493(para)
21818
#: serverguide/C/mail.xml:1551(para)
21821
21820
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21822
21821
"that have a valid signature from \"example.com\". This is usually used for "
21823
21822
"discussion groups that sign their messages."
21826
#: serverguide/C/mail.xml:1500(para)
21825
#: serverguide/C/mail.xml:1558(para)
21828
21827
"A domain can also have multiple Whitelist configurations. After editing the "
21829
21828
"file, restart <application>amavisd-new</application>:"
21832
#: serverguide/C/mail.xml:1510(para)
21831
#: serverguide/C/mail.xml:1568(para)
21834
21833
"In this context, once a domain has been added to the Whitelist the message "
21835
21834
"will not receive any anti-virus or spam filtering. This may or may not be "
21836
21835
"the intended behavior you wish for a domain."
21839
#: serverguide/C/mail.xml:1520(para)
21838
#: serverguide/C/mail.xml:1578(para)
21841
21840
"For <application>Postfix</application> integration, enter the following from "
21842
21841
"a terminal prompt:"
21845
#: serverguide/C/mail.xml:1524(command)
21844
#: serverguide/C/mail.xml:1582(command)
21846
21845
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21849
#: serverguide/C/mail.xml:1526(para)
21848
#: serverguide/C/mail.xml:1584(para)
21851
21850
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21852
21851
"to the end of the file:"
22054
22053
"back to normal."
22057
#: serverguide/C/mail.xml:1689(para)
22056
#: serverguide/C/mail.xml:1747(para)
22058
22057
msgid "For more information on filtering mail see the following links:"
22061
#: serverguide/C/mail.xml:1695(ulink)
22060
#: serverguide/C/mail.xml:1753(ulink)
22062
22061
msgid "Amavisd-new Documentation"
22065
#: serverguide/C/mail.xml:1699(para)
22064
#: serverguide/C/mail.xml:1757(para)
22067
22066
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
22068
22067
"Documentation</ulink> and <ulink "
22069
22068
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
22072
#: serverguide/C/mail.xml:1706(ulink)
22071
#: serverguide/C/mail.xml:1764(ulink)
22073
22072
msgid "Spamassassin Wiki"
22076
#: serverguide/C/mail.xml:1711(ulink)
22075
#: serverguide/C/mail.xml:1769(ulink)
22077
22076
msgid "Pyzor Homepage"
22080
#: serverguide/C/mail.xml:1716(ulink)
22079
#: serverguide/C/mail.xml:1774(ulink)
22081
22080
msgid "Razor Homepage"
22084
#: serverguide/C/mail.xml:1721(ulink)
22083
#: serverguide/C/mail.xml:1779(ulink)
22085
22084
msgid "DKIM.org"
22088
#: serverguide/C/mail.xml:1726(ulink)
22087
#: serverguide/C/mail.xml:1784(ulink)
22089
22088
msgid "Postfix Amavis New"
22092
#: serverguide/C/mail.xml:1730(para)
22091
#: serverguide/C/mail.xml:1788(para)
22094
22093
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
22095
22094
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22215
22212
#: serverguide/C/lamp-applications.xml:121(para)
22217
22214
"You should also install <application>apache2</application> web server. For "
22218
"installing <application>apache2</application> web server, please refer to "
22219
"<xref linkend=\"http-installation\"/> sub-section in <xref "
22215
"installing the <application>apache2</application> web server, please refer "
22216
"to <xref linkend=\"http-installation\"/> sub-section in <xref "
22220
22217
"linkend=\"httpd\"/> section."
22222
"Anda juga sebaiknya menginstal server web<application>apache2</application>. "
22223
"Untuk menginstal server web <application>apache2</application>, silakan "
22224
"ikuti sub-seksi <xref linkend=\"http-installation\"/> di bagian <xref "
22225
"linkend=\"httpd\"/>."
22227
22220
#: serverguide/C/lamp-applications.xml:132(para)
22229
"For configuring your first Wiki application, please run the following set of "
22230
"commands. Let us assume that you are creating a Wiki named "
22222
"To configure your first wiki application, please run the following set of "
22223
"commands. Let us assume that you are creating a wiki named "
22231
22224
"<emphasis>mywiki</emphasis>:"
22233
"Untuk mengkonfigurasi aplikasi Wiki anda yang pertama, jalankan beberapa "
22234
"perintah berikut ini. Diasumsikan <emphasis>mywiki</emphasis> adalah nama "
22235
"Wiki yang anda buat :"
22237
22227
#: serverguide/C/lamp-applications.xml:139(command)
22238
22228
msgid "cd /usr/share/moin"
22317
22302
#: serverguide/C/lamp-applications.xml:182(para)
22319
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
22304
"If you have named your wiki as <emphasis>my_wiki_name</emphasis> you should "
22320
22305
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
22321
22306
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
22322
22307
"<quote>(\"mywiki\", r\".*\")</quote>."
22324
"Jika anda telah memberi nama Wiki anda dengan "
22325
"<emphasis>my_wiki_name</emphasis> anda harus menambahkan baris "
22326
"<quote>(\"my_wiki_name\", r\".*\")</quote> pada file "
22327
"<filename>/etc/moin/farmconfig.py</filename> setelah baris "
22328
"<quote>(\"mywiki\", r\".*\")</quote>."
22330
22310
#: serverguide/C/lamp-applications.xml:190(para)
22332
22312
"Once you have configured <application>MoinMoin</application> to find your "
22333
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
22334
"<application>apache2</application> and make it ready for your Wiki "
22313
"first wiki application, <emphasis>mywiki</emphasis>, you should configure "
22314
"<application>apache2</application> and make it ready for your wiki."
22337
"Setelah anda mengkonfigurasi <application>MoinMoin</application> untuk dapat "
22338
"menggunakan aplikasi Wiki <emphasis>mywiki</emphasis> anda yang pertama, "
22339
"anda juga harus mengkonfigurasi <application>apache2</application> dan "
22340
"membuatnya siap digunakan untuk aplikasi Wiki anda."
22342
22317
#: serverguide/C/lamp-applications.xml:197(para)
22363
22338
#: serverguide/C/lamp-applications.xml:214(para)
22339
msgid "The version in the above example is determined by running:"
22342
#: serverguide/C/lamp-applications.xml:218(programlisting)
22346
"$ moin --version\n"
22349
#: serverguide/C/lamp-applications.xml:222(para)
22350
msgid "If the output shows version 1.9.7, your second line should be:"
22353
#: serverguide/C/lamp-applications.xml:226(programlisting)
22357
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
22360
#: serverguide/C/lamp-applications.xml:230(para)
22365
22362
"Once you configure the <application>apache2</application> web server and "
22366
"make it ready for your Wiki application, you should restart it. You can run "
22363
"make it ready for your wiki application, you should restart it. You can run "
22367
22364
"the following command to restart the <application>apache2</application> web "
22370
"Setelah anda mengonfigurasi server web <application>apache2</application> "
22371
"dan membuatnya siap untuk aplikasi Wiki anda, maka langkah selanjutnya anda "
22372
"harus start ulang. Anda dapat menjalankan perintah ini untuk start ulang "
22373
"server server<application>apache2</application>."
22375
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
22368
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1315(title)
22376
22369
msgid "Verification"
22377
22370
msgstr "Memastikan"
22379
#: serverguide/C/lamp-applications.xml:229(para)
22372
#: serverguide/C/lamp-applications.xml:245(para)
22381
22374
"You can verify the Wiki application and see if it works by pointing your web "
22382
22375
"browser to the following URL:"
22495
22488
"config/index.php</ulink> if your server has no GUI.)"
22498
#: serverguide/C/lamp-applications.xml:334(para)
22491
#: serverguide/C/lamp-applications.xml:350(para)
22500
22493
"Please read the <quote>Environmental checks</quote> section of the "
22501
22494
"configuration page. You should be able to fix many issues by carefully "
22502
22495
"reading this section."
22505
#: serverguide/C/lamp-applications.xml:330(para)
22498
#: serverguide/C/lamp-applications.xml:357(para)
22507
22500
"Once the configuration is complete, you should copy the "
22508
22501
"<filename>LocalSettings.php</filename> file to "
22509
22502
"<filename>/etc/mediawiki</filename> directory:"
22512
#: serverguide/C/lamp-applications.xml:337(command)
22505
#: serverguide/C/lamp-applications.xml:364(command)
22513
22506
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22516
#: serverguide/C/lamp-applications.xml:340(para)
22509
#: serverguide/C/lamp-applications.xml:367(para)
22518
22511
"You may also want to edit "
22519
22512
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22520
22513
"memory limit (disabled by default):"
22523
#: serverguide/C/lamp-applications.xml:345(programlisting)
22516
#: serverguide/C/lamp-applications.xml:372(programlisting)
22527
22520
"ini_set( 'memory_limit', '64M' );\n"
22530
#: serverguide/C/lamp-applications.xml:352(title)
22523
#: serverguide/C/lamp-applications.xml:379(title)
22531
22524
msgid "Extensions"
22534
#: serverguide/C/lamp-applications.xml:353(para)
22527
#: serverguide/C/lamp-applications.xml:380(para)
22536
22529
"The extensions add new features and enhancements for the MediaWiki "
22537
22530
"application. The extensions give wiki administrators and end users the "
22538
22531
"ability to customize MediaWiki to their requirements."
22541
#: serverguide/C/lamp-applications.xml:359(para)
22534
#: serverguide/C/lamp-applications.xml:386(para)
22543
22536
"You can download MediaWiki extensions as an archive file or checkout from "
22544
22537
"the Subversion repository. You should copy it to "
22654
22647
"remote database."
22657
#: serverguide/C/lamp-applications.xml:462(para)
22650
#: serverguide/C/lamp-applications.xml:489(para)
22659
22652
"Once configured, log out of <application>phpMyAdmin</application> and back "
22660
22653
"in, and you should be accessing the new server."
22663
#: serverguide/C/lamp-applications.xml:466(para)
22656
#: serverguide/C/lamp-applications.xml:493(para)
22665
22658
"The <filename>config.header.inc.php</filename> and "
22666
22659
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22667
22660
"header and footer to <application>phpMyAdmin</application>."
22670
#: serverguide/C/lamp-applications.xml:471(para)
22663
#: serverguide/C/lamp-applications.xml:498(para)
22672
22665
"Another important configuration file is "
22673
22666
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22674
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22675
"configure <application>Apache2</application> to serve the "
22676
"<application>phpMyAdmin</application> site. The file contains directives for "
22677
"loading <application>PHP</application>, directory permissions, etc. For more "
22678
"information on configuring <application>Apache2</application> see <xref "
22679
"linkend=\"httpd\"/>."
22682
#: serverguide/C/lamp-applications.xml:485(para)
22667
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22668
"enabled, is used to configure <application>Apache2</application> to serve "
22669
"the <application>phpMyAdmin</application> site. The file contains directives "
22670
"for loading <application>PHP</application>, directory permissions, etc. From "
22674
#: serverguide/C/lamp-applications.xml:506(command)
22676
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22677
"available/phpmyadmin.conf"
22680
#: serverguide/C/lamp-applications.xml:507(command)
22681
msgid "sudo a2enconf phpmyadmin.conf"
22684
#: serverguide/C/lamp-applications.xml:511(para)
22686
"For more information on configuring <application>Apache2</application> see "
22687
"<xref linkend=\"httpd\"/>."
22690
#: serverguide/C/lamp-applications.xml:522(para)
22684
22692
"The <application>phpMyAdmin</application> documentation comes installed with "
22685
22693
"the package and can be accessed from the <emphasis>phpMyAdmin "
22688
22696
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22691
#: serverguide/C/lamp-applications.xml:492(para)
22699
#: serverguide/C/lamp-applications.xml:529(para)
22693
22701
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22694
22702
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22697
#: serverguide/C/lamp-applications.xml:497(para)
22705
#: serverguide/C/lamp-applications.xml:534(para)
22699
22707
"A third resource is the <ulink "
22700
22708
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22701
22709
"Wiki</ulink> page."
22704
#: serverguide/C/lamp-applications.xml:517(title)
22712
#: serverguide/C/lamp-applications.xml:543(title)
22705
22713
msgid "WordPress"
22708
#: serverguide/C/lamp-applications.xml:518(para)
22716
#: serverguide/C/lamp-applications.xml:544(para)
22710
22718
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22711
22719
"licensed under the GNU GPLv2."
22714
#: serverguide/C/lamp-applications.xml:524(para)
22722
#: serverguide/C/lamp-applications.xml:550(para)
22716
22724
"To install <application>WordPress</application>, run the following comand in "
22717
22725
"the command prompt:"
22720
#: serverguide/C/lamp-applications.xml:529(command)
22728
#: serverguide/C/lamp-applications.xml:555(command)
22721
22729
msgid "sudo apt-get install wordpress"
22724
#: serverguide/C/lamp-applications.xml:532(para)
22732
#: serverguide/C/lamp-applications.xml:558(para)
22726
22734
"You should also install <application>apache2</application> web server and "
22727
22735
"<application>mysql</application> server. For installing "
22903
22911
#: serverguide/C/introduction.xml:31(para)
22905
22913
"There are a couple of different ways that Ubuntu Server Edition is "
22906
"supported, commercial support and community support. The main commercial "
22907
"support (and development funding) is available from Canonical Ltd. They "
22908
"supply reasonably priced support contracts on a per desktop or per server "
22914
"supported: commercial support and community support. The main commercial "
22915
"support (and development funding) is available from Canonical, Ltd. They "
22916
"supply reasonably- priced support contracts on a per desktop or per server "
22909
22917
"basis. For more information see the <ulink "
22910
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22918
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22914
#: serverguide/C/introduction.xml:38(para)
22921
#: serverguide/C/introduction.xml:40(para)
22916
"Community support is also provided by dedicated individuals, and companies, "
22923
"Community support is also provided by dedicated individuals and companies "
22917
22924
"that wish to make Ubuntu the best distribution possible. Support is provided "
22918
22925
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22919
22926
"large amount of information available can be overwhelming, but a good search "
23164
23171
msgid "Next, the installer asks for the system's hostname."
23167
#: serverguide/C/installation.xml:195(para)
23174
#: serverguide/C/installation.xml:184(para)
23169
23176
"A new user is set up; this user will have <emphasis>root</emphasis> access "
23170
23177
"through the <application>sudo</application> utility."
23173
#: serverguide/C/installation.xml:201(para)
23180
#: serverguide/C/installation.xml:190(para)
23175
"After the user settings have been completed, you will be asked to encrypt "
23176
"your <filename role=\"directory\">home</filename> directory."
23182
"After the user settings have been completed, you will be asked if you want "
23183
"to encrypt your <filename role=\"directory\">home</filename> directory."
23179
23186
#: serverguide/C/installation.xml:196(para)
23180
23187
msgid "Next, the installer asks for the system's Time Zone."
23183
#: serverguide/C/installation.xml:182(para)
23190
#: serverguide/C/installation.xml:201(para)
23185
23192
"You can then choose from several options to configure the hard drive layout. "
23186
"Afterwards you are asked for which disk to install to. You may get "
23187
"confirmation prompts before rewriting the partition table or setting up LVM "
23188
"depending on disk layout. If you choose LVM, you will be asked for the size "
23189
"of the root logical volume. For advanced disk options see <xref "
23190
"linkend=\"advanced-installation\"/>."
23193
"Afterwards you are asked which disk to install to. You may get confirmation "
23194
"prompts before rewriting the partition table or setting up LVM depending on "
23195
"disk layout. If you choose LVM, you will be asked for the size of the root "
23196
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
23197
"installation\"/>."
23193
#: serverguide/C/installation.xml:190(para)
23200
#: serverguide/C/installation.xml:209(para)
23194
23201
msgid "The Ubuntu base system is then installed."
23197
#: serverguide/C/installation.xml:207(para)
23204
#: serverguide/C/installation.xml:214(para)
23199
23206
"The next step in the installation process is to decide how you want to "
23200
23207
"update the system. There are three options:"
23203
#: serverguide/C/installation.xml:213(para)
23210
#: serverguide/C/installation.xml:220(para)
23205
23212
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
23206
23213
"log into the machine and manually install updates."
23209
#: serverguide/C/installation.xml:219(para)
23216
#: serverguide/C/installation.xml:226(para)
23211
23218
"<emphasis>Install security updates automatically</emphasis>: this will "
23212
23219
"install the <application>unattended-upgrades</application> package, which "
23255
23262
"Installation Guide</ulink>."
23258
#: serverguide/C/installation.xml:265(title)
23265
#: serverguide/C/installation.xml:272(title)
23259
23266
msgid "Package Tasks"
23262
#: serverguide/C/installation.xml:266(para)
23269
#: serverguide/C/installation.xml:273(para)
23264
23271
"During the Server Edition installation you have the option of installing "
23265
23272
"additional packages from the CD. The packages are grouped by the type of "
23266
23273
"service they provide."
23269
#: serverguide/C/installation.xml:272(para)
23276
#: serverguide/C/installation.xml:279(para)
23270
23277
msgid "DNS server: Selects the BIND DNS server and its documentation."
23273
#: serverguide/C/installation.xml:277(para)
23280
#: serverguide/C/installation.xml:284(para)
23274
23281
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23277
#: serverguide/C/installation.xml:282(para)
23284
#: serverguide/C/installation.xml:289(para)
23279
23286
"Mail server: This task selects a variety of packages useful for a general "
23280
23287
"purpose mail server system."
23283
#: serverguide/C/installation.xml:287(para)
23290
#: serverguide/C/installation.xml:294(para)
23284
23291
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23287
#: serverguide/C/installation.xml:292(para)
23294
#: serverguide/C/installation.xml:299(para)
23289
23296
"PostgreSQL database: This task selects client and server packages for the "
23290
23297
"PostgreSQL database."
23293
#: serverguide/C/installation.xml:297(para)
23300
#: serverguide/C/installation.xml:304(para)
23294
23301
msgid "Print server: This task sets up your system to be a print server."
23297
#: serverguide/C/installation.xml:302(para)
23304
#: serverguide/C/installation.xml:309(para)
23299
23306
"Samba File server: This task sets up your system to be a Samba file server, "
23300
23307
"which is especially suitable in networks with both Windows and Linux systems."
23303
#: serverguide/C/installation.xml:308(para)
23310
#: serverguide/C/installation.xml:315(para)
23304
23311
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23307
#: serverguide/C/installation.xml:313(para)
23314
#: serverguide/C/installation.xml:320(para)
23309
23316
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23312
#: serverguide/C/installation.xml:318(para)
23319
#: serverguide/C/installation.xml:325(para)
23314
23321
"Manually select packages: Executes <application>aptitude</application> "
23315
23322
"allowing you to individually select packages."
23318
#: serverguide/C/installation.xml:323(para)
23325
#: serverguide/C/installation.xml:330(para)
23320
23327
"Installing the package groups is accomplished using the "
23321
23328
"<application>tasksel</application> utility. One of the important differences "
23372
#: serverguide/C/installation.xml:359(para)
23379
#: serverguide/C/installation.xml:366(para)
23374
23381
"If you did not install one of the tasks during the installation process, but "
23375
23382
"for example you decide to make your new LAMP server a DNS server as well, "
23376
23383
"simply insert the installation CD and from a terminal:"
23379
#: serverguide/C/installation.xml:364(command)
23386
#: serverguide/C/installation.xml:371(command)
23380
23387
msgid "sudo tasksel install dns-server"
23383
#: serverguide/C/installation.xml:369(title)
23390
#: serverguide/C/installation.xml:376(title)
23384
23391
msgid "Upgrading"
23387
#: serverguide/C/installation.xml:370(para)
23394
#: serverguide/C/installation.xml:377(para)
23389
23396
"There are several ways to upgrade from one Ubuntu release to another. This "
23390
23397
"section gives an overview of the recommended upgrade method."
23393
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
23400
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
23394
23401
msgid "do-release-upgrade"
23397
#: serverguide/C/installation.xml:375(para)
23404
#: serverguide/C/installation.xml:382(para)
23399
23406
"The recommended way to upgrade a Server Edition installation is to use the "
23400
23407
"<application>do-release-upgrade</application> utility. Part of the "
23410
23417
"system configuration changes sometimes needed between releases."
23413
#: serverguide/C/installation.xml:385(para)
23420
#: serverguide/C/installation.xml:392(para)
23414
23421
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23417
#: serverguide/C/installation.xml:391(para)
23424
#: serverguide/C/installation.xml:398(para)
23419
23426
"It is also possible to use <application>do-release-upgrade</application> to "
23420
23427
"upgrade to a development version of Ubuntu. To accomplish this use the "
23421
23428
"<emphasis>-d</emphasis> switch:"
23424
#: serverguide/C/installation.xml:396(command)
23431
#: serverguide/C/installation.xml:403(command)
23425
23432
msgid "do-release-upgrade -d"
23428
#: serverguide/C/installation.xml:399(para)
23435
#: serverguide/C/installation.xml:406(para)
23430
23437
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23431
23438
"for production environments."
23434
#: serverguide/C/installation.xml:406(title)
23441
#: serverguide/C/installation.xml:413(title)
23435
23442
msgid "Advanced Installation"
23438
#: serverguide/C/installation.xml:409(title)
23445
#: serverguide/C/installation.xml:416(title)
23439
23446
msgid "Software RAID"
23442
#: serverguide/C/installation.xml:411(para)
23449
#: serverguide/C/installation.xml:418(para)
23444
23451
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23445
23452
"disks to provide different balances of increasing data reliability and/or "
23460
23467
"another for <emphasis>swap</emphasis>."
23463
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23470
#: serverguide/C/installation.xml:434(title)
23464
23471
msgid "Partitioning"
23467
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23474
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23469
23476
"Follow the installation steps until you get to the <emphasis>Partition "
23470
23477
"disks</emphasis> step, then:"
23473
#: serverguide/C/installation.xml:436(para)
23480
#: serverguide/C/installation.xml:443(para)
23474
23481
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23477
#: serverguide/C/installation.xml:443(para)
23484
#: serverguide/C/installation.xml:450(para)
23479
23486
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23480
23487
"partition table on this device?\"</emphasis>."
23483
#: serverguide/C/installation.xml:447(para)
23490
#: serverguide/C/installation.xml:454(para)
23485
23492
"Repeat this step for each drive you wish to be part of the RAID array."
23488
#: serverguide/C/installation.xml:454(para)
23495
#: serverguide/C/installation.xml:461(para)
23490
23497
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23491
23498
"select <emphasis>\"Create a new partition\"</emphasis>."
23494
#: serverguide/C/installation.xml:461(para)
23501
#: serverguide/C/installation.xml:468(para)
23496
23503
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23497
23504
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23537
23544
"<emphasis>\"Done setting up partition\"</emphasis>."
23540
#: serverguide/C/installation.xml:511(para)
23547
#: serverguide/C/installation.xml:518(para)
23541
23548
msgid "Repeat steps three through eight for the other disk and partitions."
23544
#: serverguide/C/installation.xml:520(title)
23551
#: serverguide/C/installation.xml:527(title)
23545
23552
msgid "RAID Configuration"
23548
#: serverguide/C/installation.xml:522(para)
23555
#: serverguide/C/installation.xml:529(para)
23549
23556
msgid "With the partitions setup the arrays are ready to be configured:"
23552
#: serverguide/C/installation.xml:529(para)
23559
#: serverguide/C/installation.xml:536(para)
23554
23561
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23555
23562
"Software RAID\"</emphasis> at the top."
23558
#: serverguide/C/installation.xml:536(para)
23565
#: serverguide/C/installation.xml:543(para)
23559
23566
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23562
#: serverguide/C/installation.xml:543(para)
23569
#: serverguide/C/installation.xml:550(para)
23563
23570
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23566
#: serverguide/C/installation.xml:550(para)
23573
#: serverguide/C/installation.xml:557(para)
23568
23575
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23569
23576
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23572
#: serverguide/C/installation.xml:556(para)
23579
#: serverguide/C/installation.xml:563(para)
23574
23581
"In order to use <emphasis>RAID5</emphasis> you need at least "
23575
23582
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23576
23583
"<emphasis>two</emphasis> drives are required."
23579
#: serverguide/C/installation.xml:565(para)
23586
#: serverguide/C/installation.xml:572(para)
23581
23588
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23582
23589
"of hard drives you have, for the array. Then select "
23583
23590
"<emphasis>\"Continue\"</emphasis>."
23586
#: serverguide/C/installation.xml:573(para)
23593
#: serverguide/C/installation.xml:580(para)
23588
23595
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23589
23596
"default, then choose <emphasis>\"Continue\"</emphasis>."
23592
#: serverguide/C/installation.xml:580(para)
23599
#: serverguide/C/installation.xml:587(para)
23594
23601
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23595
23602
"etc. The numbers will usually match and the different letters correspond to "
23596
23603
"different hard drives."
23599
#: serverguide/C/installation.xml:585(para)
23606
#: serverguide/C/installation.xml:592(para)
23601
23608
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23602
23609
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23603
23610
"go to the next step."
23606
#: serverguide/C/installation.xml:593(para)
23613
#: serverguide/C/installation.xml:600(para)
23608
23615
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23609
23616
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23610
23617
"and <emphasis>sdb2</emphasis>."
23613
#: serverguide/C/installation.xml:601(para)
23620
#: serverguide/C/installation.xml:608(para)
23614
23621
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23617
#: serverguide/C/installation.xml:611(title)
23624
#: serverguide/C/installation.xml:618(title)
23618
23625
msgid "Formatting"
23621
#: serverguide/C/installation.xml:613(para)
23628
#: serverguide/C/installation.xml:620(para)
23623
23630
"There should now be a list of hard drives and RAID devices. The next step is "
23624
23631
"to format and set the mount point for the RAID devices. Treat the RAID "
23625
23632
"device as a local hard drive, format and mount accordingly."
23628
#: serverguide/C/installation.xml:621(para)
23635
#: serverguide/C/installation.xml:628(para)
23630
23637
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23631
23638
"#0\"</emphasis> partition."
23634
#: serverguide/C/installation.xml:628(para)
23641
#: serverguide/C/installation.xml:635(para)
23636
23643
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23637
23644
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23640
#: serverguide/C/installation.xml:636(para)
23647
#: serverguide/C/installation.xml:643(para)
23642
23649
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23643
23650
"#1\"</emphasis> partition."
23646
#: serverguide/C/installation.xml:643(para)
23653
#: serverguide/C/installation.xml:650(para)
23648
23655
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23649
23656
"journaling file system\"</emphasis>."
23652
#: serverguide/C/installation.xml:650(para)
23659
#: serverguide/C/installation.xml:657(para)
23654
23661
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23655
23662
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23657
23664
"partition\"</emphasis>."
23660
#: serverguide/C/installation.xml:658(para)
23667
#: serverguide/C/installation.xml:665(para)
23662
23669
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23663
23670
"disk\"</emphasis>."
23666
#: serverguide/C/installation.xml:665(para)
23673
#: serverguide/C/installation.xml:672(para)
23668
23675
"If you choose to place the root partition on a RAID array, the installer "
23669
23676
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23670
23677
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23673
#: serverguide/C/installation.xml:670(para)
23680
#: serverguide/C/installation.xml:677(para)
23674
23681
msgid "The installation process will then continue normally."
23677
#: serverguide/C/installation.xml:676(title)
23684
#: serverguide/C/installation.xml:683(title)
23678
23685
msgid "Degraded RAID"
23681
#: serverguide/C/installation.xml:678(para)
23688
#: serverguide/C/installation.xml:685(para)
23683
23690
"At some point in the life of the computer a disk failure event may occur. "
23684
23691
"When this happens, using Software RAID, the operating system will place the "
23685
23692
"array into what is known as a <emphasis>degraded</emphasis> state."
23688
#: serverguide/C/installation.xml:683(para)
23695
#: serverguide/C/installation.xml:690(para)
23690
23697
"If the array has become degraded, due to the chance of data corruption, by "
23691
23698
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23717
23724
"behavior, and can also be manually edited:"
23720
#: serverguide/C/installation.xml:713(programlisting)
23727
#: serverguide/C/installation.xml:720(programlisting)
23724
23731
"BOOT_DEGRADED=true\n"
23727
#: serverguide/C/installation.xml:718(para)
23734
#: serverguide/C/installation.xml:725(para)
23728
23735
msgid "The configuration file can be overridden by using a Kernel argument."
23731
#: serverguide/C/installation.xml:726(para)
23738
#: serverguide/C/installation.xml:733(para)
23733
23740
"Using a Kernel argument will allow the system to boot to a degraded array as "
23737
#: serverguide/C/installation.xml:732(para)
23744
#: serverguide/C/installation.xml:739(para)
23739
23746
"When the server is booting press <keycap>Shift</keycap> to open the "
23740
23747
"<application>Grub</application> menu."
23743
#: serverguide/C/installation.xml:737(para)
23750
#: serverguide/C/installation.xml:744(para)
23744
23751
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23747
#: serverguide/C/installation.xml:742(para)
23754
#: serverguide/C/installation.xml:749(para)
23748
23755
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23751
#: serverguide/C/installation.xml:747(para)
23758
#: serverguide/C/installation.xml:754(para)
23753
23760
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23754
23761
"end of the line."
23757
#: serverguide/C/installation.xml:752(para)
23764
#: serverguide/C/installation.xml:759(para)
23759
23766
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23760
23767
"the system."
23763
#: serverguide/C/installation.xml:761(para)
23770
#: serverguide/C/installation.xml:768(para)
23765
23772
"Once the system has booted you can either repair the array see <xref "
23766
23773
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23767
23774
"another machine due to major hardware failure."
23770
#: serverguide/C/installation.xml:768(title)
23777
#: serverguide/C/installation.xml:775(title)
23771
23778
msgid "RAID Maintenance"
23774
#: serverguide/C/installation.xml:770(para)
23781
#: serverguide/C/installation.xml:777(para)
23776
23783
"The <application>mdadm</application> utility can be used to view the status "
23777
23784
"of an array, add disks to an array, remove disks, etc:"
23780
#: serverguide/C/installation.xml:777(para)
23787
#: serverguide/C/installation.xml:784(para)
23781
23788
msgid "To view the status of an array, from a terminal prompt enter:"
23784
#: serverguide/C/installation.xml:781(command)
23791
#: serverguide/C/installation.xml:788(command)
23785
23792
msgid "sudo mdadm -D /dev/md0"
23788
#: serverguide/C/installation.xml:784(para)
23795
#: serverguide/C/installation.xml:791(para)
23790
23797
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23791
23798
"display <emphasis>detailed</emphasis> information about the "
23793
23800
"with the appropriate RAID device."
23796
#: serverguide/C/installation.xml:790(para)
23803
#: serverguide/C/installation.xml:797(para)
23797
23804
msgid "To view the status of a disk in an array:"
23800
#: serverguide/C/installation.xml:794(command)
23807
#: serverguide/C/installation.xml:801(command)
23801
23808
msgid "sudo mdadm -E /dev/sda1"
23804
#: serverguide/C/installation.xml:796(para)
23811
#: serverguide/C/installation.xml:803(para)
23806
23813
"The output if very similar to the <command>mdadm -D</command> command, "
23807
23814
"adjust <filename>/dev/sda1</filename> for each disk."
23810
#: serverguide/C/installation.xml:801(para)
23817
#: serverguide/C/installation.xml:808(para)
23811
23818
msgid "If a disk fails and needs to be removed from an array enter:"
23814
#: serverguide/C/installation.xml:805(command)
23821
#: serverguide/C/installation.xml:812(command)
23815
23822
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23818
#: serverguide/C/installation.xml:807(para)
23825
#: serverguide/C/installation.xml:814(para)
23820
23827
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23821
23828
"the appropriate RAID device and disk."
23824
#: serverguide/C/installation.xml:812(para)
23831
#: serverguide/C/installation.xml:819(para)
23825
23832
msgid "Similarly, to add a new disk:"
23828
#: serverguide/C/installation.xml:816(command)
23835
#: serverguide/C/installation.xml:823(command)
23829
23836
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23832
#: serverguide/C/installation.xml:821(para)
23839
#: serverguide/C/installation.xml:828(para)
23834
23841
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23835
23842
"though there is nothing physically wrong with the drive. It is usually "
23885
#: serverguide/C/installation.xml:858(command)
23892
#: serverguide/C/installation.xml:865(command)
23886
23893
msgid "sudo grub-install /dev/md0"
23889
#: serverguide/C/installation.xml:861(para)
23896
#: serverguide/C/installation.xml:868(para)
23891
23898
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23894
#: serverguide/C/installation.xml:869(para)
23901
#: serverguide/C/installation.xml:876(para)
23896
23903
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23897
23904
"can be configured. Please see the following links for more information:"
23900
#: serverguide/C/installation.xml:876(para)
23907
#: serverguide/C/installation.xml:883(para)
23902
23909
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23903
23910
"Wiki Articles on RAID</ulink>."
23906
#: serverguide/C/installation.xml:882(ulink)
23913
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23907
23914
msgid "Software RAID HOWTO"
23910
#: serverguide/C/installation.xml:887(ulink)
23917
#: serverguide/C/installation.xml:894(ulink)
23911
23918
msgid "Managing RAID on Linux"
23914
#: serverguide/C/installation.xml:894(title)
23921
#: serverguide/C/installation.xml:901(title)
23915
23922
msgid "Logical Volume Manager (LVM)"
23918
#: serverguide/C/installation.xml:896(para)
23925
#: serverguide/C/installation.xml:903(para)
23920
23927
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23921
23928
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23924
23931
"giving greater flexibility to systems as requirements change."
23927
#: serverguide/C/installation.xml:905(para)
23934
#: serverguide/C/installation.xml:912(para)
23929
23936
"A side effect of LVM's power and flexibility is a greater degree of "
23930
23937
"complication. Before diving into the LVM installation process, it is best to "
23931
23938
"get familiar with some terms."
23934
#: serverguide/C/installation.xml:912(para)
23941
#: serverguide/C/installation.xml:919(para)
23936
23943
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23937
23944
"partition or software RAID partition formatted as LVM PV."
23940
#: serverguide/C/installation.xml:918(para)
23947
#: serverguide/C/installation.xml:925(para)
23942
23949
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23943
23950
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23944
23951
"disk drive, from which one or more logical volumes are carved."
23947
#: serverguide/C/installation.xml:924(para)
23954
#: serverguide/C/installation.xml:931(para)
23949
23956
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23950
23957
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23951
23958
"etc), it is then available for mounting and data storage."
23954
#: serverguide/C/installation.xml:935(para)
23961
#: serverguide/C/installation.xml:942(para)
23956
23963
"As an example this section covers installing Ubuntu Server Edition with "
23957
23964
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
24033
24040
"select <emphasis>\"Done setting up the partition\"</emphasis>."
24036
#: serverguide/C/installation.xml:1024(para)
24043
#: serverguide/C/installation.xml:1031(para)
24038
24045
"Finally, select <emphasis>\"Finish partitioning and write changes to "
24039
24046
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
24040
24047
"the installation."
24043
#: serverguide/C/installation.xml:1032(para)
24050
#: serverguide/C/installation.xml:1039(para)
24044
24051
msgid "There are some useful utilities to view information about LVM:"
24047
#: serverguide/C/installation.xml:1037(para)
24054
#: serverguide/C/installation.xml:1044(para)
24049
24056
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
24052
#: serverguide/C/installation.xml:1038(para)
24059
#: serverguide/C/installation.xml:1045(para)
24054
24061
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
24057
#: serverguide/C/installation.xml:1039(para)
24064
#: serverguide/C/installation.xml:1046(para)
24059
24066
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
24062
#: serverguide/C/installation.xml:1044(title)
24069
#: serverguide/C/installation.xml:1051(title)
24063
24070
msgid "Extending Volume Groups"
24066
#: serverguide/C/installation.xml:1046(para)
24073
#: serverguide/C/installation.xml:1053(para)
24068
24075
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
24069
24076
"section covers adding a second hard disk, creating a Physical Volume (PV), "
24075
24082
"partitions and use them as different physical volumes)"
24078
#: serverguide/C/installation.xml:1054(para)
24085
#: serverguide/C/installation.xml:1061(para)
24080
24087
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
24081
24088
"before issuing the commands below. You could lose some data if you issue "
24082
24089
"those commands on a non-empty disk."
24085
#: serverguide/C/installation.xml:1062(para)
24092
#: serverguide/C/installation.xml:1069(para)
24086
24093
msgid "First, create the physical volume, in a terminal execute:"
24089
#: serverguide/C/installation.xml:1067(command)
24096
#: serverguide/C/installation.xml:1074(command)
24090
24097
msgid "sudo pvcreate /dev/sdb"
24093
#: serverguide/C/installation.xml:1073(para)
24100
#: serverguide/C/installation.xml:1080(para)
24094
24101
msgid "Now extend the Volume Group (VG):"
24097
#: serverguide/C/installation.xml:1078(command)
24104
#: serverguide/C/installation.xml:1085(command)
24098
24105
msgid "sudo vgextend vg01 /dev/sdb"
24101
#: serverguide/C/installation.xml:1084(para)
24108
#: serverguide/C/installation.xml:1091(para)
24103
24110
"Use <application>vgdisplay</application> to find out the free physical "
24104
24111
"extents - Free PE / size (the size you can allocate). We will assume a free "
24132
24139
"first is compulsory)."
24135
#: serverguide/C/installation.xml:1112(para)
24142
#: serverguide/C/installation.xml:1119(para)
24137
24144
"The following commands are for an <emphasis>EXT3</emphasis> or "
24138
24145
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
24139
24146
"there may be other utilities available."
24142
#: serverguide/C/installation.xml:1119(command)
24143
msgid "sudo e2fsck -f /dev/vg01/srv"
24146
#: serverguide/C/installation.xml:1122(para)
24148
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
24149
"forces checking even if the system seems clean."
24152
#: serverguide/C/installation.xml:1129(para)
24153
msgid "Finally, resize the filesystem:"
24156
#: serverguide/C/installation.xml:1134(command)
24157
msgid "sudo resize2fs /dev/vg01/srv"
24160
#: serverguide/C/installation.xml:1140(para)
24149
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
24161
24150
msgid "Now mount the partition and check its size."
24164
#: serverguide/C/installation.xml:1145(command)
24153
#: serverguide/C/installation.xml:1136(para)
24155
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
24158
#: serverguide/C/installation.xml:1141(command)
24165
24159
msgid "mount /dev/vg01/srv /srv && df -h /srv"
24168
#: serverguide/C/installation.xml:1157(para)
24162
#: serverguide/C/installation.xml:1153(para)
24170
24164
"See the <ulink "
24171
24165
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
24172
24166
"Articles</ulink>."
24175
#: serverguide/C/installation.xml:1162(para)
24169
#: serverguide/C/installation.xml:1158(para)
24177
24171
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
24178
24172
"HOWTO</ulink> for more information."
24181
#: serverguide/C/installation.xml:1167(para)
24183
"Another good article is <ulink "
24184
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
24185
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
24186
"linuxdevcenter.com site."
24189
#: serverguide/C/installation.xml:1181(para)
24191
"For more information on <application>fdisk</application> see the <ulink "
24192
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
24193
" man page</ulink>."
24196
#: serverguide/C/installation.xml:1185(title)
24175
#: serverguide/C/installation.xml:1171(title)
24179
#: serverguide/C/installation.xml:1174(para)
24180
msgid "bla bla 4 para."
24183
#: serverguide/C/installation.xml:1179(para)
24184
msgid "bla bla 5 para."
24187
#: serverguide/C/installation.xml:1184(para)
24188
msgid "list item 1."
24191
#: serverguide/C/installation.xml:1189(para)
24192
msgid "list item 2."
24195
#: serverguide/C/installation.xml:1194(para)
24196
msgid "list item 3."
24199
#: serverguide/C/installation.xml:1199(para)
24200
msgid "bla bla para"
24203
#: serverguide/C/installation.xml:1204(para)
24204
msgid "bla bla 6 para."
24207
#: serverguide/C/installation.xml:1209(para)
24208
msgid "bla bla 7 para."
24211
#: serverguide/C/installation.xml:1214(para)
24212
msgid "bla bla 8 para."
24215
#: serverguide/C/installation.xml:1219(para)
24216
msgid "bla bla 9 para."
24219
#: serverguide/C/installation.xml:1226(title)
24223
#: serverguide/C/installation.xml:1229(title)
24227
#: serverguide/C/installation.xml:1232(title)
24231
#: serverguide/C/installation.xml:1235(title)
24235
#: serverguide/C/installation.xml:1238(title)
24239
#: serverguide/C/installation.xml:1241(title)
24243
#: serverguide/C/installation.xml:1244(title)
24247
#: serverguide/C/installation.xml:1247(title)
24251
#: serverguide/C/installation.xml:1250(title)
24255
#: serverguide/C/installation.xml:1253(title)
24259
#: serverguide/C/installation.xml:1258(title)
24197
24260
msgid "Kernel Crash Dump"
24200
#: serverguide/C/installation.xml:1192(para)
24263
#: serverguide/C/installation.xml:1265(para)
24201
24264
msgid "Kernel Panic"
24204
#: serverguide/C/installation.xml:1193(para)
24267
#: serverguide/C/installation.xml:1266(para)
24205
24268
msgid "Non Maskable Interrupts (NMI)"
24208
#: serverguide/C/installation.xml:1194(para)
24271
#: serverguide/C/installation.xml:1267(para)
24209
24272
msgid "Machine Check Exceptions (MCE)"
24212
#: serverguide/C/installation.xml:1195(para)
24275
#: serverguide/C/installation.xml:1268(para)
24213
24276
msgid "Hardware failure"
24216
#: serverguide/C/installation.xml:1196(para)
24279
#: serverguide/C/installation.xml:1269(para)
24217
24280
msgid "Manual intervention"
24220
#: serverguide/C/installation.xml:1188(para)
24283
#: serverguide/C/installation.xml:1261(para)
24222
24285
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
24223
24286
"(RAM) that is copied to disk whenever the execution of the kernel is "
24244
24307
"untouched in order to safely copy its contents to storage."
24247
#: serverguide/C/installation.xml:1216(para)
24310
#: serverguide/C/installation.xml:1289(para)
24249
24312
"The kernel crash dump utility is installed with the following command:"
24252
#: serverguide/C/installation.xml:1221(command)
24315
#: serverguide/C/installation.xml:1294(command)
24253
24316
msgid "sudo apt-get install linux-crashdump"
24256
#: serverguide/C/installation.xml:1230(programlisting)
24319
#: serverguide/C/installation.xml:1303(programlisting)
24260
24323
"USE_KDUMP=1\n"
24263
#: serverguide/C/installation.xml:1228(para)
24326
#: serverguide/C/installation.xml:1301(para)
24265
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
24266
"line: <placeholder-1/>"
24328
"Edit <filename>/etc/default/kdump-tools</filename> by including the "
24329
"following line: <placeholder-1/>"
24269
#: serverguide/C/installation.xml:1235(para)
24332
#: serverguide/C/installation.xml:1308(para)
24270
24333
msgid "A reboot is then needed."
24273
#: serverguide/C/installation.xml:1244(para)
24336
#: serverguide/C/installation.xml:1317(para)
24275
24338
"To confirm that the kernel dump mechanism is enabled, there are a few things "
24276
24339
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
24303
#: serverguide/C/installation.xml:1258(para)
24366
#: serverguide/C/installation.xml:1331(para)
24305
24368
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24306
24369
"<placeholder-1/>"
24309
#: serverguide/C/installation.xml:1268(programlisting)
24372
#: serverguide/C/installation.xml:1341(programlisting)
24313
24376
"crashkernel=384M-2G:64M,2G-:128M\n"
24316
#: serverguide/C/installation.xml:1266(para)
24379
#: serverguide/C/installation.xml:1339(para)
24318
24381
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24319
24382
"we would have : <placeholder-1/>"
24322
#: serverguide/C/installation.xml:1273(para)
24385
#: serverguide/C/installation.xml:1346(para)
24323
24386
msgid "The above value means:"
24326
#: serverguide/C/installation.xml:1275(para)
24389
#: serverguide/C/installation.xml:1348(para)
24328
24391
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24329
24392
"\"rescue\" case)"
24332
#: serverguide/C/installation.xml:1277(para)
24395
#: serverguide/C/installation.xml:1350(para)
24333
24396
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24336
#: serverguide/C/installation.xml:1278(para)
24399
#: serverguide/C/installation.xml:1351(para)
24337
24400
msgid "if the RAM size is larger than 2G, then reserve 128M"
24340
#: serverguide/C/installation.xml:1281(para)
24403
#: serverguide/C/installation.xml:1354(para)
24342
24405
"Second, verify that the kernel has reserved the requested memory area for "
24343
24406
"the kdump kernel by doing:"
24346
#: serverguide/C/installation.xml:1286(command)
24409
#: serverguide/C/installation.xml:1359(command)
24347
24410
msgid "dmesg | grep -i crash"
24350
#: serverguide/C/installation.xml:1287(computeroutput)
24413
#: serverguide/C/installation.xml:1360(computeroutput)
24998
25061
"your vendor documentation to configure your specific iSCSI target."
25001
#: serverguide/C/file-server.xml:471(title)
25064
#: serverguide/C/file-server.xml:470(title)
25002
25065
msgid "iSCSI Initiator Install"
25005
#: serverguide/C/file-server.xml:473(para)
25068
#: serverguide/C/file-server.xml:472(para)
25007
25070
"To configure Ubuntu Server as an iSCSI initiator install the "
25008
25071
"<application>open-iscsi</application> package. In a terminal enter:"
25011
#: serverguide/C/file-server.xml:478(command)
25074
#: serverguide/C/file-server.xml:477(command)
25012
25075
msgid "sudo apt-get install open-iscsi"
25015
#: serverguide/C/file-server.xml:483(title)
25078
#: serverguide/C/file-server.xml:482(title)
25016
25079
msgid "iSCSI Initiator Configuration"
25019
#: serverguide/C/file-server.xml:485(para)
25082
#: serverguide/C/file-server.xml:484(para)
25021
25084
"Once the <application>open-iscsi</application> package is installed, edit "
25022
25085
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
25025
#: serverguide/C/file-server.xml:489(programlisting)
25088
#: serverguide/C/file-server.xml:488(programlisting)
25029
25092
"node.startup = automatic\n"
25032
#: serverguide/C/file-server.xml:493(para)
25095
#: serverguide/C/file-server.xml:492(para)
25034
25097
"You can check which targets are available by using the "
25035
25098
"<application>iscsiadm</application> utility. Enter the following in a "
25039
#: serverguide/C/file-server.xml:498(command)
25102
#: serverguide/C/file-server.xml:497(command)
25040
25103
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
25106
#: serverguide/C/file-server.xml:501(para)
25108
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
25043
25111
#: serverguide/C/file-server.xml:502(para)
25045
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
25112
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
25048
25115
#: serverguide/C/file-server.xml:503(para)
25049
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
25052
#: serverguide/C/file-server.xml:504(para)
25053
25116
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
25056
#: serverguide/C/file-server.xml:508(para)
25119
#: serverguide/C/file-server.xml:507(para)
25058
25121
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
25059
25122
"your network."
25062
#: serverguide/C/file-server.xml:513(para)
25125
#: serverguide/C/file-server.xml:512(para)
25064
25127
"If the target is available you should see output similar to the following:"
25067
#: serverguide/C/file-server.xml:518(computeroutput)
25130
#: serverguide/C/file-server.xml:517(computeroutput)
25071
25134
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
25074
#: serverguide/C/file-server.xml:524(para)
25137
#: serverguide/C/file-server.xml:523(para)
25076
25139
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
25077
25140
"on your hardware."
25080
#: serverguide/C/file-server.xml:529(para)
25143
#: serverguide/C/file-server.xml:528(para)
25082
25145
"You should now be able to connect to the iSCSI target, and depending on your "
25083
25146
"target setup you may have to enter user credentials. Login to the iSCSI node:"
25086
#: serverguide/C/file-server.xml:535(command)
25149
#: serverguide/C/file-server.xml:534(command)
25087
25150
msgid "sudo iscsiadm -m node --login"
25090
#: serverguide/C/file-server.xml:538(para)
25153
#: serverguide/C/file-server.xml:537(para)
25092
25155
"Check to make sure that the new disk has been detected using "
25093
25156
"<application>dmesg</application>:"
25096
#: serverguide/C/file-server.xml:543(command)
25159
#: serverguide/C/file-server.xml:542(command)
25097
25160
msgid "dmesg | grep sd"
25100
#: serverguide/C/file-server.xml:544(computeroutput)
25163
#: serverguide/C/file-server.xml:543(computeroutput)
25126
25189
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
25129
#: serverguide/C/file-server.xml:568(para)
25192
#: serverguide/C/file-server.xml:567(para)
25131
25194
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
25132
25195
"this is just an example; the output you see on your screen will vary."
25135
#: serverguide/C/file-server.xml:573(para)
25198
#: serverguide/C/file-server.xml:572(para)
25137
25200
"Next, create a partition, format the file system, and mount the new iSCSI "
25138
25201
"disk. In a terminal enter:"
25204
#: serverguide/C/file-server.xml:577(command)
25205
msgid "sudo fdisk /dev/sdb"
25141
25208
#: serverguide/C/file-server.xml:578(command)
25142
msgid "sudo fdisk /dev/sdb"
25145
25212
#: serverguide/C/file-server.xml:579(command)
25149
25216
#: serverguide/C/file-server.xml:580(command)
25153
25220
#: serverguide/C/file-server.xml:581(command)
25157
#: serverguide/C/file-server.xml:582(command)
25161
#: serverguide/C/file-server.xml:586(para)
25224
#: serverguide/C/file-server.xml:585(para)
25163
25226
"The above commands are from inside the <application>fdisk</application> "
25164
25227
"utility; see <command>man fdisk</command> for more detailed instructions. "
25169
#: serverguide/C/file-server.xml:592(para)
25232
#: serverguide/C/file-server.xml:591(para)
25171
25234
"Now format the file system and mount it to <filename>/srv</filename> as an "
25238
#: serverguide/C/file-server.xml:596(command)
25239
msgid "sudo mkfs.ext4 /dev/sdb1"
25175
25242
#: serverguide/C/file-server.xml:597(command)
25176
msgid "sudo mkfs.ext4 /dev/sdb1"
25179
#: serverguide/C/file-server.xml:598(command)
25180
25243
msgid "sudo mount /dev/sdb1 /srv"
25183
#: serverguide/C/file-server.xml:602(para)
25246
#: serverguide/C/file-server.xml:601(para)
25185
25248
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
25186
25249
"drive during boot:"
25189
#: serverguide/C/file-server.xml:606(programlisting)
25252
#: serverguide/C/file-server.xml:605(programlisting)
25193
25256
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
25196
#: serverguide/C/file-server.xml:610(para)
25259
#: serverguide/C/file-server.xml:609(para)
25198
25261
"It is a good idea to make sure everything is working as expected by "
25199
25262
"rebooting the server."
25202
#: serverguide/C/file-server.xml:619(ulink)
25265
#: serverguide/C/file-server.xml:618(ulink)
25203
25266
msgid "Open-iSCSI Website"
25206
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25269
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
25207
25270
msgid "Debian Open-iSCSI page"
25210
#: serverguide/C/file-server.xml:629(title)
25273
#: serverguide/C/file-server.xml:628(title)
25211
25274
msgid "CUPS - Print Server"
25212
25275
msgstr "CUPS - Server Print"
25214
#: serverguide/C/file-server.xml:630(para)
25277
#: serverguide/C/file-server.xml:629(para)
25216
25279
"The primary mechanism for Ubuntu printing and print services is the "
25217
25280
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25673
25736
"ns IN A 192.168.1.10\n"
25676
#: serverguide/C/dns.xml:177(para)
25739
#: serverguide/C/dns.xml:181(para)
25678
25741
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25679
25742
"make changes to the zone file. If you make multiple changes before "
25680
25743
"restarting BIND9, simply increment the Serial once."
25683
#: serverguide/C/dns.xml:181(para)
25746
#: serverguide/C/dns.xml:185(para)
25685
25748
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25686
25749
"linkend=\"dns-record-types\"/> for details."
25689
#: serverguide/C/dns.xml:185(para)
25752
#: serverguide/C/dns.xml:189(para)
25691
25754
"Many admins like to use the last date edited as the serial of a zone, such "
25692
25755
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25693
25756
"<emphasis>ss</emphasis> is the Serial Number)"
25696
#: serverguide/C/dns.xml:190(para)
25759
#: serverguide/C/dns.xml:194(para)
25698
25761
"Once you have made changes to the zone file <application>BIND9</application> "
25699
25762
"needs to be restarted for the changes to take effect:"
25702
#: serverguide/C/dns.xml:199(title)
25765
#: serverguide/C/dns.xml:203(title)
25703
25766
msgid "Reverse Zone File"
25706
#: serverguide/C/dns.xml:200(para)
25769
#: serverguide/C/dns.xml:204(para)
25708
25771
"Now that the zone is setup and resolving names to IP Adresses a "
25709
25772
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25710
25773
"DNS to resolve an address to a name."
25713
#: serverguide/C/dns.xml:204(para)
25776
#: serverguide/C/dns.xml:208(para)
25714
25777
msgid "Edit /etc/bind/named.conf.local and add the following:"
25717
#: serverguide/C/dns.xml:207(programlisting)
25780
#: serverguide/C/dns.xml:211(programlisting)
25967
26030
"to RESOLVCONF=yes."
25970
#: serverguide/C/dns.xml:389(para)
26033
#: serverguide/C/dns.xml:398(para)
25972
26035
"You should also add the IP Address of the Secondary nameserver in case the "
25973
26036
"Primary becomes unavailable."
25976
#: serverguide/C/dns.xml:395(title)
26039
#: serverguide/C/dns.xml:404(title)
25980
#: serverguide/C/dns.xml:396(para)
26043
#: serverguide/C/dns.xml:405(para)
25982
26045
"If you installed the <application>dnsutils</application> package you can "
25983
26046
"test your setup using the DNS lookup utility <application>dig</application>:"
25986
#: serverguide/C/dns.xml:402(para)
26049
#: serverguide/C/dns.xml:411(para)
25988
26051
"After installing <application>BIND9</application> use "
25989
26052
"<application>dig</application> against the loopback interface to make sure "
25990
26053
"it is listening on port 53. From a terminal prompt:"
25993
#: serverguide/C/dns.xml:407(command)
26056
#: serverguide/C/dns.xml:416(command)
25994
26057
msgid "dig -x 127.0.0.1"
25997
#: serverguide/C/dns.xml:409(para)
26060
#: serverguide/C/dns.xml:418(para)
25998
26061
msgid "You should see lines similar to the following in the command output:"
26001
#: serverguide/C/dns.xml:412(programlisting)
26064
#: serverguide/C/dns.xml:421(programlisting)
26006
26069
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
26009
#: serverguide/C/dns.xml:418(para)
26072
#: serverguide/C/dns.xml:427(para)
26011
26074
"If you have configured <application>BIND9</application> as a "
26012
26075
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
26013
26076
"the query time:"
26016
#: serverguide/C/dns.xml:423(command)
26079
#: serverguide/C/dns.xml:432(command)
26017
26080
msgid "dig ubuntu.com"
26020
#: serverguide/C/dns.xml:425(para)
26083
#: serverguide/C/dns.xml:434(para)
26021
26084
msgid "Note the query time toward the end of the command output:"
26024
#: serverguide/C/dns.xml:428(programlisting)
26087
#: serverguide/C/dns.xml:437(programlisting)
26028
26091
";; Query time: 49 msec\n"
26031
#: serverguide/C/dns.xml:431(para)
26094
#: serverguide/C/dns.xml:440(para)
26032
26095
msgid "After a second dig there should be improvement:"
26035
#: serverguide/C/dns.xml:434(programlisting)
26098
#: serverguide/C/dns.xml:443(programlisting)
26039
26102
";; Query time: 1 msec\n"
26042
#: serverguide/C/dns.xml:441(title)
26105
#: serverguide/C/dns.xml:450(title)
26046
#: serverguide/C/dns.xml:443(para)
26109
#: serverguide/C/dns.xml:452(para)
26048
26111
"Now to demonstrate how applications make use of DNS to resolve a host name "
26049
26112
"use the <application>ping</application> utility to send an ICMP echo "
26050
26113
"request. From a terminal prompt enter:"
26053
#: serverguide/C/dns.xml:449(command)
26116
#: serverguide/C/dns.xml:458(command)
26054
26117
msgid "ping example.com"
26057
#: serverguide/C/dns.xml:451(para)
26120
#: serverguide/C/dns.xml:460(para)
26059
26122
"This tests if the nameserver can resolve the name "
26060
26123
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
26061
26124
"should resemble:"
26064
#: serverguide/C/dns.xml:455(programlisting)
26127
#: serverguide/C/dns.xml:464(programlisting)
26200
#: serverguide/C/dns.xml:556(para)
26263
#: serverguide/C/dns.xml:565(para)
26202
26265
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
26203
26266
"level isn't specified level 1 is the default."
26206
#: serverguide/C/dns.xml:562(para)
26269
#: serverguide/C/dns.xml:571(para)
26208
26271
"Since the <emphasis>named daemon</emphasis> runs as the "
26209
26272
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
26210
26273
"file must be created and the ownership changed:"
26213
#: serverguide/C/dns.xml:567(command)
26276
#: serverguide/C/dns.xml:576(command)
26214
26277
msgid "sudo touch /var/log/query.log"
26217
#: serverguide/C/dns.xml:568(command)
26280
#: serverguide/C/dns.xml:577(command)
26218
26281
msgid "sudo chown bind /var/log/query.log"
26221
#: serverguide/C/dns.xml:572(para)
26284
#: serverguide/C/dns.xml:581(para)
26223
26286
"Before <application>named</application> daemon can write to the new log file "
26224
26287
"the <application>AppArmor</application> profile must be updated. First, edit "
26225
26288
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
26228
#: serverguide/C/dns.xml:576(programlisting)
26291
#: serverguide/C/dns.xml:585(programlisting)
26232
26295
"/var/log/query.log w,\n"
26235
#: serverguide/C/dns.xml:579(para)
26298
#: serverguide/C/dns.xml:588(para)
26236
26299
msgid "Next, reload the profile:"
26239
#: serverguide/C/dns.xml:583(command)
26302
#: serverguide/C/dns.xml:592(command)
26240
26303
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
26243
#: serverguide/C/dns.xml:585(para)
26306
#: serverguide/C/dns.xml:594(para)
26245
26308
"For more information on <application>AppArmor</application> see <xref "
26246
26309
"linkend=\"apparmor\"/>"
26249
#: serverguide/C/dns.xml:590(para)
26312
#: serverguide/C/dns.xml:599(para)
26251
26314
"Now restart <application>BIND9</application> for the changes to take effect:"
26254
#: serverguide/C/dns.xml:598(para)
26317
#: serverguide/C/dns.xml:607(para)
26256
26319
"You should see the file <filename>/var/log/query.log</filename> fill with "
26257
26320
"query information. This is a simple example of the "
26259
26322
"options see <xref linkend=\"dns-more-info\"/>."
26262
#: serverguide/C/dns.xml:607(title)
26325
#: serverguide/C/dns.xml:616(title)
26263
26326
msgid "Common Record Types"
26266
#: serverguide/C/dns.xml:608(para)
26329
#: serverguide/C/dns.xml:617(para)
26267
26330
msgid "This section covers some of the most common DNS record types."
26270
#: serverguide/C/dns.xml:613(para)
26333
#: serverguide/C/dns.xml:622(para)
26272
26335
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26275
#: serverguide/C/dns.xml:616(programlisting)
26338
#: serverguide/C/dns.xml:625(programlisting)
26279
26342
"www IN A 192.168.1.12\n"
26282
#: serverguide/C/dns.xml:621(para)
26345
#: serverguide/C/dns.xml:630(para)
26284
26347
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26285
26348
"record. You cannot create a CNAME record pointing to another CNAME record."
26288
#: serverguide/C/dns.xml:624(programlisting)
26351
#: serverguide/C/dns.xml:633(programlisting)
26292
26355
"web IN CNAME www\n"
26295
#: serverguide/C/dns.xml:629(para)
26358
#: serverguide/C/dns.xml:638(para)
26297
26360
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26298
26361
"to. Must point to an A record, not a CNAME."
26301
#: serverguide/C/dns.xml:632(programlisting)
26364
#: serverguide/C/dns.xml:641(programlisting)
26537
26600
"Components</link> describes the components of the DM-Multipath package."
26540
#: serverguide/C/dm-multipath.xml:184(title)
26603
#: serverguide/C/dm-multipath.xml:183(title)
26541
26604
msgid "DM-Multipath Setup Overview"
26544
#: serverguide/C/dm-multipath.xml:191(para)
26607
#: serverguide/C/dm-multipath.xml:190(para)
26546
26609
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26547
26610
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26550
#: serverguide/C/dm-multipath.xml:197(para)
26613
#: serverguide/C/dm-multipath.xml:196(para)
26552
26615
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26553
26616
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26556
#: serverguide/C/dm-multipath.xml:203(para)
26619
#: serverguide/C/dm-multipath.xml:202(para)
26558
26621
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26559
26622
"configuration file to modify default values and save the updated file."
26562
#: serverguide/C/dm-multipath.xml:209(para)
26625
#: serverguide/C/dm-multipath.xml:208(para)
26563
26626
msgid "Start the multipath daemon"
26566
#: serverguide/C/dm-multipath.xml:213(para)
26629
#: serverguide/C/dm-multipath.xml:212(para)
26567
26630
msgid "Update initial ramdisk"
26570
#: serverguide/C/dm-multipath.xml:186(para)
26633
#: serverguide/C/dm-multipath.xml:185(para)
26572
26635
"DM-Multipath includes compiled-in default settings that are suitable for "
26573
26636
"common multipath configurations. Setting up DM-multipath is often a simple "
26677
#: serverguide/C/dm-multipath.xml:313(para)
26740
#: serverguide/C/dm-multipath.xml:312(para)
26678
26741
msgid "Set up all of the multipath devices on one machine."
26681
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26744
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26683
26746
"Disable all of your multipath devices on your other machines by running the "
26684
26747
"following commands:"
26687
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26750
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26690
26753
"# service multipath-tools stop\n"
26691
26754
"# multipath -F\n"
26694
#: serverguide/C/dm-multipath.xml:326(para)
26757
#: serverguide/C/dm-multipath.xml:325(para)
26696
26759
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26697
26760
"machine to all the other machines in the cluster."
26700
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26763
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26702
26765
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26703
26766
"running the following command:"
26706
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26769
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26708
26771
msgid "# service multipath-tools start"
26711
#: serverguide/C/dm-multipath.xml:339(para)
26774
#: serverguide/C/dm-multipath.xml:338(para)
26712
26775
msgid "If you add a new device, you will need to repeat this process."
26715
#: serverguide/C/dm-multipath.xml:342(para)
26778
#: serverguide/C/dm-multipath.xml:341(para)
26717
26780
"Similarly, if you configure an alias for a device that you would like to be "
26718
26781
"consistent across the nodes in the cluster, you should ensure that the "
26801
26864
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26804
#: serverguide/C/dm-multipath.xml:436(title)
26867
#: serverguide/C/dm-multipath.xml:435(title)
26805
26868
msgid "Setting up DM-Multipath Overview"
26808
#: serverguide/C/dm-multipath.xml:438(para)
26871
#: serverguide/C/dm-multipath.xml:437(para)
26810
26873
"This section provides step-by-step example procedures for configuring DM-"
26811
26874
"Multipath. It includes the following procedures:"
26814
#: serverguide/C/dm-multipath.xml:443(para)
26877
#: serverguide/C/dm-multipath.xml:442(para)
26815
26878
msgid "Basic DM-Multipath setup"
26818
#: serverguide/C/dm-multipath.xml:447(para)
26881
#: serverguide/C/dm-multipath.xml:446(para)
26819
26882
msgid "Ignoring local disks"
26822
#: serverguide/C/dm-multipath.xml:451(para)
26885
#: serverguide/C/dm-multipath.xml:450(para)
26823
26886
msgid "Adding more devices to the configuration file"
26826
#: serverguide/C/dm-multipath.xml:456(title)
26889
#: serverguide/C/dm-multipath.xml:455(title)
26827
26890
msgid "Setting Up DM-Multipath"
26830
#: serverguide/C/dm-multipath.xml:458(para)
26893
#: serverguide/C/dm-multipath.xml:457(para)
26832
26895
"Before setting up DM-Multipath on your system, ensure that your system has "
26833
26896
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
27117
27180
"can leave them commented out, as they are in the initial file."
27120
#: serverguide/C/dm-multipath.xml:724(para)
27183
#: serverguide/C/dm-multipath.xml:723(para)
27121
27184
msgid "The configuration file allows regular expression description syntax."
27124
#: serverguide/C/dm-multipath.xml:727(para)
27187
#: serverguide/C/dm-multipath.xml:726(para)
27126
27189
"An annotated version of the configuration file can be found in "
27127
27190
"<filename><filename>/usr/share/doc/multipath-"
27128
27191
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
27131
#: serverguide/C/dm-multipath.xml:731(title)
27194
#: serverguide/C/dm-multipath.xml:730(title)
27132
27195
msgid "Configuration File Overview"
27135
#: serverguide/C/dm-multipath.xml:733(para)
27198
#: serverguide/C/dm-multipath.xml:732(para)
27137
27200
"The multipath configuration file is divided into the following sections:"
27140
#: serverguide/C/dm-multipath.xml:738(emphasis)
27203
#: serverguide/C/dm-multipath.xml:737(emphasis)
27141
27204
msgid "blacklist"
27144
#: serverguide/C/dm-multipath.xml:741(para)
27207
#: serverguide/C/dm-multipath.xml:740(para)
27146
27209
"Listing of specific devices that will not be considered for multipath."
27149
#: serverguide/C/dm-multipath.xml:747(emphasis)
27212
#: serverguide/C/dm-multipath.xml:746(emphasis)
27150
27213
msgid "blacklist_exceptions"
27153
#: serverguide/C/dm-multipath.xml:750(para)
27216
#: serverguide/C/dm-multipath.xml:749(para)
27155
27218
"Listing of multipath candidates that would otherwise be blacklisted "
27156
27219
"according to the parameters of the blacklist section."
27159
#: serverguide/C/dm-multipath.xml:757(emphasis)
27222
#: serverguide/C/dm-multipath.xml:756(emphasis)
27160
27223
msgid "defaults"
27163
#: serverguide/C/dm-multipath.xml:760(para)
27226
#: serverguide/C/dm-multipath.xml:759(para)
27164
27227
msgid "General default settings for DM-Multipath."
27167
#: serverguide/C/dm-multipath.xml:768(para)
27230
#: serverguide/C/dm-multipath.xml:767(para)
27169
27232
"Settings for the characteristics of individual multipath devices. These "
27170
27233
"values overwrite what is specified in the <emphasis "
27188
#: serverguide/C/dm-multipath.xml:789(para)
27251
#: serverguide/C/dm-multipath.xml:788(para)
27190
27253
"When the system determines the attributes of a multipath device, first it "
27191
27254
"checks the multipath settings, then the per devices settings, then the "
27192
27255
"multipath system defaults."
27195
#: serverguide/C/dm-multipath.xml:795(title)
27258
#: serverguide/C/dm-multipath.xml:794(title)
27196
27259
msgid "Configuration File Blacklist"
27199
#: serverguide/C/dm-multipath.xml:797(para)
27262
#: serverguide/C/dm-multipath.xml:796(para)
27201
27264
"The blacklist section of the multipath configuration file specifies the "
27202
27265
"devices that will not be used when the system configures multipath devices. "
27203
27266
"Devices that are blacklisted will not be grouped into a multipath device."
27206
#: serverguide/C/dm-multipath.xml:804(para)
27269
#: serverguide/C/dm-multipath.xml:803(para)
27208
27271
"If you do need to blacklist devices, you can do so according to the "
27209
27272
"following criteria:"
27212
#: serverguide/C/dm-multipath.xml:809(para)
27275
#: serverguide/C/dm-multipath.xml:808(para)
27214
27277
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
27215
27278
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
27218
#: serverguide/C/dm-multipath.xml:815(para)
27281
#: serverguide/C/dm-multipath.xml:814(para)
27220
27283
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
27221
27284
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
27224
#: serverguide/C/dm-multipath.xml:821(para)
27287
#: serverguide/C/dm-multipath.xml:820(para)
27226
27289
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
27227
27290
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
27230
#: serverguide/C/dm-multipath.xml:827(para)
27293
#: serverguide/C/dm-multipath.xml:826(para)
27232
27295
"By default, a variety of device types are blacklisted, even after you "
27233
27296
"comment out the initial blacklist section of the configuration file. For "
27688
27751
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27691
#: serverguide/C/dm-multipath.xml:1326(screen)
27754
#: serverguide/C/dm-multipath.xml:1325(screen)
27693
27756
msgid "# echo 'show config' | multipathd -k"
27696
#: serverguide/C/dm-multipath.xml:1331(title)
27759
#: serverguide/C/dm-multipath.xml:1330(title)
27697
27760
msgid "DM-Multipath Administration and Troubleshooting"
27700
#: serverguide/C/dm-multipath.xml:1334(title)
27763
#: serverguide/C/dm-multipath.xml:1333(title)
27701
27764
msgid "Resizing an Online Multipath Device"
27704
#: serverguide/C/dm-multipath.xml:1336(para)
27767
#: serverguide/C/dm-multipath.xml:1335(para)
27706
27769
"If you need to resize an online multipath device, use the following procedure"
27709
#: serverguide/C/dm-multipath.xml:1341(para)
27772
#: serverguide/C/dm-multipath.xml:1340(para)
27710
27773
msgid "Resize your physical device. This is storage platform specific."
27713
#: serverguide/C/dm-multipath.xml:1346(para)
27776
#: serverguide/C/dm-multipath.xml:1345(para)
27714
27777
msgid "Use the following command to find the paths to the LUN:"
27717
#: serverguide/C/dm-multipath.xml:1348(screen)
27780
#: serverguide/C/dm-multipath.xml:1347(screen)
27719
27782
msgid "# multipath -l"
27722
#: serverguide/C/dm-multipath.xml:1352(para)
27785
#: serverguide/C/dm-multipath.xml:1351(para)
27724
27787
"Resize your paths. For SCSI devices, writing 1 to the "
27725
27788
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27726
27789
"rescan, as in the following command:"
27729
#: serverguide/C/dm-multipath.xml:1356(screen)
27792
#: serverguide/C/dm-multipath.xml:1355(screen)
27731
27794
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27734
#: serverguide/C/dm-multipath.xml:1360(para)
27797
#: serverguide/C/dm-multipath.xml:1359(para)
27736
27799
"Resize your multipath device by running the multipathd resize command:"
27739
#: serverguide/C/dm-multipath.xml:1363(screen)
27802
#: serverguide/C/dm-multipath.xml:1362(screen)
27741
27804
msgid "# multipathd -k 'resize map mpatha'"
27744
#: serverguide/C/dm-multipath.xml:1367(para)
27807
#: serverguide/C/dm-multipath.xml:1366(para)
27745
27808
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27748
#: serverguide/C/dm-multipath.xml:1370(screen)
27811
#: serverguide/C/dm-multipath.xml:1369(screen)
27750
27813
msgid "# resize2fs /dev/mapper/mpatha"
27753
#: serverguide/C/dm-multipath.xml:1376(title)
27816
#: serverguide/C/dm-multipath.xml:1375(title)
27755
27818
"Moving root File Systems from a Single Path Device to a Multipath Device"
27758
#: serverguide/C/dm-multipath.xml:1379(para)
27821
#: serverguide/C/dm-multipath.xml:1378(para)
27760
27823
"This is dramatically simplified by the use of UUIDs to identify devices as "
27761
27824
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
28042
#: serverguide/C/dm-multipath.xml:1614(title)
28105
#: serverguide/C/dm-multipath.xml:1613(title)
28043
28106
msgid "Useful multipath Command Options"
28046
#: serverguide/C/dm-multipath.xml:1623(entry)
28109
#: serverguide/C/dm-multipath.xml:1622(entry)
28047
28110
msgid "Option"
28050
#: serverguide/C/dm-multipath.xml:1630(emphasis)
28113
#: serverguide/C/dm-multipath.xml:1629(emphasis)
28054
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
28117
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
28055
28118
msgid "sysfs"
28058
#: serverguide/C/dm-multipath.xml:1631(entry)
28121
#: serverguide/C/dm-multipath.xml:1630(entry)
28060
28123
"Display the current multipath configuration gathered from <placeholder-1/> "
28061
28124
"and the device mapper."
28064
#: serverguide/C/dm-multipath.xml:1637(emphasis)
28127
#: serverguide/C/dm-multipath.xml:1636(emphasis)
28068
#: serverguide/C/dm-multipath.xml:1638(entry)
28131
#: serverguide/C/dm-multipath.xml:1637(entry)
28070
28133
"Display the current multipath configuration gathered from <placeholder-1/>, "
28071
28134
"the device mapper, and all other available components on the system."
28074
#: serverguide/C/dm-multipath.xml:1644(emphasis)
28137
#: serverguide/C/dm-multipath.xml:1643(emphasis)
28075
28138
msgid "-f device"
28078
#: serverguide/C/dm-multipath.xml:1645(entry)
28141
#: serverguide/C/dm-multipath.xml:1644(entry)
28079
28142
msgid "Remove the named multipath device."
28082
#: serverguide/C/dm-multipath.xml:1649(emphasis)
28145
#: serverguide/C/dm-multipath.xml:1648(emphasis)
28086
#: serverguide/C/dm-multipath.xml:1650(entry)
28149
#: serverguide/C/dm-multipath.xml:1649(entry)
28087
28150
msgid "Remove all unused multipath devices."
28090
#: serverguide/C/dm-multipath.xml:1658(title)
28153
#: serverguide/C/dm-multipath.xml:1657(title)
28091
28154
msgid "Determining Device Mapper Entries with dmsetup Command"
28094
#: serverguide/C/dm-multipath.xml:1660(para)
28157
#: serverguide/C/dm-multipath.xml:1659(para)
28096
28159
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
28097
28160
"out which device mapper entries match the <emphasis "
28098
28161
"role=\"bold\">multipathed</emphasis> devices."
28101
#: serverguide/C/dm-multipath.xml:1664(para)
28164
#: serverguide/C/dm-multipath.xml:1663(para)
28103
28166
"The following command displays all the device mapper devices and their major "
28104
28167
"and minor numbers. The minor numbers determine the name of the dm device. "
28289
28352
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
28292
#: serverguide/C/databases.xml:87(programlisting)
28355
#: serverguide/C/databases.xml:80(programlisting)
28296
28359
"bind-address = 192.168.0.5\n"
28299
#: serverguide/C/databases.xml:91(para)
28362
#: serverguide/C/databases.xml:84(para)
28300
28363
msgid "Replace 192.168.0.5 with the appropriate address."
28303
#: serverguide/C/databases.xml:95(para)
28366
#: serverguide/C/databases.xml:88(para)
28305
28368
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28306
28369
"daemon will need to be restarted:"
28309
#: serverguide/C/databases.xml:102(para)
28372
#: serverguide/C/databases.xml:95(para)
28311
28374
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28312
28375
"a terminal enter:"
28315
#: serverguide/C/databases.xml:107(command)
28378
#: serverguide/C/databases.xml:100(command)
28316
28379
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28319
#: serverguide/C/databases.xml:109(para)
28382
#: serverguide/C/databases.xml:102(para)
28321
28384
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28325
#: serverguide/C/databases.xml:114(title)
28388
#: serverguide/C/databases.xml:107(title)
28326
28389
msgid "Database Engines"
28329
#: serverguide/C/databases.xml:115(para)
28392
#: serverguide/C/databases.xml:108(para)
28331
28394
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28332
28395
"perfectly functional and performs well there are things you may wish to "
28333
28396
"consider before you proceed."
28336
#: serverguide/C/databases.xml:119(para)
28399
#: serverguide/C/databases.xml:112(para)
28338
28401
"MySQL is designed to allow data to be stored in different ways. These "
28339
28402
"methods are referred to as either database or storage engines. There are two "
29656
29719
#: serverguide/C/backups.xml:153(para)
29658
29721
"The simplest way of executing the above backup script is to copy and paste "
29659
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29660
"from a terminal prompt:"
29722
"the contents into a file. <filename>backup.sh</filename> for example. The "
29723
"file must be made executable:"
29663
29726
#: serverguide/C/backups.xml:158(command)
29664
msgid "sudo bash backup.sh"
29727
msgid "chmod u+x backup.sh"
29667
29730
#: serverguide/C/backups.xml:160(para)
29731
msgid "Then from a terminal prompt:"
29734
#: serverguide/C/backups.xml:164(command)
29735
msgid "sudo ./backup.sh"
29738
#: serverguide/C/backups.xml:166(para)
29669
29740
"This is a great way to test the script to make sure everything works as "
29673
#: serverguide/C/backups.xml:165(title)
29744
#: serverguide/C/backups.xml:171(title)
29674
29745
msgid "Executing with cron"
29677
#: serverguide/C/backups.xml:166(para)
29748
#: serverguide/C/backups.xml:172(para)
29679
29750
"The <application>cron</application> utility can be used to automate the "
29680
29751
"script execution. The <application>cron</application> daemon allows the "
29681
29752
"execution of scripts, or commands, at a specified time and date."
29684
#: serverguide/C/backups.xml:170(para)
29755
#: serverguide/C/backups.xml:176(para)
29686
29757
"<application>cron</application> is configured through entries in a "
29687
29758
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29688
29759
"separated into fields:"
29691
#: serverguide/C/backups.xml:174(programlisting)
29762
#: serverguide/C/backups.xml:180(programlisting)
29695
29766
"# m h dom mon dow command\n"
29698
#: serverguide/C/backups.xml:179(para)
29769
#: serverguide/C/backups.xml:185(para)
29700
29771
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29703
#: serverguide/C/backups.xml:184(para)
29774
#: serverguide/C/backups.xml:190(para)
29705
29776
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29708
#: serverguide/C/backups.xml:189(para)
29779
#: serverguide/C/backups.xml:195(para)
29709
29780
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29712
#: serverguide/C/backups.xml:194(para)
29783
#: serverguide/C/backups.xml:200(para)
29714
29785
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29718
#: serverguide/C/backups.xml:199(para)
29789
#: serverguide/C/backups.xml:205(para)
29720
29791
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29721
29792
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29725
#: serverguide/C/backups.xml:204(para)
29796
#: serverguide/C/backups.xml:210(para)
29726
29797
msgid "<emphasis>command:</emphasis> the command to execute."
29729
#: serverguide/C/backups.xml:209(para)
29800
#: serverguide/C/backups.xml:215(para)
29731
29802
"To add or change entries in a <filename>crontab</filename> file the "
29732
29803
"<application>crontab -e</application> command should be used. Also, the "
29779
29850
"simply change the script path appropriately."
29782
#: serverguide/C/backups.xml:242(para)
29853
#: serverguide/C/backups.xml:248(para)
29784
29855
"For more in-depth <application>crontab</application> options see <xref "
29785
29856
"linkend=\"backup-shellscript-references\"/>."
29788
#: serverguide/C/backups.xml:248(title)
29859
#: serverguide/C/backups.xml:254(title)
29789
29860
msgid "Restoring from the Archive"
29792
#: serverguide/C/backups.xml:249(para)
29863
#: serverguide/C/backups.xml:255(para)
29794
29865
"Once an archive has been created it is important to test the archive. The "
29795
29866
"archive can be tested by listing the files it contains, but the best test is "
29796
29867
"to <emphasis>restore</emphasis> a file from the archive."
29799
#: serverguide/C/backups.xml:255(para)
29870
#: serverguide/C/backups.xml:261(para)
29801
29872
"To see a listing of the archive contents. From a terminal prompt type:"
29804
#: serverguide/C/backups.xml:259(command)
29875
#: serverguide/C/backups.xml:265(command)
29805
29876
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29808
#: serverguide/C/backups.xml:263(para)
29879
#: serverguide/C/backups.xml:269(para)
29809
29880
msgid "To restore a file from the archive to a different directory enter:"
29812
#: serverguide/C/backups.xml:267(command)
29883
#: serverguide/C/backups.xml:273(command)
29813
29884
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29816
#: serverguide/C/backups.xml:269(para)
29887
#: serverguide/C/backups.xml:275(para)
29818
29889
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29819
29890
"redirects the extracted files to the specified directory. The above example "
29822
29893
"recreates the directory structure that it contains."
29825
#: serverguide/C/backups.xml:274(para)
29896
#: serverguide/C/backups.xml:280(para)
29827
29898
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29828
29899
"the file to restore."
29831
#: serverguide/C/backups.xml:279(para)
29902
#: serverguide/C/backups.xml:285(para)
29832
29903
msgid "To restore all files in the archive enter the following:"
29835
#: serverguide/C/backups.xml:283(command)
29906
#: serverguide/C/backups.xml:289(command)
29839
#: serverguide/C/backups.xml:284(command)
29910
#: serverguide/C/backups.xml:290(command)
29840
29911
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29843
#: serverguide/C/backups.xml:289(para)
29914
#: serverguide/C/backups.xml:295(para)
29844
29915
msgid "This will overwrite the files currently on the file system."
29847
#: serverguide/C/backups.xml:298(para)
29918
#: serverguide/C/backups.xml:304(para)
29849
29920
"For more information on shell scripting see the <ulink "
29850
29921
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29853
#: serverguide/C/backups.xml:303(para)
29924
#: serverguide/C/backups.xml:309(para)
29855
29926
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29856
29927
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29857
29928
"great resource for shell scripting."
29860
#: serverguide/C/backups.xml:309(para)
29931
#: serverguide/C/backups.xml:315(para)
29862
29933
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29863
29934
"Wiki Page</ulink> contains details on advanced "
29864
29935
"<application>cron</application> options."
29867
#: serverguide/C/backups.xml:316(para)
29938
#: serverguide/C/backups.xml:322(para)
29869
29940
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29870
29941
"tar Manual</ulink> for more <application>tar</application> options."
29873
#: serverguide/C/backups.xml:322(para)
29944
#: serverguide/C/backups.xml:328(para)
29875
29946
"The Wikipedia <ulink "
29876
29947
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29877
29948
"Scheme</ulink> article contains information on other backup rotation schemes."
29880
#: serverguide/C/backups.xml:328(para)
29951
#: serverguide/C/backups.xml:334(para)
29882
29953
"The shell script uses <application>tar</application> to create the archive, "
29883
29954
"but there many other command line utilities that can be used. For example:"
29886
#: serverguide/C/backups.xml:334(para)
29957
#: serverguide/C/backups.xml:340(para)
29888
29959
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29889
29960
"files to and from archives."
29892
#: serverguide/C/backups.xml:339(para)
29963
#: serverguide/C/backups.xml:345(para)
29894
29965
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29895
29966
"the <application>coreutils</application> package. A low level utility that "
29896
29967
"can copy data from one format to another."
29899
#: serverguide/C/backups.xml:345(para)
29970
#: serverguide/C/backups.xml:351(para)
29901
29972
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29902
29973
"snapshot utility used to create copies of an entire file system."
29905
#: serverguide/C/backups.xml:351(para)
29976
#: serverguide/C/backups.xml:357(para)
29907
29978
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29908
29979
"flexible utility used to create incremental copies of files."
29911
#: serverguide/C/backups.xml:362(title)
29982
#: serverguide/C/backups.xml:368(title)
29912
29983
msgid "Archive Rotation"
29915
#: serverguide/C/backups.xml:363(para)
29986
#: serverguide/C/backups.xml:369(para)
29917
29988
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29918
29989
"seven different archives. For a server whose data doesn't change often, this "
29920
29991
"rotation scheme should be used."
29923
#: serverguide/C/backups.xml:369(title)
29994
#: serverguide/C/backups.xml:375(title)
29924
29995
msgid "Rotating NFS Archives"
29927
#: serverguide/C/backups.xml:370(para)
29998
#: serverguide/C/backups.xml:376(para)
29929
30000
"In this section, the shell script will be slightly modified to implement a "
29930
30001
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29933
#: serverguide/C/backups.xml:376(para)
30004
#: serverguide/C/backups.xml:382(para)
29935
30006
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29939
#: serverguide/C/backups.xml:381(para)
30010
#: serverguide/C/backups.xml:387(para)
29941
30012
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29942
30013
"weekly backups a month."
29945
#: serverguide/C/backups.xml:386(para)
30016
#: serverguide/C/backups.xml:392(para)
29947
30018
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29948
30019
"rotating two monthly backups based on if the month is odd or even."
29951
#: serverguide/C/backups.xml:392(para)
30022
#: serverguide/C/backups.xml:398(para)
29952
30023
msgid "Here is the new script:"
29955
#: serverguide/C/backups.xml:395(programlisting)
30026
#: serverguide/C/backups.xml:401(programlisting)
30141
30212
"network wide solution."
30144
#: serverguide/C/backups.xml:546(para)
30215
#: serverguide/C/backups.xml:552(para)
30146
30217
"<application>Bacula</application> is made up of several components and "
30147
30218
"services used to manage which files to backup and backup locations:"
30150
#: serverguide/C/backups.xml:551(para)
30221
#: serverguide/C/backups.xml:557(para)
30152
30223
"<application>Bacula Director:</application> a service that controls all "
30153
30224
"backup, restore, verify, and archive operations."
30156
#: serverguide/C/backups.xml:556(para)
30227
#: serverguide/C/backups.xml:562(para)
30158
30229
"<application>Bacula Console:</application> an application allowing "
30159
30230
"communication with the Director. There are three versions of the Console:"
30162
#: serverguide/C/backups.xml:561(para)
30233
#: serverguide/C/backups.xml:567(para)
30163
30234
msgid "Text based command line version."
30166
#: serverguide/C/backups.xml:562(para)
30237
#: serverguide/C/backups.xml:568(para)
30167
30238
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
30170
#: serverguide/C/backups.xml:563(para)
30241
#: serverguide/C/backups.xml:569(para)
30171
30242
msgid "wxWidgets GUI interface."
30174
#: serverguide/C/backups.xml:567(para)
30245
#: serverguide/C/backups.xml:573(para)
30176
30247
"<application>Bacula File:</application> also known as the "
30177
30248
"<application>Bacula Client</application> program. This application is "
30193
30264
"different databases MySQL, PostgreSQL, and SQLite."
30196
#: serverguide/C/backups.xml:584(para)
30267
#: serverguide/C/backups.xml:590(para)
30198
30269
"<application>Bacula Monitor:</application> allows the monitoring of the "
30199
30270
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
30200
30271
"available as a GTK+ GUI application."
30203
#: serverguide/C/backups.xml:590(para)
30274
#: serverguide/C/backups.xml:596(para)
30205
30276
"These services and applications can be run on multiple servers and clients, "
30206
30277
"or they can be installed on one machine if backing up a single disk or "
30210
#: serverguide/C/backups.xml:598(para)
30281
#: serverguide/C/backups.xml:604(para)
30212
30283
"If using MySQL or PostgreSQL as your database, you should already have the "
30213
30284
"services available. <application>Bacula</application> will not install them "
30217
#: serverguide/C/backups.xml:603(para)
30288
#: serverguide/C/backups.xml:609(para)
30219
30290
"There are multiple packages containing the different "
30220
30291
"<application>Bacula</application> components. To install Bacula, from a "
30221
30292
"terminal prompt enter:"
30224
#: serverguide/C/backups.xml:608(command)
30295
#: serverguide/C/backups.xml:614(command)
30225
30296
msgid "sudo apt-get install bacula"
30228
#: serverguide/C/backups.xml:610(para)
30299
#: serverguide/C/backups.xml:616(para)
30230
30301
"By default installing the <application>bacula</application> package will use "
30231
30302
"a <application>MySQL</application> database for the Catalog. If you want to "
30600
30671
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
30601
30672
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
30675
#~ "MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
30676
#~ "engine, and licensed under the GNU GPL."
30678
#~ "MoinMoin adalah sebuah sistem Wiki yang diimplementasikan menggunakan "
30679
#~ "Python, berdasarkan sistem Wiki PikiPiki, dan berlisensi GNU GPL."
30682
#~ "You should also install <application>apache2</application> web server. For "
30683
#~ "installing <application>apache2</application> web server, please refer to "
30684
#~ "<xref linkend=\"http-installation\"/> sub-section in <xref "
30685
#~ "linkend=\"httpd\"/> section."
30687
#~ "Anda juga sebaiknya menginstal server web<application>apache2</application>. "
30688
#~ "Untuk menginstal server web <application>apache2</application>, silakan "
30689
#~ "ikuti sub-seksi <xref linkend=\"http-installation\"/> di bagian <xref "
30690
#~ "linkend=\"httpd\"/>."
30693
#~ "For configuring your first Wiki application, please run the following set of "
30694
#~ "commands. Let us assume that you are creating a Wiki named "
30695
#~ "<emphasis>mywiki</emphasis>:"
30697
#~ "Untuk mengkonfigurasi aplikasi Wiki anda yang pertama, jalankan beberapa "
30698
#~ "perintah berikut ini. Diasumsikan <emphasis>mywiki</emphasis> adalah nama "
30699
#~ "Wiki yang anda buat :"
30702
#~ "Now you should configure <application>MoinMoin</application> to find your "
30703
#~ "new Wiki <emphasis>mywiki</emphasis>. To configure "
30704
#~ "<application>MoinMoin</application>, open "
30705
#~ "<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
30707
#~ "Kini anda dapat mengkonfigurasi <application>MoinMoin</application> untuk "
30708
#~ "menemukan Wiki <emphasis>mywiki</emphasis> baru anda. Untuk mengkonfigurasi "
30709
#~ "<application>MoinMoin</application>, buka file "
30710
#~ "<filename>/etc/moin/mywiki.py</filename> dan sesuaikan beberapa baris "
30714
#~ "If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
30715
#~ "insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
30716
#~ "<filename>/etc/moin/farmconfig.py</filename> file after the line "
30717
#~ "<quote>(\"mywiki\", r\".*\")</quote>."
30719
#~ "Jika anda telah memberi nama Wiki anda dengan "
30720
#~ "<emphasis>my_wiki_name</emphasis> anda harus menambahkan baris "
30721
#~ "<quote>(\"my_wiki_name\", r\".*\")</quote> pada file "
30722
#~ "<filename>/etc/moin/farmconfig.py</filename> setelah baris "
30723
#~ "<quote>(\"mywiki\", r\".*\")</quote>."
30726
#~ "Once you have configured <application>MoinMoin</application> to find your "
30727
#~ "first Wiki application <emphasis>mywiki</emphasis>, you should configure "
30728
#~ "<application>apache2</application> and make it ready for your Wiki "
30731
#~ "Setelah anda mengkonfigurasi <application>MoinMoin</application> untuk dapat "
30732
#~ "menggunakan aplikasi Wiki <emphasis>mywiki</emphasis> anda yang pertama, "
30733
#~ "anda juga harus mengkonfigurasi <application>apache2</application> dan "
30734
#~ "membuatnya siap digunakan untuk aplikasi Wiki anda."
30737
#~ "Once you configure the <application>apache2</application> web server and "
30738
#~ "make it ready for your Wiki application, you should restart it. You can run "
30739
#~ "the following command to restart the <application>apache2</application> web "
30742
#~ "Setelah anda mengonfigurasi server web <application>apache2</application> "
30743
#~ "dan membuatnya siap untuk aplikasi Wiki anda, maka langkah selanjutnya anda "
30744
#~ "harus start ulang. Anda dapat menjalankan perintah ini untuk start ulang "
30745
#~ "server server<application>apache2</application>."