333
333
"virtual host file, and remember to create that directory if necessary!"
336
#: serverguide/C/web-servers.xml:265(para)
336
#: serverguide/C/web-servers.xml:278(para)
338
338
"Enable the new <emphasis>VirtualHost</emphasis> using the "
339
339
"<application>a2ensite</application> utility and restart Apache2:"
342
#: serverguide/C/web-servers.xml:271(command)
342
#: serverguide/C/web-servers.xml:284(command)
343
343
msgid "sudo a2ensite mynewsite"
344
344
msgstr "sudo a2ensite mynewsite"
346
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
346
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
347
347
msgid "sudo service apache2 restart"
350
#: serverguide/C/web-servers.xml:276(para)
350
#: serverguide/C/web-servers.xml:289(para)
352
352
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
353
353
"name for the VirtualHost. One method is to name the file after the "
354
354
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
357
#: serverguide/C/web-servers.xml:283(para)
357
#: serverguide/C/web-servers.xml:296(para)
359
359
"Similarly, use the <application>a2dissite</application> utility to disable "
360
360
"sites. This is can be useful when troubleshooting configuration problems "
361
361
"with multiple VirtualHosts:"
364
#: serverguide/C/web-servers.xml:289(command)
364
#: serverguide/C/web-servers.xml:302(command)
365
365
msgid "sudo a2dissite mynewsite"
366
366
msgstr "sudo a2dissite mon_site_novèl"
368
#: serverguide/C/web-servers.xml:295(title)
368
#: serverguide/C/web-servers.xml:308(title)
369
369
msgid "Default Settings"
370
370
msgstr "Paramètres per defaut"
372
#: serverguide/C/web-servers.xml:297(para)
372
#: serverguide/C/web-servers.xml:310(para)
374
374
"This section explains configuration of the Apache2 server default settings. "
375
375
"For example, if you add a virtual host, the settings you configure for the "
585
585
"<emphasis><IfModule></emphasis> block."
588
#: serverguide/C/web-servers.xml:510(para)
588
#: serverguide/C/web-servers.xml:523(para)
590
590
"You can install additional Apache2 modules and use them with your Web "
591
591
"server. For example, run the following command from a terminal prompt to "
592
592
"install the <emphasis>MySQL Authentication</emphasis> module:"
595
#: serverguide/C/web-servers.xml:517(command)
595
#: serverguide/C/web-servers.xml:530(command)
596
596
msgid "sudo apt-get install libapache2-mod-auth-mysql"
597
597
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
599
#: serverguide/C/web-servers.xml:520(para)
599
#: serverguide/C/web-servers.xml:533(para)
601
601
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
602
602
"additional modules."
605
#: serverguide/C/web-servers.xml:524(para)
605
#: serverguide/C/web-servers.xml:537(para)
607
607
"Use the <application>a2enmod</application> utility to enable a module:"
610
#: serverguide/C/web-servers.xml:530(command)
610
#: serverguide/C/web-servers.xml:543(command)
611
611
msgid "sudo a2enmod auth_mysql"
612
612
msgstr "sudo a2enmod auth_mysql"
614
#: serverguide/C/web-servers.xml:534(para)
614
#: serverguide/C/web-servers.xml:547(para)
615
615
msgid "Similarly, <application>a2dismod</application> will disable a module:"
618
#: serverguide/C/web-servers.xml:539(command)
618
#: serverguide/C/web-servers.xml:552(command)
619
619
msgid "sudo a2dismod auth_mysql"
620
620
msgstr "sudo a2dismod auth_mysql"
622
#: serverguide/C/web-servers.xml:546(title)
622
#: serverguide/C/web-servers.xml:559(title)
623
623
msgid "HTTPS Configuration"
624
624
msgstr "Configuracion HTTPS"
626
#: serverguide/C/web-servers.xml:548(para)
626
#: serverguide/C/web-servers.xml:561(para)
628
628
"The <application>mod_ssl</application> module adds an important feature to "
629
629
"the Apache2 server - the ability to encrypt communications. Thus, when your "
737
746
"the official Apache2 docs."
740
#: serverguide/C/web-servers.xml:650(para)
749
#: serverguide/C/web-servers.xml:670(para)
742
751
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
743
752
"Documentation</ulink> site for more SSL related information."
746
#: serverguide/C/web-servers.xml:656(para)
755
#: serverguide/C/web-servers.xml:676(para)
748
757
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
749
758
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
750
759
"configurations."
753
#: serverguide/C/web-servers.xml:662(para)
762
#: serverguide/C/web-servers.xml:682(para)
755
764
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
756
765
"server</emphasis> IRC channel on <ulink "
757
766
"url=\"http://freenode.net/\">freenode.net</ulink>."
760
#: serverguide/C/web-servers.xml:668(para)
769
#: serverguide/C/web-servers.xml:688(para)
762
771
"Usually integrated with PHP and MySQL the <ulink "
763
772
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
764
773
"Ubuntu Wiki </ulink> page is a good resource."
767
#: serverguide/C/web-servers.xml:679(title)
776
#: serverguide/C/web-servers.xml:699(title)
768
777
msgid "PHP5 - Scripting Language"
769
778
msgstr "PHP5 - Lengatge d'escript"
771
#: serverguide/C/web-servers.xml:680(para)
780
#: serverguide/C/web-servers.xml:700(para)
773
782
"PHP is a general-purpose scripting language suited for Web development. The "
774
783
"PHP script can be embedded into HTML. This section explains how to install "
775
784
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
778
#: serverguide/C/web-servers.xml:684(para)
787
#: serverguide/C/web-servers.xml:704(para)
780
789
"This section assumes you have installed and configured Apache2 Web Server "
781
790
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
1116
1125
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1119
#: serverguide/C/web-servers.xml:966(para)
1128
#: serverguide/C/web-servers.xml:985(para)
1121
1130
"Once you have <application>Apache</application> and "
1122
1131
"<application>MySQL</application> packages installed, you are ready to "
1123
1132
"install <application>Ruby on Rails</application> package."
1126
#: serverguide/C/web-servers.xml:973(para)
1135
#: serverguide/C/web-servers.xml:992(para)
1128
1137
"To install the <application>Ruby</application> base packages and "
1129
1138
"<application>Ruby on Rails</application>, you can enter the following "
1130
1139
"command in the terminal prompt:"
1133
#: serverguide/C/web-servers.xml:979(command)
1142
#: serverguide/C/web-servers.xml:998(command)
1134
1143
msgid "sudo apt-get install rails"
1135
1144
msgstr "sudo apt-get install rails"
1137
#: serverguide/C/web-servers.xml:997(para)
1146
#: serverguide/C/web-servers.xml:1004(para)
1139
1148
"Modify the <filename>/etc/apache2/sites-available/000-"
1140
1149
"default.conf</filename> configuration file to setup your domains."
1143
#: serverguide/C/web-servers.xml:989(para)
1152
#: serverguide/C/web-servers.xml:1008(para)
1145
1154
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1148
#: serverguide/C/web-servers.xml:993(programlisting)
1157
#: serverguide/C/web-servers.xml:1012(programlisting)
1200
1209
"used to run the <application>Apache</application> process:"
1203
#: serverguide/C/web-servers.xml:1025(command)
1212
#: serverguide/C/web-servers.xml:1044(command)
1204
1213
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1205
1214
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
1207
#: serverguide/C/web-servers.xml:1026(command)
1216
#: serverguide/C/web-servers.xml:1045(command)
1208
1217
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1209
1218
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1211
#: serverguide/C/web-servers.xml:1029(para)
1220
#: serverguide/C/web-servers.xml:1048(para)
1213
1222
"That's it! Now you have your Server ready for your <application>Ruby on "
1214
1223
"Rails</application> applications."
1217
#: serverguide/C/web-servers.xml:1038(para)
1226
#: serverguide/C/web-servers.xml:1057(para)
1219
1228
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1220
1229
"for more information."
1223
#: serverguide/C/web-servers.xml:1043(para)
1232
#: serverguide/C/web-servers.xml:1062(para)
1225
1234
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1226
1235
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1230
#: serverguide/C/web-servers.xml:1049(para)
1239
#: serverguide/C/web-servers.xml:1068(para)
1232
1241
"Another place for more information is the <ulink "
1233
1242
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1234
1243
"Wiki</ulink> page."
1237
#: serverguide/C/web-servers.xml:1060(title)
1246
#: serverguide/C/web-servers.xml:1079(title)
1238
1247
msgid "Apache Tomcat"
1239
1248
msgstr "Apache Tomcat"
1241
#: serverguide/C/web-servers.xml:1061(para)
1250
#: serverguide/C/web-servers.xml:1080(para)
1243
1252
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1244
1253
"JSP (Java Server Pages) web applications."
1247
#: serverguide/C/web-servers.xml:1075(para)
1256
#: serverguide/C/web-servers.xml:1082(para)
1249
1258
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1250
1259
"legacy version, and Tomcat 7 is the current version where new features are "
1387
1396
"command in the terminal prompt:"
1390
#: serverguide/C/web-servers.xml:1153(command)
1399
#: serverguide/C/web-servers.xml:1160(command)
1391
1400
msgid "sudo apt-get install tomcat7-docs"
1394
#: serverguide/C/web-servers.xml:1142(title)
1403
#: serverguide/C/web-servers.xml:1164(title)
1395
1404
msgid "Tomcat administration webapps"
1396
1405
msgstr "Las aplicacions Web d'administracion per Tomcat"
1398
#: serverguide/C/web-servers.xml:1158(para)
1407
#: serverguide/C/web-servers.xml:1165(para)
1400
1409
"The <application>tomcat7-admin</application> package contains two webapps "
1401
1410
"that can be used to administer the Tomcat server using a web interface. You "
1402
1411
"can install them by entering the following command in the terminal prompt:"
1405
#: serverguide/C/web-servers.xml:1163(command)
1414
#: serverguide/C/web-servers.xml:1170(command)
1406
1415
msgid "sudo apt-get install tomcat7-admin"
1409
#: serverguide/C/web-servers.xml:1150(para)
1418
#: serverguide/C/web-servers.xml:1172(para)
1411
1420
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1412
1421
"access by default at http://yourserver:8080/manager/html. It is primarily "
1413
1422
"used to get server status and restart webapps."
1416
#: serverguide/C/web-servers.xml:1168(para)
1425
#: serverguide/C/web-servers.xml:1175(para)
1418
1427
"Access to the <emphasis>manager</emphasis> application is protected by "
1419
1428
"default: you need to define a user with the role \"manager-gui\" in "
1420
1429
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1423
#: serverguide/C/web-servers.xml:1157(para)
1432
#: serverguide/C/web-servers.xml:1179(para)
1425
1434
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1426
1435
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1427
1436
"used to create virtual hosts dynamically."
1430
#: serverguide/C/web-servers.xml:1176(para)
1439
#: serverguide/C/web-servers.xml:1183(para)
1432
1441
"Access to the <emphasis>host-manager</emphasis> application is also "
1433
1442
"protected by default: you need to define a user with the role \"admin-gui\" "
1482
1491
"system-installed libraries."
1485
#: serverguide/C/web-servers.xml:1200(para)
1494
#: serverguide/C/web-servers.xml:1222(para)
1487
1496
"It is possible to run the system-wide instance and the private instances in "
1488
1497
"parallel, as long as they do not use the same TCP ports."
1491
#: serverguide/C/web-servers.xml:1204(title)
1500
#: serverguide/C/web-servers.xml:1226(title)
1492
1501
msgid "Installing private instance support"
1493
1502
msgstr "Installacion de la gestion de las instaàncias privadas"
1495
#: serverguide/C/web-servers.xml:1205(para)
1504
#: serverguide/C/web-servers.xml:1227(para)
1497
1506
"You can install everything necessary to run private instances by entering "
1498
1507
"the following command in the terminal prompt:"
1501
#: serverguide/C/web-servers.xml:1223(command)
1510
#: serverguide/C/web-servers.xml:1230(command)
1502
1511
msgid "sudo apt-get install tomcat7-user"
1505
#: serverguide/C/web-servers.xml:1212(title)
1514
#: serverguide/C/web-servers.xml:1234(title)
1506
1515
msgid "Creating a private instance"
1507
1516
msgstr "Creacion d'una instància privada"
1509
#: serverguide/C/web-servers.xml:1213(para)
1518
#: serverguide/C/web-servers.xml:1235(para)
1511
1520
"You can create a private instance directory by entering the following "
1512
1521
"command in the terminal prompt:"
1515
#: serverguide/C/web-servers.xml:1231(command)
1524
#: serverguide/C/web-servers.xml:1238(command)
1516
1525
msgid "tomcat7-instance-create my-instance"
1519
#: serverguide/C/web-servers.xml:1218(para)
1528
#: serverguide/C/web-servers.xml:1240(para)
1521
1530
"This will create a new <filename>my-instance</filename> directory with all "
1522
1531
"the necessary subdirectories and scripts. You can for example install your "
1719
#: serverguide/C/vpn.xml:90(para)
1728
#: serverguide/C/vpn.xml:94(para)
1721
1730
"Enter the following to generate the master Certificate Authority (CA) "
1722
1731
"certificate and key:"
1725
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1734
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1726
1735
msgid "cd /etc/openvpn/easy-rsa/"
1729
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1738
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1730
1739
msgid "source vars"
1733
#: serverguide/C/vpn.xml:97(command)
1742
#: serverguide/C/vpn.xml:101(command)
1734
1743
msgid "./clean-all"
1737
#: serverguide/C/vpn.xml:98(command)
1746
#: serverguide/C/vpn.xml:102(command)
1738
1747
msgid "./build-ca"
1741
#: serverguide/C/vpn.xml:103(title)
1750
#: serverguide/C/vpn.xml:107(title)
1742
1751
msgid "Server Certificates"
1745
#: serverguide/C/vpn.xml:105(para)
1754
#: serverguide/C/vpn.xml:109(para)
1746
1755
msgid "Next, we will generate a certificate and private key for the server:"
1749
#: serverguide/C/vpn.xml:110(command)
1758
#: serverguide/C/vpn.xml:114(command)
1750
1759
msgid "./build-key-server myservername"
1753
#: serverguide/C/vpn.xml:113(para)
1762
#: serverguide/C/vpn.xml:117(para)
1755
1764
"As in the previous step, most parameters can be defaulted. Two other queries "
1756
1765
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1757
1766
"certificate requests certified, commit? [y/n]\"."
1760
#: serverguide/C/vpn.xml:117(para)
1769
#: serverguide/C/vpn.xml:121(para)
1761
1770
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1764
#: serverguide/C/vpn.xml:122(command)
1773
#: serverguide/C/vpn.xml:126(command)
1765
1774
msgid "./build-dh"
1768
#: serverguide/C/vpn.xml:125(para)
1777
#: serverguide/C/vpn.xml:129(para)
1770
1779
"All certificates and keys have been generated in the subdirectory keys/. "
1771
1780
"Common practice is to copy them to /etc/openvpn/:"
1774
#: serverguide/C/vpn.xml:129(command)
1783
#: serverguide/C/vpn.xml:133(command)
1775
1784
msgid "cd keys/"
1794
#: serverguide/C/vpn.xml:145(command)
1803
#: serverguide/C/vpn.xml:149(command)
1795
1804
msgid "./build-key client1"
1798
#: serverguide/C/vpn.xml:148(para)
1807
#: serverguide/C/vpn.xml:152(para)
1799
1808
msgid "Copy the following files to the client using a secure method:"
1802
#: serverguide/C/vpn.xml:153(para)
1811
#: serverguide/C/vpn.xml:157(para)
1803
1812
msgid "/etc/openvpn/ca.crt"
1806
#: serverguide/C/vpn.xml:154(para)
1815
#: serverguide/C/vpn.xml:158(para)
1807
1816
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1810
#: serverguide/C/vpn.xml:155(para)
1819
#: serverguide/C/vpn.xml:159(para)
1811
1820
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1814
#: serverguide/C/vpn.xml:158(para)
1823
#: serverguide/C/vpn.xml:162(para)
1816
1825
"As the client certificates and keys are only required on the client machine, "
1817
1826
"you should remove them from the server."
1820
#: serverguide/C/vpn.xml:166(title)
1829
#: serverguide/C/vpn.xml:170(title)
1821
1830
msgid "Simple Server Configuration"
1824
#: serverguide/C/vpn.xml:168(para)
1833
#: serverguide/C/vpn.xml:172(para)
1826
1835
"Along with your <application>OpenVPN</application> installation you got "
1827
1836
"these sample config files (and many more if if you check):"
1830
#: serverguide/C/vpn.xml:172(programlisting)
1839
#: serverguide/C/vpn.xml:176(programlisting)
2078
#: serverguide/C/vpn.xml:322(para)
2087
#: serverguide/C/vpn.xml:350(para)
2080
2089
"Can the client connect to the server machine? Maybe a firewall is blocking "
2081
2090
"access? Check syslog on server."
2084
#: serverguide/C/vpn.xml:325(para)
2093
#: serverguide/C/vpn.xml:353(para)
2086
2095
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2087
2096
"port and proto config option"
2090
#: serverguide/C/vpn.xml:328(para)
2099
#: serverguide/C/vpn.xml:356(para)
2092
2101
"Client and server must use same config regarding compression, see comp-lzo "
2093
2102
"config option"
2096
#: serverguide/C/vpn.xml:331(para)
2105
#: serverguide/C/vpn.xml:359(para)
2098
2107
"Client and server must use same config regarding bridged vs routed mode, see "
2099
2108
"server vs server-bridge config option"
2102
#: serverguide/C/databases.xml:168(title)
2111
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2103
2112
msgid "Advanced configuration"
2106
#: serverguide/C/vpn.xml:342(title)
2115
#: serverguide/C/vpn.xml:369(title)
2107
2116
msgid "Advanced routed VPN configuration on server"
2110
#: serverguide/C/vpn.xml:344(para)
2119
#: serverguide/C/vpn.xml:371(para)
2112
2121
"The above is a very simple working VPN. The client can access services on "
2113
2122
"the VPN server machine through an encrypted tunnel. If you want to reach "
2197
2206
"push \"dhcp-option DNS 10.1.0.2\"\n"
2200
#: serverguide/C/vpn.xml:410(para)
2209
#: serverguide/C/vpn.xml:437(para)
2201
2210
msgid "Allow client to client communication."
2204
#: serverguide/C/vpn.xml:413(programlisting)
2213
#: serverguide/C/vpn.xml:440(programlisting)
2208
2217
"client-to-client\n"
2211
#: serverguide/C/vpn.xml:417(para)
2220
#: serverguide/C/vpn.xml:444(para)
2212
2221
msgid "Enable compression on the VPN link."
2215
#: serverguide/C/vpn.xml:420(programlisting)
2224
#: serverguide/C/vpn.xml:447(programlisting)
2222
#: serverguide/C/vpn.xml:424(para)
2231
#: serverguide/C/vpn.xml:451(para)
2224
"The keepalive directive causes ping-like messages to be sent back and forth "
2225
"over the link so that each side knows when the other side has gone down. "
2226
"Ping every 1 second, assume that remote peer is down if no ping received "
2227
"during a 3 second time period."
2233
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2234
"sent back and forth over the link so that each side knows when the other "
2235
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2236
"no ping received during a 3 second time period."
2230
#: serverguide/C/vpn.xml:433(programlisting)
2239
#: serverguide/C/vpn.xml:460(programlisting)
2234
2243
"keepalive 1 3\n"
2237
#: serverguide/C/vpn.xml:437(para)
2246
#: serverguide/C/vpn.xml:464(para)
2239
2248
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2240
2249
"initialization."
2243
#: serverguide/C/vpn.xml:440(programlisting)
2252
#: serverguide/C/vpn.xml:467(programlisting)
2888
2897
#: serverguide/C/virtualization.xml:113(para)
2890
2899
"Yet another way to install an Ubuntu virtual machine is to use "
2891
"<application>uvtool</application>. This application, available as of 14.04 "
2900
"<application>uvtool</application>. This application, available as of 14.04, "
2892
2901
"allows you to set up specific VM options, execute custom post-install "
2893
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2902
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2896
#: serverguide/C/virtualization.xml:101(para)
2905
#: serverguide/C/virtualization.xml:119(para)
2898
2907
"Libvirt can also be configured work with <application>Xen</application>. For "
2899
2908
"details, see the Xen Ubuntu community page referenced below."
2902
#: serverguide/C/virtualization.xml:106(title)
2911
#: serverguide/C/virtualization.xml:125(title)
2903
2912
msgid "virt-install"
2904
2913
msgstr "virt-install"
2906
#: serverguide/C/virtualization.xml:107(para)
2915
#: serverguide/C/virtualization.xml:127(para)
2908
2917
"<application>virt-install</application> is part of the "
2909
2918
"<application>virtinst</application> package. To install it, from a terminal "
2910
2919
"prompt enter:"
2913
#: serverguide/C/virtualization.xml:111(command)
2922
#: serverguide/C/virtualization.xml:132(command)
2914
2923
msgid "sudo apt-get install virtinst"
2917
#: serverguide/C/virtualization.xml:113(para)
2926
#: serverguide/C/virtualization.xml:135(para)
2919
2928
"There are several options available when using <application>virt-"
2920
2929
"install</application>. For example:"
2987
2996
"After launching <application>virt-install</application> you can connect to "
2988
2997
"the virtual machine's console either locally using a GUI (if your server has "
2989
"a GUI), or via a remote VNC client from a GUI based computer."
2998
"a GUI), or via a remote VNC client from a GUI-based computer."
2992
#: serverguide/C/virtualization.xml:179(title)
3001
#: serverguide/C/virtualization.xml:206(title)
2993
3002
msgid "virt-clone"
2994
3003
msgstr "virt-clone"
2996
#: serverguide/C/virtualization.xml:180(para)
3005
#: serverguide/C/virtualization.xml:208(para)
2998
3007
"The <application>virt-clone</application> application can be used to copy "
2999
3008
"one virtual machine to another. For example:"
3002
#: serverguide/C/virtualization.xml:184(command)
3011
#: serverguide/C/virtualization.xml:212(command)
3004
3013
"sudo virt-clone -o web_devel -n database_devel -f "
3005
3014
"/path/to/database_devel.img \\ --connect=qemu:///system"
3008
#: serverguide/C/virtualization.xml:189(para)
3017
#: serverguide/C/virtualization.xml:218(para)
3009
3018
msgid "<emphasis>-o:</emphasis> original virtual machine."
3012
#: serverguide/C/virtualization.xml:194(para)
3021
#: serverguide/C/virtualization.xml:222(para)
3013
3022
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3016
#: serverguide/C/virtualization.xml:199(para)
3025
#: serverguide/C/virtualization.xml:227(para)
3018
3027
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3019
3028
"be used by the new virtual machine."
3022
#: serverguide/C/virtualization.xml:204(para)
3031
#: serverguide/C/virtualization.xml:232(para)
3024
3033
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3027
#: serverguide/C/virtualization.xml:209(para)
3036
#: serverguide/C/virtualization.xml:237(para)
3029
3038
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3030
3039
"help troubleshoot problems with <application>virt-clone</application>."
3033
#: serverguide/C/virtualization.xml:214(para)
3042
#: serverguide/C/virtualization.xml:242(para)
3035
3044
"Replace <emphasis>web_devel</emphasis> and "
3036
3045
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3039
#: serverguide/C/virtualization.xml:220(title)
3048
#: serverguide/C/virtualization.xml:249(title)
3040
3049
msgid "Virtual Machine Management"
3043
#: serverguide/C/virtualization.xml:222(title)
3052
#: serverguide/C/virtualization.xml:252(title)
3047
#: serverguide/C/virtualization.xml:223(para)
3056
#: serverguide/C/virtualization.xml:254(para)
3049
3058
"There are several utilities available to manage virtual machines and "
3050
3059
"<application>libvirt</application>. The <application>virsh</application> "
3051
3060
"utility can be used from the command line. Some examples:"
3054
#: serverguide/C/virtualization.xml:229(para)
3063
#: serverguide/C/virtualization.xml:261(para)
3055
3064
msgid "To list running virtual machines:"
3058
#: serverguide/C/virtualization.xml:233(command)
3067
#: serverguide/C/virtualization.xml:264(command)
3059
3068
msgid "virsh -c qemu:///system list"
3060
3069
msgstr "virsh -c qemu:///system list"
3062
#: serverguide/C/virtualization.xml:237(para)
3071
#: serverguide/C/virtualization.xml:269(para)
3063
3072
msgid "To start a virtual machine:"
3064
3073
msgstr "Per amodar una maquina virtuala :"
3066
#: serverguide/C/virtualization.xml:241(command)
3075
#: serverguide/C/virtualization.xml:272(command)
3067
3076
msgid "virsh -c qemu:///system start web_devel"
3068
3077
msgstr "virsh -c qemu:///system start web_devel"
3070
#: serverguide/C/virtualization.xml:245(para)
3079
#: serverguide/C/virtualization.xml:277(para)
3071
3080
msgid "Similarly, to start a virtual machine at boot:"
3074
#: serverguide/C/virtualization.xml:249(command)
3083
#: serverguide/C/virtualization.xml:280(command)
3075
3084
msgid "virsh -c qemu:///system autostart web_devel"
3076
3085
msgstr "virsh -c qemu:///system autostart web_devel"
3078
#: serverguide/C/virtualization.xml:253(para)
3087
#: serverguide/C/virtualization.xml:285(para)
3079
3088
msgid "Reboot a virtual machine with:"
3082
#: serverguide/C/virtualization.xml:257(command)
3091
#: serverguide/C/virtualization.xml:288(command)
3083
3092
msgid "virsh -c qemu:///system reboot web_devel"
3084
3093
msgstr "virsh -c qemu:///system reboot web_devel"
3086
#: serverguide/C/virtualization.xml:261(para)
3095
#: serverguide/C/virtualization.xml:293(para)
3088
3097
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3089
3098
"order to be restored later. The following will save the virtual machine "
3090
3099
"state into a file named according to the date:"
3093
#: serverguide/C/virtualization.xml:266(command)
3102
#: serverguide/C/virtualization.xml:299(command)
3094
3103
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3095
3104
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
3097
#: serverguide/C/virtualization.xml:268(para)
3106
#: serverguide/C/virtualization.xml:302(para)
3098
3107
msgid "Once saved the virtual machine will no longer be running."
3101
#: serverguide/C/virtualization.xml:273(para)
3110
#: serverguide/C/virtualization.xml:307(para)
3102
3111
msgid "A saved virtual machine can be restored using:"
3105
#: serverguide/C/virtualization.xml:277(command)
3114
#: serverguide/C/virtualization.xml:310(command)
3106
3115
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3109
#: serverguide/C/virtualization.xml:281(para)
3118
#: serverguide/C/virtualization.xml:315(para)
3110
3119
msgid "To shutdown a virtual machine do:"
3111
3120
msgstr "Per arrestar una maquina virtuala :"
3113
#: serverguide/C/virtualization.xml:285(command)
3122
#: serverguide/C/virtualization.xml:318(command)
3114
3123
msgid "virsh -c qemu:///system shutdown web_devel"
3115
3124
msgstr "virsh -c qemu:///system shutdown web_devel"
3117
#: serverguide/C/virtualization.xml:289(para)
3126
#: serverguide/C/virtualization.xml:323(para)
3118
3127
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3121
#: serverguide/C/virtualization.xml:293(command)
3130
#: serverguide/C/virtualization.xml:327(command)
3122
3131
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3124
3133
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3126
#: serverguide/C/virtualization.xml:298(para)
3135
#: serverguide/C/virtualization.xml:333(para)
3128
3137
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3129
3138
"appropriate virtual machine name, and <filename>web_devel-"
3130
3139
"022708.state</filename> with a descriptive file name."
3133
#: serverguide/C/virtualization.xml:305(title)
3142
#: serverguide/C/virtualization.xml:341(title)
3134
3143
msgid "Virtual Machine Manager"
3135
3144
msgstr "Gestionari de maquina virtuala"
3137
#: serverguide/C/virtualization.xml:306(para)
3146
#: serverguide/C/virtualization.xml:343(para)
3139
3148
"The <application>virt-manager</application> package contains a graphical "
3140
3149
"utility to manage local and remote virtual machines. To install virt-manager "
3144
#: serverguide/C/virtualization.xml:311(command)
3153
#: serverguide/C/virtualization.xml:348(command)
3145
3154
msgid "sudo apt-get install virt-manager"
3146
3155
msgstr "sudo apt-get install virt-manager"
3148
#: serverguide/C/virtualization.xml:313(para)
3157
#: serverguide/C/virtualization.xml:351(para)
3150
3159
"Since <application>virt-manager</application> requires a Graphical User "
3151
3160
"Interface (GUI) environment it is recommended to be installed on a "
3193
#: serverguide/C/virtualization.xml:343(para)
3202
#: serverguide/C/virtualization.xml:390(para)
3195
3204
"To install <application>virt-viewer</application> from a terminal enter:"
3198
#: serverguide/C/virtualization.xml:347(command)
3207
#: serverguide/C/virtualization.xml:394(command)
3199
3208
msgid "sudo apt-get install virt-viewer"
3200
3209
msgstr "sudo apt-get install virt-viewer"
3202
#: serverguide/C/virtualization.xml:349(para)
3211
#: serverguide/C/virtualization.xml:397(para)
3204
3213
"Once a virtual machine is installed and running you can connect to the "
3205
3214
"virtual machine's console by using:"
3208
#: serverguide/C/virtualization.xml:353(command)
3217
#: serverguide/C/virtualization.xml:401(command)
3209
3218
msgid "virt-viewer -c qemu:///system web_devel"
3210
3219
msgstr "virt-viewer -c qemu:///system web_devel"
3212
#: serverguide/C/virtualization.xml:355(para)
3221
#: serverguide/C/virtualization.xml:404(para)
3214
3223
"Similar to <application>virt-manager</application>, <application>virt-"
3215
3224
"viewer</application> can connect to a remote host using "
3216
3225
"<emphasis>SSH</emphasis> with key authentication, as well:"
3219
#: serverguide/C/virtualization.xml:360(command)
3228
#: serverguide/C/virtualization.xml:409(command)
3220
3229
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3221
3230
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3223
#: serverguide/C/virtualization.xml:362(para)
3232
#: serverguide/C/virtualization.xml:412(para)
3225
3234
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3226
3235
"appropriate virtual machine name."
3242
3251
"more details."
3245
#: serverguide/C/virtualization.xml:379(para)
3254
#: serverguide/C/virtualization.xml:430(para)
3247
3256
"For more information on <application>libvirt</application> see the <ulink "
3248
3257
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3251
#: serverguide/C/virtualization.xml:384(para)
3260
#: serverguide/C/virtualization.xml:436(para)
3253
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3254
"Manager</ulink> site has more information on <application>virt-"
3255
"manager</application> development."
3262
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3263
"site has more information on <application>virt-manager</application> "
3258
#: serverguide/C/virtualization.xml:390(para)
3267
#: serverguide/C/virtualization.xml:442(para)
3260
3269
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3261
3270
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3262
3271
"technology in Ubuntu."
3265
#: serverguide/C/virtualization.xml:396(para)
3274
#: serverguide/C/virtualization.xml:448(para)
3267
3276
"Another good resource is the <ulink "
3268
3277
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3271
#: serverguide/C/virtualization.xml:401(para)
3280
#: serverguide/C/virtualization.xml:454(para)
3273
3282
"For information on Xen, including using Xen with libvirt, please see the "
3274
3283
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3279
3288
msgid "Cloud images and uvtool"
3282
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3291
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3283
3292
msgid "Introduction"
3284
3293
msgstr "Introduccion"
3286
3295
#: serverguide/C/virtualization.xml:469(para)
3288
"With Ubuntu being one of the most used operating systems on most of the "
3289
"cloud platforms, the availability of stable and secure cloud images has "
3290
"become very important. As of 12.04 the utilization of cloud images outside "
3291
"of a cloud infrastructure has been improved. It is now possible to use those "
3297
"With Ubuntu being one of the most used operating systems on many cloud "
3298
"platforms, the availability of stable and secure cloud images has become "
3299
"very important. As of 12.04 the utilization of cloud images outside of a "
3300
"cloud infrastructure has been improved. It is now possible to use those "
3292
3301
"images to create a virtual machine without the need of a complete "
3293
3302
"installation."
3296
#: serverguide/C/virtualization.xml:478(title)
3305
#: serverguide/C/virtualization.xml:477(title)
3297
3306
msgid "Creating virtual machines using uvtool"
3300
#: serverguide/C/virtualization.xml:480(para)
3309
#: serverguide/C/virtualization.xml:479(para)
3302
3311
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3303
3312
"of generating virtual machines (VM) using the cloud images. "
3305
3314
"synchronize cloud-images locally and use them to create new VMs in minutes."
3308
#: serverguide/C/virtualization.xml:487(title)
3317
#: serverguide/C/virtualization.xml:486(title)
3309
3318
msgid "Uvtool packages"
3312
#: serverguide/C/virtualization.xml:489(para)
3321
#: serverguide/C/virtualization.xml:488(para)
3314
"The following packages and their dependancies will be required in order to "
3323
"The following packages and their dependencies will be required in order to "
3318
#: serverguide/C/virtualization.xml:496(para)
3327
#: serverguide/C/virtualization.xml:495(para)
3322
#: serverguide/C/virtualization.xml:500(para)
3331
#: serverguide/C/virtualization.xml:499(para)
3323
3332
msgid "uvtool-libvirt"
3326
#: serverguide/C/virtualization.xml:505(para)
3328
"Installation of <application>uvtool</application> is done the same as for "
3329
"any other application by using apt-get:"
3335
#: serverguide/C/virtualization.xml:504(para)
3336
msgid "To install <application>uvtool</application>, run:"
3332
#: serverguide/C/virtualization.xml:507(programlisting)
3339
#: serverguide/C/virtualization.xml:505(programlisting)
3334
3341
msgid "$ apt-get -y install uvtool"
3337
#: serverguide/C/virtualization.xml:509(para)
3344
#: serverguide/C/virtualization.xml:507(para)
3338
3345
msgid "This will install uvtool's main commands:"
3341
#: serverguide/C/virtualization.xml:511(application)
3348
#: serverguide/C/virtualization.xml:509(application)
3342
3349
msgid "uvt-simplestreams-libvirt"
3345
#: serverguide/C/virtualization.xml:512(application)
3352
#: serverguide/C/virtualization.xml:510(application)
3346
3353
msgid "uvt-kvm"
3349
#: serverguide/C/virtualization.xml:517(title)
3356
#: serverguide/C/virtualization.xml:515(title)
3351
3358
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3352
3359
"libvirt</application>"
3355
#: serverguide/C/virtualization.xml:519(para)
3362
#: serverguide/C/virtualization.xml:517(para)
3357
3364
"This is one of the major simplifications that "
3358
3365
"<application>uvtool</application> brings. It is aware of where to find the "
3384
3391
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3387
#: serverguide/C/virtualization.xml:538(para)
3394
#: serverguide/C/virtualization.xml:536(para)
3389
3396
"In the case where you want to synchronize only one specific cloud-image, you "
3390
3397
"need to use the release= and arch= filters to identify which image needs to "
3391
3398
"be synchronized."
3394
#: serverguide/C/virtualization.xml:541(programlisting)
3401
#: serverguide/C/virtualization.xml:539(programlisting)
3396
3403
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3399
#: serverguide/C/virtualization.xml:546(title)
3406
#: serverguide/C/virtualization.xml:544(title)
3400
3407
msgid "Create the VM using uvt-kvm"
3403
#: serverguide/C/virtualization.xml:548(para)
3410
#: serverguide/C/virtualization.xml:546(para)
3405
"In order to be able to connect to the virtual machine once it has been "
3406
"created, it is necessary to have a valid SSH key available for the ubuntu "
3407
"user. If your environment does not have a ssh key, you can easily create one "
3408
"using the following command:"
3412
"In order to connect to the virtual machine once it has been created, you "
3413
"must have a valid SSH key available for the Ubuntu user. If your environment "
3414
"does not have an SSH key, you can easily create one using the following "
3411
#: serverguide/C/virtualization.xml:552(programlisting)
3418
#: serverguide/C/virtualization.xml:548(programlisting)
3435
3442
"+-----------------+\n"
3445
#: serverguide/C/virtualization.xml:571(para)
3447
"To create of a new virtual machine using uvtool, run the following in a "
3451
#: serverguide/C/virtualization.xml:573(programlisting)
3453
msgid "$ uvt-kvm create firsttest"
3438
3456
#: serverguide/C/virtualization.xml:575(para)
3440
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3441
"form, you only need to do:"
3444
#: serverguide/C/virtualization.xml:578(programlisting)
3446
msgid "$ uvt-kvm create firsttest"
3449
#: serverguide/C/virtualization.xml:580(para)
3451
3458
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3452
3459
"using the current LTS cloud image available locally. If you want to specify "
3453
3460
"a release to be used to create the VM, you need to use the <emphasis "
3454
"role=\"bold\">release=</emphasis> filter"
3461
"role=\"bold\">release=</emphasis> filter:"
3464
#: serverguide/C/virtualization.xml:578(programlisting)
3466
msgid "$ uvt-kvm create secondtest release=trusty"
3469
#: serverguide/C/virtualization.xml:580(para)
3471
"<application>uvt-kvm wait</application> can be used to wait until the "
3472
"creation of the VM has completed:"
3457
3475
#: serverguide/C/virtualization.xml:583(programlisting)
3459
msgid "$ uvt-kvm create secondtest release=trusty"
3462
#: serverguide/C/virtualization.xml:585(para)
3464
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3465
"the creation of the VM has completed"
3468
#: serverguide/C/virtualization.xml:588(programlisting)
3471
3478
"$ uvt-kvm wait secondttest --insecure\n"
3472
3479
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3475
#: serverguide/C/virtualization.xml:593(title)
3482
#: serverguide/C/virtualization.xml:588(title)
3476
3483
msgid "Connect to the running VM"
3479
#: serverguide/C/virtualization.xml:594(para)
3486
#: serverguide/C/virtualization.xml:589(para)
3481
3488
"Once the virtual machine creation is completed, you can connect to it using "
3485
#: serverguide/C/virtualization.xml:597(programlisting)
3492
#: serverguide/C/virtualization.xml:592(programlisting)
3487
3494
msgid "$ uvt-kvm ssh secondtest --insecure"
3490
#: serverguide/C/virtualization.xml:599(para)
3497
#: serverguide/C/virtualization.xml:594(para)
3492
3499
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3493
"required so you should be using this mechanism to connect to your VM only if "
3494
"you completely trust your network infrastructure"
3500
"required, so use this mechanism to connect to your VM only if you completely "
3501
"trust your network infrastructure."
3497
#: serverguide/C/virtualization.xml:602(para)
3504
#: serverguide/C/virtualization.xml:596(para)
3499
"You can also connect to your VM using a regular ssh session using the IP "
3506
"You can also connect to your VM using a regular SSH session using the IP "
3500
3507
"address of the VM. The address can be queried using the following command:"
3503
#: serverguide/C/virtualization.xml:605(programlisting)
3510
#: serverguide/C/virtualization.xml:598(programlisting)
3534
#: serverguide/C/virtualization.xml:631(title)
3541
#: serverguide/C/virtualization.xml:624(title)
3535
3542
msgid "Get the list of running VMs"
3538
#: serverguide/C/virtualization.xml:632(para)
3539
msgid "You can get the list of VM running on your system with this command:"
3545
#: serverguide/C/virtualization.xml:625(para)
3546
msgid "You can get the list of VMs running on your system with this command:"
3542
#: serverguide/C/virtualization.xml:634(programlisting)
3549
#: serverguide/C/virtualization.xml:627(programlisting)
3545
3552
"$ uvt-kvm list\n"
3549
#: serverguide/C/virtualization.xml:639(title)
3556
#: serverguide/C/virtualization.xml:632(title)
3550
3557
msgid "Destroy your VM"
3553
#: serverguide/C/virtualization.xml:640(para)
3554
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3560
#: serverguide/C/virtualization.xml:633(para)
3561
msgid "Once you are done with your VM, you can destroy it with:"
3557
#: serverguide/C/virtualization.xml:642(programlisting)
3564
#: serverguide/C/virtualization.xml:635(programlisting)
3559
3566
msgid "$ uvt-kvm destroy secondtest"
3562
#: serverguide/C/virtualization.xml:644(title)
3569
#: serverguide/C/virtualization.xml:637(title)
3563
3570
msgid "More uvt-kvm options"
3566
#: serverguide/C/virtualization.xml:646(para)
3573
#: serverguide/C/virtualization.xml:639(para)
3568
3575
"The following options can be used to change some of the characteristics of "
3569
"the virtual memory that you are creating"
3576
"the VM that you are creating:"
3579
#: serverguide/C/virtualization.xml:642(para)
3580
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3583
#: serverguide/C/virtualization.xml:643(para)
3584
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3587
#: serverguide/C/virtualization.xml:644(para)
3588
msgid "--cpu : Number of CPU cores. Default: 1."
3591
#: serverguide/C/virtualization.xml:647(para)
3593
"Some other parameters will have an impact on the cloud-init configuration:"
3596
#: serverguide/C/virtualization.xml:649(para)
3598
"--password password : Allow login to the VM using the Ubuntu account and "
3599
"this provided password."
3572
3602
#: serverguide/C/virtualization.xml:650(para)
3573
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3576
#: serverguide/C/virtualization.xml:651(para)
3577
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3580
#: serverguide/C/virtualization.xml:652(para)
3581
msgid "--cpu : Number of CPU cores. Default: 1"
3584
#: serverguide/C/virtualization.xml:655(para)
3586
"Some other parameters will have an impact on the cloud-init configuration"
3589
#: serverguide/C/virtualization.xml:657(para)
3591
"--password password : Allow login to the VM using the ubuntu account and "
3592
"this provided password"
3595
#: serverguide/C/virtualization.xml:658(para)
3597
3604
"--run-script-once script_file : Run script_file as root on the VM the first "
3598
3605
"time it is booted, but never again."
3601
#: serverguide/C/virtualization.xml:659(para)
3608
#: serverguide/C/virtualization.xml:651(para)
3603
3610
"--packages package_list : Install the comma-separated packages specified in "
3604
3611
"package_list on first boot."
3607
#: serverguide/C/virtualization.xml:662(para)
3614
#: serverguide/C/virtualization.xml:654(para)
3609
3616
"A complete description of all available modifiers is available in the "
3610
"manpage of uvt-kvm"
3617
"manpage of uvt-kvm."
3613
#: serverguide/C/virtualization.xml:1073(para)
3620
#: serverguide/C/virtualization.xml:661(para)
3615
3622
"If you are interested in learning more, have questions or suggestions, "
3616
3623
"please contact the Ubuntu Server Team at:"
3619
#: serverguide/C/virtualization.xml:1078(para)
3626
#: serverguide/C/virtualization.xml:666(para)
3620
3627
msgid "IRC: #ubuntu-server on freenode"
3623
#: serverguide/C/virtualization.xml:1083(para)
3630
#: serverguide/C/virtualization.xml:670(para)
3625
3632
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3626
3633
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3629
#: serverguide/C/virtualization.xml:2121(title)
3636
#: serverguide/C/virtualization.xml:679(title)
3630
3637
msgid "Ubuntu Cloud"
3633
#: serverguide/C/virtualization.xml:2122(para)
3640
#: serverguide/C/virtualization.xml:681(para)
3635
3642
"<application>Cloud computing</application> is a computing model that allows "
3636
3643
"vast pools of resources to be allocated on-demand. These resources such as "
3654
3661
"concerning installation and configuration."
3657
#: serverguide/C/virtualization.xml:2452(title)
3664
#: serverguide/C/virtualization.xml:703(title)
3658
3665
msgid "Support and Troubleshooting"
3661
#: serverguide/C/virtualization.xml:2453(para)
3668
#: serverguide/C/virtualization.xml:705(para)
3662
3669
msgid "Community Support"
3665
#: serverguide/C/virtualization.xml:2457(ulink)
3672
#: serverguide/C/virtualization.xml:709(ulink)
3666
3673
msgid "OpenStack Mailing list"
3669
#: serverguide/C/virtualization.xml:2462(ulink)
3676
#: serverguide/C/virtualization.xml:714(ulink)
3670
3677
msgid "The OpenStack Wiki search"
3673
#: serverguide/C/virtualization.xml:2468(ulink)
3680
#: serverguide/C/virtualization.xml:719(ulink)
3674
3681
msgid "Launchpad bugs area"
3677
#: serverguide/C/virtualization.xml:2472(para)
3684
#: serverguide/C/virtualization.xml:724(para)
3678
3685
msgid "Join the IRC channel #openstack on freenode."
3681
#: serverguide/C/virtualization.xml:2486(ulink)
3688
#: serverguide/C/virtualization.xml:735(ulink)
3682
3689
msgid "Cloud Computing - Service models"
3685
#: serverguide/C/virtualization.xml:2491(ulink)
3692
#: serverguide/C/virtualization.xml:741(ulink)
3686
3693
msgid "OpenStack Compute"
3689
#: serverguide/C/virtualization.xml:2496(ulink)
3696
#: serverguide/C/virtualization.xml:747(ulink)
3690
3697
msgid "OpenStack Image Service"
3693
#: serverguide/C/virtualization.xml:2501(ulink)
3700
#: serverguide/C/virtualization.xml:753(ulink)
3694
3701
msgid "OpenStack Object Storage Administration Guide"
3697
#: serverguide/C/virtualization.xml:2506(ulink)
3704
#: serverguide/C/virtualization.xml:759(ulink)
3698
3705
msgid "Installing OpenStack Object Storage on Ubuntu"
3701
#: serverguide/C/virtualization.xml:2511(ulink)
3708
#: serverguide/C/virtualization.xml:765(ulink)
3702
3709
msgid "http://cloudglossary.com/"
3705
#: serverguide/C/virtualization.xml:2586(title)
3712
#: serverguide/C/virtualization.xml:775(title)
3709
#: serverguide/C/virtualization.xml:785(para)
3716
#: serverguide/C/virtualization.xml:777(para)
3711
3718
"Containers are a lightweight virtualization technology. They are more akin "
3712
3719
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3953
#: serverguide/C/virtualization.xml:1015(para)
3960
#: serverguide/C/virtualization.xml:1007(para)
3955
3962
"<filename>default.conf</filename> specifies configuration which every newly "
3956
3963
"created container should contain. This usually contains at least a network "
3957
3964
"section, and, for unprivileged users, an id mapping section"
3960
#: serverguide/C/virtualization.xml:1022(para)
3967
#: serverguide/C/virtualization.xml:1014(para)
3962
3969
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3963
3970
"connect their containers to the host-owned network."
3966
#: serverguide/C/virtualization.xml:1002(para)
3973
#: serverguide/C/virtualization.xml:994(para)
3968
3975
"The following configuration files are consulted by LXC. For privileged use, "
3969
3976
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3970
3977
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3973
#: serverguide/C/virtualization.xml:1028(para)
3980
#: serverguide/C/virtualization.xml:1020(para)
3975
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3976
"exist both under <filename>/etc/lxc</filename> and "
3982
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3983
"under <filename>/etc/lxc</filename> and "
3977
3984
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3978
3985
"usernet.conf</filename> is only host-wide."
3981
#: serverguide/C/virtualization.xml:1033(para)
3988
#: serverguide/C/virtualization.xml:1025(para)
3983
3990
"By default, containers are located under /var/lib/lxc for the root user, and "
3984
3991
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3985
3992
"commands using the \"-P|--lxcpath\" argument."
3988
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3995
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3989
3996
msgid "Networking"
3992
#: serverguide/C/virtualization.xml:1043(para)
3999
#: serverguide/C/virtualization.xml:1035(para)
3994
4001
"By default LXC creates a private network namespace for each container, which "
3995
4002
"includes a layer 2 networking stack. Containers usually connect to the "
4382
4390
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4385
#: serverguide/C/virtualization.xml:1377(para)
4393
#: serverguide/C/virtualization.xml:1369(para)
4387
"By default, a privileged container CN will be assigned a cgroup called "
4395
"By default, a privileged container CN will be assigned to a cgroup called "
4388
4396
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4389
4397
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4390
4398
"at 0, will be appended to the cgroup name."
4393
#: serverguide/C/virtualization.xml:1383(para)
4401
#: serverguide/C/virtualization.xml:1375(para)
4395
"By default, a privileged container CN will be assigned a cgroup called "
4403
"By default, a privileged container CN will be assigned to a cgroup called "
4396
4404
"<filename>CN</filename> under the cgroup of the task which started the "
4397
4405
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4398
4406
"The container root will be given group ownership of the directory (but not "
4399
4407
"all files) so that it is allowed to create new child cgroups."
4402
#: serverguide/C/virtualization.xml:1390(para)
4410
#: serverguide/C/virtualization.xml:1382(para)
4404
4412
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4405
4413
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4406
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4414
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4407
4415
"nested containers, the line <screen>\n"
4409
4417
"lxc.mount.auto = cgroup\n"
4459
4467
"container, and to only use its snapshots."
4462
#: serverguide/C/virtualization.xml:1446(para)
4470
#: serverguide/C/virtualization.xml:1438(para)
4463
4471
msgid "Given an existing container called C1, a copy can be created using:"
4466
#: serverguide/C/virtualization.xml:3274(command)
4474
#: serverguide/C/virtualization.xml:1442(command)
4467
4475
msgid "sudo lxc-clone -o C1 -n C2"
4470
#: serverguide/C/virtualization.xml:1455(para)
4471
msgid "A snapshot can be created using"
4478
#: serverguide/C/virtualization.xml:1447(para)
4479
msgid "A snapshot can be created using:"
4474
#: serverguide/C/virtualization.xml:3288(command)
4482
#: serverguide/C/virtualization.xml:1449(command)
4475
4483
msgid "sudo lxc-clone -s -o C1 -n C2"
4478
#: serverguide/C/virtualization.xml:1461(para)
4486
#: serverguide/C/virtualization.xml:1453(para)
4479
4487
msgid "See the lxc-clone manpage for more information."
4482
#: serverguide/C/virtualization.xml:1464(title)
4490
#: serverguide/C/virtualization.xml:1456(title)
4483
4491
msgid "Snapshots"
4486
#: serverguide/C/virtualization.xml:1465(para)
4494
#: serverguide/C/virtualization.xml:1457(para)
4488
4496
"To more easily support the use of snapshot clones for iterative container "
4489
4497
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4541
4549
"page for more options."
4544
#: serverguide/C/virtualization.xml:1527(title)
4552
#: serverguide/C/virtualization.xml:1519(title)
4545
4553
msgid "Lifecycle management hooks"
4548
#: serverguide/C/virtualization.xml:1529(para)
4556
#: serverguide/C/virtualization.xml:1521(para)
4550
4558
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4551
4559
"at specific points in a container's lifetime:"
4554
#: serverguide/C/virtualization.xml:1534(para)
4562
#: serverguide/C/virtualization.xml:1526(para)
4556
4564
"Pre-start hooks are run in the host's namespace before the container ttys, "
4557
4565
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4558
4566
"be cleaned up in the post-stop hook."
4561
#: serverguide/C/virtualization.xml:1541(para)
4569
#: serverguide/C/virtualization.xml:1533(para)
4563
4571
"Pre-mount hooks are run in the container's namespaces, but before the root "
4564
4572
"filesystem has been mounted. Mounts done in this hook will be automatically "
4565
4573
"cleaned up when the container shuts down."
4568
#: serverguide/C/virtualization.xml:1548(para)
4576
#: serverguide/C/virtualization.xml:1540(para)
4570
4578
"Mount hooks are run after the container filesystems have been mounted, but "
4571
4579
"before the container has called <command>pivot_root</command> to change its "
4572
4580
"root filesystem."
4575
#: serverguide/C/virtualization.xml:1555(para)
4583
#: serverguide/C/virtualization.xml:1547(para)
4577
4585
"Start hooks are run immediately before executing the container's init. Since "
4578
4586
"these are executed after pivoting into the container's filesystem, the "
4579
4587
"command to be executed must be copied into the container's filesystem."
4582
#: serverguide/C/virtualization.xml:1562(para)
4590
#: serverguide/C/virtualization.xml:1554(para)
4583
4591
msgid "Post-stop hooks are executed after the container has been shut down."
4586
#: serverguide/C/virtualization.xml:1567(para)
4594
#: serverguide/C/virtualization.xml:1559(para)
4588
4596
"If any hook returns an error, the container's run will be aborted. Any "
4589
4597
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4590
4598
"generated by the script will be logged at the debug priority."
4593
#: serverguide/C/virtualization.xml:1572(para)
4601
#: serverguide/C/virtualization.xml:1564(para)
4595
4603
"Please see the lxc.container.conf manual page for the configuration file "
4596
4604
"format with which to specify hooks. Some sample hooks are shipped with the "
4597
4605
"lxc package to serve as an example of how to write and use such hooks."
4600
#: serverguide/C/virtualization.xml:3452(title)
4608
#: serverguide/C/virtualization.xml:1571(title)
4601
4609
msgid "Consoles"
4604
#: serverguide/C/virtualization.xml:1581(para)
4612
#: serverguide/C/virtualization.xml:1573(para)
4606
4614
"Containers have a configurable number of consoles. One always exists on the "
4607
4615
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4848
4856
"to the use of containers."
4851
#: serverguide/C/virtualization.xml:4398(para)
4859
#: serverguide/C/virtualization.xml:1795(para)
4853
4861
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4854
4862
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4855
4863
"use of security modules to make containers more secure."
4858
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4866
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4859
4867
msgid "Manual pages referenced above can be found at:"
4862
#: serverguide/C/virtualization.xml:4407(ulink)
4870
#: serverguide/C/virtualization.xml:1804(ulink)
4863
4871
msgid "capabilities"
4866
#: serverguide/C/virtualization.xml:4408(ulink)
4874
#: serverguide/C/virtualization.xml:1805(ulink)
4867
4875
msgid "lxc.conf"
4870
#: serverguide/C/virtualization.xml:1818(para)
4878
#: serverguide/C/virtualization.xml:1810(para)
4872
4880
"The upstream LXC project is hosted at <ulink "
4873
4881
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4876
#: serverguide/C/virtualization.xml:4420(para)
4884
#: serverguide/C/virtualization.xml:1815(para)
4878
4886
"LXC security issues are listed and discussed at <ulink "
4879
4887
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4882
#: serverguide/C/virtualization.xml:1829(para)
4890
#: serverguide/C/virtualization.xml:1821(para)
4884
4892
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4885
4893
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4979
4987
"access or a central server."
4982
#: serverguide/C/vcs.xml:88(para)
4990
#: serverguide/C/vcs.xml:95(para)
4984
4992
"The <application>git</application> version control system is installed with "
4985
4993
"the following command"
4988
#: serverguide/C/vcs.xml:92(command)
4996
#: serverguide/C/vcs.xml:99(command)
4989
4997
msgid "sudo apt-get install git"
4992
#: serverguide/C/vcs.xml:97(para)
5000
#: serverguide/C/vcs.xml:104(para)
4994
5002
"Every git user should first introduce himself to git, by running these two "
4998
#: serverguide/C/vcs.xml:99(command)
5006
#: serverguide/C/vcs.xml:106(command)
4999
5007
msgid "git config --global user.email \"you@example.com\""
5002
#: serverguide/C/vcs.xml:100(command)
5010
#: serverguide/C/vcs.xml:107(command)
5003
5011
msgid "git config --global user.name \"Your Name\""
5006
#: serverguide/C/vcs.xml:105(para)
5014
#: serverguide/C/vcs.xml:112(para)
5008
5016
"The above is already sufficient to use git in a distributed and secure way, "
5009
5017
"provided users have access to the machine assuming the server role via SSH. "
5010
"On the server machine, creating a new repository can be done with"
5018
"On the server machine, creating a new repository can be done with:"
5013
#: serverguide/C/vcs.xml:108(command)
5021
#: serverguide/C/vcs.xml:119(command)
5014
5022
msgid "git init --bare /path/to/repository"
5017
#: serverguide/C/vcs.xml:110(para)
5025
#: serverguide/C/vcs.xml:121(para)
5019
5027
"This creates a bare repository, that cannot be used to edit files directly. "
5020
5028
"If you would rather have a working copy of the contents of the repository on "
5021
5029
"the server, ommit the <emphasis>--bare</emphasis> option."
5024
#: serverguide/C/vcs.xml:111(para)
5032
#: serverguide/C/vcs.xml:122(para)
5026
"Any client with ssh access to the machine can from then on clone the "
5034
"Any client with SSH access to the machine can then clone the repository with:"
5030
#: serverguide/C/vcs.xml:113(command)
5037
#: serverguide/C/vcs.xml:127(command)
5031
5038
msgid "git clone username@hostname:/path/to/repository"
5034
#: serverguide/C/vcs.xml:115(para)
5041
#: serverguide/C/vcs.xml:129(para)
5036
5043
"Once cloned to the client's machine, the client can edit files, then commit "
5037
5044
"and share them with:"
5040
#: serverguide/C/vcs.xml:119(command)
5047
#: serverguide/C/vcs.xml:133(command)
5041
5048
msgid "cd /path/to/repository"
5044
#: serverguide/C/vcs.xml:120(command)
5051
#: serverguide/C/vcs.xml:134(command)
5045
5052
msgid "#(edit some files"
5048
#: serverguide/C/vcs.xml:121(command)
5055
#: serverguide/C/vcs.xml:135(command)
5050
5057
"git commit -a # Commit all changes to the local version of the repository"
5053
#: serverguide/C/vcs.xml:122(command)
5060
#: serverguide/C/vcs.xml:136(command)
5055
5062
"git push origin master # Push changes to the server's version of the "
5059
#: serverguide/C/vcs.xml:127(title)
5066
#: serverguide/C/vcs.xml:141(title)
5060
5067
msgid "Installing a gitolite server"
5063
#: serverguide/C/vcs.xml:128(para)
5070
#: serverguide/C/vcs.xml:142(para)
5065
5072
"While the above is sufficient to create, clone and edit repositories, users "
5066
5073
"wanting to install git on a server will most likely want to have git work "
5194
5201
" R = denise\n"
5197
#: serverguide/C/vcs.xml:195(title)
5204
#: serverguide/C/vcs.xml:209(title)
5198
5205
msgid "Using your server"
5201
#: serverguide/C/vcs.xml:196(para)
5208
#: serverguide/C/vcs.xml:210(para)
5203
5210
"To use the newly created server, users have to have the gitolite admin "
5204
5211
"import their public key into the gitolite configuration repository, they can "
5205
5212
"then access any project they have access to with the following command:"
5208
#: serverguide/C/vcs.xml:198(command)
5215
#: serverguide/C/vcs.xml:212(command)
5209
5216
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5212
#: serverguide/C/vcs.xml:200(para)
5219
#: serverguide/C/vcs.xml:214(para)
5214
5221
"Or add the server's project as a remote for an existing git repository:"
5217
#: serverguide/C/vcs.xml:202(command)
5224
#: serverguide/C/vcs.xml:216(command)
5218
5225
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5221
#: serverguide/C/vcs.xml:79(title)
5228
#: serverguide/C/vcs.xml:221(title)
5222
5229
msgid "Subversion"
5225
#: serverguide/C/vcs.xml:80(para)
5232
#: serverguide/C/vcs.xml:222(para)
5227
5234
"Subversion is an open source version control system. Using Subversion, you "
5228
5235
"can record the history of source files and documents. It manages files and "
5242
5249
"section to install and configure the digital certificate."
5245
#: serverguide/C/vcs.xml:94(para)
5252
#: serverguide/C/vcs.xml:236(para)
5247
5254
"To install Subversion, run the following command from a terminal prompt:"
5250
#: serverguide/C/vcs.xml:227(command)
5257
#: serverguide/C/vcs.xml:241(command)
5251
5258
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5254
#: serverguide/C/vcs.xml:105(title)
5261
#: serverguide/C/vcs.xml:247(title)
5255
5262
msgid "Server Configuration"
5258
#: serverguide/C/vcs.xml:106(para)
5265
#: serverguide/C/vcs.xml:248(para)
5260
5267
"This step assumes you have installed above mentioned packages on your "
5261
5268
"system. This section explains how to create a Subversion repository and "
5262
5269
"access the project."
5265
#: serverguide/C/vcs.xml:109(title)
5272
#: serverguide/C/vcs.xml:251(title)
5266
5273
msgid "Create Subversion Repository"
5269
#: serverguide/C/vcs.xml:110(para)
5276
#: serverguide/C/vcs.xml:252(para)
5271
5278
"The Subversion repository can be created using the following command from a "
5272
5279
"terminal prompt:"
5275
#: serverguide/C/vcs.xml:114(command)
5282
#: serverguide/C/vcs.xml:256(command)
5276
5283
msgid "svnadmin create /path/to/repos/project"
5279
#: serverguide/C/vcs.xml:119(title)
5286
#: serverguide/C/vcs.xml:261(title)
5280
5287
msgid "Importing Files"
5283
#: serverguide/C/vcs.xml:120(para)
5290
#: serverguide/C/vcs.xml:262(para)
5285
5292
"Once you create the repository you can <emphasis>import</emphasis> files "
5286
5293
"into the repository. To import a directory, enter the following from a "
5302
5309
"schemes map to the available access methods."
5305
#: serverguide/C/vcs.xml:144(para)
5312
#: serverguide/C/vcs.xml:286(para)
5309
#: serverguide/C/vcs.xml:145(para)
5316
#: serverguide/C/vcs.xml:287(para)
5310
5317
msgid "Access Method"
5313
#: serverguide/C/vcs.xml:150(para)
5320
#: serverguide/C/vcs.xml:292(para)
5314
5321
msgid "file://"
5317
#: serverguide/C/vcs.xml:151(para)
5324
#: serverguide/C/vcs.xml:293(para)
5318
5325
msgid "direct repository access (on local disk)"
5321
#: serverguide/C/vcs.xml:154(para)
5328
#: serverguide/C/vcs.xml:296(para)
5322
5329
msgid "http://"
5325
#: serverguide/C/vcs.xml:155(para)
5332
#: serverguide/C/vcs.xml:297(para)
5326
5333
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5329
#: serverguide/C/vcs.xml:158(para)
5336
#: serverguide/C/vcs.xml:300(para)
5330
5337
msgid "https://"
5333
#: serverguide/C/vcs.xml:159(para)
5340
#: serverguide/C/vcs.xml:301(para)
5334
5341
msgid "Same as http://, but with SSL encryption"
5337
#: serverguide/C/vcs.xml:162(para)
5344
#: serverguide/C/vcs.xml:304(para)
5341
#: serverguide/C/vcs.xml:163(para)
5348
#: serverguide/C/vcs.xml:305(para)
5342
5349
msgid "Access via custom protocol to an svnserve server"
5345
#: serverguide/C/vcs.xml:166(para)
5352
#: serverguide/C/vcs.xml:308(para)
5346
5353
msgid "svn+ssh://"
5349
#: serverguide/C/vcs.xml:167(para)
5356
#: serverguide/C/vcs.xml:309(para)
5350
5357
msgid "Same as svn://, but through an SSH tunnel"
5353
#: serverguide/C/vcs.xml:173(para)
5360
#: serverguide/C/vcs.xml:315(para)
5355
5362
"In this section, we will see how to configure Subversion for all these "
5356
5363
"access methods. Here, we cover the basics. For more advanced usage details, "
5357
5364
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5360
#: serverguide/C/vcs.xml:180(title)
5367
#: serverguide/C/vcs.xml:322(title)
5361
5368
msgid "Direct repository access (file://)"
5364
#: serverguide/C/vcs.xml:181(para)
5371
#: serverguide/C/vcs.xml:323(para)
5366
5373
"This is the simplest of all access methods. It does not require any "
5367
5374
"Subversion server process to be running. This access method is used to "
5369
5376
"at a terminal prompt, is as follows:"
5372
#: serverguide/C/vcs.xml:188(command)
5379
#: serverguide/C/vcs.xml:330(command)
5373
5380
msgid "svn co file:///path/to/repos/project"
5376
#: serverguide/C/vcs.xml:191(para)
5383
#: serverguide/C/vcs.xml:333(para)
5380
#: serverguide/C/vcs.xml:194(command)
5387
#: serverguide/C/vcs.xml:336(command)
5381
5388
msgid "svn co file://localhost/path/to/repos/project"
5384
#: serverguide/C/vcs.xml:198(para)
5391
#: serverguide/C/vcs.xml:340(para)
5386
5393
"If you do not specify the hostname, there are three forward slashes (///) -- "
5387
5394
"two for the protocol (file, in this case) plus the leading slash in the "
5388
5395
"path. If you specify the hostname, you must use two forward slashes (//)."
5391
#: serverguide/C/vcs.xml:200(para)
5398
#: serverguide/C/vcs.xml:342(para)
5393
5400
"The repository permissions depend on filesystem permissions. If the user has "
5394
5401
"read/write permission, he can checkout from and commit to the repository."
5397
#: serverguide/C/vcs.xml:203(title)
5404
#: serverguide/C/vcs.xml:345(title)
5398
5405
msgid "Access via WebDAV protocol (http://)"
5401
#: serverguide/C/vcs.xml:332(para)
5408
#: serverguide/C/vcs.xml:346(para)
5403
5410
"To access the Subversion repository via WebDAV protocol, you must configure "
5404
5411
"your Apache 2 web server. Add the following snippet between the "
5469
5476
"the first user):"
5472
#: serverguide/C/vcs.xml:254(command)
5479
#: serverguide/C/vcs.xml:403(command)
5473
5480
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5476
#: serverguide/C/vcs.xml:257(para)
5483
#: serverguide/C/vcs.xml:406(para)
5478
5485
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5479
5486
"option replaces the old file. Instead use this form:"
5482
#: serverguide/C/vcs.xml:262(command)
5489
#: serverguide/C/vcs.xml:411(command)
5483
5490
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5486
#: serverguide/C/vcs.xml:266(para)
5493
#: serverguide/C/vcs.xml:415(para)
5488
5495
"This command will prompt you to enter the password. Once you enter the "
5489
5496
"password, the user is added. Now, to access the repository you can run the "
5490
5497
"following command:"
5493
#: serverguide/C/vcs.xml:267(command)
5500
#: serverguide/C/vcs.xml:416(command)
5494
5501
msgid "svn co http://servername/svn"
5497
#: serverguide/C/vcs.xml:269(para)
5504
#: serverguide/C/vcs.xml:418(para)
5499
5506
"The password is transmitted as plain text. If you are worried about password "
5500
5507
"snooping, you are advised to use SSL encryption. For details, please refer "
5501
5508
"next section."
5504
#: serverguide/C/vcs.xml:275(title)
5511
#: serverguide/C/vcs.xml:424(title)
5505
5512
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5508
#: serverguide/C/vcs.xml:411(para)
5515
#: serverguide/C/vcs.xml:425(para)
5510
5517
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5511
5518
"(https://) is similar to http:// except that you must install and configure "
5543
5550
"following lines in the configuration file:"
5546
#: serverguide/C/vcs.xml:308(programlisting)
5553
#: serverguide/C/vcs.xml:457(programlisting)
5549
5556
"# [general]\n"
5550
5557
"# password-db = passwd"
5553
#: serverguide/C/vcs.xml:311(para)
5560
#: serverguide/C/vcs.xml:460(para)
5555
5562
"After uncommenting the above lines, you can maintain the user list in the "
5556
5563
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5557
5564
"directory and add the new user. The syntax is as follows:"
5560
#: serverguide/C/vcs.xml:317(programlisting)
5567
#: serverguide/C/vcs.xml:466(programlisting)
5562
5569
msgid "username = password"
5565
#: serverguide/C/vcs.xml:318(para)
5572
#: serverguide/C/vcs.xml:467(para)
5566
5573
msgid "For more details, please refer to the file."
5569
#: serverguide/C/vcs.xml:322(para)
5576
#: serverguide/C/vcs.xml:471(para)
5571
5578
"Now, to access Subversion via the svn:// custom protocol, either from the "
5572
5579
"same machine or a different machine, you can run svnserver using svnserve "
5573
5580
"command. The syntax is as follows:"
5576
#: serverguide/C/vcs.xml:327(programlisting)
5583
#: serverguide/C/vcs.xml:476(programlisting)
5579
5586
"$ svnserve -d --foreground -r /path/to/repos\n"
5648
5655
"following command syntax:"
5651
#: serverguide/C/vcs.xml:515(command)
5658
#: serverguide/C/vcs.xml:529(command)
5652
5659
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5655
#: serverguide/C/vcs.xml:384(para)
5662
#: serverguide/C/vcs.xml:533(para)
5657
5664
"You must use the full path (/path/to/repos/project) to access the Subversion "
5658
5665
"repository using this access method."
5661
#: serverguide/C/vcs.xml:387(para)
5668
#: serverguide/C/vcs.xml:536(para)
5663
5670
"Based on server configuration, it prompts for password. You must enter the "
5664
5671
"password you use to login via ssh. Once you are authenticated, it checks out "
5665
5672
"the code from the Subversion repository."
5668
#: serverguide/C/vcs.xml:539(ulink)
5675
#: serverguide/C/vcs.xml:551(ulink)
5669
5676
msgid "Bazaar Home Page"
5672
#: serverguide/C/vcs.xml:540(ulink)
5679
#: serverguide/C/vcs.xml:556(ulink)
5673
5680
msgid "Launchpad"
5676
#: serverguide/C/vcs.xml:547(ulink)
5683
#: serverguide/C/vcs.xml:561(ulink)
5677
5684
msgid "Git homepage"
5680
#: serverguide/C/vcs.xml:552(ulink)
5687
#: serverguide/C/vcs.xml:566(ulink)
5681
5688
msgid "Gitolite"
5684
#: serverguide/C/vcs.xml:541(ulink)
5691
#: serverguide/C/vcs.xml:571(ulink)
5685
5692
msgid "Subversion Home Page"
5688
#: serverguide/C/vcs.xml:542(ulink)
5695
#: serverguide/C/vcs.xml:576(ulink)
5689
5696
msgid "Subversion Book"
5692
#: serverguide/C/vcs.xml:545(ulink)
5699
#: serverguide/C/vcs.xml:581(ulink)
5693
5700
msgid "Easy Bazaar Ubuntu Wiki page"
5696
#: serverguide/C/vcs.xml:546(ulink)
5703
#: serverguide/C/vcs.xml:586(ulink)
5697
5704
msgid "Ubuntu Wiki Subversion page"
5854
5861
msgid "Configurations with root passwords are not supported."
5857
#: serverguide/C/security.xml:37(command)
5864
#: serverguide/C/security.xml:42(command)
5858
5865
msgid "sudo passwd"
5861
#: serverguide/C/security.xml:39(para)
5868
#: serverguide/C/security.xml:44(para)
5863
5870
"Sudo will prompt you for your password, and then ask you to supply a new "
5864
5871
"password for root as shown below:"
5867
#: serverguide/C/security.xml:42(computeroutput)
5874
#: serverguide/C/security.xml:47(computeroutput)
5869
5876
msgid "[sudo] password for username:"
5872
#: serverguide/C/security.xml:42(userinput)
5879
#: serverguide/C/security.xml:47(userinput)
5874
5881
msgid "(enter your own password)"
5877
#: serverguide/C/security.xml:43(computeroutput)
5884
#: serverguide/C/security.xml:48(computeroutput)
5879
5886
msgid "Enter new UNIX password:"
5882
#: serverguide/C/security.xml:43(userinput)
5889
#: serverguide/C/security.xml:48(userinput)
5884
5891
msgid "(enter a new password for root)"
5887
#: serverguide/C/security.xml:44(computeroutput)
5894
#: serverguide/C/security.xml:49(computeroutput)
5889
5896
msgid "Retype new UNIX password:"
5892
#: serverguide/C/security.xml:44(userinput)
5899
#: serverguide/C/security.xml:49(userinput)
5894
5901
msgid "(repeat new password for root)"
5897
#: serverguide/C/security.xml:45(computeroutput)
5904
#: serverguide/C/security.xml:50(computeroutput)
5899
5906
msgid "passwd: password updated successfully"
5937
5944
"<emphasis>sudo</emphasis> group."
5940
#: serverguide/C/security.xml:71(title)
5947
#: serverguide/C/security.xml:82(title)
5941
5948
msgid "Adding and Deleting Users"
5944
#: serverguide/C/security.xml:72(para)
5951
#: serverguide/C/security.xml:83(para)
5946
"The process for managing local users and groups is straight forward and "
5953
"The process for managing local users and groups is straightforward and "
5947
5954
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5948
"other Debian based distributions, encourage the use of the \"adduser\" "
5955
"other Debian based distributions encourage the use of the \"adduser\" "
5949
5956
"package for account management."
5952
#: serverguide/C/security.xml:77(para)
5959
#: serverguide/C/security.xml:88(para)
5954
5961
"To add a user account, use the following syntax, and follow the prompts to "
5955
"give the account a password and identifiable characteristics such as a full "
5962
"give the account a password and identifiable characteristics, such as a full "
5956
5963
"name, phone number, etc."
5959
#: serverguide/C/security.xml:81(command)
5966
#: serverguide/C/security.xml:92(command)
5960
5967
msgid "sudo adduser username"
5963
#: serverguide/C/security.xml:85(para)
5970
#: serverguide/C/security.xml:96(para)
5965
5972
"To delete a user account and its primary group, use the following syntax:"
5968
#: serverguide/C/security.xml:89(command)
5975
#: serverguide/C/security.xml:100(command)
5969
5976
msgid "sudo deluser username"
5972
#: serverguide/C/security.xml:91(para)
5979
#: serverguide/C/security.xml:102(para)
5974
5981
"Deleting an account does not remove their respective home folder. It is up "
5975
5982
"to you whether or not you wish to delete the folder manually or keep it "
5976
5983
"according to your desired retention policies."
5979
#: serverguide/C/security.xml:94(para)
5986
#: serverguide/C/security.xml:105(para)
5981
5988
"Remember, any user added later on with the same UID/GID as the previous "
5982
5989
"owner will now have access to this folder if you have not taken the "
5983
5990
"necessary precautions."
5986
#: serverguide/C/security.xml:97(para)
5993
#: serverguide/C/security.xml:108(para)
5988
5995
"You may want to change these UID/GID values to something more appropriate, "
5989
5996
"such as the root account, and perhaps even relocate the folder to avoid "
5990
5997
"future conflicts:"
5993
#: serverguide/C/security.xml:101(command)
6000
#: serverguide/C/security.xml:112(command)
5994
6001
msgid "sudo chown -R root:root /home/username/"
5997
#: serverguide/C/security.xml:102(command)
6004
#: serverguide/C/security.xml:113(command)
5998
6005
msgid "sudo mkdir /home/archived_users/"
6001
#: serverguide/C/security.xml:103(command)
6008
#: serverguide/C/security.xml:114(command)
6002
6009
msgid "sudo mv /home/username /home/archived_users/"
6005
#: serverguide/C/security.xml:107(para)
6012
#: serverguide/C/security.xml:118(para)
6007
6014
"To temporarily lock or unlock a user account, use the following syntax, "
6008
6015
"respectively:"
6011
#: serverguide/C/security.xml:111(command)
6018
#: serverguide/C/security.xml:122(command)
6012
6019
msgid "sudo passwd -l username"
6015
#: serverguide/C/security.xml:112(command)
6022
#: serverguide/C/security.xml:123(command)
6016
6023
msgid "sudo passwd -u username"
6019
#: serverguide/C/security.xml:116(para)
6026
#: serverguide/C/security.xml:127(para)
6021
6028
"To add or delete a personalized group, use the following syntax, "
6022
6029
"respectively:"
6025
#: serverguide/C/security.xml:120(command)
6032
#: serverguide/C/security.xml:131(command)
6026
6033
msgid "sudo addgroup groupname"
6029
#: serverguide/C/security.xml:121(command)
6036
#: serverguide/C/security.xml:132(command)
6030
6037
msgid "sudo delgroup groupname"
6033
#: serverguide/C/security.xml:125(para)
6040
#: serverguide/C/security.xml:136(para)
6034
6041
msgid "To add a user to a group, use the following syntax:"
6037
#: serverguide/C/security.xml:129(command)
6044
#: serverguide/C/security.xml:140(command)
6038
6045
msgid "sudo adduser username groupname"
6041
#: serverguide/C/security.xml:136(title)
6048
#: serverguide/C/security.xml:147(title)
6042
6049
msgid "User Profile Security"
6045
#: serverguide/C/security.xml:137(para)
6052
#: serverguide/C/security.xml:148(para)
6047
6054
"When a new user is created, the adduser utility creates a brand new home "
6048
"directory named <filename class=\"directory\">/home/username</filename>, "
6049
"respectively. The default profile is modeled after the contents found in the "
6050
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6051
"includes all profile basics."
6055
"directory named <filename class=\"directory\">/home/username</filename>. The "
6056
"default profile is modeled after the contents found in the directory of "
6057
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6054
#: serverguide/C/security.xml:140(para)
6061
#: serverguide/C/security.xml:151(para)
6056
6063
"If your server will be home to multiple users, you should pay close "
6057
6064
"attention to the user home directory permissions to ensure confidentiality. "
6061
6068
"your environment."
6064
#: serverguide/C/security.xml:145(para)
6071
#: serverguide/C/security.xml:156(para)
6066
"To verify your current users home directory permissions, use the following "
6073
"To verify your current user home directory permissions, use the following "
6070
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6077
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6071
6078
msgid "ls -ld /home/username"
6074
#: serverguide/C/security.xml:151(para)
6081
#: serverguide/C/security.xml:162(para)
6076
6083
"The following output shows that the directory <filename "
6077
"class=\"directory\">/home/username</filename> has world readable permissions:"
6084
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6080
#: serverguide/C/security.xml:154(computeroutput)
6087
#: serverguide/C/security.xml:165(computeroutput)
6082
6089
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6085
#: serverguide/C/security.xml:158(para)
6092
#: serverguide/C/security.xml:169(para)
6087
"You can remove the world readable permissions using the following syntax:"
6094
"You can remove the world readable-permissions using the following syntax:"
6090
#: serverguide/C/security.xml:162(command)
6097
#: serverguide/C/security.xml:173(command)
6091
6098
msgid "sudo chmod 0750 /home/username"
6094
#: serverguide/C/security.xml:165(para)
6101
#: serverguide/C/security.xml:176(para)
6096
6103
"Some people tend to use the recursive option (-R) indiscriminately which "
6097
6104
"modifies all child folders and files, but this is not necessary, and may "
6181
#: serverguide/C/security.xml:212(para)
6188
#: serverguide/C/security.xml:223(para)
6183
6190
"Basic password entropy checks and minimum length rules do not apply to the "
6184
6191
"administrator using sudo level commands to setup a new user."
6187
#: serverguide/C/security.xml:218(title)
6194
#: serverguide/C/security.xml:229(title)
6188
6195
msgid "Password Expiration"
6191
#: serverguide/C/security.xml:219(para)
6198
#: serverguide/C/security.xml:230(para)
6193
6200
"When creating user accounts, you should make it a policy to have a minimum "
6194
6201
"and maximum password age forcing users to change their passwords when they "
6198
#: serverguide/C/security.xml:224(para)
6205
#: serverguide/C/security.xml:235(para)
6200
6207
"To easily view the current status of a user account, use the following "
6204
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6211
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6205
6212
msgid "sudo chage -l username"
6208
#: serverguide/C/security.xml:230(para)
6215
#: serverguide/C/security.xml:241(para)
6210
6217
"The output below shows interesting facts about the user account, namely that "
6211
6218
"there are no policies applied:"
6214
#: serverguide/C/security.xml:233(computeroutput)
6221
#: serverguide/C/security.xml:244(computeroutput)
6217
"Last password change : Jan 20, 2008\n"
6224
"Last password change : Jan 20, 2015\n"
6218
6225
"Password expires : never\n"
6219
6226
"Password inactive : never\n"
6220
6227
"Account expires : never\n"
6223
6230
"Number of days of warning before password expires : 7"
6226
#: serverguide/C/security.xml:243(para)
6233
#: serverguide/C/security.xml:254(para)
6228
6235
"To set any of these values, simply use the following syntax, and follow the "
6229
6236
"interactive prompts:"
6232
#: serverguide/C/security.xml:247(command)
6239
#: serverguide/C/security.xml:258(command)
6233
6240
msgid "sudo chage username"
6236
#: serverguide/C/security.xml:249(para)
6243
#: serverguide/C/security.xml:260(para)
6238
6245
"The following is also an example of how you can manually change the explicit "
6239
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6246
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6240
6247
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6241
6248
"password expiration, and a warning time period (-W) of 14 days before "
6242
"password expiration."
6245
#: serverguide/C/security.xml:253(command)
6246
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6249
#: serverguide/C/security.xml:257(para)
6249
"password expiration:"
6252
#: serverguide/C/security.xml:264(command)
6253
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6256
#: serverguide/C/security.xml:268(para)
6250
6257
msgid "To verify changes, use the same syntax as mentioned previously:"
6253
#: serverguide/C/security.xml:263(para)
6260
#: serverguide/C/security.xml:274(para)
6255
6262
"The output below shows the new policies that have been established for the "
6259
#: serverguide/C/security.xml:266(computeroutput)
6266
#: serverguide/C/security.xml:277(computeroutput)
6262
"Last password change : Jan 20, 2008\n"
6263
"Password expires : Apr 19, 2008\n"
6264
"Password inactive : May 19, 2008\n"
6265
"Account expires : Jan 31, 2008\n"
6269
"Last password change : Jan 20, 2015\n"
6270
"Password expires : Apr 19, 2015\n"
6271
"Password inactive : May 19, 2015\n"
6272
"Account expires : Jan 31, 2015\n"
6266
6273
"Minimum number of days between password change : 5\n"
6267
6274
"Maximum number of days between password change : 90\n"
6268
6275
"Number of days of warning before password expires : 14"
6271
#: serverguide/C/security.xml:282(title)
6278
#: serverguide/C/security.xml:293(title)
6272
6279
msgid "Other Security Considerations"
6275
#: serverguide/C/security.xml:283(para)
6282
#: serverguide/C/security.xml:294(para)
6277
6284
"Many applications use alternate authentication mechanisms that can be easily "
6278
6285
"overlooked by even experienced system administrators. Therefore, it is "
6280
6287
"to services and applications on your server."
6283
#: serverguide/C/security.xml:288(title)
6290
#: serverguide/C/security.xml:299(title)
6284
6291
msgid "SSH Access by Disabled Users"
6287
#: serverguide/C/security.xml:289(para)
6294
#: serverguide/C/security.xml:300(para)
6289
6296
"Simply disabling/locking a user account will not prevent a user from logging "
6290
6297
"into your server remotely if they have previously set up RSA public key "
6291
6298
"authentication. They will still be able to gain shell access to the server, "
6292
6299
"without the need for any password. Remember to check the users home "
6293
6300
"directory for files that will allow for this type of authenticated SSH "
6294
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6301
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6297
#: serverguide/C/security.xml:292(para)
6304
#: serverguide/C/security.xml:303(para)
6299
6306
"Remove or rename the directory <filename "
6300
6307
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6301
6308
"further SSH authentication capabilities."
6304
#: serverguide/C/security.xml:295(para)
6311
#: serverguide/C/security.xml:306(para)
6306
6313
"Be sure to check for any established SSH connections by the disabled user, "
6307
6314
"as it is possible they may have existing inbound or outbound connections. "
6332
6339
"the file <filename>/etc/ssh/sshd_config</filename>."
6335
#: serverguide/C/security.xml:301(programlisting)
6342
#: serverguide/C/security.xml:316(programlisting)
6339
6346
"AllowGroups sshlogin\n"
6342
#: serverguide/C/security.xml:304(para)
6349
#: serverguide/C/security.xml:319(para)
6344
6351
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6348
#: serverguide/C/security.xml:308(command)
6355
#: serverguide/C/security.xml:323(command)
6349
6356
msgid "sudo adduser username sshlogin"
6352
#: serverguide/C/security.xml:309(command)
6359
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6353
6360
msgid "sudo service ssh restart"
6356
#: serverguide/C/security.xml:313(title)
6363
#: serverguide/C/security.xml:328(title)
6357
6364
msgid "External User Database Authentication"
6360
#: serverguide/C/security.xml:314(para)
6367
#: serverguide/C/security.xml:329(para)
6362
6369
"Most enterprise networks require centralized authentication and access "
6363
6370
"controls for all system resources. If you have configured your server to "
6364
6371
"authenticate users against external databases, be sure to disable the user "
6365
"accounts both externally and locally, this way you ensure that local "
6372
"accounts both externally and locally. This way you ensure that local "
6366
6373
"fallback authentication is not possible."
6369
#: serverguide/C/security.xml:323(title)
6376
#: serverguide/C/security.xml:338(title)
6370
6377
msgid "Console Security"
6373
#: serverguide/C/security.xml:324(para)
6380
#: serverguide/C/security.xml:339(para)
6375
6382
"As with any other security barrier you put in place to protect your server, "
6376
6383
"it is pretty tough to defend against untold damage caused by someone with "
6382
6389
"basic precautions with regard to console security."
6385
#: serverguide/C/security.xml:327(para)
6392
#: serverguide/C/security.xml:342(para)
6387
6394
"The following instructions will help defend your server against issues that "
6388
6395
"could otherwise yield very serious consequences."
6391
#: serverguide/C/security.xml:332(title)
6398
#: serverguide/C/security.xml:347(title)
6392
6399
msgid "Disable Ctrl+Alt+Delete"
6395
#: serverguide/C/security.xml:333(para)
6402
#: serverguide/C/security.xml:348(para)
6397
"First and foremost, anyone that has physical access to the keyboard can "
6404
"Anyone that has physical access to the keyboard can simply use the "
6399
6405
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6400
6406
"eycombo> key combination to reboot the server without having to log on. "
6401
"Sure, someone could simply unplug the power source, but you should still "
6402
"prevent the use of this key combination on a production server. This forces "
6403
"an attacker to take more drastic measures to reboot the server, and will "
6407
"While someone could simply unplug the power source, you should still prevent "
6408
"the use of this key combination on a production server. This forces an "
6409
"attacker to take more drastic measures to reboot the server, and will "
6404
6410
"prevent accidental reboots at the same time."
6407
#: serverguide/C/security.xml:338(para)
6413
#: serverguide/C/security.xml:353(para)
6409
6415
"To disable the reboot action taken by pressing the "
6410
6416
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6411
6417
"eycombo> key combination, comment out the following line in the file "
6412
"<filename>/etc/init/control-alt-delete.conf</filename>."
6418
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6415
#: serverguide/C/security.xml:341(programlisting)
6421
#: serverguide/C/security.xml:356(programlisting)
6419
6425
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6422
#: serverguide/C/security.xml:350(title)
6428
#: serverguide/C/security.xml:365(title)
6423
6429
msgid "Firewall"
6426
#: serverguide/C/security.xml:353(para)
6432
#: serverguide/C/security.xml:368(para)
6428
6434
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6429
6435
"which is used to manipulate or decide the fate of network traffic headed "
6431
6437
"system for packet filtering."
6434
#: serverguide/C/security.xml:358(para)
6440
#: serverguide/C/security.xml:373(para)
6436
6442
"The kernel's packet filtering system would be of little use to "
6437
6443
"administrators without a userspace interface to manage it. This is the "
6438
"purpose of iptables. When a packet reaches your server, it will be handed "
6444
"purpose of iptables: When a packet reaches your server, it will be handed "
6439
6445
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6440
6446
"based on the rules supplied to it from userspace via iptables. Thus, "
6441
"iptables is all you need to manage your firewall if you're familiar with it, "
6442
"but many frontends are available to simplify the task."
6447
"iptables is all you need to manage your firewall, if you're familiar with "
6448
"it, but many frontends are available to simplify the task."
6445
#: serverguide/C/security.xml:368(title)
6451
#: serverguide/C/security.xml:383(title)
6446
6452
msgid "ufw - Uncomplicated Firewall"
6449
#: serverguide/C/security.xml:369(para)
6455
#: serverguide/C/security.xml:384(para)
6451
6457
"The default firewall configuration tool for Ubuntu is "
6452
6458
"<application>ufw</application>. Developed to ease iptables firewall "
6453
"configuration, <application>ufw</application> provides a user friendly way "
6459
"configuration, <application>ufw</application> provides a user-friendly way "
6454
6460
"to create an IPv4 or IPv6 host-based firewall."
6457
#: serverguide/C/security.xml:373(para)
6463
#: serverguide/C/security.xml:388(para)
6459
6465
"<application>ufw</application> by default is initially disabled. From the "
6460
6466
"<application>ufw</application> man page:"
6463
#: serverguide/C/security.xml:377(quote)
6469
#: serverguide/C/security.xml:392(quote)
6465
6471
"ufw is not intended to provide complete firewall functionality via its "
6466
6472
"command interface, but instead provides an easy way to add or remove simple "
6467
6473
"rules. It is currently mainly used for host-based firewalls."
6470
#: serverguide/C/security.xml:381(para)
6476
#: serverguide/C/security.xml:396(para)
6472
6478
"The following are some examples of how to use <application>ufw</application>:"
6475
#: serverguide/C/security.xml:386(para)
6481
#: serverguide/C/security.xml:401(para)
6477
6483
"First, <application>ufw</application> needs to be enabled. From a terminal "
6478
6484
"prompt enter:"
6481
#: serverguide/C/security.xml:390(command)
6487
#: serverguide/C/security.xml:405(command)
6482
6488
msgid "sudo ufw enable"
6485
#: serverguide/C/security.xml:394(para)
6486
msgid "To open a port (ssh in this example):"
6491
#: serverguide/C/security.xml:409(para)
6492
msgid "To open a port (SSH in this example):"
6489
#: serverguide/C/security.xml:398(command)
6495
#: serverguide/C/security.xml:413(command)
6490
6496
msgid "sudo ufw allow 22"
6493
#: serverguide/C/security.xml:402(para)
6499
#: serverguide/C/security.xml:417(para)
6494
6500
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6497
#: serverguide/C/security.xml:406(command)
6503
#: serverguide/C/security.xml:421(command)
6498
6504
msgid "sudo ufw insert 1 allow 80"
6501
#: serverguide/C/security.xml:410(para)
6507
#: serverguide/C/security.xml:425(para)
6502
6508
msgid "Similarly, to close an opened port:"
6505
#: serverguide/C/security.xml:414(command)
6511
#: serverguide/C/security.xml:429(command)
6506
6512
msgid "sudo ufw deny 22"
6509
#: serverguide/C/security.xml:418(para)
6515
#: serverguide/C/security.xml:433(para)
6510
6516
msgid "To remove a rule, use delete followed by the rule:"
6513
#: serverguide/C/security.xml:422(command)
6519
#: serverguide/C/security.xml:437(command)
6514
6520
msgid "sudo ufw delete deny 22"
6517
#: serverguide/C/security.xml:426(para)
6523
#: serverguide/C/security.xml:441(para)
6519
6525
"It is also possible to allow access from specific hosts or networks to a "
6520
"port. The following example allows ssh access from host 192.168.0.2 to any "
6521
"ip address on this host:"
6526
"port. The following example allows SSH access from host 192.168.0.2 to any "
6527
"IP address on this host:"
6524
#: serverguide/C/security.xml:431(command)
6530
#: serverguide/C/security.xml:446(command)
6525
6531
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6528
#: serverguide/C/security.xml:433(para)
6534
#: serverguide/C/security.xml:448(para)
6530
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6536
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6534
#: serverguide/C/security.xml:439(para)
6540
#: serverguide/C/security.xml:454(para)
6536
6542
"Adding the <emphasis>--dry-run</emphasis> option to a "
6537
6543
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6569
6575
"Rules updated"
6572
#: serverguide/C/security.xml:473(para)
6578
#: serverguide/C/security.xml:488(para)
6573
6579
msgid "<application>ufw</application> can be disabled by:"
6576
#: serverguide/C/security.xml:477(command)
6582
#: serverguide/C/security.xml:492(command)
6577
6583
msgid "sudo ufw disable"
6580
#: serverguide/C/security.xml:481(para)
6586
#: serverguide/C/security.xml:496(para)
6581
6587
msgid "To see the firewall status, enter:"
6584
#: serverguide/C/security.xml:485(command)
6590
#: serverguide/C/security.xml:500(command)
6585
6591
msgid "sudo ufw status"
6588
#: serverguide/C/security.xml:489(para)
6594
#: serverguide/C/security.xml:504(para)
6589
6595
msgid "And for more verbose status information use:"
6592
#: serverguide/C/security.xml:493(command)
6598
#: serverguide/C/security.xml:508(command)
6593
6599
msgid "sudo ufw status verbose"
6596
#: serverguide/C/security.xml:497(para)
6602
#: serverguide/C/security.xml:512(para)
6597
6603
msgid "To view the <emphasis>numbered</emphasis> format:"
6600
#: serverguide/C/security.xml:501(command)
6606
#: serverguide/C/security.xml:516(command)
6601
6607
msgid "sudo ufw status numbered"
6604
#: serverguide/C/security.xml:506(para)
6610
#: serverguide/C/security.xml:521(para)
6606
6612
"If the port you want to open or close is defined in "
6607
6613
"<filename>/etc/services</filename>, you can use the port name instead of the "
6628
6634
"the default ports have been changed."
6631
#: serverguide/C/security.xml:529(para)
6637
#: serverguide/C/security.xml:544(para)
6633
6639
"To view which applications have installed a profile, enter the following in "
6637
#: serverguide/C/security.xml:534(command)
6643
#: serverguide/C/security.xml:549(command)
6638
6644
msgid "sudo ufw app list"
6641
#: serverguide/C/security.xml:540(para)
6647
#: serverguide/C/security.xml:555(para)
6643
6649
"Similar to allowing traffic to a port, using an application profile is "
6644
6650
"accomplished by entering:"
6647
#: serverguide/C/security.xml:545(command)
6653
#: serverguide/C/security.xml:560(command)
6648
6654
msgid "sudo ufw allow Samba"
6651
#: serverguide/C/security.xml:551(para)
6657
#: serverguide/C/security.xml:566(para)
6652
6658
msgid "An extended syntax is available as well:"
6655
#: serverguide/C/security.xml:556(command)
6661
#: serverguide/C/security.xml:571(command)
6656
6662
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6659
#: serverguide/C/security.xml:559(para)
6665
#: serverguide/C/security.xml:574(para)
6661
6667
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6662
6668
"with the application profile you are using and the IP range for your network."
6665
#: serverguide/C/security.xml:565(para)
6671
#: serverguide/C/security.xml:580(para)
6667
6673
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6668
6674
"application, because that information is detailed in the profile. Also, note "
6743
6749
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6746
#: serverguide/C/security.xml:631(programlisting)
6752
#: serverguide/C/security.xml:646(programlisting)
6750
6756
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6753
#: serverguide/C/security.xml:634(para)
6759
#: serverguide/C/security.xml:649(para)
6754
6760
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6757
#: serverguide/C/security.xml:637(programlisting)
6763
#: serverguide/C/security.xml:652(programlisting)
6761
6767
"net/ipv4/ip_forward=1\n"
6764
#: serverguide/C/security.xml:640(para)
6770
#: serverguide/C/security.xml:655(para)
6765
6771
msgid "Similarly, for IPv6 forwarding uncomment:"
6768
#: serverguide/C/security.xml:643(programlisting)
6774
#: serverguide/C/security.xml:658(programlisting)
6772
6778
"net/ipv6/conf/default/forwarding=1\n"
6775
#: serverguide/C/security.xml:648(para)
6781
#: serverguide/C/security.xml:663(para)
6777
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6778
"file. The default rules only configure the <emphasis>filter</emphasis> "
6779
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6780
"need to be configured. Add the following to the top of the file just after "
6781
"the header comments:"
6783
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6784
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6785
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6786
"configured. Add the following to the top of the file just after the header "
6784
#: serverguide/C/security.xml:653(programlisting)
6790
#: serverguide/C/security.xml:668(programlisting)
6848
6854
"forward</emphasis> chain."
6851
#: serverguide/C/security.xml:705(title)
6857
#: serverguide/C/security.xml:720(title)
6852
6858
msgid "iptables Masquerading"
6855
#: serverguide/C/security.xml:706(para)
6861
#: serverguide/C/security.xml:721(para)
6857
6863
"<application>iptables</application> can also be used to enable Masquerading."
6860
#: serverguide/C/security.xml:711(para)
6866
#: serverguide/C/security.xml:726(para)
6862
6868
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6863
6869
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6864
"uncomment the following line"
6870
"uncomment the following line:"
6867
#: serverguide/C/security.xml:715(programlisting)
6873
#: serverguide/C/security.xml:730(programlisting)
6871
6877
"net.ipv4.ip_forward=1\n"
6874
#: serverguide/C/security.xml:718(para)
6880
#: serverguide/C/security.xml:733(para)
6875
6881
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6878
#: serverguide/C/security.xml:721(programlisting)
6884
#: serverguide/C/security.xml:736(programlisting)
6882
6888
"net.ipv6.conf.default.forwarding=1\n"
6885
#: serverguide/C/security.xml:726(para)
6891
#: serverguide/C/security.xml:741(para)
6887
6893
"Next, execute the <application>sysctl</application> command to enable the "
6888
6894
"new settings in the configuration file:"
6891
#: serverguide/C/security.xml:730(command)
6897
#: serverguide/C/security.xml:745(command)
6892
6898
msgid "sudo sysctl -p"
6895
#: serverguide/C/security.xml:734(para)
6901
#: serverguide/C/security.xml:749(para)
6897
6903
"IP Masquerading can now be accomplished with a single iptables rule, which "
6898
6904
"may differ slightly based on your network configuration:"
6901
#: serverguide/C/security.xml:737(screen)
6907
#: serverguide/C/security.xml:752(screen)
6905
6911
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6908
#: serverguide/C/security.xml:740(para)
6914
#: serverguide/C/security.xml:755(para)
6910
6916
"The above command assumes that your private address space is 192.168.0.0/16 "
6911
6917
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6915
#: serverguide/C/security.xml:745(para)
6921
#: serverguide/C/security.xml:760(para)
6916
6922
msgid "-t nat -- the rule is to go into the nat table"
6919
#: serverguide/C/security.xml:746(para)
6925
#: serverguide/C/security.xml:761(para)
6921
6927
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6924
#: serverguide/C/security.xml:747(para)
6930
#: serverguide/C/security.xml:762(para)
6926
6932
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6927
6933
"specified address space"
6930
#: serverguide/C/security.xml:748(para)
6936
#: serverguide/C/security.xml:763(para)
6932
6938
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6933
6939
"specified network device"
6936
#: serverguide/C/security.xml:750(para)
6942
#: serverguide/C/security.xml:765(para)
6938
6944
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6939
6945
"MASQUERADE target to be manipulated as described above"
6942
#: serverguide/C/security.xml:758(para)
6948
#: serverguide/C/security.xml:773(para)
6944
6950
"Also, each chain in the filter table (the default table, and where most or "
6945
6951
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7057
7063
"or <application>lire</application>."
7060
#: serverguide/C/security.xml:837(title)
7066
#: serverguide/C/security.xml:851(title)
7061
7067
msgid "Other Tools"
7064
#: serverguide/C/security.xml:838(para)
7070
#: serverguide/C/security.xml:852(para)
7066
7072
"There are many tools available to help you construct a complete firewall "
7067
7073
"without intimate knowledge of iptables. For the GUI-inclined:"
7070
#: serverguide/C/security.xml:844(para)
7076
#: serverguide/C/security.xml:858(para)
7072
7078
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7073
7079
"and will look familiar to an administrator who has used a commercial "
7074
7080
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7077
#: serverguide/C/security.xml:850(para)
7083
#: serverguide/C/security.xml:864(para)
7079
7085
"If you prefer a command-line tool with plain-text configuration files:"
7082
#: serverguide/C/security.xml:855(para)
7088
#: serverguide/C/security.xml:869(para)
7084
7090
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7085
7091
"powerful solution to help you configure an advanced firewall for any network."
7088
#: serverguide/C/security.xml:866(para)
7094
#: serverguide/C/security.xml:880(para)
7090
7096
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7091
7097
"Firewall</ulink> wiki page contains information on the development of "
7092
7098
"<application>ufw</application>."
7095
#: serverguide/C/security.xml:872(para)
7101
#: serverguide/C/security.xml:886(para)
7097
7103
"Also, the <application>ufw</application> manual page contains some very "
7098
7104
"useful information: <command>man ufw</command>."
7101
#: serverguide/C/security.xml:877(para)
7107
#: serverguide/C/security.xml:891(para)
7103
7109
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7104
7110
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7105
7111
"on using <application>iptables</application>."
7108
#: serverguide/C/security.xml:883(para)
7114
#: serverguide/C/security.xml:897(para)
7110
7116
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7111
7117
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7114
#: serverguide/C/security.xml:889(para)
7120
#: serverguide/C/security.xml:903(para)
7116
7122
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7117
7123
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7120
#: serverguide/C/security.xml:897(title)
7126
#: serverguide/C/security.xml:911(title)
7121
7127
msgid "AppArmor"
7124
#: serverguide/C/security.xml:898(para)
7130
#: serverguide/C/security.xml:912(para)
7126
7132
"<application>AppArmor</application> is a Linux Security Module "
7127
7133
"implementation of name-based mandatory access controls. AppArmor confines "
7174
7180
"#1304134</ulink>) and instructions will not work as advertised."
7177
#: serverguide/C/security.xml:930(para)
7183
#: serverguide/C/security.xml:950(para)
7179
7185
"The <application>apparmor-utils</application> package contains command line "
7180
7186
"utilities that you can use to change the <application>AppArmor</application> "
7181
7187
"execution mode, find the status of a profile, create new profiles, etc."
7184
#: serverguide/C/security.xml:936(para)
7190
#: serverguide/C/security.xml:956(para)
7186
7192
"<application>apparmor_status</application> is used to view the current "
7187
7193
"status of AppArmor profiles."
7190
#: serverguide/C/security.xml:940(command)
7196
#: serverguide/C/security.xml:960(command)
7191
7197
msgid "sudo apparmor_status"
7194
#: serverguide/C/security.xml:944(para)
7200
#: serverguide/C/security.xml:964(para)
7196
7202
"<application>aa-complain</application> places a profile into "
7197
7203
"<emphasis>complain</emphasis> mode."
7200
#: serverguide/C/security.xml:948(command)
7206
#: serverguide/C/security.xml:968(command)
7201
7207
msgid "sudo aa-complain /path/to/bin"
7204
#: serverguide/C/security.xml:952(para)
7210
#: serverguide/C/security.xml:972(para)
7206
7212
"<application>aa-enforce</application> places a profile into "
7207
7213
"<emphasis>enforce</emphasis> mode."
7210
#: serverguide/C/security.xml:956(command)
7216
#: serverguide/C/security.xml:976(command)
7211
7217
msgid "sudo aa-enforce /path/to/bin"
7214
#: serverguide/C/security.xml:960(para)
7220
#: serverguide/C/security.xml:980(para)
7216
7222
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7217
7223
"profiles are located. It can be used to manipulate the "
7218
7224
"<emphasis>mode</emphasis> of all profiles."
7221
#: serverguide/C/security.xml:964(para)
7227
#: serverguide/C/security.xml:984(para)
7222
7228
msgid "Enter the following to place all profiles into complain mode:"
7225
#: serverguide/C/security.xml:968(command)
7231
#: serverguide/C/security.xml:988(command)
7226
7232
msgid "sudo aa-complain /etc/apparmor.d/*"
7229
#: serverguide/C/security.xml:970(para)
7235
#: serverguide/C/security.xml:990(para)
7230
7236
msgid "To place all profiles in enforce mode:"
7233
#: serverguide/C/security.xml:974(command)
7239
#: serverguide/C/security.xml:994(command)
7234
7240
msgid "sudo aa-enforce /etc/apparmor.d/*"
7237
#: serverguide/C/security.xml:978(para)
7243
#: serverguide/C/security.xml:998(para)
7239
7245
"<application>apparmor_parser</application> is used to load a profile into "
7240
7246
"the kernel. It can also be used to reload a currently loaded profile using "
7241
7247
"the <emphasis>-r</emphasis> option. To load a profile:"
7244
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7250
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7245
7251
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7248
#: serverguide/C/security.xml:985(para)
7254
#: serverguide/C/security.xml:1005(para)
7249
7255
msgid "To reload a profile:"
7252
#: serverguide/C/security.xml:989(command)
7258
#: serverguide/C/security.xml:1009(command)
7253
7259
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7259
7265
"<emphasis>reload</emphasis> all profiles:"
7262
#: serverguide/C/network-auth.xml:964(command)
7268
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7263
7269
msgid "sudo service apparmor reload"
7266
#: serverguide/C/security.xml:1001(para)
7272
#: serverguide/C/security.xml:1021(para)
7268
7274
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7269
7275
"with the <application>apparmor_parser -R</application> option to "
7270
7276
"<emphasis>disable</emphasis> a profile."
7273
#: serverguide/C/security.xml:1006(command)
7279
#: serverguide/C/security.xml:1026(command)
7274
7280
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7277
#: serverguide/C/security.xml:1007(command)
7283
#: serverguide/C/security.xml:1027(command)
7278
7284
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7281
#: serverguide/C/security.xml:1009(para)
7287
#: serverguide/C/security.xml:1029(para)
7283
7289
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7284
7290
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7285
7291
"load the profile using the <emphasis>-a</emphasis> option."
7288
#: serverguide/C/security.xml:1014(command)
7294
#: serverguide/C/security.xml:1034(command)
7289
7295
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7292
#: serverguide/C/security.xml:1019(para)
7298
#: serverguide/C/security.xml:1039(para)
7294
7300
"<application>AppArmor</application> can be disabled, and the kernel module "
7295
7301
"unloaded by entering the following:"
7379
#: serverguide/C/security.xml:1088(para)
7385
#: serverguide/C/security.xml:1108(para)
7381
7387
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7382
7388
"from other files. This allows statements pertaining to multiple applications "
7383
7389
"to be placed in a common file."
7386
#: serverguide/C/security.xml:1094(para)
7392
#: serverguide/C/security.xml:1114(para)
7388
7394
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7389
7395
"program, also setting the mode to <emphasis>complain</emphasis>."
7392
#: serverguide/C/security.xml:1100(para)
7398
#: serverguide/C/security.xml:1120(para)
7394
7400
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7395
7401
"the CAP_NET_RAW Posix.1e capability."
7398
#: serverguide/C/security.xml:1105(para)
7404
#: serverguide/C/security.xml:1125(para)
7400
7406
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7401
7407
"execute access to the file."
7404
#: serverguide/C/security.xml:1111(para)
7410
#: serverguide/C/security.xml:1131(para)
7406
7412
"After editing a profile file the profile must be reloaded. See <xref "
7407
7413
"linkend=\"apparmor-usage\"/> for details."
7410
#: serverguide/C/security.xml:1116(title)
7416
#: serverguide/C/security.xml:1136(title)
7411
7417
msgid "Creating a Profile"
7414
#: serverguide/C/security.xml:1119(para)
7420
#: serverguide/C/security.xml:1139(para)
7416
7422
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7417
7423
"application should be exercised. The test plan should be divided into small "
7419
7425
"steps to follow."
7422
#: serverguide/C/security.xml:1123(para)
7428
#: serverguide/C/security.xml:1143(para)
7423
7429
msgid "Some standard test cases are:"
7426
#: serverguide/C/security.xml:1128(para)
7432
#: serverguide/C/security.xml:1148(para)
7427
7433
msgid "Starting the program."
7430
#: serverguide/C/security.xml:1133(para)
7436
#: serverguide/C/security.xml:1153(para)
7431
7437
msgid "Stopping the program."
7434
#: serverguide/C/security.xml:1138(para)
7440
#: serverguide/C/security.xml:1158(para)
7435
7441
msgid "Reloading the program."
7438
#: serverguide/C/security.xml:1143(para)
7444
#: serverguide/C/security.xml:1163(para)
7439
7445
msgid "Testing all the commands supported by the init script."
7442
#: serverguide/C/security.xml:1150(para)
7448
#: serverguide/C/security.xml:1170(para)
7444
7450
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7445
7451
"genprof</application> to generate a new profile. From a terminal:"
7448
#: serverguide/C/security.xml:1155(command)
7454
#: serverguide/C/security.xml:1175(command)
7449
7455
msgid "sudo aa-genprof executable"
7452
#: serverguide/C/security.xml:1157(para)
7458
#: serverguide/C/security.xml:1177(para)
7453
7459
msgid "For example:"
7456
#: serverguide/C/security.xml:1161(command)
7462
#: serverguide/C/security.xml:1181(command)
7457
7463
msgid "sudo aa-genprof slapd"
7460
#: serverguide/C/security.xml:1165(para)
7466
#: serverguide/C/security.xml:1185(para)
7462
7468
"To get your new profile included in the <application>apparmor-"
7463
7469
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7534
7540
"the private key."
7537
#: serverguide/C/security.xml:1239(para)
7543
#: serverguide/C/security.xml:1259(para)
7539
7545
"A common use for public-key cryptography is encrypting application traffic "
7540
7546
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7541
"connection. For example, configuring Apache to provide "
7547
"connection. One example: configuring Apache to provide "
7542
7548
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7543
7549
"encrypt traffic using a protocol that does not itself provide encryption."
7546
#: serverguide/C/security.xml:1244(para)
7552
#: serverguide/C/security.xml:1264(para)
7548
7554
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7549
7555
"<emphasis>public key</emphasis> and other information about a server and the "
7550
7556
"organization who is responsible for it. Certificates can be digitally signed "
7551
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7557
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7552
7558
"third party that has confirmed that the information contained in the "
7553
7559
"certificate is accurate."
7556
#: serverguide/C/security.xml:1251(title)
7562
#: serverguide/C/security.xml:1271(title)
7557
7563
msgid "Types of Certificates"
7560
#: serverguide/C/security.xml:1252(para)
7566
#: serverguide/C/security.xml:1272(para)
7562
7568
"To set up a secure server using public-key cryptography, in most cases, you "
7563
7569
"send your certificate request (including your public key), proof of your "
7624
7630
"your friends or colleagues, or purely on monetary factors."
7627
#: serverguide/C/security.xml:1317(para)
7633
#: serverguide/C/security.xml:1337(para)
7629
7635
"Once you have decided upon a CA, you need to follow the instructions they "
7630
7636
"provide on how to obtain a certificate from them."
7633
#: serverguide/C/security.xml:1322(para)
7639
#: serverguide/C/security.xml:1342(para)
7635
7641
"When the CA is satisfied that you are indeed who you claim to be, they send "
7636
7642
"you a digital certificate."
7639
#: serverguide/C/security.xml:1326(para)
7645
#: serverguide/C/security.xml:1346(para)
7641
7647
"Install this certificate on your secure server, and configure the "
7642
7648
"appropriate applications to use the certificate."
7645
#: serverguide/C/security.xml:1335(title)
7651
#: serverguide/C/security.xml:1355(title)
7646
7652
msgid "Generating a Certificate Signing Request (CSR)"
7649
#: serverguide/C/security.xml:1337(para)
7655
#: serverguide/C/security.xml:1357(para)
7651
7657
"Whether you are getting a certificate from a CA or generating your own self-"
7652
7658
"signed certificate, the first step is to generate a key."
7655
#: serverguide/C/security.xml:1342(para)
7661
#: serverguide/C/security.xml:1362(para)
7657
7663
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7658
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7664
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7659
7665
"passphrase allows the services to start without manual intervention, usually "
7660
7666
"the preferred way to start a daemon."
7663
#: serverguide/C/security.xml:1348(para)
7669
#: serverguide/C/security.xml:1368(para)
7665
7671
"This section will cover generating a key with a passphrase, and one without. "
7666
7672
"The non-passphrase key will then be used to generate a certificate that can "
7667
7673
"be used with various service daemons."
7670
#: serverguide/C/security.xml:1354(para)
7676
#: serverguide/C/security.xml:1374(para)
7672
7678
"Running your secure service without a passphrase is convenient because you "
7673
7679
"will not need to enter the passphrase every time you start your secure "
7704
7710
"in a dictionary. Also remember that your passphrase is case-sensitive."
7707
#: serverguide/C/security.xml:1386(para)
7713
#: serverguide/C/security.xml:1406(para)
7709
7715
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7710
7716
"server key is generated and stored in the <filename>server.key</filename> "
7714
#: serverguide/C/security.xml:1392(para)
7720
#: serverguide/C/security.xml:1412(para)
7716
7722
"Now create the insecure key, the one without a passphrase, and shuffle the "
7720
#: serverguide/C/security.xml:1398(command)
7726
#: serverguide/C/security.xml:1418(command)
7721
7727
msgid "openssl rsa -in server.key -out server.key.insecure"
7724
#: serverguide/C/security.xml:1399(command)
7730
#: serverguide/C/security.xml:1419(command)
7725
7731
msgid "mv server.key server.key.secure"
7728
#: serverguide/C/security.xml:1400(command)
7734
#: serverguide/C/security.xml:1420(command)
7729
7735
msgid "mv server.key.insecure server.key"
7732
#: serverguide/C/security.xml:1403(para)
7738
#: serverguide/C/security.xml:1423(para)
7734
7740
"The insecure key is now named <filename>server.key</filename>, and you can "
7735
7741
"use this file to generate the CSR without passphrase."
7738
#: serverguide/C/security.xml:1408(para)
7744
#: serverguide/C/security.xml:1428(para)
7739
7745
msgid "To create the CSR, run the following command at a terminal prompt:"
7742
#: serverguide/C/security.xml:1413(command)
7748
#: serverguide/C/security.xml:1433(command)
7743
7749
msgid "openssl req -new -key server.key -out server.csr"
7746
#: serverguide/C/security.xml:1416(para)
7752
#: serverguide/C/security.xml:1436(para)
7748
7754
"It will prompt you enter the passphrase. If you enter the correct "
7749
7755
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7751
7757
"be stored in the <filename>server.csr</filename> file."
7754
#: serverguide/C/security.xml:1424(para)
7760
#: serverguide/C/security.xml:1444(para)
7756
7762
"You can now submit this CSR file to a CA for processing. The CA will use "
7757
7763
"this CSR file and issue the certificate. On the other hand, you can create "
7758
7764
"self-signed certificate using this CSR."
7761
#: serverguide/C/security.xml:1432(title)
7767
#: serverguide/C/security.xml:1452(title)
7762
7768
msgid "Creating a Self-Signed Certificate"
7765
#: serverguide/C/security.xml:1433(para)
7771
#: serverguide/C/security.xml:1453(para)
7767
7773
"To create the self-signed certificate, run the following command at a "
7768
7774
"terminal prompt:"
7771
#: serverguide/C/security.xml:1438(command)
7777
#: serverguide/C/security.xml:1458(command)
7773
7779
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7777
#: serverguide/C/security.xml:1441(para)
7783
#: serverguide/C/security.xml:1461(para)
7779
7785
"The above command will prompt you to enter the passphrase. Once you enter "
7780
7786
"the correct passphrase, your certificate will be created and it will be "
7781
7787
"stored in the <filename>server.crt</filename> file."
7784
#: serverguide/C/security.xml:1446(para)
7790
#: serverguide/C/security.xml:1466(para)
7786
7792
"If your secure server is to be used in a production environment, you "
7787
7793
"probably need a CA-signed certificate. It is not recommended to use self-"
7788
7794
"signed certificate."
7791
#: serverguide/C/security.xml:1454(title)
7797
#: serverguide/C/security.xml:1474(title)
7792
7798
msgid "Installing the Certificate"
7795
#: serverguide/C/security.xml:1456(para)
7801
#: serverguide/C/security.xml:1476(para)
7797
7803
"You can install the key file <filename>server.key</filename> and certificate "
7798
7804
"file <filename>server.crt</filename>, or the certificate file issued by your "
7799
7805
"CA, by running following commands at a terminal prompt:"
7802
#: serverguide/C/security.xml:1462(command)
7808
#: serverguide/C/security.xml:1482(command)
7803
7809
msgid "sudo cp server.crt /etc/ssl/certs"
7806
#: serverguide/C/security.xml:1463(command)
7812
#: serverguide/C/security.xml:1483(command)
7807
7813
msgid "sudo cp server.key /etc/ssl/private"
7810
#: serverguide/C/security.xml:1465(para)
7816
#: serverguide/C/security.xml:1485(para)
7812
7818
"Now simply configure any applications, with the ability to use public-key "
7813
7819
"cryptography, to use the <emphasis>certificate</emphasis> and "
7966
#: serverguide/C/security.xml:1614(para)
7972
#: serverguide/C/security.xml:1634(para)
7968
7974
"For more detailed instructions on using cryptography see the <ulink "
7969
7975
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7970
"Certificates HOWTO</ulink> by tldp.org"
7976
"Certificates HOWTO</ulink> by tldp.org:"
7973
#: serverguide/C/security.xml:1620(para)
7979
#: serverguide/C/security.xml:1640(para)
7975
7981
"The Wikipedia <ulink "
7976
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7982
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
7977
7983
"information regarding HTTPS."
7980
#: serverguide/C/security.xml:1625(para)
7986
#: serverguide/C/security.xml:1645(para)
7982
7988
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7983
7989
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7986
#: serverguide/C/security.xml:1630(para)
7992
#: serverguide/C/security.xml:1650(para)
7988
7994
"Also, O'Reilly's <ulink "
7989
7995
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7990
"OpenSSL</ulink> is a good in depth reference."
7996
"OpenSSL</ulink> is a good in-depth reference."
7993
#: serverguide/C/security.xml:1639(title)
7999
#: serverguide/C/security.xml:1659(title)
7994
8000
msgid "eCryptfs"
8002
8008
"filesystem, partition type, etc."
8005
#: serverguide/C/security.xml:1647(para)
8011
#: serverguide/C/security.xml:1667(para)
8007
8013
"During installation there is an option to encrypt the <filename "
8008
8014
"role=\"directory\">/home</filename> partition. This will automatically "
8009
8015
"configure everything needed to encrypt and mount the partition."
8012
#: serverguide/C/security.xml:1652(para)
8018
#: serverguide/C/security.xml:1672(para)
8014
8020
"As an example, this section will cover configuring <filename "
8015
8021
"role=\"directory\">/srv</filename> to be encrypted using "
8016
8022
"<emphasis>eCryptfs</emphasis>."
8019
#: serverguide/C/security.xml:1657(title)
8025
#: serverguide/C/security.xml:1677(title)
8020
8026
msgid "Using eCryptfs"
8023
#: serverguide/C/security.xml:1659(para)
8029
#: serverguide/C/security.xml:1679(para)
8024
8030
msgid "First, install the necessary packages. From a terminal prompt enter:"
8027
#: serverguide/C/security.xml:1664(command)
8033
#: serverguide/C/security.xml:1684(command)
8028
8034
msgid "sudo apt-get install ecryptfs-utils"
8031
#: serverguide/C/security.xml:1667(para)
8037
#: serverguide/C/security.xml:1687(para)
8032
8038
msgid "Now mount the partition to be encrypted:"
8035
#: serverguide/C/security.xml:1672(command)
8041
#: serverguide/C/security.xml:1692(command)
8036
8042
msgid "sudo mount -t ecryptfs /srv /srv"
8039
#: serverguide/C/security.xml:1675(para)
8045
#: serverguide/C/security.xml:1695(para)
8041
8047
"You will then be prompted for some details on how "
8042
8048
"<application>ecryptfs</application> should encrypt the data."
8045
#: serverguide/C/security.xml:1679(para)
8051
#: serverguide/C/security.xml:1699(para)
8047
8053
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8048
8054
"copy the <filename>/etc/default</filename> folder to "
8049
8055
"<filename>/srv</filename>:"
8052
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8058
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8053
8059
msgid "sudo cp -r /etc/default /srv"
8056
#: serverguide/C/security.xml:1688(para)
8062
#: serverguide/C/security.xml:1708(para)
8057
8063
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8060
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8066
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8061
8067
msgid "sudo umount /srv"
8064
#: serverguide/C/security.xml:1694(command)
8070
#: serverguide/C/security.xml:1714(command)
8065
8071
msgid "cat /srv/default/cron"
8068
#: serverguide/C/security.xml:1697(para)
8074
#: serverguide/C/security.xml:1717(para)
8070
8076
"Remounting <filename>/srv</filename> using "
8071
8077
"<application>ecryptfs</application> will make the data viewable once again."
8074
#: serverguide/C/security.xml:1703(title)
8080
#: serverguide/C/security.xml:1723(title)
8075
8081
msgid "Automatically Mounting Encrypted Partitions"
8078
#: serverguide/C/security.xml:1705(para)
8084
#: serverguide/C/security.xml:1725(para)
8080
8086
"There are a couple of ways to automatically mount an "
8081
8087
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8158
8164
"other users on the system."
8161
#: serverguide/C/security.xml:1772(para)
8167
#: serverguide/C/security.xml:1792(para)
8163
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8164
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8169
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8170
"private</emphasis> will mount and unmount a user's "
8171
"<filename>~/Private</filename> directory."
8168
#: serverguide/C/security.xml:1778(para)
8174
#: serverguide/C/security.xml:1798(para)
8170
8176
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8171
8177
"kernel keyring."
8174
#: serverguide/C/security.xml:1783(para)
8180
#: serverguide/C/security.xml:1803(para)
8176
8182
"<emphasis>ecryptfs-manager:</emphasis> manages "
8177
8183
"<application>eCryptfs</application> objects such as keys."
8180
#: serverguide/C/security.xml:1788(para)
8186
#: serverguide/C/security.xml:1808(para)
8182
8188
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8183
8189
"<application>ecryptfs</application> meta information for a file."
8186
#: serverguide/C/security.xml:1801(para)
8192
#: serverguide/C/security.xml:1821(para)
8188
8194
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8189
8195
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8192
#: serverguide/C/security.xml:1806(para)
8198
#: serverguide/C/security.xml:1826(para)
8194
8200
"There is also a <ulink "
8195
8201
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8775
8781
"of the Samba guide for more details."
8778
#: serverguide/C/windows-networking.xml:425(para)
8784
#: serverguide/C/samba.xml:425(para)
8780
8786
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8781
8787
"without supplying a username and password."
8784
#: serverguide/C/windows-networking.xml:432(para)
8790
#: serverguide/C/samba.xml:432(para)
8786
8792
"The security mode you choose will depend on your environment and what you "
8787
8793
"need the Samba server to accomplish."
8790
#: serverguide/C/windows-networking.xml:438(title)
8796
#: serverguide/C/samba.xml:438(title)
8791
8797
msgid "Security = User"
8792
8798
msgstr "Security = User"
8794
#: serverguide/C/windows-networking.xml:440(para)
8800
#: serverguide/C/samba.xml:440(para)
8796
8802
"This section will reconfigure the Samba file and print server, from <xref "
8797
8803
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8798
8804
"require authentication."
8801
#: serverguide/C/windows-networking.xml:445(para)
8807
#: serverguide/C/samba.xml:445(para)
8803
8809
"First, install the <application>libpam-smbpass</application> package which "
8804
8810
"will sync the system users to the Samba user database:"
8807
#: serverguide/C/windows-networking.xml:451(command)
8813
#: serverguide/C/samba.xml:451(command)
8808
8814
msgid "sudo apt-get install libpam-smbpass"
8809
8815
msgstr "sudo apt-get install libpam-smbpass"
8811
#: serverguide/C/windows-networking.xml:455(para)
8817
#: serverguide/C/samba.xml:455(para)
8813
8819
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8814
8820
"<application>libpam-smbpass</application> is already installed."
8817
#: serverguide/C/windows-networking.xml:461(para)
8823
#: serverguide/C/samba.xml:461(para)
8819
8825
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8820
8826
"<emphasis>[share]</emphasis> section change:"
8832
8838
" guest ok = no\n"
8834
#: serverguide/C/windows-networking.xml:469(para)
8840
#: serverguide/C/samba.xml:469(para)
8835
8841
msgid "Finally, restart Samba for the new settings to take effect:"
8837
8843
"Per acabar, reaviatz Samba per que los paramètres novèls sián preses en "
8840
#: serverguide/C/windows-networking.xml:478(para)
8846
#: serverguide/C/samba.xml:478(para)
8842
8848
"Now when connecting to the shared directories or printers you should be "
8843
8849
"prompted for a username and password."
8846
#: serverguide/C/windows-networking.xml:483(para)
8852
#: serverguide/C/samba.xml:483(para)
8848
8854
"If you choose to map a network drive to the share you can check the "
8849
8855
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8850
8856
"enter the username and password once, at least until the password changes."
8853
#: serverguide/C/windows-networking.xml:491(title)
8859
#: serverguide/C/samba.xml:491(title)
8854
8860
msgid "Share Security"
8855
8861
msgstr "Seguretat dels Partiments"
8857
#: serverguide/C/windows-networking.xml:493(para)
8863
#: serverguide/C/samba.xml:493(para)
8859
8865
"There are several options available to increase the security for each "
8860
8866
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8861
8867
"this section will cover some common options."
8864
#: serverguide/C/windows-networking.xml:499(title)
8870
#: serverguide/C/samba.xml:499(title)
8866
8872
msgstr "Gropes"
8868
#: serverguide/C/windows-networking.xml:501(para)
8874
#: serverguide/C/samba.xml:501(para)
8870
8876
"Groups define a collection of computers or users which have a common level "
8871
8877
"of access to particular network resources and offer a level of granularity "
9244
#: serverguide/C/windows-networking.xml:827(para)
9250
#: serverguide/C/samba.xml:827(para)
9246
9252
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9249
#: serverguide/C/windows-networking.xml:832(para)
9255
#: serverguide/C/samba.xml:832(para)
9251
9257
"<emphasis>logon home:</emphasis> specifies the home directory location."
9254
#: serverguide/C/windows-networking.xml:837(para)
9260
#: serverguide/C/samba.xml:837(para)
9256
9262
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9257
9263
"once a user has logged in. The script needs to be placed in the "
9258
9264
"<emphasis>[netlogon]</emphasis> share."
9261
#: serverguide/C/windows-networking.xml:843(para)
9267
#: serverguide/C/samba.xml:843(para)
9263
9269
"<emphasis>add machine script:</emphasis> a script that will automatically "
9264
9270
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9265
9271
"workstation to join the domain."
9268
#: serverguide/C/windows-networking.xml:847(para)
9274
#: serverguide/C/samba.xml:847(para)
9270
9276
"In this example the <emphasis>machines</emphasis> group will need to be "
9271
9277
"created using the <application>addgroup</application> utility see <xref "
9272
9278
"linkend=\"adding-deleting-users\"/> for details."
9275
#: serverguide/C/windows-networking.xml:858(para)
9281
#: serverguide/C/samba.xml:858(para)
9277
9283
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9278
9284
"role=\"italic\">logon home</emphasis> to be mapped:"
9281
#: serverguide/C/windows-networking.xml:863(programlisting)
9287
#: serverguide/C/samba.xml:863(programlisting)
9333
9339
"location for site-specific data provided by the system."
9336
#: serverguide/C/windows-networking.xml:902(para)
9342
#: serverguide/C/samba.xml:902(para)
9338
9344
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9339
9345
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9342
#: serverguide/C/windows-networking.xml:908(command)
9348
#: serverguide/C/samba.xml:908(command)
9343
9349
msgid "sudo mkdir -p /srv/samba/netlogon"
9344
9350
msgstr "sudo mkdir -p /srv/samba/netlogon"
9346
#: serverguide/C/windows-networking.xml:909(command)
9352
#: serverguide/C/samba.xml:909(command)
9347
9353
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9348
9354
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9350
#: serverguide/C/windows-networking.xml:912(para)
9356
#: serverguide/C/samba.xml:912(para)
9352
9358
"You can enter any normal Windows logon script commands in "
9353
9359
"<filename>logon.cmd</filename> to customize the client's environment."
9356
#: serverguide/C/windows-networking.xml:920(para)
9362
#: serverguide/C/samba.xml:920(para)
9357
9363
msgid "Restart Samba to enable the new domain controller:"
9360
#: serverguide/C/windows-networking.xml:932(para)
9366
#: serverguide/C/samba.xml:932(para)
9362
9368
"Lastly, there are a few additional commands needed to setup the appropriate "
9366
#: serverguide/C/windows-networking.xml:936(para)
9372
#: serverguide/C/samba.xml:936(para)
9368
9374
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9369
9375
"workstation to the domain, a system group needs to be mapped to the Windows "
9400
#: serverguide/C/windows-networking.xml:963(para)
9406
#: serverguide/C/samba.xml:963(para)
9402
9408
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9403
9409
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9404
9410
"(and other admin functions) to work. This is achieved by executing:"
9407
#: serverguide/C/windows-networking.xml:968(command)
9413
#: serverguide/C/samba.xml:968(command)
9409
9415
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9410
9416
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9411
9417
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9414
#: serverguide/C/windows-networking.xml:976(para)
9420
#: serverguide/C/samba.xml:976(para)
9416
9422
"You should now be able to join Windows clients to the Domain in the same "
9417
9423
"manner as joining them to an NT4 domain running on a Windows server."
9420
#: serverguide/C/windows-networking.xml:986(title)
9426
#: serverguide/C/samba.xml:986(title)
9421
9427
msgid "Backup Domain Controller"
9422
9428
msgstr "Contrarotlador segondari de domeni"
9424
#: serverguide/C/windows-networking.xml:988(para)
9430
#: serverguide/C/samba.xml:988(para)
9426
9432
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9427
9433
"Backup Domain Controller (BDC) as well. This will allow clients to "
9428
9434
"authenticate in case the PDC becomes unavailable."
9431
#: serverguide/C/windows-networking.xml:993(para)
9437
#: serverguide/C/samba.xml:993(para)
9433
9439
"When configuring Samba as a BDC you need a way to sync account information "
9434
9440
"with the PDC. There are multiple ways of accomplishing this "
9482
9488
"files, enter:"
9485
#: serverguide/C/windows-networking.xml:1050(command)
9491
#: serverguide/C/samba.xml:1050(command)
9486
9492
msgid "sudo chgrp -R admin /var/lib/samba"
9487
9493
msgstr "sudo chgrp -R admin /var/lib/samba"
9489
#: serverguide/C/windows-networking.xml:1056(para)
9495
#: serverguide/C/samba.xml:1056(para)
9491
9497
"Next, sync the user accounts, using <application>scp</application> to copy "
9492
9498
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9495
#: serverguide/C/windows-networking.xml:1062(command)
9501
#: serverguide/C/samba.xml:1062(command)
9496
9502
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9497
9503
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9499
#: serverguide/C/windows-networking.xml:1066(para)
9505
#: serverguide/C/samba.xml:1066(para)
9501
9507
"Replace <emphasis>username</emphasis> with a valid username and "
9502
9508
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9505
#: serverguide/C/windows-networking.xml:1075(para)
9511
#: serverguide/C/samba.xml:1075(para)
9506
9512
msgid "Finally, restart <application>samba</application>:"
9509
#: serverguide/C/windows-networking.xml:1087(para)
9515
#: serverguide/C/samba.xml:1087(para)
9511
9517
"You can test that your Backup Domain controller is working by stopping the "
9512
9518
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9516
#: serverguide/C/windows-networking.xml:1092(para)
9522
#: serverguide/C/samba.xml:1092(para)
9518
9524
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9519
9525
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9610
9616
"security\"/> for more details."
9613
#: serverguide/C/windows-networking.xml:1199(title)
9619
#: serverguide/C/samba.xml:1199(title)
9614
9620
msgid "Accessing a Windows Share"
9615
9621
msgstr "Accedir a un partiment Windows"
9617
#: serverguide/C/windows-networking.xml:1201(para)
9623
#: serverguide/C/samba.xml:1201(para)
9619
9625
"Now that the Samba server is part of the Active Directory domain you can "
9620
9626
"access any Windows server shares:"
9623
#: serverguide/C/windows-networking.xml:1208(para)
9629
#: serverguide/C/samba.xml:1208(para)
9625
9631
"To mount a Windows file share enter the following in a terminal prompt:"
9628
#: serverguide/C/windows-networking.xml:1212(command)
9634
#: serverguide/C/samba.xml:1212(command)
9629
9635
msgid "mount.cifs //fs01.example.com/share mount_point"
9630
9636
msgstr "mount.cifs //fs01.example.com/partage punt_de_montatge"
9632
#: serverguide/C/windows-networking.xml:1215(para)
9638
#: serverguide/C/samba.xml:1215(para)
9634
9640
"It is also possible to access shares on computers not part of an AD domain, "
9635
9641
"but a username and password will need to be provided."
9638
#: serverguide/C/windows-networking.xml:1223(para)
9644
#: serverguide/C/samba.xml:1223(para)
9640
9646
"To mount the share during boot place an entry in "
9641
9647
"<filename>/etc/fstab</filename>, for example:"
9644
#: serverguide/C/windows-networking.xml:1227(programlisting)
9650
#: serverguide/C/samba.xml:1227(programlisting)
9652
9658
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
9655
#: serverguide/C/windows-networking.xml:1234(para)
9661
#: serverguide/C/samba.xml:1234(para)
9657
9663
"Another way to copy files from a Windows server is to use the "
9658
9664
"<application>smbclient</application> utility. To list the files in a Windows "
9662
#: serverguide/C/windows-networking.xml:1240(command)
9668
#: serverguide/C/samba.xml:1240(command)
9663
9669
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9664
9670
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
9666
#: serverguide/C/windows-networking.xml:1246(para)
9672
#: serverguide/C/samba.xml:1246(para)
9667
9673
msgid "To copy a file from the share, enter:"
9670
#: serverguide/C/windows-networking.xml:1251(command)
9676
#: serverguide/C/samba.xml:1251(command)
9671
9677
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9672
9678
msgstr "smbclient //fs01.example.com/partage -k -c \"get fichièr.txt\""
9674
#: serverguide/C/windows-networking.xml:1254(para)
9680
#: serverguide/C/samba.xml:1254(para)
9676
9682
"This will copy the <filename>file.txt</filename> into the current directory."
9679
#: serverguide/C/windows-networking.xml:1261(para)
9685
#: serverguide/C/samba.xml:1261(para)
9680
9686
msgid "And to copy a file to the share:"
9681
9687
msgstr "Per copiar un fichièr cap al partiment :"
9683
#: serverguide/C/windows-networking.xml:1266(command)
9689
#: serverguide/C/samba.xml:1266(command)
9684
9690
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9685
9691
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9687
#: serverguide/C/windows-networking.xml:1269(para)
9693
#: serverguide/C/samba.xml:1269(para)
9689
9695
"This will copy the <filename>/etc/hosts</filename> to "
9690
9696
"<filename>//fs01.example.com/share/hosts</filename>."
9693
#: serverguide/C/windows-networking.xml:1276(para)
9699
#: serverguide/C/samba.xml:1276(para)
9695
9701
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9696
9702
"<application>smbclient</application> command all at once. This is useful for "
10662
10668
"<application>Microsoft Active Directory</application> domain."
10665
#: serverguide/C/remote-administration.xml:509(para)
10671
#: serverguide/C/remote-administration.xml:549(para)
10667
10673
"zentyal-squid: configures <application>Squid</application> and "
10668
10674
"<application>Dansguardian</application> for speeding up browsing thanks to "
10669
10675
"the caching capabilities and content filtering."
10672
#: serverguide/C/remote-administration.xml:516(para)
10678
#: serverguide/C/remote-administration.xml:556(para)
10674
10680
"zentyal-samba: allows <application>Samba</application> configuration and "
10675
10681
"integration with existing LDAP. From the same interface you can define "
10676
10682
"password policies, create shared resources and assign permissions."
10679
#: serverguide/C/remote-administration.xml:524(para)
10685
#: serverguide/C/remote-administration.xml:564(para)
10681
10687
"zentyal-printers: integrates <application>CUPS</application> with "
10682
10688
"<application>Samba</application> and allows not only to configure the "
10683
10689
"printers but also give them permissions based on LDAP users and groups."
10686
#: serverguide/C/remote-administration.xml:533(para)
10692
#: serverguide/C/remote-administration.xml:573(para)
10688
10694
"To install <application>Zentyal</application>, in a terminal on the "
10689
10695
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10690
10696
"the modules from the previous list):"
10693
#: serverguide/C/remote-administration.xml:540(command)
10699
#: serverguide/C/remote-administration.xml:580(command)
10694
10700
msgid "sudo apt-get install <zentyal-module>"
10697
#: serverguide/C/remote-administration.xml:544(para)
10703
#: serverguide/C/remote-administration.xml:584(para)
10699
10705
"<application>Zentyal</application> publishes one major stable release once a "
10700
10706
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10714
10720
"Personal Package Archive (PPA)</ulink>."
10717
#: serverguide/C/remote-administration.xml:566(para)
10723
#: serverguide/C/remote-administration.xml:606(para)
10719
10725
"Not present on Ubuntu Universe repositories, but on <ulink "
10720
10726
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10721
10727
"find these other modules:"
10724
#: serverguide/C/remote-administration.xml:573(para)
10730
#: serverguide/C/remote-administration.xml:613(para)
10726
10732
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10727
10733
"with other modules like the proxy, file sharing or mailfilter."
10730
#: serverguide/C/remote-administration.xml:580(para)
10736
#: serverguide/C/remote-administration.xml:620(para)
10732
10738
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10733
10739
"a simple PBX with LDAP based authentication."
10736
#: serverguide/C/remote-administration.xml:586(para)
10742
#: serverguide/C/remote-administration.xml:626(para)
10738
10744
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10741
#: serverguide/C/remote-administration.xml:592(para)
10747
#: serverguide/C/remote-administration.xml:632(para)
10743
10749
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10744
10750
"LDAP users and groups."
10747
#: serverguide/C/remote-administration.xml:598(para)
10753
#: serverguide/C/remote-administration.xml:638(para)
10749
10755
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10750
10756
"popular <application>duplicity</application> backup tool."
10753
#: serverguide/C/remote-administration.xml:604(para)
10759
#: serverguide/C/remote-administration.xml:644(para)
10754
10760
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10757
#: serverguide/C/remote-administration.xml:609(para)
10763
#: serverguide/C/remote-administration.xml:649(para)
10758
10764
msgid "zentyal-ids: integrates a network intrusion detection system."
10761
#: serverguide/C/remote-administration.xml:614(para)
10767
#: serverguide/C/remote-administration.xml:654(para)
10763
10769
"zentyal-ipsec: allows to configure IPsec tunnels using "
10764
10770
"<application>OpenSwan</application>."
10767
#: serverguide/C/remote-administration.xml:620(para)
10773
#: serverguide/C/remote-administration.xml:660(para)
10769
10775
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10770
10776
"with LDAP users and groups."
10773
#: serverguide/C/remote-administration.xml:626(para)
10779
#: serverguide/C/remote-administration.xml:666(para)
10775
10781
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10779
#: serverguide/C/remote-administration.xml:632(para)
10785
#: serverguide/C/remote-administration.xml:672(para)
10781
10787
"zentyal-mail: a full mail stack including <application>Postfix "
10782
10788
"</application> and <application>Dovecot</application> with LDAP backend."
10785
#: serverguide/C/remote-administration.xml:639(para)
10791
#: serverguide/C/remote-administration.xml:679(para)
10787
10793
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10788
10794
"stack to filter spam and attached virus."
10791
#: serverguide/C/remote-administration.xml:645(para)
10797
#: serverguide/C/remote-administration.xml:685(para)
10793
10799
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10794
10800
"server performance and running services."
10797
#: serverguide/C/remote-administration.xml:651(para)
10803
#: serverguide/C/remote-administration.xml:691(para)
10799
10805
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10802
#: serverguide/C/remote-administration.xml:656(para)
10808
#: serverguide/C/remote-administration.xml:696(para)
10804
10810
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10805
10811
"users and groups."
10808
#: serverguide/C/remote-administration.xml:662(para)
10814
#: serverguide/C/remote-administration.xml:702(para)
10810
10816
"zentyal-software: simple interface to manage installed "
10811
10817
"<application>Zentyal</application> modules and system updates."
10814
#: serverguide/C/remote-administration.xml:668(para)
10820
#: serverguide/C/remote-administration.xml:708(para)
10816
10822
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10817
10823
"throttling and improve latency."
10820
#: serverguide/C/remote-administration.xml:674(para)
10826
#: serverguide/C/remote-administration.xml:714(para)
10822
10828
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10823
10829
"web browser."
10826
#: serverguide/C/remote-administration.xml:680(para)
10832
#: serverguide/C/remote-administration.xml:720(para)
10828
10834
"zentyal-virt: simple interface to create and manage virtual machines based "
10829
10835
"on <application>libvirt</application>."
10832
#: serverguide/C/remote-administration.xml:686(para)
10838
#: serverguide/C/remote-administration.xml:726(para)
10834
10840
"zentyal-webmail: allows to access your mail using the popular "
10835
10841
"<application>Roundcube</application> webmail."
10838
#: serverguide/C/remote-administration.xml:692(para)
10844
#: serverguide/C/remote-administration.xml:732(para)
10840
10846
"zentyal-webserver: configures <application>Apache</application> webserver to "
10841
10847
"host different sites on your machine."
10844
#: serverguide/C/remote-administration.xml:698(para)
10850
#: serverguide/C/remote-administration.xml:738(para)
10846
10852
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10847
10853
"with <application>Zentyal</application> mail stack and LDAP."
10850
#: serverguide/C/remote-administration.xml:710(title)
10856
#: serverguide/C/remote-administration.xml:750(title)
10851
10857
msgid "First steps"
10854
#: serverguide/C/remote-administration.xml:712(para)
10860
#: serverguide/C/remote-administration.xml:752(para)
10856
10862
"Any system account belonging to the sudo group is allowed to log into "
10857
10863
"<application>Zentyal</application> web interface. If you are using the user "
10858
10864
"created during the installation, this should be in the sudo group by default."
10861
#: serverguide/C/remote-administration.xml:720(para)
10867
#: serverguide/C/remote-administration.xml:760(para)
10862
10868
msgid "If you need to add another user to the sudo group, just execute:"
10865
#: serverguide/C/remote-administration.xml:725(command)
10871
#: serverguide/C/remote-administration.xml:765(command)
10866
10872
msgid "sudo adduser username sudo"
10869
#: serverguide/C/remote-administration.xml:729(para)
10875
#: serverguide/C/remote-administration.xml:769(para)
10871
10877
"To access <application>Zentyal</application> web interface, browse into "
10872
10878
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11280
#: serverguide/C/package-management.xml:246(para)
11286
#: serverguide/C/package-management.xml:263(para)
11281
11287
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11284
#: serverguide/C/package-management.xml:251(para)
11290
#: serverguide/C/package-management.xml:268(para)
11286
11292
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11287
11293
"configuration remains on system"
11290
#: serverguide/C/package-management.xml:255(para)
11296
#: serverguide/C/package-management.xml:272(para)
11291
11297
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11294
#: serverguide/C/package-management.xml:259(para)
11300
#: serverguide/C/package-management.xml:276(para)
11295
11301
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11298
#: serverguide/C/package-management.xml:263(para)
11304
#: serverguide/C/package-management.xml:280(para)
11299
11305
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11302
#: serverguide/C/package-management.xml:267(para)
11308
#: serverguide/C/package-management.xml:284(para)
11304
11310
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11308
#: serverguide/C/package-management.xml:271(para)
11314
#: serverguide/C/package-management.xml:288(para)
11310
11316
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11311
11317
"and requires fix"
11314
#: serverguide/C/package-management.xml:275(para)
11320
#: serverguide/C/package-management.xml:292(para)
11316
11322
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11317
11323
"requires fix"
11320
#: serverguide/C/package-management.xml:243(para)
11326
#: serverguide/C/package-management.xml:260(para)
11322
11328
"The first column of information displayed in the package list in the top "
11323
11329
"pane, when actually viewing packages lists the current state of the package, "
11954
11960
msgid "sudo etckeeper commit \"added new host\""
11957
#: serverguide/C/other-apps.xml:258(para)
11963
#: serverguide/C/other-apps.xml:298(para)
11959
11965
"For more information on <application>bzr</application> see <xref "
11960
11966
"linkend=\"bazaar\"/>."
11963
#: serverguide/C/other-apps.xml:345(para)
11966
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11967
"more details on using <application>etckeeper</application>."
11970
#: serverguide/C/other-apps.xml:351(para)
11972
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11973
"Ubuntu Wiki</ulink> page."
11976
#: serverguide/C/other-apps.xml:356(para)
11969
#: serverguide/C/other-apps.xml:310(para)
11971
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
11972
"site for more details on using <application>etckeeper</application>."
11975
#: serverguide/C/other-apps.xml:317(para)
11978
11977
"For the latest news and information about <application>bzr</application> see "
11979
11978
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11982
#: serverguide/C/other-apps.xml:264(title)
11981
#: serverguide/C/other-apps.xml:329(title)
11983
11982
msgid "Byobu"
11986
#: serverguide/C/other-apps.xml:337(para)
11985
#: serverguide/C/other-apps.xml:331(para)
11988
11987
"One of the most useful applications for any system administrator is an xterm "
11989
11988
"multiplexor such as <application>screen</application> or "
11995
11994
"changed by the user."
11998
#: serverguide/C/other-apps.xml:344(para)
11997
#: serverguide/C/other-apps.xml:338(para)
11999
11998
msgid "Invoke it simply with:"
12002
#: serverguide/C/other-apps.xml:349(command)
12001
#: serverguide/C/other-apps.xml:343(command)
12003
12002
msgid "byobu"
12006
#: serverguide/C/other-apps.xml:352(para)
12005
#: serverguide/C/other-apps.xml:346(para)
12008
12007
"Now bring up the configuration menu. By default this is done by pressing the "
12009
12008
"<emphasis>F9</emphasis> key. This will allow you to:"
12012
#: serverguide/C/other-apps.xml:279(para)
12011
#: serverguide/C/other-apps.xml:351(para)
12013
12012
msgid "View the Help menu"
12016
#: serverguide/C/other-apps.xml:280(para)
12015
#: serverguide/C/other-apps.xml:352(para)
12017
12016
msgid "Change Byobu's background color"
12020
#: serverguide/C/other-apps.xml:281(para)
12019
#: serverguide/C/other-apps.xml:353(para)
12021
12020
msgid "Change Byobu's foreground color"
12024
#: serverguide/C/other-apps.xml:282(para)
12023
#: serverguide/C/other-apps.xml:354(para)
12025
12024
msgid "Toggle status notifications"
12028
#: serverguide/C/other-apps.xml:283(para)
12027
#: serverguide/C/other-apps.xml:355(para)
12029
12028
msgid "Change the key binding set"
12032
#: serverguide/C/other-apps.xml:284(para)
12031
#: serverguide/C/other-apps.xml:356(para)
12033
12032
msgid "Change the escape sequence"
12036
#: serverguide/C/other-apps.xml:285(para)
12035
#: serverguide/C/other-apps.xml:357(para)
12037
12036
msgid "Create new windows"
12040
#: serverguide/C/other-apps.xml:286(para)
12039
#: serverguide/C/other-apps.xml:358(para)
12041
12040
msgid "Manage the default windows"
12044
#: serverguide/C/other-apps.xml:287(para)
12043
#: serverguide/C/other-apps.xml:359(para)
12045
12044
msgid "Byobu currently does not launch at login (toggle on)"
12048
#: serverguide/C/other-apps.xml:290(para)
12047
#: serverguide/C/other-apps.xml:362(para)
12050
12049
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12051
12050
"sequence, new window, change window, etc. There are two key binding sets to "
12078
12077
"commands. Here is a quick list of movement commands:"
12081
#: serverguide/C/other-apps.xml:314(para)
12080
#: serverguide/C/other-apps.xml:386(para)
12082
12081
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12085
#: serverguide/C/other-apps.xml:315(para)
12084
#: serverguide/C/other-apps.xml:387(para)
12086
12085
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12089
#: serverguide/C/other-apps.xml:316(para)
12088
#: serverguide/C/other-apps.xml:388(para)
12090
12089
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12093
#: serverguide/C/other-apps.xml:317(para)
12092
#: serverguide/C/other-apps.xml:389(para)
12094
12093
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12097
#: serverguide/C/other-apps.xml:318(para)
12096
#: serverguide/C/other-apps.xml:390(para)
12098
12097
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12101
#: serverguide/C/other-apps.xml:319(para)
12100
#: serverguide/C/other-apps.xml:391(para)
12102
12101
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12105
#: serverguide/C/other-apps.xml:320(para)
12104
#: serverguide/C/other-apps.xml:392(para)
12107
12106
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12108
12107
"the buffer)"
12111
#: serverguide/C/other-apps.xml:321(para)
12110
#: serverguide/C/other-apps.xml:393(para)
12112
12111
msgid "<emphasis>/</emphasis> - Search forward"
12115
#: serverguide/C/other-apps.xml:322(para)
12114
#: serverguide/C/other-apps.xml:394(para)
12116
12115
msgid "<emphasis>?</emphasis> - Search backward"
12119
#: serverguide/C/other-apps.xml:401(para)
12118
#: serverguide/C/other-apps.xml:395(para)
12121
12120
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
12124
#: serverguide/C/other-apps.xml:361(para)
12123
#: serverguide/C/other-apps.xml:403(para)
12126
12125
"For more information on <application>screen</application> see the <ulink "
12127
12126
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12130
#: serverguide/C/other-apps.xml:366(para)
12129
#: serverguide/C/other-apps.xml:408(para)
12132
12131
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12133
12132
"screen</ulink> page."
12136
#: serverguide/C/other-apps.xml:371(para)
12135
#: serverguide/C/other-apps.xml:413(para)
12138
12137
"Also, see the <application>byobu</application><ulink "
12139
12138
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12489
12488
"iface eth0 inet dhcp\n"
12492
#: serverguide/C/network-config.xml:257(para)
12491
#: serverguide/C/network-config.xml:261(para)
12494
12493
"By adding an interface configuration as shown above, you can manually enable "
12495
12494
"the interface through the <application>ifup</application> command which "
12496
12495
"initiates the DHCP process via <application>dhclient</application>."
12499
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12498
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12500
12499
msgid "sudo ifup eth0"
12503
#: serverguide/C/network-config.xml:265(para)
12502
#: serverguide/C/network-config.xml:269(para)
12505
12504
"To manually disable the interface, you can use the "
12506
12505
"<application>ifdown</application> command, which in turn will initiate the "
12507
12506
"DHCP release process and shut down the interface."
12510
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12509
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12511
12510
msgid "sudo ifdown eth0"
12514
#: serverguide/C/network-config.xml:276(title)
12513
#: serverguide/C/network-config.xml:280(title)
12515
12514
msgid "Static IP Address Assignment"
12518
#: serverguide/C/network-config.xml:277(para)
12517
#: serverguide/C/network-config.xml:281(para)
12520
12519
"To configure your system to use a static IP address assignment, add the "
12521
12520
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12687
12686
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12690
#: serverguide/C/network-config.xml:402(para)
12689
#: serverguide/C/network-config.xml:406(para)
12692
12691
"If you try to ping a host with the name of <emphasis "
12693
12692
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12694
12693
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12697
#: serverguide/C/network-config.xml:409(para)
12696
#: serverguide/C/network-config.xml:413(para)
12698
12697
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12701
#: serverguide/C/network-config.xml:414(para)
12700
#: serverguide/C/network-config.xml:418(para)
12702
12701
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12705
#: serverguide/C/network-config.xml:419(para)
12704
#: serverguide/C/network-config.xml:423(para)
12706
12705
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12709
#: serverguide/C/network-config.xml:424(para)
12708
#: serverguide/C/network-config.xml:428(para)
12711
12710
"If no matches are found, the DNS server will provide a result of <emphasis "
12712
12711
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12715
#: serverguide/C/network-config.xml:431(title)
12714
#: serverguide/C/network-config.xml:435(title)
12716
12715
msgid "Static Hostnames"
12719
#: serverguide/C/network-config.xml:432(para)
12718
#: serverguide/C/network-config.xml:436(para)
12721
12720
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12722
12721
"file <filename>/etc/hosts</filename>. Entries in the "
13240
13239
"DHCP server, and the configuration is transparent to the computer's user."
13243
#: serverguide/C/network-config.xml:880(para)
13242
#: serverguide/C/network-config.xml:876(para)
13245
13244
"The most common settings provided by a DHCP server to DHCP clients include:"
13248
#: serverguide/C/network-config.xml:885(para)
13247
#: serverguide/C/network-config.xml:881(para)
13249
13248
msgid "IP address and netmask"
13252
#: serverguide/C/network-config.xml:888(para)
13251
#: serverguide/C/network-config.xml:884(para)
13253
13252
msgid "IP address of the default-gateway to use"
13256
#: serverguide/C/network-config.xml:891(para)
13255
#: serverguide/C/network-config.xml:887(para)
13257
13256
msgid "IP adresses of the DNS servers to use"
13260
#: serverguide/C/network-config.xml:894(para)
13259
#: serverguide/C/network-config.xml:890(para)
13262
13261
"However, a DHCP server can also supply configuration properties such as:"
13265
#: serverguide/C/network-config.xml:899(para)
13264
#: serverguide/C/network-config.xml:895(para)
13266
13265
msgid "Host Name"
13269
#: serverguide/C/network-config.xml:902(para)
13268
#: serverguide/C/network-config.xml:898(para)
13270
13269
msgid "Domain Name"
13273
#: serverguide/C/network-config.xml:905(para)
13272
#: serverguide/C/network-config.xml:901(para)
13274
13273
msgid "Time Server"
13277
#: serverguide/C/network-config.xml:911(para)
13276
#: serverguide/C/network-config.xml:907(para)
13279
13278
"The advantage of using DHCP is that changes to the network, for example a "
13280
13279
"change in the address of the DNS server, need only be changed at the DHCP "
13347
13346
"and configure and will be automatically started at system boot."
13350
#: serverguide/C/network-config.xml:976(para)
13349
#: serverguide/C/network-config.xml:974(para)
13352
13351
"At a terminal prompt, enter the following command to install "
13353
13352
"<application>dhcpd</application>:"
13356
#: serverguide/C/network-config.xml:981(command)
13355
#: serverguide/C/network-config.xml:979(command)
13357
13356
msgid "sudo apt-get install isc-dhcp-server"
13360
#: serverguide/C/network-config.xml:983(para)
13359
#: serverguide/C/network-config.xml:981(para)
13362
13361
"You will probably need to change the default configuration by editing "
13363
13362
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13366
#: serverguide/C/network-config.xml:987(para)
13365
#: serverguide/C/network-config.xml:985(para)
13368
13367
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13369
13368
"interfaces dhcpd should listen to."
13372
#: serverguide/C/network-config.xml:991(para)
13371
#: serverguide/C/network-config.xml:989(para)
13374
13373
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13378
#: serverguide/C/network-config.xml:998(para)
13377
#: serverguide/C/network-config.xml:996(para)
13380
13379
"The error message the installation ends with might be a little confusing, "
13381
13380
"but the following steps will help you configure the service:"
13384
#: serverguide/C/network-config.xml:1002(para)
13383
#: serverguide/C/network-config.xml:1000(para)
13386
13385
"Most commonly, what you want to do is assign an IP address randomly. This "
13387
13386
"can be done with settings as follows:"
13390
#: serverguide/C/network-config.xml:1006(programlisting)
13389
#: serverguide/C/network-config.xml:1004(programlisting)
13592
13591
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13593
13592
"querying and modifying a X.500-based directory service running over TCP/IP. "
13594
13593
"The current LDAP version is LDAPv3, as defined in <ulink "
13595
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13596
"implementation used in Ubuntu is from OpenLDAP."
13594
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13595
"implementation in Ubuntu is OpenLDAP.\""
13599
#: serverguide/C/network-auth.xml:27(para)
13598
#: serverguide/C/network-auth.xml:29(para)
13601
13600
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13605
#: serverguide/C/network-auth.xml:34(para)
13604
#: serverguide/C/network-auth.xml:36(para)
13607
13606
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13608
13607
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13611
#: serverguide/C/network-auth.xml:41(para)
13610
#: serverguide/C/network-auth.xml:43(para)
13612
13611
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13615
#: serverguide/C/network-auth.xml:47(para)
13614
#: serverguide/C/network-auth.xml:49(para)
13617
13616
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13618
13617
"more <emphasis>values</emphasis>."
13621
#: serverguide/C/network-auth.xml:53(para)
13620
#: serverguide/C/network-auth.xml:55(para)
13623
13622
"Every attribute must be defined in at least one "
13624
13623
"<emphasis>objectClass</emphasis>."
13627
#: serverguide/C/network-auth.xml:59(para)
13626
#: serverguide/C/network-auth.xml:61(para)
13629
13628
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13630
13629
"objectclass is actually considered as a special kind of attribute)."
13633
#: serverguide/C/network-auth.xml:66(para)
13632
#: serverguide/C/network-auth.xml:68(para)
13635
13634
"Each entry has a unique identifier: its <emphasis>Distinguished "
13636
13635
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13637
13636
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13640
#: serverguide/C/network-auth.xml:73(para)
13639
#: serverguide/C/network-auth.xml:75(para)
13642
13641
"The entry's DN is not an attribute. It is not considered part of the entry "
13646
#: serverguide/C/network-auth.xml:81(para)
13645
#: serverguide/C/network-auth.xml:83(para)
13648
13647
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13649
13648
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13870
13869
"dn: olcDatabase={1}hdb,cn=config\n"
13873
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13872
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13874
13873
msgid "Explanation of entries:"
13877
#: serverguide/C/network-auth.xml:288(para)
13876
#: serverguide/C/network-auth.xml:295(para)
13878
13877
msgid "<emphasis>cn=config</emphasis>: global settings"
13881
#: serverguide/C/network-auth.xml:294(para)
13880
#: serverguide/C/network-auth.xml:301(para)
13883
13882
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13886
#: serverguide/C/network-auth.xml:300(para)
13885
#: serverguide/C/network-auth.xml:307(para)
13888
13887
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13892
#: serverguide/C/network-auth.xml:306(para)
13891
#: serverguide/C/network-auth.xml:313(para)
13894
13893
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13898
#: serverguide/C/network-auth.xml:312(para)
13897
#: serverguide/C/network-auth.xml:319(para)
13900
13899
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13903
#: serverguide/C/network-auth.xml:318(para)
13902
#: serverguide/C/network-auth.xml:325(para)
13904
13903
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13907
#: serverguide/C/network-auth.xml:324(para)
13906
#: serverguide/C/network-auth.xml:331(para)
13909
13908
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13910
13909
"inetorgperson schema"
13913
#: serverguide/C/network-auth.xml:330(para)
13912
#: serverguide/C/network-auth.xml:337(para)
13915
13914
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13919
#: serverguide/C/network-auth.xml:336(para)
13918
#: serverguide/C/network-auth.xml:343(para)
13921
13920
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13922
13921
"default settings for other databases"
13925
#: serverguide/C/network-auth.xml:342(para)
13924
#: serverguide/C/network-auth.xml:349(para)
13927
13926
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13928
13927
"database (cn=config)"
13931
#: serverguide/C/network-auth.xml:348(para)
13930
#: serverguide/C/network-auth.xml:355(para)
13933
13932
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13934
13933
"(dc=examle,dc=com)"
13937
#: serverguide/C/network-auth.xml:359(para)
13936
#: serverguide/C/network-auth.xml:366(para)
13938
13937
msgid "This is what the dc=example,dc=com DIT looks like:"
13941
#: serverguide/C/network-auth.xml:364(command)
13940
#: serverguide/C/network-auth.xml:371(command)
13942
13941
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13945
#: serverguide/C/network-auth.xml:365(computeroutput)
13944
#: serverguide/C/network-auth.xml:372(computeroutput)
13951
13950
"dn: cn=admin,dc=example,dc=com\n"
13954
#: serverguide/C/network-auth.xml:379(para)
13953
#: serverguide/C/network-auth.xml:386(para)
13955
13954
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13958
#: serverguide/C/network-auth.xml:385(para)
13957
#: serverguide/C/network-auth.xml:392(para)
13960
13959
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13961
13960
"this DIT (set up during package install)"
13964
#: serverguide/C/network-auth.xml:399(title)
13963
#: serverguide/C/network-auth.xml:406(title)
13965
13964
msgid "Modifying/Populating your Database"
13968
#: serverguide/C/network-auth.xml:401(para)
13967
#: serverguide/C/network-auth.xml:408(para)
13970
13969
"Let's introduce some content to our database. We will add the following:"
13973
#: serverguide/C/network-auth.xml:408(para)
13972
#: serverguide/C/network-auth.xml:415(para)
13974
13973
msgid "a node called <emphasis>People</emphasis> (to store users)"
13977
#: serverguide/C/network-auth.xml:414(para)
13976
#: serverguide/C/network-auth.xml:421(para)
13978
13977
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13981
#: serverguide/C/network-auth.xml:420(para)
13980
#: serverguide/C/network-auth.xml:427(para)
13982
13981
msgid "a group called <emphasis>miners</emphasis>"
13985
#: serverguide/C/network-auth.xml:426(para)
13984
#: serverguide/C/network-auth.xml:433(para)
13986
13985
msgid "a user called <emphasis>john</emphasis>"
13989
#: serverguide/C/network-auth.xml:433(para)
13988
#: serverguide/C/network-auth.xml:440(para)
13991
13990
"Create the following LDIF file and call it "
13992
13991
"<filename>add_content.ldif</filename>:"
13995
#: serverguide/C/network-auth.xml:437(programlisting)
13994
#: serverguide/C/network-auth.xml:444(programlisting)
14079
14078
"gidNumber: 5000\n"
14082
#: serverguide/C/network-auth.xml:508(para)
14081
#: serverguide/C/network-auth.xml:515(para)
14083
14082
msgid "Explanation of switches:"
14086
#: serverguide/C/network-auth.xml:515(para)
14085
#: serverguide/C/network-auth.xml:522(para)
14088
14087
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
14092
#: serverguide/C/network-auth.xml:521(para)
14091
#: serverguide/C/network-auth.xml:528(para)
14093
14092
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
14096
#: serverguide/C/network-auth.xml:527(para)
14095
#: serverguide/C/network-auth.xml:534(para)
14097
14096
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
14100
#: serverguide/C/network-auth.xml:533(para)
14099
#: serverguide/C/network-auth.xml:540(para)
14102
14101
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
14103
14102
"displayed (the default is to show all attributes)"
14106
#: serverguide/C/network-auth.xml:543(title)
14105
#: serverguide/C/network-auth.xml:550(title)
14107
14106
msgid "Modifying the slapd Configuration Database"
14110
#: serverguide/C/network-auth.xml:545(para)
14109
#: serverguide/C/network-auth.xml:552(para)
14112
14111
"The slapd-config DIT can also be queried and modified. Here are a few "
14116
#: serverguide/C/network-auth.xml:552(para)
14115
#: serverguide/C/network-auth.xml:559(para)
14118
14117
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
14119
14118
"attribute) to your <application>{1}hdb,cn=config</application> database "
14233
14232
"include /etc/ldap/schema/pmi.schema\n"
14236
#: serverguide/C/network-auth.xml:662(para)
14235
#: serverguide/C/network-auth.xml:669(para)
14237
14236
msgid "Create the output directory <filename>ldif_output</filename>."
14240
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14239
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14241
14240
msgid "Determine the index of the schema:"
14244
#: serverguide/C/network-auth.xml:673(command)
14243
#: serverguide/C/network-auth.xml:680(command)
14246
14245
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14249
#: serverguide/C/network-auth.xml:674(computeroutput)
14248
#: serverguide/C/network-auth.xml:681(computeroutput)
14253
14252
"cn={1}corba,cn=schema,cn=config\n"
14256
#: serverguide/C/network-auth.xml:685(para)
14255
#: serverguide/C/network-auth.xml:687(para)
14258
14257
"When slapd ingests objects with the same parent DN it will create an "
14259
14258
"<emphasis>index</emphasis> for that object. An index is contained within "
14260
14259
"braces: <application>{X}</application>."
14263
#: serverguide/C/network-auth.xml:689(para)
14262
#: serverguide/C/network-auth.xml:696(para)
14264
14263
msgid "Use <application>slapcat</application> to perform the conversion:"
14267
#: serverguide/C/network-auth.xml:694(command)
14266
#: serverguide/C/network-auth.xml:701(command)
14269
14268
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14270
14269
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14273
#: serverguide/C/network-auth.xml:698(para)
14272
#: serverguide/C/network-auth.xml:705(para)
14274
14273
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14277
#: serverguide/C/network-auth.xml:704(para)
14276
#: serverguide/C/network-auth.xml:711(para)
14279
14278
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14280
14279
"attributes:"
14283
#: serverguide/C/network-auth.xml:708(programlisting)
14282
#: serverguide/C/network-auth.xml:715(programlisting)
14563
14562
"/var/lib/ldap/** rwk,\n"
14566
#: serverguide/C/network-auth.xml:957(para)
14565
#: serverguide/C/network-auth.xml:964(para)
14568
14567
"Create a directory, set up a databse config file, and reload the apparmor "
14572
#: serverguide/C/network-auth.xml:962(command)
14571
#: serverguide/C/network-auth.xml:969(command)
14573
14572
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14576
#: serverguide/C/network-auth.xml:963(command)
14575
#: serverguide/C/network-auth.xml:970(command)
14577
14576
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14580
#: serverguide/C/network-auth.xml:970(para)
14579
#: serverguide/C/network-auth.xml:977(para)
14582
14581
"Add the new content and, due to the apparmor change, restart the daemon:"
14585
#: serverguide/C/network-auth.xml:975(command)
14584
#: serverguide/C/network-auth.xml:982(command)
14586
14585
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14589
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14588
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14590
14589
msgid "sudo service slapd restart"
14593
#: serverguide/C/network-auth.xml:983(para)
14592
#: serverguide/C/network-auth.xml:990(para)
14594
14593
msgid "The Provider is now configured."
14597
#: serverguide/C/network-auth.xml:990(title)
14596
#: serverguide/C/network-auth.xml:997(title)
14598
14597
msgid "Consumer Configuration"
14601
#: serverguide/C/network-auth.xml:992(para)
14600
#: serverguide/C/network-auth.xml:999(para)
14602
14601
msgid "And now configure the <emphasis>Consumer</emphasis>."
14605
#: serverguide/C/network-auth.xml:999(para)
14604
#: serverguide/C/network-auth.xml:1006(para)
14607
14606
"Install the software by going through <xref linkend=\"openldap-server-"
14608
14607
"installation\"/>. Make sure the slapd-config databse is identical to the "
14643
14642
"olcUpdateRef: ldap://ldap01.example.com\n"
14646
#: serverguide/C/network-auth.xml:1031(para)
14645
#: serverguide/C/network-auth.xml:1038(para)
14647
14646
msgid "Ensure the following attributes have the correct values:"
14650
#: serverguide/C/network-auth.xml:1036(para)
14649
#: serverguide/C/network-auth.xml:1043(para)
14652
14651
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14653
14652
"ldap01.example.com in this example -- or IP address)"
14656
#: serverguide/C/network-auth.xml:1037(para)
14655
#: serverguide/C/network-auth.xml:1044(para)
14657
14656
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14660
#: serverguide/C/network-auth.xml:1038(para)
14659
#: serverguide/C/network-auth.xml:1045(para)
14661
14660
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14664
#: serverguide/C/network-auth.xml:1039(para)
14663
#: serverguide/C/network-auth.xml:1046(para)
14665
14664
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14668
#: serverguide/C/network-auth.xml:1040(para)
14667
#: serverguide/C/network-auth.xml:1047(para)
14670
14669
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14673
#: serverguide/C/network-auth.xml:1041(para)
14672
#: serverguide/C/network-auth.xml:1048(para)
14675
14674
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14676
14675
"replica. Each consumer should have at least one rid)"
14679
#: serverguide/C/network-auth.xml:1050(para)
14678
#: serverguide/C/network-auth.xml:1057(para)
14680
14679
msgid "Add the new content:"
14683
#: serverguide/C/network-auth.xml:1055(command)
14682
#: serverguide/C/network-auth.xml:1062(command)
14684
14683
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14687
#: serverguide/C/network-auth.xml:1062(para)
14686
#: serverguide/C/network-auth.xml:1069(para)
14689
14688
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14690
14689
"synchronizing."
14693
#: serverguide/C/network-auth.xml:1071(para)
14692
#: serverguide/C/network-auth.xml:1078(para)
14694
14693
msgid "Once replication starts, you can monitor it by running"
14697
#: serverguide/C/network-auth.xml:1081(command)
14696
#: serverguide/C/network-auth.xml:1083(command)
14699
14698
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14703
#: serverguide/C/network-auth.xml:1077(computeroutput)
14702
#: serverguide/C/network-auth.xml:1084(computeroutput)
15043
15042
"cert_signing_key\n"
15046
#: serverguide/C/network-auth.xml:1370(para)
15045
#: serverguide/C/network-auth.xml:1377(para)
15047
15046
msgid "Create the self-signed CA certificate:"
15050
#: serverguide/C/network-auth.xml:1375(command)
15049
#: serverguide/C/network-auth.xml:1382(command)
15052
15051
"sudo certtool --generate-self-signed \\ --load-privkey "
15053
15052
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
15054
15053
"/etc/ssl/certs/cacert.pem"
15057
#: serverguide/C/network-auth.xml:1384(para)
15056
#: serverguide/C/network-auth.xml:1391(para)
15058
15057
msgid "Make a private key for the server:"
15061
#: serverguide/C/network-auth.xml:1389(command)
15060
#: serverguide/C/network-auth.xml:1396(command)
15063
15062
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15064
15063
"/etc/ssl/private/ldap01_slapd_key.pem"
15067
#: serverguide/C/network-auth.xml:1395(para)
15066
#: serverguide/C/network-auth.xml:1402(para)
15069
15068
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15070
15069
"hostname. Naming the certificate and key for the host and service that will "
15071
15070
"be using them will help keep things clear."
15074
#: serverguide/C/network-auth.xml:1404(para)
15073
#: serverguide/C/network-auth.xml:1411(para)
15076
15075
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
15079
#: serverguide/C/network-auth.xml:1408(programlisting)
15078
#: serverguide/C/network-auth.xml:1415(programlisting)
15160
15159
"over TCP port 636."
15163
#: serverguide/C/network-auth.xml:1482(para)
15162
#: serverguide/C/network-auth.xml:1489(para)
15164
15163
msgid "Tighten up ownership and permissions:"
15167
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15166
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15168
15167
msgid "sudo adduser openldap ssl-cert"
15171
#: serverguide/C/network-auth.xml:1488(command)
15170
#: serverguide/C/network-auth.xml:1495(command)
15172
15171
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15175
#: serverguide/C/network-auth.xml:1489(command)
15174
#: serverguide/C/network-auth.xml:1496(command)
15176
15175
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15179
#: serverguide/C/network-auth.xml:1490(command)
15178
#: serverguide/C/network-auth.xml:1497(command)
15180
15179
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15183
#: serverguide/C/network-auth.xml:1493(para)
15182
#: serverguide/C/network-auth.xml:1500(para)
15184
15183
msgid "Restart OpenLDAP:"
15187
#: serverguide/C/network-auth.xml:1501(para)
15186
#: serverguide/C/network-auth.xml:1508(para)
15189
15188
"Check your host's logs (/var/log/syslog) to see if the server has started "
15193
#: serverguide/C/network-auth.xml:1508(title)
15192
#: serverguide/C/network-auth.xml:1515(title)
15194
15193
msgid "Replication and TLS"
15197
#: serverguide/C/network-auth.xml:1510(para)
15196
#: serverguide/C/network-auth.xml:1517(para)
15199
15198
"If you have set up replication between servers, it is common practice to "
15200
15199
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15276
15275
"ldap02_slapd_cert.pem"
15279
#: serverguide/C/network-auth.xml:1574(para)
15278
#: serverguide/C/network-auth.xml:1581(para)
15280
15279
msgid "Get a copy of the CA certificate:"
15283
#: serverguide/C/network-auth.xml:1579(command)
15282
#: serverguide/C/network-auth.xml:1586(command)
15284
15283
msgid "cp /etc/ssl/certs/cacert.pem ."
15287
#: serverguide/C/network-auth.xml:1582(para)
15286
#: serverguide/C/network-auth.xml:1589(para)
15289
15288
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15290
15289
"the Consumer. Here we use scp (adjust accordingly):"
15293
#: serverguide/C/network-auth.xml:1587(command)
15292
#: serverguide/C/network-auth.xml:1594(command)
15294
15293
msgid "cd .."
15297
#: serverguide/C/network-auth.xml:1588(command)
15296
#: serverguide/C/network-auth.xml:1595(command)
15298
15297
msgid "scp -r ldap02-ssl user@consumer:"
15301
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15300
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15302
15301
msgid "On the Consumer,"
15305
#: serverguide/C/network-auth.xml:1598(para)
15304
#: serverguide/C/network-auth.xml:1605(para)
15306
15305
msgid "Configure TLS authentication:"
15309
#: serverguide/C/network-auth.xml:1603(command)
15308
#: serverguide/C/network-auth.xml:1610(command)
15310
15309
msgid "sudo apt-get install ssl-cert"
15313
#: serverguide/C/network-auth.xml:1605(command)
15312
#: serverguide/C/network-auth.xml:1612(command)
15314
15313
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15317
#: serverguide/C/network-auth.xml:1606(command)
15316
#: serverguide/C/network-auth.xml:1613(command)
15318
15317
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15321
#: serverguide/C/network-auth.xml:1607(command)
15320
#: serverguide/C/network-auth.xml:1614(command)
15322
15321
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15325
#: serverguide/C/network-auth.xml:1608(command)
15324
#: serverguide/C/network-auth.xml:1615(command)
15326
15325
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15329
#: serverguide/C/network-auth.xml:1609(command)
15328
#: serverguide/C/network-auth.xml:1616(command)
15330
15329
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15333
#: serverguide/C/network-auth.xml:1612(para)
15332
#: serverguide/C/network-auth.xml:1619(para)
15335
15334
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15336
15335
"following contents (adjust accordingly):"
15339
#: serverguide/C/network-auth.xml:1616(programlisting)
15338
#: serverguide/C/network-auth.xml:1623(programlisting)
15451
15450
"assist you in the configuration step. Install this package now:"
15454
#: serverguide/C/network-auth.xml:1725(command)
15453
#: serverguide/C/network-auth.xml:1732(command)
15455
15454
msgid "sudo apt-get install libnss-ldap"
15458
#: serverguide/C/network-auth.xml:1728(para)
15457
#: serverguide/C/network-auth.xml:1735(para)
15460
15459
"You will be prompted for details of your LDAP server. If you make a mistake "
15461
15460
"you can try again using:"
15464
#: serverguide/C/network-auth.xml:1733(command)
15463
#: serverguide/C/network-auth.xml:1740(command)
15465
15464
msgid "sudo dpkg-reconfigure ldap-auth-config"
15468
#: serverguide/C/network-auth.xml:1736(para)
15467
#: serverguide/C/network-auth.xml:1743(para)
15470
15469
"The results of the dialog can be seen in "
15471
15470
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15472
15471
"covered in the menu edit this file accordingly."
15475
#: serverguide/C/network-auth.xml:1741(para)
15474
#: serverguide/C/network-auth.xml:1748(para)
15476
15475
msgid "Now configure the LDAP profile for NSS:"
15479
#: serverguide/C/network-auth.xml:1746(command)
15478
#: serverguide/C/network-auth.xml:1753(command)
15480
15479
msgid "sudo auth-client-config -t nss -p lac_ldap"
15483
#: serverguide/C/network-auth.xml:1749(para)
15482
#: serverguide/C/network-auth.xml:1756(para)
15484
15483
msgid "Configure the system to use LDAP for authentication:"
15487
#: serverguide/C/network-auth.xml:1754(command)
15486
#: serverguide/C/network-auth.xml:1761(command)
15488
15487
msgid "sudo pam-auth-update"
15491
#: serverguide/C/network-auth.xml:1757(para)
15490
#: serverguide/C/network-auth.xml:1764(para)
15493
15492
"From the menu, choose LDAP and any other authentication mechanisms you need."
15496
#: serverguide/C/network-auth.xml:1761(para)
15495
#: serverguide/C/network-auth.xml:1768(para)
15497
15496
msgid "You should now be able to log in using LDAP-based credentials."
15500
#: serverguide/C/network-auth.xml:1765(para)
15499
#: serverguide/C/network-auth.xml:1772(para)
15502
15501
"LDAP clients will need to refer to multiple servers if replication is in "
15503
15502
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15506
#: serverguide/C/network-auth.xml:1770(programlisting)
15505
#: serverguide/C/network-auth.xml:1777(programlisting)
15510
15509
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15513
#: serverguide/C/network-auth.xml:1774(para)
15512
#: serverguide/C/network-auth.xml:1781(para)
15515
15514
"The request will time out and the Consumer (ldap02) will attempt to be "
15516
15515
"reached if the Provider (ldap01) becomes unresponsive."
15519
#: serverguide/C/network-auth.xml:1778(para)
15518
#: serverguide/C/network-auth.xml:1785(para)
15521
15520
"If you are going to use LDAP to store Samba users you will need to configure "
15522
15521
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15523
15522
"ldap\"/> for details."
15526
#: serverguide/C/network-auth.xml:1784(para)
15525
#: serverguide/C/network-auth.xml:1791(para)
15528
15527
"An alternative to the <application>libnss-ldap</application> package is the "
15529
15528
"<application>libnss-ldapd</application> package. This, however, will bring "
15574
15573
"MIDSTART=10000\n"
15577
#: serverguide/C/network-auth.xml:1827(para)
15576
#: serverguide/C/network-auth.xml:1834(para)
15579
15578
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15580
15579
"access to the directory:"
15583
#: serverguide/C/network-auth.xml:1832(command)
15582
#: serverguide/C/network-auth.xml:1839(command)
15585
15584
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15588
#: serverguide/C/network-auth.xml:1833(command)
15587
#: serverguide/C/network-auth.xml:1840(command)
15589
15588
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15592
#: serverguide/C/network-auth.xml:1837(para)
15591
#: serverguide/C/network-auth.xml:1844(para)
15594
15593
"Replace <quote>secret</quote> with the actual password for your database's "
15595
15594
"rootDN user."
15598
#: serverguide/C/network-auth.xml:1842(para)
15597
#: serverguide/C/network-auth.xml:1849(para)
15600
15599
"The scripts are now ready to help manage your directory. Here are some "
15601
15600
"examples of how to use them:"
15604
#: serverguide/C/network-auth.xml:1849(para)
15603
#: serverguide/C/network-auth.xml:1856(para)
15605
15604
msgid "Create a new user:"
15608
#: serverguide/C/network-auth.xml:1854(command)
15607
#: serverguide/C/network-auth.xml:1861(command)
15609
15608
msgid "sudo ldapadduser george example"
15612
#: serverguide/C/network-auth.xml:1857(para)
15611
#: serverguide/C/network-auth.xml:1864(para)
15614
15613
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15615
15614
"and set the user's primary group (gid) to <emphasis "
15616
15615
"role=\"italic\">example</emphasis>"
15619
#: serverguide/C/network-auth.xml:1864(para)
15618
#: serverguide/C/network-auth.xml:1871(para)
15620
15619
msgid "Change a user's password:"
15623
#: serverguide/C/network-auth.xml:1869(command)
15622
#: serverguide/C/network-auth.xml:1876(command)
15624
15623
msgid "sudo ldapsetpasswd george"
15627
#: serverguide/C/network-auth.xml:1870(computeroutput)
15626
#: serverguide/C/network-auth.xml:1877(computeroutput)
15629
15628
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15632
#: serverguide/C/network-auth.xml:1871(userinput)
15631
#: serverguide/C/network-auth.xml:1878(userinput)
15634
15633
msgid "New Password: "
15637
#: serverguide/C/network-auth.xml:1872(userinput)
15636
#: serverguide/C/network-auth.xml:1879(userinput)
15639
15638
msgid "New Password (verify): "
15642
#: serverguide/C/network-auth.xml:1878(para)
15641
#: serverguide/C/network-auth.xml:1885(para)
15643
15642
msgid "Delete a user:"
15646
#: serverguide/C/network-auth.xml:1883(command)
15645
#: serverguide/C/network-auth.xml:1890(command)
15647
15646
msgid "sudo ldapdeleteuser george"
15650
#: serverguide/C/network-auth.xml:1889(para)
15649
#: serverguide/C/network-auth.xml:1896(para)
15651
15650
msgid "Add a group:"
15654
#: serverguide/C/network-auth.xml:1894(command)
15653
#: serverguide/C/network-auth.xml:1901(command)
15655
15654
msgid "sudo ldapaddgroup qa"
15658
#: serverguide/C/network-auth.xml:1900(para)
15657
#: serverguide/C/network-auth.xml:1907(para)
15659
15658
msgid "Delete a group:"
15662
#: serverguide/C/network-auth.xml:1905(command)
15661
#: serverguide/C/network-auth.xml:1912(command)
15663
15662
msgid "sudo ldapdeletegroup qa"
15666
#: serverguide/C/network-auth.xml:1911(para)
15665
#: serverguide/C/network-auth.xml:1918(para)
15667
15666
msgid "Add a user to a group:"
15670
#: serverguide/C/network-auth.xml:1916(command)
15669
#: serverguide/C/network-auth.xml:1923(command)
15671
15670
msgid "sudo ldapaddusertogroup george qa"
15674
#: serverguide/C/network-auth.xml:1919(para)
15673
#: serverguide/C/network-auth.xml:1926(para)
15676
15675
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15677
15676
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15678
15677
"role=\"italic\">george</emphasis>."
15681
#: serverguide/C/network-auth.xml:1926(para)
15680
#: serverguide/C/network-auth.xml:1933(para)
15682
15681
msgid "Remove a user from a group:"
15685
#: serverguide/C/network-auth.xml:1931(command)
15684
#: serverguide/C/network-auth.xml:1938(command)
15686
15685
msgid "sudo ldapdeleteuserfromgroup george qa"
15689
#: serverguide/C/network-auth.xml:1934(para)
15688
#: serverguide/C/network-auth.xml:1941(para)
15691
15690
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15692
15691
"<emphasis role=\"italic\">qa</emphasis> group."
15695
#: serverguide/C/network-auth.xml:1941(para)
15694
#: serverguide/C/network-auth.xml:1948(para)
15697
15696
"The <application>ldapmodifyuser</application> script allows you to add, "
15698
15697
"remove, or replace a user's attributes. The script uses the same syntax as "
15699
15698
"the <application>ldapmodify</application> utility. For example:"
15702
#: serverguide/C/network-auth.xml:1947(command)
15701
#: serverguide/C/network-auth.xml:1954(command)
15703
15702
msgid "sudo ldapmodifyuser george"
15706
#: serverguide/C/network-auth.xml:1948(computeroutput)
15705
#: serverguide/C/network-auth.xml:1955(computeroutput)
15709
15708
"# About to modify the following entry :\n"
15792
15791
"title: Employee\n"
15795
#: serverguide/C/network-auth.xml:2016(para)
15794
#: serverguide/C/network-auth.xml:2023(para)
15797
15796
"Notice the <emphasis><ask></emphasis> option used for the "
15798
15797
"<emphasis>sn</emphasis> attribute. This will make "
15799
15798
"<application>ldapadduser</application> prompt you for its value."
15802
#: serverguide/C/network-auth.xml:2024(para)
15801
#: serverguide/C/network-auth.xml:2031(para)
15804
15803
"There are utilities in the package that were not covered here. Here is a "
15805
15804
"complete list:"
15808
#: serverguide/C/network-auth.xml:2029(ulink)
15807
#: serverguide/C/network-auth.xml:2036(ulink)
15809
15808
msgid "ldaprenamemachine"
15812
#: serverguide/C/network-auth.xml:2030(ulink)
15811
#: serverguide/C/network-auth.xml:2037(ulink)
15813
15812
msgid "ldapadduser"
15816
#: serverguide/C/network-auth.xml:2031(ulink)
15815
#: serverguide/C/network-auth.xml:2038(ulink)
15817
15816
msgid "ldapdeleteuserfromgroup"
15820
#: serverguide/C/network-auth.xml:2032(ulink)
15819
#: serverguide/C/network-auth.xml:2039(ulink)
15821
15820
msgid "ldapfinger"
15824
#: serverguide/C/network-auth.xml:2033(ulink)
15823
#: serverguide/C/network-auth.xml:2040(ulink)
15825
15824
msgid "ldapid"
15828
#: serverguide/C/network-auth.xml:2034(ulink)
15827
#: serverguide/C/network-auth.xml:2041(ulink)
15829
15828
msgid "ldapgid"
15832
#: serverguide/C/network-auth.xml:2035(ulink)
15831
#: serverguide/C/network-auth.xml:2042(ulink)
15833
15832
msgid "ldapmodifyuser"
15836
#: serverguide/C/network-auth.xml:2036(ulink)
15835
#: serverguide/C/network-auth.xml:2043(ulink)
15837
15836
msgid "ldaprenameuser"
15840
#: serverguide/C/network-auth.xml:2037(ulink)
15839
#: serverguide/C/network-auth.xml:2044(ulink)
15841
15840
msgid "lsldap"
15844
#: serverguide/C/network-auth.xml:2038(ulink)
15843
#: serverguide/C/network-auth.xml:2045(ulink)
15845
15844
msgid "ldapaddusertogroup"
15848
#: serverguide/C/network-auth.xml:2039(ulink)
15847
#: serverguide/C/network-auth.xml:2046(ulink)
15849
15848
msgid "ldapsetpasswd"
15852
#: serverguide/C/network-auth.xml:2040(ulink)
15851
#: serverguide/C/network-auth.xml:2047(ulink)
15853
15852
msgid "ldapinit"
15856
#: serverguide/C/network-auth.xml:2041(ulink)
15855
#: serverguide/C/network-auth.xml:2048(ulink)
15857
15856
msgid "ldapaddgroup"
15860
#: serverguide/C/network-auth.xml:2042(ulink)
15859
#: serverguide/C/network-auth.xml:2049(ulink)
15861
15860
msgid "ldapdeletegroup"
15864
#: serverguide/C/network-auth.xml:2043(ulink)
15863
#: serverguide/C/network-auth.xml:2050(ulink)
15865
15864
msgid "ldapmodifygroup"
15868
#: serverguide/C/network-auth.xml:2044(ulink)
15867
#: serverguide/C/network-auth.xml:2051(ulink)
15869
15868
msgid "ldapdeletemachine"
15872
#: serverguide/C/network-auth.xml:2045(ulink)
15871
#: serverguide/C/network-auth.xml:2052(ulink)
15873
15872
msgid "ldaprenamegroup"
15876
#: serverguide/C/network-auth.xml:2046(ulink)
15875
#: serverguide/C/network-auth.xml:2053(ulink)
15877
15876
msgid "ldapaddmachine"
15880
#: serverguide/C/network-auth.xml:2047(ulink)
15879
#: serverguide/C/network-auth.xml:2054(ulink)
15881
15880
msgid "ldapmodifymachine"
15884
#: serverguide/C/network-auth.xml:2048(ulink)
15883
#: serverguide/C/network-auth.xml:2055(ulink)
15885
15884
msgid "ldapsetprimarygroup"
15888
#: serverguide/C/network-auth.xml:2049(ulink)
15887
#: serverguide/C/network-auth.xml:2056(ulink)
15889
15888
msgid "ldapdeleteuser"
15892
#: serverguide/C/network-auth.xml:2055(title)
15891
#: serverguide/C/network-auth.xml:2062(title)
15893
15892
msgid "Backup and Restore"
15896
#: serverguide/C/network-auth.xml:2057(para)
15895
#: serverguide/C/network-auth.xml:2064(para)
15898
15897
"Now we have ldap running just the way we want, it is time to ensure we can "
15899
15898
"save all of our work and restore it as needed."
15902
#: serverguide/C/network-auth.xml:2062(para)
15901
#: serverguide/C/network-auth.xml:2069(para)
15904
15903
"What we need is a way to backup the ldap database(s), specifically the "
15905
15904
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15950
15949
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15953
#: serverguide/C/network-auth.xml:2109(para)
15952
#: serverguide/C/network-auth.xml:2116(para)
15954
15953
msgid "Now the files are created, they should be copied to a backup server."
15957
#: serverguide/C/network-auth.xml:2114(para)
15956
#: serverguide/C/network-auth.xml:2121(para)
15959
15958
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15960
15959
"something like this:"
15963
#: serverguide/C/network-auth.xml:2120(command)
15962
#: serverguide/C/network-auth.xml:2127(command)
15964
15963
msgid "sudo service slapd stop"
15967
#: serverguide/C/network-auth.xml:2121(command)
15966
#: serverguide/C/network-auth.xml:2128(command)
15968
15967
msgid "sudo mkdir /var/lib/ldap/accesslog"
15971
#: serverguide/C/network-auth.xml:2122(command)
15970
#: serverguide/C/network-auth.xml:2129(command)
15972
15971
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15975
#: serverguide/C/network-auth.xml:2123(command)
15974
#: serverguide/C/network-auth.xml:2130(command)
15977
15976
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15980
#: serverguide/C/network-auth.xml:2124(command)
15979
#: serverguide/C/network-auth.xml:2131(command)
15981
15980
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15984
#: serverguide/C/network-auth.xml:2125(command)
15983
#: serverguide/C/network-auth.xml:2132(command)
15985
15984
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15988
#: serverguide/C/network-auth.xml:2126(command)
15987
#: serverguide/C/network-auth.xml:2133(command)
15989
15988
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15992
#: serverguide/C/network-auth.xml:2127(command)
15991
#: serverguide/C/network-auth.xml:2134(command)
15993
15992
msgid "sudo service slapd start"
15996
#: serverguide/C/network-auth.xml:2138(para)
15995
#: serverguide/C/network-auth.xml:2145(para)
15998
15997
"The primary resource is the upstream documentation: <ulink "
15999
15998
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
16002
#: serverguide/C/network-auth.xml:2144(para)
16001
#: serverguide/C/network-auth.xml:2151(para)
16004
16003
"There are many man pages that come with the slapd package. Here are some "
16005
16004
"important ones, especially considering the material presented in this guide:"
16008
#: serverguide/C/network-auth.xml:2150(ulink)
16007
#: serverguide/C/network-auth.xml:2157(ulink)
16009
16008
msgid "slapd"
16012
#: serverguide/C/network-auth.xml:2151(ulink)
16011
#: serverguide/C/network-auth.xml:2158(ulink)
16013
16012
msgid "slapd-config"
16016
#: serverguide/C/network-auth.xml:2152(ulink)
16015
#: serverguide/C/network-auth.xml:2159(ulink)
16017
16016
msgid "slapd.access"
16020
#: serverguide/C/network-auth.xml:2153(ulink)
16019
#: serverguide/C/network-auth.xml:2160(ulink)
16021
16020
msgid "slapo-syncprov"
16024
#: serverguide/C/network-auth.xml:2159(para)
16023
#: serverguide/C/network-auth.xml:2166(para)
16025
16024
msgid "Other man pages:"
16028
#: serverguide/C/network-auth.xml:2164(ulink)
16027
#: serverguide/C/network-auth.xml:2171(ulink)
16029
16028
msgid "auth-client-config"
16032
#: serverguide/C/network-auth.xml:2165(ulink)
16031
#: serverguide/C/network-auth.xml:2172(ulink)
16033
16032
msgid "pam-auth-update"
16036
#: serverguide/C/network-auth.xml:2171(para)
16035
#: serverguide/C/network-auth.xml:2178(para)
16038
16037
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
16039
16038
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
16042
#: serverguide/C/network-auth.xml:2177(para)
16041
#: serverguide/C/network-auth.xml:2184(para)
16044
16043
"A Ubuntu community <ulink "
16045
16044
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16046
16045
"wiki</ulink> page has a collection of notes"
16049
#: serverguide/C/network-auth.xml:2183(para)
16048
#: serverguide/C/network-auth.xml:2190(para)
16051
16050
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16052
16051
"Administration</ulink> (textbook; 2003)"
16055
#: serverguide/C/network-auth.xml:2189(para)
16054
#: serverguide/C/network-auth.xml:2196(para)
16057
16056
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16058
16057
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
16061
#: serverguide/C/network-auth.xml:2200(title)
16060
#: serverguide/C/network-auth.xml:2207(title)
16062
16061
msgid "Samba and LDAP"
16065
#: serverguide/C/network-auth.xml:2202(para)
16064
#: serverguide/C/network-auth.xml:2209(para)
16067
16066
"This section covers the integration of Samba with LDAP. The Samba server's "
16068
16067
"role will be that of a \"standalone\" server and the LDAP directory will "
16094
16093
"install it."
16097
#: serverguide/C/network-auth.xml:2223(para)
16096
#: serverguide/C/network-auth.xml:2230(para)
16098
16097
msgid "Install these packages now:"
16101
#: serverguide/C/network-auth.xml:2228(command)
16100
#: serverguide/C/network-auth.xml:2235(command)
16102
16101
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16105
#: serverguide/C/network-auth.xml:2234(title)
16104
#: serverguide/C/network-auth.xml:2241(title)
16106
16105
msgid "LDAP Configuration"
16109
#: serverguide/C/network-auth.xml:2236(para)
16108
#: serverguide/C/network-auth.xml:2243(para)
16111
16110
"We will now configure the LDAP server so that it can accomodate Samba data. "
16112
16111
"We will perform three tasks in this section:"
16115
#: serverguide/C/network-auth.xml:2243(para)
16114
#: serverguide/C/network-auth.xml:2250(para)
16116
16115
msgid "Import a schema"
16119
#: serverguide/C/network-auth.xml:2247(para)
16118
#: serverguide/C/network-auth.xml:2254(para)
16120
16119
msgid "Index some entries"
16123
#: serverguide/C/network-auth.xml:2251(para)
16122
#: serverguide/C/network-auth.xml:2258(para)
16124
16123
msgid "Add objects"
16127
#: serverguide/C/network-auth.xml:2257(title)
16126
#: serverguide/C/network-auth.xml:2264(title)
16128
16127
msgid "Samba schema"
16131
#: serverguide/C/network-auth.xml:2259(para)
16130
#: serverguide/C/network-auth.xml:2266(para)
16133
16132
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16134
16133
"will need to use attributes that can properly describe Samba data. Such "
16186
16185
"include /etc/ldap/schema/samba.schema\n"
16189
#: serverguide/C/network-auth.xml:2311(para)
16188
#: serverguide/C/network-auth.xml:2318(para)
16190
16189
msgid "Have the directory <filename>ldif_output</filename> hold output."
16193
#: serverguide/C/network-auth.xml:2322(command)
16192
#: serverguide/C/network-auth.xml:2329(command)
16195
16194
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16198
#: serverguide/C/network-auth.xml:2323(computeroutput)
16197
#: serverguide/C/network-auth.xml:2330(computeroutput)
16202
16201
"dn: cn={14}samba,cn=schema,cn=config\n"
16205
#: serverguide/C/network-auth.xml:2331(para)
16204
#: serverguide/C/network-auth.xml:2338(para)
16206
16205
msgid "Convert the schema to LDIF format:"
16209
#: serverguide/C/network-auth.xml:2336(command)
16208
#: serverguide/C/network-auth.xml:2343(command)
16211
16210
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16212
16211
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16215
#: serverguide/C/network-auth.xml:2343(para)
16214
#: serverguide/C/network-auth.xml:2350(para)
16217
16216
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16218
16217
"information to arrive at:"
16221
#: serverguide/C/network-auth.xml:2347(programlisting)
16220
#: serverguide/C/network-auth.xml:2354(programlisting)
16244
16243
"modifyTimestamp: 20080827045234Z\n"
16247
#: serverguide/C/network-auth.xml:2373(para)
16246
#: serverguide/C/network-auth.xml:2380(para)
16248
16247
msgid "Add the new schema:"
16251
#: serverguide/C/network-auth.xml:2378(command)
16250
#: serverguide/C/network-auth.xml:2385(command)
16252
16251
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16255
#: serverguide/C/network-auth.xml:2381(para)
16254
#: serverguide/C/network-auth.xml:2388(para)
16256
16255
msgid "To query and view this new schema:"
16259
#: serverguide/C/network-auth.xml:2386(command)
16258
#: serverguide/C/network-auth.xml:2393(command)
16261
16260
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16262
16261
"'cn=*samba*'"
16265
#: serverguide/C/network-auth.xml:2396(title)
16264
#: serverguide/C/network-auth.xml:2403(title)
16266
16265
msgid "Samba indices"
16269
#: serverguide/C/network-auth.xml:2398(para)
16268
#: serverguide/C/network-auth.xml:2405(para)
16271
16270
"Now that slapd knows about the Samba attributes, we can set up some indices "
16272
16271
"based on them. Indexing entries is a way to improve performance when a "
16273
16272
"client performs a filtered search on the DIT."
16276
#: serverguide/C/network-auth.xml:2403(para)
16275
#: serverguide/C/network-auth.xml:2410(para)
16278
16277
"Create the file <filename>samba_indices.ldif</filename> with the following "
16282
#: serverguide/C/network-auth.xml:2407(programlisting)
16281
#: serverguide/C/network-auth.xml:2414(programlisting)
16336
16335
"smbldap-tools')."
16339
#: serverguide/C/network-auth.xml:2459(para)
16338
#: serverguide/C/network-auth.xml:2461(para)
16341
16340
"To manually configure the package, you need to create and edit the files "
16342
16341
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16343
16342
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16346
#: serverguide/C/network-auth.xml:2464(para)
16345
#: serverguide/C/network-auth.xml:2466(para)
16348
16347
"The <application>smbldap-populate</application> script will then add the "
16349
16348
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16350
16349
"your DIT using <application>slapcat</application>:"
16353
#: serverguide/C/network-auth.xml:2473(command)
16352
#: serverguide/C/network-auth.xml:2472(command)
16354
16353
msgid "sudo slapcat -l backup.ldif"
16357
#: serverguide/C/network-auth.xml:2476(para)
16356
#: serverguide/C/network-auth.xml:2475(para)
16358
16357
msgid "Once you have a backup proceed to populate your directory:"
16361
#: serverguide/C/network-auth.xml:2481(command)
16360
#: serverguide/C/network-auth.xml:2480(command)
16362
16361
msgid "sudo smbldap-populate"
16365
#: serverguide/C/network-auth.xml:2484(para)
16364
#: serverguide/C/network-auth.xml:2483(para)
16367
16366
"You can create a LDIF file containing the new Samba objects by executing "
16368
16367
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16438
16437
"<application>libnss-ldap</application>):"
16441
#: serverguide/C/network-auth.xml:2553(command)
16440
#: serverguide/C/network-auth.xml:2552(command)
16442
16441
msgid "sudo smbpasswd -a username"
16445
#: serverguide/C/network-auth.xml:2556(para)
16444
#: serverguide/C/network-auth.xml:2555(para)
16447
16446
"You will prompted to enter a password. It will be considered as the new "
16448
16447
"password for that user. Making it the same as before is reasonable."
16451
#: serverguide/C/network-auth.xml:2560(para)
16450
#: serverguide/C/network-auth.xml:2559(para)
16453
16452
"To manage user, group, and machine accounts use the utilities provided by "
16454
16453
"the <application>smbldap-tools</application> package. Here are some examples:"
16457
#: serverguide/C/network-auth.xml:2568(para)
16456
#: serverguide/C/network-auth.xml:2567(para)
16458
16457
msgid "To add a new user:"
16461
#: serverguide/C/network-auth.xml:2573(command)
16460
#: serverguide/C/network-auth.xml:2572(command)
16462
16461
msgid "sudo smbldap-useradd -a -P username"
16465
#: serverguide/C/network-auth.xml:2576(para)
16464
#: serverguide/C/network-auth.xml:2575(para)
16467
16466
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16468
16467
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16470
16469
"a password for the user."
16473
#: serverguide/C/network-auth.xml:2583(para)
16472
#: serverguide/C/network-auth.xml:2582(para)
16474
16473
msgid "To remove a user:"
16477
#: serverguide/C/network-auth.xml:2588(command)
16476
#: serverguide/C/network-auth.xml:2587(command)
16478
16477
msgid "sudo smbldap-userdel username"
16481
#: serverguide/C/network-auth.xml:2591(para)
16480
#: serverguide/C/network-auth.xml:2590(para)
16483
16482
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16484
16483
"user's home directory."
16487
#: serverguide/C/network-auth.xml:2597(para)
16486
#: serverguide/C/network-auth.xml:2596(para)
16488
16487
msgid "To add a group:"
16491
#: serverguide/C/network-auth.xml:2602(command)
16490
#: serverguide/C/network-auth.xml:2601(command)
16492
16491
msgid "sudo smbldap-groupadd -a groupname"
16495
#: serverguide/C/network-auth.xml:2605(para)
16494
#: serverguide/C/network-auth.xml:2604(para)
16497
16496
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16498
16497
"a</emphasis> adds the Samba attributes."
16501
#: serverguide/C/network-auth.xml:2611(para)
16500
#: serverguide/C/network-auth.xml:2610(para)
16502
16501
msgid "To make an existing user a member of a group:"
16505
#: serverguide/C/network-auth.xml:2616(command)
16504
#: serverguide/C/network-auth.xml:2615(command)
16506
16505
msgid "sudo smbldap-groupmod -m username groupname"
16509
#: serverguide/C/network-auth.xml:2619(para)
16508
#: serverguide/C/network-auth.xml:2618(para)
16511
16510
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16512
16511
"listing them in comma-separated format."
16515
#: serverguide/C/network-auth.xml:2625(para)
16514
#: serverguide/C/network-auth.xml:2624(para)
16516
16515
msgid "To remove a user from a group:"
16519
#: serverguide/C/network-auth.xml:2630(command)
16518
#: serverguide/C/network-auth.xml:2629(command)
16520
16519
msgid "sudo smbldap-groupmod -x username groupname"
16523
#: serverguide/C/network-auth.xml:2636(para)
16522
#: serverguide/C/network-auth.xml:2635(para)
16524
16523
msgid "To add a Samba machine account:"
16527
#: serverguide/C/network-auth.xml:2641(command)
16526
#: serverguide/C/network-auth.xml:2640(command)
16528
16527
msgid "sudo smbldap-useradd -t 0 -w username"
16531
#: serverguide/C/network-auth.xml:2644(para)
16530
#: serverguide/C/network-auth.xml:2643(para)
16533
16532
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16534
16533
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16538
16537
"<application>smbldap-useradd</application>."
16541
#: serverguide/C/network-auth.xml:2653(para)
16540
#: serverguide/C/network-auth.xml:2652(para)
16543
16542
"There are utilities in the <application>smbldap-tools</application> package "
16544
16543
"that were not covered here. Here is a complete list:"
16546
#: serverguide/C/network-auth.xml:2657(ulink)
16547
msgid "smbldap-groupadd"
16547
16550
#: serverguide/C/network-auth.xml:2658(ulink)
16548
msgid "smbldap-groupadd"
16551
msgid "smbldap-groupdel"
16551
16554
#: serverguide/C/network-auth.xml:2659(ulink)
16552
msgid "smbldap-groupdel"
16555
msgid "smbldap-groupmod"
16555
16558
#: serverguide/C/network-auth.xml:2660(ulink)
16556
msgid "smbldap-groupmod"
16559
msgid "smbldap-groupshow"
16559
16562
#: serverguide/C/network-auth.xml:2661(ulink)
16560
msgid "smbldap-groupshow"
16563
msgid "smbldap-passwd"
16563
16566
#: serverguide/C/network-auth.xml:2662(ulink)
16564
msgid "smbldap-passwd"
16567
msgid "smbldap-populate"
16567
16570
#: serverguide/C/network-auth.xml:2663(ulink)
16568
msgid "smbldap-populate"
16571
msgid "smbldap-useradd"
16571
16574
#: serverguide/C/network-auth.xml:2664(ulink)
16572
msgid "smbldap-useradd"
16575
msgid "smbldap-userdel"
16575
16578
#: serverguide/C/network-auth.xml:2665(ulink)
16576
msgid "smbldap-userdel"
16579
msgid "smbldap-userinfo"
16579
16582
#: serverguide/C/network-auth.xml:2666(ulink)
16580
msgid "smbldap-userinfo"
16583
msgid "smbldap-userlist"
16583
16586
#: serverguide/C/network-auth.xml:2667(ulink)
16584
msgid "smbldap-userlist"
16587
msgid "smbldap-usermod"
16587
16590
#: serverguide/C/network-auth.xml:2668(ulink)
16588
msgid "smbldap-usermod"
16591
#: serverguide/C/network-auth.xml:2669(ulink)
16592
16591
msgid "smbldap-usershow"
16595
#: serverguide/C/network-auth.xml:2677(para)
16594
#: serverguide/C/network-auth.xml:2679(para)
16597
16596
"For more information on installing and configuring Samba see <xref "
16598
16597
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16601
#: serverguide/C/network-auth.xml:2686(para)
16600
#: serverguide/C/network-auth.xml:2685(para)
16603
16602
"There are multiple places where LDAP and Samba is documented in the upstream "
16604
16603
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16605
16604
"HOWTO Collection</ulink>."
16608
#: serverguide/C/network-auth.xml:2693(para)
16607
#: serverguide/C/network-auth.xml:2692(para)
16610
16609
"Regarding the above, see specifically the <ulink "
16611
16610
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16612
16611
"Collection/passdb.html\">passdb section</ulink>."
16615
#: serverguide/C/network-auth.xml:2699(para)
16614
#: serverguide/C/network-auth.xml:2698(para)
16617
16616
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16618
16617
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16619
16618
"valuable notes."
16622
#: serverguide/C/network-auth.xml:2705(para)
16621
#: serverguide/C/network-auth.xml:2704(para)
16624
16623
"The main page of the <ulink "
16625
16624
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16640
16639
"network environment one step closer to being Single Sign On (SSO)."
16643
#: serverguide/C/network-auth.xml:2726(para)
16642
#: serverguide/C/network-auth.xml:2725(para)
16645
16644
"This section covers installation and configuration of a Kerberos server, and "
16646
16645
"some example client configurations."
16649
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16648
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16650
16649
msgid "Overview"
16653
#: serverguide/C/network-auth.xml:2733(para)
16652
#: serverguide/C/network-auth.xml:2732(para)
16655
16654
"If you are new to Kerberos there are a few terms that are good to understand "
16656
16655
"before setting up a Kerberos server. Most of the terms will relate to things "
16657
16656
"you may be familiar with in other environments:"
16660
#: serverguide/C/network-auth.xml:2740(para)
16659
#: serverguide/C/network-auth.xml:2739(para)
16662
16661
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16663
16662
"by servers need to be defined as Kerberos Principals."
16666
#: serverguide/C/network-auth.xml:2745(para)
16665
#: serverguide/C/network-auth.xml:2744(para)
16668
16667
"<emphasis>Instances:</emphasis> are used for service principals and special "
16669
16668
"administrative principals."
16672
#: serverguide/C/network-auth.xml:2750(para)
16671
#: serverguide/C/network-auth.xml:2749(para)
16674
16673
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16675
16674
"Kerberos installation. Think of it as the domain or group your hosts and "
16724
16723
"entering another username and password."
16727
#: serverguide/C/network-auth.xml:2798(title)
16726
#: serverguide/C/network-auth.xml:2797(title)
16728
16727
msgid "Kerberos Server"
16731
#: serverguide/C/network-auth.xml:2802(para)
16730
#: serverguide/C/network-auth.xml:2801(para)
16733
16732
"For this discussion, we will create a MIT Kerberos domain with the following "
16734
16733
"features (edit them to fit your needs):"
16737
#: serverguide/C/network-auth.xml:2809(para)
16736
#: serverguide/C/network-auth.xml:2808(para)
16738
16737
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16741
#: serverguide/C/network-auth.xml:2814(para)
16740
#: serverguide/C/network-auth.xml:2813(para)
16742
16741
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16745
#: serverguide/C/network-auth.xml:2819(para)
16744
#: serverguide/C/network-auth.xml:2818(para)
16746
16745
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16749
#: serverguide/C/network-auth.xml:2824(para)
16748
#: serverguide/C/network-auth.xml:2823(para)
16750
16749
msgid "<emphasis>User principal:</emphasis> steve"
16753
#: serverguide/C/network-auth.xml:2829(para)
16752
#: serverguide/C/network-auth.xml:2828(para)
16754
16753
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16757
#: serverguide/C/network-auth.xml:2836(para)
16756
#: serverguide/C/network-auth.xml:2835(para)
16759
16758
"It is <emphasis>strongly</emphasis> recommended that your network-"
16760
16759
"authenticated users have their uid in a different range (say, starting at "
16761
16760
"5000) than that of your local users."
16764
#: serverguide/C/network-auth.xml:2842(para)
16763
#: serverguide/C/network-auth.xml:2841(para)
16766
16765
"Before installing the Kerberos server a properly configured DNS server is "
16767
16766
"needed for your domain. Since the Kerberos Realm by convention matches the "
16780
16779
"setting up NTP see <xref linkend=\"NTP\"/>."
16783
#: serverguide/C/network-auth.xml:2856(para)
16782
#: serverguide/C/network-auth.xml:2855(para)
16785
16784
"The first step in creating a Kerberos Realm is to install the "
16786
16785
"<application>krb5-kdc</application> and <application>krb5-admin-"
16787
16786
"server</application> packages. From a terminal enter:"
16790
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16789
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16791
16790
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16794
#: serverguide/C/network-auth.xml:2865(para)
16793
#: serverguide/C/network-auth.xml:2864(para)
16796
16795
"You will be asked at the end of the install to supply the hostname for the "
16797
16796
"Kerberos and Admin servers, which may or may not be the same server, for the "
16801
#: serverguide/C/network-auth.xml:2872(para)
16800
#: serverguide/C/network-auth.xml:2871(para)
16802
16801
msgid "By default the realm is created from the KDC's domain name."
16805
#: serverguide/C/network-auth.xml:2877(para)
16804
#: serverguide/C/network-auth.xml:2876(para)
16807
16806
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16811
#: serverguide/C/network-auth.xml:2882(command)
16810
#: serverguide/C/network-auth.xml:2881(command)
16812
16811
msgid "sudo krb5_newrealm"
16815
#: serverguide/C/network-auth.xml:2889(para)
16814
#: serverguide/C/network-auth.xml:2888(para)
16817
16816
"The questions asked during installation are used to configure the "
16818
16817
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16907
16906
"<emphasis>kadm5.acl</emphasis> man page for details."
16910
#: serverguide/C/network-auth.xml:2959(para)
16909
#: serverguide/C/network-auth.xml:2958(para)
16912
16911
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16913
16912
"to take affect:"
16916
#: serverguide/C/network-auth.xml:2961(command)
16915
#: serverguide/C/network-auth.xml:2963(command)
16917
16916
msgid "sudo service krb5-admin-server restart"
16920
#: serverguide/C/network-auth.xml:2970(para)
16919
#: serverguide/C/network-auth.xml:2969(para)
16922
16921
"The new user principal can be tested using the <application>kinit "
16923
16922
"utility</application>:"
16926
#: serverguide/C/network-auth.xml:2975(command)
16925
#: serverguide/C/network-auth.xml:2974(command)
16927
16926
msgid "kinit steve/admin"
16930
#: serverguide/C/network-auth.xml:2976(computeroutput)
16929
#: serverguide/C/network-auth.xml:2975(computeroutput)
16932
16931
msgid "steve/admin@EXAMPLE.COM's Password:"
16935
#: serverguide/C/network-auth.xml:2979(para)
16934
#: serverguide/C/network-auth.xml:2978(para)
16937
16936
"After entering the password, use the <application>klist</application> "
16938
16937
"utility to view information about the Ticket Granting Ticket (TGT):"
16941
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16940
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
16942
16941
msgid "klist"
16945
#: serverguide/C/network-auth.xml:2986(computeroutput)
16944
#: serverguide/C/network-auth.xml:2985(computeroutput)
16948
16947
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
17023
17022
"of those networks."
17026
#: serverguide/C/network-auth.xml:3064(para)
17025
#: serverguide/C/network-auth.xml:3063(para)
17028
17027
"First, install the packages, and when asked for the Kerberos and Admin "
17029
17028
"server names enter the name of the Primary KDC:"
17032
#: serverguide/C/network-auth.xml:3075(para)
17031
#: serverguide/C/network-auth.xml:3074(para)
17034
17033
"Once you have the packages installed, create the Secondary KDC's host "
17035
17034
"principal. From a terminal prompt, enter:"
17038
#: serverguide/C/network-auth.xml:3080(command)
17037
#: serverguide/C/network-auth.xml:3079(command)
17039
17038
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
17042
#: serverguide/C/network-auth.xml:3084(para)
17041
#: serverguide/C/network-auth.xml:3083(para)
17044
17043
"After, issuing any <application>kadmin</application> commands you will be "
17045
17044
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
17049
#: serverguide/C/network-auth.xml:3093(para)
17048
#: serverguide/C/network-auth.xml:3092(para)
17050
17049
msgid "Extract the <emphasis>keytab</emphasis> file:"
17053
#: serverguide/C/network-auth.xml:3098(command)
17052
#: serverguide/C/network-auth.xml:3097(command)
17054
17053
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
17057
#: serverguide/C/network-auth.xml:3104(para)
17056
#: serverguide/C/network-auth.xml:3103(para)
17059
17058
"There should now be a <filename>keytab.kdc02</filename> in the current "
17060
17059
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17063
#: serverguide/C/network-auth.xml:3110(command)
17062
#: serverguide/C/network-auth.xml:3109(command)
17064
17063
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17067
#: serverguide/C/network-auth.xml:3114(para)
17066
#: serverguide/C/network-auth.xml:3113(para)
17069
17068
"If the path to the <filename>keytab.kdc02</filename> file is different "
17070
17069
"adjust accordingly."
17073
#: serverguide/C/network-auth.xml:3119(para)
17072
#: serverguide/C/network-auth.xml:3118(para)
17075
17074
"Also, you can list the principals in a Keytab file, which can be useful when "
17076
17075
"troubleshooting, using the <application>klist</application> utility:"
17079
#: serverguide/C/network-auth.xml:3125(command)
17078
#: serverguide/C/network-auth.xml:3124(command)
17080
17079
msgid "sudo klist -k /etc/krb5.keytab"
17083
#: serverguide/C/network-auth.xml:3128(para)
17082
#: serverguide/C/network-auth.xml:3127(para)
17085
17084
"The <application>-k</application> option indicates the file is a keytab file."
17088
#: serverguide/C/network-auth.xml:3135(para)
17087
#: serverguide/C/network-auth.xml:3134(para)
17090
17089
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17091
17090
"that lists all KDCs for the Realm. For example, on both primary and "
17092
17091
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17095
#: serverguide/C/network-auth.xml:3140(programlisting)
17094
#: serverguide/C/network-auth.xml:3139(programlisting)
17100
17099
"host/kdc02.example.com@EXAMPLE.COM\n"
17103
#: serverguide/C/network-auth.xml:3148(para)
17102
#: serverguide/C/network-auth.xml:3147(para)
17104
17103
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17107
#: serverguide/C/network-auth.xml:3153(command)
17106
#: serverguide/C/network-auth.xml:3152(command)
17108
17107
msgid "sudo kdb5_util -s create"
17111
#: serverguide/C/network-auth.xml:3159(para)
17110
#: serverguide/C/network-auth.xml:3158(para)
17113
17112
"Now start the <application>kpropd</application> daemon, which listens for "
17114
17113
"connections from the <application>kprop</application> utility. "
17115
17114
"<application>kprop</application> is used to transfer dump files:"
17118
#: serverguide/C/network-auth.xml:3166(command)
17117
#: serverguide/C/network-auth.xml:3165(command)
17119
17118
msgid "sudo kpropd -S"
17122
#: serverguide/C/network-auth.xml:3172(para)
17121
#: serverguide/C/network-auth.xml:3171(para)
17124
17123
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17125
17124
"of the principal database:"
17128
#: serverguide/C/network-auth.xml:3177(command)
17127
#: serverguide/C/network-auth.xml:3176(command)
17129
17128
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17132
#: serverguide/C/network-auth.xml:3183(para)
17131
#: serverguide/C/network-auth.xml:3182(para)
17134
17133
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17135
17134
"<filename>/etc/krb5.keytab</filename>:"
17137
#: serverguide/C/network-auth.xml:3187(command)
17138
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17138
17141
#: serverguide/C/network-auth.xml:3188(command)
17139
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17142
#: serverguide/C/network-auth.xml:3189(command)
17143
17142
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17146
#: serverguide/C/network-auth.xml:3193(para)
17145
#: serverguide/C/network-auth.xml:3192(para)
17148
17147
"Make sure there is a <emphasis>host</emphasis> for "
17149
17148
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17152
#: serverguide/C/network-auth.xml:3201(para)
17151
#: serverguide/C/network-auth.xml:3200(para)
17154
17153
"Using the <application>kprop</application> utility push the database to the "
17155
17154
"Secondary KDC:"
17158
#: serverguide/C/network-auth.xml:3206(command)
17157
#: serverguide/C/network-auth.xml:3205(command)
17159
17158
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17162
#: serverguide/C/network-auth.xml:3210(para)
17161
#: serverguide/C/network-auth.xml:3209(para)
17164
17163
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17165
17164
"worked. If there is an error message check "
17304
17303
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17307
#: serverguide/C/network-auth.xml:3341(para)
17306
#: serverguide/C/network-auth.xml:3340(para)
17309
17308
"This will avoid being asked for the (non-existent) Kerberos password of a "
17310
17309
"locally authenticated user when changing its password using "
17311
17310
"<command>passwd</command>."
17314
#: serverguide/C/network-auth.xml:3348(para)
17313
#: serverguide/C/network-auth.xml:3347(para)
17316
17315
"You can test the configuration by requesting a ticket using the "
17317
17316
"<application>kinit</application> utility. For example:"
17320
#: serverguide/C/network-auth.xml:3353(command)
17319
#: serverguide/C/network-auth.xml:3352(command)
17321
17320
msgid "kinit steve@EXAMPLE.COM"
17324
#: serverguide/C/network-auth.xml:3354(computeroutput)
17323
#: serverguide/C/network-auth.xml:3353(computeroutput)
17326
17325
msgid "Password for steve@EXAMPLE.COM:"
17329
#: serverguide/C/network-auth.xml:3357(para)
17328
#: serverguide/C/network-auth.xml:3356(para)
17331
17330
"When a ticket has been granted, the details can be viewed using "
17332
17331
"<application>klist</application>:"
17335
#: serverguide/C/network-auth.xml:3363(computeroutput)
17334
#: serverguide/C/network-auth.xml:3362(computeroutput)
17338
17337
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17347
17346
"klist: You have no tickets cached"
17350
#: serverguide/C/network-auth.xml:3375(para)
17349
#: serverguide/C/network-auth.xml:3374(para)
17352
17351
"Next, use the <application>auth-client-config</application> to configure the "
17353
17352
"<application>libpam-krb5</application> module to request a ticket during "
17357
#: serverguide/C/network-auth.xml:3381(command)
17356
#: serverguide/C/network-auth.xml:3380(command)
17358
17357
msgid "sudo auth-client-config -a -p kerberos_example"
17361
#: serverguide/C/network-auth.xml:3384(para)
17360
#: serverguide/C/network-auth.xml:3383(para)
17363
17362
"You will should now receive a ticket upon successful login authentication."
17366
#: serverguide/C/network-auth.xml:3395(para)
17365
#: serverguide/C/network-auth.xml:3394(para)
17368
17367
"For more information on MIT's version of Kerberos, see the <ulink "
17369
17368
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17372
#: serverguide/C/network-auth.xml:3400(para)
17371
#: serverguide/C/network-auth.xml:3399(para)
17374
17373
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17375
17374
"Kerberos</ulink> page has more details."
17378
#: serverguide/C/network-auth.xml:3405(para)
17377
#: serverguide/C/network-auth.xml:3404(para)
17380
17379
"O'Reilly's <ulink "
17381
17380
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17382
17381
"Guide</ulink> is a great reference when setting up Kerberos."
17385
#: serverguide/C/network-auth.xml:3411(para)
17384
#: serverguide/C/network-auth.xml:3410(para)
17387
17386
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17388
17387
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17389
17388
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17392
#: serverguide/C/network-auth.xml:3423(title)
17391
#: serverguide/C/network-auth.xml:3422(title)
17393
17392
msgid "Kerberos and LDAP"
17396
#: serverguide/C/network-auth.xml:3425(para)
17395
#: serverguide/C/network-auth.xml:3424(para)
17398
17397
"Most people will not use Kerberos by itself; once an user is authenticated "
17399
17398
"(Kerberos), we need to figure out what this user can do (authorization). And "
17400
17399
"that would be the job of programs such as <application>LDAP</application>."
17403
#: serverguide/C/network-auth.xml:3432(para)
17402
#: serverguide/C/network-auth.xml:3431(para)
17405
17404
"Replicating a Kerberos principal database between two servers can be "
17406
17405
"complicated, and adds an additional user database to your network. "
17429
17428
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17432
#: serverguide/C/network-auth.xml:3456(para)
17431
#: serverguide/C/network-auth.xml:3455(para)
17434
17433
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17435
17434
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17436
17435
"linkend=\"openldap-tls\"/> for details."
17439
#: serverguide/C/network-auth.xml:3462(para)
17438
#: serverguide/C/network-auth.xml:3461(para)
17441
17440
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17442
17441
"edit the ldap database. Many times it is the RootDN. Change its value to "
17443
17442
"reflect your setup."
17446
#: serverguide/C/network-auth.xml:3471(para)
17445
#: serverguide/C/network-auth.xml:3470(para)
17448
17447
"To load the schema into LDAP, on the LDAP server install the "
17449
17448
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17452
#: serverguide/C/network-auth.xml:3477(command)
17451
#: serverguide/C/network-auth.xml:3476(command)
17453
17452
msgid "sudo apt-get install krb5-kdc-ldap"
17456
#: serverguide/C/network-auth.xml:3482(para)
17455
#: serverguide/C/network-auth.xml:3481(para)
17457
17456
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17459
#: serverguide/C/network-auth.xml:3486(command)
17460
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17460
17463
#: serverguide/C/network-auth.xml:3487(command)
17461
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17464
#: serverguide/C/network-auth.xml:3488(command)
17466
17465
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17469
#: serverguide/C/network-auth.xml:3494(para)
17468
#: serverguide/C/network-auth.xml:3493(para)
17471
17470
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17472
17471
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17500
17499
"include /etc/ldap/schema/kerberos.schema\n"
17503
#: serverguide/C/network-auth.xml:3527(para)
17502
#: serverguide/C/network-auth.xml:3526(para)
17504
17503
msgid "Create a temporary directory to hold the LDIF files:"
17507
#: serverguide/C/network-auth.xml:3531(command)
17506
#: serverguide/C/network-auth.xml:3530(command)
17508
17507
msgid "mkdir /tmp/ldif_output"
17511
#: serverguide/C/network-auth.xml:3537(para)
17510
#: serverguide/C/network-auth.xml:3536(para)
17513
17512
"Now use <application>slapcat</application> to convert the schema files:"
17516
#: serverguide/C/network-auth.xml:3542(command)
17515
#: serverguide/C/network-auth.xml:3541(command)
17518
17517
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17519
17518
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17522
#: serverguide/C/network-auth.xml:3546(para)
17521
#: serverguide/C/network-auth.xml:3545(para)
17524
17523
"Change the above file and path names to match your own if they are different."
17527
#: serverguide/C/network-auth.xml:3553(para)
17526
#: serverguide/C/network-auth.xml:3552(para)
17529
17528
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17530
17529
"changing the following attributes:"
17533
#: serverguide/C/network-auth.xml:3557(programlisting)
17532
#: serverguide/C/network-auth.xml:3556(programlisting)
17624
17623
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17627
#: serverguide/C/network-auth.xml:3639(para)
17626
#: serverguide/C/network-auth.xml:3638(para)
17629
17628
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17633
#: serverguide/C/network-auth.xml:3645(title)
17632
#: serverguide/C/network-auth.xml:3644(title)
17634
17633
msgid "Primary KDC Configuration"
17637
#: serverguide/C/network-auth.xml:3647(para)
17636
#: serverguide/C/network-auth.xml:3646(para)
17639
17638
"With <application>OpenLDAP</application> configured it is time to configure "
17643
#: serverguide/C/network-auth.xml:3653(para)
17642
#: serverguide/C/network-auth.xml:3652(para)
17644
17643
msgid "First, install the necessary packages, from a terminal enter:"
17647
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17646
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17648
17647
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17651
#: serverguide/C/network-auth.xml:3664(para)
17650
#: serverguide/C/network-auth.xml:3663(para)
17653
17652
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17654
17653
"under the appropriate sections:"
17657
#: serverguide/C/network-auth.xml:3668(programlisting)
17656
#: serverguide/C/network-auth.xml:3667(programlisting)
17733
17732
"<filename>/etc/krb5.conf</filename>:"
17736
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17735
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17738
17737
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17739
17738
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17742
#: serverguide/C/network-auth.xml:3747(para)
17741
#: serverguide/C/network-auth.xml:3746(para)
17743
17742
msgid "Copy the CA certificate from the LDAP server:"
17745
#: serverguide/C/network-auth.xml:3751(command)
17746
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17746
17749
#: serverguide/C/network-auth.xml:3752(command)
17747
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17750
#: serverguide/C/network-auth.xml:3753(command)
17751
17750
msgid "sudo cp cacert.pem /etc/ssl/certs"
17754
#: serverguide/C/network-auth.xml:3756(para)
17753
#: serverguide/C/network-auth.xml:3755(para)
17756
17755
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17759
#: serverguide/C/network-auth.xml:3760(programlisting)
17758
#: serverguide/C/network-auth.xml:3759(programlisting)
17763
17762
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17766
#: serverguide/C/network-auth.xml:3765(para)
17765
#: serverguide/C/network-auth.xml:3764(para)
17768
17767
"The certificate will also need to be copied to the Secondary KDC, to allow "
17769
17768
"the connection to the LDAP servers using LDAPS."
17772
#: serverguide/C/network-auth.xml:3774(para)
17771
#: serverguide/C/network-auth.xml:3773(para)
17774
17773
"You can now add Kerberos principals to the LDAP database, and they will be "
17775
17774
"copied to any other LDAP servers configured for replication. To add a "
17776
17775
"principal using the <application>kadmin.local</application> utility enter:"
17779
#: serverguide/C/network-auth.xml:3782(userinput)
17778
#: serverguide/C/network-auth.xml:3781(userinput)
17781
17780
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17784
#: serverguide/C/network-auth.xml:3781(computeroutput)
17783
#: serverguide/C/network-auth.xml:3780(computeroutput)
17787
17786
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17891
#: serverguide/C/network-auth.xml:3892(command)
17892
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17892
17895
#: serverguide/C/network-auth.xml:3893(command)
17893
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17896
#: serverguide/C/network-auth.xml:3894(command)
17897
17896
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17900
#: serverguide/C/network-auth.xml:3898(para)
17899
#: serverguide/C/network-auth.xml:3897(para)
17902
17901
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17905
#: serverguide/C/network-auth.xml:3906(para)
17904
#: serverguide/C/network-auth.xml:3905(para)
17907
17906
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17911
#: serverguide/C/network-auth.xml:3918(para)
17910
#: serverguide/C/network-auth.xml:3917(para)
17912
17911
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17915
#: serverguide/C/network-auth.xml:3929(para)
17914
#: serverguide/C/network-auth.xml:3928(para)
17916
17915
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17919
#: serverguide/C/network-auth.xml:3936(para)
17918
#: serverguide/C/network-auth.xml:3935(para)
17921
17920
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17922
17921
"you should be able to continue to authenticate users if one LDAP server, one "
17923
17922
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17926
#: serverguide/C/network-auth.xml:3948(para)
17925
#: serverguide/C/network-auth.xml:3947(para)
17928
17927
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17929
17928
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17930
17929
"Guide</ulink> has some additional details."
17933
#: serverguide/C/network-auth.xml:3951(para)
17932
#: serverguide/C/network-auth.xml:3953(para)
17935
17934
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17936
17935
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17969
17968
"requires no modifications to the AD structure."
17972
#: serverguide/C/network-auth.xml:3978(title)
17971
#: serverguide/C/network-auth.xml:3980(title)
17973
17972
msgid "Prerequisites, Assumptions, and Requirements"
17976
#: serverguide/C/network-auth.xml:3981(para)
17975
#: serverguide/C/network-auth.xml:3983(para)
17978
17977
"This guide does not explain Active Directory, how it works, how to set one "
17979
17978
"up, or how to maintain it. It may not provide “best practices” for your "
17980
17979
"environment."
17983
#: serverguide/C/network-auth.xml:3983(para)
17982
#: serverguide/C/network-auth.xml:3985(para)
17985
17984
"This guide assumes that a working Active Directory domain is already "
17986
17985
"configured."
17989
#: serverguide/C/network-auth.xml:3985(para)
17988
#: serverguide/C/network-auth.xml:3987(para)
17991
17990
"The domain controller is acting as an authoritative DNS server for the "
17995
#: serverguide/C/network-auth.xml:3987(para)
17994
#: serverguide/C/network-auth.xml:3989(para)
17997
17996
"The domain controller is the primary DNS resolver as specified in "
17998
17997
"<filename>/etc/resolv.conf</filename>."
18001
#: serverguide/C/network-auth.xml:3990(para)
18000
#: serverguide/C/network-auth.xml:3992(para)
18003
18002
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
18004
18003
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
18005
18004
"(see Resources section for external links)."
18008
#: serverguide/C/network-auth.xml:3992(para)
18007
#: serverguide/C/network-auth.xml:3994(para)
18010
18009
"System time is synchronized on the domain controller (necessary for "
18014
#: serverguide/C/network-auth.xml:3994(para)
18013
#: serverguide/C/network-auth.xml:3996(para)
18016
18015
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
18020
#: serverguide/C/network-auth.xml:3999(para)
18019
#: serverguide/C/network-auth.xml:4001(para)
18022
18021
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
18023
18022
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18213
18212
"sudoers: files sss\n"
18216
#: serverguide/C/network-auth.xml:4101(title)
18215
#: serverguide/C/network-auth.xml:4103(title)
18217
18216
msgid "Modify /etc/hosts"
18220
#: serverguide/C/network-auth.xml:4102(para)
18219
#: serverguide/C/network-auth.xml:4104(para)
18222
18221
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18226
#: serverguide/C/network-auth.xml:4103(programlisting)
18225
#: serverguide/C/network-auth.xml:4105(programlisting)
18228
18227
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18231
#: serverguide/C/network-auth.xml:4105(para)
18230
#: serverguide/C/network-auth.xml:4107(para)
18232
18231
msgid "This is useful in conjunction with dynamic DNS updates."
18235
#: serverguide/C/network-auth.xml:4109(title)
18234
#: serverguide/C/network-auth.xml:4111(title)
18236
18235
msgid "Join the Active Directory"
18239
#: serverguide/C/network-auth.xml:4110(para)
18238
#: serverguide/C/network-auth.xml:4112(para)
18240
18239
msgid "Now, restart ntp and samba and start sssd."
18243
#: serverguide/C/virtualization.xml:2208(command)
18242
#: serverguide/C/network-auth.xml:4113(command)
18244
18243
msgid "sudo service ntp restart"
18247
#: serverguide/C/network-auth.xml:4114(command)
18246
#: serverguide/C/network-auth.xml:4116(command)
18248
18247
msgid "sudo start sssd"
18251
#: serverguide/C/network-auth.xml:4116(para)
18250
#: serverguide/C/network-auth.xml:4118(para)
18252
18251
msgid "Test the configuration by obtaining a Kerberos ticket:"
18255
#: serverguide/C/network-auth.xml:4118(command)
18254
#: serverguide/C/network-auth.xml:4120(command)
18256
18255
msgid "sudo kinit Administrator"
18259
#: serverguide/C/network-auth.xml:4120(para)
18258
#: serverguide/C/network-auth.xml:4122(para)
18260
18259
msgid "Verify the ticket with:"
18263
#: serverguide/C/network-auth.xml:4121(command)
18262
#: serverguide/C/network-auth.xml:4123(command)
18264
18263
msgid "sudo klist"
18267
#: serverguide/C/network-auth.xml:4123(para)
18266
#: serverguide/C/network-auth.xml:4125(para)
18269
18268
"If there is a ticket with an expiration date listed, then it is time to join "
18270
18269
"the domain:"
18273
#: serverguide/C/network-auth.xml:4125(command)
18272
#: serverguide/C/network-auth.xml:4127(command)
18274
18273
msgid "sudo net ads join -k"
18277
#: serverguide/C/network-auth.xml:4127(para)
18276
#: serverguide/C/network-auth.xml:4129(para)
18279
18278
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18280
18279
"probably means that there is no (correct) alias in "
20120
20119
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
20123
#: serverguide/C/mail.xml:304(para)
20122
#: serverguide/C/mail.xml:349(para)
20124
20123
msgid "Then restart Postfix:"
20127
#: serverguide/C/mail.xml:315(para)
20126
#: serverguide/C/mail.xml:360(para)
20129
20128
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
20132
#: serverguide/C/mail.xml:318(para)
20131
#: serverguide/C/mail.xml:363(para)
20133
20132
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
20136
#: serverguide/C/mail.xml:323(command)
20135
#: serverguide/C/mail.xml:368(command)
20137
20136
msgid "telnet mail.example.com 25"
20140
#: serverguide/C/mail.xml:325(para)
20139
#: serverguide/C/mail.xml:370(para)
20142
20141
"After you have established the connection to the postfix mail server, type:"
20145
#: serverguide/C/mail.xml:329(screen)
20144
#: serverguide/C/mail.xml:374(screen)
20149
20148
"ehlo mail.example.com\n"
20152
#: serverguide/C/mail.xml:332(para)
20151
#: serverguide/C/mail.xml:377(para)
20154
20153
"If you see the following lines among others, then everything is working "
20155
20154
"perfectly. Type <command>quit</command> to exit."
20158
#: serverguide/C/mail.xml:336(programlisting)
20157
#: serverguide/C/mail.xml:381(programlisting)
20165
20164
"250 8BITMIME\n"
20168
#: serverguide/C/mail.xml:346(para)
20167
#: serverguide/C/mail.xml:391(para)
20170
20169
"This section introduces some common ways to determine the cause if problems "
20174
#: serverguide/C/mail.xml:350(title)
20173
#: serverguide/C/mail.xml:395(title)
20175
20174
msgid "Escaping chroot"
20178
#: serverguide/C/mail.xml:351(para)
20177
#: serverguide/C/mail.xml:396(para)
20180
20179
"The Ubuntu <application>postfix</application> package will by default "
20181
20180
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
20182
20181
"This can add greater complexity when troubleshooting problems."
20185
#: serverguide/C/mail.xml:355(para)
20184
#: serverguide/C/mail.xml:400(para)
20187
20186
"To turn off the chroot operation locate for the following line in the "
20188
20187
"<filename>/etc/postfix/master.cf</filename> configuration file:"
20191
#: serverguide/C/mail.xml:359(screen)
20190
#: serverguide/C/mail.xml:404(screen)
20195
20194
"smtp inet n - - - - smtpd\n"
20198
#: serverguide/C/mail.xml:362(para)
20197
#: serverguide/C/mail.xml:407(para)
20199
20198
msgid "and modify it as follows:"
20202
#: serverguide/C/mail.xml:365(screen)
20201
#: serverguide/C/mail.xml:410(screen)
20206
20205
"smtp inet n - n - - smtpd\n"
20209
#: serverguide/C/mail.xml:368(para)
20208
#: serverguide/C/mail.xml:413(para)
20211
20210
"You will then need to restart Postfix to use the new configuration. From a "
20212
20211
"terminal prompt enter:"
20247
20246
"<filename>/var/log/mail.warn</filename> respectively."
20250
#: serverguide/C/mail.xml:382(para)
20249
#: serverguide/C/mail.xml:440(para)
20252
20251
"To see messages entered into the logs in real time you can use the "
20253
20252
"<application>tail -f</application> command:"
20256
#: serverguide/C/mail.xml:387(command)
20255
#: serverguide/C/mail.xml:445(command)
20257
20256
msgid "tail -f /var/log/mail.err"
20260
#: serverguide/C/mail.xml:389(para)
20259
#: serverguide/C/mail.xml:447(para)
20262
20261
"The amount of detail that is recorded in the logs can be increased. Below "
20263
20262
"are some configuration options for increasing the log level for some of the "
20264
20263
"areas covered above."
20267
#: serverguide/C/mail.xml:395(para)
20266
#: serverguide/C/mail.xml:453(para)
20269
20268
"To increase <emphasis>TLS</emphasis> activity logging set the "
20270
20269
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20273
#: serverguide/C/mail.xml:399(command)
20272
#: serverguide/C/mail.xml:457(command)
20274
20273
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20277
#: serverguide/C/mail.xml:403(para)
20276
#: serverguide/C/mail.xml:461(para)
20279
20278
"If you are having trouble sending or receiving mail from a specific domain "
20280
20279
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20283
#: serverguide/C/mail.xml:408(command)
20282
#: serverguide/C/mail.xml:466(command)
20284
20283
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20287
#: serverguide/C/mail.xml:412(para)
20286
#: serverguide/C/mail.xml:470(para)
20289
20288
"You can increase the verbosity of any <application>Postfix</application> "
20290
20289
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20414
20413
"in one file you can configure accordingly in this user interface."
20417
#: serverguide/C/mail.xml:514(para)
20416
#: serverguide/C/mail.xml:572(para)
20419
20418
"All the parameters you configure in the user interface are stored in "
20420
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20421
"configure, either you re-run the configuration wizard or manually edit this "
20422
"file using your favorite editor. Once you configure, you can run the "
20419
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20420
"re-configure, either you re-run the configuration wizard or manually edit "
20421
"this file using your favorite editor. Once you configure, you can run the "
20423
20422
"following command to generate the master configuration file:"
20426
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20425
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20427
20426
msgid "sudo update-exim4.conf"
20430
#: serverguide/C/mail.xml:527(para)
20429
#: serverguide/C/mail.xml:585(para)
20432
20431
"The master configuration file, is generated and it is stored in "
20433
20432
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20436
#: serverguide/C/mail.xml:533(para)
20435
#: serverguide/C/mail.xml:591(para)
20438
20437
"At any time, you should not edit the master configuration file, "
20439
20438
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20440
20439
"updated automatically every time you run <command>update-exim4.conf</command>"
20443
#: serverguide/C/mail.xml:541(para)
20442
#: serverguide/C/mail.xml:599(para)
20445
20444
"You can run the following command to start <application>Exim4</application> "
20546
20545
msgid "sudo service exim4 restart"
20549
#: serverguide/C/mail.xml:615(para)
20548
#: serverguide/C/mail.xml:673(para)
20551
20550
"This section provides details on configuring the saslauthd to provide "
20552
20551
"authentication for <application>Exim4</application>."
20555
#: serverguide/C/mail.xml:618(para)
20554
#: serverguide/C/mail.xml:676(para)
20557
20556
"The first step is to install the sasl2-bin package. From a terminal prompt "
20558
20557
"enter the following:"
20561
#: serverguide/C/mail.xml:622(command)
20560
#: serverguide/C/mail.xml:680(command)
20562
20561
msgid "sudo apt-get install sasl2-bin"
20565
#: serverguide/C/mail.xml:624(para)
20564
#: serverguide/C/mail.xml:682(para)
20567
20566
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20568
20567
"and set START=no to:"
20571
#: serverguide/C/mail.xml:630(para)
20570
#: serverguide/C/mail.xml:688(para)
20573
20572
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20574
20573
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20578
#: serverguide/C/mail.xml:635(command)
20577
#: serverguide/C/mail.xml:693(command)
20579
20578
msgid "sudo adduser Debian-exim sasl"
20582
#: serverguide/C/mail.xml:637(para)
20581
#: serverguide/C/mail.xml:695(para)
20583
20582
msgid "Now start the <application>saslauthd</application> service:"
20587
20586
msgid "sudo service saslauthd start"
20590
#: serverguide/C/mail.xml:643(para)
20589
#: serverguide/C/mail.xml:701(para)
20592
20591
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20593
20592
"and SASL authentication."
20596
#: serverguide/C/mail.xml:652(para)
20595
#: serverguide/C/mail.xml:710(para)
20598
20597
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20599
20598
"information."
20602
#: serverguide/C/mail.xml:657(para)
20601
#: serverguide/C/mail.xml:715(para)
20604
20603
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20605
20604
"server\">Exim4 Book</ulink> available."
20608
#: serverguide/C/mail.xml:662(para)
20607
#: serverguide/C/mail.xml:720(para)
20610
20609
"Another resource is the <ulink "
20611
20610
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20615
#: serverguide/C/mail.xml:671(title)
20614
#: serverguide/C/mail.xml:729(title)
20616
20615
msgid "Dovecot Server"
20619
#: serverguide/C/mail.xml:672(para)
20618
#: serverguide/C/mail.xml:730(para)
20621
20620
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20622
20621
"security primarily in mind. It supports the major mailbox formats: mbox or "
20623
20622
"Maildir. This section explain how to set it up as an imap or pop3 server."
20626
#: serverguide/C/mail.xml:680(para)
20625
#: serverguide/C/mail.xml:738(para)
20628
20627
"To install <application>dovecot</application>, run the following command in "
20629
20628
"the command prompt:"
20632
#: serverguide/C/mail.xml:685(command)
20631
#: serverguide/C/mail.xml:743(command)
20633
20632
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20636
#: serverguide/C/mail.xml:690(para)
20635
#: serverguide/C/mail.xml:748(para)
20638
20637
"To configure <application>dovecot</application>, you can edit the file "
20639
20638
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20741
20740
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
20744
#: serverguide/C/mail.xml:786(title)
20743
#: serverguide/C/mail.xml:845(title)
20745
20744
msgid "Firewall Configuration for an Email Server"
20748
#: serverguide/C/mail.xml:792(para)
20747
#: serverguide/C/mail.xml:851(para)
20749
20748
msgid "IMAP - 143"
20752
#: serverguide/C/mail.xml:793(para)
20751
#: serverguide/C/mail.xml:852(para)
20753
20752
msgid "IMAPS - 993"
20756
#: serverguide/C/mail.xml:794(para)
20755
#: serverguide/C/mail.xml:853(para)
20757
20756
msgid "POP3 - 110"
20760
#: serverguide/C/mail.xml:795(para)
20759
#: serverguide/C/mail.xml:854(para)
20761
20760
msgid "POP3S - 995"
20764
#: serverguide/C/mail.xml:787(para)
20763
#: serverguide/C/mail.xml:846(para)
20766
20765
"To access your mail server from another computer, you must configure your "
20767
20766
"firewall to allow connections to the server on the necessary ports. "
20768
20767
"<placeholder-1/>"
20771
#: serverguide/C/mail.xml:804(para)
20770
#: serverguide/C/mail.xml:863(para)
20773
20772
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20774
20773
"more information."
20777
#: serverguide/C/mail.xml:809(para)
20776
#: serverguide/C/mail.xml:868(para)
20779
20778
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20780
20779
"Ubuntu Wiki</ulink> page has more details."
20783
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20782
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20784
20783
msgid "Mailman"
20787
#: serverguide/C/mail.xml:819(para)
20786
#: serverguide/C/mail.xml:878(para)
20789
20788
"Mailman is an open source program for managing electronic mail discussions "
20790
20789
"and e-newsletter lists. Many open source mailing lists (including all the "
20793
20792
"and maintain."
20796
#: serverguide/C/mail.xml:829(para)
20795
#: serverguide/C/mail.xml:888(para)
20798
20797
"Mailman provides a web interface for the administrators and users, using an "
20799
20798
"external mail server to send and receive emails. It works perfectly with the "
20800
20799
"following mail servers:"
20803
#: serverguide/C/mail.xml:840(application)
20802
#: serverguide/C/mail.xml:899(application)
20807
#: serverguide/C/mail.xml:843(application)
20806
#: serverguide/C/mail.xml:902(application)
20808
20807
msgid "Sendmail"
20809
20808
msgstr "Sendmail"
20811
#: serverguide/C/mail.xml:846(application)
20810
#: serverguide/C/mail.xml:905(application)
20812
20811
msgid "Qmail"
20815
#: serverguide/C/mail.xml:851(para)
20814
#: serverguide/C/mail.xml:910(para)
20817
20816
"We will see how to install and configure Mailman with, the Apache web "
20818
20817
"server, and either the Postfix or Exim mail server. If you wish to install "
20819
20818
"Mailman with a different mail server, please refer to the references section."
20822
#: serverguide/C/mail.xml:858(para)
20821
#: serverguide/C/mail.xml:917(para)
20824
20823
"You only need to install one mail server and "
20825
20824
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20828
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20827
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20829
20828
msgid "Apache2"
20832
#: serverguide/C/mail.xml:864(para)
20831
#: serverguide/C/mail.xml:923(para)
20834
20833
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20838
#: serverguide/C/mail.xml:870(para)
20837
#: serverguide/C/mail.xml:929(para)
20840
20839
"For instructions on installing and configuring Postfix refer to <xref "
20841
20840
"linkend=\"postfix\"/>"
20844
#: serverguide/C/mail.xml:876(para)
20843
#: serverguide/C/mail.xml:935(para)
20845
20844
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20848
#: serverguide/C/mail.xml:879(para)
20847
#: serverguide/C/mail.xml:938(para)
20850
20849
"Once exim4 is installed, the configuration files are stored in the "
20851
20850
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20923
20922
"available/mailman.conf</filename> file if you wish to change this behavior."
20926
#: serverguide/C/mail.xml:948(para)
20925
#: serverguide/C/mail.xml:1007(para)
20928
20927
"For <application>Postfix</application> integration, we will associate the "
20929
20928
"domain lists.example.com with the mailing lists. Please replace "
20930
20929
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20933
#: serverguide/C/mail.xml:952(para)
20932
#: serverguide/C/mail.xml:1011(para)
20935
20934
"You can use the postconf command to add the necessary configuration to "
20936
20935
"<filename>/etc/postfix/main.cf</filename>:"
20939
#: serverguide/C/mail.xml:956(command)
20938
#: serverguide/C/mail.xml:1015(command)
20940
20939
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20943
#: serverguide/C/mail.xml:957(command)
20942
#: serverguide/C/mail.xml:1016(command)
20944
20943
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20947
#: serverguide/C/mail.xml:958(command)
20946
#: serverguide/C/mail.xml:1017(command)
20948
20947
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20951
#: serverguide/C/mail.xml:960(para)
20950
#: serverguide/C/mail.xml:1019(para)
20953
20952
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20954
20953
"the following transport:"
20957
#: serverguide/C/mail.xml:963(programlisting)
20956
#: serverguide/C/mail.xml:1022(programlisting)
20963
20962
" ${nexthop} ${user}\n"
20966
#: serverguide/C/mail.xml:968(para)
20965
#: serverguide/C/mail.xml:1027(para)
20968
20967
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20969
20968
"is delivered to a list."
20972
#: serverguide/C/mail.xml:971(para)
20971
#: serverguide/C/mail.xml:1030(para)
20974
20973
"Associate the domain lists.example.com to the Mailman transport with the "
20975
20974
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20978
#: serverguide/C/mail.xml:974(programlisting)
20977
#: serverguide/C/mail.xml:1033(programlisting)
20982
20981
"lists.example.com mailman:\n"
20985
#: serverguide/C/mail.xml:977(para)
20984
#: serverguide/C/mail.xml:1036(para)
20987
20986
"Now have <application>Postfix</application> build the transport map by "
20988
20987
"entering the following from a terminal prompt:"
20991
#: serverguide/C/mail.xml:981(command)
20990
#: serverguide/C/mail.xml:1040(command)
20992
20991
msgid "sudo postmap -v /etc/postfix/transport"
20995
#: serverguide/C/mail.xml:983(para)
20994
#: serverguide/C/mail.xml:1042(para)
20996
20995
msgid "Then restart Postfix to enable the new configurations:"
20999
#: serverguide/C/mail.xml:992(para)
20998
#: serverguide/C/mail.xml:1051(para)
21001
21000
"Once Exim4 is installed, you can start the Exim server using the following "
21002
21001
"command from a terminal prompt:"
21005
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21004
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21009
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21008
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21010
21009
msgid "Transport"
21013
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21012
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21014
21013
msgid "Router"
21017
#: serverguide/C/mail.xml:999(para)
21016
#: serverguide/C/mail.xml:1058(para)
21019
21018
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21020
21019
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21284
21283
"spf</application>."
21287
#: serverguide/C/mail.xml:1251(para)
21286
#: serverguide/C/mail.xml:1310(para)
21289
21288
"<application>Amavisd-new</application> is a wrapper program that can call "
21290
21289
"any number of content filtering programs for spam detection, antivirus, etc."
21293
#: serverguide/C/mail.xml:1257(para)
21292
#: serverguide/C/mail.xml:1316(para)
21295
21294
"<application>Spamassassin</application> uses a variety of mechanisms to "
21296
21295
"filter email based on the message content."
21299
#: serverguide/C/mail.xml:1262(para)
21298
#: serverguide/C/mail.xml:1321(para)
21301
21300
"<application>ClamAV</application> is an open source antivirus application."
21304
#: serverguide/C/mail.xml:1267(para)
21303
#: serverguide/C/mail.xml:1326(para)
21306
21305
"<application>opendkim</application> implements a Sendmail Mail Filter "
21307
21306
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21310
#: serverguide/C/mail.xml:1273(para)
21309
#: serverguide/C/mail.xml:1332(para)
21312
21311
"<application>python-policyd-spf</application> enables Sender Policy "
21313
21312
"Framework (SPF) checking with <application>Postfix</application>."
21316
#: serverguide/C/mail.xml:1278(para)
21315
#: serverguide/C/mail.xml:1337(para)
21317
21316
msgid "This is how the pieces fit together:"
21320
#: serverguide/C/mail.xml:1283(para)
21319
#: serverguide/C/mail.xml:1342(para)
21321
21320
msgid "An email message is accepted by <application>Postfix</application>."
21324
#: serverguide/C/mail.xml:1288(para)
21323
#: serverguide/C/mail.xml:1347(para)
21326
21325
"The message is passed through any external filters "
21327
21326
"<application>opendkim</application> and <application>python-policyd-"
21328
21327
"spf</application> in this case."
21331
#: serverguide/C/mail.xml:1294(para)
21330
#: serverguide/C/mail.xml:1353(para)
21332
21331
msgid "<application>Amavisd-new</application> then processes the message."
21335
#: serverguide/C/mail.xml:1299(para)
21334
#: serverguide/C/mail.xml:1358(para)
21337
21336
"<application>ClamAV</application> is used to scan the message. If the "
21338
21337
"message contains a virus <application>Postfix</application> will reject the "
21342
#: serverguide/C/mail.xml:1305(para)
21341
#: serverguide/C/mail.xml:1364(para)
21344
21343
"Clean messages will then be analyzed by "
21345
21344
"<application>Spamassassin</application> to find out if the message is spam. "
21360
#: serverguide/C/mail.xml:1319(para)
21359
#: serverguide/C/mail.xml:1378(para)
21362
21361
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21363
21362
"configuring Postfix."
21366
#: serverguide/C/mail.xml:1322(para)
21365
#: serverguide/C/mail.xml:1381(para)
21368
21367
"To install the rest of the applications enter the following from a terminal "
21372
#: serverguide/C/mail.xml:1326(command)
21371
#: serverguide/C/mail.xml:1385(command)
21373
21372
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21376
#: serverguide/C/mail.xml:1327(command)
21375
#: serverguide/C/mail.xml:1386(command)
21377
21376
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21380
#: serverguide/C/mail.xml:1329(para)
21379
#: serverguide/C/mail.xml:1388(para)
21382
21381
"There are some optional packages that integrate with "
21383
21382
"<application>Spamassassin</application> for better spam detection:"
21386
#: serverguide/C/mail.xml:1333(command)
21385
#: serverguide/C/mail.xml:1392(command)
21387
21386
msgid "sudo apt-get install pyzor razor"
21390
#: serverguide/C/mail.xml:1335(para)
21389
#: serverguide/C/mail.xml:1394(para)
21392
21391
"Along with the main filtering applications compression utilities are needed "
21393
21392
"to process some email attachments:"
21396
#: serverguide/C/mail.xml:1339(command)
21395
#: serverguide/C/mail.xml:1398(command)
21398
21397
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21401
#: serverguide/C/mail.xml:1342(para)
21400
#: serverguide/C/mail.xml:1401(para)
21403
21402
"If some packages are not found, check that the "
21404
21403
"<emphasis>multiverse</emphasis> repository is enabled in "
21405
21404
"<filename>/etc/apt/sources.list</filename>"
21408
#: serverguide/C/mail.xml:1343(para)
21407
#: serverguide/C/mail.xml:1402(para)
21410
21409
"If you make changes to the file, be sure to run <command>sudo apt-get "
21411
21410
"update</command> before trying to install again."
21414
#: serverguide/C/mail.xml:1348(para)
21413
#: serverguide/C/mail.xml:1407(para)
21415
21414
msgid "Now configure everything to work together and filter email."
21418
#: serverguide/C/mail.xml:1352(title)
21417
#: serverguide/C/mail.xml:1411(title)
21419
21418
msgid "ClamAV"
21422
#: serverguide/C/mail.xml:1353(para)
21421
#: serverguide/C/mail.xml:1412(para)
21424
21423
"The default behaviour of <application>ClamAV</application> will fit our "
21425
21424
"needs. For more ClamAV configuration options, check the configuration files "
21426
21425
"in <filename>/etc/clamav</filename>."
21429
#: serverguide/C/mail.xml:1358(para)
21428
#: serverguide/C/mail.xml:1417(para)
21431
21430
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21432
21431
"group in order for <application>Amavisd-new</application> to have the "
21433
21432
"appropriate access to scan files:"
21436
#: serverguide/C/mail.xml:1363(command)
21435
#: serverguide/C/mail.xml:1422(command)
21437
21436
msgid "sudo adduser clamav amavis"
21440
#: serverguide/C/mail.xml:1364(command)
21439
#: serverguide/C/mail.xml:1423(command)
21441
21440
msgid "sudo adduser amavis clamav"
21444
#: serverguide/C/mail.xml:1368(title)
21443
#: serverguide/C/mail.xml:1427(title)
21445
21444
msgid "Spamassassin"
21448
#: serverguide/C/mail.xml:1369(para)
21447
#: serverguide/C/mail.xml:1428(para)
21450
21449
"Spamassassin automatically detects optional components and will use them if "
21451
21450
"they are present. This means that there is no need to configure "
21452
21451
"<application>pyzor</application> and <application>razor</application>."
21455
#: serverguide/C/mail.xml:1373(para)
21454
#: serverguide/C/mail.xml:1432(para)
21457
21456
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21458
21457
"<application>Spamassassin</application> daemon. Change "
21459
21458
"<emphasis>ENABLED=0</emphasis> to:"
21462
#: serverguide/C/mail.xml:1377(programlisting)
21461
#: serverguide/C/mail.xml:1436(programlisting)
21466
21465
"ENABLED=1\n"
21469
#: serverguide/C/mail.xml:1380(para)
21468
#: serverguide/C/mail.xml:1439(para)
21470
21469
msgid "Now start the daemon:"
21594
21593
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21597
#: serverguide/C/mail.xml:1470(para)
21596
#: serverguide/C/mail.xml:1528(para)
21598
21597
msgid "There are multiple ways to configure the Whitelist for a domain:"
21601
#: serverguide/C/mail.xml:1476(para)
21600
#: serverguide/C/mail.xml:1534(para)
21603
21602
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21604
21603
"address from the \"example.com\" domain."
21607
#: serverguide/C/mail.xml:1481(para)
21606
#: serverguide/C/mail.xml:1539(para)
21609
21608
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21610
21609
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21611
21610
"have a valid signature."
21614
#: serverguide/C/mail.xml:1487(para)
21613
#: serverguide/C/mail.xml:1545(para)
21616
21615
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21617
21616
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21618
21617
"role=\"italic\">example.com</emphasis> the parent domain."
21621
#: serverguide/C/mail.xml:1493(para)
21620
#: serverguide/C/mail.xml:1551(para)
21623
21622
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21624
21623
"that have a valid signature from \"example.com\". This is usually used for "
21625
21624
"discussion groups that sign their messages."
21628
#: serverguide/C/mail.xml:1500(para)
21627
#: serverguide/C/mail.xml:1558(para)
21630
21629
"A domain can also have multiple Whitelist configurations. After editing the "
21631
21630
"file, restart <application>amavisd-new</application>:"
21634
#: serverguide/C/mail.xml:1510(para)
21633
#: serverguide/C/mail.xml:1568(para)
21636
21635
"In this context, once a domain has been added to the Whitelist the message "
21637
21636
"will not receive any anti-virus or spam filtering. This may or may not be "
21638
21637
"the intended behavior you wish for a domain."
21641
#: serverguide/C/mail.xml:1520(para)
21640
#: serverguide/C/mail.xml:1578(para)
21643
21642
"For <application>Postfix</application> integration, enter the following from "
21644
21643
"a terminal prompt:"
21647
#: serverguide/C/mail.xml:1524(command)
21646
#: serverguide/C/mail.xml:1582(command)
21648
21647
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21651
#: serverguide/C/mail.xml:1526(para)
21650
#: serverguide/C/mail.xml:1584(para)
21653
21652
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21654
21653
"to the end of the file:"
21856
21855
"back to normal."
21859
#: serverguide/C/mail.xml:1689(para)
21858
#: serverguide/C/mail.xml:1747(para)
21860
21859
msgid "For more information on filtering mail see the following links:"
21863
#: serverguide/C/mail.xml:1695(ulink)
21862
#: serverguide/C/mail.xml:1753(ulink)
21864
21863
msgid "Amavisd-new Documentation"
21867
#: serverguide/C/mail.xml:1699(para)
21866
#: serverguide/C/mail.xml:1757(para)
21869
21868
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21870
21869
"Documentation</ulink> and <ulink "
21871
21870
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21874
#: serverguide/C/mail.xml:1706(ulink)
21873
#: serverguide/C/mail.xml:1764(ulink)
21875
21874
msgid "Spamassassin Wiki"
21878
#: serverguide/C/mail.xml:1711(ulink)
21877
#: serverguide/C/mail.xml:1769(ulink)
21879
21878
msgid "Pyzor Homepage"
21882
#: serverguide/C/mail.xml:1716(ulink)
21881
#: serverguide/C/mail.xml:1774(ulink)
21883
21882
msgid "Razor Homepage"
21886
#: serverguide/C/mail.xml:1721(ulink)
21885
#: serverguide/C/mail.xml:1779(ulink)
21887
21886
msgid "DKIM.org"
21890
#: serverguide/C/mail.xml:1726(ulink)
21889
#: serverguide/C/mail.xml:1784(ulink)
21891
21890
msgid "Postfix Amavis New"
21894
#: serverguide/C/mail.xml:1730(para)
21893
#: serverguide/C/mail.xml:1788(para)
21896
21895
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21897
21896
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22140
22138
#: serverguide/C/lamp-applications.xml:214(para)
22139
msgid "The version in the above example is determined by running:"
22142
#: serverguide/C/lamp-applications.xml:218(programlisting)
22146
"$ moin --version\n"
22149
#: serverguide/C/lamp-applications.xml:222(para)
22150
msgid "If the output shows version 1.9.7, your second line should be:"
22153
#: serverguide/C/lamp-applications.xml:226(programlisting)
22157
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
22160
#: serverguide/C/lamp-applications.xml:230(para)
22142
22162
"Once you configure the <application>apache2</application> web server and "
22143
"make it ready for your Wiki application, you should restart it. You can run "
22163
"make it ready for your wiki application, you should restart it. You can run "
22144
22164
"the following command to restart the <application>apache2</application> web "
22148
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
22168
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1315(title)
22149
22169
msgid "Verification"
22152
#: serverguide/C/lamp-applications.xml:229(para)
22172
#: serverguide/C/lamp-applications.xml:245(para)
22154
22174
"You can verify the Wiki application and see if it works by pointing your web "
22155
22175
"browser to the following URL:"
22158
#: serverguide/C/lamp-applications.xml:233(programlisting)
22178
#: serverguide/C/lamp-applications.xml:249(programlisting)
22162
22182
"http://localhost/mywiki\n"
22165
#: serverguide/C/lamp-applications.xml:237(para)
22185
#: serverguide/C/lamp-applications.xml:253(para)
22167
22187
"For more details, please refer to the <ulink "
22168
22188
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
22171
#: serverguide/C/lamp-applications.xml:248(para)
22191
#: serverguide/C/lamp-applications.xml:264(para)
22173
22193
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
22174
22194
"Wiki</ulink>."
22177
#: serverguide/C/lamp-applications.xml:253(para)
22197
#: serverguide/C/lamp-applications.xml:269(para)
22179
22199
"Also, see the <ulink "
22180
22200
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
22181
22201
"MoinMoin</ulink> page."
22184
#: serverguide/C/lamp-applications.xml:262(title)
22204
#: serverguide/C/lamp-applications.xml:278(title)
22185
22205
msgid "MediaWiki"
22188
#: serverguide/C/lamp-applications.xml:264(para)
22208
#: serverguide/C/lamp-applications.xml:280(para)
22190
22210
"MediaWiki is an web based Wiki software written in the PHP language. It can "
22191
22211
"either use <application>MySQL</application> or "
22192
22212
"<application>PostgreSQL</application> Database Management System."
22195
#: serverguide/C/lamp-applications.xml:274(para)
22215
#: serverguide/C/lamp-applications.xml:290(para)
22197
22217
"Before installing <application>MediaWiki</application> you should also "
22198
22218
"install <application>Apache2</application>, the "
22259
22279
"config/index.php</ulink> if your server has no GUI.)"
22262
#: serverguide/C/lamp-applications.xml:334(para)
22282
#: serverguide/C/lamp-applications.xml:350(para)
22264
22284
"Please read the <quote>Environmental checks</quote> section of the "
22265
22285
"configuration page. You should be able to fix many issues by carefully "
22266
22286
"reading this section."
22269
#: serverguide/C/lamp-applications.xml:330(para)
22289
#: serverguide/C/lamp-applications.xml:357(para)
22271
22291
"Once the configuration is complete, you should copy the "
22272
22292
"<filename>LocalSettings.php</filename> file to "
22273
22293
"<filename>/etc/mediawiki</filename> directory:"
22276
#: serverguide/C/lamp-applications.xml:337(command)
22296
#: serverguide/C/lamp-applications.xml:364(command)
22277
22297
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22280
#: serverguide/C/lamp-applications.xml:340(para)
22300
#: serverguide/C/lamp-applications.xml:367(para)
22282
22302
"You may also want to edit "
22283
22303
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22284
22304
"memory limit (disabled by default):"
22287
#: serverguide/C/lamp-applications.xml:345(programlisting)
22307
#: serverguide/C/lamp-applications.xml:372(programlisting)
22291
22311
"ini_set( 'memory_limit', '64M' );\n"
22294
#: serverguide/C/lamp-applications.xml:352(title)
22314
#: serverguide/C/lamp-applications.xml:379(title)
22295
22315
msgid "Extensions"
22298
#: serverguide/C/lamp-applications.xml:353(para)
22318
#: serverguide/C/lamp-applications.xml:380(para)
22300
22320
"The extensions add new features and enhancements for the MediaWiki "
22301
22321
"application. The extensions give wiki administrators and end users the "
22302
22322
"ability to customize MediaWiki to their requirements."
22305
#: serverguide/C/lamp-applications.xml:359(para)
22325
#: serverguide/C/lamp-applications.xml:386(para)
22307
22327
"You can download MediaWiki extensions as an archive file or checkout from "
22308
22328
"the Subversion repository. You should copy it to "
22311
22331
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
22314
#: serverguide/C/lamp-applications.xml:367(programlisting)
22334
#: serverguide/C/lamp-applications.xml:394(programlisting)
22318
22338
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
22321
#: serverguide/C/lamp-applications.xml:377(para)
22341
#: serverguide/C/lamp-applications.xml:404(para)
22323
22343
"For more details, please refer to the <ulink "
22324
22344
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22327
#: serverguide/C/lamp-applications.xml:394(para)
22347
#: serverguide/C/lamp-applications.xml:410(para)
22329
22349
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22330
22350
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22331
22351
"new MediaWiki administrators."
22334
#: serverguide/C/lamp-applications.xml:389(para)
22354
#: serverguide/C/lamp-applications.xml:416(para)
22336
22356
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
22337
22357
"Wiki MediaWiki</ulink> page is a good resource."
22340
#: serverguide/C/lamp-applications.xml:399(title)
22360
#: serverguide/C/lamp-applications.xml:426(title)
22341
22361
msgid "phpMyAdmin"
22344
#: serverguide/C/lamp-applications.xml:401(para)
22364
#: serverguide/C/lamp-applications.xml:428(para)
22346
22366
"<application>phpMyAdmin</application> is a LAMP application specifically "
22347
22367
"written for administering <application>MySQL</application> servers. Written "
22416
22436
"remote database."
22419
#: serverguide/C/lamp-applications.xml:462(para)
22439
#: serverguide/C/lamp-applications.xml:489(para)
22421
22441
"Once configured, log out of <application>phpMyAdmin</application> and back "
22422
22442
"in, and you should be accessing the new server."
22425
#: serverguide/C/lamp-applications.xml:466(para)
22445
#: serverguide/C/lamp-applications.xml:493(para)
22427
22447
"The <filename>config.header.inc.php</filename> and "
22428
22448
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22429
22449
"header and footer to <application>phpMyAdmin</application>."
22432
#: serverguide/C/lamp-applications.xml:471(para)
22452
#: serverguide/C/lamp-applications.xml:498(para)
22434
22454
"Another important configuration file is "
22435
22455
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22436
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22437
"configure <application>Apache2</application> to serve the "
22438
"<application>phpMyAdmin</application> site. The file contains directives for "
22439
"loading <application>PHP</application>, directory permissions, etc. For more "
22440
"information on configuring <application>Apache2</application> see <xref "
22441
"linkend=\"httpd\"/>."
22444
#: serverguide/C/lamp-applications.xml:485(para)
22456
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22457
"enabled, is used to configure <application>Apache2</application> to serve "
22458
"the <application>phpMyAdmin</application> site. The file contains directives "
22459
"for loading <application>PHP</application>, directory permissions, etc. From "
22463
#: serverguide/C/lamp-applications.xml:506(command)
22465
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22466
"available/phpmyadmin.conf"
22469
#: serverguide/C/lamp-applications.xml:507(command)
22470
msgid "sudo a2enconf phpmyadmin.conf"
22473
#: serverguide/C/lamp-applications.xml:511(para)
22475
"For more information on configuring <application>Apache2</application> see "
22476
"<xref linkend=\"httpd\"/>."
22479
#: serverguide/C/lamp-applications.xml:522(para)
22446
22481
"The <application>phpMyAdmin</application> documentation comes installed with "
22447
22482
"the package and can be accessed from the <emphasis>phpMyAdmin "
22450
22485
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22453
#: serverguide/C/lamp-applications.xml:492(para)
22488
#: serverguide/C/lamp-applications.xml:529(para)
22455
22490
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22456
22491
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22459
#: serverguide/C/lamp-applications.xml:497(para)
22494
#: serverguide/C/lamp-applications.xml:534(para)
22461
22496
"A third resource is the <ulink "
22462
22497
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22463
22498
"Wiki</ulink> page."
22466
#: serverguide/C/lamp-applications.xml:517(title)
22501
#: serverguide/C/lamp-applications.xml:543(title)
22467
22502
msgid "WordPress"
22470
#: serverguide/C/lamp-applications.xml:518(para)
22505
#: serverguide/C/lamp-applications.xml:544(para)
22472
22507
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22473
22508
"licensed under the GNU GPLv2."
22476
#: serverguide/C/lamp-applications.xml:524(para)
22511
#: serverguide/C/lamp-applications.xml:550(para)
22478
22513
"To install <application>WordPress</application>, run the following comand in "
22479
22514
"the command prompt:"
22482
#: serverguide/C/lamp-applications.xml:529(command)
22517
#: serverguide/C/lamp-applications.xml:555(command)
22483
22518
msgid "sudo apt-get install wordpress"
22486
#: serverguide/C/lamp-applications.xml:532(para)
22521
#: serverguide/C/lamp-applications.xml:558(para)
22488
22523
"You should also install <application>apache2</application> web server and "
22489
22524
"<application>mysql</application> server. For installing "
22665
22700
#: serverguide/C/introduction.xml:31(para)
22667
22702
"There are a couple of different ways that Ubuntu Server Edition is "
22668
"supported, commercial support and community support. The main commercial "
22669
"support (and development funding) is available from Canonical Ltd. They "
22670
"supply reasonably priced support contracts on a per desktop or per server "
22703
"supported: commercial support and community support. The main commercial "
22704
"support (and development funding) is available from Canonical, Ltd. They "
22705
"supply reasonably- priced support contracts on a per desktop or per server "
22671
22706
"basis. For more information see the <ulink "
22672
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22707
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22676
#: serverguide/C/introduction.xml:38(para)
22710
#: serverguide/C/introduction.xml:40(para)
22678
"Community support is also provided by dedicated individuals, and companies, "
22712
"Community support is also provided by dedicated individuals and companies "
22679
22713
"that wish to make Ubuntu the best distribution possible. Support is provided "
22680
22714
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22681
22715
"large amount of information available can be overwhelming, but a good search "
22924
22958
msgid "Next, the installer asks for the system's hostname."
22927
#: serverguide/C/installation.xml:195(para)
22961
#: serverguide/C/installation.xml:184(para)
22929
22963
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22930
22964
"through the <application>sudo</application> utility."
22933
#: serverguide/C/installation.xml:201(para)
22967
#: serverguide/C/installation.xml:190(para)
22935
"After the user settings have been completed, you will be asked to encrypt "
22936
"your <filename role=\"directory\">home</filename> directory."
22969
"After the user settings have been completed, you will be asked if you want "
22970
"to encrypt your <filename role=\"directory\">home</filename> directory."
22939
22973
#: serverguide/C/installation.xml:196(para)
22940
22974
msgid "Next, the installer asks for the system's Time Zone."
22943
#: serverguide/C/installation.xml:182(para)
22977
#: serverguide/C/installation.xml:201(para)
22945
22979
"You can then choose from several options to configure the hard drive layout. "
22946
"Afterwards you are asked for which disk to install to. You may get "
22947
"confirmation prompts before rewriting the partition table or setting up LVM "
22948
"depending on disk layout. If you choose LVM, you will be asked for the size "
22949
"of the root logical volume. For advanced disk options see <xref "
22950
"linkend=\"advanced-installation\"/>."
22980
"Afterwards you are asked which disk to install to. You may get confirmation "
22981
"prompts before rewriting the partition table or setting up LVM depending on "
22982
"disk layout. If you choose LVM, you will be asked for the size of the root "
22983
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
22984
"installation\"/>."
22953
#: serverguide/C/installation.xml:190(para)
22987
#: serverguide/C/installation.xml:209(para)
22954
22988
msgid "The Ubuntu base system is then installed."
22957
#: serverguide/C/installation.xml:207(para)
22991
#: serverguide/C/installation.xml:214(para)
22959
22993
"The next step in the installation process is to decide how you want to "
22960
22994
"update the system. There are three options:"
22963
#: serverguide/C/installation.xml:213(para)
22997
#: serverguide/C/installation.xml:220(para)
22965
22999
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
22966
23000
"log into the machine and manually install updates."
22969
#: serverguide/C/installation.xml:219(para)
23003
#: serverguide/C/installation.xml:226(para)
22971
23005
"<emphasis>Install security updates automatically</emphasis>: this will "
22972
23006
"install the <application>unattended-upgrades</application> package, which "
23015
23049
"Installation Guide</ulink>."
23018
#: serverguide/C/installation.xml:265(title)
23052
#: serverguide/C/installation.xml:272(title)
23019
23053
msgid "Package Tasks"
23022
#: serverguide/C/installation.xml:266(para)
23056
#: serverguide/C/installation.xml:273(para)
23024
23058
"During the Server Edition installation you have the option of installing "
23025
23059
"additional packages from the CD. The packages are grouped by the type of "
23026
23060
"service they provide."
23029
#: serverguide/C/installation.xml:272(para)
23063
#: serverguide/C/installation.xml:279(para)
23030
23064
msgid "DNS server: Selects the BIND DNS server and its documentation."
23033
#: serverguide/C/installation.xml:277(para)
23067
#: serverguide/C/installation.xml:284(para)
23034
23068
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23037
#: serverguide/C/installation.xml:282(para)
23071
#: serverguide/C/installation.xml:289(para)
23039
23073
"Mail server: This task selects a variety of packages useful for a general "
23040
23074
"purpose mail server system."
23043
#: serverguide/C/installation.xml:287(para)
23077
#: serverguide/C/installation.xml:294(para)
23044
23078
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23047
#: serverguide/C/installation.xml:292(para)
23081
#: serverguide/C/installation.xml:299(para)
23049
23083
"PostgreSQL database: This task selects client and server packages for the "
23050
23084
"PostgreSQL database."
23053
#: serverguide/C/installation.xml:297(para)
23087
#: serverguide/C/installation.xml:304(para)
23054
23088
msgid "Print server: This task sets up your system to be a print server."
23057
#: serverguide/C/installation.xml:302(para)
23091
#: serverguide/C/installation.xml:309(para)
23059
23093
"Samba File server: This task sets up your system to be a Samba file server, "
23060
23094
"which is especially suitable in networks with both Windows and Linux systems."
23063
#: serverguide/C/installation.xml:308(para)
23097
#: serverguide/C/installation.xml:315(para)
23064
23098
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23067
#: serverguide/C/installation.xml:313(para)
23101
#: serverguide/C/installation.xml:320(para)
23069
23103
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23072
#: serverguide/C/installation.xml:318(para)
23106
#: serverguide/C/installation.xml:325(para)
23074
23108
"Manually select packages: Executes <application>aptitude</application> "
23075
23109
"allowing you to individually select packages."
23078
#: serverguide/C/installation.xml:323(para)
23112
#: serverguide/C/installation.xml:330(para)
23080
23114
"Installing the package groups is accomplished using the "
23081
23115
"<application>tasksel</application> utility. One of the important differences "
23170
23204
"system configuration changes sometimes needed between releases."
23173
#: serverguide/C/installation.xml:385(para)
23207
#: serverguide/C/installation.xml:392(para)
23174
23208
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23177
#: serverguide/C/installation.xml:391(para)
23211
#: serverguide/C/installation.xml:398(para)
23179
23213
"It is also possible to use <application>do-release-upgrade</application> to "
23180
23214
"upgrade to a development version of Ubuntu. To accomplish this use the "
23181
23215
"<emphasis>-d</emphasis> switch:"
23184
#: serverguide/C/installation.xml:396(command)
23218
#: serverguide/C/installation.xml:403(command)
23185
23219
msgid "do-release-upgrade -d"
23188
#: serverguide/C/installation.xml:399(para)
23222
#: serverguide/C/installation.xml:406(para)
23190
23224
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23191
23225
"for production environments."
23194
#: serverguide/C/installation.xml:406(title)
23228
#: serverguide/C/installation.xml:413(title)
23195
23229
msgid "Advanced Installation"
23198
#: serverguide/C/installation.xml:409(title)
23232
#: serverguide/C/installation.xml:416(title)
23199
23233
msgid "Software RAID"
23202
#: serverguide/C/installation.xml:411(para)
23236
#: serverguide/C/installation.xml:418(para)
23204
23238
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23205
23239
"disks to provide different balances of increasing data reliability and/or "
23220
23254
"another for <emphasis>swap</emphasis>."
23223
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23257
#: serverguide/C/installation.xml:434(title)
23224
23258
msgid "Partitioning"
23227
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23261
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23229
23263
"Follow the installation steps until you get to the <emphasis>Partition "
23230
23264
"disks</emphasis> step, then:"
23233
#: serverguide/C/installation.xml:436(para)
23267
#: serverguide/C/installation.xml:443(para)
23234
23268
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23237
#: serverguide/C/installation.xml:443(para)
23271
#: serverguide/C/installation.xml:450(para)
23239
23273
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23240
23274
"partition table on this device?\"</emphasis>."
23243
#: serverguide/C/installation.xml:447(para)
23277
#: serverguide/C/installation.xml:454(para)
23245
23279
"Repeat this step for each drive you wish to be part of the RAID array."
23248
#: serverguide/C/installation.xml:454(para)
23282
#: serverguide/C/installation.xml:461(para)
23250
23284
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23251
23285
"select <emphasis>\"Create a new partition\"</emphasis>."
23254
#: serverguide/C/installation.xml:461(para)
23288
#: serverguide/C/installation.xml:468(para)
23256
23290
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23257
23291
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23297
23331
"<emphasis>\"Done setting up partition\"</emphasis>."
23300
#: serverguide/C/installation.xml:511(para)
23334
#: serverguide/C/installation.xml:518(para)
23301
23335
msgid "Repeat steps three through eight for the other disk and partitions."
23304
#: serverguide/C/installation.xml:520(title)
23338
#: serverguide/C/installation.xml:527(title)
23305
23339
msgid "RAID Configuration"
23308
#: serverguide/C/installation.xml:522(para)
23342
#: serverguide/C/installation.xml:529(para)
23309
23343
msgid "With the partitions setup the arrays are ready to be configured:"
23312
#: serverguide/C/installation.xml:529(para)
23346
#: serverguide/C/installation.xml:536(para)
23314
23348
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23315
23349
"Software RAID\"</emphasis> at the top."
23318
#: serverguide/C/installation.xml:536(para)
23352
#: serverguide/C/installation.xml:543(para)
23319
23353
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23322
#: serverguide/C/installation.xml:543(para)
23356
#: serverguide/C/installation.xml:550(para)
23323
23357
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23326
#: serverguide/C/installation.xml:550(para)
23360
#: serverguide/C/installation.xml:557(para)
23328
23362
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23329
23363
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23332
#: serverguide/C/installation.xml:556(para)
23366
#: serverguide/C/installation.xml:563(para)
23334
23368
"In order to use <emphasis>RAID5</emphasis> you need at least "
23335
23369
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23336
23370
"<emphasis>two</emphasis> drives are required."
23339
#: serverguide/C/installation.xml:565(para)
23373
#: serverguide/C/installation.xml:572(para)
23341
23375
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23342
23376
"of hard drives you have, for the array. Then select "
23343
23377
"<emphasis>\"Continue\"</emphasis>."
23346
#: serverguide/C/installation.xml:573(para)
23380
#: serverguide/C/installation.xml:580(para)
23348
23382
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23349
23383
"default, then choose <emphasis>\"Continue\"</emphasis>."
23352
#: serverguide/C/installation.xml:580(para)
23386
#: serverguide/C/installation.xml:587(para)
23354
23388
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23355
23389
"etc. The numbers will usually match and the different letters correspond to "
23356
23390
"different hard drives."
23359
#: serverguide/C/installation.xml:585(para)
23393
#: serverguide/C/installation.xml:592(para)
23361
23395
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23362
23396
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23363
23397
"go to the next step."
23366
#: serverguide/C/installation.xml:593(para)
23400
#: serverguide/C/installation.xml:600(para)
23368
23402
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23369
23403
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23370
23404
"and <emphasis>sdb2</emphasis>."
23373
#: serverguide/C/installation.xml:601(para)
23407
#: serverguide/C/installation.xml:608(para)
23374
23408
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23377
#: serverguide/C/installation.xml:611(title)
23411
#: serverguide/C/installation.xml:618(title)
23378
23412
msgid "Formatting"
23381
#: serverguide/C/installation.xml:613(para)
23415
#: serverguide/C/installation.xml:620(para)
23383
23417
"There should now be a list of hard drives and RAID devices. The next step is "
23384
23418
"to format and set the mount point for the RAID devices. Treat the RAID "
23385
23419
"device as a local hard drive, format and mount accordingly."
23388
#: serverguide/C/installation.xml:621(para)
23422
#: serverguide/C/installation.xml:628(para)
23390
23424
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23391
23425
"#0\"</emphasis> partition."
23394
#: serverguide/C/installation.xml:628(para)
23428
#: serverguide/C/installation.xml:635(para)
23396
23430
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23397
23431
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23400
#: serverguide/C/installation.xml:636(para)
23434
#: serverguide/C/installation.xml:643(para)
23402
23436
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23403
23437
"#1\"</emphasis> partition."
23406
#: serverguide/C/installation.xml:643(para)
23440
#: serverguide/C/installation.xml:650(para)
23408
23442
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23409
23443
"journaling file system\"</emphasis>."
23412
#: serverguide/C/installation.xml:650(para)
23446
#: serverguide/C/installation.xml:657(para)
23414
23448
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23415
23449
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23417
23451
"partition\"</emphasis>."
23420
#: serverguide/C/installation.xml:658(para)
23454
#: serverguide/C/installation.xml:665(para)
23422
23456
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23423
23457
"disk\"</emphasis>."
23426
#: serverguide/C/installation.xml:665(para)
23460
#: serverguide/C/installation.xml:672(para)
23428
23462
"If you choose to place the root partition on a RAID array, the installer "
23429
23463
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23430
23464
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23433
#: serverguide/C/installation.xml:670(para)
23467
#: serverguide/C/installation.xml:677(para)
23434
23468
msgid "The installation process will then continue normally."
23437
#: serverguide/C/installation.xml:676(title)
23471
#: serverguide/C/installation.xml:683(title)
23438
23472
msgid "Degraded RAID"
23441
#: serverguide/C/installation.xml:678(para)
23475
#: serverguide/C/installation.xml:685(para)
23443
23477
"At some point in the life of the computer a disk failure event may occur. "
23444
23478
"When this happens, using Software RAID, the operating system will place the "
23445
23479
"array into what is known as a <emphasis>degraded</emphasis> state."
23448
#: serverguide/C/installation.xml:683(para)
23482
#: serverguide/C/installation.xml:690(para)
23450
23484
"If the array has become degraded, due to the chance of data corruption, by "
23451
23485
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23477
23511
"behavior, and can also be manually edited:"
23480
#: serverguide/C/installation.xml:713(programlisting)
23514
#: serverguide/C/installation.xml:720(programlisting)
23484
23518
"BOOT_DEGRADED=true\n"
23487
#: serverguide/C/installation.xml:718(para)
23521
#: serverguide/C/installation.xml:725(para)
23488
23522
msgid "The configuration file can be overridden by using a Kernel argument."
23491
#: serverguide/C/installation.xml:726(para)
23525
#: serverguide/C/installation.xml:733(para)
23493
23527
"Using a Kernel argument will allow the system to boot to a degraded array as "
23497
#: serverguide/C/installation.xml:732(para)
23531
#: serverguide/C/installation.xml:739(para)
23499
23533
"When the server is booting press <keycap>Shift</keycap> to open the "
23500
23534
"<application>Grub</application> menu."
23503
#: serverguide/C/installation.xml:737(para)
23537
#: serverguide/C/installation.xml:744(para)
23504
23538
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23507
#: serverguide/C/installation.xml:742(para)
23541
#: serverguide/C/installation.xml:749(para)
23508
23542
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23511
#: serverguide/C/installation.xml:747(para)
23545
#: serverguide/C/installation.xml:754(para)
23513
23547
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23514
23548
"end of the line."
23517
#: serverguide/C/installation.xml:752(para)
23551
#: serverguide/C/installation.xml:759(para)
23519
23553
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23520
23554
"the system."
23523
#: serverguide/C/installation.xml:761(para)
23557
#: serverguide/C/installation.xml:768(para)
23525
23559
"Once the system has booted you can either repair the array see <xref "
23526
23560
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23527
23561
"another machine due to major hardware failure."
23530
#: serverguide/C/installation.xml:768(title)
23564
#: serverguide/C/installation.xml:775(title)
23531
23565
msgid "RAID Maintenance"
23534
#: serverguide/C/installation.xml:770(para)
23568
#: serverguide/C/installation.xml:777(para)
23536
23570
"The <application>mdadm</application> utility can be used to view the status "
23537
23571
"of an array, add disks to an array, remove disks, etc:"
23540
#: serverguide/C/installation.xml:777(para)
23574
#: serverguide/C/installation.xml:784(para)
23541
23575
msgid "To view the status of an array, from a terminal prompt enter:"
23544
#: serverguide/C/installation.xml:781(command)
23578
#: serverguide/C/installation.xml:788(command)
23545
23579
msgid "sudo mdadm -D /dev/md0"
23548
#: serverguide/C/installation.xml:784(para)
23582
#: serverguide/C/installation.xml:791(para)
23550
23584
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23551
23585
"display <emphasis>detailed</emphasis> information about the "
23553
23587
"with the appropriate RAID device."
23556
#: serverguide/C/installation.xml:790(para)
23590
#: serverguide/C/installation.xml:797(para)
23557
23591
msgid "To view the status of a disk in an array:"
23560
#: serverguide/C/installation.xml:794(command)
23594
#: serverguide/C/installation.xml:801(command)
23561
23595
msgid "sudo mdadm -E /dev/sda1"
23564
#: serverguide/C/installation.xml:796(para)
23598
#: serverguide/C/installation.xml:803(para)
23566
23600
"The output if very similar to the <command>mdadm -D</command> command, "
23567
23601
"adjust <filename>/dev/sda1</filename> for each disk."
23570
#: serverguide/C/installation.xml:801(para)
23604
#: serverguide/C/installation.xml:808(para)
23571
23605
msgid "If a disk fails and needs to be removed from an array enter:"
23574
#: serverguide/C/installation.xml:805(command)
23608
#: serverguide/C/installation.xml:812(command)
23575
23609
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23578
#: serverguide/C/installation.xml:807(para)
23612
#: serverguide/C/installation.xml:814(para)
23580
23614
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23581
23615
"the appropriate RAID device and disk."
23584
#: serverguide/C/installation.xml:812(para)
23618
#: serverguide/C/installation.xml:819(para)
23585
23619
msgid "Similarly, to add a new disk:"
23588
#: serverguide/C/installation.xml:816(command)
23622
#: serverguide/C/installation.xml:823(command)
23589
23623
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23592
#: serverguide/C/installation.xml:821(para)
23626
#: serverguide/C/installation.xml:828(para)
23594
23628
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23595
23629
"though there is nothing physically wrong with the drive. It is usually "
23645
#: serverguide/C/installation.xml:858(command)
23679
#: serverguide/C/installation.xml:865(command)
23646
23680
msgid "sudo grub-install /dev/md0"
23649
#: serverguide/C/installation.xml:861(para)
23683
#: serverguide/C/installation.xml:868(para)
23651
23685
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23654
#: serverguide/C/installation.xml:869(para)
23688
#: serverguide/C/installation.xml:876(para)
23656
23690
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23657
23691
"can be configured. Please see the following links for more information:"
23660
#: serverguide/C/installation.xml:876(para)
23694
#: serverguide/C/installation.xml:883(para)
23662
23696
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23663
23697
"Wiki Articles on RAID</ulink>."
23666
#: serverguide/C/installation.xml:882(ulink)
23700
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23667
23701
msgid "Software RAID HOWTO"
23670
#: serverguide/C/installation.xml:887(ulink)
23704
#: serverguide/C/installation.xml:894(ulink)
23671
23705
msgid "Managing RAID on Linux"
23674
#: serverguide/C/installation.xml:894(title)
23708
#: serverguide/C/installation.xml:901(title)
23675
23709
msgid "Logical Volume Manager (LVM)"
23678
#: serverguide/C/installation.xml:896(para)
23712
#: serverguide/C/installation.xml:903(para)
23680
23714
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23681
23715
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23684
23718
"giving greater flexibility to systems as requirements change."
23687
#: serverguide/C/installation.xml:905(para)
23721
#: serverguide/C/installation.xml:912(para)
23689
23723
"A side effect of LVM's power and flexibility is a greater degree of "
23690
23724
"complication. Before diving into the LVM installation process, it is best to "
23691
23725
"get familiar with some terms."
23694
#: serverguide/C/installation.xml:912(para)
23728
#: serverguide/C/installation.xml:919(para)
23696
23730
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23697
23731
"partition or software RAID partition formatted as LVM PV."
23700
#: serverguide/C/installation.xml:918(para)
23734
#: serverguide/C/installation.xml:925(para)
23702
23736
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23703
23737
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23704
23738
"disk drive, from which one or more logical volumes are carved."
23707
#: serverguide/C/installation.xml:924(para)
23741
#: serverguide/C/installation.xml:931(para)
23709
23743
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23710
23744
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23711
23745
"etc), it is then available for mounting and data storage."
23714
#: serverguide/C/installation.xml:935(para)
23748
#: serverguide/C/installation.xml:942(para)
23716
23750
"As an example this section covers installing Ubuntu Server Edition with "
23717
23751
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23793
23827
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23796
#: serverguide/C/installation.xml:1024(para)
23830
#: serverguide/C/installation.xml:1031(para)
23798
23832
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23799
23833
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23800
23834
"the installation."
23803
#: serverguide/C/installation.xml:1032(para)
23837
#: serverguide/C/installation.xml:1039(para)
23804
23838
msgid "There are some useful utilities to view information about LVM:"
23807
#: serverguide/C/installation.xml:1037(para)
23841
#: serverguide/C/installation.xml:1044(para)
23809
23843
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23812
#: serverguide/C/installation.xml:1038(para)
23846
#: serverguide/C/installation.xml:1045(para)
23814
23848
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23817
#: serverguide/C/installation.xml:1039(para)
23851
#: serverguide/C/installation.xml:1046(para)
23819
23853
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23822
#: serverguide/C/installation.xml:1044(title)
23856
#: serverguide/C/installation.xml:1051(title)
23823
23857
msgid "Extending Volume Groups"
23826
#: serverguide/C/installation.xml:1046(para)
23860
#: serverguide/C/installation.xml:1053(para)
23828
23862
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23829
23863
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23892
23926
"first is compulsory)."
23895
#: serverguide/C/installation.xml:1112(para)
23929
#: serverguide/C/installation.xml:1119(para)
23897
23931
"The following commands are for an <emphasis>EXT3</emphasis> or "
23898
23932
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23899
23933
"there may be other utilities available."
23902
#: serverguide/C/installation.xml:1119(command)
23903
msgid "sudo e2fsck -f /dev/vg01/srv"
23906
#: serverguide/C/installation.xml:1122(para)
23908
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23909
"forces checking even if the system seems clean."
23912
#: serverguide/C/installation.xml:1129(para)
23913
msgid "Finally, resize the filesystem:"
23916
#: serverguide/C/installation.xml:1134(command)
23917
msgid "sudo resize2fs /dev/vg01/srv"
23920
#: serverguide/C/installation.xml:1140(para)
23936
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
23921
23937
msgid "Now mount the partition and check its size."
23924
#: serverguide/C/installation.xml:1145(command)
23940
#: serverguide/C/installation.xml:1136(para)
23942
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
23945
#: serverguide/C/installation.xml:1141(command)
23925
23946
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23928
#: serverguide/C/installation.xml:1157(para)
23949
#: serverguide/C/installation.xml:1153(para)
23930
23951
"See the <ulink "
23931
23952
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23932
23953
"Articles</ulink>."
23935
#: serverguide/C/installation.xml:1162(para)
23956
#: serverguide/C/installation.xml:1158(para)
23937
23958
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
23938
23959
"HOWTO</ulink> for more information."
23941
#: serverguide/C/installation.xml:1167(para)
23943
"Another good article is <ulink "
23944
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
23945
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
23946
"linuxdevcenter.com site."
23949
#: serverguide/C/installation.xml:1181(para)
23951
"For more information on <application>fdisk</application> see the <ulink "
23952
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
23953
" man page</ulink>."
23956
#: serverguide/C/installation.xml:1185(title)
23962
#: serverguide/C/installation.xml:1171(title)
23966
#: serverguide/C/installation.xml:1174(para)
23967
msgid "bla bla 4 para."
23970
#: serverguide/C/installation.xml:1179(para)
23971
msgid "bla bla 5 para."
23974
#: serverguide/C/installation.xml:1184(para)
23975
msgid "list item 1."
23978
#: serverguide/C/installation.xml:1189(para)
23979
msgid "list item 2."
23982
#: serverguide/C/installation.xml:1194(para)
23983
msgid "list item 3."
23986
#: serverguide/C/installation.xml:1199(para)
23987
msgid "bla bla para"
23990
#: serverguide/C/installation.xml:1204(para)
23991
msgid "bla bla 6 para."
23994
#: serverguide/C/installation.xml:1209(para)
23995
msgid "bla bla 7 para."
23998
#: serverguide/C/installation.xml:1214(para)
23999
msgid "bla bla 8 para."
24002
#: serverguide/C/installation.xml:1219(para)
24003
msgid "bla bla 9 para."
24006
#: serverguide/C/installation.xml:1226(title)
24010
#: serverguide/C/installation.xml:1229(title)
24014
#: serverguide/C/installation.xml:1232(title)
24018
#: serverguide/C/installation.xml:1235(title)
24022
#: serverguide/C/installation.xml:1238(title)
24026
#: serverguide/C/installation.xml:1241(title)
24030
#: serverguide/C/installation.xml:1244(title)
24034
#: serverguide/C/installation.xml:1247(title)
24038
#: serverguide/C/installation.xml:1250(title)
24042
#: serverguide/C/installation.xml:1253(title)
24046
#: serverguide/C/installation.xml:1258(title)
23957
24047
msgid "Kernel Crash Dump"
23960
#: serverguide/C/installation.xml:1192(para)
24050
#: serverguide/C/installation.xml:1265(para)
23961
24051
msgid "Kernel Panic"
23964
#: serverguide/C/installation.xml:1193(para)
24054
#: serverguide/C/installation.xml:1266(para)
23965
24055
msgid "Non Maskable Interrupts (NMI)"
23968
#: serverguide/C/installation.xml:1194(para)
24058
#: serverguide/C/installation.xml:1267(para)
23969
24059
msgid "Machine Check Exceptions (MCE)"
23972
#: serverguide/C/installation.xml:1195(para)
24062
#: serverguide/C/installation.xml:1268(para)
23973
24063
msgid "Hardware failure"
23976
#: serverguide/C/installation.xml:1196(para)
24066
#: serverguide/C/installation.xml:1269(para)
23977
24067
msgid "Manual intervention"
23980
#: serverguide/C/installation.xml:1188(para)
24070
#: serverguide/C/installation.xml:1261(para)
23982
24072
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
23983
24073
"(RAM) that is copied to disk whenever the execution of the kernel is "
24063
#: serverguide/C/installation.xml:1258(para)
24153
#: serverguide/C/installation.xml:1331(para)
24065
24155
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24066
24156
"<placeholder-1/>"
24069
#: serverguide/C/installation.xml:1268(programlisting)
24159
#: serverguide/C/installation.xml:1341(programlisting)
24073
24163
"crashkernel=384M-2G:64M,2G-:128M\n"
24076
#: serverguide/C/installation.xml:1266(para)
24166
#: serverguide/C/installation.xml:1339(para)
24078
24168
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24079
24169
"we would have : <placeholder-1/>"
24082
#: serverguide/C/installation.xml:1273(para)
24172
#: serverguide/C/installation.xml:1346(para)
24083
24173
msgid "The above value means:"
24086
#: serverguide/C/installation.xml:1275(para)
24176
#: serverguide/C/installation.xml:1348(para)
24088
24178
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24089
24179
"\"rescue\" case)"
24092
#: serverguide/C/installation.xml:1277(para)
24182
#: serverguide/C/installation.xml:1350(para)
24093
24183
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24096
#: serverguide/C/installation.xml:1278(para)
24186
#: serverguide/C/installation.xml:1351(para)
24097
24187
msgid "if the RAM size is larger than 2G, then reserve 128M"
24100
#: serverguide/C/installation.xml:1281(para)
24190
#: serverguide/C/installation.xml:1354(para)
24102
24192
"Second, verify that the kernel has reserved the requested memory area for "
24103
24193
"the kdump kernel by doing:"
24106
#: serverguide/C/installation.xml:1286(command)
24196
#: serverguide/C/installation.xml:1359(command)
24107
24197
msgid "dmesg | grep -i crash"
24110
#: serverguide/C/installation.xml:1287(computeroutput)
24200
#: serverguide/C/installation.xml:1360(computeroutput)
24750
24840
"your vendor documentation to configure your specific iSCSI target."
24753
#: serverguide/C/file-server.xml:471(title)
24843
#: serverguide/C/file-server.xml:470(title)
24754
24844
msgid "iSCSI Initiator Install"
24757
#: serverguide/C/file-server.xml:473(para)
24847
#: serverguide/C/file-server.xml:472(para)
24759
24849
"To configure Ubuntu Server as an iSCSI initiator install the "
24760
24850
"<application>open-iscsi</application> package. In a terminal enter:"
24763
#: serverguide/C/file-server.xml:478(command)
24853
#: serverguide/C/file-server.xml:477(command)
24764
24854
msgid "sudo apt-get install open-iscsi"
24767
#: serverguide/C/file-server.xml:483(title)
24857
#: serverguide/C/file-server.xml:482(title)
24768
24858
msgid "iSCSI Initiator Configuration"
24771
#: serverguide/C/file-server.xml:485(para)
24861
#: serverguide/C/file-server.xml:484(para)
24773
24863
"Once the <application>open-iscsi</application> package is installed, edit "
24774
24864
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24777
#: serverguide/C/file-server.xml:489(programlisting)
24867
#: serverguide/C/file-server.xml:488(programlisting)
24781
24871
"node.startup = automatic\n"
24784
#: serverguide/C/file-server.xml:493(para)
24874
#: serverguide/C/file-server.xml:492(para)
24786
24876
"You can check which targets are available by using the "
24787
24877
"<application>iscsiadm</application> utility. Enter the following in a "
24791
#: serverguide/C/file-server.xml:498(command)
24881
#: serverguide/C/file-server.xml:497(command)
24792
24882
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24885
#: serverguide/C/file-server.xml:501(para)
24887
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24795
24890
#: serverguide/C/file-server.xml:502(para)
24797
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24891
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24800
24894
#: serverguide/C/file-server.xml:503(para)
24801
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24804
#: serverguide/C/file-server.xml:504(para)
24805
24895
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24808
#: serverguide/C/file-server.xml:508(para)
24898
#: serverguide/C/file-server.xml:507(para)
24810
24900
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24811
24901
"your network."
24814
#: serverguide/C/file-server.xml:513(para)
24904
#: serverguide/C/file-server.xml:512(para)
24816
24906
"If the target is available you should see output similar to the following:"
24819
#: serverguide/C/file-server.xml:518(computeroutput)
24909
#: serverguide/C/file-server.xml:517(computeroutput)
24823
24913
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24826
#: serverguide/C/file-server.xml:524(para)
24916
#: serverguide/C/file-server.xml:523(para)
24828
24918
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24829
24919
"on your hardware."
24832
#: serverguide/C/file-server.xml:529(para)
24922
#: serverguide/C/file-server.xml:528(para)
24834
24924
"You should now be able to connect to the iSCSI target, and depending on your "
24835
24925
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24838
#: serverguide/C/file-server.xml:535(command)
24928
#: serverguide/C/file-server.xml:534(command)
24839
24929
msgid "sudo iscsiadm -m node --login"
24842
#: serverguide/C/file-server.xml:538(para)
24932
#: serverguide/C/file-server.xml:537(para)
24844
24934
"Check to make sure that the new disk has been detected using "
24845
24935
"<application>dmesg</application>:"
24848
#: serverguide/C/file-server.xml:543(command)
24938
#: serverguide/C/file-server.xml:542(command)
24849
24939
msgid "dmesg | grep sd"
24852
#: serverguide/C/file-server.xml:544(computeroutput)
24942
#: serverguide/C/file-server.xml:543(computeroutput)
24921
#: serverguide/C/file-server.xml:592(para)
25011
#: serverguide/C/file-server.xml:591(para)
24923
25013
"Now format the file system and mount it to <filename>/srv</filename> as an "
25017
#: serverguide/C/file-server.xml:596(command)
25018
msgid "sudo mkfs.ext4 /dev/sdb1"
24927
25021
#: serverguide/C/file-server.xml:597(command)
24928
msgid "sudo mkfs.ext4 /dev/sdb1"
24931
#: serverguide/C/file-server.xml:598(command)
24932
25022
msgid "sudo mount /dev/sdb1 /srv"
24935
#: serverguide/C/file-server.xml:602(para)
25025
#: serverguide/C/file-server.xml:601(para)
24937
25027
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
24938
25028
"drive during boot:"
24941
#: serverguide/C/file-server.xml:606(programlisting)
25031
#: serverguide/C/file-server.xml:605(programlisting)
24945
25035
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
24948
#: serverguide/C/file-server.xml:610(para)
25038
#: serverguide/C/file-server.xml:609(para)
24950
25040
"It is a good idea to make sure everything is working as expected by "
24951
25041
"rebooting the server."
24954
#: serverguide/C/file-server.xml:619(ulink)
25044
#: serverguide/C/file-server.xml:618(ulink)
24955
25045
msgid "Open-iSCSI Website"
24958
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25048
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
24959
25049
msgid "Debian Open-iSCSI page"
24962
#: serverguide/C/file-server.xml:629(title)
25052
#: serverguide/C/file-server.xml:628(title)
24963
25053
msgid "CUPS - Print Server"
24966
#: serverguide/C/file-server.xml:630(para)
25056
#: serverguide/C/file-server.xml:629(para)
24968
25058
"The primary mechanism for Ubuntu printing and print services is the "
24969
25059
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25410
25500
"ns IN A 192.168.1.10\n"
25413
#: serverguide/C/dns.xml:177(para)
25503
#: serverguide/C/dns.xml:181(para)
25415
25505
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25416
25506
"make changes to the zone file. If you make multiple changes before "
25417
25507
"restarting BIND9, simply increment the Serial once."
25420
#: serverguide/C/dns.xml:181(para)
25510
#: serverguide/C/dns.xml:185(para)
25422
25512
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25423
25513
"linkend=\"dns-record-types\"/> for details."
25426
#: serverguide/C/dns.xml:185(para)
25516
#: serverguide/C/dns.xml:189(para)
25428
25518
"Many admins like to use the last date edited as the serial of a zone, such "
25429
25519
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25430
25520
"<emphasis>ss</emphasis> is the Serial Number)"
25433
#: serverguide/C/dns.xml:190(para)
25523
#: serverguide/C/dns.xml:194(para)
25435
25525
"Once you have made changes to the zone file <application>BIND9</application> "
25436
25526
"needs to be restarted for the changes to take effect:"
25439
#: serverguide/C/dns.xml:199(title)
25529
#: serverguide/C/dns.xml:203(title)
25440
25530
msgid "Reverse Zone File"
25443
#: serverguide/C/dns.xml:200(para)
25533
#: serverguide/C/dns.xml:204(para)
25445
25535
"Now that the zone is setup and resolving names to IP Adresses a "
25446
25536
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25447
25537
"DNS to resolve an address to a name."
25450
#: serverguide/C/dns.xml:204(para)
25540
#: serverguide/C/dns.xml:208(para)
25451
25541
msgid "Edit /etc/bind/named.conf.local and add the following:"
25454
#: serverguide/C/dns.xml:207(programlisting)
25544
#: serverguide/C/dns.xml:211(programlisting)
25743
25833
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
25746
#: serverguide/C/dns.xml:418(para)
25836
#: serverguide/C/dns.xml:427(para)
25748
25838
"If you have configured <application>BIND9</application> as a "
25749
25839
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
25750
25840
"the query time:"
25753
#: serverguide/C/dns.xml:423(command)
25843
#: serverguide/C/dns.xml:432(command)
25754
25844
msgid "dig ubuntu.com"
25757
#: serverguide/C/dns.xml:425(para)
25847
#: serverguide/C/dns.xml:434(para)
25758
25848
msgid "Note the query time toward the end of the command output:"
25761
#: serverguide/C/dns.xml:428(programlisting)
25851
#: serverguide/C/dns.xml:437(programlisting)
25765
25855
";; Query time: 49 msec\n"
25768
#: serverguide/C/dns.xml:431(para)
25858
#: serverguide/C/dns.xml:440(para)
25769
25859
msgid "After a second dig there should be improvement:"
25772
#: serverguide/C/dns.xml:434(programlisting)
25862
#: serverguide/C/dns.xml:443(programlisting)
25776
25866
";; Query time: 1 msec\n"
25779
#: serverguide/C/dns.xml:441(title)
25869
#: serverguide/C/dns.xml:450(title)
25783
#: serverguide/C/dns.xml:443(para)
25873
#: serverguide/C/dns.xml:452(para)
25785
25875
"Now to demonstrate how applications make use of DNS to resolve a host name "
25786
25876
"use the <application>ping</application> utility to send an ICMP echo "
25787
25877
"request. From a terminal prompt enter:"
25790
#: serverguide/C/dns.xml:449(command)
25880
#: serverguide/C/dns.xml:458(command)
25791
25881
msgid "ping example.com"
25794
#: serverguide/C/dns.xml:451(para)
25884
#: serverguide/C/dns.xml:460(para)
25796
25886
"This tests if the nameserver can resolve the name "
25797
25887
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25798
25888
"should resemble:"
25801
#: serverguide/C/dns.xml:455(programlisting)
25891
#: serverguide/C/dns.xml:464(programlisting)
25937
#: serverguide/C/dns.xml:556(para)
26027
#: serverguide/C/dns.xml:565(para)
25939
26029
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
25940
26030
"level isn't specified level 1 is the default."
25943
#: serverguide/C/dns.xml:562(para)
26033
#: serverguide/C/dns.xml:571(para)
25945
26035
"Since the <emphasis>named daemon</emphasis> runs as the "
25946
26036
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
25947
26037
"file must be created and the ownership changed:"
25950
#: serverguide/C/dns.xml:567(command)
26040
#: serverguide/C/dns.xml:576(command)
25951
26041
msgid "sudo touch /var/log/query.log"
25954
#: serverguide/C/dns.xml:568(command)
26044
#: serverguide/C/dns.xml:577(command)
25955
26045
msgid "sudo chown bind /var/log/query.log"
25958
#: serverguide/C/dns.xml:572(para)
26048
#: serverguide/C/dns.xml:581(para)
25960
26050
"Before <application>named</application> daemon can write to the new log file "
25961
26051
"the <application>AppArmor</application> profile must be updated. First, edit "
25962
26052
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
25965
#: serverguide/C/dns.xml:576(programlisting)
26055
#: serverguide/C/dns.xml:585(programlisting)
25969
26059
"/var/log/query.log w,\n"
25972
#: serverguide/C/dns.xml:579(para)
26062
#: serverguide/C/dns.xml:588(para)
25973
26063
msgid "Next, reload the profile:"
25976
#: serverguide/C/dns.xml:583(command)
26066
#: serverguide/C/dns.xml:592(command)
25977
26067
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
25980
#: serverguide/C/dns.xml:585(para)
26070
#: serverguide/C/dns.xml:594(para)
25982
26072
"For more information on <application>AppArmor</application> see <xref "
25983
26073
"linkend=\"apparmor\"/>"
25986
#: serverguide/C/dns.xml:590(para)
26076
#: serverguide/C/dns.xml:599(para)
25988
26078
"Now restart <application>BIND9</application> for the changes to take effect:"
25991
#: serverguide/C/dns.xml:598(para)
26081
#: serverguide/C/dns.xml:607(para)
25993
26083
"You should see the file <filename>/var/log/query.log</filename> fill with "
25994
26084
"query information. This is a simple example of the "
25996
26086
"options see <xref linkend=\"dns-more-info\"/>."
25999
#: serverguide/C/dns.xml:607(title)
26089
#: serverguide/C/dns.xml:616(title)
26000
26090
msgid "Common Record Types"
26003
#: serverguide/C/dns.xml:608(para)
26093
#: serverguide/C/dns.xml:617(para)
26004
26094
msgid "This section covers some of the most common DNS record types."
26007
#: serverguide/C/dns.xml:613(para)
26097
#: serverguide/C/dns.xml:622(para)
26009
26099
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26012
#: serverguide/C/dns.xml:616(programlisting)
26102
#: serverguide/C/dns.xml:625(programlisting)
26016
26106
"www IN A 192.168.1.12\n"
26019
#: serverguide/C/dns.xml:621(para)
26109
#: serverguide/C/dns.xml:630(para)
26021
26111
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26022
26112
"record. You cannot create a CNAME record pointing to another CNAME record."
26025
#: serverguide/C/dns.xml:624(programlisting)
26115
#: serverguide/C/dns.xml:633(programlisting)
26029
26119
"web IN CNAME www\n"
26032
#: serverguide/C/dns.xml:629(para)
26122
#: serverguide/C/dns.xml:638(para)
26034
26124
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26035
26125
"to. Must point to an A record, not a CNAME."
26038
#: serverguide/C/dns.xml:632(programlisting)
26128
#: serverguide/C/dns.xml:641(programlisting)
26274
26364
"Components</link> describes the components of the DM-Multipath package."
26277
#: serverguide/C/dm-multipath.xml:184(title)
26367
#: serverguide/C/dm-multipath.xml:183(title)
26278
26368
msgid "DM-Multipath Setup Overview"
26281
#: serverguide/C/dm-multipath.xml:191(para)
26371
#: serverguide/C/dm-multipath.xml:190(para)
26283
26373
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26284
26374
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26287
#: serverguide/C/dm-multipath.xml:197(para)
26377
#: serverguide/C/dm-multipath.xml:196(para)
26289
26379
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26290
26380
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26293
#: serverguide/C/dm-multipath.xml:203(para)
26383
#: serverguide/C/dm-multipath.xml:202(para)
26295
26385
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26296
26386
"configuration file to modify default values and save the updated file."
26299
#: serverguide/C/dm-multipath.xml:209(para)
26389
#: serverguide/C/dm-multipath.xml:208(para)
26300
26390
msgid "Start the multipath daemon"
26303
#: serverguide/C/dm-multipath.xml:213(para)
26393
#: serverguide/C/dm-multipath.xml:212(para)
26304
26394
msgid "Update initial ramdisk"
26307
#: serverguide/C/dm-multipath.xml:186(para)
26397
#: serverguide/C/dm-multipath.xml:185(para)
26309
26399
"DM-Multipath includes compiled-in default settings that are suitable for "
26310
26400
"common multipath configurations. Setting up DM-multipath is often a simple "
26414
#: serverguide/C/dm-multipath.xml:313(para)
26504
#: serverguide/C/dm-multipath.xml:312(para)
26415
26505
msgid "Set up all of the multipath devices on one machine."
26418
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26508
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26420
26510
"Disable all of your multipath devices on your other machines by running the "
26421
26511
"following commands:"
26424
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26514
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26427
26517
"# service multipath-tools stop\n"
26428
26518
"# multipath -F\n"
26431
#: serverguide/C/dm-multipath.xml:326(para)
26521
#: serverguide/C/dm-multipath.xml:325(para)
26433
26523
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26434
26524
"machine to all the other machines in the cluster."
26437
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26527
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26439
26529
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26440
26530
"running the following command:"
26443
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26533
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26445
26535
msgid "# service multipath-tools start"
26448
#: serverguide/C/dm-multipath.xml:339(para)
26538
#: serverguide/C/dm-multipath.xml:338(para)
26449
26539
msgid "If you add a new device, you will need to repeat this process."
26452
#: serverguide/C/dm-multipath.xml:342(para)
26542
#: serverguide/C/dm-multipath.xml:341(para)
26454
26544
"Similarly, if you configure an alias for a device that you would like to be "
26455
26545
"consistent across the nodes in the cluster, you should ensure that the "
26538
26628
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26541
#: serverguide/C/dm-multipath.xml:436(title)
26631
#: serverguide/C/dm-multipath.xml:435(title)
26542
26632
msgid "Setting up DM-Multipath Overview"
26545
#: serverguide/C/dm-multipath.xml:438(para)
26635
#: serverguide/C/dm-multipath.xml:437(para)
26547
26637
"This section provides step-by-step example procedures for configuring DM-"
26548
26638
"Multipath. It includes the following procedures:"
26551
#: serverguide/C/dm-multipath.xml:443(para)
26641
#: serverguide/C/dm-multipath.xml:442(para)
26552
26642
msgid "Basic DM-Multipath setup"
26555
#: serverguide/C/dm-multipath.xml:447(para)
26645
#: serverguide/C/dm-multipath.xml:446(para)
26556
26646
msgid "Ignoring local disks"
26559
#: serverguide/C/dm-multipath.xml:451(para)
26649
#: serverguide/C/dm-multipath.xml:450(para)
26560
26650
msgid "Adding more devices to the configuration file"
26563
#: serverguide/C/dm-multipath.xml:456(title)
26653
#: serverguide/C/dm-multipath.xml:455(title)
26564
26654
msgid "Setting Up DM-Multipath"
26567
#: serverguide/C/dm-multipath.xml:458(para)
26657
#: serverguide/C/dm-multipath.xml:457(para)
26569
26659
"Before setting up DM-Multipath on your system, ensure that your system has "
26570
26660
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26854
26944
"can leave them commented out, as they are in the initial file."
26857
#: serverguide/C/dm-multipath.xml:724(para)
26947
#: serverguide/C/dm-multipath.xml:723(para)
26858
26948
msgid "The configuration file allows regular expression description syntax."
26861
#: serverguide/C/dm-multipath.xml:727(para)
26951
#: serverguide/C/dm-multipath.xml:726(para)
26863
26953
"An annotated version of the configuration file can be found in "
26864
26954
"<filename><filename>/usr/share/doc/multipath-"
26865
26955
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26868
#: serverguide/C/dm-multipath.xml:731(title)
26958
#: serverguide/C/dm-multipath.xml:730(title)
26869
26959
msgid "Configuration File Overview"
26872
#: serverguide/C/dm-multipath.xml:733(para)
26962
#: serverguide/C/dm-multipath.xml:732(para)
26874
26964
"The multipath configuration file is divided into the following sections:"
26877
#: serverguide/C/dm-multipath.xml:738(emphasis)
26967
#: serverguide/C/dm-multipath.xml:737(emphasis)
26878
26968
msgid "blacklist"
26881
#: serverguide/C/dm-multipath.xml:741(para)
26971
#: serverguide/C/dm-multipath.xml:740(para)
26883
26973
"Listing of specific devices that will not be considered for multipath."
26886
#: serverguide/C/dm-multipath.xml:747(emphasis)
26976
#: serverguide/C/dm-multipath.xml:746(emphasis)
26887
26977
msgid "blacklist_exceptions"
26890
#: serverguide/C/dm-multipath.xml:750(para)
26980
#: serverguide/C/dm-multipath.xml:749(para)
26892
26982
"Listing of multipath candidates that would otherwise be blacklisted "
26893
26983
"according to the parameters of the blacklist section."
26896
#: serverguide/C/dm-multipath.xml:757(emphasis)
26986
#: serverguide/C/dm-multipath.xml:756(emphasis)
26897
26987
msgid "defaults"
26900
#: serverguide/C/dm-multipath.xml:760(para)
26990
#: serverguide/C/dm-multipath.xml:759(para)
26901
26991
msgid "General default settings for DM-Multipath."
26904
#: serverguide/C/dm-multipath.xml:768(para)
26994
#: serverguide/C/dm-multipath.xml:767(para)
26906
26996
"Settings for the characteristics of individual multipath devices. These "
26907
26997
"values overwrite what is specified in the <emphasis "
26925
#: serverguide/C/dm-multipath.xml:789(para)
27015
#: serverguide/C/dm-multipath.xml:788(para)
26927
27017
"When the system determines the attributes of a multipath device, first it "
26928
27018
"checks the multipath settings, then the per devices settings, then the "
26929
27019
"multipath system defaults."
26932
#: serverguide/C/dm-multipath.xml:795(title)
27022
#: serverguide/C/dm-multipath.xml:794(title)
26933
27023
msgid "Configuration File Blacklist"
26936
#: serverguide/C/dm-multipath.xml:797(para)
27026
#: serverguide/C/dm-multipath.xml:796(para)
26938
27028
"The blacklist section of the multipath configuration file specifies the "
26939
27029
"devices that will not be used when the system configures multipath devices. "
26940
27030
"Devices that are blacklisted will not be grouped into a multipath device."
26943
#: serverguide/C/dm-multipath.xml:804(para)
27033
#: serverguide/C/dm-multipath.xml:803(para)
26945
27035
"If you do need to blacklist devices, you can do so according to the "
26946
27036
"following criteria:"
26949
#: serverguide/C/dm-multipath.xml:809(para)
27039
#: serverguide/C/dm-multipath.xml:808(para)
26951
27041
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
26952
27042
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
26955
#: serverguide/C/dm-multipath.xml:815(para)
27045
#: serverguide/C/dm-multipath.xml:814(para)
26957
27047
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
26958
27048
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
26961
#: serverguide/C/dm-multipath.xml:821(para)
27051
#: serverguide/C/dm-multipath.xml:820(para)
26963
27053
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
26964
27054
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
26967
#: serverguide/C/dm-multipath.xml:827(para)
27057
#: serverguide/C/dm-multipath.xml:826(para)
26969
27059
"By default, a variety of device types are blacklisted, even after you "
26970
27060
"comment out the initial blacklist section of the configuration file. For "
27425
27515
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27428
#: serverguide/C/dm-multipath.xml:1326(screen)
27518
#: serverguide/C/dm-multipath.xml:1325(screen)
27430
27520
msgid "# echo 'show config' | multipathd -k"
27433
#: serverguide/C/dm-multipath.xml:1331(title)
27523
#: serverguide/C/dm-multipath.xml:1330(title)
27434
27524
msgid "DM-Multipath Administration and Troubleshooting"
27437
#: serverguide/C/dm-multipath.xml:1334(title)
27527
#: serverguide/C/dm-multipath.xml:1333(title)
27438
27528
msgid "Resizing an Online Multipath Device"
27441
#: serverguide/C/dm-multipath.xml:1336(para)
27531
#: serverguide/C/dm-multipath.xml:1335(para)
27443
27533
"If you need to resize an online multipath device, use the following procedure"
27446
#: serverguide/C/dm-multipath.xml:1341(para)
27536
#: serverguide/C/dm-multipath.xml:1340(para)
27447
27537
msgid "Resize your physical device. This is storage platform specific."
27450
#: serverguide/C/dm-multipath.xml:1346(para)
27540
#: serverguide/C/dm-multipath.xml:1345(para)
27451
27541
msgid "Use the following command to find the paths to the LUN:"
27454
#: serverguide/C/dm-multipath.xml:1348(screen)
27544
#: serverguide/C/dm-multipath.xml:1347(screen)
27456
27546
msgid "# multipath -l"
27459
#: serverguide/C/dm-multipath.xml:1352(para)
27549
#: serverguide/C/dm-multipath.xml:1351(para)
27461
27551
"Resize your paths. For SCSI devices, writing 1 to the "
27462
27552
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27463
27553
"rescan, as in the following command:"
27466
#: serverguide/C/dm-multipath.xml:1356(screen)
27556
#: serverguide/C/dm-multipath.xml:1355(screen)
27468
27558
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27471
#: serverguide/C/dm-multipath.xml:1360(para)
27561
#: serverguide/C/dm-multipath.xml:1359(para)
27473
27563
"Resize your multipath device by running the multipathd resize command:"
27476
#: serverguide/C/dm-multipath.xml:1363(screen)
27566
#: serverguide/C/dm-multipath.xml:1362(screen)
27478
27568
msgid "# multipathd -k 'resize map mpatha'"
27481
#: serverguide/C/dm-multipath.xml:1367(para)
27571
#: serverguide/C/dm-multipath.xml:1366(para)
27482
27572
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27485
#: serverguide/C/dm-multipath.xml:1370(screen)
27575
#: serverguide/C/dm-multipath.xml:1369(screen)
27487
27577
msgid "# resize2fs /dev/mapper/mpatha"
27490
#: serverguide/C/dm-multipath.xml:1376(title)
27580
#: serverguide/C/dm-multipath.xml:1375(title)
27492
27582
"Moving root File Systems from a Single Path Device to a Multipath Device"
27495
#: serverguide/C/dm-multipath.xml:1379(para)
27585
#: serverguide/C/dm-multipath.xml:1378(para)
27497
27587
"This is dramatically simplified by the use of UUIDs to identify devices as "
27498
27588
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27779
#: serverguide/C/dm-multipath.xml:1614(title)
27869
#: serverguide/C/dm-multipath.xml:1613(title)
27780
27870
msgid "Useful multipath Command Options"
27783
#: serverguide/C/dm-multipath.xml:1623(entry)
27873
#: serverguide/C/dm-multipath.xml:1622(entry)
27784
27874
msgid "Option"
27787
#: serverguide/C/dm-multipath.xml:1630(emphasis)
27877
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27791
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
27881
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27792
27882
msgid "sysfs"
27795
#: serverguide/C/dm-multipath.xml:1631(entry)
27885
#: serverguide/C/dm-multipath.xml:1630(entry)
27797
27887
"Display the current multipath configuration gathered from <placeholder-1/> "
27798
27888
"and the device mapper."
27801
#: serverguide/C/dm-multipath.xml:1637(emphasis)
27891
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27805
#: serverguide/C/dm-multipath.xml:1638(entry)
27895
#: serverguide/C/dm-multipath.xml:1637(entry)
27807
27897
"Display the current multipath configuration gathered from <placeholder-1/>, "
27808
27898
"the device mapper, and all other available components on the system."
27811
#: serverguide/C/dm-multipath.xml:1644(emphasis)
27901
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27812
27902
msgid "-f device"
27815
#: serverguide/C/dm-multipath.xml:1645(entry)
27905
#: serverguide/C/dm-multipath.xml:1644(entry)
27816
27906
msgid "Remove the named multipath device."
27819
#: serverguide/C/dm-multipath.xml:1649(emphasis)
27909
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27823
#: serverguide/C/dm-multipath.xml:1650(entry)
27913
#: serverguide/C/dm-multipath.xml:1649(entry)
27824
27914
msgid "Remove all unused multipath devices."
27827
#: serverguide/C/dm-multipath.xml:1658(title)
27917
#: serverguide/C/dm-multipath.xml:1657(title)
27828
27918
msgid "Determining Device Mapper Entries with dmsetup Command"
27831
#: serverguide/C/dm-multipath.xml:1660(para)
27921
#: serverguide/C/dm-multipath.xml:1659(para)
27833
27923
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27834
27924
"out which device mapper entries match the <emphasis "
27835
27925
"role=\"bold\">multipathed</emphasis> devices."
27838
#: serverguide/C/dm-multipath.xml:1664(para)
27928
#: serverguide/C/dm-multipath.xml:1663(para)
27840
27930
"The following command displays all the device mapper devices and their major "
27841
27931
"and minor numbers. The minor numbers determine the name of the dm device. "
28021
28111
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
28024
#: serverguide/C/databases.xml:87(programlisting)
28114
#: serverguide/C/databases.xml:80(programlisting)
28028
28118
"bind-address = 192.168.0.5\n"
28031
#: serverguide/C/databases.xml:91(para)
28121
#: serverguide/C/databases.xml:84(para)
28032
28122
msgid "Replace 192.168.0.5 with the appropriate address."
28035
#: serverguide/C/databases.xml:95(para)
28125
#: serverguide/C/databases.xml:88(para)
28037
28127
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28038
28128
"daemon will need to be restarted:"
28041
#: serverguide/C/databases.xml:102(para)
28131
#: serverguide/C/databases.xml:95(para)
28043
28133
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28044
28134
"a terminal enter:"
28047
#: serverguide/C/databases.xml:107(command)
28137
#: serverguide/C/databases.xml:100(command)
28048
28138
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28051
#: serverguide/C/databases.xml:109(para)
28141
#: serverguide/C/databases.xml:102(para)
28053
28143
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28057
#: serverguide/C/databases.xml:114(title)
28147
#: serverguide/C/databases.xml:107(title)
28058
28148
msgid "Database Engines"
28061
#: serverguide/C/databases.xml:115(para)
28151
#: serverguide/C/databases.xml:108(para)
28063
28153
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28064
28154
"perfectly functional and performs well there are things you may wish to "
28065
28155
"consider before you proceed."
28068
#: serverguide/C/databases.xml:119(para)
28158
#: serverguide/C/databases.xml:112(para)
28070
28160
"MySQL is designed to allow data to be stored in different ways. These "
28071
28161
"methods are referred to as either database or storage engines. There are two "
29401
29491
#: serverguide/C/backups.xml:153(para)
29403
29493
"The simplest way of executing the above backup script is to copy and paste "
29404
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29405
"from a terminal prompt:"
29494
"the contents into a file. <filename>backup.sh</filename> for example. The "
29495
"file must be made executable:"
29408
29498
#: serverguide/C/backups.xml:158(command)
29409
msgid "sudo bash backup.sh"
29410
msgstr "sudo bash backup.sh"
29499
msgid "chmod u+x backup.sh"
29412
29502
#: serverguide/C/backups.xml:160(para)
29503
msgid "Then from a terminal prompt:"
29506
#: serverguide/C/backups.xml:164(command)
29507
msgid "sudo ./backup.sh"
29510
#: serverguide/C/backups.xml:166(para)
29414
29512
"This is a great way to test the script to make sure everything works as "
29418
#: serverguide/C/backups.xml:165(title)
29516
#: serverguide/C/backups.xml:171(title)
29419
29517
msgid "Executing with cron"
29420
29518
msgstr "Execucion amb cron"
29422
#: serverguide/C/backups.xml:166(para)
29520
#: serverguide/C/backups.xml:172(para)
29424
29522
"The <application>cron</application> utility can be used to automate the "
29425
29523
"script execution. The <application>cron</application> daemon allows the "
29426
29524
"execution of scripts, or commands, at a specified time and date."
29429
#: serverguide/C/backups.xml:170(para)
29527
#: serverguide/C/backups.xml:176(para)
29431
29529
"<application>cron</application> is configured through entries in a "
29432
29530
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29433
29531
"separated into fields:"
29436
#: serverguide/C/backups.xml:174(programlisting)
29534
#: serverguide/C/backups.xml:180(programlisting)
29440
29538
"# m h dom mon dow command\n"
29443
#: serverguide/C/backups.xml:179(para)
29541
#: serverguide/C/backups.xml:185(para)
29445
29543
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29448
#: serverguide/C/backups.xml:184(para)
29546
#: serverguide/C/backups.xml:190(para)
29450
29548
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29453
#: serverguide/C/backups.xml:189(para)
29551
#: serverguide/C/backups.xml:195(para)
29454
29552
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29457
#: serverguide/C/backups.xml:194(para)
29555
#: serverguide/C/backups.xml:200(para)
29459
29557
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29463
#: serverguide/C/backups.xml:199(para)
29561
#: serverguide/C/backups.xml:205(para)
29465
29563
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29466
29564
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29470
#: serverguide/C/backups.xml:204(para)
29568
#: serverguide/C/backups.xml:210(para)
29471
29569
msgid "<emphasis>command:</emphasis> the command to execute."
29474
#: serverguide/C/backups.xml:209(para)
29572
#: serverguide/C/backups.xml:215(para)
29476
29574
"To add or change entries in a <filename>crontab</filename> file the "
29477
29575
"<application>crontab -e</application> command should be used. Also, the "
29524
29622
"simply change the script path appropriately."
29527
#: serverguide/C/backups.xml:242(para)
29625
#: serverguide/C/backups.xml:248(para)
29529
29627
"For more in-depth <application>crontab</application> options see <xref "
29530
29628
"linkend=\"backup-shellscript-references\"/>."
29533
#: serverguide/C/backups.xml:248(title)
29631
#: serverguide/C/backups.xml:254(title)
29534
29632
msgid "Restoring from the Archive"
29537
#: serverguide/C/backups.xml:249(para)
29635
#: serverguide/C/backups.xml:255(para)
29539
29637
"Once an archive has been created it is important to test the archive. The "
29540
29638
"archive can be tested by listing the files it contains, but the best test is "
29541
29639
"to <emphasis>restore</emphasis> a file from the archive."
29544
#: serverguide/C/backups.xml:255(para)
29642
#: serverguide/C/backups.xml:261(para)
29546
29644
"To see a listing of the archive contents. From a terminal prompt type:"
29549
#: serverguide/C/backups.xml:259(command)
29647
#: serverguide/C/backups.xml:265(command)
29550
29648
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29551
29649
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
29553
#: serverguide/C/backups.xml:263(para)
29651
#: serverguide/C/backups.xml:269(para)
29554
29652
msgid "To restore a file from the archive to a different directory enter:"
29557
#: serverguide/C/backups.xml:267(command)
29655
#: serverguide/C/backups.xml:273(command)
29558
29656
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29559
29657
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29561
#: serverguide/C/backups.xml:269(para)
29659
#: serverguide/C/backups.xml:275(para)
29563
29661
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29564
29662
"redirects the extracted files to the specified directory. The above example "
29567
29665
"recreates the directory structure that it contains."
29570
#: serverguide/C/backups.xml:274(para)
29668
#: serverguide/C/backups.xml:280(para)
29572
29670
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29573
29671
"the file to restore."
29576
#: serverguide/C/backups.xml:279(para)
29674
#: serverguide/C/backups.xml:285(para)
29577
29675
msgid "To restore all files in the archive enter the following:"
29580
#: serverguide/C/backups.xml:283(command)
29678
#: serverguide/C/backups.xml:289(command)
29582
29680
msgstr "cd /"
29584
#: serverguide/C/backups.xml:284(command)
29682
#: serverguide/C/backups.xml:290(command)
29585
29683
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29586
29684
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29588
#: serverguide/C/backups.xml:289(para)
29686
#: serverguide/C/backups.xml:295(para)
29589
29687
msgid "This will overwrite the files currently on the file system."
29592
#: serverguide/C/backups.xml:298(para)
29690
#: serverguide/C/backups.xml:304(para)
29594
29692
"For more information on shell scripting see the <ulink "
29595
29693
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29598
#: serverguide/C/backups.xml:303(para)
29696
#: serverguide/C/backups.xml:309(para)
29600
29698
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29601
29699
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29602
29700
"great resource for shell scripting."
29605
#: serverguide/C/backups.xml:309(para)
29703
#: serverguide/C/backups.xml:315(para)
29607
29705
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29608
29706
"Wiki Page</ulink> contains details on advanced "
29609
29707
"<application>cron</application> options."
29612
#: serverguide/C/backups.xml:316(para)
29710
#: serverguide/C/backups.xml:322(para)
29614
29712
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29615
29713
"tar Manual</ulink> for more <application>tar</application> options."
29618
#: serverguide/C/backups.xml:322(para)
29716
#: serverguide/C/backups.xml:328(para)
29620
29718
"The Wikipedia <ulink "
29621
29719
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29622
29720
"Scheme</ulink> article contains information on other backup rotation schemes."
29625
#: serverguide/C/backups.xml:328(para)
29723
#: serverguide/C/backups.xml:334(para)
29627
29725
"The shell script uses <application>tar</application> to create the archive, "
29628
29726
"but there many other command line utilities that can be used. For example:"
29631
#: serverguide/C/backups.xml:334(para)
29729
#: serverguide/C/backups.xml:340(para)
29633
29731
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29634
29732
"files to and from archives."
29637
#: serverguide/C/backups.xml:339(para)
29735
#: serverguide/C/backups.xml:345(para)
29639
29737
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29640
29738
"the <application>coreutils</application> package. A low level utility that "
29641
29739
"can copy data from one format to another."
29644
#: serverguide/C/backups.xml:345(para)
29742
#: serverguide/C/backups.xml:351(para)
29646
29744
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29647
29745
"snapshot utility used to create copies of an entire file system."
29650
#: serverguide/C/backups.xml:351(para)
29748
#: serverguide/C/backups.xml:357(para)
29652
29750
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29653
29751
"flexible utility used to create incremental copies of files."
29656
#: serverguide/C/backups.xml:362(title)
29754
#: serverguide/C/backups.xml:368(title)
29657
29755
msgid "Archive Rotation"
29660
#: serverguide/C/backups.xml:363(para)
29758
#: serverguide/C/backups.xml:369(para)
29662
29760
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29663
29761
"seven different archives. For a server whose data doesn't change often, this "
29665
29763
"rotation scheme should be used."
29668
#: serverguide/C/backups.xml:369(title)
29766
#: serverguide/C/backups.xml:375(title)
29669
29767
msgid "Rotating NFS Archives"
29672
#: serverguide/C/backups.xml:370(para)
29770
#: serverguide/C/backups.xml:376(para)
29674
29772
"In this section, the shell script will be slightly modified to implement a "
29675
29773
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29678
#: serverguide/C/backups.xml:376(para)
29776
#: serverguide/C/backups.xml:382(para)
29680
29778
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29684
#: serverguide/C/backups.xml:381(para)
29782
#: serverguide/C/backups.xml:387(para)
29686
29784
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29687
29785
"weekly backups a month."
29690
#: serverguide/C/backups.xml:386(para)
29788
#: serverguide/C/backups.xml:392(para)
29692
29790
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29693
29791
"rotating two monthly backups based on if the month is odd or even."
29696
#: serverguide/C/backups.xml:392(para)
29794
#: serverguide/C/backups.xml:398(para)
29697
29795
msgid "Here is the new script:"
29700
#: serverguide/C/backups.xml:395(programlisting)
29798
#: serverguide/C/backups.xml:401(programlisting)
29886
29984
"network wide solution."
29889
#: serverguide/C/backups.xml:546(para)
29987
#: serverguide/C/backups.xml:552(para)
29891
29989
"<application>Bacula</application> is made up of several components and "
29892
29990
"services used to manage which files to backup and backup locations:"
29895
#: serverguide/C/backups.xml:551(para)
29993
#: serverguide/C/backups.xml:557(para)
29897
29995
"<application>Bacula Director:</application> a service that controls all "
29898
29996
"backup, restore, verify, and archive operations."
29901
#: serverguide/C/backups.xml:556(para)
29999
#: serverguide/C/backups.xml:562(para)
29903
30001
"<application>Bacula Console:</application> an application allowing "
29904
30002
"communication with the Director. There are three versions of the Console:"
29907
#: serverguide/C/backups.xml:561(para)
30005
#: serverguide/C/backups.xml:567(para)
29908
30006
msgid "Text based command line version."
29911
#: serverguide/C/backups.xml:562(para)
30009
#: serverguide/C/backups.xml:568(para)
29912
30010
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
29913
30011
msgstr "Version grafica GTK+ (Gnome)."
29915
#: serverguide/C/backups.xml:563(para)
30013
#: serverguide/C/backups.xml:569(para)
29916
30014
msgid "wxWidgets GUI interface."
29917
30015
msgstr "Version grafica wxWidgets."
29919
#: serverguide/C/backups.xml:567(para)
30017
#: serverguide/C/backups.xml:573(para)
29921
30019
"<application>Bacula File:</application> also known as the "
29922
30020
"<application>Bacula Client</application> program. This application is "
29938
30036
"different databases MySQL, PostgreSQL, and SQLite."
29941
#: serverguide/C/backups.xml:584(para)
30039
#: serverguide/C/backups.xml:590(para)
29943
30041
"<application>Bacula Monitor:</application> allows the monitoring of the "
29944
30042
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
29945
30043
"available as a GTK+ GUI application."
29948
#: serverguide/C/backups.xml:590(para)
30046
#: serverguide/C/backups.xml:596(para)
29950
30048
"These services and applications can be run on multiple servers and clients, "
29951
30049
"or they can be installed on one machine if backing up a single disk or "
29955
#: serverguide/C/backups.xml:598(para)
30053
#: serverguide/C/backups.xml:604(para)
29957
30055
"If using MySQL or PostgreSQL as your database, you should already have the "
29958
30056
"services available. <application>Bacula</application> will not install them "
29962
#: serverguide/C/backups.xml:603(para)
30060
#: serverguide/C/backups.xml:609(para)
29964
30062
"There are multiple packages containing the different "
29965
30063
"<application>Bacula</application> components. To install Bacula, from a "
29966
30064
"terminal prompt enter:"
29969
#: serverguide/C/backups.xml:608(command)
30067
#: serverguide/C/backups.xml:614(command)
29970
30068
msgid "sudo apt-get install bacula"
29971
30069
msgstr "sudo apt-get install bacula"
29973
#: serverguide/C/backups.xml:610(para)
30071
#: serverguide/C/backups.xml:616(para)
29975
30073
"By default installing the <application>bacula</application> package will use "
29976
30074
"a <application>MySQL</application> database for the Catalog. If you want to "